Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v4.9.110 2018-06-26T00:08:05Z 2018-06-26T00:08:05Z Ivan Bornyakov brnkv.i1@gmail.com 2018-05-25T17:49:52Z urn:sha1:5dbffe420164137f8b6b733de3d801019d777fa4 [ Upstream commit f9c6442a8f0b1dde9e755eb4ff6fa22bcce4eabc ] memcmp() returns int, but eprom_try_esi() cast it to unsigned char. One can lose significant bits and get 0 from non-0 value returned by the memcmp(). Signed-off-by: Ivan Bornyakov <brnkv.i1@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-05-16T08:08:44Z Gustavo A. R. Silva gustavo@embeddedor.com 2018-05-03T18:17:12Z urn:sha1:ad43aede80e2faf876d6f0c4d27e462f8e0380dd commit 2be147f7459db5bbf292e0a6f135037b55e20b39 upstream. pool can be indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/atm/zatm.c:1462 zatm_ioctl() warn: potential spectre issue 'zatm_dev->pool_info' (local cap) Fix this by sanitizing pool before using it to index zatm_dev->pool_info Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-12-14T08:28:24Z Arvind Yadav arvind.yadav.cs@gmail.com 2017-11-14T08:12:38Z urn:sha1:22d2456faefaed01ef3021fb8e6752e8c2f91a74 [ Upstream commit bde533f2ea607cbbbe76ef8738b36243939a7bc2 ] atm_dev_register() can fail here and passed parameters to free irq which is not initialised. Initialization of 'dev->irq' happened after the 'goto out_free_irq'. So using 'irq' insted of 'dev->irq' in free_irq(). Signed-off-by: Arvind Yadav <arvind.yadav.cs@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-12-05T19:53:46Z Pan Bian bianpan2016@163.com 2016-12-04T05:45:15Z urn:sha1:7cf6156633b71743c09a8e56b1f0dedfc4ce6e66 It returns variable "error" when ioremap_nocache() returns a NULL pointer. The value of "error" is 0 then, which will mislead the callers to believe that there is no error. This patch fixes the bug, returning "-ENOMEM". Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189021 Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-12-05T18:27:33Z Pan Bian bianpan2016@163.com 2016-12-03T12:25:45Z urn:sha1:4606c9e8c541f97034e53e644129376a6170b8c7 In function lanai_dev_open(), when the call to ioremap() fails, the value of return variable result is 0. 0 means no error in this context. This patch fixes the bug, assigning "-ENOMEM" to result when ioremap() returns a NULL pointer. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188791 Signed-off-by: Pan Bian <bianpan2016@163.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-09-15T23:15:55Z Colin Ian King colin.king@canonical.com 2016-09-12T12:01:50Z urn:sha1:d560846e40fefd7b6e5c29d115f1d8f73db7f5e6 The newline escape is incorrect and needs fixing. Also adjust source formatting / indentation and add { } to trailing else. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-09-11T04:46:07Z Markus Elfring elfring@users.sourceforge.net 2016-09-10T08:38:04Z urn:sha1:cf9932a9414e241571008edd7412ab22f02b5704 Adjust the indentation for a call of the macro "DPRINTK" in this function. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-09-11T04:46:07Z Markus Elfring elfring@users.sourceforge.net 2016-09-10T08:21:15Z urn:sha1:0f0d0ed0870eca21e36dc520d7d9be292c103f80 * The script "checkpatch.pl" can point information out like the following. WARNING: Prefer kcalloc over kzalloc with multiply Thus fix the affected source code place. * Replace the specification of a data type by a pointer dereference to make the corresponding size determination a bit safer according to the Linux coding style convention. * Delete the local variable "size" which became unnecessary with this refactoring. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-09-11T04:46:06Z Markus Elfring elfring@users.sourceforge.net 2016-09-10T08:07:38Z urn:sha1:5ad3ea3d3952dcbb8047f97fbfa49804ea53a53a Replace the specification of a data structure by a pointer dereference as the parameter for the operator "sizeof" to make the corresponding size determination a bit safer according to the Linux coding style convention. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2016-09-11T04:46:06Z Markus Elfring elfring@users.sourceforge.net 2016-09-10T07:55:53Z urn:sha1:32230ac1ccbd66f36bd6955eddc45fc06861c1b5 * A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kmalloc_array". This issue was detected by using the Coccinelle software. * Replace the specification of a data type by a pointer dereference to make the corresponding size determination a bit safer according to the Linux coding style convention. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Signed-off-by: David S. Miller <davem@davemloft.net>