bka
341 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Tim Zimmermann
|
0a49b41814 |
syscall: Increase bpf fake uname to 5.4.186
* https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/3088785 Change-Id: Iaba91f5594cebd2e361b670fb866abb5c58c6707 |
||
|
Nguyễn Long
|
ce1f47879b |
syscall: Increase bpf fake uname to 4.19.236
* https://android-review.googlesource.com/c/platform/packages/modules/Connectivity/+/3088785 Change-Id: Ic13a1ea53dc6a239a2d436a563772cf4f28b0ac3 |
||
|
Tim Zimmermann
|
ee403c8d28 |
syscall: Fake uname to 4.19 also for netbpfload
* This is required for U QPR2 Change-Id: I0321c64f77fccf74ff2472c3abd29e8b6b4be1ce |
||
|
Tim Zimmermann
|
cec7d7053d |
syscall: Fake uname to 4.19 for bpfloader/netd
* Google is attempting to kill 4.14 in
|
||
|
Wilson Sung
|
fa8bc31678 |
Merge android-4.9-q (4.9.284) into android-msm-pixel-4.9-sc-lts
Merge 4.9.284 into android-4.9-q
Linux 4.9.284
* sctp: validate from_addr_param return
include/net/sctp/structs.h
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
ceph: lockdep annotations for try_nonblocking_invalidate
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
* dmaengine: ioat: depends on !UML
drivers/dma/Kconfig
parisc: Move pci_dev_is_behind_card_dino to where it is used
pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered
* profiling: fix shift-out-of-bounds bugs
kernel/profile.c
* prctl: allow to setup brk for et_dyn executables
kernel/sys.c
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
* staging: android: ion: fix page is NULL
drivers/staging/android/ion/ion_system_heap.c
crypto: talitos - fix max key size for sha384 and sha512
* PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
drivers/base/power/wakeirq.c
s390/bpf: Fix optimizing out zero-extensions
Merge 4.9.283 into android-4.9-q
Linux 4.9.283
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
net: renesas: sh_eth: Fix freeing wrong tx descriptor
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
net: dsa: b53: Fix calculating number of switch ports
ARC: export clear_user_page() for modules
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
* PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
include/linux/pci.h
ethtool: Fix an error code in cxgb2.c
net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
mfd: Don't use irq_create_mapping() to resolve a mapping
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
* tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
net/ipv4/tcp_input.c
* net/af_unix: fix a data-race in unix_dgram_poll
include/linux/skbuff.h
net/unix/af_unix.c
* events: Reuse value read using READ_ONCE instead of re-reading it
kernel/events/core.c
tipc: increase timeout in tipc_sk_enqueue()
r6040: Restore MDIO clock frequency after MAC reset
* net/l2tp: Fix reference count leak in l2tp_udp_recv_core
net/l2tp/l2tp_core.c
dccp: don't duplicate ccid when cloning dccp sock
ptp: dp83640: don't define PAGE0
net-caif: avoid user-triggerable WARN_ON(1)
bnx2x: Fix enabling network interfaces without VFs
xen: reset legacy rtc flag for PV domU
platform/chrome: cros_ec_proto: Send command again when timeout occurs
memcg: enable accounting for pids in nested pid namespaces
* mm/hugetlb: initialize hugetlb_usage in mm_init
include/linux/hugetlb.h
kernel/fork.c
scsi: BusLogic: Fix missing pr_cont() use
parisc: fix crash with signals and alloca
net: w5100: check return value after calling platform_get_resource()
* net: fix NULL pointer reference in cipso_v4_doi_free
net/netlabel/netlabel_cipso_v4.c
ath9k: fix sleeping in atomic context
ath9k: fix OOB read ar9300_eeprom_restore_internal
parport: remove non-zero check on count
usbip: give back URBs for unsent unlink requests during cleanup
* Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
drivers/usb/host/xhci.c
cifs: fix wrong release in sess_alloc_buffer() failed path
mmc: rtsx_pci: Fix long reads when clock is prescaled
gfs2: Don't call dlm after protocol is unmounted
rpc: fix gss_svc_init cleanup on failure
ARM: tegra: tamonten: Fix UART pad setting
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
* Bluetooth: avoid circular locks in sco_sock_connect
net/bluetooth/sco.c
net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
* Bluetooth: skip invalid hci_sync_conn_complete_evt
net/bluetooth/hci_event.c
ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
staging: ks7010: Fix the initialization of the 'sleep_status' structure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
hvsi: don't panic on tty_register_driver failure
xtensa: ISS: don't panic in rs_init
serial: 8250: Define RX trigger levels for OxSemi 950 devices
s390/jump_label: print real address in a case of a jump label bug
* flow_dissector: Fix out-of-bounds warnings
net/core/flow_dissector.c
* ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
net/ipv4/ip_output.c
video: fbdev: riva: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
bpf/tests: Do not PASS tests without actually testing the result
bpf/tests: Fix copy-and-paste error in double word test
tty: serial: jsm: hold port lock when reporting modem line changes
staging: board: Fix uninitialized spinlock when attaching genpd
* usb: gadget: composite: Allow bMaxPower=0 if self-powered
drivers/usb/gadget/composite.c
* usb: gadget: u_ether: fix a potential null pointer dereference
drivers/usb/gadget/function/u_ether.c
usb: host: fotg210: fix the actual_length of an iso packet
usb: host: fotg210: fix the endpoint's transactional opportunities calculation
* Smack: Fix wrong semantics in smk_access_entry()
security/smack/smack_access.c
* netlink: Deal with ESRCH error in nlmsg_notify()
net/netlink/af_netlink.c
video: fbdev: kyro: fix a DoS bug by restricting user input
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
* PCI: Use pci_update_current_state() in pci_enable_device_flags()
drivers/pci/pci.c
crypto: mxs-dcp - Use sg_mapping_iter to copy data
MIPS: Malta: fix alignment of the devicetree buffer
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
openrisc: don't printk() unconditionally
* vfio: Use config not menuconfig for VFIO_NOIOMMU
drivers/vfio/Kconfig
* PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
drivers/pci/syscall.c
* PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
drivers/pci/quirks.c
ARM: 9105/1: atags_to_fdt: don't warn about stack size
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
media: rc-loopback: return number of emitters rather than error
media: uvc: don't do DMA on stack
VMCI: fix NULL pointer dereference when unmapping queue pair
power: supply: max17042: handle fails of reading status register
crypto: public_key: fix overflow during implicit conversion
xen: fix setting of max_pfn in shared_info
powerpc/perf/hv-gpci: Fix counter value parsing
* PCI/MSI: Skip masking MSI-X on Xen PV
drivers/pci/msi.c
rtc: tps65910: Correct driver module alias
* fbmem: don't allow too huge resolutions
drivers/video/fbdev/core/fbmem.c
clk: kirkwood: Fix a clocking boot regression
IMA: remove -Wmissing-prototypes warning
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
* tty: Fix data race between tiocsti() and flush_to_ldisc()
drivers/tty/tty_io.c
* ipv4: make exception cache less predictible
net/ipv4/route.c
bcma: Fix memory leak for internally-handled cores
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
i2c: mt65xx: fix IRQ check
CIFS: Fix a potencially linear read overflow
mmc: moxart: Fix issue with uninitialized dma_slave_config
mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
i2c: s3c2410: fix IRQ check
i2c: iop3xx: fix deferred probing
* Bluetooth: add timeout sanity check to hci_inquiry
net/bluetooth/hci_core.c
usb: gadget: mv_u3d: request_irq() after initializing UDC
usb: phy: tahvo: add IRQ check
usb: host: ohci-tmio: add IRQ check
* Bluetooth: Move shutdown callback before flushing tx and rx queue
net/bluetooth/hci_core.c
usb: phy: twl6030: add IRQ checks
usb: phy: fsl-usb: add IRQ check
usb: gadget: udc: at91: add IRQ check
drm/msm/dsi: Fix some reference counted resource leaks
* Bluetooth: fix repeated calls to sco_sock_kill
net/bluetooth/sco.c
arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
soc: qcom: smsm: Fix missed interrupts if state changes while masked
* PCI: PM: Enable PME if it can be signaled from D3cold
drivers/pci/pci.c
i2c: highlander: add IRQ check
* net: cipso: fix warnings in netlbl_cipsov4_add_std
net/netlabel/netlabel_cipso_v4.c
* tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
net/ipv4/tcp_ipv4.c
* Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
net/bluetooth/sco.c
media: go7007: remove redundant initialization
media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
* certs: Trigger creation of RSA module signing key if it's not an RSA key
certs/Makefile
crypto: qat - use proper type for vf_mask
spi: spi-pic32: Fix issue with uninitialized dma_slave_config
m68k: emu: Fix invalid free in nfeth_cleanup()
udf_get_extendedattr() had no boundary checks.
crypto: qat - do not export adf_iov_putmsg()
crypto: qat - fix naming for init/shutdown VF to PF notifications
crypto: qat - fix reuse of completion variable
crypto: qat - handle both source of interrupt in VF ISR
crypto: qat - do not ignore errors from enable_vf2pf_comms()
libata: fix ata_host_start()
power: supply: max17042_battery: fix typo in MAx17042_TOFF
udf: Check LVID earlier
crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors
crypto: mxs-dcp - Check for DMA mapping errors
* regmap: fix the offset of register error log
drivers/base/regmap/regmap.c
* PCI: Call Max Payload Size-related fixup quirks early
drivers/pci/quirks.c
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
* mm/page_alloc: speed up the iteration of max_order
mm/page_alloc.c
net: ll_temac: Remove left-over debug message
powerpc/boot: Delete unneeded .globl _zimage_start
powerpc/module64: Fix comment in R_PPC64_ENTRY handling
crypto: talitos - reduce max key size for SEC1
mm/kmemleak.c: make cond_resched() rate-limiting more efficient
s390/disassembler: correct disassembly lines alignment
* ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
net/ipv4/icmp.c
gfs2: Don't clear SGID when inheriting ACLs
nvme-pci: Fix an error handling path in 'nvme_probe()'
tc358743: fix register i2c_rd/wr function fix
* PM / wakeirq: Enable dedicated wakeirq for suspend
drivers/base/power/wakeirq.c
net/sched: cls_flower: Use mask for addr_type
USB: serial: mos7720: improve OOM-handling in read_mos_reg()
usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled
* igmp: Add ip_mc_list lock in ip_check_mc_rcu
net/ipv4/igmp.c
media: stkwebcam: fix memory leak in stk_camera_probe
ath9k: Postpone key cache entry deletion for TXQ frames reference it
ath: Modify ath_key_delete() to not need full key entry
ath: Export ath_hw_keysetmac()
ath9k: Clear key cache explicitly on disabling hardware
ath: Use safer key clearing with key cache entries
* ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
sound/core/pcm_lib.c
ARM: 8918/2: only build return_address() if needed
* cryptoloop: add a deprecation warning
drivers/block/Kconfig
perf/x86/amd/ibs: Work around erratum #1197
qede: Fix memset corruption
qed: Fix the VF msix vectors flow
xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
mtd: nand: atmel_nand: remove build warning in atmel_nand_remove()
* ext4: fix race writing to an inline_data file while its xattrs are changing
fs/ext4/inline.c
Merge 4.9.282 into android-4.9-q
Linux 4.9.282
Revert "floppy: reintroduce O_NDELAY fix"
KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
* fbmem: add margin check to fb_check_caps()
drivers/video/fbdev/core/fbmem.c
* vt_kdsetmode: extend console locking
drivers/tty/vt/vt_ioctl.c
net/rds: dma_map_sg is entitled to merge entries
vringh: Use wiov->used to check for read/write desc order
virtio: Improve vq->broken access to avoid any compiler optimization
net: marvell: fix MVNETA_TX_IN_PRGRS bit number
ip_gre: add validation for csum_start
e1000e: Fix the max snoop/no-snoop latency for 10M
IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
* usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
drivers/usb/dwc3/gadget.c
USB: serial: option: add new VID/PID to support Fibocom FG150
Revert "USB: serial: ch341: fix character loss at high transfer rates"
can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters
ARC: Fix CONFIG_STACKDEPOT
Bug: 201722185
Change-Id: Ia09164e3bcbce03e2a295154246ba064c9c35795
Signed-off-by: Wilson Sung <wilsonsung@google.com>
|
||
|
Greg Kroah-Hartman
|
459b0aa6f6 |
Merge 4.9.284 into android-4.9-q
Changes in 4.9.284 s390/bpf: Fix optimizing out zero-extensions PM / wakeirq: Fix unbalanced IRQ enable for wakeirq crypto: talitos - fix max key size for sha384 and sha512 staging: android: ion: fix page is NULL sctp: validate chunk size in __rcv_asconf_lookup sctp: add param size validation for SCTP_PARAM_SET_PRIMARY dmaengine: acpi: Avoid comparison GSI with Linux vIRQ thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() 9p/trans_virtio: Remove sysfs file on probe failure prctl: allow to setup brk for et_dyn executables profiling: fix shift-out-of-bounds bugs pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered parisc: Move pci_dev_is_behind_card_dino to where it is used dmaengine: ioat: depends on !UML dmaengine: xilinx_dma: Set DMA mask for coherent APIs ceph: lockdep annotations for try_nonblocking_invalidate nilfs2: fix memory leak in nilfs_sysfs_create_device_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV sctp: validate from_addr_param return Linux 4.9.284 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Id6d0efbc796644d7619dfae7306362cc4a14b0c4 |
||
|
Cyrill Gorcunov
|
6f02282af4 |
prctl: allow to setup brk for et_dyn executables
commit e1fbbd073137a9d63279f6bf363151a938347640 upstream. Keno Fischer reported that when a binray loaded via ld-linux-x the prctl(PR_SET_MM_MAP) doesn't allow to setup brk value because it lays before mm:end_data. For example a test program shows | # ~/t | | start_code 401000 | end_code 401a15 | start_stack 7ffce4577dd0 | start_data 403e10 | end_data 40408c | start_brk b5b000 | sbrk(0) b5b000 and when executed via ld-linux | # /lib64/ld-linux-x86-64.so.2 ~/t | | start_code 7fc25b0a4000 | end_code 7fc25b0c4524 | start_stack 7fffcc6b2400 | start_data 7fc25b0ce4c0 | end_data 7fc25b0cff98 | start_brk 55555710c000 | sbrk(0) 55555710c000 This of course prevent criu from restoring such programs. Looking into how kernel operates with brk/start_brk inside brk() syscall I don't see any problem if we allow to setup brk/start_brk without checking for end_data. Even if someone pass some weird address here on a purpose then the worst possible result will be an unexpected unmapping of existing vma (own vma, since prctl works with the callers memory) but test for RLIMIT_DATA is still valid and a user won't be able to gain more memory in case of expanding VMAs via new values shipped with prctl call. Link: https://lkml.kernel.org/r/20210121221207.GB2174@grain Fixes: bbdc6076d2e5 ("binfmt_elf: move brk out of mmap when doing direct loader exec") Signed-off-by: Cyrill Gorcunov <gorcunov@gmail.com> Reported-by: Keno Fischer <keno@juliacomputing.com> Acked-by: Andrey Vagin <avagin@gmail.com> Tested-by: Andrey Vagin <avagin@gmail.com> Cc: Dmitry Safonov <0x7f454c46@gmail.com> Cc: Kirill Tkhai <ktkhai@virtuozzo.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Cc: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
lucaswei
|
474475fa1d |
Merge android-4.9-q (4.9.241) into android-msm-pixel-4.9-lts
Merge 4.9.241 into android-4.9-q
Linux 4.9.241
usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
eeprom: at25: set minimum read/write access stride to 1
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
net: korina: cast KSEG0 address to pointer in kfree
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
* usb: core: Solve race condition in anchor cleanup functions
drivers/usb/core/urb.c
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
reiserfs: Fix memory leak in reiserfs_parse_options()
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
tty: ipwireless: fix error handling
Fix use after free in get_capset_info callback.
rtl8xxxu: prevent potential memory leak
brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
scsi: ibmvfc: Fix error return in ibmvfc_probe()
* Bluetooth: Only mark socket zapped after unlocking
net/bluetooth/l2cap_sock.c
usb: ohci: Default to per-port over-current protection
xfs: make sure the rt allocator doesn't run off the end
reiserfs: only call unlock_new_inode() if I_NEW
misc: rtsx: Fix memory leak in rtsx_pci_probe
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
USB: cdc-acm: handle broken union descriptors
udf: Avoid accessing uninitialized data on failed inode read
udf: Limit sparing table size
usb: gadget: function: printer: fix use-after-free in __lock_acquire
misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
mic: vop: copy data to kernel space then write to io memory
* scsi: target: core: Add CONTROL field for trace events
include/scsi/scsi_common.h
scsi: mvumi: Fix error return in mvumi_io_attach()
PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
ntfs: add check for mft record size in superblock
fs: dlm: fix configfs memory leak
media: saa7134: avoid a shift overflow
* mmc: sdio: Check for CISTPL_VERS_1 buffer size
drivers/mmc/core/sdio_cis.c
media: uvcvideo: Ensure all probed info is returned to v4l2
media: media/pci: prevent memory leak in bttv_probe
media: bdisp: Fix runtime PM imbalance on error
media: platform: sti: hva: Fix runtime PM imbalance on error
media: platform: s3c-camif: Fix runtime PM imbalance on error
media: vsp1: Fix runtime PM imbalance on error
media: exynos4-is: Fix a reference count leak
media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
media: ati_remote: sanity check for both endpoints
media: firewire: fix memory leak
crypto: ccp - fix error handling
NTB: hw: amd: fix an issue about leak system resources
nvmet: fix uninitialized work for zero kato
powerpc/powernv/dump: Fix race while processing OPAL dump
arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
memory: omap-gpmc: Fix a couple off by ones
KVM: x86: emulating RDPID failure shall return #UD rather than #GP
Input: sun4i-ps2 - fix handling of platform_get_irq() error
Input: twl4030_keypad - fix handling of platform_get_irq() error
Input: omap4-keypad - fix handling of platform_get_irq() error
Input: ep93xx_keypad - fix handling of platform_get_irq() error
Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
vfio/pci: Clear token on bypass registration failure
clk: bcm2835: add missing release if devm_clk_hw_register fails
clk: at91: clk-main: update key before writing AT91_CKGR_MOR
rapidio: fix the missed put_device() for rio_mport_add_riodev
rapidio: fix error handling path
* lib/crc32.c: fix trivial typo in preprocessor condition
lib/crc32.c
IB/rdmavt: Fix sizeof mismatch
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
powerpc/perf/hv-gpci: Fix starting index value
powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
* overflow: Include header file with SIZE_MAX declaration
include/linux/overflow.h
* kdb: Fix pager search for multi-line strings
kernel/debug/kdb/kdb_io.c
RDMA/hns: Set the unsupported wr opcode
perf intel-pt: Fix "context_switch event has no tid" error
powerpc/tau: Disable TAU between measurements
powerpc/tau: Remove duplicated set_thresholds() call
powerpc/tau: Use appropriate temperature sample interval
RDMA/qedr: Fix use of uninitialized field
ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
mtd: mtdoops: Don't write panic data twice
mtd: lpddr: fix excessive stack usage with clang
powerpc/icp-hv: Fix missing of_node_put() in success path
powerpc/pseries: Fix missing of_node_put() in rng_init()
IB/mlx4: Adjust delayed work when a dup is observed
IB/mlx4: Fix starvation in paravirt mux/demux
net: korina: fix kfree of rx/tx descriptor array
mwifiex: fix double free
scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
* nl80211: fix non-split wiphy information
net/wireless/nl80211.c
* usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
drivers/usb/gadget/function/u_ether.c
usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
iwlwifi: mvm: split a print to avoid a WARNING in ROC
mfd: sm501: Fix leaks in probe()
net: enic: Cure the enic api locking trainwreck
* quota: clear padding in v2r1_mem2diskdqb()
fs/quota/quota_v2.c
ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
misc: mic: scif: Fix error handling path
ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
HID: roccat: add bounds checking in kone_sysfs_write_settings()
video: fbdev: sis: fix null ptr dereference
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
drivers/virt/fsl_hypervisor: Fix error handling path
* pty: do tty_flip_buffer_push without port->lock in pty_write
drivers/tty/pty.c
tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
* tty: serial: earlycon dependency
drivers/tty/serial/Kconfig
VMCI: check return value of get_user_pages_fast() for errors
backlight: sky81452-backlight: Fix refcount imbalance on error
scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
drm/gma500: fix error check
mwifiex: Do not use GFP_KERNEL in atomic context
ASoC: qcom: lpass-platform: fix memory leak
wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
ath10k: provide survey info as accumulated data
* regulator: resolve supply after creating regulator
drivers/regulator/core.c
media: ti-vpe: Fix a missing check and reference count leak
media: platform: fcp: Fix a reference count leak.
media: tc358743: initialize variable
crypto: omap-sham - fix digcnt register handling with export/import
media: omap3isp: Fix memleak in isp_probe
media: m5mols: Check function pointer in m5mols_sensor_power
media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
EDAC/i5100: Fix error handling order in i5100_init_one()
crypto: algif_aead - Do not set MAY_BACKLOG on the async path
ima: Don't ignore errors from crypto_shash_update()
KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
cifs: remove bogus debug code
* icmp: randomize the global rate limiter
net/ipv4/icmp.c
* tcp: fix to update snd_wl1 in bulk receiver fast path
net/ipv4/tcp_input.c
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
ALSA: bebob: potential info leak in hwdep_read()
r8169: fix data corruption issue on RTL8402
* net/ipv4: always honour route mtu during forwarding
include/net/ip.h
tipc: fix the skb_unshare() in tipc_buf_append()
ibmveth: Identify ingress large send packets.
* UPSTREAM: binder: fix UAF when releasing todo list
drivers/android/binder.c
* ANDROID: namespace'ify tcp_default_init_rwnd implementation
include/net/netns/ipv4.h
include/net/tcp.h
net/ipv4/sysctl_net_ipv4.c
net/ipv4/tcp_input.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_minisocks.c
net/ipv4/tcp_output.c
Merge 4.9.240 into android-4.9-q
Linux 4.9.240
crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
reiserfs: Fix oops during mount
reiserfs: Initialize inode keys properly
USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
USB: serial: pl2303: add device-id for HP GC device
staging: comedi: check validity of wMaxPacketSize of usb endpoints found
USB: serial: option: Add Telit FT980-KS composition
USB: serial: option: add Cellient MPL200 card
media: usbtv: Fix refcounting mixup
* Bluetooth: Disconnect if E0 is used for Level 4
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
net/bluetooth/hci_event.c
* Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
include/net/bluetooth/hci_core.h
* Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
include/net/bluetooth/hci_core.h
net/bluetooth/hci_event.c
* Bluetooth: fix kernel oops in store_pending_adv_report
net/bluetooth/hci_event.c
* Bluetooth: MGMT: Fix not checking if BT_HS is enabled
net/bluetooth/mgmt.c
* Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
include/net/bluetooth/l2cap.h
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
* Bluetooth: A2MP: Fix not initializing all members
net/bluetooth/a2mp.c
Merge 4.9.239 into android-4.9-q
Linux 4.9.239
* net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
drivers/net/usb/rtl8150.c
* mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged
include/linux/khugepaged.h
mm/page_alloc.c
* perf: Fix task_function_call() error handling
kernel/events/core.c
rxrpc: Fix server keyring leak
rxrpc: Fix some missing _bh annotations on locking conn->state_lock
rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
rxrpc: Fix rxkad token xdr encoding
* mdio: fix mdio-thunder.c dependency & build error
drivers/net/phy/Kconfig
* bonding: set dev->needed_headroom in bond_setup_by_slave()
drivers/net/bonding/bond_main.c
* xfrm: Use correct address family in xfrm_state_find
net/xfrm/xfrm_state.c
net: stmmac: removed enabling eee in EEE set callback
* xfrm: clone whole liftime_cur structure in xfrm_do_migrate
net/xfrm/xfrm_state.c
* xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
include/net/xfrm.h
drm/amdgpu: prevent double kfree ttm->sg
openvswitch: handle DNAT tuple collision
net: team: fix memory leak in __team_options_register
team: set dev->needed_headroom in team_setup_by_port()
sctp: fix sctp_auth_init_hmacs() error path
mm/khugepaged: fix filemap page_to_pgoff(page) != offset
macsec: avoid use-after-free in macsec_handle_frame()
ftrace: Move RCU is watching check after recursion check
mtd: rawnand: sunxi: Fix the probe error path
perf top: Fix stdio interface input handling with glibc 2.28+
* driver core: Fix probe_count imbalance in really_probe()
drivers/base/dd.c
platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
* usermodehelper: reset umask to default before executing user process
kernel/kmod.c
* net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
net/wireless/nl80211.c
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
Revert "ravb: Fixed to be able to unload modules"
* Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
include/linux/font.h
* fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
include/linux/font.h
* netfilter: ctnetlink: add a range check for l3/l4 protonum
net/netfilter/nf_conntrack_netlink.c
* ep_create_wakeup_source(): dentry name can change under you...
fs/eventpoll.c
* epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
fs/eventpoll.c
* epoll: replace ->visited/visited_list with generation count
fs/eventpoll.c
* epoll: do not insert into poll queues until all sanity checks are done
fs/eventpoll.c
* net/packet: fix overflow in tpacket_rcv
net/packet/af_packet.c
* random32: Restore __latent_entropy attribute on net_rand_state
lib/random32.c
i2c: cpm: Fix i2c_ram structure
iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
nfs: Fix security label length not being reset
mac80211: do not allow bigger VHT MPDUs than the hardware supports
drivers/net/wan/hdlc: Set skb->protocol before transmitting
drivers/net/wan/lapbether: Make skb->protocol consistent with the header
rndis_host: increase sleep time in the query-response loop
net: dec: de2104x: Increase receive ring size for Tulip
drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
gpio: tc35894: fix up tc35894 interrupt configuration
USB: gadget: f_ncm: Fix NDP16 datagram validation
vsock/virtio: stop workers during the .remove()
vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock
Merge 4.9.238 into android-4.9-q
Linux 4.9.238
ata: sata_mv, avoid trigerrable BUG_ON
ata: make qc_prep return ata_completion_errors
ata: define AC_ERR_OK
* lib/string.c: implement stpcpy
lib/string.c
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
ALSA: asihpi: fix iounmap in error handler
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
batman-adv: Add missing include for in_interrupt()
mac802154: tx: fix use-after-free
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: bla: fix type misuse for backbone_gw hash indexing
mwifiex: Increase AES key storage size to 256 bits
clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
ieee802154/adf7242: check status of adf7242_read_reg
objtool: Fix noreturn detection for ignored functions
* i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()
drivers/i2c/i2c-core.c
s390/init: add missing __init annotations
vfio/pci: fix racy on error and request eventfd ctx
selftests/x86/syscall_nt: Clear weird flags after each test
cifs: Fix double add page to memcg when cifs_readpages
vfio/pci: Clear error and request eventfd ctx after releasing
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
mtd: parser: cmdline: Support MTD names containing one or more colons
ceph: fix potential race in ceph_check_caps
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
perf kcore_copy: Fix module map when there are no modules loaded
perf util: Fix memory leak of prefix_if_not_in
vfio/pci: fix memory leaks of eventfd ctx
btrfs: don't force read-only after error in drop snapshot
* printk: handle blank console arguments passed in.
kernel/printk/printk.c
e1000: Do not perform reset in reset_task if we are already down
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
* fuse: don't check refcount after stealing page
fs/fuse/dev.c
ALSA: hda: Fix potential race in unsol event handler
tty: serial: samsung: Correct clock selection logic
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
* Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
net/bluetooth/hci_event.c
phy: samsung: s5pv210-usb2: Add delay after reset
atm: fix a memory leak of vcc->user_back
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
* bdev: Reduce time holding bd_mutex in sync in blkdev_close()
fs/block_dev.c
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
* mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
mm/mmap.c
* mm/filemap.c: clear page error before actual read
mm/filemap.c
* ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
sound/usb/midi.c
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
svcrdma: Fix leak of transport addresses
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
tools: gpio-hammer: Avoid potential overflow in main
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
serial: 8250_omap: Fix sleeping function called from invalid context during probe
serial: 8250_port: Don't service RX FIFO if throttled
* tracing: Use address-of operator on section symbols
kernel/trace/trace.c
tpm: ibmvtpm: Wait for buffer to be set before proceeding
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
media: tda10071: fix unsigned sign extension overflow
* Bluetooth: L2CAP: handle l2cap config request during open state
net/bluetooth/l2cap_core.c
drm/amdgpu: increase atombios cmd timeout
* timekeeping: Prevent 32bit truncation in scale64_check_overflow()
kernel/time/timekeeping.c
* Bluetooth: guard against controllers sending zero'd events
net/bluetooth/hci_event.c
media: go7007: Fix URB type for interrupt handling
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
* bpf: Remove recursion prevention from rcu free callback
kernel/bpf/hashtab.c
x86/pkeys: Add check for pkey "overflow"
KVM: x86: fix incorrect comparison in trace event
RDMA/rxe: Fix configuration of atomic queue pair attributes
drm/omap: fix possible object reference leak
scsi: lpfc: Fix coverity errors in fmdi attribute handling
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
* selinux: sel_avc_get_stat_idx should increase position index
security/selinux/selinuxfs.c
audit: CONFIG_CHANGE don't log internal bookkeeping as an event
* skbuff: fix a data race in skb_queue_len()
include/linux/skbuff.h
net/unix/af_unix.c
ALSA: hda: Clear RIRB status before reading WP
KVM: fix overflow of zero page refcount with ksm running
* Bluetooth: prefetch channel before killing sock
net/bluetooth/l2cap_sock.c
* mm: pagewalk: fix termination condition in walk_pte_range()
mm/pagewalk.c
* Bluetooth: Fix refcount use-after-free issue
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
* tracing: Set kernel_stack's caller size properly
kernel/trace/trace_entries.h
dmaengine: zynqmp_dma: fix burst length configuration
ACPI: EC: Reference count query handlers under lock
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
* seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
include/linux/seqlock.h
* rt_cpu_seq_next should increase position index
net/ipv4/route.c
* neigh_stat_seq_next() should increase position index
net/core/neighbour.c
* kernel/sys.c: avoid copying possible padding bytes in copy_to_user
kernel/sys.c
CIFS: Properly process SMB3 lease breaks
* debugfs: Fix !DEBUG_FS debugfs_create_automount
include/linux/debugfs.h
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
xfs: fix attr leaf header freemap.size underflow
RDMA/i40iw: Fix potential use after free
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
* tracing: Adding NULL checks for trace_array descriptor pointer
kernel/trace/trace.c
kernel/trace/trace_events.c
* mfd: mfd-core: Protect against NULL call-back function pointer
drivers/mfd/mfd-core.c
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
clk/ti/adpll: allocate room for terminating null
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
* ALSA: usb-audio: Add delay quirk for H570e USB headsets
sound/usb/quirks.c
ASoC: kirkwood: fix IRQ error handling
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
m68k: q40: Fix info-leak in rtc_ioctl
scsi: aacraid: fix illegal IO beyond last LBA
serial: 8250: Avoid error message on reprobe
* net: add __must_check to skb_put_padto()
include/linux/skbuff.h
net/hsr: Check skb_put_padto() return value
* net: phy: Avoid NPD upon phy_detach() when driver is unbound
drivers/net/phy/phy_device.c
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
tipc: use skb_unshare() instead in tipc_buf_append()
* ip: fix tos reflection in ack and reset packets
net/ipv4/ip_output.c
hdlc_ppp: add range checks in ppp_cp_parse_cr()
mtd: Fix comparison in map_word_andequal()
RDMA/ucma: ucma_context reference leak in error path
kprobes: fix kill kprobe which has been marked as gone
KVM: fix memory leak in kvm_io_bus_unregister_dev()
* af_key: pfkey_dump needs parameter validation
net/key/af_key.c
Change-Id: Ic405992aa26bd9ce6da4fdcf67ab341ef9427b53
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
495d499ce7 |
Merge 4.9.238 into android-4.9-q
Changes in 4.9.238 af_key: pfkey_dump needs parameter validation KVM: fix memory leak in kvm_io_bus_unregister_dev() kprobes: fix kill kprobe which has been marked as gone RDMA/ucma: ucma_context reference leak in error path mtd: Fix comparison in map_word_andequal() hdlc_ppp: add range checks in ppp_cp_parse_cr() ip: fix tos reflection in ack and reset packets tipc: use skb_unshare() instead in tipc_buf_append() bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. net: phy: Avoid NPD upon phy_detach() when driver is unbound net/hsr: Check skb_put_padto() return value net: add __must_check to skb_put_padto() serial: 8250: Avoid error message on reprobe scsi: aacraid: fix illegal IO beyond last LBA m68k: q40: Fix info-leak in rtc_ioctl gma/gma500: fix a memory disclosure bug due to uninitialized bytes ASoC: kirkwood: fix IRQ error handling ALSA: usb-audio: Add delay quirk for H570e USB headsets PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out clk/ti/adpll: allocate room for terminating null mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() mfd: mfd-core: Protect against NULL call-back function pointer tracing: Adding NULL checks for trace_array descriptor pointer bcache: fix a lost wake-up problem caused by mca_cannibalize_lock RDMA/i40iw: Fix potential use after free xfs: fix attr leaf header freemap.size underflow RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' debugfs: Fix !DEBUG_FS debugfs_create_automount CIFS: Properly process SMB3 lease breaks kernel/sys.c: avoid copying possible padding bytes in copy_to_user neigh_stat_seq_next() should increase position index rt_cpu_seq_next should increase position index seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier media: ti-vpe: cal: Restrict DMA to avoid memory corruption ACPI: EC: Reference count query handlers under lock dmaengine: zynqmp_dma: fix burst length configuration tracing: Set kernel_stack's caller size properly ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter Bluetooth: Fix refcount use-after-free issue mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: prefetch channel before killing sock KVM: fix overflow of zero page refcount with ksm running ALSA: hda: Clear RIRB status before reading WP skbuff: fix a data race in skb_queue_len() audit: CONFIG_CHANGE don't log internal bookkeeping as an event selinux: sel_avc_get_stat_idx should increase position index scsi: lpfc: Fix RQ buffer leakage when no IOCBs available scsi: lpfc: Fix coverity errors in fmdi attribute handling drm/omap: fix possible object reference leak RDMA/rxe: Fix configuration of atomic queue pair attributes KVM: x86: fix incorrect comparison in trace event x86/pkeys: Add check for pkey "overflow" bpf: Remove recursion prevention from rcu free callback dmaengine: tegra-apb: Prevent race conditions on channel's freeing media: go7007: Fix URB type for interrupt handling Bluetooth: guard against controllers sending zero'd events timekeeping: Prevent 32bit truncation in scale64_check_overflow() drm/amdgpu: increase atombios cmd timeout Bluetooth: L2CAP: handle l2cap config request during open state media: tda10071: fix unsigned sign extension overflow xfs: don't ever return a stale pointer from __xfs_dir3_free_read tpm: ibmvtpm: Wait for buffer to be set before proceeding tracing: Use address-of operator on section symbols serial: 8250_port: Don't service RX FIFO if throttled serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn tools: gpio-hammer: Avoid potential overflow in main SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' svcrdma: Fix leak of transport addresses ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor mm/filemap.c: clear page error before actual read mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area KVM: Remove CREATE_IRQCHIP/SET_PIT2 race bdev: Reduce time holding bd_mutex in sync in blkdev_close() drivers: char: tlclk.c: Avoid data race between init and interrupt handler dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion atm: fix a memory leak of vcc->user_back phy: samsung: s5pv210-usb2: Add delay after reset Bluetooth: Handle Inquiry Cancel error after Inquiry Complete USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() tty: serial: samsung: Correct clock selection logic ALSA: hda: Fix potential race in unsol event handler fuse: don't check refcount after stealing page USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int e1000: Do not perform reset in reset_task if we are already down printk: handle blank console arguments passed in. btrfs: don't force read-only after error in drop snapshot vfio/pci: fix memory leaks of eventfd ctx perf util: Fix memory leak of prefix_if_not_in perf kcore_copy: Fix module map when there are no modules loaded mtd: rawnand: omap_elm: Fix runtime PM imbalance on error ceph: fix potential race in ceph_check_caps mtd: parser: cmdline: Support MTD names containing one or more colons x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline vfio/pci: Clear error and request eventfd ctx after releasing cifs: Fix double add page to memcg when cifs_readpages selftests/x86/syscall_nt: Clear weird flags after each test vfio/pci: fix racy on error and request eventfd ctx s390/init: add missing __init annotations i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() objtool: Fix noreturn detection for ignored functions ieee802154/adf7242: check status of adf7242_read_reg clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() mwifiex: Increase AES key storage size to 256 bits batman-adv: bla: fix type misuse for backbone_gw hash indexing atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: mcast/TT: fix wrongly dropped or rerouted packets mac802154: tx: fix use-after-free batman-adv: Add missing include for in_interrupt() batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh ALSA: asihpi: fix iounmap in error handler MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() lib/string.c: implement stpcpy ata: define AC_ERR_OK ata: make qc_prep return ata_completion_errors ata: sata_mv, avoid trigerrable BUG_ON Linux 4.9.238 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I799877db3bc49e473bbc023ab948cd241755beff |
||
|
Joe Perches
|
bab62c6977 |
kernel/sys.c: avoid copying possible padding bytes in copy_to_user
[ Upstream commit 5e1aada08cd19ea652b2d32a250501d09b02ff2e ] Initialization is not guaranteed to zero padding bytes so use an explicit memset instead to avoid leaking any kernel content in any possible padding bytes. Link: http://lkml.kernel.org/r/dfa331c00881d61c8ee51577a082d8bebd61805c.camel@perches.com Signed-off-by: Joe Perches <joe@perches.com> Cc: Dan Carpenter <error27@gmail.com> Cc: Julia Lawall <julia.lawall@lip6.fr> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Robin Peng
|
3352ba1a12 |
Merge android-4.9 (4.9.185) into android-msm-pixel-4.9-lts
Merge 4.9.185 into android-4.9
Linux 4.9.185
* arm64: kaslr: keep modules inside module region when KASAN is enabled
arch/arm64/kernel/module.c
dmaengine: imx-sdma: remove BD_INTR for channel0
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
IB/hfi1: Close PSM sdma_progress sleep window
KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
* arm64, vdso: Define vdso_{start,end} as array
arch/arm64/kernel/vdso.c
tty: rocket: fix incorrect forward declaration of 'rp_init()'
btrfs: Ensure replaced device doesn't have pending chunk allocation
drm/imx: only send event on crtc disable if kept disabled
drm/imx: notify drm core before sending event during crtc disable
* lib/mpi: Fix karactx leak in mpi_powm
lib/mpi/mpi-pow.c
* ALSA: usb-audio: fix sign unintended sign extension on left shifts
sound/usb/mixer_quirks.c
ALSA: line6: Fix write on zero-sized buffer
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
crypto: user - prevent operating on larval algorithms
* ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
kernel/ptrace.c
MIPS: Workaround GCC __builtin_unreachable reordering bug
drm/i915/dmc: protect against reading random memory
KVM: x86: degrade WARN to pr_warn_ratelimited
clk: sunxi: fix uninitialized access
ARC: handle gcc generated __builtin_trap for older compiler
* bug.h: work around GCC PR82365 in BUG()
include/asm-generic/bug.h
include/linux/compiler-gcc.h
include/linux/compiler.h
ARC: fix allnoconfig build warning
mfd: omap-usb-tll: Fix register offsets
MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
MIPS: math-emu: do not use bools for arithmetic
* mm/mlock.c: change count_mm_mlocked_page_nr return type
mm/mlock.c
scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
scsi: hpsa: correct ioaccel2 chaining
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
ASoC: max98090: remove 24-bit format support if RJ is 0
drm/mediatek: fix unbind functions
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
* ASoC: soc-pcm: BE dai needs prepare when pause release after resume
sound/soc/soc-pcm.c
ASoC : cs4265 : readable register too low
* Bluetooth: Fix faulty expression for minimum encryption key size check
net/bluetooth/l2cap_core.c
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
* bpf: udp: ipv6: Avoid running reuseport's bpf_prog from __udp6_lib_err
net/ipv6/udp.c
* bpf: udp: Avoid calling reuseport's bpf_prog from udp_gro
net/ipv4/udp.c
net/ipv6/udp.c
* net: check before dereferencing netdev_ops during busy poll
net/core/dev.c
* ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
net/ipv4/raw.c
* bonding: Always enable vlan tx offload
drivers/net/bonding/bond_main.c
team: Always enable vlan tx offload
* tun: wake up waitqueues after IFF_UP is set
drivers/net/tun.c
tipc: check msg->req data len in tipc_nl_compat_bearer_disable
tipc: change to use register_pernet_device
sctp: change to hold sk after auth shkey is created successfully
net: stmmac: fixed new system time seconds value calculation
* af_packet: Block execution of tasks waiting for transmit to complete in AF_PACKET
net/packet/af_packet.c
net/packet/internal.h
* cpu/speculation: Warn on unsupported mitigations= parameter
kernel/cpu.c
NFS/flexfiles: Use the correct TCP timeout for flexfiles I/O
x86/speculation: Allow guests to use SSBD even if host does not
scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
* mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
mm/page_idle.c
fs/binfmt_flat.c: make load_flat_shared_library() work
* fs/proc/array.c: allow reporting eip/esp for all coredumping threads
fs/proc/array.c
net/9p: include trans_common.h to fix missing prototype warning.
9p: p9dirent_read: check network-provided name length
9p/rdma: remove useless check in cm_event_handler
9p: acl: fix uninitialized iattr access
9p/rdma: do not disconnect on down_interruptible EAGAIN
perf header: Fix unchecked usage of strncpy()
perf help: Remove needless use of strncpy()
perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul
IB/hfi1: Avoid hardlockup with flushlist_lock
mac80211: Do not use stack memory with scatterlist for GMAC
mac80211: drop robust management frames from unknown TA
* cfg80211: fix memory leak of wiphy device name
net/wireless/core.c
* Bluetooth: Fix regression with minimum encryption key size alignment
net/bluetooth/hci_conn.c
net/bluetooth/l2cap_core.c
* Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
powerpc/bpf: use unsigned division instruction for 64-bit operations
can: purge socket error queue on sock destruct
can: flexcan: fix timeout when set small bitrate
btrfs: start readahead also in seed devices
nvme: Fix u32 overflow in the number of namespace list calculation
hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
* scsi: ufs: Check that space was properly alloced in copy_query_response
drivers/scsi/ufs/ufshcd.c
scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
drm/arm/hdlcd: Allow a bit of clock tolerance
net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled
net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
net: hns: Fix loopback test failed at copper ports
net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
MIPS: uprobes: remove set but not used variable 'epc'
IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
IB/rdmavt: Fix alloc_qpn() WARN_ON()
parisc: Fix compiler warnings in float emulation code
parport: Fix mem leak in parport_register_dev_model
ARC: fix build warnings with !CONFIG_KPROBES
apparmor: enforce nullbyte at end of tag string
* Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
drivers/input/misc/uinput.c
IB/hfi1: Silence txreq allocation warnings
usb: chipidea: udc: workaround for endpoint conflict issue
* scsi: ufs: Avoid runtime suspend possibly being blocked forever
drivers/scsi/ufs/ufshcd-pltfrm.c
* gcc-9: silence 'address-of-packed-member' warning
Makefile
* tracing: Silence GCC 9 array bounds warning
kernel/trace/trace.c
kernel/trace/trace.h
BACKPORT: kheaders: Do not regenerate archive if config is not changed
* BACKPORT: kheaders: Move from proc to sysfs
init/Kconfig
kernel/Makefile
* BACKPORT: Provide in-kernel headers to make extending kernel easier
init/Kconfig
kernel/Makefile
Merge 4.9.184 into android-4.9
Linux 4.9.184
* tcp: refine memory limit test in tcp_fragment()
net/ipv4/tcp_output.c
Merge 4.9.183 into android-4.9
Linux 4.9.183
* Abort file_remove_privs() for non-reg. files
fs/inode.c
mlxsw: spectrum: Prevent force of 56G
scsi: libsas: delete sas port if expander discover failed
scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask
scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu
KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
ia64: fix build errors by exporting paddr_to_nid()
perf record: Fix s390 missing module symbol and warning for non-root users
perf data: Fix 'strncat may truncate' build failure with recent gcc
* configfs: Fix use-after-free when accessing sd->s_dentry
fs/configfs/dir.c
* i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
drivers/i2c/i2c-dev.c
net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
* gpio: fix gpio-adp5588 build errors
drivers/gpio/Kconfig
* perf/ring_buffer: Add ordering to rb->nest increment
kernel/events/ring_buffer.c
* perf/ring_buffer: Fix exposing a temporarily decreased data_head
kernel/events/ring_buffer.c
x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
mISDN: make sure device name is NUL terminated
selftests: netfilter: missing error check when setting up veth interface
perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints
Revert "staging: vc04_services: prevent integer overflow in create_pagelist()"
sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
* neigh: fix use-after-free read in pneigh_get_next
net/core/neighbour.c
lapb: fixed leak of control-blocks.
* ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
net/ipv6/ip6_flowlabel.c
be2net: Fix number of Rx queues used for flow hashing
ax25: fix inconsistent lock state in ax25_destroy_timer
rtc: pcf8523: don't return invalid date when battery is low
USB: serial: option: add Telit 0x1260 and 0x1261 compositions
USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
USB: serial: pl2303: add Allied Telesis VT-Kit3
* USB: usb-storage: Add new ID to ums-realtek
drivers/usb/storage/unusual_realtek.h
* USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
drivers/usb/core/quirks.c
usb: dwc2: Fix DMA cache alignment issues
drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read
KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
KVM: x86/pmu: do not mask the value that is written to fixed PMUs
usbnet: ipheth: fix racing condition
selftests/timers: Add missing fflush(stdout) calls
scsi: bnx2fc: fix incorrect cast to u64 on shift operation
* arm64/mm: Inhibit huge-vmap with ptdump
arch/arm64/mm/mmu.c
scsi: lpfc: add check for loss of ndlp when sending RRQ
Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex"
ALSA: seq: Fix race of get-subscription call vs port-delete ioctls
ALSA: seq: Protect in-kernel ioctl calls with mutex
* x86/uaccess, kcov: Disable stack protector
kernel/Makefile
ASoC: fsl_asrc: Fix the issue about unsupported rate
ASoC: cs42xx8: Add regcache mask dirty
* cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
include/linux/cgroup.h
bcache: fix stack corruption by PRECEDING_KEY()
i2c: acorn: fix i2c warning
* media: v4l2-ioctl: clear fields in s_parm
drivers/media/v4l2-core/v4l2-ioctl.c
* ptrace: restore smp_rmb() in __ptrace_may_access()
kernel/cred.c
kernel/ptrace.c
* signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
kernel/ptrace.c
fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
* mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
mm/list_lru.c
libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
ALSA: oxfw: allow PCM capture for Stanton SCS.1m
ALSA: seq: Cover unsubscribe_port() in list_mutex
* Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
ARM: exynos: Fix undefined instruction during Exynos5422 resume
* pwm: Fix deadlock warning when removing PWM device
drivers/pwm/core.c
drivers/pwm/sysfs.c
include/linux/pwm.h
ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa
pwm: tiehrpwm: Update shadow register for disabling PWMs
dmaengine: idma64: Use actual device for DMA transfers
gpio: gpio-omap: add check for off wake capable gpios
PCI: xilinx: Check for __get_free_pages() failure
video: imsttfb: fix potential NULL pointer dereferences
video: hgafb: fix potential NULL pointer dereference
PCI: rcar: Fix 64bit MSI message address handling
PCI: rcar: Fix a potential NULL pointer dereference
platform/x86: intel_pmc_ipc: adding error handling
PCI: rpadlpar: Fix leaked device_node references in add/remove paths
ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
platform/chrome: cros_ec_proto: check for NULL transfer function
x86/PCI: Fix PCI IRQ routing table memory leak
nfsd: allow fh_want_write to be called twice
* fuse: retrieve: cap requested size to negotiated max_write
fs/fuse/dev.c
* nvmem: core: fix read buffer in place
drivers/nvmem/core.c
ALSA: hda - Register irq handler after the chip initialization
iommu/vt-d: Set intel_iommu_gfx_mapped correctly
* watchdog: fix compile time error of pretimeout governors
drivers/watchdog/Kconfig
watchdog: imx2_wdt: Fix set_timeout for big timeout values
uml: fix a boot splat wrt use of cpu_all_mask
* configfs: fix possible use-after-free in configfs_register_group
fs/configfs/dir.c
* f2fs: fix to do sanity check on valid block count of segment
fs/f2fs/segment.h
* f2fs: fix to clear dirty inode in error path of f2fs_iget()
fs/f2fs/inode.c
* f2fs: fix to avoid panic in do_recover_data()
fs/f2fs/recovery.c
* ntp: Allow TAI-UTC offset to be set to zero
kernel/time/ntp.c
pwm: meson: Use the spin-lock only to protect register modifications
objtool: Don't use ignore flag for fake jumps
drm/bridge: adv7511: Fix low refresh rate selection
perf/x86/intel: Allow PEBS multi-entry in watermark mode
mfd: twl6040: Fix device init errors for ACCCTL register
mfd: intel-lpss: Set the device in reset state when init
mfd: tps65912-spi: Add missing of table registration
drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER
* kernel/sys.c: prctl: fix false positive in validate_prctl_map()
kernel/sys.c
mm/slab.c: fix an infinite loop in leaks_show()
mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
* mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
mm/cma.c
* mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE
mm/page_alloc.c
hugetlbfs: on restore reserve error path retain subpool reservation
ARM: prevent tracing IPI_CPU_BACKTRACE
ipc: prevent lockup on alloc_msg and free_msg
* sysctl: return -EINVAL if val violates minmax
kernel/sysctl.c
* fs/fat/file.c: issue flush after the writeback of FAT
fs/fat/file.c
rapidio: fix a NULL pointer dereference when create_workqueue() fails
* ANDROID: kernel: cgroup: cpuset: Clear cpus_requested for empty buf
kernel/cpuset.c
* ANDROID: kernel: cgroup: cpuset: Add missing allocation of cpus_requested in alloc_trial_cpuset
kernel/cpuset.c
* mm: memcontrol: fix NULL pointer crash in test_clear_page_writeback()
include/linux/memcontrol.h
mm/memcontrol.c
mm/page-writeback.c
Merge 4.9.182 into android-4.9
Linux 4.9.182
* tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
net/ipv4/tcp_timer.c
* tcp: add tcp_min_snd_mss sysctl
include/net/netns/ipv4.h
net/ipv4/sysctl_net_ipv4.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_output.c
* tcp: tcp_fragment() should apply sane memory limits
include/uapi/linux/snmp.h
net/ipv4/proc.c
net/ipv4/tcp_output.c
* tcp: limit payload size of sacked skbs
include/linux/tcp.h
include/net/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_input.c
net/ipv4/tcp_output.c
* tcp: reduce tcp_fastretrans_alert() verbosity
net/ipv4/tcp_input.c
efi/libstub: remove duplicate nokaslr
* BACKPORT: Add support for BPF_FUNC_probe_read_str
kernel/trace/bpf_trace.c
* UPSTREAM: binder: check for overflow when alloc for security context
drivers/android/binder.c
* BACKPORT: binder: fix race between munmap() and direct reclaim
drivers/android/binder_alloc.c
Merge 4.9.181 into android-4.9
Linux 4.9.181
* ethtool: check the return value of get_regs_len
net/core/ethtool.c
* ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
include/net/arp.h
* fuse: Add FOPEN_STREAM to use stream_open()
fs/fuse/file.c
include/uapi/linux/fuse.h
* fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
fs/open.c
fs/read_write.c
include/linux/fs.h
* TTY: serial_core, add ->install
drivers/tty/serial/serial_core.c
drm/i915: Fix I915_EXEC_RING_MASK
drm/radeon: prefer lower reference dividers
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
genwqe: Prevent an integer overflow in the ioctl
Revert "MIPS: perf: ath79: Fix perfcount IRQ assignment"
MIPS: pistachio: Build uImage.gz by default
* x86/power: Fix 'nosmt' vs hibernation triple fault during resume
include/linux/cpu.h
kernel/cpu.c
* fuse: fallocate: fix return with locked inode
fs/fuse/file.c
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
* rcu: locking and unlocking need to always be at least barriers
include/linux/rcupdate.h
* Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
net/core/fib_rules.c
* Revert "fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")"
net/core/fib_rules.c
* ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
net/ipv6/raw.c
* ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
net/ipv6/raw.c
pktgen: do not sleep with the thread lock held.
net: rds: fix memory leak in rds_ib_flush_mr_pool
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
* neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
net/core/neighbour.c
* ethtool: fix potential userspace buffer overflow
net/core/ethtool.c
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
* efi/libstub: Unify command line param parsing
include/linux/efi.h
Revert "x86/build: Move _etext to actual end of .text"
* mm: make page ref count overflow check tighter and more explicit
include/linux/mm.h
* mm: prevent get_user_pages() from overflowing page refcount
mm/gup.c
* mm, gup: ensure real head page is ref-counted when using hugepages
mm/gup.c
* mm, gup: remove broken VM_BUG_ON_PAGE compound check for hugepages
mm/gup.c
* fs: prevent page refcount overflow in pipe_buf_get
fs/fuse/dev.c
fs/pipe.c
fs/splice.c
include/linux/pipe_fs_i.h
kernel/trace/trace.c
* binder: replace "%p" with "%pK"
drivers/android/binder.c
* binder: Replace "%p" with "%pK" for stable
drivers/android/binder.c
brcmfmac: add subtype check for event handling in data path
brcmfmac: assure SSID length from firmware is limited
brcmfmac: add length checks in scheduled scan result handler
drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set
gcc-plugins: Fix build failures under Darwin host
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
staging: vc04_services: prevent integer overflow in create_pagelist()
docs: Fix conf.py for Sphinx 2.0
* kernel/signal.c: trace_signal_deliver when signal_group_exit
kernel/signal.c
* memcg: make it work on sparse non-0-node systems
include/linux/list_lru.h
mm/list_lru.c
tty: max310x: Fix external crystal register setup
tty: serial: msm_serial: Fix XON/XOFF
drm/nouveau/i2c: Disable i2c bus access after ->fini()
ALSA: hda/realtek - Set default power save node to 0
powerpc/perf: Fix MMCRA corruption by bhrb_filter
Btrfs: fix race updating log root item during fsync
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
media: smsusb: better handle optional alignment
media: usb: siano: Fix false-positive "uninitialized variable" warning
media: usb: siano: Fix general protection fault in smsusb
USB: rio500: fix memory leak in close after disconnect
USB: rio500: refuse more than one device at a time
* USB: Add LPM quirk for Surface Dock GigE adapter
drivers/usb/core/quirks.c
USB: sisusbvga: fix oops in error path of sisusb_probe
* USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
drivers/usb/core/config.c
usbip: usbip_host: fix stub_dev lock context imbalance regression
usbip: usbip_host: fix BUG: sleeping function called from invalid context
* usb: xhci: avoid null pointer deref when bos field is NULL
drivers/usb/host/xhci.c
* xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
drivers/usb/host/xhci.c
* xhci: Use %zu for printing size_t type
drivers/usb/host/xhci-ring.c
* xhci: update bounce buffer with correct sg num
drivers/usb/host/xhci-ring.c
* include/linux/bitops.h: sanitize rotate primitives
include/linux/bitops.h
sparc64: Fix regression in non-hypervisor TLB flush xcall
tipc: fix modprobe tipc failed after switch order of device registration
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
crypto: vmx - ghash: do nosimd fallback manually
net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
net: mvneta: Fix err code path of probe
net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
* ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
net/ipv4/igmp.c
* ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
net/ipv4/igmp.c
bnxt_en: Fix aggregation buffer leak under OOM condition.
tipc: Avoid copying bytes beyond the supplied data
* usbnet: fix kernel crash after disconnect
drivers/net/usb/usbnet.c
net: stmmac: fix reset gpio free missing
* net-gro: fix use-after-free read in napi_gro_frags()
net/core/dev.c
net: fec: fix the clk mismatch in failed_reset path
* llc: fix skb leak in llc_build_and_send_ui_pkt()
net/llc/llc_output.c
* ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
net/ipv6/raw.c
* Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
net/core/fib_rules.c
* Revert "fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")"
net/core/fib_rules.c
Revert "x86/build: Move _etext to actual end of .text"
Merge 4.9.180 into android-4.9
Linux 4.9.180
* drm: Wake up next in drm_read() chain if we are forced to putback the event
drivers/gpu/drm/drm_fops.c
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
* spi: Fix zero length xfer bug
drivers/spi/spi.c
spi: rspi: Fix sequencer reset during initialization
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
media: saa7146: avoid high stack usage with clang
scsi: lpfc: Fix FDMI manufacturer attribute value
media: go7007: avoid clang frame overflow warning with KASAN
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
dmaengine: tegra210-adma: use devm_clk_*() helpers
scsi: qla4xxx: avoid freeing unallocated dma memory
* usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
drivers/usb/core/hcd.c
rcuperf: Fix cleanup path for invalid perf_type strings
rcutorture: Fix cleanup path for invalid torture_type strings
x86/mce: Fix machine_check_poll() tests for error types
tty: ipwireless: fix missing checks for ioremap
virtio_console: initialize vtermno value for ports
media: wl128x: prevent two potential buffer overflows
spi: tegra114: reset controller on probe
cxgb3/l2t: Fix undefined behaviour
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
* HID: core: move Usage Page concatenation to Main item
drivers/hid/hid-core.c
include/linux/hid.h
* chardev: add additional check for minor range overlap
fs/char_dev.c
x86/ia32: Fix ia32_restore_sigcontext() AC leak
x86/uaccess, signal: Fix AC=1 bloat
* arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
arch/arm64/kernel/cpu_ops.c
* scsi: ufs: Avoid configuring regulator with undefined voltage range
drivers/scsi/ufs/ufshcd.c
* scsi: ufs: Fix regulator load and icc-level configuration
drivers/scsi/ufs/ufshcd.c
brcmfmac: fix Oops when bringing up interface during USB disconnect
brcmfmac: fix race during disconnect when USB completion is in progress
brcmfmac: convert dev_init_lock mutex to completion
b43: shut up clang -Wuninitialized variable warning
brcmfmac: fix missing checks for kmemdup
mwifiex: Fix mem leak in mwifiex_tm_cmd
rtlwifi: fix a potential NULL pointer dereference
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
iio: hmc5843: fix potential NULL pointer dereferences
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
x86/build: Keep local relocations with ld.lld
cpufreq: pmac32: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: ppc_cbe: fix possible object reference leak
s390: cio: fix cio_irb declaration
extcon: arizona: Disable mic detect if running when driver is removed
* PM / core: Propagate dev->power.wakeup_path when no callbacks
drivers/base/power/main.c
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc_spi: add a status check for spi_sync_locked
* mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
drivers/mmc/core/pwrseq_emmc.c
scsi: libsas: Do discovery on empty PHY to update PHY info
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
* arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
arch/arm64/include/asm/vdso_datapage.h
arch/arm64/kernel/asm-offsets.c
arch/arm64/kernel/vdso.c
i40e: don't allow changes to HW VLAN stripping on active port VLANs
x86/irq/64: Limit IST stack overflow check to #DB stack
* USB: core: Don't unbind interfaces following device reset failure
drivers/usb/core/hub.c
* sched/core: Handle overflow in cpu_shares_write_u64
kernel/sched/core.c
* sched/core: Check quota and period overflow at usec to nsec conversion
kernel/sched/core.c
powerpc/numa: improve control of topology updates
media: pvrusb2: Prevent a buffer overflow
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
* audit: fix a memory leak bug
kernel/auditfilter.c
media: ov2659: make S_FMT succeed even if requested format doesn't match
media: au0828: stop video streaming only when last user stops
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
media: coda: clear error return value before picture run
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
pinctrl: pistachio: fix leaked of_node references
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
* mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
lib/strncpy_from_user.c
lib/strnlen_user.c
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
* smpboot: Place the __percpu annotation correctly
include/linux/smpboot.h
x86/build: Move _etext to actual end of .text
bcache: avoid clang -Wunintialized warning
bcache: add failure check to run_cache_set() for journal replay
bcache: fix failure in journal relplay
bcache: return error immediately in bch_journal_replay()
crypto: sun4i-ss - Fix invalid calculation of hash end
net: cw1200: fix a NULL pointer dereference
mwifiex: prevent an array overflow
ASoC: fsl_sai: Update is_slave_mode with correct value
* mac80211/cfg80211: update bss channel on channel switch
net/wireless/nl80211.c
dmaengine: pl330: _stop: clear interrupt status
w1: fix the resume command API
rtc: 88pm860x: prevent use-after-free on device remove
iwlwifi: pcie: don't crash on invalid RX interrupt
scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
* sched/cpufreq: Fix kobject memleak
drivers/cpufreq/cpufreq.c
* arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
arch/arm64/include/asm/pgtable.h
ARM: vdso: Remove dependency with the arch_timer driver internals
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
spi: pxa2xx: fix SCR (divisor) calculation
* ASoC: imx: fix fiq dependencies
sound/soc/fsl/Kconfig
powerpc/boot: Fix missing check of lseek() return value
* ASoC: hdmi-codec: unlock the device on startup errors
sound/soc/codecs/hdmi-codec.c
net: ena: gcc 8: fix compilation warning
dmaengine: tegra210-dma: free dma controller in remove()
* mmc: core: Verify SD bus width
drivers/mmc/core/sd.c
cxgb4: Fix error path in cxgb4_init_module
gfs2: Fix lru_count going negative
Revert "btrfs: Honour FITRIM range constraints during free space trim"
tools include: Adopt linux/bits.h
perf tools: No need to include bitops.h in util.h
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
media: cpia2: Fix use-after-free in cpia2_exit
* fbdev: fix WARNING in __alloc_pages_nodemask bug
drivers/video/fbdev/core/fbcmap.c
* hugetlb: use same fault hash key for shared and private mappings
include/linux/hugetlb.h
* fbdev: fix divide error in fb_var_to_videomode
drivers/video/fbdev/core/modedb.c
btrfs: sysfs: don't leak memory when failing add fsid
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
gfs2: Fix sign extension bug in gfs2_update_stats
* arm64: Save and restore OSDLR_EL1 across suspend/resume
arch/arm64/mm/proc.S
libnvdimm/namespace: Fix label tracking error
kvm: svm/avic: fix off-by-one in checking host APIC ID
crypto: vmx - CTR: always increment IV as quadword
* Revert "scsi: sd: Keep disk read-only when re-reading partition"
drivers/scsi/sd.c
* bio: fix improper use of smp_mb__before_atomic()
include/linux/bio.h
KVM: x86: fix return value for reserved EFER
* ext4: do not delete unlinked inode from orphan list on failed truncate
fs/ext4/inode.c
Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.9.y' into android-4.9
Merge 4.9.179 into android-4.9
Linux 4.9.179
fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
btrfs: Honour FITRIM range constraints during free space trim
md/raid: raid5 preserve the writeback action after the parity check
Revert "Don't jump to compute_result state from check_result state"
perf bench numa: Add define for RUSAGE_THREAD if not present
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
* power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG
drivers/power/supply/power_supply_sysfs.c
KVM: arm/arm64: Ensure vcpu target is unset on reset failure
mac80211: Fix kernel panic due to use of txq after free
* xfrm4: Fix uninitialized memory read in _decode_session4
net/ipv4/xfrm4_policy.c
* vti4: ipip tunnel deregistration fixes.
net/ipv4/ip_vti.c
* xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
net/ipv6/xfrm6_tunnel.c
* xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
net/xfrm/xfrm_user.c
dm delay: fix a crash when invalid device is specified
* PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
drivers/pci/quirks.c
include/linux/pci.h
PCI: Factor out pcie_retrain_link() function
* PCI: Mark Atheros AR9462 to avoid bus reset
drivers/pci/quirks.c
fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
fbdev: sm712fb: fix support for 1024x768-16 mode
fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
fbdev: sm712fb: fix brightness control on reboot, don't set SR30
objtool: Allow AR to be overridden with HOSTAR
perf intel-pt: Fix sample timestamp wrt non-taken branches
perf intel-pt: Fix improved sample timestamp
perf intel-pt: Fix instructions sampling rate
memory: tegra: Fix integer overflow on tick value calculation
* tracing: Fix partial reading of trace event's id file
kernel/trace/trace_events.c
ceph: flush dirty inodes before proceeding with remount
iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
* fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
fs/fuse/file.c
* fuse: fix writepages on 32bit
fs/fuse/file.c
clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
NFS4: Fix v4.0 client state corruption when mount
media: ov6650: Fix sensor possibly not detected on probe
cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()
* of: fix clang -Wunsequenced for be32_to_cpu()
include/linux/of.h
p54: drop device reference count if fails to enable device
intel_th: msu: Fix single mode with IOMMU
md: add mddev->pers to avoid potential NULL pointer dereference
stm class: Fix channel free in stm output free path
parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code
parisc: Skip registering LED when running in QEMU
parisc: Export running_on_qemu symbol for modules
vsock/virtio: Initialize core virtio vsock before registering the driver
tipc: fix modprobe tipc failed after switch order of device registration
vsock/virtio: free packets during the socket release
tipc: switch order of device registration to fix a crash
* ppp: deflate: Fix possible crash in deflate_init
drivers/net/ppp/ppp_deflate.c
net/mlx4_core: Change the error print to info print
* net: avoid weird emergency message
net/core/dev.c
* f2fs: link f2fs quota ops for sysfile
fs/f2fs/checkpoint.c
fs/f2fs/super.c
* BACKPORT: gcov: clang support
kernel/gcov/Kconfig
UPSTREAM: gcov: docs: add a note on GCC vs Clang differences
UPSTREAM: gcov: clang: move common GCC code into gcc_base.c
* UPSTREAM: module: add stubs for within_module functions
include/linux/module.h
* UPSTREAM: gcov: remove CONFIG_GCOV_FORMAT_AUTODETECT
kernel/gcov/Kconfig
* BACKPORT: kbuild: gcov: enable -fno-tree-loop-im if supported
Makefile
Merge remote-tracking branch 'origin/upstream-f2fs-stable-linux-4.9.y' into android-4.9
* ext4: fix build warning
fs/ext4/file.c
Change-Id: I8e7abd3cefdf0f9d9c1fa5b63a0abf243fe7c7d1
Signed-off-by: Robin Peng <robinpeng@google.com>
|
||
|
Greg Kroah-Hartman
|
a0b21f86b2 |
Merge 4.9.183 into android-4.9-q
Changes in 4.9.183 rapidio: fix a NULL pointer dereference when create_workqueue() fails fs/fat/file.c: issue flush after the writeback of FAT sysctl: return -EINVAL if val violates minmax ipc: prevent lockup on alloc_msg and free_msg ARM: prevent tracing IPI_CPU_BACKTRACE hugetlbfs: on restore reserve error path retain subpool reservation mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/slab.c: fix an infinite loop in leaks_show() kernel/sys.c: prctl: fix false positive in validate_prctl_map() drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER mfd: tps65912-spi: Add missing of table registration mfd: intel-lpss: Set the device in reset state when init mfd: twl6040: Fix device init errors for ACCCTL register perf/x86/intel: Allow PEBS multi-entry in watermark mode drm/bridge: adv7511: Fix low refresh rate selection objtool: Don't use ignore flag for fake jumps pwm: meson: Use the spin-lock only to protect register modifications ntp: Allow TAI-UTC offset to be set to zero f2fs: fix to avoid panic in do_recover_data() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to do sanity check on valid block count of segment configfs: fix possible use-after-free in configfs_register_group uml: fix a boot splat wrt use of cpu_all_mask watchdog: imx2_wdt: Fix set_timeout for big timeout values watchdog: fix compile time error of pretimeout governors iommu/vt-d: Set intel_iommu_gfx_mapped correctly ALSA: hda - Register irq handler after the chip initialization nvmem: core: fix read buffer in place fuse: retrieve: cap requested size to negotiated max_write nfsd: allow fh_want_write to be called twice x86/PCI: Fix PCI IRQ routing table memory leak platform/chrome: cros_ec_proto: check for NULL transfer function soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA PCI: rpadlpar: Fix leaked device_node references in add/remove paths platform/x86: intel_pmc_ipc: adding error handling PCI: rcar: Fix a potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling video: hgafb: fix potential NULL pointer dereference video: imsttfb: fix potential NULL pointer dereferences PCI: xilinx: Check for __get_free_pages() failure gpio: gpio-omap: add check for off wake capable gpios dmaengine: idma64: Use actual device for DMA transfers pwm: tiehrpwm: Update shadow register for disabling PWMs ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: Fix deadlock warning when removing PWM device ARM: exynos: Fix undefined instruction during Exynos5422 resume Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" ALSA: seq: Cover unsubscribe_port() in list_mutex ALSA: oxfw: allow PCM capture for Stanton SCS.1m libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node fs/ocfs2: fix race in ocfs2_dentry_attach_lock() signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO ptrace: restore smp_rmb() in __ptrace_may_access() media: v4l2-ioctl: clear fields in s_parm i2c: acorn: fix i2c warning bcache: fix stack corruption by PRECEDING_KEY() cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() ASoC: cs42xx8: Add regcache mask dirty ASoC: fsl_asrc: Fix the issue about unsupported rate x86/uaccess, kcov: Disable stack protector ALSA: seq: Protect in-kernel ioctl calls with mutex ALSA: seq: Fix race of get-subscription call vs port-delete ioctls Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex" Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var scsi: lpfc: add check for loss of ndlp when sending RRQ arm64/mm: Inhibit huge-vmap with ptdump scsi: bnx2fc: fix incorrect cast to u64 on shift operation selftests/timers: Add missing fflush(stdout) calls usbnet: ipheth: fix racing condition KVM: x86/pmu: do not mask the value that is written to fixed PMUs KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() usb: dwc2: Fix DMA cache alignment issues USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. USB: usb-storage: Add new ID to ums-realtek USB: serial: pl2303: add Allied Telesis VT-Kit3 USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode USB: serial: option: add Telit 0x1260 and 0x1261 compositions rtc: pcf8523: don't return invalid date when battery is low ax25: fix inconsistent lock state in ax25_destroy_timer be2net: Fix number of Rx queues used for flow hashing ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero lapb: fixed leak of control-blocks. neigh: fix use-after-free read in pneigh_get_next sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg Revert "staging: vc04_services: prevent integer overflow in create_pagelist()" perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints selftests: netfilter: missing error check when setting up veth interface mISDN: make sure device name is NUL terminated x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor perf/ring_buffer: Fix exposing a temporarily decreased data_head perf/ring_buffer: Add ordering to rb->nest increment gpio: fix gpio-adp5588 build errors net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr configfs: Fix use-after-free when accessing sd->s_dentry perf data: Fix 'strncat may truncate' build failure with recent gcc perf record: Fix s390 missing module symbol and warning for non-root users ia64: fix build errors by exporting paddr_to_nid() KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask scsi: libsas: delete sas port if expander discover failed mlxsw: spectrum: Prevent force of 56G Abort file_remove_privs() for non-reg. files Linux 4.9.183 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
a80a7ab5f7 |
Merge 4.9.183 into android-4.9
Changes in 4.9.183 rapidio: fix a NULL pointer dereference when create_workqueue() fails fs/fat/file.c: issue flush after the writeback of FAT sysctl: return -EINVAL if val violates minmax ipc: prevent lockup on alloc_msg and free_msg ARM: prevent tracing IPI_CPU_BACKTRACE hugetlbfs: on restore reserve error path retain subpool reservation mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/slab.c: fix an infinite loop in leaks_show() kernel/sys.c: prctl: fix false positive in validate_prctl_map() drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER mfd: tps65912-spi: Add missing of table registration mfd: intel-lpss: Set the device in reset state when init mfd: twl6040: Fix device init errors for ACCCTL register perf/x86/intel: Allow PEBS multi-entry in watermark mode drm/bridge: adv7511: Fix low refresh rate selection objtool: Don't use ignore flag for fake jumps pwm: meson: Use the spin-lock only to protect register modifications ntp: Allow TAI-UTC offset to be set to zero f2fs: fix to avoid panic in do_recover_data() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to do sanity check on valid block count of segment configfs: fix possible use-after-free in configfs_register_group uml: fix a boot splat wrt use of cpu_all_mask watchdog: imx2_wdt: Fix set_timeout for big timeout values watchdog: fix compile time error of pretimeout governors iommu/vt-d: Set intel_iommu_gfx_mapped correctly ALSA: hda - Register irq handler after the chip initialization nvmem: core: fix read buffer in place fuse: retrieve: cap requested size to negotiated max_write nfsd: allow fh_want_write to be called twice x86/PCI: Fix PCI IRQ routing table memory leak platform/chrome: cros_ec_proto: check for NULL transfer function soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA PCI: rpadlpar: Fix leaked device_node references in add/remove paths platform/x86: intel_pmc_ipc: adding error handling PCI: rcar: Fix a potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling video: hgafb: fix potential NULL pointer dereference video: imsttfb: fix potential NULL pointer dereferences PCI: xilinx: Check for __get_free_pages() failure gpio: gpio-omap: add check for off wake capable gpios dmaengine: idma64: Use actual device for DMA transfers pwm: tiehrpwm: Update shadow register for disabling PWMs ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: Fix deadlock warning when removing PWM device ARM: exynos: Fix undefined instruction during Exynos5422 resume Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" ALSA: seq: Cover unsubscribe_port() in list_mutex ALSA: oxfw: allow PCM capture for Stanton SCS.1m libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node fs/ocfs2: fix race in ocfs2_dentry_attach_lock() signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO ptrace: restore smp_rmb() in __ptrace_may_access() media: v4l2-ioctl: clear fields in s_parm i2c: acorn: fix i2c warning bcache: fix stack corruption by PRECEDING_KEY() cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() ASoC: cs42xx8: Add regcache mask dirty ASoC: fsl_asrc: Fix the issue about unsupported rate x86/uaccess, kcov: Disable stack protector ALSA: seq: Protect in-kernel ioctl calls with mutex ALSA: seq: Fix race of get-subscription call vs port-delete ioctls Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex" Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var scsi: lpfc: add check for loss of ndlp when sending RRQ arm64/mm: Inhibit huge-vmap with ptdump scsi: bnx2fc: fix incorrect cast to u64 on shift operation selftests/timers: Add missing fflush(stdout) calls usbnet: ipheth: fix racing condition KVM: x86/pmu: do not mask the value that is written to fixed PMUs KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() usb: dwc2: Fix DMA cache alignment issues USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. USB: usb-storage: Add new ID to ums-realtek USB: serial: pl2303: add Allied Telesis VT-Kit3 USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode USB: serial: option: add Telit 0x1260 and 0x1261 compositions rtc: pcf8523: don't return invalid date when battery is low ax25: fix inconsistent lock state in ax25_destroy_timer be2net: Fix number of Rx queues used for flow hashing ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero lapb: fixed leak of control-blocks. neigh: fix use-after-free read in pneigh_get_next sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg Revert "staging: vc04_services: prevent integer overflow in create_pagelist()" perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints selftests: netfilter: missing error check when setting up veth interface mISDN: make sure device name is NUL terminated x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor perf/ring_buffer: Fix exposing a temporarily decreased data_head perf/ring_buffer: Add ordering to rb->nest increment gpio: fix gpio-adp5588 build errors net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr configfs: Fix use-after-free when accessing sd->s_dentry perf data: Fix 'strncat may truncate' build failure with recent gcc perf record: Fix s390 missing module symbol and warning for non-root users ia64: fix build errors by exporting paddr_to_nid() KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask scsi: libsas: delete sas port if expander discover failed mlxsw: spectrum: Prevent force of 56G Abort file_remove_privs() for non-reg. files Linux 4.9.183 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Cyrill Gorcunov
|
e74cb9e009 |
kernel/sys.c: prctl: fix false positive in validate_prctl_map()
[ Upstream commit a9e73998f9d705c94a8dca9687633adc0f24a19a ]
While validating new map we require the @start_data to be strictly less
than @end_data, which is fine for regular applications (this is why this
nit didn't trigger for that long). These members are set from executable
loaders such as elf handers, still it is pretty valid to have a loadable
data section with zero size in file, in such case the start_data is equal
to end_data once kernel loader finishes.
As a result when we're trying to restore such programs the procedure fails
and the kernel returns -EINVAL. From the image dump of a program:
| "mm_start_code": "0x400000",
| "mm_end_code": "0x8f5fb4",
| "mm_start_data": "0xf1bfb0",
| "mm_end_data": "0xf1bfb0",
Thus we need to change validate_prctl_map from strictly less to less or
equal operator use.
Link: http://lkml.kernel.org/r/20190408143554.GY1421@uranus.lan
Fixes:
|
||
|
Ingo Molnar
|
badaff8470 |
UPSTREAM: sched/headers: Prepare for new header dependencies before moving code to <linux/sched/loadavg.h>
We are going to split <linux/sched/loadavg.h> out of <linux/sched.h>, which will have to be picked up from a couple of .c files. Create a trivial placeholder <linux/sched/topology.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> (cherry picked from commit 4f17722c7256af8e17c2c4f29f170247264bdf48) Bug: 111308141 Test: modified lmkd to use PSI and tested using lmkd_unit_test Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: I6da8f80df8e4d9b919a56b286a86d5a72b189684 |
||
|
Petri Gynther
|
82fb8eb1d4 |
Merge android-4.9 into android-msm-bluecross-4.9-lts
Merge android-4.9 common kernel into B1/C1 kernel LTS staging branch.
Since android-msm-bluecross-4.9-lts is currently merged to LTS 4.9.150,
I deliberately chose to merge only up to:
commit
|
||
|
Petri Gynther
|
466b53ddc8 |
LTS: Merge 4.9.140 into android-msm-bluecross-4.9
Update B1/C1 master kernel to 4.9.140 LTS kernel. Bug: 115649324 Test: Manual testing Change-Id: Ib1650df1966e00ca5e09bf5c82eee0697b7dfb97 Signed-off-by: Petri Gynther <pgynther@google.com> |
||
|
Petri Gynther
|
c345ed7816 |
Merge 4.9.126 into android-msm-bluecross-4.9-lts
Linux 4.9.126
* fs/quota: Fix spectre gadget in do_quotactl
fs/quota/quota.c
crypto: caam/jr - fix descriptor DMA unmapping
crypto: vmx - Fix sleep-in-atomic bugs
perf auxtrace: Fix queue resize
bcache: release dc->writeback_lock properly in bch_writeback_thread()
printk/tracing: Do not trace printk_nmi_enter()
libnvdimm: fix ars_status output length calculation
* getxattr: use correct xattr length
fs/xattr.c
udlfb: set optimal write delay
* fb: fix lost console when the user unplugs a USB adapter
drivers/video/fbdev/core/fbmem.c
pwm: tiehrpwm: Fix disabling of output of PWMs
ubifs: Fix synced_i_size calculation for xattr inodes
ubifs: Check data node size before truncate
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Fix memory leak in lprobs self-check
userns: move user access out of the mutex
* sys: don't hold uts_sem while accessing userspace memory
kernel/sys.c
kernel/utsname_sysctl.c
osf_getdomainname(): use copy_to_user()
iommu/vt-d: Fix dev iotlb pfsid use
iommu/vt-d: Add definitions for PFSID
* mm/tlb: Remove tlb_remove_table() non-concurrent condition
mm/memory.c
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
* Replace magic for trusting the secondary keyring with #define
certs/system_keyring.c
include/linux/verification.h
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
* NFSv4 client live hangs after live data migration recovery
include/linux/sunrpc/clnt.h
pnfs/blocklayout: off by one in bl_map_stripe()
xtensa: increase ranges in ___invalidate_{i,d}cache_all
xtensa: limit offsets in __loop_cache_{all,page}
KVM: VMX: fixes for vmentry_l1d_flush module parameter
* PM / sleep: wakeup: Fix build error caused by missing SRCU support
kernel/power/Kconfig
9p: fix multiple NULL-pointer-dereferences
mfd: hi655x: Fix regmap area declared size for hi655x
uprobes: Use synchronize_rcu() not synchronize_sched()
* tracing/blktrace: Fix to allow setting same value
kernel/trace/blktrace.c
* tracing: Do not call start/stop() functions when tracing_on does not change
kernel/trace/trace.c
rtc: omap: fix potential crash on power off
vmw_balloon: fix VMCI use when balloon built into kernel
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: do not use 2MB without batching
vmw_balloon: fix inflation of 64-bit GFNs
iio: ad9523: Fix return value for ad952x_store()
iio: ad9523: Fix displayed phase
* uart: fix race between uart_put_char() and uart_shutdown()
drivers/tty/serial/serial_core.c
dm cache metadata: save in-core policy_hint_size to on-disk superblock
dm thin: stop no_space_timeout worker when switching to write-mode
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
net/9p/client.c: version pointer uninitialized
9p/virtio: fix off-by-one error in sg list bounds check
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
ib_srpt: Fix a use-after-free in srpt_close_ch()
cxl: Fix wrong comparison in cxl_adapter_context_get()
powerpc/powernv/pci: Work around races in PCI bridge enabling
* PCI: Add wrappers for dev_printk()
include/linux/pci.h
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
powerpc/fadump: handle crash memory ranges array index overflow
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
libertas: fix suspend and resume for SDIO connected cards
drm/i915/userptr: reject zero user_size
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
spi: davinci: fix a NULL pointer dereference
9p/net: Fix zero-copy path in the 9p virtio transport
net: mac802154: tx: expand tailroom if necessary
net: 6lowpan: fix reserved space for single frames
Change-Id: I4ea34dd1e7fdc53b77f1addb6d8d99673342ee2a
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Ingo Molnar
|
8eb1a8584f |
UPSTREAM: sched/headers: Prepare for new header dependencies before moving code to <linux/sched/loadavg.h>
We are going to split <linux/sched/loadavg.h> out of <linux/sched.h>, which will have to be picked up from a couple of .c files. Create a trivial placeholder <linux/sched/topology.h> file that just maps to <linux/sched.h> to make this patch obviously correct and bisectable. Include the new header in the files that are going to need it. Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> (cherry picked from commit 4f17722c7256af8e17c2c4f29f170247264bdf48) Bug: 111308141 Test: modified lmkd to use PSI and tested using lmkd_unit_test Signed-off-by: Suren Baghdasaryan <surenb@google.com> Change-Id: I6da8f80df8e4d9b919a56b286a86d5a72b189684 |
||
|
Greg Kroah-Hartman
|
a8c1ea6c63 |
Merge 4.9.126 into android-4.9
Changes in 4.9.126
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
drm/i915/userptr: reject zero user_size
libertas: fix suspend and resume for SDIO connected cards
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
PCI: Add wrappers for dev_printk()
powerpc/powernv/pci: Work around races in PCI bridge enabling
cxl: Fix wrong comparison in cxl_adapter_context_get()
ib_srpt: Fix a use-after-free in srpt_close_ch()
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
uart: fix race between uart_put_char() and uart_shutdown()
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
9p: fix multiple NULL-pointer-dereferences
PM / sleep: wakeup: Fix build error caused by missing SRCU support
KVM: VMX: fixes for vmentry_l1d_flush module parameter
xtensa: limit offsets in __loop_cache_{all,page}
xtensa: increase ranges in ___invalidate_{i,d}cache_all
pnfs/blocklayout: off by one in bl_map_stripe()
NFSv4 client live hangs after live data migration recovery
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
osf_getdomainname(): use copy_to_user()
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: set optimal write delay
getxattr: use correct xattr length
libnvdimm: fix ars_status output length calculation
printk/tracing: Do not trace printk_nmi_enter()
bcache: release dc->writeback_lock properly in bch_writeback_thread()
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: caam/jr - fix descriptor DMA unmapping
fs/quota: Fix spectre gadget in do_quotactl
Linux 4.9.126
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Jann Horn
|
55463c60b7 |
sys: don't hold uts_sem while accessing userspace memory
commit 42a0cc3478584d4d63f68f2f5af021ddbea771fa upstream.
Holding uts_sem as a writer while accessing userspace memory allows a
namespace admin to stall all processes that attempt to take uts_sem.
Instead, move data through stack buffers and don't access userspace memory
while uts_sem is held.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Petri Gynther
|
b6fb66302e |
Merge 4.9.105 into android-msm-bluecross-4.9-lts
Linux 4.9.105
* Revert "vti4: Don't override MTU passed on link creation via IFLA_MTU"
net/ipv4/ip_vti.c
Linux 4.9.104
kdb: make "mdr" command repeat
* pinctrl: msm: Use dynamic GPIO numbering
drivers/pinctrl/qcom/pinctrl-msm.c
* regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()'
drivers/regulator/of_regulator.c
ARM: dts: porter: Fix HDMI output routing
ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet
* regmap: Correct comparison in regmap_cached
drivers/base/regmap/regmap.c
* netlabel: If PF_INET6, check sk_buff ip header version
net/netlabel/netlabel_unlabeled.c
selftests/net: fixes psock_fanout eBPF test case
perf report: Fix memory corruption in --branch-history mode --branch-history
perf tests: Use arch__compare_symbol_names to compare symbols
x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified
drm/rockchip: Respect page offset for PRIME mmap calls
MIPS: Octeon: Fix logging messages with spurious periods after newlines
pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group
* rcu: Call touch_nmi_watchdog() while printing stall warnings
kernel/rcu/tree_plugin.h
* audit: return on memory error to avoid null pointer dereference
kernel/audit.c
ARM: dts: bcm283x: Fix probing of bcm2835-i2s
udf: Provide saner default for invalid uid / gid
* PCI: Add function 1 DMA alias quirk for Marvell 88SE9220
drivers/pci/quirks.c
* cpufreq: Reorder cpufreq_online() error code path
drivers/cpufreq/cpufreq.c
net: stmmac: ensure that the MSS desc is the last desc to set the own bit
net: stmmac: ensure that the device has released ownership before reading data
dmaengine: qcom: bam_dma: get num-channels and num-ees from dt
hwrng: stm32 - add reset during probe
enic: enable rq before updating rq descriptors
dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue()
dmaengine: pl330: fix a race condition in case of threaded irqs
ALSA: vmaster: Propagate slave error
x86/devicetree: Fix device IRQ settings in DT
x86/devicetree: Initialize device tree before using it
gfs2: Fix fallocate chunk size
soc: qcom: wcnss_ctrl: Fix increment in NV upload
arm64: dts: qcom: Fix SPI5 config on MSM8996
perf/x86/intel: Fix event update for auto-reload
perf/x86/intel: Fix large period handling on Broadwell CPUs
cdrom: do not call check_disk_change() inside cdrom_open()
perf/x86/intel: Properly save/restore the PMU state in the NMI handler
hwmon: (pmbus/adm1275) Accept negative page register values
hwmon: (pmbus/max8688) Accept negative page register values
drm/panel: simple: Fix the bus format for the Ontat panel
* perf/core: Fix perf_output_read_group()
kernel/events/core.c
* f2fs: fix to check extent cache in f2fs_drop_extent_tree
fs/f2fs/extent_cache.c
powerpc: Add missing prototype for arch_irq_work_raise()
ipmi_ssif: Fix kernel panic at msg_done_handler
* PCI: Restore config space on runtime resume despite being unbound
drivers/pci/pci-driver.c
MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset
spi: bcm-qspi: fIX some error handling paths
regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()'
IB/core: Honor port_num while resolving GID for IB link layer
perf stat: Fix core dump when flag T is used
perf top: Fix top.call-graph config option reading
KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use
i2c: mv64xxx: Apply errata delay only in standard mode
cxgb4: Fix queue free path of ULD drivers
ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
ACPICA: Events: add a return on failure from acpi_hw_register_read
bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set
zorro: Set up z->dev.dma_mask for the DMA API
cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path
arm: dts: socfpga: fix GIC PPI warning
virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
ima: Fallback to the builtin hash algorithm
cxgb4: Setup FW queues before registering netdev
ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
net/mlx5: Protect from command bit overflow
selftests: Print the test we're running to /dev/kmsg
tools/thermal: tmon: fix for segfault
powerpc/perf: Fix kernel address leak via sampling registers
powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer
hwmon: (nct6775) Fix writing pwmX_mode
parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode
m68k: set dma and coherent masks for platform FEC ethernets
powerpc/mpic: Check if cpu_possible() in mpic_physmask()
ACPI: acpi_pad: Fix memory leak in power saving threads
drivers: macintosh: rack-meter: really fix bogus memsets
xen/acpi: off by one in read_acpi_id()
rxrpc: Don't treat call aborts as conn aborts
rxrpc: Fix Tx ring annotation after initial Tx failure
btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers
Btrfs: fix copy_items() return value when logging an inode
btrfs: tests/qgroup: Fix wrong tree backref level
net: bgmac: Fix endian access in bgmac_dma_tx_ring_free()
sparc64: Make atomic_xchg() an inline function rather than a macro.
fscache: Fix hanging wait on page discarded by writeback
KVM: VMX: raise internal error for exception during invalid protected mode state
* sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning
kernel/sched/rt.c
ocfs2/dlm: don't handle migrate lockres if already in shutdown
btrfs: Fix possible softlock on single core machines
Btrfs: fix NULL pointer dereference in log_dir_items
Btrfs: bail out on error during replay_dir_deletes
* mm: fix races between address_space dereference and free in page_evicatable
mm/vmscan.c
mm/ksm: fix interaction with THP
dp83640: Ensure against premature access to PHY registers after reset
cpufreq: CPPC: Initialize shared perf capabilities of CPUs
Force log to disk before reading the AGF during a fstrim
sr: get/drop reference to device in revalidate and check_events
* swap: divide-by-zero when zero length swap file on ssd
mm/swapfile.c
* fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table
fs/proc/proc_sysctl.c
x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
x86/pgtable: Don't set huge PUD/PMD on non-leaf entries
nvme: don't send keep-alives to the discovery controller
sh: fix debug trap failure to process signals before return to user
net: mvneta: fix enable of all initialized RXQs
* net: Fix untag for vlan packets without ethernet header
net/core/skbuff.c
mm/kmemleak.c: wait for scan completion before disabling free
builddeb: Fix header package regarding dtc source links
llc: properly handle dev_queue_xmit() return value
perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs
net: qmi_wwan: add BroadMobi BM806U 2020:2033
ARM: 8748/1: mm: Define vdso_start, vdso_end as array
batman-adv: fix packet loss for broadcasted DHCP packets to a server
batman-adv: fix multicast-via-unicast transmission with AP isolation
selftests: ftrace: Add a testcase for probepoint
selftests: ftrace: Add a testcase for string type with kprobe_event
selftests: ftrace: Add probe event argument syntax testcase
mm, thp: do not cause memcg oom for thp
mm/mempolicy.c: avoid use uninitialized preferred_node
RDMA/qedr: Fix rc initialization on CNQ allocation failure
RDMA/qedr: fix QP's ack timeout configuration
RDMA/ucma: Correct option size check using optlen
kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races
brcmfmac: Fix check for ISO3166 code
* perf/cgroup: Fix child event counting bug
kernel/events/core.c
* vti4: Don't override MTU passed on link creation via IFLA_MTU
net/ipv4/ip_vti.c
* vti4: Don't count header length twice on tunnel setup
net/ipv4/ip_vti.c
batman-adv: Fix skbuff rcsum on packet reroute
batman-adv: fix header size check in batadv_dbg_arp()
* net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off
include/uapi/linux/if_ether.h
net/core/skbuff.c
drm/imx: move arming of the vblank event to atomic_flush
sunvnet: does not support GSO for sctp
* ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu
include/net/ip.h
include/net/ip_fib.h
include/net/route.h
net/ipv4/route.c
net/ipv4/xfrm4_policy.c
* workqueue: use put_device() instead of kfree()
kernel/workqueue.c
bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa().
* netfilter: ebtables: fix erroneous reject of last rule
net/bridge/netfilter/ebtables.c
dmaengine: mv_xor_v2: Fix clock resource by adding a register clock
* arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery
arch/arm64/kernel/cpu_errata.c
xen: xenbus: use put_device() instead of kfree()
IB/core: Fix possible crash to access NULL netdev
net: smsc911x: Fix unload crash when link is up
net: qcom/emac: Use proper free methods during TX
fsl/fman: avoid sleeping in atomic context while adding an address
fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
IB/mlx5: Fix an error code in __mlx5_ib_modify_qp()
IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE
IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs
RDMA/qedr: Fix iWARP write and send with immediate
RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA
ia64/err-inject: Use get_user_pages_fast()
e1000e: allocate ring descriptors with dma_zalloc_coherent
e1000e: Fix check_for_link return value with autoneg off
batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag
watchdog: sbsa: use 32-bit read for WCV
watchdog: f71808e_wdt: Fix magic close handling
iwlwifi: mvm: fix TX of CCMP 256
KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable
Btrfs: send, fix issuing write op when processing hole in no data mode
drm/sun4i: Fix dclk_set_phase
xen/pirq: fix error path cleanup when binding MSIs
nvmet: fix PSDT field check in command format
net/tcp/illinois: replace broken algorithm reference link
gianfar: Fix Rx byte accounting for ndev stats
powerpc/boot: Fix random libfdt related build errors
ARM: dts: NSP: Fix amount of RAM on BCM958625HR
* sit: fix IFLA_MTU ignored on NEWLINK
net/ipv6/sit.c
* ip6_tunnel: fix IFLA_MTU ignored on NEWLINK
net/ipv6/ip6_tunnel.c
bcache: fix kcrashes with fio in RAID5 backend dev
dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3
virtio-gpu: fix ioctl and expose the fixed status to userspace.
r8152: fix tx packets accounting
qrtr: add MODULE_ALIAS macro to smd
ARM: orion5x: Revert commit
|
||
|
Petri Gynther
|
4f9d25cddb |
Merge 4.9.102 into android-msm-bluecross-4.9-lts
Linux 4.9.102
x86/bugs: Rename SSBD_NO to SSB_NO
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
x86/bugs: Rework spec_ctrl base and mask logic
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
x86/speculation: Rework speculative_store_bypass_update()
x86/speculation: Add virtualized speculative store bypass disable support
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Handle HT correctly on AMD
x86/cpufeatures: Add FEATURE_ZEN
x86/cpu/AMD: Fix erratum 1076 (CPB bit)
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
KVM: SVM: Move spec control call after restore of GS
x86/cpu: Make alternative_msr_write work for 32-bit code
x86/bugs: Fix the parameters alignment and missing void
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix __ssb_select_mitigation() return type
Documentation/spec_ctrl: Do some minor cleanups
* proc: Use underscores for SSBD in 'status'
fs/proc/array.c
x86/bugs: Rename _RDS to _SSBD
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
* seccomp: Move speculation migitation control to arch code
include/linux/nospec.h
kernel/seccomp.c
* seccomp: Add filter flag to opt-out of SSB mitigation
include/linux/seccomp.h
include/uapi/linux/seccomp.h
kernel/seccomp.c
* seccomp: Use PR_SPEC_FORCE_DISABLE
kernel/seccomp.c
* prctl: Add force disable speculation
fs/proc/array.c
include/linux/sched.h
include/uapi/linux/prctl.h
x86/bugs: Make boot modes __ro_after_init
* seccomp: Enable speculation flaw mitigations
kernel/seccomp.c
* proc: Provide details on speculation flaw mitigations
fs/proc/array.c
* nospec: Allow getting/setting on non-current task
include/linux/nospec.h
kernel/sys.c
x86/speculation: Add prctl for Speculative Store Bypass mitigation
x86/process: Allow runtime control of Speculative Store Bypass
x86/process: Optimize TIF_NOTSC switch
x86/process: Correct and optimize TIF_BLOCKSTEP switch
x86/process: Optimize TIF checks in __switch_to_xtra()
* prctl: Add speculation control prctls
include/linux/nospec.h
include/uapi/linux/prctl.h
kernel/sys.c
x86/speculation: Create spec-ctrl.h to avoid include hell
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/cpufeatures: Add X86_FEATURE_RDS
* x86/bugs: Expose /sys/../spec_store_bypass
drivers/base/cpu.c
include/linux/cpu.h
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Concentrate bug detection into a separate function
x86/nospec: Simplify alternative_msr_write()
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
btrfs: fix crash when trying to resume balance without the resume flag
Btrfs: fix xattr loss after power failure
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
* tick/broadcast: Use for_each_cpu() specially on UP kernels
kernel/time/tick-broadcast.c
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
* efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
include/linux/efi.h
x86/pkeys: Do not special case protection key 0
x86/pkeys: Override pkey when moving away from PROT_EXEC
s390: remove indirect branch from do_softirq_own_stack
s390/qdio: don't release memory in qdio_setup_irq()
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: fix access to uninitialized qdio_q fields
* mm: don't allow deferred pages with NEED_PER_CPU_KM
mm/Kconfig
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
i2c: designware: fix poll-after-enable regression
netfilter: nf_tables: can't fail after linking rule into active rule list
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
* signals: avoid unnecessary taking of sighand->siglock
include/linux/signal.h
kernel/signal.c
powerpc: Don't preempt_disable() in show_cpuinfo()
KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
spi: pxa2xx: Allow 64-bit DMA
* ALSA: control: fix a redundant-copy issue
sound/core/control_compat.c
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
* ALSA: usb: mixer: volume quirk for CM102-A+/102S+
sound/usb/mixer.c
usbip: usbip_host: fix bad unlock balance during stub_probe()
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
Change-Id: I5ccef7b7a05ab472611a40afe8e891109a538322
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Greg Kroah-Hartman
|
9797dcb8c7 |
Merge 4.9.104 into android-4.9
Changes in 4.9.104
MIPS: c-r4k: Fix data corruption related to cache coherence
MIPS: ptrace: Expose FIR register through FP regset
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
affs_lookup(): close a race with affs_remove_link()
aio: fix io_destroy(2) vs. lookup_ioctx() race
ALSA: timer: Fix pause event notification
do d_instantiate/unlock_new_inode combinations safely
mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
libata: Blacklist some Sandisk SSDs for NCQ
libata: blacklist Micron 500IT SSD with MU01 firmware
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
IB/hfi1: Use after free race condition in send context error path
Revert "ipc/shm: Fix shmat mmap nil-page protection"
ipc/shm: fix shmat() nil address after round-down when remapping
kasan: fix memory hotplug during boot
kernel/sys.c: fix potential Spectre v1 issue
kernel/signal.c: avoid undefined behaviour in kill_something_info
KVM/VMX: Expose SSBD properly to guests
KVM: s390: vsie: fix < 8k check for the itdba
KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
kvm: x86: IA32_ARCH_CAPABILITIES is always supported
firewire-ohci: work around oversized DMA reads on JMicron controllers
x86/tsc: Allow TSC calibration without PIT
NFSv4: always set NFS_LOCK_LOST when a lock is lost.
ALSA: hda - Use IS_REACHABLE() for dependency on input
kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl
netfilter: ipv6: nf_defrag: Pass on packets to stack per RFC2460
tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account
PCI: Add function 1 DMA alias quirk for Marvell 9128
Input: psmouse - fix Synaptics detection when protocol is disabled
i40iw: Zero-out consumer key on allocate stag for FMR
tools lib traceevent: Simplify pointer print logic and fix %pF
perf callchain: Fix attr.sample_max_stack setting
tools lib traceevent: Fix get_field_str() for dynamic strings
perf record: Fix failed memory allocation for get_cpuid_str
iommu/vt-d: Use domain instead of cache fetching
dm thin: fix documentation relative to low water mark threshold
net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
nfs: Do not convert nfs_idmap_cache_timeout to jiffies
watchdog: sp5100_tco: Fix watchdog disable bit
kconfig: Don't leak main menus during parsing
kconfig: Fix automatic menu creation mem leak
kconfig: Fix expr_free() E_NOT leak
mac80211_hwsim: fix possible memory leak in hwsim_new_radio_nl()
ipmi/powernv: Fix error return code in ipmi_powernv_probe()
Btrfs: set plug for fsync
btrfs: Fix out of bounds access in btrfs_search_slot
Btrfs: fix scrub to repair raid6 corruption
btrfs: fail mount when sb flag is not in BTRFS_SUPER_FLAG_SUPP
HID: roccat: prevent an out of bounds read in kovaplus_profile_activated()
fm10k: fix "failed to kill vid" message for VF
device property: Define type of PROPERTY_ENRTY_*() macros
jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path
powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes
powerpc/numa: Ensure nodes initialized for hotplug
RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure
ntb_transport: Fix bug with max_mw_size parameter
gianfar: prevent integer wrapping in the rx handler
tcp_nv: fix potential integer overflow in tcpnv_acked
kvm: Map PFN-type memory regions as writable (if possible)
ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid
ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute
ocfs2: return error when we attempt to access a dirty bh in jbd2
mm/mempolicy: fix the check of nodemask from user
mm/mempolicy: add nodes_empty check in SYSC_migrate_pages
asm-generic: provide generic_pmdp_establish()
sparc64: update pmdp_invalidate() to return old pmd value
mm: thp: use down_read_trylock() in khugepaged to avoid long block
mm: pin address_space before dereferencing it while isolating an LRU page
mm/fadvise: discard partial page if endbyte is also EOF
openvswitch: Remove padding from packet before L3+ conntrack processing
IB/ipoib: Fix for potential no-carrier state
drm/nouveau/pmu/fuc: don't use movw directly anymore
netfilter: ipv6: nf_defrag: Kill frag queue on RFC2460 failure
x86/power: Fix swsusp_arch_resume prototype
firmware: dmi_scan: Fix handling of empty DMI strings
ACPI: processor_perflib: Do not send _PPC change notification if not ready
ACPI / scan: Use acpi_bus_get_status() to initialize ACPI_TYPE_DEVICE devs
bpf: fix selftests/bpf test_kmod.sh failure when CONFIG_BPF_JIT_ALWAYS_ON=y
MIPS: generic: Fix machine compatible matching
MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS
xen-netfront: Fix race between device setup and open
xen/grant-table: Use put_page instead of free_page
RDS: IB: Fix null pointer issue
arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics
proc: fix /proc/*/map_files lookup
cifs: silence compiler warnings showing up with gcc-8.0.0
bcache: properly set task state in bch_writeback_thread()
bcache: fix for allocator and register thread race
bcache: fix for data collapse after re-attaching an attached device
bcache: return attach error when no cache set exist
tools/libbpf: handle issues with bpf ELF objects containing .eh_frames
bpf: fix rlimit in reuseport net selftest
vfs/proc/kcore, x86/mm/kcore: Fix SMAP fault when dumping vsyscall user page
locking/qspinlock: Ensure node->count is updated before initialising node
irqchip/gic-v3: Ignore disabled ITS nodes
cpumask: Make for_each_cpu_wrap() available on UP as well
irqchip/gic-v3: Change pr_debug message to pr_devel
ARC: Fix malformed ARC_EMUL_UNALIGNED default
ptr_ring: prevent integer overflow when calculating size
libata: Fix compile warning with ATA_DEBUG enabled
selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
selftests: memfd: add config fragment for fuse
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP1: clock: Fix debugfs_create_*() usage
ibmvnic: Free RX socket buffer in case of adapter error
iwlwifi: mvm: fix security bug in PN checking
iwlwifi: mvm: always init rs with 20mhz bandwidth rates
NFC: llcp: Limit size of SDP URI
rxrpc: Work around usercopy check
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
mac80211: fix a possible leak of station stats
mac80211: fix calling sleeping function in atomic context
mac80211: Do not disconnect on invalid operating class
md raid10: fix NULL deference in handle_write_completed()
drm/exynos: g2d: use monotonic timestamps
drm/exynos: fix comparison to bitshift when dealing with a mask
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
md: raid5: avoid string overflow warning
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
s390/cio: fix ccw_device_start_timeout API
s390/cio: fix return code after missing interrupt
s390/cio: clear timer when terminating driver I/O
PKCS#7: fix direct verification of SignerInfo signature
ARM: OMAP: Fix dmtimer init for omap1
smsc75xx: fix smsc75xx_set_features()
regulatory: add NUL to request alpha2
integrity/security: fix digsig.c build error with header file
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
mac80211: drop frames with unexpected DS bits from fast-rx to slow path
arm64: fix unwind_frame() for filtered out fn for function graph tracing
macvlan: fix use-after-free in macvlan_common_newlink()
kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
fs: dcache: Use READ_ONCE when accessing i_dir_seq
md: fix a potential deadlock of raid5/raid10 reshape
md/raid1: fix NULL pointer dereference
batman-adv: fix packet checksum in receive path
batman-adv: invalidate checksum on fragment reassembly
netfilter: ebtables: convert BUG_ONs to WARN_ONs
batman-adv: Ignore invalid batadv_iv_gw during netlink send
batman-adv: Ignore invalid batadv_v_gw during netlink send
batman-adv: Fix netlink dumping of BLA claims
batman-adv: Fix netlink dumping of BLA backbones
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
clocksource/drivers/fsl_ftm_timer: Fix error return checking
ceph: fix dentry leak when failing to init debugfs
ARM: orion5x: Revert commit
|
||
|
Gustavo A. R. Silva
|
960828aaa0 |
kernel/sys.c: fix potential Spectre v1 issue
commit 23d6aef74da86a33fa6bb75f79565e0a16ee97c2 upstream. `resource' can be controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: kernel/sys.c:1474 __do_compat_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap) kernel/sys.c:1455 __do_sys_old_getrlimit() warn: potential spectre issue 'get_current()->signal->rlim' (local cap) Fix this by sanitizing *resource* before using it to index current->signal->rlim Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Link: http://lkml.kernel.org/r/20180515030038.GA11822@embeddedor.com Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Dan Williams <dan.j.williams@intel.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
9c3041c524 |
Merge 4.9.102 into android-4.9
Changes in 4.9.102
usbip: usbip_host: refine probe and disconnect debug msgs to be useful
usbip: usbip_host: delete device from busid_table after rebind
usbip: usbip_host: run rebind from exit when module is removed
usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
usbip: usbip_host: fix bad unlock balance during stub_probe()
ALSA: usb: mixer: volume quirk for CM102-A+/102S+
ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist
ALSA: control: fix a redundant-copy issue
spi: pxa2xx: Allow 64-bit DMA
spi: bcm-qspi: Avoid setting MSPI_CDRAM_PCS for spi-nor master
spi: bcm-qspi: Always read and set BSPI_MAST_N_BOOT_CTRL
KVM: arm/arm64: VGIC/ITS: protect kvm_read_guest() calls with SRCU lock
powerpc: Don't preempt_disable() in show_cpuinfo()
signals: avoid unnecessary taking of sighand->siglock
tracing/x86/xen: Remove zero data size trace events trace_xen_mmu_flush_tlb{_all}
netfilter: nf_tables: can't fail after linking rule into active rule list
i2c: designware: fix poll-after-enable regression
powerpc/powernv: Fix NVRAM sleep in invalid context when crashing
mm: don't allow deferred pages with NEED_PER_CPU_KM
s390/qdio: fix access to uninitialized qdio_q fields
s390/cpum_sf: ensure sample frequency of perf event attributes is non-zero
s390/qdio: don't release memory in qdio_setup_irq()
s390: remove indirect branch from do_softirq_own_stack
x86/pkeys: Override pkey when moving away from PROT_EXEC
x86/pkeys: Do not special case protection key 0
efi: Avoid potential crashes, fix the 'struct efi_pci_io_protocol_32' definition for mixed mode
ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr
tick/broadcast: Use for_each_cpu() specially on UP kernels
ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed
ARM: 8770/1: kprobes: Prohibit probing on optimized_callback
ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions
Btrfs: fix xattr loss after power failure
btrfs: fix crash when trying to resume balance without the resume flag
x86/amd: don't set X86_BUG_SYSRET_SS_ATTRS when running under Xen
btrfs: fix reading stale metadata blocks after degraded raid1 mounts
x86/nospec: Simplify alternative_msr_write()
x86/bugs: Concentrate bug detection into a separate function
x86/bugs: Concentrate bug reporting into a separate function
x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/bugs: Expose /sys/../spec_store_bypass
x86/cpufeatures: Add X86_FEATURE_RDS
x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation
x86/bugs/intel: Set proper CPU features and setup RDS
x86/bugs: Whitelist allowed SPEC_CTRL MSR values
x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/speculation: Create spec-ctrl.h to avoid include hell
prctl: Add speculation control prctls
x86/process: Optimize TIF checks in __switch_to_xtra()
x86/process: Correct and optimize TIF_BLOCKSTEP switch
x86/process: Optimize TIF_NOTSC switch
x86/process: Allow runtime control of Speculative Store Bypass
x86/speculation: Add prctl for Speculative Store Bypass mitigation
nospec: Allow getting/setting on non-current task
proc: Provide details on speculation flaw mitigations
seccomp: Enable speculation flaw mitigations
x86/bugs: Make boot modes __ro_after_init
prctl: Add force disable speculation
seccomp: Use PR_SPEC_FORCE_DISABLE
seccomp: Add filter flag to opt-out of SSB mitigation
seccomp: Move speculation migitation control to arch code
x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass
x86/bugs: Rename _RDS to _SSBD
proc: Use underscores for SSBD in 'status'
Documentation/spec_ctrl: Do some minor cleanups
x86/bugs: Fix __ssb_select_mitigation() return type
x86/bugs: Make cpu_show_common() static
x86/bugs: Fix the parameters alignment and missing void
x86/cpu: Make alternative_msr_write work for 32-bit code
KVM: SVM: Move spec control call after restore of GS
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS
x86/cpufeatures: Disentangle SSBD enumeration
x86/cpu/AMD: Fix erratum 1076 (CPB bit)
x86/cpufeatures: Add FEATURE_ZEN
x86/speculation: Handle HT correctly on AMD
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Add virtualized speculative store bypass disable support
x86/speculation: Rework speculative_store_bypass_update()
x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host}
x86/bugs: Expose x86_spec_ctrl_base directly
x86/bugs: Remove x86_spec_ctrl_set()
x86/bugs: Rework spec_ctrl base and mask logic
x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/bugs: Rename SSBD_NO to SSB_NO
Linux 4.9.102
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Kees Cook
|
4272f528da |
nospec: Allow getting/setting on non-current task
commit 7bbf1373e228840bb0295a2ca26d548ef37f448e upstream Adjust arch_prctl_get/set_spec_ctrl() to operate on tasks other than current. This is needed both for /proc/$pid/status queries and for seccomp (since thread-syncing can trigger seccomp in non-current threads). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: David Woodhouse <dwmw@amazon.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
4812ffbbfc |
prctl: Add speculation control prctls
commit b617cfc858161140d69cc0b5cc211996b557a1c7 upstream
Add two new prctls to control aspects of speculation related vulnerabilites
and their mitigations to provide finer grained control over performance
impacting mitigations.
PR_GET_SPECULATION_CTRL returns the state of the speculation misfeature
which is selected with arg2 of prctl(2). The return value uses bit 0-2 with
the following meaning:
Bit Define Description
0 PR_SPEC_PRCTL Mitigation can be controlled per task by
PR_SET_SPECULATION_CTRL
1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
disabled
2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
enabled
If all bits are 0 the CPU is not affected by the speculation misfeature.
If PR_SPEC_PRCTL is set, then the per task control of the mitigation is
available. If not set, prctl(PR_SET_SPECULATION_CTRL) for the speculation
misfeature will fail.
PR_SET_SPECULATION_CTRL allows to control the speculation misfeature, which
is selected by arg2 of prctl(2) per task. arg3 is used to hand in the
control value, i.e. either PR_SPEC_ENABLE or PR_SPEC_DISABLE.
The common return values are:
EINVAL prctl is not implemented by the architecture or the unused prctl()
arguments are not 0
ENODEV arg2 is selecting a not supported speculation misfeature
PR_SET_SPECULATION_CTRL has these additional return values:
ERANGE arg3 is incorrect, i.e. it's not either PR_SPEC_ENABLE or PR_SPEC_DISABLE
ENXIO prctl control of the selected speculation misfeature is disabled
The first supported controlable speculation misfeature is
PR_SPEC_STORE_BYPASS. Add the define so this can be shared between
architectures.
Based on an initial patch from Tim Chen and mostly rewritten.
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Ingo Molnar <mingo@kernel.org>
Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Colin Cross
|
3e4578f42f |
ANDROID: mm: add a field to store names for private anonymous memory
Userspace processes often have multiple allocators that each do anonymous mmaps to get memory. When examining memory usage of individual processes or systems as a whole, it is useful to be able to break down the various heaps that were allocated by each layer and examine their size, RSS, and physical memory usage. This patch adds a user pointer to the shared union in vm_area_struct that points to a null terminated string inside the user process containing a name for the vma. vmas that point to the same address will be merged, but vmas that point to equivalent strings at different addresses will not be merged. Userspace can set the name for a region of memory by calling prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name); Setting the name to NULL clears it. The names of named anonymous vmas are shown in /proc/pid/maps as [anon:<name>] and in /proc/pid/smaps in a new "Name" field that is only present for named vmas. If the userspace pointer is no longer valid all or part of the name will be replaced with "<fault>". The idea to store a userspace pointer to reduce the complexity within mm (at the expense of the complexity of reading /proc/pid/mem) came from Dave Hansen. This results in no runtime overhead in the mm subsystem other than comparing the anon_name pointers when considering vma merging. The pointer is stored in a union with fieds that are only used on file-backed mappings, so it does not increase memory usage. Includes fix from Jed Davis <jld@mozilla.com> for typo in prctl_set_vma_anon_name, which could attempt to set the name across two vmas at the same time due to a typo, which might corrupt the vma list. Fix it to use tmp instead of end to limit the name setting to a single vma at a time. Change-Id: I9aa7b6b5ef536cd780599ba4e2fba8ceebe8b59f Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> |
||
|
Amit Pundir
|
64c862ac34 |
mm: private anonymous memory build fixes for 4.4
Update vma_merge() call in private anonymous memory prctl,
introduced in AOSP commit ee8c5f78f09a
"mm: add a field to store names for private anonymous memory",
so as to align with changes from upstream commit
|
||
|
Colin Cross
|
8df797848c |
mm: add a field to store names for private anonymous memory
Userspace processes often have multiple allocators that each do anonymous mmaps to get memory. When examining memory usage of individual processes or systems as a whole, it is useful to be able to break down the various heaps that were allocated by each layer and examine their size, RSS, and physical memory usage. This patch adds a user pointer to the shared union in vm_area_struct that points to a null terminated string inside the user process containing a name for the vma. vmas that point to the same address will be merged, but vmas that point to equivalent strings at different addresses will not be merged. Userspace can set the name for a region of memory by calling prctl(PR_SET_VMA, PR_SET_VMA_ANON_NAME, start, len, (unsigned long)name); Setting the name to NULL clears it. The names of named anonymous vmas are shown in /proc/pid/maps as [anon:<name>] and in /proc/pid/smaps in a new "Name" field that is only present for named vmas. If the userspace pointer is no longer valid all or part of the name will be replaced with "<fault>". The idea to store a userspace pointer to reduce the complexity within mm (at the expense of the complexity of reading /proc/pid/mem) came from Dave Hansen. This results in no runtime overhead in the mm subsystem other than comparing the anon_name pointers when considering vma merging. The pointer is stored in a union with fieds that are only used on file-backed mappings, so it does not increase memory usage. Includes fix from Jed Davis <jld@mozilla.com> for typo in prctl_set_vma_anon_name, which could attempt to set the name across two vmas at the same time due to a typo, which might corrupt the vma list. Fix it to use tmp instead of end to limit the name setting to a single vma at a time. Change-Id: I9aa7b6b5ef536cd780599ba4e2fba8ceebe8b59f Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> |
||
|
Micha Kalfon
|
bcb4d62f42 |
prctl: make PR_SET_TIMERSLACK_PID pid namespace aware
Make PR_SET_TIMERSLACK_PID consider pid namespace and resolve the target pid in the caller's namespace. Otherwise, calls from pid namespace other than init would fail or affect the wrong task. Change-Id: I1da15196abc4096536713ce03714e99d2e63820a Signed-off-by: Micha Kalfon <micha@cellrox.com> Acked-by: Oren Laadan <orenl@cellrox.com> |
||
|
Micha Kalfon
|
aba3b0b0a4 |
prctl: fix misplaced PR_SET_TIMERSLACK_PID case
The case clause for the PR_SET_TIMERSLACK_PID option was placed inside the an internal switch statement for PR_MCE_KILL (see commits 37a591d4 and 8ae872f1) . This commit moves it to the right place. Change-Id: I63251669d7e2f2aa843d1b0900e7df61518c3dea Signed-off-by: Micha Kalfon <micha@cellrox.com> Acked-by: Oren Laadan <orenl@cellrox.com> |
||
|
Ruchi Kandoi
|
5a0c16c3a7 |
prctl: adds the capable(CAP_SYS_NICE) check to PR_SET_TIMERSLACK_PID.
Adds a capable() check to make sure that arbitary apps do not change the timer slack for other apps. Bug: 15000427 Change-Id: I558a2551a0e3579c7f7e7aae54b28aa9d982b209 Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com> |
||
|
Ruchi Kandoi
|
fcc18f76c7 |
prctl: adds PR_SET_TIMERSLACK_PID for setting timer slack of an arbitrary thread.
Second argument is similar to PR_SET_TIMERSLACK, if non-zero then the slack is set to that value otherwise sets it to the default for the thread. Takes PID of the thread as the third argument. This allows power/performance management software to set timer slack for other threads according to its policy for the thread (such as when the thread is designated foreground vs. background activity) Change-Id: I744d451ff4e60dae69f38f53948ff36c51c14a3f Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com> |
||
|
Michal Hocko
|
17b0573d77 |
prctl: make PR_SET_THP_DISABLE wait for mmap_sem killable
PR_SET_THP_DISABLE requires mmap_sem for write. If the waiting task gets killed by the oom killer it would block oom_reaper from asynchronous address space reclaim and reduce the chances of timely OOM resolving. Wait for the lock in the killable mode and return with EINTR if the task got killed while waiting. Signed-off-by: Michal Hocko <mhocko@suse.com> Acked-by: Vlastimil Babka <vbabka@suse.cz> Acked-by: Alex Thorlton <athorlton@sgi.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
John Stultz
|
da8b44d5a9 |
timer: convert timer_slack_ns from unsigned long to u64
This patchset introduces a /proc/<pid>/timerslack_ns interface which would allow controlling processes to be able to set the timerslack value on other processes in order to save power by avoiding wakeups (Something Android currently does via out-of-tree patches). The first patch tries to fix the internal timer_slack_ns usage which was defined as a long, which limits the slack range to ~4 seconds on 32bit systems. It converts it to a u64, which provides the same basically unlimited slack (500 years) on both 32bit and 64bit machines. The second patch introduces the /proc/<pid>/timerslack_ns interface which allows the full 64bit slack range for a task to be read or set on both 32bit and 64bit machines. With these two patches, on a 32bit machine, after setting the slack on bash to 10 seconds: $ time sleep 1 real 0m10.747s user 0m0.001s sys 0m0.005s The first patch is a little ugly, since I had to chase the slack delta arguments through a number of functions converting them to u64s. Let me know if it makes sense to break that up more or not. Other than that things are fairly straightforward. This patch (of 2): The timer_slack_ns value in the task struct is currently a unsigned long. This means that on 32bit applications, the maximum slack is just over 4 seconds. However, on 64bit machines, its much much larger (~500 years). This disparity could make application development a little (as well as the default_slack) to a u64. This means both 32bit and 64bit systems have the same effective internal slack range. Now the existing ABI via PR_GET_TIMERSLACK and PR_SET_TIMERSLACK specify the interface as a unsigned long, so we preserve that limitation on 32bit systems, where SET_TIMERSLACK can only set the slack to a unsigned long value, and GET_TIMERSLACK will return ULONG_MAX if the slack is actually larger then what can be stored by an unsigned long. This patch also modifies hrtimer functions which specified the slack delta as a unsigned long. Signed-off-by: John Stultz <john.stultz@linaro.org> Cc: Arjan van de Ven <arjan@linux.intel.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Oren Laadan <orenl@cellrox.com> Cc: Ruchi Kandoi <kandoiruchi@google.com> Cc: Rom Lemarchand <romlem@android.com> Cc: Kees Cook <keescook@chromium.org> Cc: Android Kernel Team <kernel-team@android.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Mateusz Guzik
|
ddf1d398e5 |
prctl: take mmap sem for writing to protect against others
An unprivileged user can trigger an oops on a kernel with
CONFIG_CHECKPOINT_RESTORE.
proc_pid_cmdline_read takes mmap_sem for reading and obtains args + env
start/end values. These get sanity checked as follows:
BUG_ON(arg_start > arg_end);
BUG_ON(env_start > env_end);
These can be changed by prctl_set_mm. Turns out also takes the semaphore for
reading, effectively rendering it useless. This results in:
kernel BUG at fs/proc/base.c:240!
invalid opcode: 0000 [#1] SMP
Modules linked in: virtio_net
CPU: 0 PID: 925 Comm: a.out Not tainted 4.4.0-rc8-next-20160105dupa+ #71
Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
task: ffff880077a68000 ti: ffff8800784d0000 task.ti: ffff8800784d0000
RIP: proc_pid_cmdline_read+0x520/0x530
RSP: 0018:ffff8800784d3db8 EFLAGS: 00010206
RAX: ffff880077c5b6b0 RBX: ffff8800784d3f18 RCX: 0000000000000000
RDX: 0000000000000002 RSI: 00007f78e8857000 RDI: 0000000000000246
RBP: ffff8800784d3e40 R08: 0000000000000008 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000050
R13: 00007f78e8857800 R14: ffff88006fcef000 R15: ffff880077c5b600
FS: 00007f78e884a740(0000) GS:ffff88007b200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f78e8361770 CR3: 00000000790a5000 CR4: 00000000000006f0
Call Trace:
__vfs_read+0x37/0x100
vfs_read+0x82/0x130
SyS_read+0x58/0xd0
entry_SYSCALL_64_fastpath+0x12/0x76
Code: 4c 8b 7d a8 eb e9 48 8b 9d 78 ff ff ff 4c 8b 7d 90 48 8b 03 48 39 45 a8 0f 87 f0 fe ff ff e9 d1 fe ff ff 4c 8b 7d 90 eb c6 0f 0b <0f> 0b 0f 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00
RIP proc_pid_cmdline_read+0x520/0x530
---[ end trace 97882617ae9c6818 ]---
Turns out there are instances where the code just reads aformentioned
values without locking whatsoever - namely environ_read and get_cmdline.
Interestingly these functions look quite resilient against bogus values,
but I don't believe this should be relied upon.
The first patch gets rid of the oops bug by grabbing mmap_sem for
writing.
The second patch is optional and puts locking around aformentioned
consumers for safety. Consumers of other fields don't seem to benefit
from similar treatment and are left untouched.
This patch (of 2):
The code was taking the semaphore for reading, which does not protect
against readers nor concurrent modifications.
The problem could cause a sanity checks to fail in procfs's cmdline
reader, resulting in an OOPS.
Note that some functions perform an unlocked read of various mm fields,
but they seem to be fine despite possible modificaton.
Signed-off-by: Mateusz Guzik <mguzik@redhat.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Jarod Wilson <jarod@redhat.com>
Cc: Jan Stancek <jstancek@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Anshuman Khandual <anshuman.linux@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Ben Segall
|
8639b46139 |
pidns: fix set/getpriority and ioprio_set/get in PRIO_USER mode
setpriority(PRIO_USER, 0, x) will change the priority of tasks outside of the current pid namespace. This is in contrast to both the other modes of setpriority and the example of kill(-1). Fix this. getpriority and ioprio have the same failure mode, fix them too. Eric said: : After some more thinking about it this patch sounds justifiable. : : My goal with namespaces is not to build perfect isolation mechanisms : as that can get into ill defined territory, but to build well defined : mechanisms. And to handle the corner cases so you can use only : a single namespace with well defined results. : : In this case you have found the two interfaces I am aware of that : identify processes by uid instead of by pid. Which quite frankly is : weird. Unfortunately the weird unexpected cases are hard to handle : in the usual way. : : I was hoping for a little more information. Changes like this one we : have to be careful of because someone might be depending on the current : behavior. I don't think they are and I do think this make sense as part : of the pid namespace. Signed-off-by: Ben Segall <bsegall@google.com> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Ambrose Feinstein <ambrose@google.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Eric W. Biederman
|
90f8572b0f |
vfs: Commit to never having exectuables on proc and sysfs.
Today proc and sysfs do not contain any executable files. Several applications today mount proc or sysfs without noexec and nosuid and then depend on there being no exectuables files on proc or sysfs. Having any executable files show on proc or sysfs would cause a user space visible regression, and most likely security problems. Therefore commit to never allowing executables on proc and sysfs by adding a new flag to mark them as filesystems without executables and enforce that flag. Test the flag where MNT_NOEXEC is tested today, so that the only user visible effect will be that exectuables will be treated as if the execute bit is cleared. The filesystems proc and sysfs do not currently incoporate any executable files so this does not result in any user visible effects. This makes it unnecessary to vet changes to proc and sysfs tightly for adding exectuable files or changes to chattr that would modify existing files, as no matter what the individual file say they will not be treated as exectuable files by the vfs. Not having to vet changes to closely is important as without this we are only one proc_create call (or another goof up in the implementation of notify_change) from having problematic executables on proc. Those mistakes are all too easy to make and would create a situation where there are security issues or the assumptions of some program having to be broken (and cause userspace regressions). Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> |
||
|
Alexey Dobriyan
|
4a00e9df29 |
prctl: more prctl(PR_SET_MM_*) checks
Individual prctl(PR_SET_MM_*) calls do some checking to maintain a
consistent view of mm->arg_start et al fields, but not enough. In
particular PR_SET_MM_ARG_START/PR_SET_MM_ARG_END/ R_SET_MM_ENV_START/
PR_SET_MM_ENV_END only check that the address lies in an existing VMA,
but don't check that the start address is lower than the end address _at
all_.
Consolidate all consistency checks, so there will be no difference in
the future between PR_SET_MM_MAP and individual PR_SET_MM_* calls.
The program below makes both ARGV and ENVP areas be reversed. It makes
/proc/$PID/cmdline show garbage (it doesn't oops by luck).
#include <sys/mman.h>
#include <sys/prctl.h>
#include <unistd.h>
enum {PAGE_SIZE=4096};
int main(void)
{
void *p;
p = mmap(NULL, PAGE_SIZE, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
#define PR_SET_MM 35
#define PR_SET_MM_ARG_START 8
#define PR_SET_MM_ARG_END 9
#define PR_SET_MM_ENV_START 10
#define PR_SET_MM_ENV_END 11
prctl(PR_SET_MM, PR_SET_MM_ARG_START, (unsigned long)p + PAGE_SIZE - 1, 0, 0);
prctl(PR_SET_MM, PR_SET_MM_ARG_END, (unsigned long)p, 0, 0);
prctl(PR_SET_MM, PR_SET_MM_ENV_START, (unsigned long)p + PAGE_SIZE - 1, 0, 0);
prctl(PR_SET_MM, PR_SET_MM_ENV_END, (unsigned long)p, 0, 0);
pause();
return 0;
}
[akpm@linux-foundation.org: tidy code, tweak comment]
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Jarod Wilson <jarod@redhat.com>
Cc: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Dave Hansen
|
46a6e0cf1c |
x86/mpx: Clean up the code by not passing a task pointer around when unnecessary
The MPX code can only work on the current task. You can not, for instance, enable MPX management in another process or thread. You can also not handle a fault for another process or thread. Despite this, we pass a task_struct around prolifically. This patch removes all of the task struct passing for code paths where the code can not deal with another task (which turns out to be all of them). This has no functional changes. It's just a cleanup. Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Dave Hansen <dave@sr71.net> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Oleg Nesterov <oleg@redhat.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: bp@alien8.de Link: http://lkml.kernel.org/r/20150607183702.6A81DA2C@viggo.jf.intel.com Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Davidlohr Bueso
|
6e399cd144 |
prctl: avoid using mmap_sem for exe_file serialization
Oleg cleverly suggested using xchg() to set the new mm->exe_file instead of calling set_mm_exe_file() which requires some form of serialization -- mmap_sem in this case. For archs that do not have atomic rmw instructions we still fallback to a spinlock alternative, so this should always be safe. As such, we only need the mmap_sem for looking up the backing vm_file, which can be done sharing the lock. Naturally, this means we need to manually deal with both the new and old file reference counting, and we need not worry about the MMF_EXE_FILE_CHANGED bits, which can probably be deleted in the future anyway. Signed-off-by: Davidlohr Bueso <dbueso@suse.de> Suggested-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Reviewed-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Iulia Manda
|
2813893f8b |
kernel: conditionally support non-root users, groups and capabilities
There are a lot of embedded systems that run most or all of their functionality in init, running as root:root. For these systems, supporting multiple users is not necessary. This patch adds a new symbol, CONFIG_MULTIUSER, that makes support for non-root users, non-root groups, and capabilities optional. It is enabled under CONFIG_EXPERT menu. When this symbol is not defined, UID and GID are zero in any possible case and processes always have all capabilities. The following syscalls are compiled out: setuid, setregid, setgid, setreuid, setresuid, getresuid, setresgid, getresgid, setgroups, getgroups, setfsuid, setfsgid, capget, capset. Also, groups.c is compiled out completely. In kernel/capability.c, capable function was moved in order to avoid adding two ifdef blocks. This change saves about 25 KB on a defconfig build. The most minimal kernels have total text sizes in the high hundreds of kB rather than low MB. (The 25k goes down a bit with allnoconfig, but not that much. The kernel was booted in Qemu. All the common functionalities work. Adding users/groups is not possible, failing with -ENOSYS. Bloat-o-meter output: add/remove: 7/87 grow/shrink: 19/397 up/down: 1675/-26325 (-24650) [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Iulia Manda <iulia.manda21@gmail.com> Reviewed-by: Josh Triplett <josh@joshtriplett.org> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Tested-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Jon DeVree
|
39afb5ee46 |
kernel/sys.c: fix UNAME26 for 4.0
There's a uname workaround for broken userspace which can't handle kernel versions of 3.x. Update it for 4.x. Signed-off-by: Jon DeVree <nuxi@vault24.org> Cc: Andi Kleen <andi@firstfloor.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Linus Torvalds
|
a135c717d5 |
Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Pull MIPS updates from Ralf Baechle:
"This is the main pull request for MIPS:
- a number of fixes that didn't make the 3.19 release.
- a number of cleanups.
- preliminary support for Cavium's Octeon 3 SOCs which feature up to
48 MIPS64 R3 cores with FPU and hardware virtualization.
- support for MIPS R6 processors.
Revision 6 of the MIPS architecture is a major revision of the MIPS
architecture which does away with many of original sins of the
architecture such as branch delay slots. This and other changes in
R6 require major changes throughout the entire MIPS core
architecture code and make up for the lion share of this pull
request.
- finally some preparatory work for eXtendend Physical Address
support, which allows support of up to 40 bit of physical address
space on 32 bit processors"
[ Ahh, MIPS can't leave the PAE brain damage alone. It's like
every CPU architect has to make that mistake, but pee in the snow
by changing the TLA. But whether it's called PAE, LPAE or XPA,
it's horrid crud - Linus ]
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus: (114 commits)
MIPS: sead3: Corrected get_c0_perfcount_int
MIPS: mm: Remove dead macro definitions
MIPS: OCTEON: irq: add CIB and other fixes
MIPS: OCTEON: Don't do acknowledge operations for level triggered irqs.
MIPS: OCTEON: More OCTEONIII support
MIPS: OCTEON: Remove setting of processor specific CVMCTL icache bits.
MIPS: OCTEON: Core-15169 Workaround and general CVMSEG cleanup.
MIPS: OCTEON: Update octeon-model.h code for new SoCs.
MIPS: OCTEON: Implement DCache errata workaround for all CN6XXX
MIPS: OCTEON: Add little-endian support to asm/octeon/octeon.h
MIPS: OCTEON: Implement the core-16057 workaround
MIPS: OCTEON: Delete unused COP2 saving code
MIPS: OCTEON: Use correct instruction to read 64-bit COP0 register
MIPS: OCTEON: Save and restore CP2 SHA3 state
MIPS: OCTEON: Fix FP context save.
MIPS: OCTEON: Save/Restore wider multiply registers in OCTEON III CPUs
MIPS: boot: Provide more uImage options
MIPS: Remove unneeded #ifdef __KERNEL__ from asm/processor.h
MIPS: ip22-gio: Remove legacy suspend/resume support
mips: pci: Add ifdef around pci_proc_domain
...
|
||
|
Paul Burton
|
9791554b45 |
MIPS,prctl: add PR_[GS]ET_FP_MODE prctl options for MIPS
Userland code may be built using an ABI which permits linking to objects that have more restrictive floating point requirements. For example, userland code may be built to target the O32 FPXX ABI. Such code may be linked with other FPXX code, or code built for either one of the more restrictive FP32 or FP64. When linking with more restrictive code, the overall requirement of the process becomes that of the more restrictive code. The kernel has no way to know in advance which mode the process will need to be executed in, and indeed it may need to change during execution. The dynamic loader is the only code which will know the overall required mode, and so it needs to have a means to instruct the kernel to switch the FP mode of the process. This patch introduces 2 new options to the prctl syscall which provide such a capability. The FP mode of the process is represented as a simple bitmask combining a number of mode bits mirroring those present in the hardware. Userland can either retrieve the current FP mode of the process: mode = prctl(PR_GET_FP_MODE); or modify the current FP mode of the process: err = prctl(PR_SET_FP_MODE, new_mode); Signed-off-by: Paul Burton <paul.burton@imgtec.com> Cc: Matthew Fortune <matthew.fortune@imgtec.com> Cc: Markos Chandras <markos.chandras@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/8899/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org> |
||
|
Dave Hansen
|
e9d1b4f3c6 |
x86, mpx: Strictly enforce empty prctl() args
Description from Michael Kerrisk. He suggested an identical patch
to one I had already coded up and tested.
commit
|
||
|
Dave Hansen
|
fe3d197f84 |
x86, mpx: On-demand kernel allocation of bounds tables
This is really the meat of the MPX patch set. If there is one patch to review in the entire series, this is the one. There is a new ABI here and this kernel code also interacts with userspace memory in a relatively unusual manner. (small FAQ below). Long Description: This patch adds two prctl() commands to provide enable or disable the management of bounds tables in kernel, including on-demand kernel allocation (See the patch "on-demand kernel allocation of bounds tables") and cleanup (See the patch "cleanup unused bound tables"). Applications do not strictly need the kernel to manage bounds tables and we expect some applications to use MPX without taking advantage of this kernel support. This means the kernel can not simply infer whether an application needs bounds table management from the MPX registers. The prctl() is an explicit signal from userspace. PR_MPX_ENABLE_MANAGEMENT is meant to be a signal from userspace to require kernel's help in managing bounds tables. PR_MPX_DISABLE_MANAGEMENT is the opposite, meaning that userspace don't want kernel's help any more. With PR_MPX_DISABLE_MANAGEMENT, the kernel won't allocate and free bounds tables even if the CPU supports MPX. PR_MPX_ENABLE_MANAGEMENT will fetch the base address of the bounds directory out of a userspace register (bndcfgu) and then cache it into a new field (->bd_addr) in the 'mm_struct'. PR_MPX_DISABLE_MANAGEMENT will set "bd_addr" to an invalid address. Using this scheme, we can use "bd_addr" to determine whether the management of bounds tables in kernel is enabled. Also, the only way to access that bndcfgu register is via an xsaves, which can be expensive. Caching "bd_addr" like this also helps reduce the cost of those xsaves when doing table cleanup at munmap() time. Unfortunately, we can not apply this optimization to #BR fault time because we need an xsave to get the value of BNDSTATUS. ==== Why does the hardware even have these Bounds Tables? ==== MPX only has 4 hardware registers for storing bounds information. If MPX-enabled code needs more than these 4 registers, it needs to spill them somewhere. It has two special instructions for this which allow the bounds to be moved between the bounds registers and some new "bounds tables". They are similar conceptually to a page fault and will be raised by the MPX hardware during both bounds violations or when the tables are not present. This patch handles those #BR exceptions for not-present tables by carving the space out of the normal processes address space (essentially calling the new mmap() interface indroduced earlier in this patch set.) and then pointing the bounds-directory over to it. The tables *need* to be accessed and controlled by userspace because the instructions for moving bounds in and out of them are extremely frequent. They potentially happen every time a register pointing to memory is dereferenced. Any direct kernel involvement (like a syscall) to access the tables would obviously destroy performance. ==== Why not do this in userspace? ==== This patch is obviously doing this allocation in the kernel. However, MPX does not strictly *require* anything in the kernel. It can theoretically be done completely from userspace. Here are a few ways this *could* be done. I don't think any of them are practical in the real-world, but here they are. Q: Can virtual space simply be reserved for the bounds tables so that we never have to allocate them? A: As noted earlier, these tables are *HUGE*. An X-GB virtual area needs 4*X GB of virtual space, plus 2GB for the bounds directory. If we were to preallocate them for the 128TB of user virtual address space, we would need to reserve 512TB+2GB, which is larger than the entire virtual address space today. This means they can not be reserved ahead of time. Also, a single process's pre-popualated bounds directory consumes 2GB of virtual *AND* physical memory. IOW, it's completely infeasible to prepopulate bounds directories. Q: Can we preallocate bounds table space at the same time memory is allocated which might contain pointers that might eventually need bounds tables? A: This would work if we could hook the site of each and every memory allocation syscall. This can be done for small, constrained applications. But, it isn't practical at a larger scale since a given app has no way of controlling how all the parts of the app might allocate memory (think libraries). The kernel is really the only place to intercept these calls. Q: Could a bounds fault be handed to userspace and the tables allocated there in a signal handler instead of in the kernel? A: (thanks to tglx) mmap() is not on the list of safe async handler functions and even if mmap() would work it still requires locking or nasty tricks to keep track of the allocation state there. Having ruled out all of the userspace-only approaches for managing bounds tables that we could think of, we create them on demand in the kernel. Based-on-patch-by: Qiaowei Ren <qiaowei.ren@intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Cc: linux-mm@kvack.org Cc: linux-mips@linux-mips.org Cc: Dave Hansen <dave@sr71.net> Link: http://lkml.kernel.org/r/20141114151829.AD4310DE@viggo.jf.intel.com Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
||
|
Linus Torvalds
|
faafcba3b5 |
Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler updates from Ingo Molnar:
"The main changes in this cycle were:
- Optimized support for Intel "Cluster-on-Die" (CoD) topologies (Dave
Hansen)
- Various sched/idle refinements for better idle handling (Nicolas
Pitre, Daniel Lezcano, Chuansheng Liu, Vincent Guittot)
- sched/numa updates and optimizations (Rik van Riel)
- sysbench speedup (Vincent Guittot)
- capacity calculation cleanups/refactoring (Vincent Guittot)
- Various cleanups to thread group iteration (Oleg Nesterov)
- Double-rq-lock removal optimization and various refactorings
(Kirill Tkhai)
- various sched/deadline fixes
... and lots of other changes"
* 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (72 commits)
sched/dl: Use dl_bw_of() under rcu_read_lock_sched()
sched/fair: Delete resched_cpu() from idle_balance()
sched, time: Fix build error with 64 bit cputime_t on 32 bit systems
sched: Improve sysbench performance by fixing spurious active migration
sched/x86: Fix up typo in topology detection
x86, sched: Add new topology for multi-NUMA-node CPUs
sched/rt: Use resched_curr() in task_tick_rt()
sched: Use rq->rd in sched_setaffinity() under RCU read lock
sched: cleanup: Rename 'out_unlock' to 'out_free_new_mask'
sched: Use dl_bw_of() under RCU read lock
sched/fair: Remove duplicate code from can_migrate_task()
sched, mips, ia64: Remove __ARCH_WANT_UNLOCKED_CTXSW
sched: print_rq(): Don't use tasklist_lock
sched: normalize_rt_tasks(): Don't use _irqsave for tasklist_lock, use task_rq_lock()
sched: Fix the task-group check in tg_has_rt_tasks()
sched/fair: Leverage the idle state info when choosing the "idlest" cpu
sched: Let the scheduler see CPU idle states
sched/deadline: Fix inter- exclusive cpusets migrations
sched/deadline: Clear dl_entity params when setscheduling to different class
sched/numa: Kill the wrong/dead TASK_DEAD check in task_numa_fault()
...
|