Enabling v4l2loopback modules in kernel defconfigs
to create virtual video devices.
Change-Id: I96432310f24874effa5080620340325f97719d3a
Signed-off-by: E V Ravi <evenka@codeaurora.org>
The GCC wrapper writes any error message from GCC to stdout
along with the messages from the wrapper itself. This is okay
for most case, but when GCC is used with -print-xxx flags,
the stdout output is supposed to be taken as input to some
other build command, so putting error messages in there is
pretty bad. Fix this by writing error messages to stderr.
Change-Id: I4656033f11ba5212fdcc884cc588f8b9d2c23419
Signed-off-by: Shadab Naseem <snaseem@codeaurora.org>
Fix a coding error that lrb_in_use bitmap is cleared twice after its
corresponding request is completed. Otherwise, a tag, which is assigned
to a new request, get released from lrb_in_use in the first clear shall
be cleared again even before the new request is actually completed. Fix
this error by removing the second clear.
CRs-Fixed: 2417820
Change-Id: I4216fa32073d2a0f0f15c0979e4dd0ad542ce684
Signed-off-by: Ziqi Chen <ziqichen@codeaurora.org>
This module allows to create "virtual video devices".
Normal (v4l2) applications will read these devices as
if they were ordinary video devices.
Signed-off-by: E V Ravi <evenka@codeaurora.org>
Git-commit:541e3bc7aaf46dc9a21f92c7f527397fce03dfd8
Git-repo: https://github.com/umlaeute/v4l2loopback
Revision: v0.12.1
Change-Id: I294a02ee282404ae84e0d7dc62373a172b4f0c23
Add blocking support for SSR on the GHS platform. SSR will
block until receiving acknowledgment.
Change-Id: I549908f702318fc9e9dca5cdb12ad353881b6991
Signed-off-by: Anant Goel <anantg@codeaurora.org>
Currently the driver queues OUT EP request after ensuring that
is_busy flag is false, and then sets it true. It might be
possible that the queued request is completed before the
execution reaches next line to set is_busy to true. As a result,
is_busy remains true even after successful completion and no
further request is queued.
Fix this by first setting is_busy to true and then queueing the
request.
Change-Id: I87fce4e2cc94be8e6b6fb63fb1fc9afb9cf0d005
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
Validate buffer index obtained from ADSP token before using it.
CRs-Fixed: 2372302
Change-Id: I5c3b1634bd08b516844638dd67f726a882edfc17
Signed-off-by: Vignesh Kulothungan <vigneshk@codeaurora.org>
HDMI 2.0 compliance E-DDC test requires the DDC
signal timings to meet a minimum threshold to pass
the compliance test. Current DDC settings were not
matching the requirement.
Adjust the DDC settings to meet the threshold and
also make sure to leave the remaining bits of DDC
speed register untouched.
Change-Id: I1eb9304f219906e48f8dec988cd818b879911e71
Signed-off-by: Abhinav Kumar <abhinavk@codeaurora.org>
For repeaters having zero device count, the HDCP CTS expects
the device under test to either read V' and perform full
authentication or not read V' and re-authenticate.
Current HDCP driver reads V' and also re-authenticates causing
a failure of zero device count repeater test cases.
Fix this issue by implementing the correct sequence
in case of zero downstream devices.
Signed-off-by: Abhinav Kumar <abhinavk@codeaurora.org>
Change-Id: Idc36b4bc08091e23c23503aed815e19f459a62d2
DCVS is not required for automotive and it is causing significant
frame drops for some clips. Hence disable it for automotive, adding
an entry in DTSI so that this can be made platform-specific.
Change-Id: I02e7ec16c7024bbc82cae93aa3e27ca8a46bb503
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
Add a boot marker to indicate the time when video
driver probe is completed and the device is ready.
Change-Id: Ic9deb35cabbfa1cc7ad079656bde711014d3529e
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
In case WLAN driver probe is in progress and modem graceful
shutdown occurs and if modem shutdown request is sent just
before the mode on request sent to firmware, firmware may end up
in illegal memory access.
To address this issue, modem notifier needs to be blocked needs for
probe to complete or max 5 seconds timeout.
CRs-Fixed: 2381846
Change-Id: I9e13a11c56059cb29e161c34df11de484f87ac5e
Signed-off-by: Sandeep Singh <sandsing@codeaurora.org>
cnss_usb_data structure member plat_priv remains uninitialized till
the function invoke of cnss_usb_probe. This leads to the access of
uninitialized pointer plat_priv if CLD gets loaded prior to
firmware download completion. Hence initialize the plat_priv
in cnss_usb_data structure during cnss_usb_init.
Change-Id: Ic471eacf22b112aaffe61458e22c7a9102470467
Signed-off-by: Jayachandran Sreekumaran <jsreekum@codeaurora.org>
For triggering cold boot via fs_ready, the device ID
and bus type of QCN7605 USB was added in fs_ready and
cold boot cal start and done handlers.
Change-Id: I28801207c7833af18a09819cd9ab07ede556ac87
Signed-off-by: Rajasekaran Kalidoss <rkalidos@codeaurora.org>
Currently there a possibility of NULL pointer dereference while
accessing usb_info's buffer table due to missing proper protection.
The patch adds protection for the same.
Change-Id: I974a70a48e7ac47b42bc237aac4db1b9e47be6be
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Currently, there is possibility of memory leak due to not
freeing allocated memory for usb buffer's entry after
removing it from list. The patch handle this by freeing
the entry.
Change-Id: Idb08ecad859749e6ab1b09184362de38de4a9836
Signed-off-by: Hardik Arya <harya@codeaurora.org>
* refs/heads/tmp-0c3b8c4
Linux 4.4.177
KVM: X86: Fix residual mmio emulation request to userspace
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
drm/radeon/evergreen_cs: fix missing break in switch statement
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
PM / wakeup: Rework wakeup source timer cancellation
nfsd: fix wrong check in write_v4_end_grace()
nfsd: fix memory corruption caused by readdir
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
NFS: Fix an I/O request leakage in nfs_do_recoalesce
md: Fix failed allocation of md_register_thread
perf intel-pt: Fix overlap calculation for padding
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix CYC timestamp calculation after OVF
NFS41: pop some layoutget errors to application
dm: fix to_sector() for 32bit
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
powerpc/83xx: Also save/restore SPRG4-7 during suspend
powerpc/powernv: Make opal log only readable by root
powerpc/wii: properly disable use of BATs when requested.
powerpc/32: Clear on-stack exception marker upon exception return
jbd2: fix compile warning when using JBUFFER_TRACE
jbd2: clear dirty flag when revoking a buffer from an older transaction
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
serial: 8250_pci: Fix number of ports for ACCES serial cards
perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks
i2c: tegra: fix maximum transfer size
parport_pc: fix find_superio io compare code, should use equal test.
intel_th: Don't reference unassigned outputs
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
ext2: Fix underflow in ext2_max_size()
ext4: fix crash during online resizing
cpufreq: pxa2xx: remove incorrect __init annotation
cpufreq: tegra124: add missing of_node_put()
crypto: pcbc - remove bogus memcpy()s with src == dest
Btrfs: fix corruption reading shared and compressed extents after hole punching
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
m68k: Add -ffreestanding to CFLAGS
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
scsi: virtio_scsi: don't send sc payload with tmfs
s390/virtio: handle find on invalid queue gracefully
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
regulator: s2mpa01: Fix step values for some LDOs
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
ACPI / device_sysfs: Avoid OF modalias creation for removed device
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
CIFS: Fix read after write for files with read caching
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
stm class: Prevent division by zero
tmpfs: fix uninitialized return value in shmem_link
net: set static variable an initial value in atl2_probe()
mac80211_hwsim: propagate genlmsg_reply return code
phonet: fix building with clang
ARC: uacces: remove lp_start, lp_end from clobber list
tmpfs: fix link accounting when a tmpfile is linked in
arm64: Relax GIC version check during early boot
ASoC: topology: free created components in tplg load error
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
net: systemport: Fix reception of BPDUs
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
assoc_array: Fix shortcut creation
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
Input: st-keyscan - fix potential zalloc NULL dereference
i2c: cadence: Fix the hold bit setting
Input: matrix_keypad - use flush_delayed_work()
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
s390/dasd: fix using offset into zero size array error
gpu: ipu-v3: Fix CSI offsets for imx53
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
crypto: ahash - fix another early termination in hash walk
crypto: caam - fixed handling of sg list
stm class: Fix an endless loop in channel allocation
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
9p/net: fix memory leak in p9_client_create
9p: use inode->i_lock to protect i_size_write() under 32-bit
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
It's wrong to add len to sector_nr in raid10 reshape twice
fs/9p: use fscache mutex rather than spinlock
ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56
tcp/dccp: remove reqsk_put() from inet_child_forget()
gro_cells: make sure device is up in gro_cells_receive()
net/hsr: fix possible crash in add_timer()
vxlan: Fix GRO cells race condition between receive and link delete
vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
ipvlan: disallow userns cap_net_admin to change global mode/flags
missing barriers in some of unix_sock ->addr and ->path accesses
net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
mdio_bus: Fix use-after-free on device_register fails
net/x25: fix a race in x25_bind()
net/mlx4_core: Fix qp mtt size calculation
net/mlx4_core: Fix reset flow when in command polling mode
tcp: handle inet_csk_reqsk_queue_add() failures
route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
ravb: Decrease TxFIFO depth of Q3 and Q2 to one
pptp: dst_release sk_dst_cache in pptp_sock_destruct
net/x25: reset state in x25_connect()
net/x25: fix use-after-free in x25_device_event()
net: sit: fix UBSAN Undefined behaviour in check_6rd
net: hsr: fix memory leak in hsr_dev_finalize()
l2tp: fix infoleak in l2tp_ip6_recvmsg()
KEYS: restrict /proc/keys by credentials at open time
netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
netfilter: nfnetlink_log: just returns error for unknown command
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
udplite: call proper backlog handlers
ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420
Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls"
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
iscsi_ibft: Fix missing break in switch statement
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
MIPS: Remove function size check in get_frame_info()
perf symbols: Filter out hidden symbols from labels
s390/qeth: fix use-after-free in error path
dmaengine: dmatest: Abort test in case of mapping error
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
ARM: pxa: ssp: unneeded to free devm_ allocated data
autofs: fix error return in autofs_fill_super()
autofs: drop dentry reference only when it is never used
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
x86_64: increase stack size for KASAN_EXTRA
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
cifs: fix computation for MAX_SMB2_HDR_SIZE
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
scsi: libfc: free skb when receiving invalid flogi resp
nfs: Fix NULL pointer dereference of dev_name
gpio: vf610: Mask all GPIO interrupts
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
xtensa: SMP: limit number of possible CPUs by NR_CPUS
xtensa: SMP: mark each possible CPU as present
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: fix secondary CPU initialization
xtensa: SMP: fix ccount_timer_shutdown
iommu/amd: Fix IOMMU page flush when detach device from a domain
ipvs: Fix signed integer overflow when setsockopt timeout
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
perf tools: Handle TOPOLOGY headers with no CPU
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
media: uvcvideo: Fix 'type' check leading to overflow
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
net: dsa: mv88e6xxx: Fix u64 statistics
netlabel: fix out-of-bounds memory accesses
hugetlbfs: fix races and page leaks during migration
MIPS: irq: Allocate accurate order pages for irq stack
applicom: Fix potential Spectre v1 vulnerabilities
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
net: phy: Micrel KSZ8061: link failure after cable connect
net: avoid use IPCB in cipso_v4_error
net: Add __icmp_send helper.
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
bnxt_en: Drop oversize TX packets to prevent errors.
team: Free BPF filter when unregistering netdev
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
net-sysfs: Fix mem leak in netdev_register_kobject
staging: lustre: fix buffer overflow of string buffer
isdn: isdn_tty: fix build warning of strncpy
ncpfs: fix build warning of strncpy
sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
cpufreq: Use struct kobj_attribute instead of struct global_attr
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: option: add Telit ME910 ECM composition
x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
mm: enforce min addr even if capable() in expand_downwards()
mmc: spi: Fix card detection during probe
powerpc: Always initialize input array when calling epapr_hypercall()
KVM: arm/arm64: Fix MMIO emulation data handling
arm/arm64: KVM: Feed initialized memory to MMIO accesses
KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1
cfg80211: extend range deviation for DMG
mac80211: don't initiate TDLS connection if station is not associated to AP
ibmveth: Do not process frames after calling napi_reschedule
net: altera_tse: fix connect_local_phy error path
scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
mac80211: fix miscounting of ttl-dropped frames
ARC: fix __ffs return value to avoid build warnings
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
ASoC: dapm: change snprintf to scnprintf for possible overflow
usb: gadget: Potential NULL dereference on allocation error
usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
ALSA: compress: prevent potential divide by zero bugs
ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
drm/msm: Unblock writer if reader closes file
scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
libceph: handle an empty authorize reply
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
ARCv2: Enable unaligned access in early ASM code
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
team: avoid complex list operations in team_nl_cmd_options_set()
net/packet: fix 4gb buffer limit due to overflow check
batman-adv: fix uninit-value in batadv_interface_tx()
KEYS: always initialize keyring_index_key::desc_len
KEYS: user: Align the payload buffer
RDMA/srp: Rework SCSI device reset handling
isdn: avm: Fix string plus integer warning from Clang
leds: lp5523: fix a missing check of return value of lp55xx_read
atm: he: fix sign-extension overflow on large shift
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
MIPS: jazz: fix 64bit build
scsi: isci: initialize shost fully before calling scsi_add_host()
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
MIPS: ath79: Enable OF serial ports in the default config
net: hns: Fix use after free identified by SLUB debug
mfd: mc13xxx: Fix a missing check of a register-read failure
mfd: wm5110: Add missing ASRC rate register
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: db8500-prcmu: Fix some section annotations
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
KEYS: allow reaching the keys quotas exactly
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
Revert "ANDROID: arm: process: Add display of memory around registers when displaying regs."
ANDROID: mnt: Propagate remount correctly
ANDROID: cuttlefish_defconfig: Add support for AC97 audio
ANDROID: overlayfs: override_creds=off option bypass creator_cred
FROMGIT: binder: create node flag to request sender's security context
Conflicts:
arch/arm/kernel/irq.c
drivers/media/v4l2-core/videobuf2-v4l2.c
sound/core/compress_offload.c
Change-Id: I998f8d53b0c5b8a7102816034452b1779a3b69a3
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyV4+kACgkQONu9yGCS
aT5T2RAAn9hyo4LmxMvxab61d+PSEfn9TKhNjEtF8vFKNiYb+W+vI0ALHYSWcT1Z
O5T4d1TeSeMrs9G1McL/D80vMJFIzcg0a9QIYuFObFAB21VpDiiGcVc74d+6fHtH
m6loPE1d2GCpzwJ7VOCvdC9DR8C9SK0IVANyMJApXUL8mkNRo2H6vY/NGt65+5zb
vioEbGbXZQJl1GvvwquM6cX9ABH4nyAU1yTX9r2CHMFCBQ0JDkpY4yxClY1NBZ02
1Rc1NpJCR6OJUPvQUpyHuY5rkkPfM12Iz9dxFHARXvtTsmzm3AFdkev5GEMlR5e1
hNXs6ZPyTADJL/fKO8nmeKwKf30xTaWObgMw9A3d8FOFSmDXAW6FLKAmIz+yZBGc
27Tta1pGkZscC1iajEX2dcp5Zjkwr4y/HA5EJJ3jCCwrfTPDL5u8N900GbKMx4Lk
EgPB3byZUAn/9k1m5HEA8RS08LqsNTAEA2Q6nZZhuhmqGJQPRtbBPG7tib9bvhUy
KBLQdqJ8ubi9T1EopHu8xZdpZbbB/uCS+FB6NIkXuWR1IHkAGdEPheHrv3tuR5rf
8/2OU970h63ztE5qHFsBci2uC4htiZFY62NULiPbI7HjeEUdym0AGK4JzGnn0lnX
8McOBeOKwQwR5XuHZcMKWrsstt4mv9zo5QOdCJ1XDxFv628G2dQ=
=eGAC
-----END PGP SIGNATURE-----
Merge 4.4.177 into android-4.4
Changes in 4.4.177
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
KEYS: allow reaching the keys quotas exactly
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: db8500-prcmu: Fix some section annotations
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: wm5110: Add missing ASRC rate register
mfd: mc13xxx: Fix a missing check of a register-read failure
net: hns: Fix use after free identified by SLUB debug
MIPS: ath79: Enable OF serial ports in the default config
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
scsi: isci: initialize shost fully before calling scsi_add_host()
MIPS: jazz: fix 64bit build
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
atm: he: fix sign-extension overflow on large shift
leds: lp5523: fix a missing check of return value of lp55xx_read
isdn: avm: Fix string plus integer warning from Clang
RDMA/srp: Rework SCSI device reset handling
KEYS: user: Align the payload buffer
KEYS: always initialize keyring_index_key::desc_len
batman-adv: fix uninit-value in batadv_interface_tx()
net/packet: fix 4gb buffer limit due to overflow check
team: avoid complex list operations in team_nl_cmd_options_set()
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
ARCv2: Enable unaligned access in early ASM code
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
libceph: handle an empty authorize reply
scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
drm/msm: Unblock writer if reader closes file
ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
ALSA: compress: prevent potential divide by zero bugs
thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
usb: gadget: Potential NULL dereference on allocation error
ASoC: dapm: change snprintf to scnprintf for possible overflow
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
ARC: fix __ffs return value to avoid build warnings
mac80211: fix miscounting of ttl-dropped frames
serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
net: altera_tse: fix connect_local_phy error path
ibmveth: Do not process frames after calling napi_reschedule
mac80211: don't initiate TDLS connection if station is not associated to AP
cfg80211: extend range deviation for DMG
KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1
arm/arm64: KVM: Feed initialized memory to MMIO accesses
KVM: arm/arm64: Fix MMIO emulation data handling
powerpc: Always initialize input array when calling epapr_hypercall()
mmc: spi: Fix card detection during probe
mm: enforce min addr even if capable() in expand_downwards()
x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
USB: serial: option: add Telit ME910 ECM composition
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
cpufreq: Use struct kobj_attribute instead of struct global_attr
sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
ncpfs: fix build warning of strncpy
isdn: isdn_tty: fix build warning of strncpy
staging: lustre: fix buffer overflow of string buffer
net-sysfs: Fix mem leak in netdev_register_kobject
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
team: Free BPF filter when unregistering netdev
bnxt_en: Drop oversize TX packets to prevent errors.
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: Add __icmp_send helper.
net: avoid use IPCB in cipso_v4_error
net: phy: Micrel KSZ8061: link failure after cable connect
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
applicom: Fix potential Spectre v1 vulnerabilities
MIPS: irq: Allocate accurate order pages for irq stack
hugetlbfs: fix races and page leaks during migration
netlabel: fix out-of-bounds memory accesses
net: dsa: mv88e6xxx: Fix u64 statistics
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf tools: Handle TOPOLOGY headers with no CPU
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
xtensa: SMP: fix ccount_timer_shutdown
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
gpio: vf610: Mask all GPIO interrupts
nfs: Fix NULL pointer dereference of dev_name
scsi: libfc: free skb when receiving invalid flogi resp
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
cifs: fix computation for MAX_SMB2_HDR_SIZE
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
ARM: pxa: ssp: unneeded to free devm_ allocated data
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
dmaengine: dmatest: Abort test in case of mapping error
s390/qeth: fix use-after-free in error path
perf symbols: Filter out hidden symbols from labels
MIPS: Remove function size check in get_frame_info()
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls"
ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420
udplite: call proper backlog handlers
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
netfilter: nfnetlink_log: just returns error for unknown command
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options
KEYS: restrict /proc/keys by credentials at open time
l2tp: fix infoleak in l2tp_ip6_recvmsg()
net: hsr: fix memory leak in hsr_dev_finalize()
net: sit: fix UBSAN Undefined behaviour in check_6rd
net/x25: fix use-after-free in x25_device_event()
net/x25: reset state in x25_connect()
pptp: dst_release sk_dst_cache in pptp_sock_destruct
ravb: Decrease TxFIFO depth of Q3 and Q2 to one
route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
tcp: handle inet_csk_reqsk_queue_add() failures
net/mlx4_core: Fix reset flow when in command polling mode
net/mlx4_core: Fix qp mtt size calculation
net/x25: fix a race in x25_bind()
mdio_bus: Fix use-after-free on device_register fails
net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
missing barriers in some of unix_sock ->addr and ->path accesses
ipvlan: disallow userns cap_net_admin to change global mode/flags
vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
vxlan: Fix GRO cells race condition between receive and link delete
net/hsr: fix possible crash in add_timer()
gro_cells: make sure device is up in gro_cells_receive()
tcp/dccp: remove reqsk_put() from inet_child_forget()
ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56
fs/9p: use fscache mutex rather than spinlock
It's wrong to add len to sector_nr in raid10 reshape twice
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
9p: use inode->i_lock to protect i_size_write() under 32-bit
9p/net: fix memory leak in p9_client_create
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
stm class: Fix an endless loop in channel allocation
crypto: caam - fixed handling of sg list
crypto: ahash - fix another early termination in hash walk
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
gpu: ipu-v3: Fix CSI offsets for imx53
s390/dasd: fix using offset into zero size array error
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
Input: matrix_keypad - use flush_delayed_work()
i2c: cadence: Fix the hold bit setting
Input: st-keyscan - fix potential zalloc NULL dereference
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
assoc_array: Fix shortcut creation
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
net: systemport: Fix reception of BPDUs
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
ASoC: topology: free created components in tplg load error
arm64: Relax GIC version check during early boot
tmpfs: fix link accounting when a tmpfile is linked in
ARC: uacces: remove lp_start, lp_end from clobber list
phonet: fix building with clang
mac80211_hwsim: propagate genlmsg_reply return code
net: set static variable an initial value in atl2_probe()
tmpfs: fix uninitialized return value in shmem_link
stm class: Prevent division by zero
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
CIFS: Fix read after write for files with read caching
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
ACPI / device_sysfs: Avoid OF modalias creation for removed device
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
regulator: s2mpa01: Fix step values for some LDOs
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
s390/virtio: handle find on invalid queue gracefully
scsi: virtio_scsi: don't send sc payload with tmfs
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
m68k: Add -ffreestanding to CFLAGS
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
Btrfs: fix corruption reading shared and compressed extents after hole punching
crypto: pcbc - remove bogus memcpy()s with src == dest
cpufreq: tegra124: add missing of_node_put()
cpufreq: pxa2xx: remove incorrect __init annotation
ext4: fix crash during online resizing
ext2: Fix underflow in ext2_max_size()
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
intel_th: Don't reference unassigned outputs
parport_pc: fix find_superio io compare code, should use equal test.
i2c: tegra: fix maximum transfer size
perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
jbd2: clear dirty flag when revoking a buffer from an older transaction
jbd2: fix compile warning when using JBUFFER_TRACE
powerpc/32: Clear on-stack exception marker upon exception return
powerpc/wii: properly disable use of BATs when requested.
powerpc/powernv: Make opal log only readable by root
powerpc/83xx: Also save/restore SPRG4-7 during suspend
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
dm: fix to_sector() for 32bit
NFS41: pop some layoutget errors to application
perf intel-pt: Fix CYC timestamp calculation after OVF
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix overlap calculation for padding
md: Fix failed allocation of md_register_thread
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
nfsd: fix memory corruption caused by readdir
nfsd: fix wrong check in write_v4_end_grace()
PM / wakeup: Rework wakeup source timer cancellation
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
drm/radeon/evergreen_cs: fix missing break in switch statement
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: X86: Fix residual mmio emulation request to userspace
Linux 4.4.177
Change-Id: Ide9813404248e6d7f9dc4024ac244dc1fbdd21b6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 34333cc6c2cb021662fd32e24e618d1b86de95bf upstream.
Regarding segments with a limit==0xffffffff, the SDM officially states:
When the effective limit is FFFFFFFFH (4 GBytes), these accesses may
or may not cause the indicated exceptions. Behavior is
implementation-specific and may vary from one execution to another.
In practice, all CPUs that support VMX ignore limit checks for "flat
segments", i.e. an expand-up data or code segment with base=0 and
limit=0xffffffff. This is subtly different than wrapping the effective
address calculation based on the address size, as the flat segment
behavior also applies to accesses that would wrap the 4g boundary, e.g.
a 4-byte access starting at 0xffffffff will access linear addresses
0xffffffff, 0x0, 0x1 and 0x2.
Fixes: f9eb4af67c ("KVM: nVMX: VMX instructions: add checks for #GP/#SS exceptions")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 946c522b603f281195af1df91837a1d4d1eb3bc9 upstream.
The VMCS.EXIT_QUALIFCATION field reports the displacements of memory
operands for various instructions, including VMX instructions, as a
naturally sized unsigned value, but masks the value by the addr size,
e.g. given a ModRM encoded as -0x28(%ebp), the -0x28 displacement is
reported as 0xffffffd8 for a 32-bit address size. Despite some weird
wording regarding sign extension, the SDM explicitly states that bits
beyond the instructions address size are undefined:
In all cases, bits of this field beyond the instruction’s address
size are undefined.
Failure to sign extend the displacement results in KVM incorrectly
treating a negative displacement as a large positive displacement when
the address size of the VMX instruction is smaller than KVM's native
size, e.g. a 32-bit address size on a 64-bit KVM.
The very original decoding, added by commit 064aea7747 ("KVM: nVMX:
Decoding memory operands of VMX instructions"), sort of modeled sign
extension by truncating the final virtual/linear address for a 32-bit
address size. I.e. it messed up the effective address but made it work
by adjusting the final address.
When segmentation checks were added, the truncation logic was kept
as-is and no sign extension logic was introduced. In other words, it
kept calculating the wrong effective address while mostly generating
the correct virtual/linear address. As the effective address is what's
used in the segment limit checks, this results in KVM incorreclty
injecting #GP/#SS faults due to non-existent segment violations when
a nested VMM uses negative displacements with an address size smaller
than KVM's native address size.
Using the -0x28(%ebp) example, an EBP value of 0x1000 will result in
KVM using 0x100000fd8 as the effective address when checking for a
segment limit violation. This causes a 100% failure rate when running
a 32-bit KVM build as L1 on top of a 64-bit KVM L0.
Fixes: f9eb4af67c ("KVM: nVMX: VMX instructions: add checks for #GP/#SS exceptions")
Cc: stable@vger.kernel.org
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit cc5034a5d293dd620484d1d836aa16c6764a1c8c upstream.
Add missing break statement in order to prevent the code from falling
through to case CB_TARGET_MASK.
This bug was found thanks to the ongoing efforts to enable
-Wimplicit-fallthrough.
Fixes: dd220a00e8 ("drm/radeon/kms: add support for streamout v7")
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 9dd0627d8d62a7ddb001a75f63942d92b5336561 upstream.
The UVC video driver converts the timestamp from hardware specific unit
to one known by the kernel at the time when the buffer is dequeued. This
is fine in general, but the streamoff operation consists of the
following steps (among other things):
1. uvc_video_clock_cleanup --- the hardware clock sample array is
released and the pointer to the array is set to NULL,
2. buffers in active state are returned to the user and
3. buf_finish callback is called on buffers that are prepared.
buf_finish includes calling uvc_video_clock_update that accesses the
hardware clock sample array.
The above is serialised by a queue specific mutex. Address the problem
by skipping the clock conversion if the hardware clock sample array is
already released.
Fixes: 9c0863b1cc ("[media] vb2: call buf_finish from __queue_cancel")
Reported-by: Chiranjeevi Rapolu <chiranjeevi.rapolu@intel.com>
Tested-by: Chiranjeevi Rapolu <chiranjeevi.rapolu@intel.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: stable@vger.kernel.org
Signed-off-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1d1f898df6586c5ea9aeaf349f13089c6fa37903 upstream.
The rcu_gp_kthread_wake() function is invoked when it might be necessary
to wake the RCU grace-period kthread. Because self-wakeups are normally
a useless waste of CPU cycles, if rcu_gp_kthread_wake() is invoked from
this kthread, it naturally refuses to do the wakeup.
Unfortunately, natural though it might be, this heuristic fails when
rcu_gp_kthread_wake() is invoked from an interrupt or softirq handler
that interrupted the grace-period kthread just after the final check of
the wait-event condition but just before the schedule() call. In this
case, a wakeup is required, even though the call to rcu_gp_kthread_wake()
is within the RCU grace-period kthread's context. Failing to provide
this wakeup can result in grace periods failing to start, which in turn
results in out-of-memory conditions.
This race window is quite narrow, but it actually did happen during real
testing. It would of course need to be fixed even if it was strictly
theoretical in nature.
This patch does not Cc stable because it does not apply cleanly to
earlier kernel versions.
Fixes: 48a7639ce8 ("rcu: Make callers awaken grace-period kthread")
Reported-by: "He, Bo" <bo.he@intel.com>
Co-developed-by: "Zhang, Jun" <jun.zhang@intel.com>
Co-developed-by: "He, Bo" <bo.he@intel.com>
Co-developed-by: "xiao, jin" <jin.xiao@intel.com>
Co-developed-by: Bai, Jie A <jie.a.bai@intel.com>
Signed-off: "Zhang, Jun" <jun.zhang@intel.com>
Signed-off: "He, Bo" <bo.he@intel.com>
Signed-off: "xiao, jin" <jin.xiao@intel.com>
Signed-off: Bai, Jie A <jie.a.bai@intel.com>
Signed-off-by: "Zhang, Jun" <jun.zhang@intel.com>
[ paulmck: Switch from !in_softirq() to "!in_interrupt() &&
!in_serving_softirq() to avoid redundant wakeups and to also handle the
interrupt-handler scenario as well as the softirq-handler scenario that
actually occurred in testing. ]
Signed-off-by: Paul E. McKenney <paulmck@linux.ibm.com>
Link: https://lkml.kernel.org/r/CD6925E8781EFD4D8E11882D20FC406D52A11F61@SHSMSX104.ccr.corp.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 1fad17fb1bbcd73159c2b992668a6957ecc5af8a upstream.
If wakeup_source_add() is called right after wakeup_source_remove()
for the same wakeup source, timer_setup() may be called for a
potentially scheduled timer which is incorrect.
To avoid that, move the wakeup source timer cancellation from
wakeup_source_drop() to wakeup_source_remove().
Moreover, make wakeup_source_remove() clear the timer function after
canceling the timer to let wakeup_source_not_registered() treat
unregistered wakeup sources in the same way as the ones that have
never been registered.
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Cc: 4.4+ <stable@vger.kernel.org> # 4.4+
[ rjw: Subject, changelog, merged two patches together ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit dd838821f0a29781b185cd8fb8e48d5c177bd838 upstream.
Commit 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before
nfsd startup" is trying to fix a NULL dereference issue, but it
mistakenly checks if the nfsd server is started. So fix it.
Fixes: 62a063b8e7d1 "nfsd4: fix crash on writing v4_end_grace before nfsd startup"
Cc: stable@vger.kernel.org
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Signed-off-by: Yihao Wu <wuyihao@linux.alibaba.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit b602345da6cbb135ba68cf042df8ec9a73da7981 upstream.
If the result of an NFSv3 readdir{,plus} request results in the
"offset" on one entry having to be split across 2 pages, and is sized
so that the next directory entry doesn't fit in the requested size,
then memory corruption can happen.
When encode_entry() is called after encoding the last entry that fits,
it notices that ->offset and ->offset1 are set, and so stores the
offset value in the two pages as required. It clears ->offset1 but
*does not* clear ->offset.
Normally this omission doesn't matter as encode_entry_baggage() will
be called, and will set ->offset to a suitable value (not on a page
boundary).
But in the case where cd->buflen < elen and nfserr_toosmall is
returned, ->offset is not reset.
This means that nfsd3proc_readdirplus will see ->offset with a value 4
bytes before the end of a page, and ->offset1 set to NULL.
It will try to write 8bytes to ->offset.
If we are lucky, the next page will be read-only, and the system will
BUG: unable to handle kernel paging request at...
If we are unlucky, some innocent page will have the first 4 bytes
corrupted.
nfsd3proc_readdir() doesn't even check for ->offset1, it just blindly
writes 8 bytes to the offset wherever it is.
Fix this by clearing ->offset after it is used, and copying the
->offset handling code from nfsd3_proc_readdirplus into
nfsd3_proc_readdir.
(Note that the commit hash in the Fixes tag is from the 'history'
tree - this bug predates git).
Fixes: 0b1d57cf7654 ("[PATCH] kNFSd: Fix nfs3 dentry encoding")
Fixes-URL: https://git.kernel.org/pub/scm/linux/kernel/git/history/history.git/commit/?id=0b1d57cf7654
Cc: stable@vger.kernel.org (v2.6.12+)
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 8127d82705998568b52ac724e28e00941538083d upstream.
If the I/O completion failed with a fatal error, then we should just
exit nfs_pageio_complete_mirror() rather than try to recoalesce.
Fixes: a7d42ddb30 ("nfs: add mirroring support to pgio layer")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: stable@vger.kernel.org # v4.0+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 4d91969ed4dbcefd0e78f77494f0cb8fada9048a upstream.
Whether we need to exit early, or just reprocess the list, we
must not lost track of the request which failed to get recoalesced.
Fixes: 03d5eb65b5 ("NFS: Fix a memory leak in nfs_do_recoalesce")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
Cc: stable@vger.kernel.org # v4.0+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>