This is a note to let you know that I've just added the patch titled
usb: host: fix incorrect updating of offset
to my usb git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
in the usb-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From 1d5a31582ef046d3b233f0da1a68ae26519b2f0a Mon Sep 17 00:00:00 2001
From: Colin Ian King <colin.king(a)canonical.com>
Date: Tue, 7 Nov 2017 16:45:04 +0000
Subject: usb: host: fix incorrect updating of offset
The variable temp is incorrectly being updated, instead it should
be offset otherwise the loop just reads the same capability value
and loops forever. Thanks to Alan Stern for pointing out the
correct fix to my original fix. Fix also cleans up clang warning:
drivers/usb/host/ehci-dbg.c:840:4: warning: Value stored to 'temp'
is never read
Fixes: d49d43174400 ("USB: misc ehci updates")
Cc: stable <stable(a)vger.kernel.org>
Signed-off-by: Colin Ian King <colin.king(a)canonical.com>
Acked-by: Alan Stern <stern(a)rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/usb/host/ehci-dbg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/usb/host/ehci-dbg.c b/drivers/usb/host/ehci-dbg.c
index 19f00424f53e..3ed75aaa09d9 100644
--- a/drivers/usb/host/ehci-dbg.c
+++ b/drivers/usb/host/ehci-dbg.c
@@ -827,7 +827,7 @@ static ssize_t fill_registers_buffer(struct debug_buffer *buf)
default: /* unknown */
break;
}
- temp = (cap >> 8) & 0xff;
+ offset = (cap >> 8) & 0xff;
}
}
#endif
--
2.15.0
This is a note to let you know that I've just added the patch titled
USB: ulpi: fix bus-node lookup
to my usb git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
in the usb-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From 33c309ebc797b908029fd3a0851aefe697e9b598 Mon Sep 17 00:00:00 2001
From: Johan Hovold <johan(a)kernel.org>
Date: Sat, 11 Nov 2017 16:31:18 +0100
Subject: USB: ulpi: fix bus-node lookup
Fix bus-node lookup during registration, which ended up searching the whole
device tree depth-first starting at the parent (or grand parent) rather
than just matching on its children.
To make things worse, the parent (or grand-parent) node could end being
prematurely freed as well.
Fixes: ef6a7bcfb01c ("usb: ulpi: Support device discovery via DT")
Reported-by: Peter Robinson <pbrobinson(a)gmail.com>
Reported-by: Stephen Boyd <sboyd(a)codeaurora.org>
Cc: stable <stable(a)vger.kernel.org> # 4.10
Signed-off-by: Johan Hovold <johan(a)kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/usb/common/ulpi.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/usb/common/ulpi.c b/drivers/usb/common/ulpi.c
index 8b351444cc40..9a2ab6751a23 100644
--- a/drivers/usb/common/ulpi.c
+++ b/drivers/usb/common/ulpi.c
@@ -180,9 +180,9 @@ static int ulpi_of_register(struct ulpi *ulpi)
/* Find a ulpi bus underneath the parent or the grandparent */
parent = ulpi->dev.parent;
if (parent->of_node)
- np = of_find_node_by_name(parent->of_node, "ulpi");
+ np = of_get_child_by_name(parent->of_node, "ulpi");
else if (parent->parent && parent->parent->of_node)
- np = of_find_node_by_name(parent->parent->of_node, "ulpi");
+ np = of_get_child_by_name(parent->parent->of_node, "ulpi");
if (!np)
return 0;
--
2.15.0
This is a note to let you know that I've just added the patch titled
USB: usbfs: Filter flags passed in from user space
to my usb git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb.git
in the usb-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From 446f666da9f019ce2ffd03800995487e79a91462 Mon Sep 17 00:00:00 2001
From: Oliver Neukum <oneukum(a)suse.com>
Date: Thu, 23 Nov 2017 16:39:52 +0100
Subject: USB: usbfs: Filter flags passed in from user space
USBDEVFS_URB_ISO_ASAP must be accepted only for ISO endpoints.
Improve sanity checking.
Reported-by: Andrey Konovalov <andreyknvl(a)google.com>
Signed-off-by: Oliver Neukum <oneukum(a)suse.com>
Cc: stable <stable(a)vger.kernel.org>
Acked-by: Alan Stern <stern(a)rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/usb/core/devio.c | 14 +++++++++-----
1 file changed, 9 insertions(+), 5 deletions(-)
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
index 705c573d0257..a3fad4ec9870 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -1442,14 +1442,18 @@ static int proc_do_submiturb(struct usb_dev_state *ps, struct usbdevfs_urb *uurb
int number_of_packets = 0;
unsigned int stream_id = 0;
void *buf;
-
- if (uurb->flags & ~(USBDEVFS_URB_ISO_ASAP |
- USBDEVFS_URB_SHORT_NOT_OK |
+ unsigned long mask = USBDEVFS_URB_SHORT_NOT_OK |
USBDEVFS_URB_BULK_CONTINUATION |
USBDEVFS_URB_NO_FSBR |
USBDEVFS_URB_ZERO_PACKET |
- USBDEVFS_URB_NO_INTERRUPT))
- return -EINVAL;
+ USBDEVFS_URB_NO_INTERRUPT;
+ /* USBDEVFS_URB_ISO_ASAP is a special case */
+ if (uurb->type == USBDEVFS_URB_TYPE_ISO)
+ mask |= USBDEVFS_URB_ISO_ASAP;
+
+ if (uurb->flags & ~mask)
+ return -EINVAL;
+
if ((unsigned int)uurb->buffer_length >= USBFS_XFER_MAX)
return -EINVAL;
if (uurb->buffer_length > 0 && !uurb->buffer)
--
2.15.0
On Apollo Lake devices the BIOS does not set up IRQ routing for the i801
SMBUS controller IRQ, so we end up with dev->irq set to IRQ_NOTCONNECTED.
Detect this and do not try to use the irq in this case silencing:
i801_smbus 0000:00:1f.1: Failed to allocate irq -2147483648: -107
Cc: stable(a)vger.kernel.org
BugLink: https://communities.intel.com/thread/114759
Signed-off-by: Hans de Goede <hdegoede(a)redhat.com>
---
drivers/i2c/busses/i2c-i801.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/i2c/busses/i2c-i801.c b/drivers/i2c/busses/i2c-i801.c
index 9e12a53ef7b8..8eac00efadc1 100644
--- a/drivers/i2c/busses/i2c-i801.c
+++ b/drivers/i2c/busses/i2c-i801.c
@@ -1617,6 +1617,9 @@ static int i801_probe(struct pci_dev *dev, const struct pci_device_id *id)
/* Default timeout in interrupt mode: 200 ms */
priv->adapter.timeout = HZ / 5;
+ if (dev->irq == IRQ_NOTCONNECTED)
+ priv->features &= ~FEATURE_IRQ;
+
if (priv->features & FEATURE_IRQ) {
u16 pcictl, pcists;
--
2.14.3
This is a note to let you know that I've just added the patch titled
staging: ccree: fix leak of import() after init()
to my staging git tree which can be found at
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging.git
in the staging-linus branch.
The patch will show up in the next release of the linux-next tree
(usually sometime within the next 24 hours during the week.)
The patch will hopefully also be merged in Linus's tree for the
next -rc kernel release.
If you have any questions about this process, please let me know.
>From c5f39d07860c35e5e4c63188139465af790f86ce Mon Sep 17 00:00:00 2001
From: Gilad Ben-Yossef <gilad(a)benyossef.com>
Date: Thu, 9 Nov 2017 09:16:09 +0000
Subject: staging: ccree: fix leak of import() after init()
crypto_ahash_import() may be called either after
crypto_ahash_init() or without such call. Right now
we always internally call init() as part of
import(), thus leaking memory and mappings if the
user has already called init() herself.
Fix this by only calling init() internally if the
state is not already initialized.
Fixes: commit 454527d0d94f ("staging: ccree: fix hash import/export")
Cc: stable <stable(a)vger.kernel.org>
Signed-off-by: Gilad Ben-Yossef <gilad(a)benyossef.com>
Reviewed-by: Dan Carpenter <dan.carpenter(a)oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
drivers/staging/ccree/ssi_hash.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/ccree/ssi_hash.c b/drivers/staging/ccree/ssi_hash.c
index d79090ed7f9c..1799d3f26a9e 100644
--- a/drivers/staging/ccree/ssi_hash.c
+++ b/drivers/staging/ccree/ssi_hash.c
@@ -1778,9 +1778,12 @@ static int ssi_ahash_import(struct ahash_request *req, const void *in)
}
in += sizeof(u32);
- rc = ssi_hash_init(state, ctx);
- if (rc)
- goto out;
+ /* call init() to allocate bufs if the user hasn't */
+ if (!state->digest_buff) {
+ rc = ssi_hash_init(state, ctx);
+ if (rc)
+ goto out;
+ }
dma_sync_single_for_cpu(dev, state->digest_buff_dma_addr,
ctx->inter_digestsize, DMA_BIDIRECTIONAL);
--
2.15.0
This is a note to let you know that I've just added the patch titled
Revert "sctp: do not peel off an assoc from one netns to another one"
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=sum…
The filename of the patch is:
revert-sctp-do-not-peel-off-an-assoc-from-one-netns-to.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable(a)vger.kernel.org> know about it.
>From c76eb04f0895952a58f0029223f181854901e52e Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
Date: Tue, 28 Nov 2017 12:29:45 +0100
Subject: Revert "sctp: do not peel off an assoc from one netns to another one"
From: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
This reverts commit 2a0e60907e54dad75e9b3568d02bec11d6e74f6b which is
commit df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 upstream as I messed up
by applying it to the tree twice.
Reported-by: Michal Kubecek <mkubecek(a)suse.cz>
Cc: ChunYu Wang <chunwang(a)redhat.com>
Cc: Xin Long <lucien.xin(a)gmail.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com>
Cc: Neil Horman <nhorman(a)tuxdriver.com>
Cc: David S. Miller <davem(a)davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh(a)linuxfoundation.org>
---
net/sctp/socket.c | 4 ----
1 file changed, 4 deletions(-)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -4457,10 +4457,6 @@ int sctp_do_peeloff(struct sock *sk, sct
if (!net_eq(current->nsproxy->net_ns, sock_net(sk)))
return -EINVAL;
- /* Do not peel off from one netns to another one. */
- if (!net_eq(current->nsproxy->net_ns, sock_net(sk)))
- return -EINVAL;
-
if (!asoc)
return -EINVAL;
Patches currently in stable-queue which might be from gregkh(a)linuxfoundation.org are
queue-4.4/sched-make-resched_cpu-unconditional.patch
queue-4.4/media-rc-check-for-integer-overflow.patch
queue-4.4/af_vsock-shrink-the-area-influenced-by-prepare_to_wait.patch
queue-4.4/dmaengine-zx-set-dma_cyclic-cap_mask-bit.patch
queue-4.4/kvm-nvmx-set-idtr-and-gdtr-limits-when-loading-l1-host-state.patch
queue-4.4/rtlwifi-fix-uninitialized-rtlhal-last_suspend_sec-time.patch
queue-4.4/mips-fix-an-n32-core-file-generation-regset-support-regression.patch
queue-4.4/x86-decoder-add-new-test-instruction-pattern.patch
queue-4.4/i40evf-use-smp_rmb-rather-than-read_barrier_depends.patch
queue-4.4/ecryptfs-use-after-free-in-ecryptfs_release_messaging.patch
queue-4.4/iio-light-fix-improper-return-value.patch
queue-4.4/net-allow-ip_multicast_if-to-set-index-to-l3-slave.patch
queue-4.4/s390-disassembler-add-missing-end-marker-for-e7-table.patch
queue-4.4/kvm-svm-obey-guest-pat.patch
queue-4.4/asoc-rsnd-don-t-double-free-kctrl.patch
queue-4.4/cx231xx-cards-fix-null-deref-on-missing-association-descriptor.patch
queue-4.4/s390-disassembler-increase-show_code-buffer-size.patch
queue-4.4/alsa-timer-remove-kernel-warning-at-compat-ioctl-error-paths.patch
queue-4.4/igb-use-smp_rmb-rather-than-read_barrier_depends.patch
queue-4.4/s390-kbuild-enable-modversions-for-symbols-exported-from-asm.patch
queue-4.4/pci-apply-_hpx-settings-only-to-relevant-devices.patch
queue-4.4/s390-fix-transactional-execution-control-register-handling.patch
queue-4.4/netfilter-nf_tables-fix-oob-access.patch
queue-4.4/lib-mpi-call-cond_resched-from-mpi_powm-loop.patch
queue-4.4/alsa-hda-add-raven-pci-id.patch
queue-4.4/netfilter-nft_queue-use-raw_smp_processor_id.patch
queue-4.4/dm-fix-race-between-dm_get_from_kobject-and-__dm_destroy.patch
queue-4.4/net-3com-typhoon-typhoon_init_one-fix-incorrect-return-values.patch
queue-4.4/clk-ti-dra7-atl-clock-fix-child-node-lookups.patch
queue-4.4/arm-8722-1-mm-make-strict_kernel_rwx-effective-for-lpae.patch
queue-4.4/nfs-fix-ugly-referral-attributes.patch
queue-4.4/target-fix-queue_full-scsi-task-attribute-handling.patch
queue-4.4/mips-bcm47xx-fix-led-inversion-for-wrt54gsv1.patch
queue-4.4/mac80211-suppress-new_peer_candidate-event-if-no-room.patch
queue-4.4/vsock-use-new-wait-api-for-vsock_stream_sendmsg.patch
queue-4.4/autofs-don-t-fail-mount-for-transient-error.patch
queue-4.4/net-9p-switch-to-wait_event_killable.patch
queue-4.4/media-v4l2-ctrl-fix-flags-field-on-control-events.patch
queue-4.4/e1000e-fix-error-path-in-link-detection.patch
queue-4.4/mips-ralink-fix-mt7628-pinmux.patch
queue-4.4/e1000e-separate-signaling-for-link-check-link-up.patch
queue-4.4/iscsi-target-fix-non-immediate-tmr-reference-leak.patch
queue-4.4/alsa-usb-audio-add-sanity-checks-in-v2-clock-parsers.patch
queue-4.4/isofs-fix-timestamps-beyond-2027.patch
queue-4.4/nfs-fix-typo-in-nomigration-mount-option.patch
queue-4.4/fs-9p-compare-qid.path-in-v9fs_test_inode.patch
queue-4.4/alsa-hda-apply-alc269_fixup_no_shutup-on-hda_fixup_act_probe.patch
queue-4.4/alsa-hda-realtek-fix-alc700-family-no-sound-issue.patch
queue-4.4/pm-opp-add-missing-of_node_put-np.patch
queue-4.4/ixgbevf-use-smp_rmb-rather-than-read_barrier_depends.patch
queue-4.4/sched-rt-simplify-the-ipi-based-rt-balancing-logic.patch
queue-4.4/igbvf-use-smp_rmb-rather-than-read_barrier_depends.patch
queue-4.4/asoc-wm_adsp-don-t-overrun-firmware-file-buffer-when-reading-region-data.patch
queue-4.4/e1000e-fix-return-value-test.patch
queue-4.4/s390-runtime-instrumention-fix-possible-memory-corruption.patch
queue-4.4/nfsd-deal-with-revoked-delegations-appropriately.patch
queue-4.4/arm-8721-1-mm-dump-check-hardware-ro-bit-for-lpae.patch
queue-4.4/ath10k-fix-incorrect-txpower-set-by-p2p_device-interface.patch
queue-4.4/ata-fixes-kernel-crash-while-tracing-ata_eh_link_autopsy-event.patch
queue-4.4/ipv6-only-call-ip6_route_dev_notify-once-for-netdev_unregister.patch
queue-4.4/fm10k-use-smp_rmb-rather-than-read_barrier_depends.patch
queue-4.4/ath10k-fix-potential-memory-leak-in-ath10k_wmi_tlv_op_pull_fw_stats.patch
queue-4.4/bcache-check-ca-alloc_thread-initialized-before-wake-up-it.patch
queue-4.4/ixgbe-fix-skb-list-corruption-on-power-systems.patch
queue-4.4/net-3com-typhoon-typhoon_init_one-make-return-values-more-specific.patch
queue-4.4/alsa-usb-audio-fix-potential-out-of-bound-access-at-parsing-su.patch
queue-4.4/alsa-pcm-update-tstamp-only-if-audio_tstamp-changed.patch
queue-4.4/fscrypt-lock-mutex-before-checking-for-bounce-page-pool.patch
queue-4.4/parisc-fix-validity-check-of-pointer-size-argument-in-new-cas-implementation.patch
queue-4.4/revert-sctp-do-not-peel-off-an-assoc-from-one-netns-to.patch
queue-4.4/fix-a-page-leak-in-vhost_scsi_iov_to_sgl-error-recovery.patch
queue-4.4/btrfs-return-the-actual-error-value-from-from-btrfs_uuid_tree_iterate.patch
queue-4.4/mips-ralink-fix-typo-in-mt7628-pinmux-function.patch
queue-4.4/drm-armada-fix-compile-fail.patch
queue-4.4/rds-rdma-return-appropriate-error-on-rdma-map-failures.patch
queue-4.4/powerpc-signal-properly-handle-return-value-from-uprobe_deny_signal.patch
queue-4.4/ath10k-ignore-configuring-the-incorrect-board_id.patch
queue-4.4/ath10k-set-cts-protection-vdev-param-only-if-vdev-is-up.patch
queue-4.4/dm-bufio-fix-integer-overflow-when-limiting-maximum-cache-size.patch
queue-4.4/nilfs2-fix-race-condition-that-causes-file-system-corruption.patch
queue-4.4/spi-spi_fsl_dspi-should-depend-on-has_dma.patch
queue-4.4/staging-iio-cdc-fix-improper-return-value.patch
queue-4.4/ib-srp-avoid-that-a-cable-pull-can-trigger-a-kernel-crash.patch
queue-4.4/libnvdimm-namespace-make-resource-attribute-only-readable-by-root.patch
queue-4.4/ib-srpt-do-not-accept-invalid-initiator-port-names.patch
queue-4.4/nfc-fix-device-allocation-error-return.patch
queue-4.4/rtlwifi-rtl8192ee-fix-memory-leak-when-loading-firmware.patch
queue-4.4/clk-ti-dra7-atl-clock-fix-of_node-reference-counting.patch
queue-4.4/xen-xenbus-driver-must-not-accept-invalid-transaction-ids.patch
queue-4.4/media-don-t-do-dma-on-stack-for-firmware-upload-in-the-as102-driver.patch
queue-4.4/i40e-use-smp_rmb-rather-than-read_barrier_depends.patch
queue-4.4/libnvdimm-namespace-fix-label-initialization-to-use-valid-seq-numbers.patch
queue-4.4/alsa-usb-audio-add-sanity-checks-to-fe-parser.patch
queue-4.4/sunrpc-fix-tracepoint-storage-issues-with-svc_recv-and-svc_rqst_status.patch
queue-4.4/ext4-fix-interaction-between-i_size-fallocate-and-delalloc-after-a-crash.patch
queue-4.4/drm-apply-range-restriction-after-color-adjustment-when-allocation.patch
queue-4.4/mac80211-remove-invalid-flag-operations-in-mesh-tsf-synchronization.patch
Hello,
I noticed that mainline commit df80cd9b28b9 ("sctp: do not peel off an
assoc from one netns to another one") has been backported to stable 4.4
branch twice:
- first as commit 46bdabbca02e in 4.4.100
- then again as commit 2a0e60907e54 in 4.4.101
so that the check it adds in sctp_do_peeloff() is now performed twice.
Michal Kubecek