vic
1734 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
879c3c8219 |
Merge branch 'linux-4.14.y' of github.com:openela/kernel-lts into android-msm-pixel-4.14
* 'linux-4.14.y' of github.com:openela/kernel-lts: (342 commits) LTS: Update to 4.14.355 Revert "parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367" netns: restore ops before calling ops_exit_list cx82310_eth: fix error return code in cx82310_bind() rtmutex: Drop rt_mutex::wait_lock before scheduling locking/rtmutex: Handle non enqueued waiters gracefully in remove_waiter() drm/i915/fence: Mark debug_fence_free() with __maybe_unused ACPI: processor: Fix memory leaks in error paths of processor_add() ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() netns: add pre_exit method to struct pernet_operations net: Add comment about pernet_operations methods and synchronization nilfs2: protect references to superblock parameters exposed in sysfs nilfs2: replace snprintf in show functions with sysfs_emit nilfs2: use time64_t internally tracing: Avoid possible softlockup in tracing_iter_reset() ring-buffer: Rename ring_buffer_read() to read_buffer_iter_advance() uprobes: Use kzalloc to allocate xol area clocksource/drivers/imx-tpm: Fix next event not taking effect sometime clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX VMCI: Fix use-after-free when removing resource in vmci_resource_remove() ... Conflicts: drivers/mmc/core/mmc_test.c drivers/net/usb/usbnet.c fs/f2fs/inode.c fs/f2fs/namei.c include/linux/overflow.h Change-Id: Icfff2ec3039c2ce40ed7a9c1d9a6a99269ff4c83 |
||
|
Phil Chang
|
b02d82c6ed |
hrtimer: Prevent queuing of hrtimer without a function callback
[ Upstream commit 5a830bbce3af16833fe0092dec47b6dd30279825 ] The hrtimer function callback must not be NULL. It has to be specified by the call side but it is not validated by the hrtimer code. When a hrtimer is queued without a function callback, the kernel crashes with a null pointer dereference when trying to execute the callback in __run_hrtimer(). Introduce a validation before queuing the hrtimer in hrtimer_start_range_ns(). [anna-maria: Rephrase commit message] Signed-off-by: Phil Chang <phil.chang@mediatek.com> Signed-off-by: Anna-Maria Behnsen <anna-maria@linutronix.de> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Anna-Maria Behnsen <anna-maria@linutronix.de> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit ccef3adcb84816a30b8e535c8c4fcb167904e7b1) [Vegard: fix conflicts in context due to missing commit 138a6b7ae4dedde5513678f57b275eee19c41b6a ("hrtimer: Factor out __hrtimer_start_range_ns()").] Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> |
||
|
Justin Stitt
|
53390d85b1 |
ntp: Safeguard against time_constant overflow
commit 06c03c8edce333b9ad9c6b207d93d3a5ae7c10c0 upstream. Using syzkaller with the recently reintroduced signed integer overflow sanitizer produces this UBSAN report: UBSAN: signed-integer-overflow in ../kernel/time/ntp.c:738:18 9223372036854775806 + 4 cannot be represented in type 'long' Call Trace: handle_overflow+0x171/0x1b0 __do_adjtimex+0x1236/0x1440 do_adjtimex+0x2be/0x740 The user supplied time_constant value is incremented by four and then clamped to the operating range. Before commit |
||
|
Justin Stitt
|
07f7f40df9 |
ntp: Clamp maxerror and esterror to operating range
[ Upstream commit 87d571d6fb77ec342a985afa8744bb9bb75b3622 ] Using syzkaller alongside the newly reintroduced signed integer overflow sanitizer spits out this report: UBSAN: signed-integer-overflow in ../kernel/time/ntp.c:461:16 9223372036854775807 + 500 cannot be represented in type 'long' Call Trace: handle_overflow+0x171/0x1b0 second_overflow+0x2d6/0x500 accumulate_nsecs_to_secs+0x60/0x160 timekeeping_advance+0x1fe/0x890 update_wall_time+0x10/0x30 time_maxerror is unconditionally incremented and the result is checked against NTP_PHASE_LIMIT, but the increment itself can overflow, resulting in wrap-around to negative space. Before commit |
||
|
Thomas Gleixner
|
6fad54cc7a |
tick/broadcast: Move per CPU pointer access into the atomic section
commit 6881e75237a84093d0986f56223db3724619f26e upstream.
The recent fix for making the take over of the broadcast timer more
reliable retrieves a per CPU pointer in preemptible context.
This went unnoticed as compilers hoist the access into the non-preemptible
region where the pointer is actually used. But of course it's valid that
the compiler keeps it at the place where the code puts it which rightfully
triggers:
BUG: using smp_processor_id() in preemptible [00000000] code:
caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0
Move it to the actual usage site which is in a non-preemptible region.
Fixes: f7d43dd206e7 ("tick/broadcast: Make takeover of broadcast hrtimer reliable")
Reported-by: David Wang <00107082@163.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Tested-by: Yu Liao <liaoyu15@huawei.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/all/87ttg56ers.ffs@tglx
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit f54abf332a2bc0413cfa8bd6a8511f7aa99faea0)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
|
||
|
Yu Liao
|
3065612975 |
tick/broadcast: Make takeover of broadcast hrtimer reliable
commit f7d43dd206e7e18c182f200e67a8db8c209907fa upstream.
Running the LTP hotplug stress test on a aarch64 machine results in
rcu_sched stall warnings when the broadcast hrtimer was owned by the
un-plugged CPU. The issue is the following:
CPU1 (owns the broadcast hrtimer) CPU2
tick_broadcast_enter()
// shutdown local timer device
broadcast_shutdown_local()
...
tick_broadcast_exit()
clockevents_switch_state(dev, CLOCK_EVT_STATE_ONESHOT)
// timer device is not programmed
cpumask_set_cpu(cpu, tick_broadcast_force_mask)
initiates offlining of CPU1
take_cpu_down()
/*
* CPU1 shuts down and does not
* send broadcast IPI anymore
*/
takedown_cpu()
hotplug_cpu__broadcast_tick_pull()
// move broadcast hrtimer to this CPU
clockevents_program_event()
bc_set_next()
hrtimer_start()
/*
* timer device is not programmed
* because only the first expiring
* timer will trigger clockevent
* device reprogramming
*/
What happens is that CPU2 exits broadcast mode with force bit set, then the
local timer device is not reprogrammed and CPU2 expects to receive the
expired event by the broadcast IPI. But this does not happen because CPU1
is offlined by CPU2. CPU switches the clockevent device to ONESHOT state,
but does not reprogram the device.
The subsequent reprogramming of the hrtimer broadcast device does not
program the clockevent device of CPU2 either because the pending expiry
time is already in the past and the CPU expects the event to be delivered.
As a consequence all CPUs which wait for a broadcast event to be delivered
are stuck forever.
Fix this issue by reprogramming the local timer device if the broadcast
force bit of the CPU is set so that the broadcast hrtimer is delivered.
[ tglx: Massage comment and change log. Add Fixes tag ]
Fixes:
|
||
|
Michael Bestas
|
6be06baf80 |
Merge branch 'linux-4.14.y' of github.com:openela/kernel-lts into android-msm-pixel-4.14
* 'linux-4.14.y' of github.com:openela/kernel-lts:
LTS: Update to 4.14.348
docs: kernel_include.py: Cope with docutils 0.21
serial: kgdboc: Fix NMI-safety problems from keyboard reset code
btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
dm: limit the number of targets and parameter size area
Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
LTS: Update to 4.14.347
rds: Fix build regression.
RDS: IB: Use DEFINE_PER_CPU_SHARED_ALIGNED for rds_ib_stats
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
net: fix out-of-bounds access in ops_init
drm/vmwgfx: Fix invalid reads in fence signaled events
dyndbg: fix old BUG_ON in >control parser
tipc: fix UAF in error path
usb: gadget: f_fs: Fix a race condition when processing setup packets.
usb: gadget: composite: fix OS descriptors w_value logic
firewire: nosy: ensure user_length is taken into account when fetching packet contents
af_unix: Fix garbage collector racing against connect()
af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
net/ipv6: Refactor fib6_rule_action
net: bridge: fix corrupted ethernet header on multicast-to-unicast
net: bridge: use DEV_STATS_INC()
phonet: fix rtm_phonet_notify() skb allocation
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
tcp: remove redundant check on tskb
net:usb:qmi_wwan: support Rolling modules
fs/9p: drop inodes immediately on non-.L too
gpio: crystalcove: Use -ENOTSUPP consistently
gpio: wcove: Use -ENOTSUPP consistently
9p: explicitly deny setlease attempts
fs/9p: translate O_TRUNC into OTRUNC
fs/9p: only translate RWX permissions for plain 9P2000
selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior
scsi: target: Fix SELinux error when systemd-modules loads the target module
tools/power turbostat: Fix Bzy_MHz documentation typo
tools/power turbostat: Fix added raw MSR output
firewire: ohci: mask bus reset interrupts between ISR and bottom half
ata: sata_gemini: Check clk_enable() result
net: bcmgenet: Reset RBUF on first open
ALSA: line6: Zero-initialize message buffers
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
net: mark racy access on sk->sk_rcvbuf
wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
tipc: fix a possible memleak in tipc_buf_append
net: bridge: fix multicast-to-unicast with fraglist GSO
net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
net: dsa: mv88e6xxx: Fix name of switch 88E6141
net: dsa: mv88e6xxx: Add number of MACs in the ATU
net l2tp: drop flow hash on forward
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
bna: ensure the copied buf is NUL terminated
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
power: rt9455: hide unused rt9455_boost_voltage_values
pinctrl: core: delete incorrect free in pinctrl_enable()
ethernet: Add helper for assigning packet type when dest address does not match device address
ethernet: add a helper for assigning port addresses
net: create netdev->dev_addr assignment helpers
net: slightly optimize eth_type_trans
wifi: nl80211: don't free NULL coalescing rule
dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
dmaengine: pl330: issue_pending waits until WFP state
LTS: Update to 4.14.346
Simplify major/minor non-dynamic logic
net: fix unused variable warning in do_tcp_setsockopt()
serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
i2c: smbus: fix NULL function pointer dereference
i2c: add param sanity check to i2c_transfer()
idma64: Don't try to serve interrupts when device is powered off
mtd: diskonchip: work around ubsan link failure
stackdepot: respect __GFP_NOLOCKDEP allocation flag
net: b44: set pause params only when interface is up
irqchip/gic-v3-its: Prevent double free on error
arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together
tracing: Show size of requested perf buffer
Revert "crypto: api - Disallow identical driver names"
drm/amdgpu: validate the parameters of bo mapping operations more clearly
amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
drm/amdgpu: restrict bo mapping within gpu address limits
serial: mxs-auart: add spinlock around changing cts state
serial: core: Provide port lock wrappers
i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
ipvs: Fix checksumming on GSO of SCTP packets
bpf: fix bpf_skb_adjust_net/bpf_skb_proto_xlat to deal with gso sctp skbs
docs: segmentation-offloads.txt: add SCTP info
net: gtp: Fix Use-After-Free in gtp_dellink
net: usb: ax88179_178a: stop lying about skb->truesize
NFC: trf7970a: disable all regulators on removal
mlxsw: core: Unregister EMAD trap using FORWARD action
vxlan: drop packets from invalid src-address
ARC: [plat-hsdk]: Remove misplaced interrupt-cells property
arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma
arm64: dts: rockchip: fix alphabetical ordering RK3399 puma
nilfs2: fix OOB in nilfs_set_de_type
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
speakup: Avoid crash on very long word
usb: dwc2: host: Fix dereference issue in DDMA completion flow.
Revert "usb: cdc-wdm: close race between read and workqueue"
USB: serial: option: add Telit FN920C04 rmnet compositions
USB: serial: option: add Rolling RW101-GL and RW135-GL support
USB: serial: option: support Quectel EM060K sub-models
USB: serial: option: add Lonsung U8300/U9300 product
USB: serial: option: add support for Fibocom FM650/FG650
USB: serial: option: add Fibocom FM135-GL variants
serial/pmac_zilog: Remove flawed mitigation for rx irq flood
comedi: vmk80xx: fix incomplete endpoint checking
drm: nv04: Fix out of bounds access
tun: limit printing rate when illegal packet received by tun dev
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
netfilter: nf_tables: __nft_expr_type_get() selects specific family type
Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
kprobes: Fix possible use-after-free issue on kprobe registration
selftests/ftrace: Limit length in subsystem-enable tests
x86/apic: Force native_apic_mem_read() to use the MOV instruction
selftests: timers: Fix abs() warning in posix_timers test
vhost: Add smp_rmb() in vhost_vq_avail_empty()
tracing: hide unused ftrace_event_id_fops
net/mlx5: Properly link new fs rules into the tree
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
ipv4/route: avoid unused-but-set-variable warning
geneve: fix header validation in geneve[6]_xmit_skb
nouveau: fix function cast warning
Bluetooth: Fix memory leak in hci_req_sync_complete()
batman-adv: Avoid infinite loop trying to resize local TT
LTS: Update to 4.14.345
net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()
Revert "net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()"
netfilter: nftables: exthdr: fix 4-byte stack OOB write
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
Revert "ext4: fix to check return value of freeze_bdev() in ext4_shutdown()"
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Bluetooth: btintel: Fixe build regression
x86/mm/pat: fix VM_PAT handling in COW mappings
virtio: reenable config if freezing device failed
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
fbmon: prevent division by zero in fb_videomode_from_videomode()
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
tools: iio: replace seekdir() in iio_generic_buffer
block: prevent division by zero in blk_rq_stat_sum()
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
media: sta2x11: fix irq handler cast
isofs: handle CDs with bad root inode but good Joliet root directory
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
sysv: don't call sb_bread() with pointers_lock held
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
btrfs: send: handle path ref underflow in header iterate_inode_ref()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
arm64: dts: rockchip: fix rk3399 hdmi ports node
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
init: open /initrd.image with O_LARGEFILE
staging: vc04_services: fix information leak in create_component()
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: mmal-vchiq: Fix client_component for 64 bit kernel
staging: mmal-vchiq: Allocate and free components as required
staging: mmal-vchiq: Avoid use of bool in structures
ipv6: Fix infinite recursion in fib6_dump_done().
selftests: reuseaddr_conflict: add missing new line at the end of the output
net/sched: act_skbmod: prevent kernel-infoleak
net: stmmac: fix rx queue priority assignment
net: stmmac: Fix issues when number of Queues >= 4
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
netfilter: nf_tables: disallow timeout for anonymous sets
Bluetooth: Fix TOCTOU in HCI debugfs implementation
Bluetooth: hci_event: set the conn encrypted before conn establishes
tcp: properly terminate timers for kernel sockets
mptcp: add sk_stop_timer_sync helper
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
USB: core: Fix deadlock in usb_deauthorize_interface()
scsi: lpfc: Correct size for wqe for memset()
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
scsi: qla2xxx: Fix command flush on cable pull
usb: udc: remove warning when queue disabled ep
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: host: Fix hibernation flow
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
efivarfs: Request at most 512 bytes for variable names
perf/core: Fix reentry problem in perf_output_read_group()
loop: Call loop_config_discard() only after new config is applied
Revert "loop: Check for overflow while configuring loop"
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
btrfs: add define for oldest generation
printk: Update @console_may_schedule in console_trylock_spinning()
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
ALSA: aica: Fix a long-time build breakage
ALSA: sh: aica: Convert timers to use timer_setup()
usb: cdc-wdm: close race between read and workqueue
USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
mm/migrate: set swap entry values of THP tail pages properly.
mm/memory-failure: fix an incorrect use of tail pages
vt: fix memory overlapping when deleting chars in the buffer
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
usb: port: Don't try to peer unused USB ports based on location
usb: gadget: ncm: Fix handling of zero block length packets
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
netfilter: nf_tables: reject constant set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
comedi: comedi_test: Prevent timers rescheduling during deletion
ahci: asm1064: asm1166: don't limit reported ports
ahci: asm1064: correct count of reported ports
nilfs2: prevent kernel bug at submit_bh_wbc()
nilfs2: use a more common logging style
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
memtest: use {READ,WRITE}_ONCE in memory scanning
drm/vc4: hdmi: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
s390/zcrypt: fix reference counting on zcrypt card objects
soc: fsl: qbman: Use raw spinlock for cgr_lock
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
vfio/platform: Disable virqfds on cleanup
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
speakup: Fix 8bit characters from direct synth
ext4: fix corruption during on-line resize
hwmon: (amc6821) add of_match table
mmc: core: Fix switch on gp3 partition
dm-raid: fix lockdep waring in "pers->hot_add_disk"
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI: Drop pci_device_remove() test of pci_dev->driver
fuse: don't unhash root
mmc: tmio: avoid concurrent runs of mmc_request_done()
PM: sleep: wakeirq: fix wake irq warning in system suspend
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: add device ID for VeriFone adapter
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
powerpc/fsl: Fix mfpmr build errors with newer binutils
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
PM: suspend: Set mem_sleep_current during kernel command line setup
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix ip_fast_csum
parisc: Do not hardcode registers in checksum functions
ubi: correct the calculation of fastmap size
ubi: Check for too small LEB size in VTBL code
ubifs: Set page uptodate in the correct place
fat: fix uninitialized field in nostale filehandles
crypto: qat - resolve race condition during AER recovery
crypto: qat - fix double free during reset
sparc64: NMI watchdog: fix return value of __setup handler
KVM: Always flush async #PF workqueue when vCPU is being destroyed
media: xc4000: Fix atomicity violation in xc4000_get_frequency
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
ARM: dts: mmp2-brownstone: Don't redeclare phandle references
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
x86/bugs: Use sysfs_emit()
x86/pti: Don't report XenPV as vulnerable
x86/cpu: Support AMD Automatic IBRS
Documentation/hw-vuln: Update spectre doc
LTS: Update to 4.14.344
binder: signal epoll threads of self-work
ANDROID: binder: Add thread->process_todo flag.
scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
scsi: bnx2fc: Remove set but not used variable 'oxid'
net: check dev->gso_max_size in gso_features_check()
driver: staging: count ashmem_range into SLAB_RECLAIMBLE
net: warn if gso_type isn't set for a GSO SKB
staging: android: ashmem: Remove use of unlikely()
ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
ALSA: hda/realtek: Enable headset onLenovo M70/M90
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
ALSA: hda/realtek - ALC897 headset MIC no sound
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - The front Mic on a HP machine doesn't work
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
ALSA: hda/realtek - Add Headset Mic supported for HP cPC
ALSA: hda/realtek - More constifications
Add Acer Aspire Ethos 8951G model quirk
devcoredump: Send uevent once devcd is ready
devcoredump : Serialize devcd_del work
netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
netfilter: xt_owner: Add supplementary groups option
mtd: cfi_cmdset_0001: Byte swap OTP info
mtd: cfi_cmdset_0001: Support the absence of protection registers
s390/cmma: fix detection of DAT pages
s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
ALSA: hda/realtek: Headset Mic VREF to 100%
hfsplus: unmap the page in the "fail_page" label
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
ALSA: hda/realtek - Headset microphone and internal speaker support for System76 oryp5
ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup
ALSA: hda/realtek - Add support for ALC1220
hv_netvsc: Fix race of register_netdevice_notifier and VF register
hv_netvsc: use reciprocal divide to speed up percent calculation
pwm: sti: Reduce number of allocations and drop usage of chip_data
pwm: sti: Avoid conditional gotos
tools: iio: iio_generic_buffer ensure alignment
tools: iio: iio_generic_buffer: Fix some integer type and calculation
tools: iio: privatize globals and functions in iio_generic_buffer.c file
leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
ledtrig-cpu: Limit to 8 CPUs
leds: pwm: Don't disable the PWM when the LED should be off
leds: pwm: convert to atomic PWM API
leds: pwm: simplify if condition
regmap: debugfs: Fix a erroneous check after snprintf()
regmap: Allow missing device in regmap_name_read_file()
tcp_metrics: add missing barriers on delete
tcp: batch tcp_net_metrics_exit
tcp: fix excessive TLP and RACK timeouts from HZ rounding
tcp: Namespace-ify sysctl_tcp_early_retrans
net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
ata: libata-core: Do not register PM operations for SAS ports
libata: make ata_port_type const
libata: Add new med_power_with_dipm link_power_management_policy setting
ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q
ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
ALSA: hda: Add Intel NUC7i3BNB to the power_save blacklist
ext4: mark group as trimmed only if it was fully scanned
ext4: add new helper interface ext4_try_to_trim_range()
ext4: remove the 'group' parameter of ext4_trim_extent
scsi: qla2xxx: Remove unsupported ql2xenabledif option
scsi: qla2xxx: Add protection mask module parameters
scsi: qla2xxx: Add option for use reserve exch for ELS
scsi: qla2xxx: Reinstate module parameter ql2xenablemsix
scsi: lpfc: remove redundant null check on eqe
usb: typec: tcpci: clear the fault status bit
usb: typec: add fwnode to tcpc
staging: typec: fix endianness mismatch identified by sparse
staging: typec: tcpm: Document data structures
serial: sc16is7xx: fix broken port 0 uart init
sc16is7xx: Set iobase to device index
dlm: fix plock lookup when using multiple lockspaces
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
drm/tegra: Remove superfluous error messages around platform_get_irq()
ARM: dts: BCM53573: Drop nonexistent #usb-cells
ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
ath9k: use irqsave() in USB's complete callback
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
mwifiex: switch from 'pci_' to 'dma_' API
mwifiex: drop 'set_consistent_dma_mask' log message
bonding: fix macvlan over alb bond support
net: remove bond_slave_has_mac_rcu()
fbdev: fix potential OOB read in fast_imageblit()
fbdev: Fix sys_imageblit() for arbitrary image widths
fbdev: Improve performance of sys_imageblit()
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
MIPS: cpu-features: Enable octeon_cache by cpu_type
fs: dlm: fix mismatch of plock results from userspace
fs: dlm: use dlm_plock_info for do_unlock_close
fs: dlm: change plock interrupted message to debug again
fs: dlm: add pid to debug log
dlm: replace usage of found with dedicated list iterator variable
dlm: improve plock logging if interrupted
nfsd: Remove incorrect check in nfsd4_validate_stateid
nfsd4: kill warnings on testing stateids with mismatched clientids
mmc: meson-gx: remove redundant mmc_request_done() call from irq context
mmc: meson-gx: remove useless lock
PM: sleep: wakeirq: fix wake irq arming
PM / wakeirq: support enabling wake-up irq after runtime_suspend called
scsi: zfcp: Defer fc_rport blocking until after ADISC response
scsi: zfcp: workqueue: set description for port work items with their WWPN as context
btrfs: check for commit error at btrfs_attach_transaction_barrier()
btrfs: simplify IS_ERR/PTR_ERR checks
fs: dlm: interrupt posix locks only when process is killed
dlm: rearrange async condition return
dlm: cleanup plock_op vs plock_xop
ext4: Fix reusing stale buffer heads from last failed mounting
ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
tcp: annotate data-races around tp->linger2
net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
ceph: don't let check_caps skip sending responses for revoke msgs
ceph: define argument structure for handle_cap_grant
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
net: bcmgenet: Avoid calling platform_device_put() twice in bcmgenet_mii_exit()
net: tcp_input: Neaten DBGUNDO
i2c: xiic: Don't try to handle more interrupt events after error
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
i2c: xiic: Fix broken locking on tx_msg
i2c: xiic: Change code alignment to 1 space only
i2c: xiic: Add timeout to the rx fifo wait loop
i2c: xiic: Fix kerneldoc warnings
hwrng: virtio - Fix race on data_avail and actual data
hwrng: virtio - always add a pending request
hwrng: virtio - don't waste entropy
hwrng: virtio - don't wait on cleanup
hwrng: virtio - add an internal buffer
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
nfc: constify several pointers to u8, char and sk_buff
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
Documentation: fix little inconsistencies
usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling
net/rose: fix races in rose_kill_by_device()
reset: Fix crash when freeing non-existent optional resets
ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE
PCI: keystone: Don't discard .probe() callback
PCI: keystone: Don't discard .remove() callback
can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
can: dev: can_restart(): don't crash kernel if carrier is OK
r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1
xen-netback: use default TX queue size for vifs
MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller
sched/rt: pick_next_rt_entity(): check list_entry
regmap: Account for register length in SMBus I/O limits
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
PCI: qcom: Disable write access to read only registers for IP v2.3.3
pinctrl: amd: Only use special debounce behavior for GPIO 0
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
usb: fotg210-hcd: delete an incorrect bounds test
smb: client: fix OOB in smbCalcSize()
btrfs: do not allow non subvolume root targets for snapshot
pinctrl: at91-pio4: use dedicated lock class for IRQ
net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()
arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
IB/isert: Fix unaligned immediate-data handling
fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
smb3: fix touch -h of symlink
MIPS: KVM: Fix a build warning about variable set but not used
cifs: spnego: add ';' in HOST_KEY_LEN
macvlan: Don't propagate promisc change to lower dev in passthru
ppp: limit MRU to 64K
ptp: annotate data-race around q->head and q->tail
xen/events: fix delayed eoi list handling
tipc: Fix kernel-infoleak due to uninitialized TLV value
tty: Fix uninit-value access in ppp_sync_receive()
iio: exynos-adc: request second interupt only when touchscreen mode is used
selftests/ftrace: Add new test case which checks non unique symbol
media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling
block: fix signed int overflow in Amiga partition support
iio: addac: stx104: Fix race condition for stx104_write_raw()
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
btrfs: fix extent buffer leak after tree mod log failure at split_node()
pinctrl: amd: Detect internal GPIO0 debounce handling
ALSA: jack: Fix mutex call in snd_jack_report()
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
ARM: 9303/1: kprobes: avoid missing-declaration warnings
LTS: Update to 4.14.343
crypto: af_alg - Work around empty control messages without MSG_MORE
crypto: af_alg - Fix regression on empty requests
spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
net/bnx2x: Prevent access to a freed page in page_pool
hsr: Handle failures in module init
rds: introduce acquire/release ordering in acquire/release_in_xmit()
hsr: Fix uninit-value access in hsr_get_node()
net: hsr: fix placement of logical operator in a multi-line statement
usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
staging: greybus: fix get_channel_from_mode() failure path
serial: 8250_exar: Don't remove GPIO device on suspend
rtc: mt6397: select IRQ_DOMAIN instead of depending on it
rtc: mediatek: enhance the description for MediaTek PMIC based RTC
tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
serial: max310x: fix syntax error in IRQ error message
clk: qcom: gdsc: Add support to update GDSC transition delay
NFS: Fix an off by one in root_nfs_cat()
net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
scsi: csiostor: Avoid function pointer casts
ALSA: usb-audio: Stop parsing channels bits when all channels are found.
sparc32: Fix section mismatch in leon_pci_grpci
backlight: lp8788: Fully initialize backlight_properties during probe
backlight: lm3639: Fully initialize backlight_properties during probe
backlight: da9052: Fully initialize backlight_properties during probe
backlight: lm3630a: Don't set bl->props.brightness in get_brightness
backlight: lm3630a: Initialize backlight_properties on init
powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
media: go7007: fix a memleak in go7007_load_encoder
media: dvb-frontends: avoid stack overflow warnings with clang
media: pvrusb2: fix uaf in pvr2_context_set_notify
drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
crypto: arm/sha - fix function cast warnings
crypto: arm - Rename functions to avoid conflict with crypto/sha256.h
mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
drm/tegra: put drm_gem_object ref on error in tegra_fb_create
clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister()
PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
media: pvrusb2: fix pvr2_stream_callback casts
media: go7007: add check of return value of go7007_read_addr()
ALSA: seq: fix function cast warnings
drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
quota: Fix rcu annotations of inode dquot pointers
quota: Fix potential NULL pointer dereference
quota: simplify drop_dquot_ref()
quota: check time limit when back out space/inode change
fs/quota: erase unused but set variable warning
quota: code cleanup for __dquot_alloc_space()
clk: qcom: reset: Ensure write completion on reset de/assertion
clk: qcom: reset: Commonize the de/assert functions
clk: qcom: reset: support resetting multiple bits
clk: qcom: reset: Allow specifying custom reset delay
media: edia: dvbdev: fix a use-after-free
media: dvb-core: Fix use-after-free due to race at dvb_register_device()
media: dvbdev: convert DVB device types into an enum
media: dvbdev: fix error logic at dvb_register_device()
media: dvbdev: Fix memleak in dvb_register_device
media: media/dvb: Use kmemdup rather than duplicating its implementation
media: dvbdev: remove double-unlock
media: v4l2-tpg: fix some memleaks in tpg_alloc
media: em28xx: annotate unchecked call to media_device_register()
media: tc358743: register v4l2 async device only after successful setup
drm: Don't treat 0 as -1 in drm_fixp2int_ceil
drm/rockchip: inno_hdmi: Fix video timing
drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe()
drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
drm/tegra: dsi: Make use of the helper function dev_err_probe()
gpu: host1x: mipi: Update tegra_mipi_request() to be node based
drm/tegra: dsi: Add missing check for of_find_device_by_node
dm: call the resume method on internal suspend
dm raid: fix false positive for requeue needed during reshape
net/x25: fix incorrect parameter validation in the x25_getsockopt() function
net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function
tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
ipv6: fib6_rules: flush route cache when rule is changed
bpf: Fix stackmap overflow check on 32-bit arches
bpf: Fix hashtab overflow check on 32-bit arches
sr9800: Add check for usbnet_get_endpoints
Bluetooth: hci_core: Fix possible buffer overflow
Bluetooth: Remove superfluous call to hci_conn_check_pending()
igb: Fix missing time sync events
igb: move PEROUT and EXTTS isr logic to separate functions
mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function
SUNRPC: fix some memleaks in gssx_dec_option_array
x86, relocs: Ignore relocations in .notes section
ACPI: scan: Fix device check notification handling
ARM: dts: arm: realview: Fix development chip ROM compatible value
wifi: brcmsmac: avoid function pointer casts
iommu/amd: Mark interrupt as managed
bus: tegra-aconnect: Update dependency to ARCH_TEGRA
ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
sock_diag: annotate data-races around sock_diag_handlers[family]
sock_diag: request _diag module only when the family or proto has been registered
wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir()
wifi: b43: Disable QoS for bcm4331
wifi: b43: Stop correct queue in DMA worker when QoS is disabled
b43: main: Fix use true/false for bool type
wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
b43: dma: Fix use true/false for bool type variable
timekeeping: Fix cross-timestamp interpolation for non-x86
timekeeping: Fix cross-timestamp interpolation corner case decision
timekeeping: Fix cross-timestamp interpolation on counter wrap
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
md: Don't clear MD_CLOSING when the raid is about to stop
md: implement ->set_read_only to hook into BLKROSET processing
block: add a new set_read_only method
md: switch to ->check_events for media change notifications
fs/select: rework stack allocation hack for clang
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
crypto: algif_aead - Only wake up when ctx->more is zero
crypto: af_alg - make some functions static
ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
Input: gpio_keys_polled - suppress deferred probe error for gpio
firewire: core: use long bus reset on gap count error
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
dm-verity, dm-crypt: align "struct bvec_iter" correctly
block: sed-opal: handle empty atoms when parsing response
net/iucv: fix the allocation size of iucv_path_table array
MIPS: Clear Cause.BD in instruction_pointer_set
x86/xen: Add some null pointer checking to smp.c
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
xen/events: only register debug interrupt for 2-level events
LTS: Update to 4.14.342
selftests/vm: fix map_hugetlb length used for testing read and write
selftests/vm: fix display of page size in map_hugetlb
getrusage: use sig->stats_lock rather than lock_task_sighand()
getrusage: use __for_each_thread()
getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()
getrusage: add the "signal_struct *sig" local variable
hv_netvsc: use netif_is_bond_master() instead of open code
um: allow not setting extra rpaths in the linux binary
selftests: mm: fix map_hugetlb failure on 64K page size systems
tools/selftest/vm: allow choosing mem size and page size in map_hugetlb
netrom: Fix data-races around sysctl_net_busy_read
netrom: Fix a data-race around sysctl_netrom_link_fails_count
netrom: Fix a data-race around sysctl_netrom_routing_control
netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
netrom: Fix a data-race around sysctl_netrom_transport_timeout
netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
netrom: Fix a data-race around sysctl_netrom_default_path_quality
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
netfilter: nf_ct_h323: Extend nf_h323_error_boundary to work on bits as well
netfilter: nf_ct_h323: Convert CHECK_BOUND macro to function
netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack
netfilter: nf_conntrack_h323: Remove typedef struct
geneve: make sure to pull inner header in geneve_rx()
net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
net: move definition of pcpu_lstats to header file
net: lan78xx: fix runtime PM count underflow on link stop
lan78xx: Fix race conditions in suspend/resume handling
lan78xx: Fix partial packet errors on suspend/resume
lan78xx: Add missing return code checks
lan78xx: Fix white space and style issues
net: usb: lan78xx: Remove lots of set but unused 'ret' variables
net: usb: lan78xx: Disable interrupts before calling generic_handle_irq()
net: lan78xx: Allow for VLAN headers in timeout calcs
ip: validate header length on virtual device xmit
LTS: Update to 4.14.341
gpio: 74x164: Enable output pins after registers are reset
cachefiles: fix memory leak in cachefiles_add_cache()
mmc: core: Fix eMMC initialization with 1-bit bus connection
btrfs: dev-replace: properly validate device names
wifi: nl80211: reject iftype change with mesh ID change
gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
ALSA: Drop leftover snd-rtctimer stuff from Makefile
power: supply: bq27xxx-i2c: Do not free non existing IRQ
efi/capsule-loader: fix incorrect allocation size
Bluetooth: Enforce validation on max value of connection interval
Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
Bluetooth: Avoid potential use-after-free in hci_error_reset
net: usb: dm9601: fix wrong return value in dm9601_mdio_read
lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
Conflicts:
drivers/android/binder.c
drivers/block/loop.c
drivers/mmc/host/meson-gx-mmc.c
drivers/staging/typec/tcpm.h
drivers/usb/typec/tcpm/tcpm.c
fs/aio.c
fs/select.c
include/net/netns/ipv4.h
mm/page_alloc.c
net/core/filter.c
net/ipv4/sysctl_net_ipv4.c
net/ipv4/tcp_ipv4.c
sound/usb/stream.c
Change-Id: I90aff1a1b88379a959c6dda1c89e5efb48af5450
|
||
|
Peter Hilber
|
fabbb78782 |
timekeeping: Fix cross-timestamp interpolation for non-x86
[ Upstream commit 14274d0bd31b4debf28284604589f596ad2e99f2 ]
So far, get_device_system_crosststamp() unconditionally passes
system_counterval.cycles to timekeeping_cycles_to_ns(). But when
interpolating system time (do_interp == true), system_counterval.cycles is
before tkr_mono.cycle_last, contrary to the timekeeping_cycles_to_ns()
expectations.
On x86, CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE will mitigate on
interpolating, setting delta to 0. With delta == 0, xtstamp->sys_monoraw
and xtstamp->sys_realtime are then set to the last update time, as
implicitly expected by adjust_historical_crosststamp(). On other
architectures, the resulting nonsense xtstamp->sys_monoraw and
xtstamp->sys_realtime corrupt the xtstamp (ts) adjustment in
adjust_historical_crosststamp().
Fix this by deriving xtstamp->sys_monoraw and xtstamp->sys_realtime from
the last update time when interpolating, by using the local variable
"cycles". The local variable already has the right value when
interpolating, unlike system_counterval.cycles.
Fixes:
|
||
|
Peter Hilber
|
ed6452adf4 |
timekeeping: Fix cross-timestamp interpolation corner case decision
[ Upstream commit 87a41130881995f82f7adbafbfeddaebfb35f0ef ]
The cycle_between() helper checks if parameter test is in the open interval
(before, after). Colloquially speaking, this also applies to the counter
wrap-around special case before > after. get_device_system_crosststamp()
currently uses cycle_between() at the first call site to decide whether to
interpolate for older counter readings.
get_device_system_crosststamp() has the following problem with
cycle_between() testing against an open interval: Assume that, by chance,
cycles == tk->tkr_mono.cycle_last (in the following, "cycle_last" for
brevity). Then, cycle_between() at the first call site, with effective
argument values cycle_between(cycle_last, cycles, now), returns false,
enabling interpolation. During interpolation,
get_device_system_crosststamp() will then call cycle_between() at the
second call site (if a history_begin was supplied). The effective argument
values are cycle_between(history_begin->cycles, cycles, cycles), since
system_counterval.cycles == interval_start == cycles, per the assumption.
Due to the test against the open interval, cycle_between() returns false
again. This causes get_device_system_crosststamp() to return -EINVAL.
This failure should be avoided, since get_device_system_crosststamp() works
both when cycles follows cycle_last (no interpolation), and when cycles
precedes cycle_last (interpolation). For the case cycles == cycle_last,
interpolation is actually unneeded.
Fix this by changing cycle_between() into timestamp_in_interval(), which
now checks against the closed interval, rather than the open interval.
This changes the get_device_system_crosststamp() behavior for three corner
cases:
1. Bypass interpolation in the case cycles == tk->tkr_mono.cycle_last,
fixing the problem described above.
2. At the first timestamp_in_interval() call site, cycles == now no longer
causes failure.
3. At the second timestamp_in_interval() call site, history_begin->cycles
== system_counterval.cycles no longer causes failure.
adjust_historical_crosststamp() also works for this corner case,
where partial_history_cycles == total_history_cycles.
These behavioral changes should not cause any problems.
Fixes:
|
||
|
Peter Hilber
|
44b1502cbc |
timekeeping: Fix cross-timestamp interpolation on counter wrap
[ Upstream commit 84dccadd3e2a3f1a373826ad71e5ced5e76b0c00 ]
cycle_between() decides whether get_device_system_crosststamp() will
interpolate for older counter readings.
cycle_between() yields wrong results for a counter wrap-around where after
< before < test, and for the case after < test < before.
Fix the comparison logic.
Fixes:
|
||
|
Michael Bestas
|
ada634c3e0 |
Merge tag 'v4.14.340-openela' into android-msm-pixel-4.14
This is the 4.14.340 OpenELA-Extended LTS stable release
* tag 'v4.14.340-openela':
LTS: Update to 4.14.340
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
PCI/MSI: Prevent MSI hardware interrupt number truncation
s390: use the correct count for __iowrite64_copy()
packet: move from strlcpy with unused retval to strscpy
ipv6: sr: fix possible use-after-free and null-ptr-deref
nouveau: fix function cast warnings
scsi: jazz_esp: Only build if SCSI core is builtin
RDMA/srpt: fix function pointer cast warnings
RDMA/srpt: Support specifying the srpt_service_guid parameter
IB/hfi1: Fix a memleak in init_credit_return
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
l2tp: pass correct message length to ip6_append_data
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
dm-crypt: don't modify the data when using authenticated encryption
mm: memcontrol: switch to rcu protection in drain_all_stock()
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
virtio-blk: Ensure no requests in virtqueues before deleting vqs.
firewire: core: send bus reset promptly on gap count error
hwmon: (coretemp) Enlarge per package core count limit
regulator: pwm-regulator: Add validity checks in continuous .get_voltage
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
ahci: asm1166: correct count of reported ports
fbdev: sis: Error out if pixclock equals zero
fbdev: savage: Error out if pixclock equals zero
wifi: mac80211: fix race condition on enabling fast-xmit
wifi: cfg80211: fix missing interfaces when dumping
dmaengine: shdma: increase size of 'dev_id'
scsi: target: core: Add TMF to tmr_list handling
sched/rt: Disallow writing invalid values to sched_rt_period_us
sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
sched/rt: Fix sysctl_sched_rr_timeslice intial value
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()
net/sched: Retire dsmark qdisc
net/sched: Retire ATM qdisc
net/sched: Retire CBQ qdisc
LTS: Update to 4.14.339
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
lsm: new security_file_ioctl_compat() hook
nilfs2: fix potential bug in end_buffer_async_write
sched/membarrier: reduce the ability to hammer on sys_membarrier
Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
pmdomain: core: Move the unused cleanup to a _sync initcall
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
nfp: use correct macro for LengthSelect in BAR config
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
nilfs2: fix data corruption in dsync block recovery for small block sizes
ALSA: hda/conexant: Add quirk for SWS JS201D
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
staging: iio: ad5933: fix type mismatch regression
ext4: fix double-free of blocks due to wrong extents moved_len
xen-netback: properly sync TX responses
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
firewire: core: correct documentation of fw_csr_string() kernel API
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
usb: f_mass_storage: forbid async queue when shutdown happen
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
HID: wacom: Do not register input devices until after hid_hw_start
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
tracing/trigger: Fix to return error if failed to alloc snapshot
i40e: Fix waiting for queues of all VSIs to be disabled
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
net: sysfs: Fix /sys/class/net/<iface> path for statistics
Documentation: net-sysfs: describe missing statistics
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
spi: ppc4xx: Drop write-only variable
btrfs: send: return EOPNOTSUPP on unknown flags
vhost: use kzalloc() instead of kmalloc() followed by memset()
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
USB: serial: cp210x: add ID for IMST iM871A-USB
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
net/af_iucv: clean up a try_then_request_module()
netfilter: nft_compat: restrict match/target protocol to u16
netfilter: nft_compat: reject unused compat flag
ppp_async: limit MRU to 64K
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
inet: read sk->sk_family once in inet_recv_error()
hwmon: (aspeed-pwm-tacho) mutex for tach reading
atm: idt77252: fix a memleak in open_card_ubr0
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
bonding: remove print in bond_verify_device_path
HID: apple: Add 2021 magic keyboard FN key mapping
HID: apple: Add support for the 2021 Magic Keyboard
HID: apple: Swap the Fn and Left Control keys on Apple keyboards
net: sysfs: Fix /sys/class/net/<iface> path
af_unix: fix lockdep positive in sk_diag_dump_icons()
net: ipv4: fix a memleak in ip_setup_cork
net: Fix one possible memleak in ip_setup_cork
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
llc: call sock_orphan() at release time
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ixgbe: Refactor overtemp event handling
ixgbe: Remove non-inclusive language
net: remove unneeded break
scsi: isci: Fix an error code problem in isci_io_request_build()
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
ceph: fix deadlock or deadcode of misusing dget()
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
libsubcmd: Fix memory leak in uniq()
usb: hub: Replace hardcoded quirk value with BIT() macro
PCI: Only override AMD USB controller if required
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
um: net: Fix return type of uml_net_start_xmit()
um: Don't use vfprintf() for os_info()
um: Fix naming clash between UML and scheduler
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
media: ddbridge: fix an error code problem in ddb_probe
IB/ipoib: Fix mcast list locking
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
ALSA: hda: Intel: add HDA_ARL PCI ID support
ALSA: hda: Add Icelake PCI ID
PCI: add INTEL_HDA_ARL to pci_ids.h
media: stk1160: Fixed high volume of stk1160_dbg messages
drm/mipi-dsi: Fix detach call without attach
drm/framebuffer: Fix use of uninitialized variable
drm/drm_file: fix use of uninitialized variable
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
fast_dput(): handle underflows gracefully
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
md: Whenassemble the array, consult the superblock of the freshest device
ARM: dts: imx23/28: Fix the DMA controller node name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx1: Fix sram node
ARM: dts: imx27: Fix sram node
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: rockchip: fix rk3036 hdmi ports node
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
scsi: libfc: Don't schedule abort twice
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
ARM: dts: imx7s: Fix nand-controller #size-cells
ARM: dts: imx7s: Fix lcdif compatible
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
scsi: lpfc: Fix possible file string name overflow when updating firmware
ext4: unify the type of flexbg_size to unsigned int
SUNRPC: Fix a suspicious RCU usage warning
KVM: s390: fix setting of fpc register
s390/ptrace: handle setting of fpc register correctly
jfs: fix array-index-out-of-bounds in diNewExt
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
pstore/ram: Fix crash when setting number of cpus to an odd number
jfs: fix uaf in jfs_evict_inode
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix slab-out-of-bounds Read in dtSearch
UBSAN: array-index-out-of-bounds in dtSplitRoot
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
ACPI: extlog: fix NULL pointer dereference check
PNP: ACPI: fix fortify warning
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
audit: Send netlink ACK before setting connection in auditd_set
powerpc/lib: Validate size for vector operations
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
tick/sched: Preserve number of idle sleeps across CPU hotplug events
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
drm/bridge: nxp-ptn3460: simplify some error checking
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm: Don't unref the same fb many times by mistake due to deadlock handling
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
btrfs: don't warn if discard range is not aligned to sector
net: fec: fix the unhandled context fault from smmu
fjes: fix memleaks in fjes_hw_setup
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
net/mlx5e: fix a double-free in arfs_create_groups
net/mlx5: Use kfree(ft->g) in arfs_create_groups()
netlink: fix potential sleeping issue in mqueue_flush_file
tcp: Add memory barrier to tcp_push()
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
llc: Drop support for ETH_P_TR_802_2.
llc: make llc_ui_sendmsg() more robust against bonding changes
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
drivers: core: fix kernel-doc markup for dev_err_probe()
driver code: print symbolic error code
Revert "driver core: Annotate dev_err_probe() with __must_check"
driver core: Annotate dev_err_probe() with __must_check
x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum
powerpc: Use always instead of always-y in for crtsavres.o
block: Remove special-casing of compound pages
parisc/firmware: Fix F-extend for PDC addresses
rpmsg: virtio: Free driver_override when rpmsg_remove()
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
PM: hibernate: Enforce ordering during image compression/decompression
crypto: api - Disallow identical driver names
serial: sc16is7xx: add check for unsupported SPI modes during probe
spi: introduce SPI_MODE_X_MASK macro
driver core: add device probe log helper
serial: sc16is7xx: set safe default SPI clock frequency
units: add the HZ macros
units: change from 'L' to 'UL'
units: Add Watt units
include/linux/units.h: add helpers for kelvin to/from Celsius conversion
PCI: mediatek: Clear interrupt status before dispatching handler
LTS: Update to 4.14.338
crypto: scompress - initialize per-CPU variables on each CPU
Revert "NFSD: Fix possible sleep during nfsd4_release_lockowner()"
i2c: s3c24xx: fix transferring more than one message in polling mode
i2c: s3c24xx: fix read transfers in polling mode
kdb: Fix a potential buffer overflow in kdb_local()
kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ
ipvs: avoid stat macros calls from preemptible context
net: ravb: Fix dma_addr_t truncation in error case
serial: imx: Correct clock error message in function probe()
apparmor: avoid crash when parsed profile name is empty
MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()
MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()
HID: wacom: Correct behavior when processing some confidence == false touches
wifi: mwifiex: configure BSSID consistently when starting AP
wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code
fbdev: flush deferred work in fb_deferred_io_fsync()
ALSA: oxygen: Fix right channel of capture volume mixer
usb: mon: Fix atomicity violation in mon_bin_vma_fault
usb: chipidea: wait controller resume finished for wakeup irq
usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug
binder: fix unused alloc->free_async_space
binder: fix race between mmput() and do_exit()
xen-netback: don't produce zero-size SKB frags
Input: atkbd - use ab83 as id when skipping the getid command
binder: fix async space check for 0-sized buffers
watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
watchdog: set cdev owner before adding
gpu/drm/radeon: fix two memleaks in radeon_vm_init
drivers/amd/pm: fix a use-after-free in kv_parse_power_table
drm/amd/pm: fix a double-free in si_dpm_init
media: dvbdev: drop refcount on error path in dvb_device_open()
media: cx231xx: fix a memleak in cx231xx_init_isoc
drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
drm/radeon/dpm: fix a memleak in sumo_parse_power_table
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
drm/drv: propagate errors from drm_modeset_register_all()
drm/msm/mdp4: flush vblank event on disable
ASoC: cs35l34: Fix GPIO name and drop legacy include
ASoC: cs35l33: Fix GPIO name and drop legacy include
drm/radeon: check return value of radeon_ring_lock()
drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
f2fs: fix to avoid dirent corruption
drm/bridge: Fix typo in post_disable() description
media: pvrusb2: fix use after free on context disconnection
RDMA/usnic: Silence uninitialized symbol smatch warnings
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
Bluetooth: Fix bogus check for re-auth no supported with non-ssp
wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
rtlwifi: rtl8192de: make arrays static const, makes object smaller
wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
wifi: rtlwifi: add calculate_bit_shift()
wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior
rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift
firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
net/ncsi: Fix netlink major/minor version numbers
ncsi: internal.h: Fix a spello
wifi: libertas: stop selecting wext
bpf, lpm: Fix check prefixlen before walking trie
NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
crypto: scomp - fix req->dst buffer overflow
crypto: scompress - Use per-CPU struct instead multiple variables
crypto: scompress - return proper error code for allocation failure
crypto: sahara - do not resize req->src when doing hash operations
crypto: sahara - fix processing hash requests with req->nbytes < sg->length
crypto: sahara - improve error handling in sahara_sha_process()
crypto: sahara - fix wait_for_completion_timeout() error handling
crypto: sahara - fix ahash reqsize
crypto: virtio - Wait for tasklet to complete on device remove
pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
crypto: sahara - fix error handling in sahara_hw_descriptor_create()
crypto: sahara - fix processing requests with cryptlen < sg->length
crypto: sahara - fix ahash selftest failure
crypto: sahara - remove FLAGS_NEW_KEY logic
crypto: af_alg - Disallow multiple in-flight AIO requests
crypto: ccp - fix memleak in ccp_init_dm_workarea
crypto: virtio - Handle dataq logic with tasklet
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
calipso: fix memory leak in netlbl_calipso_add_pass()
netlabel: remove unused parameter in netlbl_netlink_auditinfo()
net: netlabel: Fix kerneldoc warnings
ACPI: video: check for error while searching for backlight device parent
mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response
powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
powerpc/powernv: Add a null pointer check in opal_event_init()
selftests/powerpc: Fix error handling in FPU/VMX preemption tests
powerpc/pseries/memhp: Fix access beyond end of drmem array
powerpc/pseries/memhotplug: Quieten some DLPAR operations
powerpc/44x: select I2C for CURRITUCK
powerpc: remove redundant 'default n' from Kconfig-s
powerpc: add crtsavres.o to always-y instead of extra-y
EDAC/thunderx: Fix possible out-of-bounds string access
x86/lib: Fix overflow when counting digits
coresight: etm4x: Fix width of CCITMIN field
uio: Fix use-after-free in uio_open
binder: fix comment on binder_alloc_new_buf() return value
drm/crtc: fix uninitialized variable use
Input: xpad - add Razer Wolverine V2 support
ARC: fix spare error
s390/scm: fix virtual vs physical address confusion
Input: atkbd - skip ATKBD_CMD_GETID in translated mode
reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
tracing: Add size check when printing trace_marker output
tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
jbd2: correct the printing of write_flags in jbd2_write_superblock()
clk: rockchip: rk3128: Fix HCLK_OTG gate register
drm/exynos: fix a potential error pointer dereference
ASoC: da7219: Support low DC impedance headset
net/tg3: fix race condition in tg3_reset_task()
ASoC: rt5650: add mutex to avoid the jack detection failure
ASoC: cs43130: Fix incorrect frame delay configuration
ASoC: cs43130: Fix the position of const qualifier
f2fs: explicitly null-terminate the xattr list
LTS: Update to 4.14.337
ipv6: remove max_size check inline with ipv4
ipv6: make ip6_rt_gc_expire an atomic_t
net/dst: use a smaller percpu_counter batch for dst entries accounting
net: add a route cache full diagnostic message
netfilter: nf_tables: Reject tables of unsupported family
fuse: nlookup missing decrement in fuse_direntplus_link
mm: fix unmap_mapping_range high bits shift bug
mm/memory-failure: check the mapcount of the precise page
bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
asix: Add check for usbnet_get_endpoints
net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues
net/qla3xxx: switch from 'pci_' to 'dma_' API
LTS: create metadata for 4.14.y
Conflicts:
drivers/android/binder_alloc.c
drivers/infiniband/ulp/srpt/ib_srpt.c
drivers/usb/core/hub.c
fs/aio.c
fs/f2fs/namei.c
kernel/power/swap.c
Change-Id: Ic871768afdde4511ca7dee3006c33c7d4607e280
|
||
|
Tim Chen
|
fd36c0072c |
tick/sched: Preserve number of idle sleeps across CPU hotplug events
commit 9a574ea9069be30b835a3da772c039993c43369b upstream.
Commit 71fee48f ("tick-sched: Fix idle and iowait sleeptime accounting vs
CPU hotplug") preserved total idle sleep time and iowait sleeptime across
CPU hotplug events.
Similar reasoning applies to the number of idle calls and idle sleeps to
get the proper average of sleep time per idle invocation.
Preserve those fields too.
Fixes: 71fee48f ("tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug")
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240122233534.3094238-1-tim.c.chen@linux.intel.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 7c0fdf4485c7bb02a1c7d7a4a68c3686d6ac5d53)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
|
||
|
Heiko Carstens
|
e3ff741c08 |
tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug
commit 71fee48fb772ac4f6cfa63dbebc5629de8b4cc09 upstream. When offlining and onlining CPUs the overall reported idle and iowait times as reported by /proc/stat jump backward and forward: cpu 132 0 176 225249 47 6 6 21 0 0 cpu0 80 0 115 112575 33 3 4 18 0 0 cpu1 52 0 60 112673 13 3 1 2 0 0 cpu 133 0 177 226681 47 6 6 21 0 0 cpu0 80 0 116 113387 33 3 4 18 0 0 cpu 133 0 178 114431 33 6 6 21 0 0 <---- jump backward cpu0 80 0 116 114247 33 3 4 18 0 0 cpu1 52 0 61 183 0 3 1 2 0 0 <---- idle + iowait start with 0 cpu 133 0 178 228956 47 6 6 21 0 0 <---- jump forward cpu0 81 0 117 114929 33 3 4 18 0 0 Reason for this is that get_idle_time() in fs/proc/stat.c has different sources for both values depending on if a CPU is online or offline: - if a CPU is online the values may be taken from its per cpu tick_cpu_sched structure - if a CPU is offline the values are taken from its per cpu cpustat structure The problem is that the per cpu tick_cpu_sched structure is set to zero on CPU offline. See tick_cancel_sched_timer() in kernel/time/tick-sched.c. Therefore when a CPU is brought offline and online afterwards both its idle and iowait sleeptime will be zero, causing a jump backward in total system idle and iowait sleeptime. In a similar way if a CPU is then brought offline again the total idle and iowait sleeptimes will jump forward. It looks like this behavior was introduced with commit |
||
|
Michael Bestas
|
4b1f3533e2 |
Merge tag 'ASB-2023-09-05_4.14-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.14
https://source.android.com/docs/security/bulletin/2023-09-01 * tag 'ASB-2023-09-05_4.14-stable' of https://android.googlesource.com/kernel/common: Linux 4.14.325 Revert "ARM: ep93xx: fix missing-prototype warnings" Revert "MIPS: Alchemy: fix dbdma2" Linux 4.14.324 dma-buf/sw_sync: Avoid recursive lock during fence signal scsi: core: raid_class: Remove raid_component_add() scsi: snic: Fix double free in snic_tgt_create() rtnetlink: Reject negative ifindexes in RTM_NEWLINK x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 media: vcodec: Fix potential array out-of-bounds in encoder queue_setup lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels batman-adv: Fix batadv_v_ogm_aggr_send memory leak batman-adv: Fix TT global entry leak when client roamed back batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Trigger events for auto adjusted MTU ibmveth: Use dcbf rather than dcbfl ipvs: fix racy memcpy in proc_do_sync_threshold ipvs: Improve robustness to the ipvs sysctl igb: Avoid starting unnecessary workqueues sock: annotate data-races around prot->memory_pressure tracing: Fix memleak due to race between current_tracer and trace net: phy: broadcom: stub c45 read/write for 54810 net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled af_unix: Fix null-ptr-deref in unix_stream_sendpage(). ASoC: rt5665: add missed regulator_bulk_disable netfilter: set default timeout to 3 secs for sctp shutdown send and recv state test_firmware: prevent race conditions by a correct implementation of locking binder: fix memory leak in binder_init() serial: 8250: Fix oops for port->pm on uart_change_pm() mmc: wbsd: fix double mmc_free_host() in wbsd_init() cifs: Release folio lock on fscache read hit. ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. net: do not allow gso_size to be set to GSO_BY_FRAGS sock: Fix misuse of sk_under_memory_pressure() i40e: fix misleading debug logs team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves netfilter: nft_dynset: disallow object maps xfrm: add NULL check in xfrm_update_ae_params ip_vti: fix potential slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 net: af_key: fix sadb_x_filter validation net: xfrm: Fix xfrm_address_filter OOB read fbdev: mmp: fix value check in mmphw_probe() drm/amdgpu: Fix potential fence use-after-free v2 Bluetooth: L2CAP: Fix use-after-free pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() gfs2: Fix possible data races in gfs2_show_options() media: platform: mediatek: vpu: fix NULL ptr dereference media: v4l2-mem2mem: add lock to protect parameter num_rdy FS: JFS: Check for read-only mounted filesystem in txBegin FS: JFS: Fix null-ptr-deref Read in txBegin MIPS: dec: prom: Address -Warray-bounds warning fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev udf: Fix uninitialized array access for some pathnames quota: fix warning in dqgrab() quota: Properly disable quotas when add_dquot_ref() fails ALSA: emu10k1: roll up loops in DSP setup code for Audigy drm/radeon: Fix integer overflow in radeon_cs_parser_init lib/mpi: Eliminate unused umul_ppmm definitions for MIPS UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Linux 4.14.323 alpha: remove __init annotation from exported page_is_ram() scsi: core: Fix possible memory leak if device_add() fails scsi: snic: Fix possible memory leak if device_add() fails scsi: 53c700: Check that command slot is not NULL scsi: storvsc: Fix handling of virtual Fibre Channel timeouts scsi: core: Fix legacy /proc parsing buffer overflow netfilter: nf_tables: report use refcount overflow btrfs: don't stop integrity writeback too early IB/hfi1: Fix possible panic during hotplug remove drivers: net: prevent tun_build_skb() to exceed the packet size limit dccp: fix data-race around dp->dccps_mss_cache bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves net/packet: annotate data-races around tp->status drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes x86: Move gds_ucode_mitigated() declaration to header x86/mm: Fix VDSO and VVAR placement on 5-level paging machines usb: dwc3: Properly handle processing of pending events usb-storage: alauda: Fix uninit-value in alauda_check_media() iio: cros_ec: Fix the allocation size for cros_ec_command test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput radix tree test suite: fix incorrect allocation size for pthreads dmaengine: pl330: Return DMA_PAUSED when transaction is paused ipv6: adjust ndisc_is_useropt() to also return true for PIO mmc: moxart: read scr register without changing byte order sparc: fix up arch_cpu_finalize_init() build breakage. Linux 4.14.322 drm/edid: fix objtool warning in drm_cvt_modes() mtd: rawnand: omap_elm: Fix incorrect type in assignment test_firmware: fix a memory leak with reqs buffer ext2: Drop fragment support net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb fs/sysv: Null check to prevent null-ptr-deref bug USB: zaurus: Add ID for A-300/B-500/C-700 libceph: fix potential hang in ceph_osdc_notify() loop: Select I/O scheduler 'none' from inside add_disk() tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen tcp_metrics: annotate data-races around tm->tcpm_net tcp_metrics: annotate data-races around tm->tcpm_vals[] tcp_metrics: annotate data-races around tm->tcpm_lock tcp_metrics: annotate data-races around tm->tcpm_stamp tcp_metrics: fix addr_same() helper ip6mr: Fix skb_under_panic in ip6mr_cache_report() net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free net: add missing data-race annotation for sk_ll_usec net: add missing data-race annotations around sk->sk_peek_off perf test uprobe_from_different_cu: Skip if there is no gcc net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() word-at-a-time: use the same return type for has_zero regardless of endianness perf: Fix function pointer case net/sched: cls_u32: Fix reference counter leak leading to overflow net/sched: sch_qfq: account for stab overhead in qfq_enqueue net/sched: cls_fw: Fix improper refcount update leads to use-after-free drm/client: Fix memory leak in drm_client_target_cloned dm cache policy smq: ensure IO doesn't prevent cleaner policy progress ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register s390/dasd: fix hanging device after quiesce/resume irq-bcm6345-l1: Do not assume a fixed block to cpu mapping tpm_tis: Explicitly check for error code hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group usb: xhci-mtk: set the dma max_seg_size usb: ohci-at91: Fix the unhandle interrupt when resume can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED USB: serial: simple: sort driver entries USB: serial: simple: add Kaufmann RKS+CAN VCP USB: serial: option: add Quectel EC200A module support USB: serial: option: support Quectel EM060K_128 tracing: Fix warning in trace_buffered_event_disable() ring-buffer: Fix wrong stat of cpu_buffer->read ata: pata_ns87415: mark ns87560_tf_read static dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths block: Fix a source code comment in include/uapi/linux/blkzoned.h ASoC: fsl_spdif: Silence output on stop benet: fix return value check in be_lancer_xmit_workarounds() platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 team: reset team's flags when down link is P2P device bonding: reset bond's flags when down link is P2P device tcp: Reduce chance of collisions in inet6_hashfn(). ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address ethernet: atheros: fix return value check in atl1e_tso_csum() i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() gpio: tps68470: Make tps68470_gpio_output() always set the initial value tcp: annotate data-races around fastopenq.max_qlen tcp: annotate data-races around tp->notsent_lowat tcp: annotate data-races around rskq_defer_accept netfilter: nf_tables: fix spurious set element insertion failure llc: Don't drop packet from non-root netns. fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() pinctrl: amd: Use amd_pinconf_set() for all config options fbdev: imxfb: warn about invalid left/right margin spi: bcm63xx: fix max prepend length igb: Fix igb_down hung on surprise removal wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() bpf: Address KCSAN report on bpf_lru_list sched/fair: Don't balance task to its current running CPU posix-timers: Ensure timer ID search-loop limit is valid md/raid10: prevent soft lockup while flush writes md: fix data corruption for raid456 when reshape restart while grow up nbd: Add the maximum limit of allocated index in nbd_dev_add debugobjects: Recheck debug_objects_enabled before reporting ext4: correct inline offset when handling xattrs in inode body can: bcm: Fix UAF in bcm_proc_show() fuse: revalidate: don't invalidate if interrupted perf probe: Add test for regression introduced by switch to die_get_decl_file() serial: atmel: don't enable IRQs prematurely scsi: qla2xxx: Pointer may be dereferenced scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Wait for io return on terminate rport xtensa: ISS: fix call to split_if_spec ring-buffer: Fix deadloop issue on reading trace_pipe tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Revert "8250: add support for ASIX devices with a FIFO bug" meson saradc: fix clock divider mask length hwrng: imx-rngc - fix the timeout for init and self check fs: dlm: return positive pid value for F_GETLK md/raid0: add discard support for the 'original' layout misc: pci_endpoint_test: Re-init completion for every test PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 jfs: jfs_dmap: Validate db_l2nbperpage while mounting ext4: only update i_reserved_data_blocks on successful block allocation ext4: fix wrong unit use in ext4_mb_clear_bb perf intel-pt: Fix CYC timestamps after standalone CBR SUNRPC: Fix UAF in svc_tcp_listen_data_ready() tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation net/sched: make psched_mtu() RTNL-less safe wifi: airo: avoid uninitialized warning in airo_get_rate() ipv6/addrconf: fix a potential refcount underflow for idev NTB: ntb_transport: fix possible memory leak while device_register() fails ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: idt: Fix error handling in idt_pci_driver_init() udp6: fix udp6_ehashfn() typo net: mvneta: fix txq_map in case of txq_number==1 workqueue: clean up WORK_* constant types, clarify masking netfilter: nf_tables: prevent OOB access in nft_byteorder_eval netfilter: conntrack: Avoid nf_ct_helper_hash uses after free netfilter: nf_tables: unbind non-anonymous set if rule construction fails netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE spi: spi-fsl-spi: allow changing bits_per_word while CS is still active spi: spi-fsl-spi: relax message sanity checking a little spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg ARM: orion5x: fix d2net gpio initialization btrfs: fix race when deleting quota root from the dirty cow roots list jffs2: reduce stack usage in jffs2_build_xattr_subsystem() integrity: Fix possible multiple allocation in integrity_inode_get() mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M mmc: core: disable TRIM on Kingston EMMC04G-M627 NFSD: add encoding of op_recall flag for write delegation sh: dma: Fix DMA channel offset calculation net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX tcp: annotate data races in __tcp_oow_rate_limited() net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Add MODULE_FIRMWARE() for FIRMWARE_TG357766. sctp: fix potential deadlock on &net->sctp.addr_wq_lock rtc: st-lpc: Release some resources in st_rtc_probe() in case of error mfd: stmpe: Only disable the regulators if they are enabled mfd: intel-lpss: Add missing check for platform_get_resource mfd: rt5033: Drop rt5033-battery sub-device usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() extcon: Fix kernel doc of property capability fields to avoid warnings extcon: Fix kernel doc of property fields to avoid warnings media: usb: siano: Fix warning due to null work_func_t function pointer media: videodev2.h: Fix struct v4l2_input tuner index comment media: usb: Check az6007_read() return value sh: j2: Use ioremap() to translate device tree address into kernel memory w1: fix loop in w1_fini() block: change all __u32 annotations to __be32 in affs_hardblocks.h USB: serial: option: add LARA-R6 01B PIDs modpost: fix off by one in is_executable_section() modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} modpost: fix section mismatch message for R_ARM_ABS32 crypto: nx - fix build warnings when DEBUG_FS is not enabled pinctrl: at91-pio4: check return value of devm_kasprintf() perf dwarf-aux: Fix off-by-one in die_get_varname() pinctrl: cherryview: Return correct value if pin in push-pull mode PCI: Add pci_clear_master() stub for non-CONFIG_PCI scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer drm/radeon: fix possible division-by-zero errors fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() soc/fsl/qe: fix usb.c build errors ASoC: es8316: Increment max value for ALC Capture Target Volume control ARM: ep93xx: fix missing-prototype warnings drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Input: adxl34x - do not hardcode interrupt trigger type ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Input: drv260x - sleep between polling GO bit radeon: avoid double free in ci_dpm_init() netlink: Add __sock_i_ino() for __netlink_diag_dump(). netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. lib/ts_bm: reset initial match offset for every block of text gtp: Fix use-after-free in __gtp_encap_destroy(). netlink: do not hard code device address lenth in fdb dumps netlink: fix potential deadlock in netlink_set_err() wifi: ath9k: convert msecs to jiffies where needed wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() memstick r592: make memstick_debug_get_tpc_name() static kexec: fix a memory leak in crash_shrink_memory() watchdog/perf: more properly prevent false positives with turbo modes watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes wifi: ray_cs: Fix an error handling path in ray_probe() wifi: wl3501_cs: Fix an error handling path in wl3501_probe() wifi: atmel: Fix an error handling path in atmel_probe() wifi: orinoco: Fix an error handling path in orinoco_cs_probe() wifi: orinoco: Fix an error handling path in spectrum_cs_probe() wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation evm: Complete description of evm_inode_setattr() PM: domains: fix integer overflow issues in genpd_parse_state() md/raid10: fix io loss while replacement replace rdev md/raid10: fix wrong setting of max_corr_read_errors md/raid10: fix overflow of md/safe_mode_delay treewide: Remove uninitialized_var() usage drm/amdgpu: Validate VM ioctl flags. scripts/tags.sh: Resolve gtags empty index generation drm/edid: Fix uninitialized variable in drm_cvt_modes() fbdev: imsttfb: Fix use after free bug in imsttfb_probe x86/smp: Use dedicated cache-line for mwait_play_dead() x86/microcode/AMD: Load late on both threads too gfs2: Don't deref jdesc in evict Linux 4.14.321 x86: fix backwards merge of GDS/SRSO bit xen/netback: Fix buffer overrun triggered by unusual packet Documentation/x86: Fix backwards on/off logic about YMM support x86/xen: Fix secondary processors' FPU initialization KVM: Add GDS_NO support to KVM x86/speculation: Add Kconfig option for GDS x86/speculation: Add force option to GDS mitigation x86/speculation: Add Gather Data Sampling mitigation x86/fpu: Move FPU initialization into arch_cpu_finalize_init() x86/fpu: Mark init functions __init x86/fpu: Remove cpuinfo argument from init functions init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() init: Invoke arch_cpu_finalize_init() earlier init: Remove check_bugs() leftovers um/cpu: Switch to arch_cpu_finalize_init() sparc/cpu: Switch to arch_cpu_finalize_init() sh/cpu: Switch to arch_cpu_finalize_init() mips/cpu: Switch to arch_cpu_finalize_init() m68k/cpu: Switch to arch_cpu_finalize_init() ia64/cpu: Switch to arch_cpu_finalize_init() ARM: cpu: Switch to arch_cpu_finalize_init() x86/cpu: Switch to arch_cpu_finalize_init() init: Provide arch_cpu_finalize_init() Conflicts: drivers/block/loop.c drivers/usb/dwc3/gadget.c Change-Id: I992e9302cd013f55616a3158f5227b263e1c322d |
||
|
Greg Kroah-Hartman
|
fce78edbb4 |
Merge 4.14.322 into android-4.14-stable
Changes in 4.14.322
gfs2: Don't deref jdesc in evict
x86/microcode/AMD: Load late on both threads too
x86/smp: Use dedicated cache-line for mwait_play_dead()
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
drm/edid: Fix uninitialized variable in drm_cvt_modes()
scripts/tags.sh: Resolve gtags empty index generation
drm/amdgpu: Validate VM ioctl flags.
treewide: Remove uninitialized_var() usage
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix io loss while replacement replace rdev
PM: domains: fix integer overflow issues in genpd_parse_state()
evm: Complete description of evm_inode_setattr()
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: atmel: Fix an error handling path in atmel_probe()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
watchdog/perf: more properly prevent false positives with turbo modes
kexec: fix a memory leak in crash_shrink_memory()
memstick r592: make memstick_debug_get_tpc_name() static
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
wifi: ath9k: convert msecs to jiffies where needed
netlink: fix potential deadlock in netlink_set_err()
netlink: do not hard code device address lenth in fdb dumps
gtp: Fix use-after-free in __gtp_encap_destroy().
lib/ts_bm: reset initial match offset for every block of text
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
netlink: Add __sock_i_ino() for __netlink_diag_dump().
radeon: avoid double free in ci_dpm_init()
Input: drv260x - sleep between polling GO bit
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: adxl34x - do not hardcode interrupt trigger type
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
ARM: ep93xx: fix missing-prototype warnings
ASoC: es8316: Increment max value for ALC Capture Target Volume control
soc/fsl/qe: fix usb.c build errors
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
drm/radeon: fix possible division-by-zero errors
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
pinctrl: cherryview: Return correct value if pin in push-pull mode
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: at91-pio4: check return value of devm_kasprintf()
crypto: nx - fix build warnings when DEBUG_FS is not enabled
modpost: fix section mismatch message for R_ARM_ABS32
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
modpost: fix off by one in is_executable_section()
USB: serial: option: add LARA-R6 01B PIDs
block: change all __u32 annotations to __be32 in affs_hardblocks.h
w1: fix loop in w1_fini()
sh: j2: Use ioremap() to translate device tree address into kernel memory
media: usb: Check az6007_read() return value
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: siano: Fix warning due to null work_func_t function pointer
extcon: Fix kernel doc of property fields to avoid warnings
extcon: Fix kernel doc of property capability fields to avoid warnings
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
mfd: rt5033: Drop rt5033-battery sub-device
mfd: intel-lpss: Add missing check for platform_get_resource
mfd: stmpe: Only disable the regulators if they are enabled
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
tcp: annotate data races in __tcp_oow_rate_limited()
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
sh: dma: Fix DMA channel offset calculation
NFSD: add encoding of op_recall flag for write delegation
mmc: core: disable TRIM on Kingston EMMC04G-M627
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
integrity: Fix possible multiple allocation in integrity_inode_get()
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
btrfs: fix race when deleting quota root from the dirty cow roots list
ARM: orion5x: fix d2net gpio initialization
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
spi: spi-fsl-spi: relax message sanity checking a little
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
workqueue: clean up WORK_* constant types, clarify masking
net: mvneta: fix txq_map in case of txq_number==1
udp6: fix udp6_ehashfn() typo
ntb: idt: Fix error handling in idt_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: ntb_transport: fix possible memory leak while device_register() fails
ipv6/addrconf: fix a potential refcount underflow for idev
wifi: airo: avoid uninitialized warning in airo_get_rate()
net/sched: make psched_mtu() RTNL-less safe
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
perf intel-pt: Fix CYC timestamps after standalone CBR
ext4: fix wrong unit use in ext4_mb_clear_bb
ext4: only update i_reserved_data_blocks on successful block allocation
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
misc: pci_endpoint_test: Re-init completion for every test
md/raid0: add discard support for the 'original' layout
fs: dlm: return positive pid value for F_GETLK
hwrng: imx-rngc - fix the timeout for init and self check
meson saradc: fix clock divider mask length
Revert "8250: add support for ASIX devices with a FIFO bug"
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
ring-buffer: Fix deadloop issue on reading trace_pipe
xtensa: ISS: fix call to split_if_spec
scsi: qla2xxx: Wait for io return on terminate rport
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Pointer may be dereferenced
serial: atmel: don't enable IRQs prematurely
perf probe: Add test for regression introduced by switch to die_get_decl_file()
fuse: revalidate: don't invalidate if interrupted
can: bcm: Fix UAF in bcm_proc_show()
ext4: correct inline offset when handling xattrs in inode body
debugobjects: Recheck debug_objects_enabled before reporting
nbd: Add the maximum limit of allocated index in nbd_dev_add
md: fix data corruption for raid456 when reshape restart while grow up
md/raid10: prevent soft lockup while flush writes
posix-timers: Ensure timer ID search-loop limit is valid
sched/fair: Don't balance task to its current running CPU
bpf: Address KCSAN report on bpf_lru_list
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
igb: Fix igb_down hung on surprise removal
spi: bcm63xx: fix max prepend length
fbdev: imxfb: warn about invalid left/right margin
pinctrl: amd: Use amd_pinconf_set() for all config options
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
llc: Don't drop packet from non-root netns.
netfilter: nf_tables: fix spurious set element insertion failure
tcp: annotate data-races around rskq_defer_accept
tcp: annotate data-races around tp->notsent_lowat
tcp: annotate data-races around fastopenq.max_qlen
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
ethernet: atheros: fix return value check in atl1e_tso_csum()
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
tcp: Reduce chance of collisions in inet6_hashfn().
bonding: reset bond's flags when down link is P2P device
team: reset team's flags when down link is P2P device
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
benet: fix return value check in be_lancer_xmit_workarounds()
ASoC: fsl_spdif: Silence output on stop
block: Fix a source code comment in include/uapi/linux/blkzoned.h
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
ata: pata_ns87415: mark ns87560_tf_read static
ring-buffer: Fix wrong stat of cpu_buffer->read
tracing: Fix warning in trace_buffered_event_disable()
USB: serial: option: support Quectel EM060K_128
USB: serial: option: add Quectel EC200A module support
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: simple: sort driver entries
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
usb: ohci-at91: Fix the unhandle interrupt when resume
usb: xhci-mtk: set the dma max_seg_size
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
tpm_tis: Explicitly check for error code
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
s390/dasd: fix hanging device after quiesce/resume
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
drm/client: Fix memory leak in drm_client_target_cloned
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
net/sched: cls_u32: Fix reference counter leak leading to overflow
perf: Fix function pointer case
word-at-a-time: use the same return type for has_zero regardless of endianness
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
perf test uprobe_from_different_cu: Skip if there is no gcc
net: add missing data-race annotations around sk->sk_peek_off
net: add missing data-race annotation for sk_ll_usec
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
tcp_metrics: fix addr_same() helper
tcp_metrics: annotate data-races around tm->tcpm_stamp
tcp_metrics: annotate data-races around tm->tcpm_lock
tcp_metrics: annotate data-races around tm->tcpm_vals[]
tcp_metrics: annotate data-races around tm->tcpm_net
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
loop: Select I/O scheduler 'none' from inside add_disk()
libceph: fix potential hang in ceph_osdc_notify()
USB: zaurus: Add ID for A-300/B-500/C-700
fs/sysv: Null check to prevent null-ptr-deref bug
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
ext2: Drop fragment support
test_firmware: fix a memory leak with reqs buffer
mtd: rawnand: omap_elm: Fix incorrect type in assignment
drm/edid: fix objtool warning in drm_cvt_modes()
Linux 4.14.322
Change-Id: Ia25c00bd23a112b634b83577ec7d54569e8b7c70
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Michael Bestas
|
4f0c737494 |
Merge tag 'ASB-2023-08-05_4.14-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.14
https://source.android.com/docs/security/bulletin/2023-08-01 CVE-2023-21264 CVE-2020-29374 * tag 'ASB-2023-08-05_4.14-stable' of https://android.googlesource.com/kernel/common: (1241 commits) UPSTREAM: xfrm: Check if_id in xfrm_migrate Linux 4.14.320 i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl drm/exynos: vidi: fix a wrong error return s390/cio: unregister device when the only path is gone usb: gadget: udc: fix NULL dereference in remove() fbdev: imsttfb: Release framebuffer and dealloc cmap on error path nfcsim.c: Fix error checking for debugfs_create_dir arm64: Add missing Set/Way CMO encodings HID: wacom: Add error check to wacom_parse_and_register() scsi: target: iscsi: Prevent login threads from racing between each other netfilter: nf_tables: disallow element updates of bound anonymous sets be2net: Extend xmit workaround to BE3 chip mmc: usdhi60rol0: fix deferred probing mmc: omap_hsmmc: fix deferred probing mmc: omap: fix deferred probing mmc: mtk-sd: fix deferred probing ... Conflicts: drivers/edac/edac_device.c drivers/mmc/core/block.c drivers/mtd/ubi/wl.c drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c drivers/usb/core/hub.c drivers/usb/core/quirks.c drivers/usb/dwc3/core.c drivers/usb/gadget/function/f_fs.c fs/ext4/page-io.c fs/incfs/main.c fs/incfs/vfs.c fs/verity/enable.c include/drm/drm_mipi_dsi.h include/net/pkt_sched.h include/uapi/linux/virtio_ids.h kernel/panic.c mm/kasan/report.c Change-Id: I8d87ff356c3d786b122e5addf42282830a6f3260 |
||
|
Thomas Gleixner
|
8dc52c200b |
posix-timers: Ensure timer ID search-loop limit is valid
[ Upstream commit 8ce8849dd1e78dadcee0ec9acbd259d239b7069f ]
posix_timer_add() tries to allocate a posix timer ID by starting from the
cached ID which was stored by the last successful allocation.
This is done in a loop searching the ID space for a free slot one by
one. The loop has to terminate when the search wrapped around to the
starting point.
But that's racy vs. establishing the starting point. That is read out
lockless, which leads to the following problem:
CPU0 CPU1
posix_timer_add()
start = sig->posix_timer_id;
lock(hash_lock);
... posix_timer_add()
if (++sig->posix_timer_id < 0)
start = sig->posix_timer_id;
sig->posix_timer_id = 0;
So CPU1 can observe a negative start value, i.e. -1, and the loop break
never happens because the condition can never be true:
if (sig->posix_timer_id == start)
break;
While this is unlikely to ever turn into an endless loop as the ID space is
huge (INT_MAX), the racy read of the start value caught the attention of
KCSAN and Dmitry unearthed that incorrectness.
Rewrite it so that all id operations are under the hash lock.
Reported-by: syzbot+5c54bd3eb218bb595aa9@syzkaller.appspotmail.com
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Frederic Weisbecker <frederic@kernel.org>
Link: https://lore.kernel.org/r/87bkhzdn6g.ffs@tglx
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
dcf8e96bea |
Merge 4.14.308 into android-4.14-stable
Changes in 4.14.308 ARM: dts: rockchip: add power-domains property to dp node on rk3288 btrfs: send: limit number of clones and allocated memory size IB/hfi1: Assign npages earlier net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). bpf: Do not use ax register in interpreter on div/mod bpf: fix subprog verifier bypass by div/mod by 0 exception bpf: Fix 32 bit src register truncation on div/mod bpf: Fix truncation handling for mod32 dst reg wrt zero dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size USB: serial: option: add support for VW/Skoda "Carstick LTE" USB: core: Don't hold device lock while reading the "descriptors" sysfs file HID: asus: Remove check for same LED brightness on set HID: asus: use spinlock to protect concurrent accesses HID: asus: use spinlock to safely schedule workers ARM: OMAP2+: Fix memory leak in realtime_counter_init() ARM: zynq: Fix refcount leak in zynq_early_slcr_init arm64: dts: meson-gx: Fix Ethernet MAC address unit name arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name arm64: dts: amlogic: meson-gx: add missing unit address to rng node name arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name block: bio-integrity: Copy flags when bio_integrity_payload is cloned wifi: libertas: fix memory leak in lbs_init_adapter() wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() wifi: ipw2200: fix memory leak in ipw_wdev_init() wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() genirq: Fix the return type of kstat_cpu_irqs_sum() lib/mpi: Fix buffer overrun when SG is too long ACPICA: nsrepair: handle cases without a return value correctly wifi: orinoco: check return value of hermes_write_wordrec() wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() ACPI: battery: Fix missing NUL-termination with large strings crypto: seqiv - Handle EBUSY correctly net/mlx5: Enhance debug print in page allocation failure irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe cpufreq: davinci: Fix clk use after free Bluetooth: L2CAP: Fix potential user-after-free crypto: rsa-pkcs1pad - Use akcipher_request_complete m68k: /proc/hardware should depend on PROC_FS wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC drm/bridge: megachips: Fix error handling in i2c_register_driver() gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() drm/msm/hdmi: Add missing check for alloc_ordered_workqueue pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups ALSA: hda/ca0132: minor fix for allocation size drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness drm/mediatek: Drop unbalanced obj unref ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() gpio: vf610: connect GPIO label to dev name hwmon: (ltc2945) Handle error case in ltc2945_value_store scsi: aic94xx: Add missing check for dma_map_single() dm: remove flush_scheduled_work() during local_exit() mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() mtd: rawnand: sunxi: Fix the size of the last OOB region Input: ads7846 - don't report pressure for ads7845 Input: ads7846 - don't check penirq immediately for 7845 powerpc/powernv/ioda: Skip unallocated resources when mapping to PE powerpc/pseries/lparcfg: add missing RTAS retry status handling MIPS: vpe-mt: drop physical_memsize media: platform: ti: Add missing check for devm_regulator_get media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() media: usb: siano: Fix use after free bugs caused by do_submit_urb rpmsg: glink: Avoid infinite loop on intent for missing channel udf: Define EFSCORRUPTED error code ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait() thermal: intel: Fix unsigned comparison with less than zero timers: Prevent union confusion from unexpected restart_syscall() x86/bugs: Reset speculation control settings on init inet: fix fast path in __inet_hash_connect() ACPI: Don't build ACPICA with '-Os' net: bcmgenet: Add a check for oversized packets m68k: Check syscall_trace_enter() return code ACPI: video: Fix Lenovo Ideapad Z570 DMI match drm/radeon: free iio for atombios when driver shutdown drm/msm/dsi: Add missing check for alloc_ordered_workqueue docs/scripts/gdb: add necessary make scripts_gdb step ASoC: kirkwood: Iterate over array indexes instead of using pointer math regulator: max77802: Bounds check regulator id against opmode regulator: s5m8767: Bounds check id indexing into arrays pinctrl: at91: use devm_kasprintf() to avoid potential leaks dm thin: add cond_resched() to various workqueue loops dm cache: add cond_resched() to various workqueue loops spi: bcm63xx-hsspi: Fix multi-bit mode setting wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu rtc: pm8xxx: fix set-alarm race s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler s390/kprobes: fix current_kprobe never cleared after kprobes reenter hfs: fix missing hfs_bnode_get() in __hfs_bnode_create fs: hfsplus: fix UAF issue in hfsplus_put_super f2fs: fix information leak in f2fs_move_inline_dirents() ocfs2: fix defrag path triggering jbd2 ASSERT ocfs2: fix non-auto defrag path not working issue udf: Truncate added extents on failed expansion udf: Do not bother merging very long extents udf: Do not update file length for failed writes to inline files udf: Fix file corruption when appending just after end of preallocated extent x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) x86/crash: Disable virt in core NMI crash handler to avoid double shootdown x86/reboot: Disable virtualization in an emergency if SVM is supported x86/reboot: Disable SVM, not just VMX, when stopping CPUs x86/kprobes: Fix __recover_optprobed_insn check optimizing logic x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter x86/microcode/AMD: Add a @cpu parameter to the reloading functions x86/microcode/AMD: Fix mixed steppings support x86/speculation: Allow enabling STIBP with legacy IBRS Documentation/hw-vuln: Document the interaction between IBRS and STIBP ima: Align ima_file_mmap() parameters with mmap_file LSM hook irqdomain: Fix association race irqdomain: Fix disassociation race irqdomain: Drop bogus fwspec-mapping error handling ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() ext4: optimize ea_inode block expansion ext4: refuse to create ea block when umounted wifi: rtl8xxxu: Use a longer retry limit of 48 wifi: cfg80211: Fix use after free for wext dm flakey: fix logic when corrupting a bio dm flakey: don't corrupt the zero page ARM: dts: exynos: correct TMU phandle in Exynos4 ARM: dts: exynos: correct TMU phandle in Odroid XU rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails alpha: fix FEN fault handling mips: fix syscall_get_nr ktest.pl: Fix missing "end_monitor" when machine check fails scsi: qla2xxx: Fix link failure in NPIV environment scsi: qla2xxx: Fix erroneous link down scsi: ses: Don't attach if enclosure has no components scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses scsi: ses: Fix possible desc_ptr out-of-bounds accesses scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() PCI: Avoid FLR for AMD FCH AHCI adapters drm/radeon: Fix eDP for single-display iMac11,2 kbuild: Port silent mode detection to future gnu make. net/sched: Retire tcindex classifier fs/jfs: fix shift exponent db_agl2size negative pwm: stm32-lp: fix the check on arr and cmp registers update ubi: ensure that VID header offset + VID header size <= alloc, size ubifs: Rectify space budget for ubifs_xrename() ubifs: Fix wrong dirty space budget for dirty inode ubifs: Reserve one leb for each journal head while doing budget ubi: Fix use-after-free when volume resizing failed ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() ubi: Fix possible null-ptr-deref in ubi_free_volume() ubifs: Re-statistic cleaned znode count if commit failed ubifs: dirty_cow_znode: Fix memleak in error handling path ubifs: ubifs_writepage: Mark page dirty after writing inode failed ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path watchdog: Fix kmemleak in watchdog_cdev_register watchdog: pcwd_usb: Fix attempting to access uninitialized memory netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() net: fix __dev_kfree_skb_any() vs drop monitor 9p/xen: fix version parsing 9p/xen: fix connection sequence nfc: fix memory leak of se_io context in nfc_genl_se_io ARM: dts: spear320-hmi: correct STMPE GPIO compatible tcp: tcp_check_req() can be called from process context scsi: ipr: Work around fortify-string warning thermal: intel: quark_dts: fix error pointer dereference tracing: Add NULL checks for buffer in ring_buffer_free_read_page() firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 media: uvcvideo: Handle cameras with invalid descriptors tty: fix out-of-bounds access in tty_driver_lookup_tty() tty: serial: fsl_lpuart: disable the CTS when send break signal tools/iio/iio_utils:fix memory leak iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math USB: ene_usb6250: Allocate enough memory for full object usb: uvc: Enumerate valid values for color matching phy: rockchip-typec: Fix unsigned comparison with less than zero Bluetooth: hci_sock: purge socket queues in the destruct() callback s390/maccess: add no DAT mode to kernel_write s390/setup: init jump labels before command line parsing tcp: Fix listen() regression in 4.14.303. thermal: intel: powerclamp: Fix cur_state for multi package system Linux 4.14.308 Change-Id: Iad2a41de33ff004df8050f949aa00955604b4cf6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jann Horn
|
59de7af9d6 |
timers: Prevent union confusion from unexpected restart_syscall()
[ Upstream commit 9f76d59173d9d146e96c66886b671c1915a5c5e5 ] The nanosleep syscalls use the restart_block mechanism, with a quirk: The `type` and `rmtp`/`compat_rmtp` fields are set up unconditionally on syscall entry, while the rest of the restart_block is only set up in the unlikely case that the syscall is actually interrupted by a signal (or pseudo-signal) that doesn't have a signal handler. If the restart_block was set up by a previous syscall (futex(..., FUTEX_WAIT, ...) or poll()) and hasn't been invalidated somehow since then, this will clobber some of the union fields used by futex_wait_restart() and do_restart_poll(). If userspace afterwards wrongly calls the restart_syscall syscall, futex_wait_restart()/do_restart_poll() will read struct fields that have been clobbered. This doesn't actually lead to anything particularly interesting because none of the union fields contain trusted kernel data, and futex(..., FUTEX_WAIT, ...) and poll() aren't syscalls where it makes much sense to apply seccomp filters to their arguments. So the current consequences are just of the "if userspace does bad stuff, it can damage itself, and that's not a problem" flavor. But still, it seems like a hazard for future developers, so invalidate the restart_block when partly setting it up in the nanosleep syscalls. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20230105134403.754986-1-jannh@google.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
8a685dfcae |
Merge 4.14.307 into android-4.14-stable
Changes in 4.14.307 wifi: rtl8xxxu: gen2: Turn on the rate control powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G random: always mix cycle counter in add_latent_entropy() powerpc: dts: t208x: Disable 10G on MAC1 and MAC2 alarmtimer: Prevent starvation by small intervals and SIG_IGN uaccess: Add speculation barrier to copy_from_user() wifi: mwifiex: Add missing compatible string for SD8787 Linux 4.14.307 Change-Id: If5ceaa5a92112375336b9d7da8b0cbb7b6c3d234 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Thomas Gleixner
|
d21f4dae47 |
alarmtimer: Prevent starvation by small intervals and SIG_IGN
commit d125d1349abeb46945dc5e98f7824bf688266f13 upstream. syzbot reported a RCU stall which is caused by setting up an alarmtimer with a very small interval and ignoring the signal. The reproducer arms the alarm timer with a relative expiry of 8ns and an interval of 9ns. Not a problem per se, but that's an issue when the signal is ignored because then the timer is immediately rearmed because there is no way to delay that rearming to the signal delivery path. See posix_timer_fn() and commit |
||
|
Lucas Wei
|
fa61e2931e |
Merge android-4.14-stable (4.14.285) into android-msm-pixel-4.14-tm-lts
Merge 4.14.285 into android-4.14-stable
* UPSTREAM: lib/vsprintf: Hash printed address for netdev bits fallback
lib/vsprintf.c
* UPSTREAM: lib/vsprintf: Prepare for more general use of ptr_to_id()
lib/vsprintf.c
* UPSTREAM: lib/vsprintf: Make ptr argument conts in ptr_to_id()
lib/vsprintf.c
* UPSTREAM: vsprintf: Replace memory barrier with static_key for random_ptr_key update
lib/vsprintf.c
UPSTREAM: lib/test_printf.c: accept "ptrval" as valid result for plain 'p' tests
* UPSTREAM: lib/vsprintf: Do not handle %pO[^F] as %px
lib/vsprintf.c
* BACKPORT: l2tp: fix race in pppol2tp_release with session object destroy
net/l2tp/l2tp_ppp.c
* BACKPORT: l2tp: don't use inet_shutdown on ppp session destroy
net/l2tp/l2tp_ppp.c
Linux 4.14.285
* tcp: drop the hash_32() part from the index calculation
net/ipv4/inet_hashtables.c
* tcp: increase source port perturb table to 2^16
net/ipv4/inet_hashtables.c
* tcp: dynamically allocate the perturb table used by source ports
net/ipv4/inet_hashtables.c
* tcp: add small random increments to the source port
net/ipv4/inet_hashtables.c
* tcp: use different parts of the port_offset for index and offset
net/ipv4/inet_hashtables.c
* tcp: add some entropy in __inet_hash_connect()
net/ipv4/inet_hashtables.c
xprtrdma: fix incorrect header size calculations
* usb: gadget: u_ether: fix regression in setting fixed MAC address
drivers/usb/gadget/function/u_ether.c
s390/mm: use non-quiescing sske for KVM switch to keyed guest
* l2tp: fix race in pppol2tp_release with session object destroy
net/l2tp/l2tp_ppp.c
* l2tp: don't use inet_shutdown on ppp session destroy
net/l2tp/l2tp_ppp.c
virtio-pci: Remove wrong address verification in vp_del_vqs()
* ext4: add reserved GDT blocks check
fs/ext4/resize.c
* ext4: make variable "count" signed
fs/ext4/namei.c
* ext4: fix bug_on ext4_mb_use_inode_pa
fs/ext4/mballoc.c
serial: 8250: Store to lsr_save_flags after lsr read
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
usb: dwc2: Fix memory leak in dwc2_hcd_init
USB: serial: io_ti: add Agilent E5805A support
USB: serial: option: add support for Cinterion MV31 with new baseline
comedi: vmk80xx: fix expression for tx buffer size
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
certs/blacklist_hashes.c: fix const confusion in certs blacklist
arm64: ftrace: fix branch range checks
net: bgmac: Fix an erroneous kfree() in bgmac_remove()
misc: atmel-ssc: Fix IRQ check in ssc_probe
tty: goldfish: Fix free_irq() on remove
i40e: Fix call trace in setup_tx_descriptors
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
* random: credit cpu and bootloader seeds by default
drivers/char/Kconfig
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
* ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net/l2tp/l2tp_ip6.c
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
scsi: pmcraid: Fix missing resource cleanup in error case
scsi: ipr: Fix missing/incorrect resource cleanup in error case
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
ASoC: wm8962: Fix suspend while playing music
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Fix TLV scales for mixer controls
* random: account for arch randomness in bits
drivers/char/random.c
* random: mark bootloader randomness code as __init
drivers/char/random.c
include/linux/random.h
* random: avoid checking crng_ready() twice in random_init()
drivers/char/random.c
* crypto: drbg - make reseeding from get_random_bytes() synchronous
crypto/drbg.c
drivers/char/random.c
include/crypto/drbg.h
* crypto: drbg - always try to free Jitter RNG instance
crypto/drbg.c
* crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto/drbg.c
* crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto/drbg.c
include/crypto/drbg.h
* crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto/drbg.c
include/crypto/drbg.h
* crypto: drbg - always seeded with SP800-90B compliant noise source
crypto/drbg.c
include/crypto/drbg.h
* crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto/drbg.c
include/crypto/drbg.h
* Revert "random: use static branch for crng_ready()"
drivers/char/random.c
* random: check for signals after page of pool writes
drivers/char/random.c
* random: wire up fops->splice_{read,write}_iter()
drivers/char/random.c
* random: convert to using fops->write_iter()
drivers/char/random.c
* random: move randomize_page() into mm where it belongs
drivers/char/random.c
include/linux/mm.h
include/linux/random.h
mm/util.c
* random: move initialization functions out of hot pages
drivers/char/random.c
* random: use proper return types on get_random_{int,long}_wait()
drivers/char/random.c
include/linux/random.h
* random: remove extern from functions in header
include/linux/random.h
* random: use static branch for crng_ready()
drivers/char/random.c
* random: credit architectural init the exact amount
drivers/char/random.c
* random: handle latent entropy and command line from random_init()
drivers/char/random.c
include/linux/random.h
init/main.c
* random: use proper jiffies comparison macro
drivers/char/random.c
* random: remove ratelimiting for in-kernel unseeded randomness
drivers/char/random.c
lib/Kconfig.debug
* random: avoid initializing twice in credit race
drivers/char/random.c
* random: use symbolic constants for crng_init states
drivers/char/random.c
* siphash: use one source of truth for siphash permutations
drivers/char/random.c
include/linux/prandom.h
include/linux/siphash.h
lib/siphash.c
* random: help compiler out with fast_mix() by using simpler arguments
drivers/char/random.c
* random: do not use input pool from hard IRQs
drivers/char/random.c
* random: order timer entropy functions below interrupt functions
drivers/char/random.c
* random: do not pretend to handle premature next security model
drivers/char/random.c
* random: do not use batches when !crng_ready()
drivers/char/random.c
* random: insist on random_get_entropy() existing in order to simplify
drivers/char/random.c
xtensa: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
arm: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
m68k: use fallback for random_get_entropy() instead of zero
* timekeeping: Add raw clock fallback for random_get_entropy()
include/linux/timex.h
kernel/time/timekeeping.c
powerpc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
ia64: define get_cycles macro for arch-override
* init: call time_init() before rand_initialize()
init/main.c
random: fix sysctl documentation nits
* random: document crng_fast_key_erasure() destination possibility
drivers/char/random.c
* random: make random_get_entropy() return an unsigned long
drivers/char/random.c
include/linux/timex.h
* random: check for signals every PAGE_SIZE chunk of /dev/[u]random
drivers/char/random.c
* random: check for signal_pending() outside of need_resched() check
drivers/char/random.c
* random: do not allow user to keep crng key around on stack
drivers/char/random.c
* random: do not split fast init input in add_hwgenerator_randomness()
drivers/char/random.c
* random: mix build-time latent entropy into pool at init
drivers/char/random.c
* random: re-add removed comment about get_random_{u32,u64} reseeding
drivers/char/random.c
* random: treat bootloader trust toggle the same way as cpu trust toggle
drivers/char/Kconfig
drivers/char/random.c
* random: skip fast_init if hwrng provides large chunk of entropy
drivers/char/random.c
* random: check for signal and try earlier when generating entropy
drivers/char/random.c
* random: reseed more often immediately after booting
drivers/char/random.c
* random: make consistent usage of crng_ready()
drivers/char/random.c
* random: use SipHash as interrupt entropy accumulator
drivers/char/random.c
* random: replace custom notifier chain with standard one
crypto/drbg.c
drivers/char/random.c
include/crypto/drbg.h
include/linux/random.h
lib/random32.c
* random: don't let 644 read-only sysctls be written to
drivers/char/random.c
* random: give sysctl_random_min_urandom_seed a more sensible value
drivers/char/random.c
* random: do crng pre-init loading in worker rather than irq
drivers/char/random.c
* random: unify cycles_t and jiffies usage and types
drivers/char/random.c
* random: cleanup UUID handling
drivers/char/random.c
* random: only wake up writers after zap if threshold was passed
drivers/char/random.c
* random: round-robin registers as ulong, not u32
drivers/char/random.c
* random: clear fast pool, crng, and batches in cpuhp bring up
drivers/char/random.c
include/linux/cpuhotplug.h
include/linux/random.h
kernel/cpu.c
* random: pull add_hwgenerator_randomness() declaration into random.h
drivers/char/hw_random/core.c
include/linux/hw_random.h
include/linux/random.h
* random: check for crng_init == 0 in add_device_randomness()
drivers/char/random.c
* random: unify early init crng load accounting
drivers/char/random.c
* random: do not take pool spinlock at boot
drivers/char/random.c
* random: defer fast pool mixing to worker
drivers/char/random.c
* random: rewrite header introductory comment
drivers/char/random.c
* random: group sysctl functions
drivers/char/random.c
* random: group userspace read/write functions
drivers/char/random.c
* random: group entropy collection functions
drivers/char/random.c
* random: group entropy extraction functions
drivers/char/random.c
* random: group initialization wait functions
drivers/char/random.c
* random: remove whitespace and reorder includes
drivers/char/random.c
* random: remove useless header comment
include/linux/random.h
* random: introduce drain_entropy() helper to declutter crng_reseed()
drivers/char/random.c
* random: deobfuscate irq u32/u64 contributions
drivers/char/random.c
* random: add proper SPDX header
drivers/char/random.c
* random: remove unused tracepoints
drivers/char/random.c
lib/random32.c
* random: remove ifdef'd out interrupt bench
drivers/char/random.c
* random: tie batched entropy generation to base_crng generation
drivers/char/random.c
* random: zero buffer after reading entropy from userspace
drivers/char/random.c
* random: remove outdated INT_MAX >> 6 check in urandom_read()
drivers/char/random.c
* random: use hash function for crng_slow_load()
drivers/char/random.c
include/linux/hw_random.h
include/linux/random.h
* random: absorb fast pool into input pool after fast load
drivers/char/random.c
* random: do not xor RDRAND when writing into /dev/random
drivers/char/random.c
* random: ensure early RDSEED goes through mixer on init
drivers/char/random.c
* random: inline leaves of rand_initialize()
drivers/char/random.c
* random: use RDSEED instead of RDRAND in entropy extraction
drivers/char/random.c
* random: fix locking in crng_fast_load()
drivers/char/random.c
* random: remove batched entropy locking
drivers/char/random.c
* random: remove use_input_pool parameter from crng_reseed()
drivers/char/random.c
* random: make credit_entropy_bits() always safe
drivers/char/random.c
* random: always wake up entropy writers after extraction
drivers/char/random.c
* random: use linear min-entropy accumulation crediting
drivers/char/random.c
* random: simplify entropy debiting
drivers/char/random.c
* random: use computational hash for entropy extraction
drivers/char/random.c
* random: only call crng_finalize_init() for primary_crng
drivers/char/random.c
* random: access primary_pool directly rather than through pointer
drivers/char/random.c
* random: continually use hwgenerator randomness
drivers/char/random.c
* random: simplify arithmetic function flow in account()
drivers/char/random.c
* random: access input_pool_data directly rather than through pointer
drivers/char/random.c
* random: cleanup fractional entropy shift constants
drivers/char/random.c
* random: prepend remaining pool constants with POOL_
drivers/char/random.c
* random: de-duplicate INPUT_POOL constants
drivers/char/random.c
* random: remove unused OUTPUT_POOL constants
drivers/char/random.c
* random: rather than entropy_store abstraction, use global
drivers/char/random.c
* random: try to actively add entropy rather than passively wait for it
drivers/char/random.c
* random: remove unused extract_entropy() reserved argument
drivers/char/random.c
* random: remove incomplete last_data logic
drivers/char/random.c
* random: cleanup integer types
drivers/char/random.c
* crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
drivers/char/random.c
* random: cleanup poolinfo abstraction
drivers/char/random.c
* random: fix typo in comments
drivers/char/random.c
* random: don't reset crng_init_cnt on urandom_read()
drivers/char/random.c
* random: avoid superfluous call to RDRAND in CRNG extraction
drivers/char/random.c
* random: early initialization of ChaCha constants
drivers/char/random.c
* random: initialize ChaCha20 constants with correct endianness
drivers/char/random.c
* random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
drivers/char/random.c
* random: harmonize "crng init done" messages
drivers/char/random.c
* random: mix bootloader randomness into pool
drivers/char/random.c
* random: do not re-init if crng_reseed completes before primary init
drivers/char/random.c
* random: do not sign extend bytes for rotation when mixing
drivers/char/random.c
* random: use BLAKE2s instead of SHA1 in extraction
drivers/char/random.c
* random: remove unused irq_flags argument from add_interrupt_randomness()
drivers/char/random.c
include/linux/random.h
kernel/irq/handle.c
* random: document add_hwgenerator_randomness() with other input functions
drivers/char/random.c
* crypto: blake2s - adjust include guard naming
include/crypto/blake2s.h
include/crypto/internal/blake2s.h
* crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
include/crypto/blake2s.h
MAINTAINERS: co-maintain random.c
* random: remove dead code left over from blocking pool
drivers/char/random.c
* random: avoid arch_get_random_seed_long() when collecting IRQ randomness
drivers/char/random.c
* random: add arch_get_random_*long_early()
drivers/char/random.c
include/linux/random.h
powerpc: Use bool in archrandom.h
* linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
include/linux/random.h
* linux/random.h: Use false with bool
include/linux/random.h
* linux/random.h: Remove arch_has_random, arch_has_random_seed
include/linux/random.h
s390: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
x86: Remove arch_has_random, arch_has_random_seed
* random: avoid warnings for !CONFIG_NUMA builds
drivers/char/random.c
* random: split primary/secondary crng init paths
drivers/char/random.c
* random: remove some dead code of poolinfo
drivers/char/random.c
* random: fix typo in add_timer_randomness()
drivers/char/random.c
* random: Add and use pr_fmt()
drivers/char/random.c
* random: convert to ENTROPY_BITS for better code readability
drivers/char/random.c
* random: remove unnecessary unlikely()
drivers/char/random.c
* random: remove kernel.random.read_wakeup_threshold
drivers/char/random.c
* random: delete code to pull data into pools
drivers/char/random.c
* random: remove the blocking pool
drivers/char/random.c
* random: fix crash on multiple early calls to add_bootloader_randomness()
drivers/char/random.c
* char/random: silence a lockdep splat with printk()
drivers/char/random.c
* random: make /dev/random be almost like /dev/urandom
drivers/char/random.c
* random: ignore GRND_RANDOM in getentropy(2)
drivers/char/random.c
include/uapi/linux/random.h
* random: add GRND_INSECURE to return best-effort non-cryptographic bytes
drivers/char/random.c
include/uapi/linux/random.h
* random: Add a urandom_read_nowait() for random APIs that don't warn
drivers/char/random.c
* random: Don't wake crng_init_wait when crng_init == 1
drivers/char/random.c
* lib/crypto: sha1: re-roll loops to reduce code size
lib/sha1.c
* lib/crypto: blake2s: move hmac construction into wireguard
include/crypto/blake2s.h
lib/crypto/blake2s.c
* crypto: blake2s - generic C library implementation and selftest
include/crypto/blake2s.h
include/crypto/internal/blake2s.h
lib/Makefile
lib/crypto/Makefile
lib/crypto/blake2s-generic.c
lib/crypto/blake2s.c
* crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
crypto/md4.c
crypto/md5.c
include/linux/byteorder/generic.h
* Revert "hwrng: core - Freeze khwrng thread during suspend"
drivers/char/random.c
* char/random: Add a newline at the end of the file
drivers/char/random.c
* random: Use wait_event_freezable() in add_hwgenerator_randomness()
drivers/char/random.c
* fdt: add support for rng-seed
drivers/char/Kconfig
drivers/char/random.c
drivers/of/fdt.c
include/linux/random.h
* random: Support freezable kthreads in add_hwgenerator_randomness()
drivers/char/random.c
* random: fix soft lockup when trying to read from an uninitialized blocking pool
drivers/char/random.c
* latent_entropy: avoid build error when plugin cflags are not set
include/linux/random.h
* random: document get_random_int() family
drivers/char/random.c
* random: move rand_initialize() earlier
drivers/char/random.c
include/linux/random.h
init/main.c
* random: only read from /dev/random after its pool has received 128 bits
drivers/char/random.c
* drivers/char/random.c: make primary_crng static
drivers/char/random.c
* drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c
* drivers/char/random.c: constify poolinfo_table
drivers/char/random.c
* random: make CPU trust a boot parameter
drivers/char/Kconfig
drivers/char/random.c
* random: Make crng state queryable
drivers/char/random.c
include/linux/random.h
* random: remove preempt disabled region
drivers/char/random.c
* random: add a config option to trust the CPU's hwrng
drivers/char/Kconfig
drivers/char/random.c
* random: Return nbytes filled from hw RNG
drivers/char/random.c
include/linux/random.h
* random: Fix whitespace pre random-bytes work
drivers/char/random.c
* drivers/char/random.c: remove unused dont_count_entropy
drivers/char/random.c
* random: optimize add_interrupt_randomness
drivers/char/random.c
* random: always fill buffer in get_random_bytes_wait
include/linux/random.h
* crypto: chacha20 - Fix keystream alignment for chacha20_block()
drivers/char/random.c
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
* UPSTREAM: ext4: verify dir block before splitting it
fs/ext4/namei.c
* UPSTREAM: ext4: fix use-after-free in ext4_rename_dir_prepare
fs/ext4/namei.c
* BACKPORT: ext4: Only advertise encrypted_casefold when encryption and unicode are enabled
fs/ext4/sysfs.c
* BACKPORT: ext4: fix no-key deletion for encrypt+casefold
fs/ext4/namei.c
* BACKPORT: ext4: optimize match for casefolded encrypted dirs
fs/ext4/ext4.h
fs/ext4/namei.c
* BACKPORT: ext4: handle casefolding with encryption
fs/ext4/dir.c
fs/ext4/ext4.h
fs/ext4/hash.c
fs/ext4/inline.c
fs/ext4/namei.c
fs/ext4/super.c
fs/ext4/sysfs.c
* Revert "ANDROID: ext4: Handle casefolding with encryption"
fs/ext4/dir.c
fs/ext4/ext4.h
fs/ext4/hash.c
fs/ext4/ialloc.c
fs/ext4/inline.c
fs/ext4/namei.c
fs/ext4/super.c
* Revert "ANDROID: ext4: Optimize match for casefolded encrypted dirs"
fs/ext4/ext4.h
fs/ext4/namei.c
Merge 4.14.284 into android-4.14-stable
* Revert "ext4: fix use-after-free in ext4_rename_dir_prepare"
fs/ext4/namei.c
* Revert "ext4: verify dir block before splitting it"
fs/ext4/namei.c
Linux 4.14.284
x86/speculation/mmio: Print SMT warning
KVM: x86/speculation: Disable Fill buffer clear within guests
x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
x86/speculation/srbds: Update SRBDS mitigation selection
* x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
drivers/base/cpu.c
include/linux/cpu.h
x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
x86/speculation: Add a common function for MD_CLEAR mitigation update
x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
Documentation: Add documentation for Processor MMIO Stale Data
x86/cpu: Add another Alder Lake CPU to the Intel family
x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
x86/cpu: Add Comet Lake to the Intel CPU models header
x86/CPU: Add more Icelake model numbers
x86/CPU: Add Icelake model number
x86/cpu: Add Cannonlake to Intel family
x86/cpu: Add Jasper Lake to Intel family
* cpu/speculation: Add prototype for cpu_show_srbds()
include/linux/cpu.h
x86/cpu: Add Elkhart Lake to Intel family
Merge 4.14.283 into android-4.14-stable
Linux 4.14.283
* tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
net/ipv4/tcp_input.c
PCI: qcom: Fix unbalanced PHY init on probe errors
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
md/raid0: Ignore RAID0 layout if the second zone has only one device
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
ixgbe: fix bcast packets Rx on VF after promisc removal
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
cifs: return errors during session setup during reconnects
ALSA: hda/conexant - Fix loopback issue with CX20632
vringh: Fix loop descriptors check in the indirect cases
* nodemask: Fix return values to be unsigned
include/linux/nodemask.h
lib/nodemask.c
nbd: fix io hung while disconnecting device
nbd: fix race between nbd_alloc_config() and module removal
nbd: call genl_unregister_family() first in nbd_cleanup()
* modpost: fix undefined behavior of is_arm_mapping_symbol()
scripts/mod/modpost.c
drm/radeon: fix a possible null pointer dereference
* Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
net/key/af_key.c
md: protect md_unregister_thread from reentrancy
* kernfs: Separate kernfs_pr_cont_buf and rename_lock.
fs/kernfs/dir.c
serial: msm_serial: disable interrupts in __msm_console_write()
staging: rtl8712: fix uninit-value in r871xu_drv_init()
clocksource/drivers/sp804: Avoid error on multiple instances
* extcon: Modify extcon device to be created after driver data is set
drivers/extcon/extcon.c
misc: rtsx: set NULL intfdata when probe fails
usb: dwc2: gadget: don't reset gadget's driver->bus
* USB: hcd-pci: Fully suspend across freeze/thaw cycle
drivers/usb/core/hcd-pci.c
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
tty: Fix a possible resource leak in icom_probe
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
lkdtm/usercopy: Expand size of "out of frame" object
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
drm: imx: fix compiler warning with gcc-12
net: altera: Fix refcount leak in altera_tse_mdio_create
net: ipv6: unexport __init-annotated seg6_hmac_init()
* net: xfrm: unexport __init-annotated xfrm4_protocol_init()
net/ipv4/xfrm4_protocol.c
* net: mdio: unexport __init-annotated mdio_bus_init()
drivers/net/phy/mdio_bus.c
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
xprtrdma: treat all calls not a bcall when bc_serv is NULL
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
m68knommu: fix undefined reference to `_init_sp'
m68knommu: set ZERO_PAGE() to the allocated zeroed page
i2c: cadence: Increase timeout per message if necessary
* tracing: Avoid adding tracer option before update_tracer_options
kernel/trace/trace.c
* tracing: Fix sleeping function called from invalid context on RT kernel
kernel/trace/trace.c
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
* tcp: tcp_rtx_synack() can be called from process context
net/ipv4/tcp_output.c
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
jffs2: fix memory leak in jffs2_do_fill_super
* modpost: fix removing numeric suffixes
scripts/mod/modpost.c
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: sh-sci: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: digicolor-usart: Don't allow CS5-6
serial: meson: acquire port->lock in startup()
rtc: mt6397: check return value after calling platform_get_resource()
soc: rockchip: Fix refcount leak in rockchip_grf_init
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
pwm: lp3943: Fix duty calculation in case period was clamped
USB: storage: karma: fix rio_karma_init return
usb: usbip: add missing device lock on tweak configuration cmd
usb: usbip: fix a refcount leak in stub_probe()
tty: goldfish: Use tty_port_destroy() to destroy port
staging: greybus: codecs: fix type confusion of list iterator variable
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
netfilter: nf_tables: disallow non-stateful expression in sets earlier
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
RDMA/rxe: Generate a completion for unsupported/invalid opcode
phy: qcom-qmp: fix reset-controller leak on probe errors
dt-bindings: gpio: altera: correct interrupt-cells
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
phy: qcom-qmp: fix struct clk leak on probe errors
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
gma500: fix an incorrect NULL check on list iterator
carl9170: tx: fix an incorrect use of list iterator
* ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
sound/soc/codecs/rt5514.c
rtl818x: Prevent using not initialized queues
hugetlb: fix huge_pmd_unshare address update
* nodemask.h: fix compilation error with GCC12
include/linux/nodemask.h
iommu/msm: Fix an incorrect NULL check on list iterator
um: Fix out-of-bounds read in LDT setup
um: chan_user: Fix winch_tramp() return value
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
irqchip: irq-xtensa-mx: fix initial IRQ affinity
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
RDMA/hfi1: Fix potential integer multiplication overflow errors
md: fix an incorrect NULL check in md_reload_sb
md: fix an incorrect NULL check in does_sb_need_changing
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
* scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
drivers/scsi/ufs/ufs-qcom.c
scsi: dc395x: Fix a missing check on list iterator
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
dlm: fix missing lkb refcount handling
dlm: fix plock invalid read
* ext4: avoid cycles in directory h-tree
fs/ext4/namei.c
* ext4: verify dir block before splitting it
fs/ext4/namei.c
* ext4: fix bug_on in ext4_writepages
fs/ext4/inline.c
* ext4: fix use-after-free in ext4_rename_dir_prepare
fs/ext4/namei.c
* fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
fs/fs-writeback.c
iwlwifi: mvm: fix assert 1F04 upon reconfig
wifi: mac80211: fix use-after-free in chanctx code
perf jevents: Fix event syntax error caused by ExtSel
perf c2c: Use stdio interface if slang is not supported
iommu/amd: Increase timeout waiting for GA log enablement
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
iommu/mediatek: Add list_del in mtk_iommu_remove
* mailbox: forward the hrtimer if not queued and under a lock
drivers/mailbox/mailbox.c
include/linux/mailbox_controller.h
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
powerpc/perf: Fix the threshold compare group constraint for power9
Input: sparcspkr - fix refcount leak in bbc_beep_probe
* tty: fix deadlock caused by calling printk() under tty_port->lock
drivers/tty/tty_buffer.c
powerpc/4xx/cpm: Fix return value of __setup() handler
powerpc/idle: Fix return value of __setup() handler
powerpc/8xx: export 'cpm_setbrg' for modules
drivers/base/node.c: fix compaction sysfs file leak
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
* soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
drivers/soc/qcom/smp2p.c
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix listen() setting the bar too high for the prealloc rings
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
* sctp: read sk->sk_bound_dev_if once in sctp_rcv()
net/sctp/input.c
m68k: math-emu: Fix dependencies of math emulation support
* Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
net/bluetooth/sco.c
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: st-delta: Fix PM disable depth imbalance in delta_probe
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
* media: uvcvideo: Fix missing check to determine if element is found in list
drivers/media/usb/uvc/uvc_v4l2.c
* drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
drivers/gpu/drm/msm/msm_gem_prime.c
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
x86: Fix return value of __setup handlers
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
x86/pm: Fix false positive kmemleak report in msr_build_context()
* fsnotify: fix wrong lockdep annotations
fs/notify/mark.c
* inotify: show inotify mask flags in proc fdinfo
fs/notify/fdinfo.c
fs/notify/inotify/inotify.h
fs/notify/inotify/inotify_user.c
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
spi: img-spfi: Fix pm_runtime_get_sync() error checking
HID: hid-led: fix maximum brightness for Dream Cheeky
* efi: Add missing prototype for efi_capsule_setup_info
include/linux/efi.h
NFC: NULL out the dev->rfkill to prevent UAF
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
drm/mediatek: Fix mtk_cec_mask()
x86/delay: Fix the wrong asm constraint in delay_loop()
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
ath9k: fix ar9003_get_eepmisc
* drm: fix EDID struct for old ARM OABI format
include/drm/drm_edid.h
RDMA/hfi1: Prevent panic when SDMA is disabled
* macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
drivers/macintosh/Kconfig
drivers/macintosh/Makefile
powerpc/xics: fix refcount leak in icp_opal_init()
* tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
include/trace/events/vmscan.h
* PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
drivers/pci/pci.c
ARM: hisi: Add missing of_node_put after of_find_compatible_node
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: versatile: Add missing of_node_put in dcscb_init
* fat: add ratelimit to fat*_ent_bread()
fs/fat/fatent.c
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fs: jfs: fix possible NULL pointer dereference in dbFree()
ARM: dts: ox820: align interrupt controller node name with dtschema
* eth: tg3: silence the GCC 12 array-bounds warning
drivers/net/ethernet/broadcom/Makefile
rxrpc: Return an error to sendmsg if call failed
media: exynos4-is: Fix compile warning
* net: phy: micrel: Allow probing without .driver_data
drivers/net/phy/micrel.c
ASoC: rt5645: Fix errorenous cleanup order
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
openrisc: start CPU timer early in boot
rtlwifi: Use pr_warn instead of WARN_ONCE
ipmi:ssif: Check for NULL msg when handling events and messages
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
* ASoC: dapm: Don't fold register value changes into notifications
sound/soc/soc-dapm.c
* ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
net/ipv6/addrconf.c
drm/amd/pm: fix the compile warning
scsi: megaraid: Fix error check return value of register_chrdev()
media: cx25821: Fix the warning when removing the module
media: pci: cx23885: Fix the error handling in cx23885_initdev()
media: venus: hfi: avoid null dereference in deinit
ath9k: fix QCA9561 PA bias level
drm/amd/pm: fix double free in si_parse_power_table()
* ALSA: jack: Access input_dev under mutex
include/sound/jack.h
sound/core/jack.c
ACPICA: Avoid cache flush inside virtual machines
ipw2x00: Fix potential NULL dereference in libipw_xmit()
b43: Fix assigning negative value to unsigned variable
b43legacy: Fix assigning negative value to unsigned variable
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
btrfs: repair super block num_devices automatically
btrfs: add "0x" prefix for unsupported optional features
* ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
kernel/ptrace.c
* ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
include/linux/ptrace.h
* USB: new quirk for Dell Gen 2 devices
drivers/usb/core/quirks.c
USB: serial: option: add Quectel BG95 modem
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
* BACKPORT: psi: Fix uaf issue when psi trigger is destroyed while being polled
include/linux/psi.h
include/linux/psi_types.h
kernel/cgroup/cgroup.c
kernel/sched/psi.c
* FROMGIT: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
net/key/af_key.c
ANDROID: android-verity: Prevent double-freeing metadata
Merge 4.14.282 into android-4.14-stable
Linux 4.14.282
* bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
net/core/filter.c
NFSD: Fix possible sleep during nfsd4_release_lockowner()
docs: submitting-patches: Fix crossref to 'The canonical patch format'
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
* dm verity: set DM_TARGET_IMMUTABLE feature flag
drivers/md/dm-verity-target.c
* dm stats: add cond_resched when looping over entries
drivers/md/dm-stats.c
* dm crypt: make printing of the key constant-time
drivers/md/dm-crypt.c
dm integrity: fix error code in dm_integrity_ctr()
* zsmalloc: fix races between asynchronous zspage free and page migration
mm/zsmalloc.c
* netfilter: conntrack: re-fetch conntrack after insertion
include/net/netfilter/nf_conntrack_core.h
* exec: Force single empty string when argv is empty
fs/exec.c
* block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
block/bio.c
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
* assoc_array: Fix BUG_ON during garbage collect
lib/assoc_array.c
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
net: ftgmac100: Disable hardware checksum on AST2600
* net: af_key: check encryption module availability consistency
net/key/af_key.c
ACPI: sysfs: Fix BERT error region memory mapping
ACPI: sysfs: Make sparse happy about address space in use
* secure_seq: use the 64 bits of the siphash for port offset calculation
include/net/inet_hashtables.h
include/net/secure_seq.h
net/core/secure_seq.c
net/ipv4/inet_hashtables.c
net/ipv6/inet6_hashtables.c
* tcp: change source port randomizarion at connect() time
net/ipv4/inet_hashtables.c
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
Bug: 237729727
Change-Id: I47053f037f09ce3b44fb4ca21dd80f8b6371d3aa
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Eric Biggers
|
d73f58abbf |
Merge 4.14.285 into android-4.14-stable
Changes in 4.14.285
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: always fill buffer in get_random_bytes_wait
random: optimize add_interrupt_randomness
drivers/char/random.c: remove unused dont_count_entropy
random: Fix whitespace pre random-bytes work
random: Return nbytes filled from hw RNG
random: add a config option to trust the CPU's hwrng
random: remove preempt disabled region
random: Make crng state queryable
random: make CPU trust a boot parameter
drivers/char/random.c: constify poolinfo_table
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: make primary_crng static
random: only read from /dev/random after its pool has received 128 bits
random: move rand_initialize() earlier
random: document get_random_int() family
latent_entropy: avoid build error when plugin cflags are not set
random: fix soft lockup when trying to read from an uninitialized blocking pool
random: Support freezable kthreads in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Use wait_event_freezable() in add_hwgenerator_randomness()
char/random: Add a newline at the end of the file
Revert "hwrng: core - Freeze khwrng thread during suspend"
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
crypto: blake2s - generic C library implementation and selftest
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: sha1: re-roll loops to reduce code size
random: Don't wake crng_init_wait when crng_init == 1
random: Add a urandom_read_nowait() for random APIs that don't warn
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: ignore GRND_RANDOM in getentropy(2)
random: make /dev/random be almost like /dev/urandom
char/random: silence a lockdep splat with printk()
random: fix crash on multiple early calls to add_bootloader_randomness()
random: remove the blocking pool
random: delete code to pull data into pools
random: remove kernel.random.read_wakeup_threshold
random: remove unnecessary unlikely()
random: convert to ENTROPY_BITS for better code readability
random: Add and use pr_fmt()
random: fix typo in add_timer_randomness()
random: remove some dead code of poolinfo
random: split primary/secondary crng init paths
random: avoid warnings for !CONFIG_NUMA builds
x86: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
s390: Remove arch_has_random, arch_has_random_seed
linux/random.h: Remove arch_has_random, arch_has_random_seed
linux/random.h: Use false with bool
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
powerpc: Use bool in archrandom.h
random: add arch_get_random_*long_early()
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: remove dead code left over from blocking pool
MAINTAINERS: co-maintain random.c
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
crypto: blake2s - adjust include guard naming
random: document add_hwgenerator_randomness() with other input functions
random: remove unused irq_flags argument from add_interrupt_randomness()
random: use BLAKE2s instead of SHA1 in extraction
random: do not sign extend bytes for rotation when mixing
random: do not re-init if crng_reseed completes before primary init
random: mix bootloader randomness into pool
random: harmonize "crng init done" messages
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: initialize ChaCha20 constants with correct endianness
random: early initialization of ChaCha constants
random: avoid superfluous call to RDRAND in CRNG extraction
random: don't reset crng_init_cnt on urandom_read()
random: fix typo in comments
random: cleanup poolinfo abstraction
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup integer types
random: remove incomplete last_data logic
random: remove unused extract_entropy() reserved argument
random: try to actively add entropy rather than passively wait for it
random: rather than entropy_store abstraction, use global
random: remove unused OUTPUT_POOL constants
random: de-duplicate INPUT_POOL constants
random: prepend remaining pool constants with POOL_
random: cleanup fractional entropy shift constants
random: access input_pool_data directly rather than through pointer
random: simplify arithmetic function flow in account()
random: continually use hwgenerator randomness
random: access primary_pool directly rather than through pointer
random: only call crng_finalize_init() for primary_crng
random: use computational hash for entropy extraction
random: simplify entropy debiting
random: use linear min-entropy accumulation crediting
random: always wake up entropy writers after extraction
random: make credit_entropy_bits() always safe
random: remove use_input_pool parameter from crng_reseed()
random: remove batched entropy locking
random: fix locking in crng_fast_load()
random: use RDSEED instead of RDRAND in entropy extraction
random: inline leaves of rand_initialize()
random: ensure early RDSEED goes through mixer on init
random: do not xor RDRAND when writing into /dev/random
random: absorb fast pool into input pool after fast load
random: use hash function for crng_slow_load()
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: zero buffer after reading entropy from userspace
random: tie batched entropy generation to base_crng generation
random: remove ifdef'd out interrupt bench
random: remove unused tracepoints
random: add proper SPDX header
random: deobfuscate irq u32/u64 contributions
random: introduce drain_entropy() helper to declutter crng_reseed()
random: remove useless header comment
random: remove whitespace and reorder includes
random: group initialization wait functions
random: group entropy extraction functions
random: group entropy collection functions
random: group userspace read/write functions
random: group sysctl functions
random: rewrite header introductory comment
random: defer fast pool mixing to worker
random: do not take pool spinlock at boot
random: unify early init crng load accounting
random: check for crng_init == 0 in add_device_randomness()
random: pull add_hwgenerator_randomness() declaration into random.h
random: clear fast pool, crng, and batches in cpuhp bring up
random: round-robin registers as ulong, not u32
random: only wake up writers after zap if threshold was passed
random: cleanup UUID handling
random: unify cycles_t and jiffies usage and types
random: do crng pre-init loading in worker rather than irq
random: give sysctl_random_min_urandom_seed a more sensible value
random: don't let 644 read-only sysctls be written to
random: replace custom notifier chain with standard one
random: use SipHash as interrupt entropy accumulator
random: make consistent usage of crng_ready()
random: reseed more often immediately after booting
random: check for signal and try earlier when generating entropy
random: skip fast_init if hwrng provides large chunk of entropy
random: treat bootloader trust toggle the same way as cpu trust toggle
random: re-add removed comment about get_random_{u32,u64} reseeding
random: mix build-time latent entropy into pool at init
random: do not split fast init input in add_hwgenerator_randomness()
random: do not allow user to keep crng key around on stack
random: check for signal_pending() outside of need_resched() check
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: make random_get_entropy() return an unsigned long
random: document crng_fast_key_erasure() destination possibility
random: fix sysctl documentation nits
init: call time_init() before rand_initialize()
ia64: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
powerpc: define get_cycles macro for arch-override
timekeeping: Add raw clock fallback for random_get_entropy()
m68k: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
arm: use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
xtensa: use fallback for random_get_entropy() instead of zero
random: insist on random_get_entropy() existing in order to simplify
random: do not use batches when !crng_ready()
random: do not pretend to handle premature next security model
random: order timer entropy functions below interrupt functions
random: do not use input pool from hard IRQs
random: help compiler out with fast_mix() by using simpler arguments
siphash: use one source of truth for siphash permutations
random: use symbolic constants for crng_init states
random: avoid initializing twice in credit race
random: remove ratelimiting for in-kernel unseeded randomness
random: use proper jiffies comparison macro
random: handle latent entropy and command line from random_init()
random: credit architectural init the exact amount
random: use static branch for crng_ready()
random: remove extern from functions in header
random: use proper return types on get_random_{int,long}_wait()
random: move initialization functions out of hot pages
random: move randomize_page() into mm where it belongs
random: convert to using fops->write_iter()
random: wire up fops->splice_{read,write}_iter()
random: check for signals after page of pool writes
Revert "random: use static branch for crng_ready()"
crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - make reseeding from get_random_bytes() synchronous
random: avoid checking crng_ready() twice in random_init()
random: mark bootloader randomness code as __init
random: account for arch randomness in bits
ASoC: cs42l52: Fix TLV scales for mixer controls
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: wm8962: Fix suspend while playing music
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: ipr: Fix missing/incorrect resource cleanup in error case
scsi: pmcraid: Fix missing resource cleanup in error case
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
random: credit cpu and bootloader seeds by default
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
i40e: Fix call trace in setup_tx_descriptors
tty: goldfish: Fix free_irq() on remove
misc: atmel-ssc: Fix IRQ check in ssc_probe
net: bgmac: Fix an erroneous kfree() in bgmac_remove()
arm64: ftrace: fix branch range checks
certs/blacklist_hashes.c: fix const confusion in certs blacklist
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
comedi: vmk80xx: fix expression for tx buffer size
USB: serial: option: add support for Cinterion MV31 with new baseline
USB: serial: io_ti: add Agilent E5805A support
usb: dwc2: Fix memory leak in dwc2_hcd_init
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
serial: 8250: Store to lsr_save_flags after lsr read
ext4: fix bug_on ext4_mb_use_inode_pa
ext4: make variable "count" signed
ext4: add reserved GDT blocks check
virtio-pci: Remove wrong address verification in vp_del_vqs()
l2tp: don't use inet_shutdown on ppp session destroy
l2tp: fix race in pppol2tp_release with session object destroy
s390/mm: use non-quiescing sske for KVM switch to keyed guest
usb: gadget: u_ether: fix regression in setting fixed MAC address
xprtrdma: fix incorrect header size calculations
tcp: add some entropy in __inet_hash_connect()
tcp: use different parts of the port_offset for index and offset
tcp: add small random increments to the source port
tcp: dynamically allocate the perturb table used by source ports
tcp: increase source port perturb table to 2^16
tcp: drop the hash_32() part from the index calculation
Linux 4.14.285
Conflicts:
crypto/chacha20_generic.c
drivers/char/random.c
drivers/of/fdt.c
include/crypto/chacha20.h
lib/chacha20.c
Merge resolution notes:
- Added CHACHA20_KEY_SIZE and CHACHA20_BLOCK_SIZE constants to
chacha.h, to minimize changes from the 4.14.285 version of random.c
- Updated lib/vsprintf.c for
"random: replace custom notifier chain with standard one".
Change-Id: I6a4ca9b12ed23f76bac6c4c9e6306e2b354e2752
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Jason A. Donenfeld
|
2142a4d898 |
timekeeping: Add raw clock fallback for random_get_entropy()
commit 1366992e16bddd5e2d9a561687f367f9f802e2e4 upstream. The addition of random_get_entropy_fallback() provides access to whichever time source has the highest frequency, which is useful for gathering entropy on platforms without available cycle counters. It's not necessarily as good as being able to quickly access a cycle counter that the CPU has, but it's still something, even when it falls back to being jiffies-based. In the event that a given arch does not define get_cycles(), falling back to the get_cycles() default implementation that returns 0 is really not the best we can do. Instead, at least calling random_get_entropy_fallback() would be preferable, because that always needs to return _something_, even falling back to jiffies eventually. It's not as though random_get_entropy_fallback() is super high precision or guaranteed to be entropic, but basically anything that's not zero all the time is better than returning zero all the time. Finally, since random_get_entropy_fallback() is used during extremely early boot when randomizing freelists in mm_init(), it can be called before timekeeping has been initialized. In that case there really is nothing we can do; jiffies hasn't even started ticking yet. So just give up and return 0. Suggested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Lucas Wei
|
f2b97b1f38 |
Merge android-4.14-stable (4.14.261) into android-msm-pixel-4.14-lts
Merge 4.14.261 into android-4.14-stable
Linux 4.14.261
* sctp: use call_rcu to free endpoint
include/net/sctp/sctp.h
include/net/sctp/structs.h
net/sctp/endpointola.c
net/sctp/sctp_diag.c
net/sctp/socket.c
* net: fix use-after-free in tw_timer_handler
net/ipv4/af_inet.c
Input: spaceball - fix parsing of movement data packets
Input: appletouch - initialize work before device registration
scsi: vmw_pvscsi: Set residual data length conditionally
* binder: fix async_free_space accounting for empty parcels
drivers/android/binder_alloc.c
* usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
drivers/usb/gadget/function/f_fs.c
* xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
drivers/usb/host/xhci-pci.c
* uapi: fix linux/nfc.h userspace compilation errors
include/uapi/linux/nfc.h
* nfc: uapi: use kernel size_t to fix user-space builds
include/uapi/linux/nfc.h
fsl/fman: Fix missing put_device() call in fman_port_probe
NFC: st21nfca: Fix memory leak in device probe and remove
net: usb: pegasus: Do not drop long Ethernet frames
scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
* selinux: initialize proto variable in selinux_ip_postroute_compat()
security/selinux/hooks.c
recordmcount.pl: fix typo in s390 mcount regex
platform/x86: apple-gmux: use resource_size() with res
tee: handle lookup of shm with reference count 0
* HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
drivers/hid/Kconfig
Merge 4.14.260 into android-4.14-stable
Linux 4.14.260
phonet/pep: refuse to enable an unbound pipe
hamradio: improve the incomplete fix to avoid NPD
hamradio: defer ax25 kfree after unregister_netdev
ax25: NPD bug when detaching AX25 device
hwmon: (lm90) Do not report 'busy' status bit as alarm
KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
* usb: gadget: u_ether: fix race in setting MAC address in setup phase
drivers/usb/gadget/function/u_ether.c
* f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
fs/f2fs/xattr.c
ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
Input: atmel_mxt_ts - fix double free in mxt_read_info_block
ALSA: drivers: opl3: Fix incorrect use of vp->state
* ALSA: jack: Check the return value of kstrdup()
sound/core/jack.c
hwmon: (lm90) Fix usage of CONFIG2 register in detect function
sfc: falcon: Check null pointer of rx_queue->page_ring
drivers: net: smc911x: Check for error irq
fjes: Check for error irq
* bonding: fix ad_actor_system option setting to default
drivers/net/bonding/bond_options.c
* net: skip virtio_net_hdr_set_proto if protocol already set
include/linux/virtio_net.h
* net: accept UFOv6 packages in virtio_net_hdr_to_skb
include/linux/virtio_net.h
qlcnic: potential dereference null pointer of rx_queue->page_ring
* netfilter: fix regression in looped (broad|multi)cast's MAC handling
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_queue.c
IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
spi: change clk_disable_unprepare to clk_unprepare
HID: holtek: fix mouse probing
can: kvaser_usb: get CAN clock frequency from device
net: usb: lan78xx: add Allied Telesis AT29M2-AF
Merge 4.14.259 into android-4.14-stable
Linux 4.14.259
xen/netback: don't queue unlimited number of packages
xen/netback: fix rx queue stall detection
xen/console: harden hvc_xen against event channel storms
xen/netfront: harden netfront against event channel storms
xen/blkfront: harden blkfront against event channel storms
* Input: touchscreen - avoid bitwise vs logical OR warning
drivers/input/touchscreen/of_touchscreen.c
* ARM: 8800/1: use choice for kernel unwinders
lib/Kconfig.debug
mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
ARM: 8805/2: remove unneeded naked function usage
net: lan78xx: Avoid unnecessary self assignment
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
* fuse: annotate lock in fuse_reverse_inval_entry()
fs/fuse/dir.c
ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
net: systemport: Add global locking for descriptor lifecycle
libata: if T_LENGTH is zero, dma direction should be DMA_NONE
* timekeeping: Really make sure wall_to_monotonic isn't positive
kernel/time/timekeeping.c
USB: serial: option: add Telit FN990 compositions
* PCI/MSI: Mask MSI-X vectors only on success
drivers/pci/msi.c
* PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
drivers/pci/msi.c
* USB: gadget: bRequestType is a bitfield, not a enum
drivers/usb/gadget/composite.c
* sit: do not call ipip6_dev_free() from sit_init_net()
net/ipv6/sit.c
* net/packet: rx_owner_map depends on pg_vec
net/packet/af_packet.c
ixgbe: set X550 MDIO speed before talking to PHY
igbvf: fix double free in `igbvf_probe`
soc/tegra: fuse: Fix bitwise vs. logical OR warning
dmaengine: st_fdma: fix MODULE_ALIAS
ARM: socfpga: dts: fix qspi node compatible
x86/sme: Explicitly map new EFI memmap table as encrypted
* x86: Make ARCH_USE_MEMREMAP_PROT a generic Kconfig symbol
arch/Kconfig
nfsd: fix use-after-free due to delegation race
* audit: improve robustness of the audit queue handling
kernel/audit.c
dm btree remove: fix use after free in rebalance_children()
recordmcount.pl: look for jgnop instruction as well as bcrl on s390
mac80211: send ADDBA requests using the tid/queue of the aggregation session
hwmon: (dell-smm) Fix warning on /proc/i8k creation error
* bpf: fix panic due to oob in bpf_prog_test_run_skb
net/bpf/test_run.c
tracing: Fix a kmemleak false positive in tracing_map
* net: netlink: af_netlink: Prevent empty skb by adding a check on len.
net/netlink/af_netlink.c
i2c: rk3x: Handle a spurious start completion interrupt flag
parisc/agp: Annotate parisc agp init functions with __init
net/mlx4_en: Update reported link modes for 1/10G
drm/msm/dsi: set default num_data_lanes
nfc: fix segfault in nfc_genl_dump_devices_done
* FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum
drivers/usb/gadget/composite.c
Merge 4.14.258 into android-4.14-stable
Linux 4.14.258
irqchip: nvic: Fix offset for Interrupt Priority Offsets
* irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
drivers/irqchip/irq-gic-v3-its.c
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
iio: adc: axp20x_adc: fix charging current reporting on AXP22x
iio: dln2: Check return value of devm_iio_trigger_register()
iio: dln2-adc: Fix lockdep complaint
iio: itg3200: Call iio_trigger_notify_done() on error
iio: kxsd9: Don't return error code in trigger handler
iio: ltr501: Don't return error code in trigger handler
iio: mma8452: Fix trigger reference couting
iio: stk3310: Don't return error code in interrupt handler
iio: trigger: stm32-timer: fix MODULE_ALIAS
iio: trigger: Fix reference counting
* usb: core: config: using bit mask instead of individual bits
drivers/usb/core/config.c
* xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending
drivers/usb/host/xhci.c
* usb: core: config: fix validation of wMaxPacketValue entries
drivers/usb/core/config.c
* USB: gadget: zero allocate endpoint 0 buffers
drivers/usb/gadget/composite.c
* USB: gadget: detect too-big endpoint 0 requests
drivers/usb/gadget/composite.c
net/qla3xxx: fix an error code in ql_adapter_up()
* net, neigh: clear whole pneigh_entry at alloc time
net/core/neighbour.c
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net: altera: set a couple error code in probe()
* net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
drivers/net/usb/cdc_ncm.c
qede: validate non LSO skb length
* block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
block/ioprio.c
* tracefs: Set all files to the same group ownership as the mount option
fs/tracefs/inode.c
* signalfd: use wake_up_pollfree()
fs/signalfd.c
* binder: use wake_up_pollfree()
drivers/android/binder.c
* wait: add wake_up_pollfree()
include/linux/wait.h
kernel/sched/wait.c
libata: add horkage for ASMedia 1092
can: m_can: Disable and ignore ELO interrupt
can: pch_can: pch_can_rx_normal: fix use after free
* tracefs: Have new files inherit the ownership of their parent
fs/tracefs/inode.c
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Fix negative period/buffer sizes
* ALSA: ctl: Fix copy of updated id with element read/write
sound/core/control_compat.c
* mm: bdi: initialize bdi_min_ratio when bdi is unregistered
mm/backing-dev.c
IB/hfi1: Correct guard on eager buffer deallocation
seg6: fix the iif in the IPv6 socket control block
nfp: Fix memory leak in nfp_cpp_area_cache_add()
* bpf: Fix the off-by-two error in range markings
kernel/bpf/verifier.c
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
can: sja1000: fix use after free in ems_pcmcia_add_card()
HID: check for valid USB device for many HID drivers
HID: wacom: fix problems when device is not a valid USB device
* HID: add USB_HID dependancy on some USB HID drivers
drivers/hid/Kconfig
* HID: add USB_HID dependancy to hid-chicony
drivers/hid/Kconfig
* HID: add USB_HID dependancy to hid-prodikeys
drivers/hid/Kconfig
* HID: add hid_is_usb() function to make it simpler for USB detection
include/linux/hid.h
* UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers
drivers/usb/gadget/composite.c
* UPSTREAM: USB: gadget: detect too-big endpoint 0 requests
drivers/usb/gadget/composite.c
Bug: 213962841
Change-Id: I69af3b9152e218567ff363383d8cde53f6c9dd15
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
10cf995162 |
Merge 4.14.259 into android-4.14-stable
Changes in 4.14.259 nfc: fix segfault in nfc_genl_dump_devices_done drm/msm/dsi: set default num_data_lanes net/mlx4_en: Update reported link modes for 1/10G parisc/agp: Annotate parisc agp init functions with __init i2c: rk3x: Handle a spurious start completion interrupt flag net: netlink: af_netlink: Prevent empty skb by adding a check on len. tracing: Fix a kmemleak false positive in tracing_map bpf: fix panic due to oob in bpf_prog_test_run_skb hwmon: (dell-smm) Fix warning on /proc/i8k creation error mac80211: send ADDBA requests using the tid/queue of the aggregation session recordmcount.pl: look for jgnop instruction as well as bcrl on s390 dm btree remove: fix use after free in rebalance_children() audit: improve robustness of the audit queue handling nfsd: fix use-after-free due to delegation race x86: Make ARCH_USE_MEMREMAP_PROT a generic Kconfig symbol x86/sme: Explicitly map new EFI memmap table as encrypted ARM: socfpga: dts: fix qspi node compatible dmaengine: st_fdma: fix MODULE_ALIAS soc/tegra: fuse: Fix bitwise vs. logical OR warning igbvf: fix double free in `igbvf_probe` ixgbe: set X550 MDIO speed before talking to PHY net/packet: rx_owner_map depends on pg_vec sit: do not call ipip6_dev_free() from sit_init_net() USB: gadget: bRequestType is a bitfield, not a enum PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error PCI/MSI: Mask MSI-X vectors only on success USB: serial: option: add Telit FN990 compositions timekeeping: Really make sure wall_to_monotonic isn't positive libata: if T_LENGTH is zero, dma direction should be DMA_NONE net: systemport: Add global locking for descriptor lifecycle firmware: arm_scpi: Fix string overflow in SCPI genpd driver ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name fuse: annotate lock in fuse_reverse_inval_entry() scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() net: lan78xx: Avoid unnecessary self assignment ARM: 8805/2: remove unneeded naked function usage mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO ARM: 8800/1: use choice for kernel unwinders Input: touchscreen - avoid bitwise vs logical OR warning xen/blkfront: harden blkfront against event channel storms xen/netfront: harden netfront against event channel storms xen/console: harden hvc_xen against event channel storms xen/netback: fix rx queue stall detection xen/netback: don't queue unlimited number of packages Linux 4.14.259 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I303d463fdd9736e88af906b3a094c872b031c7ed |
||
|
Yu Liao
|
c0b25c6d1b |
timekeeping: Really make sure wall_to_monotonic isn't positive
commit 4e8c11b6b3f0b6a283e898344f154641eda94266 upstream. Even after commit |
||
|
Lucas Wei
|
afa04de900 |
Merge android-4.14-q (4.14.234) into android-msm-pixel-4.14-lts
Merge 4.14.234 into android-4.14-q
Linux 4.14.234
* Bluetooth: SMP: Fail if remote and local public keys are identical
net/bluetooth/smp.c
video: hgafb: correctly handle card detect failure during probe
tty: vt: always invoke vc->vc_sw->con_resize callback
* vt: Fix character height handling with VT_RESIZEX
include/linux/console_struct.h
vgacon: Record video mode changes with VT_RESIZEX
video: hgafb: fix potential NULL pointer dereference
qlcnic: Add null check after calling netdev_alloc_skb
leds: lp5523: check return value of lp5xx_read and jump to cleanup code
net: rtlwifi: properly check for alloc_workqueue() failure
net: stmicro: handle clk_prepare() failure during init
ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
Revert "niu: fix missing checks of niu_pci_eeprom_read"
Revert "qlcnic: Avoid potential NULL pointer dereference"
Revert "rtlwifi: fix a potential NULL pointer dereference"
Revert "media: rcar_drif: fix a memory disclosure"
cdrom: gdrom: initialize global variable at init time
cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
Revert "gdrom: fix a memory leak bug"
* Revert "ecryptfs: replace BUG_ON with error handling code"
fs/ecryptfs/crypto.c
Revert "video: imsttfb: fix potential NULL pointer dereferences"
Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
Revert "net: stmicro: fix a missing check of clk_prepare"
Revert "video: hgafb: fix potential NULL pointer dereference"
* dm snapshot: fix crash with transient storage and zero chunk size
drivers/md/dm-snap.c
xen-pciback: reconfigure also from backend watch handler
rapidio: handle create_workqueue() failure
Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails"
ALSA: hda/realtek: reset eapd coeff to default value for alc287
Revert "ALSA: sb8: add a check for request_region"
* ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
sound/firewire/Kconfig
* ALSA: usb-audio: Validate MS endpoint descriptors
sound/usb/midi.c
ALSA: line6: Fix racy initialization of LINE6 MIDI
cifs: fix memory leak in smb2_copychunk_range
* ptrace: make ptrace() fail if the tracee changed its pid unexpectedly
kernel/ptrace.c
scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword()
RDMA/rxe: Clear all QP fields if creation failed
openrisc: Fix a memory leak
Merge 4.14.233 into android-4.14-q
Linux 4.14.233
* ipv6: remove extra dev_hold() for fallback tunnels
net/ipv6/ip6_tunnel.c
net/ipv6/ip6_vti.c
net/ipv6/sit.c
* xhci: Do not use GFP_KERNEL in (potentially) atomic context
drivers/usb/host/xhci.c
* ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
net/ipv6/ip6_tunnel.c
* sit: proper dev_{hold|put} in ndo_[un]init methods
net/ipv6/sit.c
serial: 8250: fix potential deadlock in rs485-mode
lib: stackdepot: turn depot_lock spinlock to raw_spinlock
* block: reexpand iov_iter after read/write
fs/block_dev.c
ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
ceph: fix fscache invalidation
um: Mark all kernel symbols as local
Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state
Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices
ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
* PCI: thunder: Fix compile testing
drivers/pci/host/pci-thunder-ecam.c
drivers/pci/host/pci-thunder-pem.c
drivers/pci/pci.h
isdn: capi: fix mismatched prototypes
cxgb4: Fix the -Wmisleading-indentation warning
usb: sl811-hcd: improve misleading indentation
kgdb: fix gcc-11 warning on indentation
x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
clk: exynos7: Mark aclk_fsys1_200 as critical
* netfilter: conntrack: Make global sysctls readonly in non-init netns
net/netfilter/nf_conntrack_standalone.c
* kobject_uevent: remove warning in init_uevent_argv()
lib/kobject_uevent.c
RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint
thermal/core/fair share: Lock the thermal zone while looping over instances
MIPS: Avoid handcoded DIVU in `__div64_32' altogether
MIPS: Avoid DIVU in `__div64_32' is result would be zero
MIPS: Reinstate platform `__div64_32' handler
* FDDI: defxx: Make MMIO the configuration default except for EISA
drivers/net/fddi/Kconfig
KVM: x86: Cancel pvclock_gtod_work on module removal
iio: tsl2583: Fix division by a zero lux_val
iio: gyro: mpu3050: Fix reported temperature value
* usb: core: hub: fix race condition about TRSMRCY of resume
drivers/usb/core/hub.c
usb: dwc2: Fix gadget DMA unmap direction
* usb: xhci: Increase timeout for HC halt
drivers/usb/host/xhci-ext-caps.h
usb: dwc3: omap: improve extcon initialization
* blk-mq: Swap two calls in blk_mq_exit_queue()
block/blk-mq.c
ACPI: scan: Fix a memory leak in an error handling path
usb: fotg210-hcd: Fix an error message
iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected
* userfaultfd: release page in error path to avoid BUG_ON
mm/shmem.c
squashfs: fix divide error in calculate_skip()
powerpc/64s: Fix crashes when toggling entry flush barrier
powerpc/64s: Fix crashes when toggling stf barrier
ARC: entry: fix off-by-one error in syscall number validation
netfilter: nftables: avoid overflows in nft_hash_buckets()
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
* net: fix nla_strcmp to handle more then one trailing null character
lib/nlattr.c
ksm: fix potential missing rmap_item for stable_node
mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
drm/radeon: Fix off-by-one power_state index heap overwrite
* sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
net/sctp/sm_statefuns.c
rtc: ds1307: Fix wday settings for rx8130
NFSv4.2 fix handling of sr_eof in SEEK's reply
pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
NFS: Deal correctly with attribute generation counter overflow
NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
* rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
drivers/rpmsg/qcom_glink_native.c
ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
* PCI: Release OF node in pci_scan_device()'s error path
drivers/pci/probe.c
* f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
fs/f2fs/inline.c
ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
net: ethernet: mtk_eth_soc: fix RX VLAN offload
powerpc/iommu: Annotate nested lock for lockdep
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
powerpc/pseries: Stop calling printk in rtas_stop_self()
samples/bpf: Fix broken tracex1 due to kprobe argument change
ASoC: rt286: Generalize support for ALC3263 codec
powerpc/smp: Set numa node before updating mask
* sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
net/sctp/sm_make_chunk.c
kconfig: nconf: stop endless search loops
selftests: Set CC to clang in lib.mk if LLVM is set
cuse: prevent clone
pinctrl: samsung: use 'int' for register masks in Exynos
mac80211: clear the beacon's CRC after channel switch
* ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
net/ipv6/ip6_vti.c
* Bluetooth: check for zapped sk before connecting
net/bluetooth/l2cap_sock.c
* Bluetooth: initialize skb_queue_head at l2cap_chan_create()
net/bluetooth/l2cap_core.c
* Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
net/bluetooth/l2cap_core.c
ALSA: rme9652: don't disable if not enabled
ALSA: hdspm: don't disable if not enabled
ALSA: hdsp: don't disable if not enabled
net: stmmac: Set FIFO sizes for ipq806x
tipc: convert dest node's address to network order
fs: dlm: fix debugfs dump
tpm: fix error return code in tpm2_get_cc_attrs_tbl()
* Revert "fdt: Properly handle "no-map" field in the memory region"
drivers/of/fdt.c
* Revert "of/fdt: Make sure no-map does not remove already reserved regions"
drivers/of/fdt.c
* sctp: delay auto_asconf init until binding the first addr
net/sctp/socket.c
* Revert "net/sctp: fix race condition in sctp_destroy_sock"
net/sctp/socket.c
* smp: Fix smp_call_function_single_async prototype
include/linux/smp.h
kernel/smp.c
kfifo: fix ternary sign extension bugs
net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
net: davinci_emac: Fix incorrect masking of tx and rx error channel
RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
vsock/vmci: log once the failed queue pair allocation
mwl8k: Fix a double Free in mwl8k_probe_hw
i2c: sh7760: fix IRQ error path
rtlwifi: 8821ae: upgrade PHY and RF parameters
powerpc/pseries: extract host bridge from pci_bus prior to bus removal
MIPS: pci-legacy: stop using of_pci_range_to_resource
i2c: sh7760: add IRQ check
i2c: jz4780: add IRQ check
i2c: emev2: add IRQ check
i2c: cadence: add IRQ check
net: thunderx: Fix unintentional sign extension issue
IB/hfi1: Fix error return code in parse_platform_config()
mt7601u: fix always true expression
mac80211: bail out if cipher schemes are invalid
powerpc: iommu: fix build when neither PCI or IBMVIO is set
powerpc/perf: Fix PMU constraint check for EBB events
liquidio: Fix unintented sign extension of a left shift of a u16
* ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
sound/usb/card.c
sound/usb/quirks.c
sound/usb/usbaudio.h
nfc: pn533: prevent potential memory corruption
* bug: Remove redundant condition check in report_bug
lib/bug.c
* ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
sound/core/init.c
powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
powerpc/prom: Mark identical_pvr_fixup as __init
net: lapbether: Prevent racing when checking whether the netif is running
perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
* HID: plantronics: Workaround for double volume key presses
drivers/hid/hid-ids.h
drivers/hid/hid-plantronics.c
include/linux/hid.h
x86/events/amd/iommu: Fix sysfs type mismatch
HSI: core: fix resource leaks in hsi_add_client_from_dt()
mfd: stm32-timers: Avoid clearing auto reload register
scsi: sni_53c710: Add IRQ check
scsi: sun3x_esp: Add IRQ check
scsi: jazz_esp: Add IRQ check
clk: uniphier: Fix potential infinite loop
vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
ata: libahci_platform: fix IRQ check
sata_mv: add IRQ checks
pata_ipx4xx_cf: fix IRQ check
pata_arasan_cf: fix IRQ check
x86/kprobes: Fix to check non boostable prefixes correctly
media: m88rs6000t: avoid potential out-of-bounds reads on arrays
media: omap4iss: return error code when omap4iss_get() failed
media: vivid: fix assignment of dev->fbuf_out_flags
* ttyprintk: Add TTY hangup callback.
drivers/char/ttyprintk.c
Drivers: hv: vmbus: Increase wait time for VMbus unload
x86/platform/uv: Fix !KEXEC build failure
platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table
* firmware: qcom-scm: Fix QCOM_SCM configuration
drivers/firmware/Kconfig
* tty: fix return value for unsupported ioctls
drivers/tty/tty_io.c
include/linux/tty_driver.h
* tty: actually undefine superseded ASYNC flags
include/uapi/linux/tty_flags.h
USB: cdc-acm: fix unprivileged TIOCCSERIAL
usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
crypto: qat - Fix a double free in adf_create_ring
ACPI: CPPC: Replace cppc_attr with kobj_attribute
* soc: qcom: mdt_loader: Detect truncated read of segments
drivers/soc/qcom/mdt_loader.c
* soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
drivers/soc/qcom/mdt_loader.c
* spi: Fix use-after-free with devm_spi_alloc_*
drivers/spi/spi.c
include/linux/spi/spi.h
staging: greybus: uart: fix unprivileged TIOCCSERIAL
staging: rtl8192u: Fix potential infinite loop
mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
crypto: qat - fix error path in adf_isr_resource_alloc()
* phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally
drivers/phy/marvell/Kconfig
* bus: qcom: Put child node before return
drivers/bus/qcom-ebi2.c
mtd: require write permissions for locking and badblock ioctls
fotg210-udc: Complete OUT requests on short packets
fotg210-udc: Don't DMA more than the buffer can take
fotg210-udc: Mask GRP2 interrupts we don't handle
fotg210-udc: Remove a dubious condition leading to fotg210_done
fotg210-udc: Fix EP0 IN requests bigger than two packets
fotg210-udc: Fix DMA on EP0 for length > max packet size
crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
crypto: qat - don't release uninitialized resources
usb: gadget: pch_udc: Check for DMA mapping error
usb: gadget: pch_udc: Check if driver is present before calling ->setup()
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
x86/microcode: Check for offline CPUs before requesting new microcode
usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
serial: stm32: fix tx_empty condition
serial: stm32: fix incorrect characters on console
ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
usb: gadget: pch_udc: Revert
|
||
|
Greg Kroah-Hartman
|
22dc72c914 |
Merge 4.14.233 into android-4.14-stable
Changes in 4.14.233 usbip: vudc synchronize sysfs code paths ACPI: tables: x86: Reserve memory occupied by ACPI tables ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() bpf: Fix backport of "bpf: restrict unknown scalars of mixed signed bounds for unprivileged" bpf: fix up selftests after backports were fixed net: usb: ax88179_178a: initialize local variables before use iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() MIPS: Introduce isa-rev.h to define MIPS_ISA_REV MIPS: cpu-features.h: Replace __mips_isa_rev with MIPS_ISA_REV mips: Do not include hi and lo in clobber list for R6 bpf: Fix masking negation logic upon negative dst register iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet USB: Add reset-resume quirk for WD19's Realtek Hub platform/x86: thinkpad_acpi: Correct thermal sensor allocation s390/disassembler: increase ebpf disasm buffer size ACPI: custom_method: fix potential use-after-free issue ACPI: custom_method: fix a possible memory leak arm64: dts: mt8173: fix property typo of 'phys' in dsi node ecryptfs: fix kernel panic with null dev_name spi: spi-ti-qspi: Free DMA resources mmc: block: Update ext_csd.cache_ctrl if it was written mmc: core: Do a power cycle when the CMD11 fails mmc: core: Set read only for SD cards with permanent write protect bit cifs: Return correct error code from smb2_get_enc_key btrfs: fix metadata extent leak after failure to create subvolume intel_th: pci: Add Rocket Lake CPU support fbdev: zero-fill colormap in fbcmap.c staging: wimax/i2400m: fix byte-order issue crypto: api - check for ERR pointers in crypto_destroy_tfm() usb: gadget: uvc: add bInterval checking for HS mode usb: gadget: f_uac1: validate input parameters usb: dwc3: gadget: Ignore EP queue requests during bus reset usb: xhci: Fix port minor revision PCI: PM: Do not read power state in pci_enable_device_flags() x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS) tee: optee: do not check memref size on return from Secure World perf/arm_pmu_platform: Fix error handling spi: dln2: Fix reference leak to master spi: omap-100k: Fix reference leak to master intel_th: Consistency and off-by-one fix phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe scsi: lpfc: Fix pt2pt connection does not recover after LOGO scsi: target: pscsi: Fix warning in pscsi_complete_cmd() media: ite-cir: check for receive overflow power: supply: bq27xxx: fix power_avg for newer ICs extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged media: media/saa7164: fix saa7164_encoder_register() memory leak bugs media: gspca/sq905.c: fix uninitialized variable power: supply: Use IRQF_ONESHOT drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() scsi: qla2xxx: Fix use after free in bsg scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() media: em28xx: fix memory leak media: vivid: update EDID clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() media: adv7604: fix possible use-after-free in adv76xx_remove() media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() media: i2c: adv7842: fix possible use-after-free in adv7842_remove() media: dvb-usb: fix memory leak in dvb_usb_adapter_init media: gscpa/stv06xx: fix memory leak drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal drm/amdgpu: fix NULL pointer dereference scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic scsi: libfc: Fix a format specifier ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer ALSA: hda/conexant: Re-order CX5066 quirk table entries ALSA: sb: Fix two use after free in snd_sb_qsound_build btrfs: fix race when picking most recent mod log operation for an old root arm64/vdso: Discard .note.gnu.property sections in vDSO openvswitch: fix stack OOB read while fragmenting IPv4 packets ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure NFSv4: Don't discard segments marked for return in _pnfs_return_layout() jffs2: Fix kasan slab-out-of-bounds problem powerpc/eeh: Fix EEH handling for hugepages in ioremap space. powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h intel_th: pci: Add Alder Lake-M support md/raid1: properly indicate failure when ending a failed write request security: commoncap: fix -Wstringop-overread warning Fix misc new gcc warnings jffs2: check the validity of dstlen in jffs2_zlib_compress() Revert |
||
|
Greg Kroah-Hartman
|
b62f1b7e9b |
Merge 4.14.233 into android-4.14-q
Changes in 4.14.233 usbip: vudc synchronize sysfs code paths ACPI: tables: x86: Reserve memory occupied by ACPI tables ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() bpf: Fix backport of "bpf: restrict unknown scalars of mixed signed bounds for unprivileged" bpf: fix up selftests after backports were fixed net: usb: ax88179_178a: initialize local variables before use iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() MIPS: Introduce isa-rev.h to define MIPS_ISA_REV MIPS: cpu-features.h: Replace __mips_isa_rev with MIPS_ISA_REV mips: Do not include hi and lo in clobber list for R6 bpf: Fix masking negation logic upon negative dst register iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd() ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet USB: Add reset-resume quirk for WD19's Realtek Hub platform/x86: thinkpad_acpi: Correct thermal sensor allocation s390/disassembler: increase ebpf disasm buffer size ACPI: custom_method: fix potential use-after-free issue ACPI: custom_method: fix a possible memory leak arm64: dts: mt8173: fix property typo of 'phys' in dsi node ecryptfs: fix kernel panic with null dev_name spi: spi-ti-qspi: Free DMA resources mmc: block: Update ext_csd.cache_ctrl if it was written mmc: core: Do a power cycle when the CMD11 fails mmc: core: Set read only for SD cards with permanent write protect bit cifs: Return correct error code from smb2_get_enc_key btrfs: fix metadata extent leak after failure to create subvolume intel_th: pci: Add Rocket Lake CPU support fbdev: zero-fill colormap in fbcmap.c staging: wimax/i2400m: fix byte-order issue crypto: api - check for ERR pointers in crypto_destroy_tfm() usb: gadget: uvc: add bInterval checking for HS mode usb: gadget: f_uac1: validate input parameters usb: dwc3: gadget: Ignore EP queue requests during bus reset usb: xhci: Fix port minor revision PCI: PM: Do not read power state in pci_enable_device_flags() x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS) tee: optee: do not check memref size on return from Secure World perf/arm_pmu_platform: Fix error handling spi: dln2: Fix reference leak to master spi: omap-100k: Fix reference leak to master intel_th: Consistency and off-by-one fix phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe scsi: lpfc: Fix pt2pt connection does not recover after LOGO scsi: target: pscsi: Fix warning in pscsi_complete_cmd() media: ite-cir: check for receive overflow power: supply: bq27xxx: fix power_avg for newer ICs extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged media: media/saa7164: fix saa7164_encoder_register() memory leak bugs media: gspca/sq905.c: fix uninitialized variable power: supply: Use IRQF_ONESHOT drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() scsi: qla2xxx: Fix use after free in bsg scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() media: em28xx: fix memory leak media: vivid: update EDID clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() media: adv7604: fix possible use-after-free in adv76xx_remove() media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() media: i2c: adv7842: fix possible use-after-free in adv7842_remove() media: dvb-usb: fix memory leak in dvb_usb_adapter_init media: gscpa/stv06xx: fix memory leak drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal drm/amdgpu: fix NULL pointer dereference scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic scsi: libfc: Fix a format specifier ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer ALSA: hda/conexant: Re-order CX5066 quirk table entries ALSA: sb: Fix two use after free in snd_sb_qsound_build btrfs: fix race when picking most recent mod log operation for an old root arm64/vdso: Discard .note.gnu.property sections in vDSO openvswitch: fix stack OOB read while fragmenting IPv4 packets ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure NFSv4: Don't discard segments marked for return in _pnfs_return_layout() jffs2: Fix kasan slab-out-of-bounds problem powerpc/eeh: Fix EEH handling for hugepages in ioremap space. powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h intel_th: pci: Add Alder Lake-M support md/raid1: properly indicate failure when ending a failed write request security: commoncap: fix -Wstringop-overread warning Fix misc new gcc warnings jffs2: check the validity of dstlen in jffs2_zlib_compress() Revert |
||
|
Chen Jun
|
9fbf44e7df |
posix-timers: Preserve return value in clock_adjtime32()
commit 2d036dfa5f10df9782f5278fc591d79d283c1fad upstream.
The return value on success (>= 0) is overwritten by the return value of
put_old_timex32(). That works correct in the fault case, but is wrong for
the success case where put_old_timex32() returns 0.
Just check the return value of put_old_timex32() and return -EFAULT in case
it is not zero.
[ tglx: Massage changelog ]
Fixes:
|
||
|
Lucas Wei
|
0afa0ce257 |
Merge android-4.14-q (4.14.228) into android-msm-pixel-4.14-lts
Merge 4.14.228 into android-4.14-q
Linux 4.14.228
xen-blkback: don't leak persistent grants from xen_blkbk_map()
can: peak_usb: Revert "can: peak_usb: add forgotten supported devices"
* ext4: add reclaim checks to xattr code
fs/ext4/xattr.c
mac80211: fix double free in ibss_leave
* net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
net/qrtr/qrtr.c
net: sched: validate stab values
* can: dev: Move device back to init netns on owning netns delete
include/net/rtnetlink.h
net/core/dev.c
* locking/mutex: Fix non debug version of mutex_lock_io_nested()
include/linux/mutex.h
scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
scsi: qedi: Fix error return code of qedi_alloc_global_queues()
perf auxtrace: Fix auxtrace queue conflict
ACPI: scan: Use unique number for instance_no
ACPI: scan: Rearrange memory allocation in acpi_device_add()
RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server
net/mlx5e: Fix error path for ethtool set-priv-flag
arm64: kdump: update ppos when reading elfcorehdr
* drm/msm: fix shutdown hook in case GPU components failed to bind
drivers/gpu/drm/msm/msm_drv.c
net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
net: cdc-phonet: fix data-interface release on probe failure
mac80211: fix rate mask reset
can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
can: c_can: move runtime PM enable/disable to c_can_platform
can: c_can_pci: c_can_pci_remove(): fix use-after-free
can: peak_usb: add forgotten supported devices
ftgmac100: Restart MAC HW once
net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
e1000e: add rtnl_lock() to e1000_reset_task
net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
* macvlan: macvlan_count_rx() needs to be aware of preemption
include/linux/if_macvlan.h
libbpf: Fix INSTALL flag order
bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
* dm ioctl: fix out of bounds array access when no devices
drivers/md/dm-ioctl.c
ARM: dts: at91-sama5d27_som1: fix phy address to 7
arm64: dts: ls1043a: mark crypto engine dma coherent
arm64: dts: ls1012a: mark crypto engine dma coherent
arm64: dts: ls1046a: mark crypto engine dma coherent
squashfs: fix xattr id and id lookup sanity checks
* squashfs: fix inode lookup sanity checks
fs/squashfs/squashfs_fs.h
ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign
ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls
nfs: we don't support removing system.nfs4_acl
* drm/radeon: fix AGP dependency
drivers/gpu/drm/Kconfig
* u64_stats,lockdep: Fix u64_stats_init() vs lockdep
include/linux/u64_stats_sync.h
sparc64: Fix opcode filtering in handling of no fault loads
atm: idt77252: fix null-ptr-dereference
atm: uPD98402: fix incorrect allocation
net: wan: fix error return code of uhdlc_init()
net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch()
NFS: Correct size calculation for create reply length
* nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
fs/nfs/Kconfig
gpiolib: acpi: Add missing IRQF_ONESHOT
sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
net: tehuti: fix error return code in bdx_probe()
ixgbe: Fix memleak in ixgbe_configure_clsu32
* Revert "r8152: adjust the settings about MAC clock speed down for RTL8153"
drivers/net/usb/r8152.c
atm: lanai: dont run lanai_dev_close if not open
atm: eni: dont release is never initialized
powerpc/4xx: Fix build errors from mfdcr()
net: fec: ptp: avoid register access when ipg clock is disabled
ANDROID: Make vsock virtio packet buff size configurable
Merge 4.14.227 into android-4.14-q
Linux 4.14.227
* genirq: Disable interrupts for force threaded handlers
kernel/irq/manage.c
* ext4: fix potential error in ext4_do_update_inode
fs/ext4/inode.c
* ext4: do not try to set xattr into ea_inode if value is empty
fs/ext4/xattr.c
* ext4: find old entry again if failed to rename whiteout
fs/ext4/namei.c
x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
x86: Move TS_COMPAT back to asm/thread_info.h
* kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
fs/select.c
include/linux/thread_info.h
kernel/futex.c
kernel/time/alarmtimer.c
kernel/time/hrtimer.c
kernel/time/posix-cpu-timers.c
x86/ioapic: Ignore IRQ2 again
perf/x86/intel: Fix a crash caused by zero PEBS status
PCI: rpadlpar: Fix potential drc_name corruption in store functions
iio: hid-sensor-temperature: Fix issues of timestamp channel
iio: hid-sensor-prox: Fix scale not correct issue
iio: hid-sensor-humidity: Fix alignment issue of timestamp channel
iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler
iio: adis16400: Fix an error code in adis16400_initial_setup()
iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel
* iio:adc:stm32-adc: Add HAS_IOMEM dependency
drivers/iio/adc/Kconfig
* usb: gadget: configfs: Fix KASAN use-after-free
drivers/usb/gadget/configfs.c
* USB: replace hardcode maximum usb string length by definition
drivers/usb/gadget/composite.c
drivers/usb/gadget/configfs.c
drivers/usb/gadget/usbstring.c
include/uapi/linux/usb/ch9.h
* usb-storage: Add quirk to defeat Kindle's automatic unload
drivers/usb/storage/transport.c
drivers/usb/storage/unusual_devs.h
include/linux/usb_usual.h
nvme-rdma: fix possible hang when failing to set io queues
scsi: lpfc: Fix some error codes in debugfs
* net/qrtr: fix __netdev_alloc_skb call
net/qrtr/qrtr.c
sunrpc: fix refcount leak for rpc auth modules
svcrdma: disable timeouts on rdma backchannel
NFSD: Repair misuse of sv_lock in 5.10.16-rt30.
nvmet: don't check iosqes,iocqes for discovery controllers
btrfs: fix race when cloning extent buffer during rewind of an old root
tools build feature: Check if pthread_barrier_t is available
perf: Make perf able to build with latest libbfd
tools build: Check if gettid() is available before providing helper
tools build feature: Check if eventfd() is available
tools build feature: Check if get_current_dir_name() is available
perf tools: Use %define api.pure full instead of %pure-parser
* Revert "PM: runtime: Update device status before letting suppliers suspend"
drivers/base/power/runtime.c
* bpf: Prohibit alu ops for pointer types not defining ptr_limit
kernel/bpf/verifier.c
net: dsa: b53: Support setting learning on port
* bpf: Add sanity check for upper ptr_limit
kernel/bpf/verifier.c
* bpf: Simplify alu_limit masking for pointer arithmetic
kernel/bpf/verifier.c
* bpf: Fix off-by-one for area size in creating mask to left
kernel/bpf/verifier.c
* ext4: check journal inode extents more carefully
fs/ext4/block_validity.c
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/indirect.c
fs/ext4/inode.c
fs/ext4/mballoc.c
* ext4: don't allow overlapping system zones
fs/ext4/block_validity.c
* ext4: handle error of ext4_setup_system_zone() on remount
fs/ext4/super.c
Merge 4.14.226 into android-4.14-q
Linux 4.14.226
xen/events: avoid handling the same event on two cpus at the same time
xen/events: don't unmask an event channel when an eoi is pending
xen/events: reset affinity of 2-level event when tearing it down
iio: imu: adis16400: release allocated memory on failure
KVM: arm64: Fix exclusive limit for IPA size
hwmon: (lm90) Fix max6658 sporadic wrong temperature reading
binfmt_misc: fix possible deadlock in bm_register_write
powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
* include/linux/sched/mm.h: use rcu_dereference in in_vfork()
include/linux/sched/mm.h
* stop_machine: mark helpers __always_inline
include/linux/stop_machine.h
* configfs: fix a use-after-free in __configfs_open_file
fs/configfs/file.c
block: rsxx: fix error return code of rsxx_pci_probe()
NFSv4.2: fix return value of _nfs4_get_security_label()
sh_eth: fix TRSCER mask for R7S72100
staging: comedi: pcl818: Fix endian problem for AI command data
staging: comedi: pcl711: Fix endian problem for AI command data
staging: comedi: me4000: Fix endian problem for AI command data
staging: comedi: dmm32at: Fix endian problem for AI command data
staging: comedi: das800: Fix endian problem for AI command data
staging: comedi: das6402: Fix endian problem for AI command data
staging: comedi: adv_pci1710: Fix endian problem for AI command data
staging: comedi: addi_apci_1500: Fix endian problem for command sample
staging: comedi: addi_apci_1032: Fix endian problem for COS sample
staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data()
staging: rtl8712: unterminated string leads to read overflow
staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
usbip: fix vhci_hcd attach_store() races leading to gpf
usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
usbip: fix vudc to check for stream socket
usbip: fix vhci_hcd to check for stream socket
usbip: fix stub_dev to check for stream socket
USB: serial: cp210x: add some more GE USB IDs
USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
USB: serial: ch341: add new Product ID
USB: serial: io_edgeport: fix memory leak in edge_startup
* usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
drivers/usb/host/xhci-pci.c
* xhci: Improve detection of device initiated wake signal.
drivers/usb/host/xhci.c
usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
usb: gadget: f_uac1: stop playback on function disable
usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot
* USB: gadget: u_ether: Fix a configfs return code
drivers/usb/gadget/function/u_ether_configfs.h
Goodix Fingerprint device is not a modem
mmc: core: Fix partition switch time for eMMC
s390/dasd: fix hanging IO request during DASD driver unbind
s390/dasd: fix hanging DASD driver unbind
* Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")
security/commoncap.c
* ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
sound/usb/quirks.c
ALSA: hda: Avoid spurious unsol event handling during S3/S4
ALSA: hda: Drop the BATCH workaround for AMD controllers
ALSA: hda/hdmi: Cancel pending works before suspend
scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
s390/smp: __smp_rescan_cpus() - move cpumask away from stack
PCI: mediatek: Add missing of_node_put() to fix reference leak
PCI: xgene-msi: Fix race in installing chained irq handler
powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
powerpc: improve handling of unrecoverable system reset
mmc: mediatek: fix race condition between msdc_request_timeout and irq
mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()'
udf: fix silent AED tagLocation corruption
* net: phy: fix save wrong speed and duplex problem if autoneg is on
drivers/net/phy/phy.c
media: usbtv: Fix deadlock on suspend
s390/cio: return -EFAULT if copy_to_user() fails
drm: meson_drv add shutdown function
* drm/compat: Clear bounce structures
drivers/gpu/drm/drm_ioc32.c
s390/cio: return -EFAULT if copy_to_user() fails again
perf traceevent: Ensure read cmdlines are null terminated.
net: stmmac: stop each tx channel independently
net: davicom: Fix regulator not turned off on driver removal
net: davicom: Fix regulator not turned off on failed probe
net: lapbether: Remove netif_start_queue / netif_stop_queue
* cipso,calipso: resolve a number of problems with the DOI refcounts
net/ipv4/cipso_ipv4.c
net/ipv6/calipso.c
net/netlabel/netlabel_cipso_v4.c
net: usb: qmi_wwan: allow qmimux add/del with master up
* net: sched: avoid duplicates in classes dump
net/sched/sch_api.c
net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
net/mlx4_en: update moderation when config reset
sh_eth: fix TRSCER mask for SH771x
* Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
mm/slub.c
scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section names
cifs: return proper error code in statfs(2)
* netfilter: x_tables: gpf inside xt_find_revision()
net/netfilter/x_tables.c
can: flexcan: enable RX FIFO after FRZ/HALT valid
can: flexcan: assert FRZ bit in flexcan_chip_freeze()
can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
* net: check if protocol extracted by virtio_net_hdr_set_proto is correct
include/linux/virtio_net.h
* net: Introduce parse_protocol header_ops callback
include/linux/netdevice.h
* net: Fix gro aggregation for udp encaps with zero csum
net/ipv4/udp_offload.c
ath9k: fix transmitting to stations in dynamic SMPS mode
ethernet: alx: fix order of calls on resume
uapi: nfnetlink_cthelper.h: fix userspace compilation error
* FROMGIT: configfs: fix a use-after-free in __configfs_open_file
fs/configfs/file.c
Merge 4.14.225 into android-4.14-q
Linux 4.14.225
drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom
* PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
drivers/pci/quirks.c
platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016
platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices
platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag
platform/x86: acer-wmi: Add new force_caps module parameter
platform/x86: acer-wmi: Cleanup accelerometer device handling
platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines
mwifiex: pcie: skip cancel_work_sync() on reset failure path
iommu/amd: Fix sleeping in atomic in increase_address_space()
* dm table: fix zoned iterate_devices based device capability checks
drivers/md/dm-table.c
* dm table: fix DAX iterate_devices based device capability checks
drivers/md/dm-table.c
* dm table: fix iterate_devices based device capability checks
drivers/md/dm-table.c
rsxx: Return -EFAULT if copy_to_user() fails
ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
usbip: tools: fix build error for multiple definition
* PM: runtime: Update device status before letting suppliers suspend
drivers/base/power/runtime.c
btrfs: fix raid6 qstripe kmap
btrfs: raid56: simplify tracking of Q stripe presence
Merge 4.14.224 into android-4.14-q
Linux 4.14.224
* media: v4l: ioctl: Fix memory leak in video_usercopy
drivers/media/v4l2-core/v4l2-ioctl.c
* swap: fix swapfile read/write offset
mm/page_io.c
mm/swapfile.c
* zsmalloc: account the number of compacted pages correctly
drivers/block/zram/zram_drv.c
include/linux/zsmalloc.h
mm/zsmalloc.c
xen-netback: respect gnttab_map_refs()'s return value
Xen/gnttab: handle p2m update errors on a per-slot basis
scsi: iscsi: Verify lengths on passthrough PDUs
scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
* sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
fs/sysfs/file.c
include/linux/sysfs.h
scsi: iscsi: Restrict sessions and handles to admin capabilities
parisc: Bump 64-bit IRQ stack size to 64 KB
* f2fs: handle unallocated section and zone on pinned/atgc
fs/f2fs/segment.h
* media: uvcvideo: Allow entities with no pads
drivers/media/usb/uvc/uvc_driver.c
staging: most: sound: add sanity check for function argument
* Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
net/bluetooth/amp.c
x86/build: Treat R_386_PLT32 relocation as R_386_PC32
ath10k: fix wmi mgmt tx queue full due to race condition
pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
wlcore: Fix command execute failure 19 for wl12xx
vt/consolemap: do font sum unsigned
x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
staging: fwserial: Fix error handling in fwserial_create
dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/
* net: bridge: use switchdev for port flags set through sysfs too
net/bridge/br_sysfs_if.c
mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
* net: fix up truesize of cloned skb in skb_prepare_for_shift()
net/core/skbuff.c
* smackfs: restrict bytes count in smackfs write functions
security/smack/smackfs.c
xfs: Fix assert failure in xfs_setattr_size()
media: mceusb: sanity check for prescaler value
JFS: more checks for invalid superblock
* arm64: Use correct ll/sc atomic constraints
arch/arm64/include/asm/atomic_ll_sc.h
* arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
arch/arm64/include/asm/atomic_ll_sc.h
* arm64: Avoid redundant type conversions in xchg() and cmpxchg()
arch/arm64/include/asm/atomic_ll_sc.h
arch/arm64/include/asm/atomic_lse.h
arch/arm64/include/asm/cmpxchg.h
* arm64 module: set plt* section addresses to 0x0
arch/arm64/kernel/module.lds
virtio/s390: implement virtio-ccw revision 2 correctly
drm/virtio: use kvmalloc for large allocations
hugetlb: fix update_and_free_page contig page struct assumption
* scripts: set proper OpenSSL include dir also for sign-file
scripts/Makefile
* scripts: use pkg-config to locate libcrypto
scripts/Makefile
net: usb: qmi_wwan: support ZTE P685M modem
Merge 4.14.223 into android-4.14-q
Linux 4.14.223
dm era: Update in-core bitset after committing the metadata
* net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
include/linux/icmpv6.h
include/linux/ipv6.h
include/net/icmp.h
net/ipv4/icmp.c
net/ipv6/icmp.c
net/ipv6/ip6_icmp.c
* ipv6: silence compilation warning for non-IPV6 builds
include/linux/icmpv6.h
* ipv6: icmp6: avoid indirect call for icmpv6_send()
include/linux/icmpv6.h
net/ipv6/icmp.c
net/ipv6/ip6_icmp.c
sunvnet: use icmp_ndo_send helper
gtp: use icmp_ndo_send helper
* icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
include/linux/icmpv6.h
* icmp: introduce helper for nat'd source address in network device context
include/linux/icmpv6.h
include/net/icmp.h
net/ipv4/icmp.c
net/ipv6/ip6_icmp.c
dm era: only resize metadata in preresume
dm era: Reinitialize bitset cache before digesting a new writeset
dm era: Use correct value size in equality function of writeset tree
dm era: Fix bitset memory leaks
dm era: Verify the data block size hasn't changed
dm era: Recover committed writeset after crash
gfs2: Don't skip dlm unlock if glock has an lvb
sparc32: fix a user-triggerable oops in clear_user()
* f2fs: fix out-of-repair __setattr_copy()
fs/f2fs/file.c
* printk: fix deadlock when kernel panic
kernel/printk/printk_safe.c
gpio: pcf857x: Fix missing first interrupt
mmc: sdhci-esdhc-imx: fix kernel panic when remove module
* module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
kernel/module.c
libnvdimm/dimm: Avoid race between probe and available_slots_show()
usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
mm: hugetlb: fix a race between freeing and dissolving the page
* hugetlb: fix copy_huge_page_from_user contig page struct assumption
mm/memory.c
fs/affs: release old buffer head on error path
mtd: spi-nor: hisi-sfc: Put child node np on error path
watchdog: mei_wdt: request stop on unregister
* arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
arch/arm64/kernel/probes/uprobes.c
floppy: reintroduce O_NDELAY fix
x86/reboot: Force all cpus to exit VMX root if VMX is supported
staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
* seccomp: Add missing return in non-void function
kernel/seccomp.c
crypto: sun4i-ss - handle BigEndian for cipher
crypto: sun4i-ss - checking sg length is not sufficient
btrfs: fix extent buffer leak on failure to copy root
btrfs: fix reloc root leak with 0 ref reloc roots on recovery
btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
KEYS: trusted: Fix migratable=1 failing
tpm_tis: Fix check_locality for correct locality acquisition
ALSA: hda/realtek: modify EAPD in the ALC886
* usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
drivers/usb/dwc3/gadget.c
* usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
drivers/usb/dwc3/gadget.c
USB: serial: mos7720: fix error code in mos7720_write()
USB: serial: mos7840: fix error code in mos7840_write()
usb: musb: Fix runtime PM race in musb_queue_resume_work
USB: serial: option: update interface mapping for ZTE P685M
Input: i8042 - add ASUS Zenbook Flip to noselftest list
Input: joydev - prevent potential read overflow in ioctl
* Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S
drivers/input/joystick/xpad.c
Input: raydium_ts_i2c - do not send zero length
HID: wacom: Ignore attempts to overwrite the touch_max value from HID
ACPI: configfs: add missing check after configfs_register_default_group()
ACPI: property: Fix fwnode string properties matching
* blk-settings: align max_sectors on "logical_block_size" boundary
block/blk-settings.c
* scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
drivers/scsi/bnx2fc/Kconfig
* mm/rmap: fix potential pte_unmap on an not mapped pte
include/linux/rmap.h
i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
* arm64: Add missing ISB after invalidating TLB in __primary_switch
arch/arm64/kernel/head.S
mm/hugetlb: fix potential double free in hugetlb_register_node() error path
* mm/memory.c: fix potential pte_unmap_unlock pte error
mm/memory.c
ocfs2: fix a use after free on error
net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
i40e: Fix overwriting flow control settings during driver loading
i40e: Fix flow for IPv6 next header (extension header)
* ext4: fix potential htree index checksum corruption
fs/ext4/namei.c
drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
* PCI: Align checking of syscall user config accessors
drivers/pci/syscall.c
VMCI: Use set_page_dirty_lock() when unregistering guest memory
pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users
misc: eeprom_93xx46: Fix module alias to enable module autoprobe
sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
Input: elo - fix an error code in elo_connect()
perf test: Fix unaligned access in sample parsing test
perf intel-pt: Fix missing CYC processing in PSB
spi: pxa2xx: Fix the controller numbering for Wildcat Point
powerpc/8xx: Fix software emulation interrupt
powerpc/pseries/dlpar: handle ibm, configure-connector delay status
mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
spi: stm32: properly handle 0 byte transfer
RDMA/rxe: Fix coding error in rxe_recv.c
perf tools: Fix DSO filtering when not finding a map for a sampled address
* tracepoint: Do not fail unregistering a probe due to memory failure
kernel/tracepoint.c
* amba: Fix resource leak for drivers without .remove
drivers/amba/bus.c
ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
powerpc/47x: Disable 256k page size
IB/umad: Return EIO in case of when device disassociated
auxdisplay: ht16k33: Fix refresh rate handling
isofs: release buffer head before return
spi: atmel: Put allocated master before return
* certs: Fix blacklist flag type confusion
include/linux/key.h
security/keys/key.c
regulator: axp20x: Fix reference cout leak
clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
* rtc: s5m: select REGMAP_I2C
drivers/rtc/Kconfig
power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
* of/fdt: Make sure no-map does not remove already reserved regions
drivers/of/fdt.c
* fdt: Properly handle "no-map" field in the memory region
drivers/of/fdt.c
mfd: bd9571mwv: Use devm_mfd_add_devices()
dmaengine: hsu: disable spurious interrupt
dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function
dmaengine: fsldma: Fix a resource leak in the remove function
* HID: core: detect and skip invalid inputs to snto32()
drivers/hid/hid-core.c
spi: cadence-quadspi: Abort read if dummy cycles required are too many
* quota: Fix memory leak when handling corrupted quota file
fs/quota/quota_v2.c
clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
* capabilities: Don't allow writing ambiguous v3 file capabilities
security/commoncap.c
jffs2: fix use after free in jffs2_sum_write_data()
fs/jfs: fix potential integer overflow on shift of a int
* ima: Free IMA measurement buffer after kexec syscall
include/linux/kexec.h
ima: Free IMA measurement buffer on error
* crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
crypto/ecdh_helper.c
hwrng: timeriomem - Fix cooldown period calculation
btrfs: clarify error returns values in __load_free_space_cache
Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind()
ata: ahci_brcm: Add back regulators management
* media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
drivers/media/usb/uvc/uvc_v4l2.c
media: pxa_camera: declare variable when DEBUG is defined
media: cx25821: Fix a bug when reallocating some dma memory
media: qm1d1c0042: fix error return code in qm1d1c0042_init()
media: lmedm04: Fix misuse of comma
crypto: bcm - Rename struct device_private to bcm_device_private
ASoC: cs42l56: fix up error handling in probe
media: tm6000: Fix memleak in tm6000_start_stream
media: media/pci: Fix memleak in empress_init
media: vsp1: Fix an error handling path in the probe function
media: i2c: ov5670: Fix PIXEL_RATE minimum value
MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
crypto: sun4i-ss - fix kmap usage
gma500: clean up error handling in init
drm/gma500: Fix error return code in psb_driver_load()
* fbdev: aty: SPARC64 requires FB_ATY_CT
drivers/video/fbdev/Kconfig
net: mvneta: Remove per-cpu queue mapping for Armada 3700
net: amd-xgbe: Reset link when the link never comes back
net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout
ibmvnic: skip send_request_unmap for timeout reset
b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
mac80211: fix potential overflow when multiplying to u32 integers
xen/netback: fix spurious event detection for common event case
bnxt_en: reverse order of TX disable and carrier off
ath9k: fix data bus crash when setting nf_override via debugfs
* bpf_lru_list: Read double-checked variable once without lock
kernel/bpf/bpf_lru_list.c
ARM: s3c: fix fiq for clang IAS
arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules
usb: dwc2: Make "trimming xfer length" a debug message
usb: dwc2: Abort transaction after errors with unknown reason
usb: dwc2: Do not update data length if it is 0 on inbound transfers
ARM: dts: Configure missing thermal interrupt for 4430
* Bluetooth: Put HCI device if inquiry procedure interrupts
net/bluetooth/hci_core.c
* Bluetooth: drop HCI device reference before return
net/bluetooth/a2mp.c
usb: gadget: u_audio: Free requests only after callback
cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove()
arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso
arm64: dts: exynos: correct PMIC interrupt trigger level on TM2
ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato
ARM: dts: exynos: correct PMIC interrupt trigger level on Monk
* Bluetooth: Fix initializing response id after clearing struct
net/bluetooth/a2mp.c
Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function
* random: fix the RNDRESEEDCRNG ioctl
drivers/char/random.c
MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
kdb: Make memory allocations more robust
* vmlinux.lds.h: add DWARF v5 sections
include/asm-generic/vmlinux.lds.h
scripts/recordmcount.pl: support big endian for ARCH sh
cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
NET: usb: qmi_wwan: Adding support for Cinterion MV31
arm64: tegra: Add power-domain for Tegra210 HDA
ntfs: check for valid standard information attribute
* usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
drivers/usb/core/quirks.c
* HID: make arrays usage and value to be the same
drivers/hid/hid-core.c
Bug: 184596728
Change-Id: Ic17c2a90ae511d999a28d59bbececa78a5ae3704
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
c6c06d09a5 |
Merge 4.14.227 into android-4.14-stable
Changes in 4.14.227 ext4: handle error of ext4_setup_system_zone() on remount ext4: don't allow overlapping system zones ext4: check journal inode extents more carefully bpf: Fix off-by-one for area size in creating mask to left bpf: Simplify alu_limit masking for pointer arithmetic bpf: Add sanity check for upper ptr_limit net: dsa: b53: Support setting learning on port bpf: Prohibit alu ops for pointer types not defining ptr_limit Revert "PM: runtime: Update device status before letting suppliers suspend" perf tools: Use %define api.pure full instead of %pure-parser tools build feature: Check if get_current_dir_name() is available tools build feature: Check if eventfd() is available tools build: Check if gettid() is available before providing helper perf: Make perf able to build with latest libbfd tools build feature: Check if pthread_barrier_t is available btrfs: fix race when cloning extent buffer during rewind of an old root nvmet: don't check iosqes,iocqes for discovery controllers NFSD: Repair misuse of sv_lock in 5.10.16-rt30. svcrdma: disable timeouts on rdma backchannel sunrpc: fix refcount leak for rpc auth modules net/qrtr: fix __netdev_alloc_skb call scsi: lpfc: Fix some error codes in debugfs nvme-rdma: fix possible hang when failing to set io queues usb-storage: Add quirk to defeat Kindle's automatic unload USB: replace hardcode maximum usb string length by definition usb: gadget: configfs: Fix KASAN use-after-free iio:adc:stm32-adc: Add HAS_IOMEM dependency iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel iio: adis16400: Fix an error code in adis16400_initial_setup() iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler iio: hid-sensor-humidity: Fix alignment issue of timestamp channel iio: hid-sensor-prox: Fix scale not correct issue iio: hid-sensor-temperature: Fix issues of timestamp channel PCI: rpadlpar: Fix potential drc_name corruption in store functions perf/x86/intel: Fix a crash caused by zero PEBS status x86/ioapic: Ignore IRQ2 again kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() x86: Move TS_COMPAT back to asm/thread_info.h x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() ext4: find old entry again if failed to rename whiteout ext4: do not try to set xattr into ea_inode if value is empty ext4: fix potential error in ext4_do_update_inode genirq: Disable interrupts for force threaded handlers Linux 4.14.227 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Iadc3cdbdb9012457893c4448e32caee7706adb1c |
||
|
Greg Kroah-Hartman
|
a59a41e9a7 |
Merge 4.14.227 into android-4.14-q
Changes in 4.14.227 ext4: handle error of ext4_setup_system_zone() on remount ext4: don't allow overlapping system zones ext4: check journal inode extents more carefully bpf: Fix off-by-one for area size in creating mask to left bpf: Simplify alu_limit masking for pointer arithmetic bpf: Add sanity check for upper ptr_limit net: dsa: b53: Support setting learning on port bpf: Prohibit alu ops for pointer types not defining ptr_limit Revert "PM: runtime: Update device status before letting suppliers suspend" perf tools: Use %define api.pure full instead of %pure-parser tools build feature: Check if get_current_dir_name() is available tools build feature: Check if eventfd() is available tools build: Check if gettid() is available before providing helper perf: Make perf able to build with latest libbfd tools build feature: Check if pthread_barrier_t is available btrfs: fix race when cloning extent buffer during rewind of an old root nvmet: don't check iosqes,iocqes for discovery controllers NFSD: Repair misuse of sv_lock in 5.10.16-rt30. svcrdma: disable timeouts on rdma backchannel sunrpc: fix refcount leak for rpc auth modules net/qrtr: fix __netdev_alloc_skb call scsi: lpfc: Fix some error codes in debugfs nvme-rdma: fix possible hang when failing to set io queues usb-storage: Add quirk to defeat Kindle's automatic unload USB: replace hardcode maximum usb string length by definition usb: gadget: configfs: Fix KASAN use-after-free iio:adc:stm32-adc: Add HAS_IOMEM dependency iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel iio: adis16400: Fix an error code in adis16400_initial_setup() iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler iio: hid-sensor-humidity: Fix alignment issue of timestamp channel iio: hid-sensor-prox: Fix scale not correct issue iio: hid-sensor-temperature: Fix issues of timestamp channel PCI: rpadlpar: Fix potential drc_name corruption in store functions perf/x86/intel: Fix a crash caused by zero PEBS status x86/ioapic: Ignore IRQ2 again kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() x86: Move TS_COMPAT back to asm/thread_info.h x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() ext4: find old entry again if failed to rename whiteout ext4: do not try to set xattr into ea_inode if value is empty ext4: fix potential error in ext4_do_update_inode genirq: Disable interrupts for force threaded handlers Linux 4.14.227 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Iae4c2ecc4cbe9a8dabf68c1484e1552c06fa6d31 |
||
|
Oleg Nesterov
|
591d6c21e0 |
kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
commit 5abbe51a526253b9f003e9a0a195638dc882d660 upstream.
Preparation for fixing get_nr_restart_syscall() on X86 for COMPAT.
Add a new helper which sets restart_block->fn and calls a dummy
arch_set_restart_data() helper.
Fixes:
|
||
|
lucaswei
|
96d909a710 |
Merge android-4.14-q (4.14.212) into android-msm-pixel-4.14-lts
Merge 4.14.212 into android-4.14-q
Linux 4.14.212
x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes
Input: i8042 - fix error return code in i8042_setup_aux()
i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
gfs2: check for empty rgrp tree in gfs2_ri_update
* tracing: Fix userstacktrace option for instances
kernel/trace/trace.c
kernel/trace/trace.h
spi: bcm2835: Release the DMA channel if probe fails after dma_init
spi: bcm2835: Fix use-after-free on unbind
spi: bcm-qspi: Fix use-after-free on unbind
* spi: Introduce device-managed SPI controller allocation
drivers/spi/spi.c
include/linux/spi/spi.h
iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
speakup: Reject setting the speakup line discipline outside of speakup
i2c: imx: Check for I2SR_IAL after every byte
i2c: imx: Fix reset of I2SR_IAL flag
* mm/swapfile: do not sleep with a spin lock held
mm/swapfile.c
cifs: fix potential use-after-free in cifs_echo_request()
ftrace: Fix updating FTRACE_FL_TRAMP
ALSA: hda/generic: Add option to enforce preferred_dacs pairs
ALSA: hda/realtek - Add new codec supported for ALC897
* tty: Fix ->session locking
drivers/tty/tty_io.c
drivers/tty/tty_jobctrl.c
include/linux/tty.h
* tty: Fix ->pgrp locking in tiocspgrp()
drivers/tty/tty_jobctrl.c
USB: serial: option: fix Quectel BG96 matching
USB: serial: option: add support for Thales Cinterion EXS82
USB: serial: option: add Fibocom NL668 variants
USB: serial: ch341: sort device-id entries
USB: serial: ch341: add new Product ID for CH341A
USB: serial: kl5kusb105: fix memleak on open
* usb: gadget: f_fs: Use local copy of descriptors for userspace copy
drivers/usb/gadget/function/f_fs.c
* vlan: consolidate VLAN parsing code and limit max parsing depth
include/linux/if_vlan.h
include/net/inet_ecn.h
pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH)
pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output
Merge 4.14.211 into android-4.14-q
Linux 4.14.211
RDMA/i40iw: Address an mmap handler exploit in i40iw
Input: i8042 - add ByteSpeed touchpad to noloop table
* Input: xpad - support Ardwiino Controllers
drivers/input/joystick/xpad.c
* ALSA: usb-audio: US16x08: fix value count for level meters
sound/usb/mixer_us16x08.c
dt-bindings: net: correct interrupt flags in examples
net/mlx5: Fix wrong address reclaim when command interface is down
net: pasemi: fix error return code in pasemi_mac_open()
cxgb3: fix error return code in t3_sge_alloc_qset()
net/x25: prevent a couple of overflows
ibmvnic: Fix TX completion error handling
ibmvnic: Ensure that SCRQ entry reads are correctly ordered
* ipv4: Fix tos mask in inet_rtm_getroute()
net/ipv4/route.c
* netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal
net/bridge/br_netfilter_hooks.c
* bonding: wait for sysfs kobject destruction before freeing struct slave
drivers/net/bonding/bond_main.c
drivers/net/bonding/bond_sysfs_slave.c
include/net/bonding.h
usbnet: ipheth: fix connectivity with iOS 14
* tun: honor IOCB_NOWAIT flag
drivers/net/tun.c
* tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control
net/ipv4/tcp_cong.c
* sock: set sk_err to ee_errno on dequeue from errq
net/core/skbuff.c
rose: Fix Null pointer dereference in rose_send_frame()
net/af_iucv: set correct sk_protocol for child sockets
* UPSTREAM: arm64: sysreg: Clean up instructions for modifying PSTATE fields
arch/arm64/include/asm/sysreg.h
arch/arm64/kernel/cpufeature.c
ANDROID: cuttlefish_defconfig: Disable CONFIG_KSM
Merge 4.14.210 into android-4.14-q
Linux 4.14.210
* USB: core: Fix regression in Hercules audio card
drivers/usb/core/quirks.c
* USB: core: add endpoint-blacklist quirk
drivers/usb/core/config.c
drivers/usb/core/quirks.c
drivers/usb/core/usb.h
include/linux/usb/quirks.h
x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak
x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak
x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
usb: gadget: Fix memleak in gadgetfs_fill_super
* usb: gadget: f_midi: Fix memleak in f_midi_alloc
drivers/usb/gadget/function/f_midi.c
* USB: core: Change %pK for __user pointers to %px
drivers/usb/core/devio.c
perf probe: Fix to die_entrypc() returns error correctly
can: m_can: fix nominal bitiming tseg2 min for version >= 3.1
platform/x86: toshiba_acpi: Fix the wrong variable assignment
can: gs_usb: fix endianess problem with candleLight firmware
efivarfs: revert "fix memory leak in efivarfs_create()"
ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq
ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues
net: ena: set initial DMA width to avoid intel iommu issue
nfc: s3fwrn5: use signed integer for parsing GPIO numbers
IB/mthca: fix return value of error branch in mthca_init_cq()
bnxt_en: Release PCI regions when DMA mask setup fails during probe.
video: hyperv_fb: Fix the cache type when mapping the VRAM
bnxt_en: fix error return code in bnxt_init_board()
bnxt_en: fix error return code in bnxt_init_one()
* scsi: ufs: Fix race between shutdown and runtime resume flow
drivers/scsi/ufs/ufshcd.c
batman-adv: set .owner to THIS_MODULE
phy: tegra: xusb: Fix dangling pointer on probe failure
perf/x86: fix sysfs type mismatches
scsi: target: iscsi: Fix cmd abort fabric stop race
scsi: libiscsi: Fix NOP race condition
dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
nvme: free sq/cq dbbuf pointers when dbbuf set fails
* proc: don't allow async path resolution of /proc/self components
fs/proc/self.c
* HID: Add Logitech Dinovo Edge battery quirk
drivers/hid/hid-ids.h
drivers/hid/hid-input.c
x86/xen: don't unbind uninitialized lock_kicker_irq
dmaengine: xilinx_dma: use readl_poll_timeout_atomic variant
HID: hid-sensor-hub: Fix issue with devices with no report ID
Input: i8042 - allow insmod to succeed on devices without an i8042 controller
* HID: cypress: Support Varmilo Keyboards' media hotkeys
drivers/hid/hid-ids.h
ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close
ALSA: hda/hdmi: Use single mutex unlock in error paths
* arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect()
arch/arm64/include/asm/pgtable.h
* arm64: pgtable: Fix pte_accessible()
arch/arm64/include/asm/pgtable.h
btrfs: inode: Verify inode mode to avoid NULL pointer dereference
btrfs: adjust return values of btrfs_inode_by_name
btrfs: tree-checker: Enhance chunk checker to validate chunk profile
* PCI: Add device even if driver attach failed
drivers/pci/bus.c
* wireless: Use linux/stddef.h instead of stddef.h
include/uapi/linux/wireless.h
btrfs: fix lockdep splat when reading qgroup config on mount
mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault()
perf event: Check ref_reloc_sym before using it
Merge 4.14.209 into android-4.14-q
Linux 4.14.209
x86/microcode/intel: Check patch signature before saving microcode for early loading
s390/dasd: fix null pointer dereference for ERP requests
s390/cpum_sf.c: fix file permission for cpum_sfb_size
mac80211: free sta in sta_info_insert_finish() on errors
mac80211: minstrel: fix tx status processing corner case
mac80211: minstrel: remove deferred sampling code
xtensa: disable preemption around cache alias management calls
* regulator: workaround self-referent regulators
drivers/regulator/core.c
* regulator: avoid resolve_supply() infinite recursion
drivers/regulator/core.c
* regulator: fix memory leak with repeated set_machine_constraints()
drivers/regulator/core.c
iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode
iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
* ext4: fix bogus warning in ext4_update_dx_flag()
fs/ext4/ext4.h
staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids
efivarfs: fix memory leak in efivarfs_create()
tty: serial: imx: keep console clocks always on
ALSA: mixart: Fix mutex deadlock
* ALSA: ctl: fix error path at adding user-defined element set
sound/core/control.c
speakup: Do not let the line discipline be used several times
powerpc/uaccess-flush: fix missing includes in kup-radix.h
* libfs: fix error cast of negative value in simple_attr_write()
fs/libfs.c
xfs: revert "xfs: fix rmap key and record comparison functions"
regulator: ti-abb: Fix array out of bound read access on the first transition
MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu
ASoC: qcom: lpass-platform: Fix memory leak
can: m_can: m_can_handle_state_change(): fix state change
can: peak_usb: fix potential integer overflow on shift of a int
can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb()
can: ti_hecc: Fix memleak in ti_hecc_probe
can: dev: can_restart(): post buffer from the right context
can: af_can: prevent potential access of uninitialized member in canfd_rcv()
can: af_can: prevent potential access of uninitialized member in can_rcv()
perf lock: Don't free "lock_seq_stat" if read_count isn't zero
ARM: dts: imx50-evk: Fix the chip select 1 IOMUX
arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
MIPS: export has_transparent_hugepage() for modules
Input: adxl34x - clean up a data type in adxl34x_probe()
* vfs: remove lockdep bogosity in __sb_start_write
fs/super.c
* arm64: psci: Avoid printing in cpu_psci_cpu_die()
arch/arm64/kernel/psci.c
pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
net: ftgmac100: Fix crash when removing driver
tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate
net: usb: qmi_wwan: Set DTR quirk for MR400
net/mlx5: Disable QoS when min_rates on all VFs are zero
* sctp: change to hold/put transport for proto_unreach_timer
net/sctp/input.c
net/sctp/sm_sideeffect.c
net/sctp/transport.c
qlcnic: fix error return code in qlcnic_83xx_restart_hw()
net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
net/mlx4_core: Fix init_hca fields offset
* netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
* netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
net: Have netpoll bring-up DSA management interface
net: dsa: mv88e6xxx: Avoid VTU corruption on 6097
* net: bridge: add missing counters to ndo_get_stats64 callback
net/bridge/br_device.c
net: b44: fix error return code in b44_init_one()
mlxsw: core: Use variable timeout for EMAD retries
* inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
net/ipv4/inet_diag.c
devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill()
bnxt_en: read EEPROM A2h address using page 0
atm: nicstar: Unmap DMA on send error
* ah6: fix error return code in ah6_input()
net/ipv6/ah6.c
Merge 4.14.208 into android-4.14-q
Linux 4.14.208
ACPI: GED: fix -Wformat
KVM: x86: clflushopt should be treated as a no-op by emulation
can: proc: can_remove_proc(): silence remove_proc_entry warning
mac80211: always wind down STA state
Input: sunkbd - avoid use-after-free in teardown paths
powerpc/8xx: Always fault when _PAGE_ACCESSED is not set
gpio: mockup: fix resource leak in error path
i2c: imx: Fix external abort on interrupt in exit paths
i2c: imx: use clk notifier for rate changes
powerpc/64s: flush L1D after user accesses
powerpc/uaccess: Evaluate macro arguments once, before user access is allowed
powerpc: Fix __clear_user() with KUAP enabled
powerpc: Implement user_access_begin and friends
powerpc: Add a framework for user access tracking
powerpc/64s: flush L1D on kernel entry
powerpc/64s: move some exception handlers out of line
powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL
* ANDROID: uid_sys_stats: report uid_cputime stats in microseconds
drivers/misc/uid_sys_stats.c
Merge 4.14.207 into android-4.14-q
Linux 4.14.207
* mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
arch/Kconfig
fs/exec.c
Convert trailing spaces and periods in path components
* reboot: fix overflow parsing reboot cpu number
kernel/reboot.c
* Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
kernel/reboot.c
* perf/core: Fix race in the perf_mmap_close() function
kernel/events/core.c
xen/events: block rogue events for some time
xen/events: defer eoi in case of excessive number of events
xen/events: use a common cpu hotplug hook for event channels
xen/events: switch user event channels to lateeoi model
xen/pciback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/blkback: use lateeoi irq binding
xen/events: add a new "late EOI" evtchn framework
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: avoid removing an event channel while handling it
* perf/core: Fix a memory leak in perf_event_parse_addr_filter()
kernel/events/core.c
* perf/core: Fix crash when using HW tracing kernel filters
kernel/events/core.c
* perf/core: Fix bad use of igrab()
include/linux/perf_event.h
kernel/events/core.c
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
* random32: make prandom_u32() output unpredictable
drivers/char/random.c
include/linux/prandom.h
kernel/time/timer.c
lib/random32.c
* net: Update window_clamp if SOCK_RCVBUF is set
net/ipv4/syncookies.c
net/ipv6/syncookies.c
r8169: fix potential skb double free in an error path
vrf: Fix fast path output packet handling with async Netfilter rules
net/x25: Fix null-ptr-deref in x25_connect
net/af_iucv: fix null pointer dereference on shutdown
* IPv6: Set SIT tunnel hard_header_len to zero
net/ipv6/sit.c
* swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
lib/swiotlb.c
pinctrl: amd: fix incorrect way to disable debounce filter
pinctrl: amd: use higher precision for 512 RtcClk
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
* don't dump the threads that had been already exiting when zapped.
kernel/exit.c
selinux: Fix error return code in sel_ib_pkey_sid_slow()
ocfs2: initialize ip_next_orphan
* futex: Don't enable IRQs unconditionally in put_pi_state()
kernel/futex.c
mei: protect mei_cl_mtu from null dereference
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
* uio: Fix use-after-free in uio_unregister_device()
drivers/uio/uio.c
thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
* ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
fs/ext4/inline.c
* ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
fs/ext4/super.c
* perf: Fix get_recursion_context()
kernel/events/internal.h
cosa: Add missing kfree in error path of cosa_write
* of/address: Fix of_node memory leak in of_dma_is_coherent
drivers/of/address.c
xfs: fix a missing unlock on error in xfs_fs_map_blocks
xfs: fix rmap key and record comparison functions
xfs: fix flags argument to rmap lookup when converting shared file rmaps
nbd: fix a block_device refcount leak in nbd_release
pinctrl: aspeed: Fix GPI only function problem.
ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
pinctrl: intel: Set default bias in case no particular value given
iommu/amd: Increase interrupt remapping table limit to 512 entries
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
* cfg80211: regulatory: Fix inconsistent format argument
net/wireless/reg.c
mac80211: fix use of skb payload instead of header
drm/amdgpu: perform srbm soft reset always on SDMA resume
scsi: hpsa: Fix memory leak in hpsa_init_one()
gfs2: check for live vs. read-only file system in gfs2_fitrim
gfs2: Add missing truncate_inode_pages_final for sd_aspace
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
usb: gadget: goku_udc: fix potential crashes in probe
ath9k_htc: Use appropriate rs_datalen type
Btrfs: fix missing error return if writeback for extent buffer never started
xfs: flush new eof page on truncate to avoid post-eof corruption
can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_usb: add range checking in decode operations
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
can: rx-offload: don't call kfree_skb() from IRQ context
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
perf tools: Add missing swap for ino_generation
* net: xfrm: fix a race condition during allocing spi
net/xfrm/xfrm_state.c
hv_balloon: disable warning when floor reached
* genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
kernel/irq/Kconfig
btrfs: reschedule when cloning lots of extents
btrfs: sysfs: init devices outside of the chunk_mutex
nbd: don't update block size after device is started
* time: Prevent undefined behaviour in timespec64_to_ns()
include/linux/time64.h
kernel/time/itimer.c
mm: mempolicy: fix potential pte_unmap_unlock pte error
* ring-buffer: Fix recursion protection transitions between interrupt context
kernel/trace/ring_buffer.c
* regulator: defer probe when trying to get voltage from unresolved supply
drivers/regulator/core.c
* UPSTREAM: lib/vsprintf: Hash printed address for netdev bits fallback
lib/vsprintf.c
* UPSTREAM: lib/vsprintf: Prepare for more general use of ptr_to_id()
lib/vsprintf.c
* UPSTREAM: lib/vsprintf: Make ptr argument conts in ptr_to_id()
lib/vsprintf.c
UPSTREAM: parisc: Show unhashed hardware inventory
UPSTREAM: parisc: Show initial kernel memory layout unhashed
UPSTREAM: parisc: Show unhashed HPA of Dino chip
UPSTREAM: parisc: Show unhashed EISA EEPROM address
* UPSTREAM: bug: use %pB in BUG and stack protector failure
kernel/panic.c
lib/bug.c
* UPSTREAM: trace_uprobe: Use %lx to display offset
kernel/trace/trace_uprobe.c
UPSTREAM: kprobes: Fix random address output of blacklist file
* UPSTREAM: vsprintf: Replace memory barrier with static_key for random_ptr_key update
lib/vsprintf.c
UPSTREAM: lib/test_printf.c: accept "ptrval" as valid result for plain 'p' tests
* UPSTREAM: lib/vsprintf: Do not handle %pO[^F] as %px
lib/vsprintf.c
* UPSTREAM: cpuidle: menu: Retain tick when shallow state is selected
drivers/cpuidle/governors/menu.c
* UPSTREAM: xfrm: Make function xfrmi_get_link_net() static
net/xfrm/xfrm_interface.c
* UPSTREAM: xfrm: fix gro_cells leak when remove virtual xfrm interfaces
net/xfrm/xfrm_interface.c
* UPSTREAM: xfrm: Fix inbound traffic via XFRM interfaces across network namespaces
net/xfrm/xfrm_interface.c
net/xfrm/xfrm_policy.c
UPSTREAM: x86/realmode: Don't leak the trampoline kernel address
* UPSTREAM: arm64/vdso: don't leak kernel addresses
arch/arm64/kernel/vdso.c
* UPSTREAM: xfrm interface: fix memory leak on creation
net/xfrm/xfrm_interface.c
UPSTREAM: ARM: 8896/1: VDSO: Don't leak kernel addresses
* UPSTREAM: mm/filemap.c: don't bother dropping mmap_sem for zero size readahead
mm/filemap.c
* UPSTREAM: net: fix skb_panic to output real address
net/core/skbuff.c
* UPSTREAM: xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate
net/xfrm/xfrm_state.c
* UPSTREAM: sched: idle: Avoid retaining the tick when it has been stopped
kernel/sched/idle.c
* UPSTREAM: cpuidle: menu: Handle stopped tick more aggressively
drivers/cpuidle/governors/menu.c
UPSTREAM: staging: android: vsoc: fix copy_from_user overrun
* UPSTREAM: ipv6: ndisc: RFC-ietf-6man-ra-pref64-09 is now published as RFC8781
include/net/ndisc.h
Merge 4.14.206 into android-4.14-q
Linux 4.14.206
powercap: restrict energy meter to root access
Merge 4.14.205 into android-4.14-q
Linux 4.14.205
arm64: dts: marvell: espressobin: add ethernet alias
* PM: runtime: Resume the device earlier in __device_release_driver()
drivers/base/dd.c
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
ARC: stack unwinding: avoid indefinite looping
usb: mtu3: fix panic in mtu3_gadget_stop()
* USB: Add NO_LPM quirk for Kingston flash drive
drivers/usb/core/quirks.c
USB: serial: option: add Telit FN980 composition 0x1055
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: option: add Quectel EC200T module support
USB: serial: cyberjack: fix write-URB completion race
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
serial: 8250_mtk: Fix uart_get_baud_rate warning
* fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
kernel/fork.c
vt: Disable KD_FONT_OP_COPY
ACPI: NFIT: Fix comparison to '-ENXIO'
drm/vc4: drv: Add error handding for bind
vsock: use ns_capable_noaudit() on socket create
* scsi: core: Don't start concurrent async scan on same host
drivers/scsi/scsi_scan.c
* blk-cgroup: Pre-allocate tree node on blkg_conf_prep
block/blk-cgroup.c
* blk-cgroup: Fix memleak on error path
block/blk-cgroup.c
* of: Fix reserved-memory overlap detection
drivers/of/of_reserved_mem.c
x86/kexec: Use up-to-dated screen_info copy to fill boot params
ARM: dts: sun4i-a10: fix cpu_alert temperature
* futex: Handle transient "ownerless" rtmutex state correctly
kernel/futex.c
* tracing: Fix out of bounds write in get_trace_buf
kernel/trace/trace.c
* ftrace: Handle tracing when switching between context
kernel/trace/trace.h
* ftrace: Fix recursion check for NMI test
kernel/trace/trace.h
gfs2: Wake up when sd_glock_disposal becomes zero
* mm: always have io_remap_pfn_range() set pgprot_decrypted()
include/asm-generic/pgtable.h
include/linux/mm.h
* kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
kernel/kthread.c
lib/crc32test: remove extra local_irq_disable/enable
* ALSA: usb-audio: Add implicit feedback quirk for Qu-16
sound/usb/pcm.c
Fonts: Replace discarded const qualifier
i40e: Memory leak in i40e_config_iwarp_qvlist
i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
i40e: Wrong truncation from u16 to u8
i40e: add num_vectors checker in iwarp handler
i40e: Fix a potential NULL pointer dereference
* blktrace: fix debugfs use after free
kernel/trace/blktrace.c
* Blktrace: bail out early if block debugfs is not configured
kernel/trace/blktrace.c
sfp: Fix error handing in sfp_probe()
* sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
net/sctp/sm_sideeffect.c
net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
gianfar: Account for Tx PTP timestamp in the skb headroom
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
tipc: fix use-after-free in tipc_bcast_get_mode
xen/events: don't use chip_data for legacy IRQs
drm/i915: Break up error capture compression loops with cond_resched()
* ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
Change-Id: Ic05bca51a3c627743eade54bb7c13a5ea040fa93
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
lucaswei
|
cf18f36ffb |
Merge android-4.14-q (4.14.204) into android-msm-pixel-4.14-lts
Merge 4.14.204 into android-4.14-q
Linux 4.14.204
staging: octeon: Drop on uncorrectable alignment or FCS error
staging: octeon: repair "fixed-link" support
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
* KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
arch/arm64/include/asm/kvm_host.h
* device property: Don't clear secondary pointer for shared primary firmware node
drivers/base/core.c
* device property: Keep secondary firmware node secondary by type
drivers/base/core.c
ARM: s3c24xx: fix missing system reset
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
arm: dts: mt7623: add missing pause for switchport
hil/parisc: Disable HIL driver when it gets stuck
cachefiles: Handle readpage error correctly
* arm64: berlin: Select DW_APB_TIMER_OF
arch/arm64/Kconfig.platforms
tty: make FONTX ioctl use the tty pointer they were actually passed
rtc: rx8010: don't modify the global rtc ops
drm/ttm: fix eviction valuable range check.
* ext4: fix invalid inode checksum
fs/ext4/inode.c
* ext4: fix error handling code in add_new_gdb
fs/ext4/resize.c
* ext4: fix leaking sysfs kobject after failed mount
fs/ext4/super.c
vringh: fix __vringh_iov() when riov and wiov are different
* ring-buffer: Return 0 on success from ring_buffer_resize()
kernel/trace/ring_buffer.c
9P: Cast to loff_t before multiplying
libceph: clear con->out_msg on Policy::stateful_server faults
ceph: promote to unsigned long long before shifting
drm/amdgpu: don't map BO in reserved region
ia64: fix build error with !COREDUMP
ubi: check kthread_should_stop() after the setting of task state
perf python scripting: Fix printable strings in python3 scripts
ubifs: dent: Fix some potential memory leaks while iterating entries
NFSD: Add missing NFSv2 .pc_func methods
* NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
include/uapi/linux/nfs4.h
powerpc/powernv/elog: Fix race while processing OPAL error log event.
powerpc: Warn about use of smt_snooze_delay
powerpc/rtas: Restrict RTAS requests from userspace
s390/stp: add locking to sysfs functions
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:adc:ti-adc0832 Fix alignment issue with timestamp
iio:light:si1145: Fix timestamp alignment and prevent data leak.
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
vt: keyboard, extend func_buf_lock to readers
vt: keyboard, simplify vt_kdgkbsent
drm/i915: Force VT'd workarounds when running as a guest OS
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
usb: cdc-acm: fix cooldown mechanism
* usb: dwc3: core: don't trigger runtime pm when remove driver
drivers/usb/dwc3/core.c
* usb: dwc3: core: add phy cleanup for probe error handling
drivers/usb/dwc3/core.c
* usb: dwc3: ep0: Fix ZLP for OUT ep0 requests
drivers/usb/dwc3/ep0.c
btrfs: fix use-after-free on readahead extent after failure to create it
btrfs: cleanup cow block on error
btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
btrfs: send, recompute reference path after orphanization of a directory
btrfs: reschedule if necessary when logging directory items
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
w1: mxc_w1: Fix timeout resolution problem leading to bus error
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
ACPI: debug: don't allow debugging when ACPI is disabled
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI / extlog: Check for RDMSR failure
NFS: fix nfs_path in case of a rename retry
* fs: Don't invalidate page buffers in block_write_full_page()
fs/buffer.c
leds: bcm6328, bcm6358: use devres LED registering function
perf/x86/amd/ibs: Fix raw sample data accumulation
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
md/raid5: fix oops during stripe resizing
nvme-rdma: fix crash when connect rejected
* sgl_alloc_order: fix memory leak
lib/scatterlist.c
nbd: make the config put is called before the notifying the waiter
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
memory: emif: Remove bogus debugfs error handling
arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes
gfs2: add validation checks for size of superblock
* ext4: Detect already used quota file early
fs/ext4/super.c
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
clk: ti: clockdomain: fix static checker warning
bnxt_en: Log unknown link speed appropriately.
md/bitmap: md_bitmap_get_counter returns wrong blocks
power: supply: test_power: add missing newlines when printing parameters by sysfs
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
ACPI: Add out of bounds and numa_off protections to pxm_to_node()
* arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
arch/arm64/include/asm/numa.h
* uio: free uio id after uio file node is freed
drivers/uio/uio.c
USB: adutux: fix debugging
cpufreq: sti-cpufreq: add stih418 support
kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
* printk: reduce LOG_BUF_SHIFT range for H8300
init/Kconfig
drm/bridge/synopsys: dsi: add support for non-continuous HS clock
mmc: via-sdmmc: Fix data race bug
media: tw5864: check status of tw5864_frameinterval_get
usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart
media: platform: Improve queue set up flow for bug fixing
* media: videodev2.h: RGB BT2020 and HSV are always full range
include/uapi/linux/videodev2.h
drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly
ath10k: fix VHT NSS calculation when STBC is enabled
ath10k: start recovery process when payload length exceeds max htc length for sdio
video: fbdev: pvr2fb: initialize variables
xfs: fix realtime bitmap/summary file truncation when growing rt volume
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
um: change sigio_spinlock to a mutex
* f2fs: fix to check segment boundary during SIT page readahead
fs/f2fs/checkpoint.c
* f2fs: add trace exit in exception path
fs/f2fs/checkpoint.c
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
powerpc/powernv/smp: Fix spurious DBG() warning
* futex: Fix incorrect should_fail_futex() handling
kernel/futex.c
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
* fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
fs/crypto/policy.c
fs/ext4/namei.c
fs/f2fs/namei.c
ata: sata_rcar: Fix DMA boundary mask
mtd: lpddr: Fix bad logic in print_drs_error
p54: avoid accessing the data mapped to streaming DMA
* fuse: fix page dereference after free
fs/fuse/dev.c
x86/xen: disable Firmware First mode for correctable memory errors
arch/x86/amd/ibs: Fix re-arming IBS Fetch
tipc: fix memory leak caused by tipc_buf_append()
ravb: Fix bit fields checking in ravb_hwtstamp_get()
gtp: fix an use-before-init in gtp_newlink()
efivarfs: Replace invalid slashes with exclamation marks in dentries.
* arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
arch/arm64/Makefile
* scripts/setlocalversion: make git describe output more reliable
scripts/setlocalversion
* BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
include/net/xfrm.h
net/xfrm/xfrm_state.c
* BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/xfrm_user.c
* UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
net/xfrm/xfrm_user.c
* UPSTREAM: xfrm/compat: Add 64=>32-bit messages translator
include/net/xfrm.h
net/xfrm/xfrm_user.c
* BACKPORT: xfrm: Provide API to register translator module
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/Makefile
net/xfrm/xfrm_state.c
* UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
mm/slub.c
ANDROID: Publish uncompressed Image on aarch64
* ANDROID: Makefile: append BUILD_NUMBER to version string when defined
Makefile
Merge 4.14.203 into android-4.14-q
Linux 4.14.203
powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler
* usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
drivers/usb/gadget/function/f_ncm.c
eeprom: at25: set minimum read/write access stride to 1
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
tty: serial: fsl_lpuart: fix lpuart32_poll_get_char
net: korina: cast KSEG0 address to pointer in kfree
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
* scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config()
drivers/scsi/ufs/ufs-qcom.c
* usb: core: Solve race condition in anchor cleanup functions
drivers/usb/core/urb.c
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
mwifiex: don't call del_timer_sync() on uninitialized timer
reiserfs: Fix memory leak in reiserfs_parse_options()
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
tty: ipwireless: fix error handling
scsi: qedi: Fix list_del corruption while removing active I/O
scsi: qedi: Protect active command list to avoid list corruption
Fix use after free in get_capset_info callback.
rtl8xxxu: prevent potential memory leak
brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
scsi: ibmvfc: Fix error return in ibmvfc_probe()
* Bluetooth: Only mark socket zapped after unlocking
net/bluetooth/l2cap_sock.c
* usb: ohci: Default to per-port over-current protection
drivers/usb/host/ohci-hcd.c
xfs: make sure the rt allocator doesn't run off the end
reiserfs: only call unlock_new_inode() if I_NEW
misc: rtsx: Fix memory leak in rtsx_pci_probe
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
can: flexcan: flexcan_chip_stop(): add error handling and propagate error value
USB: cdc-acm: handle broken union descriptors
udf: Avoid accessing uninitialized data on failed inode read
udf: Limit sparing table size
usb: gadget: function: printer: fix use-after-free in __lock_acquire
misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
mic: vop: copy data to kernel space then write to io memory
* scsi: target: core: Add CONTROL field for trace events
include/scsi/scsi_common.h
scsi: mvumi: Fix error return in mvumi_io_attach()
PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
mac80211: handle lack of sband->bitrates in rates
ntfs: add check for mft record size in superblock
media: venus: core: Fix runtime PM imbalance in venus_probe
fs: dlm: fix configfs memory leak
media: saa7134: avoid a shift overflow
mmc: sdio: Check for CISTPL_VERS_1 buffer size
* media: uvcvideo: Ensure all probed info is returned to v4l2
drivers/media/usb/uvc/uvc_v4l2.c
media: media/pci: prevent memory leak in bttv_probe
media: bdisp: Fix runtime PM imbalance on error
media: platform: sti: hva: Fix runtime PM imbalance on error
media: platform: s3c-camif: Fix runtime PM imbalance on error
media: vsp1: Fix runtime PM imbalance on error
media: exynos4-is: Fix a reference count leak
media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
media: sti: Fix reference count leaks
media: st-delta: Fix reference count leak in delta_run_work
media: ati_remote: sanity check for both endpoints
media: firewire: fix memory leak
crypto: ccp - fix error handling
i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs
* perf: correct SNOOPX field offset
include/uapi/linux/perf_event.h
NTB: hw: amd: fix an issue about leak system resources
nvmet: fix uninitialized work for zero kato
powerpc/powernv/dump: Fix race while processing OPAL dump
arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers
arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
memory: omap-gpmc: Fix a couple off by ones
KVM: x86: emulating RDPID failure shall return #UD rather than #GP
Input: sun4i-ps2 - fix handling of platform_get_irq() error
Input: twl4030_keypad - fix handling of platform_get_irq() error
Input: omap4-keypad - fix handling of platform_get_irq() error
Input: ep93xx_keypad - fix handling of platform_get_irq() error
Input: stmfts - fix a & vs && typo
Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages
vfio/pci: Clear token on bypass registration failure
* ext4: limit entries returned when counting fsmap records
fs/ext4/fsmap.c
clk: bcm2835: add missing release if devm_clk_hw_register fails
clk: at91: clk-main: update key before writing AT91_CKGR_MOR
PCI: iproc: Set affinity mask on MSI interrupts
* i2c: rcar: Auto select RESET_CONTROLLER
drivers/i2c/busses/Kconfig
* mailbox: avoid timer start from callback
drivers/mailbox/mailbox.c
rapidio: fix the missed put_device() for rio_mport_add_riodev
rapidio: fix error handling path
ramfs: fix nommu mmap with gaps in the page cache
* lib/crc32.c: fix trivial typo in preprocessor condition
lib/crc32.c
* f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info
fs/f2fs/sysfs.c
IB/rdmavt: Fix sizeof mismatch
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
powerpc/perf/hv-gpci: Fix starting index value
powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
* overflow: Include header file with SIZE_MAX declaration
include/linux/overflow.h
kdb: Fix pager search for multi-line strings
RDMA/hns: Set the unsupported wr opcode
perf intel-pt: Fix "context_switch event has no tid" error
powerpc/tau: Disable TAU between measurements
powerpc/tau: Remove duplicated set_thresholds() call
powerpc/tau: Use appropriate temperature sample interval
RDMA/qedr: Fix use of uninitialized field
xfs: limit entries returned when counting fsmap records
arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER
ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
mtd: mtdoops: Don't write panic data twice
mtd: lpddr: fix excessive stack usage with clang
powerpc/icp-hv: Fix missing of_node_put() in success path
powerpc/pseries: Fix missing of_node_put() in rng_init()
IB/mlx4: Adjust delayed work when a dup is observed
IB/mlx4: Fix starvation in paravirt mux/demux
* mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary
fs/proc/base.c
include/linux/oom.h
include/linux/sched/coredump.h
kernel/fork.c
mm/oom_kill.c
mm/memcg: fix device private memcg accounting
net: korina: fix kfree of rx/tx descriptor array
mwifiex: fix double free
scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
usb: dwc2: Fix INTR OUT transfers in DDMA mode.
* nl80211: fix non-split wiphy information
net/wireless/nl80211.c
* usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
drivers/usb/gadget/function/u_ether.c
* usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
drivers/usb/gadget/function/f_ncm.c
iwlwifi: mvm: split a print to avoid a WARNING in ROC
mfd: sm501: Fix leaks in probe()
net: enic: Cure the enic api locking trainwreck
qtnfmac: fix resource leaks on unsupported iftype error return path
* HID: hid-input: fix stylus battery reporting
drivers/hid/hid-input.c
* quota: clear padding in v2r1_mem2diskdqb()
fs/quota/quota_v2.c
usb: dwc2: Fix parameter type in function pointer prototype
ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
misc: mic: scif: Fix error handling path
ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
pinctrl: mcp23s08: Fix mcp23x17 precious range
pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser
HID: roccat: add bounds checking in kone_sysfs_write_settings()
video: fbdev: sis: fix null ptr dereference
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
drivers/virt/fsl_hypervisor: Fix error handling path
pwm: lpss: Add range limit check for the base_unit register value
pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
* pty: do tty_flip_buffer_push without port->lock in pty_write
drivers/tty/pty.c
tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
* tty: serial: earlycon dependency
drivers/tty/serial/Kconfig
VMCI: check return value of get_user_pages_fast() for errors
backlight: sky81452-backlight: Fix refcount imbalance on error
scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
drm/gma500: fix error check
mwifiex: Do not use GFP_KERNEL in atomic context
brcmfmac: check ndev pointer
ASoC: qcom: lpass-cpu: fix concurrency issue
ASoC: qcom: lpass-platform: fix memory leak
wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
Bluetooth: hci_uart: Cancel init work before unregistering
ath10k: provide survey info as accumulated data
* regulator: resolve supply after creating regulator
drivers/regulator/core.c
media: ti-vpe: Fix a missing check and reference count leak
media: s5p-mfc: Fix a reference count leak
media: platform: fcp: Fix a reference count leak.
media: tc358743: initialize variable
media: mx2_emmaprp: Fix memleak in emmaprp_probe
cypto: mediatek - fix leaks in mtk_desc_ring_alloc
crypto: omap-sham - fix digcnt register handling with export/import
media: omap3isp: Fix memleak in isp_probe
* media: uvcvideo: Set media controller entity functions
drivers/media/usb/uvc/uvc_entity.c
media: m5mols: Check function pointer in m5mols_sensor_power
media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
* media: tuner-simple: fix regression in simple_set_radio_freq
drivers/media/tuners/tuner-simple.c
crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
crypto: algif_skcipher - EBUSY on aio should be an error
drivers/perf: xgene_pmu: Fix uninitialized resource struct
x86/fpu: Allow multiple bits in clearcpuid= parameter
EDAC/i5100: Fix error handling order in i5100_init_one()
crypto: algif_aead - Do not set MAY_BACKLOG on the async path
ima: Don't ignore errors from crypto_shash_update()
KVM: SVM: Initialize prev_ga_tag before use
KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
cifs: Return the error from crypt_message when enc/dec key not found.
cifs: remove bogus debug code
* icmp: randomize the global rate limiter
net/ipv4/icmp.c
* tcp: fix to update snd_wl1 in bulk receiver fast path
net/ipv4/tcp_input.c
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
ALSA: bebob: potential info leak in hwdep_read()
* binder: fix UAF when releasing todo list
drivers/android/binder.c
r8169: fix data corruption issue on RTL8402
* net/ipv4: always honour route mtu during forwarding
include/net/ip.h
tipc: fix the skb_unshare() in tipc_buf_append()
net: usb: qmi_wwan: add Cellient MPL200 card
mlx4: handle non-napi callers to napi_poll
* ipv4: Restore flowi4_oif update before call to xfrm_lookup_route
net/ipv4/route.c
ibmveth: Identify ingress large send packets.
ibmveth: Switch order of ibmveth_helper calls.
* UPSTREAM: binder: fix UAF when releasing todo list
drivers/android/binder.c
Merge 4.14.202 into android-4.14-q
Linux 4.14.202
crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
crypto: bcm - Verify GCM/CCM key length in setkey
drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case
reiserfs: Fix oops during mount
reiserfs: Initialize inode keys properly
USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
USB: serial: pl2303: add device-id for HP GC device
staging: comedi: check validity of wMaxPacketSize of usb endpoints found
USB: serial: option: Add Telit FT980-KS composition
USB: serial: option: add Cellient MPL200 card
media: usbtv: Fix refcounting mixup
* Bluetooth: Disconnect if E0 is used for Level 4
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
net/bluetooth/hci_event.c
* Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
include/net/bluetooth/hci_core.h
* Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
include/net/bluetooth/hci_core.h
net/bluetooth/hci_event.c
* Bluetooth: MGMT: Fix not checking if BT_HS is enabled
net/bluetooth/mgmt.c
* Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
include/net/bluetooth/l2cap.h
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
* Bluetooth: A2MP: Fix not initializing all members
net/bluetooth/a2mp.c
* Bluetooth: fix kernel oops in store_pending_adv_report
net/bluetooth/hci_event.c
Merge 4.14.201 into android-4.14-q
Linux 4.14.201
* net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
drivers/net/usb/rtl8150.c
* mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged
include/linux/khugepaged.h
mm/page_alloc.c
mmc: core: don't set limits.discard_granularity as 0
* perf: Fix task_function_call() error handling
kernel/events/core.c
rxrpc: Fix server keyring leak
rxrpc: Fix some missing _bh annotations on locking conn->state_lock
rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
rxrpc: Fix rxkad token xdr encoding
* net: usb: ax88179_178a: fix missing stop entry in driver_info
drivers/net/usb/ax88179_178a.c
* mdio: fix mdio-thunder.c dependency & build error
drivers/net/phy/Kconfig
* bonding: set dev->needed_headroom in bond_setup_by_slave()
drivers/net/bonding/bond_main.c
* xfrm: Use correct address family in xfrm_state_find
net/xfrm/xfrm_state.c
* platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
drivers/platform/x86/Kconfig
net: stmmac: removed enabling eee in EEE set callback
* xfrm: clone whole liftime_cur structure in xfrm_do_migrate
net/xfrm/xfrm_state.c
* xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate
net/xfrm/xfrm_state.c
* xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
include/net/xfrm.h
drm/amdgpu: prevent double kfree ttm->sg
openvswitch: handle DNAT tuple collision
net: team: fix memory leak in __team_options_register
team: set dev->needed_headroom in team_setup_by_port()
* sctp: fix sctp_auth_init_hmacs() error path
net/sctp/auth.c
i2c: meson: fix clock setting overwrite
cifs: Fix incomplete memory allocation on setxattr path
mm/khugepaged: fix filemap page_to_pgoff(page) != offset
macsec: avoid use-after-free in macsec_handle_frame()
ftrace: Move RCU is watching check after recursion check
Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space
mtd: rawnand: sunxi: Fix the probe error path
perf top: Fix stdio interface input handling with glibc 2.28+
* driver core: Fix probe_count imbalance in really_probe()
drivers/base/dd.c
platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
* usermodehelper: reset umask to default before executing user process
kernel/umh.c
* net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
net/wireless/nl80211.c
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
Revert "ravb: Fixed to be able to unload modules"
Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
* drm/syncobj: Fix drm_syncobj_handle_to_fd refcount leak
drivers/gpu/drm/drm_syncobj.c
* netfilter: ctnetlink: add a range check for l3/l4 protonum
net/netfilter/nf_conntrack_netlink.c
* ep_create_wakeup_source(): dentry name can change under you...
fs/eventpoll.c
* epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
fs/eventpoll.c
* epoll: replace ->visited/visited_list with generation count
fs/eventpoll.c
* epoll: do not insert into poll queues until all sanity checks are done
fs/eventpoll.c
* net/packet: fix overflow in tpacket_rcv
net/packet/af_packet.c
* random32: Restore __latent_entropy attribute on net_rand_state
lib/random32.c
Input: trackpoint - enable Synaptics trackpoints
i2c: cpm: Fix i2c_ram structure
iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
nfs: Fix security label length not being reset
pinctrl: mvebu: Fix i2c sda definition for 98DX3236
nvme-fc: fail new connections to a deleted host or remote port
spi: fsl-espi: Only process interrupts for expected events
mac80211: do not allow bigger VHT MPDUs than the hardware supports
drivers/net/wan/hdlc: Set skb->protocol before transmitting
drivers/net/wan/lapbether: Make skb->protocol consistent with the header
rndis_host: increase sleep time in the query-response loop
net: dec: de2104x: Increase receive ring size for Tulip
drm/sun4i: mixer: Extend regmap max_register
drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices
drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
gpio: tc35894: fix up tc35894 interrupt configuration
* USB: gadget: f_ncm: Fix NDP16 datagram validation
drivers/usb/gadget/function/f_ncm.c
net: virtio_vsock: Enhance connection semantics
vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock()
vsock/virtio: stop workers during the .remove()
vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock
Merge 4.14.200 into android-4.14-q
Linux 4.14.200
ata: sata_mv, avoid trigerrable BUG_ON
ata: make qc_prep return ata_completion_errors
ata: define AC_ERR_OK
* lib/string.c: implement stpcpy
lib/string.c
* mm, THP, swap: fix allocating cluster for swapfile by mistake
mm/swapfile.c
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
s390/dasd: Fix zero write for FBA devices
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
ALSA: asihpi: fix iounmap in error handler
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
batman-adv: Add missing include for in_interrupt()
net: qed: RDMA personality shouldn't fail VF load
drm/vc4/vc4_hdmi: fill ASoC card owner
mac802154: tx: fix use-after-free
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: bla: fix type misuse for backbone_gw hash indexing
mwifiex: Increase AES key storage size to 256 bits
clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
ieee802154/adf7242: check status of adf7242_read_reg
ieee802154: fix one possible memleak in ca8210_dev_com_init
objtool: Fix noreturn detection for ignored functions
* i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()
drivers/i2c/i2c-core-base.c
s390/init: add missing __init annotations
btrfs: qgroup: fix data leak caused by race between writeback and truncate
vfio/pci: fix racy on error and request eventfd ctx
selftests/x86/syscall_nt: Clear weird flags after each test
scsi: libfc: Skip additional kref updating work event
scsi: libfc: Handling of extra kref
cifs: Fix double add page to memcg when cifs_readpages
vfio/pci: Clear error and request eventfd ctx after releasing
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
mtd: parser: cmdline: Support MTD names containing one or more colons
rapidio: avoid data race between file operation callbacks and mport_cdev_add().
* mm/swap_state: fix a data race in swapin_nr_pages
mm/swap_state.c
ceph: fix potential race in ceph_check_caps
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
perf kcore_copy: Fix module map when there are no modules loaded
perf util: Fix memory leak of prefix_if_not_in
vfio/pci: fix memory leaks of eventfd ctx
btrfs: don't force read-only after error in drop snapshot
* usb: dwc3: Increase timeout for CmdAct cleared by device controller
drivers/usb/dwc3/gadget.c
* printk: handle blank console arguments passed in.
kernel/printk/printk.c
drm/nouveau/debugfs: fix runtime pm imbalance on error
e1000: Do not perform reset in reset_task if we are already down
* arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
arch/arm64/kernel/cpufeature.c
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
* fuse: don't check refcount after stealing page
fs/fuse/dev.c
powerpc/traps: Make unrecoverable NMIs die instead of panic
ALSA: hda: Fix potential race in unsol event handler
tty: serial: samsung: Correct clock selection logic
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
* Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
net/bluetooth/hci_event.c
phy: samsung: s5pv210-usb2: Add delay after reset
power: supply: max17040: Correct voltage reading
atm: fix a memory leak of vcc->user_back
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
* arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
arch/arm64/kernel/cpufeature.c
sparc64: vcc: Fix error return code in vcc_probe()
staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
* bdev: Reduce time holding bd_mutex in sync in blkdev_close()
fs/block_dev.c
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
serial: uartps: Wait for tx_empty in console setup
scsi: qedi: Fix termination timeouts in session logout
* mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
mm/mmap.c
* mm/vmscan.c: fix data races using kswapd_classzone_idx
mm/vmscan.c
* mm/filemap.c: clear page error before actual read
mm/filemap.c
mm/kmemleak.c: use address-of operator on section symbols
NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
* ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
sound/usb/midi.c
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
svcrdma: Fix leak of transport addresses
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
tools: gpio-hammer: Avoid potential overflow in main
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
perf cpumap: Fix snprintf overflow check
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
serial: 8250_omap: Fix sleeping function called from invalid context during probe
serial: 8250_port: Don't service RX FIFO if throttled
* tracing: Use address-of operator on section symbols
kernel/trace/trace.c
rtc: ds1374: fix possible race condition
tpm: ibmvtpm: Wait for buffer to be set before proceeding
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
media: tda10071: fix unsigned sign extension overflow
* Bluetooth: L2CAP: handle l2cap config request during open state
net/bluetooth/l2cap_core.c
scsi: aacraid: Disabling TM path and only processing IOP reset
ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
drm/amdgpu: increase atombios cmd timeout
* mm: avoid data corruption on CoW fault into PFN-mapped VMA
mm/memory.c
* ext4: fix a data race at inode->i_disksize
fs/ext4/inode.c
* timekeeping: Prevent 32bit truncation in scale64_check_overflow()
kernel/time/timekeeping.c
* Bluetooth: guard against controllers sending zero'd events
net/bluetooth/hci_event.c
media: go7007: Fix URB type for interrupt handling
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
* bpf: Remove recursion prevention from rcu free callback
kernel/bpf/hashtab.c
x86/pkeys: Add check for pkey "overflow"
media: staging/imx: Missing assignment in imx_media_capture_device_register()
KVM: x86: fix incorrect comparison in trace event
RDMA/rxe: Fix configuration of atomic queue pair attributes
perf test: Fix test trace+probe_vfs_getname.sh on s390
drm/omap: fix possible object reference leak
scsi: lpfc: Fix coverity errors in fmdi attribute handling
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
* selinux: sel_avc_get_stat_idx should increase position index
security/selinux/selinuxfs.c
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
* skbuff: fix a data race in skb_queue_len()
include/linux/skbuff.h
net/unix/af_unix.c
ALSA: hda: Clear RIRB status before reading WP
KVM: fix overflow of zero page refcount with ksm running
* Bluetooth: prefetch channel before killing sock
net/bluetooth/l2cap_sock.c
* mm: pagewalk: fix termination condition in walk_pte_range()
mm/pagewalk.c
* Bluetooth: Fix refcount use-after-free issue
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
selftests/ftrace: fix glob selftest
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
* tracing: Set kernel_stack's caller size properly
kernel/trace/trace_entries.h
powerpc/eeh: Only dump stack once if an MMIO loop is detected
dmaengine: zynqmp_dma: fix burst length configuration
ACPI: EC: Reference count query handlers under lock
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
* seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
include/linux/seqlock.h
* rt_cpu_seq_next should increase position index
net/ipv4/route.c
* neigh_stat_seq_next() should increase position index
net/core/neighbour.c
* kernel/sys.c: avoid copying possible padding bytes in copy_to_user
kernel/sys.c
CIFS: Properly process SMB3 lease breaks
* debugfs: Fix !DEBUG_FS debugfs_create_automount
include/linux/debugfs.h
gfs2: clean up iopen glock mess in gfs2_create_inode
mmc: core: Fix size overflow for mmc partitions
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
xfs: fix attr leaf header freemap.size underflow
RDMA/i40iw: Fix potential use after free
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
* tracing: Adding NULL checks for trace_array descriptor pointer
kernel/trace/trace.c
kernel/trace/trace_events.c
* mfd: mfd-core: Protect against NULL call-back function pointer
drivers/mfd/mfd-core.c
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
clk/ti/adpll: allocate room for terminating null
scsi: fnic: fix use after free
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
* ALSA: usb-audio: Add delay quirk for H570e USB headsets
sound/usb/quirks.c
x86/ioapic: Unbreak check_timer()
arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
media: smiapp: Fix error handling at NVM reading
ASoC: kirkwood: fix IRQ error handling
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
m68k: q40: Fix info-leak in rtc_ioctl
scsi: aacraid: fix illegal IO beyond last LBA
* mm: fix double page fault on arm64 if PTE_AF is cleared
mm/memory.c
serial: 8250: Avoid error message on reprobe
geneve: add transport ports in route lookup for geneve
* ipv4: Update exception handling for multipath routes via same device
net/ipv4/route.c
* net: add __must_check to skb_put_padto()
include/linux/skbuff.h
* net: phy: Avoid NPD upon phy_detach() when driver is unbound
drivers/net/phy/phy_device.c
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
tipc: use skb_unshare() instead in tipc_buf_append()
tipc: fix shutdown() of connection oriented socket
* net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
net/ipv6/Kconfig
* ip: fix tos reflection in ack and reset packets
net/ipv4/ip_output.c
hdlc_ppp: add range checks in ppp_cp_parse_cr()
RDMA/ucma: ucma_context reference leak in error path
mm/thp: fix __split_huge_pmd_locked() for migration PMD
kprobes: fix kill kprobe which has been marked as gone
KVM: fix memory leak in kvm_io_bus_unregister_dev()
phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init
* af_key: pfkey_dump needs parameter validation
net/key/af_key.c
Change-Id: I5bd9fd75e9245cf37257308ba579b61e8e48265c
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
76cc1c09f4 |
Merge 4.14.207 into android-4.14-stable
Changes in 4.14.207
regulator: defer probe when trying to get voltage from unresolved supply
ring-buffer: Fix recursion protection transitions between interrupt context
mm: mempolicy: fix potential pte_unmap_unlock pte error
time: Prevent undefined behaviour in timespec64_to_ns()
nbd: don't update block size after device is started
btrfs: sysfs: init devices outside of the chunk_mutex
btrfs: reschedule when cloning lots of extents
genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
hv_balloon: disable warning when floor reached
net: xfrm: fix a race condition during allocing spi
perf tools: Add missing swap for ino_generation
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
can: rx-offload: don't call kfree_skb() from IRQ context
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: peak_usb: add range checking in decode operations
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
xfs: flush new eof page on truncate to avoid post-eof corruption
Btrfs: fix missing error return if writeback for extent buffer never started
ath9k_htc: Use appropriate rs_datalen type
usb: gadget: goku_udc: fix potential crashes in probe
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
gfs2: Add missing truncate_inode_pages_final for sd_aspace
gfs2: check for live vs. read-only file system in gfs2_fitrim
scsi: hpsa: Fix memory leak in hpsa_init_one()
drm/amdgpu: perform srbm soft reset always on SDMA resume
mac80211: fix use of skb payload instead of header
cfg80211: regulatory: Fix inconsistent format argument
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
iommu/amd: Increase interrupt remapping table limit to 512 entries
pinctrl: intel: Set default bias in case no particular value given
ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
pinctrl: aspeed: Fix GPI only function problem.
nbd: fix a block_device refcount leak in nbd_release
xfs: fix flags argument to rmap lookup when converting shared file rmaps
xfs: fix rmap key and record comparison functions
xfs: fix a missing unlock on error in xfs_fs_map_blocks
of/address: Fix of_node memory leak in of_dma_is_coherent
cosa: Add missing kfree in error path of cosa_write
perf: Fix get_recursion_context()
ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
uio: Fix use-after-free in uio_unregister_device()
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
mei: protect mei_cl_mtu from null dereference
futex: Don't enable IRQs unconditionally in put_pi_state()
ocfs2: initialize ip_next_orphan
selinux: Fix error return code in sel_ib_pkey_sid_slow()
don't dump the threads that had been already exiting when zapped.
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
pinctrl: amd: use higher precision for 512 RtcClk
pinctrl: amd: fix incorrect way to disable debounce filter
swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
IPv6: Set SIT tunnel hard_header_len to zero
net/af_iucv: fix null pointer dereference on shutdown
net/x25: Fix null-ptr-deref in x25_connect
vrf: Fix fast path output packet handling with async Netfilter rules
r8169: fix potential skb double free in an error path
net: Update window_clamp if SOCK_RCVBUF is set
random32: make prandom_u32() output unpredictable
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
perf/core: Fix bad use of igrab()
perf/core: Fix crash when using HW tracing kernel filters
perf/core: Fix a memory leak in perf_event_parse_addr_filter()
xen/events: avoid removing an event channel while handling it
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a new "late EOI" evtchn framework
xen/blkback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/pciback: use lateeoi irq binding
xen/events: switch user event channels to lateeoi model
xen/events: use a common cpu hotplug hook for event channels
xen/events: defer eoi in case of excessive number of events
xen/events: block rogue events for some time
perf/core: Fix race in the perf_mmap_close() function
Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
reboot: fix overflow parsing reboot cpu number
Convert trailing spaces and periods in path components
mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
Linux 4.14.207
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id9671f12372dd8919395ce4f175ce1a5a06ef68f
|
||
|
Greg Kroah-Hartman
|
768892ca77 |
Merge 4.14.207 into android-4.14-q
Changes in 4.14.207
regulator: defer probe when trying to get voltage from unresolved supply
ring-buffer: Fix recursion protection transitions between interrupt context
mm: mempolicy: fix potential pte_unmap_unlock pte error
time: Prevent undefined behaviour in timespec64_to_ns()
nbd: don't update block size after device is started
btrfs: sysfs: init devices outside of the chunk_mutex
btrfs: reschedule when cloning lots of extents
genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
hv_balloon: disable warning when floor reached
net: xfrm: fix a race condition during allocing spi
perf tools: Add missing swap for ino_generation
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
can: rx-offload: don't call kfree_skb() from IRQ context
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: peak_usb: add range checking in decode operations
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
xfs: flush new eof page on truncate to avoid post-eof corruption
Btrfs: fix missing error return if writeback for extent buffer never started
ath9k_htc: Use appropriate rs_datalen type
usb: gadget: goku_udc: fix potential crashes in probe
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
gfs2: Add missing truncate_inode_pages_final for sd_aspace
gfs2: check for live vs. read-only file system in gfs2_fitrim
scsi: hpsa: Fix memory leak in hpsa_init_one()
drm/amdgpu: perform srbm soft reset always on SDMA resume
mac80211: fix use of skb payload instead of header
cfg80211: regulatory: Fix inconsistent format argument
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
iommu/amd: Increase interrupt remapping table limit to 512 entries
pinctrl: intel: Set default bias in case no particular value given
ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
pinctrl: aspeed: Fix GPI only function problem.
nbd: fix a block_device refcount leak in nbd_release
xfs: fix flags argument to rmap lookup when converting shared file rmaps
xfs: fix rmap key and record comparison functions
xfs: fix a missing unlock on error in xfs_fs_map_blocks
of/address: Fix of_node memory leak in of_dma_is_coherent
cosa: Add missing kfree in error path of cosa_write
perf: Fix get_recursion_context()
ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
uio: Fix use-after-free in uio_unregister_device()
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
mei: protect mei_cl_mtu from null dereference
futex: Don't enable IRQs unconditionally in put_pi_state()
ocfs2: initialize ip_next_orphan
selinux: Fix error return code in sel_ib_pkey_sid_slow()
don't dump the threads that had been already exiting when zapped.
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
pinctrl: amd: use higher precision for 512 RtcClk
pinctrl: amd: fix incorrect way to disable debounce filter
swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
IPv6: Set SIT tunnel hard_header_len to zero
net/af_iucv: fix null pointer dereference on shutdown
net/x25: Fix null-ptr-deref in x25_connect
vrf: Fix fast path output packet handling with async Netfilter rules
r8169: fix potential skb double free in an error path
net: Update window_clamp if SOCK_RCVBUF is set
random32: make prandom_u32() output unpredictable
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
perf/core: Fix bad use of igrab()
perf/core: Fix crash when using HW tracing kernel filters
perf/core: Fix a memory leak in perf_event_parse_addr_filter()
xen/events: avoid removing an event channel while handling it
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a new "late EOI" evtchn framework
xen/blkback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/pciback: use lateeoi irq binding
xen/events: switch user event channels to lateeoi model
xen/events: use a common cpu hotplug hook for event channels
xen/events: defer eoi in case of excessive number of events
xen/events: block rogue events for some time
perf/core: Fix race in the perf_mmap_close() function
Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
reboot: fix overflow parsing reboot cpu number
Convert trailing spaces and periods in path components
mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
Linux 4.14.207
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0b17b979ac68effd3671755d59fe6c0d5540f2e6
|
||
|
George Spelvin
|
a16f026330 |
random32: make prandom_u32() output unpredictable
commit c51f8f88d705e06bd696d7510aff22b33eb8e638 upstream.
Non-cryptographic PRNGs may have great statistical properties, but
are usually trivially predictable to someone who knows the algorithm,
given a small sample of their output. An LFSR like prandom_u32() is
particularly simple, even if the sample is widely scattered bits.
It turns out the network stack uses prandom_u32() for some things like
random port numbers which it would prefer are *not* trivially predictable.
Predictability led to a practical DNS spoofing attack. Oops.
This patch replaces the LFSR with a homebrew cryptographic PRNG based
on the SipHash round function, which is in turn seeded with 128 bits
of strong random key. (The authors of SipHash have *not* been consulted
about this abuse of their algorithm.) Speed is prioritized over security;
attacks are rare, while performance is always wanted.
Replacing all callers of prandom_u32() is the quick fix.
Whether to reinstate a weaker PRNG for uses which can tolerate it
is an open question.
Commit f227e3ec3b5c ("random32: update the net random state on interrupt
and activity") was an earlier attempt at a solution. This patch replaces
it.
Reported-by: Amit Klein <aksecurity@gmail.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: tytso@mit.edu
Cc: Florian Westphal <fw@strlen.de>
Cc: Marc Plumb <lkml.mplumb@gmail.com>
Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity")
Signed-off-by: George Spelvin <lkml@sdf.org>
Link: https://lore.kernel.org/netdev/20200808152628.GA27941@SDF.ORG/
[ willy: partial reversal of f227e3ec3b5c; moved SIPROUND definitions
to prandom.h for later use; merged George's prandom_seed() proposal;
inlined siprand_u32(); replaced the net_rand_state[] array with 4
members to fix a build issue; cosmetic cleanups to make checkpatch
happy; fixed RANDOM32_SELFTEST build ]
[wt: backported to 4.14 -- various context adjustments; timer API change]
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Zeng Tao
|
1b0c077318 |
time: Prevent undefined behaviour in timespec64_to_ns()
[ Upstream commit cb47755725da7b90fecbb2aa82ac3b24a7adb89b ]
UBSAN reports:
Undefined behaviour in ./include/linux/time64.h:127:27
signed integer overflow:
17179869187 * 1000000000 cannot be represented in type 'long long int'
Call Trace:
timespec64_to_ns include/linux/time64.h:127 [inline]
set_cpu_itimer+0x65c/0x880 kernel/time/itimer.c:180
do_setitimer+0x8e/0x740 kernel/time/itimer.c:245
__x64_sys_setitimer+0x14c/0x2c0 kernel/time/itimer.c:336
do_syscall_64+0xa1/0x540 arch/x86/entry/common.c:295
Commit bd40a175769d ("y2038: itimer: change implementation to timespec64")
replaced the original conversion which handled time clamping correctly with
timespec64_to_ns() which has no overflow protection.
Fix it in timespec64_to_ns() as this is not necessarily limited to the
usage in itimers.
[ tglx: Added comment and adjusted the fixes tag ]
Fixes:
|
||
|
Greg Kroah-Hartman
|
c1013a481e |
Merge 4.14.200 into android-4.14-stable
Changes in 4.14.200 af_key: pfkey_dump needs parameter validation phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init KVM: fix memory leak in kvm_io_bus_unregister_dev() kprobes: fix kill kprobe which has been marked as gone mm/thp: fix __split_huge_pmd_locked() for migration PMD RDMA/ucma: ucma_context reference leak in error path hdlc_ppp: add range checks in ppp_cp_parse_cr() ip: fix tos reflection in ack and reset packets net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC tipc: fix shutdown() of connection oriented socket tipc: use skb_unshare() instead in tipc_buf_append() bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. net: phy: Avoid NPD upon phy_detach() when driver is unbound net: add __must_check to skb_put_padto() ipv4: Update exception handling for multipath routes via same device geneve: add transport ports in route lookup for geneve serial: 8250: Avoid error message on reprobe mm: fix double page fault on arm64 if PTE_AF is cleared scsi: aacraid: fix illegal IO beyond last LBA m68k: q40: Fix info-leak in rtc_ioctl gma/gma500: fix a memory disclosure bug due to uninitialized bytes ASoC: kirkwood: fix IRQ error handling media: smiapp: Fix error handling at NVM reading arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback x86/ioapic: Unbreak check_timer() ALSA: usb-audio: Add delay quirk for H570e USB headsets ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out scsi: fnic: fix use after free clk/ti/adpll: allocate room for terminating null mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() mfd: mfd-core: Protect against NULL call-back function pointer tracing: Adding NULL checks for trace_array descriptor pointer bcache: fix a lost wake-up problem caused by mca_cannibalize_lock RDMA/i40iw: Fix potential use after free xfs: fix attr leaf header freemap.size underflow RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' mmc: core: Fix size overflow for mmc partitions gfs2: clean up iopen glock mess in gfs2_create_inode debugfs: Fix !DEBUG_FS debugfs_create_automount CIFS: Properly process SMB3 lease breaks kernel/sys.c: avoid copying possible padding bytes in copy_to_user neigh_stat_seq_next() should increase position index rt_cpu_seq_next should increase position index seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier media: ti-vpe: cal: Restrict DMA to avoid memory corruption ACPI: EC: Reference count query handlers under lock dmaengine: zynqmp_dma: fix burst length configuration powerpc/eeh: Only dump stack once if an MMIO loop is detected tracing: Set kernel_stack's caller size properly ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter selftests/ftrace: fix glob selftest tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility Bluetooth: Fix refcount use-after-free issue mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: prefetch channel before killing sock KVM: fix overflow of zero page refcount with ksm running ALSA: hda: Clear RIRB status before reading WP skbuff: fix a data race in skb_queue_len() audit: CONFIG_CHANGE don't log internal bookkeeping as an event selinux: sel_avc_get_stat_idx should increase position index scsi: lpfc: Fix RQ buffer leakage when no IOCBs available scsi: lpfc: Fix coverity errors in fmdi attribute handling drm/omap: fix possible object reference leak perf test: Fix test trace+probe_vfs_getname.sh on s390 RDMA/rxe: Fix configuration of atomic queue pair attributes KVM: x86: fix incorrect comparison in trace event media: staging/imx: Missing assignment in imx_media_capture_device_register() x86/pkeys: Add check for pkey "overflow" bpf: Remove recursion prevention from rcu free callback dmaengine: tegra-apb: Prevent race conditions on channel's freeing media: go7007: Fix URB type for interrupt handling Bluetooth: guard against controllers sending zero'd events timekeeping: Prevent 32bit truncation in scale64_check_overflow() ext4: fix a data race at inode->i_disksize mm: avoid data corruption on CoW fault into PFN-mapped VMA drm/amdgpu: increase atombios cmd timeout ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read scsi: aacraid: Disabling TM path and only processing IOP reset Bluetooth: L2CAP: handle l2cap config request during open state media: tda10071: fix unsigned sign extension overflow xfs: don't ever return a stale pointer from __xfs_dir3_free_read tpm: ibmvtpm: Wait for buffer to be set before proceeding rtc: ds1374: fix possible race condition tracing: Use address-of operator on section symbols serial: 8250_port: Don't service RX FIFO if throttled serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout perf cpumap: Fix snprintf overflow check cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn tools: gpio-hammer: Avoid potential overflow in main RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' svcrdma: Fix leak of transport addresses ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() mm/kmemleak.c: use address-of operator on section symbols mm/filemap.c: clear page error before actual read mm/vmscan.c: fix data races using kswapd_classzone_idx mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area scsi: qedi: Fix termination timeouts in session logout serial: uartps: Wait for tx_empty in console setup KVM: Remove CREATE_IRQCHIP/SET_PIT2 race bdev: Reduce time holding bd_mutex in sync in blkdev_close() drivers: char: tlclk.c: Avoid data race between init and interrupt handler staging:r8188eu: avoid skb_clone for amsdu to msdu conversion sparc64: vcc: Fix error return code in vcc_probe() arm64: cpufeature: Relax checks for AArch32 support at EL[0-2] dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion atm: fix a memory leak of vcc->user_back power: supply: max17040: Correct voltage reading phy: samsung: s5pv210-usb2: Add delay after reset Bluetooth: Handle Inquiry Cancel error after Inquiry Complete USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() tty: serial: samsung: Correct clock selection logic ALSA: hda: Fix potential race in unsol event handler powerpc/traps: Make unrecoverable NMIs die instead of panic fuse: don't check refcount after stealing page USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register e1000: Do not perform reset in reset_task if we are already down drm/nouveau/debugfs: fix runtime pm imbalance on error printk: handle blank console arguments passed in. usb: dwc3: Increase timeout for CmdAct cleared by device controller btrfs: don't force read-only after error in drop snapshot vfio/pci: fix memory leaks of eventfd ctx perf util: Fix memory leak of prefix_if_not_in perf kcore_copy: Fix module map when there are no modules loaded mtd: rawnand: omap_elm: Fix runtime PM imbalance on error ceph: fix potential race in ceph_check_caps mm/swap_state: fix a data race in swapin_nr_pages rapidio: avoid data race between file operation callbacks and mport_cdev_add(). mtd: parser: cmdline: Support MTD names containing one or more colons x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline vfio/pci: Clear error and request eventfd ctx after releasing cifs: Fix double add page to memcg when cifs_readpages scsi: libfc: Handling of extra kref scsi: libfc: Skip additional kref updating work event selftests/x86/syscall_nt: Clear weird flags after each test vfio/pci: fix racy on error and request eventfd ctx btrfs: qgroup: fix data leak caused by race between writeback and truncate s390/init: add missing __init annotations i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() objtool: Fix noreturn detection for ignored functions ieee802154: fix one possible memleak in ca8210_dev_com_init ieee802154/adf7242: check status of adf7242_read_reg clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() mwifiex: Increase AES key storage size to 256 bits batman-adv: bla: fix type misuse for backbone_gw hash indexing atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: mcast/TT: fix wrongly dropped or rerouted packets mac802154: tx: fix use-after-free drm/vc4/vc4_hdmi: fill ASoC card owner net: qed: RDMA personality shouldn't fail VF load batman-adv: Add missing include for in_interrupt() batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh ALSA: asihpi: fix iounmap in error handler MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() s390/dasd: Fix zero write for FBA devices kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() mm, THP, swap: fix allocating cluster for swapfile by mistake lib/string.c: implement stpcpy ata: define AC_ERR_OK ata: make qc_prep return ata_completion_errors ata: sata_mv, avoid trigerrable BUG_ON Linux 4.14.200 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3d3049dca196c46cb6b2a66d60a5a6a3a099efbb |
||
|
Greg Kroah-Hartman
|
ffa8852330 |
Merge 4.14.200 into android-4.14-q
Changes in 4.14.200 af_key: pfkey_dump needs parameter validation phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init KVM: fix memory leak in kvm_io_bus_unregister_dev() kprobes: fix kill kprobe which has been marked as gone mm/thp: fix __split_huge_pmd_locked() for migration PMD RDMA/ucma: ucma_context reference leak in error path hdlc_ppp: add range checks in ppp_cp_parse_cr() ip: fix tos reflection in ack and reset packets net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC tipc: fix shutdown() of connection oriented socket tipc: use skb_unshare() instead in tipc_buf_append() bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. net: phy: Avoid NPD upon phy_detach() when driver is unbound net: add __must_check to skb_put_padto() ipv4: Update exception handling for multipath routes via same device geneve: add transport ports in route lookup for geneve serial: 8250: Avoid error message on reprobe mm: fix double page fault on arm64 if PTE_AF is cleared scsi: aacraid: fix illegal IO beyond last LBA m68k: q40: Fix info-leak in rtc_ioctl gma/gma500: fix a memory disclosure bug due to uninitialized bytes ASoC: kirkwood: fix IRQ error handling media: smiapp: Fix error handling at NVM reading arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback x86/ioapic: Unbreak check_timer() ALSA: usb-audio: Add delay quirk for H570e USB headsets ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out scsi: fnic: fix use after free clk/ti/adpll: allocate room for terminating null mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() mfd: mfd-core: Protect against NULL call-back function pointer tracing: Adding NULL checks for trace_array descriptor pointer bcache: fix a lost wake-up problem caused by mca_cannibalize_lock RDMA/i40iw: Fix potential use after free xfs: fix attr leaf header freemap.size underflow RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' mmc: core: Fix size overflow for mmc partitions gfs2: clean up iopen glock mess in gfs2_create_inode debugfs: Fix !DEBUG_FS debugfs_create_automount CIFS: Properly process SMB3 lease breaks kernel/sys.c: avoid copying possible padding bytes in copy_to_user neigh_stat_seq_next() should increase position index rt_cpu_seq_next should increase position index seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier media: ti-vpe: cal: Restrict DMA to avoid memory corruption ACPI: EC: Reference count query handlers under lock dmaengine: zynqmp_dma: fix burst length configuration powerpc/eeh: Only dump stack once if an MMIO loop is detected tracing: Set kernel_stack's caller size properly ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter selftests/ftrace: fix glob selftest tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility Bluetooth: Fix refcount use-after-free issue mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: prefetch channel before killing sock KVM: fix overflow of zero page refcount with ksm running ALSA: hda: Clear RIRB status before reading WP skbuff: fix a data race in skb_queue_len() audit: CONFIG_CHANGE don't log internal bookkeeping as an event selinux: sel_avc_get_stat_idx should increase position index scsi: lpfc: Fix RQ buffer leakage when no IOCBs available scsi: lpfc: Fix coverity errors in fmdi attribute handling drm/omap: fix possible object reference leak perf test: Fix test trace+probe_vfs_getname.sh on s390 RDMA/rxe: Fix configuration of atomic queue pair attributes KVM: x86: fix incorrect comparison in trace event media: staging/imx: Missing assignment in imx_media_capture_device_register() x86/pkeys: Add check for pkey "overflow" bpf: Remove recursion prevention from rcu free callback dmaengine: tegra-apb: Prevent race conditions on channel's freeing media: go7007: Fix URB type for interrupt handling Bluetooth: guard against controllers sending zero'd events timekeeping: Prevent 32bit truncation in scale64_check_overflow() ext4: fix a data race at inode->i_disksize mm: avoid data corruption on CoW fault into PFN-mapped VMA drm/amdgpu: increase atombios cmd timeout ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read scsi: aacraid: Disabling TM path and only processing IOP reset Bluetooth: L2CAP: handle l2cap config request during open state media: tda10071: fix unsigned sign extension overflow xfs: don't ever return a stale pointer from __xfs_dir3_free_read tpm: ibmvtpm: Wait for buffer to be set before proceeding rtc: ds1374: fix possible race condition tracing: Use address-of operator on section symbols serial: 8250_port: Don't service RX FIFO if throttled serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout perf cpumap: Fix snprintf overflow check cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn tools: gpio-hammer: Avoid potential overflow in main RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' svcrdma: Fix leak of transport addresses ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() mm/kmemleak.c: use address-of operator on section symbols mm/filemap.c: clear page error before actual read mm/vmscan.c: fix data races using kswapd_classzone_idx mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area scsi: qedi: Fix termination timeouts in session logout serial: uartps: Wait for tx_empty in console setup KVM: Remove CREATE_IRQCHIP/SET_PIT2 race bdev: Reduce time holding bd_mutex in sync in blkdev_close() drivers: char: tlclk.c: Avoid data race between init and interrupt handler staging:r8188eu: avoid skb_clone for amsdu to msdu conversion sparc64: vcc: Fix error return code in vcc_probe() arm64: cpufeature: Relax checks for AArch32 support at EL[0-2] dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion atm: fix a memory leak of vcc->user_back power: supply: max17040: Correct voltage reading phy: samsung: s5pv210-usb2: Add delay after reset Bluetooth: Handle Inquiry Cancel error after Inquiry Complete USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() tty: serial: samsung: Correct clock selection logic ALSA: hda: Fix potential race in unsol event handler powerpc/traps: Make unrecoverable NMIs die instead of panic fuse: don't check refcount after stealing page USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register e1000: Do not perform reset in reset_task if we are already down drm/nouveau/debugfs: fix runtime pm imbalance on error printk: handle blank console arguments passed in. usb: dwc3: Increase timeout for CmdAct cleared by device controller btrfs: don't force read-only after error in drop snapshot vfio/pci: fix memory leaks of eventfd ctx perf util: Fix memory leak of prefix_if_not_in perf kcore_copy: Fix module map when there are no modules loaded mtd: rawnand: omap_elm: Fix runtime PM imbalance on error ceph: fix potential race in ceph_check_caps mm/swap_state: fix a data race in swapin_nr_pages rapidio: avoid data race between file operation callbacks and mport_cdev_add(). mtd: parser: cmdline: Support MTD names containing one or more colons x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline vfio/pci: Clear error and request eventfd ctx after releasing cifs: Fix double add page to memcg when cifs_readpages scsi: libfc: Handling of extra kref scsi: libfc: Skip additional kref updating work event selftests/x86/syscall_nt: Clear weird flags after each test vfio/pci: fix racy on error and request eventfd ctx btrfs: qgroup: fix data leak caused by race between writeback and truncate s390/init: add missing __init annotations i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() objtool: Fix noreturn detection for ignored functions ieee802154: fix one possible memleak in ca8210_dev_com_init ieee802154/adf7242: check status of adf7242_read_reg clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() mwifiex: Increase AES key storage size to 256 bits batman-adv: bla: fix type misuse for backbone_gw hash indexing atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: mcast/TT: fix wrongly dropped or rerouted packets mac802154: tx: fix use-after-free drm/vc4/vc4_hdmi: fill ASoC card owner net: qed: RDMA personality shouldn't fail VF load batman-adv: Add missing include for in_interrupt() batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh ALSA: asihpi: fix iounmap in error handler MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() s390/dasd: Fix zero write for FBA devices kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() mm, THP, swap: fix allocating cluster for swapfile by mistake lib/string.c: implement stpcpy ata: define AC_ERR_OK ata: make qc_prep return ata_completion_errors ata: sata_mv, avoid trigerrable BUG_ON Linux 4.14.200 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I15670d6e8aeaa570d2ec2e34b141f2f3825f68e4 |
||
|
Wen Yang
|
62658ebe5c |
timekeeping: Prevent 32bit truncation in scale64_check_overflow()
[ Upstream commit 4cbbc3a0eeed675449b1a4d080008927121f3da3 ] While unlikely the divisor in scale64_check_overflow() could be >= 32bit in scale64_check_overflow(). do_div() truncates the divisor to 32bit at least on 32bit platforms. Use div64_u64() instead to avoid the truncation to 32-bit. [ tglx: Massaged changelog ] Signed-off-by: Wen Yang <wenyang@linux.alibaba.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20200120100523.45656-1-wenyang@linux.alibaba.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
lucaswei
|
df08da4085 |
Merge android-4.14-q (4.14.195) into android-msm-pixel-4.14-lts
Merge 4.14.195 into android-4.14-q
Linux 4.14.195
KVM: arm/arm64: Don't reschedule in unmap_stage2_range()
* clk: Evict unregistered clks from parent caches
drivers/clk/clk.c
xen: don't reschedule in preemption off sections
mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
* do_epoll_ctl(): clean the failure exits up a bit
fs/eventpoll.c
* epoll: Keep a reference on files added to the check list
fs/eventpoll.c
powerpc/pseries: Do not initiate shutdown when system is running on UPS
net: dsa: b53: check for timeout
hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
* bonding: fix active-backup failover for current ARP slave
drivers/net/bonding/bond_main.c
vfio/type1: Add proper error unwind for vfio_iommu_replay()
ASoC: intel: Fix memleak in sst_media_open
ASoC: msm8916-wcd-analog: fix register Interrupt offset
* bonding: fix a potential double-unregister
drivers/net/bonding/bond_main.c
* bonding: show saner speed for broadcast mode
drivers/net/bonding/bond_main.c
net: fec: correct the error path for regulator disable in probe
i40e: Fix crash during removing i40e driver
i40e: Set RX_ONLY mode for unicast promiscuous on VLAN
* ext4: fix potential negative array index in do_split()
fs/ext4/namei.c
alpha: fix annotation of io{read,write}{16,32}be()
xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
virtio_ring: Avoid loop when vq is broken in virtqueue_poll
scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0
jffs2: fix UAF problem
xfs: fix inode quota reservation checks
m68knommu: fix overwriting of bits in ColdFire V3 cache control
Input: psmouse - add a newline when printing 'proto' by sysfs
media: vpss: clean up resources in init
rtc: goldfish: Enable interrupt in set_alarm() when necessary
media: budget-core: Improve exception handling in budget_register()
* scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
drivers/scsi/ufs/ufs_quirks.h
drivers/scsi/ufs/ufshcd.c
* spi: Prevent adding devices below an unregistering controller
drivers/spi/Kconfig
drivers/spi/spi.c
* jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock()
fs/jbd2/journal.c
* ext4: fix checking of directory entry validity for inline directories
fs/ext4/namei.c
* mm, page_alloc: fix core hung in free_pcppages_bulk()
mm/page_alloc.c
* mm: include CMA pages in lowmem_reserve at boot
mm/page_alloc.c
kernel/relay.c: fix memleak on destroy relay channel
romfs: fix uninitialized memory leak in romfs_dev_read()
btrfs: sysfs: use NOFS for device creation
btrfs: inode: fix NULL pointer dereference if inode doesn't need compression
btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range
btrfs: don't show full path of bind mounts in subvol=
btrfs: export helpers for subvolume name/id resolution
powerpc: Allow 4224 bytes of stack expansion for the signal frame
powerpc/mm: Only read faulting instruction when necessary in do_page_fault()
khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
khugepaged: khugepaged_test_exit() check mmget_still_valid()
perf probe: Fix memory leakage when the probe point is not found
drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset()
Merge 4.14.194 into android-4.14-q
Linux 4.14.194
dm cache: remove all obsolete writethrough-specific code
dm cache: submit writethrough writes in parallel to origin and cache
dm cache: pass cache structure to mode functions
* genirq/affinity: Make affinity setting if activated opt-in
drivers/irqchip/irq-gic-v3-its.c
include/linux/irq.h
kernel/irq/manage.c
* genirq/affinity: Handle affinity setting on inactive interrupts correctly
kernel/irq/manage.c
khugepaged: retract_page_tables() remember to test exit
sh: landisk: Add missing initialization of sh_io_port_base
tools build feature: Quote CC and CXX for their arguments
perf bench mem: Always memset source before memcpy
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
mfd: dln2: Run event handler loop under spinlock
test_kmod: avoid potential double free in trigger_config_run_type()
fs/ufs: avoid potential u32 multiplication overflow
nfs: Fix getxattr kernel panic and memory overflow
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
drm/vmwgfx: Fix two list_for_each loop exit tests
drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
Input: sentelic - fix error return when fsp_reg_write fails
i2c: rcar: avoid race when unregistering slave
tools build feature: Use CC and CXX from parent
pwm: bcm-iproc: handle clk_get_rate() return
clk: clk-atlas6: fix return value check in atlas6_clk_init()
i2c: rcar: slave: only send STOP event when we have been addressed
iommu/vt-d: Enforce PASID devTLB field mask
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
* dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
drivers/md/dm-rq.c
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
USB: serial: ftdi_sio: clean up receive processing
USB: serial: ftdi_sio: make process-packet buffer unsigned
RDMA/ipoib: Return void from ipoib_ib_dev_stop()
mfd: arizona: Ensure 32k clock is put on driver unbind and error
drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
perf intel-pt: Fix FUP packet state
pseries: Fix 64 bit logical memory block panic
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
* tracing: Use trace_sched_process_free() instead of exit() for pid tracing
kernel/trace/trace_events.c
tracing/hwlat: Honor the tracing_cpumask
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
ftrace: Setup correct FTRACE_FL_REGS flags for module
ocfs2: change slot number type s16 to u16
ext2: fix missing percpu_counter_inc
MIPS: CPU#0 is not hotpluggable
mac80211: fix misplaced while instead of if
bcache: allocate meta data pages as compound pages
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
* net/compat: Add missing sock updates for SCM_RIGHTS
include/net/sock.h
net/compat.c
net/core/sock.c
net: stmmac: dwmac1000: provide multicast filter fallback
net: ethernet: stmmac: Disable hardware multicast filter
powerpc: Fix circular dependency between percpu.h and mmu.h
xtensa: fix xtensa_pmu_setup prototype
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
dt-bindings: iio: io-channel-mux: Fix compatible string in example code
btrfs: fix memory leaks after failure to lookup checksums during inode logging
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: don't allocate anonymous block device for user invisible roots
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
smb3: warn on confusing error scenario with sec=krb5
* net: initialize fastreuse on inet_inherit_port
net/ipv4/inet_hashtables.c
xen/balloon: make the balloon wait interruptible
xen/balloon: fix accounting in alloc_xenballooned_pages error path
irqdomain/treewide: Free firmware node after domain removal
ARM: 8992/1: Fix unwind_frame for clang-built kernels
parisc: mask out enable and reserved bits from sba imask
parisc: Implement __smp_store_release and __smp_load_acquire barriers
mtd: rawnand: qcom: avoid write to unavailable register
* spi: spidev: Align buffers for DMA
drivers/spi/spidev.c
9p: Fix memory leak in v9fs_mount
* ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
sound/usb/card.h
sound/usb/pcm.c
sound/usb/quirks.c
sound/usb/stream.c
fs/minix: reject too-large maximum file size
fs/minix: don't allow getting deleted inodes
fs/minix: check return value of sb_getblk()
* bitfield.h: don't compile-time validate _val in FIELD_FIT
include/linux/bitfield.h
crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
crypto: ccp - Fix use of merged scatterlists
crypto: qat - fix double free in qat_uclo_create_batch_init_list
* ALSA: usb-audio: add quirk for Pioneer DDJ-RB
sound/usb/quirks-table.h
* ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
sound/usb/quirks-table.h
* ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
sound/usb/mixer_quirks.c
USB: serial: cp210x: enable usb generic throttle/unthrottle
USB: serial: cp210x: re-enable auto-RTS on open
* net: Set fput_needed iff FDPUT_FPUT is set
net/socket.c
* net: refactor bind_bucket fastreuse into helper
include/net/inet_connection_sock.h
net/ipv4/inet_connection_sock.c
net/nfc/rawsock.c: add CAP_NET_RAW check.
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
* af_packet: TPACKET_V3: fix fill status rwlock imbalance
net/packet/af_packet.c
crypto: aesni - add compatibility with IAS
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
pinctrl-single: fix pcs_parse_pinconf() return value
dlm: Fix kobject memleak
fsl/fman: fix eth hash table allocation
fsl/fman: check dereferencing null pointer
fsl/fman: fix unreachable code
fsl/fman: fix dereference null return value
fsl/fman: use 32-bit unsigned integer
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
liquidio: Fix wrong return value in cn23xx_get_pf_num()
net: ethernet: aquantia: Fix wrong return value
tools, build: Propagate build failures from tools/build/Makefile.build
wl1251: fix always return 0 error
s390/qeth: don't process empty bridge port events
selftests/powerpc: Fix online CPU selection
* PCI: Release IVRS table in AMD ACS quirk
drivers/pci/quirks.c
selftests/powerpc: Fix CPU affinity for child process
Bluetooth: hci_serdev: Only unregister device if it was registered
power: supply: check if calc_soc succeeded in pm860x_init_battery
* Smack: prevent underflow in smk_set_cipso()
security/smack/smackfs.c
* Smack: fix another vsscanf out of bounds
security/smack/smackfs.c
net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
scsi: mesh: Fix panic after host or bus reset
usb: dwc2: Fix error path in gadget registration
MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
* coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
drivers/hwtracing/coresight/coresight-tmc-etf.c
thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor()
USB: serial: iuu_phoenix: fix led-activity helpers
drm/imx: tve: fix regulator_disable error path
PCI/ASPM: Add missing newline in sysfs 'policy'
staging: rtl8192u: fix a dubious looking mask before a shift
powerpc/vdso: Fix vdso cpu truncation
mwifiex: Prevent memory corruption handling keys
scsi: scsi_debug: Add check for sdebug_max_queue during module init
drm/bridge: sil_sii8620: initialize return of sii8620_readb
drm: panel: simple: Fix bpc for LG LB070WV8 panel
* leds: core: Flush scheduled work for system suspend
drivers/leds/led-class.c
* PCI: Fix pci_cfg_wait queue locking problem
drivers/pci/access.c
xfs: fix reflink quota reservation accounting error
media: exynos4-is: Add missed check for pinctrl_lookup_state()
media: firewire: Using uninitialized values in node_probe()
ipvs: allow connection reuse for unconfirmed conntrack
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
drm/radeon: fix array out-of-bounds read and write issues
cxl: Fix kobject memleak
* drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
drivers/gpu/drm/drm_mipi_dsi.c
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
ASoC: Intel: bxt_rt298: add missing .owner field
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
leds: lm355x: avoid enum conversion warning
drm/arm: fix unintentional integer overflow on left shift
iio: improve IIO_CONCENTRATION channel type description
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
console: newport_con: fix an issue about leak related system resources
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
agp/intel: Fix a memory leak on module initialisation failure
ACPICA: Do not increment operation_region reference counts for field units
bcache: fix super block seq numbers comparision in register_cache_set()
* dyndbg: fix a BUG_ON in ddebug_describe_flags
lib/dynamic_debug.c
usb: bdc: Halt controller on suspend
bdc: Fix bug causing crash after multiple disconnects
usb: gadget: net2280: fix memory leak on probe error handling paths
gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
iwlegacy: Check the return value of pcie_capability_read_*()
brcmfmac: set state of hanger slot to FREE when flushing PSQ
brcmfmac: To fix Bss Info flag definition Bug
* mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
mm/mmap.c
irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
* drm/debugfs: fix plain echo to connector "force" attribute
drivers/gpu/drm/drm_debugfs.c
drm/nouveau: fix multiple instances of reference count leaks
arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
md-cluster: fix wild pointer of unlock_all_bitmaps()
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
spi: lantiq: fix: Rx overflow error in full duplex mode
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
m68k: mac: Fix IOP status/control register writes
m68k: mac: Don't send IOP message until channel is idle
arm64: dts: exynos: Fix silent hang after boot on Espresso
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
* EDAC: Fix reference count leaks
drivers/edac/edac_device_sysfs.c
drivers/edac/edac_pci_sysfs.c
arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
* sched: correct SD_flags returned by tl->sd_flags()
kernel/sched/topology.c
x86/mce/inject: Fix a wrong assignment of i_mce.status
* cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
kernel/cgroup/cgroup.c
* HID: input: Fix devices that return multiple bytes in battery report
drivers/hid/hid-input.c
* tracepoint: Mark __tracepoint_string's __used
include/linux/tracepoint.h
* Smack: fix use-after-free in smk_write_relabel_self()
security/smack/smackfs.c
rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
usb: hso: check for return value in hso_serial_common_create()
selftests/net: relax cpu affinity requirement in msg_zerocopy test
Revert "vxlan: fix tos value before xmit"
openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
* net: gre: recompute gre csum for sctp over gre tunnels
net/ipv4/gre_offload.c
hv_netvsc: do not use VF device if link is down
net: lan78xx: replace bogus endpoint lookup
vxlan: Ensure FDB dump is performed under RCU
net: ethernet: mtk_eth_soc: fix MTU warnings
* ipv6: fix memory leaks on IPV6_ADDRFORM path
include/net/addrconf.h
net/ipv6/anycast.c
net/ipv6/ipv6_sockglue.c
* ipv4: Silence suspicious RCU usage warning
net/ipv4/fib_trie.c
* xattr: break delegations in {set,remove}xattr
fs/xattr.c
include/linux/xattr.h
Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23)
tools lib traceevent: Fix memory leak in process_dynamic_array_len
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
igb: reinit_locked() should be called with rtnl_lock
* cfg80211: check vendor command doit pointer before use
net/wireless/nl80211.c
i2c: slave: add sanity check when unregistering
i2c: slave: improve sanity check when registering
drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
net/9p: validate fds in p9_fd_open
leds: 88pm860x: fix use-after-free on unbind
leds: lm3533: fix use-after-free on unbind
leds: da903x: fix use-after-free on unbind
leds: wm831x-status: fix use-after-free on unbind
mtd: properly check all write ioctls for permissions
vgacon: Fix for missing check in scrollback handling
* binder: Prevent context manager from incrementing ref 0
drivers/android/binder.c
omapfb: dss: Fix max fclk divider for omap36xx
* Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
net/bluetooth/hci_event.c
* Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
net/bluetooth/hci_event.c
* Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
net/bluetooth/hci_event.c
* staging: android: ashmem: Fix lockdep warning for write operation
drivers/staging/android/ashmem.c
ALSA: seq: oss: Serialize ioctls
* usb: xhci: Fix ASMedia ASM1142 DMA addressing
drivers/usb/host/xhci-pci.c
* usb: xhci: define IDs for various ASMedia host controllers
drivers/usb/host/xhci-pci.c
USB: iowarrior: fix up report size handling for some devices
net/mlx5e: Don't support phys switch id if not in switchdev mode
USB: serial: qcserial: add EM7305 QDL product ID
* ANDROID: fix a bug in quota2
net/netfilter/xt_quota2.c
* BACKPORT: loop: Fix wrong masking of status flags
drivers/block/loop.c
* BACKPORT: loop: Add LOOP_CONFIGURE ioctl
drivers/block/loop.c
include/uapi/linux/loop.h
* BACKPORT: loop: Clean up LOOP_SET_STATUS lo_flags handling
drivers/block/loop.c
include/uapi/linux/loop.h
* BACKPORT: loop: Rework lo_ioctl() __user argument casting
drivers/block/loop.c
* BACKPORT: loop: Move loop_set_status_from_info() and friends up
drivers/block/loop.c
* BACKPORT: loop: Factor out configuring loop from status
drivers/block/loop.c
* BACKPORT: loop: Remove figure_loop_size()
drivers/block/loop.c
* BACKPORT: loop: Refactor loop_set_status() size calculation
drivers/block/loop.c
* BACKPORT: loop: Factor out setting loop device size
drivers/block/loop.c
* BACKPORT: loop: Remove sector_t truncation checks
drivers/block/loop.c
* BACKPORT: loop: Call loop_config_discard() only after new config is applied
drivers/block/loop.c
Merge 4.14.193 into android-4.14-q
Linux 4.14.193
ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel()
* ext4: fix direct I/O read error
fs/ext4/inode.c
* random32: move the pseudo-random 32-bit definitions to prandom.h
include/linux/prandom.h
include/linux/random.h
* random32: remove net_rand_state from the latent entropy gcc plugin
include/linux/random.h
lib/random32.c
* random: fix circular include dependency on arm64 after addition of percpu.h
include/linux/random.h
ARM: percpu.h: fix build error
* random32: update the net random state on interrupt and activity
drivers/char/random.c
include/linux/random.h
kernel/time/timer.c
lib/random32.c
Revert "scsi: libsas: direct call probe and destruct"
Merge 4.14.192 into android-4.14-q
Linux 4.14.192
x86/i8259: Use printk_deferred() to prevent deadlock
KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
xen-netfront: fix potential deadlock in xennet_remove()
cxgb4: add missing release on skb in uld_send()
x86/unwind/orc: Fix ORC for newly forked tasks
Revert "i2c: cadence: Fix the hold bit setting"
net: ethernet: ravb: exit if re-initialization fails in tx timeout
parisc: add support for cmpxchg on u8 pointers
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
qed: Disable "MFW indication via attention" SPAM every 5 minutes
usb: hso: Fix debug compile warning on sparc32
* arm64: csum: Fix handling of bad packets
arch/arm64/include/asm/checksum.h
* arm64/alternatives: move length validation inside the subsection
arch/arm64/include/asm/alternative.h
mac80211: mesh: Free pending skb when destroying a mpath
mac80211: mesh: Free ie data when leaving mesh
* bpf: Fix map leak in HASH_OF_MAPS map
kernel/bpf/hashtab.c
ibmvnic: Fix IRQ mapping disposal in error path
mlxsw: core: Free EMAD transactions using kfree_rcu()
mlxsw: core: Increase scope of RCU read-side critical section
mlx4: disable device on shutdown
net: lan78xx: fix transfer-buffer memory leak
net: lan78xx: add missing endpoint sanity check
sh: Fix validation of system call number
selftests/net: rxtimestamp: fix clang issues for target arch PowerPC
net/x25: Fix null-ptr-deref in x25_disconnect
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
xfs: fix missed wakeup on l_flush_wait
rds: Prevent kernel-infoleak in rds_notify_queue_get()
* x86, vmlinux.lds: Page-align end of ..page_aligned sections
include/asm-generic/vmlinux.lds.h
x86/build/lto: Fix truncated .bss with -fdata-sections
9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
9p/trans_fd: abort p9_read_work if req status changed
* f2fs: check if file namelen exceeds max value
fs/f2fs/dir.c
* f2fs: check memory boundary by insane namelen
fs/f2fs/dir.c
* drm: hold gem reference until object is no longer accessed
drivers/gpu/drm/drm_gem.c
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
* wireless: Use offsetof instead of custom macro.
include/uapi/linux/wireless.h
* PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
drivers/pci/quirks.c
x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
ath9k: release allocated buffer if timed out
ath9k_htc: release allocated buffer if timed out
iio: imu: adis16400: fix memory leak
media: rc: prevent memory leak in cx23888_ir_probe
crypto: ccp - Release all allocated memory if sha type is invalid
net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
scsi: libsas: direct call probe and destruct
Change-Id: I29a6ac340b63f25dd3a95ae69a2e71dbc7a5b2ac
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
lucaswei
|
21174e7817 |
Merge android-4.14-q (4.14.191) into android-msm-pixel-4.14-lts
Merge 4.14.191 into android-4.14-q
Linux 4.14.191
xfs: set format back to extents if xfs_bmap_extents_to_btree
* regmap: debugfs: check count when read regmap file
drivers/base/regmap/regmap-debugfs.c
mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages
* tcp: allow at most one TLP probe per flight
include/linux/tcp.h
net/ipv4/tcp_input.c
net/ipv4/tcp_output.c
* rtnetlink: Fix memory(net_device) leak when ->newlink fails
net/core/rtnetlink.c
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
AX.25: Prevent integer overflows in connect and sendmsg
rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
* net: udp: Fix wrong clean up for IS_UDPLITE macro
net/ipv4/udp.c
net/ipv6/udp.c
* net-sysfs: add a newline when printing 'tx_timeout' by sysfs
net/core/net-sysfs.c
drivers/net/wan/x25_asy: Fix to make it work
* dev: Defer free of skbs in flush_backlog
net/core/dev.c
AX.25: Prevent out-of-bounds read in ax25_sendmsg()
AX.25: Fix out-of-bounds read in ax25_connect()
Merge 4.14.190 into android-4.14-q
Linux 4.14.190
ath9k: Fix regression with Atheros 9271
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
io-mapping: indicate mapping failure
* mm/memcg: fix refcount error while moving and swapping
mm/memcontrol.c
* Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
Makefile
vt: Reject zero-sized screen buffer size.
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
serial: 8250_mtk: Fix high-speed baud rates clamping
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: wlan-ng: properly check endpoint types
Revert "cifs: Fix the target file was deleted when rename failed."
* usb: xhci: Fix ASM2142/ASM3142 DMA addressing
drivers/usb/host/xhci-pci.c
usb: xhci-mtk: fix the failure of bandwidth allocation
* binder: Don't use mmput() from shrinker function.
drivers/android/binder_alloc.c
x86: math-emu: Fix up 'cmp' insn for clang ias
* arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
arch/arm64/kernel/debug-monitors.c
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
dmaengine: ioat setting ioat timeout as module parameter
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
* regmap: dev_get_regmap_match(): fix string comparison
drivers/base/regmap/regmap.c
spi: mediatek: use correct SPI_CFG2_REG MACRO
* Input: add `SW_MACHINE_COVER`
include/linux/mod_devicetable.h
include/uapi/linux/input-event-codes.h
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
* HID: apple: Disable Fn-key key-re-mapping on clone keyboards
drivers/hid/hid-apple.c
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
scripts/decode_stacktrace: strip basepath from all paths
serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
* bonding: check return value of register_netdevice() in bond_newlink()
drivers/net/bonding/bond_netlink.c
i2c: rcar: always clear ICSAR to avoid side effects
ipvs: fix the connection sync failed in some cases
mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
* bonding: check error value of register_netdevice() immediately
drivers/net/bonding/bond_main.c
net: smc91x: Fix possible memory leak in smc_drv_probe()
drm: sun4i: hdmi: Fix inverted HPD result
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
* ax88172a: fix ax88172a_unbind() failures
drivers/net/usb/ax88172a.c
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
bnxt_en: Fix race when modifying pause settings.
btrfs: fix page leaks after failure to lock page for delalloc
btrfs: fix mount failure caused by race with umount
btrfs: fix double free on ulist after backref resolution failure
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
* ALSA: info: Drop WARN_ON() from buffer NULL sanity check
sound/core/info.c
* uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
kernel/events/uprobes.c
IB/umem: fix reference count leak in ib_umem_odp_get()
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
irqdomain/treewide: Keep firmware node unconditionally allocated
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
net: sky2: initialize return of gm_phy_read
drivers/net/wan/lapbether: Fixed the value of hard_header_len
xtensa: update *pos in cpuinfo_op.next
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
scsi: scsi_transport_spi: Fix function pointer check
mac80211: allow rx of mesh eapol frames with default rx key
pinctrl: amd: fix npins for uart0 in kerncz_groups
gpio: arizona: put pm_runtime in case of failure
gpio: arizona: handle pm_runtime_get_sync failure case
Merge 4.14.189 into android-4.14-q
Linux 4.14.189
rxrpc: Fix trace string
libceph: don't omit recovery_deletes in target_copy()
x86/cpu: Move x86_cache_bits settings
* sched/fair: handle case of task_h_load() returning 0
kernel/sched/fair.c
* arm64: ptrace: Override SPSR.SS when single-stepping is enabled
arch/arm64/include/asm/debug-monitors.h
arch/arm64/kernel/debug-monitors.c
arch/arm64/kernel/ptrace.c
* thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
drivers/thermal/cpu_cooling.c
misc: atmel-ssc: lock with mutex instead of spinlock
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
intel_th: pci: Add Emmitsburg PCH support
intel_th: pci: Add Tiger Lake PCH-H support
intel_th: pci: Add Jasper Lake CPU support
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
* timer: Fix wheel index calculation on last level
kernel/time/timer.c
uio_pdrv_genirq: fix use without device tree and no interrupt
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
mei: bus: don't clean driver pointer
* Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
drivers/block/zram/zram_drv.c
* fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
fs/fuse/file.c
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
USB: serial: option: add Quectel EG95 LTE modem
USB: serial: option: add GosunCn GM500 series
USB: serial: ch341: add new Product ID for CH340
USB: serial: cypress_m8: enable Simply Automated UPB PIM
USB: serial: iuu_phoenix: fix memory corruption
usb: gadget: function: fix missing spinlock in f_uac1_legacy
usb: chipidea: core: add wakeup support for extcon
usb: dwc2: Fix shutdown callback in platform
USB: c67x00: fix use after free in c67x00_giveback_urb
* ALSA: usb-audio: Fix race against the error recovery URB submission
sound/usb/midi.c
ALSA: line6: Perform sanity check for each URB creation
* HID: magicmouse: do not set up autorepeat
drivers/hid/hid-magicmouse.c
mtd: rawnand: oxnas: Release all devices in the _remove() path
mtd: rawnand: oxnas: Unregister all devices on error
mtd: rawnand: oxnas: Keep track of registered devices
mtd: rawnand: brcmnand: fix CS0 layout
perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
copy_xstate_to_kernel: Fix typo which caused GDB regression
ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
Revert "thermal: mediatek: fix register index error"
staging: comedi: verify array index is correct before using it
usb: gadget: udc: atmel: fix uninitialized read in debug printk
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
arm64: dts: meson: add missing gxl rng clock
phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
iio:health:afe4404 Fix timestamp alignment and prevent data leak.
ACPI: video: Use native backlight on Acer TravelMate 5735Z
ACPI: video: Use native backlight on Acer Aspire 5783z
mmc: sdhci: do not enable card detect interrupt for gpio cd type
doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode
* Revert "usb/xhci-plat: Set PM runtime as active on resume"
drivers/usb/host/xhci-plat.c
* Revert "usb/ehci-platform: Set PM runtime as active on resume"
drivers/usb/host/ehci-platform.c
* Revert "usb/ohci-platform: Fix a warning when hibernating"
drivers/usb/host/ohci-platform.c
* of: of_mdio: Correct loop scanning logic
drivers/of/of_mdio.c
net: dsa: bcm_sf2: Fix node reference count
spi: fix initial SPI_SR value in spi-fsl-dspi
spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
iio:health:afe4403 Fix timestamp alignment and prevent data leak.
iio:pressure:ms5611 Fix buffer element alignment
iio: pressure: zpa2326: handle pm_runtime_get_sync failure
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
iio: magnetometer: ak8974: Fix runtime PM imbalance on error
iio:humidity:hdc100x Fix alignment and data leak issues
iio:magnetometer:ak8974: Fix alignment and data leak issues
* arm64/alternatives: don't patch up internal branches
arch/arm64/kernel/alternative.c
* arm64: alternative: Use true and false for boolean values
arch/arm64/kernel/alternative.c
i2c: eg20t: Load module automatically if ID matches
gfs2: read-only mounts should grab the sd_freeze_gl glock
tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
* arm64/alternatives: use subsections for replacement sequences
arch/arm64/include/asm/alternative.h
arch/arm64/kernel/vmlinux.lds.S
drm/exynos: fix ref count leak in mic_pre_enable
* cgroup: Fix sock_cgroup_data on big-endian.
include/linux/cgroup-defs.h
* cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
include/linux/cgroup-defs.h
include/linux/cgroup.h
kernel/cgroup/cgroup.c
net/core/sock.c
* tcp: md5: do not send silly options in SYNCOOKIES
net/ipv4/tcp_output.c
* tcp: make sure listeners don't initialize congestion-control state
net/ipv4/tcp.c
net/ipv4/tcp_cong.c
net_sched: fix a memory leak in atm_tc_init()
* tcp: md5: allow changing MD5 keys in all socket states
net/ipv4/tcp.c
* tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
net/ipv4/tcp.c
net/ipv4/tcp_ipv4.c
* tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
net/ipv4/tcp.c
net/ipv4/tcp_ipv4.c
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
* net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
include/net/dst.h
llc: make sure applications use ARPHRD_ETHER
* l2tp: remove skb_dst_set() from l2tp_xmit_skb()
net/l2tp/l2tp_core.c
* ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
net/ipv4/ping.c
* genetlink: remove genl_bind
include/net/genetlink.h
net/netlink/genetlink.c
s390/mm: fix huge pte soft dirty copying
ARC: elf: use right ELF_ARCH
ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
* dm: use noio when sending kobject event
drivers/md/dm.c
drm/radeon: fix double free
btrfs: fix fatal extent_buffer readahead vs releasepage race
Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
KVM: x86: Mark CR4.TSD as being possibly owned by the guest
KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
KVM: x86: bit 8 of non-leaf PDPEs is not reserved
KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART
* KVM: arm64: Fix definition of PAGE_HYP_DEVICE
arch/arm64/include/asm/pgtable-prot.h
* ALSA: usb-audio: add quirk for MacroSilicon MS2109
sound/usb/quirks-table.h
ALSA: hda - let hs_mic be picked ahead of hp_mic
ALSA: opl3: fix infoleak in opl3
mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
net: macb: mark device wake capable when "magic-packet" property present
bnxt_en: fix NULL dereference in case SR-IOV configuration fails
nbd: Fix memory leak in nbd_add_socket
arm64: kgdb: Fix single-step exception handling oops
* ALSA: compress: fix partial_drain completion state
include/sound/compress_driver.h
sound/core/compress_offload.c
smsc95xx: avoid memory leak in smsc95xx_bind
smsc95xx: check return value of smsc95xx_reset
net: cxgb4: fix return error value in t4_prep_fw
x86/entry: Increase entry_stack size to a full page
nvme-rdma: assign completion vector correctly
scsi: mptscsih: Fix read sense data size
ARM: imx6: add missing put_device() call in imx6q_suspend_init()
cifs: update ctime and mtime during truncate
s390/kasan: fix early pgm check handler execution
ixgbe: protect ring accesses with READ- and WRITE_ONCE
* spi: spidev: fix a potential use-after-free in spidev_release()
drivers/spi/spidev.c
* spi: spidev: fix a race between spidev_release and spidev_remove
drivers/spi/spidev.c
gpu: host1x: Detach driver on unregister
ARM: dts: omap4-droid4: Fix spi configuration and increase rate
spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ
spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer
spi: spi-fsl-dspi: Adding shutdown hook
KVM: s390: reduce number of IO pins to 1
ANDROID: cuttlefish_defconfig: Drop built-in cmdline
Merge 4.14.188 into android-4.14-q
Linux 4.14.188
* efi: Make it possible to disable efivar_ssdt entirely
drivers/firmware/efi/Kconfig
dm zoned: assign max_io_len correctly
* irqchip/gic: Atomically update affinity
drivers/irqchip/irq-gic.c
MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
cifs: Fix the target file was deleted when rename failed.
SMB3: Honor persistent/resilient handle flags for multiuser mounts
SMB3: Honor 'seal' flag for multiuser mounts
* Revert "ALSA: usb-audio: Improve frames size computation"
sound/usb/card.h
sound/usb/endpoint.c
sound/usb/endpoint.h
sound/usb/pcm.c
nfsd: apply umask on fs without ACL support
i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
virtio-blk: free vblk-vqs in error path of virtblk_probe()
drm: sun4i: hdmi: Remove extra HPD polling
hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add()
hwmon: (max6697) Make sure the OVERT mask is set correctly
cxgb4: parse TC-U32 key values and masks natively
cxgb4: use unaligned conversion for fetching timestamp
crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
kgdb: Avoid suspicious RCU usage warning
usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
* mm/slub: fix stack overruns with SLUB_STATS
mm/slub.c
* mm/slub.c: fix corrupted freechain in deactivate_slab()
mm/slub.c
usbnet: smsc95xx: Fix use-after-free after removal
EDAC/amd64: Read back the scrub rate PCI register on F15h
* mm: fix swap cache node allocation mask
mm/swap_state.c
btrfs: fix data block group relocation failure due to concurrent scrub
btrfs: cow_file_range() num_bytes and disk_num_bytes are same
btrfs: fix a block group ref counter leak after failure to remove block group
Merge 4.14.187 into android-4.14-q
Linux 4.14.187
Revert "tty: hvc: Fix data abort due to race in hvc_open"
xfs: add agf freeblocks verify in xfs_agf_verify
NFSv4 fix CLOSE not waiting for direct IO compeletion
pNFS/flexfiles: Fix list corruption if the mirror count changes
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
sunrpc: fixed rollback in rpc_gssd_dummy_populate()
Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
drm/radeon: fix fb_div check in ni_init_smc_spll_table()
* tracing: Fix event trigger to accept redundant spaces
kernel/trace/trace_events_trigger.c
* arm64: perf: Report the PC value in REGS_ABI_32 mode
arch/arm64/kernel/perf_regs.c
ocfs2: fix panic on nfs server over ocfs2
ocfs2: fix value of OCFS2_INVALID_SLOT
ocfs2: load global_inode_alloc
* mm/slab: use memzero_explicit() in kzfree()
mm/slab_common.c
btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
KVM: nVMX: Plumb L2 GPA through to PML emulation
KVM: X86: Fix MSR range of APIC registers in X2APIC mode
ACPI: sysfs: Fix pm_profile_attr type
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
* blktrace: break out of blktrace setup on concurrent calls
kernel/trace/blktrace.c
* kbuild: improve cc-option to clean up all temporary files
scripts/Kbuild.include
s390/ptrace: fix setting syscall number
net: alx: fix race condition in alx_remove
ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function
* sched/core: Fix PI boosting between RT and DEADLINE tasks
kernel/sched/core.c
net: bcmgenet: use hardware padding of runt frames
netfilter: ipset: fix unaligned atomic access
usb: gadget: udc: Potential Oops in error handling code
ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
net: qed: fix excessive QM ILT lines consumption
net: qed: fix NVMe login fails over VFs
net: qed: fix left elements count calculation
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
ASoC: rockchip: Fix a reference count leak.
RDMA/cma: Protect bind_list and listen_list while finding matching cm id
rxrpc: Fix handling of rwind from an ACK packet
ARM: dts: NSP: Correct FA2 mailbox node
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
cifs/smb3: Fix data inconsistent when zero file range
cifs/smb3: Fix data inconsistent when punch hole
* xhci: Poll for U0 after disabling USB2 LPM
drivers/usb/host/xhci.c
* ALSA: usb-audio: Fix OOB access of mixer element list
sound/usb/mixer.c
sound/usb/mixer.h
sound/usb/mixer_quirks.c
* ALSA: usb-audio: Clean up mixer element list traverse
sound/usb/mixer.c
sound/usb/mixer.h
sound/usb/mixer_quirks.c
sound/usb/mixer_scarlett.c
* ALSA: usb-audio: uac1: Invalidate ctl on interrupt
sound/usb/mixer.c
* loop: replace kill_bdev with invalidate_bdev
drivers/block/loop.c
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
* xhci: Fix enumeration issue when setting max packet size for FS devices.
drivers/usb/host/xhci.c
* xhci: Fix incorrect EP_STATE_MASK
drivers/usb/host/xhci.h
* ALSA: usb-audio: add quirk for Denon DCD-1500RE
sound/usb/quirks.c
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
usb: host: xhci-mtk: avoid runtime suspend when removing hcd
* USB: ehci: reopen solution for Synopsys HC bug
drivers/usb/host/ehci-pci.c
* usb: add USB_QUIRK_DELAY_INIT for Logitech C922
drivers/usb/core/quirks.c
usb: dwc2: Postponed gadget registration to the udc class driver
USB: ohci-sm501: Add missed iounmap() in remove
* net: core: reduce recursion limit value
include/linux/netdevice.h
* net: Do not clear the sock TX queue in sk_set_socket()
include/net/sock.h
net/core/sock.c
* net: Fix the arp error in some cases
net/ipv4/fib_semantics.c
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
* tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
net/ipv4/tcp_cubic.c
* ip_tunnel: fix use-after-free in ip_tunnel_lookup()
net/ipv4/ip_tunnel.c
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
* tcp: grow window for OOO packets only for SACK flows
net/ipv4/tcp_input.c
* sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
include/net/sctp/constants.h
net/sctp/associola.c
net/sctp/bind_addr.c
net/sctp/protocol.c
rxrpc: Fix notification call on completion of discarded calls
rocker: fix incorrect error handling in dma_rings_init
* net: usb: ax88179_178a: fix packet alignment padding
drivers/net/usb/ax88179_178a.c
* net: fix memleak in register_netdevice()
net/core/dev.c
* net: bridge: enfore alignment for ethernet address
net/bridge/br_private.h
* mld: fix memory leak in ipv6_mc_destroy_dev()
net/ipv6/mcast.c
ibmveth: Fix max MTU limit
apparmor: don't try to replace stale label in ptraceme check
fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()"
* net: sched: export __netdev_watchdog_up()
net/sched/sch_generic.c
block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
* net: be more gentle about silly gso requests coming from user
include/linux/virtio_net.h
* scsi: scsi_devinfo: handle non-terminated strings
drivers/scsi/scsi_devinfo.c
Change-Id: Ic7e7b6fbe817b09ba7306dd6354f04d5fbace3a7
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
0d274200bf |
Merge 4.14.193 into android-4.14-stable
Changes in 4.14.193 Revert "scsi: libsas: direct call probe and destruct" random32: update the net random state on interrupt and activity ARM: percpu.h: fix build error random: fix circular include dependency on arm64 after addition of percpu.h random32: remove net_rand_state from the latent entropy gcc plugin random32: move the pseudo-random 32-bit definitions to prandom.h ext4: fix direct I/O read error ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() Linux 4.14.193 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I4b4c5e1aa4379dba5af55d2c08bb9ae0119bc77d |
||
|
Greg Kroah-Hartman
|
eef3fcbfb7 |
Merge 4.14.193 into android-4.14-q
Changes in 4.14.193 Revert "scsi: libsas: direct call probe and destruct" random32: update the net random state on interrupt and activity ARM: percpu.h: fix build error random: fix circular include dependency on arm64 after addition of percpu.h random32: remove net_rand_state from the latent entropy gcc plugin random32: move the pseudo-random 32-bit definitions to prandom.h ext4: fix direct I/O read error ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() Linux 4.14.193 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I2d9dd9656ab62ca6a136e35aa6a07fc68685ee10 |
||
|
Willy Tarreau
|
583bcbc024 |
random32: update the net random state on interrupt and activity
commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream. This modifies the first 32 bits out of the 128 bits of a random CPU's net_rand_state on interrupt or CPU activity to complicate remote observations that could lead to guessing the network RNG's internal state. Note that depending on some network devices' interrupt rate moderation or binding, this re-seeding might happen on every packet or even almost never. In addition, with NOHZ some CPUs might not even get timer interrupts, leaving their local state rarely updated, while they are running networked processes making use of the random state. For this reason, we also perform this update in update_process_times() in order to at least update the state when there is user or system activity, since it's the only case we care about. Reported-by: Amit Klein <aksecurity@gmail.com> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Eric Dumazet <edumazet@google.com> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
4437a4dfa7 |
Merge 4.14.189 into android-4.14-stable
Changes in 4.14.189
KVM: s390: reduce number of IO pins to 1
spi: spi-fsl-dspi: Adding shutdown hook
spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer
spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ
spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
ARM: dts: omap4-droid4: Fix spi configuration and increase rate
gpu: host1x: Detach driver on unregister
spi: spidev: fix a race between spidev_release and spidev_remove
spi: spidev: fix a potential use-after-free in spidev_release()
ixgbe: protect ring accesses with READ- and WRITE_ONCE
s390/kasan: fix early pgm check handler execution
cifs: update ctime and mtime during truncate
ARM: imx6: add missing put_device() call in imx6q_suspend_init()
scsi: mptscsih: Fix read sense data size
nvme-rdma: assign completion vector correctly
x86/entry: Increase entry_stack size to a full page
net: cxgb4: fix return error value in t4_prep_fw
smsc95xx: check return value of smsc95xx_reset
smsc95xx: avoid memory leak in smsc95xx_bind
ALSA: compress: fix partial_drain completion state
arm64: kgdb: Fix single-step exception handling oops
nbd: Fix memory leak in nbd_add_socket
bnxt_en: fix NULL dereference in case SR-IOV configuration fails
net: macb: mark device wake capable when "magic-packet" property present
mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
ALSA: opl3: fix infoleak in opl3
ALSA: hda - let hs_mic be picked ahead of hp_mic
ALSA: usb-audio: add quirk for MacroSilicon MS2109
KVM: arm64: Fix definition of PAGE_HYP_DEVICE
KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART
KVM: x86: bit 8 of non-leaf PDPEs is not reserved
KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
KVM: x86: Mark CR4.TSD as being possibly owned by the guest
Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
btrfs: fix fatal extent_buffer readahead vs releasepage race
drm/radeon: fix double free
dm: use noio when sending kobject event
ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
ARC: elf: use right ELF_ARCH
s390/mm: fix huge pte soft dirty copying
genetlink: remove genl_bind
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
llc: make sure applications use ARPHRD_ETHER
net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
tcp: md5: allow changing MD5 keys in all socket states
net_sched: fix a memory leak in atm_tc_init()
tcp: make sure listeners don't initialize congestion-control state
tcp: md5: do not send silly options in SYNCOOKIES
cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
cgroup: Fix sock_cgroup_data on big-endian.
drm/exynos: fix ref count leak in mic_pre_enable
arm64/alternatives: use subsections for replacement sequences
tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
gfs2: read-only mounts should grab the sd_freeze_gl glock
i2c: eg20t: Load module automatically if ID matches
arm64: alternative: Use true and false for boolean values
arm64/alternatives: don't patch up internal branches
iio:magnetometer:ak8974: Fix alignment and data leak issues
iio:humidity:hdc100x Fix alignment and data leak issues
iio: magnetometer: ak8974: Fix runtime PM imbalance on error
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
iio: pressure: zpa2326: handle pm_runtime_get_sync failure
iio:pressure:ms5611 Fix buffer element alignment
iio:health:afe4403 Fix timestamp alignment and prevent data leak.
spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
spi: fix initial SPI_SR value in spi-fsl-dspi
net: dsa: bcm_sf2: Fix node reference count
of: of_mdio: Correct loop scanning logic
Revert "usb/ohci-platform: Fix a warning when hibernating"
Revert "usb/ehci-platform: Set PM runtime as active on resume"
Revert "usb/xhci-plat: Set PM runtime as active on resume"
doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode
mmc: sdhci: do not enable card detect interrupt for gpio cd type
ACPI: video: Use native backlight on Acer Aspire 5783z
ACPI: video: Use native backlight on Acer TravelMate 5735Z
iio:health:afe4404 Fix timestamp alignment and prevent data leak.
phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
arm64: dts: meson: add missing gxl rng clock
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
usb: gadget: udc: atmel: fix uninitialized read in debug printk
staging: comedi: verify array index is correct before using it
Revert "thermal: mediatek: fix register index error"
ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
copy_xstate_to_kernel: Fix typo which caused GDB regression
perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
mtd: rawnand: brcmnand: fix CS0 layout
mtd: rawnand: oxnas: Keep track of registered devices
mtd: rawnand: oxnas: Unregister all devices on error
mtd: rawnand: oxnas: Release all devices in the _remove() path
HID: magicmouse: do not set up autorepeat
ALSA: line6: Perform sanity check for each URB creation
ALSA: usb-audio: Fix race against the error recovery URB submission
USB: c67x00: fix use after free in c67x00_giveback_urb
usb: dwc2: Fix shutdown callback in platform
usb: chipidea: core: add wakeup support for extcon
usb: gadget: function: fix missing spinlock in f_uac1_legacy
USB: serial: iuu_phoenix: fix memory corruption
USB: serial: cypress_m8: enable Simply Automated UPB PIM
USB: serial: ch341: add new Product ID for CH340
USB: serial: option: add GosunCn GM500 series
USB: serial: option: add Quectel EG95 LTE modem
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
mei: bus: don't clean driver pointer
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
uio_pdrv_genirq: fix use without device tree and no interrupt
timer: Fix wheel index calculation on last level
MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
intel_th: pci: Add Jasper Lake CPU support
intel_th: pci: Add Tiger Lake PCH-H support
intel_th: pci: Add Emmitsburg PCH support
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
misc: atmel-ssc: lock with mutex instead of spinlock
thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
arm64: ptrace: Override SPSR.SS when single-stepping is enabled
sched/fair: handle case of task_h_load() returning 0
x86/cpu: Move x86_cache_bits settings
libceph: don't omit recovery_deletes in target_copy()
rxrpc: Fix trace string
Linux 4.14.189
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib5da2b58af11e2738c78990bf691a0211a55a40f
|