| Age | Commit message (Collapse) | Author |
|---|
|
Changes in 4.14.93
pinctrl: meson: fix pull enable register calculation
powerpc: Fix COFF zImage booting on old powermacs
powerpc/mm: Fix linux page tables build with some configs
HID: ite: Add USB id match for another ITE based keyboard rfkill key quirk
ARM: imx: update the cpu power up timing setting on i.mx6sx
ARM: dts: imx7d-nitrogen7: Fix the description of the Wifi clock
Input: restore EV_ABS ABS_RESERVED
checkstack.pl: fix for aarch64
xfrm: Fix error return code in xfrm_output_one()
xfrm: Fix bucket count reported to userspace
xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry.
netfilter: seqadj: re-load tcp header pointer after possible head reallocation
scsi: bnx2fc: Fix NULL dereference in error handling
Input: omap-keypad - fix idle configuration to not block SoC idle states
Input: synaptics - enable RMI on ThinkPad T560
ibmvnic: Fix non-atomic memory allocation in IRQ context
ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done
x86/mm: Fix guard hole handling
x86/dump_pagetables: Fix LDT remap address marker
i40e: fix mac filter delete when setting mac address
netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
netfilter: nat: can't use dst_hold on noref dst
bnx2x: Clear fip MAC when fcoe offload support is disabled
bnx2x: Remove configured vlans as part of unload sequence.
bnx2x: Send update-svid ramrod with retry/poll flags enabled
scsi: target: iscsi: cxgbit: fix csk leak
scsi: target: iscsi: cxgbit: add missing spin_lock_init()
x86, hyperv: remove PCI dependency
drivers: net: xgene: Remove unnecessary forward declarations
w90p910_ether: remove incorrect __init annotation
net: hns: Incorrect offset address used for some registers.
net: hns: All ports can not work when insmod hns ko after rmmod.
net: hns: Some registers use wrong address according to the datasheet.
net: hns: Fixed bug that netdev was opened twice
net: hns: Clean rx fbd when ae stopped.
net: hns: Free irq when exit from abnormal branch
net: hns: Avoid net reset caused by pause frames storm
net: hns: Fix ntuple-filters status error.
net: hns: Add mac pcs config when enable|disable mac
net: hns: Fix ping failed when use net bridge and send multicast
SUNRPC: Fix a race with XPRT_CONNECTING
qed: Fix an error code qed_ll2_start_xmit()
net: macb: fix random memory corruption on RX with 64-bit DMA
net: macb: fix dropped RX frames due to a race
lan78xx: Resolve issue with changing MAC address
vxge: ensure data0 is initialized in when fetching firmware version information
mac80211: free skb fraglist before freeing the skb
kbuild: fix false positive warning/error about missing libelf
virtio: fix test build after uio.h change
gpio: mvebu: only fail on missing clk if pwm is actually to be used
Input: synaptics - enable SMBus for HP EliteBook 840 G4
net: netxen: fix a missing check and an uninitialized use
qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup
serial/sunsu: fix refcount leak
scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid
genirq/affinity: Don't return with empty affinity masks on error
tools: fix cross-compile var clobbering
fork: record start_time late
zram: fix double free backing device
hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
mm, devm_memremap_pages: kill mapping "System RAM" support
mm, hmm: use devm semantics for hmm_devmem_{add, remove}
mm, hmm: mark hmm_devmem_{add, add_resource} EXPORT_SYMBOL_GPL
mm, swap: fix swapoff with KSM pages
sunrpc: fix cache_head leak due to queued request
sunrpc: use SVC_NET() in svcauth_gss_* functions
powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer
powerpc: Disable -Wbuiltin-requires-header when setjmp is used
ftrace: Build with CPPFLAGS to get -Qunused-arguments
md: raid10: remove VLAIS
kbuild: add -no-integrated-as Clang option unconditionally
kbuild: consolidate Clang compiler flags
Makefile: Export clang toolchain variables
powerpc/boot: Set target when cross-compiling for clang
raid6/ppc: Fix build for clang
vhost/vsock: fix uninitialized vhost_vsock->guest_cid
dm verity: fix crash on bufio buffer that was allocated with vmalloc
dm zoned: Fix target BIO completion handling
ALSA: cs46xx: Potential NULL dereference in probe
ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
dlm: fixed memory leaks after failed ls_remove_names allocation
dlm: possible memory leak on error path in create_lkb()
dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
dlm: memory leaks on error path in dlm_user_request()
gfs2: Get rid of potential double-freeing in gfs2_create_inode
gfs2: Fix loop in gfs2_rbm_find
b43: Fix error in cordic routine
selinux: policydb - fix byte order and alignment issues
lockd: Show pid of lockd for remote locks
scripts/kallsyms: filter arm64's __efistub_ symbols
arm64: drop linker script hack to hide __efistub_ symbols
arm64: relocatable: fix inconsistencies in linker script and options
powerpc/tm: Set MSR[TS] just prior to recheckpoint
9p/net: put a lower bound on msize
rxe: fix error completion wr_id and qp_num
iommu/vt-d: Handle domain agaw being less than iommu agaw
sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c
ceph: don't update importing cap's mseq when handing cap export
genwqe: Fix size check
intel_th: msu: Fix an off-by-one in attribute store
power: supply: olpc_battery: correct the temperature units
lib: fix build failure in CONFIG_DEBUG_VIRTUAL test
drm/vc4: Set ->is_yuv to false when num_planes == 1
bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw
tools: power/acpi, revert to LD = gcc
Linux 4.14.93
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 8ea3819c0bbef57a51d8abe579e211033e861677 upstream.
The cordic routine for calculating sines and cosines that was added in
commit 6f98e62a9f1b ("b43: update cordic code to match current specs")
contains an error whereby a quantity declared u32 can in fact go negative.
This problem was detected by Priit Laes who is switching b43 to use the
routine in the library functions of the kernel.
Fixes: 986504540306 ("b43: make cordic common (LP-PHY and N-PHY need it)")
Reported-by: Priit Laes <plaes@plaes.org>
Cc: Rafał Miłecki <zajec5@gmail.com>
Cc: Stable <stable@vger.kernel.org> # 2.6.34
Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>
Signed-off-by: Priit Laes <plaes@plaes.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.14.91
block: break discard submissions into the user defined size
block: fix infinite loop if the device loses discard capability
ASoC: sta32x: set ->component pointer in private struct
ubifs: Fix directory size calculation for symlinks
ib_srpt: Fix a use-after-free in __srpt_close_all_ch()
perf record: Synthesize features before events in pipe mode
cifs: integer overflow in in SMB2_ioctl()
USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
xhci: Don't prevent USB2 bus suspend in state check intended for USB3 only
USB: xhci: fix 'broken_suspend' placement in struct xchi_hcd
USB: serial: option: add GosunCn ZTE WeLink ME3630
USB: serial: option: add HP lt4132
USB: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode)
USB: serial: option: add Fibocom NL668 series
USB: serial: option: add Telit LN940 series
scsi: sd: use mempool for discard special page
mmc: core: Reset HPI enabled state during re-init and in case of errors
mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support
mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl
mmc: omap_hsmmc: fix DMA API warning
gpio: max7301: fix driver for use with CONFIG_VMAP_STACK
gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers
posix-timers: Fix division by zero bug
kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs
KVM: Fix UAF in nested posted interrupt processing
Drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels
x86/mtrr: Don't copy uninitialized gentry fields back to userspace
panic: avoid deadlocks in re-entrant console drivers
iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT to old firmwares
iwlwifi: add new cards for 9560, 9462, 9461 and killer series
spi: imx: add a device specific prepare_message callback
spi: imx: mx51-ecspi: Move some initialisation to prepare_message hook.
ubifs: Handle re-linking of inodes correctly while recovery
mm: don't miss the last page because of round-off error
proc/sysctl: don't return ENOMEM on lookup when a table is unregistering
drm/ioctl: Fix Spectre v1 vulnerabilities
Linux 4.14.91
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit f108703cb5f199d0fc98517ac29a997c4c646c94 upstream.
add few PCI ID'S for 9560, 9462, 9461 and killer series.
Cc: stable@vger.kernel.org
Signed-off-by: Ihab Zhaika <ihab.zhaika@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit eca1e56ceedd9cc185eb18baf307d3ff2e4af376 upstream.
Old firmware versions don't support this command. Sending it
to any firmware before -41.ucode will crash the firmware.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=201975
Fixes: 66e839030fd6 ("iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE")
CC: <stable@vger.kernel.org> #4.19+
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.14.90
timer/debug: Change /proc/timer_list from 0444 to 0400
pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
aio: fix spectre gadget in lookup_ioctx
userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered
arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing
MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
mmc: sdhci: fix the timeout check window for clock and reset
fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS
ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt
dm thin: send event about thin-pool state change _after_ making it
dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty()
tracing: Fix memory leak in set_trigger_filter()
tracing: Fix memory leak of instance function hash filters
powerpc/msi: Fix NULL pointer access in teardown code
drm/nouveau/kms: Fix memory leak in nv50_mstm_del()
Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
drm/i915/execlists: Apply a full mb before execution for Braswell
drm/amdgpu: update SMC firmware image for polaris10 variants
x86/build: Fix compiler support check for CONFIG_RETPOLINE
locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath()
locking/qspinlock: Ensure node is initialised before updating prev->next
locking/qspinlock: Bound spinning on pending->locked transition in slowpath
locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock'
locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath
locking/qspinlock: Remove duplicate clear_pending() function from PV code
locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue
locking/qspinlock: Re-order code
locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound
locking/qspinlock, x86: Provide liveness guarantee
elevator: lookup mq vs non-mq elevators
netfilter: ipset: Fix wraparound in hash:*net* types
mac80211: don't WARN on bad WMM parameters from buggy APs
mac80211: Fix condition validating WMM IE
IB/hfi1: Remove race conditions in user_sdma send path
locking/qspinlock: Fix build for anonymous union in older GCC compilers
mac80211_hwsim: fix module init error paths for netlink
Input: hyper-v - fix wakeup from suspend-to-idle
scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload
x86/earlyprintk/efi: Fix infinite loop on some screen widths
drm/msm: Grab a vblank reference when waiting for commit_done
ARC: io.h: Implement reads{x}()/writes{x}()
bonding: fix 802.3ad state sent to partner when unbinding slave
bpf: Fix verifier log string check for bad alignment.
nfs: don't dirty kernel pages read by direct-io
SUNRPC: Fix a potential race in xprt_connect()
sbus: char: add of_node_put()
drivers/sbus/char: add of_node_put()
drivers/tty: add missing of_node_put()
ide: pmac: add of_node_put()
drm/msm: Fix error return checking
clk: mvebu: Off by one bugs in cp110_of_clk_get()
clk: mmp: Off by one in mmp_clk_add()
Input: synaptics - enable SMBus for HP 15-ay000
Input: omap-keypad - fix keyboard debounce configuration
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
mv88e6060: disable hardware level MAC learning
net/mlx4_en: Fix build break when CONFIG_INET is off
ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling
ARM: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart
ethernet: fman: fix wrong of_node_put() in probe function
drm/ast: Fix connector leak during driver unload
cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
vhost/vsock: fix reset orphans race with close timeout
mlxsw: spectrum_switchdev: Fix VLAN device deletion via ioctl
i2c: axxia: properly handle master timeout
i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
i2c: uniphier: fix violation of tLOW requirement for Fast-mode
i2c: uniphier-f: fix violation of tLOW requirement for Fast-mode
nvmet-rdma: fix response use after free
rtc: snvs: Add timeouts to avoid kernel lockups
bpf, arm: fix emit_ldx_r and emit_mov_i using TMP_REG_1
Linux 4.14.90
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
[ Upstream commit 05cc09de4c017663a217630682041066f2f9a5cd ]
There is no unregister netlink notifier and family on error paths
in init_mac80211_hwsim(). Also there is an error path where
hwsim_class is not destroyed.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
Fixes: 62759361eb49 ("mac80211-hwsim: Provide multicast event for HWSIM_CMD_NEW_RADIO")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
Changes in 4.14.88
media: omap3isp: Unregister media device as first
iommu/vt-d: Fix NULL pointer dereference in prq_event_thread()
brcmutil: really fix decoding channel info for 160 MHz bandwidth
iommu/ipmmu-vmsa: Fix crash on early domain free
can: rcar_can: Fix erroneous registration
test_firmware: fix error return getting clobbered
HID: input: Ignore battery reported by Symbol DS4308
batman-adv: Use explicit tvlv padding for ELP packets
batman-adv: Expand merged fragment buffer for full packet
amd/iommu: Fix Guest Virtual APIC Log Tail Address Register
bnx2x: Assign unique DMAE channel number for FW DMAE transactions.
qed: Fix PTT leak in qed_drain()
qed: Fix reading wrong value in loop condition
Revert "usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers"
net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command
net/mlx4_core: Fix uninitialized variable compilation warning
net/mlx4: Fix UBSAN warning of signed integer overflow
gpio: mockup: fix indicated direction
mtd: rawnand: qcom: Namespace prefix some commands
HID: multitouch: Add pointstick support for Cirque Touchpad
mtd: spi-nor: Fix Cadence QSPI page fault kernel panic
qed: Fix bitmap_weight() check
qed: Fix QM getters to always return a valid pq
net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts
iommu/vt-d: Use memunmap to free memremap
flexfiles: use per-mirror specified stateid for IO
ibmvnic: Fix RX queue buffer cleanup
team: no need to do team_notify_peers or team_mcast_rejoin when disabling port
net: amd: add missing of_node_put()
mm: don't warn about allocations which stall for too long
usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device
usb: appledisplay: Add 27" Apple Cinema Display
USB: check usb_get_extra_descriptor for proper size
ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
ALSA: hda: Add support for AMD Stoney Ridge
ALSA: pcm: Fix starvation on down_write_nonblock()
ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
ALSA: pcm: Fix interval evaluation with openmin/max
ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570
virtio/s390: avoid race on vcdev->config
virtio/s390: fix race in ccw_io_helper()
vhost/vsock: fix use-after-free in network stack callers
SUNRPC: Fix leak of krb5p encode pages
dmaengine: dw: Fix FIFO size for Intel Merrifield
dmaengine: cppi41: delete channel from pending list when stop channel
ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE
xhci: workaround CSS timeout on AMD SNPS 3.0 xHC
xhci: Prevent U1/U2 link pm states if exit latency is too long
f2fs: fix to do sanity check with block address in main area v2
swiotlb: clean up reporting
Staging: lustre: remove two build warnings
staging: atomisp: remove "fun" strncpy warning
cifs: Fix separator when building path from dentry
staging: rtl8712: Fix possible buffer overrun
Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c"
drm/amdgpu: update mc firmware image for polaris12 variants
drm/amdgpu/gmc8: update MC firmware for polaris
Drivers: hv: vmbus: Offload the handling of channels to two workqueues
tty: serial: 8250_mtk: always resume the device in probe.
tty: do not set TTY_IO_ERROR flag if console port
kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
libnvdimm, pfn: Pad pfn namespaces relative to other regions
mac80211_hwsim: Timer should be initialized before device registered
mac80211: Clear beacon_int in ieee80211_do_stop
mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext
mac80211: fix reordering of buffered broadcast packets
mac80211: ignore NullFunc frames in the duplicate detection
Linux 4.14.88
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit a1881c9b8a1edef0a5ae1d5c1b61406fe3402114 upstream.
Otherwise if network manager starts configuring Wi-Fi interface
immidiatelly after getting notification of its creation, we will get
NULL pointer dereference:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff95ae94c8>] hrtimer_active+0x28/0x50
...
Call Trace:
[<ffffffff95ae9997>] ? hrtimer_try_to_cancel+0x27/0x110
[<ffffffff95ae9a95>] ? hrtimer_cancel+0x15/0x20
[<ffffffffc0803bf0>] ? mac80211_hwsim_config+0x140/0x1c0 [mac80211_hwsim]
Cc: stable@vger.kernel.org
Signed-off-by: Vasyl Vavrychuk <vasyl.vavrychuk@globallogic.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 3401d42c7ea2d064d15c66698ff8eb96553179ce ]
Previous commit /adding/ support for 160 MHz chanspecs was incomplete.
It didn't set bandwidth info and didn't extract control channel info. As
the result it was also using uninitialized "sb" var.
This change has been tested for two chanspecs found to be reported by
some devices/firmwares:
1) 60/160 (0xee32)
Before: chnum:50 control_ch_num:36
After: chnum:50 control_ch_num:60
2) 120/160 (0xed72)
Before: chnum:114 control_ch_num:100
After: chnum:114 control_ch_num:120
Fixes: 330994e8e8ec ("brcmfmac: fix for proper support of 160MHz bandwidth")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
This device takes over an existing network device and produces a
new one that appears like a wireless connection, returning enough canned
responses to nl80211 to satisfy a standard connection manager. If
necessary, it can also be set up one step removed from an existing
network device, such as through a vlan/80211Q or macvlan connection to
not disrupt the existing network interface.
To use it to wrap a bare ethernet connection:
ip link add link eth0 name wlan0 type virt_wifi
You may have to rename or otherwise hide the eth0 from your connection
manager, as the original network link will become unusuable and only
the wireless wrapper will be functional. This can also be combined with
vlan or macvlan links on top of eth0 to share the network between
distinct links, but that requires support outside the machine for
accepting vlan-tagged packets or packets from multiple MAC addresses.
This is being used for Google's Remote Android Virtual Device project,
which runs Android devices in virtual machines. The standard network
interfaces provided inside the virtual machines are all ethernet.
However, Android is not interested in ethernet devices and would rather
connect to a wireless interface. This patch allows the virtual machine
guest to treat one of its network connections as wireless rather than
ethernet, satisfying Android's network connection requirements.
We believe this is a generally useful driver for simulating wireless
network connections in other environments where a wireless connection is
desired by some userspace process but is not available.
This is distinct from other testing efforts such as mac80211_hwsim by
being a cfg80211 device instead of mac80211 device, allowing straight
pass-through on the data plane instead of forcing packaging of ethernet
data into mac80211 frames.
Signed-off-by: A. Cody Schuffelen <schuffelen@google.com>
Acked-by: Alistair Strachan <astrachan@google.com>
Acked-by: Greg Hartman <ghartman@google.com>
Acked-by: Tristan Muntsinger <muntsinger@google.com>
[make it a tristate]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit c7cdba31ed8b87526db978976392802d3f93110c)
[astrachan: taken from mac80211-next/master]
[astrachan: removed 'extack' from call to netdev_upper_dev_link()]
Bug: 120682817
Test: boot tested cuttlefish and enabled wifi, saw AndroidWifi
Change-Id: I726ec28617574c0217d937da049089f0ab8e0da8
Signed-off-by: Alistair Strachan <astrachan@google.com>
|
|
Changes in 4.14.86
mm/huge_memory: rename freeze_page() to unmap_page()
mm/huge_memory.c: reorder operations in __split_huge_page_tail()
mm/huge_memory: splitting set mapping+index before unfreeze
mm/huge_memory: fix lockdep complaint on 32-bit i_size_read()
mm/khugepaged: collapse_shmem() stop if punched or truncated
mm/khugepaged: fix crashes due to misaccounted holes
mm/khugepaged: collapse_shmem() remember to clear holes
mm/khugepaged: minor reorderings in collapse_shmem()
mm/khugepaged: collapse_shmem() without freezing new_page
mm/khugepaged: collapse_shmem() do not crash on Compound
media: em28xx: Fix use-after-free when disconnecting
ubi: Initialize Fastmap checkmapping correctly
libceph: store ceph_auth_handshake pointer in ceph_connection
libceph: factor out __prepare_write_connect()
libceph: factor out __ceph_x_decrypt()
libceph: factor out encrypt_authorizer()
libceph: add authorizer challenge
libceph: implement CEPHX_V2 calculation mode
bpf: Prevent memory disambiguation attack
tls: Add function to update the TLS socket configuration
tls: Fix TLS ulp context leak, when TLS_TX setsockopt is not used.
tls: Avoid copying crypto_info again after cipher_type check.
tls: don't override sk_write_space if tls_set_sw_offload fails.
tls: Use correct sk->sk_prot for IPV6
net/tls: Fixed return value when tls_complete_pending_work() fails
wil6210: missing length check in wmi_set_ie
btrfs: validate type when reading a chunk
btrfs: Verify that every chunk has corresponding block group at mount time
btrfs: Refactor check_leaf function for later expansion
btrfs: Check if item pointer overlaps with the item itself
btrfs: Add sanity check for EXTENT_DATA when reading out leaf
btrfs: Add checker for EXTENT_CSUM
btrfs: Move leaf and node validation checker to tree-checker.c
btrfs: tree-checker: Enhance btrfs_check_node output
btrfs: tree-checker: Fix false panic for sanity test
btrfs: tree-checker: Add checker for dir item
btrfs: tree-checker: use %zu format string for size_t
btrfs: tree-check: reduce stack consumption in check_dir_item
btrfs: tree-checker: Verify block_group_item
btrfs: tree-checker: Detect invalid and empty essential trees
btrfs: Check that each block group has corresponding chunk at mount time
btrfs: tree-checker: Check level for leaves and nodes
btrfs: tree-checker: Fix misleading group system information
f2fs: check blkaddr more accuratly before issue a bio
f2fs: sanity check on sit entry
f2fs: enhance sanity_check_raw_super() to avoid potential overflow
f2fs: clean up with is_valid_blkaddr()
f2fs: introduce and spread verify_blkaddr
f2fs: fix to do sanity check with secs_per_zone
f2fs: Add sanity_check_inode() function
f2fs: fix to do sanity check with extra_attr feature
f2fs: fix to do sanity check with user_block_count
f2fs: fix to do sanity check with node footer and iblocks
f2fs: fix to do sanity check with block address in main area
f2fs: fix to do sanity check with i_extra_isize
f2fs: fix to do sanity check with cp_pack_start_sum
xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()"
net: skb_scrub_packet(): Scrub offload_fwd_mark
net: thunderx: set xdp_prog to NULL if bpf_prog_add fails
virtio-net: disable guest csum during XDP set
virtio-net: fail XDP set if guest csum is negotiated
net: thunderx: set tso_hdrs pointer to NULL in nicvf_free_snd_queue
packet: copy user buffers before orphan or clone
rapidio/rionet: do not free skb before reading its length
s390/qeth: fix length check in SNMP processing
usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
sched/core: Fix cpu.max vs. cpuhotplug deadlock
x86/bugs: Add AMD's variant of SSB_NO
x86/bugs: Add AMD's SPEC_CTRL MSR usage
x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
x86/bugs: Update when to check for the LS_CFG SSBD mitigation
x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
x86/speculation: Propagate information about RSB filling mitigation to sysfs
x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
x86/retpoline: Remove minimal retpoline support
x86/speculation: Update the TIF_SSBD comment
x86/speculation: Clean up spectre_v2_parse_cmdline()
x86/speculation: Remove unnecessary ret variable in cpu_show_common()
x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
x86/speculation: Disable STIBP when enhanced IBRS is in use
x86/speculation: Rename SSBD update functions
x86/speculation: Reorganize speculation control MSRs update
sched/smt: Make sched_smt_present track topology
x86/Kconfig: Select SCHED_SMT if SMP enabled
sched/smt: Expose sched_smt_present static key
x86/speculation: Rework SMT state change
x86/l1tf: Show actual SMT state
x86/speculation: Reorder the spec_v2 code
x86/speculation: Mark string arrays const correctly
x86/speculataion: Mark command line parser data __initdata
x86/speculation: Unify conditional spectre v2 print functions
x86/speculation: Add command line control for indirect branch speculation
x86/speculation: Prepare for per task indirect branch speculation control
x86/process: Consolidate and simplify switch_to_xtra() code
x86/speculation: Avoid __switch_to_xtra() calls
x86/speculation: Prepare for conditional IBPB in switch_mm()
ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
x86/speculation: Split out TIF update
x86/speculation: Prevent stale SPEC_CTRL msr content
x86/speculation: Prepare arch_smt_update() for PRCTL mode
x86/speculation: Add prctl() control for indirect branch speculation
x86/speculation: Enable prctl mode for spectre_v2_user
x86/speculation: Add seccomp Spectre v2 user space protection mode
x86/speculation: Provide IBPB always command line options
kvm: mmu: Fix race in emulated page table writes
kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall
KVM: X86: Fix scan ioapic use-before-initialization
xtensa: enable coprocessors that are being flushed
xtensa: fix coprocessor context offset definitions
xtensa: fix coprocessor part of ptrace_{get,set}xregs
Btrfs: ensure path name is null terminated at btrfs_control_ioctl
btrfs: relocation: set trans to be NULL after ending transaction
PCI: layerscape: Fix wrong invocation of outbound window disable accessor
arm64: dts: rockchip: Fix PCIe reset polarity for rk3399-puma-haikou.
x86/MCE/AMD: Fix the thresholding machinery initialization order
x86/fpu: Disable bottom halves while loading FPU registers
perf/x86/intel: Move branch tracing setup to the Intel-specific source file
perf/x86/intel: Add generic branch tracing check to intel_pmu_has_bts()
fs: fix lost error code in dio_complete
ALSA: wss: Fix invalid snd_free_pages() at error path
ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
ALSA: control: Fix race between adding and removing a user element
ALSA: sparc: Fix invalid snd_free_pages() at error path
ALSA: hda/realtek - Support ALC300
ALSA: hda/realtek - fix headset mic detection for MSI MS-B171
ext2: fix potential use after free
ARM: dts: rockchip: Remove @0 from the veyron memory node
dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
dmaengine: at_hdmac: fix module unloading
btrfs: release metadata before running delayed refs
staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION
staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station
USB: usb-storage: Add new IDs to ums-realtek
usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
Revert "usb: dwc3: gadget: skip Set/Clear Halt when invalid"
iio:st_magn: Fix enable device after trigger
lib/test_kmod.c: fix rmmod double free
mm: use swp_offset as key in shmem_replace_page()
Drivers: hv: vmbus: check the creation_status in vmbus_establish_gpadl()
misc: mic/scif: fix copy-paste error in scif_create_remote_lookup
binder: fix race that allows malicious free of live buffer
libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
libceph: check authorizer reply/challenge length before reading
f2fs: fix missing up_read
Linux 4.14.86
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
This reverts commit e87efc44dd36ba3db59847c418354711ebad779b which was
upstream commit 4ec7cece87b3ed21ffcd407c62fb2f151a366bc1.
From Dietmar May's report on the stable mailing list
(https://www.spinics.net/lists/stable/msg272201.html):
> I've run into some problems which appear due to (a) recent patch(es) on
> the wlcore wifi driver.
>
> 4.4.160 - commit 3fdd34643ffc378b5924941fad40352c04610294
> 4.9.131 - commit afeeecc764436f31d4447575bb9007732333818c
>
> Earlier versions (4.9.130 and 4.4.159 - tested back to 4.4.49) do not
> exhibit this problem. It is still present in 4.9.141.
>
> master as of 4.20.0-rc4 does not exhibit this problem.
>
> Basically, during client association when in AP mode (running hostapd),
> handshake may or may not complete following a noticeable delay. If
> successful, then the driver fails consistently in warn_slowpath_null
> during disassociation. If unsuccessful, the wifi client attempts multiple
> times, sometimes failing repeatedly. I've had clients unable to connect
> for 3-5 minutes during testing, with the syslog filled with dozens of
> backtraces. syslog details are below.
>
> I'm working on an embedded device with a TI 3352 ARM processor and a
> murata wl1271 module in sdio mode. We're running a fully patched ubuntu
> 18.04 ARM build, with a kernel built from kernel.org's stable/linux repo <https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.9.y&id=afeeecc764436f31d4447575bb9007732333818c>.
> Relevant parts of the kernel config are included below.
>
> The commit message states:
>
> > /I've only seen this few times with the runtime PM patches enabled so
> > this one is probably not needed before that. This seems to work
> > currently based on the current PM implementation timer. Let's apply
> > this separately though in case others are hitting this issue./
> We're not doing anything explicit with power management. The device is an
> IoT edge gateway with battery backup, normally running on wall power. The
> battery is currently used solely to shut down the system cleanly to avoid
> filesystem corruption.
>
> The device tree is configured to keep power in suspend; but the device
> should never suspend, so in our case, there is no need to call
> wl1271_ps_elp_wakeup() or wl1271_ps_elp_sleep(), as occurs in the patch.
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
commit b5a8ffcae4103a9d823ea3aa3a761f65779fbe2a upstream.
Add a length check in wmi_set_ie to detect unsigned integer
overflow.
Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
Signed-off-by: Maya Erez <qca_merez@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
Changes in 4.14.85
efi/libstub: arm: support building with clang
ARM: 8766/1: drop no-thumb-interwork in EABI mode
ARM: 8767/1: add support for building ARM kernel with clang
bus: arm-cci: remove unnecessary unreachable()
ARM: trusted_foundations: do not use naked function
usb: core: Fix hub port connection events lost
usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers
usb: dwc3: gadget: Properly check last unaligned/zero chain TRB
usb: dwc3: core: Clean up ULPI device
xhci: Add check for invalid byte size error when UAS devices are connected.
usb: xhci: fix timeout for transition from RExit to U0
ALSA: oss: Use kvzalloc() for local buffer allocations
MAINTAINERS: Add Sasha as a stable branch maintainer
mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL
gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path
iwlwifi: mvm: support sta_statistics() even on older firmware
iwlwifi: mvm: fix regulatory domain update when the firmware starts
iwlwifi: mvm: don't use SAR Geo if basic SAR is not used
brcmfmac: fix reporting support for 160 MHz channels
tools/power/cpupower: fix compilation with STATIC=true
v9fs_dir_readdir: fix double-free on p9stat_read error
selinux: Add __GFP_NOWARN to allocation at str_read()
Input: synaptics - avoid using uninitialized variable when probing
bfs: add sanity check at bfs_fill_super()
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
llc: do not use sk_eat_skb()
mm: don't warn about large allocations for slab
mm/memory.c: recheck page table entry with page table lock held
tcp: do not release socket ownership in tcp_close()
IB/core: Perform modify QP on real one
usb: xhci: Prevent bus suspend if a port connect change or polling state is detected
drm/ast: change resolution may cause screen blurred
drm/ast: fixed cursor may disappear sometimes
drm/ast: Remove existing framebuffers before loading driver
can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb()
can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length
can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds
can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb
can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions
can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail()
can: raw: check for CAN FD capable netdev in raw_sendmsg()
can: hi311x: Use level-triggered interrupt
IB/hfi1: Eliminate races in the SDMA send error path
pinctrl: meson: fix pinconf bias disable
KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE
cpufreq: imx6q: add return value check for voltage scale
rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write
crypto: simd - correctly take reqsize of wrapped skcipher into account
floppy: fix race condition in __floppy_read_block_0()
powerpc/io: Fix the IO workarounds code to work with Radix
perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs
SUNRPC: Fix a bogus get/put in generic_key_to_expire()
kdb: Use strscpy with destination buffer size
powerpc/numa: Suppress "VPHN is not supported" messages
efi/arm: Revert deferred unmap of early memmap mapping
z3fold: fix possible reclaim races
tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset
mm, page_alloc: check for max order in hot path
of: add helper to lookup compatible child node
NFC: nfcmrvl_uart: fix OF child-node lookup
net: bcmgenet: fix OF child-node lookup
drm/mediatek: fix OF sibling-node lookup
power: supply: twl4030-charger: fix OF sibling-node lookup
arm64: remove no-op -p linker flag
xhci: Allow more than 32 quirks
xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc
mtd: rawnand: atmel: fix OF child-node lookup
ubi: fastmap: Check each mapping only once
Input: xpad - add PDP device id 0x02a4
Input: xpad - fix some coding style issues
Input: xpad - avoid using __set_bit() for capabilities
Input: xpad - add support for Xbox1 PDP Camo series gamepad
iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE
kbuild: allow to use GCC toolchain not in Clang search path
PCI: endpoint: Populate func_no before calling pci_epc_add_epf()
net/mlx4_core: Fix wrong calculation of free counters
i40iw: Fix memory leak in error path of create QP
rtc: omap: fix error path when pinctrl_register fails
clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices
ARM: dts: exynos: Fix invalid node referenced by i2c20 alias in Peach Pit and Pi
driver core: Move device_links_purge() after bus_remove_device()
include/linux/pfn_t.h: force '~' to be parsed as an unary operator
tty: wipe buffer.
tty: wipe buffer if not echoing data
usb: xhci: fix uninitialized completion when USB3 port got wrong status
namei: allow restricted O_CREAT of FIFOs and regular files
lan78xx: Read MAC address from DT if present
s390/mm: Check for valid vma before zapping in gmap_discard
rcu: Make need_resched() respond to urgent RCU-QS needs
net: ieee802154: 6lowpan: fix frag reassembly
ima: always measure and audit files in policy
EVM: Add support for portable signature format
ima: re-introduce own integrity cache lock
ima: re-initialize iint->atomic_flags
Linux 4.14.85
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 66e839030fd698586734e017fd55c4f2a89dba0b upstream.
From coreboot/BIOS:
Name ("WGDS", Package() {
Revision,
Package() {
DomainType, // 0x7:WiFi ==> We miss this one.
WgdsWiFiSarDeltaGroup1PowerMax1, // Group 1 FCC 2400 Max
WgdsWiFiSarDeltaGroup1PowerChainA1, // Group 1 FCC 2400 A Offset
WgdsWiFiSarDeltaGroup1PowerChainB1, // Group 1 FCC 2400 B Offset
WgdsWiFiSarDeltaGroup1PowerMax2, // Group 1 FCC 5200 Max
WgdsWiFiSarDeltaGroup1PowerChainA2, // Group 1 FCC 5200 A Offset
WgdsWiFiSarDeltaGroup1PowerChainB2, // Group 1 FCC 5200 B Offset
WgdsWiFiSarDeltaGroup2PowerMax1, // Group 2 EC Jap 2400 Max
WgdsWiFiSarDeltaGroup2PowerChainA1, // Group 2 EC Jap 2400 A Offset
WgdsWiFiSarDeltaGroup2PowerChainB1, // Group 2 EC Jap 2400 B Offset
WgdsWiFiSarDeltaGroup2PowerMax2, // Group 2 EC Jap 5200 Max
WgdsWiFiSarDeltaGroup2PowerChainA2, // Group 2 EC Jap 5200 A Offset
WgdsWiFiSarDeltaGroup2PowerChainB2, // Group 2 EC Jap 5200 B Offset
WgdsWiFiSarDeltaGroup3PowerMax1, // Group 3 ROW 2400 Max
WgdsWiFiSarDeltaGroup3PowerChainA1, // Group 3 ROW 2400 A Offset
WgdsWiFiSarDeltaGroup3PowerChainB1, // Group 3 ROW 2400 B Offset
WgdsWiFiSarDeltaGroup3PowerMax2, // Group 3 ROW 5200 Max
WgdsWiFiSarDeltaGroup3PowerChainA2, // Group 3 ROW 5200 A Offset
WgdsWiFiSarDeltaGroup3PowerChainB2, // Group 3 ROW 5200 B Offset
}
})
When read the ACPI data to find out the WGDS, the DATA_SIZE is never
matched.
From the above format, it gives 19 numbers, but our driver is hardcode
as 18.
Fix it to pass then can parse the data into our wgds table.
Then we will see:
iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init Sending GEO_TX_POWER_LIMIT
iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[0]
Band[0]: chain A = 68 chain B = 69 max_tx_power = 54
iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[0]
Band[1]: chain A = 48 chain B = 49 max_tx_power = 70
iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[1]
Band[0]: chain A = 51 chain B = 67 max_tx_power = 50
iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[1]
Band[1]: chain A = 69 chain B = 70 max_tx_power = 68
iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[2]
Band[0]: chain A = 49 chain B = 50 max_tx_power = 48
iwlwifi 0000:01:00.0: U iwl_mvm_sar_geo_init SAR geographic profile[2]
Band[1]: chain A = 52 chain B = 53 max_tx_power = 51
Cc: stable@vger.kernel.org # 4.12+
Fixes: a6bff3cb19b7 ("iwlwifi: mvm: add GEO_TX_POWER_LIMIT cmd for geographic tx power table")
Signed-off-by: Matt Chen <matt.chen@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit d1fe6ad6f6bd61c84788d3a7b11e459a439c6169 upstream.
Driver can report IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ so it's
important to provide valid & complete info about supported bands for
each channel. By default no support for 160 MHz should be assumed unless
firmware reports it for a given channel later.
This fixes info passed to the userspace. Without that change userspace
could try to use invalid channel and fail to start an interface.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Cc: stable@vger.kernel.org
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 5d041c46ccb9b48acc110e214beff5e2789311df upstream.
We can't use SAR Geo if basic SAR is not enabled, since the SAR Geo
tables define offsets in relation to the basic SAR table in use.
To fix this, make iwl_mvm_sar_init() return one in case WRDS is not
available, so we can skip reading WGDS entirely.
Fixes: a6bff3cb19b7 ("iwlwifi: mvm: add GEO_TX_POWER_LIMIT cmd for geographic tx power table")
Cc: stable@vger.kernel.org # 4.12+
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 82715ac71e6b94a2c2136e31f3a8e6748e33aa8c upstream.
When the firmware starts, it doesn't have any regulatory
information, hence it uses the world wide limitations. The
driver can feed the firmware with previous knowledge that
was kept in the driver, but the firmware may still not
update its internal tables.
This happens when we start a BSS interface, and then the
firmware can change the regulatory tables based on our
location and it'll use more lenient, location specific
rules. Then, if the firmware is shut down (when the
interface is brought down), and then an AP interface is
created, the firmware will forget the country specific
rules.
The host will think that we are in a certain country that
may allow channels and will try to teach the firmware about
our location, but the firmware may still not allow to drop
the world wide limitations and apply country specific rules
because it was just re-started.
In this case, the firmware will reply with MCC_RESP_ILLEGAL
to the MCC_UPDATE_CMD. In that case, iwlwifi needs to let
the upper layers (cfg80211 / hostapd) know that the channel
list they know about has been updated.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=201105
Cc: stable@vger.kernel.org
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit ec484d03ef0df8d34086b95710e355a259cbe1f2 upstream.
The oldest firmware supported by iwlmvm do support getting
the average beacon RSSI. Enable the sta_statistics() call
from mac80211 even on older firmware versions.
Fixes: 33cef9256342 ("iwlwifi: mvm: support beacon statistics for BSS client")
Cc: stable@vger.kernel.org # 4.2+
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.14.81
mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB
spi: bcm-qspi: switch back to reading flash using smaller chunks
bcache: trace missed reading by cache_missed
bcache: fix miss key refill->end in writeback
hwmon: (pmbus) Fix page count auto-detection.
jffs2: free jffs2_sb_info through jffs2_kill_sb()
cpufreq: conservative: Take limits changes into account properly
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
ipmi: Fix timer race with module unload
parisc: Fix address in HPMC IVA
parisc: Fix map_pages() to not overwrite existing pte entries
parisc: Fix exported address of os_hpmc handler
ALSA: hda - Add quirk for ASUS G751 laptop
ALSA: hda - Fix headphone pin config for ASUS G751
ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/xen: Fix boot loader version reported for PVH guests
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
x86/mm/pat: Disable preemption around __flush_tlb_all()
x86/speculation: Support Enhanced IBRS on future CPUs
ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen
bpf: do not blindly change rlimit in reuseport net selftest
Revert "perf tools: Fix PMU term format max value calculation"
xfrm: policy: use hlist rcu variants on insert
perf vendor events intel: Fix wrong filter_band* values for uncore events
sparc: Fix single-pcr perf event counter management.
sparc: Throttle perf events properly.
sparc64: Make proc_id signed.
sched/fair: Fix the min_vruntime update logic in dequeue_entity()
perf tools: Fix use of alternatives to find JDIR
perf cpu_map: Align cpu map synthesized events properly.
x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
net: qla3xxx: Remove overflowing shift statement
selftests: ftrace: Add synthetic event syntax testcase
i2c: rcar: cleanup DMA for all kinds of failure
locking/lockdep: Fix debug_locks off performance problem
ataflop: fix error handling during setup
swim: fix cleanup on setup error
nfp: devlink port split support for 1x100G CXP NIC
tun: Consistently configure generic netdev params via rtnetlink
s390/sthyi: Fix machine name validity indication
hwmon: (pwm-fan) Set fan speed to 0 on suspend
lightnvm: pblk: fix two sleep-in-atomic-context bugs
spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare}
perf tools: Free temporary 'sys' string in read_event_files()
perf tools: Cleanup trace-event-info 'tdata' leak
perf strbuf: Match va_{add,copy} with va_end
cpupower: Fix coredump on VMWare
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
iwlwifi: pcie: avoid empty free RB queue
iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
ACPI / processor: Fix the return value of acpi_processor_ids_walk()
cpufreq: dt: Try freeing static OPPs only if we have added them
mtd: rawnand: atmel: Fix potential NULL pointer dereference
signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
x86: boot: Fix EFI stub alignment
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
brcmfmac: fix for proper support of 160MHz bandwidth
net: phy: phylink: ensure the carrier is off when starting phylink
block, bfq: correctly charge and reset entity service in all cases
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
pinctrl: qcom: spmi-mpp: Fix drive strength setting
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
net: dsa: mv88e6xxx: Fix writing to a PHY page.
iwlwifi: mvm: fix BAR seq ctrl reporting
ixgbevf: VF2VF TCP RSS
ath10k: schedule hardware restart if WMI command times out
thermal: da9062/61: Prevent hardware access during system suspend
cgroup, netclassid: add a preemption point to write_classid
scsi: esp_scsi: Track residual for PIO transfers
UAPI: ndctl: Fix g++-unsupported initialisation in headers
KVM: nVMX: Clear reserved bits of #DB exit qualification
scsi: megaraid_sas: fix a missing-check bug
RDMA/core: Do not expose unsupported counters
IB/ipoib: Clear IPCB before icmp_send
RDMA/bnxt_re: Fix recursive lock warning in debug kernel
usb: host: ohci-at91: fix request of irq for optional gpio
PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask
VMCI: Resource wildcard match fixed
PCI / ACPI: Enable wake automatically for power managed bridges
usb: gadget: udc: atmel: handle at91sam9rl PMC
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
MD: fix invalid stored role for a disk
f2fs: fix to recover inode's i_flags during POR
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
coresight: etb10: Fix handling of perf mode
PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode
crypto: caam - fix implicit casts in endianness helpers
usb: chipidea: Prevent unbalanced IRQ disable
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
uio: ensure class is registered before devices
scsi: lpfc: Correct soft lockup when running mds diagnostics
scsi: lpfc: Correct race with abort on completion path
f2fs: report error if quota off error during umount
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
mfd: menelaus: Fix possible race condition and leak
dmaengine: dma-jz4780: Return error if not probed from DT
IB/rxe: fix for duplicate request processing and ack psns
ALSA: hda: Check the non-cached stream buffers more explicitly
cpupower: Fix AMD Family 0x17 msr_pstate size
Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
f2fs: fix to account IO correctly
ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
arm: dts: exynos: Add missing cooling device properties for CPUs
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
xen-swiotlb: use actually allocated size on check physical continuous
tpm: Restore functionality to xen vtpm driver.
xen/blkfront: avoid NULL blkfront_info dereference on device removal
xen/balloon: Support xend-based toolstack
xen: fix race in xen_qlock_wait()
xen: make xen_qlock_wait() nestable
xen/pvh: increase early stack size
xen/pvh: don't try to unplug emulated devices
libertas: don't set URB_ZERO_PACKET on IN USB transfer
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
net/ipv4: defensive cipso option parsing
dmaengine: ppc4xx: fix off-by-one build failure
dmaengine: stm32-dma: fix incomplete configuration in cyclic mode
libnvdimm: Hold reference on parent while scheduling async init
libnvdimm, region: Fail badblocks listing for inactive regions
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
IB/mlx5: Fix MR cache initialization
jbd2: fix use after free in jbd2_log_do_checkpoint()
gfs2_meta: ->mount() can get NULL dev_name
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
ext4: fix setattr project check in fssetxattr ioctl
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
ext4: fix use-after-free race in ext4_remount()'s error path
HID: hiddev: fix potential Spectre v1
EDAC, amd64: Add Family 17h, models 10h-2fh support
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
EDAC, skx_edac: Fix logical channel intermediate decoding
ARM: dts: dra7: Fix up unaligned access setting for PCIe EP
PCI/ASPM: Fix link_state teardown on device removal
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
PCI: vmd: White list for fast interrupt handlers
signal/GenWQE: Fix sending of SIGKILL
signal: Guard against negative signal numbers in copy_siginfo_from_user32
crypto: lrw - Fix out-of bounds access on counter overflow
crypto: tcrypt - fix ghash-generic speed test
mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
ima: fix showing large 'violations' or 'runtime_measurements_count'
hugetlbfs: dirty pages as they are added to pagecache
mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
KVM: arm64: Fix caching of host MDCR_EL2 value
kbuild: fix kernel/bounds.c 'W=1' warning
iio: ad5064: Fix regulator handling
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: at91: fix wrong channel number in triggered buffer mode
w1: omap-hdq: fix missing bus unregister at removal
smb3: allow stats which track session and share reconnects to be reset
smb3: do not attempt cifs operation in smb3 query info error path
smb3: on kerberos mount if server doesn't specify auth type use krb5
printk: Fix panic caused by passing log_buf_len to command line
genirq: Fix race on spurious interrupt detection
NFSv4.1: Fix the r/wsize checking
nfs: Fix a missed page unlock after pg_doio()
nfsd: Fix an Oops in free_session()
lockd: fix access beyond unterminated strings in prints
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
dm zoned: fix metadata block ref counting
dm zoned: fix various dmz_get_mblock() issues
powerpc/msi: Fix compile error on mpc83xx
MIPS: OCTEON: fix out of bounds array access on CN68XX
iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
TC: Set DMA masks for devices
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
kgdboc: Passing ekgdboc to command line causes panic
xen: fix xen_qlock_wait()
xen-blkfront: fix kernel panic with negotiate_mq error path
media: em28xx: use a default format if TRY_FMT fails
media: tvp5150: avoid going past array on v4l2_querymenu()
media: em28xx: fix input name for Terratec AV 350
media: em28xx: make v4l2-compliance happier by starting sequence on zero
media: media colorspaces*.rst: rename AdobeRGB to opRGB
arm64: lse: remove -fcall-used-x0 flag
rpmsg: smd: fix memory leak on channel create
Cramfs: fix abad comparison when wrap-arounds occur
ARM: dts: socfpga: Fix SDRAM node address for Arria10
arm64: dts: stratix10: Correct System Manager register size
soc/tegra: pmc: Fix child-node lookup
selftests/powerpc: Fix ptrace tm failure
btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled
btrfs: Handle owner mismatch gracefully when walking up tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: fix error handling in free_log_tree
btrfs: Enhance btrfs_trim_fs function to handle error better
btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: don't attempt to trim devices that don't support it
btrfs: wait on caching when putting the bg cache
btrfs: protect space cache inode alloc with GFP_NOFS
btrfs: reset max_extent_size on clear in a bitmap
btrfs: make sure we create all new block groups
Btrfs: fix warning when replaying log after fsync of a tmpfile
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix null pointer dereference on compressed write path error
Btrfs: fix assertion on fsync of regular file when using no-holes feature
btrfs: set max_extent_size properly
btrfs: don't use ctl->free_space for max_extent_size
btrfs: only free reserved extent if we didn't insert it
btrfs: don't run delayed_iputs in commit
btrfs: move the dio_sem higher up the callchain
Btrfs: fix use-after-free during inode eviction
Btrfs: fix use-after-free when dumping free space
Btrfs: fix fsync after hole punching when using no-holes feature
net: sched: Remove TCA_OPTIONS from policy
bpf: wait for running BPF programs when updating map-in-map
MD: fix invalid stored role for a disk - try2
Linux 4.14.81
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit 3d71c3f1f50cf309bd20659422af549bc784bfff upstream.
The rs_rate_from_ucode_rate() function may return -EINVAL if the rate
is invalid, but none of the callsites check for the error, potentially
making us access arrays with index IWL_RATE_INVALID, which is larger
than the arrays, causing an out-of-bounds access. This will trigger
KASAN warnings, such as the one reported in the bugzilla issue
mentioned below.
This fixes https://bugzilla.kernel.org/show_bug.cgi?id=200659
Cc: stable@vger.kernel.org
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 6528d88047801b80d2a5370ad46fb6eff2f509e0 upstream.
The USB core gets rightfully upset:
usb 1-1: BOGUS urb flags, 240 --> 200
WARNING: CPU: 0 PID: 60 at drivers/usb/core/urb.c:503 usb_submit_urb+0x2f8/0x3ed
Modules linked in:
CPU: 0 PID: 60 Comm: kworker/0:3 Not tainted 4.19.0-rc6-00319-g5206d00a45c7 #39
Hardware name: OLPC XO/XO, BIOS OLPC Ver 1.00.01 06/11/2014
Workqueue: events request_firmware_work_func
EIP: usb_submit_urb+0x2f8/0x3ed
Code: 75 06 8b 8f 80 00 00 00 8d 47 78 89 4d e4 89 55 e8 e8 35 1c f6 ff 8b 55 e8 56 52 8b 4d e4 51 50 68 e3 ce c7 c0 e8 ed 18 c6 ff <0f> 0b 83 c4 14 80 7d ef 01 74 0a 80 7d ef 03 0f 85 b8 00 00 00 8b
EAX: 00000025 EBX: ce7d4980 ECX: 00000000 EDX: 00000001
ESI: 00000200 EDI: ce7d8800 EBP: ce7f5ea8 ESP: ce7f5e70
DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00210292
CR0: 80050033 CR2: 00000000 CR3: 00e80000 CR4: 00000090
Call Trace:
? if_usb_fw_timeo+0x64/0x64
__if_usb_submit_rx_urb+0x85/0xe6
? if_usb_fw_timeo+0x64/0x64
if_usb_submit_rx_urb_fwload+0xd/0xf
if_usb_prog_firmware+0xc0/0x3db
? _request_firmware+0x54/0x47b
? _request_firmware+0x89/0x47b
? if_usb_probe+0x412/0x412
lbs_fw_loaded+0x55/0xa6
? debug_smp_processor_id+0x12/0x14
helper_firmware_cb+0x3c/0x3f
request_firmware_work_func+0x37/0x6f
process_one_work+0x164/0x25a
worker_thread+0x1c4/0x284
kthread+0xec/0xf1
? cancel_delayed_work_sync+0xf/0xf
? kthread_create_on_node+0x1a/0x1a
ret_from_fork+0x2e/0x38
---[ end trace 3ef1e3b2dd53852f ]---
Cc: stable@vger.kernel.org
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit a9911937e7d332761e8c4fcbc7ba0426bdc3956f ]
When running in AP mode, ath10k sometimes suffers from TX credit
starvation. The issue is hard to reproduce and shows up once in a
few days, but has been repeatedly seen with QCA9882 and a large
range of firmwares, including 10.2.4.70.67.
Once the module is in this state, TX credits are never replenished,
which results in "SWBA overrun" errors, as no beacons can be sent.
Even worse, WMI commands run in a timeout while holding the conf
mutex for three seconds each, making any further operations slow
and the whole system unresponsive.
The firmware/driver never recovers from that state automatically,
and triggering TX flush or warm restarts won't work over WMI. So
issue a hardware restart if a WMI command times out due to missing
TX credits. This implies a connectivity outage of about 1.4s in AP
mode, but brings back the interface and the whole system to a usable
state. WMI command timeouts have not been seen in absent of this
specific issue, so taking such drastic actions seems legitimate.
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 941ab4eb66c10bc5c7234e83a7a858b2806ed151 ]
There is a bug in FW where the sequence control may be
incorrect, and the driver overrides it with the value
of the ieee80211 header.
However, in BAR there is no sequence control in the header,
which result with arbitrary sequence.
This access to an unknown location is bad and it makes the
logs very confusing - so fix it.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 330994e8e8ec5d0b269a5265e6032b37e29aa336 ]
Decoding of firmware channel information was not complete for 160MHz
support. This resulted in the following warning:
WARNING: CPU: 2 PID: 2222 at .../broadcom/brcm80211/brcmutil/d11.c:196
brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil]
Modules linked in: brcmfmac(O) brcmutil(O) sha256_generic cfg80211 ...
CPU: 2 PID: 2222 Comm: kworker/2:0 Tainted: G O
4.17.0-wt-testing-x64-00002-gf1bed50 #1
Hardware name: Dell Inc. Latitude E6410/07XJP9, BIOS A07 02/15/2011
Workqueue: events request_firmware_work_func
RIP: 0010:brcmu_d11ac_decchspec+0x2e/0x100 [brcmutil]
RSP: 0018:ffffc90000047bd0 EFLAGS: 00010206
RAX: 000000000000e832 RBX: ffff8801146fe910 RCX: ffff8801146fd3c0
RDX: 0000000000002800 RSI: 0000000000000070 RDI: ffffc90000047c30
RBP: ffffc90000047bd0 R08: 0000000000000000 R09: ffffffffa0798c80
R10: ffff88012bca55e0 R11: ffff880110a4ea00 R12: ffff8801146f8000
R13: ffffc90000047c30 R14: ffff8801146fe930 R15: ffff8801138e02e0
FS: 0000000000000000(0000) GS:ffff88012bc80000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f18ce8b8070 CR3: 000000000200a003 CR4: 00000000000206e0
Call Trace:
brcmf_setup_wiphybands+0x212/0x780 [brcmfmac]
brcmf_cfg80211_attach+0xae2/0x11a0 [brcmfmac]
brcmf_attach+0x1fc/0x4b0 [brcmfmac]
? __kmalloc+0x13c/0x1c0
brcmf_pcie_setup+0x99b/0xe00 [brcmfmac]
brcmf_fw_request_done+0x16a/0x1f0 [brcmfmac]
request_firmware_work_func+0x36/0x60
process_one_work+0x146/0x350
worker_thread+0x4a/0x3b0
kthread+0x102/0x140
? process_one_work+0x350/0x350
? kthread_bind+0x20/0x20
ret_from_fork+0x35/0x40
Code: 66 90 0f b7 07 55 48 89 e5 89 c2 88 47 02 88 47 03 66 81 e2 00 38
66 81 fa 00 18 74 6e 66 81 fa 00 20 74 39 66 81 fa 00 10 74 14 <0f>
0b 66 25 00 c0 74 20 66 3d 00 c0 75 20 c6 47 04 01 5d c3 66
---[ end trace 550c46682415b26d ]---
brcmfmac: brcmf_construct_chaninfo: Ignoring unexpected firmware channel 50
This patch adds the missing stuff to properly handle this.
Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
Reviewed-by: Franky Lin <franky.lin@broadcom.com>
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 155f7e0441cd121b1e673d465a35e99f4b9b2f0b ]
Fix a bug that happens in the following scenario:
1) suspend without WoWLAN
2) mac80211 calls drv_stop because of the suspend
3) __iwl_mvm_mac_stop deallocates the aux station
4) during drv_stop the firmware crashes
5) iwlmvm:
* sets IWL_MVM_STATUS_HW_RESTART_REQUESTED
* asks mac80211 to kick the restart flow
6) mac80211 puts the restart worker into a freezable
queue which means that the worker will not run for now
since the workqueue is already frozen
7) ...
8) resume
9) mac80211 runs ieee80211_reconfig as part of the resume
10) mac80211 detects that a restart flow has been requested
and that we are now resuming from suspend and cancels
the restart worker
11) mac80211 calls drv_start()
12) __iwl_mvm_mac_start checks that IWL_MVM_STATUS_HW_RESTART_REQUESTED
clears it, sets IWL_MVM_STATUS_IN_HW_RESTART and calls
iwl_mvm_restart_cleanup()
13) iwl_fw_error_dump gets called and accesses the device
to get debug data
14) iwl_mvm_up adds the aux station
15) iwl_mvm_add_aux_sta() allocates an internal station for
the aux station
16) iwl_mvm_allocate_int_sta() tests IWL_MVM_STATUS_IN_HW_RESTART
and doesn't really allocate a station ID for the aux
station
17) a new queue is added for the aux station
Note that steps from 5 to 9 aren't really part of the
problem but were described for the sake of completeness.
Once the iwl_mvm_mac_stop() is called, the device is not
accessible, meaning that step 12) can't succeed and we'll
see the following:
drivers/net/wireless/intel/iwlwifi/pcie/trans.c:2122 iwl_trans_pcie_grab_nic_access+0xc0/0x1d6 [iwlwifi]()
Timeout waiting for hardware access (CSR_GP_CNTRL 0x080403d8)
Call Trace:
[<ffffffffc03e6ad3>] iwl_trans_pcie_grab_nic_access+0xc0/0x1d6 [iwlwifi]
[<ffffffffc03e6a13>] iwl_trans_pcie_dump_regs+0x3fd/0x3fd [iwlwifi]
[<ffffffffc03dad42>] iwl_fw_error_dump+0x4f5/0xe8b [iwlwifi]
[<ffffffffc04bd43e>] __iwl_mvm_mac_start+0x5a/0x21a [iwlmvm]
[<ffffffffc04bd6d2>] iwl_mvm_mac_start+0xd4/0x103 [iwlmvm]
[<ffffffffc042d378>] drv_start+0xa1/0xc5 [iwl7000_mac80211]
[<ffffffffc045a339>] ieee80211_reconfig+0x145/0xf50 [mac80211]
[<ffffffffc044788b>] ieee80211_resume+0x62/0x66 [mac80211]
[<ffffffffc0366c5b>] wiphy_resume+0xa9/0xc6 [cfg80211]
The station id of the aux station is set to 0xff in step 3
and because we don't really allocate a new station id for
the auxliary station (as explained in 16), we end up sending
a command to the firmware asking to connect the queue
to station id 0xff. This makes the firmware crash with the
following information:
0x00002093 | ADVANCED_SYSASSERT
0x000002F0 | trm_hw_status0
0x00000000 | trm_hw_status1
0x00000B38 | branchlink2
0x0001978C | interruptlink1
0x00000000 | interruptlink2
0xFF080501 | data1
0xDEADBEEF | data2
0xDEADBEEF | data3
Firmware error during reconfiguration - reprobe!
FW error in SYNC CMD SCD_QUEUE_CFG
Fix this by clearing IWL_MVM_STATUS_HW_RESTART_REQUESTED
in iwl_mvm_mac_stop(). We won't be able to collect debug
data anyway and when we will brought up again, we will
have a clean state from the firmware perspective.
Since we won't have IWL_MVM_STATUS_IN_HW_RESTART set in
step 12) we won't get to the 2093 ASSERT either.
Fixes: bf8b286f86fc ("iwlwifi: mvm: defer setting IWL_MVM_STATUS_IN_HW_RESTART")
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 868a1e863f95183f00809363fefba6d4f5bcd116 ]
If all free RB queues are empty, the driver will never restock the
free RB queue. That's because the restocking happens in the Rx flow,
and if the free queue is empty there will be no Rx.
Although there's a background worker (a.k.a. allocator) allocating
memory for RBs so that the Rx handler can restock them, the worker may
run only after the free queue has become empty (and then it is too
late for restocking as explained above).
There is a solution for that called 'emergency': If the number of used
RB's reaches half the amount of all RB's, the Rx handler will not wait
for the allocator but immediately allocate memory for the used RB's
and restock the free queue.
But, since the used RB's is per queue, it may happen that the used
RB's are spread between the queues such that the emergency check will
fail for each of the queues
(and still run out of RBs, causing the above symptom).
To fix it, move to emergency mode if the sum of *all* used RBs (for
all Rx queues) reaches half the amount of all RB's
Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.14.79
xfrm: Validate address prefix lengths in the xfrm selector.
xfrm6: call kfree_skb when skb is toobig
xfrm: reset transport header back to network header after all input transforms ahave been applied
xfrm: reset crypto_done when iterating over multiple input xfrms
mac80211: Always report TX status
cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
mac80211: fix pending queue hang due to TX_DROP
cfg80211: Address some corner cases in scan result channel updating
mac80211: TDLS: fix skb queue/priority assignment
mac80211: fix TX status reporting for ieee80211s
xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
ARM: 8799/1: mm: fix pci_ioremap_io() offset check
xfrm: validate template mode
netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev
arm64: hugetlb: Fix handling of young ptes
ARM: dts: BCM63xx: Fix incorrect interrupt specifiers
net: macb: Clean 64b dma addresses if they are not detected
soc: fsl: qbman: qman: avoid allocating from non existing gen_pool
soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift()
nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
mac80211_hwsim: do not omit multicast announce of first added radio
Bluetooth: SMP: fix crash in unpairing
pxa168fb: prepare the clock
qed: Avoid implicit enum conversion in qed_set_tunn_cls_info
qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv
qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor
qed: Avoid constant logical operation warning in qed_vf_pf_acquire
qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt
nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
asix: Check for supported Wake-on-LAN modes
ax88179_178a: Check for supported Wake-on-LAN modes
lan78xx: Check for supported Wake-on-LAN modes
sr9800: Check for supported Wake-on-LAN modes
r8152: Check for supported Wake-on-LAN Modes
smsc75xx: Check for Wake-on-LAN modes
smsc95xx: Check for Wake-on-LAN modes
cfg80211: fix use-after-free in reg_process_hint()
perf/core: Fix perf_pmu_unregister() locking
perf/ring_buffer: Prevent concurent ring buffer access
perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX
perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events
net: fec: fix rare tx timeout
declance: Fix continuation with the adapter identification message
net: qualcomm: rmnet: Skip processing loopback packets
locking/ww_mutex: Fix runtime warning in the WW mutex selftest
be2net: don't flip hw_features when VXLANs are added/deleted
net: cxgb3_main: fix a missing-check bug
yam: fix a missing-check bug
ocfs2: fix crash in ocfs2_duplicate_clusters_by_page()
iwlwifi: mvm: check for short GI only for OFDM
iwlwifi: dbg: allow wrt collection before ALIVE
iwlwifi: fix the ALIVE notification layout
tools/testing/nvdimm: unit test clear-error commands
usbip: vhci_hcd: update 'status' file header and format
scsi: aacraid: address UBSAN warning regression
IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush
IB/rxe: put the pool on allocation failure
s390/qeth: fix error handling in adapter command callbacks
net/mlx5: Fix mlx5_get_vector_affinity function
powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n
dm integrity: fail early if required HMAC key is not available
net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b
net: phy: Add general dummy stubs for MMD register access
net/mlx5e: Refine ets validation function
scsi: qla2xxx: Avoid double completion of abort command
kbuild: set no-integrated-as before incl. arch Makefile
IB/mlx5: Avoid passing an invalid QP type to firmware
ARM: tegra: Fix ULPI regression on Tegra20
l2tp: remove configurable payload offset
cifs: Use ULL suffix for 64-bit constant
test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches
KVM: x86: Update the exit_qualification access bits while walking an address
sparc64: Fix regression in pmdp_invalidate().
tpm: move the delay_msec increment after sleep in tpm_transmit()
bpf: sockmap, map_release does not hold refcnt for pinned maps
tpm: tpm_crb: relinquish locality on error path.
xen-netfront: Update features after registering netdev
xen-netfront: Fix mismatched rtnl_unlock
IB/usnic: Update with bug fixes from core code
mmc: dw_mmc-rockchip: correct property names in debug
MIPS: Workaround GCC __builtin_unreachable reordering bug
lan78xx: Don't reset the interface on open
enic: do not overwrite error code
iio: buffer: fix the function signature to match implementation
selftests/powerpc: Add ptrace hw breakpoint test
scsi: ibmvfc: Avoid unnecessary port relogin
scsi: sd: Remember that READ CAPACITY(16) succeeded
btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf
net: phy: phylink: Don't release NULL GPIO
x86/paravirt: Fix some warning messages
net: stmmac: mark PM functions as __maybe_unused
kconfig: fix the rule of mainmenu_stmt symbol
libertas: call into generic suspend code before turning off power
perf tests: Fix indexing when invoking subtests
compiler.h: Allow arch-specific asm/compiler.h
ARM: dts: imx53-qsb: disable 1.2GHz OPP
perf python: Use -Wno-redundant-decls to build with PYTHON=python3
rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window()
rxrpc: Only take the rwind and mtu values from latest ACK
rxrpc: Fix connection-level abort handling
net: ena: fix warning in rmmod caused by double iounmap
net: ena: fix NULL dereference due to untimely napi initialization
selftests: rtnetlink.sh explicitly requires bash.
fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
sch_netem: restore skb->dev after dequeuing from the rbtree
mtd: spi-nor: Add support for is25wp series chips
kvm: x86: fix WARN due to uninitialized guest FPU state
ARM: dts: r8a7790: Correct critical CPU temperature
media: uvcvideo: Fix driver reference counting
ALSA: usx2y: Fix invalid stream URBs
Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing"
perf tools: Disable parallelism for 'make clean'
drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path
bridge: do not add port to router list when receives query with source 0.0.0.0
net: bridge: remove ipv6 zero address check in mcast queries
ipv6: mcast: fix a use-after-free in inet6_mc_check
ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
llc: set SOCK_RCU_FREE in llc_sap_add_socket()
net: fec: don't dump RX FIFO register when not available
net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
net: sched: gred: pass the right attribute to gred_change_table_def()
net: socket: fix a missing-check bug
net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
net: udp: fix handling of CHECKSUM_COMPLETE packets
r8169: fix NAPI handling under high load
sctp: fix race on sctp_id2asoc
udp6: fix encap return code for resubmitting
vhost: Fix Spectre V1 vulnerability
virtio_net: avoid using netif_tx_disable() for serializing tx routine
ethtool: fix a privilege escalation bug
bonding: fix length of actor system
ip6_tunnel: Fix encapsulation layout
openvswitch: Fix push/pop ethernet validation
net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type
net: sched: Fix for duplicate class dump
net: drop skb on failure in ip_check_defrag()
net: fix pskb_trim_rcsum_slow() with odd trim offset
net/mlx5e: fix csum adjustments caused by RXFCS
rtnetlink: Disallow FDB configuration for non-Ethernet device
net: ipmr: fix unresolved entry dumps
net: bcmgenet: Poll internal PHY for GENETv5
net/sched: cls_api: add missing validation of netlink attributes
net/mlx5: Fix build break when CONFIG_SMP=n
Linux 4.14.79
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
[ Upstream commit 4f666675cdff0b986195413215eb062b7da6586f ]
When powering down a SDIO connected card during suspend, make sure to call
into the generic lbs_suspend() function before pulling the plug. This will
make sure the card is successfully deregistered from the system to avoid
communication to the card starving out.
Fixes: 7444a8092906 ("libertas: fix suspend and resume for SDIO connected cards")
Signed-off-by: Daniel Mack <daniel@zonque.org>
Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org>
Acked-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 5cd2d8fc6c6bca979ac5dd8ad0e41153f1f982f9 ]
The ucode_major and ucode_minor were swapped. This has
no practical consequences since those fields are not used.
Same goes for umac_major and umac_minor which were only
printed under certain debug flags.
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit dfd4b08cf44f27587e2053e006e43a1603328006 ]
Even if no ALIVE was received, the WRT data can still
be collected. Add this.
Signed-off-by: Liad Kaufman <liad.kaufman@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 4c59ff5a9a9c54cc26c807dc2fa6933f7e9fa4ef ]
This bit will be used in CCK to indicate short preamble.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
[ Upstream commit 28ef8b49a338dc1844e86b7954cfffc7dfa2660a ]
The allocation of hwsim radio identifiers uses a post-increment from 0,
so the first radio has idx 0. This idx is explicitly excluded from
multicast announcements ever since, but it is unclear why.
Drop that idx check and announce the first radio as well. This makes
userspace happy if it relies on these events.
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
Changes in 4.14.76
perf/core: Add sanity check to deal with pinned event failure
mm: migration: fix migration of huge PMD shared pages
mm, thp: fix mlocking THP page with migration enabled
mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly
KVM: x86: fix L1TF's MMIO GFN calculation
blk-mq: I/O and timer unplugs are inverted in blktrace
clocksource/drivers/timer-atmel-pit: Properly handle error cases
fbdev/omapfb: fix omapfb_memory_read infoleak
xen-netback: fix input validation in xenvif_set_hash_mapping()
drm/amdgpu: Fix vce work queue was not cancelled when suspend
drm/syncobj: Don't leak fences when WAIT_FOR_SUBMIT is set
x86/vdso: Fix asm constraints on vDSO syscall fallbacks
selftests/x86: Add clock_gettime() tests to test_vdso
x86/vdso: Only enable vDSO retpolines when enabled and supported
x86/vdso: Fix vDSO syscall fallback asm constraint regression
PCI: Reprogram bridge prefetch registers on resume
mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
PM / core: Clear the direct_complete flag on errors
dm cache metadata: ignore hints array being too small during resize
dm cache: fix resize crash if user doesn't reload cache table
xhci: Add missing CAS workaround for Intel Sunrise Point xHCI
usb: xhci-mtk: resume USB3 roothub first
USB: serial: simple: add Motorola Tetra MTP6550 id
usb: cdc_acm: Do not leak URB buffers
tty: Drop tty->count on tty_reopen() failure
of: unittest: Disable interrupt node tests for old world MAC systems
perf annotate: Use asprintf when formatting objdump command line
perf tools: Fix python extension build for gcc 8
ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait
ath10k: fix kernel panic issue during pci probe
nvme_fc: fix ctrl create failures racing with workq items
powerpc/lib/code-patching: refactor patch_instruction()
powerpc: Avoid code patching freed init sections
powerpc/lib: fix book3s/32 boot failure due to code patching
ARC: clone syscall to setp r25 as thread pointer
crypto: chelsio - Fix memory corruption in DMA Mapped buffers.
perf utils: Move is_directory() to path.h
f2fs: fix invalid memory access
ucma: fix a use-after-free in ucma_resolve_ip()
ubifs: Check for name being NULL while mounting
rds: rds_ib_recv_alloc_cache() should call alloc_percpu_gfp() instead
virtio_balloon: fix deadlock on OOM
virtio_balloon: fix increment of vb->num_pfns in fill_balloon()
ath10k: fix scan crash due to incorrect length calculation
Linux 4.14.76
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
commit c8291988806407e02a01b4b15b4504eafbcc04e0 upstream.
Length of WMI scan message was not calculated correctly. The allocated
buffer was smaller than what we expected. So WMI message corrupted
skb_info, which is at the end of skb->data. This fix takes TLV header
into account even if the element is zero-length.
Crash log:
[49.629986] Unhandled kernel unaligned access[#1]:
[49.634932] CPU: 0 PID: 1176 Comm: logd Not tainted 4.4.60 #180
[49.641040] task: 83051460 ti: 8329c000 task.ti: 8329c000
[49.646608] $ 0 : 00000000 00000001 80984a80 00000000
[49.652038] $ 4 : 45259e89 8046d484 8046df30 8024ba70
[49.657468] $ 8 : 00000000 804cc4c0 00000001 20306320
[49.662898] $12 : 33322037 000110f2 00000000 31203930
[49.668327] $16 : 82792b40 80984a80 00000001 804207fc
[49.673757] $20 : 00000000 0000012c 00000040 80470000
[49.679186] $24 : 00000000 8024af7c
[49.684617] $28 : 8329c000 8329db88 00000001 802c58d0
[49.690046] Hi : 00000000
[49.693022] Lo : 453c0000
[49.696013] epc : 800efae4 put_page+0x0/0x58
[49.700615] ra : 802c58d0 skb_release_data+0x148/0x1d4
[49.706184] Status: 1000fc03 KERNEL EXL IE
[49.710531] Cause : 00800010 (ExcCode 04)
[49.714669] BadVA : 45259e89
[49.717644] PrId : 00019374 (MIPS 24Kc)
Signed-off-by: Zhi Chen <zhichen@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Cc: Brian Norris <briannorris@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 50e79e25250bf928369996277e85b00536b380c7 upstream.
If device gone during chip reset, ar->normal_mode_fw.board is not
initialized, but ath10k_debug_print_hwfw_info() will try to access its
member, which will cause 'kernel NULL pointer' issue. This was found
using a faulty device (pci link went down sometimes) in a random
insmod/rmmod/other-op test.
To fix it, check ar->normal_mode_fw.board before accessing the member.
pci 0000:02:00.0: BAR 0: assigned [mem 0xf7400000-0xf75fffff 64bit]
ath10k_pci 0000:02:00.0: enabling device (0000 -> 0002)
ath10k_pci 0000:02:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
ath10k_pci 0000:02:00.0: failed to read device register, device is gone
ath10k_pci 0000:02:00.0: failed to wait for target init: -5
ath10k_pci 0000:02:00.0: failed to warm reset: -5
ath10k_pci 0000:02:00.0: firmware crashed during chip reset
ath10k_pci 0000:02:00.0: firmware crashed! (uuid 5d018951-b8e1-404a-8fde-923078b4423a)
ath10k_pci 0000:02:00.0: (null) target 0x00000000 chip_id 0x00340aff sub 0000:0000
ath10k_pci 0000:02:00.0: kconfig debug 1 debugfs 1 tracing 1 dfs 1 testmode 1
ath10k_pci 0000:02:00.0: firmware ver api 0 features crc32 00000000
...
BUG: unable to handle kernel NULL pointer dereference at 00000004
...
Call Trace:
[<fb4e7882>] ath10k_print_driver_info+0x12/0x20 [ath10k_core]
[<fb62b7dd>] ath10k_pci_fw_crashed_dump+0x6d/0x4d0 [ath10k_pci]
[<fb629f07>] ? ath10k_pci_sleep.part.19+0x57/0xc0 [ath10k_pci]
[<fb62c8ee>] ath10k_pci_hif_power_up+0x14e/0x1b0 [ath10k_pci]
[<c10477fb>] ? do_page_fault+0xb/0x10
[<fb4eb934>] ath10k_core_register_work+0x24/0x840 [ath10k_core]
[<c18a00d8>] ? netlbl_unlhsh_remove+0x178/0x410
[<c10477f0>] ? __do_page_fault+0x480/0x480
[<c1068e44>] process_one_work+0x114/0x3e0
[<c1069d07>] worker_thread+0x37/0x4a0
[<c106e294>] kthread+0xa4/0xc0
[<c1069cd0>] ? create_worker+0x180/0x180
[<c106e1f0>] ? kthread_park+0x50/0x50
[<c18ab4f7>] ret_from_fork+0x1b/0x28
Code: 78 80 b8 50 09 00 00 00 75 5d 8d 75 94 c7 44 24 08 aa d7 52 fb c7 44 24 04 64 00 00 00
89 34 24 e8 82 52 e2 c5 8b 83 dc 08 00 00 <8b> 50 04 8b 08 31 c0 e8 20 57 e3 c5 89 44 24 10 8b 83 58 09 00
EIP: [<fb4e7754>]-
ath10k_debug_print_board_info+0x34/0xb0 [ath10k_core]
SS:ESP 0068:f4921d90
CR2: 0000000000000004
Signed-off-by: Yu Wang <yyuwang@codeaurora.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
[AmitP: Minor rebasing for 4.14.y and 4.9.y]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
commit 9ef0f58ed7b4a55da4a64641d538e0d9e46579ac upstream.
The skb may be freed in tx completion context before
trace_ath10k_wmi_cmd is called. This can be easily captured when
KASAN(Kernel Address Sanitizer) is enabled. The fix is to move
trace_ath10k_wmi_cmd before the send operation. As the ret has no
meaning in trace_ath10k_wmi_cmd then, so remove this parameter too.
Signed-off-by: Carl Huang <cjhuang@codeaurora.org>
Tested-by: Brian Norris <briannorris@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.14.75
drm/amd/pp: initialize result to before or'ing in data
drm/amdgpu: add another ATPX quirk for TOPAZ
serial: mvebu-uart: Fix reporting of effective CSIZE to userspace
tools/power turbostat: fix possible sprintf buffer overflow
mac80211: Run TXQ teardown code before de-registering interfaces
mac80211_hwsim: require at least one channel
KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
btrfs: btrfs_shrink_device should call commit transaction at the end
scsi: csiostor: add a check for NULL pointer after kmalloc()
mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X
gpio: adp5588: Fix sleep-in-atomic-context bug
mac80211: mesh: fix HWMP sequence numbering to follow standard
mac80211: avoid kernel panic when building AMSDU from non-linear SKB
gpiolib: acpi: Switch to cansleep version of GPIO library call
gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall
net: hns: add the code for cleaning pkt in chip
net: hns: add netif_carrier_off before change speed and duplex
cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
mac80211: do not convert to A-MSDU if frag/subframe limited
mac80211: always account for A-MSDU header changes
tools/kvm_stat: fix python3 issues
tools/kvm_stat: fix handling of invalid paths in debugfs provider
gpio: Fix crash due to registration race
ARC: atomics: unbork atomic_fetch_##op()
md/raid5-cache: disable reshape completely
RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
i2c: uniphier: issue STOP only for last message or I2C_M_STOP
i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP
net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
mac80211: fix an off-by-one issue in A-MSDU max_subframe computation
cfg80211: fix a type issue in ieee80211_chandef_to_operating_class()
mac80211: fix a race between restart and CSA flows
mac80211: Fix station bandwidth setting after channel switch
mac80211: don't Tx a deauth frame if the AP forbade Tx
mac80211: shorten the IBSS debug messages
tools/vm/slabinfo.c: fix sign-compare warning
tools/vm/page-types.c: fix "defined but not used" warning
mm: madvise(MADV_DODUMP): allow hugetlbfs pages
bpf: 32-bit RSH verification must truncate input before the ALU op
netfilter: xt_cluster: add dependency on conntrack module
HID: add support for Apple Magic Keyboards
usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i]
HID: hid-saitek: Add device ID for RAT 7 Contagion
scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails
scsi: qedi: Add the CRC size within iSCSI NVM image
perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx()
perf util: Fix bad memory access in trace info.
perf probe powerpc: Ignore SyS symbols irrespective of endianness
netfilter: nf_tables: release chain in flushing set
Revert "iio: temperature: maxim_thermocouple: add MAX31856 part"
RDMA/ucma: check fd type in ucma_migrate_id()
HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report
USB: yurex: Check for truncation in yurex_read()
nvmet-rdma: fix possible bogus dereference under heavy load
net/mlx5: Consider PCI domain in search for next dev
drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS
drm/nouveau/disp: fix DP disable race
dm raid: fix rebuild of specific devices by updating superblock
fs/cifs: suppress a string overflow warning
net: ena: fix driver when PAGE_SIZE == 64kB
net: ena: fix missing calls to READ_ONCE
perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs
dm thin metadata: try to avoid ever aborting transactions
arch/hexagon: fix kernel/dma.c build warning
hexagon: modify ffs() and fls() to return int
arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto"
drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk
r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
s390/qeth: use vzalloc for QUERY OAT buffer
s390/qeth: don't dump past end of unknown HW header
cifs: read overflow in is_valid_oplock_break()
xen/manage: don't complain about an empty value in control/sysrq node
xen: avoid crash in disable_hotplug_cpu
xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
ovl: fix access beyond unterminated strings
ovl: fix memory leak on unlink of indexed file
ovl: fix format of setxattr debug
sysfs: Do not return POSIX ACL xattrs via listxattr
smb2: fix missing files in root share directory listing
iommu/amd: Clear memory encryption mask from physical address
ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe()
crypto: mxs-dcp - Fix wait logic on chan threads
crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic
gpiolib: Free the last requested descriptor
Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect()
tools: hv: fcopy: set 'error' in case an unknown operation was requested
proc: restrict kernel stack dumps to root
ocfs2: fix locking for res->tracking and dlm->tracking_list
ixgbe: check return value of napi_complete_done()
dm thin metadata: fix __udivdi3 undefined on 32-bit
Linux 4.14.75
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
[ Upstream commit d7c863a2f65e48f442379f4ee1846d52e0c5d24d ]
The mac80211_hwsim driver intends to say that it supports up to four
STBC receive streams, but instead it ends up saying something undefined.
The IEEE80211_VHT_CAP_RXSTBC_X macros aren't independent bits that can
be ORed together, but values. In this case, _4 is the appropriate one
to use.
Signed-off-by: Danek Duvall <duvall@comfychair.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 484004339d4514fde425f6e8a9f6a6cc979bb0c3 ]
Syzbot continues to try to create mac80211_hwsim radios, and
manages to pass parameters that are later checked with WARN_ON
in cfg80211 - catch another one in hwsim directly.
Reported-by: syzbot+2a12f11c306afe871c1f@syzkaller.appspotmail.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.14.74
crypto: skcipher - Fix -Wstringop-truncation warnings
iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
tsl2550: fix lux1_input error in low light
vmci: type promotion bug in qp_host_get_user_memory()
x86/numa_emulation: Fix emulated-to-physical node mapping
staging: rts5208: fix missing error check on call to rtsx_write_register
power: supply: axp288_charger: Fix initial constant_charge_current value
misc: sram: enable clock before registering regions
serial: sh-sci: Stop RX FIFO timer during port shutdown
uwb: hwa-rc: fix memory leak at probe
power: vexpress: fix corruption in notifier registration
iommu/amd: make sure TLB to be flushed before IOVA freed
Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
USB: serial: kobil_sct: fix modem-status error handling
6lowpan: iphc: reset mac_header after decompress to fix panic
iommu/msm: Don't call iommu_device_{,un}link from atomic context
s390/mm: correct allocate_pgste proc_handler callback
power: remove possible deadlock when unregistering power_supply
md-cluster: clear another node's suspend_area after the copy is finished
RDMA/bnxt_re: Fix a couple off by one bugs
RDMA/i40w: Hold read semaphore while looking after VMA
IB/core: type promotion bug in rdma_rw_init_one_mr()
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
IB/mlx4: Test port number before querying type.
powerpc/kdump: Handle crashkernel memory reservation failure
media: fsl-viu: fix error handling in viu_of_probe()
media: staging/imx: fill vb2_v4l2_buffer field entry
x86/tsc: Add missing header to tsc_msr.c
ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
x86/entry/64: Add two more instruction suffixes
ARM: dts: ls1021a: Add missing cooling device properties for CPUs
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
scsi: klist: Make it safe to use klists in atomic context
scsi: ibmvscsi: Improve strings handling
scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
usb: wusbcore: security: cast sizeof to int for comparison
ath10k: sdio: use same endpoint id for all packets in a bundle
ath10k: sdio: set skb len for all rx packets
powerpc/powernv/ioda2: Reduce upper limit for DMA window size
s390/sysinfo: add missing #ifdef CONFIG_PROC_FS
alarmtimer: Prevent overflow for relative nanosleep
s390/dasd: correct numa_node in dasd_alloc_queue
s390/scm_blk: correct numa_node in scm_blk_dev_setup
s390/extmem: fix gcc 8 stringop-overflow warning
mtd: rawnand: atmel: add module param to avoid using dma
iio: accel: adxl345: convert address field usage in iio_chan_spec
posix-timers: Make forward callback return s64
posix-timers: Sanitize overrun handling
ALSA: snd-aoa: add of_node_put() in error path
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
media: soc_camera: ov772x: correct setting of banding filter
media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
staging: android: ashmem: Fix mmap size validation
drivers/tty: add error handling for pcmcia_loop_config
media: tm6000: add error handling for dvb_register_adapter
ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
net: phy: xgmiitorgmii: Check read_status results
ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
net: phy: xgmiitorgmii: Check phy_driver ready before accessing
drm/sun4i: Fix releasing node when enumerating enpoints
ath10k: transmit queued frames after processing rx packets
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
brcmsmac: fix wrap around in conversion from constant to s16
wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
arm: dts: mediatek: Add missing cooling device properties for CPUs
HID: hid-ntrig: add error handling for sysfs_create_group
MIPS: boot: fix build rule of vmlinux.its.S
perf/x86/intel/lbr: Fix incomplete LBR call stack
scsi: bnx2i: add error handling for ioremap_nocache
iomap: complete partial direct I/O writes synchronously
scsi: megaraid_sas: Update controller info during resume
EDAC, i7core: Fix memleaks and use-after-free on probe and remove
ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
module: exclude SHN_UNDEF symbols from kallsyms api
gpio: Fix wrong rounding in gpio-menz127
nfsd: fix corrupted reply to badly ordered compound
EDAC: Fix memleak in module init error path
fs/lock: skip lock owner pid translation in case we are in init_pid_ns
Input: xen-kbdfront - fix multi-touch XenStore node's locations
iio: 104-quad-8: Fix off-by-one error in register selection
ARM: dts: dra7: fix DCAN node addresses
floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
x86/mm: Expand static page table for fixmap space
tty: serial: lpuart: avoid leaking struct tty_struct
serial: cpm_uart: return immediately from console poll
intel_th: Fix device removal logic
spi: tegra20-slink: explicitly enable/disable clock
spi: sh-msiof: Fix invalid SPI use during system suspend
spi: sh-msiof: Fix handling of write value for SISTR register
spi: rspi: Fix invalid SPI use during system suspend
spi: rspi: Fix interrupted DMA transfers
regulator: fix crash caused by null driver data
USB: fix error handling in usb_driver_claim_interface()
USB: handle NULL config in usb_find_alt_setting()
usb: musb: dsps: do not disable CPPI41 irq in driver teardown
slub: make ->cpu_partial unsigned int
media: uvcvideo: Support realtek's UVC 1.5 device
USB: usbdevfs: sanitize flags more
USB: usbdevfs: restore warning for nonsensical flags
Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()"
USB: remove LPM management from usb_driver_claim_interface()
Input: elantech - enable middle button of touchpad on ThinkPad P72
IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
IB/hfi1: Fix SL array bounds check
IB/hfi1: Invalid user input can result in crash
IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
RDMA/uverbs: Atomically flush and mark closed the comp event queue
ovl: hash non-dir by lower inode for fsnotify
drm/i915: Remove vma from object on destroy, not close
serial: imx: restore handshaking irq for imx1
arm64: KVM: Tighten guest core register access from userspace
qed: Wait for ready indication before rereading the shmem
qed: Wait for MCP halt and resume commands to take place
qed: Prevent a possible deadlock during driver load and unload
qed: Avoid sending mailbox commands when MFW is not responsive
thermal: of-thermal: disable passive polling when thermal zone is disabled
isofs: reject hardware sector size > 2048 bytes
tls: possible hang when do_tcp_sendpages hits sndbuf is full case
bpf: sockmap: write_space events need to be passed to TCP handler
net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
net: hns: fix skb->truesize underestimation
e1000: check on netif_running() before calling e1000_up()
e1000: ensure to free old tx/rx rings in set_ringparam()
crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions.
hwmon: (ina2xx) fix sysfs shunt resistor read access
hwmon: (adt7475) Make adt7475_read_word() return errors
Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping"
drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
drm/amdgpu: Update power state at the end of smu hw_init.
ata: ftide010: Add a quirk for SQ201
nvme-fcloop: Fix dropped LS's to removed target port
ARM: dts: omap4-droid4: Fix emmc errors seen on some devices
arm/arm64: smccc-1.1: Make return values unsigned long
arm/arm64: smccc-1.1: Handle function result as parameters
i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
x86/pti: Fix section mismatch warning/error
arm64: KVM: Sanitize PSTATE.M when being set from userspace
media: v4l: event: Prevent freeing event subscriptions while accessed
Linux 4.14.74
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
|
[ Upstream commit 4ec7cece87b3ed21ffcd407c62fb2f151a366bc1 ]
Otherwise we can get:
WARNING: CPU: 0 PID: 55 at drivers/net/wireless/ti/wlcore/io.h:84
I've only seen this few times with the runtime PM patches enabled
so this one is probably not needed before that. This seems to
work currently based on the current PM implementation timer. Let's
apply this separately though in case others are hitting this issue.
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit c9a61469fc97672a08b2f798830a55ea6e03dc4a ]
The last value in the log_table wraps around to a negative value
since s16 has a value range of -32768 to 32767. This is not what
the table intends to represent. Use the closest positive value
32767.
This fixes a warning seen with clang:
drivers/net/wireless/broadcom/brcm80211/brcmsmac/phy/phy_qmath.c:216:2: warning:
implicit conversion from 'int' to 's16' (aka 'short') changes
value from 32768
to -32768 [-Wconstant-conversion]
32768
^~~~~
1 warning generated.
Fixes: 4c0bfeaae9f9 ("brcmsmac: fix array out-of-bounds access in qm_log10")
Cc: Tobias Regnery <tobias.regnery@gmail.com>
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit ae636fb1554833ee5133ca47bf4b2791b6739c52 ]
This is a static checker fix, not something I have tested. The issue
is that on the second iteration through the loop, we jump forward by
le32_to_cpu(auth_req->length) bytes. The problem is that if the length
is more than "buflen" then we end up with a negative "buflen". A
negative buflen is type promoted to a high positive value and the loop
continues but it's accessing beyond the end of the buffer.
I believe the "auth_req->length" comes from the firmware and if the
firmware is malicious or buggy, you're already toasted so the impact of
this bug is probably not very severe.
Fixes: 030645aceb3d ("rndis_wlan: handle 802.11 indications from device")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 3f04950f32d5d592ab4fcaecac2178558a6f7437 ]
When running iperf on ath10k SDIO, TX can stop working:
iperf -c 192.168.1.1 -i 1 -t 20 -w 10K
[ 3] 0.0- 1.0 sec 2.00 MBytes 16.8 Mbits/sec
[ 3] 1.0- 2.0 sec 3.12 MBytes 26.2 Mbits/sec
[ 3] 2.0- 3.0 sec 3.25 MBytes 27.3 Mbits/sec
[ 3] 3.0- 4.0 sec 655 KBytes 5.36 Mbits/sec
[ 3] 4.0- 5.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 5.0- 6.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 6.0- 7.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 7.0- 8.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 8.0- 9.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 9.0-10.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 0.0-10.3 sec 9.01 MBytes 7.32 Mbits/sec
There are frames in the ieee80211_txq and there are frames that have
been removed from from this queue, but haven't yet been sent on the wire
(num_pending_tx).
When num_pending_tx reaches max_num_pending_tx, we will stop the queues
by calling ieee80211_stop_queues().
As frames that have previously been sent for transmission
(num_pending_tx) are completed, we will decrease num_pending_tx and wake
the queues by calling ieee80211_wake_queue(). ieee80211_wake_queue()
does not call wake_tx_queue, so we might still have frames in the
queue at this point.
While the queues were stopped, the socket buffer might have filled up,
and in order for user space to write more, we need to free the frames
in the queue, since they are accounted to the socket. In order to free
them, we first need to transmit them.
This problem cannot be reproduced on low-latency devices, e.g. pci,
since they call ath10k_mac_tx_push_pending() from
ath10k_htt_txrx_compl_task(). ath10k_htt_txrx_compl_task() is not called
on high-latency devices.
Fix the problem by calling ath10k_mac_tx_push_pending(), after
processing rx packets, just like for low-latency devices, also in the
SDIO case. Since we are calling ath10k_mac_tx_push_pending() directly,
we also need to export it.
Signed-off-by: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 168f75f11fe68455e0d058a818ebccfc329d8685 ]
While debugging driver crashes related to a buggy firmware
crashing under load, I noticed that ath10k_htt_rx_ring_free
could be called without being under lock. I'm not sure if this
is the root cause of the crash or not, but it seems prudent to
protect it.
Originally tested on 4.16+ kernel with ath10k-ct 10.4 firmware
running on 9984 NIC.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 8530b4e7b22bc3bd8240579f3844c73947cd5f71 ]
Without this, packets larger than 1500 will silently be dropped.
Easily reproduced by sending a ping packet with a size larger
than 1500.
Co-Developed-by: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Alagu Sankar <alagusankar@silex-india.com>
Signed-off-by: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
[ Upstream commit 679e1f07c86221b7183dd69df7068fd42d0041f6 ]
All packets in a bundle should use the same endpoint id as the
first lookahead.
This matches how things are done is ath6kl, however,
this patch can theoretically handle several bundles
in ath10k_sdio_mbox_rx_process_packets().
Without this patch we get lots of errors about invalid endpoint id:
ath10k_sdio mmc2:0001:1: invalid endpoint in look-ahead: 224
ath10k_sdio mmc2:0001:1: failed to get pending recv messages: -12
ath10k_sdio mmc2:0001:1: failed to process pending SDIO interrupts: -12
Co-Developed-by: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Alagu Sankar <alagusankar@silex-india.com>
Signed-off-by: Niklas Cassel <niklas.cassel@linaro.org>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Changes in 4.14.71
i2c: xiic: Make the start and the byte count write atomic
i2c: i801: fix DNV's SMBCTRL register offset
scsi: lpfc: Correct MDS diag and nvmet configuration
nbd: don't allow invalid blocksize settings
block: bfq: swap puts in bfqg_and_blkg_put
android: binder: fix the race mmap and alloc_new_buf_locked
MIPS: VDSO: Match data page cache colouring when D$ aliases
SMB3: Backup intent flag missing for directory opens with backupuid mounts
smb3: check for and properly advertise directory lease support
Btrfs: fix data corruption when deduplicating between different files
KVM: s390: vsie: copy wrapping keys to right place
KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr
ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
cpu/hotplug: Adjust misplaced smb() in cpuhp_thread_fun()
cpu/hotplug: Prevent state corruption on error rollback
x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
x86/microcode: Update the new microcode revision unconditionally
switchtec: Fix Spectre v1 vulnerability
crypto: aes-generic - fix aes-generic regression on powerpc
tpm: separate cmd_ready/go_idle from runtime_pm
ARC: [plat-axs*]: Enable SWAP
misc: mic: SCIF Fix scif_get_new_port() error handling
ethtool: Remove trailing semicolon for static inline
i2c: aspeed: Add an explicit type casting for *get_clk_reg_val
Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
gpio: tegra: Move driver registration to subsys_init level
powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage
selftests/bpf: fix a typo in map in map test
media: davinci: vpif_display: Mix memory leak on probe error path
media: dw2102: Fix memleak on sequence of probes
net: phy: Fix the register offsets in Broadcom iProc mdio mux driver
blk-mq: fix updating tags depth
scsi: target: fix __transport_register_session locking
md/raid5: fix data corruption of replacements after originals dropped
timers: Clear timer_base::must_forward_clk with timer_base::lock held
media: camss: csid: Configure data type and decode format properly
gpu: ipu-v3: default to id 0 on missing OF alias
misc: ti-st: Fix memory leak in the error path of probe()
uio: potential double frees if __uio_register_device() fails
firmware: vpd: Fix section enabled flag on vpd_section_destroy
Drivers: hv: vmbus: Cleanup synic memory free path
tty: rocket: Fix possible buffer overwrite on register_PCI
f2fs: fix to active page in lru list for read path
f2fs: do not set free of current section
f2fs: fix defined but not used build warnings
perf tools: Allow overriding MAX_NR_CPUS at compile time
NFSv4.0 fix client reference leak in callback
perf c2c report: Fix crash for empty browser
perf evlist: Fix error out while applying initial delay and LBR
macintosh/via-pmu: Add missing mmio accessors
ath9k: report tx status on EOSP
ath9k_hw: fix channel maximum power level test
ath10k: prevent active scans on potential unusable channels
wlcore: Set rx_status boottime_ns field on rx
rpmsg: core: add support to power domains for devices
MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
ata: libahci: Allow reconfigure of DEVSLP register
ata: libahci: Correct setting of DEVSLP register
scsi: 3ware: fix return 0 on the error path of probe
tools/testing/nvdimm: kaddr and pfn can be NULL to ->direct_access()
ath10k: disable bundle mgmt tx completion event support
Bluetooth: hidp: Fix handling of strncpy for hid->name information
x86/mm: Remove in_nmi() warning from vmalloc_fault()
pinctrl: imx: off by one in imx_pinconf_group_dbg_show()
gpio: ml-ioh: Fix buffer underwrite on probe error path
pinctrl/amd: only handle irq if it is pending and unmasked
net: mvneta: fix mtu change on port without link
f2fs: try grabbing node page lock aggressively in sync scenario
pktcdvd: Fix possible Spectre-v1 for pkt_devs
f2fs: fix to skip GC if type in SSA and SIT is inconsistent
tpm_tis_spi: Pass the SPI IRQ down to the driver
tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)
f2fs: fix to do sanity check with reserved blkaddr of inline inode
MIPS: Octeon: add missing of_node_put()
MIPS: generic: fix missing of_node_put()
net: dcb: For wild-card lookups, use priority -1, not 0
dm cache: only allow a single io_mode cache feature to be requested
Input: atmel_mxt_ts - only use first T9 instance
media: s5p-mfc: Fix buffer look up in s5p_mfc_handle_frame_{new, copy_time} functions
partitions/aix: append null character to print data from disk
partitions/aix: fix usage of uninitialized lv_info and lvname structures
media: helene: fix xtal frequency setting at power on
f2fs: fix to wait on page writeback before updating page
f2fs: Fix uninitialized return in f2fs_ioc_shutdown()
iommu/ipmmu-vmsa: Fix allocation in atomic context
mfd: ti_am335x_tscadc: Fix struct clk memory leak
f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
NFSv4.1: Fix a potential layoutget/layoutrecall deadlock
MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
RDMA/cma: Do not ignore net namespace for unbound cm_id
drm/i915: set DP Main Stream Attribute for color range on DDI platforms
inet: frags: change inet_frags_init_net() return value
inet: frags: add a pointer to struct netns_frags
inet: frags: refactor ipfrag_init()
inet: frags: Convert timers to use timer_setup()
inet: frags: refactor ipv6_frag_init()
inet: frags: refactor lowpan_net_frag_init()
ipv6: export ip6 fragments sysctl to unprivileged users
rhashtable: add schedule points
inet: frags: use rhashtables for reassembly units
inet: frags: remove some helpers
inet: frags: get rif of inet_frag_evicting()
inet: frags: remove inet_frag_maybe_warn_overflow()
inet: frags: break the 2GB limit for frags storage
inet: frags: do not clone skb in ip_expire()
ipv6: frags: rewrite ip6_expire_frag_queue()
rhashtable: reorganize struct rhashtable layout
inet: frags: reorganize struct netns_frags
inet: frags: get rid of ipfrag_skb_cb/FRAG_CB
inet: frags: fix ip6frag_low_thresh boundary
ip: discard IPv4 datagrams with overlapping segments.
net: speed up skb_rbtree_purge()
net: modify skb_rbtree_purge to return the truesize of all purged skbs.
ipv6: defrag: drop non-last frags smaller than min mtu
net: pskb_trim_rcsum() and CHECKSUM_COMPLETE are friends
net: add rb_to_skb() and other rb tree helpers
net: sk_buff rbnode reorg
ipv4: frags: precedence bug in ip_expire()
ip: add helpers to process in-order fragments faster.
ip: process in-order fragments efficiently
ip: frags: fix crash in ip_do_fragment()
mtd: ubi: wl: Fix error return code in ubi_wl_init()
tun: fix use after free for ptr_ring
tuntap: fix use after free during release
autofs: fix autofs_sbi() does not check super block type
mm: get rid of vmacache_flush_all() entirely
Linux 4.14.71
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
