pppolac driver incorrectly enqueues the packet into the sock queue
without pulling UDP headers. The application will receive data along
with UDP header when L2TP control packets are received.
The issue was introduced after moving UDP header removal functionality
from process rcvmesg context to BH context.
Instead of pppolac driver directly queuing L2TP control packets into
socket queue, return packet to udp_queue_rcv_skb, which will deliver the
packet to the application after pulling the UDP header.
Fixes: e6afc8ace ("udp: remove headers from UDP packets before queueing")
Change-Id: Icfa0fd8da43ea9c14fa7c718746a6529651ac202
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
Signed-off-by: Chinmay Agarwal <chinagar@codeaurora.org>
Acked-by: Sharath Chandra Vurukala <sharathv@qti.qualcomm.com>
Smp2p test code is used internally to test the
functionality of drivers and has no real use case
in end product.
Change-Id: I7a50c077bb71068188b5411424c5782b3d0edbb7
Signed-off-by: Hardik Arya <harya@codeaurora.org>
Currently, when a client invokes the service-locator to get
the domain list for a service, a data structure is dynamically
allocated to hold this information, and that is given to the
client for use. However, after the client uses the domain list,
the data structure is not freed, resulting in a memory leak.
Free domain list data structure after client use to fix
memory leak.
Change-Id: I2b87afefbb35c2c296b4267450fa3152e3725ab9
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
Added sysfs entries to show kgsl memory usage statistics.
gpumem_mapped: kgsl memory mapped in the process address space.
gpumem_unmapped: kgsl allocated memory but not mapped in process.
imported_mem: graphics memory not allocated by the kgsl.
Below is the sysfs path for new entries:
/sys/class/kgsl/kgsl/proc/<pid>/
Change-Id: I08c2014d28dc0ca1e2b54ebf966d00143b303b54
Signed-off-by: Amit Kushwaha <kushwaha@codeaurora.org>
Exclude 4 bytes which holds the size of the buffer while calculating
the actual buffer size to avoid OOB write.
Change-Id: I5471fabc3652a942797019c5beb06d17a713b079
Signed-off-by: Dikshita Agarwal <dikshita@codeaurora.org>
In case of invalid values in _put() callback return directly to avoid
deadlock issue with mutex unlocking in goto label.
Change-Id: Ib0623e26dd83b96cd6ec315f515098b8ea0b2dd2
Signed-off-by: Ajit Pandey <ajitp@codeaurora.org>
Signed-off-by: Jhansi Konathala <cjkonat@codeaurora.org>
Few mixer controls _put and _get methods uses runtime private data
that can be freed by close() callback in parallel threads leading
to issue. Added global mutex lock in such methods to avoid runtime
concurrency around such data.
Change-Id: Ie542c64a4f1e50fd9547ebb9f65df2b7b0c21a0e
Signed-off-by: Ajit Pandey <ajitp@codeaurora.org>
Signed-off-by: Jhansi Konathala <cjkonat@codeaurora.org>
possibility of OOB access on device->response_pkt in
__response_handler. for e.x if msg queue contains 1000
messages and all 1000 were read and queue is empty.
So __get_q_size api will return zero and _iface_msgq_read
will go in an infinite loop, even if packet_count
== max_packets.
Change-Id: I3c0fb095feff0ba5d4d6dab65ed9d5111f1b6f05
Signed-off-by: Govindaraj Rajagopal <grajagop@codeaurora.org>
Fixed Camera configuration register. Register expects width and height
starting from 0 while it was programmed starting from 1.
This fixes CAMIF erorrs we experience as the programmed size is
always 1 more pixel and line.
Change-Id: I73f1f5040820b71d317c317f8f5c6e3ff19db6e6
Signed-off-by: E V Ravi <evenka@codeaurora.org>
CARVEOUT ION memory is not needed for lv gvm in multi-mode.
Change-Id: Id45da104da170680c0daa607c29b4ca6ca6f5779
Signed-off-by: Chao Bi <chaobi@codeaurora.org>
Extend build mask range and define logging levels for SSID range 0.
Update event and log mask last ids to support latest log mask ranges.
Change-Id: Iaca4f1d10e8e61db42c5dafab33c772c026b3845
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Found the code hasn't check whether some var is NULL before
using it in v4l2loopback. Fix those issues.
Change-Id: I559ed8c0978cf478ed713761b7bc7e3b21c09ff4
Signed-off-by: Lily Li <lali@codeaurora.org>
* refs/heads/tmp-5169787
Linux 4.4.205
Revert "sock: Reset dst when changing sk_mark via setsockopt"
Change-Id: Ie26ad8dcfbd68087b16b26e7c1004e8f2c934e66
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
* refs/heads/tmp-583bdda
Linux 4.4.204
KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel
powerpc/book3s64: Fix link stack flush on context switch
powerpc/64s: support nospectre_v2 cmdline option
staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
USB: serial: option: add support for Foxconn T77W968 LTE modules
USB: serial: option: add support for DW5821e with eSIM support
USB: serial: mos7840: fix remote wakeup
USB: serial: mos7720: fix remote wakeup
USB: serial: mos7840: add USB ID to support Moxa UPort 2210
appledisplay: fix error handling in the scheduled work
usb-serial: cp201x: support Mark-10 digital force gauge
virtio_console: move removal code
virtio_console: drop custom control queue cleanup
virtio_console: fix uninitialized variable use
virtio_console: allocate inbufs in add_port() only if it is needed
virtio_console: don't tie bufs to a vq
virtio_console: reset on out of memory
media: imon: invalid dereference in imon_touch_event
media: cxusb: detect cxusb_ctrl_msg error in query
media: b2c2-flexcop-usb: add sanity checking
cpufreq: Add NULL checks to show() and store() methods of cpufreq
media: vivid: Fix wrong locking that causes race conditions on streaming stop
media: vivid: Set vid_cap_streaming and vid_out_streaming to true
x86/speculation: Fix redundant MDS mitigation message
x86/speculation: Fix incorrect MDS/TAA mitigation status
x86/insn: Fix awk regexp warnings
ARC: perf: Accommodate big-endian CPU
mmc: block: Fix tag condition with packed writes
ocfs2: remove ocfs2_is_o2cb_active()
cpufreq: Skip cpufreq resume if it's not suspended
arm64: fix for bad_mode() handler to always result in panic
dm: use blk_set_queue_dying() in __dm_destroy()
ath9k_hw: fix uninitialized variable data
Bluetooth: Fix invalid-free in bcsp_close()
IB/hfi1: Ensure full Gen3 speed in a Gen4 system
spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
PCI: keystone: Use quirk to limit MRRS for K2G
pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD
pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues
sock: Reset dst when changing sk_mark via setsockopt
net: bcmgenet: return correct value 'ret' from bcmgenet_power_down
dlm: don't leak kernel pointer to userspace
dlm: fix invalid free
scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
scsi: megaraid_sas: Fix msleep granularity
scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11
scsi: mpt3sas: Fix Sync cache command failure during driver unload
rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information
wireless: airo: potential buffer overflow in sprintf()
brcmsmac: never log "tid x is not agg'able" by default
rtl8xxxu: Fix missing break in switch
wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()'
audit: print empty EXECVE args
sched/fair: Don't increase sd->balance_interval on newidle balance
net: do not abort bulk send on BQL status
ocfs2: fix clusters leak in ocfs2_defrag_extent()
ocfs2: don't put and assigning null to bh allocated outside
ntb: intel: fix return value for ndev_vec_mask()
ntb_netdev: fix sleep time mismatch
igb: shorten maximum PHC timecounter update interval
fs/hfs/extent.c: fix array out of bounds read of array extent
hfs: fix return value of hfs_get_block()
hfsplus: fix return value of hfsplus_get_block()
hfs: prevent btree data loss on ENOSPC
hfsplus: prevent btree data loss on ENOSPC
hfs: fix BUG on bnode parent update
hfsplus: fix BUG on bnode parent update
linux/bitmap.h: fix type of nbits in bitmap_shift_right()
linux/bitmap.h: handle constant zero-size bitmaps correctly
um: Make line/tty semantics use true write IRQ
mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle()
sparc64: Rework xchg() definition to avoid warnings.
thermal: rcar_thermal: Prevent hardware access during system suspend
selftests/ftrace: Fix to test kprobe $comm arg only if available
mfd: max8997: Enale irq-wakeup unconditionally
mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values
qlcnic: fix a return in qlcnic_dcb_get_capability()
mISDN: Fix type of switch control variable in ctrl_teimanager
rtc: s35390a: Change buf's type to u8 in s35390a_init
ceph: fix dentry leak in ceph_readdir_prepopulate
sparc: Fix parport build warnings.
spi: omap2-mcspi: Set FIFO DMA trigger level to word length
s390/perf: Return error when debug_register fails
atm: zatm: Fix empty body Clang warnings
SUNRPC: Fix a compile warning for cmpxchg64()
USB: misc: appledisplay: fix backlight update_status return code
macintosh/windfarm_smu_sat: Fix debug output
ALSA: i2c/cs8427: Fix int to char conversion
kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack
net: fix warning in af_unix
scsi: dc395x: fix DMA API usage in sg_update_list
scsi: dc395x: fix dma API usage in srb_done
clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk
scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param
scsi: isci: Change sci_controller_start_task's return type to sci_status
scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler
KVM/x86: Fix invvpid and invept register operand size in 64-bit mode
scsi: ips: fix missing break in switch
amiflop: clean up on errors during setup
misc: mic: fix a DMA pool free failure
gsmi: Fix bug in append_to_eventlog sysfs handler
btrfs: handle error of get_old_root
mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail
spi: sh-msiof: fix deferred probing
brcmsmac: AP mode: update beacon when TIM changes
powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
powerpc: Fix signedness bug in update_flash_db()
synclink_gt(): fix compat_ioctl()
gfs2: Fix marking bitmaps non-full
printk: fix integer overflow in setup_log_buf()
ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback
mwifiex: Fix NL80211_TX_POWER_LIMITED
platform/x86: asus-wmi: add SERIO_I8042 dependency
platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi
platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ
platform/x86: asus-wmi: try to set als by default
asus-wmi: provide access to ALS control
platform/x86: asus-wmi: Set specified XUSB2PR value for X550LB
platform/x86: asus-wmi: fix asus ux303ub brightness issue
platform/x86: asus-wmi: Filter buggy scan codes on ASUS Q500A
asus-wmi: Add quirk_no_rfkill for the Asus Z550MA
asus-wmi: Add quirk_no_rfkill for the Asus U303LB
asus-wmi: Add quirk_no_rfkill for the Asus N552VW
asus-wmi: Add quirk_no_rfkill_wapf4 for the Asus X456UF
asus-wmi: Create quirk for airplane_mode LED
mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()"
net: rtnetlink: prevent underflows in do_setvfinfo()
net/sched: act_pedit: fix WARN() in the traffic path
sfc: Only cancel the PPS workqueue if it exists
net/mlx4_en: fix mlx4 ethtool -N insertion
Conflicts:
arch/arm64/kernel/traps.c
Change-Id: Ie8f88d491b2d80c031e81346687624d7b5a770f1
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This reverts commit 4c5ce7ca90 which is
commit 50254256f382c56bde87d970f3d0d02fdb76ec70 upstream.
It breaks a number of runtime Android networking tests, so something is
wrong with the backport, or something else also needed to be backported
at the same time. So I'm dropping this from the tree as regressions are
not good.
Cc: David Barmann <david.barmann@stackpath.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
HAB uses tasklets as the bottom half to receive message from the
remote side. Even when the whole system is overloaded, HAB clients
(e.g., audio, display, gfx) still expect low latency for good user
experience. So here, tasklet_hi_schedule() is used.
Change-Id: I0b8ed281f090e9c251eb62fe5e78900ea2e9dc8d
Signed-off-by: Yong Ding <yongding@codeaurora.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3gA2oACgkQONu9yGCS
aT7rfQ//c4X05XMCcC7uHpMX43BvzLYIRLMt81PrLuOIJWloyzKZQ6/24smCVqHS
AER8+DVvVORLKMyXV5fEwPubXfeckAEqjTFUyI3vvAyxtQA4MYMW+a6b/GIyoZG0
jjGBKYUGwSYsSD1nTmfiGkX8tbCQqYcQzRMk0N6drefluVo18Dxn59J+2Q4hBaRi
/PQ2XKb9upW7Lq63rfnfgoBHgllI+Jkfl9MW8xuMnTZFda1a9xKqpNpxycQMLT5b
wtSa8S30Tt10boQcJsj/yeG9vxiCHMNjpju3Z9DBSbAKdcZQI/DvKxh0cFk39pSi
mvH3rW/CBEjR0+7hX46gu51mVIcIObiqz45BO5ln6KN0yC1s1EuDHYRxnyyoaC+i
+kmxrAuO2i+S9aYtbODnHclUB7n6LxUrCmHwYtBLEwez1Cha6kH2hC2+SB08H7a8
2PwTPbgvuwfuHloUNNC0svfCBwy/RQJRPf5NQacuZqHriAJOVuUwRFoBweWqozsS
BVbrA1KQtR43/xjcKfQJVvnOQr923MkZ1r8qx1USXOhoZLhFXUe1yJW5gO88i3IT
qOTRR/zisINt7Cw0KBzLiTD1sxxffkLjjg7+Mzoci6C6KHpLVXkf6BbFbD5u6XzG
CvxzznMtyPqVyIepFi0+PT8q5+XGALSLzLo8gt3x5q+WP7h7JCY=
=+alR
-----END PGP SIGNATURE-----
Merge 4.4.204 into android-4.4-p
Changes in 4.4.204
net/mlx4_en: fix mlx4 ethtool -N insertion
sfc: Only cancel the PPS workqueue if it exists
net/sched: act_pedit: fix WARN() in the traffic path
net: rtnetlink: prevent underflows in do_setvfinfo()
Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()"
mm/ksm.c: don't WARN if page is still mapped in remove_stable_node()
asus-wmi: Create quirk for airplane_mode LED
asus-wmi: Add quirk_no_rfkill_wapf4 for the Asus X456UF
asus-wmi: Add quirk_no_rfkill for the Asus N552VW
asus-wmi: Add quirk_no_rfkill for the Asus U303LB
asus-wmi: Add quirk_no_rfkill for the Asus Z550MA
platform/x86: asus-wmi: Filter buggy scan codes on ASUS Q500A
platform/x86: asus-wmi: fix asus ux303ub brightness issue
platform/x86: asus-wmi: Set specified XUSB2PR value for X550LB
asus-wmi: provide access to ALS control
platform/x86: asus-wmi: try to set als by default
platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ
platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi
platform/x86: asus-wmi: add SERIO_I8042 dependency
mwifiex: Fix NL80211_TX_POWER_LIMITED
ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback
printk: fix integer overflow in setup_log_buf()
gfs2: Fix marking bitmaps non-full
synclink_gt(): fix compat_ioctl()
powerpc: Fix signedness bug in update_flash_db()
powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
brcmsmac: AP mode: update beacon when TIM changes
spi: sh-msiof: fix deferred probing
mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail
btrfs: handle error of get_old_root
gsmi: Fix bug in append_to_eventlog sysfs handler
misc: mic: fix a DMA pool free failure
amiflop: clean up on errors during setup
scsi: ips: fix missing break in switch
KVM/x86: Fix invvpid and invept register operand size in 64-bit mode
scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler
scsi: isci: Change sci_controller_start_task's return type to sci_status
scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param
clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk
scsi: dc395x: fix dma API usage in srb_done
scsi: dc395x: fix DMA API usage in sg_update_list
net: fix warning in af_unix
kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack
ALSA: i2c/cs8427: Fix int to char conversion
macintosh/windfarm_smu_sat: Fix debug output
USB: misc: appledisplay: fix backlight update_status return code
SUNRPC: Fix a compile warning for cmpxchg64()
atm: zatm: Fix empty body Clang warnings
s390/perf: Return error when debug_register fails
spi: omap2-mcspi: Set FIFO DMA trigger level to word length
sparc: Fix parport build warnings.
ceph: fix dentry leak in ceph_readdir_prepopulate
rtc: s35390a: Change buf's type to u8 in s35390a_init
mISDN: Fix type of switch control variable in ctrl_teimanager
qlcnic: fix a return in qlcnic_dcb_get_capability()
mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values
mfd: max8997: Enale irq-wakeup unconditionally
selftests/ftrace: Fix to test kprobe $comm arg only if available
thermal: rcar_thermal: Prevent hardware access during system suspend
sparc64: Rework xchg() definition to avoid warnings.
fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle()
mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock
um: Make line/tty semantics use true write IRQ
linux/bitmap.h: handle constant zero-size bitmaps correctly
linux/bitmap.h: fix type of nbits in bitmap_shift_right()
hfsplus: fix BUG on bnode parent update
hfs: fix BUG on bnode parent update
hfsplus: prevent btree data loss on ENOSPC
hfs: prevent btree data loss on ENOSPC
hfsplus: fix return value of hfsplus_get_block()
hfs: fix return value of hfs_get_block()
fs/hfs/extent.c: fix array out of bounds read of array extent
igb: shorten maximum PHC timecounter update interval
ntb_netdev: fix sleep time mismatch
ntb: intel: fix return value for ndev_vec_mask()
ocfs2: don't put and assigning null to bh allocated outside
ocfs2: fix clusters leak in ocfs2_defrag_extent()
net: do not abort bulk send on BQL status
sched/fair: Don't increase sd->balance_interval on newidle balance
audit: print empty EXECVE args
wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()'
rtl8xxxu: Fix missing break in switch
brcmsmac: never log "tid x is not agg'able" by default
wireless: airo: potential buffer overflow in sprintf()
rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information
scsi: mpt3sas: Fix Sync cache command failure during driver unload
scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11
scsi: megaraid_sas: Fix msleep granularity
scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces
dlm: fix invalid free
dlm: don't leak kernel pointer to userspace
net: bcmgenet: return correct value 'ret' from bcmgenet_power_down
sock: Reset dst when changing sk_mark via setsockopt
pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues
pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD
PCI: keystone: Use quirk to limit MRRS for K2G
spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch
IB/hfi1: Ensure full Gen3 speed in a Gen4 system
Bluetooth: Fix invalid-free in bcsp_close()
ath9k_hw: fix uninitialized variable data
dm: use blk_set_queue_dying() in __dm_destroy()
arm64: fix for bad_mode() handler to always result in panic
cpufreq: Skip cpufreq resume if it's not suspended
ocfs2: remove ocfs2_is_o2cb_active()
mmc: block: Fix tag condition with packed writes
ARC: perf: Accommodate big-endian CPU
x86/insn: Fix awk regexp warnings
x86/speculation: Fix incorrect MDS/TAA mitigation status
x86/speculation: Fix redundant MDS mitigation message
media: vivid: Set vid_cap_streaming and vid_out_streaming to true
media: vivid: Fix wrong locking that causes race conditions on streaming stop
cpufreq: Add NULL checks to show() and store() methods of cpufreq
media: b2c2-flexcop-usb: add sanity checking
media: cxusb: detect cxusb_ctrl_msg error in query
media: imon: invalid dereference in imon_touch_event
virtio_console: reset on out of memory
virtio_console: don't tie bufs to a vq
virtio_console: allocate inbufs in add_port() only if it is needed
virtio_console: fix uninitialized variable use
virtio_console: drop custom control queue cleanup
virtio_console: move removal code
usb-serial: cp201x: support Mark-10 digital force gauge
appledisplay: fix error handling in the scheduled work
USB: serial: mos7840: add USB ID to support Moxa UPort 2210
USB: serial: mos7720: fix remote wakeup
USB: serial: mos7840: fix remote wakeup
USB: serial: option: add support for DW5821e with eSIM support
USB: serial: option: add support for Foxconn T77W968 LTE modules
staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error
powerpc/64s: support nospectre_v2 cmdline option
powerpc/book3s64: Fix link stack flush on context switch
KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel
Linux 4.4.204
Change-Id: I63f64a109a8797f479bc7226be23ca591fa01b1c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit af2e8c68b9c5403f77096969c516f742f5bb29e0 upstream.
On some systems that are vulnerable to Spectre v2, it is up to
software to flush the link stack (return address stack), in order to
protect against Spectre-RSB.
When exiting from a guest we do some house keeping and then
potentially exit to C code which is several stack frames deep in the
host kernel. We will then execute a series of returns without
preceeding calls, opening up the possiblity that the guest could have
poisoned the link stack, and direct speculative execution of the host
to a gadget of some sort.
To prevent this we add a flush of the link stack on exit from a guest.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
[dja: backport to v4.4, drop P9 support]
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 39e72bf96f5847ba87cc5bd7a3ce0fed813dc9ad upstream.
In commit ee13cb249fab ("powerpc/64s: Add support for software count
cache flush"), I added support for software to flush the count
cache (indirect branch cache) on context switch if firmware told us
that was the required mitigation for Spectre v2.
As part of that code we also added a software flush of the link
stack (return address stack), which protects against Spectre-RSB
between user processes.
That is all correct for CPUs that activate that mitigation, which is
currently Power9 Nimbus DD2.3.
What I got wrong is that on older CPUs, where firmware has disabled
the count cache, we also need to flush the link stack on context
switch.
To fix it we create a new feature bit which is not set by firmware,
which tells us we need to flush the link stack. We set that when
firmware tells us that either of the existing Spectre v2 mitigations
are enabled.
Then we adjust the patching code so that if we see that feature bit we
enable the link stack flush. If we're also told to flush the count
cache in software then we fall through and do that also.
On the older CPUs we don't need to do do the software count cache
flush, firmware has disabled it, so in that case we patch in an early
return after the link stack flush.
The naming of some of the functions is awkward after this patch,
because they're called "count cache" but they also do link stack. But
we'll fix that up in a later commit to ease backporting.
This is the fix for CVE-2019-18660.
Reported-by: Anthony Steinhauser <asteinhauser@google.com>
Fixes: ee13cb249fab ("powerpc/64s: Add support for software count cache flush")
Cc: stable@vger.kernel.org # v4.4+
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
[dja: straightforward backport to v4.14]
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d8f0e0b073e1ec52a05f0c2a56318b47387d2f10 upstream.
Add support for disabling the kernel implemented spectre v2 mitigation
(count cache flush on context switch) via the nospectre_v2 and
mitigations=off cmdline options.
Suggested-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Christopher M. Riedl <cmr@informatik.wtf>
Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190524024647.381-1-cmr@informatik.wtf
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 5618332e5b955b4bff06d0b88146b971c8dd7b32 upstream.
The userspace comedilib function 'get_cmd_generic_timed' fills
the cmd structure with an informed guess and then calls the
function 'usbduxfast_ai_cmdtest' in this driver repeatedly while
'usbduxfast_ai_cmdtest' is modifying the cmd struct until it
no longer changes. However, because of rounding errors this never
converged because 'steps = (cmd->convert_arg * 30) / 1000' and then
back to 'cmd->convert_arg = (steps * 1000) / 30' won't be the same
because of rounding errors. 'Steps' should only be converted back to
the 'convert_arg' if 'steps' has actually been modified. In addition
the case of steps being 0 wasn't checked which is also now done.
Signed-off-by: Bernd Porr <mail@berndporr.me.uk>
Cc: <stable@vger.kernel.org> # 4.4+
Reviewed-by: Ian Abbott <abbotti@mev.co.uk>
Link: https://lore.kernel.org/r/20191118230759.1727-1-mail@berndporr.me.uk
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 92fe35fb9c70a00d8fbbf5bd6172c921dd9c7815 upstream.
The driver was setting the device remote-wakeup feature during probe in
violation of the USB specification (which says it should only be set
just prior to suspending the device). This could potentially waste
power during suspend as well as lead to spurious wakeups.
Note that USB core would clear the remote-wakeup feature at first
resume.
Fixes: 3f5429746d ("USB: Moschip 7840 USB-Serial Driver")
Cc: stable <stable@vger.kernel.org> # 2.6.19
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit ea422312a462696093b5db59d294439796cba4ad upstream.
The driver was setting the device remote-wakeup feature during probe in
violation of the USB specification (which says it should only be set
just prior to suspending the device). This could potentially waste
power during suspend as well as lead to spurious wakeups.
Note that USB core would clear the remote-wakeup feature at first
resume.
Fixes: 0f64478cbc ("USB: add USB serial mos7720 driver")
Cc: stable <stable@vger.kernel.org> # 2.6.19
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit e696d00e65e81d46e911f24b12e441037bf11b38 upstream.
Add USB ID for MOXA UPort 2210. This device contains mos7820 but
it passes GPIO0 check implemented by driver and it's detected as
mos7840. Hence product id check is added to force mos7820 mode.
Signed-off-by: Pavel Löbl <pavel@loebl.cz>
Cc: stable <stable@vger.kernel.org>
[ johan: rename id defines and add vendor-id check ]
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 91feb01596e5efc0cc922cc73f5583114dccf4d2 upstream.
The work item can operate on
1. stale memory left over from the last transfer
the actual length of the data transfered needs to be checked
2. memory already freed
the error handling in appledisplay_probe() needs
to cancel the work in that case
Reported-and-tested-by: syzbot+495dab1f175edc9c2f13@syzkaller.appspotmail.com
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20191106124902.7765-1-oneukum@suse.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 347bc8cb26388791c5881a3775cb14a3f765a674 upstream.
Add support for the Mark-10 digital force gauge device to the cp201x
driver.
Based on a report and a larger patch from Joel Jennings
Reported-by: Joel Jennings <joel.jennings@makeitlabs.com>
Cc: stable <stable@vger.kernel.org>
Acked-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191118092119.GA153852@kroah.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit aa44ec867030a72e8aa127977e37dec551d8df19 ]
Will make it reusable for error handling.
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 61a8950c5c5708cf2068b29ffde94e454e528208 ]
We now cleanup all VQs on device removal - no need
to handle the control VQ specially.
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2055997f983c6db7b5c3940ce5f8f822657d5bc3 ]
We try to disable callbacks on c_ivq even without multiport
even though that vq is not initialized in this configuration.
Fixes: c743d09dbd ("virtio: console: Disable callbacks for virtqueues at start of S4 freeze")
Suggested-by: Mike Galbraith <efault@gmx.de>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit d791cfcbf98191122af70b053a21075cb450d119 ]
When we hot unplug a virtserialport and then try to hot plug again,
it fails:
(qemu) chardev-add socket,id=serial0,path=/tmp/serial0,server,nowait
(qemu) device_add virtserialport,bus=virtio-serial0.0,nr=2,\
chardev=serial0,id=serial0,name=serial0
(qemu) device_del serial0
(qemu) device_add virtserialport,bus=virtio-serial0.0,nr=2,\
chardev=serial0,id=serial0,name=serial0
kernel error:
virtio-ports vport2p2: Error allocating inbufs
qemu error:
virtio-serial-bus: Guest failure in adding port 2 for device \
virtio-serial0.0
This happens because buffers for the in_vq are allocated when the port is
added but are not released when the port is unplugged.
They are only released when virtconsole is removed (see a7a69ec0d8e4)
To avoid the problem and to be symmetric, we could allocate all the buffers
in init_vqs() as they are released in remove_vqs(), but it sounds like
a waste of memory.
Rather than that, this patch changes add_port() logic to ignore ENOSPC
error in fill_queue(), which means queue has already been filled.
Fixes: a7a69ec0d8e4 ("virtio_console: free buffers after reset")
Cc: mst@redhat.com
Cc: stable@vger.kernel.org
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2855b33514d290c51d52d94e25d3ef942cd4d578 ]
an allocated buffer doesn't need to be tied to a vq -
only vq->vdev is ever used. Pass the function the
just what it needs - the vdev.
Cc: stable@vger.kernel.org
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
