--- /dev/null
+From 6e3dac6099873fc520419ead0d4af2ba0dd91abc Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 23 Jul 2020 19:04:53 +0200
+Subject: media: davinci: vpif_capture: fix potential double free
+
+From: Evgeny Novikov <novikov@ispras.ru>
+
+[ Upstream commit 602649eadaa0c977e362e641f51ec306bc1d365d ]
+
+In case of errors vpif_probe_complete() releases memory for vpif_obj.sd
+and unregisters the V4L2 device. But then this is done again by
+vpif_probe() itself. The patch removes the cleaning from
+vpif_probe_complete().
+
+Found by Linux Driver Verification project (linuxtesting.org).
+
+Signed-off-by: Evgeny Novikov <novikov@ispras.ru>
+Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
+Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/media/platform/davinci/vpif_capture.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/drivers/media/platform/davinci/vpif_capture.c b/drivers/media/platform/davinci/vpif_capture.c
+index c1e573b7cc6fb..50122ac2ac028 100644
+--- a/drivers/media/platform/davinci/vpif_capture.c
++++ b/drivers/media/platform/davinci/vpif_capture.c
+@@ -1417,8 +1417,6 @@ probe_out:
+ /* Unregister video device */
+ video_unregister_device(&ch->video_dev);
+ }
+- kfree(vpif_obj.sd);
+- v4l2_device_unregister(&vpif_obj.v4l2_dev);
+
+ return err;
+ }
+--
+2.25.1
+
--- /dev/null
+From d3b3eda8c555e0200f009b7b415c941d0e1dc445 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Jul 2020 15:22:46 +0200
+Subject: powerpc/spufs: add CONFIG_COREDUMP dependency
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+[ Upstream commit b648a5132ca3237a0f1ce5d871fff342b0efcf8a ]
+
+The kernel test robot pointed out a slightly different error message
+after recent commit 5456ffdee666 ("powerpc/spufs: simplify spufs core
+dumping") to spufs for a configuration that never worked:
+
+ powerpc64-linux-ld: arch/powerpc/platforms/cell/spufs/file.o: in function `.spufs_proxydma_info_dump':
+>> file.c:(.text+0x4c68): undefined reference to `.dump_emit'
+ powerpc64-linux-ld: arch/powerpc/platforms/cell/spufs/file.o: in function `.spufs_dma_info_dump':
+ file.c:(.text+0x4d70): undefined reference to `.dump_emit'
+ powerpc64-linux-ld: arch/powerpc/platforms/cell/spufs/file.o: in function `.spufs_wbox_info_dump':
+ file.c:(.text+0x4df4): undefined reference to `.dump_emit'
+
+Add a Kconfig dependency to prevent this from happening again.
+
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Acked-by: Jeremy Kerr <jk@ozlabs.org>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20200706132302.3885935-1-arnd@arndb.de
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/platforms/cell/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/powerpc/platforms/cell/Kconfig b/arch/powerpc/platforms/cell/Kconfig
+index 429fc59d2a476..9acca9c79ef62 100644
+--- a/arch/powerpc/platforms/cell/Kconfig
++++ b/arch/powerpc/platforms/cell/Kconfig
+@@ -50,6 +50,7 @@ config SPU_FS
+ tristate "SPU file system"
+ default m
+ depends on PPC_CELL
++ depends on COREDUMP
+ select SPU_BASE
+ select MEMORY_HOTPLUG
+ help
+--
+2.25.1
+
ceph-fix-potential-mdsc-use-after-free-crash.patch
scsi-fcoe-memory-leak-fix-in-fcoe_sysfs_fcf_del.patch
edac-ie31200-fallback-if-host-bridge-device-is-alrea.patch
+media-davinci-vpif_capture-fix-potential-double-free.patch
+powerpc-spufs-add-config_coredump-dependency.patch
+usb-sisusbvga-fix-a-potential-ub-casued-by-left-shif.patch
--- /dev/null
+From 16ca66f4fd88dde9fa42173bcf0ad261e4705940 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 11 Jul 2020 00:30:18 -0400
+Subject: USB: sisusbvga: Fix a potential UB casued by left shifting a negative
+ value
+
+From: Changming Liu <charley.ashbringer@gmail.com>
+
+[ Upstream commit 2b53a19284f537168fb506f2f40d7fda40a01162 ]
+
+The char buffer buf, receives data directly from user space,
+so its content might be negative and its elements are left
+shifted to form an unsigned integer.
+
+Since left shifting a negative value is undefined behavior, thus
+change the char to u8 to elimintate this UB.
+
+Signed-off-by: Changming Liu <charley.ashbringer@gmail.com>
+Link: https://lore.kernel.org/r/20200711043018.928-1-charley.ashbringer@gmail.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/usb/misc/sisusbvga/sisusb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/usb/misc/sisusbvga/sisusb.c b/drivers/usb/misc/sisusbvga/sisusb.c
+index 22da70fada5e5..971f1165dc4bb 100644
+--- a/drivers/usb/misc/sisusbvga/sisusb.c
++++ b/drivers/usb/misc/sisusbvga/sisusb.c
+@@ -790,7 +790,7 @@ static int sisusb_write_mem_bulk(struct sisusb_usb_data *sisusb, u32 addr,
+ u8 swap8, fromkern = kernbuffer ? 1 : 0;
+ u16 swap16;
+ u32 swap32, flag = (length >> 28) & 1;
+- char buf[4];
++ u8 buf[4];
+
+ /* if neither kernbuffer not userbuffer are given, assume
+ * data in obuf
+--
+2.25.1
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
