https://source.android.com/docs/security/bulletin/2023-12-01
* tag 'ASB-2023-12-05_4.14-stable' of https://android.googlesource.com/kernel/common:
Linux 4.14.331
net: sched: fix race condition in qdisc_graft()
scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids
ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
ext4: correct return value of ext4_convert_meta_bg
ext4: correct offset of gdb backup in non meta_bg group to update_backups
ext4: apply umask if ACL support is disabled
media: venus: hfi: fix the check to handle session buffer requirement
media: sharp: fix sharp encoding
i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
net: dsa: lan9303: consequently nested-lock physical MDIO
ALSA: info: Fix potential deadlock at disconnection
parisc/pgtable: Do not drop upper 5 address bits of physical address
parisc: Prevent booting 64-bit kernels on PA1.x machines
mcb: fix error handling for different scenarios when parsing
jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
mmc: meson-gx: Remove setting of CMD_CFG_ERROR
PM: hibernate: Clean up sync_read handling in snapshot_write_next()
PM: hibernate: Use __get_safe_page() rather than touching the list
mmc: vub300: fix an error code
PCI/sysfs: Protect driver's D3cold preference from user space
hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
audit: don't take task_lock() in audit_exe_compare() code path
KVM: x86: Ignore MSR_AMD64_TW_CFG access
randstruct: Fix gcc-plugin performance mode to stay in group
media: venus: hfi: add checks to perform sanity on queue pointers
pwm: Fix double shift bug
gfs2: ignore negated quota changes
media: vivid: avoid integer overflow
media: gspca: cpia1: shift-out-of-bounds in set_flicker
i2c: sun6i-p2wi: Prevent potential division by zero
tty: vcc: Add check for kstrdup() in vcc_probe()
scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
atm: iphase: Do PCI error checks on own line
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
jfs: fix array-index-out-of-bounds in diAlloc
jfs: fix array-index-out-of-bounds in dbFindLeaf
fs/jfs: Add validity check for db_maxag and db_agpref
fs/jfs: Add check for negative db_l2nbperpage
RDMA/hfi1: Use FIELD_GET() to extract Link Width
crypto: pcrypt - Fix hungtask for PADATA_RESET
selftests/efivarfs: create-read: fix a resource leak
drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
net: annotate data-races around sk->sk_dst_pending_confirm
wifi: ath10k: fix clang-specific fortify warning
wifi: ath9k: fix clang-specific fortify warnings
wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
clocksource/drivers/timer-imx-gpt: Fix potential memory leak
locking/ww_mutex/test: Fix potential workqueue corruption
Linux 4.14.330
btrfs: use u64 for buffer sizes in the tree search ioctls
Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
fbdev: fsl-diu-fb: mark wr_reg_wa() static
netfilter: xt_recent: fix (increase) ipv6 literal buffer length
tg3: power down device only on SYSTEM_POWER_OFF
dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses.
dccp: Call security_inet_conn_request() after setting IPv4 addresses.
tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING
llc: verify mac len before reading mac header
pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
media: dvb-usb-v2: af9035: fix missing unlock
media: s3c-camif: Avoid inappropriate kfree()
pcmcia: ds: fix possible name leak in error path in pcmcia_device_add()
pcmcia: ds: fix refcount leak in pcmcia_device_add()
pcmcia: cs: fix possible hung task and memory leak pccardd()
dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc()
USB: usbip: fix stub_dev hub disconnect
misc: st_core: Do not call kfree_skb() under spin_lock_irqsave()
dmaengine: ti: edma: handle irq_of_parse_and_map() errors
usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency
tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
mfd: dln2: Fix double put in dln2_probe
ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
sh: bios: Revive earlyprintk support
RDMA/hfi1: Workaround truncation compilation error
ext4: move 'ix' sanity check to corrent position
ARM: 9321/1: memset: cast the constant byte to unsigned char
hwrng: geode - fix accessing registers
firmware: ti_sci: Mark driver as non removable
ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator
drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe()
drm/radeon: possible buffer overflow
drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs
platform/x86: wmi: Fix probe failure when failing to register WMI devices
clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies
ipv6: avoid atomic fragment on GSO packets
ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
thermal: core: prevent potential string overflow
wifi: rtlwifi: fix EDCA limit set by BT coexistence
tcp_metrics: do not create an entry from tcp_init_metrics()
tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics()
i40e: fix potential memory leaks in i40e_remove()
Linux 4.14.329
tty: 8250: Add support for Intashield IS-100
tty: 8250: Add support for Brainboxes UP cards
tty: 8250: Add support for additional Brainboxes UC cards
tty: 8250: Remove UC-257 and UC-431
usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility
PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
remove the sx8 block driver
ata: ahci: fix enum constants for gcc-13
net: chelsio: cxgb4: add an error code check in t4_load_phy_fw
platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e
scsi: mpt3sas: Fix in error path
fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit()
ASoC: rt5650: fix the wrong result of key button
netfilter: nfnetlink_log: silence bogus compiler warning
fbdev: atyfb: only use ioremap_uc() on i386 and ia64
Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport
dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe
irqchip/stm32-exti: add missing DT IRQ flag translation
ASoC: simple-card: fixup asoc_simple_probe() error handling
x86: Fix .brk attribute in linker script
rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
rpmsg: glink: Release driver_override
rpmsg: Fix calling device_lock() on non-initialized device
rpmsg: Fix kfree() of static memory on setting driver_override
driver: platform: Add helper for safer setting of driver_override
x86/mm: Fix RESERVE_BRK() for older binutils
x86/mm: Simplify RESERVE_BRK()
x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
nfsd: lock_rename() needs both directories to live on the same fs
f2fs: fix to do sanity check on inode type during garbage collection
kobject: Fix slab-out-of-bounds in fill_kobj_path()
drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper()
ARM: 8933/1: replace Sun/Solaris style flag on section directive
NFS: Don't call generic_error_remove_page() while holding locks
perf/core: Fix potential NULL deref
i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR
gtp: uapi: fix GTPA_MAX
tcp: fix wrong RTO timeout when received SACK reneging
r8152: Increase USB control msg timeout to 5000ms as per spec
igb: Fix potential memory leak in igb_add_ethtool_nfc_entry
treewide: Spelling fix in comment
virtio_balloon: Fix endless deflation and inflation on arm64
mcb-lpc: Reallocate memory region to avoid memory overlapping
mcb: Return actual parsed size when reading chameleon table
Conflicts:
drivers/thermal/thermal_core.c
fs/f2fs/gc.c
Change-Id: I569f299ba1ad3b7e86b113637e117519bf3685a0
f1fa46ded9