| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Linux 3.18.130
selftests: Move networking/timestamping from Documentation
staging: rts5208: fix gcc-8 logic error warning
vme: ca91cx42: fix LM_CTL address mask
vme: Fix wrong pointer utilization in ca91cx42_slave_get
* exec: avoid gcc-8 warning for get_task_comm
fs/exec.c
include/linux/sched.h
* kconfig: Avoid format overflow warning from GCC 8.1
scripts/kconfig/confdata.c
staging: speakup: Replace strncpy with memcpy
matroxfb: fix size of memcpy
* pstore: Convert console write to use ->write_buf
fs/pstore/platform.c
ocfs2: fix potential use after free
debugobjects: avoid recursive calls with kmemleak
hfsplus: do not free node before using
hfs: do not free node before using
ocfs2: fix deadlock caused by ocfs2_defrag_extent()
fscache, cachefiles: remove redundant variable 'cache'
fscache: fix race between enablement and dropping of object
drm/ast: fixed reading monitor EDID not stable issue
KVM: x86: fix empty-body warnings
USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
USB: omap_udc: fix omap_udc_start() on 15xx machines
USB: omap_udc: fix crashes on probe error and module removal
USB: omap_udc: use devm_request_irq()
exportfs: do not read dentry after free
ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
Btrfs: send, fix infinite loop due to directory rename dependencies
hwmon: (w83795) temp4_type has writable permission
s390/cpum_cf: Reject request for sampling in event initialization
sysv: return 'err' instead of 0 in __sysv_write_inode
ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup
* ipv6: Check available headroom in ip6_xmit() even without options
net/ipv6/ip6_output.c
* neighbour: Avoid writing before skb->head in neigh_hh_output()
include/net/neighbour.h
* tun: forbid iface creation with rtnl ops
drivers/net/tun.c
* rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
net/core/rtnetlink.c
net: Prevent invalid access to skb->prev in __qdisc_drop_all
net: 8139cp: fix a BUG triggered by changing mtu with network traffic
Change-Id: I0f9e64f278de37078e891b54e3f7c3a397e229ad
Signed-off-by: Petri Gynther <pgynther@google.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 2c2322fbcab8102b8cadc09d66714700a2da42c2 ]
On Palm TE nothing happens when you try to use gadget drivers and plug
the USB cable. Fix by adding the board to the vbus sense quirk list.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 6ca6695f576b8453fe68865e84d25946d63b10ad ]
On OMAP 15xx machines there are no transceivers, and omap_udc_start()
always fails as it forgot to adjust the default return value.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 99f700366fcea1aa2fa3c49c99f371670c3c62f8 ]
We currently crash if usb_add_gadget_udc_release() fails, since the
udc->done is not initialized until in the remove function.
Furthermore, on module removal the udc data is accessed although
the release function is already triggered by usb_del_gadget_udc()
early in the function.
Fix by rewriting the release and remove functions, basically moving
all the cleanup into the release function, and doing the completion
only in the module removal case.
The patch fixes omap_udc module probe with a failing gadged, and also
allows the removal of omap_udc. Tested by running "modprobe omap_udc;
modprobe -r omap_udc" in a loop.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 286afdde1640d8ea8916a0f05e811441fbbf4b9d ]
The current code fails to release the third irq on the error path
(observed by reading the code), and we get also multiple WARNs with
failing gadget drivers due to duplicate IRQ releases. Fix by using
devm_request_irq().
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Linux 3.18.129
mac80211: fix reordering of buffered broadcast packets
mac80211: Clear beacon_int in ieee80211_do_stop
kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var()
Staging: lustre: remove two build warnings
USB: serial: option: add device ID for HP lt2523 (Novatel E371)
* xhci: Prevent U1/U2 link pm states if exit latency is too long
drivers/usb/host/xhci.c
SUNRPC: Fix leak of krb5p encode pages
* ALSA: pcm: Fix interval evaluation with openmin/max
include/sound/pcm_params.h
* ALSA: pcm: Call snd_pcm_unlink() conditionally at closing
sound/core/pcm_native.c
ALSA: hda: Add support for AMD Stoney Ridge
* USB: check usb_get_extra_descriptor for proper size
drivers/usb/core/hub.c
drivers/usb/core/usb.c
include/linux/usb.h
usb: appledisplay: Add 27" Apple Cinema Display
* usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device
drivers/usb/core/quirks.c
powerpc/vdso64: Use double word compare on pointers
net: amd: add missing of_node_put()
net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts
net/mlx4: Fix UBSAN warning of signed integer overflow
net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command
can: rcar_can: Fix erroneous registration
iommu/ipmmu-vmsa: Fix crash on early domain free
usb: gadget: dummy: fix nonsensical comparisons
* mm: cleancache: fix corruption on missed inode invalidation
mm/truncate.c
* Input: xpad - quirk all PDP Xbox One gamepads
drivers/input/joystick/xpad.c
kgdboc: Fix warning with module build
kgdboc: Fix restrict error
scsi: csiostor: Avoid content leaks and casts
ALSA: trident: Suppress gcc string warning
* scsi: scsi_devinfo: cleanly zero-pad devinfo strings
drivers/scsi/scsi_devinfo.c
drm/ast: Fix incorrect free on ioregs
mips: fix mips_get_syscall_arg o32 check
uprobes: Fix handle_swbp() vs. unregister() + register() race once more
iser: set sector for ambiguous mr status errors
kdb: use memmove instead of overlapping memcpy
scsi: bfa: convert to strlcpy/strlcat
drm: gma500: fix logic error
* ip_tunnel: Fix name string concatenate in __ip_tunnel_create()
net/ipv4/ip_tunnel.c
* kernfs: Replace strncpy with memcpy
fs/kernfs/symlink.c
unifdef: use memcpy instead of strncpy
* kobject: Replace strncpy with memcpy
lib/kobject.c
* disable stringop truncation warnings for now
Makefile
* Kbuild: suppress packed-not-aligned warning for default setting only
scripts/Makefile.extrawarn
* usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series
drivers/usb/core/quirks.c
* USB: usb-storage: Add new IDs to ums-realtek
drivers/usb/storage/unusual_realtek.h
dmaengine: at_hdmac: fix module unloading
dmaengine: at_hdmac: fix memory leak in at_dma_xlate()
ext2: fix potential use after free
ALSA: sparc: Fix invalid snd_free_pages() at error path
ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write
ALSA: wss: Fix invalid snd_free_pages() at error path
usbnet: ipheth: fix potential recvmsg bug and recvmsg bug 2
s390/qeth: fix length check in SNMP processing
rapidio/rionet: do not free skb before reading its length
Revert "wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()"
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 5d03a2fd2292e71936c4235885c35ccc3c94695b ]
Yet another laptop vendor rebranded Novatel E371.
Cc: stable@vger.kernel.org
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 0472bf06c6fd33c1a18aaead4c8f91e5a03d8d7b upstream.
Don't allow USB3 U1 or U2 if the latency to wake up from the U-state
reaches the service interval for a periodic endpoint.
This is according to xhci 1.1 specification section 4.23.5.2 extra note:
"Software shall ensure that a device is prevented from entering a U-state
where its worst case exit latency approaches the ESIT."
Allowing too long exit latencies for periodic endpoint confuses xHC
internal scheduling, and new devices may fail to enumerate with a
"Not enough bandwidth for new device state" error from the host.
Cc: <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 704620afc70cf47abb9d6a1a57f3825d2bca49cf upstream.
When reading an extra descriptor, we need to properly check the minimum
and maximum size allowed, to prevent from invalid data being sent by a
device.
Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Co-developed-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Hui Peng <benquike@gmail.com>
Signed-off-by: Mathias Payer <mathias.payer@nebelwelt.net>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: stable <stable@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit d7859905301880ad3e16272399d26900af3ac496 upstream.
Add another Apple Cinema Display to the list of supported displays.
Signed-off-by: Alexander Theissen <alex.theissen@me.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 2f2dde6ba89b1ef1fe23c1138131b315d9aa4019 upstream.
Some lower volume SanDisk Ultra Flair in 16GB, which the VID:PID is
in 0781:5591, will aggressively request LPM of U1/U2 during runtime,
when using this thumb drive as the OS installation key we found the
device will generate failure during U1 exit path making it dropped
from the USB bus, this causes a corrupted installation in system at
the end.
i.e.,
[ 166.918296] hub 2-0:1.0: state 7 ports 7 chg 0000 evt 0004
[ 166.918327] usb usb2-port2: link state change
[ 166.918337] usb usb2-port2: do warm reset
[ 166.970039] usb usb2-port2: not warm reset yet, waiting 50ms
[ 167.022040] usb usb2-port2: not warm reset yet, waiting 200ms
[ 167.276043] usb usb2-port2: status 02c0, change 0041, 5.0 Gb/s
[ 167.276050] usb 2-2: USB disconnect, device number 2
[ 167.276058] usb 2-2: unregistering device
[ 167.276060] usb 2-2: unregistering interface 2-2:1.0
[ 167.276170] xhci_hcd 0000:00:15.0: shutdown urb ffffa3c7cc695cc0 ep1in-bulk
[ 167.284055] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[ 167.284064] sd 0:0:0:0: [sda] tag#0 CDB: Read(10) 28 00 00 33 04 90 00 01 00 00
...
Analyzed the USB trace in the link layer we realized it is because
of the 6-ms timer of tRecoveryConfigurationTimeout which documented
on the USB 3.2 Revision 1.0, the section 7.5.10.4.2 of "Exit from
Recovery.Configuration"; device initiates U1 exit -> Recovery.Active
-> Recovery.Configuration, then the host timer timeout makes the link
transits to eSS.Inactive -> Rx.Detect follows by a Warm Reset.
Interestingly, the other higher volume of SanDisk Ultra Flair sharing
the same VID:PID, such as 64GB, would not request LPM during runtime,
it sticks at U0 always, thus disabling LPM does not affect those thumb
drives at all.
The same odd occures in SanDisk Ultra Fit 16GB, VID:PID in 0781:5583.
Signed-off-by: Harry Pan <harry.pan@intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 7661ca09b2ff98f48693f431bb01fed62830e433 upstream.
gcc-8 points out two comparisons that are clearly bogus
and almost certainly not what the author intended to write:
drivers/usb/gadget/udc/dummy_hcd.c: In function 'set_link_state_by_speed':
drivers/usb/gadget/udc/dummy_hcd.c:379:31: error: bitwise comparison always evaluates to false [-Werror=tautological-compare]
USB_PORT_STAT_ENABLE) == 1 &&
^~
drivers/usb/gadget/udc/dummy_hcd.c:381:25: error: bitwise comparison always evaluates to false [-Werror=tautological-compare]
USB_SS_PORT_LS_U0) == 1 &&
^~
I looked at the code for a bit and came up with a change that makes
it look like what the author probably meant here. This makes it
look reasonable to me and to gcc, shutting up the warning.
It does of course change behavior as the two conditions are actually
evaluated rather than being hardcoded to false, and I have made no
attempt at verifying that the changed logic makes sense in the context
of a USB HCD, so that part needs to be reviewed carefully.
Fixes: 1cd8fd2887e1 ("usb: gadget: dummy_hcd: add SuperSpeed support")
Cc: Tatyana Brokhman <tlinder@codeaurora.org>
Cc: Felipe Balbi <balbi@kernel.org>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit effd14f66cc1ef6701a19c5a56e39c35f4d395a5 upstream.
Cherry G230 Stream 2.0 (G85-231) and 3.0 (G85-232) need this quirk to
function correctly. This fixes a but where double pressing numlock locks
up the device completely with need to replug the keyboard.
Signed-off-by: Michael Niewöhner <linux@mniewoehner.de>
Tested-by: Michael Niewöhner <linux@mniewoehner.de>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit a84a1bcc992f0545a51d2e120b8ca2ef20e2ea97 upstream.
There are two new Realtek card readers require ums-realtek to work
correctly.
Add the new IDs to support them.
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Linux 3.18.128
drm/ast: Remove existing framebuffers before loading driver
* af_unix: move unix_mknod() out of bindlock
net/unix/af_unix.c
* tty: wipe buffer if not echoing data
drivers/tty/n_tty.c
* tty: wipe buffer.
drivers/tty/tty_buffer.c
scsi: qla2xxx: do not queue commands when unloading
* scsi: ufs: fix race between clock gating and devfreq scaling work
drivers/scsi/ufs/ufshcd.c
* scsi: ufshcd: Fix race between clk scaling and ungate work
drivers/scsi/ufs/ufshcd.c
* scsi: ufs: fix bugs related to null pointer access and array size
drivers/scsi/ufs/ufs.h
drivers/scsi/ufs/ufshcd.c
cw1200: Don't leak memory if krealloc failes
* Input: xpad - add support for Xbox1 PDP Camo series gamepad
drivers/input/joystick/xpad.c
* Input: xpad - fix GPD Win 2 controller name
drivers/input/joystick/xpad.c
* Input: xpad - add GPD Win 2 Controller USB IDs
drivers/input/joystick/xpad.c
* Input: xpad - avoid using __set_bit() for capabilities
drivers/input/joystick/xpad.c
* Input: xpad - fix some coding style issues
drivers/input/joystick/xpad.c
* Input: xpad - add PDP device id 0x02a4
drivers/input/joystick/xpad.c
* Input: xpad - add support for PDP Xbox One controllers
drivers/input/joystick/xpad.c
* Input: xpad - validate USB endpoint type during probe
drivers/input/joystick/xpad.c
* Input: xpad - fix PowerA init quirk for some gamepad models
drivers/input/joystick/xpad.c
* Input: xpad - constify usb_device_id
drivers/input/joystick/xpad.c
* Input: xpad - sync supported devices with XBCD
drivers/input/joystick/xpad.c
* Input: xpad - sync supported devices with 360Controller
drivers/input/joystick/xpad.c
* Input: xpad - add USB IDs for Mad Catz Brawlstick and Razer Sabertooth
drivers/input/joystick/xpad.c
* Input: xpad - sync supported devices with xboxdrv
drivers/input/joystick/xpad.c
* Input: xpad - sort supported devices by USB ID
drivers/input/joystick/xpad.c
* Input: xpad - support some quirky Xbox One pads
drivers/input/joystick/xpad.c
* Input: xpad - restore LED state after device resume
drivers/input/joystick/xpad.c
* Input: xpad - fix stuck mode button on Xbox One S pad
drivers/input/joystick/xpad.c
* Input: xpad - don't depend on endpoint order
drivers/input/joystick/xpad.c
* Input: xpad - simplify error condition in init_output
drivers/input/joystick/xpad.c
* Input: xpad - move reporting xbox one home button to common function
drivers/input/joystick/xpad.c
* Input: xpad - correctly sort vendor id's
drivers/input/joystick/xpad.c
* Input: xpad - use correct product id for x360w controllers
drivers/input/joystick/xpad.c
* Input: xpad - fix Xbox One rumble stopping after 2.5 secs
drivers/input/joystick/xpad.c
* Input: xpad - add product ID for Xbox One S pad
drivers/input/joystick/xpad.c
* Input: xpad - power off wireless 360 controllers on suspend
drivers/input/joystick/xpad.c
* Input: xpad - fix oops when attaching an unknown Xbox One gamepad
drivers/input/joystick/xpad.c
* Input: xpad - fix rumble on Xbox One controllers with 2015 firmware
drivers/input/joystick/xpad.c
* Input: xpad - xbox one elite controller support
drivers/input/joystick/xpad.c
* Input: xpad - add more third-party controllers
drivers/input/joystick/xpad.c
* Input: xpad - prevent spurious input from wired Xbox 360 controllers
drivers/input/joystick/xpad.c
* Input: xpad - move pending clear to the correct location
drivers/input/joystick/xpad.c
* Input: xpad - add Mad Catz FightStick TE 2 VID/PID
drivers/input/joystick/xpad.c
* Input: xpad - remove unused function
drivers/input/joystick/xpad.c
* Input: xpad - correct xbox one pad device name
drivers/input/joystick/xpad.c
* Input: xpad - use LED API when identifying wireless controllers
drivers/input/joystick/xpad.c
* Input: xpad - workaround dead irq_out after suspend/ resume
drivers/input/joystick/xpad.c
* Input: xpad - update Xbox One Force Feedback Support
drivers/input/joystick/xpad.c
* Input: xpad - correctly handle concurrent LED and FF requests
drivers/input/joystick/xpad.c
* Input: xpad - handle "present" and "gone" correctly
drivers/input/joystick/xpad.c
* Input: xpad - remove spurious events of wireless xpad 360 controller
drivers/input/joystick/xpad.c
* Input: xpad - fix clash of presence handling with LED setting
drivers/input/joystick/xpad.c
* Input: xpad - query wireless controller state at init
drivers/input/joystick/xpad.c
* Input: xpad - move the input device creation to a new function
drivers/input/joystick/xpad.c
* Input: xpad - x360w: report dpad as buttons and axes
drivers/input/joystick/xpad.c
* Input: xpad - factor out URB submission in xpad_play_effect
drivers/input/joystick/xpad.c
* Input: xpad - remove needless bulk out URB used for LED setup
drivers/input/joystick/xpad.c
* Input: xpad - use ida() for finding the pad_nr
drivers/input/joystick/xpad.c
* Input: xpad - clarify LED enumeration
drivers/input/joystick/xpad.c
* Input: xpad - fix Razer Atrox Arcade Stick button mapping
drivers/input/joystick/xpad.c
* Input: xpad - add Covert Forces edition of the Xbox One controller
drivers/input/joystick/xpad.c
* Input: xpad - re-send LED command on present event
drivers/input/joystick/xpad.c
* Input: xpad - set the LEDs properly on XBox Wireless controllers
drivers/input/joystick/xpad.c
* Input: xpad - add rumble support for Xbox One controller
drivers/input/joystick/xpad.c
* Input: initialize device counter variables with -1
drivers/input/joystick/xpad.c
drivers/input/serio/serio.c
* arm64: remove no-op -p linker flag
arch/arm64/Makefile
* tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset
mm/shmem.c
powerpc/numa: Suppress "VPHN is not supported" messages
kdb: Use strscpy with destination buffer size
SUNRPC: Fix a bogus get/put in generic_key_to_expire()
cpufreq: imx6q: add return value check for voltage scale
can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb
can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds
can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length
can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb()
drm/ast: change resolution may cause screen blurred
drm/ast: fixed cursor may disappear sometimes
* llc: do not use sk_eat_skb()
net/llc/af_llc.c
gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd
sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer
bfs: add sanity check at bfs_fill_super()
v9fs_dir_readdir: fix double-free on p9stat_read error
* usb: core: Fix hub port connection events lost
drivers/usb/core/hub.c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 22454b79e6de05fa61a2a72d00d2eed798abbb75 upstream.
This will clear the USB_PORT_FEAT_C_CONNECTION bit in case of a hub port reset
only if a device is was attached to the hub port before resetting the hub port.
Using a Lenovo T480s attached to the ultra dock it was not possible to detect
some usb-c devices at the dock usb-c ports because the hub_port_reset code
will clear the USB_PORT_FEAT_C_CONNECTION bit after the actual hub port reset.
Using this device combo the USB_PORT_FEAT_C_CONNECTION bit was set between the
actual hub port reset and the clear of the USB_PORT_FEAT_C_CONNECTION bit.
This ends up with clearing the USB_PORT_FEAT_C_CONNECTION bit after the
new device was attached such that it was not detected.
This patch will not clear the USB_PORT_FEAT_C_CONNECTION bit if there is
currently no device attached to the port before the hub port reset.
This will avoid clearing the connection bit for new attached devices.
Signed-off-by: Dennis Wassenberg <dennis.wassenberg@secunet.com>
Acked-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Linux 3.18.127
* HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges
drivers/hid/uhid.c
* new helper: uaccess_kernel()
include/linux/uaccess.h
ACPI / platform: Add SMB0001 HID to forbidden_id_list
USB: misc: appledisplay: add 20" Apple Cinema Display
misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data
* usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB
drivers/usb/core/quirks.c
* USB: quirks: Add no-lpm quirk for Raydium touchscreens
drivers/usb/core/quirks.c
usb: cdc-acm: add entry for Hiro (Conexant) modem
* uio: Fix an Oops on load
drivers/uio/uio.c
* media: v4l: event: Add subscription to list before calling "add" operation
drivers/media/v4l2-core/v4l2-event.c
* Revert "Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV"
drivers/bluetooth/Kconfig
SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer()
Revert "Revert "drm/i915: Fix mutex->owner inspection race under DEBUG_MUTEXES""
* zram: close udev startup race condition as default groups
drivers/block/zram/zram_drv.c
lib/raid6: Fix arm64 test build
s390/vdso: add missing FORCE to build targets
clk: samsung: exynos5420: Enable PERIS clocks for suspend
fs/exofs: fix potential memory leak in mount option parsing
um: Give start_idle_thread() a return code
hfsplus: prevent btree data loss on root split
hfs: prevent btree data loss on root split
reiserfs: propagate errors from fill_with_dentries() properly
* net-gro: reset skb->pkt_type in napi_reuse_skb()
net/core/dev.c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit f6501f49199097b99e4e263644d88c90d1ec1060 upstream.
Add another Apple Cinema Display to the list of supported displays
Signed-off-by: Mattias Jacobsson <2pi@mok.nu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit a77112577667cbda7c6292c52d909636aef31fd9 upstream.
Following on from this patch: https://lkml.org/lkml/2017/11/3/516,
Corsair K70 LUX RGB keyboards also require the DELAY_INIT quirk to
start correctly at boot.
Dmesg output:
usb 1-6: string descriptor 0 read error: -110
usb 1-6: New USB device found, idVendor=1b1c, idProduct=1b33
usb 1-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-6: can't set config #1, error -110
Signed-off-by: Emmanuel Pescosta <emmanuelpescosta099@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit deefd24228a172d1b27d4a9adbfd2cdacd60ae64 upstream.
Raydium USB touchscreen fails to set config if LPM is enabled:
[ 2.030658] usb 1-8: New USB device found, idVendor=2386, idProduct=3119
[ 2.030659] usb 1-8: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 2.030660] usb 1-8: Product: Raydium Touch System
[ 2.030661] usb 1-8: Manufacturer: Raydium Corporation
[ 7.132209] usb 1-8: can't set config #1, error -110
Same behavior can be observed on 2386:3114.
Raydium claims the touchscreen supports LPM under Windows, so I used
Microsoft USB Test Tools (MUTT) [1] to check its LPM status. MUTT shows
that the LPM doesn't work under Windows, either. So let's just disable LPM
for Raydium touchscreens.
[1] https://docs.microsoft.com/en-us/windows-hardware/drivers/usbcon/usb-test-tools
Signed-off-by: Kai-Heng Feng <kai.heng.feng@canonical.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 63529eaa6164ef7ab4b907b25ac3648177e5e78f upstream.
The cdc-acm kernel module currently does not support the Hiro (Conexant)
H05228 USB modem. The patch below adds the device specific information:
idVendor 0x0572
idProduct 0x1349
Signed-off-by: Maarten Jacobs <maarten256@outlook.com>
Acked-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Linux 3.18.126
hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444!
* configfs: replace strncpy with memcpy
fs/configfs/symlink.c
* fuse: fix leaked notify reply
fs/fuse/dev.c
sunrpc: correct the computation for page_ptr when truncating
* mount: Prevent MNT_DETACH from disconnecting locked mounts
fs/namespace.c
* mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts
fs/namespace.c
* mount: Retest MNT_LOCKED in do_umount
fs/namespace.c
* ext4: fix buffer leak in __ext4_read_dirblock() on error path
fs/ext4/namei.c
* ext4: fix buffer leak in ext4_xattr_move_to_block() on error path
fs/ext4/xattr.c
* ext4: release bs.bh before re-using in ext4_xattr_block_find()
fs/ext4/xattr.c
* ext4: fix possible leak of sbi->s_group_desc_leak in error path
fs/ext4/super.c
* ext4: avoid possible double brelse() in add_new_gdb() on error path
fs/ext4/resize.c
* ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing
fs/ext4/resize.c
* ext4: avoid buffer leak in ext4_orphan_add() after prior errors
fs/ext4/namei.c
* ext4: fix possible inode leak in the retry loop of ext4_resize_fs()
fs/ext4/resize.c
* ext4: avoid potential extra brelse in setup_new_flex_group_blocks()
fs/ext4/resize.c
* ext4: add missing brelse() add_new_gdb_meta_bg()'s error path
fs/ext4/resize.c
* ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path
fs/ext4/resize.c
* ext4: add missing brelse() update_backups()'s error path
fs/ext4/resize.c
arch/alpha, termios: implement BOTHER, IBSHIFT and termios2
* termios, tty/tty_baudrate.c: fix buffer overrun
drivers/tty/tty_ioctl.c
* mtd: docg3: don't set conflicting BCH_CONST_PARAMS option
drivers/mtd/devices/Kconfig
ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry
mach64: fix image corruption due to reading accelerator registers
mach64: fix display corruption on big endian machines
libceph: bump CEPH_MSG_MAX_DATA_LEN
xtensa: fix boot parameters address translation
cdrom: fix improper type cast, which can leat to information leak.
9p: clear dangling pointers in p9stat_free
media: tvp5150: fix width alignment during set_selection()
powerpc/boot: Ensure _zimage_start is a weak symbol
MIPS: kexec: Mark CPU offline before disabling local IRQ
media: pci: cx23885: handle adding to list failure
drm/omap: fix memory barrier bug in DMM driver
powerpc/nohash: fix undefined behaviour when testing page size support
* tty: check name length in tty_find_polling_driver()
drivers/tty/tty_io.c
* dm: remove duplicate dm_get_live_table() in __dm_destroy()
drivers/md/dm.c
Cramfs: fix abad comparison when wrap-arounds occur
media: em28xx: make v4l2-compliance happier by starting sequence on zero
media: em28xx: fix input name for Terratec AV 350
media: em28xx: use a default format if TRY_FMT fails
kgdboc: Passing ekgdboc to command line causes panic
TC: Set DMA masks for devices
* dm ioctl: harden copy_params()'s copy_from_user() from malicious users
drivers/md/dm-ioctl.c
lockd: fix access beyond unterminated strings in prints
nfsd: Fix an Oops in free_session()
NFSv4.1: Fix the r/wsize checking
* printk: Fix panic caused by passing log_buf_len to command line
kernel/printk/printk.c
smb3: on kerberos mount if server doesn't specify auth type use krb5
smb3: do not attempt cifs operation in smb3 query info error path
smb3: allow stats which track session and share reconnects to be reset
w1: omap-hdq: fix missing bus unregister at removal
iio: adc: at91: fix wrong channel number in triggered buffer mode
iio: adc: at91: fix acking DRDY irq on simple conversions
* kbuild: fix kernel/bounds.c 'W=1' warning
kernel/bounds.c
ima: fix showing large 'violations' or 'runtime_measurements_count'
crypto: lrw - Fix out-of bounds access on counter overflow
signal/GenWQE: Fix sending of SIGKILL
* ext4: initialize retries variable in ext4_da_write_inline_data_begin()
fs/ext4/inline.c
gfs2_meta: ->mount() can get NULL dev_name
* jbd2: fix use after free in jbd2_log_do_checkpoint()
fs/jbd2/checkpoint.c
net/ipv4: defensive cipso option parsing
* signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
kernel/signal.c
scsi: lpfc: Correct soft lockup when running mds diagnostics
* uio: ensure class is registered before devices
drivers/uio/uio.c
usb: chipidea: Prevent unbalanced IRQ disable
* ext4: fix argument checking in EXT4_IOC_MOVE_EXT
fs/ext4/move_extent.c
scsi: esp_scsi: Track residual for PIO transfers
ath10k: schedule hardware restart if WMI command times out
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
x86: boot: Fix EFI stub alignment
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
perf tools: Cleanup trace-event-info 'tdata' leak
perf tools: Free temporary 'sys' string in read_event_files()
* tun: Consistently configure generic netdev params via rtnetlink
drivers/net/tun.c
swim: fix cleanup on setup error
ataflop: fix error handling during setup
* locking/lockdep: Fix debug_locks off performance problem
lib/debug_locks.c
selftests: ftrace: Add synthetic event syntax testcase
net: qla3xxx: Remove overflowing shift statement
sparc: Throttle perf events properly.
sparc: Fix single-pcr perf event counter management.
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
jffs2: free jffs2_sb_info through jffs2_kill_sb()
bcache: fix miss key refill->end in writeback
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 8b97d73c4d72a2abf58f8e49062a7ee1e5f1334e ]
The ChipIdea IRQ is disabled before scheduling the otg work and
re-enabled on otg work completion. However if the job is already
scheduled we have to undo the effect of disable_irq int order to
balance the IRQ disable-depth value.
Fixes: be6b0c1bd0be ("usb: chipidea: using one inline function to cover queue work operations")
Signed-off-by: Loic Poulain <loic.poulain@linaro.org>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Linux 3.18.125
* sched/fair: Fix throttle_list starvation with low CFS quota
kernel/sched/fair.c
kernel/sched/sched.h
* USB: fix the usbfs flag sanitization for control transfers
drivers/usb/core/devio.c
cdc-acm: correct counting of UART states in serial state notification
cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
net: sched: gred: pass the right attribute to gred_change_table_def()
* rtnetlink: Disallow FDB configuration for non-Ethernet device
net/core/rtnetlink.c
* net: drop skb on failure in ip_check_defrag()
net/ipv4/ip_fragment.c
sctp: fix race on sctp_id2asoc
r8169: fix NAPI handling under high load
net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
* net: socket: fix a missing-check bug
net/socket.c
* net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
net/ipv6/addrconf.c
* ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
net/ipv6/ndisc.c
* ipv6: mcast: fix a use-after-free in inet6_mc_check
net/ipv6/mcast.c
* mremap: properly flush TLB before releasing the page
mm/mremap.c
* /proc/iomem: only expose physical resource addresses to privileged users
kernel/resource.c
perf tools: Disable parallelism for 'make clean'
* fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
fs/fat/fatent.c
* unix: correctly track in-flight fds in sending process user_struct
include/net/af_unix.h
include/net/scm.h
net/core/scm.c
net/unix/af_unix.c
net/unix/garbage.c
x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs
* net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration
include/net/sock.h
* USB: hub: fix up early-exit pathway in hub_activate
drivers/usb/core/hub.c
* KEYS: put keyring if install_session_keyring_to_cred() fails
security/keys/process_keys.c
igb: fix NULL derefs due to skipped SR-IOV enabling
ovl: fix open in stacked overlay
iwlwifi: pcie: correctly define 7265-D cfg
sctp: translate network order to host order when users get a hmacid
* vfs: Make sendfile(2) killable even better
fs/splice.c
* PCI: Fix devfn for VPD access through function 0
drivers/pci/access.c
x86/ldt: Fix small LDT allocation for Xen
* Revert "SCSI: Fix NULL pointer dereference in runtime PM"
drivers/scsi/scsi_pm.c
* mm: migrate: hugetlb: putback destination hugepage to active list
mm/migrate.c
* perf: Fix PERF_EVENT_IOC_PERIOD deadlock
kernel/events/core.c
libata: blacklist Micron 500IT SSD with MU01 firmware
igb: Unpair the queues when changing the number of queues
Btrfs: do not ignore errors from btrfs_lookup_xattr in do_setxattr
* tty: audit: Fix audit source
drivers/tty/n_tty.c
drivers/tty/tty_audit.c
include/linux/tty.h
* ALSA: usb-audio: Add a more accurate volume quirk for AudioQuest DragonFly
sound/usb/mixer.c
sound/usb/mixer_maps.c
sound/usb/mixer_quirks.c
sound/usb/mixer_quirks.h
ALSA: hda - Add headset mic support for Acer Aspire V5-573G
rtlwifi: rtl8821ae: Fix lockups on boot
rtlwifi: rtl8821ae: Fix system lockups on boot
selftests: Introduce a new script to generate tc batch file
mtd: blkdevs: fix potential deadlock + lockdep warnings
* ASoC: dapm: Don't add prefix to widget stream name
sound/soc/soc-dapm.c
* lib: make memzero_explicit more robust against dead store elimination
include/linux/compiler-gcc.h
include/linux/compiler.h
lib/string.c
dm9000: Fix irq trigger type setup on non-dt platforms
MIPS: Fix up obsolete cpu_set usage
perf bench numa: Fix to show proper convergence stats
net: ethernet: davicom: fix devicetree irq resource
* ext4: fix an ext3 collapse range regression in xfstests
fs/ext4/extents.c
x86/idle: Restore trace_cpu_idle to mwait_idle() calls
tty: serial: fsl_lpuart: fix clearing of receive flag
iommu/vt-d: Fix VM domain ID leak
net/mlx4_en: Remove dependency between timestamping capability and service_task
arm/arm64: KVM: Take mmap_sem in stage2_unmap_vm
* dm: fix AB-BA deadlock in __dm_destroy()
drivers/md/dm.c
pinctrl: imx25: ensure that a pin with id i is at position i in the info array
Btrfs: avoid syncing log in the fast fsync path when not necessary
* of/pci: Remove duplicate kfree in of_pci_get_host_bridge_resources()
drivers/of/of_pci.c
x86/irq: Check for valid irq descriptor in check_irq_vectors_for_cpu_disable()
* rcu: Clear need_qs flag to prevent splat
kernel/rcu/tree_plugin.h
nfs: fix high load average due to callback thread sleeping
* rtnl: don't account unused struct ifla_port_vsi in rtnl_port_size
net/core/rtnetlink.c
* quota: Fix maximum quota limit settings
fs/quota/quota_v2.c
clk: rockchip: fix deadlock possibility in cpuclk
ARM: dts: disable CCI on exynos5420 based arndale-octa
drivers: bus: check cci device tree node status
perf tools: Fix segfault for symbol annotation on TUI
perf tools: Avoid build splat for syscall numbers with uclibc
perf tools: Fix statfs.f_type data type mismatch build error with uclibc
perf machine: Fix __machine__findnew_thread() error path
perf/x86/intel: Fix bug for "cycles:p" and "cycles:pp" on SLM
perf/rapl: Fix sysfs_show() initialization for RAPL PMU
* tracing: Fix enabling of syscall events on the command line
kernel/trace/trace_events.c
fbdev/broadsheetfb: fix memory leak
ARM: at91: board-dt-sama5: add phy_fixup to override NAND_Tree
ARM: at91/dt: sam9263: Add missing clocks to lcdc node
ARM: at91: sama5d3: dt: correct the sound route
ARM: at91/dt: sama5d4: fix the timer reg length
mcb: mcb-pci: Only remap the 1st 0x200 bytes of BAR 0
serial: samsung: Add the support for Exynos5433 SoC
* Revert "tty: Fix pty master poll() after slave closes v2"
drivers/tty/n_tty.c
usb: host: ehci-tegra: request deferred probe when failing to get phy
uas: disable UAS on Apricorn SATA dongles
USB: EHCI: adjust error return code
* scsi: ->queue_rq can't sleep
drivers/scsi/scsi_lib.c
arm: dts: Use pmu_system_controller phandle for dp phy
NFSv4: Remove incorrect check in can_open_delegated()
NFS: Ignore transport protocol when detecting server trunking
NFSv4/v4.1: Verify the client owner id during trunking detection
* NFSv4: Cache the NFSv4/v4.1 client owner_id in the struct nfs_client
include/linux/nfs_fs_sb.h
ARM: dra7xx: Fix counter frequency drift for AM572x errata i856
* iio: iio: Fix iio_channel_read return if channel havn't info
drivers/iio/inkern.c
phy: phy-ti-pipe3: fix inconsistent enumeration of PCIe gen2 cards
phy-sun4i-usb: Change disconnect threshold value for sun6i
usb: dwc2: gadget: kill requests with 'force' in s3c_hsotg_udc_stop()
* usb: musb: Fix randconfig build issues for Kconfig options
drivers/usb/musb/Kconfig
* usb: gadget: f_uac1: access freed memory at f_audio_free_inst
drivers/usb/gadget/function/f_uac1.c
usb: musb: Fix a few off-by-one lengths
ARM: shmobile: r8a7740: Instantiate GIC from C board code in legacy builds
* PCI: Mark Atheros AR9580 to avoid bus reset
drivers/pci/quirks.c
pinctrl: at91: fix null pointer dereference
Revert "drm/i915: Fix mutex->owner inspection race under DEBUG_MUTEXES"
ahci_xgene: Fix the DMA state machine lockup for the ATA_CMD_PACKET PIO mode command.
usb: gadget: gadgetfs: fix an oops in ep_write()
mmc: sdhci: restore behavior when setting VDD via external regulator
s390/ftrace/jprobes: Fix conflict between jprobes and function graph tracing
cxl: Fix issues when unmapping contexts
USB: qcserial: Fix support for HP lt4112 LTE/HSPA+ Gobi 4G Modem
s390/kvm: REPLACE barrier fixup with READ_ONCE
ocfs2: fix journal commit deadlock in ocfs2_convert_inline_data_to_extents
dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition
net: cxgb3_main: fix a missing-check bug
* perf/ring_buffer: Prevent concurent ring buffer access
kernel/events/core.c
smsc95xx: Check for Wake-on-LAN modes
smsc75xx: Check for Wake-on-LAN modes
sr9800: Check for supported Wake-on-LAN modes
* ax88179_178a: Check for supported Wake-on-LAN modes
drivers/net/usb/ax88179_178a.c
* asix: Check for supported Wake-on-LAN modes
drivers/net/usb/asix_common.c
* xfrm: validate template mode
net/xfrm/xfrm_user.c
ARM: 8799/1: mm: fix pci_ioremap_io() offset check
* cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
net/wireless/reg.c
* xfrm6: call kfree_skb when skb is toobig
net/ipv6/xfrm6_output.c
* xfrm: Validate address prefix lengths in the xfrm selector.
net/xfrm/xfrm_user.c
powerpc/tm: Avoid possible userspace r1 corruption on reclaim
powerpc/tm: Fix userspace r13 corruption
media: af9035: prevent buffer overflow on write
* ip6_tunnel: be careful when accessing the inner header
net/ipv6/ip6_tunnel.c
* rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096
net/core/rtnetlink.c
net: systemport: Fix wake-up interrupt race during resume
net: mvpp2: Extract the correct ethtype from the skb for tx csum offload
team: Forbid enslaving team device to itself
qlcnic: fix Tx descriptor corruption on 82xx devices
net/usb: cancel pending work when unbinding smsc75xx
netlabel: check for IPV4MASK in addrinfo_get
* net/ipv6: Display all addresses in output of /proc/net/if_inet6
net/ipv6/addrconf.c
* ip_tunnel: be careful when accessing the inner header
net/ipv4/ip_tunnel.c
* xhci: Don't print a warning when setting link state for disabled ports
drivers/usb/host/xhci-hub.c
i2c: i2c-scmi: fix for i2c_smbus_write_block_data
mach64: detect the dot clock divider correctly on sparc
stmmac: fix valid numbers of unicast filter entries
mfd: omap-usb-host: Fix dts probe of children
selftests/efivarfs: add required kernel configs
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 665c365a77fbfeabe52694aedf3446d5f2f1ce42 upstream.
Commit 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more") checks the
transfer flags for URBs submitted from userspace via usbfs. However,
the check for whether the USBDEVFS_URB_SHORT_NOT_OK flag should be
allowed for a control transfer was added in the wrong place, before
the code has properly determined the direction of the control
transfer. (Control transfers are special because for them, the
direction is set by the bRequestType byte of the Setup packet rather
than direction bit of the endpoint address.)
This patch moves code which sets up the allow_short flag for control
transfers down after is_in has been set to the correct value.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-and-tested-by: syzbot+24a30223a4b609bb802e@syzkaller.appspotmail.com
Fixes: 7a68d9fb8510 ("USB: usbdevfs: sanitize flags more")
CC: Oliver Neukum <oneukum@suse.com>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit f976d0e5747ca65ccd0fb2a4118b193d70aa1836 upstream.
The usb standard ("Universal Serial Bus Class Definitions for Communication
Devices") distiguishes between "consistent signals" (DSR, DCD), and
"irregular signals" (break, ring, parity error, framing error, overrun).
The bits of "irregular signals" are set, if this error/event occurred on
the device side and are immeadeatly unset, if the serial state notification
was sent.
Like other drivers of real serial ports do, just the occurence of those
events should be counted in serial_icounter_struct (but no 1->0
transitions).
Signed-off-by: Tobias Herzog <t-herzog@gmx.de>
Acked-by: Oliver Neukum <oneukum@suse.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit ca5cbc8b02f9b21cc8cd1ab36668763ec34f9ee8 ]
The early-exit pathway in hub_activate, added by commit e50293ef9775
("USB: fix invalid memory access in hub_activate()") needs
improvement. It duplicates code that is already present at the end of
the subroutine, and it neglects to undo the effect of a
usb_autopm_get_interface_no_resume() call.
This patch fixes both problems by making the early-exit pathway jump
directly to the end of the subroutine. It simplifies the code at the
end by merging two conditionals that actually test the same condition
although they appear different: If type < HUB_INIT3 then type must be
either HUB_INIT2 or HUB_INIT, and it can't be HUB_INIT because in that
case the subroutine would have exited earlier.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
CC: <stable@vger.kernel.org> #4.4+
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit f56e67f0a880a5b795cdb5f62614aafe264c5304 ]
The commit 1290a958d48e ("usb: phy: propagate __of_usb_find_phy()'s error on
failure") changed the condition to return -EPROBE_DEFER to host driver.
Originally the Tegra host driver depended on the returned -EPROBE_DEFER to
get the phy device later when booting. Now we have to do that explicitly.
Signed-off-by: Vince Hsu <vinceh@nvidia.com>
Tested-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 36d1ffdb210ec2d0d6a69e9f6466ae8727d34119 ]
The Apricorn SATA dongle will occasionally return "USBSUSBSUSB" in
response to SCSI commands when running in UAS mode. Therefore,
disable UAS mode on this dongle.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Acked-by: Hans de Goede <hdegoede@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit c401e7b4a808d50ab53ef45cb8d0b99b238bf2c9 ]
The USB stack uses error code -ENOSPC to indicate that the periodic
schedule is too full, with insufficient bandwidth to accommodate a new
allocation. It uses -EFBIG to indicate that an isochronous transfer
could not be linked into the schedule because it would exceed the
number of isochronous packets the host controller driver can handle
(generally because the new transfer would extend too far into the
future).
ehci-hcd uses the wrong error code at one point. This patch fixes it,
along with a misleading comment and debugging message.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 62f4f0651ce8ef966a0e5b6db6a7a524c268fdd2 ]
This makes us sure that all requests are completed before we unbind
gadget. There are assumptions in gadget API that all requests have to
be completed and leak of complete can break some usb function drivers.
For example unbind of ECM function can cause NULL pointer dereference:
[ 26.396595] configfs-gadget gadget: unbind function
'cdc_ethernet'/e79c4c00
[ 26.414999] Unable to handle kernel NULL pointer dereference at
virtual address 00000000
(...)
[ 26.452223] PC is at ecm_unbind+0x6c/0x9c
[ 26.456209] LR is at ecm_unbind+0x68/0x9c
(...)
[ 26.603696] [<c033fdb4>] (ecm_unbind) from [<c033661c>]
(purge_configs_funcs+0x94/0xd8)
[ 26.611674] [<c033661c>] (purge_configs_funcs) from [<c0336674>]
(configfs_composite_unbind+0x14/0x34)
[ 26.620961] [<c0336674>] (configfs_composite_unbind) from
[<c0337124>] (usb_gadget_remove_driver+0x68/0x9c)
[ 26.630683] [<c0337124>] (usb_gadget_remove_driver) from [<c03376c8>]
(usb_gadget_unregister_driver+0x64/0x94)
[ 26.640664] [<c03376c8>] (usb_gadget_unregister_driver) from
[<c0336be8>] (unregister_gadget+0x20/0x3c)
[ 26.650038] [<c0336be8>] (unregister_gadget) from [<c0336c84>]
(gadget_dev_desc_UDC_store+0x80/0xb8)
[ 26.659152] [<c0336c84>] (gadget_dev_desc_UDC_store) from
[<c0335120>] (gadget_info_attr_store+0x1c/0x28)
[ 26.668703] [<c0335120>] (gadget_info_attr_store) from [<c012135c>]
(configfs_write_file+0xe8/0x148)
[ 26.677818] [<c012135c>] (configfs_write_file) from [<c00c8dd4>]
(vfs_write+0xb0/0x1a0)
[ 26.685801] [<c00c8dd4>] (vfs_write) from [<c00c91b8>]
(SyS_write+0x44/0x84)
[ 26.692834] [<c00c91b8>] (SyS_write) from [<c000e560>]
(ret_fast_syscall+0x0/0x30)
[ 26.700381] Code: e30409f8 e34c0069 eb07b88d e59430a8 (e5930000)
[ 26.706485] ---[ end trace f62a082b323838a2 ]---
It's because in some cases request is still running on endpoint during
unbind and kill_all_requests() called from s3c_hsotg_udc_stop() function
doesn't cause call of complete() of request. Missing complete() call
causes ecm->notify_req equals NULL in ecm_unbind() function, and this
is reason of this bug.
Similar breaks can be observed in another usb function drivers.
This patch fixes this bug forcing usb request completion in when
s3c_hsotg_ep_disable() is called from s3c_hsotg_udc_stop().
Acked-by: Paul Zimmerman <paulz@synopsys.com>
Signed-off-by: Robert Baldyga <r.baldyga@samsung.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit c0442479652b99b62dd1ffccb34231caff25751c ]
Commit 82c02f58ba3a ("usb: musb: Allow multiple glue layers to be
built in") enabled selecting multiple glue layers, which in turn
exposed things more for randconfig builds. If NOP_USB_XCEIV is
built-in and TUSB6010 is a loadable module, we will get:
drivers/built-in.o: In function `tusb_remove':
tusb6010.c:(.text+0x16a817): undefined reference to `usb_phy_generic_unregister'
drivers/built-in.o: In function `tusb_probe':
tusb6010.c:(.text+0x16b24e): undefined reference to `usb_phy_generic_register'
make: *** [vmlinux] Error 1
Let's fix this the same way as commit 70c1ff4b3c86 ("usb: musb:
tusb-dma can't be built-in if tusb is not").
And while at it, let's not allow selecting the glue layers except
on platforms really using them unless COMPILE_TEST is specified:
- TUSB6010 is in practise only used on omaps
- DSPS is only used on TI platforms
- UX500 is only used on STE platforms
Cc: Linus Walleij <linus.walleij@linaro.org>
Reported-by: Jim Davis <jim.epost@gmail.com>
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 4fde6204df052bb89ba3d915ed6ed9f306f3cfa1 ]
At f_audio_free_inst, it tries to access struct gaudio *card which is
freed at f_audio_free, it causes below oops if the audio device is not
there (do unload module may trigger the same problem). The gaudio_cleanup
is related to function, so it is better move to f_audio_free.
root@freescale ~$ modprobe g_audio
[ 751.968931] g_audio gadget: unable to open sound control device file: /dev/snd/controlC0
[ 751.977134] g_audio gadget: we need at least one control device
[ 751.988633] Unable to handle kernel paging request at virtual address 455f448e
[ 751.995963] pgd = bd42c000
[ 751.998681] [455f448e] *pgd=00000000
[ 752.002383] Internal error: Oops: 5 [#1] SMP ARM
[ 752.007008] Modules linked in: usb_f_uac1 g_audio(+) usb_f_mass_storage libcomposite configfs [last unloaded: g_mass_storage]
[ 752.018427] CPU: 0 PID: 692 Comm: modprobe Not tainted 3.18.0-rc4-00345-g842f57b #10
[ 752.026176] task: bdb3ba80 ti: bd41a000 task.ti: bd41a000
[ 752.031590] PC is at filp_close+0xc/0x84
[ 752.035530] LR is at gaudio_cleanup+0x28/0x54 [usb_f_uac1]
[ 752.041023] pc : [<800ec94c>] lr : [<7f03c63c>] psr: 20000013
[ 752.041023] sp : bd41bcc8 ip : bd41bce8 fp : bd41bce4
[ 752.052504] r10: 7f036234 r9 : 7f036220 r8 : 7f036500
[ 752.057732] r7 : bd456480 r6 : 7f036500 r5 : 7f03626c r4 : bd441000
[ 752.064264] r3 : 7f03b3dc r2 : 7f03cab0 r1 : 00000000 r0 : 455f4456
[ 752.070798] Flags: nzCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment user
[ 752.077938] Control: 10c5387d Table: bd42c04a DAC: 00000015
[ 752.083688] Process modprobe (pid: 692, stack limit = 0xbd41a240)
[ 752.089786] Stack: (0xbd41bcc8 to 0xbd41c000)
[ 752.094152] bcc0: 7f03b3dc bd441000 7f03626c 7f036500 bd41bcfc bd41bce8
[ 752.102337] bce0: 7f03c63c 800ec94c 7f03b3dc bdaa6b00 bd41bd14 bd41bd00 7f03b3f4 7f03c620
[ 752.110521] bd00: 7f03b3dc 7f03cbd4 bd41bd2c bd41bd18 7f00f88c 7f03b3e8 00000000 fffffffe
[ 752.118705] bd20: bd41bd5c bd41bd30 7f0380d8 7f00f874 7f038000 bd456480 7f036364 be392240
[ 752.126889] bd40: 00000000 7f00f620 7f00f638 bd41a008 bd41bd94 bd41bd60 7f00f6d4 7f03800c
[ 752.135073] bd60: 00000001 00000000 8047438c be3a4000 7f036364 7f036364 7f00db28 7f00f620
[ 752.143257] bd80: 7f00f638 bd41a008 bd41bdb4 bd41bd98 804742ac 7f00f644 00000000 809adde0
[ 752.151442] bda0: 7f036364 7f036364 bd41bdcc bd41bdb8 804743c8 80474284 7f03633c 7f036200
[ 752.159626] bdc0: bd41bdf4 bd41bdd0 7f00d5b4 8047435c bd41a000 80974060 7f038158 00000000
[ 752.167811] bde0: 80974060 bdaa9940 bd41be04 bd41bdf8 7f03816c 7f00d518 bd41be8c bd41be08
[ 752.175995] be00: 80008a5c 7f038164 be001f00 7f0363c4 bd41bf48 00000000 bd41be54 bd41be28
[ 752.184179] be20: 800e9498 800e8e74 00000002 00000003 bd4129c0 c0a07000 00000001 7f0363c4
[ 752.192363] be40: bd41bf48 00000000 bd41be74 bd41be58 800de780 800e9320 bd41a000 7f0363d0
[ 752.200547] be60: 00000000 bd41a000 7f0363d0 00000000 bd41beec 7f0363c4 bd41bf48 00000000
[ 752.208731] be80: bd41bf44 bd41be90 80093e54 800089e0 ffff8000 00007fff 80091390 0000065f
[ 752.216915] bea0: 00000000 c0a0834c bd41bf7c 00000086 bd41bf50 00000000 7f03651c 00000086
[ 752.225099] bec0: bd41a010 00c28758 800ddcc4 800ddae0 000000d2 bd412a00 bd41bf24 00000000
[ 752.233283] bee0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
[ 752.241467] bf00: 00000000 00000000 00000000 00000000 00000000 00000000 bd41bf44 000025b0
[ 752.249651] bf20: 00c28a08 00c28758 00000080 8000edc4 bd41a000 00000000 bd41bfa4 bd41bf48
[ 752.257835] bf40: 800943e4 800932ec c0a07000 000025b0 c0a07f8c c0a07ea4 c0a08e5c 0000051c
[ 752.266019] bf60: 0000088c 00000000 00000000 00000000 00000018 00000019 00000010 0000000b
[ 752.274203] bf80: 00000009 00000000 00000000 000025b0 00000000 00c28758 00000000 bd41bfa8
[ 752.282387] bfa0: 8000ec00 8009430c 000025b0 00000000 00c28a08 000025b0 00c28758 00c28980
[ 752.290571] bfc0: 000025b0 00000000 00c28758 00000080 000a6a78 00000007 00c28718 00c28980
[ 752.298756] bfe0: 7ebc1af0 7ebc1ae0 0001a32c 76e9c490 60000010 00c28a08 22013510 ecebffff
[ 752.306933] Backtrace:
[ 752.309414] [<800ec940>] (filp_close) from [<7f03c63c>] (gaudio_cleanup+0x28/0x54 [usb_f_uac1])
[ 752.318115] r6:7f036500 r5:7f03626c r4:bd441000 r3:7f03b3dc
[ 752.323851] [<7f03c614>] (gaudio_cleanup [usb_f_uac1]) from [<7f03b3f4>] (f_audio_free_inst+0x18/0x68 [usb_f_uac1])
[ 752.334288] r4:bdaa6b00 r3:7f03b3dc
[ 752.337931] [<7f03b3dc>] (f_audio_free_inst [usb_f_uac1]) from [<7f00f88c>] (usb_put_function_instance+0x24/0x30 [libcomposite])
[ 752.349498] r4:7f03cbd4 r3:7f03b3dc
[ 752.353127] [<7f00f868>] (usb_put_function_instance [libcomposite]) from [<7f0380d8>] (audio_bind+0xd8/0xfc [g_audio])
[ 752.363824] r4:fffffffe r3:00000000
[ 752.367456] [<7f038000>] (audio_bind [g_audio]) from [<7f00f6d4>] (composite_bind+0x9c/0x1e8 [libcomposite])
[ 752.377284] r10:bd41a008 r9:7f00f638 r8:7f00f620 r7:00000000 r6:be392240 r5:7f036364
[ 752.385193] r4:bd456480 r3:7f038000
[ 752.388825] [<7f00f638>] (composite_bind [libcomposite]) from [<804742ac>] (udc_bind_to_driver+0x34/0xd8)
[ 752.398394] r10:bd41a008 r9:7f00f638 r8:7f00f620 r7:7f00db28 r6:7f036364 r5:7f036364
[ 752.406302] r4:be3a4000
[ 752.408860] [<80474278>] (udc_bind_to_driver) from [<804743c8>] (usb_gadget_probe_driver+0x78/0xa8)
[ 752.417908] r6:7f036364 r5:7f036364 r4:809adde0 r3:00000000
[ 752.423649] [<80474350>] (usb_gadget_probe_driver) from [<7f00d5b4>] (usb_composite_probe+0xa8/0xd4 [libcomposite])
[ 752.434086] r5:7f036200 r4:7f03633c
[ 752.437713] [<7f00d50c>] (usb_composite_probe [libcomposite]) from [<7f03816c>] (audio_driver_init+0x14/0x1c [g_audio])
[ 752.448498] r9:bdaa9940 r8:80974060 r7:00000000 r6:7f038158 r5:80974060 r4:bd41a000
[ 752.456330] [<7f038158>] (audio_driver_init [g_audio]) from [<80008a5c>] (do_one_initcall+0x88/0x1d4)
[ 752.465564] [<800089d4>] (do_one_initcall) from [<80093e54>] (load_module+0xb74/0x1020)
[ 752.473571] r10:00000000 r9:bd41bf48 r8:7f0363c4 r7:bd41beec r6:00000000 r5:7f0363d0
[ 752.481478] r4:bd41a000
[ 752.484037] [<800932e0>] (load_module) from [<800943e4>] (SyS_init_module+0xe4/0xf8)
[ 752.491781] r10:00000000 r9:bd41a000 r8:8000edc4 r7:00000080 r6:00c28758 r5:00c28a08
[ 752.499689] r4:000025b0
[ 752.502252] [<80094300>] (SyS_init_module) from [<8000ec00>] (ret_fast_syscall+0x0/0x48)
[ 752.510345] r6:00c28758 r5:00000000 r4:000025b0
[ 752.515013] Code: 808475b4 e1a0c00d e92dd878 e24cb004 (e5904038)
[ 752.521223] ---[ end trace 70babe34de4ab99b ]---
Segmentation fault
Signed-off-by: Peter Chen <peter.chen@freescale.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit e87c3f80ad0490d26ffe04754b7d094463b40f30 ]
!strncmp(buf, "force host", 9) is true if and only if buf starts with
"force hos". This was obviously not what was intended. The same error
exists for "force full-speed", "force high-speed" and "test
packet". Using strstarts avoids the error-prone hardcoding of the
prefix length.
For consistency, also change the other occurences of the !strncmp
idiom.
Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 42d6cfa0caec4b68a7f17147fbf13a36e94a8bf2 ]
We try to free an ERR_PTR on this error path.
Fixes: b44be2462dbe ('usb: gadget: gadgetfs: Free memory allocated by memdup_user()')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 59536da34513c594af2a6fd35ba65ea45b6960a1 ]
The DEVICE_HWI type was added under the faulty assumption that Huawei
devices based on Qualcomm chipsets and firmware use the static USB
interface numbering known from Gobi devices. But this model does
not apply to Huawei devices like the HP branded lt4112 (Huawei me906e).
Huawei firmwares will dynamically assign interface numbers. Functions
are renumbered when the firmware is reconfigured.
Fix by changing the DEVICE_HWI type to use a simplified version
of Huawei's subclass + protocol scheme: Blacklisting known network
interface combinations and assuming the rest are serial.
Reported-and-tested-by: Muri Nicanor <muri+libqmi@immerda.ch>
Tested-by: Martin Hauke <mardnh@gmx.de>
Cc: <stable@vger.kernel.org>
Fixes: e7181d005e84 ("USB: qcserial: Add support for HP lt4112 LTE/HSPA+ Gobi 4G Modem")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 1208d8a84fdcae6b395c57911cdf907450d30e70 upstream.
When disabling a USB3 port the hub driver will set the port link state to
U3 to prevent "ejected" or "safely removed" devices that are still
physically connected from immediately re-enumerating.
If the device was really unplugged, then error messages were printed
as the hub tries to set the U3 link state for a port that is no longer
enabled.
xhci-hcd ee000000.usb: Cannot set link state.
usb usb8-port1: cannot disable (err = -32)
Don't print error message in xhci-hub if hub tries to set port link state
for a disabled port. Return -ENODEV instead which also silences hub driver.
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Tested-by: Yoshihiro Shimoda <yoshihiro.shimoda.uh@renesas.com>
Signed-off-by: Ross Zwisler <zwisler@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Linux 3.18.124
* ebtables: arpreply: Add the standard target sanity check
include/linux/netfilter_bridge/ebtables.h
ubifs: Check for name being NULL while mounting
* cgroup: Fix deadlock in cpu hotplug path
kernel/cgroup.c
* ext4: avoid running out of journal credits when appending to an inline file
fs/ext4/ext4.h
fs/ext4/inline.c
fs/ext4/xattr.c
* jbd2: don't mark block as modified if the handle is out of credits
fs/jbd2/transaction.c
* ext4: add more inode number paranoia checks
fs/ext4/ext4.h
fs/ext4/inode.c
fs/ext4/super.c
* ext4: never move the system.data xattr out of the inode body
fs/ext4/xattr.c
* ext4: always verify the magic number in xattr blocks
fs/ext4/xattr.c
* ext4: add corruption check in ext4_xattr_set_entry()
fs/ext4/xattr.c
* ext4: fix false negatives *and* false positives in ext4_check_descriptors()
fs/ext4/super.c
* ext4: always check block group bounds in ext4_init_block_bitmap()
fs/ext4/balloc.c
* ext4: fix check to prevent initializing reserved inodes
fs/ext4/ialloc.c
fs/ext4/super.c
* ext4: only look at the bg_flags field if it is valid
fs/ext4/balloc.c
fs/ext4/ialloc.c
fs/ext4/mballoc.c
fs/ext4/super.c
USB: serial: simple: add Motorola Tetra MTP6550 id
* PM / core: Clear the direct_complete flag on errors
drivers/base/power/main.c
mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys
* PCI: Reprogram bridge prefetch registers on resume
drivers/pci/pci.c
x86/vdso: Fix vDSO syscall fallback asm constraint regression
x86/vdso: Fix asm constraints on vDSO syscall fallbacks
fbdev/omapfb: fix omapfb_memory_read infoleak
* proc: restrict kernel stack dumps to root
fs/proc/base.c
mtd: fsl-quadspi: fix macro collision problems with READ/WRITE
* Make file credentials available to the seqfile interfaces
fs/seq_file.c
include/linux/seq_file.h
dm thin metadata: fix __udivdi3 undefined on 32-bit
ocfs2: fix locking for res->tracking and dlm->tracking_list
crypto: mxs-dcp - Fix wait logic on chan threads
smb2: fix missing files in root share directory listing
xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage
xen/manage: don't complain about an empty value in control/sysrq node
cifs: read overflow in is_valid_oplock_break()
s390/qeth: don't dump past end of unknown HW header
r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED
hexagon: modify ffs() and fls() to return int
arch/hexagon: fix kernel/dma.c build warning
dm thin metadata: try to avoid ever aborting transactions
fs/cifs: suppress a string overflow warning
USB: yurex: Check for truncation in yurex_read()
RDMA/ucma: check fd type in ucma_migrate_id()
* mm: madvise(MADV_DODUMP): allow hugetlbfs pages
mm/madvise.c
tools/vm/page-types.c: fix "defined but not used" warning
tools/vm/slabinfo.c: fix sign-compare warning
mac80211: shorten the IBSS debug messages
mac80211: Fix station bandwidth setting after channel switch
mac80211: fix a race between restart and CSA flows
fs/cifs: don't translate SFM_SLASH (U+F026) to backslash
net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx()
RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0
* cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE
net/wireless/nl80211.c
gpio: adp5588: Fix sleep-in-atomic-context bug
mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X
KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
* media: v4l: event: Prevent freeing event subscriptions while accessed
drivers/media/v4l2-core/v4l2-event.c
drivers/media/v4l2-core/v4l2-fh.c
include/media/v4l2-fh.h
arm64: KVM: Sanitize PSTATE.M when being set from userspace
hwmon: (adt7475) Make adt7475_read_word() return errors
e1000: ensure to free old tx/rx rings in set_ringparam()
e1000: check on netif_running() before calling e1000_up()
* thermal: of-thermal: disable passive polling when thermal zone is disabled
drivers/thermal/of-thermal.c
* ext4: verify the depth of extent tree in ext4_find_extent()
fs/ext4/ext4_extents.h
fs/ext4/extents.c
arm64: KVM: Tighten guest core register access from userspace
* staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free
drivers/staging/android/ion/ion.c
scsi: target: iscsi: Use bin2hex instead of a re-implementation
* USB: remove LPM management from usb_driver_claim_interface()
drivers/usb/core/driver.c
Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()"
* USB: usbdevfs: restore warning for nonsensical flags
drivers/usb/core/devio.c
* USB: usbdevfs: sanitize flags more
drivers/usb/core/devio.c
media: uvcvideo: Support realtek's UVC 1.5 device
* slub: make ->cpu_partial unsigned int
include/linux/slub_def.h
mm/slub.c
* USB: handle NULL config in usb_find_alt_setting()
drivers/usb/core/usb.c
* USB: fix error handling in usb_driver_claim_interface()
drivers/usb/core/driver.c
spi: rspi: Fix interrupted DMA transfers
spi: sh-msiof: Fix handling of write value for SISTR register
spi: tegra20-slink: explicitly enable/disable clock
serial: cpm_uart: return immediately from console poll
floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
nfsd: fix corrupted reply to badly ordered compound
* module: exclude SHN_UNDEF symbols from kallsyms api
kernel/module.c
* ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
sound/soc/soc-dapm.c
scsi: bnx2i: add error handling for ioremap_nocache
HID: hid-ntrig: add error handling for sysfs_create_group
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
media: tm6000: add error handling for dvb_register_adapter
drivers/tty: add error handling for pcmcia_loop_config
* staging: android: ashmem: Fix mmap size validation
drivers/staging/android/ashmem.c
media: soc_camera: ov772x: correct setting of banding filter
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
ALSA: snd-aoa: add of_node_put() in error path
s390/extmem: fix gcc 8 stringop-overflow warning
* alarmtimer: Prevent overflow for relative nanosleep
kernel/time/alarmtimer.c
usb: wusbcore: security: cast sizeof to int for comparison
scsi: ibmvscsi: Improve strings handling
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
x86/tsc: Add missing header to tsc_msr.c
powerpc/kdump: Handle crashkernel memory reservation failure
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
USB: serial: kobil_sct: fix modem-status error handling
uwb: hwa-rc: fix memory leak at probe
x86/numa_emulation: Fix emulated-to-physical node mapping
tsl2550: fix lux1_input error in low light
* crypto: skcipher - Fix -Wstringop-truncation warnings
crypto/ablkcipher.c
crypto/blkcipher.c
* HID: sony: Support DS4 dongle
drivers/hid/hid-core.c
drivers/hid/hid-ids.h
drivers/hid/hid-sony.c
* HID: sony: Update device ids
drivers/hid/hid-core.c
drivers/hid/hid-ids.h
drivers/hid/hid-sony.c
* arm64: Add trace_hardirqs_off annotation in ret_to_user
arch/arm64/kernel/entry.S
* ext4: don't mark mmp buffer head dirty
fs/ext4/mmp.c
* ext4: fix online resize's handling of a too-small final block group
fs/ext4/resize.c
* ext4: recalucate superblock checksum after updating free blocks/inodes
fs/ext4/super.c
* ext4: avoid divide by zero fault when deleting corrupted inline directories
fs/ext4/dir.c
fs/ext4/inline.c
ocfs2: fix ocfs2 read block panic
scsi: target: iscsi: Use hex2bin instead of a re-implementation
* ipv6: fix possible use-after-free in ip6_xmit()
net/ipv6/ip6_output.c
* neighbour: confirm neigh entries when ARP packet is received
net/core/neighbour.c
net: hp100: fix always-true check for link up state
net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
* gso_segment: Reset skb->mac_len after modifying network header
net/ipv4/af_inet.c
net/ipv6/ip6_offload.c
* mm: shmem.c: Correctly annotate new inodes for lockdep
mm/shmem.c
* ring-buffer: Allow for rescheduling when removing pages
kernel/trace/ring_buffer.c
ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO
ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping
ASoC: cs4265: fix MMTLR Data switch control
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit f5fad711c06e652f90f581fc7c2caee327c33d31 upstream.
Add device-id for the Motorola Tetra radio MTP6550.
Bus 001 Device 004: ID 0cad:9012 Motorola CGISS
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x0cad Motorola CGISS
idProduct 0x9012
bcdDevice 24.16
iManufacturer 1 Motorola Solutions, Inc.
iProduct 2 TETRA PEI interface
iSerial 0
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 55
bNumInterfaces 2
bConfigurationValue 1
iConfiguration 3 Generic Serial config
bmAttributes 0x80
(Bus Powered)
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x01 EP 1 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 1
bAlternateSetting 0
bNumEndpoints 2
bInterfaceClass 255 Vendor Specific Class
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x82 EP 2 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 0
Device Qualifier (for other device speed):
bLength 10
bDescriptorType 6
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
bNumConfigurations 1
Device Status: 0x0000
(Bus Powered)
Reported-by: Hans Hult <hanshult35@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit 14427b86837a4baf1c121934c6599bdb67dfa9fc ]
snprintf() always returns the full length of the string it could have
printed, even if it was truncated because the buffer was too small.
So in case the counter value is truncated, we will over-read from
in_buffer and over-write to the caller's buffer.
I don't think it's actually possible for this to happen, but in case
truncation occurs, WARN and return -EIO.
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit c183813fcee44a249339b7c46e1ad271ca1870aa upstream.
usb_driver_claim_interface() disables and re-enables Link Power
Management, but it shouldn't do either one, for the reasons listed
below. This patch removes the two LPM-related function calls from the
routine.
The reason for disabling LPM in the analogous function
usb_probe_interface() is so that drivers won't have to deal with
unwanted LPM transitions in their probe routine. But
usb_driver_claim_interface() doesn't call the driver's probe routine
(or any other callbacks), so that reason doesn't apply here.
Furthermore, no driver other than usbfs will ever call
usb_driver_claim_interface() unless it is already bound to another
interface in the same device, which means disabling LPM here would be
redundant. usbfs doesn't interact with LPM at all.
Lastly, the error return from usb_unlocked_disable_lpm() isn't handled
properly; the code doesn't clean up its earlier actions before
returning.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Fixes: 8306095fd2c1 ("USB: Disable USB 3.0 LPM in critical sections.")
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
service_outstanding_interrupt()"
commit e871db8d78df1c411032cbb3acfdf8930509360e upstream.
This reverts commit 6e22e3af7bb3a7b9dc53cb4687659f6e63fca427.
The bug the patch describes to, has been already fixed in commit
2df6948428542 ("USB: cdc-wdm: don't enable interrupts in USB-giveback")
so need to this, revert it.
Fixes: 6e22e3af7bb3 ("usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 81e0403b26d94360abd1f6a57311337973bc82cd upstream.
If we filter flags before they reach the core we need to generate our
own warnings.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 7a68d9fb851012829c29e770621905529bd9490b upstream.
Requesting a ZERO_PACKET or not is sensible only for output.
In the input direction the device decides.
Likewise accepting short packets makes sense only for input.
This allows operation with panic_on_warn without opening up
a local DOS.
Signed-off-by: Oliver Neukum <oneukum@suse.com>
Reported-by: syzbot+843efa30c8821bd69f53@syzkaller.appspotmail.com
Fixes: 0cb54a3e47cb ("USB: debugging code shouldn't alter control flow")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit c9a4cb204e9eb7fa7dfbe3f7d3a674fa530aa193 upstream.
usb_find_alt_setting() takes a pointer to a struct usb_host_config as
an argument; it searches for an interface with specified interface and
alternate setting numbers in that config. However, it crashes if the
usb_host_config pointer argument is NULL.
Since this is a general-purpose routine, available for use in many
places, we want to to be more robust. This patch makes it return NULL
whenever the config argument is NULL.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: syzbot+19c3aaef85a89d451eac@syzkaller.appspotmail.com
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit bd729f9d67aa9a303d8925bb8c4f06af25f407d1 upstream.
The syzbot fuzzing project found a use-after-free bug in the USB
core. The bug was caused by usbfs not unbinding from an interface
when the USB device file was closed, which led another process to
attempt the unbind later on, after the private data structure had been
deallocated.
The reason usbfs did not unbind the interface at the appropriate time
was because it thought the interface had never been claimed in the
first place. This was caused by the fact that
usb_driver_claim_interface() does not clean up properly when
device_bind_driver() returns an error. Although the error code gets
passed back to the caller, the iface->dev.driver pointer remains set
and iface->condition remains equal to USB_INTERFACE_BOUND.
This patch adds proper error handling to usb_driver_claim_interface().
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: syzbot+f84aa7209ccec829536f@syzkaller.appspotmail.com
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit d3ac5598c5010a8999978ebbcca3b1c6188ca36b ]
Comparing an int to a size, which is unsigned, causes the int to become
unsigned, giving the wrong result. usb_get_descriptor can return a
negative error code.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@@
int x;
expression e,e1;
identifier f;
@@
*x = f(...);
... when != x = e1
when != if (x < 0 || ...) { ... return ...; }
*x < sizeof(e)
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[ Upstream commit a420b5d939ee58f1d950f0ea782834056520aeaa ]
Make sure to return -EIO in case of a short modem-status read request.
While at it, split the debug message to not include the (zeroed)
transfer-buffer content in case of errors.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
| |\|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Linux 3.18.123
USB: serial: ti_usb_3410_5052: fix array underflow in completion handler
drm/panel: type promotion bug in s6e8aa0_read_mtp_id()
* ALSA: pcm: Fix snd_interval_refine first/last with open min/max
sound/core/pcm_lib.c
rtc: bq4802: add error handling for devm_ioremap
parport: sunbpp: fix error return code
ARM: hisi: check of_iomap and fix missing of_node_put
ARM: hisi: handle of_iomap and fix missing of_node_put
MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads
mtdchar: fix overflows in adjustment of `count`
* audit: fix use-after-free in audit_add_watch
kernel/audit_watch.c
* binfmt_elf: Respect error return from `regset->active'
fs/binfmt_elf.c
CIFS: fix wrapping bugs in num_entries()
cifs: prevent integer overflow in nxt_dir_entry()
usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()
USB: yurex: Fix buffer over-read in yurex_write()
usb: misc: uss720: Fix two sleep-in-atomic-context bugs
USB: serial: io_ti: fix array underflow in completion handler
usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame()
* usb: Avoid use-after-free by flushing endpoints early in usb_set_interface()
drivers/usb/core/message.c
* USB: Add quirk to support DJI CineSSD
drivers/usb/core/quirks.c
drivers/usb/storage/scsiglue.c
drivers/usb/storage/unusual_devs.h
* usb: Don't die twice if PCI xhci host is not responding in resume
drivers/usb/core/hcd-pci.c
Tools: hv: Fix a bug in the key delete code
IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler
xen/netfront: fix waiting for xenbus state change
* pstore: Fix incorrect persistent ram buffer mapping
fs/pstore/ram_core.c
RDMA/cma: Protect cma dev list with lock
platform/x86: toshiba_acpi: Fix defined but not used build warnings
s390/qeth: reset layer2 attribute on layer switch
s390/qeth: fix race in used-buffer accounting
mac80211: restrict delayed tailroom needed decrement
powerpc/powernv: opal_put_chars partial write fix
* perf powerpc: Fix callchain ip filtering
tools/perf/arch/powerpc/util/skip-callchain-idx.c
* fbdev: Distinguish between interlaced and progressive modes
drivers/video/fbdev/core/modedb.c
* perf powerpc: Fix callchain ip filtering when return address is in a register
tools/perf/arch/powerpc/util/skip-callchain-idx.c
fbdev/via: fix defined but not used warning
video: goldfishfb: fix memory leak on driver remove
fbdev: omapfb: off by one in omapfb_register_client()
mtd/maps: fix solutionengine.c printk format warnings
MIPS: ath79: fix system restart
gfs2: Special-case rindex for gfs2_grow
* xfrm: fix 'passing zero to ERR_PTR()' warning
net/xfrm/xfrm_policy.c
* ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro
sound/usb/quirks-table.h
ALSA: msnd: Fix the default sample sizes
* mm: get rid of vmacache_flush_all() entirely
include/linux/mm_types.h
include/linux/sched.h
include/linux/vmacache.h
mm/debug.c
mm/vmacache.c
* netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
net/netfilter/x_tables.c
* xhci: Fix use-after-free in xhci_free_virt_device
drivers/usb/host/xhci.c
MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
mfd: ti_am335x_tscadc: Fix struct clk memory leak
partitions/aix: fix usage of uninitialized lv_info and lvname structures
partitions/aix: append null character to print data from disk
net: dcb: For wild-card lookups, use priority -1, not 0
net: mvneta: fix mtu change on port without link
gpio: ml-ioh: Fix buffer underwrite on probe error path
x86/mm: Remove in_nmi() warning from vmalloc_fault()
Bluetooth: hidp: Fix handling of strncpy for hid->name information
scsi: 3ware: fix return 0 on the error path of probe
ata: libahci: Correct setting of DEVSLP register
MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
ath10k: prevent active scans on potential unusable channels
macintosh/via-pmu: Add missing mmio accessors
tty: rocket: Fix possible buffer overwrite on register_PCI
* uio: potential double frees if __uio_register_device() fails
drivers/uio/uio.c
md/raid5: fix data corruption of replacements after originals dropped
scsi: target: fix __transport_register_session locking
* Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
drivers/bluetooth/Kconfig
staging/rts5208: Fix read overflow in memcpy
staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
kthread: fix boot hang (regression) on MIPS/OpenRISC
* kthread: Fix use-after-free if kthread fork fails
kernel/fork.c
* cfq: Give a chance for arming slice idle timer in case of group_idle
block/cfq-iosched.c
i2c: xiic: Make the start and the byte count write atomic
ASoC: wm8994: Fix missing break in switch
Fixes: Commit 86af955d02bb ("mm: numa: avoid waiting on freed migrated pages")
enic: do not call enic_change_mtu in enic_probe
irda: Only insert new objects into the global database via setsockopt
irda: Fix memory leak caused by repeated binds of irda socket
* kbuild: make missing $DEPMOD a Warning instead of an Error
scripts/depmod.sh
debugobjects: Make stack check warning more informative
btrfs: Don't remove block group that still has pinned down bytes
btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized
btrfs: replace: Reset on-disk dev stats value after replace
powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX.
SMB3: Number of requests sent should be displayed for SMB3 not just CIFS
smb3: fix reset of bytes read and written stats
selftests/powerpc: Kill child processes on SIGINT
staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice
* dm kcopyd: avoid softlockup in run_complete_job
drivers/md/dm-kcopyd.c
PCI: mvebu: Fix I/O space end address calculation
scsi: aic94xx: fix an error code in aic94xx_init()
s390/dasd: fix hanging offline processing due to canceled worker
powerpc: Fix size calculation using resource_size()
* net/9p: fix error path of p9_virtio_probe
net/9p/trans_virtio.c
platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360
mfd: sm501: Set coherent_dma_mask when creating subdevices
ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()
* mm/fadvise.c: fix signed overflow UBSAN complaint
mm/fadvise.c
* scripts: modpost: check memory allocation results
scripts/mod/modpost.c
* fat: validate ->i_start before using
fs/fat/cache.c
fs/fat/fat.h
fs/fat/fatent.c
reiserfs: change j_timestamp type to time64_t
* fork: don't copy inconsistent signal handler state to child
kernel/fork.c
hfs: prevent crash on exit from failed search
hfsplus: don't return 0 when fill_super() failed
cifs: check if SMB2 PDU size has been padded and suppress the warning
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
commit 5dfdd24eb3d39d815bc952ae98128e967c9bba49 upstream.
Similarly to a recently reported bug in io_ti, a malicious USB device
could set port_number to a negative value and we would underflow the
port array in the interrupt completion handler.
As these devices only have one or two ports, fix this by making sure we
only consider the seventh bit when determining the port number (and
ignore bits 0xb0 which are typically set to 0x30).
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
