Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v5.4.50 2020-02-24T07:36:36+00:00 2020-02-24T07:36:36+00:00 Aditya Pakki pakki001@umn.edu 2019-12-15T16:14:51+00:00 urn:sha1:1e2b6e5f32aabf201c01457b1dabf8c7a161a47d [ Upstream commit bbd20c939c8aa3f27fa30e86691af250bf92973a ] In fore200e_send and fore200e_close, the pointers from the arguments are dereferenced in the variable declaration block and then checked for NULL. The patch fixes these issues by avoiding NULL pointer dereferences. Signed-off-by: Aditya Pakki <pakki001@umn.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-02-01T09:34:46+00:00 Arnd Bergmann arnd@arndb.de 2020-01-07T20:43:59+00:00 urn:sha1:b60d320dc3630a3042987fc229dcf1bd3a070512 [ Upstream commit 30780d086a83332adcd9362281201cee7c3d9d19 ] With -O3, gcc has found an actual unintialized variable stored into an mmio register in two instances: drivers/atm/eni.c: In function 'discard': drivers/atm/eni.c:465:13: error: 'dma[1]' is used uninitialized in this function [-Werror=uninitialized] writel(dma[i*2+1],eni_dev->rx_dma+dma_wr*8+4); ^ drivers/atm/eni.c:465:13: error: 'dma[3]' is used uninitialized in this function [-Werror=uninitialized] Change the code to always write zeroes instead. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> 2020-01-29T15:45:19+00:00 Wenwen Wang wenwen@cs.uga.edu 2020-01-25T14:33:29+00:00 urn:sha1:80a4c81c67918f8f879b8ca63c0301e22b7e8b7a [ Upstream commit fa865ba183d61c1ec8cbcab8573159c3b72b89a4 ] In fs_open(), 'vcc' is allocated through kmalloc() and assigned to 'atm_vcc->dev_data.' In the following execution, if an error occurs, e.g., there is no more free channel, an error code EBUSY or ENOMEM will be returned. However, 'vcc' is not deallocated, leading to memory leaks. Note that, in normal cases where fs_open() returns 0, 'vcc' will be deallocated in fs_close(). But, if fs_open() fails, there is no guarantee that fs_close() will be invoked. To fix this issue, deallocate 'vcc' before the error code is returned. Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-09-25T11:54:45+00:00 Colin Ian King colin.king@canonical.com 2019-09-22T11:42:16+00:00 urn:sha1:5c94ad1793f1c8743388f329d55a61e5001dc58e There is a statement that is indented one level too many, remove the extraneous tab. Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2019-08-27T21:23:31+00:00 David S. Miller davem@davemloft.net 2019-08-27T21:23:31+00:00 urn:sha1:68aaf4459556b1f9370c259fd486aecad2257552 Minor conflict in r8169, bug fix had two versions in net and net-next, take the net-next hunks. Signed-off-by: David S. Miller <davem@davemloft.net> 2019-08-20T01:15:18+00:00 Christophe JAILLET christophe.jaillet@wanadoo.fr 2019-08-19T05:04:25+00:00 urn:sha1:cd9d4ff9b78fcd0fc4708900ba3e52e71e1a7690 This should be IDT77105, not IDT77015. Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr> Signed-off-by: David S. Miller <davem@davemloft.net> 2019-08-07T01:44:57+00:00 David S. Miller davem@davemloft.net 2019-08-07T01:44:57+00:00 urn:sha1:13dfb3fa494361ea9a5950f27c9cd8b06d28c04f Just minor overlapping changes in the conflicts here. Signed-off-by: David S. Miller <davem@davemloft.net> 2019-08-03T00:30:36+00:00 Gustavo A. R. Silva gustavo@embeddedor.com 2019-07-31T03:21:41+00:00 urn:sha1:ea443e5e98b5b74e317ef3d26bcaea54931ccdee board is controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/atm/iphase.c:2765 ia_ioctl() warn: potential spectre issue 'ia_dev' [r] (local cap) drivers/atm/iphase.c:2774 ia_ioctl() warn: possible spectre second half. 'iadev' drivers/atm/iphase.c:2782 ia_ioctl() warn: possible spectre second half. 'iadev' drivers/atm/iphase.c:2816 ia_ioctl() warn: possible spectre second half. 'iadev' drivers/atm/iphase.c:2823 ia_ioctl() warn: possible spectre second half. 'iadev' drivers/atm/iphase.c:2830 ia_ioctl() warn: potential spectre issue '_ia_dev' [r] (local cap) drivers/atm/iphase.c:2845 ia_ioctl() warn: possible spectre second half. 'iadev' drivers/atm/iphase.c:2856 ia_ioctl() warn: possible spectre second half. 'iadev' Fix this by sanitizing board before using it to index ia_dev and _ia_dev Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/ Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2019-07-30T21:21:32+00:00 Jonathan Lemon jonathan.lemon@gmail.com 2019-07-30T14:40:33+00:00 urn:sha1:b54c9d5bd6e38edac9ce3a3f95f14a1292b5268d Use accessor functions for skb fragment's page_offset instead of direct references, in preparation for bvec conversion. Signed-off-by: Jonathan Lemon <jonathan.lemon@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2019-07-24T18:46:03+00:00 Matthew Wilcox (Oracle) willy@infradead.org 2019-07-24T11:36:15+00:00 urn:sha1:92493a2f8a8d5a5bc1188fc71ef02df859ebd932 I missed a few places. One is in some ifdeffed code which will probably never be re-enabled; the others are in drivers which can't currently be compiled on x86. Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> Signed-off-by: David S. Miller <davem@davemloft.net>