bka
3375 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Angelo G. Del Regno
|
b61c5be1f6 |
Backport new vmalloc for "large performance benefits"
This is a backport from Linux 5.2-rc1 of a patch series to greatly enhance vmalloc's performance especially on embedded systems, plus all of its dependencies that were missing in kernel 4.9. For all the informations, refer to LKML: https://lkml.org/lkml/2018/10/19/786 Brief informations: Currently an allocation of the new VA area is done over busy list iteration until a suitable hole is found between two busy areas. Therefore each new allocation causes the list being grown. Due to long list and different permissive parameters an allocation can take a long time on embedded devices(milliseconds). This patch organizes the vmalloc memory layout into free areas of the VMALLOC_START-VMALLOC_END range. It uses a red-black tree that keeps blocks sorted by their offsets in pair with linked list keeping the free space in order of increasing addresses. Quote Phoronix: With this patch from Uladzislau Rezki, calling vmalloc() can take up to 67% less time compared to the behavior on Linux 5.1 and prior, at least with tests done by the developer under QEMU. Personal tests are showing that the device is more responsive when memory pressure is high and when huge allocations are to be done, it's also noticeably faster in this case, like when starting Chrome with more than 100 opened tabs after a system reboot (so, an uncached complete load of it). Shameless kanged from: https://github.com/sonyxperiadev/kernel / Pull Request 2016 |
||
|
Alexei Starovoitov
|
18164d1b4f |
macro: introduce COUNT_ARGS() macro
move COUNT_ARGS() macro from apparmor to generic header and extend it to count till twelve. COUNT() was an alternative name for this logic, but it's used for different purpose in many other places. Similarly for CONCATENATE() macro. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> |
||
|
John Johansen
|
7e40063bbe |
apparmor: add per cpu work buffers to avoid allocating buffers at every hook
Signed-off-by: John Johansen <john.johansen@canonical.com> |
||
|
Roman Gushchin
|
a8727dc7f2 |
device_cgroup: prepare code for bpf-based device controller
This is non-functional change to prepare the device cgroup code for adding eBPF-based controller for cgroups v2. The patch performs the following changes: 1) __devcgroup_inode_permission() and devcgroup_inode_mknod() are moving to the device-cgroup.h and converting into static inline. 2) __devcgroup_check_permission() is exported. 3) devcgroup_check_permission() wrapper is introduced to be used by both existing and new bpf-based implementations. Signed-off-by: Roman Gushchin <guro@fb.com> Acked-by: Tejun Heo <tj@kernel.org> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Roman Gushchin
|
62dd331d8e |
device_cgroup: add DEVCG_ prefix to ACC_* and DEV_* constants
Rename device type and access type constants defined in security/device_cgroup.c by adding the DEVCG_ prefix. The reason behind this renaming is to make them global namespace friendly, as they will be moved to the corresponding header file by following patches. Signed-off-by: Roman Gushchin <guro@fb.com> Cc: David S. Miller <davem@davemloft.net> Cc: Tejun Heo <tj@kernel.org> Cc: Alexei Starovoitov <ast@kernel.org> Cc: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Michael Bestas
|
6eadd45e0a |
Merge branch 'android-4.9-q' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.9
* 'android-4.9-q' of https://android.googlesource.com/kernel/common: UPSTREAM: ipv6: raw: Deduct extension header length in rawv6_push_pending_frames UPSTREAM: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. Linux 4.9.337 ext4: initialize quota before expanding inode in setproject ioctl ext4: avoid BUG_ON when creating xattrs ext4: fix error code return to user-space in ext4_get_branch() ext4: init quota for 'old.inode' in 'ext4_rename' ext4: fix bug_on in __es_tree_search caused by bad boot loader inode ext4: fix undefined behavior in bit shift for ext4_check_flag_values ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop drm/vmwgfx: Validate the box size for the snooped cursor drm/connector: send hotplug uevent on connector cleanup device_cgroup: Roll back to original exceptions after copy failure parisc: led: Fix potential null-ptr-deref in start_task() iommu/amd: Fix ivrs_acpihid cmdline parsing code crypto: n2 - add missing hash statesize PCI/sysfs: Fix double free in error path cifs: fix confusing debug message media: dvb-core: Fix double free in dvb_register_device() ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line dm cache: set needs_check flag after aborting metadata dm cache: Fix UAF in destroy() dm thin: Fix UAF in run_timer_softirq() dm thin: Use last transaction's pmd->root when commit failed dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort ARM: ux500: do not directly dereference __iomem ktest.pl minconfig: Unset configs instead of just removing them media: stv0288: use explicitly signed char mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING md: fix a crash in mempool_free pnode: terminate at peers of source ALSA: line6: fix stack overflow in line6_midi_transmit ALSA: line6: correct midi status byte when receiving data from podxt hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount HID: plantronics: Additional PIDs for double volume key presses quirk powerpc/rtas: avoid scheduling in rtas_os_term() gcov: add support for checksum field iio: adc: ad_sigma_delta: do not use internal iio_dev lock reiserfs: Add missing calls to reiserfs_security_free() HID: wacom: Ensure bootloader PID is usable in hidraw mode ASoC: rt5670: Remove unbalanced pm_runtime_put() ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() ASoC: wm8994: Fix potential deadlock ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() clk: st: Fix memory leak in st_of_quadfs_setup() media: si470x: Fix use-after-free in si470x_int_in_callback() mmc: f-sdh30: Add quirks for broken timeout clock capability blk-mq: fix possible memleak when register 'hctx' failed media: dvb-usb: fix memory leak in dvb_usb_adapter_init() media: dvb-frontends: fix leak of memory fw ppp: associate skb with a device at tx mrp: introduce active flags to prevent UAF when applicant uninit md/raid1: stop mdx_raid1 thread when raid1 array run failed drm/sti: Use drm_mode_copy() s390/lcs: Fix return type of lcs_start_xmit() s390/netiucv: Fix return type of netiucv_tx() s390/ctcm: Fix return type of ctc{mp,}m_tx() igb: Do not free q_vector unless new one was allocated wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() hamradio: baycom_epp: Fix return type of baycom_send_packet() net: ethernet: ti: Fix return type of netcp_ndo_start_xmit() ipmi: fix memleak when unload ipmi driver wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out wifi: ath9k: verify the expected usb_endpoints are present hfs: fix OOB Read in __hfs_brec_find acct: fix potential integer overflow in encode_comp_t() nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() ACPICA: Fix error code path in acpi_ds_call_control_method() fs: jfs: fix shift-out-of-bounds in dbDiscardAG udf: Avoid double brelse() in udf_rename() fs: jfs: fix shift-out-of-bounds in dbAllocAG binfmt_misc: fix shift-out-of-bounds in check_special_flags net: stream: purge sk_error_queue in sk_stream_kill_queues() myri10ge: Fix an error handling path in myri10ge_probe() net_sched: reject TCF_EM_SIMPLE case for complex ematch module skbuff: Account for tail adjustment during pull operations openvswitch: Fix flow lookup to use unmasked key r6040: Fix kmemleak in probe and remove nfc: pn533: Clear nfc_target before being used mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() selftests/powerpc: Fix resource leaks powerpc/hv-gpci: Fix hv_gpci event list powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe() powerpc/perf: callchain validate kernel stack pointer bounds powerpc/52xx: Fix a resource leak in an error handling path macintosh/macio-adb: check the return value of ioremap() macintosh: fix possible memory leak in macio_add_one_device() iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() rtc: snvs: Allow a time difference on clock register read include/uapi/linux/swab: Fix potentially missing __always_inline HSI: omap_ssi_core: Fix error handling in ssi_init() power: supply: fix residue sysfs file in error handle route of __power_supply_register() HSI: omap_ssi_core: fix possible memory leak in ssi_probe() HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() fbdev: vermilion: decrease reference count in error path fbdev: via: Fix error in via_core_init() fbdev: pm2fb: fix missing pci_disable_device() fbdev: ssd1307fb: Drop optional dependency usb: storage: Add check for kcalloc i2c: ismt: Fix an out-of-bounds bug in ismt_access() vme: Fix error not catched in fake_init() staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() staging: rtl8192u: Fix use after free in ieee80211_rx() i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe chardev: fix error handling in cdev_device_add() mcb: mcb-parse: fix error handing in chameleon_parse_gdd() drivers: mcb: fix resource leak in mcb_probe() cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter() misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() serial: sunsab: Fix error handling in sunsab_init() serial: pch: Fix PCI device refcount leak in pch_request_dma() serial: amba-pl011: avoid SBSA UART accessing DMACR register staging: vme_user: Fix possible UAF in tsi148_dma_list_add usb: fotg210-udc: Fix ages old endianness issues uio: uio_dmem_genirq: Fix deadlock between irq config and handling uio: uio_dmem_genirq: Fix missing unlock in irq configuration vfio: platform: Do not pass return buffer to ACPI _RST method drivers: dio: fix possible memory leak in dio_init() IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces hwrng: geode - Fix PCI device refcount leak hwrng: amd - Fix PCI device refcount leak crypto: img-hash - Fix variable dereferenced before check 'hdev->req' orangefs: Fix sysfs not cleanup when dev init failed scsi: snic: Fix possible UAF in snic_tgt_create() scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails scsi: ipr: Fix WARNING in ipr_init() scsi: fcoe: Fix possible name leak when device_register() fails scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() scsi: hpsa: Fix error handling in hpsa_add_sas_host() stmmac: fix potential division by 0 Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave() Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave() ntb_netdev: Use dev_kfree_skb_any() in interrupt context net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave() hamradio: don't call dev_kfree_skb() under spin_lock_irqsave() net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave() net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave() net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave() net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave() net/tunnel: wait until all sk_user_data reader finish before releasing the sock net: farsync: Fix kmemleak when rmmods farsync ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave() drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() net: defxx: Fix missing err handling in dfx_init() net: vmw_vsock: vmci: Check memcpy_from_msg() blktrace: Fix output non-blktrace event when blk_classic option enabled wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h media: coda: Add check for kmalloc media: coda: Add check for dcoda_iram_alloc media: c8sectpfe: Add of_node_put() when breaking out of loop mmc: mmci: fix return value check of mmc_add_host() mmc: wbsd: fix return value check of mmc_add_host() mmc: via-sdmmc: fix return value check of mmc_add_host() mmc: vub300: fix return value check of mmc_add_host() mmc: toshsd: fix return value check of mmc_add_host() mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() mmc: mxcmmc: fix return value check of mmc_add_host() mmc: moxart: fix return value check of mmc_add_host() SUNRPC: Fix missing release socket in rpc_sockname() ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt media: saa7164: fix missing pci_disable_device() regulator: core: fix module refcount leak in set_supply() bonding: uninitialized variable in bond_miimon_inspect() ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() ALSA: asihpi: fix missing pci_disable_device() NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn NFSv4.2: Fix a memory stomp in decode_attr_security_label media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() pinctrl: pinconf-generic: add missing of_node_put() media: imon: fix a race condition in send_packet() mtd: maps: pxa2xx-flash: fix memory leak in probe clk: rockchip: Fix memory leak in rockchip_clk_register_pll() ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT HID: hid-sensor-custom: set fixed size for custom attributes media: platform: exynos4-is: Fix error handling in fimc_md_init() media: solo6x10: fix possible memory leak in solo_sysfs_init() Input: elants_i2c - properly handle the reset GPIO when power is off mtd: lpddr2_nvm: Fix possible null-ptr-deref wifi: ath10k: Fix return value in ath10k_pci_init() ima: Fix misuse of dereference of pointer in template_desc_init_fields() regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() ASoC: pxa: fix null-pointer dereference in filter() mtd: Fix device name leak when register device failed in add_mtd_device() media: vivid: fix compose size exceed boundary media: i2c: ad5820: Fix error path wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() rapidio: devices: fix missing put_device in mport_cdev_open hfs: Fix OOB Write in hfs_asc2mac eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD rapidio: fix possible UAF when kfifo_alloc() fails fs: sysv: Fix sysv_nblocks() returns wrong value MIPS: BCM63xx: Add check for NULL for clk in clk_enable x86/xen: Fix memory leak in xen_init_lock_cpu() uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() rapidio: rio: fix possible name leak in rio_register_mport() rapidio: fix possible name leaks when rio_add_device() fails lib/notifier-error-inject: fix error when writing -errno to debugfs file libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe() PNP: fix name memory leak in pnp_alloc_dev() MIPS: vpe-cmp: fix possible memory leak while module exiting MIPS: vpe-mt: fix possible memory leak while module exiting ocfs2: fix memory leak in ocfs2_stack_glue_init() timerqueue: Use rb_entry_safe() in timerqueue_getnext() perf: Fix possible memleak in pmu_dev_alloc() fs: don't audit the capability check in simple_xattr_list() PM: hibernate: Fix mistake in kerneldoc comment alpha: fix syscall entry in !AUDUT_SYSCALL case cpuidle: dt: Return the correct numbers of parsed idle states pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP ARM: mmp: fix timer_read delay ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe arm: dts: spear600: Fix clcd interrupt drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static net: loopback: use NET_NAME_PREDICTABLE for name_assign_type Bluetooth: L2CAP: Fix u8 overflow USB: serial: cp210x: add Kamstrup RF sniffer PIDs usb: gadget: uvc: Prevent buffer overflow in setup handler udf: Fix extending file within last block udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size udf: Fix preallocation discarding at indirect extent boundary udf: Drop unused arguments of udf_delete_aext() udf: Discard preallocation before extending file with a hole ASoC: ops: Correct bounds check for second channel on SX controls can: sja1000: fix size of OCR_MODE_MASK define ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() block: unhash blkdev part inode when the part is deleted mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths mm/khugepaged: fix GUP-fast interaction by sending IPI Change-Id: I64c8371e754e29bd7633756d85a5e8d5721939b6 |
||
|
Greg Kroah-Hartman
|
7e6dfb2786 |
Merge 4.9.337 into android-4.9-q
Changes in 4.9.337
mm/khugepaged: fix GUP-fast interaction by sending IPI
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
block: unhash blkdev part inode when the part is deleted
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
can: sja1000: fix size of OCR_MODE_MASK define
ASoC: ops: Correct bounds check for second channel on SX controls
udf: Discard preallocation before extending file with a hole
udf: Drop unused arguments of udf_delete_aext()
udf: Fix preallocation discarding at indirect extent boundary
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix extending file within last block
usb: gadget: uvc: Prevent buffer overflow in setup handler
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
Bluetooth: L2CAP: Fix u8 overflow
net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
arm: dts: spear600: Fix clcd interrupt
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: mmp: fix timer_read delay
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
cpuidle: dt: Return the correct numbers of parsed idle states
alpha: fix syscall entry in !AUDUT_SYSCALL case
PM: hibernate: Fix mistake in kerneldoc comment
fs: don't audit the capability check in simple_xattr_list()
perf: Fix possible memleak in pmu_dev_alloc()
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
ocfs2: fix memory leak in ocfs2_stack_glue_init()
MIPS: vpe-mt: fix possible memory leak while module exiting
MIPS: vpe-cmp: fix possible memory leak while module exiting
PNP: fix name memory leak in pnp_alloc_dev()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs file
rapidio: fix possible name leaks when rio_add_device() fails
rapidio: rio: fix possible name leak in rio_register_mport()
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
x86/xen: Fix memory leak in xen_init_lock_cpu()
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
fs: sysv: Fix sysv_nblocks() returns wrong value
rapidio: fix possible UAF when kfifo_alloc() fails
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
hfs: Fix OOB Write in hfs_asc2mac
rapidio: devices: fix missing put_device in mport_cdev_open
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
media: i2c: ad5820: Fix error path
media: vivid: fix compose size exceed boundary
mtd: Fix device name leak when register device failed in add_mtd_device()
ASoC: pxa: fix null-pointer dereference in filter()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
wifi: ath10k: Fix return value in ath10k_pci_init()
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Input: elants_i2c - properly handle the reset GPIO when power is off
media: solo6x10: fix possible memory leak in solo_sysfs_init()
media: platform: exynos4-is: Fix error handling in fimc_md_init()
HID: hid-sensor-custom: set fixed size for custom attributes
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
mtd: maps: pxa2xx-flash: fix memory leak in probe
media: imon: fix a race condition in send_packet()
pinctrl: pinconf-generic: add missing of_node_put()
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
ALSA: asihpi: fix missing pci_disable_device()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
bonding: uninitialized variable in bond_miimon_inspect()
regulator: core: fix module refcount leak in set_supply()
media: saa7164: fix missing pci_disable_device()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
SUNRPC: Fix missing release socket in rpc_sockname()
mmc: moxart: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: mmci: fix return value check of mmc_add_host()
media: c8sectpfe: Add of_node_put() when breaking out of loop
media: coda: Add check for dcoda_iram_alloc
media: coda: Add check for kmalloc
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
blktrace: Fix output non-blktrace event when blk_classic option enabled
net: vmw_vsock: vmci: Check memcpy_from_msg()
net: defxx: Fix missing err handling in dfx_init()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
net: farsync: Fix kmemleak when rmmods farsync
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
stmmac: fix potential division by 0
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: snic: Fix possible UAF in snic_tgt_create()
orangefs: Fix sysfs not cleanup when dev init failed
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
hwrng: amd - Fix PCI device refcount leak
hwrng: geode - Fix PCI device refcount leak
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
drivers: dio: fix possible memory leak in dio_init()
vfio: platform: Do not pass return buffer to ACPI _RST method
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
usb: fotg210-udc: Fix ages old endianness issues
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
serial: amba-pl011: avoid SBSA UART accessing DMACR register
serial: pch: Fix PCI device refcount leak in pch_request_dma()
serial: sunsab: Fix error handling in sunsab_init()
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
drivers: mcb: fix resource leak in mcb_probe()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
chardev: fix error handling in cdev_device_add()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
vme: Fix error not catched in fake_init()
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
usb: storage: Add check for kcalloc
fbdev: ssd1307fb: Drop optional dependency
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: via: Fix error in via_core_init()
fbdev: vermilion: decrease reference count in error path
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
HSI: omap_ssi_core: Fix error handling in ssi_init()
include/uapi/linux/swab: Fix potentially missing __always_inline
rtc: snvs: Allow a time difference on clock register read
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
macintosh: fix possible memory leak in macio_add_one_device()
macintosh/macio-adb: check the return value of ioremap()
powerpc/52xx: Fix a resource leak in an error handling path
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/hv-gpci: Fix hv_gpci event list
selftests/powerpc: Fix resource leaks
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfc: pn533: Clear nfc_target before being used
r6040: Fix kmemleak in probe and remove
openvswitch: Fix flow lookup to use unmasked key
skbuff: Account for tail adjustment during pull operations
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
myri10ge: Fix an error handling path in myri10ge_probe()
net: stream: purge sk_error_queue in sk_stream_kill_queues()
binfmt_misc: fix shift-out-of-bounds in check_special_flags
fs: jfs: fix shift-out-of-bounds in dbAllocAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
ACPICA: Fix error code path in acpi_ds_call_control_method()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
acct: fix potential integer overflow in encode_comp_t()
hfs: fix OOB Read in __hfs_brec_find
wifi: ath9k: verify the expected usb_endpoints are present
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
ipmi: fix memleak when unload ipmi driver
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
igb: Do not free q_vector unless new one was allocated
s390/ctcm: Fix return type of ctc{mp,}m_tx()
s390/netiucv: Fix return type of netiucv_tx()
s390/lcs: Fix return type of lcs_start_xmit()
drm/sti: Use drm_mode_copy()
md/raid1: stop mdx_raid1 thread when raid1 array run failed
mrp: introduce active flags to prevent UAF when applicant uninit
ppp: associate skb with a device at tx
media: dvb-frontends: fix leak of memory fw
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
blk-mq: fix possible memleak when register 'hctx' failed
mmc: f-sdh30: Add quirks for broken timeout clock capability
media: si470x: Fix use-after-free in si470x_int_in_callback()
clk: st: Fix memory leak in st_of_quadfs_setup()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: rt5670: Remove unbalanced pm_runtime_put()
HID: wacom: Ensure bootloader PID is usable in hidraw mode
reiserfs: Add missing calls to reiserfs_security_free()
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
gcov: add support for checksum field
powerpc/rtas: avoid scheduling in rtas_os_term()
HID: plantronics: Additional PIDs for double volume key presses quirk
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
ALSA: line6: correct midi status byte when receiving data from podxt
ALSA: line6: fix stack overflow in line6_midi_transmit
pnode: terminate at peers of source
md: fix a crash in mempool_free
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
media: stv0288: use explicitly signed char
ktest.pl minconfig: Unset configs instead of just removing them
ARM: ux500: do not directly dereference __iomem
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
dm thin: Use last transaction's pmd->root when commit failed
dm thin: Fix UAF in run_timer_softirq()
dm cache: Fix UAF in destroy()
dm cache: set needs_check flag after aborting metadata
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
media: dvb-core: Fix double free in dvb_register_device()
cifs: fix confusing debug message
PCI/sysfs: Fix double free in error path
crypto: n2 - add missing hash statesize
iommu/amd: Fix ivrs_acpihid cmdline parsing code
parisc: led: Fix potential null-ptr-deref in start_task()
device_cgroup: Roll back to original exceptions after copy failure
drm/connector: send hotplug uevent on connector cleanup
drm/vmwgfx: Validate the box size for the snooped cursor
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix error code return to user-space in ext4_get_branch()
ext4: avoid BUG_ON when creating xattrs
ext4: initialize quota before expanding inode in setproject ioctl
Linux 4.9.337
Change-Id: I923e3fef499ae1688b25c70a1a805b55a9f4f027
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Wang Weiyang
|
73adc289cd |
device_cgroup: Roll back to original exceptions after copy failure
commit e68bfbd3b3c3a0ec3cf8c230996ad8cabe90322f upstream.
When add the 'a *:* rwm' entry to devcgroup A's whitelist, at first A's
exceptions will be cleaned and A's behavior is changed to
DEVCG_DEFAULT_ALLOW. Then parent's exceptions will be copyed to A's
whitelist. If copy failure occurs, just return leaving A to grant
permissions to all devices. And A may grant more permissions than
parent.
Backup A's whitelist and recover original exceptions after copy
failure.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Xiu Jianfeng
|
eaba2df235 |
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
[ Upstream commit 25369175ce84813dd99d6604e710dc2491f68523 ]
The input parameter @fields is type of struct ima_template_field ***, so
when allocates array memory for @fields, the size of element should be
sizeof(**field) instead of sizeof(*field).
Actually the original code would not cause any runtime error, but it's
better to make it logically right.
Fixes:
|
||
|
Michael Bestas
|
625042336d |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* common/android-4.9-q: Linux 4.9.327 kprobes: don't call disarm_kprobe() for disabled kprobes mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y s390/hypfs: avoid error message under KVM arm64: map FDT as RW for early_init_dt_scan() ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead fbdev: fb_pm2fb: Avoid potential divide by zero error HID: hidraw: fix memory leak in hidraw_release() media: pvrusb2: fix memory leak in pvr_probe Bluetooth: L2CAP: Fix build errors in some archs kbuild: Fix include path in scripts/Makefile.modpost x86/bugs: Add "unknown" reporting for MMIO Stale Data x86/cpu: Add Tiger Lake to Intel family s390/mm: do not trigger write fault when vma does not allow VM_WRITE mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() mm/hugetlb: fix hugetlb not supporting softdirty tracking asm-generic: sections: refactor memory_intersects loop: Check for overflow while configuring loop btrfs: check if root is readonly while setting security xattr ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter net: Fix a data-race around sysctl_somaxconn. net: Fix a data-race around sysctl_net_busy_read. net: Fix a data-race around sysctl_net_busy_poll. net: Fix a data-race around sysctl_tstamp_allow_data. ratelimit: Fix data-races in ___ratelimit(). netfilter: nft_payload: report ERANGE for too long offset and length bonding: 802.3ad: fix no transmission of LACPDUs rose: check NULL rose_loopback_neigh->loopback af_key: Do not call xfrm_probe_algs in parallel xfrm: fix refcount leak in __xfrm_policy_check() parisc: Fix exception handler for fldw and fstw instructions Linux 4.9.326 MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 video: fbdev: i740fb: Check the argument of i740_calc_vclk() powerpc/64: Init jump labels before parse_early_param() ALSA: timer: Use deferred fasync helper ALSA: core: Add async signal helpers mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start vfio: Clear the caps->buf to NULL after free tty: serial: Fix refcount leak bug in ucc_uart.c ext4: avoid resizing to a partial cluster size ext4: avoid remove directory when directory is corrupted drivers:md:fix a potential use-after-free bug cxl: Fix a memory leak in an error handling path gadgetfs: ep_io - wait until IRQ finishes usb: host: ohci-ppc-of: Fix refcount leak bug irqchip/tegra: Fix overflow implicit truncation warnings fec: Fix timer capture timing in `fec_ptp_enable_pps()` netfilter: nf_tables: really skip inactive sets when allocating name nios2: add force_successful_syscall_return() nios2: restarts apply only to the first sigframe we build... nios2: fix syscall restart checks nios2: traced syscall does need to check the syscall number nios2: don't leave NULLs in sys_call_table[] nios2: page fault et.al. are *not* restartable syscalls... atm: idt77252: fix use-after-free bugs caused by tst_timer xen/xenbus: fix return type in xenbus_file_read() vsock: Fix memory leak in vsock_connect() pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map SUNRPC: Reinitialise the backchannel request buffers before reuse NFSv4.1: RECLAIM_COMPLETE must handle EACCES can: ems_usb: fix clang's -Wunaligned-access warning btrfs: fix lost error handling when looking up extended ref on log replay ata: libata-eh: Add missing command name rds: add missing barrier to release_refill ALSA: info: Fix llseek return value when using callback net_sched: cls_route: disallow handle of 0 net/9p: Initialize the iounit field during fid creation nios2: time: Read timer in get_cycles only if initialized Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" scsi: sg: Allow waiting for commands to complete on removed device tcp: fix over estimation in sk_forced_mem_schedule() btrfs: reject log replay if there is unsupported RO compat flag net_sched: cls_route: remove from list when handle is 0 dm raid: fix address sanitizer warning in raid_status ext4: correct max_inline_xattr_value_size computing ext4: fix extent status tree race in writeback error recovery path ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix use-after-free in ext4_xattr_set_entry ext4: make sure ext4_append() always allocates new block ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h spmi: trace: fix stack-out-of-bound access in SPMI tracing functions x86/olpc: fix 'logical not is only applied to the left hand side' scsi: zfcp: Fix missing auto port scan and thus missing target ports netfilter: nf_tables: fix null deref due to zeroed list head USB: HCD: Fix URB giveback issue in tasklet function MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK powerpc/powernv: Avoid crashing if rng is NULL powerpc/fsl-pci: Fix Class Code of PCIe Root Port PCI: Add defines for normal and subtractive PCI bridges ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() md-raid10: fix KASAN warning fuse: limit nsec bpf: fix overflow in prog accounting drm/nouveau: fix another off-by-one in nvbios_addr parisc: Fix device names in /proc/iomem usbnet: Fix linkwatch use-after-free on disconnect vfs: Check the truncate maximum size in inode_newsize_ok() ALSA: hda/cirrus - support for iMac 12,1 model ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 add barriers to buffer_uptodate and set_buffer_uptodate ALSA: bcd2000: Fix a UAF bug on the error path of probing macintosh/adb: fix oob read in do_adb_query() function random: only call boot_init_stack_canary() once ACPI: video: Shortening quirk list by identifying Clevo by board_name only ACPI: video: Force backlight native for some TongFang devices init/main.c: extract early boot entropy from the passed cmdline init: move stack canary initialization after setup_arch init/main: properly align the multi-line comment init/main: Fix double "the" in comment include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling selinux: fix error initialization in inode_doinit_with_dentry() selinux: Convert isec->lock into a spinlock selinux: Clean up initialization of isec->sclass proc: Pass file mode to proc_pid_make_inode selinux: Minor cleanups ion: Make user_ion_handle_put_nolock() a void function mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. ARM: crypto: comment out gcc warning that breaks clang builds netfilter: nf_queue: do not allow packet truncation below transport header offset net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() net: ping6: Fix memleak in ipv6_renew_options(). scsi: ufs: host: Hold reference returned by of_parse_phandle() ntfs: fix use-after-free in ntfs_ucsncmp() Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put FROMLIST: binder: fix UAF of ref->proc caused by race condition Conflicts: arch/arm64/kernel/setup.c drivers/staging/android/ion/ion-ioctl.c security/selinux/hooks.c security/selinux/include/objsec.h Change-Id: I8d163f09e42a8570109c6ea89015000a9f5dd279 |
||
|
Greg Kroah-Hartman
|
33296e8a81 |
Merge 4.9.326 into android-4.9-q
Changes in 4.9.326 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put ntfs: fix use-after-free in ntfs_ucsncmp() scsi: ufs: host: Hold reference returned by of_parse_phandle() net: ping6: Fix memleak in ipv6_renew_options(). net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() netfilter: nf_queue: do not allow packet truncation below transport header offset ARM: crypto: comment out gcc warning that breaks clang builds mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. ion: Make user_ion_handle_put_nolock() a void function selinux: Minor cleanups proc: Pass file mode to proc_pid_make_inode selinux: Clean up initialization of isec->sclass selinux: Convert isec->lock into a spinlock selinux: fix error initialization in inode_doinit_with_dentry() selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap init/main: Fix double "the" in comment init/main: properly align the multi-line comment init: move stack canary initialization after setup_arch init/main.c: extract early boot entropy from the passed cmdline ACPI: video: Force backlight native for some TongFang devices ACPI: video: Shortening quirk list by identifying Clevo by board_name only random: only call boot_init_stack_canary() once macintosh/adb: fix oob read in do_adb_query() function ALSA: bcd2000: Fix a UAF bug on the error path of probing add barriers to buffer_uptodate and set_buffer_uptodate KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model ALSA: hda/cirrus - support for iMac 12,1 model vfs: Check the truncate maximum size in inode_newsize_ok() usbnet: Fix linkwatch use-after-free on disconnect parisc: Fix device names in /proc/iomem drm/nouveau: fix another off-by-one in nvbios_addr bpf: fix overflow in prog accounting fuse: limit nsec md-raid10: fix KASAN warning ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() PCI: Add defines for normal and subtractive PCI bridges powerpc/fsl-pci: Fix Class Code of PCIe Root Port powerpc/powernv: Avoid crashing if rng is NULL MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK USB: HCD: Fix URB giveback issue in tasklet function netfilter: nf_tables: fix null deref due to zeroed list head scsi: zfcp: Fix missing auto port scan and thus missing target ports x86/olpc: fix 'logical not is only applied to the left hand side' spmi: trace: fix stack-out-of-bound access in SPMI tracing functions ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h ext4: make sure ext4_append() always allocates new block ext4: fix use-after-free in ext4_xattr_set_entry ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix extent status tree race in writeback error recovery path ext4: correct max_inline_xattr_value_size computing dm raid: fix address sanitizer warning in raid_status net_sched: cls_route: remove from list when handle is 0 btrfs: reject log replay if there is unsupported RO compat flag tcp: fix over estimation in sk_forced_mem_schedule() scsi: sg: Allow waiting for commands to complete on removed device Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression nios2: time: Read timer in get_cycles only if initialized net/9p: Initialize the iounit field during fid creation net_sched: cls_route: disallow handle of 0 ALSA: info: Fix llseek return value when using callback rds: add missing barrier to release_refill ata: libata-eh: Add missing command name btrfs: fix lost error handling when looking up extended ref on log replay can: ems_usb: fix clang's -Wunaligned-access warning NFSv4.1: RECLAIM_COMPLETE must handle EACCES SUNRPC: Reinitialise the backchannel request buffers before reuse pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed vsock: Fix memory leak in vsock_connect() xen/xenbus: fix return type in xenbus_file_read() atm: idt77252: fix use-after-free bugs caused by tst_timer nios2: page fault et.al. are *not* restartable syscalls... nios2: don't leave NULLs in sys_call_table[] nios2: traced syscall does need to check the syscall number nios2: fix syscall restart checks nios2: restarts apply only to the first sigframe we build... nios2: add force_successful_syscall_return() netfilter: nf_tables: really skip inactive sets when allocating name fec: Fix timer capture timing in `fec_ptp_enable_pps()` irqchip/tegra: Fix overflow implicit truncation warnings usb: host: ohci-ppc-of: Fix refcount leak bug gadgetfs: ep_io - wait until IRQ finishes cxl: Fix a memory leak in an error handling path drivers:md:fix a potential use-after-free bug ext4: avoid remove directory when directory is corrupted ext4: avoid resizing to a partial cluster size tty: serial: Fix refcount leak bug in ucc_uart.c vfio: Clear the caps->buf to NULL after free mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start ALSA: core: Add async signal helpers ALSA: timer: Use deferred fasync helper powerpc/64: Init jump labels before parse_early_param() video: fbdev: i740fb: Check the argument of i740_calc_vclk() MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 Linux 4.9.326 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3ca17af58cd0c61bd81028c496849592cfd22f0f |
||
|
Paul Moore
|
381595049d |
selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
commit 200ea5a2292dc444a818b096ae6a32ba3caa51b9 upstream.
A previous fix, commit 83370b31a915 ("selinux: fix error initialization
in inode_doinit_with_dentry()"), changed how failures were handled
before a SELinux policy was loaded. Unfortunately that patch was
potentially problematic for two reasons: it set the isec->initialized
state without holding a lock, and it didn't set the inode's SELinux
label to the "default" for the particular filesystem. The later can
be a problem if/when a later attempt to revalidate the inode fails
and SELinux reverts to the existing inode label.
This patch should restore the default inode labeling that existed
before the original fix, without affecting the LABEL_INVALID marking
such that revalidation will still be attempted in the future.
Fixes: 83370b31a915 ("selinux: fix error initialization in inode_doinit_with_dentry()")
Reported-by: Sven Schnelle <svens@linux.ibm.com>
Tested-by: Sven Schnelle <svens@linux.ibm.com>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Alexander Grund <theflamefire89@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Tianyue Ren
|
c00fcec32c |
selinux: fix error initialization in inode_doinit_with_dentry()
commit 83370b31a915493231e5b9addc72e4bef69f8d31 upstream.
Mark the inode security label as invalid if we cannot find
a dentry so that we will retry later rather than marking it
initialized with the unlabeled SID.
Fixes: 9287aed2ad1f ("selinux: Convert isec->lock into a spinlock")
Signed-off-by: Tianyue Ren <rentianyue@kylinos.cn>
[PM: minor comment tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Alexander Grund <theflamefire89@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Andreas Gruenbacher
|
4ec11eb727 |
selinux: Convert isec->lock into a spinlock
commit 9287aed2ad1ff1bde5eb190bcd6dccd5f1cf47d3 upstream. Convert isec->lock from a mutex into a spinlock. Instead of holding the lock while sleeping in inode_doinit_with_dentry, set isec->initialized to LABEL_PENDING and release the lock. Then, when the sid has been determined, re-acquire the lock. If isec->initialized is still set to LABEL_PENDING, set isec->sid; otherwise, the sid has been set by another task (LABEL_INITIALIZED) or invalidated (LABEL_INVALID) in the meantime. This fixes a deadlock on gfs2 where * one task is in inode_doinit_with_dentry -> gfs2_getxattr, holds isec->lock, and tries to acquire the inode's glock, and * another task is in do_xmote -> inode_go_inval -> selinux_inode_invalidate_secctx, holds the inode's glock, and tries to acquire isec->lock. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> [PM: minor tweaks to keep checkpatch.pl happy] Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Alexander Grund <theflamefire89@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Andreas Gruenbacher
|
ac17e88ff0 |
selinux: Clean up initialization of isec->sclass
commit 13457d073c29da92001f6ee809075eaa8757fb96 upstream. Now that isec->initialized == LABEL_INITIALIZED implies that isec->sclass is valid, skip such inodes immediately in inode_doinit_with_dentry. For the remaining inodes, initialize isec->sclass at the beginning of inode_doinit_with_dentry to simplify the code. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Alexander Grund <theflamefire89@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Andreas Gruenbacher
|
891160f166 |
proc: Pass file mode to proc_pid_make_inode
commit db978da8fa1d0819b210c137d31a339149b88875 upstream. Pass the file mode of the proc inode to be created to proc_pid_make_inode. In proc_pid_make_inode, initialize inode->i_mode before calling security_task_to_inode. This allows selinux to set isec->sclass right away without introducing "half-initialized" inode security structs. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Alexander Grund <theflamefire89@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Andreas Gruenbacher
|
81000b69e4 |
selinux: Minor cleanups
commit 420591128cb206201dc444c2d42fb6f299b2ecd0 upstream. Fix the comment for function __inode_security_revalidate, which returns an integer. Use the LABEL_* constants consistently for isec->initialized. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Alexander Grund <theflamefire89@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
5a227d815c |
Merge 4.9.325 into android-4.9-q
Changes in 4.9.325 security,selinux,smack: kill security_task_wait hook xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer misc: rtsx_usb: use separate command and response buffers misc: rtsx_usb: set return value in rsp_buf alloc err path xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() ip: Fix a data-race around sysctl_fwmark_reflect. tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. tcp: Fix a data-race around sysctl_tcp_probe_threshold. i2c: cadence: Change large transfer count reset logic to be unconditional igmp: Fix data-races around sysctl_igmp_llm_reports. igmp: Fix a data-race around sysctl_igmp_max_memberships. tcp: Fix a data-race around sysctl_tcp_notsent_lowat. be2net: Fix buffer overflow in be_get_module_eeprom Revert "Revert "char/random: silence a lockdep splat with printk()"" mm/mempolicy: fix uninit-value in mpol_rebind_policy() bpf: Make sure mac_header was set before using it ALSA: memalloc: Align buffer allocations in page size tty: drivers/tty/, stop using tty_schedule_flip() tty: the rest, stop using tty_schedule_flip() tty: drop tty_schedule_flip() tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() net: usb: ax88179_178a needs FLAG_SEND_ZLP Linux 4.9.325 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia0b4189557d82a2402819decbcf4eb3c7a204d86 |
||
|
Stephen Smalley
|
ab83798bd5 |
security,selinux,smack: kill security_task_wait hook
commit 3a2f5a59a695a73e0cde9a61e0feae5fa730e936 upstream. As reported by yangshukui, a permission denial from security_task_wait() can lead to a soft lockup in zap_pid_ns_processes() since it only expects sys_wait4() to return 0 or -ECHILD. Further, security_task_wait() can in general lead to zombies; in the absence of some way to automatically reparent a child process upon a denial, the hook is not useful. Remove the security hook and its implementations in SELinux and Smack. Smack already removed its check from its hook. Reported-by: yangshukui <yangshukui@huawei.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Alexander Grund <theflamefire89@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Michael Bestas
|
43cdebbc57 |
Merge remote-tracking branch 'common/android-4.9-q' into android-msm-pixel-4.9
* common/android-4.9-q:
Linux 4.9.312
block/compat_ioctl: fix range check in BLKGETSIZE
ext4: force overhead calculation if the s_overhead_cluster makes no sense
ext4: fix overhead calculation to account for the reserved gdt blocks
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
ARC: entry: fix syscall_trace_exit argument
e1000e: Fix possible overflow in LTR decoding
ASoC: soc-dapm: fix two incorrect uses of list iterator
openvswitch: fix OOB access in reserve_sfa_size()
dma: at_xdmac: fix a missing check on list iterator
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
drm/msm/mdp5: check the return of kzalloc()
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
vxlan: fix error return code in vxlan_fdb_append
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
ARM: vexpress/spc: Avoid negative array index when !SMP
netlink: reset network and mac headers in netlink_dump()
net/packet: fix packet_sock xmit return value checking
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ALSA: usb-audio: Clear MIDI port active flag after draining
gfs2: assign rgrp glock before compute_bitstructs
mm: page_alloc: fix building error on -Werror=array-compare
etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
Linux 4.9.311
gcc-plugins: latent_entropy: use /dev/urandom
i2c: pasemi: Wait for write xfers to finish
smp: Fix offline cpu check in flush_smp_call_function_queue()
ARM: davinci: da850-evm: Avoid NULL pointer dereference
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
mm, page_alloc: fix build_zonerefs_node()
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: mvsas: Add PCI ID of RocketRaid 2640
gpu: ipu-v3: Fix dev_dbg frequency output
net: micrel: fix KS8851_MLL Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
drm/amdkfd: Check for potential null return of kmalloc_array()
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
veth: Ensure eth header is in skb's linear part
xfrm: policy: match with both mark and mask on user interfaces
arm64: module: remove (NOLOAD) from linker script
mm: don't skip swap entry even if zap_details specified
dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
arm64: patch_text: Fixup last cpu should be master
x86/speculation: Restore speculation related MSRs during S3 resume
x86/pm: Save the MSR validity status at context setup
mm/mempolicy: fix mpol_new leak in shared_policy_replace
mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
drbd: Fix five use after free bugs in get_initial_state
drm/imx: Fix memory leak in imx_pd_connector_get_modes
net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
mm: fix race between MADV_FREE reclaim and blkdev direct IO read
jfs: prevent NULL deref in diFree
virtio_console: eliminate anonymous module_init & module_exit
serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
SUNRPC/call_alloc: async tasks mustn't block waiting for memory
w1: w1_therm: fixes w1_seq for ds28ea00 sensors
init/main.c: return 1 from handled __setup() functions
Bluetooth: Fix use after free in hci_send_acl
xtensa: fix DTC warning unit_address_format
usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
scsi: libfc: Fix use after free in fc_exch_abts_resp()
MIPS: fix fortify panic when copying asm exception handlers
bnxt_en: Eliminate unintended link toggle during FW reset
scsi: aha152x: Fix aha152x_setup() __setup handler return value
scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
dm ioctl: prevent potential spectre v1 gadget
iommu/arm-smmu-v3: fix event handling soft lockup
scsi: bfa: Replace snprintf() with sysfs_emit()
scsi: mvsas: Replace snprintf() with sysfs_emit()
powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
ptp: replace snprintf with sysfs_emit
ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
ARM: 9187/1: JIVE: fix return value of __setup handler
rtc: wm8350: Handle error for wm8350_register_irq
KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
openvswitch: Fixed nd target mask field in the flow dump.
ARM: dts: spear13xx: Update SPI dma properties
ARM: dts: spear1340: Update serial node properties
ASoC: topology: Allow TLV control to be either read or write
ubi: fastmap: Return error code if memory allocation fails in add_aeb()
mm/memcontrol: return 1 from cgroup.memory __setup() handler
mm/mmap: return 1 from stack_guard_gap __setup() handler
ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
pinctrl: pinconf-generic: Print arguments for bias-pull-*
gfs2: Make sure FITRIM minlen is rounded up to fs block size
ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
KVM: Prevent module exit until all VMs are freed
scsi: qla2xxx: Fix incorrect reporting of task management failure
mmc: host: Return an error when ->enable_sdio_irq() ops is missing
media: hdpvr: initialize dev->worker at hdpvr_register_videodev
video: fbdev: sm712fb: Fix crash in smtcfb_write()
ARM: mmp: Fix failure to remove sram device
ARM: tegra: tamonten: Fix I2C3 pad setting
media: cx88-mpeg: clear interrupt status register before streaming video
ASoC: soc-core: skip zero num_dai component in searching dai name
video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
ARM: dts: bcm2837: Add the missing L1/L2 cache information
ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
video: fbdev: cirrusfb: check pixclock to avoid divide by zero
video: fbdev: w100fb: Reset global state
video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
ntfs: add sanity check on allocation size
ext4: don't BUG if someone dirty pages without asking ext4 first
spi: tegra20: Use of_device_get_match_data()
PM: core: keep irq flags in device_pm_check_callbacks()
ACPI/APEI: Limit printable size of BERT table data
ACPICA: Avoid walking the ACPI Namespace if it is not there
irqchip/nvic: Release nvic_base upon failure
Fix incorrect type in assignment of ipv6 port for audit
loop: use sysfs_emit() in the sysfs xxx show()
selinux: use correct type for context length
net/x25: Fix null-ptr-deref caused by x25_disconnect
qlcnic: dcb: default to returning -EOPNOTSUPP
net: phy: broadcom: Fix brcm_fet_config_init()
netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
jfs: fix divide error in dbNextAG
kgdbts: fix return value of __setup handler
kgdboc: fix return value of __setup handler
tty: hvc: fix return value of __setup handler
pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
NFS: remove unneeded check in decode_devicenotify_args()
clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
clk: clps711x: Terminate clk_div_table with sentinel element
clk: loongson1: Terminate clk_div_table with sentinel element
remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
clk: qcom: clk-rcg2: Update the frac table for pixel clock
iio: adc: Add check for devm_request_threaded_irq
pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
mxser: fix xmit_buf leak in activate when LSR == 0xff
mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
i2c: mux: demux-pinctrl: do not deactivate a master that is not active
af_netlink: Fix shift out of bounds in group mask calculation
USB: storage: ums-realtek: fix error code in rts51x_read_mem()
MIPS: RB532: fix return value of __setup handler
mfd: mc13xxx: Add check for mc13xxx_irq_request
powerpc/sysdev: fix incorrect use to determine if list is empty
power: supply: wm8350-power: Add missing free in free_charger_irq
power: supply: wm8350-power: Handle error for wm8350_register_irq
i2c: xiic: Make bus names unique
KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
KVM: x86: Fix emulation in writing cr8
drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
ext2: correct max file size computing
TOMOYO: fix __setup handlers return values
scsi: pm8001: Fix abort all task initialization
scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
iwlwifi: Fix -EIO error code that is never returned
HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
ray_cs: Check ioremap return value
ath9k_htc: fix uninit value bugs
drm/edid: Don't clear formats if using deep color
mtd: onenand: Check for error irq
ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
ASoC: fsi: Add check for clk_enable
ASoC: wm8350: Handle error for wm8350_register_irq
ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
memory: emif: check the pointer temp in get_device_details()
memory: emif: Add check for setup_interrupts
ASoC: atmel_ssc_dai: Handle errors for clk_enable
ASoC: mxs-saif: Handle errors for clk_enable
printk: fix return value of printk.devkmsg __setup handler
arm64: dts: broadcom: Fix sata nodename
arm64: dts: ns2: Fix spi-cpol and spi-cpha property
ALSA: spi: Add check for clk_enable()
ASoC: ti: davinci-i2s: Add check for clk_enable()
media: usb: go7007: s2250-board: fix leak in probe()
soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
ARM: dts: qcom: ipq4019: fix sleep clock
video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
perf/x86/intel/pt: Fix address filter config for 32-bit kernel
perf/core: Fix address filter parser for multiple filters
sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
clocksource: acpi_pm: fix return value of __setup handler
hwmon: (pmbus) Add Vin unit off handling
crypto: ccp - ccp_dmaengine_unregister release dma channels
crypto: vmx - add missing dependencies
PM: suspend: fix return value of __setup handler
PM: hibernate: fix __setup handler error handling
hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
hwmon: (pmbus) Add mutex to regulator ops
selftests/x86: Add validity check and allow field splitting
spi: tegra114: Add missing IRQ check in tegra_spi_probe
crypto: mxs-dcp - Fix scatterlist processing
crypto: authenc - Fix sleep in atomic context in decrypt_tail
PCI: pciehp: Clear cmd_busy bit in polling mode
brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
brcmfmac: firmware: Allocate space for default boardrev in nvram
media: davinci: vpif: fix unbalanced runtime PM get
DEC: Limit PMAX memory probing to R3k systems
lib/raid6/test: fix multiple definition linking error
thermal: int340x: Increase bitmap size
carl9170: fix missing bit-wise or operator for tx_params
ARM: dts: exynos: add missing HDMI supplies on SMDK5420
ARM: dts: exynos: add missing HDMI supplies on SMDK5250
ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
video: fbdev: sm712fb: Fix crash in smtcfb_read()
drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
ALSA: cs4236: fix an incorrect NULL check on list iterator
Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
mempolicy: mbind_range() set_policy() after vma_merge()
mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
jffs2: fix memory leak in jffs2_scan_medium
jffs2: fix memory leak in jffs2_do_mount_fs
jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
NFSD: prevent underflow in nfssvc_decode_writeargs()
SUNRPC: avoid race between mod_timer() and del_timer_sync()
ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
clk: uniphier: Fix fixed-rate initialization
iio: inkern: make a best effort on offset calculation
iio: inkern: apply consumer scale on IIO_VAL_INT cases
coresight: Fix TRCCONFIGR.QE sysfs interface
USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
virtio-blk: Use blk_validate_block_size() to validate block size
block: Add a helper to validate the block size
af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
ethernet: sun: Free the coherent when failing in probing
virtio_console: break out of buf poll on remove
netdevice: add the case if dev is NULL
USB: serial: simple: add Nokia phone driver
USB: serial: pl2303: add IBM device IDs
Linux 4.9.310
arm64: Use the clearbhb instruction in mitigations
arm64: add ID_AA64ISAR2_EL1 sys register
KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated
arm64: Mitigate spectre style branch history side channels
KVM: arm64: Add templates for BHB mitigation sequences
arm64: Add percpu vectors for EL1
arm64: entry: Add macro for reading symbol addresses from the trampoline
arm64: entry: Add vectors that have the bhb mitigation sequences
arm64: Move arm64_update_smccc_conduit() out of SSBD ifdef
arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations
arm64: entry: Allow the trampoline text to occupy multiple pages
arm64: entry: Make the kpti trampoline's kpti sequence optional
arm64: entry: Move trampoline macros out of ifdef'd section
arm64: entry: Don't assume tramp_vectors is the start of the vectors
arm64: entry: Allow tramp_alias to access symbols after the 4K boundary
arm64: entry: Move the trampoline data page before the text page
arm64: entry: Free up another register on kpti's tramp_exit path
arm64: entry: Make the trampoline cleanup optional
arm64: entry.S: Add ventry overflow sanity checks
arm64: Add helper to decode register from instruction
arm64: Add Cortex-X2 CPU part definition
arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
arm64: Add part number for Arm Cortex-A77
arm64: Add part number for Neoverse N1
arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT
arm64: Add silicon-errata.txt entry for ARM erratum 1188873
arm64: arch_timer: avoid unused function warning
arm64: arch_timer: Add workaround for ARM erratum 1188873
arm64: arch_timer: Add erratum handler for CPU-specific capability
arm64: arch_timer: Add infrastructure for multiple erratum detection methods
clocksource/drivers/arm_arch_timer: Introduce generic errata handling infrastructure
clocksource/drivers/arm_arch_timer: Remove fsl-a008585 parameter
arm64: capabilities: Add support for checks based on a list of MIDRs
arm64: Add helpers for checking CPU MIDR against a range
arm64: capabilities: Clean up midr range helpers
arm64: capabilities: Add flags to handle the conflicts on late CPU
arm64: capabilities: Prepare for fine grained capabilities
arm64: capabilities: Move errata processing code
arm64: capabilities: Move errata work around check on boot CPU
arm64: capabilities: Update prototype for enable call back
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
arm64: Remove useless UAO IPI and describe how this gets enabled
arm64: errata: Provide macro for major and minor cpu revisions
Linux 4.9.309
llc: only change llc->dev when bind() succeeds
mac80211: fix potential double free on mesh join
crypto: qat - disable registration of algorithms
ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3
ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
netfilter: nf_tables: initialize registers in nft_do_chain()
ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec
ALSA: cmipci: Restore aux vol on suspend/resume
ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB
ALSA: pcm: Add stream lock during PCM reset ioctl operations
llc: fix netdevice reference leaks in llc_ui_bind()
staging: fbtft: fb_st7789v: reset display before initialization
net: ipv6: fix skb_over_panic in __ip6_append_data
nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
Linux 4.9.308
Input: aiptek - properly check endpoint type
usb: gadget: Fix use-after-free bug by not setting udc->dev.driver
usb: gadget: rndis: prevent integer overflow in rndis_set_response()
atm: eni: Add check for dma_map_single
net/packet: fix slab-out-of-bounds access in packet_recvmsg()
fs: sysfs_emit: Remove PAGE_SIZE alignment check
kselftest/vm: fix tests build with old libc
sfc: extend the locking on mcdi->seqno
tcp: make tcp_read_sock() more robust
nl80211: Update bss channel on channel switch for P2P_CLIENT
atm: firestream: check the return value of ioremap() in fs_init()
can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready
ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE
MIPS: smp: fill in sibling and core maps earlier
ARM: dts: rockchip: fix a typo on rk3288 crypto-controller
xfrm: Fix xfrm migrate issues when address family changes
Linux 4.9.307
btrfs: unlock newly allocated extent buffer after error
ARM: fix Thumb2 regression with Spectre BHB
batman-adv: Don't expect inter-netns unique iflink indices
batman-adv: Request iflink once in batadv-on-batadv check
staging: gdm724x: fix use after free in gdm_lte_rx()
ARM: Spectre-BHB: provide empty stub for non-config
selftests/memfd: clean up mapping in mfd_fail_write
tracing: Ensure trace buffer is at least 4096 bytes large
Revert "xen-netback: Check for hotplug-status existence before watching"
net-sysfs: add check for netdevice being present to speed_show
sctp: fix kernel-infoleak for SCTP sockets
gpio: ts4900: Do not set DAT and OE together
NFC: port100: fix use-after-free in port100_send_complete
net/mlx5: Fix size field in bufferx_reg struct
ax25: Fix NULL pointer dereference in ax25_kill_by_device
net: ethernet: lpc_eth: Handle error for clk_enable
ethernet: Fix error handling in xemaclite_of_probe
qed: return status of qed_iov_get_link
net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare()
Linux 4.9.306
xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
xen/gnttab: fix gnttab_end_foreign_access() without page specified
xen: remove gnttab_query_foreign_access()
xen/gntalloc: don't use gnttab_query_foreign_access()
xen/scsifront: don't use gnttab_query_foreign_access() for mapped status
xen/netfront: don't use gnttab_query_foreign_access() for mapped status
xen/blkfront: don't use gnttab_query_foreign_access() for mapped status
xen/grant-table: add gnttab_try_end_foreign_access()
xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
ARM: fix build warning in proc-v7-bugs.c
x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
x86/build: Fix compiler support check for CONFIG_RETPOLINE
ARM: Do not use NOCROSSREFS directive with ld.lld
ARM: fix co-processor register typo
ARM: fix build error when BPF_SYSCALL is disabled
ARM: include unprivileged BPF status in Spectre V2 reporting
ARM: Spectre-BHB workaround
ARM: use LOADADDR() to get load address of sections
ARM: early traps initialisation
ARM: report Spectre v2 status through sysfs
arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit()
arm/arm64: Provide a wrapper for SMCCC 1.1 calls
x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT
x86/speculation: Warn about Spectre v2 LFENCE mitigation
x86/speculation: Update link to AMD speculation whitepaper
x86/speculation: Use generic retpoline by default on AMD
x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting
Documentation/hw-vuln: Update spectre doc
x86/speculation: Add eIBRS + Retpoline options
x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
Documentation: Add swapgs description to the Spectre v1 documentation
Documentation: Add section about CPU vulnerabilities for Spectre
x86/retpoline: Remove minimal retpoline support
x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC variant
Linux 4.9.305
hamradio: fix macro redefine warning
net: dcb: disable softirqs in dcbnl_flush_dev()
memfd: fix F_SEAL_WRITE after shmem huge page allocated
HID: add mapping for KEY_ALL_APPLICATIONS
Input: elan_i2c - fix regulator enable count imbalance after suspend/resume
Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power()
net: chelsio: cxgb3: check the return value of pci_find_capability()
soc: fsl: qe: Check of ioremap return value
ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions
can: gs_usb: change active_channels's type from atomic_t to u8
efivars: Respect "block" flag in efivar_entry_set_safe()
net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe()
net: sxgbe: fix return value of __setup handler
net: stmmac: fix return value of __setup handler
mac80211: fix forwarded mesh frames AC & queue selection
firmware: qemu_fw_cfg: fix kobject leak in probe error path
firmware: Fix a reference count leak.
net: dcb: flush lingering app table entries for unregistered devices
netfilter: nf_queue: fix possible use-after-free
netfilter: nf_queue: don't assume sk is full socket
xfrm: fix MTU regression
ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
ata: pata_hpt37x: fix PCI clock detection
usb: gadget: clear related members when goto fail
usb: gadget: don't release an existing dev->buf
net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
i2c: qup: allow COMPILE_TEST
dmaengine: shdma: Fix runtime PM imbalance on error
cifs: fix double free race when mount fails in cifs_get_root()
Input: clear BTN_RIGHT/MIDDLE on buttonpads
i2c: bcm2835: Avoid clock stretching timeouts
mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
mac80211_hwsim: report NOACK frames in tx_status
Linux 4.9.304
fget: clarify and improve __fget_files() implementation
memblock: use kfree() to release kmalloced memblock regions
tty: n_gsm: fix proper link termination after failed open
tty: n_gsm: fix encoding of control signal octet bit DV
xhci: Prevent futile URB re-submissions due to incorrect return value.
usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
USB: serial: option: add Telit LE910R1 compositions
USB: serial: option: add support for DW5829e
tracefs: Set the group ownership in apply_options() not parse_options()
USB: gadget: validate endpoint index for xilinx udc
usb: gadget: rndis: add spinlock for rndis response list
Revert "USB: serial: ch341: add new Product ID for CH341A"
ata: pata_hpt37x: disable primary channel on HPT371
iio: adc: men_z188_adc: Fix a resource leak in an error handling path
RDMA/ib_srp: Fix a deadlock
configfs: fix a race in configfs_{,un}register_subsystem()
net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
drm/edid: Always set RGB444
openvswitch: Fix setting ipv6 fields causing hw csum failure
gso: do not skip outer ip header in case of ipip and net_failover
net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
serial: 8250: of: Fix mapped region size when using reg-offset property
serial: 8250: fix error handling in of_platform_serial_probe()
USB: zaurus: support another broken Zaurus
sr9700: sanity check for packet length
parisc/unaligned: Fix ldw() and stw() unalignment handlers
parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
Linux 4.9.303
net: usb: qmi_wwan: Add support for Dell DW5829e
tracing: Fix tp_printk option related with tp_printk_stop_on_boot
ata: libata-core: Disable TRIM on M88V29
NFS: Do not report writeback errors in nfs_getattr()
KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW
lib/iov_iter: initialize "flags" in new pipe_buffer
i2c: brcmstb: fix support for DSL and CM variants
EDAC: Fix calculation of returned address and next offset in edac_align_ptr()
NFS: LOOKUP_DIRECTORY is also ok with symlinks
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range()
ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw()
ALSA: hda: Fix missing codec probe on Shenker Dock 15
ALSA: hda: Fix regression on forced probe mask option
libsubcmd: Fix use-after-free for realloc(..., 0)
drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit
iwlwifi: pcie: fix locking when "HW not ready"
vsock: remove vsock from connected table when connect is interrupted by a signal
vsock: correct removal of socket from the list
taskstats: Cleanup the use of task->exit_code
xfrm: Don't accidentally set RTO_ONLINK in decode_session4()
drm/radeon: Fix backlight control on iMac 12,1
quota: make dquot_quota_sync return errors from ->sync_fs
vfs: make freeze_super abort when sync_filesystem returns error
ax25: improve the incomplete fix to avoid UAF and NPD bugs
selftests/zram: Adapt the situation that /dev/zram0 is being used
selftests/zram01.sh: Fix compression ratio calculation
selftests/zram: Skip max_comp_streams interface on newer kernel
net: ieee802154: at86rf230: Stop leaking skb's
btrfs: send: in case of IO error log it
parisc: Fix sglist access in ccio-dma.c
parisc: Fix data TLB miss in sba_unmap_sg
serial: parisc: GSC: fix build when IOSAPIC is not set
net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
Makefile.extrawarn: Move -Wunaligned-access to W=1
UPSTREAM: net: fix skb_panic to output real address
UPSTREAM: xfrm: Make function xfrmi_get_link_net() static
UPSTREAM: xfrm: fix gro_cells leak when remove virtual xfrm interfaces
UPSTREAM: xfrm interface: fix memory leak on creation
UPSTREAM: xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate
UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
UPSTREAM: xfrm/compat: memset(0) 64-bit padding at right place
UPSTREAM: xfrm/compat: Don't allocate memory with __GFP_ZERO
UPSTREAM: xfrm/compat: Cleanup WARN()s that can be user-triggered
UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
UPSTREAM: arm64/vdso: don't leak kernel addresses
UPSTREAM: tracing: make PREEMPTIRQ_EVENTS depend on TRACING
UPSTREAM: trace_uprobe: Use %lx to display offset
UPSTREAM: kprobes: Fix random address output of blacklist file
UPSTREAM: mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty()
UPSTREAM: x86/realmode: Don't leak the trampoline kernel address
UPSTREAM: bpf: bpf_prog_array_alloc() should return a generic non-rcu pointer
UPSTREAM: bpf: fix rcu annotations in compute_effective_progs()
UPSTREAM: optee: add writeback to valid memory type
UPSTREAM: lib/test_printf.c: accept "ptrval" as valid result for plain 'p' tests
UPSTREAM: kdb: use correct pointer when 'btc' calls 'btt'
UPSTREAM: kdb: print real address of pointers instead of hashed addresses
UPSTREAM: powerpc/traps: Fix the message printed when stack overflows
UPSTREAM: f2fs: should use GFP_NOFS for directory inodes
UPSTREAM: zram: off by one in read_block_state()
UPSTREAM: tee: fix put order in teedev_close_context()
UPSTREAM: vsprintf: Replace memory barrier with static_key for random_ptr_key update
UPSTREAM: ARM: 8896/1: VDSO: Don't leak kernel addresses
UPSTREAM: parisc: Show unhashed hardware inventory
UPSTREAM: parisc: Show initial kernel memory layout unhashed
UPSTREAM: parisc: Show unhashed HPA of Dino chip
UPSTREAM: parisc: Show unhashed EISA EEPROM address
UPSTREAM: HID: input: throttle battery uevents
UPSTREAM: HID: steam: select CONFIG_POWER_SUPPLY
UPSTREAM: HID: sony: Fix for broken buttons on DS3 USB dongles
UPSTREAM: HID: input: do not report stylus battery state as "full"
Linux 4.9.302
HID: wacom: add USB_HID dependency
hwmon: (dell-smm) Speed up setting of fan speed
USB: serial: cp210x: add CPI Bulk Coin Recycler id
USB: serial: cp210x: add NCR Retail IO box id
USB: serial: ch341: add support for GW Instek USB2.0-Serial devices
USB: serial: option: add ZTE MF286D modem
USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
usb: gadget: rndis: check size of RNDIS_MSG_SET command
USB: gadget: validate interface OS descriptor requests
usb: dwc3: gadget: Prevent core from processing stale TRBs
n_tty: wake up poll(POLLRDNORM) on receiving data
bpf: Add kconfig knob for disabling unpriv bpf by default
vt_ioctl: add array_index_nospec to VT_ACTIVATE
vt_ioctl: fix array_index_nospec in vt_setactivate
tipc: rate limit warning for received illegal binding update
net: fix a memleak when uncloning an skb dst and its metadata
net: do not keep the dst cache when uncloning an skb dst and its metadata
ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path
bonding: pair enable_port with slave_arr_updates
ARM: dts: imx6qdl-udoo: Properly describe the SD card detect
staging: fbtft: Fix error path in fbtft_driver_module_init()
ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group
usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend
scsi: target: iscsi: Make sure the np under each tpg is unique
NFSv4 remove zero number of fs_locations entries error check
nfs: nfs4clinet: check the return value of kstrdup()
NFSv4 only print the label when its queried
Revert "net: axienet: Wait for PhyRstCmplt after core reset"
ALSA: line6: Fix misplaced backport of "Fix wrong altsetting for LINE6_PODHD500_1"
serial: sh-sci: Fix misplaced backport of "Fix late enablement of AUTORTS"
Input: i8042 - Fix misplaced backport of "add ASUS Zenbook Flip to noselftest list"
NFSD: Clamp WRITE offsets
NFS: Fix initialisation of nfs_client cl_flags field
ima: Remove ima_policy file before directory
integrity: check the return value of audit_log_start()
Revert "tracefs: Have tracefs directories not set OTH permission bits by default"
Linux 4.9.301
tipc: improve size validations for received domain records
moxart: fix potential use-after-free on remove path
cgroup-v1: Require capabilities to set release_agent
Linux 4.9.300
ext4: fix error handling in ext4_restore_inline_data()
EDAC/xgene: Fix deferred probing
EDAC/altera: Fix deferred probing
rtc: cmos: Evaluate century appropriate
nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client.
scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe
ASoC: fsl: Add missing error handling in pcm030_fabric_probe
net: macsec: Verify that send_sci is on when setting Tx sci explicitly
net: ieee802154: Return meaningful error codes from the netlink helpers
spi: mediatek: Avoid NULL pointer crash in interrupt
spi: bcm-qspi: check for valid cs before applying chip select
iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
drm/nouveau: fix off by one in BIOS boundary checking
ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
af_packet: fix data-race in packet_setsockopt / packet_setsockopt
rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink()
net: amd-xgbe: Fix skb data length underflow
net: amd-xgbe: ensure to reset the tx_timer_active flag
ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback
netfilter: nat: limit port clash resolution attempts
netfilter: nat: remove l4 protocol port rovers
ipv4: tcp: send zero IPID in SYNACK messages
ipv4: raw: lock the socket in raw_bind()
hwmon: (lm90) Reduce maximum conversion rate for G781
drm/msm: Fix wrong size calculation
net-procfs: show net devices bound packet types
NFSv4: nfs_atomic_open() can race when looking up a non-regular file
NFSv4: Handle case where the lookup of a directory fails
ipv4: avoid using shared IP generator for connected sockets
net: fix information leakage in /proc/net/ptype
ipv6_tunnel: Rate limit warning messages
scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
powerpc/32: Fix boot failure with GCC latent entropy plugin
USB: core: Fix hang in usb_kill_urb by adding memory barriers
usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS
usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
tty: Add support for Brainboxes UC cards.
tty: n_gsm: fix SW flow control encoding/handling
serial: stm32: fix software flow control transfer
PM: wakeup: simplify the output logic of pm_show_wakelocks()
udf: Fix NULL ptr deref when converting from inline format
udf: Restore i_lenAlloc when inode expansion fails
scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices
s390/hypfs: include z/VM guests with access control group set
Bluetooth: refactor malicious adv data check
can: bcm: fix UAF of bcm op
BACKPORT: ipv6: Implement draft-ietf-6man-rfc4941bis
Linux 4.9.299
ion: Do not 'put' ION handle until after its final use
ion: Protect kref from userspace manipulation
ion: Fix use after free during ION_IOC_ALLOC
ARM: 8800/1: use choice for kernel unwinders
KVM: X86: MMU: Use the correct inherited permissions to get shadow page
KVM: nVMX: fix EPT permissions as reported in exit qualification
NFSv4: Initialise connection to the server in nfs4_alloc_client()
media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
drm/i915: Flush TLBs before releasing backing store
Linux 4.9.298
KVM: do not allow mapping valid but non-reference-counted pages
KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
KVM: do not assume PTE is writable after follow_pfn
mm: add follow_pte_pmd()
lib/timerqueue: Rely on rbtree semantics for next timer
rbtree: cache leftmost node internally
cipso,calipso: resolve a number of problems with the DOI refcounts
gianfar: fix jumbo packets+napi+rx overrun crash
gianfar: simplify FCS handling and fix memory leak
drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
gup: document and work around "COW can break either way" issue
Revert "gup: document and work around "COW can break either way" issue"
lib82596: Fix IRQ check in sni_82596_probe
scripts/dtc: dtx_diff: remove broken example from help text
bcmgenet: add WOL IRQ check
net_sched: restore "mpu xxx" handling
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
dmaengine: at_xdmac: Fix lld view setting
dmaengine: at_xdmac: Print debug message after realeasing the lock
dmaengine: at_xdmac: Don't start transactions at tx_submit level
libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
netns: add schedule point in ops_exit_list()
net: axienet: fix number of TX ring slots for available check
net: axienet: Wait for PhyRstCmplt after core reset
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
RDMA/rxe: Fix a typo in opcode name
RDMA/hns: Modify the mapping attribute of doorbell to device
drm/radeon: fix error handling in radeon_driver_open_kms
fuse: fix live lock in fuse_iget()
fuse: fix bad inode
ext4: don't use the orphan list when migrating an inode
ext4: Fix BUG_ON in ext4_bread when write quota data
ext4: set csum seed in tmp inode while migrating to extents
iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
power: bq25890: Enable continuous conversion for ADC at charging
ASoC: mediatek: mt8173: fix device_node leak
scsi: sr: Don't use GFP_DMA
MIPS: Octeon: Fix build errors using clang
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
ALSA: seq: Set upper limit of processed events
w1: Misuse of get_user()/put_user() reported by sparse
i2c: mpc: Correct I2C reset procedure
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
i2c: i801: Don't silently correct invalid transfer size
powerpc/btext: add missing of_node_put
powerpc/cell: add missing of_node_put
powerpc/powernv: add missing of_node_put
powerpc/6xx: add missing of_node_put
parisc: Avoid calling faulthandler_disabled() twice
serial: core: Keep mctrl register state and cached copy in sync
serial: pl010: Drop CR register reset on set_termios
dm space map common: add bounds check to sm_ll_lookup_bitmap()
dm btree: add a defensive bounds check to insert_at()
net: mdio: Demote probed message to debug print
btrfs: remove BUG_ON(!eie) in find_parent_nodes
btrfs: remove BUG_ON() in find_parent_nodes()
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
ACPICA: Utilities: Avoid deleting the same object twice in a row
jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
um: registers: Rename function names to avoid conflicts and build problems
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
media: igorplugusb: receiver overflow should be reported
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
ath10k: Fix tx hanging
iwlwifi: mvm: synchronize with FW after multicast commands
media: m920x: don't use stack on USB reads
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
floppy: Add max size check for user space request
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
HSI: core: Fix return freed object in hsi_new_client
gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
media: b2c2: Add missing check in flexcop_pci_isr:
HID: apple: Do not reset quirks when the Fn key is not found
usb: gadget: f_fs: Use stream_open() for endpoint files
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
fs: dlm: filter user dlm messages for kernel locks
Bluetooth: Fix debugfs entry leak in hci_register_dev()
RDMA/cxgb4: Set queue pair state when being queried
mips: bcm63xx: add support for clk_set_parent()
mips: lantiq: add support for clk_set_parent()
misc: lattice-ecp3-config: Fix task hung when firmware load failed
ASoC: samsung: idma: Check of ioremap return value
dmaengine: pxa/mmp: stop referencing config->slave_id
RDMA/core: Let ib_find_gid() continue search even after empty entry
scsi: ufs: Fix race conditions related to driver data
char/mwave: Adjust io port register size
ALSA: oss: fix compile error when OSS_DEBUG is enabled
powerpc/prom_init: Fix improper check of prom_getprop()
RDMA/hns: Validate the pkey index
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
ext4: avoid trim error on fs with small groups
net: mcs7830: handle usb read errors properly
pcmcia: fix setting of kthread task states
can: xilinx_can: xcan_probe(): check for error irq
can: softing: softing_startstop(): fix set but not used variable warning
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
fsl/fman: Check for null pointer after calling devm_ioremap
ppp: ensure minimum packet size in ppp_write()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
usb: ftdi-elan: fix memory leak on device disconnect
media: msi001: fix possible null-ptr-deref in msi001_probe()
media: si2157: Fix "warm" tuner state detection
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
media: dib8000: Fix a memleak in dib8000_init()
floppy: Fix hang in watchdog when disk is ejected
serial: amba-pl011: do not request memory region twice
drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
arm64: dts: qcom: msm8916: fix MMC controller aliases
netfilter: bridge: add support for pppoe filtering
tty: serial: atmel: Call dma_async_issue_pending()
tty: serial: atmel: Check return code of dmaengine_submit()
crypto: qce - fix uaf on qce_ahash_register_one
media: dmxdev: fix UAF when dvb_register_device() fails
Bluetooth: stop proccessing malicious adv data
wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
can: softing_cs: softingcs_probe(): fix memleak on registration failure
media: stk1160: fix control-message timeouts
media: pvrusb2: fix control-message timeouts
media: redrat3: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: s2255: fix control-message timeouts
media: cpia2: fix control-message timeouts
media: em28xx: fix control-message timeouts
media: mceusb: fix control-message timeouts
media: flexcop-usb: fix control-message timeouts
rtc: cmos: take rtc_lock while reading from CMOS
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
HID: wacom: Avoid using stale array indicies to read contact count
HID: uhid: Fix worker destroying device without any protection
rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
media: uvcvideo: fix division by zero at stream start
drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
random: fix data race on crng init time
random: fix data race on crng_node_pool
can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
USB: core: Fix bug in resuming hub's handling of wakeup requests
Bluetooth: bfusb: fix division by zero in send path
Linux 4.9.297
power: reset: ltc2952: Fix use of floating point literals
mISDN: change function names to avoid conflicts
net: udp: fix alignment problem in udp4_seq_show()
ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
phonet: refcount leak in pep_sock_accep
arm64: sysreg: Move to use definitions for all the SCTLR bits
arm64: move !VHE work to end of el2_setup
arm64: reduce el2_setup branching
arm64: Remove a redundancy in sysreg.h
bug: split BUILD_BUG stuff out into <linux/build_bug.h>
rndis_host: support Hytera digital radios
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
i40e: Fix incorrect netdev's real number of RX/TX queues
mac80211: initialize variable have_higher_than_11mbit
ieee802154: atusb: fix uninit value in atusb_set_extended_addr
virtio_pci: Support surprise removal of virtio pci device
tracing: Tag trace_percpu_buffer as a percpu pointer
tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models
Linux 4.9.296
net: fix use-after-free in tw_timer_handler
Input: spaceball - fix parsing of movement data packets
Input: appletouch - initialize work before device registration
scsi: vmw_pvscsi: Set residual data length conditionally
usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
uapi: fix linux/nfc.h userspace compilation errors
nfc: uapi: use kernel size_t to fix user-space builds
fsl/fman: Fix missing put_device() call in fman_port_probe
selinux: initialize proto variable in selinux_ip_postroute_compat()
recordmcount.pl: fix typo in s390 mcount regex
platform/x86: apple-gmux: use resource_size() with res
HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
Linux 4.9.295
phonet/pep: refuse to enable an unbound pipe
hamradio: improve the incomplete fix to avoid NPD
hamradio: defer ax25 kfree after unregister_netdev
ax25: NPD bug when detaching AX25 device
hwmon: (lm90) Do not report 'busy' status bit as alarm
ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
ALSA: drivers: opl3: Fix incorrect use of vp->state
ALSA: jack: Check the return value of kstrdup()
hwmon: (lm90) Fix usage of CONFIG2 register in detect function
drivers: net: smc911x: Check for error irq
fjes: Check for error irq
bonding: fix ad_actor_system option setting to default
qlcnic: potential dereference null pointer of rx_queue->page_ring
IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
HID: holtek: fix mouse probing
can: kvaser_usb: get CAN clock frequency from device
net: usb: lan78xx: add Allied Telesis AT29M2-AF
Linux 4.9.294
xen/netback: don't queue unlimited number of packages
xen/netback: fix rx queue stall detection
xen/console: harden hvc_xen against event channel storms
xen/netfront: harden netfront against event channel storms
xen/blkfront: harden blkfront against event channel storms
Input: touchscreen - avoid bitwise vs logical OR warning
mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
ARM: 8805/2: remove unneeded naked function usage
net: lan78xx: Avoid unnecessary self assignment
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
fuse: annotate lock in fuse_reverse_inval_entry()
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
net: systemport: Add global locking for descriptor lifecycle
timekeeping: Really make sure wall_to_monotonic isn't positive
USB: serial: option: add Telit FN990 compositions
PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
USB: gadget: bRequestType is a bitfield, not a enum
ixgbe: set X550 MDIO speed before talking to PHY
igbvf: fix double free in `igbvf_probe`
soc/tegra: fuse: Fix bitwise vs. logical OR warning
nfsd: fix use-after-free due to delegation race
dm btree remove: fix use after free in rebalance_children()
recordmcount.pl: look for jgnop instruction as well as bcrl on s390
mac80211: send ADDBA requests using the tid/queue of the aggregation session
hwmon: (dell-smm) Fix warning on /proc/i8k creation error
tracing: Fix a kmemleak false positive in tracing_map
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
i2c: rk3x: Handle a spurious start completion interrupt flag
parisc/agp: Annotate parisc agp init functions with __init
net/mlx4_en: Update reported link modes for 1/10G
nfc: fix segfault in nfc_genl_dump_devices_done
FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum
Linux 4.9.293
irqchip: nvic: Fix offset for Interrupt Priority Offsets
irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
iio: itg3200: Call iio_trigger_notify_done() on error
iio: kxsd9: Don't return error code in trigger handler
iio: ltr501: Don't return error code in trigger handler
iio: mma8452: Fix trigger reference couting
iio: stk3310: Don't return error code in interrupt handler
usb: core: config: using bit mask instead of individual bits
usb: core: config: fix validation of wMaxPacketValue entries
USB: gadget: zero allocate endpoint 0 buffers
USB: gadget: detect too-big endpoint 0 requests
net/qla3xxx: fix an error code in ql_adapter_up()
net, neigh: clear whole pneigh_entry at alloc time
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net: altera: set a couple error code in probe()
net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
tracefs: Set all files to the same group ownership as the mount option
signalfd: use wake_up_pollfree()
binder: use wake_up_pollfree()
wait: add wake_up_pollfree()
libata: add horkage for ASMedia 1092
can: pch_can: pch_can_rx_normal: fix use after free
tracefs: Have new files inherit the ownership of their parent
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Fix negative period/buffer sizes
ALSA: ctl: Fix copy of updated id with element read/write
mm: bdi: initialize bdi_min_ratio when bdi is unregistered
IB/hfi1: Correct guard on eager buffer deallocation
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
can: sja1000: fix use after free in ems_pcmcia_add_card()
HID: check for valid USB device for many HID drivers
HID: wacom: fix problems when device is not a valid USB device
HID: add USB_HID dependancy on some USB HID drivers
HID: add USB_HID dependancy to hid-chicony
HID: add USB_HID dependancy to hid-prodikeys
HID: add hid_is_usb() function to make it simpler for USB detection
HID: introduce hid_is_using_ll_driver
UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers
UPSTREAM: USB: gadget: detect too-big endpoint 0 requests
Conflicts:
arch/arm64/include/asm/cputype.h
arch/arm64/kernel/bpi.S
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/vdso.c
drivers/clk/qcom/clk-rcg2.c
drivers/media/dvb-core/dmxdev.c
drivers/mmc/core/host.c
drivers/net/usb/lan78xx.c
drivers/staging/android/ion/ion-ioctl.c
drivers/staging/android/ion/ion.c
drivers/staging/android/ion/ion_priv.h
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/rndis.c
drivers/usb/gadget/function/rndis.h
lib/vsprintf.c
mm/memory.c
net/ipv6/ip6_output.c
Change-Id: Ie8bf6aa5dac3ae822cef90decbba577cefedcb31
|
||
|
Greg Kroah-Hartman
|
f5c4d2614c |
Merge 4.9.311 into android-4.9-q
Changes in 4.9.311 USB: serial: pl2303: add IBM device IDs USB: serial: simple: add Nokia phone driver netdevice: add the case if dev is NULL virtio_console: break out of buf poll on remove ethernet: sun: Free the coherent when failing in probing af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register block: Add a helper to validate the block size virtio-blk: Use blk_validate_block_size() to validate block size USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c coresight: Fix TRCCONFIGR.QE sysfs interface iio: inkern: apply consumer scale on IIO_VAL_INT cases iio: inkern: make a best effort on offset calculation clk: uniphier: Fix fixed-rate initialization ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE SUNRPC: avoid race between mod_timer() and del_timer_sync() NFSD: prevent underflow in nfssvc_decode_writeargs() can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path jffs2: fix use-after-free in jffs2_clear_xattr_subsystem jffs2: fix memory leak in jffs2_do_mount_fs jffs2: fix memory leak in jffs2_scan_medium mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node mempolicy: mbind_range() set_policy() after vma_merge() scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" ALSA: cs4236: fix an incorrect NULL check on list iterator drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() video: fbdev: sm712fb: Fix crash in smtcfb_read() video: fbdev: atari: Atari 2 bpp (STe) palette bugfix ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 ARM: dts: exynos: add missing HDMI supplies on SMDK5250 ARM: dts: exynos: add missing HDMI supplies on SMDK5420 carl9170: fix missing bit-wise or operator for tx_params thermal: int340x: Increase bitmap size lib/raid6/test: fix multiple definition linking error DEC: Limit PMAX memory probing to R3k systems media: davinci: vpif: fix unbalanced runtime PM get brcmfmac: firmware: Allocate space for default boardrev in nvram brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio PCI: pciehp: Clear cmd_busy bit in polling mode crypto: authenc - Fix sleep in atomic context in decrypt_tail crypto: mxs-dcp - Fix scatterlist processing spi: tegra114: Add missing IRQ check in tegra_spi_probe selftests/x86: Add validity check and allow field splitting hwmon: (pmbus) Add mutex to regulator ops hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING PM: hibernate: fix __setup handler error handling PM: suspend: fix return value of __setup handler crypto: vmx - add missing dependencies crypto: ccp - ccp_dmaengine_unregister release dma channels hwmon: (pmbus) Add Vin unit off handling clocksource: acpi_pm: fix return value of __setup handler sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa perf/core: Fix address filter parser for multiple filters perf/x86/intel/pt: Fix address filter config for 32-bit kernel video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() ARM: dts: qcom: ipq4019: fix sleep clock soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe media: usb: go7007: s2250-board: fix leak in probe() ASoC: ti: davinci-i2s: Add check for clk_enable() ALSA: spi: Add check for clk_enable() arm64: dts: ns2: Fix spi-cpol and spi-cpha property arm64: dts: broadcom: Fix sata nodename printk: fix return value of printk.devkmsg __setup handler ASoC: mxs-saif: Handle errors for clk_enable ASoC: atmel_ssc_dai: Handle errors for clk_enable memory: emif: Add check for setup_interrupts memory: emif: check the pointer temp in get_device_details() ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe ASoC: wm8350: Handle error for wm8350_register_irq ASoC: fsi: Add check for clk_enable video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of ASoC: dmaengine: do not use a NULL prepare_slave_config() callback ASoC: mxs: Fix error handling in mxs_sgtl5000_probe ASoC: imx-es8328: Fix error return code in imx_es8328_probe() mtd: onenand: Check for error irq drm/edid: Don't clear formats if using deep color ath9k_htc: fix uninit value bugs ray_cs: Check ioremap return value power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports iwlwifi: Fix -EIO error code that is never returned scsi: pm8001: Fix command initialization in pm80XX_send_read_log() scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() scsi: pm8001: Fix abort all task initialization TOMOYO: fix __setup handlers return values ext2: correct max file size computing drm/tegra: Fix reference leak in tegra_dsi_ganged_probe KVM: x86: Fix emulation in writing cr8 KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() i2c: xiic: Make bus names unique power: supply: wm8350-power: Handle error for wm8350_register_irq power: supply: wm8350-power: Add missing free in free_charger_irq powerpc/sysdev: fix incorrect use to determine if list is empty mfd: mc13xxx: Add check for mc13xxx_irq_request MIPS: RB532: fix return value of __setup handler USB: storage: ums-realtek: fix error code in rts51x_read_mem() af_netlink: Fix shift out of bounds in group mask calculation i2c: mux: demux-pinctrl: do not deactivate a master that is not active mfd: asic3: Add missing iounmap() on error asic3_mfd_probe mxser: fix xmit_buf leak in activate when LSR == 0xff pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() iio: adc: Add check for devm_request_threaded_irq clk: qcom: clk-rcg2: Update the frac table for pixel clock remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region clk: loongson1: Terminate clk_div_table with sentinel element clk: clps711x: Terminate clk_div_table with sentinel element clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver NFS: remove unneeded check in decode_devicenotify_args() pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe tty: hvc: fix return value of __setup handler kgdboc: fix return value of __setup handler kgdbts: fix return value of __setup handler jfs: fix divide error in dbNextAG netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options net: phy: broadcom: Fix brcm_fet_config_init() qlcnic: dcb: default to returning -EOPNOTSUPP net/x25: Fix null-ptr-deref caused by x25_disconnect selinux: use correct type for context length loop: use sysfs_emit() in the sysfs xxx show() Fix incorrect type in assignment of ipv6 port for audit irqchip/nvic: Release nvic_base upon failure ACPICA: Avoid walking the ACPI Namespace if it is not there ACPI/APEI: Limit printable size of BERT table data PM: core: keep irq flags in device_pm_check_callbacks() spi: tegra20: Use of_device_get_match_data() ext4: don't BUG if someone dirty pages without asking ext4 first ntfs: add sanity check on allocation size video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow video: fbdev: w100fb: Reset global state video: fbdev: cirrusfb: check pixclock to avoid divide by zero video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 ARM: dts: bcm2837: Add the missing L1/L2 cache information video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() ASoC: soc-core: skip zero num_dai component in searching dai name media: cx88-mpeg: clear interrupt status register before streaming video ARM: tegra: tamonten: Fix I2C3 pad setting ARM: mmp: Fix failure to remove sram device video: fbdev: sm712fb: Fix crash in smtcfb_write() media: hdpvr: initialize dev->worker at hdpvr_register_videodev mmc: host: Return an error when ->enable_sdio_irq() ops is missing scsi: qla2xxx: Fix incorrect reporting of task management failure KVM: Prevent module exit until all VMs are freed ubifs: Add missing iput if do_tmpfile() failed in rename whiteout ubifs: setflags: Make dirtied_ino_d 8 bytes aligned gfs2: Make sure FITRIM minlen is rounded up to fs block size pinctrl: pinconf-generic: Print arguments for bias-pull-* ACPI: CPPC: Avoid out of bounds access when parsing _CPC data mm/mmap: return 1 from stack_guard_gap __setup() handler mm/memcontrol: return 1 from cgroup.memory __setup() handler ubi: fastmap: Return error code if memory allocation fails in add_aeb() ASoC: topology: Allow TLV control to be either read or write ARM: dts: spear1340: Update serial node properties ARM: dts: spear13xx: Update SPI dma properties openvswitch: Fixed nd target mask field in the flow dump. KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated rtc: wm8350: Handle error for wm8350_register_irq ARM: 9187/1: JIVE: fix return value of __setup handler KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 ptp: replace snprintf with sysfs_emit powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 scsi: mvsas: Replace snprintf() with sysfs_emit() scsi: bfa: Replace snprintf() with sysfs_emit() iommu/arm-smmu-v3: fix event handling soft lockup dm ioctl: prevent potential spectre v1 gadget scsi: pm8001: Fix pm8001_mpi_task_abort_resp() scsi: aha152x: Fix aha152x_setup() __setup handler return value bnxt_en: Eliminate unintended link toggle during FW reset MIPS: fix fortify panic when copying asm exception handlers scsi: libfc: Fix use after free in fc_exch_abts_resp() usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm xtensa: fix DTC warning unit_address_format Bluetooth: Fix use after free in hci_send_acl init/main.c: return 1 from handled __setup() functions w1: w1_therm: fixes w1_seq for ds28ea00 sensors SUNRPC/call_alloc: async tasks mustn't block waiting for memory serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() virtio_console: eliminate anonymous module_init & module_exit jfs: prevent NULL deref in diFree mm: fix race between MADV_FREE reclaim and blkdev direct IO read scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() net: stmmac: Fix unset max_speed difference between DT and non-DT platforms drm/imx: Fix memory leak in imx_pd_connector_get_modes drbd: Fix five use after free bugs in get_initial_state mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) mm/mempolicy: fix mpol_new leak in shared_policy_replace x86/pm: Save the MSR validity status at context setup x86/speculation: Restore speculation related MSRs during S3 resume arm64: patch_text: Fixup last cpu should be master tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" mm: don't skip swap entry even if zap_details specified arm64: module: remove (NOLOAD) from linker script xfrm: policy: match with both mark and mask on user interfaces veth: Ensure eth header is in skb's linear part net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link nfc: nci: add flush_workqueue to prevent uaf cifs: potential buffer overflow in handling symlinks drm/amdkfd: Check for potential null return of kmalloc_array() scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 net: micrel: fix KS8851_MLL Kconfig gpu: ipu-v3: Fix dev_dbg frequency output scsi: mvsas: Add PCI ID of RocketRaid 2640 drivers: net: slip: fix NPD bug in sl_tx_timeout() mm, page_alloc: fix build_zonerefs_node() mm: kmemleak: take a full lowmem check in kmemleak_*_phys() ALSA: pcm: Test for "silence" field in struct "pcm_format_data" ARM: davinci: da850-evm: Avoid NULL pointer dereference smp: Fix offline cpu check in flush_smp_call_function_queue() i2c: pasemi: Wait for write xfers to finish gcc-plugins: latent_entropy: use /dev/urandom Linux 4.9.311 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia8f55c5ae2f0eb71b0893d8271a10dfd3c78b3b8 |
||
|
Casey Schaufler
|
8c62a90cd2 |
Fix incorrect type in assignment of ipv6 port for audit
[ Upstream commit a5cd1ab7ab679d252a6d2f483eee7d45ebf2040c ] Remove inappropriate use of ntohs() and assign the port value directly. Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Christian Göttsche
|
6f7fad6056 |
selinux: use correct type for context length
[ Upstream commit b97df7c098c531010e445da88d02b7bf7bf59ef6 ]
security_sid_to_context() expects a pointer to an u32 as the address
where to store the length of the computed context.
Reported by sparse:
security/selinux/xfrm.c:359:39: warning: incorrect type in arg 4
(different signedness)
security/selinux/xfrm.c:359:39: expected unsigned int
[usertype] *scontext_len
security/selinux/xfrm.c:359:39: got int *
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
[PM: wrapped commit description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Randy Dunlap
|
387a8f09c2 |
TOMOYO: fix __setup handlers return values
[ Upstream commit 39844b7e3084baecef52d1498b5fa81afa2cefa9 ]
__setup() handlers should return 1 if the parameter is handled.
Returning 0 causes the entire string to be added to init's
environment strings (limited to 32 strings), unnecessarily polluting it.
Using the documented strings "TOMOYO_loader=string1" and
"TOMOYO_trigger=string2" causes an Unknown parameter message:
Unknown kernel command line parameters
"BOOT_IMAGE=/boot/bzImage-517rc5 TOMOYO_loader=string1 \
TOMOYO_trigger=string2", will be passed to user space.
and these strings are added to init's environment string space:
Run /sbin/init as init process
with arguments:
/sbin/init
with environment:
HOME=/
TERM=linux
BOOT_IMAGE=/boot/bzImage-517rc5
TOMOYO_loader=string1
TOMOYO_trigger=string2
With this change, these __setup handlers act as expected,
and init's environment is not polluted with these strings.
Fixes:
|
||
|
Greg Kroah-Hartman
|
c5804dccaf |
Merge 4.9.302 into android-4.9-q
Changes in 4.9.302 integrity: check the return value of audit_log_start() ima: Remove ima_policy file before directory NFS: Fix initialisation of nfs_client cl_flags field NFSD: Clamp WRITE offsets Input: i8042 - Fix misplaced backport of "add ASUS Zenbook Flip to noselftest list" serial: sh-sci: Fix misplaced backport of "Fix late enablement of AUTORTS" ALSA: line6: Fix misplaced backport of "Fix wrong altsetting for LINE6_PODHD500_1" Revert "net: axienet: Wait for PhyRstCmplt after core reset" NFSv4 only print the label when its queried nfs: nfs4clinet: check the return value of kstrdup() NFSv4 remove zero number of fs_locations entries error check scsi: target: iscsi: Make sure the np under each tpg is unique usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: imx6qdl-udoo: Properly describe the SD card detect bonding: pair enable_port with slave_arr_updates ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path net: do not keep the dst cache when uncloning an skb dst and its metadata net: fix a memleak when uncloning an skb dst and its metadata tipc: rate limit warning for received illegal binding update vt_ioctl: fix array_index_nospec in vt_setactivate vt_ioctl: add array_index_nospec to VT_ACTIVATE bpf: Add kconfig knob for disabling unpriv bpf by default n_tty: wake up poll(POLLRDNORM) on receiving data usb: dwc3: gadget: Prevent core from processing stale TRBs USB: gadget: validate interface OS descriptor requests usb: gadget: rndis: check size of RNDIS_MSG_SET command USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 USB: serial: option: add ZTE MF286D modem USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: cp210x: add NCR Retail IO box id USB: serial: cp210x: add CPI Bulk Coin Recycler id hwmon: (dell-smm) Speed up setting of fan speed HID: wacom: add USB_HID dependency Linux 4.9.302 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5ad6e897d8683da99cddfdca9df1863f389345f2 |
||
|
Stefan Berger
|
dd842056ef |
ima: Remove ima_policy file before directory
commit f7333b9572d0559e00352a926c92f29f061b4569 upstream.
The removal of ima_dir currently fails since ima_policy still exists, so
remove the ima_policy file before removing the directory.
Fixes:
|
||
|
Xiaoke Wang
|
9d75b88897 |
integrity: check the return value of audit_log_start()
commit 83230351c523b04ff8a029a4bdf97d881ecb96fc upstream.
audit_log_start() returns audit_buffer pointer on success or NULL on
error, so it is better to check the return value of it.
Fixes:
|
||
|
Greg Kroah-Hartman
|
93c6cebbd0 |
Merge 4.9.297 into android-4.9-q
Changes in 4.9.297
Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models
tracing: Fix check for trace_percpu_buffer validity in get_trace_buf()
tracing: Tag trace_percpu_buffer as a percpu pointer
virtio_pci: Support surprise removal of virtio pci device
ieee802154: atusb: fix uninit value in atusb_set_extended_addr
mac80211: initialize variable have_higher_than_11mbit
i40e: Fix incorrect netdev's real number of RX/TX queues
sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc
xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
rndis_host: support Hytera digital radios
bug: split BUILD_BUG stuff out into <linux/build_bug.h>
arm64: Remove a redundancy in sysreg.h
arm64: reduce el2_setup branching
arm64: move !VHE work to end of el2_setup
arm64: sysreg: Move to use definitions for all the SCTLR bits
phonet: refcount leak in pep_sock_accep
scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown()
ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate
net: udp: fix alignment problem in udp4_seq_show()
mISDN: change function names to avoid conflicts
power: reset: ltc2952: Fix use of floating point literals
Linux 4.9.297
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I1b6c457971ca5e3b4d2354852a7eeeaccc965a46
|
||
|
Tom Rix
|
120fb315a3 |
selinux: initialize proto variable in selinux_ip_postroute_compat()
commit 732bc2ff080c447f8524f40c970c481f5da6eed3 upstream.
Clang static analysis reports this warning
hooks.c:5765:6: warning: 4th function call argument is an uninitialized
value
if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
selinux_parse_skb() can return ok without setting proto. The later call
to selinux_xfrm_postroute_last() does an early check of proto and can
return ok if the garbage proto value matches. So initialize proto.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Wilson Sung
|
67711e47f3 |
Merge android-4.9-q (4.9.292) into android-msm-pixel-4.9-sc-lts
Merge 4.9.292 into android-4.9-q
Linux 4.9.292
* serial: core: fix transmit-buffer reset and memleak
drivers/tty/serial/serial_core.c
* serial: pl011: Add ACPI SBSA UART match id
drivers/tty/serial/amba-pl011.c
* tty: serial: msm_serial: Deactivate RX DMA for polling support
drivers/tty/serial/msm_serial.c
* vgacon: Propagate console boot parameters before calling `vc_resize'
drivers/video/console/vgacon.c
* parisc: Fix "make install" on newer debian releases
arch/parisc/install.sh
* net/rds: correct socket tunable error in rds_tcp_tune()
net/rds/tcp.c
* siphash: use _unaligned version by default
include/linux/siphash.h
lib/siphash.c
* net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_hw.c
* natsemi: xtensa: fix section mismatch warnings
drivers/net/ethernet/natsemi/xtsonic.c
* fget: check that the fd still exists after getting a ref to it
fs/file.c
* fs: add fget_many() and fput_many()
fs/file.c
fs/file_table.c
include/linux/file.h
include/linux/fs.h
* sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
drivers/ata/sata_fsl.c
* sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
drivers/ata/sata_fsl.c
* kprobes: Limit max data_size of the kretprobe instances
include/linux/kprobes.h
kernel/kprobes.c
* vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
drivers/net/vrf.c
* net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
drivers/net/ethernet/dec/tulip/de4x5.c
* net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
drivers/net/ethernet/dec/tulip/de4x5.c
* ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
drivers/net/ethernet/hisilicon/hns/hns_dsaf_misc.c
* scsi: iscsi: Unblock session then wake up error handler
drivers/scsi/scsi_transport_iscsi.c
* thermal: core: Reset previous low and high trip during thermal zone init
drivers/thermal/thermal_core.c
* s390/setup: avoid using memblock_enforce_memory_limit
arch/s390/kernel/setup.c
* platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
drivers/platform/x86/thinkpad_acpi.c
* net: return correct error code
net/ipv4/devinet.c
* hugetlb: take PMD sharing into account when flushing tlb/caches
mm/hugetlb.c
* NFSv42: Fix pagecache invalidation after COPY/CLONE
fs/nfs/nfs42proc.c
* shm: extend forced shm destroy to support objects from several IPC nses
include/linux/ipc_namespace.h
include/linux/sched.h
include/linux/shm.h
ipc/shm.c
* tty: hvc: replace BUG_ON() with negative return value
drivers/tty/hvc/hvc_xen.c
* xen/netfront: don't trust the backend response data blindly
drivers/net/xen-netfront.c
* xen/netfront: disentangle tx_skb_freelist
drivers/net/xen-netfront.c
* xen/netfront: don't read data from request on the ring page
drivers/net/xen-netfront.c
* xen/netfront: read response from backend only once
drivers/net/xen-netfront.c
* xen/blkfront: don't trust the backend response data blindly
drivers/block/xen-blkfront.c
* xen/blkfront: don't take local copy of a request from the ring page
drivers/block/xen-blkfront.c
* xen/blkfront: read response from backend only once
drivers/block/xen-blkfront.c
* xen: sync include/xen/interface/io/ring.h with Xen's newest version
include/xen/interface/io/ring.h
* fuse: release pipe buf after last use
fs/fuse/dev.c
* NFC: add NCI_UNREG flag to eliminate the race
include/net/nfc/nci_core.h
net/nfc/nci/core.c
* proc/vmcore: fix clearing user buffer by properly using clear_user()
fs/proc/vmcore.c
* vhost/vsock: fix incorrect used length reported to the guest
drivers/vhost/vsock.c
* hugetlbfs: flush TLBs correctly after huge_pmd_unshare
arch/arm/include/asm/tlb.h
arch/ia64/include/asm/tlb.h
arch/s390/include/asm/tlb.h
arch/sh/include/asm/tlb.h
arch/um/include/asm/tlb.h
include/asm-generic/tlb.h
mm/hugetlb.c
mm/memory.c
* tracing: Check pid filtering when creating events
kernel/trace/trace_events.c
* tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
net/ipv4/tcp_cubic.c
* PM: hibernate: use correct mode for swsusp_close()
kernel/power/hibernate.c
* drm/vc4: fix error code in vc4_create_object()
drivers/gpu/drm/vc4/vc4_bo.c
* scsi: mpt3sas: Fix kernel panic during drive powercycle test
drivers/scsi/mpt3sas/mpt3sas_scsih.c
* ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
arch/arm/mach-socfpga/core.h
arch/arm/mach-socfpga/platsmp.c
* NFSv42: Don't fail clone() unless the OP_CLONE operation failed
fs/nfs/nfs42xdr.c
* net: ieee802154: handle iftypes as u32
include/net/nl802154.h
* ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
sound/soc/soc-topology.c
* ARM: dts: BCM5301X: Add interrupt properties to GPIO node
arch/arm/boot/dts/bcm5301x.dtsi
* tracing: Fix pid filtering when triggers are attached
kernel/trace/trace.h
* xen: detect uninitialized xenbus in xenbus_init
drivers/xen/xenbus/xenbus_probe.c
* xen: don't continue xenstore initialization in case of errors
drivers/xen/xenbus/xenbus_probe.c
* fuse: fix page stealing
fs/fuse/dev.c
* staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
drivers/staging/rtl8192e/rtl8192e/rtl_core.c
* ALSA: ctxfi: Fix out-of-range access
sound/pci/ctxfi/ctamixer.c
sound/pci/ctxfi/ctdaio.c
sound/pci/ctxfi/ctresource.c
sound/pci/ctxfi/ctresource.h
sound/pci/ctxfi/ctsrc.c
* binder: fix test regression due to sender_euid change
drivers/android/binder.c
* usb: hub: Fix locking issues with address0_mutex
drivers/usb/core/hub.c
* usb: hub: Fix usb enumeration issue due to address0 race
drivers/usb/core/hub.c
* USB: serial: option: add Fibocom FM101-GL variants
drivers/usb/serial/option.c
* USB: serial: option: add Telit LE910S1 0x9200 composition
drivers/usb/serial/option.c
* staging: ion: Prevent incorrect reference counting behavour
drivers/staging/android/ion/ion.c
Merge 4.9.291 into android-4.9-q
Linux 4.9.291
* soc/tegra: pmc: Fix imbalanced clock disabling in error code path
drivers/soc/tegra/pmc.c
* usb: max-3421: Use driver data instead of maintaining a list of bound devices
drivers/usb/host/max3421-hcd.c
* ASoC: DAPM: Cover regression by kctl change notification fix
sound/soc/soc-dapm.c
* batman-adv: Don't always reallocate the fragmentation skb head
net/batman-adv/fragmentation.c
* batman-adv: Reserve needed_*room for fragments
net/batman-adv/fragmentation.c
* batman-adv: Consider fragmentation for needed_headroom
net/batman-adv/hard-interface.c
* batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
net/batman-adv/bridge_loop_avoidance.c
* batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
net/batman-adv/multicast.c
net/batman-adv/multicast.h
net/batman-adv/soft-interface.c
* batman-adv: Fix own OGM check in aggregated OGMs
net/batman-adv/bat_v_ogm.c
* batman-adv: Keep fragments equally sized
net/batman-adv/fragmentation.c
* drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drivers/gpu/drm/amd/amdgpu/amdgpu_connectors.c
* drm/udl: fix control-message timeout
drivers/gpu/drm/udl/udl_connector.c
* cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
net/wireless/util.c
* parisc/sticon: fix reverse colors
drivers/video/console/sticon.c
* btrfs: fix memory ordering between normal and ordered work functions
fs/btrfs/async-thread.c
* mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
mm/slab.h
* hexagon: export raw I/O routines for modules
arch/hexagon/lib/io.c
* tun: fix bonding active backup with arp monitoring
drivers/net/tun.c
* perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
arch/x86/events/intel/uncore_snbep.c
* perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
arch/x86/events/intel/uncore_snbep.c
* NFC: reorder the logic in nfc_{un,}register_device
net/nfc/core.c
* NFC: reorganize the functions in nci_request
net/nfc/nci/core.c
* platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
drivers/platform/x86/hp_accel.c
* mips: bcm63xx: add support for clk_get_parent()
arch/mips/bcm63xx/clk.c
* iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
drivers/net/ethernet/intel/i40evf/i40evf_main.c
* net: bnx2x: fix variable dereferenced before check
drivers/net/ethernet/broadcom/bnx2x/bnx2x_init_ops.h
* sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
kernel/sched/core.c
* mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
arch/mips/Kconfig
* sh: define __BIG_ENDIAN for math-emu
arch/sh/include/asm/sfp-machine.h
* sh: fix kconfig unmet dependency warning for FRAME_POINTER
arch/sh/Kconfig.debug
* maple: fix wrong return value of maple_bus_init().
drivers/sh/maple/maple.c
* sh: check return code of request_irq
arch/sh/kernel/cpu/sh4a/smp-shx3.c
* powerpc/dcr: Use cmplwi instead of 3-argument cmpli
arch/powerpc/sysdev/dcr-low.S
* ALSA: gus: fix null pointer dereference on pointer block
sound/isa/gus/gus_dma.c
* powerpc/5200: dts: fix memory node unit name
arch/powerpc/boot/dts/charon.dts
arch/powerpc/boot/dts/digsy_mtc.dts
arch/powerpc/boot/dts/lite5200.dts
arch/powerpc/boot/dts/lite5200b.dts
arch/powerpc/boot/dts/media5200.dts
arch/powerpc/boot/dts/mpc5200b.dtsi
arch/powerpc/boot/dts/o2d.dts
arch/powerpc/boot/dts/o2d.dtsi
arch/powerpc/boot/dts/o2dnt2.dts
arch/powerpc/boot/dts/o3dnt.dts
arch/powerpc/boot/dts/pcm032.dts
arch/powerpc/boot/dts/tqm5200.dts
* scsi: target: Fix alua_tg_pt_gps_count tracking
drivers/target/target_core_alua.c
* scsi: target: Fix ordered tag handling
drivers/target/target_core_device.c
drivers/target/target_core_internal.h
drivers/target/target_core_transport.c
include/target/target_core_base.h
* MIPS: sni: Fix the build
arch/mips/sni/time.c
* tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
drivers/tty/tty_buffer.c
* usb: host: ohci-tmio: check return value after calling platform_get_resource()
drivers/usb/host/ohci-tmio.c
* ARM: dts: omap: fix gpmc,mux-add-data type
arch/arm/boot/dts/omap-gpmc-smsc9221.dtsi
arch/arm/boot/dts/omap3-overo-tobiduo-common.dtsi
* scsi: advansys: Fix kernel pointer leak
drivers/scsi/advansys.c
* usb: musb: tusb6010: check return value after calling platform_get_resource()
drivers/usb/musb/tusb6010.c
* scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
drivers/scsi/lpfc/lpfc_sli.c
* PCI/MSI: Destroy sysfs before freeing entries
drivers/pci/msi.c
* parisc/entry: fix trace test in syscall exit path
arch/parisc/kernel/entry.S
* net: mdio-mux: fix unbalanced put_device
drivers/net/phy/mdio-mux.c
* PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
include/uapi/linux/pci_regs.h
* mm, oom: do not trigger out_of_memory from the #PF
mm/oom_kill.c
* mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
mm/oom_kill.c
* powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
arch/powerpc/net/bpf_jit_comp64.c
* powerpc/bpf: Validate branch ranges
arch/powerpc/net/bpf_jit.h
arch/powerpc/net/bpf_jit_comp64.c
* ARM: 9156/1: drop cc-option fallbacks for architecture selection
arch/arm/Makefile
* USB: chipidea: fix interrupt deadlock
drivers/usb/chipidea/core.c
* vsock: prevent unnecessary refcnt inc for nonblocking connect
net/vmw_vsock/af_vsock.c
* nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
drivers/nfc/pn533/pn533.c
* llc: fix out-of-bound array index in llc_sk_dev_hash()
include/net/llc.h
* mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
mm/zsmalloc.c
* bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
drivers/net/bonding/bond_sysfs_slave.c
* ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
drivers/acpi/pmic/intel_pmic.c
* net: davinci_emac: Fix interrupt pacing disable
drivers/net/ethernet/ti/davinci_emac.c
* xen-pciback: Fix return in pm_ctrl_init()
drivers/xen/xen-pciback/conf_space_capability.c
* i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
drivers/i2c/busses/i2c-xlr.c
* scsi: qla2xxx: Turn off target reset during issue_lip
drivers/scsi/qla2xxx/qla_gbl.h
drivers/scsi/qla2xxx/qla_mr.c
drivers/scsi/qla2xxx/qla_os.c
* watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
drivers/watchdog/f71808e_wdt.c
* m68k: set a default value for MEMORY_RESERVE
arch/m68k/Kconfig.machine
* dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
drivers/dma/dmaengine.h
* netfilter: nfnetlink_queue: fix OOB when mac header was cleared
net/netfilter/nfnetlink_queue.c
* auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
drivers/auxdisplay/img-ascii-lcd.c
* dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
drivers/dma/at_xdmac.c
* mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
drivers/mtd/spi-nor/hisi-sfc.c
* fs: orangefs: fix error return code of orangefs_revalidate_lookup()
fs/orangefs/dcache.c
* PCI: aardvark: Don't spam about PIO Response Status
drivers/pci/host/pci-aardvark.c
* drm/plane-helper: fix uninitialized variable reference
drivers/gpu/drm/drm_plane_helper.c
* pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
fs/nfs/flexfilelayout/flexfilelayoutdev.c
fs/nfs/pnfs_nfs.c
* power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
drivers/power/supply/bq27xxx_battery_i2c.c
* serial: xilinx_uartps: Fix race condition causing stuck TX
drivers/tty/serial/xilinx_uartps.c
* RDMA/mlx4: Return missed an error if device doesn't support steering
drivers/infiniband/hw/mlx4/qp.c
* scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
drivers/scsi/csiostor/csio_lnode.c
* power: supply: rt5033_battery: Change voltage values to µV
drivers/power/supply/rt5033_battery.c
* usb: gadget: hid: fix error code in do_config()
drivers/usb/gadget/legacy/hid.c
* serial: 8250_dw: Drop wrong use of ACPI_PTR()
drivers/tty/serial/8250/8250_dw.c
* video: fbdev: chipsfb: use memset_io() instead of memset()
drivers/video/fbdev/chipsfb.c
* memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
drivers/memory/fsl_ifc.c
* soc/tegra: Fix an error handling path in tegra_powergate_power_up()
drivers/soc/tegra/pmc.c
* arm: dts: omap3-gta04a4: accelerometer irq fix
arch/arm/boot/dts/omap3-gta04.dtsi
* JFS: fix memleak in jfs_mount
fs/jfs/jfs_mount.c
* MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
arch/mips/Kconfig
* scsi: dc395: Fix error case unwinding
drivers/scsi/dc395x.c
* ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
drivers/irqchip/irq-s3c24xx.c
* RDMA/rxe: Fix wrong port_cap_flags
drivers/infiniband/sw/rxe/rxe_param.h
* crypto: pcrypt - Delay write to padata->info
crypto/pcrypt.c
* libertas: Fix possible memory leak in probe and disconnect
drivers/net/wireless/marvell/libertas/if_usb.c
* libertas_tf: Fix possible memory leak in probe and disconnect
drivers/net/wireless/marvell/libertas_tf/if_usb.c
* samples/kretprobes: Fix return value if register_kretprobe() failed
samples/kprobes/kretprobe_example.c
* irq: mips: avoid nested irq_enter()
drivers/irqchip/irq-bcm6345-l1.c
* s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
arch/s390/mm/gmap.c
* smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
security/smack/smackfs.c
* phy: micrel: ksz8041nl: do not use power down mode
drivers/net/phy/micrel.c
* mwifiex: Send DELBA requests according to spec
drivers/net/wireless/marvell/mwifiex/11n.c
* platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
drivers/platform/x86/thinkpad_acpi.c
* mmc: mxs-mmc: disable regulator on error and in the remove function
drivers/mmc/host/mxs-mmc.c
* net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
net/core/stream.c
* drm/msm: uninitialized variable in msm_gem_import()
drivers/gpu/drm/msm/msm_gem.c
* ath10k: fix max antenna gain unit
drivers/net/wireless/ath/ath10k/mac.c
drivers/net/wireless/ath/ath10k/wmi.h
* hwmon: Fix possible memleak in __hwmon_device_register()
drivers/hwmon/hwmon.c
* memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
drivers/memstick/host/jmb38x_ms.c
* memstick: avoid out-of-range warning
drivers/memstick/core/ms_block.c
* b43: fix a lower bounds test
drivers/net/wireless/broadcom/b43/phy_g.c
* b43legacy: fix a lower bounds test
drivers/net/wireless/broadcom/b43legacy/radio.c
* crypto: qat - disregard spurious PFVF interrupts
drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
drivers/crypto/qat/qat_common/adf_vf_isr.c
* crypto: qat - detect PFVF collision after ACK
drivers/crypto/qat/qat_common/adf_pf2vf_msg.c
* ath9k: Fix potential interrupt storm on queue reset
drivers/net/wireless/ath/ath9k/main.c
* cpuidle: Fix kobject memory leaks in error paths
drivers/cpuidle/sysfs.c
* media: si470x: Avoid card name truncation
drivers/media/radio/si470x/radio-si470x-i2c.c
drivers/media/radio/si470x/radio-si470x-usb.c
* media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
drivers/media/platform/mtk-vpu/mtk_vpu.c
* media: dvb-usb: fix ununit-value in az6027_rc_query
drivers/media/usb/dvb-usb/az6027.c
* cgroup: Make rebind_subsystems() disable v2 controllers all at once
kernel/cgroup.c
* parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
arch/parisc/kernel/smp.c
* parisc: fix warning in flush_tlb_all
arch/parisc/mm/init.c
* spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
drivers/spi/spi-bcm-qspi.c
* ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
arch/arm/mm/Kconfig
* ARM: clang: Do not rely on lr register for stacktrace
arch/arm/kernel/stacktrace.c
* smackfs: use __GFP_NOFAIL for smk_cipso_doi()
security/smack/smackfs.c
* iwlwifi: mvm: disable RX-diversity in powersave
drivers/net/wireless/intel/iwlwifi/mvm/utils.c
* PM: hibernate: Get block device exclusively in swsusp_check()
kernel/power/swap.c
* mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
drivers/net/wireless/marvell/mwl8k.c
* tracing/cfi: Fix cmp_entries_* functions signature mismatch
kernel/trace/tracing_map.c
* lib/xz: Validate the value before assigning it to an enum variable
lib/xz/xz_dec_stream.c
* lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/decompress_unxz.c
lib/xz/xz_dec_lzma2.c
* memstick: r592: Fix a UAF bug when removing the driver
drivers/memstick/host/r592.c
* ACPI: battery: Accept charges over the design capacity as full
drivers/acpi/battery.c
* ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
drivers/net/wireless/ath/dfs_pattern_detector.c
* tracefs: Have tracefs directories not set OTH permission bits by default
fs/tracefs/inode.c
* media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
drivers/media/usb/dvb-usb/dibusb-common.c
* ACPICA: Avoid evaluating methods too early during system resume
drivers/acpi/acpica/acglobal.h
drivers/acpi/acpica/hwesleep.c
drivers/acpi/acpica/hwsleep.c
drivers/acpi/acpica/hwxfsleep.c
* ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
arch/ia64/Kconfig.debug
* media: mceusb: return without resubmitting URB in case of -EPROTO error.
drivers/media/rc/mceusb.c
* media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
drivers/media/platform/s5p-mfc/s5p_mfc.c
* media: uvcvideo: Set capability in s_param
drivers/media/usb/uvc/uvc_v4l2.c
* media: netup_unidvb: handle interrupt properly according to the firmware
drivers/media/pci/netup_unidvb/netup_unidvb_core.c
* media: mt9p031: Fix corrupted frame after restarting stream
drivers/media/i2c/mt9p031.c
* x86: Increase exception stack sizes
arch/x86/include/asm/page_64_types.h
* smackfs: Fix use-after-free in netlbl_catmap_walk()
security/smack/smackfs.c
* locking/lockdep: Avoid RCU-induced noinstr fail
kernel/locking/lockdep.c
* MIPS: lantiq: dma: reset correct number of channel
arch/mips/lantiq/xway/dma.c
* MIPS: lantiq: dma: add small delay after reset
arch/mips/lantiq/xway/dma.c
* platform/x86: wmi: do not fail if disabling fails
drivers/platform/x86/wmi.c
* Bluetooth: fix use-after-free error in lock_sock_nested()
net/bluetooth/l2cap_sock.c
* Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
net/bluetooth/sco.c
* USB: iowarrior: fix control-message timeouts
drivers/usb/misc/iowarrior.c
* USB: serial: keyspan: fix memleak on probe errors
drivers/usb/serial/keyspan.c
* iio: dac: ad5446: Fix ad5622_write() return value
drivers/iio/dac/ad5446.c
* quota: correct error number in free_dqentry()
fs/quota/quota_tree.c
* quota: check block number when reading the block in quota file
fs/quota/quota_tree.c
* PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
drivers/pci/host/pci-aardvark.c
* ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
sound/core/oss/mixer_oss.c
* ALSA: mixer: oss: Fix racy access to slots
sound/core/oss/mixer_oss.c
* serial: core: Fix initializing and restoring termios speed
drivers/tty/serial/serial_core.c
include/linux/console.h
* powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
arch/powerpc/platforms/85xx/mpc85xx_pm_ops.c
* power: supply: max17042_battery: use VFSOC for capacity when no rsns
drivers/power/supply/max17042_battery.c
* power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
drivers/power/supply/max17042_battery.c
* signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
arch/mips/kernel/r2300_fpu.S
arch/mips/kernel/syscall.c
* signal: Remove the bogus sigkill_pending in ptrace_stop
kernel/signal.c
* RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
drivers/infiniband/hw/qedr/verbs.c
* wcn36xx: handle connection loss indication
drivers/net/wireless/ath/wcn36xx/smd.c
* mwifiex: Read a PCI register after writing the TX ring write pointer
drivers/net/wireless/marvell/mwifiex/pcie.c
* wcn36xx: Fix HT40 capability for 2Ghz band
drivers/net/wireless/ath/wcn36xx/main.c
* evm: mark evm_fixmode as __ro_after_init
security/integrity/evm/evm_main.c
* rtl8187: fix control-message timeouts
drivers/net/wireless/realtek/rtl818x/rtl8187/rtl8225.c
* PCI: Mark Atheros QCA6174 to avoid bus reset
drivers/pci/quirks.c
* ath6kl: fix control-message timeout
drivers/net/wireless/ath/ath6kl/usb.c
* ath6kl: fix division by zero in send path
drivers/net/wireless/ath/ath6kl/usb.c
* mwifiex: fix division by zero in fw download path
drivers/net/wireless/marvell/mwifiex/usb.c
* EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
drivers/edac/sb_edac.c
* regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
Documentation/devicetree/bindings/regulator/samsung,s5m8767.txt
* regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
Documentation/devicetree/bindings/regulator/samsung,s5m8767.txt
drivers/regulator/s5m8767.c
* hwmon: (pmbus/lm25066) Add offset coefficients
drivers/hwmon/pmbus/lm25066.c
* btrfs: fix lost error handling when replaying directory deletes
fs/btrfs/tree-log.c
* vmxnet3: do not stop tx queues after netif_device_detach()
drivers/net/vmxnet3/vmxnet3_drv.c
* watchdog: Fix OMAP watchdog early handling
drivers/watchdog/omap_wdt.c
* spi: spl022: fix Microwire full duplex mode
drivers/spi/spi-pl022.c
* xen/netfront: stop tx queues during live migration
drivers/net/xen-netfront.c
* bpf: Prevent increasing bpf_jit_limit above max
include/linux/filter.h
kernel/bpf/core.c
net/core/sysctl_net_core.c
* mmc: winbond: don't build on M68K
drivers/mmc/host/Kconfig
* hyperv/vmbus: include linux/bitops.h
drivers/hv/hyperv_vmbus.h
* sfc: Don't use netif_info before net_device setup
drivers/net/ethernet/sfc/ptp.c
drivers/net/ethernet/sfc/siena_sriov.c
* x86/irq: Ensure PI wakeup handler is unregistered before module unload
arch/x86/kernel/irq.c
* ALSA: timer: Unconditionally unlink slave instances, too
sound/core/timer.c
* ALSA: timer: Fix use-after-free problem
sound/core/timer.c
* ALSA: synth: missing check for possible NULL after the call to kstrdup
sound/synth/emux/emux.c
* ALSA: line6: fix control and interrupt message timeouts
sound/usb/line6/driver.c
sound/usb/line6/driver.h
sound/usb/line6/podhd.c
sound/usb/line6/toneport.c
* ALSA: 6fire: fix control and bulk message timeouts
sound/usb/6fire/comm.c
sound/usb/6fire/firmware.c
* ALSA: ua101: fix division by zero at probe
sound/usb/misc/ua101.c
* media: ite-cir: IR receiver stop working after receive overflow
drivers/media/rc/ite-cir.c
* parisc: Fix ptrace check on syscall return
arch/parisc/kernel/entry.S
* mmc: dw_mmc: Dont wait for DRTO on Write RSP error
drivers/mmc/host/dw_mmc.c
* ocfs2: fix data corruption on truncate
fs/ocfs2/file.c
* libata: fix read log timeout value
drivers/ata/libata-eh.c
include/linux/libata.h
* Input: i8042 - Add quirk for Fujitsu Lifebook T725
drivers/input/serio/i8042-x86ia64io.h
* Input: elantench - fix misreporting trackpoint coordinates
drivers/input/mouse/elantech.c
* xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
drivers/usb/host/xhci-hub.c
* binder: use cred instead of task for selinux checks
drivers/android/binder.c
include/linux/lsm_hooks.h
include/linux/security.h
security/security.c
security/selinux/hooks.c
* binder: use euid from cred instead of using task
drivers/android/binder.c
* ANDROID: arm64: process: Match upstream formatting when dumping memory areas
arch/arm64/kernel/process.c
* FROMGIT: binder: fix test regression due to sender_euid change
drivers/android/binder.c
* BACKPORT: binder: use cred instead of task for selinux checks
drivers/android/binder.c
include/linux/lsm_hooks.h
include/linux/security.h
security/security.c
security/selinux/hooks.c
* UPSTREAM: binder: use euid from cred instead of using task
drivers/android/binder.c
Merge 4.9.290 into android-4.9-q
Linux 4.9.290
* rsi: fix control-message timeout
drivers/net/wireless/rsi/rsi_91x_usb.c
* staging: rtl8192u: fix control-message timeouts
drivers/staging/rtl8192u/r8192U_core.c
* staging: r8712u: fix control-message timeout
drivers/staging/rtl8712/usb_ops_linux.c
* comedi: vmk80xx: fix bulk and interrupt message timeouts
drivers/staging/comedi/drivers/vmk80xx.c
* comedi: vmk80xx: fix bulk-buffer overflow
drivers/staging/comedi/drivers/vmk80xx.c
* comedi: vmk80xx: fix transfer-buffer overflows
drivers/staging/comedi/drivers/vmk80xx.c
* comedi: ni_usb6501: fix NULL-deref in command paths
drivers/staging/comedi/drivers/ni_usb6501.c
* comedi: dt9812: fix DMA buffers on stack
drivers/staging/comedi/drivers/dt9812.c
* isofs: Fix out of bound access for corrupted isofs image
fs/isofs/inode.c
* printk/console: Allow to disable console output by using console="" or console=null
kernel/printk/printk.c
* usb-storage: Add compatibility quirk flags for iODD 2531/2541
drivers/usb/storage/unusual_devs.h
* usb: musb: Balance list entry in musb_gadget_queue
drivers/usb/musb/musb_gadget.c
* usb: gadget: Mark USB_FSL_QE broken on 64-bit
drivers/usb/gadget/udc/Kconfig
* IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
drivers/infiniband/hw/qib/qib_user_sdma.c
* IB/qib: Use struct_size() helper
drivers/infiniband/hw/qib/qib_user_sdma.c
* Revert "x86/kvm: fix vcpu-id indexed array sizes"
arch/x86/kvm/ioapic.c
arch/x86/kvm/ioapic.h
* usb: hso: fix error handling code of hso_create_net_device
drivers/net/usb/hso.c
* net: hso: register netdev later to avoid a race condition
drivers/net/usb/hso.c
* ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
drivers/amba/bus.c
* arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
arch/arc/include/asm/pgtable.h
arch/arm/include/asm/pgtable-2level.h
arch/arm/include/asm/pgtable-3level.h
arch/mips/include/asm/pgtable-32.h
arch/powerpc/include/asm/pte-common.h
include/asm-generic/pgtable.h
* mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS
arch/x86/include/asm/pgtable-3level_types.h
mm/zsmalloc.c
* scsi: core: Put LLD module refcnt after SCSI device is released
drivers/scsi/scsi.c
drivers/scsi/scsi_sysfs.c
* UPSTREAM: security: selinux: allow per-file labeling for bpffs
security/selinux/hooks.c
Bug: 210364486
Change-Id: Ia31d19943f4638a9b2ac8122a4c8728a56e8aa0a
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Greg Kroah-Hartman
|
58fa83d959 |
Merge 4.9.291 into android-4.9-q
Changes in 4.9.291
binder: use euid from cred instead of using task
binder: use cred instead of task for selinux checks
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
Input: elantench - fix misreporting trackpoint coordinates
Input: i8042 - Add quirk for Fujitsu Lifebook T725
libata: fix read log timeout value
ocfs2: fix data corruption on truncate
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
parisc: Fix ptrace check on syscall return
media: ite-cir: IR receiver stop working after receive overflow
ALSA: ua101: fix division by zero at probe
ALSA: 6fire: fix control and bulk message timeouts
ALSA: line6: fix control and interrupt message timeouts
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: timer: Fix use-after-free problem
ALSA: timer: Unconditionally unlink slave instances, too
x86/irq: Ensure PI wakeup handler is unregistered before module unload
sfc: Don't use netif_info before net_device setup
hyperv/vmbus: include linux/bitops.h
mmc: winbond: don't build on M68K
bpf: Prevent increasing bpf_jit_limit above max
xen/netfront: stop tx queues during live migration
spi: spl022: fix Microwire full duplex mode
watchdog: Fix OMAP watchdog early handling
vmxnet3: do not stop tx queues after netif_device_detach()
btrfs: fix lost error handling when replaying directory deletes
hwmon: (pmbus/lm25066) Add offset coefficients
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
mwifiex: fix division by zero in fw download path
ath6kl: fix division by zero in send path
ath6kl: fix control-message timeout
PCI: Mark Atheros QCA6174 to avoid bus reset
rtl8187: fix control-message timeouts
evm: mark evm_fixmode as __ro_after_init
wcn36xx: Fix HT40 capability for 2Ghz band
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: handle connection loss indication
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
signal: Remove the bogus sigkill_pending in ptrace_stop
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
power: supply: max17042_battery: use VFSOC for capacity when no rsns
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
serial: core: Fix initializing and restoring termios speed
ALSA: mixer: oss: Fix racy access to slots
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
quota: check block number when reading the block in quota file
quota: correct error number in free_dqentry()
iio: dac: ad5446: Fix ad5622_write() return value
USB: serial: keyspan: fix memleak on probe errors
USB: iowarrior: fix control-message timeouts
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
Bluetooth: fix use-after-free error in lock_sock_nested()
platform/x86: wmi: do not fail if disabling fails
MIPS: lantiq: dma: add small delay after reset
MIPS: lantiq: dma: reset correct number of channel
locking/lockdep: Avoid RCU-induced noinstr fail
smackfs: Fix use-after-free in netlbl_catmap_walk()
x86: Increase exception stack sizes
media: mt9p031: Fix corrupted frame after restarting stream
media: netup_unidvb: handle interrupt properly according to the firmware
media: uvcvideo: Set capability in s_param
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: mceusb: return without resubmitting URB in case of -EPROTO error.
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
ACPICA: Avoid evaluating methods too early during system resume
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
tracefs: Have tracefs directories not set OTH permission bits by default
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
ACPI: battery: Accept charges over the design capacity as full
memstick: r592: Fix a UAF bug when removing the driver
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/xz: Validate the value before assigning it to an enum variable
tracing/cfi: Fix cmp_entries_* functions signature mismatch
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
PM: hibernate: Get block device exclusively in swsusp_check()
iwlwifi: mvm: disable RX-diversity in powersave
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
ARM: clang: Do not rely on lr register for stacktrace
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
parisc: fix warning in flush_tlb_all
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
cgroup: Make rebind_subsystems() disable v2 controllers all at once
media: dvb-usb: fix ununit-value in az6027_rc_query
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: si470x: Avoid card name truncation
cpuidle: Fix kobject memory leaks in error paths
ath9k: Fix potential interrupt storm on queue reset
crypto: qat - detect PFVF collision after ACK
crypto: qat - disregard spurious PFVF interrupts
b43legacy: fix a lower bounds test
b43: fix a lower bounds test
memstick: avoid out-of-range warning
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
hwmon: Fix possible memleak in __hwmon_device_register()
ath10k: fix max antenna gain unit
drm/msm: uninitialized variable in msm_gem_import()
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
mmc: mxs-mmc: disable regulator on error and in the remove function
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mwifiex: Send DELBA requests according to spec
phy: micrel: ksz8041nl: do not use power down mode
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
irq: mips: avoid nested irq_enter()
samples/kretprobes: Fix return value if register_kretprobe() failed
libertas_tf: Fix possible memory leak in probe and disconnect
libertas: Fix possible memory leak in probe and disconnect
crypto: pcrypt - Delay write to padata->info
RDMA/rxe: Fix wrong port_cap_flags
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
scsi: dc395: Fix error case unwinding
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
JFS: fix memleak in jfs_mount
arm: dts: omap3-gta04a4: accelerometer irq fix
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
video: fbdev: chipsfb: use memset_io() instead of memset()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
usb: gadget: hid: fix error code in do_config()
power: supply: rt5033_battery: Change voltage values to µV
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
RDMA/mlx4: Return missed an error if device doesn't support steering
serial: xilinx_uartps: Fix race condition causing stuck TX
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
drm/plane-helper: fix uninitialized variable reference
PCI: aardvark: Don't spam about PIO Response Status
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
m68k: set a default value for MEMORY_RESERVE
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
scsi: qla2xxx: Turn off target reset during issue_lip
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
xen-pciback: Fix return in pm_ctrl_init()
net: davinci_emac: Fix interrupt pacing disable
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
llc: fix out-of-bound array index in llc_sk_dev_hash()
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
vsock: prevent unnecessary refcnt inc for nonblocking connect
USB: chipidea: fix interrupt deadlock
ARM: 9156/1: drop cc-option fallbacks for architecture selection
powerpc/bpf: Validate branch ranges
powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
mm, oom: do not trigger out_of_memory from the #PF
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
net: mdio-mux: fix unbalanced put_device
parisc/entry: fix trace test in syscall exit path
PCI/MSI: Destroy sysfs before freeing entries
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
usb: musb: tusb6010: check return value after calling platform_get_resource()
scsi: advansys: Fix kernel pointer leak
ARM: dts: omap: fix gpmc,mux-add-data type
usb: host: ohci-tmio: check return value after calling platform_get_resource()
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
MIPS: sni: Fix the build
scsi: target: Fix ordered tag handling
scsi: target: Fix alua_tg_pt_gps_count tracking
powerpc/5200: dts: fix memory node unit name
ALSA: gus: fix null pointer dereference on pointer block
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
sh: check return code of request_irq
maple: fix wrong return value of maple_bus_init().
sh: fix kconfig unmet dependency warning for FRAME_POINTER
sh: define __BIG_ENDIAN for math-emu
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
net: bnx2x: fix variable dereferenced before check
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
mips: bcm63xx: add support for clk_get_parent()
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
NFC: reorganize the functions in nci_request
NFC: reorder the logic in nfc_{un,}register_device
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
tun: fix bonding active backup with arp monitoring
hexagon: export raw I/O routines for modules
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
btrfs: fix memory ordering between normal and ordered work functions
parisc/sticon: fix reverse colors
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
drm/udl: fix control-message timeout
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
batman-adv: Keep fragments equally sized
batman-adv: Fix own OGM check in aggregated OGMs
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
batman-adv: Consider fragmentation for needed_headroom
batman-adv: Reserve needed_*room for fragments
batman-adv: Don't always reallocate the fragmentation skb head
ASoC: DAPM: Cover regression by kctl change notification fix
usb: max-3421: Use driver data instead of maintaining a list of bound devices
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
Linux 4.9.291
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I23d798c10aebab1e51add60ccb34a8b289d49a4d
|
||
|
Tetsuo Handa
|
a269586a03 |
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
[ Upstream commit 0934ad42bb2c5df90a1b9de690f93de735b622fe ]
syzbot is reporting UAF at cipso_v4_doi_search() [1], for smk_cipso_doi()
is calling kfree() without removing from the cipso_v4_doi_list list after
netlbl_cfg_cipsov4_map_add() returned an error. We need to use
netlbl_cfg_cipsov4_del() in order to remove from the list and wait for
RCU grace period before kfree().
Link: https://syzkaller.appspot.com/bug?extid=93dba5b91f0fed312cbd [1]
Reported-by: syzbot <syzbot+93dba5b91f0fed312cbd@syzkaller.appspotmail.com>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Fixes:
|
||
|
Tetsuo Handa
|
5e44e73d09 |
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
[ Upstream commit f91488ee15bd3cac467e2d6a361fc2d34d1052ae ] syzbot is reporting kernel panic at smk_cipso_doi() due to memory allocation fault injection [1]. The reason for need to use panic() was not explained. But since no fix was proposed for 18 months, for now let's use __GFP_NOFAIL for utilizing syzbot resource on other bugs. Link: https://syzkaller.appspot.com/bug?extid=89731ccb6fec15ce1c22 [1] Reported-by: syzbot <syzbot+89731ccb6fec15ce1c22@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Pawan Gupta
|
7e175e3272 |
smackfs: Fix use-after-free in netlbl_catmap_walk()
[ Upstream commit 0817534ff9ea809fac1322c5c8c574be8483ea57 ] Syzkaller reported use-after-free bug as described in [1]. The bug is triggered when smk_set_cipso() tries to free stale category bitmaps while there are concurrent reader(s) using the same bitmaps. Wait for RCU grace period to finish before freeing the category bitmaps in smk_set_cipso(). This makes sure that there are no more readers using the stale bitmaps and freeing them should be safe. [1] https://lore.kernel.org/netdev/000000000000a814c505ca657a4e@google.com/ Reported-by: syzbot+3f91de0b813cc3d19a80@syzkaller.appspotmail.com Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Austin Kim
|
a5907f337b |
evm: mark evm_fixmode as __ro_after_init
commit 32ba540f3c2a7ef61ed5a577ce25069a3d714fc9 upstream. The evm_fixmode is only configurable by command-line option and it is never modified outside initcalls, so declaring it with __ro_after_init is better. Signed-off-by: Austin Kim <austin.kim@lge.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Todd Kjos
|
22d4a6dace |
binder: use cred instead of task for selinux checks
commit 52f88693378a58094c538662ba652aff0253c4fe upstream.
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.
Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.
Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes:
|
||
|
Todd Kjos
|
a69d9cd3d4 |
BACKPORT: binder: use cred instead of task for selinux checks
commit 52f88693378a58094c538662ba652aff0253c4fe upstream.
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.
Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.
Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes:
|
||
|
Connor O'Brien
|
09db023b40 |
UPSTREAM: security: selinux: allow per-file labeling for bpffs
Add support for genfscon per-file labeling of bpffs files. This allows for separate permissions for different pinned bpf objects, which may be completely unrelated to each other. Signed-off-by: Connor O'Brien <connoro@google.com> Signed-off-by: Steven Moreland <smoreland@google.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> (cherry picked from commit 4ca54d3d3022ce27170b50e4bdecc3a42f05dbdc) [which is v5.6-rc1-10-g4ca54d3d3022 and thus already included in 5.10] Bug: 200440527 Change-Id: I8234b9047f29981b8140bd81bb2ff070b3b0b843 (cherry picked from commit d52ac987ad2ae16ff313d7fb6185bc412cb221a4) |
||
|
Wilson Sung
|
fa8bc31678 |
Merge android-4.9-q (4.9.284) into android-msm-pixel-4.9-sc-lts
Merge 4.9.284 into android-4.9-q
Linux 4.9.284
* sctp: validate from_addr_param return
include/net/sctp/structs.h
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
ceph: lockdep annotations for try_nonblocking_invalidate
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
* dmaengine: ioat: depends on !UML
drivers/dma/Kconfig
parisc: Move pci_dev_is_behind_card_dino to where it is used
pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered
* profiling: fix shift-out-of-bounds bugs
kernel/profile.c
* prctl: allow to setup brk for et_dyn executables
kernel/sys.c
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
sctp: validate chunk size in __rcv_asconf_lookup
* staging: android: ion: fix page is NULL
drivers/staging/android/ion/ion_system_heap.c
crypto: talitos - fix max key size for sha384 and sha512
* PM / wakeirq: Fix unbalanced IRQ enable for wakeirq
drivers/base/power/wakeirq.c
s390/bpf: Fix optimizing out zero-extensions
Merge 4.9.283 into android-4.9-q
Linux 4.9.283
s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
net: renesas: sh_eth: Fix freeing wrong tx descriptor
qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
net: dsa: b53: Fix calculating number of switch ports
ARC: export clear_user_page() for modules
mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
* PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
include/linux/pci.h
ethtool: Fix an error code in cxgb2.c
net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
mfd: Don't use irq_create_mapping() to resolve a mapping
dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
* tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
net/ipv4/tcp_input.c
* net/af_unix: fix a data-race in unix_dgram_poll
include/linux/skbuff.h
net/unix/af_unix.c
* events: Reuse value read using READ_ONCE instead of re-reading it
kernel/events/core.c
tipc: increase timeout in tipc_sk_enqueue()
r6040: Restore MDIO clock frequency after MAC reset
* net/l2tp: Fix reference count leak in l2tp_udp_recv_core
net/l2tp/l2tp_core.c
dccp: don't duplicate ccid when cloning dccp sock
ptp: dp83640: don't define PAGE0
net-caif: avoid user-triggerable WARN_ON(1)
bnx2x: Fix enabling network interfaces without VFs
xen: reset legacy rtc flag for PV domU
platform/chrome: cros_ec_proto: Send command again when timeout occurs
memcg: enable accounting for pids in nested pid namespaces
* mm/hugetlb: initialize hugetlb_usage in mm_init
include/linux/hugetlb.h
kernel/fork.c
scsi: BusLogic: Fix missing pr_cont() use
parisc: fix crash with signals and alloca
net: w5100: check return value after calling platform_get_resource()
* net: fix NULL pointer reference in cipso_v4_doi_free
net/netlabel/netlabel_cipso_v4.c
ath9k: fix sleeping in atomic context
ath9k: fix OOB read ar9300_eeprom_restore_internal
parport: remove non-zero check on count
usbip: give back URBs for unsent unlink requests during cleanup
* Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
drivers/usb/host/xhci.c
cifs: fix wrong release in sess_alloc_buffer() failed path
mmc: rtsx_pci: Fix long reads when clock is prescaled
gfs2: Don't call dlm after protocol is unmounted
rpc: fix gss_svc_init cleanup on failure
ARM: tegra: tamonten: Fix UART pad setting
gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
* Bluetooth: avoid circular locks in sco_sock_connect
net/bluetooth/sco.c
net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
* Bluetooth: skip invalid hci_sync_conn_complete_evt
net/bluetooth/hci_event.c
ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
staging: ks7010: Fix the initialization of the 'sleep_status' structure
serial: 8250_pci: make setup_port() parameters explicitly unsigned
hvsi: don't panic on tty_register_driver failure
xtensa: ISS: don't panic in rs_init
serial: 8250: Define RX trigger levels for OxSemi 950 devices
s390/jump_label: print real address in a case of a jump label bug
* flow_dissector: Fix out-of-bounds warnings
net/core/flow_dissector.c
* ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
net/ipv4/ip_output.c
video: fbdev: riva: Error out if 'pixclock' equals zero
video: fbdev: kyro: Error out if 'pixclock' equals zero
video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
bpf/tests: Do not PASS tests without actually testing the result
bpf/tests: Fix copy-and-paste error in double word test
tty: serial: jsm: hold port lock when reporting modem line changes
staging: board: Fix uninitialized spinlock when attaching genpd
* usb: gadget: composite: Allow bMaxPower=0 if self-powered
drivers/usb/gadget/composite.c
* usb: gadget: u_ether: fix a potential null pointer dereference
drivers/usb/gadget/function/u_ether.c
usb: host: fotg210: fix the actual_length of an iso packet
usb: host: fotg210: fix the endpoint's transactional opportunities calculation
* Smack: Fix wrong semantics in smk_access_entry()
security/smack/smack_access.c
* netlink: Deal with ESRCH error in nlmsg_notify()
net/netlink/af_netlink.c
video: fbdev: kyro: fix a DoS bug by restricting user input
iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
* PCI: Use pci_update_current_state() in pci_enable_device_flags()
drivers/pci/pci.c
crypto: mxs-dcp - Use sg_mapping_iter to copy data
MIPS: Malta: fix alignment of the devicetree buffer
pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
openrisc: don't printk() unconditionally
* vfio: Use config not menuconfig for VFIO_NOIOMMU
drivers/vfio/Kconfig
* PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
drivers/pci/syscall.c
* PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
drivers/pci/quirks.c
ARM: 9105/1: atags_to_fdt: don't warn about stack size
libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
media: rc-loopback: return number of emitters rather than error
media: uvc: don't do DMA on stack
VMCI: fix NULL pointer dereference when unmapping queue pair
power: supply: max17042: handle fails of reading status register
crypto: public_key: fix overflow during implicit conversion
xen: fix setting of max_pfn in shared_info
powerpc/perf/hv-gpci: Fix counter value parsing
* PCI/MSI: Skip masking MSI-X on Xen PV
drivers/pci/msi.c
rtc: tps65910: Correct driver module alias
* fbmem: don't allow too huge resolutions
drivers/video/fbdev/core/fbmem.c
clk: kirkwood: Fix a clocking boot regression
IMA: remove -Wmissing-prototypes warning
KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
* tty: Fix data race between tiocsti() and flush_to_ldisc()
drivers/tty/tty_io.c
* ipv4: make exception cache less predictible
net/ipv4/route.c
bcma: Fix memory leak for internally-handled cores
ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
i2c: mt65xx: fix IRQ check
CIFS: Fix a potencially linear read overflow
mmc: moxart: Fix issue with uninitialized dma_slave_config
mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
i2c: s3c2410: fix IRQ check
i2c: iop3xx: fix deferred probing
* Bluetooth: add timeout sanity check to hci_inquiry
net/bluetooth/hci_core.c
usb: gadget: mv_u3d: request_irq() after initializing UDC
usb: phy: tahvo: add IRQ check
usb: host: ohci-tmio: add IRQ check
* Bluetooth: Move shutdown callback before flushing tx and rx queue
net/bluetooth/hci_core.c
usb: phy: twl6030: add IRQ checks
usb: phy: fsl-usb: add IRQ check
usb: gadget: udc: at91: add IRQ check
drm/msm/dsi: Fix some reference counted resource leaks
* Bluetooth: fix repeated calls to sco_sock_kill
net/bluetooth/sco.c
arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
soc: qcom: smsm: Fix missed interrupts if state changes while masked
* PCI: PM: Enable PME if it can be signaled from D3cold
drivers/pci/pci.c
i2c: highlander: add IRQ check
* net: cipso: fix warnings in netlbl_cipsov4_add_std
net/netlabel/netlabel_cipso_v4.c
* tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
net/ipv4/tcp_ipv4.c
* Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
net/bluetooth/sco.c
media: go7007: remove redundant initialization
media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
* certs: Trigger creation of RSA module signing key if it's not an RSA key
certs/Makefile
crypto: qat - use proper type for vf_mask
spi: spi-pic32: Fix issue with uninitialized dma_slave_config
m68k: emu: Fix invalid free in nfeth_cleanup()
udf_get_extendedattr() had no boundary checks.
crypto: qat - do not export adf_iov_putmsg()
crypto: qat - fix naming for init/shutdown VF to PF notifications
crypto: qat - fix reuse of completion variable
crypto: qat - handle both source of interrupt in VF ISR
crypto: qat - do not ignore errors from enable_vf2pf_comms()
libata: fix ata_host_start()
power: supply: max17042_battery: fix typo in MAx17042_TOFF
udf: Check LVID earlier
crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors
crypto: mxs-dcp - Check for DMA mapping errors
* regmap: fix the offset of register error log
drivers/base/regmap/regmap.c
* PCI: Call Max Payload Size-related fixup quirks early
drivers/pci/quirks.c
x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
Revert "btrfs: compression: don't try to compress if we don't have enough pages"
* mm/page_alloc: speed up the iteration of max_order
mm/page_alloc.c
net: ll_temac: Remove left-over debug message
powerpc/boot: Delete unneeded .globl _zimage_start
powerpc/module64: Fix comment in R_PPC64_ENTRY handling
crypto: talitos - reduce max key size for SEC1
mm/kmemleak.c: make cond_resched() rate-limiting more efficient
s390/disassembler: correct disassembly lines alignment
* ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
net/ipv4/icmp.c
gfs2: Don't clear SGID when inheriting ACLs
nvme-pci: Fix an error handling path in 'nvme_probe()'
tc358743: fix register i2c_rd/wr function fix
* PM / wakeirq: Enable dedicated wakeirq for suspend
drivers/base/power/wakeirq.c
net/sched: cls_flower: Use mask for addr_type
USB: serial: mos7720: improve OOM-handling in read_mos_reg()
usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled
* igmp: Add ip_mc_list lock in ip_check_mc_rcu
net/ipv4/igmp.c
media: stkwebcam: fix memory leak in stk_camera_probe
ath9k: Postpone key cache entry deletion for TXQ frames reference it
ath: Modify ath_key_delete() to not need full key entry
ath: Export ath_hw_keysetmac()
ath9k: Clear key cache explicitly on disabling hardware
ath: Use safer key clearing with key cache entries
* ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
sound/core/pcm_lib.c
ARM: 8918/2: only build return_address() if needed
* cryptoloop: add a deprecation warning
drivers/block/Kconfig
perf/x86/amd/ibs: Work around erratum #1197
qede: Fix memset corruption
qed: Fix the VF msix vectors flow
xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
mtd: nand: atmel_nand: remove build warning in atmel_nand_remove()
* ext4: fix race writing to an inline_data file while its xattrs are changing
fs/ext4/inline.c
Merge 4.9.282 into android-4.9-q
Linux 4.9.282
Revert "floppy: reintroduce O_NDELAY fix"
KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs
* fbmem: add margin check to fb_check_caps()
drivers/video/fbdev/core/fbmem.c
* vt_kdsetmode: extend console locking
drivers/tty/vt/vt_ioctl.c
net/rds: dma_map_sg is entitled to merge entries
vringh: Use wiov->used to check for read/write desc order
virtio: Improve vq->broken access to avoid any compiler optimization
net: marvell: fix MVNETA_TX_IN_PRGRS bit number
ip_gre: add validation for csum_start
e1000e: Fix the max snoop/no-snoop latency for 10M
IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs()
* usb: dwc3: gadget: Fix dwc3_calc_trbs_left()
drivers/usb/dwc3/gadget.c
USB: serial: option: add new VID/PID to support Fibocom FG150
Revert "USB: serial: ch341: fix character loss at high transfer rates"
can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters
ARC: Fix CONFIG_STACKDEPOT
Bug: 201722185
Change-Id: Ia09164e3bcbce03e2a295154246ba064c9c35795
Signed-off-by: Wilson Sung <wilsonsung@google.com>
|
||
|
Greg Kroah-Hartman
|
dc1c320e16 |
Merge 4.9.283 into android-4.9-q
Changes in 4.9.283 ext4: fix race writing to an inline_data file while its xattrs are changing mtd: nand: atmel_nand: remove build warning in atmel_nand_remove() xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG qed: Fix the VF msix vectors flow qede: Fix memset corruption perf/x86/amd/ibs: Work around erratum #1197 cryptoloop: add a deprecation warning ARM: 8918/2: only build return_address() if needed ALSA: pcm: fix divide error in snd_pcm_lib_ioctl ath: Use safer key clearing with key cache entries ath9k: Clear key cache explicitly on disabling hardware ath: Export ath_hw_keysetmac() ath: Modify ath_key_delete() to not need full key entry ath9k: Postpone key cache entry deletion for TXQ frames reference it media: stkwebcam: fix memory leak in stk_camera_probe igmp: Add ip_mc_list lock in ip_check_mc_rcu usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled USB: serial: mos7720: improve OOM-handling in read_mos_reg() net/sched: cls_flower: Use mask for addr_type PM / wakeirq: Enable dedicated wakeirq for suspend tc358743: fix register i2c_rd/wr function fix nvme-pci: Fix an error handling path in 'nvme_probe()' gfs2: Don't clear SGID when inheriting ACLs ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) s390/disassembler: correct disassembly lines alignment mm/kmemleak.c: make cond_resched() rate-limiting more efficient crypto: talitos - reduce max key size for SEC1 powerpc/module64: Fix comment in R_PPC64_ENTRY handling powerpc/boot: Delete unneeded .globl _zimage_start net: ll_temac: Remove left-over debug message mm/page_alloc: speed up the iteration of max_order Revert "btrfs: compression: don't try to compress if we don't have enough pages" x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions PCI: Call Max Payload Size-related fixup quirks early regmap: fix the offset of register error log crypto: mxs-dcp - Check for DMA mapping errors power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() udf: Check LVID earlier power: supply: max17042_battery: fix typo in MAx17042_TOFF libata: fix ata_host_start() crypto: qat - do not ignore errors from enable_vf2pf_comms() crypto: qat - handle both source of interrupt in VF ISR crypto: qat - fix reuse of completion variable crypto: qat - fix naming for init/shutdown VF to PF notifications crypto: qat - do not export adf_iov_putmsg() udf_get_extendedattr() had no boundary checks. m68k: emu: Fix invalid free in nfeth_cleanup() spi: spi-pic32: Fix issue with uninitialized dma_slave_config crypto: qat - use proper type for vf_mask certs: Trigger creation of RSA module signing key if it's not an RSA key media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init media: dvb-usb: fix uninit-value in vp702x_read_mac_addr media: go7007: remove redundant initialization Bluetooth: sco: prevent information leak in sco_conn_defer_accept() tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos net: cipso: fix warnings in netlbl_cipsov4_add_std i2c: highlander: add IRQ check PCI: PM: Enable PME if it can be signaled from D3cold soc: qcom: smsm: Fix missed interrupts if state changes while masked Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 Bluetooth: fix repeated calls to sco_sock_kill drm/msm/dsi: Fix some reference counted resource leaks usb: gadget: udc: at91: add IRQ check usb: phy: fsl-usb: add IRQ check usb: phy: twl6030: add IRQ checks Bluetooth: Move shutdown callback before flushing tx and rx queue usb: host: ohci-tmio: add IRQ check usb: phy: tahvo: add IRQ check usb: gadget: mv_u3d: request_irq() after initializing UDC Bluetooth: add timeout sanity check to hci_inquiry i2c: iop3xx: fix deferred probing i2c: s3c2410: fix IRQ check mmc: dw_mmc: Fix issue with uninitialized dma_slave_config mmc: moxart: Fix issue with uninitialized dma_slave_config CIFS: Fix a potencially linear read overflow i2c: mt65xx: fix IRQ check usb: ehci-orion: Handle errors of clk_prepare_enable() in probe ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() bcma: Fix memory leak for internally-handled cores ipv4: make exception cache less predictible tty: Fix data race between tiocsti() and flush_to_ldisc() KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted IMA: remove -Wmissing-prototypes warning clk: kirkwood: Fix a clocking boot regression fbmem: don't allow too huge resolutions rtc: tps65910: Correct driver module alias PCI/MSI: Skip masking MSI-X on Xen PV powerpc/perf/hv-gpci: Fix counter value parsing xen: fix setting of max_pfn in shared_info crypto: public_key: fix overflow during implicit conversion power: supply: max17042: handle fails of reading status register VMCI: fix NULL pointer dereference when unmapping queue pair media: uvc: don't do DMA on stack media: rc-loopback: return number of emitters rather than error libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs ARM: 9105/1: atags_to_fdt: don't warn about stack size PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure vfio: Use config not menuconfig for VFIO_NOIOMMU openrisc: don't printk() unconditionally pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() MIPS: Malta: fix alignment of the devicetree buffer crypto: mxs-dcp - Use sg_mapping_iter to copy data PCI: Use pci_update_current_state() in pci_enable_device_flags() iio: dac: ad5624r: Fix incorrect handling of an optional regulator. video: fbdev: kyro: fix a DoS bug by restricting user input netlink: Deal with ESRCH error in nlmsg_notify() Smack: Fix wrong semantics in smk_access_entry() usb: host: fotg210: fix the endpoint's transactional opportunities calculation usb: host: fotg210: fix the actual_length of an iso packet usb: gadget: u_ether: fix a potential null pointer dereference usb: gadget: composite: Allow bMaxPower=0 if self-powered staging: board: Fix uninitialized spinlock when attaching genpd tty: serial: jsm: hold port lock when reporting modem line changes bpf/tests: Fix copy-and-paste error in double word test bpf/tests: Do not PASS tests without actually testing the result video: fbdev: asiliantfb: Error out if 'pixclock' equals zero video: fbdev: kyro: Error out if 'pixclock' equals zero video: fbdev: riva: Error out if 'pixclock' equals zero ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() flow_dissector: Fix out-of-bounds warnings s390/jump_label: print real address in a case of a jump label bug serial: 8250: Define RX trigger levels for OxSemi 950 devices xtensa: ISS: don't panic in rs_init hvsi: don't panic on tty_register_driver failure serial: 8250_pci: make setup_port() parameters explicitly unsigned staging: ks7010: Fix the initialization of the 'sleep_status' structure ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() Bluetooth: skip invalid hci_sync_conn_complete_evt ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() Bluetooth: avoid circular locks in sco_sock_connect gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() ARM: tegra: tamonten: Fix UART pad setting rpc: fix gss_svc_init cleanup on failure gfs2: Don't call dlm after protocol is unmounted mmc: rtsx_pci: Fix long reads when clock is prescaled cifs: fix wrong release in sess_alloc_buffer() failed path Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" usbip: give back URBs for unsent unlink requests during cleanup parport: remove non-zero check on count ath9k: fix OOB read ar9300_eeprom_restore_internal ath9k: fix sleeping in atomic context net: fix NULL pointer reference in cipso_v4_doi_free net: w5100: check return value after calling platform_get_resource() parisc: fix crash with signals and alloca scsi: BusLogic: Fix missing pr_cont() use mm/hugetlb: initialize hugetlb_usage in mm_init memcg: enable accounting for pids in nested pid namespaces platform/chrome: cros_ec_proto: Send command again when timeout occurs xen: reset legacy rtc flag for PV domU bnx2x: Fix enabling network interfaces without VFs net-caif: avoid user-triggerable WARN_ON(1) ptp: dp83640: don't define PAGE0 dccp: don't duplicate ccid when cloning dccp sock net/l2tp: Fix reference count leak in l2tp_udp_recv_core r6040: Restore MDIO clock frequency after MAC reset tipc: increase timeout in tipc_sk_enqueue() events: Reuse value read using READ_ONCE instead of re-reading it net/af_unix: fix a data-race in unix_dgram_poll tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() x86/mm: Fix kern_addr_valid() to cope with existing but not present entries dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation mfd: Don't use irq_create_mapping() to resolve a mapping net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 ethtool: Fix an error code in cxgb2.c PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' ARC: export clear_user_page() for modules net: dsa: b53: Fix calculating number of switch ports qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom net: renesas: sh_eth: Fix freeing wrong tx descriptor s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant Linux 4.9.283 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9e2017cce36805d71566ea1f265974a43bae33d1 |
||
|
Tianjia Zhang
|
687a0bffec |
Smack: Fix wrong semantics in smk_access_entry()
[ Upstream commit 6d14f5c7028eea70760df284057fe198ce7778dd ] In the smk_access_entry() function, if no matching rule is found in the rust_list, a negative error code will be used to perform bit operations with the MAY_ enumeration value. This is semantically wrong. This patch fixes this issue. Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Austin Kim
|
749e6460d5 |
IMA: remove -Wmissing-prototypes warning
commit a32ad90426a9c8eb3915eed26e08ce133bd9e0da upstream.
With W=1 build, the compiler throws warning message as below:
security/integrity/ima/ima_mok.c:24:12: warning:
no previous prototype for ‘ima_mok_init’ [-Wmissing-prototypes]
__init int ima_mok_init(void)
Silence the warning by adding static keyword to ima_mok_init().
Signed-off-by: Austin Kim <austin.kim@lge.com>
Fixes:
|
||
|
Lucas Wei
|
65e475187b |
Merge android-4.9-q (4.9.279) into android-msm-pixel-4.9-sc-lts
Merge 4.9.279 into android-4.9-q
Linux 4.9.279
spi: mediatek: Fix fifo transfer
can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
* Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
net/bluetooth/hci_core.c
* net: Fix zero-copy head len calculation.
net/core/skbuff.c
* r8152: Fix potential PM refcount imbalance
drivers/net/usb/r8152.c
regulator: rt5033: Fix n_voltages settings for BUCK and LDO
btrfs: mark compressed range uptodate only if all bio succeed
Merge 4.9.278 into android-4.9-q
Linux 4.9.278
sis900: Fix missing pci_disable_device() in probe and remove
tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
net/mlx5: Fix flow table chaining
* net: llc: fix skb_over_panic
include/net/llc_pdu.h
mlx4: Fix missing error code in mlx4_load_one()
tipc: fix sleeping in tipc accept routine
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
* netfilter: conntrack: adjust stop timestamp to real expiry value
net/netfilter/nf_conntrack_core.c
* cfg80211: Fix possible memory leak in function cfg80211_bss_update
net/wireless/scan.c
x86/asm: Ensure asm/proto.h can be included stand-alone
nfc: nfcsim: fix use after free during module unload
NIU: fix incorrect error return, missed in previous revert
can: esd_usb2: fix memory leak
can: ems_usb: fix memory leak
can: usb_8dev: fix memory leak
ocfs2: issue zeroout to EOF blocks
ocfs2: fix zero out valid data
x86/kvm: fix vcpu-id indexed array sizes
ARM: ensure the signal page contains defined contents
* lib/string.c: add multibyte memset functions
include/linux/string.h
lib/string.c
ARM: dts: versatile: Fix up interrupt controller node names
hfs: add lock nesting notation to hfs_find_init
hfs: fix high memory mapping in hfs_bnode_read
hfs: add missing clean-up in hfs_fill_super
* sctp: move 198 addresses from unusable to private scope
include/net/sctp/constants.h
net/802/garp: fix memleak in garp_request_join()
net/802/mrp: fix memleak in mrp_request_join()
* workqueue: fix UAF in pwq_unbound_release_workfn()
kernel/workqueue.c
* af_unix: fix garbage collect vs MSG_PEEK
net/unix/af_unix.c
* net: split out functions related to registering inflight socket files
include/net/af_unix.h
net/Makefile
net/unix/Kconfig
net/unix/Makefile
net/unix/af_unix.c
net/unix/garbage.c
net/unix/scm.c
net/unix/scm.h
tipc: Fix backport of b77413446408fdd256599daf00d5be72b5f3e7c6
iommu/amd: Fix backport of 140456f994195b568ecd7fc2287a34eadffef3ca
Merge 4.9.277 into android-4.9-q
Linux 4.9.277
btrfs: compression: don't try to compress if we don't have enough pages
iio: accel: bma180: Fix BMA25x bandwidth register values
iio: accel: bma180: Use explicit member assignment
net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
* tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
kernel/trace/ring_buffer.c
USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
USB: serial: cp210x: fix comments for GE CS1000
USB: serial: option: add support for u-blox LARA-R6 family
usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
usb: max-3421: Prevent corruption of freed memory
USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
* usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
drivers/usb/core/hub.c
KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
* xhci: Fix lost USB 2 remote wake
drivers/usb/host/xhci-hub.c
ALSA: sb: Fix potential ABBA deadlock in CSP driver
s390/ftrace: fix ftrace_update_ftrace_func implementation
Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one"
* proc: Avoid mixing integer types in mem_rw()
fs/proc/base.c
* Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
drivers/usb/core/quirks.c
scsi: target: Fix protect handling in WRITE SAME(32)
scsi: iscsi: Fix iface sysfs attr detection
netrom: Decrease sock refcount when sock timers expire
net: decnet: Fix sleeping inside in af_decnet
net: fix uninit-value in caif_seqpkt_sendmsg
s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
spi: mediatek: fix fifo rx mode
perf probe-file: Delete namelist in del_events() on the error path
perf test bpf: Free obj_buf
perf lzma: Close lzma stream on exit
igb: Check if num of q_vectors is smaller than max before array access
iavf: Fix an error handling path in 'iavf_probe()'
e1000e: Fix an error handling path in 'e1000_probe()'
fm10k: Fix an error handling path in 'fm10k_probe()'
igb: Fix an error handling path in 'igb_probe()'
ixgbe: Fix an error handling path in 'ixgbe_probe()'
* ipv6: tcp: drop silly ICMPv6 packet too big messages
net/ipv4/tcp_output.c
net/ipv6/tcp_ipv6.c
* tcp: annotate data races around tp->mtu_info
net/ipv4/tcp_ipv4.c
net/ipv6/tcp_ipv6.c
* net: validate lwtstate->data before returning from skb_tunnel_info()
include/net/dst_metadata.h
net: ti: fix UAF in tlan_remove_one
net: qcom/emac: fix UAF in emac_remove
net: moxa: fix UAF in moxart_mac_probe
net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
* net: bridge: sync fdb to new unicast-filtering ports
net/bridge/br_if.c
* net: ipv6: fix return value of ip6_skb_dst_mtu
include/net/ip6_route.h
net/ipv6/xfrm6_output.c
* sched/fair: Fix CFS bandwidth hrtimer expiry type
kernel/sched/fair.c
scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
rtc: max77686: Do not enforce (incorrect) interrupt trigger type
* kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
scripts/mkcompile_h
* thermal/core: Correct function name thermal_zone_device_unregister()
drivers/thermal/thermal_core.c
arm64: dts: juno: Update SCPI nodes as per the YAML schema
ARM: dts: stm32: fix RCC node name on stm32f429 MCU
ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
ARM: dts: BCM63xx: Fix NAND nodes names
ARM: brcmstb: dts: fix NAND nodes names
reset: ti-syscon: fix to_ti_syscon_reset_data macro
ARM: dts: rockchip: Fix power-controller node names for rk3288
ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
* ANDROID: selinux: modify RTM_GETNEIGH{TBL}
security/selinux/include/classmap.h
security/selinux/include/security.h
security/selinux/nlmsgtab.c
security/selinux/ss/policydb.c
security/selinux/ss/policydb.h
security/selinux/ss/services.c
Merge 4.9.276 into android-4.9-q
Linux 4.9.276
* seq_file: disallow extremely large seq buffer allocations
fs/seq_file.c
MIPS: vdso: Invalid GIC access through VDSO
mips: disable branch profiling in boot/decompress.o
mips: always link byteswap helpers into decompressor
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
memory: fsl_ifc: fix leak of private memory on probe failure
memory: fsl_ifc: fix leak of IO mapping on probe failure
* reset: bail if try_module_get() fails
drivers/reset/core.c
ARM: dts: r8a7779, marzen: Fix DU clock names
* rtc: fix snprintf() checking in is_rtc_hctosys()
drivers/rtc/rtc-proc.c
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
hexagon: use common DISCARDS macro
ALSA: isa: Fix error return code in snd_cmi8330_probe()
x86/fpu: Limit xstate copy size in xstateregs_set()
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
nfs: fix acl memory leak of posix_acl_create()
watchdog: aspeed: fix hardware timeout calculation
um: fix error return code in winch_tramp()
um: fix error return code in slip_open()
* power: supply: rt5033_battery: Fix device tree enumeration
drivers/power/supply/Kconfig
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
virtio_console: Assure used length from device is limited
virtio-blk: Fix memory leak among suspend/resume procedure
ACPI: AMBA: Fix resource name in /proc/iomem
pwm: tegra: Don't modify HW state in .remove callback
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
orangefs: fix orangefs df output.
x86/fpu: Return proper error codes from user access functions
watchdog: Fix possible use-after-free by calling del_timer_sync()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free in wdt_startup()
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
power: supply: ab8500: Avoid NULL pointers
pwm: spear: Don't modify HW state in .remove callback
lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
* i2c: core: Disable client irq on reboot/shutdown
drivers/i2c/i2c-core.c
ALSA: hda: Add IRQ check for platform_get_irq()
backlight: lm3630a: Fix return code of .update_status() callback
powerpc/boot: Fixup device-tree on little endian
usb: gadget: hid: fix error return code in hid_bind()
* usb: gadget: f_hid: fix endianness issue with descriptors
drivers/usb/gadget/function/f_hid.c
* ALSA: bebob: add support for ToneWeal FW66
sound/firewire/Kconfig
* ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
sound/soc/soc-core.c
selftests/powerpc: Fix "no_handler" EBB selftest
ALSA: ppc: fix error return code in snd_pmac_probe()
gpio: zynq: Check return value of pm_runtime_get_sync
powerpc/ps3: Add dma_mask to ps3_dma_region
ALSA: sb: Fix potential double-free of CSP mixer elements
s390/sclp_vt220: fix console name to match device
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
scsi: iscsi: Add iscsi_cls_conn refcount helpers
fs/jfs: Fix missing error code in lmLogInit()
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
* Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
sound/firewire/Kconfig
misc/libmasm/module: Fix two use after free in ibmasm_init_one
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
* fscrypt: don't ignore minor_hash when hash is 0
fs/crypto/fname.c
tracing: Do not reference char * as a string in histograms
* scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
drivers/scsi/hosts.c
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
* smackfs: restrict bytes count in smk_set_cipso()
security/smack/smackfs.c
jfs: fix GPF in diFree
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
media: gspca/sunplus: fix zero-length control requests
media: gspca/sq905: fix control-request direction
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: dtv5100: fix control-request directions
dm btree remove: assign new_root only when removal succeeds
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
* seq_buf: Fix overflow in seq_buf_putmem_hex()
lib/seq_buf.c
power: supply: ab8500: Fix an old bug
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ASoC: tegra: Set driver_name=tegra for all machine drivers
ata: ahci_sunxi: Disable DIPM
* mmc: core: clear flags before allowing to retune
drivers/mmc/core/core.c
* mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
drivers/mmc/host/sdhci.c
drivers/mmc/host/sdhci.h
pinctrl/amd: Add device HID for new AMD GPIO controller
powerpc/barrier: Avoid collision with clang's __lwsync macro
mac80211: fix memory corruption in EAPOL handling
can: bcm: delay release of struct bcm_op after synchronize_rcu()
can: gw: synchronize rcu operations before removing gw job entry
* fuse: reject internal errno
fs/fuse/dev.c
sctp: add size validation when walking chunks
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
* Bluetooth: Shutdown controller after workqueues are flushed or cancelled
net/bluetooth/hci_core.c
* Bluetooth: Fix the HCI to MGMT status conversion table
net/bluetooth/mgmt.c
RDMA/cma: Fix rdma_resolve_route() memory leak
* wireless: wext-spy: Fix out-of-bounds warning
net/wireless/wext-spy.c
sfc: error code if SRIOV cannot be disabled
sfc: avoid double pci_remove of VFs
RDMA/rxe: Don't overwrite errno from ib_umem_get()
atm: nicstar: register the interrupt handler in the right place
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
cw1200: add missing MODULE_DEVICE_TABLE
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
* xfrm: Fix error reporting in xfrm_state_construct.
net/xfrm/xfrm_user.c
* selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
security/selinux/avc.c
fjes: check return value after calling platform_get_resource()
net: micrel: check return value after calling platform_get_resource()
dm space maps: don't reset space map allocation cursor when committing
RDMA/cxgb4: Fix missing error code in create_qp()
* ipv6: use prandom_u32() for ID generation
net/ipv6/output_core.c
clk: tegra: Ensure that PLLU configuration is applied properly
e100: handle eeprom as little endian
udf: Fix NULL pointer dereference in udf_symlink function
drm/virtio: Fix double free on probe failure
reiserfs: add check for invalid 1st journal block
* net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
net/core/dev.c
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: iphase: fix possible use-after-free in ia_module_exit()
hugetlb: clear huge pte during flush function on mips platform
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
* scsi: core: Retry I/O for Notify (Enable Spinup) Required error
drivers/scsi/scsi_lib.c
mmc: vub3000: fix control-request direction
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
leds: ktd2692: Fix an error handling path
* configfs: fix memleak in configfs_release_bin_file
fs/configfs/file.c
extcon: max8997: Add missing modalias string
extcon: sm5502: Drop invalid register write in sm5502_reg_data
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
* of: Fix truncation of memory sizes on 32-bit platforms
drivers/of/fdt.c
drivers/of/of_reserved_mem.c
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
s390: appldata depends on PROC_SYSCTL
scsi: FlashPoint: Rename si_flags field
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
Input: hil_kbd - fix error return code in hil_dev_connect()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adis_buffer: do not return ints in irq handlers
tty: nozomi: Fix a resource leak in an error handling function
net: sched: fix warning in tcindex_alloc_perfect_hash
* writeback: fix obtain a reference to a freeing memcg css
fs/fs-writeback.c
* Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
net/bluetooth/mgmt.c
i40e: Fix error handling in i40e_vsi_open
vxlan: add missing rcu_read_lock() in neigh_reduce()
net: ethernet: ezchip: fix error handling
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: aeroflex: fix UAF in greth_of_remove
netfilter: nft_exthdr: check for IPv6 packet before further processing
* netlabel: Fix memory leak in netlbl_mgmt_add_common
net/netlabel/netlabel_mgmt.c
ath10k: Fix an error code in ath10k_add_interface()
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
* wireless: carl9170: fix LEDS build errors & warnings
drivers/net/wireless/ath/carl9170/Kconfig
drm: qxl: ensure surf.data is ininitialized
RDMA/rxe: Fix failure during driver load
ehea: fix error return code in ehea_restart_qps()
net: pch_gbe: Propagate error from devm_gpio_request_one()
ocfs2: fix snprintf() checking
ACPI: sysfs: Fix a buffer overrun problem with description_show()
crypto: nx - Fix RCU warning in nx842_OF_upd_status
spi: spi-sun6i: Fix chipselect/clock bug
hwmon: (max31790) Fix fan speed reporting for fan7..12
hwmon: (max31722) Remove non-standard ACPI device IDs
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
media: tc358743: Fix error return code in tc358743_probe_of()
pata_ep93xx: fix deferred probing
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_rb532_cf: fix deferred probing
sata_highbank: fix deferred probing
crypto: ux500 - Fix error return code in hash_hw_final()
crypto: ixp4xx - dma_unmap the correct address
media: s5p_cec: decrement usage count if disabled
ia64: mca_drv: fix incorrect array size calculation
ACPI: tables: Add custom DSDT file as makefile prerequisite
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
ACPI: bus: Call kobject_put() in acpi_init() error path
fs: dlm: fix memory leak when fenced
* random32: Fix implicit truncation warning in prandom_seed_state()
include/linux/prandom.h
fs: dlm: cancel work sync othercon
* block_dump: remove block_dump feature in mark_inode_dirty()
fs/fs-writeback.c
ACPI: processor idle: Fix up C-state latency if not ordered
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
* btrfs: disable build on platforms having page size 256K
fs/btrfs/Kconfig
btrfs: abort transaction if we fail to update the delayed inode
media: siano: fix device register error path
* media: dvb_net: avoid speculation from net slot
drivers/media/dvb-core/dvb_net.c
* crypto: shash - avoid comparing pointers to exported functions under CFI
crypto/shash.c
include/crypto/internal/hash.h
mmc: via-sdmmc: add a check against NULL pointer dereference
media: st-hva: Fix potential NULL pointer dereferences
media: bt8xx: Fix a missing check bug in bt878_probe
* media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
drivers/media/v4l2-core/v4l2-fh.c
crypto: qat - remove unused macro in FW loader
crypto: qat - check return code of qat_hal_rd_rel_reg()
media: pvrusb2: fix warning in pvr2_i2c_core_done
media: cobalt: fix race condition in setting HPD
media: cpia2: fix memory leak in cpia2_usb_probe
crypto: nx - add missing MODULE_DEVICE_TABLE
spi: omap-100k: Fix the length judgment problem
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
* fuse: check connected before queueing on fpq->io
fs/fuse/dev.c
* seq_buf: Make trace_seq_putmem_hex() support data longer than 8
lib/seq_buf.c
ssb: sdio: Don't overwrite const buffer if block_write fails
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
serial_cs: remove wrong GLOBETROTTER.cis entry
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
s390/cio: dont call css_wait_for_slow_path() inside a lock
SUNRPC: Should wake up the privileged task firstly.
SUNRPC: Fix the batch tasks count wraparound.
* ext4: fix avefreec in find_group_orlov
fs/ext4/ialloc.c
* ext4: remove check for zero nr_to_scan in ext4_es_scan()
fs/ext4/extents_status.c
* ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
fs/ext4/extents_status.c
* ext4: fix kernel infoleak via ext4_extent_header
fs/ext4/extents.c
btrfs: clear defrag status of a root if starting transaction fails
ARM: dts: at91: sama5d4: fix pinctrl muxing
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
* iov_iter_fault_in_readable() should do nothing in xarray case
lib/iov_iter.c
ntfs: fix validity check for file name attribute
USB: cdc-acm: blacklist Heimann USB Appset device
usb: gadget: eem: fix echo command packet response issue
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
Input: usbtouchscreen - fix control-request directions
media: dvb-usb: fix wrong definition
* ALSA: usb-audio: fix rate on Ozone Z90 USB headset
sound/usb/format.c
Merge 4.9.275 into android-4.9-q
Linux 4.9.275
xen/events: reset active flag for lateeoi events later
* kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
kernel/kthread.c
* kthread_worker: split code for canceling the delayed work timer
kernel/kthread.c
drm/nouveau: fix dma_address check for CPU/GPU sync
scsi: sr: Return appropriate error code when disk is ejected
* mm, futex: fix shared futex pgoff on shmem huge page
include/linux/hugetlb.h
include/linux/pagemap.h
kernel/futex.c
mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
* mm: add VM_WARN_ON_ONCE_PAGE() macro
include/linux/mmdebug.h
* include/linux/mmdebug.h: make VM_WARN* non-rvals
include/linux/mmdebug.h
Bug: 196282886
Change-Id: I727851b06571f0e9d7751d10a59b1edae838882c
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Bram Bonné
|
90da9cd13d |
ANDROID: selinux: modify RTM_GETNEIGH{TBL}
Map the permission gating RTM_GETNEIGH/RTM_GETNEIGHTBL messages to a
new permission so that it can be distinguished from the other netlink
route permissions in selinux policy. The new permission is triggered by
a flag set in system images T and up.
This change is intended to be backported to all kernels that a T system
image can run on top of.
Bug: 171572148
Test: atest NetworkInterfaceTest
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Test: atest bionic-unit-tests-static
Test: On Cuttlefish, run combinations of:
- Policy bit set or omitted (see https://r.android.com/1701847)
- This patch applied or omitted
- App having nlmsg_readneigh permission or not
Verify that only the combination of this patch + the policy bit being
set + the app not having the nlmsg_readneigh permission prevents the
app from sending RTM_GETNEIGH messages.
Change-Id: I4bcfce4decb34ea9388eeedfc4be67403de8a980
Signed-off-by: Bram Bonné <brambonne@google.com>
(cherry picked from commit fac07550bdac9adea0dbe3edbdbec7a9a690a178)
(cherry picked from commit 32d7afd1472c3cce509a3455b40a575540eac780)
|
||
|
Greg Kroah-Hartman
|
94570581cc |
Merge 4.9.276 into android-4.9-q
Changes in 4.9.276
ALSA: usb-audio: fix rate on Ozone Z90 USB headset
media: dvb-usb: fix wrong definition
Input: usbtouchscreen - fix control-request directions
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
usb: gadget: eem: fix echo command packet response issue
USB: cdc-acm: blacklist Heimann USB Appset device
ntfs: fix validity check for file name attribute
iov_iter_fault_in_readable() should do nothing in xarray case
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
ARM: dts: at91: sama5d4: fix pinctrl muxing
btrfs: clear defrag status of a root if starting transaction fails
ext4: fix kernel infoleak via ext4_extent_header
ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
ext4: remove check for zero nr_to_scan in ext4_es_scan()
ext4: fix avefreec in find_group_orlov
SUNRPC: Fix the batch tasks count wraparound.
SUNRPC: Should wake up the privileged task firstly.
s390/cio: dont call css_wait_for_slow_path() inside a lock
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial_cs: remove wrong GLOBETROTTER.cis entry
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
ssb: sdio: Don't overwrite const buffer if block_write fails
seq_buf: Make trace_seq_putmem_hex() support data longer than 8
fuse: check connected before queueing on fpq->io
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: omap-100k: Fix the length judgment problem
crypto: nx - add missing MODULE_DEVICE_TABLE
media: cpia2: fix memory leak in cpia2_usb_probe
media: cobalt: fix race condition in setting HPD
media: pvrusb2: fix warning in pvr2_i2c_core_done
crypto: qat - check return code of qat_hal_rd_rel_reg()
crypto: qat - remove unused macro in FW loader
media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
media: bt8xx: Fix a missing check bug in bt878_probe
media: st-hva: Fix potential NULL pointer dereferences
mmc: via-sdmmc: add a check against NULL pointer dereference
crypto: shash - avoid comparing pointers to exported functions under CFI
media: dvb_net: avoid speculation from net slot
media: siano: fix device register error path
btrfs: abort transaction if we fail to update the delayed inode
btrfs: disable build on platforms having page size 256K
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
ACPI: processor idle: Fix up C-state latency if not ordered
block_dump: remove block_dump feature in mark_inode_dirty()
fs: dlm: cancel work sync othercon
random32: Fix implicit truncation warning in prandom_seed_state()
fs: dlm: fix memory leak when fenced
ACPI: bus: Call kobject_put() in acpi_init() error path
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
ACPI: tables: Add custom DSDT file as makefile prerequisite
ia64: mca_drv: fix incorrect array size calculation
media: s5p_cec: decrement usage count if disabled
crypto: ixp4xx - dma_unmap the correct address
crypto: ux500 - Fix error return code in hash_hw_final()
sata_highbank: fix deferred probing
pata_rb532_cf: fix deferred probing
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
pata_ep93xx: fix deferred probing
media: tc358743: Fix error return code in tc358743_probe_of()
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
hwmon: (max31722) Remove non-standard ACPI device IDs
hwmon: (max31790) Fix fan speed reporting for fan7..12
spi: spi-sun6i: Fix chipselect/clock bug
crypto: nx - Fix RCU warning in nx842_OF_upd_status
ACPI: sysfs: Fix a buffer overrun problem with description_show()
ocfs2: fix snprintf() checking
net: pch_gbe: Propagate error from devm_gpio_request_one()
ehea: fix error return code in ehea_restart_qps()
RDMA/rxe: Fix failure during driver load
drm: qxl: ensure surf.data is ininitialized
wireless: carl9170: fix LEDS build errors & warnings
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
ath10k: Fix an error code in ath10k_add_interface()
netlabel: Fix memory leak in netlbl_mgmt_add_common
netfilter: nft_exthdr: check for IPv6 packet before further processing
net: ethernet: aeroflex: fix UAF in greth_of_remove
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: ezchip: fix error handling
vxlan: add missing rcu_read_lock() in neigh_reduce()
i40e: Fix error handling in i40e_vsi_open
Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
writeback: fix obtain a reference to a freeing memcg css
net: sched: fix warning in tcindex_alloc_perfect_hash
tty: nozomi: Fix a resource leak in an error handling function
iio: adis_buffer: do not return ints in irq handlers
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
Input: hil_kbd - fix error return code in hil_dev_connect()
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
scsi: FlashPoint: Rename si_flags field
s390: appldata depends on PROC_SYSCTL
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
of: Fix truncation of memory sizes on 32-bit platforms
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
extcon: sm5502: Drop invalid register write in sm5502_reg_data
extcon: max8997: Add missing modalias string
configfs: fix memleak in configfs_release_bin_file
leds: ktd2692: Fix an error handling path
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mmc: vub3000: fix control-request direction
scsi: core: Retry I/O for Notify (Enable Spinup) Required error
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
hugetlb: clear huge pte during flush function on mips platform
atm: iphase: fix possible use-after-free in ia_module_exit()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
reiserfs: add check for invalid 1st journal block
drm/virtio: Fix double free on probe failure
udf: Fix NULL pointer dereference in udf_symlink function
e100: handle eeprom as little endian
clk: tegra: Ensure that PLLU configuration is applied properly
ipv6: use prandom_u32() for ID generation
RDMA/cxgb4: Fix missing error code in create_qp()
dm space maps: don't reset space map allocation cursor when committing
net: micrel: check return value after calling platform_get_resource()
fjes: check return value after calling platform_get_resource()
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
xfrm: Fix error reporting in xfrm_state_construct.
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
cw1200: add missing MODULE_DEVICE_TABLE
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
atm: nicstar: register the interrupt handler in the right place
RDMA/rxe: Don't overwrite errno from ib_umem_get()
sfc: avoid double pci_remove of VFs
sfc: error code if SRIOV cannot be disabled
wireless: wext-spy: Fix out-of-bounds warning
RDMA/cma: Fix rdma_resolve_route() memory leak
Bluetooth: Fix the HCI to MGMT status conversion table
Bluetooth: Shutdown controller after workqueues are flushed or cancelled
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
sctp: add size validation when walking chunks
fuse: reject internal errno
can: gw: synchronize rcu operations before removing gw job entry
can: bcm: delay release of struct bcm_op after synchronize_rcu()
mac80211: fix memory corruption in EAPOL handling
powerpc/barrier: Avoid collision with clang's __lwsync macro
pinctrl/amd: Add device HID for new AMD GPIO controller
mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
mmc: core: clear flags before allowing to retune
ata: ahci_sunxi: Disable DIPM
ASoC: tegra: Set driver_name=tegra for all machine drivers
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
power: supply: ab8500: Fix an old bug
seq_buf: Fix overflow in seq_buf_putmem_hex()
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
dm btree remove: assign new_root only when removal succeeds
media: dtv5100: fix control-request directions
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: gspca/sq905: fix control-request direction
media: gspca/sunplus: fix zero-length control requests
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
jfs: fix GPF in diFree
smackfs: restrict bytes count in smk_set_cipso()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
tracing: Do not reference char * as a string in histograms
fscrypt: don't ignore minor_hash when hash is 0
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
misc/libmasm/module: Fix two use after free in ibmasm_init_one
Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
fs/jfs: Fix missing error code in lmLogInit()
scsi: iscsi: Add iscsi_cls_conn refcount helpers
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
s390/sclp_vt220: fix console name to match device
ALSA: sb: Fix potential double-free of CSP mixer elements
powerpc/ps3: Add dma_mask to ps3_dma_region
gpio: zynq: Check return value of pm_runtime_get_sync
ALSA: ppc: fix error return code in snd_pmac_probe()
selftests/powerpc: Fix "no_handler" EBB selftest
ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
ALSA: bebob: add support for ToneWeal FW66
usb: gadget: f_hid: fix endianness issue with descriptors
usb: gadget: hid: fix error return code in hid_bind()
powerpc/boot: Fixup device-tree on little endian
backlight: lm3630a: Fix return code of .update_status() callback
ALSA: hda: Add IRQ check for platform_get_irq()
i2c: core: Disable client irq on reboot/shutdown
lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
pwm: spear: Don't modify HW state in .remove callback
power: supply: ab8500: Avoid NULL pointers
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
watchdog: Fix possible use-after-free in wdt_startup()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free by calling del_timer_sync()
x86/fpu: Return proper error codes from user access functions
orangefs: fix orangefs df output.
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
pwm: tegra: Don't modify HW state in .remove callback
ACPI: AMBA: Fix resource name in /proc/iomem
virtio-blk: Fix memory leak among suspend/resume procedure
virtio_console: Assure used length from device is limited
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
power: supply: rt5033_battery: Fix device tree enumeration
um: fix error return code in slip_open()
um: fix error return code in winch_tramp()
watchdog: aspeed: fix hardware timeout calculation
nfs: fix acl memory leak of posix_acl_create()
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
x86/fpu: Limit xstate copy size in xstateregs_set()
ALSA: isa: Fix error return code in snd_cmi8330_probe()
hexagon: use common DISCARDS macro
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
rtc: fix snprintf() checking in is_rtc_hctosys()
ARM: dts: r8a7779, marzen: Fix DU clock names
reset: bail if try_module_get() fails
memory: fsl_ifc: fix leak of IO mapping on probe failure
memory: fsl_ifc: fix leak of private memory on probe failure
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
mips: always link byteswap helpers into decompressor
mips: disable branch profiling in boot/decompress.o
MIPS: vdso: Invalid GIC access through VDSO
seq_file: disallow extremely large seq buffer allocations
Linux 4.9.276
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I595c090068eb1b1934b15a0d54394abc38b4b0cc
|
||
|
Tetsuo Handa
|
5f9880403e |
smackfs: restrict bytes count in smk_set_cipso()
commit 49ec114a6e62d8d320037ce71c1aaf9650b3cafd upstream. Oops, I failed to update subject line. From 07571157c91b98ce1a4aa70967531e64b78e8346 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Date: Mon, 12 Apr 2021 22:25:06 +0900 Subject: smackfs: restrict bytes count in smk_set_cipso() Commit 7ef4c19d245f3dc2 ("smackfs: restrict bytes count in smackfs write functions") missed that count > SMK_CIPSOMAX check applies to only format == SMK_FIXED24_FMT case. Reported-by: syzbot <syzbot+77c53db50c9fff774e8e@syzkaller.appspotmail.com> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Minchan Kim
|
a6414f9351 |
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
[ Upstream commit 648f2c6100cfa18e7dfe43bc0b9c3b73560d623c ]
In the field, we have seen lots of allocation failure from the call
path below.
06-03 13:29:12.999 1010315 31557 31557 W Binder : 31542_2: page allocation failure: order:0, mode:0x800(GFP_NOWAIT), nodemask=(null),cpuset=background,mems_allowed=0
...
...
06-03 13:29:12.999 1010315 31557 31557 W Call trace:
06-03 13:29:12.999 1010315 31557 31557 W : dump_backtrace.cfi_jt+0x0/0x8
06-03 13:29:12.999 1010315 31557 31557 W : dump_stack+0xc8/0x14c
06-03 13:29:12.999 1010315 31557 31557 W : warn_alloc+0x158/0x1c8
06-03 13:29:12.999 1010315 31557 31557 W : __alloc_pages_slowpath+0x9d8/0xb80
06-03 13:29:12.999 1010315 31557 31557 W : __alloc_pages_nodemask+0x1c4/0x430
06-03 13:29:12.999 1010315 31557 31557 W : allocate_slab+0xb4/0x390
06-03 13:29:12.999 1010315 31557 31557 W : ___slab_alloc+0x12c/0x3a4
06-03 13:29:12.999 1010315 31557 31557 W : kmem_cache_alloc+0x358/0x5e4
06-03 13:29:12.999 1010315 31557 31557 W : avc_alloc_node+0x30/0x184
06-03 13:29:12.999 1010315 31557 31557 W : avc_update_node+0x54/0x4f0
06-03 13:29:12.999 1010315 31557 31557 W : avc_has_extended_perms+0x1a4/0x460
06-03 13:29:12.999 1010315 31557 31557 W : selinux_file_ioctl+0x320/0x3d0
06-03 13:29:12.999 1010315 31557 31557 W : __arm64_sys_ioctl+0xec/0x1fc
06-03 13:29:12.999 1010315 31557 31557 W : el0_svc_common+0xc0/0x24c
06-03 13:29:12.999 1010315 31557 31557 W : el0_svc+0x28/0x88
06-03 13:29:12.999 1010315 31557 31557 W : el0_sync_handler+0x8c/0xf0
06-03 13:29:12.999 1010315 31557 31557 W : el0_sync+0x1a4/0x1c0
..
..
06-03 13:29:12.999 1010315 31557 31557 W SLUB : Unable to allocate memory on node -1, gfp=0x900(GFP_NOWAIT|__GFP_ZERO)
06-03 13:29:12.999 1010315 31557 31557 W cache : avc_node, object size: 72, buffer size: 80, default order: 0, min order: 0
06-03 13:29:12.999 1010315 31557 31557 W node 0 : slabs: 57, objs: 2907, free: 0
06-03 13:29:12.999 1010161 10686 10686 W SLUB : Unable to allocate memory on node -1, gfp=0x900(GFP_NOWAIT|__GFP_ZERO)
06-03 13:29:12.999 1010161 10686 10686 W cache : avc_node, object size: 72, buffer size: 80, default order: 0, min order: 0
06-03 13:29:12.999 1010161 10686 10686 W node 0 : slabs: 57, objs: 2907, free: 0
06-03 13:29:12.999 1010161 10686 10686 W SLUB : Unable to allocate memory on node -1, gfp=0x900(GFP_NOWAIT|__GFP_ZERO)
06-03 13:29:12.999 1010161 10686 10686 W cache : avc_node, object size: 72, buffer size: 80, default order: 0, min order: 0
06-03 13:29:12.999 1010161 10686 10686 W node 0 : slabs: 57, objs: 2907, free: 0
06-03 13:29:12.999 1010161 10686 10686 W SLUB : Unable to allocate memory on node -1, gfp=0x900(GFP_NOWAIT|__GFP_ZERO)
06-03 13:29:12.999 1010161 10686 10686 W cache : avc_node, object size: 72, buffer size: 80, default order: 0, min order: 0
06-03 13:29:12.999 1010161 10686 10686 W node 0 : slabs: 57, objs: 2907, free: 0
06-03 13:29:13.000 1010161 10686 10686 W SLUB : Unable to allocate memory on node -1, gfp=0x900(GFP_NOWAIT|__GFP_ZERO)
06-03 13:29:13.000 1010161 10686 10686 W cache : avc_node, object size: 72, buffer size: 80, default order: 0, min order: 0
06-03 13:29:13.000 1010161 10686 10686 W node 0 : slabs: 57, objs: 2907, free: 0
06-03 13:29:13.000 1010161 10686 10686 W SLUB : Unable to allocate memory on node -1, gfp=0x900(GFP_NOWAIT|__GFP_ZERO)
06-03 13:29:13.000 1010161 10686 10686 W cache : avc_node, object size: 72, buffer size: 80, default order: 0, min order: 0
06-03 13:29:13.000 1010161 10686 10686 W node 0 : slabs: 57, objs: 2907, free: 0
06-03 13:29:13.000 1010161 10686 10686 W SLUB : Unable to allocate memory on node -1, gfp=0x900(GFP_NOWAIT|__GFP_ZERO)
06-03 13:29:13.000 1010161 10686 10686 W cache : avc_node, object size: 72, buffer size: 80, default order: 0, min order: 0
06-03 13:29:13.000 1010161 10686 10686 W node 0 : slabs: 57, objs: 2907, free: 0
06-03 13:29:13.000 10230 30892 30892 W SLUB : Unable to allocate memory on node -1, gfp=0x900(GFP_NOWAIT|__GFP_ZERO)
06-03 13:29:13.000 10230 30892 30892 W cache : avc_node, object size: 72, buffer size: 80, default order: 0, min order: 0
06-03 13:29:13.000 10230 30892 30892 W node 0 : slabs: 57, objs: 2907, free: 0
06-03 13:29:13.000 10230 30892 30892 W SLUB : Unable to allocate memory on node -1, gfp=0x900(GFP_NOWAIT|__GFP_ZERO)
06-03 13:29:13.000 10230 30892 30892 W cache : avc_node, object size: 72, buffer size: 80, default order: 0, min order: 0
Based on [1], selinux is tolerate for failure of memory allocation.
Then, use __GFP_NOWARN together.
[1] 476accbe2f6e ("selinux: use GFP_NOWAIT in the AVC kmem_caches")
Signed-off-by: Minchan Kim <minchan@kernel.org>
[PM: subj fix, line wraps, normalized commit refs]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Lucas Wei
|
a7836adcc8 |
Merge android-4.9-q (4.9.264) into android-msm-pixel-4.9-lts
Merge 4.9.264 into android-4.9-q
Linux 4.9.264
xen-blkback: don't leak persistent grants from xen_blkbk_map()
mac80211: fix double free in ibss_leave
net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
net: sched: validate stab values
* can: dev: Move device back to init netns on owning netns delete
include/net/rtnetlink.h
net/core/dev.c
* futex: Handle transient "ownerless" rtmutex state correctly
kernel/futex.c
* futex: Fix incorrect should_fail_futex() handling
kernel/futex.c
* futex: Prevent robust futex exit race
kernel/futex.c
* arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
arch/arm64/include/asm/futex.h
* locking/futex: Allow low-level atomic operations to return -EAGAIN
kernel/futex.c
* futex: Fix (possible) missed wakeup
kernel/futex.c
* futex: Handle early deadlock return correctly
kernel/futex.c
kernel/locking/rtmutex.c
* futex,rt_mutex: Fix rt_mutex_cleanup_proxy_lock()
kernel/locking/rtmutex.c
* futex: Avoid freeing an active timer
kernel/futex.c
* futex: Drop hb->lock before enqueueing on the rtmutex
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
* futex: Rework futex_lock_pi() to use rt_mutex_*_proxy_lock()
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
* futex,rt_mutex: Introduce rt_mutex_init_waiter()
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
* futex: Use smp_store_release() in mark_wake_futex()
kernel/futex.c
* idr: add ida_is_empty
drivers/usb/gadget/function/f_hid.c
include/linux/idr.h
perf auxtrace: Fix auxtrace queue conflict
ACPI: scan: Use unique number for instance_no
ACPI: scan: Rearrange memory allocation in acpi_device_add()
RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server
net: cdc-phonet: fix data-interface release on probe failure
mac80211: fix rate mask reset
can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
can: c_can: move runtime PM enable/disable to c_can_platform
can: c_can_pci: c_can_pci_remove(): fix use-after-free
net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
e1000e: add rtnl_lock() to e1000_reset_task
net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
* macvlan: macvlan_count_rx() needs to be aware of preemption
include/linux/if_macvlan.h
bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
arm64: dts: ls1043a: mark crypto engine dma coherent
squashfs: fix xattr id and id lookup sanity checks
* squashfs: fix inode lookup sanity checks
fs/squashfs/squashfs_fs.h
x86/tlb: Flush global mappings when KAISER is disabled
ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign
ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls
nfs: we don't support removing system.nfs4_acl
* u64_stats,lockdep: Fix u64_stats_init() vs lockdep
include/linux/u64_stats_sync.h
atm: idt77252: fix null-ptr-dereference
atm: uPD98402: fix incorrect allocation
net: wan: fix error return code of uhdlc_init()
NFS: Correct size calculation for create reply length
* nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
fs/nfs/Kconfig
sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
net: tehuti: fix error return code in bdx_probe()
ixgbe: Fix memleak in ixgbe_configure_clsu32
atm: lanai: dont run lanai_dev_close if not open
atm: eni: dont release is never initialized
powerpc/4xx: Fix build errors from mfdcr()
net: fec: ptp: avoid register access when ipg clock is disabled
ANDROID: Make vsock virtio packet buff size configurable
Merge 4.9.263 into android-4.9-q
Linux 4.9.263
* genirq: Disable interrupts for force threaded handlers
kernel/irq/manage.c
* ext4: fix potential error in ext4_do_update_inode
fs/ext4/inode.c
* ext4: find old entry again if failed to rename whiteout
fs/ext4/namei.c
x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
x86: Move TS_COMPAT back to asm/thread_info.h
* kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
fs/select.c
include/linux/thread_info.h
kernel/futex.c
kernel/time/alarmtimer.c
kernel/time/hrtimer.c
kernel/time/posix-cpu-timers.c
x86/ioapic: Ignore IRQ2 again
perf/x86/intel: Fix a crash caused by zero PEBS status
PCI: rpadlpar: Fix potential drc_name corruption in store functions
iio: adis16400: Fix an error code in adis16400_initial_setup()
* usb: gadget: configfs: Fix KASAN use-after-free
drivers/usb/gadget/configfs.c
* USB: replace hardcode maximum usb string length by definition
drivers/usb/gadget/composite.c
drivers/usb/gadget/configfs.c
drivers/usb/gadget/usbstring.c
include/uapi/linux/usb/ch9.h
scsi: lpfc: Fix some error codes in debugfs
net/qrtr: fix __netdev_alloc_skb call
sunrpc: fix refcount leak for rpc auth modules
svcrdma: disable timeouts on rdma backchannel
NFSD: Repair misuse of sv_lock in 5.10.16-rt30.
nvmet: don't check iosqes,iocqes for discovery controllers
btrfs: fix race when cloning extent buffer during rewind of an old root
ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode
ixgbe: check for Tx timestamp timeouts during watchdog
net: dsa: b53: Support setting learning on port
* ext4: check journal inode extents more carefully
fs/ext4/block_validity.c
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/indirect.c
fs/ext4/inode.c
fs/ext4/mballoc.c
* ext4: don't allow overlapping system zones
fs/ext4/block_validity.c
* ext4: handle error of ext4_setup_system_zone() on remount
fs/ext4/super.c
Merge 4.9.262 into android-4.9-q
* FROMGIT: configfs: fix a use-after-free in __configfs_open_file
fs/configfs/file.c
Linux 4.9.262
xen/events: avoid handling the same event on two cpus at the same time
xen/events: don't unmask an event channel when an eoi is pending
xen/events: reset affinity of 2-level event when tearing it down
iio: imu: adis16400: fix memory leak
iio: imu: adis16400: release allocated memory on failure
KVM: arm64: Fix exclusive limit for IPA size
hwmon: (lm90) Fix max6658 sporadic wrong temperature reading
binfmt_misc: fix possible deadlock in bm_register_write
powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
alpha: switch __copy_user() and __do_clean_user() to normal calling conventions
alpha: Package string routines together
alpha: make short build log available for division routines
alpha: merge build rules of division routines
alpha: add $(src)/ rather than $(obj)/ to make source file path
* configfs: fix a use-after-free in __configfs_open_file
fs/configfs/file.c
block: rsxx: fix error return code of rsxx_pci_probe()
NFSv4.2: fix return value of _nfs4_get_security_label()
sh_eth: fix TRSCER mask for R7S72100
staging: comedi: pcl818: Fix endian problem for AI command data
staging: comedi: pcl711: Fix endian problem for AI command data
staging: comedi: me4000: Fix endian problem for AI command data
staging: comedi: dmm32at: Fix endian problem for AI command data
staging: comedi: das800: Fix endian problem for AI command data
staging: comedi: das6402: Fix endian problem for AI command data
staging: comedi: adv_pci1710: Fix endian problem for AI command data
staging: comedi: addi_apci_1500: Fix endian problem for command sample
staging: comedi: addi_apci_1032: Fix endian problem for COS sample
staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data()
staging: rtl8712: unterminated string leads to read overflow
staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
usbip: fix vhci_hcd attach_store() races leading to gpf
usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
usbip: fix vudc to check for stream socket
usbip: fix vhci_hcd to check for stream socket
usbip: fix stub_dev to check for stream socket
USB: serial: cp210x: add some more GE USB IDs
USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
USB: serial: ch341: add new Product ID
USB: serial: io_edgeport: fix memory leak in edge_startup
* xhci: Improve detection of device initiated wake signal.
drivers/usb/host/xhci.c
usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot
Goodix Fingerprint device is not a modem
scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section names
* mmc: core: Fix partition switch time for eMMC
drivers/mmc/core/mmc.c
s390/dasd: fix hanging DASD driver unbind
* ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
sound/usb/quirks.c
ALSA: hda: Avoid spurious unsol event handling during S3/S4
ALSA: hda/hdmi: Cancel pending works before suspend
scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
s390/smp: __smp_rescan_cpus() - move cpumask away from stack
PCI: xgene-msi: Fix race in installing chained irq handler
powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
mmc: mediatek: fix race condition between msdc_request_timeout and irq
mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()'
udf: fix silent AED tagLocation corruption
media: usbtv: Fix deadlock on suspend
net: davicom: Fix regulator not turned off on driver removal
net: davicom: Fix regulator not turned off on failed probe
net: lapbether: Remove netif_start_queue / netif_stop_queue
* net: sched: avoid duplicates in classes dump
net/sched/sch_api.c
net/mlx4_en: update moderation when config reset
* Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
mm/slub.c
cifs: return proper error code in statfs(2)
* netfilter: x_tables: gpf inside xt_find_revision()
net/netfilter/x_tables.c
can: flexcan: enable RX FIFO after FRZ/HALT valid
can: flexcan: assert FRZ bit in flexcan_chip_freeze()
can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
* net: Fix gro aggregation for udp encaps with zero csum
net/ipv4/udp_offload.c
ath9k: fix transmitting to stations in dynamic SMPS mode
ethernet: alx: fix order of calls on resume
uapi: nfnetlink_cthelper.h: fix userspace compilation error
Merge 4.9.261 into android-4.9-q
Linux 4.9.261
misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom
* PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
drivers/pci/quirks.c
platform/x86: acer-wmi: Add new force_caps module parameter
iommu/amd: Fix sleeping in atomic in increase_address_space()
* dm table: fix DAX iterate_devices based device capability checks
drivers/md/dm-table.c
* dm table: fix iterate_devices based device capability checks
drivers/md/dm-table.c
rsxx: Return -EFAULT if copy_to_user() fails
ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
usbip: tools: fix build error for multiple definition
btrfs: fix raid6 qstripe kmap
btrfs: raid56: simplify tracking of Q stripe presence
Merge 4.9.260 into android-4.9-q
Linux 4.9.260
* media: v4l: ioctl: Fix memory leak in video_usercopy
drivers/media/v4l2-core/v4l2-ioctl.c
* swap: fix swapfile read/write offset
mm/page_io.c
mm/swapfile.c
* zsmalloc: account the number of compacted pages correctly
drivers/block/zram/zram_drv.c
include/linux/zsmalloc.h
mm/zsmalloc.c
xen-netback: respect gnttab_map_refs()'s return value
Xen/gnttab: handle p2m update errors on a per-slot basis
scsi: iscsi: Verify lengths on passthrough PDUs
scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
* sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
fs/sysfs/file.c
include/linux/sysfs.h
scsi: iscsi: Restrict sessions and handles to admin capabilities
media: uvcvideo: Allow entities with no pads
staging: most: sound: add sanity check for function argument
* Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
net/bluetooth/amp.c
x86/build: Treat R_386_PLT32 relocation as R_386_PC32
ath10k: fix wmi mgmt tx queue full due to race condition
pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
wlcore: Fix command execute failure 19 for wl12xx
* vt/consolemap: do font sum unsigned
drivers/tty/vt/consolemap.c
x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
staging: fwserial: Fix error handling in fwserial_create
mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
* net: fix up truesize of cloned skb in skb_prepare_for_shift()
net/core/skbuff.c
* smackfs: restrict bytes count in smackfs write functions
security/smack/smackfs.c
xfs: Fix assert failure in xfs_setattr_size()
JFS: more checks for invalid superblock
* arm64: Use correct ll/sc atomic constraints
arch/arm64/include/asm/atomic_ll_sc.h
* arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
arch/arm64/include/asm/atomic_ll_sc.h
* arm64: Avoid redundant type conversions in xchg() and cmpxchg()
arch/arm64/include/asm/atomic_ll_sc.h
arch/arm64/include/asm/cmpxchg.h
* arm64: Remove redundant mov from LL/SC cmpxchg
arch/arm64/include/asm/atomic_ll_sc.h
printk: fix deadlock when kernel panic
hugetlb: fix update_and_free_page contig page struct assumption
* scripts: set proper OpenSSL include dir also for sign-file
scripts/Makefile
* scripts: use pkg-config to locate libcrypto
scripts/Makefile
arm: kprobes: Allow to handle reentered kprobe on single-stepping
net: usb: qmi_wwan: support ZTE P685M modem
* futex: Don't enable IRQs unconditionally in put_pi_state()
kernel/futex.c
* futex: Fix more put_pi_state() vs. exit_pi_state_list() races
kernel/futex.c
* futex: Fix pi_state->owner serialization
kernel/futex.c
* futex: Futex_unlock_pi() determinism
kernel/futex.c
* futex: Pull rt_mutex_futex_unlock() out from under hb->lock
kernel/futex.c
* futex: Cleanup refcounting
kernel/futex.c
* futex: Cleanup variable names for futex_top_waiter()
kernel/futex.c
Merge 4.9.259 into android-4.9-q
Linux 4.9.259
dm era: Update in-core bitset after committing the metadata
* net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
include/linux/icmpv6.h
include/linux/ipv6.h
include/net/icmp.h
net/ipv4/icmp.c
net/ipv6/icmp.c
net/ipv6/ip6_icmp.c
* ipv6: silence compilation warning for non-IPV6 builds
include/linux/icmpv6.h
* ipv6: icmp6: avoid indirect call for icmpv6_send()
include/linux/icmpv6.h
net/ipv6/icmp.c
net/ipv6/ip6_icmp.c
sunvnet: use icmp_ndo_send helper
gtp: use icmp_ndo_send helper
* icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
include/linux/icmpv6.h
* icmp: introduce helper for nat'd source address in network device context
include/linux/icmpv6.h
include/net/icmp.h
net/ipv4/icmp.c
net/ipv6/ip6_icmp.c
* futex: fix dead code in attach_to_pi_owner()
kernel/futex.c
* futex: Fix OWNER_DEAD fixup
kernel/futex.c
dm era: only resize metadata in preresume
dm era: Reinitialize bitset cache before digesting a new writeset
dm era: Use correct value size in equality function of writeset tree
dm era: Fix bitset memory leaks
dm era: Verify the data block size hasn't changed
dm era: Recover committed writeset after crash
gfs2: Don't skip dlm unlock if glock has an lvb
sparc32: fix a user-triggerable oops in clear_user()
* f2fs: fix out-of-repair __setattr_copy()
fs/f2fs/file.c
gpio: pcf857x: Fix missing first interrupt
mmc: sdhci-esdhc-imx: fix kernel panic when remove module
* module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
kernel/module.c
libnvdimm/dimm: Avoid race between probe and available_slots_show()
usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
mm: hugetlb: fix a race between freeing and dissolving the page
mtd: spi-nor: hisi-sfc: Put child node np on error path
floppy: reintroduce O_NDELAY fix
x86/reboot: Force all cpus to exit VMX root if VMX is supported
staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
* seccomp: Add missing return in non-void function
kernel/seccomp.c
btrfs: fix extent buffer leak on failure to copy root
btrfs: fix reloc root leak with 0 ref reloc roots on recovery
btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
KEYS: trusted: Fix migratable=1 failing
* usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
drivers/usb/dwc3/gadget.c
* usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
drivers/usb/dwc3/gadget.c
USB: serial: mos7720: fix error code in mos7720_write()
USB: serial: mos7840: fix error code in mos7840_write()
usb: musb: Fix runtime PM race in musb_queue_resume_work
USB: serial: option: update interface mapping for ZTE P685M
Input: i8042 - add ASUS Zenbook Flip to noselftest list
Input: joydev - prevent potential read overflow in ioctl
* Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S
drivers/input/joystick/xpad.c
Input: raydium_ts_i2c - do not send zero length
ACPI: configfs: add missing check after configfs_register_default_group()
* blk-settings: align max_sectors on "logical_block_size" boundary
block/blk-settings.c
* scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
drivers/scsi/bnx2fc/Kconfig
i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
* arm64: Add missing ISB after invalidating TLB in __primary_switch
arch/arm64/kernel/head.S
mm/hugetlb: fix potential double free in hugetlb_register_node() error path
* mm/memory.c: fix potential pte_unmap_unlock pte error
mm/memory.c
ocfs2: fix a use after free on error
net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
i40e: Fix flow for IPv6 next header (extension header)
drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
* PCI: Align checking of syscall user config accessors
drivers/pci/syscall.c
VMCI: Use set_page_dirty_lock() when unregistering guest memory
pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users
misc: eeprom_93xx46: Fix module alias to enable module autoprobe
sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
Input: elo - fix an error code in elo_connect()
perf test: Fix unaligned access in sample parsing test
perf intel-pt: Fix missing CYC processing in PSB
spi: pxa2xx: Fix the controller numbering for Wildcat Point
powerpc/pseries/dlpar: handle ibm, configure-connector delay status
mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
RDMA/rxe: Fix coding error in rxe_recv.c
perf tools: Fix DSO filtering when not finding a map for a sampled address
* tracepoint: Do not fail unregistering a probe due to memory failure
kernel/tracepoint.c
* amba: Fix resource leak for drivers without .remove
drivers/amba/bus.c
ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
powerpc/47x: Disable 256k page size
IB/umad: Return EIO in case of when device disassociated
isofs: release buffer head before return
regulator: axp20x: Fix reference cout leak
clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
* of/fdt: Make sure no-map does not remove already reserved regions
drivers/of/fdt.c
* fdt: Properly handle "no-map" field in the memory region
drivers/of/fdt.c
dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function
dmaengine: fsldma: Fix a resource leak in the remove function
* HID: core: detect and skip invalid inputs to snto32()
drivers/hid/hid-core.c
spi: cadence-quadspi: Abort read if dummy cycles required are too many
clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
jffs2: fix use after free in jffs2_sum_write_data()
fs/jfs: fix potential integer overflow on shift of a int
crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
btrfs: clarify error returns values in __load_free_space_cache
ata: ahci_brcm: Add back regulators management
media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
media: pxa_camera: declare variable when DEBUG is defined
media: cx25821: Fix a bug when reallocating some dma memory
media: qm1d1c0042: fix error return code in qm1d1c0042_init()
media: lmedm04: Fix misuse of comma
ASoC: cs42l56: fix up error handling in probe
media: tm6000: Fix memleak in tm6000_start_stream
media: media/pci: Fix memleak in empress_init
media: vsp1: Fix an error handling path in the probe function
MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
gma500: clean up error handling in init
drm/gma500: Fix error return code in psb_driver_load()
* fbdev: aty: SPARC64 requires FB_ATY_CT
drivers/video/fbdev/Kconfig
b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
mac80211: fix potential overflow when multiplying to u32 integers
xen/netback: fix spurious event detection for common event case
bnxt_en: reverse order of TX disable and carrier off
ARM: s3c: fix fiq for clang IAS
arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
usb: dwc2: Make "trimming xfer length" a debug message
usb: dwc2: Abort transaction after errors with unknown reason
usb: dwc2: Do not update data length if it is 0 on inbound transfers
ARM: dts: Configure missing thermal interrupt for 4430
* Bluetooth: Put HCI device if inquiry procedure interrupts
net/bluetooth/hci_core.c
* Bluetooth: drop HCI device reference before return
net/bluetooth/a2mp.c
arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso
ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
* Bluetooth: Fix initializing response id after clearing struct
net/bluetooth/a2mp.c
mm, thp: make do_huge_pmd_wp_page() lock page for testing mapcount
* random: fix the RNDRESEEDCRNG ioctl
drivers/char/random.c
MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
* kdb: Make memory allocations more robust
kernel/debug/kdb/kdb_private.h
scripts/recordmcount.pl: support big endian for ARCH sh
cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
NET: usb: qmi_wwan: Adding support for Cinterion MV31
arm64: tegra: Add power-domain for Tegra210 HDA
igb: Remove incorrect "unexpected SYS WRAP" log message
ntfs: check for valid standard information attribute
* usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
drivers/usb/core/quirks.c
* HID: make arrays usage and value to be the same
drivers/hid/hid-core.c
Bug: 184596728
Change-Id: I50e867d3e8d2d62938b73e54b8d6e614bb3f2d1b
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
a4d5c09d6c |
Merge 4.9.260 into android-4.9-q
Changes in 4.9.260 futex: Cleanup variable names for futex_top_waiter() futex: Cleanup refcounting futex: Pull rt_mutex_futex_unlock() out from under hb->lock futex: Futex_unlock_pi() determinism futex: Fix pi_state->owner serialization futex: Fix more put_pi_state() vs. exit_pi_state_list() races futex: Don't enable IRQs unconditionally in put_pi_state() net: usb: qmi_wwan: support ZTE P685M modem arm: kprobes: Allow to handle reentered kprobe on single-stepping scripts: use pkg-config to locate libcrypto scripts: set proper OpenSSL include dir also for sign-file hugetlb: fix update_and_free_page contig page struct assumption printk: fix deadlock when kernel panic arm64: Remove redundant mov from LL/SC cmpxchg arm64: Avoid redundant type conversions in xchg() and cmpxchg() arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint arm64: Use correct ll/sc atomic constraints JFS: more checks for invalid superblock xfs: Fix assert failure in xfs_setattr_size() smackfs: restrict bytes count in smackfs write functions net: fix up truesize of cloned skb in skb_prepare_for_shift() mm/hugetlb.c: fix unnecessary address expansion of pmd sharing staging: fwserial: Fix error handling in fwserial_create x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk vt/consolemap: do font sum unsigned wlcore: Fix command execute failure 19 for wl12xx pktgen: fix misuse of BUG_ON() in pktgen_thread_worker() ath10k: fix wmi mgmt tx queue full due to race condition x86/build: Treat R_386_PLT32 relocation as R_386_PC32 Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data staging: most: sound: add sanity check for function argument media: uvcvideo: Allow entities with no pads scsi: iscsi: Restrict sessions and handles to admin capabilities sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE scsi: iscsi: Verify lengths on passthrough PDUs Xen/gnttab: handle p2m update errors on a per-slot basis xen-netback: respect gnttab_map_refs()'s return value zsmalloc: account the number of compacted pages correctly swap: fix swapfile read/write offset media: v4l: ioctl: Fix memory leak in video_usercopy Linux 4.9.260 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I36c2dd54eec10fff4b30d04830dbf0c3928ec088 |
||
|
Sabyrzhan Tasbolatov
|
db89bac638 |
smackfs: restrict bytes count in smackfs write functions
commit 7ef4c19d245f3dc233fd4be5acea436edd1d83d8 upstream.
syzbot found WARNINGs in several smackfs write operations where
bytes count is passed to memdup_user_nul which exceeds
GFP MAX_ORDER. Check count size if bigger than PAGE_SIZE.
Per smackfs doc, smk_write_net4addr accepts any label or -CIPSO,
smk_write_net6addr accepts any label or -DELETE. I couldn't find
any general rule for other label lengths except SMK_LABELLEN,
SMK_LONGLABEL, SMK_CIPSOMAX which are documented.
Let's constrain, in general, smackfs label lengths for PAGE_SIZE.
Although fuzzer crashes write to smackfs/netlabel on 0x400000 length.
Here is a quick way to reproduce the WARNING:
python -c "print('A' * 0x400000)" > /sys/fs/smackfs/netlabel
Reported-by: syzbot+a71a442385a0b2815497@syzkaller.appspotmail.com
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|