When kuser helpers are enabled the kernel maps the relative code at
a fixed address (0xffff0000). Making configurable the option to disable
them means that the kernel can remove this mapping and any access to
this memory area results in a sigfault.
Add a KUSER_HELPERS config option that can be used to disable the
mapping when it is turned off.
This option can be turned off if and only if the applications are
designed specifically for the platform and they do not make use of the
kuser helpers code.
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
[will: Use IS_ENABLED() instead of #ifdef]
Signed-off-by: Will Deacon <will.deacon@arm.com>
(cherry picked from commit af1b3cf2c2)
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 154668398
Change-Id: I7bca1cd4bd1784d69de17e10832a9b36f81c443d
aarch32_alloc_vdso_pages() needs to be refactored to make it
easier to disable kuser helpers.
Divide the function in aarch32_alloc_kuser_vdso_page() and
aarch32_alloc_sigreturn_vdso_page().
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
[will: Inlined sigpage allocation to simplify error paths]
Signed-off-by: Will Deacon <will.deacon@arm.com>
(cherry picked from commit 1255a7341b)
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 154668398
Change-Id: Ia54bc0f0c0ae34b863f46df0b15b46657f934e81
To make it possible to disable kuser helpers in aarch32 we need to
divide the kuser and the sigreturn functionalities.
Split the current version of kuser32 in kuser32 (for kuser helpers)
and sigreturn32 (for sigreturn helpers).
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
(cherry picked from commit d1e5ca64d5)
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 154668398
Change-Id: I9f3e64a6e6fabfb6c6f0a7e66286ed379b146d99
For AArch32 tasks, we install a special "[vectors]" page that contains
the sigreturn trampolines and kuser helpers, which is mapped at a fixed
address specified by the kuser helpers ABI.
Having the sigreturn trampolines in the same page as the kuser helpers
makes it impossible to disable the kuser helpers independently.
Follow the Arm implementation, by moving the signal trampolines out of
the "[vectors]" page and into their own "[sigpage]".
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
[will: tweaked comments and fixed sparse warning]
Signed-off-by: Will Deacon <will.deacon@arm.com>
(cherry picked from commit 0d747f6585)
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 154668398
Change-Id: I9f86427ec81a244a5c19fd707147dde0f61be4ad
This feature is only used by arm/arm64 boards but it builds on x86 too
so enable it everywhere for build coverage.
Bug: 153699377
Bug: 154880035
Change-Id: I30c78c394c7d95a02d75d39101c414d37b824024
Signed-off-by: Alistair Delva <adelva@google.com>
Use the FG_TYPE property to report the type of FG
present in the system. For example on QG, it is
voltage-mode based QG or cc-mode based QG.
Change-Id: Iaad3ad29b2d778eed215d420a23b601587163e83
Bug: 155087902
Signed-off-by: Anirudh Ghayal <aghayal@codeaurora.org>
(cherry picked from commit 1c044cbc16076f1e0cd328e6b6684eb57c1ba07b)
Signed-off-by: Will McVicker <willmcvicker@google.com>
This may be used for vendor haptics initialization. So include here for
vendors.
Signed-off-by: Will McVicker <willmcvicker@google.com>
Bug: 154966878
Change-Id: I1716ec5246c7e2642902db3768026573d72bdd8f
This config is typically used for power usage tracking. So, enable it.
Bug: 154966878
Signed-off-by: Saravana Kannan <saravanak@google.com>
Change-Id: Ieda8582afd65d63f340ab5ee99295e6ebd58e62f
HW tracing features shouldn't be enabled in any final product. So
disable it.
Bug: 154966878
Signed-off-by: Saravana Kannan <saravanak@google.com>
Change-Id: I6603e71b0912dd89d653bb0bd36a0a4cb8b504e1
I2C char devices are often used by vendors.
Bug: 154966878
Change-Id: I8ffc577b12a7c37a30005dacd8d7fab09e2cf93e
Signed-off-by: Saravana Kannan <saravanak@google.com>
USB 3.2 Specification updated configuration summary descriptor
different from drafted version. This descriptor is needed per
function. Descriptor provides list of configuration indices
that include that function. Use bcdVersion to handle spec
compliant descriptor and select device preferred config supporting
UAC3 or lower revision.
Change-Id: I7cf28eaf61ca91496be84d90ad00704fe4acb149
Signed-off-by: Hemant Kumar <hemantk@codeaurora.org>
Bug: 153666697
(cherry picked from commit 1f64d4e3b596823acd4ec3a4f7ffd7142d71942f)
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Saravana Kannan <saravanak@google.com>
If free blocks hole is smaller than discard_granularity,
TRIM to this range can be skipped.
Fix this by changing the granularity to 4kb at dm-bow layer,
not to skip TRIM to every tiny free blocks.
Bug: 154411183
Signed-off-by: hyeongseok.kim <hyeongseok@gmail.com>
Cc: hyeongseok.kim <hyeongseok.kim@lge.com>
Change-Id: Ic7c33d94a016d0ad5a75514eae1056c328c9c1ba
(cherry picked from commit ca986e448c)
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Remove one more VLA that was not caught.
Bug: 154930031
Change-Id: I2c6c1f6d5e6ef23769c117a47689e1539b85c882
Signed-off-by: Alistair Delva <adelva@google.com>
The 0-day test bot found three minor issues in the wakeup_reason
enhancements patch, including two undeclared functions that should have
been static, an allegedly uninitialized pointer (which is actually set
in the line immediately prior to cppcheck's complaint), and a type
mismatch when printing timespec64 fields on a 32-bit build.
These changes address those findings.
Fixes: e7b509cf04 ("ANDROID: power: wakeup_reason: wake reason
enhancements")
Bug: 153727431
Reported-by: kbuild test robot <lkp@intel.com>
Change-Id: I9194f85d0ca7921461866b73dc24e1783b1da6c6
Signed-off-by: Kelly Rossmoyer <krossmo@google.com>
Fix cfg80211_gen_new_bssid() to not rely on u64 modulo arithmetic,
which isn't needed since we really just want to mask there. Also,
clean it up to calculate the mask only once and use GENMASK_ULL()
instead of open-coding the mask calculation.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 5d4071abd9)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Ia7f3782f7831b7994fde3cfae85308c6b73602d4
When the new IEs are generated, the multiple BSSID elements
are not saved. Save aside properties that are needed later
for PS.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 0cd01efb03)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I5011217119bfc01dcd2d3aa10f37df4dc385b5c0
This will enable reuse by mac80211.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 7ece9c372b)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I1db90bf0e255ae57955e2bdf663b1877c6c2df29
Parsing and exposing nontransmitted APs is problematic
when underlying HW doesn't support it. Do it only if
driver indicated support. Allow HE restriction as well,
since the HE spec defined the exact manner that Multiple
BSSID set should behave. APs that not support the HE
spec will have less predictable Multiple BSSID set
support/behavior
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 213ed579d3)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Ib691778353cce81d6251dca65177ef19010b4ae3
Previously the transmitted BSS and the non-trasmitted BSS list were
defined in struct cfg80211_internal_bss. Move them to struct cfg80211_bss
since mac80211 needs this info.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 7011ba583f)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I8d0780eb2dde7d858b2f57cf001c3d58aa68212e
When holding data of the non-transmitting BSS, we need to keep the
transmitting BSS data on. Otherwise it will be released, and release
the non-transmitting BSS with it.
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit a3584f56de)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I685a4cd474798df51137b974e80f7bba93f13c74
Use the new for_each_element() helper here, we cannot use
for_each_subelement() since we have a fixed 1 byte before
the subelements start.
While at it, also fix le16_to_cpup() to be get_unaligned_le16()
since we don't know anything about alignment.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 1c8745f3ec)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Ic1e8fdec3b19300b522414200a2254664948211f
This extends cfg80211 BSS table processing to be able to parse Multiple
BSSID element from Beacon and Probe Response frames and to update the
BSS profiles in internal database for non-transmitted BSSs.
Signed-off-by: Peng Xu <pxu@codeaurora.org>
Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 0b8fb8235b)
Signed-off-by: Connor O'Brien <connoro@google.com>
Bug: 154523213
Change-Id: Ic0d56356c53306be9afa8ab4bfda8407d1d55ad4
This interface allows the host driver to offload OWE processing
to user space. This intends to support OWE (Opportunistic Wireless
Encryption) AKM by the drivers that implement SME but rely on the
user space for the cryptographic/OWE processing in AP mode. Such
drivers are not capable of processing/deriving the DH IE.
A new NL80211 command - NL80211_CMD_UPDATE_OWE_INFO is introduced
to send the request/event between the host driver and user space.
Driver shall provide the OWE info (MAC address and DH IE) of
the peer to user space for cryptographic processing of the DH IE
through the event. Accordingly, the user space shall update the
OWE info/DH IE to the driver.
Following is the sequence in AP mode for OWE authentication.
Driver passes the OWE info obtained from the peer in the
Association Request to the user space through the event
cfg80211_update_owe_info_event. User space shall process the
OWE info received and generate new OWE info. This OWE info is
passed to the driver through NL80211_CMD_UPDATE_OWE_INFO
request. Driver eventually uses this OWE info to send the
Association Response to the peer.
This OWE info in the command interface carries the IEs that include
PMKID of the peer if the PMKSA is still valid or an updated DH IE
for generating a new PMKSA with the peer.
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Sunil Dutt <usdutt@codeaurora.org>
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
[remove policy initialization - no longer exists]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit cb74e97758)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I3c5cd950f1777cf62e622fcf774ce1aac456f22c
Update header for nl80211 nl80211_ext_feature_index and
nl80211_commands enum from master branch of upstream repoistory
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next.git
which includes the following changes (with changes to extract
"enum" value change only):
91b5ab6289 cfg80211: support 4-way handshake offloading for WPA/WPA2-PSK
3a00df5707 cfg80211: support 4-way handshake offloading for 802.1X
2d23d0736e nl80211: add OCE scan and capability flags
65026002d6 nl80211: add an option to allow MFP without requiring it
5037a00992 nl80211: Introduce scan flags to emphasize requested scan
behavior
13cf6dec93 cfg80211/nl80211: add DFS offload flag
2576a9ace4 nl80211: Implement TX of control port frames
9c06602b1b cfg80211: clarify frames covered by average ACK signal report
52539ca89f cfg80211: Expose TXQ stats and parameters to userspace
2e076f1990 nl80211: add scan features for improved scan privac
2b815b04df nl80211: Add CAN_REPLACE_PTK0 API
81e54d08d9 cfg80211: support FTM responder configuration/statistics
36647055b3 cfg80211: Add airtime statistics and settings
466b9936bf cfg80211: Add support to notify station's opmode change to
userspace
6a671a50f8 nl80211: Add CMD_CONTROL_PORT_FRAME API
9bb7e0f24e cfg80211: add peer measurement with FTM initiator API
30c63115e2 nl80211: Add support to notify radar event info received from
STA.
CRs-Fixed: 2396941
Change-Id: I976a9177b9dd705c6131a3a9a62d64432e3d715a
Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
(cherry picked from commit b1096dd1006d59defdfca6c39d50526e388408d6)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
This allows userspace to help with firmware loading by default for all
devices.
Bug: 154837460
Change-Id: I9fd5818be57a87a6ff7eeed2a72c10817c5a4895
Signed-off-by: Saravana Kannan <saravanak@google.com>
This breaks userspace ABI. Too late to have it enabled for 4.19.
Bug: 154837460
Change-Id: Ifbaecf168de901d5020f0a35ff3b11c244dcf81c
Signed-off-by: Saravana Kannan <saravanak@google.com>
Some vendors need this config to be enabled to boot. So, enable it.
Bug: 154837460
Change-Id: Ia5ac978ae53662aadef41cb3b514228a62d8f5eb
Signed-off-by: Saravana Kannan <saravanak@google.com>
Different vendors might need slightly different verions of this module
to deal with their hardware variances. So, make it a module.
Bug: 154836329
Change-Id: Iefb4ff8cf6a0123fe9af12fcfa29bc2f1eec63ef
Signed-off-by: Saravana Kannan <saravanak@google.com>
Add hidden configs to GKI_HACKS_TO_FIX so they are enabled for loadable
GPU modules built out-of-tree.
Bug: 154525079
Test: rebuild kernel binary and pass checkvintf
Change-Id: I51871132b6a0bd1a55f5db7a9f90177cbc20ef86
Signed-off-by: Yiwei Zhang <zzyiwei@google.com>
Changes in 4.19.118
arm, bpf: Fix offset overflow for BPF_MEM BPF_DW
objtool: Fix switch table detection in .text.unlikely
scsi: sg: add sg_remove_request in sg_common_write
ext4: use non-movable memory for superblock readahead
watchdog: sp805: fix restart handler
arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0
ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN.
netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type
irqchip/mbigen: Free msi_desc on device teardown
ALSA: hda: Don't release card at firmware loading error
of: unittest: kmemleak on changeset destroy
of: unittest: kmemleak in of_unittest_platform_populate()
of: unittest: kmemleak in of_unittest_overlay_high_level()
of: overlay: kmemleak in dup_and_fixup_symbol_prop()
x86/Hyper-V: Report crash register data or kmsg before running crash kernel
lib/raid6: use vdupq_n_u8 to avoid endianness warnings
video: fbdev: sis: Remove unnecessary parentheses and commented code
rbd: avoid a deadlock on header_rwsem when flushing notifies
rbd: call rbd_dev_unprobe() after unwatching and flushing notifies
xsk: Add missing check on user supplied headroom size
x86/Hyper-V: Unload vmbus channel in hv panic callback
x86/Hyper-V: Free hv_panic_page when fail to register kmsg dump
x86/Hyper-V: Trigger crash enlightenment only once during system crash.
x86/Hyper-V: Report crash register data when sysctl_record_panic_msg is not set
x86/Hyper-V: Report crash data in die() when panic_on_oops is set
clk: at91: usb: continue if clk_hw_round_rate() return zero
power: supply: bq27xxx_battery: Silence deferred-probe error
clk: tegra: Fix Tegra PMC clock out parents
soc: imx: gpc: fix power up sequencing
rtc: 88pm860x: fix possible race condition
NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid()
NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
s390/cpuinfo: fix wrong output when CPU0 is offline
powerpc/maple: Fix declaration made after definition
s390/cpum_sf: Fix wrong page count in error message
ext4: do not commit super on read-only bdev
um: ubd: Prevent buffer overrun on command completion
cifs: Allocate encryption header through kmalloc
include/linux/swapops.h: correct guards for non_swap_entry()
percpu_counter: fix a data race at vm_committed_as
compiler.h: fix error in BUILD_BUG_ON() reporting
KVM: s390: vsie: Fix possible race when shadowing region 3 tables
x86: ACPI: fix CPU hotplug deadlock
drm/amdkfd: kfree the wrong pointer
NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
f2fs: fix NULL pointer dereference in f2fs_write_begin()
drm/vc4: Fix HDMI mode validation
iommu/vt-d: Fix mm reference leak
ext2: fix empty body warnings when -Wextra is used
ext2: fix debug reference to ext2_xattr_cache
power: supply: axp288_fuel_gauge: Broaden vendor check for Intel Compute Sticks.
libnvdimm: Out of bounds read in __nd_ioctl()
iommu/amd: Fix the configuration of GCR3 table root pointer
f2fs: fix to wait all node page writeback
net: dsa: bcm_sf2: Fix overflow checks
fbdev: potential information leak in do_fb_ioctl()
iio: si1133: read 24-bit signed integer for measurement
tty: evh_bytechan: Fix out of bounds accesses
locktorture: Print ratio of acquisitions, not failures
mtd: spinand: Explicitly use MTD_OPS_RAW to write the bad block marker to OOB
mtd: lpddr: Fix a double free in probe()
mtd: phram: fix a double free issue in error path
KEYS: Don't write out to userspace while holding key semaphore
bpf: fix buggy r0 retval refinement for tracing helpers
Linux 4.19.118
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ife34f739f719c332c7b1d22b1832179be6a16800
[ no upstream commit ]
See the glory details in 100605035e ("bpf: Verifier, do_refine_retval_range
may clamp umin to 0 incorrectly") for why 849fa50662 ("bpf/verifier: refine
retval R0 state for bpf_get_stack helper") is buggy. The whole series however
is not suitable for stable since it adds significant amount [0] of verifier
complexity in order to add 32bit subreg tracking. Something simpler is needed.
Unfortunately, reverting 849fa50662 ("bpf/verifier: refine retval R0 state
for bpf_get_stack helper") or just cherry-picking 100605035e ("bpf: Verifier,
do_refine_retval_range may clamp umin to 0 incorrectly") is not an option since
it will break existing tracing programs badly (at least those that are using
bpf_get_stack() and bpf_probe_read_str() helpers). Not fixing it in stable is
also not an option since on 4.19 kernels an error will cause a soft-lockup due
to hitting dead-code sanitized branch since we don't hard-wire such branches
in old kernels yet. But even then for 5.x 849fa50662 ("bpf/verifier: refine
retval R0 state for bpf_get_stack helper") would cause wrong bounds on the
verifier simluation when an error is hit.
In one of the earlier iterations of mentioned patch series for upstream there
was the concern that just using smax_value in do_refine_retval_range() would
nuke bounds by subsequent <<32 >>32 shifts before the comparison against 0 [1]
which eventually led to the 32bit subreg tracking in the first place. While I
initially went for implementing the idea [1] to pattern match the two shift
operations, it turned out to be more complex than actually needed, meaning, we
could simply treat do_refine_retval_range() similarly to how we branch off
verification for conditionals or under speculation, that is, pushing a new
reg state to the stack for later verification. This means, instead of verifying
the current path with the ret_reg in [S32MIN, msize_max_value] interval where
later bounds would get nuked, we split this into two: i) for the success case
where ret_reg can be in [0, msize_max_value], and ii) for the error case with
ret_reg known to be in interval [S32MIN, -1]. Latter will preserve the bounds
during these shift patterns and can match reg < 0 test. test_progs also succeed
with this approach.
[0] https://lore.kernel.org/bpf/158507130343.15666.8018068546764556975.stgit@john-Precision-5820-Tower/
[1] https://lore.kernel.org/bpf/158015334199.28573.4940395881683556537.stgit@john-XPS-13-9370/T/#m2e0ad1d5949131014748b6daa48a3495e7f0456d
Fixes: 849fa50662 ("bpf/verifier: refine retval R0 state for bpf_get_stack helper")
Reported-by: Lorenzo Fontana <fontanalorenz@gmail.com>
Reported-by: Leonardo Di Donato <leodidonato@gmail.com>
Reported-by: John Fastabend <john.fastabend@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Tested-by: John Fastabend <john.fastabend@gmail.com>
Tested-by: Lorenzo Fontana <fontanalorenz@gmail.com>
Tested-by: Leonardo Di Donato <leodidonato@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 80c503e0e6 upstream.
The __torture_print_stats() function in locktorture.c carefully
initializes local variable "min" to statp[0].n_lock_acquired, but
then compares it to statp[i].n_lock_fail. Given that the .n_lock_fail
field should normally be zero, and given the initialization, it seems
reasonable to display the maximum and minimum number acquisitions
instead of miscomputing the maximum and minimum number of failures.
This commit therefore switches from failures to acquisitions.
And this turns out to be not only a day-zero bug, but entirely my
own fault. I hate it when that happens!
Fixes: 0af3fe1efa ("locktorture: Add a lock-torture kernel module")
Reported-by: Will Deacon <will@kernel.org>
Signed-off-by: Paul E. McKenney <paulmck@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Cc: Davidlohr Bueso <dave@stgolabs.net>
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 3670664b5d upstream.
ev_byte_channel_send() assumes that its third argument is a 16 byte
array. Some places where it is called it may not be (or we can't
easily tell if it is). Newer compilers have started producing warnings
about this, so make sure we actually pass a 16 byte array.
There may be more elegant solutions to this, but the driver is quite
old and hasn't been updated in many years.
The warnings (from a powerpc allyesconfig build) are:
In file included from include/linux/byteorder/big_endian.h:5,
from arch/powerpc/include/uapi/asm/byteorder.h:14,
from include/asm-generic/bitops/le.h:6,
from arch/powerpc/include/asm/bitops.h:250,
from include/linux/bitops.h:29,
from include/linux/kernel.h:12,
from include/asm-generic/bug.h:19,
from arch/powerpc/include/asm/bug.h:109,
from include/linux/bug.h:5,
from include/linux/mmdebug.h:5,
from include/linux/gfp.h:5,
from include/linux/slab.h:15,
from drivers/tty/ehv_bytechan.c:24:
drivers/tty/ehv_bytechan.c: In function ‘ehv_bc_udbg_putc’:
arch/powerpc/include/asm/epapr_hcalls.h:298:20: warning: array subscript 1 is outside array bounds of ‘const char[1]’ [-Warray-bounds]
298 | r6 = be32_to_cpu(p[1]);
include/uapi/linux/byteorder/big_endian.h:40:51: note: in definition of macro ‘__be32_to_cpu’
40 | #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
| ^
arch/powerpc/include/asm/epapr_hcalls.h:298:7: note: in expansion of macro ‘be32_to_cpu’
298 | r6 = be32_to_cpu(p[1]);
| ^~~~~~~~~~~
drivers/tty/ehv_bytechan.c:166:13: note: while referencing ‘data’
166 | static void ehv_bc_udbg_putc(char c)
| ^~~~~~~~~~~~~~~~
Fixes: dcd83aaff1 ("tty/powerpc: introduce the ePAPR embedded hypervisor byte channel driver")
Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au>
Tested-by: Laurentiu Tudor <laurentiu.tudor@nxp.com>
[mpe: Trim warnings from change log]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200109183912.5fcb52aa@canb.auug.org.au
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 328b50e9a0 upstream.
The chip is configured in 24 bit mode. The values read from
it must always be treated as is. This fixes the issue by
replacing the previous 16 bits value by a 24 bits buffer.
This changes affects the value output by previous version of
the driver, since the least significant byte was missing.
The upper half of 16 bit values previously output are now
the upper half of a 24 bit value.
Fixes: e01e7eaf37 ("iio: light: introduce si1133")
Reported-by: Simon Goyette <simon.goyette@gmail.com>
Co-authored-by: Guillaume Champagne <champagne.guillaume.c@gmail.com>
Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Guillaume Champagne <champagne.guillaume.c@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit d0802dc411 upstream.
Commit f949a12fd6 ("net: dsa: bcm_sf2: fix buffer overflow doing
set_rxnfc") tried to fix the some user controlled buffer overflows in
bcm_sf2_cfp_rule_set() and bcm_sf2_cfp_rule_del() but the fix was using
CFP_NUM_RULES, which while it is correct not to overflow the bitmaps, is
not representative of what the device actually supports. Correct that by
using bcm_sf2_cfp_rule_size() instead.
The latter subtracts the number of rules by 1, so change the checks from
greater than or equal to greater than accordingly.
Fixes: f949a12fd6 ("net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit dc5a941223 ]
There is a race condition that we may miss to wait for all node pages
writeback, fix it.
- fsync() - shrink
- f2fs_do_sync_file
- __write_node_page
- set_page_writeback(page#0)
: remove DIRTY/TOWRITE flag
- f2fs_fsync_node_pages
: won't find page #0 as TOWRITE flag was removeD
- f2fs_wait_on_node_pages_writeback
: wont' wait page #0 writeback as it was not in fsync_node_list list.
- f2fs_add_fsync_node_entry
Fixes: 50fa53eccf ("f2fs: fix to avoid broken of dnode block list")
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit c20f365346 ]
The SPA of the GCR3 table root pointer[51:31] masks 20 bits. However,
this requires 21 bits (Please see the AMD IOMMU specification).
This leads to the potential failure when the bit 51 of SPA of
the GCR3 table root pointer is 1'.
Signed-off-by: Adrian Huang <ahuang12@lenovo.com>
Fixes: 52815b7568 ("iommu/amd: Add support for IOMMUv2 domain mode")
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit e42fe5b29a ]
The Intel Compute Stick `STK1A32SC` can have a system vendor of
"Intel(R) Client Systems".
Broaden the Intel Compute Stick DMI checks so that they match "Intel
Corporation" as well as "Intel(R) Client Systems".
This fixes an issue where the STK1A32SC compute sticks were still
exposing a battery with the existing blacklist entry.
Signed-off-by: Jeffery Miller <jmiller@neverware.com>
Reviewed-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Sebastian Reichel <sebastian.reichel@collabora.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
