d4414bc0e93d8da170fd0fc9fef65fe84015677d
2489 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Kees Cook
|
bb5c0b1b7f |
UPSTREAM: vmlinux.lds.h: Move LSM_TABLE into INIT_DATA
Since the struct lsm_info table is not an initcall, we can just move it into INIT_DATA like all the other tables. Change-Id: I9674bc20e8a4428a08527fac9affa959324699bb Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: John Johansen <john.johansen@canonical.com> Reviewed-by: James Morris <james.morris@microsoft.com> Signed-off-by: James Morris <james.morris@microsoft.com> |
||
|
Christoph Hellwig
|
c5095805e9 |
BACKPORT: sysctl: pass kernel pointers to ->proc_handler
Instead of having all the sysctl handlers deal with user pointers, which is rather hairy in terms of the BPF interaction, copy the input to and from userspace in common code. This also means that the strings are always NUL-terminated by the common code, making the API a little bit safer. As most handler just pass through the data to one of the common handlers a lot of the changes are mechnical. Change-Id: Ic71fd778e4cea58adc51d634d9e53c1f9f90cdf2 Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Andrey Ignatov <rdna@fb.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Alexander Winkowski
|
8a750a2e1d |
ANDROID: Update CFI patchset from android11-5.4
Change-Id: Iff956ce7c2b89d3a442b0b81deba0da323f5d18b Signed-off-by: Alexander Winkowski <dereference23@outlook.com> |
||
|
Ben Dai
|
365fea6a09 |
ANDROID: arm64: Fix the address of ftrace_call compiled with CFI_CLANG
When CONFIG_CFI_CLANG and CONFIG_DYNAMIC_FTRACE are enabled, LLVM will generate a jump function named ftrace_call.cfi_jt for ftrace_call, which makes "&ftrace_call" in ftrace_update_ftrace_func() actually the address of ftrace_call.cfi_jt. As a result, the tracer can't be really enabled through runtime modification. Use __va_function() to get the actual address of ftrace_call to fix the issue. Bug: 184105181 Signed-off-by: Ben Dai <ben.dai@unisoc.com> Change-Id: Ic9272cd4ab447b3b145d8e397e5c9010c49f7a12 |
||
|
Michael Bestas
|
e35444412b |
Merge tag 'ASB-2025-01-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2025-01-01 * tag 'ASB-2025-01-05_4.19-stable' of https://android.googlesource.com/kernel/common: (132 commits) Revert "UPSTREAM: unicode: Don't special case ignorable code points" Reapply "UPSTREAM: unicode: Don't special case ignorable code points" Revert "UPSTREAM: unicode: Don't special case ignorable code points" Linux 4.19.325 sh: intc: Fix use-after-free bug in register_intc_controller() modpost: remove incorrect code in do_eisa_entry() 9p/xen: fix release of IRQ 9p/xen: fix init sequence block: return unsigned int from bdev_io_min jffs2: fix use of uninitialized variable ubi: fastmap: Fix duplicate slab cache names while attaching ubifs: Correct the total block count by deducting journal reservation rtc: check if __rtc_read_time was successful in rtc_timer_do_work() NFSv4.0: Fix a use-after-free problem in the asynchronous open() um: Fix the return value of elf_core_copy_task_fpregs rpmsg: glink: Propagate TX failures in intentless mode as well NFSD: Prevent a potential integer overflow lib: string_helpers: silence snprintf() output truncation warning usb: dwc3: gadget: Fix checking for number of TRBs left media: wl128x: Fix atomicity violation in fmc_send_cmd() ... Conflicts: drivers/rpmsg/qcom_glink_native.c Change-Id: I6da65230cc8291c3d2476ef6d5f0494b35909e07 |
||
|
Michael Bestas
|
157dbbdf4f |
Merge tag 'ASB-2024-12-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-12-01 * tag 'ASB-2024-12-05_4.19-stable' of https://android.googlesource.com/kernel/common: (401 commits) Linux 4.19.324 9p: fix slab cache name creation for real net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition fs: Fix uninitialized value issue in from_kuid and from_kgid powerpc/powernv: Free name on error in opal_event_init() sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML bpf: use kvzmalloc to allocate BPF verifier environment HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad 9p: Avoid creating multiple slab caches with the same name ALSA: usb-audio: Add endianness annotations vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer ALSA: usb-audio: Add quirks for Dell WD19 dock ALSA: usb-audio: Support jack detection on Dell dock ALSA: usb-audio: Add custom mixer status quirks for RME CC devices ALSA: pcm: Return 0 when size < start_threshold in capture ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() irqchip/gic-v3: Force propagation of the active state with a read-back USB: serial: option: add Quectel RG650V USB: serial: option: add Fibocom FG132 0x0112 composition ... Conflicts: drivers/usb/dwc3/core.c drivers/usb/dwc3/core.h drivers/usb/dwc3/gadget.c fs/f2fs/f2fs.h fs/f2fs/file.c fs/f2fs/xattr.c net/qrtr/qrtr.c Change-Id: Icc02e115a2066e9732ea14ccb5fca6ee021cc94c |
||
|
Greg Kroah-Hartman
|
874391c94e |
Merge 4.19.325 into android-4.19-stable
Changes in 4.19.325
netlink: terminate outstanding dump on socket close
ocfs2: uncache inode which has failed entering the group
nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
ocfs2: fix UBSAN warning in ocfs2_verify_volume()
nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
kbuild: Use uname for LINUX_COMPILE_HOST detection
mm: revert "mm: shmem: fix data-race in shmem_getattr()"
ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
mac80211: fix user-power when emulating chanctx
selftests/watchdog-test: Fix system accidentally reset after watchdog-test
x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
net: usb: qmi_wwan: add Quectel RG650V
proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
nvme: fix metadata handling in nvme-passthrough
initramfs: avoid filename buffer overrun
m68k: mvme147: Fix SCSI controller IRQ numbers
m68k: mvme16x: Add and use "mvme16x.h"
m68k: mvme147: Reinstate early console
acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
s390/syscalls: Avoid creation of arch/arch/ directory
hfsplus: don't query the device logical block size multiple times
EDAC/fsl_ddr: Fix bad bit shift operations
crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY
crypto: cavium - Fix the if condition to exit loop after timeout
crypto: bcm - add error check in the ahash_hmac_init function
crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
time: Fix references to _msecs_to_jiffies() handling of values
soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
mmc: mmc_spi: drop buggy snprintf()
ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
regmap: irq: Set lockdep class for hierarchical IRQ domains
firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
drm/omap: Fix locking in omap_gem_new_dmabuf()
bpf: Fix the xdp_adjust_tail sample prog issue
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
drm/etnaviv: consolidate hardware fence handling in etnaviv_gpu
drm/etnaviv: dump: fix sparse warnings
drm/etnaviv: fix power register offset on GC300
drm/etnaviv: hold GPU lock across perfmon sampling
net: rfkill: gpio: Add check for clk_enable()
ALSA: us122l: Use snd_card_free_when_closed() at disconnection
ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
ALSA: 6fire: Release resources at card release
netpoll: Use rcu_access_pointer() in netpoll_poll_lock
trace/trace_event_perf: remove duplicate samples on the first tracepoint event
powerpc/vdso: Flag VDSO64 entry points as functions
mfd: da9052-spi: Change read-mask to write-mask
cpufreq: loongson2: Unregister platform_driver on failure
mtd: rawnand: atmel: Fix possible memory leak
RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
mfd: rt5033: Fix missing regmap_del_irq_chip()
scsi: bfa: Fix use-after-free in bfad_im_module_exit()
scsi: fusion: Remove unused variable 'rc'
scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
ocfs2: fix uninitialized value in ocfs2_file_read_iter()
powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
fbdev/sh7760fb: Alloc DMA memory from hardware device
fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format
dt-bindings: clock: axi-clkgen: include AXI clk
clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand
clk: clk-axi-clkgen: make sure to enable the AXI bus clock
perf probe: Correct demangled symbols in C++ program
PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
PCI: cpqphp: Fix PCIBIOS_* return value confusion
m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
m68k: coldfire/device.c: only build FEC when HW macros are defined
rpmsg: glink: Add TX_DATA_CONT command while sending
rpmsg: glink: Send READ_NOTIFY command in FIFO full case
rpmsg: glink: Fix GLINK command prefix
rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
vfio/pci: Properly hide first-in-list PCIe extended capability
power: supply: core: Remove might_sleep() from power_supply_put()
net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration
marvell: pxa168_eth: fix call balance of pep->clk handling routines
net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
USB: chaoskey: fail open after removal
USB: chaoskey: Fix possible deadlock chaoskey_list_lock
misc: apds990x: Fix missing pm_runtime_disable()
apparmor: fix 'Do simple duplicate message elimination'
usb: ehci-spear: fix call balance of sehci clk handling routines
ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
ext4: fix FS_IOC_GETFSMAP handling
jfs: xattr: check invalid xattr size more strictly
ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
PCI: Fix use-after-free of slot->bus on hot remove
tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
Revert "usb: gadget: composite: fix OS descriptors w_value logic"
serial: sh-sci: Clean sci_ports[0] after at earlycon exit
Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
netfilter: ipset: add missing range check in bitmap_ip_uadt
spi: Fix acpi deferred irq probe
ubi: wl: Put source PEB into correct list if trying locking LEB failed
um: ubd: Do not use drvdata in release
um: net: Do not use drvdata in release
serial: 8250: omap: Move pm_runtime_get_sync
um: vector: Do not use drvdata in release
sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
block: fix ordering between checking BLK_MQ_S_STOPPED request adding
HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
media: wl128x: Fix atomicity violation in fmc_send_cmd()
usb: dwc3: gadget: Fix checking for number of TRBs left
lib: string_helpers: silence snprintf() output truncation warning
NFSD: Prevent a potential integer overflow
rpmsg: glink: Propagate TX failures in intentless mode as well
um: Fix the return value of elf_core_copy_task_fpregs
NFSv4.0: Fix a use-after-free problem in the asynchronous open()
rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
ubifs: Correct the total block count by deducting journal reservation
ubi: fastmap: Fix duplicate slab cache names while attaching
jffs2: fix use of uninitialized variable
block: return unsigned int from bdev_io_min
9p/xen: fix init sequence
9p/xen: fix release of IRQ
modpost: remove incorrect code in do_eisa_entry()
sh: intc: Fix use-after-free bug in register_intc_controller()
Linux 4.19.325
Change-Id: I50250c8bd11f9ff4b40da75225c1cfb060e0c258
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Will Deacon
|
6a3e14ac28 |
arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
commit 67ab51cbdfee02ef07fb9d7d14cc0bf6cb5a5e5c upstream. Commit |
||
|
Greg Kroah-Hartman
|
2d76dea417 |
Merge 4.19.323 into android-4.19-stable
Changes in 4.19.323 staging: iio: frequency: ad9833: Get frequency value statically staging: iio: frequency: ad9833: Load clock using clock framework staging: iio: frequency: ad9834: Validate frequency parameter value usbnet: ipheth: fix carrier detection in modes 1 and 4 net: ethernet: use ip_hdrlen() instead of bit shift net: phy: vitesse: repair vsc73xx autonegotiation scripts: kconfig: merge_config: config files: add a trailing newline arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma net/mlx5: Update the list of the PCI supported devices net: ftgmac100: Enable TX interrupt to avoid TX timeout net: dpaa: Pad packets to ETH_ZLEN soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" selftests/vm: remove call to ksft_set_plan() selftests/kcmp: remove call to ksft_set_plan() ASoC: allow module autoloading for table db1200_pids pinctrl: at91: make it work with current gpiolib microblaze: don't treat zero reserved memory regions as error net: ftgmac100: Ensure tx descriptor updates are visible wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead ASoC: tda7419: fix module autoloading spi: bcm63xx: Enable module autoloading x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency ocfs2: add bounds checking to ocfs2_xattr_find_entry() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() gpio: prevent potential speculation leaks in gpio_device_get_desc() USB: serial: pl2303: add device id for Macrosilicon MS3020 ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() wifi: ath9k: fix parameter check in ath9k_init_debug() wifi: ath9k: Remove error checks when creating debugfs entries netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). Bluetooth: btusb: Fix not handling ZPL/short-transfer block, bfq: fix possible UAF for bfqq->bic with merge chain block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: don't break merge chain in bfq_split_bfqq() spi: ppc4xx: handle irq_of_parse_and_map() errors spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ ARM: versatile: fix OF node leak in CPUs prepare reset: berlin: fix OF node leak in probe() error path clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() hwmon: (max16065) Fix overflows seen when writing limits mtd: slram: insert break after errors in parsing the map hwmon: (ntc_thermistor) fix module autoloading power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() drm/stm: Fix an error handling path in stm_drm_platform_probe() drm/amd: fix typo drm/amdgpu: Replace one-element array with flexible-array member drm/amdgpu: properly handle vbios fake edid sizing drm/radeon: Replace one-element array with flexible-array member drm/radeon: properly handle vbios fake edid sizing drm/rockchip: vop: Allow 4096px width scaling drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets jfs: fix out-of-bounds in dbNextAG() and diAlloc() drm/msm/a5xx: properly clear preemption records on resume drm/msm/a5xx: fix races in preemption evaluation stage ipmi: docs: don't advertise deprecated sysfs entries drm/msm: fix %s null argument error xen: use correct end address of kernel for conflict checking xen/swiotlb: simplify range_straddles_page_boundary() xen/swiotlb: add alignment check for dma buffers selftests/bpf: Fix error compiling test_lru_map.c xz: cleanup CRC32 edits from 2018 kthread: add kthread_work tracepoints kthread: fix task state in kthread worker if being frozen jbd2: introduce/export functions jbd2_journal_submit|finish_inode_data_buffers() ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso ext4: avoid negative min_clusters in find_group_orlov() ext4: return error on ext4_find_inline_entry ext4: avoid OOB when system.data xattr changes underneath the filesystem nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential oob read in nilfs_btree_check_delete() perf sched timehist: Fix missing free of session in perf_sched__timehist() perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time perf time-utils: Fix 32-bit nsec parsing clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error PCI: xilinx-nwl: Fix register misspelling RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency pinctrl: single: fix missing error code in pcs_probe() clk: ti: dra7-atl: Fix leak of of_nodes pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function RDMA/cxgb4: Added NULL check for lookup_atid ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() nfsd: call cache_put if xdr_reserve_space returns NULL f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() f2fs: fix typo f2fs: fix to update i_ctime in __f2fs_setxattr() f2fs: remove unneeded check condition in __f2fs_setxattr() f2fs: reduce expensive checkpoint trigger frequency coresight: tmc: sg: Do not leak sg_table netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition tcp: introduce tcp_skb_timestamp_us() helper tcp: check skb is non-NULL in tcp_rto_delta_us() net: qrtr: Update packets cloning when broadcasting netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS crypto: aead,cipher - zeroize key buffer after use Remove *.orig pattern from .gitignore soc: versatile: integrator: fix OF node leak in probe() error path USB: appledisplay: close race between probe and completion handler USB: misc: cypress_cy7c63: check for short transfer firmware_loader: Block path traversal tty: rp2: Fix reset with non forgiving PCIe host bridges drbd: Fix atomicity violation in drbd_uuid_set_bm() drbd: Add NULL check for net_conf to prevent dereference in state validation ACPI: sysfs: validate return type of _STR method f2fs: prevent possible int overflow in dir_block_index() f2fs: avoid potential int overflow in sanity_check_area_boundary() vfs: fix race between evice_inodes() and find_inode()&iput() fs: Fix file_set_fowner LSM hook inconsistencies nfs: fix memory leak in error path of nfs4_do_reclaim PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler soc: versatile: realview: fix memory leak during device remove soc: versatile: realview: fix soc_dev leak during device remove usb: yurex: Replace snprintf() with the safer scnprintf() variant USB: misc: yurex: fix race between read and write pps: remove usage of the deprecated ida_simple_xx() API pps: add an error check in parport_attach i2c: aspeed: Update the stop sw state when the bus recovery occurs i2c: isch: Add missed 'else' usb: yurex: Fix inconsistent locking bug in yurex_read() mailbox: rockchip: fix a typo in module autoloading mailbox: bcm2835: Fix timeout during suspend mode ceph: remove the incorrect Fw reference check when dirtying pages netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED netfilter: nf_tables: prevent nf_skb_duplicated corruption r8152: Factor out OOB link list waits net: ethernet: lantiq_etop: fix memory disclosure net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: add more sanity checks to qdisc_pkt_len_init() ipv4: ip_gre: Fix drops of small packets in ipgre_xmit sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin f2fs: Require FMODE_WRITE for atomic write ioctls wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit net: hisilicon: hip04: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hns_mdio: fix OF node leak in probe() ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPI: EC: Do not release locks during operation region accesses ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() tipc: guard against string buffer overrun net: mvpp2: Increase size of queue_name buffer ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process ACPICA: iasl: handle empty connection_node wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() signal: Replace BUG_ON()s ALSA: asihpi: Fix potential OOB array access ALSA: hdsp: Break infinite MIDI input flush loop fbdev: pxafb: Fix possible use after free in pxafb_task() power: reset: brcmstb: Do not go into infinite loop if reset fails ata: sata_sil: Rename sil_blacklist to sil_quirks jfs: UBSAN: shift-out-of-bounds in dbFindBits jfs: Fix uaf in dbFreeBits jfs: check if leafidx greater than num leaves per dmap tree jfs: Fix uninit-value access of new_ea in ea_buffer drm/amd/display: Check stream before comparing them drm/amd/display: Fix index out of bounds in degamma hardware format translation drm/printer: Allow NULL data in devcoredump printer scsi: aacraid: Rearrange order of struct aac_srb_unit drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() of/irq: Refer to actual buffer size in of_irq_parse_one() ext4: ext4_search_dir should return a proper error ext4: fix i_data_sem unlock order in ext4_ind_migrate() spi: s3c64xx: fix timeout counters in flush_fifo selftests: breakpoints: use remaining time to check if suspend succeed selftests: vDSO: fix vDSO symbols lookup for powerpc64 i2c: xiic: Wait for TX empty to avoid missed TX NAKs spi: bcm63xx: Fix module autoloading perf/core: Fix small negative period being ignored parisc: Fix itlb miss handler for 64-bit programs ALSA: core: add isascii() check to card ID generator ext4: no need to continue when the number of entries is 1 ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix double brelse() the buffer of the extents path ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() parisc: Fix 64-bit userspace syscall path of/irq: Support #msi-cells=<0> in of_msi_get_domain jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error ocfs2: fix the la space leak when unmounting an ocfs2 volume ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: reserve space for inline xattr before attaching reflink tree ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: fix null-ptr-deref when journal load failed. ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate riscv: define ILLEGAL_POINTER_VALUE for 64bit aoe: fix the potential use-after-free problem in more places clk: rockchip: fix error for unknown clocks media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags media: venus: fix use after free bug in venus_remove due to race condition iio: magnetometer: ak8975: Fix reading for ak099xx sensors tomoyo: fallback to realpath if symlink's pathname does not exist Input: adp5589-keys - fix adp5589_gpio_get_value() btrfs: wait for fixup workers before stopping cleaner kthread during umount gpio: davinci: fix lazy disable ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: update orig_path in ext4_find_extent() arm64: Add Cortex-715 CPU part definition arm64: cputype: Add Neoverse-N3 definitions arm64: errata: Expand speculative SSBS workaround once more uprobes: fix kernel info leak via "[uprobes]" vma nfsd: use ktime_get_seconds() for timestamps nfsd: fix delegation_blocked() to block correctly for at least 30 seconds rtc: at91sam9: drop platform_data support rtc: at91sam9: fix OF node leak in probe() error path ACPI: battery: Simplify battery hook locking ACPI: battery: Fix possible crash when unregistering a battery hook ext4: fix inode tree inconsistency caused by ENOMEM net: ethernet: cortina: Drop TSO support tracing: Remove precision vsnprintf() check from print event drm: Move drm_mode_setcrtc() local re-init to failure path drm/crtc: fix uninitialized variable use even harder virtio_console: fix misc probe bugs Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal bpf: Check percpu map value size first s390/facility: Disable compile time optimization for decompressor code s390/mm: Add cond_resched() to cmm_alloc/free_pages() ext4: nested locking for xattr inode s390/cpum_sf: Remove WARN_ON_ONCE statements ktest.pl: Avoid false positives with grub2 skip regex clk: bcm: bcm53573: fix OF node leak in init i2c: i801: Use a different adapter-name for IDF adapters PCI: Mark Creative Labs EMU20k2 INTx masking as broken media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() usb: chipidea: udc: enable suspend interrupt after usb reset tools/iio: Add memory allocation failure check for trigger_name driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute fbdev: sisfb: Fix strbuf array overflow NFS: Remove print_overflow_msg() SUNRPC: Fix integer overflow in decode_rc_list() tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe netfilter: br_netfilter: fix panic with metadata_dst skb Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change gpio: aspeed: Add the flush write to ensure the write complete. clk: Add (devm_)clk_get_optional() functions clk: generalize devm_clk_get() a bit clk: Provide new devm_clk helpers for prepared and enabled clocks gpio: aspeed: Use devm_clk api to manage clock source igb: Do not bring the device up after non-fatal error net: ibm: emac: mal: fix wrong goto ppp: fix ppp_async_encode() illegal access net: ipv6: ensure we call ipv6_mc_down() at most once CDC-NCM: avoid overflow in sanity checking HID: plantronics: Workaround for an unexcepted opposite volume key Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" usb: xhci: Fix problem with xhci resume from suspend usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip net: Fix an unsafe loop on the list posix-clock: Fix missing timespec64 check in pc_clock_settime() arm64: probes: Remove broken LDR (literal) uprobe support arm64: probes: Fix simulate_ldr*_literal() PCI: Add function 0 DMA alias quirk for Glenfly Arise chip fat: fix uninitialized variable KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() net: dsa: mv88e6xxx: Fix out-of-bound access s390/sclp_vt220: Convert newlines to CRLF instead of LFCR KVM: s390: Change virtual to physical address access in diag 0x258 handler x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET drm/vmwgfx: Handle surface check failure correctly iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() iio: light: opt3001: add missing full-scale range value Bluetooth: Remove debugfs directory on module init failure Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 xhci: Fix incorrect stream context type macro USB: serial: option: add support for Quectel EG916Q-GL USB: serial: option: add Telit FN920C04 MBIM compositions parport: Proper fix for array out-of-bounds access x86/apic: Always explicitly disarm TSC-deadline timer nilfs2: propagate directory read errors from nilfs_find_entry() clk: Fix pointer casting to prevent oops in devm_clk_release() clk: Fix slab-out-of-bounds error in devm_clk_release() RDMA/bnxt_re: Fix incorrect AVID type in WQE structure RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP RDMA/bnxt_re: Return more meaningful error drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation macsec: don't increment counters for an unrelated SA net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() net: systemport: fix potential memory leak in bcm_sysport_xmit() usb: typec: altmode should keep reference to parent Bluetooth: bnep: fix wild-memory-access in proto_unregister arm64:uprobe fix the uprobe SWBP_INSN in big-endian arm64: probes: Fix uprobes for big-endian kernels KVM: s390: gaccess: Refactor gpa and length calculation KVM: s390: gaccess: Refactor access address range check KVM: s390: gaccess: Cleanup access to guest pages KVM: s390: gaccess: Check if guest address is in memslot udf: fix uninit-value use in udf_get_fileshortad jfs: Fix sanity check in dbMount net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() be2net: fix potential memory leak in be_xmit() net: usb: usbnet: fix name regression posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() ALSA: hda/realtek: Update default depop procedure drm/amd: Guard against bad data for ATIF ACPI method ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue nilfs2: fix kernel bug due to missing clearing of buffer delay flag hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event selinux: improve error checking in sel_write_load() arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning xfrm: validate new SA's prefixlen using SA family when sel.family is unset usb: dwc3: remove generic PHY calibrate() calls usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc usb: dwc3: core: Stop processing of pending events if controller is halted cgroup: Fix potential overflow issue when checking max_depth wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys gtp: simplify error handling code in 'gtp_encap_enable()' gtp: allow -1 to be specified as file description from userspace net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT bpf: Fix out-of-bounds write in trie_get_next_key() net: support ip generic csum processing in skb_csum_hwoffload_help net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension netfilter: nft_payload: sanitize offset and length before calling skb_checksum() firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() net: amd: mvme147: Fix probe banner message misc: sgi-gru: Don't disable preemption in GRU driver usbip: tools: Fix detach_port() invalid port error path usb: phy: Fix API devm_usb_put_phy() can not release the phy xhci: Fix Link TRB DMA in command ring stopped completion event Revert "driver core: Fix uevent_show() vs driver detach race" wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower wifi: ath10k: Fix memory leak in management tx wifi: iwlegacy: Clear stale interrupts before resuming device nilfs2: fix potential deadlock with newly created symlinks ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow nilfs2: fix kernel bug due to missing clearing of checked flag mm: shmem: fix data-race in shmem_getattr() vt: prevent kernel-infoleak in con_font_get() Linux 4.19.323 Change-Id: I2348f834187153067ab46b3b48b8fe7da9cee1f1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Mark Rutland
|
b6a638cb60 |
arm64: probes: Fix uprobes for big-endian kernels
[ Upstream commit 13f8f1e05f1dc36dbba6cba0ae03354c0dafcde7 ]
The arm64 uprobes code is broken for big-endian kernels as it doesn't
convert the in-memory instruction encoding (which is always
little-endian) into the kernel's native endianness before analyzing and
simulating instructions. This may result in a few distinct problems:
* The kernel may may erroneously reject probing an instruction which can
safely be probed.
* The kernel may erroneously erroneously permit stepping an
instruction out-of-line when that instruction cannot be stepped
out-of-line safely.
* The kernel may erroneously simulate instruction incorrectly dur to
interpretting the byte-swapped encoding.
The endianness mismatch isn't caught by the compiler or sparse because:
* The arch_uprobe::{insn,ixol} fields are encoded as arrays of u8, so
the compiler and sparse have no idea these contain a little-endian
32-bit value. The core uprobes code populates these with a memcpy()
which similarly does not handle endianness.
* While the uprobe_opcode_t type is an alias for __le32, both
arch_uprobe_analyze_insn() and arch_uprobe_skip_sstep() cast from u8[]
to the similarly-named probe_opcode_t, which is an alias for u32.
Hence there is no endianness conversion warning.
Fix this by changing the arch_uprobe::{insn,ixol} fields to __le32 and
adding the appropriate __le32_to_cpu() conversions prior to consuming
the instruction encoding. The core uprobes copies these fields as opaque
ranges of bytes, and so is unaffected by this change.
At the same time, remove MAX_UINSN_BYTES and consistently use
AARCH64_INSN_SIZE for clarity.
Tested with the following:
| #include <stdio.h>
| #include <stdbool.h>
|
| #define noinline __attribute__((noinline))
|
| static noinline void *adrp_self(void)
| {
| void *addr;
|
| asm volatile(
| " adrp %x0, adrp_self\n"
| " add %x0, %x0, :lo12:adrp_self\n"
| : "=r" (addr));
| }
|
|
| int main(int argc, char *argv)
| {
| void *ptr = adrp_self();
| bool equal = (ptr == adrp_self);
|
| printf("adrp_self => %p\n"
| "adrp_self() => %p\n"
| "%s\n",
| adrp_self, ptr, equal ? "EQUAL" : "NOT EQUAL");
|
| return 0;
| }
.... where the adrp_self() function was compiled to:
| 00000000004007e0 <adrp_self>:
| 4007e0: 90000000 adrp x0, 400000 <__ehdr_start>
| 4007e4: 911f8000 add x0, x0, #0x7e0
| 4007e8: d65f03c0 ret
Before this patch, the ADRP is not recognized, and is assumed to be
steppable, resulting in corruption of the result:
| # ./adrp-self
| adrp_self => 0x4007e0
| adrp_self() => 0x4007e0
| EQUAL
| # echo 'p /root/adrp-self:0x007e0' > /sys/kernel/tracing/uprobe_events
| # echo 1 > /sys/kernel/tracing/events/uprobes/enable
| # ./adrp-self
| adrp_self => 0x4007e0
| adrp_self() => 0xffffffffff7e0
| NOT EQUAL
After this patch, the ADRP is correctly recognized and simulated:
| # ./adrp-self
| adrp_self => 0x4007e0
| adrp_self() => 0x4007e0
| EQUAL
| #
| # echo 'p /root/adrp-self:0x007e0' > /sys/kernel/tracing/uprobe_events
| # echo 1 > /sys/kernel/tracing/events/uprobes/enable
| # ./adrp-self
| adrp_self => 0x4007e0
| adrp_self() => 0x4007e0
| EQUAL
Fixes:
|
||
|
Mark Rutland
|
19f4d3a94c |
arm64: probes: Fix simulate_ldr*_literal()
commit 50f813e57601c22b6f26ced3193b9b94d70a2640 upstream.
The simulate_ldr_literal() code always loads a 64-bit quantity, and when
simulating a 32-bit load into a 'W' register, it discards the most
significant 32 bits. For big-endian kernels this means that the relevant
bits are discarded, and the value returned is the the subsequent 32 bits
in memory (i.e. the value at addr + 4).
Additionally, simulate_ldr_literal() and simulate_ldrsw_literal() use a
plain C load, which the compiler may tear or elide (e.g. if the target
is the zero register). Today this doesn't happen to matter, but it may
matter in future if trampoline code uses a LDR (literal) or LDRSW
(literal).
Update simulate_ldr_literal() and simulate_ldrsw_literal() to use an
appropriately-sized READ_ONCE() to perform the access, which avoids
these problems.
Fixes:
|
||
|
Mark Rutland
|
cc86f2e987 |
arm64: probes: Remove broken LDR (literal) uprobe support
commit acc450aa07099d071b18174c22a1119c57da8227 upstream.
The simulate_ldr_literal() and simulate_ldrsw_literal() functions are
unsafe to use for uprobes. Both functions were originally written for
use with kprobes, and access memory with plain C accesses. When uprobes
was added, these were reused unmodified even though they cannot safely
access user memory.
There are three key problems:
1) The plain C accesses do not have corresponding extable entries, and
thus if they encounter a fault the kernel will treat these as
unintentional accesses to user memory, resulting in a BUG() which
will kill the kernel thread, and likely lead to further issues (e.g.
lockup or panic()).
2) The plain C accesses are subject to HW PAN and SW PAN, and so when
either is in use, any attempt to simulate an access to user memory
will fault. Thus neither simulate_ldr_literal() nor
simulate_ldrsw_literal() can do anything useful when simulating a
user instruction on any system with HW PAN or SW PAN.
3) The plain C accesses are privileged, as they run in kernel context,
and in practice can access a small range of kernel virtual addresses.
The instructions they simulate have a range of +/-1MiB, and since the
simulated instructions must itself be a user instructions in the
TTBR0 address range, these can address the final 1MiB of the TTBR1
acddress range by wrapping downwards from an address in the first
1MiB of the TTBR0 address range.
In contemporary kernels the last 8MiB of TTBR1 address range is
reserved, and accesses to this will always fault, meaning this is no
worse than (1).
Historically, it was theoretically possible for the linear map or
vmemmap to spill into the final 8MiB of the TTBR1 address range, but
in practice this is extremely unlikely to occur as this would
require either:
* Having enough physical memory to fill the entire linear map all the
way to the final 1MiB of the TTBR1 address range.
* Getting unlucky with KASLR randomization of the linear map such
that the populated region happens to overlap with the last 1MiB of
the TTBR address range.
... and in either case if we were to spill into the final page there
would be larger problems as the final page would alias with error
pointers.
Practically speaking, (1) and (2) are the big issues. Given there have
been no reports of problems since the broken code was introduced, it
appears that no-one is relying on probing these instructions with
uprobes.
Avoid these issues by not allowing uprobes on LDR (literal) and LDRSW
(literal), limiting the use of simulate_ldr_literal() and
simulate_ldrsw_literal() to kprobes. Attempts to place uprobes on LDR
(literal) and LDRSW (literal) will be rejected as
arm_probe_decode_insn() will return INSN_REJECTED. In future we can
consider introducing working uprobes support for these instructions, but
this will require more significant work.
Fixes:
|
||
|
Mark Rutland
|
2606ccae1e |
arm64: errata: Expand speculative SSBS workaround once more
[ Upstream commit 081eb7932c2b244f63317a982c5e3990e2c7fbdd ]
A number of Arm Ltd CPUs suffer from errata whereby an MSR to the SSBS
special-purpose register does not affect subsequent speculative
instructions, permitting speculative store bypassing for a window of
time.
We worked around this for a number of CPUs in commits:
* 7187bb7d0b5c7dfa ("arm64: errata: Add workaround for Arm errata 3194386 and 3312417")
* 75b3c43eab594bfb ("arm64: errata: Expand speculative SSBS workaround")
* 145502cac7ea70b5 ("arm64: errata: Expand speculative SSBS workaround (again)")
Since then, a (hopefully final) batch of updates have been published,
with two more affected CPUs. For the affected CPUs the existing
mitigation is sufficient, as described in their respective Software
Developer Errata Notice (SDEN) documents:
* Cortex-A715 (MP148) SDEN v15.0, erratum 3456084
https://developer.arm.com/documentation/SDEN-2148827/1500/
* Neoverse-N3 (MP195) SDEN v5.0, erratum 3456111
https://developer.arm.com/documentation/SDEN-3050973/0500/
Enable the existing mitigation by adding the relevant MIDRs to
erratum_spec_ssbs_list, and update silicon-errata.rst and the
Kconfig text accordingly.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20240930111705.3352047-3-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
[ Mark: fix conflict in silicon-errata.rst, handle move and rename ]
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Michael Bestas
|
8e1916dce4 |
arm64: errata: Fix mismerge
Change-Id: I4eaa5ca9c72c1035ce90a4223064315d598f4e95 |
||
|
Michael Bestas
|
bf15dd2933 |
Merge tag 'ASB-2024-09-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-09-01 CVE-2024-36972 * tag 'ASB-2024-09-05_4.19-stable' of https://android.googlesource.com/kernel/common: (331 commits) Linux 4.19.321 drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var ipc: remove memcg accounting for sops objects in do_semtimedop() scsi: aacraid: Fix double-free on probe failure usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: omap: add missing depopulate in probe error path USB: serial: option: add MeiG Smart SRM825L cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller net: busy-poll: use ktime_get_ns() instead of local_clock() gtp: fix a potential NULL pointer dereference soundwire: stream: fix programming slave ports for non-continous port maps net: prevent mss overflow in skb_segment() ida: Fix crash in ida_free when the bitmap is empty net:rds: Fix possible deadlock in rds_message_put fbmem: Check virtual screen sizes in fb_set_var() fbcon: Prevent that screen size is smaller than font size memcg: enable accounting of ipc resources cgroup/cpuset: Prevent UAF in proc_cpuset_show() ... Conflicts: Documentation/arm64/silicon-errata.txt arch/arm64/include/asm/cpucaps.h arch/arm64/include/asm/cputype.h arch/arm64/kernel/cpu_errata.c drivers/mmc/core/mmc_test.c Change-Id: Id6bbf5f84f4823b601b92267408ab2025b6ba9f4 |
||
|
Greg Kroah-Hartman
|
d757552385 |
Merge 4.19.321 into android-4.19-stable
Changes in 4.19.321 fuse: Initialize beyond-EOF page contents before setting uptodate ALSA: usb-audio: Support Yamaha P-125 quirk entry xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE dm resume: don't return EINVAL when signalled dm persistent data: fix memory allocation failure bitmap: introduce generic optimized bitmap_size() fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE selinux: fix potential counting error in avc_add_xperms_decision() drm/amdgpu: Actually check flags for all context ops. memcg_write_event_control(): fix a user-triggerable oops s390/cio: rename bitmap_size() -> idset_bitmap_size() overflow.h: Add flex_array_size() helper overflow: Implement size_t saturating arithmetic helpers btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() net/mlx5e: Correctly report errors for ethtool rx flows atm: idt77252: prevent use after free in dequeue_rx() net: dsa: vsc73xx: pass value in phy_write operation ssb: Fix division by zero issue in ssb_calc_clock_rate wifi: cw1200: Avoid processing an invalid TIM IE i2c: riic: avoid potential division by zero staging: ks7010: disable bh on tx_dev_lock binfmt_misc: cleanup on filesystem umount scsi: spi: Fix sshdr use gfs2: setattr_chown: Add missing initialization wifi: iwlwifi: abort scan when rfkill on but device enabled powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu ext4: do not trim the group with corrupted block bitmap quota: Remove BUG_ON from dqget() media: pci: cx23885: check cx23885_vdev_init() return fs: binfmt_elf_efpic: don't use missing interpreter's properties scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() net/sun3_82586: Avoid reading past buffer in debug output md: clean up invalid BUG_ON in md_ioctl parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 powerpc/boot: Handle allocation failure in simple_realloc() powerpc/boot: Only free if realloc() succeeds btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() f2fs: fix to do sanity check in update_sit_entry usb: gadget: fsl: Increase size of name buffer for endpoints Bluetooth: bnep: Fix out-of-bound access NFS: avoid infinite loop in pnfs_update_layout. openrisc: Call setup_memory() earlier in the init sequence s390/iucv: fix receive buffer virtual vs physical address confusion usb: dwc3: core: Skip setting event buffers for host only controllers irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc ext4: set the type of max_zeroout to unsigned int to avoid overflow nvmet-rdma: fix possible bad dereference when freeing rsps hrtimer: Prevent queuing of hrtimer without a function callback gtp: pull network headers in gtp_dev_xmit() block: use "unsigned long" for blk_validate_block_size(). Bluetooth: Make use of __check_timeout on hci_sched_le Bluetooth: hci_core: Fix not handling link timeouts propertly Bluetooth: hci_core: Fix LE quote calculation kcm: Serialise kcm_sendmsg() for the same socket. netfilter: nft_counter: Synchronize nft_counter_reset() against reader. ipv6: prevent UAF in ip6_send_skb() net: xilinx: axienet: Always disable promiscuous mode drm/msm: use drm_debug_enabled() to check for debug categories drm/msm/dpu: don't play tricks with debug macros mmc: mmc_test: Fix NULL dereference on allocation failure Bluetooth: MGMT: Add error handling to pair_device() HID: wacom: Defer calculation of resolution until resolution_code is known cxgb4: add forgotten u64 ivlan cast before shift mmc: dw_mmc: allow biu and ciu clocks to defer ALSA: timer: Relax start tick time check for slave timer elements Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Input: MT - limit max slots tools: move alignment-related macros to new <linux/align.h> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc pinctrl: single: fix potential NULL dereference in pcs_get_function() wifi: mwifiex: duplicate static structs used in driver instances dm suspend: return -ERESTARTSYS instead of -EINTR scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 media: uvcvideo: Fix integer overflow calculating timestamp ata: libata-core: Fix null pointer dereference on error cgroup/cpuset: Prevent UAF in proc_cpuset_show() memcg: enable accounting of ipc resources fbcon: Prevent that screen size is smaller than font size fbmem: Check virtual screen sizes in fb_set_var() net:rds: Fix possible deadlock in rds_message_put ida: Fix crash in ida_free when the bitmap is empty net: prevent mss overflow in skb_segment() soundwire: stream: fix programming slave ports for non-continous port maps gtp: fix a potential NULL pointer dereference net: busy-poll: use ktime_get_ns() instead of local_clock() cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller USB: serial: option: add MeiG Smart SRM825L usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: st: fix probed platform device ref count on probe error path usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() scsi: aacraid: Fix double-free on probe failure ipc: remove memcg accounting for sops objects in do_semtimedop() drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var Linux 4.19.321 Change-Id: I5ee663c7c3343a99e3c73dd8f663ca5c4e298478 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Michael Bestas
|
0d750eaafc |
Merge tag 'ASB-2024-08-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-08-01 CVE-2024-36971 * tag 'ASB-2024-08-05_4.19-stable' of https://android.googlesource.com/kernel/common: (2363 commits) Linux 4.19.318 i2c: rcar: bring hardware to known state when probing nilfs2: fix kernel bug on rename operation of broken directory SUNRPC: Fix RPC client cleaned up the freed pipefs dentries tcp: avoid too many retransmit packets tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() net: tcp: fix unexcepted socket die when snd_wnd is 0 tcp: refactor tcp_retransmit_timer() libceph: fix race between delayed_work() and ceph_monc_stop() hpet: Support 32-bit userspace USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k USB: serial: option: add Rolling RW350-GL variants USB: serial: option: add Netprisma LCUK54 series modules USB: serial: option: add support for Foxconn T99W651 USB: serial: option: add Fibocom FM350-GL USB: serial: option: add Telit FN912 rmnet compositions USB: serial: option: add Telit generic core-dump composition ARM: davinci: Convert comma to semicolon ... Conflicts: Documentation/devicetree/bindings/sound/rt5645.txt android/abi_gki_aarch64.xml drivers/clk/qcom/clk-rcg2.c drivers/hwtracing/coresight/coresight-etm4x.c drivers/leds/leds-pwm.c drivers/mmc/core/host.c drivers/mmc/core/sdio.c drivers/mmc/host/cqhci.c drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c drivers/rpmsg/qcom_glink_native.c drivers/scsi/ufs/ufshcd.c drivers/thermal/thermal_core.c drivers/usb/dwc3/core.c drivers/usb/gadget/function/f_ncm.c fs/f2fs/gc.c fs/pstore/ram_core.c include/linux/fs.h include/linux/timer.h include/net/tcp.h init/initramfs.c kernel/events/core.c kernel/sched/idle.c kernel/time/timer.c mm/page_alloc.c net/wireless/scan.c scripts/checkpatch.pl Change-Id: Ice08f3ba5dc64a093bc381710ef2408d963cb983 |
||
|
Haibo Xu
|
2fbc3c6736 |
arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE
commit a21dcf0ea8566ebbe011c79d6ed08cdfea771de3 upstream.
Currently, only acpi_early_node_map[0] was initialized to NUMA_NO_NODE.
To ensure all the values were properly initialized, switch to initialize
all of them to NUMA_NO_NODE.
Fixes:
|
||
|
Greg Kroah-Hartman
|
bbc4834e22 |
Merge 4.19.320 into android-4.19-stable
Changes in 4.19.320
platform/chrome: cros_ec_debugfs: fix wrong EC message version
hfsplus: fix to avoid false alarm of circular locking
x86/of: Return consistent error type from x86_of_pci_irq_enable()
x86/pci/intel_mid_pci: Fix PCIBIOS_* return code handling
x86/pci/xen: Fix PCIBIOS_* return code handling
x86/platform/iosf_mbi: Convert PCIBIOS_* return codes to errnos
hwmon: (adt7475) Fix default duty on fan is disabled
pwm: stm32: Always do lazy disabling
hwmon: (max6697) Fix underflow when writing limit attributes
hwmon: Introduce SENSOR_DEVICE_ATTR_{RO, RW, WO} and variants
hwmon: (max6697) Auto-convert to use SENSOR_DEVICE_ATTR_{RO, RW, WO}
hwmon: (max6697) Fix swapped temp{1,8} critical alarms
arm64: dts: rockchip: Increase VOP clk rate on RK3328
m68k: atari: Fix TT bootup freeze / unexpected (SCU) interrupt messages
x86/xen: Convert comma to semicolon
m68k: cmpxchg: Fix return value for default case in __arch_xchg()
wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device
net/smc: Allow SMC-D 1MB DMB allocations
net/smc: set rmb's SG_MAX_SINGLE_ALLOC limitation only when CONFIG_ARCH_NO_SG_CHAIN is defined
selftests/bpf: Check length of recv in test_sockmap
wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he()
wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
net: fec: Refactor: #define magic constants
net: fec: Fix FEC_ECR_EN1588 being cleared on link-down
ipvs: Avoid unnecessary calls to skb_is_gso_sctp
perf: Fix perf_aux_size() for greater-than 32-bit size
perf: Prevent passing zero nr_pages to rb_alloc_aux()
bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
selftests: forwarding: devlink_lib: Wait for udev events after reloading
media: imon: Fix race getting ictx->lock
saa7134: Unchecked i2c_transfer function result fixed
media: uvcvideo: Allow entity-defined get_info and get_cur
media: uvcvideo: Override default flags
media: renesas: vsp1: Fix _irqsave and _irq mix
media: renesas: vsp1: Store RPF partition configuration per RPF instance
leds: trigger: Unregister sysfs attributes before calling deactivate()
perf report: Fix condition in sort__sym_cmp()
drm/etnaviv: fix DMA direction handling for cached RW buffers
mfd: omap-usb-tll: Use struct_size to allocate tll
ext4: avoid writing unitialized memory to disk in EA inodes
sparc64: Fix incorrect function signature and add prototype for prom_cif_init
PCI: Equalize hotplug memory and io for occupied and empty slots
PCI: Fix resource double counting on remove & rescan
RDMA/mlx4: Fix truncated output warning in mad.c
RDMA/mlx4: Fix truncated output warning in alias_GUID.c
RDMA/rxe: Don't set BTH_ACK_MASK for UC or UD QPs
mtd: make mtd_test.c a separate module
Input: elan_i2c - do not leave interrupt disabled on suspend failure
MIPS: Octeron: remove source file executable bit
powerpc/xmon: Fix disassembly CPU feature checks
macintosh/therm_windtunnel: fix module unload.
bnxt_re: Fix imm_data endianness
ice: Rework flex descriptor programming
netfilter: ctnetlink: use helper function to calculate expect ID
pinctrl: core: fix possible memory leak when pinctrl_enable() fails
pinctrl: single: fix possible memory leak when pinctrl_enable() fails
pinctrl: ti: ti-iodelay: Drop if block with always false condition
pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails
pinctrl: freescale: mxs: Fix refcount of child
fs/nilfs2: remove some unused macros to tame gcc
nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro
tick/broadcast: Make takeover of broadcast hrtimer reliable
net: netconsole: Disable target before netpoll cleanup
af_packet: Handle outgoing VLAN packets without hardware offloading
ipv6: take care of scope when choosing the src addr
char: tpm: Fix possible memory leak in tpm_bios_measurements_open()
media: venus: fix use after free in vdec_close
hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes
m68k: amiga: Turn off Warp1260 interrupts during boot
ext4: check dot and dotdot of dx_root before making dir indexed
ext4: make sure the first directory block is not a hole
wifi: mwifiex: Fix interface type change
leds: ss4200: Convert PCIBIOS_* return codes to errnos
tools/memory-model: Fix bug in lock.cat
hwrng: amd - Convert PCIBIOS_* return codes to errnos
PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN
binder: fix hang of unregistered readers
scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds
f2fs: fix to don't dirty inode for readonly filesystem
clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use
ubi: eba: properly rollback inside self_check_eba
decompress_bunzip2: fix rare decompression failure
kobject_uevent: Fix OOB access within zap_modalias_env()
rtc: cmos: Fix return value of nvmem callbacks
scsi: qla2xxx: During vport delete send async logout explicitly
scsi: qla2xxx: validate nvme_local_port correctly
perf/x86/intel/pt: Fix topa_entry base length
watchdog/perf: properly initialize the turbo mode timestamp and rearm counter
platform: mips: cpu_hwmon: Disable driver on unsupported hardware
RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
selftests/sigaltstack: Fix ppc64 GCC build
nilfs2: handle inconsistent state in nilfs_btnode_create_block()
kdb: Fix bound check compiler warning
kdb: address -Wformat-security warnings
kdb: Use the passed prompt in kdb_position_cursor()
jfs: Fix array-index-out-of-bounds in diFree
dma: fix call order in dmam_free_coherent
MIPS: SMP-CPS: Fix address for GCR_ACCESS register for CM3 and later
net: ip_rt_get_source() - use new style struct initializer instead of memset
ipv4: Fix incorrect source address in Record Route option
net: bonding: correctly annotate RCU in bond_should_notify_peers()
tipc: Return non-zero value from tipc_udp_addr2str() on error
mISDN: Fix a use after free in hfcmulti_tx()
mm: avoid overflows in dirty throttling logic
PCI: rockchip: Make 'ep-gpios' DT property optional
PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio
parport: parport_pc: Mark expected switch fall-through
parport: Convert printk(KERN_<LEVEL> to pr_<level>(
parport: Standardize use of printmode
dev/parport: fix the array out-of-bounds risk
driver core: Cast to (void *) with __force for __percpu pointer
devres: Fix memory leakage caused by driver API devm_free_percpu()
perf/x86/intel/pt: Export pt_cap_get()
perf/x86/intel/pt: Use helpers to obtain ToPA entry size
perf/x86/intel/pt: Use pointer arithmetics instead in ToPA entry calculation
perf/x86/intel/pt: Split ToPA metadata and page layout
perf/x86/intel/pt: Fix a topa_entry base address calculation
remoteproc: imx_rproc: ignore mapping vdev regions
remoteproc: imx_rproc: Fix ignoring mapping vdev regions
remoteproc: imx_rproc: Skip over memory region when node value is NULL
drm/vmwgfx: Fix overlay when using Screen Targets
net/iucv: fix use after free in iucv_sock_close()
ipv6: fix ndisc_is_useropt() handling for PIO
protect the fetch of ->fd[fd] in do_dup2() from mispredictions
ALSA: usb-audio: Correct surround channels in UAC1 channel map
net: usb: sr9700: fix uninitialized variable use in sr_mdio_read
irqchip/mbigen: Fix mbigen node address layout
x86/mm: Fix pti_clone_pgtable() alignment assumption
net: usb: qmi_wwan: fix memory leak for not ip packets
net: linkwatch: use system_unbound_wq
Bluetooth: l2cap: always unlock channel in l2cap_conless_channel()
net: fec: Stop PPS on driver remove
md/raid5: avoid BUG_ON() while continue reshape after reassembling
clocksource/drivers/sh_cmt: Address race condition for clock events
PCI: Add Edimax Vendor ID to pci_ids.h
udf: prevent integer overflow in udf_bitmap_free_blocks()
wifi: nl80211: don't give key data to userspace
btrfs: fix bitmap leak when loading free space cache on duplicate entry
media: uvcvideo: Ignore empty TS packets
media: uvcvideo: Fix the bandwdith quirk on USB 3.x
jbd2: avoid memleak in jbd2_journal_write_metadata_buffer
s390/sclp: Prevent release of buffer in I/O
SUNRPC: Fix a race to wake a sync task
ext4: fix wrong unit use in ext4_mb_find_by_goal
arm64: Add support for SB barrier and patch in over DSB; ISB sequences
arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space
arm64: Add Neoverse-V2 part
arm64: cputype: Add Cortex-X4 definitions
arm64: cputype: Add Neoverse-V3 definitions
arm64: errata: Add workaround for Arm errata 3194386 and 3312417
arm64: cputype: Add Cortex-X3 definitions
arm64: cputype: Add Cortex-A720 definitions
arm64: cputype: Add Cortex-X925 definitions
arm64: errata: Unify speculative SSBS errata logic
arm64: errata: Expand speculative SSBS workaround
arm64: cputype: Add Cortex-X1C definitions
arm64: cputype: Add Cortex-A725 definitions
arm64: errata: Expand speculative SSBS workaround (again)
i2c: smbus: Don't filter out duplicate alerts
i2c: smbus: Improve handling of stuck alerts
i2c: smbus: Send alert notifications to all devices if source not found
bpf: kprobe: remove unused declaring of bpf_kprobe_override
spi: lpspi: Replace all "master" with "controller"
spi: lpspi: Add slave mode support
spi: lpspi: Let watermark change with send data length
spi: lpspi: Add i.MX8 boards support for lpspi
spi: lpspi: add the error info of transfer speed setting
spi: fsl-lpspi: remove unneeded array
spi: spi-fsl-lpspi: Fix scldiv calculation
ALSA: line6: Fix racy access to midibuf
usb: vhci-hcd: Do not drop references before new references are gained
USB: serial: debug: do not echo input by default
usb: gadget: core: Check for unset descriptor
scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic
tick/broadcast: Move per CPU pointer access into the atomic section
ntp: Clamp maxerror and esterror to operating range
driver core: Fix uevent_show() vs driver detach race
ntp: Safeguard against time_constant overflow
serial: core: check uartclk for zero to avoid divide by zero
power: supply: axp288_charger: Fix constant_charge_voltage writes
power: supply: axp288_charger: Round constant_charge_voltage writes down
tracing: Fix overflow in get_free_elt()
x86/mtrr: Check if fixed MTRRs exist before saving them
drm/bridge: analogix_dp: properly handle zero sized AUX transactions
drm/mgag200: Set DDC timeout in milliseconds
kbuild: Fix '-S -c' in x86 stack protector scripts
netfilter: nf_tables: set element extended ACK reporting support
netfilter: nf_tables: use timestamp to check for set element timeout
netfilter: nf_tables: prefer nft_chain_validate
arm64: cpufeature: Fix the visibility of compat hwcaps
media: uvcvideo: Use entity get_cur in uvc_ctrl_set
drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
exec: Fix ToCToU between perm check and set-uid/gid usage
nvme/pci: Add APST quirk for Lenovo N60z laptop
Linux 4.19.320
Change-Id: I12efa55c04d97f29d34f1a49511948735871b2bd
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Amit Daniel Kachhap
|
5e1d9d92c5 |
arm64: cpufeature: Fix the visibility of compat hwcaps
commit 85f1506337f0c79a4955edfeee86a18628e3735f upstream.
Commit 237405ebef58 ("arm64: cpufeature: Force HWCAP to be based on the
sysreg visible to user-space") forced the hwcaps to use sanitised
user-space view of the id registers. However, the ID register structures
used to select few compat cpufeatures (vfp, crc32, ...) are masked and
hence such hwcaps do not appear in /proc/cpuinfo anymore for PER_LINUX32
personality.
Add the ID register structures explicitly and set the relevant entry as
visible. As these ID registers are now of type visible so make them
available in 64-bit userspace by making necessary changes in register
emulation logic and documentation.
While at it, update the comment for structure ftr_generic_32bits[] which
lists the ID register that use it.
Fixes: 237405ebef58 ("arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space")
Cc: Suzuki K Poulose <suzuki.poulose@arm.com>
Reviewed-by: James Morse <james.morse@arm.com>
Signed-off-by: Amit Daniel Kachhap <amit.kachhap@arm.com>
Link: https://lore.kernel.org/r/20221103082232.19189-1-amit.kachhap@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Mark Rutland
|
236f749edb |
arm64: errata: Expand speculative SSBS workaround (again)
[ Upstream commit adeec61a4723fd3e39da68db4cc4d924e6d7f641 ]
A number of Arm Ltd CPUs suffer from errata whereby an MSR to the SSBS
special-purpose register does not affect subsequent speculative
instructions, permitting speculative store bypassing for a window of
time.
We worked around this for a number of CPUs in commits:
* 7187bb7d0b5c7dfa ("arm64: errata: Add workaround for Arm errata 3194386 and 3312417")
* 75b3c43eab594bfb ("arm64: errata: Expand speculative SSBS workaround")
Since then, similar errata have been published for a number of other Arm
Ltd CPUs, for which the same mitigation is sufficient. This is described
in their respective Software Developer Errata Notice (SDEN) documents:
* Cortex-A76 (MP052) SDEN v31.0, erratum 3324349
https://developer.arm.com/documentation/SDEN-885749/3100/
* Cortex-A77 (MP074) SDEN v19.0, erratum 3324348
https://developer.arm.com/documentation/SDEN-1152370/1900/
* Cortex-A78 (MP102) SDEN v21.0, erratum 3324344
https://developer.arm.com/documentation/SDEN-1401784/2100/
* Cortex-A78C (MP138) SDEN v16.0, erratum 3324346
https://developer.arm.com/documentation/SDEN-1707916/1600/
* Cortex-A78C (MP154) SDEN v10.0, erratum 3324347
https://developer.arm.com/documentation/SDEN-2004089/1000/
* Cortex-A725 (MP190) SDEN v5.0, erratum 3456106
https://developer.arm.com/documentation/SDEN-2832921/0500/
* Cortex-X1 (MP077) SDEN v21.0, erratum 3324344
https://developer.arm.com/documentation/SDEN-1401782/2100/
* Cortex-X1C (MP136) SDEN v16.0, erratum 3324346
https://developer.arm.com/documentation/SDEN-1707914/1600/
* Neoverse-N1 (MP050) SDEN v32.0, erratum 3324349
https://developer.arm.com/documentation/SDEN-885747/3200/
* Neoverse-V1 (MP076) SDEN v19.0, erratum 3324341
https://developer.arm.com/documentation/SDEN-1401781/1900/
Note that due to the manner in which Arm develops IP and tracks errata,
some CPUs share a common erratum number and some CPUs have multiple
erratum numbers for the same HW issue.
On parts without SB, it is necessary to use ISB for the workaround. The
spec_bar() macro used in the mitigation will expand to a "DSB SY; ISB"
sequence in this case, which is sufficient on all affected parts.
Enable the existing mitigation by adding the relevant MIDRs to
erratum_spec_ssbs_list. The list is sorted alphanumerically (involving
moving Neoverse-V3 after Neoverse-V2) so that this is easy to audit and
potentially extend again in future. The Kconfig text is also updated to
clarify the set of affected parts and the mitigation.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Reviewed-by: Anshuman Khandual <anshuman.khandual@arm.com>
Acked-by: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20240801101803.1982459-4-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
[ Mark: fix conflicts in silicon-errata.rst ]
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Mark Rutland
|
873b451ffb |
arm64: errata: Expand speculative SSBS workaround
[ Upstream commit 75b3c43eab594bfbd8184ec8ee1a6b820950819a ]
A number of Arm Ltd CPUs suffer from errata whereby an MSR to the SSBS
special-purpose register does not affect subsequent speculative
instructions, permitting speculative store bypassing for a window of
time.
We worked around this for Cortex-X4 and Neoverse-V3, in commit:
7187bb7d0b5c7dfa ("arm64: errata: Add workaround for Arm errata 3194386 and 3312417")
... as per their Software Developer Errata Notice (SDEN) documents:
* Cortex-X4 SDEN v8.0, erratum 3194386:
https://developer.arm.com/documentation/SDEN-2432808/0800/
* Neoverse-V3 SDEN v6.0, erratum 3312417:
https://developer.arm.com/documentation/SDEN-2891958/0600/
Since then, similar errata have been published for a number of other Arm Ltd
CPUs, for which the mitigation is the same. This is described in their
respective SDEN documents:
* Cortex-A710 SDEN v19.0, errataum 3324338
https://developer.arm.com/documentation/SDEN-1775101/1900/?lang=en
* Cortex-A720 SDEN v11.0, erratum 3456091
https://developer.arm.com/documentation/SDEN-2439421/1100/?lang=en
* Cortex-X2 SDEN v19.0, erratum 3324338
https://developer.arm.com/documentation/SDEN-1775100/1900/?lang=en
* Cortex-X3 SDEN v14.0, erratum 3324335
https://developer.arm.com/documentation/SDEN-2055130/1400/?lang=en
* Cortex-X925 SDEN v8.0, erratum 3324334
https://developer.arm.com/documentation/109108/800/?lang=en
* Neoverse-N2 SDEN v17.0, erratum 3324339
https://developer.arm.com/documentation/SDEN-1982442/1700/?lang=en
* Neoverse-V2 SDEN v9.0, erratum 3324336
https://developer.arm.com/documentation/SDEN-2332927/900/?lang=en
Note that due to shared design lineage, some CPUs share the same erratum
number.
Add these to the existing mitigation under CONFIG_ARM64_ERRATUM_3194386.
As listing all of the erratum IDs in the runtime description would be
unwieldy, this is reduced to:
"SSBS not fully self-synchronizing"
... matching the description of the errata in all of the SDENs.
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: James Morse <james.morse@arm.com>
Cc: Will Deacon <will@kernel.org>
Link: https://lore.kernel.org/r/20240603111812.1514101-6-mark.rutland@arm.com
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
[ Mark: fix conflicts and renames ]
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Mark Rutland
|
023c0f2e7f |
arm64: errata: Unify speculative SSBS errata logic
[ Upstream commit ec768766608092087dfb5c1fc45a16a6f524dee2 ] Cortex-X4 erratum 3194386 and Neoverse-V3 erratum 3312417 are identical, with duplicate Kconfig text and some unsightly ifdeffery. While we try to share code behind CONFIG_ARM64_WORKAROUND_SPECULATIVE_SSBS, having separate options results in a fair amount of boilerplate code, and this will only get worse as we expand the set of affected CPUs. To reduce this boilerplate, unify the two behind a common Kconfig option. This removes the duplicate text and Kconfig logic, and removes the need for the intermediate ARM64_WORKAROUND_SPECULATIVE_SSBS option. The set of affected CPUs is described as a list so that this can easily be extended. I've used ARM64_ERRATUM_3194386 (matching the Neoverse-V3 erratum ID) as the common option, matching the way we use ARM64_ERRATUM_1319367 to cover Cortex-A57 erratum 1319537 and Cortex-A72 erratum 1319367. Signed-off-by: Mark Rutland <mark.rutland@arm.com> Cc: James Morse <james.morse@arm.com> Cc: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20240603111812.1514101-5-mark.rutland@arm.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> [ Mark: fix conflicts & renames, drop unneeded cpucaps.h ] Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Mark Rutland
|
213506584d |
arm64: errata: Add workaround for Arm errata 3194386 and 3312417
[ Upstream commit 7187bb7d0b5c7dfa18ca82e9e5c75e13861b1d88 ] Cortex-X4 and Neoverse-V3 suffer from errata whereby an MSR to the SSBS special-purpose register does not affect subsequent speculative instructions, permitting speculative store bypassing for a window of time. This is described in their Software Developer Errata Notice (SDEN) documents: * Cortex-X4 SDEN v8.0, erratum 3194386: https://developer.arm.com/documentation/SDEN-2432808/0800/ * Neoverse-V3 SDEN v6.0, erratum 3312417: https://developer.arm.com/documentation/SDEN-2891958/0600/ To workaround these errata, it is necessary to place a speculation barrier (SB) after MSR to the SSBS special-purpose register. This patch adds the requisite SB after writes to SSBS within the kernel, and hides the presence of SSBS from EL0 such that userspace software which cares about SSBS will manipulate this via prctl(PR_GET_SPECULATION_CTRL, ...). Signed-off-by: Mark Rutland <mark.rutland@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: James Morse <james.morse@arm.com> Cc: Will Deacon <will@kernel.org> Link: https://lore.kernel.org/r/20240508081400.235362-5-mark.rutland@arm.com Signed-off-by: Will Deacon <will@kernel.org> [ Mark: fix conflicts & renames, drop unneeded cpucaps.h, fold in user_feature_fixup() ] Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
James Morse
|
6ad94963c7 |
arm64: cpufeature: Force HWCAP to be based on the sysreg visible to user-space
[ Upstream commit 237405ebef580a7352a52129b2465c117145eafa ] arm64 advertises hardware features to user-space via HWCAPs, and by emulating access to the CPUs id registers. The cpufeature code has a sanitised system-wide view of an id register, and a sanitised user-space view of an id register, where some features use their 'safe' value instead of the hardware value. It is currently possible for a HWCAP to be advertised where the user-space view of the id register does not show the feature as supported. Erratum workaround need to remove both the HWCAP, and the feature from the user-space view of the id register. This involves duplicating the code, and spreading it over cpufeature.c and cpu_errata.c. Make the HWCAP code use the user-space view of id registers. This ensures the values never diverge, and allows erratum workaround to remove HWCAP by modifying the user-space view of the id register. Signed-off-by: James Morse <james.morse@arm.com> Reviewed-by: Suzuki K Poulose <suzuki.poulose@arm.com> Link: https://lore.kernel.org/r/20220909165938.3931307-2-james.morse@arm.com Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> [ Mark: fixup lack of 'width' parameter, whitespace conflict ] Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Will Deacon
|
ced08f48bd |
arm64: Add support for SB barrier and patch in over DSB; ISB sequences
[ Upstream commit bd4fb6d270bc423a9a4098108784f7f9254c4e6d ] We currently use a DSB; ISB sequence to inhibit speculation in set_fs(). Whilst this works for current CPUs, future CPUs may implement a new SB barrier instruction which acts as an architected speculation barrier. On CPUs that support it, patch in an SB; NOP sequence over the DSB; ISB sequence and advertise the presence of the new instruction to userspace. Signed-off-by: Will Deacon <will.deacon@arm.com> [ Mark: fixup conflicts ] Signed-off-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Sami Tolvanen
|
4e7313f026 |
ANDROID: arm64: Place CFI jump table sections in .text
After the switch to non-canonical CFI jump tables, the jump table sections were placed after the .text section. Merge these sections into .text to fix issues with error injection and kallsyms. Bug: 225079388 Bug: 190422440 Change-Id: I6c81b3e4dbba62739f7fc5f6b45271c54f278c8f Signed-off-by: Sami Tolvanen <samitolvanen@google.com> [nathan: This change is necessary in android-4.19 to boot after upstream LLVM commit 7b346357db30 ("[ELF] Orphan placement: prefer the last similar section when its rank <= orphan's rank"), which changes how sections not described in linker scripts are laid out in the final binary] Signed-off-by: Nathan Chancellor <nathan@kernel.org> |
||
|
Pierre Gondois
|
ad6d64c238 |
UPSTREAM: arm64: efi: Make efi_rt_lock a raw_spinlock
Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 9, name: kworker/u320:0 preempt_count: 2, expected: 0 RCU nest depth: 0, expected: 0 3 locks held by kworker/u320:0/9: #0: ffff3fff8c27d128 ((wq_completion)efi_rts_wq){+.+.}-{0:0}, at: process_one_work (./include/linux/atomic/atomic-long.h:41) #1: ffff80000861bdd0 ((work_completion)(&efi_rts_work.work)){+.+.}-{0:0}, at: process_one_work (./include/linux/atomic/atomic-long.h:41) #2: ffffdf7e1ed3e460 (efi_rt_lock){+.+.}-{3:3}, at: efi_call_rts (drivers/firmware/efi/runtime-wrappers.c:101) Preemption disabled at: efi_virtmap_load (./arch/arm64/include/asm/mmu_context.h:248) CPU: 0 PID: 9 Comm: kworker/u320:0 Tainted: G W 6.2.0-rc3-rt1 Hardware name: WIWYNN Mt.Jade Server System B81.03001.0005/Mt.Jade Motherboard, BIOS 1.08.20220218 (SCP: 1.08.20220218) 2022/02/18 Workqueue: efi_rts_wq efi_call_rts Call trace: dump_backtrace (arch/arm64/kernel/stacktrace.c:158) show_stack (arch/arm64/kernel/stacktrace.c:165) dump_stack_lvl (lib/dump_stack.c:107 (discriminator 4)) dump_stack (lib/dump_stack.c:114) __might_resched (kernel/sched/core.c:10134) rt_spin_lock (kernel/locking/rtmutex.c:1769 (discriminator 4)) efi_call_rts (drivers/firmware/efi/runtime-wrappers.c:101) [...] This seems to come from commit ff7a167961d1 ("arm64: efi: Execute runtime services from a dedicated stack") which adds a spinlock. This spinlock is taken through: efi_call_rts() \-efi_call_virt() \-efi_call_virt_pointer() \-arch_efi_call_virt_setup() Make 'efi_rt_lock' a raw_spinlock to avoid being preempted. [ardb: The EFI runtime services are called with a different set of translation tables, and are permitted to use the SIMD registers. The context switch code preserves/restores neither, and so EFI calls must be made with preemption disabled, rather than only disabling migration.] Bug: 254441685 Fixes: ff7a167961d1 ("arm64: efi: Execute runtime services from a dedicated stack") Signed-off-by: Pierre Gondois <pierre.gondois@arm.com> Cc: <stable@vger.kernel.org> # v6.1+ Signed-off-by: Ard Biesheuvel <ardb@kernel.org> (cherry picked from commit 0e68b5517d3767562889f1d83fdb828c26adb24f) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: Ica7d8304ae5f4df7486821ee618f8e1455429128 |
||
|
Greg Kroah-Hartman
|
4f5e88e555 |
Merge 4.19.298 into android-4.19-stable
Changes in 4.19.298 mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume mmc: core: sdio: hold retuning if sdio in 1-bit mode selftests/ftrace: Add new test case which checks non unique symbol mcb: Return actual parsed size when reading chameleon table mcb-lpc: Reallocate memory region to avoid memory overlapping virtio_balloon: Fix endless deflation and inflation on arm64 virtio-mmio: fix memory leak of vm_dev r8169: rename r8169.c to r8169_main.c r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 treewide: Spelling fix in comment igb: Fix potential memory leak in igb_add_ethtool_nfc_entry gtp: fix fragmentation needed check with gso i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: stm32f7: Fix PEC handling in case of SMBUS transfers nvmem: imx: correct nregs for i.MX6SLL nvmem: imx: correct nregs for i.MX6UL perf/core: Fix potential NULL deref iio: exynos-adc: request second interupt only when touchscreen mode is used x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility NFS: Don't call generic_error_remove_page() while holding locks ARM: 8933/1: replace Sun/Solaris style flag on section directive drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() arm64: fix a concurrency issue in emulation_proc_handler() kobject: Fix slab-out-of-bounds in fill_kobj_path() smbdirect: missing rc checks while waiting for rdma events f2fs: fix to do sanity check on inode type during garbage collection nfsd: lock_rename() needs both directories to live on the same fs x86/mm: Simplify RESERVE_BRK() x86/mm: Fix RESERVE_BRK() for older binutils driver: platform: Add helper for safer setting of driver_override rpmsg: Constify local variable in field store macro rpmsg: Fix kfree() of static memory on setting driver_override rpmsg: Fix calling device_lock() on non-initialized device rpmsg: glink: Release driver_override rpmsg: Fix possible refcount leak in rpmsg_register_device_override() x86: Fix .brk attribute in linker script MAINTAINERS: r8169: Update path to the driver ASoC: simple-card: fixup asoc_simple_probe() error handling Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table irqchip/stm32-exti: add missing DT IRQ flag translation dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport fbdev: atyfb: only use ioremap_uc() on i386 and ia64 netfilter: nfnetlink_log: silence bogus compiler warning ASoC: rt5650: fix the wrong result of key button fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() scsi: mpt3sas: Fix in error path platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e net: chelsio: cxgb4: add an error code check in t4_load_phy_fw ata: ahci: fix enum constants for gcc-13 remove the sx8 block driver PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility tty: 8250: Remove UC-257 and UC-431 tty: 8250: Add support for additional Brainboxes UC cards tty: 8250: Add support for Brainboxes UP cards tty: 8250: Add support for Intashield IS-100 Linux 4.19.298 Change-Id: Ifb32a27a5d614f8234d0fb282c57304fdd2ce5de Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jinjie Ruan
|
12b194b45b |
arm64: fix a concurrency issue in emulation_proc_handler()
In linux-6.1, the related code is refactored in commit 124c49b1b5d9
("arm64: armv8_deprecated: rework deprected instruction handling") and this
issue was incidentally fixed. I have adapted the patch set to linux stable
5.10. However, 4.19 and 5.10 are too different and the patch set is
hard to adapt to 4.19.
This patch is to solve the problem of repeated addition of linked lists
described below with few changes.
How to reproduce:
CONFIG_ARMV8_DEPRECATED=y, CONFIG_SWP_EMULATION=y, and CONFIG_DEBUG_LIST=y,
then launch two shell executions:
#!/bin/bash
while [ 1 ];
do
echo 1 > /proc/sys/abi/swp
done
or "echo 1 > /proc/sys/abi/swp" and then aunch two shell executions:
#!/bin/bash
while [ 1 ];
do
echo 0 > /proc/sys/abi/swp
done
In emulation_proc_handler(), read and write operations are performed on
insn->current_mode. In the concurrency scenario, mutex only protects
writing insn->current_mode, and not protects the read. Suppose there are
two concurrent tasks, task1 updates insn->current_mode to INSN_EMULATE
in the critical section, the prev_mode of task2 is still the old data
INSN_UNDEF of insn->current_mode. As a result, two tasks call
update_insn_emulation_mode twice with prev_mode = INSN_UNDEF and
current_mode = INSN_EMULATE, then call register_emulation_hooks twice,
resulting in a list_add double problem.
After applying this patch, the following list add or list del double
warnings never occur.
Call trace:
__list_add_valid+0xd8/0xe4
register_undef_hook+0x94/0x13c
update_insn_emulation_mode+0xd0/0x12c
emulation_proc_handler+0xd8/0xf4
proc_sys_call_handler+0x140/0x250
proc_sys_write+0x1c/0x2c
new_sync_write+0xec/0x18c
vfs_write+0x214/0x2ac
ksys_write+0x70/0xfc
__arm64_sys_write+0x24/0x30
el0_svc_common.constprop.0+0x7c/0x1bc
do_el0_svc+0x2c/0x94
el0_svc+0x20/0x30
el0_sync_handler+0xb0/0xb4
el0_sync+0x160/0x180
Call trace:
__list_del_entry_valid+0xac/0x110
unregister_undef_hook+0x34/0x80
update_insn_emulation_mode+0xf0/0x180
emulation_proc_handler+0x8c/0xd8
proc_sys_call_handler+0x1d8/0x208
proc_sys_write+0x14/0x20
new_sync_write+0xf0/0x190
vfs_write+0x304/0x388
ksys_write+0x6c/0x100
__arm64_sys_write+0x1c/0x28
el0_svc_common.constprop.4+0x68/0x188
do_el0_svc+0x24/0xa0
el0_svc+0x14/0x20
el0_sync_handler+0x90/0xb8
el0_sync+0x160/0x180
Fixes: af483947d472 ("arm64: fix oops in concurrently setting insn_emulation sysctls")
Cc: stable@vger.kernel.org#4.19.x
Cc: gregkh@linuxfoundation.org
Signed-off-by: Jinjie Ruan <ruanjinjie@huawei.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Wilson Sung
|
e3167a4609 |
Merge android-4.19-stable (4.19.294) into android-msm-pixel-4.19-lts
Merge 4.19.294 into android-4.19-stable
Linux 4.19.294
Revert "ARM: ep93xx: fix missing-prototype warnings"
Revert "MIPS: Alchemy: fix dbdma2"
Merge 4.19.293 into android-4.19-stable
Linux 4.19.293
dma-buf/sw_sync: Avoid recursive lock during fence signal
* clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
include/linux/clk.h
* scsi: core: raid_class: Remove raid_component_add()
include/linux/raid_class.h
scsi: snic: Fix double free in snic_tgt_create()
irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
* rtnetlink: Reject negative ifindexes in RTM_NEWLINK
net/core/rtnetlink.c
* netfilter: nf_queue: fix socket leak
net/netfilter/nf_queue.c
* sched/rt: pick_next_rt_entity(): check list_entry
kernel/sched/rt.c
* mmc: block: Fix in_flight[issue_type] value error
drivers/mmc/core/block.c
x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus
media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
* lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
lib/clz_ctz.c
batman-adv: Fix batadv_v_ogm_aggr_send memory leak
batman-adv: Fix TT global entry leak when client roamed back
batman-adv: Do not get eth header before batadv_check_management_packet
batman-adv: Don't increase MTU when set by user
batman-adv: Trigger events for auto adjusted MTU
nfsd: Fix race to FREE_STATEID and cl_revoked
ibmveth: Use dcbf rather than dcbfl
ipvs: fix racy memcpy in proc_do_sync_threshold
ipvs: Improve robustness to the ipvs sysctl
* bonding: fix macvlan over alb bond support
drivers/net/bonding/bond_alb.c
include/net/bonding.h
* net: remove bond_slave_has_mac_rcu()
include/net/bonding.h
* net/sched: fix a qdisc modification with ambiguous command request
net/sched/sch_api.c
igb: Avoid starting unnecessary workqueues
dccp: annotate data-races in dccp_poll()
* sock: annotate data-races around prot->memory_pressure
include/net/sock.h
net/sctp/socket.c
* tracing: Fix memleak due to race between current_tracer and trace
kernel/trace/trace.c
drm/amd/display: check TG is non-null before checking if enabled
drm/amd/display: do not wait for mpc idle if tg is disabled
* regmap: Account for register length in SMBus I/O limits
drivers/base/regmap/regmap-i2c.c
dm integrity: reduce vmalloc space footprint on 32-bit architectures
dm integrity: increase RECALC_SECTORS to improve recalculate speed
powerpc: Fail build if using recordmcount with binutils v2.37
powerpc: remove leftover code of old GCC version checks
powerpc/32: add stack protector support
fbdev: fix potential OOB read in fast_imageblit()
fbdev: Fix sys_imageblit() for arbitrary image widths
fbdev: Improve performance of sys_imageblit()
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
MIPS: cpu-features: Enable octeon_cache by cpu_type
fs: dlm: fix mismatch of plock results from userspace
fs: dlm: use dlm_plock_info for do_unlock_close
fs: dlm: change plock interrupted message to debug again
fs: dlm: add pid to debug log
dlm: replace usage of found with dedicated list iterator variable
dlm: improve plock logging if interrupted
PCI: acpiphp: Reassign resources on bridge if necessary
net: phy: broadcom: stub c45 read/write for 54810
* net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
net/xfrm/xfrm_user.c
* net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled
net/ipv4/tcp_timer.c
virtio-net: set queues after driver_ok
* af_unix: Fix null-ptr-deref in unix_stream_sendpage().
net/unix/af_unix.c
* netfilter: set default timeout to 3 secs for sctp shutdown send and recv state
net/netfilter/nf_conntrack_proto_sctp.c
test_firmware: prevent race conditions by a correct implementation of locking
mmc: wbsd: fix double mmc_free_host() in wbsd_init()
cifs: Release folio lock on fscache read hit.
* ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces.
sound/usb/quirks-table.h
serial: 8250: Fix oops for port->pm on uart_change_pm()
ASoC: meson: axg-tdm-formatter: fix channel slot allocation
ASoC: rt5665: add missed regulator_bulk_disable
* net: do not allow gso_size to be set to GSO_BY_FRAGS
include/linux/virtio_net.h
* sock: Fix misuse of sk_under_memory_pressure()
include/net/sock.h
net/core/sock.c
i40e: fix misleading debug logs
team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
netfilter: nft_dynset: disallow object maps
selftests: mirror_gre_changes: Tighten up the TTL test match
* xfrm: add NULL check in xfrm_update_ae_params
net/xfrm/xfrm_user.c
* ip_vti: fix potential slab-use-after-free in decode_session6
net/ipv4/ip_vti.c
* ip6_vti: fix slab-use-after-free in decode_session6
net/ipv6/ip6_vti.c
* xfrm: fix slab-use-after-free in decode_session6
net/xfrm/xfrm_interface_core.c
* xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
net/xfrm/Makefile
* net: af_key: fix sadb_x_filter validation
net/key/af_key.c
* net: xfrm: Fix xfrm_address_filter OOB read
net/xfrm/xfrm_user.c
btrfs: fix BUG_ON condition in btrfs_cancel_balance
powerpc/rtas_flash: allow user copy to flash block cache objects
fbdev: mmp: fix value check in mmphw_probe()
virtio-mmio: don't break lifecycle of vm_dev
virtio-mmio: Use to_virtio_mmio_device() to simply code
virtio-mmio: convert to devm_platform_ioremap_resource
nfsd: Remove incorrect check in nfsd4_validate_stateid
nfsd4: kill warnings on testing stateids with mismatched clientids
block: fix signed int overflow in Amiga partition support
mmc: sunxi: fix deferred probing
mmc: bcm2835: fix deferred probing
* mmc: Remove dev_err() usage after platform_get_irq()
drivers/mmc/host/sdhci-msm.c
mmc: tmio: move tmio_mmc_set_clock() to platform hook
mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock()
mmc: meson-gx: remove redundant mmc_request_done() call from irq context
mmc: meson-gx: remove useless lock
* USB: dwc3: qcom: fix NULL-deref on suspend
drivers/usb/dwc3/dwc3-qcom.c
* usb: dwc3: qcom: Add helper functions to enable,disable wake irqs
drivers/usb/dwc3/dwc3-qcom.c
irqchip/mips-gic: Use raw spinlock for gic_lock
irqchip/mips-gic: Get rid of the reliance on irq_cpu_online()
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
powerpc/64s/radix: Fix soft dirty tracking
powerpc: Move page table dump files in a dedicated subdirectory
powerpc/mm: dump block address translation on book3s/32
powerpc/mm: dump segment registers on book3s/32
powerpc/mm: Move pgtable_t into platform headers
powerpc/mm: move platform specific mmu-xxx.h in platform directories
iio: addac: stx104: Fix race condition when converting analog-to-digital
iio: addac: stx104: Fix race condition for stx104_write_raw()
iio: adc: stx104: Implement and utilize register structures
iio: adc: stx104: Utilize iomap interface
* iio: add addac subdirectory
drivers/iio/Kconfig
drivers/iio/Makefile
drivers/iio/addac/Kconfig
drivers/iio/addac/Makefile
* IMA: allow/fix UML builds
security/integrity/ima/Kconfig
drm/amdgpu: Fix potential fence use-after-free v2
* Bluetooth: L2CAP: Fix use-after-free
net/bluetooth/l2cap_core.c
pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
gfs2: Fix possible data races in gfs2_show_options()
media: platform: mediatek: vpu: fix NULL ptr dereference
* media: v4l2-mem2mem: add lock to protect parameter num_rdy
include/media/v4l2-mem2mem.h
FS: JFS: Check for read-only mounted filesystem in txBegin
FS: JFS: Fix null-ptr-deref Read in txBegin
MIPS: dec: prom: Address -Warray-bounds warning
fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
udf: Fix uninitialized array access for some pathnames
* HID: add quirk for 03f0:464a HP Elite Presenter Mouse
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
* quota: fix warning in dqgrab()
fs/quota/dquot.c
* quota: Properly disable quotas when add_dquot_ref() fails
fs/quota/dquot.c
ALSA: emu10k1: roll up loops in DSP setup code for Audigy
drm/radeon: Fix integer overflow in radeon_cs_parser_init
selftests: forwarding: tc_flower: Relax success criterion
* lib/mpi: Eliminate unused umul_ppmm definitions for MIPS
lib/mpi/longlong.h
Merge 4.19.292 into android-4.19-stable
* Revert "posix-timers: Ensure timer ID search-loop limit is valid"
include/linux/sched/signal.h
kernel/time/posix-timers.c
Merge 4.19.291 into android-4.19-stable
Merge 4.19.290 into android-4.19-stable
UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer
* UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net/bluetooth/l2cap_sock.c
UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
* UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched/cls_u32.c
Linux 4.19.292
* sch_netem: fix issues in netem_change() vs get_dist_table()
net/sched/sch_netem.c
alpha: remove __init annotation from exported page_is_ram()
scsi: core: Fix possible memory leak if device_add() fails
scsi: snic: Fix possible memory leak if device_add() fails
scsi: 53c700: Check that command slot is not NULL
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
* scsi: core: Fix legacy /proc parsing buffer overflow
drivers/scsi/scsi_proc.c
* netfilter: nf_tables: report use refcount overflow
include/net/netfilter/nf_tables.h
* netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush
include/net/netfilter/nf_tables.h
btrfs: don't stop integrity writeback too early
ibmvnic: Handle DMA unmapping of login buffs in release functions
* wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
include/net/cfg80211.h
IB/hfi1: Fix possible panic during hotplug remove
* drivers: net: prevent tun_build_skb() to exceed the packet size limit
drivers/net/tun.c
dccp: fix data-race around dp->dccps_mss_cache
* bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
drivers/net/bonding/bond_main.c
* net/packet: annotate data-races around tp->status
net/packet/af_packet.c
mISDN: Update parameter type of dsp_cmx_send()
drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
x86: Move gds_ucode_mitigated() declaration to header
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
* usb: dwc3: Properly handle processing of pending events
drivers/usb/dwc3/gadget.c
usb-storage: alauda: Fix uninit-value in alauda_check_media()
* binder: fix memory leak in binder_init()
drivers/android/binder.c
drivers/android/binder_alloc.c
drivers/android/binder_alloc.h
iio: cros_ec: Fix the allocation size for cros_ec_command
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
radix tree test suite: fix incorrect allocation size for pthreads
drm/nouveau/gr: enable memory loads on helper invocation on all channels
dmaengine: pl330: Return DMA_PAUSED when transaction is paused
* ipv6: adjust ndisc_is_useropt() to also return true for PIO
net/ipv6/ndisc.c
mmc: moxart: read scr register without changing byte order
sparc: fix up arch_cpu_finalize_init() build breakage.
* UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched/cls_fw.c
Linux 4.19.291
* drm/edid: fix objtool warning in drm_cvt_modes()
drivers/gpu/drm/drm_edid.c
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
* drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
drivers/base/arch_topology.c
drivers/base/cacheinfo.c
drivers/base/core.c
drivers/base/cpu.c
drivers/base/firmware_loader/fallback.c
drivers/base/platform.c
drivers/base/power/sysfs.c
drivers/base/soc.c
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
ARM: dts: imx6sll: fixup of operating points
ARM: dts: imx: add usb alias
ARM: dts: imx6sll: Make ssi node name same as other platforms
* PM: sleep: wakeirq: fix wake irq arming
drivers/base/power/power.h
drivers/base/power/wakeirq.c
* PM / wakeirq: support enabling wake-up irq after runtime_suspend called
drivers/base/power/power.h
drivers/base/power/runtime.c
drivers/base/power/wakeirq.c
include/linux/pm_wakeirq.h
powerpc/mm/altmap: Fix altmap boundary check
mtd: rawnand: omap_elm: Fix incorrect type in assignment
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
test_firmware: fix a memory leak with reqs buffer
ext2: Drop fragment support
* net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
drivers/net/usb/usbnet.c
* Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net/bluetooth/l2cap_sock.c
fs/sysv: Null check to prevent null-ptr-deref bug
* USB: zaurus: Add ID for A-300/B-500/C-700
drivers/net/usb/cdc_ether.c
drivers/net/usb/zaurus.c
libceph: fix potential hang in ceph_osdc_notify()
scsi: zfcp: Defer fc_rport blocking until after ADISC response
* tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_net
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_vals[]
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_lock
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_stamp
net/ipv4/tcp_metrics.c
* tcp_metrics: fix addr_same() helper
net/ipv4/tcp_metrics.c
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
* net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched/cls_u32.c
* net: add missing data-race annotation for sk_ll_usec
net/core/sock.c
* net: add missing data-race annotations around sk->sk_peek_off
net/core/sock.c
net/unix/af_unix.c
* net: sched: cls_u32: Fix match key mis-addressing
net/sched/cls_u32.c
perf test uprobe_from_different_cu: Skip if there is no gcc
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
KVM: s390: fix sthyi error handling
* word-at-a-time: use the same return type for has_zero regardless of endianness
include/asm-generic/word-at-a-time.h
* loop: Select I/O scheduler 'none' from inside add_disk()
drivers/block/loop.c
* perf: Fix function pointer case
kernel/events/core.c
* net/sched: cls_u32: Fix reference counter leak leading to overflow
net/sched/cls_u32.c
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
* net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched/cls_fw.c
drm/client: Fix memory leak in drm_client_target_cloned
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
s390/dasd: fix hanging device after quiesce/resume
virtio-net: fix race between set queues and probe
serial: 8250_dw: Preserve original value of DLF register
* serial: 8250_dw: split Synopsys DesignWare 8250 common functions
drivers/tty/serial/8250/Kconfig
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
tpm_tis: Explicitly check for error code
btrfs: check for commit error at btrfs_attach_transaction_barrier()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
Documentation: security-bugs.rst: clarify CVE handling
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
usb: xhci-mtk: set the dma max_seg_size
* USB: quirks: add quirk for Focusrite Scarlett
drivers/usb/core/quirks.c
usb: ohci-at91: Fix the unhandle interrupt when resume
* usb: dwc3: don't reset device side if dwc3 was configured as host-only
drivers/usb/dwc3/core.c
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
* Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
drivers/usb/dwc3/core.c
drivers/usb/dwc3/core.h
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
USB: serial: simple: sort driver entries
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: option: add Quectel EC200A module support
USB: serial: option: support Quectel EM060K_128
* tracing: Fix warning in trace_buffered_event_disable()
kernel/trace/trace_events.c
* ring-buffer: Fix wrong stat of cpu_buffer->read
kernel/trace/ring_buffer.c
ata: pata_ns87415: mark ns87560_tf_read static
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
* block: Fix a source code comment in include/uapi/linux/blkzoned.h
include/uapi/linux/blkzoned.h
ASoC: fsl_spdif: Silence output on stop
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
RDMA/mlx4: Make check for invalid flags stricter
benet: fix return value check in be_lancer_xmit_workarounds()
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
net/sched: mqprio: add extack to mqprio_parse_nlattr()
net/sched: mqprio: refactor nlattr parsing to a separate function
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
team: reset team's flags when down link is P2P device
* bonding: reset bond's flags when down link is P2P device
drivers/net/bonding/bond_main.c
* tcp: Reduce chance of collisions in inet6_hashfn().
include/net/ipv6.h
* ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
net/ipv6/addrconf.c
ethernet: atheros: fix return value check in atl1e_tso_csum()
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
* ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
fs/ext4/ioctl.c
scsi: qla2xxx: Array index may go out of bound
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
ftrace: Store the order of pages allocated in ftrace_page
ftrace: Check if pages were allocated before calling free_pages()
* ftrace: Add information on number of page groups allocated
kernel/trace/trace.c
kernel/trace/trace.h
fs: dlm: interrupt posix locks only when process is killed
dlm: rearrange async condition return
dlm: cleanup plock_op vs plock_xop
PCI/ASPM: Avoid link retraining race
PCI/ASPM: Factor out pcie_wait_for_retrain()
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
PCI: Rework pcie_retrain_link() wait loop
* ext4: Fix reusing stale buffer heads from last failed mounting
fs/ext4/super.c
* ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
fs/ext4/ext4.h
fs/ext4/fsmap.c
fs/ext4/super.c
btrfs: fix extent buffer leak after tree mod log failure at split_node()
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
bcache: remove 'int n' from parameter list of bch_bucket_alloc_set()
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
* tcp: annotate data-races around fastopenq.max_qlen
include/linux/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_fastopen.c
* tcp: annotate data-races around tp->notsent_lowat
include/net/tcp.h
net/ipv4/tcp.c
* tcp: annotate data-races around rskq_defer_accept
net/ipv4/tcp.c
* tcp: annotate data-races around tp->linger2
net/ipv4/tcp.c
* net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
include/net/tcp.h
net/ipv4/tcp.c
netfilter: nf_tables: can't schedule in nft_chain_validate
netfilter: nf_tables: fix spurious set element insertion failure
* llc: Don't drop packet from non-root netns.
net/llc/llc_input.c
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
* Revert "tcp: avoid the lookup process failing to get sk in ehash table"
net/ipv4/inet_hashtables.c
net/ipv4/inet_timewait_sock.c
net:ipv6: check return value of pskb_trim()
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
pinctrl: amd: Use amd_pinconf_set() for all config options
fbdev: imxfb: warn about invalid left/right margin
spi: bcm63xx: fix max prepend length
igb: Fix igb_down hung on surprise removal
wifi: iwlwifi: mvm: avoid baid size integer overflow
* wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
net/wireless/wext-core.c
* bpf: Address KCSAN report on bpf_lru_list
kernel/bpf/bpf_lru_list.c
kernel/bpf/bpf_lru_list.h
* sched/fair: Don't balance task to its current running CPU
kernel/sched/fair.c
* posix-timers: Ensure timer ID search-loop limit is valid
include/linux/sched/signal.h
kernel/time/posix-timers.c
md/raid10: prevent soft lockup while flush writes
md: fix data corruption for raid456 when reshape restart while grow up
nbd: Add the maximum limit of allocated index in nbd_dev_add
debugobjects: Recheck debug_objects_enabled before reporting
* ext4: correct inline offset when handling xattrs in inode body
fs/ext4/xattr.c
can: bcm: Fix UAF in bcm_proc_show()
* fuse: revalidate: don't invalidate if interrupted
fs/fuse/dir.c
perf probe: Add test for regression introduced by switch to die_get_decl_file()
tracing/histograms: Add histograms to hist_vars if they have referenced variables
* drm/atomic: Fix potential use-after-free in nonblocking commits
drivers/gpu/drm/drm_atomic.c
scsi: qla2xxx: Pointer may be dereferenced
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Wait for io return on terminate rport
xtensa: ISS: fix call to split_if_spec
* ring-buffer: Fix deadloop issue on reading trace_pipe
kernel/trace/ring_buffer.c
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
* Revert "8250: add support for ASIX devices with a FIFO bug"
include/linux/serial_8250.h
meson saradc: fix clock divider mask length
ceph: don't let check_caps skip sending responses for revoke msgs
hwrng: imx-rngc - fix the timeout for init and self check
serial: atmel: don't enable IRQs prematurely
fs: dlm: return positive pid value for F_GETLK
md/raid0: add discard support for the 'original' layout
misc: pci_endpoint_test: Re-init completion for every test
misc: pci_endpoint_test: Free IRQs before removing the device
PCI: rockchip: Use u32 variable to access 32-bit registers
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
PCI: rockchip: Write PCI Device ID to correct register
PCI: rockchip: Assert PCI Configuration Enable bit after probe
PCI: qcom: Disable write access to read only registers for IP v2.3.3
* PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
drivers/pci/quirks.c
* PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
drivers/pci/pci.c
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
* ext4: only update i_reserved_data_blocks on successful block allocation
fs/ext4/indirect.c
fs/ext4/inode.c
* ext4: fix wrong unit use in ext4_mb_clear_bb
fs/ext4/mballoc.c
perf intel-pt: Fix CYC timestamps after standalone CBR
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
pinctrl: amd: Only use special debounce behavior for GPIO 0
pinctrl: amd: Detect internal GPIO0 debounce handling
pinctrl: amd: Fix mistake in handling clearing pins at startup
* net/sched: make psched_mtu() RTNL-less safe
include/net/pkt_sched.h
wifi: airo: avoid uninitialized warning in airo_get_rate()
* ipv6/addrconf: fix a potential refcount underflow for idev
net/ipv6/addrconf.c
NTB: ntb_tool: Add check for devm_kcalloc
NTB: ntb_transport: fix possible memory leak while device_register() fails
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: idt: Fix error handling in idt_pci_driver_init()
* udp6: fix udp6_ehashfn() typo
net/ipv6/udp.c
* icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
net/ipv6/icmp.c
* vrf: Increment Icmp6InMsgs on the original netdev
include/net/addrconf.h
net/ipv6/icmp.c
net/ipv6/reassembly.c
net: mvneta: fix txq_map in case of txq_number==1
* workqueue: clean up WORK_* constant types, clarify masking
include/linux/workqueue.h
kernel/workqueue.c
net: lan743x: Don't sleep in atomic context
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
* netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
net/netfilter/nf_conntrack_helper.c
netfilter: nf_tables: fix scheduling-while-atomic splat
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
* netfilter: nf_tables: reject unbound anonymous set before commit phase
include/net/netfilter/nf_tables.h
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
include/net/netfilter/nf_tables.h
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
* netfilter: nf_tables: use net_generic infra for transaction data
include/net/netfilter/nf_tables.h
include/net/netns/nftables.h
* netfilter: add helper function to set up the nfnetlink header and use it
include/linux/netfilter/nfnetlink.h
net/netfilter/nf_conntrack_netlink.c
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_queue.c
netfilter: nftables: add helper function to set the base sequence number
netfilter: nf_tables: add rescheduling points during loop detection walks
netfilter: nf_tables: fix nat hook table deletion
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
spi: spi-fsl-spi: relax message sanity checking a little
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
ARM: orion5x: fix d2net gpio initialization
btrfs: fix race when deleting quota root from the dirty cow roots list
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
* integrity: Fix possible multiple allocation in integrity_inode_get()
security/integrity/iint.c
bcache: Remove unnecessary NULL point check in node allocations
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
mmc: core: disable TRIM on Kingston EMMC04G-M627
NFSD: add encoding of op_recall flag for write delegation
* ALSA: jack: Fix mutex call in snd_jack_report()
sound/core/jack.c
i2c: xiic: Don't try to handle more interrupt events after error
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
sh: dma: Fix DMA channel offset calculation
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
* tcp: annotate data races in __tcp_oow_rate_limited()
net/ipv4/tcp_input.c
* net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
net/bridge/br_if.c
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
* f2fs: fix error path handling in truncate_dnode()
fs/f2fs/node.c
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
* sctp: fix potential deadlock on &net->sctp.addr_wq_lock
net/sctp/socket.c
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
mfd: stmpe: Only disable the regulators if they are enabled
mfd: intel-lpss: Add missing check for platform_get_resource
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
mfd: rt5033: Drop rt5033-battery sub-device
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
* extcon: Fix kernel doc of property capability fields to avoid warnings
drivers/extcon/extcon.c
* extcon: Fix kernel doc of property fields to avoid warnings
drivers/extcon/extcon.c
media: usb: siano: Fix warning due to null work_func_t function pointer
* media: videodev2.h: Fix struct v4l2_input tuner index comment
include/uapi/linux/videodev2.h
media: usb: Check az6007_read() return value
sh: j2: Use ioremap() to translate device tree address into kernel memory
w1: fix loop in w1_fini()
* block: change all __u32 annotations to __be32 in affs_hardblocks.h
include/uapi/linux/affs_hardblocks.h
USB: serial: option: add LARA-R6 01B PIDs
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
ARCv2: entry: rewrite to enable use of double load/stores LDD/STD
ARCv2: entry: avoid a branch
ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE
ARCv2: entry: comments about hardware auto-save on taken interrupts
* modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
scripts/mod/modpost.c
* modpost: fix section mismatch message for R_ARM_ABS32
scripts/mod/modpost.c
crypto: nx - fix build warnings when DEBUG_FS is not enabled
hwrng: virtio - Fix race on data_avail and actual data
hwrng: virtio - always add a pending request
hwrng: virtio - don't waste entropy
hwrng: virtio - don't wait on cleanup
hwrng: virtio - add an internal buffer
pinctrl: at91-pio4: check return value of devm_kasprintf()
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: cherryview: Return correct value if pin in push-pull mode
* PCI: Add pci_clear_master() stub for non-CONFIG_PCI
include/linux/pci.h
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
drm/radeon: fix possible division-by-zero errors
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
* soc/fsl/qe: fix usb.c build errors
drivers/soc/fsl/qe/Kconfig
ASoC: es8316: Increment max value for ALC Capture Target Volume control
ARM: ep93xx: fix missing-prototype warnings
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
Input: adxl34x - do not hardcode interrupt trigger type
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: drv260x - sleep between polling GO bit
radeon: avoid double free in ci_dpm_init()
* netlink: Add __sock_i_ino() for __netlink_diag_dump().
include/net/sock.h
net/core/sock.c
ipvlan: Fix return value of ipvlan_queue_xmit()
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
* lib/ts_bm: reset initial match offset for every block of text
lib/ts_bm.c
gtp: Fix use-after-free in __gtp_encap_destroy().
* netlink: do not hard code device address lenth in fdb dumps
net/core/rtnetlink.c
* netlink: fix potential deadlock in netlink_set_err()
net/netlink/af_netlink.c
wifi: ath9k: convert msecs to jiffies where needed
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
memstick r592: make memstick_debug_get_tpc_name() static
kexec: fix a memory leak in crash_shrink_memory()
watchdog/perf: more properly prevent false positives with turbo modes
* watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
include/linux/nmi.h
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ray_cs: Drop useless status variable in parse_addr()
wifi: ray_cs: Utilize strnlen() in parse_addr()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wl3501_cs: use eth_hw_addr_set()
* net: create netdev->dev_addr assignment helpers
include/linux/etherdevice.h
include/linux/netdevice.h
wl3501_cs: Fix misspelling and provide missing documentation
wl3501_cs: Remove unnecessary NULL check
wl3501_cs: Fix a bunch of formatting issues related to function docs
wifi: atmel: Fix an error handling path in atmel_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
* nfc: constify several pointers to u8, char and sk_buff
include/net/nfc/nfc.h
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
samples/bpf: Fix buffer overflow in tcp_basertt
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
evm: Complete description of evm_inode_setattr()
ARM: 9303/1: kprobes: avoid missing-declaration warnings
* PM: domains: fix integer overflow issues in genpd_parse_state()
drivers/base/power/domain.c
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
* clocksource/drivers: Unify the names to timer-* format
drivers/clocksource/Makefile
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
md/raid10: fix io loss while replacement replace rdev
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
* treewide: Remove uninitialized_var() usage
drivers/clk/clk-gate.c
drivers/gpu/drm/drm_edid.c
drivers/md/dm-io.c
drivers/md/dm-ioctl.c
drivers/md/dm-snap-persistent.c
drivers/md/dm-table.c
fs/fat/dir.c
fs/fuse/control.c
fs/fuse/file.c
fs/overlayfs/copy_up.c
kernel/async.c
kernel/audit.c
kernel/events/core.c
kernel/events/uprobes.c
kernel/exit.c
kernel/futex.c
kernel/trace/ring_buffer.c
lib/radix-tree.c
mm/memcontrol.c
mm/percpu.c
mm/slub.c
mm/swap.c
net/ipv4/netfilter/nf_socket_ipv4.c
net/ipv6/ip6_flowlabel.c
net/ipv6/netfilter/nf_socket_ipv6.c
net/netfilter/nf_conntrack_ftp.c
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_queue.c
net/sched/cls_flow.c
sound/core/control_compat.c
sound/usb/endpoint.c
drm/amdgpu: Validate VM ioctl flags.
scripts/tags.sh: Resolve gtags empty index generation
* drm/edid: Fix uninitialized variable in drm_cvt_modes()
drivers/gpu/drm/drm_edid.c
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
video: imsttfb: check for ioremap() failures
x86/smp: Use dedicated cache-line for mwait_play_dead()
gfs2: Don't deref jdesc in evict
Linux 4.19.290
x86: fix backwards merge of GDS/SRSO bit
xen/netback: Fix buffer overrun triggered by unusual packet
Documentation/x86: Fix backwards on/off logic about YMM support
x86/xen: Fix secondary processors' FPU initialization
KVM: Add GDS_NO support to KVM
x86/speculation: Add Kconfig option for GDS
x86/speculation: Add force option to GDS mitigation
* x86/speculation: Add Gather Data Sampling mitigation
drivers/base/cpu.c
x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
x86/fpu: Mark init functions __init
x86/fpu: Remove cpuinfo argument from init functions
* init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
init/main.c
* init: Invoke arch_cpu_finalize_init() earlier
init/main.c
* init: Remove check_bugs() leftovers
init/main.c
um/cpu: Switch to arch_cpu_finalize_init()
sparc/cpu: Switch to arch_cpu_finalize_init()
sh/cpu: Switch to arch_cpu_finalize_init()
mips/cpu: Switch to arch_cpu_finalize_init()
m68k/cpu: Switch to arch_cpu_finalize_init()
ia64/cpu: Switch to arch_cpu_finalize_init()
ARM: cpu: Switch to arch_cpu_finalize_init()
x86/cpu: Switch to arch_cpu_finalize_init()
* init: Provide arch_cpu_finalize_init()
arch/Kconfig
include/linux/cpu.h
init/main.c
Merge 4.19.289 into android-4.19-stable
Linux 4.19.289
x86/cpu/amd: Add a Zenbleed fix
x86/cpu/amd: Move the errata checking functionality up
x86/microcode/AMD: Load late on both threads too
Merge 4.19.288 into android-4.19-stable
Linux 4.19.288
i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
drm/exynos: vidi: fix a wrong error return
ASoC: nau8824: Add quirk to active-high jack-detect
s390/cio: unregister device when the only path is gone
usb: gadget: udc: fix NULL dereference in remove()
nfcsim.c: Fix error checking for debugfs_create_dir
media: cec: core: don't set last_initiator if tx in progress
* arm64: Add missing Set/Way CMO encodings
arch/arm64/include/asm/sysreg.h
* HID: wacom: Add error check to wacom_parse_and_register()
drivers/hid/wacom_sys.c
scsi: target: iscsi: Prevent login threads from racing between each other
* sch_netem: acquire qdisc lock in netem_change()
net/sched/sch_netem.c
netfilter: nfnetlink_osf: fix module autoload
netfilter: nf_tables: disallow element updates of bound anonymous sets
be2net: Extend xmit workaround to BE3 chip
mmc: usdhi60rol0: fix deferred probing
mmc: sdhci-acpi: fix deferred probing
mmc: omap_hsmmc: fix deferred probing
mmc: omap: fix deferred probing
mmc: mvsdio: fix deferred probing
mmc: mvsdio: convert to devm_platform_ioremap_resource
mmc: mtk-sd: fix deferred probing
net: qca_spi: Avoid high load if QCA7000 is not available
xfrm: Linearize the skb after offloading if needed.
ieee802154: hwsim: Fix possible memory leaks
* rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
include/linux/rcupdate.h
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
* cgroup: Do not corrupt task iteration when rebinding subsystem
kernel/cgroup/cgroup.c
PCI: hv: Fix a race condition bug in hv_pci_query_relations()
Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
nilfs2: fix buffer corruption due to concurrent device reads
ipmi: move message error checking to avoid deadlock
* ipmi: Make the smi watcher be disabled immediately when not needed
include/linux/ipmi_smi.h
x86/purgatory: remove PGO flags
nilfs2: reject devices with insufficient block count
serial: lantiq: add missing interrupt ack
serial: lantiq: Do not swap register read/writes
serial: lantiq: Use readl/writel instead of ltq_r32/ltq_w32
serial: lantiq: Change ltq_w32_mask to asc_update_bits
Merge 4.19.287 into android-4.19-stable
Linux 4.19.287
* mmc: block: ensure error propagation for non-blk
drivers/mmc/core/block.c
powerpc: Fix defconfig choice logic when cross compiling
drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth
* neighbour: delete neigh_lookup_nodev as not used
include/net/neighbour.h
net/core/neighbour.c
* net: Remove unused inline function dst_hold_and_use()
include/net/dst.h
* neighbour: Remove unused inline function neigh_key_eq16()
include/net/neighbour.h
selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
* net: tipc: resize nlattr array to correct size
net/tipc/bearer.c
net: lapbether: only support ethernet devices
drm/nouveau: add nv_encoder pointer check for NULL
drm/nouveau/kms: Don't change EDID when it hasn't actually changed
drm/nouveau/dp: check for NULL nv_connector->native_mode
igb: fix nvm.ops.read() error handling
* sctp: fix an error code in sctp_sf_eat_auth()
net/sctp/sm_statefuns.c
IB/isert: Fix incorrect release of isert connection
IB/isert: Fix possible list corruption in CMA handler
IB/isert: Fix dead lock in ib_isert
IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
RDMA/rxe: Fix the use-before-initialization error of resp_pkts
RDMA/rxe: Removed unused name from rxe_task struct
RDMA/rxe: Remove the unused variable obj
* ping6: Fix send to link-local addresses with VRF.
net/ipv6/ping.c
* netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
net/netfilter/nfnetlink.c
* usb: gadget: f_ncm: Fix NTP-32 support
drivers/usb/gadget/function/f_ncm.c
* usb: gadget: f_ncm: Add OS descriptor support
drivers/usb/gadget/function/f_ncm.c
drivers/usb/gadget/function/u_ncm.h
* usb: dwc3: gadget: Reset num TRBs before giving back the request
drivers/usb/dwc3/gadget.c
USB: serial: option: add Quectel EM061KGL series
* Remove DECnet support from kernel
include/linux/netdevice.h
include/linux/netfilter.h
include/linux/netfilter_defs.h
include/net/netns/netfilter.h
include/uapi/linux/netlink.h
net/Kconfig
net/Makefile
net/core/dev.c
net/core/neighbour.c
net/netfilter/core.c
net: usb: qmi_wwan: add support for Compal RXM-G1
RDMA/uverbs: Restrict usage of privileged QKEYs
nouveau: fix client work fence deletion race
powerpc/purgatory: remove PGO flags
kexec: support purgatories with .text.hot sections
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
nios2: dts: Fix tse_mac "max-frame-size" property
ocfs2: check new file size on fallocate call
ocfs2: fix use-after-free when unmounting read-only filesystem
xen/blkfront: Only check REQ_FUA for writes
mips: Move initrd_start check after initrd address sanitisation.
MIPS: Alchemy: fix dbdma2
parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
* power: supply: Fix logic checking if system is running from battery
drivers/power/supply/power_supply_core.c
irqchip/meson-gpio: Mark OF related data as maybe unused
* regulator: Fix error checking for debugfs_create_dir
drivers/regulator/core.c
* power: supply: Ratelimit no data debug output
drivers/power/supply/power_supply_sysfs.c
ARM: dts: vexpress: add missing cache properties
power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
power: supply: ab8500: Fix external_power_changed race
Merge "Merge 4.19.286 into android-4.19-stable" into android-4.19-stable
* Revert "tcp: deny tcp_disconnect() when threads are waiting"
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/inet_connection_sock.c
net/ipv4/tcp.c
Merge "Merge 4.19.285 into android-4.19-stable" into android-4.19-stable
Merge 4.19.286 into android-4.19-stable
* Revert "tcp: deny tcp_disconnect() when threads are waiting"
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/inet_connection_sock.c
net/ipv4/tcp.c
* ANDROID: GKI: update ABI xml for incrementalfs.ko
android/abi_gki_aarch64.xml
Merge 4.19.285 into android-4.19-stable
Linux 4.19.286
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
btrfs: check return value of btrfs_commit_transaction in relocation
* ext4: only check dquot_initialize_needed() when debugging
fs/ext4/xattr.c
i2c: sprd: Delete i2c adapter in .remove's error path
pinctrl: meson-axg: add missing GPIOA_18 gpio group
* Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
net/bluetooth/hci_core.c
ceph: fix use-after-free bug for inodes when flushing capsnaps
drm/amdgpu: fix xclk freq on CHIP_STONEY
Input: psmouse - fix OOB access in Elantech protocol
* Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
drivers/input/joystick/xpad.c
batman-adv: Broken sync while rescheduling delayed work
* lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
lib/cpu_rmap.c
* net: sched: fix possible refcount leak in tc_chain_tmplt_add()
net/sched/cls_api.c
* net: sched: move rtm_tca_policy declaration to include file
include/net/pkt_sched.h
net/sched/cls_api.c
* rfs: annotate lockless accesses to RFS sock flow table
include/linux/netdevice.h
net/core/dev.c
* rfs: annotate lockless accesses to sk->sk_rxhash
include/net/sock.h
* Bluetooth: L2CAP: Add missing checks for invalid DCID
net/bluetooth/l2cap_core.c
* Bluetooth: Fix l2cap_disconnect_req deadlock
net/bluetooth/l2cap_core.c
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
spi: qup: Request DMA before enabling clocks
i40e: fix build warnings in i40e_alloc.h
i40iw: fix build warning in i40iw_manage_apbvt()
* UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
drivers/net/usb/cdc_ncm.c
* UPSTREAM: cdc_ncm: Fix the build warning
drivers/net/usb/cdc_ncm.c
* UPSTREAM: cdc_ncm: Implement the 32-bit version of NCM Transfer Block
drivers/net/usb/cdc_ncm.c
include/linux/usb/cdc_ncm.h
* Revert "tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT"
include/net/sock.h
include/net/tcp.h
net/core/stream.c
* Revert "tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit"
net/ipv4/tcp.c
* Revert "tcp: factor out __tcp_close() helper"
include/net/tcp.h
net/ipv4/tcp.c
* Revert "tcp: add annotations around sk->sk_shutdown accesses"
net/ipv4/af_inet.c
net/ipv4/tcp.c
net/ipv4/tcp_input.c
* ANDROID: fix abi break in 4.19.284 for cpuhotplug.h
include/linux/cpuhotplug.h
Merge "Merge 4.19.284 into android-4.19-stable" into android-4.19-stable
UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
Linux 4.19.285
wifi: rtlwifi: 8192de: correct checking of IQK reload
* scsi: dpt_i2o: Do not process completions with invalid addresses
drivers/scsi/Kconfig
scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
* regmap: Account for register length when chunking
drivers/base/regmap/regmap.c
fbcon: Fix null-ptr-deref in soft_cursor
* ext4: add lockdep annotations for i_data_sem for ea_inode's
fs/ext4/ext4.h
fs/ext4/xattr.c
* selinux: don't use make's grouped targets feature yet
security/selinux/Makefile
tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
mmc: vub300: fix invalid response handling
rsi: Remove unnecessary boolean condition
regulator: da905{2,5}: Remove unnecessary array check
hwmon: (scmi) Remove redundant pointer check
wifi: rtlwifi: remove always-true condition pointed out by GCC 12
lib/dynamic_debug.c: use address-of operator on section symbols
* kernel/extable.c: use address-of operator on section symbols
kernel/extable.c
eth: sun: cassini: remove dead code
* gcc-12: disable '-Wdangling-pointer' warning for now
Makefile
ACPI: thermal: drop an always true check
x86/boot: Wrap literal addresses in absolute_pointer()
ata: libata-scsi: Use correct device no in ata_find_dev()
scsi: stex: Fix gcc 13 warnings
* usb: gadget: f_fs: Add unbind event before functionfs_unbind
drivers/usb/gadget/function/f_fs.c
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
* iio: dac: build ad5758 driver when AD5758 is selected
drivers/iio/dac/Makefile
iio: dac: mcp4725: Fix i2c_master_send() return value handling
* HID: wacom: avoid integer overflow in wacom_intuos_inout()
drivers/hid/wacom_wac.c
* HID: google: add jewel USB id
drivers/hid/hid-ids.h
iio: adc: mxs-lradc: fix the order of two cleanup operations
mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
atm: hide unused procfs functions
ALSA: oss: avoid missing-prototype warnings
* netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
net/netfilter/nf_conntrack_netlink.c
wifi: b43: fix incorrect __packed annotation
* scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
drivers/scsi/scsi_lib.c
* arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
arch/arm64/mm/fault.c
ARM: dts: stm32: add pin map for CAN controller on stm32f7
wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
* media: dvb-core: Fix use-after-free due on race condition at dvb_net
include/media/dvb_net.h
media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
media: dvb_ca_en50221: fix a size write bug
media: netup_unidvb: fix irq init by register it at the end of probe
media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
* media: dvb_demux: fix a bug for the continuity counter
drivers/media/dvb-core/dvb_demux.c
ASoC: ssm2602: Add workaround for playback distortions
* xfrm: Check if_id in inbound policy/secpath match
net/xfrm/xfrm_policy.c
ASoC: dwc: limit the number of overrun messages
nbd: Fix debugfs_create_dir error checking
fbdev: stifb: Fix info entry in sti_struct on error path
fbdev: modedb: Add 1920x1080 at 60 Hz video mode
media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
ARM: 9295/1: unwind:fix unwind abort for uleb128 case
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
watchdog: menz069_wdt: fix watchdog initialisation
net: dsa: mv88e6xxx: Increase wait after reset deactivation
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
* udp6: Fix race condition in udp6_sendmsg & connect
net/core/sock.c
* net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
net/netlink/af_netlink.c
* ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use
include/linux/bitops.h
* net: sched: fix NULL pointer dereference in mq_attach
net/sched/sch_api.c
* net/sched: Prohibit regrafting ingress or clsact Qdiscs
net/sched/sch_api.c
* net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
net/sched/sch_api.c
net/sched/sch_ingress.c
* net/sched: sch_clsact: Only create under TC_H_CLSACT
net/sched/sch_ingress.c
* net/sched: sch_ingress: Only create under TC_H_INGRESS
net/sched/sch_ingress.c
* tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
net/ipv4/tcp.c
* tcp: deny tcp_disconnect() when threads are waiting
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/inet_connection_sock.c
net/ipv4/tcp.c
* af_packet: do not use READ_ONCE() in packet_bind()
net/packet/af_packet.c
amd-xgbe: fix the false linkup in xgbe_phy_status
* af_packet: Fix data-races of pkt_sk(sk)->num.
net/packet/af_packet.c
netrom: fix info-leak in nr_write_internal()
net/mlx5: fw_tracer, Fix event handling
dmaengine: pl330: rename _start to prevent build error
* netfilter: ctnetlink: Support offloaded conntrack entry deletion
net/netfilter/nf_conntrack_netlink.c
* ipv{4,6}/raw: fix output xfrm lookup wrt protocol
include/net/ip.h
include/uapi/linux/in.h
net/ipv4/ip_sockglue.c
net/ipv4/raw.c
net/ipv6/raw.c
* bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
net/bluetooth/hci_sock.c
* cdc_ncm: Fix the build warning
drivers/net/usb/cdc_ncm.c
power: supply: bq24190: Call power_supply_changed() after updating input current
* power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier()
drivers/power/supply/power_supply_core.c
include/linux/power_supply.h
power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize
* net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
drivers/net/usb/cdc_ncm.c
* cdc_ncm: Implement the 32-bit version of NCM Transfer Block
drivers/net/usb/cdc_ncm.c
include/linux/usb/cdc_ncm.h
Merge 4.19.284 into android-4.19-stable
UPSTREAM: efi: rt-wrapper: Add missing include
* BACKPORT: arm64: efi: Execute runtime services from a dedicated stack
arch/arm64/include/asm/efi.h
* Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__"
include/uapi/linux/const.h
Merge "Merge 4.19.283 into android-4.19-stable" into android-4.19-stable
Linux 4.19.284
* drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource()
drivers/base/platform.c
3c589_cs: Fix an error handling path in tc589_probe()
forcedeth: Fix an error handling path in nv_probe()
* ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
include/uapi/sound/skl-tplg-interface.h
x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
* coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
drivers/hwtracing/coresight/coresight-tmc-etr.c
power: supply: sbs-charger: Fix INHIBITED bit for Status reg
* power: supply: bq27xxx: Fix poll_interval handling and races on remove
include/linux/power/bq27xxx_battery.h
power: supply: bq27xxx: Fix I2C IRQ race on remove
power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
* power: supply: leds: Fix blink to LED on transition
drivers/power/supply/power_supply_leds.c
* ipv6: Fix out-of-bounds access in ipv6_find_tlv()
net/ipv6/exthdrs_core.c
* bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
kernel/bpf/verifier.c
* net: fix skb leak in __skb_tstamp_tx()
net/core/skbuff.c
media: radio-shark: Add endpoint checks
USB: sisusbvga: Add endpoint checks
* USB: core: Add routines for endpoint checks in old drivers
drivers/usb/core/usb.c
include/linux/usb.h
* udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
net/ipv4/udplite.c
net/ipv6/udplite.c
ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported
parisc: Fix flush_dcache_page() for usage from irq context
selftests/memfd: Fix unknown type name build failure
x86/mm: Avoid incomplete Global INVLPG flushes
btrfs: use nofs when cleaning up aborted transactions
parisc: Allow to reboot machine after system halt
m68k: Move signal frame following exception on 68020/030
ALSA: hda/ca0132: add quirk for EVGA X299 DARK
spi: fsl-cpm: Use 16 bit mode for large transfers with even size
spi: fsl-spi: Re-organise transfer bits_per_word adaptation
spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode
s390/qdio: fix do_sqbs() inline assembly constraint
s390/qdio: get rid of register asm
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
vc_screen: rewrite vcs_size to accept vc, not inode
* usb: gadget: u_ether: Fix host MAC address case
drivers/usb/gadget/function/u_ether.c
* usb: gadget: u_ether: Convert prints to device prints
drivers/usb/gadget/function/u_ether.c
* lib/string_helpers: Introduce string_upper() and string_lower() helpers
include/linux/string_helpers.h
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek - ALC897 headset MIC no sound
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - The front Mic on a HP machine doesn't work
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
ALSA: hda/realtek - Add Headset Mic supported for HP cPC
ALSA: hda/realtek - More constifications
Add Acer Aspire Ethos 8951G model quirk
* HID: wacom: Force pen out of prox if no events have been received in a while
drivers/hid/wacom.h
drivers/hid/wacom_sys.c
drivers/hid/wacom_wac.c
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
netfilter: nf_tables: stricter validation of element data
* netfilter: nf_tables: allow up to 64 bytes in the set element data area
include/net/netfilter/nf_tables.h
netfilter: nf_tables: add nft_setelem_parse_key()
netfilter: nf_tables: validate registers coming from userspace.
* netfilter: nftables: statify nft_parse_register()
include/net/netfilter/nf_tables.h
* netfilter: nftables: add nft_parse_register_store() and use it
include/net/netfilter/nf_tables.h
include/net/netfilter/nf_tables_core.h
include/net/netfilter/nft_fib.h
* netfilter: nftables: add nft_parse_register_load() and use it
include/net/netfilter/nf_tables.h
include/net/netfilter/nf_tables_core.h
include/net/netfilter/nft_masq.h
include/net/netfilter/nft_redir.h
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
tpm/tpm_tis: Disable interrupts for more Lenovo devices
ceph: force updating the msg pointer in non-split case
serial: Add support for Advantech PCI-1611U card
* statfs: enforce statfs[64] structure initialization
fs/statfs.c
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda: Fix Oops by 9.1 surround channel names
usb: typec: altmodes/displayport: fix pin_assignment_show
* usb-storage: fix deadlock when a scsi command timeouts more than once
drivers/usb/storage/scsiglue.c
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
igb: fix bit_shift to be in [1..8] range
cassini: Fix a memory leak in the error handling path of cas_init_one()
net: bcmgenet: Restore phy_stop() depending upon suspend/close
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
drm/exynos: fix g2d_open/close helper function definitions
media: netup_unidvb: fix use-after-free at del_timer()
erspan: get the proto with the md version for collect_md
* ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
include/net/ip6_tunnel.h
include/net/ip_tunnels.h
ip6_gre: Make o_seqno start from 0 in native mode
ip6_gre: Fix skb_under_panic in __gre6_xmit()
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
* drivers: provide devm_platform_ioremap_resource()
drivers/base/platform.c
include/linux/platform_device.h
vsock: avoid to close connected socket after the timeout
net: fec: Better handle pm_runtime_get() failing in .remove()
* af_key: Reject optional tunnel/BEET mode templates in outbound policies
net/key/af_key.c
cpupower: Make TSC read per CPU for Mperf monitor
btrfs: fix space cache inconsistency after error loading it from disk
btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
mfd: dln2: Fix memory leak in dln2_probe()
phy: st: miphy28lp: use _poll_timeout functions for waits
* Input: xpad - add constants for GIP interface numbers
drivers/input/joystick/xpad.c
clk: tegra20: fix gcc-7 constant overflow warning
recordmcount: Fix memory leaks in the uwrite function
* sched: Fix KCSAN noinstr violation
include/linux/sched/task_stack.h
mcb-pci: Reallocate memory region to avoid memory overlapping
serial: 8250: Reinit port->pm on port specific driver unbind
usb: typec: tcpm: fix multiple times discover svids error
* HID: wacom: generic: Set battery quirk only when we see battery data
drivers/hid/wacom_wac.c
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
HID: logitech-hidpp: Reconcile USB and Unifying serials
HID: logitech-hidpp: Don't use the USB serial for USB devices
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
* Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
net/bluetooth/l2cap_core.c
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
* f2fs: fix to drop all dirty pages during umount() if cp_error is set
fs/f2fs/checkpoint.c
fs/f2fs/data.c
* ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
fs/ext4/mballoc.c
* ext4: set goal start correctly in ext4_mb_normalize_request
fs/ext4/mballoc.c
gfs2: Fix inode height consistency check
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
* lib: cpu_rmap: Avoid use after free on rmap->obj array entries
lib/cpu_rmap.c
* net: Catch invalid index in XPS mapping
net/core/dev.c
net: pasemi: Fix return type of pasemi_mac_start_tx()
ext2: Check block size validity during mount
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
drm/tegra: Avoid potential 32-bit integer overflow
ACPI: EC: Fix oops when removing custom query handlers
* firmware: arm_sdei: Fix sleep from invalid context BUG
include/linux/cpuhotplug.h
memstick: r592: Fix UAF bug in r592_remove due to race condition
* regmap: cache: Return error in cache sync operations for REGCACHE_NONE
drivers/base/regmap/regcache.c
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
* af_unix: Fix data races around sk->sk_shutdown.
net/unix/af_unix.c
* af_unix: Fix a data race of sk->sk_receive_queue->qlen.
net/unix/af_unix.c
* net: datagram: fix data-races in datagram_poll()
net/core/datagram.c
ipvlan:Fix out-of-bounds caused by unclear skb->cb
* tcp: add annotations around sk->sk_shutdown accesses
net/ipv4/af_inet.c
net/ipv4/tcp.c
net/ipv4/tcp_input.c
* tcp: factor out __tcp_close() helper
include/net/tcp.h
net/ipv4/tcp.c
* tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
net/ipv4/tcp.c
* tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT
include/net/sock.h
include/net/tcp.h
net/core/stream.c
* net: annotate sk->sk_err write from do_recvmmsg()
net/socket.c
* netlink: annotate accesses to nlk->cb_running
net/netlink/af_netlink.c
* net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
include/net/sock.h
* UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
fs/ext4/super.c
Merge 4.19.283 into android-4.19-stable
* UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
fs/ext4/xattr.c
Linux 4.19.283
* mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
mm/page_alloc.c
* printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
include/linux/printk.h
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
drbd: correctly submit flush bio on barrier
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
* tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
drivers/tty/tty_io.c
drivers/tty/tty_ioctl.c
include/linux/tty.h
* ext4: fix invalid free tracking in ext4_xattr_move_to_block()
fs/ext4/xattr.c
* ext4: remove a BUG_ON in ext4_mb_release_group_pa()
fs/ext4/mballoc.c
* ext4: bail out of ext4_xattr_ibody_get() fails for any reason
fs/ext4/inline.c
* ext4: add bounds checking in get_max_inline_xattr_value_size()
fs/ext4/inline.c
* ext4: improve error recovery code paths in __ext4_remount()
fs/ext4/super.c
* ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
fs/ext4/super.c
* ext4: fix WARNING in mb_find_extent
fs/ext4/balloc.c
* HID: wacom: Set a default resolution for older tablets
drivers/hid/wacom_wac.c
drm/panel: otm8009a: Set backlight parent to panel device
ARM: dts: s5pv210: correct MIPI CSIS clock name
ARM: dts: exynos: fix WM8960 clock name in Itop Elite
sh: nmi_debug: fix return value of __setup handler
sh: init: use OF_EARLY_FLATTREE for early init
sh: math-emu: fix macro redefined warning
platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
cifs: fix pcchunk length type in smb2_copychunk_range
btrfs: print-tree: parent bytenr must be aligned to sector size
btrfs: fix btrfs_prev_leaf() to not return the same key twice
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp()
perf vendor events power9: Remove UTF-8 characters from JSON files
virtio_net: suppress cpu stall when free_unused_bufs
virtio_net: split free_unused_bufs()
ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init`
drm/amdgpu: add a missing lock for AMDGPU_SCHED
* drm/amdgpu: Add command to override the context priority.
include/uapi/drm/amdgpu_drm.h
drm/amdgpu: Put enable gfx off feature to a delay thread
drm/amdgpu: Add amdgpu_gfx_off_ctrl function
* af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
net/packet/af_packet.c
rxrpc: Fix hard call timeout units
* net/sched: act_mirred: Add carrier check
net/sched/act_mirred.c
* writeback: fix call of incorrect macro
fs/fs-writeback.c
net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
net: dsa: mv88e6xxx: Add missing watchdog ops for 6320 family
* sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
net/ipv6/sit.c
relayfs: fix out-of-bounds access in relay_file_read
kernel/relay.c: fix read_pos error when multiple readers
* dm verity: fix error handling for check_at_most_once on FEC
drivers/md/dm-verity-target.c
* dm verity: skip redundant verity_handle_err() on I/O errors
drivers/md/dm-verity-target.c
ipmi: fix SSIF not responding under certain cond.
ipmi_ssif: Rename idle state and check
* ipmi: Fix how the lower layers are told to watch for messages
include/linux/ipmi_smi.h
ipmi: Fix SSIF flag requests
* tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
drivers/base/cpu.c
include/linux/tick.h
kernel/time/tick-sched.c
* nohz: Add TICK_DEP_BIT_RCU
include/linux/tick.h
include/trace/events/timer.h
kernel/time/tick-sched.c
* netfilter: nf_tables: deactivate anonymous set from preparation phase
include/net/netfilter/nf_tables.h
debugobject: Ensure pool refill (again)
perf auxtrace: Fix address filter entire kernel size
* dm ioctl: fix nested locking in table_clear() to remove deadlock concern
drivers/md/dm-ioctl.c
dm flakey: fix a crash with invalid table line
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
s390/dasd: fix hanging blockdevice after request requeue
* btrfs: scrub: reject unsupported scrub flags
include/uapi/linux/btrfs.h
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
wifi: rtl8xxxu: RTL8192EU always needs full init
md/raid10: fix null-ptr-deref in raid10_sync_request
nilfs2: fix infinite loop in nilfs_mdt_get_block()
nilfs2: do not write dirty data after degenerating to read-only
parisc: Fix argument pointer in real64_call_asm()
dmaengine: at_xdmac: do not enable all cyclic channels
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
pwm: mtk-disp: Disable shadow registers before setting backlight values
pwm: mtk-disp: Adjust the clocks to avoid them mismatch
pwm: mtk-disp: Don't check the return code of pwmchip_remove()
openrisc: Properly store r31 to pt_regs on unhandled exceptions
RDMA/mlx5: Use correct device num_ports when modify DC
* SUNRPC: remove the maximum number of retries in call_bind_status
include/linux/sunrpc/sched.h
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
* clk: add missing of_node_put() in "assigned-clocks" property parsing
drivers/clk/clk-conf.c
power: supply: generic-adc-battery: fix unit scaling
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
RDMA/rdmavt: Delete unnecessary NULL check
* perf/core: Fix hardlockup failure caused by perf throttle
kernel/events/core.c
powerpc/rtas: use memmove for potentially overlapping buffer copy
* macintosh: via-pmu-led: requires ATA to be set
drivers/macintosh/Kconfig
powerpc/sysdev/tsi108: fix resource printk format warnings
powerpc/wii: fix resource printk format warnings
powerpc/mpc512x: fix resource printk format warning
macintosh/windfarm_smu_sat: Add missing of_node_put()
* spmi: Add a check for remove callback when removing a SPMI driver
drivers/spmi/spmi.c
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
serial: 8250: Add missing wakeup event reporting
tty: serial: fsl_lpuart: adjust buffer length to the intended size
usb: chipidea: fix missing goto in `ci_hdrc_probe`
sh: sq: Fix incorrect element size for allocating bitmap buffer
* uapi/linux/const.h: prefer ISO-friendly __typeof__
include/uapi/linux/const.h
spi: cadence-quadspi: fix suspend-resume implementations
mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel
mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure
mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry
ia64: salinfo: placate defined-but-not-used warning
ia64: mm/contig: fix section mismatch warning/error
* of: Fix modalias string generation
drivers/of/device.c
vmci_host: fix a race condition in vmci_host_poll() causing GPF
spi: fsl-spi: Fix CPM/QE mode Litte Endian
spi: qup: Don't skip cleanup in remove's error path
spi: qup: fix PM reference leak in spi_qup_remove()
* linux/vt_buffer.h: allow either builtin or modular for macros
include/linux/vt_buffer.h
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
fpga: bridge: fix kernel-doc parameter description
usb: host: xhci-rcar: remove leftover quirk handling
* pstore: Revert pmsg_lock back to a normal mutex
fs/pstore/pmsg.c
* tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
net/core/skbuff.c
net: amd: Fix link leak when verifying config failed
* netlink: Use copy_to_user() for optval in netlink_getsockopt().
net/netlink/af_netlink.c
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
* ipv4: Fix potential uninit variable access bug in __ip_make_skb()
net/ipv4/ip_output.c
* netfilter: nf_tables: don't write table validation state without mutex
include/linux/netfilter/nfnetlink.h
net/netfilter/nfnetlink.c
ixgbe: Enable setting RSS table to default values
ixgbe: Allow flow hash to be set via ethtool
wifi: iwlwifi: mvm: check firmware response size
wifi: iwlwifi: make the loop for card preparation effective
md/raid10: fix memleak of md thread
md: update the optimal I/O size on reshape
md/raid10: fix memleak for 'conf->bio_split'
md/raid10: fix leak of 'r10bio->remaining' for recovery
* crypto: drbg - Only fail when jent is unavailable in FIPS mode
crypto/drbg.c
* crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
crypto/drbg.c
bpftool: Fix bug for long instructions in program CFG dumps
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
rtlwifi: Replace RT_TRACE with rtl_dbg
rtlwifi: Start changing RT_TRACE into rtl_dbg
rtlwifi: rtl_pci: Fix memory leak when hardware init fails
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
scsi: target: iscsit: Fix TAS handling during conn cleanup
* net/packet: convert po->auxdata to an atomic flag
net/packet/af_packet.c
net/packet/internal.h
* net/packet: convert po->origdev to an atomic flag
net/packet/af_packet.c
net/packet/internal.h
vlan: partially enable SIOCSHWTSTAMP in container
* scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
include/net/scm.h
tools: bpftool: Remove invalid \' json escape
wifi: ath6kl: reduce WARN to dev_dbg() in callback
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath6kl: minor fix for allocation size
debugobject: Prevent init race with static objects
debugobjects: Move printk out of db->lock critical sections
debugobjects: Add percpu free pools
* arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
arch/arm64/include/asm/debug-monitors.h
arch/arm64/kernel/debug-monitors.c
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
media: rc: gpio-ir-recv: Fix support for wake-up
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: rcar_fdp1: Fix the correct variable assignments
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
drm/msm/adreno: drop bogus pm_runtime_set_active()
drm/msm/adreno: Defer enabling runpm until hw_init()
* firmware: qcom_scm: Clear download bit during reboot
drivers/firmware/qcom_scm.c
media: av7110: prevent underflow in write_ts_to_decoder()
* media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format.
include/uapi/linux/media-bus-format.h
media: bdisp: Add missing check for create_workqueue
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
EDAC, skx: Move debugfs node under EDAC's hierarchy
* drm/probe-helper: Cancel previous job before starting new one
drivers/gpu/drm/drm_probe_helper.c
drm/vgem: add missing mutex_destroy
drm/rockchip: Drop unbalanced obj unref
* selinux: ensure av_permissions.h is built when needed
security/selinux/Makefile
* selinux: fix Makefile dependencies of flask.h
security/selinux/Makefile
ubifs: Free memory for tmpfile name
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Fix memleak when insert_old_idx() failed
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
i2c: omap: Fix standard mode false ACK readings
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
* ring-buffer: Sync IRQ works before buffer destruction
kernel/trace/ring_buffer.c
pwm: meson: Fix axg ao mux parents
MIPS: fw: Allow firmware to pass a empty env
* xhci: fix debugfs register accesses while suspended
drivers/usb/host/xhci-debugfs.c
* debugfs: regset32: Add Runtime PM support
fs/debugfs/file.c
include/linux/debugfs.h
staging: iio: resolver: ads1210: fix config mode
perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE)
* USB: dwc3: fix runtime pm imbalance on unbind
drivers/usb/dwc3/core.c
stmmac: debugfs entry name is not be changed when udev rename device name.
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
USB: serial: option: add UNISOC vendor and TOZED LT70C product
* bluetooth: Perform careful capability checks in hci_sock_ioctl()
net/bluetooth/hci_sock.c
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
* ANDROID: incremental fs: Evict inodes before freeing mount data
fs/incfs/main.c
fs/incfs/vfs.c
* Revert "Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse""
android/abi_gki_aarch64.xml
include/linux/rmap.h
mm/rmap.c
Bug: 299241959
Change-Id: Ib8c4ff87b1b0b720abce0f5fcdf1a51f01a472a9
Signed-off-by: Wilson Sung <wilsonsung@google.com>
Signed-off-by: ChangYan Lee <changyan@google.com>
|
||
|
Greg Kroah-Hartman
|
501b721387 |
Merge 4.19.295 into android-4.19-stable
Changes in 4.19.295
erofs: ensure that the post-EOF tails are all zeroed
ARM: pxa: remove use of symbol_get()
mmc: au1xmmc: force non-modular build and remove symbol_get usage
rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff
modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules
USB: serial: option: add Quectel EM05G variant (0x030e)
USB: serial: option: add FOXCONN T99W368/T99W373 product
HID: wacom: remove the battery when the EKR is off
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition
serial: sc16is7xx: fix bug when first setting GPIO direction
fsi: master-ast-cf: Add MODULE_FIRMWARE macro
nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers()
nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse
pinctrl: amd: Don't show `Invalid config param` errors
9p: virtio: make sure 'offs' is initialized in zc_request
ASoC: da7219: Flush pending AAD IRQ when suspending
ASoC: da7219: Check for failure reading AAD IRQ events
ethernet: atheros: fix return value check in atl1c_tso_csum()
vxlan: generalize vxlan_parse_gpe_hdr and remove unused args
m68k: Fix invalid .section syntax
s390/dasd: use correct number of retries for ERP requests
s390/dasd: fix hanging device after request requeue
fs/nls: make load_nls() take a const parameter
ASoc: codecs: ES8316: Fix DMIC config
ASoC: atmel: Fix the 8K sample parameter in I2SC master
platform/x86: intel: hid: Always call BTNL ACPI method
security: keys: perform capable check only on privileged operations
net: usb: qmi_wwan: add Quectel EM05GV2
idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM
scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock
netlabel: fix shift wrapping bug in netlbl_catmap_setlong()
bnx2x: fix page fault following EEH recovery
sctp: handle invalid error codes without calling BUG()
cifs: add a warning when the in-flight count goes negative
ALSA: seq: oss: Fix racy open/close of MIDI devices
net: Avoid address overwrite in kernel_connect
powerpc/32: Include .branch_lt in data section
powerpc/32s: Fix assembler warning about r0
udf: Check consistency of Space Bitmap Descriptor
udf: Handle error when adding extent to a file
Revert "net: macsec: preserve ingress frame ordering"
reiserfs: Check the return value from __getblk()
eventfd: Export eventfd_ctx_do_read()
eventfd: prevent underflow for eventfd semaphores
new helper: lookup_positive_unlocked()
netfilter: nft_flow_offload: fix underflow in flowtable reference counter
netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation
fs: Fix error checking for d_hash_and_lookup()
cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit()
bpf: Clear the probe_addr for uprobe
tcp: tcp_enter_quickack_mode() should be static
regmap: rbtree: Use alloc_flags for memory allocations
spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe()
can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM
wifi: mwifiex: Fix OOB and integer underflow when rx packets
mwifiex: drop 'set_consistent_dma_mask' log message
mwifiex: switch from 'pci_' to 'dma_' API
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe()
crypto: caam - fix unchecked return value error
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
fs: ocfs2: namei: check return value of ocfs2_add_entry()
wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
wifi: mwifiex: Fix missed return in oob checks failed path
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
wifi: ath9k: protect WMI command response buffer replacement with a lock
wifi: mwifiex: avoid possible NULL skb pointer dereference
wifi: ath9k: use IS_ERR() with debugfs_create_dir()
net: arcnet: Do not call kfree_skb() under local_irq_disable()
net/sched: sch_hfsc: Ensure inner classes have fsc curve
netrom: Deny concurrent connect().
quota: add dqi_dirty_list description to comment of Dquot List Management
quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list
quota: factor out dquot_write_dquot()
quota: rename dquot_active() to inode_quota_active()
quota: add new helper dquot_active()
quota: fix dqput() to follow the guarantees dquot_srcu should provide
arm64: dts: msm8996: thermal: Add interrupt support
arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller
drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar()
ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name
ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch
ARM: dts: BCM53573: Drop nonexistent #usb-cells
ARM: dts: BCM53573: Add cells sizes to PCIe node
ARM: dts: BCM53573: Use updated "spi-gpio" binding properties
ARM: dts: s3c6410: move fixed clocks under root node in Mini6410
ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410
ARM: dts: s3c64xx: align pinctrl with dtschema
ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split)
ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210
ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210
ARM: dts: s5pv210: correct ethernet unit address in SMDKV210
ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210
ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split)
drm: adv7511: Fix low refresh rate register for ADV7533/5
ARM: dts: BCM53573: Fix Ethernet info for Luxul devices
drm/tegra: Remove superfluous error messages around platform_get_irq()
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name()
drm/msm: Replace drm_framebuffer_{un/reference} with put, get functions
drm/msm/mdp5: Don't leak some plane state
smackfs: Prevent underflow in smk_set_cipso()
audit: fix possible soft lockup in __audit_inode_child()
of: unittest: Fix overlay type in apply/revert check
ALSA: ac97: Fix possible error value of *rac97
drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init()
clk: sunxi-ng: Modify mismatched function name
PCI: Mark NVIDIA T4 GPUs to avoid bus reset
PCI: pciehp: Use RMW accessors for changing LNKCTL
PCI/ASPM: Use RMW accessors for changing LNKCTL
PCI/ATS: Add pci_prg_resp_pasid_required() interface.
PCI: Cleanup register definition width and whitespace
PCI: Decode PCIe 32 GT/s link speed
PCI: Add #defines for Enter Compliance, Transmit Margin
drm/amdgpu: Correct Transmit Margin masks
drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions
drm/amdgpu: Prefer pcie_capability_read_word()
drm/amdgpu: Use RMW accessors for changing LNKCTL
drm/radeon: Correct Transmit Margin masks
drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions
drm/radeon: Prefer pcie_capability_read_word()
drm/radeon: Use RMW accessors for changing LNKCTL
wifi: ath10k: Use RMW accessors for changing LNKCTL
nfs/blocklayout: Use the passed in gfp flags
powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
jfs: validate max amount of blocks before allocation.
fs: lockd: avoid possible wrong NULL parameter
NFSD: da_addr_body field missing in some GETDEVICEINFO replies
media: Use of_node_name_eq for node name comparisons
media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling
media: v4l2-fwnode: simplify v4l2_fwnode_parse_link
media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link()
drivers: usb: smsusb: fix error handling code in smsusb_init_device
media: dib7000p: Fix potential division by zero
media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer()
media: cx24120: Add retval check for cx24120_message_send()
media: mediatek: vcodec: Return NULL if no vdec_fb is found
usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host()
scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param()
scsi: be2iscsi: Add length check when parsing nlattrs
scsi: qla4xxx: Add length check when parsing nlattrs
x86/APM: drop the duplicate APM_MINOR_DEV macro
scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly
scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly
dma-buf/sync_file: Fix docs syntax
IB/uverbs: Fix an potential error pointer dereference
media: go7007: Remove redundant if statement
USB: gadget: f_mass_storage: Fix unused variable warning
media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips
media: ov2680: Remove auto-gain and auto-exposure controls
media: ov2680: Fix ov2680_bayer_order()
media: ov2680: Fix vflip / hflip set functions
media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors
cgroup:namespace: Remove unused cgroup_namespaces_init()
scsi: core: Use 32-bit hostnum in scsi_host_lookup()
scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock
serial: tegra: handle clk prepare error in tegra_uart_hw_init()
amba: bus: fix refcount leak
Revert "IB/isert: Fix incorrect release of isert connection"
HID: multitouch: Correct devm device reference for hidinput input_dev name
rpmsg: glink: Add check for kstrdup
arch: um: drivers: Kconfig: pedantic formatting
um: Fix hostaudio build errors
dmaengine: ste_dma40: Add missing IRQ check in d40_probe
igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
netfilter: xt_u32: validate user space input
netfilter: xt_sctp: validate the flag_info count
skbuff: skb_segment, Call zero copy functions before using skbuff frags
igb: set max size RX buffer when store bad packet is enabled
PM / devfreq: Fix leak in devfreq_dev_release()
ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
ipmi_si: fix a memleak in try_smi_init()
ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch()
backlight/gpio_backlight: Compare against struct fb_info.device
backlight/bd6107: Compare against struct fb_info.device
backlight/lv5207lp: Compare against struct fb_info.device
media: dvb: symbol fixup for dvb_attach()
ntb: Drop packets when qp link is down
ntb: Clean up tx tail index on link down
ntb: Fix calculation ntb_transport_tx_free_entry()
Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
procfs: block chmod on /proc/thread-self/comm
parisc: Fix /proc/cpuinfo output for lscpu
dlm: fix plock lookup when using multiple lockspaces
dccp: Fix out of bounds access in DCCP error handler
crypto: stm32 - fix loop iterating through scatterlist for DMA
cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug
X.509: if signature is unsupported skip validation
net: handle ARPHRD_PPP in dev_is_mac_header_xmit()
pstore/ram: Check start of empty przs during init
PCI/ATS: Add inline to pci_prg_resp_pasid_required()
sc16is7xx: Set iobase to device index
serial: sc16is7xx: fix broken port 0 uart init
usb: typec: tcpci: clear the fault status bit
udf: initialize newblock to 0
scsi: qla2xxx: fix inconsistent TMF timeout
scsi: qla2xxx: Turn off noisy message log
fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
drm/ast: Fix DRAM init on AST2200
parisc: led: Fix LAN receive and transmit LEDs
parisc: led: Reduce CPU overhead for disk & lan LED computation
clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
soc: qcom: qmi_encdec: Restrict string length in decode
NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
kconfig: fix possible buffer overflow
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
pwm: lpc32xx: Remove handling of PWM channels
net: read sk->sk_family once in sk_mc_loop()
igb: disable virtualization features on 82580
veth: Fixing transmit return status for dropped packets
net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr
af_unix: Fix data-races around user->unix_inflight.
af_unix: Fix data-race around unix_tot_inflight.
af_unix: Fix data-races around sk->sk_shutdown.
af_unix: Fix data race around sk->sk_err.
net: sched: sch_qfq: Fix UAF in qfq_dequeue()
kcm: Destroy mutex in kcm_exit_net()
igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80
igb: Change IGB_MIN to allow set rx/tx value between 64 and 80
idr: fix param name in idr_alloc_cyclic() doc
netfilter: nfnetlink_osf: avoid OOB read
ata: sata_gemini: Add missing MODULE_DESCRIPTION
ata: pata_ftide010: Add missing MODULE_DESCRIPTION
btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART
mtd: rawnand: brcmnand: Fix crash during the panic_write
mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write
mtd: rawnand: brcmnand: Fix potential false time out warning
perf hists browser: Fix hierarchy mode header
net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all()
kcm: Fix memory leak in error path of kcm_sendmsg()
ixgbe: fix timestamp configuration code
kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg().
drm/amd/display: Fix a bug when searching for insert_above_mpcc
parisc: Drop loops_per_jiffy from per_cpu struct
autofs: fix memory leak of waitqueues in autofs_catatonic_mode
btrfs: output extra debug info if we failed to find an inline backref
ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer
ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470
hw_breakpoint: fix single-stepping when using bpf_overflow_handler
wifi: ath9k: fix printk specifier
wifi: mwifiex: fix fortify warning
crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
tpm_tis: Resend command to recover from data transfer errors
alx: fix OOB-read compiler warning
drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable()
md: raid1: fix potential OOB in raid1_remove_disk()
ext2: fix datatype of block number in ext2_xattr_set2()
fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount()
jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
powerpc/pseries: fix possible memory leak in ibmebus_bus_init()
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer()
media: af9005: Fix null-ptr-deref in af9005_i2c_xfer
media: anysee: fix null-ptr-deref in anysee_master_xfer
media: az6007: Fix null-ptr-deref in az6007_i2c_xfer()
iio: core: Use min() instead of min_t() to make code more robust
media: tuners: qt1010: replace BUG_ON with a regular error
media: pci: cx23885: replace BUG with error return
usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show()
serial: cpm_uart: Avoid suspicious locking
media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning
kobject: Add sanity check for kset->kobj.ktype in kset_register()
md/raid1: fix error: ISO C90 forbids mixed declarations
attr: block mode changes of symlinks
btrfs: fix lockdep splat and potential deadlock after failure running delayed items
nfsd: fix change_info in NFSv4 RENAME replies
mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller
net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
net/sched: Retire rsvp classifier
Linux 4.19.295
Change-Id: I5de88dc1e8cebe5736df3023205233cb40c4aa35
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Tomislav Novak
|
d228251563 |
hw_breakpoint: fix single-stepping when using bpf_overflow_handler
[ Upstream commit d11a69873d9a7435fe6a48531e165ab80a8b1221 ]
Arm platforms use is_default_overflow_handler() to determine if the
hw_breakpoint code should single-step over the breakpoint trigger or
let the custom handler deal with it.
Since bpf_overflow_handler() currently isn't recognized as a default
handler, attaching a BPF program to a PERF_TYPE_BREAKPOINT event causes
it to keep firing (the instruction triggering the data abort exception
is never skipped). For example:
# bpftrace -e 'watchpoint:0x10000:4:w { print("hit") }' -c ./test
Attaching 1 probe...
hit
hit
[...]
^C
(./test performs a single 4-byte store to 0x10000)
This patch replaces the check with uses_default_overflow_handler(),
which accounts for the bpf_overflow_handler() case by also testing
if one of the perf_event_output functions gets invoked indirectly,
via orig_default_handler.
Signed-off-by: Tomislav Novak <tnovak@meta.com>
Tested-by: Samuel Gosselin <sgosselin@google.com> # arm64
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/linux-arm-kernel/20220923203644.2731604-1-tnovak@fb.com/
Link: https://lore.kernel.org/r/20230605191923.1219974-1-tnovak@meta.com
Signed-off-by: Will Deacon <will@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Ard Biesheuvel
|
3ecaa3afa5 |
UPSTREAM: efi: rt-wrapper: Add missing include
commit 18bba1843fc7f264f58c9345d00827d082f9c558 upstream.
Add the missing #include of asm/assembler.h, which is where the ldr_l
macro is defined.
Bug: 260821414
Fixes: ff7a167961d1b97e ("arm64: efi: Execute runtime services from a dedicated stack")
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Cc: Lee Jones <lee@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I50d1e21277ef64dcb1d58d7f1c062dc913cfee74
(cherry picked from commit dd8418a59a40ac8bda0f3a23a8f3fae439d0cc9e)
|
||
|
Ard Biesheuvel
|
96bc083042 |
BACKPORT: arm64: efi: Execute runtime services from a dedicated stack
commit ff7a167961d1b97e0e205f245f806e564d3505e7 upstream. With the introduction of PRMT in the ACPI subsystem, the EFI rts workqueue is no longer the only caller of efi_call_virt_pointer() in the kernel. This means the EFI runtime services lock is no longer sufficient to manage concurrent calls into firmware, but also that firmware calls may occur that are not marshalled via the workqueue mechanism, but originate directly from the caller context. For added robustness, and to ensure that the runtime services have 8 KiB of stack space available as per the EFI spec, introduce a spinlock protected EFI runtime stack of 8 KiB, where the spinlock also ensures serialization between the EFI rts workqueue (which itself serializes EFI runtime calls) and other callers of efi_call_virt_pointer(). While at it, use the stack pivot to avoid reloading the shadow call stack pointer from the ordinary stack, as doing so could produce a gadget to defeat it. Bug: 260821414 Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Cc: Lee Jones <lee@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: Ie961576ae93cafc315cb37fb84cca0a6402eda59 (cherry picked from commit 67884a649c141a44d91400df6ca0a5ef55e1771a) [Lee: Swap-out the non-existent __vmalloc_node() for __vmalloc_node_range()] |
||
|
Greg Kroah-Hartman
|
23eb39df01 |
Merge 4.19.283 into android-4.19-stable
Changes in 4.19.283
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
bluetooth: Perform careful capability checks in hci_sock_ioctl()
USB: serial: option: add UNISOC vendor and TOZED LT70C product
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
stmmac: debugfs entry name is not be changed when udev rename device name.
USB: dwc3: fix runtime pm imbalance on unbind
perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE)
staging: iio: resolver: ads1210: fix config mode
debugfs: regset32: Add Runtime PM support
xhci: fix debugfs register accesses while suspended
MIPS: fw: Allow firmware to pass a empty env
pwm: meson: Fix axg ao mux parents
ring-buffer: Sync IRQ works before buffer destruction
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
i2c: omap: Fix standard mode false ACK readings
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
ubifs: Fix memleak when insert_old_idx() failed
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Free memory for tmpfile name
selinux: fix Makefile dependencies of flask.h
selinux: ensure av_permissions.h is built when needed
drm/rockchip: Drop unbalanced obj unref
drm/vgem: add missing mutex_destroy
drm/probe-helper: Cancel previous job before starting new one
EDAC, skx: Move debugfs node under EDAC's hierarchy
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
media: bdisp: Add missing check for create_workqueue
media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format.
media: av7110: prevent underflow in write_ts_to_decoder()
firmware: qcom_scm: Clear download bit during reboot
drm/msm/adreno: Defer enabling runpm until hw_init()
drm/msm/adreno: drop bogus pm_runtime_set_active()
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: rcar_fdp1: Fix the correct variable assignments
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: rc: gpio-ir-recv: Fix support for wake-up
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
debugobjects: Add percpu free pools
debugobjects: Move printk out of db->lock critical sections
debugobject: Prevent init race with static objects
wifi: ath6kl: minor fix for allocation size
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath6kl: reduce WARN to dev_dbg() in callback
tools: bpftool: Remove invalid \' json escape
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
vlan: partially enable SIOCSHWTSTAMP in container
net/packet: convert po->origdev to an atomic flag
net/packet: convert po->auxdata to an atomic flag
scsi: target: iscsit: Fix TAS handling during conn cleanup
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
rtlwifi: rtl_pci: Fix memory leak when hardware init fails
rtlwifi: Start changing RT_TRACE into rtl_dbg
rtlwifi: Replace RT_TRACE with rtl_dbg
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
bpftool: Fix bug for long instructions in program CFG dumps
crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
crypto: drbg - Only fail when jent is unavailable in FIPS mode
md/raid10: fix leak of 'r10bio->remaining' for recovery
md/raid10: fix memleak for 'conf->bio_split'
md: update the optimal I/O size on reshape
md/raid10: fix memleak of md thread
wifi: iwlwifi: make the loop for card preparation effective
wifi: iwlwifi: mvm: check firmware response size
ixgbe: Allow flow hash to be set via ethtool
ixgbe: Enable setting RSS table to default values
netfilter: nf_tables: don't write table validation state without mutex
ipv4: Fix potential uninit variable access bug in __ip_make_skb()
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
netlink: Use copy_to_user() for optval in netlink_getsockopt().
net: amd: Fix link leak when verifying config failed
tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
pstore: Revert pmsg_lock back to a normal mutex
usb: host: xhci-rcar: remove leftover quirk handling
fpga: bridge: fix kernel-doc parameter description
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
linux/vt_buffer.h: allow either builtin or modular for macros
spi: qup: fix PM reference leak in spi_qup_remove()
spi: qup: Don't skip cleanup in remove's error path
spi: fsl-spi: Fix CPM/QE mode Litte Endian
vmci_host: fix a race condition in vmci_host_poll() causing GPF
of: Fix modalias string generation
ia64: mm/contig: fix section mismatch warning/error
ia64: salinfo: placate defined-but-not-used warning
mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry
mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure
mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel
spi: cadence-quadspi: fix suspend-resume implementations
uapi/linux/const.h: prefer ISO-friendly __typeof__
sh: sq: Fix incorrect element size for allocating bitmap buffer
usb: chipidea: fix missing goto in `ci_hdrc_probe`
tty: serial: fsl_lpuart: adjust buffer length to the intended size
serial: 8250: Add missing wakeup event reporting
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
spmi: Add a check for remove callback when removing a SPMI driver
macintosh/windfarm_smu_sat: Add missing of_node_put()
powerpc/mpc512x: fix resource printk format warning
powerpc/wii: fix resource printk format warnings
powerpc/sysdev/tsi108: fix resource printk format warnings
macintosh: via-pmu-led: requires ATA to be set
powerpc/rtas: use memmove for potentially overlapping buffer copy
perf/core: Fix hardlockup failure caused by perf throttle
RDMA/rdmavt: Delete unnecessary NULL check
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
power: supply: generic-adc-battery: fix unit scaling
clk: add missing of_node_put() in "assigned-clocks" property parsing
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
SUNRPC: remove the maximum number of retries in call_bind_status
RDMA/mlx5: Use correct device num_ports when modify DC
openrisc: Properly store r31 to pt_regs on unhandled exceptions
pwm: mtk-disp: Don't check the return code of pwmchip_remove()
pwm: mtk-disp: Adjust the clocks to avoid them mismatch
pwm: mtk-disp: Disable shadow registers before setting backlight values
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
dmaengine: at_xdmac: do not enable all cyclic channels
parisc: Fix argument pointer in real64_call_asm()
nilfs2: do not write dirty data after degenerating to read-only
nilfs2: fix infinite loop in nilfs_mdt_get_block()
md/raid10: fix null-ptr-deref in raid10_sync_request
wifi: rtl8xxxu: RTL8192EU always needs full init
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
btrfs: scrub: reject unsupported scrub flags
s390/dasd: fix hanging blockdevice after request requeue
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
dm flakey: fix a crash with invalid table line
dm ioctl: fix nested locking in table_clear() to remove deadlock concern
perf auxtrace: Fix address filter entire kernel size
debugobject: Ensure pool refill (again)
netfilter: nf_tables: deactivate anonymous set from preparation phase
nohz: Add TICK_DEP_BIT_RCU
tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
ipmi: Fix SSIF flag requests
ipmi: Fix how the lower layers are told to watch for messages
ipmi_ssif: Rename idle state and check
ipmi: fix SSIF not responding under certain cond.
dm verity: skip redundant verity_handle_err() on I/O errors
dm verity: fix error handling for check_at_most_once on FEC
kernel/relay.c: fix read_pos error when multiple readers
relayfs: fix out-of-bounds access in relay_file_read
sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
net: dsa: mv88e6xxx: Add missing watchdog ops for 6320 family
net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
writeback: fix call of incorrect macro
net/sched: act_mirred: Add carrier check
rxrpc: Fix hard call timeout units
af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
drm/amdgpu: Add amdgpu_gfx_off_ctrl function
drm/amdgpu: Put enable gfx off feature to a delay thread
drm/amdgpu: Add command to override the context priority.
drm/amdgpu: add a missing lock for AMDGPU_SCHED
ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init`
virtio_net: split free_unused_bufs()
virtio_net: suppress cpu stall when free_unused_bufs
perf vendor events power9: Remove UTF-8 characters from JSON files
perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp()
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
btrfs: fix btrfs_prev_leaf() to not return the same key twice
btrfs: print-tree: parent bytenr must be aligned to sector size
cifs: fix pcchunk length type in smb2_copychunk_range
platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
sh: math-emu: fix macro redefined warning
sh: init: use OF_EARLY_FLATTREE for early init
sh: nmi_debug: fix return value of __setup handler
ARM: dts: exynos: fix WM8960 clock name in Itop Elite
ARM: dts: s5pv210: correct MIPI CSIS clock name
drm/panel: otm8009a: Set backlight parent to panel device
HID: wacom: Set a default resolution for older tablets
ext4: fix WARNING in mb_find_extent
ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
ext4: improve error recovery code paths in __ext4_remount()
ext4: add bounds checking in get_max_inline_xattr_value_size()
ext4: bail out of ext4_xattr_ibody_get() fails for any reason
ext4: remove a BUG_ON in ext4_mb_release_group_pa()
ext4: fix invalid free tracking in ext4_xattr_move_to_block()
tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
drbd: correctly submit flush bio on barrier
PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
Linux 4.19.283
Change-Id: Id2f95d527f356c874a9e01e57f1d816b9fa34e8b
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Sumit Garg
|
e74f7c87b6 |
arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
[ Upstream commit af6c0bd59f4f3ad5daad2f7b777954b1954551d5 ]
Currently only the first attempt to single-step has any effect. After
that all further stepping remains "stuck" at the same program counter
value.
Refer to the ARM Architecture Reference Manual (ARM DDI 0487E.a) D2.12,
PSTATE.SS=1 should be set at each step before transferring the PE to the
'Active-not-pending' state. The problem here is PSTATE.SS=1 is not set
since the second single-step.
After the first single-step, the PE transferes to the 'Inactive' state,
with PSTATE.SS=0 and MDSCR.SS=1, thus PSTATE.SS won't be set to 1 due to
kernel_active_single_step()=true. Then the PE transferes to the
'Active-pending' state when ERET and returns to the debugger by step
exception.
Before this patch:
==================
Entering kdb (current=0xffff3376039f0000, pid 1) on processor 0 due to Keyboard Entry
[0]kdb>
[0]kdb>
[0]kdb> bp write_sysrq_trigger
Instruction(i) BP #0 at 0xffffa45c13d09290 (write_sysrq_trigger)
is enabled addr at ffffa45c13d09290, hardtype=0 installed=0
[0]kdb> go
$ echo h > /proc/sysrq-trigger
Entering kdb (current=0xffff4f7e453f8000, pid 175) on processor 1 due to Breakpoint @ 0xffffad651a309290
[1]kdb> ss
Entering kdb (current=0xffff4f7e453f8000, pid 175) on processor 1 due to SS trap @ 0xffffad651a309294
[1]kdb> ss
Entering kdb (current=0xffff4f7e453f8000, pid 175) on processor 1 due to SS trap @ 0xffffad651a309294
[1]kdb>
After this patch:
=================
Entering kdb (current=0xffff6851c39f0000, pid 1) on processor 0 due to Keyboard Entry
[0]kdb> bp write_sysrq_trigger
Instruction(i) BP #0 at 0xffffc02d2dd09290 (write_sysrq_trigger)
is enabled addr at ffffc02d2dd09290, hardtype=0 installed=0
[0]kdb> go
$ echo h > /proc/sysrq-trigger
Entering kdb (current=0xffff6851c53c1840, pid 174) on processor 1 due to Breakpoint @ 0xffffc02d2dd09290
[1]kdb> ss
Entering kdb (current=0xffff6851c53c1840, pid 174) on processor 1 due to SS trap @ 0xffffc02d2dd09294
[1]kdb> ss
Entering kdb (current=0xffff6851c53c1840, pid 174) on processor 1 due to SS trap @ 0xffffc02d2dd09298
[1]kdb> ss
Entering kdb (current=0xffff6851c53c1840, pid 174) on processor 1 due to SS trap @ 0xffffc02d2dd0929c
[1]kdb>
Fixes:
|
||
|
Wilson Sung
|
63376759a1 |
Merge android-4.19-stable (4.19.272) into android-msm-pixel-4.19-lts
Merge 4.19.272 into android-4.19-stable
Linux 4.19.272
* usb: host: xhci-plat: add wakeup entry at sysfs
drivers/usb/host/xhci-plat.c
* ipv6: ensure sane device mtu in tunnels
net/ipv6/ip6_tunnel.c
net/ipv6/sit.c
* exit: Use READ_ONCE() for all oops/warn limit reads
kernel/exit.c
kernel/panic.c
docs: Fix path paste-o for /sys/kernel/warn_count
* panic: Expose "warn_count" to sysfs
kernel/panic.c
* panic: Introduce warn_limit
kernel/panic.c
* panic: Consolidate open-coded panic_on_warn checks
include/linux/kernel.h
kernel/panic.c
kernel/sched/core.c
* exit: Allow oops_limit to be disabled
kernel/exit.c
* exit: Expose "oops_count" to sysfs
kernel/exit.c
* exit: Put an upper limit on how often we can oops
kernel/exit.c
ia64: make IA64_MCA_RECOVERY bool instead of tristate
h8300: Fix build errors from do_exit() to make_task_dead() transition
hexagon: Fix function name in die()
objtool: Add a missing comma to avoid string concatenation
* exit: Add and use make_task_dead.
arch/arm64/kernel/traps.c
arch/arm64/mm/fault.c
include/linux/sched/task.h
kernel/exit.c
* panic: unset panic_on_warn inside panic()
kernel/panic.c
* sysctl: add a new register_sysctl_init() interface
fs/proc/proc_sysctl.c
include/linux/sysctl.h
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
ARM: dts: imx: Fix pca9547 i2c-mux node name
x86/entry/64: Add instruction suffix to SYSRET
x86/asm: Fix an assembler warning with current binutils
drm/i915/display: fix compiler warning about array overrun
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode"
net/tg3: resolve deadlock in tg3_reset_task() during EEH
net: ravb: Fix possible hang if RIS2_QFF1 happen
* sctp: fail if no bound addresses can be used for a given scope
net/sctp/bind_addr.c
netrom: Fix use-after-free of a listening socket.
* netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
net/netfilter/nf_conntrack_proto_sctp.c
* ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
net/ipv4/metrics.c
* netlink: annotate data races around sk_state
net/netlink/af_netlink.c
* netlink: annotate data races around dst_portid and dst_group
net/netlink/af_netlink.c
* netlink: annotate data races around nlk->portid
net/netlink/af_netlink.c
* netlink: remove hash::nelems check in netlink_insert
net/netlink/af_netlink.c
netfilter: nft_set_rbtree: skip elements in transaction from garbage collection
* net: fix UaF in netns ops registration error path
net/core/net_namespace.c
* EDAC/device: Respect any driver-supplied workqueue polling value
drivers/edac/edac_device.c
ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
cifs: Fix oops due to uncleared server->smbd_conn in reconnect
smbd: Make upper layer decide when to destroy the transport
trace_events_hist: add check for return value of 'create_hist_field'
* tracing: Make sure trace_printk() can output as soon as it can be used
kernel/trace/trace.c
kernel/trace/trace.h
kernel/trace/trace_output.c
* module: Don't wait for GOING modules
kernel/module.c
scsi: hpsa: Fix allocation size for scsi_host_alloc()
* Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
net/bluetooth/hci_core.c
fs: reiserfs: remove useless new_opts in reiserfs_remount
perf env: Do not return pointers to local variables
* block: fix and cleanup bio_check_ro
block/blk-core.c
* netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
net/netfilter/nf_conntrack_proto_tcp.c
w1: fix WARNING after calling w1_process()
w1: fix deadloop in __w1_remove_master_device()
* tcp: avoid the lookup process failing to get sk in ehash table
net/ipv4/inet_hashtables.c
net/ipv4/inet_timewait_sock.c
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node()
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
dmaengine: xilinx_dma: program hardware supported buffer length
dmaengine: xilinx_dma: commonize DMA copy size calculation
HID: betop: check shape of output reports
net: macb: fix PTP TX timestamp failure due to packet padding
* dmaengine: Fix double increment of client_count in dma_chan_get()
drivers/dma/dmaengine.c
net: mlx5: eliminate anonymous module_init & module_exit
* usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
drivers/usb/gadget/function/f_fs.c
* usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
drivers/usb/gadget/function/f_fs.c
* HID: check empty report_list in hid_validate_values()
drivers/hid/hid-core.c
* net: mdio: validate parameter addr in mdiobus_get_phy()
drivers/net/phy/mdio_bus.c
net: usb: sr9700: Handle negative len
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
net: nfc: Fix use-after-free in local_cleanup()
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on()
* bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
kernel/bpf/verifier.c
amd-xgbe: Delay AN timeout during KR training
amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
affs: initialize fsdata in affs_truncate()
IB/hfi1: Fix expected receive setup error exit issues
IB/hfi1: Reserve user expected TIDs
IB/hfi1: Reject a zero-length user expected buffer
tomoyo: fix broken dependency on *.conf.default
EDAC/highbank: Fix memory leak in highbank_mc_probe()
HID: intel_ish-hid: Add check for ishtp_dma_tx_map
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
UPSTREAM: tcp: fix tcp_rmem documentation
* UPSTREAM: nvmem: core: skip child nodes not matching binding
drivers/nvmem/core.c
* BACKPORT: nvmem: core: Fix a resource leak on error in nvmem_add_cells_from_of()
drivers/nvmem/core.c
* UPSTREAM: sched/eas: Don't update misfit status if the task is pinned
kernel/sched/fair.c
* BACKPORT: arm64: link with -z norelro for LLD or aarch64-elf
arch/arm64/Makefile
* UPSTREAM: driver: core: Fix list corruption after device_del()
drivers/base/core.c
* UPSTREAM: coresight: tmc-etr: Fix barrier packet insertion for perf buffer
drivers/hwtracing/coresight/coresight-tmc-etr.c
* UPSTREAM: f2fs: fix double free of unicode map
fs/f2fs/super.c
* BACKPORT: net: xfrm: fix memory leak in xfrm_user_policy()
net/xfrm/xfrm_state.c
UPSTREAM: xfrm/compat: Don't allocate memory with __GFP_ZERO
UPSTREAM: xfrm/compat: memset(0) 64-bit padding at right place
UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
* UPSTREAM: scsi: ufs: Fix missing brace warning for old compilers
drivers/scsi/ufs/ufshcd-crypto.c
* UPSTREAM: arm64: vdso32: make vdso32 install conditional
arch/arm64/Makefile
* UPSTREAM: loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE
drivers/block/loop.c
BACKPORT: drm/virtio: fix missing dma_fence_put() in virtio_gpu_execbuffer_ioctl()
* BACKPORT: sched/uclamp: Protect uclamp fast path code with static key
kernel/sched/core.c
kernel/sched/cpufreq_schedutil.c
kernel/sched/sched.h
* BACKPORT: sched/uclamp: Fix initialization of struct uclamp_rq
kernel/sched/core.c
* UPSTREAM: coresight: etmv4: Fix CPU power management setup in probe() function
drivers/hwtracing/coresight/coresight-etm4x.c
* UPSTREAM: arm64: vdso: Add --eh-frame-hdr to ldflags
arch/arm64/kernel/vdso/Makefile
* BACKPORT: arm64: vdso: Add '-Bsymbolic' to ldflags
arch/arm64/kernel/vdso/Makefile
UPSTREAM: drm/virtio: fix a wait_event condition
* BACKPORT: sched/topology: Don't try to build empty sched domains
kernel/cgroup/cpuset.c
kernel/sched/topology.c
* BACKPORT: binder: prevent UAF read in print_binder_transaction_log_entry()
drivers/android/binder.c
drivers/android/binder_internal.h
* BACKPORT: copy_process(): don't use ksys_close() on cleanups
kernel/fork.c
* BACKPORT: arm64: vdso: Remove unnecessary asm-offsets.c definitions
arch/arm64/kernel/asm-offsets.c
* UPSTREAM: locking/lockdep, cpu/hotplug: Annotate AP thread
kernel/cpu.c
* Revert "xhci: Add a flag to disable USB3 lpm on a xhci root port level."
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
Merge 4.19.271 into android-4.19-stable
BACKPORT: mac80211_hwsim: add concurrent channels scanning support over virtio
* BACKPORT: mac80211_hwsim: add frame transmission support over virtio This allows communication with external entities.
include/uapi/linux/virtio_ids.h
* BACKPORT: driver core: Skip unnecessary work when device doesn't have sync_state()
drivers/base/core.c
Linux 4.19.271
x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
* Revert "ext4: generalize extents status tree search functions"
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* Revert "ext4: add new pending reservation mechanism"
fs/ext4/ext4.h
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/super.c
* Revert "ext4: fix reserved cluster accounting at delayed write time"
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* Revert "ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline"
fs/ext4/extents.c
gsmi: fix null-deref in gsmi_get_variable
serial: atmel: fix incorrect baudrate setup
serial: pch_uart: Pass correct sg to dma_unmap_sg()
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
* usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
drivers/usb/gadget/function/f_ncm.c
usb: gadget: g_webcam: Send color matching descriptor per frame
usb: typec: altmodes/displayport: Fix pin assignment calculation
usb: typec: altmodes/displayport: Add pin assignment helper
usb: host: ehci-fsl: Fix module alias
USB: serial: cp210x: add SCALANCE LPE-9000 device id
cifs: do not include page data when checking signature
mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
comedi: adv_pci1760: Fix PWM instruction handling
* usb: core: hub: disable autosuspend for TI TUSB8041
drivers/usb/core/hub.c
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
USB: serial: option: add Quectel EM05CN modem
USB: serial: option: add Quectel EM05CN (SG) modem
USB: serial: option: add Quectel EC200U modem
USB: serial: option: add Quectel EM05-G (RS) modem
USB: serial: option: add Quectel EM05-G (CS) modem
USB: serial: option: add Quectel EM05-G (GR) modem
* prlimit: do_prlimit needs to have a speculation check
kernel/sys.c
* xhci: Add a flag to disable USB3 lpm on a xhci root port level.
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
* xhci: Fix null pointer dereference when host dies
drivers/usb/host/xhci.c
* usb: xhci: Check endpoint is valid before dereferencing it
drivers/usb/host/xhci-ring.c
* xhci-pci: set the dma max_seg_size
drivers/usb/host/xhci-pci.c
nilfs2: fix general protection fault in nilfs_btree_insert()
Add exception protection processing for vd in axi_chan_handle_err function
* f2fs: let's avoid panic if extent_tree is not created
fs/f2fs/extent_cache.c
RDMA/srp: Move large values to a new enum for gcc13
* net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
net/core/ethtool.c
pNFS/filelayout: Fix coalescing test for single DS
* ANDROID: usb: f_accessory: Check buffer size when initialised via composite
drivers/usb/gadget/configfs.c
drivers/usb/gadget/function/f_accessory.c
Merge 4.19.270 into android-4.19-stable
Linux 4.19.270
serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
serial: tegra: Only print FIFO error message when an error occurs
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
efi: fix NULL-deref in init error path
* arm64: cmpxchg_double*: hazard against entire exchange variable
arch/arm64/include/asm/atomic_ll_sc.h
arch/arm64/include/asm/atomic_lse.h
drm/virtio: Fix GEM handle creation UAF
x86/resctrl: Fix task CLOSID/RMID update race
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
net/mlx5: Fix ptp max frequency adjustment range
net/mlx5: Rename ptp clock info
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
hvc/xen: lock console list traversal
regulator: da9211: Use irq handler when ready
* EDAC/device: Fix period calculation in edac_device_reset_delay_period()
drivers/edac/edac_device.c
drivers/edac/edac_module.h
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
* ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
fs/ext4/exten Conflicts:
drivers/edac/edac_device.c
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/usb/core/hub.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/f_hid.c
kernel/panic.c
mm/kasan/report.cts.c
* ext4: fix reserved cluster accounting at delayed write time
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* ext4: add new pending reservation mechanism
fs/ext4/ext4.h
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/super.c
* ext4: generalize extents status tree search functions
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* ext4: fix uninititialized value in 'ext4_evict_inode'
fs/ext4/super.c
* ext4: fix use-after-free in ext4_orphan_cleanup
fs/ext4/inode.c
* ext4: lost matching-pair of trace in ext4_truncate
fs/ext4/inode.c
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
fs/quota/dquot.c
* quota: Factor out setup of quota inode
fs/quota/dquot.c
include/linux/quotaops.h
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
kest.pl: Fix grub2 menu handling for rebooting
ktest.pl: Fix incorrect reboot for grub2bls
ktest: introduce grub2bls REBOOT_TYPE option
ktest: cleanup get_grub_index
ktest: introduce _get_grub_index
ktest: Add support for meta characters in GRUB_MENU
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
wifi: wilc1000: sdio: fix module autoloading
* ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
net/ipv6/raw.c
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
cifs: Fix uninitialized memory read for smb311 posix symlink create
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
sound/core/control_compat.c
* net/ulp: prevent ULP without clone op from entering the LISTEN status
net/ipv4/inet_connection_sock.c
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
perf auxtrace: Fix address filter duplicate symbol selection
docs: Fix the docs build with Sphinx 6.0
* net: sched: disallow noqueue for qdisc classes
net/sched/sch_api.c
* driver core: Fix bus_type.match() error handling in __driver_attach()
drivers/base/dd.c
parisc: Align parisc MADV_XXX constants with all other architectures
* mbcache: Avoid nesting of cache->c_list_lock under bit locks
fs/mbcache.c
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
hfs/hfsplus: use WARN_ON for sanity check
* ext4: don't allow journal inode to have encrypt flag
fs/ext4/super.c
riscv: uaccess: fix type of 0 variable on error in get_user()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
x86/bugs: Flush IBP in ib_prctl_set()
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
udf: Fix extension of the last extent in the file
caif: fix memory leak in cfctrl_linkup_request()
usb: rndis_host: Secure rndis_query check against int overflow
net: sched: atm: dont intepret cls results when asked to drop
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
net: amd-xgbe: add missed tasklet_kill
nfc: Fix potential resource leaks
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
* bpf: pull before calling skb_postpull_rcsum()
net/core/filter.c
* SUNRPC: ensure the matching upcall is in-flight upon downcall
include/linux/sunrpc/rpc_pipe_fs.h
* ext4: fix deadlock due to mbcache entry corruption
fs/ext4/xattr.c
fs/mbcache.c
include/linux/mbcache.h
* mbcache: automatically delete entries from cache on freeing
fs/mbcache.c
include/linux/mbcache.h
* ext4: fix race when reusing xattr blocks
fs/ext4/xattr.c
* ext4: unindent codeblock in ext4_xattr_block_set()
fs/ext4/xattr.c
* ext4: remove EA inode entry from mbcache on inode eviction
fs/ext4/inode.c
fs/ext4/xattr.c
fs/ext4/xattr.h
* mbcache: add functions to delete entry if unused
fs/mbcache.c
include/linux/mbcache.h
* mbcache: don't reclaim used entries
fs/mbcache.c
* ext4: use kmemdup() to replace kmalloc + memcpy
fs/ext4/xattr.c
* ext4: correct inconsistent error msg in nojournal mode
fs/ext4/super.c
* ext4: goto right label 'failed_mount3a'
fs/ext4/super.c
* driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
drivers/base/dd.c
ravb: Fix "failed to switch device to config mode" message during unbind
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
dm thin: resume even if in FAIL mode
media: s5p-mfc: Fix in register read and write for H264
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix to handle reference queue during finishing
btrfs: replace strncpy() with strscpy()
btrfs: send: avoid unnecessary backref lookups when finding clone source
* ext4: allocate extended attribute value in vmalloc area
fs/ext4/xattr.c
* ext4: avoid unaccounted block allocation when expanding inode
fs/ext4/inode.c
* ext4: initialize quota before expanding inode in setproject ioctl
fs/ext4/ioctl.c
* ext4: fix inode leak in ext4_xattr_inode_create() on an error path
fs/ext4/xattr.c
* ext4: avoid BUG_ON when creating xattrs
fs/ext4/xattr.c
* ext4: fix error code return to user-space in ext4_get_branch()
fs/ext4/indirect.c
* ext4: fix corruption when online resizing a 1K bigalloc fs
fs/ext4/resize.c
* ext4: init quota for 'old.inode' in 'ext4_rename'
fs/ext4/namei.c
* ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
fs/ext4/ioctl.c
* ext4: add helper to check quota inums
fs/ext4/super.c
* ext4: fix undefined behavior in bit shift for ext4_check_flag_values
fs/ext4/ext4.h
* ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
fs/ext4/inode.c
drm/vmwgfx: Validate the box size for the snooped cursor
* drm/connector: send hotplug uevent on connector cleanup
drivers/gpu/drm/drm_connector.c
device_cgroup: Roll back to original exceptions after copy failure
parisc: led: Fix potential null-ptr-deref in start_task()
iommu/amd: Fix ivrs_acpihid cmdline parsing code
crypto: n2 - add missing hash statesize
* PCI/sysfs: Fix double free in error path
drivers/pci/pci-sysfs.c
* PCI: Fix pci_device_is_present() for VFs by checking PF
drivers/pci/pci.c
ipmi: fix use after free in _ipmi_destroy_user()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix long wait in unload when IPMI disconnect
md/bitmap: Fix bitmap chunk size overflow issues
cifs: fix confusing debug message
media: dvb-core: Fix UAF due to refcount races at releasing
media: dvb-core: Fix double free in dvb_register_device()
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
* tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
kernel/trace/trace.c
x86/microcode/intel: Do not retry microcode reloading on the APs
dm cache: set needs_check flag after aborting metadata
dm cache: Fix UAF in destroy()
dm thin: Fix UAF in run_timer_softirq()
dm thin: Use last transaction's pmd->root when commit failed
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
binfmt: Fix error return code in load_elf_fdpic_binary()
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
selftests: Use optional USERCFLAGS and USERLDFLAGS
ARM: ux500: do not directly dereference __iomem
ktest.pl minconfig: Unset configs instead of just removing them
* soc: qcom: Select REMAP_MMIO for LLCC driver
drivers/soc/qcom/Kconfig
media: stv0288: use explicitly signed char
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
md: fix a crash in mempool_free
* pnode: terminate at peers of source
fs/pnode.c
ALSA: line6: fix stack overflow in line6_midi_transmit
ALSA: line6: correct midi status byte when receiving data from podxt
* ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
fs/overlayfs/dir.c
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
* HID: plantronics: Additional PIDs for double volume key presses quirk
drivers/hid/hid-ids.h
drivers/hid/hid-plantronics.c
powerpc/rtas: avoid scheduling in rtas_os_term()
powerpc/rtas: avoid device tree lookups in rtas_os_term()
ata: ahci: Fix PCS quirk application for suspend
media: dvbdev: fix refcnt bug
* media: dvbdev: fix build warning due to comments
include/media/dvbdev.h
gcov: add support for checksum field
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
reiserfs: Add missing calls to reiserfs_security_free()
* HID: wacom: Ensure bootloader PID is usable in hidraw mode
drivers/hid/wacom_sys.c
drivers/hid/wacom_wac.c
drivers/hid/wacom_wac.h
* usb: dwc3: core: defer probe on ulpi_read_id timeout
drivers/usb/dwc3/core.c
* pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
fs/pstore/Kconfig
* pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
fs/pstore/pmsg.c
ASoC: rt5670: Remove unbalanced pm_runtime_put()
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
clk: st: Fix memory leak in st_of_quadfs_setup()
media: si470x: Fix use-after-free in si470x_int_in_callback()
mmc: f-sdh30: Add quirks for broken timeout clock capability
* regulator: core: fix use_count leakage when handling boot-on
drivers/regulator/core.c
* blk-mq: fix possible memleak when register 'hctx' failed
block/blk-mq-sysfs.c
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
* media: dvbdev: adopts refcnt to avoid UAF
include/media/dvbdev.h
media: dvb-frontends: fix leak of memory fw
* ppp: associate skb with a device at tx
drivers/net/ppp/ppp_generic.c
* mrp: introduce active flags to prevent UAF when applicant uninit
include/net/mrp.h
md/raid1: stop mdx_raid1 thread when raid1 array run failed
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
drm/sti: Use drm_mode_copy()
s390/lcs: Fix return type of lcs_start_xmit()
s390/netiucv: Fix return type of netiucv_tx()
s390/ctcm: Fix return type of ctc{mp,}m_tx()
drm/amdgpu: Fix type of second parameter in trans_msg() callback
igb: Do not free q_vector unless new one was allocated
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
* bpf: make sure skb->len != 0 when redirecting to a tunneling device
net/core/filter.c
ipmi: fix memleak when unload ipmi driver
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
wifi: ath9k: verify the expected usb_endpoints are present
hfs: fix OOB Read in __hfs_brec_find
acct: fix potential integer overflow in encode_comp_t()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
ACPICA: Fix error code path in acpi_ds_call_control_method()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbAllocAG
binfmt_misc: fix shift-out-of-bounds in check_special_flags
* net: stream: purge sk_error_queue in sk_stream_kill_queues()
net/core/stream.c
myri10ge: Fix an error handling path in myri10ge_probe()
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
* net_sched: reject TCF_EM_SIMPLE case for complex ematch module
net/sched/ematch.c
* skbuff: Account for tail adjustment during pull operations
net/core/skbuff.c
openvswitch: Fix flow lookup to use unmasked key
rtc: mxc_v2: Add missing clk_disable_unprepare()
r6040: Fix kmemleak in probe and remove
nfc: pn533: Clear nfc_target before being used
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
selftests/powerpc: Fix resource leaks
powerpc/hv-gpci: Fix hv_gpci event list
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/52xx: Fix a resource leak in an error handling path
macintosh/macio-adb: check the return value of ioremap()
macintosh: fix possible memory leak in macio_add_one_device()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
iommu/amd: Fix pci device refcount leak in ppr_notifier()
rtc: snvs: Allow a time difference on clock register read
* include/uapi/linux/swab: Fix potentially missing __always_inline
include/uapi/linux/swab.h
HSI: omap_ssi_core: Fix error handling in ssi_init()
perf symbol: correction while adjusting symbol
* power: supply: fix residue sysfs file in error handle route of __power_supply_register()
drivers/power/supply/power_supply_core.c
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
fbdev: vermilion: decrease reference count in error path
fbdev: via: Fix error in via_core_init()
fbdev: pm2fb: fix missing pci_disable_device()
* fbdev: ssd1307fb: Drop optional dependency
drivers/video/fbdev/Kconfig
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
tracing/hist: Fix issue of losting command info in error_log
usb: storage: Add check for kcalloc
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
vme: Fix error not catched in fake_init()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
staging: rtl8192u: Fix use after free in ieee80211_rx()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
* chardev: fix error handling in cdev_device_add()
fs/char_dev.c
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
drivers: mcb: fix resource leak in mcb_probe()
* usb: gadget: f_hid: fix refcount leak on error path
drivers/usb/gadget/function/f_hid.c
* usb: gadget: f_hid: fix f_hidg lifetime vs cdev
drivers/usb/gadget/function/f_hid.c
* usb: gadget: f_hid: optional SETUP/SET_REPORT mode
drivers/usb/gadget/function/f_hid.c
drivers/usb/gadget/function/u_hid.h
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
test_firmware: fix memory leak in test_firmware_init()
serial: sunsab: Fix error handling in sunsab_init()
serial: altera_uart: fix locking in polling mode
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
serial: pch: Fix PCI device refcount leak in pch_request_dma()
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: amba-pl011: avoid SBSA UART accessing DMACR register
* usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
drivers/usb/typec/bus.c
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: fotg210-udc: Fix ages old endianness issues
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
vfio: platform: Do not pass return buffer to ACPI _RST method
* class: fix possible memory leak in __class_register()
drivers/base/class.c
serial: tegra: Read DMA status before terminating
tty: serial: tegra: Activate RX DMA transfer by request
serial: tegra: Add PIO mode support
serial: tegra: report clk rate errors
serial: tegra: add support to adjust baud rate
serial: tegra: add support to use 8 bytes trigger
serial: tegra: set maximum num of uart ports to 8
serial: tegra: check for FIFO mode enabled status
serial: tegra: avoid reg access when clk disabled
drivers: dio: fix possible memory leak in dio_init()
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
hwrng: geode - Fix PCI device refcount leak
hwrng: amd - Fix PCI device refcount leak
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
orangefs: Fix sysfs not cleanup when dev init failed
RDMA/hfi1: Fix error return code in parse_platform_config()
scsi: snic: Fix possible UAF in snic_tgt_create()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
scsi: hpsa: use local workqueues instead of system workqueues
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/hfi: Decrease PCI device reference count in error path
* PCI: Check for alloc failure in pci_request_irq()
drivers/pci/irq.c
scsi: scsi_debug: Fix a warning in resp_write_scat()
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
* f2fs: fix normal discard process
fs/f2fs/segment.c
apparmor: Fix abi check to include v8 abi
apparmor: fix lockdep warning when removing a namespace
apparmor: fix a memleak in multi_transaction_new()
stmmac: fix potential division by 0
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
* Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
net/bluetooth/hci_core.c
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
net: lan9303: Fix read error execution path
net: amd-xgbe: Check only the minimum speed for active/passive cables
net: amd-xgbe: Fix logic around active and passive cables
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
* net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net/ipv4/udp_tunnel.c
net: farsync: Fix kmemleak when rmmods farsync
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
net: defxx: Fix missing err handling in dfx_init()
net: vmw_vsock: vmci: Check memcpy_from_msg()
clk: socfpga: use clk_hw_register for a5/c5
clk: socfpga: clk-pll: Remove unused variable 'rc'
* blktrace: Fix output non-blktrace event when blk_classic option enabled
kernel/trace/blktrace.c
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
rtl8xxxu: add enumeration for channel bandwidth
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
media: coda: Add check for kmalloc
media: coda: Add check for dcoda_iram_alloc
media: c8sectpfe: Add of_node_put() when breaking out of loop
mmc: mmci: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: moxart: fix return value check of mmc_add_host()
NFSv4.x: Fail client initialisation if state manager thread can't run
SUNRPC: Fix missing release socket in rpc_sockname()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
media: saa7164: fix missing pci_disable_device()
* regulator: core: fix module refcount leak in set_supply()
drivers/regulator/core.c
* wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
net/wireless/reg.c
* bonding: uninitialized variable in bond_miimon_inspect()
drivers/net/bonding/bond_main.c
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
ALSA: asihpi: fix missing pci_disable_device()
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
NFSv4.2: Fix a memory stomp in decode_attr_security_label
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
* pinctrl: pinconf-generic: add missing of_node_put()
drivers/pinctrl/pinconf-generic.c
media: imon: fix a race condition in send_packet()
drbd: remove call to memset before free device/resource/connection
mtd: maps: pxa2xx-flash: fix memory leak in probe
* bonding: Export skip slave logic to function
drivers/net/bonding/bond_main.c
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
* ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
include/uapi/sound/asequencer.h
HID: hid-sensor-custom: set fixed size for custom attributes
media: platform: exynos4-is: Fix error handling in fimc_md_init()
media: solo6x10: fix possible memory leak in solo_sysfs_init()
Input: elants_i2c - properly handle the reset GPIO when power is off
mtd: lpddr2_nvm: Fix possible null-ptr-deref
wifi: ath10k: Fix return value in ath10k_pci_init()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
* regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
drivers/regulator/core.c
ASoC: pxa: fix null-pointer dereference in filter()
drm/radeon: Add the missed acpi_put_table() to fix memory leak
* net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
include/linux/proc_fs.h
media: camss: Clean up received buffers on failed start of streaming
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
mtd: Fix device name leak when register device failed in add_mtd_device()
media: vivid: fix compose size exceed boundary
spi: Update reference to struct spi_controller
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: do not increase tx statistics when sending error message frames
media: i2c: ad5820: Fix error path
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
wifi: rtl8xxxu: Fix reading the vendor of combo chips
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
rapidio: devices: fix missing put_device in mport_cdev_open
hfs: Fix OOB Write in hfs_asc2mac
relay: fix type mismatch when allocating memory in relay_create_buf()
* eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
include/linux/eventfd.h
rapidio: fix possible UAF when kfifo_alloc() fails
fs: sysv: Fix sysv_nblocks() returns wrong value
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
* PM: runtime: Do not call __rpm_callback() from rpm_idle()
drivers/base/power/runtime.c
* PM: runtime: Improve path in rpm_idle() when no callback
drivers/base/power/runtime.c
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
x86/xen: Fix memory leak in xen_init_lock_cpu()
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
xen/events: only register debug interrupt for 2-level events
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
rapidio: rio: fix possible name leak in rio_register_mport()
rapidio: fix possible name leaks when rio_add_device() fails
* debugfs: fix error when writing negative value to atomic_t debugfs file
fs/debugfs/file.c
include/linux/debugfs.h
lib/notifier-error-inject: fix error when writing -errno to debugfs file
* libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
fs/libfs.c
include/linux/fs.h
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
PNP: fix name memory leak in pnp_alloc_dev()
MIPS: vpe-cmp: fix possible memory leak while module exiting
MIPS: vpe-mt: fix possible memory leak while module exiting
ocfs2: fix memory leak in ocfs2_stack_glue_init()
proc: fixup uptime selftest
* timerqueue: Use rb_entry_safe() in timerqueue_getnext()
include/linux/timerqueue.h
* perf: Fix possible memleak in pmu_dev_alloc()
kernel/events/core.c
selftests/ftrace: event_triggers: wait longer for test_event_enable
* fs: don't audit the capability check in simple_xattr_list()
fs/xattr.c
alpha: fix syscall entry in !AUDUT_SYSCALL case
* cpuidle: dt: Return the correct numbers of parsed idle states
drivers/cpuidle/dt_idle_states.c
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
* pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
fs/pstore/ram_core.c
ARM: mmp: fix timer_read delay
* pstore/ram: Fix error return code in ramoops_probe()
fs/pstore/ram.c
ARM: dts: turris-omnia: Add switch port 6 node
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
arm: dts: spear600: Fix clcd interrupt
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
ARM: dts: qcom: apq8064: fix coresight compatible
usb: musb: remove extra check in musb_gadget_vbus_draw
* net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
drivers/net/loopback.c
* Bluetooth: L2CAP: Fix u8 overflow
net/bluetooth/l2cap_core.c
igb: Initialize mailbox message for VF reset
USB: serial: f81534: fix division by zero on line-speed change
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
USB: serial: option: add Quectel EM05-G modem
usb: gadget: uvc: Prevent buffer overflow in setup handler
udf: Fix extending file within last block
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix preallocation discarding at indirect extent boundary
udf: Discard preallocation before extending file with a hole
perf script python: Remove explicit shebang from tests/attr.c
* ASoC: ops: Correct bounds check for second channel on SX controls
sound/soc/soc-ops.c
can: mcba_usb: Fix termination command argument
* can: sja1000: fix size of OCR_MODE_MASK define
include/linux/can/platform/sja1000.h
pinctrl: meditatek: Startup with the IRQs disabled
* ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
sound/soc/soc-ops.c
nfp: fix use-after-free in area_cache_get()
* block: unhash blkdev part inode when the part is deleted
block/partition-generic.c
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
* mm/khugepaged: fix GUP-fast interaction by sending IPI
include/asm-generic/tlb.h
mm/memory.c
ANDROID: Add more hvc devices for virtio-console.
ANDROID: Add allowed symbols required from Qualcomm drivers
* BACKPORT: lib: introduce copy_struct_from_user() helper
include/linux/bitops.h
include/linux/uaccess.h
lib/strnlen_user.c
lib/usercopy.c
* ANDROID: fix BIT() redefinition
include/linux/bits.h
include/vdso/bits.h
Bug: 268137599
Change-Id: I1ae5c7cfdd0387ced375d87341327c27bd3ae454
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Greg Kroah-Hartman
|
c97f22d970 |
Merge 4.19.272 into android-4.19-stable
Changes in 4.19.272 ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' HID: intel_ish-hid: Add check for ishtp_dma_tx_map EDAC/highbank: Fix memory leak in highbank_mc_probe() tomoyo: fix broken dependency on *.conf.default IB/hfi1: Reject a zero-length user expected buffer IB/hfi1: Reserve user expected TIDs IB/hfi1: Fix expected receive setup error exit issues affs: initialize fsdata in affs_truncate() amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent amd-xgbe: Delay AN timeout during KR training bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() net: nfc: Fix use-after-free in local_cleanup() wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid net: usb: sr9700: Handle negative len net: mdio: validate parameter addr in mdiobus_get_phy() HID: check empty report_list in hid_validate_values() usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait usb: gadget: f_fs: Ensure ep0req is dequeued before free_request net: mlx5: eliminate anonymous module_init & module_exit dmaengine: Fix double increment of client_count in dma_chan_get() net: macb: fix PTP TX timestamp failure due to packet padding HID: betop: check shape of output reports dmaengine: xilinx_dma: commonize DMA copy size calculation dmaengine: xilinx_dma: program hardware supported buffer length dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() tcp: avoid the lookup process failing to get sk in ehash table w1: fix deadloop in __w1_remove_master_device() w1: fix WARNING after calling w1_process() netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state block: fix and cleanup bio_check_ro perf env: Do not return pointers to local variables fs: reiserfs: remove useless new_opts in reiserfs_remount Bluetooth: hci_sync: cancel cmd_timer if hci_open failed scsi: hpsa: Fix allocation size for scsi_host_alloc() module: Don't wait for GOING modules tracing: Make sure trace_printk() can output as soon as it can be used trace_events_hist: add check for return value of 'create_hist_field' smbd: Make upper layer decide when to destroy the transport cifs: Fix oops due to uncleared server->smbd_conn in reconnect ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment EDAC/device: Respect any driver-supplied workqueue polling value net: fix UaF in netns ops registration error path netfilter: nft_set_rbtree: skip elements in transaction from garbage collection netlink: remove hash::nelems check in netlink_insert netlink: annotate data races around nlk->portid netlink: annotate data races around dst_portid and dst_group netlink: annotate data races around sk_state ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE netrom: Fix use-after-free of a listening socket. sctp: fail if no bound addresses can be used for a given scope net: ravb: Fix possible hang if RIS2_QFF1 happen net/tg3: resolve deadlock in tg3_reset_task() during EEH Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode" x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL drm/i915/display: fix compiler warning about array overrun x86/asm: Fix an assembler warning with current binutils x86/entry/64: Add instruction suffix to SYSRET ARM: dts: imx: Fix pca9547 i2c-mux node name dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init sysctl: add a new register_sysctl_init() interface panic: unset panic_on_warn inside panic() exit: Add and use make_task_dead. objtool: Add a missing comma to avoid string concatenation hexagon: Fix function name in die() h8300: Fix build errors from do_exit() to make_task_dead() transition ia64: make IA64_MCA_RECOVERY bool instead of tristate exit: Put an upper limit on how often we can oops exit: Expose "oops_count" to sysfs exit: Allow oops_limit to be disabled panic: Consolidate open-coded panic_on_warn checks panic: Introduce warn_limit panic: Expose "warn_count" to sysfs docs: Fix path paste-o for /sys/kernel/warn_count exit: Use READ_ONCE() for all oops/warn limit reads ipv6: ensure sane device mtu in tunnels usb: host: xhci-plat: add wakeup entry at sysfs Linux 4.19.272 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I4f9ddce1e108e81409d47e00fdeef2bc0d34f793 |
||
|
Eric W. Biederman
|
7d5de91a9a |
exit: Add and use make_task_dead.
commit 0e25498f8cd43c1b5aa327f373dd094e9a006da7 upstream. There are two big uses of do_exit. The first is it's design use to be the guts of the exit(2) system call. The second use is to terminate a task after something catastrophic has happened like a NULL pointer in kernel code. Add a function make_task_dead that is initialy exactly the same as do_exit to cover the cases where do_exit is called to handle catastrophic failure. In time this can probably be reduced to just a light wrapper around do_task_dead. For now keep it exactly the same so that there will be no behavioral differences introducing this new concept. Replace all of the uses of do_exit that use it for catastraphic task cleanup with make_task_dead to make it clear what the code is doing. As part of this rename rewind_stack_do_exit rewind_stack_and_make_dead. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
JohnnLee
|
20aa18cacb |
LTS: Merge android-4.19-stable (4.19.269) into android-msm-pixel-4.19
Merge android-4.19-stable common kernel (4.19.269) into B5R3/B9 Mainline kernel. Bug: 263916797 Test: Manual testing, SST, vts/vts-kernel, pts/base, pts/postsubmit-long Signed-off-by: Wilson Sung <wilsonsung@google.com> Change-Id: I1dd57d90f7683bad4fcf71d004b8b3b53c80b9f6 Signed-off-by: JohnnLee <johnnlee@google.com> |
||
|
Vincenzo Frascino
|
4c05a81915 |
UPSTREAM: arm64: vdso: Add --eh-frame-hdr to ldflags
LLVM's unwinder depends on the .eh_frame_hdr being present for
unwinding. However, when compiling Linux with GCC, the section
is not present in the vdso library object and when compiling
with Clang, it is present, but it has zero length.
With GCC the problem was not spotted because libgcc unwinder does
not require the .eh_frame_hdr section to be present.
Add --eh-frame-hdr to ldflags to correctly generate and populate
the section for both GCC and LLVM.
Bug: 254441685
Fixes: 28b1a824a4f44 ("arm64: vdso: Substitute gettimeofday() with C implementation")
Reported-by: Tamas Zsoldos <tamas.zsoldos@arm.com>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Tested-by: Tamas Zsoldos <tamas.zsoldos@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Link: https://lore.kernel.org/r/20200507104049.47834-1-vincenzo.frascino@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
(cherry picked from commit 7e9f5e6629f62865e67b8a02a5b522dd9af890bd)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ib1713bae7f17b344d1e6a214583e057f5b4f05a9
|
||
|
Vincenzo Frascino
|
1a8e69ff36 |
BACKPORT: arm64: vdso: Add '-Bsymbolic' to ldflags
Commit 28b1a824a4f44 ("arm64: vdso: Substitute gettimeofday() with C
implementation") introduced an unused 'VDSO_LDFLAGS' variable to the
vdso Makefile, suggesting that we should be passing '-Bsymbolic' to the
linker, as we do when linking the compat vDSO.
Although it's not strictly necessary to pass this flag, it would be
required if we were to add any internal references to the exported
symbols. It's also consistent with how we link the compat vdso so, since
there's no real downside from passing it, add '-Bsymbolic' to the ldflags
for the native vDSO.
Bug: 254441685
Fixes: 28b1a824a4f44 ("arm64: vdso: Substitute gettimeofday() with C implementation")
Reported-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Will Deacon <will@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Ard Biesheuvel <ardb@kernel.org>
Link: https://lore.kernel.org/r/20200428150854.33130-1-vincenzo.frascino@arm.com
Signed-off-by: Will Deacon <will@kernel.org>
(cherry picked from commit 86b8783701246a22a734824674cc3f87a5ed9f13)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: I99010ff671c8b33bfbaa1c9da52a12a3dbc7bdf0
|
||
|
Catalin Marinas
|
435c9b110c |
BACKPORT: arm64: vdso: Remove unnecessary asm-offsets.c definitions
Since the VDSO code has moved to C from assembly, there is no need to
define and maintain the corresponding asm offsets.
Bug: 254441685
Fixes: 28b1a824a4f4 ("arm64: vdso: Substitute gettimeofday() with C implementation")
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: linux-arch@vger.kernel.org
Cc: linux-arm-kernel@lists.infradead.org
Cc: linux-mips@vger.kernel.org
Cc: linux-kselftest@vger.kernel.org
Cc: Will Deacon <will.deacon@arm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Russell King <linux@armlinux.org.uk>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Paul Burton <paul.burton@mips.com>
Cc: Daniel Lezcano <daniel.lezcano@linaro.org>
Cc: Mark Salyzyn <salyzyn@android.com>
Cc: Peter Collingbourne <pcc@google.com>
Cc: Shuah Khan <shuah@kernel.org>
Cc: Dmitry Safonov <0x7f454c46@gmail.com>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Huw Davies <huw@codeweavers.com>
Cc: Shijith Thotton <sthotton@marvell.com>
Cc: Andre Przywara <andre.przywara@arm.com>
Link: https://lkml.kernel.org/r/20190624135812.GC29120@arrakis.emea.arm.com
(cherry picked from commit 94fee4d43752b6022428d9de402632904968e15b)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ie511ac25edda3a83d3b2570b109fde26d6019dbc
|
||
|
JohnnLee
|
ffec99e9b1 |
Merge branch 'LA.UM.9.12.C10.11.00.00.840.478' via branch 'qcom-msm-4.19-7250' into android-msm-pixel-4.19
Conflicts: arch/arm64/include/asm/assembler.h arch/arm64/include/asm/cpufeature.h arch/arm64/include/asm/kvm_mmu.h arch/arm64/kernel/cpu_errata.c arch/arm64/kernel/cpufeature.c arch/arm64/kernel/entry.S arch/arm64/kvm/hyp/hyp-entry.S arch/arm64/mm/mmu.c drivers/net/usb/ax88179_178a.c drivers/soc/qcom/scm.c drivers/soc/qcom/socinfo.c drivers/usb/gadget/function/f_fs.c include/linux/arm-smccc.h Bug: 261541074 Change-Id: I7f46738f04f5c301487dc92db5c5fa808d99bc79 Signed-off-by: JohnnLee <johnnlee@google.com> |
||
|
Wilson Sung
|
9935a3fd79 |
Merge android-4.19-stable (4.19.269) into android-msm-pixel-4.19-lts
Merge 4.19.269 into android-4.19-stable
Linux 4.19.269
can: esd_usb: Allow REC and TEC to return to zero
net: mvneta: Fix an out of bounds check
* ipv6: avoid use-after-free in ip6_fragment()
net/ipv6/ip6_output.c
net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
xen/netback: fix build warning
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
* tipc: Fix potential OOB in tipc_link_proto_rcv()
net/tipc/link.c
net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
net: stmmac: fix "snps,axi-config" node property parsing
nvme initialize core quirks before calling nvme_init_subsystem
NFC: nci: Bounds check struct nfc_target arrays
i40e: Disallow ip4 and ip6 l4_4_bytes
i40e: Fix for VF MAC address 0
i40e: Fix not setting default xps_cpus after reset
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
xen-netfront: Fix NULL sring after live migration
net: encx24j600: Fix invalid logic in reading of MISTAT register
net: encx24j600: Add parentheses to fix precedence
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
* Bluetooth: Fix not cleanup led when bt_init fails
net/bluetooth/af_bluetooth.c
Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
igb: Allocate MSI-X vector when testing
e1000e: Fix TX dispatch condition
gpio: amd8111: Fix PCI device reference count leak
ca8210: Fix crash by zero initializing data
ieee802154: cc2520: Fix error return code in cc2520_hw_init()
* HID: core: fix shift-out-of-bounds in hid_report_raw_event
drivers/hid/hid-core.c
HID: hid-lg4ff: Add check for empty lbuf
KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
* memcg: fix possible use-after-free in memcg_write_event_control()
include/linux/cgroup.h
kernel/cgroup/cgroup-internal.h
mm/memcontrol.c
* media: v4l2-dv-timings.c: fix too strict blanking sanity checks
drivers/media/v4l2-core/v4l2-dv-timings.c
rcutorture: Automatically create initrd directory
xen/netback: don't call kfree_skb() with interrupts disabled
xen/netback: do some code cleanup
xen/netback: Ensure protocol headers don't fall in the non-linear area
net: usb: qmi_wwan: add u-blox 0x1342 composition
9p/xen: check logical size for buffer size
fbcon: Use kzalloc() in fbcon_prepare_logo()
regulator: twl6030: fix get status of twl6032 regulators
* ASoC: soc-pcm: Add NULL check in BE reparenting
sound/soc/soc-pcm.c
ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
9p/fd: Use P9_HDRSZ for header size
ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
ARM: dts: rockchip: fix ir-receiver node names
arm: dts: rockchip: fix node name for hym8563 rtc
ANDROID: Add allowed symbols required from Qualcomm drivers
Merge 4.19.268 into android-4.19-stable
Linux 4.19.268
ipc/sem: Fix dangling sem_array access in semtimedop race
mmc: sdhci: Fix voltage switch delay
mmc: sdhci: use FIELD_GET for preset value bit masks
x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
* Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
net/bluetooth/l2cap_core.c
x86/pm: Add enumeration check before spec MSRs save/restore setup
x86/tsx: Add a feature bit for TSX control MSR support
nvme: restrict management ioctls to admin
* tcp/udp: Fix memory leak in ipv6_renew_options().
net/ipv6/ipv6_sockglue.c
* Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
lib/Kconfig.debug
* parisc: Increase FRAME_WARN to 2048 bytes on parisc
lib/Kconfig.debug
* xtensa: increase size of gcc stack frame check
lib/Kconfig.debug
* parisc: Increase size of gcc stack frame check
lib/Kconfig.debug
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
pinctrl: single: Fix potential division by zero
* ASoC: ops: Fix bounds check for _sx controls
sound/soc/soc-ops.c
* mm: Fix '.data.once' orphan section warning
include/linux/mmdebug.h
* arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
arch/arm64/kernel/cpu_errata.c
* arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
arch/arm64/kernel/cpu_errata.c
pinctrl: intel: Save and restore pins in "direct IRQ" mode
x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
* error-injection: Add prompt for function error injection
lib/Kconfig.debug
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
hwmon: (coretemp) Check for null before removing sysfs attrs
net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
* packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
net/packet/af_packet.c
* net: tun: Fix use-after-free in tun_detach()
drivers/net/tun.c
net: hsr: Fix potential use-after-free
dsa: lan9303: Correct stat name
net/9p: Fix a potential socket leak in p9_socket_open
net: net_netdev: Fix error handling in ntb_netdev_init_module()
* net: phy: fix null-ptr-deref while probe() failed
drivers/net/phy/phy_device.c
qlcnic: fix sleep-in-atomic-context bugs caused by msleep
can: cc770: cc770_isa_probe(): add missing free_cc770dev()
can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
net/mlx5: Fix uninitialized variable bug in outlen_write()
* of: property: decrement node refcount in of_fwnode_get_reference_args()
drivers/of/property.c
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
hwmon: (i5500_temp) fix missing pci_disable_device()
scripts/faddr2line: Fix regression in name resolution on ppc64le
* iio: light: rpr0521: add missing Kconfig dependencies
drivers/iio/light/Kconfig
iio: health:
|
||
|
Wilson Sung
|
05a5973ef4 |
Merge android-4.19-stable (4.19.266) into android-msm-pixel-4.19-lts
Merge 4.19.266 into android-4.19-stable
Linux 4.19.266
x86/speculation: Add RSB VM Exit protections
x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
x86/speculation: Disable RRSBA behavior
x86/bugs: Add Cannon lake to RETBleed affected CPU list
x86/cpu/amd: Enumerate BTC_NO
x86/common: Stamp out the stepping madness
x86/speculation: Fill RSB on vmexit for IBRS
KVM: VMX: Fix IBRS handling after vmexit
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
x86/speculation: Remove x86_spec_ctrl_mask
x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
x86/speculation: Fix SPEC_CTRL write on SMT state change
x86/speculation: Fix firmware entry SPEC_CTRL handling
x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
intel_idle: Disable IBRS during long idle
x86/bugs: Report Intel retbleed vulnerability
x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
x86/bugs: Optimize SPEC_CTRL MSR writes
x86/entry: Add kernel IBRS implementation
x86/entry: Remove skip_r11rcx
x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
x86/bugs: Add AMD retbleed= boot parameter
* x86/bugs: Report AMD retbleed vulnerability
drivers/base/cpu.c
include/linux/cpu.h
x86/cpufeatures: Move RETPOLINE flags to word 11
* x86/cpu: Add a steppings field to struct x86_cpu_id
include/linux/kvm_host.h
include/linux/mod_devicetable.h
x86/cpu: Add consistent CPU match macros
* x86/devicetable: Move x86 specific macro out of generic code
include/linux/mod_devicetable.h
x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header
x86/cpufeature: Add facility to check for min microcode revisions
* Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
include/linux/mod_devicetable.h
Revert "x86/speculation: Add RSB VM Exit protections"
* ANDROID: preserve CRC for some DRM functions
include/linux/bits.h
* Revert "tcp/udp: Make early_demux back namespacified."
include/net/protocol.h
include/net/tcp.h
include/net/udp.h
net/ipv4/af_inet.c
net/ipv4/ip_input.c
net/ipv4/sysctl_net_ipv4.c
net/ipv6/ip6_input.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
Merge 4.19.265 into android-4.19-stable
Linux 4.19.265
wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
* linux/bits.h: make BIT(), GENMASK(), and friends available in assembly
include/linux/bits.h
KVM: x86: emulator: update the emulation mode after CR0 write
KVM: x86: emulator: introduce emulator_recalc_and_set_mode
KVM: x86: emulator: em_sysexit should update ctxt->mode
KVM: x86: Mask off reserved bits in CPUID.80000008H
* ext4: fix warning in 'ext4_da_release_space'
fs/ext4/migrate.c
parisc: Avoid printing the hardware path twice
parisc: Export iosapic_serial_irq() symbol for serial port driver
* parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
drivers/tty/serial/8250/Kconfig
* efi: random: reduce seed size to 32 bytes
include/linux/efi.h
* ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
sound/usb/quirks-table.h
sound/usb/quirks.c
* capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
security/commoncap.c
tracing/histogram: Update document for KEYS_MAX size
kprobe: reverse kp->flags when arm_kprobe failed
* tcp/udp: Make early_demux back namespacified.
include/net/protocol.h
include/net/tcp.h
include/net/udp.h
net/ipv4/af_inet.c
net/ipv4/ip_input.c
net/ipv4/sysctl_net_ipv4.c
net/ipv6/ip6_input.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
btrfs: fix type of parameter generation in btrfs_get_dentry
block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
* Bluetooth: L2CAP: Fix attempting to access uninitialized memory
net/bluetooth/l2cap_core.c
i2c: xiic: Add platform module alias
* HID: saitek: add madcatz variant of MMO7 mouse device ID
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
media: dvb-frontends/drxk: initialize err to 0
media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
* ipv6: fix WARNING in ip6_route_net_exit_late()
net/ipv6/route.c
* net, neigh: Fix null-ptr-deref in neigh_table_clear()
net/core/neighbour.c
* net: mdio: fix undefined behavior in bit shift for __mdiobus_register
drivers/net/phy/mdio_bus.c
* Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
net/bluetooth/l2cap_core.c
* Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
net/bluetooth/l2cap_core.c
btrfs: fix ulist leaks in error paths of qgroup self tests
btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
isdn: mISDN: netjet: fix wrong check of device registration
mISDN: fix possible memory leak in mISDN_register_device()
rose: Fix NULL pointer dereference in rose_send_frame()
ipvs: fix WARNING in ip_vs_app_net_cleanup()
ipvs: fix WARNING in __ip_vs_cleanup_batch()
ipvs: use explicitly signed chars
* net: tun: fix bugs for oversize packet when napi frags enabled
drivers/net/tun.c
net: sched: Fix use after free in red_enqueue()
ata: pata_legacy: fix pdc20230_set_piomode()
net: fec: fix improper use of NETDEV_TX_BUSY
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
net: dsa: Fix possible memory leaks in dsa_loop_init()
nfs4: Fix kmemleak when allocate slot failed
NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
BACKPORT: ARM: 9039/1: assembler: generalize byte swapping macro into rev_l
BACKPORT: ARM: 9035/1: uncompress: Add be32tocpu macro
Merge 4.19.264 into android-4.19-stable
Linux 4.19.264
can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
net/mlx5e: Do not increment ESN when updating IPsec ESN state
net: ehea: fix possible memory leak in ehea_register_port()
openvswitch: switch from WARN to pr_warn
ALSA: aoa: Fix I2S device accounting
ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
* PM: domains: Fix handling of unavailable/disabled idle states
drivers/base/power/domain.c
net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
i40e: Fix flow-type by setting GL_HASH_INSET registers
i40e: Fix VF hang when reset is triggered on another VF
i40e: Fix ethtool rx-flow-hash setting for X722
* media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
include/uapi/linux/videodev2.h
* media: v4l2-dv-timings: add sanity checks for blanking values
drivers/media/v4l2-core/v4l2-dv-timings.c
media: vivid: dev->bitmap_cap wasn't freed in all cases
media: vivid: s_fbuf: add more sanity checks
PM: hibernate: Allow hybrid sleep to work with s2idle
can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
* tcp: fix indefinite deferral of RTO with SACK reneging
net/ipv4/tcp_input.c
net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
* net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
net/core/net_namespace.c
kcm: annotate data-races around kcm->rx_wait
kcm: annotate data-races around kcm->rx_psock
amd-xgbe: add the bit rate quirk for Molex cables
amd-xgbe: fix the SFP compliance codes check for DAC cables
x86/unwind/orc: Fix unreliable stack dump with gcov
net: netsec: fix error handling in netsec_register_mdio()
* tipc: fix a null-ptr-deref in tipc_topsrv_accept
net/tipc/topsrv.c
ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
arc: iounmap() arg is volatile
drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
net: ieee802154: fix error return code in dgram_bind()
mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
xen/gntdev: Prevent leaking grants
Xen/gntdev: don't ignore kernel unmapping error
s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
perf auxtrace: Fix address filter symbol name match for modules
* kernfs: fix use-after-free in __kernfs_remove
fs/kernfs/dir.c
mmc: core: Fix kernel panic when remove non-standard SDIO card
drm/msm/hdmi: fix memory corruption with too many bridges
drm/msm/dsi: fix memory corruption with too many bridges
mac802154: Fix LQI recording
fbdev: smscufx: Fix several use-after-free bugs
iio: light: tsl2583: Fix module unloading
tools: iio: iio_utils: fix digit calculation
* xhci: Remove device endpoints from bandwidth list when freeing the device
drivers/usb/host/xhci-mem.c
* usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
drivers/usb/host/xhci-pci.c
usb: bdc: change state when port disconnected
* usb: dwc3: gadget: Don't set IMI for no_interrupt
drivers/usb/dwc3/gadget.c
* usb: dwc3: gadget: Stop processing more requests on IMI
drivers/usb/dwc3/gadget.c
* USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
drivers/usb/core/quirks.c
ALSA: au88x0: use explicitly signed char
ALSA: Use del_timer_sync() before freeing timer
can: kvaser_usb: Fix possible completions during init_completion
* mm: /proc/pid/smaps_rollup: fix no vma's null-deref
fs/proc/task_mmu.c
hv_netvsc: Fix race between VF offering and VF association message from host
* Makefile.debug: re-enable debug info for .S files
Makefile
ACPI: video: Force backlight native for more TongFang devices
* media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
drivers/media/v4l2-core/v4l2-mem2mem.c
iommu/vt-d: Clean up si_domain in the init_dmars() error path
net: hns: fix possible memory leak in hnae_ae_register()
net: sched: cake: fix null pointer access issue when cake_init() fails
net/atm: fix proc_mpc_write incorrect return value
* HID: magicmouse: Do not set BTN_MOUSE on double report
drivers/hid/hid-magicmouse.c
* tipc: fix an information leak in tipc_topsrv_kern_subscr
net/tipc/topsrv.c
* tipc: Fix recognition of trial period
net/tipc/discover.c
ACPI: extlog: Handle multiple records
btrfs: fix processing of delayed tree block refs during backref walking
btrfs: fix processing of delayed data refs during backref walking
* r8152: add PID for the Lenovo OneLink+ Dock
drivers/net/usb/cdc_ether.c
drivers/net/usb/r8152.c
* arm64: errata: Remove AES hwcap for COMPAT tasks
arch/arm64/Kconfig
arch/arm64/include/asm/cpucaps.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/cpufeature.c
media: venus: dec: Handle the case where find_format fails
KVM: arm64: vgic: Fix exit condition in scan_its_table()
ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
ata: ahci-imx: Fix MODULE_ALIAS
hwmon/coretemp: Handle large core ID value
x86/microcode/AMD: Apply the patch early on every logical thread
ocfs2: fix BUG when iput after ocfs2_mknod fails
ocfs2: clear dinode links count in case of error
Merge 4.19.263 into android-4.19-stable
* UPSTREAM: once: fix section mismatch on clang builds
include/linux/once.h
Revert "serial: 8250: Fix restoring termios speed after suspend"
UPSTREAM: ARM: 8788/1: ftrace: remove old mcount support
Linux 4.19.263
* once: fix section mismatch on clang builds
include/linux/once.h
Merge 4.19.262 into android-4.19-stable
Linux 4.19.262
gcov: support GCC 12.1 and newer compilers
thermal: intel_powerclamp: Use first online CPU as control_cpu
* inet: fully convert sk->sk_rx_dst to RCU rules
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/tcp.c
net/ipv4/tcp_input.c
net/ipv4/tcp_ipv4.c
net/ipv4/udp.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
efi: libstub: drop pointless get_memory_map() call
md: Replace snprintf with scnprintf
* ext4: continue to expand file system when the target size doesn't reach
fs/ext4/resize.c
net/ieee802154: don't warn zero-sized raw_sendmsg()
* net: ieee802154: return -EINVAL for unknown addr type
include/net/ieee802154_netdev.h
perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
clk: bcm2835: Make peripheral PLLC critical
usb: idmouse: fix an uninit-value in idmouse_open
nvme: copy firmware_rev on each init
* Revert "usb: storage: Add quirk for Samsung Fit flash"
drivers/usb/storage/unusual_devs.h
usb: musb: Fix musb_gadget.c rxstate overflow bug
* usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
drivers/usb/host/xhci-mem.c
md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
HID: roccat: Fix use-after-free in roccat_read()
ata: libahci_platform: Sanity check the DT child nodes number
staging: vt6655: fix potential memory leak
power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
scsi: 3w-9xxx: Avoid disabling device if failing to enable it
media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
ARM: dts: imx6sx: add missing properties for sram
ARM: dts: imx6sll: add missing properties for sram
ARM: dts: imx6sl: add missing properties for sram
ARM: dts: imx6qp: add missing properties for sram
ARM: dts: imx6dl: add missing properties for sram
ARM: dts: imx6q: add missing properties for sram
ARM: dts: imx7d-sdb: config the max pressure for tsc2046
drm/amdgpu: fix initial connector audio value
platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
* drm: panel-orientation-quirks: Add quirk for Anbernic Win600
drivers/gpu/drm/drm_panel_orientation_quirks.c
drm/vc4: vec: Fix timings for VEC modes
drm/amd/display: fix overflow on MIN_I64 definition
* drm: Prevent drm_copy_field() to attempt copying a NULL pointer
drivers/gpu/drm/drm_ioctl.c
* drm: Use size_t type for len variable in drm_copy_field()
drivers/gpu/drm/drm_ioctl.c
* r8152: Rate limit overflow messages
drivers/net/usb/r8152.c
* Bluetooth: L2CAP: Fix user-after-free
net/bluetooth/l2cap_core.c
* net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
net/core/stream.c
wifi: rt2x00: correctly set BBP register 86 for MT7620
wifi: rt2x00: set SoC wmac clock register
wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
can: bcm: check the result of can_send() in bcm_can_tx()
* Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
net/bluetooth/hci_sysfs.c
* Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
net/bluetooth/l2cap_core.c
wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
* xfrm: Update ipcomp_scratches with NULL when freed
net/xfrm/xfrm_ipcomp.c
wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
* tcp: annotate data-race around tcp_md5sig_pool_populated
net/ipv4/tcp.c
openvswitch: Fix overreporting of drops in dropwatch
openvswitch: Fix double reporting of drops in dropwatch
wifi: brcmfmac: fix invalid address access when enabling SCAN log level
NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
MIPS: BCM47XX: Cast memcmp() of function to (void *)
ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
* f2fs: fix race condition on setting FI_NO_EXTENT flag
fs/f2fs/extent_cache.c
crypto: cavium - prevent integer overflow loading firmware
* iommu/iova: Fix module config properly
include/linux/iova.h
iommu/omap: Fix buffer overflow in debugfs
powerpc: Fix SPE Power ISA properties for e500v1 platforms
powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
powerpc/powernv: add missing of_node_put() in opal_export_attrs()
powerpc/pci_dn: Add missing of_node_put()
powerpc/sysdev/fsl_msi: Add missing of_node_put()
powerpc/math_emu/efp: Include module.h
mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
* spmi: pmic-arb: correct duplicate APID to PPID mapping logic
drivers/spmi/spmi-pmic-arb.c
dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
mfd: sm501: Add check for platform_driver_register()
mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
mfd: lp8788: Fix an error handling path in lp8788_probe()
mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
fsi: core: Check error number after calling ida_simple_get
serial: 8250: Fix restoring termios speed after suspend
firmware: google: Test spinlock on panic path to avoid lockups
staging: vt6655: fix some erroneous memory clean-up loops
phy: qualcomm: call clk_disable_unprepare in the error handling
drivers: serial: jsm: fix some leaks in probe
usb: gadget: function: fix dangling pnp_string in f_printer.c
* xhci: Don't show warning for reinit on known broken suspend
drivers/usb/host/xhci.c
md/raid5: Ensure stripe_fill happens on non-read IO with journal
* ata: fix ata_id_has_dipm()
include/linux/ata.h
* ata: fix ata_id_has_ncq_autosense()
include/linux/ata.h
* ata: fix ata_id_has_devslp()
include/linux/ata.h
* ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
include/linux/ata.h
mtd: devices: docg3: check the return value of devm_ioremap() in the probe
dyndbg: let query-modname override actual module name
* dyndbg: fix module.dyndbg handling
include/linux/dynamic_debug.h
RDMA/rxe: Fix the error caused by qp->sk
RDMA/rxe: Fix "kernel NULL pointer dereference" error
media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
tty: xilinx_uartps: Fix the ignore_status
media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
HSI: omap_ssi_port: Fix dma_map_sg error check
HSI: omap_ssi: Fix refcount leak in ssi_probe
clk: tegra20: Fix refcount leak in tegra20_clock_init
clk: tegra: Fix refcount leak in tegra114_clock_init
clk: tegra: Fix refcount leak in tegra210_clock_init
clk: berlin: Add of_node_put() for of_get_parent()
clk: oxnas: Hold reference returned by of_get_parent()
iio: ABI: Fix wrong format of differential capacitance channel ABI.
* iio: inkern: only release the device node when done with it
drivers/iio/inkern.c
iio: adc: at91-sama5d2_adc: check return status for pressure and touch
iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
ARM: Drop CMDLINE_* dependency on ATAGS
ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
ARM: dts: kirkwood: lsxl: remove first ethernet port
ARM: dts: kirkwood: lsxl: fix serial line
ARM: dts: turris-omnia: Fix mpp26 pin name and comment
* soc: qcom: smem_state: Add refcounting for the 'state->of_node'
drivers/soc/qcom/smem_state.c
soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
memory: of: Fix refcount leak bug in of_get_ddr_timings()
ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
ALSA: dmaengine: increment buffer pointer atomically
drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
drm/bridge: megachips: Fix a null pointer dereference bug
platform/x86: msi-laptop: Fix resource cleanup
platform/x86: msi-laptop: Fix old-ec check for backlight registering
platform/chrome: fix double-free in chromeos_laptop_prepare()
* drm/mipi-dsi: Detach devices when removing the host
drivers/gpu/drm/drm_mipi_dsi.c
drm: bridge: adv7511: fix CEC power down control register offset
net: mvpp2: fix mvpp2 debugfs leak
* once: add DO_ONCE_SLOW() for sleepable contexts
include/linux/once.h
lib/once.c
net/ipv4/inet_hashtables.c
bnx2x: fix potential memory leak in bnx2x_tpa_stop()
net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
* tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
include/linux/tcp.h
include/net/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_output.c
* sctp: handle the error returned from sctp_auth_asoc_init_active_key
net/sctp/auth.c
mISDN: fix use-after-free bugs in l1oip timer handlers
vhost/vsock: Use kvmalloc/kvfree for larger packets.
spi: s3c64xx: Fix large transfers with DMA
netfilter: nft_fib: Fix for rpath check with VRF devices
spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
* bpf: Ensure correct locking around vulnerable function find_vpid()
kernel/bpf/syscall.c
net: fs_enet: Fix wrong check in do_pd_setup
wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
* bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
kernel/bpf/btf.c
wifi: rtl8xxxu: Fix skb misuse in TX queue selection
spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
spi: mt7621: Fix an error message in mt7621_spi_probe()
bpftool: Fix a wrong type cast in btf_dumper_int
wifi: mac80211: allow bw change during channel switch in mesh
wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
sh: machvec: Use char[] for section boundaries
selinux: use "grep -E" instead of "egrep"
KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
* ring-buffer: Fix race between reset page and reading page
kernel/trace/ring_buffer.c
* ring-buffer: Check pending waiters when doing wake ups as well
kernel/trace/ring_buffer.c
* ring-buffer: Allow splice to read previous partially read pages
kernel/trace/ring_buffer.c
ftrace: Properly unset FTRACE_HASH_FL_MOD
livepatch: fix race between fork and KLP transition
* ext4: place buffer head allocation before handle start
fs/ext4/inode.c
* ext4: make ext4_lazyinit_thread freezable
fs/ext4/super.c
* ext4: fix null-ptr-deref in ext4_write_info
fs/ext4/super.c
* ext4: avoid crash when inline data creation follows DIO write
fs/ext4/file.c
nilfs2: fix use-after-free bug of struct nilfs_root
riscv: fix build with binutils 2.38
btrfs: fix race between quota enable and quota rescan ioctl
fbdev: smscufx: Fix use-after-free in ufx_ops_open()
* PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
drivers/pci/setup-res.c
UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
riscv: Allow PROT_WRITE-only mmap()
parisc: fbdev/stifb: Align graphics memory size to 4MB
* Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
fs/splice.c
regulator: qcom_rpm: Fix circular deferral regression
* quota: Check next/prev free block number after reading from quota file
fs/quota/quota_tree.c
* HID: multitouch: Add memory barriers
drivers/hid/hid-multitouch.c
fs: dlm: handle -EBUSY first in lock arg validation
fs: dlm: fix race between test_bit() and queue_work()
can: kvaser_usb_leaf: Fix CAN state after restart
can: kvaser_usb_leaf: Fix TX queue out of sync after restart
can: kvaser_usb_leaf: Fix overread with an invalid command
can: kvaser_usb: Fix use of uninitialized completion
* usb: add quirks for Lenovo OneLink+ Dock
drivers/usb/core/quirks.c
iio: dac: ad5593r: Fix i2c read protocol requirements
mtd: rawnand: atmel: Unmap streaming DMA mappings
ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
* ALSA: usb-audio: Fix NULL dererence at error path
sound/usb/endpoint.c
* ALSA: usb-audio: Fix potential memory leaks
sound/usb/endpoint.c
* ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
sound/core/rawmidi.c
ALSA: oss: Fix potential deadlock at unregistration
* Input: xpad - fix wireless 360 controller breaking after suspend
drivers/input/joystick/xpad.c
* Input: xpad - add supported devices as contributed on github
drivers/input/joystick/xpad.c
wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
* random: use expired timer rather than wq for mixing fast pool
drivers/char/random.c
* random: avoid reading two cache lines on irq randomness
drivers/char/random.c
* random: restore O_NONBLOCK support
drivers/char/mem.c
drivers/char/random.c
USB: serial: qcserial: add new usb-id for Dell branded EM7455
* scsi: stex: Properly zero out the passthrough command structure
include/scsi/scsi_cmnd.h
ALSA: hda: Fix position reporting on Poulsbo
* random: clamp credited irq bits to maximum mixed
drivers/char/random.c
ceph: don't truncate file in atomic_open
nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
nilfs2: fix leak of nilfs_root in case of writer thread creation failure
nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
* rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
drivers/rpmsg/qcom_glink_native.c
mmc: core: Terminate infinite loop in SD-UHS voltage switch
mmc: core: Replace with already defined values for readability
USB: serial: ftdi_sio: fix 300 bps rate for SIO
usb: mon: make mmapped memory read only
um: Cleanup compiler warning in arch/x86/um/tls_32.c
um: Cleanup syscall_handler_t cast in syscalls_32.h
* net/ieee802154: fix uninit value bug in dgram_sendmsg
include/net/ieee802154_netdev.h
scsi: qedf: Fix a UAF bug in __qedf_probe()
ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure
dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
firmware: arm_scmi: Add SCMI PM driver remove routine
* fs: fix UAF/GPF bug in nilfs_mdt_destroy
fs/inode.c
ARM: fix function graph tracer and unwinder dependencies
docs: update mediator information in CoC docs
* Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
scripts/Makefile.extrawarn
* BACKPORT: arm64: compat: vdso: Use legacy syscalls as fallback
arch/arm64/include/asm/vdso/compat_gettimeofday.h
ANDROID: Drop explicit 'CONFIG_INIT_STACK_ALL_ZERO=y' from gki_defconfig
* UPSTREAM: hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
Makefile
security/Kconfig.hardening
* UPSTREAM: hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
Makefile
security/Kconfig.hardening
* UPSTREAM: hardening: Clarify Kconfig text for auto-var-init
security/Kconfig.hardening
* ANDROID: Fix kenelci build-break for !CONFIG_PERF_EVENTS
kernel/cpu.c
* UPSTREAM: f2fs: guarantee to write dirty data when enabling checkpoint back
fs/f2fs/file.c
fs/f2fs/super.c
Bug: 260299968
Change-Id: I609eaa63e46c0600536923fa7da78ef66f5db237
Signed-off-by: Wilson Sung <wilsonsung@google.com>
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Greg Kroah-Hartman
|
b969cbb180 |
Merge 4.19.268 into android-4.19-stable
Changes in 4.19.268
wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
audit: fix undefined behavior in bit shift for AUDIT_BIT
wifi: mac80211: Fix ack frame idr leak when mesh has no route
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
RISC-V: vdso: Do not add missing symbols to version section in linker script
MIPS: pic32: treat port as signed integer
af_key: Fix send_acquire race with pfkey_register
ARM: dts: am335x-pcm-953: Define fixed regulators in root node
ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
bus: sunxi-rsb: Support atomic transfers
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
nfc/nci: fix race with opening and closing
net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
9p/fd: fix issue of list_del corruption in p9_fd_cancel()
ARM: mxs: fix memory leak in mxs_machine_init()
net/mlx4: Check retval of mlx4_bitmap_init
net/qla3xxx: fix potential memleak in ql3xxx_send()
net: pch_gbe: fix pci device refcount leak while module exiting
Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
net/mlx5: Fix FW tracer timestamp calculation
tipc: set con sock in tipc_conn_alloc
tipc: add an extra conn_get in tipc_conn_alloc
tipc: check skb_linearize() return value in tipc_disc_rcv()
xfrm: Fix ignored return value in xfrm6_init()
NFC: nci: fix memory leak in nci_rx_data_packet()
bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
s390/dasd: fix no record found for raw_track_access
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
nfc: st-nci: fix memory leaks in EVT_TRANSACTION
net: thunderx: Fix the ACPI memory leak
s390/crashdump: fix TOD programmable field size
arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
iio: light: apds9960: fix wrong register for gesture gain
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
nios2: add FORCE for vmlinuz.gz
iio: ms5611: Simplify IO callback parameters
iio: pressure: ms5611: fixed value compensation bug
ceph: do not update snapshot context when there is no new snapshot
ceph: avoid putting the realm twice when decoding snaps fails
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
xen/platform-pci: add missing free_irq() in error path
platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
platform/x86: hp-wmi: Ignore Smart Experience App event
tcp: configurable source port perturb table size
net: usb: qmi_wwan: add Telit 0x103a composition
dm integrity: flush the journal on suspend
btrfs: free btrfs_path before copying root refs to userspace
btrfs: free btrfs_path before copying fspath to userspace
btrfs: free btrfs_path before copying subvol info to userspace
drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
drm/amdgpu: always register an MMU notifier for userptr
btrfs: free btrfs_path before copying inodes to userspace
spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
proc: avoid integer type confusion in get_proc_long
proc: proc_skip_spaces() shouldn't think it is working on C strings
v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
Revert "x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"
iio: health: afe4403: Fix oob read in afe4403_read_raw
iio: health:
|
||
|
James Morse
|
51febca41a |
arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
Both the Spectre-v2 and Spectre-BHB mitigations involve running a sequence
immediately after exiting a guest, before any branches. In the stable
kernels these sequences are built by copying templates into an empty vector
slot.
For Spectre-BHB, Cortex-A57 and A72 require the branchy loop with k=8.
If Spectre-v2 needs mitigating at the same time, a firmware call to EL3 is
needed. The work EL3 does at this point is also enough to mitigate
Spectre-BHB.
When enabling the Spectre-BHB mitigation, spectre_bhb_enable_mitigation()
should check if a slot has already been allocated for Spectre-v2, meaning
no work is needed for Spectre-BHB.
This check was missed in the earlier backport, add it.
Fixes:
|
||
|
James Morse
|
70133fb6e3 |
arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
Sami reports that linux panic()s when resuming from suspend to RAM. This
is because when CPUs are brought back online, they re-enable any
necessary mitigations.
The Spectre-v2 and Spectre-BHB mitigations interact as both need to
done by KVM when exiting a guest. Slots KVM can use as vectors are
allocated, and templates for the mitigation are patched into the vector.
This fails if a new slot needs to be allocated once the kernel has finished
booting as it is no-longer possible to modify KVM's vectors:
| root@adam:/sys/devices/system/cpu/cpu1# echo 1 > online
| Unable to handle kernel write to read-only memory at virtual add>
| Mem abort info:
| ESR = 0x9600004e
| Exception class = DABT (current EL), IL = 32 bits
| SET = 0, FnV = 0
| EA = 0, S1PTW = 0
| Data abort info:
| ISV = 0, ISS = 0x0000004e
| CM = 0, WnR = 1
| swapper pgtable: 4k pages, 48-bit VAs, pgdp = 000000000f07a71c
| [ffff800000b4b800] pgd=00000009ffff8803, pud=00000009ffff7803, p>
| Internal error: Oops: 9600004e [#1] PREEMPT SMP
| Modules linked in:
| Process swapper/1 (pid: 0, stack limit = 0x0000000063153c53)
| CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.19.252-dirty #14
| Hardware name: ARM LTD ARM Juno Development Platform/ARM Juno De>
| pstate: 000001c5 (nzcv dAIF -PAN -UAO)
| pc : __memcpy+0x48/0x180
| lr : __copy_hyp_vect_bpi+0x64/0x90
| Call trace:
| __memcpy+0x48/0x180
| kvm_setup_bhb_slot+0x204/0x2a8
| spectre_bhb_enable_mitigation+0x1b8/0x1d0
| __verify_local_cpu_caps+0x54/0xf0
| check_local_cpu_capabilities+0xc4/0x184
| secondary_start_kernel+0xb0/0x170
| Code: b8404423 b80044c3 36180064 f8408423 (f80084c3)
| ---[ end trace 859bcacb09555348 ]---
| Kernel panic - not syncing: Attempted to kill the idle task!
| SMP: stopping secondary CPUs
| Kernel Offset: disabled
| CPU features: 0x10,25806086
| Memory Limit: none
| ---[ end Kernel panic - not syncing: Attempted to kill the idle ]
This is only a problem on platforms where there is only one CPU that is
vulnerable to both Spectre-v2 and Spectre-BHB.
The Spectre-v2 mitigation identifies the slot it can re-use by the CPU's
'fn'. It unconditionally writes the slot number and 'template_start'
pointer. The Spectre-BHB mitigation identifies slots it can re-use by
the CPU's template_start pointer, which was previously clobbered by the
Spectre-v2 mitigation.
When there is only one CPU that is vulnerable to both issues, this causes
Spectre-v2 to try to allocate a new slot, which fails.
Change both mitigations to check whether they are changing the slot this
CPU uses before writing the percpu variables again.
This issue only exists in the stable backports for Spectre-BHB which have
to use totally different infrastructure to mainline.
Reported-by: Sami Lee <sami.lee@mediatek.com>
Fixes:
|