If the user passes the arbitrary command with _IOC_DIR(cmd) == _IOC_NONE,
"arg" should point to any arbitrary address.
Check for invalid command and return error.
CRs-Fixed: 2299567
Change-Id: Ibd77adfe53ef0777ff4eb96c914e21f43dfd6749
Signed-off-by: E V Ravi <evenka@codeaurora.org>
In few scenarios where the buffers are not
queued from HAL, request queue overflow is seen.
Added changes to reset the queue at destroy and
when the buffer is not available to process.
Change-Id: I7239175dda9cbc26fb65f568cbc5f7183ceaa24d
Signed-off-by: Meera Gande <mgande@codeaurora.org>
In few scenarios, where the register update ioctl is
missed, the handling of frame drop is not working
in such scenarios as the frame drop pattern is not
set correctly. Once the epoch handling is done,
we need to re-configure the buffer and pattern.
Change-Id: I87b2cecda7e7e1addc68511dad6a80498051f87a
Signed-off-by: Meera Gande <mgande@codeaurora.org>
In few scenarios, the request frame may get
delayed and current and request frame id may
become same. To handle such scenarios, made
changes to inform user to delay a frame and
process the request.
Change-Id: I31fa04c386922c48a043c511a163c76316e21987
Signed-off-by: Meera Gande <mgande@codeaurora.org>
In 64 bit kernel and 32 bit userspace,ioctl_ptr from
kernel space, should NOT call the copy_from_user.
In 64 bit kernel and 64 bit userspace,ioctl_ptr from
user space, use the copy_from_user to copy data.
use the is_compat_task to distinguish two condition.
CRs-Fixed: 2283160
Change-Id: If9205e4f3176a52e52f694a3183dc9c5b7617a97
Signed-off-by: Haibin Liu <haibinl@codeaurora.org>
1080p60Hz HDMI_OUT(PC) not displayed in TIF due to wrong clock value,
So increasing clock value to 148.5MHz in Detailed Timing Descriptor
And reorder video data block to support 1080p60Hz.
Change-Id: I91ffc02f97c9b4fa5362444382af1b91af9c03b6
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
In msm_cpp_irq function, tx_level is read using msm_carmera_io_r(),
However, this value is never verified to lower than
MSM_CPP_TX_FIFO_LEVEL (16), As tx_level is used as the upper bound
for the following loop, any value bigger than 16 will result in a
buffer overflow. Hence handling this case as error with error log.
Change-Id: I13222b315c3c9ee46bedb8b4e8e161179fea321d
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
Check the cid number to be less than MAX_CID in csid.
Change-Id: I16777dc8e8c72e01dc10490cd4c205c939adb7b5
Signed-off-by: Chunhuan Zhan <zhanc@codeaurora.org>
Signed-off-by: Rahul Sharma <rahsha@codeaurora.org>
jpeg driver is calling class_create with stack variable, which
can be overwritten by other stack variables.
Change-Id: I92ccd4629cef8a06b7715b8483cf53a9607bd22f
Signed-off-by: Deepak Shankar <dees@codeaurora.org>
Signed-off-by: Rahul Sharma <rahsha@codeaurora.org>
TX and RX FIFOs of Microcontroller are used to exchange commands
and messages between Micro FW and CPP driver. TX FIFO depth is
16 32-bit words, incase of errors there is a chance of overflow.
To prevent possible out of bound access, TX FIFO depth or
level is checked for MAX depth before accessing the FIFO.
Change-Id: I5adf39b46ff10e358c4a2c03a2de07d44b99cedb
Signed-off-by: Pratap Nirujogi <pratapn@codeaurora.org>
* refs/heads/tmp-13962260
Linux 4.4.146
scsi: sg: fix minor memory leak in error path
crypto: padlock-aes - Fix Nano workaround data corruption
kvm: x86: vmx: fix vpid leak
virtio_balloon: fix another race between migration and ballooning
net: socket: fix potential spectre v1 gadget in socketcall
can: ems_usb: Fix memory leak on ems_usb_disconnect()
squashfs: more metadata hardenings
squashfs: more metadata hardening
netlink: Fix spectre v1 gadget in netlink_create()
net: dsa: Do not suspend/resume closed slave_dev
inet: frag: enforce memory limits earlier
tcp: add one more quick ack after after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: do not aggressively quick ack after ECN events
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not force quickack when receiving out-of-order packets
NET: stmmac: align DMA stuff to largest cache line length
xen-netfront: wait xenbus state change when load module manually
net: lan78xx: fix rx handling before first packet is send
net: fix amd-xgbe flow-control issue
ipv4: remove BUG_ON() from fib_compute_spec_dst
ASoC: pxa: Fix module autoload for platform drivers
dmaengine: pxa_dma: remove duplicate const qualifier
ext4: check for allocation block validity with block group locked
ext4: fix inline data updates with checksums enabled
squashfs: be more careful about metadata corruption
random: mix rdrand with entropy sent in from userspace
drm: Add DP PSR2 sink enable bit
media: si470x: fix __be16 annotations
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: scsi_dh: replace too broad "TP9" string with the exact models
media: omap3isp: fix unbalanced dma_iommu_mapping
crypto: authenc - don't leak pointers to authenc keys
crypto: authencesn - don't leak pointers to authenc keys
usb: hub: Don't wait for connect state at resume for powered-off ports
microblaze: Fix simpleImage format generation
audit: allow not equal op for audit by executable
rsi: Fix 'invalid vdd' warning in mmc
ipconfig: Correctly initialise ic_nameservers
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
memory: tegra: Apply interrupts mask per SoC
memory: tegra: Do not handle spurious interrupts
ALSA: hda/ca0132: fix build failure when a local macro is defined
drm/atomic: Handling the case when setting old crtc for plane
media: siano: get rid of __le32/__le16 cast warnings
bpf: fix references to free_bpf_prog_info() in comments
thermal: exynos: fix setting rising_threshold for Exynos5433
scsi: megaraid: silence a static checker bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: 3w-9xxx: fix a missing-check bug
perf: fix invalid bit in diagnostic entry
s390/cpum_sf: Add data entry sizes to sampling trailer entry
brcmfmac: Add support for bcm43364 wireless chipset
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
media: saa7164: Fix driver name in debug output
libata: Fix command retry decision
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
tty: Fix data race in tty_insert_flip_string_fixed_flag
HID: i2c-hid: check if device is there before really probing
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
drm/radeon: fix mode_valid's return type
HID: hid-plantronics: Re-resend Update to map button for PTT products
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
media: smiapp: fix timeout checking in smiapp_read_nvm
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
ALSA: emu10k1: Rate-limit error messages about page errors
scsi: ufs: fix exception event handling
mwifiex: correct histogram data with appropriate index
PCI: pciehp: Request control of native hotplug only if supported
pinctrl: at91-pio4: add missing of_node_put
powerpc/8xx: fix invalid register expression in head_8xx.S
powerpc/powermac: Mark variable x as unused
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/32: Add a missing include header
ath: Add regulatory mapping for Bahamas
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for FCC3_ETSIC
PCI: Prevent sysfs disable of device while driver is attached
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
media: videobuf2-core: don't call memop 'finish' when queueing
wlcore: sdio: check for valid platform device data before suspend
mwifiex: handle race during mwifiex_usb_disconnect
mfd: cros_ec: Fail early if we cannot identify the EC
ASoC: dpcm: fix BE dai not hw_free and shutdown
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
iwlwifi: pcie: fix race in Rx buffer allocator
perf/x86/intel/uncore: Correct fixed counter index check for NHM
perf/x86/intel/uncore: Correct fixed counter index check in generic code
usbip: usbip_detach: Fix memory, udev context and udev leak
f2fs: fix to don't trigger writeback during recovery
disable loading f2fs module on PAGE_SIZE > 4KB
RDMA/mad: Convert BUG_ONs to error flows
powerpc/64s: Fix compiler store ordering to SLB shadow area
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
infiniband: fix a possible use-after-free bug
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
rtc: ensure rtc_set_alarm fails when alarms are not supported
mm/slub.c: add __printf verification to slab_err()
mm: vmalloc: avoid racy handling of debugobjects in vunmap
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
ALSA: fm801: add error handling for snd_ctl_add
ALSA: emu10k1: add error handling for snd_ctl_add
xen/netfront: raise max number of slots in xennet_get_responses()
tracing: Quiet gcc warning about maybe unused link variable
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Fix possible double free in event_enable_trigger_func()
tracing: Fix double free of event_trigger_data
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
MIPS: Fix off-by-one in pci_resource_to_user()
kernel/sys.c: fix merge error with 4.4.144
Conflicts:
drivers/scsi/ufs/ufshcd.c
include/net/tcp.h
net/socket.c
Change-Id: Ie84fdcf54b0a45508f76ef56330291f54e35ed30
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
[ Upstream commit b7e1e6859fbf60519fd82d7120cee106a6019512 ]
The OMAP3 ISP driver manages its MMU mappings through the IOMMU-aware
ARM DMA backend. The current code creates a dma_iommu_mapping and
attaches this to the ISP device, but never detaches the mapping in
either the probe failure paths or the driver remove path resulting
in an unbalanced mapping refcount and a memory leak. Fix this properly.
Reported-by: Pavel Machek <pavel@ucw.cz>
Signed-off-by: Suman Anna <s-anna@ti.com>
Tested-by: Pavel Machek <pavel@ucw.cz>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 0cc4655cb57af0b7e105d075c4f83f8046efafe7 ]
This issue was reported by a user who downloaded a corrupt saa7164
firmware, then went looking for a valid xc5000 firmware to fix the
error displayed...but the device in question has no xc5000, thus after
much effort, the wild goose chase eventually led to a support call.
The xc5000 has nothing to do with saa7164 (as far as I can tell),
so replace the string with saa7164 as well as give a meaningful
hint on the firmware mismatch.
Signed-off-by: Brad Love <brad@nextdimension.cc>
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 7a2148dfda8001c983f0effd9afd8a7fa58e99c4 ]
The current code decrements the timeout counter i and the end of
each loop i is incremented, so the check for timeout will always
be false and hence the timeout mechanism is just a dead code path.
Potentially, if the RD_READY bit is not set, we could end up in
an infinite loop.
Fix this so the timeout starts from 1000 and decrements to zero,
if at the end of the loop i is zero we have a timeout condition.
Detected by CoverityScan, CID#1324008 ("Logically dead code")
Fixes: ccfc97bdb5 ("[media] smiapp: Add driver")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 90b2da89a083e1395cb322521a42397c49ae4500 ]
When a buffer is queued or requeued in vb2_buffer_done, then don't
call the finish memop. In this case the buffer is only returned to vb2,
not to userspace.
Calling 'finish' here will cause an unbalance when the queue is
canceled, since the core will call the same memop again.
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Increase minimum input buffer count for HEVC decode to 5 to
avoid hang when the DPB is not full and FW keeps
waiting for FTB although sufficient ETB are being queued.
CRs-Fixed: 2252419
Change-Id: Id344cd896aeac46765e250e715d14a6c835b4221
Signed-off-by: Paras Nagda <pnagda@codeaurora.org>
The function msm_isp_get_stream_common_data could return a NULL,
add check to avoid NULL pointer dereference.
Change-Id: I157a74189b581d8ba90ef31f71c3be9b8369a764
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>
jpeg driver is calling class_create with stack variable, which
can be overwritten by other stack variables.
Change-Id: I3c22a5b3375b970ff6b1c6de983dd5833f4e11d0
Signed-off-by: Trishansh Bhardwaj <tbhardwa@codeaurora.org>
Signed-off-by: VijayaKumar T M <vtmuni@codeaurora.org>
in dual vfe usecase, skip pingpong mismatch recovery
if one of the vfe's active stream count is zero.
Change-Id: I1b4dce66ad6665e41c4185d3ac510204d40131da
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>
During Stream-off is in progress and all active
streams are zero and that instant if we cause
pingpong mismatch, recovery is not expected.
Change-Id: Ibdaeb4308f33772fcd330712b0a866aedb7a9486
Signed-off-by: Srikanth Uyyala <suyyala@codeaurora.org>
Add HLG and ST2084 Transfer characteristics enum values as
specified in the latest HEVC spec.
Change-Id: Iff19ff5c13c4861f4d97ab0433214fe95fa84459
Signed-off-by: Paras Nagda <pnagda@codeaurora.org>
* refs/heads/tmp-789274d
Linux 4.4.140
staging: comedi: quatech_daqp_cs: fix no-op loop daqp_ao_insn_write()
netfilter: nf_log: don't hold nf_log_mutex during user access
mtd: cfi_cmdset_0002: Change erase functions to check chip good only
mtd: cfi_cmdset_0002: Change erase functions to retry for error
mtd: cfi_cmdset_0002: Change definition naming to retry write operation
dm bufio: don't take the lock in dm_bufio_shrink_count
mtd: rawnand: mxc: set spare area size register explicitly
dm bufio: drop the lock when doing GFP_NOIO allocation
dm bufio: avoid sleeping while holding the dm_bufio lock
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
media: cx25840: Use subdev host data for PLL override
x86/mce: Fix incorrect "Machine check from unknown source" message
x86/mce: Detect local MCEs properly
HID: debug: check length before copy_to_user()
HID: hiddev: fix potential Spectre v1
HID: i2c-hid: Fix "incomplete report" noise
ext4: check superblock mapped prior to committing
ext4: add more mount time checks of the superblock
ext4: add more inode number paranoia checks
ext4: clear i_data in ext4_inode_info when removing inline data
ext4: include the illegal physical block in the bad map ext4_error msg
ext4: verify the depth of extent tree in ext4_find_extent()
ext4: only look at the bg_flags field if it is valid
ext4: always check block group bounds in ext4_init_block_bitmap()
ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
jbd2: don't mark block as modified if the handle is out of credits
cifs: Fix infinite loop when using hard mount option
drbd: fix access after free
s390: Correct register corruption in critical section cleanup
scsi: sg: mitigate read/write abuse
tracing: Fix missing return symbol in function_graph output
mm: hugetlb: yield when prepping struct pages
ubi: fastmap: Correctly handle interrupted erasures in EBA
ARM: dts: imx6q: Use correct SDMA script for SPI5 core
netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
nvme-pci: initialize queue memory before interrupts
kprobes/x86: Do not modify singlestep buffer while resuming
ipv4: Fix error return value in fib_convert_metrics()
i2c: rcar: fix resume by always initializing registers before transfer
ath10k: fix rfc1042 header retrieval in QCA4019 with eth decap mode
x86/boot: Fix early command-line parsing when matching at end
n_tty: Access echo_* variables carefully.
staging: android: ion: Return an ERR_PTR in ion_map_kernel
n_tty: Fix stall at n_tty_receive_char_special().
USB: serial: cp210x: add Silicon Labs IDs for Windows Update
USB: serial: cp210x: add CESINEL device ids
usb: cdc_acm: Add quirk for Uniden UBC125 scanner
Change-Id: I01c4fc4b6354c28a7d8ff391ff515096ed4d3da4
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
In some cases, observed that vfe node information is
not filled in the stream information, this will lead
to a null pointer access. To avoid such scenarios,
a null check is added.
Change-Id: Ibe8e095629574e2d8b8fbb097449d49bc0a762b3
Signed-off-by: Shobhit Singh <shobsi@codeaurora.org>
commit 3ee9bc12342cf546313d300808ff47d7dbb8e7db upstream.
The cx25840 driver currently configures 885, 887, and 888 using
default divisors for each chip. This check to see if the cx23885
driver has passed the cx25840 a non-default clock rate for a
specific chip. If a cx23885 board has left clk_freq at 0, the
clock default values will be used to configure the PLLs.
This patch only has effect on 888 boards who set clk_freq to 25M.
Signed-off-by: Brad Love <brad@nextdimension.cc>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Cc: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change the AVI infoframe read to check avi_info_raw bit in
hdmi lvl raw status register instead of new_avi_info_raw
in hdmi edg raw status register. This is required so as not
to miss AVI infoframes if we disconnect and reconnect the
HDMI cable or close and reopen the application. Also return
error if no AVI infoframe is found and change some error
logs to be more specific.
Change-Id: If30ba820d255149f1b54f422b8e075e634271aaf
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
Added condition check for suspend only if sensor state is power
down and for resume only if sensor state is power up in
pm functions on sensor driver to control.
Change-Id: Ia31f34dc103428423a86efe8f8012db18b5a75f1
Signed-off-by: Suprith Malligere Shankaregowda <supgow@codeaurora.org>
* refs/heads/tmp-7ba5557
Linux 4.4.139
Bluetooth: Fix connection if directed advertising and privacy is used
cdc_ncm: avoid padding beyond end of skb
dm thin: handle running out of data space vs concurrent discard
block: Fix transfer when chunk sectors exceeds max
spi: Fix scatterlist elements size in spi_map_buf
Btrfs: fix unexpected cow in run_delalloc_nocow
ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
Input: elantech - fix V4 report decoding for module with middle key
Input: elantech - enable middle button of touchpads on ThinkPad P52
Input: elan_i2c_smbus - fix more potential stack buffer overflows
udf: Detect incorrect directory size
xen: Remove unnecessary BUG_ON from __unbind_from_irq()
Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
video: uvesafb: Fix integer overflow in allocation
NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message
nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
media: cx231xx: Add support for AverMedia DVD EZMaker 7
media: v4l2-compat-ioctl32: prevent go past max size
perf intel-pt: Fix packet decoding of CYC packets
perf intel-pt: Fix "Unexpected indirect branch" error
perf intel-pt: Fix MTC timing after overflow
perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
mfd: intel-lpss: Program REMAP register in PIO mode
backlight: tps65217_bl: Fix Device Tree node lookup
backlight: max8925_bl: Fix Device Tree node lookup
backlight: as3711_bl: Fix Device Tree node lookup
xfrm: skip policies marked as dead while rehashing
xfrm: Ignore socket policies when rebuilding hash tables
UBIFS: Fix potential integer overflow in allocation
ubi: fastmap: Cancel work upon detach
md: fix two problems with setting the "re-add" device state.
linvdimm, pmem: Preserve read-only setting for pmem devices
scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
iio:buffer: make length types match kfifo types
Btrfs: fix clone vs chattr NODATASUM race
time: Make sure jiffies_to_msecs() preserves non-zero time periods
MIPS: io: Add barrier after register read in inX()
PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume
MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
mtd: cfi_cmdset_0002: Change write buffer to check correct value
RDMA/mlx4: Discard unknown SQP work requests
IB/qib: Fix DMA api warning with debug kernel
of: unittest: for strings, account for trailing \0 in property length field
ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
powerpc/fadump: Unregister fadump on kexec down path.
cpuidle: powernv: Fix promotion from snooze if next state disabled
powerpc/ptrace: Fix enforcement of DAWR constraints
powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG
powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
fuse: fix control dir setup and teardown
fuse: don't keep dead fuse_conn at fuse_fill_super().
fuse: atomic_o_trunc should truncate pagecache
Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
ipmi:bt: Set the timeout before doing a capabilities check
branch-check: fix long->int truncation when profiling branches
mips: ftrace: fix static function graph tracing
lib/vsprintf: Remove atomic-unsafe support for %pCr
ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
ASoC: cirrus: i2s: Fix LRCLK configuration
ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
1wire: family module autoload fails because of upper/lower case mismatch.
usb: do not reset if a low-speed or full-speed device timed out
signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec()
fs/binfmt_misc.c: do not allow offset overflow
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
libata: zpodd: small read overflow in eject_tray()
libata: zpodd: make arrays cdb static, reduces object code size
cpufreq: Fix new policy initialization during limits updates via sysfs
ALSA: hda: add dock and led support for HP ProBook 640 G4
ALSA: hda: add dock and led support for HP EliteBook 830 G5
ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream()
btrfs: scrub: Don't use inode pages for device replace
driver core: Don't ignore class_dir_create_and_add() failure.
ext4: fix fencepost error in check for inode count overflow during resize
ext4: update mtime in ext4_punch_hole even if no blocks are released
tcp: verify the checksum of the first data segment in a new connection
bonding: re-evaluate force_primary when the primary slave name changes
usb: musb: fix remote wakeup racing with suspend
Btrfs: make raid6 rebuild retry more
tcp: do not overshoot window_clamp in tcp_rcv_space_adjust()
Revert "Btrfs: fix scrub to repair raid6 corruption"
net/sonic: Use dma_mapping_error()
net: qmi_wwan: Add Netgear Aircard 779S
atm: zatm: fix memcmp casting
ipvs: fix buffer overflow with sync daemon and service
netfilter: ebtables: handle string from userspace with care
xfrm6: avoid potential infinite loop in _decode_session6()
ANDROID: Add kconfig to make dm-verity check_at_most_once default enabled
ANDROID: sdcardfs: fix potential crash when reserved_mb is not zero
Change-Id: Ibcd2b6614843e4e8fd5a57acf350a9e83e1c0dbc
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
commit 76d81243a487c09619822ef8e7201a756e58a87d upstream.
As warned by smatch:
drivers/media/dvb-core/dvb_frontend.c:314 dvb_frontend_get_event() warn: inconsistent returns 'sem:&fepriv->sem'.
Locked on: line 288
line 295
line 306
line 314
Unlocked on: line 303
The lock implementation for get event is wrong, as, if an
interrupt occurs, down_interruptible() will fail, and the
routine will call up() twice when userspace calls the ioctl
again.
The bad code is there since when Linux migrated to git, in
2005.
Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 29e61d6ef061b012d320327af7dbb3990e75be45 upstream.
User reports AverMedia DVD EZMaker 7 can be driven by VIDEO_GRABBER.
Add the device to the id_table to make it work.
BugLink: https://bugs.launchpad.net/bugs/1620762
Cc: stable@vger.kernel.org
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Hans Verkuil <hansverk@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
