1. 11 Aug, 2015 4 commits
  2. 10 Aug, 2015 2 commits
  3. 09 Aug, 2015 1 commit
  4. 07 Aug, 2015 1 commit
    • Dongjin Kim's avatar
      media/rc: Fix taint warning when driver is loaded · c428c5cf
      Dongjin Kim authored
      ------------[ cut here ]------------
      WARNING: CPU: 7 PID: 1772 at drivers/base/dd.c:286 driver_probe_device+0x254/0x2b4()
      Modules linked in: gpioplug_ir_recv(+) gpio_ir_recv rc_core fbtft_device(C) fbtft(C) syscs
      CPU: 7 PID: 1772 Comm: modprobe Tainted: G         C 4.2.0-rc1+ #10
      Hardware name: SAMSUNG EXYNOS (Flattened Device Tree)
      [<c0015824>] (unwind_backtrace) from [<c0012798>] (show_stack+0x10/0x14)
      [<c0012798>] (show_stack) from [<c0512fe0>] (dump_stack+0x84/0xc4)
      [<c0512fe0>] (dump_stack) from [<c0028ef8>] (warn_slowpath_common+0x80/0xb0)
      [<c0028ef8>] (warn_slowpath_common) from [<c0028fc4>] (warn_slowpath_null+0x1c/0x24)
      [<c0028fc4>] (warn_slowpath_null) from [<c0362318>] (driver_probe_device+0x254/0x2b4)
      [<c0362318>] (driver_probe_device) from [<c0360878>] (bus_for_each_drv+0x60/0x94)
      [<c0360878>] (bus_for_each_drv) from [<c0362054>] (__device_attach+0x8c/0xd8)
      [<c0362054>] (__device_attach) from [<c03617a4>] (bus_probe_device+0x84/0x8c)
      [<c03617a4>] (bus_probe_device) from [<c035fb90>] (device_add+0x3e8/0x570)
      [<c035fb90>] (device_add) from [<c0363c80>] (platform_device_add+0x84/0x188)
      [<c0363c80>] (platform_device_add) from [<bf03f09c>] (gpio_init+0x9c/0xfc [gpioplug_ir_re)
      [<bf03f09c>] (gpio_init [gpioplug_ir_recv]) from [<c0009710>] (do_one_initcall+0x8c/0x1d4)
      [<c0009710>] (do_one_initcall) from [<c051236c>] (do_init_module+0x5c/0x1cc)
      [<c051236c>] (do_init_module) from [<c008eb4c>] (load_module+0x164c/0x1e08)
      [<c008eb4c>] (load_module) from [<c008f49c>] (SyS_finit_module+0x68/0x78)
      [<c008f49c>] (SyS_finit_module) from [<c000f500>] (ret_fast_syscall+0x0/0x3c)
      ---[ end trace 5040610fa9a8c931 ]---
      
      Change-Id: If08f987033d521d85f3aaff50fd90c506eea5e0d
      Signed-off-by: default avatarDongjin Kim <tobetter@gmail.com>
      c428c5cf
  5. 06 Aug, 2015 2 commits
  6. 03 Aug, 2015 1 commit
  7. 01 Aug, 2015 2 commits
  8. 30 Jul, 2015 3 commits
  9. 27 Jul, 2015 2 commits
  10. 22 Jul, 2015 1 commit
  11. 14 Jul, 2015 1 commit
  12. 13 Jul, 2015 4 commits
  13. 10 Jul, 2015 1 commit
  14. 09 Jul, 2015 2 commits
  15. 08 Jul, 2015 2 commits
  16. 07 Jul, 2015 5 commits
  17. 03 Jul, 2015 1 commit
  18. 30 Jun, 2015 2 commits
  19. 29 Jun, 2015 3 commits
    • Greg Kroah-Hartman's avatar
      Linux 3.10.82 · b3d78448
      Greg Kroah-Hartman authored
      b3d78448
    • James Smart's avatar
      lpfc: Add iotag memory barrier · 17c06c69
      James Smart authored
      commit 27f344eb15dd0da80ebec80c7245e8c85043f841 upstream.
      
      Add a memory barrier to ensure the valid bit is read before
      any of the cqe payload is read. This fixes an issue seen
      on Power where the cqe payload was getting loaded before
      the valid bit. When this occurred, we saw an iotag out of
      range error when a command completed, but since the iotag
      looked invalid the command didn't get completed to scsi core.
      Later we hit the command timeout, attempted to abort the command,
      then waited for the aborted command to get returned. Since the
      adapter already returned the command, we timeout waiting,
      and end up escalating EEH all the way to host reset. This
      patch fixes this issue.
      Signed-off-by: default avatarBrian King <brking@linux.vnet.ibm.com>
      Signed-off-by: default avatarJames Smart <james.smart@emulex.com>
      Signed-off-by: default avatarChristoph Hellwig <hch@lst.de>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      17c06c69
    • Ben Hutchings's avatar
      pipe: iovec: Fix memory corruption when retrying atomic copy as non-atomic · 14f81062
      Ben Hutchings authored
      pipe_iov_copy_{from,to}_user() may be tried twice with the same iovec,
      the first time atomically and the second time not.  The second attempt
      needs to continue from the iovec position, pipe buffer offset and
      remaining length where the first attempt failed, but currently the
      pipe buffer offset and remaining length are reset.  This will corrupt
      the piped data (possibly also leading to an information leak between
      processes) and may also corrupt kernel memory.
      
      This was fixed upstream by commits f0d1bec9d58d ("new helper:
      copy_page_from_iter()") and 637b58c2887e ("switch pipe_read() to
      copy_page_to_iter()"), but those aren't suitable for stable.  This fix
      for older kernel versions was made by Seth Jennings for RHEL and I
      have extracted it from their update.
      
      CVE-2015-1805
      
      References: https://bugzilla.redhat.com/show_bug.cgi?id=1202855Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      14f81062