vic-testing
992 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
6eadd45e0a |
Merge branch 'android-4.9-q' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.9
* 'android-4.9-q' of https://android.googlesource.com/kernel/common: UPSTREAM: ipv6: raw: Deduct extension header length in rawv6_push_pending_frames UPSTREAM: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. Linux 4.9.337 ext4: initialize quota before expanding inode in setproject ioctl ext4: avoid BUG_ON when creating xattrs ext4: fix error code return to user-space in ext4_get_branch() ext4: init quota for 'old.inode' in 'ext4_rename' ext4: fix bug_on in __es_tree_search caused by bad boot loader inode ext4: fix undefined behavior in bit shift for ext4_check_flag_values ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop drm/vmwgfx: Validate the box size for the snooped cursor drm/connector: send hotplug uevent on connector cleanup device_cgroup: Roll back to original exceptions after copy failure parisc: led: Fix potential null-ptr-deref in start_task() iommu/amd: Fix ivrs_acpihid cmdline parsing code crypto: n2 - add missing hash statesize PCI/sysfs: Fix double free in error path cifs: fix confusing debug message media: dvb-core: Fix double free in dvb_register_device() ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line dm cache: set needs_check flag after aborting metadata dm cache: Fix UAF in destroy() dm thin: Fix UAF in run_timer_softirq() dm thin: Use last transaction's pmd->root when commit failed dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort ARM: ux500: do not directly dereference __iomem ktest.pl minconfig: Unset configs instead of just removing them media: stv0288: use explicitly signed char mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING md: fix a crash in mempool_free pnode: terminate at peers of source ALSA: line6: fix stack overflow in line6_midi_transmit ALSA: line6: correct midi status byte when receiving data from podxt hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount HID: plantronics: Additional PIDs for double volume key presses quirk powerpc/rtas: avoid scheduling in rtas_os_term() gcov: add support for checksum field iio: adc: ad_sigma_delta: do not use internal iio_dev lock reiserfs: Add missing calls to reiserfs_security_free() HID: wacom: Ensure bootloader PID is usable in hidraw mode ASoC: rt5670: Remove unbalanced pm_runtime_put() ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() ASoC: wm8994: Fix potential deadlock ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() clk: st: Fix memory leak in st_of_quadfs_setup() media: si470x: Fix use-after-free in si470x_int_in_callback() mmc: f-sdh30: Add quirks for broken timeout clock capability blk-mq: fix possible memleak when register 'hctx' failed media: dvb-usb: fix memory leak in dvb_usb_adapter_init() media: dvb-frontends: fix leak of memory fw ppp: associate skb with a device at tx mrp: introduce active flags to prevent UAF when applicant uninit md/raid1: stop mdx_raid1 thread when raid1 array run failed drm/sti: Use drm_mode_copy() s390/lcs: Fix return type of lcs_start_xmit() s390/netiucv: Fix return type of netiucv_tx() s390/ctcm: Fix return type of ctc{mp,}m_tx() igb: Do not free q_vector unless new one was allocated wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() hamradio: baycom_epp: Fix return type of baycom_send_packet() net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() ipmi: fix memleak when unload ipmi driver wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out wifi: ath9k: verify the expected usb_endpoints are present hfs: fix OOB Read in __hfs_brec_find acct: fix potential integer overflow in encode_comp_t() nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() ACPICA: Fix error code path in acpi_ds_call_control_method() fs: jfs: fix shift-out-of-bounds in dbDiscardAG udf: Avoid double brelse() in udf_rename() fs: jfs: fix shift-out-of-bounds in dbAllocAG binfmt_misc: fix shift-out-of-bounds in check_special_flags net: stream: purge sk_error_queue in sk_stream_kill_queues() myri10ge: Fix an error handling path in myri10ge_probe() net_sched: reject TCF_EM_SIMPLE case for complex ematch module skbuff: Account for tail adjustment during pull operations openvswitch: Fix flow lookup to use unmasked key r6040: Fix kmemleak in probe and remove nfc: pn533: Clear nfc_target before being used mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() selftests/powerpc: Fix resource leaks powerpc/hv-gpci: Fix hv_gpci event list powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() powerpc/perf: callchain validate kernel stack pointer bounds powerpc/52xx: Fix a resource leak in an error handling path macintosh/macio-adb: check the return value of ioremap() macintosh: fix possible memory leak in macio_add_one_device() iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() rtc: snvs: Allow a time difference on clock register read include/uapi/linux/swab: Fix potentially missing __always_inline HSI: omap_ssi_core: Fix error handling in ssi_init() power: supply: fix residue sysfs file in error handle route of __power_supply_register() HSI: omap_ssi_core: fix possible memory leak in ssi_probe() HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() fbdev: vermilion: decrease reference count in error path fbdev: via: Fix error in via_core_init() fbdev: pm2fb: fix missing pci_disable_device() fbdev: ssd1307fb: Drop optional dependency usb: storage: Add check for kcalloc i2c: ismt: Fix an out-of-bounds bug in ismt_access() vme: Fix error not catched in fake_init() staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() staging: rtl8192u: Fix use after free in ieee80211_rx() i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe chardev: fix error handling in cdev_device_add() mcb: mcb-parse: fix error handing in chameleon_parse_gdd() drivers: mcb: fix resource leak in mcb_probe() cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() serial: sunsab: Fix error handling in sunsab_init() serial: pch: Fix PCI device refcount leak in pch_request_dma() serial: amba-pl011: avoid SBSA UART accessing DMACR register staging: vme_user: Fix possible UAF in tsi148_dma_list_add usb: fotg210-udc: Fix ages old endianness issues uio: uio_dmem_genirq: Fix deadlock between irq config and handling uio: uio_dmem_genirq: Fix missing unlock in irq configuration vfio: platform: Do not pass return buffer to ACPI _RST method drivers: dio: fix possible memory leak in dio_init() IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces hwrng: geode - Fix PCI device refcount leak hwrng: amd - Fix PCI device refcount leak crypto: img-hash - Fix variable dereferenced before check 'hdev->req' orangefs: Fix sysfs not cleanup when dev init failed scsi: snic: Fix possible UAF in snic_tgt_create() scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails scsi: ipr: Fix WARNING in ipr_init() scsi: fcoe: Fix possible name leak when device_register() fails scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() scsi: hpsa: Fix error handling in hpsa_add_sas_host() stmmac: fix potential division by 0 Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() ntb_netdev: Use dev_kfree_skb_any() in interrupt context net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave() hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave() net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave() net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave() net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave() net/tunnel: wait until all sk_user_data reader finish before releasing the sock net: farsync: Fix kmemleak when rmmods farsync ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave() drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() net: defxx: Fix missing err handling in dfx_init() net: vmw_vsock: vmci: Check memcpy_from_msg() blktrace: Fix output non-blktrace event when blk_classic option enabled wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h media: coda: Add check for kmalloc media: coda: Add check for dcoda_iram_alloc media: c8sectpfe: Add of_node_put() when breaking out of loop mmc: mmci: fix return value check of mmc_add_host() mmc: wbsd: fix return value check of mmc_add_host() mmc: via-sdmmc: fix return value check of mmc_add_host() mmc: vub300: fix return value check of mmc_add_host() mmc: toshsd: fix return value check of mmc_add_host() mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc: mxcmmc: fix return value check of mmc_add_host() mmc: moxart: fix return value check of mmc_add_host() SUNRPC: Fix missing release socket in rpc_sockname() ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt media: saa7164: fix missing pci_disable_device() regulator: core: fix module refcount leak in set_supply() bonding: uninitialized variable in bond_miimon_inspect() ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() ALSA: asihpi: fix missing pci_disable_device() NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn NFSv4.2: Fix a memory stomp in decode_attr_security_label media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() pinctrl: pinconf-generic: add missing of_node_put() media: imon: fix a race condition in send_packet() mtd: maps: pxa2xx-flash: fix memory leak in probe clk: rockchip: Fix memory leak in rockchip_clk_register_pll() ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT HID: hid-sensor-custom: set fixed size for custom attributes media: platform: exynos4-is: Fix error handling in fimc_md_init() media: solo6x10: fix possible memory leak in solo_sysfs_init() Input: elants_i2c - properly handle the reset GPIO when power is off mtd: lpddr2_nvm: Fix possible null-ptr-deref wifi: ath10k: Fix return value in ath10k_pci_init() ima: Fix misuse of dereference of pointer in template_desc_init_fields() regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() ASoC: pxa: fix null-pointer dereference in filter() mtd: Fix device name leak when register device failed in add_mtd_device() media: vivid: fix compose size exceed boundary media: i2c: ad5820: Fix error path wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() rapidio: devices: fix missing put_device in mport_cdev_open hfs: Fix OOB Write in hfs_asc2mac eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD rapidio: fix possible UAF when kfifo_alloc() fails fs: sysv: Fix sysv_nblocks() returns wrong value MIPS: BCM63xx: Add check for NULL for clk in clk_enable x86/xen: Fix memory leak in xen_init_lock_cpu() uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() rapidio: rio: fix possible name leak in rio_register_mport() rapidio: fix possible name leaks when rio_add_device() fails lib/notifier-error-inject: fix error when writing -errno to debugfs file libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() PNP: fix name memory leak in pnp_alloc_dev() MIPS: vpe-cmp: fix possible memory leak while module exiting MIPS: vpe-mt: fix possible memory leak while module exiting ocfs2: fix memory leak in ocfs2_stack_glue_init() timerqueue: Use rb_entry_safe() in timerqueue_getnext() perf: Fix possible memleak in pmu_dev_alloc() fs: don't audit the capability check in simple_xattr_list() PM: hibernate: Fix mistake in kerneldoc comment alpha: fix syscall entry in !AUDUT_SYSCALL case cpuidle: dt: Return the correct numbers of parsed idle states pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP ARM: mmp: fix timer_read delay ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe arm: dts: spear600: Fix clcd interrupt drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static net: loopback: use NET_NAME_PREDICTABLE for name_assign_type Bluetooth: L2CAP: Fix u8 overflow USB: serial: cp210x: add Kamstrup RF sniffer PIDs usb: gadget: uvc: Prevent buffer overflow in setup handler udf: Fix extending file within last block udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size udf: Fix preallocation discarding at indirect extent boundary udf: Drop unused arguments of udf_delete_aext() udf: Discard preallocation before extending file with a hole ASoC: ops: Correct bounds check for second channel on SX controls can: sja1000: fix size of OCR_MODE_MASK define ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() block: unhash blkdev part inode when the part is deleted mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths mm/khugepaged: fix GUP-fast interaction by sending IPI Change-Id: I64c8371e754e29bd7633756d85a5e8d5721939b6 |
||
|
Greg Kroah-Hartman
|
7e6dfb2786 |
Merge 4.9.337 into android-4.9-q
Changes in 4.9.337
mm/khugepaged: fix GUP-fast interaction by sending IPI
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
block: unhash blkdev part inode when the part is deleted
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
can: sja1000: fix size of OCR_MODE_MASK define
ASoC: ops: Correct bounds check for second channel on SX controls
udf: Discard preallocation before extending file with a hole
udf: Drop unused arguments of udf_delete_aext()
udf: Fix preallocation discarding at indirect extent boundary
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix extending file within last block
usb: gadget: uvc: Prevent buffer overflow in setup handler
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
Bluetooth: L2CAP: Fix u8 overflow
net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
arm: dts: spear600: Fix clcd interrupt
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: mmp: fix timer_read delay
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
cpuidle: dt: Return the correct numbers of parsed idle states
alpha: fix syscall entry in !AUDUT_SYSCALL case
PM: hibernate: Fix mistake in kerneldoc comment
fs: don't audit the capability check in simple_xattr_list()
perf: Fix possible memleak in pmu_dev_alloc()
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
ocfs2: fix memory leak in ocfs2_stack_glue_init()
MIPS: vpe-mt: fix possible memory leak while module exiting
MIPS: vpe-cmp: fix possible memory leak while module exiting
PNP: fix name memory leak in pnp_alloc_dev()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs file
rapidio: fix possible name leaks when rio_add_device() fails
rapidio: rio: fix possible name leak in rio_register_mport()
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
x86/xen: Fix memory leak in xen_init_lock_cpu()
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
fs: sysv: Fix sysv_nblocks() returns wrong value
rapidio: fix possible UAF when kfifo_alloc() fails
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
hfs: Fix OOB Write in hfs_asc2mac
rapidio: devices: fix missing put_device in mport_cdev_open
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
media: i2c: ad5820: Fix error path
media: vivid: fix compose size exceed boundary
mtd: Fix device name leak when register device failed in add_mtd_device()
ASoC: pxa: fix null-pointer dereference in filter()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
wifi: ath10k: Fix return value in ath10k_pci_init()
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Input: elants_i2c - properly handle the reset GPIO when power is off
media: solo6x10: fix possible memory leak in solo_sysfs_init()
media: platform: exynos4-is: Fix error handling in fimc_md_init()
HID: hid-sensor-custom: set fixed size for custom attributes
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
mtd: maps: pxa2xx-flash: fix memory leak in probe
media: imon: fix a race condition in send_packet()
pinctrl: pinconf-generic: add missing of_node_put()
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
ALSA: asihpi: fix missing pci_disable_device()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
bonding: uninitialized variable in bond_miimon_inspect()
regulator: core: fix module refcount leak in set_supply()
media: saa7164: fix missing pci_disable_device()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
SUNRPC: Fix missing release socket in rpc_sockname()
mmc: moxart: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: mmci: fix return value check of mmc_add_host()
media: c8sectpfe: Add of_node_put() when breaking out of loop
media: coda: Add check for dcoda_iram_alloc
media: coda: Add check for kmalloc
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
blktrace: Fix output non-blktrace event when blk_classic option enabled
net: vmw_vsock: vmci: Check memcpy_from_msg()
net: defxx: Fix missing err handling in dfx_init()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
net: farsync: Fix kmemleak when rmmods farsync
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
stmmac: fix potential division by 0
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: snic: Fix possible UAF in snic_tgt_create()
orangefs: Fix sysfs not cleanup when dev init failed
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
hwrng: amd - Fix PCI device refcount leak
hwrng: geode - Fix PCI device refcount leak
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
drivers: dio: fix possible memory leak in dio_init()
vfio: platform: Do not pass return buffer to ACPI _RST method
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
usb: fotg210-udc: Fix ages old endianness issues
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
serial: amba-pl011: avoid SBSA UART accessing DMACR register
serial: pch: Fix PCI device refcount leak in pch_request_dma()
serial: sunsab: Fix error handling in sunsab_init()
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
drivers: mcb: fix resource leak in mcb_probe()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
chardev: fix error handling in cdev_device_add()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
vme: Fix error not catched in fake_init()
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
usb: storage: Add check for kcalloc
fbdev: ssd1307fb: Drop optional dependency
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: via: Fix error in via_core_init()
fbdev: vermilion: decrease reference count in error path
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
HSI: omap_ssi_core: Fix error handling in ssi_init()
include/uapi/linux/swab: Fix potentially missing __always_inline
rtc: snvs: Allow a time difference on clock register read
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
macintosh: fix possible memory leak in macio_add_one_device()
macintosh/macio-adb: check the return value of ioremap()
powerpc/52xx: Fix a resource leak in an error handling path
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/hv-gpci: Fix hv_gpci event list
selftests/powerpc: Fix resource leaks
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfc: pn533: Clear nfc_target before being used
r6040: Fix kmemleak in probe and remove
openvswitch: Fix flow lookup to use unmasked key
skbuff: Account for tail adjustment during pull operations
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
myri10ge: Fix an error handling path in myri10ge_probe()
net: stream: purge sk_error_queue in sk_stream_kill_queues()
binfmt_misc: fix shift-out-of-bounds in check_special_flags
fs: jfs: fix shift-out-of-bounds in dbAllocAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
ACPICA: Fix error code path in acpi_ds_call_control_method()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
acct: fix potential integer overflow in encode_comp_t()
hfs: fix OOB Read in __hfs_brec_find
wifi: ath9k: verify the expected usb_endpoints are present
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
ipmi: fix memleak when unload ipmi driver
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
igb: Do not free q_vector unless new one was allocated
s390/ctcm: Fix return type of ctc{mp,}m_tx()
s390/netiucv: Fix return type of netiucv_tx()
s390/lcs: Fix return type of lcs_start_xmit()
drm/sti: Use drm_mode_copy()
md/raid1: stop mdx_raid1 thread when raid1 array run failed
mrp: introduce active flags to prevent UAF when applicant uninit
ppp: associate skb with a device at tx
media: dvb-frontends: fix leak of memory fw
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
blk-mq: fix possible memleak when register 'hctx' failed
mmc: f-sdh30: Add quirks for broken timeout clock capability
media: si470x: Fix use-after-free in si470x_int_in_callback()
clk: st: Fix memory leak in st_of_quadfs_setup()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: rt5670: Remove unbalanced pm_runtime_put()
HID: wacom: Ensure bootloader PID is usable in hidraw mode
reiserfs: Add missing calls to reiserfs_security_free()
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
gcov: add support for checksum field
powerpc/rtas: avoid scheduling in rtas_os_term()
HID: plantronics: Additional PIDs for double volume key presses quirk
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
ALSA: line6: correct midi status byte when receiving data from podxt
ALSA: line6: fix stack overflow in line6_midi_transmit
pnode: terminate at peers of source
md: fix a crash in mempool_free
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
media: stv0288: use explicitly signed char
ktest.pl minconfig: Unset configs instead of just removing them
ARM: ux500: do not directly dereference __iomem
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
dm thin: Use last transaction's pmd->root when commit failed
dm thin: Fix UAF in run_timer_softirq()
dm cache: Fix UAF in destroy()
dm cache: set needs_check flag after aborting metadata
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
media: dvb-core: Fix double free in dvb_register_device()
cifs: fix confusing debug message
PCI/sysfs: Fix double free in error path
crypto: n2 - add missing hash statesize
iommu/amd: Fix ivrs_acpihid cmdline parsing code
parisc: led: Fix potential null-ptr-deref in start_task()
device_cgroup: Roll back to original exceptions after copy failure
drm/connector: send hotplug uevent on connector cleanup
drm/vmwgfx: Validate the box size for the snooped cursor
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix error code return to user-space in ext4_get_branch()
ext4: avoid BUG_ON when creating xattrs
ext4: initialize quota before expanding inode in setproject ioctl
Linux 4.9.337
Change-Id: I923e3fef499ae1688b25c70a1a805b55a9f4f027
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Yang Jihong
|
61d589b402 |
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
commit c1ac03af6ed45d05786c219d102f37eb44880f28 upstream.
print_trace_line may overflow seq_file buffer. If the event is not
consumed, the while loop keeps peeking this event, causing a infinite loop.
Link: https://lkml.kernel.org/r/20221129113009.182425-1-yangjihong1@huawei.com
Cc: Masami Hiramatsu <mhiramat@kernel.org>
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Michael Bestas
|
87cf1c2fc1 |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* common/android-4.9-q:
Linux 4.9.321
swiotlb: skip swiotlb_bounce when orig_addr is zero
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
fdt: Update CRC check for rng-seed
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
drm: remove drm_fb_helper_modinit
powerpc/pseries: wire up rng during setup_arch()
modpost: fix section mismatch check for exported init/exit sections
ARM: cns3xxx: Fix refcount leak in cns3xxx_init
ARM: Fix refcount leak in axxia_boot_secondary
ARM: exynos: Fix refcount leak in exynos_map_pmu
ARM: dts: imx6qdl: correct PU regulator ramp delay
powerpc: Enable execve syscall exit tracepoint
xtensa: Fix refcount leak bug in time.c
xtensa: xtfpga: Fix refcount leak bug in setup
iio: trigger: sysfs: fix use-after-free on remove
iio: accel: mma8452: ignore the return value of reset operation
iio:accel:bma180: rearrange iio trigger get and register
usb: chipidea: udc: check request status before setting device address
iio: adc: vf610: fix conversion mode sysfs node name
igb: Make DMA faster when CPU is active on the PCIe link
MIPS: Remove repetitive increase irq_err_count
x86/xen: Remove undefined behavior in setup_features()
bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
USB: serial: option: add Telit LE910Cx 0x1250 composition
random: quiet urandom warning ratelimit suppression message
dm era: commit metadata in postsuspend after worker stops
ata: libata: add qc->flags in ata_qc_complete_template tracepoint
random: schedule mix_interrupt_randomness() less often
vt: drop old FONT ioctls
BACKPORT: l2tp: fix race in pppol2tp_release with session object destroy
BACKPORT: l2tp: don't use inet_shutdown on ppp session destroy
Linux 4.9.320
tcp: drop the hash_32() part from the index calculation
tcp: increase source port perturb table to 2^16
tcp: dynamically allocate the perturb table used by source ports
tcp: add small random increments to the source port
tcp: use different parts of the port_offset for index and offset
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: add some entropy in __inet_hash_connect()
tcp: change source port randomizarion at connect() time
fuse: fix pipe buffer lifetime for direct_io
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
swiotlb: fix info leak with DMA_FROM_DEVICE
xprtrdma: fix incorrect header size calculations
s390/mm: use non-quiescing sske for KVM switch to keyed guest
l2tp: fix race in pppol2tp_release with session object destroy
l2tp: don't use inet_shutdown on ppp session destroy
ext4: add reserved GDT blocks check
ext4: make variable "count" signed
ext4: fix bug_on ext4_mb_use_inode_pa
serial: 8250: Store to lsr_save_flags after lsr read
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
USB: serial: io_ti: add Agilent E5805A support
USB: serial: option: add support for Cinterion MV31 with new baseline
comedi: vmk80xx: fix expression for tx buffer size
irqchip/gic-v3: Iterate over possible CPUs by for_each_possible_cpu()
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
misc: atmel-ssc: Fix IRQ check in ssc_probe
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
random: credit cpu and bootloader seeds by default
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
ASoC: wm8962: Fix suspend while playing music
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Fix TLV scales for mixer controls
random: account for arch randomness in bits
random: mark bootloader randomness code as __init
random: avoid checking crng_ready() twice in random_init()
crypto: drbg - make reseeding from get_random_bytes() synchronous
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - add FIPS 140-2 CTRNG for noise source
Revert "random: use static branch for crng_ready()"
random: check for signals after page of pool writes
random: wire up fops->splice_{read,write}_iter()
random: convert to using fops->write_iter()
random: move randomize_page() into mm where it belongs
random: move initialization functions out of hot pages
random: use proper return types on get_random_{int,long}_wait()
random: remove extern from functions in header
random: use static branch for crng_ready()
random: credit architectural init the exact amount
random: handle latent entropy and command line from random_init()
random: use proper jiffies comparison macro
random: remove ratelimiting for in-kernel unseeded randomness
random: avoid initializing twice in credit race
random: use symbolic constants for crng_init states
siphash: use one source of truth for siphash permutations
random: help compiler out with fast_mix() by using simpler arguments
random: do not use input pool from hard IRQs
random: order timer entropy functions below interrupt functions
random: do not pretend to handle premature next security model
random: do not use batches when !crng_ready()
random: insist on random_get_entropy() existing in order to simplify
uapi: rename ext2_swab() to swab() and share globally in swab.h
xtensa: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
arm: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
m68k: use fallback for random_get_entropy() instead of zero
timekeeping: Add raw clock fallback for random_get_entropy()
powerpc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
ia64: define get_cycles macro for arch-override
init: call time_init() before rand_initialize()
random: fix sysctl documentation nits
random: document crng_fast_key_erasure() destination possibility
random: make random_get_entropy() return an unsigned long
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: check for signal_pending() outside of need_resched() check
random: do not allow user to keep crng key around on stack
random: do not split fast init input in add_hwgenerator_randomness()
random: mix build-time latent entropy into pool at init
random: re-add removed comment about get_random_{u32,u64} reseeding
random: treat bootloader trust toggle the same way as cpu trust toggle
random: skip fast_init if hwrng provides large chunk of entropy
random: check for signal and try earlier when generating entropy
random: reseed more often immediately after booting
random: make consistent usage of crng_ready()
random: use SipHash as interrupt entropy accumulator
random: replace custom notifier chain with standard one
random: don't let 644 read-only sysctls be written to
random: give sysctl_random_min_urandom_seed a more sensible value
random: do crng pre-init loading in worker rather than irq
random: unify cycles_t and jiffies usage and types
random: cleanup UUID handling
random: only wake up writers after zap if threshold was passed
random: round-robin registers as ulong, not u32
random: clear fast pool, crng, and batches in cpuhp bring up
random: pull add_hwgenerator_randomness() declaration into random.h
hwrng: remember rng chosen by user
hwrng: use rng source with best quality
hwrng: core - remove unused PFX macro
hwrng: core - Move hwrng miscdev minor number to include/linux/miscdevice.h
hwrng: core - Rewrite the header
hwrng: core - rewrite better comparison to NULL
hwrng: core - do not use multiple blank lines
random: check for crng_init == 0 in add_device_randomness()
random: unify early init crng load accounting
random: do not take pool spinlock at boot
random: defer fast pool mixing to worker
workqueue: make workqueue available early during boot
random: rewrite header introductory comment
random: group sysctl functions
random: group userspace read/write functions
random: group entropy collection functions
random: group entropy extraction functions
random: group initialization wait functions
random: remove whitespace and reorder includes
random: remove useless header comment
random: introduce drain_entropy() helper to declutter crng_reseed()
random: deobfuscate irq u32/u64 contributions
random: add proper SPDX header
random: remove unused tracepoints
random: remove ifdef'd out interrupt bench
random: tie batched entropy generation to base_crng generation
random: zero buffer after reading entropy from userspace
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: use hash function for crng_slow_load()
random: absorb fast pool into input pool after fast load
random: do not xor RDRAND when writing into /dev/random
random: ensure early RDSEED goes through mixer on init
random: inline leaves of rand_initialize()
random: use RDSEED instead of RDRAND in entropy extraction
random: fix locking in crng_fast_load()
random: remove batched entropy locking
random: remove use_input_pool parameter from crng_reseed()
random: make credit_entropy_bits() always safe
random: always wake up entropy writers after extraction
random: use linear min-entropy accumulation crediting
random: simplify entropy debiting
random: use computational hash for entropy extraction
random: only call crng_finalize_init() for primary_crng
random: access primary_pool directly rather than through pointer
random: continually use hwgenerator randomness
random: simplify arithmetic function flow in account()
random: access input_pool_data directly rather than through pointer
random: cleanup fractional entropy shift constants
random: prepend remaining pool constants with POOL_
random: de-duplicate INPUT_POOL constants
random: remove unused OUTPUT_POOL constants
random: rather than entropy_store abstraction, use global
random: try to actively add entropy rather than passively wait for it
random: remove unused extract_entropy() reserved argument
random: remove incomplete last_data logic
random: cleanup integer types
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup poolinfo abstraction
random: fix typo in comments
random: don't reset crng_init_cnt on urandom_read()
random: avoid superfluous call to RDRAND in CRNG extraction
random: early initialization of ChaCha constants
random: initialize ChaCha20 constants with correct endianness
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: harmonize "crng init done" messages
random: mix bootloader randomness into pool
random: do not re-init if crng_reseed completes before primary init
random: do not sign extend bytes for rotation when mixing
random: use BLAKE2s instead of SHA1 in extraction
random: remove unused irq_flags argument from add_interrupt_randomness()
random: document add_hwgenerator_randomness() with other input functions
crypto: blake2s - adjust include guard naming
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
MAINTAINERS: co-maintain random.c
random: remove dead code left over from blocking pool
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: add arch_get_random_*long_early()
powerpc: Use bool in archrandom.h
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
linux/random.h: Use false with bool
linux/random.h: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
x86: Remove arch_has_random, arch_has_random_seed
random: avoid warnings for !CONFIG_NUMA builds
random: split primary/secondary crng init paths
random: remove some dead code of poolinfo
random: fix typo in add_timer_randomness()
random: Add and use pr_fmt()
random: convert to ENTROPY_BITS for better code readability
random: remove unnecessary unlikely()
random: remove kernel.random.read_wakeup_threshold
random: delete code to pull data into pools
random: remove the blocking pool
random: fix crash on multiple early calls to add_bootloader_randomness()
random: make /dev/random be almost like /dev/urandom
random: ignore GRND_RANDOM in getentropy(2)
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: Add a urandom_read_nowait() for random APIs that don't warn
random: Don't wake crng_init_wait when crng_init == 1
lib/crypto: sha1: re-roll loops to reduce code size
lib/crypto: blake2s: move hmac construction into wireguard
crypto: blake2s - generic C library implementation and selftest
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
Revert "hwrng: core - Freeze khwrng thread during suspend"
char/random: Add a newline at the end of the file
random: Use wait_event_freezable() in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Support freezable kthreads in add_hwgenerator_randomness()
random: fix soft lockup when trying to read from an uninitialized blocking pool
latent_entropy: avoid build error when plugin cflags are not set
random: document get_random_int() family
random: move rand_initialize() earlier
random: only read from /dev/random after its pool has received 128 bits
drivers/char/random.c: make primary_crng static
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: constify poolinfo_table
random: make CPU trust a boot parameter
random: Make crng state queryable
random: remove preempt disabled region
random: add a config option to trust the CPU's hwrng
random: Return nbytes filled from hw RNG
random: Fix whitespace pre random-bytes work
drivers/char/random.c: remove unused dont_count_entropy
random: optimize add_interrupt_randomness
random: always fill buffer in get_random_bytes_wait
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: fix data race on crng_node_pool
random: always use batched entropy for get_random_u{32,64}
Revert "char/random: silence a lockdep splat with printk()"
char/random: silence a lockdep splat with printk()
random: add a spinlock_t to struct batched_entropy
random: rate limit unseeded randomness warnings
random: fix possible sleeping allocation from irq context
random: set up the NUMA crng instances after the CRNG is fully initialized
random: use a different mixing algorithm for add_device_randomness()
random: fix warning message on ia64 and parisc
random: reorder READ_ONCE() in get_random_uXX
random: suppress spammy warnings about unseeded randomness
random: do not ignore early device randomness
random: warn when kernel uses unseeded randomness
random: add get_random_{bytes,u32,u64,int,long,once}_wait family
random: add wait_for_random_bytes() API
random: silence compiler warnings and fix race
random: invalidate batched entropy after crng init
random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block
random: convert get_random_int/long into get_random_u32/u64
random: fix comment for unused random_min_urandom_seed
random: remove variable limit
random: remove stale urandom_init_wait
random: remove stale maybe_reseed_primary_crng
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
Linux 4.9.319
x86/speculation/mmio: Print SMT warning
KVM: x86/speculation: Disable Fill buffer clear within guests
x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
x86/speculation/srbds: Update SRBDS mitigation selection
x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
x86/speculation: Add a common function for MD_CLEAR mitigation update
x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
Documentation: Add documentation for Processor MMIO Stale Data
x86/cpu: Add another Alder Lake CPU to the Intel family
x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
x86/cpu: Add Comet Lake to the Intel CPU models header
x86/CPU: Add more Icelake model numbers
x86/CPU: Add Icelake model number
x86/cpu: Add Cannonlake to Intel family
x86/cpu: Add Jasper Lake to Intel family
cpu/speculation: Add prototype for cpu_show_srbds()
x86/cpu: Add Elkhart Lake to Intel family
ANDROID: arch: fix backported syscall numbers
Linux 4.9.318
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
PCI: qcom: Fix unbalanced PHY init on probe errors
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
cifs: return errors during session setup during reconnects
ALSA: hda/conexant - Fix loopback issue with CX20632
vringh: Fix loop descriptors check in the indirect cases
nodemask: Fix return values to be unsigned
modpost: fix undefined behavior of is_arm_mapping_symbol()
drm/radeon: fix a possible null pointer dereference
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
md: protect md_unregister_thread from reentrancy
serial: msm_serial: disable interrupts in __msm_console_write()
staging: rtl8712: fix uninit-value in r871xu_drv_init()
clocksource/drivers/sp804: Avoid error on multiple instances
misc: rtsx: set NULL intfdata when probe fails
usb: dwc2: gadget: don't reset gadget's driver->bus
USB: hcd-pci: Fully suspend across freeze/thaw cycle
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
tty: Fix a possible resource leak in icom_probe
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
lkdtm/usercopy: Expand size of "out of frame" object
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
net: altera: Fix refcount leak in altera_tse_mdio_create
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
net: fix nla_strcmp to handle more then one trailing null character
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
m68knommu: fix undefined reference to `_init_sp'
m68knommu: set ZERO_PAGE() to the allocated zeroed page
i2c: cadence: Increase timeout per message if necessary
tracing: Avoid adding tracer option before update_tracer_options
tcp: tcp_rtx_synack() can be called from process context
jffs2: fix memory leak in jffs2_do_fill_super
modpost: fix removing numeric suffixes
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: sh-sci: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: digicolor-usart: Don't allow CS5-6
serial: meson: acquire port->lock in startup()
rtc: mt6397: check return value after calling platform_get_resource()
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
pwm: lp3943: Fix duty calculation in case period was clamped
USB: storage: karma: fix rio_karma_init return
usb: usbip: add missing device lock on tweak configuration cmd
usb: usbip: fix a refcount leak in stub_probe()
staging: greybus: codecs: fix type confusion of list iterator variable
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
netfilter: nf_tables: disallow non-stateful expression in sets earlier
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
RDMA/rxe: Generate a completion for unsupported/invalid opcode
dt-bindings: gpio: altera: correct interrupt-cells
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
gma500: fix an incorrect NULL check on list iterator
carl9170: tx: fix an incorrect use of list iterator
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
rtl818x: Prevent using not initialized queues
hugetlb: fix huge_pmd_unshare address update
nodemask.h: fix compilation error with GCC12
iommu/msm: Fix an incorrect NULL check on list iterator
um: Fix out-of-bounds read in LDT setup
um: chan_user: Fix winch_tramp() return value
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
irqchip: irq-xtensa-mx: fix initial IRQ affinity
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
RDMA/hfi1: Fix potential integer multiplication overflow errors
md: fix an incorrect NULL check in md_reload_sb
md: fix an incorrect NULL check in does_sb_need_changing
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
scsi: dc395x: Fix a missing check on list iterator
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
dlm: fix missing lkb refcount handling
dlm: fix plock invalid read
ext4: verify dir block before splitting it
ext4: fix bug_on in ext4_writepages
ext4: fix use-after-free in ext4_rename_dir_prepare
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
iwlwifi: mvm: fix assert 1F04 upon reconfig
wifi: mac80211: fix use-after-free in chanctx code
iommu/amd: Increase timeout waiting for GA log enablement
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
Input: sparcspkr - fix refcount leak in bbc_beep_probe
tty: fix deadlock caused by calling printk() under tty_port->lock
powerpc/4xx/cpm: Fix return value of __setup() handler
powerpc/idle: Fix return value of __setup() handler
powerpc/8xx: export 'cpm_setbrg' for modules
drivers/base/node.c: fix compaction sysfs file leak
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix listen() setting the bar too high for the prealloc rings
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
m68k: math-emu: Fix dependencies of math emulation support
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: exynos4-is: Change clk_disable to clk_disable_unprepare
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
media: uvcvideo: Fix missing check to determine if element is found in list
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
x86/pm: Fix false positive kmemleak report in msr_build_context()
inotify: show inotify mask flags in proc fdinfo
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
spi: img-spfi: Fix pm_runtime_get_sync() error checking
HID: hid-led: fix maximum brightness for Dream Cheeky
NFC: NULL out the dev->rfkill to prevent UAF
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
drm/mediatek: Fix mtk_cec_mask()
x86/delay: Fix the wrong asm constraint in delay_loop()
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
drm: fix EDID struct for old ARM OABI format
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
powerpc/xics: fix refcount leak in icp_opal_init()
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
ARM: hisi: Add missing of_node_put after of_find_compatible_node
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: versatile: Add missing of_node_put in dcscb_init
fat: add ratelimit to fat*_ent_bread()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fs: jfs: fix possible NULL pointer dereference in dbFree()
eth: tg3: silence the GCC 12 array-bounds warning
rxrpc: Return an error to sendmsg if call failed
media: exynos4-is: Fix compile warning
ASoC: rt5645: Fix errorenous cleanup order
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
openrisc: start CPU timer early in boot
ipmi:ssif: Check for NULL msg when handling events and messages
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ASoC: dapm: Don't fold register value changes into notifications
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
drm/amd/pm: fix the compile warning
scsi: megaraid: Fix error check return value of register_chrdev()
media: cx25821: Fix the warning when removing the module
ath9k: fix QCA9561 PA bias level
drm/amd/pm: fix double free in si_parse_power_table()
ALSA: jack: Access input_dev under mutex
ACPICA: Avoid cache flush inside virtual machines
ipw2x00: Fix potential NULL dereference in libipw_xmit()
b43: Fix assigning negative value to unsigned variable
b43legacy: Fix assigning negative value to unsigned variable
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
btrfs: add "0x" prefix for unsupported optional features
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
USB: new quirk for Dell Gen 2 devices
BACKPORT: psi: Fix uaf issue when psi trigger is destroyed while being polled
Conflicts:
drivers/char/Kconfig
drivers/char/random.c
fs/fat/fatent.c
include/linux/random.h
init/main.c
kernel/cpu.c
lib/Makefile
Change-Id: I06579fa22a0347a0d8d2fa32bd6b7b6b54db626f
|
||
|
Greg Kroah-Hartman
|
b6d1c4dd97 |
Merge 4.9.318 into android-4.9-q
Changes in 4.9.318
USB: new quirk for Dell Gen 2 devices
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
btrfs: add "0x" prefix for unsupported optional features
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
b43legacy: Fix assigning negative value to unsigned variable
b43: Fix assigning negative value to unsigned variable
ipw2x00: Fix potential NULL dereference in libipw_xmit()
ACPICA: Avoid cache flush inside virtual machines
ALSA: jack: Access input_dev under mutex
drm/amd/pm: fix double free in si_parse_power_table()
ath9k: fix QCA9561 PA bias level
media: cx25821: Fix the warning when removing the module
scsi: megaraid: Fix error check return value of register_chrdev()
drm/amd/pm: fix the compile warning
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
ASoC: dapm: Don't fold register value changes into notifications
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ipmi:ssif: Check for NULL msg when handling events and messages
openrisc: start CPU timer early in boot
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
ASoC: rt5645: Fix errorenous cleanup order
media: exynos4-is: Fix compile warning
rxrpc: Return an error to sendmsg if call failed
eth: tg3: silence the GCC 12 array-bounds warning
fs: jfs: fix possible NULL pointer dereference in dbFree()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fat: add ratelimit to fat*_ent_bread()
ARM: versatile: Add missing of_node_put in dcscb_init
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: hisi: Add missing of_node_put after of_find_compatible_node
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
powerpc/xics: fix refcount leak in icp_opal_init()
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
drm: fix EDID struct for old ARM OABI format
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
x86/delay: Fix the wrong asm constraint in delay_loop()
drm/mediatek: Fix mtk_cec_mask()
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
NFC: NULL out the dev->rfkill to prevent UAF
HID: hid-led: fix maximum brightness for Dream Cheeky
spi: img-spfi: Fix pm_runtime_get_sync() error checking
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
inotify: show inotify mask flags in proc fdinfo
x86/pm: Fix false positive kmemleak report in msr_build_context()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
media: uvcvideo: Fix missing check to determine if element is found in list
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
m68k: math-emu: Fix dependencies of math emulation support
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
rxrpc: Fix listen() setting the bar too high for the prealloc rings
rxrpc: Don't try to resend the request if we're receiving the reply
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
drivers/base/node.c: fix compaction sysfs file leak
powerpc/8xx: export 'cpm_setbrg' for modules
powerpc/idle: Fix return value of __setup() handler
powerpc/4xx/cpm: Fix return value of __setup() handler
tty: fix deadlock caused by calling printk() under tty_port->lock
Input: sparcspkr - fix refcount leak in bbc_beep_probe
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
iommu/amd: Increase timeout waiting for GA log enablement
wifi: mac80211: fix use-after-free in chanctx code
iwlwifi: mvm: fix assert 1F04 upon reconfig
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
ext4: fix use-after-free in ext4_rename_dir_prepare
ext4: fix bug_on in ext4_writepages
ext4: verify dir block before splitting it
dlm: fix plock invalid read
dlm: fix missing lkb refcount handling
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
scsi: dc395x: Fix a missing check on list iterator
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
md: fix an incorrect NULL check in does_sb_need_changing
md: fix an incorrect NULL check in md_reload_sb
RDMA/hfi1: Fix potential integer multiplication overflow errors
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
irqchip: irq-xtensa-mx: fix initial IRQ affinity
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
um: chan_user: Fix winch_tramp() return value
um: Fix out-of-bounds read in LDT setup
iommu/msm: Fix an incorrect NULL check on list iterator
nodemask.h: fix compilation error with GCC12
hugetlb: fix huge_pmd_unshare address update
rtl818x: Prevent using not initialized queues
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
carl9170: tx: fix an incorrect use of list iterator
gma500: fix an incorrect NULL check on list iterator
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
dt-bindings: gpio: altera: correct interrupt-cells
RDMA/rxe: Generate a completion for unsupported/invalid opcode
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
netfilter: nf_tables: disallow non-stateful expression in sets earlier
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
staging: greybus: codecs: fix type confusion of list iterator variable
usb: usbip: fix a refcount leak in stub_probe()
usb: usbip: add missing device lock on tweak configuration cmd
USB: storage: karma: fix rio_karma_init return
pwm: lp3943: Fix duty calculation in case period was clamped
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
rtc: mt6397: check return value after calling platform_get_resource()
serial: meson: acquire port->lock in startup()
serial: digicolor-usart: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: sh-sci: Don't allow CS5-6
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
modpost: fix removing numeric suffixes
jffs2: fix memory leak in jffs2_do_fill_super
tcp: tcp_rtx_synack() can be called from process context
tracing: Avoid adding tracer option before update_tracer_options
i2c: cadence: Increase timeout per message if necessary
m68knommu: set ZERO_PAGE() to the allocated zeroed page
m68knommu: fix undefined reference to `_init_sp'
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
net: fix nla_strcmp to handle more then one trailing null character
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
net: altera: Fix refcount leak in altera_tse_mdio_create
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
lkdtm/usercopy: Expand size of "out of frame" object
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
tty: Fix a possible resource leak in icom_probe
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
USB: hcd-pci: Fully suspend across freeze/thaw cycle
usb: dwc2: gadget: don't reset gadget's driver->bus
misc: rtsx: set NULL intfdata when probe fails
clocksource/drivers/sp804: Avoid error on multiple instances
staging: rtl8712: fix uninit-value in r871xu_drv_init()
serial: msm_serial: disable interrupts in __msm_console_write()
md: protect md_unregister_thread from reentrancy
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
drm/radeon: fix a possible null pointer dereference
modpost: fix undefined behavior of is_arm_mapping_symbol()
nodemask: Fix return values to be unsigned
vringh: Fix loop descriptors check in the indirect cases
ALSA: hda/conexant - Fix loopback issue with CX20632
cifs: return errors during session setup during reconnects
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
PCI: qcom: Fix unbalanced PHY init on probe errors
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
Linux 4.9.318
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2028f3dcd422886bf997ec7e1d2ae86515f1bfb9
|
||
|
Mark-PK Tsai
|
5b9cdc5947 |
tracing: Avoid adding tracer option before update_tracer_options
[ Upstream commit ef9188bcc6ca1d8a2ad83e826b548e6820721061 ] To prepare for support asynchronous tracer_init_tracefs initcall, avoid calling create_trace_option_files before __update_tracer_options. Otherwise, create_trace_option_files will show warning because some tracers in trace_types list are already in tr->topts. For example, hwlat_tracer call register_tracer in late_initcall, and global_trace.dir is already created in tracing_init_dentry, hwlat_tracer will be put into tr->topts. Then if the __update_tracer_options is executed after hwlat_tracer registered, create_trace_option_files find that hwlat_tracer is already in tr->topts. Link: https://lkml.kernel.org/r/20220426122407.17042-2-mark-pk.tsai@mediatek.com Link: https://lore.kernel.org/lkml/20220322133339.GA32582@xsang-OptiPlex-9020/ Reported-by: kernel test robot <oliver.sang@intel.com> Signed-off-by: Mark-PK Tsai <mark-pk.tsai@mediatek.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Michael Bestas
|
43cdebbc57 |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* common/android-4.9-q:
Linux 4.9.312
block/compat_ioctl: fix range check in BLKGETSIZE
ext4: force overhead calculation if the s_overhead_cluster makes no sense
ext4: fix overhead calculation to account for the reserved gdt blocks
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
ARC: entry: fix syscall_trace_exit argument
e1000e: Fix possible overflow in LTR decoding
ASoC: soc-dapm: fix two incorrect uses of list iterator
openvswitch: fix OOB access in reserve_sfa_size()
dma: at_xdmac: fix a missing check on list iterator
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
drm/msm/mdp5: check the return of kzalloc()
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
vxlan: fix error return code in vxlan_fdb_append
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
ARM: vexpress/spc: Avoid negative array index when !SMP
netlink: reset network and mac headers in netlink_dump()
net/packet: fix packet_sock xmit return value checking
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ALSA: usb-audio: Clear MIDI port active flag after draining
gfs2: assign rgrp glock before compute_bitstructs
mm: page_alloc: fix building error on -Werror=array-compare
etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
Linux 4.9.311
gcc-plugins: latent_entropy: use /dev/urandom
i2c: pasemi: Wait for write xfers to finish
smp: Fix offline cpu check in flush_smp_call_function_queue()
ARM: davinci: da850-evm: Avoid NULL pointer dereference
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
mm, page_alloc: fix build_zonerefs_node()
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: mvsas: Add PCI ID of RocketRaid 2640
gpu: ipu-v3: Fix dev_dbg frequency output
net: micrel: fix KS8851_MLL Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
drm/amdkfd: Check for potential null return of kmalloc_array()
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
veth: Ensure eth header is in skb's linear part
xfrm: policy: match with both mark and mask on user interfaces
arm64: module: remove (NOLOAD) from linker script
mm: don't skip swap entry even if zap_details specified
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
arm64: patch_text: Fixup last cpu should be master
x86/speculation: Restore speculation related MSRs during S3 resume
x86/pm: Save the MSR validity status at context setup
mm/mempolicy: fix mpol_new leak in shared_policy_replace
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
drbd: Fix five use after free bugs in get_initial_state
drm/imx: Fix memory leak in imx_pd_connector_get_modes
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
jfs: prevent NULL deref in diFree
virtio_console: eliminate anonymous module_init & module_exit
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
init/main.c: return 1 from handled __setup() functions
Bluetooth: Fix use after free in hci_send_acl
xtensa: fix DTC warning unit_address_format
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
scsi: libfc: Fix use after free in fc_exch_abts_resp()
MIPS: fix fortify panic when copying asm exception handlers
bnxt_en: Eliminate unintended link toggle during FW reset
scsi: aha152x: Fix aha152x_setup() __setup handler return value
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
dm ioctl: prevent potential spectre v1 gadget
iommu/arm-smmu-v3: fix event handling soft lockup
scsi: bfa: Replace snprintf() with sysfs_emit()
scsi: mvsas: Replace snprintf() with sysfs_emit()
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
ptp: replace snprintf with sysfs_emit
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
ARM: 9187/1: JIVE: fix return value of __setup handler
rtc: wm8350: Handle error for wm8350_register_irq
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
openvswitch: Fixed nd target mask field in the flow dump.
ARM: dts: spear13xx: Update SPI dma properties
ARM: dts: spear1340: Update serial node properties
ASoC: topology: Allow TLV control to be either read or write
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
mm/memcontrol: return 1 from cgroup.memory __setup() handler
mm/mmap: return 1 from stack_guard_gap __setup() handler
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
pinctrl: pinconf-generic: Print arguments for bias-pull-*
gfs2: Make sure FITRIM minlen is rounded up to fs block size
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
KVM: Prevent module exit until all VMs are freed
scsi: qla2xxx: Fix incorrect reporting of task management failure
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
video: fbdev: sm712fb: Fix crash in smtcfb_write()
ARM: mmp: Fix failure to remove sram device
ARM: tegra: tamonten: Fix I2C3 pad setting
media: cx88-mpeg: clear interrupt status register before streaming video
ASoC: soc-core: skip zero num_dai component in searching dai name
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
ARM: dts: bcm2837: Add the missing L1/L2 cache information
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: w100fb: Reset global state
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
ntfs: add sanity check on allocation size
ext4: don't BUG if someone dirty pages without asking ext4 first
spi: tegra20: Use of_device_get_match_data()
PM: core: keep irq flags in device_pm_check_callbacks()
ACPI/APEI: Limit printable size of BERT table data
ACPICA: Avoid walking the ACPI Namespace if it is not there
irqchip/nvic: Release nvic_base upon failure
Fix incorrect type in assignment of ipv6 port for audit
loop: use sysfs_emit() in the sysfs xxx show()
selinux: use correct type for context length
net/x25: Fix null-ptr-deref caused by x25_disconnect
qlcnic: dcb: default to returning -EOPNOTSUPP
net: phy: broadcom: Fix brcm_fet_config_init()
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
jfs: fix divide error in dbNextAG
kgdbts: fix return value of __setup handler
kgdboc: fix return value of __setup handler
tty: hvc: fix return value of __setup handler
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
NFS: remove unneeded check in decode_devicenotify_args()
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
clk: clps711x: Terminate clk_div_table with sentinel element
clk: loongson1: Terminate clk_div_table with sentinel element
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
clk: qcom: clk-rcg2: Update the frac table for pixel clock
iio: adc: Add check for devm_request_threaded_irq
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
mxser: fix xmit_buf leak in activate when LSR == 0xff
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
af_netlink: Fix shift out of bounds in group mask calculation
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
MIPS: RB532: fix return value of __setup handler
mfd: mc13xxx: Add check for mc13xxx_irq_request
powerpc/sysdev: fix incorrect use to determine if list is empty
power: supply: wm8350-power: Add missing free in free_charger_irq
power: supply: wm8350-power: Handle error for wm8350_register_irq
i2c: xiic: Make bus names unique
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
KVM: x86: Fix emulation in writing cr8
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
ext2: correct max file size computing
TOMOYO: fix __setup handlers return values
scsi: pm8001: Fix abort all task initialization
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
iwlwifi: Fix -EIO error code that is never returned
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
ray_cs: Check ioremap return value
ath9k_htc: fix uninit value bugs
drm/edid: Don't clear formats if using deep color
mtd: onenand: Check for error irq
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
ASoC: fsi: Add check for clk_enable
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
memory: emif: check the pointer temp in get_device_details()
memory: emif: Add check for setup_interrupts
ASoC: atmel_ssc_dai: Handle errors for clk_enable
ASoC: mxs-saif: Handle errors for clk_enable
printk: fix return value of printk.devkmsg __setup handler
arm64: dts: broadcom: Fix sata nodename
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
ALSA: spi: Add check for clk_enable()
ASoC: ti: davinci-i2s: Add check for clk_enable()
media: usb: go7007: s2250-board: fix leak in probe()
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
ARM: dts: qcom: ipq4019: fix sleep clock
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
perf/core: Fix address filter parser for multiple filters
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
clocksource: acpi_pm: fix return value of __setup handler
hwmon: (pmbus) Add Vin unit off handling
crypto: ccp - ccp_dmaengine_unregister release dma channels
crypto: vmx - add missing dependencies
PM: suspend: fix return value of __setup handler
PM: hibernate: fix __setup handler error handling
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
hwmon: (pmbus) Add mutex to regulator ops
selftests/x86: Add validity check and allow field splitting
spi: tegra114: Add missing IRQ check in tegra_spi_probe
crypto: mxs-dcp - Fix scatterlist processing
crypto: authenc - Fix sleep in atomic context in decrypt_tail
PCI: pciehp: Clear cmd_busy bit in polling mode
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
brcmfmac: firmware: Allocate space for default boardrev in nvram
media: davinci: vpif: fix unbalanced runtime PM get
DEC: Limit PMAX memory probing to R3k systems
lib/raid6/test: fix multiple definition linking error
thermal: int340x: Increase bitmap size
carl9170: fix missing bit-wise or operator for tx_params
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
video: fbdev: sm712fb: Fix crash in smtcfb_read()
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
ALSA: cs4236: fix an incorrect NULL check on list iterator
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
mempolicy: mbind_range() set_policy() after vma_merge()
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
jffs2: fix memory leak in jffs2_scan_medium
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
NFSD: prevent underflow in nfssvc_decode_writeargs()
SUNRPC: avoid race between mod_timer() and del_timer_sync()
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
clk: uniphier: Fix fixed-rate initialization
iio: inkern: make a best effort on offset calculation
iio: inkern: apply consumer scale on IIO_VAL_INT cases
coresight: Fix TRCCONFIGR.QE sysfs interface
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
virtio-blk: Use blk_validate_block_size() to validate block size
block: Add a helper to validate the block size
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
ethernet: sun: Free the coherent when failing in probing
virtio_console: break out of buf poll on remove
netdevice: add the case if dev is NULL
USB: serial: simple: add Nokia phone driver
USB: serial: pl2303: add IBM device IDs
Linux 4.9.310
arm64: Use the clearbhb instruction in mitigations
arm64: add ID_AA64ISAR2_EL1 sys register
KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
arm64: Mitigate spectre style branch history side channels
KVM: arm64: Add templates for BHB mitigation sequences
arm64: Add percpu vectors for EL1
arm64: entry: Add macro for reading symbol addresses from the trampoline
arm64: entry: Add vectors that have the bhb mitigation sequences
arm64: Move arm64_update_smccc_conduit() out of SSBD ifdef
arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
arm64: entry: Allow the trampoline text to occupy multiple pages
arm64: entry: Make the kpti trampoline's kpti sequence optional
arm64: entry: Move trampoline macros out of ifdef'd section
arm64: entry: Don't assume tramp_vectors is the start of the vectors
arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
arm64: entry: Move the trampoline data page before the text page
arm64: entry: Free up another register on kpti's tramp_exit path
arm64: entry: Make the trampoline cleanup optional
arm64: entry.S: Add ventry overflow sanity checks
arm64: Add helper to decode register from instruction
arm64: Add Cortex-X2 CPU part definition
arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
arm64: Add part number for Arm Cortex-A77
arm64: Add part number for Neoverse N1
arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT
arm64: Add silicon-errata.txt entry for ARM erratum 1188873
arm64: arch_timer: avoid unused function warning
arm64: arch_timer: Add workaround for ARM erratum 1188873
arm64: arch_timer: Add erratum handler for CPU-specific capability
arm64: arch_timer: Add infrastructure for multiple erratum detection methods
clocksource/drivers/arm_arch_timer: Introduce generic errata handling infrastructure
clocksource/drivers/arm_arch_timer: Remove fsl-a008585 parameter
arm64: capabilities: Add support for checks based on a list of MIDRs
arm64: Add helpers for checking CPU MIDR against a range
arm64: capabilities: Clean up midr range helpers
arm64: capabilities: Add flags to handle the conflicts on late CPU
arm64: capabilities: Prepare for fine grained capabilities
arm64: capabilities: Move errata processing code
arm64: capabilities: Move errata work around check on boot CPU
arm64: capabilities: Update prototype for enable call back
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
arm64: Remove useless UAO IPI and describe how this gets enabled
arm64: errata: Provide macro for major and minor cpu revisions
Linux 4.9.309
llc: only change llc->dev when bind() succeeds
mac80211: fix potential double free on mesh join
crypto: qat - disable registration of algorithms
ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
netfilter: nf_tables: initialize registers in nft_do_chain()
ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
ALSA: cmipci: Restore aux vol on suspend/resume
ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
ALSA: pcm: Add stream lock during PCM reset ioctl operations
llc: fix netdevice reference leaks in llc_ui_bind()
staging: fbtft: fb_st7789v: reset display before initialization
net: ipv6: fix skb_over_panic in __ip6_append_data
nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
Linux 4.9.308
Input: aiptek - properly check endpoint type
usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
usb: gadget: rndis: prevent integer overflow in rndis_set_response()
atm: eni: Add check for dma_map_single
net/packet: fix slab-out-of-bounds access in packet_recvmsg()
fs: sysfs_emit: Remove PAGE_SIZE alignment check
kselftest/vm: fix tests build with old libc
sfc: extend the locking on mcdi->seqno
tcp: make tcp_read_sock() more robust
nl80211: Update bss channel on channel switch for P2P_CLIENT
atm: firestream: check the return value of ioremap() in fs_init()
can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready
ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
MIPS: smp: fill in sibling and core maps earlier
ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
xfrm: Fix xfrm migrate issues when address family changes
Linux 4.9.307
btrfs: unlock newly allocated extent buffer after error
ARM: fix Thumb2 regression with Spectre BHB
batman-adv: Don't expect inter-netns unique iflink indices
batman-adv: Request iflink once in batadv-on-batadv check
staging: gdm724x: fix use after free in gdm_lte_rx()
ARM: Spectre-BHB: provide empty stub for non-config
selftests/memfd: clean up mapping in mfd_fail_write
tracing: Ensure trace buffer is at least 4096 bytes large
Revert "xen-netback: Check for hotplug-status existence before watching"
net-sysfs: add check for netdevice being present to speed_show
sctp: fix kernel-infoleak for SCTP sockets
gpio: ts4900: Do not set DAT and OE together
NFC: port100: fix use-after-free in port100_send_complete
net/mlx5: Fix size field in bufferx_reg struct
ax25: Fix NULL pointer dereference in ax25_kill_by_device
net: ethernet: lpc_eth: Handle error for clk_enable
ethernet: Fix error handling in xemaclite_of_probe
qed: return status of qed_iov_get_link
net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare()
Linux 4.9.306
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
xen/gnttab: fix gnttab_end_foreign_access() without page specified
xen: remove gnttab_query_foreign_access()
xen/gntalloc: don't use gnttab_query_foreign_access()
xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
xen/netfront: don't use gnttab_query_foreign_access() for mapped status
xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
xen/grant-table: add gnttab_try_end_foreign_access()
xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
ARM: fix build warning in proc-v7-bugs.c
x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
x86/build: Fix compiler support check for CONFIG_RETPOLINE
ARM: Do not use NOCROSSREFS directive with ld.lld
ARM: fix co-processor register typo
ARM: fix build error when BPF_SYSCALL is disabled
ARM: include unprivileged BPF status in Spectre V2 reporting
ARM: Spectre-BHB workaround
ARM: use LOADADDR() to get load address of sections
ARM: early traps initialisation
ARM: report Spectre v2 status through sysfs
arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
arm/arm64: Provide a wrapper for SMCCC 1.1 calls
x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
x86/speculation: Warn about Spectre v2 LFENCE mitigation
x86/speculation: Update link to AMD speculation whitepaper
x86/speculation: Use generic retpoline by default on AMD
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
Documentation/hw-vuln: Update spectre doc
x86/speculation: Add eIBRS + Retpoline options
x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
Documentation: Add swapgs description to the Spectre v1 documentation
Documentation: Add section about CPU vulnerabilities for Spectre
x86/retpoline: Remove minimal retpoline support
x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
Linux 4.9.305
hamradio: fix macro redefine warning
net: dcb: disable softirqs in dcbnl_flush_dev()
memfd: fix F_SEAL_WRITE after shmem huge page allocated
HID: add mapping for KEY_ALL_APPLICATIONS
Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power()
net: chelsio: cxgb3: check the return value of pci_find_capability()
soc: fsl: qe: Check of ioremap return value
ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
can: gs_usb: change active_channels's type from atomic_t to u8
efivars: Respect "block" flag in efivar_entry_set_safe()
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
net: sxgbe: fix return value of __setup handler
net: stmmac: fix return value of __setup handler
mac80211: fix forwarded mesh frames AC & queue selection
firmware: qemu_fw_cfg: fix kobject leak in probe error path
firmware: Fix a reference count leak.
net: dcb: flush lingering app table entries for unregistered devices
netfilter: nf_queue: fix possible use-after-free
netfilter: nf_queue: don't assume sk is full socket
xfrm: fix MTU regression
ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
ata: pata_hpt37x: fix PCI clock detection
usb: gadget: clear related members when goto fail
usb: gadget: don't release an existing dev->buf
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
i2c: qup: allow COMPILE_TEST
dmaengine: shdma: Fix runtime PM imbalance on error
cifs: fix double free race when mount fails in cifs_get_root()
Input: clear BTN_RIGHT/MIDDLE on buttonpads
i2c: bcm2835: Avoid clock stretching timeouts
mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
mac80211_hwsim: report NOACK frames in tx_status
Linux 4.9.304
fget: clarify and improve __fget_files() implementation
memblock: use kfree() to release kmalloced memblock regions
tty: n_gsm: fix proper link termination after failed open
tty: n_gsm: fix encoding of control signal octet bit DV
xhci: Prevent futile URB re-submissions due to incorrect return value.
usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
USB: serial: option: add Telit LE910R1 compositions
USB: serial: option: add support for DW5829e
tracefs: Set the group ownership in apply_options() not parse_options()
USB: gadget: validate endpoint index for xilinx udc
usb: gadget: rndis: add spinlock for rndis response list
Revert "USB: serial: ch341: add new Product ID for CH341A"
ata: pata_hpt37x: disable primary channel on HPT371
iio: adc: men_z188_adc: Fix a resource leak in an error handling path
RDMA/ib_srp: Fix a deadlock
configfs: fix a race in configfs_{,un}register_subsystem()
net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
drm/edid: Always set RGB444
openvswitch: Fix setting ipv6 fields causing hw csum failure
gso: do not skip outer ip header in case of ipip and net_failover
net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
serial: 8250: of: Fix mapped region size when using reg-offset property
serial: 8250: fix error handling in of_platform_serial_probe()
USB: zaurus: support another broken Zaurus
sr9700: sanity check for packet length
parisc/unaligned: Fix ldw() and stw() unalignment handlers
parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
Linux 4.9.303
net: usb: qmi_wwan: Add support for Dell DW5829e
tracing: Fix tp_printk option related with tp_printk_stop_on_boot
ata: libata-core: Disable TRIM on M88V29
NFS: Do not report writeback errors in nfs_getattr()
KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
lib/iov_iter: initialize "flags" in new pipe_buffer
i2c: brcmstb: fix support for DSL and CM variants
EDAC: Fix calculation of returned address and next offset in edac_align_ptr()
NFS: LOOKUP_DIRECTORY is also ok with symlinks
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
ALSA: hda: Fix missing codec probe on Shenker Dock 15
ALSA: hda: Fix regression on forced probe mask option
libsubcmd: Fix use-after-free for realloc(..., 0)
drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
iwlwifi: pcie: fix locking when "HW not ready"
vsock: remove vsock from connected table when connect is interrupted by a signal
vsock: correct removal of socket from the list
taskstats: Cleanup the use of task->exit_code
xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
drm/radeon: Fix backlight control on iMac 12,1
quota: make dquot_quota_sync return errors from ->sync_fs
vfs: make freeze_super abort when sync_filesystem returns error
ax25: improve the incomplete fix to avoid UAF and NPD bugs
selftests/zram: Adapt the situation that /dev/zram0 is being used
selftests/zram01.sh: Fix compression ratio calculation
selftests/zram: Skip max_comp_streams interface on newer kernel
net: ieee802154: at86rf230: Stop leaking skb's
btrfs: send: in case of IO error log it
parisc: Fix sglist access in ccio-dma.c
parisc: Fix data TLB miss in sba_unmap_sg
serial: parisc: GSC: fix build when IOSAPIC is not set
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
Makefile.extrawarn: Move -Wunaligned-access to W=1
UPSTREAM: net: fix skb_panic to output real address
UPSTREAM: xfrm: Make function xfrmi_get_link_net() static
UPSTREAM: xfrm: fix gro_cells leak when remove virtual xfrm interfaces
UPSTREAM: xfrm interface: fix memory leak on creation
UPSTREAM: xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate
UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
UPSTREAM: xfrm/compat: memset(0) 64-bit padding at right place
UPSTREAM: xfrm/compat: Don't allocate memory with __GFP_ZERO
UPSTREAM: xfrm/compat: Cleanup WARN()s that can be user-triggered
UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
UPSTREAM: arm64/vdso: don't leak kernel addresses
UPSTREAM: tracing: make PREEMPTIRQ_EVENTS depend on TRACING
UPSTREAM: trace_uprobe: Use %lx to display offset
UPSTREAM: kprobes: Fix random address output of blacklist file
UPSTREAM: mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty()
UPSTREAM: x86/realmode: Don't leak the trampoline kernel address
UPSTREAM: bpf: bpf_prog_array_alloc() should return a generic non-rcu pointer
UPSTREAM: bpf: fix rcu annotations in compute_effective_progs()
UPSTREAM: optee: add writeback to valid memory type
UPSTREAM: lib/test_printf.c: accept "ptrval" as valid result for plain 'p' tests
UPSTREAM: kdb: use correct pointer when 'btc' calls 'btt'
UPSTREAM: kdb: print real address of pointers instead of hashed addresses
UPSTREAM: powerpc/traps: Fix the message printed when stack overflows
UPSTREAM: f2fs: should use GFP_NOFS for directory inodes
UPSTREAM: zram: off by one in read_block_state()
UPSTREAM: tee: fix put order in teedev_close_context()
UPSTREAM: vsprintf: Replace memory barrier with static_key for random_ptr_key update
UPSTREAM: ARM: 8896/1: VDSO: Don't leak kernel addresses
UPSTREAM: parisc: Show unhashed hardware inventory
UPSTREAM: parisc: Show initial kernel memory layout unhashed
UPSTREAM: parisc: Show unhashed HPA of Dino chip
UPSTREAM: parisc: Show unhashed EISA EEPROM address
UPSTREAM: HID: input: throttle battery uevents
UPSTREAM: HID: steam: select CONFIG_POWER_SUPPLY
UPSTREAM: HID: sony: Fix for broken buttons on DS3 USB dongles
UPSTREAM: HID: input: do not report stylus battery state as "full"
Linux 4.9.302
HID: wacom: add USB_HID dependency
hwmon: (dell-smm) Speed up setting of fan speed
USB: serial: cp210x: add CPI Bulk Coin Recycler id
USB: serial: cp210x: add NCR Retail IO box id
USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
USB: serial: option: add ZTE MF286D modem
USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
usb: gadget: rndis: check size of RNDIS_MSG_SET command
USB: gadget: validate interface OS descriptor requests
usb: dwc3: gadget: Prevent core from processing stale TRBs
n_tty: wake up poll(POLLRDNORM) on receiving data
bpf: Add kconfig knob for disabling unpriv bpf by default
vt_ioctl: add array_index_nospec to VT_ACTIVATE
vt_ioctl: fix array_index_nospec in vt_setactivate
tipc: rate limit warning for received illegal binding update
net: fix a memleak when uncloning an skb dst and its metadata
net: do not keep the dst cache when uncloning an skb dst and its metadata
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
bonding: pair enable_port with slave_arr_updates
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
staging: fbtft: Fix error path in fbtft_driver_module_init()
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
scsi: target: iscsi: Make sure the np under each tpg is unique
NFSv4 remove zero number of fs_locations entries error check
nfs: nfs4clinet: check the return value of kstrdup()
NFSv4 only print the label when its queried
Revert "net: axienet: Wait for PhyRstCmplt after core reset"
ALSA: line6: Fix misplaced backport of "Fix wrong altsetting for LINE6_PODHD500_1"
serial: sh-sci: Fix misplaced backport of "Fix late enablement of AUTORTS"
Input: i8042 - Fix misplaced backport of "add ASUS Zenbook Flip to noselftest list"
NFSD: Clamp WRITE offsets
NFS: Fix initialisation of nfs_client cl_flags field
ima: Remove ima_policy file before directory
integrity: check the return value of audit_log_start()
Revert "tracefs: Have tracefs directories not set OTH permission bits by default"
Linux 4.9.301
tipc: improve size validations for received domain records
moxart: fix potential use-after-free on remove path
cgroup-v1: Require capabilities to set release_agent
Linux 4.9.300
ext4: fix error handling in ext4_restore_inline_data()
EDAC/xgene: Fix deferred probing
EDAC/altera: Fix deferred probing
rtc: cmos: Evaluate century appropriate
nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
ASoC: fsl: Add missing error handling in pcm030_fabric_probe
net: macsec: Verify that send_sci is on when setting Tx sci explicitly
net: ieee802154: Return meaningful error codes from the netlink helpers
spi: mediatek: Avoid NULL pointer crash in interrupt
spi: bcm-qspi: check for valid cs before applying chip select
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
drm/nouveau: fix off by one in BIOS boundary checking
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
net: amd-xgbe: Fix skb data length underflow
net: amd-xgbe: ensure to reset the tx_timer_active flag
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
netfilter: nat: limit port clash resolution attempts
netfilter: nat: remove l4 protocol port rovers
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: raw: lock the socket in raw_bind()
hwmon: (lm90) Reduce maximum conversion rate for G781
drm/msm: Fix wrong size calculation
net-procfs: show net devices bound packet types
NFSv4: nfs_atomic_open() can race when looking up a non-regular file
NFSv4: Handle case where the lookup of a directory fails
ipv4: avoid using shared IP generator for connected sockets
net: fix information leakage in /proc/net/ptype
ipv6_tunnel: Rate limit warning messages
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
powerpc/32: Fix boot failure with GCC latent entropy plugin
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
tty: Add support for Brainboxes UC cards.
tty: n_gsm: fix SW flow control encoding/handling
serial: stm32: fix software flow control transfer
PM: wakeup: simplify the output logic of pm_show_wakelocks()
udf: Fix NULL ptr deref when converting from inline format
udf: Restore i_lenAlloc when inode expansion fails
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
s390/hypfs: include z/VM guests with access control group set
Bluetooth: refactor malicious adv data check
can: bcm: fix UAF of bcm op
BACKPORT: ipv6: Implement draft-ietf-6man-rfc4941bis
Linux 4.9.299
ion: Do not 'put' ION handle until after its final use
ion: Protect kref from userspace manipulation
ion: Fix use after free during ION_IOC_ALLOC
ARM: 8800/1: use choice for kernel unwinders
KVM: X86: MMU: Use the correct inherited permissions to get shadow page
KVM: nVMX: fix EPT permissions as reported in exit qualification
NFSv4: Initialise connection to the server in nfs4_alloc_client()
media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
drm/i915: Flush TLBs before releasing backing store
Linux 4.9.298
KVM: do not allow mapping valid but non-reference-counted pages
KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
KVM: do not assume PTE is writable after follow_pfn
mm: add follow_pte_pmd()
lib/timerqueue: Rely on rbtree semantics for next timer
rbtree: cache leftmost node internally
cipso,calipso: resolve a number of problems with the DOI refcounts
gianfar: fix jumbo packets+napi+rx overrun crash
gianfar: simplify FCS handling and fix memory leak
drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
gup: document and work around "COW can break either way" issue
Revert "gup: document and work around "COW can break either way" issue"
lib82596: Fix IRQ check in sni_82596_probe
scripts/dtc: dtx_diff: remove broken example from help text
bcmgenet: add WOL IRQ check
net_sched: restore "mpu xxx" handling
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
dmaengine: at_xdmac: Fix lld view setting
dmaengine: at_xdmac: Print debug message after realeasing the lock
dmaengine: at_xdmac: Don't start transactions at tx_submit level
libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
netns: add schedule point in ops_exit_list()
net: axienet: fix number of TX ring slots for available check
net: axienet: Wait for PhyRstCmplt after core reset
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
RDMA/rxe: Fix a typo in opcode name
RDMA/hns: Modify the mapping attribute of doorbell to device
drm/radeon: fix error handling in radeon_driver_open_kms
fuse: fix live lock in fuse_iget()
fuse: fix bad inode
ext4: don't use the orphan list when migrating an inode
ext4: Fix BUG_ON in ext4_bread when write quota data
ext4: set csum seed in tmp inode while migrating to extents
iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
power: bq25890: Enable continuous conversion for ADC at charging
ASoC: mediatek: mt8173: fix device_node leak
scsi: sr: Don't use GFP_DMA
MIPS: Octeon: Fix build errors using clang
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
ALSA: seq: Set upper limit of processed events
w1: Misuse of get_user()/put_user() reported by sparse
i2c: mpc: Correct I2C reset procedure
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
i2c: i801: Don't silently correct invalid transfer size
powerpc/btext: add missing of_node_put
powerpc/cell: add missing of_node_put
powerpc/powernv: add missing of_node_put
powerpc/6xx: add missing of_node_put
parisc: Avoid calling faulthandler_disabled() twice
serial: core: Keep mctrl register state and cached copy in sync
serial: pl010: Drop CR register reset on set_termios
dm space map common: add bounds check to sm_ll_lookup_bitmap()
dm btree: add a defensive bounds check to insert_at()
net: mdio: Demote probed message to debug print
btrfs: remove BUG_ON(!eie) in find_parent_nodes
btrfs: remove BUG_ON() in find_parent_nodes()
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
ACPICA: Utilities: Avoid deleting the same object twice in a row
jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
um: registers: Rename function names to avoid conflicts and build problems
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
media: igorplugusb: receiver overflow should be reported
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
ath10k: Fix tx hanging
iwlwifi: mvm: synchronize with FW after multicast commands
media: m920x: don't use stack on USB reads
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
floppy: Add max size check for user space request
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
HSI: core: Fix return freed object in hsi_new_client
gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
media: b2c2: Add missing check in flexcop_pci_isr:
HID: apple: Do not reset quirks when the Fn key is not found
usb: gadget: f_fs: Use stream_open() for endpoint files
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
fs: dlm: filter user dlm messages for kernel locks
Bluetooth: Fix debugfs entry leak in hci_register_dev()
RDMA/cxgb4: Set queue pair state when being queried
mips: bcm63xx: add support for clk_set_parent()
mips: lantiq: add support for clk_set_parent()
misc: lattice-ecp3-config: Fix task hung when firmware load failed
ASoC: samsung: idma: Check of ioremap return value
dmaengine: pxa/mmp: stop referencing config->slave_id
RDMA/core: Let ib_find_gid() continue search even after empty entry
scsi: ufs: Fix race conditions related to driver data
char/mwave: Adjust io port register size
ALSA: oss: fix compile error when OSS_DEBUG is enabled
powerpc/prom_init: Fix improper check of prom_getprop()
RDMA/hns: Validate the pkey index
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
ext4: avoid trim error on fs with small groups
net: mcs7830: handle usb read errors properly
pcmcia: fix setting of kthread task states
can: xilinx_can: xcan_probe(): check for error irq
can: softing: softing_startstop(): fix set but not used variable warning
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
fsl/fman: Check for null pointer after calling devm_ioremap
ppp: ensure minimum packet size in ppp_write()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
usb: ftdi-elan: fix memory leak on device disconnect
media: msi001: fix possible null-ptr-deref in msi001_probe()
media: si2157: Fix "warm" tuner state detection
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
media: dib8000: Fix a memleak in dib8000_init()
floppy: Fix hang in watchdog when disk is ejected
serial: amba-pl011: do not request memory region twice
drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
arm64: dts: qcom: msm8916: fix MMC controller aliases
netfilter: bridge: add support for pppoe filtering
tty: serial: atmel: Call dma_async_issue_pending()
tty: serial: atmel: Check return code of dmaengine_submit()
crypto: qce - fix uaf on qce_ahash_register_one
media: dmxdev: fix UAF when dvb_register_device() fails
Bluetooth: stop proccessing malicious adv data
wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
can: softing_cs: softingcs_probe(): fix memleak on registration failure
media: stk1160: fix control-message timeouts
media: pvrusb2: fix control-message timeouts
media: redrat3: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: s2255: fix control-message timeouts
media: cpia2: fix control-message timeouts
media: em28xx: fix control-message timeouts
media: mceusb: fix control-message timeouts
media: flexcop-usb: fix control-message timeouts
rtc: cmos: take rtc_lock while reading from CMOS
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
HID: wacom: Avoid using stale array indicies to read contact count
HID: uhid: Fix worker destroying device without any protection
rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
media: uvcvideo: fix division by zero at stream start
drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
random: fix data race on crng init time
random: fix data race on crng_node_pool
can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
USB: core: Fix bug in resuming hub's handling of wakeup requests
Bluetooth: bfusb: fix division by zero in send path
Linux 4.9.297
power: reset: ltc2952: Fix use of floating point literals
mISDN: change function names to avoid conflicts
net: udp: fix alignment problem in udp4_seq_show()
ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
phonet: refcount leak in pep_sock_accep
arm64: sysreg: Move to use definitions for all the SCTLR bits
arm64: move !VHE work to end of el2_setup
arm64: reduce el2_setup branching
arm64: Remove a redundancy in sysreg.h
bug: split BUILD_BUG stuff out into <linux/build_bug.h>
rndis_host: support Hytera digital radios
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
i40e: Fix incorrect netdev's real number of RX/TX queues
mac80211: initialize variable have_higher_than_11mbit
ieee802154: atusb: fix uninit value in atusb_set_extended_addr
virtio_pci: Support surprise removal of virtio pci device
tracing: Tag trace_percpu_buffer as a percpu pointer
tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models
Linux 4.9.296
net: fix use-after-free in tw_timer_handler
Input: spaceball - fix parsing of movement data packets
Input: appletouch - initialize work before device registration
scsi: vmw_pvscsi: Set residual data length conditionally
usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
uapi: fix linux/nfc.h userspace compilation errors
nfc: uapi: use kernel size_t to fix user-space builds
fsl/fman: Fix missing put_device() call in fman_port_probe
selinux: initialize proto variable in selinux_ip_postroute_compat()
recordmcount.pl: fix typo in s390 mcount regex
platform/x86: apple-gmux: use resource_size() with res
HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
Linux 4.9.295
phonet/pep: refuse to enable an unbound pipe
hamradio: improve the incomplete fix to avoid NPD
hamradio: defer ax25 kfree after unregister_netdev
ax25: NPD bug when detaching AX25 device
hwmon: (lm90) Do not report 'busy' status bit as alarm
ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
ALSA: drivers: opl3: Fix incorrect use of vp->state
ALSA: jack: Check the return value of kstrdup()
hwmon: (lm90) Fix usage of CONFIG2 register in detect function
drivers: net: smc911x: Check for error irq
fjes: Check for error irq
bonding: fix ad_actor_system option setting to default
qlcnic: potential dereference null pointer of rx_queue->page_ring
IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
HID: holtek: fix mouse probing
can: kvaser_usb: get CAN clock frequency from device
net: usb: lan78xx: add Allied Telesis AT29M2-AF
Linux 4.9.294
xen/netback: don't queue unlimited number of packages
xen/netback: fix rx queue stall detection
xen/console: harden hvc_xen against event channel storms
xen/netfront: harden netfront against event channel storms
xen/blkfront: harden blkfront against event channel storms
Input: touchscreen - avoid bitwise vs logical OR warning
mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
ARM: 8805/2: remove unneeded naked function usage
net: lan78xx: Avoid unnecessary self assignment
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
fuse: annotate lock in fuse_reverse_inval_entry()
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
net: systemport: Add global locking for descriptor lifecycle
timekeeping: Really make sure wall_to_monotonic isn't positive
USB: serial: option: add Telit FN990 compositions
PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
USB: gadget: bRequestType is a bitfield, not a enum
ixgbe: set X550 MDIO speed before talking to PHY
igbvf: fix double free in `igbvf_probe`
soc/tegra: fuse: Fix bitwise vs. logical OR warning
nfsd: fix use-after-free due to delegation race
dm btree remove: fix use after free in rebalance_children()
recordmcount.pl: look for jgnop instruction as well as bcrl on s390
mac80211: send ADDBA requests using the tid/queue of the aggregation session
hwmon: (dell-smm) Fix warning on /proc/i8k creation error
tracing: Fix a kmemleak false positive in tracing_map
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
i2c: rk3x: Handle a spurious start completion interrupt flag
parisc/agp: Annotate parisc agp init functions with __init
net/mlx4_en: Update reported link modes for 1/10G
nfc: fix segfault in nfc_genl_dump_devices_done
FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum
Linux 4.9.293
irqchip: nvic: Fix offset for Interrupt Priority Offsets
irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
iio: itg3200: Call iio_trigger_notify_done() on error
iio: kxsd9: Don't return error code in trigger handler
iio: ltr501: Don't return error code in trigger handler
iio: mma8452: Fix trigger reference couting
iio: stk3310: Don't return error code in interrupt handler
usb: core: config: using bit mask instead of individual bits
usb: core: config: fix validation of wMaxPacketValue entries
USB: gadget: zero allocate endpoint 0 buffers
USB: gadget: detect too-big endpoint 0 requests
net/qla3xxx: fix an error code in ql_adapter_up()
net, neigh: clear whole pneigh_entry at alloc time
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net: altera: set a couple error code in probe()
net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
tracefs: Set all files to the same group ownership as the mount option
signalfd: use wake_up_pollfree()
binder: use wake_up_pollfree()
wait: add wake_up_pollfree()
libata: add horkage for ASMedia 1092
can: pch_can: pch_can_rx_normal: fix use after free
tracefs: Have new files inherit the ownership of their parent
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Fix negative period/buffer sizes
ALSA: ctl: Fix copy of updated id with element read/write
mm: bdi: initialize bdi_min_ratio when bdi is unregistered
IB/hfi1: Correct guard on eager buffer deallocation
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
can: sja1000: fix use after free in ems_pcmcia_add_card()
HID: check for valid USB device for many HID drivers
HID: wacom: fix problems when device is not a valid USB device
HID: add USB_HID dependancy on some USB HID drivers
HID: add USB_HID dependancy to hid-chicony
HID: add USB_HID dependancy to hid-prodikeys
HID: add hid_is_usb() function to make it simpler for USB detection
HID: introduce hid_is_using_ll_driver
UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers
UPSTREAM: USB: gadget: detect too-big endpoint 0 requests
Conflicts:
arch/arm64/include/asm/cputype.h
arch/arm64/kernel/bpi.S
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/vdso.c
drivers/clk/qcom/clk-rcg2.c
drivers/media/dvb-core/dmxdev.c
drivers/mmc/core/host.c
drivers/net/usb/lan78xx.c
drivers/staging/android/ion/ion-ioctl.c
drivers/staging/android/ion/ion.c
drivers/staging/android/ion/ion_priv.h
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/rndis.c
drivers/usb/gadget/function/rndis.h
lib/vsprintf.c
mm/memory.c
net/ipv6/ip6_output.c
Change-Id: Ie8bf6aa5dac3ae822cef90decbba577cefedcb31
|
||
|
Greg Kroah-Hartman
|
e9ffe7569a |
Merge 4.9.307 into android-4.9
Changes in 4.9.307 net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() qed: return status of qed_iov_get_link ethernet: Fix error handling in xemaclite_of_probe net: ethernet: lpc_eth: Handle error for clk_enable ax25: Fix NULL pointer dereference in ax25_kill_by_device net/mlx5: Fix size field in bufferx_reg struct NFC: port100: fix use-after-free in port100_send_complete gpio: ts4900: Do not set DAT and OE together sctp: fix kernel-infoleak for SCTP sockets net-sysfs: add check for netdevice being present to speed_show Revert "xen-netback: Check for hotplug-status existence before watching" tracing: Ensure trace buffer is at least 4096 bytes large selftests/memfd: clean up mapping in mfd_fail_write ARM: Spectre-BHB: provide empty stub for non-config staging: gdm724x: fix use after free in gdm_lte_rx() batman-adv: Request iflink once in batadv-on-batadv check batman-adv: Don't expect inter-netns unique iflink indices ARM: fix Thumb2 regression with Spectre BHB btrfs: unlock newly allocated extent buffer after error Linux 4.9.307 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I2ddea75b801bb11688f30b0c7554bd7aac4036aa |
||
|
Sven Schnelle
|
2f8ee5379b |
tracing: Ensure trace buffer is at least 4096 bytes large
[ Upstream commit 7acf3a127bb7c65ff39099afd78960e77b2ca5de ] Booting the kernel with 'trace_buf_size=1' give a warning at boot during the ftrace selftests: [ 0.892809] Running postponed tracer tests: [ 0.892893] Testing tracer function: [ 0.901899] Callback from call_rcu_tasks_trace() invoked. [ 0.983829] Callback from call_rcu_tasks_rude() invoked. [ 1.072003] .. bad ring buffer .. corrupted trace buffer .. [ 1.091944] Callback from call_rcu_tasks() invoked. [ 1.097695] PASSED [ 1.097701] Testing dynamic ftrace: .. filter failed count=0 ..FAILED! [ 1.353474] ------------[ cut here ]------------ [ 1.353478] WARNING: CPU: 0 PID: 1 at kernel/trace/trace.c:1951 run_tracer_selftest+0x13c/0x1b0 Therefore enforce a minimum of 4096 bytes to make the selftest pass. Link: https://lkml.kernel.org/r/20220214134456.1751749-1-svens@linux.ibm.com Signed-off-by: Sven Schnelle <svens@linux.ibm.com> Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
59a9798eb0 |
Merge 4.9.303 into android-4.9-q
Changes in 4.9.303 Makefile.extrawarn: Move -Wunaligned-access to W=1 net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup serial: parisc: GSC: fix build when IOSAPIC is not set parisc: Fix data TLB miss in sba_unmap_sg parisc: Fix sglist access in ccio-dma.c btrfs: send: in case of IO error log it net: ieee802154: at86rf230: Stop leaking skb's selftests/zram: Skip max_comp_streams interface on newer kernel selftests/zram01.sh: Fix compression ratio calculation selftests/zram: Adapt the situation that /dev/zram0 is being used ax25: improve the incomplete fix to avoid UAF and NPD bugs vfs: make freeze_super abort when sync_filesystem returns error quota: make dquot_quota_sync return errors from ->sync_fs drm/radeon: Fix backlight control on iMac 12,1 xfrm: Don't accidentally set RTO_ONLINK in decode_session4() taskstats: Cleanup the use of task->exit_code vsock: correct removal of socket from the list vsock: remove vsock from connected table when connect is interrupted by a signal iwlwifi: pcie: fix locking when "HW not ready" drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit libsubcmd: Fix use-after-free for realloc(..., 0) ALSA: hda: Fix regression on forced probe mask option ALSA: hda: Fix missing codec probe on Shenker Dock 15 ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() NFS: LOOKUP_DIRECTORY is also ok with symlinks EDAC: Fix calculation of returned address and next offset in edac_align_ptr() i2c: brcmstb: fix support for DSL and CM variants lib/iov_iter: initialize "flags" in new pipe_buffer KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW NFS: Do not report writeback errors in nfs_getattr() ata: libata-core: Disable TRIM on M88V29 tracing: Fix tp_printk option related with tp_printk_stop_on_boot net: usb: qmi_wwan: Add support for Dell DW5829e Linux 4.9.303 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I19131cbf223588e36e1bccd435f93eab152f4199 |
||
|
JaeSang Yoo
|
7beb744b1e |
tracing: Fix tp_printk option related with tp_printk_stop_on_boot
[ Upstream commit 3203ce39ac0b2a57a84382ec184c7d4a0bede175 ]
The kernel parameter "tp_printk_stop_on_boot" starts with "tp_printk" which is
the same as another kernel parameter "tp_printk". If "tp_printk" setup is
called before the "tp_printk_stop_on_boot", it will override the latter
and keep it from being set.
This is similar to other kernel parameter issues, such as:
Commit 745a600cf1a6 ("um: console: Ignore console= option")
or init/do_mounts.c:45 (setup function of "ro" kernel param)
Fix it by checking for a "_" right after the "tp_printk" and if that
exists do not process the parameter.
Link: https://lkml.kernel.org/r/20220208195421.969326-1-jsyoo5b@gmail.com
Signed-off-by: JaeSang Yoo <jsyoo5b@gmail.com>
[ Fixed up change log and added space after if condition ]
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
93c6cebbd0 |
Merge 4.9.297 into android-4.9-q
Changes in 4.9.297
Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models
tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
tracing: Tag trace_percpu_buffer as a percpu pointer
virtio_pci: Support surprise removal of virtio pci device
ieee802154: atusb: fix uninit value in atusb_set_extended_addr
mac80211: initialize variable have_higher_than_11mbit
i40e: Fix incorrect netdev's real number of RX/TX queues
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
rndis_host: support Hytera digital radios
bug: split BUILD_BUG stuff out into <linux/build_bug.h>
arm64: Remove a redundancy in sysreg.h
arm64: reduce el2_setup branching
arm64: move !VHE work to end of el2_setup
arm64: sysreg: Move to use definitions for all the SCTLR bits
phonet: refcount leak in pep_sock_accep
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
net: udp: fix alignment problem in udp4_seq_show()
mISDN: change function names to avoid conflicts
power: reset: ltc2952: Fix use of floating point literals
Linux 4.9.297
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1b6c457971ca5e3b4d2354852a7eeeaccc965a46
|
||
|
Naveen N. Rao
|
0edf5cdefd |
tracing: Tag trace_percpu_buffer as a percpu pointer
commit f28439db470cca8b6b082239314e9fd10bd39034 upstream.
Tag trace_percpu_buffer as a percpu pointer to resolve warnings
reported by sparse:
/linux/kernel/trace/trace.c:3218:46: warning: incorrect type in initializer (different address spaces)
/linux/kernel/trace/trace.c:3218:46: expected void const [noderef] __percpu *__vpp_verify
/linux/kernel/trace/trace.c:3218:46: got struct trace_buffer_struct *
/linux/kernel/trace/trace.c:3234:9: warning: incorrect type in initializer (different address spaces)
/linux/kernel/trace/trace.c:3234:9: expected void const [noderef] __percpu *__vpp_verify
/linux/kernel/trace/trace.c:3234:9: got int *
Link: https://lkml.kernel.org/r/ebabd3f23101d89cb75671b68b6f819f5edc830b.1640255304.git.naveen.n.rao@linux.vnet.ibm.com
Cc: stable@vger.kernel.org
Reported-by: kernel test robot <lkp@intel.com>
Fixes:
|
||
|
Naveen N. Rao
|
b71cf66095 |
tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
commit 823e670f7ed616d0ce993075c8afe0217885f79d upstream.
With the new osnoise tracer, we are seeing the below splat:
Kernel attempted to read user page (c7d880000) - exploit attempt? (uid: 0)
BUG: Unable to handle kernel data access on read at 0xc7d880000
Faulting instruction address: 0xc0000000002ffa10
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries
...
NIP [c0000000002ffa10] __trace_array_vprintk.part.0+0x70/0x2f0
LR [c0000000002ff9fc] __trace_array_vprintk.part.0+0x5c/0x2f0
Call Trace:
[c0000008bdd73b80] [c0000000001c49cc] put_prev_task_fair+0x3c/0x60 (unreliable)
[c0000008bdd73be0] [c000000000301430] trace_array_printk_buf+0x70/0x90
[c0000008bdd73c00] [c0000000003178b0] trace_sched_switch_callback+0x250/0x290
[c0000008bdd73c90] [c000000000e70d60] __schedule+0x410/0x710
[c0000008bdd73d40] [c000000000e710c0] schedule+0x60/0x130
[c0000008bdd73d70] [c000000000030614] interrupt_exit_user_prepare_main+0x264/0x270
[c0000008bdd73de0] [c000000000030a70] syscall_exit_prepare+0x150/0x180
[c0000008bdd73e10] [c00000000000c174] system_call_vectored_common+0xf4/0x278
osnoise tracer on ppc64le is triggering osnoise_taint() for negative
duration in get_int_safe_duration() called from
trace_sched_switch_callback()->thread_exit().
The problem though is that the check for a valid trace_percpu_buffer is
incorrect in get_trace_buf(). The check is being done after calculating
the pointer for the current cpu, rather than on the main percpu pointer.
Fix the check to be against trace_percpu_buffer.
Link: https://lkml.kernel.org/r/a920e4272e0b0635cf20c444707cbce1b2c8973d.1640255304.git.naveen.n.rao@linux.vnet.ibm.com
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Lucas Wei
|
023f358536 |
Merge android-4.9-q (4.9.274) into android-msm-pixel-4.9-sc-lts
Merge 4.9.274 into android-4.9-q
Linux 4.9.274
i2c: robotfuzz-osif: fix control-request directions
nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY
net: qed: Fix memcpy() overflow of qed_dcbx_params()
r8169: Avoid memcpy() over-reading of ETH_SS_STATS
sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS
* r8152: Avoid memcpy() over-reading of ETH_SS_STATS
drivers/net/usb/r8152.c
* net/packet: annotate accesses to po->ifindex
net/packet/af_packet.c
* net/packet: annotate accesses to po->bind
net/packet/af_packet.c
net: caif: fix memory leak in ldisc_open
* inet: annotate date races around sk->sk_txhash
include/net/sock.h
* ping: Check return value of function 'ping_queue_rcv_skb'
net/ipv4/ping.c
mac80211: drop multicast fragments
* cfg80211: call cfg80211_leave_ocb when switching away from OCB
net/wireless/util.c
mac80211: remove warning in ieee80211_get_sband()
* Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
drivers/pci/pci.c
* arm64: perf: Disable PMU while processing counter overflows
arch/arm64/kernel/perf_event.c
* Makefile: Move -Wno-unused-but-set-variable out of GCC only block
Makefile
ARM: 9081/1: fix gcc-10 thumb2-kernel regression
i40e: Be much more verbose about what we can and cannot offload
* inet: use bigger hash table for IP ID generation
net/ipv4/route.c
x86/fpu: Reset state for all signal restore failures
* tracing: Do not stop recording comms if the trace file is being read
kernel/trace/trace.c
* tracing: Do not stop recording cmdlines when tracing is off
kernel/trace/trace.c
* usb: dwc3: core: fix kernel panic when do reboot
drivers/usb/dwc3/core.c
can: bcm/raw/isotp: use per module netdevice notifier
net: fec_ptp: add clock rate zero check
dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
* PCI: Mark some NVIDIA GPUs to avoid bus reset
drivers/pci/quirks.c
* PCI: Mark TI C667X to avoid bus reset
drivers/pci/quirks.c
* tracing: Do no increment trace_clock_global() by one
kernel/trace/trace_clock.c
can: bcm: fix infoleak in struct bcm_msg_head
radeon: use memcpy_to/fromio for UVD fw upload
* scsi: core: Put .shost_dev in failure path if host state changes to RUNNING
drivers/scsi/hosts.c
net: ethernet: fix potential use-after-free in ec_bhf_remove
net: cdc_eem: fix tx fixup skb leak
net: hamradio: fix memory leak in mkiss_close
be2net: Fix an error handling path in 'be_probe()'
* net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
net/unix/af_unix.c
* net: ipv4: fix memory leak in ip_mc_add1_src
net/ipv4/igmp.c
net: usb: fix possible use-after-free in smsc75xx_bind
* net: cdc_ncm: switch to eth%d interface naming
drivers/net/usb/cdc_ncm.c
netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
qlcnic: Fix an error handling path in 'qlcnic_probe()'
net: stmmac: dwmac1000: Fix extended MAC address registers definition
alx: Fix an error handling path in 'alx_probe()'
netfilter: synproxy: Fix out of bounds when parsing TCP options
* rtnetlink: Fix regression in bridge VLAN configuration
net/core/rtnetlink.c
* udp: fix race between close() and udp_abort()
net/ipv4/udp.c
net/ipv6/udp.c
net: rds: fix memory leak in rds_recvmsg
* net: ipv4: fix memory leak in netlbl_cipsov4_add_std
net/ipv4/cipso_ipv4.c
batman-adv: Avoid WARN_ON timing related checks
* mm: hwpoison: change PageHWPoison behavior on hugetlb pages
include/linux/swapops.h
dmaengine: stedma40: add missing iounmap() on error in d40_probe()
* dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM
drivers/dma/qcom/Kconfig
* fib: Return the correct errno code
net/core/fib_rules.c
* net: Return the correct errno code
net/compat.c
net/x25: Return the correct errno code
* rtnetlink: Fix missing error code in rtnl_bridge_notify()
net/core/rtnetlink.c
* net: ipconfig: Don't override command-line hostnames or domains
net/ipv4/ipconfig.c
ethernet: myri10ge: Fix missing error code in myri10ge_probe()
scsi: target: core: Fix warning on realtime kernels
gfs2: Fix use-after-free in gfs2_glock_shrink_scan
HID: gt683r: add missing MODULE_DEVICE_TABLE
ARM: OMAP2+: Fix build warning when mmc_omap is not built
* HID: usbhid: fix info leak in hid_submit_ctrl
drivers/hid/usbhid/hid-core.c
include/linux/hid.h
* HID: Add BUS_VIRTUAL to hid_connect logging
drivers/hid/hid-core.c
HID: hid-sensor-hub: Return error for hid_set_field() failure
net: ieee802154: fix null deref in parse dev addr
* FROMGIT: bpf: Do not change gso_size during bpf_skb_change_proto()
net/core/filter.c
Merge 4.9.273 into android-4.9-q
Linux 4.9.273
* proc: only require mm_struct for writing
fs/proc/base.c
* tracing: Correct the length check which causes memory corruption
kernel/trace/trace.c
ftrace: Do not blindly read the ip address in ftrace_bug()
* scsi: core: Only put parent device if host state differs from SHOST_CREATED
drivers/scsi/hosts.c
* scsi: core: Fix error handling of scsi_host_alloc()
drivers/scsi/hosts.c
NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error.
* kvm: fix previous commit for 32-bit builds
include/linux/kvm_host.h
perf session: Correct buffer copying when peeking events
NFS: Fix a potential NULL dereference in nfs_get_client()
* perf: Fix data race between pin_count increment/decrement
kernel/events/core.c
* usb: fix various gadget panics on 10gbps cabling
drivers/usb/gadget/config.c
usb: fix various gadgets null ptr deref on 10gbps cabling.
usb: gadget: eem: fix wrong eem header operation
USB: serial: quatech2: fix control-request directions
USB: serial: omninet: add device id for Zyxel Omni 56K Plus
USB: serial: ftdi_sio: add NovaTech OrionMX product ID
* usb: dwc3: ep0: fix NULL pointer exception
drivers/usb/dwc3/ep0.c
USB: f_ncm: ncm_bitrate (speed) is unsigned
* cgroup1: don't allow '\n' in renaming
kernel/cgroup.c
btrfs: return value from btrfs_mark_extent_written() in case of error
* kvm: avoid speculation-based attacks from out-of-range memslot accesses
include/linux/kvm_host.h
* drm: Lock pointer access in drm_master_release()
drivers/gpu/drm/drm_auth.c
i2c: mpc: implement erratum A-004447 workaround
i2c: mpc: Make use of i2c_recover_bus()
powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers
powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers
bnx2x: Fix missing error code in bnx2x_iov_init_one()
MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER
net: appletalk: cops: Fix data race in cops_probe1
net: macb: ensure the device is available before accessing GEMGXL control registers
scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
scsi: vmw_pvscsi: Set correct residual data length
net/qla3xxx: fix schedule while atomic in ql_sem_spinlock
* wq: handle VM suspension in stall detection
kernel/workqueue.c
* cgroup: disable controllers at parse time
kernel/cgroup.c
* net: mdiobus: get rid of a BUG_ON()
drivers/net/phy/mdio_bus.c
* netlink: disable IRQs for netlink_lock_table()
net/netlink/af_netlink.c
* bonding: init notify_work earlier to avoid uninitialized use
drivers/net/bonding/bond_main.c
isdn: mISDN: netjet: Fix crash in nj_probe:
ASoC: sti-sas: add missing MODULE_DEVICE_TABLE
net/nfc/rawsock.c: fix a permission check bug
* proc: Track /proc/$pid/attr/ opener mm_struct
fs/proc/base.c
Merge 4.9.272 into android-4.9-q
Linux 4.9.272
xen-pciback: redo VF placement in the virtual topology
* arm64: Remove unimplemented syscall log message
arch/arm64/kernel/traps.c
KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode
bnxt_en: Remove the setting of dev_port.
btrfs: fixup error handling in fixup_inode_link_counts
btrfs: fix error handling in btrfs_del_csums
nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
ocfs2: fix data corruption by fallocate
* pid: take a reference when initializing `cad_pid`
init/main.c
* ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
fs/ext4/extents.c
* ALSA: timer: Fix master timer notification
sound/core/timer.c
net: caif: fix memory leak in cfusbl_device_notify
net: caif: fix memory leak in caif_device_notify
net: caif: add proper error handling
net: caif: added cfserl_release function
* Bluetooth: use correct lock to prevent UAF of hdev object
net/bluetooth/hci_sock.c
* Bluetooth: fix the erroneous flush_work() order
net/bluetooth/hci_core.c
ieee802154: fix error return code in ieee802154_llsec_getparams()
ieee802154: fix error return code in ieee802154_add_iface()
netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches
HID: i2c-hid: fix format string mismatch
HID: pidff: fix error return code in hid_pidff_init()
ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service
vfio/platform: fix module_put call in error flow
* vfio/pci: zap_vma_ptes() needs MMU
drivers/vfio/pci/Kconfig
vfio/pci: Fix error return code in vfio_ecap_init()
efi: cper: fix snprintf() use in cper_dimm_err_location()
efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
* net: usb: cdc_ncm: don't spew notifications
drivers/net/usb/cdc_ncm.c
include/linux/usb/usbnet.h
Merge 4.9.271 into android-4.9-q
Linux 4.9.271
* usb: core: reduce power-on-good delay time of root hub
drivers/usb/core/hub.h
* hugetlbfs: hugetlb_fault_mutex_hash() cleanup
include/linux/hugetlb.h
MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c
MIPS: alchemy: xxs1500: add gpio-au1000.h header file
sch_dsmark: fix a NULL deref in qdisc_reset()
scsi: libsas: Use _safe() loop in sas_resume_port()
ASoC: cs35l33: fix an error code in probe()
staging: emxx_udc: fix loop in _nbu2ss_nuke()
* mld: fix panic in mld_newpack()
net/ipv6/mcast.c
net: bnx2: Fix error return code in bnx2_init_board()
net: mdio: octeon: Fix some double free issues
net: mdio: thunder: Fix a double free issue in the .remove function
net: netcp: Fix an error message
drm/amdgpu: Fix a use-after-free
platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
btrfs: do not BUG_ON in link_to_fixup_dir
openrisc: Define memory barrier mb
scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
media: gspca: properly check for errors in po1030_probe()
media: dvb: Add check on sp8870_readreg return
libertas: register sysfs groups properly
dmaengine: qcom_hidma: comment platform_driver_register call
isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
char: hpet: add checks after calling ioremap
net: caif: remove BUG_ON(dev == NULL) in caif_xmit
net: fujitsu: fix potential null-ptr-deref
serial: max310x: unregister uart driver in case of failure and abort
platform/x86: hp_accel: Avoid invoking _INI to speed up resume
perf jevents: Fix getting maximum number of fds
i2c: i801: Don't generate an interrupt on bus reset
i2c: s3c2410: fix possible NULL pointer deref on read message after write
tipc: skb_linearize the head skb when reassembling msgs
Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv"
net/mlx4: Fix EEPROM dump support
NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
NFS: fix an incorrect limit in filelayout_decode_layout()
Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
* spi: Fix use-after-free with devm_spi_alloc_*
drivers/spi/spi.c
include/linux/spi/spi.h
net: usb: fix memory leak in smsc75xx_bind
USB: serial: pl2303: add device id for ADLINK ND-6530 GC
USB: serial: ftdi_sio: add IDs for IDS GmbH Products
USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
USB: serial: ti_usb_3410_5052: add startech.com device id
serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
USB: trancevibrator: fix control-request direction
iio: adc: ad7793: Add missing error code in ad7793_setup()
staging: iio: cdc: ad7746: avoid overwrite of num_channels
mei: request autosuspend after sending rx flow control
misc/uss720: fix memory leak in uss720_probe
kgdb: fix gcc-11 warnings harder
dm snapshot: properly fix a crash when an origin has no snapshots
ath10k: Validate first subframe of A-MSDU before processing the list
mac80211: extend protection against mixed key and fragment cache attacks
mac80211: do not accept/forward invalid EAPOL frames
mac80211: prevent attacks on TKIP/WEP as well
mac80211: check defrag PN against current frame
mac80211: add fragment cache to sta_info
mac80211: drop A-MSDUs on old ciphers
* cfg80211: mitigate A-MSDU aggregation attacks
net/wireless/util.c
* mac80211: properly handle A-MSDUs that start with an RFC 1042 header
include/net/cfg80211.h
net/wireless/util.c
mac80211: prevent mixed key and fragment cache attacks
mac80211: assure all fragments are encrypted
net: hso: fix control-request directions
* proc: Check /proc/$pid/attr/ writes against file opener
fs/proc/base.c
NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
NFC: nci: fix memory leak in nci_allocate_device
* netfilter: x_tables: Use correct memory barriers.
include/linux/netfilter/x_tables.h
net/netfilter/x_tables.c
scripts: switch explicitly to Python 3
tweewide: Fix most Shebang lines
* mm, vmstat: drop zone->lock in /proc/pagetypeinfo
mm/vmstat.c
Bug: 192919066
Change-Id: I2084abe9588ead675414c4945fd4dc19bd1612b8
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
54b5f551e6 |
Merge 4.9.274 into android-4.9-q
Changes in 4.9.274 net: ieee802154: fix null deref in parse dev addr HID: hid-sensor-hub: Return error for hid_set_field() failure HID: Add BUS_VIRTUAL to hid_connect logging HID: usbhid: fix info leak in hid_submit_ctrl ARM: OMAP2+: Fix build warning when mmc_omap is not built HID: gt683r: add missing MODULE_DEVICE_TABLE gfs2: Fix use-after-free in gfs2_glock_shrink_scan scsi: target: core: Fix warning on realtime kernels ethernet: myri10ge: Fix missing error code in myri10ge_probe() net: ipconfig: Don't override command-line hostnames or domains rtnetlink: Fix missing error code in rtnl_bridge_notify() net/x25: Return the correct errno code net: Return the correct errno code fib: Return the correct errno code dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM dmaengine: stedma40: add missing iounmap() on error in d40_probe() mm: hwpoison: change PageHWPoison behavior on hugetlb pages batman-adv: Avoid WARN_ON timing related checks net: ipv4: fix memory leak in netlbl_cipsov4_add_std net: rds: fix memory leak in rds_recvmsg udp: fix race between close() and udp_abort() rtnetlink: Fix regression in bridge VLAN configuration netfilter: synproxy: Fix out of bounds when parsing TCP options alx: Fix an error handling path in 'alx_probe()' net: stmmac: dwmac1000: Fix extended MAC address registers definition qlcnic: Fix an error handling path in 'qlcnic_probe()' netxen_nic: Fix an error handling path in 'netxen_nic_probe()' net: cdc_ncm: switch to eth%d interface naming net: usb: fix possible use-after-free in smsc75xx_bind net: ipv4: fix memory leak in ip_mc_add1_src net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock be2net: Fix an error handling path in 'be_probe()' net: hamradio: fix memory leak in mkiss_close net: cdc_eem: fix tx fixup skb leak net: ethernet: fix potential use-after-free in ec_bhf_remove scsi: core: Put .shost_dev in failure path if host state changes to RUNNING radeon: use memcpy_to/fromio for UVD fw upload can: bcm: fix infoleak in struct bcm_msg_head tracing: Do no increment trace_clock_global() by one PCI: Mark TI C667X to avoid bus reset PCI: Mark some NVIDIA GPUs to avoid bus reset dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc net: fec_ptp: add clock rate zero check can: bcm/raw/isotp: use per module netdevice notifier usb: dwc3: core: fix kernel panic when do reboot tracing: Do not stop recording cmdlines when tracing is off tracing: Do not stop recording comms if the trace file is being read x86/fpu: Reset state for all signal restore failures inet: use bigger hash table for IP ID generation i40e: Be much more verbose about what we can and cannot offload ARM: 9081/1: fix gcc-10 thumb2-kernel regression Makefile: Move -Wno-unused-but-set-variable out of GCC only block arm64: perf: Disable PMU while processing counter overflows Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" mac80211: remove warning in ieee80211_get_sband() cfg80211: call cfg80211_leave_ocb when switching away from OCB mac80211: drop multicast fragments ping: Check return value of function 'ping_queue_rcv_skb' inet: annotate date races around sk->sk_txhash net: caif: fix memory leak in ldisc_open net/packet: annotate accesses to po->bind net/packet: annotate accesses to po->ifindex r8152: Avoid memcpy() over-reading of ETH_SS_STATS sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS r8169: Avoid memcpy() over-reading of ETH_SS_STATS net: qed: Fix memcpy() overflow of qed_dcbx_params() net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY nilfs2: fix memory leak in nilfs_sysfs_delete_device_group i2c: robotfuzz-osif: fix control-request directions Linux 4.9.274 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I31d1bfc426326657ecc9db939474f25961471552 |
||
|
Steven Rostedt (VMware)
|
54657108d1 |
tracing: Do not stop recording comms if the trace file is being read
commit 4fdd595e4f9a1ff6d93ec702eaecae451cfc6591 upstream.
A while ago, when the "trace" file was opened, tracing was stopped, and
code was added to stop recording the comms to saved_cmdlines, for mapping
of the pids to the task name.
Code has been added that only records the comm if a trace event occurred,
and there's no reason to not trace it if the trace file is opened.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Steven Rostedt (VMware)
|
46ac8f9c1d |
tracing: Do not stop recording cmdlines when tracing is off
commit 85550c83da421fb12dc1816c45012e1e638d2b38 upstream.
The saved_cmdlines is used to map pids to the task name, such that the
output of the tracing does not just show pids, but also gives a human
readable name for the task.
If the name is not mapped, the output looks like this:
<...>-1316 [005] ...2 132.044039: ...
Instead of this:
gnome-shell-1316 [005] ...2 132.044039: ...
The names are updated when tracing is running, but are skipped if tracing
is stopped. Unfortunately, this stops the recording of the names if the
top level tracer is stopped, and not if there's other tracers active.
The recording of a name only happens when a new event is written into a
ring buffer, so there is no need to test if tracing is on or not. If
tracing is off, then no event is written and no need to test if tracing is
off or not.
Remove the check, as it hides the names of tasks for events in the
instance buffers.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
b3bf8228b6 |
Merge 4.9.273 into android-4.9-q
Changes in 4.9.273 proc: Track /proc/$pid/attr/ opener mm_struct net/nfc/rawsock.c: fix a permission check bug ASoC: sti-sas: add missing MODULE_DEVICE_TABLE isdn: mISDN: netjet: Fix crash in nj_probe: bonding: init notify_work earlier to avoid uninitialized use netlink: disable IRQs for netlink_lock_table() net: mdiobus: get rid of a BUG_ON() cgroup: disable controllers at parse time wq: handle VM suspension in stall detection net/qla3xxx: fix schedule while atomic in ql_sem_spinlock scsi: vmw_pvscsi: Set correct residual data length scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal net: macb: ensure the device is available before accessing GEMGXL control registers net: appletalk: cops: Fix data race in cops_probe1 MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER bnx2x: Fix missing error code in bnx2x_iov_init_one() powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers i2c: mpc: Make use of i2c_recover_bus() i2c: mpc: implement erratum A-004447 workaround drm: Lock pointer access in drm_master_release() kvm: avoid speculation-based attacks from out-of-range memslot accesses btrfs: return value from btrfs_mark_extent_written() in case of error cgroup1: don't allow '\n' in renaming USB: f_ncm: ncm_bitrate (speed) is unsigned usb: dwc3: ep0: fix NULL pointer exception USB: serial: ftdi_sio: add NovaTech OrionMX product ID USB: serial: omninet: add device id for Zyxel Omni 56K Plus USB: serial: quatech2: fix control-request directions usb: gadget: eem: fix wrong eem header operation usb: fix various gadgets null ptr deref on 10gbps cabling. usb: fix various gadget panics on 10gbps cabling perf: Fix data race between pin_count increment/decrement NFS: Fix a potential NULL dereference in nfs_get_client() perf session: Correct buffer copying when peeking events kvm: fix previous commit for 32-bit builds NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. scsi: core: Fix error handling of scsi_host_alloc() scsi: core: Only put parent device if host state differs from SHOST_CREATED ftrace: Do not blindly read the ip address in ftrace_bug() tracing: Correct the length check which causes memory corruption proc: only require mm_struct for writing Linux 4.9.273 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ifaa5fba5937bfae50d21fdb2ad6bd94839fbb981 |
||
|
Liangyan
|
edcce01e0e |
tracing: Correct the length check which causes memory corruption
commit 3e08a9f9760f4a70d633c328a76408e62d6f80a3 upstream.
We've suffered from severe kernel crashes due to memory corruption on
our production environment, like,
Call Trace:
[1640542.554277] general protection fault: 0000 [#1] SMP PTI
[1640542.554856] CPU: 17 PID: 26996 Comm: python Kdump: loaded Tainted:G
[1640542.556629] RIP: 0010:kmem_cache_alloc+0x90/0x190
[1640542.559074] RSP: 0018:ffffb16faa597df8 EFLAGS: 00010286
[1640542.559587] RAX: 0000000000000000 RBX: 0000000000400200 RCX:
0000000006e931bf
[1640542.560323] RDX: 0000000006e931be RSI: 0000000000400200 RDI:
ffff9a45ff004300
[1640542.560996] RBP: 0000000000400200 R08: 0000000000023420 R09:
0000000000000000
[1640542.561670] R10: 0000000000000000 R11: 0000000000000000 R12:
ffffffff9a20608d
[1640542.562366] R13: ffff9a45ff004300 R14: ffff9a45ff004300 R15:
696c662f65636976
[1640542.563128] FS: 00007f45d7c6f740(0000) GS:ffff9a45ff840000(0000)
knlGS:0000000000000000
[1640542.563937] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1640542.564557] CR2: 00007f45d71311a0 CR3: 000000189d63e004 CR4:
00000000003606e0
[1640542.565279] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[1640542.566069] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[1640542.566742] Call Trace:
[1640542.567009] anon_vma_clone+0x5d/0x170
[1640542.567417] __split_vma+0x91/0x1a0
[1640542.567777] do_munmap+0x2c6/0x320
[1640542.568128] vm_munmap+0x54/0x70
[1640542.569990] __x64_sys_munmap+0x22/0x30
[1640542.572005] do_syscall_64+0x5b/0x1b0
[1640542.573724] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[1640542.575642] RIP: 0033:0x7f45d6e61e27
James Wang has reproduced it stably on the latest 4.19 LTS.
After some debugging, we finally proved that it's due to ftrace
buffer out-of-bound access using a debug tool as follows:
[ 86.775200] BUG: Out-of-bounds write at addr 0xffff88aefe8b7000
[ 86.780806] no_context+0xdf/0x3c0
[ 86.784327] __do_page_fault+0x252/0x470
[ 86.788367] do_page_fault+0x32/0x140
[ 86.792145] page_fault+0x1e/0x30
[ 86.795576] strncpy_from_unsafe+0x66/0xb0
[ 86.799789] fetch_memory_string+0x25/0x40
[ 86.804002] fetch_deref_string+0x51/0x60
[ 86.808134] kprobe_trace_func+0x32d/0x3a0
[ 86.812347] kprobe_dispatcher+0x45/0x50
[ 86.816385] kprobe_ftrace_handler+0x90/0xf0
[ 86.820779] ftrace_ops_assist_func+0xa1/0x140
[ 86.825340] 0xffffffffc00750bf
[ 86.828603] do_sys_open+0x5/0x1f0
[ 86.832124] do_syscall_64+0x5b/0x1b0
[ 86.835900] entry_SYSCALL_64_after_hwframe+0x44/0xa9
commit b220c049d519 ("tracing: Check length before giving out
the filter buffer") adds length check to protect trace data
overflow introduced in
|
||
|
Lucas Wei
|
38b773b493 |
Merge android-4.9-q (4.9.270) into android-msm-pixel-4.9-lts
Merge 4.9.270 into android-4.9-q
Linux 4.9.270
* Bluetooth: SMP: Fail if remote and local public keys are identical
net/bluetooth/smp.c
video: hgafb: correctly handle card detect failure during probe
iio: tsl2583: Fix division by a zero lux_val
* tty: vt: always invoke vc->vc_sw->con_resize callback
drivers/tty/vt/vt.c
* vt: Fix character height handling with VT_RESIZEX
drivers/tty/vt/vt_ioctl.c
include/linux/console_struct.h
vgacon: Record video mode changes with VT_RESIZEX
video: hgafb: fix potential NULL pointer dereference
qlcnic: Add null check after calling netdev_alloc_skb
leds: lp5523: check return value of lp5xx_read and jump to cleanup code
net: rtlwifi: properly check for alloc_workqueue() failure
net: stmicro: handle clk_prepare() failure during init
ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
Revert "niu: fix missing checks of niu_pci_eeprom_read"
Revert "qlcnic: Avoid potential NULL pointer dereference"
Revert "rtlwifi: fix a potential NULL pointer dereference"
cdrom: gdrom: initialize global variable at init time
cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
Revert "gdrom: fix a memory leak bug"
* Revert "ecryptfs: replace BUG_ON with error handling code"
fs/ecryptfs/crypto.c
Revert "video: imsttfb: fix potential NULL pointer dereferences"
Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
Revert "net: stmicro: fix a missing check of clk_prepare"
Revert "video: hgafb: fix potential NULL pointer dereference"
dm snapshot: fix crash with transient storage and zero chunk size
xen-pciback: reconfigure also from backend watch handler
rapidio: handle create_workqueue() failure
Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails"
Revert "ALSA: sb8: add a check for request_region"
* ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
sound/firewire/Kconfig
* ALSA: usb-audio: Validate MS endpoint descriptors
sound/usb/midi.c
ALSA: line6: Fix racy initialization of LINE6 MIDI
cifs: fix memory leak in smb2_copychunk_range
* ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
kernel/ptrace.c
scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
RDMA/rxe: Clear all QP fields if creation failed
openrisc: Fix a memory leak
Merge 4.9.269 into android-4.9-q
Linux 4.9.269
* ipv6: remove extra dev_hold() for fallback tunnels
net/ipv6/ip6_tunnel.c
net/ipv6/ip6_vti.c
net/ipv6/sit.c
* xhci: Do not use GFP_KERNEL in (potentially) atomic context
drivers/usb/host/xhci.c
* ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
net/ipv6/ip6_tunnel.c
* sit: proper dev_{hold|put} in ndo_[un]init methods
net/ipv6/sit.c
lib: stackdepot: turn depot_lock spinlock to raw_spinlock
ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
ceph: fix fscache invalidation
um: Mark all kernel symbols as local
Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state
ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
isdn: capi: fix mismatched prototypes
cxgb4: Fix the -Wmisleading-indentation warning
usb: sl811-hcd: improve misleading indentation
kgdb: fix gcc-11 warning on indentation
extcon: adc-jack: Fix incompatible pointer type warning
x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
clk: exynos7: Mark aclk_fsys1_200 as critical
* netfilter: conntrack: Make global sysctls readonly in non-init netns
net/netfilter/nf_conntrack_standalone.c
* kobject_uevent: remove warning in init_uevent_argv()
lib/kobject_uevent.c
* dm ioctl: fix out of bounds array access when no devices
drivers/md/dm-ioctl.c
thermal/core/fair share: Lock the thermal zone while looping over instances
MIPS: Avoid handcoded DIVU in `__div64_32' altogether
MIPS: Avoid DIVU in `__div64_32' is result would be zero
MIPS: Reinstate platform `__div64_32' handler
* FDDI: defxx: Make MMIO the configuration default except for EISA
drivers/net/fddi/Kconfig
KVM: x86: Cancel pvclock_gtod_work on module removal
* usb: core: hub: fix race condition about TRSMRCY of resume
drivers/usb/core/hub.c
usb: dwc2: Fix gadget DMA unmap direction
* usb: xhci: Increase timeout for HC halt
drivers/usb/host/xhci-ext-caps.h
ACPI: scan: Fix a memory leak in an error handling path
usb: fotg210-hcd: Fix an error message
iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
squashfs: fix divide error in calculate_skip()
powerpc/64s: Fix crashes when toggling entry flush barrier
ARC: entry: fix off-by-one error in syscall number validation
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
ksm: fix potential missing rmap_item for stable_node
mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
drm/radeon: Fix off-by-one power_state index heap overwrite
sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
NFSv4.2 fix handling of sr_eof in SEEK's reply
pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
NFS: Deal correctly with attribute generation counter overflow
NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
* PCI: Release OF node in pci_scan_device()'s error path
drivers/pci/probe.c
* f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
fs/f2fs/inline.c
ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
net: ethernet: mtk_eth_soc: fix RX VLAN offload
powerpc/iommu: Annotate nested lock for lockdep
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
powerpc/pseries: Stop calling printk in rtas_stop_self()
samples/bpf: Fix broken tracex1 due to kprobe argument change
ASoC: rt286: Generalize support for ALC3263 codec
sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
kconfig: nconf: stop endless search loops
selftests: Set CC to clang in lib.mk if LLVM is set
cuse: prevent clone
mac80211: clear the beacon's CRC after channel switch
* ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
net/ipv6/ip6_vti.c
* Bluetooth: initialize skb_queue_head at l2cap_chan_create()
net/bluetooth/l2cap_core.c
* Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
net/bluetooth/l2cap_core.c
ALSA: rme9652: don't disable if not enabled
ALSA: hdspm: don't disable if not enabled
ALSA: hdsp: don't disable if not enabled
net: stmmac: Set FIFO sizes for ipq806x
tipc: convert dest node's address to network order
fs: dlm: fix debugfs dump
* Revert "fdt: Properly handle "no-map" field in the memory region"
drivers/of/fdt.c
* Revert "of/fdt: Make sure no-map does not remove already reserved regions"
drivers/of/fdt.c
sctp: delay auto_asconf init until binding the first addr
Revert "net/sctp: fix race condition in sctp_destroy_sock"
kfifo: fix ternary sign extension bugs
net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
net: davinci_emac: Fix incorrect masking of tx and rx error channel
RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
vsock/vmci: log once the failed queue pair allocation
mwl8k: Fix a double Free in mwl8k_probe_hw
i2c: sh7760: fix IRQ error path
powerpc/pseries: extract host bridge from pci_bus prior to bus removal
MIPS: pci-legacy: stop using of_pci_range_to_resource
i2c: sh7760: add IRQ check
i2c: jz4780: add IRQ check
i2c: emev2: add IRQ check
i2c: cadence: add IRQ check
net: thunderx: Fix unintentional sign extension issue
mt7601u: fix always true expression
mac80211: bail out if cipher schemes are invalid
powerpc: iommu: fix build when neither PCI or IBMVIO is set
powerpc/perf: Fix PMU constraint check for EBB events
liquidio: Fix unintented sign extension of a left shift of a u16
* ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
sound/usb/card.c
sound/usb/quirks.c
sound/usb/usbaudio.h
nfc: pn533: prevent potential memory corruption
* ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
sound/core/init.c
powerpc/prom: Mark identical_pvr_fixup as __init
net: lapbether: Prevent racing when checking whether the netif is running
perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
* HID: plantronics: Workaround for double volume key presses
drivers/hid/hid-ids.h
drivers/hid/hid-plantronics.c
include/linux/hid.h
x86/events/amd/iommu: Fix sysfs type mismatch
HSI: core: fix resource leaks in hsi_add_client_from_dt()
scsi: sni_53c710: Add IRQ check
scsi: sun3x_esp: Add IRQ check
scsi: jazz_esp: Add IRQ check
clk: uniphier: Fix potential infinite loop
media: dvb-usb-remote: fix dvb_usb_nec_rc_key_to_event type mismatch
scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration
ata: libahci_platform: fix IRQ check
sata_mv: add IRQ checks
pata_ipx4xx_cf: fix IRQ check
pata_arasan_cf: fix IRQ check
media: m88rs6000t: avoid potential out-of-bounds reads on arrays
media: omap4iss: return error code when omap4iss_get() failed
media: vivid: fix assignment of dev->fbuf_out_flags
ttyprintk: Add TTY hangup callback.
Drivers: hv: vmbus: Increase wait time for VMbus unload
x86/platform/uv: Fix !KEXEC build failure
* firmware: qcom-scm: Fix QCOM_SCM configuration
drivers/firmware/Kconfig
* tty: fix return value for unsupported ioctls
drivers/tty/tty_io.c
include/linux/tty_driver.h
* tty: actually undefine superseded ASYNC flags
include/uapi/linux/tty_flags.h
USB: cdc-acm: fix unprivileged TIOCCSERIAL
usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
crypto: qat - Fix a double free in adf_create_ring
staging: greybus: uart: fix unprivileged TIOCCSERIAL
staging: rtl8192u: Fix potential infinite loop
mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
crypto: qat - fix error path in adf_isr_resource_alloc()
bus: qcom: Put child node before return
mtd: require write permissions for locking and badblock ioctls
fotg210-udc: Complete OUT requests on short packets
fotg210-udc: Don't DMA more than the buffer can take
fotg210-udc: Mask GRP2 interrupts we don't handle
fotg210-udc: Remove a dubious condition leading to fotg210_done
fotg210-udc: Fix EP0 IN requests bigger than two packets
fotg210-udc: Fix DMA on EP0 for length > max packet size
crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
crypto: qat - don't release uninitialized resources
usb: gadget: pch_udc: Check for DMA mapping error
usb: gadget: pch_udc: Check if driver is present before calling ->setup()
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
serial: stm32: fix incorrect characters on console
ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
usb: gadget: pch_udc: Revert
|
||
|
Greg Kroah-Hartman
|
e7f15a9ebb |
Merge 4.9.269 into android-4.9-q
Changes in 4.9.269 net: usb: ax88179_178a: initialize local variables before use iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet USB: Add reset-resume quirk for WD19's Realtek Hub platform/x86: thinkpad_acpi: Correct thermal sensor allocation s390/disassembler: increase ebpf disasm buffer size ACPI: custom_method: fix potential use-after-free issue ACPI: custom_method: fix a possible memory leak arm64: dts: mt8173: fix property typo of 'phys' in dsi node ecryptfs: fix kernel panic with null dev_name mmc: core: Do a power cycle when the CMD11 fails mmc: core: Set read only for SD cards with permanent write protect bit btrfs: fix metadata extent leak after failure to create subvolume fbdev: zero-fill colormap in fbcmap.c staging: wimax/i2400m: fix byte-order issue usb: gadget: uvc: add bInterval checking for HS mode usb: dwc3: gadget: Ignore EP queue requests during bus reset usb: xhci: Fix port minor revision PCI: PM: Do not read power state in pci_enable_device_flags() x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS) spi: dln2: Fix reference leak to master spi: omap-100k: Fix reference leak to master intel_th: Consistency and off-by-one fix phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s scsi: target: pscsi: Fix warning in pscsi_complete_cmd() media: ite-cir: check for receive overflow extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged media: media/saa7164: fix saa7164_encoder_register() memory leak bugs media: gspca/sq905.c: fix uninitialized variable power: supply: Use IRQF_ONESHOT scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() media: em28xx: fix memory leak clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() media: adv7604: fix possible use-after-free in adv76xx_remove() media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() media: i2c: adv7842: fix possible use-after-free in adv7842_remove() media: dvb-usb: fix memory leak in dvb_usb_adapter_init media: gscpa/stv06xx: fix memory leak drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal drm/amdgpu: fix NULL pointer dereference scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response scsi: libfc: Fix a format specifier ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer ALSA: sb: Fix two use after free in snd_sb_qsound_build arm64/vdso: Discard .note.gnu.property sections in vDSO openvswitch: fix stack OOB read while fragmenting IPv4 packets NFSv4: Don't discard segments marked for return in _pnfs_return_layout() jffs2: Fix kasan slab-out-of-bounds problem powerpc/eeh: Fix EEH handling for hugepages in ioremap space. powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h jffs2: check the validity of dstlen in jffs2_zlib_compress() Revert |
||
|
Steven Rostedt (VMware)
|
e1bf31b76c |
tracing: Map all PIDs to command lines
commit 785e3c0a3a870e72dc530856136ab4c8dd207128 upstream.
The default max PID is set by PID_MAX_DEFAULT, and the tracing
infrastructure uses this number to map PIDs to the comm names of the
tasks, such output of the trace can show names from the recorded PIDs in
the ring buffer. This mapping is also exported to user space via the
"saved_cmdlines" file in the tracefs directory.
But currently the mapping expects the PIDs to be less than
PID_MAX_DEFAULT, which is the default maximum and not the real maximum.
Recently, systemd will increases the maximum value of a PID on the system,
and when tasks are traced that have a PID higher than PID_MAX_DEFAULT, its
comm is not recorded. This leads to the entire trace to have "<...>" as
the comm name, which is pretty useless.
Instead, keep the array mapping the size of PID_MAX_DEFAULT, but instead
of just mapping the index to the comm, map a mask of the PID
(PID_MAX_DEFAULT - 1) to the comm, and find the full PID from the
map_cmdline_to_pid array (that already exists).
This bug goes back to the beginning of ftrace, but hasn't been an issue
until user space started increasing the maximum value of PIDs.
Link: https://lkml.kernel.org/r/20210427113207.3c601884@gandalf.local.home
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Amey Telawane
|
27b1e95a93 |
tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
commit e09e28671cda63e6308b31798b997639120e2a21 upstream. Strcpy is inherently not safe, and strlcpy() should be used instead. __trace_find_cmdline() uses strcpy() because the comms saved must have a terminating nul character, but it doesn't hurt to add the extra protection of using strlcpy() instead of strcpy(). Link: http://lkml.kernel.org/r/1493806274-13936-1-git-send-email-amit.pundir@linaro.org Signed-off-by: Amey Telawane <ameyt@codeaurora.org> [AmitP: Cherry-picked this commit from CodeAurora kernel/msm-3.10 https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477] Signed-off-by: Amit Pundir <amit.pundir@linaro.org> [ Updated change log and removed the "- 1" from len parameter ] Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Joel Fernandes
|
e17731c2fd |
tracing: Treat recording comm for idle task as a success
commit eaf260ac04d9b4cf9f458d5c97555bfff2da526e upstream. Currently we stop recording comm for non-idle tasks when switching from/to idle task since we treat that as a record failure. Fix that by treat recording of comm for idle task as a success. Link: http://lkml.kernel.org/r/20170706230023.17942-1-joelaf@google.com Cc: kernel-team@android.com Cc: Ingo Molnar <mingo@redhat.com> Reported-by: Michael Sartain <mikesart@gmail.com> Signed-off-by: Joel Fernandes <joelaf@google.com> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Lucas Wei
|
7c09313b44 |
Merge android-4.9-q (4.9.268) into android-msm-pixel-4.9-lts
Merge 4.9.268 into android-4.9-q
Linux 4.9.268
net: hso: fix NULL-deref on disconnect regression
x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access
ia64: tools: remove duplicate definition of ia64_mf() on ia64
ia64: fix discontig.c section mismatches
cavium/liquidio: Fix duplicate argument
xen-netback: Check for hotplug-status existence before watching
s390/entry: save the caller of psw_idle
ARM: dts: Fix swapped mmc order for omap3
HID: alps: fix error return code in alps_input_configured()
* ext4: correct error label in ext4_rename()
fs/ext4/namei.c
net: hso: fix null-ptr-deref during tty device unregistration
usbip: synchronize event handler with sysfs code paths
usbip: vudc synchronize sysfs code paths
usbip: stub-dev synchronize sysfs code paths
usbip: add sysfs_lock to synchronize sysfs code paths
usbip: Fix incorrect double assignment to udc->ud.tcp_rx
ARM: 9071/1: uprobes: Don't hook on thumb instructions
i40e: fix the panic when running bpf in xdpdrv mode
* net: sit: Unregister catch-all devices
net/ipv6/sit.c
net: davicom: Fix regulator not turned off on failed probe
scsi: libsas: Reset num_scatter if libata marks qc as NODATA
Input: i8042 - fix Pegatron C15B ID entry
pcnet32: Use pci_resource_len to validate PCI resource
net: ieee802154: forbid monitor for add llsec seclevel
net: ieee802154: stop dump llsec seclevels for monitors
net: ieee802154: forbid monitor for add llsec devkey
net: ieee802154: stop dump llsec devkeys for monitors
net: ieee802154: forbid monitor for add llsec dev
net: ieee802154: stop dump llsec devs for monitors
net: ieee802154: stop dump llsec keys for monitors
ASoC: fsl_esai: Fix TDM slot setup for I2S mode
ARM: keystone: fix integer overflow warning
* neighbour: Disregard DEAD dst in neigh_update
net/core/neighbour.c
arc: kernel: Return -EFAULT if copy_to_user() fails
ARM: dts: Fix moving mmc devices with aliases for omap4 & 5
* dmaengine: dw: Make it dependent to HAS_IOMEM
drivers/dma/dw/Kconfig
Input: nspire-keypad - enable interrupts only when opened
net/sctp: fix race condition in sctp_destroy_sock
Merge 4.9.267 into android-4.9-q
Linux 4.9.267
xen/events: fix setting irq affinity
perf map: Tighten snprintf() string precision to pass gcc check on some 32-bit arches
* netfilter: x_tables: fix compat match/target pad out-of-bound write
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c
net/netfilter/x_tables.c
gfs2: report "already frozen/thawed" errors
drm/imx: imx-ldb: fix out of bounds array access warning
Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath."
net: ieee802154: stop dump llsec params for monitors
net: ieee802154: forbid monitor for del llsec seclevel
net: ieee802154: forbid monitor for set llsec params
net: ieee802154: fix nl802154 del llsec devkey
net: ieee802154: fix nl802154 add llsec key
net: ieee802154: fix nl802154 del llsec dev
net: ieee802154: fix nl802154 del llsec key
net: ieee802154: nl-mac: fix check on panid
net: mac802154: Fix general protection fault
drivers: net: fix memory leak in peak_usb_create_dev
drivers: net: fix memory leak in atusb_probe
* net: tun: set tun->dev->addr_len during TUNSETLINK processing
drivers/net/tun.c
* cfg80211: remove WARN_ON() in cfg80211_sme_connect
net/wireless/sme.c
usbip: fix vudc usbip_sockfd_store races leading to gpf
* mm: add cond_resched() in gather_pte_stats()
fs/proc/task_mmu.c
clk: socfpga: fix iomem pointer cast on 64-bit
RDMA/cxgb4: check for ipv6 address properly while destroying listener
s390/cpcmd: fix inline assembly register clobbering
* workqueue: Move the position of debug_work_activate() in __queue_work()
kernel/workqueue.c
* clk: fix invalid usage of list cursor in unregister
drivers/clk/clk.c
soc/fsl: qbman: fix conflicting alignment attributes
net:tipc: Fix a double free in tipc_sk_mcast_rcv
gianfar: Handle error code at MAC address change
sch_red: fix off-by-one checks in red_check_params()
net: sched: sch_teql: fix null-pointer dereference
batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers
* parisc: parisc-agp requires SBA IOMMU driver
drivers/char/agp/Kconfig
* fs: direct-io: fix missing sdio->boundary
fs/direct-io.c
ocfs2: fix deadlock between setattr and dio_end_io_write
ia64: fix user_stack_pointer() for ptrace()
* net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh
net/ipv6/route.c
xen/evtchn: Change irq_info lock to raw_spinlock_t
nfc: Avoid endless loops caused by repeated llcp_sock_connect()
nfc: fix memory leak in llcp_sock_connect()
nfc: fix refcount leak in llcp_sock_connect()
nfc: fix refcount leak in llcp_sock_bind()
ASoC: intel: atom: Stop advertising non working S24LE support
ALSA: aloop: Fix initialization of controls
iio: hid-sensor-prox: Fix scale not correct issue
ARM: 8723/2: always assume the "unified" syntax for assembly code
Merge 4.9.266 into android-4.9-q
Linux 4.9.266
can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate
* init/Kconfig: make COMPILE_TEST depend on HAS_IOMEM
init/Kconfig
* init/Kconfig: make COMPILE_TEST depend on !S390
init/Kconfig
ALSA: hda/realtek - Fix pincfg for Dell XPS 13 9370
bpf, x86: Validate computation of branch displacements for x86-64
cifs: Silently ignore unknown oplock break handle
cifs: revalidate mapping when we open files for SMB1 POSIX
ia64: mca: allocate early mca with GFP_ATOMIC
scsi: target: pscsi: Clean up after failure in pscsi_map_sg()
x86/build: Turn off -fcf-protection for realmode targets
* drm/msm: Ratelimit invalid-fence message
drivers/gpu/drm/msm/msm_fence.c
mac80211: choose first enabled channel for monitor
mISDN: fix crash in fritzpci
net: pxa168_eth: Fix a potential data race in pxa168_eth_remove
Merge 4.9.265 into android-4.9-q
Linux 4.9.265
* audit: fix a net reference leak in audit_list_rules_send()
kernel/audit.c
kernel/audit.h
kernel/auditfilter.c
* audit: fix a net reference leak in audit_send_reply()
kernel/audit.c
staging: rtl8192e: Change state information from u16 to u8
staging: rtl8192e: Fix incorrect source in memcpy()
USB: cdc-acm: fix use-after-free after probe failure
USB: cdc-acm: downgrade message to debug
cdc-acm: fix BREAK rx code path adding necessary calls
usb: xhci-mtk: fix broken streams issue on 0.96 xHCI
* USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
drivers/usb/core/quirks.c
firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
* extcon: Fix error handling in extcon_dev_register
drivers/extcon/extcon.c
pinctrl: rockchip: fix restore error in resume
reiserfs: update reiserfs_xattrs_initialized() condition
* mm: fix race by making init_zero_pfn() early_initcall
mm/memory.c
* tracing: Fix stack trace event size
kernel/trace/trace.c
ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook
* ALSA: usb-audio: Apply sample rate quirk to Logitech Connect
sound/usb/quirks.c
* bpf: Remove MTU check in __bpf_skb_max_len
net/core/filter.c
net: wan/lmc: unregister device when no matching device is found
appletalk: Fix skb allocation size in loopback case
* ext4: do not iput inode under running transaction in ext4_rename()
fs/ext4/namei.c
ASoC: rt5659: Update MCLK rate in set_sysclk()
staging: comedi: cb_pcidas64: fix request_irq() warn
staging: comedi: cb_pcidas: fix request_irq() warn
scsi: qla2xxx: Fix broken #endif placement
scsi: st: Fix a use after free in st_open()
vhost: Fix vhost_vq_reset()
powerpc: Force inlining of cpu_has_feature() to avoid build failure
ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe
ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10
ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10
rpc: fix NULL dereference on kmalloc failure
* ext4: fix bh ref count on error paths
fs/ext4/inode.c
* ipv6: weaken the v4mapped source check
net/ipv6/ip6_input.c
net/ipv6/tcp_ipv6.c
selinux: vsock: Set SID for socket returned by accept()
Bug: 187007303
Change-Id: I45a9b1e03f1bf070aa6be7c06a7a0cb906380f57
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
b0a9b5d0d2 |
Merge 4.9.265 into android-4.9-q
Changes in 4.9.265 selinux: vsock: Set SID for socket returned by accept() ipv6: weaken the v4mapped source check ext4: fix bh ref count on error paths rpc: fix NULL dereference on kmalloc failure ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe powerpc: Force inlining of cpu_has_feature() to avoid build failure vhost: Fix vhost_vq_reset() scsi: st: Fix a use after free in st_open() scsi: qla2xxx: Fix broken #endif placement staging: comedi: cb_pcidas: fix request_irq() warn staging: comedi: cb_pcidas64: fix request_irq() warn ASoC: rt5659: Update MCLK rate in set_sysclk() ext4: do not iput inode under running transaction in ext4_rename() appletalk: Fix skb allocation size in loopback case net: wan/lmc: unregister device when no matching device is found bpf: Remove MTU check in __bpf_skb_max_len ALSA: usb-audio: Apply sample rate quirk to Logitech Connect ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook tracing: Fix stack trace event size mm: fix race by making init_zero_pfn() early_initcall reiserfs: update reiserfs_xattrs_initialized() condition pinctrl: rockchip: fix restore error in resume extcon: Fix error handling in extcon_dev_register firewire: nosy: Fix a use-after-free bug in nosy_ioctl() USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem usb: xhci-mtk: fix broken streams issue on 0.96 xHCI cdc-acm: fix BREAK rx code path adding necessary calls USB: cdc-acm: downgrade message to debug USB: cdc-acm: fix use-after-free after probe failure staging: rtl8192e: Fix incorrect source in memcpy() staging: rtl8192e: Change state information from u16 to u8 audit: fix a net reference leak in audit_send_reply() audit: fix a net reference leak in audit_list_rules_send() Linux 4.9.265 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ieab202268ceb4b33ecc0b2058925857e8734f01f |
||
|
Steven Rostedt (VMware)
|
5a04620a72 |
tracing: Fix stack trace event size
commit 9deb193af69d3fd6dd8e47f292b67c805a787010 upstream.
Commit cbc3b92ce037 fixed an issue to modify the macros of the stack trace
event so that user space could parse it properly. Originally the stack
trace format to user space showed that the called stack was a dynamic
array. But it is not actually a dynamic array, in the way that other
dynamic event arrays worked, and this broke user space parsing for it. The
update was to make the array look to have 8 entries in it. Helper
functions were added to make it parse it correctly, as the stack was
dynamic, but was determined by the size of the event stored.
Although this fixed user space on how it read the event, it changed the
internal structure used for the stack trace event. It changed the array
size from [0] to [8] (added 8 entries). This increased the size of the
stack trace event by 8 words. The size reserved on the ring buffer was the
size of the stack trace event plus the number of stack entries found in
the stack trace. That commit caused the amount to be 8 more than what was
needed because it did not expect the caller field to have any size. This
produced 8 entries of garbage (and reading random data) from the stack
trace event:
<idle>-0 [002] d... 1976396.837549: <stack trace>
=> trace_event_raw_event_sched_switch
=> __traceiter_sched_switch
=> __schedule
=> schedule_idle
=> do_idle
=> cpu_startup_entry
=> secondary_startup_64_no_verify
=> 0xc8c5e150ffff93de
=> 0xffff93de
=> 0
=> 0
=> 0xc8c5e17800000000
=> 0x1f30affff93de
=> 0x00000004
=> 0x200000000
Instead, subtract the size of the caller field from the size of the event
to make sure that only the amount needed to store the stack trace is
reserved.
Link: https://lore.kernel.org/lkml/your-ad-here.call-01617191565-ext-9692@work.hours/
Cc: stable@vger.kernel.org
Fixes: cbc3b92ce037 ("tracing: Set kernel_stack's caller size properly")
Reported-by: Vasily Gorbik <gor@linux.ibm.com>
Tested-by: Vasily Gorbik <gor@linux.ibm.com>
Acked-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Lucas Wei
|
28ab10340e |
Merge android-4.9-q (4.9.258) into android-msm-pixel-4.9-lts
Merge 4.9.258 into android-4.9-q
Linux 4.9.258
kvm: check tlbs_dirty directly
scsi: qla2xxx: Fix crash during driver load on big endian machines
xen-blkback: fix error handling in xen_blkbk_map()
xen-scsiback: don't "handle" error by BUG()
xen-netback: don't "handle" error by BUG()
xen-blkback: don't "handle" error by BUG()
xen/arm: don't ignore return errors from set_phys_to_machine
Xen/gntdev: correct error checking in gntdev_map_grant_pages()
Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()
Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()
Xen/x86: don't bail early from clear_foreign_p2m_mapping()
* tracing: Avoid calling cc-option -mrecord-mcount for every Makefile
Makefile
scripts/Makefile.build
* tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-mcount
scripts/Makefile.build
* trace: Use -mcount-record for dynamic ftrace
scripts/Makefile.build
x86/build: Disable CET instrumentation in the kernel for 32-bit too
vsock: fix locking in vsock_shutdown()
vsock/virtio: update credit only if socket is not closed
* net: watchdog: hold device global xmit lock during tx disable
include/linux/netdevice.h
net/vmw_vsock: improve locking in vsock_connect_timeout()
usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one
usb: dwc3: ulpi: fix checkpatch warning
h8300: fix PREEMPTION build, TI_PRE_COUNT undefined
* netfilter: conntrack: skip identical origin tuple in same zone only
net/netfilter/nf_conntrack_core.c
xen/netback: avoid race in xenvif_rx_ring_slots_available()
netfilter: xt_recent: Fix attempt to update deleted entry
* bpf: Check for integer overflow when using roundup_pow_of_two()
kernel/bpf/stackmap.c
* memblock: do not start bottom-up allocations with kernel_end
mm/memblock.c
ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL
* ovl: skip getxattr of security labels
fs/overlayfs/copy_up.c
* tracing: Check length before giving out the filter buffer
kernel/trace/trace.c
* tracing: Do not count ftrace events in top level enable output
kernel/trace/trace_events.c
squashfs: add more sanity checks in xattr id lookup
squashfs: add more sanity checks in inode lookup
squashfs: add more sanity checks in id lookup
* futex: Cure exit race
kernel/futex.c
* futex: Change locking rules
kernel/futex.c
* futex: Ensure the correct return value from futex_lock_pi()
kernel/futex.c
* memcg: fix a crash in wb_workfn when a device disappears
fs/fs-writeback.c
include/linux/backing-dev.h
include/trace/events/writeback.h
mm/backing-dev.c
* include/trace/events/writeback.h: fix -Wstringop-truncation warnings
include/trace/events/writeback.h
* lib/string: Add strscpy_pad() function
include/linux/string.h
lib/string.c
SUNRPC: Handle 0 length opaque XDR object data properly
* SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
include/linux/sunrpc/xdr.h
iwlwifi: mvm: guard against device removal in reprobe
iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time()
* af_key: relax availability checks for skb size calculation
net/key/af_key.c
remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load
* fgraph: Initialize tracing_graph_pause at task creation
include/linux/ftrace.h
* mm: memcontrol: fix NULL pointer crash in test_clear_page_writeback()
include/linux/memcontrol.h
mm/page-writeback.c
Merge 4.9.257 into android-4.9-q
Linux 4.9.257
ALSA: hda/realtek - Fix typo of pincfg for Dell quirk
iommu/vt-d: Do not use flush-queue when caching-mode is on
ACPI: thermal: Do not call acpi_thermal_check() directly
* Input: xpad - sync supported devices with fork on GitHub
drivers/input/joystick/xpad.c
x86/apic: Add extra serialization for non-serializing MSRs
* x86/build: Disable CET instrumentation in the kernel
Makefile
mm: thp: fix MADV_REMOVE deadlock on shmem THP
mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
mm: hugetlb: fix a race between isolating and freeing page
* mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
include/linux/hugetlb.h
ARM: footbridge: fix dc21285 PCI configuration accessors
* mmc: core: Limit retries when analyse of SDIO tuples fails
drivers/mmc/core/sdio_cis.c
cifs: report error instead of invalid when revalidating a dentry fails
* xhci: fix bounce buffer usage for non-sg list case
drivers/usb/host/xhci-ring.c
kretprobe: Avoid re-registration of the same kretprobe earlier
mac80211: fix station rate table updates on assoc
usb: dwc2: Fix endpoint direction check in ep_from_windex
USB: usblp: don't call usb_set_interface if there's a single alt
USB: gadget: legacy: fix an error code in eth_bind()
* elfcore: fix building with clang
include/linux/elfcore.h
kernel/Makefile
net: lapb: Copy the skb before sending a packet
Input: i8042 - unbreak Pegatron C15B
USB: serial: option: Adding support for Cinterion MV31
USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000
USB: serial: cp210x: add pid/vid for WSDA-200-USB
* stable: clamp SUBLEVEL in 4.4 and 4.9
Makefile
objtool: Don't fail on missing symbol table
scsi: ibmvfc: Set default timeout to avoid crash during migration
mac80211: fix fast-rx encryption check
scsi: libfc: Avoid invoking response handler twice if ep is already completed
* futex: Handle faults correctly for PI futexes
kernel/futex.c
* futex: Simplify fixup_pi_state_owner()
kernel/futex.c
* futex: Use pi_state_update_owner() in put_pi_state()
kernel/futex.c
* rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
* futex: Provide and use pi_state_update_owner()
kernel/futex.c
* futex: Replace pointless printk in fixup_owner()
kernel/futex.c
* futex: Avoid violating the 10th rule of futex
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
* futex: Rework inconsistent rt_mutex/futex_q state
kernel/futex.c
* futex: Remove rt_mutex_deadlock_account_*()
kernel/locking/rtmutex.c
kernel/locking/rtmutex.h
* futex,rt_mutex: Provide futex specific rt_mutex API
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
* net_sched: reject silly cell_log in qdisc_get_rtab()
net/sched/sch_api.c
ibmvnic: Ensure that CRQ entry read are correctly ordered
net: dsa: bcm_sf2: put device node before return
Merge 4.9.256 into android-4.9-q
Linux 4.9.256
Merge 4.9.255 into android-4.9-q
Linux 4.9.255
NFC: fix possible resource leak
NFC: fix resource leak when target index is invalid
iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
iommu/vt-d: Gracefully handle DMAR units with no supported address widths
can: dev: prevent potential information leak in can_fill_info()
mac80211: pause TX while changing interface type
iwlwifi: pcie: reschedule in long-running memory reads
iwlwifi: pcie: use jiffies for memory read spin time limit
RDMA/cxgb4: Fix the reported max_recv_sge value
* xfrm: Fix oops in xfrm_replay_advance_bmp
net/xfrm/xfrm_input.c
netfilter: nft_dynset: add timeout extension to template
ARM: imx: build suspend-imx6.S with arm instruction set
mt7601u: fix rx buffer refcounting
mt7601u: fix kernel crash unplugging the device
* leds: trigger: fix potential deadlock with libata
drivers/leds/led-triggers.c
KVM: x86: get smi pending status correctly
KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[]
* futex: Prevent exit livelock
kernel/futex.c
* futex: Provide distinct return value when owner is exiting
kernel/futex.c
* futex: Add mutex around futex exit
include/linux/futex.h
include/linux/sched.h
kernel/futex.c
* futex: Provide state handling for exec() as well
kernel/futex.c
* futex: Sanitize exit state handling
kernel/futex.c
* futex: Mark the begin of futex exit explicitly
include/linux/futex.h
kernel/exit.c
kernel/futex.c
* futex: Set task::futex_state to DEAD right after handling futex exit
kernel/exit.c
kernel/futex.c
* futex: Split futex_mm_release() for exit/exec
include/linux/futex.h
kernel/fork.c
kernel/futex.c
* exit/exec: Seperate mm_release()
fs/exec.c
include/linux/sched.h
kernel/exit.c
kernel/fork.c
* futex: Replace PF_EXITPIDONE with a state
include/linux/futex.h
include/linux/sched.h
kernel/exit.c
kernel/futex.c
* futex: Move futex exit handling into futex code
include/linux/compat.h
include/linux/futex.h
kernel/fork.c
kernel/futex.c
* y2038: futex: Move compat implementation into futex.c
include/linux/futex.h
kernel/Makefile
kernel/futex.c
net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
* wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
net/wireless/wext-core.c
ACPI: sysfs: Prefer "compatible" modalias
Bug: 181732917
Change-Id: Ice169f5980390199db8f86d42e944cdf5f37c562
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
b16bd72cbd |
Merge 4.9.258 into android-4.9-q
Changes in 4.9.258 mm: memcontrol: fix NULL pointer crash in test_clear_page_writeback() fgraph: Initialize tracing_graph_pause at task creation remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load af_key: relax availability checks for skb size calculation iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap iwlwifi: mvm: guard against device removal in reprobe SUNRPC: Move simple_get_bytes and simple_get_netobj into private header SUNRPC: Handle 0 length opaque XDR object data properly lib/string: Add strscpy_pad() function include/trace/events/writeback.h: fix -Wstringop-truncation warnings memcg: fix a crash in wb_workfn when a device disappears futex: Ensure the correct return value from futex_lock_pi() futex: Change locking rules futex: Cure exit race squashfs: add more sanity checks in id lookup squashfs: add more sanity checks in inode lookup squashfs: add more sanity checks in xattr id lookup tracing: Do not count ftrace events in top level enable output tracing: Check length before giving out the filter buffer ovl: skip getxattr of security labels ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL memblock: do not start bottom-up allocations with kernel_end bpf: Check for integer overflow when using roundup_pow_of_two() netfilter: xt_recent: Fix attempt to update deleted entry xen/netback: avoid race in xenvif_rx_ring_slots_available() netfilter: conntrack: skip identical origin tuple in same zone only h8300: fix PREEMPTION build, TI_PRE_COUNT undefined usb: dwc3: ulpi: fix checkpatch warning usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one net/vmw_vsock: improve locking in vsock_connect_timeout() net: watchdog: hold device global xmit lock during tx disable vsock/virtio: update credit only if socket is not closed vsock: fix locking in vsock_shutdown() x86/build: Disable CET instrumentation in the kernel for 32-bit too trace: Use -mcount-record for dynamic ftrace tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-mcount tracing: Avoid calling cc-option -mrecord-mcount for every Makefile Xen/x86: don't bail early from clear_foreign_p2m_mapping() Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() Xen/gntdev: correct error checking in gntdev_map_grant_pages() xen/arm: don't ignore return errors from set_phys_to_machine xen-blkback: don't "handle" error by BUG() xen-netback: don't "handle" error by BUG() xen-scsiback: don't "handle" error by BUG() xen-blkback: fix error handling in xen_blkbk_map() scsi: qla2xxx: Fix crash during driver load on big endian machines kvm: check tlbs_dirty directly Linux 4.9.258 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5302387bd8a7d3610002bf86bc9612261f687217 |
||
|
Steven Rostedt (VMware)
|
2e584b1a02 |
tracing: Check length before giving out the filter buffer
commit b220c049d5196dd94d992dd2dc8cba1a5e6123bf upstream.
When filters are used by trace events, a page is allocated on each CPU and
used to copy the trace event fields to this page before writing to the ring
buffer. The reason to use the filter and not write directly into the ring
buffer is because a filter may discard the event and there's more overhead
on discarding from the ring buffer than the extra copy.
The problem here is that there is no check against the size being allocated
when using this page. If an event asks for more than a page size while being
filtered, it will get only a page, leading to the caller writing more that
what was allocated.
Check the length of the request, and if it is more than PAGE_SIZE minus the
header default back to allocating from the ring buffer directly. The ring
buffer may reject the event if its too big anyway, but it wont overflow.
Link: https://lore.kernel.org/ath10k/1612839593-2308-1-git-send-email-wgong@codeaurora.org/
Cc: stable@vger.kernel.org
Fixes:
|
||
|
lucaswei
|
f09d91fe02 |
Merge android-4.9-q (4.9.248) into android-msm-pixel-4.9-lts
Merge 4.9.248 into android-4.9-q
Linux 4.9.248
x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes
Input: i8042 - fix error return code in i8042_setup_aux()
i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
gfs2: check for empty rgrp tree in gfs2_ri_update
* tracing: Fix userstacktrace option for instances
kernel/trace/trace.c
kernel/trace/trace.h
spi: bcm2835: Release the DMA channel if probe fails after dma_init
spi: bcm2835: Fix use-after-free on unbind
spi: bcm-qspi: Fix use-after-free on unbind
* spi: Introduce device-managed SPI controller allocation
drivers/spi/spi.c
include/linux/spi/spi.h
iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
i2c: imx: Check for I2SR_IAL after every byte
i2c: imx: Fix reset of I2SR_IAL flag
cifs: fix potential use-after-free in cifs_echo_request()
ftrace: Fix updating FTRACE_FL_TRAMP
* tty: Fix ->session locking
drivers/tty/tty_io.c
include/linux/tty.h
ALSA: hda/generic: Add option to enforce preferred_dacs pairs
ALSA: hda/realtek - Add new codec supported for ALC897
* tty: Fix ->pgrp locking in tiocspgrp()
drivers/tty/tty_io.c
USB: serial: option: add support for Thales Cinterion EXS82
USB: serial: option: add Fibocom NL668 variants
USB: serial: ch341: sort device-id entries
USB: serial: ch341: add new Product ID for CH341A
USB: serial: kl5kusb105: fix memleak on open
* usb: gadget: f_fs: Use local copy of descriptors for userspace copy
drivers/usb/gadget/function/f_fs.c
* vlan: consolidate VLAN parsing code and limit max parsing depth
include/linux/if_vlan.h
include/net/inet_ecn.h
pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH)
pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output
btrfs: sysfs: init devices outside of the chunk_mutex
RDMA/i40iw: Address an mmap handler exploit in i40iw
* spi: Fix controller unregister order harder
drivers/spi/spi.c
Input: i8042 - add ByteSpeed touchpad to noloop table
* Input: xpad - support Ardwiino Controllers
drivers/input/joystick/xpad.c
dt-bindings: net: correct interrupt flags in examples
net/mlx5: Fix wrong address reclaim when command interface is down
net: pasemi: fix error return code in pasemi_mac_open()
cxgb3: fix error return code in t3_sge_alloc_qset()
net/x25: prevent a couple of overflows
ibmvnic: Fix TX completion error handling
ibmvnic: Ensure that SCRQ entry reads are correctly ordered
netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal
* bonding: wait for sysfs kobject destruction before freeing struct slave
drivers/net/bonding/bond_main.c
drivers/net/bonding/bond_sysfs_slave.c
include/net/bonding.h
usbnet: ipheth: fix connectivity with iOS 14
rose: Fix Null pointer dereference in rose_send_frame()
net/af_iucv: set correct sk_protocol for child sockets
ANDROID: cuttlefish_defconfig: Disable CONFIG_KSM
Merge 4.9.247 into android-4.9-q
Linux 4.9.247
* USB: core: Fix regression in Hercules audio card
drivers/usb/core/quirks.c
* USB: core: add endpoint-blacklist quirk
drivers/usb/core/config.c
drivers/usb/core/quirks.c
drivers/usb/core/usb.h
include/linux/usb/quirks.h
* regulator: workaround self-referent regulators
drivers/regulator/core.c
* regulator: avoid resolve_supply() infinite recursion
drivers/regulator/core.c
x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
usb: gadget: Fix memleak in gadgetfs_fill_super
* usb: gadget: f_midi: Fix memleak in f_midi_alloc
drivers/usb/gadget/function/f_midi.c
* USB: core: Change %pK for __user pointers to %px
drivers/usb/core/devio.c
perf probe: Fix to die_entrypc() returns error correctly
platform/x86: toshiba_acpi: Fix the wrong variable assignment
can: gs_usb: fix endianess problem with candleLight firmware
efivarfs: revert "fix memory leak in efivarfs_create()"
ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq
net: ena: set initial DMA width to avoid intel iommu issue
nfc: s3fwrn5: use signed integer for parsing GPIO numbers
IB/mthca: fix return value of error branch in mthca_init_cq()
bnxt_en: Release PCI regions when DMA mask setup fails during probe.
video: hyperv_fb: Fix the cache type when mapping the VRAM
bnxt_en: fix error return code in bnxt_init_board()
* scsi: ufs: Fix race between shutdown and runtime resume flow
drivers/scsi/ufs/ufshcd.c
batman-adv: set .owner to THIS_MODULE
phy: tegra: xusb: Fix dangling pointer on probe failure
perf/x86: fix sysfs type mismatches
scsi: target: iscsi: Fix cmd abort fabric stop race
scsi: libiscsi: Fix NOP race condition
dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
* proc: don't allow async path resolution of /proc/self components
fs/proc/self.c
x86/xen: don't unbind uninitialized lock_kicker_irq
dmaengine: xilinx_dma: use readl_poll_timeout_atomic variant
HID: hid-sensor-hub: Fix issue with devices with no report ID
Input: i8042 - allow insmod to succeed on devices without an i8042 controller
* HID: cypress: Support Varmilo Keyboards' media hotkeys
drivers/hid/hid-ids.h
ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close
ALSA: hda/hdmi: Use single mutex unlock in error paths
* arm64: pgtable: Fix pte_accessible()
arch/arm64/include/asm/pgtable.h
btrfs: inode: Verify inode mode to avoid NULL pointer dereference
btrfs: tree-checker: Enhance chunk checker to validate chunk profile
* PCI: Add device even if driver attach failed
drivers/pci/bus.c
btrfs: fix lockdep splat when reading qgroup config on mount
mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault()
perf event: Check ref_reloc_sym before using it
* BACKPORT: arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
arch/arm64/include/asm/efi.h
arch/arm64/include/asm/mmu_context.h
Merge 4.9.246 into android-4.9-q
Linux 4.9.246
x86/microcode/intel: Check patch signature before saving microcode for early loading
s390/cpum_sf.c: fix file permission for cpum_sfb_size
mac80211: free sta in sta_info_insert_finish() on errors
mac80211: minstrel: fix tx status processing corner case
mac80211: minstrel: remove deferred sampling code
xtensa: disable preemption around cache alias management calls
* regulator: fix memory leak with repeated set_machine_constraints()
drivers/regulator/core.c
iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
* ext4: fix bogus warning in ext4_update_dx_flag()
fs/ext4/ext4.h
efivarfs: fix memory leak in efivarfs_create()
tty: serial: imx: keep console clocks always on
ALSA: mixart: Fix mutex deadlock
* ALSA: ctl: fix error path at adding user-defined element set
sound/core/control.c
powerpc/uaccess-flush: fix missing includes in kup-radix.h
* libfs: fix error cast of negative value in simple_attr_write()
fs/libfs.c
xfs: revert "xfs: fix rmap key and record comparison functions"
regulator: ti-abb: Fix array out of bound read access on the first transition
MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu
can: m_can: m_can_handle_state_change(): fix state change
can: peak_usb: fix potential integer overflow on shift of a int
can: dev: can_restart(): post buffer from the right context
perf lock: Don't free "lock_seq_stat" if read_count isn't zero
ARM: dts: imx50-evk: Fix the chip select 1 IOMUX
arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
MIPS: export has_transparent_hugepage() for modules
Input: adxl34x - clean up a data type in adxl34x_probe()
* vfs: remove lockdep bogosity in __sb_start_write
fs/super.c
* arm64: psci: Avoid printing in cpu_psci_cpu_die()
arch/arm64/kernel/psci.c
pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
mlxsw: core: Use variable timeout for EMAD retries
net: ftgmac100: Fix crash when removing driver
tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate
net: usb: qmi_wwan: Set DTR quirk for MR400
sctp: change to hold/put transport for proto_unreach_timer
qlcnic: fix error return code in qlcnic_83xx_restart_hw()
net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
net/mlx4_core: Fix init_hca fields offset
* netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
* netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
net: Have netpoll bring-up DSA management interface
* net: bridge: add missing counters to ndo_get_stats64 callback
net/bridge/br_device.c
net: b44: fix error return code in b44_init_one()
* inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
net/ipv4/inet_diag.c
devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill()
bnxt_en: read EEPROM A2h address using page 0
atm: nicstar: Unmap DMA on send error
* ah6: fix error return code in ah6_input()
net/ipv6/ah6.c
Merge 4.9.245 into android-4.9-q
Linux 4.9.245
ACPI: GED: fix -Wformat
KVM: x86: clflushopt should be treated as a no-op by emulation
mac80211: always wind down STA state
Input: sunkbd - avoid use-after-free in teardown paths
powerpc/8xx: Always fault when _PAGE_ACCESSED is not set
i2c: mux: pca954x: Add missing pca9546 definition to chip_desc
i2c: imx: Fix external abort on interrupt in exit paths
i2c: imx: use clk notifier for rate changes
powerpc/64s: flush L1D after user accesses
powerpc/uaccess: Evaluate macro arguments once, before user access is allowed
powerpc: Fix __clear_user() with KUAP enabled
powerpc: Implement user_access_begin and friends
powerpc: Add a framework for user access tracking
powerpc/64s: flush L1D on kernel entry
powerpc/64s: move some exception handlers out of line
powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL
Linux 4.9.244
Convert trailing spaces and periods in path components
* ext4: fix leaking sysfs kobject after failed mount
fs/ext4/super.c
* reboot: fix overflow parsing reboot cpu number
kernel/reboot.c
* Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
kernel/reboot.c
* perf/core: Fix race in the perf_mmap_close() function
kernel/events/core.c
xen/events: block rogue events for some time
xen/events: defer eoi in case of excessive number of events
xen/events: use a common cpu hotplug hook for event channels
xen/events: switch user event channels to lateeoi model
xen/pciback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/blkback: use lateeoi irq binding
xen/events: add a new "late EOI" evtchn framework
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: avoid removing an event channel while handling it
* perf/core: Fix a memory leak in perf_event_parse_addr_filter()
kernel/events/core.c
* perf/core: Fix crash when using HW tracing kernel filters
kernel/events/core.c
* perf/core: Fix bad use of igrab()
include/linux/perf_event.h
kernel/events/core.c
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
* random32: make prandom_u32() output unpredictable
drivers/char/random.c
include/linux/prandom.h
kernel/time/timer.c
lib/random32.c
net: Update window_clamp if SOCK_RCVBUF is set
net/x25: Fix null-ptr-deref in x25_connect
net/af_iucv: fix null pointer dereference on shutdown
* IPv6: Set SIT tunnel hard_header_len to zero
net/ipv6/sit.c
* swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
lib/swiotlb.c
pinctrl: amd: fix incorrect way to disable debounce filter
pinctrl: amd: use higher precision for 512 RtcClk
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
* don't dump the threads that had been already exiting when zapped.
kernel/exit.c
ocfs2: initialize ip_next_orphan
mei: protect mei_cl_mtu from null dereference
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
* ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
fs/ext4/inline.c
* ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
fs/ext4/super.c
* perf: Fix get_recursion_context()
kernel/events/internal.h
cosa: Add missing kfree in error path of cosa_write
* of/address: Fix of_node memory leak in of_dma_is_coherent
drivers/of/address.c
xfs: fix a missing unlock on error in xfs_fs_map_blocks
xfs: fix rmap key and record comparison functions
xfs: fix flags argument to rmap lookup when converting shared file rmaps
pinctrl: aspeed: Fix GPI only function problem.
iommu/amd: Increase interrupt remapping table limit to 512 entries
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
* cfg80211: regulatory: Fix inconsistent format argument
net/wireless/reg.c
mac80211: fix use of skb payload instead of header
drm/amdgpu: perform srbm soft reset always on SDMA resume
scsi: hpsa: Fix memory leak in hpsa_init_one()
gfs2: check for live vs. read-only file system in gfs2_fitrim
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
usb: gadget: goku_udc: fix potential crashes in probe
ath9k_htc: Use appropriate rs_datalen type
geneve: add transport ports in route lookup for geneve
i40e: Memory leak in i40e_config_iwarp_qvlist
i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
i40e: Wrong truncation from u16 to u8
i40e: add num_vectors checker in iwarp handler
i40e: Fix a potential NULL pointer dereference
* pinctrl: devicetree: Avoid taking direct reference to device name string
drivers/pinctrl/devicetree.c
Btrfs: fix missing error return if writeback for extent buffer never started
xfs: flush new eof page on truncate to avoid post-eof corruption
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_usb: add range checking in decode operations
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
perf tools: Add missing swap for ino_generation
* net: xfrm: fix a race condition during allocing spi
net/xfrm/xfrm_state.c
* genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
kernel/irq/Kconfig
btrfs: reschedule when cloning lots of extents
* time: Prevent undefined behaviour in timespec64_to_ns()
include/linux/time64.h
mm: mempolicy: fix potential pte_unmap_unlock pte error
gfs2: Wake up when sd_glock_disposal becomes zero
* ring-buffer: Fix recursion protection transitions between interrupt context
kernel/trace/ring_buffer.c
* regulator: defer probe when trying to get voltage from unresolved supply
drivers/regulator/core.c
UPSTREAM: thermal/drivers/hisi: Remove bogus const from function return type
* UPSTREAM: net/ipv6: don't reinitialize ndev->cnf.addr_gen_mode on new inet6_dev
net/ipv6/addrconf.c
UPSTREAM: tee: shm: fix use-after-free via temporarily dropped reference
UPSTREAM: Documentation: ip-sysctl.txt: document addr_gen_mode
UPSTREAM: net: crypto set sk to NULL when af_alg_release.
* UPSTREAM: ipv6: don't auto-add link-local address to lag ports
net/ipv6/addrconf.c
* UPSTREAM: ipv6: ndisc: RFC-ietf-6man-ra-pref64-09 is now published as RFC8781
include/net/ndisc.h
* UPSTREAM: binder: fix incorrect cmd to binder_stat_br
drivers/android/binder.c
* UPSTREAM: arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
arch/arm64/include/asm/mmu_context.h
UPSTREAM: staging: android: vsoc: fix copy_from_user overrun
Merge 4.9.243 into android-4.9-q
Linux 4.9.243
powercap: restrict energy meter to root access
Merge 4.9.242 into android-4.9-q
Linux 4.9.242
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
ARC: stack unwinding: avoid indefinite looping
* USB: Add NO_LPM quirk for Kingston flash drive
drivers/usb/core/quirks.c
USB: serial: option: add Telit FN980 composition 0x1055
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: cyberjack: fix write-URB completion race
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
serial: 8250_mtk: Fix uart_get_baud_rate warning
* fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
kernel/fork.c
* vt: Disable KD_FONT_OP_COPY
drivers/tty/vt/vt.c
ACPI: NFIT: Fix comparison to '-ENXIO'
vsock: use ns_capable_noaudit() on socket create
* scsi: core: Don't start concurrent async scan on same host
drivers/scsi/scsi_scan.c
* of: Fix reserved-memory overlap detection
drivers/of/of_reserved_mem.c
x86/kexec: Use up-to-dated screen_info copy to fill boot params
ARM: dts: sun4i-a10: fix cpu_alert temperature
* tracing: Fix out of bounds write in get_trace_buf
kernel/trace/trace.c
* ftrace: Handle tracing when switching between context
kernel/trace/trace.h
* ftrace: Fix recursion check for NMI test
kernel/trace/trace.h
* kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
kernel/kthread.c
* ALSA: usb-audio: Add implicit feedback quirk for Qu-16
sound/usb/pcm.c
Fonts: Replace discarded const qualifier
gianfar: Account for Tx PTP timestamp in the skb headroom
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
tipc: fix use-after-free in tipc_bcast_get_mode
xen/events: don't use chip_data for legacy IRQs
staging: octeon: Drop on uncorrectable alignment or FCS error
staging: octeon: repair "fixed-link" support
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
* KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
arch/arm64/include/asm/kvm_host.h
* device property: Don't clear secondary pointer for shared primary firmware node
drivers/base/core.c
* device property: Keep secondary firmware node secondary by type
drivers/base/core.c
ARM: s3c24xx: fix missing system reset
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
hil/parisc: Disable HIL driver when it gets stuck
cachefiles: Handle readpage error correctly
* arm64: berlin: Select DW_APB_TIMER_OF
arch/arm64/Kconfig.platforms
* tty: make FONTX ioctl use the tty pointer they were actually passed
drivers/tty/vt/vt_ioctl.c
rtc: rx8010: don't modify the global rtc ops
vringh: fix __vringh_iov() when riov and wiov are different
* ring-buffer: Return 0 on success from ring_buffer_resize()
kernel/trace/ring_buffer.c
9P: Cast to loff_t before multiplying
libceph: clear con->out_msg on Policy::stateful_server faults
ceph: promote to unsigned long long before shifting
ia64: fix build error with !COREDUMP
ubi: check kthread_should_stop() after the setting of task state
ubifs: dent: Fix some potential memory leaks while iterating entries
powerpc/powernv/elog: Fix race while processing OPAL error log event.
powerpc: Warn about use of smt_snooze_delay
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:light:si1145: Fix timestamp alignment and prevent data leak.
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
* vt: keyboard, extend func_buf_lock to readers
drivers/tty/vt/keyboard.c
* vt: keyboard, simplify vt_kdgkbsent
drivers/tty/vt/keyboard.c
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
* usb: dwc3: core: don't trigger runtime pm when remove driver
drivers/usb/dwc3/core.c
* usb: dwc3: core: add phy cleanup for probe error handling
drivers/usb/dwc3/core.c
btrfs: fix use-after-free on readahead extent after failure to create it
btrfs: cleanup cow block on error
btrfs: reschedule if necessary when logging directory items
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
w1: mxc_w1: Fix timeout resolution problem leading to bus error
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
ACPI: debug: don't allow debugging when ACPI is disabled
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI / extlog: Check for RDMSR failure
NFS: fix nfs_path in case of a rename retry
* fs: Don't invalidate page buffers in block_write_full_page()
fs/buffer.c
leds: bcm6328, bcm6358: use devres LED registering function
perf/x86/amd/ibs: Fix raw sample data accumulation
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
md/raid5: fix oops during stripe resizing
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
memory: emif: Remove bogus debugfs error handling
gfs2: add validation checks for size of superblock
* ext4: Detect already used quota file early
fs/ext4/super.c
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
clk: ti: clockdomain: fix static checker warning
md/bitmap: md_bitmap_get_counter returns wrong blocks
power: supply: test_power: add missing newlines when printing parameters by sysfs
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
* arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
arch/arm64/include/asm/numa.h
USB: adutux: fix debugging
cpufreq: sti-cpufreq: add stih418 support
* kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
kernel/debug/debug_core.c
* printk: reduce LOG_BUF_SHIFT range for H8300
init/Kconfig
mmc: via-sdmmc: Fix data race bug
media: tw5864: check status of tw5864_frameinterval_get
ath10k: fix VHT NSS calculation when STBC is enabled
video: fbdev: pvr2fb: initialize variables
xfs: fix realtime bitmap/summary file truncation when growing rt volume
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
um: change sigio_spinlock to a mutex
* f2fs: fix to check segment boundary during SIT page readahead
fs/f2fs/checkpoint.c
* f2fs: add trace exit in exception path
fs/f2fs/checkpoint.c
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
powerpc/powernv/smp: Fix spurious DBG() warning
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
* fscrypt: use EEXIST when file already uses different policy
fs/crypto/policy.c
* fscrypto: move ioctl processing more fully into common code
fs/crypto/policy.c
fs/ext4/ext4.h
fs/ext4/ioctl.c
fs/f2fs/f2fs.h
fs/f2fs/file.c
* fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
fs/crypto/policy.c
fs/ext4/namei.c
fs/f2fs/namei.c
ata: sata_rcar: Fix DMA boundary mask
mtd: lpddr: Fix bad logic in print_drs_error
p54: avoid accessing the data mapped to streaming DMA
* fuse: fix page dereference after free
fs/fuse/dev.c
arch/x86/amd/ibs: Fix re-arming IBS Fetch
tipc: fix memory leak caused by tipc_buf_append()
ravb: Fix bit fields checking in ravb_hwtstamp_get()
efivarfs: Replace invalid slashes with exclamation marks in dentries.
powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler
* scripts/setlocalversion: make git describe output more reliable
scripts/setlocalversion
SUNRPC: ECONNREFUSED should cause a rebind.
* ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
* BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
include/net/xfrm.h
net/xfrm/xfrm_state.c
* BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/xfrm_user.c
* UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
net/xfrm/xfrm_user.c
* BACKPORT: xfrm/compat: Add 64=>32-bit messages translator
include/net/xfrm.h
net/xfrm/xfrm_user.c
* BACKPORT: xfrm: Provide API to register translator module
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/Makefile
net/xfrm/xfrm_state.c
* UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
mm/slub.c
ANDROID: Publish uncompressed Image on aarch64
* ANDROID: Makefile: append BUILD_NUMBER to version string when defined
Makefile
Change-Id: I345c9bde484cf008679253982f61b2a833527c3e
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
423410d337 |
Merge 4.9.248 into android-4.9-q
Changes in 4.9.248 net/af_iucv: set correct sk_protocol for child sockets rose: Fix Null pointer dereference in rose_send_frame() usbnet: ipheth: fix connectivity with iOS 14 bonding: wait for sysfs kobject destruction before freeing struct slave netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal ibmvnic: Ensure that SCRQ entry reads are correctly ordered ibmvnic: Fix TX completion error handling net/x25: prevent a couple of overflows cxgb3: fix error return code in t3_sge_alloc_qset() net: pasemi: fix error return code in pasemi_mac_open() net/mlx5: Fix wrong address reclaim when command interface is down dt-bindings: net: correct interrupt flags in examples Input: xpad - support Ardwiino Controllers Input: i8042 - add ByteSpeed touchpad to noloop table spi: Fix controller unregister order harder RDMA/i40iw: Address an mmap handler exploit in i40iw btrfs: sysfs: init devices outside of the chunk_mutex pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) vlan: consolidate VLAN parsing code and limit max parsing depth usb: gadget: f_fs: Use local copy of descriptors for userspace copy USB: serial: kl5kusb105: fix memleak on open USB: serial: ch341: add new Product ID for CH341A USB: serial: ch341: sort device-id entries USB: serial: option: add Fibocom NL668 variants USB: serial: option: add support for Thales Cinterion EXS82 tty: Fix ->pgrp locking in tiocspgrp() ALSA: hda/realtek - Add new codec supported for ALC897 ALSA: hda/generic: Add option to enforce preferred_dacs pairs tty: Fix ->session locking ftrace: Fix updating FTRACE_FL_TRAMP cifs: fix potential use-after-free in cifs_echo_request() i2c: imx: Fix reset of I2SR_IAL flag i2c: imx: Check for I2SR_IAL after every byte iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs spi: Introduce device-managed SPI controller allocation spi: bcm-qspi: Fix use-after-free on unbind spi: bcm2835: Fix use-after-free on unbind spi: bcm2835: Release the DMA channel if probe fails after dma_init tracing: Fix userstacktrace option for instances gfs2: check for empty rgrp tree in gfs2_ri_update i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() Input: i8042 - fix error return code in i8042_setup_aux() x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes Linux 4.9.248 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I79239057c72e2a11bbbfd85634e716c9e6195b2a |
||
|
Steven Rostedt (VMware)
|
0bde9d5348 |
tracing: Fix userstacktrace option for instances
commit bcee5278958802b40ee8b26679155a6d9231783e upstream.
When the instances were able to use their own options, the userstacktrace
option was left hardcoded for the top level. This made the instance
userstacktrace option bascially into a nop, and will confuse users that set
it, but nothing happens (I was confused when it happened to me!)
Cc: stable@vger.kernel.org
Fixes:
|
||
|
lucaswei
|
474475fa1d |
Merge android-4.9-q (4.9.241) into android-msm-pixel-4.9-lts
Merge 4.9.241 into android-4.9-q
Linux 4.9.241
usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
eeprom: at25: set minimum read/write access stride to 1
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
net: korina: cast KSEG0 address to pointer in kfree
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
* usb: core: Solve race condition in anchor cleanup functions
drivers/usb/core/urb.c
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
reiserfs: Fix memory leak in reiserfs_parse_options()
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
tty: ipwireless: fix error handling
Fix use after free in get_capset_info callback.
rtl8xxxu: prevent potential memory leak
brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
scsi: ibmvfc: Fix error return in ibmvfc_probe()
* Bluetooth: Only mark socket zapped after unlocking
net/bluetooth/l2cap_sock.c
usb: ohci: Default to per-port over-current protection
xfs: make sure the rt allocator doesn't run off the end
reiserfs: only call unlock_new_inode() if I_NEW
misc: rtsx: Fix memory leak in rtsx_pci_probe
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
USB: cdc-acm: handle broken union descriptors
udf: Avoid accessing uninitialized data on failed inode read
udf: Limit sparing table size
usb: gadget: function: printer: fix use-after-free in __lock_acquire
misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
mic: vop: copy data to kernel space then write to io memory
* scsi: target: core: Add CONTROL field for trace events
include/scsi/scsi_common.h
scsi: mvumi: Fix error return in mvumi_io_attach()
PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
ntfs: add check for mft record size in superblock
fs: dlm: fix configfs memory leak
media: saa7134: avoid a shift overflow
* mmc: sdio: Check for CISTPL_VERS_1 buffer size
drivers/mmc/core/sdio_cis.c
media: uvcvideo: Ensure all probed info is returned to v4l2
media: media/pci: prevent memory leak in bttv_probe
media: bdisp: Fix runtime PM imbalance on error
media: platform: sti: hva: Fix runtime PM imbalance on error
media: platform: s3c-camif: Fix runtime PM imbalance on error
media: vsp1: Fix runtime PM imbalance on error
media: exynos4-is: Fix a reference count leak
media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
media: ati_remote: sanity check for both endpoints
media: firewire: fix memory leak
crypto: ccp - fix error handling
NTB: hw: amd: fix an issue about leak system resources
nvmet: fix uninitialized work for zero kato
powerpc/powernv/dump: Fix race while processing OPAL dump
arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
memory: omap-gpmc: Fix a couple off by ones
KVM: x86: emulating RDPID failure shall return #UD rather than #GP
Input: sun4i-ps2 - fix handling of platform_get_irq() error
Input: twl4030_keypad - fix handling of platform_get_irq() error
Input: omap4-keypad - fix handling of platform_get_irq() error
Input: ep93xx_keypad - fix handling of platform_get_irq() error
Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
vfio/pci: Clear token on bypass registration failure
clk: bcm2835: add missing release if devm_clk_hw_register fails
clk: at91: clk-main: update key before writing AT91_CKGR_MOR
rapidio: fix the missed put_device() for rio_mport_add_riodev
rapidio: fix error handling path
* lib/crc32.c: fix trivial typo in preprocessor condition
lib/crc32.c
IB/rdmavt: Fix sizeof mismatch
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
powerpc/perf/hv-gpci: Fix starting index value
powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
* overflow: Include header file with SIZE_MAX declaration
include/linux/overflow.h
* kdb: Fix pager search for multi-line strings
kernel/debug/kdb/kdb_io.c
RDMA/hns: Set the unsupported wr opcode
perf intel-pt: Fix "context_switch event has no tid" error
powerpc/tau: Disable TAU between measurements
powerpc/tau: Remove duplicated set_thresholds() call
powerpc/tau: Use appropriate temperature sample interval
RDMA/qedr: Fix use of uninitialized field
ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
mtd: mtdoops: Don't write panic data twice
mtd: lpddr: fix excessive stack usage with clang
powerpc/icp-hv: Fix missing of_node_put() in success path
powerpc/pseries: Fix missing of_node_put() in rng_init()
IB/mlx4: Adjust delayed work when a dup is observed
IB/mlx4: Fix starvation in paravirt mux/demux
net: korina: fix kfree of rx/tx descriptor array
mwifiex: fix double free
scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
* nl80211: fix non-split wiphy information
net/wireless/nl80211.c
* usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
drivers/usb/gadget/function/u_ether.c
usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
iwlwifi: mvm: split a print to avoid a WARNING in ROC
mfd: sm501: Fix leaks in probe()
net: enic: Cure the enic api locking trainwreck
* quota: clear padding in v2r1_mem2diskdqb()
fs/quota/quota_v2.c
ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
misc: mic: scif: Fix error handling path
ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
HID: roccat: add bounds checking in kone_sysfs_write_settings()
video: fbdev: sis: fix null ptr dereference
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
drivers/virt/fsl_hypervisor: Fix error handling path
* pty: do tty_flip_buffer_push without port->lock in pty_write
drivers/tty/pty.c
tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
* tty: serial: earlycon dependency
drivers/tty/serial/Kconfig
VMCI: check return value of get_user_pages_fast() for errors
backlight: sky81452-backlight: Fix refcount imbalance on error
scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
drm/gma500: fix error check
mwifiex: Do not use GFP_KERNEL in atomic context
ASoC: qcom: lpass-platform: fix memory leak
wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
ath10k: provide survey info as accumulated data
* regulator: resolve supply after creating regulator
drivers/regulator/core.c
media: ti-vpe: Fix a missing check and reference count leak
media: platform: fcp: Fix a reference count leak.
media: tc358743: initialize variable
crypto: omap-sham - fix digcnt register handling with export/import
media: omap3isp: Fix memleak in isp_probe
media: m5mols: Check function pointer in m5mols_sensor_power
media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
EDAC/i5100: Fix error handling order in i5100_init_one()
crypto: algif_aead - Do not set MAY_BACKLOG on the async path
ima: Don't ignore errors from crypto_shash_update()
KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
cifs: remove bogus debug code
* icmp: randomize the global rate limiter
net/ipv4/icmp.c
* tcp: fix to update snd_wl1 in bulk receiver fast path
net/ipv4/tcp_input.c
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
ALSA: bebob: potential info leak in hwdep_read()
r8169: fix data corruption issue on RTL8402
* net/ipv4: always honour route mtu during forwarding
include/net/ip.h
tipc: fix the skb_unshare() in tipc_buf_append()
ibmveth: Identify ingress large send packets.
* UPSTREAM: binder: fix UAF when releasing todo list
drivers/android/binder.c
* ANDROID: namespace'ify tcp_default_init_rwnd implementation
include/net/netns/ipv4.h
include/net/tcp.h
net/ipv4/sysctl_net_ipv4.c
net/ipv4/tcp_input.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_minisocks.c
net/ipv4/tcp_output.c
Merge 4.9.240 into android-4.9-q
Linux 4.9.240
crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
reiserfs: Fix oops during mount
reiserfs: Initialize inode keys properly
USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
USB: serial: pl2303: add device-id for HP GC device
staging: comedi: check validity of wMaxPacketSize of usb endpoints found
USB: serial: option: Add Telit FT980-KS composition
USB: serial: option: add Cellient MPL200 card
media: usbtv: Fix refcounting mixup
* Bluetooth: Disconnect if E0 is used for Level 4
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
net/bluetooth/hci_event.c
* Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
include/net/bluetooth/hci_core.h
* Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
include/net/bluetooth/hci_core.h
net/bluetooth/hci_event.c
* Bluetooth: fix kernel oops in store_pending_adv_report
net/bluetooth/hci_event.c
* Bluetooth: MGMT: Fix not checking if BT_HS is enabled
net/bluetooth/mgmt.c
* Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
include/net/bluetooth/l2cap.h
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
* Bluetooth: A2MP: Fix not initializing all members
net/bluetooth/a2mp.c
Merge 4.9.239 into android-4.9-q
Linux 4.9.239
* net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
drivers/net/usb/rtl8150.c
* mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged
include/linux/khugepaged.h
mm/page_alloc.c
* perf: Fix task_function_call() error handling
kernel/events/core.c
rxrpc: Fix server keyring leak
rxrpc: Fix some missing _bh annotations on locking conn->state_lock
rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
rxrpc: Fix rxkad token xdr encoding
* mdio: fix mdio-thunder.c dependency & build error
drivers/net/phy/Kconfig
* bonding: set dev->needed_headroom in bond_setup_by_slave()
drivers/net/bonding/bond_main.c
* xfrm: Use correct address family in xfrm_state_find
net/xfrm/xfrm_state.c
net: stmmac: removed enabling eee in EEE set callback
* xfrm: clone whole liftime_cur structure in xfrm_do_migrate
net/xfrm/xfrm_state.c
* xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
include/net/xfrm.h
drm/amdgpu: prevent double kfree ttm->sg
openvswitch: handle DNAT tuple collision
net: team: fix memory leak in __team_options_register
team: set dev->needed_headroom in team_setup_by_port()
sctp: fix sctp_auth_init_hmacs() error path
mm/khugepaged: fix filemap page_to_pgoff(page) != offset
macsec: avoid use-after-free in macsec_handle_frame()
ftrace: Move RCU is watching check after recursion check
mtd: rawnand: sunxi: Fix the probe error path
perf top: Fix stdio interface input handling with glibc 2.28+
* driver core: Fix probe_count imbalance in really_probe()
drivers/base/dd.c
platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
* usermodehelper: reset umask to default before executing user process
kernel/kmod.c
* net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
net/wireless/nl80211.c
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
Revert "ravb: Fixed to be able to unload modules"
* Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
include/linux/font.h
* fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
include/linux/font.h
* netfilter: ctnetlink: add a range check for l3/l4 protonum
net/netfilter/nf_conntrack_netlink.c
* ep_create_wakeup_source(): dentry name can change under you...
fs/eventpoll.c
* epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
fs/eventpoll.c
* epoll: replace ->visited/visited_list with generation count
fs/eventpoll.c
* epoll: do not insert into poll queues until all sanity checks are done
fs/eventpoll.c
* net/packet: fix overflow in tpacket_rcv
net/packet/af_packet.c
* random32: Restore __latent_entropy attribute on net_rand_state
lib/random32.c
i2c: cpm: Fix i2c_ram structure
iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
nfs: Fix security label length not being reset
mac80211: do not allow bigger VHT MPDUs than the hardware supports
drivers/net/wan/hdlc: Set skb->protocol before transmitting
drivers/net/wan/lapbether: Make skb->protocol consistent with the header
rndis_host: increase sleep time in the query-response loop
net: dec: de2104x: Increase receive ring size for Tulip
drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
gpio: tc35894: fix up tc35894 interrupt configuration
USB: gadget: f_ncm: Fix NDP16 datagram validation
vsock/virtio: stop workers during the .remove()
vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock
Merge 4.9.238 into android-4.9-q
Linux 4.9.238
ata: sata_mv, avoid trigerrable BUG_ON
ata: make qc_prep return ata_completion_errors
ata: define AC_ERR_OK
* lib/string.c: implement stpcpy
lib/string.c
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
ALSA: asihpi: fix iounmap in error handler
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
batman-adv: Add missing include for in_interrupt()
mac802154: tx: fix use-after-free
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: bla: fix type misuse for backbone_gw hash indexing
mwifiex: Increase AES key storage size to 256 bits
clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
ieee802154/adf7242: check status of adf7242_read_reg
objtool: Fix noreturn detection for ignored functions
* i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()
drivers/i2c/i2c-core.c
s390/init: add missing __init annotations
vfio/pci: fix racy on error and request eventfd ctx
selftests/x86/syscall_nt: Clear weird flags after each test
cifs: Fix double add page to memcg when cifs_readpages
vfio/pci: Clear error and request eventfd ctx after releasing
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
mtd: parser: cmdline: Support MTD names containing one or more colons
ceph: fix potential race in ceph_check_caps
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
perf kcore_copy: Fix module map when there are no modules loaded
perf util: Fix memory leak of prefix_if_not_in
vfio/pci: fix memory leaks of eventfd ctx
btrfs: don't force read-only after error in drop snapshot
* printk: handle blank console arguments passed in.
kernel/printk/printk.c
e1000: Do not perform reset in reset_task if we are already down
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
* fuse: don't check refcount after stealing page
fs/fuse/dev.c
ALSA: hda: Fix potential race in unsol event handler
tty: serial: samsung: Correct clock selection logic
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
* Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
net/bluetooth/hci_event.c
phy: samsung: s5pv210-usb2: Add delay after reset
atm: fix a memory leak of vcc->user_back
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
* bdev: Reduce time holding bd_mutex in sync in blkdev_close()
fs/block_dev.c
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
* mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
mm/mmap.c
* mm/filemap.c: clear page error before actual read
mm/filemap.c
* ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
sound/usb/midi.c
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
svcrdma: Fix leak of transport addresses
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
tools: gpio-hammer: Avoid potential overflow in main
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
serial: 8250_omap: Fix sleeping function called from invalid context during probe
serial: 8250_port: Don't service RX FIFO if throttled
* tracing: Use address-of operator on section symbols
kernel/trace/trace.c
tpm: ibmvtpm: Wait for buffer to be set before proceeding
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
media: tda10071: fix unsigned sign extension overflow
* Bluetooth: L2CAP: handle l2cap config request during open state
net/bluetooth/l2cap_core.c
drm/amdgpu: increase atombios cmd timeout
* timekeeping: Prevent 32bit truncation in scale64_check_overflow()
kernel/time/timekeeping.c
* Bluetooth: guard against controllers sending zero'd events
net/bluetooth/hci_event.c
media: go7007: Fix URB type for interrupt handling
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
* bpf: Remove recursion prevention from rcu free callback
kernel/bpf/hashtab.c
x86/pkeys: Add check for pkey "overflow"
KVM: x86: fix incorrect comparison in trace event
RDMA/rxe: Fix configuration of atomic queue pair attributes
drm/omap: fix possible object reference leak
scsi: lpfc: Fix coverity errors in fmdi attribute handling
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
* selinux: sel_avc_get_stat_idx should increase position index
security/selinux/selinuxfs.c
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
* skbuff: fix a data race in skb_queue_len()
include/linux/skbuff.h
net/unix/af_unix.c
ALSA: hda: Clear RIRB status before reading WP
KVM: fix overflow of zero page refcount with ksm running
* Bluetooth: prefetch channel before killing sock
net/bluetooth/l2cap_sock.c
* mm: pagewalk: fix termination condition in walk_pte_range()
mm/pagewalk.c
* Bluetooth: Fix refcount use-after-free issue
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
* tracing: Set kernel_stack's caller size properly
kernel/trace/trace_entries.h
dmaengine: zynqmp_dma: fix burst length configuration
ACPI: EC: Reference count query handlers under lock
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
* seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
include/linux/seqlock.h
* rt_cpu_seq_next should increase position index
net/ipv4/route.c
* neigh_stat_seq_next() should increase position index
net/core/neighbour.c
* kernel/sys.c: avoid copying possible padding bytes in copy_to_user
kernel/sys.c
CIFS: Properly process SMB3 lease breaks
* debugfs: Fix !DEBUG_FS debugfs_create_automount
include/linux/debugfs.h
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
xfs: fix attr leaf header freemap.size underflow
RDMA/i40iw: Fix potential use after free
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
* tracing: Adding NULL checks for trace_array descriptor pointer
kernel/trace/trace.c
kernel/trace/trace_events.c
* mfd: mfd-core: Protect against NULL call-back function pointer
drivers/mfd/mfd-core.c
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
clk/ti/adpll: allocate room for terminating null
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
* ALSA: usb-audio: Add delay quirk for H570e USB headsets
sound/usb/quirks.c
ASoC: kirkwood: fix IRQ error handling
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
m68k: q40: Fix info-leak in rtc_ioctl
scsi: aacraid: fix illegal IO beyond last LBA
serial: 8250: Avoid error message on reprobe
* net: add __must_check to skb_put_padto()
include/linux/skbuff.h
net/hsr: Check skb_put_padto() return value
* net: phy: Avoid NPD upon phy_detach() when driver is unbound
drivers/net/phy/phy_device.c
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
tipc: use skb_unshare() instead in tipc_buf_append()
* ip: fix tos reflection in ack and reset packets
net/ipv4/ip_output.c
hdlc_ppp: add range checks in ppp_cp_parse_cr()
mtd: Fix comparison in map_word_andequal()
RDMA/ucma: ucma_context reference leak in error path
kprobes: fix kill kprobe which has been marked as gone
KVM: fix memory leak in kvm_io_bus_unregister_dev()
* af_key: pfkey_dump needs parameter validation
net/key/af_key.c
Change-Id: Ic405992aa26bd9ce6da4fdcf67ab341ef9427b53
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
4a8894270e |
Merge 4.9.242 into android-4.9-q
Changes in 4.9.242
SUNRPC: ECONNREFUSED should cause a rebind.
scripts/setlocalversion: make git describe output more reliable
powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler
efivarfs: Replace invalid slashes with exclamation marks in dentries.
ravb: Fix bit fields checking in ravb_hwtstamp_get()
tipc: fix memory leak caused by tipc_buf_append()
arch/x86/amd/ibs: Fix re-arming IBS Fetch
fuse: fix page dereference after free
p54: avoid accessing the data mapped to streaming DMA
mtd: lpddr: Fix bad logic in print_drs_error
ata: sata_rcar: Fix DMA boundary mask
fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
fscrypto: move ioctl processing more fully into common code
fscrypt: use EEXIST when file already uses different policy
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
powerpc/powernv/smp: Fix spurious DBG() warning
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
f2fs: add trace exit in exception path
f2fs: fix to check segment boundary during SIT page readahead
um: change sigio_spinlock to a mutex
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
xfs: fix realtime bitmap/summary file truncation when growing rt volume
video: fbdev: pvr2fb: initialize variables
ath10k: fix VHT NSS calculation when STBC is enabled
media: tw5864: check status of tw5864_frameinterval_get
mmc: via-sdmmc: Fix data race bug
printk: reduce LOG_BUF_SHIFT range for H8300
kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
cpufreq: sti-cpufreq: add stih418 support
USB: adutux: fix debugging
arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
power: supply: test_power: add missing newlines when printing parameters by sysfs
md/bitmap: md_bitmap_get_counter returns wrong blocks
clk: ti: clockdomain: fix static checker warning
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
ext4: Detect already used quota file early
gfs2: add validation checks for size of superblock
memory: emif: Remove bogus debugfs error handling
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
md/raid5: fix oops during stripe resizing
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
perf/x86/amd/ibs: Fix raw sample data accumulation
leds: bcm6328, bcm6358: use devres LED registering function
fs: Don't invalidate page buffers in block_write_full_page()
NFS: fix nfs_path in case of a rename retry
ACPI / extlog: Check for RDMSR failure
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI: debug: don't allow debugging when ACPI is disabled
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
w1: mxc_w1: Fix timeout resolution problem leading to bus error
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
btrfs: reschedule if necessary when logging directory items
btrfs: cleanup cow block on error
btrfs: fix use-after-free on readahead extent after failure to create it
usb: dwc3: core: add phy cleanup for probe error handling
usb: dwc3: core: don't trigger runtime pm when remove driver
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
vt: keyboard, simplify vt_kdgkbsent
vt: keyboard, extend func_buf_lock to readers
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
iio:light:si1145: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
powerpc: Warn about use of smt_snooze_delay
powerpc/powernv/elog: Fix race while processing OPAL error log event.
ubifs: dent: Fix some potential memory leaks while iterating entries
ubi: check kthread_should_stop() after the setting of task state
ia64: fix build error with !COREDUMP
ceph: promote to unsigned long long before shifting
libceph: clear con->out_msg on Policy::stateful_server faults
9P: Cast to loff_t before multiplying
ring-buffer: Return 0 on success from ring_buffer_resize()
vringh: fix __vringh_iov() when riov and wiov are different
rtc: rx8010: don't modify the global rtc ops
tty: make FONTX ioctl use the tty pointer they were actually passed
arm64: berlin: Select DW_APB_TIMER_OF
cachefiles: Handle readpage error correctly
hil/parisc: Disable HIL driver when it gets stuck
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
ARM: s3c24xx: fix missing system reset
device property: Keep secondary firmware node secondary by type
device property: Don't clear secondary pointer for shared primary firmware node
KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
staging: octeon: repair "fixed-link" support
staging: octeon: Drop on uncorrectable alignment or FCS error
xen/events: don't use chip_data for legacy IRQs
tipc: fix use-after-free in tipc_bcast_get_mode
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
gianfar: Account for Tx PTP timestamp in the skb headroom
Fonts: Replace discarded const qualifier
ALSA: usb-audio: Add implicit feedback quirk for Qu-16
kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
ftrace: Fix recursion check for NMI test
ftrace: Handle tracing when switching between context
tracing: Fix out of bounds write in get_trace_buf
ARM: dts: sun4i-a10: fix cpu_alert temperature
x86/kexec: Use up-to-dated screen_info copy to fill boot params
of: Fix reserved-memory overlap detection
scsi: core: Don't start concurrent async scan on same host
vsock: use ns_capable_noaudit() on socket create
ACPI: NFIT: Fix comparison to '-ENXIO'
vt: Disable KD_FONT_OP_COPY
fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
serial: 8250_mtk: Fix uart_get_baud_rate warning
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
USB: serial: cyberjack: fix write-URB completion race
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: option: add Telit FN980 composition 0x1055
USB: Add NO_LPM quirk for Kingston flash drive
ARC: stack unwinding: avoid indefinite looping
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
Linux 4.9.242
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I594296d57790eb8b7fa737119346d2b60572e5fd
|
||
|
Qiujun Huang
|
b134320e5b |
tracing: Fix out of bounds write in get_trace_buf
commit c1acb4ac1a892cf08d27efcb964ad281728b0545 upstream. The nesting count of trace_printk allows for 4 levels of nesting. The nesting counter starts at zero and is incremented before being used to retrieve the current context's buffer. But the index to the buffer uses the nesting counter after it was incremented, and not its original number, which in needs to do. Link: https://lkml.kernel.org/r/20201029161905.4269-1-hqjagain@gmail.com Cc: stable@vger.kernel.org Fixes: 3d9622c12c887 ("tracing: Add barrier to trace_printk() buffer nesting modification") Signed-off-by: Qiujun Huang <hqjagain@gmail.com> Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
495d499ce7 |
Merge 4.9.238 into android-4.9-q
Changes in 4.9.238 af_key: pfkey_dump needs parameter validation KVM: fix memory leak in kvm_io_bus_unregister_dev() kprobes: fix kill kprobe which has been marked as gone RDMA/ucma: ucma_context reference leak in error path mtd: Fix comparison in map_word_andequal() hdlc_ppp: add range checks in ppp_cp_parse_cr() ip: fix tos reflection in ack and reset packets tipc: use skb_unshare() instead in tipc_buf_append() bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. net: phy: Avoid NPD upon phy_detach() when driver is unbound net/hsr: Check skb_put_padto() return value net: add __must_check to skb_put_padto() serial: 8250: Avoid error message on reprobe scsi: aacraid: fix illegal IO beyond last LBA m68k: q40: Fix info-leak in rtc_ioctl gma/gma500: fix a memory disclosure bug due to uninitialized bytes ASoC: kirkwood: fix IRQ error handling ALSA: usb-audio: Add delay quirk for H570e USB headsets PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out clk/ti/adpll: allocate room for terminating null mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() mfd: mfd-core: Protect against NULL call-back function pointer tracing: Adding NULL checks for trace_array descriptor pointer bcache: fix a lost wake-up problem caused by mca_cannibalize_lock RDMA/i40iw: Fix potential use after free xfs: fix attr leaf header freemap.size underflow RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' debugfs: Fix !DEBUG_FS debugfs_create_automount CIFS: Properly process SMB3 lease breaks kernel/sys.c: avoid copying possible padding bytes in copy_to_user neigh_stat_seq_next() should increase position index rt_cpu_seq_next should increase position index seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier media: ti-vpe: cal: Restrict DMA to avoid memory corruption ACPI: EC: Reference count query handlers under lock dmaengine: zynqmp_dma: fix burst length configuration tracing: Set kernel_stack's caller size properly ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter Bluetooth: Fix refcount use-after-free issue mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: prefetch channel before killing sock KVM: fix overflow of zero page refcount with ksm running ALSA: hda: Clear RIRB status before reading WP skbuff: fix a data race in skb_queue_len() audit: CONFIG_CHANGE don't log internal bookkeeping as an event selinux: sel_avc_get_stat_idx should increase position index scsi: lpfc: Fix RQ buffer leakage when no IOCBs available scsi: lpfc: Fix coverity errors in fmdi attribute handling drm/omap: fix possible object reference leak RDMA/rxe: Fix configuration of atomic queue pair attributes KVM: x86: fix incorrect comparison in trace event x86/pkeys: Add check for pkey "overflow" bpf: Remove recursion prevention from rcu free callback dmaengine: tegra-apb: Prevent race conditions on channel's freeing media: go7007: Fix URB type for interrupt handling Bluetooth: guard against controllers sending zero'd events timekeeping: Prevent 32bit truncation in scale64_check_overflow() drm/amdgpu: increase atombios cmd timeout Bluetooth: L2CAP: handle l2cap config request during open state media: tda10071: fix unsigned sign extension overflow xfs: don't ever return a stale pointer from __xfs_dir3_free_read tpm: ibmvtpm: Wait for buffer to be set before proceeding tracing: Use address-of operator on section symbols serial: 8250_port: Don't service RX FIFO if throttled serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn tools: gpio-hammer: Avoid potential overflow in main SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' svcrdma: Fix leak of transport addresses ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor mm/filemap.c: clear page error before actual read mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area KVM: Remove CREATE_IRQCHIP/SET_PIT2 race bdev: Reduce time holding bd_mutex in sync in blkdev_close() drivers: char: tlclk.c: Avoid data race between init and interrupt handler dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion atm: fix a memory leak of vcc->user_back phy: samsung: s5pv210-usb2: Add delay after reset Bluetooth: Handle Inquiry Cancel error after Inquiry Complete USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() tty: serial: samsung: Correct clock selection logic ALSA: hda: Fix potential race in unsol event handler fuse: don't check refcount after stealing page USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int e1000: Do not perform reset in reset_task if we are already down printk: handle blank console arguments passed in. btrfs: don't force read-only after error in drop snapshot vfio/pci: fix memory leaks of eventfd ctx perf util: Fix memory leak of prefix_if_not_in perf kcore_copy: Fix module map when there are no modules loaded mtd: rawnand: omap_elm: Fix runtime PM imbalance on error ceph: fix potential race in ceph_check_caps mtd: parser: cmdline: Support MTD names containing one or more colons x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline vfio/pci: Clear error and request eventfd ctx after releasing cifs: Fix double add page to memcg when cifs_readpages selftests/x86/syscall_nt: Clear weird flags after each test vfio/pci: fix racy on error and request eventfd ctx s390/init: add missing __init annotations i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() objtool: Fix noreturn detection for ignored functions ieee802154/adf7242: check status of adf7242_read_reg clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() mwifiex: Increase AES key storage size to 256 bits batman-adv: bla: fix type misuse for backbone_gw hash indexing atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: mcast/TT: fix wrongly dropped or rerouted packets mac802154: tx: fix use-after-free batman-adv: Add missing include for in_interrupt() batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh ALSA: asihpi: fix iounmap in error handler MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() lib/string.c: implement stpcpy ata: define AC_ERR_OK ata: make qc_prep return ata_completion_errors ata: sata_mv, avoid trigerrable BUG_ON Linux 4.9.238 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I799877db3bc49e473bbc023ab948cd241755beff |
||
|
Nathan Chancellor
|
efff0333df |
tracing: Use address-of operator on section symbols
[ Upstream commit bf2cbe044da275021b2de5917240411a19e5c50d ]
Clang warns:
../kernel/trace/trace.c:9335:33: warning: array comparison always
evaluates to true [-Wtautological-compare]
if (__stop___trace_bprintk_fmt != __start___trace_bprintk_fmt)
^
1 warning generated.
These are not true arrays, they are linker defined symbols, which are
just addresses. Using the address of operator silences the warning and
does not change the runtime result of the check (tested with some print
statements compiled in with clang + ld.lld and gcc + ld.bfd in QEMU).
Link: http://lkml.kernel.org/r/20200220051011.26113-1-natechancellor@gmail.com
Link: https://github.com/ClangBuiltLinux/linux/issues/893
Suggested-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Divya Indi
|
6f46c4f131 |
tracing: Adding NULL checks for trace_array descriptor pointer
[ Upstream commit 953ae45a0c25e09428d4a03d7654f97ab8a36647 ]
As part of commit f45d1225adb0 ("tracing: Kernel access to Ftrace
instances") we exported certain functions. Here, we are adding some additional
NULL checks to ensure safe usage by users of these APIs.
Link: http://lkml.kernel.org/r/1565805327-579-4-git-send-email-divya.indi@oracle.com
Signed-off-by: Divya Indi <divya.indi@oracle.com>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
lucaswei
|
ec98b24735 |
Merge android-4.9-q (4.9.228) into android-msm-pixel-4.9-lts
Merge 4.9.228 into android-4.9-q
Linux 4.9.228
perf symbols: Fix debuginfo search for Ubuntu
perf probe: Do not show the skipped events
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
mtd: rawnand: pasemi: Fix the probe error path
mtd: rawnand: brcmnand: fix hamming oob layout
* sunrpc: clean up properly in gss_mech_unregister()
include/linux/sunrpc/gss_api.h
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
* kbuild: force to build vmlinux if CONFIG_MODVERSION=y
Makefile
drivers/macintosh: Fix memleak in windfarm_pm112 driver
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
* kernel/cpu_pm: Fix uninitted local in cpu_pm
kernel/cpu_pm.c
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
sparc32: fix register window handling in genregs32_[gs]et()
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
power: vexpress: add suppress_bind_attrs to true
igb: Report speed and duplex as unknown when device is runtime suspended
b43_legacy: Fix connection problem with WPA3
b43: Fix connection problem with WPA3
b43legacy: Fix case where channel status is corrupted
media: go7007: fix a miss of snd_card_free
carl9170: remove P2P_GO support
e1000e: Relax condition to trigger reset for ME workaround
* PCI: Program MPS for RCiEP devices
drivers/pci/probe.c
* blk-mq: move blk_mq_update_nr_hw_queues synchronize_rcu call
block/blk-mq.c
btrfs: fix error handling when submitting direct I/O bio
* ext4: fix race between ext4_sync_parent() and rename()
fs/ext4/fsync.c
* ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
fs/ext4/ext4_extents.h
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
ima: Directly assign the ima_default_policy pointer to ima_rules
ima: Fix ima digest hash table key calculation
mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
btrfs: send: emit file capabilities after chown
* cpuidle: Fix three reference count leaks
drivers/cpuidle/sysfs.c
spi: dw: Return any value retrieved from the dma_transfer callback
mmc: sdhci-esdhc-imx: fix the mask for tuning start point
ixgbe: fix signed-integer-overflow warning
staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
* PCI: Don't disable decoding when mmio_always_on is set
drivers/pci/probe.c
macvlan: Skip loopback packets in RX handler
m68k: mac: Don't call via_flush_cache() on Mac IIfx
x86/mm: Stop printing BRK addresses
mips: Add udelay lpj numbers adjustment
x86/boot: Correct relocation destination on old linkers
mwifiex: Fix memory corruption in dump_station
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
md: don't flush workqueue unconditionally in md_open
* kgdb: Fix spurious true from in_dbg_master()
include/linux/kgdb.h
mips: cm: Fix an invalid error code of INTVN_*_ERR
MIPS: Truncate link address into 32bit for 32bit kernel
powerpc/spufs: fix copy_to_user while atomic
net: allwinner: Fix use correct return type for ndo_start_xmit()
net: lpc-enet: fix error return code in lpc_mii_init()
* exit: Move preemption fixup up, move blocking operations down
kernel/exit.c
* lib/mpi: Fix 64-bit MIPS build with Clang
lib/mpi/longlong.h
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
MIPS: Make sparse_init() using top-down allocation
media: platform: fcp: Set appropriate DMA parameters
media: dvb: return -EREMOTEIO on i2c transfer failure.
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
e1000: Distribute switch variables for initialization
* staging: android: ion: use vmap instead of vm_map_ram
drivers/staging/android/ion/ion_heap.c
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
* x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
include/uapi/linux/kvm.h
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
clocksource: dw_apb_timer_of: Fix missing clockevent timers
spi: dw: Enable interrupts in accordance with DMA xfer mode
* kgdb: Prevent infinite recursive entries to the debugger
kernel/debug/debug_core.c
* Bluetooth: Add SCO fallback for invalid LMP parameters error
net/bluetooth/hci_event.c
spi: dw: Zero DMA Tx and Rx configurations on stack
net: ena: fix error returning in ena_com_get_hash_function()
objtool: Ignore empty alternatives
media: si2157: Better check for running tuner in init
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
* media: dvb_frontend: ensure that inital front end status initialized
drivers/media/dvb-core/dvb_frontend.c
include/uapi/linux/dvb/frontend.h
can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
agp/intel: Reinforce the barrier after GTT updates
* perf: Add cond_resched() to task_function_call()
kernel/events/core.c
* fat: don't allow to mount if the FAT length == 0
fs/fat/inode.c
* mm/slub: fix a memory leak in sysfs_slab_add()
mm/slub.c
* Smack: slab-out-of-bounds in vsscanf
security/smack/smackfs.c
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
* KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
arch/arm64/include/asm/kvm_host.h
KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
KVM: nSVM: leave ASID aside in copy_vmcb_control_area
video: fbdev: w100fb: Fix a potential double free.
* proc: Use new_inode not new_inode_pseudo
fs/proc/inode.c
fs/proc/self.c
fs/proc/thread_self.c
* ovl: initialize error in ovl_copy_xattr
fs/overlayfs/copy_up.c
spi: bcm2835: Fix controller unregister order
spi: pxa2xx: Fix controller unregister order
* spi: Fix controller unregister order
drivers/spi/spi.c
* spi: No need to assign dummy value in spi_unregister_controller()
drivers/spi/spi.c
spi: dw: Fix controller unregister order
spi: dw: fix possible race condition
x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
x86/speculation: Add support for STIBP always-on preferred mode
x86/speculation: Change misspelled STIPB to STIBP
* ALSA: pcm: disallow linking stream to itself
sound/core/pcm_native.c
spi: bcm-qspi: when tx/rx buffer is NULL set to 0
spi: bcm2835aux: Fix controller unregister order
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
* cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
fs/fs-writeback.c
ACPI: PM: Avoid using power resources if there are none for D0
ACPI: GED: add support for _Exx / _Lxx handler methods
ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
* ALSA: usb-audio: Fix inconsistent card PM state after resume
sound/usb/card.c
sound/usb/usbaudio.h
ALSA: es1688: Add the missed snd_card_free()
efi/efivars: Add missing kobject_put() in sysfs entry creation error path
x86/reboot/quirks: Add MacBook6,1 reboot quirk
x86/speculation: Prevent rogue cross-process SSBD shutdown
x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
x86_64: Fix jiffies ODR violation
ath9k_htc: Silence undersized packet warnings
drivers/net/ibmvnic: Update VNIC protocol version reporting
* sched/fair: Don't NUMA balance for kthreads
kernel/sched/fair.c
ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
crypto: talitos - fix ECB and CBC algs ivsize
* scsi: return correct blkprep status code in case scsi_init_io() fails.
drivers/scsi/scsi_lib.c
vxlan: Avoid infinite loop when suppressing NS messages with invalid options
* ipv6: fix IPV6_ADDRFORM operation logic
net/ipv6/ipv6_sockglue.c
Merge 4.9.227 into android-4.9-q
Linux 4.9.227
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
iio: vcnl4000: Fix i2c swapped word reading.
x86/speculation: Add Ivy Bridge to affected list
x86/speculation: Add SRBDS vulnerability and mitigation documentation
* x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
drivers/base/cpu.c
x86/cpu: Add 'table' argument to cpu_matches()
* x86/cpu: Add a steppings field to struct x86_cpu_id
include/linux/mod_devicetable.h
* nvmem: qfprom: remove incorrect write support
drivers/nvmem/qfprom.c
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
tty: hvc_console, fix crashes on parallel open/close
* vt: keyboard: avoid signed integer overflow in k_ascii
drivers/tty/vt/keyboard.c
usb: musb: Fix runtime PM imbalance on error
USB: serial: option: add Telit LE910C1-EUX compositions
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
USB: serial: qcserial: add DW5816e QDL support
* l2tp: add sk_family checks to l2tp_validate_socket
net/l2tp/l2tp_core.c
vsock: fix timeout in vsock_accept()
NFC: st21nfca: add missed kfree_skb() in an error path
net: usb: qmi_wwan: add Telit LE910C1-EUX composition
* l2tp: do not use inet_hash()/inet_unhash()
net/l2tp/l2tp_ip.c
net/l2tp/l2tp_ip6.c
* devinet: fix memleak in inetdev_init()
net/ipv4/devinet.c
airo: Fix read overflows sending packets
* scsi: ufs: Release clock if DMA map fails
drivers/scsi/ufs/ufshcd.c
slip: not call free_netdev before rtnl_unlock in slip_open
slcan: Fix double-free on slcan_open() error path
* mmc: fix compilation of user API
include/uapi/linux/mmc/ioctl.h
kernel/relay.c: handle alloc_percpu returning NULL in relay_open
p54usb: add AirVasT USB stick device-id
HID: i2c-hid: add Schneider SCL142ALM to descriptor override
* mm: Fix mremap not considering huge pmd devmap
mm/mremap.c
* pppoe: only process PADT targeted at local interfaces
drivers/net/ppp/pppoe.c
net: smsc911x: Fix runtime PM imbalance on error
net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
net/ethernet/freescale: rework quiesce/activate for ucc_geth
net: bmac: Fix read of MAC address from ROM
x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
ARC: Fix ICCM & DCCM runtime size checks
s390/ftrace: save traced function caller
spi: dw: use "smp_mb()" to avoid sending spi data error
* esp6: fix memleak on error path in esp6_input
net/ipv6/esp6.c
usb: gadget: f_uac2: fix error handling in afunc_bind (again)
* scsi: scsi_devinfo: fixup string compare
drivers/scsi/scsi_devinfo.c
Merge 4.9.226 into android-4.9-q
Linux 4.9.226
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
net: hns: Fixes the missing put_device in positive leg for roce reset
sc16is7xx: move label 'err_spi' to correct section
* mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
mm/vmalloc.c
* net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
net/core/rtnetlink.c
genirq/generic_pending: Do not lose pending affinity update
* netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
include/linux/netfilter/nf_conntrack_pptp.h
net/netfilter/nf_conntrack_pptp.c
* bonding: Fix reference count leak in bond_sysfs_slave_add.
drivers/net/bonding/bond_sysfs_slave.c
qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
* netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
include/linux/netfilter/nf_conntrack_pptp.h
net/ipv4/netfilter/nf_nat_pptp.c
net/netfilter/nf_conntrack_pptp.c
netfilter: ipset: Fix subcounter update skip
netfilter: nft_reject_bridge: enable reject with bridge vlan
* ip_vti: receive ipip packet by calling ip_tunnel_rcv
net/ipv4/ip_vti.c
* vti4: eliminated some duplicate code.
net/ipv4/ip_vti.c
* xfrm: fix a NULL-ptr deref in xfrm_local_error
net/xfrm/xfrm_output.c
* xfrm: fix a warning in xfrm_policy_insert_list
net/xfrm/xfrm_policy.c
* xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
net/xfrm/xfrm_input.c
x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
mac80211: mesh: fix discovery timer re-arming issue / crash
parisc: Fix kernel panic in mem_init()
* iommu: Fix reference count leak in iommu_group_alloc.
drivers/iommu/iommu.c
* include/asm-generic/topology.h: guard cpumask_of_node() macro argument
include/asm-generic/topology.h
* fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
fs/binfmt_elf.c
* mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
include/linux/mm.h
libceph: ignore pool overlay and cache logic on redirects
* exec: Always set cap_ambient in cap_bprm_set_creds
security/commoncap.c
* ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
sound/usb/mixer.c
* ALSA: hwdep: fix a left shifting 1 by 31 UB bug
sound/core/hwdep.c
ARM: dts/imx6q-bx50v3: Set display interface clock parents
ARM: dts: imx6q-bx50v3: Add internal switch
ARM: dts: imx: Correct B850v3 clock assignment
IB/qib: Call kobject_put() when kobject_init_and_add() fails
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
Input: i8042 - add ThinkPad S230u to i8042 reset list
* Input: xpad - add custom init packet for Xbox One S controllers
drivers/input/joystick/xpad.c
* Input: evdev - call input_flush_device() on release(), not flush()
drivers/input/evdev.c
Input: usbtouchscreen - add support for BonXeon TP
cifs: Fix null pointer check in cifs_read
usb: gadget: legacy: fix redundant initialization warnings
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
gfs2: move privileged user check to gfs2_quota_lock_check
net: microchip: encx24j600: add missed kthread_stop
gpio: tegra: mask GPIO IRQs during IRQ shutdown
IB/cma: Fix reference count leak when no ipv4 addresses are set
* uapi: fix linux/if_pppol2tp.h userspace compilation errors
include/uapi/linux/l2tp.h
net/mlx4_core: fix a memory leak bug.
net: sun: fix missing release regions in cas_init_one().
net/mlx5: Add command entry handling completion
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
net/mlx5e: Update netdev txq on completions during closure
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
* net sched: fix reporting the first-time use timestamp
include/net/act_api.h
* net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
net/ipv4/route.c
net: ipip: fix wrong address family in init error path
ax25: fix setsockopt(SO_BINDTODEVICE)
ANDROID: cuttlefish defconfig - enable mount/net/uts namespaces.
Merge 4.9.225 into android-4.9-q
Linux 4.9.225
iio: sca3000: Remove an erroneous 'get_device()'
rapidio: fix an error in get_user_pages_fast() error handling
mei: release me_cl object reference
iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
staging: greybus: Fix uninitialized scalar variable
staging: iio: ad2s1210: Fix SPI reading
Revert "gfs2: Don't demote a glock until its revokes are written"
cxgb4/cxgb4vf: Fix mac_hlist initialization and free
cxgb4: free mac_hlist properly
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
* ubsan: build ubsan.c more conservatively
lib/Makefile
* x86/uaccess, ubsan: Fix UBSAN vs. SMAP
lib/Makefile
* l2tp: device MTU setup, tunnel socket needs a lock
include/linux/net.h
net/l2tp/l2tp_eth.c
net/socket.c
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
* ALSA: pcm: fix incorrect hw_base increase
sound/core/pcm_lib.c
* l2tp: initialise PPP sessions before registering them
net/l2tp/l2tp_ppp.c
* l2tp: protect sock pointer of struct pppol2tp_session with RCU
net/l2tp/l2tp_ppp.c
* l2tp: initialise l2tp_eth sessions before registering them
net/l2tp/l2tp_eth.c
* l2tp: don't register sessions in l2tp_session_create()
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
net/l2tp/l2tp_eth.c
net/l2tp/l2tp_ppp.c
* l2tp: fix l2tp_eth module loading
net/l2tp/l2tp_eth.c
* l2tp: pass tunnel pointer to ->session_create()
net/l2tp/l2tp_core.h
net/l2tp/l2tp_eth.c
net/l2tp/l2tp_netlink.c
net/l2tp/l2tp_ppp.c
* l2tp: prevent creation of sessions on terminated tunnels
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
* l2tp: hold tunnel used while creating sessions with netlink
net/l2tp/l2tp_netlink.c
* l2tp: hold tunnel while handling genl TUNNEL_GET commands
net/l2tp/l2tp_netlink.c
* l2tp: hold tunnel while handling genl tunnel updates
net/l2tp/l2tp_netlink.c
* l2tp: hold tunnel while processing genl delete command
net/l2tp/l2tp_netlink.c
* l2tp: hold tunnel while looking up sessions in l2tp_netlink
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
net/l2tp/l2tp_netlink.c
* l2tp: initialise session's refcount before making it reachable
net/l2tp/l2tp_core.c
* l2tp: define parameters of l2tp_tunnel_find*() as "const"
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
* l2tp: define parameters of l2tp_session_get*() as "const"
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
* l2tp: remove l2tp_session_find()
net/l2tp/l2tp_core.c
net/l2tp/l2tp_core.h
* l2tp: remove useless duplicate session detection in l2tp_netlink
net/l2tp/l2tp_netlink.c
* L2TP:Adjust intf MTU, add underlay L3, L2 hdrs.
net/l2tp/l2tp_eth.c
* New kernel function to get IP overhead on a socket.
include/linux/net.h
net/socket.c
* net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_*
net/l2tp/l2tp_ppp.c
* net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*
include/uapi/linux/if_pppol2tp.h
* net: l2tp: export debug flags to UAPI
include/uapi/linux/l2tp.h
net/l2tp/l2tp_core.h
* watchdog: Fix the race between the release of watchdog_core_data and cdev
drivers/watchdog/watchdog_dev.c
arm64: fix the flush_icache_range arguments in machine_kexec
padata: purge get_cpu and reorder_via_wq from padata_do_serial
padata: initialize pd->cpu with effective cpumask
padata: Replace delayed timer with immediate workqueue in padata_reorder
padata: set cpu_index of unused CPUs to -1
* i2c: dev: Fix the race between the release of i2c_dev and cdev
drivers/i2c/i2c-dev.c
ARM: futex: Address build warning
platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
* USB: core: Fix misleading driver bug report
drivers/usb/core/message.c
ceph: fix double unlock in handle_cap_export()
gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
* component: Silence bind error on -EPROBE_DEFER
drivers/base/component.c
* configfs: fix config_item refcnt leak in configfs_rmdir()
fs/configfs/dir.c
* HID: multitouch: add eGalaxTouch P80H84 support
drivers/hid/hid-ids.h
drivers/hid/hid-multitouch.c
* gcc-common.h: Update for GCC 10
scripts/gcc-plugins/Makefile
i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'
iommu/amd: Fix over-read of ACPI UID from IVRS table
* fix multiplication overflow in copy_fdtable()
fs/file.c
ima: Fix return value of ima_write_policy()
evm: Check also if *tfm is an error pointer in init_desc()
padata: ensure padata_do_serial() runs on the correct CPU
padata: ensure the reorder timer callback runs on the correct CPU
padata: get_next is never NULL
padata: Remove unused but set variables
igb: use igb_adapter->io_addr instead of e1000_hw->hw_addr
Merge 4.9.224 into android-4.9-q
Linux 4.9.224
* Makefile: disallow data races on gcc-10 as well
Makefile
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
ARM: dts: r8a7740: Add missing extal2 to CPG node
ARM: dts: r8a73a4: Add missing CMT1 interrupts
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
usb: gadget: legacy: fix error return code in cdc_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
* exec: Move would_dump into flush_old_exec
fs/exec.c
* x86: Fix early boot crash on gcc-10, third try
include/linux/compiler.h
init/main.c
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
* usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
drivers/usb/host/xhci-ring.c
* USB: gadget: fix illegal array access in binding with UDC
drivers/usb/gadget/configfs.c
* ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
sound/usb/quirks.c
* ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
include/sound/rawmidi.h
sound/core/rawmidi.c
* ALSA: rawmidi: Initialize allocated buffers
sound/core/rawmidi.c
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
netprio_cgroup: Fix unlimited memory leak of v2 cgroups
* net: ipv4: really enforce backoff for redirects
net/ipv4/route.c
* Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
net/ipv6/route.c
* netlabel: cope with NULL catmap
net/ipv4/cipso_ipv4.c
net/ipv6/calipso.c
net/netlabel/netlabel_kapi.c
* net: fix a potential recursive NETDEV_FEAT_CHANGE
net/core/dev.c
* gcc-10: disable 'restrict' warning for now
Makefile
* gcc-10: disable 'stringop-overflow' warning for now
Makefile
* gcc-10: disable 'array-bounds' warning for now
Makefile
* gcc-10: disable 'zero-length-bounds' warning for now
Makefile
* gcc-10: avoid shadowing standard library 'free()' in crypto
crypto/xts.c
net: phy: micrel: Use strlcpy() for ethtool::get_strings
* Stop the ad-hoc games with -Wno-maybe-initialized
Makefile
init/Kconfig
kernel/trace/Kconfig
* kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
Makefile
init/Kconfig
kernel/trace/Kconfig
* gcc-10 warnings: fix low-hanging fruit
include/linux/fs.h
include/linux/tty.h
pnp: Use list_for_each_entry() instead of open coding
IB/mlx4: Test return value of calls to ib_get_cached_pkey
* netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c
i40iw: Fix error handling in i40iw_manage_arp_cache()
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ALSA: hda/hdmi: fix race in monitor detection during probe
dmaengine: mmp_tdma: Reset channel error on release
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
cifs: Fix a race condition with cifs_echo_request
cifs: Check for timeout on Negotiate stage
spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
* scsi: sg: add sg_remove_request in sg_write
drivers/scsi/sg.c
drop_monitor: work around gcc-10 stringop-overflow warning
net: moxa: Fix a potential double 'free_irq()'
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
* shmem: fix possible deadlocks on shmlock_user_lock
mm/shmem.c
ptp: free ptp device pin descriptors properly
* ptp: fix the race between the release of ptp_clock and cdev
include/linux/posix-clock.h
kernel/time/posix-clock.c
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
* chardev: add helper function to register char devs with a struct device
fs/char_dev.c
include/linux/cdev.h
ptp: create "pins" together with the rest of attributes
ptp: use is_visible method to hide unused attributes
ptp: do not explicitly set drvdata in ptp_clock_register()
* blktrace: fix dereference after null check
kernel/trace/blktrace.c
* blktrace: Protect q->blk_trace with RCU
include/linux/blkdev.h
include/linux/blktrace_api.h
kernel/trace/blktrace.c
* blktrace: fix trace mutex deadlock
kernel/trace/blktrace.c
* blktrace: fix unlocked access to init/start-stop/teardown
kernel/trace/blktrace.c
* blktrace: Fix potential deadlock between delete & sysfs ops
block/blk-core.c
include/linux/blkdev.h
kernel/trace/blktrace.c
* net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
include/net/addrconf.h
net/ipv6/addrconf_core.c
net/ipv6/af_inet6.c
* net: ipv6: add net argument to ip6_dst_lookup_flow
include/net/ipv6.h
net/ipv6/af_inet6.c
net/ipv6/datagram.c
net/ipv6/inet6_connection_sock.c
net/ipv6/ip6_output.c
net/ipv6/raw.c
net/ipv6/tcp_ipv6.c
net/l2tp/l2tp_ip6.c
* ext4: add cond_resched() to ext4_protect_reserved_inode
fs/ext4/block_validity.c
* binfmt_elf: Do not move brk for INTERP-less ET_EXEC
fs/binfmt_elf.c
scripts/decodecode: fix trapping instruction formatting
objtool: Fix stack offset tracking for indirect CFAs
batman-adv: Fix refcnt leak in batadv_v_ogm_process
batman-adv: Fix refcnt leak in batadv_store_throughput_override
batman-adv: Fix refcnt leak in batadv_show_throughput_override
batman-adv: fix batadv_nc_random_weight_tq
* mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
mm/page_alloc.c
* tracing: Add a vmalloc_sync_mappings() for safe measure
kernel/trace/trace.c
USB: serial: garmin_gps: add sanity checking for data length
USB: uas: add quirk for LaCie 2Big Quadra
* binfmt_elf: move brk out of mmap when doing direct loader exec
fs/binfmt_elf.c
Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
bnxt_en: Improve AER slot reset.
net/mlx5: Fix command entry leak in Internal Error State
net/mlx5: Fix forced completion access non initialized command entry
bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
sch_sfq: validate silly quantum values
sch_choke: avoid potential panic in choke_reset()
net: usb: qmi_wwan: add support for DW5816e
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
net: macsec: preserve ingress frame ordering
* fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
net/sched/sch_fq_codel.c
dp83640: reverse arguments to list_add_tail
USB: serial: qcserial: Add DW5816e support
* ANDROID: hid: steam: remove BT controller matching
drivers/hid/hid-core.c
drivers/hid/hid-ids.h
* UPSTREAM: HID: steam: Fix input device disappearing
drivers/hid/hid-steam.c
Change-Id: I03104a17738ef3d28a296ca370185f58396c9262
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
5791e89d21 |
Merge 4.9.224 into android-4.9-q
Changes in 4.9.224 USB: serial: qcserial: Add DW5816e support dp83640: reverse arguments to list_add_tail fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks net: macsec: preserve ingress frame ordering net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() net: usb: qmi_wwan: add support for DW5816e sch_choke: avoid potential panic in choke_reset() sch_sfq: validate silly quantum values bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). net/mlx5: Fix forced completion access non initialized command entry net/mlx5: Fix command entry leak in Internal Error State bnxt_en: Improve AER slot reset. Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" binfmt_elf: move brk out of mmap when doing direct loader exec USB: uas: add quirk for LaCie 2Big Quadra USB: serial: garmin_gps: add sanity checking for data length tracing: Add a vmalloc_sync_mappings() for safe measure mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() batman-adv: fix batadv_nc_random_weight_tq batman-adv: Fix refcnt leak in batadv_show_throughput_override batman-adv: Fix refcnt leak in batadv_store_throughput_override batman-adv: Fix refcnt leak in batadv_v_ogm_process objtool: Fix stack offset tracking for indirect CFAs scripts/decodecode: fix trapping instruction formatting binfmt_elf: Do not move brk for INTERP-less ET_EXEC ext4: add cond_resched() to ext4_protect_reserved_inode net: ipv6: add net argument to ip6_dst_lookup_flow net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup blktrace: Fix potential deadlock between delete & sysfs ops blktrace: fix unlocked access to init/start-stop/teardown blktrace: fix trace mutex deadlock blktrace: Protect q->blk_trace with RCU blktrace: fix dereference after null check ptp: do not explicitly set drvdata in ptp_clock_register() ptp: use is_visible method to hide unused attributes ptp: create "pins" together with the rest of attributes chardev: add helper function to register char devs with a struct device ptp: Fix pass zero to ERR_PTR() in ptp_clock_register ptp: fix the race between the release of ptp_clock and cdev ptp: free ptp device pin descriptors properly shmem: fix possible deadlocks on shmlock_user_lock net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' net: moxa: Fix a potential double 'free_irq()' drop_monitor: work around gcc-10 stringop-overflow warning scsi: sg: add sg_remove_request in sg_write spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls cifs: Check for timeout on Negotiate stage cifs: Fix a race condition with cifs_echo_request dmaengine: pch_dma.c: Avoid data race between probe and irq handler dmaengine: mmp_tdma: Reset channel error on release ALSA: hda/hdmi: fix race in monitor detection during probe drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() ipc/util.c: sysvipc_find_ipc() incorrectly updates position index pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler i40iw: Fix error handling in i40iw_manage_arp_cache() netfilter: conntrack: avoid gcc-10 zero-length-bounds warning IB/mlx4: Test return value of calls to ib_get_cached_pkey pnp: Use list_for_each_entry() instead of open coding gcc-10 warnings: fix low-hanging fruit kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig Stop the ad-hoc games with -Wno-maybe-initialized net: phy: micrel: Use strlcpy() for ethtool::get_strings gcc-10: avoid shadowing standard library 'free()' in crypto gcc-10: disable 'zero-length-bounds' warning for now gcc-10: disable 'array-bounds' warning for now gcc-10: disable 'stringop-overflow' warning for now gcc-10: disable 'restrict' warning for now net: fix a potential recursive NETDEV_FEAT_CHANGE netlabel: cope with NULL catmap Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" net: ipv4: really enforce backoff for redirects netprio_cgroup: Fix unlimited memory leak of v2 cgroups ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 ALSA: rawmidi: Initialize allocated buffers ALSA: rawmidi: Fix racy buffer resize under concurrent accesses ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset USB: gadget: fix illegal array access in binding with UDC usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries x86: Fix early boot crash on gcc-10, third try exec: Move would_dump into flush_old_exec usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' usb: gadget: audio: Fix a missing error return value in audio_bind() usb: gadget: legacy: fix error return code in gncm_bind() usb: gadget: legacy: fix error return code in cdc_bind() Revert "ALSA: hda/realtek: Fix pop noise on ALC225" ARM: dts: r8a73a4: Add missing CMT1 interrupts ARM: dts: r8a7740: Add missing extal2 to CPG node KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce Makefile: disallow data races on gcc-10 as well Linux 4.9.224 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib9fdff8dd9e9c92a2e750251b98eb0e4c9496fba |
||
|
Steven Rostedt (VMware)
|
d6e55a35e9 |
tracing: Add a vmalloc_sync_mappings() for safe measure
commit 11f5efc3ab66284f7aaacc926e9351d658e2577b upstream.
x86_64 lazily maps in the vmalloc pages, and the way this works with per_cpu
areas can be complex, to say the least. Mappings may happen at boot up, and
if nothing synchronizes the page tables, those page mappings may not be
synced till they are used. This causes issues for anything that might touch
one of those mappings in the path of the page fault handler. When one of
those unmapped mappings is touched in the page fault handler, it will cause
another page fault, which in turn will cause a page fault, and leave us in
a loop of page faults.
Commit 763802b53a42 ("x86/mm: split vmalloc_sync_all()") split
vmalloc_sync_all() into vmalloc_sync_unmappings() and
vmalloc_sync_mappings(), as on system exit, it did not need to do a full
sync on x86_64 (although it still needed to be done on x86_32). By chance,
the vmalloc_sync_all() would synchronize the page mappings done at boot up
and prevent the per cpu area from being a problem for tracing in the page
fault handler. But when that synchronization in the exit of a task became a
nop, it caused the problem to appear.
Link: https://lore.kernel.org/r/20200429054857.66e8e333@oasis.local.home
Cc: stable@vger.kernel.org
Fixes:
|
||
|
lucaswei
|
fe4d25c70e |
Merge android-4.9-q (4.9.200) into android-msm-pixel-4.9-lts
Merge 4.9.200 into android-4.9-q
Linux 4.9.200
* alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP
kernel/time/alarmtimer.c
dmaengine: qcom: bam_dma: Fix resource leak
* net/flow_dissector: switch to siphash
include/linux/skbuff.h
include/net/flow_dissector.h
net/core/flow_dissector.c
net/sched/sch_fq_codel.c
* kbuild: add -fcf-protection=none when using retpoline flags
Makefile
* kbuild: use -fmacro-prefix-map to make __FILE__ a relative path
Makefile
* Kbuild: make designated_init attribute fatal
Makefile
* inet: stop leaking jiffies on the wire
net/ipv4/datagram.c
net/ipv4/tcp_ipv4.c
net/mlx4_core: Dynamically set guaranteed amount of counters per VF
vxlan: check tun_info options_len properly
net: bcmgenet: reset 40nm EPHY on energy detect
net: dsa: fix switch tree list
* net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
net/core/datagram.c
selftests: net: reuseport_dualstack: fix uninitalized parameter
* net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
net/core/ethtool.c
net: hisilicon: Fix ping latency when deal with high throughput
* net: fix sk_page_frag() recursion from memory reclaim
include/linux/gfp.h
include/net/sock.h
dccp: do not leak jiffies on the wire
cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
MIPS: bmips: mark exception vectors as char arrays
of: unittest: fix memory leak in unittest_data_add
scsi: target: core: Do not overwrite CDB byte 1
ARM: davinci: dm365: Fix McBSP dma_slave_map entry
perf kmem: Fix memory leak in compact_gfp_flags()
ARM: dts: imx7s: Correct GPT's ipg clock source
* scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
drivers/scsi/Kconfig
scsi: sni_53c710: fix compilation error
scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions
ARM: mm: fix alignment handler faults under memory pressure
pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable()
ARM: dts: logicpd-torpedo-som: Remove twl_keypad
ASoc: rockchip: i2s: Fix RPM imbalance
ASoC: wm_adsp: Don't generate kcontrols without READ flags
regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized
regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
UPSTREAM: HID: steam: fix deadlock with input devices.
UPSTREAM: HID: steam: fix boot loop with bluetooth firmware
UPSTREAM: HID: steam: remove input device when a hid client is running.
UPSTREAM: HID: steam: use hid_device.driver_data instead of hid_set_drvdata()
UPSTREAM: HID: steam: add missing fields in client initialization
UPSTREAM: HID: steam: add battery device.
* UPSTREAM: HID: add driver for Valve Steam Controller
drivers/hid/Kconfig
drivers/hid/Makefile
drivers/hid/hid-core.c
drivers/hid/hid-ids.h
include/linux/hid.h
* UPSTREAM: HID: sony: Fix memory corruption issue on cleanup.
drivers/hid/hid-sony.c
* UPSTREAM: HID: sony: Fix race condition between rumble and device remove.
drivers/hid/hid-sony.c
Merge 4.9.199 into android-4.9-q
Linux 4.9.199
Revert "ALSA: hda: Flush interrupts on disabling"
* ALSA: timer: Fix mutex deadlock at releasing card
sound/core/timer.c
* ALSA: timer: Simplify error path in snd_timer_open()
sound/core/timer.c
* ALSA: timer: Limit max instances per timer
include/sound/timer.h
sound/core/timer.c
* ALSA: timer: Follow standard EXPORT_SYMBOL() declarations
sound/core/timer.c
xfs: Correctly invert xfs_buftarg LRU isolation logic
sctp: not bind the socket in sctp_connect
* sctp: fix the issue that flags are ignored when using kernel_connect
include/net/sctp/sctp.h
* sch_netem: fix rcu splat in netem_enqueue()
include/net/sch_generic.h
net/sched/sch_netem.c
net: usb: sr9800: fix uninitialized local variable
* bonding: fix potential NULL deref in bond_update_slave_arr
drivers/net/bonding/bond_main.c
llc: fix sk_buff leak in llc_conn_service()
llc: fix sk_buff leak in llc_sap_state_process()
dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
rtlwifi: Fix potential overflow on P2P code
s390/cmm: fix information leak in cmm_timeout_handler()
* nl80211: fix validation of mesh path nexthop
net/wireless/nl80211.c
* HID: fix error message in hid_open_report()
drivers/hid/hid-core.c
* HID: Fix assumption that devices have inputs
drivers/hid/hid-dr.c
drivers/hid/hid-gaff.c
drivers/hid/hid-sony.c
HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
USB: serial: whiteheat: fix line-speed endianness
USB: serial: whiteheat: fix potential slab corruption
USB: ldusb: fix control-message timeout
USB: ldusb: fix ring-buffer locking
* usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
drivers/usb/storage/scsiglue.c
* USB: gadget: Reject endpoints with 0 maxpacket value
drivers/usb/gadget/udc/core.c
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
ALSA: bebob: Fix prototype of helper function to return negative value
* fuse: truncate pending writes on O_TRUNC
fs/fuse/file.c
* fuse: flush dirty data/metadata before non-truncate setattr
fs/fuse/dir.c
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
USB: legousbtower: fix a signedness bug in tower_probe()
* tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
kernel/trace/trace.c
s390/uaccess: avoid (false positive) compiler warnings
NFSv4: Fix leak of clp->cl_acceptor string
MIPS: fw: sni: Fix out of bounds init of o32 stack
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock()
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
ocfs2: clear zero in unaligned direct IO
efi/x86: Do not clean dummy variable in kexec path
efi/cper: Fix endianness of PCIe class code
serial: mctrl_gpio: Check for NULL pointer
fs: cifs: mute -Wunused-const-variable message
gpio: max77620: Use correct unit for debounce times
RDMA/iwcm: Fix a lock inversion issue
staging: rtl8188eu: fix null dereference when kzalloc fails
perf jevents: Fix period for Intel fixed counters
perf map: Fix overlapped map handling
iio: fix center temperature of bmc150-accel-core
* exec: load_script: Do not exec truncated interpreter path
fs/binfmt_script.c
rtc: pcf8523: set xtal load capacitance from DT
* usb: handle warm-reset port requests on hub resume
drivers/usb/core/hub.c
* scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
scripts/setlocalversion
HID: i2c-hid: Add Odys Winbook 13 to descriptor override
x86/cpu: Add Atom Tremont (Jacobsville)
HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
sc16is7xx: Fix for "Unexpected interrupt: 8"
* dm: Use kzalloc for all structs with embedded biosets/mempools
drivers/md/dm-io.c
drivers/md/dm-kcopyd.c
dm snapshot: rework COW throttling to fix deadlock
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: use mutex instead of rw_semaphore
* binder: binder: fix possible UAF when freeing buffer
drivers/android/binder.c
* BACKPORT: dm bufio: introduce a global cache replacement
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: remove old-style buffer cleanup
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: introduce a global queue
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: refactor adjust_total_allocated
drivers/md/dm-bufio.c
* BACKPORT: dm bufio: call adjust_total_allocated from __link_buffer and __unlink_buffer
drivers/md/dm-bufio.c
cuttlefish-4.9: Enable CONFIG_DM_SNAPSHOT
Merge 4.9.198 into android-4.9-q
Linux 4.9.198
RDMA/cxgb4: Do not dma memory off of the stack
* Revert "net: sit: fix memory leak in sit_init_net()"
net/ipv6/sit.c
* PCI: PM: Fix pci_power_up()
drivers/pci/pci.c
xen/netback: fix error path of xenvif_connect_data()
* cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
drivers/base/core.c
drivers/cpufreq/cpufreq.c
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
CIFS: avoid using MID 0xFFFF
parisc: Fix vmap memory leak in ioremap()/iounmap()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
* mm/slub: fix a deadlock in show_slab_objects()
mm/slub.c
scsi: zfcp: fix reaction on bit error threshold notification
* drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
drivers/gpu/drm/drm_edid.c
mac80211: Reject malformed SSID elements
cfg80211: wext: avoid copying malformed SSIDs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
Input: da9063 - fix capability and drop KEY_SLEEP
* scsi: core: try to get module before removing device
drivers/scsi/scsi_sysfs.c
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
USB: ldusb: fix read info leaks
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix memleak on disconnect
USB: serial: ti_usb_3410_5052: fix port-close races
usb: udc: lpc32xx: fix bad bit shift operation
ALSA: hda/realtek - Add support for ALC711
USB: legousbtower: fix memleak on disconnect
* memfd: Fix locking when tagging pins
mm/shmem.c
* ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net/ipv4/route.c
* net: avoid potential infinite loop in tc_ctl_action()
net/sched/act_api.c
sctp: change sctp_prot .no_autobind with true
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
* loop: Add LOOP_SET_DIRECT_IO to compat ioctl
drivers/block/loop.c
ocfs2: fix panic due to ocfs2_wq is null
Revert "drm/radeon: Fix EEH during kexec"
namespace: fix namespace.pl script to support relative paths
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
mac80211: fix txq null pointer dereference
* nl80211: fix null pointer dereference
net/wireless/nl80211.c
MIPS: dts: ar9331: fix interrupt-controller size
ARM: dts: am4372: Set memory bandwidth limit for DISPC
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
scsi: megaraid: disable device when probe failed after enabled device
* scsi: ufs: skip shutdown if hba is not powered
drivers/scsi/ufs/ufshcd.c
rtlwifi: Fix potential overflow on P2P code
ANDROID: clang: update to 9.0.8 based on r365631c
* ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
net/netfilter/xt_quota2.c
ANDROID: refactor build.config files to remove duplication
Merge 4.9.197 into android-4.9-q
Linux 4.9.197
xfs: clear sb->s_fs_info on mount failure
x86/asm: Fix MWAITX C-state hint value
* tracing: Get trace_array reference for available_tracers files
kernel/trace/trace.c
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
tracing/hwlat: Report total time spent in all NMIs during the sample
media: stkwebcam: fix runtime PM after driver unbind
* Fix the locking in dcache_readdir() and friends
fs/libfs.c
MIPS: Disable Loongson MMI instructions for kernel build
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
staging: fbtft: Stop using BL_CORE_DRIVER1
* kernel/sysctl.c: do not override max_threads provided by userspace
kernel/fork.c
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
CIFS: Force revalidate inode when dentry is stale
CIFS: Gracefully handle QueryInfo errors during open
perf inject jit: Fix JIT_CODE_MOVE filename
perf llvm: Don't access out-of-scope array
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
iio: light: opt3001: fix mutex unlock race
iio: adc: ad799x: fix probe error handling
staging: vt6655: Fix memory leak in vt6655_probe
USB: legousbtower: fix use-after-free on release
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix slab info leak at probe
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
USB: dummy-hcd: fix power budget for SuperSpeed mode
USB: microtek: fix info-leak at probe
USB: usblcd: fix I/O after disconnect
USB: serial: fix runtime PM after driver unbind
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: option: add Telit FN980 compositions
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: keyspan: fix NULL-derefs on open() and write()
serial: uartlite: fix exit path null pointer
USB: ldusb: fix NULL-derefs on driver unbind
USB: chaoskey: fix use-after-free on release
USB: usblp: fix runtime PM after driver unbind
USB: iowarrior: fix use-after-free after driver unbind
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: adutux: fix use-after-free on release
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on disconnect
USB: adutux: remove redundant variable minor
* xhci: Increase STS_SAVE timeout in xhci_suspend()
drivers/usb/host/xhci.c
* usb: xhci: wait for CNR controller not ready bit in xhci resume
drivers/usb/host/xhci.c
* xhci: Check all endpoints for LPM timeout
drivers/usb/host/xhci.c
* xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
drivers/usb/host/xhci.c
* xhci: Fix false warning message about wrong bounce buffer write length
drivers/usb/host/xhci-ring.c
USB: usb-skeleton: fix NULL-deref on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: yurex: fix NULL-derefs on disconnect
USB: yurex: Don't retry on unexpected errors
* USB: rio500: Remove Rio 500 kernel driver
drivers/usb/misc/Kconfig
drivers/usb/misc/Makefile
* panic: ensure preemption is disabled during panic()
kernel/panic.c
ASoC: sgtl5000: Improve VAG power and mute control
* nl80211: validate beacon head
net/wireless/nl80211.c
* cfg80211: Use const more consistently in for_each_element macros
include/linux/ieee80211.h
* cfg80211: add and use strongly typed element iteration macros
include/linux/ieee80211.h
net/wireless/scan.c
coresight: etm4x: Use explicit barriers on enable/disable
crypto: caam - fix concurrency issue in givencrypt descriptor
perf stat: Reset previous counts on repeat with interval
perf stat: Fix a segmentation fault when using repeat forever
perf tools: Fix segfault in cpu_cache_level__read()
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
* kernel/elfcore.c: include proper prototypes
kernel/elfcore.c
* sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
kernel/sched/core.c
fuse: fix memleak in cuse_channel_open
* thermal: Fix use-after-free when unregistering thermal zone device
drivers/thermal/thermal_core.c
drm/amdgpu: Check for valid number of registers to read
ceph: reconnect connection if session hang in opening state
ceph: fix directories inode i_blkbits initialization
xen/pci: reserve MCFG areas earlier
9p: avoid attaching writeback_fid on mmap with type PRIVATE
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
ima: always return negative code for error
* cfg80211: initialize on-stack chandefs
net/wireless/nl80211.c
net/wireless/reg.c
ieee802154: atusb: fix use-after-free at disconnect
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
* timer: Read jiffies once when forwarding base clk
kernel/time/timer.c
* usercopy: Avoid HIGHMEM pfn warning
mm/usercopy.c
crypto: qat - Silence smp_processor_id() warning
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
* ASoC: Define a set of DAPM pre/post-up events
include/sound/soc-dapm.h
KVM: nVMX: handle page fault in vmread fix
s390/cio: exclude subchannels with no parent from pseudo check
s390/cio: avoid calling strlen on null pointer
s390/topology: avoid firing events before kobjs are created
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
ANDROID: cuttlefish_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON
Change-Id: Ie9c99a9fcb1ee411aea4da0b1c4a454989142343
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
dcb71b3f7e |
Merge 4.9.199 into android-4.9-q
Changes in 4.9.199
dm snapshot: use mutex instead of rw_semaphore
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: rework COW throttling to fix deadlock
dm: Use kzalloc for all structs with embedded biosets/mempools
sc16is7xx: Fix for "Unexpected interrupt: 8"
HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
x86/cpu: Add Atom Tremont (Jacobsville)
HID: i2c-hid: Add Odys Winbook 13 to descriptor override
scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
usb: handle warm-reset port requests on hub resume
rtc: pcf8523: set xtal load capacitance from DT
exec: load_script: Do not exec truncated interpreter path
iio: fix center temperature of bmc150-accel-core
perf map: Fix overlapped map handling
perf jevents: Fix period for Intel fixed counters
staging: rtl8188eu: fix null dereference when kzalloc fails
RDMA/iwcm: Fix a lock inversion issue
gpio: max77620: Use correct unit for debounce times
fs: cifs: mute -Wunused-const-variable message
serial: mctrl_gpio: Check for NULL pointer
efi/cper: Fix endianness of PCIe class code
efi/x86: Do not clean dummy variable in kexec path
ocfs2: clear zero in unaligned direct IO
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
MIPS: fw: sni: Fix out of bounds init of o32 stack
NFSv4: Fix leak of clp->cl_acceptor string
s390/uaccess: avoid (false positive) compiler warnings
tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
USB: legousbtower: fix a signedness bug in tower_probe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
fuse: flush dirty data/metadata before non-truncate setattr
fuse: truncate pending writes on O_TRUNC
ALSA: bebob: Fix prototype of helper function to return negative value
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
USB: gadget: Reject endpoints with 0 maxpacket value
usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
USB: ldusb: fix ring-buffer locking
USB: ldusb: fix control-message timeout
USB: serial: whiteheat: fix potential slab corruption
USB: serial: whiteheat: fix line-speed endianness
HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
HID: Fix assumption that devices have inputs
HID: fix error message in hid_open_report()
nl80211: fix validation of mesh path nexthop
s390/cmm: fix information leak in cmm_timeout_handler()
rtlwifi: Fix potential overflow on P2P code
dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
llc: fix sk_buff leak in llc_sap_state_process()
llc: fix sk_buff leak in llc_conn_service()
bonding: fix potential NULL deref in bond_update_slave_arr
net: usb: sr9800: fix uninitialized local variable
sch_netem: fix rcu splat in netem_enqueue()
sctp: fix the issue that flags are ignored when using kernel_connect
sctp: not bind the socket in sctp_connect
xfs: Correctly invert xfs_buftarg LRU isolation logic
ALSA: timer: Follow standard EXPORT_SYMBOL() declarations
ALSA: timer: Limit max instances per timer
ALSA: timer: Simplify error path in snd_timer_open()
ALSA: timer: Fix mutex deadlock at releasing card
Revert "ALSA: hda: Flush interrupts on disabling"
Linux 4.9.199
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Petr Mladek
|
c24de62408 |
tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
[ Upstream commit d303de1fcf344ff7c15ed64c3f48a991c9958775 ]
A customer reported the following softlockup:
[899688.160002] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [test.sh:16464]
[899688.160002] CPU: 0 PID: 16464 Comm: test.sh Not tainted 4.12.14-6.23-azure #1 SLE12-SP4
[899688.160002] RIP: 0010:up_write+0x1a/0x30
[899688.160002] Kernel panic - not syncing: softlockup: hung tasks
[899688.160002] RIP: 0010:up_write+0x1a/0x30
[899688.160002] RSP: 0018:ffffa86784d4fde8 EFLAGS: 00000257 ORIG_RAX: ffffffffffffff12
[899688.160002] RAX: ffffffff970fea00 RBX: 0000000000000001 RCX: 0000000000000000
[899688.160002] RDX: ffffffff00000001 RSI: 0000000000000080 RDI: ffffffff970fea00
[899688.160002] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000
[899688.160002] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b59014720d8
[899688.160002] R13: ffff8b59014720c0 R14: ffff8b5901471090 R15: ffff8b5901470000
[899688.160002] tracing_read_pipe+0x336/0x3c0
[899688.160002] __vfs_read+0x26/0x140
[899688.160002] vfs_read+0x87/0x130
[899688.160002] SyS_read+0x42/0x90
[899688.160002] do_syscall_64+0x74/0x160
It caught the process in the middle of trace_access_unlock(). There is
no loop. So, it must be looping in the caller tracing_read_pipe()
via the "waitagain" label.
Crashdump analyze uncovered that iter->seq was completely zeroed
at this point, including iter->seq.seq.size. It means that
print_trace_line() was never able to print anything and
there was no forward progress.
The culprit seems to be in the code:
/* reset all but tr, trace, and overruns */
memset(&iter->seq, 0,
sizeof(struct trace_iterator) -
offsetof(struct trace_iterator, seq));
It was added by the commit
|
||
|
Greg Kroah-Hartman
|
e9766ef8f1 |
Merge 4.9.197 into android-4.9-q
Changes in 4.9.197
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
s390/topology: avoid firing events before kobjs are created
s390/cio: avoid calling strlen on null pointer
s390/cio: exclude subchannels with no parent from pseudo check
KVM: nVMX: handle page fault in vmread fix
ASoC: Define a set of DAPM pre/post-up events
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
crypto: qat - Silence smp_processor_id() warning
usercopy: Avoid HIGHMEM pfn warning
timer: Read jiffies once when forwarding base clk
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
ieee802154: atusb: fix use-after-free at disconnect
cfg80211: initialize on-stack chandefs
ima: always return negative code for error
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
9p: avoid attaching writeback_fid on mmap with type PRIVATE
xen/pci: reserve MCFG areas earlier
ceph: fix directories inode i_blkbits initialization
ceph: reconnect connection if session hang in opening state
drm/amdgpu: Check for valid number of registers to read
thermal: Fix use-after-free when unregistering thermal zone device
fuse: fix memleak in cuse_channel_open
sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
kernel/elfcore.c: include proper prototypes
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
perf tools: Fix segfault in cpu_cache_level__read()
perf stat: Fix a segmentation fault when using repeat forever
perf stat: Reset previous counts on repeat with interval
crypto: caam - fix concurrency issue in givencrypt descriptor
coresight: etm4x: Use explicit barriers on enable/disable
cfg80211: add and use strongly typed element iteration macros
cfg80211: Use const more consistently in for_each_element macros
nl80211: validate beacon head
ASoC: sgtl5000: Improve VAG power and mute control
panic: ensure preemption is disabled during panic()
USB: rio500: Remove Rio 500 kernel driver
USB: yurex: Don't retry on unexpected errors
USB: yurex: fix NULL-derefs on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: usb-skeleton: fix NULL-deref on disconnect
xhci: Fix false warning message about wrong bounce buffer write length
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Check all endpoints for LPM timeout
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Increase STS_SAVE timeout in xhci_suspend()
USB: adutux: remove redundant variable minor
USB: adutux: fix use-after-free on disconnect
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free after driver unbind
USB: usblp: fix runtime PM after driver unbind
USB: chaoskey: fix use-after-free on release
USB: ldusb: fix NULL-derefs on driver unbind
serial: uartlite: fix exit path null pointer
USB: serial: keyspan: fix NULL-derefs on open() and write()
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: option: add Telit FN980 compositions
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: fix runtime PM after driver unbind
USB: usblcd: fix I/O after disconnect
USB: microtek: fix info-leak at probe
USB: dummy-hcd: fix power budget for SuperSpeed mode
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
USB: legousbtower: fix slab info leak at probe
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix use-after-free on release
staging: vt6655: Fix memory leak in vt6655_probe
iio: adc: ad799x: fix probe error handling
iio: light: opt3001: fix mutex unlock race
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
perf llvm: Don't access out-of-scope array
perf inject jit: Fix JIT_CODE_MOVE filename
CIFS: Gracefully handle QueryInfo errors during open
CIFS: Force revalidate inode when dentry is stale
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
kernel/sysctl.c: do not override max_threads provided by userspace
staging: fbtft: Stop using BL_CORE_DRIVER1
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
MIPS: Disable Loongson MMI instructions for kernel build
Fix the locking in dcache_readdir() and friends
media: stkwebcam: fix runtime PM after driver unbind
tracing/hwlat: Report total time spent in all NMIs during the sample
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
tracing: Get trace_array reference for available_tracers files
x86/asm: Fix MWAITX C-state hint value
xfs: clear sb->s_fs_info on mount failure
Linux 4.9.197
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Steven Rostedt (VMware)
|
5e402bab5f |
tracing: Get trace_array reference for available_tracers files
commit 194c2c74f5532e62c218adeb8e2b683119503907 upstream.
As instances may have different tracers available, we need to look at the
trace_array descriptor that shows the list of the available tracers for the
instance. But there's a race between opening the file and an admin
deleting the instance. The trace_array_get() needs to be called before
accessing the trace_array.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Robin Peng
|
d5bdee4cf1 |
Merge android-4.9-q (4.9.192) into android-msm-pixel-4.9-lts
Merge 4.9.192 into android-4.9-q
Linux 4.9.192
* mld: fix memory leak in mld_del_delrec()
net/ipv6/mcast.c
* tcp: inherit timestamp on mtu probe
net/ipv4/tcp_output.c
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
net: fix skb use after free in netpoll
Revert "x86/apic: Include the LDR when clearing out APIC registers"
spi: bcm2835aux: fix corruptions for longer spi transfers
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: unifying code between polling and interrupt driven code
spi: bcm2835aux: ensure interrupts are enabled for shared handler
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
KVM: arm/arm64: Only skip MMIO insn once
ceph: fix buffer free while holding i_ceph_lock in fill_inode()
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
IB/mlx4: Fix memory leaks
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
ravb: Fix use-after-free ravb_tstamp_skb
wimax/i2400m: fix a memory leak bug
net: kalmia: fix memory leaks
cx82310_eth: fix a memory leak bug
net: myri10ge: fix memory leaks
cxgb4: fix a memory leak bug
* gpio: Fix build error of function redefinition
include/linux/gpio.h
ibmveth: Convert multicast list size for little-endian system
Bluetooth: btqca: Add a short delay before downloading the NVM
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
Merge 4.9.191 into android-4.9-q
Linux 4.9.191
* mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
mm/zsmalloc.c
x86/ptrace: fix up botched merge of spectrev1 fix
i2c: piix4: Fix port selection for AMD Family 16h Model 30h
KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
mac80211: fix possible sta leak
* Revert "cfg80211: fix processing world regdomain when non modular"
net/wireless/reg.c
VMCI: Release resource if the work is already queued
stm class: Fix a double free of stm_source_device
* mmc: core: Fix init of SD cards reporting an invalid VDD range
drivers/mmc/core/sd.c
mmc: sdhci-of-at91: add quirk for broken HS200
uprobes/x86: Fix detection of 32-bit user mode
ptrace,x86: Make user_64bit_mode() available to 32-bit builds
USB: storage: ums-realtek: Whitelist auto-delink support
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
usb: host: xhci: rcar: Fix typo in compatible string matching
usb: host: ohci: fix a race condition between shutdown and irq
usb: chipidea: udc: don't do hardware access if gadget has stopped
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
* usb-storage: Add new JMS567 revision to unusual_devs
drivers/usb/storage/unusual_devs.h
* mm/zsmalloc.c: fix race condition in zs_destroy_pool
mm/zsmalloc.c
x86/apic: Include the LDR when clearing out APIC registers
x86/apic: Do not initialize LDR and DFR for bigsmp
KVM: x86: Don't update RIP or do single-step on faulting emulation
ALSA: seq: Fix potential concurrent access to the deleted pool
ALSA: line6: Fix memory leak at line6_init_pcm() error path
* tcp: make sure EPOLLOUT wont be missed
net/core/stream.c
* ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
sound/usb/mixer.c
* ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
sound/usb/mixer.c
* tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
include/net/tcp.h
* scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
drivers/scsi/ufs/unipro.h
watchdog: bcm2835_wdt: Fix module autoload
tools: hv: fix KVP and VSS daemons exit code
usb: host: fotg2: restart hcd after port reset
i2c: emev2: avoid race when unregistering slave client
xen/blkback: fix memory leaks
* usb: gadget: composite: Clear "suspended" on reset/disconnect
drivers/usb/gadget/composite.c
* iommu/dma: Handle SG length overflow better
drivers/iommu/dma-iommu.c
dmaengine: ste_dma40: fix unneeded variable warning
x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
Revert "perf test 6: Fix missing kvm module load for s390"
xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
* mm/zsmalloc.c: migration can leave pages in ZS_EMPTY indefinitely
mm/zsmalloc.c
mm, page_owner: handle THP splits correctly
* genirq: Properly pair kobject_del() with kobject_add()
kernel/irq/irqdesc.c
* dm table: fix invalid memory accesses with too high sector number
drivers/md/dm-table.c
dm space map metadata: fix missing store of apply_bops() return value
dm btree: fix order of block initialization in btree_split_beneath
x86/boot: Fix boot regression caused by bootparam sanitizing
x86/boot: Save fields explicitly, zero out everything else
x86/apic: Handle missing global clockevent gracefully
x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
* gpiolib: never report open-drain/source lines as 'input' to user-space
drivers/gpio/gpiolib.c
* Revert "dm bufio: fix deadlock with loop device"
drivers/md/dm-bufio.c
HID: wacom: Correct distance scale for 2nd-gen Intuos devices
HID: wacom: correct misreported EKR ring values
selftests: kvm: Adding config fragments
perf pmu-events: Fix missing "cpu_clk_unhalted.core" event
drm/vmwgfx: fix memory leak when too many retries have occurred
x86/lib/cpu: Address missing prototypes warning
libata: add SG safety checks in SFF pio transfers
net: hisilicon: Fix dma_map_single failed on arm64
net: hisilicon: fix hip04-xmit never return TX_BUSY
net: hisilicon: make hip04_tx_reclaim non-reentrant
net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
HID: input: fix a4tech horizontal wheel custom usage
NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
can: peak_usb: force the string buffer NULL-terminated
can: sja1000: force the string buffer NULL-terminated
perf bench numa: Fix cpu0 binding
isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain()
net: usb: qmi_wwan: Add the BroadMobi BM818 card
ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
st_nci_hci_connectivity_event_received: null check the allocation
st21nfca_connectivity_event_received: null check the allocation
can: dev: call netif_carrier_off() in register_candev()
* bonding: Force slave speed check after link state recovery for 802.3ad
drivers/net/bonding/bond_main.c
* ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks
sound/soc/soc-dapm.c
* netfilter: ebtables: fix a memory leak bug in compat
net/bridge/netfilter/ebtables.c
MIPS: kernel: only use i8253 clocksource with periodic clockevent
HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
* BACKPORT: arch: add pidfd and io_uring syscalls everywhere
arch/arm64/include/asm/unistd32.h
* UPSTREAM: pidfd: fix a poll race when setting exit_state
kernel/exit.c
* BACKPORT: arch: wire-up pidfd_open()
arch/arm64/include/asm/unistd.h
arch/arm64/include/asm/unistd32.h
arch/x86/entry/syscalls/syscall_32.tbl
include/uapi/asm-generic/unistd.h
* BACKPORT: pid: add pidfd_open()
include/linux/syscalls.h
kernel/pid.c
* UPSTREAM: pidfd: add polling support
include/linux/pid.h
kernel/fork.c
kernel/pid.c
kernel/signal.c
* UPSTREAM: signal: improve comments
kernel/signal.c
* BACKPORT: fork: do not release lock that wasn't taken
kernel/fork.c
* BACKPORT: signal: support CLONE_PIDFD with pidfd_send_signal
kernel/signal.c
kernel/sys_ni.c
* BACKPORT: clone: add CLONE_PIDFD
include/linux/pid.h
include/uapi/linux/sched.h
kernel/fork.c
* UPSTREAM: Make anon_inodes unconditional
arch/arm64/kvm/Kconfig
drivers/base/Kconfig
drivers/char/tpm/Kconfig
drivers/dma-buf/Kconfig
drivers/gpio/Kconfig
drivers/iio/Kconfig
drivers/infiniband/Kconfig
drivers/vfio/Kconfig
fs/Makefile
fs/notify/fanotify/Kconfig
fs/notify/inotify/Kconfig
init/Kconfig
* UPSTREAM: signal: use fdget() since we don't allow O_PATH
kernel/signal.c
* UPSTREAM: signal: don't silently convert SI_USER signals to non-current pidfd
kernel/signal.c
* BACKPORT: signal: add pidfd_send_signal() syscall
arch/x86/entry/syscalls/syscall_32.tbl
fs/proc/base.c
include/linux/proc_fs.h
include/linux/syscalls.h
include/uapi/asm-generic/unistd.h
kernel/signal.c
kernel/sys_ni.c
* ANDROID: sched: Disallow WALT with CFS bandwidth control
init/Kconfig
* ANDROID: fiq_debugger: remove
drivers/staging/android/Kconfig
drivers/staging/android/Makefile
Merge 4.9.190 into android-4.9-q
Linux 4.9.190
* bonding: Add vlan tx offload to hw_enc_features
drivers/net/bonding/bond_main.c
team: Add vlan tx offload to hw_enc_features
net/mlx5e: Use flow keys dissector to parse packets for ARFS
net/mlx5e: Only support tx/rx pause setting for port owner
xen/netback: Reset nr_frags before freeing skb
sctp: fix the transport error_count check
* net/packet: fix race in tpacket_snd()
net/packet/af_packet.c
bnx2x: Fix VF's VLAN reconfiguration in reload.
iommu/amd: Move iommu_init_pci() to .init section
Input: psmouse - fix build error of multiple definition
* netfilter: conntrack: Use consistent ct id hash calculation
net/netfilter/nf_conntrack_core.c
* arm64: compat: Allow single-byte watchpoints on all addresses
arch/arm64/kernel/hw_breakpoint.c
* bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
include/linux/filter.h
kernel/bpf/core.c
net/core/sysctl_net_core.c
* asm-generic: fix -Wtype-limits compiler warnings
include/asm-generic/getorder.h
USB: serial: option: Add Motorola modem UARTs
USB: serial: option: add the BroadMobi BM818 card
USB: serial: option: Add support for ZTE MF871A
USB: serial: option: add D-Link DWM-222 device ID
* USB: CDC: fix sanity checks in CDC union parser
drivers/usb/core/message.c
usb: cdc-acm: make sure a refcount is taken early enough
* USB: core: Fix races in character device registration and deregistraion
drivers/usb/core/file.c
staging: comedi: dt3000: Fix rounding up of timer divisor
staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
ocfs2: remove set but not used variable 'last_hash'
IB/mad: Fix use-after-free in ib mad completion handling
IB/core: Add mitigation for Spectre V1
* arm64/mm: fix variable 'pud' set but not used
arch/arm64/include/asm/pgtable.h
* arm64/efi: fix variable 'si' set but not used
arch/arm64/include/asm/efi.h
* kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
scripts/Makefile.modpost
ata: libahci: do not complain in case of deferred probe
scsi: hpsa: correct scsi command status issue after reset
libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
perf header: Fix use of unitialized value warning
perf header: Fix divide by zero error if f_header.attr_size==0
irqchip/irq-imx-gpcv2: Forward irq type to parent
xen/pciback: remove set but not used variable 'old_state'
net: usb: pegasus: fix improper read if get_registers() fail
Input: iforce - add sanity checks
Input: kbtab - sanity check for endpoint type
* HID: hiddev: do cleanup in failure of opening a device
drivers/hid/usbhid/hiddev.c
* HID: hiddev: avoid opening a disconnected device
drivers/hid/usbhid/hiddev.c
HID: holtek: test for sanity of intfdata
ALSA: hda - Let all conexant codec enter D3 when rebooting
ALSA: hda - Add a generic reboot_notify
ALSA: hda - Fix a memory leak bug
xtensa: add missing isync to the cpu_reset TLB code
* netfilter: ctnetlink: don't use conntrack/expect object addresses as id
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_netlink.c
* inet: switch IP ID generator to siphash
include/linux/siphash.h
include/net/netns/ipv4.h
net/ipv4/route.c
net/ipv6/output_core.c
* siphash: implement HalfSipHash1-3 for hash tables
include/linux/siphash.h
lib/siphash.c
* siphash: add cryptographically secure PRF
include/linux/siphash.h
lib/Kconfig.debug
lib/Makefile
lib/siphash.c
vhost: scsi: add weight support
vhost_net: fix possible infinite loop
vhost: introduce vhost_exceeds_weight()
vhost_net: introduce vhost_exceeds_weight()
vhost_net: use packet weight for rx handler, too
vhost-net: set packet weight of tx polling to 2 * vq size
* bpf: add bpf_jit_limit knob to restrict unpriv allocations
include/linux/filter.h
kernel/bpf/core.c
net/core/sysctl_net_core.c
* bpf: restrict access to core bpf sysctls
net/core/sysctl_net_core.c
* bpf: get rid of pure_initcall dependency to enable jits
kernel/bpf/core.c
net/core/sysctl_net_core.c
net/socket.c
* mm/memcontrol.c: fix use after free in mem_cgroup_iter()
mm/memcontrol.c
* mm/usercopy: use memory range to be accessed for wraparound check
mm/usercopy.c
sh: kernel: hw_breakpoint: Fix missing break in switch statement
scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
iwlwifi: don't unmap as page memory that was mapped as single
mwifiex: fix 802.11n/WPA detection
smb3: send CAP_DFS capability during session setup
SMB3: Fix deadlock in validate negotiate hits reconnect
mac80211: don't WARN on short WMM parameters from AP
ALSA: hda - Don't override global PCM hw info flag
ALSA: firewire: fix a memory leak bug
hwmon: (nct7802) Fix wrong detection of in4 presence
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
* perf/core: Fix creating kernel counters for PMUs that override event->cpu
kernel/events/core.c
* tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
drivers/tty/tty_ldsem.c
scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
scsi: ibmvfc: fix WARN_ON during event pool release
scsi: megaraid_sas: fix panic on loading firmware crashdump
ARM: davinci: fix sleep.S build error on ARMv4
ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
drbd: dynamically allocate shash descriptor
perf probe: Avoid calling freeing routine multiple times for same pointer
* ALSA: compress: Be more restrictive about when a drain is allowed
sound/core/compress_offload.c
* ALSA: compress: Don't allow paritial drain operations on capture streams
sound/core/compress_offload.c
* ALSA: compress: Prevent bypasses of set_params
sound/core/compress_offload.c
* ALSA: compress: Fix regression on compressed capture streams
include/sound/compress_driver.h
sound/core/compress_offload.c
s390/qdio: add sanity checks to the fast-requeue path
cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
mac80211: don't warn about CW params when not using them
* iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
drivers/firmware/Kconfig
* netfilter: nfnetlink: avoid deadlock due to synchronous request_module
net/netfilter/nfnetlink.c
can: peak_usb: fix potential double kfree_skb()
usb: yurex: Fix use-after-free in yurex_delete
perf record: Fix module size on s390
perf db-export: Fix thread__exec_comm()
perf record: Fix wrong size in perf_record_mmap for last kernel module
* mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
mm/vmalloc.c
x86/mm: Sync also unmappings in vmalloc_sync_all()
x86/mm: Check for pfn instead of page in vmalloc_sync_one()
* sound: fix a memory leak bug
sound/sound_core.c
usb: iowarrior: fix deadlock on disconnect
* usb: usbfs: fix double-free of usb memory upon submiturb error
drivers/usb/core/devio.c
ANDROID: fix kernelci build-break in lowmemorykiller
ANDROID: Fixes to locking around handle_lmk_event
* UPSTREAM: net/ipv6: allow sysctl to change link-local address generation mode
include/linux/ipv6.h
include/net/if_inet6.h
net/ipv6/addrconf.c
* ANDROID: fix binder change in merge of 4.9.188
drivers/android/binder_alloc.c
Merge 4.9.189 into android-4.9-q
Linux 4.9.189
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
x86/entry/64: Use JMP instead of JMPQ
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86: cpufeatures: Sort feature word 7
spi: bcm2835: Fix 3-wire mode if DMA is enabled
* block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block/blk-core.c
bnx2x: Disable multi-cos feature.
ife: error out when nla attributes are empty
* ip6_tunnel: fix possible use-after-free on xmit
net/ipv6/ip6_tunnel.c
* compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
drivers/net/ppp/pppoe.c
drivers/net/ppp/pppox.c
fs/compat_ioctl.c
include/linux/if_pppox.h
net/l2tp/l2tp_ppp.c
tipc: compat: allow tipc commands without arguments
net: sched: Fix a possible null-pointer dereference in dequeue_func()
net/mlx5: Use reversed order when unregister devices
* net: fix ifindex collision during namespace removal
net/core/dev.c
* net: bridge: mcast: don't delete permanent entries when fast leave is enabled
net/bridge/br_multicast.c
net: bridge: delete local fdb on device init failure
atm: iphase: Fix Spectre v1 vulnerability
libceph: use kbasename() and kill ceph_file_part()
objtool: Add rewind_stack_do_exit() to the noreturn list
objtool: Add machine_real_restart() to the noreturn list
IB: directly cast the sockaddr union to aockaddr
RDMA: Directly cast the sockaddr union to sockaddr
* HID: Add quirk for HP X1200 PIXART OEM mouse
drivers/hid/hid-ids.h
drivers/hid/usbhid/hid-quirks.c
HID: wacom: fix bit shift for Cintiq Companion 2
* tcp: be more careful in tcp_fragment()
include/net/tcp.h
net/ipv4/tcp_output.c
* arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
arch/arm64/include/asm/cpufeature.h
arch/arm64/kernel/cpufeature.c
* arm64: cpufeature: Fix CTR_EL0 field definitions
arch/arm64/kernel/cpufeature.c
ARM: dts: logicpd-som-lv: Fix Audio Mute
ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo
ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV
scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
* fs/crypto: Fix 4.9.186 missmerge
fs/crypto/policy.c
Merge 4.9.188 into android-4.9-q
Linux 4.9.188
x86, mm, gup: prevent get_page() race with munmap in paravirt guest
objtool: Support GCC 9 cold subfunction naming scheme
* include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
include/linux/module.h
* Backport minimal compiler_attributes.h to support GCC 9
include/linux/compiler.h
eeprom: at24: make spd world-readable again
* coredump: fix race condition between collapse_huge_page() and core dumping
include/linux/mm.h
infiniband: fix race condition between infiniband mlx4, mlx5 driver and core dumping
* coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
drivers/android/binder.c
fs/proc/task_mmu.c
include/linux/mm.h
mm/mmap.c
IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
* drivers/perf: arm_pmu: Fix failure path in PM notifier
drivers/perf/arm_pmu.c
s390/dasd: fix endless loop after read unit address configuration
* selinux: fix memory leak in policydb_init()
security/selinux/ss/policydb.c
* gpiolib: fix incorrect IRQ requesting of an active-low lineevent
drivers/gpio/gpiolib.c
mmc: dw_mmc: Fix occasional hang after tuning on eMMC
Btrfs: fix incremental send failure after deduplication
* kbuild: initialize CLANG_FLAGS correctly in the top Makefile
Makefile
x86, boot: Remove multiple copy of static function sanitize_boot_params()
x86/kvm: Don't call kvm_spurious_fault() from .fixup
ipc/mqueue.c: only perform resource calculation if user valid
drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
coda: fix build using bare-metal toolchain
coda: add error handling for fget
* mm/cma.c: fail if fixed declaration can't be honored
mm/cma.c
x86: math-emu: Hide clang warnings for 16-bit overflow
x86/apic: Silence -Wtype-limits compiler warnings
be2net: Signal that the device cannot transmit during reconfiguration
* ACPI: fix false-positive -Wuninitialized warning
include/linux/acpi.h
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
ceph: return -ERANGE if virtual xattr value didn't fit in buffer
ceph: fix improper use of smp_mb__before_atomic()
btrfs: fix minimum number of chunk errors for DUP
fs/adfs: super: fix use-after-free bug
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
MIPS: lantiq: Fix bitfield masking
* kernel/module.c: Only return -EEXIST for modules that have finished loading
kernel/module.c
ftrace: Enable trampoline when rec count returns back to one
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
ARM: riscpc: fix DMA
* UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier
include/net/ndisc.h
net/ipv6/ndisc.c
ANDROID: fix up 9p filesystem due to CFI non-upstream patches
Merge 4.9.187 into android-4.9-q
Linux 4.9.187
ceph: hold i_ceph_lock when removing caps for freeing inode
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
* sched/fair: Don't free p->numa_faults with concurrent readers
fs/exec.c
include/linux/sched.h
kernel/fork.c
kernel/sched/fair.c
Bluetooth: hci_uart: check for missing tty operations
media: radio-raremono: change devm_k*alloc to k*alloc
media: cpia2_usb: first wake up, then free in disconnect
media: au0828: fix null dereference in error path
ISDN: hfcsusb: checking idx of ep configuration
* arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
arch/arm64/include/asm/compat.h
i2c: qup: fixed releasing dma without flush operation completion
arm64: dts: marvell: Fix A37xx UART0 register size
* tcp: reset sk_send_head in tcp_write_queue_purge
include/net/tcp.h
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
* access: avoid the RCU grace period for the temporary subjective credentials
fs/open.c
include/linux/cred.h
kernel/cred.c
powerpc/tm: Fix oops on sigreturn on systems without TM
ALSA: hda - Add a conexant codec entry to let mute led work
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
hpet: Fix division by zero in hpet_time_div()
x86/speculation/mds: Apply more accurate check on hypervisor platform
x86/sysfb_efi: Add quirks for some devices with swapped width and height
* usb: pci-quirks: Correct AMD PLL quirk detection
drivers/usb/host/pci-quirks.c
usb: wusbcore: fix unbalanced get/put cluster_id
locking/lockdep: Hide unused 'class' variable
locking/lockdep: Fix lock used or unused stats error
mm/mmu_notifier: use hlist_add_head_rcu()
9p: pass the correct prototype to read_cache_page
mm/kmemleak.c: fix check for softirq context
sh: prevent warnings when using iounmap
powerpc/eeh: Handle hugepages in ioremap space
* mailbox: handle failed named mailbox channel request
drivers/mailbox/mailbox.c
* f2fs: avoid out-of-range memory access
fs/f2fs/segment.c
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
* kallsyms: exclude kasan local symbols on s390
scripts/kallsyms.c
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
serial: sh-sci: Terminate TX DMA during buffer flushing
RDMA/i40iw: Set queue pair state when being queried
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
um: Silence lockdep complaint about mmap_sem
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
mfd: arizona: Fix undefined behavior
* mfd: core: Set fwnode for created devices
drivers/mfd/mfd-core.c
recordmcount: Fix spurious mcount entries on powerpc
iio: iio-utils: Fix possible incorrect mask calculation
PCI: xilinx-nwl: Fix Multi MSI data programming
* kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
Makefile
* PCI: sysfs: Ignore lockdep for remove attribute
drivers/pci/pci-sysfs.c
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
* usb: gadget: Zero ffs_io_data
drivers/usb/gadget/function/f_fs.c
* tty: serial_core: Set port active bit in uart_port_activate
drivers/tty/serial/serial_core.c
drm/rockchip: Properly adjust to a true clock in adjusted_mode
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/virtio: Add memory barriers for capset cache.
serial: 8250: Fix TX interrupt handling condition
tty: serial: msm_serial: avoid system lockup condition
tty/serial: digicolor: Fix digicolor-usart already registered warning
memstick: Fix error cleanup path of memstick_init
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
drm/bridge: tc358767: read display_props in get_modes()
tty: serial: cpm_uart - fix init when SMC is relocated
pinctrl: rockchip: fix leaked of_node references
tty: max310x: Fix invalid baudrate divisors calculator
* usb: core: hub: Disable hub-initiated U1/U2
drivers/usb/core/hub.c
drm/panel: simple: Fix panel_simple_dsi_probe
nfsd: Fix overflow causing non-working mounts on 1 TB machines
nfsd: fix performance-limiting session calculation
nfsd: give out fewer session slots as limit approaches
nfsd: increase DRC cache limit
NFSv4: Fix open create exclusive when the server reboots
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
perf/x86/amd/uncore: Get correct number of cores sharing last level cache
perf/x86/amd/uncore: Rename 'L2' to 'LLC'
* net: bridge: stp: don't cache eth dest pointer before skb pull
net/bridge/br_stp_bpdu.c
* net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net/bridge/br_multicast.c
* net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net/bridge/br_multicast.c
* tcp: Reset bytes_acked and bytes_received when disconnecting
net/ipv4/tcp.c
* bonding: validate ip header before check IPPROTO_IGMP
drivers/net/bonding/bond_main.c
netrom: hold sock when setting skb->destructor
netrom: fix a memory leak in nr_rx_frame()
macsec: fix checksumming after decryption
macsec: fix use-after-free of skb during RX
vrf: make sure skb->data contains ip header to make routing
sky2: Disable MSI on ASUS P6T
rxrpc: Fix send on a connected, but unbound socket
nfc: fix potential illegal memory access
net: openvswitch: fix csum updates for MPLS actions
* net: neigh: fix multiple neigh timer scheduling
net/core/neighbour.c
net: dsa: mv88e6xxx: wait after reset deactivation
net: bcmgenet: use promisc for unsupported filters
* ipv4: don't set IPv6 only flags to IPv4 addresses
net/ipv4/devinet.c
* igmp: fix memory leak in igmpv3_del_delrec()
net/ipv4/igmp.c
caif-hsi: fix possible deadlock in cfhsi_exit_module()
bnx2x: Prevent ptp_task to be rescheduled indefinitely
bnx2x: Prevent load reordering in tx completion processing
* ext4: allow directory holes
fs/ext4/dir.c
fs/ext4/namei.c
* lib/strscpy: Shut up KASAN false-positives in strscpy()
lib/string.c
* compiler.h: Add read_word_at_a_time() function.
include/linux/compiler.h
* compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
include/linux/compiler.h
* dm bufio: fix deadlock with loop device
drivers/md/dm-bufio.c
* usb: Handle USB3 remote wakeup for LPM enabled devices correctly
drivers/usb/core/hub.c
* Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
net/bluetooth/smp.c
intel_th: msu: Fix single mode with disabled IOMMU
* eCryptfs: fix a couple type promotion bugs
fs/ecryptfs/crypto.c
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
parisc: Ensure userspace privilege for ptraced processes in regset functions
um: Fix FP register size for XSTATE/XSAVE
um: Allow building and running on older hosts
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
PCI: hv: Delete the device earlier from hbus->children for hot-remove
crypto: ccp - Validate the the error value used to index error messages
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
coda: pass the host file in vma->vm_file on mmap
floppy: fix out-of-bounds read in copy_buffer
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in next_valid_format
floppy: fix div-by-zero in setup_format_params
* take floppy compat ioctls to sodding floppy.c
block/compat_ioctl.c
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
Btrfs: add missing inode version, ctime and mtime updates when punching hole
* PCI: Do not poll for PME if the device is in D3cold
drivers/pci/pci.c
9p/virtio: Add cleanup path in p9_virtio_init
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
drm/nouveau/i2c: Enable i2c pads & busses during preinit
* fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
fs/proc/proc_sysctl.c
arm64: tegra: Fix AGIC register range
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
media: coda: Remove unbalanced and unneeded mutex unlock
* media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
drivers/media/v4l2-core/v4l2-ctrls.c
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
ALSA: seq: Break too long mutex context in the write loop
* lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
lib/scatterlist.c
NFSv4: Handle the special Linux file open access mode
* tracing/snapshot: Resize spare buffer if size changed
kernel/trace/trace.c
iwlwifi: pcie: don't service an interrupt that was masked
arm64: tegra: Update Jetson TX1 GPU regulator timings
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
Input: gtco - bounds check collection indent level
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
* crypto: arm64/sha2-ce - correct digest for empty data in finup
arch/arm64/crypto/sha2-ce-glue.c
* crypto: arm64/sha1-ce - correct digest for empty data in finup
arch/arm64/crypto/sha1-ce-glue.c
* crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto/ghash-generic.c
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
scsi: NCR5380: Always re-enable reselection interrupt
scsi: NCR5380: Reduce goto statements in NCR5380_select()
xen: let alloc_xenballooned_pages() fail if not enough memory free
gtp: fix use-after-free in gtp_newlink()
gtp: fix Illegal context switch in RCU read-side critical section.
* Bluetooth: validate BLE connection interval updates
net/bluetooth/hci_event.c
net/bluetooth/l2cap_core.c
* Bluetooth: Check state in l2cap_disconnect_rsp
net/bluetooth/l2cap_core.c
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
* gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
drivers/gpio/gpiolib.c
* net: usb: asix: init MAC address buffers
drivers/net/usb/asix_devices.c
iwlwifi: mvm: Drop large non sta frames
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
* EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
drivers/edac/edac_mc_sysfs.c
drivers/edac/edac_module.h
* crypto: asymmetric_keys - select CRYPTO_HASH where needed
crypto/asymmetric_keys/Kconfig
ixgbe: Check DDM existence in transceiver before access
* rslib: Fix handling of of caller provided syndrome
lib/reed_solomon/decode_rs.c
* rslib: Fix decoding of shortened codes
lib/reed_solomon/decode_rs.c
* clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
include/linux/cpuhotplug.h
libata: don't request sense data on !ZAC ATA devices
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
ath10k: fix PCIE device wake up failed
mt7601u: fix possible memory leak when the device is disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: do not schedule rx_tasklet when the device has been disconnected
media: coda: increment sequence offset for the last returned frame
media: coda: fix mpeg2 sequence number handling
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
* timer_list: Guard procfs specific code
kernel/time/timer_list.c
* ntp: Limit TAI-UTC offset
kernel/time/ntp.c
* media: i2c: fix warning same module names
drivers/media/i2c/Makefile
* ipsec: select crypto ciphers for xfrm_algo
net/xfrm/Kconfig
* EDAC/sysfs: Fix memory leak when creating a csrow object
drivers/edac/edac_mc_sysfs.c
ipoib: correcly show a VF hardware address
vhost_net: disable zerocopy by default
perf evsel: Make perf_evsel__name() accept a NULL argument
* xfrm: fix sa selector validation
net/xfrm/xfrm_user.c
* blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
fs/fs-writeback.c
* rcu: Force inlining of rcu_read_lock()
include/linux/rcupdate.h
* bpf: silence warning messages in core
kernel/bpf/Makefile
* regmap: fix bulk writes on paged registers
drivers/base/regmap/regmap.c
gpio: omap: ensure irq is enabled before wakeup
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
perf test 6: Fix missing kvm module load for s390
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
s390/qdio: handle PENDING state for QEBSM devices
net: axienet: Fix race condition causing TX hang
net: fec: Do not use netdev messages too early
cpupower : frequency-set -r option misses the last cpu in related cpu list
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
locking/lockdep: Fix merging of hlocks with non-zero references
tua6100: Avoid build warnings.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
crypto: talitos - properly handle split ICV.
* net: phy: Check against net_device being NULL
drivers/net/phy/phy_device.c
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
* media: mc-device.c: don't memset __user pointer contents
drivers/media/media-device.c
* xfrm: Fix xfrm sel prefix length validation
net/xfrm/xfrm_user.c
* af_key: fix leaks in key_pol_get_resp and dump_sp.
net/key/af_key.c
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
net: stmmac: dwmac4/5: Clear unused address entries
net: stmmac: dwmac1000: Clear unused address entries
* media: media_device_enum_links32: clean a reserved field
drivers/media/media-device.c
media: vpss: fix a potential NULL pointer dereference
media: marvell-ccic: fix DMA s/g desc number calculation
crypto: talitos - fix skcipher failure due to wrong output IV
media: dvb: usb: fix use after free in dvb_usb_device_exit
batman-adv: fix for leaked TVLV handler.
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
ath6kl: add some bounds checking
ath9k: Check for errors when reading SREV register
ath10k: Do not send probe response template for mesh
dmaengine: imx-sdma: fix use-after-free on probe error path
* arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
arch/arm64/kernel/image.h
MIPS: fix build on non-linux hosts
MIPS: ath79: fix ar933x uart parity mode
ANDROID: enable CONFIG_RTC_DRV_TEST on cuttlefish
* ANDROID: xfrm: remove in_compat_syscall() checks
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
* UPSTREAM: binder: Set end of SG buffer area properly.
drivers/android/binder.c
Merge 4.9.186 into android-4.9-q
Linux 4.9.186
s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
s390/qdio: (re-)initialize tiqdio list entries
s390: fix stfle zero padding
ARC: hide unused function unw_hdr_alloc
* dm verity: use message limit for data block corruption message
drivers/md/dm-verity-target.c
ARM: dts: imx6ul: fix PWM[1-4] interrupts
sis900: fix TX completion
* ppp: mppe: Add softdep to arc4
drivers/net/ppp/ppp_mppe.c
be2net: fix link failure after ethtool offline test
ARM: omap2: remove incorrect __init annotation
* perf/core: Fix perf_sample_regs_user() mm check
kernel/events/core.c
arm64: crypto: remove accidentally backported files
nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header
e1000e: start network tx queue only when link is up
Revert "e1000e: fix cyclic resets at link up with active tx"
MIPS: Remove superfluous check for __linux__
VMCI: Fix integer overflow in VMCI handle arrays
carl9170: fix misuse of device driver API
staging: comedi: amplc_pci230: fix null pointer deref on interrupt
staging: comedi: dt282x: fix a null pointer deref on interrupt
usb: renesas_usbhs: add a workaround for a race condition of workqueue
* usb: gadget: ether: Fix race between gether_disconnect and rx_submit
drivers/usb/gadget/function/u_ether.c
p54usb: Fix race between disconnect and firmware loading
Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled"
USB: serial: option: add support for GosunCn ME3630 RNDIS mode
USB: serial: ftdi_sio: add ID for isodebug v1
mwifiex: Don't abort on small, spec-compliant vendor IEs
* fscrypt: don't set policy for a dead directory
fs/crypto/policy.c
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
mwifiex: Abort at too short BSS descriptor element
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
net :sunrpc :clnt :Fix xps refcount imbalance on the error path
* ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL
include/net/ip6_tunnel.h
bnx2x: Check if transceiver implements DDM before access
md: fix for divide error in status_resync
mac80211: only warn once on chanctx_conf being NULL
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
ARM: davinci: da850-evm: call regulator_has_full_constraints()
mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed
KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy
Input: imx_keypad - make sure keyboard can always wake up system
* can: mcp251x: add support for mcp25625
drivers/net/can/spi/Kconfig
dt-bindings: can: mcp251x: add mcp25625 support
* netfilter: ipv6: nf_defrag: accept duplicate fragments again
net/ipv6/netfilter/nf_conntrack_reasm.c
* netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments
net/ipv6/netfilter/nf_conntrack_reasm.c
mwifiex: Fix possible buffer overflows at parsing bss descriptor
mac80211: free peer keys before vif down in mesh
mac80211: mesh: fix RCU warning
staging:iio:ad7150: fix threshold mode config bit
samples, bpf: fix to change the buffer size for read()
Input: elantech - enable middle button support on 2 ThinkPads
crypto: talitos - rename alternative AEAD algos.
Change-Id: Ic17f4ff767e98db1ddee5f127d7de4a4c314e026
Signed-off-by: Robin Peng <robinpeng@google.com>
|
||
|
Greg Kroah-Hartman
|
0eb90dd8f7 |
Merge 4.9.187 into android-4.9-q
Changes in 4.9.187
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
dmaengine: imx-sdma: fix use-after-free on probe error path
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
crypto: talitos - fix skcipher failure due to wrong output IV
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
media: media_device_enum_links32: clean a reserved field
net: stmmac: dwmac1000: Clear unused address entries
net: stmmac: dwmac4/5: Clear unused address entries
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
media: mc-device.c: don't memset __user pointer contents
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
crypto: talitos - properly handle split ICV.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
tua6100: Avoid build warnings.
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
cpupower : frequency-set -r option misses the last cpu in related cpu list
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
perf test 6: Fix missing kvm module load for s390
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
rcu: Force inlining of rcu_read_lock()
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
xfrm: fix sa selector validation
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
ipoib: correcly show a VF hardware address
EDAC/sysfs: Fix memory leak when creating a csrow object
ipsec: select crypto ciphers for xfrm_algo
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: increment sequence offset for the last returned frame
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ath10k: fix PCIE device wake up failed
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
libata: don't request sense data on !ZAC ATA devices
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
crypto: asymmetric_keys - select CRYPTO_HASH where needed
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
iwlwifi: mvm: Drop large non sta frames
net: usb: asix: init MAC address buffers
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: validate BLE connection interval updates
gtp: fix Illegal context switch in RCU read-side critical section.
gtp: fix use-after-free in gtp_newlink()
xen: let alloc_xenballooned_pages() fail if not enough memory free
scsi: NCR5380: Reduce goto statements in NCR5380_select()
scsi: NCR5380: Always re-enable reselection interrupt
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
Input: gtco - bounds check collection indent level
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
arm64: tegra: Update Jetson TX1 GPU regulator timings
iwlwifi: pcie: don't service an interrupt that was masked
tracing/snapshot: Resize spare buffer if size changed
NFSv4: Handle the special Linux file open access mode
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ALSA: seq: Break too long mutex context in the write loop
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
arm64: tegra: Fix AGIC register range
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
9p/virtio: Add cleanup path in p9_virtio_init
PCI: Do not poll for PME if the device is in D3cold
Btrfs: add missing inode version, ctime and mtime updates when punching hole
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
take floppy compat ioctls to sodding floppy.c
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
coda: pass the host file in vma->vm_file on mmap
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
crypto: ccp - Validate the the error value used to index error messages
PCI: hv: Delete the device earlier from hbus->children for hot-remove
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
um: Allow building and running on older hosts
um: Fix FP register size for XSTATE/XSAVE
parisc: Ensure userspace privilege for ptraced processes in regset functions
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
eCryptfs: fix a couple type promotion bugs
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
dm bufio: fix deadlock with loop device
compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
compiler.h: Add read_word_at_a_time() function.
lib/strscpy: Shut up KASAN false-positives in strscpy()
ext4: allow directory holes
bnx2x: Prevent load reordering in tx completion processing
bnx2x: Prevent ptp_task to be rescheduled indefinitely
caif-hsi: fix possible deadlock in cfhsi_exit_module()
igmp: fix memory leak in igmpv3_del_delrec()
ipv4: don't set IPv6 only flags to IPv4 addresses
net: bcmgenet: use promisc for unsupported filters
net: dsa: mv88e6xxx: wait after reset deactivation
net: neigh: fix multiple neigh timer scheduling
net: openvswitch: fix csum updates for MPLS actions
nfc: fix potential illegal memory access
rxrpc: Fix send on a connected, but unbound socket
sky2: Disable MSI on ASUS P6T
vrf: make sure skb->data contains ip header to make routing
macsec: fix use-after-free of skb during RX
macsec: fix checksumming after decryption
netrom: fix a memory leak in nr_rx_frame()
netrom: hold sock when setting skb->destructor
bonding: validate ip header before check IPPROTO_IGMP
tcp: Reset bytes_acked and bytes_received when disconnecting
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: stp: don't cache eth dest pointer before skb pull
perf/x86/amd/uncore: Rename 'L2' to 'LLC'
perf/x86/amd/uncore: Get correct number of cores sharing last level cache
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
NFSv4: Fix open create exclusive when the server reboots
nfsd: increase DRC cache limit
nfsd: give out fewer session slots as limit approaches
nfsd: fix performance-limiting session calculation
nfsd: Fix overflow causing non-working mounts on 1 TB machines
drm/panel: simple: Fix panel_simple_dsi_probe
usb: core: hub: Disable hub-initiated U1/U2
tty: max310x: Fix invalid baudrate divisors calculator
pinctrl: rockchip: fix leaked of_node references
tty: serial: cpm_uart - fix init when SMC is relocated
drm/bridge: tc358767: read display_props in get_modes()
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
memstick: Fix error cleanup path of memstick_init
tty/serial: digicolor: Fix digicolor-usart already registered warning
tty: serial: msm_serial: avoid system lockup condition
serial: 8250: Fix TX interrupt handling condition
drm/virtio: Add memory barriers for capset cache.
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/rockchip: Properly adjust to a true clock in adjusted_mode
tty: serial_core: Set port active bit in uart_port_activate
usb: gadget: Zero ffs_io_data
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
PCI: sysfs: Ignore lockdep for remove attribute
kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
PCI: xilinx-nwl: Fix Multi MSI data programming
iio: iio-utils: Fix possible incorrect mask calculation
recordmcount: Fix spurious mcount entries on powerpc
mfd: core: Set fwnode for created devices
mfd: arizona: Fix undefined behavior
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
um: Silence lockdep complaint about mmap_sem
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
RDMA/i40iw: Set queue pair state when being queried
serial: sh-sci: Terminate TX DMA during buffer flushing
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
kallsyms: exclude kasan local symbols on s390
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
f2fs: avoid out-of-range memory access
mailbox: handle failed named mailbox channel request
powerpc/eeh: Handle hugepages in ioremap space
sh: prevent warnings when using iounmap
mm/kmemleak.c: fix check for softirq context
9p: pass the correct prototype to read_cache_page
mm/mmu_notifier: use hlist_add_head_rcu()
locking/lockdep: Fix lock used or unused stats error
locking/lockdep: Hide unused 'class' variable
usb: wusbcore: fix unbalanced get/put cluster_id
usb: pci-quirks: Correct AMD PLL quirk detection
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/speculation/mds: Apply more accurate check on hypervisor platform
hpet: Fix division by zero in hpet_time_div()
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
ALSA: hda - Add a conexant codec entry to let mute led work
powerpc/tm: Fix oops on sigreturn on systems without TM
access: avoid the RCU grace period for the temporary subjective credentials
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
tcp: reset sk_send_head in tcp_write_queue_purge
arm64: dts: marvell: Fix A37xx UART0 register size
i2c: qup: fixed releasing dma without flush operation completion
arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
ISDN: hfcsusb: checking idx of ep configuration
media: au0828: fix null dereference in error path
media: cpia2_usb: first wake up, then free in disconnect
media: radio-raremono: change devm_k*alloc to k*alloc
Bluetooth: hci_uart: check for missing tty operations
sched/fair: Don't free p->numa_faults with concurrent readers
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
ceph: hold i_ceph_lock when removing caps for freeing inode
Linux 4.9.187
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|