3352ba1a12
Merge 4.9.185 into android-4.9
Linux 4.9.185
* arm64: kaslr: keep modules inside module region when KASAN is enabled
arch/arm64/kernel/module.c
dmaengine: imx-sdma: remove BD_INTR for channel0
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
IB/hfi1: Close PSM sdma_progress sleep window
KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
* arm64, vdso: Define vdso_{start,end} as array
arch/arm64/kernel/vdso.c
tty: rocket: fix incorrect forward declaration of 'rp_init()'
btrfs: Ensure replaced device doesn't have pending chunk allocation
drm/imx: only send event on crtc disable if kept disabled
drm/imx: notify drm core before sending event during crtc disable
* lib/mpi: Fix karactx leak in mpi_powm
lib/mpi/mpi-pow.c
* ALSA: usb-audio: fix sign unintended sign extension on left shifts
sound/usb/mixer_quirks.c
ALSA: line6: Fix write on zero-sized buffer
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
crypto: user - prevent operating on larval algorithms
* ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
kernel/ptrace.c
MIPS: Workaround GCC __builtin_unreachable reordering bug
drm/i915/dmc: protect against reading random memory
KVM: x86: degrade WARN to pr_warn_ratelimited
clk: sunxi: fix uninitialized access
ARC: handle gcc generated __builtin_trap for older compiler
* bug.h: work around GCC PR82365 in BUG()
include/asm-generic/bug.h
include/linux/compiler-gcc.h
include/linux/compiler.h
ARC: fix allnoconfig build warning
mfd: omap-usb-tll: Fix register offsets
MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
MIPS: math-emu: do not use bools for arithmetic
* mm/mlock.c: change count_mm_mlocked_page_nr return type
mm/mlock.c
scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
scsi: hpsa: correct ioaccel2 chaining
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
ASoC: max98090: remove 24-bit format support if RJ is 0
drm/mediatek: fix unbind functions
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
* ASoC: soc-pcm: BE dai needs prepare when pause release after resume
sound/soc/soc-pcm.c
ASoC : cs4265 : readable register too low
* Bluetooth: Fix faulty expression for minimum encryption key size check
net/bluetooth/l2cap_core.c
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
* bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err
net/ipv6/udp.c
* bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro
net/ipv4/udp.c
net/ipv6/udp.c
* net: check before dereferencing netdev_ops during busy poll
net/core/dev.c
* ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
net/ipv4/raw.c
* bonding: Always enable vlan tx offload
drivers/net/bonding/bond_main.c
team: Always enable vlan tx offload
* tun: wake up waitqueues after IFF_UP is set
drivers/net/tun.c
tipc: check msg->req data len in tipc_nl_compat_bearer_disable
tipc: change to use register_pernet_device
sctp: change to hold sk after auth shkey is created successfully
net: stmmac: fixed new system time seconds value calculation
* af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET
net/packet/af_packet.c
net/packet/internal.h
* cpu/speculation: Warn on unsupported mitigations= parameter
kernel/cpu.c
NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
x86/speculation: Allow guests to use SSBD even if host does not
scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
* mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
mm/page_idle.c
fs/binfmt_flat.c: make load_flat_shared_library() work
* fs/proc/array.c: allow reporting eip/esp for all coredumping threads
fs/proc/array.c
net/9p: include trans_common.h to fix missing prototype warning.
9p: p9dirent_read: check network-provided name length
9p/rdma: remove useless check in cm_event_handler
9p: acl: fix uninitialized iattr access
9p/rdma: do not disconnect on down_interruptible EAGAIN
perf header: Fix unchecked usage of strncpy()
perf help: Remove needless use of strncpy()
perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul
IB/hfi1: Avoid hardlockup with flushlist_lock
mac80211: Do not use stack memory with scatterlist for GMAC
mac80211: drop robust management frames from unknown TA
* cfg80211: fix memory leak of wiphy device name
net/wireless/core.c
* Bluetooth: Fix regression with minimum encryption key size alignment
net/bluetooth/hci_conn.c
net/bluetooth/l2cap_core.c
* Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
powerpc/bpf: use unsigned division instruction for 64-bit operations
can: purge socket error queue on sock destruct
can: flexcan: fix timeout when set small bitrate
btrfs: start readahead also in seed devices
nvme: Fix u32 overflow in the number of namespace list calculation
hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
* scsi: ufs: Check that space was properly alloced in copy_query_response
drivers/scsi/ufs/ufshcd.c
scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
drm/arm/hdlcd: Allow a bit of clock tolerance
net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled
net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
net: hns: Fix loopback test failed at copper ports
net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
MIPS: uprobes: remove set but not used variable 'epc'
IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
IB/rdmavt: Fix alloc_qpn() WARN_ON()
parisc: Fix compiler warnings in float emulation code
parport: Fix mem leak in parport_register_dev_model
ARC: fix build warnings with !CONFIG_KPROBES
apparmor: enforce nullbyte at end of tag string
* Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
drivers/input/misc/uinput.c
IB/hfi1: Silence txreq allocation warnings
usb: chipidea: udc: workaround for endpoint conflict issue
* scsi: ufs: Avoid runtime suspend possibly being blocked forever
drivers/scsi/ufs/ufshcd-pltfrm.c
* gcc-9: silence 'address-of-packed-member' warning
Makefile
* tracing: Silence GCC 9 array bounds warning
kernel/trace/trace.c
kernel/trace/trace.h
BACKPORT: kheaders: Do not regenerate archive if config is not changed
* BACKPORT: kheaders: Move from proc to sysfs
init/Kconfig
kernel/Makefile
* BACKPORT: Provide in-kernel headers to make extending kernel easier
init/Kconfig
kernel/Makefile
Merge 4.9.184 into android-4.9
Linux 4.9.184
* tcp: refine memory limit test in tcp_fragment()
net/ipv4/tcp_output.c
Merge 4.9.183 into android-4.9
Linux 4.9.183
* Abort file_remove_privs() for non-reg. files
fs/inode.c
mlxsw: spectrum: Prevent force of 56G
scsi: libsas: delete sas port if expander discover failed
scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask
scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu
KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
ia64: fix build errors by exporting paddr_to_nid()
perf record: Fix s390 missing module symbol and warning for non-root users
perf data: Fix 'strncat may truncate' build failure with recent gcc
* configfs: Fix use-after-free when accessing sd->s_dentry
fs/configfs/dir.c
* i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
drivers/i2c/i2c-dev.c
net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
* gpio: fix gpio-adp5588 build errors
drivers/gpio/Kconfig
* perf/ring_buffer: Add ordering to rb->nest increment
kernel/events/ring_buffer.c
* perf/ring_buffer: Fix exposing a temporarily decreased data_head
kernel/events/ring_buffer.c
x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
mISDN: make sure device name is NUL terminated
selftests: netfilter: missing error check when setting up veth interface
perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints
Revert "staging: vc04_services: prevent integer overflow in create_pagelist()"
sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
* neigh: fix use-after-free read in pneigh_get_next
net/core/neighbour.c
lapb: fixed leak of control-blocks.
* ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
net/ipv6/ip6_flowlabel.c
be2net: Fix number of Rx queues used for flow hashing
ax25: fix inconsistent lock state in ax25_destroy_timer
rtc: pcf8523: don't return invalid date when battery is low
USB: serial: option: add Telit 0x1260 and 0x1261 compositions
USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
USB: serial: pl2303: add Allied Telesis VT-Kit3
* USB: usb-storage: Add new ID to ums-realtek
drivers/usb/storage/unusual_realtek.h
* USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
drivers/usb/core/quirks.c
usb: dwc2: Fix DMA cache alignment issues
drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read
KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
KVM: x86/pmu: do not mask the value that is written to fixed PMUs
usbnet: ipheth: fix racing condition
selftests/timers: Add missing fflush(stdout) calls
scsi: bnx2fc: fix incorrect cast to u64 on shift operation
* arm64/mm: Inhibit huge-vmap with ptdump
arch/arm64/mm/mmu.c
scsi: lpfc: add check for loss of ndlp when sending RRQ
Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex"
ALSA: seq: Fix race of get-subscription call vs port-delete ioctls
ALSA: seq: Protect in-kernel ioctl calls with mutex
* x86/uaccess, kcov: Disable stack protector
kernel/Makefile
ASoC: fsl_asrc: Fix the issue about unsupported rate
ASoC: cs42xx8: Add regcache mask dirty
* cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
include/linux/cgroup.h
bcache: fix stack corruption by PRECEDING_KEY()
i2c: acorn: fix i2c warning
* media: v4l2-ioctl: clear fields in s_parm
drivers/media/v4l2-core/v4l2-ioctl.c
* ptrace: restore smp_rmb() in __ptrace_may_access()
kernel/cred.c
kernel/ptrace.c
* signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
kernel/ptrace.c
fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
* mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
mm/list_lru.c
libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
ALSA: oxfw: allow PCM capture for Stanton SCS.1m
ALSA: seq: Cover unsubscribe_port() in list_mutex
* Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
ARM: exynos: Fix undefined instruction during Exynos5422 resume
* pwm: Fix deadlock warning when removing PWM device
drivers/pwm/core.c
drivers/pwm/sysfs.c
include/linux/pwm.h
ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa
pwm: tiehrpwm: Update shadow register for disabling PWMs
dmaengine: idma64: Use actual device for DMA transfers
gpio: gpio-omap: add check for off wake capable gpios
PCI: xilinx: Check for __get_free_pages() failure
video: imsttfb: fix potential NULL pointer dereferences
video: hgafb: fix potential NULL pointer dereference
PCI: rcar: Fix 64bit MSI message address handling
PCI: rcar: Fix a potential NULL pointer dereference
platform/x86: intel_pmc_ipc: adding error handling
PCI: rpadlpar: Fix leaked device_node references in add/remove paths
ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
platform/chrome: cros_ec_proto: check for NULL transfer function
x86/PCI: Fix PCI IRQ routing table memory leak
nfsd: allow fh_want_write to be called twice
* fuse: retrieve: cap requested size to negotiated max_write
fs/fuse/dev.c
* nvmem: core: fix read buffer in place
drivers/nvmem/core.c
ALSA: hda - Register irq handler after the chip initialization
iommu/vt-d: Set intel_iommu_gfx_mapped correctly
* watchdog: fix compile time error of pretimeout governors
drivers/watchdog/Kconfig
watchdog: imx2_wdt: Fix set_timeout for big timeout values
uml: fix a boot splat wrt use of cpu_all_mask
* configfs: fix possible use-after-free in configfs_register_group
fs/configfs/dir.c
* f2fs: fix to do sanity check on valid block count of segment
fs/f2fs/segment.h
* f2fs: fix to clear dirty inode in error path of f2fs_iget()
fs/f2fs/inode.c
* f2fs: fix to avoid panic in do_recover_data()
fs/f2fs/recovery.c
* ntp: Allow TAI-UTC offset to be set to zero
kernel/time/ntp.c
pwm: meson: Use the spin-lock only to protect register modifications
objtool: Don't use ignore flag for fake jumps
drm/bridge: adv7511: Fix low refresh rate selection
perf/x86/intel: Allow PEBS multi-entry in watermark mode
mfd: twl6040: Fix device init errors for ACCCTL register
mfd: intel-lpss: Set the device in reset state when init
mfd: tps65912-spi: Add missing of table registration
drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER
* kernel/sys.c: prctl: fix false positive in validate_prctl_map()
kernel/sys.c
mm/slab.c: fix an infinite loop in leaks_show()
mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
* mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
mm/cma.c
* mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE
mm/page_alloc.c
hugetlbfs: on restore reserve error path retain subpool reservation
ARM: prevent tracing IPI_CPU_BACKTRACE
ipc: prevent lockup on alloc_msg and free_msg
* sysctl: return -EINVAL if val violates minmax
kernel/sysctl.c
* fs/fat/file.c: issue flush after the writeback of FAT
fs/fat/file.c
rapidio: fix a NULL pointer dereference when create_workqueue() fails
* ANDROID: kernel: cgroup: cpuset: Clear cpus_requested for empty buf
kernel/cpuset.c
* ANDROID: kernel: cgroup: cpuset: Add missing allocation of cpus_requested in alloc_trial_cpuset
kernel/cpuset.c
* mm: memcontrol: fix NULL pointer crash in test_clear_page_writeback()
include/linux/memcontrol.h
mm/memcontrol.c
mm/page-writeback.c
Merge 4.9.182 into android-4.9
Linux 4.9.182
* tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
net/ipv4/tcp_timer.c
* tcp: add tcp_min_snd_mss sysctl
include/net/netns/ipv4.h
net/ipv4/sysctl_net_ipv4.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_output.c
* tcp: tcp_fragment() should apply sane memory limits
include/uapi/linux/snmp.h
net/ipv4/proc.c
net/ipv4/tcp_output.c
* tcp: limit payload size of sacked skbs
include/linux/tcp.h
include/net/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_input.c
net/ipv4/tcp_output.c
* tcp: reduce tcp_fastretrans_alert() verbosity
net/ipv4/tcp_input.c
efi/libstub: remove duplicate nokaslr
* BACKPORT: Add support for BPF_FUNC_probe_read_str
kernel/trace/bpf_trace.c
* UPSTREAM: binder: check for overflow when alloc for security context
drivers/android/binder.c
* BACKPORT: binder: fix race between munmap() and direct reclaim
drivers/android/binder_alloc.c
Merge 4.9.181 into android-4.9
Linux 4.9.181
* ethtool: check the return value of get_regs_len
net/core/ethtool.c
* ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
include/net/arp.h
* fuse: Add FOPEN_STREAM to use stream_open()
fs/fuse/file.c
include/uapi/linux/fuse.h
* fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
fs/open.c
fs/read_write.c
include/linux/fs.h
* TTY: serial_core, add ->install
drivers/tty/serial/serial_core.c
drm/i915: Fix I915_EXEC_RING_MASK
drm/radeon: prefer lower reference dividers
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
genwqe: Prevent an integer overflow in the ioctl
Revert "MIPS: perf: ath79: Fix perfcount IRQ assignment"
MIPS: pistachio: Build uImage.gz by default
* x86/power: Fix 'nosmt' vs hibernation triple fault during resume
include/linux/cpu.h
kernel/cpu.c
* fuse: fallocate: fix return with locked inode
fs/fuse/file.c
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
* rcu: locking and unlocking need to always be at least barriers
include/linux/rcupdate.h
* Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
net/core/fib_rules.c
* Revert "fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")"
net/core/fib_rules.c
* ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
net/ipv6/raw.c
* ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
net/ipv6/raw.c
pktgen: do not sleep with the thread lock held.
net: rds: fix memory leak in rds_ib_flush_mr_pool
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
* neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
net/core/neighbour.c
* ethtool: fix potential userspace buffer overflow
net/core/ethtool.c
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
* efi/libstub: Unify command line param parsing
include/linux/efi.h
Revert "x86/build: Move _etext to actual end of .text"
* mm: make page ref count overflow check tighter and more explicit
include/linux/mm.h
* mm: prevent get_user_pages() from overflowing page refcount
mm/gup.c
* mm, gup: ensure real head page is ref-counted when using hugepages
mm/gup.c
* mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages
mm/gup.c
* fs: prevent page refcount overflow in pipe_buf_get
fs/fuse/dev.c
fs/pipe.c
fs/splice.c
include/linux/pipe_fs_i.h
kernel/trace/trace.c
* binder: replace "%p" with "%pK"
drivers/android/binder.c
* binder: Replace "%p" with "%pK" for stable
drivers/android/binder.c
brcmfmac: add subtype check for event handling in data path
brcmfmac: assure SSID length from firmware is limited
brcmfmac: add length checks in scheduled scan result handler
drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set
gcc-plugins: Fix build failures under Darwin host
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
staging: vc04_services: prevent integer overflow in create_pagelist()
docs: Fix conf.py for Sphinx 2.0
* kernel/signal.c: trace_signal_deliver when signal_group_exit
kernel/signal.c
* memcg: make it work on sparse non-0-node systems
include/linux/list_lru.h
mm/list_lru.c
tty: max310x: Fix external crystal register setup
tty: serial: msm_serial: Fix XON/XOFF
drm/nouveau/i2c: Disable i2c bus access after ->fini()
ALSA: hda/realtek - Set default power save node to 0
powerpc/perf: Fix MMCRA corruption by bhrb_filter
Btrfs: fix race updating log root item during fsync
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
media: smsusb: better handle optional alignment
media: usb: siano: Fix false-positive "uninitialized variable" warning
media: usb: siano: Fix general protection fault in smsusb
USB: rio500: fix memory leak in close after disconnect
USB: rio500: refuse more than one device at a time
* USB: Add LPM quirk for Surface Dock GigE adapter
drivers/usb/core/quirks.c
USB: sisusbvga: fix oops in error path of sisusb_probe
* USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
drivers/usb/core/config.c
usbip: usbip_host: fix stub_dev lock context imbalance regression
usbip: usbip_host: fix BUG: sleeping function called from invalid context
* usb: xhci: avoid null pointer deref when bos field is NULL
drivers/usb/host/xhci.c
* xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
drivers/usb/host/xhci.c
* xhci: Use %zu for printing size_t type
drivers/usb/host/xhci-ring.c
* xhci: update bounce buffer with correct sg num
drivers/usb/host/xhci-ring.c
* include/linux/bitops.h: sanitize rotate primitives
include/linux/bitops.h
sparc64: Fix regression in non-hypervisor TLB flush xcall
tipc: fix modprobe tipc failed after switch order of device registration
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
crypto: vmx - ghash: do nosimd fallback manually
net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
net: mvneta: Fix err code path of probe
net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
* ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
net/ipv4/igmp.c
* ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
net/ipv4/igmp.c
bnxt_en: Fix aggregation buffer leak under OOM condition.
tipc: Avoid copying bytes beyond the supplied data
* usbnet: fix kernel crash after disconnect
drivers/net/usb/usbnet.c
net: stmmac: fix reset gpio free missing
* net-gro: fix use-after-free read in napi_gro_frags()
net/core/dev.c
net: fec: fix the clk mismatch in failed_reset path
* llc: fix skb leak in llc_build_and_send_ui_pkt()
net/llc/llc_output.c
* ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
net/ipv6/raw.c
* Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
net/core/fib_rules.c
* Revert "fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")"
net/core/fib_rules.c
Revert "x86/build: Move _etext to actual end of .text"
Merge 4.9.180 into android-4.9
Linux 4.9.180
* drm: Wake up next in drm_read() chain if we are forced to putback the event
drivers/gpu/drm/drm_fops.c
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
* spi: Fix zero length xfer bug
drivers/spi/spi.c
spi: rspi: Fix sequencer reset during initialization
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
media: saa7146: avoid high stack usage with clang
scsi: lpfc: Fix FDMI manufacturer attribute value
media: go7007: avoid clang frame overflow warning with KASAN
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
dmaengine: tegra210-adma: use devm_clk_*() helpers
scsi: qla4xxx: avoid freeing unallocated dma memory
* usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
drivers/usb/core/hcd.c
rcuperf: Fix cleanup path for invalid perf_type strings
rcutorture: Fix cleanup path for invalid torture_type strings
x86/mce: Fix machine_check_poll() tests for error types
tty: ipwireless: fix missing checks for ioremap
virtio_console: initialize vtermno value for ports
media: wl128x: prevent two potential buffer overflows
spi: tegra114: reset controller on probe
cxgb3/l2t: Fix undefined behaviour
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
* HID: core: move Usage Page concatenation to Main item
drivers/hid/hid-core.c
include/linux/hid.h
* chardev: add additional check for minor range overlap
fs/char_dev.c
x86/ia32: Fix ia32_restore_sigcontext() AC leak
x86/uaccess, signal: Fix AC=1 bloat
* arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
arch/arm64/kernel/cpu_ops.c
* scsi: ufs: Avoid configuring regulator with undefined voltage range
drivers/scsi/ufs/ufshcd.c
* scsi: ufs: Fix regulator load and icc-level configuration
drivers/scsi/ufs/ufshcd.c
brcmfmac: fix Oops when bringing up interface during USB disconnect
brcmfmac: fix race during disconnect when USB completion is in progress
brcmfmac: convert dev_init_lock mutex to completion
b43: shut up clang -Wuninitialized variable warning
brcmfmac: fix missing checks for kmemdup
mwifiex: Fix mem leak in mwifiex_tm_cmd
rtlwifi: fix a potential NULL pointer dereference
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
iio: hmc5843: fix potential NULL pointer dereferences
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
x86/build: Keep local relocations with ld.lld
cpufreq: pmac32: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: ppc_cbe: fix possible object reference leak
s390: cio: fix cio_irb declaration
extcon: arizona: Disable mic detect if running when driver is removed
* PM / core: Propagate dev->power.wakeup_path when no callbacks
drivers/base/power/main.c
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc_spi: add a status check for spi_sync_locked
* mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
drivers/mmc/core/pwrseq_emmc.c
scsi: libsas: Do discovery on empty PHY to update PHY info
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
* arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
arch/arm64/include/asm/vdso_datapage.h
arch/arm64/kernel/asm-offsets.c
arch/arm64/kernel/vdso.c
i40e: don't allow changes to HW VLAN stripping on active port VLANs
x86/irq/64: Limit IST stack overflow check to #DB stack
* USB: core: Don't unbind interfaces following device reset failure
drivers/usb/core/hub.c
* sched/core: Handle overflow in cpu_shares_write_u64
kernel/sched/core.c
* sched/core: Check quota and period overflow at usec to nsec conversion
kernel/sched/core.c
powerpc/numa: improve control of topology updates
media: pvrusb2: Prevent a buffer overflow
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
* audit: fix a memory leak bug
kernel/auditfilter.c
media: ov2659: make S_FMT succeed even if requested format doesn't match
media: au0828: stop video streaming only when last user stops
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
media: coda: clear error return value before picture run
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
pinctrl: pistachio: fix leaked of_node references
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
* mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
lib/strncpy_from_user.c
lib/strnlen_user.c
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
* smpboot: Place the __percpu annotation correctly
include/linux/smpboot.h
x86/build: Move _etext to actual end of .text
bcache: avoid clang -Wunintialized warning
bcache: add failure check to run_cache_set() for journal replay
bcache: fix failure in journal relplay
bcache: return error immediately in bch_journal_replay()
crypto: sun4i-ss - Fix invalid calculation of hash end
net: cw1200: fix a NULL pointer dereference
mwifiex: prevent an array overflow
ASoC: fsl_sai: Update is_slave_mode with correct value
* mac80211/cfg80211: update bss channel on channel switch
net/wireless/nl80211.c
dmaengine: pl330: _stop: clear interrupt status
w1: fix the resume command API
rtc: 88pm860x: prevent use-after-free on device remove
iwlwifi: pcie: don't crash on invalid RX interrupt
scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
* sched/cpufreq: Fix kobject memleak
drivers/cpufreq/cpufreq.c
* arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
arch/arm64/include/asm/pgtable.h
ARM: vdso: Remove dependency with the arch_timer driver internals
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
spi: pxa2xx: fix SCR (divisor) calculation
* ASoC: imx: fix fiq dependencies
sound/soc/fsl/Kconfig
powerpc/boot: Fix missing check of lseek() return value
* ASoC: hdmi-codec: unlock the device on startup errors
sound/soc/codecs/hdmi-codec.c
net: ena: gcc 8: fix compilation warning
dmaengine: tegra210-dma: free dma controller in remove()
* mmc: core: Verify SD bus width
drivers/mmc/core/sd.c
cxgb4: Fix error path in cxgb4_init_module
gfs2: Fix lru_count going negative
Revert "btrfs: Honour FITRIM range constraints during free space trim"
tools include: Adopt linux/bits.h
perf tools: No need to include bitops.h in util.h
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
media: cpia2: Fix use-after-free in cpia2_exit
* fbdev: fix WARNING in __alloc_pages_nodemask bug
drivers/video/fbdev/core/fbcmap.c
* hugetlb: use same fault hash key for shared and private mappings
include/linux/hugetlb.h
* fbdev: fix divide error in fb_var_to_videomode
drivers/video/fbdev/core/modedb.c
btrfs: sysfs: don't leak memory when failing add fsid
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
gfs2: Fix sign extension bug in gfs2_update_stats
* arm64: Save and restore OSDLR_EL1 across suspend/resume
arch/arm64/mm/proc.S
libnvdimm/namespace: Fix label tracking error
kvm: svm/avic: fix off-by-one in checking host APIC ID
crypto: vmx - CTR: always increment IV as quadword
* Revert "scsi: sd: Keep disk read-only when re-reading partition"
drivers/scsi/sd.c
* bio: fix improper use of smp_mb__before_atomic()
include/linux/bio.h
KVM: x86: fix return value for reserved EFER
* ext4: do not delete unlinked inode from orphan list on failed truncate
fs/ext4/inode.c
Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.9.y' into android-4.9
Merge 4.9.179 into android-4.9
Linux 4.9.179
fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
btrfs: Honour FITRIM range constraints during free space trim
md/raid: raid5 preserve the writeback action after the parity check
Revert "Don't jump to compute_result state from check_result state"
perf bench numa: Add define for RUSAGE_THREAD if not present
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
* power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG
drivers/power/supply/power_supply_sysfs.c
KVM: arm/arm64: Ensure vcpu target is unset on reset failure
mac80211: Fix kernel panic due to use of txq after free
* xfrm4: Fix uninitialized memory read in _decode_session4
net/ipv4/xfrm4_policy.c
* vti4: ipip tunnel deregistration fixes.
net/ipv4/ip_vti.c
* xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
net/ipv6/xfrm6_tunnel.c
* xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
net/xfrm/xfrm_user.c
dm delay: fix a crash when invalid device is specified
* PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
drivers/pci/quirks.c
include/linux/pci.h
PCI: Factor out pcie_retrain_link() function
* PCI: Mark Atheros AR9462 to avoid bus reset
drivers/pci/quirks.c
fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
fbdev: sm712fb: fix support for 1024x768-16 mode
fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
fbdev: sm712fb: fix brightness control on reboot, don't set SR30
objtool: Allow AR to be overridden with HOSTAR
perf intel-pt: Fix sample timestamp wrt non-taken branches
perf intel-pt: Fix improved sample timestamp
perf intel-pt: Fix instructions sampling rate
memory: tegra: Fix integer overflow on tick value calculation
* tracing: Fix partial reading of trace event's id file
kernel/trace/trace_events.c
ceph: flush dirty inodes before proceeding with remount
iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
* fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
fs/fuse/file.c
* fuse: fix writepages on 32bit
fs/fuse/file.c
clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
NFS4: Fix v4.0 client state corruption when mount
media: ov6650: Fix sensor possibly not detected on probe
cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()
* of: fix clang -Wunsequenced for be32_to_cpu()
include/linux/of.h
p54: drop device reference count if fails to enable device
intel_th: msu: Fix single mode with IOMMU
md: add mddev->pers to avoid potential NULL pointer dereference
stm class: Fix channel free in stm output free path
parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code
parisc: Skip registering LED when running in QEMU
parisc: Export running_on_qemu symbol for modules
vsock/virtio: Initialize core virtio vsock before registering the driver
tipc: fix modprobe tipc failed after switch order of device registration
vsock/virtio: free packets during the socket release
tipc: switch order of device registration to fix a crash
* ppp: deflate: Fix possible crash in deflate_init
drivers/net/ppp/ppp_deflate.c
net/mlx4_core: Change the error print to info print
* net: avoid weird emergency message
net/core/dev.c
* f2fs: link f2fs quota ops for sysfile
fs/f2fs/checkpoint.c
fs/f2fs/super.c
* BACKPORT: gcov: clang support
kernel/gcov/Kconfig
UPSTREAM: gcov: docs: add a note on GCC vs Clang differences
UPSTREAM: gcov: clang: move common GCC code into gcc_base.c
* UPSTREAM: module: add stubs for within_module functions
include/linux/module.h
* UPSTREAM: gcov: remove CONFIG_GCOV_FORMAT_AUTODETECT
kernel/gcov/Kconfig
* BACKPORT: kbuild: gcov: enable -fno-tree-loop-im if supported
Makefile
Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.9.y' into android-4.9
* ext4: fix build warning
fs/ext4/file.c
Change-Id: I8e7abd3cefdf0f9d9c1fa5b63a0abf243fe7c7d1
Signed-off-by: Robin Peng <robinpeng@google.com>
127 lines
3.2 KiB
C
127 lines
3.2 KiB
C
#include <linux/compiler.h>
|
|
#include <linux/export.h>
|
|
#include <linux/kasan-checks.h>
|
|
#include <linux/thread_info.h>
|
|
#include <linux/uaccess.h>
|
|
#include <linux/kernel.h>
|
|
#include <linux/errno.h>
|
|
|
|
#include <asm/byteorder.h>
|
|
#include <asm/word-at-a-time.h>
|
|
|
|
#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS
|
|
#define IS_UNALIGNED(src, dst) 0
|
|
#else
|
|
#define IS_UNALIGNED(src, dst) \
|
|
(((long) dst | (long) src) & (sizeof(long) - 1))
|
|
#endif
|
|
|
|
/*
|
|
* Do a strncpy, return length of string without final '\0'.
|
|
* 'count' is the user-supplied count (return 'count' if we
|
|
* hit it), 'max' is the address space maximum (and we return
|
|
* -EFAULT if we hit it).
|
|
*/
|
|
static inline long do_strncpy_from_user(char *dst, const char __user *src,
|
|
unsigned long count, unsigned long max)
|
|
{
|
|
const struct word_at_a_time constants = WORD_AT_A_TIME_CONSTANTS;
|
|
unsigned long res = 0;
|
|
|
|
/*
|
|
* Truncate 'max' to the user-specified limit, so that
|
|
* we only have one limit we need to check in the loop
|
|
*/
|
|
if (max > count)
|
|
max = count;
|
|
|
|
if (IS_UNALIGNED(src, dst))
|
|
goto byte_at_a_time;
|
|
|
|
while (max >= sizeof(unsigned long)) {
|
|
unsigned long c, data;
|
|
|
|
/* Fall back to byte-at-a-time if we get a page fault */
|
|
unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time);
|
|
|
|
*(unsigned long *)(dst+res) = c;
|
|
if (has_zero(c, &data, &constants)) {
|
|
data = prep_zero_mask(c, data, &constants);
|
|
data = create_zero_mask(data);
|
|
return res + find_zero(data);
|
|
}
|
|
res += sizeof(unsigned long);
|
|
max -= sizeof(unsigned long);
|
|
}
|
|
|
|
byte_at_a_time:
|
|
while (max) {
|
|
char c;
|
|
|
|
unsafe_get_user(c,src+res, efault);
|
|
dst[res] = c;
|
|
if (!c)
|
|
return res;
|
|
res++;
|
|
max--;
|
|
}
|
|
|
|
/*
|
|
* Uhhuh. We hit 'max'. But was that the user-specified maximum
|
|
* too? If so, that's ok - we got as much as the user asked for.
|
|
*/
|
|
if (res >= count)
|
|
return res;
|
|
|
|
/*
|
|
* Nope: we hit the address space limit, and we still had more
|
|
* characters the caller would have wanted. That's an EFAULT.
|
|
*/
|
|
efault:
|
|
return -EFAULT;
|
|
}
|
|
|
|
/**
|
|
* strncpy_from_user: - Copy a NUL terminated string from userspace.
|
|
* @dst: Destination address, in kernel space. This buffer must be at
|
|
* least @count bytes long.
|
|
* @src: Source address, in user space.
|
|
* @count: Maximum number of bytes to copy, including the trailing NUL.
|
|
*
|
|
* Copies a NUL-terminated string from userspace to kernel space.
|
|
*
|
|
* On success, returns the length of the string (not including the trailing
|
|
* NUL).
|
|
*
|
|
* If access to userspace fails, returns -EFAULT (some data may have been
|
|
* copied).
|
|
*
|
|
* If @count is smaller than the length of the string, copies @count bytes
|
|
* and returns @count.
|
|
*/
|
|
long strncpy_from_user(char *dst, const char __user *src, long count)
|
|
{
|
|
unsigned long max_addr, src_addr;
|
|
|
|
if (unlikely(count <= 0))
|
|
return 0;
|
|
|
|
src = untagged_addr(src);
|
|
|
|
max_addr = user_addr_max();
|
|
src_addr = (unsigned long)src;
|
|
if (likely(src_addr < max_addr)) {
|
|
unsigned long max = max_addr - src_addr;
|
|
long retval;
|
|
|
|
kasan_check_write(dst, count);
|
|
check_object_size(dst, count, false);
|
|
user_access_begin();
|
|
retval = do_strncpy_from_user(dst, src, count, max);
|
|
user_access_end();
|
|
return retval;
|
|
}
|
|
return -EFAULT;
|
|
}
|
|
EXPORT_SYMBOL(strncpy_from_user);
|