* [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings
@ 2018-09-17 3:05 Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 02/29] tsl2550: fix lux1_input error in low light Sasha Levin
` (27 more replies)
0 siblings, 28 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Stafford Horne, Greg Kroah-Hartman, Arnd Bergmann, Max Filippov,
Eric Biggers, Nick Desaulniers, Herbert Xu, Sasha Levin
From: Stafford Horne <shorne@gmail.com>
[ Upstream commit cefd769fd0192c84d638f66da202459ed8ad63ba ]
As of GCC 9.0.0 the build is reporting warnings like:
crypto/ablkcipher.c: In function ‘crypto_ablkcipher_report’:
crypto/ablkcipher.c:374:2: warning: ‘strncpy’ specified bound 64 equals destination size [-Wstringop-truncation]
strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sizeof(rblkcipher.geniv));
~~~~~~~~~~~~~~~~~~~~~~~~~
This means the strnycpy might create a non null terminated string. Fix this by
explicitly performing '\0' termination.
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Max Filippov <jcmvbkbc@gmail.com>
Cc: Eric Biggers <ebiggers3@gmail.com>
Cc: Nick Desaulniers <nick.desaulniers@gmail.com>
Signed-off-by: Stafford Horne <shorne@gmail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
crypto/ablkcipher.c | 2 ++
crypto/blkcipher.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c
index 5061d7ad33e4..cad66af5a1ae 100644
--- a/crypto/ablkcipher.c
+++ b/crypto/ablkcipher.c
@@ -382,6 +382,7 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type));
strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>",
sizeof(rblkcipher.geniv));
+ rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0';
rblkcipher.blocksize = alg->cra_blocksize;
rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
@@ -463,6 +464,7 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type));
strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>",
sizeof(rblkcipher.geniv));
+ rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0';
rblkcipher.blocksize = alg->cra_blocksize;
rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize;
diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c
index 5ebfdd0d4543..5ba9916a33c8 100644
--- a/crypto/blkcipher.c
+++ b/crypto/blkcipher.c
@@ -514,6 +514,7 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg)
strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type));
strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>",
sizeof(rblkcipher.geniv));
+ rblkcipher.geniv[sizeof(rblkcipher.geniv) - 1] = '\0';
rblkcipher.blocksize = alg->cra_blocksize;
rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize;
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 02/29] tsl2550: fix lux1_input error in low light
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 03/29] x86/numa_emulation: Fix emulated-to-physical node mapping Sasha Levin
` (26 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Matt Ranostay, Arnd Bergmann, Greg Kroah-Hartman, Sasha Levin
From: Matt Ranostay <matt.ranostay@konsulko.com>
[ Upstream commit ce054546cc2c26891cefa2f284d90d93b52205de ]
ADC channel 0 photodiode detects both infrared + visible light,
but ADC channel 1 just detects infrared. However, the latter is a bit
more sensitive in that range so complete darkness or low light causes
a error condition in which the chan0 - chan1 is negative that
results in a -EAGAIN.
This patch changes the resulting lux1_input sysfs attribute message from
"Resource temporarily unavailable" to a user-grokable lux value of 0.
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Matt Ranostay <matt.ranostay@konsulko.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/misc/tsl2550.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/misc/tsl2550.c b/drivers/misc/tsl2550.c
index b00335652e52..59b9e46c0a7b 100644
--- a/drivers/misc/tsl2550.c
+++ b/drivers/misc/tsl2550.c
@@ -177,7 +177,7 @@ static int tsl2550_calculate_lux(u8 ch0, u8 ch1)
} else
lux = 0;
else
- return -EAGAIN;
+ return 0;
/* LUX range check */
return lux > TSL2550_MAX_LUX ? TSL2550_MAX_LUX : lux;
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 03/29] x86/numa_emulation: Fix emulated-to-physical node mapping
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 02/29] tsl2550: fix lux1_input error in low light Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 05/29] USB: serial: kobil_sct: fix modem-status error handling Sasha Levin
` (25 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Dan Williams, David Rientjes, Linus Torvalds, Peter Zijlstra,
Thomas Gleixner, Wei Yang, linux-mm@kvack.org, Ingo Molnar,
Sasha Levin
From: Dan Williams <dan.j.williams@intel.com>
[ Upstream commit 3b6c62f363a19ce82bf378187ab97c9dc01e3927 ]
Without this change the distance table calculation for emulated nodes
may use the wrong numa node and report an incorrect distance.
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Cc: David Rientjes <rientjes@google.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Wei Yang <richard.weiyang@gmail.com>
Cc: linux-mm@kvack.org
Link: http://lkml.kernel.org/r/153089328103.27680.14778434392225818887.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
arch/x86/mm/numa_emulation.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/mm/numa_emulation.c b/arch/x86/mm/numa_emulation.c
index a8f90ce3dedf..dc6d99017f3f 100644
--- a/arch/x86/mm/numa_emulation.c
+++ b/arch/x86/mm/numa_emulation.c
@@ -60,7 +60,7 @@ static int __init emu_setup_memblk(struct numa_meminfo *ei,
eb->nid = nid;
if (emu_nid_to_phys[nid] == NUMA_NO_NODE)
- emu_nid_to_phys[nid] = nid;
+ emu_nid_to_phys[nid] = pb->nid;
pb->start += size;
if (pb->start >= pb->end) {
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 05/29] USB: serial: kobil_sct: fix modem-status error handling
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 02/29] tsl2550: fix lux1_input error in low light Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 03/29] x86/numa_emulation: Fix emulated-to-physical node mapping Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 04/29] uwb: hwa-rc: fix memory leak at probe Sasha Levin
` (24 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Johan Hovold, Sasha Levin
From: Johan Hovold <johan@kernel.org>
[ Upstream commit a420b5d939ee58f1d950f0ea782834056520aeaa ]
Make sure to return -EIO in case of a short modem-status read request.
While at it, split the debug message to not include the (zeroed)
transfer-buffer content in case of errors.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/usb/serial/kobil_sct.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/serial/kobil_sct.c b/drivers/usb/serial/kobil_sct.c
index 02c420af251e..d056bdb42771 100644
--- a/drivers/usb/serial/kobil_sct.c
+++ b/drivers/usb/serial/kobil_sct.c
@@ -396,12 +396,20 @@ static int kobil_tiocmget(struct tty_struct *tty)
transfer_buffer_length,
KOBIL_TIMEOUT);
- dev_dbg(&port->dev, "%s - Send get_status_line_state URB returns: %i. Statusline: %02x\n",
- __func__, result, transfer_buffer[0]);
+ dev_dbg(&port->dev, "Send get_status_line_state URB returns: %i\n",
+ result);
+ if (result < 1) {
+ if (result >= 0)
+ result = -EIO;
+ goto out_free;
+ }
+
+ dev_dbg(&port->dev, "Statusline: %02x\n", transfer_buffer[0]);
result = 0;
if ((transfer_buffer[0] & SUSBCR_GSL_DSR) != 0)
result = TIOCM_DSR;
+out_free:
kfree(transfer_buffer);
return result;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 04/29] uwb: hwa-rc: fix memory leak at probe
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (2 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 05/29] USB: serial: kobil_sct: fix modem-status error handling Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 06/29] media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sasha Levin
` (23 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Anton Vasilyev, Greg Kroah-Hartman, Sasha Levin
From: Anton Vasilyev <vasilyev@ispras.ru>
[ Upstream commit 11b71782c1d10d9bccc31825cf84291cd7588a1e ]
hwarc_probe() allocates memory for hwarc, but does not free it
if uwb_rc_add() or hwarc_get_version() fail.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Anton Vasilyev <vasilyev@ispras.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/uwb/hwa-rc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/uwb/hwa-rc.c b/drivers/uwb/hwa-rc.c
index 1212b4b3c5a9..e9ff710a3d12 100644
--- a/drivers/uwb/hwa-rc.c
+++ b/drivers/uwb/hwa-rc.c
@@ -875,6 +875,7 @@ static int hwarc_probe(struct usb_interface *iface,
error_rc_add:
usb_put_intf(iface);
usb_put_dev(hwarc->usb_dev);
+ kfree(hwarc);
error_alloc:
uwb_rc_put(uwb_rc);
error_rc_alloc:
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 06/29] media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (3 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 04/29] uwb: hwa-rc: fix memory leak at probe Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 07/29] powerpc/kdump: Handle crashkernel memory reservation failure Sasha Levin
` (22 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Sylwester Nawrocki, Mauro Carvalho Chehab, Sasha Levin
From: Sylwester Nawrocki <s.nawrocki@samsung.com>
[ Upstream commit 7c1b9a5aeed91bef98988ac0fcf38c8c1f4f9a3a ]
This patch fixes potential NULL pointer dereference as indicated
by the following static checker warning:
drivers/media/platform/exynos4-is/fimc-isp-video.c:408 isp_video_try_fmt_mplane()
error: NULL dereference inside function '__isp_video_try_fmt(isp, &f->fmt.pix_mp, (0))()'.
Fixes: 34947b8aebe3: ("[media] exynos4-is: Add the FIMC-IS ISP capture DMA driver")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Sylwester Nawrocki <s.nawrocki@samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/media/platform/exynos4-is/fimc-isp-video.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/drivers/media/platform/exynos4-is/fimc-isp-video.c b/drivers/media/platform/exynos4-is/fimc-isp-video.c
index 76b6b4d14616..322677f2cbb0 100644
--- a/drivers/media/platform/exynos4-is/fimc-isp-video.c
+++ b/drivers/media/platform/exynos4-is/fimc-isp-video.c
@@ -389,12 +389,17 @@ static void __isp_video_try_fmt(struct fimc_isp *isp,
struct v4l2_pix_format_mplane *pixm,
const struct fimc_fmt **fmt)
{
- *fmt = fimc_isp_find_format(&pixm->pixelformat, NULL, 2);
+ const struct fimc_fmt *__fmt;
+
+ __fmt = fimc_isp_find_format(&pixm->pixelformat, NULL, 2);
+
+ if (fmt)
+ *fmt = __fmt;
pixm->colorspace = V4L2_COLORSPACE_SRGB;
pixm->field = V4L2_FIELD_NONE;
- pixm->num_planes = (*fmt)->memplanes;
- pixm->pixelformat = (*fmt)->fourcc;
+ pixm->num_planes = __fmt->memplanes;
+ pixm->pixelformat = __fmt->fourcc;
/*
* TODO: double check with the docmentation these width/height
* constraints are correct.
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 07/29] powerpc/kdump: Handle crashkernel memory reservation failure
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (4 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 06/29] media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 08/29] x86/tsc: Add missing header to tsc_msr.c Sasha Levin
` (21 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Hari Bathini, Michael Ellerman, Sasha Levin
From: Hari Bathini <hbathini@linux.ibm.com>
[ Upstream commit 8950329c4a64c6d3ca0bc34711a1afbd9ce05657 ]
Memory reservation for crashkernel could fail if there are holes around
kdump kernel offset (128M). Fail gracefully in such cases and print an
error message.
Signed-off-by: Hari Bathini <hbathini@linux.ibm.com>
Tested-by: David Gibson <dgibson@redhat.com>
Reviewed-by: Dave Young <dyoung@redhat.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
arch/powerpc/kernel/machine_kexec.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/arch/powerpc/kernel/machine_kexec.c b/arch/powerpc/kernel/machine_kexec.c
index 015ae55c1868..8dff2b371219 100644
--- a/arch/powerpc/kernel/machine_kexec.c
+++ b/arch/powerpc/kernel/machine_kexec.c
@@ -186,7 +186,12 @@ void __init reserve_crashkernel(void)
(unsigned long)(crashk_res.start >> 20),
(unsigned long)(memblock_phys_mem_size() >> 20));
- memblock_reserve(crashk_res.start, crash_size);
+ if (!memblock_is_region_memory(crashk_res.start, crash_size) ||
+ memblock_reserve(crashk_res.start, crash_size)) {
+ pr_err("Failed to reserve memory for crashkernel!\n");
+ crashk_res.start = crashk_res.end = 0;
+ return;
+ }
}
int overlaps_crashkernel(unsigned long start, unsigned long size)
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 08/29] x86/tsc: Add missing header to tsc_msr.c
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (5 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 07/29] powerpc/kdump: Handle crashkernel memory reservation failure Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 09/29] scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Sasha Levin
` (20 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Andy Shevchenko, Thomas Gleixner, H. Peter Anvin, Pavel Tatashin,
Sasha Levin
From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
[ Upstream commit dbd0fbc76c77daac08ddd245afdcbade0d506e19 ]
Add a missing header otherwise compiler warns about missed prototype:
CC arch/x86/kernel/tsc_msr.o
arch/x86/kernel/tsc_msr.c:73:15: warning: no previous prototype for ‘cpu_khz_from_msr’ [-Wmissing-prototypes]
unsigned long cpu_khz_from_msr(void)
^~~~~~~~~~~~~~~~
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Pavel Tatashin <pasha.tatashin@oracle.com>
Link: https://lkml.kernel.org/r/20180629193113.84425-4-andriy.shevchenko@linux.intel.com
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
arch/x86/kernel/tsc_msr.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/arch/x86/kernel/tsc_msr.c b/arch/x86/kernel/tsc_msr.c
index 6aa0f4d9eea6..0e37e369b3a0 100644
--- a/arch/x86/kernel/tsc_msr.c
+++ b/arch/x86/kernel/tsc_msr.c
@@ -21,6 +21,7 @@
#include <asm/setup.h>
#include <asm/apic.h>
#include <asm/param.h>
+#include <asm/tsc.h>
/* CPU reference clock frequency: in KHz */
#define FREQ_83 83200
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 09/29] scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (6 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 08/29] x86/tsc: Add missing header to tsc_msr.c Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 11/29] usb: wusbcore: security: cast sizeof to int for comparison Sasha Levin
` (19 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Bart Van Assche, Mike Christie, Christoph Hellwig,
Hannes Reinecke, Martin K . Petersen, Sasha Levin
From: Bart Van Assche <bart.vanassche@wdc.com>
[ Upstream commit 35bea5c84fd13c643cce63f0b5cd4b148f8c901d ]
Fixes: e48354ce078c ("iscsi-target: Add iSCSI fabric support for target v4.1")
Signed-off-by: Bart Van Assche <bart.vanassche@wdc.com>
Reviewed-by: Mike Christie <mchristi@redhat.com>
Cc: Mike Christie <mchristi@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/target/iscsi/iscsi_target_tpg.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/target/iscsi/iscsi_target_tpg.c b/drivers/target/iscsi/iscsi_target_tpg.c
index 5530321c44f2..afef70b1aaaf 100644
--- a/drivers/target/iscsi/iscsi_target_tpg.c
+++ b/drivers/target/iscsi/iscsi_target_tpg.c
@@ -651,8 +651,7 @@ int iscsit_ta_authentication(struct iscsi_portal_group *tpg, u32 authentication)
none = strstr(buf1, NONE);
if (none)
goto out;
- strncat(buf1, ",", strlen(","));
- strncat(buf1, NONE, strlen(NONE));
+ strlcat(buf1, "," NONE, sizeof(buf1));
if (iscsi_update_param_value(param, buf1) < 0)
return -EINVAL;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 11/29] usb: wusbcore: security: cast sizeof to int for comparison
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (7 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 09/29] scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 10/29] scsi: ibmvscsi: Improve strings handling Sasha Levin
` (18 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Julia Lawall, Greg Kroah-Hartman, Sasha Levin
From: Julia Lawall <Julia.Lawall@lip6.fr>
[ Upstream commit d3ac5598c5010a8999978ebbcca3b1c6188ca36b ]
Comparing an int to a size, which is unsigned, causes the int to become
unsigned, giving the wrong result. usb_get_descriptor can return a
negative error code.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
int x;
expression e,e1;
identifier f;
@@
*x = f(...);
... when != x = e1
when != if (x < 0 || ...) { ... return ...; }
*x < sizeof(e)
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/usb/wusbcore/security.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/wusbcore/security.c b/drivers/usb/wusbcore/security.c
index cc74d669c802..63ab92af2473 100644
--- a/drivers/usb/wusbcore/security.c
+++ b/drivers/usb/wusbcore/security.c
@@ -230,7 +230,7 @@ int wusb_dev_sec_add(struct wusbhc *wusbhc,
result = usb_get_descriptor(usb_dev, USB_DT_SECURITY,
0, secd, sizeof(*secd));
- if (result < sizeof(*secd)) {
+ if (result < (int)sizeof(*secd)) {
dev_err(dev, "Can't read security descriptor or "
"not enough data: %d\n", result);
goto out;
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 10/29] scsi: ibmvscsi: Improve strings handling
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (8 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 11/29] usb: wusbcore: security: cast sizeof to int for comparison Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 12/29] alarmtimer: Prevent overflow for relative nanosleep Sasha Levin
` (17 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Breno Leitao, Bart Van Assche, Tyrel Datwyler,
Martin K . Petersen, Sasha Levin
From: Breno Leitao <leitao@debian.org>
[ Upstream commit 1262dc09dc9ae7bf4ad00b6a2c5ed6a6936bcd10 ]
Currently an open firmware property is copied into partition_name variable
without keeping a room for \0.
Later one, this variable (partition_name), which is 97 bytes long, is
strncpyed into ibmvcsci_host_data->madapter_info->partition_name, which is
96 bytes long, possibly truncating it 'again' and removing the \0.
This patch simply decreases the partition name to 96 and just copy using
strlcpy() which guarantees that the string is \0 terminated. I think there
is no issue if this there is a truncation in this very first copy, i.e,
when the open firmware property is read and copied into the driver for the
very first time;
This issue also causes the following warning on GCC 8:
drivers/scsi/ibmvscsi/ibmvscsi.c:281:2: warning: strncpy output may be truncated copying 96 bytes from a string of length 96 [-Wstringop-truncation]
...
inlined from ibmvscsi_probe at drivers/scsi/ibmvscsi/ibmvscsi.c:2221:7:
drivers/scsi/ibmvscsi/ibmvscsi.c:265:3: warning: strncpy specified bound 97 equals destination size [-Wstringop-truncation]
CC: Bart Van Assche <bart.vanassche@wdc.com>
CC: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Breno Leitao <leitao@debian.org>
Acked-by: Tyrel Datwyler <tyreld@linux.vnet.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/scsi/ibmvscsi/ibmvscsi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/scsi/ibmvscsi/ibmvscsi.c b/drivers/scsi/ibmvscsi/ibmvscsi.c
index 7b23f21f22f1..e9331cf5478d 100644
--- a/drivers/scsi/ibmvscsi/ibmvscsi.c
+++ b/drivers/scsi/ibmvscsi/ibmvscsi.c
@@ -93,7 +93,7 @@ static int max_requests = IBMVSCSI_MAX_REQUESTS_DEFAULT;
static int max_events = IBMVSCSI_MAX_REQUESTS_DEFAULT + 2;
static int fast_fail = 1;
static int client_reserve = 1;
-static char partition_name[97] = "UNKNOWN";
+static char partition_name[96] = "UNKNOWN";
static unsigned int partition_number = -1;
static struct scsi_transport_template *ibmvscsi_transport_template;
@@ -261,7 +261,7 @@ static void gather_partition_info(void)
ppartition_name = of_get_property(rootdn, "ibm,partition-name", NULL);
if (ppartition_name)
- strncpy(partition_name, ppartition_name,
+ strlcpy(partition_name, ppartition_name,
sizeof(partition_name));
p_number_ptr = of_get_property(rootdn, "ibm,partition-no", NULL);
if (p_number_ptr)
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 12/29] alarmtimer: Prevent overflow for relative nanosleep
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (9 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 10/29] scsi: ibmvscsi: Improve strings handling Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 13/29] s390/extmem: fix gcc 8 stringop-overflow warning Sasha Levin
` (16 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Thomas Gleixner, John Stultz, Sasha Levin
From: Thomas Gleixner <tglx@linutronix.de>
[ Upstream commit 5f936e19cc0ef97dbe3a56e9498922ad5ba1edef ]
Air Icy reported:
UBSAN: Undefined behaviour in kernel/time/alarmtimer.c:811:7
signed integer overflow:
1529859276030040771 + 9223372036854775807 cannot be represented in type 'long long int'
Call Trace:
alarm_timer_nsleep+0x44c/0x510 kernel/time/alarmtimer.c:811
__do_sys_clock_nanosleep kernel/time/posix-timers.c:1235 [inline]
__se_sys_clock_nanosleep kernel/time/posix-timers.c:1213 [inline]
__x64_sys_clock_nanosleep+0x326/0x4e0 kernel/time/posix-timers.c:1213
do_syscall_64+0xb8/0x3a0 arch/x86/entry/common.c:290
alarm_timer_nsleep() uses ktime_add() to add the current time and the
relative expiry value. ktime_add() has no sanity checks so the addition
can overflow when the relative timeout is large enough.
Use ktime_add_safe() which has the necessary sanity checks in place and
limits the result to the valid range.
Fixes: 9a7adcf5c6de ("timers: Posix interface for alarm-timers")
Reported-by: Team OWL337 <icytxw@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: John Stultz <john.stultz@linaro.org>
Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1807020926360.1595@nanos.tec.linutronix.de
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
kernel/time/alarmtimer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c
index 119847b93ba6..0436d5edbccf 100644
--- a/kernel/time/alarmtimer.c
+++ b/kernel/time/alarmtimer.c
@@ -776,7 +776,8 @@ static int alarm_timer_nsleep(const clockid_t which_clock, int flags,
/* Convert (if necessary) to absolute time */
if (flags != TIMER_ABSTIME) {
ktime_t now = alarm_bases[type].gettime();
- exp = ktime_add(now, exp);
+
+ exp = ktime_add_safe(now, exp);
}
if (alarmtimer_do_nsleep(&alarm, exp))
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 13/29] s390/extmem: fix gcc 8 stringop-overflow warning
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (10 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 12/29] alarmtimer: Prevent overflow for relative nanosleep Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 15/29] media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Sasha Levin
` (15 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Vasily Gorbik, Martin Schwidefsky, Sasha Levin
From: Vasily Gorbik <gor@linux.ibm.com>
[ Upstream commit 6b2ddf33baec23dace85bd647e3fc4ac070963e8 ]
arch/s390/mm/extmem.c: In function '__segment_load':
arch/s390/mm/extmem.c:436:2: warning: 'strncat' specified bound 7 equals
source length [-Wstringop-overflow=]
strncat(seg->res_name, " (DCSS)", 7);
What gcc complains about here is the misuse of strncat function, which
in this case does not limit a number of bytes taken from "src", so it is
in the end the same as strcat(seg->res_name, " (DCSS)");
Keeping in mind that a res_name is 15 bytes, strncat in this case
would overflow the buffer and write 0 into alignment byte between the
fields in the struct. To avoid that increasing res_name size to 16,
and reusing strlcat.
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
arch/s390/mm/extmem.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/s390/mm/extmem.c b/arch/s390/mm/extmem.c
index 519bba716cc3..783aadec4e40 100644
--- a/arch/s390/mm/extmem.c
+++ b/arch/s390/mm/extmem.c
@@ -80,7 +80,7 @@ struct qin64 {
struct dcss_segment {
struct list_head list;
char dcss_name[8];
- char res_name[15];
+ char res_name[16];
unsigned long start_addr;
unsigned long end;
atomic_t ref_count;
@@ -445,7 +445,7 @@ __segment_load (char *name, int do_nonshared, unsigned long *addr, unsigned long
memcpy(&seg->res_name, seg->dcss_name, 8);
EBCASC(seg->res_name, 8);
seg->res_name[8] = '\0';
- strncat(seg->res_name, " (DCSS)", 7);
+ strlcat(seg->res_name, " (DCSS)", sizeof(seg->res_name));
seg->res->name = seg->res_name;
rc = seg->vm_segtype;
if (rc == SEG_TYPE_SC ||
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 15/29] media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (11 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 13/29] s390/extmem: fix gcc 8 stringop-overflow warning Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 14/29] ALSA: snd-aoa: add of_node_put() in error path Sasha Levin
` (14 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Akinobu Mita, Hans Verkuil, Sakari Ailus, Mauro Carvalho Chehab,
Sasha Levin
From: Akinobu Mita <akinobu.mita@gmail.com>
[ Upstream commit 30ed2b83343bd1e07884ca7355dac70d25ffc158 ]
When the subdevice doesn't provide s_power core ops callback, the
v4l2_subdev_call for s_power returns -ENOIOCTLCMD. If the subdevice
doesn't have the special handling for its power saving mode, the s_power
isn't required. So -ENOIOCTLCMD from the v4l2_subdev_call should be
ignored.
Cc: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Acked-by: Sylwester Nawrocki <sylvester.nawrocki@gmail.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/media/platform/s3c-camif/camif-capture.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/media/platform/s3c-camif/camif-capture.c b/drivers/media/platform/s3c-camif/camif-capture.c
index 97a52d4574e7..bb4a57e55aed 100644
--- a/drivers/media/platform/s3c-camif/camif-capture.c
+++ b/drivers/media/platform/s3c-camif/camif-capture.c
@@ -117,6 +117,8 @@ static int sensor_set_power(struct camif_dev *camif, int on)
if (camif->sensor.power_count == !on)
err = v4l2_subdev_call(sensor->sd, core, s_power, on);
+ if (err == -ENOIOCTLCMD)
+ err = 0;
if (!err)
sensor->power_count += on ? 1 : -1;
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 14/29] ALSA: snd-aoa: add of_node_put() in error path
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (12 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 15/29] media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 16/29] media: soc_camera: ov772x: correct setting of banding filter Sasha Levin
` (13 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Nicholas Mc Guire, Takashi Iwai, Sasha Levin
From: Nicholas Mc Guire <hofrat@osadl.org>
[ Upstream commit 222bce5eb88d1af656419db04bcd84b2419fb900 ]
Both calls to of_find_node_by_name() and of_get_next_child() return a
node pointer with refcount incremented thus it must be explicidly
decremented here after the last usage. As we are assured to have a
refcounted np either from the initial
of_find_node_by_name(NULL, name); or from the of_get_next_child(gpio, np)
in the while loop if we reached the error code path below, an
x of_node_put(np) is needed.
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Fixes: commit f3d9478b2ce4 ("[ALSA] snd-aoa: add snd-aoa")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
sound/aoa/core/gpio-feature.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/sound/aoa/core/gpio-feature.c b/sound/aoa/core/gpio-feature.c
index f34153962d07..585b594bd838 100644
--- a/sound/aoa/core/gpio-feature.c
+++ b/sound/aoa/core/gpio-feature.c
@@ -88,8 +88,10 @@ static struct device_node *get_gpio(char *name,
}
reg = of_get_property(np, "reg", NULL);
- if (!reg)
+ if (!reg) {
+ of_node_put(np);
return NULL;
+ }
*gpioptr = *reg;
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 16/29] media: soc_camera: ov772x: correct setting of banding filter
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (13 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 14/29] ALSA: snd-aoa: add of_node_put() in error path Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 17/29] staging: android: ashmem: Fix mmap size validation Sasha Levin
` (12 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Akinobu Mita, Jacopo Mondi, Laurent Pinchart, Hans Verkuil,
Sakari Ailus, Mauro Carvalho Chehab, Sasha Levin
From: Akinobu Mita <akinobu.mita@gmail.com>
[ Upstream commit 22216ec41e919682c15345e95928f266e8ba6f9e ]
The banding filter ON/OFF is controlled via bit 5 of COM8 register. It
is attempted to be enabled in ov772x_set_params() by the following line.
ret = ov772x_mask_set(client, COM8, BNDF_ON_OFF, 1);
But this unexpectedly results disabling the banding filter, because the
mask and set bits are exclusive.
On the other hand, ov772x_s_ctrl() correctly sets the bit by:
ret = ov772x_mask_set(client, COM8, BNDF_ON_OFF, BNDF_ON_OFF);
The same fix was already applied to non-soc_camera version of ov772x
driver in the commit commit a024ee14cd36 ("media: ov772x: correct setting
of banding filter")
Cc: Jacopo Mondi <jacopo+renesas@jmondi.org>
Cc: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Cc: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Akinobu Mita <akinobu.mita@gmail.com>
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/media/i2c/soc_camera/ov772x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/media/i2c/soc_camera/ov772x.c b/drivers/media/i2c/soc_camera/ov772x.c
index 970a04e1e56e..a08502766474 100644
--- a/drivers/media/i2c/soc_camera/ov772x.c
+++ b/drivers/media/i2c/soc_camera/ov772x.c
@@ -834,7 +834,7 @@ static int ov772x_set_params(struct ov772x_priv *priv,
* set COM8
*/
if (priv->band_filter) {
- ret = ov772x_mask_set(client, COM8, BNDF_ON_OFF, 1);
+ ret = ov772x_mask_set(client, COM8, BNDF_ON_OFF, BNDF_ON_OFF);
if (!ret)
ret = ov772x_mask_set(client, BDBASE,
0xff, 256 - priv->band_filter);
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 18/29] drivers/tty: add error handling for pcmcia_loop_config
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (15 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 17/29] staging: android: ashmem: Fix mmap size validation Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 19/29] media: tm6000: add error handling for dvb_register_adapter Sasha Levin
` (10 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Zhouyang Jia, Greg Kroah-Hartman, Sasha Levin
From: Zhouyang Jia <jiazhouyang09@gmail.com>
[ Upstream commit 85c634e919bd6ef17427f26a52920aeba12e16ee ]
When pcmcia_loop_config fails, the lack of error-handling code may
cause unexpected results.
This patch adds error-handling code after calling pcmcia_loop_config.
Signed-off-by: Zhouyang Jia <jiazhouyang09@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/tty/serial/8250/serial_cs.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/tty/serial/8250/serial_cs.c b/drivers/tty/serial/8250/serial_cs.c
index 4d180c9423ef..1a14948c86d6 100644
--- a/drivers/tty/serial/8250/serial_cs.c
+++ b/drivers/tty/serial/8250/serial_cs.c
@@ -629,8 +629,10 @@ static int serial_config(struct pcmcia_device * link)
(link->has_func_id) &&
(link->socket->pcmcia_pfc == 0) &&
((link->func_id == CISTPL_FUNCID_MULTI) ||
- (link->func_id == CISTPL_FUNCID_SERIAL)))
- pcmcia_loop_config(link, serial_check_for_multi, info);
+ (link->func_id == CISTPL_FUNCID_SERIAL))) {
+ if (pcmcia_loop_config(link, serial_check_for_multi, info))
+ goto failed;
+ }
/*
* Apply any multi-port quirk.
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 17/29] staging: android: ashmem: Fix mmap size validation
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (14 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 16/29] media: soc_camera: ov772x: correct setting of banding filter Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 18/29] drivers/tty: add error handling for pcmcia_loop_config Sasha Levin
` (11 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Alistair Strachan, Todd Kjos, devel@driverdev.osuosl.org,
kernel-team@android.com, Joel Fernandes, Greg Kroah-Hartman,
Sasha Levin
From: Alistair Strachan <astrachan@google.com>
[ Upstream commit 8632c614565d0c5fdde527889601c018e97b6384 ]
The ashmem driver did not check that the size/offset of the vma passed
to its .mmap() function was not larger than the ashmem object being
mapped. This could cause mmap() to succeed, even though accessing parts
of the mapping would later fail with a segmentation fault.
Ensure an error is returned by the ashmem_mmap() function if the vma
size is larger than the ashmem object size. This enables safer handling
of the problem in userspace.
Cc: Todd Kjos <tkjos@android.com>
Cc: devel@driverdev.osuosl.org
Cc: linux-kernel@vger.kernel.org
Cc: kernel-team@android.com
Cc: Joel Fernandes <joel@joelfernandes.org>
Signed-off-by: Alistair Strachan <astrachan@google.com>
Acked-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Reviewed-by: Martijn Coenen <maco@android.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/staging/android/ashmem.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
index cf7c597e598f..22ddd4ce9dd6 100644
--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -370,6 +370,12 @@ static int ashmem_mmap(struct file *file, struct vm_area_struct *vma)
goto out;
}
+ /* requested mapping size larger than object size */
+ if (vma->vm_end - vma->vm_start > PAGE_ALIGN(asma->size)) {
+ ret = -EINVAL;
+ goto out;
+ }
+
/* requested protection bits must match our allowed protection mask */
if (unlikely((vma->vm_flags & ~calc_vm_prot_bits(asma->prot_mask)) &
calc_vm_prot_bits(PROT_MASK))) {
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 20/29] ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (17 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 19/29] media: tm6000: add error handling for dvb_register_adapter Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 21/29] rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Sasha Levin
` (8 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Kai-Heng Feng, Vijendar Mukunda, Takashi Iwai, Sasha Levin
From: Kai-Heng Feng <kai.heng.feng@canonical.com>
[ Upstream commit 1adca4b0cd65c14cb8b8c9c257720385869c3d5f ]
This patch can make audio controller in AMD Raven Ridge gets runtime
suspended to D3, to save ~1W power when it's not in use.
Cc: Vijendar Mukunda <Vijendar.Mukunda@amd.com>
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
sound/pci/hda/hda_intel.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/pci/hda/hda_intel.c b/sound/pci/hda/hda_intel.c
index 5b89e110f6d4..7218e40f4d9f 100644
--- a/sound/pci/hda/hda_intel.c
+++ b/sound/pci/hda/hda_intel.c
@@ -2094,7 +2094,8 @@ static const struct pci_device_id azx_ids[] = {
.driver_data = AZX_DRIVER_GENERIC | AZX_DCAPS_PRESET_ATI_SB },
/* AMD Raven */
{ PCI_DEVICE(0x1022, 0x15e3),
- .driver_data = AZX_DRIVER_GENERIC | AZX_DCAPS_PRESET_ATI_SB },
+ .driver_data = AZX_DRIVER_GENERIC | AZX_DCAPS_PRESET_ATI_SB |
+ AZX_DCAPS_PM_RUNTIME },
/* ATI HDMI */
{ PCI_DEVICE(0x1002, 0x0002),
.driver_data = AZX_DRIVER_ATIHDMI_NS | AZX_DCAPS_PRESET_ATI_HDMI_NS },
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 19/29] media: tm6000: add error handling for dvb_register_adapter
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (16 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 18/29] drivers/tty: add error handling for pcmcia_loop_config Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 20/29] ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Sasha Levin
` (9 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Zhouyang Jia, Hans Verkuil, Mauro Carvalho Chehab, Sasha Levin
From: Zhouyang Jia <jiazhouyang09@gmail.com>
[ Upstream commit e95d7c6eb94c634852eaa5ff4caf3db05b5d2e86 ]
When dvb_register_adapter fails, the lack of error-handling code may
cause unexpected results.
This patch adds error-handling code after calling dvb_register_adapter.
Signed-off-by: Zhouyang Jia <jiazhouyang09@gmail.com>
[hans.verkuil@cisco.com: use pr_err and fix typo: adater -> adapter]
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/media/usb/tm6000/tm6000-dvb.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/media/usb/tm6000/tm6000-dvb.c b/drivers/media/usb/tm6000/tm6000-dvb.c
index 095f5db1a790..4f317e2686e9 100644
--- a/drivers/media/usb/tm6000/tm6000-dvb.c
+++ b/drivers/media/usb/tm6000/tm6000-dvb.c
@@ -275,6 +275,11 @@ static int register_dvb(struct tm6000_core *dev)
ret = dvb_register_adapter(&dvb->adapter, "Trident TVMaster 6000 DVB-T",
THIS_MODULE, &dev->udev->dev, adapter_nr);
+ if (ret < 0) {
+ pr_err("tm6000: couldn't register the adapter!\n");
+ goto err;
+ }
+
dvb->adapter.priv = dev;
if (dvb->frontend) {
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 21/29] rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (18 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 20/29] ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 23/29] ARM: mvebu: declare asm symbols as character arrays in pmsu.c Sasha Levin
` (7 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Dan Carpenter, Kalle Valo, Sasha Levin
From: Dan Carpenter <dan.carpenter@oracle.com>
[ Upstream commit ae636fb1554833ee5133ca47bf4b2791b6739c52 ]
This is a static checker fix, not something I have tested. The issue
is that on the second iteration through the loop, we jump forward by
le32_to_cpu(auth_req->length) bytes. The problem is that if the length
is more than "buflen" then we end up with a negative "buflen". A
negative buflen is type promoted to a high positive value and the loop
continues but it's accessing beyond the end of the buffer.
I believe the "auth_req->length" comes from the firmware and if the
firmware is malicious or buggy, you're already toasted so the impact of
this bug is probably not very severe.
Fixes: 030645aceb3d ("rndis_wlan: handle 802.11 indications from device")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/net/wireless/rndis_wlan.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
index 46dda22cec15..ebe762bf01dd 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
@@ -2919,6 +2919,8 @@ static void rndis_wlan_auth_indication(struct usbnet *usbdev,
while (buflen >= sizeof(*auth_req)) {
auth_req = (void *)buf;
+ if (buflen < le32_to_cpu(auth_req->length))
+ return;
type = "unknown";
flags = le32_to_cpu(auth_req->flags);
pairwise_error = false;
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 22/29] wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (20 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 23/29] ARM: mvebu: declare asm symbols as character arrays in pmsu.c Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 24/29] HID: hid-ntrig: add error handling for sysfs_create_group Sasha Levin
` (5 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Tony Lindgren, Kalle Valo, Sasha Levin
From: Tony Lindgren <tony@atomide.com>
[ Upstream commit 4ec7cece87b3ed21ffcd407c62fb2f151a366bc1 ]
Otherwise we can get:
WARNING: CPU: 0 PID: 55 at drivers/net/wireless/ti/wlcore/io.h:84
I've only seen this few times with the runtime PM patches enabled
so this one is probably not needed before that. This seems to
work currently based on the current PM implementation timer. Let's
apply this separately though in case others are hitting this issue.
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/net/wireless/ti/wlcore/cmd.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/wireless/ti/wlcore/cmd.c b/drivers/net/wireless/ti/wlcore/cmd.c
index 05604ee31224..de43c0376143 100644
--- a/drivers/net/wireless/ti/wlcore/cmd.c
+++ b/drivers/net/wireless/ti/wlcore/cmd.c
@@ -35,6 +35,7 @@
#include "wl12xx_80211.h"
#include "cmd.h"
#include "event.h"
+#include "ps.h"
#include "tx.h"
#include "hw_ops.h"
@@ -187,6 +188,10 @@ int wlcore_cmd_wait_for_event_or_timeout(struct wl1271 *wl,
timeout_time = jiffies + msecs_to_jiffies(WL1271_EVENT_TIMEOUT);
+ ret = wl1271_ps_elp_wakeup(wl);
+ if (ret < 0)
+ return ret;
+
do {
if (time_after(jiffies, timeout_time)) {
wl1271_debug(DEBUG_CMD, "timeout waiting for event %d",
@@ -218,6 +223,7 @@ int wlcore_cmd_wait_for_event_or_timeout(struct wl1271 *wl,
} while (!event);
out:
+ wl1271_ps_elp_sleep(wl);
kfree(events_vector);
return ret;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 23/29] ARM: mvebu: declare asm symbols as character arrays in pmsu.c
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (19 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 21/29] rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 22/29] wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Sasha Levin
` (6 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ethan Tuttle, Gregory CLEMENT, Sasha Levin
From: Ethan Tuttle <ethan@ethantuttle.com>
[ Upstream commit d0d378ff451a66e486488eec842e507d28145813 ]
With CONFIG_FORTIFY_SOURCE, memcpy uses the declared size of operands to
detect buffer overflows. If src or dest is declared as a char, attempts to
copy more than byte will result in a fortify_panic().
Address this problem in mvebu_setup_boot_addr_wa() by declaring
mvebu_boot_wa_start and mvebu_boot_wa_end as character arrays. Also remove
a couple addressof operators to avoid "arithmetic on pointer to an
incomplete type" compiler error.
See commit 54a7d50b9205 ("x86: mark kprobe templates as character arrays,
not single characters") for a similar fix.
Fixes "detected buffer overflow in memcpy" error during init on some mvebu
systems (armada-370-xp, armada-375):
(fortify_panic) from (mvebu_setup_boot_addr_wa+0xb0/0xb4)
(mvebu_setup_boot_addr_wa) from (mvebu_v7_cpu_pm_init+0x154/0x204)
(mvebu_v7_cpu_pm_init) from (do_one_initcall+0x7c/0x1a8)
(do_one_initcall) from (kernel_init_freeable+0x1bc/0x254)
(kernel_init_freeable) from (kernel_init+0x8/0x114)
(kernel_init) from (ret_from_fork+0x14/0x2c)
Signed-off-by: Ethan Tuttle <ethan@ethantuttle.com>
Tested-by: Ethan Tuttle <ethan@ethantuttle.com>
Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
arch/arm/mach-mvebu/pmsu.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/arch/arm/mach-mvebu/pmsu.c b/arch/arm/mach-mvebu/pmsu.c
index 6f8a85c5965c..7bbe32e56bbc 100644
--- a/arch/arm/mach-mvebu/pmsu.c
+++ b/arch/arm/mach-mvebu/pmsu.c
@@ -117,8 +117,8 @@ void mvebu_pmsu_set_cpu_boot_addr(int hw_cpu, void *boot_addr)
PMSU_BOOT_ADDR_REDIRECT_OFFSET(hw_cpu));
}
-extern unsigned char mvebu_boot_wa_start;
-extern unsigned char mvebu_boot_wa_end;
+extern unsigned char mvebu_boot_wa_start[];
+extern unsigned char mvebu_boot_wa_end[];
/*
* This function sets up the boot address workaround needed for SMP
@@ -131,7 +131,7 @@ int mvebu_setup_boot_addr_wa(unsigned int crypto_eng_target,
phys_addr_t resume_addr_reg)
{
void __iomem *sram_virt_base;
- u32 code_len = &mvebu_boot_wa_end - &mvebu_boot_wa_start;
+ u32 code_len = mvebu_boot_wa_end - mvebu_boot_wa_start;
mvebu_mbus_del_window(BOOTROM_BASE, BOOTROM_SIZE);
mvebu_mbus_add_window_by_id(crypto_eng_target, crypto_eng_attribute,
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 24/29] HID: hid-ntrig: add error handling for sysfs_create_group
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (21 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 22/29] wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 25/29] scsi: bnx2i: add error handling for ioremap_nocache Sasha Levin
` (4 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Zhouyang Jia, Jiri Kosina, Sasha Levin
From: Zhouyang Jia <jiazhouyang09@gmail.com>
[ Upstream commit 44d4d51de9a3534a2b63d69efda02a10e66541e4 ]
When sysfs_create_group fails, the lack of error-handling code may
cause unexpected results.
This patch adds error-handling code after calling sysfs_create_group.
Signed-off-by: Zhouyang Jia <jiazhouyang09@gmail.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/hid/hid-ntrig.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/hid/hid-ntrig.c b/drivers/hid/hid-ntrig.c
index 600f2075512f..dc497b633e28 100644
--- a/drivers/hid/hid-ntrig.c
+++ b/drivers/hid/hid-ntrig.c
@@ -953,6 +953,8 @@ static int ntrig_probe(struct hid_device *hdev, const struct hid_device_id *id)
ret = sysfs_create_group(&hdev->dev.kobj,
&ntrig_attribute_group);
+ if (ret)
+ hid_err(hdev, "cannot create sysfs group\n");
return 0;
err_free:
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 25/29] scsi: bnx2i: add error handling for ioremap_nocache
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (22 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 24/29] HID: hid-ntrig: add error handling for sysfs_create_group Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 26/29] audit: Fix extended comparison of GID/EGID Sasha Levin
` (3 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Zhouyang Jia, Martin K . Petersen, Sasha Levin
From: Zhouyang Jia <jiazhouyang09@gmail.com>
[ Upstream commit aa154ea885eb0c2407457ce9c1538d78c95456fa ]
When ioremap_nocache fails, the lack of error-handling code may cause
unexpected results.
This patch adds error-handling code after calling ioremap_nocache.
Signed-off-by: Zhouyang Jia <jiazhouyang09@gmail.com>
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Acked-by: Manish Rangankar <Manish.Rangankar@cavium.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
drivers/scsi/bnx2i/bnx2i_hwi.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/scsi/bnx2i/bnx2i_hwi.c b/drivers/scsi/bnx2i/bnx2i_hwi.c
index fb072cc5e9fd..dada9ce4e702 100644
--- a/drivers/scsi/bnx2i/bnx2i_hwi.c
+++ b/drivers/scsi/bnx2i/bnx2i_hwi.c
@@ -2742,6 +2742,8 @@ int bnx2i_map_ep_dbell_regs(struct bnx2i_endpoint *ep)
BNX2X_DOORBELL_PCI_BAR);
reg_off = (1 << BNX2X_DB_SHIFT) * (cid_num & 0x1FFFF);
ep->qp.ctx_base = ioremap_nocache(reg_base + reg_off, 4);
+ if (!ep->qp.ctx_base)
+ return -ENOMEM;
goto arm_cq;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 26/29] audit: Fix extended comparison of GID/EGID
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (23 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 25/29] scsi: bnx2i: add error handling for ioremap_nocache Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 27/29] ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Sasha Levin
` (2 subsequent siblings)
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ondrej Mosnáček, Paul Moore, Sasha Levin
From: Ondrej Mosnáček <omosnace@redhat.com>
[ Upstream commit af85d1772e31fed34165a1b3decef340cf4080c0 ]
The audit_filter_rules() function in auditsc.c used the in_[e]group_p()
functions to check GID/EGID match, but these functions use the current
task's credentials, while the comparison should use the credentials of
the task given to audit_filter_rules() as a parameter (tsk).
Note that we can use group_search(cred->group_info, ...) as a
replacement for both in_group_p and in_egroup_p as these functions only
compare the parameter to cred->fsgid/egid and then call group_search.
In fact, the usage of in_group_p was even more incorrect: it compares to
cred->fsgid (which is usually equal to cred->egid) and not cred->gid.
GitHub issue:
https://github.com/linux-audit/audit-kernel/issues/82
Fixes: 37eebe39c973 ("audit: improve GID/EGID comparation logic")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
kernel/auditsc.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3a6e01013b34..889ba4c9a5e3 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -484,20 +484,20 @@ static int audit_filter_rules(struct task_struct *tsk,
result = audit_gid_comparator(cred->gid, f->op, f->gid);
if (f->op == Audit_equal) {
if (!result)
- result = in_group_p(f->gid);
+ result = groups_search(cred->group_info, f->gid);
} else if (f->op == Audit_not_equal) {
if (result)
- result = !in_group_p(f->gid);
+ result = !groups_search(cred->group_info, f->gid);
}
break;
case AUDIT_EGID:
result = audit_gid_comparator(cred->egid, f->op, f->gid);
if (f->op == Audit_equal) {
if (!result)
- result = in_egroup_p(f->gid);
+ result = groups_search(cred->group_info, f->gid);
} else if (f->op == Audit_not_equal) {
if (result)
- result = !in_egroup_p(f->gid);
+ result = !groups_search(cred->group_info, f->gid);
}
break;
case AUDIT_SGID:
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 27/29] ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (24 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 26/29] audit: Fix extended comparison of GID/EGID Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 28/29] module: exclude SHN_UNDEF symbols from kallsyms api Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 29/29] nfsd: fix corrupted reply to badly ordered compound Sasha Levin
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Liam Girdwood, Mark Brown, Sasha Levin
From: Liam Girdwood <liam.r.girdwood@linux.intel.com>
[ Upstream commit e01b4f624278d5efe5fb5da585ca371947b16680 ]
Sometime a component or topology may configure a DAI widget with no
private data leading to a dev_dbg() dereferencne of this data.
Fix this to check for non NULL private data and let users know if widget
is missing DAI.
Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
sound/soc/soc-dapm.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/sound/soc/soc-dapm.c b/sound/soc/soc-dapm.c
index 5c6ac0692fa3..d8ac9e5e2c00 100644
--- a/sound/soc/soc-dapm.c
+++ b/sound/soc/soc-dapm.c
@@ -3400,6 +3400,13 @@ int snd_soc_dapm_link_dai_widgets(struct snd_soc_card *card)
continue;
}
+ /* let users know there is no DAI to link */
+ if (!dai_w->priv) {
+ dev_dbg(card->dev, "dai widget %s has no DAI\n",
+ dai_w->name);
+ continue;
+ }
+
dai = dai_w->priv;
/* ...find all widgets with the same stream and link them */
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 28/29] module: exclude SHN_UNDEF symbols from kallsyms api
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (25 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 27/29] ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 29/29] nfsd: fix corrupted reply to badly ordered compound Sasha Levin
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Jessica Yu, Sasha Levin
From: Jessica Yu <jeyu@kernel.org>
[ Upstream commit 9f2d1e68cf4d641def734adaccfc3823d3575e6c ]
Livepatch modules are special in that we preserve their entire symbol
tables in order to be able to apply relocations after module load. The
unwanted side effect of this is that undefined (SHN_UNDEF) symbols of
livepatch modules are accessible via the kallsyms api and this can
confuse symbol resolution in livepatch (klp_find_object_symbol()) and
cause subtle bugs in livepatch.
Have the module kallsyms api skip over SHN_UNDEF symbols. These symbols
are usually not available for normal modules anyway as we cut down their
symbol tables to just the core (non-undefined) symbols, so this should
really just affect livepatch modules. Note that this patch doesn't
affect the display of undefined symbols in /proc/kallsyms.
Reported-by: Josh Poimboeuf <jpoimboe@redhat.com>
Tested-by: Josh Poimboeuf <jpoimboe@redhat.com>
Reviewed-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
kernel/module.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/kernel/module.c b/kernel/module.c
index 737d53099360..bc417377930b 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -3592,7 +3592,7 @@ static unsigned long mod_find_symname(struct module *mod, const char *name)
for (i = 0; i < kallsyms->num_symtab; i++)
if (strcmp(name, symname(kallsyms, i)) == 0 &&
- kallsyms->symtab[i].st_info != 'U')
+ kallsyms->symtab[i].st_shndx != SHN_UNDEF)
return kallsyms->symtab[i].st_value;
return 0;
}
@@ -3636,6 +3636,10 @@ int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *,
if (mod->state == MODULE_STATE_UNFORMED)
continue;
for (i = 0; i < kallsyms->num_symtab; i++) {
+
+ if (kallsyms->symtab[i].st_shndx == SHN_UNDEF)
+ continue;
+
ret = fn(data, symname(kallsyms, i),
mod, kallsyms->symtab[i].st_value);
if (ret != 0)
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
* [PATCH AUTOSEL 3.18 29/29] nfsd: fix corrupted reply to badly ordered compound
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
` (26 preceding siblings ...)
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 28/29] module: exclude SHN_UNDEF symbols from kallsyms api Sasha Levin
@ 2018-09-17 3:05 ` Sasha Levin
27 siblings, 0 replies; 29+ messages in thread
From: Sasha Levin @ 2018-09-17 3:05 UTC (permalink / raw
To: stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: J. Bruce Fields, Sasha Levin
From: "J. Bruce Fields" <bfields@redhat.com>
[ Upstream commit 5b7b15aee641904ae269be9846610a3950cbd64c ]
We're encoding a single op in the reply but leaving the number of ops
zero, so the reply makes no sense.
Somewhat academic as this isn't a case any real client will hit, though
in theory perhaps that could change in a future protocol extension.
Reviewed-by: Jeff Layton <jlayton@kernel.org>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
fs/nfsd/nfs4proc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index f6429b3d89e2..fb0bb5b2bcd8 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -1347,6 +1347,7 @@ nfsd4_proc_compound(struct svc_rqst *rqstp,
if (status) {
op = &args->ops[0];
op->status = status;
+ resp->opcnt = 1;
goto encode_op;
}
--
2.17.1
^ permalink raw reply related [flat|nested] 29+ messages in thread
end of thread, other threads:[~2018-09-17 3:10 UTC | newest]
Thread overview: 29+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-17 3:05 [PATCH AUTOSEL 3.18 01/29] crypto: skcipher - Fix -Wstringop-truncation warnings Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 02/29] tsl2550: fix lux1_input error in low light Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 03/29] x86/numa_emulation: Fix emulated-to-physical node mapping Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 05/29] USB: serial: kobil_sct: fix modem-status error handling Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 04/29] uwb: hwa-rc: fix memory leak at probe Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 06/29] media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt() Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 07/29] powerpc/kdump: Handle crashkernel memory reservation failure Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 08/29] x86/tsc: Add missing header to tsc_msr.c Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 09/29] scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 11/29] usb: wusbcore: security: cast sizeof to int for comparison Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 10/29] scsi: ibmvscsi: Improve strings handling Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 12/29] alarmtimer: Prevent overflow for relative nanosleep Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 13/29] s390/extmem: fix gcc 8 stringop-overflow warning Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 15/29] media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 14/29] ALSA: snd-aoa: add of_node_put() in error path Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 16/29] media: soc_camera: ov772x: correct setting of banding filter Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 17/29] staging: android: ashmem: Fix mmap size validation Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 18/29] drivers/tty: add error handling for pcmcia_loop_config Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 19/29] media: tm6000: add error handling for dvb_register_adapter Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 20/29] ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 21/29] rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 23/29] ARM: mvebu: declare asm symbols as character arrays in pmsu.c Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 22/29] wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 24/29] HID: hid-ntrig: add error handling for sysfs_create_group Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 25/29] scsi: bnx2i: add error handling for ioremap_nocache Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 26/29] audit: Fix extended comparison of GID/EGID Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 27/29] ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 28/29] module: exclude SHN_UNDEF symbols from kallsyms api Sasha Levin
2018-09-17 3:05 ` [PATCH AUTOSEL 3.18 29/29] nfsd: fix corrupted reply to badly ordered compound Sasha Levin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.