bananafunction

bananafunction

Member Since 4 years ago

Experience Points
0
follower
Lessons Completed
0
follow
Best Reply Awards
26
repos

15 contributions in the last year

Pinned
⚡ This is the Android device configuration for Sony Xperia XZ1 Compact (yoshino platform).
⚡ This is the Android device configuration for the yoshino platform
⚡ LineageOS Kernel Tree for Sony Xperia X Premium, XZ1 and XZ1 Compact
⚡ Kernel for Samsung Galaxy Tab S2 (Exynos 5433) [gts210wifi]
Activity
Sep
16
4 weeks ago
push

bananafunction push bananafunction/android_device_oneplus_fajita

bananafunction
bananafunction

fajita: Relocate defconfig to common tree

Signed-off-by: AnierinB [email protected] Change-Id: I0ad9fd7251e4197a6af5d676813881452a8008f9

bananafunction
bananafunction

Merge LineageOS/fajita/lineage-18.1

Merge latest changes from 20210915

commit sha: 4eb6e47047f7ca0a64ea90b431c0cd6b80934f54

push time in 4 weeks ago
push

bananafunction push bananafunction/android_device_oneplus_sdm845-common

bananafunction
bananafunction

sdm845-common: Set TARGET_KERNEL_CONFIG := enchilada_defconfig

Signed-off-by: AnierinB [email protected] Change-Id: I450bf33d0d5a313b78e6113a81b555f8be0bb01d

bananafunction
bananafunction

sdm845-common: Enable dirac_gef effect for audioSession=0 on boot

This basically mimics what OnePlus does on Android 11, it also serves as a base for possible full "Audio Tuner" reimplementation.

Init parameters hex streams dumped with the following Xposed module: https://github.com/luk1337/AudioEffectsHook.

Fixes: https://gitlab.com/LineageOS/issues/android/-/issues/3948 Change-Id: I7476345145b43fafcbd7f14bd33db1c199c6025f

commit sha: e4e7d4f1651e7b5bb6cec0e660c0410e0b7b8472

push time in 4 weeks ago
Activity icon
created branch
createdAt 4 weeks ago
Activity icon
delete
deleted time in 4 weeks ago
push

bananafunction push bananafunction/android_kernel_sony_msm8998

bananafunction
bananafunction

Merge f5421bd1a8234dc7d9a95fc4fdaa5ae41befa8e4 on remote branch

Change-Id: Ia7af33c78332c6ddb6d324743cd604b61e443bed

bananafunction
bananafunction

Merge cac1fc5e5a665df80170c0d74ea33269ae75ded7 on remote branch

Change-Id: Ib6798496d64b031368ed889d09cf2078f4e13b4f

bananafunction
bananafunction

Merge 382e54f122beaf93fd990d974bb77774c34acb3c on remote branch

Change-Id: Ie380f8ead79a9c279bc11fa62c1425946898d048

bananafunction
bananafunction

Merge 4f7147b112720eb53aa088b2e40a57c07e2827d7 on remote branch

Change-Id: I107343e272b7adf94a3147e253cd17f10c612b29

bananafunction
bananafunction

Merge f93a7f538e10faeb969e6a96cf68982ae5364087 on remote branch

Change-Id: Ie7dff735d8a76859ca19d5bac65205d3167daea2

bananafunction
bananafunction

Merge 21a2827a62cebcc49e4a606bfadce3c6110a514f on remote branch

Change-Id: Icb250a9ad822486bab9437b1eebdfcaf7e0f1431

bananafunction
bananafunction

Merge ab9f60b51d5e33daaaf95bff8fa07ce604a18223 on remote branch

Change-Id: If112ddd2ea16ef0c3db2d60e5b9cb1ddeb84189c

bananafunction
bananafunction

Merge 0da2b18f8a49ca2c93c9cb6428546b3729f7af0f on remote branch

Change-Id: I20981cf57a198ede6a9940f4c20c01d11af042a2

bananafunction
bananafunction

Merge 1083615c2ba0f9f973cc778082f842775e55e19b on remote branch

Change-Id: I661a7ddb411565378bf526f7b960ea536c23eb74

bananafunction
bananafunction

Merge bdca97fb188e7c1b0c829dfa2978e5a8e4ddcd5b on remote branch

Change-Id: I17eabc85b2fb2e99ca391efa4abbbf97c0fe374e

bananafunction
bananafunction

Merge ece8bc124d708f8bc5a83de3d0b721a04e018cb5 on remote branch

Change-Id: I0189009585bf7b889df4ae90bae2272766082628

bananafunction
bananafunction

Merge 3f97d298ee0c3a76e1de529cf15680086c26b975 on remote branch

Change-Id: I8092ee9905dfc83a25abc1b223cd76fb670a5d08

bananafunction
bananafunction

Merge a4c2a161be312c852c4e0b649d6ebf731a9a6f86 on remote branch

Change-Id: I759d284b8ec4bc521247b938f519366984c34964

bananafunction
bananafunction

qcacld-3.0: Avoid NULL pointer dereference for frag_indication

Avoid NULL pointer dereference for frag indication in T2H msg.

Change-Id: I9c1baf682fc0b52cbf70a4fbcca5be7585c3d02a CRs-Fixed: 2501146

bananafunction
bananafunction

Merge a8dbcb2407602e74ba4ddc21fc2b63619f8c06b2 on remote branch

Change-Id: Ie50db9ac76a06672346b80850adc34de5ff6e2fe

bananafunction
bananafunction

Merge a97a917c1a361a11d8b40490aaf0d885e1dd1632 on remote branch

Change-Id: I03112b21430880707be1ec1b728d66c7beb14de4

bananafunction
bananafunction

Merge d625fb696695fa3587c4985f3974e8a9ea40d920 on remote branch

Change-Id: Id315245c4c63cbf33241233661abe5a854a3cb5b

bananafunction
bananafunction

Merge 9e1c106692a7facb611754274b7d5720718cf99f on remote branch

Change-Id: I4c427986875d7526aab6d0997215ae9d5032a16e

bananafunction
bananafunction

Merge 700a1204af197134f49fdbe3a536acb3603407cc on remote branch

Change-Id: I0a6e626595cc5f62a3a37b337d56aa216c7eb0eb

bananafunction
bananafunction

Merge 220041f19e8b30674ed8dd18b3f574cfbc71f7f1 on remote branch

Change-Id: I34d1e358c0c74de5c71d4a8e50d2d856bd61b724

commit sha: 1ae10f4a77c396b73b93362d2d7cb345f5e4b62e

push time in 4 weeks ago
Sep
13
1 month ago
Activity icon
issue

bananafunction issue comment whatawurst/android_kernel_sony_msm8998

bananafunction
bananafunction

Merge tag 'LA.UM.7.2.r2-09300-8x98.0'

Merge tag 'LA.UM.7.2.r2-09300-8x98.0' of https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0

via

  • git subtree pull --prefix drivers/staging/qcacld-3.0/ https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0 LA.UM.7.2.r2-09300-8x98.0
  • git subtree pull --prefix drivers/staging/qca-wifi-host-cmn https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn LA.UM.7.2.r2-09300-8x98.0
  • git subtree pull --prefix drivers/staging/fw-api/ https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/fw-api LA.UM.7.2.r2-09300-8x98.0

https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn

CC @bananafunction for review

bananafunction
bananafunction

Merge tag 'LA.UM.7.2.r2-09300-8x98.0' of https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0

via

* `git subtree pull --prefix drivers/staging/qcacld-3.0/ https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0 LA.UM.7.2.r2-09300-8x98.0`

* `git subtree pull --prefix drivers/staging/qca-wifi-host-cmn https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn LA.UM.7.2.r2-09300-8x98.0`

* `git subtree pull --prefix drivers/staging/fw-api/ https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/fw-api LA.UM.7.2.r2-09300-8x98.0`

https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn

CC @bananafunction for review

Hi @Flamefire

thank you for merging a lot of stuff into this kernel! For me, it looks good. I am gonna build the kernel with this PR and flash it to test. Do you already run this kernel with all the PRs included?

Cheers

push

bananafunction push bananafunction/android_device_oneplus_sdm845-common

bananafunction
bananafunction

sdm845-common: sepolicy: Allow init to write to vendor_sysfs_usb_supply

Fixes: https://gitlab.com/LineageOS/issues/android/-/issues/3952 Change-Id: Ib116e3d2f4242f4ade9a2750ff06dce2919be296

commit sha: 47baebc4191db40f912fc874cad24aebfacc18d4

push time in 1 month ago
push

bananafunction push bananafunction/android

bananafunction
bananafunction

manifest: android-11.0.0_r40 -> android-11.0.0_r43

Change-Id: Ie3b9c8abd3653f42d1fbb06190b7dd5d08afaf39

bananafunction
bananafunction

Merge LineageOS_android/lineage-18.1

Merge latest changes from 20210908

commit sha: 5d4efb6565d4f7226fd046a25740a3b101ae2550

push time in 1 month ago
Sep
9
1 month ago
push

bananafunction push bananafunction/android_device_oneplus_fajita

bananafunction
bananafunction

fajita: update fingerprint patch to match September 2021 SPL

Signed-off-by: bananafunction [email protected]

commit sha: 257839eb661d5fed3b40aecd5cb29fe183276687

push time in 1 month ago
push

bananafunction push bananafunction/android_kernel_oneplus_sdm845

bananafunction
bananafunction

ARM: dts: msm: Sync panel dts with oneplus/SDM845_R_11.0

Change-Id: I9fc95d72e90b8934569f3aa1337ae7534cdafa6f

bananafunction
bananafunction

drivers: power: Sync with oneplus/SDM845_R_11.0

Coincidentally, this also restores bunch of code that I removed.

Change-Id: If1008605910d816a8cecf304655c4e3e180428d0

bananafunction
bananafunction

pstore: Import changes from oneplus/SDM845_R_11.0

Change-Id: I5a368e6939e620f1418f1116a8a024b21930c9ed

bananafunction
bananafunction

Merge lineageOS_kernel_sdm845/lineage-18.1

Merge latest changes from 20210909

commit sha: f1793fc2050a07ecaf99e0b4821a35fd3efca7aa

push time in 1 month ago
push

bananafunction push bananafunction/android_device_sony_lilac

bananafunction
bananafunction

lilac: update fingerprint patch to match September 2021 SPL

Signed-off-by: bananafunction [email protected]

commit sha: 91b4426642537153d74e30a55fe92a5143a272a7

push time in 1 month ago
push

bananafunction push bananafunction/android_device_sony_lilac

bananafunction
bananafunction

lilac: update fingerprint patch to match September 2021 SPL

Signed-off-by: bananafunction [email protected]

commit sha: 2220d733f0618825f482a9b9093b2de2aacc6c03

push time in 1 month ago
Sep
7
1 month ago
push

bananafunction push bananafunction/android

bananafunction
bananafunction

manifest: Sync SM8350 HALs

Change-Id: Id967e8fdf11220e6f166dc1b9a11e38833c2db04

bananafunction
bananafunction

manifest: android-11.0.0_r37 -> android-11.0.0_r38

Change-Id: Id847b62f67ea4c801b8013e10d5dd21a4e0f0f06

bananafunction
bananafunction

manifest: Sync minimal GCC AS toolchain from aosp

For redbull kernel

Change-Id: Ic10909e82f6967560801939b52d2ed9a0f5878ee

bananafunction
bananafunction

lineage: Sync QCOM ST-HAL

Change-Id: I5f5bef123631cdb5c332990d44401e4fffcfb0c0

bananafunction
bananafunction

manifest: android-11.0.0_r38 -> android-11.0.0_r39

Change-Id: I5cd434cffc50aaee3aa9f57844f1d973b5c8b49d

bananafunction
bananafunction

manifest: Add cuttlefish and kernel prebuilts

Those are needed for the generic arm64 targets.

Change-Id: Ib91a3fc77061469b6112092d6460c07c516cb28c

bananafunction
bananafunction

manifest: Track external/wpa_supplicant_8

  • Merged WPA3 SAE changes to our fork.

Change-Id: I20815bb7bc8100a56b8b190158112cddd873322e

bananafunction
bananafunction

Track forks for Automotive repos

Change-Id: I89d1acb5a3e6733c9e72720b79cc09a1b41b73bb

bananafunction
bananafunction

manifest: Track system HIDL tools.

Change-Id: I09c254767ab3b9d791c6a4bbe6ee21c59ac2c63b

bananafunction
bananafunction

manifest: android-11.0.0_r39 -> android-11.0.0_r40

Change-Id: I97b353140ad2ce192ec543fb6d7b84c62ab083ac

bananafunction
bananafunction

Merge LineageOS_android/lineage-18.1

Merge latest changes from 20210803

commit sha: 7ff1c47f81cace99842216279e771ba770e1da75

push time in 1 month ago
push

bananafunction push bananafunction/android_packages_apps_Updater

bananafunction
bananafunction

Automatic translation import

Change-Id: I2d7ce9569a264be7d739f96328948c45516ffa5c

bananafunction
bananafunction

Merge lineageOS_apps_Updater/lineage-18.1

Merge latest changes from 20210821

commit sha: 9c3dfbbd8b716e236f89403b803f2a0d0d2b41a0

push time in 1 month ago
push

bananafunction push bananafunction/android_device_oneplus_fajita

bananafunction
bananafunction

fajita: Add patches that are applied additionally

Signed-off-by: bananafunction [email protected]

commit sha: e1925d193139333bbdf5a5eb3c56ffcdcccb0624

push time in 1 month ago
Activity icon
fork

bananafunction forked LineageOS/android_device_oneplus_common

fork time in 1 month ago
Activity icon
fork

bananafunction forked LineageOS/android_device_oneplus_sdm845-common

fork time in 1 month ago
Activity icon
fork

bananafunction forked LineageOS/android_device_oneplus_fajita

fork time in 1 month ago
push

bananafunction push bananafunction/android_kernel_oneplus_sdm845

bananafunction
bananafunction

ipv6: fix IPV6_ADDRFORM operation logic

[ Upstream commit 79a1f0ccdbb4ad700590f61b00525b390cb53905 ]

Socket option IPV6_ADDRFORM supports UDP/UDPLITE and TCP at present. Previously the checking logic looks like: if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) do_some_check; else if (sk->sk_protocol != IPPROTO_TCP) break;

After commit b6f6118901d1 ("ipv6: restrict IPV6_ADDRFORM operation"), TCP was blocked as the logic changed to: if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) do_some_check; else if (sk->sk_protocol == IPPROTO_TCP) do_some_check; break; else break;

Then after commit 82c9ae440857 ("ipv6: fix restrict IPV6_ADDRFORM operation") UDP/UDPLITE were blocked as the logic changed to: if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) do_some_check; if (sk->sk_protocol == IPPROTO_TCP) do_some_check;

if (sk->sk_protocol != IPPROTO_TCP) break;

Fix it by using Eric's code and simply remove the break in TCP check, which looks like: if (sk->sk_protocol == IPPROTO_UDP || sk->sk_protocol == IPPROTO_UDPLITE) do_some_check; else if (sk->sk_protocol == IPPROTO_TCP) do_some_check; else break;

Fixes: 82c9ae440857 ("ipv6: fix restrict IPV6_ADDRFORM operation") Signed-off-by: Hangbin Liu [email protected] Signed-off-by: David S. Miller [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

vxlan: Avoid infinite loop when suppressing NS messages with invalid options

[ Upstream commit 8066e6b449e050675df48e7c4b16c29f00507ff0 ]

When proxy mode is enabled the vxlan device might reply to Neighbor Solicitation (NS) messages on behalf of remote hosts.

In case the NS message includes the "Source link-layer address" option [1], the vxlan device will use the specified address as the link-layer destination address in its reply.

To avoid an infinite loop, break out of the options parsing loop when encountering an option with length zero and disregard the NS message.

This is consistent with the IPv6 ndisc code and RFC 4886 which states that "Nodes MUST silently discard an ND packet that contains an option with length zero" [2].

[1] https://tools.ietf.org/html/rfc4861#section-4.3 [2] https://tools.ietf.org/html/rfc4861#section-4.6

Fixes: 4b29dba9c085 ("vxlan: fix nonfunctional neigh_reduce()") Signed-off-by: Ido Schimmel [email protected] Acked-by: Nikolay Aleksandrov [email protected] Signed-off-by: David S. Miller [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

scsi: return correct blkprep status code in case scsi_init_io() fails.

commit e7661a8e5ce10b5321882d0bbaf3f81070903319 upstream.

When instrumenting the SCSI layer to run into the !blk_rq_nr_phys_segments(rq) case the following warning emitted from the block layer:

blk_peek_request: bad return=-22

This happens because since commit fd3fc0b4d730 ("scsi: don't BUG_ON() empty DMA transfers") we return the wrong error value from scsi_prep_fn() back to the block layer.

[mkp: silenced checkpatch]

Signed-off-by: Johannes Thumshirn [email protected] Fixes: fd3fc0b4d730 scsi: don't BUG_ON() empty DMA transfers Cc: [email protected] Reviewed-by: Christoph Hellwig [email protected] Reviewed-by: Hannes Reinecke [email protected] Reviewed-by: Bart Van Assche [email protected] Signed-off-by: Martin K. Petersen [email protected] [iwamatsu: - backport for 4.4.y and 4.9.y - Use rq->nr_phys_segments instead of blk_rq_nr_phys_segments] Signed-off-by: Nobuhiro Iwamatsu [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

crypto: talitos - fix ECB and CBC algs ivsize

commit e1de42fdfc6a ("crypto: talitos - fix ECB algs ivsize") wrongly modified CBC algs ivsize instead of ECB aggs ivsize.

This restore the CBC algs original ivsize of removes ECB's ones.

Fixes: e1de42fdfc6a ("crypto: talitos - fix ECB algs ivsize") Signed-off-by: Su Kang Yin [email protected] Reviewed-by: Christophe Leroy [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook

[ Upstream commit 3866f217aaa81bf7165c7f27362eee5d7919c496 ]

call_undef_hook() in traps.c applies the same instr_mask for both 16-bit and 32-bit thumb instructions. If instr_mask then is only 16 bits wide (0xffff as opposed to 0xffffffff), the first half-word of 32-bit thumb instructions will be masked out. This makes the function match 32-bit thumb instructions where the second half-word is equal to instr_val, regardless of the first half-word.

The result in this case is that all undefined 32-bit thumb instructions with the second half-word equal to 0xde01 (udf #1) work as breakpoints and will raise a SIGTRAP instead of a SIGILL, instead of just the one intended 16-bit instruction. An example of such an instruction is 0xeaa0de01, which is unallocated according to Arm ARM and should raise a SIGILL, but instead raises a SIGTRAP.

This patch fixes the issue by setting all the bits in instr_mask, which will still match the intended 16-bit thumb instruction (where the upper half is always 0), but not any 32-bit thumb instructions.

Cc: Oleg Nesterov [email protected] Signed-off-by: Fredrik Strupe [email protected] Signed-off-by: Russell King [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

sched/fair: Don't NUMA balance for kthreads

[ Upstream commit 18f855e574d9799a0e7489f8ae6fd8447d0dd74a ]

Stefano reported a crash with using SQPOLL with io_uring:

BUG: kernel NULL pointer dereference, address: 00000000000003b0 CPU: 2 PID: 1307 Comm: io_uring-sq Not tainted 5.7.0-rc7 #11 RIP: 0010:task_numa_work+0x4f/0x2c0 Call Trace: task_work_run+0x68/0xa0 io_sq_thread+0x252/0x3d0 kthread+0xf9/0x130 ret_from_fork+0x35/0x40

which is task_numa_work() oopsing on current->mm being NULL.

The task work is queued by task_tick_numa(), which checks if current->mm is NULL at the time of the call. But this state isn't necessarily persistent, if the kthread is using use_mm() to temporarily adopt the mm of a task.

Change the task_tick_numa() check to exclude kernel threads in general, as it doesn't make sense to attempt ot balance for kthreads anyway.

Reported-by: Stefano Garzarella [email protected] Signed-off-by: Jens Axboe [email protected] Signed-off-by: Ingo Molnar [email protected] Acked-by: Peter Zijlstra [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

drivers/net/ibmvnic: Update VNIC protocol version reporting

[ Upstream commit 784688993ebac34dffe44a9f2fabbe126ebfd4db ]

VNIC protocol version is reported in big-endian format, but it is not byteswapped before logging. Fix that, and remove version comparison as only one protocol version exists at this time.

Signed-off-by: Thomas Falcon [email protected] Signed-off-by: David S. Miller [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

ath9k_htc: Silence undersized packet warnings

[ Upstream commit 450edd2805982d14ed79733a82927d2857b27cac ]

Some devices like TP-Link TL-WN722N produces this kind of messages frequently.

kernel: ath: phy0: Short RX data len, dropping (dlen: 4)

This warning is useful for developers to recognize that the device (Wi-Fi dongle or USB hub etc) is noisy but not for general users. So this patch make this warning to debug message.

Reported-By: Denis [email protected] Ref: https://bugzilla.kernel.org/show_bug.cgi?id=207539 Fixes: cd486e627e67 ("ath9k_htc: Discard undersized packets") Signed-off-by: Masashi Honma [email protected] Signed-off-by: Kalle Valo [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

x86_64: Fix jiffies ODR violation

commit d8ad6d39c35d2b44b3d48b787df7f3359381dcbf upstream.

'jiffies' and 'jiffies_64' are meant to alias (two different symbols that share the same address). Most architectures make the symbols alias to the same address via a linker script assignment in their arch//kernel/vmlinux.lds.S:

jiffies = jiffies_64;

which is effectively a definition of jiffies.

jiffies and jiffies_64 are both forward declared for all architectures in include/linux/jiffies.h. jiffies_64 is defined in kernel/time/timer.c.

x86_64 was peculiar in that it wasn't doing the above linker script assignment, but rather was:

  1. defining jiffies in arch/x86/kernel/time.c instead via the linker script.
  2. overriding the symbol jiffies_64 from kernel/time/timer.c in arch/x86/kernel/vmlinux.lds.s via 'jiffies_64 = jiffies;'.

As Fangrui notes:

In LLD, symbol assignments in linker scripts override definitions in object files. GNU ld appears to have the same behavior. It would probably make sense for LLD to error "duplicate symbol" but GNU ld is unlikely to adopt for compatibility reasons.

This results in an ODR violation (UB), which seems to have survived thus far. Where it becomes harmful is when;

  1. -fno-semantic-interposition is used:

As Fangrui notes:

Clang after LLVM commit 5b22bcc2b70d ("[X86][ELF] Prefer to lower MC_GlobalAddress operands to .Lfoo$local") defaults to -fno-semantic-interposition similar semantics which help -fpic/-fPIC code avoid GOT/PLT when the referenced symbol is defined within the same translation unit. Unlike GCC -fno-semantic-interposition, Clang emits such relocations referencing local symbols for non-pic code as well.

This causes references to jiffies to refer to '.Ljiffies$local' when jiffies is defined in the same translation unit. Likewise, references to jiffies_64 become references to '.Ljiffies_64$local' in translation units that define jiffies_64. Because these differ from the names used in the linker script, they will not be rewritten to alias one another.

  1. Full LTO

Full LTO effectively treats all source files as one translation unit, causing these local references to be produced everywhere. When the linker processes the linker script, there are no longer any references to jiffies_64' anywhere to replace with 'jiffies'. And thus '.Ljiffies$local' and '.Ljiffies_64$local' no longer alias at all.

In the process of porting patches enabling Full LTO from arm64 to x86_64, spooky bugs have been observed where the kernel appeared to boot, but init doesn't get scheduled.

Avoid the ODR violation by matching other architectures and define jiffies only by linker script. For -fno-semantic-interposition + Full LTO, there is no longer a global definition of jiffies for the compiler to produce a local symbol which the linker script won't ensure aliases to jiffies_64.

Fixes: 40747ffa5aa8 ("asmlinkage: Make jiffies visible") Reported-by: Nathan Chancellor [email protected] Reported-by: Alistair Delva [email protected] Debugged-by: Nick Desaulniers [email protected] Debugged-by: Sami Tolvanen [email protected] Suggested-by: Fangrui Song [email protected] Signed-off-by: Bob Haarman [email protected] Signed-off-by: Thomas Gleixner [email protected] Tested-by: Sedat Dilek [email protected] #852 Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs

commit 1574051e52cb4b5b7f7509cfd729b76ca1117808 upstream.

The Intel C620 Platform Controller Hub has MROM functions that have non-PCI registers (undocumented in the public spec) where BAR 0 is supposed to be, which results in messages like this:

pci 0000:00:11.0: [Firmware Bug]: reg 0x30: invalid BAR (can't size)

Mark these MROM functions as having non-compliant BARs so we don't try to probe any of them. There are no other BARs on these devices.

See the Intel C620 Series Chipset Platform Controller Hub Datasheet, May 2019, Document Number 336067-007US, sec 2.1, 35.5, 35.6.

[bhelgaas: commit log, add 0xa26d] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Xiaochun Lee [email protected] Signed-off-by: Bjorn Helgaas [email protected] Cc: [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

x86/speculation: Prevent rogue cross-process SSBD shutdown

commit dbbe2ad02e9df26e372f38cc3e70dab9222c832e upstream.

On context switch the change of TIF_SSBD and TIF_SPEC_IB are evaluated to adjust the mitigations accordingly. This is optimized to avoid the expensive MSR write if not needed.

This optimization is buggy and allows an attacker to shutdown the SSBD protection of a victim process.

The update logic reads the cached base value for the speculation control MSR which has neither the SSBD nor the STIBP bit set. It then OR's the SSBD bit only when TIF_SSBD is different and requests the MSR update.

That means if TIF_SSBD of the previous and next task are the same, then the base value is not updated, even if TIF_SSBD is set. The MSR write is not requested.

Subsequently if the TIF_STIBP bit differs then the STIBP bit is updated in the base value and the MSR is written with a wrong SSBD value.

This was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching.

It is exploitable if the attacker creates a process which enforces SSBD and has the contrary value of STIBP than the victim process (i.e. if the victim process enforces STIBP, the attacker process must not enforce it; if the victim process does not enforce STIBP, the attacker process must enforce it) and schedule it on the same core as the victim process. If the victim runs after the attacker the victim becomes vulnerable to Spectre V4.

To fix this, update the MSR value independent of the TIF_SSBD difference and dependent on the SSBD mitigation method available. This ensures that a subsequent STIPB initiated MSR write has the correct state of SSBD.

[ tglx: Handle X86_FEATURE_VIRT_SSBD & X86_FEATURE_VIRT_SSBD correctly and massaged changelog ]

Fixes: 5bfbe3ad5840 ("x86/speculation: Prepare for per task indirect branch speculation control") Signed-off-by: Anthony Steinhauser [email protected] Signed-off-by: Thomas Gleixner [email protected] Cc: [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

x86/reboot/quirks: Add MacBook6,1 reboot quirk

commit 140fd4ac78d385e6c8e6a5757585f6c707085f87 upstream.

On MacBook6,1 reboot would hang unless parameter reboot=pci is added. Make it automatic.

Signed-off-by: Hill Ma [email protected] Signed-off-by: Borislav Petkov [email protected] Cc: [email protected] Link: https://lkml.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

efi/efivars: Add missing kobject_put() in sysfs entry creation error path

commit d8bd8c6e2cfab8b78b537715255be8d7557791c0 upstream.

The documentation provided by kobject_init_and_add() clearly spells out the need to call kobject_put() on the kobject if an error is returned. Add this missing call to the error path.

Cc: [email protected] Reported-by: 亿一 [email protected] Signed-off-by: Ard Biesheuvel [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

ALSA: es1688: Add the missed snd_card_free()

commit d9b8fbf15d05350b36081eddafcf7b15aa1add50 upstream.

snd_es968_pnp_detect() misses a snd_card_free() in a failed path. Add the missed function call to fix it.

Fixes: a20971b201ac ("ALSA: Merge es1688 and es968 drivers") Signed-off-by: Chuhong Yuan [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

ALSA: usb-audio: Fix inconsistent card PM state after resume

commit 862b2509d157c629dd26d7ac6c6cdbf043d332eb upstream.

When a USB-audio interface gets runtime-suspended via auto-pm feature, the driver suspends all functionality and increment chip->num_suspended_intf. Later on, when the system gets suspended to S3, the driver increments chip->num_suspended_intf again, skips the device changes, and sets the card power state to SNDRV_CTL_POWER_D3hot. In return, when the system gets resumed from S3, the resume callback decrements chip->num_suspended_intf. Since this refcount is still not zero (it's been runtime-suspended), the whole resume is skipped. But there is a small pitfall here.

The problem is that the driver doesn't restore the card power state after this resume call, leaving it as SNDRV_CTL_POWER_D3hot. So, even after the system resume finishes, the card instance still appears as if it were system-suspended, and this confuses many ioctl accesses that are blocked unexpectedly.

In details, we have two issues behind the scene: one is that the card power state is changed only when the refcount becomes zero, and another is that the prior auto-suspend check is kept in a boolean flag. Although the latter problem is almost negligible since the auto-pm feature is imposed only on the primary interface, but this can be a potential problem on the devices with multiple interfaces.

This patch addresses those issues by the following:

  • Replace chip->autosuspended boolean flag with chip->system_suspend counter

  • At the first system-suspend, chip->num_suspended_intf is recorded to chip->system_suspend

  • At system-resume, the card power state is restored when the chip->num_suspended_intf refcount reaches to chip->system_suspend, i.e. the state returns to the auto-suspended

Also, the patch fixes yet another hidden problem by the code refactoring along with the fixes above: namely, when some resume procedure failed, the driver left chip->num_suspended_intf that was already decreased, and it might lead to the refcount unbalance. In the new code, the refcount decrement is done after the whole resume procedure, and the problem is avoided as well.

Fixes: 0662292aec05 ("ALSA: usb-audio: Handle normal and auto-suspend equally") Reported-and-tested-by: Macpaul Lin [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()

commit 6e6c25283dff866308c87b49434c7dbad4774cc0 upstream.

kobject_init_and_add() takes reference even when it fails. Thus, when kobject_init_and_add() returns an error, kobject_put() must be called to properly clean up the kobject.

Fixes: 3f8055c35836 ("ACPI / hotplug: Introduce user space interface for hotplug profiles") Signed-off-by: Qiushi Wu [email protected] Cc: 3.10+ [email protected] #3.10+ Signed-off-by: Rafael J. Wysocki [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()

commit 4d8be4bc94f74bb7d096e1c2e44457b530d5a170 upstream.

kobject_init_and_add() takes reference even when it fails. If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Previous commit "b8eb718348b8" fixed a similar problem.

Fixes: 158c998ea44b ("ACPI / CPPC: add sysfs support to compute delivered performance") Signed-off-by: Qiushi Wu [email protected] Cc: 4.10+ [email protected] #4.10+ Signed-off-by: Rafael J. Wysocki [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

ACPI: GED: add support for _Exx / _Lxx handler methods

commit ea6f3af4c5e63f6981c0b0ab8ebec438e2d5ef40 upstream.

Per the ACPI spec, interrupts in the range [0, 255] may be handled in AML using individual methods whose naming is based on the format _Exx or _Lxx, where xx is the hex representation of the interrupt index.

Add support for this missing feature to our ACPI GED driver.

Cc: v4.9+ [email protected] #4.9+ Signed-off-by: Ard Biesheuvel [email protected] Signed-off-by: Rafael J. Wysocki [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

ACPI: PM: Avoid using power resources if there are none for D0

commit 956ad9d98b73f59e442cc119c98ba1e04e94fe6d upstream.

As recently reported, some platforms provide a list of power resources for device power state D3hot, through the _PR3 object, but they do not provide a list of power resources for device power state D0.

Among other things, this causes acpi_device_get_power() to return D3hot as the current state of the device in question if all of the D3hot power resources are "on", because it sees the power_resources flag set and calls acpi_power_get_inferred_state() which finds that D3hot is the shallowest power state with all of the associated power resources turned "on", so that's what it returns. Moreover, that value takes precedence over the acpi_dev_pm_explicit_get() return value, because it means a deeper power state. The device may very well be in D0 physically at that point, however.

Moreover, the presence of _PR3 without _PR0 for a given device means that only one D3-level power state can be supported by it. Namely, because there are no power resources to turn "off" when transitioning the device from D0 into D3cold (which should be supported since _PR3 is present), the evaluation of _PS3 should be sufficient to put it straight into D3cold, but this means that the effect of turning "on" the _PR3 power resources is unclear, so it is better to avoid doing that altogether. Consequently, there is no practical way do distinguish D3cold from D3hot for the device in question and the power states of it can be labeled so that D3hot is the deepest supported one (and Linux assumes that putting a device into D3hot via ACPI may cause power to be removed from it anyway, for legacy reasons).

To work around the problem described above modify the ACPI enumeration of devices so that power resources are only used for device power management if the list of D0 power resources is not empty and make it mart D3cold as supported only if that is the case and the D3hot list of power resources is not empty too.

Fixes: ef85bdbec444 ("ACPI / scan: Consolidate extraction of power resources lists") Link: https://bugzilla.kernel.org/show_bug.cgi?id=205057 Link: https://lore.kernel.org/linux-acpi/[email protected]/ Reported-by: Hans de Goede [email protected] Tested-by: Hans de Goede [email protected] Tested-by: [email protected] Cc: 3.10+ [email protected] #3.10+ Signed-off-by: Rafael J. Wysocki [email protected] Reviewed-by: Hans de Goede [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages

commit 9b0eb69b75bccada2d341d7e7ca342f0cb1c9a6a upstream.

btrfs is going to use css_put() and wbc helpers to improve cgroup writeback support. Add dummy css_get() definition and export wbc helpers to prepare for module and !CONFIG_CGROUP builds.

[only backport the export of __inode_attach_wb for stable kernels - gregkh]

Reported-by: kbuild test robot [email protected] Reviewed-by: Jan Kara [email protected] Signed-off-by: Tejun Heo [email protected] Signed-off-by: Jens Axboe [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

commit sha: 156a50c855c75a845b9a7d575a3a3119c494a305

push time in 1 month ago
Sep
6
1 month ago
push

bananafunction push bananafunction/android_device_sony_yoshino-common

bananafunction
bananafunction

yoshino-common: show 4G instead of LTE in status bar

Signed-off-by: bananafunction [email protected] Change-Id: I0708974965baa7de9c55159a3c13141512d05aaa

commit sha: c634b573d4931877008254b51b173185b7da4171

push time in 1 month ago
push

bananafunction push bananafunction/android_device_sony_lilac

bananafunction
bananafunction

lilac: patches: reduce amount of property edits

This is sufficiant to get Google Play Store certification.

Signed-off-by: bananafunction [email protected]

commit sha: 512f6e2ebdcaec8fc4efe23a91111c532237a9c6

push time in 1 month ago
push

bananafunction push bananafunction/android_kernel_sony_msm8998

bananafunction
bananafunction

can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters

commit 044012b52029204900af9e4230263418427f4ba4 upstream.

This patch fixes the interchanged fetch of the CAN RX and TX error counters from the ESD_EV_CAN_ERROR_EXT message. The RX error counter is really in struct rx_msg::data[2] and the TX error counter is in struct rx_msg::data[3].

Fixes: 96d8e90382dc ("can: Add driver for esd CAN-USB/2 device") Link: https://lore.kernel.org/r/[email protected] Cc: [email protected] Signed-off-by: Stefan Mätje [email protected] Signed-off-by: Marc Kleine-Budde [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

Revert "USB: serial: ch341: fix character loss at high transfer rates"

commit df7b16d1c00ecb3da3a30c999cdb39f273c99a2f upstream.

This reverts commit 3c18e9baee0ef97510dcda78c82285f52626764b.

These devices do not appear to send a zero-length packet when the transfer size is a multiple of the bulk-endpoint max-packet size. This means that incoming data may not be processed by the driver until a short packet is received or the receive buffer is full.

Revert back to using endpoint-sized receive buffers to avoid stalled reads.

Reported-by: Paul Größel [email protected] Link: https://bugzilla.kernel.org/show_bug.cgi?id=214131 Fixes: 3c18e9baee0e ("USB: serial: ch341: fix character loss at high transfer rates") Cc: [email protected] Cc: Willy Tarreau [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Johan Hovold [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

USB: serial: option: add new VID/PID to support Fibocom FG150

commit 2829a4e3cf3a6ac2fa3cdb681b37574630fb9c1a upstream.

Fibocom FG150 is a 5G module based on Qualcomm SDX55 platform, support Sub-6G band.

Here are the outputs of lsusb -v and usb-devices:

T: Bus=02 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0 D: Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #1 P: Vendor=2cb7 ProdID=010b Rev=04.14 S: Manufacturer=Fibocom S: Product=Fibocom Modem_SN:XXXXXXXX S: SerialNumber=XXXXXXXX C: #5 Cfg#= 1 Atr=a0 MxPwr=896mA I: If#=0x0 Alt= 0 #1 Cls=ef(misc ) Sub=04 Prot=01 Driver=rndis_host I: If#=0x1 Alt= 0 #2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host I: If#=0x2 Alt= 0 #3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) I: If#=0x3 Alt= 0 #2 Cls=ff(vend.) Sub=ff Prot=30 Driver=(none) I: If#=0x4 Alt= 0 #2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)

Bus 002 Device 002: ID 2cb7:010b Fibocom Fibocom Modem_SN:XXXXXXXX Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 3.20 bDeviceClass 0 bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 9 idVendor 0x2cb7 Fibocom idProduct 0x010b bcdDevice 4.14 iManufacturer 1 Fibocom iProduct 2 Fibocom Modem_SN:XXXXXXXX iSerial 3 XXXXXXXX bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 0x00e6 bNumInterfaces 5 bConfigurationValue 1 iConfiguration 4 RNDIS_DUN_DIAG_ADB bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 896mA Interface Association: bLength 8 bDescriptorType 11 bFirstInterface 0 bInterfaceCount 2 bFunctionClass 239 Miscellaneous Device bFunctionSubClass 4 bFunctionProtocol 1 iFunction 7 RNDIS Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 239 Miscellaneous Device bInterfaceSubClass 4 bInterfaceProtocol 1 iInterface 0 ** UNRECOGNIZED: 05 24 00 10 01 ** UNRECOGNIZED: 05 24 01 00 01 ** UNRECOGNIZED: 04 24 02 00 ** UNRECOGNIZED: 05 24 06 00 01 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 9 bMaxBurst 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 10 CDC Data bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x8e EP 14 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 6 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x0f EP 15 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 6 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 2 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 ** UNRECOGNIZED: 05 24 00 10 01 ** UNRECOGNIZED: 05 24 01 00 00 ** UNRECOGNIZED: 04 24 02 02 ** UNRECOGNIZED: 05 24 06 00 00 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x000a 1x 10 bytes bInterval 9 bMaxBurst 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 3 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 48 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x84 EP 4 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 4 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 66 bInterfaceProtocol 1 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x85 EP 5 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Binary Object Store Descriptor: bLength 5 bDescriptorType 15 wTotalLength 0x0016 bNumDeviceCaps 2 USB 2.0 Extension Device Capability: bLength 7 bDescriptorType 16 bDevCapabilityType 2 bmAttributes 0x00000006 BESL Link Power Management (LPM) Supported SuperSpeed USB Device Capability: bLength 10 bDescriptorType 16 bDevCapabilityType 3 bmAttributes 0x00 wSpeedsSupported 0x000f Device can operate at Low Speed (1Mbps) Device can operate at Full Speed (12Mbps) Device can operate at High Speed (480Mbps) Device can operate at SuperSpeed (5Gbps) bFunctionalitySupport 1 Lowest fully-functional device speed is Full Speed (12Mbps) bU1DevExitLat 1 micro seconds bU2DevExitLat 500 micro seconds Device Status: 0x0000 (Bus Powered)

Signed-off-by: Zhengjun Zhang [email protected] Cc: [email protected] Signed-off-by: Johan Hovold [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

e1000e: Fix the max snoop/no-snoop latency for 10M

[ Upstream commit 44a13a5d99c71bf9e1676d9e51679daf4d7b3d73 ]

We should decode the latency and the max_latency before directly compare. The latency should be presented as lat_enc = scale x value: lat_enc_d = (lat_enc & 0x0x3ff) x (1U << (5*((max_ltr_enc & 0x1c00)

10)))

Fixes: cf8fb73c23aa ("e1000e: add support for LTR on I217/I218") Suggested-by: Yee Li [email protected] Signed-off-by: Sasha Neftin [email protected] Tested-by: Dvora Fuxbrumer [email protected] Signed-off-by: Tony Nguyen [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

net: marvell: fix MVNETA_TX_IN_PRGRS bit number

[ Upstream commit 359f4cdd7d78fdf8c098713b05fee950a730f131 ]

According to Armada XP datasheet bit at 0 position is corresponding for TxInProg indication.

Fixes: c5aff18204da ("net: mvneta: driver for Marvell Armada 370/XP network unit") Signed-off-by: Maxim Kiselev [email protected] Signed-off-by: David S. Miller [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

virtio: Improve vq->broken access to avoid any compiler optimization

[ Upstream commit 60f0779862e4ab943810187752c462e85f5fa371 ]

Currently vq->broken field is read by virtqueue_is_broken() in busy loop in one context by virtnet_send_command().

vq->broken is set to true in other process context by virtio_break_device(). Reader and writer are accessing it without any synchronization. This may lead to a compiler optimization which may result to optimize reading vq->broken only once.

Hence, force reading vq->broken on each invocation of virtqueue_is_broken() and also force writing it so that such update is visible to the readers.

It is a theoretical fix that isn't yet encountered in the field.

Signed-off-by: Parav Pandit [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Michael S. Tsirkin [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

vringh: Use wiov->used to check for read/write desc order

[ Upstream commit e74cfa91f42c50f7f649b0eca46aa049754ccdbd ]

As __vringh_iov() traverses a descriptor chain, it populates each descriptor entry into either read or write vring iov and increments that iov's ->used member. So, as we iterate over a descriptor chain, at any point, (riov/wriov)->used value gives the number of descriptor enteries available, which are to be read or written by the device. As all read iovs must precede the write iovs, wiov->used should be zero when we are traversing a read descriptor. Current code checks for wiov->i, to figure out whether any previous entry in the current descriptor chain was a write descriptor. However, iov->i is only incremented, when these vring iovs are consumed, at a later point, and remain 0 in __vringh_iov(). So, correct the check for read and write descriptor order, to use wiov->used.

Acked-by: Jason Wang [email protected] Reviewed-by: Stefano Garzarella [email protected] Signed-off-by: Neeraj Upadhyay [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Michael S. Tsirkin [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

vt_kdsetmode: extend console locking

commit 2287a51ba822384834dafc1c798453375d1107c7 upstream.

As per the long-suffering comment.

Reported-by: Minh Yuan [email protected] Cc: Greg Kroah-Hartman [email protected] Cc: Jiri Slaby [email protected] Signed-off-by: Linus Torvalds [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

fbmem: add margin check to fb_check_caps()

commit a49145acfb975d921464b84fe00279f99827d816 upstream.

A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting or yres setting in struct fb_var_screeninfo will result in a KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as the margins are being cleared. The margins are cleared in chunks and if the xres setting or yres setting is a value of zero upto the chunk size, the failure will occur.

Add a margin check to validate xres and yres settings.

Signed-off-by: George Kennedy [email protected] Reported-by: [email protected] Reviewed-by: Dan Carpenter [email protected] Cc: Dhaval Giani [email protected] Signed-off-by: Bartlomiej Zolnierkiewicz [email protected] Link: https://patchwork.freedesktop.org/patch/msgid/1594149963-13[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

Revert "floppy: reintroduce O_NDELAY fix"

commit c7e9d0020361f4308a70cdfd6d5335e273eb8717 upstream.

The patch breaks userspace implementations (e.g. fdutils) and introduces regressions in behaviour. Previously, it was possible to O_NDELAY open a floppy device with no media inserted or with write protected media without an error. Some userspace tools use this particular behavior for probing.

It's not the first time when we revert this patch. Previous revert is in commit f2791e7eadf4 (Revert "floppy: refactor open() flags handling").

This reverts commit 8a0c014cd20516ade9654fc13b51345ec58e7be8.

Link: https://lore.kernel.org/linux-block/[email protected]/ Reported-by: Mark Hounschell [email protected] Cc: Jiri Kosina [email protected] Cc: Wim Osterholt [email protected] Cc: Kurt Garloff [email protected] Cc: [email protected] Signed-off-by: Denis Efremov [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

Linux 4.4.283

Link: https://lore.kernel.org/r/[email protected] Tested-by: Jon Hunter [email protected] Tested-by: Pavel Machek (CIP) [email protected] Tested-by: Shuah Khan [email protected] Tested-by: Linux Kernel Functional Testing [email protected] Tested-by: Guenter Roeck [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

Merge Linux 4.4.283 kernel

Changes in 4.4.283: (11 commits) can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters Revert "USB: serial: ch341: fix character loss at high transfer rates" USB: serial: option: add new VID/PID to support Fibocom FG150 e1000e: Fix the max snoop/no-snoop latency for 10M net: marvell: fix MVNETA_TX_IN_PRGRS bit number virtio: Improve vq->broken access to avoid any compiler optimization vringh: Use wiov->used to check for read/write desc order vt_kdsetmode: extend console locking fbmem: add margin check to fb_check_caps() Revert "floppy: reintroduce O_NDELAY fix" Linux 4.4.283

commit sha: 904772fa467256155a5e951fab9d3f0a05390072

push time in 1 month ago
push

bananafunction push bananafunction/android_kernel_sony_msm8998

bananafunction
bananafunction

can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters

commit 044012b52029204900af9e4230263418427f4ba4 upstream.

This patch fixes the interchanged fetch of the CAN RX and TX error counters from the ESD_EV_CAN_ERROR_EXT message. The RX error counter is really in struct rx_msg::data[2] and the TX error counter is in struct rx_msg::data[3].

Fixes: 96d8e90382dc ("can: Add driver for esd CAN-USB/2 device") Link: https://lore.kernel.org/r/[email protected] Cc: [email protected] Signed-off-by: Stefan Mätje [email protected] Signed-off-by: Marc Kleine-Budde [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

Revert "USB: serial: ch341: fix character loss at high transfer rates"

commit df7b16d1c00ecb3da3a30c999cdb39f273c99a2f upstream.

This reverts commit 3c18e9baee0ef97510dcda78c82285f52626764b.

These devices do not appear to send a zero-length packet when the transfer size is a multiple of the bulk-endpoint max-packet size. This means that incoming data may not be processed by the driver until a short packet is received or the receive buffer is full.

Revert back to using endpoint-sized receive buffers to avoid stalled reads.

Reported-by: Paul Größel [email protected] Link: https://bugzilla.kernel.org/show_bug.cgi?id=214131 Fixes: 3c18e9baee0e ("USB: serial: ch341: fix character loss at high transfer rates") Cc: [email protected] Cc: Willy Tarreau [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Johan Hovold [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

USB: serial: option: add new VID/PID to support Fibocom FG150

commit 2829a4e3cf3a6ac2fa3cdb681b37574630fb9c1a upstream.

Fibocom FG150 is a 5G module based on Qualcomm SDX55 platform, support Sub-6G band.

Here are the outputs of lsusb -v and usb-devices:

T: Bus=02 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0 D: Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #1 P: Vendor=2cb7 ProdID=010b Rev=04.14 S: Manufacturer=Fibocom S: Product=Fibocom Modem_SN:XXXXXXXX S: SerialNumber=XXXXXXXX C: #5 Cfg#= 1 Atr=a0 MxPwr=896mA I: If#=0x0 Alt= 0 #1 Cls=ef(misc ) Sub=04 Prot=01 Driver=rndis_host I: If#=0x1 Alt= 0 #2 Cls=0a(data ) Sub=00 Prot=00 Driver=rndis_host I: If#=0x2 Alt= 0 #3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) I: If#=0x3 Alt= 0 #2 Cls=ff(vend.) Sub=ff Prot=30 Driver=(none) I: If#=0x4 Alt= 0 #2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none)

Bus 002 Device 002: ID 2cb7:010b Fibocom Fibocom Modem_SN:XXXXXXXX Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 3.20 bDeviceClass 0 bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 9 idVendor 0x2cb7 Fibocom idProduct 0x010b bcdDevice 4.14 iManufacturer 1 Fibocom iProduct 2 Fibocom Modem_SN:XXXXXXXX iSerial 3 XXXXXXXX bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 0x00e6 bNumInterfaces 5 bConfigurationValue 1 iConfiguration 4 RNDIS_DUN_DIAG_ADB bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 896mA Interface Association: bLength 8 bDescriptorType 11 bFirstInterface 0 bInterfaceCount 2 bFunctionClass 239 Miscellaneous Device bFunctionSubClass 4 bFunctionProtocol 1 iFunction 7 RNDIS Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 239 Miscellaneous Device bInterfaceSubClass 4 bInterfaceProtocol 1 iInterface 0 ** UNRECOGNIZED: 05 24 00 10 01 ** UNRECOGNIZED: 05 24 01 00 01 ** UNRECOGNIZED: 04 24 02 00 ** UNRECOGNIZED: 05 24 06 00 01 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 9 bMaxBurst 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 1 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 10 CDC Data bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x8e EP 14 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 6 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x0f EP 15 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 6 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 2 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 ** UNRECOGNIZED: 05 24 00 10 01 ** UNRECOGNIZED: 05 24 01 00 00 ** UNRECOGNIZED: 04 24 02 02 ** UNRECOGNIZED: 05 24 06 00 00 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x000a 1x 10 bytes bInterval 9 bMaxBurst 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 3 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 255 Vendor Specific Subclass bInterfaceProtocol 48 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x84 EP 4 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x02 EP 2 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 4 bAlternateSetting 0 bNumEndpoints 2 bInterfaceClass 255 Vendor Specific Class bInterfaceSubClass 66 bInterfaceProtocol 1 iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x03 EP 3 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x85 EP 5 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0400 1x 1024 bytes bInterval 0 bMaxBurst 0 Binary Object Store Descriptor: bLength 5 bDescriptorType 15 wTotalLength 0x0016 bNumDeviceCaps 2 USB 2.0 Extension Device Capability: bLength 7 bDescriptorType 16 bDevCapabilityType 2 bmAttributes 0x00000006 BESL Link Power Management (LPM) Supported SuperSpeed USB Device Capability: bLength 10 bDescriptorType 16 bDevCapabilityType 3 bmAttributes 0x00 wSpeedsSupported 0x000f Device can operate at Low Speed (1Mbps) Device can operate at Full Speed (12Mbps) Device can operate at High Speed (480Mbps) Device can operate at SuperSpeed (5Gbps) bFunctionalitySupport 1 Lowest fully-functional device speed is Full Speed (12Mbps) bU1DevExitLat 1 micro seconds bU2DevExitLat 500 micro seconds Device Status: 0x0000 (Bus Powered)

Signed-off-by: Zhengjun Zhang [email protected] Cc: [email protected] Signed-off-by: Johan Hovold [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

e1000e: Fix the max snoop/no-snoop latency for 10M

[ Upstream commit 44a13a5d99c71bf9e1676d9e51679daf4d7b3d73 ]

We should decode the latency and the max_latency before directly compare. The latency should be presented as lat_enc = scale x value: lat_enc_d = (lat_enc & 0x0x3ff) x (1U << (5*((max_ltr_enc & 0x1c00)

10)))

Fixes: cf8fb73c23aa ("e1000e: add support for LTR on I217/I218") Suggested-by: Yee Li [email protected] Signed-off-by: Sasha Neftin [email protected] Tested-by: Dvora Fuxbrumer [email protected] Signed-off-by: Tony Nguyen [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

net: marvell: fix MVNETA_TX_IN_PRGRS bit number

[ Upstream commit 359f4cdd7d78fdf8c098713b05fee950a730f131 ]

According to Armada XP datasheet bit at 0 position is corresponding for TxInProg indication.

Fixes: c5aff18204da ("net: mvneta: driver for Marvell Armada 370/XP network unit") Signed-off-by: Maxim Kiselev [email protected] Signed-off-by: David S. Miller [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

virtio: Improve vq->broken access to avoid any compiler optimization

[ Upstream commit 60f0779862e4ab943810187752c462e85f5fa371 ]

Currently vq->broken field is read by virtqueue_is_broken() in busy loop in one context by virtnet_send_command().

vq->broken is set to true in other process context by virtio_break_device(). Reader and writer are accessing it without any synchronization. This may lead to a compiler optimization which may result to optimize reading vq->broken only once.

Hence, force reading vq->broken on each invocation of virtqueue_is_broken() and also force writing it so that such update is visible to the readers.

It is a theoretical fix that isn't yet encountered in the field.

Signed-off-by: Parav Pandit [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Michael S. Tsirkin [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

vringh: Use wiov->used to check for read/write desc order

[ Upstream commit e74cfa91f42c50f7f649b0eca46aa049754ccdbd ]

As __vringh_iov() traverses a descriptor chain, it populates each descriptor entry into either read or write vring iov and increments that iov's ->used member. So, as we iterate over a descriptor chain, at any point, (riov/wriov)->used value gives the number of descriptor enteries available, which are to be read or written by the device. As all read iovs must precede the write iovs, wiov->used should be zero when we are traversing a read descriptor. Current code checks for wiov->i, to figure out whether any previous entry in the current descriptor chain was a write descriptor. However, iov->i is only incremented, when these vring iovs are consumed, at a later point, and remain 0 in __vringh_iov(). So, correct the check for read and write descriptor order, to use wiov->used.

Acked-by: Jason Wang [email protected] Reviewed-by: Stefano Garzarella [email protected] Signed-off-by: Neeraj Upadhyay [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Michael S. Tsirkin [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

vt_kdsetmode: extend console locking

commit 2287a51ba822384834dafc1c798453375d1107c7 upstream.

As per the long-suffering comment.

Reported-by: Minh Yuan [email protected] Cc: Greg Kroah-Hartman [email protected] Cc: Jiri Slaby [email protected] Signed-off-by: Linus Torvalds [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

fbmem: add margin check to fb_check_caps()

commit a49145acfb975d921464b84fe00279f99827d816 upstream.

A fb_ioctl() FBIOPUT_VSCREENINFO call with invalid xres setting or yres setting in struct fb_var_screeninfo will result in a KASAN: vmalloc-out-of-bounds failure in bitfill_aligned() as the margins are being cleared. The margins are cleared in chunks and if the xres setting or yres setting is a value of zero upto the chunk size, the failure will occur.

Add a margin check to validate xres and yres settings.

Signed-off-by: George Kennedy [email protected] Reported-by: [email protected] Reviewed-by: Dan Carpenter [email protected] Cc: Dhaval Giani [email protected] Signed-off-by: Bartlomiej Zolnierkiewicz [email protected] Link: https://patchwork.freedesktop.org/patch/msgid/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

Revert "floppy: reintroduce O_NDELAY fix"

commit c7e9d0020361f4308a70cdfd6d5335e273eb8717 upstream.

The patch breaks userspace implementations (e.g. fdutils) and introduces regressions in behaviour. Previously, it was possible to O_NDELAY open a floppy device with no media inserted or with write protected media without an error. Some userspace tools use this particular behavior for probing.

It's not the first time when we revert this patch. Previous revert is in commit f2791e7eadf4 (Revert "floppy: refactor open() flags handling").

This reverts commit 8a0c014cd20516ade9654fc13b51345ec58e7be8.

Link: https://lore.kernel.org/linux-block/[email protected]/ Reported-by: Mark Hounschell [email protected] Cc: Jiri Kosina [email protected] Cc: Wim Osterholt [email protected] Cc: Kurt Garloff [email protected] Cc: [email protected] Signed-off-by: Denis Efremov [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

Linux 4.4.283

Link: https://lore.kernel.org/r/[email protected] Tested-by: Jon Hunter [email protected] Tested-by: Pavel Machek (CIP) [email protected] Tested-by: Shuah Khan [email protected] Tested-by: Linux Kernel Functional Testing [email protected] Tested-by: Guenter Roeck [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

Merge Linux 4.4.283 kernel

Changes in 4.4.283: (11 commits) can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters Revert "USB: serial: ch341: fix character loss at high transfer rates" USB: serial: option: add new VID/PID to support Fibocom FG150 e1000e: Fix the max snoop/no-snoop latency for 10M net: marvell: fix MVNETA_TX_IN_PRGRS bit number virtio: Improve vq->broken access to avoid any compiler optimization vringh: Use wiov->used to check for read/write desc order vt_kdsetmode: extend console locking fbmem: add margin check to fb_check_caps() Revert "floppy: reintroduce O_NDELAY fix" Linux 4.4.283

commit sha: c5ac99c61dfd9f178d2c210663cac514e6ad13e2

push time in 1 month ago
Aug
28
1 month ago
push

bananafunction push bananafunction/android_kernel_sony_msm8998

bananafunction
bananafunction

ASoC: intel: atom: Fix reference to PCM buffer address

commit 2e6b836312a477d647a7920b56810a5a25f6c856 upstream.

PCM buffers might be allocated dynamically when the buffer preallocation failed or a larger buffer is requested, and it's not guaranteed that substream->dma_buffer points to the actually used buffer. The address should be retrieved from runtime->dma_addr, instead of substream->dma_buffer (and shouldn't use virt_to_phys).

Also, remove the line overriding runtime->dma_area superfluously, which was already set up at the PCM buffer allocation.

Cc: Cezary Rojewski [email protected] Cc: Pierre-Louis Bossart [email protected] Cc: [email protected] Signed-off-by: Takashi Iwai [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mark Brown [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

i2c: dev: zero out array used for i2c reads from userspace

commit 86ff25ed6cd8240d18df58930bd8848b19fce308 upstream.

If an i2c driver happens to not provide the full amount of data that a user asks for, it is possible that some uninitialized data could be sent to userspace. While all in-kernel drivers look to be safe, just be sure by initializing the buffer to zero before it is passed to the i2c driver so that any future drivers will not have this issue.

Also properly copy the amount of data recvieved to the userspace buffer, as pointed out by Dan Carpenter.

Reported-by: Eric Dumazet [email protected] Cc: [email protected] Signed-off-by: Greg Kroah-Hartman [email protected] Signed-off-by: Wolfram Sang [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

net: Fix memory leak in ieee802154_raw_deliver

[ Upstream commit 1090340f7ee53e824fd4eef66a4855d548110c5b ]

If IEEE-802.15.4-RAW is closed before receive skb, skb is leaked. Fix this, by freeing sk_receive_queue in sk->sk_destruct().

syzbot report: BUG: memory leak unreferenced object 0xffff88810f644600 (size 232): comm "softirq", pid 0, jiffies 4294967032 (age 81.270s) hex dump (first 32 bytes): 10 7d 4b 12 81 88 ff ff 10 7d 4b 12 81 88 ff ff .}K......}K..... 00 00 00 00 00 00 00 00 40 7c 4b 12 81 88 ff ff ........@K..... backtrace: [] skb_clone+0xaa/0x2b0 net/core/skbuff.c:1496 [] ieee802154_raw_deliver net/ieee802154/socket.c:369 [inline] [] ieee802154_rcv+0x100/0x340 net/ieee802154/socket.c:1070 [] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5384 [] __netif_receive_skb+0x27/0xa0 net/core/dev.c:5498 [] netif_receive_skb_internal net/core/dev.c:5603 [inline] [] netif_receive_skb+0x59/0x260 net/core/dev.c:5662 [] ieee802154_deliver_skb net/mac802154/rx.c:29 [inline] [] ieee802154_subif_frame net/mac802154/rx.c:102 [inline] [] __ieee802154_rx_handle_packet net/mac802154/rx.c:212 [inline] [] ieee802154_rx+0x612/0x620 net/mac802154/rx.c:284 [] ieee802154_tasklet_handler+0x86/0xa0 net/mac802154/main.c:35 [] tasklet_action_common.constprop.0+0x5b/0x100 kernel/softirq.c:557 [] __do_softirq+0xbf/0x2ab kernel/softirq.c:345 [] do_softirq kernel/softirq.c:248 [inline] [] do_softirq+0x5c/0x80 kernel/softirq.c:235 [] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:198 [] local_bh_enable include/linux/bottom_half.h:32 [inline] [] rcu_read_unlock_bh include/linux/rcupdate.h:745 [inline] [] __dev_queue_xmit+0x7f4/0xf60 net/core/dev.c:4221 [] raw_sendmsg+0x1f4/0x2b0 net/ieee802154/socket.c:295 [] sock_sendmsg_nosec net/socket.c:654 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:674 [] __sys_sendto+0x15c/0x200 net/socket.c:1977 [] __do_sys_sendto net/socket.c:1989 [inline] [] __se_sys_sendto net/socket.c:1985 [inline] [] __x64_sys_sendto+0x26/0x30 net/socket.c:1985

Fixes: 9ec767160357 ("net: add IEEE 802.15.4 socket family implementation") Reported-and-tested-by: [email protected] Signed-off-by: Takeshi Misawa [email protected] Acked-by: Alexander Aring [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Stefan Schmidt [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

xen/events: Fix race in set_evtchn_to_irq

[ Upstream commit 88ca2521bd5b4e8b83743c01a2d4cb09325b51e9 ]

There is a TOCTOU issue in set_evtchn_to_irq. Rows in the evtchn_to_irq mapping are lazily allocated in this function. The check whether the row is already present and the row initialization is not synchronized. Two threads can at the same time allocate a new row for evtchn_to_irq and add the irq mapping to the their newly allocated row. One thread will overwrite what the other has set for evtchn_to_irq[row] and therefore the irq mapping is lost. This will trigger a BUG_ON later in bind_evtchn_to_cpu:

INFO: pci 0000:1a:15.4: [1d0f:8061] type 00 class 0x010802 INFO: nvme 0000:1a:12.1: enabling device (0000 -> 0002) INFO: nvme nvme77: 1/0/0 default/read/poll queues CRIT: kernel BUG at drivers/xen/events/events_base.c:427! WARN: invalid opcode: 0000 [#1] SMP NOPTI WARN: Workqueue: nvme-reset-wq nvme_reset_work [nvme] WARN: RIP: e030:bind_evtchn_to_cpu+0xc2/0xd0 WARN: Call Trace: WARN: set_affinity_irq+0x121/0x150 WARN: irq_do_set_affinity+0x37/0xe0 WARN: irq_setup_affinity+0xf6/0x170 WARN: irq_startup+0x64/0xe0 WARN: __setup_irq+0x69e/0x740 WARN: ? request_threaded_irq+0xad/0x160 WARN: request_threaded_irq+0xf5/0x160 WARN: ? nvme_timeout+0x2f0/0x2f0 [nvme] WARN: pci_request_irq+0xa9/0xf0 WARN: ? pci_alloc_irq_vectors_affinity+0xbb/0x130 WARN: queue_request_irq+0x4c/0x70 [nvme] WARN: nvme_reset_work+0x82d/0x1550 [nvme] WARN: ? check_preempt_wakeup+0x14f/0x230 WARN: ? check_preempt_curr+0x29/0x80 WARN: ? nvme_irq_check+0x30/0x30 [nvme] WARN: process_one_work+0x18e/0x3c0 WARN: worker_thread+0x30/0x3a0 WARN: ? process_one_work+0x3c0/0x3c0 WARN: kthread+0x113/0x130 WARN: ? kthread_park+0x90/0x90 WARN: ret_from_fork+0x3a/0x50

This patch sets evtchn_to_irq rows via a cmpxchg operation so that they will be set only once. The row is now cleared before writing it to evtchn_to_irq in order to not create a race once the row is visible for other threads.

While at it, do not require the page to be zeroed, because it will be overwritten with -1's in clear_evtchn_to_irq_row anyway.

Signed-off-by: Maximilian Heyne [email protected]azon.de Fixes: d0b075ffeede ("xen/events: Refactor evtchn_to_irq array to be dynamically allocated") Link: https://lore.kernel.org/r/[email protected] Reviewed-by: Boris Ostrovsky [email protected] Signed-off-by: Boris Ostrovsky [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

x86/tools: Fix objdump version check again

[ Upstream commit 839ad22f755132838f406751439363c07272ad87 ]

Skip (omit) any version string info that is parenthesized.

Warning: objdump version 15) is older than 2.19 Warning: Skipping posttest.

where 'objdump -v' says: GNU objdump (GNU Binutils; SUSE Linux Enterprise 15) 2.35.1.20201123-7.18

Fixes: 8bee738bb1979 ("x86: Fix objdump version check in chkobjdump.awk for different formats.") Signed-off-by: Randy Dunlap [email protected] Signed-off-by: Thomas Gleixner [email protected] Reviewed-by: Masami Hiramatsu [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

PCI/MSI: Enable and mask MSI-X early

commit 438553958ba19296663c6d6583d208dfb6792830 upstream.

The ordering of MSI-X enable in hardware is dysfunctional:

  1. MSI-X is disabled in the control register
  2. Various setup functions
  3. pci_msi_setup_msi_irqs() is invoked which ends up accessing the MSI-X table entries
  4. MSI-X is enabled and masked in the control register with the comment that enabling is required for some hardware to access the MSI-X table

Step #4 obviously contradicts #3. The history of this is an issue with the NIU hardware. When #4 was introduced the table access actually happened in msix_program_entries() which was invoked after enabling and masking MSI-X.

This was changed in commit d71d6432e105 ("PCI/MSI: Kill redundant call of irq_set_msi_desc() for MSI-X interrupts") which removed the table write from msix_program_entries().

Interestingly enough nobody noticed and either NIU still works or it did not get any testing with a kernel 3.19 or later.

Nevertheless this is inconsistent and there is no reason why MSI-X can't be enabled and masked in the control register early on, i.e. move step #4 above to step #1. This preserves the NIU workaround and has no side effects on other hardware.

Fixes: d71d6432e105 ("PCI/MSI: Kill redundant call of irq_set_msi_desc() for MSI-X interrupts") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Ashok Raj [email protected] Reviewed-by: Marc Zyngier [email protected] Acked-by: Bjorn Helgaas [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Do not set invalid bits in MSI mask

commit 361fd37397f77578735907341579397d5bed0a2d upstream.

msi_mask_irq() takes a mask and a flags argument. The mask argument is used to mask out bits from the cached mask and the flags argument to set bits.

Some places invoke it with a flags argument which sets bits which are not used by the device, i.e. when the device supports up to 8 vectors a full unmask in some places sets the mask to 0xFFFFFF00. While devices probably do not care, it's still bad practice.

Fixes: 7ba1930db02f ("PCI MSI: Unmask MSI if setup failed") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Correct misleading comments

commit 689e6b5351573c38ccf92a0dd8b3e2c2241e4aff upstream.

The comments about preserving the cached state in pci_msi[x]_shutdown() are misleading as the MSI descriptors are freed right after those functions return. So there is nothing to restore. Preparatory change.

Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()

commit d28d4ad2a1aef27458b3383725bb179beb8d015c upstream.

No point in using the raw write function from shutdown. Preparatory change to introduce proper serialization for the msi_desc::masked cache.

Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Protect msi_desc::masked for multi-MSI

commit 77e89afc25f30abd56e76a809ee2884d7c1b63ce upstream.

Multi-MSI uses a single MSI descriptor and there is a single mask register when the device supports per vector masking. To avoid reading back the mask register the value is cached in the MSI descriptor and updates are done by clearing and setting bits in the cache and writing it to the device.

But nothing protects msi_desc::masked and the mask register from being modified concurrently on two different CPUs for two different Linux interrupts which belong to the same multi-MSI descriptor.

Add a lock to struct device and protect any operation on the mask and the mask register with it.

This makes the update of msi_desc::masked unconditional, but there is no place which requires a modification of the hardware register without updating the masked cache.

msi_mask_irq() is now an empty wrapper which will be cleaned up in follow up changes.

The problem goes way back to the initial support of multi-MSI, but picking the commit which introduced the mask cache is a valid cut off point (2.6.30).

Fixes: f2440d9acbe8 ("PCI MSI: Refactor interrupt masking code") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Mask all unused MSI-X entries

commit 7d5ec3d3612396dc6d4b76366d20ab9fc06f399f upstream.

When MSI-X is enabled the ordering of calls is:

msix_map_region(); msix_setup_entries(); pci_msi_setup_msi_irqs(); msix_program_entries();

This has a few interesting issues:

  1. msix_setup_entries() allocates the MSI descriptors and initializes them except for the msi_desc:masked member which is left zero initialized.

  2. pci_msi_setup_msi_irqs() allocates the interrupt descriptors and sets up the MSI interrupts which ends up in pci_write_msi_msg() unless the interrupt chip provides its own irq_write_msi_msg() function.

  3. msix_program_entries() does not do what the name suggests. It solely updates the entries array (if not NULL) and initializes the masked member for each MSI descriptor by reading the hardware state and then masks the entry.

Obviously this has some issues:

  1. The uninitialized masked member of msi_desc prevents the enforcement of masking the entry in pci_write_msi_msg() depending on the cached masked bit. Aside of that half initialized data is a NONO in general

  2. msix_program_entries() only ensures that the actually allocated entries are masked. This is wrong as experimentation with crash testing and crash kernel kexec has shown.

    This limited testing unearthed that when the production kernel had more entries in use and unmasked when it crashed and the crash kernel allocated a smaller amount of entries, then a full scan of all entries found unmasked entries which were in use in the production kernel.

    This is obviously a device or emulation issue as the device reset should mask all MSI-X table entries, but obviously that's just part of the paper specification.

Cure this by:

  1. Masking all table entries in hardware
  2. Initializing msi_desc::masked in msix_setup_entries()
  3. Removing the mask dance in msix_program_entries()
  4. Renaming msix_program_entries() to msix_update_entries() to reflect the purpose of that function.

As the masking of unused entries has never been done the Fixes tag refers to a commit in: git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git

Fixes: f036d4ea5fa7 ("[PATCH] ia32 Message Signalled Interrupt support") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Acked-by: Bjorn Helgaas [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Enforce that MSI-X table entry is masked for update

commit da181dc974ad667579baece33c2c8d2d1e4558d5 upstream.

The specification (PCIe r5.0, sec 6.1.4.5) states:

For MSI-X, a function is permitted to cache Address and Data values
from unmasked MSI-X Table entries. However, anytime software unmasks a
currently masked MSI-X Table entry either by clearing its Mask bit or
by clearing the Function Mask bit, the function must update any Address
or Data values that it cached from that entry. If software changes the
Address or Data value of an entry while the entry is unmasked, the
result is undefined.

The Linux kernel's MSI-X support never enforced that the entry is masked before the entry is modified hence the Fixes tag refers to a commit in: git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git

Enforce the entry to be masked across the update.

There is no point in enforcing this to be handled at all possible call sites as this is just pointless code duplication and the common update function is the obvious place to enforce this.

Fixes: f036d4ea5fa7 ("[PATCH] ia32 Message Signalled Interrupt support") Reported-by: Kevin Tian [email protected] Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Acked-by: Bjorn Helgaas [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Enforce MSI[X] entry updates to be visible

commit b9255a7cb51754e8d2645b65dd31805e282b4f3e upstream.

Nothing enforces the posted writes to be visible when the function returns. Flush them even if the flush might be redundant when the entry is masked already as the unmask will flush as well. This is either setup or a rare affinity change event so the extra flush is not the end of the world.

While this is more a theoretical issue especially the logic in the X86 specific msi_set_affinity() function relies on the assumption that the update has reached the hardware when the function returns.

Again, as this never has been enforced the Fixes tag refers to a commit in: git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git

Fixes: f036d4ea5fa7 ("[PATCH] ia32 Message Signalled Interrupt support") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Acked-by: Bjorn Helgaas [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

vmlinux.lds.h: Handle clang's module.{c,d}tor sections

commit 848378812e40152abe9b9baf58ce2004f76fb988 upstream.

A recent change in LLVM causes module_{c,d}tor sections to appear when CONFIG_K{A,C}SAN are enabled, which results in orphan section warnings because these are not handled anywhere:

ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.asan.module_ctor) is being placed in '.text.asan.module_ctor' ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.asan.module_dtor) is being placed in '.text.asan.module_dtor' ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.tsan.module_ctor) is being placed in '.text.tsan.module_ctor'

Fangrui explains: "the function asan.module_ctor has the SHF_GNU_RETAIN flag, so it is in a separate section even with -fno-function-sections (default)".

Place them in the TEXT_TEXT section so that these technologies continue to work with the newer compiler versions. All of the KASAN and KCSAN KUnit tests continue to pass after this change.

Cc: [email protected] Link: https://github.com/ClangBuiltLinux/linux/issues/1432 Link: https://github.com/llvm/llvm-project/commit/7b789562244ee941b7bf2cefeb3fc08a59a01865 Signed-off-by: Nathan Chancellor [email protected] Reviewed-by: Nick Desaulniers [email protected] Reviewed-by: Fangrui Song [email protected] Acked-by: Marco Elver [email protected] Signed-off-by: Kees Cook [email protected] Link: https://lore.kernel.org/r/[email protected] [nc: Fix conflicts due to lack of cf68fffb66d60 and 266ff2a8f51f0] Signed-off-by: Nathan Chancellor [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)

[ upstream commit 0f923e07124df069ba68d8bb12324398f4b6b709 ]

  • Invert the mask of bits that we pick from L2 in nested_vmcb02_prepare_control

  • Invert and explicitly use VIRQ related bits bitmask in svm_clear_vintr

This fixes a security issue that allowed a malicious L1 to run L2 with AVIC enabled, which allowed the L2 to exploit the uninitialized and enabled AVIC to read/write the host physical memory at some offsets.

Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler") Signed-off-by: Maxim Levitsky [email protected] Signed-off-by: Paolo Bonzini [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()

[ Upstream commit 1da569fa7ec8cb0591c74aa3050d4ea1397778b4 ]

pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by moving the error_pm label above the pm_runtime_put() in the error path.

Reported-by: Hulk Robot [email protected] Signed-off-by: Yu Kuai [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Vinod Koul [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218

[ Upstream commit 20a6b3fd8e2e2c063b25fbf2ee74d86b898e5087 ]

Based on the latest timing specifications for the TPS65218 from the data sheet, http://www.ti.com/lit/ds/symlink/tps65218.pdf, document SLDS206 from November 2014, we must change the i2c bus speed to better fit within the minimum high SCL time required for proper i2c transfer.

When running at 400khz, measurements show that SCL spends 0.8125 uS/1.666 uS high/low which violates the requirement for minimum high period of SCL provided in datasheet Table 7.6 which is 1 uS. Switching to 100khz gives us 5 uS/5 uS high/low which both fall above the minimum given values for 100 khz, 4.0 uS/4.7 uS high/low.

Without this patch occasionally a voltage set operation from the kernel will appear to have worked but the actual voltage reflected on the PMIC will not have updated, causing problems especially with cpufreq that may update to a higher OPP without actually raising the voltage on DCDC2, leading to a hang.

Signed-off-by: Dave Gerlach [email protected] Signed-off-by: Kevin Hilman [email protected] Signed-off-by: Tony Lindgren [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available

[ Upstream commit eda97cb095f2958bbad55684a6ca3e7d7af0176a ]

If the router_xlate can not find the controller in the available DMA devices then it should return with -EPORBE_DEFER in a same way as the of_dma_request_slave_channel() does.

The issue can be reproduced if the event router is registered before the DMA controller itself and a driver would request for a channel before the controller is registered. In of_dma_request_slave_channel():

  1. of_dma_find_controller() would find the dma_router
  2. ofdma->of_dma_xlate() would fail and returned NULL
  3. -ENODEV is returned as error code

with this patch we would return in this case the correct -EPROBE_DEFER and the client can try to request the channel later.

Signed-off-by: Peter Ujfalusi [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Vinod Koul [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()

[ Upstream commit 77541f78eadfe9fdb018a7b8b69f0f2af2cf4b82 ]

The list_for_each_entry() iterator, "adapter" in this code, can never be NULL. If we exit the loop without finding the correct adapter then "adapter" points invalid memory that is an offset from the list head. This will eventually lead to memory corruption and presumably a kernel crash.

Link: https://lore.kernel.org/r/[email protected] Acked-by: Sumit Saxena [email protected] Signed-off-by: Harshvardhan Jha [email protected] Signed-off-by: Martin K. Petersen [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

scsi: core: Avoid printing an error if target_alloc() returns -ENXIO

[ Upstream commit 70edd2e6f652f67d854981fd67f9ad0f1deaea92 ]

Avoid printing a 'target allocation failed' error if the driver target_alloc() callback function returns -ENXIO. This return value indicates that the corresponding H:C:T:L entry is empty.

Removing this error reduces the scan time if the user issues SCAN_WILD_CARD scan operation through sysfs parameter on a host with a lot of empty H:C:T:L entries.

Avoiding the printk on -ENXIO matches the behavior of the other callback functions during scanning.

Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sreekanth Reddy [email protected] Signed-off-by: Martin K. Petersen [email protected] Signed-off-by: Sasha Levin [email protected]

commit sha: 06cae1aacd5a858a32de583b0a3dd0a168ec21d4

push time in 1 month ago
push

bananafunction push bananafunction/android_kernel_sony_msm8998

bananafunction
bananafunction

arm64: configs: lilac: regenerate defconfig

bananafunction
bananafunction

sound: soc: wcd9xxx: fix misleading indentation

bananafunction
bananafunction

ASoC: intel: atom: Fix reference to PCM buffer address

commit 2e6b836312a477d647a7920b56810a5a25f6c856 upstream.

PCM buffers might be allocated dynamically when the buffer preallocation failed or a larger buffer is requested, and it's not guaranteed that substream->dma_buffer points to the actually used buffer. The address should be retrieved from runtime->dma_addr, instead of substream->dma_buffer (and shouldn't use virt_to_phys).

Also, remove the line overriding runtime->dma_area superfluously, which was already set up at the PCM buffer allocation.

Cc: Cezary Rojewski [email protected] Cc: Pierre-Louis Bossart [email protected] Cc: [email protected] Signed-off-by: Takashi Iwai [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Mark Brown [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

i2c: dev: zero out array used for i2c reads from userspace

commit 86ff25ed6cd8240d18df58930bd8848b19fce308 upstream.

If an i2c driver happens to not provide the full amount of data that a user asks for, it is possible that some uninitialized data could be sent to userspace. While all in-kernel drivers look to be safe, just be sure by initializing the buffer to zero before it is passed to the i2c driver so that any future drivers will not have this issue.

Also properly copy the amount of data recvieved to the userspace buffer, as pointed out by Dan Carpenter.

Reported-by: Eric Dumazet [email protected] Cc: [email protected] Signed-off-by: Greg Kroah-Hartman [email protected] Signed-off-by: Wolfram Sang [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

net: Fix memory leak in ieee802154_raw_deliver

[ Upstream commit 1090340f7ee53e824fd4eef66a4855d548110c5b ]

If IEEE-802.15.4-RAW is closed before receive skb, skb is leaked. Fix this, by freeing sk_receive_queue in sk->sk_destruct().

syzbot report: BUG: memory leak unreferenced object 0xffff88810f644600 (size 232): comm "softirq", pid 0, jiffies 4294967032 (age 81.270s) hex dump (first 32 bytes): 10 7d 4b 12 81 88 ff ff 10 7d 4b 12 81 88 ff ff .}K......}K..... 00 00 00 00 00 00 00 00 40 7c 4b 12 81 88 ff ff ........@K..... backtrace: [] skb_clone+0xaa/0x2b0 net/core/skbuff.c:1496 [] ieee802154_raw_deliver net/ieee802154/socket.c:369 [inline] [] ieee802154_rcv+0x100/0x340 net/ieee802154/socket.c:1070 [] __netif_receive_skb_one_core+0x6a/0xa0 net/core/dev.c:5384 [] __netif_receive_skb+0x27/0xa0 net/core/dev.c:5498 [] netif_receive_skb_internal net/core/dev.c:5603 [inline] [] netif_receive_skb+0x59/0x260 net/core/dev.c:5662 [] ieee802154_deliver_skb net/mac802154/rx.c:29 [inline] [] ieee802154_subif_frame net/mac802154/rx.c:102 [inline] [] __ieee802154_rx_handle_packet net/mac802154/rx.c:212 [inline] [] ieee802154_rx+0x612/0x620 net/mac802154/rx.c:284 [] ieee802154_tasklet_handler+0x86/0xa0 net/mac802154/main.c:35 [] tasklet_action_common.constprop.0+0x5b/0x100 kernel/softirq.c:557 [] __do_softirq+0xbf/0x2ab kernel/softirq.c:345 [] do_softirq kernel/softirq.c:248 [inline] [] do_softirq+0x5c/0x80 kernel/softirq.c:235 [] __local_bh_enable_ip+0x51/0x60 kernel/softirq.c:198 [] local_bh_enable include/linux/bottom_half.h:32 [inline] [] rcu_read_unlock_bh include/linux/rcupdate.h:745 [inline] [] __dev_queue_xmit+0x7f4/0xf60 net/core/dev.c:4221 [] raw_sendmsg+0x1f4/0x2b0 net/ieee802154/socket.c:295 [] sock_sendmsg_nosec net/socket.c:654 [inline] [] sock_sendmsg+0x56/0x80 net/socket.c:674 [] __sys_sendto+0x15c/0x200 net/socket.c:1977 [] __do_sys_sendto net/socket.c:1989 [inline] [] __se_sys_sendto net/socket.c:1985 [inline] [] __x64_sys_sendto+0x26/0x30 net/socket.c:1985

Fixes: 9ec767160357 ("net: add IEEE 802.15.4 socket family implementation") Reported-and-tested-by: [email protected] Signed-off-by: Takeshi Misawa [email protected] Acked-by: Alexander Aring [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Stefan Schmidt [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

xen/events: Fix race in set_evtchn_to_irq

[ Upstream commit 88ca2521bd5b4e8b83743c01a2d4cb09325b51e9 ]

There is a TOCTOU issue in set_evtchn_to_irq. Rows in the evtchn_to_irq mapping are lazily allocated in this function. The check whether the row is already present and the row initialization is not synchronized. Two threads can at the same time allocate a new row for evtchn_to_irq and add the irq mapping to the their newly allocated row. One thread will overwrite what the other has set for evtchn_to_irq[row] and therefore the irq mapping is lost. This will trigger a BUG_ON later in bind_evtchn_to_cpu:

INFO: pci 0000:1a:15.4: [1d0f:8061] type 00 class 0x010802 INFO: nvme 0000:1a:12.1: enabling device (0000 -> 0002) INFO: nvme nvme77: 1/0/0 default/read/poll queues CRIT: kernel BUG at drivers/xen/events/events_base.c:427! WARN: invalid opcode: 0000 [#1] SMP NOPTI WARN: Workqueue: nvme-reset-wq nvme_reset_work [nvme] WARN: RIP: e030:bind_evtchn_to_cpu+0xc2/0xd0 WARN: Call Trace: WARN: set_affinity_irq+0x121/0x150 WARN: irq_do_set_affinity+0x37/0xe0 WARN: irq_setup_affinity+0xf6/0x170 WARN: irq_startup+0x64/0xe0 WARN: __setup_irq+0x69e/0x740 WARN: ? request_threaded_irq+0xad/0x160 WARN: request_threaded_irq+0xf5/0x160 WARN: ? nvme_timeout+0x2f0/0x2f0 [nvme] WARN: pci_request_irq+0xa9/0xf0 WARN: ? pci_alloc_irq_vectors_affinity+0xbb/0x130 WARN: queue_request_irq+0x4c/0x70 [nvme] WARN: nvme_reset_work+0x82d/0x1550 [nvme] WARN: ? check_preempt_wakeup+0x14f/0x230 WARN: ? check_preempt_curr+0x29/0x80 WARN: ? nvme_irq_check+0x30/0x30 [nvme] WARN: process_one_work+0x18e/0x3c0 WARN: worker_thread+0x30/0x3a0 WARN: ? process_one_work+0x3c0/0x3c0 WARN: kthread+0x113/0x130 WARN: ? kthread_park+0x90/0x90 WARN: ret_from_fork+0x3a/0x50

This patch sets evtchn_to_irq rows via a cmpxchg operation so that they will be set only once. The row is now cleared before writing it to evtchn_to_irq in order to not create a race once the row is visible for other threads.

While at it, do not require the page to be zeroed, because it will be overwritten with -1's in clear_evtchn_to_irq_row anyway.

Signed-off-by: Maximilian Heyne [email protected] Fixes: d0b075ffeede ("xen/events: Refactor evtchn_to_irq array to be dynamically allocated") Link: https://lore.kernel.org/r/[email protected] Reviewed-by: Boris Ostrovsky [email protected] Signed-off-by: Boris Ostrovsky [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

x86/tools: Fix objdump version check again

[ Upstream commit 839ad22f755132838f406751439363c07272ad87 ]

Skip (omit) any version string info that is parenthesized.

Warning: objdump version 15) is older than 2.19 Warning: Skipping posttest.

where 'objdump -v' says: GNU objdump (GNU Binutils; SUSE Linux Enterprise 15) 2.35.1.20201123-7.18

Fixes: 8bee738bb1979 ("x86: Fix objdump version check in chkobjdump.awk for different formats.") Signed-off-by: Randy Dunlap [email protected] Signed-off-by: Thomas Gleixner [email protected] Reviewed-by: Masami Hiramatsu [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

PCI/MSI: Enable and mask MSI-X early

commit 438553958ba19296663c6d6583d208dfb6792830 upstream.

The ordering of MSI-X enable in hardware is dysfunctional:

  1. MSI-X is disabled in the control register
  2. Various setup functions
  3. pci_msi_setup_msi_irqs() is invoked which ends up accessing the MSI-X table entries
  4. MSI-X is enabled and masked in the control register with the comment that enabling is required for some hardware to access the MSI-X table

Step #4 obviously contradicts #3. The history of this is an issue with the NIU hardware. When #4 was introduced the table access actually happened in msix_program_entries() which was invoked after enabling and masking MSI-X.

This was changed in commit d71d6432e105 ("PCI/MSI: Kill redundant call of irq_set_msi_desc() for MSI-X interrupts") which removed the table write from msix_program_entries().

Interestingly enough nobody noticed and either NIU still works or it did not get any testing with a kernel 3.19 or later.

Nevertheless this is inconsistent and there is no reason why MSI-X can't be enabled and masked in the control register early on, i.e. move step #4 above to step #1. This preserves the NIU workaround and has no side effects on other hardware.

Fixes: d71d6432e105 ("PCI/MSI: Kill redundant call of irq_set_msi_desc() for MSI-X interrupts") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Ashok Raj [email protected] Reviewed-by: Marc Zyngier [email protected] Acked-by: Bjorn Helgaas [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Do not set invalid bits in MSI mask

commit 361fd37397f77578735907341579397d5bed0a2d upstream.

msi_mask_irq() takes a mask and a flags argument. The mask argument is used to mask out bits from the cached mask and the flags argument to set bits.

Some places invoke it with a flags argument which sets bits which are not used by the device, i.e. when the device supports up to 8 vectors a full unmask in some places sets the mask to 0xFFFFFF00. While devices probably do not care, it's still bad practice.

Fixes: 7ba1930db02f ("PCI MSI: Unmask MSI if setup failed") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Correct misleading comments

commit 689e6b5351573c38ccf92a0dd8b3e2c2241e4aff upstream.

The comments about preserving the cached state in pci_msi[x]_shutdown() are misleading as the MSI descriptors are freed right after those functions return. So there is nothing to restore. Preparatory change.

Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()

commit d28d4ad2a1aef27458b3383725bb179beb8d015c upstream.

No point in using the raw write function from shutdown. Preparatory change to introduce proper serialization for the msi_desc::masked cache.

Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Protect msi_desc::masked for multi-MSI

commit 77e89afc25f30abd56e76a809ee2884d7c1b63ce upstream.

Multi-MSI uses a single MSI descriptor and there is a single mask register when the device supports per vector masking. To avoid reading back the mask register the value is cached in the MSI descriptor and updates are done by clearing and setting bits in the cache and writing it to the device.

But nothing protects msi_desc::masked and the mask register from being modified concurrently on two different CPUs for two different Linux interrupts which belong to the same multi-MSI descriptor.

Add a lock to struct device and protect any operation on the mask and the mask register with it.

This makes the update of msi_desc::masked unconditional, but there is no place which requires a modification of the hardware register without updating the masked cache.

msi_mask_irq() is now an empty wrapper which will be cleaned up in follow up changes.

The problem goes way back to the initial support of multi-MSI, but picking the commit which introduced the mask cache is a valid cut off point (2.6.30).

Fixes: f2440d9acbe8 ("PCI MSI: Refactor interrupt masking code") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Mask all unused MSI-X entries

commit 7d5ec3d3612396dc6d4b76366d20ab9fc06f399f upstream.

When MSI-X is enabled the ordering of calls is:

msix_map_region(); msix_setup_entries(); pci_msi_setup_msi_irqs(); msix_program_entries();

This has a few interesting issues:

  1. msix_setup_entries() allocates the MSI descriptors and initializes them except for the msi_desc:masked member which is left zero initialized.

  2. pci_msi_setup_msi_irqs() allocates the interrupt descriptors and sets up the MSI interrupts which ends up in pci_write_msi_msg() unless the interrupt chip provides its own irq_write_msi_msg() function.

  3. msix_program_entries() does not do what the name suggests. It solely updates the entries array (if not NULL) and initializes the masked member for each MSI descriptor by reading the hardware state and then masks the entry.

Obviously this has some issues:

  1. The uninitialized masked member of msi_desc prevents the enforcement of masking the entry in pci_write_msi_msg() depending on the cached masked bit. Aside of that half initialized data is a NONO in general

  2. msix_program_entries() only ensures that the actually allocated entries are masked. This is wrong as experimentation with crash testing and crash kernel kexec has shown.

    This limited testing unearthed that when the production kernel had more entries in use and unmasked when it crashed and the crash kernel allocated a smaller amount of entries, then a full scan of all entries found unmasked entries which were in use in the production kernel.

    This is obviously a device or emulation issue as the device reset should mask all MSI-X table entries, but obviously that's just part of the paper specification.

Cure this by:

  1. Masking all table entries in hardware
  2. Initializing msi_desc::masked in msix_setup_entries()
  3. Removing the mask dance in msix_program_entries()
  4. Renaming msix_program_entries() to msix_update_entries() to reflect the purpose of that function.

As the masking of unused entries has never been done the Fixes tag refers to a commit in: git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git

Fixes: f036d4ea5fa7 ("[PATCH] ia32 Message Signalled Interrupt support") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Acked-by: Bjorn Helgaas [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Enforce that MSI-X table entry is masked for update

commit da181dc974ad667579baece33c2c8d2d1e4558d5 upstream.

The specification (PCIe r5.0, sec 6.1.4.5) states:

For MSI-X, a function is permitted to cache Address and Data values
from unmasked MSI-X Table entries. However, anytime software unmasks a
currently masked MSI-X Table entry either by clearing its Mask bit or
by clearing the Function Mask bit, the function must update any Address
or Data values that it cached from that entry. If software changes the
Address or Data value of an entry while the entry is unmasked, the
result is undefined.

The Linux kernel's MSI-X support never enforced that the entry is masked before the entry is modified hence the Fixes tag refers to a commit in: git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git

Enforce the entry to be masked across the update.

There is no point in enforcing this to be handled at all possible call sites as this is just pointless code duplication and the common update function is the obvious place to enforce this.

Fixes: f036d4ea5fa7 ("[PATCH] ia32 Message Signalled Interrupt support") Reported-by: Kevin Tian [email protected] Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Acked-by: Bjorn Helgaas [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

PCI/MSI: Enforce MSI[X] entry updates to be visible

commit b9255a7cb51754e8d2645b65dd31805e282b4f3e upstream.

Nothing enforces the posted writes to be visible when the function returns. Flush them even if the flush might be redundant when the entry is masked already as the unmask will flush as well. This is either setup or a rare affinity change event so the extra flush is not the end of the world.

While this is more a theoretical issue especially the logic in the X86 specific msi_set_affinity() function relies on the assumption that the update has reached the hardware when the function returns.

Again, as this never has been enforced the Fixes tag refers to a commit in: git://git.kernel.org/pub/scm/linux/kernel/git/tglx/history.git

Fixes: f036d4ea5fa7 ("[PATCH] ia32 Message Signalled Interrupt support") Signed-off-by: Thomas Gleixner [email protected] Tested-by: Marc Zyngier [email protected] Reviewed-by: Marc Zyngier [email protected] Acked-by: Bjorn Helgaas [email protected] Cc: [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

vmlinux.lds.h: Handle clang's module.{c,d}tor sections

commit 848378812e40152abe9b9baf58ce2004f76fb988 upstream.

A recent change in LLVM causes module_{c,d}tor sections to appear when CONFIG_K{A,C}SAN are enabled, which results in orphan section warnings because these are not handled anywhere:

ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.asan.module_ctor) is being placed in '.text.asan.module_ctor' ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.asan.module_dtor) is being placed in '.text.asan.module_dtor' ld.lld: warning: arch/x86/pci/built-in.a(legacy.o):(.text.tsan.module_ctor) is being placed in '.text.tsan.module_ctor'

Fangrui explains: "the function asan.module_ctor has the SHF_GNU_RETAIN flag, so it is in a separate section even with -fno-function-sections (default)".

Place them in the TEXT_TEXT section so that these technologies continue to work with the newer compiler versions. All of the KASAN and KCSAN KUnit tests continue to pass after this change.

Cc: [email protected] Link: https://github.com/ClangBuiltLinux/linux/issues/1432 Link: https://github.com/llvm/llvm-project/commit/7b789562244ee941b7bf2cefeb3fc08a59a01865 Signed-off-by: Nathan Chancellor [email protected] Reviewed-by: Nick Desaulniers [email protected] Reviewed-by: Fangrui Song [email protected] Acked-by: Marco Elver [email protected] Signed-off-by: Kees Cook [email protected] Link: https://lore.kernel.org/r/[email protected] [nc: Fix conflicts due to lack of cf68fffb66d60 and 266ff2a8f51f0] Signed-off-by: Nathan Chancellor [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)

[ upstream commit 0f923e07124df069ba68d8bb12324398f4b6b709 ]

  • Invert the mask of bits that we pick from L2 in nested_vmcb02_prepare_control

  • Invert and explicitly use VIRQ related bits bitmask in svm_clear_vintr

This fixes a security issue that allowed a malicious L1 to run L2 with AVIC enabled, which allowed the L2 to exploit the uninitialized and enabled AVIC to read/write the host physical memory at some offsets.

Fixes: 3d6368ef580a ("KVM: SVM: Add VMRUN handler") Signed-off-by: Maxim Levitsky [email protected] Signed-off-by: Paolo Bonzini [email protected] Signed-off-by: Greg Kroah-Hartman [email protected]

bananafunction
bananafunction

dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()

[ Upstream commit 1da569fa7ec8cb0591c74aa3050d4ea1397778b4 ]

pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by moving the error_pm label above the pm_runtime_put() in the error path.

Reported-by: Hulk Robot [email protected] Signed-off-by: Yu Kuai [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Vinod Koul [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218

[ Upstream commit 20a6b3fd8e2e2c063b25fbf2ee74d86b898e5087 ]

Based on the latest timing specifications for the TPS65218 from the data sheet, http://www.ti.com/lit/ds/symlink/tps65218.pdf, document SLDS206 from November 2014, we must change the i2c bus speed to better fit within the minimum high SCL time required for proper i2c transfer.

When running at 400khz, measurements show that SCL spends 0.8125 uS/1.666 uS high/low which violates the requirement for minimum high period of SCL provided in datasheet Table 7.6 which is 1 uS. Switching to 100khz gives us 5 uS/5 uS high/low which both fall above the minimum given values for 100 khz, 4.0 uS/4.7 uS high/low.

Without this patch occasionally a voltage set operation from the kernel will appear to have worked but the actual voltage reflected on the PMIC will not have updated, causing problems especially with cpufreq that may update to a higher OPP without actually raising the voltage on DCDC2, leading to a hang.

Signed-off-by: Dave Gerlach [email protected] Signed-off-by: Kevin Hilman [email protected] Signed-off-by: Tony Lindgren [email protected] Signed-off-by: Sasha Levin [email protected]

bananafunction
bananafunction

dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available

[ Upstream commit eda97cb095f2958bbad55684a6ca3e7d7af0176a ]

If the router_xlate can not find the controller in the available DMA devices then it should return with -EPORBE_DEFER in a same way as the of_dma_request_slave_channel() does.

The issue can be reproduced if the event router is registered before the DMA controller itself and a driver would request for a channel before the controller is registered. In of_dma_request_slave_channel():

  1. of_dma_find_controller() would find the dma_router
  2. ofdma->of_dma_xlate() would fail and returned NULL
  3. -ENODEV is returned as error code

with this patch we would return in this case the correct -EPROBE_DEFER and the client can try to request the channel later.

Signed-off-by: Peter Ujfalusi [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Vinod Koul [email protected] Signed-off-by: Sasha Levin [email protected]

commit sha: ce6cc137ee4305ce15ccdd4d6705c0e027c02f33

push time in 1 month ago
Aug
23
1 month ago
Activity icon
fork

bananafunction forked LineageOS/android_kernel_oneplus_sdm845

fork time in 1 month ago
push

bananafunction push bananafunction/android_device_sony_lilac

bananafunction
bananafunction

lilac: remove additional patch to build with CLANG

Signed-off-by: bananafunction [email protected]

bananafunction
bananafunction

lilac: patches: reduce amount of property edits

This is sufficiant to get Google Play Store certification.

Signed-off-by: bananafunction [email protected]

commit sha: 311e4b53b615e03a0c4ce2ee49e814806b8d5353

push time in 1 month ago
push

bananafunction push bananafunction/android_device_sony_yoshino

bananafunction
bananafunction

Revert "yoshino: build kernel with CLANG"

This reverts commit ecfea130188a620a1b93b6e01521f54c91ea0106.

commit sha: 9498da9cbae6f7fd1053fcf958b405d2d2db292e

push time in 1 month ago
Aug
21
1 month ago
push

bananafunction push bananafunction/android_kernel_sony_msm8998

bananafunction
bananafunction

ANDROID: xt_quota2: remove trailing junk which might have a digit in it

Make sure string only contains the characters specified by userspace.

Fix cherry-picked from xtables-extensions project

Signed-off-by: Sam Liddicott [email protected] Bug: 196046570 Test: passed netd test suites Fixes: 10cda83af99d ("ANDROID: netfilter: xt_quota2: adding the original quota2 from xtables-addons") Signed-off-by: Todd Kjos [email protected] (cherry picked from https://git.code.sf.net/p/xtables-addons/xtables-addons bc2bcc383c70b293bd816c29523a952ca8736fb5) Change-Id: I965448564906e5fbf0fe6d6414f44d9e257ea195

bananafunction
bananafunction

ANDROID: xt_quota2: set usersize in xt_match registration object

Explicitly set what is visible to userspace

Bug: 196046570 Test: passed netd test suites Signed-off-by: Todd Kjos [email protected] Change-Id: Iacec0ef8ae290e01f1b60508d8abcd40a3653c83

commit sha: 3ea5a0f5a783926a6f0996367e83d5bea6e70685

push time in 1 month ago
push

bananafunction push bananafunction/android_kernel_sony_msm8998

bananafunction
bananafunction

ANDROID: xt_quota2: remove trailing junk which might have a digit in it

Make sure string only contains the characters specified by userspace.

Fix cherry-picked from xtables-extensions project

Signed-off-by: Sam Liddicott [email protected] Bug: 196046570 Test: passed netd test suites Fixes: 10cda83af99d ("ANDROID: netfilter: xt_quota2: adding the original quota2 from xtables-addons") Signed-off-by: Todd Kjos [email protected] (cherry picked from https://git.code.sf.net/p/xtables-addons/xtables-addons bc2bcc383c70b293bd816c29523a952ca8736fb5) Change-Id: I965448564906e5fbf0fe6d6414f44d9e257ea195

bananafunction
bananafunction

ANDROID: xt_quota2: set usersize in xt_match registration object

Explicitly set what is visible to userspace

Bug: 196046570 Test: passed netd test suites Signed-off-by: Todd Kjos [email protected] Change-Id: Iacec0ef8ae290e01f1b60508d8abcd40a3653c83

commit sha: fdc42290e092d9edb0b7d60885e4569f0cba3436

push time in 1 month ago
Previous