49eea524bebea0d2b7dfa1c709a6694de808eb8a
4118 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Linux Build Service Account
|
33967ca964 | Merge "defconfig: Enable PANIC_ON_RECURSIVE_FAULT on sdxpoorwills target" | ||
|
Blagovest Kolenichev
|
427fd2195c |
Merge android-4.9.92 (9c3fb9c) into msm-4.9
* refs/heads/tmp-9c3fb9c: Linux 4.9.92 net: hns: Fix a skb used after free bug kcm: lock lower socket in kcm_attach net: systemport: Rewrite __bcm_sysport_tx_reclaim() s390/qeth: on channel error, reject further cmd requests s390/qeth: lock read device while queueing next buffer s390/qeth: when thread completes, wake up all waiters s390/qeth: free netdevice when removing a card soc/fsl/qbman: fix issue in qman_delete_cgr_safe() team: Fix double free in error path skbuff: Fix not waking applications when errors are enqueued net: Only honor ifindex in IP_PKTINFO if non-0 netlink: avoid a double skb free in genlmsg_mcast() net/iucv: Free memory obtained by kzalloc net: fec: Fix unbalanced PM runtime calls net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred l2tp: do not accept arbitrary sockets ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() dccp: check sk for closed state in dccp_sendmsg() net: Fix hlist corruptions in inet_evict_bucket() net: use skb_to_full_sk() in skb_update_prio() ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() sch_netem: fix skb leak in netem_enqueue() rhashtable: Fix rhlist duplicates insertion ppp: avoid loop in xmit recursion detection code net sched actions: return explicit error when tunnel_key mode is not specified Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" scsi: sg: don't return bogus Sg_requests Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" Change-Id: I539eaf561b5aa70589d886052d160c71a79145ad Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
6c02278dca |
Merge android-4.9.91 (bb94f9d) into msm-4.9
* refs/heads/tmp-bb94f9d:
UPSTREAM: net: hns: Fix a skb used after free bug
Linux 4.9.91
bpf, x64: increase number of passes
bpf: skip unnecessary capability check
kbuild: disable clang's default use of -fmerge-all-constants
selftests: x86: sysret_ss_attrs doesn't build on a PIE build
x86/pkeys/selftests: Rename 'si_pkey' to 'siginfo_pkey'
signal/testing: Don't look for __SI_FAULT in userspace
selftests/x86/protection_keys: Fix syscall NR redefinition warnings
selftests, x86, protection_keys: fix wrong offset in siginfo
staging: lustre: ptlrpc: kfree used instead of kvfree
iio: ABI: Fix name of timestamp sysfs file
perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers
perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
perf stat: Fix CVS output format for non-supported counters
perf/x86/intel/uncore: Fix Skylake UPI event format
x86/entry/64: Don't use IST entry for #BP stack
x86/boot/64: Verify alignment of the LOAD segment
x86/build/64: Force the linker to use 2MB page size
kvm/x86: fix icebp instruction handling
selftests/x86/ptrace_syscall: Fix for yet more glibc interference
tty: vt: fix up tabstops properly
can: cc770: Fix use after free in cc770_tx_interrupt()
can: cc770: Fix queue stall & dropped RTR reply
can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
can: ifi: Check core revision upon probe
can: ifi: Repair the error handling
staging: ncpfs: memory corruption in ncp_read_kernel()
mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0
mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0
mtd: nand: fsl_ifc: Fix nand waitfunc return value
mtdchar: fix usage of mtd_ooblayout_ecc()
tracing: probeevent: Fix to support minus offset from symbol
rtlwifi: rtl8723be: Fix loss of signal
brcmfmac: fix P2P_DEVICE ethernet address generation
libnvdimm, {btt, blk}: do integrity setup before add_disk()
ACPI / watchdog: Fix off-by-one error at resource assignment
acpi, numa: fix pxm to online numa node associations
drm: udl: Properly check framebuffer mmap offsets
drm/radeon: Don't turn off DP sink when disconnected
drm/vmwgfx: Fix a destoy-while-held mutex problem.
mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink()
mm/thp: do not wait for lock_page() in deferred_split_scan()
mm/khugepaged.c: convert VM_BUG_ON() to collapse fail
x86/mm: implement free pmd/pte page interfaces
mm/vmalloc: add interfaces to free unmapped page table
nfsd: remove blocked locks on client teardown
libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
libata: Enable queued TRIM for Samsung SSD 860
libata: disable LPM for Crucial BX100 SSD 500GB drive
libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
libata: don't try to pass through NCQ commands to non-NCQ devices
libata: remove WARN() for DMA or PIO command without data
libata: fix length validation of ATAPI-relayed SCSI commands
Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops
clk: bcm2835: Protect sections updating shared registers
clk: bcm2835: Fix ana->maskX definitions
ahci: Add PCI-id for the Highpoint Rocketraid 644L card
PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
ALSA: hda/realtek - Always immediately update mute LED with pin VREF
ALSA: aloop: Fix access to not-yet-ready substream via cable
ALSA: aloop: Sync stale timer before release
ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
iio: st_pressure: st_accel: pass correct platform data to init
MIPS: ralink: Remove ralink_halt()
Change-Id: I65d15215fbd73a86b6834aad1d7280b8dc16b62b
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
dc9767ff92 |
Merge android-4.9.90 (dd1e37e) into msm-4.9
* refs/heads/tmp-dd1e37e: Linux 4.9.90 usb: gadget: f_hid: fix: Move IN request allocation to set_alt() RDMA/ucma: Don't allow join attempts for unsupported AF family RDMA/ucma: Fix access to non-initialized CM_ID object clk: migrate the count of orphaned clocks at init IB/mlx5: Fix out-of-bounds read in create_raw_packet_qp_rq IB/mlx5: Fix integer overflows in mlx5_ib_create_srq dmaengine: ti-dma-crossbar: Fix event mapping for TPCC_EVT_MUX_60_63 clk: si5351: Rename internal plls to avoid name collisions clk: axi-clkgen: Correctly handle nocount bit in recalc_rate() clk: Don't touch hardware when reparenting during registration nfsd4: permit layoutget of executable-only files ARM: dts: aspeed-evb: Add unit name to memory node RDMA/ocrdma: Fix permissions for OCRDMA_RESET_STATS ip6_vti: adjust vti mtu according to mtu of lower device iommu/vt-d: clean up pr_irq if request_threaded_irq fails pinctrl: rockchip: enable clock when reading pin direction register pinctrl: Really force states during suspend/resume coresight: Fix disabling of CoreSight TPIU pty: cancel pty slave port buf's work in tty_release drm/omap: DMM: Check for DMM readiness after successful transaction commit omapdrm: panel: fix compatible vendor string for td028ttec1 vgacon: Set VGA struct resource types iser-target: avoid reinitializing rdma contexts for isert commands IB/umem: Fix use of npages/nmap fields RDMA/cma: Use correct size when writing netlink stats IB/ipoib: Avoid memory leak if the SA returns a different DGID mmc: avoid removing non-removable hosts during suspend drm/tilcdc: ensure nonatomic iowrite64 is not used dmaengine: zynqmp_dma: Fix race condition in the probe platform/chrome: Use proper protocol transfer function watchdog: Fix potential kref imbalance when opening watchdog cros_ec: fix nul-termination for firmware build info serial: 8250_dw: Disable clock on error qmi_wwan: set FLAG_SEND_ZLP to avoid network initiated disconnect media: [RESEND] media: dvb-frontends: Add delay to Si2168 restart ath10k: handling qos at STA side based on AP WMM enable/disable media: bt8xx: Fix err 'bt878_probe()' rtlwifi: rtl_pci: Fix the bug when inactiveps is enabled. RDMA/iwpm: Fix uninitialized error code in iwpm_send_mapinfo() drm/msm: fix leak in failed get_pages media: c8sectpfe: fix potential NULL pointer dereference in c8sectpfe_timer_interrupt Bluetooth: btqcomsmd: Fix skb double free corruption Bluetooth: hci_qca: Avoid setup failure on missing rampatch block/mq: Cure cpu hotplug lock inversion perf tests kmod-path: Don't fail if compressed modules aren't supported ath10k: fix out of bounds access to local buffer rtc: ds1374: wdt: Fix stop/start ioctl always returning -EINVAL rtc: ds1374: wdt: Fix issue with timeout scaling from secs to wdt ticks mm: hwpoison: call shake_page() after try_to_unmap() for mlocked page mm, vmstat: suppress pcp stats for unpopulated zones in zoneinfo mm: fix check for reclaimable pages in PF_MEMALLOC reclaim throttling cifs: small underflow in cnvrtDosUnixTm() net: hns: fix ethtool_get_strings overflow in hns driver pNFS: Fix a deadlock when coalescing writes and returning the layout sm501fb: don't return zero on failure path in sm501fb_start() video: fbdev: udlfb: Fix buffer on stack x86/xen: split xen_smp_prepare_boot_cpu() tcm_fileio: Prevent information leak for short reads ia64: fix module loading for gcc-5.4 ACPI / power: Delay turning off unused power resources after suspend md/raid10: skip spare disk as 'first' disk IB/rxe: Don't clamp residual length to mtu Input: twl4030-pwrbutton - use correct device for irq request power: supply: pda_power: move from timer to delayed_work power: supply: isp1704: Fix unchecked return value of devm_kzalloc power: supply: bq24190_charger: Add disable-reset device-property bnx2x: Align RX buffers qed: Unlock on error in qed_vf_pf_acquire() vxlan: correctly handle ipv6.disable module parameter Bluetooth: hci_ldisc: Add protocol check to hci_uart_tx_wakeup() Bluetooth: hci_ldisc: Add protocol check to hci_uart_dequeue() soc/fsl/qe: round brg_freq to 1kHz granularity net: ethernet: ucc_geth: fix MEM_PART_MURAM mode ixgbevf: fix size of queue stats length jbd2: Fix lockdep splat with generic/270 test drm/nouveau/kms: Increase max retries in scanout position queries. drm/amdgpu: fix gpu reset crash ACPI / PMIC: xpower: Fix power_table addresses ipmi/watchdog: fix wdog hang on panic waiting for ipmi response platform/x86: asus-wmi: try to set als by default IB/hfi1: Fix softlockup issue IB/rdmavt: restore IRQs on error path in rvt_create_ah() ARM: DRA7: clockdomain: Change the CLKTRCTRL of CM_PCIE_CLKSTCTRL to SW_WKUP netfilter: x_tables: unlock on error in xt_find_table_lock() mmc: sdhci-of-esdhc: limit SD clock for ls1012a/ls1046a mac80211: Fix possible sband related NULL pointer de-reference ipvs: explicitly forbid ipv6 service/dest creation if ipv6 mod is disabled staging: wilc1000: fix unchecked return value staging: unisys: visorhba: fix s-Par to boot with option CONFIG_VMAP_STACK set to y gpio: gpio-wcove: fix GPIO IRQ status mask x86/KASLR: Fix kexec kernel boot crash when KASLR randomization fails mtip32xx: use runtime tag to initialize command header mfd: palmas: Reset the POWERHOLD mux during power off dt-bindings: mfd: axp20x: Add "xpowers,master-mode" property for AXP806 PMICs iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value ACPICA: iasl: Fix IORT SMMU GSI disassembling mac80211: don't parse encrypted management frames in ieee80211_frame_acked orangefs: do not wait for timeout if umounting Btrfs: fix extent map leak during fallocate error path Btrfs: send, fix file hole not being preserved due to inline extent Btrfs: fix incorrect space accounting after failure to insert inline extent rndis_wlan: add return value validation libertas: check return value of alloc_workqueue mt7601u: check return value of alloc_skb iio: st_pressure: st_accel: Initialise sensor platform data properly NFS: don't try to cross a mountpount when there isn't one there. xprtrdma: Cancel refresh worker during buffer shutdown pNFS: Fix use after free issues in pnfs_do_read() infiniband/uverbs: Fix integer overflows scsi: mac_esp: Replace bogus memory barrier with spinlock platform/x86: intel-vbtn: add volume up and down netfilter: nft_dynset: continue to next expr if _OP_ADD succeeded qlcnic: fix unchecked return value wan: pc300too: abort path on failure tipc: check return value of nlmsg_new mmc: host: omap_hsmmc: checking for NULL instead of IS_ERR() netfilter: nf_ct_helper: permit cthelpers with different names via nfnetlink openvswitch: Delete conntrack entry clashing with an expectation. netfilter: xt_CT: fix refcnt leak on error path gpio: gpio-wcove: fix irq pending status bit width Fix Express lane queue creation. Fix driver usage of 128B WQEs when WQ_CREATE is V1. netvsc: Deal with rescinded channels correctly ibmvnic: Disable irq prior to close ASoC: Intel: Skylake: Uninitialized variable in probe_codec() IB/mlx5: Set correct SL in completion for RoCE IB/mlx5: Change vma from shared to private IB/mlx5: Take write semaphore when changing the vma struct IB/mlx4: Change vma from shared to private IB/mlx4: Take write semaphore when changing the vma struct HSI: ssi_protocol: double free in ssip_pn_xmit() IB/ipoib: Update broadcast object if PKey value was changed in index 0 IB/ipoib: Fix deadlock between ipoib_stop and mcast join flow ALSA: hda - Fix headset microphone detection for ASUS N551 and N751 e1000e: fix timing for 82579 Gigabit Ethernet controller tcp: remove poll() flakes with FastOpen NFS: Fix missing pg_cleanup after nfs_pageio_cond_complete() md/raid10: wait up frozen array in handle_write_completed iommu/omap: Register driver before setting IOMMU ops irqchip/mips-gic: Separate IPI reservation & usage tracking ARM: 8668/1: ftrace: Fix dynamic ftrace with DEBUG_RODATA and !FRAME_POINTER x86/reboot: Turn off KVM when halting a CPU mwifiex: don't leak 'chan_stats' on reset KVM: PPC: Book3S PR: Exit KVM on failed mapping scsi: virtio_scsi: Always try to read VPD pages iwlwifi: a000: fix memory offsets and lengths iwlwifi: split the handler and the wake parts of the notification infra clk: ns2: Correct SDIO bits ath: Fix updating radar flags for coutry code India powerpc/64s: Remove SAO feature from Power9 DD1 spi: dw: Disable clock after unregistering the host tools/testing/nvdimm: fix nfit_test shutdown crash ASoC: Intel: Atom: update Thinkpad 10 quirk btrfs: fix a bogus warning when converting only data or metadata media/dvb-core: Race condition when writing to CAM net: ipv6: send unsolicited NA on admin up i2c: i2c-scmi: add a MS HID genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs cpufreq/sh: Replace racy task affinity logic ACPI/processor: Replace racy task affinity logic ACPI/processor: Fix error handling in __acpi_processor_start() time: Change posix clocks ops interfaces to use timespec64 Input: ar1021_i2c - fix too long name in driver's device table rtc: cmos: Do not assume irq 8 for rtc when there are no legacy irqs x86: i8259: export legacy_pic symbol power: supply: bq24190_charger: Limit over/under voltage fault logging regulator: anatop: set default voltage selector for pcie bonding: handle link transition from FAIL to UP correctly platform/x86: asus-nb-wmi: Add wapf4 quirk for the X302UA led: core: Clear LED_BLINK_SW flag in led_blink_set() Revert "led: core: Fix brightness setting when setting delay_off=0" staging: android: ashmem: Fix possible deadlock in ashmem_ioctl CIFS: Enable encryption during session setup phase SMB3: Validate negotiate request must always be signed ASoC: rsnd: check src mod pointer for rsnd_mod_id() tpm: fix potential buffer overruns caused by bit glitches on the bus BACKPORT, FROMLIST: crypto: arm64/speck - add NEON-accelerated implementation of Speck-XTS ANDROID: debugobjects: Make stack check warning more informative PM / OPP: list_del_rcu should be used in function _remove_opp_dev trace/sched: Fix compilation for 32 bit systems sched/fair: select the most energy-efficient CPU candidate on wake-up sched/fair: fix array out of bounds access in select_energy_cpu_idx() sched/fair: use min capacity when evaluating active cpus sched/fair: use min capacity when evaluating idle backup cpus sched/fair: use min capacity when evaluating placement energy costs sched/fair: introduce minimum capacity capping sched feature arm/topology: link arch_scale_min_freq_capacity to cpufreq arm64/topology: link arch_scale_min_freq_capacity to cpufreq sched: add arch_scale_min_freq_capacity to track minimum capacity caps cpufreq: add scaled minimum capacity tracking for policy changes arm64: enable max frequency capping arm: enable max frequency capping cpufreq: implement max frequency capping sched/fair: introduce an arch scaling function for max frequency capping cpufreq: remove max frequency capping from scale_freq_capacity() Revert "ANDROID: cpufreq: Max freq invariant scheduler load-tracking and cpu capacity support" Revert "ANDROID: arm: Enable max freq invariant scheduler load-tracking and capacity support" Revert "ANDROID: arm64: Enable max freq invariant scheduler load-tracking and capacity support" sched/fair: reduce rounding errors in energy computations sched/fair: re-factor energy_diff to use a single (extensible) energy_env sched/fair: cleanup select_energy_cpu_brute to be more consistent sched/fair: remove capacity tracking from energy_diff sched/fair: remove energy_diff tracepoint in preparation to re-factoring sched/fair: use *p to reference task_structs sched: EAS: Fix the calculation of group util in group_idle_state() Conflicts: drivers/clk/clk.c drivers/gpu/drm/msm/msm_gem.c include/trace/events/sched.h kernel/sched/fair.c kernel/sched/features.h Change-Id: I875b8c298dc6a8151abf740126a2d1881d498203 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
aa71c72742 |
Merge android-4.9.88 (bb52bba) into msm-4.9
* refs/heads/tmp-bb52bba: Linux 4.9.88 PCI: dwc: Fix enumeration end when reaching root subordinate earlycon: add reg-offset to physical address before mapping serial: core: mark port as initialized in autoconfig serial: 8250_pci: Add Brainboxes UC-260 4 port serial device usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() usb: usbmon: Read text within supplied buffer size usb: quirks: add control message delay for 1b1c:1b20 usbip: vudc: fix null pointer dereference on udc->lock USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h staging: android: ashmem: Fix lockdep issue during llseek staging: comedi: fix comedi_nsamples_left. uas: fix comparison for error code tty/serial: atmel: add new version check for usart serial: sh-sci: prevent lockup on full TTY buffers ASoC: rt5651: Fix regcache sync errors on resume ASoC: sgtl5000: Fix suspend/resume x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 x86/module: Detect and skip invalid relocations NFS: Fix unstable write completion NFS: Fix an incorrect type in struct nfs_direct_req scsi: qla2xxx: Replace fcport alloc with qla2x00_alloc_fcport ubi: Fix race condition between ubi volume creation and udev ext4: inplace xattr block update fails to deduplicate blocks netfilter: x_tables: pack percpu counter allocations netfilter: x_tables: pass xt_counters struct to counter allocator netfilter: x_tables: pass xt_counters struct instead of packet counter netfilter: ipv6: fix use-after-free Write in nf_nat_ipv6_manip_pkt netfilter: bridge: ebt_among: add missing match size checks netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets netfilter: IDLETIMER: be syzkaller friendly netfilter: nat: cope with negative port range netfilter: x_tables: fix missing timer initialization in xt_LED netfilter: add back stackpointer size checks tc358743: fix register i2c_rd/wr function fix Input: tca8418_keypad - remove double read of key event register ARM: omap2: hide omap3_save_secure_ram on non-OMAP3 builds watchdog: hpwdt: Remove legacy NMI sourcing. watchdog: hpwdt: fix unused variable warning watchdog: hpwdt: Check source of NMI watchdog: hpwdt: SMBIOS check x86/paravirt, objtool: Annotate indirect calls x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP x86/boot, objtool: Annotate indirect jump in secondary_startup_64() x86/speculation, objtool: Annotate indirect calls/jumps for objtool x86/retpoline: Support retpoline builds with Clang x86/speculation: Use IBRS if available before calling into firmware Revert "x86/retpoline: Simplify vmexit_fill_RSB()" nospec: Include <asm/barrier.h> dependency nospec: Kill array_index_nospec_mask_check() ALSA: hda: add dock and led support for HP ProBook 640 G2 ALSA: hda: add dock and led support for HP EliteBook 820 G3 ALSA: seq: More protection for concurrent write and ioctl races ALSA: seq: Don't allow resizing pool in use ALSA: hda/realtek - Make dock sound work on ThinkPad L570 ALSA: hda/realtek - Fix dock line-out volume on Dell Precision 7520 ALSA: hda/realtek: Limit mic boost on T480 x86/spectre_v2: Don't check microcode versions when running under hypervisors perf tools: Fix trigger class trigger_on() x86/MCE: Serialize sysfs changes bcache: don't attach backing with duplicate UUID bcache: fix crashes in duplicate cache device register IB/mlx5: Fix incorrect size of klms in the memory region kbuild: Handle builtin dtb file names containing hyphens KVM: s390: fix memory overwrites when not using SCA entries virtio_ring: fix num_free handling in error case loop: Fix lost writes caused by missing flag Input: matrix_keypad - fix race when disabling interrupts MIPS: OCTEON: irq: Check for null return on kzalloc allocation MIPS: ath25: Check for kzalloc allocation failure MIPS: BMIPS: Do not mask IPIs during suspend drm/amdgpu:Always save uvd vcpu_bo in VM Mode drm/amdgpu:Correct max uvd handles drm/amdgpu: fix KV harvesting drm/radeon: fix KV harvesting drm/amdgpu: Notify sbios device ready before send request drm/amdgpu: Fix deadlock on runtime suspend drm/radeon: Fix deadlock on runtime suspend drm/nouveau: Fix deadlock on runtime suspend drm: Allow determining if current task is output poll worker workqueue: Allow retrieval of current task's work struct drm/i915: Always call to intel_display_set_init_power() in resume_early. scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS drm/i915: Try EDID bitbanging on HDMI after failed read RDMA/mlx5: Fix integer overflow while resizing CQ RDMA/ucma: Check that user doesn't overflow QP state RDMA/ucma: Limit possible option size ANDROID: sdcardfs: fix lock issue on 32 bit/SMP architectures UPSTREAM: kasan: add functions for unpoisoning stack variables UPSTREAM: kasan: add tests for alloca poisoning UPSTREAM: kasan: support alloca() poisoning UPSTREAM: kasan/Makefile: support LLVM style asan parameters BACKPORT: kasan: add compiler support for clang kbuild: fix --gc-sections BACKPORT: fix "netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1'" UPSTREAM: netfilter: xt_bpf: add overflow checks UPSTREAM: netfilter: xt_bpf: Fix XT_BPF_MODE_FD_PINNED mode of 'xt_bpf_info_v1' UPSTREAM: netfilter: xt_bpf: support ebpf FROMLIST: f2fs: don't put dentry page in pagecache into highmem Change-Id: I7f13fedc725fe5333e18e4e5b6639eee27ea1120 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
a8a3aff106 |
Merge android-4.9.86 (b324a70) into msm-4.9
* refs/heads/tmp-b324a70:
Linux 4.9.86
MIPS: Implement __multi3 for GCC7 MIPS64r6 builds
KVM: arm/arm64: Fix check for hugepage size when allocating at Stage 2
net: gianfar_ptp: move set_fipers() to spinlock protecting area
sctp: make use of pre-calculated len
xen/gntdev: Fix partial gntdev_mmap() cleanup
xen/gntdev: Fix off-by-one error when unmapping with holes
SolutionEngine771x: fix Ether platform data
mdio-sun4i: Fix a memory leak
xen-netfront: enable device after manual module load
bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine.
can: flex_can: Correct the checking for frame length in flexcan_start_xmit()
mac80211: mesh: drop frames appearing to be from us
nl80211: Check for the required netlink attribute presence
i40e/i40evf: Account for frags split over multiple descriptors in check linearize
uapi libc compat: add fallback for unsupported libcs
drm/ttm: check the return value of kzalloc
NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625
e1000: fix disabling already-disabled warning
macvlan: Fix one possible double free
xfs: quota: check result of register_shrinker()
xfs: quota: fix missed destroy of qi_tree_lock
IB/ipoib: Fix race condition in neigh creation
IB/mlx4: Fix mlx4_ib_alloc_mr error flow
s390/dasd: fix wrongly assigned configuration data
genirq: Guard handle_bad_irq log messages
IB/mlx5: Fix mlx5_ib_alloc_mr error flow
led: core: Fix brightness setting when setting delay_off=0
bnx2x: Improve reliability in case of nested PCI errors
tg3: Enable PHY reset in MTU change path for 5720
tg3: Add workaround to restrict 5762 MRRS to 2048
tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path
tipc: error path leak fixes in tipc_enable_bearer()
lib/mpi: Fix umul_ppmm() for MIPS64r6
ARM: dts: ls1021a: fix incorrect clock references
scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error
net: stmmac: Fix TX timestamp calculation
ip6_tunnel: get the min mtu properly in ip6_tnl_xmit
net: arc_emac: fix arc_emac_rx() error paths
net: mediatek: setup proper state for disabled GMAC on the default
ASoC: nau8825: fix issue that pop noise when start capture
spi: atmel: fixed spin_lock usage inside atmel_spi_remove
mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl
drm/nouveau/pci: do a msi rearm on init
net: phy: xgene: disable clk on error paths
sget(): handle failures of register_shrinker()
x86/asm: Allow again using asm.h when building for the 'bpf' clang target
ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch
ipv6: icmp6: Allow icmp messages to be looped back
mtd: nand: brcmnand: Zero bitflip is not an error
mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM
net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support
nvme: check hw sectors before setting chunk sectors
dmaengine: fsl-edma: disable clks on all error paths
f2fs: fix a bug caused by NULL extent tree
i2c: designware: must wait for enable
hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers)
ANDROID: kbuild: change LTO into a choice
ANDROID: arm64: crypto: fix AES CE when built as a module
ANDROID: staging: lustre: fix filler function type
ANDROID: fs: logfs: fix filler function type
ANDROID: fs: gfs2: fix filler function type
ANDROID: fs: exofs: fix filler function type
ANDROID: fs: afs: fix filler function type
ANDROID: keychord: Check for write data size
media-device: fix ioctl function types
drivers/perf: arm_pmu: fix function type mismatch
dummycon: fix function types
fs: nfs: fix filler function type
mm: fix filler function type mismatch
mm: fix drain_local_pages function type
BACKPORT: vfs: pass type instead of fn to do_{loop,iter}_readv_writev()
arch/arm64/crypto: fix CFI in AES CE
arch/arm64/crypto: fix CFI in SHA CE
arm64: disable CFI for cpu_replace_ttbr1
v4l2-ioctl: fix function types for IOCTL_INFO_STD
UPSTREAM: module: Do not paper over type mismatches in module_param_call()
BACKPORT: treewide: Fix function prototypes for module_param_call()
UPSTREAM: module: Prepare to convert all module_param_call() prototypes
bpf: fix function type for __bpf_prog_run
kallsyms: strip the .cfi postfix from symbols with CONFIG_CFI_CLANG
add support for clang Control Flow Integrity (CFI)
HACK: init: ensure initcall ordering with LTO
xen/efi: don't use -fshort-wchar
drivers/misc: disable LTO for lkdtm_rodata.o
arm64: vdso: disable LTO
FROMLIST: BACKPORT: arm64: select ARCH_SUPPORTS_LTO_CLANG
FROMLIST: BACKPORT: arm64: disable RANDOMIZE_MODULE_REGION_FULL with LTO_CLANG
FROMLIST: arch/arm64/crypto: disable LTO for aes-ce-cipher.c
arm64: disable ARM64_ERRATUM_843419 for clang LTO
arm64: pass code model to LLVMgold
FROMLIST: BACKPORT: arm64: make mrs_s and msr_s macros work with LTO
FROMLIST: arm64: kvm: use -fno-jump-tables with clang
FROMLIST: efi/libstub: disable LTO
FROMLIST: scripts/mod: disable LTO for empty.c
FROMLIST: BACKPORT: kbuild: fix dynamic ftrace with clang LTO
FROMLIST: BACKPORT: kbuild: add support for clang LTO
FROMLIST: BACKPORT: arm64: add a workaround for GNU gold with ARM64_MODULE_PLTS
FROMLIST: arm64: explicitly pass --no-fix-cortex-a53-843419 to GNU gold
FROMLIST: kbuild: add __ld-ifversion and linker-specific macros
FROMLIST: kbuild: add ld-name macro
FROMLIST: BACKPORT: arm64: keep .altinstructions and .altinstr_replacement
arm64: fix LD_DEAD_CODE_DATA_ELIMINATION
FROMLIST: kbuild: fix LD_DEAD_CODE_DATA_ELIMINATION
FROMLIST: BACKPORT: kbuild: add __cc-ifversion and compiler-specific variants
FROMLIST: kbuild: add clang-version.sh
Revert "binder: add missing binder_unlock()"
Linux 4.9.85
x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
mm: fail get_vaddr_frames() for filesystem-dax mappings
mm: Fix devm_memremap_pages() collision handling
libnvdimm, dax: fix 1GB-aligned namespaces vs physical misalignment
IB/core: disable memory registration of filesystem-dax vmas
v4l2: disable filesystem-dax mapping support
mm: introduce get_user_pages_longterm
device-dax: implement ->split() to catch invalid munmap attempts
libnvdimm: fix integer overflow static analysis warning
fs/dax.c: fix inefficiency in dax_writeback_mapping_range()
mm: avoid spurious 'bad pmd' warning messages
X.509: fix NULL dereference when restricting key with unsupported_sig
binder: add missing binder_unlock()
drm/amdgpu: add new device to use atpx quirk
drm/amdgpu: Avoid leaking PM domain on driver unbind (v2)
drm/amdgpu: add atpx quirk handling (v2)
drm/amdgpu: Add dpm quirk for Jet PRO (v2)
usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path
usb: gadget: f_fs: Process all descriptors during bind
Revert "usb: musb: host: don't start next rx urb if current one failed"
usb: ldusb: add PIDs for new CASSY devices supported by this driver
usb: dwc3: gadget: Set maxpacket size for ep0 IN
drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA
Add delay-init quirk for Corsair K70 RGB keyboards
arm64: Disable unhandled signal log messages by default
usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks()
ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func()
PCI/cxgb4: Extend T3 PCI quirk to T4+ devices
irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq()
x86/oprofile: Fix bogus GCC-8 warning in nmi_setup()
iio: adis_lib: Initialize trigger before requesting interrupt
iio: buffer: check if a buffer has been set up when poll is called
RDMA/uverbs: Protect from command mask overflow
PKCS#7: fix certificate chain verification
X.509: fix BUG_ON() when hash algorithm is unsupported
cfg80211: fix cfg80211_beacon_dup
scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info
xtensa: fix high memory/reserved memory collision
netfilter: drop outermost socket lock in getsockopt()
ANDROID: sdcardfs: Set num in extension_details during make_item
Conflicts:
Makefile
arch/arm64/include/asm/arch_gicv3.h
arch/arm64/kernel/module.lds
drivers/usb/gadget/function/f_fs.c
scripts/link-vmlinux.sh
Change in module_param_call() definition requires alignment in:
drivers/hwtracing/coresight/coresight-event.c
drivers/media/radio/radio-iris-transport.c
drivers/power/reset/msm-poweroff.c
drivers/soc/qcom/wcnss/wcnss_wlan.c
drivers/video/fbdev/msm/mdss_dsi_status.c
Change-Id: I2fa32c39bd4ba8a132f8f8abc8132a2ceb32907a
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Matt Wagantall
|
72633f8045 |
exit: Add PANIC_ON_RECURSIVE_FAULT Kconfig option
If a recursive fault is detected during do_exit(), tasks are left to sit and wait in an un-interruptible sleep until the system reboots (typically manually). Add Kconfig option to change this behaviour and force a panic. This is particularly important if a critical system task encounters a recursive fault (ex. a kworker). Otherwise, the system may be unusable, but since the scheduler is still running system watchdogs may continue to be pet. Change-Id: Ifc26fc79d6066f05a3b2c4d27f78bf4f8d2bd640 Signed-off-by: Matt Wagantall <mattw@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
9c3fb9cd6e |
Merge 4.9.92 into android-4.9
Changes in 4.9.92 scsi: sg: don't return bogus Sg_requests Revert "genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs" net sched actions: return explicit error when tunnel_key mode is not specified ppp: avoid loop in xmit recursion detection code rhashtable: Fix rhlist duplicates insertion sch_netem: fix skb leak in netem_enqueue() ieee802154: 6lowpan: fix possible NULL deref in lowpan_device_event() net: use skb_to_full_sk() in skb_update_prio() net: Fix hlist corruptions in inet_evict_bucket() dccp: check sk for closed state in dccp_sendmsg() ipv6: fix access to non-linear packet in ndisc_fill_redirect_hdr_option() l2tp: do not accept arbitrary sockets net: ethernet: arc: Fix a potential memory leak if an optional regulator is deferred net: ethernet: ti: cpsw: add check for in-band mode setting with RGMII PHY interface net: fec: Fix unbalanced PM runtime calls net/iucv: Free memory obtained by kzalloc netlink: avoid a double skb free in genlmsg_mcast() net: Only honor ifindex in IP_PKTINFO if non-0 skbuff: Fix not waking applications when errors are enqueued team: Fix double free in error path soc/fsl/qbman: fix issue in qman_delete_cgr_safe() s390/qeth: free netdevice when removing a card s390/qeth: when thread completes, wake up all waiters s390/qeth: lock read device while queueing next buffer s390/qeth: on channel error, reject further cmd requests net: systemport: Rewrite __bcm_sysport_tx_reclaim() kcm: lock lower socket in kcm_attach net: hns: Fix a skb used after free bug Linux 4.9.92 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Paul Blakey
|
ad6217049e |
rhashtable: Fix rhlist duplicates insertion
[ Upstream commit d3dcf8eb615537526bd42ff27a081d46d337816e ]
When inserting duplicate objects (those with the same key),
current rhlist implementation messes up the chain pointers by
updating the bucket pointer instead of prev next pointer to the
newly inserted node. This causes missing elements on removal and
travesal.
Fix that by properly updating pprev pointer to point to
the correct rhash_head next pointer.
Issue: 1241076
Change-Id: I86b2c140bcb4aeb10b70a72a267ff590bb2b17e7
Fixes:
|
||
|
Greg Kroah-Hartman
|
bb94f9d8f5 |
Merge 4.9.91 into android-4.9
Changes in 4.9.91
MIPS: ralink: Remove ralink_halt()
iio: st_pressure: st_accel: pass correct platform data to init
ALSA: usb-audio: Fix parsing descriptor of UAC2 processing unit
ALSA: aloop: Sync stale timer before release
ALSA: aloop: Fix access to not-yet-ready substream via cable
ALSA: hda/realtek - Always immediately update mute LED with pin VREF
mmc: dw_mmc: fix falling from idmac to PIO mode when dw_mci_reset occurs
PCI: Add function 1 DMA alias quirk for Highpoint RocketRAID 644L
ahci: Add PCI-id for the Highpoint Rocketraid 644L card
clk: bcm2835: Fix ana->maskX definitions
clk: bcm2835: Protect sections updating shared registers
clk: sunxi-ng: a31: Fix CLK_OUT_* clock ops
Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174
libata: fix length validation of ATAPI-relayed SCSI commands
libata: remove WARN() for DMA or PIO command without data
libata: don't try to pass through NCQ commands to non-NCQ devices
libata: Apply NOLPM quirk to Crucial MX100 512GB SSDs
libata: disable LPM for Crucial BX100 SSD 500GB drive
libata: Enable queued TRIM for Samsung SSD 860
libata: Apply NOLPM quirk to Crucial M500 480 and 960GB SSDs
libata: Make Crucial BX100 500GB LPM quirk apply to all firmware versions
libata: Modify quirks for MX100 to limit NCQ_TRIM quirk to MU01 version
nfsd: remove blocked locks on client teardown
mm/vmalloc: add interfaces to free unmapped page table
x86/mm: implement free pmd/pte page interfaces
mm/khugepaged.c: convert VM_BUG_ON() to collapse fail
mm/thp: do not wait for lock_page() in deferred_split_scan()
mm/shmem: do not wait for lock_page() in shmem_unused_huge_shrink()
drm/vmwgfx: Fix a destoy-while-held mutex problem.
drm/radeon: Don't turn off DP sink when disconnected
drm: udl: Properly check framebuffer mmap offsets
acpi, numa: fix pxm to online numa node associations
ACPI / watchdog: Fix off-by-one error at resource assignment
libnvdimm, {btt, blk}: do integrity setup before add_disk()
brcmfmac: fix P2P_DEVICE ethernet address generation
rtlwifi: rtl8723be: Fix loss of signal
tracing: probeevent: Fix to support minus offset from symbol
mtdchar: fix usage of mtd_ooblayout_ecc()
mtd: nand: fsl_ifc: Fix nand waitfunc return value
mtd: nand: fsl_ifc: Fix eccstat array overflow for IFC ver >= 2.0.0
mtd: nand: fsl_ifc: Read ECCSTAT0 and ECCSTAT1 registers for IFC 2.0
staging: ncpfs: memory corruption in ncp_read_kernel()
can: ifi: Repair the error handling
can: ifi: Check core revision upon probe
can: cc770: Fix stalls on rt-linux, remove redundant IRQ ack
can: cc770: Fix queue stall & dropped RTR reply
can: cc770: Fix use after free in cc770_tx_interrupt()
tty: vt: fix up tabstops properly
selftests/x86/ptrace_syscall: Fix for yet more glibc interference
kvm/x86: fix icebp instruction handling
x86/build/64: Force the linker to use 2MB page size
x86/boot/64: Verify alignment of the LOAD segment
x86/entry/64: Don't use IST entry for #BP stack
perf/x86/intel/uncore: Fix Skylake UPI event format
perf stat: Fix CVS output format for non-supported counters
perf/x86/intel: Don't accidentally clear high bits in bdw_limit_period()
perf/x86/intel/uncore: Fix multi-domain PCI CHA enumeration bug on Skylake servers
iio: ABI: Fix name of timestamp sysfs file
staging: lustre: ptlrpc: kfree used instead of kvfree
selftests, x86, protection_keys: fix wrong offset in siginfo
selftests/x86/protection_keys: Fix syscall NR redefinition warnings
signal/testing: Don't look for __SI_FAULT in userspace
x86/pkeys/selftests: Rename 'si_pkey' to 'siginfo_pkey'
selftests: x86: sysret_ss_attrs doesn't build on a PIE build
kbuild: disable clang's default use of -fmerge-all-constants
bpf: skip unnecessary capability check
bpf, x64: increase number of passes
Linux 4.9.91
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Toshi Kani
|
9c7f7bdb19 |
mm/vmalloc: add interfaces to free unmapped page table
commit b6bdb7517c3d3f41f20e5c2948d6bc3f8897394e upstream.
On architectures with CONFIG_HAVE_ARCH_HUGE_VMAP set, ioremap() may
create pud/pmd mappings. A kernel panic was observed on arm64 systems
with Cortex-A75 in the following steps as described by Hanjun Guo.
1. ioremap a 4K size, valid page table will build,
2. iounmap it, pte0 will set to 0;
3. ioremap the same address with 2M size, pgd/pmd is unchanged,
then set the a new value for pmd;
4. pte0 is leaked;
5. CPU may meet exception because the old pmd is still in TLB,
which will lead to kernel panic.
This panic is not reproducible on x86. INVLPG, called from iounmap,
purges all levels of entries associated with purged address on x86. x86
still has memory leak.
The patch changes the ioremap path to free unmapped page table(s) since
doing so in the unmap path has the following issues:
- The iounmap() path is shared with vunmap(). Since vmap() only
supports pte mappings, making vunmap() to free a pte page is an
overhead for regular vmap users as they do not need a pte page freed
up.
- Checking if all entries in a pte page are cleared in the unmap path
is racy, and serializing this check is expensive.
- The unmap path calls free_vmap_area_noflush() to do lazy TLB purges.
Clearing a pud/pmd entry before the lazy TLB purges needs extra TLB
purge.
Add two interfaces, pud_free_pmd_page() and pmd_free_pte_page(), which
clear a given pud/pmd entry and free up a page for the lower level
entries.
This patch implements their stub functions on x86 and arm64, which work
as workaround.
[akpm@linux-foundation.org: fix typo in pmd_free_pte_page() stub]
Link: http://lkml.kernel.org/r/20180314180155.19492-2-toshi.kani@hpe.com
Fixes:
|
||
|
Joel Fernandes
|
ebc27895e9 |
ANDROID: debugobjects: Make stack check warning more informative
Currently there is a difficult to debug bug where an object on the stack appears to not be on it. Discussing with tglx, he suggests printing the pointers and the location of the stack for the currently running task. Lets do the same, so that the error message is more informative and can help in debugging. After debugging, we can upstream this patch if its useful. Bug: 72009635 Change-Id: Id50518e70a500b850580684e82b999afbf88ee75 Signed-off-by: Joel Fernandes <joelaf@google.com> |
||
|
Blagovest Kolenichev
|
e06a1054bd |
Merge android-4.9.84 (a9d0273) into msm-4.9
* refs/heads/tmp-a9d0273:
Linux 4.9.84
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
KVM: nVMX: invvpid handling improvements
KVM: VMX: clean up declaration of VPID/EPT invalidation types
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
usb: phy: msm add regulator dependency
arm64: fix warning about swapper_pg_dir overflow
idle: i7300: add PCI dependency
spi: bcm-qspi: shut up warning about cfi header inclusion
binfmt_elf: compat: avoid unused function warning
arm64: sunxi: always enable reset controller
drm/i915: hide unused intel_panel_set_backlight function
kasan: rework Kconfig settings
clk: meson: gxbb: fix build error without RESET_CONTROLLER
ISDN: eicon: reduce stack size of sig_ind function
tw5864: use dev_warn instead of WARN to shut up warning
em28xx: only use mt9v011 if camera support is enabled
go7007: add MEDIA_CAMERA_SUPPORT dependency
tc358743: fix register i2c_rd/wr functions
shmem: fix compilation warnings on unused functions
KVM: add X86_LOCAL_APIC dependency
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
rbd: silence bogus -Wmaybe-uninitialized warning
drm: exynos: mark pm functions as __maybe_unused
security/keys: BIG_KEY requires CONFIG_CRYPTO
cw1200: fix bogus maybe-uninitialized warning
reiserfs: avoid a -Wmaybe-uninitialized warning
ALSA: hda/ca0132 - fix possible NULL pointer use
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
scsi: advansys: fix uninitialized data access
x86/vm86: Fix unused variable warning if THP is disabled
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
dmaengine: zx: fix build warning
x86: add MULTIUSER dependency for KVM
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86/build: Silence the build with "make -s"
tools build: Add tools tree support for 'make -s'
x86/fpu/math-emu: Fix possible uninitialized variable use
arm64: define BUG() instruction without CONFIG_BUG
gpio: xgene: mark PM functions as __maybe_unused
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
scsi: advansys: fix build warning for PCI=n
video: fbdev: via: remove possibly unused variables
perf: xgene: Include module.h
PCI: Change pci_host_common_probe() visibility
usb: musb: fix compilation warning on unused function
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
gpio: intel-mid: Fix build warning when !CONFIG_PM
PCI: vmd: Fix suspend handlers defined-but-not-used warning
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
vmxnet3: prevent building with 64K pages
clk: sunxi-ng: fix build error without CONFIG_RESET_CONTROLLER
shmem: avoid maybe-uninitialized warning
drm/i915: fix intel_backlight_device_register declaration
crypto: talitos - fix Kernel Oops on hashing an empty file
powerpc/64s: Improve RFI L1-D cache flush fallback
powerpc/64s: Simple RFI macro conversions
powerpc/64s: Fix conversion of slb_miss_common to use RFI_TO_USER/KERNEL
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
xen: XEN_ACPI_PROCESSOR is Dom0-only
platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
usb: dwc3: of-simple: fix missing clk_disable_unprepare
usb: dwc3: gadget: Wait longer for controller to end command processing
dmaengine: jz4740: disable/unprepare clk if probe fails
drm/armada: fix leak of crtc structure
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
spi: sun4i: disable clocks in the remove function
ASoC: rockchip: disable clock on error
clk: fix a panic error caused by accessing NULL pointer
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
dmaengine: ioat: Fix error handling path
gianfar: Disable EEE autoneg by default
509: fix printing uninitialized stack memory when OID is empty
net: ethernet: arc: fix error handling in emac_rockchip_probe
brcmfmac: Avoid build error with make W=1
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
net_sched: red: Avoid illegal values
net_sched: red: Avoid devision by zero
gianfar: fix a flooded alignment reports because of padding issue.
ARM: dts: Fix elm interrupt compiler warning
s390/dasd: prevent prefix I/O error
powerpc/perf: Fix oops when grouping different pmu events
m68k: add missing SOFTIRQENTRY_TEXT linker section
ipvlan: Add the skb->mark as flow4's member to lookup route
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune
RDMA/cma: Make sure that PSN is not over max allowed
i40iw: Correct ARP index mask
pinctrl: sunxi: Fix A64 UART mux value
pinctrl: sunxi: Fix A80 interrupt pin bank
media: s5k6aa: describe some function parameters
perf bench numa: Fixup discontiguous/sparse numa nodes
perf top: Fix window dimensions change handling
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
usb: build drivers/usb/common/ when USB_SUPPORT is set
usbip: keep usbip_device sockfd state in sync with tcp_socket
staging: iio: ad5933: switch buffer mode to software
staging: iio: adc: ad7192: fix external frequency setting
binder: check for binder_thread allocation failure in binder_poll()
staging: android: ashmem: Fix a race condition in pin ioctls
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
arm64: dts: add #cooling-cells to CPU nodes
ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
ASoC: ux500: add MODULE_LICENSE tag
crypto: hash - prevent using keyed hashes without setting key
crypto: hash - annotate algorithms taking optional key
net: avoid skb_warn_bad_offload on IS_ERR
rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
kcov: detect double association with a single task
KVM: x86: fix escape of guest dr6 to the host
blk_rq_map_user_iov: fix error override
staging: android: ion: Switch from WARN to pr_warn
staging: android: ion: Add __GFP_NOWARN for system contig heap
crypto: x86/twofish-3way - Fix %rbp usage
selinux: skip bounded transition processing if the policy isn't loaded
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
Provide a function to create a NUL-terminated string from unterminated data
ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
blktrace: fix unlocked registration of tracepoints
sctp: set frag_point in sctp_setsockopt_maxseg correctly
xfrm: check id proto in validate_tmpl()
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
xfrm: skip policies marked as dead while rehashing
cfg80211: check dev_set_name() return value
kcm: Only allow TCP sockets to be attached to a KCM mux
kcm: Check if sk_user_data already set in kcm_attach
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
ANDROID: sdcardfs: Hold i_mutex for i_size_write
UPSTREAM: ANDROID: binder: synchronize_rcu() when using POLLFREE.
BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck64-XTS
BACKPORT, FROMGIT: crypto: speck - add test vectors for Speck128-XTS
BACKPORT, FROMGIT: crypto: arm/speck - add NEON-accelerated implementation of Speck-XTS
FROMGIT: crypto: speck - export common helpers
BACKPORT, FROMGIT: crypto: speck - add support for the Speck block cipher
f2fs: updates on v4.16-rc1
Linux 4.9.83
media: r820t: fix r820t_write_reg for KASAN
ARM: dts: Delete bogus reference to the charlcd
arm: dts: mt2701: Add reset-cells
ARM: dts: s5pv210: add interrupt-parent for ohci
arm64: dts: msm8916: Add missing #phy-cells
ARM: pxa/tosa-bt: add MODULE_LICENSE tag
ARM: dts: exynos: fix RTC interrupt for exynos5410
vfs: don't do RCU lookup of empty pathnames
x86: fix build warnign with 32-bit PAE
x86/cpu: Change type of x86_cache_size variable to unsigned int
x86/spectre: Fix an error message
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
selftests/x86/mpx: Fix incorrect bounds with old _sigfault
x86/speculation: Add <asm/msr-index.h> dependency
nospec: Move array_index_nospec() parameter checking into separate macro
x86/speculation: Fix up array_index_nospec_mask() asm constraint
selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
selftests/x86/pkeys: Remove unused functions
x86/speculation: Clean up various Spectre related details
X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods
x86/speculation: Correct Speculation Control microcode blacklist again
x86/speculation: Update Speculation Control microcode blacklist
compiler-gcc.h: Introduce __optimize function attribute
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
arm: spear13xx: Fix spics gpio controller's warning
arm: spear13xx: Fix dmas cells
arm: spear600: Add missing interrupt-parent of rtc
ARM: dts: nomadik: add interrupt-parent for clcd
ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
ARM: lpc3250: fix uda1380 gpio numbers
arm64: dts: msm8916: Correct ipc references for smsm
s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
PM / devfreq: Propagate error from devfreq_add_device()
cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
RDMA/rxe: Fix a race condition related to the QP error state
kselftest: fix OOM in memory compaction test
IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
IB/qib: Fix comparison error with qperf compare/swap test
powerpc: fix build errors in stable tree
dm: correctly handle chained bios in dec_pending()
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
mvpp2: fix multicast address filter
ALSA: seq: Fix racy pool initializations
ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
ALSA: hda - Fix headset mic detection problem for two Dell machines
mtd: nand: vf610: set correct ooblayout
9p/trans_virtio: discard zero-length reply
Btrfs: fix unexpected -EEXIST when creating new inode
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
Btrfs: fix extent state leak from tree log
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
Btrfs: fix deadlock in run_delalloc_nocow
target/iscsi: avoid NULL dereference in CHAP auth error path
rtlwifi: rtl8821ae: Fix connection lost problem correctly
console/dummy: leave .con_font_get set to NULL
video: fbdev: atmel_lcdfb: fix display-timings lookup
PCI: keystone: Fix interrupt-controller-node lookup
MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
mm: Fix memory size alignment in devm_memremap_pages_release()
mm: hide a #warning for COMPILE_TEST
ext4: correct documentation for grpid mount option
ext4: save error to disk in __ext4_grp_locked_error()
ext4: fix a race in the ext4 shutdown path
jbd2: fix sphinx kernel-doc build warnings
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
rtc-opal: Fix handling of firmware error codes, prevent busy loops
drm/radeon: adjust tested variable
drm/radeon: Add dpm quirk for Jet PRO (v2)
scsi: smartpqi: allow static build ("built-in")
BACKPORT: tee: shm: Potential NULL dereference calling tee_shm_register()
BACKPORT: tee: shm: don't put_page on null shm->pages
BACKPORT: tee: shm: make function __tee_shm_alloc static
BACKPORT: tee: optee: check type of registered shared memory
BACKPORT: tee: add start argument to shm_register callback
BACKPORT: tee: optee: fix header dependencies
BACKPORT: tee: shm: inline tee_shm_get_id()
BACKPORT: tee: use reference counting for tee_context
BACKPORT: tee: optee: enable dynamic SHM support
BACKPORT: tee: optee: add optee-specific shared pool implementation
BACKPORT: tee: optee: store OP-TEE capabilities in private data
BACKPORT: tee: optee: add registered buffers handling into RPC calls
BACKPORT: tee: optee: add registered shared parameters handling
BACKPORT: tee: optee: add shared buffer registration functions
BACKPORT: tee: optee: add page list manipulation functions
BACKPORT: tee: optee: Update protocol definitions
BACKPORT: tee: shm: add page accessor functions
BACKPORT: tee: shm: add accessors for buffer size and page offset
BACKPORT: tee: add register user memory
BACKPORT: tee: flexible shared memory pool creation
BACKPORT: optee: support asynchronous supplicant requests
BACKPORT: tee: add TEE_IOCTL_PARAM_ATTR_META
BACKPORT: tee: add tee_param_is_memref() for driver use
UPSTREAM: tcp: fix access to sk->sk_state in tcp_poll()
BACKPORT: tcp: fix potential double free issue for fastopen_req
BACKPORT: xfrm: Fix return value check of copy_sec_ctx.
time: Fix ktime_get_raw() incorrect base accumulation
FROMLIST: coresight: ETM: Add support for ARM Cortex-A73
FROMLIST: coresight: tmc: implementing TMC-ETR AUX space API
UPSTREAM: coresight: etm_perf: Fix using uninitialised work
UPSTREAM: coresight: fix kernel panic caused by invalid CPU
UPSTREAM: coresight: Fix disabling of CoreSight TPIU
UPSTREAM: coresight: perf: Add a missing call to etm_free_aux
UPSTREAM: coresight: tmc: Remove duplicate memset
UPSTREAM: coresight: tmc: Get rid of mode parameter for helper routines
UPSTREAM: coresight: tmc: Cleanup operation mode handling
UPSTREAM: coresight: reset "enable_sink" flag when need be
sched/fair: prevent possible infinite loop in sched_group_energy
ANDROID: qtaguid: Fix the UAF probelm with tag_ref_tree
UPSTREAM: ANDROID: binder: remove waitqueue when thread exits.
ANDROID: sdcardfs: Protect set_top
ANDROID: fsnotify: Notify lower fs of open
Revert "ANDROID: sdcardfs: notify lower file of opens"
ANDROID: sdcardfs: Use lower getattr times/size
ANDROID: sched: EAS: check energy_aware() before calling select_energy_cpu_brute() in up-migrate path
UPSTREAM: eventpoll.h: add missing epoll event masks
BACKPORT: thermal/drivers/hisi: Add support for hi3660 SoC
BACKPORT: thermal/drivers/hisi: Prepare to add support for other hisi platforms
BACKPORT: thermal/drivers/hisi: Add platform prefix to function name
BACKPORT: thermal/drivers/hisi: Put platform code together
BACKPORT: thermal/drivers/hisi: Use round up step value
BACKPORT: thermal/drivers/hisi: Move the clk setup in the corresponding functions
BACKPORT: thermal/drivers/hisi: Remove mutex_lock in the code
BACKPORT: thermal/drivers/hisi: Remove thermal data back pointer
BACKPORT: thermal/drivers/hisi: Convert long to int
BACKPORT: thermal/drivers/hisi: Rename and remove unused field
BACKPORT: thermal/drivers/hisi: Remove costly sensor inspection
BACKPORT: thermal/drivers/hisi: Fix configuration register setting
BACKPORT: thermal/drivers/hisi: Encapsulate register writes into helpers
BACKPORT: thermal/drivers/hisi: Remove pointless lock
BACKPORT: thermal/drivers/hisi: Remove the multiple sensors support
BACKPORT: thermal: hisilicon: constify thermal_zone_of_device_ops structures
ANDROID: xattr: Pass EOPNOTSUPP to permission2
ANDROID: sdcardfs: Move default_normal to superblock
UPSTREAM: tcp: fix a request socket leak
UPSTREAM: tcp: fix possible deadlock in TCP stack vs BPF filter
UPSTREAM: tcp: Add a tcp_filter hook before handle ack packet
FROMLIST: arm64: kpti: Fix the interaction between ASID switching and software PAN
FROMLIST: arm64: Move post_ttbr_update_workaround to C code
fscrypt: updates on 4.15-rc4
ANDROID: uid_sys_stats: fix the comment
BACKPORT: optee: fix invalid of_node_put() in optee_driver_init()
BACKPORT: tee: optee: sync with new naming of interrupts
BACKPORT: tee: indicate privileged dev in gen_caps
BACKPORT: tee: optee: interruptible RPC sleep
BACKPORT: tee: optee: add const to tee_driver_ops and tee_desc structures
BACKPORT: tee: tee_shm: Constify dma_buf_ops structures.
BACKPORT: tee: add forward declaration for struct device
BACKPORT: tee: optee: fix uninitialized symbol 'parg'
BACKPORT: tee.txt: standardize document format
BACKPORT: tee: add ARM_SMCCC dependency
clocksource: arch_timer: make virtual counter access configurable
arm64: issue isb when trapping CNTVCT_EL0 access
BACKPORT: arm64: Add CNTFRQ_EL0 trap handler
BACKPORT: arm64: Add CNTVCT_EL0 trap handler
ANDROID: sdcardfs: Fix missing break on default_normal
ANDROID: arm64: kaslr: fixup Falkor workaround for 4.9
ANDROID: usb: f_fs: Prevent gadget unbind if it is already unbound
arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
arm64: use RET instruction for exiting the trampoline
UPSTREAM: arm64: kaslr: Put kernel vectors address in separate data page
UPSTREAM: arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
UPSTREAM: arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
UPSTREAM: arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
UPSTREAM: arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
UPSTREAM: arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
UPSTREAM: arm64: entry: Hook up entry trampoline to exception vectors
UPSTREAM: arm64: entry: Explicitly pass exception level to kernel_ventry macro
UPSTREAM: arm64: mm: Map entry trampoline into trampoline and kernel page tables
UPSTREAM: arm64: entry: Add exception trampoline page for exceptions from EL0
UPSTREAM: arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
UPSTREAM: arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
UPSTREAM: arm64: mm: Allocate ASIDs in pairs
UPSTREAM: arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
UPSTREAM: arm64: mm: Rename post_ttbr0_update_workaround
UPSTREAM: arm64: mm: Move ASID from TTBR0 to TTBR1
UPSTREAM: arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
UPSTREAM: arm64: mm: Use non-global mappings for kernel space
UPSTREAM: arm64: factor out entry stack manipulation
ANDROID: sdcardfs: Add default_normal option
ANDROID: sdcardfs: notify lower file of opens
blkdev: Refactoring block io latency histogram codes
UPSTREAM: netfilter: conntrack: use power efficient workqueue
ANDROID: binder: Remove obsolete proc waitqueue.
UPSTREAM: arm64: setup: introduce kaslr_offset()
UPSTREAM: kcov: fix comparison callback signature
UPSTREAM: kcov: support comparison operands collection
UPSTREAM: kcov: remove pointless current != NULL check
UPSTREAM: kcov: support compat processes
UPSTREAM: kcov: simplify interrupt check
UPSTREAM: kcov: make kcov work properly with KASLR enabled
UPSTREAM: kcov: add more missing includes
BACKPORT: irq: Make the irqentry text section unconditional
UPSTREAM: kasan: make get_wild_bug_type() static
UPSTREAM: kasan: separate report parts by empty lines
UPSTREAM: kasan: improve double-free report format
UPSTREAM: kasan: print page description after stacks
UPSTREAM: kasan: improve slab object description
UPSTREAM: kasan: change report header
UPSTREAM: kasan: simplify address description logic
UPSTREAM: kasan: change allocation and freeing stack traces headers
UPSTREAM: kasan: unify report headers
UPSTREAM: kasan: introduce helper functions for determining bug type
BACKPORT: kasan: report only the first error by default
UPSTREAM: kasan: fix races in quarantine_remove_cache()
UPSTREAM: kasan: resched in quarantine_remove_cache()
UPSTREAM: kasan, sched/headers: Uninline kasan_enable/disable_current()
UPSTREAM: kasan: drain quarantine of memcg slab objects
UPSTREAM: kasan: eliminate long stalls during quarantine reduction
UPSTREAM: kasan: support panic_on_warn
ANDROID: dma-buf/sw_sync: Rename active_list to link
ANDROID: initramfs: call free_initrd() when skipping init
BACKPORT: Documentation: tee subsystem and op-tee driver
BACKPORT: tee: add OP-TEE driver
BACKPORT: tee: generic TEE subsystem
BACKPORT: dt/bindings: add bindings for optee
BACKPORT: schedutil: Reset cached freq if it is not in sync with next_freq
sched: EAS/WALT: Don't take into account of running task's util
sched: EAS/WALT: take into account of waking task's load
sched: EAS: upmigrate misfit current task
sched: avoid pushing tasks to an offline CPU
sched: Extend active balance to accept 'push_task' argument
sched: walt: Correct WALT window size initialization
sched: WALT: account cumulative window demand
sched: EAS/WALT: finish accounting prior to task_tick
sched/fair: prevent meaningless active migration
sched: walt: Leverage existing helper APIs to apply invariance
UPSTREAM: net: xfrm: allow clearing socket xfrm policies.
UPSTREAM: time: Clean up CLOCK_MONOTONIC_RAW time handling
UPSTREAM: arm64: vdso: fix clock_getres for 4GiB-aligned res
f2fs: updates on 4.15-rc1
UPSTREAM: android: binder: fix type mismatch warning
BACKPORT: arm64: Use __pa_symbol for empty_zero_page
UPSTREAM: arm64: Use __pa_symbol for kernel symbols
UPSTREAM: mm: Introduce lm_alias
FROMLIST: binder: fix proc->files use-after-free
BACKPORT: xfrm: Clear sk_dst_cache when applying per-socket policy.
sched: WALT: fix potential overflow
sched: Update task->on_rq when tasks are moving between runqueues
sched: WALT: fix window mis-alignment
sched: EAS: kill incorrect nohz idle cpu kick
sched: EAS: fix incorrect energy delta calculation due to rounding error
sched: EAS/WALT: use cr_avg instead of prev_runnable_sum
sched: WALT: fix broken cumulative runnable average accounting
sched: deadline: WALT: account cumulative runnable avg
ANDROID: binder: clarify deferred thread work.
BACKPORT: net/tcp-fastopen: Add new API support
UPSTREAM: net: Remove __sk_dst_reset() in tcp_v6_connect()
UPSTREAM: net/tcp-fastopen: refactor cookie check logic
sched: compute task utilisation with WALT consistently
FROMLIST: arm64: Avoid aligning normal memory pointers in __memcpy_{to,from}io
UPSTREAM: security: bpf: replace include of linux/bpf.h with forward declarations
UPSTREAM: selinux: bpf: Add addtional check for bpf object file receive
UPSTREAM: selinux: bpf: Add selinux check for eBPF syscall operations
BACKPORT: security: bpf: Add LSM hooks for bpf object related syscall
BACKPORT: bpf: Add file mode configuration into bpf maps
cpufreq: Drop schedfreq governor
ANDROID: Revert "arm64: move ELF_ET_DYN_BASE to 4GB / 4MB"
ANDROID: Revert "arm: move ELF_ET_DYN_BASE to 4MB"
sched: EAS: Fix the condition to distinguish energy before/after
sched: EAS: update trg_cpu to backup_cpu if no energy saving for target_cpu
sched/fair: consider task utilization in group_max_util()
sched/fair: consider task utilization in group_norm_util()
sched/fair: enforce EAS mode
sched/fair: ignore backup CPU when not valid
sched/fair: trace energy_diff for non boosted tasks
UPSTREAM: sched/fair: Sync task util before slow-path wakeup
UPSTREAM: sched/core: Add missing update_rq_clock() call in set_user_nice()
UPSTREAM: sched/core: Add missing update_rq_clock() call for task_hot()
UPSTREAM: sched/core: Add missing update_rq_clock() in detach_task_cfs_rq()
UPSTREAM: sched/core: Add missing update_rq_clock() in post_init_entity_util_avg()
UPSTREAM: sched/fair: Fix task group initialization
cpufreq/sched: Consider max cpu capacity when choosing frequencies
cpufreq/sched: Use cpu max freq rather than policy max
sched/fair: remove erroneous RCU_LOCKDEP_WARN from start_cpu()
FROMLIST: ALSA: usx2y: Suppress kernel warning at page allocation failures
FROMLIST: kbuild: clang: fix build failures with sparse check
Revert "Revert "BACKPORT: efi/libstub/arm64: Set -fpie when building the EFI stub""
BACKPORT: efi/libstub: Unify command line param parsing
ANDROID: sched/walt: Fix divide by zero error in cpufreq notifier
ANDROID: binder: show high watermark of alloc->pages.
ANDROID: binder: Add thread->process_todo flag.
ANDROID: sched/fair: Select correct capacity state for energy_diff
ANDROID: cpufreq-dt: Set sane defaults for schedutil rate limits
BACKPORT: cpufreq: schedutil: Use policy-dependent transition delays
Revert "BACKPORT: efi/libstub/arm64: Set -fpie when building the EFI stub"
FROMLIST: android: binder: Fix null ptr dereference in debug msg
FROMLIST: android: binder: Change binder_shrinker to static
UPSTREAM: arm64: compat: Remove leftover variable declaration
ANDROID: HACK: arm64: use -mno-implicit-float instead of -mgeneral-regs-only
ANDROID: Kbuild, LLVMLinux: allow overriding clang target triple
CHROMIUM: arm64: Disable asm-operand-width warning for clang
CHROMIUM: kbuild: clang: Disable the 'duplicate-decl-specifier' warning
BACKPORT: x86/asm: Fix inline asm call constraints for Clang
BACKPORT: efi/libstub/arm64: Set -fpie when building the EFI stub
UPSTREAM: efi/libstub/arm64: Force 'hidden' visibility for section markers
UPSTREAM: efi/libstub/arm64: Use hidden attribute for struct screen_info reference
UPSTREAM: x86/build: Use cc-option to validate stack alignment parameter
UPSTREAM: x86/build: Fix stack alignment for CLang
UPSTREAM: compiler, clang: always inline when CONFIG_OPTIMIZE_INLINING is disabled
UPSTREAM: x86/boot: #undef memcpy() et al in string.c
UPSTREAM: llist: clang: introduce member_address_is_nonnull()
UPSTREAM: crypto: arm64/sha - avoid non-standard inline asm tricks
UPSTREAM: kbuild: clang: Disable 'address-of-packed-member' warning
UPSTREAM: x86/build: Specify stack alignment for clang
UPSTREAM: x86/build: Use __cc-option for boot code compiler options
UPSTREAM: kbuild: Add __cc-option macro
UPSTREAM: x86/mm/kaslr: Use the _ASM_MUL macro for multiplication to work around Clang incompatibility
UPSTREAM: crypto, x86: aesni - fix token pasting for clang
UPSTREAM: x86/kbuild: Use cc-option to enable -falign-{jumps/loops}
UPSTREAM: compiler, clang: properly override 'inline' for clang
UPSTREAM: compiler, clang: suppress warning for unused static inline functions
UPSTREAM: modules: mark __inittest/__exittest as __maybe_unused
UPSTREAM: kbuild: Add support to generate LLVM assembly files
UPSTREAM: kbuild: use -Oz instead of -Os when using clang
UPSTREAM: kbuild, LLVMLinux: Add -Werror to cc-option to support clang
UPSTREAM: kbuild: drop -Wno-unknown-warning-option from clang options
UPSTREAM: kbuild: fix asm-offset generation to work with clang
UPSTREAM: kbuild: consolidate redundant sed script ASM offset generation
UPSTREAM: kbuild: Consolidate header generation from ASM offset information
UPSTREAM: kbuild: clang: add -no-integrated-as to KBUILD_[AC]FLAGS
UPSTREAM: kbuild: Add better clang cross build support
FROMLIST: f2fs: expose some sectors to user in inline data or dentry case
UPSTREAM: sched/fair: Fix usage of find_idlest_group() when the local group is idlest
UPSTREAM: sched/fair: Fix usage of find_idlest_group() when no groups are allowed
UPSTREAM: sched/fair: Fix find_idlest_group() when local group is not allowed
UPSTREAM: sched/fair: Remove unnecessary comparison with -1
UPSTREAM: sched/fair: Move select_task_rq_fair() slow-path into its own function
UPSTREAM: sched/fair: Force balancing on NOHZ balance if local group has capacity
UPSTREAM: f2fs: fix potential panic during fstrim
f2fs: catch up to v4.14-rc1
UPSTREAM: sched: use load_avg for selecting idlest group
UPSTREAM: sched: fix find_idlest_group for fork
ANDROID: binder: fix node sched policy calculation
ANDROID: binder: init desired_prio.sched_policy before use it
BACKPORT: net: xfrm: support setting an output mark.
FROMLIST: tracing: Add support for preempt and irq enable/disable events
FROMLIST: tracing: Prepare to add preempt and irq trace events
Conflicts:
arch/arm64/Kconfig
arch/arm64/include/asm/assembler.h
arch/arm64/include/asm/cpucaps.h
arch/arm64/include/asm/efi.h
arch/arm64/include/asm/memory.h
arch/arm64/include/asm/mmu.h
arch/arm64/include/asm/mmu_context.h
arch/arm64/kernel/cpufeature.c
arch/arm64/kernel/io.c
arch/arm64/kernel/setup.c
arch/arm64/kernel/vdso.c
arch/arm64/mm/context.c
arch/arm64/mm/mmu.c
drivers/Kconfig
drivers/Makefile
drivers/cpufreq/Kconfig
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/hwtracing/coresight/coresight-priv.h
drivers/hwtracing/coresight/coresight-tmc-etr.c
drivers/hwtracing/coresight/coresight.c
drivers/scsi/ufs/ufshcd.h
drivers/staging/android/ion/ion-ioctl.c
drivers/staging/android/ion/ion_system_heap.c
drivers/usb/dwc3/gadget.c
include/linux/sched.h
include/trace/events/sched.h
kernel/kcov.c
kernel/sched/core.c
kernel/sched/cpufreq_sched.c
kernel/sched/cpufreq_schedutil.c
kernel/sched/fair.c
kernel/sched/sched.h
kernel/sched/walt.c
kernel/sched/walt.h
mm/kasan/report.c
security/security.c
security/selinux/hooks.c
Change-Id: I0ec8cbca6cb6384e22fbbe8def8a9d228229dc48
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Paul Lawrence
|
a0ef47a66f |
UPSTREAM: kasan: add tests for alloca poisoning
Link: http://lkml.kernel.org/r/20171204191735.132544-5-paullawrence@google.com Signed-off-by: Greg Hackmann <ghackmann@google.com> Signed-off-by: Paul Lawrence <paullawrence@google.com> Acked-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Masahiro Yamada <yamada.masahiro@socionext.com> Cc: Matthias Kaehlcke <mka@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry-picked from 00a14294bb33af533f7ac002fb20623fdd8ea0d7) Change-Id: I2c3b607d67b4a788000c62ce920cfd603f42fa06 Signed-off-by: Paul Lawrence <paullawrence@google.com> |
||
|
Linux Build Service Account
|
bd618d9d52 |
Merge "Merge android-4.9-o.82 (2d34d45) into msm-4.9"
|
||
|
Greg Kroah-Hartman
|
b324a70153 |
Merge 4.9.86 into android-4.9
Changes in 4.9.86 hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) i2c: designware: must wait for enable f2fs: fix a bug caused by NULL extent tree dmaengine: fsl-edma: disable clks on all error paths nvme: check hw sectors before setting chunk sectors net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM mtd: nand: brcmnand: Zero bitflip is not an error ipv6: icmp6: Allow icmp messages to be looped back ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch x86/asm: Allow again using asm.h when building for the 'bpf' clang target sget(): handle failures of register_shrinker() net: phy: xgene: disable clk on error paths drm/nouveau/pci: do a msi rearm on init mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl spi: atmel: fixed spin_lock usage inside atmel_spi_remove ASoC: nau8825: fix issue that pop noise when start capture net: mediatek: setup proper state for disabled GMAC on the default net: arc_emac: fix arc_emac_rx() error paths ip6_tunnel: get the min mtu properly in ip6_tnl_xmit net: stmmac: Fix TX timestamp calculation scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error ARM: dts: ls1021a: fix incorrect clock references lib/mpi: Fix umul_ppmm() for MIPS64r6 tipc: error path leak fixes in tipc_enable_bearer() tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path tg3: Add workaround to restrict 5762 MRRS to 2048 tg3: Enable PHY reset in MTU change path for 5720 bnx2x: Improve reliability in case of nested PCI errors led: core: Fix brightness setting when setting delay_off=0 IB/mlx5: Fix mlx5_ib_alloc_mr error flow genirq: Guard handle_bad_irq log messages s390/dasd: fix wrongly assigned configuration data IB/mlx4: Fix mlx4_ib_alloc_mr error flow IB/ipoib: Fix race condition in neigh creation xfs: quota: fix missed destroy of qi_tree_lock xfs: quota: check result of register_shrinker() macvlan: Fix one possible double free e1000: fix disabling already-disabled warning NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 drm/ttm: check the return value of kzalloc uapi libc compat: add fallback for unsupported libcs i40e/i40evf: Account for frags split over multiple descriptors in check linearize nl80211: Check for the required netlink attribute presence mac80211: mesh: drop frames appearing to be from us can: flex_can: Correct the checking for frame length in flexcan_start_xmit() bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. xen-netfront: enable device after manual module load mdio-sun4i: Fix a memory leak SolutionEngine771x: fix Ether platform data xen/gntdev: Fix off-by-one error when unmapping with holes xen/gntdev: Fix partial gntdev_mmap() cleanup sctp: make use of pre-calculated len net: gianfar_ptp: move set_fipers() to spinlock protecting area KVM: arm/arm64: Fix check for hugepage size when allocating at Stage 2 MIPS: Implement __multi3 for GCC7 MIPS64r6 builds Linux 4.9.86 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
James Hogan
|
d9868db658 |
lib/mpi: Fix umul_ppmm() for MIPS64r6
[ Upstream commit bbc25bee37d2b32cf3a1fab9195b6da3a185614a ]
Current MIPS64r6 toolchains aren't able to generate efficient
DMULU/DMUHU based code for the C implementation of umul_ppmm(), which
performs an unsigned 64 x 64 bit multiply and returns the upper and
lower 64-bit halves of the 128-bit result. Instead it widens the 64-bit
inputs to 128-bits and emits a __multi3 intrinsic call to perform a 128
x 128 multiply. This is both inefficient, and it results in a link error
since we don't include __multi3 in MIPS linux.
For example commit 90a53e4432b1 ("cfg80211: implement regdb signature
checking") merged in v4.15-rc1 recently broke the 64r6_defconfig and
64r6el_defconfig builds by indirectly selecting MPILIB. The same build
errors can be reproduced on older kernels by enabling e.g. CRYPTO_RSA:
lib/mpi/generic_mpih-mul1.o: In function `mpihelp_mul_1':
lib/mpi/generic_mpih-mul1.c:50: undefined reference to `__multi3'
lib/mpi/generic_mpih-mul2.o: In function `mpihelp_addmul_1':
lib/mpi/generic_mpih-mul2.c:49: undefined reference to `__multi3'
lib/mpi/generic_mpih-mul3.o: In function `mpihelp_submul_1':
lib/mpi/generic_mpih-mul3.c:49: undefined reference to `__multi3'
lib/mpi/mpih-div.o In function `mpihelp_divrem':
lib/mpi/mpih-div.c:205: undefined reference to `__multi3'
lib/mpi/mpih-div.c:142: undefined reference to `__multi3'
Therefore add an efficient MIPS64r6 implementation of umul_ppmm() using
inline assembly and the DMULU/DMUHU instructions, to prevent __multi3
calls being emitted.
Fixes:
|
||
|
Jan Kara
|
608fc9d039 |
kobject: Export kobject_get_unless_zero()
Make the function available for outside use and fortify it against NULL kobject. Change-Id: I76dc2a49293ce967309a882b5067bd85b8fc828e CC: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Reviewed-by: Bart Van Assche <bart.vanassche@sandisk.com> Acked-by: Tejun Heo <tj@kernel.org> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Jens Axboe <axboe@fb.com> Git-commit: c70c176ff8c3ff0ac6ef9a831cd591ea9a66bd1a Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git Signed-off-by: Ritesh Harjani <riteshh@codeaurora.org> |
||
|
Blagovest Kolenichev
|
82ccf838e2 |
Merge android-4.9-o.82 (2d34d45) into msm-4.9
* refs/heads/tmp-2d34d45: Linux 4.9.82 ftrace: Remove incorrect setting of glob search field mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy ovl: fix failure to fsync lower dir acpi, nfit: fix register dimm error handling ACPI: sbshc: remove raw pointer from printk() message drm/i915: Avoid PPS HW/SW state mismatch due to rounding btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker lib/ubsan: add type mismatch handler for new GCC/Clang lib/ubsan.c: s/missaligned/misaligned/ clocksource/drivers/stm32: Fix kernel panic with multiple timers pktcdvd: Fix pkt_setup_dev() error path pinctrl: intel: Initialize GPIO properly when used through irqchip EDAC, octeon: Fix an uninitialized variable warning xtensa: fix futex_atomic_cmpxchg_inatomic alpha: fix formating of stack content alpha: fix reboot on Avanti platform alpha: fix crash if pthread_create races with signal delivery signal/sh: Ensure si_signo is initialized in do_divide_error signal/openrisc: Fix do_unaligned_access to send the proper signal Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" Bluetooth: btsdio: Do not bind to non-removable BCM43341 HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working pipe: fix off-by-one error when checking buffer limits pipe: actually allow root to exceed the pipe buffer limits kernel/relay.c: revert "kernel/relay.c: fix potential memory leak" kernel/async.c: revert "async: simplify lowest_in_progress()" fs/proc/kcore.c: use probe_kernel_read() instead of memcpy() media: cxusb, dib0700: ignore XC2028_I2C_FLUSH media: ts2020: avoid integer overflows on 32 bit machines media: dvb-frontends: fix i2c access helpers for KASAN watchdog: imx2_wdt: restore previous timeout after suspend+resume ASoC: skl: Fix kernel warning due to zero NHTL entry ASoC: rockchip: i2s: fix playback after runtime resume KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls crypto: sha512-mb - initialize pending lengths correctly crypto: caam - fix endless loop when DECO acquire fails media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 media: v4l2-compat-ioctl32.c: avoid sizeof(type) media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 media: v4l2-compat-ioctl32.c: fix the indentation media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF media: v4l2-ioctl.c: don't copy back the result for -ENOTTY nsfs: mark dentry with DCACHE_RCUACCESS crypto: poly1305 - remove ->setkey() method crypto: mcryptd - pass through absence of ->setkey() crypto: cryptd - pass through absence of ->setkey() crypto: hash - introduce crypto_hash_alg_has_setkey() ahci: Add Intel Cannon Lake PCH-H PCI ID ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI ahci: Annotate PCI ids for mobile Intel chipsets as such kernfs: fix regression in kernfs_fop_write caused by wrong type NFS: Fix a race between mmap() and O_DIRECT NFS: reject request for id_legacy key without auxdata NFS: commit direct writes even if they fail partially NFS: Add a cond_resched() to nfs_commit_release_pages() nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds ubifs: Massage assert in ubifs_xattr_set() wrt. init_xattrs ubi: block: Fix locking for idr_alloc/idr_remove ubi: fastmap: Erase outdated anchor PEBs during attach mtd: nand: sunxi: Fix ECC strength choice mtd: nand: Fix nand_do_read_oob() return value mtd: nand: brcmnand: Disable prefetch by default mtd: cfi: convert inline functions to macros media: hdpvr: Fix an error handling path in hdpvr_probe() media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner media: dvb-usb-v2: lmedm04: Improve logic checking of warm start dccp: CVE-2017-8824: use-after-free in DCCP code sched/rt: Up the root domain ref count when passing it around via IPIs sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() usb: gadget: uvc: Missing files for configfs interface posix-timer: Properly check sigevent->sigev_notify kaiser: fix compile error without vsyscall dmaengine: dmatest: fix container_of member in dmatest_callback CIFS: zero sensitive data when freeing cifs: Fix autonegotiate security settings mismatch cifs: Fix missing put_xid in cifs_file_strict_mmap powerpc/pseries: include linux/types.h in asm/hvcall.h Conflicts: drivers/media/v4l2-core/v4l2-compat-ioctl32.c Change-Id: Ibd9486e6f8be9673b381f86d69fafa081c8f2539 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
a9d027374a |
Merge 4.9.84 into android-4.9
Changes in 4.9.84
vhost: use mutex_lock_nested() in vhost_dev_lock_vqs()
kcm: Check if sk_user_data already set in kcm_attach
kcm: Only allow TCP sockets to be attached to a KCM mux
cfg80211: check dev_set_name() return value
xfrm: skip policies marked as dead while rehashing
mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed.
xfrm: Fix stack-out-of-bounds read on socket policy lookup.
xfrm: check id proto in validate_tmpl()
sctp: set frag_point in sctp_setsockopt_maxseg correctly
blktrace: fix unlocked registration of tracepoints
drm: Require __GFP_NOFAIL for the legacy drm_modeset_lock_all
ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE
Provide a function to create a NUL-terminated string from unterminated data
selinux: ensure the context is NUL terminated in security_context_to_sid_core()
selinux: skip bounded transition processing if the policy isn't loaded
crypto: x86/twofish-3way - Fix %rbp usage
staging: android: ion: Add __GFP_NOWARN for system contig heap
staging: android: ion: Switch from WARN to pr_warn
blk_rq_map_user_iov: fix error override
KVM: x86: fix escape of guest dr6 to the host
kcov: detect double association with a single task
netfilter: x_tables: fix int overflow in xt_alloc_table_info()
netfilter: x_tables: avoid out-of-bounds reads in xt_request_find_{match|target}
netfilter: ipt_CLUSTERIP: fix out-of-bounds accesses in clusterip_tg_check()
netfilter: on sockopt() acquire sock lock only in the required scope
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
rds: tcp: atomically purge entries from rds_tcp_conn_list during netns delete
net: avoid skb_warn_bad_offload on IS_ERR
crypto: hash - annotate algorithms taking optional key
crypto: hash - prevent using keyed hashes without setting key
ASoC: ux500: add MODULE_LICENSE tag
video: fbdev/mmp: add MODULE_LICENSE
ARM: 8743/1: bL_switcher: add MODULE_LICENSE tag
arm64: dts: add #cooling-cells to CPU nodes
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
staging: android: ashmem: Fix a race condition in pin ioctls
binder: check for binder_thread allocation failure in binder_poll()
staging: iio: adc: ad7192: fix external frequency setting
staging: iio: ad5933: switch buffer mode to software
usbip: keep usbip_device sockfd state in sync with tcp_socket
usb: build drivers/usb/common/ when USB_SUPPORT is set
ARM: OMAP2+: Fix SRAM virt to phys translation for save_secure_ram_context
ARM: AM33xx: PRM: Remove am33xx_pwrdm_read_prev_pwrst function
ARM: dts: Fix omap4 hang with GPS connected to USB by using wakeupgen
ARM: dts: logicpd-som-lv: Fix gpmc addresses for NAND and enet
ARM: dts: logicpd-somlv: Fix wl127x pinmux
ARM: dts: am4372: Correct the interrupts_properties of McASP
ARM: dts: am437x-cm-t43: Correct the dmas property of spi0
perf top: Fix window dimensions change handling
perf bench numa: Fixup discontiguous/sparse numa nodes
media: s5k6aa: describe some function parameters
pinctrl: sunxi: Fix A80 interrupt pin bank
pinctrl: sunxi: Fix A64 UART mux value
i40iw: Correct ARP index mask
RDMA/cma: Make sure that PSN is not over max allowed
sctp: only update outstanding_bytes for transmitted queue when doing prsctp_prune
scripts/kernel-doc: Don't fail with status != 0 if error encountered with -none
ipvlan: Add the skb->mark as flow4's member to lookup route
m68k: add missing SOFTIRQENTRY_TEXT linker section
powerpc/perf: Fix oops when grouping different pmu events
s390/dasd: prevent prefix I/O error
ARM: dts: Fix elm interrupt compiler warning
gianfar: fix a flooded alignment reports because of padding issue.
net_sched: red: Avoid devision by zero
net_sched: red: Avoid illegal values
btrfs: Fix possible off-by-one in btrfs_search_path_in_tree
brcmfmac: Avoid build error with make W=1
net: ethernet: arc: fix error handling in emac_rockchip_probe
509: fix printing uninitialized stack memory when OID is empty
gianfar: Disable EEE autoneg by default
dmaengine: ioat: Fix error handling path
dmaengine: at_hdmac: fix potential NULL pointer dereference in atc_prep_dma_interleaved
clk: fix a panic error caused by accessing NULL pointer
ASoC: rockchip: disable clock on error
spi: sun4i: disable clocks in the remove function
xfrm: Fix stack-out-of-bounds with misconfigured transport mode policies.
drm/armada: fix leak of crtc structure
dmaengine: jz4740: disable/unprepare clk if probe fails
usb: dwc3: gadget: Wait longer for controller to end command processing
usb: dwc3: of-simple: fix missing clk_disable_unprepare
mm/early_ioremap: Fix boot hang with earlyprintk=efi,keep
x86/mm/kmmio: Fix mmiotrace for page unaligned addresses
platform/x86: dell-laptop: Fix keyboard max lighting for Dell Latitude E6410
xen: XEN_ACPI_PROCESSOR is Dom0-only
hippi: Fix a Fix a possible sleep-in-atomic bug in rr_close
powerpc/64s: Fix conversion of slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64s: Simple RFI macro conversions
powerpc/64s: Improve RFI L1-D cache flush fallback
crypto: talitos - fix Kernel Oops on hashing an empty file
drm/i915: fix intel_backlight_device_register declaration
shmem: avoid maybe-uninitialized warning
clk: sunxi-ng: fix build error without CONFIG_RESET_CONTROLLER
vmxnet3: prevent building with 64K pages
perf/x86: Shut up false-positive -Wmaybe-uninitialized warning
PCI: vmd: Fix suspend handlers defined-but-not-used warning
gpio: intel-mid: Fix build warning when !CONFIG_PM
platform/x86: intel_mid_thermal: Fix suspend handlers unused warning
usb: musb: fix compilation warning on unused function
PCI: Change pci_host_common_probe() visibility
perf: xgene: Include module.h
video: fbdev: via: remove possibly unused variables
scsi: advansys: fix build warning for PCI=n
x86/ras/inject: Make it depend on X86_LOCAL_APIC=y
gpio: xgene: mark PM functions as __maybe_unused
arm64: define BUG() instruction without CONFIG_BUG
x86/fpu/math-emu: Fix possible uninitialized variable use
tools build: Add tools tree support for 'make -s'
x86/build: Silence the build with "make -s"
thermal: fix INTEL_SOC_DTS_IOSF_CORE dependencies
x86: add MULTIUSER dependency for KVM
dmaengine: zx: fix build warning
x86/platform: Add PCI dependency for PUNIT_ATOM_DEBUG
x86/vm86: Fix unused variable warning if THP is disabled
scsi: advansys: fix uninitialized data access
arm64: Kconfig: select COMPAT_BINFMT_ELF only when BINFMT_ELF is set
ALSA: hda/ca0132 - fix possible NULL pointer use
reiserfs: avoid a -Wmaybe-uninitialized warning
cw1200: fix bogus maybe-uninitialized warning
security/keys: BIG_KEY requires CONFIG_CRYPTO
drm: exynos: mark pm functions as __maybe_unused
rbd: silence bogus -Wmaybe-uninitialized warning
drm/nouveau: hide gcc-4.9 -Wmaybe-uninitialized
Input: tca8418_keypad - hide gcc-4.9 -Wmaybe-uninitialized warning
KVM: add X86_LOCAL_APIC dependency
shmem: fix compilation warnings on unused functions
tc358743: fix register i2c_rd/wr functions
go7007: add MEDIA_CAMERA_SUPPORT dependency
em28xx: only use mt9v011 if camera support is enabled
tw5864: use dev_warn instead of WARN to shut up warning
ISDN: eicon: reduce stack size of sig_ind function
clk: meson: gxbb: fix build error without RESET_CONTROLLER
kasan: rework Kconfig settings
drm/i915: hide unused intel_panel_set_backlight function
arm64: sunxi: always enable reset controller
binfmt_elf: compat: avoid unused function warning
spi: bcm-qspi: shut up warning about cfi header inclusion
idle: i7300: add PCI dependency
arm64: fix warning about swapper_pg_dir overflow
usb: phy: msm add regulator dependency
x86/microcode/AMD: Change load_microcode_amd()'s param to bool to fix preemptibility bug
KVM: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready" exceptions simultaneously
KVM: VMX: clean up declaration of VPID/EPT invalidation types
KVM: nVMX: invvpid handling improvements
crypto: s5p-sss - Fix kernel Oops in AES-ECB mode
Linux 4.9.84
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Arnd Bergmann
|
ef3af3465a |
kasan: rework Kconfig settings
commit e7c52b84fb18f08ce49b6067ae6285aca79084a8 upstream. We get a lot of very large stack frames using gcc-7.0.1 with the default -fsanitize-address-use-after-scope --param asan-stack=1 options, which can easily cause an overflow of the kernel stack, e.g. drivers/gpu/drm/i915/gvt/handlers.c:2434:1: warning: the frame size of 46176 bytes is larger than 3072 bytes drivers/net/wireless/ralink/rt2x00/rt2800lib.c:5650:1: warning: the frame size of 23632 bytes is larger than 3072 bytes lib/atomic64_test.c:250:1: warning: the frame size of 11200 bytes is larger than 3072 bytes drivers/gpu/drm/i915/gvt/handlers.c:2621:1: warning: the frame size of 9208 bytes is larger than 3072 bytes drivers/media/dvb-frontends/stv090x.c:3431:1: warning: the frame size of 6816 bytes is larger than 3072 bytes fs/fscache/stats.c:287:1: warning: the frame size of 6536 bytes is larger than 3072 bytes To reduce this risk, -fsanitize-address-use-after-scope is now split out into a separate CONFIG_KASAN_EXTRA Kconfig option, leading to stack frames that are smaller than 2 kilobytes most of the time on x86_64. An earlier version of this patch also prevented combining KASAN_EXTRA with KASAN_INLINE, but that is no longer necessary with gcc-7.0.1. All patches to get the frame size below 2048 bytes with CONFIG_KASAN=y and CONFIG_KASAN_EXTRA=n have been merged by maintainers now, so we can bring back that default now. KASAN_EXTRA=y still causes lots of warnings but now defaults to !COMPILE_TEST to disable it in allmodconfig, and it remains disabled in all other defconfigs since it is a new option. I arbitrarily raise the warning limit for KASAN_EXTRA to 3072 to reduce the noise, but an allmodconfig kernel still has around 50 warnings on gcc-7. I experimented a bit more with smaller stack frames and have another follow-up series that reduces the warning limit for 64-bit architectures to 1280 bytes (without CONFIG_KASAN). With earlier versions of this patch series, I also had patches to address the warnings we get with KASAN and/or KASAN_EXTRA, using a "noinline_if_stackbloat" annotation. That annotation now got replaced with a gcc-8 bugfix (see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715) and a workaround for older compilers, which means that KASAN_EXTRA is now just as bad as before and will lead to an instant stack overflow in a few extreme cases. This reverts parts of commit |
||
|
Eric Biggers
|
d39838a556 |
509: fix printing uninitialized stack memory when OID is empty
[ Upstream commit 8dfd2f22d3bf3ab7714f7495ad5d897b8845e8c1 ]
Callers of sprint_oid() do not check its return value before printing
the result. In the case where the OID is zero-length, -EBADMSG was
being returned without anything being written to the buffer, resulting
in uninitialized stack memory being printed. Fix this by writing
"(bad)" to the buffer in the cases where -EBADMSG is returned.
Fixes:
|
||
|
Greg Kroah-Hartman
|
2d34d459e5 |
Merge 4.9.82 into android-4.9-o
Changes in 4.9.82 powerpc/pseries: include linux/types.h in asm/hvcall.h cifs: Fix missing put_xid in cifs_file_strict_mmap cifs: Fix autonegotiate security settings mismatch CIFS: zero sensitive data when freeing dmaengine: dmatest: fix container_of member in dmatest_callback kaiser: fix compile error without vsyscall posix-timer: Properly check sigevent->sigev_notify usb: gadget: uvc: Missing files for configfs interface sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() sched/rt: Up the root domain ref count when passing it around via IPIs dccp: CVE-2017-8824: use-after-free in DCCP code media: dvb-usb-v2: lmedm04: Improve logic checking of warm start media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner media: hdpvr: Fix an error handling path in hdpvr_probe() mtd: cfi: convert inline functions to macros mtd: nand: brcmnand: Disable prefetch by default mtd: nand: Fix nand_do_read_oob() return value mtd: nand: sunxi: Fix ECC strength choice ubi: fastmap: Erase outdated anchor PEBs during attach ubi: block: Fix locking for idr_alloc/idr_remove ubifs: Massage assert in ubifs_xattr_set() wrt. init_xattrs nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds NFS: Add a cond_resched() to nfs_commit_release_pages() NFS: commit direct writes even if they fail partially NFS: reject request for id_legacy key without auxdata NFS: Fix a race between mmap() and O_DIRECT kernfs: fix regression in kernfs_fop_write caused by wrong type ahci: Annotate PCI ids for mobile Intel chipsets as such ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI ahci: Add Intel Cannon Lake PCH-H PCI ID crypto: hash - introduce crypto_hash_alg_has_setkey() crypto: cryptd - pass through absence of ->setkey() crypto: mcryptd - pass through absence of ->setkey() crypto: poly1305 - remove ->setkey() method nsfs: mark dentry with DCACHE_RCUACCESS media: v4l2-ioctl.c: don't copy back the result for -ENOTTY media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF media: v4l2-compat-ioctl32.c: fix the indentation media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 media: v4l2-compat-ioctl32.c: avoid sizeof(type) media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic crypto: caam - fix endless loop when DECO acquire fails crypto: sha512-mb - initialize pending lengths correctly arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED ASoC: rockchip: i2s: fix playback after runtime resume ASoC: skl: Fix kernel warning due to zero NHTL entry watchdog: imx2_wdt: restore previous timeout after suspend+resume media: dvb-frontends: fix i2c access helpers for KASAN media: ts2020: avoid integer overflows on 32 bit machines media: cxusb, dib0700: ignore XC2028_I2C_FLUSH fs/proc/kcore.c: use probe_kernel_read() instead of memcpy() kernel/async.c: revert "async: simplify lowest_in_progress()" kernel/relay.c: revert "kernel/relay.c: fix potential memory leak" pipe: actually allow root to exceed the pipe buffer limits pipe: fix off-by-one error when checking buffer limits HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working Bluetooth: btsdio: Do not bind to non-removable BCM43341 Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version signal/openrisc: Fix do_unaligned_access to send the proper signal signal/sh: Ensure si_signo is initialized in do_divide_error alpha: fix crash if pthread_create races with signal delivery alpha: fix reboot on Avanti platform alpha: fix formating of stack content xtensa: fix futex_atomic_cmpxchg_inatomic EDAC, octeon: Fix an uninitialized variable warning pinctrl: intel: Initialize GPIO properly when used through irqchip pktcdvd: Fix pkt_setup_dev() error path clocksource/drivers/stm32: Fix kernel panic with multiple timers lib/ubsan.c: s/missaligned/misaligned/ lib/ubsan: add type mismatch handler for new GCC/Clang btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker drm/i915: Avoid PPS HW/SW state mismatch due to rounding ACPI: sbshc: remove raw pointer from printk() message acpi, nfit: fix register dimm error handling ovl: fix failure to fsync lower dir mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy ftrace: Remove incorrect setting of glob search field Linux 4.9.82 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
cdfc8df1d2 |
Merge 4.9.82 into android-4.9
Changes in 4.9.82 powerpc/pseries: include linux/types.h in asm/hvcall.h cifs: Fix missing put_xid in cifs_file_strict_mmap cifs: Fix autonegotiate security settings mismatch CIFS: zero sensitive data when freeing dmaengine: dmatest: fix container_of member in dmatest_callback kaiser: fix compile error without vsyscall posix-timer: Properly check sigevent->sigev_notify usb: gadget: uvc: Missing files for configfs interface sched/rt: Use container_of() to get root domain in rto_push_irq_work_func() sched/rt: Up the root domain ref count when passing it around via IPIs dccp: CVE-2017-8824: use-after-free in DCCP code media: dvb-usb-v2: lmedm04: Improve logic checking of warm start media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner media: hdpvr: Fix an error handling path in hdpvr_probe() mtd: cfi: convert inline functions to macros mtd: nand: brcmnand: Disable prefetch by default mtd: nand: Fix nand_do_read_oob() return value mtd: nand: sunxi: Fix ECC strength choice ubi: fastmap: Erase outdated anchor PEBs during attach ubi: block: Fix locking for idr_alloc/idr_remove ubifs: Massage assert in ubifs_xattr_set() wrt. init_xattrs nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds NFS: Add a cond_resched() to nfs_commit_release_pages() NFS: commit direct writes even if they fail partially NFS: reject request for id_legacy key without auxdata NFS: Fix a race between mmap() and O_DIRECT kernfs: fix regression in kernfs_fop_write caused by wrong type ahci: Annotate PCI ids for mobile Intel chipsets as such ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI ahci: Add Intel Cannon Lake PCH-H PCI ID crypto: hash - introduce crypto_hash_alg_has_setkey() crypto: cryptd - pass through absence of ->setkey() crypto: mcryptd - pass through absence of ->setkey() crypto: poly1305 - remove ->setkey() method nsfs: mark dentry with DCACHE_RCUACCESS media: v4l2-ioctl.c: don't copy back the result for -ENOTTY media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF media: v4l2-compat-ioctl32.c: fix the indentation media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 media: v4l2-compat-ioctl32.c: avoid sizeof(type) media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic crypto: caam - fix endless loop when DECO acquire fails crypto: sha512-mb - initialize pending lengths correctly arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2 KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED ASoC: rockchip: i2s: fix playback after runtime resume ASoC: skl: Fix kernel warning due to zero NHTL entry watchdog: imx2_wdt: restore previous timeout after suspend+resume media: dvb-frontends: fix i2c access helpers for KASAN media: ts2020: avoid integer overflows on 32 bit machines media: cxusb, dib0700: ignore XC2028_I2C_FLUSH fs/proc/kcore.c: use probe_kernel_read() instead of memcpy() kernel/async.c: revert "async: simplify lowest_in_progress()" kernel/relay.c: revert "kernel/relay.c: fix potential memory leak" pipe: actually allow root to exceed the pipe buffer limits pipe: fix off-by-one error when checking buffer limits HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working Bluetooth: btsdio: Do not bind to non-removable BCM43341 Revert "Bluetooth: btusb: fix QCA Rome suspend/resume" Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version signal/openrisc: Fix do_unaligned_access to send the proper signal signal/sh: Ensure si_signo is initialized in do_divide_error alpha: fix crash if pthread_create races with signal delivery alpha: fix reboot on Avanti platform alpha: fix formating of stack content xtensa: fix futex_atomic_cmpxchg_inatomic EDAC, octeon: Fix an uninitialized variable warning pinctrl: intel: Initialize GPIO properly when used through irqchip pktcdvd: Fix pkt_setup_dev() error path clocksource/drivers/stm32: Fix kernel panic with multiple timers lib/ubsan.c: s/missaligned/misaligned/ lib/ubsan: add type mismatch handler for new GCC/Clang btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker drm/i915: Avoid PPS HW/SW state mismatch due to rounding ACPI: sbshc: remove raw pointer from printk() message acpi, nfit: fix register dimm error handling ovl: fix failure to fsync lower dir mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy ftrace: Remove incorrect setting of glob search field Linux 4.9.82 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Andrey Ryabinin
|
3c83fe52b5 |
lib/ubsan: add type mismatch handler for new GCC/Clang
commit 42440c1f9911b4b7b8ba3dc4e90c1197bc561211 upstream.
UBSAN=y fails to build with new GCC/clang:
arch/x86/kernel/head64.o: In function `sanitize_boot_params':
arch/x86/include/asm/bootparam_utils.h:37: undefined reference to `__ubsan_handle_type_mismatch_v1'
because Clang and GCC 8 slightly changed ABI for 'type mismatch' errors.
Compiler now uses new __ubsan_handle_type_mismatch_v1() function with
slightly modified 'struct type_mismatch_data'.
Let's add new 'struct type_mismatch_data_common' which is independent from
compiler's layout of 'struct type_mismatch_data'. And make
__ubsan_handle_type_mismatch[_v1]() functions transform compiler-dependent
type mismatch data to our internal representation. This way, we can
support both old and new compilers with minimal amount of change.
Link: http://lkml.kernel.org/r/20180119152853.16806-1-aryabinin@virtuozzo.com
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Sodagudi Prasad <psodagud@codeaurora.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Andrew Morton
|
3f8130127c |
lib/ubsan.c: s/missaligned/misaligned/
commit b8fe1120b4ba342b4f156d24e952d6e686b20298 upstream. A vist from the spelling fairy. Cc: David Laight <David.Laight@ACULAB.COM> Cc: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
c1d6892632 |
Merge android-4.9-o.79 (db04eb4) into msm-4.9
* refs/heads/tmp-db04eb4: Linux 4.9.79 nfsd: auth: Fix gid sorting when rootsquash enabled bpf: reject stores into ctx via st and xadd bpf: fix 32-bit divide by zero bpf: fix divides by zero bpf: avoid false sharing of map refcount with max_entries bpf: arsh is not supported in 32 bit alu thus reject it bpf: introduce BPF_JIT_ALWAYS_ON config bpf: fix bpf_tail_call() x64 JIT x86: bpf_jit: small optimization in emit_bpf_tail_call() hrtimer: Reset hrtimer cpu base proper on CPU hotplug x86/microcode/intel: Extend BDW late-loading further with LLC size check perf/x86/amd/power: Do not load AMD power module on !AMD platforms flow_dissector: properly cap thoff field tun: fix a memory leak for tfile->tx_array mlxsw: spectrum_router: Don't log an error on missing neighbor gso: validate gso_type in GSO handlers ip6_gre: init dev->mtu and dev->hard_header_len correctly be2net: restore properly promisc mode after queues reconfiguration ppp: unlock all_ppp_mutex before registering device ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY net: Allow neigh contructor functions ability to modify the primary_key vmxnet3: repair memory leak tipc: fix a memory leak in tipc_nl_node_get_link() sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf sctp: do not allow the v4 socket to bind a v4mapped v6 address r8169: fix memory corruption on retrieval of hardware statistics. pppoe: take ->needed_headroom of lower device into account on xmit net: tcp: close sock if net namespace is exiting net: qdisc_pkt_len_init() should be more robust net: igmp: fix source address check for IGMPv3 reports lan78xx: Fix failure in USB Full Speed ipv6: ip6_make_skb() needs to clear cork.base.dst ipv6: fix udpv6 sendmsg crash caused by too small MTU ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state eventpoll.h: add missing epoll event masks vsyscall: Fix permissions for emulate mode with KAISER/PTI um: link vmlinux with -no-pie orangefs: fix deadlock; do not write i_size in read_iter Input: trackpoint - force 3 buttons if 0 button is reported mm: fix 100% CPU kswapd busyloop on unreclaimable nodes Revert "module: Add retpoline tag to VERMAGIC" scsi: libiscsi: fix shifting of DID_REQUEUE host byte fs/fcntl: f_setown, avoid undefined behaviour reiserfs: don't preallocate blocks for extended attributes reiserfs: fix race in prealloc discard netfilter: xt_osf: Add missing permission checks netfilter: nfnetlink_cthelper: Add missing permission checks ACPICA: Namespace: fix operand cache leak ACPI / scan: Prefer devices without _HID/_CID for _ADR matching ipc: msg, make msgrcv work with LONG_MIN mm, page_alloc: fix potential false positive in __zone_watermark_ok cma: fix calculation of aligned offset hwpoison, memcg: forcibly uncharge LRU pages mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack drivers: base: cacheinfo: fix boot error message when acpi is enabled drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled Prevent timer value 0 for MWAITX KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once usbip: Fix potential format overflow in userspace tools usbip: Fix implicit fallthrough warning usbip: prevent vhci_hcd driver from leaking a socket pointer address orangefs: initialize op on loop restart in orangefs_devreq_read orangefs: use list_for_each_entry_safe in purge_waiting_ops x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels Conflicts: mm/page_alloc.c mm/vmscan.c Change-Id: Ic2906f35cee88313f33650133b26dc3e51cdc488 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
db04eb4052 |
Merge 4.9.79 into android-4.9-o
Changes in 4.9.79 x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels orangefs: use list_for_each_entry_safe in purge_waiting_ops orangefs: initialize op on loop restart in orangefs_devreq_read usbip: prevent vhci_hcd driver from leaking a socket pointer address usbip: Fix implicit fallthrough warning usbip: Fix potential format overflow in userspace tools can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 Prevent timer value 0 for MWAITX drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled drivers: base: cacheinfo: fix boot error message when acpi is enabled mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack hwpoison, memcg: forcibly uncharge LRU pages cma: fix calculation of aligned offset mm, page_alloc: fix potential false positive in __zone_watermark_ok ipc: msg, make msgrcv work with LONG_MIN ACPI / scan: Prefer devices without _HID/_CID for _ADR matching ACPICA: Namespace: fix operand cache leak netfilter: nfnetlink_cthelper: Add missing permission checks netfilter: xt_osf: Add missing permission checks reiserfs: fix race in prealloc discard reiserfs: don't preallocate blocks for extended attributes fs/fcntl: f_setown, avoid undefined behaviour scsi: libiscsi: fix shifting of DID_REQUEUE host byte Revert "module: Add retpoline tag to VERMAGIC" mm: fix 100% CPU kswapd busyloop on unreclaimable nodes Input: trackpoint - force 3 buttons if 0 button is reported orangefs: fix deadlock; do not write i_size in read_iter um: link vmlinux with -no-pie vsyscall: Fix permissions for emulate mode with KAISER/PTI eventpoll.h: add missing epoll event masks dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL ipv6: fix udpv6 sendmsg crash caused by too small MTU ipv6: ip6_make_skb() needs to clear cork.base.dst lan78xx: Fix failure in USB Full Speed net: igmp: fix source address check for IGMPv3 reports net: qdisc_pkt_len_init() should be more robust net: tcp: close sock if net namespace is exiting pppoe: take ->needed_headroom of lower device into account on xmit r8169: fix memory corruption on retrieval of hardware statistics. sctp: do not allow the v4 socket to bind a v4mapped v6 address sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf tipc: fix a memory leak in tipc_nl_node_get_link() vmxnet3: repair memory leak net: Allow neigh contructor functions ability to modify the primary_key ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY ppp: unlock all_ppp_mutex before registering device be2net: restore properly promisc mode after queues reconfiguration ip6_gre: init dev->mtu and dev->hard_header_len correctly gso: validate gso_type in GSO handlers mlxsw: spectrum_router: Don't log an error on missing neighbor tun: fix a memory leak for tfile->tx_array flow_dissector: properly cap thoff field perf/x86/amd/power: Do not load AMD power module on !AMD platforms x86/microcode/intel: Extend BDW late-loading further with LLC size check hrtimer: Reset hrtimer cpu base proper on CPU hotplug x86: bpf_jit: small optimization in emit_bpf_tail_call() bpf: fix bpf_tail_call() x64 JIT bpf: introduce BPF_JIT_ALWAYS_ON config bpf: arsh is not supported in 32 bit alu thus reject it bpf: avoid false sharing of map refcount with max_entries bpf: fix divides by zero bpf: fix 32-bit divide by zero bpf: reject stores into ctx via st and xadd nfsd: auth: Fix gid sorting when rootsquash enabled Linux 4.9.79 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
71f1469722 |
Merge 4.9.79 into android-4.9
Changes in 4.9.79 x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels orangefs: use list_for_each_entry_safe in purge_waiting_ops orangefs: initialize op on loop restart in orangefs_devreq_read usbip: prevent vhci_hcd driver from leaking a socket pointer address usbip: Fix implicit fallthrough warning usbip: Fix potential format overflow in userspace tools can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2 Prevent timer value 0 for MWAITX drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled drivers: base: cacheinfo: fix boot error message when acpi is enabled mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack hwpoison, memcg: forcibly uncharge LRU pages cma: fix calculation of aligned offset mm, page_alloc: fix potential false positive in __zone_watermark_ok ipc: msg, make msgrcv work with LONG_MIN ACPI / scan: Prefer devices without _HID/_CID for _ADR matching ACPICA: Namespace: fix operand cache leak netfilter: nfnetlink_cthelper: Add missing permission checks netfilter: xt_osf: Add missing permission checks reiserfs: fix race in prealloc discard reiserfs: don't preallocate blocks for extended attributes fs/fcntl: f_setown, avoid undefined behaviour scsi: libiscsi: fix shifting of DID_REQUEUE host byte Revert "module: Add retpoline tag to VERMAGIC" mm: fix 100% CPU kswapd busyloop on unreclaimable nodes Input: trackpoint - force 3 buttons if 0 button is reported orangefs: fix deadlock; do not write i_size in read_iter um: link vmlinux with -no-pie vsyscall: Fix permissions for emulate mode with KAISER/PTI eventpoll.h: add missing epoll event masks dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL ipv6: fix udpv6 sendmsg crash caused by too small MTU ipv6: ip6_make_skb() needs to clear cork.base.dst lan78xx: Fix failure in USB Full Speed net: igmp: fix source address check for IGMPv3 reports net: qdisc_pkt_len_init() should be more robust net: tcp: close sock if net namespace is exiting pppoe: take ->needed_headroom of lower device into account on xmit r8169: fix memory corruption on retrieval of hardware statistics. sctp: do not allow the v4 socket to bind a v4mapped v6 address sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf tipc: fix a memory leak in tipc_nl_node_get_link() vmxnet3: repair memory leak net: Allow neigh contructor functions ability to modify the primary_key ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY ppp: unlock all_ppp_mutex before registering device be2net: restore properly promisc mode after queues reconfiguration ip6_gre: init dev->mtu and dev->hard_header_len correctly gso: validate gso_type in GSO handlers mlxsw: spectrum_router: Don't log an error on missing neighbor tun: fix a memory leak for tfile->tx_array flow_dissector: properly cap thoff field perf/x86/amd/power: Do not load AMD power module on !AMD platforms x86/microcode/intel: Extend BDW late-loading further with LLC size check hrtimer: Reset hrtimer cpu base proper on CPU hotplug x86: bpf_jit: small optimization in emit_bpf_tail_call() bpf: fix bpf_tail_call() x64 JIT bpf: introduce BPF_JIT_ALWAYS_ON config bpf: arsh is not supported in 32 bit alu thus reject it bpf: avoid false sharing of map refcount with max_entries bpf: fix divides by zero bpf: fix 32-bit divide by zero bpf: reject stores into ctx via st and xadd nfsd: auth: Fix gid sorting when rootsquash enabled Linux 4.9.79 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Alexei Starovoitov
|
a3d6dd6a66 |
bpf: introduce BPF_JIT_ALWAYS_ON config
[ upstream commit 290af86629b25ffd1ed6232c4e9107da031705cb ] The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715. A quote from goolge project zero blog: "At this point, it would normally be necessary to locate gadgets in the host kernel code that can be used to actually leak data by reading from an attacker-controlled location, shifting and masking the result appropriately and then using the result of that as offset to an attacker-controlled address for a load. But piecing gadgets together and figuring out which ones work in a speculation context seems annoying. So instead, we decided to use the eBPF interpreter, which is built into the host kernel - while there is no legitimate way to invoke it from inside a VM, the presence of the code in the host kernel's text section is sufficient to make it usable for the attack, just like with ordinary ROP gadgets." To make attacker job harder introduce BPF_JIT_ALWAYS_ON config option that removes interpreter from the kernel in favor of JIT-only mode. So far eBPF JIT is supported by: x64, arm64, arm32, sparc64, s390, powerpc64, mips64 The start of JITed program is randomized and code page is marked as read-only. In addition "constant blinding" can be turned on with net.core.bpf_jit_harden v2->v3: - move __bpf_prog_ret0 under ifdef (Daniel) v1->v2: - fix init order, test_bpf and cBPF (Daniel's feedback) - fix offloaded bpf (Jakub's feedback) - add 'return 0' dummy in case something can invoke prog->bpf_func - retarget bpf tree. For bpf-next the patch would need one extra hunk. It will be sent when the trees are merged back to net-next Considered doing: int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT; but it seems better to land the patch as-is and in bpf-next remove bpf_jit_enable global variable from all JITs, consolidate in one place and remove this jit_init() function. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kyle Yan
|
ff97938fbf |
Merge remote-tracking branch '4.9/tmp-8dd0f52' into msm-4.9
* 4.9/tmp-8dd0f52: Linux 4.9.72 sparc32: Export vac_cache_size to fix build error bpf: fix incorrect sign extension in check_alu_op() bpf: reject out-of-bounds stack pointer calculation bpf: fix branch pruning logic bpf: adjust insn_aux_data when patching insns Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" platform/x86: asus-wireless: send an EV_SYN/SYN_REPORT between state changes MIPS: math-emu: Fix final emulation phase for certain instructions thermal/drivers/hisi: Fix multiple alarm interrupts firing thermal/drivers/hisi: Simplify the temperature/step computation thermal/drivers/hisi: Fix kernel panic on alarm interrupt thermal/drivers/hisi: Fix missing interrupt enablement thermal: hisilicon: Handle return value of clk_prepare_enable cpuidle: fix broadcast control when broadcast can not be entered rtc: set the alarm to the next expiring timer tcp: fix under-evaluated ssthresh in TCP Vegas clk: sunxi-ng: sun6i: Rename HDMI DDC clock to avoid name collision staging: greybus: light: Release memory obtained by kasprintf net: ipv6: send NS for DAD when link operationally up fm10k: ensure we process SM mbx when processing VF mbx vfio/pci: Virtualize Maximum Payload Size scsi: lpfc: PLOGI failures during NPIV testing scsi: lpfc: Fix secure firmware updates fm10k: fix mis-ordered parameters in declaration for .ndo_set_vf_bw ASoC: img-parallel-out: Add pm_runtime_get/put to set_fmt callback tracing: Exclude 'generic fields' from histograms PCI/AER: Report non-fatal errors only to the affected endpoint IB/rxe: check for allocation failure on elem ixgbe: fix use of uninitialized padding igb: check memory allocation failure PM / OPP: Move error message to debug level PCI: Create SR-IOV virtfn/physfn links before attaching driver scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive scsi: cxgb4i: fix Tx skb leak PCI: Avoid bus reset if bridge itself is broken net: phy: at803x: Change error to EINVAL for invalid MAC kvm, mm: account kvm related kmem slabs to kmemcg rtc: pl031: make interrupt optional crypto: crypto4xx - increase context and scatter ring buffer elements backlight: pwm_bl: Fix overflow condition bnxt_en: Fix NULL pointer dereference in reopen failure path cpuidle: powernv: Pass correct drv->cpumask for registration ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory Btrfs: fix an integer overflow check netfilter: nfnetlink_queue: fix secctx memory leak xhci: plat: Register shutdown for xhci_plat net: moxa: fix TX overrun memory leak isdn: kcapi: avoid uninitialized data virtio_balloon: prevent uninitialized variable use virtio-balloon: use actual number of stats for stats queue buffers KVM: pci-assign: do not map smm memory slot pages in vt-d page tables net: ipconfig: fix ic_close_devs() use-after-free cpufreq: Fix creation of symbolic links to policy directories ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table irda: vlsi_ir: fix check for DMA mapping errors RDMA/iser: Fix possible mr leak on device removal event i40e: Do not enable NAPI on q_vectors that have no rings IB/rxe: increment msn only when completing a request IB/rxe: double free on error net: Do not allow negative values for busy_read and busy_poll sysctl interfaces nbd: set queue timeout properly infiniband: Fix alignment of mmap cookies to support VIPT caching IB/core: Protect against self-requeue of a cq work item i40iw: Receive netdev events post INET_NOTIFIER state bna: avoid writing uninitialized data into hw registers s390/qeth: no ETH header for outbound AF_IUCV s390/qeth: size calculation outbound buffers r8152: prevent the driver from transmitting packets with carrier off ASoC: STI: Fix reader substream pointer set HID: xinmo: fix for out of range for THT 2P arcade controller. hwmon: (asus_atk0110) fix uninitialized data access ARM: dts: ti: fix PCI bus dtc warnings KVM: VMX: Fix enable VPID conditions KVM: x86: correct async page present tracepoint kvm: vmx: Flush TLB when the APIC-access address changes scsi: lpfc: Fix PT2PT PRLI reject pinctrl: st: add irq_request/release_resources callbacks inet: frag: release spinlock before calling icmp_send() tipc: fix nametbl deadlock at tipc_nametbl_unsubscribe r8152: fix the rx early size of RTL8153 iommu/exynos: Workaround FLPD cache flush issues for SYSMMU v5 netfilter: nfnl_cthelper: Fix memory leak netfilter: nfnl_cthelper: fix runtime expectation policy updates usb: gadget: udc: remove pointer dereference after free usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed hwmon: (max31790) Set correct PWM value net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 sctp: out_qlen should be updated when pruning unsent queue bna: integer overflow bug in debugfs sch_dsmark: fix invalid skb_cow() usage vsock: cancel packets when failing to connect vhost-vsock: add pkt cancel capability vsock: track pkt owner vsock crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex r8152: fix the list rx_done may be used without initialization cpuidle: Validate cpu_dev in cpuidle_add_sysfs() nvme-loop: handle cpu unplug when re-establishing the controller arm: kprobes: Align stack to 8-bytes in test code arm: kprobes: Fix the return address of multiple kretprobes HID: corsair: Add driver Scimitar Pro RGB gaming mouse 1b1c:1b3e support to hid-corsair HID: corsair: support for K65-K70 Rapidfire and Scimitar Pro RGB kvm: fix usage of uninit spinlock in avic_vm_destroy() ALSA: hda - add support for docking station for HP 840 G3 ALSA: hda - add support for docking station for HP 820 G2 arm64: Initialise high_memory global variable earlier cxl: Check if vphb exists before iterating over AFU devices Linux 4.9.71 ath9k: fix tx99 potential info leak icmp: don't fail on fragment reassembly time exceeded IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop RDMA/cma: Avoid triggering undefined behavior macvlan: Only deliver one copy of the frame to the macvlan interface udf: Avoid overflow when session starts at large offset scsi: bfa: integer overflow in debugfs scsi: sd: change allow_restart to bool in sysfs interface scsi: sd: change manage_start_stop to bool in sysfs interface rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_disassoc_cmd rtl8188eu: Fix a possible sleep-in-atomic bug in rtw_createbss_cmd vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend IB/core: Fix calculation of maximum RoCE MTU scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry raid5: Set R5_Expanded on parity devices as well as data. pinctrl: adi2: Fix Kconfig build problem usb: musb: da8xx: fix babble condition handling tty fix oops when rmmod 8250 soc: mediatek: pwrap: fix compiler errors powerpc/perf/hv-24x7: Fix incorrect comparison in memord scsi: hpsa: destroy sas transport properties before scsi_host scsi: hpsa: cleanup sas_phy structures in sysfs when unloading PCI: Detach driver before procfs & sysfs teardown on device remove RDMA/cxgb4: Declare stag as __be32 xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real xfs: fix log block underflow during recovery cycle verification l2tp: cleanup l2tp_tunnel_delete calls nvme: use kref_get_unless_zero in nvme_find_get_ns platform/x86: hp_accel: Add quirk for HP ProBook 440 G4 btrfs: tests: Fix a memory leak in error handling path in 'run_test()' arm64: prevent regressions in compressed kernel image size when upgrading to binutils 2.27 Ib/hfi1: Return actual operational VLs in port info query bcache: fix wrong cache_misses statistics bcache: explicitly destroy mutex while exiting GFS2: Take inode off order_write list when setting jdata flag scsi: scsi_debug: write_same: fix error report thermal/drivers/step_wise: Fix temperature regulation misbehavior ASoC: rsnd: rsnd_ssi_run_mods() needs to care ssi_parent_mod ppp: Destroy the mutex when cleanup clk: tegra: Fix cclk_lp divisor register clk: hi6220: mark clock cs_atb_syspll as critical clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU clk: mediatek: add the option for determining PLL source clock mm: Handle 0 flags in _calc_vm_trans() macro crypto: tcrypt - fix buffer lengths in test_aead_speed() arm-ccn: perf: Prevent module unload while PMU is in use xfs: truncate pagecache before writeback in xfs_setattr_size() iommu/amd: Limit the IOVA page range to the specified addresses badblocks: fix wrong return value in badblocks_set if badblocks are disabled target/file: Do not return error for UNMAP if length is zero target:fix condition return in core_pr_dump_initiator_port() iscsi-target: fix memory leak in lio_target_tiqn_addtpg() target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() platform/x86: intel_punit_ipc: Fix resource ioremap warning powerpc/ipic: Fix status get and status clear powerpc/opal: Fix EBUSY bug in acquiring tokens netfilter: ipvs: Fix inappropriate output of procfs iommu/mediatek: Fix driver name PCI: Do not allocate more buses than available in parent powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo PCI/PME: Handle invalid data when reading Root Status dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type ASoC: Intel: Skylake: Fix uuid_module memory leak in failure case rtc: pcf8563: fix output clock rate video: fbdev: au1200fb: Return an error code if a memory allocation fails video: fbdev: au1200fb: Release some resources if a memory allocation fails video: udlfb: Fix read EDID timeout fbdev: controlfb: Add missing modes to fix out of bounds access sfc: don't warn on successful change of MAC HID: cp2112: fix broken gpio_direction_input callback Revert "x86/acpi: Set persistent cpuid <-> nodeid mapping when booting" target: fix race during implicit transition work flushes target: fix ALUA transition timeout handling target: Use system workqueue for ALUA transitions btrfs: add missing memset while reading compressed inline extents NFSv4.1 respect server's max size in CREATE_SESSION efi/esrt: Cleanup bad memory map log messages perf symbols: Fix symbols__fixup_end heuristic for corner cases tty: fix data race in tty_ldisc_ref_wait() tty: don't panic on OOM in tty_set_ldisc() rxrpc: Ignore BUSY packets on old calls net: mpls: Fix nexthop alive tracking on down events net/mlx4_core: Avoid delays during VF driver device shutdown nvmet-rdma: Fix a possible uninitialized variable dereference nvmet: confirm sq percpu has scheduled and switched to atomic nvme-loop: fix a possible use-after-free when destroying the admin queue afs: Fix abort on signal while waiting for call completion afs: Fix afs_kill_pages() afs: Fix page leak in afs_write_begin() afs: Populate and use client modification time afs: Better abort and net error handling afs: Invalid op ID should abort with RXGEN_OPCODE afs: Fix the maths in afs_fs_store_data() afs: Prevent callback expiry timer overflow afs: Migrate vlocation fields to 64-bit afs: Flush outstanding writes when an fd is closed afs: Deal with an empty callback array afs: Adjust mode bits processing afs: Populate group ID from vnode status afs: Fix missing put_page() drm/radeon: reinstate oland workaround for sclk mmc: mediatek: Fixed bug where clock frequency could be set wrong sched/deadline: Use deadline instead of period when calculating overflow sched/deadline: Throttle a constrained deadline task activated after the deadline sched/deadline: Make sure the replenishment timer fires in the next period sched/deadline: Add missing update_rq_clock() in dl_task_timer() iwlwifi: mvm: cleanup pending frames in DQA mode Drivers: hv: util: move waiting for release to hv_utils_transport itself drm/radeon/si: add dpm quirk for Oland fjes: Fix wrong netdevice feature flags scsi: hpsa: do not timeout reset operations scsi: hpsa: limit outstanding rescans scsi: hpsa: update check for logical volume status ASoC: rcar: clear DE bit only in PDMACHCR when it stops openrisc: fix issue handling 8 byte get_user calls intel_th: pci: Add Gemini Lake support drm: amd: remove broken include path qed: Fix interrupt flags on Rx LL2 qed: Fix mapping leak on LL2 rx flow qed: Align CIDs according to DORQ requirement mlxsw: reg: Fix SPVMLR max record count mlxsw: reg: Fix SPVM max record count net: Resend IGMP memberships upon peer notification. irqchip/mvebu-odmi: Select GENERIC_MSI_IRQ_DOMAIN dmaengine: Fix array index out of bounds warning in __get_unmap_pool() net: wimax/i2400m: fix NULL-deref at probe writeback: fix memory leak in wb_queue_work() blk-mq: Fix tagset reinit in the presence of cpu hot-unplug ASoC: rsnd: fix sound route path when using SRC6/SRC9 netfilter: bridge: honor frag_max_size when refragmenting drm/omap: fix dmabuf mmap for dma_alloc'ed buffers Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list NFSD: fix nfsd_reset_versions for NFSv4. NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) drm/amdgpu: fix parser init error path to avoid crash in parser fini iommu/io-pgtable-arm-v7s: Check for leaf entry before dereferencing it net/mlx5: Don't save PCI state when PCI error is detected net/mlx5: Fix create autogroup prev initializer rxrpc: Wake up the transmitter if Rx window size increases on the peer net: bcmgenet: Power up the internal PHY before probing the MII net: bcmgenet: synchronize irq0 status between the isr and task net: bcmgenet: power down internal phy if open or resume fails net: bcmgenet: reserved phy revisions must be checked first net: bcmgenet: correct MIB access of UniMAC RUNT counters net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values bnxt_en: Ignore 0 value in autoneg supported speed from firmware. net: initialize msg.msg_flags in recvfrom userfaultfd: selftest: vm: allow to build in vm/ directory userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE md-cluster: free md_cluster_info if node leave cluster usb: xhci-mtk: check hcc_params after adding primary hcd KVM: nVMX: do not warn when MSR bitmap address is not backed usb: phy: isp1301: Add OF device ID table mac80211: Fix addition of mesh configuration element ext4: fix crash when a directory's i_size is too small ext4: fix fdatasync(2) after fallocate(2) operation dmaengine: dmatest: move callback wait queue to thread context eeprom: at24: change nvmem stride to 1 sched/rt: Do not pull from current CPU if only one CPU to pull nfs: don't wait on commit in nfs_commit_inode() if there were no commit requests xhci: Don't add a virt_dev to the devs array before it's fully allocated Bluetooth: btusb: driver to enable the usb-wakeup feature usb: xhci: fix TDS for MTK xHCI1.1 ceph: drop negative child dentries before try pruning inode's alias usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input usb: add helper to extract bits 12:11 of wMaxPacketSize usbip: fix stub_rx: get_pipe() to validate endpoint number USB: core: prevent malicious bNumInterfaces overflow USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID tracing: Allocate mask_str buffer dynamically autofs: fix careless error in recent commit crypto: salsa20 - fix blkcipher_walk API usage crypto: hmac - require that the underlying hash algorithm is unkeyed crypto: rsa - fix buffer overread when stripping leading zeroes mfd: fsl-imx25: Clean up irq settings during removal Linux 4.9.70 RDMA/cxgb4: Annotate r2 and stag as __be32 md: free unused memory after bitmap resize audit: ensure that 'audit=1' actually enables audit for PID 1 ipvlan: fix ipv6 outbound device kbuild: do not call cc-option before KBUILD_CFLAGS initialization powerpc/64: Fix checksum folding in csum_tcpudp_nofold and ip_fast_csum_nofold KVM: arm/arm64: vgic-its: Preserve the revious read from the pending table fix kcm_clone() usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping s390: always save and restore all registers on context switch ipmi: Stop timers before cleaning up the module Fix handling of verdicts after NF_QUEUE tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() s390/qeth: fix thinko in IPv4 multicast address tracking s390/qeth: fix GSO throughput regression s390/qeth: build max size GSO skbs on L2 devices tcp/dccp: block bh before arming time_wait timer stmmac: reset last TSO segment size after device open net: remove hlist_nulls_add_tail_rcu() usbnet: fix alignment for frames with no ethernet header net/packet: fix a race in packet_bind() and packet_notifier() packet: fix crash in fanout_demux_rollover() sit: update frag_off info rds: Fix NULL pointer dereference in __rds_rdma_map tipc: fix memory leak in tipc_accept_from_sock() s390/qeth: fix early exit from error path net: qmi_wwan: add Quectel BG96 2c7c:0296 ANDROID: dma-buf/sw_sync: Rename active_list to link FROMLIST: android: binder: Fix null ptr dereference in debug msg FROMLIST: android: binder: Move buffer out of area shared with user space FROMLIST: android: binder: Add allocator selftest FROMLIST: android: binder: Refactor prev and next buffer into a helper function Linux 4.9.69 afs: Connect up the CB.ProbeUuid IB/mlx5: Assign send CQ and recv CQ of UMR QP IB/mlx4: Increase maximal message size under UD QP xfrm: Copy policy family in clone_policy jump_label: Invoke jump_label_test() via early_initcall() atm: horizon: Fix irq release error clk: uniphier: fix DAPLL2 clock rate of Pro5 bpf: fix lockdep splat sctp: use the right sk after waking up from wait_buf sleep sctp: do not free asoc when it is already dead in sctp_sendmsg zsmalloc: calling zs_map_object() from irq is a bug sparc64/mm: set fields in deferred pages block: wake up all tasks blocked in get_request() dt-bindings: usb: fix reg-property port-number range xfs: fix forgotten rcu read unlock when skipping inode reclaim sunrpc: Fix rpc_task_begin trace point NFS: Fix a typo in nfs_rename() dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 lib/genalloc.c: make the avail variable an atomic_long_t drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' route: update fnhe_expires for redirect when the fnhe exists route: also update fnhe_genid when updating a route cache gre6: use log_ecn_error module parameter in ip6_tnl_rcv() mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() x86/mpx/selftests: Fix up weird arrays coccinelle: fix parallel build with CHECK=scripts/coccicheck kbuild: pkg: use --transform option to prefix paths in tar EDAC, i5000, i5400: Fix definition of NRECMEMB register EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested drm/amd/amdgpu: fix console deadlock if late init failed axonram: Fix gendisk handling netfilter: don't track fragmented packets zram: set physical queue limits to avoid array out of bounds accesses blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() i2c: riic: fix restart condition crypto: s5p-sss - Fix completing crypto request in IRQ handler ipv6: reorder icmpv6_init() and ip6_mr_init() ibmvnic: Allocate number of rx/tx buffers agreed on by firmware ibmvnic: Fix overflowing firmware/hardware TX queue rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races bnx2x: do not rollback VF MAC/VLAN filters we did not configure bnx2x: fix detection of VLAN filtering feature for VF bnx2x: fix possible overrun of VFPF multicast addresses array bnx2x: prevent crash when accessing PTP with interface down spi_ks8995: regs_size incorrect for some devices spi_ks8995: fix "BUG: key accdaa28 not in .data!" KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled arm64: KVM: Survive unknown traps from guests arm: KVM: Survive unknown traps from guests KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset irqchip/crossbar: Fix incorrect type of register size scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters scsi: qla2xxx: Fix ql_dump_buffer workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq libata: drop WARN from protocol error in ata_sff_qc_issue() kvm: nVMX: VMCLEAR should not cause the vCPU to shut down usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver usb: gadget: pxa27x: Test for a valid argument pointer usb: dwc3: gadget: Fix system suspend/resume on TI platforms USB: gadgetfs: Fix a potential memory leak in 'dev_config()' usb: gadget: configs: plug memory leak HID: chicony: Add support for another ASUS Zen AiO keyboard gpio: altera: Use handle_level_irq when configured as a level_high ASoC: rcar: avoid SSI_MODEx settings for SSI8 ARM: OMAP2+: Release device node after it is no longer needed. ARM: OMAP2+: Fix device node reference counts powerpc/64: Fix checksum folding in csum_add() module: set __jump_table alignment to 8 lirc: fix dead lock between open and wakeup_filter powerpc: Fix compiling a BE kernel with a powerpc64le toolchain selftest/powerpc: Fix false failures for skipped tests powerpc/64: Invalidate process table caching after setting process table x86/hpet: Prevent might sleep splat on resume sched/fair: Make select_idle_cpu() more aggressive x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register x86/selftests: Add clobbers for int80 on x86_64 ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure vti6: Don't report path MTU below IPV6_MIN_MTU. ARM: 8657/1: uaccess: consistently check object sizes Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" Revert "drm/armada: Fix compile fail" mm: drop unused pmdp_huge_get_and_clear_notify() thp: fix MADV_DONTNEED vs. numa balancing race thp: reduce indentation level in change_huge_pmd() ARM: avoid faulting on qemu ARM: BUG if jumping to usermode address in kernel mode usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT crypto: talitos - fix ctr-aes-talitos crypto: talitos - fix use of sg_link_tbl_len crypto: talitos - fix AEAD for sha224 on non sha224 capable chips crypto: talitos - fix setkey to check key weakness crypto: talitos - fix memory corruption on SEC2 crypto: talitos - fix AEAD test failures bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. bus: arm-ccn: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: Check memory allocation failure bus: arm-cci: Fix use of smp_processor_id() in preemptible context arm64: fpsimd: Prevent registers leaking from dead tasks KVM: arm/arm64: vgic-its: Check result of allocation before use KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion KVM: VMX: remove I/O port 0x80 bypass on Intel hosts arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one media: dvb: i2c transfers over usb cannot be done from stack drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU kdb: Fix handling of kallsyms_symbol_next() return value brcmfmac: change driver unbind order of the sdio function devices powerpc/64s: Initialize ISAv3 MMU registers before setting partition table KVM: s390: Fix skey emulation permission check s390: fix compat system call table smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place iommu/vt-d: Fix scatterlist offset handling ALSA: usb-audio: Add check return value for usb_string() ALSA: usb-audio: Fix out-of-bound error ALSA: seq: Remove spurious WARN_ON() at timer check ALSA: pcm: prevent UAF in snd_pcm_info btrfs: fix missing error return in btrfs_drop_snapshot KVM: x86: fix APIC page invalidation x86/PCI: Make broadcom_postcore_init() check acpi_disabled X.509: fix comparisons of ->pkey_algo X.509: reject invalid BIT STRING for subjectPublicKey KEYS: add missing permission check for request_key() destination ASN.1: check for error from ASN1_OP_END__ACT actions ASN.1: fix out-of-bounds read when parsing indefinite length item efi/esrt: Use memunmap() instead of kfree() to free the remapping efi: Move some sysfs files to be read-only by root scsi: libsas: align sata_device's rps_resp on a cacheline scsi: use dma_get_cache_alignment() as minimum DMA alignment scsi: dma-mapping: always provide dma_get_cache_alignment isa: Prevent NULL dereference in isa_bus driver callbacks hv: kvp: Avoid reading past allocated blocks from KVP file virtio: release virtio index when fail to device_register can: usb_8dev: cancel urb on -EPIPE and -EPROTO can: esd_usb2: cancel urb on -EPIPE and -EPROTO can: ems_usb: cancel urb on -EPIPE and -EPROTO can: kvaser_usb: cancel urb on -EPIPE and -EPROTO can: kvaser_usb: ratelimit errors if incomplete messages are received can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() can: kvaser_usb: free buf in error paths can: ti_hecc: Fix napi poll return value for repoll usb: gadget: udc: renesas_usb3: fix number of the pipes ANDROID: Revert "arm64: move ELF_ET_DYN_BASE to 4GB / 4MB" ANDROID: Revert "arm: move ELF_ET_DYN_BASE to 4MB" Linux 4.9.68 xen-netfront: avoid crashing on resume after a failure in talk_to_netback() usb: host: fix incorrect updating of offset USB: usbfs: Filter flags passed in from user space USB: devio: Prevent integer overflow in proc_do_submiturb() USB: Increase usbfs transfer limit USB: core: Add type-specific length check of BOS descriptors usb: xhci: fix panic in xhci_free_virt_devices_depth_first usb: hub: Cycle HUB power when initialization fails dma-buf: Update kerneldoc for sync_file_create dma-buf/sync_file: hold reference to fence when creating sync_file dma-buf/sw_sync: force signal all unsignaled fences on dying timeline dma-fence: Introduce drm_fence_set_error() helper dma-fence: Wrap querying the fence->status dma-fence: Clear fence->status during dma_fence_init() dma-buf/sw_sync: clean up list before signaling the fence dma-buf/sw_sync: move timeline_fence_ops around dma-buf/sw-sync: Use an rbtree to sort fences in the timeline dma-buf/sw-sync: Fix locking around sync_timeline lists dma-buf/sw-sync: sync_pt is private and of fixed size dma-buf/sw-sync: Reduce irqsave/irqrestore from known context dma-buf/sw-sync: Prevent user overflow on timeline advance dma-buf/sw-sync: Fix the is-signaled test to handle u32 wraparound dma-buf/dma-fence: Extract __dma_fence_is_later() net: fec: fix multicast filtering hardware setup xen-netback: vif counters from int/long to u64 cec: initiator should be the same as the destination for, poll xen-netfront: Improve error handling during initialization mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers vfio/spapr: Fix missing mutex unlock when creating a window be2net: fix initial MAC setting net: thunderx: avoid dereferencing xcv when NULL net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause gtp: fix cross netns recv on gtp socket gtp: clear DF bit on GTP packet tx nvmet: cancel fatal error and flush async work before free controller i2c: i2c-cadence: Initialize configuration before probing devices tcp: correct memory barrier usage in tcp_check_space() dmaengine: pl330: fix double lock tipc: fix cleanup at module unload tipc: fix nametbl_lock soft lockup at module exit RDMA/qedr: Fix RDMA CM loopback RDMA/qedr: Return success when not changing QP state mac80211: don't try to sleep in rate_control_rate_init() drm/amdgpu: fix unload driver issue for virtual display x86/fpu: Set the xcomp_bv when we fake up a XSAVES area net: sctp: fix array overrun read on sctp_timer_tbl drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement drm/amdgpu: fix bug set incorrect value to vce register qla2xxx: Fix wrong IOCB type assumption powerpc/mm: Fix memory hotplug BUG() on radix perf/x86/intel: Account interrupts for PEBS errors NFSv4: Fix client recovery when server reboots multiple times mac80211: prevent skb/txq mismatch KVM: arm/arm64: Fix occasional warning from the timer work function drm/exynos/decon5433: set STANDALONE_UPDATE_F also if planes are disabled drm/exynos/decon5433: update shadow registers iff there are active windows nfs: Don't take a reference on fl->fl_file for LOCK operation ravb: Remove Rx overflow log messages mac80211: calculate min channel width correctly mm: fix remote numa hits statistics net: qrtr: Mark 'buf' as little endian libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount net/appletalk: Fix kernel memory disclosure be2net: fix unicast list filling be2net: fix accesses to unicast list vti6: fix device register to report IFLA_INFO_KIND ARM: OMAP1: DMA: Correct the number of logical channels ARM: OMAP2+: Fix WL1283 Bluetooth Baud Rate net: systemport: Pad packet before inserting TSB net: systemport: Utilize skb_put_padto() libcxgb: fix error check for ip6_route_output() usb: gadget: f_fs: Fix ExtCompat descriptor validation dmaengine: stm32-dma: Fix null pointer dereference in stm32_dma_tx_status dmaengine: stm32-dma: Set correct args number for DMA request from DT l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups net/mlx4_en: Fix type mismatch for 32-bit systems dax: Avoid page invalidation races and unnecessary radix tree traversals iio: adc: ti-ads1015: add 10% to conversion wait time tools include: Do not use poison with C++ kprobes/x86: Disable preemption in ftrace-based jprobes perf test attr: Fix ignored test case result usbip: tools: Install all headers needed for libusbip development sysrq : fix Show Regs call trace on ARM EDAC, sb_edac: Fix missing break in switch x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X usb: phy: tahvo: fix error handling in tahvo_usb_probe() mmc: sdhci-msm: fix issue with power irq spi: spi-axi: fix potential use-after-free after deregistration spi: sh-msiof: Fix DMA transfer size check staging: rtl8188eu: avoid a null dereference on pmlmepriv serial: 8250_fintek: Fix rs485 disablement on invalid ioctl() m68k: fix ColdFire node shift size calculation staging: greybus: loopback: Fix iteration count on async path selftests/x86/ldt_get: Add a few additional tests for limits s390/pci: do not require AIS facility ima: fix hash algorithm initialization USB: serial: option: add Quectel BG96 id s390/runtime instrumentation: simplify task exit handling serial: 8250_pci: Add Amazon PCI serial device ID usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices mm, oom_reaper: gather each vma to prevent leaking TLB entry Revert "crypto: caam - get rid of tasklet" drm/fsl-dcu: enable IRQ before drm_atomic_helper_resume() drm/fsl-dcu: avoid disabling pixel clock twice on suspend bcache: recover data from backing when data is clean bcache: only permit to recovery read error when cache device is clean Linux 4.9.67 drm/i915: Prevent zero length "index" write drm/i915: Don't try indexed reads to alternate slave addresses NFS: revalidate "." etc correctly on "open". Revert "x86/entry/64: Add missing irqflags tracing to native_load_gs_index()" drm/amd/pp: fix typecast error in powerplay. drm/ttm: once more fix ttm_buffer_object_transfer drm/hisilicon: Ensure LDI regs are properly configured. drm/panel: simple: Add missing panel_simple_unprepare() calls drm/radeon: fix atombios on big endian drm/amdgpu: Potential uninitialized variable in amdgpu_vm_update_directories() drm/amdgpu: potential uninitialized variable in amdgpu_vce_ring_parse_cs() Revert "drm/radeon: dont switch vt on suspend" nvme-pci: add quirk for delay before CHK RDY for WDC SN200 hwmon: (jc42) optionally try to disable the SMBUS timeout bcache: Fix building error on MIPS i2c: i801: Fix Failed to allocate irq -2147483648 error eeprom: at24: check at24_read/write arguments eeprom: at24: correctly set the size for at24mac402 eeprom: at24: fix reading from 24MAC402/24MAC602 mmc: core: prepend 0x to OCR entry in sysfs mmc: core: Do not leave the block driver in a suspended state KVM: lapic: Fixup LDR on load in x2apic KVM: lapic: Split out x2apic ldr calculation KVM: x86: inject exceptions produced by x86_decode_insn KVM: x86: Exit to user-mode on #UD intercept when emulator requires KVM: x86: pvclock: Handle first-time write to pvclock-page contains random junk ARM: OMAP2+: Fix WL1283 Bluetooth Baud Rate mfd: twl4030-power: Fix pmic for boards that need vmmc1 on reboot nfsd: fix panic in posix_unblock_lock called from nfs4_laundromat nfsd: Fix another OPEN stateid race nfsd: Fix stateid races between OPEN and CLOSE btrfs: clear space cache inode generation always mm/madvise.c: fix madvise() infinite loop under special circumstances mm, hugetlbfs: introduce ->split() to vm_operations_struct mm/cma: fix alloc_contig_range ret code/potential leak mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d() ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio ARM: dts: LogicPD Torpedo: Fix camera pin mux Linux 4.9.66 xen: xenbus driver must not accept invalid transaction ids nvmet: fix KATO offset in Set Features cec: update log_addr[] before finishing configuration cec: CEC_MSG_GIVE_FEATURES should abort for CEC version < 2 cec: when canceling a message, don't overwrite old status info s390/kbuild: enable modversions for symbols exported from asm ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data btrfs: return the actual error value from from btrfs_uuid_tree_iterate crypto: marvell - Copy IVDIG before launching partial DMA ahash requests ASoC: rsnd: don't double free kctrl netfilter: nf_tables: fix oob access netfilter: nft_queue: use raw_smp_processor_id() spi: SPI_FSL_DSPI should depend on HAS_DMA staging: iio: cdc: fix improper return value iio: light: fix improper return value adm80211: add checks for dma mapping errors mac80211: Suppress NEW_PEER_CANDIDATE event if no room mac80211: Remove invalid flag operations in mesh TSF synchronization drm/mediatek: don't use drm_put_dev clk: qcom: ipq4019: Add all the frequencies for apss cpu drm: Apply range restriction after color adjustment when allocation gpio: mockup: dynamically allocate memory for chip name ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE ath10k: set CTS protection VDEV param only if VDEV is up bnxt_en: Set default completion ring for async events. pinctrl: sirf: atlas7: Add missing 'of_node_put()' ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() ath10k: ignore configuring the incorrect board_id ath10k: fix incorrect txpower set by P2P_DEVICE interface mwifiex: sdio: fix use after free issue for save_adapter adm80211: return an error if adm8211_alloc_rings() fails rt2800: set minimum MPDU and PSDU lengths to sane values drm/armada: Fix compile fail net: 3com: typhoon: typhoon_init_one: fix incorrect return values net: 3com: typhoon: typhoon_init_one: make return values more specific net: Allow IP_MULTICAST_IF to set index to L3 slave fscrypt: use ENOTDIR when setting encryption policy on nondirectory fscrypt: use ENOKEY when file cannot be created w/o key dmaengine: zx: set DMA_CYCLIC cap_mask bit clk: sunxi-ng: fix PLL_CPUX adjusting on A33 clk: sunxi-ng: A31: Fix spdif clock register drm/sun4i: Fix a return value in case of error PCI: Apply _HPX settings only to relevant devices RDS: RDMA: fix the ib_map_mr_sg_zbva() argument RDS: RDMA: return appropriate error on rdma map failures RDS: make message size limit compliant with spec e1000e: Avoid receiver overrun interrupt bursts e1000e: Separate signaling for link check/link up e1000e: Fix return value test e1000e: Fix error path in link detection Revert "drm/i915: Do not rely on wm preservation for ILK watermarks" PM / OPP: Add missing of_node_put(np) net/9p: Switch to wait_event_killable() fscrypt: lock mutex before checking for bounce page pool sched/rt: Simplify the IPI based RT balancing logic media: v4l2-ctrl: Fix flags field on Control events cx231xx-cards: fix NULL-deref on missing association descriptor media: rc: check for integer overflow media: Don't do DMA on stack for firmware upload in the AS102 driver powerpc/signal: Properly handle return value from uprobe_deny_signal() parisc: Fix validity check of pointer size argument in new CAS implementation ixgbe: Fix skb list corruption on Power systems fm10k: Use smp_rmb rather than read_barrier_depends i40evf: Use smp_rmb rather than read_barrier_depends ixgbevf: Use smp_rmb rather than read_barrier_depends igbvf: Use smp_rmb rather than read_barrier_depends igb: Use smp_rmb rather than read_barrier_depends i40e: Use smp_rmb rather than read_barrier_depends NFC: fix device-allocation error return IB/srp: Avoid that a cable pull can trigger a kernel crash IB/srpt: Do not accept invalid initiator port names libnvdimm, namespace: make 'resource' attribute only readable by root libnvdimm, namespace: fix label initialization to use valid seq numbers libnvdimm, pfn: make 'resource' attribute only readable by root clk: ti: dra7-atl-clock: fix child-node lookups SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status KVM: SVM: obey guest PAT KVM: nVMX: set IDTR and GDTR limits when loading L1 host state lockd: double unregister of inetaddr notifiers irqchip/gic-v3: Fix ppi-partitions lookup block: Fix a race between blk_cleanup_queue() and timeout handling p54: don't unregister leds when they are not initialized mtd: nand: mtk: fix infinite ECC decode IRQ issue mtd: nand: Fix writing mtdoops to nand flash. mtd: nand: omap2: Fix subpage write target: Fix QUEUE_FULL + SCSI task attribute handling iscsi-target: Fix non-immediate TMR reference leak fs/9p: Compare qid.path in v9fs_test_inode fix a page leak in vhost_scsi_iov_to_sgl() error recovery ALSA: hda/realtek - Fix ALC700 family no sound issue ALSA: hda: Fix too short HDMI/DP chmap reporting ALSA: timer: Remove kernel warning at compat ioctl error paths ALSA: usb-audio: Add sanity checks in v2 clock parsers ALSA: usb-audio: Fix potential out-of-bound access at parsing SU ALSA: usb-audio: Add sanity checks to FE parser ALSA: pcm: update tstamp only if audio_tstamp changed ext4: fix interaction between i_size, fallocate, and delalloc after a crash ata: fixes kernel crash while tracing ata_eh_link_autopsy event rtlwifi: fix uninitialized rtlhal->last_suspend_sec time rtlwifi: rtl8192ee: Fix memory leak when loading firmware nfsd: deal with revoked delegations appropriately NFS: Avoid RCU usage in tracepoints nfs: Fix ugly referral attributes NFS: Fix typo in nomigration mount option isofs: fix timestamps beyond 2027 bcache: check ca->alloc_thread initialized before wake up it libceph: don't WARN() if user tries to add invalid key eCryptfs: use after free in ecryptfs_release_messaging() nilfs2: fix race condition that causes file system corruption autofs: don't fail mount for transient error rt2x00usb: mark device removed when get ENOENT usb error MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 MIPS: Fix an n32 core file generation regset support regression MIPS: dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry MIPS: Fix odd fp register warnings with MIPS64r2 dm: fix race between dm_get_from_kobject() and __dm_destroy() MIPS: pci: Remove KERN_WARN instance inside the mt7620 driver dm: allocate struct mapped_device with kvzalloc dm bufio: fix integer overflow when limiting maximum cache size ALSA: hda: Add Raven PCI ID PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF MIPS: ralink: Fix typo in mt7628 pinmux function MIPS: ralink: Fix MT7628 pinmux ARM: 8721/1: mm: dump: check hardware RO bit for LPAE ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE arm64: Implement arch-specific pte_access_permitted() x86/entry/64: Add missing irqflags tracing to native_load_gs_index() x86/decoder: Add new TEST instruction pattern lib/mpi: call cond_resched() from mpi_powm() loop sched: Make resched_cpu() unconditional vsock: use new wait API for vsock_stream_sendmsg() ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER x86/mm: fix use-after-free of vma during userfaultfd fault ACPI / EC: Fix regression related to triggering source of EC event handling s390/disassembler: increase show_code buffer size s390/disassembler: add missing end marker for e7 table s390/runtime instrumention: fix possible memory corruption s390: fix transactional execution control register handling Conflicts: drivers/android/binder_alloc.c drivers/android/binder_alloc.h drivers/android/binder_alloc_selftest.c drivers/mmc/core/bus.c drivers/mmc/host/sdhci-msm.c drivers/thermal/step_wise.c kernel/cpu.c mm/oom_kill.c sound/usb/mixer.c Change-Id: Id01eb66cafc5970b460321e44ec8ffcfa76971a6 Signed-off-by: Kyle Yan <kyan@codeaurora.org> |
||
|
Mark Rutland
|
586b2bdb27 |
BACKPORT: kasan: report only the first error by default
Disable kasan after the first report. There are several reasons for this: - Single bug quite often has multiple invalid memory accesses causing storm in the dmesg. - Write OOB access might corrupt metadata so the next report will print bogus alloc/free stacktraces. - Reports after the first easily could be not bugs by itself but just side effects of the first one. Given that multiple reports usually only do harm, it makes sense to disable kasan after the first one. If user wants to see all the reports, the boot-time parameter kasan_multi_shot must be used. [aryabinin@virtuozzo.com: wrote changelog and doc, added missing include] Link: http://lkml.kernel.org/r/20170323154416.30257-1-aryabinin@virtuozzo.com Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Cc: Andrey Konovalov <andreyknvl@google.com> Cc: Alexander Potapenko <glider@google.com> Cc: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Bug: 64145065 (cherry-picked from b0845ce58379d11dcad4cdb6824a6410de260216) Change-Id: Ia8c6d40dd0d4f5b944bf3501c08d7a825070b116 Signed-off-by: Paul Lawrence <paullawrence@google.com> |
||
|
Greg Kroah-Hartman
|
b8d2f6e062 |
Merge 4.9.69 into android-4.9-o
Changes in 4.9.69 usb: gadget: udc: renesas_usb3: fix number of the pipes can: ti_hecc: Fix napi poll return value for repoll can: kvaser_usb: free buf in error paths can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() can: kvaser_usb: ratelimit errors if incomplete messages are received can: kvaser_usb: cancel urb on -EPIPE and -EPROTO can: ems_usb: cancel urb on -EPIPE and -EPROTO can: esd_usb2: cancel urb on -EPIPE and -EPROTO can: usb_8dev: cancel urb on -EPIPE and -EPROTO virtio: release virtio index when fail to device_register hv: kvp: Avoid reading past allocated blocks from KVP file isa: Prevent NULL dereference in isa_bus driver callbacks scsi: dma-mapping: always provide dma_get_cache_alignment scsi: use dma_get_cache_alignment() as minimum DMA alignment scsi: libsas: align sata_device's rps_resp on a cacheline efi: Move some sysfs files to be read-only by root efi/esrt: Use memunmap() instead of kfree() to free the remapping ASN.1: fix out-of-bounds read when parsing indefinite length item ASN.1: check for error from ASN1_OP_END__ACT actions KEYS: add missing permission check for request_key() destination X.509: reject invalid BIT STRING for subjectPublicKey X.509: fix comparisons of ->pkey_algo x86/PCI: Make broadcom_postcore_init() check acpi_disabled KVM: x86: fix APIC page invalidation btrfs: fix missing error return in btrfs_drop_snapshot ALSA: pcm: prevent UAF in snd_pcm_info ALSA: seq: Remove spurious WARN_ON() at timer check ALSA: usb-audio: Fix out-of-bound error ALSA: usb-audio: Add check return value for usb_string() iommu/vt-d: Fix scatterlist offset handling smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place s390: fix compat system call table KVM: s390: Fix skey emulation permission check powerpc/64s: Initialize ISAv3 MMU registers before setting partition table brcmfmac: change driver unbind order of the sdio function devices kdb: Fix handling of kallsyms_symbol_next() return value drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU media: dvb: i2c transfers over usb cannot be done from stack arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one KVM: VMX: remove I/O port 0x80 bypass on Intel hosts KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation KVM: arm/arm64: vgic-its: Check result of allocation before use arm64: fpsimd: Prevent registers leaking from dead tasks bus: arm-cci: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: Check memory allocation failure bus: arm-ccn: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. crypto: talitos - fix AEAD test failures crypto: talitos - fix memory corruption on SEC2 crypto: talitos - fix setkey to check key weakness crypto: talitos - fix AEAD for sha224 on non sha224 capable chips crypto: talitos - fix use of sg_link_tbl_len crypto: talitos - fix ctr-aes-talitos usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT ARM: BUG if jumping to usermode address in kernel mode ARM: avoid faulting on qemu thp: reduce indentation level in change_huge_pmd() thp: fix MADV_DONTNEED vs. numa balancing race mm: drop unused pmdp_huge_get_and_clear_notify() Revert "drm/armada: Fix compile fail" Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" ARM: 8657/1: uaccess: consistently check object sizes vti6: Don't report path MTU below IPV6_MIN_MTU. ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure x86/selftests: Add clobbers for int80 on x86_64 x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register sched/fair: Make select_idle_cpu() more aggressive x86/hpet: Prevent might sleep splat on resume powerpc/64: Invalidate process table caching after setting process table selftest/powerpc: Fix false failures for skipped tests powerpc: Fix compiling a BE kernel with a powerpc64le toolchain lirc: fix dead lock between open and wakeup_filter module: set __jump_table alignment to 8 powerpc/64: Fix checksum folding in csum_add() ARM: OMAP2+: Fix device node reference counts ARM: OMAP2+: Release device node after it is no longer needed. ASoC: rcar: avoid SSI_MODEx settings for SSI8 gpio: altera: Use handle_level_irq when configured as a level_high HID: chicony: Add support for another ASUS Zen AiO keyboard usb: gadget: configs: plug memory leak USB: gadgetfs: Fix a potential memory leak in 'dev_config()' usb: dwc3: gadget: Fix system suspend/resume on TI platforms usb: gadget: pxa27x: Test for a valid argument pointer usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver kvm: nVMX: VMCLEAR should not cause the vCPU to shut down libata: drop WARN from protocol error in ata_sff_qc_issue() workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq scsi: qla2xxx: Fix ql_dump_buffer scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters irqchip/crossbar: Fix incorrect type of register size KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset arm: KVM: Survive unknown traps from guests arm64: KVM: Survive unknown traps from guests KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled spi_ks8995: fix "BUG: key accdaa28 not in .data!" spi_ks8995: regs_size incorrect for some devices bnx2x: prevent crash when accessing PTP with interface down bnx2x: fix possible overrun of VFPF multicast addresses array bnx2x: fix detection of VLAN filtering feature for VF bnx2x: do not rollback VF MAC/VLAN filters we did not configure rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races ibmvnic: Fix overflowing firmware/hardware TX queue ibmvnic: Allocate number of rx/tx buffers agreed on by firmware ipv6: reorder icmpv6_init() and ip6_mr_init() crypto: s5p-sss - Fix completing crypto request in IRQ handler i2c: riic: fix restart condition blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() zram: set physical queue limits to avoid array out of bounds accesses netfilter: don't track fragmented packets axonram: Fix gendisk handling drm/amd/amdgpu: fix console deadlock if late init failed powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro EDAC, i5000, i5400: Fix definition of NRECMEMB register kbuild: pkg: use --transform option to prefix paths in tar coccinelle: fix parallel build with CHECK=scripts/coccicheck x86/mpx/selftests: Fix up weird arrays mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() gre6: use log_ecn_error module parameter in ip6_tnl_rcv() route: also update fnhe_genid when updating a route cache route: update fnhe_expires for redirect when the fnhe exists drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' lib/genalloc.c: make the avail variable an atomic_long_t dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 NFS: Fix a typo in nfs_rename() sunrpc: Fix rpc_task_begin trace point xfs: fix forgotten rcu read unlock when skipping inode reclaim dt-bindings: usb: fix reg-property port-number range block: wake up all tasks blocked in get_request() sparc64/mm: set fields in deferred pages zsmalloc: calling zs_map_object() from irq is a bug sctp: do not free asoc when it is already dead in sctp_sendmsg sctp: use the right sk after waking up from wait_buf sleep bpf: fix lockdep splat clk: uniphier: fix DAPLL2 clock rate of Pro5 atm: horizon: Fix irq release error jump_label: Invoke jump_label_test() via early_initcall() xfrm: Copy policy family in clone_policy IB/mlx4: Increase maximal message size under UD QP IB/mlx5: Assign send CQ and recv CQ of UMR QP afs: Connect up the CB.ProbeUuid Linux 4.9.69 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
3f1d77ca5f |
Merge 4.9.69 into android-4.9
Changes in 4.9.69 usb: gadget: udc: renesas_usb3: fix number of the pipes can: ti_hecc: Fix napi poll return value for repoll can: kvaser_usb: free buf in error paths can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() can: kvaser_usb: ratelimit errors if incomplete messages are received can: kvaser_usb: cancel urb on -EPIPE and -EPROTO can: ems_usb: cancel urb on -EPIPE and -EPROTO can: esd_usb2: cancel urb on -EPIPE and -EPROTO can: usb_8dev: cancel urb on -EPIPE and -EPROTO virtio: release virtio index when fail to device_register hv: kvp: Avoid reading past allocated blocks from KVP file isa: Prevent NULL dereference in isa_bus driver callbacks scsi: dma-mapping: always provide dma_get_cache_alignment scsi: use dma_get_cache_alignment() as minimum DMA alignment scsi: libsas: align sata_device's rps_resp on a cacheline efi: Move some sysfs files to be read-only by root efi/esrt: Use memunmap() instead of kfree() to free the remapping ASN.1: fix out-of-bounds read when parsing indefinite length item ASN.1: check for error from ASN1_OP_END__ACT actions KEYS: add missing permission check for request_key() destination X.509: reject invalid BIT STRING for subjectPublicKey X.509: fix comparisons of ->pkey_algo x86/PCI: Make broadcom_postcore_init() check acpi_disabled KVM: x86: fix APIC page invalidation btrfs: fix missing error return in btrfs_drop_snapshot ALSA: pcm: prevent UAF in snd_pcm_info ALSA: seq: Remove spurious WARN_ON() at timer check ALSA: usb-audio: Fix out-of-bound error ALSA: usb-audio: Add check return value for usb_string() iommu/vt-d: Fix scatterlist offset handling smp/hotplug: Move step CPUHP_AP_SMPCFD_DYING to the correct place s390: fix compat system call table KVM: s390: Fix skey emulation permission check powerpc/64s: Initialize ISAv3 MMU registers before setting partition table brcmfmac: change driver unbind order of the sdio function devices kdb: Fix handling of kallsyms_symbol_next() return value drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU media: dvb: i2c transfers over usb cannot be done from stack arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one KVM: VMX: remove I/O port 0x80 bypass on Intel hosts KVM: arm/arm64: Fix broken GICH_ELRSR big endian conversion KVM: arm/arm64: vgic-irqfd: Fix MSI entry allocation KVM: arm/arm64: vgic-its: Check result of allocation before use arm64: fpsimd: Prevent registers leaking from dead tasks bus: arm-cci: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: Check memory allocation failure bus: arm-ccn: Fix use of smp_processor_id() in preemptible context bus: arm-ccn: fix module unloading Error: Removing state 147 which has instances left. crypto: talitos - fix AEAD test failures crypto: talitos - fix memory corruption on SEC2 crypto: talitos - fix setkey to check key weakness crypto: talitos - fix AEAD for sha224 on non sha224 capable chips crypto: talitos - fix use of sg_link_tbl_len crypto: talitos - fix ctr-aes-talitos usb: f_fs: Force Reserved1=1 in OS_DESC_EXT_COMPAT ARM: BUG if jumping to usermode address in kernel mode ARM: avoid faulting on qemu thp: reduce indentation level in change_huge_pmd() thp: fix MADV_DONTNEED vs. numa balancing race mm: drop unused pmdp_huge_get_and_clear_notify() Revert "drm/armada: Fix compile fail" Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA" ARM: 8657/1: uaccess: consistently check object sizes vti6: Don't report path MTU below IPV6_MIN_MTU. ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure x86/selftests: Add clobbers for int80 on x86_64 x86/platform/uv/BAU: Fix HUB errors by remove initial write to sw-ack register sched/fair: Make select_idle_cpu() more aggressive x86/hpet: Prevent might sleep splat on resume powerpc/64: Invalidate process table caching after setting process table selftest/powerpc: Fix false failures for skipped tests powerpc: Fix compiling a BE kernel with a powerpc64le toolchain lirc: fix dead lock between open and wakeup_filter module: set __jump_table alignment to 8 powerpc/64: Fix checksum folding in csum_add() ARM: OMAP2+: Fix device node reference counts ARM: OMAP2+: Release device node after it is no longer needed. ASoC: rcar: avoid SSI_MODEx settings for SSI8 gpio: altera: Use handle_level_irq when configured as a level_high HID: chicony: Add support for another ASUS Zen AiO keyboard usb: gadget: configs: plug memory leak USB: gadgetfs: Fix a potential memory leak in 'dev_config()' usb: dwc3: gadget: Fix system suspend/resume on TI platforms usb: gadget: pxa27x: Test for a valid argument pointer usb: gadget: udc: net2280: Fix tmp reusage in net2280 driver kvm: nVMX: VMCLEAR should not cause the vCPU to shut down libata: drop WARN from protocol error in ata_sff_qc_issue() workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq scsi: qla2xxx: Fix ql_dump_buffer scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters irqchip/crossbar: Fix incorrect type of register size KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset arm: KVM: Survive unknown traps from guests arm64: KVM: Survive unknown traps from guests KVM: arm/arm64: VGIC: Fix command handling while ITS being disabled spi_ks8995: fix "BUG: key accdaa28 not in .data!" spi_ks8995: regs_size incorrect for some devices bnx2x: prevent crash when accessing PTP with interface down bnx2x: fix possible overrun of VFPF multicast addresses array bnx2x: fix detection of VLAN filtering feature for VF bnx2x: do not rollback VF MAC/VLAN filters we did not configure rds: tcp: Sequence teardown of listen and acceptor sockets to avoid races ibmvnic: Fix overflowing firmware/hardware TX queue ibmvnic: Allocate number of rx/tx buffers agreed on by firmware ipv6: reorder icmpv6_init() and ip6_mr_init() crypto: s5p-sss - Fix completing crypto request in IRQ handler i2c: riic: fix restart condition blk-mq: initialize mq kobjects in blk_mq_init_allocated_queue() zram: set physical queue limits to avoid array out of bounds accesses netfilter: don't track fragmented packets axonram: Fix gendisk handling drm/amd/amdgpu: fix console deadlock if late init failed powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro EDAC, i5000, i5400: Fix definition of NRECMEMB register kbuild: pkg: use --transform option to prefix paths in tar coccinelle: fix parallel build with CHECK=scripts/coccicheck x86/mpx/selftests: Fix up weird arrays mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl() gre6: use log_ecn_error module parameter in ip6_tnl_rcv() route: also update fnhe_genid when updating a route cache route: update fnhe_expires for redirect when the fnhe exists drivers/rapidio/devices/rio_mport_cdev.c: fix resource leak in error handling path in 'rio_dma_transfer()' lib/genalloc.c: make the avail variable an atomic_long_t dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 NFS: Fix a typo in nfs_rename() sunrpc: Fix rpc_task_begin trace point xfs: fix forgotten rcu read unlock when skipping inode reclaim dt-bindings: usb: fix reg-property port-number range block: wake up all tasks blocked in get_request() sparc64/mm: set fields in deferred pages zsmalloc: calling zs_map_object() from irq is a bug sctp: do not free asoc when it is already dead in sctp_sendmsg sctp: use the right sk after waking up from wait_buf sleep bpf: fix lockdep splat clk: uniphier: fix DAPLL2 clock rate of Pro5 atm: horizon: Fix irq release error jump_label: Invoke jump_label_test() via early_initcall() xfrm: Copy policy family in clone_policy IB/mlx4: Increase maximal message size under UD QP IB/mlx5: Assign send CQ and recv CQ of UMR QP afs: Connect up the CB.ProbeUuid Linux 4.9.69 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Randy Dunlap
|
a780a72847 |
dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0
[ Upstream commit 1f3c790bd5989fcfec9e53ad8fa09f5b740c958f ] line-range is supposed to treat "1-" as "1-endoffile", so handle the special case by setting last_lineno to UINT_MAX. Fixes this error: dynamic_debug:ddebug_parse_query: last-line:0 < 1st-line:1 dynamic_debug:ddebug_exec_query: query parse failed Link: http://lkml.kernel.org/r/10a6a101-e2be-209f-1f41-54637824788e@infradead.org Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Acked-by: Jason Baron <jbaron@akamai.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Stephen Bates
|
a77c116075 |
lib/genalloc.c: make the avail variable an atomic_long_t
[ Upstream commit 36a3d1dd4e16bcd0d2ddfb4a2ec7092f0ae0d931 ] If the amount of resources allocated to a gen_pool exceeds 2^32 then the avail atomic overflows and this causes problems when clients try and borrow resources from the pool. This is only expected to be an issue on 64 bit systems. Add the <linux/atomic.h> header to pull in atomic_long* operations. So that 32 bit systems continue to use atomic32_t but 64 bit systems can use atomic64_t. Link: http://lkml.kernel.org/r/1509033843-25667-1-git-send-email-sbates@raithlin.com Signed-off-by: Stephen Bates <sbates@raithlin.com> Reviewed-by: Logan Gunthorpe <logang@deltatee.com> Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Reviewed-by: Daniel Mentz <danielmentz@google.com> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Will Deacon <will.deacon@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
44acfcb6dd |
ASN.1: check for error from ASN1_OP_END__ACT actions
commit 81a7be2cd69b412ab6aeacfe5ebf1bb6e5bce955 upstream.
asn1_ber_decoder() was ignoring errors from actions associated with the
opcodes ASN1_OP_END_SEQ_ACT, ASN1_OP_END_SET_ACT,
ASN1_OP_END_SEQ_OF_ACT, and ASN1_OP_END_SET_OF_ACT. In practice, this
meant the pkcs7_note_signed_info() action (since that was the only user
of those opcodes). Fix it by checking for the error, just like the
decoder does for actions associated with the other opcodes.
This bug allowed users to leak slab memory by repeatedly trying to add a
specially crafted "pkcs7_test" key (requires CONFIG_PKCS7_TEST_KEY).
In theory, this bug could also be used to bypass module signature
verification, by providing a PKCS#7 message that is misparsed such that
a signature's ->authattrs do not contain its ->msgdigest. But it
doesn't seem practical in normal cases, due to restrictions on the
format of the ->authattrs.
Fixes:
|
||
|
Eric Biggers
|
608845ad49 |
ASN.1: fix out-of-bounds read when parsing indefinite length item
commit e0058f3a874ebb48b25be7ff79bc3b4e59929f90 upstream.
In asn1_ber_decoder(), indefinitely-sized ASN.1 items were being passed
to the action functions before their lengths had been computed, using
the bogus length of 0x80 (ASN1_INDEFINITE_LENGTH). This resulted in
reading data past the end of the input buffer, when given a specially
crafted message.
Fix it by rearranging the code so that the indefinite length is resolved
before the action is called.
This bug was originally found by fuzzing the X.509 parser in userspace
using libFuzzer from the LLVM project.
KASAN report (cleaned up slightly):
BUG: KASAN: slab-out-of-bounds in memcpy ./include/linux/string.h:341 [inline]
BUG: KASAN: slab-out-of-bounds in x509_fabricate_name.constprop.1+0x1a4/0x940 crypto/asymmetric_keys/x509_cert_parser.c:366
Read of size 128 at addr ffff880035dd9eaf by task keyctl/195
CPU: 1 PID: 195 Comm: keyctl Not tainted 4.14.0-09238-g1d3b78bbc6e9 #26
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-20171110_100015-anatol 04/01/2014
Call Trace:
__dump_stack lib/dump_stack.c:17 [inline]
dump_stack+0xd1/0x175 lib/dump_stack.c:53
print_address_description+0x78/0x260 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report+0x23f/0x350 mm/kasan/report.c:409
memcpy+0x1f/0x50 mm/kasan/kasan.c:302
memcpy ./include/linux/string.h:341 [inline]
x509_fabricate_name.constprop.1+0x1a4/0x940 crypto/asymmetric_keys/x509_cert_parser.c:366
asn1_ber_decoder+0xb4a/0x1fd0 lib/asn1_decoder.c:447
x509_cert_parse+0x1c7/0x620 crypto/asymmetric_keys/x509_cert_parser.c:89
x509_key_preparse+0x61/0x750 crypto/asymmetric_keys/x509_public_key.c:174
asymmetric_key_preparse+0xa4/0x150 crypto/asymmetric_keys/asymmetric_type.c:388
key_create_or_update+0x4d4/0x10a0 security/keys/key.c:850
SYSC_add_key security/keys/keyctl.c:122 [inline]
SyS_add_key+0xe8/0x290 security/keys/keyctl.c:62
entry_SYSCALL_64_fastpath+0x1f/0x96
Allocated by task 195:
__do_kmalloc_node mm/slab.c:3675 [inline]
__kmalloc_node+0x47/0x60 mm/slab.c:3682
kvmalloc ./include/linux/mm.h:540 [inline]
SYSC_add_key security/keys/keyctl.c:104 [inline]
SyS_add_key+0x19e/0x290 security/keys/keyctl.c:62
entry_SYSCALL_64_fastpath+0x1f/0x96
Fixes:
|
||
|
Greg Kroah-Hartman
|
9566f9f524 |
Merge 4.9.66 into android-4.9-o
Changes in 4.9.66 s390: fix transactional execution control register handling s390/runtime instrumention: fix possible memory corruption s390/disassembler: add missing end marker for e7 table s390/disassembler: increase show_code buffer size ACPI / EC: Fix regression related to triggering source of EC event handling x86/mm: fix use-after-free of vma during userfaultfd fault ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER vsock: use new wait API for vsock_stream_sendmsg() sched: Make resched_cpu() unconditional lib/mpi: call cond_resched() from mpi_powm() loop x86/decoder: Add new TEST instruction pattern x86/entry/64: Add missing irqflags tracing to native_load_gs_index() arm64: Implement arch-specific pte_access_permitted() ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE ARM: 8721/1: mm: dump: check hardware RO bit for LPAE MIPS: ralink: Fix MT7628 pinmux MIPS: ralink: Fix typo in mt7628 pinmux function PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF ALSA: hda: Add Raven PCI ID dm bufio: fix integer overflow when limiting maximum cache size dm: allocate struct mapped_device with kvzalloc MIPS: pci: Remove KERN_WARN instance inside the mt7620 driver dm: fix race between dm_get_from_kobject() and __dm_destroy() MIPS: Fix odd fp register warnings with MIPS64r2 MIPS: dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry MIPS: Fix an n32 core file generation regset support regression MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 rt2x00usb: mark device removed when get ENOENT usb error autofs: don't fail mount for transient error nilfs2: fix race condition that causes file system corruption eCryptfs: use after free in ecryptfs_release_messaging() libceph: don't WARN() if user tries to add invalid key bcache: check ca->alloc_thread initialized before wake up it isofs: fix timestamps beyond 2027 NFS: Fix typo in nomigration mount option nfs: Fix ugly referral attributes NFS: Avoid RCU usage in tracepoints nfsd: deal with revoked delegations appropriately rtlwifi: rtl8192ee: Fix memory leak when loading firmware rtlwifi: fix uninitialized rtlhal->last_suspend_sec time ata: fixes kernel crash while tracing ata_eh_link_autopsy event ext4: fix interaction between i_size, fallocate, and delalloc after a crash ALSA: pcm: update tstamp only if audio_tstamp changed ALSA: usb-audio: Add sanity checks to FE parser ALSA: usb-audio: Fix potential out-of-bound access at parsing SU ALSA: usb-audio: Add sanity checks in v2 clock parsers ALSA: timer: Remove kernel warning at compat ioctl error paths ALSA: hda: Fix too short HDMI/DP chmap reporting ALSA: hda/realtek - Fix ALC700 family no sound issue fix a page leak in vhost_scsi_iov_to_sgl() error recovery fs/9p: Compare qid.path in v9fs_test_inode iscsi-target: Fix non-immediate TMR reference leak target: Fix QUEUE_FULL + SCSI task attribute handling mtd: nand: omap2: Fix subpage write mtd: nand: Fix writing mtdoops to nand flash. mtd: nand: mtk: fix infinite ECC decode IRQ issue p54: don't unregister leds when they are not initialized block: Fix a race between blk_cleanup_queue() and timeout handling irqchip/gic-v3: Fix ppi-partitions lookup lockd: double unregister of inetaddr notifiers KVM: nVMX: set IDTR and GDTR limits when loading L1 host state KVM: SVM: obey guest PAT SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status clk: ti: dra7-atl-clock: fix child-node lookups libnvdimm, pfn: make 'resource' attribute only readable by root libnvdimm, namespace: fix label initialization to use valid seq numbers libnvdimm, namespace: make 'resource' attribute only readable by root IB/srpt: Do not accept invalid initiator port names IB/srp: Avoid that a cable pull can trigger a kernel crash NFC: fix device-allocation error return i40e: Use smp_rmb rather than read_barrier_depends igb: Use smp_rmb rather than read_barrier_depends igbvf: Use smp_rmb rather than read_barrier_depends ixgbevf: Use smp_rmb rather than read_barrier_depends i40evf: Use smp_rmb rather than read_barrier_depends fm10k: Use smp_rmb rather than read_barrier_depends ixgbe: Fix skb list corruption on Power systems parisc: Fix validity check of pointer size argument in new CAS implementation powerpc/signal: Properly handle return value from uprobe_deny_signal() media: Don't do DMA on stack for firmware upload in the AS102 driver media: rc: check for integer overflow cx231xx-cards: fix NULL-deref on missing association descriptor media: v4l2-ctrl: Fix flags field on Control events sched/rt: Simplify the IPI based RT balancing logic fscrypt: lock mutex before checking for bounce page pool net/9p: Switch to wait_event_killable() PM / OPP: Add missing of_node_put(np) Revert "drm/i915: Do not rely on wm preservation for ILK watermarks" e1000e: Fix error path in link detection e1000e: Fix return value test e1000e: Separate signaling for link check/link up e1000e: Avoid receiver overrun interrupt bursts RDS: make message size limit compliant with spec RDS: RDMA: return appropriate error on rdma map failures RDS: RDMA: fix the ib_map_mr_sg_zbva() argument PCI: Apply _HPX settings only to relevant devices drm/sun4i: Fix a return value in case of error clk: sunxi-ng: A31: Fix spdif clock register clk: sunxi-ng: fix PLL_CPUX adjusting on A33 dmaengine: zx: set DMA_CYCLIC cap_mask bit fscrypt: use ENOKEY when file cannot be created w/o key fscrypt: use ENOTDIR when setting encryption policy on nondirectory net: Allow IP_MULTICAST_IF to set index to L3 slave net: 3com: typhoon: typhoon_init_one: make return values more specific net: 3com: typhoon: typhoon_init_one: fix incorrect return values drm/armada: Fix compile fail rt2800: set minimum MPDU and PSDU lengths to sane values adm80211: return an error if adm8211_alloc_rings() fails mwifiex: sdio: fix use after free issue for save_adapter ath10k: fix incorrect txpower set by P2P_DEVICE interface ath10k: ignore configuring the incorrect board_id ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() pinctrl: sirf: atlas7: Add missing 'of_node_put()' bnxt_en: Set default completion ring for async events. ath10k: set CTS protection VDEV param only if VDEV is up ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE gpio: mockup: dynamically allocate memory for chip name drm: Apply range restriction after color adjustment when allocation clk: qcom: ipq4019: Add all the frequencies for apss cpu drm/mediatek: don't use drm_put_dev mac80211: Remove invalid flag operations in mesh TSF synchronization mac80211: Suppress NEW_PEER_CANDIDATE event if no room adm80211: add checks for dma mapping errors iio: light: fix improper return value staging: iio: cdc: fix improper return value spi: SPI_FSL_DSPI should depend on HAS_DMA netfilter: nft_queue: use raw_smp_processor_id() netfilter: nf_tables: fix oob access ASoC: rsnd: don't double free kctrl crypto: marvell - Copy IVDIG before launching partial DMA ahash requests btrfs: return the actual error value from from btrfs_uuid_tree_iterate ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data s390/kbuild: enable modversions for symbols exported from asm cec: when canceling a message, don't overwrite old status info cec: CEC_MSG_GIVE_FEATURES should abort for CEC version < 2 cec: update log_addr[] before finishing configuration nvmet: fix KATO offset in Set Features xen: xenbus driver must not accept invalid transaction ids Linux 4.9.66 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
c1a286429a |
Merge 4.9.66 into android-4.9
Changes in 4.9.66 s390: fix transactional execution control register handling s390/runtime instrumention: fix possible memory corruption s390/disassembler: add missing end marker for e7 table s390/disassembler: increase show_code buffer size ACPI / EC: Fix regression related to triggering source of EC event handling x86/mm: fix use-after-free of vma during userfaultfd fault ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER vsock: use new wait API for vsock_stream_sendmsg() sched: Make resched_cpu() unconditional lib/mpi: call cond_resched() from mpi_powm() loop x86/decoder: Add new TEST instruction pattern x86/entry/64: Add missing irqflags tracing to native_load_gs_index() arm64: Implement arch-specific pte_access_permitted() ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE ARM: 8721/1: mm: dump: check hardware RO bit for LPAE MIPS: ralink: Fix MT7628 pinmux MIPS: ralink: Fix typo in mt7628 pinmux function PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF ALSA: hda: Add Raven PCI ID dm bufio: fix integer overflow when limiting maximum cache size dm: allocate struct mapped_device with kvzalloc MIPS: pci: Remove KERN_WARN instance inside the mt7620 driver dm: fix race between dm_get_from_kobject() and __dm_destroy() MIPS: Fix odd fp register warnings with MIPS64r2 MIPS: dts: remove bogus bcm96358nb4ser.dtb from dtb-y entry MIPS: Fix an n32 core file generation regset support regression MIPS: BCM47XX: Fix LED inversion for WRT54GSv1 rt2x00usb: mark device removed when get ENOENT usb error autofs: don't fail mount for transient error nilfs2: fix race condition that causes file system corruption eCryptfs: use after free in ecryptfs_release_messaging() libceph: don't WARN() if user tries to add invalid key bcache: check ca->alloc_thread initialized before wake up it isofs: fix timestamps beyond 2027 NFS: Fix typo in nomigration mount option nfs: Fix ugly referral attributes NFS: Avoid RCU usage in tracepoints nfsd: deal with revoked delegations appropriately rtlwifi: rtl8192ee: Fix memory leak when loading firmware rtlwifi: fix uninitialized rtlhal->last_suspend_sec time ata: fixes kernel crash while tracing ata_eh_link_autopsy event ext4: fix interaction between i_size, fallocate, and delalloc after a crash ALSA: pcm: update tstamp only if audio_tstamp changed ALSA: usb-audio: Add sanity checks to FE parser ALSA: usb-audio: Fix potential out-of-bound access at parsing SU ALSA: usb-audio: Add sanity checks in v2 clock parsers ALSA: timer: Remove kernel warning at compat ioctl error paths ALSA: hda: Fix too short HDMI/DP chmap reporting ALSA: hda/realtek - Fix ALC700 family no sound issue fix a page leak in vhost_scsi_iov_to_sgl() error recovery fs/9p: Compare qid.path in v9fs_test_inode iscsi-target: Fix non-immediate TMR reference leak target: Fix QUEUE_FULL + SCSI task attribute handling mtd: nand: omap2: Fix subpage write mtd: nand: Fix writing mtdoops to nand flash. mtd: nand: mtk: fix infinite ECC decode IRQ issue p54: don't unregister leds when they are not initialized block: Fix a race between blk_cleanup_queue() and timeout handling irqchip/gic-v3: Fix ppi-partitions lookup lockd: double unregister of inetaddr notifiers KVM: nVMX: set IDTR and GDTR limits when loading L1 host state KVM: SVM: obey guest PAT SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status clk: ti: dra7-atl-clock: fix child-node lookups libnvdimm, pfn: make 'resource' attribute only readable by root libnvdimm, namespace: fix label initialization to use valid seq numbers libnvdimm, namespace: make 'resource' attribute only readable by root IB/srpt: Do not accept invalid initiator port names IB/srp: Avoid that a cable pull can trigger a kernel crash NFC: fix device-allocation error return i40e: Use smp_rmb rather than read_barrier_depends igb: Use smp_rmb rather than read_barrier_depends igbvf: Use smp_rmb rather than read_barrier_depends ixgbevf: Use smp_rmb rather than read_barrier_depends i40evf: Use smp_rmb rather than read_barrier_depends fm10k: Use smp_rmb rather than read_barrier_depends ixgbe: Fix skb list corruption on Power systems parisc: Fix validity check of pointer size argument in new CAS implementation powerpc/signal: Properly handle return value from uprobe_deny_signal() media: Don't do DMA on stack for firmware upload in the AS102 driver media: rc: check for integer overflow cx231xx-cards: fix NULL-deref on missing association descriptor media: v4l2-ctrl: Fix flags field on Control events sched/rt: Simplify the IPI based RT balancing logic fscrypt: lock mutex before checking for bounce page pool net/9p: Switch to wait_event_killable() PM / OPP: Add missing of_node_put(np) Revert "drm/i915: Do not rely on wm preservation for ILK watermarks" e1000e: Fix error path in link detection e1000e: Fix return value test e1000e: Separate signaling for link check/link up e1000e: Avoid receiver overrun interrupt bursts RDS: make message size limit compliant with spec RDS: RDMA: return appropriate error on rdma map failures RDS: RDMA: fix the ib_map_mr_sg_zbva() argument PCI: Apply _HPX settings only to relevant devices drm/sun4i: Fix a return value in case of error clk: sunxi-ng: A31: Fix spdif clock register clk: sunxi-ng: fix PLL_CPUX adjusting on A33 dmaengine: zx: set DMA_CYCLIC cap_mask bit fscrypt: use ENOKEY when file cannot be created w/o key fscrypt: use ENOTDIR when setting encryption policy on nondirectory net: Allow IP_MULTICAST_IF to set index to L3 slave net: 3com: typhoon: typhoon_init_one: make return values more specific net: 3com: typhoon: typhoon_init_one: fix incorrect return values drm/armada: Fix compile fail rt2800: set minimum MPDU and PSDU lengths to sane values adm80211: return an error if adm8211_alloc_rings() fails mwifiex: sdio: fix use after free issue for save_adapter ath10k: fix incorrect txpower set by P2P_DEVICE interface ath10k: ignore configuring the incorrect board_id ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() pinctrl: sirf: atlas7: Add missing 'of_node_put()' bnxt_en: Set default completion ring for async events. ath10k: set CTS protection VDEV param only if VDEV is up ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE gpio: mockup: dynamically allocate memory for chip name drm: Apply range restriction after color adjustment when allocation clk: qcom: ipq4019: Add all the frequencies for apss cpu drm/mediatek: don't use drm_put_dev mac80211: Remove invalid flag operations in mesh TSF synchronization mac80211: Suppress NEW_PEER_CANDIDATE event if no room adm80211: add checks for dma mapping errors iio: light: fix improper return value staging: iio: cdc: fix improper return value spi: SPI_FSL_DSPI should depend on HAS_DMA netfilter: nft_queue: use raw_smp_processor_id() netfilter: nf_tables: fix oob access ASoC: rsnd: don't double free kctrl crypto: marvell - Copy IVDIG before launching partial DMA ahash requests btrfs: return the actual error value from from btrfs_uuid_tree_iterate ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data s390/kbuild: enable modversions for symbols exported from asm cec: when canceling a message, don't overwrite old status info cec: CEC_MSG_GIVE_FEATURES should abort for CEC version < 2 cec: update log_addr[] before finishing configuration nvmet: fix KATO offset in Set Features xen: xenbus driver must not accept invalid transaction ids Linux 4.9.66 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
443d26a6f7 |
lib/mpi: call cond_resched() from mpi_powm() loop
commit 1d9ddde12e3c9bab7f3d3484eb9446315e3571ca upstream. On a non-preemptible kernel, if KEYCTL_DH_COMPUTE is called with the largest permitted inputs (16384 bits), the kernel spends 10+ seconds doing modular exponentiation in mpi_powm() without rescheduling. If all threads do it, it locks up the system. Moreover, it can cause rcu_sched-stall warnings. Notwithstanding the insanity of doing this calculation in kernel mode rather than in userspace, fix it by calling cond_resched() as each bit from the exponent is processed. It's still noninterruptible, but at least it's preemptible now. Do the cond_resched() once per bit rather than once per MPI limb because each limb might still easily take 100+ milliseconds on slow CPUs. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kyle Yan
|
2f9940db61 |
Merge remote-tracking branch '4.9/tmp-ffc9972' into HEAD
* 4.9/tmp-ffc9972: Linux 4.9.62 x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context x86/smpboot: Make optimization of delay calibration work correctly can: c_can: don't indicate triple sampling support for D_CAN can: ifi: Fix transmitter delay calculation can: sun4i: handle overrun in RX FIFO drm/bridge: adv7511: Re-write the i2c address before EDID probing drm/bridge: adv7511: Reuse __adv7511_power_on/off() when probing EDID drm/bridge: adv7511: Rework adv7511_power_on/off() so they can be reused internally drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue rbd: use GFP_NOIO for parent stat and data requests Input: elan_i2c - add ELAN060C to the ACPI table MIPS: AR7: Ensure that serial ports are properly set up MIPS: AR7: Defer registration of GPIO MIPS: BMIPS: Fix missing cbr address ASoC: sun4i-spdif: remove legacy dapm components tools: firmware: check for distro fallback udev cancel rule selftests: firmware: send expected errors to /dev/null MIPS: SMP: Fix deadlock & online race MIPS: Fix race on setting and getting cpu_online_mask MIPS: SMP: Use a completion event to signal CPU up MIPS: Fix CM region target definitions MIPS: microMIPS: Fix incorrect mask in insn_table_MM drm/i915: Do not rely on wm preservation for ILK watermarks ALSA: seq: Avoid invalid lockdep class warning ALSA: seq: Fix OSS sysex delivery in OSS emulation ARM: 8720/1: ensure dump_instr() checks addr_limit KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2] crypto: x86/sha256-mb - fix panic due to unaligned access crypto: x86/sha1-mb - fix panic due to unaligned access crypto: ccm - preserve the IV buffer workqueue: Fix NULL pointer dereference x86/uaccess, sched/preempt: Verify access_ok() context platform/x86: hp-wmi: Do not shadow error values platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state KEYS: trusted: fix writing past end of buffer in trusted_read() KEYS: trusted: sanitize all key material cdc_ncm: Set NTB format again after altsetting switch for Huawei devices platform/x86: hp-wmi: Fix detection for dock and tablet mode net: dsa: select NET_SWITCHDEV clk: mvebu: adjust AP806 CPU clock frequencies to production chip IB/rxe: Fix reference leaks in memory key invalidation code wcn36xx: Don't use the destroyed hal_mutex s390/qeth: issue STARTLAN as first IPA command s390/qeth: fix retrieval of vipa and proxy-arp addresses ARM: dts: STiH410-family: fix wrong parent clock frequency IB/ipoib: Change list_del to list_del_init in the tx object sched/cputime, powerpc32: Fix stale scaled stime on context switch Input: mpr121 - set missing event capability Input: mpr121 - handle multiple bits change of status register s390/topology: make "topology=off" parameter work EDAC, amd64: Save and return err code from probe_one_instance() IPsec: do not ignore crypto err in ah4 input apparmor: fix undefined reference to `aa_g_hash_policy' rt2800usb: mark tx failure on timeout brcmfmac: setup wiphy bands after registering it first netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family usb: hcd: initialize hcd->flags to 0 when rm hcd libertas: fix improper return value serial: sh-sci: Fix register offsets for the IRDA serial port phy: increase size of MII_BUS_ID_SIZE and bus_id dt-bindings: Add vendor prefix for LEGO dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification iio: proximity: sx9500: claim direct mode during raw proximity reads iio: magnetometer: mag3110: claim direct mode during raw writes iio: pressure: ms5611: claim direct mode during oversampling changes iio: trigger: free trigger resource correctly drm: mali-dp: fix Lx_CONTROL register fields clobber crypto: vmx - disable preemption to enable vsx in aes_ctr.c arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 cxl: Force psl data-cache flush during device shutdown powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 pinctrl: baytrail: Fix debugfs offset output iommu/arm-smmu-v3: Clear prior settings when updating STEs KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter drm: drm_minor_register(): Clean up debugfs on failure clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks PM / OPP: Error out on failing to add static OPPs for v1 bindings EDAC, amd64: Add x86cpuid sanity check during init dt-bindings: clockgen: Add compatible string for LS1012A ARM: dts: imx53-qsb-common: fix FEC pinmux config xen/netback: set default upper limit of tx/rx queues to 8 sched/core: Add missing update_rq_clock() call in sched_move_task() PCI: mvebu: Handle changes to the bridge windows while enabled video: fbdev: pmag-ba-fb: Remove bad `__init' annotation adv7604: Initialize drive strength to default when using DT Conflicts: arch/arm64/mm/dma-mapping.c Change-Id: I43c1e1ca95b7f96e265c404254545304816344ea Signed-off-by: Kyle Yan <kyan@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
ffc997224c |
Merge 4.9.62 into android-4.9-o
Changes in 4.9.62 adv7604: Initialize drive strength to default when using DT video: fbdev: pmag-ba-fb: Remove bad `__init' annotation PCI: mvebu: Handle changes to the bridge windows while enabled sched/core: Add missing update_rq_clock() call in sched_move_task() xen/netback: set default upper limit of tx/rx queues to 8 ARM: dts: imx53-qsb-common: fix FEC pinmux config dt-bindings: clockgen: Add compatible string for LS1012A EDAC, amd64: Add x86cpuid sanity check during init PM / OPP: Error out on failing to add static OPPs for v1 bindings clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks drm: drm_minor_register(): Clean up debugfs on failure KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter iommu/arm-smmu-v3: Clear prior settings when updating STEs pinctrl: baytrail: Fix debugfs offset output powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 cxl: Force psl data-cache flush during device shutdown ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA crypto: vmx - disable preemption to enable vsx in aes_ctr.c drm: mali-dp: fix Lx_CONTROL register fields clobber iio: trigger: free trigger resource correctly iio: pressure: ms5611: claim direct mode during oversampling changes iio: magnetometer: mag3110: claim direct mode during raw writes iio: proximity: sx9500: claim direct mode during raw proximity reads dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification dt-bindings: Add vendor prefix for LEGO phy: increase size of MII_BUS_ID_SIZE and bus_id serial: sh-sci: Fix register offsets for the IRDA serial port libertas: fix improper return value usb: hcd: initialize hcd->flags to 0 when rm hcd netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family brcmfmac: setup wiphy bands after registering it first rt2800usb: mark tx failure on timeout apparmor: fix undefined reference to `aa_g_hash_policy' IPsec: do not ignore crypto err in ah4 input EDAC, amd64: Save and return err code from probe_one_instance() s390/topology: make "topology=off" parameter work Input: mpr121 - handle multiple bits change of status register Input: mpr121 - set missing event capability sched/cputime, powerpc32: Fix stale scaled stime on context switch IB/ipoib: Change list_del to list_del_init in the tx object ARM: dts: STiH410-family: fix wrong parent clock frequency s390/qeth: fix retrieval of vipa and proxy-arp addresses s390/qeth: issue STARTLAN as first IPA command wcn36xx: Don't use the destroyed hal_mutex IB/rxe: Fix reference leaks in memory key invalidation code clk: mvebu: adjust AP806 CPU clock frequencies to production chip net: dsa: select NET_SWITCHDEV platform/x86: hp-wmi: Fix detection for dock and tablet mode cdc_ncm: Set NTB format again after altsetting switch for Huawei devices KEYS: trusted: sanitize all key material KEYS: trusted: fix writing past end of buffer in trusted_read() platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state platform/x86: hp-wmi: Do not shadow error values x86/uaccess, sched/preempt: Verify access_ok() context workqueue: Fix NULL pointer dereference crypto: ccm - preserve the IV buffer crypto: x86/sha1-mb - fix panic due to unaligned access crypto: x86/sha256-mb - fix panic due to unaligned access KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2] ARM: 8720/1: ensure dump_instr() checks addr_limit ALSA: seq: Fix OSS sysex delivery in OSS emulation ALSA: seq: Avoid invalid lockdep class warning drm/i915: Do not rely on wm preservation for ILK watermarks MIPS: microMIPS: Fix incorrect mask in insn_table_MM MIPS: Fix CM region target definitions MIPS: SMP: Use a completion event to signal CPU up MIPS: Fix race on setting and getting cpu_online_mask MIPS: SMP: Fix deadlock & online race selftests: firmware: send expected errors to /dev/null tools: firmware: check for distro fallback udev cancel rule ASoC: sun4i-spdif: remove legacy dapm components MIPS: BMIPS: Fix missing cbr address MIPS: AR7: Defer registration of GPIO MIPS: AR7: Ensure that serial ports are properly set up Input: elan_i2c - add ELAN060C to the ACPI table rbd: use GFP_NOIO for parent stat and data requests drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue drm/bridge: adv7511: Rework adv7511_power_on/off() so they can be reused internally drm/bridge: adv7511: Reuse __adv7511_power_on/off() when probing EDID drm/bridge: adv7511: Re-write the i2c address before EDID probing can: sun4i: handle overrun in RX FIFO can: ifi: Fix transmitter delay calculation can: c_can: don't indicate triple sampling support for D_CAN x86/smpboot: Make optimization of delay calibration work correctly x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context Linux 4.9.62 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
a6d71ba679 |
Merge 4.9.62 into android-4.9
Changes in 4.9.62 adv7604: Initialize drive strength to default when using DT video: fbdev: pmag-ba-fb: Remove bad `__init' annotation PCI: mvebu: Handle changes to the bridge windows while enabled sched/core: Add missing update_rq_clock() call in sched_move_task() xen/netback: set default upper limit of tx/rx queues to 8 ARM: dts: imx53-qsb-common: fix FEC pinmux config dt-bindings: clockgen: Add compatible string for LS1012A EDAC, amd64: Add x86cpuid sanity check during init PM / OPP: Error out on failing to add static OPPs for v1 bindings clk: samsung: exynos5433: Add IDs for PHYCLK_MIPIDPHY0_* clocks drm: drm_minor_register(): Clean up debugfs on failure KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter iommu/arm-smmu-v3: Clear prior settings when updating STEs pinctrl: baytrail: Fix debugfs offset output powerpc/corenet: explicitly disable the SDHC controller on kmcoge4 cxl: Force psl data-cache flush during device shutdown ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 arm64: dma-mapping: Only swizzle DMA ops for IOMMU_DOMAIN_DMA crypto: vmx - disable preemption to enable vsx in aes_ctr.c drm: mali-dp: fix Lx_CONTROL register fields clobber iio: trigger: free trigger resource correctly iio: pressure: ms5611: claim direct mode during oversampling changes iio: magnetometer: mag3110: claim direct mode during raw writes iio: proximity: sx9500: claim direct mode during raw proximity reads dt-bindings: Add LEGO MINDSTORMS EV3 compatible specification dt-bindings: Add vendor prefix for LEGO phy: increase size of MII_BUS_ID_SIZE and bus_id serial: sh-sci: Fix register offsets for the IRDA serial port libertas: fix improper return value usb: hcd: initialize hcd->flags to 0 when rm hcd netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family brcmfmac: setup wiphy bands after registering it first rt2800usb: mark tx failure on timeout apparmor: fix undefined reference to `aa_g_hash_policy' IPsec: do not ignore crypto err in ah4 input EDAC, amd64: Save and return err code from probe_one_instance() s390/topology: make "topology=off" parameter work Input: mpr121 - handle multiple bits change of status register Input: mpr121 - set missing event capability sched/cputime, powerpc32: Fix stale scaled stime on context switch IB/ipoib: Change list_del to list_del_init in the tx object ARM: dts: STiH410-family: fix wrong parent clock frequency s390/qeth: fix retrieval of vipa and proxy-arp addresses s390/qeth: issue STARTLAN as first IPA command wcn36xx: Don't use the destroyed hal_mutex IB/rxe: Fix reference leaks in memory key invalidation code clk: mvebu: adjust AP806 CPU clock frequencies to production chip net: dsa: select NET_SWITCHDEV platform/x86: hp-wmi: Fix detection for dock and tablet mode cdc_ncm: Set NTB format again after altsetting switch for Huawei devices KEYS: trusted: sanitize all key material KEYS: trusted: fix writing past end of buffer in trusted_read() platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state platform/x86: hp-wmi: Do not shadow error values x86/uaccess, sched/preempt: Verify access_ok() context workqueue: Fix NULL pointer dereference crypto: ccm - preserve the IV buffer crypto: x86/sha1-mb - fix panic due to unaligned access crypto: x86/sha256-mb - fix panic due to unaligned access KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2] ARM: 8720/1: ensure dump_instr() checks addr_limit ALSA: seq: Fix OSS sysex delivery in OSS emulation ALSA: seq: Avoid invalid lockdep class warning drm/i915: Do not rely on wm preservation for ILK watermarks MIPS: microMIPS: Fix incorrect mask in insn_table_MM MIPS: Fix CM region target definitions MIPS: SMP: Use a completion event to signal CPU up MIPS: Fix race on setting and getting cpu_online_mask MIPS: SMP: Fix deadlock & online race selftests: firmware: send expected errors to /dev/null tools: firmware: check for distro fallback udev cancel rule ASoC: sun4i-spdif: remove legacy dapm components MIPS: BMIPS: Fix missing cbr address MIPS: AR7: Defer registration of GPIO MIPS: AR7: Ensure that serial ports are properly set up Input: elan_i2c - add ELAN060C to the ACPI table rbd: use GFP_NOIO for parent stat and data requests drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue drm/bridge: adv7511: Rework adv7511_power_on/off() so they can be reused internally drm/bridge: adv7511: Reuse __adv7511_power_on/off() when probing EDID drm/bridge: adv7511: Re-write the i2c address before EDID probing can: sun4i: handle overrun in RX FIFO can: ifi: Fix transmitter delay calculation can: c_can: don't indicate triple sampling support for D_CAN x86/smpboot: Make optimization of delay calibration work correctly x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context Linux 4.9.62 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
8ea52a683f |
KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
commit 624f5ab8720b3371367327a822c267699c1823b8 upstream.
syzkaller reported a NULL pointer dereference in asn1_ber_decoder(). It
can be reproduced by the following command, assuming
CONFIG_PKCS7_TEST_KEY=y:
keyctl add pkcs7_test desc '' @s
The bug is that if the data buffer is empty, an integer underflow occurs
in the following check:
if (unlikely(dp >= datalen - 1))
goto data_overrun_error;
This results in the NULL data pointer being dereferenced.
Fix it by checking for 'datalen - dp < 2' instead.
Also fix the similar check for 'dp >= datalen - n' later in the same
function. That one possibly could result in a buffer overread.
The NULL pointer dereference was reproducible using the "pkcs7_test" key
type but not the "asymmetric" key type because the "asymmetric" key type
checks for a 0-length payload before calling into the ASN.1 decoder but
the "pkcs7_test" key type does not.
The bug report was:
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: asn1_ber_decoder+0x17f/0xe60 lib/asn1_decoder.c:233
PGD 7b708067 P4D 7b708067 PUD 7b6ee067 PMD 0
Oops: 0000 [#1] SMP
Modules linked in:
CPU: 0 PID: 522 Comm: syz-executor1 Not tainted 4.14.0-rc8 #7
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.3-20171021_125229-anatol 04/01/2014
task: ffff9b6b3798c040 task.stack: ffff9b6b37970000
RIP: 0010:asn1_ber_decoder+0x17f/0xe60 lib/asn1_decoder.c:233
RSP: 0018:ffff9b6b37973c78 EFLAGS: 00010216
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000021c
RDX: ffffffff814a04ed RSI: ffffb1524066e000 RDI: ffffffff910759e0
RBP: ffff9b6b37973d60 R08: 0000000000000001 R09: ffff9b6b3caa4180
R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f10ed1f2700(0000) GS:ffff9b6b3ea00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000007b6f3000 CR4: 00000000000006f0
Call Trace:
pkcs7_parse_message+0xee/0x240 crypto/asymmetric_keys/pkcs7_parser.c:139
verify_pkcs7_signature+0x33/0x180 certs/system_keyring.c:216
pkcs7_preparse+0x41/0x70 crypto/asymmetric_keys/pkcs7_key_type.c:63
key_create_or_update+0x180/0x530 security/keys/key.c:855
SYSC_add_key security/keys/keyctl.c:122 [inline]
SyS_add_key+0xbf/0x250 security/keys/keyctl.c:62
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x4585c9
RSP: 002b:00007f10ed1f1bd8 EFLAGS: 00000216 ORIG_RAX: 00000000000000f8
RAX: ffffffffffffffda RBX: 00007f10ed1f2700 RCX: 00000000004585c9
RDX: 0000000020000000 RSI: 0000000020008ffb RDI: 0000000020008000
RBP: 0000000000000000 R08: ffffffffffffffff R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000216 R12: 00007fff1b2260ae
R13: 00007fff1b2260af R14: 00007f10ed1f2700 R15: 0000000000000000
Code: dd ca ff 48 8b 45 88 48 83 e8 01 4c 39 f0 0f 86 a8 07 00 00 e8 53 dd ca ff 49 8d 46 01 48 89 85 58 ff ff ff 48 8b 85 60 ff ff ff <42> 0f b6 0c 30 89 c8 88 8d 75 ff ff ff 83 e0 1f 89 8d 28 ff ff
RIP: asn1_ber_decoder+0x17f/0xe60 lib/asn1_decoder.c:233 RSP: ffff9b6b37973c78
CR2: 0000000000000000
Fixes:
|
||
|
Kyle Yan
|
e48f6bd265 |
Merge remote-tracking branch '4.9/tmp-4170bfa' into 4.9
* 4.9/tmp-4170bfa: Linux 4.9.61 ARM: dts: mvebu: pl310-cache disable double-linefill staging: r8712u: Fix Sparse warning in rtl871x_xmit.c xen: don't print error message in case of missing Xenstore entry powerpc/64: Don't try to use radix MMU under a hypervisor PCI: Avoid possible deadlock on pci_lock and p->pi_lock drm/exynos: g2d: prevent integer overflow in bt8xx: fix memory leak s390/crypto: Extend key length check for AES-XTS in fips mode. s390/prng: Adjust generation of entropy to produce real 256 bits. s390/dasd: check for device error pointer within state change interrupts mei: return error on notification request to a disconnected client exynos4-is: fimc-is: Unmap region obtained by of_iomap() ASoC: Intel: boards: remove .pm_ops in all Atom/DPCM machine drivers vfs: open() with O_CREAT should not create inodes with unknown ids brcmfmac: check brcmf_bus_get_memdump result for error staging: lustre: lmv: Error not handled for lmv_find_target staging: lustre: ptlrpc: skip lock if export failed staging: lustre: hsm: stack overrun in hai_dump_data_field staging: lustre: llite: don't invoke direct_IO for the EOF case platform/x86: intel_mid_thermal: Fix module autoload scsi: aacraid: Process Error for response I/O xen/manage: correct return value check on xenbus_scanf() gpio: mcp23s08: Select REGMAP/REGMAP_I2C to fix build error mtd: nand: sunxi: Fix the non-polling case in sunxi_nfc_wait_events() clk: sunxi-ng: Check kzalloc() for errors and cleanup error path ath10k: fix reading sram contents for QCA4019 cx231xx: Fix I2C on Internal Master 3 Bus net: phy: dp83867: Recover from "port mirroring" N/A MODE4 clocksource/drivers/arm_arch_timer: Add dt binding for hisilicon-161010101 erratum drm/fsl-dcu: check for clk_prepare_enable() error iwlwifi: mvm: use the PROBE_RESP_QUEUE to send deauth to unknown station perf tools: Only increase index if perf_evsel__new_idx() succeeds drm/amdgpu: when dpm disabled, also need to stop/start vce. i2c: riic: correctly finish transfers net/ena: change driver's default timeouts ext4: do not use stripe_width if it is not set ext4: fix stripe-unaligned allocations net: mvneta: fix build errors when linux/phy*.h is removed from net/dsa.h PCI/MSI: Return failure when msix_setup_entries() fails staging: rtl8712u: Fix endian settings for structs describing network packets bnxt_en: Added PCI IDs for BCM57452 and BCM57454 ASICs mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped mfd: ab8500-sysctrl: Handle probe deferral mmc: s3cmci: include linux/interrupt.h for tasklet_struct scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool PM / wakeirq: report a wakeup_event on dedicated wekup irq IB/mlx5: Assign DSCP for R-RoCE QPs Address Path staging: fsl-mc: Add missing header crypto: ccp - Set the AES size field for all modes cpufreq: Do not clear real_cpus mask on policy init Fix tracing sample code warning. tracing/samples: Fix creation and deletion of simple_thread_fn creation drm/msm: fix an integer overflow test drm/msm: Fix potential buffer overflow issue drm/i915/edp: read edp display control registers unconditionally ocfs2: fstrim: Fix start offset of first cluster group during fstrim drm/amdgpu: return -ENOENT from uvd 6.0 early init for harvesting ARM: 8715/1: add a private asm/unaligned.h arm/arm64: kvm: Disable branch profiling in HYP code arm/arm64: KVM: set right LR register value for 32 bit guest when inject abort arm64: ensure __dump_instr() checks addr_limit ASoC: adau17x1: Workaround for noise bug in ADC KEYS: fix out-of-bounds read during ASN.1 parsing KEYS: return full count in keyring_read() if buffer is too small cifs: check MaxPathNameComponentLength != 0 before using it ALSA: seq: Fix nested rwsem annotation for lockdep splat ALSA: timer: Add missing mutex lock for compat ioctls Conflicts: drivers/gpu/drm/msm/msm_gem_submit.c Change-Id: I374161c212adab8cbb6886e5d44acfab4c2ca487 Signed-off-by: Kyle Yan <kyan@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
4170bfad32 |
Merge 4.9.61 into android-4.9-o
Changes in 4.9.61 ALSA: timer: Add missing mutex lock for compat ioctls ALSA: seq: Fix nested rwsem annotation for lockdep splat cifs: check MaxPathNameComponentLength != 0 before using it KEYS: return full count in keyring_read() if buffer is too small KEYS: fix out-of-bounds read during ASN.1 parsing ASoC: adau17x1: Workaround for noise bug in ADC arm64: ensure __dump_instr() checks addr_limit arm/arm64: KVM: set right LR register value for 32 bit guest when inject abort arm/arm64: kvm: Disable branch profiling in HYP code ARM: 8715/1: add a private asm/unaligned.h drm/amdgpu: return -ENOENT from uvd 6.0 early init for harvesting ocfs2: fstrim: Fix start offset of first cluster group during fstrim drm/i915/edp: read edp display control registers unconditionally drm/msm: Fix potential buffer overflow issue drm/msm: fix an integer overflow test tracing/samples: Fix creation and deletion of simple_thread_fn creation Fix tracing sample code warning. cpufreq: Do not clear real_cpus mask on policy init crypto: ccp - Set the AES size field for all modes staging: fsl-mc: Add missing header IB/mlx5: Assign DSCP for R-RoCE QPs Address Path PM / wakeirq: report a wakeup_event on dedicated wekup irq scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool mmc: s3cmci: include linux/interrupt.h for tasklet_struct mfd: ab8500-sysctrl: Handle probe deferral mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped bnxt_en: Added PCI IDs for BCM57452 and BCM57454 ASICs staging: rtl8712u: Fix endian settings for structs describing network packets PCI/MSI: Return failure when msix_setup_entries() fails net: mvneta: fix build errors when linux/phy*.h is removed from net/dsa.h ext4: fix stripe-unaligned allocations ext4: do not use stripe_width if it is not set net/ena: change driver's default timeouts i2c: riic: correctly finish transfers drm/amdgpu: when dpm disabled, also need to stop/start vce. perf tools: Only increase index if perf_evsel__new_idx() succeeds iwlwifi: mvm: use the PROBE_RESP_QUEUE to send deauth to unknown station drm/fsl-dcu: check for clk_prepare_enable() error clocksource/drivers/arm_arch_timer: Add dt binding for hisilicon-161010101 erratum net: phy: dp83867: Recover from "port mirroring" N/A MODE4 cx231xx: Fix I2C on Internal Master 3 Bus ath10k: fix reading sram contents for QCA4019 clk: sunxi-ng: Check kzalloc() for errors and cleanup error path mtd: nand: sunxi: Fix the non-polling case in sunxi_nfc_wait_events() gpio: mcp23s08: Select REGMAP/REGMAP_I2C to fix build error xen/manage: correct return value check on xenbus_scanf() scsi: aacraid: Process Error for response I/O platform/x86: intel_mid_thermal: Fix module autoload staging: lustre: llite: don't invoke direct_IO for the EOF case staging: lustre: hsm: stack overrun in hai_dump_data_field staging: lustre: ptlrpc: skip lock if export failed staging: lustre: lmv: Error not handled for lmv_find_target brcmfmac: check brcmf_bus_get_memdump result for error vfs: open() with O_CREAT should not create inodes with unknown ids ASoC: Intel: boards: remove .pm_ops in all Atom/DPCM machine drivers exynos4-is: fimc-is: Unmap region obtained by of_iomap() mei: return error on notification request to a disconnected client s390/dasd: check for device error pointer within state change interrupts s390/prng: Adjust generation of entropy to produce real 256 bits. s390/crypto: Extend key length check for AES-XTS in fips mode. bt8xx: fix memory leak drm/exynos: g2d: prevent integer overflow in PCI: Avoid possible deadlock on pci_lock and p->pi_lock powerpc/64: Don't try to use radix MMU under a hypervisor xen: don't print error message in case of missing Xenstore entry staging: r8712u: Fix Sparse warning in rtl871x_xmit.c ARM: dts: mvebu: pl310-cache disable double-linefill Linux 4.9.61 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
c4789f87f6 |
Merge 4.9.61 into android-4.9
Changes in 4.9.61 ALSA: timer: Add missing mutex lock for compat ioctls ALSA: seq: Fix nested rwsem annotation for lockdep splat cifs: check MaxPathNameComponentLength != 0 before using it KEYS: return full count in keyring_read() if buffer is too small KEYS: fix out-of-bounds read during ASN.1 parsing ASoC: adau17x1: Workaround for noise bug in ADC arm64: ensure __dump_instr() checks addr_limit arm/arm64: KVM: set right LR register value for 32 bit guest when inject abort arm/arm64: kvm: Disable branch profiling in HYP code ARM: 8715/1: add a private asm/unaligned.h drm/amdgpu: return -ENOENT from uvd 6.0 early init for harvesting ocfs2: fstrim: Fix start offset of first cluster group during fstrim drm/i915/edp: read edp display control registers unconditionally drm/msm: Fix potential buffer overflow issue drm/msm: fix an integer overflow test tracing/samples: Fix creation and deletion of simple_thread_fn creation Fix tracing sample code warning. cpufreq: Do not clear real_cpus mask on policy init crypto: ccp - Set the AES size field for all modes staging: fsl-mc: Add missing header IB/mlx5: Assign DSCP for R-RoCE QPs Address Path PM / wakeirq: report a wakeup_event on dedicated wekup irq scsi: megaraid_sas: Do not set fp_possible if TM capable for non-RW syspdIO, change fp_possible to bool mmc: s3cmci: include linux/interrupt.h for tasklet_struct mfd: ab8500-sysctrl: Handle probe deferral mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped bnxt_en: Added PCI IDs for BCM57452 and BCM57454 ASICs staging: rtl8712u: Fix endian settings for structs describing network packets PCI/MSI: Return failure when msix_setup_entries() fails net: mvneta: fix build errors when linux/phy*.h is removed from net/dsa.h ext4: fix stripe-unaligned allocations ext4: do not use stripe_width if it is not set net/ena: change driver's default timeouts i2c: riic: correctly finish transfers drm/amdgpu: when dpm disabled, also need to stop/start vce. perf tools: Only increase index if perf_evsel__new_idx() succeeds iwlwifi: mvm: use the PROBE_RESP_QUEUE to send deauth to unknown station drm/fsl-dcu: check for clk_prepare_enable() error clocksource/drivers/arm_arch_timer: Add dt binding for hisilicon-161010101 erratum net: phy: dp83867: Recover from "port mirroring" N/A MODE4 cx231xx: Fix I2C on Internal Master 3 Bus ath10k: fix reading sram contents for QCA4019 clk: sunxi-ng: Check kzalloc() for errors and cleanup error path mtd: nand: sunxi: Fix the non-polling case in sunxi_nfc_wait_events() gpio: mcp23s08: Select REGMAP/REGMAP_I2C to fix build error xen/manage: correct return value check on xenbus_scanf() scsi: aacraid: Process Error for response I/O platform/x86: intel_mid_thermal: Fix module autoload staging: lustre: llite: don't invoke direct_IO for the EOF case staging: lustre: hsm: stack overrun in hai_dump_data_field staging: lustre: ptlrpc: skip lock if export failed staging: lustre: lmv: Error not handled for lmv_find_target brcmfmac: check brcmf_bus_get_memdump result for error vfs: open() with O_CREAT should not create inodes with unknown ids ASoC: Intel: boards: remove .pm_ops in all Atom/DPCM machine drivers exynos4-is: fimc-is: Unmap region obtained by of_iomap() mei: return error on notification request to a disconnected client s390/dasd: check for device error pointer within state change interrupts s390/prng: Adjust generation of entropy to produce real 256 bits. s390/crypto: Extend key length check for AES-XTS in fips mode. bt8xx: fix memory leak drm/exynos: g2d: prevent integer overflow in PCI: Avoid possible deadlock on pci_lock and p->pi_lock powerpc/64: Don't try to use radix MMU under a hypervisor xen: don't print error message in case of missing Xenstore entry staging: r8712u: Fix Sparse warning in rtl871x_xmit.c ARM: dts: mvebu: pl310-cache disable double-linefill Linux 4.9.61 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
cb14a0dd1f |
KEYS: fix out-of-bounds read during ASN.1 parsing
commit 2eb9eabf1e868fda15808954fb29b0f105ed65f1 upstream.
syzkaller with KASAN reported an out-of-bounds read in
asn1_ber_decoder(). It can be reproduced by the following command,
assuming CONFIG_X509_CERTIFICATE_PARSER=y and CONFIG_KASAN=y:
keyctl add asymmetric desc $'\x30\x30' @s
The bug is that the length of an ASN.1 data value isn't validated in the
case where it is encoded using the short form, causing the decoder to
read past the end of the input buffer. Fix it by validating the length.
The bug report was:
BUG: KASAN: slab-out-of-bounds in asn1_ber_decoder+0x10cb/0x1730 lib/asn1_decoder.c:233
Read of size 1 at addr ffff88003cccfa02 by task syz-executor0/6818
CPU: 1 PID: 6818 Comm: syz-executor0 Not tainted 4.14.0-rc7-00008-g5f479447d983 #2
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:16 [inline]
dump_stack+0xb3/0x10b lib/dump_stack.c:52
print_address_description+0x79/0x2a0 mm/kasan/report.c:252
kasan_report_error mm/kasan/report.c:351 [inline]
kasan_report+0x236/0x340 mm/kasan/report.c:409
__asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:427
asn1_ber_decoder+0x10cb/0x1730 lib/asn1_decoder.c:233
x509_cert_parse+0x1db/0x650 crypto/asymmetric_keys/x509_cert_parser.c:89
x509_key_preparse+0x64/0x7a0 crypto/asymmetric_keys/x509_public_key.c:174
asymmetric_key_preparse+0xcb/0x1a0 crypto/asymmetric_keys/asymmetric_type.c:388
key_create_or_update+0x347/0xb20 security/keys/key.c:855
SYSC_add_key security/keys/keyctl.c:122 [inline]
SyS_add_key+0x1cd/0x340 security/keys/keyctl.c:62
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x447c89
RSP: 002b:00007fca7a5d3bd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
RAX: ffffffffffffffda RBX: 00007fca7a5d46cc RCX: 0000000000447c89
RDX: 0000000020006f4a RSI: 0000000020006000 RDI: 0000000020001ff5
RBP: 0000000000000046 R08: fffffffffffffffd R09: 0000000000000000
R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fca7a5d49c0 R15: 00007fca7a5d4700
Fixes:
|
||
|
Kyle Yan
|
07f9309c8d |
Merge remote-tracking branch '4.9/tmp-4b2b8b9' into msm-4.9
* 4.9/tmp-4b2b8b9: Linux 4.9.60 ecryptfs: fix dereference of NULL user_key_payload regulator: fan53555: fix I2C device ids ipsec: Fix aborted xfrm policy dump crash cfg80211: fix connect/disconnect edge cases can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages can: kvaser_usb: Correct return value in printout can: sun4i: fix loopback mode drm/amd/powerplay: fix uninitialized variable scsi: sg: Re-fix off by one in sg_fill_request_table() scsi: zfcp: fix erp_action use-before-initialize in REC action trace assoc_array: Fix a buggy node-splitting case Input: gtco - fix potential out-of-bound access Input: elan_i2c - add ELAN0611 to the ACPI table xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap() fuse: fix READDIRPLUS skipping an entry spi: bcm-qspi: Fix use after free in bcm_qspi_probe() in error path spi: uapi: spidev: add missing ioctl header KVM: PPC: Fix oops when checking KVM_CAP_PPC_HTM usb: xhci: Handle error condition in xhci_stop_device() ceph: unlock dangling spinlock in try_flush_caps() ALSA: hda - fix headset mic problem for Dell machines with alc236 ALSA: hda/realtek - Add support for ALC236/ALC3204 workqueue: replace pool->manager_arb mutex with a flag Conflicts: drivers/usb/host/xhci-hub.c Change-Id: I6de307270a5b951e4fb5c9ee62781a7b4f206b26 Signed-off-by: Kyle Yan <kyan@codeaurora.org> |