Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v4.20 2018-12-05T09:37:29Z 2018-12-05T09:37:29Z Alexander Theissen alex.theissen@me.com 2018-12-04T22:43:35Z urn:sha1:d7859905301880ad3e16272399d26900af3ac496 Add another Apple Cinema Display to the list of supported displays. Signed-off-by: Alexander Theissen <alex.theissen@me.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-11-07T12:23:18Z Mattias Jacobsson 2pi@mok.nu 2018-10-21T09:25:37Z urn:sha1:f6501f49199097b99e4e263644d88c90d1ec1060 Add another Apple Cinema Display to the list of supported displays Signed-off-by: Mattias Jacobsson <2pi@mok.nu> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-10-18T17:44:39Z Mattias Jacobsson 2pi@mok.nu 2018-10-16T12:20:08Z urn:sha1:090158555ff8d194a98616034100b16697dd80d0 Upon success the update_status handler returns a positive number corresponding to the number of bytes transferred by usb_control_msg. However the return code of the update_status handler should indicate if an error occurred(negative) or how many bytes of the user's input to sysfs that was consumed. Return code zero indicates all bytes were consumed. The bug can for example result in the update_status handler being called twice, the second time with only the "unconsumed" part of the user's input to sysfs. Effectively setting an incorrect brightness. Change the update_status handler to return zero for all successful transactions and forward usb_control_msg's error code upon failure. Signed-off-by: Mattias Jacobsson <2pi@mok.nu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-16T20:44:14Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2018-09-16T20:44:14Z urn:sha1:1652a83fa494b12e20fc02a2cc3ddbcd75d53170 We need the USB fixes in here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-10T18:06:48Z Ding Xiang dingxiang@cmss.chinamobile.com 2018-08-30T09:31:18Z urn:sha1:9d20bca54b6a92dff75e85dce29b202847b48232 simple_strtoul is obsolete, and use kstrtoint instead Signed-off-by: Ding Xiang <dingxiang@cmss.chinamobile.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-10T18:05:28Z Gustavo A. R. Silva gustavo@embeddedor.com 2018-08-23T17:55:27Z urn:sha1:23feefda22392d44ee4101dfcf946bc87a6c74b3 A common flaw in the kernel is integer overflow during memory allocation size calculations. In an effort to reduce the frequency of these bugs, kmalloc_array was implemented, which allocates memory for an array, while at the same time detects integer overflow. This patch replaces cases of: kmalloc(a * b, gfp) with: kmalloc_array(a, b, gfp) Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-05T12:36:53Z Jia-Ju Bai baijiaju1990@gmail.com 2018-09-01T08:25:08Z urn:sha1:bc8acc214d3f1cafebcbcd101a695bbac716595d async_complete() in uss720.c is a completion handler function for the USB driver. So it should not sleep, but it is can sleep according to the function call paths (from bottom to top) in Linux-4.16. [FUNC] set_1284_register(GFP_KERNEL) drivers/usb/misc/uss720.c, 372: set_1284_register in parport_uss720_frob_control drivers/parport/ieee1284.c, 560: [FUNC_PTR]parport_uss720_frob_control in parport_ieee1284_ack_data_avail drivers/parport/ieee1284.c, 577: parport_ieee1284_ack_data_avail in parport_ieee1284_interrupt ./include/linux/parport.h, 474: parport_ieee1284_interrupt in parport_generic_irq drivers/usb/misc/uss720.c, 116: parport_generic_irq in async_complete [FUNC] get_1284_register(GFP_KERNEL) drivers/usb/misc/uss720.c, 382: get_1284_register in parport_uss720_read_status drivers/parport/ieee1284.c, 555: [FUNC_PTR]parport_uss720_read_status in parport_ieee1284_ack_data_avail drivers/parport/ieee1284.c, 577: parport_ieee1284_ack_data_avail in parport_ieee1284_interrupt ./include/linux/parport.h, 474: parport_ieee1284_interrupt in parport_generic_irq drivers/usb/misc/uss720.c, 116: parport_generic_irq in async_complete Note that [FUNC_PTR] means a function pointer call is used. To fix these bugs, GFP_KERNEL is replaced with GFP_ATOMIC. These bugs are found by my static analysis tool DSAC. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Cc: stable <stable@vger.kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-05T11:27:06Z Ben Hutchings ben.hutchings@codethink.co.uk 2018-08-15T20:45:37Z urn:sha1:14427b86837a4baf1c121934c6599bdb67dfa9fc snprintf() always returns the full length of the string it could have printed, even if it was truncated because the buffer was too small. So in case the counter value is truncated, we will over-read from in_buffer and over-write to the caller's buffer. I don't think it's actually possible for this to happen, but in case truncation occurs, WARN and return -EIO. Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-09-05T11:27:06Z Ben Hutchings ben.hutchings@codethink.co.uk 2018-08-15T20:44:25Z urn:sha1:7e10f14ebface44a48275c8d6dc1caae3668d5a9 If the written data starts with a digit, yurex_write() tries to parse it as an integer using simple_strtoull(). This requires a null- terminator, and currently there's no guarantee that there is one. (The sample program at https://github.com/NeoCat/YUREX-driver-for-Linux/blob/master/sample/yurex_clock.pl writes an integer without a null terminator. It seems like it must have worked by chance!) Always add a null byte after the written data. Enlarge the buffer to allow for this. Cc: stable@vger.kernel.org Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2018-07-16T07:09:24Z Greg Kroah-Hartman gregkh@linuxfoundation.org 2018-07-16T07:09:24Z urn:sha1:500f0716b5f7fd6b0ff3d045588c7588ce2eee1d We need the USB fixes in here as well. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>