mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
17023 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Alexander Winkowski
|
14e399226e |
Revert "block: Convert RQF_PREEMPT into REQ_PREEMPT" [6/7]
This reverts commit 3e48d1e84012b6b55e62c3593ef35f30cd4df0f6. Reason for revert: this patchset is either mismerged or incomplete. UFS may fail to resume from suspend with the log containing these lines: [23703.703882] scsi host0: runtime PM trying to activate child device host0 but parent (1d84000.ufshc) is not active [23703.703977] scsi target0:0:0: runtime PM trying to activate child device target0:0:0 but parent (host0) is not active [23703.704369] sd 0:0:0:0: runtime PM trying to activate child device 0:0:0:0 but parent (target0:0:0) is not active [23703.704380] scsi 0:0:0:49488: runtime PM trying to activate child device 0:0:0:49488 but parent (target0:0:0) is not active [23703.704470] sd 0:0:0:3: runtime PM trying to activate child device 0:0:0:3 but parent (target0:0:0) is not active [23703.704478] sd 0:0:0:5: runtime PM trying to activate child device 0:0:0:5 but parent (target0:0:0) is not active [23703.704557] sd 0:0:0:1: runtime PM trying to activate child device 0:0:0:1 but parent (target0:0:0) is not active [23703.704565] scsi 0:0:0:49476: runtime PM trying to activate child device 0:0:0:49476 but parent (target0:0:0) is not active [23703.704643] sd 0:0:0:4: runtime PM trying to activate child device 0:0:0:4 but parent (target0:0:0) is not active [23703.704651] scsi 0:0:0:49456: runtime PM trying to activate child device 0:0:0:49456 but parent (target0:0:0) is not active [23703.704722] sd 0:0:0:2: runtime PM trying to activate child device 0:0:0:2 but parent (target0:0:0) is not active This shoudn't be a problem [1], but the device becomes unresponsive until forced reboot is done by holding power button. [1] https://lkml.org/lkml/2020/11/13/2 Test: the mentioned kernel messages do not cause any issue Change-Id: I6725d35a052495c6525d847c5c19aa0ff4f68409 Signed-off-by: Alexander Winkowski <dereference23@outlook.com> |
||
|
Alexander Winkowski
|
21630a7142 |
Revert "SCSI: set block queue at preempt only when SCSI device is put into quiesce" [1/7]
This reverts commit 74c45e41ad1e071e4724e2c8d33f6e30c9250507. Reason for revert: this patchset is either mismerged or incomplete. UFS may fail to resume from suspend with the log containing these lines: [23703.703882] scsi host0: runtime PM trying to activate child device host0 but parent (1d84000.ufshc) is not active [23703.703977] scsi target0:0:0: runtime PM trying to activate child device target0:0:0 but parent (host0) is not active [23703.704369] sd 0:0:0:0: runtime PM trying to activate child device 0:0:0:0 but parent (target0:0:0) is not active [23703.704380] scsi 0:0:0:49488: runtime PM trying to activate child device 0:0:0:49488 but parent (target0:0:0) is not active [23703.704470] sd 0:0:0:3: runtime PM trying to activate child device 0:0:0:3 but parent (target0:0:0) is not active [23703.704478] sd 0:0:0:5: runtime PM trying to activate child device 0:0:0:5 but parent (target0:0:0) is not active [23703.704557] sd 0:0:0:1: runtime PM trying to activate child device 0:0:0:1 but parent (target0:0:0) is not active [23703.704565] scsi 0:0:0:49476: runtime PM trying to activate child device 0:0:0:49476 but parent (target0:0:0) is not active [23703.704643] sd 0:0:0:4: runtime PM trying to activate child device 0:0:0:4 but parent (target0:0:0) is not active [23703.704651] scsi 0:0:0:49456: runtime PM trying to activate child device 0:0:0:49456 but parent (target0:0:0) is not active [23703.704722] sd 0:0:0:2: runtime PM trying to activate child device 0:0:0:2 but parent (target0:0:0) is not active This shoudn't be a problem [1], but the device becomes unresponsive until forced reboot is done by holding power button. [1] https://lkml.org/lkml/2020/11/13/2 Test: the mentioned kernel messages do not cause any issue Change-Id: Ib07ae1bdc9ab459570edefb8cceef95860a1cccc Signed-off-by: Alexander Winkowski <dereference23@outlook.com> |
||
Richard Raya
|
a9e2d194be |
Merge branch 'linux-4.14.y' of https://github.com/openela/kernel-lts
* 'linux-4.14.y' of https://github.com/openela/kernel-lts: (350 commits) LTS: Update to 4.14.340 fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() PCI/MSI: Prevent MSI hardware interrupt number truncation s390: use the correct count for __iowrite64_copy() packet: move from strlcpy with unused retval to strscpy ipv6: sr: fix possible use-after-free and null-ptr-deref nouveau: fix function cast warnings scsi: jazz_esp: Only build if SCSI core is builtin RDMA/srpt: fix function pointer cast warnings RDMA/srpt: Support specifying the srpt_service_guid parameter IB/hfi1: Fix a memleak in init_credit_return usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs l2tp: pass correct message length to ip6_append_data gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() dm-crypt: don't modify the data when using authenticated encryption mm: memcontrol: switch to rcu protection in drain_all_stock() s390/qeth: Fix potential loss of L3-IP@ in case of network issues virtio-blk: Ensure no requests in virtqueues before deleting vqs. firewire: core: send bus reset promptly on gap count error ... Change-Id: Ieafdd459ee41343bf15ed781b3e45adc2be29cc1 Signed-off-by: Richard Raya <rdxzv.dev@gmail.com> |
||
|
Richard Raya
|
669eb74484 |
Merge branch 'deprecated/android-4.14-stable' of https://android.googlesource.com/kernel/common into HEAD
* 'deprecated/android-4.14-stable' of https://android.googlesource.com/kernel/common: (101 commits) Linux 4.14.336 mmc: core: Cancel delayed work before releasing host mmc: rpmb: fixes pause retune on all RPMB partitions. firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards i40e: fix use-after-free in i40e_aqc_add_filters() net: bcmgenet: Fix FCS generation for fragmented skbuffs net: sched: em_text: fix possible memory leak in em_text_destroy() nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local UPSTREAM: drm: Fix doc warning in drm_connector_attach_edid_property() BACKPORT: lib/vsprintf: Hash legacy clock addresses UPSTREAM: xfrm: fix gro_cells leak when remove virtual xfrm interfaces UPSTREAM: xfrm: Make function xfrmi_get_link_net() static UPSTREAM: cpuidle: menu: Retain tick when shallow state is selected UPSTREAM: bpf: fix rcu annotations in compute_effective_progs() UPSTREAM: bpf: bpf_prog_array_alloc() should return a generic non-rcu pointer UPSTREAM: sched/util_est: Fix util_est_dequeue() for throttled cfs_rq UPSTREAM: softirq: Reorder trace_softirqs_on to prevent lockdep splat UPSTREAM: l2tp: fix refcount leakage on PPPoL2TP sockets UPSTREAM: HID: steam: select CONFIG_POWER_SUPPLY BACKPORT: mac80211_hwsim: fix a possible memory leak in hwsim_new_radio_nl() ... Change-Id: I1c98fbb0918986a06bee16b0c11fe8bee003fd3f Signed-off-by: Richard Raya <rdxzv.dev@gmail.com> |
||
Randy Dunlap
|
768622287c |
scsi: jazz_esp: Only build if SCSI core is builtin
[ Upstream commit 9ddf190a7df77b77817f955fdb9c2ae9d1c9c9a3 ]
JAZZ_ESP is a bool kconfig symbol that selects SCSI_SPI_ATTRS. When
CONFIG_SCSI=m, this results in SCSI_SPI_ATTRS=m while JAZZ_ESP=y, which
causes many undefined symbol linker errors.
Fix this by only offering to build this driver when CONFIG_SCSI=y.
[mkp: JAZZ_ESP is unique in that it does not support being compiled as a
module unlike the remaining SPI SCSI HBA drivers]
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Randy Dunlap <rdunlap@infradead.org>
Link: https://lore.kernel.org/r/20240214055953.9612-1-rdunlap@infradead.org
Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de>
Cc: linux-mips@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Masahiro Yamada <masahiroy@kernel.org>
Cc: Nicolas Schier <nicolas@fjasle.eu>
Cc: James E.J. Bottomley <jejb@linux.ibm.com>
Cc: Martin K. Petersen <martin.petersen@oracle.com>
Cc: linux-scsi@vger.kernel.org
Cc: Geert Uytterhoeven <geert@linux-m68k.org>
Reported-by: kernel test robot <lkp@intel.com>
Closes: https://lore.kernel.org/oe-kbuild-all/202402112222.Gl0udKyU-lkp@intel.com/
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 63a1b5c7bc8623b084b034419c6253debfa4d3cf)
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
|
||
Lee Duncan
|
5b4d630c61 |
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
commit 977fe773dcc7098d8eaf4ee6382cb51e13e784cb upstream.
This reverts commit 1a1975551943f681772720f639ff42fbaa746212.
This commit causes interrupts to be lost for FCoE devices, since it changed
sping locks from "bh" to "irqsave".
Instead, a work queue should be used, and will be addressed in a separate
commit.
Fixes: 1a1975551943 ("scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock")
Signed-off-by: Lee Duncan <lduncan@suse.com>
Link: https://lore.kernel.org/r/c578cdcd46b60470535c4c4a953e6a1feca0dffd.1707500786.git.lduncan@suse.com
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 94a600226b6d0ef065ee84024b450b566c5a87d6)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
|
||
Su Hui
|
9b0dce0699 |
scsi: isci: Fix an error code problem in isci_io_request_build()
[ Upstream commit 658365c6b0857e6a306436e315a8633937e3af42 ]
Clang static complains that Value stored to 'status' is never read. Return
'status' rather than 'SCI_SUCCESS'.
Fixes: f1f52e75939b ("isci: uplevel request infrastructure")
Signed-off-by: Su Hui <suhui@nfschina.com>
Link: https://lore.kernel.org/r/20240112041926.3924315-1-suhui@nfschina.com
Reviewed-by: Artur Paszkiewicz <artur.paszkiewicz@intel.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 86ca4cb47d8213773044b151e6861784d646ee35)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
|
||
Hannes Reinecke
|
d49f575f08 |
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
[ Upstream commit 53122a49f49796beb2c4a1bb702303b66347e29f ] We should set the status to FC_TIMED_OUT when a timeout error is passed to fc_fcp_rec_error(). Signed-off-by: Hannes Reinecke <hare@suse.de> Link: https://lore.kernel.org/r/20231129165832.224100-3-hare@kernel.org Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 1cfcd5845f6141ea6580d13fc021fce7de324d3e) Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> |
||
|
Hannes Reinecke
|
f3402b957f |
scsi: libfc: Don't schedule abort twice
[ Upstream commit b57c4db5d23b9df0118a25e2441c9288edd73710 ] The current FC error recovery is sending up to three REC (recovery) frames in 10 second intervals, and as a final step sending an ABTS after 30 seconds for the command itself. Unfortunately sending an ABTS is also the action for the SCSI abort handler, and the default timeout for SCSI commands is also 30 seconds. This causes two ABTS to be scheduled, with the libfc one slightly earlier. The ABTS scheduled by SCSI EH then sees the command to be already aborted, and will always return with a 'GOOD' status irrespective on the actual result from the first ABTS. This causes the SCSI EH abort handler to always succeed, and SCSI EH never to be engaged. Fix this by not issuing an ABTS when a SCSI command is present for the exchange, but rather wait for the abort scheduled from SCSI EH. And warn if an abort is already scheduled to avoid similar errors in the future. Signed-off-by: Hannes Reinecke <hare@suse.de> Link: https://lore.kernel.org/r/20231129165832.224100-2-hare@kernel.org Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit debaf1600843a98fe794923781d731c2ccf5a1e8) Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> |
||
Justin Tee
|
13df229677 |
scsi: lpfc: Fix possible file string name overflow when updating firmware
[ Upstream commit f5779b529240b715f0e358489ad0ed933bf77c97 ] Because file_name and phba->ModelName are both declared a size 80 bytes, the extra ".grp" file extension could cause an overflow into file_name. Define a ELX_FW_NAME_SIZE macro with value 84. 84 incorporates the 4 extra characters from ".grp". file_name is changed to be declared as a char and initialized to zeros i.e. null chars. Signed-off-by: Justin Tee <justin.tee@broadcom.com> Link: https://lore.kernel.org/r/20231031191224.150862-3-justintee8345@gmail.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit 273700c2b94ffe7da97cee356f826d1d3f525b1d) Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> |
||
Greg Kroah-Hartman
|
8382692884 |
This is the 4.14.333 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmV50c4ACgkQONu9yGCS aT7NBxAAtKBLAoVN5J4r4/i/H6ac1RonF4Lq6Y2S0CgV81IYPH602dV6OsC6bGh6 UrSBiA0p2jBDLSFcDJOyrneMxJHveA0KSczAPNscE+ml7bVmiT47ySw6KxdM8wEU 3fnSdmUZ96Sa0CQoJSU50ot7lhzAiiMG8JWCLRPDRofIN0+qpTw5oCSnwKGsqyO8 LJkRujzKfWAykYQIrUYXqeIzzxww0JbE/8MRbeNT+2OfjG/jZamZwBQPFUWih67Q qAGFxV4n1MUdo4+kd5rpaYw5/5boPoVo8KIaxnrCWbauXn2MUT0ZWLDKnGu5hptL 6PHy66FFTYQjFJpuTc4+X7vzqptSJta8SSDqpcJ9FX9bVUdTuH07QDkA5yGmttb6 2W1fJKR9rTyt1+J526xBWgNdyilv08IUP4R6g4RUe2aRuqDMFrPAegcCyeQ7g99f cpg5z/knynn1qvJ4CznM83z1ZxwgG861G94ZJPPd2hKTPRltQpt9fF35ekeaHzcF f8vZfnYzD228R0FgtDcA8d9VIU/K3gICbhr1SCASy8uUyt+8RRtxxjGX4QUOwbZW PQwdX500xLzV5Lg7fOzyuaM/6+oYk+vU5iYJnkeglg5ReYtfEerHNtVRh4PAtgEu 04G81HY9cHjSqne6I5MTE/sx9L3JZj5dED8ZqDMqag5pB+G/1EQ= =ey14 -----END PGP SIGNATURE----- Merge 4.14.333 into android-4.14-stable Changes in 4.14.333 tg3: Move the [rt]x_dropped counters to tg3_napi tg3: Increment tx_dropped in tg3_tso_bug() drm/amdgpu: correct chunk_ptr to a pointer to chunk. net: hns: fix fake link up on xge port tcp: do not accept ACK of bytes we never sent RDMA/bnxt_re: Correct module description string hwmon: (acpi_power_meter) Fix 4.29 MW bug tracing: Fix a warning when allocating buffered events fails scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() ALSA: pcm: fix out-of-bounds in snd_pcm_state_names nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() tracing: Always update snapshot buffer size tracing: Fix incomplete locking when disabling buffered events tracing: Fix a possible race when disabling buffered events packet: Move reference count in packet_sock to atomic_long_t parport: Add support for Brainboxes IX/UC/PX parallel cards serial: sc16is7xx: address RX timeout interrupt errata serial: 8250_omap: Add earlycon support for the AM654 UART controller KVM: s390/mm: Properly reset no-dat nilfs2: fix missing error check for sb_set_blocksize call netlink: don't call ->netlink_bind with table lock held genetlink: add CAP_NET_ADMIN test for multicast bind psample: Require 'CAP_NET_ADMIN' when joining "packets" group drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group Linux 4.14.333 Change-Id: Iebcaaf9d6c5e2ef71dd23c3c6246f6cef45d296a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Dinghao Liu
|
4dc78ca46a |
scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
[ Upstream commit 235f2b548d7f4ac5931d834f05d3f7f5166a2e72 ]
When an error occurs in the for loop of beiscsi_init_wrb_handle(), we
should free phwi_ctxt->be_wrbq before returning an error code to prevent
potential memleak.
Fixes: a7909b396ba7 ("[SCSI] be2iscsi: Fix dynamic CID allocation Mechanism in driver")
Signed-off-by: Dinghao Liu <dinghao.liu@zju.edu.cn>
Link: https://lore.kernel.org/r/20231123081941.24854-1-dinghao.liu@zju.edu.cn
Reviewed-by: Mike Christie <michael.christie@oracle.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Richard Raya
|
9cdc78c354 |
Merge branch 'android-4.14-stable' of https://android.googlesource.com/kernel/common
* 'android-4.14-stable' of https://android.googlesource.com/kernel/common: (2966 commits) Linux 4.14.331 net: sched: fix race condition in qdisc_graft() scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks ext4: correct return value of ext4_convert_meta_bg ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: apply umask if ACL support is disabled media: venus: hfi: fix the check to handle session buffer requirement media: sharp: fix sharp encoding i2c: i801: fix potential race in i801_block_transaction_byte_by_byte net: dsa: lan9303: consequently nested-lock physical MDIO ALSA: info: Fix potential deadlock at disconnection parisc/pgtable: Do not drop upper 5 address bits of physical address parisc: Prevent booting 64-bit kernels on PA1.x machines mcb: fix error handling for different scenarios when parsing jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware mmc: meson-gx: Remove setting of CMD_CFG_ERROR PM: hibernate: Clean up sync_read handling in snapshot_write_next() PM: hibernate: Use __get_safe_page() rather than touching the list ... Change-Id: I755d2aa7c525ace28adc4aee433572b3110ea39b |
||
|
Greg Kroah-Hartman
|
52d13de272 |
This is the 4.14.331 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVmGT0ACgkQONu9yGCS aT5ERQ//Tx5hvAL4WlnyNLMshNB5Ep8cuB1JryM1pi5BbtQxToDFZv3aJKkqj2K3 CRFq1x5hO9dli5MK5RTaO4JwCSwOphBDEqswOrtIdI7nHHzkMGBF7UUwezc6M5TZ 7cjs3LFnsVJJITBUAM/f33HyYXUPiMw/TEcWcFnJLJgWQafpOQ4kRH5k5UOL8Kgm LV+E9YhBikaRpPpsC6obxT7KnaSnOScdUjjD+DRBm+UNhx/F3HVSY2ZY/Mr1XTyJ v0QhzMAgWdBVGja8+9qU2e8pPw36NcEli539iU4HfrmCUry4J0Mh+XFYbpzvhQLC U72e0vIoievkxYM1krnI2+wIFh58qlFGwKEIYag+eg0DuJn4ttaTFG9+rkn2lcI9 +d6JqALAImPtd5ZdISj7mBI8mWoTl73Hl5RNnJQQBaBwdHZQc2IXXJQUSbfyDE8/ gor9eEls3E2FtucEtihbsCF/5M0IXs+tr4b67qo73HfS6lqGFGLAFQUlKvhPr0R/ baoEoIb6bsH9oTCLjNoH1vSRPM9VEj3+AFOzK4D3wlfEhDRYkNZDQ/MF3btv6HTp ifLXerLLxSK56OOqn3yyGOmUhtpR+sPLBrjhrALrcWOjESH9i7zvmHRLCow9qbmx bf6Qxz6L8/+JIkdDNCN/l7NuzNyCUj0U/ObR1WWXp/n8ZqUpGR0= =rkdh -----END PGP SIGNATURE----- Merge 4.14.331 into android-4.14-stable Changes in 4.14.331 locking/ww_mutex/test: Fix potential workqueue corruption clocksource/drivers/timer-imx-gpt: Fix potential memory leak clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size wifi: mac80211: don't return unset power in ieee80211_get_tx_power() wifi: ath9k: fix clang-specific fortify warnings wifi: ath10k: fix clang-specific fortify warning net: annotate data-races around sk->sk_dst_pending_confirm drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga selftests/efivarfs: create-read: fix a resource leak crypto: pcrypt - Fix hungtask for PADATA_RESET RDMA/hfi1: Use FIELD_GET() to extract Link Width fs/jfs: Add check for negative db_l2nbperpage fs/jfs: Add validity check for db_maxag and db_agpref jfs: fix array-index-out-of-bounds in dbFindLeaf jfs: fix array-index-out-of-bounds in diAlloc ALSA: hda: Fix possible null-ptr-deref when assigning a stream atm: iphase: Do PCI error checks on own line scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() tty: vcc: Add check for kstrdup() in vcc_probe() i2c: sun6i-p2wi: Prevent potential division by zero media: gspca: cpia1: shift-out-of-bounds in set_flicker media: vivid: avoid integer overflow gfs2: ignore negated quota changes pwm: Fix double shift bug media: venus: hfi: add checks to perform sanity on queue pointers randstruct: Fix gcc-plugin performance mode to stay in group KVM: x86: Ignore MSR_AMD64_TW_CFG access audit: don't take task_lock() in audit_exe_compare() code path audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() hvc/xen: fix error path in xen_hvc_init() to always register frontend driver PCI/sysfs: Protect driver's D3cold preference from user space mmc: vub300: fix an error code PM: hibernate: Use __get_safe_page() rather than touching the list PM: hibernate: Clean up sync_read handling in snapshot_write_next() mmc: meson-gx: Remove setting of CMD_CFG_ERROR genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev mcb: fix error handling for different scenarios when parsing parisc: Prevent booting 64-bit kernels on PA1.x machines parisc/pgtable: Do not drop upper 5 address bits of physical address ALSA: info: Fix potential deadlock at disconnection net: dsa: lan9303: consequently nested-lock physical MDIO i2c: i801: fix potential race in i801_block_transaction_byte_by_byte media: sharp: fix sharp encoding media: venus: hfi: fix the check to handle session buffer requirement ext4: apply umask if ACL support is disabled ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: correct return value of ext4_convert_meta_bg ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids net: sched: fix race condition in qdisc_graft() Linux 4.14.331 Change-Id: I1a1bce75363d3b2c731f3e947543c6506bed9817 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Dongli Zhang
|
0101448977 |
scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids
commit 1978f30a87732d4d9072a20abeded9fe17884f1b upstream. When tag_set->nr_maps is 1, the block layer limits the number of hw queues by nr_cpu_ids. No matter how many hw queues are used by virtio-scsi, as it has (tag_set->nr_maps == 1), it can use at most nr_cpu_ids hw queues. In addition, specifically for pci scenario, when the 'num_queues' specified by qemu is more than maxcpus, virtio-scsi would not be able to allocate more than maxcpus vectors in order to have a vector for each queue. As a result, it falls back into MSI-X with one vector for config and one shared for queues. Considering above reasons, this patch limits the number of hw queues used by virtio-scsi by nr_cpu_ids. Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Dongli Zhang <dongli.zhang@oracle.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Wenchao Hao
|
930f0aaba4 |
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
[ Upstream commit 4df105f0ce9f6f30cda4e99f577150d23f0c9c5f ] fc_lport_ptp_setup() did not check the return value of fc_rport_create() which can return NULL and would cause a NULL pointer dereference. Address this issue by checking return value of fc_rport_create() and log error message on fc_rport_create() failed. Signed-off-by: Wenchao Hao <haowenchao2@huawei.com> Link: https://lore.kernel.org/r/20231011130350.819571-1-haowenchao2@huawei.com Reviewed-by: Simon Horman <horms@kernel.org> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
47ab076483 |
This is the 4.14.329 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVLYR4ACgkQONu9yGCS aT448g/+LRDS1oRdCqLs2FG+Ys/l7LZOF/5qFb0hznE6O7YTJVK0r5TkSA188Z3X xPKwkGxvbL0j1bzQahqtwERljytYN7v5RR5AZAkK7358SwDCBTrLUMp9OC6B5LeG cVsQ8t9qHHcDvTbQDPGaLqD+DWwhMczy56g7iAO/lV0dyxxRFCkp1txSnjeRKB5c fOnZDqvZv/9BgHfOcyaItheNRQLr2G6ldt/wXcerwN6zintUBTjKt5VrELbon//6 hyJpuc/uqu+OJykiz451OzL5C0jlWwD5/aV2zQUDGHP+8yPoWI/H8b1VNQGsAzMv cDwNj97GU2yNaisOyOZIBWE0zMc+NZy2yjbNYVTVn7DAi4Ve88iW7fMdWmwAK7il bjxMZ/VpKiPPykgdnHa5/05E78aSJ+5hpHP5GduI4gfU20RQUdP0Ne7AR4pXnl/q eO8cEaZUhS6Vz90ROn7NfWGMvAif54Ru0cRnVYyObLe87BLosNiQQHwkZVXv4Moh p2OPlTEpJuZNMXdtxp7IXTTYODoAtAngMurWdOGbOv6jpywOMohKxKmZFs2wUVla f7BNaPu0a871PkAdbZkV8qMAWyA9QNiacUkN6Cd6aa8phwWZIbpLizdUCrwedPEM FAFaxVGNdFMXAxaTzVppKzfKtl2ROlYlPzmHWq9K40nVyIBL8iE= =Joup -----END PGP SIGNATURE----- Merge 4.14.329 into android-4.14-stable Changes in 4.14.329 mcb: Return actual parsed size when reading chameleon table mcb-lpc: Reallocate memory region to avoid memory overlapping virtio_balloon: Fix endless deflation and inflation on arm64 treewide: Spelling fix in comment igb: Fix potential memory leak in igb_add_ethtool_nfc_entry r8152: Increase USB control msg timeout to 5000ms as per spec tcp: fix wrong RTO timeout when received SACK reneging gtp: uapi: fix GTPA_MAX i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() perf/core: Fix potential NULL deref NFS: Don't call generic_error_remove_page() while holding locks ARM: 8933/1: replace Sun/Solaris style flag on section directive drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() kobject: Fix slab-out-of-bounds in fill_kobj_path() f2fs: fix to do sanity check on inode type during garbage collection nfsd: lock_rename() needs both directories to live on the same fs x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility x86/mm: Simplify RESERVE_BRK() x86/mm: Fix RESERVE_BRK() for older binutils driver: platform: Add helper for safer setting of driver_override rpmsg: Fix kfree() of static memory on setting driver_override rpmsg: Fix calling device_lock() on non-initialized device rpmsg: glink: Release driver_override rpmsg: Fix possible refcount leak in rpmsg_register_device_override() x86: Fix .brk attribute in linker script ASoC: simple-card: fixup asoc_simple_probe() error handling irqchip/stm32-exti: add missing DT IRQ flag translation dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport fbdev: atyfb: only use ioremap_uc() on i386 and ia64 netfilter: nfnetlink_log: silence bogus compiler warning ASoC: rt5650: fix the wrong result of key button fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() scsi: mpt3sas: Fix in error path platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e net: chelsio: cxgb4: add an error code check in t4_load_phy_fw ata: ahci: fix enum constants for gcc-13 remove the sx8 block driver vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility tty: 8250: Remove UC-257 and UC-431 tty: 8250: Add support for additional Brainboxes UC cards tty: 8250: Add support for Brainboxes UP cards tty: 8250: Add support for Intashield IS-100 Linux 4.14.329 Change-Id: If187990b63eb0e3467f9d483ab7638db2640d0f3 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Tomas Henzl
|
2f64fef12c |
scsi: mpt3sas: Fix in error path
[ Upstream commit e40c04ade0e2f3916b78211d747317843b11ce10 ] The driver should be deregistered as misc driver after PCI registration failure. Signed-off-by: Tomas Henzl <thenzl@redhat.com> Link: https://lore.kernel.org/r/20231015114529.10725-1-thenzl@redhat.com Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
3b3807ea9f |
This is the 4.14.326 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUOphQACgkQONu9yGCS
aT48SA//UAwiChca8ejeMfb5naUV7yr0r7Vpe32I7+Z+vY+YmuKO2UWOdBi4rvrY
+PYIFCA7nfLpp6hXZg14ljX3w1Qh8WftXwlIeml5PJX+/IpyGT2FAx+CcYXAKdQk
KqANTdDAogw4wfPF+jY0hqRUP0NuIW2jzPU9cMQHm6/reRs8sSqs9wHo5tqlLLBN
YF66O+MyI/FZRwD3HxSeVlaNk1Rrk6I7CtdnXaUqMo7CosagayoiODn5vPMUJXZW
I7WOz4hFYJJhvnJKYKCoMUwmpsEQrQwxyeBipfXsoCjdSOn7TBJaTNEqo0cTq1aQ
kD34afHBY5cZaS2d0EKFcCYVxRwtzh0N73RuimPNTT3Rfkot9ARFwQjk+eOHrJDh
UQlx4aWq2vX400V68LeE6nSxwAoml888mISVrVqeLu4Xzt9dl4JlLD99GC0tu2GG
xKZp3BZ2spxEUciGT4Hby3f6PEGO3oJ/m8MSTNsn5wqdeZMbTUQ4O8yWLQZPaacc
M+FEHK/beW5inq5mi2hy0rs2uvhbSQoLV79jbS0EeN2x5Z6MTyWfifRqLx1VzvgF
oZHw7AeSv97oJGQfqF5j9BIUOC8jMzMircmxY5z/MmWvvjpkoMtTi0Fm66KbR6c/
Ydm83ptyuPg0XotdjlGAc1tGkVQatx7c1XzYqeOhKDBxvY4l13A=
=RCAu
-----END PGP SIGNATURE-----
Merge 4.14.326 into android-4.14-stable
Changes in 4.14.326
ARM: pxa: remove use of symbol_get()
mmc: au1xmmc: force non-modular build and remove symbol_get usage
rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
USB: serial: option: add Quectel EM05G variant (0x030e)
USB: serial: option: add FOXCONN T99W368/T99W373 product
HID: wacom: remove the battery when the EKR is off
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
serial: sc16is7xx: fix bug when first setting GPIO direction
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
pinctrl: amd: Don't show `Invalid config param` errors
lib/ubsan: remove returns-nonnull-attribute checks
9p: virtio: make sure 'offs' is initialized in zc_request
ASoC: da7219: Flush pending AAD IRQ when suspending
ethernet: atheros: fix return value check in atl1c_tso_csum()
m68k: Fix invalid .section syntax
s390/dasd: use correct number of retries for ERP requests
fs/nls: make load_nls() take a const parameter
ASoc: codecs: ES8316: Fix DMIC config
security: keys: perform capable check only on privileged operations
net: usb: qmi_wwan: add Quectel EM05GV2
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
bnx2x: fix page fault following EEH recovery
sctp: handle invalid error codes without calling BUG()
cifs: add a warning when the in-flight count goes negative
ALSA: seq: oss: Fix racy open/close of MIDI devices
powerpc/32: Include .branch_lt in data section
powerpc/32s: Fix assembler warning about r0
udf: Check consistency of Space Bitmap Descriptor
udf: Handle error when adding extent to a file
Revert "net: macsec: preserve ingress frame ordering"
reiserfs: Check the return value from __getblk()
fs: Fix error checking for d_hash_and_lookup()
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
regmap: rbtree: Use alloc_flags for memory allocations
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
wifi: mwifiex: Fix OOB and integer underflow when rx packets
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
net: tcp: fix unexcepted socket die when snd_wnd is 0
crypto: caam - fix unchecked return value error
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
fs: ocfs2: namei: check return value of ocfs2_add_entry()
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
wifi: mwifiex: Fix missed return in oob checks failed path
wifi: ath9k: protect WMI command response buffer replacement with a lock
wifi: mwifiex: avoid possible NULL skb pointer dereference
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
net: arcnet: Do not call kfree_skb() under local_irq_disable()
netrom: Deny concurrent connect().
ARM: dts: BCM53573: Add cells sizes to PCIe node
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
drm: adv7511: Fix low refresh rate register for ADV7533/5
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
smackfs: Prevent underflow in smk_set_cipso()
audit: fix possible soft lockup in __audit_inode_child()
ALSA: ac97: Fix possible error value of *rac97
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
clk: sunxi-ng: Modify mismatched function name
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
PCI: pciehp: Use RMW accessors for changing LNKCTL
wifi: ath10k: Use RMW accessors for changing LNKCTL
nfs/blocklayout: Use the passed in gfp flags
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
jfs: validate max amount of blocks before allocation.
fs: lockd: avoid possible wrong NULL parameter
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
drivers: usb: smsusb: fix error handling code in smsusb_init_device
media: dib7000p: Fix potential division by zero
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
media: cx24120: Add retval check for cx24120_message_send()
media: mediatek: vcodec: Return NULL if no vdec_fb is found
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
scsi: be2iscsi: Add length check when parsing nlattrs
scsi: qla4xxx: Add length check when parsing nlattrs
x86/APM: drop the duplicate APM_MINOR_DEV macro
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
dma-buf/sync_file: Fix docs syntax
media: go7007: Remove redundant if statement
USB: gadget: f_mass_storage: Fix unused variable warning
cgroup:namespace: Remove unused cgroup_namespaces_init()
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
amba: bus: fix refcount leak
Revert "IB/isert: Fix incorrect release of isert connection"
HID: multitouch: Correct devm device reference for hidinput input_dev name
rpmsg: glink: Add check for kstrdup
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
netfilter: xt_u32: validate user space input
netfilter: xt_sctp: validate the flag_info count
igb: set max size RX buffer when store bad packet is enabled
PM / devfreq: Fix leak in devfreq_dev_release()
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
backlight/gpio_backlight: Compare against struct fb_info.device
backlight/bd6107: Compare against struct fb_info.device
backlight/lv5207lp: Compare against struct fb_info.device
media: dvb: symbol fixup for dvb_attach()
ntb: Drop packets when qp link is down
ntb: Clean up tx tail index on link down
ntb: Fix calculation ntb_transport_tx_free_entry()
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
procfs: block chmod on /proc/thread-self/comm
parisc: Fix /proc/cpuinfo output for lscpu
dccp: Fix out of bounds access in DCCP error handler
X.509: if signature is unsupported skip validation
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
pstore/ram: Check start of empty przs during init
crypto: stm32 - fix loop iterating through scatterlist for DMA
scsi: qla2xxx: fix inconsistent TMF timeout
scsi: qla2xxx: Turn off noisy message log
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
drm/ast: Fix DRAM init on AST2200
parisc: led: Fix LAN receive and transmit LEDs
parisc: led: Reduce CPU overhead for disk & lan LED computation
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
pwm: lpc32xx: Remove handling of PWM channels
net: read sk->sk_family once in sk_mc_loop()
igb: disable virtualization features on 82580
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
af_unix: Fix data-races around user->unix_inflight.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data race around sk->sk_err.
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
kcm: Destroy mutex in kcm_exit_net()
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
ata: sata_gemini: Add missing MODULE_DESCRIPTION
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
kcm: Fix memory leak in error path of kcm_sendmsg()
ixgbe: fix timestamp configuration code
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
parisc: Drop loops_per_jiffy from per_cpu struct
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
btrfs: output extra debug info if we failed to find an inline backref
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
hw_breakpoint: fix single-stepping when using bpf_overflow_handler
wifi: ath9k: fix printk specifier
wifi: mwifiex: fix fortify warning
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
tpm_tis: Resend command to recover from data transfer errors
alx: fix OOB-read compiler warning
drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
md: raid1: fix potential OOB in raid1_remove_disk()
ext2: fix datatype of block number in ext2_xattr_set2()
fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
media: anysee: fix null-ptr-deref in anysee_master_xfer
media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
iio: core: Use min() instead of min_t() to make code more robust
media: tuners: qt1010: replace BUG_ON with a regular error
media: pci: cx23885: replace BUG with error return
usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
serial: cpm_uart: Avoid suspicious locking
kobject: Add sanity check for kset->kobj.ktype in kset_register()
md/raid1: fix error: ISO C90 forbids mixed declarations
attr: block mode changes of symlinks
btrfs: fix lockdep splat and potential deadlock after failure running delayed items
nfsd: fix change_info in NFSv4 RENAME replies
mtd: rawnand: brcmnand: Fix crash during the panic_write
mtd: rawnand: brcmnand: Fix potential false time out warning
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
net/sched: Retire rsvp classifier
Linux 4.14.326
Change-Id: I22815ecf1b4b346f889ccaa561b7cb9a20f204ce
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Quinn Tran
|
bf9ddbfb0e |
scsi: qla2xxx: Turn off noisy message log
commit 8ebaa45163a3fedc885c1dc7d43ea987a2f00a06 upstream. Some consider noisy log as test failure. Turn off noisy message log. Cc: stable@vger.kernel.org Signed-off-by: Quinn Tran <qutran@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230714070104.40052-8-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Quinn Tran
|
4c67aa16a0 |
scsi: qla2xxx: fix inconsistent TMF timeout
commit 009e7fe4a1ed52276b332842a6b6e23b07200f2d upstream. Different behavior were experienced of session being torn down vs not when TMF is timed out. When FW detects the time out, the session is torn down. When driver detects the time out, the session is not torn down. Allow TMF error to return to upper layer without session tear down. Cc: stable@vger.kernel.org Signed-off-by: Quinn Tran <qutran@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230714070104.40052-10-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Chengfeng Ye
|
4ea46b479a |
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
[ Upstream commit 1a1975551943f681772720f639ff42fbaa746212 ]
There is a long call chain that &fip->ctlr_lock is acquired by isr
fnic_isr_msix_wq_copy() under hard IRQ context. Thus other process context
code acquiring the lock should disable IRQ, otherwise deadlock could happen
if the IRQ preempts the execution while the lock is held in process context
on the same CPU.
[ISR]
fnic_isr_msix_wq_copy()
-> fnic_wq_copy_cmpl_handler()
-> fnic_fcpio_cmpl_handler()
-> fnic_fcpio_flogi_reg_cmpl_handler()
-> fnic_flush_tx()
-> fnic_send_frame()
-> fcoe_ctlr_els_send()
-> spin_lock_bh(&fip->ctlr_lock)
[Process Context]
1. fcoe_ctlr_timer_work()
-> fcoe_ctlr_flogi_send()
-> spin_lock_bh(&fip->ctlr_lock)
2. fcoe_ctlr_recv_work()
-> fcoe_ctlr_recv_handler()
-> fcoe_ctlr_recv_els()
-> fcoe_ctlr_announce()
-> spin_lock_bh(&fip->ctlr_lock)
3. fcoe_ctlr_recv_work()
-> fcoe_ctlr_recv_handler()
-> fcoe_ctlr_recv_els()
-> fcoe_ctlr_flogi_retry()
-> spin_lock_bh(&fip->ctlr_lock)
4. -> fcoe_xmit()
-> fcoe_ctlr_els_send()
-> spin_lock_bh(&fip->ctlr_lock)
spin_lock_bh() is not enough since fnic_isr_msix_wq_copy() is a
hardirq.
These flaws were found by an experimental static analysis tool I am
developing for irq-related deadlock.
The patch fix the potential deadlocks by spin_lock_irqsave() to disable
hard irq.
Fixes: 794d98e77f59 ("[SCSI] libfcoe: retry rejected FLOGI to another FCF if possible")
Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Link: https://lore.kernel.org/r/20230817074708.7509-1-dg573847474@gmail.com
Reviewed-by: Davidlohr Bueso <dave@stgolabs.net>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Tony Battersby
|
cb76e9ab54 |
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
[ Upstream commit 62ec2092095b678ff89ce4ba51c2938cd1e8e630 ]
Change scsi_host_lookup() hostnum argument type from unsigned short to
unsigned int to match the type used everywhere else.
Fixes: 6d49f63b415c ("[SCSI] Make host_no an unsigned int")
Signed-off-by: Tony Battersby <tonyb@cybernetics.com>
Link: https://lore.kernel.org/r/a02497e7-c12b-ef15-47fc-3f0a0b00ffce@cybernetics.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Oleksandr Natalenko
|
ba36b08d93 |
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
[ Upstream commit 25dbc20deab5165f847b4eb42f376f725a986ee8 ]
The qedf_dbg_fp_int_cmd_read() function invokes sprintf() directly on a
__user pointer, which may crash the kernel.
Avoid doing that by vmalloc()'ating a buffer for scnprintf() and then
calling simple_read_from_buffer() which does a proper copy_to_user() call.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Link: https://lore.kernel.org/lkml/20230724120241.40495-1-oleksandr@redhat.com/
Link: https://lore.kernel.org/linux-scsi/20230726101236.11922-1-skashyap@marvell.com/
Cc: Saurav Kashyap <skashyap@marvell.com>
Cc: Rob Evers <revers@redhat.com>
Cc: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Jozef Bacik <jobacik@redhat.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: GR-QLogic-Storage-Upstream@marvell.com
Cc: linux-scsi@vger.kernel.org
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Tested-by: Laurence Oberman <loberman@redhat.com>
Acked-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Oleksandr Natalenko <oleksandr@redhat.com>
Link: https://lore.kernel.org/r/20230731084034.37021-4-oleksandr@redhat.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Oleksandr Natalenko
|
b44bd56efe |
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
[ Upstream commit 7d3d20dee4f648ec44e9717d5f647d594d184433 ]
The qedf_dbg_stop_io_on_error_cmd_read() function invokes sprintf()
directly on a __user pointer, which may crash the kernel.
Avoid doing that by using a small on-stack buffer for scnprintf() and then
calling simple_read_from_buffer() which does a proper copy_to_user() call.
Fixes: 61d8658b4a43 ("scsi: qedf: Add QLogic FastLinQ offload FCoE driver framework.")
Link: https://lore.kernel.org/lkml/20230724120241.40495-1-oleksandr@redhat.com/
Link: https://lore.kernel.org/linux-scsi/20230726101236.11922-1-skashyap@marvell.com/
Cc: Saurav Kashyap <skashyap@marvell.com>
Cc: Rob Evers <revers@redhat.com>
Cc: Johannes Thumshirn <Johannes.Thumshirn@wdc.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Jozef Bacik <jobacik@redhat.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K. Petersen" <martin.petersen@oracle.com>
Cc: GR-QLogic-Storage-Upstream@marvell.com
Cc: linux-scsi@vger.kernel.org
Reviewed-by: Laurence Oberman <loberman@redhat.com>
Reviewed-by: Johannes Thumshirn <johannes.thumshirn@wdc.com>
Tested-by: Laurence Oberman <loberman@redhat.com>
Acked-by: Saurav Kashyap <skashyap@marvell.com>
Signed-off-by: Oleksandr Natalenko <oleksandr@redhat.com>
Link: https://lore.kernel.org/r/20230731084034.37021-2-oleksandr@redhat.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Lin Ma
|
cfa6a1a79e |
scsi: qla4xxx: Add length check when parsing nlattrs
[ Upstream commit 47cd3770e31df942e2bb925a9a855c79ed0662eb ]
There are three places that qla4xxx parses nlattrs:
- qla4xxx_set_chap_entry()
- qla4xxx_iface_set_param()
- qla4xxx_sysfs_ddb_set_param()
and each of them directly converts the nlattr to specific pointer of
structure without length checking. This could be dangerous as those
attributes are not validated and a malformed nlattr (e.g., length 0) could
result in an OOB read that leaks heap dirty data.
Add the nla_len check before accessing the nlattr data and return EINVAL if
the length check fails.
Fixes: 26ffd7b45fe9 ("[SCSI] qla4xxx: Add support to set CHAP entries")
Fixes: 1e9e2be3ee03 ("[SCSI] qla4xxx: Add flash node mgmt support")
Fixes: 00c31889f751 ("[SCSI] qla4xxx: fix data alignment and use nl helpers")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20230723080053.3714534-1-linma@zju.edu.cn
Reviewed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Lin Ma
|
76c7a4fad2 |
scsi: be2iscsi: Add length check when parsing nlattrs
[ Upstream commit ee0268f230f66cb472df3424f380ea668da2749a ]
beiscsi_iface_set_param() parses nlattr with nla_for_each_attr and assumes
every attributes can be viewed as struct iscsi_iface_param_info.
This is not true because there is no any nla_policy to validate the
attributes passed from the upper function iscsi_set_iface_params().
Add the nla_len check before accessing the nlattr data and return EINVAL if
the length check fails.
Fixes: 0e43895ec1f4 ("[SCSI] be2iscsi: adding functionality to change network settings using iscsiadm")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20230723075938.3713864-1-linma@zju.edu.cn
Reviewed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Lin Ma
|
378bc8086e |
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
[ Upstream commit ce51c817008450ef4188471db31639d42d37a5e1 ]
The functions iscsi_if_set_param() and iscsi_if_set_host_param() convert an
nlattr payload to type char* and then call C string handling functions like
sscanf and kstrdup:
char *data = (char*)ev + sizeof(*ev);
...
sscanf(data, "%d", &value);
However, since the nlattr is provided by the user-space program and the
nlmsg skb is allocated with GFP_KERNEL instead of GFP_ZERO flag (see
netlink_alloc_large_skb() in netlink_sendmsg()), dirty data on the heap can
lead to an OOB access for those string handling functions.
By investigating how the bug is introduced, we find it is really
interesting as the old version parsing code starting from commit
fd7255f51a13 ("[SCSI] iscsi: add sysfs attrs for uspace sync up") treated
the nlattr as integer bytes instead of string and had length check in
iscsi_copy_param():
if (ev->u.set_param.len != sizeof(uint32_t))
BUG();
But, since the commit a54a52caad4b ("[SCSI] iscsi: fixup set/get param
functions"), the code treated the nlattr as C string while forgetting to
add any strlen checks(), opening the possibility of an OOB access.
Fix the potential OOB by adding the strlen() check before accessing the
buf. If the data passes this check, all low-level set_param handlers can
safely treat this buf as legal C string.
Fixes: fd7255f51a13 ("[SCSI] iscsi: add sysfs attrs for uspace sync up")
Fixes: 1d9bf13a9cf9 ("[SCSI] iscsi class: add iscsi host set param event")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Link: https://lore.kernel.org/r/20230723075820.3713119-1-linma@zju.edu.cn
Reviewed-by: Chris Leech <cleech@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Chengfeng Ye
|
e89ac572c3 |
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
[ Upstream commit dd64f80587190265ca8a0f4be6c64c2fda6d3ac2 ]
As &qedi_percpu->p_work_lock is acquired by hard IRQ qedi_msix_handler(),
other acquisitions of the same lock under process context should disable
IRQ, otherwise deadlock could happen if the IRQ preempts the execution
while the lock is held in process context on the same CPU.
qedi_cpu_offline() is one such function which acquires the lock in process
context.
[Deadlock Scenario]
qedi_cpu_offline()
->spin_lock(&p->p_work_lock)
<irq>
->qedi_msix_handler()
->edi_process_completions()
->spin_lock_irqsave(&p->p_work_lock, flags); (deadlock here)
This flaw was found by an experimental static analysis tool I am developing
for IRQ-related deadlocks.
The tentative patch fix the potential deadlock by spin_lock_irqsave()
under process context.
Signed-off-by: Chengfeng Ye <dg573847474@gmail.com>
Link: https://lore.kernel.org/r/20230726125655.4197-1-dg573847474@gmail.com
Acked-by: Manish Rangankar <mrangankar@marvell.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
274c7d23b7 |
This is the 4.14.324 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTvU6sACgkQONu9yGCS aT7tCA/+NOCZdKPoP34xWXLBPld8l2sloFb8+srIz3aB3WTGW65hpuog172pKfKI NZNVMPMQq8yJXoob4w+IuYAdaYVkQE7W3aTLanO5X510xrH3WRonSX6obqWk+prd HGuxvhb6Eulk4lFLyv3IM0xwv/iRPo9X96Gddg19niWYYmc08wKozXfw4fduIjVU LnuhLt1fnscexQP8BOA3g/jQ8X7aat+Os/Ggmyp2NBscFhCvQO8c0U1T/gBS632q al5lSr474oXFXLPPUy11D/yxkUg1YKe7CNUgMqKdGsnMqCDvVm8jik1+Md9FHNdV 1FVi2LNzJ0OZZGgwEwba12QsHEj1BtBxo/Zzbw48nBet4HFBYFIWrZjm51EIn1IU gtteWKuM5wpDANsvhrJbXjGrRL3bEJ+fmAszqMcQeGOQk6Gxpmut2LVGZimvPToL aa7pmA+I+MXvfx8ZYxmizxxMvEuoSxDYPFsGR+GUZTYOq572N6HBoxqiPmo79EYL Ib3CqxuEmnOAl+Fefe7pKJqh5eR+RHCmWmtvhJMjk8FHrlzdlBtsXZUWD/vRdgGa GIxjOm8IuEbS3zaB62guvvpljD8d17Xtl/1eDcRqbpnUKd61a83WXw/x9Str3bHo AbXhE+/2pFlya7JMELDD6G5qrNuSok+V1SZy0dALTpiY5NPdqYU= =Jsjj -----END PGP SIGNATURE----- Merge 4.14.324 into android-4.14-stable Changes in 4.14.324 lib/mpi: Eliminate unused umul_ppmm definitions for MIPS drm/radeon: Fix integer overflow in radeon_cs_parser_init ALSA: emu10k1: roll up loops in DSP setup code for Audigy quota: Properly disable quotas when add_dquot_ref() fails quota: fix warning in dqgrab() udf: Fix uninitialized array access for some pathnames fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev MIPS: dec: prom: Address -Warray-bounds warning FS: JFS: Fix null-ptr-deref Read in txBegin FS: JFS: Check for read-only mounted filesystem in txBegin media: v4l2-mem2mem: add lock to protect parameter num_rdy media: platform: mediatek: vpu: fix NULL ptr dereference gfs2: Fix possible data races in gfs2_show_options() pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() Bluetooth: L2CAP: Fix use-after-free drm/amdgpu: Fix potential fence use-after-free v2 fbdev: mmp: fix value check in mmphw_probe() net: xfrm: Fix xfrm_address_filter OOB read net: af_key: fix sadb_x_filter validation ip6_vti: fix slab-use-after-free in decode_session6 ip_vti: fix potential slab-use-after-free in decode_session6 xfrm: add NULL check in xfrm_update_ae_params netfilter: nft_dynset: disallow object maps team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves i40e: fix misleading debug logs sock: Fix misuse of sk_under_memory_pressure() net: do not allow gso_size to be set to GSO_BY_FRAGS ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. cifs: Release folio lock on fscache read hit. mmc: wbsd: fix double mmc_free_host() in wbsd_init() serial: 8250: Fix oops for port->pm on uart_change_pm() binder: fix memory leak in binder_init() test_firmware: prevent race conditions by a correct implementation of locking netfilter: set default timeout to 3 secs for sctp shutdown send and recv state ASoC: rt5665: add missed regulator_bulk_disable af_unix: Fix null-ptr-deref in unix_stream_sendpage(). net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: phy: broadcom: stub c45 read/write for 54810 tracing: Fix memleak due to race between current_tracer and trace sock: annotate data-races around prot->memory_pressure igb: Avoid starting unnecessary workqueues ipvs: Improve robustness to the ipvs sysctl ipvs: fix racy memcpy in proc_do_sync_threshold ibmveth: Use dcbf rather than dcbfl batman-adv: Trigger events for auto adjusted MTU batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Fix TT global entry leak when client roamed back batman-adv: Fix batadv_v_ogm_aggr_send memory leak lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels media: vcodec: Fix potential array out-of-bounds in encoder queue_setup x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 rtnetlink: Reject negative ifindexes in RTM_NEWLINK scsi: snic: Fix double free in snic_tgt_create() scsi: core: raid_class: Remove raid_component_add() dma-buf/sw_sync: Avoid recursive lock during fence signal Linux 4.14.324 Change-Id: I91a1deeaf4c37592b26abd9d9314eff77329c0f0 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Zhu Wang
|
a6a0e8e394 |
scsi: core: raid_class: Remove raid_component_add()
commit 60c5fd2e8f3c42a5abc565ba9876ead1da5ad2b7 upstream. The raid_component_add() function was added to the kernel tree via patch "[SCSI] embryonic RAID class" (2005). Remove this function since it never has had any callers in the Linux kernel. And also raid_component_release() is only used in raid_component_add(), so it is also removed. Signed-off-by: Zhu Wang <wangzhu9@huawei.com> Link: https://lore.kernel.org/r/20230822015254.184270-1-wangzhu9@huawei.com Reviewed-by: Bart Van Assche <bvanassche@acm.org> Fixes: 04b5b5cb0136 ("scsi: core: Fix possible memory leak if device_add() fails") Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Zhu Wang
|
284bbc1a85 |
scsi: snic: Fix double free in snic_tgt_create()
commit 1bd3a76880b2bce017987cf53780b372cf59528e upstream.
Commit 41320b18a0e0 ("scsi: snic: Fix possible memory leak if device_add()
fails") fixed the memory leak caused by dev_set_name() when device_add()
failed. However, it did not consider that 'tgt' has already been released
when put_device(&tgt->dev) is called. Remove kfree(tgt) in the error path
to avoid double free of 'tgt' and move put_device(&tgt->dev) after the
removed kfree(tgt) to avoid a use-after-free.
Fixes: 41320b18a0e0 ("scsi: snic: Fix possible memory leak if device_add() fails")
Signed-off-by: Zhu Wang <wangzhu9@huawei.com>
Link: https://lore.kernel.org/r/20230819083941.164365-1-wangzhu9@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
b778a6929d |
This is the 4.14.323 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTc9RMACgkQONu9yGCS aT5dJRAAyJ6TlWC+bZv27UKgjXo+h3T5iVbfcJve/NKTgEcuFBcJFe5xb/znTog6 kovmrMQ8yG/lq19aUXI1QlVNCnCRpwzsNRl+27OtDL3emKtdgreyT9K+vtNLSqOT men0os0wJERKDfBMloZrvh/WeiYc+/uwWFz34kZjRMrWWoY7LBUCi+YOrh4VpkP4 B3CoC55IkC+OQz5mkrLJM9q1fpefNYcsv8tNtu2lLGfZuq6t35xQHW5cqF4TH7SN DvO6SWB4N0c39kSaBez3bJgIOSzAexL86nt5C3HI4soHDPJstKV6+mktPDGNx0pF H4DbewzYwpUE6pj0LBv9Fasj3gZjUMba+RECHaNqeCSRynYY1PW6AA0I428p87vq AWhCYLdSIs0tAcwPPfYo9q3Po3lOEBnHZNFpCpbLJiuWBf3H8HnIW/5Xvpb+tcGh HwhryJ3D55egUGuzeYtqurZAo2X6ubS8ig+MH9K2nMHl1p7YNMdXnxsWukv6bJUE QXSv87HG7ASv+WKQfSbFt5U+L7ihIGnAKdDEe4FaOxtNMj0aJQMMrJVsuNyXiBoO iP6BPEMGxCgdUVrDF04COVFf+jZE33RdHAi2rRwwaKlHfu5DoL90b/m8UcVt9/jH lQjsj5ydINt5tXU58Q3kLqJ/in/RM64TMKi/3L2wbwbaKZfbCPE= =Pod4 -----END PGP SIGNATURE----- Merge 4.14.323 into android-4.14-stable Changes in 4.14.323 sparc: fix up arch_cpu_finalize_init() build breakage. mmc: moxart: read scr register without changing byte order ipv6: adjust ndisc_is_useropt() to also return true for PIO dmaengine: pl330: Return DMA_PAUSED when transaction is paused radix tree test suite: fix incorrect allocation size for pthreads nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation iio: cros_ec: Fix the allocation size for cros_ec_command usb-storage: alauda: Fix uninit-value in alauda_check_media() usb: dwc3: Properly handle processing of pending events x86/mm: Fix VDSO and VVAR placement on 5-level paging machines x86: Move gds_ucode_mitigated() declaration to header drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes net/packet: annotate data-races around tp->status bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves dccp: fix data-race around dp->dccps_mss_cache drivers: net: prevent tun_build_skb() to exceed the packet size limit IB/hfi1: Fix possible panic during hotplug remove btrfs: don't stop integrity writeback too early netfilter: nf_tables: report use refcount overflow scsi: core: Fix legacy /proc parsing buffer overflow scsi: storvsc: Fix handling of virtual Fibre Channel timeouts scsi: 53c700: Check that command slot is not NULL scsi: snic: Fix possible memory leak if device_add() fails scsi: core: Fix possible memory leak if device_add() fails alpha: remove __init annotation from exported page_is_ram() Linux 4.14.323 Change-Id: Ie5983e040b787ee04a08ea1e7326a3571080f084 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
fce78edbb4 |
This is the 4.14.322 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTWAT4ACgkQONu9yGCS
aT6kKxAA00HDcoEbS4CpQxK1ggeeW6xMFqPHHwUz62ScZPR1zcrR4ag5UrKOQALF
cCQwt2nVBMUXciiQd3gY+MciAYPRVIXLMK9QqQEJSBZ+2p8zY3nb/HbM6o8iKQeV
xIhUneiyHtbOyTo3oQcyET7ngwxtDp9uEnd+8I+sSbGi8Wyh8Z8L2daVQTrke1Js
QIe3wDQsUj0pEDhRfYx29JKeQ8fBOfZlxtFEsdHvGgP/4j2EXGwyMVnt3/DVuwM8
5/b/SML0skSh8YM9JfMQwpYpR+MAFGyyYKoF2pGu1trvyoh2Jd3TYuYcNqjwIywg
W+ODGmULcYUYPBzUMdvrefwpn4l/2qpPCJ8FHB80h+4Jmy6PMN7lm1YnMBeQK4GP
ACLr2BzJ4Tp5LavWZpTpqdRlC039aSZqY+7K+H/eoNstwZMU3hKc3Kn2KrPss0pp
K0M7+8oukTnSiFNgIXVJOsr+kN1nNvtQmqCVRWlrn2cQckdDf8pVkPl/QtC3ZtWf
aI8xYr6UpAr0z1elK5p9lO6N0R8FLwVmDG7B4b/6nLbWtRSt53ay/nMAzebodpn1
8r+6ZoXO5LedNJsUOMJqE58X0ywbUgcx8mfkuRS8PLXEk7yI4+PR7DCeWyZ/YdVX
dUqaYIK0yYx9yXAkMaSdrnMs+OSqa6lK9c9juPDvFox+ngLAjNk=
=67ef
-----END PGP SIGNATURE-----
Merge 4.14.322 into android-4.14-stable
Changes in 4.14.322
gfs2: Don't deref jdesc in evict
x86/microcode/AMD: Load late on both threads too
x86/smp: Use dedicated cache-line for mwait_play_dead()
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
drm/edid: Fix uninitialized variable in drm_cvt_modes()
scripts/tags.sh: Resolve gtags empty index generation
drm/amdgpu: Validate VM ioctl flags.
treewide: Remove uninitialized_var() usage
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix io loss while replacement replace rdev
PM: domains: fix integer overflow issues in genpd_parse_state()
evm: Complete description of evm_inode_setattr()
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: atmel: Fix an error handling path in atmel_probe()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
watchdog/perf: more properly prevent false positives with turbo modes
kexec: fix a memory leak in crash_shrink_memory()
memstick r592: make memstick_debug_get_tpc_name() static
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
wifi: ath9k: convert msecs to jiffies where needed
netlink: fix potential deadlock in netlink_set_err()
netlink: do not hard code device address lenth in fdb dumps
gtp: Fix use-after-free in __gtp_encap_destroy().
lib/ts_bm: reset initial match offset for every block of text
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
netlink: Add __sock_i_ino() for __netlink_diag_dump().
radeon: avoid double free in ci_dpm_init()
Input: drv260x - sleep between polling GO bit
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: adxl34x - do not hardcode interrupt trigger type
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
ARM: ep93xx: fix missing-prototype warnings
ASoC: es8316: Increment max value for ALC Capture Target Volume control
soc/fsl/qe: fix usb.c build errors
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
drm/radeon: fix possible division-by-zero errors
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
pinctrl: cherryview: Return correct value if pin in push-pull mode
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: at91-pio4: check return value of devm_kasprintf()
crypto: nx - fix build warnings when DEBUG_FS is not enabled
modpost: fix section mismatch message for R_ARM_ABS32
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
modpost: fix off by one in is_executable_section()
USB: serial: option: add LARA-R6 01B PIDs
block: change all __u32 annotations to __be32 in affs_hardblocks.h
w1: fix loop in w1_fini()
sh: j2: Use ioremap() to translate device tree address into kernel memory
media: usb: Check az6007_read() return value
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: siano: Fix warning due to null work_func_t function pointer
extcon: Fix kernel doc of property fields to avoid warnings
extcon: Fix kernel doc of property capability fields to avoid warnings
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
mfd: rt5033: Drop rt5033-battery sub-device
mfd: intel-lpss: Add missing check for platform_get_resource
mfd: stmpe: Only disable the regulators if they are enabled
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
tcp: annotate data races in __tcp_oow_rate_limited()
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
sh: dma: Fix DMA channel offset calculation
NFSD: add encoding of op_recall flag for write delegation
mmc: core: disable TRIM on Kingston EMMC04G-M627
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
integrity: Fix possible multiple allocation in integrity_inode_get()
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
btrfs: fix race when deleting quota root from the dirty cow roots list
ARM: orion5x: fix d2net gpio initialization
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
spi: spi-fsl-spi: relax message sanity checking a little
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
workqueue: clean up WORK_* constant types, clarify masking
net: mvneta: fix txq_map in case of txq_number==1
udp6: fix udp6_ehashfn() typo
ntb: idt: Fix error handling in idt_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: ntb_transport: fix possible memory leak while device_register() fails
ipv6/addrconf: fix a potential refcount underflow for idev
wifi: airo: avoid uninitialized warning in airo_get_rate()
net/sched: make psched_mtu() RTNL-less safe
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
perf intel-pt: Fix CYC timestamps after standalone CBR
ext4: fix wrong unit use in ext4_mb_clear_bb
ext4: only update i_reserved_data_blocks on successful block allocation
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
misc: pci_endpoint_test: Re-init completion for every test
md/raid0: add discard support for the 'original' layout
fs: dlm: return positive pid value for F_GETLK
hwrng: imx-rngc - fix the timeout for init and self check
meson saradc: fix clock divider mask length
Revert "8250: add support for ASIX devices with a FIFO bug"
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
ring-buffer: Fix deadloop issue on reading trace_pipe
xtensa: ISS: fix call to split_if_spec
scsi: qla2xxx: Wait for io return on terminate rport
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Pointer may be dereferenced
serial: atmel: don't enable IRQs prematurely
perf probe: Add test for regression introduced by switch to die_get_decl_file()
fuse: revalidate: don't invalidate if interrupted
can: bcm: Fix UAF in bcm_proc_show()
ext4: correct inline offset when handling xattrs in inode body
debugobjects: Recheck debug_objects_enabled before reporting
nbd: Add the maximum limit of allocated index in nbd_dev_add
md: fix data corruption for raid456 when reshape restart while grow up
md/raid10: prevent soft lockup while flush writes
posix-timers: Ensure timer ID search-loop limit is valid
sched/fair: Don't balance task to its current running CPU
bpf: Address KCSAN report on bpf_lru_list
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
igb: Fix igb_down hung on surprise removal
spi: bcm63xx: fix max prepend length
fbdev: imxfb: warn about invalid left/right margin
pinctrl: amd: Use amd_pinconf_set() for all config options
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
llc: Don't drop packet from non-root netns.
netfilter: nf_tables: fix spurious set element insertion failure
tcp: annotate data-races around rskq_defer_accept
tcp: annotate data-races around tp->notsent_lowat
tcp: annotate data-races around fastopenq.max_qlen
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
ethernet: atheros: fix return value check in atl1e_tso_csum()
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
tcp: Reduce chance of collisions in inet6_hashfn().
bonding: reset bond's flags when down link is P2P device
team: reset team's flags when down link is P2P device
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
benet: fix return value check in be_lancer_xmit_workarounds()
ASoC: fsl_spdif: Silence output on stop
block: Fix a source code comment in include/uapi/linux/blkzoned.h
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
ata: pata_ns87415: mark ns87560_tf_read static
ring-buffer: Fix wrong stat of cpu_buffer->read
tracing: Fix warning in trace_buffered_event_disable()
USB: serial: option: support Quectel EM060K_128
USB: serial: option: add Quectel EC200A module support
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: simple: sort driver entries
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
usb: ohci-at91: Fix the unhandle interrupt when resume
usb: xhci-mtk: set the dma max_seg_size
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
tpm_tis: Explicitly check for error code
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
s390/dasd: fix hanging device after quiesce/resume
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
drm/client: Fix memory leak in drm_client_target_cloned
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
net/sched: cls_u32: Fix reference counter leak leading to overflow
perf: Fix function pointer case
word-at-a-time: use the same return type for has_zero regardless of endianness
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
perf test uprobe_from_different_cu: Skip if there is no gcc
net: add missing data-race annotations around sk->sk_peek_off
net: add missing data-race annotation for sk_ll_usec
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
tcp_metrics: fix addr_same() helper
tcp_metrics: annotate data-races around tm->tcpm_stamp
tcp_metrics: annotate data-races around tm->tcpm_lock
tcp_metrics: annotate data-races around tm->tcpm_vals[]
tcp_metrics: annotate data-races around tm->tcpm_net
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
loop: Select I/O scheduler 'none' from inside add_disk()
libceph: fix potential hang in ceph_osdc_notify()
USB: zaurus: Add ID for A-300/B-500/C-700
fs/sysv: Null check to prevent null-ptr-deref bug
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
ext2: Drop fragment support
test_firmware: fix a memory leak with reqs buffer
mtd: rawnand: omap_elm: Fix incorrect type in assignment
drm/edid: fix objtool warning in drm_cvt_modes()
Linux 4.14.322
Change-Id: Ia25c00bd23a112b634b83577ec7d54569e8b7c70
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Zhu Wang
|
63956ad27a |
scsi: core: Fix possible memory leak if device_add() fails
commit 04b5b5cb0136ce970333a9c6cec7e46adba1ea3a upstream.
If device_add() returns error, the name allocated by dev_set_name() needs
be freed. As the comment of device_add() says, put_device() should be used
to decrease the reference count in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanp().
Fixes: ee959b00c335 ("SCSI: convert struct class_device to struct device")
Signed-off-by: Zhu Wang <wangzhu9@huawei.com>
Link: https://lore.kernel.org/r/20230803020230.226903-1-wangzhu9@huawei.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Zhu Wang
|
789275f7c0 |
scsi: snic: Fix possible memory leak if device_add() fails
commit 41320b18a0e0dfb236dba4edb9be12dba1878156 upstream.
If device_add() returns error, the name allocated by dev_set_name() needs
be freed. As the comment of device_add() says, put_device() should be used
to give up the reference in the error path. So fix this by calling
put_device(), then the name can be freed in kobject_cleanp().
Fixes: c8806b6c9e82 ("snic: driver for Cisco SCSI HBA")
Signed-off-by: Zhu Wang <wangzhu9@huawei.com>
Acked-by: Narsimhulu Musini <nmusini@cisco.com>
Link: https://lore.kernel.org/r/20230801111421.63651-1-wangzhu9@huawei.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Alexandra Diupina
|
d766181338 |
scsi: 53c700: Check that command slot is not NULL
commit 8366d1f1249a0d0bba41d0bd1298d63e5d34c7f7 upstream.
Add a check for the command slot value to avoid dereferencing a NULL
pointer.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Co-developed-by: Vladimir Telezhnikov <vtelezhnikov@astralinux.ru>
Signed-off-by: Vladimir Telezhnikov <vtelezhnikov@astralinux.ru>
Signed-off-by: Alexandra Diupina <adiupina@astralinux.ru>
Link: https://lore.kernel.org/r/20230728123521.18293-1-adiupina@astralinux.ru
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Michael Kelley
|
cd87f4df98 |
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
commit 175544ad48cbf56affeef2a679c6a4d4fb1e2881 upstream.
Hyper-V provides the ability to connect Fibre Channel LUNs to the host
system and present them in a guest VM as a SCSI device. I/O to the vFC
device is handled by the storvsc driver. The storvsc driver includes a
partial integration with the FC transport implemented in the generic
portion of the Linux SCSI subsystem so that FC attributes can be displayed
in /sys. However, the partial integration means that some aspects of vFC
don't work properly. Unfortunately, a full and correct integration isn't
practical because of limitations in what Hyper-V provides to the guest.
In particular, in the context of Hyper-V storvsc, the FC transport timeout
function fc_eh_timed_out() causes a kernel panic because it can't find the
rport and dereferences a NULL pointer. The original patch that added the
call from storvsc_eh_timed_out() to fc_eh_timed_out() is faulty in this
regard.
In many cases a timeout is due to a transient condition, so the situation
can be improved by just continuing to wait like with other I/O requests
issued by storvsc, and avoiding the guaranteed panic. For a permanent
failure, continuing to wait may result in a hung thread instead of a panic,
which again may be better.
So fix the panic by removing the storvsc call to fc_eh_timed_out(). This
allows storvsc to keep waiting for a response. The change has been tested
by users who experienced a panic in fc_eh_timed_out() due to transient
timeouts, and it solves their problem.
In the future we may want to deprecate the vFC functionality in storvsc
since it can't be fully fixed. But it has current users for whom it is
working well enough, so it should probably stay for a while longer.
Fixes: 3930d7309807 ("scsi: storvsc: use default I/O timeout handler for FC devices")
Cc: stable@vger.kernel.org
Signed-off-by: Michael Kelley <mikelley@microsoft.com>
Link: https://lore.kernel.org/r/1690606764-79669-1-git-send-email-mikelley@microsoft.com
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Tony Battersby
|
8d187c424e |
scsi: core: Fix legacy /proc parsing buffer overflow
commit 9426d3cef5000824e5f24f80ed5f42fb935f2488 upstream. (lightly modified commit message mostly by Linus Torvalds) The parsing code for /proc/scsi/scsi is disgusting and broken. We should have just used 'sscanf()' or something simple like that, but the logic may actually predate our kernel sscanf library routine for all I know. It certainly predates both git and BK histories. And we can't change it to be something sane like that now, because the string matching at the start is done case-insensitively, and the separator parsing between numbers isn't done at all, so *any* separator will work, including a possible terminating NUL character. This interface is root-only, and entirely for legacy use, so there is absolutely no point in trying to tighten up the parsing. Because any separator has traditionally worked, it's entirely possible that people have used random characters rather than the suggested space. So don't bother to try to pretty it up, and let's just make a minimal patch that can be back-ported and we can forget about this whole sorry thing for another two decades. Just make it at least not read past the end of the supplied data. Link: https://lore.kernel.org/linux-scsi/b570f5fe-cb7c-863a-6ed9-f6774c219b88@cybernetics.com/ Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Martin K Petersen <martin.petersen@oracle.com> Cc: James Bottomley <jejb@linux.ibm.com> Cc: Willy Tarreau <w@1wt.eu> Cc: stable@kernel.org Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Tony Battersby <tonyb@cybernetics.com> Signed-off-by: Martin K Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Shreyas Deodhar
|
005961bd8f |
scsi: qla2xxx: Pointer may be dereferenced
commit 00eca15319d9ce8c31cdf22f32a3467775423df4 upstream. Klocwork tool reported pointer 'rport' returned from call to function fc_bsg_to_rport() may be NULL and will be dereferenced. Add a fix to validate rport before dereferencing. Cc: stable@vger.kernel.org Signed-off-by: Shreyas Deodhar <sdeodhar@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-7-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Nilesh Javali
|
f35bd94b4e |
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
commit af73f23a27206ffb3c477cac75b5fcf03410556e upstream. Klocwork reported warning of rport maybe NULL and will be dereferenced. rport returned by call to fc_bsg_to_rport() could be NULL and dereferenced. Check valid rport returned by fc_bsg_to_rport(). Cc: stable@vger.kernel.org Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-5-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Bikash Hazarika
|
02405f4023 |
scsi: qla2xxx: Fix potential NULL pointer dereference
commit 464ea494a40c6e3e0e8f91dd325408aaf21515ba upstream. Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer. Cc: stable@vger.kernel.org Signed-off-by: Bikash Hazarika <bhazarika@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230607113843.37185-3-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Quinn Tran
|
8a55556cd7 |
scsi: qla2xxx: Wait for io return on terminate rport
commit fc0cba0c7be8261a1625098bd1d695077ec621c9 upstream. System crash due to use after free. Current code allows terminate_rport_io to exit before making sure all IOs has returned. For FCP-2 device, IO's can hang on in HW because driver has not tear down the session in FW at first sign of cable pull. When dev_loss_tmo timer pops, terminate_rport_io is called and upper layer is about to free various resources. Terminate_rport_io trigger qla to do the final cleanup, but the cleanup might not be fast enough where it leave qla still holding on to the same resource. Wait for IO's to return to upper layer before resources are freed. Cc: stable@vger.kernel.org Signed-off-by: Quinn Tran <qutran@marvell.com> Signed-off-by: Nilesh Javali <njavali@marvell.com> Link: https://lore.kernel.org/r/20230428075339.32551-7-njavali@marvell.com Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Yuchen Yang
|
cce408e368 |
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
[ Upstream commit 2e2fe5ac695a00ab03cab4db1f4d6be07168ed9d ]
Smatch complains that:
tw_probe() warn: missing error code 'retval'
This patch adds error checking to tw_probe() to handle initialization
failure. If tw_reset_sequence() function returns a non-zero value, the
function will return -EINVAL to indicate initialization failure.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Yuchen Yang <u202114568@hust.edu.cn>
Link: https://lore.kernel.org/r/20230505141259.7730-1-u202114568@hust.edu.cn
Reviewed-by: Dan Carpenter <dan.carpenter@linaro.org>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Kees Cook
|
d68627697d |
treewide: Remove uninitialized_var() usage
commit 3f649ab728cda8038259d8f14492fe400fbab911 upstream. Using uninitialized_var() is dangerous as it papers over real bugs[1] (or can in the future), and suppresses unrelated compiler warnings (e.g. "unused variable"). If the compiler thinks it is uninitialized, either simply initialize the variable or make compiler changes. In preparation for removing[2] the[3] macro[4], remove all remaining needless uses with the following script: git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \ xargs perl -pi -e \ 's/\buninitialized_var\(([^\)]+)\)/\1/g; s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;' drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid pathological white-space. No outstanding warnings were found building allmodconfig with GCC 9.3.0 for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64, alpha, and m68k. [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/ [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/ [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/ [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/ Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5 Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
89ea220374 |
This is the 4.14.317 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmSC4WYACgkQONu9yGCS
aT6pCA//TAyy6rm3HeBQOE0i0MgRaFEkTpHZ7LQIv7M/3CE/j0lacZRQFC0CFc8Y
2N1Qu0+MUBqbwXBxJVeHQz/YncBsbkaEycNG37oRdZoC7SyCG/uPxQVPHjoDIP17
tcbJuAfF4fmLWGS5FYtsg86eyQLqcCJJ7F5m/Pja5dvWFDWCvsn14pPaAmwS2XBW
Uwe6g9mYuZx2aFaLDsUmbm2AnxgiZivWy9IYJHL9PaR3Uy4k2bzgFHe9ePptpVk9
HiIEmoWRn3AekmkCicAxkl8ImWL4AyG29NF0KCsh+FlIM43wUD2qqxr5W7V2EI2U
DepGaEJPzLEc1jolZ6i7v3nMIf/Ik9Hpw21wCBx5OoyI1cXhuDYX42l7DdBIyKeq
4q1Kdf9AL0B/S5ZnShLi9Na0KZlS/7Ze5fhouu4P0aaef71q2VFbxpv9JT+CQ4Lo
7nL7uzsbv7ZfLtLAVGsxPcgndoQauCD7Czu8jm/SxjAt8eLI70Ngh+9oA5T4NXsW
Sm1W0uHF3w9g8Avvj17e25VlfssBojMnlWO4kWJiSLhB88UmPO+GsR7BZAxaGlx0
FvALhF21Gs61kO8zV8sdxr1BHfEHLHgsTJfFB/4RQgeAvu8udZsydSpvK5VbbS3B
z93FHlduocM+JWIr/0A5IWHRDxkXWh8lDPQGyfiAkgO+J6CDs5o=
=Vz+v
-----END PGP SIGNATURE-----
Merge 4.14.317 into android-4.14-stable
Changes in 4.14.317
power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize
ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
dmaengine: pl330: rename _start to prevent build error
netrom: fix info-leak in nr_write_internal()
af_packet: Fix data-races of pkt_sk(sk)->num.
af_packet: do not use READ_ONCE() in packet_bind()
tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
udp6: Fix race condition in udp6_sendmsg & connect
net: dsa: mv88e6xxx: Increase wait after reset deactivation
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
ARM: 9295/1: unwind:fix unwind abort for uleb128 case
fbdev: modedb: Add 1920x1080 at 60 Hz video mode
fbdev: stifb: Fix info entry in sti_struct on error path
nbd: Fix debugfs_create_dir error checking
ASoC: dwc: limit the number of overrun messages
ASoC: ssm2602: Add workaround for playback distortions
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
media: netup_unidvb: fix irq init by register it at the end of probe
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
wifi: b43: fix incorrect __packed annotation
netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
ALSA: oss: avoid missing-prototype warnings
atm: hide unused procfs functions
mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
iio: adc: mxs-lradc: fix the order of two cleanup operations
HID: wacom: avoid integer overflow in wacom_intuos_inout()
iio: dac: mcp4725: Fix i2c_master_send() return value handling
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
usb: gadget: f_fs: Add unbind event before functionfs_unbind
scsi: stex: Fix gcc 13 warnings
ata: libata-scsi: Use correct device no in ata_find_dev()
x86/boot: Wrap literal addresses in absolute_pointer()
ACPI: thermal: drop an always true check
gcc-12: disable '-Wdangling-pointer' warning for now
eth: sun: cassini: remove dead code
kernel/extable.c: use address-of operator on section symbols
lib/dynamic_debug.c: use address-of operator on section symbols
wifi: rtlwifi: remove always-true condition pointed out by GCC 12
regulator: da905{2,5}: Remove unnecessary array check
mmc: vub300: fix invalid response handling
tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
selinux: don't use make's grouped targets feature yet
ext4: add lockdep annotations for i_data_sem for ea_inode's
fbcon: Fix null-ptr-deref in soft_cursor
scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
scsi: dpt_i2o: Do not process completions with invalid addresses
cdc_ncm: Implement the 32-bit version of NCM Transfer Block
cdc_ncm: Fix the build warning
net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
Fix double fget() in vhost_net_set_backend()
wifi: rtlwifi: 8192de: correct checking of IQK reload
Linux 4.14.317
Change-Id: Ief316a58787d01cb8e01710fbb9c4d2b70ad3c1b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Ben Hutchings
|
ad919acbf0 |
scsi: dpt_i2o: Do not process completions with invalid addresses
adpt_isr() reads reply addresses from a hardware register, which
should always be within the DMA address range of the device's pool of
reply address buffers. In case the address is out of range, it tries
to muddle on, converting to a virtual address using bus_to_virt().
bus_to_virt() does not take DMA addresses, and it doesn't make sense
to try to handle the completion in this case. Ignore it and continue
looping to service the interrupt. If a completion has been lost then
the SCSI core should eventually time-out and trigger a reset.
There is no corresponding upstream commit, because this driver was
removed upstream.
Fixes: 67af2b060e02 ("[SCSI] dpt_i2o: move from virt_to_bus/bus_to_virt ...")
Signed-off-by: Ben Hutchings <benh@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Ben Hutchings
|
4e0ef325bc |
scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
adpt_i2o_passthru() takes a user-provided message and passes it
through to the hardware with appropriate translation of addresses
and message IDs. It has a number of bugs:
- When a message requires scatter/gather, it doesn't verify that the
offset to the scatter/gather list is less than the message size.
- When a message requires scatter/gather, it overwrites the DMA
addresses with the user-space virtual addresses before unmapping the
DMA buffers.
- It reads the message from user memory multiple times. This allows
user-space to change the message and bypass validation.
- It assumes that the message is at least 4 words long, but doesn't
check that.
I tried fixing these, but even the maintainer of the corresponding
user-space in Debian doesn't have the hardware any more.
Instead, remove the pass-through ioctl (I2OUSRCMD) and supporting
code.
There is no corresponding upstream commit, because this driver was
removed upstream.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Fixes: 67af2b060e02 ("[SCSI] dpt_i2o: move from virt_to_bus/bus_to_virt ...")
Signed-off-by: Ben Hutchings <benh@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Bart Van Assche
|
7f5d014e6f |
scsi: stex: Fix gcc 13 warnings
commit 6d074ce231772c66e648a61f6bd2245e7129d1f5 upstream.
gcc 13 may assign another type to enumeration constants than gcc 12. Split
the large enum at the top of source file stex.c such that the type of the
constants used in time expressions is changed back to the same type chosen
by gcc 12. This patch suppresses compiler warnings like this one:
In file included from ./include/linux/bitops.h:7,
from ./include/linux/kernel.h:22,
from drivers/scsi/stex.c:13:
drivers/scsi/stex.c: In function ‘stex_common_handshake’:
./include/linux/typecheck.h:12:25: error: comparison of distinct pointer types lacks a cast [-Werror]
12 | (void)(&__dummy == &__dummy2); \
| ^~
./include/linux/jiffies.h:106:10: note: in expansion of macro ‘typecheck’
106 | typecheck(unsigned long, b) && \
| ^~~~~~~~~
drivers/scsi/stex.c:1035:29: note: in expansion of macro ‘time_after’
1035 | if (time_after(jiffies, before + MU_MAX_DELAY * HZ)) {
| ^~~~~~~~~~
See also https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107405.
Cc: stable@vger.kernel.org
Acked-by: Randy Dunlap <rdunlap@infradead.org>
Tested-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Link: https://lore.kernel.org/r/20230529195034.3077-1-bvanassche@acm.org
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Wenchao Hao
|
44a55866f2 |
scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
[ Upstream commit 09e797c8641f6ad435c33ae24c223351197ea29a ] If scsi_dispatch_cmd() failed, the SCSI command was not sent to the target, scsi_queue_rq() would return BLK_STS_RESOURCE and the related request would be requeued. The timeout of this request would not fire, no one would increase iodone_cnt. The above flow would result the iodone_cnt smaller than iorequest_cnt. So decrease the iorequest_cnt if dispatch failed to workaround the issue. Signed-off-by: Wenchao Hao <haowenchao2@huawei.com> Reported-by: Ming Lei <ming.lei@redhat.com> Closes: https://lore.kernel.org/r/ZF+zB+bB7iqe0wGd@ovpn-8-17.pek2.redhat.com Link: https://lore.kernel.org/r/20230515070156.1790181-3-haowenchao2@huawei.com Reviewed-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |