Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.19.85 2019-11-20T17:47:54Z 2019-11-20T17:47:54Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2019-11-20T17:47:54Z urn:sha1:c63ee2939dc1c6eee6c544af1b4ab441490bfe6e 2019-11-20T17:47:53Z Jouni Hogander jouni.hogander@unikie.com 2019-11-13T10:08:01Z urn:sha1:e99d64837815753cfc4d8e193e0fc23ce91e3c57 commit ed50e1600b4483c049ce76e6bd3b665a6a9300ed upstream. This patch is fixing memory leak reported by Syzkaller: BUG: memory leak unreferenced object 0xffff888067f65500 (size 4096): comm "syz-executor043", pid 454, jiffies 4294759719 (age 11.930s) hex dump (first 32 bytes): 73 6c 63 61 6e 30 00 00 00 00 00 00 00 00 00 00 slcan0.......... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000a06eec0d>] __kmalloc+0x18b/0x2c0 [<0000000083306e66>] kvmalloc_node+0x3a/0xc0 [<000000006ac27f87>] alloc_netdev_mqs+0x17a/0x1080 [<0000000061a996c9>] slcan_open+0x3ae/0x9a0 [<000000001226f0f9>] tty_ldisc_open.isra.1+0x76/0xc0 [<0000000019289631>] tty_set_ldisc+0x28c/0x5f0 [<000000004de5a617>] tty_ioctl+0x48d/0x1590 [<00000000daef496f>] do_vfs_ioctl+0x1c7/0x1510 [<0000000059068dbc>] ksys_ioctl+0x99/0xb0 [<000000009a6eb334>] __x64_sys_ioctl+0x78/0xb0 [<0000000053d0332e>] do_syscall_64+0x16f/0x580 [<0000000021b83b99>] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [<000000008ea75434>] 0xffffffffffffffff Cc: Wolfgang Grandegger <wg@grandegger.com> Cc: Marc Kleine-Budde <mkl@pengutronix.de> Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com> Signed-off-by: Jouni Hogander <jouni.hogander@unikie.com> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> Cc: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-11-20T17:47:53Z zhong jiang zhongjiang@huawei.com 2019-11-18T03:26:08Z urn:sha1:e4cc9c81e2305aabfa9a0e46e17d3895a10ba3d8 The commit 99b45e7a1ba1 ("memfd: Fix locking when tagging pins") introduces the following warning messages. *WARNING: suspicious RCU usage in memfd_wait_for_pins* It is because we still use radix_tree_deref_slot without read_rcu_lock. We should use radix_tree_deref_slot_protected instead in the case. Cc: stable@vger.kernel.org Fixes: 99b45e7a1ba1 ("memfd: Fix locking when tagging pins") Signed-off-by: zhong jiang <zhongjiang@huawei.com> Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-11-20T17:47:53Z Arnd Bergmann arnd@arndb.de 2018-09-26T13:14:10Z urn:sha1:914834a73b167ec4246e17ada4ecd304657f9ce1 [ Upstream commit 9b97123a584f60a5bca5a2663485768a1f6cd0a4 ] The newly added runtime-pm support causes a harmless warning when CONFIG_PM is disabled: drivers/net/phy/mdio-bcm-unimac.c:330:12: error: 'unimac_mdio_resume' defined but not used [-Werror=unused-function] static int unimac_mdio_resume(struct device *d) drivers/net/phy/mdio-bcm-unimac.c:321:12: error: 'unimac_mdio_suspend' defined but not used [-Werror=unused-function] static int unimac_mdio_suspend(struct device *d) Marking the functions as __maybe_unused is the easiest workaround and avoids adding #ifdef checks. Fixes: b78ac6ecd1b6 ("net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-11-20T17:47:53Z Vasily Gorbik gor@linux.ibm.com 2019-01-02T12:43:22Z urn:sha1:2ed924f2782fc34cfd763b6e61ba433c16d8db4c [ Upstream commit 190f056fba230abee80712eb810939ef9a8c462f ] While "s390/vdso: avoid 64-bit vdso mapping for compat tasks" fixed 64-bit vdso mapping for compat tasks under gdb it introduced another problem. "compat_mm" flag is not inherited during fork and when 31-bit process forks a child (but does not perform exec) it ends up with 64-bit vdso. To address that, init_new_context (which is called during fork and exec) now initialize compat_mm based on thread TIF_31BIT flag. Later compat_mm is adjusted in arch_setup_additional_pages, which is called during exec. Fixes: d1befa65823e ("s390/vdso: avoid 64-bit vdso mapping for compat tasks") Reported-by: Stefan Liebler <stli@linux.ibm.com> Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: <stable@vger.kernel.org> # v4.20+ Signed-off-by: Vasily Gorbik <gor@linux.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-11-20T17:47:53Z Rui Miguel Silva rui.silva@linaro.org 2018-11-21T10:59:55Z urn:sha1:1b904b2eb9c1d9216e1be9f4615952bcd6b99856 [ Upstream commit c45fbdf24c61a7b7a37f1b3bbd46f054637a3627 ] Swapping the order between v4l2 subdevice registration and checking chip id in b7a417628abf ("media: ov2680: don't register the v4l2 subdevice before checking chip ID") makes the mode restore to use the sensor controls before they are set, so move the mode restore call to s_power after the handler setup for controls is done. This remove also the need for the error code path in power on function. Fixes: b7a417628abf ("media: ov2680: don't register the v4l2 subdevice before checking chip ID") Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-11-20T17:47:53Z Israel Rukshin israelr@mellanox.com 2018-09-26T09:44:18Z urn:sha1:0c3e32230bcc4a8721f203ba73b353b4659f939e [ Upstream commit 65f07f5a09dacf3b60619f196f096ea3671a5eda ] In case target remote invalidates bogus rkey and signature is not used, pi_ctx is NULL deref. The commit also fails the connection on bogus remote invalidation. Fixes: 59caaed7a72a ("IB/iser: Support the remote invalidation exception") Signed-off-by: Israel Rukshin <israelr@mellanox.com> Reviewed-by: Max Gurtovoy <maxg@mellanox.com> Reviewed-by: Sagi Grimberg <sagi@grimberg.me> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-11-20T17:47:53Z Kirill Tkhai ktkhai@virtuozzo.com 2018-08-27T15:29:29Z urn:sha1:d7b412e1448e84db8c6b1987a1e1eae829dd1197 [ Upstream commit 2a23f2b8adbe4bd584f936f7ac17a99750eed9d7 ] Since they are of unsigned int type, it's allowed to read them unlocked during reporting to userspace. Let's underline this fact with READ_ONCE() macroses. Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-11-20T17:47:53Z Guido Kiener guido.kiener@rohde-schwarz.com 2018-09-24T23:30:31Z urn:sha1:2e72489c822e56124007539cbcb12c62fe30581a [ Upstream commit 9a83190300867fb024d53f47c31088e34188efc1 ] Fix uninitialized symbol 'actual' in function usbtmc_ioctl_clear. When symbol 'actual' is not initialized and usb_bulk_msg() fails, the subsequent kernel debug message shows a random value. Signed-off-by: Guido Kiener <guido.kiener@rohde-schwarz.com> Fixes: dfee02ac4bce ("usb: usbtmc: Fix ioctl USBTMC_IOCTL_CLEAR") Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> 2019-11-20T17:47:52Z Chunfeng Yun chunfeng.yun@mediatek.com 2018-09-20T16:13:32Z urn:sha1:eb9b6c203870dfa917ec28db544e63ee81938107 [ Upstream commit 87173acc0d8f0987bda8827da35fff67f52ad15d ] If the interval equal zero, needn't round up to power of two for the number of packets in each ESIT, so fix it. Signed-off-by: Chunfeng Yun <chunfeng.yun@mediatek.com> Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>