<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux-stable.git/drivers/staging, branch linux-6.11.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/'/>
<entry>
<title>staging: vchiq_arm: Fix missing refcount decrement in error path for fw_node</title>
<updated>2024-12-05T12:54:25+00:00</updated>
<author>
<name>Javier Carrasco</name>
<email>javier.carrasco.cruz@gmail.com</email>
</author>
<published>2024-10-14T08:56:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=ceda8d727901eb8af1d3ba97f755d7e331ee15ee'/>
<id>ceda8d727901eb8af1d3ba97f755d7e331ee15ee</id>
<content type='text'>
commit 22a3703af127e897dc7df89372b85bb9dc331c5f upstream.

An error path was introduced without including the required call to
of_node_put() to decrement the node's refcount and avoid leaking memory.
If the call to kzalloc() for 'mgmt' fails, the probe returns without
decrementing the refcount.

Use the automatic cleanup facility to fix the bug and protect the code
against new error paths where the call to of_node_put() might be missing
again.

Cc: stable@vger.kernel.org
Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data")
Signed-off-by: Javier Carrasco &lt;javier.carrasco.cruz@gmail.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Reviewed-by: Umang Jain &lt;umang.jain@ideasonboard.com&gt;
Link: https://lore.kernel.org/r/20241014-vchiq_arm-of_node_put-v2-2-cafe0a4c2666@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 22a3703af127e897dc7df89372b85bb9dc331c5f upstream.

An error path was introduced without including the required call to
of_node_put() to decrement the node's refcount and avoid leaking memory.
If the call to kzalloc() for 'mgmt' fails, the probe returns without
decrementing the refcount.

Use the automatic cleanup facility to fix the bug and protect the code
against new error paths where the call to of_node_put() might be missing
again.

Cc: stable@vger.kernel.org
Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data")
Signed-off-by: Javier Carrasco &lt;javier.carrasco.cruz@gmail.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Reviewed-by: Umang Jain &lt;umang.jain@ideasonboard.com&gt;
Link: https://lore.kernel.org/r/20241014-vchiq_arm-of_node_put-v2-2-cafe0a4c2666@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>media: atomisp: Add check for rgby_data memory allocation failure</title>
<updated>2024-12-05T12:53:05+00:00</updated>
<author>
<name>Li Huafei</name>
<email>lihuafei1@huawei.com</email>
</author>
<published>2024-11-04T14:50:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=74aa783682c4d78c69d87898e40c78df1fec204e'/>
<id>74aa783682c4d78c69d87898e40c78df1fec204e</id>
<content type='text'>
[ Upstream commit ed61c59139509f76d3592683c90dc3fdc6e23cd6 ]

In ia_css_3a_statistics_allocate(), there is no check on the allocation
result of the rgby_data memory. If rgby_data is not successfully
allocated, it may trigger the assert(host_stats-&gt;rgby_data) assertion in
ia_css_s3a_hmem_decode(). Adding a check to fix this potential issue.

Fixes: a49d25364dfb ("staging/atomisp: Add support for the Intel IPU v2")
Signed-off-by: Li Huafei &lt;lihuafei1@huawei.com&gt;
Reviewed-by: Andy Shevchenko &lt;andy@kernel.org&gt;
Link: https://lore.kernel.org/r/20241104145051.3088231-1-lihuafei1@huawei.com
Reviewed-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Signed-off-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab+huawei@kernel.org&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit ed61c59139509f76d3592683c90dc3fdc6e23cd6 ]

In ia_css_3a_statistics_allocate(), there is no check on the allocation
result of the rgby_data memory. If rgby_data is not successfully
allocated, it may trigger the assert(host_stats-&gt;rgby_data) assertion in
ia_css_s3a_hmem_decode(). Adding a check to fix this potential issue.

Fixes: a49d25364dfb ("staging/atomisp: Add support for the Intel IPU v2")
Signed-off-by: Li Huafei &lt;lihuafei1@huawei.com&gt;
Reviewed-by: Andy Shevchenko &lt;andy@kernel.org&gt;
Link: https://lore.kernel.org/r/20241104145051.3088231-1-lihuafei1@huawei.com
Reviewed-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Signed-off-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab+huawei@kernel.org&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: vchiq_arm: Use devm_kzalloc() for vchiq_arm_state allocation</title>
<updated>2024-11-14T12:21:14+00:00</updated>
<author>
<name>Umang Jain</name>
<email>umang.jain@ideasonboard.com</email>
</author>
<published>2024-10-16T13:02:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=e216957b89a1f859732d46fdd20be833d2323156'/>
<id>e216957b89a1f859732d46fdd20be833d2323156</id>
<content type='text'>
commit 404b739e895522838f1abdc340c554654d671dde upstream.

The struct vchiq_arm_state 'platform_state' is currently allocated
dynamically using kzalloc(). Unfortunately, it is never freed and is
subjected to memory leaks in the error handling paths of the probe()
function.

To address the issue, use device resource management helper
devm_kzalloc(), to ensure cleanup after its allocation.

Fixes: 71bad7f08641 ("staging: add bcm2708 vchiq driver")
Cc: stable@vger.kernel.org
Signed-off-by: Umang Jain &lt;umang.jain@ideasonboard.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Link: https://lore.kernel.org/r/20241016130225.61024-2-umang.jain@ideasonboard.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 404b739e895522838f1abdc340c554654d671dde upstream.

The struct vchiq_arm_state 'platform_state' is currently allocated
dynamically using kzalloc(). Unfortunately, it is never freed and is
subjected to memory leaks in the error handling paths of the probe()
function.

To address the issue, use device resource management helper
devm_kzalloc(), to ensure cleanup after its allocation.

Fixes: 71bad7f08641 ("staging: add bcm2708 vchiq driver")
Cc: stable@vger.kernel.org
Signed-off-by: Umang Jain &lt;umang.jain@ideasonboard.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Link: https://lore.kernel.org/r/20241016130225.61024-2-umang.jain@ideasonboard.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: vchiq_arm: Use devm_kzalloc() for drv_mgmt allocation</title>
<updated>2024-11-14T12:21:14+00:00</updated>
<author>
<name>Umang Jain</name>
<email>umang.jain@ideasonboard.com</email>
</author>
<published>2024-10-16T13:02:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=a5f8442d4e02d992ce47491e9c60a50cb6f392d8'/>
<id>a5f8442d4e02d992ce47491e9c60a50cb6f392d8</id>
<content type='text'>
commit 807babf69027b4f1c55e72b06879658e83830880 upstream.

The struct drv_mgmt 'mgmt' is currently allocated dynamically using
kzalloc(). Unfortunately, it is subjected to memory leaks in the error
handling paths of the probe() function.

To address this issue, use device resource management
helper devm_kzalloc(), to ensure cleanup after the allocation.

Cc: stable@vger.kernel.org
Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data")
Signed-off-by: Umang Jain &lt;umang.jain@ideasonboard.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Link: https://lore.kernel.org/r/20241016130225.61024-3-umang.jain@ideasonboard.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 807babf69027b4f1c55e72b06879658e83830880 upstream.

The struct drv_mgmt 'mgmt' is currently allocated dynamically using
kzalloc(). Unfortunately, it is subjected to memory leaks in the error
handling paths of the probe() function.

To address this issue, use device resource management
helper devm_kzalloc(), to ensure cleanup after the allocation.

Cc: stable@vger.kernel.org
Fixes: 1c9e16b73166 ("staging: vc04_services: vchiq_arm: Split driver static and runtime data")
Signed-off-by: Umang Jain &lt;umang.jain@ideasonboard.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Link: https://lore.kernel.org/r/20241016130225.61024-3-umang.jain@ideasonboard.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>media: av7110: fix a spectre vulnerability</title>
<updated>2024-11-14T12:21:03+00:00</updated>
<author>
<name>Mauro Carvalho Chehab</name>
<email>mchehab+huawei@kernel.org</email>
</author>
<published>2024-10-15T07:24:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=f3927206c478bd249c225414f7a751752a30e7b9'/>
<id>f3927206c478bd249c225414f7a751752a30e7b9</id>
<content type='text'>
commit 458ea1c0be991573ec436aa0afa23baacfae101a upstream.

As warned by smatch:
	drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110-&gt;ci_slot' [w] (local cap)

There is a spectre-related vulnerability at the code. Fix it.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab+huawei@kernel.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 458ea1c0be991573ec436aa0afa23baacfae101a upstream.

As warned by smatch:
	drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110-&gt;ci_slot' [w] (local cap)

There is a spectre-related vulnerability at the code. Fix it.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Mauro Carvalho Chehab &lt;mchehab+huawei@kernel.org&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()</title>
<updated>2024-11-08T15:30:54+00:00</updated>
<author>
<name>Zicheng Qu</name>
<email>quzicheng@huawei.com</email>
</author>
<published>2024-10-22T13:43:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=dd9e1cf619c945f320e686dcaf13e37ef0b05fdd'/>
<id>dd9e1cf619c945f320e686dcaf13e37ef0b05fdd</id>
<content type='text'>
commit 6bd301819f8f69331a55ae2336c8b111fc933f3d upstream.

In the ad9832_write_frequency() function, clk_get_rate() might return 0.
This can lead to a division by zero when calling ad9832_calc_freqreg().
The check if (fout &gt; (clk_get_rate(st-&gt;mclk) / 2)) does not protect
against the case when fout is 0. The ad9832_write_frequency() function
is called from ad9832_write(), and fout is derived from a text buffer,
which can contain any value.

Link: https://lore.kernel.org/all/2024100904-CVE-2024-47663-9bdc@gregkh/
Fixes: ea707584bac1 ("Staging: IIO: DDS: AD9832 / AD9835 driver")
Cc: stable@vger.kernel.org
Signed-off-by: Zicheng Qu &lt;quzicheng@huawei.com&gt;
Reviewed-by: Nuno Sa &lt;nuno.sa@analog.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Link: https://patch.msgid.link/20241022134354.574614-1-quzicheng@huawei.com
Signed-off-by: Jonathan Cameron &lt;Jonathan.Cameron@huawei.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
commit 6bd301819f8f69331a55ae2336c8b111fc933f3d upstream.

In the ad9832_write_frequency() function, clk_get_rate() might return 0.
This can lead to a division by zero when calling ad9832_calc_freqreg().
The check if (fout &gt; (clk_get_rate(st-&gt;mclk) / 2)) does not protect
against the case when fout is 0. The ad9832_write_frequency() function
is called from ad9832_write(), and fout is derived from a text buffer,
which can contain any value.

Link: https://lore.kernel.org/all/2024100904-CVE-2024-47663-9bdc@gregkh/
Fixes: ea707584bac1 ("Staging: IIO: DDS: AD9832 / AD9835 driver")
Cc: stable@vger.kernel.org
Signed-off-by: Zicheng Qu &lt;quzicheng@huawei.com&gt;
Reviewed-by: Nuno Sa &lt;nuno.sa@analog.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Link: https://patch.msgid.link/20241022134354.574614-1-quzicheng@huawei.com
Signed-off-by: Jonathan Cameron &lt;Jonathan.Cameron@huawei.com&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>staging: vme_user: added bound check to geoid</title>
<updated>2024-10-17T13:26:40+00:00</updated>
<author>
<name>Riyan Dhiman</name>
<email>riyandhiman14@gmail.com</email>
</author>
<published>2024-08-27T12:56:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=0d5a18a4eca8b92806c91294627abdabfe07d3d5'/>
<id>0d5a18a4eca8b92806c91294627abdabfe07d3d5</id>
<content type='text'>
[ Upstream commit a8a8b54350229f59c8ba6496fb5689a1632a59be ]

The geoid is a module parameter that allows users to hardcode the slot number.
A bound check for geoid was added in the probe function because only values
between 0 and less than VME_MAX_SLOT are valid.

Signed-off-by: Riyan Dhiman &lt;riyandhiman14@gmail.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Link: https://lore.kernel.org/r/20240827125604.42771-2-riyandhiman14@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit a8a8b54350229f59c8ba6496fb5689a1632a59be ]

The geoid is a module parameter that allows users to hardcode the slot number.
A bound check for geoid was added in the probe function because only values
between 0 and less than VME_MAX_SLOT are valid.

Signed-off-by: Riyan Dhiman &lt;riyandhiman14@gmail.com&gt;
Reviewed-by: Dan Carpenter &lt;dan.carpenter@linaro.org&gt;
Link: https://lore.kernel.org/r/20240827125604.42771-2-riyandhiman14@gmail.com
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>media: staging: media: starfive: camss: Drop obsolete return value documentation</title>
<updated>2024-10-04T14:38:09+00:00</updated>
<author>
<name>Uwe Kleine-König</name>
<email>u.kleine-koenig@pengutronix.de</email>
</author>
<published>2024-04-24T14:02:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=6537ec3b18313d9dddd8ec6cbd4d118ffe342e93'/>
<id>6537ec3b18313d9dddd8ec6cbd4d118ffe342e93</id>
<content type='text'>
[ Upstream commit 044fcf738a56d915514e2d651333395b3f8daa62 ]

Recently the function stfcamss_remove() was changed to not return a
value. Drop the documentation of the return value in the kernel doc.

Fixes: b1f3677aebe5 ("media: staging: media: starfive: camss: Convert to platform remove callback returning void")
Signed-off-by: Uwe Kleine-König &lt;u.kleine-koenig@pengutronix.de&gt;
Signed-off-by: Hans Verkuil &lt;hverkuil-cisco@xs4all.nl&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
[ Upstream commit 044fcf738a56d915514e2d651333395b3f8daa62 ]

Recently the function stfcamss_remove() was changed to not return a
value. Drop the documentation of the return value in the kernel doc.

Fixes: b1f3677aebe5 ("media: staging: media: starfive: camss: Convert to platform remove callback returning void")
Signed-off-by: Uwe Kleine-König &lt;u.kleine-koenig@pengutronix.de&gt;
Signed-off-by: Hans Verkuil &lt;hverkuil-cisco@xs4all.nl&gt;
Signed-off-by: Sasha Levin &lt;sashal@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>minmax: reduce min/max macro expansion in atomisp driver</title>
<updated>2024-09-11T18:07:47+00:00</updated>
<author>
<name>Lorenzo Stoakes</name>
<email>lorenzo.stoakes@oracle.com</email>
</author>
<published>2024-09-11T17:51:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=7c6a3a65ace70f12b27b1a27c9a69cb791dc6e91'/>
<id>7c6a3a65ace70f12b27b1a27c9a69cb791dc6e91</id>
<content type='text'>
Avoid unnecessary nested min()/max() which results in egregious macro
expansion.

Use clamp_t() as this introduces the least possible expansion, and turn
the {s,u}DIGIT_FITTING() macros into inline functions to avoid the
nested expansion.

This resolves an issue with slackware 15.0 32-bit compilation as
reported by Richard Narron.

Presumably the min/max fixups would be difficult to backport, this patch
should be easier and fix's Richard's problem in 5.15.

Reported-by: Richard Narron &lt;richard@aaazen.com&gt;
Reviewed-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Closes: https://lore.kernel.org/all/4a5321bd-b1f-1832-f0c-cea8694dc5aa@aaazen.com/
Fixes: 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants")
Cc: stable@vger.kernel.org
Signed-off-by: Lorenzo Stoakes &lt;lorenzo.stoakes@oracle.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Avoid unnecessary nested min()/max() which results in egregious macro
expansion.

Use clamp_t() as this introduces the least possible expansion, and turn
the {s,u}DIGIT_FITTING() macros into inline functions to avoid the
nested expansion.

This resolves an issue with slackware 15.0 32-bit compilation as
reported by Richard Narron.

Presumably the min/max fixups would be difficult to backport, this patch
should be easier and fix's Richard's problem in 5.15.

Reported-by: Richard Narron &lt;richard@aaazen.com&gt;
Reviewed-by: Hans de Goede &lt;hdegoede@redhat.com&gt;
Closes: https://lore.kernel.org/all/4a5321bd-b1f-1832-f0c-cea8694dc5aa@aaazen.com/
Fixes: 867046cc7027 ("minmax: relax check to allow comparison between unsigned arguments and signed constants")
Cc: stable@vger.kernel.org
Signed-off-by: Lorenzo Stoakes &lt;lorenzo.stoakes@oracle.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'char-misc-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc</title>
<updated>2024-09-08T17:13:39+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-09-08T17:13:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux-stable.git/commit/?id=5dadc1be8fc5355034a8515e021ed557acf5fd17'/>
<id>5dadc1be8fc5355034a8515e021ed557acf5fd17</id>
<content type='text'>
Pull char/misc driver fixes from Greg KH:
 "Here are some small char/misc/other driver fixes for 6.11-rc7. It's
  nothing huge, just a bunch of small fixes of reported problems,
  including:

   - lots of tiny iio driver fixes

   - nvmem driver fixex

   - binder UAF bugfix

   - uio driver crash fix

   - other small fixes

  All of these have been in linux-next this week with no reported
  problems"

* tag 'char-misc-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits)
  VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
  Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
  uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
  misc: keba: Fix sysfs group creation
  dt-bindings: nvmem: Use soc-nvmem node name instead of nvmem
  nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
  nvmem: u-boot-env: error if NVMEM device is too small
  misc: fastrpc: Fix double free of 'buf' in error path
  binder: fix UAF caused by offsets overwrite
  iio: imu: inv_mpu6050: fix interrupt status read for old buggy chips
  iio: adc: ad7173: fix GPIO device info
  iio: adc: ad7124: fix DT configuration parsing
  iio: adc: ad_sigma_delta: fix irq_flags on irq request
  iio: adc: ads1119: Fix IRQ flags
  iio: fix scale application in iio_convert_raw_to_processed_unlocked
  iio: adc: ad7124: fix config comparison
  iio: adc: ad7124: fix chip ID mismatch
  iio: adc: ad7173: Fix incorrect compatible string
  iio: buffer-dmaengine: fix releasing dma channel on error
  iio: adc: ad7606: remove frstdata check for serial mode
  ...
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull char/misc driver fixes from Greg KH:
 "Here are some small char/misc/other driver fixes for 6.11-rc7. It's
  nothing huge, just a bunch of small fixes of reported problems,
  including:

   - lots of tiny iio driver fixes

   - nvmem driver fixex

   - binder UAF bugfix

   - uio driver crash fix

   - other small fixes

  All of these have been in linux-next this week with no reported
  problems"

* tag 'char-misc-6.11-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (21 commits)
  VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
  Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic
  uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
  misc: keba: Fix sysfs group creation
  dt-bindings: nvmem: Use soc-nvmem node name instead of nvmem
  nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc
  nvmem: u-boot-env: error if NVMEM device is too small
  misc: fastrpc: Fix double free of 'buf' in error path
  binder: fix UAF caused by offsets overwrite
  iio: imu: inv_mpu6050: fix interrupt status read for old buggy chips
  iio: adc: ad7173: fix GPIO device info
  iio: adc: ad7124: fix DT configuration parsing
  iio: adc: ad_sigma_delta: fix irq_flags on irq request
  iio: adc: ads1119: Fix IRQ flags
  iio: fix scale application in iio_convert_raw_to_processed_unlocked
  iio: adc: ad7124: fix config comparison
  iio: adc: ad7124: fix chip ID mismatch
  iio: adc: ad7173: Fix incorrect compatible string
  iio: buffer-dmaengine: fix releasing dma channel on error
  iio: adc: ad7606: remove frstdata check for serial mode
  ...
</pre>
</div>
</content>
</entry>
</feed>
