- 09 Sep, 2019 7 commits
-
-
Nikolay Borisov authored
compress_file_range returns a void, yet uses a function parameter as a return value. Make that more idiomatic by simply returning the number of compressed extents directly. Also track such extents in more aptly named variables. No functional changes. Signed-off-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
-
Eric Sandeen authored
I lifted the btrfs label get/set ioctls to the vfs some time ago, but never followed up to use those common definitions directly in btrfs. This patch does that. Signed-off-by: Eric Sandeen <sandeen@redhat.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
-
Nikolay Borisov authored
Those were split out of btrfs_clear_lock_blocking_rw by aa12c027 ("btrfs: split btrfs_clear_lock_blocking_rw to read and write helpers") however at that time this function was unused due to commit 52398340 ("Btrfs: kill btrfs_clear_path_blocking"). Put the final nail in the coffin of those 2 functions. Signed-off-by: Nikolay Borisov <nborisov@suse.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
-
Arnd Bergmann authored
btrfsic_process_written_block() cals btrfsic_process_metablock(), which has a fairly large stack usage due to the btrfsic_stack_frame variable. It also calls btrfsic_test_for_metadata(), which now needs several hundreds of bytes for its SHASH_DESC_ON_STACK(). In some configurations, we end up with both functions on the same stack, and gcc warns about the excessive stack usage that might cause the available stack space to run out: fs/btrfs/check-integrity.c:1743:13: error: stack frame size of 1152 bytes in function 'btrfsic_process_written_block' [-Werror,-Wframe-larger-than=] Marking both child functions as noinline_for_stack helps because this guarantees that the large variables are not on the same stack frame. Fixes: d5178578 ("btrfs: directly call into crypto framework for checksumming") Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David Sterba <dsterba@suse.com>
-
YueHaibing authored
Fixes gcc '-Wunused-but-set-variable' warning: fs/btrfs/volumes.c: In function __btrfs_map_block: fs/btrfs/volumes.c:6023:6: warning: variable offset set but not used [-Wunused-but-set-variable] It is not used any more since commit 343abd1c0ca9 ("btrfs: Use btrfs_get_io_geometry appropriately") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: YueHaibing <yuehaibing@huawei.com> Reviewed-by: David Sterba <dsterba@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
-
Filipe Manana authored
When cloning extents (or deduplicating) we create a transaction with a space reservation that considers we will drop or update a single file extent item of the destination inode (that we modify a single leaf). That is fine for the vast majority of scenarios, however it might happen that we need to drop many file extent items, and adjust at most two file extent items, in the destination root, which can span multiple leafs. This will lead to either the call to btrfs_drop_extents() to fail with ENOSPC or the subsequent calls to btrfs_insert_empty_item() or btrfs_update_inode() (called through clone_finish_inode_update()) to fail with ENOSPC. Such failure results in a transaction abort, leaving the filesystem in a read-only mode. In order to fix this we need to follow the same approach as the hole punching code, where we create a local reservation with 1 unit and keep ending and starting transactions, after balancing the btree inode, when __btrfs_drop_extents() returns ENOSPC. So fix this by making the extent cloning call calls the recently added btrfs_punch_hole_range() helper, which is what does the mentioned work for hole punching, and make sure whenever we drop extent items in a transaction, we also add a replacing file extent item, to avoid corruption (a hole) if after ending a transaction and before starting a new one, the old transaction gets committed and a power failure happens before we finish cloning. A test case for fstests follows soon. Reported-by: David Goodwin <david@codepoets.co.uk> Link: https://lore.kernel.org/linux-btrfs/a4a4cf31-9cf4-e52c-1f86-c62d336c9cd1@codepoets.co.uk/Reported-by: Sam Tygier <sam@tygier.co.uk> Link: https://lore.kernel.org/linux-btrfs/82aace9f-a1e3-1f0b-055f-3ea75f7a41a0@tygier.co.uk/ Fixes: b6f3409b ("Btrfs: reserve sufficient space for ioctl clone") Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
-
Filipe Manana authored
Move the code that is responsible for dropping extents in a range out of btrfs_punch_hole() into a new helper function, btrfs_punch_hole_range(), so that later it can be used by the reflinking (extent cloning and dedup) code to fix a ENOSPC bug. Signed-off-by: Filipe Manana <fdmanana@suse.com> Signed-off-by: David Sterba <dsterba@suse.com>
-
- 08 Sep, 2019 4 commits
-
-
Linus Torvalds authored
-
git://github.com/ojeda/linuxLinus Torvalds authored
Pull section attribute fix from Miguel Ojeda: "Fix Oops in Clang-compiled kernels (Nick Desaulniers)" * tag 'compiler-attributes-for-linus-v5.3-rc8' of git://github.com/ojeda/linux: include/linux/compiler.h: fix Oops for Clang-compiled kernels
-
git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpioLinus Torvalds authored
Pull GPIO fixes from Linus Walleij: "All related to the PCA953x driver when handling chips with more than 8 ports, now that works again" * tag 'gpio-v5.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: pca953x: use pca953x_read_regs instead of regmap_bulk_read gpio: pca953x: correct type of reg_direction
-
Nick Desaulniers authored
GCC unescapes escaped string section names while Clang does not. Because __section uses the `#` stringification operator for the section name, it doesn't need to be escaped. This fixes an Oops observed in distro's that use systemd and not net.core.bpf_jit_enable=1, when their kernels are compiled with Clang. Link: https://github.com/ClangBuiltLinux/linux/issues/619 Link: https://bugs.llvm.org/show_bug.cgi?id=42950 Link: https://marc.info/?l=linux-netdev&m=156412960619946&w=2 Link: https://lore.kernel.org/lkml/20190904181740.GA19688@gmail.com/Acked-by: Will Deacon <will@kernel.org> Reported-by: Sedat Dilek <sedat.dilek@gmail.com> Suggested-by: Josh Poimboeuf <jpoimboe@redhat.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by: Nick Desaulniers <ndesaulniers@google.com> [Cherry-picked from the __section cleanup series for 5.3] [Adjusted commit message] Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>
-
- 07 Sep, 2019 4 commits
-
-
Linus Torvalds authored
This reverts commit 558682b5. Chris Wilson reports that it breaks his CPU hotplug test scripts. In particular, it breaks offlining and then re-onlining the boot CPU, which we treat specially (and the BIOS does too). The symptoms are that we can offline the CPU, but it then does not come back online again: smpboot: CPU 0 is now offline smpboot: Booting Node 0 Processor 0 APIC 0x0 smpboot: do_boot_cpu failed(-1) to wakeup CPU#0 Thomas says he knows why it's broken (my personal suspicion: our magic handling of the "cpu0_logical_apicid" thing), but for 5.3 the right fix is to just revert it, since we've never touched the LDR bits before, and it's not worth the risk to do anything else at this stage. [ Hotpluging of the boot CPU is special anyway, and should be off by default. See the "BOOTPARAM_HOTPLUG_CPU0" config option and the cpu0_hotplug kernel parameter. In general you should not do it, and it has various known limitations (hibernate and suspend require the boot CPU, for example). But it should work, even if the boot CPU is special and needs careful treatment - Linus ] Link: https://lore.kernel.org/lkml/156785100521.13300.14461504732265570003@skylake-alporthouse-com/Reported-by: Chris Wilson <chris@chris-wilson.co.uk> Acked-by: Thomas Gleixner <tglx@linutronix.de> Cc: Bandan Das <bsd@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-miscLinus Torvalds authored
Pull Documentation updates from Greg KH: "A few small patches for the documenation file that came in through the char-misc tree in -rc7 for your tree. They fix the mistake in the .rst format that kept the table of companies from showing up in the html output, and most importantly, add people's names to the list showing support for our process" * tag 'char-misc-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: Documentation/process: Add Qualcomm process ambassador for hardware security issues Documentation/process/embargoed-hardware-issues: Microsoft ambassador Documentation/process: Add Google contact for embargoed hardware issues Documentation/process: Volunteer as the ambassador for Xen
-
Trilok Soni authored
Add Trilok Soni as process ambassador for hardware security issues from Qualcomm. Signed-off-by: Trilok Soni <tsoni@codeaurora.org> Link: https://lore.kernel.org/r/1567796517-8964-1-git-send-email-tsoni@codeaurora.orgSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
git://git.infradead.org/users/vkoul/slave-dmaLinus Torvalds authored
Pull dmaengine fixes from Vinod Koul: "Some late fixes for drivers: - memory leak in ti crossbar dma driver - cleanup of omap dma probe - Fix for link list configuration in sprd dma driver - Handling fixed for DMACHCLR if iommu is mapped in rcar dma" * tag 'dmaengine-fix-5.3' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: rcar-dmac: Fix DMACHCLR handling if iommu is mapped dmaengine: sprd: Fix the DMA link-list configuration dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe() dmaengine: ti: dma-crossbar: Fix a memory leak bug
-
- 06 Sep, 2019 17 commits
-
-
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsiLinus Torvalds authored
Pull SCSI fix from James Bottomley: "Just a single lpfc fix adjusting the number of available queues for high CPU count systems" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: lpfc: Raise config max for lpfc_fcp_mq_threshold variable
-
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimmLinus Torvalds authored
Pull libnvdimm fix from Dan Williams: "Restore support for 1GB alignment namespaces, truncate the end of misaligned namespaces" * tag 'libnvdimm-fix-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm/pfn: Fix namespace creation on misaligned addresses
-
git://git.kernel.org/pub/scm/linux/kernel/git/dtor/inputLinus Torvalds authored
Pull input fix from Dmitry Torokhov: "A tiny update from Benjamin removing a mistakenly added Elan PNP ID so that the device is again handled by hid-multitouch" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
-
Benjamin Tissoires authored
Looks like the Bios of the Lenovo Legion Y7000 is using ELAN061B when the actual device is supposed to be used with hid-multitouch. Remove it from the list of the supported device, hoping that no one will complain about the loss in functionality. Link: https://bugzilla.kernel.org/show_bug.cgi?id=203467 Fixes: 738c06d0 ("Input: elan_i2c - add hardware ID for multiple Lenovo laptops") Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com> Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
git://git.kernel.org/pub/scm/linux/kernel/git/soc/socLinus Torvalds authored
Pull ARM SoC fixes from Arnd Bergmann: "There are three more fixes for this week: - The Windows-on-ARM laptops require a workaround to prevent crashing at boot from ACPI - The Renesas 'draak' board needs one bugfix for the backlight regulator - Also for Renesas, the 'hihope' board accidentally had its eMMC turned off in the 5.3 merge window" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc: soc: qcom: geni: Provide parameter error checking arm64: dts: renesas: hihope-common: Fix eMMC status arm64: dts: renesas: r8a77995: draak: Fix backlight regulator name
-
git://git.infradead.org/users/hch/configfsLinus Torvalds authored
Pull configfs fixes from Christoph Hellwig: "Late configfs fixes from Al that fix pretty nasty removal vs attribute access races" * tag 'configfs-for-5.3' of git://git.infradead.org/users/hch/configfs: configfs: provide exclusion between IO and removals configfs: new object reprsenting tree fragments configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: stash the data we need into configfs_buffer at open time
-
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommuLinus Torvalds authored
Pull IOMMU fixes from Joerg Roedel: - Revert an Intel VT-d patch that caused problems for some users. - Removal of a feature in the Intel VT-d driver that was never supported in hardware. This qualifies as a fix because the code for this feature sets reserved bits in the invalidation queue descriptor, causing failed invalidations on real hardware. - Two fixes for AMD IOMMU driver to fix a race condition and to add a missing IOTLB flush when kernel is booted in kdump mode. * tag 'iommu-fixes-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/amd: Fix race in increase_address_space() iommu/amd: Flush old domains in kdump kernel iommu/vt-d: Remove global page flush support Revert "iommu/vt-d: Avoid duplicated pci dma alias consideration"
-
git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmcLinus Torvalds authored
Pull MMC fix from Ulf Hansson: "Revert in order to fix card init for some eMMCs that need retries for CMD6" * tag 'mmc-v5.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: Revert "mmc: core: do not retry CMD6 in __mmc_switch()"
-
git://anongit.freedesktop.org/drm/drmLinus Torvalds authored
Pull drm fixes from Dave Airlie: "Live from my friend's couch in Barcelona, latest round of drm fixes. The command line parser regression fixes look a bit larger because they come with selftests included for the bugs they fix. Otherwise a single nouveau, single ingenic and single vmwgfx fix: nouveau: - add missing MODULE_FIRMWARE definitions igenic: - hardcode panel type DPI vmwgfx: - double free fix core: - command line mode parser fixes" * tag 'drm-fixes-2019-09-06' of git://anongit.freedesktop.org/drm/drm: drm/vmwgfx: Fix double free in vmw_recv_msg() drm/nouveau/sec2/gp102: add missing MODULE_FIRMWAREs drm/selftests: modes: Add more unit tests for the cmdline parser drm/modes: Introduce a whitelist for the named modes drm/modes: Fix the command line parser to take force options into account drm/modes: Add a switch to differentiate free standing options drm/ingenic: Hardcode panel type to DPI
-
git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhostLinus Torvalds authored
Pull virtio fixes from Michael Tsirkin: "virtio, vhost, and balloon bugfixes. A couple of last minute bugfixes. And a revert of a failed attempt at metadata access optimization - we'll try again in the next cycle" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: mm/balloon_compaction: suppress allocation warnings Revert "vhost: access vq metadata through kernel virtual address" vhost: Remove unnecessary variable virtio-net: lower min ring num_free for efficiency vhost/test: fix build for vhost test vhost/test: fix build for vhost test
-
git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linuxLinus Torvalds authored
Pull powerpc fixes from Michael Ellerman: "One fix for a boot hang on some Freescale machines when PREEMPT is enabled. Two CVE fixes for bugs in our handling of FP registers and transactional memory, both of which can result in corrupted FP state, or FP state leaking between processes. Thanks to: Chris Packham, Christophe Leroy, Gustavo Romero, Michael Neuling" * tag 'powerpc-5.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction powerpc/64e: Drop stale call to smp_processor_id() which hangs SMP startup
-
Sasha Levin authored
Add Sasha Levin as Microsoft's process ambassador. Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Link: https://lore.kernel.org/r/20190906095852.23568-1-sashal@kernel.orgSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
Lee Jones authored
When booting with ACPI, the Geni Serial Engine is not set as the I2C/SPI parent and thus, the wrapper (parent device) is unassigned. This causes the kernel to crash with a null dereference error. Link: https://lore.kernel.org/r/20190905082555.15020-1-lee.jones@linaro.org Fixes: 8bc529b2 ("soc: qcom: geni: Add support for ACPI") Acked-by: Bjorn Andersson <bjorn.andersson@linaro.org> Reviewed-by: Stephen Boyd <sboyd@kernel.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de>
-
Joerg Roedel authored
After the conversion to lock-less dma-api call the increase_address_space() function can be called without any locking. Multiple CPUs could potentially race for increasing the address space, leading to invalid domain->mode settings and invalid page-tables. This has been happening in the wild under high IO load and memory pressure. Fix the race by locking this operation. The function is called infrequently so that this does not introduce a performance regression in the dma-api path again. Reported-by: Qian Cai <cai@lca.pw> Fixes: 256e4621 ('iommu/amd: Make use of the generic IOVA allocator') Signed-off-by: Joerg Roedel <jroedel@suse.de>
-
Stuart Hayes authored
When devices are attached to the amd_iommu in a kdump kernel, the old device table entries (DTEs), which were copied from the crashed kernel, will be overwritten with a new domain number. When the new DTE is written, the IOMMU is told to flush the DTE from its internal cache--but it is not told to flush the translation cache entries for the old domain number. Without this patch, AMD systems using the tg3 network driver fail when kdump tries to save the vmcore to a network system, showing network timeouts and (sometimes) IOMMU errors in the kernel log. This patch will flush IOMMU translation cache entries for the old domain when a DTE gets overwritten with a new domain number. Signed-off-by: Stuart Hayes <stuart.w.hayes@gmail.com> Fixes: 3ac3e5ee ('iommu/amd: Copy old trans table from old kernel') Signed-off-by: Joerg Roedel <jroedel@suse.de>
-
git://anongit.freedesktop.org/drm/drm-miscDave Airlie authored
drm-misc-fixes for v5.3 final: - Make ingenic panel type DPI insteado f unknown. - Fixes for command line parser modes. Signed-off-by: Dave Airlie <airlied@redhat.com> From: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Link: https://patchwork.freedesktop.org/patch/msgid/606d87b2-1840-c893-eb30-d6c471c9e50a@linux.intel.com
-
git://people.freedesktop.org/~thomash/linuxDave Airlie authored
Single vmwgfx double free fix. Signed-off-by: Dave Airlie <airlied@redhat.com>
-
- 05 Sep, 2019 8 commits
-
-
Hillf Danton authored
If a request_key authentication token key gets revoked, there's a window in which request_key_auth_describe() can see it with a NULL payload - but it makes no check for this and something like the following oops may occur: BUG: Kernel NULL pointer dereference at 0x00000038 Faulting instruction address: 0xc0000000004ddf30 Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [...] request_key_auth_describe+0x90/0xd0 LR [...] request_key_auth_describe+0x54/0xd0 Call Trace: [...] request_key_auth_describe+0x54/0xd0 (unreliable) [...] proc_keys_show+0x308/0x4c0 [...] seq_read+0x3d0/0x540 [...] proc_reg_read+0x90/0x110 [...] __vfs_read+0x3c/0x70 [...] vfs_read+0xb4/0x1b0 [...] ksys_read+0x7c/0x130 [...] system_call+0x5c/0x70 Fix this by checking for a NULL pointer when describing such a key. Also make the read routine check for a NULL pointer to be on the safe side. [DH: Modified to not take already-held rcu lock and modified to also check in the read routine] Fixes: 04c567d9 ("[PATCH] Keys: Fix race between two instantiators of a key") Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com> Signed-off-by: Hillf Danton <hdanton@sina.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-
git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/soundLinus Torvalds authored
Pull sound fixes from Takashi Iwai: "A collection of small HD-audio fixes: - A regression fix for Realtek codecs due to the recent initialization procedure change - A fix for potential endless loop at the quirk table lookup - Quirks for Lenovo, ASUS and HP machines" * tag 'sound-5.3-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL ALSA: hda/realtek - Add quirk for HP Pavilion 15 ALSA: hda/realtek - Fix overridden device-specific initialization ALSA: hda - Fix potential endless loop at applying quirks
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull x86 fixes from Ingo Molnar: "Misc fixes: - EFI boot fix for signed kernels - an AC flags fix related to UBSAN - Hyper-V infinite loop fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/hyper-v: Fix overflow bug in fill_gva_list() x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation x86/boot: Preserve boot_params.secure_boot from sanitizing
-
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tipLinus Torvalds authored
Pull scheduler fixes from Ingo Molnar: "This fixes an ABI bug introduced this cycle, plus fixes a throttling bug" * 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: sched/core: Fix uclamp ABI bug, clean up and robustify sched_read_attr() ABI logic and code sched/fair: Don't assign runtime for throttled cfs_rq
-
git://github.com/ojeda/linuxLinus Torvalds authored
Pull clang-format update from Miguel Ojeda: "Update with the latest for_each macro list" * tag 'clang-format-for-linus-v5.3-rc8' of git://github.com/ojeda/linux: clang-format: Update with the latest for_each macro list
-
Arnd Bergmann authored
Merge tag 'renesas-fixes2-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into arm/fixes Second Round of Renesas ARM Based SoC Fixes for v5.3 * RZ/G2M based HiHope main board - Re-enabled accidently disabled SDHI3 (eMMC) support * tag 'renesas-fixes2-for-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas: arm64: dts: renesas: hihope-common: Fix eMMC status Link: https://lore.kernel.org/r/cover.1567675986.git.horms+renesas@verge.net.auSigned-off-by: Arnd Bergmann <arnd@arndb.de>
-
Dan Carpenter authored
We recently added a kfree() after the end of the loop: if (retries == RETRIES) { kfree(reply); return -EINVAL; } There are two problems. First the test is wrong and because retries equals RETRIES if we succeed on the last iteration through the loop. Second if we fail on the last iteration through the loop then the kfree is a double free. When you're reading this code, please note the break statement at the end of the while loop. This patch changes the loop so that if it's not successful then "reply" is NULL and we can test for that afterward. Cc: <stable@vger.kernel.org> Fixes: 6b7c3b86 ("drm/vmwgfx: fix memory leak when too many retries have occurred") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com> Signed-off-by: Thomas Hellstrom <thellstrom@vmware.com>
-
Kees Cook authored
This adds myself as the Google contact for embargoed hardware security issues and fixes some small typos. Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Matt Linton <amuse@google.com> Cc: Matthew Garrett <mjg59@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Guenter Roeck <groeck@chromium.org> Link: https://lore.kernel.org/r/201909040922.56496BF70@keescookSigned-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-