If the part of the compression data are corrupted, or the compression
data is totally fake, the memory access over the limit is possible.
This is the log from my system usning lz4 decompression.
[6502]data abort, halting
[6503]r0 0x00000000 r1 0x00000000 r2 0xdcea0ffc r3 0xdcea0ffc
[6509]r4 0xb9ab0bfd r5 0xdcea0ffc r6 0xdcea0ff8 r7 0xdce80000
[6515]r8 0x00000000 r9 0x00000000 r10 0x00000000 r11 0xb9a98000
[6522]r12 0xdcea1000 usp 0x00000000 ulr 0x00000000 pc 0x820149bc
[6528]spsr 0x400001f3
and the memory addresses of some variables at the moment are
ref:0xdcea0ffc, op:0xdcea0ffc, oend:0xdcea1000
As you can see, COPYLENGH is 8bytes, so @ref and @op can access the momory
over @oend.
Signed-off-by: JeHyeon Yeon <tom.yeon@windriver.com>
Reviewed-by: David Sterba <dsterba@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kernfs supports two styles of read: direct_read and seqfile_read.
The latter supports 'poll' correctly thanks to the update of
'->event' in kernfs_seq_show.
The former does not as '->event' is never updated on a read.
So add an appropriate update in kernfs_file_direct_read().
This was noticed because some 'md' sysfs attributes were
recently changed to use direct reads.
Reported-by: Prakash Punnoor <prakash@punnoor.de>
Reported-by: Torsten Kaiser <just.for.lkml@googlemail.com>
Fixes: 750f199ee8
Signed-off-by: NeilBrown <neilb@suse.de>
Acked-by: Tejun Heo <tj@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Pull drm fix from Dave Airlie:
"An oops snuck in in an -rc3 patch, this fixes it"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
[PATCH] drm/mm: Fix support 4 GiB and larger ranges
Pull clock framework fixes from Michael Turquette:
"The clk fixes for 4.0-rc4 comprise three themes.
First are the usual driver fixes for new regressions since v3.19.
Second are fixes to the common clock divider type caused by recent
changes to how we round clock rates. This affects many clock drivers
that use this common code.
Finally there are fixes for drivers that improperly compared struct
clk pointers (drivers must not deref these pointers). While some of
these drivers have done this for a long time, this did not cause a
problem until we started generating unique struct clk pointers for
every consumer. A new function, clk_is_match was introduced to get
these drivers working again and they are fixed up to no longer deref
the pointers themselves"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
ASoC: kirkwood: fix struct clk pointer comparing
ASoC: fsl_spdif: fix struct clk pointer comparing
ARM: imx: fix struct clk pointer comparing
clk: introduce clk_is_match
clk: don't export static symbol
clk: divider: fix calculation of initial best divider when rounding to closest
clk: divider: fix selection of divider when rounding to closest
clk: divider: fix calculation of maximal parent rate for a given divider
clk: divider: return real rate instead of divider value
clk: qcom: fix platform_no_drv_owner.cocci warnings
clk: qcom: fix platform_no_drv_owner.cocci warnings
clk: qcom: Add PLL4 vote clock
clk: qcom: lcc-msm8960: Fix PLL rate detection
clk: qcom: Fix slimbus n and m val offsets
clk: ti: Fix FAPLL parent enable bit handling
bad argument if(tmp)... in check_free_hole
fix oops: kernel BUG at drivers/gpu/drm/drm_mm.c:305!
[airlied: excellent, this was my task for today].
Signed-off-by: Krzysztof Kolasa <kkolasa@winsoft.pl>
Reviewed-by: Chris wilson <chris@chris-wilson.co.uk>
Signed-off-by: Dave Airlie <airlied@redhat.com>
Pull ARM SoC fixes from Arnd Bergmann:
"This is a rather unpleasantly large set of bug fixes for arm-soc, Most
of them because of cross-tree dependencies for Exynos where we should
have figured out the right path to merge things before the merge
window, and then the maintainer being unable to sort things out in
time during a business trip.
The other changes contained here are the usual collection:
MAINTAINERS file updates
- Gregory Clement is now a co-maintainer for the legacy Marvell EBU
platforms
- A MAINTAINERS entry for the Freescale Vybrid platform that was
added last year
- Matt Porter no longer works as a maintainer on Broadcom SoCs
Build-time issues
- A compile-time error for at91
- Several minor DT fixes on at91, imx, exynos, socfpga, and omap
- The new digicolor platform was not correctly enabled at all
Configuration issues
- Two defconfig fix for regressions using USB on versatile express
and on OMAP3
- Enabling all 8 CPUs on Allwinner/SUNxi
- Enabling the new STiH410 platform to be usable
Bug fixes in platform code
- A missing barrier for socfpga
- Fixing LPDDR1 self-refresh mode on at91
- Fixing RTC interrupt numbers on Exynos3250
- Fixing a cache-coherency issues in CPU power-down on Exynos5
- Multiple small OMAP power management fixes"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (69 commits)
MAINTAINERS: Add myself as co-maintainer to the legacy support of the mvebu SoCs
ARM: at91: pm_slowclock: fix the compilation error
ARM: at91/dt: fix USB high-speed clock to select UTMI
ARM: at91/dt: fix at91 udc compatible strings
ARM: at91/dt: declare matrix node as a syscon device
ARM: vexpress: update CONFIG_USB_ISP1760 option
ARM: digicolor: add the machine directory to Makefile
ARM: STi: Add STiH410 SoC support
MAINTAINERS: add Freescale Vybrid SoC
MAINTAINERS: Remove self as ARM mach-bcm co-maintainer
ARM: imx6sl-evk: set swbst_reg as vbus's parent reg
ARM: imx6qdl-sabresd: set swbst_reg as vbus's parent reg
ARM: at91/dt: at91sam9261: fix clocks and clock-names in udc definition
ARM: OMAP2+: Fix wl12xx on dm3730-evm with mainline u-boot
ARM: OMAP: enable TWL4030_USB in omap2plus_defconfig
ARM: dts: dra7x-evm: avoid possible contention while muxing on CAN lines
ARM: dts: dra7x-evm: Don't use dcan1_rx.gpio1_15 in DCAN pinctrl
ARM: dts: am43xx: fix SLEWCTRL_FAST pinctrl binding
ARM: dts: am33xx: fix SLEWCTRL_FAST pinctrl binding
ARM: dts: OMAP5: fix polling intervals for thermal zones
...
Pull irqchip fixes from Jason Cooper:
"armada-370-xp:
- Chained per-cpu interrupts
gic{,-v3,v3-its}"
- Various fixes for safer operation"
* tag 'irqchip-fixes-4.0' of git://git.infradead.org/users/jcooper/linux:
irqchip: gicv3-its: Support safe initialization
irqchip: gicv3-its: Define macros for GITS_CTLR fields
irqchip: gicv3-its: Add limitation to page order
irqchip: gicv3-its: Use 64KB page as default granule
irqchip: gicv3-its: Zero itt before handling to hardware
irqchip: gic-v3: Fix out of bounds access to cpu_logical_map
irqchip: gic: Fix unsafe locking reported by lockdep
irqchip: gicv3-its: Fix unsafe locking reported by lockdep
irqchip: gicv3-its: Iterate over PCI aliases to generate ITS configuration
irqchip: gicv3-its: Allocate enough memory for the full range of DeviceID
irqchip: gicv3-its: Fix ITS CPU init
irqchip: armada-370-xp: Fix chained per-cpu interrupts
Pull drm fixes from Dave Airlie:
"Misc i915, vmwgfx and radeon fixes along with a fix for one of those
recursive sleep mutex debug cases in the mst code"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/vmwgfx: Fix an issue with the device losing its irq line on module unload
drm/vmwgfx: Correctly NULLify dma buffer pointer on failure
drm/vmwgfx: Reorder device takedown somewhat
drm/vmwgfx: Fix a couple of lock dependency violations
drm/radeon: drop setting UPLL to sleep mode
drm/radeon: fix wait to actually occur after the signaling callback
drm/i915: Prevent TLB error on first execution on SNB
drm/i915: Do both mt and gen6 style forcewake reset on ivb probe
drm/i915: Make WAIT_IOCTL negative timeouts be indefinite again
drm/i915: use in_interrupt() not in_irq() to check context
drm/mst: fix recursive sleep warning on qlock
drm: Don't assign fbs for universal cursor support to files
Pull SCSI fix from James Bottomley:
"This is a simple fix for a domain revalidation crash which has
recently turned up in the libsas code (applies to mvsas, isc and
aic94xx)"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
libsas: Fix Kernel Crash in smp_execute_task
Pull file locking bugfix from Jeff Layton:
"Just a small fix for a potential problem in one of the lease
tracepoints"
* tag 'locks-v4.0-4' of git://git.samba.org/jlayton/linux:
locks: fix generic_delete_lease tracepoint to use victim pointer
Pull VFIO fix from Alex Williamson:
"Add missing break to avoid clobbering ioctl (Alexey Kardashevskiy)"
* tag 'vfio-v4.0-rc4' of git://github.com/awilliam/linux-vfio:
vfio-pci: Add missing break to enable VFIO_PCI_ERR_IRQ_INDEX
Pull arm64 fixes from Catalin Marinas:
- add TLB invalidation for page table tear-down which was missed when
support for CONFIG_HAVE_RCU_TABLE_FREE was added (assuming page table
freeing was always deferred)
- use UEFI for system and reset poweroff if available
- fix asm label placement in relation to the alignment statement
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: put __boot_cpu_mode label after alignment instead of before
efi/arm64: use UEFI for system reset and poweroff
arm64: Invalidate the TLB corresponding to intermediate page table levels
Pull Kselftest fix from Shuah Khan:
"selftests/exec: Check if the syscall exists and bail if not"
* tag 'linux-kselftest-4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest:
selftests/exec: Check if the syscall exists and bail if not
It's possible that "fl" won't point at a valid lock at this point, so
use "victim" instead which is either a valid lock or NULL.
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Another one for the big head.S spring cleaning: the label should
be after the .align or it may point to the padding.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
If UEFI Runtime Services are available, they are preferred over direct
PSCI calls or other methods to reset the system.
For the reset case, we need to hook into machine_restart(), as the
arm_pm_restart function pointer may be overwritten by modules.
Tested-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Mark Rutland <mark.rutland@arm.com>
Reviewed-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
The ARM architecture allows the caching of intermediate page table
levels and page table freeing requires a sequence like:
pmd_clear()
TLB invalidation
pte page freeing
With commit 5e5f6dc105 (arm64: mm: enable HAVE_RCU_TABLE_FREE logic),
the page table freeing batching was moved from tlb_remove_page() to
tlb_remove_table(). The former takes care of TLB invalidation as this is
also shared with pte clearing and page cache page freeing. The latter,
however, does not invalidate the TLBs for intermediate page table levels
as it probably relies on the architecture code to do it if required.
When the mm->mm_users < 2, tlb_remove_table() does not do any batching
and page table pages are freed before tlb_finish_mmu() which performs
the actual TLB invalidation.
This patch introduces __tlb_flush_pgtable() for arm64 and calls it from
the {pte,pmd,pud}_free_tlb() directly without relying on deferred page
table freeing.
Fixes: 5e5f6dc105 arm64: mm: enable HAVE_RCU_TABLE_FREE logic
Reported-by: Jon Masters <jcm@redhat.com>
Tested-by: Jon Masters <jcm@redhat.com>
Tested-by: Steve Capper <steve.capper@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Pull power management and ACPI fixes from Rafael Wysocki:
"Just two fixes, one for an ACPI LPSS driver issue introduced during
the 3.17 cycle and one revert of a recent commit that sort of broke
the cpupower tool.
Specifics:
- Fix an ACPI LPSS (Low-Power Subsystem) driver issue causing the
8250_dw driver to confuse an LPSS clock with another one it is
supposed to handle due to the lack of identification allowing it to
tell those clocks apart (Heikki Krogerus).
- Revert a recent commit that was supposed to improve the usability
of the cpupower tool, but clearly did the opposite (Josh Boyer)"
* tag 'pm+acpi-4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Revert "cpupower Makefile change to help run the tool without 'make install'"
ACPI / LPSS: provide con_id for the clkdev
Pull xen bug fixes from David Vrabel:
- fix a PV regression in 3.19.
- fix a dom0 crash on hosts with large numbers of PIRQs.
- prevent pcifront from disabling memory or I/O port access, which may
trigger host crashes.
* tag 'stable/for-linus-4.0-rc3-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen-pciback: limit guest control of command register
xen/events: avoid NULL pointer dereference in dom0 on large machines
xen: Remove trailing semicolon from xenbus_register_frontend() definition
x86/xen: correct bug in p2m list initialization
Pull sound fixes from Takashi Iwai:
"This is a round of HD-audio fixes: there are a long-standing
regression fix and a few more device/codec-specific quirks.
In addition, a couple of FireWire regression fixes, a USB-audio quirk
for Roland UA-22 and a sanity check in API for user-defined control
elements"
* tag 'sound-4.0-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Don't access stereo amps for mono channel widgets
ALSA: hda - Add workaround for MacBook Air 5,2 built-in mic
ALSA: hda - Set single_adc_amp flag for CS420x codecs
ALSA: snd-usb: add quirks for Roland UA-22
ALSA: control: Add sanity checks for user ctl id name string
ALSA: hda - Fix built-in mic on Compaq Presario CQ60
ALSA: firewire-lib: leave unit reference counting completely
Revert "ALSA: dice: fix wrong offsets for Dice interface"
ALSA: hda - Fix regression of HD-audio controller fallback modes
Pull DeviceTree fixes from Rob Herring:
- fix for stdout-path option parsing with added unittest
- fix for stdout-path interaction with earlycon
- several DT unittest fixes
- fix Sparc allmodconfig build error on of_platform_register_reconfig_notifier
- several DT overlay kconfig and build warning fixes
- several DT binding documentation updates
* tag 'devicetree-fixes-for-4.0' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux:
of/platform: Fix sparc:allmodconfig build
of: unittest: Add options string testcase variants
of: fix handling of '/' in options for of_find_node_by_path()
of/unittest: Fix the wrong expected value in of_selftest_property_string
of/unittest: remove the duplicate of_changeset_init
dt: submitting-patches: clarify that DT maintainers are to be cced on bindings
of: unittest: fix I2C dependency
of/overlay: Remove unused variable
Documentation: DT: Renamed of-serial.txt to 8250.txt
of: Fix premature bootconsole disable with 'stdout-path'
serial: add device tree binding documentation for ETRAX FS UART
of/overlay: Directly include idr.h
of: Drop superfluous dependance for OF_OVERLAY
of: Add vendor prefix for Arasan
of: Add prompt for OF_OVERLAY config
JeHyeon Yeon
NeilBrown
Linus Torvalds
Krzysztof Kolasa
Jason Cooper
Jeff Layton
Ard Biesheuvel
Catalin Marinas
Gregory CLEMENT
Rafael J. Wysocki