909 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Ivaylo Georgiev
|
78f55de2b0 |
Merge android-4.19-q.89 (c79e0f8 ) into msm-4.19
* refs/heads/tmp-c79e0f8: Revert "rtc: dt-binding: abx80x: fix resistance scale" Linux 4.19.89 appletalk: Set error code if register_snap_client failed appletalk: Fix potential NULL pointer dereference in unregister_snap_client net: qrtr: fix memort leak in qrtr_tun_write_iter KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) ASoC: rsnd: fixup MIX kctrl registration xfs: add missing error check in xfs_prepare_shift() iomap: partially revert 4721a601099 (simulated directio short read on EFAULT) splice: don't read more than available pipe space perf script: Fix invalid LBR/binary mismatch error watchdog: aspeed: Fix clock behaviour for ast2600 md/raid0: Fix an error message in raid0_make_request() ALSA: hda - Fix pending unsol events at shutdown binder: Handle start==NULL in binder_update_page_range() binder: Fix race between mmap() and binder_alloc_print_pages() vcs: prevent write access to vcsu devices thermal: Fix deadlock in thermal thermal_zone_device_check iomap: Fix pipe page leakage during splicing RDMA/qib: Validate ->show()/store() callbacks before calling them can: ucan: fix non-atomic allocation in completion handler mwifiex: update set_mac_address logic spi: atmel: Fix CS high support crypto: user - fix memory leak in crypto_report crypto: ecdh - fix big endian bug in ECC library crypto: ccp - fix uninitialized list head crypto: af_alg - cast ki_complete ternary op to int crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr KVM: x86: Grab KVM's srcu lock when setting nested state KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES KVM: x86: do not modify masked bits of shared MSRs KVM: arm/arm64: vgic: Don't rely on the wrong pending table arm64: dts: exynos: Revert "Remove unneeded address space mapping for soc node" drm/i810: Prevent underflow in ioctl drm/msm: fix memleak on release jbd2: Fix possible overflow in jbd2_log_space_left() kernfs: fix ino wrap-around detection can: slcan: Fix use-after-free Read in slcan_open tty: vt: keyboard: reject invalid keycodes CIFS: Fix SMB2 oplock break processing CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks xfrm interface: fix management of phydev xfrm interface: fix list corruption for x-netns xfrm interface: avoid corruption on changelink xfrm interface: fix memory leak on creation x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect x86/mm/32: Sync only to VMALLOC_END in vmalloc_sync_all() Input: Fix memory leak in psxpad_spi_probe coresight: etm4x: Fix input validation for sysfs. Input: goodix - add upside-down quirk for Teclast X89 tablet Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus ALSA: hda - Add mute led support for HP ProBook 645 G4 ALSA: pcm: oss: Avoid potential buffer overflows ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC fuse: verify attributes fuse: verify nlink sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision net: aquantia: fix RSS table and key sizes media: vimc: fix start stream when link is disabled ARM: dts: am335x-pdu001: Fix polarity of card detection input ARM: dts: sunxi: Fix PMU compatible strings ASoC: max9867: Fix power management clk: renesas: rcar-gen3: Set state when registering SD clocks usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler mlx4: Use snprintf instead of complicated strcpy IB/hfi1: Close VNIC sdma_progress sleep window IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state mlxsw: spectrum_router: Relax GRE decap matching check soc: renesas: r8a77990-sysc: Fix initialization order of 3DG-{A,B} sctp: frag_point sanity check clk: qcom: gcc-msm8998: Disable halt check of UFS clocks firmware: qcom: scm: fix compilation error when disabled media: stkwebcam: Bugfix for wrong return values tty: Don't block on IO when ldisc change is pending ARM: dts: sun8i: h3: Fix the system-control register range tty: serial: qcom_geni_serial: Fix softlock media: uvcvideo: Abstract streaming object lifetime nfsd: Return EPERM, not EACCES, in some SETATTR cases MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition clk: renesas: r8a77995: Correct parent clock of DU clk: renesas: r8a77990: Correct parent clock of DU powerpc/math-emu: Update macros from GCC pstore/ram: Avoid NULL deref in ftrace merging failure path net/mlx4_core: Fix return codes of unsupported operations dlm: fix invalid cluster name warning ARM: dts: realview: Fix some more duplicate regulator nodes media: cxd2880-spi: fix probe when dvb_attach fails clk: qcom: Fix MSM8998 resets clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent clk: meson: meson8b: fix the offset of vid_pll_dco's N value ARM: dts: pxa: clean up USB controller nodes mtd: fix mtd_oobavail() incoherent returned value kbuild: fix single target build for external module modpost: skip ELF local symbols during section mismatch check tcp: fix SNMP TCP timeout under-estimation tcp: fix SNMP under-estimation on failed retransmission tcp: fix off-by-one bug on aborting window-probing socket ARM: dts: realview-pbx: Fix duplicate regulator nodes ARM: dts: mmp2: fix the gpio interrupt cell number tcp: make tcp_space() aware of socket backlog kbuild: disable dtc simple_bus_reg warnings by default soc: renesas: r8a77980-sysc: Correct A3VIP[012] power domain hierarchy soc: renesas: r8a77980-sysc: Correct names of A2DP[01] power domains soc: renesas: r8a77970-sysc: Correct names of A2DP/A2CN power domains clk: mediatek: Drop more __init markings for driver probe clk: mediatek: Drop __init from mtk_clk_register_cpumuxes() tools/bpf: make libbpf _GNU_SOURCE friendly net/x25: fix null_x25_address handling net/x25: fix called/calling length calculation in x25_parse_address_block arm64: dts: meson-gxl-khadas-vim: fix GPIO lines names arm64: dts: meson-gxbb-odroidc2: fix GPIO lines names arm64: dts: meson-gxbb-nanopi-k2: fix GPIO lines names arm64: dts: meson-gxl-libretech-cc: fix GPIO lines names ARM: OMAP1/2: fix SoC name printing ASoC: au8540: use 64-bit arithmetic instead of 32-bit tools: bpftool: fix a bitfield pretty print issue bpf: btf: check name validity for various types bpf: btf: implement btf_name_valid_identifier() nfsd: fix a warning in __cld_pipe_upcall() can: xilinx: fix return type of ndo_start_xmit function ARM: debug: enable UART1 for socfpga Cyclone5 dlm: NULL check before kmem_cache_destroy is not needed ARM: dts: sun8i: v3s: Change pinctrl nodes to avoid warning ARM: dts: sun8i: a23/a33: Fix OPP DTC warnings ARM: dts: sun7i: Fix HDMI output DTC warning ARM: dts: r8a779[01]: Disable unconnected LVDS encoders ARM: dts: sun5i: a10s: Fix HDMI output DTC warning ARM: dts: sun4i: Fix HDMI output DTC warning ARM: dts: sun4i: Fix gpio-keys warning ASoC: rsnd: tidyup registering method for rsnd_kctrl_new() iommu/amd: Fix line-break in error log reporting sctp: increase sk_wmem_alloc when head->truesize is increased lockd: fix decoding of TEST results gpu: host1x: Fix syncpoint ID field size on Tegra186 clk: meson: Fix GXL HDMI PLL fractional bits width i2c: imx: don't print error message on probe defer serial: imx: fix error handling in console_setup altera-stapl: check for a null key before strcasecmp'ing it slimbus: ngd: Fix build error on x86 dma-mapping: fix return type of dma_set_max_seg_size() nvme: Free ctrl device name on init failure sparc: Correct ctx->saw_frame_pointer logic. sparc: Fix JIT fused branch convergance. f2fs: fix to allow node segment for GC by ioctl path ARM: dts: rockchip: Assign the proper GPIO clocks for rv1108 ARM: dts: rockchip: Fix the PMU interrupt number for rv1108 f2fs: change segment to section in f2fs_ioc_gc_range f2fs: fix count of seg_freed to make sec_freed correct f2fs: fix to account preflush command for noflush_merge mode ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() usb: dwc3: don't log probe deferrals; but do log other error codes usb: dwc3: debugfs: Properly print/set link state for HS selftests/powerpc: Skip test instead of failing selftests/powerpc: Allocate base registers net: qualcomm: rmnet: move null check on dev before dereferecing it dmaengine: dw-dmac: implement dma protection control setting dmaengine: coh901318: Remove unused variable dmaengine: coh901318: Fix a double-lock bug net/ipv6: re-do dad when interface has IFF_NOARP flag change ravb: Clean up duplex handling iwlwifi: fix cfg structs for 22000 with different RF modules media: cec: report Vendor ID after initialization media: pulse8-cec: return 0 when invalidating the logical address media: coda: fix memory corruption in case more than 32 instances are opened ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module rtc: dt-binding: abx80x: fix resistance scale rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' nds32: Fix the items of hwcap_str ordering issue. math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning net/smc: use after free fix in smc_wr_tx_put_slot() MIPS: OCTEON: octeon-platform: fix typing iw_cxgb4: only reconnect with MPAv1 if the peer aborts iomap: readpages doesn't zero page tail beyond EOF iomap: dio data corruption and spurious errors when pipes fill iomap: sub-block dio needs to zeroout beyond EOF iomap: FUA is wrong for DIO O_DSYNC writes into unwritten extents ice: Fix possible NULL pointer de-reference ice: Fix return value from NAPI poll net-next/hinic: fix a bug in rx data flow net-next/hinic:fix a bug in set mac address xfs: extent shifting doesn't fully invalidate page cache USB: serial: f81534: fix reading old/new IC config regulator: Fix return value of _set_load() stub sctp: count sk_wmem_alloc by skb truesize in sctp_packet_transmit clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 clk: rockchip: fix I2S1 clock gate register for rk3328 mm/vmstat.c: fix NUMA statistics updates firmware: raspberrypi: Fix firmware calls with large buffers Staging: iio: adt7316: Fix i2c data reading, set the data field pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues arm64: dts: zynqmp: Fix node names which contain "_" crypto: bcm - fix normal/non key hash algorithm failure crypto: ecc - check for invalid values in the key verification test ARM: dts: imx6: RDU2: fix eGalax touchscreen node bus: ti-sysc: Fix getting optional clocks in clock_roles drivers: soc: Allow building the amlogic drivers without ARCH_MESON scsi: zfcp: drop default switch case which might paper over missing case scsi: zfcp: update kernel message for invalid FCP_CMND length, it's not the CDB net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 MIPS: SiByte: Enable ZONE_DMA32 for LittleSur dlm: fix missing idr_destroy for recover_idr ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering clk: rockchip: fix rk3188 sclk_smc gate data virtchnl: Fix off by one error i40e: don't restart nway if autoneg not supported rtc: max77686: Fix the returned value in case of error in 'max77686_rtc_read_time()' rtc: s3c-rtc: Avoid using broken ALMYEAR register net: ethernet: ti: cpts: correct debug for expired txq skb extcon: max8997: Fix lack of path setting in USB device mode ARM: dts: exynos: Fix LDO13 min values on Odroid XU3/XU4/HC1 dlm: fix possible call to kfree() for non-initialized pointer ice: Fix NVM mask defines clk: sunxi-ng: a64: Fix gate bit of DSI DPHY net/mlx5: Release resource on error flow ARC: IOC: panic if kernel was started with previously enabled IOC netfilter: nf_tables: don't use position attribute on rule replacement audit: Embed key into chunk ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ iwlwifi: mvm: Send non offchannel traffic via AP sta iwlwifi: trans: Clear persistence bit when starting the FW iwlwifi: mvm: synchronize TID queue removal cxgb4vf: fix memleak in mac_hlist initialization serial: core: Allow processing sysrq at port unlock time i2c: core: fix use after free in of_i2c_notify net: ep93xx_eth: fix mismatch of request_mem_region in remove rsxx: add missed destroy_workqueue calls in remove selftests: kvm: fix build with glibc >= 2.30 drm/sun4i: tcon: Set min division of TCON0_DCLK to 1. ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() perf/core: Consistently fail fork on allocation failures sched/core: Avoid spurious lock dependencies Input: cyttsp4_core - fix use after free bug xfrm: release device reference for invalid state NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error audit_get_nd(): don't unlock parent too early exportfs_decode_fh(): negative pinned may become positive without the parent locked iwlwifi: pcie: don't consider IV len in A-MSDU RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN autofs: fix a leak in autofs_expire_indirect() serial: ifx6x60: add missed pm_runtime_disable serial: serial_core: Perform NULL checks for break_ctl ops serial: pl011: Fix DMA ->flush_buffer() tty: serial: msm_serial: Fix flow control tty: serial: fsl_lpuart: use the sg count from dma_map_sg usb: gadget: u_serial: add missing port entry locking lp: fix sparc64 LPSETTIMEOUT ioctl sparc64: implement ioremap_uc arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator rsi: release skb if rsi_prepare_beacon fails Conflicts: drivers/slimbus/qcom-ngd-ctrl.c drivers/usb/dwc3/core.c drivers/usb/dwc3/debugfs.c Change-Id: I099fa45df0af3334254d3949dd55efb2c7bbc522 Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Ivaylo Georgiev
|
6a2f759853 |
Merge android-4.19-q.85 (8e36d3d ) into msm-4.19
* refs/heads/tmp-8e36d3d: Documentation: devicetree: Remove unimac-mdio bindings from kernel Revert "media: dt-bindings: adv748x: Fix decimal unit addresses" Linux 4.19.85 slcan: Fix memory leak in error path memfd: Use radix_tree_deref_slot_protected to avoid the warning. net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused s390/vdso: correct vdso mapping for compat tasks media: ov2680: fix null dereference at power on IB/iser: Fix possible NULL deref at iser_inv_desc() fuse: use READ_ONCE on congestion_threshold and max_background usb: usbtmc: uninitialized symbol 'actual' in usbtmc_ioctl_clear usb: xhci-mtk: fix ISOC error when interval is zero netfilter: masquerade: don't flush all conntracks if only one address deleted on device rtc: armada38x: fix possible race condition rtc: tx4939: fixup nvmem name and register size rtc: isl1208: avoid possible sysfs race ARM: dts: lpc32xx: Fix SPI controller node names arm64: dts: lg: Fix SPI controller node names arm64: dts: amd: Fix SPI bus warnings scsi: NCR5380: Check for bus reset scsi: NCR5380: Handle BUS FREE during reselection scsi: NCR5380: Don't call dsprintk() following reselection interrupt scsi: NCR5380: Don't clear busy flag when abort fails scsi: NCR5380: Check for invalid reselection target scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE scsi: NCR5380: Have NCR5380_select() return a bool scsi: NCR5380: Clear all unissued commands on host reset iwlwifi: mvm: Allow TKIP for AP mode iwlwifi: mvm: use correct FIFO length iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN iwlwifi: pcie: gen2: build A-MSDU only for GSO iwlwifi: api: annotate compressed BA notif array sizes iwlwifi: pcie: read correct prph address for newer devices iwlwifi: fix non_shared_ant for 22000 devices iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump crypto: fix a memory leak in rsa-kcs1pad's encryption mode crypto: s5p-sss: Fix Fix argument list alignment crypto: s5p-sss: Fix race in error handling x86/hyperv: Suppress "PCI: Fatal: No config space access function found" Bluetooth: btrsi: fix bt tx timeout issue Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races firmware: dell_rbu: Make payload memory uncachable ARM: dts: realview: Fix SPI controller node names EDAC: Raise the maximum number of memory controllers RDMA: Fix dependencies for rdma_user_mmap_io f2fs: mark inode dirty explicitly in recover_inode() f2fs: fix to recover inode's project id during POR f2fs: update i_size after DIO completion PCI/ERR: Run error recovery callbacks for all affected devices net: faraday: fix return type of ndo_start_xmit function net: smsc: fix return type of ndo_start_xmit function ARM: dts: paz00: fix wakeup gpio keycode ARM: tegra: colibri_t30: fix mcp2515 can controller interrupt polarity ARM: tegra: apalis_t30: fix mcp2515 can controller interrupt polarity ARM: tegra: apalis_t30: fix mmc1 cmd pull-up ARM: dts: tegra20: restore address order ARM: dts: tegra30: fix xcvr-setup-use-fuses arm64: tegra: I2C on Tegra194 is not compatible with Tegra114 ARM: dts: imx51-zii-rdu1: Fix the rtc compatible string arm64: dts: fsl: Fix I2C and SPI bus warnings phy: lantiq: Fix compile warning f2fs: fix remount problem of option io_bits scsi: libsas: always unregister the old device if going to discover new iw_cxgb4: Use proper enumerated type in c4iw_bar2_addrs vfio/pci: Mask buggy SR-IOV VF INTx support vfio/pci: Fix potential memory leak in vfio_msi_cap_len vmbus: keep pointer to ring buffer page misc: genwqe: should return proper error value. misc: kgdbts: Fix restrict error silmbus: ngd: register controller after power up. slimbus: ngd: return proper error code instead of zero slimbus: ngd: register ngd driver only once. coresight: dynamic-replicator: Handle multiple connections coresight: tmc: Fix byte-address alignment for RRP coresight: etm4x: Configure EL2 exception level when kernel is running in HYP coresight: tmc-etr: Handle driver mode specific ETR buffers coresight: perf: Disable trace path upon source error coresight: perf: Fix per cpu path management coresight: Fix handling of sinks coresight: Use ERR_CAST instead of ERR_PTR usb: gadget: uvc: Only halt video streaming endpoint in bulk mode usb: gadget: uvc: Factor out video USB request queueing ARM: dts: imx6ull: update vdd_soc voltage for 900MHz operating point phy: phy-twl4030-usb: fix denied runtime access phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs phy: brcm-sata: allow PHY_BRCM_SATA driver to be built for DSL SoCs ARM: at91: pm: call put_device instead of of_node_put in at91_pm_config_ws gpiolib: Fix gpio_direction_* for single direction GPIOs i2c: aspeed: fix invalid clock parameters for very large divisors ARM: dts: exynos: Correct audio subsystem parent clock on Peach Chromebooks usb: gadget: uvc: configfs: Sort frame intervals upon writing usb: gadget: uvc: configfs: Prevent format changes after linking header usb: gadget: uvc: configfs: Drop leaked references to config items ARM: dts: rockchip: explicitly set vcc_sd0 pin to gpio on rk3188-radxarock media: davinci: Fix implicit enum conversion warning media: au0828: Fix incorrect error messages media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() media: imx: work around false-positive warning, again mlxsw: Make MLXSW_SP1_FWREV_MINOR a hard requirement arm64: dts: rockchip: Fix microSD in rk3399 sapphire board MIPS: kexec: Relax memory restriction EDAC: Correct DIMM capacity unit symbol x86/CPU: Change query logic so CPUID is enabled before testing x86/CPU: Use correct macros for Cyrix calls net: freescale: fix return type of ndo_start_xmit function net: micrel: fix return type of ndo_start_xmit function net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider samples/bpf: fix compilation failure PCI/ERR: Use slot reset if available PCI/AER: Don't read upstream ports below fatal errors PCI/AER: Take reference on error devices bnx2x: Ignore bandwidth attention in single function mode ARM: dts: stm32: Fix SPI controller node names ARM: dts: clearfog: fix sdhci supply property name ARM: dts: stm32: enable display on stm32mp157c-ev1 board x86/mce-inject: Reset injection struct after injection ARM: dts: marvell: Fix SPI and I2C bus warnings crypto: arm/crc32 - avoid warning when compiling with Clang cpufeature: avoid warning when compiling with clang crypto: chacha20 - Fix chacha20_block() keystream alignment (again) spi: pic32: Use proper enum in dmaengine_prep_slave_rg ARM: dts: ste: Fix SPI controller node names ARM: dts: ux500: Fix LCDA clock line muxing ARM: dts: ux500: Correct SCU unit address f2fs: fix to recover inode's uid/gid during POR f2fs: avoid infinite loop in f2fs_alloc_nid ARM: dts: ti: Fix SPI and I2C bus warnings ARM: dts: am335x-evm: fix number of cpsw PCI: portdrv: Initialize service drivers directly mlxsw: spectrum: Init shaper for TCs 8..15 brcmsmac: Use kvmalloc() for ucode allocations brcmfmac: increase buffer for obtaining firmware capabilities s390/vdso: correct CFI annotations of vDSO functions s390/vdso: avoid 64-bit vdso mapping for compat tasks s390/zcrypt: enable AP bus scan without a valid default domain usb: usbtmc: Fix ioctl USBTMC_IOCTL_ABORT_BULK_OUT usb: chipidea: Fix otg event handler usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started nfp: provide a better warning when ring allocation fails net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() net: hns3: Fix client initialize state issue when roce client initialize failed net: hns3: Clear client pointer when initialize client failed or unintialize finished net: hns3: Fix cmdq registers initialization issue for vf net: hns3: Fix for setting speed for phy failed problem net: sun: fix return type of ndo_start_xmit function net: amd: fix return type of ndo_start_xmit function net: broadcom: fix return type of ndo_start_xmit function net: xilinx: fix return type of ndo_start_xmit function net: toshiba: fix return type of ndo_start_xmit function net: marvell: fix return type of ndo_start_xmit function net: mvpp2: fix the number of queues per cpu for PPv2.2 power: supply: twl4030_charger: disable eoc interrupt on linear charge power: supply: twl4030_charger: fix charging current out-of-bounds libfdt: Ensure INT_MAX is defined in libfdt_env.h of/unittest: Fix I2C bus unit-address error OPP: Protect dev_list with opp_table lock ARM: dts: atmel: Fix I2C and SPI bus warnings RDMA/i40iw: Fix incorrect iterator type powerpc: Fix duplicate const clang warning in user access code powerpc/pseries: Disable CPU hotplug across migrations powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request powerpc/64s/hash: Fix stab_rr off by one initialization selftests/powerpc: Do not fail with reschedule powerpc/iommu: Avoid derefence before pointer check net: ibm: fix return type of ndo_start_xmit function net: cavium: fix return type of ndo_start_xmit function net: hns3: fix return type of ndo_start_xmit function ipmi: fix return value of ipmi_set_my_LUN ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address ipmi_si: fix potential integer overflow on large shift ipmi_si_pci: fix NULL device in ipmi_si error message ASoC: rt5682: Fix the boost volume at the begining of playback spi: mediatek: Don't modify spi_transfer when transfer. spi/bcm63xx-hsspi: keep pll clk enabled samples/bpf: fix a compilation failure arm64: dts: ti: k3-am65: Change #address-cells and #size-cells of interconnect to 2 tty: serial: qcom_geni_serial: Fix serial when not used as console serial: mxs-auart: Fix potential infinite loop serial: samsung: Enable baud clock for UART reset procedure in resume serial: uartps: Fix suspend functionality ARM: dts: xilinx: Fix I2C and SPI bus warnings PCI: mediatek: Fix unchecked return value net: socionext: Fix two sleep-in-atomic-context bugs in ave_rxfifo_reset() PCI/ACPI: Correct error message for ASPM disabling media: ov2680: don't register the v4l2 subdevice before checking chip ID media: vsp1: Fix YCbCr planar formats pitch calculation media: vsp1: Fix vsp1_regs.h license header s390/qeth: invoke softirqs after napi_schedule() s390/qeth: uninstall IRQ handler on device removal ath9k: Fix a locking bug in ath9k_add_interface() netfilter: nf_tables: avoid BUG_ON usage ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask arm64: dts: rockchip: Fix I2C bus unit-address error on rk3399-puma-haikou ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036 scsi: ufshcd: Fix NULL pointer dereference for in ufshcd_init ip_gre: fix parsing gre header in ipgre_err kernfs: Fix range checks in kernfs_get_target_path component: fix loop condition to call unbind() if bind() fails power: supply: max8998-charger: Fix platform data retrieval power: reset: at91-poweroff: do not procede if at91_shdwc is allocated power: supply: ab8500_fg: silence uninitialized variable warnings arm64: dts: meson: Fix erroneous SPI bus warnings blok, bfq: do not plug I/O if all queues are weight-raised block, bfq: inject other-queue I/O into seeky idle queues on NCQ flash arm64: fix for bad_mode() handler to always result in panic cxgb4: Fix endianness issue in t4_fwcache() android: binder: no outgoing transaction when thread todo has transaction ARM: dts: sun9i: Fix I2C bus warnings pinctrl: at91: don't use the same irqchip with multiple gpiochips ARM: dts: sunxi: Fix I2C bus warnings ARM: dts: socfpga: Fix I2C bus unit-address error powerpc/vdso: Correct call frame information ARM: dts: aspeed: Fix I2C bus warnings ARM: dts: bcm: Fix SPI bus warnings arm64: dts: broadcom: Fix I2C and SPI bus warnings drivers: qcom: rpmh-rsc: clear wait_for_compl after use soc: qcom: apr: Avoid string overflow soc: qcom: wcnss_ctrl: Avoid string overflow soc: qcom: geni: geni_se_clk_freq_match() should always accept multiples soc: qcom: geni: Don't ignore clk_round_rate() errors in geni_se_clk_tbl_get() ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value llc: avoid blocking in llc_sap_close() pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() arm64: dts: renesas: r8a77965: Fix clock/reset for usb2_phy1 arm64: dts: renesas: r8a77965: Fix HS-USB compatible arm64: dts: renesas: r8a77965: Attach the SYS-DMAC to the IPMMU arm64: dts: renesas: salvator-common: adv748x: Override secondary addresses ALSA: intel8x0m: Register irq handler after register initializations arm64: dts: meson-axg: use the proper compatible for ethmac arm64: dts: meson: libretech: update board model net: bcmgenet: Fix speed selection for reverse MII media: dvb: fix compat ioctl translation media: fix: media: pci: meye: validate offset to avoid arbitrary access ALSA: hda: Fix implicit definition of pci_iomap() on SH media: dt-bindings: adv748x: Fix decimal unit addresses nvmem: core: return error code instead of NULL from nvmem_device_get Drivers: hv: vmbus: Fix synic per-cpu context initialization net: aquantia: fix hw_atl_utils_fw_upload_dwords kprobes: Don't call BUG_ON() if there is a kprobe in use on free list scsi: pm80xx: Fixed system hang issue during kexec boot scsi: pm80xx: Corrected dma_unmap_sg() parameter ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() scsi: lpfc: Fix errors in log messages. scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN scsi: qla2xxx: Fix duplicate switch's Nport ID entries scsi: qla2xxx: Fix dropped srb resource. scsi: qla2xxx: Fix port speed display on chip reset scsi: qla2xxx: Check for Register disconnect scsi: qla2xxx: Increase abort timeout value scsi: qla2xxx: Fix deadlock between ATIO and HW lock scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 scsi: qla2xxx: Defer chip reset until target mode is enabled scsi: qla2xxx: Fix iIDMA error scsi: qla2xxx: Use correct qpair for ABTS/CMD f2fs: fix setattr project check upon fssetxattr ioctl f2fs: fix memory leak of percpu counter in fill_super() f2fs: fix memory leak of write_io in fill_super() signal: Properly deliver SIGSEGV from x86 uprobes signal: Properly deliver SIGILL from uprobes signal: Always ignore SIGKILL and SIGSTOP sent to the global init IB/hfi1: Missing return value in error path for user sdma RDMA/hns: Fix an error code in hns_roce_v2_init_eq_table() dmaengine: at_xdmac: remove a stray bottom half unlock ath9k: add back support for using active monitor interfaces for tx99 rtc: pl030: fix possible race condition rtc: mt6397: fix possible race condition EDAC, sb_edac: Return early on ADDRV bit and address type test dmaengine: dma-jz4780: Further residue status fix dmaengine: dma-jz4780: Don't depend on MACH_JZ4780 usb: mtu3: disable vbus rise/fall interrupts of ltssm ARM: dts: exynos: Disable pull control for PMIC IRQ line on Artik5 board arm64: dts: rockchip: Fix VCC5V0_HOST_EN on rk3399-sapphire firmware: arm_scmi: use strlcpy to ensure NULL-terminated strings sched/debug: Use symbolic names for task state constants sched/debug: Explicitly cast sched_feat() to bool failover: Fix error return code in net_failover_create f2fs: submit bio after shutdown ARM: dts: omap3-gta04: keep vpll2 always on ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot ARM: dts: omap3-gta04: fix touchscreen tsc2007 ARM: dts: omap3-gta04: tvout: enable as display1 alias ARM: dts: omap3-gta04: fixes for tvout / venc ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation ASoC: dapm: Avoid uninitialised variable warning udf: Fix crash during mount mips: txx9: fix iounmap related issue RDMA/core: Follow correct unregister order between sysfs and cgroup RDMA/core: Rate limit MAD error messages IB/ipoib: Ensure that MTU isn't less than minimum permitted IB/mlx5: Don't hold spin lock while checking device state i2c: mediatek: Use DMA safe buffers for i2c transactions ath10k: wmi: disable softirq's while calling ieee80211_rx ARM: dts: exynos: Disable pull control for S5M8767 PMIC ath10k: avoid possible memory access violation ASoC: sgtl5000: avoid division by zero if lo_vag is zero rtnetlink: move type calculation out of loop net: lan78xx: Bail out if lan78xx_get_endpoints fails f2fs: avoid wrong decrypted data from disk cfg80211: validate wmm rule when setting mac80211: fix saving a few HE values qxl: fix null-pointer crash during suspend IB/mlx5: Change TX affinity assignment in RoCE LAG mode mtd: rawnand: qcom: don't include dma-direct.h mtd: rawnand: fsl_ifc: fixup SRAM init for newer ctrl versions mtd: rawnand: fsl_ifc: check result of SRAM initialization mtd: rawnand: marvell: use regmap_update_bits() for syscon access ARM: dts: meson8b: fix the clock controller register size ARM: dts: meson8: fix the clock controller register size net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 net: phy: mscc: read 'vsc8531,vddmac' as an u32 net/mlx5: Fix atomic_mode enum values net: hns3: Change the dst mac addr of loopback packet net: hns3: Fix for loopback selftest failed problem net: hns3: Fix error of checking used vlan id net: hns3: Fix for multicast failure ASoC: rsnd: ssi: Fix issue in dma data address assignment soc: imx: gpc: fix PDN delay mt76: Fix comparisons with invalid hardware key index brcmfmac: fix wrong strnchr usage mwifex: free rx_cmd skb in suspended state mwifiex: do no submit URB in suspended state rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument ARM: dts: pxa: fix power i2c base address ARM: dts: pxa: fix the rtc controller media: ov772x: Disable clk on error path media: i2c: Fix pm_runtime_get_if_in_use() usage in sensor drivers media: vicodec: fix out-of-range values when decoding iwlwifi: mvm: avoid sending too many BARs iwlwifi: don't WARN on trying to dump dead firmware iwlwifi: drop packets with bad status in CD IB/rxe: fixes for rdma read retry IB/rxe: avoid back-to-back retries i40e: Prevent deleting MAC address from VF when set by PF i40evf: cancel workqueue sync for adminq when a VF is removed i40e: hold the rtnl lock on clearing interrupt scheme i40evf: Don't enable vlan stripping when rx offload is turned on i40e: Check and correct speed values for link on open i40evf: set IFF_UNICAST_FLT flag for the VF i40e: use correct length for strncpy i40evf: Validate the number of queues a PF sends ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks arm64: dts: stratix10: i2c clock running out of spec liquidio: fix race condition in instruction completion processing ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook ARM: dts: exynos: Fix HDMI-HPD line handling on Arndale ARM: dts: exynos: Use i2c-gpio for HDMI-DDC on Arndale MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 pinctrl: ingenic: Probe driver at subsys_initcall ASoC: AMD: Change MCLK to 48Mhz ASoC: meson: axg-fifo: report interrupt request failure ASoC: dpcm: Properly initialise hw->rate_max ASoC: dapm: Don't fail creating new DAPM control on NULL pinctrl ice: Fix and update driver version string gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated ice: Prevent control queue operations during reset ice: Update request resource command to latest specification ath10k: limit available channels via DT ieee80211-freq-limit wil6210: fix invalid memory access for rx_buff_mgmt debugfs wil6210: prevent usage of tx ring 0 for eDMA wil6210: set edma variables only for Talyn-MB devices wil6210: drop Rx multicast packets that are looped-back to STA ath9k: fix tx99 with monitor mode interface ath10k: skip resetting rx filter for WCN3990 ALSA: seq: Do error checks at creating system ports cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set extcon: cht-wc: Return from default case to avoid warnings remoteproc/davinci: Use %zx for formating size_t rtc: rv8803: fix the rv8803 id in the OF table rtc: sysfs: fix NULL check in rtc_add_groups() ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 ARM: dts: rcar: Correct SATA device sizes to 2 MiB y2038: make do_gettimeofday() and get_seconds() inline arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply soc/tegra: pmc: Fix pad voltage configuration for Tegra186 ALSA: pcm: signedness bug in snd_pcm_plug_alloc() arm64: dts: allwinner: a64: NanoPi-A64: Fix DCDC1 voltage arm64: dts: allwinner: a64: Olinuxino: fix DRAM voltage arm64: dts: allwinner: a64: Orange Pi Win: Fix SD card node soundwire: intel: Fix uninitialized adev deref soundwire: Initialize completion for defer messages clk: sunxi-ng: h6: fix PWM gate/reset offset iio: dac: mcp4922: fix error handling in mcp4922_write_raw ath10k: fix kernel panic by moving pci flush after napi_disable tee: optee: take DT status property into account iio: adc: max9611: explicitly cast gain_selectors mmc: sdhci-of-at91: fix quirk2 overwrite mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() mm: mempolicy: fix the wrong return value and potential pages leak of mbind iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros net: ethernet: dwmac-sun8i: Use the correct function in exit path ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present IB/hfi1: Use a common pad buffer for 9B and 16B packets IB/hfi1: Ensure full Gen3 speed in a Gen4 system Input: synaptics-rmi4 - destroy F54 poller workqueue when removing Input: synaptics-rmi4 - clear IRQ enables for F54 Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver Input: synaptics-rmi4 - fix video buffer size Input: ff-memless - kill timer in destroy() Btrfs: fix log context list corruption after rename exchange operation ALSA: usb-audio: Fix incorrect size check for processing/extension units ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk() ALSA: usb-audio: not submit urb for stopped endpoint ALSA: usb-audio: Fix missing error check at mixer resolution test slip: Fix memory leak in slip_open error path net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules net: gemini: add missed free_netdev ipmr: Fix skb headroom in ipmr_get_route(). ax88172a: fix information leak on short answers scsi: core: Handle drivers which set sg_tablesize to zero MIPS: BCM63XX: fix switch core reset on BCM6368 KVM: x86: introduce is_pae_paging Conflicts: drivers/hwtracing/coresight/coresight-etm-perf.c drivers/hwtracing/coresight/coresight-tmc-etr.c drivers/hwtracing/coresight/coresight-tmc.h drivers/hwtracing/coresight/coresight.c drivers/net/wireless/ath/wil6210/pcie_bus.c drivers/net/wireless/ath/wil6210/txrx.c drivers/scsi/ufs/ufshcd.c drivers/slimbus/qcom-ngd-ctrl.c include/linux/libfdt_env.h Change-Id: Iba6cbaecffd0ef9fd94503df06397ca4cce9b4fb Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Ivaylo Georgiev
|
b434e4bcd4 |
Merge android-4.19-q.84 (314ab78 ) into msm-4.19
* refs/heads/tmp-314ab78: Linux 4.19.84 kvm: x86: mmu: Recovery of shattered NX large pages kvm: Add helper function for creating VM worker threads kvm: mmu: ITLB_MULTIHIT mitigation KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active KVM: x86: add tracepoints around __direct_map and FNAME(fetch) KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON KVM: x86: remove now unneeded hugepage gfn adjustment KVM: x86: make FNAME(fetch) and __direct_map more similar kvm: mmu: Do not release the page inside mmu_set_spte() kvm: Convert kvm_lock to a mutex kvm: x86, powerpc: do not allow clearing largepages debugfs entry Documentation: Add ITLB_MULTIHIT documentation cpu/speculation: Uninline and export CPU mitigations helpers x86/cpu: Add Tremont to the cpu vulnerability whitelist x86/bugs: Add ITLB_MULTIHIT bug infrastructure x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs x86/tsx: Add config options to set tsx=on|off|auto x86/speculation/taa: Add documentation for TSX Async Abort x86/tsx: Add "auto" option to the tsx= cmdline parameter kvm/x86: Export MDS_NO=0 to guests when TSX is enabled x86/speculation/taa: Add sysfs reporting for TSX Async Abort x86/speculation/taa: Add mitigation for TSX Async Abort x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default x86/cpu: Add a helper function x86_read_arch_cap_msr() x86/msr: Add the IA32_TSX_CTRL MSR KVM: x86: use Intel speculation bugs and features as derived in generic x86 code drm/i915/cmdparser: Fix jump whitelist clearing drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/cmdparser: Ignore Length operands during command matching drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Use explicit goto for error paths drm/i915: Add gen9 BCS cmdparsing drm/i915: Allow parsing of unsized batches drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Add support for mandatory cmdparsing drm/i915: Remove Master tables from cmdparser drm/i915: Disable Secure Batches for gen6+ drm/i915: Rename gen7 cmdparser tables vsock/virtio: fix sock refcnt holding during the shutdown iio: imu: mpu6050: Fix FIFO layout for ICM20602 net: prevent load/store tearing on sk->sk_stamp netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets usbip: Fix free of unallocated memory in vhci tx cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead mm/filemap.c: don't initiate writeback if mapping has no dirty pages iio: imu: inv_mpu6050: fix no data on MPU6050 iio: imu: mpu6050: Add support for the ICM 20602 IMU blkcg: make blkcg_print_stat() print stats only for online blkgs pinctrl: cherryview: Fix irq_valid_mask calculation ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() pinctrl: intel: Avoid potential glitches if pin is in GPIO mode e1000: fix memory leaks igb: Fix constant media auto sense switching when no cable is connected net: ethernet: arc: add the missed clk_disable_unprepare NFSv4: Don't allow a cached open with a revoked delegation usb: dwc3: gadget: fix race when disabling ep with cancelled xfers hv_netvsc: Fix error handling in netvsc_attach() drm/amd/display: Passive DP->HDMI dongle detection fix drm/amdgpu: If amdgpu_ib_schedule fails return back the error. iommu/amd: Apply the same IVRS IOAPIC workaround to Acer Aspire A315-41 net: mscc: ocelot: refuse to overwrite the port's native vlan net: mscc: ocelot: fix vlan_filtering when enslaving to bridge before link is up net: hisilicon: Fix "Trying to free already-free IRQ" fjes: Handle workqueue allocation failure nvme-multipath: fix possible io hang after ctrl reconnect scsi: qla2xxx: stop timer in shutdown path RDMA/hns: Prevent memory leaks of eq->buf_list RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case usbip: tools: Fix read_usb_vudc_device() error path handling USB: ldusb: use unsigned size format specifiers USB: Skip endpoints with 0 maxpacket length perf/x86/uncore: Fix event group support perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity usb: dwc3: remove the call trace of USBx_GFLADJ usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: pci: prevent memory leak in dwc3_pci_probe usb: gadget: composite: Fix possible double free memory bug usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: fsl: Check memory resource before releasing it macsec: fix refcnt leak in module exit routine bonding: fix unexpected IFF_BONDING bit unset ipvs: move old_secure_tcp into struct netns_ipvs ipvs: don't ignore errors in case refcounting ip_vs module fails netfilter: nf_flow_table: set timeout before insertion into hashes scsi: qla2xxx: Initialized mailbox to prevent driver load failure scsi: lpfc: Honor module parameter lpfc_use_adisc net: openvswitch: free vport unless register_netdevice() succeeds RDMA/uverbs: Prevent potential underflow scsi: qla2xxx: fixup incorrect usage of host_byte net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq net/mlx5e: TX, Fix consumer index of error cqe dump RDMA/qedr: Fix reported firmware version iw_cxgb4: fix ECN check on the passive accept RDMA/mlx5: Clear old rate limit when closing QP HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() dmaengine: sprd: Fix the possible memory leak issue dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: google: add magnemite/masterball USB ids PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 usbip: Implement SG support to vhci-hcd and stub driver usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path sched/fair: Fix -Wunused-but-set-variable warnings sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices ALSA: usb-audio: Fix copy&paste error in the validator ALSA: usb-audio: remove some dead code ALSA: usb-audio: Fix possible NULL dereference at create_yamaha_midi_quirk() ALSA: usb-audio: Clean up check_input_term() ALSA: usb-audio: Remove superfluous bLength checks ALSA: usb-audio: Unify the release of usb_mixer_elem_info objects ALSA: usb-audio: Simplify parse_audio_unit() ALSA: usb-audio: More validations of descriptor units configfs: fix a deadlock in configfs_symlink() configfs: provide exclusion between IO and removals configfs: new object reprsenting tree fragments configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: stash the data we need into configfs_buffer at open time can: peak_usb: fix slab info leak can: mcba_usb: fix use-after-free on disconnect can: dev: add missing of_node_put() after calling of_get_child_by_name() can: gs_usb: gs_can_open(): prevent memory leak can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak can: peak_usb: fix a potential out-of-sync while decoding packets can: c_can: c_can_poll(): only read status register after status IRQ can: flexcan: disable completely the ECC mechanism can: usb_8dev: fix use-after-free on disconnect SMB3: Fix persistent handles reconnect x86/apic/32: Avoid bogus LDR warnings intel_th: pci: Add Jasper Lake PCH support intel_th: pci: Add Comet Lake PCH support netfilter: ipset: Fix an error code in ip_set_sockfn_get() netfilter: nf_tables: Align nft_expr private data to 64-bit ARM: sunxi: Fix CPU powerdown on A83T iio: srf04: fix wrong limitation in distance measuring iio: imu: adis16480: make sure provided frequency is positive iio: adc: stm32-adc: fix stopping dma ceph: add missing check in d_revalidate snapdir handling ceph: fix use-after-free in __ceph_remove_cap() arm64: Do not mask out PTE_RDONLY in pte_same() soundwire: bus: set initial value to port_status soundwire: depend on ACPI HID: wacom: generic: Treat serial number and related fields as unsigned drm/radeon: fix si_enable_smc_cac() failed issue perf tools: Fix time sorting tools: gpio: Use !building_out_of_srctree to determine srctree dump_stack: avoid the livelock of the dump_lock mm, vmstat: hide /proc/pagetypeinfo from normal users mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, meminit: recalculate pcpu batch and high limits after init completes mm: memcontrol: fix network errors from failing __GFP_ATOMIC charges ALSA: hda/ca0132 - Fix possible workqueue stall ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: timer: Fix incorrectly assigned timer instance net: hns: Fix the stray netpoll locks causing deadlock in NAPI path ipv6: fixes rt6_probe() and fib6_nh->last_probe init net: mscc: ocelot: fix NULL pointer on LAG slave removal net: mscc: ocelot: don't handle netdev events for other netdevs qede: fix NULL pointer deref in __qede_remove() NFC: st21nfca: fix double free nfc: netlink: fix double device reference drop NFC: fdp: fix incorrect free object net: usb: qmi_wwan: add support for DW5821e with eSIM support net: qualcomm: rmnet: Fix potential UAF when unregistering net: fix data-race in neigh_event_send() net: ethernet: octeon_mgmt: Account for second possible VLAN header ipv4: Fix table id reference in fib_sync_down_addr CDC-NCM: handle incomplete transfer of MTU bonding: fix state transition issue in link monitoring Linux 4.19.83 usb: gadget: udc: core: Fix segfault if udc_bind_to_driver() for pending driver fails arm64: dts: ti: k3-am65-main: Fix gic-its node unit-address ASoC: pcm3168a: The codec does not support S32_LE selftests/powerpc: Fix compile error on tlbie_test due to newer gcc selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table wireless: Skip directory when generating certificates net/flow_dissector: switch to siphash r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 net: dsa: fix switch tree list net: usb: lan78xx: Connect PHY before registering MAC net: bcmgenet: reset 40nm EPHY on energy detect net: phy: bcm7xxx: define soft_reset for 40nm EPHY net: bcmgenet: don't set phydev->link from MAC net: dsa: b53: Do not clear existing mirrored port mask net/mlx5e: Fix ethtool self test: link speed r8169: fix wrong PHY ID issue with RTL8168dp net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget selftests: fib_tests: add more tests for metric update ipv4: fix route update on metric change. net: add READ_ONCE() annotation in __skb_wait_for_more_packets() net: use skb_queue_empty_lockless() in busy poll contexts net: use skb_queue_empty_lockless() in poll() handlers udp: use skb_queue_empty_lockless() net: add skb_queue_empty_lockless() vxlan: check tun_info options_len properly udp: fix data-race in udp_set_dev_scratch() selftests: net: reuseport_dualstack: fix uninitalized parameter net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() net: usb: lan78xx: Disable interrupts before calling generic_handle_irq() netns: fix GFP flags in rtnl_net_notifyid() net/mlx4_core: Dynamically set guaranteed amount of counters per VF net: hisilicon: Fix ping latency when deal with high throughput net: fix sk_page_frag() recursion from memory reclaim net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum net: dsa: bcm_sf2: Fix IMP setup for port different than 8 net: annotate lockless accesses to sk->sk_napi_id net: annotate accesses to sk->sk_incoming_cpu inet: stop leaking jiffies on the wire erspan: fix the tun_info options_len check for erspan dccp: do not leak jiffies on the wire cxgb4: fix panic when attaching to ULD fail nbd: handle racing with error'ed out commands nbd: protect cmd->status with cmd->lock cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs i2c: stm32f7: remove warning when compiling with W=1 i2c: stm32f7: fix a race in slave mode with arbitration loss irq i2c: stm32f7: fix first byte to send in slave mode irqchip/gic-v3-its: Use the exact ITSList for VMOVP MIPS: bmips: mark exception vectors as char arrays of: unittest: fix memory leak in unittest_data_add ARM: 8926/1: v7m: remove register save to stack before svc tracing: Fix "gfp_t" format for synthetic events scsi: target: core: Do not overwrite CDB byte 1 drm/amdgpu: fix potential VM faults ARM: davinci: dm365: Fix McBSP dma_slave_map entry perf kmem: Fix memory leak in compact_gfp_flags() 8250-men-mcb: fix error checking when get_num_ports returns -ENODEV perf c2c: Fix memory leak in build_cl_output() ARM: dts: imx7s: Correct GPT's ipg clock source scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE scsi: sni_53c710: fix compilation error scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions scsi: qla2xxx: fix a potential NULL pointer dereference ARM: mm: fix alignment handler faults under memory pressure pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable() ARM: dts: logicpd-torpedo-som: Remove twl_keypad ASoc: rockchip: i2s: Fix RPM imbalance ASoC: wm_adsp: Don't generate kcontrols without READ flags regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized ASoC: rt5682: add NULL handler to set_jack function regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone arm64: dts: Fix gpio to pinmux mapping arm64: dts: allwinner: a64: sopine-baseboard: Add PHY regulator delay arm64: dts: allwinner: a64: pine64-plus: Add PHY regulator delay ASoC: wm8994: Do not register inapplicable controls for WM1811 regulator: of: fix suspend-min/max-voltage parsing kbuild: add -fcf-protection=none when using retpoline flags Linux 4.19.82 Revert "ALSA: hda: Flush interrupts on disabling" powerpc/powernv: Fix CPU idle to be called with IRQs disabled ALSA: usb-audio: Add DSD support for Gustard U16/X26 USB Interface ALSA: usb-audio: Update DSD support quirks for Oppo and Rotel ALSA: usb-audio: DSD auto-detection for Playback Designs ALSA: timer: Fix mutex deadlock at releasing card ALSA: timer: Simplify error path in snd_timer_open() sch_netem: fix rcu splat in netem_enqueue() net: usb: sr9800: fix uninitialized local variable bonding: fix potential NULL deref in bond_update_slave_arr NFC: pn533: fix use-after-free and memleaks rxrpc: Fix trace-after-put looking at the put peer record rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record rxrpc: Fix call ref leak llc: fix sk_buff leak in llc_conn_service() llc: fix sk_buff leak in llc_sap_state_process() batman-adv: Avoid free/alloc race when handling OGM buffer NFS: Fix an RCU lock leak in nfs4_refresh_delegation_stateid() drm/amdgpu/powerplay/vega10: allow undervolting in p7 dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle dmaengine: qcom: bam_dma: Fix resource leak rtlwifi: Fix potential overflow on P2P code arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default s390/idle: fix cpu idle time calculation s390/cmm: fix information leak in cmm_timeout_handler() nl80211: fix validation of mesh path nexthop HID: fix error message in hid_open_report() HID: Fix assumption that devices have inputs HID: i2c-hid: add Trekstor Primebook C11B to descriptor override scsi: target: cxgbit: Fix cxgbit_fw4_ack() USB: serial: whiteheat: fix line-speed endianness USB: serial: whiteheat: fix potential slab corruption usb: xhci: fix __le32/__le64 accessors in debugfs code USB: ldusb: fix control-message timeout USB: ldusb: fix ring-buffer locking usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") USB: gadget: Reject endpoints with 0 maxpacket value UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") ALSA: hda/realtek - Add support for ALC623 ALSA: hda/realtek - Fix 2 front mics of codec 0x623 ALSA: bebob: Fix prototype of helper function to return negative value fuse: truncate pending writes on O_TRUNC fuse: flush dirty data/metadata before non-truncate setattr ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() thunderbolt: Use 32-bit writes when writing ring producer/consumer USB: legousbtower: fix a signedness bug in tower_probe() nbd: verify socket is supported during setup iwlwifi: exclude GEO SAR support for 3168 ALSA: hda/realtek: Reduce the Headphone static noise on XPS 9350/9360 ARM: 8914/1: NOMMU: Fix exc_ret for XIP tracing: Initialize iter->seq after zeroing in tracing_read_pipe() s390/uaccess: avoid (false positive) compiler warnings NFSv4: Fix leak of clp->cl_acceptor string nbd: fix possible sysfs duplicate warning virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr MIPS: fw: sni: Fix out of bounds init of o32 stack MIPS: include: Mark __xchg as __always_inline iio: imu: adis16400: release allocated memory on failure drm/amdgpu: fix memory leak perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp sched/vtime: Fix guest/system mis-accounting on task switch x86/cpu: Add Comet Lake to the Intel CPU models header arm64: armv8_deprecated: Checking return value for memory allocation fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() ocfs2: clear zero in unaligned direct IO x86/xen: Return from panic notifier MIPS: include: Mark __cmpxchg as __always_inline efi/x86: Do not clean dummy variable in kexec path efi/cper: Fix endianness of PCIe class code serial: mctrl_gpio: Check for NULL pointer fs: cifs: mute -Wunused-const-variable message gpio: max77620: Use correct unit for debounce times tty: n_hdlc: fix build on SPARC tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()' arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419 nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request HID: hyperv: Use in-place iterator API in the channel callback RDMA/iwcm: Fix a lock inversion issue RDMA/hfi1: Prevent memory leak in sdma_init staging: rtl8188eu: fix null dereference when kzalloc fails perf annotate: Return appropriate error code for allocation failures perf annotate: Propagate the symbol__annotate() error return perf annotate: Fix the signedness of failure returns perf annotate: Propagate perf_env__arch() error perf tools: Propagate get_cpuid() error perf jevents: Fix period for Intel fixed counters perf script brstackinsn: Fix recovery from LBR/binary mismatch perf map: Fix overlapped map handling perf tests: Avoid raising SEGV using an obvious NULL dereference libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature iio: fix center temperature of bmc150-accel-core iio: adc: meson_saradc: Fix memory allocation order power: supply: max14656: fix potential use-after-free drm/amd/display: fix odm combine pipe reset PCI/PME: Fix possible use-after-free on remove net: dsa: mv88e6xxx: Release lock while requesting IRQ exec: load_script: Do not exec truncated interpreter path ext4: disallow files with EXT4_JOURNAL_DATA_FL from EXT4_IOC_SWAP_BOOT media: vimc: Remove unused but set variables ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume cifs: add credits from unmatched responses/messages CIFS: Respect SMB2 hdr preamble size in read responses scsi: lpfc: Correct localport timeout duration error mlxsw: spectrum: Set LAG port collector only when active arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs arm64: Add MIDR encoding for HiSilicon Taishan CPUs rtc: pcf8523: set xtal load capacitance from DT usb: handle warm-reset port requests on hub resume ALSA: usb-audio: Cleanup DSD whitelist usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete usb: dwc3: gadget: early giveback if End Transfer already completed samples: bpf: fix: seg fault with NULL pointer arg HID: steam: fix deadlock with input devices. HID: steam: fix boot loop with bluetooth firmware NFSv4: Ensure that the state manager exits the loop on SIGKILL HID: Add ASUS T100CHI keyboard dock battery quirks staging: mt7621-pinctrl: use pinconf-generic for 'dt_node_to_map' and 'dt_free_map' scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks clk: boston: unregister clks on failure in clk_boston_setup() ath10k: assign 'n_cipher_suites = 11' for WCN3990 to enable WPA3 platform/x86: Fix config space access for intel_atomisp2_pm platform/x86: Add the VLV ISP PCI ID to atomisp2_pm HID: i2c-hid: Add Odys Winbook 13 to descriptor override HID: i2c-hid: Ignore input report if there's no data present on Elan touchpanels HID: i2c-hid: Disable runtime PM for LG touchscreen netfilter: ipset: Make invalid MAC address checks consistent Btrfs: fix deadlock on tree root leaf when finding free extent PCI: Fix Switchtec DMA aliasing quirk dmesg noise bcache: fix input overflow to writeback_rate_minimum drm/msm/dpu: handle failures while initializing displays x86/cpu: Add Atom Tremont (Jacobsville) tools/power turbostat: fix goldmont C-state limit decoding usb: dwc2: fix unbalanced use of external vbus-supply HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override f2fs: fix to recover inode->i_flags of inode block during POR f2fs: fix to recover inode's i_gc_failures during POR powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages() sc16is7xx: Fix for "Unexpected interrupt: 8" scsi: lpfc: Fix a duplicate 0711 log message number. f2fs: flush quota blocks after turnning it off wil6210: fix freeing of rx buffers in EDMA mode btrfs: tracepoints: Fix wrong parameter order for qgroup events btrfs: qgroup: Always free PREALLOC META reserve in btrfs_delalloc_release_extents() Btrfs: fix memory leak due to concurrent append writes with fiemap Btrfs: fix inode cache block reserve leak on failure to allocate data space dm snapshot: rework COW throttling to fix deadlock dm snapshot: introduce account_start_copy() and account_end_copy() zram: fix race between backing_dev_show and backing_dev_store Conflicts: arch/arm64/include/asm/cputype.h drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c drivers/net/wireless/ath/wil6210/txrx_edma.c drivers/usb/dwc3/gadget.c include/linux/cpu.h kernel/cpu.c Following USB commits were reverted on importing android-4.19.57 into msm-4.19 due to BootTimeRunner failure. android-4.19-q.82 introduced new usb changes [1] that fixed the regression, hence it is safe to restore the reverts. It is done in this merge. 9c423fd89("usb: dwc3: Reset num_trbs after skipping") 385cacd95("usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup") 6edcdd0e6("usb: dwc3: gadget: remove wait_end_transfer") d7ff2e3ff("usb: dwc3: gadget: move requests to cancelled_list") bba5f9878("usb: dwc3: gadget: introduce cancelled_list") 65e1f3403("usb: dwc3: gadget: extract dwc3_gadget_ep_skip_trbs()") 56092bd50("usb: dwc3: gadget: use num_trbs when skipping TRBs on->dequeue()") 2a2b1c4dc("usb: dwc3: gadget: track number of TRBs per request") 420b1237c("usb: dwc3: gadget: combine unaligned and zero flags") 62805d319("Revert "usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup"") [1] a0608eec29("usb: dwc3: gadget: clear DWC3_EP_TRANSFER_STARTED on cmd complete") d0e8b35e91("usb: dwc3: gadget: early giveback if End Transfer already completed") Change-Id: I77c3490d2c1cf7c8233a7e797c6f217f737621a2 Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Miklos Szeredi
|
710c33adef |
fuse: verify attributes
commit eb59bd17d2fa6e5e84fba61a5ebdea984222e6d5 upstream.
If a filesystem returns negative inode sizes, future reads on the file were
causing the cpu to spin on truncate_pagecache.
Create a helper to validate the attributes. This now does two things:
- check the file mode
- check if the file size fits in i_size without overflowing
Reported-by: Arijit Banerjee <arijit@rubrik.com>
Fixes:
|
||
Miklos Szeredi
|
9f435a5e3f |
fuse: verify nlink
commit c634da718db9b2fac201df2ae1b1b095344ce5eb upstream.
When adding a new hard link, make sure that i_nlink doesn't overflow.
Fixes:
|
||
Kirill Tkhai
|
d7b412e144 |
fuse: use READ_ONCE on congestion_threshold and max_background
[ Upstream commit 2a23f2b8adbe4bd584f936f7ac17a99750eed9d7 ] Since they are of unsigned int type, it's allowed to read them unlocked during reporting to userspace. Let's underline this fact with READ_ONCE() macroses. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Miklos Szeredi
|
62e42369de |
fuse: truncate pending writes on O_TRUNC
commit e4648309b85a78f8c787457832269a8712a8673e upstream.
Make sure cached writes are not reordered around open(..., O_TRUNC), with
the obvious wrong results.
Fixes:
|
||
Miklos Szeredi
|
72c913fdde |
fuse: flush dirty data/metadata before non-truncate setattr
commit b24e7598db62386a95a3c8b9c75630c5d56fe077 upstream.
If writeback cache is enabled, then writes might get reordered with
chmod/chown/utimes. The problem with this is that performing the write in
the fuse daemon might itself change some of these attributes. In such case
the following sequence of operations will result in file ending up with the
wrong mode, for example:
int fd = open ("suid", O_WRONLY|O_CREAT|O_EXCL);
write (fd, "1", 1);
fchown (fd, 0, 0);
fchmod (fd, 04755);
close (fd);
This patch fixes this by flushing pending writes before performing
chown/chmod/utimes.
Reported-by: Giuseppe Scrivano <gscrivan@redhat.com>
Tested-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fixes:
|
||
Ivaylo Georgiev
|
63399e395a |
Merge android-4.19-q.79 (40321f2 ) into msm-4.19
* refs/heads/tmp-40321f2: Linux 4.19.79 nl80211: validate beacon head cfg80211: Use const more consistently in for_each_element macros cfg80211: add and use strongly typed element iteration macros staging: erofs: detect potential multiref due to corrupted images staging: erofs: add two missing erofs_workgroup_put for corrupted images staging: erofs: some compressed cluster should be submitted for corrupted images staging: erofs: fix an error handling in erofs_readdir() coresight: etm4x: Use explicit barriers on enable/disable vfs: Fix EOVERFLOW testing in put_compat_statfs64 arm64/speculation: Support 'mitigations=' cmdline option arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 arm64: Force SSBS on context switch arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB arm64: add sysfs vulnerability show for speculative store bypass arm64: add sysfs vulnerability show for spectre-v2 arm64: Always enable spectre-v2 vulnerability detection arm64: Advertise mitigation of Spectre-v2, or lack thereof arm64: Provide a command line to disable spectre_v2 mitigation arm64: Always enable ssb vulnerability detection arm64: enable generic CPU vulnerabilites support arm64: add sysfs vulnerability show for meltdown arm64: Add sysfs vulnerability show for spectre-v1 arm64: fix SSBS sanitization arm64: docs: Document SSBS HWCAP KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3 riscv: Avoid interrupts being erroneously enabled in handle_exception() perf stat: Reset previous counts on repeat with interval perf tools: Fix segfault in cpu_cache_level__read() tick: broadcast-hrtimer: Fix a race in bc_set_next tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() nbd: fix crash when the blksize is zero KVM: nVMX: Fix consistency check on injected exception error code KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP drm/radeon: Bail earlier when radeon.cik_/si_support=0 is passed nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs perf unwind: Fix libunwind build failure on i386 systems kernel/elfcore.c: include proper prototypes perf build: Add detection of java-11-openjdk-devel package sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr() sched/membarrier: Fix private expedited registration check sched/membarrier: Call sync_core only before usermode for same mm libnvdimm/nfit_test: Fix acpi_handle redefinition fuse: fix memleak in cuse_channel_open libnvdimm/region: Initialize bad block for volatile namespaces thermal_hwmon: Sanitize thermal_zone type thermal: Fix use-after-free when unregistering thermal zone device ntb: point to right memory window index x86/purgatory: Disable the stackleak GCC plugin for the purgatory pwm: stm32-lp: Add check in case requested period cannot be achieved pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors drm/amdgpu: Check for valid number of registers to read drm/amdgpu: Fix KFD-related kernel oops on Hawaii netfilter: nf_tables: allow lookups in dynamic sets watchdog: aspeed: Add support for AST2600 ceph: reconnect connection if session hang in opening state ceph: fix directories inode i_blkbits initialization xen/pci: reserve MCFG areas earlier 9p: avoid attaching writeback_fid on mmap with type PRIVATE 9p: Transport error uninitialized fs: nfs: Fix possible null-pointer dereferences in encode_attrs() ima: fix freeing ongoing ahash_request ima: always return negative code for error arm64: cpufeature: Detect SSBS and advertise to userspace cfg80211: initialize on-stack chandefs s390/cio: avoid calling strlen on null pointer ieee802154: atusb: fix use-after-free at disconnect xen/xenbus: fix self-deadlock after killing user process Revert "locking/pvqspinlock: Don't wait if vCPU is preempted" mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence mmc: sdhci: improve ADMA error reporting drm/i915/gvt: update vgpu workload head pointer correctly drm/nouveau/kms/nv50-: Don't create MSTMs for eDP connectors drm/msm/dsi: Fix return value check for clk_get_parent drm/omap: fix max fclk divider for omap36xx perf stat: Fix a segmentation fault when using repeat forever watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout PCI: Restore Resizable BAR size bits correctly for 1MB BARs PCI: vmd: Fix shadow offsets to reflect spec changes timer: Read jiffies once when forwarding base clk usercopy: Avoid HIGHMEM pfn warning tracing: Make sure variable reference alias has correct var_ref_idx power: supply: sbs-battery: only return health when battery present power: supply: sbs-battery: use correct flags field MIPS: Treat Loongson Extensions as ASEs crypto: ccree - use the full crypt length value crypto: ccree - account for TEE not ready to report crypto: caam - fix concurrency issue in givencrypt descriptor crypto: cavium/zip - Add missing single_release() crypto: skcipher - Unmap pages after an external error crypto: qat - Silence smp_processor_id() warning tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file can: mcp251x: mcp251x_hw_reset(): allow more time after a reset powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions powerpc/powernv/ioda: Fix race in TCE level allocation powerpc/powernv: Restrict OPAL symbol map to only be readable by root powerpc/mce: Schedule work from irq_work powerpc/mce: Fix MCE handling for huge pages ASoC: sgtl5000: Improve VAG power and mute control ASoC: Define a set of DAPM pre/post-up events PM / devfreq: tegra: Fix kHz to Hz conversion nbd: fix max number of supported devs KVM: nVMX: handle page fault in vmread fix KVM: X86: Fix userspace set invalid CR4 KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9 KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts s390/cio: exclude subchannels with no parent from pseudo check s390/topology: avoid firing events before kobjs are created KVM: s390: Test for bad access register and size at the start of S390_MEM_OP s390/process: avoid potential reading of freed stack ANDROID: cuttlefish_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON ANDROID: arm64: bpf: implement arch_bpf_jit_check_func ANDROID: bpf: validate bpf_func when BPF_JIT is enabled with CFI UPSTREAM: kcm: use BPF_PROG_RUN Conflicts: arch/arm64/include/asm/cpucaps.h arch/arm64/include/asm/sysreg.h arch/arm64/kernel/cpu_errata.c arch/arm64/kernel/cpufeature.c arch/arm64/kernel/process.c drivers/mmc/host/sdhci.c include/linux/ieee80211.h kernel/sched/core.c net/wireless/scan.c Change-Id: I57a49ff57133edeaed48cb90e2b03fa453bf1451 Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Ivaylo Georgiev
|
2857d83eee |
Merge android-4.19-q.77 (cd1eb9f ) into msm-4.19
* refs/heads/tmp-cd1eb9f: Revert "net: qrtr: Stop rx_worker before freeing node" Linux 4.19.77 drm/amd/display: Restore backlight brightness after system resume mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock md/raid0: avoid RAID0 data corruption due to layout confusion. CIFS: Fix oplock handling for SMB 2.1+ protocols CIFS: fix max ea value size i2c: riic: Clear NACK in tend isr hwrng: core - don't wait on add_early_randomness() quota: fix wrong condition in is_quota_modification() ext4: fix punch hole for inline_data file systems ext4: fix warning inside ext4_convert_unwritten_extents_endio /dev/mem: Bail out upon SIGKILL. cfg80211: Purge frame registrations on iftype change md: only call set_in_sync() when it is expected to succeed. md: don't report active array_state until after revalidate_disk() completes. md/raid6: Set R5_ReadError when there is read failure on parity disk Btrfs: fix race setting up and completing qgroup rescan workers btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space btrfs: Relinquish CPUs in btrfs_compare_trees Btrfs: fix use-after-free when using the tree modification log btrfs: fix allocation of free space cache v1 bitmap pages ovl: filter of trusted xattr results in audit ovl: Fix dereferencing possible ERR_PTR() smb3: allow disabling requesting leases block: fix null pointer dereference in blk_mq_rq_timed_out() i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask memcg, kmem: do not fail __GFP_NOFAIL charges memcg, oom: don't require __GFP_FS when invoking memcg OOM killer gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps efifb: BGRT: Improve efifb_bgrt_sanity_check regulator: Defer init completion for a while after late_initcall alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328 arm64: tlb: Ensure we execute an ISB following walk cache invalidation Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}" ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up ARM: samsung: Fix system restart on S3C6410 ASoC: Intel: Fix use of potentially uninitialized variable ASoC: Intel: Skylake: Use correct function to access iomem space ASoC: Intel: NHLT: Fix debug print format binfmt_elf: Do not move brk for INTERP-less ET_EXEC media: don't drop front-end reference count for ->detach media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table KVM: x86: Manually calculate reserved bits when loading PDPTRS KVM: x86: set ctxt->have_exception in x86_decode_insn() KVM: x86: always stop emulation on page fault parisc: Disable HP HSC-PCI Cards to prevent kernel crash fuse: fix missing unlock_page in fuse_writepage() powerpc/imc: Dont create debugfs files for cpu-less nodes scsi: implement .cleanup_rq callback blk-mq: add callback of .cleanup_rq ALSA: hda/realtek - PCI quirk for Medion E4254 ceph: use ceph_evict_inode to cleanup inode's resource Revert "ceph: use ceph_evict_inode to cleanup inode's resource" randstruct: Check member structs in is_pure_ops_struct() IB/hfi1: Define variables as unsigned long to fix KASAN warning IB/mlx5: Free mpi in mp_slave mode printk: Do not lose last line in kmsg buffer dump scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag scsi: scsi_dh_rdac: zero cdb in send_mode_select() ALSA: firewire-tascam: check intermediate state of clock status and retry ALSA: firewire-tascam: handle error code when getting current source of clock iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36 PM / devfreq: passive: fix compiler warning media: omap3isp: Set device on omap3isp subdevs btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) ALSA: hda - Drop unsol event handler for Intel HDMI codecs e1000e: add workaround for possible stalled packet libertas: Add missing sentinel at end of if_usb.c fw_table raid5: don't increment read_errors on EILSEQ return mmc: dw_mmc: Re-store SDIO IRQs mask at system resume mmc: core: Add helper function to indicate if SDIO IRQs is enabled mmc: sdhci: Fix incorrect switch to HS mode mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD raid5: don't set STRIPE_HANDLE to stripe which is in batch list ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set platform/x86: intel_pmc_core: Do not ioremap RAM x86/cpu: Add Tiger Lake to Intel family s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding kprobes: Prohibit probing on BUG() and WARN() address dmaengine: ti: edma: Do not reset reserved paRAM slots md/raid1: fail run raid1 array when active disk less than one hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' closures: fix a race on wakeup from closure_sync ACPI / PCI: fix acpi_pci_irq_enable() memory leak ACPI: custom_method: fix memory leaks ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks libtraceevent: Change users plugin directory iommu/iova: Avoid false sharing on fq_timer_on libata/ahci: Drop PCS quirk for Denverton and beyond iommu/amd: Silence warnings under memory pressure ALSA: firewire-motu: add support for MOTU 4pre nvme-multipath: fix ana log nsid lookup when nsid is not found nvmet: fix data units read and written counters in SMART log x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable() ASoC: fsl_ssi: Fix clock control issue in master mode x86/mm/pti: Do not invoke PTI functions when PTI is disabled arm64: kpti: ensure patched kernel text is fetched from PoU x86/apic/vector: Warn when vector space exhaustion breaks affinity sched/cpufreq: Align trace event behavior of fast switching ACPI / CPPC: do not require the _PSD method ASoC: es8316: fix headphone mixer volume table media: ov9650: add a sanity check perf trace beauty ioctl: Fix off-by-one error in cmd->string table media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() media: cpia2_usb: fix memory leaks media: saa7146: add cleanup in hexium_attach() media: cec-notifier: clear cec_adap in cec_notifier_unregister PM / devfreq: exynos-bus: Correct clock enable sequence PM / devfreq: passive: Use non-devm notifiers EDAC/amd64: Decode syndrome before translating address EDAC/amd64: Recognize DRAM device type ECC capability libperf: Fix alignment trap with xyarray contents in 'perf stat' media: dvb-core: fix a memory leak bug posix-cpu-timers: Sanitize bogus WARNONS media: dvb-frontends: use ida for pll number media: mceusb: fix (eliminate) TX IR signal length limit nbd: add missing config put led: triggers: Fix a memory leak bug ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK tools headers: Fixup bitsperlong per arch includes ASoC: uniphier: Fix double reset assersion when transitioning to suspend state media: hdpvr: add terminating 0 at end of string media: radio/si470x: kill urb on error ARM: dts: imx7-colibri: disable HS400 ARM: dts: imx7d: cl-som-imx7: make ethernet work again m68k: Prevent some compiler warnings in Coldfire builds net: lpc-enet: fix printk format strings media: imx: mipi csi-2: Don't fail if initial state times-out media: omap3isp: Don't set streaming state on random subdevs media: i2c: ov5645: Fix power sequence media: vsp1: fix memory leak of dl on error return path perf record: Support aarch64 random socket_id assignment dmaengine: iop-adma: use correct printk format strings media: rc: imon: Allow iMON RC protocol for ffdc 7e device media: em28xx: modules workqueue not inited for 2nd device media: fdp1: Reduce FCP not found message level to debug media: mtk-mdp: fix reference count on old device tree perf test vfs_getname: Disable ~/.perfconfig to get default output perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig media: gspca: zero usb_buf on error idle: Prevent late-arriving interrupts from disrupting offline sched/fair: Use rq_lock/unlock in online_fair_sched_group firmware: arm_scmi: Check if platform has released shmem before using efi: cper: print AER info of PCIe fatal error EDAC, pnd2: Fix ioremap() size in dnv_rd_reg() loop: Add LOOP_SET_DIRECT_IO to compat ioctl ACPI / processor: don't print errors for processorIDs == 0xff media: media/platform: fsl-viu.c: fix build for MICROBLAZE md: don't set In_sync if array is frozen md: don't call spare_active in md_reap_sync_thread if all member devices can't work md/raid1: end bio when the device faulty arm64/prefetch: fix a -Wtype-limits warning ASoC: rsnd: don't call clk_get_rate() under atomic context EDAC/altera: Use the proper type for the IRQ status bits ia64:unwind: fix double free for mod->arch.init_unw_table ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid base: soc: Export soc_device_register/unregister APIs media: iguanair: add sanity checks EDAC/mc: Fix grain_bits calculation ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() ALSA: hda - Show the fatal CORB/RIRB error more clearly x86/apic: Soft disable APIC before initializing it x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails sched/deadline: Fix bandwidth accounting at all levels after offline migration x86/apic: Make apic_pending_intr_clear() more robust sched/core: Fix CPU controller for !RT_GROUP_SCHED sched/fair: Fix imbalance due to CPU affinity time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint media: i2c: ov5640: Check for devm_gpiod_get_optional() error media: hdpvr: Add device num check and handling media: exynos4-is: fix leaked of_node references media: mtk-cir: lower de-glitch counter for rc-mm protocol media: dib0700: fix link error for dibx000_i2c_set_speed leds: leds-lp5562 allow firmware files up to the maximum length dmaengine: bcm2835: Print error in case setting DMA mask fails firmware: qcom_scm: Use proper types for dma mappings ASoC: sgtl5000: Fix charge pump source assignment ASoC: sgtl5000: Fix of unmute outputs on probe ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg ALSA: hda: Flush interrupts on disabling nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs nfc: enforce CAP_NET_RAW for raw sockets ieee802154: enforce CAP_NET_RAW for raw sockets ax25: enforce CAP_NET_RAW for raw sockets appletalk: enforce CAP_NET_RAW for raw sockets mISDN: enforce CAP_NET_RAW for raw sockets net/mlx5: Add device ID of upcoming BlueField-2 tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state net: sched: fix possible crash in tcf_action_destroy() usbnet: sanity checking of packet sizes and device mtu usbnet: ignore endpoints with invalid wMaxPacketSize skge: fix checksum byte order sch_netem: fix a divide by zero in tabledist() ppp: Fix memory leak in ppp_write openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs net_sched: add max len check for TCA_KIND net/sched: act_sample: don't push mac header on ip6gre ingress net: qrtr: Stop rx_worker before freeing node net/phy: fix DP83865 10 Mbps HDX loopback disable function macsec: drop skb sk before calling gro_cells_receive cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize arcnet: provide a buffer big enough to actually receive packets ANDROID: properly export new symbols with _GPL tag Conflicts: kernel/sched/cpufreq_schedutil.c mm/compaction.c Change-Id: I3f2cc4a1421480479b9040aa5eefe7e17437021d Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
zhengbin
|
7b4f541fcd |
fuse: fix memleak in cuse_channel_open
[ Upstream commit 9ad09b1976c562061636ff1e01bfc3a57aebe56b ]
If cuse_send_init fails, need to fuse_conn_put cc->fc.
cuse_channel_open->fuse_conn_init->refcount_set(&fc->count, 1)
->fuse_dev_alloc->fuse_conn_get
->fuse_dev_free->fuse_conn_put
Fixes:
|
||
Eric Biggers
|
5bead06b34 |
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
[ Upstream commit 76e43c8ccaa35c30d5df853013561145a0f750a5 ]
When IOCB_CMD_POLL is used on the FUSE device, aio_poll() disables IRQs
and takes kioctx::ctx_lock, then fuse_iqueue::waitq.lock.
This may have to wait for fuse_iqueue::waitq.lock to be released by one
of many places that take it with IRQs enabled. Since the IRQ handler
may take kioctx::ctx_lock, lockdep reports that a deadlock is possible.
Fix it by protecting the state of struct fuse_iqueue with a separate
spinlock, and only accessing fuse_iqueue::waitq using the versions of
the waitqueue functions which do IRQ-safe locking internally.
Reproducer:
#include <fcntl.h>
#include <stdio.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>
#include <linux/aio_abi.h>
int main()
{
char opts[128];
int fd = open("/dev/fuse", O_RDWR);
aio_context_t ctx = 0;
struct iocb cb = { .aio_lio_opcode = IOCB_CMD_POLL, .aio_fildes = fd };
struct iocb *cbp = &cb;
sprintf(opts, "fd=%d,rootmode=040000,user_id=0,group_id=0", fd);
mkdir("mnt", 0700);
mount("foo", "mnt", "fuse", 0, opts);
syscall(__NR_io_setup, 1, &ctx);
syscall(__NR_io_submit, ctx, 1, &cbp);
}
Beginning of lockdep output:
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.3.0-rc5 #9 Not tainted
-----------------------------------------------------
syz_fuse/135 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
000000003590ceda (&fiq->waitq){+.+.}, at: spin_lock include/linux/spinlock.h:338 [inline]
000000003590ceda (&fiq->waitq){+.+.}, at: aio_poll fs/aio.c:1751 [inline]
000000003590ceda (&fiq->waitq){+.+.}, at: __io_submit_one.constprop.0+0x203/0x5b0 fs/aio.c:1825
and this task is already holding:
0000000075037284 (&(&ctx->ctx_lock)->rlock){..-.}, at: spin_lock_irq include/linux/spinlock.h:363 [inline]
0000000075037284 (&(&ctx->ctx_lock)->rlock){..-.}, at: aio_poll fs/aio.c:1749 [inline]
0000000075037284 (&(&ctx->ctx_lock)->rlock){..-.}, at: __io_submit_one.constprop.0+0x1f4/0x5b0 fs/aio.c:1825
which would create a new lock dependency:
(&(&ctx->ctx_lock)->rlock){..-.} -> (&fiq->waitq){+.+.}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&(&ctx->ctx_lock)->rlock){..-.}
[...]
Reported-by: syzbot+af05535bb79520f95431@syzkaller.appspotmail.com
Reported-by: syzbot+d86c4426a01f60feddc7@syzkaller.appspotmail.com
Fixes:
|
||
Vasily Averin
|
ad41162974 |
fuse: fix missing unlock_page in fuse_writepage()
commit d5880c7a8620290a6c90ced7a0e8bd0ad9419601 upstream.
unlock_page() was missing in case of an already in-flight write against the
same page.
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Fixes:
|
||
Ivaylo Georgiev
|
e09e20aa23 |
Merge android-4.19.51 (d1f7f3b ) into msm-4.19
* refs/heads/tmp-d1f7f3b: Linux 4.19.51 ALSA: seq: Cover unsubscribe_port() in list_mutex drm/vc4: fix fb references in async update ovl: support stacked SEEK_HOLE/SEEK_DATA ovl: check the capability before cred overridden Revert "drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)" Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" percpu: do not search past bitmap when allocating an area gpio: vf610: Do not share irq_chip soc: renesas: Identify R-Car M3-W ES1.3 usb: typec: fusb302: Check vconn is off when we start toggling ARM: exynos: Fix undefined instruction during Exynos5422 resume pwm: Fix deadlock warning when removing PWM device ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: tiehrpwm: Update shadow register for disabling PWMs dmaengine: idma64: Use actual device for DMA transfers ice: Add missing case in print_link_msg for printing flow control gpio: gpio-omap: add check for off wake capable gpios PCI: xilinx: Check for __get_free_pages() failure block, bfq: increase idling for weight-raised queues video: imsttfb: fix potential NULL pointer dereferences video: hgafb: fix potential NULL pointer dereference scsi: qla2xxx: Reset the FCF_ASYNC_{SENT|ACTIVE} flags PCI: rcar: Fix 64bit MSI message address handling PCI: rcar: Fix a potential NULL pointer dereference net: hns3: return 0 and print warning when hit duplicate MAC power: supply: max14656: fix potential use-before-alloc platform/x86: intel_pmc_ipc: adding error handling ARM: OMAP2+: pm33xx-core: Do not Turn OFF CEFUSE as PPA may be using it drm/amd/display: Use plane->color_space for dpp if specified PCI: rpadlpar: Fix leaked device_node references in add/remove paths ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sll: Specify IMX6SLL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx53: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx50: Specify IMX5_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx51: Specify IMX5_CLK_IPG as "ahb" clock to SDMA soc: rockchip: Set the proper PWM for rk3288 clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher PCI: keystone: Prevent ARM32 specific code to be compiled for ARM64 platform/chrome: cros_ec_proto: check for NULL transfer function i40e: Queues are reserved despite "Invalid argument" error x86/PCI: Fix PCI IRQ routing table memory leak net: thunderbolt: Unregister ThunderboltIP protocol handler when suspending switchtec: Fix unintended mask of MRPC event iommu/arm-smmu-v3: Don't disable SMMU in kdump kernel vfio: Fix WARNING "do not call blocking ops when !TASK_RUNNING" nfsd: avoid uninitialized variable warning nfsd: allow fh_want_write to be called twice fuse: retrieve: cap requested size to negotiated max_write nvmem: sunxi_sid: Support SID on A83T and H5 nvmem: core: fix read buffer in place ALSA: hda - Register irq handler after the chip initialization netfilter: nf_flow_table: fix netdev refcnt leak netfilter: nf_flow_table: check ttl value in flow offload data path nvme-pci: shutdown on timeout during deletion nvme-pci: unquiesce admin queue on shutdown PCI: designware-ep: Use aligned ATU window for raising MSI interrupts misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test iommu/vt-d: Set intel_iommu_gfx_mapped correctly blk-mq: move cancel of requeue_work into blk_mq_release watchdog: fix compile time error of pretimeout governors watchdog: imx2_wdt: Fix set_timeout for big timeout values netfilter: nf_tables: fix base chain stat rcu_dereference usage mips: Make sure dt memory regions are valid netfilter: nf_conntrack_h323: restore boundary check correctness netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast mmc: mmci: Prevent polling for busy detection in IRQ context ovl: do not generate duplicate fsnotify events for "fake" path PCI: dwc: Free MSI IRQ page in dw_pcie_free_msi() PCI: dwc: Free MSI in dw_pcie_host_init() error path uml: fix a boot splat wrt use of cpu_all_mask configfs: fix possible use-after-free in configfs_register_group percpu: remove spurious lock dependency between percpu and sched f2fs: fix to do checksum even if inode page is uptodate f2fs: fix to do sanity check on valid block count of segment f2fs: fix to use inline space only if inline_xattr is enable f2fs: fix to avoid panic in dec_valid_block_count() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to do sanity check on free nid f2fs: fix to avoid panic in f2fs_remove_inode_page() f2fs: fix to avoid panic in f2fs_inplace_write_data() f2fs: fix to avoid panic in do_recover_data() ntp: Allow TAI-UTC offset to be set to zero mailbox: stm32-ipcc: check invalid irq pwm: meson: Use the spin-lock only to protect register modifications EDAC/mpc85xx: Prevent building as a module bpf: fix undefined behavior in narrow load handling drm/nouveau/kms/gv100-: fix spurious window immediate interlocks objtool: Don't use ignore flag for fake jumps drm/bridge: adv7511: Fix low refresh rate selection drm/nouveau/kms/gf119-gp10x: push HeadSetControlOutputResource() mthd when encoders change perf/x86/intel: Allow PEBS multi-entry in watermark mode mfd: twl6040: Fix device init errors for ACCCTL register drm/nouveau/disp/dp: respect sink limits when selecting failsafe link configuration mfd: intel-lpss: Set the device in reset state when init mfd: tps65912-spi: Add missing of table registration drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER thermal: rcar_gen3_thermal: disable interrupt in .remove kernel/sys.c: prctl: fix false positive in validate_prctl_map() mm/slab.c: fix an infinite loop in leaks_show() mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm: page_mkclean vs MADV_DONTNEED race mm/cma.c: fix the bitmap status to show failed allocation reason initramfs: free initrd memory if opening /initrd.image fails mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE hugetlbfs: on restore reserve error path retain subpool reservation mm/hmm: select mmu notifier when selecting HMM ARM: prevent tracing IPI_CPU_BACKTRACE drm/pl111: Initialize clock spinlock early ipc: prevent lockup on alloc_msg and free_msg sysctl: return -EINVAL if val violates minmax fs/fat/file.c: issue flush after the writeback of FAT rapidio: fix a NULL pointer dereference when create_workqueue() fails x86: Fix RETPOLINE_CFLAGS check BACKPORT: kheaders: Do not regenerate archive if config is not changed BACKPORT: kheaders: Move from proc to sysfs BACKPORT: Provide in-kernel headers to make extending kernel easier UPSTREAM: binder: check for overflow when alloc for security context Conflicts: arch/arm/kernel/smp.c Change-Id: I3ea68f5be5910b6ae24d16194db149c24c36da36 Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Ivaylo Georgiev
|
4bcfb79fa8 |
Merge android-4.19.50 (be7c1cb ) into msm-4.19
* refs/heads/tmp-be7c1cb: Linux 4.19.50 ethtool: check the return value of get_regs_len ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled TTY: serial_core, add ->install drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack drm: don't block fb changes for async plane updates drm/i915: Maintain consistent documentation subsection ordering drm/i915/fbc: disable framebuffer compression on GeminiLake drm/i915: Fix I915_EXEC_RING_MASK drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in drm/radeon: prefer lower reference dividers drm/amdgpu/psp: move psp version specific function pointers to early_init drm: add non-desktop quirks to Sensics and OSVR headsets. drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3) drm: add non-desktop quirk for Valve HMDs drm/msm: fix fb references in async update drm/gma500/cdv: Check vbt config bits when detecting lvds panels test_firmware: Use correct snprintf() limit genwqe: Prevent an integer overflow in the ioctl Revert "MIPS: perf: ath79: Fix perfcount IRQ assignment" MIPS: pistachio: Build uImage.gz by default MIPS: Bounds check virt_addr_valid xen-blkfront: switch kcalloc to kvcalloc for large array allocation s390/mm: fix address space detection in exception handling i2c: xiic: Add max_read_len quirk x86/insn-eval: Fix use-after-free access to LDT entry x86/power: Fix 'nosmt' vs hibernation triple fault during resume pstore/ram: Run without kernel crash dump region pstore: Set tfm to NULL on free_buf_for_compression pstore: Convert buf_lock to semaphore pstore: Remove needless lock during console writes fuse: fallocate: fix return with locked inode NFSv4.1: Fix bug only first CB_NOTIFY_LOCK is handled NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter parisc: Use implicit space register selection for loading the coherence index of I/O pdirs rcu: locking and unlocking need to always be at least barriers mtd: spinand: macronix: Fix ECC Status Read ipv6: fix EFAULT on sendto with icmpv6 and hdrincl ipv6: use READ_ONCE() for inet->hdrincl as in ipv4 Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied" pktgen: do not sleep with the thread lock held. packet: unconditionally free po->rollover net/tls: replace the sleeping lock around RX resync with a bit lock net: sfp: read eeprom in maximum 16 byte increments net: rds: fix memory leak in rds_ib_flush_mr_pool net: mvpp2: Use strscpy to handle stat strings net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit ipv6: fix the check before getting the cookie in rt6_get_cookie ipv4: not do cache for local delivery if bc_forwarding is enabled Fix memory leak in sctp_process_init ethtool: fix potential userspace buffer overflow Change-Id: Ic49494d073fe049a92a42dd95a84315b64a13c3e Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Ivaylo Georgiev
|
57d6dd49f8 |
Merge android-4.19.46 (aa07ecb ) into msm-4.19
* refs/heads/tmp-aa07ecb: Revert "x86_64: Allow breakpoints to emulate call instructions" Linux 4.19.46 fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough bpf, lru: avoid messing with eviction heuristics upon syscall lookup bpf: add map_lookup_elem_sys_only for lookups from syscall side bpf: relax inode permission check for retrieving bpf program Revert "selftests/bpf: skip verifier tests for unsupported program types" driver core: Postpone DMA tear-down until after devres release for probe failure md/raid: raid5 preserve the writeback action after the parity check Revert "Don't jump to compute_result state from check_result state" perf/x86/intel: Fix race in intel_pmu_disable_event() perf bench numa: Add define for RUSAGE_THREAD if not present ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour x86/mm/mem_encrypt: Disable all instrumentation for early SME setup sched/cpufreq: Fix kobject memleak iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() qmi_wwan: new Wistron, ZTE and D-Link devices bpf: Fix preempt_enable_no_resched() abuse power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG KVM: arm/arm64: Ensure vcpu target is unset on reset failure net: ieee802154: fix missing checks for regmap_update_bits mac80211: Fix kernel panic due to use of txq after free x86: kvm: hyper-v: deal with buggy TLB flush requests from WS2012 PCI: Fix issue with "pci=disable_acs_redir" parameter being ignored apparmorfs: fix use-after-free on symlink traversal securityfs: fix use-after-free on symlink traversal power: supply: cpcap-battery: Fix division by zero clk: sunxi-ng: nkmp: Avoid GENMASK(-1, 0) xfrm4: Fix uninitialized memory read in _decode_session4 xfrm: Honor original L3 slave device in xfrmi policy lookup esp4: add length check for UDP encapsulation xfrm: clean up xfrm protocol checks vti4: ipip tunnel deregistration fixes. xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink fuse: Add FOPEN_STREAM to use stream_open() dm mpath: always free attached_handler_name in parse_path() dm integrity: correctly calculate the size of metadata area dm delay: fix a crash when invalid device is specified dm zoned: Fix zone report handling dm cache metadata: Fix loading discard bitset PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum PCI: Factor out pcie_retrain_link() function PCI: rcar: Add the initialization of PCIe link in resume_noirq() PCI/AER: Change pci_aer_init() stub to return void PCI: Init PCIe feature bits for managed host bridge alloc PCI: Mark Atheros AR9462 to avoid bus reset PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display fbdev: sm712fb: fix support for 1024x768-16 mode fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 fbdev: sm712fb: fix brightness control on reboot, don't set SR30 fbdev/efifb: Ignore framebuffer memmap entries that lack any memory types objtool: Allow AR to be overridden with HOSTAR MIPS: perf: Fix build with CONFIG_CPU_BMIPS5000 enabled perf intel-pt: Fix sample timestamp wrt non-taken branches perf intel-pt: Fix improved sample timestamp perf intel-pt: Fix instructions sampling rate memory: tegra: Fix integer overflow on tick value calculation tracing: Fix partial reading of trace event's id file ftrace/x86_64: Emulate call function while updating in breakpoint handler x86_64: Allow breakpoints to emulate call instructions x86_64: Add gap to int3 to allow for call emulation ceph: flush dirty inodes before proceeding with remount iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 ovl: fix missing upper fs freeze protection on copy up for ioctl fuse: honor RLIMIT_FSIZE in fuse_file_fallocate fuse: fix writepages on 32bit udlfb: introduce a rendering mutex udlfb: fix sleeping inside spinlock udlfb: delete the unused parameter for dlfb_handle_damage clk: rockchip: fix wrong clock definitions for rk3328 clk: mediatek: Disable tuner_en before change PLL rate clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider clk: hi3660: Mark clk_gate_ufs_subsys as critical PNFS fallback to MDS if no deviceid found NFS4: Fix v4.0 client state corruption when mount media: imx: Clear fwnode link struct for each endpoint iteration media: imx: csi: Allow unknown nearest upstream entities media: ov6650: Fix sensor possibly not detected on probe phy: ti-pipe3: fix missing bit-wise or operator when assigning val cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() of: fix clang -Wunsequenced for be32_to_cpu() p54: drop device reference count if fails to enable device intel_th: msu: Fix single mode with IOMMU dcache: sort the freeing-without-RCU-delay mess for good. md: add mddev->pers to avoid potential NULL pointer dereference md: batch flush requests. Revert "MD: fix lock contention for flush bios" proc: prevent changes to overridden credentials brd: re-enable __GFP_HIGHMEM in brd_insert_page() stm class: Fix channel bitmap on 32-bit systems stm class: Fix channel free in stm output free path parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code parisc: Use PA_ASM_LEVEL in boot code parisc: Skip registering LED when running in QEMU parisc: Export running_on_qemu symbol for modules net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled net/mlx5: Imply MLXFW in mlx5_core vsock/virtio: Initialize core virtio vsock before registering the driver tipc: fix modprobe tipc failed after switch order of device registration vsock/virtio: free packets during the socket release tipc: switch order of device registration to fix a crash rtnetlink: always put IFLA_LINK for links with a link-netnsid ppp: deflate: Fix possible crash in deflate_init nfp: flower: add rcu locks when accessing netdev for tunnels net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions net: test nouarg before dereferencing zerocopy pointers net/mlx4_core: Change the error print to info print net: avoid weird emergency message net: Always descend into dsa/ ipv6: prevent possible fib6 leaks ipv6: fix src addr routing with the exception table Enable CONFIG_ION_SYSTEM_HEAP ANDROID: Enable LTO and CFI Revert "ANDROID: cuttlefish 4.19: enable CONFIG_CRYPTO_AES_NI_INTEL=y" Conflicts: drivers/hwtracing/stm/core.c Change-Id: I7da86200695082b7ed40c5e6290c5b3203e094dd Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Kirill Smelkov
|
ae35c325d8 |
fuse: retrieve: cap requested size to negotiated max_write
[ Upstream commit 7640682e67b33cab8628729afec8ca92b851394f ] FUSE filesystem server and kernel client negotiate during initialization phase, what should be the maximum write size the client will ever issue. Correspondingly the filesystem server then queues sys_read calls to read requests with buffer capacity large enough to carry request header + that max_write bytes. A filesystem server is free to set its max_write in anywhere in the range between [1*page, fc->max_pages*page]. In particular go-fuse[2] sets max_write by default as 64K, wheres default fc->max_pages corresponds to 128K. Libfuse also allows users to configure max_write, but by default presets it to possible maximum. If max_write is < fc->max_pages*page, and in NOTIFY_RETRIEVE handler we allow to retrieve more than max_write bytes, corresponding prepared NOTIFY_REPLY will be thrown away by fuse_dev_do_read, because the filesystem server, in full correspondence with server/client contract, will be only queuing sys_read with ~max_write buffer capacity, and fuse_dev_do_read throws away requests that cannot fit into server request buffer. In turn the filesystem server could get stuck waiting indefinitely for NOTIFY_REPLY since NOTIFY_RETRIEVE handler returned OK which is understood by clients as that NOTIFY_REPLY was queued and will be sent back. Cap requested size to negotiate max_write to avoid the problem. This aligns with the way NOTIFY_RETRIEVE handler works, which already unconditionally caps requested retrieve size to fuse_conn->max_pages. This way it should not hurt NOTIFY_RETRIEVE semantic if we return less data than was originally requested. Please see [1] for context where the problem of stuck filesystem was hit for real, how the situation was traced and for more involving patch that did not make it into the tree. [1] https://marc.info/?l=linux-fsdevel&m=155057023600853&w=2 [2] https://github.com/hanwen/go-fuse Signed-off-by: Kirill Smelkov <kirr@nexedi.com> Cc: Han-Wen Nienhuys <hanwen@google.com> Cc: Jakob Unterwurzacher <jakobunt@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Miklos Szeredi
|
a3b8b4ad6d |
fuse: fallocate: fix return with locked inode
commit 35d6fcbb7c3e296a52136347346a698a35af3fda upstream. Do the proper cleanup in case the size check fails. Tested with xfstests:generic/228 Reported-by: kbuild test robot <lkp@intel.com> Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Fixes: 0cbade024ba5 ("fuse: honor RLIMIT_FSIZE in fuse_file_fallocate") Cc: Liu Bo <bo.liu@linux.alibaba.com> Cc: <stable@vger.kernel.org> # v3.5 Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Ivaylo Georgiev
|
42a4a46f03 |
Merge android-4.19.39 (dda1dd3 ) into msm-4.19
* refs/heads/tmp-dda1dd3: Linux 4.19.39 leds: trigger: netdev: use memcpy in device_name_store leds: pca9532: fix a potential NULL pointer dereference ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK iommu/amd: Reserve exclusion range in iova-domain kconfig/[mn]conf: handle backspace (^H) key perf machine: Update kernel map address and re-order properly nvme-multipath: relax ANA state check gpio: of: Fix of_gpiochip_add() error path libata: fix using DMA buffers on stack x86/mm: Don't exceed the valid physical address space scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN ceph: fix use-after-free on symlink traversal usb: u132-hcd: fix resource leak x86/realmode: Don't leak the trampoline kernel address leds: trigger: netdev: fix refcnt leak on interface rename usb: usb251xb: fix to avoid potential NULL pointer dereference scsi: qla4xxx: fix a potential NULL pointer dereference scsi: aacraid: Insure we don't access PCIe space during AER/EEH scsi: mpt3sas: Fix kernel panic during expander reset ARM: davinci: fix build failure with allnoconfig drm/meson: Uninstall IRQ handler drm/meson: Fix invalid pointer in meson_drv_unbind() gpio: aspeed: fix a potential NULL pointer dereference drm: Fix drm_release() and device unplug net: ethernet: ti: fix possible object reference leak net: ibm: fix possible object reference leak net: xilinx: fix possible object reference leak NFS: Fix a typo in nfs_init_timeout_values() drm/tegra: hub: Fix dereference before check ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi net/sched: don't dereference a->goto_chain to read the chain index net: macb: Add null check for PCLK and HCLK staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc staging: rtl8712: uninitialized memory in read_bbreg_hdl() staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc net: ks8851: Set initial carrier state to down net: ks8851: Delay requesting IRQ until opened net: ks8851: Reassert reset pin if chip ID check fails net: ks8851: Dequeue RX packets explicitly i2c: i801: Add support for Intel Comet Lake ARM: dts: pfla02: increase phy reset duration usb: gadget: net2272: Fix net2272_dequeue() usb: gadget: net2280: Fix net2280_dequeue() usb: gadget: net2280: Fix overrun of OUT messages usb: dwc3: pci: add support for Comet Lake PCH ID KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots KVM: arm/arm64: vgic-its: Take the srcu lock when writing to guest memory KVM: arm64: Reset the PMU in preemptible context serial: ar933x_uart: Fix build failure with disabled console sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() ARM: imx51: fix a leaked reference by adding missing of_node_put s390/qeth: fix race when initializing the IP address table netfilter: ip6t_srh: fix NULL pointer dereferences netfilter: fix NETFILTER_XT_TARGET_TEE dependencies netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING netfilter: nft_set_rbtree: check for inactive element after flag mismatch staging, mt7621-pci: fix build without pci support staging: axis-fifo: add CONFIG_OF dependency xsk: fix umem memory leak on cleanup qlcnic: Avoid potential NULL pointer dereference net: stmmac: don't set own bit too early for jumbo frames ieee802154: hwsim: propagate genlmsg_reply return code net: ieee802154: fix a potential NULL pointer dereference s390: limit brk randomization to 32MB ARM: dts: bcm283x: Fix hdmi hpd gpio pull fs: prevent page refcount overflow in pipe_buf_get mm: prevent get_user_pages() from overflowing page refcount mm: add 'try_get_page()' helper function mm: make page ref count overflow check tighter and more explicit Revert "ACPICA: Clear status of GPEs before enabling them" selinux: use kernel linux/socket.h for genheaders and mdp Change-Id: I447ef70d6d79330b042f3e8117b3eb7925150a41 Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Kirill Smelkov
|
fea685000c |
fuse: Add FOPEN_STREAM to use stream_open()
commit bbd84f33652f852ce5992d65db4d020aba21f882 upstream. Starting from commit |
||
Liu Bo
|
979d2433b8 |
fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
commit 0cbade024ba501313da3b7e5dd2a188a6bc491b5 upstream.
fstests generic/228 reported this failure that fuse fallocate does not
honor what 'ulimit -f' has set.
This adds the necessary inode_newsize_ok() check.
Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
Fixes:
|
||
Miklos Szeredi
|
a452f733f9 |
fuse: fix writepages on 32bit
commit 9de5be06d0a89ca97b5ab902694d42dfd2bb77d2 upstream.
Writepage requests were cropped to i_size & 0xffffffff, which meant that
mmaped writes to any file larger than 4G might be silently discarded.
Fix by storing the file size in a properly sized variable (loff_t instead
of size_t).
Reported-by: Antonio SJ Musumeci <trapexit@spawn.link>
Fixes:
|
||
Matthew Wilcox
|
0311ff82b7 |
fs: prevent page refcount overflow in pipe_buf_get
commit 15fab63e1e57be9fdb5eec1bbc5916e9825e9acb upstream. Change pipe_buf_get() to return a bool indicating whether it succeeded in raising the refcount of the page (if the thing in the pipe is a page). This removes another mechanism for overflowing the page refcount. All callers converted to handle a failure. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Matthew Wilcox <willy@infradead.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Ivaylo Georgiev
|
9d1f53106a |
Merge android-4.19.21 (6e0411b ) into msm-4.19
* refs/heads/tmp-6e0411b: Revert "thermal: Fix locking in cooling device sysfs update cur_state" Linux 4.19.21 ath9k: dynack: check da->enabled first in sampling routines ath9k: dynack: make ewma estimation faster perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() IB/hfi1: Add limit test for RC/UC send via loopback cacheinfo: Keep the old value if of_property_read_u32 fails serial: sh-sci: Do not free irqs that have already been freed serial: 8250_pci: Make PCI class test non fatal serial: fix race between flush_to_ldisc and tty_open perf tests evsel-tp-sched: Fix bitwise operator perf/core: Don't WARN() for impossible ring-buffer sizes x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() perf/x86/intel/uncore: Add Node ID mask cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) scsi: aic94xx: fix module loading scsi: cxlflash: Prevent deadlock when adapter probe fails staging: speakup: fix tty-operation NULL derefs usb: gadget: musb: fix short isoc packets with inventra dma usb: gadget: udc: net2272: Fix bitwise and boolean operations usb: dwc3: gadget: Handle 0 xfer length for OUT EP usb: phy: am335x: fix race condition in _probe irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID futex: Handle early deadlock return correctly dmaengine: imx-dma: fix wrong callback invoke dmaengine: bcm2835: Fix abort of transactions dmaengine: bcm2835: Fix interrupt race on RT HID: debug: fix the ring buffer implementation fuse: handle zero sized retrieve correctly fuse: decrement NR_WRITEBACK_TEMP on the right page fuse: call pipe_buf_release() under pipe lock ALSA: hda/realtek - Headset microphone support for System76 darp5 ALSA: hda/realtek - Use a common helper for hp pin reference ALSA: hda/realtek - Fix lose hp_pins for disable auto mute ALSA: hda - Serialize codec registrations ALSA: usb-audio: Add support for new T+A USB DAC ALSA: compress: Fix stop handling on compressed capture streams xfs: eof trim writeback mapping as soon as it is cached net/mlx5e: FPGA, fix Innova IPsec TX offload data path performance virtio_net: Account for tx bytes and packets on sending xdp_frames skge: potential memory corruption in skge_get_regs() sctp: walk the list of asoc safely sctp: check and update stream->out_curr when allocating stream_out rxrpc: bad unlock balance in rxrpc_recvmsg Revert "net: phy: marvell: avoid pause mode on SGMII-to-Copper for 88e151x" rds: fix refcount bug in rds_sock_addref net: systemport: Fix WoL with password after deep sleep net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames net: dsa: slave: Don't propagate flag changes on down slave interfaces net: dsa: mv88e6xxx: Fix counting of ATU violations net: dsa: Fix NULL checking in dsa_slave_set_eee() net: dsa: Fix lockdep false positive splat net: dp83640: expire old TX-skb lib/test_rhashtable: Make test_insert_dup() allocate its hash table dynamically enic: fix checksum validation for IPv6 dccp: fool proof ccid_hc_[rt]x_parse_options() thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set xfs: fix inverted return from xfs_btree_sblock_verify_crc xfs: fix PAGE_MASK usage in xfs_free_file_space fs/xfs: fix f_ffree value for statfs when project quota is set xfs: delalloc -> unwritten COW fork allocation can go wrong xfs: fix transient reference count error in xfs_buf_resubmit_failed_buffers xfs: fix shared extent data corruption due to missing cow reservation xfs: fix overflow in xfs_attr3_leaf_verify xfs: Fix error code in 'xfs_ioc_getbmap()' xfs: cancel COW blocks before swapext xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat scripts/gdb: fix lx-version string output kernel/kcov.c: mark write_comp_data() as notrace exec: load_script: don't blindly truncate shebang string fs/epoll: drop ovflist branch prediction kernel/hung_task.c: force console verbose before panic proc/sysctl: fix return error for proc_doulongvec_minmax() kernel/hung_task.c: break RCU locks based on jiffies arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition HID: lenovo: Add checks to fix of_led_classdev_register thermal: generic-adc: Fix adc to temp interpolation PCI: imx: Enable MSI from downstream components kdb: Don't back trace on a cpu that didn't round up thermal: bcm2835: enable hwmon explicitly block/swim3: Fix -EBUSY error when re-opening device after unmount fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address() gdrom: fix a memory leak bug isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() zram: fix lockdep warning of free block handling mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init ocfs2: improve ocfs2 Makefile ocfs2: don't clear bh uptodate for block read arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning scripts/decode_stacktrace: only strip base path when a prefix of the path perf python: Do not force closing original perf descriptor in evlist.get_pollfd() cgroup: fix parsing empty mount option string f2fs: fix sbi->extent_list corruption issue niu: fix missing checks of niu_pci_eeprom_read um: Avoid marking pages with "changed protection" f2fs: fix use-after-free issue when accessing sbi->stat_info cifs: check ntwrk_buf_start for NULL before dereferencing it MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8 crypto: ux500 - Use proper enum in hash_set_dma_transfer crypto: ux500 - Use proper enum in cryp_set_dma_transfer seq_buf: Make seq_buf_puts() null-terminate the buffer hwmon: (lm80) fix a missing check of bus read in lm80 probe hwmon: (lm80) fix a missing check of the status of SMBus read perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz NFS: nfs_compare_mount_options always compare auth flavors. kvm: Change offset in kvm_write_guest_offset_cached to unsigned powerpc/fadump: Do not allow hot-remove memory from fadump reserved area. KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins powerpc/mm: Fix reporting of kernel execute faults on the 8xx fbdev: fbcon: Fix unregister crash when more than one framebuffer ACPI/APEI: Clear GHES block_status before panic() igb: Fix an issue that PME is not enabled during runtime suspend ice: Do not enable NAPI on q_vectors that have no rings i40e: define proper net_device::neigh_priv_len fbdev: fbmem: behave better with small rotated displays and many CPUs md: fix raid10 hang issue caused by barrier video: clps711x-fb: release disp device node in probe() drm/amd/display: validate extended dongle caps drbd: Avoid Clang warning about pointless switch statment drbd: skip spurious timeout (ping-timeo) when failing promote drbd: disconnect, if the wrong UUIDs are attached on a connected peer drbd: narrow rcu_read_lock in drbd_sync_handshake mlx5: update timecounter at least twice per counter overflow powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand iwlwifi: mvm: fix setting HE ppe FW config powerpc/perf: Fix thresholding counter data for unknown type net: hns3: add max vector number check for pf cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() scsi: smartpqi: increase fw status register read timeout scsi: smartpqi: correct volume status scsi: smartpqi: correct host serial num for ssa mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi mac80211: fix radiotap vendor presence bitmap handling powerpc/uaccess: fix warning/error with access_ok() drm/amd/display: fix YCbCr420 blank color Bluetooth: hci_bcm: Handle deferred probing for the clock supply drm/amd/display: Add retry to read ddc_clock pin net: hns3: fix incomplete uninitialization of IRQ in the hns3_nic_uninit_vector_data() percpu: convert spin_lock_irq to spin_lock_irqsave. perf tools: Cast off_t to s64 to avoid warning on bionic libc perf header: Fix up argument to ctime() usb: musb: dsps: fix runtime pm for peripheral mode usb: musb: dsps: fix otg state machine arm64: KVM: Skip MMIO insn after emulation livepatch: check kzalloc return values tools/power/x86/intel_pstate_tracer: Fix non root execution for post processing a trace file bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings. i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E) perf probe: Fix unchecked usage of strncpy() btrfs: use tagged writepage to mitigate livelock of snapshot perf header: Fix unchecked usage of strncpy() perf dso: Fix unchecked usage of strncpy() perf test: Fix perf_event_attr test failure tty: serial: samsung: Properly set flags in autoCTS mode serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure serial: sh-sci: Fix locking in sci_submit_rx() btrfs: harden agaist duplicate fsid on scanned devices usb: renesas_usbhs: add support for RZ/G2E mmc: jz4740: Get CD/WP GPIOs from descriptors mmc: sdhci-xenon: Fix timeout checks mmc: sdhci-omap: Fix timeout checks mmc: sdhci-of-esdhc: Fix timeout checks memstick: Prevent memstick host from getting runtime suspended during card detection mmc: meson-mx-sdio: check devm_kasprintf for failure mmc: bcm2835: reset host on timeout mmc: bcm2835: Recover from MMC_SEND_EXT_CSD KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M ARM: pxa: avoid section mismatch warning selftests/bpf: use __bpf_constant_htons in test_prog.c switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite udf: Fix BUG on corrupted inode mlxsw: spectrum_acl: Limit priority value phy: sun4i-usb: add support for missing USB PHY index i2c-axxia: check for error conditions first lightnvm: pblk: add lock protection to list operations lightnvm: pblk: fix resubmission of overwritten write err lbas drm/msm: dpu: Only check flush register against pending flushes drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver tee: optee: avoid possible double list_del() OPP: Use opp_table->regulators to verify no regulator case cpuidle: big.LITTLE: fix refcount leak platform/x86: mlx-platform: Fix tachometer registers clk: imx6sl: ensure MMDC CH0 handshake is bypassed sata_rcar: fix deferred probing iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer iommu/arm-smmu: Add support for qcom,smmu-v2 variant iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads usb: dwc3: gadget: Disable CSP for stream OUT ep ARM: dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1 watchdog: renesas_wdt: don't set divider while watchdog is running ARM: dts: Fix up the D-Link DIR-685 MTD partition info media: coda: fix H.264 deblocking filter controls mips: bpf: fix encoding bug for mm_srlv32_op ARM: dts: Fix OMAP4430 SDP Ethernet startup iommu/amd: Fix amd_iommu=force_isolation pinctrl: sx150x: handle failure case of devm_kstrdup gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack gpio: mt7621: report failure of devm_kasprintf() usb: dwc3: trace: add missing break statement to make compiler happy IB/hfi1: Unreserve a reserved request when it is completed kobject: return error code if writing /sys/.../uevent fails driver core: Move async_synchronize_full call tipc: fix node keep alive interval calculation drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2) media: imx274: select REGMAP_I2C clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) timekeeping: Use proper seqcount initializer usb: hub: delay hub autosuspend if USB3 port is still link training usb: dwc2: Disable power down feature on Samsung SoCs usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb() xtensa: xtfpga.dtsi: fix dtc warnings about SPI smack: fix access permissions for keyring media: DaVinci-VPBE: fix error handling in vpbe_initialize() media: i2c: TDA1997x: select CONFIG_HDMI x86/fpu: Add might_fault() to user_insn() ARM: dts: aspeed: add missing memory unit-address ARM: dts: mmp2: fix TWSI2 drm/v3d: Fix prime imports of buffers from other drivers. arm64: ftrace: don't adjust the LR value mt76x0: dfs: fix IBI_R11 configuration on non-radar channels s390/zcrypt: improve special ap message cmd handling firmware/efi: Add NULL pointer checks in efivars API functions thermal: Fix locking in cooling device sysfs update cur_state Thermal: do not clear passive state during system sleep arm64: io: Ensure value passed to __iormb() is held in a 64-bit register perf: arm_spe: handle devm_kasprintf() failure drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() nfsd4: fix crash on writing v4_end_grace before nfsd startup soc: bcm: brcmstb: Don't leak device tree node reference sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN net: aquantia: return 'err' if set MPI_DEINIT state fails arm64: io: Ensure calls to delay routines are ordered against prior readX() i2c: sh_mobile: add support for r8a77990 (R-Car E3) f2fs: fix wrong return value of f2fs_acl_create f2fs: fix race between write_checkpoint and write_begin f2fs: move dir data flush to write checkpoint process staging: pi433: fix potential null dereference ACPI: SPCR: Consider baud rate 0 as preconfigured state media: adv*/tc358743/ths8200: fill in min width/height/pixelclock iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID iio: adc: meson-saradc: fix internal clock names iio: adc: meson-saradc: check for devm_kasprintf failure powerpc/32: Add .data..Lubsan_data*/.data..Lubsan_type* sections explicitly dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll ptp: Fix pass zero to ERR_PTR() in ptp_clock_register clk: meson: meson8b: mark the CPU clock as CLK_IS_CRITICAL clk: meson: meson8b: fix the width of the cpu_scale_div clock clk: meson: meson8b: do not use cpu_div3 for cpu_scale_out_sel staging: erofs: fix the definition of DBG_BUGON media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() media: video-i2c: avoid accessing released memory area when removing driver media: rc: ensure close() is called on rc_unregister_device soc/tegra: Don't leak device tree node reference perf tools: Add Hygon Dhyana support modpost: validate symbol names also in find_elf_symbol net/mlx5: EQ, Use the right place to store/read IRQ affinity hint bpf: libbpf: retry map creation without the name drm/amd/display: calculate stream->phy_pix_clk before clock mapping drm/amd/display: fix gamma not being applied correctly ARM: OMAP2+: hwmod: Fix some section annotations drm/rockchip: fix for mailbox read size usbnet: smsc95xx: fix rx packet alignment staging: iio: ad7780: update voltage on read scsi: hisi_sas: change the time of SAS SSP connection i40e: prevent overlapping tx_timeout recover platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup vbox: fix link error with 'gcc -Og' fpga: altera-cvp: fix 'bad IO access' on x86_64 Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1 fpga: altera-cvp: Fix registration for CvP incapable devices staging:iio:ad2s90: Make probe handle spi_setup failure iwlwifi: fw: do not set sgi bits for HE connection dpaa2-ptp: defer probe when portal allocation failed MIPS: Boston: Disable EG20T prefetch ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl serial: fsl_lpuart: clear parity enable bit when disable parity drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE crypto: aes_ti - disable interrupts while accessing S-box powerpc/pseries: add of_node_put() in dlpar_detach_node() x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) dlm: Don't swamp the CPU with callbacks queued during recovery clk: boston: fix possible memory leak in clk_boston_setup() ARM: 8808/1: kexec:offline panic_smp_self_stop CPU scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event scsi: mpt3sas: Call sas_remove_host before removing the target devices scsi: lpfc: Correct LCB RJT handling ath9k: dynack: use authentication messages for 'late' ack ath10k: assign 'n_cipher_suites' for WCN3990 wil6210: fix memory leak in wil_find_tx_bcast_2 wil6210: fix reset flow for Talyn-mb nds32: Fix gcc 8.0 compiler option incompatible. gpu: ipu-v3: image-convert: Prevent race between run and unprepare genirq/affinity: Spread IRQs to all available NUMA nodes drm/sun4i: Initialize registers in tcon-top driver gpiolib: Fix possible use after free on label ASoC: Intel: mrfld: fix uninitialized variable access pinctrl: bcm2835: Use raw spinlock for RT compatibility drm/vgem: Fix vgem_init to get drm device available. staging: iio: adc: ad7280a: handle error from __ad7280_read32() drm/bufs: Fix Spectre v1 vulnerability devres: Align data[] to ARCH_KMALLOC_MINALIGN ANDROID: Turn xt_owner module on UPSTREAM: virt_wifi: fix error return code in virt_wifi_newlink() Conflicts: arch/arm64/include/asm/io.h drivers/iommu/arm-smmu.c drivers/thermal/thermal_core.c Change-Id: Ic348640eaeb3501bfc61d0b6907b7fcbb83f5118 Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Miklos Szeredi
|
6ccc9e1128 |
fuse: handle zero sized retrieve correctly
commit 97e1532ef81acb31c30f9e75bf00306c33a77812 upstream.
Dereferencing req->page_descs[0] will Oops if req->max_pages is zero.
Reported-by: syzbot+c1e36d30ee3416289cc0@syzkaller.appspotmail.com
Tested-by: syzbot+c1e36d30ee3416289cc0@syzkaller.appspotmail.com
Fixes:
|
||
Miklos Szeredi
|
f99027ab63 |
fuse: decrement NR_WRITEBACK_TEMP on the right page
commit a2ebba824106dabe79937a9f29a875f837e1b6d4 upstream.
NR_WRITEBACK_TEMP is accounted on the temporary page in the request, not
the page cache page.
Fixes:
|
||
Jann Horn
|
48be0eb05e |
fuse: call pipe_buf_release() under pipe lock
commit 9509941e9c534920ccc4771ae70bd6cbbe79df1c upstream.
Some of the pipe_buf_release() handlers seem to assume that the pipe is
locked - in particular, anon_pipe_buf_release() accesses pipe->tmp_page
without taking any extra locks. From a glance through the callers of
pipe_buf_release(), it looks like FUSE is the only one that calls
pipe_buf_release() without having the pipe locked.
This bug should only lead to a memory leak, nothing terrible.
Fixes:
|
||
Ivaylo Georgiev
|
cde0ba6694 |
Merge android-4.19.11 (a87fb6b ) into msm-4.19
* refs/heads/tmp-a87fb6b: Linux 4.19.11 x86/build: Fix compiler support check for CONFIG_RETPOLINE dm zoned: Fix target BIO completion handling drm/amdgpu: update SMC firmware image for polaris10 variants drm/amdgpu: update smu firmware images for VI variants (v2) drm/amdgpu: add some additional vega10 pci ids drm/amdkfd: add new vega10 pci ids drm/amdgpu/powerplay: Apply avfs cks-off voltages on VI drm/i915/execlists: Apply a full mb before execution for Braswell drm/i915/gvt: Fix tiled memory decoding bug on BDW Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" drm/nouveau/kms/nv50-: also flush fb writes when rewinding push buffer drm/nouveau/kms: Fix memory leak in nv50_mstm_del() powerpc: Look for "stdout-path" when setting up legacy consoles powerpc/msi: Fix NULL pointer access in teardown code media: vb2: don't call __vb2_queue_cancel if vb2_start_streaming failed tracing: Fix memory leak of instance function hash filters tracing: Fix memory leak in set_trigger_filter() tracing: Fix memory leak in create_filter() dm: call blk_queue_split() to impose device limits on bios dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() dm thin: send event about thin-pool state change _after_ making it ARM: dts: bcm2837: Fix polarity of wifi reset GPIOs ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS mmc: sdhci: fix the timeout check window for clock and reset mmc: sdhci-omap: Fix DCRC error handling during tuning mmc: core: use mrq->sbc when sending CMD23 for RPMB MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 ovl: fix missing override creds in link of a metacopy upper ovl: fix decode of dir file handle with multi lower layers block/bio: Do not zero user pages arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered fs/iomap.c: get/put the page in iomap_page_create/release() scripts/spdxcheck.py: always open files in binary mode aio: fix spectre gadget in lookup_ioctx pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 drm/msm: fix address space warning ARM: dts: qcom-apq8064-arrow-sd-600eval fix graph_endpoint warning i2c: aspeed: fix build warning slimbus: ngd: mark PM functions as __maybe_unused staging: olpc_dcon: add a missing dependency scsi: raid_attrs: fix unused variable warning sched/pelt: Fix warning and clean up IRQ PELT config FROMGIT: dm verity: log the hash algorithm implementation FROMGIT: dm crypt: log the encryption algorithm implementation ANDROID: sched: Clean-up SchedTune documentation ANDROID: sched/events: Fix out of bound memory access Conflicts: drivers/gpu/drm/msm/disp/dpu1/dpu_dbg.c drivers/slimbus/qcom-ngd-ctrl.c init/Kconfig Change-Id: I52e910e1330e8cac1103c32e0cd0fc43ddeac744 Signed-off-by: Ivaylo Georgiev <irgeorgiev@codeaurora.org> |
||
Chad Austin
|
d9267e1360 |
fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS
commit 2e64ff154ce6ce9a8dc0f9556463916efa6ff460 upstream.
When FUSE_OPEN returns ENOSYS, the no_open bit is set on the connection.
Because the FUSE_RELEASE and FUSE_RELEASEDIR paths share code, this
incorrectly caused the FUSE_RELEASEDIR request to be dropped and never sent
to userspace.
Pass an isdir bool to distinguish between FUSE_RELEASE and FUSE_RELEASEDIR
inside of fuse_file_put.
Fixes:
|
||
Blagovest Kolenichev
|
60b1073aea |
Merge LTS tag v4.19.3 into msm-kona
* refs/heads/tmp-73aa1c8: Revert "drm/msm: dpu: Allow planes to extend past active display" Revert "drm/msm/disp/dpu: Use proper define for drm_encoder_init() 'encoder_type'" Linux 4.19.3 Revert "ACPICA: AML interpreter: add region addresses in global list during initialization" CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM drm/i915: Fix hpd handling for pins with two encoders drm/i915: Fix NULL deref when re-enabling HPD IRQs on systems with MST drm/i915: Fix possible race in intel_dp_add_mst_connector() drm/i915/execlists: Force write serialisation into context image vs execution drm/i915/ringbuffer: Delay after EMIT_INVALIDATE for gen4/gen5 drm/i915: Mark pin flags as u64 drm/i915: Don't oops during modeset shutdown after lpe audio deinit drm/i915: Compare user's 64b GTT offset even on 32b drm/i915: Fix ilk+ watermarks when disabling pipes drm/i915: Fix error handling for the NV12 fb dimensions check drm/i915: Mark up GTT sizes as u64 drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values drm/i915/icl: Fix the macros for DFLEXDPMLE register bits drm/i915/dp: Restrict link retrain workaround to external monitors drm/i915/dp: Fix link retraining comment in intel_dp_long_pulse() drm/i915: Large page offsets for pread/pwrite drm/i915: Skip vcpi allocation for MSTB ports that are gone drm/i915: Don't unset intel_connector->mst_port drm/i915: Restore vblank interrupts earlier drm/i915: Use the correct crtc when sanitizing plane mapping drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode drm: panel-orientation-quirks: Add quirk for Acer One 10 (S1003) drm/dp_mst: Check if primary mstb is null drm/etnaviv: fix bogus fence complete check in timeout handler drm/amd/powerplay: Enable/Disable NBPSTATE on On/OFF of UVD drm/nouveau: Fix nv50_mstc->best_encoder() drm/nouveau: Check backlight IDs are >= 0, not > 0 drm/amdgpu: Suppress keypresses from ACPI_VIDEO events drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type drm/amdgpu: Fix typo in amdgpu_vmid_mgr_init drm/rockchip: Allow driver to be shutdown on reboot/kexec scripts/spdxcheck.py: make python3 compliant mm: don't reclaim inodes with many attached pages efi/arm/libstub: Pack FDT after populating it mm/swapfile.c: use kvzalloc for swap_info_struct allocation hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn crypto: user - fix leaking uninitialized memory to userspace libata: blacklist SAMSUNG MZ7TD256HAFV-000L9 SSD gfs2: Fix metadata read-ahead during truncate (2) gfs2: Put bitmap buffers in put_super selinux: check length properly in SCTP bind hook fuse: fix possibly missed wake-up after abort fuse: fix leaked notify reply fuse: fix use-after-free in fuse_direct_IO() rtc: hctosys: Add missing range error reporting nfsd: COPY and CLONE operations require the saved filehandle to be set NFSv4: Don't exit the state manager without clearing NFS4CLNT_MANAGER_RUNNING sunrpc: correct the computation for page_ptr when truncating kdb: print real address of pointers instead of hashed addresses kdb: use correct pointer when 'btc' calls 'btt' ARM: cpuidle: Don't register the driver when back-end init returns -ENXIO uapi: fix linux/kfd_ioctl.h userspace compilation errors mnt: fix __detach_mounts infinite loop mount: Prevent MNT_DETACH from disconnecting locked mounts mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts mount: Retest MNT_LOCKED in do_umount ext4: fix buffer leak in __ext4_read_dirblock() on error path ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path ext4: fix buffer leak in ext4_xattr_move_to_block() on error path ext4: release bs.bh before re-using in ext4_xattr_block_find() ext4: fix buffer leak in ext4_xattr_get_block() on error path ext4: fix possible leak of s_journal_flag_rwsem in error path ext4: fix possible leak of sbi->s_group_desc_leak in error path ext4: avoid possible double brelse() in add_new_gdb() on error path ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing ext4: avoid buffer leak in ext4_orphan_add() after prior errors ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() ext4: fix possible inode leak in the retry loop of ext4_resize_fs() ext4: missing !bh check in ext4_xattr_inode_write() ext4: avoid potential extra brelse in setup_new_flex_group_blocks() ext4: add missing brelse() add_new_gdb_meta_bg()'s error path ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path ext4: add missing brelse() update_backups()'s error path clockevents/drivers/i8253: Add support for PIT shutdown quirk btrfs: tree-checker: Fix misleading group system information Btrfs: fix data corruption due to cloning of eof block Btrfs: fix infinite loop on inode eviction after deduplication of eof block Btrfs: fix cur_offset in the error case for nocow Btrfs: fix missing data checksums after a ranged fsync (msync) btrfs: fix pinned underflow after transaction aborted watchdog/core: Add missing prototypes for weak functions arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 termios, tty/tty_baudrate.c: fix buffer overrun x86/hyper-v: Enable PIT shutdown quirk x86/cpu/vmware: Do not trace vmware_sched_clock() of, numa: Validate some distance map rules perf intel-pt: Insert callchain context into synthesized callchains perf intel-pt/bts: Calculate cpumode for synthesized samples perf callchain: Honour the ordering of PERF_CONTEXT_{USER,KERNEL,etc} perf stat: Handle different PMU names with common prefix perf cs-etm: Correct CPU mode for samples hwmon: (core) Fix double-free in __hwmon_device_register() mtd: docg3: don't set conflicting BCH_CONST_PARAMS option mtd: nand: Fix nanddev_neraseblocks() mtd: spi-nor: cadence-quadspi: Return error code in cqspi_direct_read_execute() bonding/802.3ad: fix link_failure_count tracking ARM: 8809/1: proc-v7: fix Thumb annotation of cpu_v7_hvc_switch_mm netfilter: conntrack: fix calculation of next bucket number in early_drop memory_hotplug: cond_resched in __remove_pages mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings ocfs2: free up write context when direct IO failed ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry soc: ti: QMSS: Fix usage of irq_set_affinity_hint Revert "powerpc/8xx: Use L1 entry APG to handle _PAGE_ACCESSED for CONFIG_SWAP" SCSI: fix queue cleanup race before queue initialization is done scsi: qla2xxx: Initialize port speed to avoid setting lower speed vhost/scsi: truncate T10 PI iov_iter to prot_bytes crypto: hisilicon - Fix reference after free of memories on error path crypto: hisilicon - Fix NULL dereference for same dst and src reset: hisilicon: fix potential NULL pointer dereference acpi, nfit: Fix ARS overflow continuation acpi/nfit, x86/mce: Validate a MCE's address before using it acpi/nfit, x86/mce: Handle only uncorrectable machine checks mach64: fix image corruption due to reading accelerator registers mach64: fix display corruption on big endian machines thermal: core: Fix use-after-free in thermal_cooling_device_destroy_sysfs Revert "ceph: fix dentry leak in splice_dentry()" libceph: bump CEPH_MSG_MAX_DATA_LEN clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call clk: rockchip: fix wrong mmc sample phase shift for rk3328 clk: sunxi-ng: h6: fix bus clocks' divider position clk: at91: Fix division by zero in PLL recalc_rate() clk: s2mps11: Fix matching when built as module and DT node contains compatible um: Drop own definition of PTRACE_SYSEMU/_SINGLESTEP xtensa: fix boot parameters address translation xtensa: make sure bFLT stack is 16 byte aligned xtensa: add NOTES section to the linker script MIPS: Loongson-3: Fix BRIDGE irq delivery problem MIPS: Loongson-3: Fix CPU UART irq delivery problem zram: close udev startup race condition as default groups clk: meson: axg: mark fdiv2 and fdiv3 as critical clk: meson-gxbb: set fclk_div3 as CLK_IS_CRITICAL arm64: dts: stratix10: fix multicast filtering arm64: dts: stratix10: Support Ethernet Jumbo frame drm/msm: fix OF child-node lookup fuse: set FR_SENT while locked fuse: fix blocked_waitq wakeup fuse: Fix use-after-free in fuse_dev_do_write() fuse: Fix use-after-free in fuse_dev_do_read() vfs: fix FIGETBSZ ioctl on an overlayfs file scsi: qla2xxx: Fix driver hang when FC-NVMe LUNs are configured scsi: qla2xxx: Fix duplicate switch database entries scsi: qla2xxx: Fix NVMe Target discovery scsi: qla2xxx: Fix NVMe session hang on unload scsi: qla2xxx: Fix for double free of SRB structure scsi: qla2xxx: Fix re-using LoopID when handle is in use scsi: qla2xxx: Reject bsg request if chip is down. scsi: qla2xxx: shutdown chip if reset fail scsi: qla2xxx: Fix early srb free on abort scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx scsi: qla2xxx: Fix process response queue for ISP26XX and above scsi: qla2xxx: Fix incorrect port speed being set for FC adapters serial: sh-sci: Fix could not remove dev_attr_rx_fifo_timeout ovl: automatically enable redirect_dir on metacopy=on ovl: check whiteout in ovl_create_over_whiteout() ovl: fix recursive oi->lock in ovl_link() ovl: fix error handling in ovl_verify_set_fh() cdrom: fix improper type cast, which can leat to information leak. media: ov5640: fix restore of last mode set drm/amdgpu: fix integer overflow test in amdgpu_bo_list_create() 9p: clear dangling pointers in p9stat_free media: ov5640: fix mode change regression ARM: dts: imx6ull: keep IMX6UL_ prefix for signals on both i.MX6UL and i.MX6ULL udf: Prevent write-unsupported filesystem to be remounted read-write 9p locks: fix glock.client_id leak in do_lock staging: most: video: fix registration of an empty comp core_component drm/amdgpu: Fix SDMA TO after GPU reset v3 drm: rcar-du: Update Gen3 output limitations staging:iio:ad7606: fix voltage scales powerpc/selftests: Wait all threads to join media: tvp5150: fix width alignment during set_selection() sc16is7xx: Fix for multi-channel stall serial: 8250_of: Fix for lack of interrupt support staging: erofs: fix a missing endian conversion MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS powerpc/memtrace: Remove memory in chunks powerpc/boot: Ensure _zimage_start is a weak symbol MIPS: kexec: Mark CPU offline before disabling local IRQ media: coda: don't overwrite h.264 profile_idc on decoder instance media: pci: cx23885: handle adding to list failure drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer pointer drm/amd/display: fix gamma not being applied drm/amd/display: Raise dispclk value for dce120 by 15% drm/omap: fix memory barrier bug in DMM driver powerpc/mm: Don't report hugepage tables as memory leaks when using kmemleak drm/msm: dpu: Allow planes to extend past active display drm/msm/disp/dpu: Use proper define for drm_encoder_init() 'encoder_type' drm/msm/gpu: fix parameters in function msm_gpu_crashstate_capture powerpc/nohash: fix undefined behaviour when testing page size support ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL drm/amdgpu/powerplay: fix missing break in switch statements drm/nouveau/secboot/acr: fix memory leak tracing/kprobes: Check the probe on unloaded module correctly tty: check name length in tty_find_polling_driver() powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() powerpc/Makefile: Fix PPC_BOOK3S_64 ASFLAGS Input: wm97xx-ts - fix exit path drm/amd/display: fix bug of accessing invalid memory powerpc/mm: fix always true/false warning in slice.c powerpc/mm: Fix page table dump to work on Radix powerpc/64/module: REL32 relocation range check powerpc/traps: restore recoverability of machine_check interrupts Change-Id: Id971c3ddeb610be8aee4ff531ec3fb20ad0db58d Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
Miklos Szeredi
|
18cd6106cf |
fuse: fix possibly missed wake-up after abort
commit 2d84a2d19b6150c6dbac1e6ebad9c82e4c123772 upstream.
In current fuse_drop_waiting() implementation it's possible that
fuse_wait_aborted() will not be woken up in the unlikely case that
fuse_abort_conn() + fuse_wait_aborted() runs in between checking
fc->connected and calling atomic_dec(&fc->num_waiting).
Do the atomic_dec_and_test() unconditionally, which also provides the
necessary barrier against reordering with the fc->connected check.
The explicit smp_mb() in fuse_wait_aborted() is not actually needed, since
the spin_unlock() in fuse_abort_conn() provides the necessary RELEASE
barrier after resetting fc->connected. However, this is not a performance
sensitive path, and adding the explicit barrier makes it easier to
document.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes:
|
||
Miklos Szeredi
|
280da47603 |
fuse: fix leaked notify reply
commit 7fabaf303458fcabb694999d6fa772cc13d4e217 upstream. fuse_request_send_notify_reply() may fail if the connection was reset for some reason (e.g. fs was unmounted). Don't leak request reference in this case. Besides leaking memory, this resulted in fc->num_waiting not being decremented and hence fuse_wait_aborted() left in a hanging and unkillable state. Fixes: |
||
Lukas Czerner
|
c0f5298635 |
fuse: fix use-after-free in fuse_direct_IO()
commit ebacb81273599555a7a19f7754a1451206a5fc4f upstream.
In async IO blocking case the additional reference to the io is taken for
it to survive fuse_aio_complete(). In non blocking case this additional
reference is not needed, however we still reference io to figure out
whether to wait for completion or not. This is wrong and will lead to
use-after-free. Fix it by storing blocking information in separate
variable.
This was spotted by KASAN when running generic/208 fstest.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Reported-by: Zorro Lang <zlang@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes:
|
||
Miklos Szeredi
|
c1ef6c983a |
fuse: set FR_SENT while locked
commit 4c316f2f3ff315cb48efb7435621e5bfb81df96d upstream.
Otherwise fuse_dev_do_write() could come in and finish off the request, and
the set_bit(FR_SENT, ...) could trigger the WARN_ON(test_bit(FR_SENT, ...))
in request_end().
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reported-by: syzbot+ef054c4d3f64cd7f7cec@syzkaller.appspotmai
Fixes:
|
||
Miklos Szeredi
|
1ed087a7d7 |
fuse: fix blocked_waitq wakeup
commit 908a572b80f6e9577b45e81b3dfe2e22111286b8 upstream.
Using waitqueue_active() is racy. Make sure we issue a wake_up()
unconditionally after storing into fc->blocked. After that it's okay to
optimize with waitqueue_active() since the first wake up provides the
necessary barrier for all waiters, not the just the woken one.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes:
|
||
Kirill Tkhai
|
569fda5c01 |
fuse: Fix use-after-free in fuse_dev_do_write()
commit d2d2d4fb1f54eff0f3faa9762d84f6446a4bc5d0 upstream.
After we found req in request_find() and released the lock,
everything may happen with the req in parallel:
cpu0 cpu1
fuse_dev_do_write() fuse_dev_do_write()
req = request_find(fpq, ...) ...
spin_unlock(&fpq->lock) ...
... req = request_find(fpq, oh.unique)
... spin_unlock(&fpq->lock)
queue_interrupt(&fc->iq, req); ...
... ...
... ...
request_end(fc, req);
fuse_put_request(fc, req);
... queue_interrupt(&fc->iq, req);
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes:
|
||
Kirill Tkhai
|
e8e17b1be3 |
fuse: Fix use-after-free in fuse_dev_do_read()
commit bc78abbd55dd28e2287ec6d6502b842321a17c87 upstream.
We may pick freed req in this way:
[cpu0] [cpu1]
fuse_dev_do_read() fuse_dev_do_write()
list_move_tail(&req->list, ...); ...
spin_unlock(&fpq->lock); ...
... request_end(fc, req);
... fuse_put_request(fc, req);
if (test_bit(FR_INTERRUPTED, ...))
queue_interrupt(fiq, req);
Fix that by keeping req alive until we finish all manipulations.
Reported-by: syzbot+4e975615ca01f2277bdd@syzkaller.appspotmail.com
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes:
|
||
Sami Tolvanen
|
57a50d911c |
ANDROID: fs: fuse: fix filler function type mismatch
Bug: 67506682 Change-Id: Iabe7cdcc90dd2ea62976860531b8cbfcd76bd64b Signed-off-by: Sami Tolvanen <samitolvanen@google.com> |
||
Ritesh Harjani
|
08aeb46279 |
ANDROID: fuse: Add null terminator to path in canonical path to avoid issue
page allocated in fuse_dentry_canonical_path to be handled in fuse_dev_do_write is allocated using __get_free_pages(GFP_KERNEL). This may not return a page with data filled with 0. Now this page may not have a null terminator at all. If this happens and userspace fuse daemon screws up by passing a string to kernel which is not NULL terminated (or did not fill anything), then inside fuse driver in kernel when we try to do strlen(fuse_dev_write->kern_path->getname_kernel) on that page data -> it may give us issue with kernel paging request. Unable to handle kernel paging request at virtual address ------------[ cut here ]------------ <..> PC is at strlen+0x10/0x90 LR is at getname_kernel+0x2c/0xf4 <..> strlen+0x10/0x90 kern_path+0x28/0x4c fuse_dev_do_write+0x5b8/0x694 fuse_dev_write+0x74/0x94 do_iter_readv_writev+0x80/0xb8 do_readv_writev+0xec/0x1cc vfs_writev+0x54/0x64 SyS_writev+0x64/0xe4 el0_svc_naked+0x24/0x28 To avoid this we should ensure in case of FUSE_CANONICAL_PATH, the page is null terminated. Change-Id: I33ca7cc76b4472eaa982c67bb20685df451121f5 Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org> Bug: 75984715 [Daniel - small edit, using args size ] Signed-off-by: Daniel Rosenberg <drosen@google.com> |
||
Daniel Rosenberg
|
dd73e5efa8 |
ANDROID: fuse: Add support for d_canonical_path
Allows FUSE to report to inotify that it is acting as a layered filesystem. The userspace component returns a string representing the location of the underlying file. If the string cannot be resolved into a path, the top level path is returned instead. bug: 23904372 Change-Id: Iabdca0bbedfbff59e9c820c58636a68ef9683d9f Signed-off-by: Daniel Rosenberg <drosen@google.com> |
||
Linus Torvalds
|
ad1d697358 |
fuse update for 4.19
This contains various bug fixes and cleanups. -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQSQHSd0lITzzeNWNm3h3BK/laaZPAUCW3xvGwAKCRDh3BK/laaZ PKECAP9qUpdtQ5RaIL/y9OGZzJLSZbBZuK3LGNY2u2B3EfrSjgEAvhkhXyOQgvVi kgYLNszbg/C+w8U4Xc5GWB6cjNm6rwE= =GJI7 -----END PGP SIGNATURE----- Merge tag 'fuse-update-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse update from Miklos Szeredi: "Various bug fixes and cleanups" * tag 'fuse-update-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: reduce allocation size for splice_write fuse: use kvmalloc to allocate array of pipe_buffer structs. fuse: convert last timespec use to timespec64 fs: fuse: Adding new return type vm_fault_t fuse: simplify fuse_abort_conn() fuse: Add missed unlock_page() to fuse_readpages_fill() fuse: Don't access pipe->buffers without pipe_lock() fuse: fix initial parallel dirops fuse: Fix oops at process_init_reply() fuse: umount should wait for all requests fuse: fix unlocked access to processing queue fuse: fix double request_end() |
||
Linus Torvalds
|
0214f46b3a |
Merge branch 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull core signal handling updates from Eric Biederman: "It was observed that a periodic timer in combination with a sufficiently expensive fork could prevent fork from every completing. This contains the changes to remove the need for that restart. This set of changes is split into several parts: - The first part makes PIDTYPE_TGID a proper pid type instead something only for very special cases. The part starts using PIDTYPE_TGID enough so that in __send_signal where signals are actually delivered we know if the signal is being sent to a a group of processes or just a single process. - With that prep work out of the way the logic in fork is modified so that fork logically makes signals received while it is running appear to be received after the fork completes" * 'siginfo-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (22 commits) signal: Don't send signals to tasks that don't exist signal: Don't restart fork when signals come in. fork: Have new threads join on-going signal group stops fork: Skip setting TIF_SIGPENDING in ptrace_init_task signal: Add calculate_sigpending() fork: Unconditionally exit if a fatal signal is pending fork: Move and describe why the code examines PIDNS_ADDING signal: Push pid type down into complete_signal. signal: Push pid type down into __send_signal signal: Push pid type down into send_signal signal: Pass pid type into do_send_sig_info signal: Pass pid type into send_sigio_to_task & send_sigurg_to_task signal: Pass pid type into group_send_sig_info signal: Pass pid and pid type into send_sigqueue posix-timers: Noralize good_sigevent signal: Use PIDTYPE_TGID to clearly store where file signals will be sent pid: Implement PIDTYPE_TGID pids: Move the pgrp and session pid pointers from task_struct to signal_struct kvm: Don't open code task_pid in kvm_vcpu_ioctl pids: Compute task_tgid using signal->leader_pid ... |
||
Linus Torvalds
|
0ea97a2d61 |
Merge branch 'work.mkdir' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs icache updates from Al Viro: - NFS mkdir/open_by_handle race fix - analogous solution for FUSE, replacing the one currently in mainline - new primitive to be used when discarding halfway set up inodes on failed object creation; gives sane warranties re icache lookups not returning such doomed by still not freed inodes. A bunch of filesystems switched to that animal. - Miklos' fix for last cycle regression in iget5_locked(); -stable will need a slightly different variant, unfortunately. - misc bits and pieces around things icache-related (in adfs and jfs). * 'work.mkdir' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: jfs: don't bother with make_bad_inode() in ialloc() adfs: don't put inodes into icache new helper: inode_fake_hash() vfs: don't evict uninitialized inode jfs: switch to discard_new_inode() ext2: make sure that partially set up inodes won't be returned by ext2_iget() udf: switch to discard_new_inode() ufs: switch to discard_new_inode() btrfs: switch to discard_new_inode() new primitive: discard_new_inode() kill d_instantiate_no_diralias() nfs_instantiate(): prevent multiple aliases for directory inode |
||
Al Viro
|
c971e6a006 |
kill d_instantiate_no_diralias()
The only user is fuse_create_new_entry(), and there it's used to mitigate the same mkdir/open-by-handle race as in nfs_mkdir(). The same solution applies - unhash the mkdir argument, then call d_splice_alias() and if that returns a reference to preexisting alias, dput() and report success. ->mkdir() argument left unhashed negative with the preexisting alias moved in the right place is just fine from the ->mkdir() callers point of view. Cc: Miklos Szeredi <miklos@szeredi.hu> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
Andrey Ryabinin
|
9635453572 |
fuse: reduce allocation size for splice_write
The 'bufs' array contains 'pipe->buffers' elements, but the fuse_dev_splice_write() uses only 'pipe->nrbufs' elements. So reduce the allocation size to 'pipe->nrbufs' elements. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
Andrey Ryabinin
|
d6d931adce |
fuse: use kvmalloc to allocate array of pipe_buffer structs.
The amount of pipe->buffers is basically controlled by userspace by fcntl(... F_SETPIPE_SZ ...) so it could be large. High order allocations could be slow (if memory is heavily fragmented) or may fail if the order is larger than PAGE_ALLOC_COSTLY_ORDER. Since the 'bufs' doesn't need to be physically contiguous, use the kvmalloc_array() to allocate memory. If high order page isn't available, the kvamalloc*() will fallback to 0-order. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
Arnd Bergmann
|
a64ba10f65 |
fuse: convert last timespec use to timespec64
All of fuse uses 64-bit timestamps with the exception of the fuse_change_attributes(), so let's convert this one as well. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
Souptick Joarder
|
46fb504a71 |
fs: fuse: Adding new return type vm_fault_t
Use new return type vm_fault_t for fault handler in struct
vm_operations_struct. For now, this is just documenting that the function
returns a VM_FAULT value rather than an errno. Once all instances are
converted, vm_fault_t will become a distinct type.
commit
|
||
Miklos Szeredi
|
75f3ee4c28 |
fuse: simplify fuse_abort_conn()
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
Kirill Tkhai
|
109728ccc5 |
fuse: Add missed unlock_page() to fuse_readpages_fill()
The above error path returns with page unlocked, so this place seems also
to behave the same.
Fixes:
|