bka
403 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
87cf1c2fc1 |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* common/android-4.9-q:
Linux 4.9.321
swiotlb: skip swiotlb_bounce when orig_addr is zero
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
fdt: Update CRC check for rng-seed
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
drm: remove drm_fb_helper_modinit
powerpc/pseries: wire up rng during setup_arch()
modpost: fix section mismatch check for exported init/exit sections
ARM: cns3xxx: Fix refcount leak in cns3xxx_init
ARM: Fix refcount leak in axxia_boot_secondary
ARM: exynos: Fix refcount leak in exynos_map_pmu
ARM: dts: imx6qdl: correct PU regulator ramp delay
powerpc: Enable execve syscall exit tracepoint
xtensa: Fix refcount leak bug in time.c
xtensa: xtfpga: Fix refcount leak bug in setup
iio: trigger: sysfs: fix use-after-free on remove
iio: accel: mma8452: ignore the return value of reset operation
iio:accel:bma180: rearrange iio trigger get and register
usb: chipidea: udc: check request status before setting device address
iio: adc: vf610: fix conversion mode sysfs node name
igb: Make DMA faster when CPU is active on the PCIe link
MIPS: Remove repetitive increase irq_err_count
x86/xen: Remove undefined behavior in setup_features()
bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
USB: serial: option: add Telit LE910Cx 0x1250 composition
random: quiet urandom warning ratelimit suppression message
dm era: commit metadata in postsuspend after worker stops
ata: libata: add qc->flags in ata_qc_complete_template tracepoint
random: schedule mix_interrupt_randomness() less often
vt: drop old FONT ioctls
BACKPORT: l2tp: fix race in pppol2tp_release with session object destroy
BACKPORT: l2tp: don't use inet_shutdown on ppp session destroy
Linux 4.9.320
tcp: drop the hash_32() part from the index calculation
tcp: increase source port perturb table to 2^16
tcp: dynamically allocate the perturb table used by source ports
tcp: add small random increments to the source port
tcp: use different parts of the port_offset for index and offset
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: add some entropy in __inet_hash_connect()
tcp: change source port randomizarion at connect() time
fuse: fix pipe buffer lifetime for direct_io
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
swiotlb: fix info leak with DMA_FROM_DEVICE
xprtrdma: fix incorrect header size calculations
s390/mm: use non-quiescing sske for KVM switch to keyed guest
l2tp: fix race in pppol2tp_release with session object destroy
l2tp: don't use inet_shutdown on ppp session destroy
ext4: add reserved GDT blocks check
ext4: make variable "count" signed
ext4: fix bug_on ext4_mb_use_inode_pa
serial: 8250: Store to lsr_save_flags after lsr read
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
USB: serial: io_ti: add Agilent E5805A support
USB: serial: option: add support for Cinterion MV31 with new baseline
comedi: vmk80xx: fix expression for tx buffer size
irqchip/gic-v3: Iterate over possible CPUs by for_each_possible_cpu()
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
misc: atmel-ssc: Fix IRQ check in ssc_probe
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
random: credit cpu and bootloader seeds by default
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
ASoC: wm8962: Fix suspend while playing music
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Fix TLV scales for mixer controls
random: account for arch randomness in bits
random: mark bootloader randomness code as __init
random: avoid checking crng_ready() twice in random_init()
crypto: drbg - make reseeding from get_random_bytes() synchronous
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - add FIPS 140-2 CTRNG for noise source
Revert "random: use static branch for crng_ready()"
random: check for signals after page of pool writes
random: wire up fops->splice_{read,write}_iter()
random: convert to using fops->write_iter()
random: move randomize_page() into mm where it belongs
random: move initialization functions out of hot pages
random: use proper return types on get_random_{int,long}_wait()
random: remove extern from functions in header
random: use static branch for crng_ready()
random: credit architectural init the exact amount
random: handle latent entropy and command line from random_init()
random: use proper jiffies comparison macro
random: remove ratelimiting for in-kernel unseeded randomness
random: avoid initializing twice in credit race
random: use symbolic constants for crng_init states
siphash: use one source of truth for siphash permutations
random: help compiler out with fast_mix() by using simpler arguments
random: do not use input pool from hard IRQs
random: order timer entropy functions below interrupt functions
random: do not pretend to handle premature next security model
random: do not use batches when !crng_ready()
random: insist on random_get_entropy() existing in order to simplify
uapi: rename ext2_swab() to swab() and share globally in swab.h
xtensa: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
arm: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
m68k: use fallback for random_get_entropy() instead of zero
timekeeping: Add raw clock fallback for random_get_entropy()
powerpc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
ia64: define get_cycles macro for arch-override
init: call time_init() before rand_initialize()
random: fix sysctl documentation nits
random: document crng_fast_key_erasure() destination possibility
random: make random_get_entropy() return an unsigned long
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: check for signal_pending() outside of need_resched() check
random: do not allow user to keep crng key around on stack
random: do not split fast init input in add_hwgenerator_randomness()
random: mix build-time latent entropy into pool at init
random: re-add removed comment about get_random_{u32,u64} reseeding
random: treat bootloader trust toggle the same way as cpu trust toggle
random: skip fast_init if hwrng provides large chunk of entropy
random: check for signal and try earlier when generating entropy
random: reseed more often immediately after booting
random: make consistent usage of crng_ready()
random: use SipHash as interrupt entropy accumulator
random: replace custom notifier chain with standard one
random: don't let 644 read-only sysctls be written to
random: give sysctl_random_min_urandom_seed a more sensible value
random: do crng pre-init loading in worker rather than irq
random: unify cycles_t and jiffies usage and types
random: cleanup UUID handling
random: only wake up writers after zap if threshold was passed
random: round-robin registers as ulong, not u32
random: clear fast pool, crng, and batches in cpuhp bring up
random: pull add_hwgenerator_randomness() declaration into random.h
hwrng: remember rng chosen by user
hwrng: use rng source with best quality
hwrng: core - remove unused PFX macro
hwrng: core - Move hwrng miscdev minor number to include/linux/miscdevice.h
hwrng: core - Rewrite the header
hwrng: core - rewrite better comparison to NULL
hwrng: core - do not use multiple blank lines
random: check for crng_init == 0 in add_device_randomness()
random: unify early init crng load accounting
random: do not take pool spinlock at boot
random: defer fast pool mixing to worker
workqueue: make workqueue available early during boot
random: rewrite header introductory comment
random: group sysctl functions
random: group userspace read/write functions
random: group entropy collection functions
random: group entropy extraction functions
random: group initialization wait functions
random: remove whitespace and reorder includes
random: remove useless header comment
random: introduce drain_entropy() helper to declutter crng_reseed()
random: deobfuscate irq u32/u64 contributions
random: add proper SPDX header
random: remove unused tracepoints
random: remove ifdef'd out interrupt bench
random: tie batched entropy generation to base_crng generation
random: zero buffer after reading entropy from userspace
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: use hash function for crng_slow_load()
random: absorb fast pool into input pool after fast load
random: do not xor RDRAND when writing into /dev/random
random: ensure early RDSEED goes through mixer on init
random: inline leaves of rand_initialize()
random: use RDSEED instead of RDRAND in entropy extraction
random: fix locking in crng_fast_load()
random: remove batched entropy locking
random: remove use_input_pool parameter from crng_reseed()
random: make credit_entropy_bits() always safe
random: always wake up entropy writers after extraction
random: use linear min-entropy accumulation crediting
random: simplify entropy debiting
random: use computational hash for entropy extraction
random: only call crng_finalize_init() for primary_crng
random: access primary_pool directly rather than through pointer
random: continually use hwgenerator randomness
random: simplify arithmetic function flow in account()
random: access input_pool_data directly rather than through pointer
random: cleanup fractional entropy shift constants
random: prepend remaining pool constants with POOL_
random: de-duplicate INPUT_POOL constants
random: remove unused OUTPUT_POOL constants
random: rather than entropy_store abstraction, use global
random: try to actively add entropy rather than passively wait for it
random: remove unused extract_entropy() reserved argument
random: remove incomplete last_data logic
random: cleanup integer types
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup poolinfo abstraction
random: fix typo in comments
random: don't reset crng_init_cnt on urandom_read()
random: avoid superfluous call to RDRAND in CRNG extraction
random: early initialization of ChaCha constants
random: initialize ChaCha20 constants with correct endianness
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: harmonize "crng init done" messages
random: mix bootloader randomness into pool
random: do not re-init if crng_reseed completes before primary init
random: do not sign extend bytes for rotation when mixing
random: use BLAKE2s instead of SHA1 in extraction
random: remove unused irq_flags argument from add_interrupt_randomness()
random: document add_hwgenerator_randomness() with other input functions
crypto: blake2s - adjust include guard naming
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
MAINTAINERS: co-maintain random.c
random: remove dead code left over from blocking pool
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: add arch_get_random_*long_early()
powerpc: Use bool in archrandom.h
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
linux/random.h: Use false with bool
linux/random.h: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
x86: Remove arch_has_random, arch_has_random_seed
random: avoid warnings for !CONFIG_NUMA builds
random: split primary/secondary crng init paths
random: remove some dead code of poolinfo
random: fix typo in add_timer_randomness()
random: Add and use pr_fmt()
random: convert to ENTROPY_BITS for better code readability
random: remove unnecessary unlikely()
random: remove kernel.random.read_wakeup_threshold
random: delete code to pull data into pools
random: remove the blocking pool
random: fix crash on multiple early calls to add_bootloader_randomness()
random: make /dev/random be almost like /dev/urandom
random: ignore GRND_RANDOM in getentropy(2)
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: Add a urandom_read_nowait() for random APIs that don't warn
random: Don't wake crng_init_wait when crng_init == 1
lib/crypto: sha1: re-roll loops to reduce code size
lib/crypto: blake2s: move hmac construction into wireguard
crypto: blake2s - generic C library implementation and selftest
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
Revert "hwrng: core - Freeze khwrng thread during suspend"
char/random: Add a newline at the end of the file
random: Use wait_event_freezable() in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Support freezable kthreads in add_hwgenerator_randomness()
random: fix soft lockup when trying to read from an uninitialized blocking pool
latent_entropy: avoid build error when plugin cflags are not set
random: document get_random_int() family
random: move rand_initialize() earlier
random: only read from /dev/random after its pool has received 128 bits
drivers/char/random.c: make primary_crng static
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: constify poolinfo_table
random: make CPU trust a boot parameter
random: Make crng state queryable
random: remove preempt disabled region
random: add a config option to trust the CPU's hwrng
random: Return nbytes filled from hw RNG
random: Fix whitespace pre random-bytes work
drivers/char/random.c: remove unused dont_count_entropy
random: optimize add_interrupt_randomness
random: always fill buffer in get_random_bytes_wait
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: fix data race on crng_node_pool
random: always use batched entropy for get_random_u{32,64}
Revert "char/random: silence a lockdep splat with printk()"
char/random: silence a lockdep splat with printk()
random: add a spinlock_t to struct batched_entropy
random: rate limit unseeded randomness warnings
random: fix possible sleeping allocation from irq context
random: set up the NUMA crng instances after the CRNG is fully initialized
random: use a different mixing algorithm for add_device_randomness()
random: fix warning message on ia64 and parisc
random: reorder READ_ONCE() in get_random_uXX
random: suppress spammy warnings about unseeded randomness
random: do not ignore early device randomness
random: warn when kernel uses unseeded randomness
random: add get_random_{bytes,u32,u64,int,long,once}_wait family
random: add wait_for_random_bytes() API
random: silence compiler warnings and fix race
random: invalidate batched entropy after crng init
random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block
random: convert get_random_int/long into get_random_u32/u64
random: fix comment for unused random_min_urandom_seed
random: remove variable limit
random: remove stale urandom_init_wait
random: remove stale maybe_reseed_primary_crng
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
Linux 4.9.319
x86/speculation/mmio: Print SMT warning
KVM: x86/speculation: Disable Fill buffer clear within guests
x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
x86/speculation/srbds: Update SRBDS mitigation selection
x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
x86/speculation: Add a common function for MD_CLEAR mitigation update
x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
Documentation: Add documentation for Processor MMIO Stale Data
x86/cpu: Add another Alder Lake CPU to the Intel family
x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
x86/cpu: Add Comet Lake to the Intel CPU models header
x86/CPU: Add more Icelake model numbers
x86/CPU: Add Icelake model number
x86/cpu: Add Cannonlake to Intel family
x86/cpu: Add Jasper Lake to Intel family
cpu/speculation: Add prototype for cpu_show_srbds()
x86/cpu: Add Elkhart Lake to Intel family
ANDROID: arch: fix backported syscall numbers
Linux 4.9.318
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
PCI: qcom: Fix unbalanced PHY init on probe errors
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
cifs: return errors during session setup during reconnects
ALSA: hda/conexant - Fix loopback issue with CX20632
vringh: Fix loop descriptors check in the indirect cases
nodemask: Fix return values to be unsigned
modpost: fix undefined behavior of is_arm_mapping_symbol()
drm/radeon: fix a possible null pointer dereference
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
md: protect md_unregister_thread from reentrancy
serial: msm_serial: disable interrupts in __msm_console_write()
staging: rtl8712: fix uninit-value in r871xu_drv_init()
clocksource/drivers/sp804: Avoid error on multiple instances
misc: rtsx: set NULL intfdata when probe fails
usb: dwc2: gadget: don't reset gadget's driver->bus
USB: hcd-pci: Fully suspend across freeze/thaw cycle
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
tty: Fix a possible resource leak in icom_probe
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
lkdtm/usercopy: Expand size of "out of frame" object
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
net: altera: Fix refcount leak in altera_tse_mdio_create
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
net: fix nla_strcmp to handle more then one trailing null character
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
m68knommu: fix undefined reference to `_init_sp'
m68knommu: set ZERO_PAGE() to the allocated zeroed page
i2c: cadence: Increase timeout per message if necessary
tracing: Avoid adding tracer option before update_tracer_options
tcp: tcp_rtx_synack() can be called from process context
jffs2: fix memory leak in jffs2_do_fill_super
modpost: fix removing numeric suffixes
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: sh-sci: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: digicolor-usart: Don't allow CS5-6
serial: meson: acquire port->lock in startup()
rtc: mt6397: check return value after calling platform_get_resource()
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
pwm: lp3943: Fix duty calculation in case period was clamped
USB: storage: karma: fix rio_karma_init return
usb: usbip: add missing device lock on tweak configuration cmd
usb: usbip: fix a refcount leak in stub_probe()
staging: greybus: codecs: fix type confusion of list iterator variable
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
netfilter: nf_tables: disallow non-stateful expression in sets earlier
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
RDMA/rxe: Generate a completion for unsupported/invalid opcode
dt-bindings: gpio: altera: correct interrupt-cells
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
gma500: fix an incorrect NULL check on list iterator
carl9170: tx: fix an incorrect use of list iterator
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
rtl818x: Prevent using not initialized queues
hugetlb: fix huge_pmd_unshare address update
nodemask.h: fix compilation error with GCC12
iommu/msm: Fix an incorrect NULL check on list iterator
um: Fix out-of-bounds read in LDT setup
um: chan_user: Fix winch_tramp() return value
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
irqchip: irq-xtensa-mx: fix initial IRQ affinity
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
RDMA/hfi1: Fix potential integer multiplication overflow errors
md: fix an incorrect NULL check in md_reload_sb
md: fix an incorrect NULL check in does_sb_need_changing
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
scsi: dc395x: Fix a missing check on list iterator
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
dlm: fix missing lkb refcount handling
dlm: fix plock invalid read
ext4: verify dir block before splitting it
ext4: fix bug_on in ext4_writepages
ext4: fix use-after-free in ext4_rename_dir_prepare
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
iwlwifi: mvm: fix assert 1F04 upon reconfig
wifi: mac80211: fix use-after-free in chanctx code
iommu/amd: Increase timeout waiting for GA log enablement
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
Input: sparcspkr - fix refcount leak in bbc_beep_probe
tty: fix deadlock caused by calling printk() under tty_port->lock
powerpc/4xx/cpm: Fix return value of __setup() handler
powerpc/idle: Fix return value of __setup() handler
powerpc/8xx: export 'cpm_setbrg' for modules
drivers/base/node.c: fix compaction sysfs file leak
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix listen() setting the bar too high for the prealloc rings
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
m68k: math-emu: Fix dependencies of math emulation support
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: exynos4-is: Change clk_disable to clk_disable_unprepare
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
media: uvcvideo: Fix missing check to determine if element is found in list
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
x86/pm: Fix false positive kmemleak report in msr_build_context()
inotify: show inotify mask flags in proc fdinfo
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
spi: img-spfi: Fix pm_runtime_get_sync() error checking
HID: hid-led: fix maximum brightness for Dream Cheeky
NFC: NULL out the dev->rfkill to prevent UAF
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
drm/mediatek: Fix mtk_cec_mask()
x86/delay: Fix the wrong asm constraint in delay_loop()
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
drm: fix EDID struct for old ARM OABI format
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
powerpc/xics: fix refcount leak in icp_opal_init()
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
ARM: hisi: Add missing of_node_put after of_find_compatible_node
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: versatile: Add missing of_node_put in dcscb_init
fat: add ratelimit to fat*_ent_bread()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fs: jfs: fix possible NULL pointer dereference in dbFree()
eth: tg3: silence the GCC 12 array-bounds warning
rxrpc: Return an error to sendmsg if call failed
media: exynos4-is: Fix compile warning
ASoC: rt5645: Fix errorenous cleanup order
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
openrisc: start CPU timer early in boot
ipmi:ssif: Check for NULL msg when handling events and messages
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ASoC: dapm: Don't fold register value changes into notifications
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
drm/amd/pm: fix the compile warning
scsi: megaraid: Fix error check return value of register_chrdev()
media: cx25821: Fix the warning when removing the module
ath9k: fix QCA9561 PA bias level
drm/amd/pm: fix double free in si_parse_power_table()
ALSA: jack: Access input_dev under mutex
ACPICA: Avoid cache flush inside virtual machines
ipw2x00: Fix potential NULL dereference in libipw_xmit()
b43: Fix assigning negative value to unsigned variable
b43legacy: Fix assigning negative value to unsigned variable
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
btrfs: add "0x" prefix for unsupported optional features
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
USB: new quirk for Dell Gen 2 devices
BACKPORT: psi: Fix uaf issue when psi trigger is destroyed while being polled
Conflicts:
drivers/char/Kconfig
drivers/char/random.c
fs/fat/fatent.c
include/linux/random.h
init/main.c
kernel/cpu.c
lib/Makefile
Change-Id: I06579fa22a0347a0d8d2fa32bd6b7b6b54db626f
|
||
|
Eric Biggers
|
ea690b6ba4 |
Merge 4.9.320 into android-4.9-q
Changes in 4.9.320
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
random: remove stale maybe_reseed_primary_crng
random: remove stale urandom_init_wait
random: remove variable limit
random: fix comment for unused random_min_urandom_seed
random: convert get_random_int/long into get_random_u32/u64
random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block
random: invalidate batched entropy after crng init
random: silence compiler warnings and fix race
random: add wait_for_random_bytes() API
random: add get_random_{bytes,u32,u64,int,long,once}_wait family
random: warn when kernel uses unseeded randomness
random: do not ignore early device randomness
random: suppress spammy warnings about unseeded randomness
random: reorder READ_ONCE() in get_random_uXX
random: fix warning message on ia64 and parisc
random: use a different mixing algorithm for add_device_randomness()
random: set up the NUMA crng instances after the CRNG is fully initialized
random: fix possible sleeping allocation from irq context
random: rate limit unseeded randomness warnings
random: add a spinlock_t to struct batched_entropy
char/random: silence a lockdep splat with printk()
Revert "char/random: silence a lockdep splat with printk()"
random: always use batched entropy for get_random_u{32,64}
random: fix data race on crng_node_pool
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: always fill buffer in get_random_bytes_wait
random: optimize add_interrupt_randomness
drivers/char/random.c: remove unused dont_count_entropy
random: Fix whitespace pre random-bytes work
random: Return nbytes filled from hw RNG
random: add a config option to trust the CPU's hwrng
random: remove preempt disabled region
random: Make crng state queryable
random: make CPU trust a boot parameter
drivers/char/random.c: constify poolinfo_table
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: make primary_crng static
random: only read from /dev/random after its pool has received 128 bits
random: move rand_initialize() earlier
random: document get_random_int() family
latent_entropy: avoid build error when plugin cflags are not set
random: fix soft lockup when trying to read from an uninitialized blocking pool
random: Support freezable kthreads in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Use wait_event_freezable() in add_hwgenerator_randomness()
char/random: Add a newline at the end of the file
Revert "hwrng: core - Freeze khwrng thread during suspend"
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
crypto: blake2s - generic C library implementation and selftest
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: sha1: re-roll loops to reduce code size
random: Don't wake crng_init_wait when crng_init == 1
random: Add a urandom_read_nowait() for random APIs that don't warn
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: ignore GRND_RANDOM in getentropy(2)
random: make /dev/random be almost like /dev/urandom
random: fix crash on multiple early calls to add_bootloader_randomness()
random: remove the blocking pool
random: delete code to pull data into pools
random: remove kernel.random.read_wakeup_threshold
random: remove unnecessary unlikely()
random: convert to ENTROPY_BITS for better code readability
random: Add and use pr_fmt()
random: fix typo in add_timer_randomness()
random: remove some dead code of poolinfo
random: split primary/secondary crng init paths
random: avoid warnings for !CONFIG_NUMA builds
x86: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
linux/random.h: Remove arch_has_random, arch_has_random_seed
linux/random.h: Use false with bool
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
powerpc: Use bool in archrandom.h
random: add arch_get_random_*long_early()
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: remove dead code left over from blocking pool
MAINTAINERS: co-maintain random.c
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
crypto: blake2s - adjust include guard naming
random: document add_hwgenerator_randomness() with other input functions
random: remove unused irq_flags argument from add_interrupt_randomness()
random: use BLAKE2s instead of SHA1 in extraction
random: do not sign extend bytes for rotation when mixing
random: do not re-init if crng_reseed completes before primary init
random: mix bootloader randomness into pool
random: harmonize "crng init done" messages
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: initialize ChaCha20 constants with correct endianness
random: early initialization of ChaCha constants
random: avoid superfluous call to RDRAND in CRNG extraction
random: don't reset crng_init_cnt on urandom_read()
random: fix typo in comments
random: cleanup poolinfo abstraction
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup integer types
random: remove incomplete last_data logic
random: remove unused extract_entropy() reserved argument
random: try to actively add entropy rather than passively wait for it
random: rather than entropy_store abstraction, use global
random: remove unused OUTPUT_POOL constants
random: de-duplicate INPUT_POOL constants
random: prepend remaining pool constants with POOL_
random: cleanup fractional entropy shift constants
random: access input_pool_data directly rather than through pointer
random: simplify arithmetic function flow in account()
random: continually use hwgenerator randomness
random: access primary_pool directly rather than through pointer
random: only call crng_finalize_init() for primary_crng
random: use computational hash for entropy extraction
random: simplify entropy debiting
random: use linear min-entropy accumulation crediting
random: always wake up entropy writers after extraction
random: make credit_entropy_bits() always safe
random: remove use_input_pool parameter from crng_reseed()
random: remove batched entropy locking
random: fix locking in crng_fast_load()
random: use RDSEED instead of RDRAND in entropy extraction
random: inline leaves of rand_initialize()
random: ensure early RDSEED goes through mixer on init
random: do not xor RDRAND when writing into /dev/random
random: absorb fast pool into input pool after fast load
random: use hash function for crng_slow_load()
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: zero buffer after reading entropy from userspace
random: tie batched entropy generation to base_crng generation
random: remove ifdef'd out interrupt bench
random: remove unused tracepoints
random: add proper SPDX header
random: deobfuscate irq u32/u64 contributions
random: introduce drain_entropy() helper to declutter crng_reseed()
random: remove useless header comment
random: remove whitespace and reorder includes
random: group initialization wait functions
random: group entropy extraction functions
random: group entropy collection functions
random: group userspace read/write functions
random: group sysctl functions
random: rewrite header introductory comment
workqueue: make workqueue available early during boot
random: defer fast pool mixing to worker
random: do not take pool spinlock at boot
random: unify early init crng load accounting
random: check for crng_init == 0 in add_device_randomness()
hwrng: core - do not use multiple blank lines
hwrng: core - rewrite better comparison to NULL
hwrng: core - Rewrite the header
hwrng: core - Move hwrng miscdev minor number to include/linux/miscdevice.h
hwrng: core - remove unused PFX macro
hwrng: use rng source with best quality
hwrng: remember rng chosen by user
random: pull add_hwgenerator_randomness() declaration into random.h
random: clear fast pool, crng, and batches in cpuhp bring up
random: round-robin registers as ulong, not u32
random: only wake up writers after zap if threshold was passed
random: cleanup UUID handling
random: unify cycles_t and jiffies usage and types
random: do crng pre-init loading in worker rather than irq
random: give sysctl_random_min_urandom_seed a more sensible value
random: don't let 644 read-only sysctls be written to
random: replace custom notifier chain with standard one
random: use SipHash as interrupt entropy accumulator
random: make consistent usage of crng_ready()
random: reseed more often immediately after booting
random: check for signal and try earlier when generating entropy
random: skip fast_init if hwrng provides large chunk of entropy
random: treat bootloader trust toggle the same way as cpu trust toggle
random: re-add removed comment about get_random_{u32,u64} reseeding
random: mix build-time latent entropy into pool at init
random: do not split fast init input in add_hwgenerator_randomness()
random: do not allow user to keep crng key around on stack
random: check for signal_pending() outside of need_resched() check
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: make random_get_entropy() return an unsigned long
random: document crng_fast_key_erasure() destination possibility
random: fix sysctl documentation nits
init: call time_init() before rand_initialize()
ia64: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
powerpc: define get_cycles macro for arch-override
timekeeping: Add raw clock fallback for random_get_entropy()
m68k: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
arm: use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
xtensa: use fallback for random_get_entropy() instead of zero
uapi: rename ext2_swab() to swab() and share globally in swab.h
random: insist on random_get_entropy() existing in order to simplify
random: do not use batches when !crng_ready()
random: do not pretend to handle premature next security model
random: order timer entropy functions below interrupt functions
random: do not use input pool from hard IRQs
random: help compiler out with fast_mix() by using simpler arguments
siphash: use one source of truth for siphash permutations
random: use symbolic constants for crng_init states
random: avoid initializing twice in credit race
random: remove ratelimiting for in-kernel unseeded randomness
random: use proper jiffies comparison macro
random: handle latent entropy and command line from random_init()
random: credit architectural init the exact amount
random: use static branch for crng_ready()
random: remove extern from functions in header
random: use proper return types on get_random_{int,long}_wait()
random: move initialization functions out of hot pages
random: move randomize_page() into mm where it belongs
random: convert to using fops->write_iter()
random: wire up fops->splice_{read,write}_iter()
random: check for signals after page of pool writes
Revert "random: use static branch for crng_ready()"
crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - make reseeding from get_random_bytes() synchronous
random: avoid checking crng_ready() twice in random_init()
random: mark bootloader randomness code as __init
random: account for arch randomness in bits
ASoC: cs42l52: Fix TLV scales for mixer controls
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: wm8962: Fix suspend while playing music
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
random: credit cpu and bootloader seeds by default
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
misc: atmel-ssc: Fix IRQ check in ssc_probe
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
irqchip/gic-v3: Iterate over possible CPUs by for_each_possible_cpu()
comedi: vmk80xx: fix expression for tx buffer size
USB: serial: option: add support for Cinterion MV31 with new baseline
USB: serial: io_ti: add Agilent E5805A support
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
serial: 8250: Store to lsr_save_flags after lsr read
ext4: fix bug_on ext4_mb_use_inode_pa
ext4: make variable "count" signed
ext4: add reserved GDT blocks check
l2tp: don't use inet_shutdown on ppp session destroy
l2tp: fix race in pppol2tp_release with session object destroy
s390/mm: use non-quiescing sske for KVM switch to keyed guest
xprtrdma: fix incorrect header size calculations
swiotlb: fix info leak with DMA_FROM_DEVICE
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
fuse: fix pipe buffer lifetime for direct_io
tcp: change source port randomizarion at connect() time
tcp: add some entropy in __inet_hash_connect()
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: use different parts of the port_offset for index and offset
tcp: add small random increments to the source port
tcp: dynamically allocate the perturb table used by source ports
tcp: increase source port perturb table to 2^16
tcp: drop the hash_32() part from the index calculation
Linux 4.9.320
Conflicts:
crypto/chacha20_generic.c
drivers/char/random.c
drivers/of/fdt.c
include/crypto/chacha20.h
lib/chacha20.c
Merge resolution notes:
- Added CHACHA20_KEY_SIZE and CHACHA20_BLOCK_SIZE constants to
chacha.h, to minimize changes from the 4.9.320 version of random.c
- Updated lib/vsprintf.c for
"random: replace custom notifier chain with standard one".
Change-Id: Ia7a12d8883b808f88bbe807d6150552bb084f6b3
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Nicolai Stange
|
ab62f0f9d3 |
crypto: drbg - make reseeding from get_random_bytes() synchronous
commit 074bcd4000e0d812bc253f86fedc40f81ed59ccc upstream. get_random_bytes() usually hasn't full entropy available by the time DRBG instances are first getting seeded from it during boot. Thus, the DRBG implementation registers random_ready_callbacks which would in turn schedule some work for reseeding the DRBGs once get_random_bytes() has sufficient entropy available. For reference, the relevant history around handling DRBG (re)seeding in the context of a not yet fully seeded get_random_bytes() is: commit |
||
|
Nicolai Stange
|
d0ff784dca |
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
commit 2bcd25443868aa8863779a6ebc6c9319633025d2 upstream. Currently, the DRBG implementation schedules asynchronous works from random_ready_callbacks for reseeding the DRBG instances with output from get_random_bytes() once the latter has sufficient entropy available. However, as the get_random_bytes() initialization state can get queried by means of rng_is_initialized() now, there is no real need for this asynchronous reseeding logic anymore and it's better to keep things simple by doing it synchronously when needed instead, i.e. from drbg_generate() once rng_is_initialized() has flipped to true. Of course, for this to work, drbg_generate() would need some means by which it can tell whether or not rng_is_initialized() has flipped to true since the last seeding from get_random_bytes(). Or equivalently, whether or not the last seed from get_random_bytes() has happened when rng_is_initialized() was still evaluating to false. As it currently stands, enum drbg_seed_state allows for the representation of two different DRBG seeding states: DRBG_SEED_STATE_UNSEEDED and DRBG_SEED_STATE_FULL. The former makes drbg_generate() to invoke a full reseeding operation involving both, the rather expensive jitterentropy as well as the get_random_bytes() randomness sources. The DRBG_SEED_STATE_FULL state on the other hand implies that no reseeding at all is required for a !->pr DRBG variant. Introduce the new DRBG_SEED_STATE_PARTIAL state to enum drbg_seed_state for representing the condition that a DRBG was being seeded when rng_is_initialized() had still been false. In particular, this new state implies that - the given DRBG instance has been fully seeded from the jitterentropy source (if enabled) - and drbg_generate() is supposed to reseed from get_random_bytes() *only* once rng_is_initialized() turns to true. Up to now, the __drbg_seed() helper used to set the given DRBG instance's ->seeded state to constant DRBG_SEED_STATE_FULL. Introduce a new argument allowing for the specification of the to be written ->seeded value instead. Make the first of its two callers, drbg_seed(), determine the appropriate value based on rng_is_initialized(). The remaining caller, drbg_async_seed(), is known to get invoked only once rng_is_initialized() is true, hence let it pass constant DRBG_SEED_STATE_FULL for the new argument to __drbg_seed(). There is no change in behaviour, except for that the pr_devel() in drbg_generate() would now report "unseeded" for ->pr DRBG instances which had last been seeded when rng_is_initialized() was still evaluating to false. Signed-off-by: Nicolai Stange <nstange@suse.de> Reviewed-by: Stephan Müller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Nicolai Stange
|
d858a3b1ac |
crypto: drbg - prepare for more fine-grained tracking of seeding state
commit ce8ce31b2c5c8b18667784b8c515650c65d57b4e upstream. There are two different randomness sources the DRBGs are getting seeded from, namely the jitterentropy source (if enabled) and get_random_bytes(). At initial DRBG seeding time during boot, the latter might not have collected sufficient entropy for seeding itself yet and thus, the DRBG implementation schedules a reseed work from a random_ready_callback once that has happened. This is particularly important for the !->pr DRBG instances, for which (almost) no further reseeds are getting triggered during their lifetime. Because collecting data from the jitterentropy source is a rather expensive operation, the aforementioned asynchronously scheduled reseed work restricts itself to get_random_bytes() only. That is, it in some sense amends the initial DRBG seed derived from jitterentropy output at full (estimated) entropy with fresh randomness obtained from get_random_bytes() once that has been seeded with sufficient entropy itself. With the advent of rng_is_initialized(), there is no real need for doing the reseed operation from an asynchronously scheduled work anymore and a subsequent patch will make it synchronous by moving it next to related logic already present in drbg_generate(). However, for tracking whether a full reseed including the jitterentropy source is required or a "partial" reseed involving only get_random_bytes() would be sufficient already, the boolean struct drbg_state's ->seeded member must become a tristate value. Prepare for this by introducing the new enum drbg_seed_state and change struct drbg_state's ->seeded member's type from bool to that type. For facilitating review, enum drbg_seed_state is made to only contain two members corresponding to the former ->seeded values of false and true resp. at this point: DRBG_SEED_STATE_UNSEEDED and DRBG_SEED_STATE_FULL. A third one for tracking the intermediate state of "seeded from jitterentropy only" will be introduced with a subsequent patch. There is no change in behaviour at this point. Signed-off-by: Nicolai Stange <nstange@suse.de> Reviewed-by: Stephan Müller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Stephan Müller
|
157f12847d |
crypto: drbg - always seeded with SP800-90B compliant noise source
commit 97f2650e504033376e8813691cb6eccf73151676 upstream. As the Jitter RNG provides an SP800-90B compliant noise source, use this noise source always for the (re)seeding of the DRBG. To make sure the DRBG is always properly seeded, the reseed threshold is reduced to 1<<20 generate operations. The Jitter RNG may report health test failures. Such health test failures are treated as transient as follows. The DRBG will not reseed from the Jitter RNG (but from get_random_bytes) in case of a health test failure. Though, it produces the requested random number. The Jitter RNG has a failure counter where at most 1024 consecutive resets due to a health test failure are considered as a transient error. If more consecutive resets are required, the Jitter RNG will return a permanent error which is returned to the caller by the DRBG. With this approach, the worst case reseed threshold is significantly lower than mandated by SP800-90A in order to seed with an SP800-90B noise source: the DRBG has a reseed threshold of 2^20 * 1024 = 2^30 generate requests. Yet, in case of a transient Jitter RNG health test failure, the DRBG is seeded with the data obtained from get_random_bytes. However, if the Jitter RNG fails during the initial seeding operation even due to a health test error, the DRBG will send an error to the caller because at that time, the DRBG has received no seed that is SP800-90B compliant. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Stephan Mueller
|
674ffec1fe |
crypto: drbg - add FIPS 140-2 CTRNG for noise source
commit db07cd26ac6a418dc2823187958edcfdb415fa83 upstream. FIPS 140-2 section 4.9.2 requires a continuous self test of the noise source. Up to kernel 4.8 drivers/char/random.c provided this continuous self test. Afterwards it was moved to a location that is inconsistent with the FIPS 140-2 requirements. The relevant patch was |
||
|
Jason A. Donenfeld
|
3ddb66f469 |
random: replace custom notifier chain with standard one
commit 5acd35487dc911541672b3ffc322851769c32a56 upstream. We previously rolled our own randomness readiness notifier, which only has two users in the whole kernel. Replace this with a more standard atomic notifier block that serves the same purpose with less code. Also unexport the symbols, because no modules use it, only unconditional builtins. The only drawback is that it's possible for a notification handler returning the "stop" code to prevent further processing, but given that there are only two users, and that we're unexporting this anyway, that doesn't seem like a significant drawback for the simplification we receive here. Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> [Jason: for stable, also backported to crypto/drbg.c, not unexporting.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
70e975501f |
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
[ Upstream commit a5e9f557098e54af44ade5d501379be18435bfbf ]
In commit 9f480faec58c ("crypto: chacha20 - Fix keystream alignment for
chacha20_block()"), I had missed that chacha20_block() can be called
directly on the buffer passed to get_random_bytes(), which can have any
alignment. So, while my commit didn't break anything, it didn't fully
solve the alignment problems.
Revert my solution and just update chacha20_block() to use
put_unaligned_le32(), so the output buffer need not be aligned.
This is simpler, and on many CPUs it's the same speed.
But, I kept the 'tmp' buffers in extract_crng_user() and
_get_random_bytes() 4-byte aligned, since that alignment is actually
needed for _crng_backtrack_protect() too.
Reported-by: Stephan Müller <smueller@chronox.de>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Dominik Brodowski
|
e6ae8dda97 |
random: early initialization of ChaCha constants
commit 96562f286884e2db89c74215b199a1084b5fb7f7 upstream. Previously, the ChaCha constants for the primary pool were only initialized in crng_initialize_primary(), called by rand_initialize(). However, some randomness is actually extracted from the primary pool beforehand, e.g. by kmem_cache_create(). Therefore, statically initialize the ChaCha constants for the primary pool. Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: "David S. Miller" <davem@davemloft.net> Cc: <linux-crypto@vger.kernel.org> Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
d462ff7fed |
random: initialize ChaCha20 constants with correct endianness
commit a181e0fdb2164268274453b5b291589edbb9b22d upstream. On big endian CPUs, the ChaCha20-based CRNG is using the wrong endianness for the ChaCha20 constants. This doesn't matter cryptographically, but technically it means it's not ChaCha20 anymore. Fix it to always use the standard constants. Cc: linux-crypto@vger.kernel.org Cc: Andy Lutomirski <luto@kernel.org> Cc: Jann Horn <jannh@google.com> Cc: Theodore Ts'o <tytso@mit.edu> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
8ade1d8ada |
crypto: blake2s - adjust include guard naming
commit 8786841bc2020f7f2513a6c74e64912f07b9c0dc upstream. Use the full path in the include guards for the BLAKE2s headers to avoid ambiguity and to match the convention for most files in include/crypto/. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
82fc363160 |
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
commit bbda6e0f1303953c855ee3669655a81b69fbe899 upstream. Address the following checkpatch warning: WARNING: Use #include <linux/bug.h> instead of <asm/bug.h> Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jason A. Donenfeld
|
1815bfce3e |
lib/crypto: blake2s: move hmac construction into wireguard
commit d8d83d8ab0a453e17e68b3a3bed1f940c34b8646 upstream. Basically nobody should use blake2s in an HMAC construction; it already has a keyed variant. But unfortunately for historical reasons, Noise, used by WireGuard, uses HKDF quite strictly, which means we have to use this. Because this really shouldn't be used by others, this commit moves it into wireguard's noise.c locally, so that kernels that aren't using WireGuard don't get this superfluous code baked in. On m68k systems, this shaves off ~314 bytes. Cc: Herbert Xu <herbert@gondor.apana.org.au> Tested-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> [Jason: for stable, skip the wireguard changes, since this kernel doesn't have wireguard.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jason A. Donenfeld
|
38ec02a401 |
crypto: blake2s - generic C library implementation and selftest
commit 66d7fb94e4ffe5acc589e0b2b4710aecc1f07a28 upstream. The C implementation was originally based on Samuel Neves' public domain reference implementation but has since been heavily modified for the kernel. We're able to do compile-time optimizations by moving some scaffolding around the final function into the header file. Information: https://blake2.net/ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Samuel Neves <sneves@dei.uc.pt> Co-developed-by: Samuel Neves <sneves@dei.uc.pt> [ardb: - move from lib/zinc to lib/crypto - remove simd handling - rewrote selftest for better coverage - use fixed digest length for blake2s_hmac() and rename to blake2s256_hmac() ] Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> [Jason: for stable, skip kconfig and wire up directly, and skip the arch hooks; optimized implementations need not be backported.] Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
63c60b6a3e |
crypto: chacha20 - Fix keystream alignment for chacha20_block()
commit 9f480faec58cd6197a007ea1dcac6b7c3daf1139 upstream. When chacha20_block() outputs the keystream block, it uses 'u32' stores directly. However, the callers (crypto/chacha20_generic.c and drivers/char/random.c) declare the keystream buffer as a 'u8' array, which is not guaranteed to have the needed alignment. Fix it by having both callers declare the keystream as a 'u32' array. For now this is preferable to switching over to the unaligned access macros because chacha20_block() is only being used in cases where we can easily control the alignment (stack buffers). Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Wilson Sung
|
fa8bc31678 |
Merge android-4.9-q (4.9.284) into android-msm-pixel-4.9-sc-lts
Merge 4.9.284 into android-4.9-q
Linux 4.9.284
* sctp: validate from_addr_param return
include/net/sctp/structs.h
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
ceph: lockdep annotations for try_nonblocking_invalidate
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
* dmaengine: ioat: depends on !UML
drivers/dma/Kconfig
parisc: Move pci_dev_is_behind_card_dino to where it is used
pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered
* profiling: fix shift-out-of-bounds bugs
kernel/profile.c
* prctl: allow to setup brk for et_dyn executables
kernel/sys.c
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
* staging: android: ion: fix page is NULL
drivers/staging/android/ion/ion_system_heap.c
crypto: talitos - fix max key size for sha384 and sha512
* PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
drivers/base/power/wakeirq.c
s390/bpf: Fix optimizing out zero-extensions
Merge 4.9.283 into android-4.9-q
Linux 4.9.283
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
net: renesas: sh_eth: Fix freeing wrong tx descriptor
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
net: dsa: b53: Fix calculating number of switch ports
ARC: export clear_user_page() for modules
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
* PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
include/linux/pci.h
ethtool: Fix an error code in cxgb2.c
net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
mfd: Don't use irq_create_mapping() to resolve a mapping
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
* tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
net/ipv4/tcp_input.c
* net/af_unix: fix a data-race in unix_dgram_poll
include/linux/skbuff.h
net/unix/af_unix.c
* events: Reuse value read using READ_ONCE instead of re-reading it
kernel/events/core.c
tipc: increase timeout in tipc_sk_enqueue()
r6040: Restore MDIO clock frequency after MAC reset
* net/l2tp: Fix reference count leak in l2tp_udp_recv_core
net/l2tp/l2tp_core.c
dccp: don't duplicate ccid when cloning dccp sock
ptp: dp83640: don't define PAGE0
net-caif: avoid user-triggerable WARN_ON(1)
bnx2x: Fix enabling network interfaces without VFs
xen: reset legacy rtc flag for PV domU
platform/chrome: cros_ec_proto: Send command again when timeout occurs
memcg: enable accounting for pids in nested pid namespaces
* mm/hugetlb: initialize hugetlb_usage in mm_init
include/linux/hugetlb.h
kernel/fork.c
scsi: BusLogic: Fix missing pr_cont() use
parisc: fix crash with signals and alloca
net: w5100: check return value after calling platform_get_resource()
* net: fix NULL pointer reference in cipso_v4_doi_free
net/netlabel/netlabel_cipso_v4.c
ath9k: fix sleeping in atomic context
ath9k: fix OOB read ar9300_eeprom_restore_internal
parport: remove non-zero check on count
usbip: give back URBs for unsent unlink requests during cleanup
* Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
drivers/usb/host/xhci.c
cifs: fix wrong release in sess_alloc_buffer() failed path
mmc: rtsx_pci: Fix long reads when clock is prescaled
gfs2: Don't call dlm after protocol is unmounted
rpc: fix gss_svc_init cleanup on failure
ARM: tegra: tamonten: Fix UART pad setting
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
* Bluetooth: avoid circular locks in sco_sock_connect
net/bluetooth/sco.c
net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
* Bluetooth: skip invalid hci_sync_conn_complete_evt
net/bluetooth/hci_event.c
ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
staging: ks7010: Fix the initialization of the 'sleep_status' structure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
hvsi: don't panic on tty_register_driver failure
xtensa: ISS: don't panic in rs_init
serial: 8250: Define RX trigger levels for OxSemi 950 devices
s390/jump_label: print real address in a case of a jump label bug
* flow_dissector: Fix out-of-bounds warnings
net/core/flow_dissector.c
* ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
net/ipv4/ip_output.c
video: fbdev: riva: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
bpf/tests: Do not PASS tests without actually testing the result
bpf/tests: Fix copy-and-paste error in double word test
tty: serial: jsm: hold port lock when reporting modem line changes
staging: board: Fix uninitialized spinlock when attaching genpd
* usb: gadget: composite: Allow bMaxPower=0 if self-powered
drivers/usb/gadget/composite.c
* usb: gadget: u_ether: fix a potential null pointer dereference
drivers/usb/gadget/function/u_ether.c
usb: host: fotg210: fix the actual_length of an iso packet
usb: host: fotg210: fix the endpoint's transactional opportunities calculation
* Smack: Fix wrong semantics in smk_access_entry()
security/smack/smack_access.c
* netlink: Deal with ESRCH error in nlmsg_notify()
net/netlink/af_netlink.c
video: fbdev: kyro: fix a DoS bug by restricting user input
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
* PCI: Use pci_update_current_state() in pci_enable_device_flags()
drivers/pci/pci.c
crypto: mxs-dcp - Use sg_mapping_iter to copy data
MIPS: Malta: fix alignment of the devicetree buffer
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
openrisc: don't printk() unconditionally
* vfio: Use config not menuconfig for VFIO_NOIOMMU
drivers/vfio/Kconfig
* PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
drivers/pci/syscall.c
* PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
drivers/pci/quirks.c
ARM: 9105/1: atags_to_fdt: don't warn about stack size
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
media: rc-loopback: return number of emitters rather than error
media: uvc: don't do DMA on stack
VMCI: fix NULL pointer dereference when unmapping queue pair
power: supply: max17042: handle fails of reading status register
crypto: public_key: fix overflow during implicit conversion
xen: fix setting of max_pfn in shared_info
powerpc/perf/hv-gpci: Fix counter value parsing
* PCI/MSI: Skip masking MSI-X on Xen PV
drivers/pci/msi.c
rtc: tps65910: Correct driver module alias
* fbmem: don't allow too huge resolutions
drivers/video/fbdev/core/fbmem.c
clk: kirkwood: Fix a clocking boot regression
IMA: remove -Wmissing-prototypes warning
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
* tty: Fix data race between tiocsti() and flush_to_ldisc()
drivers/tty/tty_io.c
* ipv4: make exception cache less predictible
net/ipv4/route.c
bcma: Fix memory leak for internally-handled cores
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
i2c: mt65xx: fix IRQ check
CIFS: Fix a potencially linear read overflow
mmc: moxart: Fix issue with uninitialized dma_slave_config
mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
i2c: s3c2410: fix IRQ check
i2c: iop3xx: fix deferred probing
* Bluetooth: add timeout sanity check to hci_inquiry
net/bluetooth/hci_core.c
usb: gadget: mv_u3d: request_irq() after initializing UDC
usb: phy: tahvo: add IRQ check
usb: host: ohci-tmio: add IRQ check
* Bluetooth: Move shutdown callback before flushing tx and rx queue
net/bluetooth/hci_core.c
usb: phy: twl6030: add IRQ checks
usb: phy: fsl-usb: add IRQ check
usb: gadget: udc: at91: add IRQ check
drm/msm/dsi: Fix some reference counted resource leaks
* Bluetooth: fix repeated calls to sco_sock_kill
net/bluetooth/sco.c
arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
soc: qcom: smsm: Fix missed interrupts if state changes while masked
* PCI: PM: Enable PME if it can be signaled from D3cold
drivers/pci/pci.c
i2c: highlander: add IRQ check
* net: cipso: fix warnings in netlbl_cipsov4_add_std
net/netlabel/netlabel_cipso_v4.c
* tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
net/ipv4/tcp_ipv4.c
* Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
net/bluetooth/sco.c
media: go7007: remove redundant initialization
media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
* certs: Trigger creation of RSA module signing key if it's not an RSA key
certs/Makefile
crypto: qat - use proper type for vf_mask
spi: spi-pic32: Fix issue with uninitialized dma_slave_config
m68k: emu: Fix invalid free in nfeth_cleanup()
udf_get_extendedattr() had no boundary checks.
crypto: qat - do not export adf_iov_putmsg()
crypto: qat - fix naming for init/shutdown VF to PF notifications
crypto: qat - fix reuse of completion variable
crypto: qat - handle both source of interrupt in VF ISR
crypto: qat - do not ignore errors from enable_vf2pf_comms()
libata: fix ata_host_start()
power: supply: max17042_battery: fix typo in MAx17042_TOFF
udf: Check LVID earlier
crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors
crypto: mxs-dcp - Check for DMA mapping errors
* regmap: fix the offset of register error log
drivers/base/regmap/regmap.c
* PCI: Call Max Payload Size-related fixup quirks early
drivers/pci/quirks.c
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
* mm/page_alloc: speed up the iteration of max_order
mm/page_alloc.c
net: ll_temac: Remove left-over debug message
powerpc/boot: Delete unneeded .globl _zimage_start
powerpc/module64: Fix comment in R_PPC64_ENTRY handling
crypto: talitos - reduce max key size for SEC1
mm/kmemleak.c: make cond_resched() rate-limiting more efficient
s390/disassembler: correct disassembly lines alignment
* ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
net/ipv4/icmp.c
gfs2: Don't clear SGID when inheriting ACLs
nvme-pci: Fix an error handling path in 'nvme_probe()'
tc358743: fix register i2c_rd/wr function fix
* PM / wakeirq: Enable dedicated wakeirq for suspend
drivers/base/power/wakeirq.c
net/sched: cls_flower: Use mask for addr_type
USB: serial: mos7720: improve OOM-handling in read_mos_reg()
usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled
* igmp: Add ip_mc_list lock in ip_check_mc_rcu
net/ipv4/igmp.c
media: stkwebcam: fix memory leak in stk_camera_probe
ath9k: Postpone key cache entry deletion for TXQ frames reference it
ath: Modify ath_key_delete() to not need full key entry
ath: Export ath_hw_keysetmac()
ath9k: Clear key cache explicitly on disabling hardware
ath: Use safer key clearing with key cache entries
* ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
sound/core/pcm_lib.c
ARM: 8918/2: only build return_address() if needed
* cryptoloop: add a deprecation warning
drivers/block/Kconfig
perf/x86/amd/ibs: Work around erratum #1197
qede: Fix memset corruption
qed: Fix the VF msix vectors flow
xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
mtd: nand: atmel_nand: remove build warning in atmel_nand_remove()
* ext4: fix race writing to an inline_data file while its xattrs are changing
fs/ext4/inline.c
Merge 4.9.282 into android-4.9-q
Linux 4.9.282
Revert "floppy: reintroduce O_NDELAY fix"
KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
* fbmem: add margin check to fb_check_caps()
drivers/video/fbdev/core/fbmem.c
* vt_kdsetmode: extend console locking
drivers/tty/vt/vt_ioctl.c
net/rds: dma_map_sg is entitled to merge entries
vringh: Use wiov->used to check for read/write desc order
virtio: Improve vq->broken access to avoid any compiler optimization
net: marvell: fix MVNETA_TX_IN_PRGRS bit number
ip_gre: add validation for csum_start
e1000e: Fix the max snoop/no-snoop latency for 10M
IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
* usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
drivers/usb/dwc3/gadget.c
USB: serial: option: add new VID/PID to support Fibocom FG150
Revert "USB: serial: ch341: fix character loss at high transfer rates"
can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters
ARC: Fix CONFIG_STACKDEPOT
Bug: 201722185
Change-Id: Ia09164e3bcbce03e2a295154246ba064c9c35795
Signed-off-by: Wilson Sung <wilsonsung@google.com>
|
||
|
Greg Kroah-Hartman
|
dc1c320e16 |
Merge 4.9.283 into android-4.9-q
Changes in 4.9.283 ext4: fix race writing to an inline_data file while its xattrs are changing mtd: nand: atmel_nand: remove build warning in atmel_nand_remove() xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG qed: Fix the VF msix vectors flow qede: Fix memset corruption perf/x86/amd/ibs: Work around erratum #1197 cryptoloop: add a deprecation warning ARM: 8918/2: only build return_address() if needed ALSA: pcm: fix divide error in snd_pcm_lib_ioctl ath: Use safer key clearing with key cache entries ath9k: Clear key cache explicitly on disabling hardware ath: Export ath_hw_keysetmac() ath: Modify ath_key_delete() to not need full key entry ath9k: Postpone key cache entry deletion for TXQ frames reference it media: stkwebcam: fix memory leak in stk_camera_probe igmp: Add ip_mc_list lock in ip_check_mc_rcu usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled USB: serial: mos7720: improve OOM-handling in read_mos_reg() net/sched: cls_flower: Use mask for addr_type PM / wakeirq: Enable dedicated wakeirq for suspend tc358743: fix register i2c_rd/wr function fix nvme-pci: Fix an error handling path in 'nvme_probe()' gfs2: Don't clear SGID when inheriting ACLs ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) s390/disassembler: correct disassembly lines alignment mm/kmemleak.c: make cond_resched() rate-limiting more efficient crypto: talitos - reduce max key size for SEC1 powerpc/module64: Fix comment in R_PPC64_ENTRY handling powerpc/boot: Delete unneeded .globl _zimage_start net: ll_temac: Remove left-over debug message mm/page_alloc: speed up the iteration of max_order Revert "btrfs: compression: don't try to compress if we don't have enough pages" x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions PCI: Call Max Payload Size-related fixup quirks early regmap: fix the offset of register error log crypto: mxs-dcp - Check for DMA mapping errors power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() udf: Check LVID earlier power: supply: max17042_battery: fix typo in MAx17042_TOFF libata: fix ata_host_start() crypto: qat - do not ignore errors from enable_vf2pf_comms() crypto: qat - handle both source of interrupt in VF ISR crypto: qat - fix reuse of completion variable crypto: qat - fix naming for init/shutdown VF to PF notifications crypto: qat - do not export adf_iov_putmsg() udf_get_extendedattr() had no boundary checks. m68k: emu: Fix invalid free in nfeth_cleanup() spi: spi-pic32: Fix issue with uninitialized dma_slave_config crypto: qat - use proper type for vf_mask certs: Trigger creation of RSA module signing key if it's not an RSA key media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init media: dvb-usb: fix uninit-value in vp702x_read_mac_addr media: go7007: remove redundant initialization Bluetooth: sco: prevent information leak in sco_conn_defer_accept() tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos net: cipso: fix warnings in netlbl_cipsov4_add_std i2c: highlander: add IRQ check PCI: PM: Enable PME if it can be signaled from D3cold soc: qcom: smsm: Fix missed interrupts if state changes while masked Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 Bluetooth: fix repeated calls to sco_sock_kill drm/msm/dsi: Fix some reference counted resource leaks usb: gadget: udc: at91: add IRQ check usb: phy: fsl-usb: add IRQ check usb: phy: twl6030: add IRQ checks Bluetooth: Move shutdown callback before flushing tx and rx queue usb: host: ohci-tmio: add IRQ check usb: phy: tahvo: add IRQ check usb: gadget: mv_u3d: request_irq() after initializing UDC Bluetooth: add timeout sanity check to hci_inquiry i2c: iop3xx: fix deferred probing i2c: s3c2410: fix IRQ check mmc: dw_mmc: Fix issue with uninitialized dma_slave_config mmc: moxart: Fix issue with uninitialized dma_slave_config CIFS: Fix a potencially linear read overflow i2c: mt65xx: fix IRQ check usb: ehci-orion: Handle errors of clk_prepare_enable() in probe ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() bcma: Fix memory leak for internally-handled cores ipv4: make exception cache less predictible tty: Fix data race between tiocsti() and flush_to_ldisc() KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted IMA: remove -Wmissing-prototypes warning clk: kirkwood: Fix a clocking boot regression fbmem: don't allow too huge resolutions rtc: tps65910: Correct driver module alias PCI/MSI: Skip masking MSI-X on Xen PV powerpc/perf/hv-gpci: Fix counter value parsing xen: fix setting of max_pfn in shared_info crypto: public_key: fix overflow during implicit conversion power: supply: max17042: handle fails of reading status register VMCI: fix NULL pointer dereference when unmapping queue pair media: uvc: don't do DMA on stack media: rc-loopback: return number of emitters rather than error libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs ARM: 9105/1: atags_to_fdt: don't warn about stack size PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure vfio: Use config not menuconfig for VFIO_NOIOMMU openrisc: don't printk() unconditionally pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() MIPS: Malta: fix alignment of the devicetree buffer crypto: mxs-dcp - Use sg_mapping_iter to copy data PCI: Use pci_update_current_state() in pci_enable_device_flags() iio: dac: ad5624r: Fix incorrect handling of an optional regulator. video: fbdev: kyro: fix a DoS bug by restricting user input netlink: Deal with ESRCH error in nlmsg_notify() Smack: Fix wrong semantics in smk_access_entry() usb: host: fotg210: fix the endpoint's transactional opportunities calculation usb: host: fotg210: fix the actual_length of an iso packet usb: gadget: u_ether: fix a potential null pointer dereference usb: gadget: composite: Allow bMaxPower=0 if self-powered staging: board: Fix uninitialized spinlock when attaching genpd tty: serial: jsm: hold port lock when reporting modem line changes bpf/tests: Fix copy-and-paste error in double word test bpf/tests: Do not PASS tests without actually testing the result video: fbdev: asiliantfb: Error out if 'pixclock' equals zero video: fbdev: kyro: Error out if 'pixclock' equals zero video: fbdev: riva: Error out if 'pixclock' equals zero ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() flow_dissector: Fix out-of-bounds warnings s390/jump_label: print real address in a case of a jump label bug serial: 8250: Define RX trigger levels for OxSemi 950 devices xtensa: ISS: don't panic in rs_init hvsi: don't panic on tty_register_driver failure serial: 8250_pci: make setup_port() parameters explicitly unsigned staging: ks7010: Fix the initialization of the 'sleep_status' structure ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() Bluetooth: skip invalid hci_sync_conn_complete_evt ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() Bluetooth: avoid circular locks in sco_sock_connect gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() ARM: tegra: tamonten: Fix UART pad setting rpc: fix gss_svc_init cleanup on failure gfs2: Don't call dlm after protocol is unmounted mmc: rtsx_pci: Fix long reads when clock is prescaled cifs: fix wrong release in sess_alloc_buffer() failed path Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" usbip: give back URBs for unsent unlink requests during cleanup parport: remove non-zero check on count ath9k: fix OOB read ar9300_eeprom_restore_internal ath9k: fix sleeping in atomic context net: fix NULL pointer reference in cipso_v4_doi_free net: w5100: check return value after calling platform_get_resource() parisc: fix crash with signals and alloca scsi: BusLogic: Fix missing pr_cont() use mm/hugetlb: initialize hugetlb_usage in mm_init memcg: enable accounting for pids in nested pid namespaces platform/chrome: cros_ec_proto: Send command again when timeout occurs xen: reset legacy rtc flag for PV domU bnx2x: Fix enabling network interfaces without VFs net-caif: avoid user-triggerable WARN_ON(1) ptp: dp83640: don't define PAGE0 dccp: don't duplicate ccid when cloning dccp sock net/l2tp: Fix reference count leak in l2tp_udp_recv_core r6040: Restore MDIO clock frequency after MAC reset tipc: increase timeout in tipc_sk_enqueue() events: Reuse value read using READ_ONCE instead of re-reading it net/af_unix: fix a data-race in unix_dgram_poll tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() x86/mm: Fix kern_addr_valid() to cope with existing but not present entries dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation mfd: Don't use irq_create_mapping() to resolve a mapping net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 ethtool: Fix an error code in cxgb2.c PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' ARC: export clear_user_page() for modules net: dsa: b53: Fix calculating number of switch ports qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom net: renesas: sh_eth: Fix freeing wrong tx descriptor s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant Linux 4.9.283 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9e2017cce36805d71566ea1f265974a43bae33d1 |
||
|
zhenwei pi
|
a67d0cfe1a |
crypto: public_key: fix overflow during implicit conversion
commit f985911b7bc75d5c98ed24d8aaa8b94c590f7c6a upstream. Hit kernel warning like this, it can be reproduced by verifying 256 bytes datafile by keyctl command, run script: RAWDATA=rawdata SIGDATA=sigdata modprobe pkcs8_key_parser rm -rf *.der *.pem *.pfx rm -rf $RAWDATA dd if=/dev/random of=$RAWDATA bs=256 count=1 openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem \ -subj "/C=CN/ST=GD/L=SZ/O=vihoo/OU=dev/CN=xx.com/emailAddress=yy@xx.com" KEY_ID=`openssl pkcs8 -in key.pem -topk8 -nocrypt -outform DER | keyctl \ padd asymmetric 123 @s` keyctl pkey_sign $KEY_ID 0 $RAWDATA enc=pkcs1 hash=sha1 > $SIGDATA keyctl pkey_verify $KEY_ID 0 $RAWDATA $SIGDATA enc=pkcs1 hash=sha1 Then the kernel reports: WARNING: CPU: 5 PID: 344556 at crypto/rsa-pkcs1pad.c:540 pkcs1pad_verify+0x160/0x190 ... Call Trace: public_key_verify_signature+0x282/0x380 ? software_key_query+0x12d/0x180 ? keyctl_pkey_params_get+0xd6/0x130 asymmetric_key_verify_signature+0x66/0x80 keyctl_pkey_verify+0xa5/0x100 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x44/0xae The reason of this issue, in function 'asymmetric_key_verify_signature': '.digest_size(u8) = params->in_len(u32)' leads overflow of an u8 value, so use u32 instead of u8 for digest_size field. And reorder struct public_key_signature, it saves 8 bytes on a 64-bit machine. Cc: stable@vger.kernel.org Signed-off-by: zhenwei pi <pizhenwei@bytedance.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Lucas Wei
|
65e475187b |
Merge android-4.9-q (4.9.279) into android-msm-pixel-4.9-sc-lts
Merge 4.9.279 into android-4.9-q
Linux 4.9.279
spi: mediatek: Fix fifo transfer
can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
* Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
net/bluetooth/hci_core.c
* net: Fix zero-copy head len calculation.
net/core/skbuff.c
* r8152: Fix potential PM refcount imbalance
drivers/net/usb/r8152.c
regulator: rt5033: Fix n_voltages settings for BUCK and LDO
btrfs: mark compressed range uptodate only if all bio succeed
Merge 4.9.278 into android-4.9-q
Linux 4.9.278
sis900: Fix missing pci_disable_device() in probe and remove
tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
net/mlx5: Fix flow table chaining
* net: llc: fix skb_over_panic
include/net/llc_pdu.h
mlx4: Fix missing error code in mlx4_load_one()
tipc: fix sleeping in tipc accept routine
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
* netfilter: conntrack: adjust stop timestamp to real expiry value
net/netfilter/nf_conntrack_core.c
* cfg80211: Fix possible memory leak in function cfg80211_bss_update
net/wireless/scan.c
x86/asm: Ensure asm/proto.h can be included stand-alone
nfc: nfcsim: fix use after free during module unload
NIU: fix incorrect error return, missed in previous revert
can: esd_usb2: fix memory leak
can: ems_usb: fix memory leak
can: usb_8dev: fix memory leak
ocfs2: issue zeroout to EOF blocks
ocfs2: fix zero out valid data
x86/kvm: fix vcpu-id indexed array sizes
ARM: ensure the signal page contains defined contents
* lib/string.c: add multibyte memset functions
include/linux/string.h
lib/string.c
ARM: dts: versatile: Fix up interrupt controller node names
hfs: add lock nesting notation to hfs_find_init
hfs: fix high memory mapping in hfs_bnode_read
hfs: add missing clean-up in hfs_fill_super
* sctp: move 198 addresses from unusable to private scope
include/net/sctp/constants.h
net/802/garp: fix memleak in garp_request_join()
net/802/mrp: fix memleak in mrp_request_join()
* workqueue: fix UAF in pwq_unbound_release_workfn()
kernel/workqueue.c
* af_unix: fix garbage collect vs MSG_PEEK
net/unix/af_unix.c
* net: split out functions related to registering inflight socket files
include/net/af_unix.h
net/Makefile
net/unix/Kconfig
net/unix/Makefile
net/unix/af_unix.c
net/unix/garbage.c
net/unix/scm.c
net/unix/scm.h
tipc: Fix backport of b77413446408fdd256599daf00d5be72b5f3e7c6
iommu/amd: Fix backport of 140456f994195b568ecd7fc2287a34eadffef3ca
Merge 4.9.277 into android-4.9-q
Linux 4.9.277
btrfs: compression: don't try to compress if we don't have enough pages
iio: accel: bma180: Fix BMA25x bandwidth register values
iio: accel: bma180: Use explicit member assignment
net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
* tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
kernel/trace/ring_buffer.c
USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
USB: serial: cp210x: fix comments for GE CS1000
USB: serial: option: add support for u-blox LARA-R6 family
usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
usb: max-3421: Prevent corruption of freed memory
USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
* usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
drivers/usb/core/hub.c
KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
* xhci: Fix lost USB 2 remote wake
drivers/usb/host/xhci-hub.c
ALSA: sb: Fix potential ABBA deadlock in CSP driver
s390/ftrace: fix ftrace_update_ftrace_func implementation
Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one"
* proc: Avoid mixing integer types in mem_rw()
fs/proc/base.c
* Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
drivers/usb/core/quirks.c
scsi: target: Fix protect handling in WRITE SAME(32)
scsi: iscsi: Fix iface sysfs attr detection
netrom: Decrease sock refcount when sock timers expire
net: decnet: Fix sleeping inside in af_decnet
net: fix uninit-value in caif_seqpkt_sendmsg
s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
spi: mediatek: fix fifo rx mode
perf probe-file: Delete namelist in del_events() on the error path
perf test bpf: Free obj_buf
perf lzma: Close lzma stream on exit
igb: Check if num of q_vectors is smaller than max before array access
iavf: Fix an error handling path in 'iavf_probe()'
e1000e: Fix an error handling path in 'e1000_probe()'
fm10k: Fix an error handling path in 'fm10k_probe()'
igb: Fix an error handling path in 'igb_probe()'
ixgbe: Fix an error handling path in 'ixgbe_probe()'
* ipv6: tcp: drop silly ICMPv6 packet too big messages
net/ipv4/tcp_output.c
net/ipv6/tcp_ipv6.c
* tcp: annotate data races around tp->mtu_info
net/ipv4/tcp_ipv4.c
net/ipv6/tcp_ipv6.c
* net: validate lwtstate->data before returning from skb_tunnel_info()
include/net/dst_metadata.h
net: ti: fix UAF in tlan_remove_one
net: qcom/emac: fix UAF in emac_remove
net: moxa: fix UAF in moxart_mac_probe
net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
* net: bridge: sync fdb to new unicast-filtering ports
net/bridge/br_if.c
* net: ipv6: fix return value of ip6_skb_dst_mtu
include/net/ip6_route.h
net/ipv6/xfrm6_output.c
* sched/fair: Fix CFS bandwidth hrtimer expiry type
kernel/sched/fair.c
scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
rtc: max77686: Do not enforce (incorrect) interrupt trigger type
* kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
scripts/mkcompile_h
* thermal/core: Correct function name thermal_zone_device_unregister()
drivers/thermal/thermal_core.c
arm64: dts: juno: Update SCPI nodes as per the YAML schema
ARM: dts: stm32: fix RCC node name on stm32f429 MCU
ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
ARM: dts: BCM63xx: Fix NAND nodes names
ARM: brcmstb: dts: fix NAND nodes names
reset: ti-syscon: fix to_ti_syscon_reset_data macro
ARM: dts: rockchip: Fix power-controller node names for rk3288
ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
* ANDROID: selinux: modify RTM_GETNEIGH{TBL}
security/selinux/include/classmap.h
security/selinux/include/security.h
security/selinux/nlmsgtab.c
security/selinux/ss/policydb.c
security/selinux/ss/policydb.h
security/selinux/ss/services.c
Merge 4.9.276 into android-4.9-q
Linux 4.9.276
* seq_file: disallow extremely large seq buffer allocations
fs/seq_file.c
MIPS: vdso: Invalid GIC access through VDSO
mips: disable branch profiling in boot/decompress.o
mips: always link byteswap helpers into decompressor
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
memory: fsl_ifc: fix leak of private memory on probe failure
memory: fsl_ifc: fix leak of IO mapping on probe failure
* reset: bail if try_module_get() fails
drivers/reset/core.c
ARM: dts: r8a7779, marzen: Fix DU clock names
* rtc: fix snprintf() checking in is_rtc_hctosys()
drivers/rtc/rtc-proc.c
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
hexagon: use common DISCARDS macro
ALSA: isa: Fix error return code in snd_cmi8330_probe()
x86/fpu: Limit xstate copy size in xstateregs_set()
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
nfs: fix acl memory leak of posix_acl_create()
watchdog: aspeed: fix hardware timeout calculation
um: fix error return code in winch_tramp()
um: fix error return code in slip_open()
* power: supply: rt5033_battery: Fix device tree enumeration
drivers/power/supply/Kconfig
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
virtio_console: Assure used length from device is limited
virtio-blk: Fix memory leak among suspend/resume procedure
ACPI: AMBA: Fix resource name in /proc/iomem
pwm: tegra: Don't modify HW state in .remove callback
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
orangefs: fix orangefs df output.
x86/fpu: Return proper error codes from user access functions
watchdog: Fix possible use-after-free by calling del_timer_sync()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free in wdt_startup()
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
power: supply: ab8500: Avoid NULL pointers
pwm: spear: Don't modify HW state in .remove callback
lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
* i2c: core: Disable client irq on reboot/shutdown
drivers/i2c/i2c-core.c
ALSA: hda: Add IRQ check for platform_get_irq()
backlight: lm3630a: Fix return code of .update_status() callback
powerpc/boot: Fixup device-tree on little endian
usb: gadget: hid: fix error return code in hid_bind()
* usb: gadget: f_hid: fix endianness issue with descriptors
drivers/usb/gadget/function/f_hid.c
* ALSA: bebob: add support for ToneWeal FW66
sound/firewire/Kconfig
* ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
sound/soc/soc-core.c
selftests/powerpc: Fix "no_handler" EBB selftest
ALSA: ppc: fix error return code in snd_pmac_probe()
gpio: zynq: Check return value of pm_runtime_get_sync
powerpc/ps3: Add dma_mask to ps3_dma_region
ALSA: sb: Fix potential double-free of CSP mixer elements
s390/sclp_vt220: fix console name to match device
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
scsi: iscsi: Add iscsi_cls_conn refcount helpers
fs/jfs: Fix missing error code in lmLogInit()
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
* Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
sound/firewire/Kconfig
misc/libmasm/module: Fix two use after free in ibmasm_init_one
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
* fscrypt: don't ignore minor_hash when hash is 0
fs/crypto/fname.c
tracing: Do not reference char * as a string in histograms
* scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
drivers/scsi/hosts.c
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
* smackfs: restrict bytes count in smk_set_cipso()
security/smack/smackfs.c
jfs: fix GPF in diFree
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
media: gspca/sunplus: fix zero-length control requests
media: gspca/sq905: fix control-request direction
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: dtv5100: fix control-request directions
dm btree remove: assign new_root only when removal succeeds
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
* seq_buf: Fix overflow in seq_buf_putmem_hex()
lib/seq_buf.c
power: supply: ab8500: Fix an old bug
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ASoC: tegra: Set driver_name=tegra for all machine drivers
ata: ahci_sunxi: Disable DIPM
* mmc: core: clear flags before allowing to retune
drivers/mmc/core/core.c
* mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
drivers/mmc/host/sdhci.c
drivers/mmc/host/sdhci.h
pinctrl/amd: Add device HID for new AMD GPIO controller
powerpc/barrier: Avoid collision with clang's __lwsync macro
mac80211: fix memory corruption in EAPOL handling
can: bcm: delay release of struct bcm_op after synchronize_rcu()
can: gw: synchronize rcu operations before removing gw job entry
* fuse: reject internal errno
fs/fuse/dev.c
sctp: add size validation when walking chunks
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
* Bluetooth: Shutdown controller after workqueues are flushed or cancelled
net/bluetooth/hci_core.c
* Bluetooth: Fix the HCI to MGMT status conversion table
net/bluetooth/mgmt.c
RDMA/cma: Fix rdma_resolve_route() memory leak
* wireless: wext-spy: Fix out-of-bounds warning
net/wireless/wext-spy.c
sfc: error code if SRIOV cannot be disabled
sfc: avoid double pci_remove of VFs
RDMA/rxe: Don't overwrite errno from ib_umem_get()
atm: nicstar: register the interrupt handler in the right place
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
cw1200: add missing MODULE_DEVICE_TABLE
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
* xfrm: Fix error reporting in xfrm_state_construct.
net/xfrm/xfrm_user.c
* selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
security/selinux/avc.c
fjes: check return value after calling platform_get_resource()
net: micrel: check return value after calling platform_get_resource()
dm space maps: don't reset space map allocation cursor when committing
RDMA/cxgb4: Fix missing error code in create_qp()
* ipv6: use prandom_u32() for ID generation
net/ipv6/output_core.c
clk: tegra: Ensure that PLLU configuration is applied properly
e100: handle eeprom as little endian
udf: Fix NULL pointer dereference in udf_symlink function
drm/virtio: Fix double free on probe failure
reiserfs: add check for invalid 1st journal block
* net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
net/core/dev.c
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: iphase: fix possible use-after-free in ia_module_exit()
hugetlb: clear huge pte during flush function on mips platform
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
* scsi: core: Retry I/O for Notify (Enable Spinup) Required error
drivers/scsi/scsi_lib.c
mmc: vub3000: fix control-request direction
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
leds: ktd2692: Fix an error handling path
* configfs: fix memleak in configfs_release_bin_file
fs/configfs/file.c
extcon: max8997: Add missing modalias string
extcon: sm5502: Drop invalid register write in sm5502_reg_data
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
* of: Fix truncation of memory sizes on 32-bit platforms
drivers/of/fdt.c
drivers/of/of_reserved_mem.c
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
s390: appldata depends on PROC_SYSCTL
scsi: FlashPoint: Rename si_flags field
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
Input: hil_kbd - fix error return code in hil_dev_connect()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adis_buffer: do not return ints in irq handlers
tty: nozomi: Fix a resource leak in an error handling function
net: sched: fix warning in tcindex_alloc_perfect_hash
* writeback: fix obtain a reference to a freeing memcg css
fs/fs-writeback.c
* Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
net/bluetooth/mgmt.c
i40e: Fix error handling in i40e_vsi_open
vxlan: add missing rcu_read_lock() in neigh_reduce()
net: ethernet: ezchip: fix error handling
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: aeroflex: fix UAF in greth_of_remove
netfilter: nft_exthdr: check for IPv6 packet before further processing
* netlabel: Fix memory leak in netlbl_mgmt_add_common
net/netlabel/netlabel_mgmt.c
ath10k: Fix an error code in ath10k_add_interface()
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
* wireless: carl9170: fix LEDS build errors & warnings
drivers/net/wireless/ath/carl9170/Kconfig
drm: qxl: ensure surf.data is ininitialized
RDMA/rxe: Fix failure during driver load
ehea: fix error return code in ehea_restart_qps()
net: pch_gbe: Propagate error from devm_gpio_request_one()
ocfs2: fix snprintf() checking
ACPI: sysfs: Fix a buffer overrun problem with description_show()
crypto: nx - Fix RCU warning in nx842_OF_upd_status
spi: spi-sun6i: Fix chipselect/clock bug
hwmon: (max31790) Fix fan speed reporting for fan7..12
hwmon: (max31722) Remove non-standard ACPI device IDs
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
media: tc358743: Fix error return code in tc358743_probe_of()
pata_ep93xx: fix deferred probing
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_rb532_cf: fix deferred probing
sata_highbank: fix deferred probing
crypto: ux500 - Fix error return code in hash_hw_final()
crypto: ixp4xx - dma_unmap the correct address
media: s5p_cec: decrement usage count if disabled
ia64: mca_drv: fix incorrect array size calculation
ACPI: tables: Add custom DSDT file as makefile prerequisite
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
ACPI: bus: Call kobject_put() in acpi_init() error path
fs: dlm: fix memory leak when fenced
* random32: Fix implicit truncation warning in prandom_seed_state()
include/linux/prandom.h
fs: dlm: cancel work sync othercon
* block_dump: remove block_dump feature in mark_inode_dirty()
fs/fs-writeback.c
ACPI: processor idle: Fix up C-state latency if not ordered
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
* btrfs: disable build on platforms having page size 256K
fs/btrfs/Kconfig
btrfs: abort transaction if we fail to update the delayed inode
media: siano: fix device register error path
* media: dvb_net: avoid speculation from net slot
drivers/media/dvb-core/dvb_net.c
* crypto: shash - avoid comparing pointers to exported functions under CFI
crypto/shash.c
include/crypto/internal/hash.h
mmc: via-sdmmc: add a check against NULL pointer dereference
media: st-hva: Fix potential NULL pointer dereferences
media: bt8xx: Fix a missing check bug in bt878_probe
* media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
drivers/media/v4l2-core/v4l2-fh.c
crypto: qat - remove unused macro in FW loader
crypto: qat - check return code of qat_hal_rd_rel_reg()
media: pvrusb2: fix warning in pvr2_i2c_core_done
media: cobalt: fix race condition in setting HPD
media: cpia2: fix memory leak in cpia2_usb_probe
crypto: nx - add missing MODULE_DEVICE_TABLE
spi: omap-100k: Fix the length judgment problem
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
* fuse: check connected before queueing on fpq->io
fs/fuse/dev.c
* seq_buf: Make trace_seq_putmem_hex() support data longer than 8
lib/seq_buf.c
ssb: sdio: Don't overwrite const buffer if block_write fails
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
serial_cs: remove wrong GLOBETROTTER.cis entry
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
s390/cio: dont call css_wait_for_slow_path() inside a lock
SUNRPC: Should wake up the privileged task firstly.
SUNRPC: Fix the batch tasks count wraparound.
* ext4: fix avefreec in find_group_orlov
fs/ext4/ialloc.c
* ext4: remove check for zero nr_to_scan in ext4_es_scan()
fs/ext4/extents_status.c
* ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
fs/ext4/extents_status.c
* ext4: fix kernel infoleak via ext4_extent_header
fs/ext4/extents.c
btrfs: clear defrag status of a root if starting transaction fails
ARM: dts: at91: sama5d4: fix pinctrl muxing
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
* iov_iter_fault_in_readable() should do nothing in xarray case
lib/iov_iter.c
ntfs: fix validity check for file name attribute
USB: cdc-acm: blacklist Heimann USB Appset device
usb: gadget: eem: fix echo command packet response issue
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
Input: usbtouchscreen - fix control-request directions
media: dvb-usb: fix wrong definition
* ALSA: usb-audio: fix rate on Ozone Z90 USB headset
sound/usb/format.c
Merge 4.9.275 into android-4.9-q
Linux 4.9.275
xen/events: reset active flag for lateeoi events later
* kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
kernel/kthread.c
* kthread_worker: split code for canceling the delayed work timer
kernel/kthread.c
drm/nouveau: fix dma_address check for CPU/GPU sync
scsi: sr: Return appropriate error code when disk is ejected
* mm, futex: fix shared futex pgoff on shmem huge page
include/linux/hugetlb.h
include/linux/pagemap.h
kernel/futex.c
mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
* mm: add VM_WARN_ON_ONCE_PAGE() macro
include/linux/mmdebug.h
* include/linux/mmdebug.h: make VM_WARN* non-rvals
include/linux/mmdebug.h
Bug: 196282886
Change-Id: I727851b06571f0e9d7751d10a59b1edae838882c
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
94570581cc |
Merge 4.9.276 into android-4.9-q
Changes in 4.9.276
ALSA: usb-audio: fix rate on Ozone Z90 USB headset
media: dvb-usb: fix wrong definition
Input: usbtouchscreen - fix control-request directions
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
usb: gadget: eem: fix echo command packet response issue
USB: cdc-acm: blacklist Heimann USB Appset device
ntfs: fix validity check for file name attribute
iov_iter_fault_in_readable() should do nothing in xarray case
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
ARM: dts: at91: sama5d4: fix pinctrl muxing
btrfs: clear defrag status of a root if starting transaction fails
ext4: fix kernel infoleak via ext4_extent_header
ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
ext4: remove check for zero nr_to_scan in ext4_es_scan()
ext4: fix avefreec in find_group_orlov
SUNRPC: Fix the batch tasks count wraparound.
SUNRPC: Should wake up the privileged task firstly.
s390/cio: dont call css_wait_for_slow_path() inside a lock
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial_cs: remove wrong GLOBETROTTER.cis entry
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
ssb: sdio: Don't overwrite const buffer if block_write fails
seq_buf: Make trace_seq_putmem_hex() support data longer than 8
fuse: check connected before queueing on fpq->io
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: omap-100k: Fix the length judgment problem
crypto: nx - add missing MODULE_DEVICE_TABLE
media: cpia2: fix memory leak in cpia2_usb_probe
media: cobalt: fix race condition in setting HPD
media: pvrusb2: fix warning in pvr2_i2c_core_done
crypto: qat - check return code of qat_hal_rd_rel_reg()
crypto: qat - remove unused macro in FW loader
media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
media: bt8xx: Fix a missing check bug in bt878_probe
media: st-hva: Fix potential NULL pointer dereferences
mmc: via-sdmmc: add a check against NULL pointer dereference
crypto: shash - avoid comparing pointers to exported functions under CFI
media: dvb_net: avoid speculation from net slot
media: siano: fix device register error path
btrfs: abort transaction if we fail to update the delayed inode
btrfs: disable build on platforms having page size 256K
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
ACPI: processor idle: Fix up C-state latency if not ordered
block_dump: remove block_dump feature in mark_inode_dirty()
fs: dlm: cancel work sync othercon
random32: Fix implicit truncation warning in prandom_seed_state()
fs: dlm: fix memory leak when fenced
ACPI: bus: Call kobject_put() in acpi_init() error path
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
ACPI: tables: Add custom DSDT file as makefile prerequisite
ia64: mca_drv: fix incorrect array size calculation
media: s5p_cec: decrement usage count if disabled
crypto: ixp4xx - dma_unmap the correct address
crypto: ux500 - Fix error return code in hash_hw_final()
sata_highbank: fix deferred probing
pata_rb532_cf: fix deferred probing
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
pata_ep93xx: fix deferred probing
media: tc358743: Fix error return code in tc358743_probe_of()
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
hwmon: (max31722) Remove non-standard ACPI device IDs
hwmon: (max31790) Fix fan speed reporting for fan7..12
spi: spi-sun6i: Fix chipselect/clock bug
crypto: nx - Fix RCU warning in nx842_OF_upd_status
ACPI: sysfs: Fix a buffer overrun problem with description_show()
ocfs2: fix snprintf() checking
net: pch_gbe: Propagate error from devm_gpio_request_one()
ehea: fix error return code in ehea_restart_qps()
RDMA/rxe: Fix failure during driver load
drm: qxl: ensure surf.data is ininitialized
wireless: carl9170: fix LEDS build errors & warnings
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
ath10k: Fix an error code in ath10k_add_interface()
netlabel: Fix memory leak in netlbl_mgmt_add_common
netfilter: nft_exthdr: check for IPv6 packet before further processing
net: ethernet: aeroflex: fix UAF in greth_of_remove
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: ezchip: fix error handling
vxlan: add missing rcu_read_lock() in neigh_reduce()
i40e: Fix error handling in i40e_vsi_open
Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
writeback: fix obtain a reference to a freeing memcg css
net: sched: fix warning in tcindex_alloc_perfect_hash
tty: nozomi: Fix a resource leak in an error handling function
iio: adis_buffer: do not return ints in irq handlers
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
Input: hil_kbd - fix error return code in hil_dev_connect()
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
scsi: FlashPoint: Rename si_flags field
s390: appldata depends on PROC_SYSCTL
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
of: Fix truncation of memory sizes on 32-bit platforms
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
extcon: sm5502: Drop invalid register write in sm5502_reg_data
extcon: max8997: Add missing modalias string
configfs: fix memleak in configfs_release_bin_file
leds: ktd2692: Fix an error handling path
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mmc: vub3000: fix control-request direction
scsi: core: Retry I/O for Notify (Enable Spinup) Required error
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
hugetlb: clear huge pte during flush function on mips platform
atm: iphase: fix possible use-after-free in ia_module_exit()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
reiserfs: add check for invalid 1st journal block
drm/virtio: Fix double free on probe failure
udf: Fix NULL pointer dereference in udf_symlink function
e100: handle eeprom as little endian
clk: tegra: Ensure that PLLU configuration is applied properly
ipv6: use prandom_u32() for ID generation
RDMA/cxgb4: Fix missing error code in create_qp()
dm space maps: don't reset space map allocation cursor when committing
net: micrel: check return value after calling platform_get_resource()
fjes: check return value after calling platform_get_resource()
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
xfrm: Fix error reporting in xfrm_state_construct.
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
cw1200: add missing MODULE_DEVICE_TABLE
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
atm: nicstar: register the interrupt handler in the right place
RDMA/rxe: Don't overwrite errno from ib_umem_get()
sfc: avoid double pci_remove of VFs
sfc: error code if SRIOV cannot be disabled
wireless: wext-spy: Fix out-of-bounds warning
RDMA/cma: Fix rdma_resolve_route() memory leak
Bluetooth: Fix the HCI to MGMT status conversion table
Bluetooth: Shutdown controller after workqueues are flushed or cancelled
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
sctp: add size validation when walking chunks
fuse: reject internal errno
can: gw: synchronize rcu operations before removing gw job entry
can: bcm: delay release of struct bcm_op after synchronize_rcu()
mac80211: fix memory corruption in EAPOL handling
powerpc/barrier: Avoid collision with clang's __lwsync macro
pinctrl/amd: Add device HID for new AMD GPIO controller
mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
mmc: core: clear flags before allowing to retune
ata: ahci_sunxi: Disable DIPM
ASoC: tegra: Set driver_name=tegra for all machine drivers
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
power: supply: ab8500: Fix an old bug
seq_buf: Fix overflow in seq_buf_putmem_hex()
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
dm btree remove: assign new_root only when removal succeeds
media: dtv5100: fix control-request directions
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: gspca/sq905: fix control-request direction
media: gspca/sunplus: fix zero-length control requests
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
jfs: fix GPF in diFree
smackfs: restrict bytes count in smk_set_cipso()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
tracing: Do not reference char * as a string in histograms
fscrypt: don't ignore minor_hash when hash is 0
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
misc/libmasm/module: Fix two use after free in ibmasm_init_one
Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
fs/jfs: Fix missing error code in lmLogInit()
scsi: iscsi: Add iscsi_cls_conn refcount helpers
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
s390/sclp_vt220: fix console name to match device
ALSA: sb: Fix potential double-free of CSP mixer elements
powerpc/ps3: Add dma_mask to ps3_dma_region
gpio: zynq: Check return value of pm_runtime_get_sync
ALSA: ppc: fix error return code in snd_pmac_probe()
selftests/powerpc: Fix "no_handler" EBB selftest
ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
ALSA: bebob: add support for ToneWeal FW66
usb: gadget: f_hid: fix endianness issue with descriptors
usb: gadget: hid: fix error return code in hid_bind()
powerpc/boot: Fixup device-tree on little endian
backlight: lm3630a: Fix return code of .update_status() callback
ALSA: hda: Add IRQ check for platform_get_irq()
i2c: core: Disable client irq on reboot/shutdown
lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
pwm: spear: Don't modify HW state in .remove callback
power: supply: ab8500: Avoid NULL pointers
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
watchdog: Fix possible use-after-free in wdt_startup()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free by calling del_timer_sync()
x86/fpu: Return proper error codes from user access functions
orangefs: fix orangefs df output.
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
pwm: tegra: Don't modify HW state in .remove callback
ACPI: AMBA: Fix resource name in /proc/iomem
virtio-blk: Fix memory leak among suspend/resume procedure
virtio_console: Assure used length from device is limited
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
power: supply: rt5033_battery: Fix device tree enumeration
um: fix error return code in slip_open()
um: fix error return code in winch_tramp()
watchdog: aspeed: fix hardware timeout calculation
nfs: fix acl memory leak of posix_acl_create()
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
x86/fpu: Limit xstate copy size in xstateregs_set()
ALSA: isa: Fix error return code in snd_cmi8330_probe()
hexagon: use common DISCARDS macro
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
rtc: fix snprintf() checking in is_rtc_hctosys()
ARM: dts: r8a7779, marzen: Fix DU clock names
reset: bail if try_module_get() fails
memory: fsl_ifc: fix leak of IO mapping on probe failure
memory: fsl_ifc: fix leak of private memory on probe failure
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
mips: always link byteswap helpers into decompressor
mips: disable branch profiling in boot/decompress.o
MIPS: vdso: Invalid GIC access through VDSO
seq_file: disallow extremely large seq buffer allocations
Linux 4.9.276
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I595c090068eb1b1934b15a0d54394abc38b4b0cc
|
||
|
Ard Biesheuvel
|
35e9cf465b |
crypto: shash - avoid comparing pointers to exported functions under CFI
[ Upstream commit 22ca9f4aaf431a9413dcc115dd590123307f274f ] crypto_shash_alg_has_setkey() is implemented by testing whether the .setkey() member of a struct shash_alg points to the default version, called shash_no_setkey(). As crypto_shash_alg_has_setkey() is a static inline, this requires shash_no_setkey() to be exported to modules. Unfortunately, when building with CFI, function pointers are routed via CFI stubs which are private to each module (or to the kernel proper) and so this function pointer comparison may fail spuriously. Let's fix this by turning crypto_shash_alg_has_setkey() into an out of line function. Cc: Sami Tolvanen <samitolvanen@google.com> Cc: Eric Biggers <ebiggers@kernel.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
lucaswei
|
2b5e67e8a2 |
Merge android-4.9-q (4.9.232) into android-msm-pixel-4.9-lts
Merge 4.9.232 into android-4.9-q
Linux 4.9.232
perf: Make perf able to build with latest libbfd
perf tools: Fix snprint warnings for gcc 8
perf annotate: Use asprintf when formatting objdump command line
perf probe: Fix to check blacklist address correctly
xfs: set format back to extents if xfs_bmap_extents_to_btree
* regmap: debugfs: check count when read regmap file
drivers/base/regmap/regmap-debugfs.c
drivers/net/wan/x25_asy: Fix to make it work
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
* tcp: allow at most one TLP probe per flight
include/linux/tcp.h
net/ipv4/tcp_input.c
net/ipv4/tcp_output.c
AX.25: Prevent integer overflows in connect and sendmsg
rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
* net: udp: Fix wrong clean up for IS_UDPLITE macro
net/ipv4/udp.c
net/ipv6/udp.c
* net-sysfs: add a newline when printing 'tx_timeout' by sysfs
net/core/net-sysfs.c
* dev: Defer free of skbs in flush_backlog
net/core/dev.c
AX.25: Prevent out-of-bounds read in ax25_sendmsg()
AX.25: Fix out-of-bounds read in ax25_connect()
ath9k: Fix regression with Atheros 9271
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
io-mapping: indicate mapping failure
* mm/memcg: fix refcount error while moving and swapping
mm/memcontrol.c
* Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
Makefile
* vt: Reject zero-sized screen buffer size.
drivers/tty/vt/vt.c
serial: 8250_mtk: Fix high-speed baud rates clamping
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: wlan-ng: properly check endpoint types
Revert "cifs: Fix the target file was deleted when rename failed."
* usb: xhci: Fix ASM2142/ASM3142 DMA addressing
drivers/usb/host/xhci-pci.c
usb: xhci-mtk: fix the failure of bandwidth allocation
x86: math-emu: Fix up 'cmp' insn for clang ias
* arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
arch/arm64/kernel/debug-monitors.c
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
dmaengine: ioat setting ioat timeout as module parameter
* regmap: dev_get_regmap_match(): fix string comparison
drivers/base/regmap/regmap.c
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
* HID: apple: Disable Fn-key key-re-mapping on clone keyboards
drivers/hid/hid-apple.c
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
scripts/decode_stacktrace: strip basepath from all paths
net: smc91x: Fix possible memory leak in smc_drv_probe()
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
* ax88172a: fix ax88172a_unbind() failures
drivers/net/usb/ax88172a.c
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
bnxt_en: Fix race when modifying pause settings.
btrfs: fix mount failure caused by race with umount
btrfs: fix double free on ulist after backref resolution failure
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
* ALSA: info: Drop WARN_ON() from buffer NULL sanity check
sound/core/info.c
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
net: sky2: initialize return of gm_phy_read
drivers/net/wan/lapbether: Fixed the value of hard_header_len
xtensa: update *pos in cpuinfo_op.next
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
scsi: scsi_transport_spi: Fix function pointer check
mac80211: allow rx of mesh eapol frames with default rx key
pinctrl: amd: fix npins for uart0 in kerncz_groups
* UPSTREAM: xtables: extend matches and targets with .usersize
net/netfilter/xt_CT.c
net/netfilter/xt_TEE.c
net/netfilter/xt_bpf.c
net/netfilter/xt_connlimit.c
net/netfilter/xt_hashlimit.c
net/netfilter/xt_limit.c
net/netfilter/xt_quota.c
net/netfilter/xt_string.c
* UPSTREAM: ip6tables: use match, target and data copy_to_user helpers
net/ipv6/netfilter/ip6_tables.c
* UPSTREAM: iptables: use match, target and data copy_to_user helpers
net/ipv4/netfilter/ip_tables.c
* UPSTREAM: xtables: add xt_match, xt_target and data copy_to_user functions
include/linux/netfilter/x_tables.h
net/netfilter/x_tables.c
Merge 4.9.231 into android-4.9-q
Linux 4.9.231
x86/cpu: Move x86_cache_bits settings
* irqchip/gic: Atomically update affinity
drivers/irqchip/irq-gic.c
* sched/fair: handle case of task_h_load() returning 0
kernel/sched/fair.c
* arm64: ptrace: Override SPSR.SS when single-stepping is enabled
arch/arm64/include/asm/debug-monitors.h
arch/arm64/kernel/debug-monitors.c
arch/arm64/kernel/ptrace.c
misc: atmel-ssc: lock with mutex instead of spinlock
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
* timer: Fix wheel index calculation on last level
kernel/time/timer.c
uio_pdrv_genirq: fix use without device tree and no interrupt
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
mei: bus: don't clean driver pointer
* fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
fs/fuse/file.c
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
USB: serial: option: add Quectel EG95 LTE modem
USB: serial: option: add GosunCn GM500 series
USB: serial: ch341: add new Product ID for CH340
USB: serial: cypress_m8: enable Simply Automated UPB PIM
USB: serial: iuu_phoenix: fix memory corruption
usb: gadget: function: fix missing spinlock in f_uac1_legacy
usb: chipidea: core: add wakeup support for extcon
usb: dwc2: Fix shutdown callback in platform
USB: c67x00: fix use after free in c67x00_giveback_urb
* ALSA: usb-audio: Fix race against the error recovery URB submission
sound/usb/midi.c
ALSA: line6: Perform sanity check for each URB creation
* usb: core: Add a helper function to check the validity of EP type in URB
drivers/usb/core/urb.c
include/linux/usb.h
* HID: magicmouse: do not set up autorepeat
drivers/hid/hid-magicmouse.c
mtd: rawnand: brcmnand: fix CS0 layout
perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
Revert "thermal: mediatek: fix register index error"
staging: comedi: verify array index is correct before using it
usb: gadget: udc: atmel: fix uninitialized read in debug printk
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
iio:health:afe4404 Fix timestamp alignment and prevent data leak.
Revert "usb/ohci-platform: Fix a warning when hibernating"
* Revert "usb/xhci-plat: Set PM runtime as active on resume"
drivers/usb/host/xhci-plat.c
Revert "usb/ehci-platform: Set PM runtime as active on resume"
net: dsa: bcm_sf2: Fix node reference count
spi: fix initial SPI_SR value in spi-fsl-dspi
iio:health:afe4403 Fix timestamp alignment and prevent data leak.
iio:pressure:ms5611 Fix buffer element alignment
iio: pressure: zpa2326: handle pm_runtime_get_sync failure
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
iio: magnetometer: ak8974: Fix runtime PM imbalance on error
iio:magnetometer:ak8974: Fix alignment and data leak issues
i2c: eg20t: Load module automatically if ID matches
* cgroup: Fix sock_cgroup_data on big-endian.
include/linux/cgroup-defs.h
* cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
include/linux/cgroup-defs.h
include/linux/cgroup.h
kernel/cgroup.c
net/core/sock.c
* tcp: md5: allow changing MD5 keys in all socket states
net/ipv4/tcp.c
* tcp: md5: do not send silly options in SYNCOOKIES
net/ipv4/tcp_output.c
* tcp: make sure listeners don't initialize congestion-control state
net/ipv4/tcp.c
net/ipv4/tcp_cong.c
* genetlink: remove genl_bind
include/net/genetlink.h
net/netlink/genetlink.c
* tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
net/ipv4/tcp.c
net/ipv4/tcp_ipv4.c
* tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
net/ipv4/tcp.c
net/ipv4/tcp_ipv4.c
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
* net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
include/net/dst.h
llc: make sure applications use ARPHRD_ETHER
* l2tp: remove skb_dst_set() from l2tp_xmit_skb()
net/l2tp/l2tp_core.c
* ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
net/ipv4/ping.c
s390/mm: fix huge pte soft dirty copying
ARC: elf: use right ELF_ARCH
ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
drm/radeon: fix double free
btrfs: fix fatal extent_buffer readahead vs releasepage race
Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
KVM: x86: bit 8 of non-leaf PDPEs is not reserved
* KVM: arm64: Fix definition of PAGE_HYP_DEVICE
arch/arm64/include/asm/pgtable-prot.h
* ALSA: usb-audio: add quirk for MacroSilicon MS2109
sound/usb/quirks-table.h
ALSA: hda - let hs_mic be picked ahead of hp_mic
ALSA: opl3: fix infoleak in opl3
net: macb: mark device wake capable when "magic-packet" property present
bnxt_en: fix NULL dereference in case SR-IOV configuration fails
* arm64: kgdb: Fix single-step exception handling oops
arch/arm64/kernel/kgdb.c
* ALSA: compress: fix partial_drain completion state
include/sound/compress_driver.h
sound/core/compress_offload.c
smsc95xx: avoid memory leak in smsc95xx_bind
smsc95xx: check return value of smsc95xx_reset
net: cxgb4: fix return error value in t4_prep_fw
scsi: mptscsih: Fix read sense data size
ARM: imx6: add missing put_device() call in imx6q_suspend_init()
cifs: update ctime and mtime during truncate
s390/kasan: fix early pgm check handler execution
* spi: spidev: fix a potential use-after-free in spidev_release()
drivers/spi/spidev.c
* spi: spidev: fix a race between spidev_release and spidev_remove
drivers/spi/spidev.c
gpu: host1x: Detach driver on unregister
KVM: s390: reduce number of IO pins to 1
ANDROID: cuttlefish_defconfig: Drop built-in cmdline (except nopti)
Merge 4.9.230 into android-4.9-q
Linux 4.9.230
* efi: Make it possible to disable efivar_ssdt entirely
drivers/firmware/efi/Kconfig
* netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6
net/netfilter/nf_conntrack_h323_main.c
MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
cifs: Fix the target file was deleted when rename failed.
SMB3: Honor persistent/resilient handle flags for multiuser mounts
SMB3: Honor 'seal' flag for multiuser mounts
* Revert "ALSA: usb-audio: Improve frames size computation"
sound/usb/card.h
sound/usb/endpoint.c
sound/usb/endpoint.h
sound/usb/pcm.c
i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
virtio-blk: free vblk-vqs in error path of virtblk_probe()
hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add()
hwmon: (max6697) Make sure the OVERT mask is set correctly
cxgb4: parse TC-U32 key values and masks natively
* sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in milliseconds
include/linux/sched/sysctl.h
kernel/sched/core.c
kernel/sched/rt.c
kernel/sysctl.c
crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
* kgdb: Avoid suspicious RCU usage warning
kernel/debug/debug_core.c
usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
* mm/slub: fix stack overruns with SLUB_STATS
mm/slub.c
* mm/slub.c: fix corrupted freechain in deactivate_slab()
mm/slub.c
usbnet: smsc95xx: Fix use-after-free after removal
EDAC/amd64: Read back the scrub rate PCI register on F15h
* mm: fix swap cache node allocation mask
mm/swap_state.c
btrfs: fix data block group relocation failure due to concurrent scrub
btrfs: cow_file_range() num_bytes and disk_num_bytes are same
btrfs: fix a block group ref counter leak after failure to remove block group
Merge 4.9.229 into android-4.9-q
Linux 4.9.229
Revert "tty: hvc: Fix data abort due to race in hvc_open"
xfs: add agf freeblocks verify in xfs_agf_verify
NFSv4 fix CLOSE not waiting for direct IO compeletion
pNFS/flexfiles: Fix list corruption if the mirror count changes
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
sunrpc: fixed rollback in rpc_gssd_dummy_populate()
drm/radeon: fix fb_div check in ni_init_smc_spll_table()
* tracing: Fix event trigger to accept redundant spaces
kernel/trace/trace_events_trigger.c
* arm64: perf: Report the PC value in REGS_ABI_32 mode
arch/arm64/kernel/perf_regs.c
ocfs2: fix panic on nfs server over ocfs2
ocfs2: fix value of OCFS2_INVALID_SLOT
ocfs2: load global_inode_alloc
* mm/slab: use memzero_explicit() in kzfree()
mm/slab_common.c
KVM: X86: Fix MSR range of APIC registers in X2APIC mode
ACPI: sysfs: Fix pm_profile_attr type
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
* blktrace: break out of blktrace setup on concurrent calls
kernel/trace/blktrace.c
* kbuild: improve cc-option to clean up all temporary files
scripts/Kbuild.include
s390/ptrace: fix setting syscall number
net: alx: fix race condition in alx_remove
ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function
* sched/core: Fix PI boosting between RT and DEADLINE tasks
kernel/sched/core.c
netfilter: ipset: fix unaligned atomic access
usb: gadget: udc: Potential Oops in error handling code
ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
net: qed: fix excessive QM ILT lines consumption
net: qed: fix NVMe login fails over VFs
net: qed: fix left elements count calculation
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
cifs/smb3: Fix data inconsistent when zero file range
cifs/smb3: Fix data inconsistent when punch hole
* xhci: Poll for U0 after disabling USB2 LPM
drivers/usb/host/xhci.c
* ALSA: usb-audio: Fix OOB access of mixer element list
sound/usb/mixer.c
sound/usb/mixer.h
sound/usb/mixer_quirks.c
* ALSA: usb-audio: Clean up mixer element list traverse
sound/usb/mixer.c
sound/usb/mixer.h
sound/usb/mixer_quirks.c
sound/usb/mixer_scarlett.c
* ALSA: usb-audio: uac1: Invalidate ctl on interrupt
sound/usb/mixer.c
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
* xhci: Fix enumeration issue when setting max packet size for FS devices.
drivers/usb/host/xhci.c
* xhci: Fix incorrect EP_STATE_MASK
drivers/usb/host/xhci.h
* ALSA: usb-audio: add quirk for Denon DCD-1500RE
sound/usb/quirks.c
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
USB: ehci: reopen solution for Synopsys HC bug
* usb: add USB_QUIRK_DELAY_INIT for Logitech C922
drivers/usb/core/quirks.c
usb: dwc2: Postponed gadget registration to the udc class driver
USB: ohci-sm501: Add missed iounmap() in remove
* net: core: reduce recursion limit value
include/linux/netdevice.h
* net: Do not clear the sock TX queue in sk_set_socket()
include/net/sock.h
net/core/sock.c
* net: Fix the arp error in some cases
net/ipv4/fib_semantics.c
* sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
include/net/sctp/constants.h
* tcp: grow window for OOO packets only for SACK flows
net/ipv4/tcp_input.c
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
* tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
net/ipv4/tcp_cubic.c
* ip_tunnel: fix use-after-free in ip_tunnel_lookup()
net/ipv4/ip_tunnel.c
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
rxrpc: Fix notification call on completion of discarded calls
rocker: fix incorrect error handling in dma_rings_init
* net: usb: ax88179_178a: fix packet alignment padding
drivers/net/usb/ax88179_178a.c
* net: fix memleak in register_netdevice()
net/core/dev.c
* mld: fix memory leak in ipv6_mc_destroy_dev()
net/ipv6/mcast.c
fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()"
* net: sched: export __netdev_watchdog_up()
net/sched/sch_generic.c
* l2tp: Allow duplicate session creation with UDP
net/l2tp/l2tp_core.c
* scsi: scsi_devinfo: handle non-terminated strings
drivers/scsi/scsi_devinfo.c
mtd: rawnand: tmio: Fix the probe error path
mtd: rawnand: mtk: Fix the probe error path
mtd: rawnand: plat_nand: Fix the probe error path
mtd: rawnand: socrates: Fix the probe error path
mtd: rawnand: orion: Fix the probe error path
mtd: rawnand: xway: Fix the probe error path
mtd: rawnand: sharpsl: Fix the probe error path
mtd: rawnand: diskonchip: Fix the probe error path
mtd: rawnand: Pass a nand_chip object to nand_release()
* media: dvb_frontend: fix return error code
drivers/media/dvb-core/dvb_frontend.c
* media: dvb_frontend: fix wrong cast in compat_ioctl
drivers/media/dvb-core/dvb_frontend.c
* media: dvb_frontend: Add commands implementation for compat ioct
drivers/media/dvb-core/dvb_frontend.c
* media: dvb_frontend: Add compat_ioctl callback
drivers/media/dvb-core/dvb_frontend.c
fs/compat_ioctl.c
* media: dvb_frontend: Add unlocked_ioctl in dvb_frontend.c
drivers/media/dvb-core/dvb_frontend.c
* media: dvb_frontend: be sure to init dvb_frontend_handle_ioctl() return code
drivers/media/dvb-core/dvb_frontend.c
* media: dvb_frontend: dtv_property_process_set() cleanups
drivers/media/dvb-core/dvb_frontend.c
* media: dvb_frontend: fix return values for FE_SET_PROPERTY
drivers/media/dvb-core/dvb_frontend.c
include/uapi/linux/dvb/frontend.h
* media: dvb_frontend: better document the -EPERM condition
drivers/media/dvb-core/dvb_frontend.c
* media: dvb_frontend: get rid of property cache's state
drivers/media/dvb-core/dvb_frontend.c
drivers/media/dvb-core/dvb_frontend.h
* media: dvb_frontend: cleanup ioctl handling logic
drivers/media/dvb-core/dvb_frontend.c
* media: dvb_frontend: cleanup dvb_frontend_ioctl_properties()
drivers/media/dvb-core/dvb_frontend.c
* media: dvb_frontend: get rid of set_property() callback
drivers/media/dvb-core/dvb_frontend.c
drivers/media/dvb-core/dvb_frontend.h
media: friio-fe: get rid of set_property()
media: stv6110: get rid of a srate dead code
media: stv0288: get rid of set_property boilerplate
* media: dvb_frontend: get rid of get_property() callback
drivers/media/dvb-core/dvb_frontend.c
drivers/media/dvb-core/dvb_frontend.h
* media: dvb/frontend.h: document the uAPI file
include/uapi/linux/dvb/frontend.h
* media: dvb/frontend.h: move out a private internal structure
drivers/media/dvb-core/dvb_frontend.c
include/uapi/linux/dvb/frontend.h
* media: dvb_frontend: initialize variable s with FE_NONE instead of 0
drivers/media/dvb-core/dvb_frontend.c
* net: core: device_rename: Use rwsem instead of a seqcount
net/core/dev.c
* sched/rt, net: Use CONFIG_PREEMPTION.patch
net/core/dev.c
e1000e: Do not wake up the system via WOL if device wakeup is disabled
* kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
include/linux/kprobes.h
x86/kprobes: Avoid kretprobe recursion bug
powerpc/kprobes: Fixes for kprobe_lookup_name() on BE
kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
* crypto: algboss - don't wait during notifier callback
crypto/algboss.c
drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
s390: fix syscall_get_error for compat processes
* block: nr_sects_write(): Disable preemption on seqcount write
include/linux/genhd.h
x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
* drm/dp_mst: Increase ACT retry timeout to 3s
drivers/gpu/drm/drm_dp_mst_topology.c
* ext4: fix partial cluster initialization when splitting extent
fs/ext4/extents.c
* selinux: fix double free
security/selinux/ss/services.c
drm/qxl: Use correct notify port address when creating cursor ring
* drm/dp_mst: Reformat drm_dp_check_act_status() a bit
drivers/gpu/drm/drm_dp_mst_topology.c
* drm: encoder_slave: fix refcouting error for modules
drivers/gpu/drm/drm_encoder_slave.c
libata: Use per port sync for detach
* block: Fix use-after-free in blkdev_get()
fs/block_dev.c
bcache: fix potential deadlock problem in btree_gc_coalesce
perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events()
usb/ehci-platform: Set PM runtime as active on resume
* usb/xhci-plat: Set PM runtime as active on resume
drivers/usb/host/xhci-plat.c
scsi: acornscsi: Fix an error handling path in acornscsi_probe()
selftests/net: in timestamping, strncpy needs to preserve null byte
selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
* elfnote: mark all .note sections SHF_ALLOC
include/linux/elfnote.h
* include/linux/bitops.h: avoid clang shift-count-overflow warnings
include/linux/bitops.h
* lib/zlib: remove outdated and incorrect pre-increment optimization
lib/zlib_inflate/inffast.c
crypto: omap-sham - add proper load balancing support for multicore
pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
gfs2: Allow lock_nolock mount to specify jid=X
openrisc: Fix issue with argument clobbering for clone/fork
ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
clk: bcm2835: Fix return type of bcm2835_register_gate
* usb: gadget: Fix issue with config_ep_by_speed function
drivers/usb/gadget/composite.c
include/linux/usb/composite.h
usb: gadget: fix potential double-free in m66592_probe.
usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke
usb: dwc2: gadget: move gadget resume after the core is in L0 state
watchdog: da9062: No need to ping manually before setting timeout
IB/cma: Fix ports memory leak in cma_configfs
PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
powerpc/64s/pgtable: fix an undefined behaviour
clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
tty: n_gsm: Fix bogus i++ in gsm_data_kick
USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
usb/ohci-platform: Fix a warning when hibernating
vfio-pci: Mask cap zero
powerpc/ps3: Fix kexec shutdown hang
powerpc/pseries/ras: Fix FWNMI_VALID off by one
tty: n_gsm: Fix waking up upper tty layer when room available
tty: n_gsm: Fix SOF skipping
clk: ti: composite: fix memory leak
dlm: remove BUG() before panic()
scsi: mpt3sas: Fix double free warnings
power: supply: smb347-charger: IRQSTAT_D is volatile
power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()'
PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
PCI: rcar: Fix incorrect programming of OB windows
* drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish
drivers/base/platform.c
serial: amba-pl011: Make sure we initialize the port.lock spinlock
i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
staging: sm750fb: add missing case while setting FB_VISUAL
tty: hvc: Fix data abort due to race in hvc_open
s390/qdio: put thinint indicator after early error
* ALSA: usb-audio: Improve frames size computation
sound/usb/card.h
sound/usb/endpoint.c
sound/usb/endpoint.h
sound/usb/pcm.c
scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
scsi: sr: Fix sr_probe() missing deallocate of device minor
* mksysmap: Fix the mismatch of '.L' symbols in System.map
scripts/mksysmap
yam: fix possible memory leak in yam_init_driver
powerpc/crashkernel: Take "mem=" option into account
nfsd: Fix svc_xprt refcnt leak when setup callback client failed
powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run
clk: clk-flexgen: fix clock-critical handling
scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
mfd: wm8994: Fix driver operation if loaded as modules
vfio/pci: fix memory leaks in alloc_perm_bits()
ps3disk: use the default segment boundary
PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register
usblp: poison URBs upon disconnect
i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
iio: bmp280: fix compensation of humidity
scsi: qla2xxx: Fix issue with adapter's stopping state
ALSA: isa/wavefront: prevent out of bounds write in ioctl
ARM: integrator: Add some Kconfig selections
backlight: lp855x: Ensure regulators are disabled on probe failure
clk: qcom: msm8916: Fix the address location of pll->config_reg
iio: pressure: bmp280: Tolerate IRQ before registering
i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
clk: sunxi: Fix incorrect usage of round_down()
* power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
drivers/power/supply/Kconfig
Change-Id: I9fdac4691b013061a19d375293b7049b999830d0
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
65f1d995dc |
Merge 4.9.230 into android-4.9-q
Changes in 4.9.230 btrfs: fix a block group ref counter leak after failure to remove block group btrfs: cow_file_range() num_bytes and disk_num_bytes are same btrfs: fix data block group relocation failure due to concurrent scrub mm: fix swap cache node allocation mask EDAC/amd64: Read back the scrub rate PCI register on F15h usbnet: smsc95xx: Fix use-after-free after removal mm/slub.c: fix corrupted freechain in deactivate_slab() mm/slub: fix stack overruns with SLUB_STATS usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect kgdb: Avoid suspicious RCU usage warning crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock() sched/rt: Show the 'sched_rr_timeslice' SCHED_RR timeslice tuning knob in milliseconds cxgb4: parse TC-U32 key values and masks natively hwmon: (max6697) Make sure the OVERT mask is set correctly hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add() virtio-blk: free vblk-vqs in error path of virtblk_probe() i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665 Revert "ALSA: usb-audio: Improve frames size computation" SMB3: Honor 'seal' flag for multiuser mounts SMB3: Honor persistent/resilient handle flags for multiuser mounts cifs: Fix the target file was deleted when rename failed. MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 efi: Make it possible to disable efivar_ssdt entirely Linux 4.9.230 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Idfb59ec0247f0e8ba270f56daa689ee6f68d54bc |
||
|
Herbert Xu
|
04d462a6f4 |
crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
commit 34c86f4c4a7be3b3e35aa48bd18299d4c756064d upstream. The locking in af_alg_release_parent is broken as the BH socket lock can only be taken if there is a code-path to handle the case where the lock is owned by process-context. Instead of adding such handling, we can fix this by changing the ref counts to atomic_t. This patch also modifies the main refcnt to include both normal and nokey sockets. This way we don't have to fudge the nokey ref count when a socket changes from nokey to normal. Credits go to Mauricio Faria de Oliveira who diagnosed this bug and sent a patch for it: https://lore.kernel.org/linux-crypto/20200605161657.535043-1-mfo@canonical.com/ Reported-by: Brian Moyles <bmoyles@netflix.com> Reported-by: Mauricio Faria de Oliveira <mfo@canonical.com> Fixes: 37f96694cf73 ("crypto: af_alg - Use bh_lock_sock in...") Cc: <stable@vger.kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Petri Gynther
|
b582f0a068 |
LTS: Merge android-4.9 (4.9.150) into android-msm-bluecross-4.9
Merge android-4.9 common kernel (4.9.150) into B1/C1 master kernel. Bug: 115649324 Test: Manual testing Change-Id: Ib9f3e795d7f7711e3d353311c0faf0b69066870a Signed-off-by: Petri Gynther <pgynther@google.com> |
||
|
Wilson Sung
|
4fcb942b41 |
Merge LA.UM.7.8.9.C1.08.00.00.516.007 branch via qcom-msm-4.9 into android-msm-bluecross-4.9
Including 'qcom/release/LA.UM.7.8.9.08.00.00.478.137 in this merge. git checkout partner/android-msm-bluecross-4.9 -- drivers/media/platform/msm/camera/ \ drivers/media/platform/msm/camera_v2/ \ include/uapi/media/cam_req_mgr.h Conflicts: arch/arm64/boot/dts/qcom/sdm845-670-usb-common.dtsi block/bio.c block/blk-core.c block/blk-merge.c drivers/char/adsprpc.c drivers/gpio/gpio-msm-smp2p-test.c drivers/gpu/drm/msm/sde/sde_crtc.c drivers/gpu/drm/msm/sde/sde_encoder.c drivers/media/platform/msm/camera/cam_core/cam_context.c drivers/media/platform/msm/camera/cam_core/cam_node.c drivers/media/platform/msm/camera/cam_isp/isp_hw_mgr/cam_ife_hw_mgr.c drivers/media/platform/msm/camera/cam_sensor_module/cam_eeprom/cam_eeprom_core.c drivers/media/platform/msm/camera/cam_sensor_module/cam_ois/cam_ois_core.c drivers/media/platform/msm/camera/cam_sensor_module/cam_sensor_utils/cam_sensor_util.c drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c drivers/regulator/qpnp-labibb-regulator.c drivers/usb/dwc3/dwc3-msm.c fs/crypto/Makefile fs/crypto/fscrypt_ice.h fs/crypto/fscrypt_private.h fs/crypto/keyinfo.c fs/direct-io.c fs/ext4/super.c fs/f2fs/data.c fs/f2fs/f2fs.h fs/f2fs/file.c fs/f2fs/segment.c fs/f2fs/super.c fs/f2fs/sysfs.c include/linux/blk_types.h include/linux/bvec.h include/linux/fscrypt.h include/linux/fscrypt_supp.h kernel/events/core.c net/packet/af_packet.c security/pfe/pfk.c security/pfe/pfk_ext4.c security/pfe/pfk_fscrypt.c Bug: 121228685 Signed-off-by: Wilson Sung <wilsonsung@google.com> Change-Id: I20b3f0f5170a1f27e9424cd1394764d3ea267e33 |
||
|
Petri Gynther
|
82fb8eb1d4 |
Merge android-4.9 into android-msm-bluecross-4.9-lts
Merge android-4.9 common kernel into B1/C1 kernel LTS staging branch.
Since android-msm-bluecross-4.9-lts is currently merged to LTS 4.9.150,
I deliberately chose to merge only up to:
commit
|
||
|
Eric Biggers
|
481f661002 |
BACKPORT, FROMGIT: crypto: nhpoly1305 - add NHPoly1305 support
Add a generic implementation of NHPoly1305, an ε-almost-∆-universal hash function used in the Adiantum encryption mode. CONFIG_NHPOLY1305 is not selectable by itself since there won't be any real reason to enable it without also enabling Adiantum support. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 26609a21a9460145e37d90947ad957b358a05288 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Conflicts: crypto/testmgr.c crypto/testmgr.h Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: If6f00c01fab530fc2458c44ca111f84604cb85c1 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
cc786be83c |
FROMGIT: crypto: poly1305 - add Poly1305 core API
Expose a low-level Poly1305 API which implements the
ε-almost-∆-universal (εA∆U) hash function underlying the Poly1305 MAC
and supports block-aligned inputs only.
This is needed for Adiantum hashing, which builds an εA∆U hash function
from NH and a polynomial evaluation in GF(2^{130}-5); this polynomial
evaluation is identical to the one the Poly1305 MAC does. However, the
crypto_shash Poly1305 API isn't very appropriate for this because its
calling convention assumes it is used as a MAC, with a 32-byte "one-time
key" provided for every digest.
But by design, in Adiantum hashing the performance of the polynomial
evaluation isn't nearly as critical as NH. So it suffices to just have
some C helper functions. Thus, this patch adds such functions.
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 1b6fd3d5d18bbc1b1abf3b0cbc4b95a9a63d407b
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I5c7da7832b84dfe29c300e117a158740d3e39069
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Eric Biggers
|
888679d3b3 |
FROMGIT: crypto: poly1305 - use structures for key and accumulator
In preparation for exposing a low-level Poly1305 API which implements the ε-almost-∆-universal (εA∆U) hash function underlying the Poly1305 MAC and supports block-aligned inputs only, create structures poly1305_key and poly1305_state which hold the limbs of the Poly1305 "r" key and accumulator, respectively. These structures could actually have the same type (e.g. poly1305_val), but different types are preferable, to prevent misuse. Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 878afc35cd28bcd93cd3c5e1985ef39a104a4d45 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: If20a0f9d29d8ba1efd43a5eb3fafce7720afe565 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
bb31ed53ed |
BACKPORT, FROMGIT: crypto: chacha - add XChaCha12 support
Now that the generic implementation of ChaCha20 has been refactored to allow varying the number of rounds, add support for XChaCha12, which is the XSalsa construction applied to ChaCha12. ChaCha12 is one of the three ciphers specified by the original ChaCha paper (https://cr.yp.to/chacha/chacha-20080128.pdf: "ChaCha, a variant of Salsa20"), alongside ChaCha8 and ChaCha20. ChaCha12 is faster than ChaCha20 but has a lower, but still large, security margin. We need XChaCha12 support so that it can be used in the Adiantum encryption mode, which enables disk/file encryption on low-end mobile devices where AES-XTS is too slow as the CPUs lack AES instructions. We'd prefer XChaCha20 (the more popular variant), but it's too slow on some of our target devices, so at least in some cases we do need the XChaCha12-based version. In more detail, the problem is that Adiantum is still much slower than we're happy with, and encryption still has a quite noticeable effect on the feel of low-end devices. Users and vendors push back hard against encryption that degrades the user experience, which always risks encryption being disabled entirely. So we need to choose the fastest option that gives us a solid margin of security, and here that's XChaCha12. The best known attack on ChaCha breaks only 7 rounds and has 2^235 time complexity, so ChaCha12's security margin is still better than AES-256's. Much has been learned about cryptanalysis of ARX ciphers since Salsa20 was originally designed in 2005, and it now seems we can be comfortable with a smaller number of rounds. The eSTREAM project also suggests the 12-round version of Salsa20 as providing the best balance among the different variants: combining very good performance with a "comfortable margin of security". Note that it would be trivial to add vanilla ChaCha12 in addition to XChaCha12. However, it's unneeded for now and therefore is omitted. As discussed in the patch that introduced XChaCha20 support, I considered splitting the code into separate chacha-common, chacha20, xchacha20, and xchacha12 modules, so that these algorithms could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit aa7624093cb7fbf4fea95e612580d8d29a819f67 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Conflicts: crypto/chacha_generic.c (backported from skcipher to blkcipher API) (adjusted test vector formatting for old testmgr) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I876a5be92e9f583effcd35a4b66a36608ac581f0 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
b8181f36dc |
BACKPORT, FROMGIT: crypto: chacha20-generic - refactor to allow varying number of rounds
In preparation for adding XChaCha12 support, rename/refactor
chacha20-generic to support different numbers of rounds. The
justification for needing XChaCha12 support is explained in more detail
in the patch "crypto: chacha - add XChaCha12 support".
The only difference between ChaCha{8,12,20} are the number of rounds
itself; all other parts of the algorithm are the same. Therefore,
remove the "20" from all definitions, structures, functions, files, etc.
that will be shared by all ChaCha versions.
Also make ->setkey() store the round count in the chacha_ctx (previously
chacha20_ctx). The generic code then passes the round count through to
chacha_block(). There will be a ->setkey() function for each explicitly
allowed round count; the encrypt/decrypt functions will be the same. I
decided not to do it the opposite way (same ->setkey() function for all
round counts, with different encrypt/decrypt functions) because that
would have required more boilerplate code in architecture-specific
implementations of ChaCha and XChaCha.
Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit 1ca1b917940c24ca3d1f490118c5474168622953
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master)
Conflicts:
arch/arm/crypto/chacha20-neon-glue.c
arch/arm64/crypto/chacha20-neon-glue.c
arch/x86/crypto/chacha20_glue.c
drivers/char/random.c
drivers/crypto/caam/caamalg.c
drivers/crypto/caam/caamalg_qi2.c
drivers/crypto/caam/compat.h
include/crypto/chacha20.h
lib/Makefile
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: I7fa203ddc7095ce8675a32f49b8a5230cd0cf5f6
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Eric Biggers
|
1141ebc576 |
BACKPORT, FROMGIT: crypto: chacha20-generic - add XChaCha20 support
Add support for the XChaCha20 stream cipher. XChaCha20 is the application of the XSalsa20 construction (https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or 96 bits, depending on convention) to 192 bits, while provably retaining ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the key and first 128 nonce bits to a 256-bit subkey. Then, it does the ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce. We need XChaCha support in order to add support for the Adiantum encryption mode. Note that to meet our performance requirements, we actually plan to primarily use the variant XChaCha12. But we believe it's wise to first add XChaCha20 as a baseline with a higher security margin, in case there are any situations where it can be used. Supporting both variants is straightforward. Since XChaCha20's subkey differs for each request, XChaCha20 can't be a template that wraps ChaCha20; that would require re-keying the underlying ChaCha20 for every request, which wouldn't be thread-safe. Instead, we make XChaCha20 its own top-level algorithm which calls the ChaCha20 streaming implementation internally. Similar to the existing ChaCha20 implementation, we define the IV to be the nonce and stream position concatenated together. This allows users to seek to any position in the stream. I considered splitting the code into separate chacha20-common, chacha20, and xchacha20 modules, so that chacha20 and xchacha20 could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity of separate modules. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit de61d7ae5d3789dcba3749a418f76613fbee8414 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Conflicts: crypto/chacha20_generic.c include/crypto/chacha20.h (backported from skcipher to blkcipher API) (adjusted test vector formatting for old testmgr) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
bc41a67caf |
FROMGIT: crypto: chacha20-generic - add HChaCha20 library function
Refactor the unkeyed permutation part of chacha20_block() into its own function, then add hchacha20_block() which is the ChaCha equivalent of HSalsa20 and is an intermediate step towards XChaCha20 (see https://cr.yp.to/snuffle/xsalsa-20081128.pdf). HChaCha20 skips the final addition of the initial state, and outputs only certain words of the state. It should not be used for streaming directly. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit dd333449d0fb667c5250c42488a7e90470e16c77 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I5b7e92b39ada49343cbdf21e4c6d7c1aa1adf183 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
ede5c83359 |
BACKPORT: crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
In commit 9f480faec58c ("crypto: chacha20 - Fix keystream alignment for
chacha20_block()"), I had missed that chacha20_block() can be called
directly on the buffer passed to get_random_bytes(), which can have any
alignment. So, while my commit didn't break anything, it didn't fully
solve the alignment problems.
Revert my solution and just update chacha20_block() to use
put_unaligned_le32(), so the output buffer need not be aligned.
This is simpler, and on many CPUs it's the same speed.
But, I kept the 'tmp' buffers in extract_crng_user() and
_get_random_bytes() 4-byte aligned, since that alignment is actually
needed for _crng_backtrack_protect() too.
Reported-by: Stephan Müller <smueller@chronox.de>
Cc: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
(cherry picked from commit a5e9f557098e54af44ade5d501379be18435bfbf)
Conflicts:
drivers/char/random.c
Bug: 112008522
Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b
Change-Id: Ic355d2416330ae2f4a50cb7064633810e35a93bf
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Eric Biggers
|
12b2fb03cb |
BACKPORT: crypto: chacha20 - Fix keystream alignment for chacha20_block()
When chacha20_block() outputs the keystream block, it uses 'u32' stores directly. However, the callers (crypto/chacha20_generic.c and drivers/char/random.c) declare the keystream buffer as a 'u8' array, which is not guaranteed to have the needed alignment. Fix it by having both callers declare the keystream as a 'u32' array. For now this is preferable to switching over to the unaligned access macros because chacha20_block() is only being used in cases where we can easily control the alignment (stack buffers). Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 9f480faec58cd6197a007ea1dcac6b7c3daf1139) Conflicts: drivers/char/random.c Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I7557b2ca2ace0e19e97e997659857b3fa7a2b540 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Alistair Strachan
|
5c9027cbd4 |
Revert "FROMGIT: crypto: speck - export common helpers"
This reverts commit
|
||
|
Petri Gynther
|
cb9d0cdedd |
Merge 4.9.122 into android-msm-bluecross-4.9-lts
Linux 4.9.122
x86/speculation/l1tf: Exempt zeroed PTEs from inversion
Linux 4.9.121
x86/mm: Add TLB purge to free pmd/pte page interfaces
* ioremap: Update pgtable free interfaces with addr
arch/arm64/mm/mmu.c
include/asm-generic/pgtable.h
lib/ioremap.c
Bluetooth: hidp: buffer overflow in hidp_process_report
ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization
* crypto: ablkcipher - fix crash flushing dcache in error path
crypto/ablkcipher.c
* crypto: blkcipher - fix crash flushing dcache in error path
crypto/blkcipher.c
crypto: vmac - separate tfm and request context
crypto: vmac - require a block cipher with 128-bit block size
crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2()
kbuild: verify that $DEPMOD is installed
i2c: ismt: fix wrong device address when unmap the data buffer
* kasan: don't emit builtin calls when sanitization is off
Makefile
scripts/Makefile.kasan
scripts/Makefile.lib
x86/mm: Disable ioremap free page handling on x86-PAE
x86: i8259: Add missing include file
x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled
Change-Id: Ic59cf042f3f157e9a113779a0220a1b8986d0c30
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Neeraj Soni
|
6fe27abb8d |
security: pfe: Set DUN size accroding to file system and storage type
EXT4 FS and F2FS has different way of setting Data Unit Number (DUN) size value for UFS and eMMC storage devices. EXT4 FS uses sector number while F2FS uses inode|pgidx. Check Storage and file system type before setting the DUN value in Inline Crypto Engine (ICE). Change-Id: If822863893fc0725a5ff0410e7418c352ad70fc1 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
681e57bb08 |
Merge 4.9.121 into android-4.9
Changes in 4.9.121 x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled x86: i8259: Add missing include file x86/mm: Disable ioremap free page handling on x86-PAE kasan: don't emit builtin calls when sanitization is off i2c: ismt: fix wrong device address when unmap the data buffer kbuild: verify that $DEPMOD is installed crypto: x86/sha256-mb - fix digest copy in sha256_mb_mgr_get_comp_job_avx2() crypto: vmac - require a block cipher with 128-bit block size crypto: vmac - separate tfm and request context crypto: blkcipher - fix crash flushing dcache in error path crypto: ablkcipher - fix crash flushing dcache in error path ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization Bluetooth: hidp: buffer overflow in hidp_process_report ioremap: Update pgtable free interfaces with addr x86/mm: Add TLB purge to free pmd/pte page interfaces Linux 4.9.121 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
81ad8a8e86 |
crypto: vmac - separate tfm and request context
commit bb29648102335586e9a66289a1d98a0cb392b6e5 upstream.
syzbot reported a crash in vmac_final() when multiple threads
concurrently use the same "vmac(aes)" transform through AF_ALG. The bug
is pretty fundamental: the VMAC template doesn't separate per-request
state from per-tfm (per-key) state like the other hash algorithms do,
but rather stores it all in the tfm context. That's wrong.
Also, vmac_final() incorrectly zeroes most of the state including the
derived keys and cached pseudorandom pad. Therefore, only the first
VMAC invocation with a given key calculates the correct digest.
Fix these bugs by splitting the per-tfm state from the per-request state
and using the proper init/update/final sequencing for requests.
Reproducer for the crash:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
int fd;
struct sockaddr_alg addr = {
.salg_type = "hash",
.salg_name = "vmac(aes)",
};
char buf[256] = { 0 };
fd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(fd, (void *)&addr, sizeof(addr));
setsockopt(fd, SOL_ALG, ALG_SET_KEY, buf, 16);
fork();
fd = accept(fd, NULL, NULL);
for (;;)
write(fd, buf, 256);
}
The immediate cause of the crash is that vmac_ctx_t.partial_size exceeds
VMAC_NHBYTES, causing vmac_final() to memset() a negative length.
Reported-by: syzbot+264bca3a6e8d645550d3@syzkaller.appspotmail.com
Fixes:
|
||
|
Giovanni Cabiddu
|
b11a373118 |
UPSTREAM: crypto: acomp - add driver-side scomp interface
Add a synchronous back-end (scomp) to acomp. This allows to easily expose the already present compression algorithms in LKCF via acomp. Bug: 111209481 Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 1ab53a77b772bf7369464a0e4fa6fd6499acf8f1) Signed-off-by: Martin Liu <liumartin@google.com> Change-Id: Id2a9cb035627965803814511390dbe56d340e726 |
||
|
Giovanni Cabiddu
|
cea1d67a88 |
UPSTREAM: crypto: acomp - add asynchronous compression api
Add acomp, an asynchronous compression api that uses scatterlist buffers. Bug: 111209481 Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 2ebda74fd6c9d3fc3b9f0234fc519795e23025a5) Signed-off-by: Martin Liu <liumartin@google.com> Change-Id: Ib4201454bfe8ce5ecf3a9dde1959836a64fbc96b |
||
|
Cyan_Hsieh
|
e9eb3984e2 |
Merge LA.UM.7.3.9.08.00.00.385.328 via branch qcom-msm-4.9 into android-msm-bluecross-4.9
Merge Qualcomm's LA.UM.7.3.9.08.00.00.385.328 Removed camera related changes with git checkout partner/android-msm-bluecross-4.9 -- drivers/media/platform/msm/camera/ \ drivers/media/platform/msm/camera_v2/ \ include/uapi/media/cam_req_mgr.h Conflicts: Documentation/devicetree/bindings/drm/msm/mdss-dsi-panel.txt Documentation/filesystems/f2fs.txt Makefile arch/Kconfig arch/arm64/Kconfig arch/arm64/boot/dts/qcom/sdm845-v2.dtsi arch/arm64/crypto/Makefile arch/arm64/kernel/entry.S arch/arm64/kernel/vdso/Makefile drivers/firmware/efi/libstub/Makefile drivers/gpu/drm/msm/dsi-staging/dsi_display.c drivers/gpu/drm/msm/sde/sde_kms.c drivers/hwtracing/coresight/coresight-event.c drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c drivers/misc/Makefile drivers/power/supply/qcom/Kconfig drivers/power/supply/qcom/Makefile fs/crypto/fscrypt_private.h fs/f2fs/data.c fs/f2fs/f2fs.h fs/f2fs/file.c fs/f2fs/segment.c fs/f2fs/super.c fs/f2fs/inode.c fs/f2fs/sysfs.c include/linux/compiler-clang.h include/linux/compiler.h include/linux/fscrypt.h include/linux/init.h include/linux/jiffies.h include/trace/events/sched.h kernel/Makefile kernel/cfi.c kernel/sched/core.c kernel/sched/fair.c mm/filemap.c Bug: 80274434 Change-Id: I8640c44aa3978666364fd08bb9b8748e95a1e3ff Signed-off-by: aaronding <aaronding@google.com> Signed-off-by: Cyan_Hsieh <cyanhsieh@google.com> |
||
|
Chris Fries
|
87d93019a2 |
Revert "crypto: Remove crypto block device from encryption path"
This reverts commit
|
||
|
Cyan_Hsieh
|
6cca606fe5 |
Merge LA.UM.7.3.9.08.00.00.385.300 via branch qcom-msm-4.9 into android-msm-bluecross-4.9
Merge Qualcomm's LA.UM.7.3.9.08.00.00.385.300 Removed camera related changes with git checkout partner/android-msm-bluecross-4.9 -- drivers/media/platform/msm/camera/ \ drivers/media/platform/msm/camera_v2/ \ include/uapi/media/cam_req_mgr.h Change-Id: Iaace725f748e5feeebaabbcbaa3823e4ed6ef8a1 Bug: 79367535 Signed-off-by: Chris Fries <cfries@google.com> |
||
|
Linux Build Service Account
|
828681426c | Merge "crypto:msm: fix compilation issue for crypto APIs" | ||
|
Neeraj Soni
|
e28f2aed7a |
crypto:msm: fix compilation issue for crypto APIs
New APIs introduced as part of new FDE design can not be referenced if driver config flag is not defined. Provide a dummy reference to handle this case. Change-Id: I7cfacd34ffca8cb156e3b12b6f29586950bf1ad8 Signed-off-by: Neeraj Soni <neersoni@codeaurora.org> |
||
|
Linux Build Service Account
|
3479f91f30 | Merge "crypto: Remove crypto block device from encryption path" |