Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.14.286 2022-06-14T14:53:58+00:00 2022-06-14T14:53:58+00:00 Yang Yingliang yangyingliang@huawei.com 2022-05-13T10:05:41+00:00 urn:sha1:0de029454d42ad60d7f4234d84862d105a48c6d6 [ Upstream commit d87ad457f7e1b8d2492ca5b1531eb35030a1cc8f ] In pxa3xx_gcu_probe(), the sequence of error lable is wrong, it will leads some resource leaked, so adjust the sequence to handle the error correctly, and if pxa3xx_gcu_add_buffer() fails, pxa3xx_gcu_free_buffers() need be called. In pxa3xx_gcu_remove(), add missing clk_disable_unpreprare(). Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-06-14T14:53:51+00:00 Miaoqian Lin linmq006@gmail.com 2022-05-12T11:59:08+00:00 urn:sha1:2e2e2c71b2642289438392edbf5d08cdbc0b138b [ Upstream commit b23789a59fa6f00e98a319291819f91fbba0deb8 ] of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. Fixes: d10715be03bd ("video: ARM CLCD: Add DT support") Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-04-20T07:08:23+00:00 Zheyu Ma zheyuma97@gmail.com 2022-03-02T14:33:11+00:00 urn:sha1:0ec746674296c94137f074309c26d17e644c0498 [ Upstream commit 4f01d09b2bbfbcb47b3eb305560a7f4857a32260 ] When the sm712fb driver writes three bytes to the framebuffer, the driver will crash: BUG: unable to handle page fault for address: ffffc90001ffffff RIP: 0010:smtcfb_write+0x454/0x5b0 Call Trace: vfs_write+0x291/0xd60 ? do_sys_openat2+0x27d/0x350 ? __fget_light+0x54/0x340 ksys_write+0xce/0x190 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Fix it by removing the open-coded endianness fixup-code. Signed-off-by: Zheyu Ma <zheyuma97@gmail.com> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-04-20T07:08:23+00:00 Jing Yao yao.jing2@zte.com.cn 2021-11-05T08:20:44+00:00 urn:sha1:a131063223a4bada7e19f0abb9643c8eb41e1bdb [ Upstream commit c07a039cbb96748f54c02995bae8131cc9a73b0a ] Use sysfs_emit instead of scnprintf, snprintf or sprintf. Reported-by: Zeal Robot <zealci@zte.com.cn> Signed-off-by: Jing Yao <yao.jing2@zte.com.cn> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-04-20T07:08:23+00:00 Jing Yao yao.jing2@zte.com.cn 2021-11-05T08:13:33+00:00 urn:sha1:f419488df057957cc2e965ba3686ff408788403e [ Upstream commit f63658a59c3d439c8ad7b290f8ec270980e0f384 ] Use sysfs_emit instead of scnprintf, snprintf or sprintf. Reported-by: Zeal Robot <zealci@zte.com.cn> Signed-off-by: Jing Yao <yao.jing2@zte.com.cn> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-04-20T07:08:22+00:00 Yang Guang yang.guang5@zte.com.cn 2021-11-30T00:06:03+00:00 urn:sha1:4f50db5f3631c91884fcec5a0d093a0b7a197abe [ Upstream commit 24565bc4115961db7ee64fcc7ad2a7437c0d0a49 ] coccinelle report: ./drivers/video/fbdev/omap2/omapfb/displays/panel-sony-acx565akm.c: 479:9-17: WARNING: use scnprintf or sprintf Use sysfs_emit instead of scnprintf or sprintf makes more sense. Reported-by: Zeal Robot <zealci@zte.com.cn> Signed-off-by: Yang Guang <yang.guang5@zte.com.cn> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-04-20T07:08:22+00:00 George Kennedy george.kennedy@oracle.com 2021-10-27T20:30:13+00:00 urn:sha1:1d3fb46439ad4e8f0c5739eb33d1875ac9e0f135 [ Upstream commit 5c6f402bdcf9e7239c6bc7087eda71ac99b31379 ] Do a sanity check on pixclock value to avoid divide by zero. If the pixclock value is zero, the cirrusfb driver will round up pixclock to get the derived frequency as close to maxclock as possible. Syzkaller reported a divide error in cirrusfb_check_pixclock. divide error: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2 RIP: 0010:cirrusfb_check_var+0x6f1/0x1260 Call Trace: fb_set_var+0x398/0xf90 do_fb_ioctl+0x4b8/0x6f0 fb_ioctl+0xeb/0x130 __x64_sys_ioctl+0x19d/0x220 do_syscall_64+0x3a/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae Signed-off-by: George Kennedy <george.kennedy@oracle.com> Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-04-20T07:08:22+00:00 Evgeny Novikov novikov@ispras.ru 2021-08-11T16:58:26+00:00 urn:sha1:944db00102496995904028abdd5b714635bc9492 [ Upstream commit 8738ddcac644964ae128ccd3d80d48773c8d528e ] w100fb_probe() did not reset the global state to its initial state. This can result in invocation of iounmap() even when there was not the appropriate successful call of ioremap(). For instance, this may be the case if first probe fails after two successful ioremap() while second probe fails when first ioremap() fails. The similar issue is with w100fb_remove(). The patch fixes both bugs. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Evgeny Novikov <novikov@ispras.ru> Co-developed-by: Kirill Shilimanov <kirill.shilimanov@huawei.com> Signed-off-by: Kirill Shilimanov <kirill.shilimanov@huawei.com> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-04-20T07:08:22+00:00 Tim Gardner tim.gardner@canonical.com 2021-09-27T15:45:02+00:00 urn:sha1:580e5d3815474b8349250c25c16416585a72c7fe [ Upstream commit 37a1a2e6eeeb101285cd34e12e48a881524701aa ] Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. 2. parameter_as_source: Note: This defect has an elevated risk because the source argument is a parameter of the current function. 89 strcpy(chan->adapter.name, name); Fix this warning by using strscpy() which will silence the warning and prevent any future buffer overflows should the names used to identify the channel become much longer. Cc: Antonino Daplas <adaplas@gmail.com> Cc: linux-fbdev@vger.kernel.org Cc: dri-devel@lists.freedesktop.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Tim Gardner <tim.gardner@canonical.com> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org> 2022-04-20T07:08:15+00:00 Miaoqian Lin linmq006@gmail.com 2022-03-07T12:38:12+00:00 urn:sha1:8fc66b552430490b82574f3c74640135bdeca714 [ Upstream commit a58c22cfbbf62fefca090334bbd35fd132e92a23 ] The device_node pointer is returned by of_parse_phandle() with refcount incremented. We should use of_node_put() on it when done. Fixes: f76ee892a99e ("omapfb: copy omapdss & displays for omapfb") Signed-off-by: Miaoqian Lin <linmq006@gmail.com> Signed-off-by: Helge Deller <deller@gmx.de> Signed-off-by: Sasha Levin <sashal@kernel.org>