d4414bc0e93d8da170fd0fc9fef65fe84015677d
783 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
0d750eaafc |
Merge tag 'ASB-2024-08-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-08-01 CVE-2024-36971 * tag 'ASB-2024-08-05_4.19-stable' of https://android.googlesource.com/kernel/common: (2363 commits) Linux 4.19.318 i2c: rcar: bring hardware to known state when probing nilfs2: fix kernel bug on rename operation of broken directory SUNRPC: Fix RPC client cleaned up the freed pipefs dentries tcp: avoid too many retransmit packets tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() net: tcp: fix unexcepted socket die when snd_wnd is 0 tcp: refactor tcp_retransmit_timer() libceph: fix race between delayed_work() and ceph_monc_stop() hpet: Support 32-bit userspace USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k USB: serial: option: add Rolling RW350-GL variants USB: serial: option: add Netprisma LCUK54 series modules USB: serial: option: add support for Foxconn T99W651 USB: serial: option: add Fibocom FM350-GL USB: serial: option: add Telit FN912 rmnet compositions USB: serial: option: add Telit generic core-dump composition ARM: davinci: Convert comma to semicolon ... Conflicts: Documentation/devicetree/bindings/sound/rt5645.txt android/abi_gki_aarch64.xml drivers/clk/qcom/clk-rcg2.c drivers/hwtracing/coresight/coresight-etm4x.c drivers/leds/leds-pwm.c drivers/mmc/core/host.c drivers/mmc/core/sdio.c drivers/mmc/host/cqhci.c drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c drivers/rpmsg/qcom_glink_native.c drivers/scsi/ufs/ufshcd.c drivers/thermal/thermal_core.c drivers/usb/dwc3/core.c drivers/usb/gadget/function/f_ncm.c fs/f2fs/gc.c fs/pstore/ram_core.c include/linux/fs.h include/linux/timer.h include/net/tcp.h init/initramfs.c kernel/events/core.c kernel/sched/idle.c kernel/time/timer.c mm/page_alloc.c net/wireless/scan.c scripts/checkpatch.pl Change-Id: Ice08f3ba5dc64a093bc381710ef2408d963cb983 |
||
|
Paul Geurts
|
33ba7baa3c |
NFC: trf7970a: disable all regulators on removal
[ Upstream commit 6bea4f03c6a4e973ef369e15aac88f37981db49e ]
During module probe, regulator 'vin' and 'vdd-io' are used and enabled,
but the vdd-io regulator overwrites the 'vin' regulator pointer. During
remove, only the vdd-io is disabled, as the vin regulator pointer is not
available anymore. When regulator_put() is called during resource
cleanup a kernel warning is given, as the regulator is still enabled.
Store the two regulators in separate pointers and disable both the
regulators on module remove.
Fixes:
|
||
|
Wilson Sung
|
e3167a4609 |
Merge android-4.19-stable (4.19.294) into android-msm-pixel-4.19-lts
Merge 4.19.294 into android-4.19-stable
Linux 4.19.294
Revert "ARM: ep93xx: fix missing-prototype warnings"
Revert "MIPS: Alchemy: fix dbdma2"
Merge 4.19.293 into android-4.19-stable
Linux 4.19.293
dma-buf/sw_sync: Avoid recursive lock during fence signal
* clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
include/linux/clk.h
* scsi: core: raid_class: Remove raid_component_add()
include/linux/raid_class.h
scsi: snic: Fix double free in snic_tgt_create()
irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable
* rtnetlink: Reject negative ifindexes in RTM_NEWLINK
net/core/rtnetlink.c
* netfilter: nf_queue: fix socket leak
net/netfilter/nf_queue.c
* sched/rt: pick_next_rt_entity(): check list_entry
kernel/sched/rt.c
* mmc: block: Fix in_flight[issue_type] value error
drivers/mmc/core/block.c
x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus
media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
* lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
lib/clz_ctz.c
batman-adv: Fix batadv_v_ogm_aggr_send memory leak
batman-adv: Fix TT global entry leak when client roamed back
batman-adv: Do not get eth header before batadv_check_management_packet
batman-adv: Don't increase MTU when set by user
batman-adv: Trigger events for auto adjusted MTU
nfsd: Fix race to FREE_STATEID and cl_revoked
ibmveth: Use dcbf rather than dcbfl
ipvs: fix racy memcpy in proc_do_sync_threshold
ipvs: Improve robustness to the ipvs sysctl
* bonding: fix macvlan over alb bond support
drivers/net/bonding/bond_alb.c
include/net/bonding.h
* net: remove bond_slave_has_mac_rcu()
include/net/bonding.h
* net/sched: fix a qdisc modification with ambiguous command request
net/sched/sch_api.c
igb: Avoid starting unnecessary workqueues
dccp: annotate data-races in dccp_poll()
* sock: annotate data-races around prot->memory_pressure
include/net/sock.h
net/sctp/socket.c
* tracing: Fix memleak due to race between current_tracer and trace
kernel/trace/trace.c
drm/amd/display: check TG is non-null before checking if enabled
drm/amd/display: do not wait for mpc idle if tg is disabled
* regmap: Account for register length in SMBus I/O limits
drivers/base/regmap/regmap-i2c.c
dm integrity: reduce vmalloc space footprint on 32-bit architectures
dm integrity: increase RECALC_SECTORS to improve recalculate speed
powerpc: Fail build if using recordmcount with binutils v2.37
powerpc: remove leftover code of old GCC version checks
powerpc/32: add stack protector support
fbdev: fix potential OOB read in fast_imageblit()
fbdev: Fix sys_imageblit() for arbitrary image widths
fbdev: Improve performance of sys_imageblit()
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
MIPS: cpu-features: Enable octeon_cache by cpu_type
fs: dlm: fix mismatch of plock results from userspace
fs: dlm: use dlm_plock_info for do_unlock_close
fs: dlm: change plock interrupted message to debug again
fs: dlm: add pid to debug log
dlm: replace usage of found with dedicated list iterator variable
dlm: improve plock logging if interrupted
PCI: acpiphp: Reassign resources on bridge if necessary
net: phy: broadcom: stub c45 read/write for 54810
* net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
net/xfrm/xfrm_user.c
* net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled
net/ipv4/tcp_timer.c
virtio-net: set queues after driver_ok
* af_unix: Fix null-ptr-deref in unix_stream_sendpage().
net/unix/af_unix.c
* netfilter: set default timeout to 3 secs for sctp shutdown send and recv state
net/netfilter/nf_conntrack_proto_sctp.c
test_firmware: prevent race conditions by a correct implementation of locking
mmc: wbsd: fix double mmc_free_host() in wbsd_init()
cifs: Release folio lock on fscache read hit.
* ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces.
sound/usb/quirks-table.h
serial: 8250: Fix oops for port->pm on uart_change_pm()
ASoC: meson: axg-tdm-formatter: fix channel slot allocation
ASoC: rt5665: add missed regulator_bulk_disable
* net: do not allow gso_size to be set to GSO_BY_FRAGS
include/linux/virtio_net.h
* sock: Fix misuse of sk_under_memory_pressure()
include/net/sock.h
net/core/sock.c
i40e: fix misleading debug logs
team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
netfilter: nft_dynset: disallow object maps
selftests: mirror_gre_changes: Tighten up the TTL test match
* xfrm: add NULL check in xfrm_update_ae_params
net/xfrm/xfrm_user.c
* ip_vti: fix potential slab-use-after-free in decode_session6
net/ipv4/ip_vti.c
* ip6_vti: fix slab-use-after-free in decode_session6
net/ipv6/ip6_vti.c
* xfrm: fix slab-use-after-free in decode_session6
net/xfrm/xfrm_interface_core.c
* xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c
net/xfrm/Makefile
* net: af_key: fix sadb_x_filter validation
net/key/af_key.c
* net: xfrm: Fix xfrm_address_filter OOB read
net/xfrm/xfrm_user.c
btrfs: fix BUG_ON condition in btrfs_cancel_balance
powerpc/rtas_flash: allow user copy to flash block cache objects
fbdev: mmp: fix value check in mmphw_probe()
virtio-mmio: don't break lifecycle of vm_dev
virtio-mmio: Use to_virtio_mmio_device() to simply code
virtio-mmio: convert to devm_platform_ioremap_resource
nfsd: Remove incorrect check in nfsd4_validate_stateid
nfsd4: kill warnings on testing stateids with mismatched clientids
block: fix signed int overflow in Amiga partition support
mmc: sunxi: fix deferred probing
mmc: bcm2835: fix deferred probing
* mmc: Remove dev_err() usage after platform_get_irq()
drivers/mmc/host/sdhci-msm.c
mmc: tmio: move tmio_mmc_set_clock() to platform hook
mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock()
mmc: meson-gx: remove redundant mmc_request_done() call from irq context
mmc: meson-gx: remove useless lock
* USB: dwc3: qcom: fix NULL-deref on suspend
drivers/usb/dwc3/dwc3-qcom.c
* usb: dwc3: qcom: Add helper functions to enable,disable wake irqs
drivers/usb/dwc3/dwc3-qcom.c
irqchip/mips-gic: Use raw spinlock for gic_lock
irqchip/mips-gic: Get rid of the reliance on irq_cpu_online()
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
powerpc/64s/radix: Fix soft dirty tracking
powerpc: Move page table dump files in a dedicated subdirectory
powerpc/mm: dump block address translation on book3s/32
powerpc/mm: dump segment registers on book3s/32
powerpc/mm: Move pgtable_t into platform headers
powerpc/mm: move platform specific mmu-xxx.h in platform directories
iio: addac: stx104: Fix race condition when converting analog-to-digital
iio: addac: stx104: Fix race condition for stx104_write_raw()
iio: adc: stx104: Implement and utilize register structures
iio: adc: stx104: Utilize iomap interface
* iio: add addac subdirectory
drivers/iio/Kconfig
drivers/iio/Makefile
drivers/iio/addac/Kconfig
drivers/iio/addac/Makefile
* IMA: allow/fix UML builds
security/integrity/ima/Kconfig
drm/amdgpu: Fix potential fence use-after-free v2
* Bluetooth: L2CAP: Fix use-after-free
net/bluetooth/l2cap_core.c
pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
gfs2: Fix possible data races in gfs2_show_options()
media: platform: mediatek: vpu: fix NULL ptr dereference
* media: v4l2-mem2mem: add lock to protect parameter num_rdy
include/media/v4l2-mem2mem.h
FS: JFS: Check for read-only mounted filesystem in txBegin
FS: JFS: Fix null-ptr-deref Read in txBegin
MIPS: dec: prom: Address -Warray-bounds warning
fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
udf: Fix uninitialized array access for some pathnames
* HID: add quirk for 03f0:464a HP Elite Presenter Mouse
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
* quota: fix warning in dqgrab()
fs/quota/dquot.c
* quota: Properly disable quotas when add_dquot_ref() fails
fs/quota/dquot.c
ALSA: emu10k1: roll up loops in DSP setup code for Audigy
drm/radeon: Fix integer overflow in radeon_cs_parser_init
selftests: forwarding: tc_flower: Relax success criterion
* lib/mpi: Eliminate unused umul_ppmm definitions for MIPS
lib/mpi/longlong.h
Merge 4.19.292 into android-4.19-stable
* Revert "posix-timers: Ensure timer ID search-loop limit is valid"
include/linux/sched/signal.h
kernel/time/posix-timers.c
Merge 4.19.291 into android-4.19-stable
Merge 4.19.290 into android-4.19-stable
UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer
* UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net/bluetooth/l2cap_sock.c
UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
* UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched/cls_u32.c
Linux 4.19.292
* sch_netem: fix issues in netem_change() vs get_dist_table()
net/sched/sch_netem.c
alpha: remove __init annotation from exported page_is_ram()
scsi: core: Fix possible memory leak if device_add() fails
scsi: snic: Fix possible memory leak if device_add() fails
scsi: 53c700: Check that command slot is not NULL
scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
* scsi: core: Fix legacy /proc parsing buffer overflow
drivers/scsi/scsi_proc.c
* netfilter: nf_tables: report use refcount overflow
include/net/netfilter/nf_tables.h
* netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush
include/net/netfilter/nf_tables.h
btrfs: don't stop integrity writeback too early
ibmvnic: Handle DMA unmapping of login buffs in release functions
* wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
include/net/cfg80211.h
IB/hfi1: Fix possible panic during hotplug remove
* drivers: net: prevent tun_build_skb() to exceed the packet size limit
drivers/net/tun.c
dccp: fix data-race around dp->dccps_mss_cache
* bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
drivers/net/bonding/bond_main.c
* net/packet: annotate data-races around tp->status
net/packet/af_packet.c
mISDN: Update parameter type of dsp_cmx_send()
drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes
x86: Move gds_ucode_mitigated() declaration to header
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
* usb: dwc3: Properly handle processing of pending events
drivers/usb/dwc3/gadget.c
usb-storage: alauda: Fix uninit-value in alauda_check_media()
* binder: fix memory leak in binder_init()
drivers/android/binder.c
drivers/android/binder_alloc.c
drivers/android/binder_alloc.h
iio: cros_ec: Fix the allocation size for cros_ec_command
nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput
radix tree test suite: fix incorrect allocation size for pthreads
drm/nouveau/gr: enable memory loads on helper invocation on all channels
dmaengine: pl330: Return DMA_PAUSED when transaction is paused
* ipv6: adjust ndisc_is_useropt() to also return true for PIO
net/ipv6/ndisc.c
mmc: moxart: read scr register without changing byte order
sparc: fix up arch_cpu_finalize_init() build breakage.
* UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched/cls_fw.c
Linux 4.19.291
* drm/edid: fix objtool warning in drm_cvt_modes()
drivers/gpu/drm/drm_edid.c
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
* drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
drivers/base/arch_topology.c
drivers/base/cacheinfo.c
drivers/base/core.c
drivers/base/cpu.c
drivers/base/firmware_loader/fallback.c
drivers/base/platform.c
drivers/base/power/sysfs.c
drivers/base/soc.c
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
ARM: dts: imx6sll: fixup of operating points
ARM: dts: imx: add usb alias
ARM: dts: imx6sll: Make ssi node name same as other platforms
* PM: sleep: wakeirq: fix wake irq arming
drivers/base/power/power.h
drivers/base/power/wakeirq.c
* PM / wakeirq: support enabling wake-up irq after runtime_suspend called
drivers/base/power/power.h
drivers/base/power/runtime.c
drivers/base/power/wakeirq.c
include/linux/pm_wakeirq.h
powerpc/mm/altmap: Fix altmap boundary check
mtd: rawnand: omap_elm: Fix incorrect type in assignment
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
test_firmware: fix a memory leak with reqs buffer
ext2: Drop fragment support
* net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
drivers/net/usb/usbnet.c
* Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net/bluetooth/l2cap_sock.c
fs/sysv: Null check to prevent null-ptr-deref bug
* USB: zaurus: Add ID for A-300/B-500/C-700
drivers/net/usb/cdc_ether.c
drivers/net/usb/zaurus.c
libceph: fix potential hang in ceph_osdc_notify()
scsi: zfcp: Defer fc_rport blocking until after ADISC response
* tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_net
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_vals[]
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_lock
net/ipv4/tcp_metrics.c
* tcp_metrics: annotate data-races around tm->tcpm_stamp
net/ipv4/tcp_metrics.c
* tcp_metrics: fix addr_same() helper
net/ipv4/tcp_metrics.c
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
* net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched/cls_u32.c
* net: add missing data-race annotation for sk_ll_usec
net/core/sock.c
* net: add missing data-race annotations around sk->sk_peek_off
net/core/sock.c
net/unix/af_unix.c
* net: sched: cls_u32: Fix match key mis-addressing
net/sched/cls_u32.c
perf test uprobe_from_different_cu: Skip if there is no gcc
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
KVM: s390: fix sthyi error handling
* word-at-a-time: use the same return type for has_zero regardless of endianness
include/asm-generic/word-at-a-time.h
* loop: Select I/O scheduler 'none' from inside add_disk()
drivers/block/loop.c
* perf: Fix function pointer case
kernel/events/core.c
* net/sched: cls_u32: Fix reference counter leak leading to overflow
net/sched/cls_u32.c
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
* net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched/cls_fw.c
drm/client: Fix memory leak in drm_client_target_cloned
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
s390/dasd: fix hanging device after quiesce/resume
virtio-net: fix race between set queues and probe
serial: 8250_dw: Preserve original value of DLF register
* serial: 8250_dw: split Synopsys DesignWare 8250 common functions
drivers/tty/serial/8250/Kconfig
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
tpm_tis: Explicitly check for error code
btrfs: check for commit error at btrfs_attach_transaction_barrier()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
Documentation: security-bugs.rst: clarify CVE handling
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
usb: xhci-mtk: set the dma max_seg_size
* USB: quirks: add quirk for Focusrite Scarlett
drivers/usb/core/quirks.c
usb: ohci-at91: Fix the unhandle interrupt when resume
* usb: dwc3: don't reset device side if dwc3 was configured as host-only
drivers/usb/dwc3/core.c
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
* Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
drivers/usb/dwc3/core.c
drivers/usb/dwc3/core.h
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
USB: serial: simple: sort driver entries
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: option: add Quectel EC200A module support
USB: serial: option: support Quectel EM060K_128
* tracing: Fix warning in trace_buffered_event_disable()
kernel/trace/trace_events.c
* ring-buffer: Fix wrong stat of cpu_buffer->read
kernel/trace/ring_buffer.c
ata: pata_ns87415: mark ns87560_tf_read static
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
* block: Fix a source code comment in include/uapi/linux/blkzoned.h
include/uapi/linux/blkzoned.h
ASoC: fsl_spdif: Silence output on stop
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
RDMA/mlx4: Make check for invalid flags stricter
benet: fix return value check in be_lancer_xmit_workarounds()
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
net/sched: mqprio: add extack to mqprio_parse_nlattr()
net/sched: mqprio: refactor nlattr parsing to a separate function
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
team: reset team's flags when down link is P2P device
* bonding: reset bond's flags when down link is P2P device
drivers/net/bonding/bond_main.c
* tcp: Reduce chance of collisions in inet6_hashfn().
include/net/ipv6.h
* ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
net/ipv6/addrconf.c
ethernet: atheros: fix return value check in atl1e_tso_csum()
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
* ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
fs/ext4/ioctl.c
scsi: qla2xxx: Array index may go out of bound
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
ftrace: Store the order of pages allocated in ftrace_page
ftrace: Check if pages were allocated before calling free_pages()
* ftrace: Add information on number of page groups allocated
kernel/trace/trace.c
kernel/trace/trace.h
fs: dlm: interrupt posix locks only when process is killed
dlm: rearrange async condition return
dlm: cleanup plock_op vs plock_xop
PCI/ASPM: Avoid link retraining race
PCI/ASPM: Factor out pcie_wait_for_retrain()
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
PCI: Rework pcie_retrain_link() wait loop
* ext4: Fix reusing stale buffer heads from last failed mounting
fs/ext4/super.c
* ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
fs/ext4/ext4.h
fs/ext4/fsmap.c
fs/ext4/super.c
btrfs: fix extent buffer leak after tree mod log failure at split_node()
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
bcache: remove 'int n' from parameter list of bch_bucket_alloc_set()
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
* tcp: annotate data-races around fastopenq.max_qlen
include/linux/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_fastopen.c
* tcp: annotate data-races around tp->notsent_lowat
include/net/tcp.h
net/ipv4/tcp.c
* tcp: annotate data-races around rskq_defer_accept
net/ipv4/tcp.c
* tcp: annotate data-races around tp->linger2
net/ipv4/tcp.c
* net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
include/net/tcp.h
net/ipv4/tcp.c
netfilter: nf_tables: can't schedule in nft_chain_validate
netfilter: nf_tables: fix spurious set element insertion failure
* llc: Don't drop packet from non-root netns.
net/llc/llc_input.c
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
* Revert "tcp: avoid the lookup process failing to get sk in ehash table"
net/ipv4/inet_hashtables.c
net/ipv4/inet_timewait_sock.c
net:ipv6: check return value of pskb_trim()
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
pinctrl: amd: Use amd_pinconf_set() for all config options
fbdev: imxfb: warn about invalid left/right margin
spi: bcm63xx: fix max prepend length
igb: Fix igb_down hung on surprise removal
wifi: iwlwifi: mvm: avoid baid size integer overflow
* wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
net/wireless/wext-core.c
* bpf: Address KCSAN report on bpf_lru_list
kernel/bpf/bpf_lru_list.c
kernel/bpf/bpf_lru_list.h
* sched/fair: Don't balance task to its current running CPU
kernel/sched/fair.c
* posix-timers: Ensure timer ID search-loop limit is valid
include/linux/sched/signal.h
kernel/time/posix-timers.c
md/raid10: prevent soft lockup while flush writes
md: fix data corruption for raid456 when reshape restart while grow up
nbd: Add the maximum limit of allocated index in nbd_dev_add
debugobjects: Recheck debug_objects_enabled before reporting
* ext4: correct inline offset when handling xattrs in inode body
fs/ext4/xattr.c
can: bcm: Fix UAF in bcm_proc_show()
* fuse: revalidate: don't invalidate if interrupted
fs/fuse/dir.c
perf probe: Add test for regression introduced by switch to die_get_decl_file()
tracing/histograms: Add histograms to hist_vars if they have referenced variables
* drm/atomic: Fix potential use-after-free in nonblocking commits
drivers/gpu/drm/drm_atomic.c
scsi: qla2xxx: Pointer may be dereferenced
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Wait for io return on terminate rport
xtensa: ISS: fix call to split_if_spec
* ring-buffer: Fix deadloop issue on reading trace_pipe
kernel/trace/ring_buffer.c
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
* Revert "8250: add support for ASIX devices with a FIFO bug"
include/linux/serial_8250.h
meson saradc: fix clock divider mask length
ceph: don't let check_caps skip sending responses for revoke msgs
hwrng: imx-rngc - fix the timeout for init and self check
serial: atmel: don't enable IRQs prematurely
fs: dlm: return positive pid value for F_GETLK
md/raid0: add discard support for the 'original' layout
misc: pci_endpoint_test: Re-init completion for every test
misc: pci_endpoint_test: Free IRQs before removing the device
PCI: rockchip: Use u32 variable to access 32-bit registers
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
PCI: rockchip: Write PCI Device ID to correct register
PCI: rockchip: Assert PCI Configuration Enable bit after probe
PCI: qcom: Disable write access to read only registers for IP v2.3.3
* PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
drivers/pci/quirks.c
* PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
drivers/pci/pci.c
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
* ext4: only update i_reserved_data_blocks on successful block allocation
fs/ext4/indirect.c
fs/ext4/inode.c
* ext4: fix wrong unit use in ext4_mb_clear_bb
fs/ext4/mballoc.c
perf intel-pt: Fix CYC timestamps after standalone CBR
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
pinctrl: amd: Only use special debounce behavior for GPIO 0
pinctrl: amd: Detect internal GPIO0 debounce handling
pinctrl: amd: Fix mistake in handling clearing pins at startup
* net/sched: make psched_mtu() RTNL-less safe
include/net/pkt_sched.h
wifi: airo: avoid uninitialized warning in airo_get_rate()
* ipv6/addrconf: fix a potential refcount underflow for idev
net/ipv6/addrconf.c
NTB: ntb_tool: Add check for devm_kcalloc
NTB: ntb_transport: fix possible memory leak while device_register() fails
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: idt: Fix error handling in idt_pci_driver_init()
* udp6: fix udp6_ehashfn() typo
net/ipv6/udp.c
* icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
net/ipv6/icmp.c
* vrf: Increment Icmp6InMsgs on the original netdev
include/net/addrconf.h
net/ipv6/icmp.c
net/ipv6/reassembly.c
net: mvneta: fix txq_map in case of txq_number==1
* workqueue: clean up WORK_* constant types, clarify masking
include/linux/workqueue.h
kernel/workqueue.c
net: lan743x: Don't sleep in atomic context
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
* netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
net/netfilter/nf_conntrack_helper.c
netfilter: nf_tables: fix scheduling-while-atomic splat
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
* netfilter: nf_tables: reject unbound anonymous set before commit phase
include/net/netfilter/nf_tables.h
* netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
include/net/netfilter/nf_tables.h
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
* netfilter: nf_tables: use net_generic infra for transaction data
include/net/netfilter/nf_tables.h
include/net/netns/nftables.h
* netfilter: add helper function to set up the nfnetlink header and use it
include/linux/netfilter/nfnetlink.h
net/netfilter/nf_conntrack_netlink.c
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_queue.c
netfilter: nftables: add helper function to set the base sequence number
netfilter: nf_tables: add rescheduling points during loop detection walks
netfilter: nf_tables: fix nat hook table deletion
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
spi: spi-fsl-spi: relax message sanity checking a little
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
ARM: orion5x: fix d2net gpio initialization
btrfs: fix race when deleting quota root from the dirty cow roots list
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
* integrity: Fix possible multiple allocation in integrity_inode_get()
security/integrity/iint.c
bcache: Remove unnecessary NULL point check in node allocations
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
mmc: core: disable TRIM on Kingston EMMC04G-M627
NFSD: add encoding of op_recall flag for write delegation
* ALSA: jack: Fix mutex call in snd_jack_report()
sound/core/jack.c
i2c: xiic: Don't try to handle more interrupt events after error
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
sh: dma: Fix DMA channel offset calculation
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
* tcp: annotate data races in __tcp_oow_rate_limited()
net/ipv4/tcp_input.c
* net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
net/bridge/br_if.c
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
* f2fs: fix error path handling in truncate_dnode()
fs/f2fs/node.c
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
* sctp: fix potential deadlock on &net->sctp.addr_wq_lock
net/sctp/socket.c
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
mfd: stmpe: Only disable the regulators if they are enabled
mfd: intel-lpss: Add missing check for platform_get_resource
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
mfd: rt5033: Drop rt5033-battery sub-device
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
* extcon: Fix kernel doc of property capability fields to avoid warnings
drivers/extcon/extcon.c
* extcon: Fix kernel doc of property fields to avoid warnings
drivers/extcon/extcon.c
media: usb: siano: Fix warning due to null work_func_t function pointer
* media: videodev2.h: Fix struct v4l2_input tuner index comment
include/uapi/linux/videodev2.h
media: usb: Check az6007_read() return value
sh: j2: Use ioremap() to translate device tree address into kernel memory
w1: fix loop in w1_fini()
* block: change all __u32 annotations to __be32 in affs_hardblocks.h
include/uapi/linux/affs_hardblocks.h
USB: serial: option: add LARA-R6 01B PIDs
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
ARCv2: entry: rewrite to enable use of double load/stores LDD/STD
ARCv2: entry: avoid a branch
ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE
ARCv2: entry: comments about hardware auto-save on taken interrupts
* modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
scripts/mod/modpost.c
* modpost: fix section mismatch message for R_ARM_ABS32
scripts/mod/modpost.c
crypto: nx - fix build warnings when DEBUG_FS is not enabled
hwrng: virtio - Fix race on data_avail and actual data
hwrng: virtio - always add a pending request
hwrng: virtio - don't waste entropy
hwrng: virtio - don't wait on cleanup
hwrng: virtio - add an internal buffer
pinctrl: at91-pio4: check return value of devm_kasprintf()
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: cherryview: Return correct value if pin in push-pull mode
* PCI: Add pci_clear_master() stub for non-CONFIG_PCI
include/linux/pci.h
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
drm/radeon: fix possible division-by-zero errors
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
* soc/fsl/qe: fix usb.c build errors
drivers/soc/fsl/qe/Kconfig
ASoC: es8316: Increment max value for ALC Capture Target Volume control
ARM: ep93xx: fix missing-prototype warnings
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
Input: adxl34x - do not hardcode interrupt trigger type
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: drv260x - sleep between polling GO bit
radeon: avoid double free in ci_dpm_init()
* netlink: Add __sock_i_ino() for __netlink_diag_dump().
include/net/sock.h
net/core/sock.c
ipvlan: Fix return value of ipvlan_queue_xmit()
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
* lib/ts_bm: reset initial match offset for every block of text
lib/ts_bm.c
gtp: Fix use-after-free in __gtp_encap_destroy().
* netlink: do not hard code device address lenth in fdb dumps
net/core/rtnetlink.c
* netlink: fix potential deadlock in netlink_set_err()
net/netlink/af_netlink.c
wifi: ath9k: convert msecs to jiffies where needed
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
memstick r592: make memstick_debug_get_tpc_name() static
kexec: fix a memory leak in crash_shrink_memory()
watchdog/perf: more properly prevent false positives with turbo modes
* watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
include/linux/nmi.h
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ray_cs: Drop useless status variable in parse_addr()
wifi: ray_cs: Utilize strnlen() in parse_addr()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wl3501_cs: use eth_hw_addr_set()
* net: create netdev->dev_addr assignment helpers
include/linux/etherdevice.h
include/linux/netdevice.h
wl3501_cs: Fix misspelling and provide missing documentation
wl3501_cs: Remove unnecessary NULL check
wl3501_cs: Fix a bunch of formatting issues related to function docs
wifi: atmel: Fix an error handling path in atmel_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
* nfc: constify several pointers to u8, char and sk_buff
include/net/nfc/nfc.h
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
samples/bpf: Fix buffer overflow in tcp_basertt
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
evm: Complete description of evm_inode_setattr()
ARM: 9303/1: kprobes: avoid missing-declaration warnings
* PM: domains: fix integer overflow issues in genpd_parse_state()
drivers/base/power/domain.c
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
* clocksource/drivers: Unify the names to timer-* format
drivers/clocksource/Makefile
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
md/raid10: fix io loss while replacement replace rdev
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
* treewide: Remove uninitialized_var() usage
drivers/clk/clk-gate.c
drivers/gpu/drm/drm_edid.c
drivers/md/dm-io.c
drivers/md/dm-ioctl.c
drivers/md/dm-snap-persistent.c
drivers/md/dm-table.c
fs/fat/dir.c
fs/fuse/control.c
fs/fuse/file.c
fs/overlayfs/copy_up.c
kernel/async.c
kernel/audit.c
kernel/events/core.c
kernel/events/uprobes.c
kernel/exit.c
kernel/futex.c
kernel/trace/ring_buffer.c
lib/radix-tree.c
mm/memcontrol.c
mm/percpu.c
mm/slub.c
mm/swap.c
net/ipv4/netfilter/nf_socket_ipv4.c
net/ipv6/ip6_flowlabel.c
net/ipv6/netfilter/nf_socket_ipv6.c
net/netfilter/nf_conntrack_ftp.c
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_queue.c
net/sched/cls_flow.c
sound/core/control_compat.c
sound/usb/endpoint.c
drm/amdgpu: Validate VM ioctl flags.
scripts/tags.sh: Resolve gtags empty index generation
* drm/edid: Fix uninitialized variable in drm_cvt_modes()
drivers/gpu/drm/drm_edid.c
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
video: imsttfb: check for ioremap() failures
x86/smp: Use dedicated cache-line for mwait_play_dead()
gfs2: Don't deref jdesc in evict
Linux 4.19.290
x86: fix backwards merge of GDS/SRSO bit
xen/netback: Fix buffer overrun triggered by unusual packet
Documentation/x86: Fix backwards on/off logic about YMM support
x86/xen: Fix secondary processors' FPU initialization
KVM: Add GDS_NO support to KVM
x86/speculation: Add Kconfig option for GDS
x86/speculation: Add force option to GDS mitigation
* x86/speculation: Add Gather Data Sampling mitigation
drivers/base/cpu.c
x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
x86/fpu: Mark init functions __init
x86/fpu: Remove cpuinfo argument from init functions
* init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
init/main.c
* init: Invoke arch_cpu_finalize_init() earlier
init/main.c
* init: Remove check_bugs() leftovers
init/main.c
um/cpu: Switch to arch_cpu_finalize_init()
sparc/cpu: Switch to arch_cpu_finalize_init()
sh/cpu: Switch to arch_cpu_finalize_init()
mips/cpu: Switch to arch_cpu_finalize_init()
m68k/cpu: Switch to arch_cpu_finalize_init()
ia64/cpu: Switch to arch_cpu_finalize_init()
ARM: cpu: Switch to arch_cpu_finalize_init()
x86/cpu: Switch to arch_cpu_finalize_init()
* init: Provide arch_cpu_finalize_init()
arch/Kconfig
include/linux/cpu.h
init/main.c
Merge 4.19.289 into android-4.19-stable
Linux 4.19.289
x86/cpu/amd: Add a Zenbleed fix
x86/cpu/amd: Move the errata checking functionality up
x86/microcode/AMD: Load late on both threads too
Merge 4.19.288 into android-4.19-stable
Linux 4.19.288
i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle
x86/apic: Fix kernel panic when booting with intremap=off and x2apic_phys
drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl
drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
drm/exynos: vidi: fix a wrong error return
ASoC: nau8824: Add quirk to active-high jack-detect
s390/cio: unregister device when the only path is gone
usb: gadget: udc: fix NULL dereference in remove()
nfcsim.c: Fix error checking for debugfs_create_dir
media: cec: core: don't set last_initiator if tx in progress
* arm64: Add missing Set/Way CMO encodings
arch/arm64/include/asm/sysreg.h
* HID: wacom: Add error check to wacom_parse_and_register()
drivers/hid/wacom_sys.c
scsi: target: iscsi: Prevent login threads from racing between each other
* sch_netem: acquire qdisc lock in netem_change()
net/sched/sch_netem.c
netfilter: nfnetlink_osf: fix module autoload
netfilter: nf_tables: disallow element updates of bound anonymous sets
be2net: Extend xmit workaround to BE3 chip
mmc: usdhi60rol0: fix deferred probing
mmc: sdhci-acpi: fix deferred probing
mmc: omap_hsmmc: fix deferred probing
mmc: omap: fix deferred probing
mmc: mvsdio: fix deferred probing
mmc: mvsdio: convert to devm_platform_ioremap_resource
mmc: mtk-sd: fix deferred probing
net: qca_spi: Avoid high load if QCA7000 is not available
xfrm: Linearize the skb after offloading if needed.
ieee802154: hwsim: Fix possible memory leaks
* rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
include/linux/rcupdate.h
nilfs2: prevent general protection fault in nilfs_clear_dirty_page()
* cgroup: Do not corrupt task iteration when rebinding subsystem
kernel/cgroup/cgroup.c
PCI: hv: Fix a race condition bug in hv_pci_query_relations()
Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs
nilfs2: fix buffer corruption due to concurrent device reads
ipmi: move message error checking to avoid deadlock
* ipmi: Make the smi watcher be disabled immediately when not needed
include/linux/ipmi_smi.h
x86/purgatory: remove PGO flags
nilfs2: reject devices with insufficient block count
serial: lantiq: add missing interrupt ack
serial: lantiq: Do not swap register read/writes
serial: lantiq: Use readl/writel instead of ltq_r32/ltq_w32
serial: lantiq: Change ltq_w32_mask to asc_update_bits
Merge 4.19.287 into android-4.19-stable
Linux 4.19.287
* mmc: block: ensure error propagation for non-blk
drivers/mmc/core/block.c
powerpc: Fix defconfig choice logic when cross compiling
drm/nouveau/kms: Fix NULL pointer dereference in nouveau_connector_detect_depth
* neighbour: delete neigh_lookup_nodev as not used
include/net/neighbour.h
net/core/neighbour.c
* net: Remove unused inline function dst_hold_and_use()
include/net/dst.h
* neighbour: Remove unused inline function neigh_key_eq16()
include/net/neighbour.h
selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
* net: tipc: resize nlattr array to correct size
net/tipc/bearer.c
net: lapbether: only support ethernet devices
drm/nouveau: add nv_encoder pointer check for NULL
drm/nouveau/kms: Don't change EDID when it hasn't actually changed
drm/nouveau/dp: check for NULL nv_connector->native_mode
igb: fix nvm.ops.read() error handling
* sctp: fix an error code in sctp_sf_eat_auth()
net/sctp/sm_statefuns.c
IB/isert: Fix incorrect release of isert connection
IB/isert: Fix possible list corruption in CMA handler
IB/isert: Fix dead lock in ib_isert
IB/uverbs: Fix to consider event queue closing also upon non-blocking mode
RDMA/rxe: Fix the use-before-initialization error of resp_pkts
RDMA/rxe: Removed unused name from rxe_task struct
RDMA/rxe: Remove the unused variable obj
* ping6: Fix send to link-local addresses with VRF.
net/ipv6/ping.c
* netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM
net/netfilter/nfnetlink.c
* usb: gadget: f_ncm: Fix NTP-32 support
drivers/usb/gadget/function/f_ncm.c
* usb: gadget: f_ncm: Add OS descriptor support
drivers/usb/gadget/function/f_ncm.c
drivers/usb/gadget/function/u_ncm.h
* usb: dwc3: gadget: Reset num TRBs before giving back the request
drivers/usb/dwc3/gadget.c
USB: serial: option: add Quectel EM061KGL series
* Remove DECnet support from kernel
include/linux/netdevice.h
include/linux/netfilter.h
include/linux/netfilter_defs.h
include/net/netns/netfilter.h
include/uapi/linux/netlink.h
net/Kconfig
net/Makefile
net/core/dev.c
net/core/neighbour.c
net/netfilter/core.c
net: usb: qmi_wwan: add support for Compal RXM-G1
RDMA/uverbs: Restrict usage of privileged QKEYs
nouveau: fix client work fence deletion race
powerpc/purgatory: remove PGO flags
kexec: support purgatories with .text.hot sections
nilfs2: fix possible out-of-bounds segment allocation in resize ioctl
nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key()
nios2: dts: Fix tse_mac "max-frame-size" property
ocfs2: check new file size on fallocate call
ocfs2: fix use-after-free when unmounting read-only filesystem
xen/blkfront: Only check REQ_FUA for writes
mips: Move initrd_start check after initrd address sanitisation.
MIPS: Alchemy: fix dbdma2
parisc: Improve cache flushing for PCXL in arch_sync_dma_for_cpu()
* power: supply: Fix logic checking if system is running from battery
drivers/power/supply/power_supply_core.c
irqchip/meson-gpio: Mark OF related data as maybe unused
* regulator: Fix error checking for debugfs_create_dir
drivers/regulator/core.c
* power: supply: Ratelimit no data debug output
drivers/power/supply/power_supply_sysfs.c
ARM: dts: vexpress: add missing cache properties
power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule()
power: supply: ab8500: Fix external_power_changed race
Merge "Merge 4.19.286 into android-4.19-stable" into android-4.19-stable
* Revert "tcp: deny tcp_disconnect() when threads are waiting"
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/inet_connection_sock.c
net/ipv4/tcp.c
Merge "Merge 4.19.285 into android-4.19-stable" into android-4.19-stable
Merge 4.19.286 into android-4.19-stable
* Revert "tcp: deny tcp_disconnect() when threads are waiting"
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/inet_connection_sock.c
net/ipv4/tcp.c
* ANDROID: GKI: update ABI xml for incrementalfs.ko
android/abi_gki_aarch64.xml
Merge 4.19.285 into android-4.19-stable
Linux 4.19.286
Revert "staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE"
btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
btrfs: check return value of btrfs_commit_transaction in relocation
* ext4: only check dquot_initialize_needed() when debugging
fs/ext4/xattr.c
i2c: sprd: Delete i2c adapter in .remove's error path
pinctrl: meson-axg: add missing GPIOA_18 gpio group
* Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
net/bluetooth/hci_core.c
ceph: fix use-after-free bug for inodes when flushing capsnaps
drm/amdgpu: fix xclk freq on CHIP_STONEY
Input: psmouse - fix OOB access in Elantech protocol
* Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
drivers/input/joystick/xpad.c
batman-adv: Broken sync while rescheduling delayed work
* lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release()
lib/cpu_rmap.c
* net: sched: fix possible refcount leak in tc_chain_tmplt_add()
net/sched/cls_api.c
* net: sched: move rtm_tca_policy declaration to include file
include/net/pkt_sched.h
net/sched/cls_api.c
* rfs: annotate lockless accesses to RFS sock flow table
include/linux/netdevice.h
net/core/dev.c
* rfs: annotate lockless accesses to sk->sk_rxhash
include/net/sock.h
* Bluetooth: L2CAP: Add missing checks for invalid DCID
net/bluetooth/l2cap_core.c
* Bluetooth: Fix l2cap_disconnect_req deadlock
net/bluetooth/l2cap_core.c
net: dsa: lan9303: allow vid != 0 in port_fdb_{add|del} methods
spi: qup: Request DMA before enabling clocks
i40e: fix build warnings in i40e_alloc.h
i40iw: fix build warning in i40iw_manage_apbvt()
* UPSTREAM: net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
drivers/net/usb/cdc_ncm.c
* UPSTREAM: cdc_ncm: Fix the build warning
drivers/net/usb/cdc_ncm.c
* UPSTREAM: cdc_ncm: Implement the 32-bit version of NCM Transfer Block
drivers/net/usb/cdc_ncm.c
include/linux/usb/cdc_ncm.h
* Revert "tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT"
include/net/sock.h
include/net/tcp.h
net/core/stream.c
* Revert "tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit"
net/ipv4/tcp.c
* Revert "tcp: factor out __tcp_close() helper"
include/net/tcp.h
net/ipv4/tcp.c
* Revert "tcp: add annotations around sk->sk_shutdown accesses"
net/ipv4/af_inet.c
net/ipv4/tcp.c
net/ipv4/tcp_input.c
* ANDROID: fix abi break in 4.19.284 for cpuhotplug.h
include/linux/cpuhotplug.h
Merge "Merge 4.19.284 into android-4.19-stable" into android-4.19-stable
UPSTREAM: mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
UPSTREAM: mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
Linux 4.19.285
wifi: rtlwifi: 8192de: correct checking of IQK reload
* scsi: dpt_i2o: Do not process completions with invalid addresses
drivers/scsi/Kconfig
scsi: dpt_i2o: Remove broken pass-through ioctl (I2OUSERCMD)
* regmap: Account for register length when chunking
drivers/base/regmap/regmap.c
fbcon: Fix null-ptr-deref in soft_cursor
* ext4: add lockdep annotations for i_data_sem for ea_inode's
fs/ext4/ext4.h
fs/ext4/xattr.c
* selinux: don't use make's grouped targets feature yet
security/selinux/Makefile
tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK
mmc: vub300: fix invalid response handling
rsi: Remove unnecessary boolean condition
regulator: da905{2,5}: Remove unnecessary array check
hwmon: (scmi) Remove redundant pointer check
wifi: rtlwifi: remove always-true condition pointed out by GCC 12
lib/dynamic_debug.c: use address-of operator on section symbols
* kernel/extable.c: use address-of operator on section symbols
kernel/extable.c
eth: sun: cassini: remove dead code
* gcc-12: disable '-Wdangling-pointer' warning for now
Makefile
ACPI: thermal: drop an always true check
x86/boot: Wrap literal addresses in absolute_pointer()
ata: libata-scsi: Use correct device no in ata_find_dev()
scsi: stex: Fix gcc 13 warnings
* usb: gadget: f_fs: Add unbind event before functionfs_unbind
drivers/usb/gadget/function/f_fs.c
net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
* iio: dac: build ad5758 driver when AD5758 is selected
drivers/iio/dac/Makefile
iio: dac: mcp4725: Fix i2c_master_send() return value handling
* HID: wacom: avoid integer overflow in wacom_intuos_inout()
drivers/hid/wacom_wac.c
* HID: google: add jewel USB id
drivers/hid/hid-ids.h
iio: adc: mxs-lradc: fix the order of two cleanup operations
mailbox: mailbox-test: fix a locking issue in mbox_test_message_write()
atm: hide unused procfs functions
ALSA: oss: avoid missing-prototype warnings
* netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT
net/netfilter/nf_conntrack_netlink.c
wifi: b43: fix incorrect __packed annotation
* scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed
drivers/scsi/scsi_lib.c
* arm64/mm: mark private VM_FAULT_X defines as vm_fault_t
arch/arm64/mm/fault.c
ARM: dts: stm32: add pin map for CAN controller on stm32f7
wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value
media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
* media: dvb-core: Fix use-after-free due on race condition at dvb_net
include/media/dvb_net.h
media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table
media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
media: dvb_ca_en50221: fix a size write bug
media: netup_unidvb: fix irq init by register it at the end of probe
media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address
media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer
media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer()
media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer()
* media: dvb_demux: fix a bug for the continuity counter
drivers/media/dvb-core/dvb_demux.c
ASoC: ssm2602: Add workaround for playback distortions
* xfrm: Check if_id in inbound policy/secpath match
net/xfrm/xfrm_policy.c
ASoC: dwc: limit the number of overrun messages
nbd: Fix debugfs_create_dir error checking
fbdev: stifb: Fix info entry in sti_struct on error path
fbdev: modedb: Add 1920x1080 at 60 Hz video mode
media: rcar-vin: Select correct interrupt mode for V4L2_FIELD_ALTERNATE
ARM: 9295/1: unwind:fix unwind abort for uleb128 case
mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write()
watchdog: menz069_wdt: fix watchdog initialisation
net: dsa: mv88e6xxx: Increase wait after reset deactivation
net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
* udp6: Fix race condition in udp6_sendmsg & connect
net/core/sock.c
* net/netlink: fix NETLINK_LIST_MEMBERSHIPS length report
net/netlink/af_netlink.c
* ocfs2/dlm: move BITS_TO_BYTES() to bitops.h for wider use
include/linux/bitops.h
* net: sched: fix NULL pointer dereference in mq_attach
net/sched/sch_api.c
* net/sched: Prohibit regrafting ingress or clsact Qdiscs
net/sched/sch_api.c
* net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs
net/sched/sch_api.c
net/sched/sch_ingress.c
* net/sched: sch_clsact: Only create under TC_H_CLSACT
net/sched/sch_ingress.c
* net/sched: sch_ingress: Only create under TC_H_INGRESS
net/sched/sch_ingress.c
* tcp: Return user_mss for TCP_MAXSEG in CLOSE/LISTEN state if user_mss set
net/ipv4/tcp.c
* tcp: deny tcp_disconnect() when threads are waiting
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/inet_connection_sock.c
net/ipv4/tcp.c
* af_packet: do not use READ_ONCE() in packet_bind()
net/packet/af_packet.c
amd-xgbe: fix the false linkup in xgbe_phy_status
* af_packet: Fix data-races of pkt_sk(sk)->num.
net/packet/af_packet.c
netrom: fix info-leak in nr_write_internal()
net/mlx5: fw_tracer, Fix event handling
dmaengine: pl330: rename _start to prevent build error
* netfilter: ctnetlink: Support offloaded conntrack entry deletion
net/netfilter/nf_conntrack_netlink.c
* ipv{4,6}/raw: fix output xfrm lookup wrt protocol
include/net/ip.h
include/uapi/linux/in.h
net/ipv4/ip_sockglue.c
net/ipv4/raw.c
net/ipv6/raw.c
* bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()
net/bluetooth/hci_sock.c
* cdc_ncm: Fix the build warning
drivers/net/usb/cdc_ncm.c
power: supply: bq24190: Call power_supply_changed() after updating input current
* power: supply: core: Refactor power_supply_set_input_current_limit_from_supplier()
drivers/power/supply/power_supply_core.c
include/linux/power_supply.h
power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize
* net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
drivers/net/usb/cdc_ncm.c
* cdc_ncm: Implement the 32-bit version of NCM Transfer Block
drivers/net/usb/cdc_ncm.c
include/linux/usb/cdc_ncm.h
Merge 4.19.284 into android-4.19-stable
UPSTREAM: efi: rt-wrapper: Add missing include
* BACKPORT: arm64: efi: Execute runtime services from a dedicated stack
arch/arm64/include/asm/efi.h
* Revert "uapi/linux/const.h: prefer ISO-friendly __typeof__"
include/uapi/linux/const.h
Merge "Merge 4.19.283 into android-4.19-stable" into android-4.19-stable
Linux 4.19.284
* drivers: depend on HAS_IOMEM for devm_platform_ioremap_resource()
drivers/base/platform.c
3c589_cs: Fix an error handling path in tc589_probe()
forcedeth: Fix an error handling path in nv_probe()
* ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
include/uapi/sound/skl-tplg-interface.h
x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
* coresight: Fix signedness bug in tmc_etr_buf_insert_barrier_packet()
drivers/hwtracing/coresight/coresight-tmc-etr.c
power: supply: sbs-charger: Fix INHIBITED bit for Status reg
* power: supply: bq27xxx: Fix poll_interval handling and races on remove
include/linux/power/bq27xxx_battery.h
power: supply: bq27xxx: Fix I2C IRQ race on remove
power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
* power: supply: leds: Fix blink to LED on transition
drivers/power/supply/power_supply_leds.c
* ipv6: Fix out-of-bounds access in ipv6_find_tlv()
net/ipv6/exthdrs_core.c
* bpf: Fix mask generation for 32-bit narrow loads of 64-bit fields
kernel/bpf/verifier.c
* net: fix skb leak in __skb_tstamp_tx()
net/core/skbuff.c
media: radio-shark: Add endpoint checks
USB: sisusbvga: Add endpoint checks
* USB: core: Add routines for endpoint checks in old drivers
drivers/usb/core/usb.c
include/linux/usb.h
* udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated().
net/ipv4/udplite.c
net/ipv6/udplite.c
ALSA: hda/realtek - Fix inverted bass GPIO pin on Acer 8951G
ALSA: hda/realtek - Fixed one of HP ALC671 platform Headset Mic supported
parisc: Fix flush_dcache_page() for usage from irq context
selftests/memfd: Fix unknown type name build failure
x86/mm: Avoid incomplete Global INVLPG flushes
btrfs: use nofs when cleaning up aborted transactions
parisc: Allow to reboot machine after system halt
m68k: Move signal frame following exception on 68020/030
ALSA: hda/ca0132: add quirk for EVGA X299 DARK
spi: fsl-cpm: Use 16 bit mode for large transfers with even size
spi: fsl-spi: Re-organise transfer bits_per_word adaptation
spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode
s390/qdio: fix do_sqbs() inline assembly constraint
s390/qdio: get rid of register asm
vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF
vc_screen: rewrite vcs_size to accept vc, not inode
* usb: gadget: u_ether: Fix host MAC address case
drivers/usb/gadget/function/u_ether.c
* usb: gadget: u_ether: Convert prints to device prints
drivers/usb/gadget/function/u_ether.c
* lib/string_helpers: Introduce string_upper() and string_lower() helpers
include/linux/string_helpers.h
ALSA: hda/realtek: Add a quirk for HP EliteDesk 805
ALSA: hda/realtek - ALC897 headset MIC no sound
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - The front Mic on a HP machine doesn't work
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
ALSA: hda/realtek - Add Headset Mic supported for HP cPC
ALSA: hda/realtek - More constifications
Add Acer Aspire Ethos 8951G model quirk
* HID: wacom: Force pen out of prox if no events have been received in a while
drivers/hid/wacom.h
drivers/hid/wacom_sys.c
drivers/hid/wacom_wac.c
netfilter: nf_tables: do not allow RULE_ID to refer to another chain
netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag
netfilter: nf_tables: stricter validation of element data
* netfilter: nf_tables: allow up to 64 bytes in the set element data area
include/net/netfilter/nf_tables.h
netfilter: nf_tables: add nft_setelem_parse_key()
netfilter: nf_tables: validate registers coming from userspace.
* netfilter: nftables: statify nft_parse_register()
include/net/netfilter/nf_tables.h
* netfilter: nftables: add nft_parse_register_store() and use it
include/net/netfilter/nf_tables.h
include/net/netfilter/nf_tables_core.h
include/net/netfilter/nft_fib.h
* netfilter: nftables: add nft_parse_register_load() and use it
include/net/netfilter/nf_tables.h
include/net/netfilter/nf_tables_core.h
include/net/netfilter/nft_masq.h
include/net/netfilter/nft_redir.h
nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
tpm/tpm_tis: Disable interrupts for more Lenovo devices
ceph: force updating the msg pointer in non-split case
serial: Add support for Advantech PCI-1611U card
* statfs: enforce statfs[64] structure initialization
fs/statfs.c
ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
ALSA: hda: Fix Oops by 9.1 surround channel names
usb: typec: altmodes/displayport: fix pin_assignment_show
* usb-storage: fix deadlock when a scsi command timeouts more than once
drivers/usb/storage/scsiglue.c
vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
igb: fix bit_shift to be in [1..8] range
cassini: Fix a memory leak in the error handling path of cas_init_one()
net: bcmgenet: Restore phy_stop() depending upon suspend/close
net: bcmgenet: Remove phy_stop() from bcmgenet_netif_stop()
net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
drm/exynos: fix g2d_open/close helper function definitions
media: netup_unidvb: fix use-after-free at del_timer()
erspan: get the proto with the md version for collect_md
* ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
include/net/ip6_tunnel.h
include/net/ip_tunnels.h
ip6_gre: Make o_seqno start from 0 in native mode
ip6_gre: Fix skb_under_panic in __gre6_xmit()
serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
* drivers: provide devm_platform_ioremap_resource()
drivers/base/platform.c
include/linux/platform_device.h
vsock: avoid to close connected socket after the timeout
net: fec: Better handle pm_runtime_get() failing in .remove()
* af_key: Reject optional tunnel/BEET mode templates in outbound policies
net/key/af_key.c
cpupower: Make TSC read per CPU for Mperf monitor
btrfs: fix space cache inconsistency after error loading it from disk
btrfs: replace calls to btrfs_find_free_ino with btrfs_find_free_objectid
mfd: dln2: Fix memory leak in dln2_probe()
phy: st: miphy28lp: use _poll_timeout functions for waits
* Input: xpad - add constants for GIP interface numbers
drivers/input/joystick/xpad.c
clk: tegra20: fix gcc-7 constant overflow warning
recordmcount: Fix memory leaks in the uwrite function
* sched: Fix KCSAN noinstr violation
include/linux/sched/task_stack.h
mcb-pci: Reallocate memory region to avoid memory overlapping
serial: 8250: Reinit port->pm on port specific driver unbind
usb: typec: tcpm: fix multiple times discover svids error
* HID: wacom: generic: Set battery quirk only when we see battery data
drivers/hid/wacom_wac.c
spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
HID: logitech-hidpp: Reconcile USB and Unifying serials
HID: logitech-hidpp: Don't use the USB serial for USB devices
staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
* Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
net/bluetooth/l2cap_core.c
wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
* f2fs: fix to drop all dirty pages during umount() if cp_error is set
fs/f2fs/checkpoint.c
fs/f2fs/data.c
* ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
fs/ext4/mballoc.c
* ext4: set goal start correctly in ext4_mb_normalize_request
fs/ext4/mballoc.c
gfs2: Fix inode height consistency check
scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
* lib: cpu_rmap: Avoid use after free on rmap->obj array entries
lib/cpu_rmap.c
* net: Catch invalid index in XPS mapping
net/core/dev.c
net: pasemi: Fix return type of pasemi_mac_start_tx()
ext2: Check block size validity during mount
wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
ACPICA: Avoid undefined behavior: applying zero offset to null pointer
drm/tegra: Avoid potential 32-bit integer overflow
ACPI: EC: Fix oops when removing custom query handlers
* firmware: arm_sdei: Fix sleep from invalid context BUG
include/linux/cpuhotplug.h
memstick: r592: Fix UAF bug in r592_remove due to race condition
* regmap: cache: Return error in cache sync operations for REGCACHE_NONE
drivers/base/regmap/regcache.c
drm/amd/display: Use DC_LOG_DC in the trasform pixel function
fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
* af_unix: Fix data races around sk->sk_shutdown.
net/unix/af_unix.c
* af_unix: Fix a data race of sk->sk_receive_queue->qlen.
net/unix/af_unix.c
* net: datagram: fix data-races in datagram_poll()
net/core/datagram.c
ipvlan:Fix out-of-bounds caused by unclear skb->cb
* tcp: add annotations around sk->sk_shutdown accesses
net/ipv4/af_inet.c
net/ipv4/tcp.c
net/ipv4/tcp_input.c
* tcp: factor out __tcp_close() helper
include/net/tcp.h
net/ipv4/tcp.c
* tcp: return EPOLLOUT from tcp_poll only when notsent_bytes is half the limit
net/ipv4/tcp.c
* tcp: reduce POLLOUT events caused by TCP_NOTSENT_LOWAT
include/net/sock.h
include/net/tcp.h
net/core/stream.c
* net: annotate sk->sk_err write from do_recvmmsg()
net/socket.c
* netlink: annotate accesses to nlk->cb_running
net/netlink/af_netlink.c
* net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
include/net/sock.h
* UPSTREAM: ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
fs/ext4/super.c
Merge 4.19.283 into android-4.19-stable
* UPSTREAM: ext4: fix invalid free tracking in ext4_xattr_move_to_block()
fs/ext4/xattr.c
Linux 4.19.283
* mm/page_alloc: fix potential deadlock on zonelist_update_seq seqlock
mm/page_alloc.c
* printk: declare printk_deferred_{enter,safe}() in include/linux/printk.h
include/linux/printk.h
PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock
PCI: pciehp: Use down_read/write_nested(reset_lock) to fix lockdep errors
drbd: correctly submit flush bio on barrier
serial: 8250: Fix serial8250_tx_empty() race with DMA Tx
* tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
drivers/tty/tty_io.c
drivers/tty/tty_ioctl.c
include/linux/tty.h
* ext4: fix invalid free tracking in ext4_xattr_move_to_block()
fs/ext4/xattr.c
* ext4: remove a BUG_ON in ext4_mb_release_group_pa()
fs/ext4/mballoc.c
* ext4: bail out of ext4_xattr_ibody_get() fails for any reason
fs/ext4/inline.c
* ext4: add bounds checking in get_max_inline_xattr_value_size()
fs/ext4/inline.c
* ext4: improve error recovery code paths in __ext4_remount()
fs/ext4/super.c
* ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
fs/ext4/super.c
* ext4: fix WARNING in mb_find_extent
fs/ext4/balloc.c
* HID: wacom: Set a default resolution for older tablets
drivers/hid/wacom_wac.c
drm/panel: otm8009a: Set backlight parent to panel device
ARM: dts: s5pv210: correct MIPI CSIS clock name
ARM: dts: exynos: fix WM8960 clock name in Itop Elite
sh: nmi_debug: fix return value of __setup handler
sh: init: use OF_EARLY_FLATTREE for early init
sh: math-emu: fix macro redefined warning
platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i
cifs: fix pcchunk length type in smb2_copychunk_range
btrfs: print-tree: parent bytenr must be aligned to sector size
btrfs: fix btrfs_prev_leaf() to not return the same key twice
perf symbols: Fix return incorrect build_id size in elf_read_build_id()
perf map: Delete two variable initialisations before null pointer checks in sort__sym_from_cmp()
perf vendor events power9: Remove UTF-8 characters from JSON files
virtio_net: suppress cpu stall when free_unused_bufs
virtio_net: split free_unused_bufs()
ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init`
drm/amdgpu: add a missing lock for AMDGPU_SCHED
* drm/amdgpu: Add command to override the context priority.
include/uapi/drm/amdgpu_drm.h
drm/amdgpu: Put enable gfx off feature to a delay thread
drm/amdgpu: Add amdgpu_gfx_off_ctrl function
* af_packet: Don't send zero-byte data in packet_sendmsg_spkt().
net/packet/af_packet.c
rxrpc: Fix hard call timeout units
* net/sched: act_mirred: Add carrier check
net/sched/act_mirred.c
* writeback: fix call of incorrect macro
fs/fs-writeback.c
net: dsa: mv88e6xxx: add mv88e6321 rsvd2cpu
net: dsa: mv88e6xxx: Add missing watchdog ops for 6320 family
* sit: update dev->needed_headroom in ipip6_tunnel_bind_dev()
net/ipv6/sit.c
relayfs: fix out-of-bounds access in relay_file_read
kernel/relay.c: fix read_pos error when multiple readers
* dm verity: fix error handling for check_at_most_once on FEC
drivers/md/dm-verity-target.c
* dm verity: skip redundant verity_handle_err() on I/O errors
drivers/md/dm-verity-target.c
ipmi: fix SSIF not responding under certain cond.
ipmi_ssif: Rename idle state and check
* ipmi: Fix how the lower layers are told to watch for messages
include/linux/ipmi_smi.h
ipmi: Fix SSIF flag requests
* tick/nohz: Fix cpu_is_hotpluggable() by checking with nohz subsystem
drivers/base/cpu.c
include/linux/tick.h
kernel/time/tick-sched.c
* nohz: Add TICK_DEP_BIT_RCU
include/linux/tick.h
include/trace/events/timer.h
kernel/time/tick-sched.c
* netfilter: nf_tables: deactivate anonymous set from preparation phase
include/net/netfilter/nf_tables.h
debugobject: Ensure pool refill (again)
perf auxtrace: Fix address filter entire kernel size
* dm ioctl: fix nested locking in table_clear() to remove deadlock concern
drivers/md/dm-ioctl.c
dm flakey: fix a crash with invalid table line
dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path
s390/dasd: fix hanging blockdevice after request requeue
* btrfs: scrub: reject unsupported scrub flags
include/uapi/linux/btrfs.h
clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent
wifi: rtl8xxxu: RTL8192EU always needs full init
md/raid10: fix null-ptr-deref in raid10_sync_request
nilfs2: fix infinite loop in nilfs_mdt_get_block()
nilfs2: do not write dirty data after degenerating to read-only
parisc: Fix argument pointer in real64_call_asm()
dmaengine: at_xdmac: do not enable all cyclic channels
phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port
pwm: mtk-disp: Disable shadow registers before setting backlight values
pwm: mtk-disp: Adjust the clocks to avoid them mismatch
pwm: mtk-disp: Don't check the return code of pwmchip_remove()
openrisc: Properly store r31 to pt_regs on unhandled exceptions
RDMA/mlx5: Use correct device num_ports when modify DC
* SUNRPC: remove the maximum number of retries in call_bind_status
include/linux/sunrpc/sched.h
NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order
* clk: add missing of_node_put() in "assigned-clocks" property parsing
drivers/clk/clk-conf.c
power: supply: generic-adc-battery: fix unit scaling
RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
RDMA/rdmavt: Delete unnecessary NULL check
* perf/core: Fix hardlockup failure caused by perf throttle
kernel/events/core.c
powerpc/rtas: use memmove for potentially overlapping buffer copy
* macintosh: via-pmu-led: requires ATA to be set
drivers/macintosh/Kconfig
powerpc/sysdev/tsi108: fix resource printk format warnings
powerpc/wii: fix resource printk format warnings
powerpc/mpc512x: fix resource printk format warning
macintosh/windfarm_smu_sat: Add missing of_node_put()
* spmi: Add a check for remove callback when removing a SPMI driver
drivers/spmi/spmi.c
staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
serial: 8250: Add missing wakeup event reporting
tty: serial: fsl_lpuart: adjust buffer length to the intended size
usb: chipidea: fix missing goto in `ci_hdrc_probe`
sh: sq: Fix incorrect element size for allocating bitmap buffer
* uapi/linux/const.h: prefer ISO-friendly __typeof__
include/uapi/linux/const.h
spi: cadence-quadspi: fix suspend-resume implementations
mtd: spi-nor: cadence-quadspi: Handle probe deferral while requesting DMA channel
mtd: spi-nor: cadence-quadspi: Don't initialize rx_dma_complete on failure
mtd: spi-nor: cadence-quadspi: Make driver independent of flash geometry
ia64: salinfo: placate defined-but-not-used warning
ia64: mm/contig: fix section mismatch warning/error
* of: Fix modalias string generation
drivers/of/device.c
vmci_host: fix a race condition in vmci_host_poll() causing GPF
spi: fsl-spi: Fix CPM/QE mode Litte Endian
spi: qup: Don't skip cleanup in remove's error path
spi: qup: fix PM reference leak in spi_qup_remove()
* linux/vt_buffer.h: allow either builtin or modular for macros
include/linux/vt_buffer.h
usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
fpga: bridge: fix kernel-doc parameter description
usb: host: xhci-rcar: remove leftover quirk handling
* pstore: Revert pmsg_lock back to a normal mutex
fs/pstore/pmsg.c
* tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp.
net/core/skbuff.c
net: amd: Fix link leak when verifying config failed
* netlink: Use copy_to_user() for optval in netlink_getsockopt().
net/netlink/af_netlink.c
Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work"
* ipv4: Fix potential uninit variable access bug in __ip_make_skb()
net/ipv4/ip_output.c
* netfilter: nf_tables: don't write table validation state without mutex
include/linux/netfilter/nfnetlink.h
net/netfilter/nfnetlink.c
ixgbe: Enable setting RSS table to default values
ixgbe: Allow flow hash to be set via ethtool
wifi: iwlwifi: mvm: check firmware response size
wifi: iwlwifi: make the loop for card preparation effective
md/raid10: fix memleak of md thread
md: update the optimal I/O size on reshape
md/raid10: fix memleak for 'conf->bio_split'
md/raid10: fix leak of 'r10bio->remaining' for recovery
* crypto: drbg - Only fail when jent is unavailable in FIPS mode
crypto/drbg.c
* crypto: drbg - make drbg_prepare_hrng() handle jent instantiation errors
crypto/drbg.c
bpftool: Fix bug for long instructions in program CFG dumps
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg()
wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg()
rtlwifi: Replace RT_TRACE with rtl_dbg
rtlwifi: Start changing RT_TRACE into rtl_dbg
rtlwifi: rtl_pci: Fix memory leak when hardware init fails
scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS
scsi: target: iscsit: Fix TAS handling during conn cleanup
* net/packet: convert po->auxdata to an atomic flag
net/packet/af_packet.c
net/packet/internal.h
* net/packet: convert po->origdev to an atomic flag
net/packet/af_packet.c
net/packet/internal.h
vlan: partially enable SIOCSHWTSTAMP in container
* scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
include/net/scm.h
tools: bpftool: Remove invalid \' json escape
wifi: ath6kl: reduce WARN to dev_dbg() in callback
wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list()
wifi: ath9k: hif_usb: fix memory leak of remain_skbs
wifi: ath6kl: minor fix for allocation size
debugobject: Prevent init race with static objects
debugobjects: Move printk out of db->lock critical sections
debugobjects: Add percpu free pools
* arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
arch/arm64/include/asm/debug-monitors.h
arch/arm64/kernel/debug-monitors.c
x86/ioapic: Don't return 0 from arch_dynirq_lower_bound()
media: rc: gpio-ir-recv: Fix support for wake-up
media: rcar_fdp1: Fix refcount leak in probe and remove function
media: rcar_fdp1: Fix the correct variable assignments
media: saa7134: fix use after free bug in saa7134_finidev due to race condition
media: dm1105: Fix use after free bug in dm1105_remove due to race condition
x86/apic: Fix atomic update of offset in reserve_eilvt_offset()
drm/msm/adreno: drop bogus pm_runtime_set_active()
drm/msm/adreno: Defer enabling runpm until hw_init()
* firmware: qcom_scm: Clear download bit during reboot
drivers/firmware/qcom_scm.c
media: av7110: prevent underflow in write_ts_to_decoder()
* media: uapi: add MEDIA_BUS_FMT_METADATA_FIXED media bus format.
include/uapi/linux/media-bus-format.h
media: bdisp: Add missing check for create_workqueue
ARM: dts: qcom: ipq4019: Fix the PCI I/O port range
EDAC/skx: Fix overflows on the DRAM row address mapping arrays
EDAC, skx: Move debugfs node under EDAC's hierarchy
* drm/probe-helper: Cancel previous job before starting new one
drivers/gpu/drm/drm_probe_helper.c
drm/vgem: add missing mutex_destroy
drm/rockchip: Drop unbalanced obj unref
* selinux: ensure av_permissions.h is built when needed
security/selinux/Makefile
* selinux: fix Makefile dependencies of flask.h
security/selinux/Makefile
ubifs: Free memory for tmpfile name
ubi: Fix return value overwrite issue in try_write_vid_and_data()
ubifs: Fix memleak when insert_old_idx() failed
Revert "ubifs: dirty_cow_znode: Fix memleak in error handling path"
i2c: omap: Fix standard mode false ACK readings
KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
reiserfs: Add security prefix to xattr name in reiserfs_security_write()
* ring-buffer: Sync IRQ works before buffer destruction
kernel/trace/ring_buffer.c
pwm: meson: Fix axg ao mux parents
MIPS: fw: Allow firmware to pass a empty env
* xhci: fix debugfs register accesses while suspended
drivers/usb/host/xhci-debugfs.c
* debugfs: regset32: Add Runtime PM support
fs/debugfs/file.c
include/linux/debugfs.h
staging: iio: resolver: ads1210: fix config mode
perf sched: Cast PTHREAD_STACK_MIN to int as it may turn into sysconf(__SC_THREAD_STACK_MIN_VALUE)
* USB: dwc3: fix runtime pm imbalance on unbind
drivers/usb/dwc3/core.c
stmmac: debugfs entry name is not be changed when udev rename device name.
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750
iio: adc: palmas_gpadc: fix NULL dereference on rmmod
USB: serial: option: add UNISOC vendor and TOZED LT70C product
* bluetooth: Perform careful capability checks in hci_sock_ioctl()
net/bluetooth/hci_sock.c
wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
* ANDROID: incremental fs: Evict inodes before freeing mount data
fs/incfs/main.c
fs/incfs/vfs.c
* Revert "Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse""
android/abi_gki_aarch64.xml
include/linux/rmap.h
mm/rmap.c
Bug: 299241959
Change-Id: Ib8c4ff87b1b0b720abce0f5fcdf1a51f01a472a9
Signed-off-by: Wilson Sung <wilsonsung@google.com>
Signed-off-by: ChangYan Lee <changyan@google.com>
|
||
|
Osama Muhammad
|
a930aecbd5 |
nfcsim.c: Fix error checking for debugfs_create_dir
[ Upstream commit 9b9e46aa07273ceb96866b2e812b46f1ee0b8d2f ] This patch fixes the error checking in nfcsim.c. The DebugFS kernel API is developed in a way that the caller can safely ignore the errors that occur during the creation of DebugFS nodes. Signed-off-by: Osama Muhammad <osmtendev@gmail.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Wilson Sung
|
7b88bd86ba |
Merge android-4.19-stable (4.19.282) into android-msm-pixel-4.19-lts
Merge 4.19.282 into android-4.19-stable
Linux 4.19.282
* ASN.1: Fix check for strdup() success
scripts/asn1_compiler.c
iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
* sctp: Call inet6_destroy_sock() via sk->sk_destruct().
net/sctp/socket.c
* dccp: Call inet6_destroy_sock() via sk->sk_destruct().
net/dccp/dccp.h
net/dccp/ipv6.c
net/dccp/proto.c
net/ipv6/af_inet6.c
* inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
net/ipv6/ping.c
net/ipv6/raw.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
net/l2tp/l2tp_ip6.c
* tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
include/net/ipv6.h
include/net/udp.h
include/net/udplite.h
net/ipv4/udp.c
net/ipv4/udplite.c
net/ipv6/af_inet6.c
net/ipv6/udp.c
net/ipv6/udp_impl.h
net/ipv6/udplite.c
* udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
include/net/ipv6.h
net/ipv6/af_inet6.c
net/ipv6/ipv6_sockglue.c
* ext4: fix use-after-free in ext4_xattr_set_entry
fs/ext4/xattr.c
* ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
fs/ext4/inline.c
fs/ext4/xattr.c
fs/ext4/xattr.h
* Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
fs/ext4/xattr.c
x86/purgatory: Don't generate debug info for purgatory.ro
memstick: fix memory leak if card device is never registered
* nilfs2: initialize unused bytes in segment summary blocks
fs/nilfs2/segment.c
* xen/netback: use same error messages for same errors
drivers/net/xen-netback/netback.c
s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
net: dsa: b53: mmap: add phy ops
* scsi: core: Improve scsi_vpd_inquiry() checks
drivers/scsi/scsi.c
* scsi: megaraid_sas: Fix fw_crash_buffer_show()
drivers/scsi/megaraid/megaraid_sas_base.c
* selftests: sigaltstack: fix -Wuninitialized
tools/testing/selftests/sigaltstack/current_stack_pointer.h
tools/testing/selftests/sigaltstack/sas.c
Input: i8042 - add quirk for Fujitsu Lifebook A574/H
* f2fs: Fix f2fs_truncate_partial_nodes ftrace event
include/trace/events/f2fs.h
e1000e: Disable TSO on i219-LM card to increase speed
mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
i40e: fix i40e_setup_misc_vector() error handling
i40e: fix accessing vsi->active_filters without holding lock
* virtio_net: bugfix overflow inside xdp_linearize_page()
drivers/net/virtio_net.c
* net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
net/sched/sch_qfq.c
ARM: dts: rockchip: fix a typo error for rk3288 spdif node
Merge 4.19.281 into android-4.19-stable
Linux 4.19.281
arm64: KVM: Fix system register enumeration
KVM: arm64: Filter out invalid core register IDs in KVM_GET_REG_LIST
KVM: arm64: Factor out core register ID enumeration
KVM: nVMX: add missing consistency checks for CR0 and CR4
* coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug
drivers/hwtracing/coresight/coresight-etm4x.c
* watchdog: sbsa_wdog: Make sure the timeout programming is within the limits
drivers/watchdog/sbsa_gwdt.c
* cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach()
kernel/cgroup/cpuset.c
ubi: Fix deadlock caused by recursively holding work_sem
mtd: ubi: wl: Fix a couple of kernel-doc issues
ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size
x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot
* scsi: ses: Handle enclosure with just a primary component gracefully
drivers/scsi/ses.c
verify_pefile: relax wrapper length check
efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
i2c: imx-lpi2c: clean rx/tx buffers upon new message
* power: supply: cros_usbpd: reclassify "default case!" as debug
drivers/power/supply/cros_usbpd-charger.c
* udp6: fix potential access to stale information
net/ipv6/udp.c
net: macb: fix a memory corruption in extended buffer descriptor mode
* sctp: fix a potential overflow in sctp_ifwdtsn_skip
net/sctp/stream_interleave.c
qlcnic: check pci_reset_function result
niu: Fix missing unwind goto in niu_alloc_channels()
* 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition
net/9p/trans_xen.c
mtdblock: tolerate corrected bit-flips
* Bluetooth: Fix race condition in hidp_session_thread
net/bluetooth/hidp/core.c
* Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}
net/bluetooth/l2cap_core.c
* ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
sound/pci/hda/patch_sigmatel.c
* ALSA: i2c/cs8427: fix iec958 mixer control deactivation
sound/i2c/cs8427.c
* ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard
sound/pci/hda/patch_sigmatel.c
* ALSA: emu10k1: fix capture interrupt handler unlinking
sound/pci/emu10k1/emupcm.c
* Revert "pinctrl: amd: Disable and mask interrupts on resume"
drivers/pinctrl/pinctrl-amd.c
* mm/swap: fix swap_info_struct race between swapoff and get_swap_pages()
mm/swapfile.c
* ring-buffer: Fix race while reader and writer are on the same page
kernel/trace/ring_buffer.c
* ftrace: Mark get_lock_parent_ip() __always_inline
include/linux/ftrace.h
* perf/core: Fix the same task check in perf_event_set_output
kernel/events/core.c
* ALSA: hda/realtek: Add quirk for Clevo X370SNW
sound/pci/hda/patch_realtek.c
* nilfs2: fix sysfs interface lifetime
fs/nilfs2/super.c
fs/nilfs2/the_nilfs.c
* nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread()
fs/nilfs2/segment.c
* tty: serial: sh-sci: Fix Rx on RZ/G2L SCI
drivers/tty/serial/sh-sci.c
* tty: serial: sh-sci: Fix transmit end interrupt handler
drivers/tty/serial/sh-sci.c
iio: dac: cio-dac: Fix max DAC write value check for 12-bit
* USB: serial: option: add Quectel RM500U-CN modem
drivers/usb/serial/option.c
* USB: serial: option: add Telit FE990 compositions
drivers/usb/serial/option.c
* USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
drivers/usb/serial/cp210x.c
gpio: davinci: Add irq chip flag to skip set wake
* ipv6: Fix an uninit variable access bug in __ip6_make_skb()
net/ipv6/ip6_output.c
* sctp: check send stream number after wait_for_sndbuf
net/sctp/socket.c
* net: don't let netpoll invoke NAPI if in xmit context
net/core/netpoll.c
* icmp: guard against too small mtu
net/ipv4/icmp.c
* wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta
net/mac80211/sta_info.c
* pwm: cros-ec: Explicitly set .polarity in .get_state()
drivers/pwm/pwm-cros-ec.c
* NFSv4: Fix hangs when recovering open state after a server reboot
fs/nfs/nfs4proc.c
* NFSv4: Check the return value of update_open_stateid()
fs/nfs/nfs4proc.c
* NFSv4: Convert struct nfs4_state to use refcount_t
fs/nfs/nfs4_fs.h
fs/nfs/nfs4proc.c
fs/nfs/nfs4state.c
* pinctrl: amd: Disable and mask interrupts on resume
drivers/pinctrl/pinctrl-amd.c
* pinctrl: amd: disable and mask interrupts on probe
drivers/pinctrl/pinctrl-amd.c
* pinctrl: amd: Use irqchip template
drivers/pinctrl/pinctrl-amd.c
* pinctrl: Added IRQF_SHARED flag for amd-pinctrl driver
drivers/pinctrl/pinctrl-amd.c
Revert "dm thin: fix deadlock when swapping to thin device"
Merge "Merge 4.19.280 into android-4.19-stable" into android-4.19-stable
Merge 4.19.280 into android-4.19-stable
* UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
fs/ext4/inode.c
Linux 4.19.280
* cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()
kernel/cgroup/cgroup-v1.c
* cgroup: Fix threadgroup_rwsem <-> cpus_read_lock() deadlock
kernel/cgroup/cgroup.c
kernel/cgroup/cpuset.c
* cgroup/cpuset: Change cpuset_rwsem and hotplug lock order
include/linux/cpuset.h
kernel/cgroup/cpuset.c
* net: sched: cbq: dont intepret cls results when asked to drop
net/sched/sch_cbq.c
* gfs2: Always check inode size of inline inodes
fs/gfs2/aops.c
fs/gfs2/bmap.c
fs/gfs2/glops.c
firmware: arm_scmi: Fix device node validation for mailbox transport
* ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
fs/ext4/inode.c
* usb: host: ohci-pxa27x: Fix and & vs | typo
drivers/usb/host/ohci-pxa27x.c
s390/uaccess: add missing earlyclobber annotations to __clear_user()
drm/etnaviv: fix reference leak when mmaping imported buffer
* ALSA: usb-audio: Fix regression on detection of Roland VS-100
sound/usb/format.c
* ALSA: hda/conexant: Partial revert of a quirk for Lenovo
sound/pci/hda/patch_conexant.c
* pinctrl: at91-pio4: fix domain name assignment
drivers/pinctrl/pinctrl-at91-pio4.c
* xen/netback: don't do grant copy across page boundary
drivers/net/xen-netback/common.h
drivers/net/xen-netback/netback.c
* cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
fs/cifs/cifsfs.h
* cifs: prevent infinite recursion in CIFSGetDFSRefer()
fs/cifs/cifssmb.c
Input: focaltech - use explicitly signed char type
Input: alps - fix compatibility with -funsigned-char
net: mvneta: make tx buffer array agnostic
net: dsa: mv88e6xxx: Enable IGMP snooping on user ports only
i40e: fix registers dump after run ethtool adapter self test
* can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
net/can/bcm.c
* scsi: megaraid_sas: Fix crash after a double completion
drivers/scsi/megaraid/megaraid_sas_fusion.c
* ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
drivers/net/ieee802154/ca8210.c
* fbdev: au1200fb: Fix potential divide by zero
drivers/video/fbdev/au1200fb.c
* fbdev: lxfb: Fix potential divide by zero
drivers/video/fbdev/geode/lxfb_core.c
* fbdev: intelfb: Fix potential divide by zero
drivers/video/fbdev/intelfb/intelfbdrv.c
* fbdev: nvidia: Fix potential divide by zero
drivers/video/fbdev/nvidia/nvidia.c
* sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
kernel/compat.c
kernel/sched/core.c
* fbdev: tgafb: Fix potential divide by zero
drivers/video/fbdev/tgafb.c
* ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
sound/pci/hda/patch_ca0132.c
* ALSA: asihpi: check pao in control_message()
sound/pci/asihpi/hpi6205.c
md: avoid signed overflow in slot_store()
bus: imx-weim: fix branch condition evaluates to a garbage value
* ocfs2: fix data corruption after failed write
fs/ocfs2/aops.c
* tun: avoid double free in tun_free_netdev
drivers/net/tun.c
* sched/fair: Sanitize vruntime of entity being migrated
kernel/sched/core.c
kernel/sched/fair.c
* sched/fair: sanitize vruntime of entity being placed
kernel/sched/fair.c
dm crypt: add cond_resched() to dmcrypt_write()
* dm stats: check for and propagate alloc_percpu failure
drivers/md/dm-stats.c
drivers/md/dm-stats.h
drivers/md/dm.c
i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
* nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
fs/nilfs2/ioctl.c
* usb: chipidea: core: fix possible concurrent when switch role
drivers/usb/chipidea/ci.h
drivers/usb/chipidea/core.c
drivers/usb/chipidea/otg.c
* usb: chipdea: core: fix return -EINVAL if request role is the same with current role
drivers/usb/chipidea/core.c
dm thin: fix deadlock when swapping to thin device
igb: revert rtnl_lock() that causes deadlock
* usb: gadget: u_audio: don't let userspace block driver unbind
drivers/usb/gadget/function/u_audio.c
* scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
drivers/scsi/scsi_devinfo.c
* cifs: empty interface list when server doesn't support query interfaces
fs/cifs/smb2ops.c
sh: sanitize the flags on sigreturn
* net: usb: qmi_wwan: add Telit 0x1080 composition
drivers/net/usb/qmi_wwan.c
* net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
drivers/net/usb/cdc_mbim.c
* scsi: ufs: core: Add soft dependency on governor_simpleondemand
drivers/scsi/ufs/ufshcd.c
* scsi: target: iscsi: Fix an error message in iscsi_check_key()
drivers/target/iscsi/iscsi_target_parameters.c
m68k: Only force 030 bus error if PC not in exception table
* ca8210: fix mac_len negative array access
drivers/net/ieee802154/ca8210.c
riscv: Bump COMMAND_LINE_SIZE value to 1024
* thunderbolt: Use const qualifier for `ring_interrupt_index`
drivers/thunderbolt/nhi.c
* uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
drivers/usb/storage/unusual_uas.h
hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
Bluetooth: btqcomsmd: Fix command timeout after setting BD address
* net: mdio: thunder: Add missing fwnode_handle_put()
drivers/net/phy/mdio-thunder.c
* hvc/xen: prevent concurrent accesses to the shared ring
drivers/tty/hvc/hvc_xen.c
net/sonic: use dma_mapping_error() for error check
* erspan: do not use skb_mac_header() in ndo_start_xmit()
net/ipv4/ip_gre.c
net/ipv6/ip6_gre.c
atm: idt77252: fix kmemleak when rmmod idt77252
net/mlx5: Read the TC mapping of all priorities on ETS query
* bpf: Adjust insufficient default bpf_jit_limit
kernel/bpf/core.c
net/ps3_gelic_net: Use dma_mapping_error
net/ps3_gelic_net: Fix RX sk_buff length
net: qcom/emac: Fix use after free bug in emac_remove due to race condition
xirc2ps_cs: Fix use after free bug in xirc2ps_detach
qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
* net: usb: smsc95xx: Limit packet length to skb->len
drivers/net/usb/smsc95xx.c
* scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
drivers/scsi/device_handler/scsi_dh_alua.c
i2c: imx-lpi2c: check only for enabled interrupt flags
igbvf: Regard vf reset nack as success
intel/igbvf: free irq on the error path in igbvf_request_msix()
iavf: fix inverted Rx hash condition leading to disabled hash
iavf: diet and reformat
* intel-ethernet: rename i40evf to iavf
drivers/net/ethernet/intel/Kconfig
drivers/net/ethernet/intel/Makefile
i40evf: Change a VF mac without reloading the VF driver
* power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
drivers/power/supply/da9150-charger.c
* UPSTREAM: fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
fs/verity/enable.c
* UPSTREAM: fsverity: Remove WQ_UNBOUND from fsverity read workqueue
fs/verity/verify.c
* BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool
block/blk-mq-tag.c
block/blk-mq-tag.h
block/blk-mq.c
Merge 4.19.279 into android-4.19-stable
Linux 4.19.279
* HID: uhid: Over-ride the default maximum data buffer value with our own
drivers/hid/uhid.c
* HID: core: Provide new max_buffer_size attribute to over-ride the default
drivers/hid/hid-core.c
include/linux/hid.h
* serial: 8250_em: Fix UART port type
drivers/tty/serial/8250/8250_em.c
drm/i915: Don't use stolen memory for ring buffers with LLC
x86/mm: Fix use of uninitialized buffer in sme_enable()
* fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
drivers/video/fbdev/stifb.c
* ftrace: Fix invalid address access in lookup_rec() when index is 0
kernel/trace/ftrace.c
* tracing: Make tracepoint lockdep check actually test something
include/linux/tracepoint.h
* tracing: Check field value in hist_field_name()
kernel/trace/trace_events_hist.c
* sh: intc: Avoid spurious sizeof-pointer-div warning
include/linux/sh_intc.h
drm/amdkfd: Fix an illegal memory access
* ext4: fix task hung in ext4_xattr_delete_inode
fs/ext4/xattr.c
* ext4: fail ext4_iget if special inode unallocated
fs/ext4/inode.c
* jffs2: correct logic when creating a hole in jffs2_write_begin
fs/jffs2/file.c
mmc: atmel-mci: fix race between stop command and start of next command
media: m5mols: fix off-by-one loop termination error
hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
hwmon: (adt7475) Fix masking of hysteresis registers
hwmon: (adt7475) Display smoothing attributes in correct order
ethernet: sun: add check for the mdesc_grab()
* net/iucv: Fix size of interrupt data
net/iucv/iucv.c
* net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull
drivers/net/usb/smsc75xx.c
* ipv4: Fix incorrect table ID in IOCTL path
net/ipv4/fib_frontend.c
block: sunvdc: add check for mdesc_grab() returning NULL
* nvmet: avoid potential UAF in nvmet_req_complete()
drivers/nvme/target/core.c
* net: usb: smsc75xx: Limit packet length to skb->len
drivers/net/usb/smsc75xx.c
* nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
drivers/nfc/st-nci/ndlc.c
* net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails
drivers/net/phy/smsc.c
* net: tunnels: annotate lockless accesses to dev->needed_headroom
include/linux/netdevice.h
net/ipv4/ip_tunnel.c
net/ipv6/ip6_tunnel.c
qed/qed_dev: guard against a possible division by zero
* nfc: pn533: initialize struct pn533_out_arg properly
drivers/nfc/pn533/usb.c
* tcp: tcp_make_synack() can be called from process context
net/ipv4/tcp_output.c
* clk: HI655X: select REGMAP instead of depending on it
drivers/clk/Kconfig
* fs: sysfs_emit_at: Remove PAGE_SIZE alignment check
fs/sysfs/file.c
* ext4: fix cgroup writeback accounting with fs-layer encryption
fs/ext4/page-io.c
UPSTREAM: ext4: fix another off-by-one fsmap error on 1k block filesystems
Bug: 280919362
Change-Id: I82670fbe6b3ec996da2d714238e86e360c10ccd8
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Wilson Sung
|
09d634c1ac |
Merge android-4.19-stable (4.19.278) into android-msm-pixel-4.19-lts
Merge 4.19.278 into android-4.19-stable
Linux 4.19.278
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
net: caif: Fix use-after-free in cfusbl_device_notify()
drm/i915: Don't use BAR mappings for ring buffers with LLC
* tipc: improve function tipc_wait_for_cond()
net/tipc/socket.c
media: ov5640: Fix analogue gain control
* PCI: Add SolidRun vendor ID
include/linux/pci_ids.h
macintosh: windfarm: Use unsigned type for 1-bit bitfields
alpha: fix R_ALPHA_LITERAL reloc for large modules
MIPS: Fix a compilation issue
Revert "spi: mt7621: Fix an error message in mt7621_spi_probe()"
* scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
drivers/scsi/hosts.c
* kbuild: generate modules.order only in directories visited by obj-y/m
scripts/Makefile.build
* kbuild: fix false-positive need-builtin calculation
scripts/Makefile.build
udf: Detect system inodes linked into directory hierarchy
udf: Preserve link count of system files
udf: Remove pointless union in udf_inode_info
udf: reduce leakage of blocks related to named streams
udf: Explain handling of load_nls() failure
nfc: change order inside nfc_se_io error path
* ext4: zero i_disksize when initializing the bootloader inode
fs/ext4/ioctl.c
* ext4: fix WARNING in ext4_update_inline_data
fs/ext4/xattr.c
* ext4: move where set the MAY_INLINE_DATA flag is set
fs/ext4/inline.c
fs/ext4/inode.c
* ext4: fix another off-by-one fsmap error on 1k block filesystems
fs/ext4/fsmap.c
* ext4: fix RENAME_WHITEOUT handling for inline directories
fs/ext4/namei.c
x86/CPU/AMD: Disable XSAVES on AMD family 0x17
* fs: prevent out-of-bounds array speculation when closing a file descriptor
fs/file.c
Merge 4.19.277 into android-4.19-stable
Linux 4.19.277
staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
* wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
net/wireless/sme.c
Merge 4.19.276 into android-4.19-stable
Linux 4.19.276
thermal: intel: powerclamp: Fix cur_state for multi package system
* f2fs: fix cgroup writeback accounting with fs-layer encryption
fs/f2fs/data.c
media: uvcvideo: Fix race condition with usb_kill_urb
media: uvcvideo: Provide sync and async uvc_ctrl_status_event
* tcp: Fix listen() regression in 4.19.270
net/ipv4/inet_connection_sock.c
s390/setup: init jump labels before command line parsing
s390/maccess: add no DAT mode to kernel_write
* Bluetooth: hci_sock: purge socket queues in the destruct() callback
net/bluetooth/hci_sock.c
phy: rockchip-typec: Fix unsigned comparison with less than zero
* usb: uvc: Enumerate valid values for color matching
include/uapi/linux/usb/video.h
USB: ene_usb6250: Allocate enough memory for full object
usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
tools/iio/iio_utils:fix memory leak
mei: bus-fixup:upon error print return values of send and receive
tty: serial: fsl_lpuart: disable the CTS when send break signal
* tty: fix out-of-bounds access in tty_driver_lookup_tty()
drivers/tty/tty_io.c
* media: uvcvideo: Silence memcpy() run-time false positive warnings
include/uapi/linux/uvcvideo.h
media: uvcvideo: Handle errors from calls to usb_string
media: uvcvideo: Handle cameras with invalid descriptors
firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
* tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
kernel/trace/ring_buffer.c
thermal: intel: quark_dts: fix error pointer dereference
scsi: ipr: Work around fortify-string warning
vc_screen: modify vcs_size() handling in vcs_read()
* tcp: tcp_check_req() can be called from process context
net/ipv4/tcp_minisocks.c
ARM: dts: spear320-hmi: correct STMPE GPIO compatible
nfc: fix memory leak of se_io context in nfc_genl_se_io
9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
9p/xen: fix connection sequence
9p/xen: fix version parsing
* net: fix __dev_kfree_skb_any() vs drop monitor
net/core/dev.c
* netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
net/netfilter/nf_conntrack_netlink.c
watchdog: pcwd_usb: Fix attempting to access uninitialized memory
* watchdog: Fix kmemleak in watchdog_cdev_register
drivers/watchdog/watchdog_dev.c
watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
ubifs: dirty_cow_znode: Fix memleak in error handling path
ubifs: Re-statistic cleaned znode count if commit failed
ubi: Fix possible null-ptr-deref in ubi_free_volume()
ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
ubi: Fix use-after-free when volume resizing failed
ubifs: Reserve one leb for each journal head while doing budget
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
ubifs: Fix wrong dirty space budget for dirty inode
ubifs: Rectify space budget for ubifs_xrename()
ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
ubi: ensure that VID header offset + VID header size <= alloc, size
um: vector: Fix memory leak in vector_config
pwm: stm32-lp: fix the check on arr and cmp registers update
fs/jfs: fix shift exponent db_agl2size negative
* net/sched: Retire tcindex classifier
net/sched/Kconfig
net/sched/Makefile
* kbuild: Port silent mode detection to future gnu make.
Makefile
wifi: ath9k: use proper statements in conditionals
drm/radeon: Fix eDP for single-display iMac11,2
* PCI: Avoid FLR for AMD FCH AHCI adapters
drivers/pci/quirks.c
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
scsi: ses: Don't attach if enclosure has no components
scsi: qla2xxx: Fix erroneous link down
scsi: qla2xxx: Fix link failure in NPIV environment
ktest.pl: Add RUN_TIMEOUT option with default unlimited
ktest.pl: Fix missing "end_monitor" when machine check fails
ktest.pl: Give back console on Ctrt^C on monitor
media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
mips: fix syscall_get_nr
alpha: fix FEN fault handling
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
ARM: dts: exynos: correct TMU phandle in Odroid XU
ARM: dts: exynos: correct TMU phandle in Exynos4
dm flakey: don't corrupt the zero page
dm flakey: fix logic when corrupting a bio
* wifi: cfg80211: Fix use after free for wext
net/wireless/sme.c
wifi: rtl8xxxu: Use a longer retry limit of 48
* ext4: refuse to create ea block when umounted
fs/ext4/xattr.c
* ext4: optimize ea_inode block expansion
fs/ext4/xattr.c
ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
* irqdomain: Drop bogus fwspec-mapping error handling
kernel/irq/irqdomain.c
* irqdomain: Fix disassociation race
kernel/irq/irqdomain.c
* irqdomain: Fix association race
kernel/irq/irqdomain.c
* ima: Align ima_file_mmap() parameters with mmap_file LSM hook
include/linux/ima.h
security/security.c
Documentation/hw-vuln: Document the interaction between IBRS and STIBP
x86/speculation: Allow enabling STIBP with legacy IBRS
x86/microcode/AMD: Fix mixed steppings support
x86/microcode/AMD: Add a @cpu parameter to the reloading functions
x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
* x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
include/linux/kprobes.h
* x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
include/linux/kprobes.h
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
x86/reboot: Disable virtualization in an emergency if SVM is supported
x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
udf: Fix file corruption when appending just after end of preallocated extent
udf: Do not update file length for failed writes to inline files
udf: Do not bother merging very long extents
udf: Truncate added extents on failed expansion
ocfs2: fix non-auto defrag path not working issue
ocfs2: fix defrag path triggering jbd2 ASSERT
* f2fs: fix information leak in f2fs_move_inline_dirents()
fs/f2fs/inline.c
fs: hfsplus: fix UAF issue in hfsplus_put_super
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
ARM: dts: exynos: correct HDMI phy compatible in Exynos4
s390/kprobes: fix current_kprobe never cleared after kprobes reenter
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
s390: discard .interp section
* rtc: pm8xxx: fix set-alarm race
drivers/rtc/rtc-pm8xxx.c
firmware: coreboot: framebuffer: Ignore reserved pixel color bits
wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
dm cache: add cond_resched() to various workqueue loops
dm thin: add cond_resched() to various workqueue loops
pinctrl: at91: use devm_kasprintf() to avoid potential leaks
regulator: s5m8767: Bounds check id indexing into arrays
regulator: max77802: Bounds check regulator id against opmode
ASoC: kirkwood: Iterate over array indexes instead of using pointer math
docs/scripts/gdb: add necessary make scripts_gdb step
drm/msm/dsi: Add missing check for alloc_ordered_workqueue
drm/radeon: free iio for atombios when driver shutdown
drm/amd/display: Fix potential null-deref in dm_resume
net/mlx5: fw_tracer: Fix debug print
ACPI: video: Fix Lenovo Ideapad Z570 DMI match
m68k: Check syscall_trace_enter() return code
net: bcmgenet: Add a check for oversized packets
ACPI: Don't build ACPICA with '-Os'
* inet: fix fast path in __inet_hash_connect()
net/ipv4/inet_hashtables.c
wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
x86/bugs: Reset speculation control settings on init
* timers: Prevent union confusion from unexpected restart_syscall()
kernel/time/hrtimer.c
kernel/time/posix-timers.c
thermal: intel: Fix unsigned comparison with less than zero
* rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
kernel/rcu/tree_exp.h
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
udf: Define EFSCORRUPTED error code
* rpmsg: glink: Avoid infinite loop on intent for missing channel
drivers/rpmsg/qcom_glink_native.c
media: usb: siano: Fix use after free bugs caused by do_submit_urb
media: i2c: ov7670: 0 instead of -EINVAL was returned
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
media: i2c: ov772x: Fix memleak in ov772x_probe()
powerpc: Remove linker flag from KBUILD_AFLAGS
media: platform: ti: Add missing check for devm_regulator_get
MIPS: vpe-mt: drop physical_memsize
powerpc/rtas: ensure 4KB alignment for rtas_data_buf
powerpc/rtas: make all exports GPL
powerpc/pseries/lparcfg: add missing RTAS retry status handling
* clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
drivers/clk/clk.c
powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
Input: ads7846 - don't check penirq immediately for 7845
Input: ads7846 - don't report pressure for ads7845
mtd: rawnand: sunxi: Fix the size of the last OOB region
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
selftests/ftrace: Fix bash specific "==" operator
sparc: allow PM configs for sparc32 COMPILE_TEST
perf tools: Fix auto-complete on aarch64
perf llvm: Fix inadvertent file creation
gfs2: jdata writepage fix
cifs: Fix warning and UAF when destroy the MR list
cifs: Fix lost destroy smbd connection when MR allocate failed
nfsd: fix race to check ls_layouts
* dm: remove flush_scheduled_work() during local_exit()
drivers/md/dm.c
hwmon: (mlxreg-fan) Return zero speed for broken fan
spi: bcm63xx-hsspi: Fix multi-bit mode setting
spi: bcm63xx-hsspi: fix pm_runtime
scsi: aic94xx: Add missing check for dma_map_single()
hwmon: (ltc2945) Handle error case in ltc2945_value_store
gpio: vf610: connect GPIO label to dev name
* ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
sound/soc/soc-compress.c
drm/mediatek: Clean dangling pointer on bind error path
drm/mediatek: Drop unbalanced obj unref
gpu: host1x: Don't skip assigning syncpoints to channels
drm/msm/dpu: Add check for pstates
drm/msm: use strscpy instead of strncpy
* drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
drivers/gpu/drm/drm_mipi_dsi.c
include/drm/drm_mipi_dsi.h
ALSA: hda/ca0132: minor fix for allocation size
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
drm/vc4: dpi: Fix format mapping for RGB565
drm/vc4: dpi: Add option for inverting pixel clock and output enable
* drm: Clarify definition of the DRM_BUS_FLAG_(PIXDATA|SYNC)_* macros
include/drm/drm_connector.h
drm/bridge: megachips: Fix error handling in i2c_register_driver()
* drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
drivers/gpu/drm/mxsfb/Kconfig
selftest: fib_tests: Always cleanup before exit
irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
crypto: crypto4xx - Call dma_unmap_page when done
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
wifi: iwl3945: Add missing check for create_singlethread_workqueue
RISC-V: time: initialize hrtimer based broadcast clock event device
m68k: /proc/hardware should depend on PROC_FS
* crypto: rsa-pkcs1pad - Use akcipher_request_complete
crypto/rsa-pkcs1pad.c
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
* Bluetooth: L2CAP: Fix potential user-after-free
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
net/mlx5: Enhance debug print in page allocation failure
powercap: fix possible name leak in powercap_register_zone()
* crypto: seqiv - Handle EBUSY correctly
crypto/seqiv.c
ACPI: battery: Fix missing NUL-termination with large strings
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
ath9k: htc: clean up statistics macros
ath9k: hif_usb: simplify if-if to if-else
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
wifi: orinoco: check return value of hermes_write_wordrec()
ACPICA: nsrepair: handle cases without a return value correctly
* lib/mpi: Fix buffer overrun when SG is too long
lib/mpi/mpicoder.c
* genirq: Fix the return type of kstat_cpu_irqs_sum()
include/linux/kernel_stat.h
ACPICA: Drop port I/O validation for some regions
wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
wifi: ipw2200: fix memory leak in ipw_wdev_init()
wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
ipw2x00: switch from 'pci_' to 'dma_' API
wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
rtlwifi: fix -Wpointer-sign warning
wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: libertas: fix memory leak in lbs_init_adapter()
wifi: rsi: Fix memory leak in rsi_coex_attach()
block: bio-integrity: Copy flags when bio_integrity_payload is cloned
* blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
block/blk-mq-sched.c
arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
arm64: dts: meson-axg: enable SCPI
arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
ARM: imx: Call ida_simple_remove() for ida_simple_get
ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
arm64: dts: meson-gx: Fix Ethernet MAC address unit name
ARM: zynq: Fix refcount leak in zynq_early_slcr_init
ARM: OMAP2+: Fix memory leak in realtime_counter_init()
HID: asus: use spinlock to safely schedule workers
HID: asus: use spinlock to protect concurrent accesses
HID: asus: Remove check for same LED brightness on set
Merge 4.19.275 into android-4.19-stable
Linux 4.19.275
* USB: core: Don't hold device lock while reading the "descriptors" sysfs file
drivers/usb/core/hub.c
drivers/usb/core/sysfs.c
USB: serial: option: add support for VW/Skoda "Carstick LTE"
dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
vc_screen: don't clobber return value in vcs_read
* net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
net/core/stream.c
IB/hfi1: Assign npages earlier
btrfs: send: limit number of clones and allocated memory size
ACPI: NFIT: fix a potential deadlock during NFIT teardown
ARM: dts: rockchip: add power-domains property to dp node on rk3288
* UPSTREAM: selinux: check return value of sel_make_avc_files
security/selinux/selinuxfs.c
UPSTREAM: lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
UPSTREAM: wireguard: ratelimiter: use kvcalloc() instead of kvzalloc()
UPSTREAM: wireguard: receive: drop handshakes if queue lock is contended
UPSTREAM: wireguard: receive: use ring buffer for incoming handshakes
* UPSTREAM: wireguard: device: reset peer src endpoint when netns exits
include/net/dst_cache.h
net/core/dst_cache.c
UPSTREAM: wireguard: selftests: actually test for routing loops
UPSTREAM: kasan: fix tag for large allocations when using CONFIG_SLAB
* UPSTREAM: usb: musb: select GENERIC_PHY instead of depending on it
drivers/usb/musb/Kconfig
* UPSTREAM: driver core: Reject pointless SYNC_STATE_ONLY device links
drivers/base/core.c
* BACKPORT: PM: EM: Fix inefficient states detection
kernel/power/energy_model.c
* UPSTREAM: cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
net/wireless/scan.c
* UPSTREAM: thermal/core: Fix thermal_cooling_device_register() prototype
include/linux/thermal.h
* UPSTREAM: PM: EM: Increase energy calculation precision
include/linux/energy_model.h
kernel/power/energy_model.c
UPSTREAM: lib/test_stackinit: Fix static initializer test
BACKPORT: userfaultfd: do not untag user pointers
UPSTREAM: net/xfrm/compat: Copy xfrm_spdattr_type_t atributes
* UPSTREAM: sched/uclamp: Ignore max aggregation if rq is idle
kernel/sched/sched.h
* UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
net/xfrm/xfrm_user.c
* UPSTREAM: f2fs: Advertise encrypted casefolding in sysfs
fs/f2fs/sysfs.c
* UPSTREAM: fuse: ignore PG_workingset after stealing
fs/fuse/dev.c
* BACKPORT: loop: Fix missing discard support when using LOOP_CONFIGURE
drivers/block/loop.c
* BACKPORT: nvmem: core: add a missing of_node_put
drivers/nvmem/core.c
* UPSTREAM: usb: typec: mux: Fix copy-paste mistake in typec_mux_match
drivers/usb/typec/mux.c
Merge 4.19.274 into android-4.19-stable
Linux 4.19.274
* bpf: add missing header file include
kernel/bpf/core.c
* ext4: Fix function prototype mismatch for ext4_feat_ktype
fs/ext4/sysfs.c
wifi: mwifiex: Add missing compatible string for SD8787
* uaccess: Add speculation barrier to copy_from_user()
include/linux/nospec.h
kernel/bpf/core.c
lib/usercopy.c
mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
* alarmtimer: Prevent starvation by small intervals and SIG_IGN
kernel/time/alarmtimer.c
powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
* random: always mix cycle counter in add_latent_entropy()
include/linux/random.h
powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
wifi: rtl8xxxu: gen2: Turn on the rate control
* BACKPORT: fscrypt: fix derivation of SipHash keys on big endian CPUs
fs/crypto/keysetup.c
UPSTREAM: wireguard: allowedips: free empty intermediate nodes when removing single node
BACKPORT: wireguard: allowedips: allocate nodes in kmem_cache
Merge "Merge 4.19.273 into android-4.19-stable" into android-4.19-stable
Merge 4.19.273 into android-4.19-stable
Linux 4.19.273
net: phy: meson-gxl: Add generic dummy stubs for MMD register access
nilfs2: fix underflow in second superblock position calculations
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
i40e: Add checking for null for nlmsg_find_attr()
* ipv6: Fix tcp socket connection with DSCP.
net/ipv6/tcp_ipv6.c
* ipv6: Fix datagram socket connection with DSCP.
net/ipv6/datagram.c
net: mpls: fix stale pointer if allocation fails during device rename
net: stmmac: Restrict warning on disabling DMA store and fwd mode
bnxt_en: Fix mqprio and XDP ring checking logic
net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
* dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
include/net/sock.h
net/ipv6/tcp_ipv6.c
net: bgmac: fix BCM5358 support by setting correct flags
i40e: add double of VLAN header when computing the max MTU
revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
* hugetlb: check for undefined shift on 32 bit architectures
include/linux/hugetlb.h
ALSA: hda/realtek - fixed wrong gpio assigned
ALSA: hda/conexant: add a new hda codec SN6180
mmc: sdio: fix possible resource leaks in some error paths
Revert "x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN"
netfilter: nft_tproxy: restrict to prerouting hook
* aio: fix mremap after fork null-deref
fs/aio.c
nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
net/rose: Fix to not accept on connected socket
tools/virtio: fix the vringh test for virtio ring changes
ASoC: cs42l56: fix DT probe
migrate: hugetlb: check for hugetlb shared PMD in node migration
* bpf: Always return target ifindex in bpf_fib_lookup
net/core/filter.c
arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
usb: typec: altmodes/displayport: Fix probe pin assign check
* usb: core: add quirk for Alcor Link AK9563 smartcard reader
drivers/usb/core/quirks.c
net: USB: Fix wrong-direction WARNING in plusb.c
pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
pinctrl: intel: Convert unsigned to unsigned int
pinctrl: single: fix potential NULL dereference
pinctrl: aspeed: Fix confusing types in return value
ALSA: pci: lx6464es: fix a debug loop
selftests: forwarding: lib: quote the sysctl values
rds: rds_rm_zerocopy_callback() use list_first_entry()
net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
net: phy: meson-gxl: add g12a support
* net: phy: add macros for PHYID matching
include/linux/phy.h
IB/hfi1: Restore allocated resources on failed copyout
ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
btrfs: limit device extents to the device size
iio:adc:twl6030: Enable measurement of VAC
thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
serial: 8250_dma: Fix DMA Rx rearm race
serial: 8250_dma: Fix DMA Rx completion race
* Squashfs: fix handling and sanity checking of xattr_ids count
fs/squashfs/squashfs_fs.h
* mm/swapfile: add cond_resched() in get_swap_pages()
mm/swapfile.c
* mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
fs/proc/task_mmu.c
include/linux/hugetlb.h
riscv: disable generation of unwind tables
parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
parisc: Fix return code of pdc_iodc_print()
iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
iio: adc: berlin2-adc: Add missing of_node_put() in error path
iio: hid: fix the retval in accel_3d_capture_sample
efi: Accept version 2 of memory attributes table
watchdog: diag288_wdt: fix __diag288() inline assembly
watchdog: diag288_wdt: do not use stack buffers for hardware data
fbcon: Check font dimension limits
thermal: intel: int340x: Protect trip temperature from concurrent updates
KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
KVM: VMX: Move caching of MSR_IA32_XSS to hardware_setup()
KVM: VMX: Move VMX specific files to a "vmx" subdirectory
nVMX x86: Check VMX-preemption timer controls on vmentry of L2 guests
Input: i8042 - add Clevo PCX0DX to i8042 quirk table
Input: i8042 - add TUXEDO devices to i8042 quirk tables
Input: i8042 - merge quirk tables
Input: i8042 - move __initconst to fix code styling warning
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
* usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
drivers/usb/gadget/function/f_fs.c
* usb: dwc3: qcom: enable vbus override when in OTG dr-mode
drivers/usb/dwc3/dwc3-qcom.c
* usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
drivers/usb/dwc3/dwc3-qcom.c
iio: adc: stm32-dfsdm: fill module aliases
net/x25: Fix to not accept on connected socket
i2c: rk3x: fix a bunch of kernel-doc warnings
scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
scsi: target: core: Fix warning on RT kernels
net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
ata: libata: Fix sata_down_spd_limit() when no link speed is reported
squashfs: harden sanity check in squashfs_read_xattr_id_table
netrom: Fix use-after-free caused by accept on already connected socket
ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
UPSTREAM: wireguard: allowedips: remove nodes in O(1)
UPSTREAM: wireguard: allowedips: initialize list head in selftest
UPSTREAM: wireguard: use synchronize_net rather than synchronize_rcu
UPSTREAM: wireguard: do not use -O3
UPSTREAM: wireguard: selftests: make sure rp_filter is disabled on vethc
BACKPORT: wireguard: selftests: remove old conntrack kconfig value
* BACKPORT: usb: typec: mux: Fix matching with typec_altmode_desc
drivers/usb/typec/mux.c
* UPSTREAM: sched/uclamp: Fix locking around cpu_util_update_eff()
kernel/sched/core.c
* UPSTREAM: sched/uclamp: Fix wrong implementation of cpu.uclamp.min
kernel/sched/core.c
UPSTREAM: usb: musb: Fix an error message
UPSTREAM: arm64: doc: Add brk/mmap/mremap() to the Tagged Address ABI Exceptions
* BACKPORT: selinux: add proper NULL termination to the secclass_map permissions
security/selinux/include/classmap.h
UPSTREAM: crypto: arm/curve25519 - Move '.fpu' after '.arch'
UPSTREAM: libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC
* UPSTREAM: of: property: fw_devlink: do not link ".*,nr-gpios"
drivers/of/property.c
UPSTREAM: xfrm/compat: Cleanup WARN()s that can be user-triggered
UPSTREAM: wireguard: selftests: test multiple parallel streams
UPSTREAM: crypto: mips: add poly1305-core.S to .gitignore
* BACKPORT: arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
arch/arm64/include/asm/memory.h
* UPSTREAM: crypto: mips/poly1305 - enable for all MIPS processors
crypto/Kconfig
drivers/net/Kconfig
UPSTREAM: kbuild: do not include include/config/auto.conf from adjust_autoksyms.sh
* UPSTREAM: wireguard: kconfig: use arm chacha even with no neon
drivers/net/Kconfig
UPSTREAM: wireguard: queueing: get rid of per-peer ring buffers
UPSTREAM: wireguard: device: do not generate ICMP for non-IP packets
BACKPORT: mac80211_hwsim: notify wmediumd of used MAC addresses
BACKPORT: mac80211_hwsim: add concurrent channels scanning support over virtio
* BACKPORT: perf_event_open: switch to copy_struct_from_user()
kernel/events/core.c
* BACKPORT: sched_setattr: switch to copy_struct_from_user()
kernel/sched/core.c
Bug: 274413561
Change-Id: I4334c7024c0a0b0ff52123bda3f51c09f35ebf56
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Zheng Wang
|
3405eb641d |
nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
[ Upstream commit 5000fe6c27827a61d8250a7e4a1d26c3298ef4f6 ]
This bug influences both st_nci_i2c_remove and st_nci_spi_remove.
Take st_nci_i2c_remove as an example.
In st_nci_i2c_probe, it called ndlc_probe and bound &ndlc->sm_work
with llt_ndlc_sm_work.
When it calls ndlc_recv or timeout handler, it will finally call
schedule_work to start the work.
When we call st_nci_i2c_remove to remove the driver, there
may be a sequence as follows:
Fix it by finishing the work before cleanup in ndlc_remove
CPU0 CPU1
|llt_ndlc_sm_work
st_nci_i2c_remove |
ndlc_remove |
st_nci_remove |
nci_free_device|
kfree(ndev) |
//free ndlc->ndev |
|llt_ndlc_rcv_queue
|nci_recv_frame
|//use ndlc->ndev
Fixes:
|
||
|
Fedor Pchelkin
|
4c20a07ed2 |
nfc: pn533: initialize struct pn533_out_arg properly
[ Upstream commit 484b7059796e3bc1cb527caa61dfc60da649b4f6 ] struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases inside pn533_out_complete() callback function. It causes the following failure: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.2.0-rc3-next-20230110-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 RIP: 0010:pn533_out_complete.cold+0x15/0x44 drivers/nfc/pn533/usb.c:441 Call Trace: <IRQ> __usb_hcd_giveback_urb+0x2b6/0x5c0 drivers/usb/core/hcd.c:1671 usb_hcd_giveback_urb+0x384/0x430 drivers/usb/core/hcd.c:1754 dummy_timer+0x1203/0x32d0 drivers/usb/gadget/udc/dummy_hcd.c:1988 call_timer_fn+0x1da/0x800 kernel/time/timer.c:1700 expire_timers+0x234/0x330 kernel/time/timer.c:1751 __run_timers kernel/time/timer.c:2022 [inline] __run_timers kernel/time/timer.c:1995 [inline] run_timer_softirq+0x326/0x910 kernel/time/timer.c:2035 __do_softirq+0x1fb/0xaf6 kernel/softirq.c:571 invoke_softirq kernel/softirq.c:445 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:650 irq_exit_rcu+0x9/0x20 kernel/softirq.c:662 sysvec_apic_timer_interrupt+0x97/0xc0 arch/x86/kernel/apic/apic.c:1107 Initialize the field with the pn533_usb_phy currently used. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. Fixes: 9dab880d675b ("nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()") Reported-by: syzbot+1e608ba4217c96d1952f@syzkaller.appspotmail.com Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru> Reviewed-by: Simon Horman <simon.horman@corigine.com> Link: https://lore.kernel.org/r/20230309165050.207390-1-pchelkin@ispras.ru Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Kang Chen
|
98f49e693e |
nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
commit 11f180a5d62a51b484e9648f9b310e1bd50b1a57 upstream.
devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause
out-of-bounds write in device_property_read_u8_array later.
Fixes:
|
||
|
Fedor Pchelkin
|
af452e35b9 |
nfc: fix memory leak of se_io context in nfc_genl_se_io
[ Upstream commit 25ff6f8a5a3b8dc48e8abda6f013e8cc4b14ffea ]
The callback context for sending/receiving APDUs to/from the selected
secure element is allocated inside nfc_genl_se_io and supposed to be
eventually freed in se_io_cb callback function. However, there are several
error paths where the bwi_timer is not charged to call se_io_cb later, and
the cb_context is leaked.
The patch proposes to free the cb_context explicitly on those error paths.
At the moment we can't simply check 'dev->ops->se_io()' return value as it
may be negative in both cases: when the timer was charged and was not.
Fixes:
|
||
|
Wilson Sung
|
63376759a1 |
Merge android-4.19-stable (4.19.272) into android-msm-pixel-4.19-lts
Merge 4.19.272 into android-4.19-stable
Linux 4.19.272
* usb: host: xhci-plat: add wakeup entry at sysfs
drivers/usb/host/xhci-plat.c
* ipv6: ensure sane device mtu in tunnels
net/ipv6/ip6_tunnel.c
net/ipv6/sit.c
* exit: Use READ_ONCE() for all oops/warn limit reads
kernel/exit.c
kernel/panic.c
docs: Fix path paste-o for /sys/kernel/warn_count
* panic: Expose "warn_count" to sysfs
kernel/panic.c
* panic: Introduce warn_limit
kernel/panic.c
* panic: Consolidate open-coded panic_on_warn checks
include/linux/kernel.h
kernel/panic.c
kernel/sched/core.c
* exit: Allow oops_limit to be disabled
kernel/exit.c
* exit: Expose "oops_count" to sysfs
kernel/exit.c
* exit: Put an upper limit on how often we can oops
kernel/exit.c
ia64: make IA64_MCA_RECOVERY bool instead of tristate
h8300: Fix build errors from do_exit() to make_task_dead() transition
hexagon: Fix function name in die()
objtool: Add a missing comma to avoid string concatenation
* exit: Add and use make_task_dead.
arch/arm64/kernel/traps.c
arch/arm64/mm/fault.c
include/linux/sched/task.h
kernel/exit.c
* panic: unset panic_on_warn inside panic()
kernel/panic.c
* sysctl: add a new register_sysctl_init() interface
fs/proc/proc_sysctl.c
include/linux/sysctl.h
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
ARM: dts: imx: Fix pca9547 i2c-mux node name
x86/entry/64: Add instruction suffix to SYSRET
x86/asm: Fix an assembler warning with current binutils
drm/i915/display: fix compiler warning about array overrun
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode"
net/tg3: resolve deadlock in tg3_reset_task() during EEH
net: ravb: Fix possible hang if RIS2_QFF1 happen
* sctp: fail if no bound addresses can be used for a given scope
net/sctp/bind_addr.c
netrom: Fix use-after-free of a listening socket.
* netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
net/netfilter/nf_conntrack_proto_sctp.c
* ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
net/ipv4/metrics.c
* netlink: annotate data races around sk_state
net/netlink/af_netlink.c
* netlink: annotate data races around dst_portid and dst_group
net/netlink/af_netlink.c
* netlink: annotate data races around nlk->portid
net/netlink/af_netlink.c
* netlink: remove hash::nelems check in netlink_insert
net/netlink/af_netlink.c
netfilter: nft_set_rbtree: skip elements in transaction from garbage collection
* net: fix UaF in netns ops registration error path
net/core/net_namespace.c
* EDAC/device: Respect any driver-supplied workqueue polling value
drivers/edac/edac_device.c
ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
cifs: Fix oops due to uncleared server->smbd_conn in reconnect
smbd: Make upper layer decide when to destroy the transport
trace_events_hist: add check for return value of 'create_hist_field'
* tracing: Make sure trace_printk() can output as soon as it can be used
kernel/trace/trace.c
kernel/trace/trace.h
kernel/trace/trace_output.c
* module: Don't wait for GOING modules
kernel/module.c
scsi: hpsa: Fix allocation size for scsi_host_alloc()
* Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
net/bluetooth/hci_core.c
fs: reiserfs: remove useless new_opts in reiserfs_remount
perf env: Do not return pointers to local variables
* block: fix and cleanup bio_check_ro
block/blk-core.c
* netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
net/netfilter/nf_conntrack_proto_tcp.c
w1: fix WARNING after calling w1_process()
w1: fix deadloop in __w1_remove_master_device()
* tcp: avoid the lookup process failing to get sk in ehash table
net/ipv4/inet_hashtables.c
net/ipv4/inet_timewait_sock.c
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node()
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
dmaengine: xilinx_dma: program hardware supported buffer length
dmaengine: xilinx_dma: commonize DMA copy size calculation
HID: betop: check shape of output reports
net: macb: fix PTP TX timestamp failure due to packet padding
* dmaengine: Fix double increment of client_count in dma_chan_get()
drivers/dma/dmaengine.c
net: mlx5: eliminate anonymous module_init & module_exit
* usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
drivers/usb/gadget/function/f_fs.c
* usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
drivers/usb/gadget/function/f_fs.c
* HID: check empty report_list in hid_validate_values()
drivers/hid/hid-core.c
* net: mdio: validate parameter addr in mdiobus_get_phy()
drivers/net/phy/mdio_bus.c
net: usb: sr9700: Handle negative len
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
net: nfc: Fix use-after-free in local_cleanup()
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on()
* bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
kernel/bpf/verifier.c
amd-xgbe: Delay AN timeout during KR training
amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
affs: initialize fsdata in affs_truncate()
IB/hfi1: Fix expected receive setup error exit issues
IB/hfi1: Reserve user expected TIDs
IB/hfi1: Reject a zero-length user expected buffer
tomoyo: fix broken dependency on *.conf.default
EDAC/highbank: Fix memory leak in highbank_mc_probe()
HID: intel_ish-hid: Add check for ishtp_dma_tx_map
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
UPSTREAM: tcp: fix tcp_rmem documentation
* UPSTREAM: nvmem: core: skip child nodes not matching binding
drivers/nvmem/core.c
* BACKPORT: nvmem: core: Fix a resource leak on error in nvmem_add_cells_from_of()
drivers/nvmem/core.c
* UPSTREAM: sched/eas: Don't update misfit status if the task is pinned
kernel/sched/fair.c
* BACKPORT: arm64: link with -z norelro for LLD or aarch64-elf
arch/arm64/Makefile
* UPSTREAM: driver: core: Fix list corruption after device_del()
drivers/base/core.c
* UPSTREAM: coresight: tmc-etr: Fix barrier packet insertion for perf buffer
drivers/hwtracing/coresight/coresight-tmc-etr.c
* UPSTREAM: f2fs: fix double free of unicode map
fs/f2fs/super.c
* BACKPORT: net: xfrm: fix memory leak in xfrm_user_policy()
net/xfrm/xfrm_state.c
UPSTREAM: xfrm/compat: Don't allocate memory with __GFP_ZERO
UPSTREAM: xfrm/compat: memset(0) 64-bit padding at right place
UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
* UPSTREAM: scsi: ufs: Fix missing brace warning for old compilers
drivers/scsi/ufs/ufshcd-crypto.c
* UPSTREAM: arm64: vdso32: make vdso32 install conditional
arch/arm64/Makefile
* UPSTREAM: loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE
drivers/block/loop.c
BACKPORT: drm/virtio: fix missing dma_fence_put() in virtio_gpu_execbuffer_ioctl()
* BACKPORT: sched/uclamp: Protect uclamp fast path code with static key
kernel/sched/core.c
kernel/sched/cpufreq_schedutil.c
kernel/sched/sched.h
* BACKPORT: sched/uclamp: Fix initialization of struct uclamp_rq
kernel/sched/core.c
* UPSTREAM: coresight: etmv4: Fix CPU power management setup in probe() function
drivers/hwtracing/coresight/coresight-etm4x.c
* UPSTREAM: arm64: vdso: Add --eh-frame-hdr to ldflags
arch/arm64/kernel/vdso/Makefile
* BACKPORT: arm64: vdso: Add '-Bsymbolic' to ldflags
arch/arm64/kernel/vdso/Makefile
UPSTREAM: drm/virtio: fix a wait_event condition
* BACKPORT: sched/topology: Don't try to build empty sched domains
kernel/cgroup/cpuset.c
kernel/sched/topology.c
* BACKPORT: binder: prevent UAF read in print_binder_transaction_log_entry()
drivers/android/binder.c
drivers/android/binder_internal.h
* BACKPORT: copy_process(): don't use ksys_close() on cleanups
kernel/fork.c
* BACKPORT: arm64: vdso: Remove unnecessary asm-offsets.c definitions
arch/arm64/kernel/asm-offsets.c
* UPSTREAM: locking/lockdep, cpu/hotplug: Annotate AP thread
kernel/cpu.c
* Revert "xhci: Add a flag to disable USB3 lpm on a xhci root port level."
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
Merge 4.19.271 into android-4.19-stable
BACKPORT: mac80211_hwsim: add concurrent channels scanning support over virtio
* BACKPORT: mac80211_hwsim: add frame transmission support over virtio This allows communication with external entities.
include/uapi/linux/virtio_ids.h
* BACKPORT: driver core: Skip unnecessary work when device doesn't have sync_state()
drivers/base/core.c
Linux 4.19.271
x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
* Revert "ext4: generalize extents status tree search functions"
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* Revert "ext4: add new pending reservation mechanism"
fs/ext4/ext4.h
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/super.c
* Revert "ext4: fix reserved cluster accounting at delayed write time"
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* Revert "ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline"
fs/ext4/extents.c
gsmi: fix null-deref in gsmi_get_variable
serial: atmel: fix incorrect baudrate setup
serial: pch_uart: Pass correct sg to dma_unmap_sg()
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
* usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
drivers/usb/gadget/function/f_ncm.c
usb: gadget: g_webcam: Send color matching descriptor per frame
usb: typec: altmodes/displayport: Fix pin assignment calculation
usb: typec: altmodes/displayport: Add pin assignment helper
usb: host: ehci-fsl: Fix module alias
USB: serial: cp210x: add SCALANCE LPE-9000 device id
cifs: do not include page data when checking signature
mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
comedi: adv_pci1760: Fix PWM instruction handling
* usb: core: hub: disable autosuspend for TI TUSB8041
drivers/usb/core/hub.c
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
USB: serial: option: add Quectel EM05CN modem
USB: serial: option: add Quectel EM05CN (SG) modem
USB: serial: option: add Quectel EC200U modem
USB: serial: option: add Quectel EM05-G (RS) modem
USB: serial: option: add Quectel EM05-G (CS) modem
USB: serial: option: add Quectel EM05-G (GR) modem
* prlimit: do_prlimit needs to have a speculation check
kernel/sys.c
* xhci: Add a flag to disable USB3 lpm on a xhci root port level.
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
* xhci: Fix null pointer dereference when host dies
drivers/usb/host/xhci.c
* usb: xhci: Check endpoint is valid before dereferencing it
drivers/usb/host/xhci-ring.c
* xhci-pci: set the dma max_seg_size
drivers/usb/host/xhci-pci.c
nilfs2: fix general protection fault in nilfs_btree_insert()
Add exception protection processing for vd in axi_chan_handle_err function
* f2fs: let's avoid panic if extent_tree is not created
fs/f2fs/extent_cache.c
RDMA/srp: Move large values to a new enum for gcc13
* net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
net/core/ethtool.c
pNFS/filelayout: Fix coalescing test for single DS
* ANDROID: usb: f_accessory: Check buffer size when initialised via composite
drivers/usb/gadget/configfs.c
drivers/usb/gadget/function/f_accessory.c
Merge 4.19.270 into android-4.19-stable
Linux 4.19.270
serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
serial: tegra: Only print FIFO error message when an error occurs
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
efi: fix NULL-deref in init error path
* arm64: cmpxchg_double*: hazard against entire exchange variable
arch/arm64/include/asm/atomic_ll_sc.h
arch/arm64/include/asm/atomic_lse.h
drm/virtio: Fix GEM handle creation UAF
x86/resctrl: Fix task CLOSID/RMID update race
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
net/mlx5: Fix ptp max frequency adjustment range
net/mlx5: Rename ptp clock info
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
hvc/xen: lock console list traversal
regulator: da9211: Use irq handler when ready
* EDAC/device: Fix period calculation in edac_device_reset_delay_period()
drivers/edac/edac_device.c
drivers/edac/edac_module.h
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
* ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
fs/ext4/exten Conflicts:
drivers/edac/edac_device.c
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/usb/core/hub.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/f_hid.c
kernel/panic.c
mm/kasan/report.cts.c
* ext4: fix reserved cluster accounting at delayed write time
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* ext4: add new pending reservation mechanism
fs/ext4/ext4.h
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/super.c
* ext4: generalize extents status tree search functions
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* ext4: fix uninititialized value in 'ext4_evict_inode'
fs/ext4/super.c
* ext4: fix use-after-free in ext4_orphan_cleanup
fs/ext4/inode.c
* ext4: lost matching-pair of trace in ext4_truncate
fs/ext4/inode.c
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
fs/quota/dquot.c
* quota: Factor out setup of quota inode
fs/quota/dquot.c
include/linux/quotaops.h
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
kest.pl: Fix grub2 menu handling for rebooting
ktest.pl: Fix incorrect reboot for grub2bls
ktest: introduce grub2bls REBOOT_TYPE option
ktest: cleanup get_grub_index
ktest: introduce _get_grub_index
ktest: Add support for meta characters in GRUB_MENU
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
wifi: wilc1000: sdio: fix module autoloading
* ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
net/ipv6/raw.c
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
cifs: Fix uninitialized memory read for smb311 posix symlink create
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
sound/core/control_compat.c
* net/ulp: prevent ULP without clone op from entering the LISTEN status
net/ipv4/inet_connection_sock.c
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
perf auxtrace: Fix address filter duplicate symbol selection
docs: Fix the docs build with Sphinx 6.0
* net: sched: disallow noqueue for qdisc classes
net/sched/sch_api.c
* driver core: Fix bus_type.match() error handling in __driver_attach()
drivers/base/dd.c
parisc: Align parisc MADV_XXX constants with all other architectures
* mbcache: Avoid nesting of cache->c_list_lock under bit locks
fs/mbcache.c
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
hfs/hfsplus: use WARN_ON for sanity check
* ext4: don't allow journal inode to have encrypt flag
fs/ext4/super.c
riscv: uaccess: fix type of 0 variable on error in get_user()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
x86/bugs: Flush IBP in ib_prctl_set()
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
udf: Fix extension of the last extent in the file
caif: fix memory leak in cfctrl_linkup_request()
usb: rndis_host: Secure rndis_query check against int overflow
net: sched: atm: dont intepret cls results when asked to drop
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
net: amd-xgbe: add missed tasklet_kill
nfc: Fix potential resource leaks
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
* bpf: pull before calling skb_postpull_rcsum()
net/core/filter.c
* SUNRPC: ensure the matching upcall is in-flight upon downcall
include/linux/sunrpc/rpc_pipe_fs.h
* ext4: fix deadlock due to mbcache entry corruption
fs/ext4/xattr.c
fs/mbcache.c
include/linux/mbcache.h
* mbcache: automatically delete entries from cache on freeing
fs/mbcache.c
include/linux/mbcache.h
* ext4: fix race when reusing xattr blocks
fs/ext4/xattr.c
* ext4: unindent codeblock in ext4_xattr_block_set()
fs/ext4/xattr.c
* ext4: remove EA inode entry from mbcache on inode eviction
fs/ext4/inode.c
fs/ext4/xattr.c
fs/ext4/xattr.h
* mbcache: add functions to delete entry if unused
fs/mbcache.c
include/linux/mbcache.h
* mbcache: don't reclaim used entries
fs/mbcache.c
* ext4: use kmemdup() to replace kmalloc + memcpy
fs/ext4/xattr.c
* ext4: correct inconsistent error msg in nojournal mode
fs/ext4/super.c
* ext4: goto right label 'failed_mount3a'
fs/ext4/super.c
* driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
drivers/base/dd.c
ravb: Fix "failed to switch device to config mode" message during unbind
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
dm thin: resume even if in FAIL mode
media: s5p-mfc: Fix in register read and write for H264
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix to handle reference queue during finishing
btrfs: replace strncpy() with strscpy()
btrfs: send: avoid unnecessary backref lookups when finding clone source
* ext4: allocate extended attribute value in vmalloc area
fs/ext4/xattr.c
* ext4: avoid unaccounted block allocation when expanding inode
fs/ext4/inode.c
* ext4: initialize quota before expanding inode in setproject ioctl
fs/ext4/ioctl.c
* ext4: fix inode leak in ext4_xattr_inode_create() on an error path
fs/ext4/xattr.c
* ext4: avoid BUG_ON when creating xattrs
fs/ext4/xattr.c
* ext4: fix error code return to user-space in ext4_get_branch()
fs/ext4/indirect.c
* ext4: fix corruption when online resizing a 1K bigalloc fs
fs/ext4/resize.c
* ext4: init quota for 'old.inode' in 'ext4_rename'
fs/ext4/namei.c
* ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
fs/ext4/ioctl.c
* ext4: add helper to check quota inums
fs/ext4/super.c
* ext4: fix undefined behavior in bit shift for ext4_check_flag_values
fs/ext4/ext4.h
* ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
fs/ext4/inode.c
drm/vmwgfx: Validate the box size for the snooped cursor
* drm/connector: send hotplug uevent on connector cleanup
drivers/gpu/drm/drm_connector.c
device_cgroup: Roll back to original exceptions after copy failure
parisc: led: Fix potential null-ptr-deref in start_task()
iommu/amd: Fix ivrs_acpihid cmdline parsing code
crypto: n2 - add missing hash statesize
* PCI/sysfs: Fix double free in error path
drivers/pci/pci-sysfs.c
* PCI: Fix pci_device_is_present() for VFs by checking PF
drivers/pci/pci.c
ipmi: fix use after free in _ipmi_destroy_user()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix long wait in unload when IPMI disconnect
md/bitmap: Fix bitmap chunk size overflow issues
cifs: fix confusing debug message
media: dvb-core: Fix UAF due to refcount races at releasing
media: dvb-core: Fix double free in dvb_register_device()
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
* tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
kernel/trace/trace.c
x86/microcode/intel: Do not retry microcode reloading on the APs
dm cache: set needs_check flag after aborting metadata
dm cache: Fix UAF in destroy()
dm thin: Fix UAF in run_timer_softirq()
dm thin: Use last transaction's pmd->root when commit failed
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
binfmt: Fix error return code in load_elf_fdpic_binary()
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
selftests: Use optional USERCFLAGS and USERLDFLAGS
ARM: ux500: do not directly dereference __iomem
ktest.pl minconfig: Unset configs instead of just removing them
* soc: qcom: Select REMAP_MMIO for LLCC driver
drivers/soc/qcom/Kconfig
media: stv0288: use explicitly signed char
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
md: fix a crash in mempool_free
* pnode: terminate at peers of source
fs/pnode.c
ALSA: line6: fix stack overflow in line6_midi_transmit
ALSA: line6: correct midi status byte when receiving data from podxt
* ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
fs/overlayfs/dir.c
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
* HID: plantronics: Additional PIDs for double volume key presses quirk
drivers/hid/hid-ids.h
drivers/hid/hid-plantronics.c
powerpc/rtas: avoid scheduling in rtas_os_term()
powerpc/rtas: avoid device tree lookups in rtas_os_term()
ata: ahci: Fix PCS quirk application for suspend
media: dvbdev: fix refcnt bug
* media: dvbdev: fix build warning due to comments
include/media/dvbdev.h
gcov: add support for checksum field
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
reiserfs: Add missing calls to reiserfs_security_free()
* HID: wacom: Ensure bootloader PID is usable in hidraw mode
drivers/hid/wacom_sys.c
drivers/hid/wacom_wac.c
drivers/hid/wacom_wac.h
* usb: dwc3: core: defer probe on ulpi_read_id timeout
drivers/usb/dwc3/core.c
* pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
fs/pstore/Kconfig
* pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
fs/pstore/pmsg.c
ASoC: rt5670: Remove unbalanced pm_runtime_put()
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
clk: st: Fix memory leak in st_of_quadfs_setup()
media: si470x: Fix use-after-free in si470x_int_in_callback()
mmc: f-sdh30: Add quirks for broken timeout clock capability
* regulator: core: fix use_count leakage when handling boot-on
drivers/regulator/core.c
* blk-mq: fix possible memleak when register 'hctx' failed
block/blk-mq-sysfs.c
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
* media: dvbdev: adopts refcnt to avoid UAF
include/media/dvbdev.h
media: dvb-frontends: fix leak of memory fw
* ppp: associate skb with a device at tx
drivers/net/ppp/ppp_generic.c
* mrp: introduce active flags to prevent UAF when applicant uninit
include/net/mrp.h
md/raid1: stop mdx_raid1 thread when raid1 array run failed
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
drm/sti: Use drm_mode_copy()
s390/lcs: Fix return type of lcs_start_xmit()
s390/netiucv: Fix return type of netiucv_tx()
s390/ctcm: Fix return type of ctc{mp,}m_tx()
drm/amdgpu: Fix type of second parameter in trans_msg() callback
igb: Do not free q_vector unless new one was allocated
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
* bpf: make sure skb->len != 0 when redirecting to a tunneling device
net/core/filter.c
ipmi: fix memleak when unload ipmi driver
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
wifi: ath9k: verify the expected usb_endpoints are present
hfs: fix OOB Read in __hfs_brec_find
acct: fix potential integer overflow in encode_comp_t()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
ACPICA: Fix error code path in acpi_ds_call_control_method()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbAllocAG
binfmt_misc: fix shift-out-of-bounds in check_special_flags
* net: stream: purge sk_error_queue in sk_stream_kill_queues()
net/core/stream.c
myri10ge: Fix an error handling path in myri10ge_probe()
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
* net_sched: reject TCF_EM_SIMPLE case for complex ematch module
net/sched/ematch.c
* skbuff: Account for tail adjustment during pull operations
net/core/skbuff.c
openvswitch: Fix flow lookup to use unmasked key
rtc: mxc_v2: Add missing clk_disable_unprepare()
r6040: Fix kmemleak in probe and remove
nfc: pn533: Clear nfc_target before being used
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
selftests/powerpc: Fix resource leaks
powerpc/hv-gpci: Fix hv_gpci event list
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/52xx: Fix a resource leak in an error handling path
macintosh/macio-adb: check the return value of ioremap()
macintosh: fix possible memory leak in macio_add_one_device()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
iommu/amd: Fix pci device refcount leak in ppr_notifier()
rtc: snvs: Allow a time difference on clock register read
* include/uapi/linux/swab: Fix potentially missing __always_inline
include/uapi/linux/swab.h
HSI: omap_ssi_core: Fix error handling in ssi_init()
perf symbol: correction while adjusting symbol
* power: supply: fix residue sysfs file in error handle route of __power_supply_register()
drivers/power/supply/power_supply_core.c
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
fbdev: vermilion: decrease reference count in error path
fbdev: via: Fix error in via_core_init()
fbdev: pm2fb: fix missing pci_disable_device()
* fbdev: ssd1307fb: Drop optional dependency
drivers/video/fbdev/Kconfig
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
tracing/hist: Fix issue of losting command info in error_log
usb: storage: Add check for kcalloc
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
vme: Fix error not catched in fake_init()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
staging: rtl8192u: Fix use after free in ieee80211_rx()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
* chardev: fix error handling in cdev_device_add()
fs/char_dev.c
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
drivers: mcb: fix resource leak in mcb_probe()
* usb: gadget: f_hid: fix refcount leak on error path
drivers/usb/gadget/function/f_hid.c
* usb: gadget: f_hid: fix f_hidg lifetime vs cdev
drivers/usb/gadget/function/f_hid.c
* usb: gadget: f_hid: optional SETUP/SET_REPORT mode
drivers/usb/gadget/function/f_hid.c
drivers/usb/gadget/function/u_hid.h
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
test_firmware: fix memory leak in test_firmware_init()
serial: sunsab: Fix error handling in sunsab_init()
serial: altera_uart: fix locking in polling mode
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
serial: pch: Fix PCI device refcount leak in pch_request_dma()
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: amba-pl011: avoid SBSA UART accessing DMACR register
* usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
drivers/usb/typec/bus.c
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: fotg210-udc: Fix ages old endianness issues
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
vfio: platform: Do not pass return buffer to ACPI _RST method
* class: fix possible memory leak in __class_register()
drivers/base/class.c
serial: tegra: Read DMA status before terminating
tty: serial: tegra: Activate RX DMA transfer by request
serial: tegra: Add PIO mode support
serial: tegra: report clk rate errors
serial: tegra: add support to adjust baud rate
serial: tegra: add support to use 8 bytes trigger
serial: tegra: set maximum num of uart ports to 8
serial: tegra: check for FIFO mode enabled status
serial: tegra: avoid reg access when clk disabled
drivers: dio: fix possible memory leak in dio_init()
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
hwrng: geode - Fix PCI device refcount leak
hwrng: amd - Fix PCI device refcount leak
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
orangefs: Fix sysfs not cleanup when dev init failed
RDMA/hfi1: Fix error return code in parse_platform_config()
scsi: snic: Fix possible UAF in snic_tgt_create()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
scsi: hpsa: use local workqueues instead of system workqueues
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/hfi: Decrease PCI device reference count in error path
* PCI: Check for alloc failure in pci_request_irq()
drivers/pci/irq.c
scsi: scsi_debug: Fix a warning in resp_write_scat()
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
* f2fs: fix normal discard process
fs/f2fs/segment.c
apparmor: Fix abi check to include v8 abi
apparmor: fix lockdep warning when removing a namespace
apparmor: fix a memleak in multi_transaction_new()
stmmac: fix potential division by 0
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
* Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
net/bluetooth/hci_core.c
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
net: lan9303: Fix read error execution path
net: amd-xgbe: Check only the minimum speed for active/passive cables
net: amd-xgbe: Fix logic around active and passive cables
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
* net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net/ipv4/udp_tunnel.c
net: farsync: Fix kmemleak when rmmods farsync
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
net: defxx: Fix missing err handling in dfx_init()
net: vmw_vsock: vmci: Check memcpy_from_msg()
clk: socfpga: use clk_hw_register for a5/c5
clk: socfpga: clk-pll: Remove unused variable 'rc'
* blktrace: Fix output non-blktrace event when blk_classic option enabled
kernel/trace/blktrace.c
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
rtl8xxxu: add enumeration for channel bandwidth
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
media: coda: Add check for kmalloc
media: coda: Add check for dcoda_iram_alloc
media: c8sectpfe: Add of_node_put() when breaking out of loop
mmc: mmci: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: moxart: fix return value check of mmc_add_host()
NFSv4.x: Fail client initialisation if state manager thread can't run
SUNRPC: Fix missing release socket in rpc_sockname()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
media: saa7164: fix missing pci_disable_device()
* regulator: core: fix module refcount leak in set_supply()
drivers/regulator/core.c
* wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
net/wireless/reg.c
* bonding: uninitialized variable in bond_miimon_inspect()
drivers/net/bonding/bond_main.c
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
ALSA: asihpi: fix missing pci_disable_device()
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
NFSv4.2: Fix a memory stomp in decode_attr_security_label
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
* pinctrl: pinconf-generic: add missing of_node_put()
drivers/pinctrl/pinconf-generic.c
media: imon: fix a race condition in send_packet()
drbd: remove call to memset before free device/resource/connection
mtd: maps: pxa2xx-flash: fix memory leak in probe
* bonding: Export skip slave logic to function
drivers/net/bonding/bond_main.c
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
* ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
include/uapi/sound/asequencer.h
HID: hid-sensor-custom: set fixed size for custom attributes
media: platform: exynos4-is: Fix error handling in fimc_md_init()
media: solo6x10: fix possible memory leak in solo_sysfs_init()
Input: elants_i2c - properly handle the reset GPIO when power is off
mtd: lpddr2_nvm: Fix possible null-ptr-deref
wifi: ath10k: Fix return value in ath10k_pci_init()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
* regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
drivers/regulator/core.c
ASoC: pxa: fix null-pointer dereference in filter()
drm/radeon: Add the missed acpi_put_table() to fix memory leak
* net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
include/linux/proc_fs.h
media: camss: Clean up received buffers on failed start of streaming
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
mtd: Fix device name leak when register device failed in add_mtd_device()
media: vivid: fix compose size exceed boundary
spi: Update reference to struct spi_controller
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: do not increase tx statistics when sending error message frames
media: i2c: ad5820: Fix error path
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
wifi: rtl8xxxu: Fix reading the vendor of combo chips
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
rapidio: devices: fix missing put_device in mport_cdev_open
hfs: Fix OOB Write in hfs_asc2mac
relay: fix type mismatch when allocating memory in relay_create_buf()
* eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
include/linux/eventfd.h
rapidio: fix possible UAF when kfifo_alloc() fails
fs: sysv: Fix sysv_nblocks() returns wrong value
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
* PM: runtime: Do not call __rpm_callback() from rpm_idle()
drivers/base/power/runtime.c
* PM: runtime: Improve path in rpm_idle() when no callback
drivers/base/power/runtime.c
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
x86/xen: Fix memory leak in xen_init_lock_cpu()
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
xen/events: only register debug interrupt for 2-level events
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
rapidio: rio: fix possible name leak in rio_register_mport()
rapidio: fix possible name leaks when rio_add_device() fails
* debugfs: fix error when writing negative value to atomic_t debugfs file
fs/debugfs/file.c
include/linux/debugfs.h
lib/notifier-error-inject: fix error when writing -errno to debugfs file
* libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
fs/libfs.c
include/linux/fs.h
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
PNP: fix name memory leak in pnp_alloc_dev()
MIPS: vpe-cmp: fix possible memory leak while module exiting
MIPS: vpe-mt: fix possible memory leak while module exiting
ocfs2: fix memory leak in ocfs2_stack_glue_init()
proc: fixup uptime selftest
* timerqueue: Use rb_entry_safe() in timerqueue_getnext()
include/linux/timerqueue.h
* perf: Fix possible memleak in pmu_dev_alloc()
kernel/events/core.c
selftests/ftrace: event_triggers: wait longer for test_event_enable
* fs: don't audit the capability check in simple_xattr_list()
fs/xattr.c
alpha: fix syscall entry in !AUDUT_SYSCALL case
* cpuidle: dt: Return the correct numbers of parsed idle states
drivers/cpuidle/dt_idle_states.c
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
* pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
fs/pstore/ram_core.c
ARM: mmp: fix timer_read delay
* pstore/ram: Fix error return code in ramoops_probe()
fs/pstore/ram.c
ARM: dts: turris-omnia: Add switch port 6 node
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
arm: dts: spear600: Fix clcd interrupt
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
ARM: dts: qcom: apq8064: fix coresight compatible
usb: musb: remove extra check in musb_gadget_vbus_draw
* net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
drivers/net/loopback.c
* Bluetooth: L2CAP: Fix u8 overflow
net/bluetooth/l2cap_core.c
igb: Initialize mailbox message for VF reset
USB: serial: f81534: fix division by zero on line-speed change
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
USB: serial: option: add Quectel EM05-G modem
usb: gadget: uvc: Prevent buffer overflow in setup handler
udf: Fix extending file within last block
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix preallocation discarding at indirect extent boundary
udf: Discard preallocation before extending file with a hole
perf script python: Remove explicit shebang from tests/attr.c
* ASoC: ops: Correct bounds check for second channel on SX controls
sound/soc/soc-ops.c
can: mcba_usb: Fix termination command argument
* can: sja1000: fix size of OCR_MODE_MASK define
include/linux/can/platform/sja1000.h
pinctrl: meditatek: Startup with the IRQs disabled
* ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
sound/soc/soc-ops.c
nfp: fix use-after-free in area_cache_get()
* block: unhash blkdev part inode when the part is deleted
block/partition-generic.c
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
* mm/khugepaged: fix GUP-fast interaction by sending IPI
include/asm-generic/tlb.h
mm/memory.c
ANDROID: Add more hvc devices for virtio-console.
ANDROID: Add allowed symbols required from Qualcomm drivers
* BACKPORT: lib: introduce copy_struct_from_user() helper
include/linux/bitops.h
include/linux/uaccess.h
lib/strnlen_user.c
lib/usercopy.c
* ANDROID: fix BIT() redefinition
include/linux/bits.h
include/vdso/bits.h
Bug: 268137599
Change-Id: I1ae5c7cfdd0387ced375d87341327c27bd3ae454
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Minsuk Kang
|
321db5131c |
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
[ Upstream commit 9dab880d675b9d0dd56c6428e4e8352a3339371d ]
Fix a use-after-free that occurs in hcd when in_urb sent from
pn533_usb_send_frame() is completed earlier than out_urb. Its callback
frees the skb data in pn533_send_async_complete() that is used as a
transfer buffer of out_urb. Wait before sending in_urb until the
callback of out_urb is called. To modify the callback of out_urb alone,
separate the complete function of out_urb and ack_urb.
Found by a modified version of syzkaller.
BUG: KASAN: use-after-free in dummy_timer
Call Trace:
memcpy (mm/kasan/shadow.c:65)
dummy_perform_transfer (drivers/usb/gadget/udc/dummy_hcd.c:1352)
transfer (drivers/usb/gadget/udc/dummy_hcd.c:1453)
dummy_timer (drivers/usb/gadget/udc/dummy_hcd.c:1972)
arch_static_branch (arch/x86/include/asm/jump_label.h:27)
static_key_false (include/linux/jump_label.h:207)
timer_expire_exit (include/trace/events/timer.h:127)
call_timer_fn (kernel/time/timer.c:1475)
expire_timers (kernel/time/timer.c:1519)
__run_timers (kernel/time/timer.c:1790)
run_timer_softirq (kernel/time/timer.c:1803)
Fixes:
|
||
|
Minsuk Kang
|
bef2f47851 |
nfc: pn533: Clear nfc_target before being used
[ Upstream commit 9f28157778ede0d4f183f7ab3b46995bb400abbe ] Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call Trace: memcpy nla_put nfc_genl_dump_targets genl_lock_dumpit netlink_dump __netlink_dump_start genl_family_rcv_msg_dumpit genl_rcv_msg netlink_rcv_skb genl_rcv netlink_unicast netlink_sendmsg sock_sendmsg ____sys_sendmsg ___sys_sendmsg __sys_sendmsg do_syscall_64 Fixes: |
||
|
Wilson Sung
|
9935a3fd79 |
Merge android-4.19-stable (4.19.269) into android-msm-pixel-4.19-lts
Merge 4.19.269 into android-4.19-stable
Linux 4.19.269
can: esd_usb: Allow REC and TEC to return to zero
net: mvneta: Fix an out of bounds check
* ipv6: avoid use-after-free in ip6_fragment()
net/ipv6/ip6_output.c
net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
xen/netback: fix build warning
ethernet: aeroflex: fix potential skb leak in greth_init_rings()
* tipc: Fix potential OOB in tipc_link_proto_rcv()
net/tipc/link.c
net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
net: stmmac: fix "snps,axi-config" node property parsing
nvme initialize core quirks before calling nvme_init_subsystem
NFC: nci: Bounds check struct nfc_target arrays
i40e: Disallow ip4 and ip6 l4_4_bytes
i40e: Fix for VF MAC address 0
i40e: Fix not setting default xps_cpus after reset
net: mvneta: Prevent out of bounds read in mvneta_config_rss()
xen-netfront: Fix NULL sring after live migration
net: encx24j600: Fix invalid logic in reading of MISTAT register
net: encx24j600: Add parentheses to fix precedence
mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
* Bluetooth: Fix not cleanup led when bt_init fails
net/bluetooth/af_bluetooth.c
Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
igb: Allocate MSI-X vector when testing
e1000e: Fix TX dispatch condition
gpio: amd8111: Fix PCI device reference count leak
ca8210: Fix crash by zero initializing data
ieee802154: cc2520: Fix error return code in cc2520_hw_init()
* HID: core: fix shift-out-of-bounds in hid_report_raw_event
drivers/hid/hid-core.c
HID: hid-lg4ff: Add check for empty lbuf
KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
* memcg: fix possible use-after-free in memcg_write_event_control()
include/linux/cgroup.h
kernel/cgroup/cgroup-internal.h
mm/memcontrol.c
* media: v4l2-dv-timings.c: fix too strict blanking sanity checks
drivers/media/v4l2-core/v4l2-dv-timings.c
rcutorture: Automatically create initrd directory
xen/netback: don't call kfree_skb() with interrupts disabled
xen/netback: do some code cleanup
xen/netback: Ensure protocol headers don't fall in the non-linear area
net: usb: qmi_wwan: add u-blox 0x1342 composition
9p/xen: check logical size for buffer size
fbcon: Use kzalloc() in fbcon_prepare_logo()
regulator: twl6030: fix get status of twl6032 regulators
* ASoC: soc-pcm: Add NULL check in BE reparenting
sound/soc/soc-pcm.c
ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
9p/fd: Use P9_HDRSZ for header size
ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
ARM: dts: rockchip: fix ir-receiver node names
arm: dts: rockchip: fix node name for hym8563 rtc
ANDROID: Add allowed symbols required from Qualcomm drivers
Merge 4.19.268 into android-4.19-stable
Linux 4.19.268
ipc/sem: Fix dangling sem_array access in semtimedop race
mmc: sdhci: Fix voltage switch delay
mmc: sdhci: use FIELD_GET for preset value bit masks
x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
* Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
net/bluetooth/l2cap_core.c
x86/pm: Add enumeration check before spec MSRs save/restore setup
x86/tsx: Add a feature bit for TSX control MSR support
nvme: restrict management ioctls to admin
* tcp/udp: Fix memory leak in ipv6_renew_options().
net/ipv6/ipv6_sockglue.c
* Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
lib/Kconfig.debug
* parisc: Increase FRAME_WARN to 2048 bytes on parisc
lib/Kconfig.debug
* xtensa: increase size of gcc stack frame check
lib/Kconfig.debug
* parisc: Increase size of gcc stack frame check
lib/Kconfig.debug
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
pinctrl: single: Fix potential division by zero
* ASoC: ops: Fix bounds check for _sx controls
sound/soc/soc-ops.c
* mm: Fix '.data.once' orphan section warning
include/linux/mmdebug.h
* arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
arch/arm64/kernel/cpu_errata.c
* arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
arch/arm64/kernel/cpu_errata.c
pinctrl: intel: Save and restore pins in "direct IRQ" mode
x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
* error-injection: Add prompt for function error injection
lib/Kconfig.debug
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
hwmon: (coretemp) Check for null before removing sysfs attrs
net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
* packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
net/packet/af_packet.c
* net: tun: Fix use-after-free in tun_detach()
drivers/net/tun.c
net: hsr: Fix potential use-after-free
dsa: lan9303: Correct stat name
net/9p: Fix a potential socket leak in p9_socket_open
net: net_netdev: Fix error handling in ntb_netdev_init_module()
* net: phy: fix null-ptr-deref while probe() failed
drivers/net/phy/phy_device.c
qlcnic: fix sleep-in-atomic-context bugs caused by msleep
can: cc770: cc770_isa_probe(): add missing free_cc770dev()
can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
net/mlx5: Fix uninitialized variable bug in outlen_write()
* of: property: decrement node refcount in of_fwnode_get_reference_args()
drivers/of/property.c
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
hwmon: (i5500_temp) fix missing pci_disable_device()
scripts/faddr2line: Fix regression in name resolution on ppc64le
* iio: light: rpr0521: add missing Kconfig dependencies
drivers/iio/light/Kconfig
iio: health:
|
||
|
Wilson Sung
|
05a5973ef4 |
Merge android-4.19-stable (4.19.266) into android-msm-pixel-4.19-lts
Merge 4.19.266 into android-4.19-stable
Linux 4.19.266
x86/speculation: Add RSB VM Exit protections
x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
x86/speculation: Disable RRSBA behavior
x86/bugs: Add Cannon lake to RETBleed affected CPU list
x86/cpu/amd: Enumerate BTC_NO
x86/common: Stamp out the stepping madness
x86/speculation: Fill RSB on vmexit for IBRS
KVM: VMX: Fix IBRS handling after vmexit
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
x86/speculation: Remove x86_spec_ctrl_mask
x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
x86/speculation: Fix SPEC_CTRL write on SMT state change
x86/speculation: Fix firmware entry SPEC_CTRL handling
x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
intel_idle: Disable IBRS during long idle
x86/bugs: Report Intel retbleed vulnerability
x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
x86/bugs: Optimize SPEC_CTRL MSR writes
x86/entry: Add kernel IBRS implementation
x86/entry: Remove skip_r11rcx
x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
x86/bugs: Add AMD retbleed= boot parameter
* x86/bugs: Report AMD retbleed vulnerability
drivers/base/cpu.c
include/linux/cpu.h
x86/cpufeatures: Move RETPOLINE flags to word 11
* x86/cpu: Add a steppings field to struct x86_cpu_id
include/linux/kvm_host.h
include/linux/mod_devicetable.h
x86/cpu: Add consistent CPU match macros
* x86/devicetable: Move x86 specific macro out of generic code
include/linux/mod_devicetable.h
x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header
x86/cpufeature: Add facility to check for min microcode revisions
* Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
include/linux/mod_devicetable.h
Revert "x86/speculation: Add RSB VM Exit protections"
* ANDROID: preserve CRC for some DRM functions
include/linux/bits.h
* Revert "tcp/udp: Make early_demux back namespacified."
include/net/protocol.h
include/net/tcp.h
include/net/udp.h
net/ipv4/af_inet.c
net/ipv4/ip_input.c
net/ipv4/sysctl_net_ipv4.c
net/ipv6/ip6_input.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
Merge 4.19.265 into android-4.19-stable
Linux 4.19.265
wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
* linux/bits.h: make BIT(), GENMASK(), and friends available in assembly
include/linux/bits.h
KVM: x86: emulator: update the emulation mode after CR0 write
KVM: x86: emulator: introduce emulator_recalc_and_set_mode
KVM: x86: emulator: em_sysexit should update ctxt->mode
KVM: x86: Mask off reserved bits in CPUID.80000008H
* ext4: fix warning in 'ext4_da_release_space'
fs/ext4/migrate.c
parisc: Avoid printing the hardware path twice
parisc: Export iosapic_serial_irq() symbol for serial port driver
* parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
drivers/tty/serial/8250/Kconfig
* efi: random: reduce seed size to 32 bytes
include/linux/efi.h
* ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
sound/usb/quirks-table.h
sound/usb/quirks.c
* capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
security/commoncap.c
tracing/histogram: Update document for KEYS_MAX size
kprobe: reverse kp->flags when arm_kprobe failed
* tcp/udp: Make early_demux back namespacified.
include/net/protocol.h
include/net/tcp.h
include/net/udp.h
net/ipv4/af_inet.c
net/ipv4/ip_input.c
net/ipv4/sysctl_net_ipv4.c
net/ipv6/ip6_input.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
btrfs: fix type of parameter generation in btrfs_get_dentry
block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
* Bluetooth: L2CAP: Fix attempting to access uninitialized memory
net/bluetooth/l2cap_core.c
i2c: xiic: Add platform module alias
* HID: saitek: add madcatz variant of MMO7 mouse device ID
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
media: dvb-frontends/drxk: initialize err to 0
media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
* ipv6: fix WARNING in ip6_route_net_exit_late()
net/ipv6/route.c
* net, neigh: Fix null-ptr-deref in neigh_table_clear()
net/core/neighbour.c
* net: mdio: fix undefined behavior in bit shift for __mdiobus_register
drivers/net/phy/mdio_bus.c
* Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
net/bluetooth/l2cap_core.c
* Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
net/bluetooth/l2cap_core.c
btrfs: fix ulist leaks in error paths of qgroup self tests
btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
isdn: mISDN: netjet: fix wrong check of device registration
mISDN: fix possible memory leak in mISDN_register_device()
rose: Fix NULL pointer dereference in rose_send_frame()
ipvs: fix WARNING in ip_vs_app_net_cleanup()
ipvs: fix WARNING in __ip_vs_cleanup_batch()
ipvs: use explicitly signed chars
* net: tun: fix bugs for oversize packet when napi frags enabled
drivers/net/tun.c
net: sched: Fix use after free in red_enqueue()
ata: pata_legacy: fix pdc20230_set_piomode()
net: fec: fix improper use of NETDEV_TX_BUSY
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
net: dsa: Fix possible memory leaks in dsa_loop_init()
nfs4: Fix kmemleak when allocate slot failed
NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
BACKPORT: ARM: 9039/1: assembler: generalize byte swapping macro into rev_l
BACKPORT: ARM: 9035/1: uncompress: Add be32tocpu macro
Merge 4.19.264 into android-4.19-stable
Linux 4.19.264
can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
net/mlx5e: Do not increment ESN when updating IPsec ESN state
net: ehea: fix possible memory leak in ehea_register_port()
openvswitch: switch from WARN to pr_warn
ALSA: aoa: Fix I2S device accounting
ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
* PM: domains: Fix handling of unavailable/disabled idle states
drivers/base/power/domain.c
net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
i40e: Fix flow-type by setting GL_HASH_INSET registers
i40e: Fix VF hang when reset is triggered on another VF
i40e: Fix ethtool rx-flow-hash setting for X722
* media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
include/uapi/linux/videodev2.h
* media: v4l2-dv-timings: add sanity checks for blanking values
drivers/media/v4l2-core/v4l2-dv-timings.c
media: vivid: dev->bitmap_cap wasn't freed in all cases
media: vivid: s_fbuf: add more sanity checks
PM: hibernate: Allow hybrid sleep to work with s2idle
can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
* tcp: fix indefinite deferral of RTO with SACK reneging
net/ipv4/tcp_input.c
net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
* net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed
net/core/net_namespace.c
kcm: annotate data-races around kcm->rx_wait
kcm: annotate data-races around kcm->rx_psock
amd-xgbe: add the bit rate quirk for Molex cables
amd-xgbe: fix the SFP compliance codes check for DAC cables
x86/unwind/orc: Fix unreliable stack dump with gcov
net: netsec: fix error handling in netsec_register_mdio()
* tipc: fix a null-ptr-deref in tipc_topsrv_accept
net/tipc/topsrv.c
ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
arc: iounmap() arg is volatile
drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
net: ieee802154: fix error return code in dgram_bind()
mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
xen/gntdev: Prevent leaking grants
Xen/gntdev: don't ignore kernel unmapping error
s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
perf auxtrace: Fix address filter symbol name match for modules
* kernfs: fix use-after-free in __kernfs_remove
fs/kernfs/dir.c
mmc: core: Fix kernel panic when remove non-standard SDIO card
drm/msm/hdmi: fix memory corruption with too many bridges
drm/msm/dsi: fix memory corruption with too many bridges
mac802154: Fix LQI recording
fbdev: smscufx: Fix several use-after-free bugs
iio: light: tsl2583: Fix module unloading
tools: iio: iio_utils: fix digit calculation
* xhci: Remove device endpoints from bandwidth list when freeing the device
drivers/usb/host/xhci-mem.c
* usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
drivers/usb/host/xhci-pci.c
usb: bdc: change state when port disconnected
* usb: dwc3: gadget: Don't set IMI for no_interrupt
drivers/usb/dwc3/gadget.c
* usb: dwc3: gadget: Stop processing more requests on IMI
drivers/usb/dwc3/gadget.c
* USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
drivers/usb/core/quirks.c
ALSA: au88x0: use explicitly signed char
ALSA: Use del_timer_sync() before freeing timer
can: kvaser_usb: Fix possible completions during init_completion
* mm: /proc/pid/smaps_rollup: fix no vma's null-deref
fs/proc/task_mmu.c
hv_netvsc: Fix race between VF offering and VF association message from host
* Makefile.debug: re-enable debug info for .S files
Makefile
ACPI: video: Force backlight native for more TongFang devices
* media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
drivers/media/v4l2-core/v4l2-mem2mem.c
iommu/vt-d: Clean up si_domain in the init_dmars() error path
net: hns: fix possible memory leak in hnae_ae_register()
net: sched: cake: fix null pointer access issue when cake_init() fails
net/atm: fix proc_mpc_write incorrect return value
* HID: magicmouse: Do not set BTN_MOUSE on double report
drivers/hid/hid-magicmouse.c
* tipc: fix an information leak in tipc_topsrv_kern_subscr
net/tipc/topsrv.c
* tipc: Fix recognition of trial period
net/tipc/discover.c
ACPI: extlog: Handle multiple records
btrfs: fix processing of delayed tree block refs during backref walking
btrfs: fix processing of delayed data refs during backref walking
* r8152: add PID for the Lenovo OneLink+ Dock
drivers/net/usb/cdc_ether.c
drivers/net/usb/r8152.c
* arm64: errata: Remove AES hwcap for COMPAT tasks
arch/arm64/Kconfig
arch/arm64/include/asm/cpucaps.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/cpufeature.c
media: venus: dec: Handle the case where find_format fails
KVM: arm64: vgic: Fix exit condition in scan_its_table()
ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
ata: ahci-imx: Fix MODULE_ALIAS
hwmon/coretemp: Handle large core ID value
x86/microcode/AMD: Apply the patch early on every logical thread
ocfs2: fix BUG when iput after ocfs2_mknod fails
ocfs2: clear dinode links count in case of error
Merge 4.19.263 into android-4.19-stable
* UPSTREAM: once: fix section mismatch on clang builds
include/linux/once.h
Revert "serial: 8250: Fix restoring termios speed after suspend"
UPSTREAM: ARM: 8788/1: ftrace: remove old mcount support
Linux 4.19.263
* once: fix section mismatch on clang builds
include/linux/once.h
Merge 4.19.262 into android-4.19-stable
Linux 4.19.262
gcov: support GCC 12.1 and newer compilers
thermal: intel_powerclamp: Use first online CPU as control_cpu
* inet: fully convert sk->sk_rx_dst to RCU rules
include/net/sock.h
net/ipv4/af_inet.c
net/ipv4/tcp.c
net/ipv4/tcp_input.c
net/ipv4/tcp_ipv4.c
net/ipv4/udp.c
net/ipv6/tcp_ipv6.c
net/ipv6/udp.c
efi: libstub: drop pointless get_memory_map() call
md: Replace snprintf with scnprintf
* ext4: continue to expand file system when the target size doesn't reach
fs/ext4/resize.c
net/ieee802154: don't warn zero-sized raw_sendmsg()
* net: ieee802154: return -EINVAL for unknown addr type
include/net/ieee802154_netdev.h
perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc
clk: bcm2835: Make peripheral PLLC critical
usb: idmouse: fix an uninit-value in idmouse_open
nvme: copy firmware_rev on each init
* Revert "usb: storage: Add quirk for Samsung Fit flash"
drivers/usb/storage/unusual_devs.h
usb: musb: Fix musb_gadget.c rxstate overflow bug
* usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info()
drivers/usb/host/xhci-mem.c
md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d
HID: roccat: Fix use-after-free in roccat_read()
ata: libahci_platform: Sanity check the DT child nodes number
staging: vt6655: fix potential memory leak
power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type()
nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
scsi: 3w-9xxx: Avoid disabling device if failing to enable it
media: cx88: Fix a null-ptr-deref bug in buffer_prepare()
ARM: dts: imx6sx: add missing properties for sram
ARM: dts: imx6sll: add missing properties for sram
ARM: dts: imx6sl: add missing properties for sram
ARM: dts: imx6qp: add missing properties for sram
ARM: dts: imx6dl: add missing properties for sram
ARM: dts: imx6q: add missing properties for sram
ARM: dts: imx7d-sdb: config the max pressure for tsc2046
drm/amdgpu: fix initial connector audio value
platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading
* drm: panel-orientation-quirks: Add quirk for Anbernic Win600
drivers/gpu/drm/drm_panel_orientation_quirks.c
drm/vc4: vec: Fix timings for VEC modes
drm/amd/display: fix overflow on MIN_I64 definition
* drm: Prevent drm_copy_field() to attempt copying a NULL pointer
drivers/gpu/drm/drm_ioctl.c
* drm: Use size_t type for len variable in drm_copy_field()
drivers/gpu/drm/drm_ioctl.c
* r8152: Rate limit overflow messages
drivers/net/usb/r8152.c
* Bluetooth: L2CAP: Fix user-after-free
net/bluetooth/l2cap_core.c
* net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory
net/core/stream.c
wifi: rt2x00: correctly set BBP register 86 for MT7620
wifi: rt2x00: set SoC wmac clock register
wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620
wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620
can: bcm: check the result of can_send() in bcm_can_tx()
* Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times
net/bluetooth/hci_sysfs.c
* Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()
net/bluetooth/l2cap_core.c
wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
* xfrm: Update ipcomp_scratches with NULL when freed
net/xfrm/xfrm_ipcomp.c
wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg()
* tcp: annotate data-race around tcp_md5sig_pool_populated
net/ipv4/tcp.c
openvswitch: Fix overreporting of drops in dropwatch
openvswitch: Fix double reporting of drops in dropwatch
wifi: brcmfmac: fix invalid address access when enabling SCAN log level
NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data
thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash
powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue
MIPS: BCM47XX: Cast memcmp() of function to (void *)
ACPI: video: Add Toshiba Satellite/Portege Z830 quirk
* f2fs: fix race condition on setting FI_NO_EXTENT flag
fs/f2fs/extent_cache.c
crypto: cavium - prevent integer overflow loading firmware
* iommu/iova: Fix module config properly
include/linux/iova.h
iommu/omap: Fix buffer overflow in debugfs
powerpc: Fix SPE Power ISA properties for e500v1 platforms
powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5
x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
powerpc/powernv: add missing of_node_put() in opal_export_attrs()
powerpc/pci_dn: Add missing of_node_put()
powerpc/sysdev/fsl_msi: Add missing of_node_put()
powerpc/math_emu/efp: Include module.h
mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg
clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe
clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration
* spmi: pmic-arb: correct duplicate APID to PPID mapping logic
drivers/spmi/spmi-pmic-arb.c
dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup()
mfd: sm501: Add check for platform_driver_register()
mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init()
mfd: lp8788: Fix an error handling path in lp8788_probe()
mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq()
mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe()
fsi: core: Check error number after calling ida_simple_get
serial: 8250: Fix restoring termios speed after suspend
firmware: google: Test spinlock on panic path to avoid lockups
staging: vt6655: fix some erroneous memory clean-up loops
phy: qualcomm: call clk_disable_unprepare in the error handling
drivers: serial: jsm: fix some leaks in probe
usb: gadget: function: fix dangling pnp_string in f_printer.c
* xhci: Don't show warning for reinit on known broken suspend
drivers/usb/host/xhci.c
md/raid5: Ensure stripe_fill happens on non-read IO with journal
* ata: fix ata_id_has_dipm()
include/linux/ata.h
* ata: fix ata_id_has_ncq_autosense()
include/linux/ata.h
* ata: fix ata_id_has_devslp()
include/linux/ata.h
* ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting()
include/linux/ata.h
mtd: devices: docg3: check the return value of devm_ioremap() in the probe
dyndbg: let query-modname override actual module name
* dyndbg: fix module.dyndbg handling
include/linux/dynamic_debug.h
RDMA/rxe: Fix the error caused by qp->sk
RDMA/rxe: Fix "kernel NULL pointer dereference" error
media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init
tty: xilinx_uartps: Fix the ignore_status
media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop
HSI: omap_ssi_port: Fix dma_map_sg error check
HSI: omap_ssi: Fix refcount leak in ssi_probe
clk: tegra20: Fix refcount leak in tegra20_clock_init
clk: tegra: Fix refcount leak in tegra114_clock_init
clk: tegra: Fix refcount leak in tegra210_clock_init
clk: berlin: Add of_node_put() for of_get_parent()
clk: oxnas: Hold reference returned by of_get_parent()
iio: ABI: Fix wrong format of differential capacitance channel ABI.
* iio: inkern: only release the device node when done with it
drivers/iio/inkern.c
iio: adc: at91-sama5d2_adc: check return status for pressure and touch
iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX
ARM: dts: exynos: fix polarity of VBUS GPIO of Origen
ARM: Drop CMDLINE_* dependency on ATAGS
ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family
ARM: dts: kirkwood: lsxl: remove first ethernet port
ARM: dts: kirkwood: lsxl: fix serial line
ARM: dts: turris-omnia: Fix mpp26 pin name and comment
* soc: qcom: smem_state: Add refcounting for the 'state->of_node'
drivers/soc/qcom/smem_state.c
soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe()
memory: of: Fix refcount leak bug in of_get_ddr_timings()
ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe
ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe
ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe
mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe()
ALSA: dmaengine: increment buffer pointer atomically
drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx
ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API
mmc: au1xmmc: Fix an error handling path in au1xmmc_probe()
drm/bridge: megachips: Fix a null pointer dereference bug
platform/x86: msi-laptop: Fix resource cleanup
platform/x86: msi-laptop: Fix old-ec check for backlight registering
platform/chrome: fix double-free in chromeos_laptop_prepare()
* drm/mipi-dsi: Detach devices when removing the host
drivers/gpu/drm/drm_mipi_dsi.c
drm: bridge: adv7511: fix CEC power down control register offset
net: mvpp2: fix mvpp2 debugfs leak
* once: add DO_ONCE_SLOW() for sleepable contexts
include/linux/once.h
lib/once.c
net/ipv4/inet_hashtables.c
bnx2x: fix potential memory leak in bnx2x_tpa_stop()
net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks()
* tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited
include/linux/tcp.h
include/net/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_output.c
* sctp: handle the error returned from sctp_auth_asoc_init_active_key
net/sctp/auth.c
mISDN: fix use-after-free bugs in l1oip timer handlers
vhost/vsock: Use kvmalloc/kvfree for larger packets.
spi: s3c64xx: Fix large transfers with DMA
netfilter: nft_fib: Fix for rpath check with VRF devices
spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe
* bpf: Ensure correct locking around vulnerable function find_vpid()
kernel/bpf/syscall.c
net: fs_enet: Fix wrong check in do_pd_setup
wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration
* bpf: btf: fix truncated last_member_type_id in btf_struct_resolve
kernel/bpf/btf.c
wifi: rtl8xxxu: Fix skb misuse in TX queue selection
spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime()
spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume()
wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse()
spi: mt7621: Fix an error message in mt7621_spi_probe()
bpftool: Fix a wrong type cast in btf_dumper_int
wifi: mac80211: allow bw change during channel switch in mesh
wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state()
sh: machvec: Use char[] for section boundaries
selinux: use "grep -E" instead of "egrep"
KVM: nVMX: Unconditionally purge queued/injected events on nested "exit"
KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility
* ring-buffer: Fix race between reset page and reading page
kernel/trace/ring_buffer.c
* ring-buffer: Check pending waiters when doing wake ups as well
kernel/trace/ring_buffer.c
* ring-buffer: Allow splice to read previous partially read pages
kernel/trace/ring_buffer.c
ftrace: Properly unset FTRACE_HASH_FL_MOD
livepatch: fix race between fork and KLP transition
* ext4: place buffer head allocation before handle start
fs/ext4/inode.c
* ext4: make ext4_lazyinit_thread freezable
fs/ext4/super.c
* ext4: fix null-ptr-deref in ext4_write_info
fs/ext4/super.c
* ext4: avoid crash when inline data creation follows DIO write
fs/ext4/file.c
nilfs2: fix use-after-free bug of struct nilfs_root
riscv: fix build with binutils 2.38
btrfs: fix race between quota enable and quota rescan ioctl
fbdev: smscufx: Fix use-after-free in ufx_ops_open()
* PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
drivers/pci/setup-res.c
UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
riscv: Allow PROT_WRITE-only mmap()
parisc: fbdev/stifb: Align graphics memory size to 4MB
* Revert "fs: check FMODE_LSEEK to control internal pipe splicing"
fs/splice.c
regulator: qcom_rpm: Fix circular deferral regression
* quota: Check next/prev free block number after reading from quota file
fs/quota/quota_tree.c
* HID: multitouch: Add memory barriers
drivers/hid/hid-multitouch.c
fs: dlm: handle -EBUSY first in lock arg validation
fs: dlm: fix race between test_bit() and queue_work()
can: kvaser_usb_leaf: Fix CAN state after restart
can: kvaser_usb_leaf: Fix TX queue out of sync after restart
can: kvaser_usb_leaf: Fix overread with an invalid command
can: kvaser_usb: Fix use of uninitialized completion
* usb: add quirks for Lenovo OneLink+ Dock
drivers/usb/core/quirks.c
iio: dac: ad5593r: Fix i2c read protocol requirements
mtd: rawnand: atmel: Unmap streaming DMA mappings
ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530
* ALSA: usb-audio: Fix NULL dererence at error path
sound/usb/endpoint.c
* ALSA: usb-audio: Fix potential memory leaks
sound/usb/endpoint.c
* ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free()
sound/core/rawmidi.c
ALSA: oss: Fix potential deadlock at unregistration
* Input: xpad - fix wireless 360 controller breaking after suspend
drivers/input/joystick/xpad.c
* Input: xpad - add supported devices as contributed on github
drivers/input/joystick/xpad.c
wifi: mac80211_hwsim: avoid mac80211 warning on bad rate
* random: use expired timer rather than wq for mixing fast pool
drivers/char/random.c
* random: avoid reading two cache lines on irq randomness
drivers/char/random.c
* random: restore O_NONBLOCK support
drivers/char/mem.c
drivers/char/random.c
USB: serial: qcserial: add new usb-id for Dell branded EM7455
* scsi: stex: Properly zero out the passthrough command structure
include/scsi/scsi_cmnd.h
ALSA: hda: Fix position reporting on Poulsbo
* random: clamp credited irq bits to maximum mixed
drivers/char/random.c
ceph: don't truncate file in atomic_open
nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure
nilfs2: fix leak of nilfs_root in case of writer thread creation failure
nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
* rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
drivers/rpmsg/qcom_glink_native.c
mmc: core: Terminate infinite loop in SD-UHS voltage switch
mmc: core: Replace with already defined values for readability
USB: serial: ftdi_sio: fix 300 bps rate for SIO
usb: mon: make mmapped memory read only
um: Cleanup compiler warning in arch/x86/um/tls_32.c
um: Cleanup syscall_handler_t cast in syscalls_32.h
* net/ieee802154: fix uninit value bug in dgram_sendmsg
include/net/ieee802154_netdev.h
scsi: qedf: Fix a UAF bug in __qedf_probe()
ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer
dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure
dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property
firmware: arm_scmi: Add SCMI PM driver remove routine
* fs: fix UAF/GPF bug in nilfs_mdt_destroy
fs/inode.c
ARM: fix function graph tracer and unwinder dependencies
docs: update mediator information in CoC docs
* Makefile.extrawarn: Move -Wcast-function-type-strict to W=1
scripts/Makefile.extrawarn
* BACKPORT: arm64: compat: vdso: Use legacy syscalls as fallback
arch/arm64/include/asm/vdso/compat_gettimeofday.h
ANDROID: Drop explicit 'CONFIG_INIT_STACK_ALL_ZERO=y' from gki_defconfig
* UPSTREAM: hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero
Makefile
security/Kconfig.hardening
* UPSTREAM: hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO
Makefile
security/Kconfig.hardening
* UPSTREAM: hardening: Clarify Kconfig text for auto-var-init
security/Kconfig.hardening
* ANDROID: Fix kenelci build-break for !CONFIG_PERF_EVENTS
kernel/cpu.c
* UPSTREAM: f2fs: guarantee to write dirty data when enabling checkpoint back
fs/f2fs/file.c
fs/f2fs/super.c
Bug: 260299968
Change-Id: I609eaa63e46c0600536923fa7da78ef66f5db237
Signed-off-by: Wilson Sung <wilsonsung@google.com>
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Martin Faltesek
|
cbbad86ebc |
nfc: st-nci: fix memory leaks in EVT_TRANSACTION
[ Upstream commit 440f2ae9c9f06e26f5dcea697a53717fc61a318c ]
Error path does not free previously allocated memory. Add devm_kfree() to
the failure path.
Reported-by: Denis Efremov <denis.e.efremov@oracle.com>
Reviewed-by: Guenter Roeck <groeck@google.com>
Fixes:
|
||
|
Martin Faltesek
|
f4e1301a44 |
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
[ Upstream commit c60c152230828825c06e62a8f1ce956d4b659266 ]
The first validation check for EVT_TRANSACTION has two different checks
tied together with logical AND. One is a check for minimum packet length,
and the other is for a valid aid_tag. If either condition is true (fails),
then an error should be triggered. The fix is to change && to ||.
Reported-by: Denis Efremov <denis.e.efremov@oracle.com>
Reviewed-by: Guenter Roeck <groeck@google.com>
Fixes:
|
||
|
Shang XiaoJing
|
c8e7d4a116 |
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
[ Upstream commit 93d904a734a74c54d945a9884b4962977f1176cd ]
nfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb
should be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send()
will only free skb when i2c_master_send() return >=0, which means skb
will memleak when i2c_master_send() failed. Free skb no matter whether
i2c_master_send() succeeds.
Fixes:
|
||
|
Shang XiaoJing
|
2bab25301e |
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
[ Upstream commit 3a146b7e3099dc7cf3114f627d9b79291e2d2203 ]
s3fwrn5_nci_send() will call s3fwrn5_i2c_write() or s3fwrn82_uart_write(),
and free the skb if write() failed. However, even if the write() run
succeeds, the skb will not be freed in write(). As the result, the skb
will memleak. s3fwrn5_nci_send() should also free the skb when write()
succeeds.
Fixes:
|
||
|
Lucas Wei
|
23892fa532 |
Merge android-4.19-stable (4.19.255) into android-msm-pixel-4.19-lts
Merge 4.19.255 into android-4.19-stable
Linux 4.19.255
x86/speculation: Add LFENCE to RSB fill sequence
x86/speculation: Add RSB VM Exit protections
macintosh/adb: fix oob read in do_adb_query() function
ACPI: video: Shortening quirk list by identifying Clevo by board_name only
ACPI: video: Force backlight native for some TongFang devices
* scsi: core: Fix race between handling STS_RESOURCE and completion
drivers/scsi/scsi_lib.c
mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle.
ARM: crypto: comment out gcc warning that breaks clang builds
perf symbol: Correct address for bss symbols
* netfilter: nf_queue: do not allow packet truncation below transport header offset
net/netfilter/nfnetlink_queue.c
* sctp: fix sleep in atomic context bug in timer handlers
net/sctp/stream_sched.c
i40e: Fix interface init with MSI interrupts (no MSI-X)
* tcp: Fix a data-race around sysctl_tcp_comp_sack_nr.
net/ipv4/tcp_input.c
* tcp: Fix a data-race around sysctl_tcp_comp_sack_delay_ns.
net/ipv4/tcp_input.c
Documentation: fix sctp_wmem in ip-sysctl.rst
* tcp: Fix a data-race around sysctl_tcp_invalid_ratelimit.
net/ipv4/tcp_input.c
* tcp: Fix a data-race around sysctl_tcp_autocorking.
net/ipv4/tcp.c
* tcp: Fix a data-race around sysctl_tcp_min_rtt_wlen.
net/ipv4/tcp_input.c
* tcp: Fix a data-race around sysctl_tcp_min_tso_segs.
net/ipv4/tcp_output.c
net: sungem_phy: Add of_node_put() for reference returned by of_get_parent()
* igmp: Fix data-races around sysctl_igmp_qrv.
net/ipv4/igmp.c
* net: ping6: Fix memleak in ipv6_renew_options().
net/ipv6/ping.c
* tcp: Fix a data-race around sysctl_tcp_challenge_ack_limit.
net/ipv4/tcp_input.c
* scsi: ufs: host: Hold reference returned by of_parse_phandle()
drivers/scsi/ufs/ufshcd-pltfrm.c
* tcp: Fix a data-race around sysctl_tcp_nometrics_save.
net/ipv4/tcp_metrics.c
* tcp: Fix a data-race around sysctl_tcp_frto.
net/ipv4/tcp_input.c
* tcp: Fix a data-race around sysctl_tcp_adv_win_scale.
include/net/tcp.h
* tcp: Fix a data-race around sysctl_tcp_app_win.
net/ipv4/tcp_input.c
* tcp: Fix data-races around sysctl_tcp_dsack.
net/ipv4/tcp_input.c
s390/archrandom: prevent CPACF trng invocations in interrupt context
ntfs: fix use-after-free in ntfs_ucsncmp()
* Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
include/net/bluetooth/l2cap.h
net/bluetooth/l2cap_core.c
* FROMLIST: binder: fix UAF of ref->proc caused by race condition
drivers/android/binder.c
Merge 4.19.254 into android-4.19-stable
Linux 4.19.254
PCI: hv: Fix interrupt mapping for multi-MSI
PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI
PCI: hv: Fix multi-MSI to allow more than one MSI vector
* net: usb: ax88179_178a needs FLAG_SEND_ZLP
drivers/net/usb/ax88179_178a.c
* tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
drivers/tty/pty.c
drivers/tty/tty_buffer.c
include/linux/tty_flip.h
* tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()
drivers/tty/tty_buffer.c
* tty: drop tty_schedule_flip()
drivers/tty/tty_buffer.c
include/linux/tty_flip.h
tty: the rest, stop using tty_schedule_flip()
tty: drivers/tty/, stop using tty_schedule_flip()
serial: mvebu-uart: correctly report configured baudrate value
* Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks
include/net/bluetooth/bluetooth.h
* Bluetooth: SCO: Fix sco_send_frame returning skb->len
net/bluetooth/sco.c
* Bluetooth: Fix passing NULL to PTR_ERR
include/net/bluetooth/bluetooth.h
net/bluetooth/sco.c
Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
* Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
net/bluetooth/sco.c
* Bluetooth: Add bt_skb_sendmmsg helper
include/net/bluetooth/bluetooth.h
* Bluetooth: Add bt_skb_sendmsg helper
include/net/bluetooth/bluetooth.h
* ALSA: memalloc: Align buffer allocations in page size
sound/core/memalloc.c
* ima: remove the IMA_TEMPLATE Kconfig option
security/integrity/ima/Kconfig
dlm: fix pending remove if msg allocation fails
* HID: add ALWAYS_POLL quirk to lenovo pixart mouse
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
* HID: multitouch: add support for the Smart Tech panel
drivers/hid/hid-multitouch.c
* HID: multitouch: Lenovo X1 Tablet Gen3 trackpoint and buttons
drivers/hid/hid-ids.h
drivers/hid/hid-multitouch.c
* HID: multitouch: simplify the application retrieval
drivers/hid/hid-multitouch.c
tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator
drm/tilcdc: Remove obsolete crtc_mode_valid() hack
* bpf: Make sure mac_header was set before using it
kernel/bpf/core.c
mm/mempolicy: fix uninit-value in mpol_rebind_policy()
* Revert "Revert "char/random: silence a lockdep splat with printk()""
drivers/char/random.c
* tcp: Fix data-races around sysctl_tcp_max_reordering.
net/ipv4/tcp_input.c
* tcp: Fix a data-race around sysctl_tcp_rfc1337.
net/ipv4/tcp_minisocks.c
* tcp: Fix a data-race around sysctl_tcp_stdurg.
net/ipv4/tcp_input.c
* tcp: Fix a data-race around sysctl_tcp_retrans_collapse.
net/ipv4/tcp_output.c
* tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
include/net/tcp.h
net/ipv4/tcp_output.c
* tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.
net/ipv4/tcp_timer.c
* tcp: Fix data-races around sysctl_tcp_recovery.
net/ipv4/tcp_input.c
net/ipv4/tcp_recovery.c
* tcp: Fix a data-race around sysctl_tcp_early_retrans.
net/ipv4/tcp_output.c
be2net: Fix buffer overflow in be_get_module_eeprom
* tcp: Fix data-races around sysctl_tcp_fastopen.
net/ipv4/af_inet.c
net/ipv4/tcp.c
net/ipv4/tcp_fastopen.c
* tcp: Fix a data-race around sysctl_tcp_tw_reuse.
net/ipv4/tcp_ipv4.c
* tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
include/net/tcp.h
* tcp: Fix data-races around some timeout sysctl knobs.
include/net/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_output.c
net/ipv4/tcp_timer.c
* tcp: Fix data-races around sysctl_tcp_reordering.
net/ipv4/tcp.c
net/ipv4/tcp_input.c
net/ipv4/tcp_metrics.c
* igmp: Fix a data-race around sysctl_igmp_max_memberships.
net/ipv4/igmp.c
* igmp: Fix data-races around sysctl_igmp_llm_reports.
net/ipv4/igmp.c
net/tls: Fix race in TLS device down flow
net: stmmac: fix dma queue left shift overflow issue
i2c: cadence: Change large transfer count reset logic to be unconditional
* tcp: Fix a data-race around sysctl_tcp_probe_interval.
net/ipv4/tcp_output.c
* tcp: Fix a data-race around sysctl_tcp_probe_threshold.
net/ipv4/tcp_output.c
* tcp: Fix data-races around sysctl_tcp_mtu_probing.
net/ipv4/tcp_output.c
net/ipv4/tcp_timer.c
* tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.
include/net/inet_sock.h
* ip: Fix a data-race around sysctl_fwmark_reflect.
include/net/ip.h
* ip: Fix data-races around sysctl_ip_nonlocal_bind.
include/net/inet_sock.h
net/sctp/protocol.c
* ip: Fix data-races around sysctl_ip_fwd_use_pmtu.
include/net/ip.h
net/ipv4/route.c
* perf/core: Fix data race between perf_event_set_output() and perf_mmap_close()
kernel/events/core.c
pinctrl: ralink: Check for null return of devm_kcalloc
power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
* xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
net/xfrm/xfrm_policy.c
xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE
riscv: add as-options for modules with assembly compontents
* Revert "cgroup: Use separate src/dst nodes when preloading css_sets for migration"
include/linux/cgroup-defs.h
kernel/cgroup/cgroup.c
Merge 4.19.253 into android-4.19-stable
* FROMGIT: arm64: fix oops in concurrently setting insn_emulation sysctls
arch/arm64/kernel/armv8_deprecated.c
Linux 4.19.253
can: m_can: m_can_tx_handler(): fix use after free of skb
serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
serial: stm32: Clear prev values before setting RTS delays
serial: 8250: fix return error code in serial8250_request_std_resource()
tty: serial: samsung_tty: set dma burst_size to 1
* usb: dwc3: gadget: Fix event pending check
drivers/usb/dwc3/gadget.c
* usb: typec: add missing uevent when partner support PD
drivers/usb/typec/class.c
USB: serial: ftdi_sio: add Belimo device ids
* signal handling: don't use BUG_ON() for debugging
kernel/signal.c
ARM: dts: stm32: use the correct clock source for CEC on stm32mp151
x86: Clear .brk area at early boot
irqchip: or1k-pic: Undefine mask_ack for level triggered hardware
ASoC: wm5110: Fix DRE control
* ASoC: ops: Fix off by one in range control validation
sound/soc/soc-ops.c
net: sfp: fix memory leak in sfp_probe()
NFC: nxp-nci: don't print header length mismatch on i2c error
* net: tipc: fix possible refcount leak in tipc_sk_create()
net/tipc/socket.c
platform/x86: hp-wmi: Ignore Sanitization Mode event
cpufreq: pmac32-cpufreq: Fix refcount leak bug
netfilter: br_netfilter: do not skip all hooks with 0 priority
virtio_mmio: Restore guest page size on resume
virtio_mmio: Add missing PM calls to freeze/restore
sfc: fix kernel panic when creating VF
* seg6: bpf: fix skb checksum in bpf_push_seg6_encap()
net/core/filter.c
seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors
seg6: fix skb checksum evaluation in SRH encapsulation/insertion
sfc: fix use after free when disabling sriov
* ipv4: Fix data-races around sysctl_ip_dynaddr.
net/ipv4/af_inet.c
* icmp: Fix a data-race around sysctl_icmp_ratemask.
net/ipv4/icmp.c
* icmp: Fix a data-race around sysctl_icmp_ratelimit.
net/ipv4/icmp.c
ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
* icmp: Fix data-races around sysctl.
net/ipv4/icmp.c
cipso: Fix data-races around sysctl.
* net: Fix data-races around sysctl_mem.
include/net/sock.h
* inetpeer: Fix data-races around sysctl.
net/ipv4/inetpeer.c
ASoC: sgtl5000: Fix noise on shutdown/remove
ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle
ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count
nilfs2: fix incorrect masking of permission flags for symlinks
* cgroup: Use separate src/dst nodes when preloading css_sets for migration
include/linux/cgroup-defs.h
kernel/cgroup/cgroup.c
ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction
ARM: 9213/1: Print message about disabled Spectre workarounds only once
* net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer
include/trace/events/sock.h
tracing/histograms: Fix memory leak problem
xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
ALSA: hda - Add fixup for Dell Latitidue E5430
* ANDROID: cgroup: Fix for a partially backported patch
kernel/cgroup/cgroup.c
* ANDROID: allow add_hwgenerator_randomness() from non-kthread
drivers/char/random.c
Bug: 245015726
Change-Id: Id652280ee1130fde47b985f2c220c83570be9157
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Lucas Wei
|
eae5a83bf8 |
Merge android-4.19-stable (4.19.252) into android-msm-pixel-4.19-lts
Merge 4.19.252 into android-4.19-stable
Linux 4.19.252
dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
dmaengine: pl330: Fix lockdep warning about non-static key
* ida: don't use BUG_ON() for debugging
lib/idr.c
misc: rtsx_usb: set return value in rsp_buf alloc err path
* misc: rtsx_usb: use separate command and response buffers
include/linux/rtsx_usb.h
* misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
include/linux/rtsx_usb.h
i2c: cadence: Unregister the clk notifier in error path
selftests: forwarding: fix error message in learning_test
selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT
ibmvnic: Properly dispose of all skbs during a failover.
ARM: at91: pm: use proper compatible for sama5d2's rtc
pinctrl: sunxi: a83t: Fix NAND function name for some pins
ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
xfs: remove incorrect ASSERT in xfs_rename
can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
powerpc/powernv: delay rng platform device creation until later in boot
* video: of_display_timing.h: include errno.h
include/video/of_display_timing.h
fbcon: Disallow setting font bigger than screen size
iommu/vt-d: Fix PCI bus rescan device hot add
net: rose: fix UAF bug caused by rose_t0timer_expiry
* usbnet: fix memory leak in error case
drivers/net/usb/usbnet.c
can: gs_usb: gs_usb_open/close(): fix memory leak
can: grcan: grcan_probe(): remove extra of_node_get()
can: bcm: use call_rcu() instead of costly synchronize_rcu()
* mm/slub: add missing TID updates on slab deactivation
mm/slub.c
* esp: limit skb_page_frag_refill use to a single page
include/net/esp.h
net/ipv4/esp4.c
net/ipv6/esp6.c
Merge 4.19.251 into android-4.19-stable
Merge 4.19.250 into android-4.19-stable
* ANDROID: revert some RNG function signature changes
drivers/char/random.c
include/linux/random.h
* ANDROID: cpu/hotplug: avoid breaking Android ABI by fusing cpuhp steps
include/linux/cpuhotplug.h
kernel/cpu.c
Merge 4.19.249 into android-4.19-stable
* UPSTREAM: lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI
include/crypto/internal/blake2s.h
lib/crypto/blake2s.c
* BACKPORT: lib/crypto: add prompts back to crypto libraries
crypto/Kconfig
lib/Kconfig
lib/crypto/Kconfig
* BACKPORT: lib/crypto: blake2s: include as built-in
crypto/Kconfig
drivers/net/Kconfig
include/crypto/internal/blake2s.h
lib/crypto/Kconfig
lib/crypto/Makefile
lib/crypto/blake2s-generic.c
lib/crypto/blake2s.c
Linux 4.19.251
net: usb: qmi_wwan: add Telit 0x1070 composition
net: usb: qmi_wwan: add Telit 0x1060 composition
xen/arm: Fix race in RB-tree based P2M accounting
xen/blkfront: force data bouncing when backend is untrusted
xen/netfront: force data bouncing when backend is untrusted
xen/netfront: fix leaking data in shared pages
xen/blkfront: fix leaking data in shared pages
* ipv6/sit: fix ipip6_tunnel_get_prl return value
net/ipv6/sit.c
* sit: use min
net/ipv6/sit.c
net: dsa: bcm_sf2: force pause link settings
hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails
xen/gntdev: Avoid blocking in unmap_grant_pages()
* net: tun: avoid disabling NAPI twice
drivers/net/tun.c
NFC: nxp-nci: Don't issue a zero length i2c_master_read()
nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
* net: bonding: fix use-after-free after 802.3ad slave unbind
drivers/net/bonding/bond_3ad.c
* net: bonding: fix possible NULL deref in rlb code
drivers/net/bonding/bond_alb.c
netfilter: nft_dynset: restore set element counter when failing to update
caif_virtio: fix race between virtio_device_ready() and ndo_open()
net: ipv6: unexport __init-annotated seg6_hmac_net_init()
* usbnet: fix memory allocation in helpers
drivers/net/usb/usbnet.c
RDMA/qedr: Fix reporting QP timeout attribute
* net: tun: stop NAPI when detaching queues
drivers/net/tun.c
* net: tun: unlink NAPI from device on destruction
drivers/net/tun.c
selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
virtio-net: fix race between ndo_open() and virtio_device_ready()
* net: usb: ax88179_178a: Fix packet receiving
drivers/net/usb/ax88179_178a.c
net: rose: fix UAF bugs caused by timer handler
SUNRPC: Fix READ_PLUS crasher
s390/archrandom: simplify back to earlier design and initialize earlier
dm raid: fix KASAN warning in raid5_add_disks
dm raid: fix accesses beyond end of raid member array
nvdimm: Fix badblocks clear off-by-one error
* UPSTREAM: crypto: poly1305 - fix poly1305_core_setkey() declaration
include/crypto/internal/poly1305.h
include/crypto/poly1305.h
lib/crypto/poly1305-donna64.c
lib/crypto/poly1305.c
* UPSTREAM: mm: fix misplaced unlock_page in do_wp_page()
mm/memory.c
* BACKPORT: mm: do_wp_page() simplification
mm/memory.c
* UPSTREAM: mm/ksm: Remove reuse_ksm_page()
include/linux/ksm.h
* UPSTREAM: mm: reuse only-pte-mapped KSM page in do_wp_page()
include/linux/ksm.h
mm/memory.c
Linux 4.19.250
* swiotlb: skip swiotlb_bounce when orig_addr is zero
kernel/dma/swiotlb.c
* net/sched: move NULL ptr check to qdisc_put() too
net/sched/sch_generic.c
net: mscc: ocelot: allow unregistered IP multicast flooding
* kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
include/linux/kexec.h
* fdt: Update CRC check for rng-seed
drivers/of/fdt.c
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
* drm: remove drm_fb_helper_modinit
drivers/gpu/drm/drm_crtc_helper_internal.h
drivers/gpu/drm/drm_kms_helper_common.c
powerpc/pseries: wire up rng during setup_arch()
* kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt)
Makefile
* modpost: fix section mismatch check for exported init/exit sections
scripts/mod/modpost.c
ARM: cns3xxx: Fix refcount leak in cns3xxx_init
ARM: Fix refcount leak in axxia_boot_secondary
soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
ARM: exynos: Fix refcount leak in exynos_map_pmu
ARM: dts: imx6qdl: correct PU regulator ramp delay
powerpc/powernv: wire up rng during setup_arch
powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
powerpc: Enable execve syscall exit tracepoint
xtensa: Fix refcount leak bug in time.c
xtensa: xtfpga: Fix refcount leak bug in setup
iio: adc: axp288: Override TS pin bias current for some models
iio: trigger: sysfs: fix use-after-free on remove
iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
iio: accel: mma8452: ignore the return value of reset operation
iio:accel:bma180: rearrange iio trigger get and register
iio:chemical:ccs811: rearrange iio trigger get and register
usb: chipidea: udc: check request status before setting device address
* xhci: turn off port power in shutdown
drivers/usb/host/xhci-hub.c
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
iio: adc: vf610: fix conversion mode sysfs node name
gpio: winbond: Fix error code in winbond_gpio_get()
virtio_net: fix xdp_rxq_info bug after suspend/resume
igb: Make DMA faster when CPU is active on the PCIe link
afs: Fix dynamic root getattr
MIPS: Remove repetitive increase irq_err_count
x86/xen: Remove undefined behavior in setup_features()
erspan: do not assume transport header is always set
* net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms
net/sched/sch_netem.c
* bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
drivers/net/bonding/bond_main.c
USB: serial: option: add Quectel RM500K module support
USB: serial: option: add Quectel EM05-G modem
USB: serial: option: add Telit LE910Cx 0x1250 composition
* random: quiet urandom warning ratelimit suppression message
drivers/char/random.c
include/linux/ratelimit.h
dm era: commit metadata in postsuspend after worker stops
* ata: libata: add qc->flags in ata_qc_complete_template tracepoint
include/trace/events/libata.h
ALSA: hda/realtek: Add quirk for Clevo PD70PNT
ALSA: hda/conexant: Fix missing beep setup
ALSA: hda/via: Fix missing beep setup
* random: schedule mix_interrupt_randomness() less often
drivers/char/random.c
vt: drop old FONT ioctls
Linux 4.19.249
* Revert "hwmon: Make chip parameter for with_info API mandatory"
drivers/hwmon/hwmon.c
* tcp: drop the hash_32() part from the index calculation
net/ipv4/inet_hashtables.c
* tcp: increase source port perturb table to 2^16
net/ipv4/inet_hashtables.c
* tcp: dynamically allocate the perturb table used by source ports
net/ipv4/inet_hashtables.c
* tcp: add small random increments to the source port
net/ipv4/inet_hashtables.c
* tcp: use different parts of the port_offset for index and offset
net/ipv4/inet_hashtables.c
* tcp: add some entropy in __inet_hash_connect()
net/ipv4/inet_hashtables.c
xprtrdma: fix incorrect header size calculations
* usb: gadget: u_ether: fix regression in setting fixed MAC address
drivers/usb/gadget/function/u_ether.c
s390/mm: use non-quiescing sske for KVM switch to keyed guest
powerpc/mm: Switch obsolete dssall to .long
RISC-V: fix barrier() use in <vdso/processor.h>
net: openvswitch: fix leak of nested actions
net: openvswitch: fix misuse of the cached connection on tuple changes
virtio-pci: Remove wrong address verification in vp_del_vqs()
* ext4: add reserved GDT blocks check
fs/ext4/resize.c
* ext4: make variable "count" signed
fs/ext4/namei.c
* ext4: fix bug_on ext4_mb_use_inode_pa
fs/ext4/mballoc.c
serial: 8250: Store to lsr_save_flags after lsr read
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
usb: dwc2: Fix memory leak in dwc2_hcd_init
USB: serial: io_ti: add Agilent E5805A support
USB: serial: option: add support for Cinterion MV31 with new baseline
comedi: vmk80xx: fix expression for tx buffer size
* irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
drivers/irqchip/irq-gic-v3.c
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
faddr2line: Fix overlapping text section failures, the sequel
certs/blacklist_hashes.c: fix const confusion in certs blacklist
arm64: ftrace: fix branch range checks
net: bgmac: Fix an erroneous kfree() in bgmac_remove()
mlxsw: spectrum_cnt: Reorder counter pools
misc: atmel-ssc: Fix IRQ check in ssc_probe
tty: goldfish: Fix free_irq() on remove
i40e: Fix call trace in setup_tx_descriptors
i40e: Fix adding ADQ filter to TC0
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
* random: credit cpu and bootloader seeds by default
drivers/char/Kconfig
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
* ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net/l2tp/l2tp_ip6.c
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
scsi: pmcraid: Fix missing resource cleanup in error case
scsi: ipr: Fix missing/incorrect resource cleanup in error case
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
* ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
sound/soc/codecs/wm_adsp.c
ASoC: es8328: Fix event generation for deemphasis control
ASoC: wm8962: Fix suspend while playing music
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Fix TLV scales for mixer controls
powerpc/kasan: Silence KASAN warnings in __get_wchan()
* random: account for arch randomness in bits
drivers/char/random.c
* random: mark bootloader randomness code as __init
drivers/char/random.c
include/linux/random.h
* random: avoid checking crng_ready() twice in random_init()
drivers/char/random.c
* crypto: drbg - make reseeding from get_random_bytes() synchronous
crypto/drbg.c
drivers/char/random.c
include/crypto/drbg.h
* crypto: drbg - always try to free Jitter RNG instance
crypto/drbg.c
* crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto/drbg.c
* crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto/drbg.c
include/crypto/drbg.h
* crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto/drbg.c
include/crypto/drbg.h
* crypto: drbg - always seeded with SP800-90B compliant noise source
crypto/drbg.c
include/crypto/drbg.h
* crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto/drbg.c
include/crypto/drbg.h
* Revert "random: use static branch for crng_ready()"
drivers/char/random.c
* random: check for signals after page of pool writes
drivers/char/random.c
* random: wire up fops->splice_{read,write}_iter()
drivers/char/random.c
* random: convert to using fops->write_iter()
drivers/char/random.c
* random: move randomize_page() into mm where it belongs
drivers/char/random.c
include/linux/mm.h
include/linux/random.h
mm/util.c
* random: move initialization functions out of hot pages
drivers/char/random.c
* random: use proper return types on get_random_{int,long}_wait()
drivers/char/random.c
include/linux/random.h
* random: remove extern from functions in header
include/linux/random.h
* random: use static branch for crng_ready()
drivers/char/random.c
* random: credit architectural init the exact amount
drivers/char/random.c
* random: handle latent entropy and command line from random_init()
drivers/char/random.c
include/linux/random.h
init/main.c
* random: use proper jiffies comparison macro
drivers/char/random.c
* random: remove ratelimiting for in-kernel unseeded randomness
drivers/char/random.c
lib/Kconfig.debug
* random: avoid initializing twice in credit race
drivers/char/random.c
* random: use symbolic constants for crng_init states
drivers/char/random.c
* siphash: use one source of truth for siphash permutations
drivers/char/random.c
include/linux/prandom.h
include/linux/siphash.h
lib/siphash.c
* random: help compiler out with fast_mix() by using simpler arguments
drivers/char/random.c
* random: do not use input pool from hard IRQs
drivers/char/random.c
* random: order timer entropy functions below interrupt functions
drivers/char/random.c
* random: do not pretend to handle premature next security model
drivers/char/random.c
* random: do not use batches when !crng_ready()
drivers/char/random.c
* random: insist on random_get_entropy() existing in order to simplify
drivers/char/random.c
xtensa: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
arm: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
m68k: use fallback for random_get_entropy() instead of zero
* timekeeping: Add raw clock fallback for random_get_entropy()
include/linux/timex.h
kernel/time/timekeeping.c
powerpc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
ia64: define get_cycles macro for arch-override
* init: call time_init() before rand_initialize()
init/main.c
random: fix sysctl documentation nits
* random: document crng_fast_key_erasure() destination possibility
drivers/char/random.c
* random: make random_get_entropy() return an unsigned long
drivers/char/random.c
include/linux/timex.h
* random: check for signals every PAGE_SIZE chunk of /dev/[u]random
drivers/char/random.c
* random: check for signal_pending() outside of need_resched() check
drivers/char/random.c
* random: do not allow user to keep crng key around on stack
drivers/char/random.c
* random: do not split fast init input in add_hwgenerator_randomness()
drivers/char/random.c
* random: mix build-time latent entropy into pool at init
drivers/char/random.c
* random: re-add removed comment about get_random_{u32,u64} reseeding
drivers/char/random.c
* random: treat bootloader trust toggle the same way as cpu trust toggle
drivers/char/Kconfig
drivers/char/random.c
* random: skip fast_init if hwrng provides large chunk of entropy
drivers/char/random.c
* random: check for signal and try earlier when generating entropy
drivers/char/random.c
* random: reseed more often immediately after booting
drivers/char/random.c
* random: make consistent usage of crng_ready()
drivers/char/random.c
* random: use SipHash as interrupt entropy accumulator
drivers/char/random.c
* random: replace custom notifier chain with standard one
crypto/drbg.c
drivers/char/random.c
include/crypto/drbg.h
include/linux/random.h
lib/random32.c
lib/vsprintf.c
* random: don't let 644 read-only sysctls be written to
drivers/char/random.c
* random: give sysctl_random_min_urandom_seed a more sensible value
drivers/char/random.c
* random: do crng pre-init loading in worker rather than irq
drivers/char/random.c
* random: unify cycles_t and jiffies usage and types
drivers/char/random.c
* random: cleanup UUID handling
drivers/char/random.c
* random: only wake up writers after zap if threshold was passed
drivers/char/random.c
* random: round-robin registers as ulong, not u32
drivers/char/random.c
* random: clear fast pool, crng, and batches in cpuhp bring up
drivers/char/random.c
include/linux/cpuhotplug.h
include/linux/random.h
kernel/cpu.c
* random: pull add_hwgenerator_randomness() declaration into random.h
drivers/char/hw_random/core.c
include/linux/hw_random.h
include/linux/random.h
* random: check for crng_init == 0 in add_device_randomness()
drivers/char/random.c
* random: unify early init crng load accounting
drivers/char/random.c
* random: do not take pool spinlock at boot
drivers/char/random.c
* random: defer fast pool mixing to worker
drivers/char/random.c
* random: rewrite header introductory comment
drivers/char/random.c
* random: group sysctl functions
drivers/char/random.c
* random: group userspace read/write functions
drivers/char/random.c
* random: group entropy collection functions
drivers/char/random.c
* random: group entropy extraction functions
drivers/char/random.c
* random: group initialization wait functions
drivers/char/random.c
* random: remove whitespace and reorder includes
drivers/char/random.c
* random: remove useless header comment
include/linux/random.h
* random: introduce drain_entropy() helper to declutter crng_reseed()
drivers/char/random.c
* random: deobfuscate irq u32/u64 contributions
drivers/char/random.c
* random: add proper SPDX header
drivers/char/random.c
* random: remove unused tracepoints
drivers/char/random.c
lib/random32.c
* random: remove ifdef'd out interrupt bench
drivers/char/random.c
* random: tie batched entropy generation to base_crng generation
drivers/char/random.c
* random: zero buffer after reading entropy from userspace
drivers/char/random.c
* random: remove outdated INT_MAX >> 6 check in urandom_read()
drivers/char/random.c
* random: use hash function for crng_slow_load()
drivers/char/random.c
include/linux/hw_random.h
include/linux/random.h
* random: absorb fast pool into input pool after fast load
drivers/char/random.c
* random: do not xor RDRAND when writing into /dev/random
drivers/char/random.c
* random: ensure early RDSEED goes through mixer on init
drivers/char/random.c
* random: inline leaves of rand_initialize()
drivers/char/random.c
* random: use RDSEED instead of RDRAND in entropy extraction
drivers/char/random.c
* random: fix locking in crng_fast_load()
drivers/char/random.c
* random: remove batched entropy locking
drivers/char/random.c
* random: remove use_input_pool parameter from crng_reseed()
drivers/char/random.c
* random: make credit_entropy_bits() always safe
drivers/char/random.c
* random: always wake up entropy writers after extraction
drivers/char/random.c
* random: use linear min-entropy accumulation crediting
drivers/char/random.c
* random: simplify entropy debiting
drivers/char/random.c
* random: use computational hash for entropy extraction
drivers/char/random.c
* random: only call crng_finalize_init() for primary_crng
drivers/char/random.c
* random: access primary_pool directly rather than through pointer
drivers/char/random.c
* random: continually use hwgenerator randomness
drivers/char/random.c
* random: simplify arithmetic function flow in account()
drivers/char/random.c
* random: access input_pool_data directly rather than through pointer
drivers/char/random.c
* random: cleanup fractional entropy shift constants
drivers/char/random.c
* random: prepend remaining pool constants with POOL_
drivers/char/random.c
* random: de-duplicate INPUT_POOL constants
drivers/char/random.c
* random: remove unused OUTPUT_POOL constants
drivers/char/random.c
* random: rather than entropy_store abstraction, use global
drivers/char/random.c
* random: remove unused extract_entropy() reserved argument
drivers/char/random.c
* random: remove incomplete last_data logic
drivers/char/random.c
* random: cleanup integer types
drivers/char/random.c
* random: cleanup poolinfo abstraction
drivers/char/random.c
* random: fix typo in comments
drivers/char/random.c
* random: don't reset crng_init_cnt on urandom_read()
drivers/char/random.c
* random: avoid superfluous call to RDRAND in CRNG extraction
drivers/char/random.c
* random: early initialization of ChaCha constants
drivers/char/random.c
* random: initialize ChaCha20 constants with correct endianness
drivers/char/random.c
* random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
drivers/char/random.c
* random: harmonize "crng init done" messages
drivers/char/random.c
* random: mix bootloader randomness into pool
drivers/char/random.c
* random: do not re-init if crng_reseed completes before primary init
drivers/char/random.c
* random: do not sign extend bytes for rotation when mixing
drivers/char/random.c
* random: use BLAKE2s instead of SHA1 in extraction
drivers/char/random.c
* random: remove unused irq_flags argument from add_interrupt_randomness()
drivers/char/random.c
include/linux/random.h
kernel/irq/handle.c
* random: document add_hwgenerator_randomness() with other input functions
drivers/char/random.c
* crypto: blake2s - adjust include guard naming
include/crypto/blake2s.h
include/crypto/internal/blake2s.h
* crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
include/crypto/blake2s.h
MAINTAINERS: co-maintain random.c
* random: remove dead code left over from blocking pool
drivers/char/random.c
* random: avoid arch_get_random_seed_long() when collecting IRQ randomness
drivers/char/random.c
* random: add arch_get_random_*long_early()
drivers/char/random.c
include/linux/random.h
powerpc: Use bool in archrandom.h
* linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
include/linux/random.h
* linux/random.h: Use false with bool
include/linux/random.h
* linux/random.h: Remove arch_has_random, arch_has_random_seed
include/linux/random.h
s390: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
x86: Remove arch_has_random, arch_has_random_seed
* random: avoid warnings for !CONFIG_NUMA builds
drivers/char/random.c
* random: split primary/secondary crng init paths
drivers/char/random.c
* random: remove some dead code of poolinfo
drivers/char/random.c
* random: fix typo in add_timer_randomness()
drivers/char/random.c
* random: Add and use pr_fmt()
drivers/char/random.c
* random: convert to ENTROPY_BITS for better code readability
drivers/char/random.c
* random: remove unnecessary unlikely()
drivers/char/random.c
* random: remove kernel.random.read_wakeup_threshold
drivers/char/random.c
* random: delete code to pull data into pools
drivers/char/random.c
* random: remove the blocking pool
drivers/char/random.c
* random: fix crash on multiple early calls to add_bootloader_randomness()
drivers/char/random.c
* char/random: silence a lockdep splat with printk()
drivers/char/random.c
* random: make /dev/random be almost like /dev/urandom
drivers/char/random.c
* random: ignore GRND_RANDOM in getentropy(2)
drivers/char/random.c
include/uapi/linux/random.h
* random: add GRND_INSECURE to return best-effort non-cryptographic bytes
drivers/char/random.c
include/uapi/linux/random.h
* random: Add a urandom_read_nowait() for random APIs that don't warn
drivers/char/random.c
* random: Don't wake crng_init_wait when crng_init == 1
drivers/char/random.c
* lib/crypto: sha1: re-roll loops to reduce code size
lib/sha1.c
* lib/crypto: blake2s: move hmac construction into wireguard
include/crypto/blake2s.h
lib/crypto/blake2s.c
* crypto: blake2s - generic C library implementation and selftest
include/crypto/blake2s.h
include/crypto/internal/blake2s.h
lib/Makefile
lib/crypto/Makefile
lib/crypto/blake2s-generic.c
lib/crypto/blake2s.c
* Revert "hwrng: core - Freeze khwrng thread during suspend"
drivers/char/random.c
* char/random: Add a newline at the end of the file
drivers/char/random.c
* random: Use wait_event_freezable() in add_hwgenerator_randomness()
drivers/char/random.c
* fdt: add support for rng-seed
drivers/char/Kconfig
drivers/char/random.c
drivers/of/fdt.c
include/linux/random.h
* random: Support freezable kthreads in add_hwgenerator_randomness()
drivers/char/random.c
* random: fix soft lockup when trying to read from an uninitialized blocking pool
drivers/char/random.c
* latent_entropy: avoid build error when plugin cflags are not set
include/linux/random.h
* random: document get_random_int() family
drivers/char/random.c
* random: move rand_initialize() earlier
drivers/char/random.c
include/linux/random.h
init/main.c
* random: only read from /dev/random after its pool has received 128 bits
drivers/char/random.c
* drivers/char/random.c: make primary_crng static
drivers/char/random.c
* drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c
* drivers/char/random.c: constify poolinfo_table
drivers/char/random.c
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
Bug: 240880948
Change-Id: I46de87f5e1ff2146dbc394d88275d609ee871bc1
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Lucas Wei
|
9861f5c7bf |
Merge android-4.19-stable (4.19.248) into android-msm-pixel-4.19-lts
Merge 4.19.248 into android-4.19-stable
* UPSTREAM: ext4: verify dir block before splitting it
fs/ext4/namei.c
* UPSTREAM: ext4: fix use-after-free in ext4_rename_dir_prepare
fs/ext4/namei.c
* BACKPORT: ext4: Only advertise encrypted_casefold when encryption and unicode are enabled
fs/ext4/sysfs.c
* BACKPORT: ext4: fix no-key deletion for encrypt+casefold
fs/ext4/namei.c
* BACKPORT: ext4: optimize match for casefolded encrypted dirs
fs/ext4/ext4.h
fs/ext4/namei.c
* BACKPORT: ext4: handle casefolding with encryption
fs/ext4/dir.c
fs/ext4/ext4.h
fs/ext4/hash.c
fs/ext4/inline.c
fs/ext4/namei.c
fs/ext4/super.c
fs/ext4/sysfs.c
* Revert "ANDROID: ext4: Handle casefolding with encryption"
fs/ext4/dir.c
fs/ext4/ext4.h
fs/ext4/hash.c
fs/ext4/ialloc.c
fs/ext4/inline.c
fs/ext4/namei.c
fs/ext4/super.c
* Revert "ANDROID: ext4: Optimize match for casefolded encrypted dirs"
fs/ext4/ext4.h
fs/ext4/namei.c
* UPSTREAM: Revert "hwmon: Make chip parameter for with_info API mandatory"
drivers/hwmon/hwmon.c
* ANDROID: extcon: fix allocation for edev->bnh
drivers/extcon/extcon.c
* Revert "drm: fix EDID struct for old ARM OABI format"
include/drm/drm_edid.h
* Revert "mailbox: forward the hrtimer if not queued and under a lock"
drivers/mailbox/mailbox.c
include/linux/mailbox_controller.h
* Revert "ALSA: jack: Access input_dev under mutex"
include/sound/jack.h
sound/core/jack.c
* Revert "ext4: fix use-after-free in ext4_rename_dir_prepare"
fs/ext4/namei.c
* Revert "ext4: verify dir block before splitting it"
fs/ext4/namei.c
Linux 4.19.248
x86/speculation/mmio: Print SMT warning
KVM: x86/speculation: Disable Fill buffer clear within guests
x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
x86/speculation/srbds: Update SRBDS mitigation selection
* x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
drivers/base/cpu.c
include/linux/cpu.h
x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
x86/speculation: Add a common function for MD_CLEAR mitigation update
x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
Documentation: Add documentation for Processor MMIO Stale Data
x86/cpu: Add another Alder Lake CPU to the Intel family
x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
x86/cpu: Add Jasper Lake to Intel family
* cpu/speculation: Add prototype for cpu_show_srbds()
include/linux/cpu.h
x86/cpu: Add Elkhart Lake to Intel family
Merge 4.19.247 into android-4.19-stable
Linux 4.19.247
* tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
net/ipv4/tcp_input.c
* mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
include/linux/mtd/cfi.h
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
md/raid0: Ignore RAID0 layout if the second zone has only one device
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
ixgbe: fix bcast packets Rx on VF after promisc removal
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
mmc: block: Fix CQE recovery reset success
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
cifs: return errors during session setup during reconnects
ALSA: hda/conexant - Fix loopback issue with CX20632
vringh: Fix loop descriptors check in the indirect cases
* nodemask: Fix return values to be unsigned
include/linux/nodemask.h
lib/nodemask.c
nbd: fix io hung while disconnecting device
nbd: fix race between nbd_alloc_config() and module removal
nbd: call genl_unregister_family() first in nbd_cleanup()
* modpost: fix undefined behavior of is_arm_mapping_symbol()
scripts/mod/modpost.c
drm/radeon: fix a possible null pointer dereference
ceph: allow ceph.dir.rctime xattr to be updatable
* Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
net/key/af_key.c
md: protect md_unregister_thread from reentrancy
* kernfs: Separate kernfs_pr_cont_buf and rename_lock.
fs/kernfs/dir.c
serial: msm_serial: disable interrupts in __msm_console_write()
staging: rtl8712: fix uninit-value in r871xu_drv_init()
clocksource/drivers/sp804: Avoid error on multiple instances
* extcon: Modify extcon device to be created after driver data is set
drivers/extcon/extcon.c
misc: rtsx: set NULL intfdata when probe fails
usb: dwc2: gadget: don't reset gadget's driver->bus
* USB: hcd-pci: Fully suspend across freeze/thaw cycle
drivers/usb/core/hcd-pci.c
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
tty: Fix a possible resource leak in icom_probe
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
lkdtm/usercopy: Expand size of "out of frame" object
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
drm: imx: fix compiler warning with gcc-12
net: altera: Fix refcount leak in altera_tse_mdio_create
ip_gre: test csum_start instead of transport header
net/mlx5: Rearm the FW tracer after each tracer event
net: ipv6: unexport __init-annotated seg6_hmac_init()
* net: xfrm: unexport __init-annotated xfrm4_protocol_init()
net/ipv4/xfrm4_protocol.c
* net: mdio: unexport __init-annotated mdio_bus_init()
drivers/net/phy/mdio_bus.c
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
* bpf, arm64: Clear prog->jited_len along prog->jited
arch/arm64/net/bpf_jit_comp.c
* af_unix: Fix a data-race in unix_dgram_peer_wake_me().
net/unix/af_unix.c
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
xprtrdma: treat all calls not a bcall when bc_serv is NULL
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
NFSv4: Don't hold the layoutget locks across multiple RPC calls
m68knommu: fix undefined reference to `_init_sp'
m68knommu: set ZERO_PAGE() to the allocated zeroed page
i2c: cadence: Increase timeout per message if necessary
* tracing: Avoid adding tracer option before update_tracer_options
kernel/trace/trace.c
* tracing: Fix sleeping function called from invalid context on RT kernel
kernel/trace/trace.c
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
* tipc: check attribute length for bearer name
net/tipc/bearer.c
afs: Fix infinite loop found by xfstest generic/676
* tcp: tcp_rtx_synack() can be called from process context
net/ipv4/tcp_output.c
net/mlx5e: Update netdev features after changing XDP state
nfp: only report pause frame configuration for physical device
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
jffs2: fix memory leak in jffs2_do_fill_super
* modpost: fix removing numeric suffixes
scripts/mod/modpost.c
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
bus: ti-sysc: Fix warnings for unbind for serial
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
serial: stm32-usart: Correct CSIZE, bits, and parity
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: sh-sci: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: digicolor-usart: Don't allow CS5-6
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
serial: meson: acquire port->lock in startup()
rtc: mt6397: check return value after calling platform_get_resource()
clocksource/drivers/riscv: Events are stopped during CPU suspend
soc: rockchip: Fix refcount leak in rockchip_grf_init
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
iio: adc: sc27xx: fix read big scale voltage not right
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
pwm: lp3943: Fix duty calculation in case period was clamped
usb: musb: Fix missing of_node_put() in omap2430_probe
USB: storage: karma: fix rio_karma_init return
usb: usbip: add missing device lock on tweak configuration cmd
usb: usbip: fix a refcount leak in stub_probe()
tty: goldfish: Use tty_port_destroy() to destroy port
staging: greybus: codecs: fix type confusion of list iterator variable
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
RDMA/rxe: Generate a completion for unsupported/invalid opcode
phy: qcom-qmp: fix reset-controller leak on probe errors
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
dt-bindings: gpio: altera: correct interrupt-cells
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
phy: qcom-qmp: fix struct clk leak on probe errors
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
gma500: fix an incorrect NULL check on list iterator
carl9170: tx: fix an incorrect use of list iterator
* ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
sound/soc/codecs/rt5514.c
rtl818x: Prevent using not initialized queues
hugetlb: fix huge_pmd_unshare address update
* nodemask.h: fix compilation error with GCC12
include/linux/nodemask.h
iommu/msm: Fix an incorrect NULL check on list iterator
um: Fix out-of-bounds read in LDT setup
um: chan_user: Fix winch_tramp() return value
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
irqchip: irq-xtensa-mx: fix initial IRQ affinity
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
RDMA/hfi1: Fix potential integer multiplication overflow errors
media: coda: Add more H264 levels for CODA960
media: coda: Fix reported H264 profile
md: fix an incorrect NULL check in md_reload_sb
md: fix an incorrect NULL check in does_sb_need_changing
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
* scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
drivers/scsi/ufs/ufs-qcom.c
scsi: dc395x: Fix a missing check on list iterator
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
dlm: fix missing lkb refcount handling
dlm: fix plock invalid read
PCI: qcom: Fix unbalanced PHY init on probe errors
PCI: qcom: Fix runtime PM imbalance on probe errors
* PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
drivers/pci/pci.c
tracing: Fix potential double free in create_var_ref()
* ext4: avoid cycles in directory h-tree
fs/ext4/namei.c
* ext4: verify dir block before splitting it
fs/ext4/namei.c
* ext4: fix bug_on in ext4_writepages
fs/ext4/inline.c
* ext4: fix use-after-free in ext4_rename_dir_prepare
fs/ext4/namei.c
netfilter: nf_tables: disallow non-stateful expression in sets earlier
* fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
fs/fs-writeback.c
iwlwifi: mvm: fix assert 1F04 upon reconfig
wifi: mac80211: fix use-after-free in chanctx code
* f2fs: fix deadloop in foreground GC
fs/f2fs/segment.h
perf jevents: Fix event syntax error caused by ExtSel
perf c2c: Use stdio interface if slang is not supported
iommu/amd: Increase timeout waiting for GA log enablement
dmaengine: stm32-mdma: remove GISR1 register
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
i2c: at91: Initialize dma_buf in at91_twi_xfer()
i2c: at91: use dma safe buffers
iommu/mediatek: Add list_del in mtk_iommu_remove
* f2fs: fix dereference of stale list iterator after loop body
fs/f2fs/segment.c
RDMA/hfi1: Prevent use of lock before it is initialized
* mailbox: forward the hrtimer if not queued and under a lock
drivers/mailbox/mailbox.c
include/linux/mailbox_controller.h
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
powerpc/perf: Fix the threshold compare group constraint for power9
Input: sparcspkr - fix refcount leak in bbc_beep_probe
* tty: fix deadlock caused by calling printk() under tty_port->lock
drivers/tty/tty_buffer.c
* proc: fix dentry/inode overinstantiating under /proc/${pid}/net
fs/proc/generic.c
fs/proc/proc_net.c
powerpc/4xx/cpm: Fix return value of __setup() handler
powerpc/idle: Fix return value of __setup() handler
powerpc/8xx: export 'cpm_setbrg' for modules
dax: fix cache flush on PMD-mapped pages
drivers/base/node.c: fix compaction sysfs file leak
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
* scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
include/scsi/libfcoe.h
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
crypto: marvell/cesa - ECB does not IV
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
PCI: rockchip: Fix find_first_zero_bit() limit
PCI: cadence: Fix find_first_zero_bit() limit
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
* soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
drivers/soc/qcom/smp2p.c
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix listen() setting the bar too high for the prealloc rings
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
* ext4: reject the 'commit' option on ext2 filesystems
fs/ext4/super.c
* sctp: read sk->sk_bound_dev_if once in sctp_rcv()
net/sctp/input.c
m68k: math-emu: Fix dependencies of math emulation support
* Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
net/bluetooth/sco.c
media: vsp1: Fix offset calculation for plane cropping
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: st-delta: Fix PM disable depth imbalance in delta_probe
scripts/faddr2line: Fix overlapping text section failures
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
perf/amd/ibs: Use interrupt regs ip for stack unwinding
media: uvcvideo: Fix missing check to determine if element is found in list
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
x86: Fix return value of __setup handlers
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
* x86/speculation: Add missing prototype for unpriv_ebpf_notify()
include/linux/bpf.h
x86/pm: Fix false positive kmemleak report in msr_build_context()
* scsi: ufs: core: Exclude UECxx from SFR dump list
drivers/scsi/ufs/ufshcd.c
of: overlay: do not break notify on NOTIFY_{OK|STOP}
* fsnotify: fix wrong lockdep annotations
fs/notify/mark.c
* inotify: show inotify mask flags in proc fdinfo
fs/notify/fdinfo.c
fs/notify/inotify/inotify.h
fs/notify/inotify/inotify_user.c
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
spi: img-spfi: Fix pm_runtime_get_sync() error checking
HID: elan: Fix potential double free in elan_input_configured
HID: hid-led: fix maximum brightness for Dream Cheeky
* efi: Add missing prototype for efi_capsule_setup_info
include/linux/efi.h
NFC: NULL out the dev->rfkill to prevent UAF
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
* nl80211: show SSID for P2P_GO interfaces
net/wireless/nl80211.c
drm/vc4: txp: Force alpha to be 0xff if it's disabled
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
drm/mediatek: Fix mtk_cec_mask()
x86/delay: Fix the wrong asm constraint in delay_loop()
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
drm/bridge: adv7511: clean up CEC adapter when probe fails
* drm/edid: fix invalid EDID extension block filtering
drivers/gpu/drm/drm_edid.c
ath9k: fix ar9003_get_eepmisc
* drm: fix EDID struct for old ARM OABI format
include/drm/drm_edid.h
RDMA/hfi1: Prevent panic when SDMA is disabled
* macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
drivers/macintosh/Kconfig
drivers/macintosh/Makefile
powerpc/xics: fix refcount leak in icp_opal_init()
* tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
include/trace/events/vmscan.h
* PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
drivers/pci/pci.c
ARM: hisi: Add missing of_node_put after of_find_compatible_node
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: versatile: Add missing of_node_put in dcscb_init
* fat: add ratelimit to fat*_ent_bread()
fs/fat/fatent.c
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fs: jfs: fix possible NULL pointer dereference in dbFree()
PM / devfreq: rk3399_dmc: Disable edev on remove()
ARM: dts: ox820: align interrupt controller node name with dtschema
* eth: tg3: silence the GCC 12 array-bounds warning
drivers/net/ethernet/broadcom/Makefile
rxrpc: Return an error to sendmsg if call failed
* hwmon: Make chip parameter for with_info API mandatory
drivers/hwmon/hwmon.c
media: exynos4-is: Fix compile warning
net: phy: micrel: Allow probing without .driver_data
ASoC: rt5645: Fix errorenous cleanup order
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
openrisc: start CPU timer early in boot
media: cec-adap.c: fix is_configuring state
rtlwifi: Use pr_warn instead of WARN_ONCE
ipmi:ssif: Check for NULL msg when handling events and messages
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
mlxsw: spectrum_dcb: Do not warn about priority changes
* ASoC: dapm: Don't fold register value changes into notifications
sound/soc/soc-dapm.c
* ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
net/ipv6/addrconf.c
drm/amd/pm: fix the compile warning
* drm/plane: Move range check for format_count earlier
drivers/gpu/drm/drm_plane.c
scsi: megaraid: Fix error check return value of register_chrdev()
md/bitmap: don't set sb values if can't pass sanity check
media: cx25821: Fix the warning when removing the module
media: pci: cx23885: Fix the error handling in cx23885_initdev()
media: venus: hfi: avoid null dereference in deinit
ath9k: fix QCA9561 PA bias level
drm/amd/pm: fix double free in si_parse_power_table()
* ALSA: jack: Access input_dev under mutex
include/sound/jack.h
sound/core/jack.c
ACPICA: Avoid cache flush inside virtual machines
fbcon: Consistently protect deferred_takeover with console_lock()
* ipv6: fix locking issues with loops over idev->addr_list
include/net/if_inet6.h
net/ipv6/addrconf.c
ipw2x00: Fix potential NULL dereference in libipw_xmit()
b43: Fix assigning negative value to unsigned variable
b43legacy: Fix assigning negative value to unsigned variable
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
btrfs: repair super block num_devices automatically
btrfs: add "0x" prefix for unsupported optional features
* ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
kernel/ptrace.c
* ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
include/linux/ptrace.h
* USB: new quirk for Dell Gen 2 devices
drivers/usb/core/quirks.c
USB: serial: option: add Quectel BG95 modem
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
* BACKPORT: psi: Fix uaf issue when psi trigger is destroyed while being polled
include/linux/psi.h
include/linux/psi_types.h
kernel/cgroup/cgroup.c
kernel/sched/psi.c
* FROMGIT: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
net/key/af_key.c
Merge 4.19.246 into android-4.19-stable
Linux 4.19.246
* bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes
net/core/filter.c
NFSD: Fix possible sleep during nfsd4_release_lockowner()
docs: submitting-patches: Fix crossref to 'The canonical patch format'
tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
tpm: Fix buffer access in tpm2_get_tpm_pt()
* HID: multitouch: Add support for Google Whiskers Touchpad
drivers/hid/hid-multitouch.c
* dm verity: set DM_TARGET_IMMUTABLE feature flag
drivers/md/dm-verity-target.c
* dm stats: add cond_resched when looping over entries
drivers/md/dm-stats.c
dm crypt: make printing of the key constant-time
dm integrity: fix error code in dm_integrity_ctr()
* zsmalloc: fix races between asynchronous zspage free and page migration
mm/zsmalloc.c
* netfilter: conntrack: re-fetch conntrack after insertion
include/net/netfilter/nf_conntrack_core.h
* exec: Force single empty string when argv is empty
fs/exec.c
* block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
block/bio.c
drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency()
perf tests bp_account: Make global variable static
perf bench: Share some global variables to fix build with gcc 10
libtraceevent: Fix build with binutils 2.35
* cfg80211: set custom regdomain after wiphy registration
net/wireless/core.c
net/wireless/reg.c
* assoc_array: Fix BUG_ON during garbage collect
lib/assoc_array.c
drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers
i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
net: ftgmac100: Disable hardware checksum on AST2600
* net: af_key: check encryption module availability consistency
net/key/af_key.c
ACPI: sysfs: Fix BERT error region memory mapping
ACPI: sysfs: Make sparse happy about address space in use
* secure_seq: use the 64 bits of the siphash for port offset calculation
include/net/inet_hashtables.h
include/net/secure_seq.h
net/core/secure_seq.c
net/ipv4/inet_hashtables.c
net/ipv6/inet6_hashtables.c
* tcp: change source port randomizarion at connect() time
net/ipv4/inet_hashtables.c
staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan()
x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests
Bug: 237729727
Change-Id: I56a64d00c29e30a27ccd47323103f846dc3c002e
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Michael Walle
|
1f832311fe |
NFC: nxp-nci: don't print header length mismatch on i2c error
[ Upstream commit 9577fc5fdc8b07b891709af6453545db405e24ad ] Don't print a misleading header length mismatch error if the i2c call returns an error. Instead just return the error code without any error message. Signed-off-by: Michael Walle <michael@walle.cc> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Michael Walle
|
7f349ad933 |
NFC: nxp-nci: Don't issue a zero length i2c_master_read()
commit eddd95b9423946aaacb55cac6a9b2cea8ab944fc upstream.
There are packets which doesn't have a payload. In that case, the second
i2c_master_read() will have a zero length. But because the NFC
controller doesn't have any data left, it will NACK the I2C read and
-ENXIO will be returned. In case there is no payload, just skip the
second i2c master read.
Fixes:
|
||
|
Krzysztof Kozlowski
|
151646cdf6 |
nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
commit 5a478a653b4cca148d5c89832f007ec0809d7e6d upstream.
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Reported-by: Lv Ruyi <lv.ruyi@zte.com.cn>
Fixes:
|
||
|
Xiaohui Zhang
|
3e7c7df699 |
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
[ Upstream commit 8a4d480702b71184fabcf379b80bf7539716752e ]
Similar to the handling of play_deferred in commit
|
||
|
Lucas Wei
|
709815d3ab |
LTS: Merge android-4.19-stable (4.19.245) into android-msm-pixel-4.19
Merge android-4.19-stable common kernel (4.19.245) into B5R3/B9 Mainline kernel. Bug: 233713524 Test: Manual testing, SST, vts/vts-kernel, pts/base, pts/postsubmit-long Signed-off-by: Lucas Wei <lucaswei@google.com> Change-Id: Ib3f944e676e72fdb041d453fd657df11de38d204 |
||
|
Lucas Wei
|
b6987f068a |
Merge android-4.19-stable (4.19.245) into android-msm-pixel-4.19-lts
Merge 4.19.245 into android-4.19-stable
Linux 4.19.245
afs: Fix afs_getattr() to refetch file status if callback break occurred
* Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
include/linux/dma-mapping.h
kernel/dma/swiotlb.c
* swiotlb: fix info leak with DMA_FROM_DEVICE
include/linux/dma-mapping.h
kernel/dma/swiotlb.c
net: atlantic: verify hw_head_ lies within TX buffer ring
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
mac80211: fix rx reordering with non explicit / psmp ack policy
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
perf bench numa: Address compiler error on s390
gpio: mvebu/pwm: Refuse requests with inverted polarity
gpio: gpio-vf610: do not touch other bits when set the target bit
* net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
net/bridge/br_input.c
igb: skip phy status check where unavailable
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
* net: af_key: add check for pfkey_broadcast in function pfkey_process
net/key/af_key.c
net/mlx5e: Properly block LRO when XDP is enabled
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/qla3xxx: Fix a test in ql_reset_work()
clk: at91: generated: consider range when calculating best rate
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net/sched: act_pedit: sanitize shift argument before usage
net: macb: Increment rx bd head after allocating skb and buffer
mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
mmc: core: Cleanup BKOPS support
* drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
drivers/gpu/drm/drm_dp_mst_topology.c
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
* PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
drivers/pci/pci.c
Fix double fget() in vhost_net_set_backend()
* perf: Fix sys_perf_event_open() race against self
kernel/events/core.c
ALSA: wavefront: Proper check of get_user() error
nilfs2: fix lockdep warnings during disk space reclamation
nilfs2: fix lockdep warnings in page operations for btree nodes
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
drbd: remove usage of list iterator variable after loop
MIPS: lantiq: check the return value of kzalloc()
crypto: stm32 - fix reference leak in stm32_crc_remove
Input: stmfts - fix reference leak in stmfts_input_open
* Input: add bounds checking to input_set_capability()
drivers/input/input.c
um: Cleanup syscall_handler_t definition/cast, fix warning
floppy: use a statically allocated error counter
Merge 4.19.244 into android-4.19-stable
* ANDROID: fix up abi issue with struct snd_pcm_runtime
include/sound/pcm.h
Linux 4.19.244
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
* ping: fix address binding wrt vrf
net/ipv4/ping.c
MIPS: fix allmodconfig build with latest mkimage
drm/vmwgfx: Initialize drm_mode_fb_cmd2
* cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
kernel/cgroup/cpuset.c
slimbus: qcom: Fix IRQ check in qcom_slim_probe
USB: serial: option: add Fibocom MA510 modem
USB: serial: option: add Fibocom L610 modem
USB: serial: qcserial: add support for Sierra Wireless EM7590
USB: serial: pl2303: add device id for HP LM930 Display
usb: typec: tcpci: Don't skip cleanup in .remove() on error
usb: cdc-wdm: fix reading stuck on device close
* tcp: resalt the secret every 10 seconds
net/core/secure_seq.c
s390: disable -Warray-bounds
* ASoC: ops: Validate input values in snd_soc_put_volsw_range()
sound/soc/soc-ops.c
ASoC: max98090: Generate notifications on changes for custom control
ASoC: max98090: Reject invalid values in custom control put()
hwmon: (f71882fg) Fix negative temperature
gfs2: Fix filesystem block deallocation for short writes
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
* net/sched: act_pedit: really ensure the skb is writable
include/net/tc_act/tc_pedit.h
s390/lcs: fix variable dereferenced before check
s390/ctcm: fix potential memory leak
s390/ctcm: fix variable dereferenced before check
* hwmon: (ltq-cputemp) restrict it to SOC_XWAY
drivers/hwmon/Kconfig
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
* netlink: do not reset transport header in netlink_recvmsg()
net/netlink/af_netlink.c
* ipv4: drop dst in multicast routing path
net/ipv4/route.c
* net: Fix features skip in for_each_netdev_feature()
include/linux/netdev_features.h
hwmon: (tmp401) Add OF device ID table
batman-adv: Don't skb_split skbuffs with frag_list
Merge 4.19.243 into android-4.19-stable
Linux 4.19.243
* VFS: Fix memory leak caused by concurrently mounting fs with subtype
fs/namespace.c
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
* mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
mm/memory.c
* ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
include/sound/pcm.h
sound/core/pcm.c
sound/core/pcm_lib.c
sound/core/pcm_native.c
* ALSA: pcm: Fix races among concurrent prealloc proc writes
sound/core/pcm_memory.c
* ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
sound/core/pcm_native.c
* ALSA: pcm: Fix races among concurrent read/write and buffer changes
sound/core/pcm_lib.c
* ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
include/sound/pcm.h
sound/core/pcm.c
sound/core/pcm_native.c
* Bluetooth: Fix the creation of hdev->name
include/net/bluetooth/hci_core.h
net/bluetooth/hci_core.c
can: grcan: only use the NAPI poll budget for RX
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
nfp: bpf: silence bitwise vs. logical OR warning
drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
MIPS: Use address-of operator on section symbols
* ANDROID: GKI: update the abi .xml file due to hex_to_bin() changes
include/linux/kernel.h
lib/hexdump.c
Merge 4.19.242 into android-4.19-stable
Linux 4.19.242
mmc: rtsx: add 74 Clocks in power on flow
PCI: aardvark: Fix reading MSI interrupt number
PCI: aardvark: Clear all MSIs at setup
* dm: interlock pending dm_io and dm_wait_for_bios_completion
drivers/md/dm.c
* dm: fix mempool NULL pointer race when completing IO
drivers/md/dm.c
* tcp: make sure treq->af_specific is initialized
include/net/tcp.h
net/ipv4/syncookies.c
net/ipv4/tcp_ipv4.c
net/ipv6/syncookies.c
net/ipv6/tcp_ipv6.c
* mm: fix unexpected zeroed page mapping with zram swap
mm/page_io.c
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
* net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
net/ipv4/igmp.c
btrfs: always log symlinks in full mode
smsc911x: allow using IRQ0
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
net: emaclite: Add error handling for of_address_to_resource()
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
ASoC: dmaengine: Restore NULL prepare_slave_config() callback
hwmon: (adt7470) Fix warning on module removal
NFC: netlink: fix sleep in atomic bug when firmware download timeout
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
nfc: replace improper check device_is_registered() in netlink related functions
can: grcan: use ofdev->dev when allocating DMA memory
can: grcan: grcan_close(): fix deadlock
ASoC: wm8958: Fix change notifications for DSP controls
* genirq: Synchronize interrupt thread startup
kernel/irq/internals.h
kernel/irq/irqdesc.c
kernel/irq/manage.c
firewire: core: extend card->lock in fw_core_handle_bus_reset
firewire: remove check of list iterator against head past the loop body
firewire: fix potential uaf in outbound_phy_packet_callback()
Revert "SUNRPC: attempt AF_LOCAL connect on setup"
* gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
drivers/gpio/gpiolib-of.c
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
parisc: Merge model and model name into one line in /proc/cpuinfo
MIPS: Fix CP0 counter erratum detection for R4k CPUs
drm/vgem: Close use-after-free race in vgem_gem_create
tty: n_gsm: fix incorrect UA handling
tty: n_gsm: fix wrong command frame length field encoding
tty: n_gsm: fix wrong command retry handling
tty: n_gsm: fix missing explicit ldisc flush
tty: n_gsm: fix insufficient txframe size
netfilter: nft_socket: only do sk lookups when indev is available
tty: n_gsm: fix malformed counter for out of frame data
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
x86/cpu: Load microcode during restore_processor_state()
drivers: net: hippi: Fix deadlock in rr_close()
cifs: destage any unwritten data to the server before calling copychunk_write
x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
ASoC: wm8731: Disable the regulator when probing fails
bnx2x: fix napi API usage sequence
net: bcmgenet: hide status block before TX timestamping
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
* tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
include/net/tcp.h
net/ipv4/tcp_input.c
net/ipv4/tcp_output.c
ip_gre: Make o_seqno start from 0 in native mode
net: hns3: add validity check for message data length
pinctrl: pistachio: fix use of irq_of_parse_and_map()
ARM: dts: imx6ull-colibri: fix vqmmc regulator
* sctp: check asoc strreset_chunk in sctp_generate_reconf_event
net/sctp/sm_sideeffect.c
* tcp: md5: incorrect tcp_header_len for incoming connections
net/ipv4/tcp_minisocks.c
mtd: rawnand: Fix return value check of wait_for_completion_timeout
ipvs: correctly print the memory size of ip_vs_conn_tab
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
ARM: dts: Fix mmc order for omap3-gta04
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
phy: samsung: exynos5250-sata: fix missing device put in probe error paths
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
* USB: Fix xhci event ring dequeue pointer ERDP update issue
drivers/usb/host/xhci-ring.c
mtd: rawnand: fix ecc parameters for mt7622
* hex2bin: fix access beyond string end
lib/hexdump.c
* hex2bin: make the function hex_to_bin constant-time
include/linux/kernel.h
lib/hexdump.c
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
serial: 8250: Also set sticky MCR bits in console restoration
serial: imx: fix overrun interrupts in DMA mode
* usb: dwc3: gadget: Return proper request status
drivers/usb/dwc3/gadget.c
* usb: dwc3: core: Fix tx/rx threshold settings
drivers/usb/dwc3/core.c
* usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
drivers/usb/gadget/configfs.c
usb: gadget: uvc: Fix crash when encoding data for usb request
usb: misc: fix improper handling of refcount in uss720_probe()
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
iio: dac: ad5446: Fix read_raw not returning set value
iio: dac: ad5592r: Fix the missing return value.
* xhci: stop polling roothubs after shutdown
drivers/usb/host/xhci.c
USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
* USB: quirks: add STRING quirk for VCOM device
drivers/usb/core/quirks.c
* USB: quirks: add a Realtek card reader
drivers/usb/core/quirks.c
usb: mtu3: fix USB 3.0 dual-role-switch from device to host
ANDROID: dm-bow: Protect Ranges fetched and erased from the RB tree
Merge 4.19.241 into android-4.19-stable
Linux 4.19.241
* lightnvm: disable the subsystem
drivers/lightnvm/Kconfig
Revert "net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link"
ia64: kprobes: Fix to pass correct trampoline address to the handler
Revert "ia64: kprobes: Use generic kretprobe trampoline handler"
Revert "ia64: kprobes: Fix to pass correct trampoline address to the handler"
powerpc/64s: Unmerge EX_LR and EX_DAR
powerpc/64/interrupt: Temporarily save PPR on stack to fix register corruption due to SLB miss
* net/sched: cls_u32: fix netns refcount changes in u32_change()
net/sched/cls_u32.c
hamradio: remove needs_free_netdev to avoid UAF
hamradio: defer 6pack kfree after unregister_netdev
* floppy: disable FDRAWCMD by default
drivers/block/Kconfig
* media: vicodec: upon release, call m2m release before freeing ctrl handler
drivers/media/platform/vicodec/vicodec-core.c
Merge 4.19.240 into android-4.19-stable
Linux 4.19.240
* Revert "net: micrel: fix KS8851_MLL Kconfig"
drivers/net/ethernet/micrel/Kconfig
ax25: Fix UAF bugs in ax25 timers
ax25: Fix NULL pointer dereferences in ax25 timers
ax25: fix NPD bug in ax25_disconnect
ax25: fix UAF bug in ax25_send_control()
ax25: Fix refcount leaks caused by ax25_cb_del()
ax25: fix UAF bugs of net_device caused by rebinding operation
* ax25: fix reference count leaks of ax25_dev
include/net/ax25.h
* ax25: add refcount in ax25_dev to avoid UAF bugs
include/net/ax25.h
* block/compat_ioctl: fix range check in BLKGETSIZE
block/compat_ioctl.c
* staging: ion: Prevent incorrect reference counting behavour
drivers/staging/android/ion/ion.c
* ext4: force overhead calculation if the s_overhead_cluster makes no sense
fs/ext4/super.c
* ext4: fix overhead calculation to account for the reserved gdt blocks
fs/ext4/super.c
* ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
fs/ext4/inode.c
* ext4: fix symlink file size not match to file content
fs/ext4/page-io.c
* arm_pmu: Validate single/group leader events
drivers/perf/arm_pmu.c
ARC: entry: fix syscall_trace_exit argument
e1000e: Fix possible overflow in LTR decoding
* ASoC: soc-dapm: fix two incorrect uses of list iterator
sound/soc/soc-dapm.c
openvswitch: fix OOB access in reserve_sfa_size()
powerpc/perf: Fix power9 event alternatives
drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
dma: at_xdmac: fix a missing check on list iterator
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
* stat: fix inconsistency between struct stat and struct compat_stat
fs/stat.c
net: macb: Restart tx only if queue pointer is lagging
drm/msm/mdp5: check the return of kzalloc()
dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
mt76: Fix undefined behavior due to shift overflowing the constant
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
vxlan: fix error return code in vxlan_fdb_append
* ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
sound/usb/usbaudio.h
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
reset: tegra-bpmp: Restore Handle errors in BPMP response
ARM: vexpress/spc: Avoid negative array index when !SMP
* netlink: reset network and mac headers in netlink_dump()
net/netlink/af_netlink.c
* net/sched: cls_u32: fix possible leak in u32_init_knode()
net/sched/cls_u32.c
* net/packet: fix packet_sock xmit return value checking
net/packet/af_packet.c
rxrpc: Restore removed timer deletion
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
* tcp: Fix potential use-after-free due to double kfree()
net/ipv4/tcp_ipv4.c
* tcp: fix race condition when creating child sockets from syncookies
include/net/inet_hashtables.h
net/ipv4/inet_connection_sock.c
net/ipv4/inet_hashtables.c
net/ipv4/tcp_ipv4.c
net/ipv6/tcp_ipv6.c
* ALSA: usb-audio: Clear MIDI port active flag after draining
sound/usb/midi.c
gfs2: assign rgrp glock before compute_bitstructs
dm integrity: fix memory corruption when tag_size is less than digest size
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
* tracing: Dump stacktrace trigger to the corresponding instance
kernel/trace/trace_events_trigger.c
* mm: page_alloc: fix building error on -Werror=array-compare
mm/page_alloc.c
* etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
include/linux/etherdevice.h
Bug: 233713524
Change-Id: Ia5fbea973ff8863eb2b24e37f1aa8f5738c7d23a
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Martin Faltesek
|
6fce324b53 |
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
commit 996419e0594abb311fb958553809f24f38e7abbe upstream.
Error paths do not free previously allocated memory. Add devm_kfree() to
those failure paths.
Fixes:
|
||
|
Martin Faltesek
|
2146a57e1a |
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
commit 77e5fe8f176a525523ae091d6fd0fbb8834c156d upstream.
The first validation check for EVT_TRANSACTION has two different checks
tied together with logical AND. One is a check for minimum packet length,
and the other is for a valid aid_tag. If either condition is true (fails),
then an error should be triggered. The fix is to change && to ||.
Fixes:
|
||
|
Duoming Zhou
|
3bbbf0756b |
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
[ Upstream commit b413b0cb008646e9f24ce5253cb3cf7ee217aff6 ]
There are sleep in atomic context bugs when the request to secure
element of st21nfca is timeout. The root cause is that kzalloc and
alloc_skb with GFP_KERNEL parameter and mutex_lock are called in
st21nfca_se_wt_timeout which is a timer handler. The call tree shows
the execution paths that could lead to bugs:
(Interrupt context)
st21nfca_se_wt_timeout
nfc_hci_send_event
nfc_hci_hcp_message_tx
kzalloc(..., GFP_KERNEL) //may sleep
alloc_skb(..., GFP_KERNEL) //may sleep
mutex_lock() //may sleep
This patch moves the operations that may sleep into a work item.
The work item will run in another kernel thread which is in
process context to execute the bottom half of the interrupt.
So it could prevent atomic context from sleeping.
Fixes:
|
||
|
chloedai
|
4656e879d4 |
nfc: Add mutex lock to avoid use-after-free
Bug: 208269510 Test: Build pass Change-Id: Ib80826a1dee040d5f890b4c6114d26825be946ae Signed-off-by: chloedai <chloedai@google.com> |
||
|
Lucas Wei
|
a452d64169 |
Merge android-4.19-stable (4.19.239) into android-msm-pixel-4.19-lts
Merge 4.19.239 into android-4.19-stable
Linux 4.19.239
i2c: pasemi: Wait for write xfers to finish
* smp: Fix offline cpu check in flush_smp_call_function_queue()
kernel/smp.c
ARM: davinci: da850-evm: Avoid NULL pointer dereference
* ipv6: fix panic when forwarding a pkt with no in6 dev
net/ipv6/ip6_output.c
* ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
sound/core/pcm_misc.c
ALSA: hda/realtek: Add quirk for Clevo PD50PNT
gcc-plugins: latent_entropy: use /dev/urandom
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
* mm, page_alloc: fix build_zonerefs_node()
mm/page_alloc.c
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: mvsas: Add PCI ID of RocketRaid 2640
drm/amd/display: Fix allocate_mst_payload assert on resume
* arm64: alternatives: mark patch_alternative() as `noinstr`
arch/arm64/kernel/alternative.c
gpu: ipu-v3: Fix dev_dbg frequency output
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
* net: micrel: fix KS8851_MLL Kconfig
drivers/net/ethernet/micrel/Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
scsi: target: tcmu: Fix possible page UAF
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
drm/amdkfd: Check for potential null return of kmalloc_array()
drm/amd: Add USBC connector ID
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
* sctp: Initialize daddr on peeled off socket
net/sctp/socket.c
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
mlxsw: i2c: Fix initialization error flow
gpiolib: acpi: use correct format characters
* veth: Ensure eth header is in skb's linear part
drivers/net/veth.c
* net/sched: flower: fix parsing of ethertype following VLAN header
include/net/flow_dissector.h
net/core/flow_dissector.c
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
* ANDROID: GKI: fix crc issue with commit
|
||
|
Duoming Zhou
|
b266f492b2 |
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
commit d270453a0d9ec10bb8a802a142fb1b3601a83098 upstream.
There are destructive operations such as nfcmrvl_fw_dnld_abort and
gpio_free in nfcmrvl_nci_unregister_dev. The resources such as firmware,
gpio and so on could be destructed while the upper layer functions such as
nfcmrvl_fw_dnld_start and nfcmrvl_nci_recv_frame is executing, which leads
to double-free, use-after-free and null-ptr-deref bugs.
There are three situations that could lead to double-free bugs.
The first situation is shown below:
(Thread 1) | (Thread 2)
nfcmrvl_fw_dnld_start |
... | nfcmrvl_nci_unregister_dev
release_firmware() | nfcmrvl_fw_dnld_abort
kfree(fw) //(1) | fw_dnld_over
| release_firmware
... | kfree(fw) //(2)
| ...
The second situation is shown below:
(Thread 1) | (Thread 2)
nfcmrvl_fw_dnld_start |
... |
mod_timer |
(wait a time) |
fw_dnld_timeout | nfcmrvl_nci_unregister_dev
fw_dnld_over | nfcmrvl_fw_dnld_abort
release_firmware | fw_dnld_over
kfree(fw) //(1) | release_firmware
... | kfree(fw) //(2)
The third situation is shown below:
(Thread 1) | (Thread 2)
nfcmrvl_nci_recv_frame |
if(..->fw_download_in_progress)|
nfcmrvl_fw_dnld_recv_frame |
queue_work |
|
fw_dnld_rx_work | nfcmrvl_nci_unregister_dev
fw_dnld_over | nfcmrvl_fw_dnld_abort
release_firmware | fw_dnld_over
kfree(fw) //(1) | release_firmware
| kfree(fw) //(2)
The firmware struct is deallocated in position (1) and deallocated
in position (2) again.
The crash trace triggered by POC is like below:
BUG: KASAN: double-free or invalid-free in fw_dnld_over
Call Trace:
kfree
fw_dnld_over
nfcmrvl_nci_unregister_dev
nci_uart_tty_close
tty_ldisc_kill
tty_ldisc_hangup
__tty_hangup.part.0
tty_release
...
What's more, there are also use-after-free and null-ptr-deref bugs
in nfcmrvl_fw_dnld_start. If we deallocate firmware struct, gpio or
set null to the members of priv->fw_dnld in nfcmrvl_nci_unregister_dev,
then, we dereference firmware, gpio or the members of priv->fw_dnld in
nfcmrvl_fw_dnld_start, the UAF or NPD bugs will happen.
This patch reorders destructive operations after nci_unregister_device
in order to synchronize between cleanup routine and firmware download
routine.
The nci_unregister_device is well synchronized. If the device is
detaching, the firmware download routine will goto error. If firmware
download routine is executing, nci_unregister_device will wait until
firmware download routine is finished.
Fixes:
|
||
|
Jordy Zomer
|
0043b74987 |
nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
commit 4fbcc1a4cb20fe26ad0225679c536c80f1648221 upstream. It appears that there are some buffer overflows in EVT_TRANSACTION. This happens because the length parameters that are passed to memcpy come directly from skb->data and are not guarded in any way. Signed-off-by: Jordy Zomer <jordy@pwning.systems> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Denis Efremov <denis.e.efremov@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Pavel Skripkin
|
b1db33d4e5 |
NFC: port100: fix use-after-free in port100_send_complete
[ Upstream commit f80cfe2f26581f188429c12bd937eb905ad3ac7b ]
Syzbot reported UAF in port100_send_complete(). The root case is in
missing usb_kill_urb() calls on error handling path of ->probe function.
port100_send_complete() accesses devm allocated memory which will be
freed on probe failure. We should kill this urbs before returning an
error from probe function to prevent reported use-after-free
Fail log:
BUG: KASAN: use-after-free in port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935
Read of size 1 at addr ffff88801bb59540 by task ksoftirqd/2/26
...
Call Trace:
<TASK>
__dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106
print_address_description.constprop.0.cold+0x8d/0x303 mm/kasan/report.c:255
__kasan_report mm/kasan/report.c:442 [inline]
kasan_report.cold+0x83/0xdf mm/kasan/report.c:459
port100_send_complete+0x16e/0x1a0 drivers/nfc/port100.c:935
__usb_hcd_giveback_urb+0x2b0/0x5c0 drivers/usb/core/hcd.c:1670
...
Allocated by task 1255:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:45 [inline]
set_alloc_info mm/kasan/common.c:436 [inline]
____kasan_kmalloc mm/kasan/common.c:515 [inline]
____kasan_kmalloc mm/kasan/common.c:474 [inline]
__kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:524
alloc_dr drivers/base/devres.c:116 [inline]
devm_kmalloc+0x96/0x1d0 drivers/base/devres.c:823
devm_kzalloc include/linux/device.h:209 [inline]
port100_probe+0x8a/0x1320 drivers/nfc/port100.c:1502
Freed by task 1255:
kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
kasan_set_track+0x21/0x30 mm/kasan/common.c:45
kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370
____kasan_slab_free mm/kasan/common.c:366 [inline]
____kasan_slab_free+0xff/0x140 mm/kasan/common.c:328
kasan_slab_free include/linux/kasan.h:236 [inline]
__cache_free mm/slab.c:3437 [inline]
kfree+0xf8/0x2b0 mm/slab.c:3794
release_nodes+0x112/0x1a0 drivers/base/devres.c:501
devres_release_all+0x114/0x190 drivers/base/devres.c:530
really_probe+0x626/0xcc0 drivers/base/dd.c:670
Reported-and-tested-by: syzbot+16bcb127fb73baeecb14@syzkaller.appspotmail.com
Fixes:
|
||
|
Lucas Wei
|
524c02c879 |
Merge android-4.19-stable (4.19.224) into android-msm-pixel-4.19-lts
Merge 4.19.224 into android-4.19-stable
Linux 4.19.224
* net: fix use-after-free in tw_timer_handler
net/ipv4/af_inet.c
Input: spaceball - fix parsing of movement data packets
Input: appletouch - initialize work before device registration
scsi: vmw_pvscsi: Set residual data length conditionally
* binder: fix async_free_space accounting for empty parcels
drivers/android/binder_alloc.c
usb: mtu3: set interval of FS intr and isoc endpoint
* usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear.
drivers/usb/gadget/function/f_fs.c
* xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set.
drivers/usb/host/xhci-pci.c
* uapi: fix linux/nfc.h userspace compilation errors
include/uapi/linux/nfc.h
* nfc: uapi: use kernel size_t to fix user-space builds
include/uapi/linux/nfc.h
* i2c: validate user data in compat ioctl
drivers/i2c/i2c-dev.c
fsl/fman: Fix missing put_device() call in fman_port_probe
selftests/net: udpgso_bench_tx: fix dst ip argument
net/mlx5e: Fix wrong features assignment in case of error
NFC: st21nfca: Fix memory leak in device probe and remove
net: usb: pegasus: Do not drop long Ethernet frames
* sctp: use call_rcu to free endpoint
include/net/sctp/sctp.h
include/net/sctp/structs.h
net/sctp/diag.c
net/sctp/endpointola.c
net/sctp/socket.c
selftests: Calculate udpgso segment count without header adjustment
* udp: using datalen to cap ipv6 udp max gso segments
net/ipv6/udp.c
scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
* selinux: initialize proto variable in selinux_ip_postroute_compat()
security/selinux/hooks.c
recordmcount.pl: fix typo in s390 mcount regex
platform/x86: apple-gmux: use resource_size() with res
Input: i8042 - enable deferred probe quirk for ASUS UM325UA
Input: i8042 - add deferred probe support
* tee: handle lookup of shm with reference count 0
include/linux/tee_drv.h
* HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option
drivers/hid/Kconfig
Merge 4.19.223 into android-4.19-stable
Linux 4.19.223
phonet/pep: refuse to enable an unbound pipe
hamradio: improve the incomplete fix to avoid NPD
hamradio: defer ax25 kfree after unregister_netdev
ax25: NPD bug when detaching AX25 device
hwmon: (lm90) Do not report 'busy' status bit as alarm
KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state
* usb: gadget: u_ether: fix race in setting MAC address in setup phase
drivers/usb/gadget/function/u_ether.c
* f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
fs/f2fs/xattr.c
ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling
pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines
x86/pkey: Fix undefined behaviour with PKRU_WD_BIT
parisc: Correct completer in lws start
ipmi: fix initialization when workqueue allocation fails
ipmi: bail out if init_srcu_struct fails
Input: atmel_mxt_ts - fix double free in mxt_read_info_block
ALSA: drivers: opl3: Fix incorrect use of vp->state
* ALSA: jack: Check the return value of kstrdup()
sound/core/jack.c
hwmon: (lm90) Fix usage of CONFIG2 register in detect function
sfc: falcon: Check null pointer of rx_queue->page_ring
drivers: net: smc911x: Check for error irq
fjes: Check for error irq
* bonding: fix ad_actor_system option setting to default
drivers/net/bonding/bond_options.c
ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
* net: skip virtio_net_hdr_set_proto if protocol already set
include/linux/virtio_net.h
* net: accept UFOv6 packages in virtio_net_hdr_to_skb
include/linux/virtio_net.h
qlcnic: potential dereference null pointer of rx_queue->page_ring
* netfilter: fix regression in looped (broad|multi)cast's MAC handling
net/netfilter/nfnetlink_log.c
net/netfilter/nfnetlink_queue.c
IB/qib: Fix memory leak in qib_user_sdma_queue_pkts()
spi: change clk_disable_unprepare to clk_unprepare
arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode
HID: holtek: fix mouse probing
block, bfq: fix use after free in bfq_bfqq_expire
block, bfq: fix queue removal from weights tree
block, bfq: fix decrement of num_active_groups
block, bfq: fix asymmetric scenarios detection
block, bfq: improve asymmetric scenarios detection
net: usb: lan78xx: add Allied Telesis AT29M2-AF
* Revert "ARM: 8800/1: use choice for kernel unwinders"
lib/Kconfig.debug
Merge 4.19.222 into android-4.19-stable
Linux 4.19.222
xen/netback: don't queue unlimited number of packages
xen/netback: fix rx queue stall detection
xen/console: harden hvc_xen against event channel storms
xen/netfront: harden netfront against event channel storms
xen/blkfront: harden blkfront against event channel storms
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
* ovl: fix warning in ovl_create_real()
fs/overlayfs/dir.c
fs/overlayfs/overlayfs.h
fs/overlayfs/super.c
* fuse: annotate lock in fuse_reverse_inval_entry()
fs/fuse/dir.c
media: mxl111sf: change mutex_init() location
ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
* Input: touchscreen - avoid bitwise vs logical OR warning
drivers/input/touchscreen/of_touchscreen.c
* ARM: 8800/1: use choice for kernel unwinders
lib/Kconfig.debug
mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
ARM: 8805/2: remove unneeded naked function usage
net: lan78xx: Avoid unnecessary self assignment
mac80211: validate extended element ID is present
net: systemport: Add global locking for descriptor lifecycle
drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE
libata: if T_LENGTH is zero, dma direction should be DMA_NONE
* timekeeping: Really make sure wall_to_monotonic isn't positive
kernel/time/timekeeping.c
USB: serial: option: add Telit FN990 compositions
USB: serial: cp210x: fix CP2105 GPIO registration
* PCI/MSI: Mask MSI-X vectors only on success
drivers/pci/msi.c
* PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
drivers/pci/msi.c
* USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04)
drivers/usb/core/quirks.c
* USB: gadget: bRequestType is a bitfield, not a enum
drivers/usb/gadget/composite.c
* sit: do not call ipip6_dev_free() from sit_init_net()
net/ipv6/sit.c
* net/packet: rx_owner_map depends on pg_vec
net/packet/af_packet.c
netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
ixgbe: set X550 MDIO speed before talking to PHY
igbvf: fix double free in `igbvf_probe`
igb: Fix removal of unicast MAC filters of VFs
soc/tegra: fuse: Fix bitwise vs. logical OR warning
rds: memory leak in __rds_conn_create()
dmaengine: st_fdma: fix MODULE_ALIAS
sch_cake: do not call cake_destroy() from cake_init()
ARM: socfpga: dts: fix qspi node compatible
mac80211: track only QoS data frames for admission control
x86/sme: Explicitly map new EFI memmap table as encrypted
* x86: Make ARCH_USE_MEMREMAP_PROT a generic Kconfig symbol
arch/Kconfig
nfsd: fix use-after-free due to delegation race
* audit: improve robustness of the audit queue handling
kernel/audit.c
dm btree remove: fix use after free in rebalance_children()
recordmcount.pl: look for jgnop instruction as well as bcrl on s390
mac80211: send ADDBA requests using the tid/queue of the aggregation session
hwmon: (dell-smm) Fix warning on /proc/i8k creation error
tracing: Fix a kmemleak false positive in tracing_map
* net: netlink: af_netlink: Prevent empty skb by adding a check on len.
net/netlink/af_netlink.c
i2c: rk3x: Handle a spurious start completion interrupt flag
parisc/agp: Annotate parisc agp init functions with __init
net/mlx4_en: Update reported link modes for 1/10G
drm/msm/dsi: set default num_data_lanes
nfc: fix segfault in nfc_genl_dump_devices_done
* stable: clamp SUBLEVEL in 4.19
Makefile
* FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum
drivers/usb/gadget/composite.c
* ANDROID: GKI: abi workaround for 4.19.221
include/net/sch_generic.h
Merge 4.19.221 into android-4.19-stable
Linux 4.19.221
* net: sched: make function qdisc_free_cb() static
net/sched/sch_generic.c
* net_sched: fix a crash in tc_new_tfilter()
net/sched/cls_api.c
irqchip: nvic: Fix offset for Interrupt Priority Offsets
* irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
drivers/irqchip/irq-gic-v3-its.c
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
iio: adc: axp20x_adc: fix charging current reporting on AXP22x
iio: at91-sama5d2: Fix incorrect sign extension
iio: dln2: Check return value of devm_iio_trigger_register()
iio: dln2-adc: Fix lockdep complaint
iio: itg3200: Call iio_trigger_notify_done() on error
iio: kxsd9: Don't return error code in trigger handler
iio: ltr501: Don't return error code in trigger handler
iio: mma8452: Fix trigger reference couting
iio: stk3310: Don't return error code in interrupt handler
iio: trigger: stm32-timer: fix MODULE_ALIAS
iio: trigger: Fix reference counting
* xhci: avoid race between disable slot command and host runtime suspend
drivers/usb/host/xhci-hub.c
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.c
* usb: core: config: using bit mask instead of individual bits
drivers/usb/core/config.c
* xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending
drivers/usb/host/xhci.c
* usb: core: config: fix validation of wMaxPacketValue entries
drivers/usb/core/config.c
* USB: gadget: zero allocate endpoint 0 buffers
drivers/usb/gadget/composite.c
* USB: gadget: detect too-big endpoint 0 requests
drivers/usb/gadget/composite.c
net/qla3xxx: fix an error code in ql_adapter_up()
* net, neigh: clear whole pneigh_entry at alloc time
net/core/neighbour.c
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net: altera: set a couple error code in probe()
* net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
drivers/net/usb/cdc_ncm.c
tools build: Remove needless libpython-version feature check that breaks test-all fast path
mtd: rawnand: fsmc: Take instruction delay into account
i40e: Fix pre-set max number of queues for VF
ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer
qede: validate non LSO skb length
* block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
block/ioprio.c
* tracefs: Set all files to the same group ownership as the mount option
fs/tracefs/inode.c
* aio: fix use-after-free due to missing POLLFREE handling
fs/aio.c
include/uapi/asm-generic/poll.h
* aio: keep poll requests on waitqueue until completed
fs/aio.c
* signalfd: use wake_up_pollfree()
fs/signalfd.c
* binder: use wake_up_pollfree()
drivers/android/binder.c
* wait: add wake_up_pollfree()
include/linux/wait.h
kernel/sched/wait.c
libata: add horkage for ASMedia 1092
can: m_can: Disable and ignore ELO interrupt
can: pch_can: pch_can_rx_normal: fix use after free
* clk: qcom: regmap-mux: fix parent clock lookup
drivers/clk/qcom/clk-regmap-mux.c
drivers/clk/qcom/common.c
drivers/clk/qcom/common.h
* tracefs: Have new files inherit the ownership of their parent
fs/tracefs/inode.c
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Fix negative period/buffer sizes
* ALSA: ctl: Fix copy of updated id with element read/write
sound/core/control_compat.c
* mm: bdi: initialize bdi_min_ratio when bdi is unregistered
mm/backing-dev.c
IB/hfi1: Correct guard on eager buffer deallocation
* udp: using datalen to cap max gso segments
net/ipv4/udp.c
seg6: fix the iif in the IPv6 socket control block
nfp: Fix memory leak in nfp_cpp_area_cache_add()
* bonding: make tx_rebalance_counter an atomic
drivers/net/bonding/bond_alb.c
include/net/bond_alb.h
ice: ignore dropped packets during init
* bpf: Fix the off-by-two error in range markings
kernel/bpf/verifier.c
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
* net: sched: use Qdisc rcu API instead of relying on rtnl lock
net/sched/cls_api.c
* net: sched: add helper function to take reference to Qdisc
include/net/sch_generic.h
* net: sched: extend Qdisc with rcu
include/linux/rtnetlink.h
include/net/pkt_sched.h
include/net/sch_generic.h
net/sched/sch_api.c
net/sched/sch_generic.c
* net: sched: rename qdisc_destroy() to qdisc_put()
include/net/sch_generic.h
net/sched/sch_api.c
net/sched/sch_fifo.c
net/sched/sch_generic.c
net/sched/sch_htb.c
net/sched/sch_mq.c
net/sched/sch_multiq.c
net/sched/sch_netem.c
net/sched/sch_prio.c
net/sched/sch_tbf.c
* net: core: netlink: add helper refcount dec and lock function
include/linux/rtnetlink.h
net/core/rtnetlink.c
can: sja1000: fix use after free in ems_pcmcia_add_card()
can: kvaser_usb: get CAN clock frequency from device
HID: check for valid USB device for many HID drivers
HID: wacom: fix problems when device is not a valid USB device
* HID: add USB_HID dependancy on some USB HID drivers
drivers/hid/Kconfig
* HID: add USB_HID dependancy to hid-chicony
drivers/hid/Kconfig
* HID: add USB_HID dependancy to hid-prodikeys
drivers/hid/Kconfig
* HID: add hid_is_usb() function to make it simpler for USB detection
include/linux/hid.h
* HID: google: add eel USB id
drivers/hid/hid-ids.h
* UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers
drivers/usb/gadget/composite.c
* UPSTREAM: USB: gadget: detect too-big endpoint 0 requests
drivers/usb/gadget/composite.c
Bug: 213962841
Change-Id: I08d2895cf1620064924ed5be29cb38d7bf18e7b3
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Wei Yongjun
|
a1e0080a35 |
NFC: st21nfca: Fix memory leak in device probe and remove
[ Upstream commit 1b9dadba502234eea7244879b8d5d126bfaf9f0c ]
'phy->pending_skb' is alloced when device probe, but forgot to free
in the error handling path and remove path, this cause memory leak
as follows:
unreferenced object 0xffff88800bc06800 (size 512):
comm "8", pid 11775, jiffies 4295159829 (age 9.032s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450
[<00000000c93382b3>] kmalloc_reserve+0x37/0xd0
[<000000005fea522c>] __alloc_skb+0x124/0x380
[<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2
Fix it by freeing 'pending_skb' in error and remove.
Fixes:
|
||
|
Wilson Sung
|
7418288acf |
Merge android-4.19-stable (4.19.220) into android-msm-pixel-4.19-lts
Merge 4.19.220 into android-4.19-stable
Linux 4.19.220
ipmi: msghandler: Make symbol 'remove_work_wq' static
parisc: Mark cr16 CPU clocksource unstable on all SMP machines
* serial: core: fix transmit-buffer reset and memleak
drivers/tty/serial/serial_core.c
serial: pl011: Add ACPI SBSA UART match id
tty: serial: msm_serial: Deactivate RX DMA for polling support
x86/64/mm: Map all kernel memory into trampoline_pgd
usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
* USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
drivers/usb/core/quirks.c
* xhci: Fix commad ring abort, write all 64 bits to CRCR register.
drivers/usb/host/xhci-ring.c
vgacon: Propagate console boot parameters before calling `vc_resize'
parisc: Fix "make install" on newer debian releases
parisc: Fix KBUILD_IMAGE for self-extracting kernel
drm/msm: Do hw_init() before capturing GPU state
net/smc: Keep smc_close_final rc during active close
net/rds: correct socket tunable error in rds_tcp_tune()
* net: annotate data-races on txq->xmit_lock_owner
include/linux/netdevice.h
net/core/dev.c
net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available
rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
* siphash: use _unaligned version by default
include/linux/siphash.h
lib/siphash.c
net: mpls: Fix notifications when deleting a device
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
natsemi: xtensa: fix section mismatch warnings
i2c: stm32f7: stop dma transfer in case of NACK
i2c: stm32f7: recover the bus on access timeout
* fget: check that the fd still exists after getting a ref to it
fs/file.c
* fs: add fget_many() and fput_many()
fs/file.c
fs/file_table.c
include/linux/file.h
include/linux/fs.h
sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
ipmi: Move remove_work to dedicated workqueue
* kprobes: Limit max data_size of the kretprobe instances
include/linux/kprobes.h
vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
perf hist: Fix memory leak of a perf_hpp_fmt
net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
scsi: iscsi: Unblock session then wake up error handler
* thermal: core: Reset previous low and high trip during thermal zone init
drivers/thermal/thermal_core.c
btrfs: check-integrity: fix a warning on write caching disabled disk
s390/setup: avoid using memblock_enforce_memory_limit
platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
* net: return correct error code
net/ipv4/devinet.c
atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
gfs2: Fix length of holes reported at end-of-file
* of: clk: Make <linux/of_clk.h> self-contained
include/linux/of_clk.h
NFSv42: Fix pagecache invalidation after COPY/CLONE
* shm: extend forced shm destroy to support objects from several IPC nses
include/linux/ipc_namespace.h
include/linux/sched/task.h
* BACKPORT: arm64: vdso32: suppress error message for 'make mrproper'
arch/arm64/kernel/vdso32/Makefile
Merge 4.19.219 into android-4.19-stable
Linux 4.19.219
tty: hvc: replace BUG_ON() with negative return value
xen/netfront: don't trust the backend response data blindly
xen/netfront: disentangle tx_skb_freelist
xen/netfront: don't read data from request on the ring page
xen/netfront: read response from backend only once
xen/blkfront: don't trust the backend response data blindly
xen/blkfront: don't take local copy of a request from the ring page
xen/blkfront: read response from backend only once
* xen: sync include/xen/interface/io/ring.h with Xen's newest version
include/xen/interface/io/ring.h
* fuse: release pipe buf after last use
fs/fuse/dev.c
* NFC: add NCI_UNREG flag to eliminate the race
include/net/nfc/nci_core.h
* hugetlbfs: flush TLBs correctly after huge_pmd_unshare
include/asm-generic/tlb.h
mm/memory.c
s390/mm: validate VMA in PGSTE manipulation functions
* tracing: Check pid filtering when creating events
kernel/trace/trace_events.c
vhost/vsock: fix incorrect used length reported to the guest
net: hns3: fix VF RSS failed problem after PF enable multi-TCs
net/smc: Don't call clcsock shutdown twice when smc shutdown
MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
* tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
net/ipv4/tcp_cubic.c
PM: hibernate: use correct mode for swsusp_close()
net/smc: Ensure the active closing peer first closes clcsock
* ipv6: fix typos in __ip6_finish_output()
net/ipv6/ip6_output.c
drm/vc4: fix error code in vc4_create_object()
scsi: mpt3sas: Fix kernel panic during drive powercycle test
ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
NFSv42: Don't fail clone() unless the OP_CLONE operation failed
firmware: arm_scmi: pm: Propagate return value to caller
* net: ieee802154: handle iftypes as u32
include/net/nl802154.h
ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
ARM: dts: BCM5301X: Add interrupt properties to GPIO node
ARM: dts: BCM5301X: Fix I2C controller interrupt
netfilter: ipvs: Fix reuse connection if RS weight is 0
arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
arm64: dts: marvell: armada-37xx: declare PCIe reset pin
pinctrl: armada-37xx: Correct PWM pins definitions
pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup
pinctrl: armada-37xx: Correct mpp definitions
PCI: aardvark: Fix checking for link up via LTSSM state
PCI: aardvark: Fix link training
PCI: aardvark: Fix PCIe Max Payload Size setting
PCI: aardvark: Configure PCIe resources from 'ranges' DT property
PCI: aardvark: Update comment about disabling link training
PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
PCI: aardvark: Fix compilation on s390
PCI: aardvark: Don't touch PCIe registers if no card connected
PCI: aardvark: Indicate error in 'val' when config read fails
PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros
PCI: aardvark: Issue PERST via GPIO
PCI: aardvark: Improve link training
PCI: aardvark: Train link immediately after enabling training
PCI: aardvark: Wait for endpoint to be ready before training link
PCI: aardvark: Fix a leaked reference by adding missing of_node_put()
proc/vmcore: fix clearing user buffer by properly using clear_user()
xtensa: use CONFIG_USE_OF instead of CONFIG_OF
* tracing: Fix pid filtering when triggers are attached
kernel/trace/trace.h
xen: detect uninitialized xenbus in xenbus_init
xen: don't continue xenstore initialization in case of errors
* fuse: fix page stealing
fs/fuse/dev.c
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
media: cec: copy sequence field for the reply
ALSA: ctxfi: Fix out-of-range access
* binder: fix test regression due to sender_euid change
drivers/android/binder.c
* usb: hub: Fix locking issues with address0_mutex
drivers/usb/core/hub.c
* usb: hub: Fix usb enumeration issue due to address0 race
drivers/usb/core/hub.c
usb: dwc2: hcd_queue: Fix use of floating point literal
USB: serial: option: add Fibocom FM101-GL variants
USB: serial: option: add Telit LE910S1 0x9200 composition
* Revert "net: sched: update default qdisc visibility after Tx queue cnt changes"
include/net/sch_generic.h
net/core/dev.c
net/sched/sch_generic.c
net/sched/sch_mq.c
* Revert "serial: core: Fix initializing and restoring termios speed"
drivers/tty/serial/serial_core.c
include/linux/console.h
ANDROID: GKI: disable CONFIG_FORTIFY_SOURCE
Merge 4.19.218 into android-4.19-stable
Linux 4.19.218
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
usb: max-3421: Use driver data instead of maintaining a list of bound devices
* ASoC: DAPM: Cover regression by kctl change notification fix
sound/soc/soc-dapm.c
* RDMA/netlink: Add __maybe_unused to static inline in C file
include/rdma/rdma_netlink.h
batman-adv: Don't always reallocate the fragmentation skb head
batman-adv: Reserve needed_*room for fragments
batman-adv: Consider fragmentation for needed_headroom
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
* perf/core: Avoid put_page() when GUP fails
kernel/events/core.c
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drm/udl: fix control-message timeout
* cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
net/wireless/util.c
parisc/sticon: fix reverse colors
btrfs: fix memory ordering between normal and ordered work functions
udf: Fix crash after seekdir
x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
* mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
mm/slab.h
ipc: WARN if trying to remove ipc object which is absent
hexagon: export raw I/O routines for modules
* tun: fix bonding active backup with arp monitoring
drivers/net/tun.c
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
NFC: reorder the logic in nfc_{un,}register_device
NFC: reorganize the functions in nci_request
i40e: Fix display error code in dmesg
i40e: Fix changing previously set num_queue_pairs for PFs
i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix correct max_pkt_size on VF RX queue
* net: virtio_net_hdr_to_skb: count transport header in UFO
include/linux/virtio_net.h
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
mips: lantiq: add support for clk_get_parent()
mips: bcm63xx: add support for clk_get_parent()
MIPS: generic/yamon-dt: fix uninitialized variable error
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
iavf: check for null in iavf_fix_features
net: bnx2x: fix variable dereferenced before check
drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
* sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
kernel/sched/core.c
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sh: define __BIG_ENDIAN for math-emu
sh: fix kconfig unmet dependency warning for FRAME_POINTER
* f2fs: fix up f2fs_lookup tracepoints
include/trace/events/f2fs.h
maple: fix wrong return value of maple_bus_init().
sh: check return code of request_irq
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
ALSA: gus: fix null pointer dereference on pointer block
powerpc/5200: dts: fix memory node unit name
scsi: target: Fix alua_tg_pt_gps_count tracking
* scsi: target: Fix ordered tag handling
include/target/target_core_base.h
MIPS: sni: Fix the build
* tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
drivers/tty/tty_buffer.c
* ALSA: ISA: not for M68K
sound/core/Makefile
sound/isa/Kconfig
sound/pci/Kconfig
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ARM: dts: omap: fix gpmc,mux-add-data type
* firmware_loader: fix pre-allocated buf built-in firmware use
drivers/base/firmware_loader/main.c
scsi: advansys: Fix kernel pointer leak
ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
arm64: dts: freescale: fix arm,sp805 compatible string
usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
usb: musb: tusb6010: check return value after calling platform_get_resource()
arm64: dts: hisilicon: fix arm,sp805 compatible string
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
arm64: zynqmp: Fix serial compatible string
arm64: zynqmp: Do not duplicate flash partition label property
erofs: fix unsafe pagevec reuse of hooked pclusters
erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
* PCI: Add MSI masking quirk for Nvidia ION AHCI
drivers/pci/quirks.c
* PCI/MSI: Deal with devices lying about their MSI mask capability
drivers/pci/msi.c
include/linux/pci.h
* PCI/MSI: Destroy sysfs before freeing entries
drivers/pci/msi.c
parisc/entry: fix trace test in syscall exit path
* fortify: Explicitly disable Clang support
security/Kconfig
* ext4: fix lazy initialization next schedule time computation in more granular unit
fs/ext4/super.c
x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
* fuse: truncate pagecache on atomic_o_trunc
fs/fuse/file.c
* PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
include/uapi/linux/pci_regs.h
s390/tape: fix timer initialization in tape_std_assign()
s390/cio: check the subchannel validity for dev_busid
* video: backlight: Drop maximum brightness override for brightness zero
drivers/video/backlight/backlight.c
backlight: gpio-backlight: Correct initial power state handling
* mm, oom: do not trigger out_of_memory from the #PF
mm/oom_kill.c
* mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
mm/oom_kill.c
powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
powerpc/security: Add a helper to query stf_barrier type
powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
powerpc/bpf: Validate branch ranges
powerpc/lib: Add helper to check if offset is within conditional branch range
9p/net: fix missing error check in p9_check_errors
* f2fs: should use GFP_NOFS for directory inodes
fs/f2fs/inode.c
fs/f2fs/namei.c
ARM: 9156/1: drop cc-option fallbacks for architecture selection
ARM: 9155/1: fix early early_iounmap()
USB: chipidea: fix interrupt deadlock
cxgb4: fix eeprom len when diagnostics not implemented
vsock: prevent unnecessary refcnt inc for nonblocking connect
* arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
arch/arm64/include/asm/pgtable.h
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
* llc: fix out-of-bound array index in llc_sk_dev_hash()
include/net/llc.h
* zram: off by one in read_block_state()
drivers/block/zram/zram_drv.c
* mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
mm/zsmalloc.c
* bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
drivers/net/bonding/bond_sysfs_slave.c
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
net: davinci_emac: Fix interrupt pacing disable
xen-pciback: Fix return in pm_ctrl_init()
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
scsi: qla2xxx: Turn off target reset during issue_lip
scsi: qla2xxx: Fix gnl list corruption
* ar7: fix kernel builds for compiler test
drivers/watchdog/Kconfig
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
m68k: set a default value for MEMORY_RESERVE
* dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
drivers/dma/dmaengine.h
* netfilter: nfnetlink_queue: fix OOB when mac header was cleared
net/netfilter/nfnetlink_queue.c
auxdisplay: ht16k33: Fix frame buffer device blanking
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
NFS: Fix deadlocks in nfs_scan_commit_list()
PCI: aardvark: Don't spam about PIO Response Status
* drm/plane-helper: fix uninitialized variable reference
drivers/gpu/drm/drm_plane_helper.c
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
* rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
include/linux/rpmsg.h
apparmor: fix error check
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
mips: cm: Convert to bitfield API to fix out-of-bounds access
serial: xilinx_uartps: Fix race condition causing stuck TX
phy: qcom-qusb2: Fix a memory leak on probe
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
ASoC: cs42l42: Correct some register default values
RDMA/mlx4: Return missed an error if device doesn't support steering
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
power: supply: rt5033_battery: Change voltage values to µV
usb: gadget: hid: fix error code in do_config()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
video: fbdev: chipsfb: use memset_io() instead of memset()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
arm: dts: omap3-gta04a4: accelerometer irq fix
ALSA: hda: Reduce udelay() at SKL+ position reporting
JFS: fix memleak in jfs_mount
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
scsi: dc395: Fix error case unwinding
ARM: dts: at91: tse850: the emac<->phy interface is rmii
RDMA/bnxt_re: Fix query SRQ failure
arm64: dts: rockchip: Fix GPU register width for RK3328
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
RDMA/rxe: Fix wrong port_cap_flags
ibmvnic: Process crqs after enabling interrupts
selftests/bpf: Fix fclose/pclose mismatch in test_progs
crypto: pcrypt - Delay write to padata->info
net: phylink: avoid mvneta warning when setting pause parameters
net: amd-xgbe: Toggle PLL settings during rate change
wcn36xx: add proper DMA memory barriers in rx path
libertas: Fix possible memory leak in probe and disconnect
libertas_tf: Fix possible memory leak in probe and disconnect
KVM: s390: Fix handle_sske page fault handling
samples/kretprobes: Fix return value if register_kretprobe() failed
* tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
net/ipv4/tcp.c
irq: mips: avoid nested irq_enter()
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
drm/msm: Fix potential NULL dereference in DPU SSPP
* clocksource/drivers/timer-ti-dm: Select TIMER_OF
drivers/clocksource/Kconfig
PM: hibernate: fix sparse warnings
nvme-rdma: fix error code in nvme_rdma_setup_ctrl
phy: micrel: ksz8041nl: do not use power down mode
mwifiex: Send DELBA requests according to spec
rsi: stop thread firstly in rsi_91x_init() error handling
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mmc: mxs-mmc: disable regulator on error and in the remove function
* net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
net/core/stream.c
drm/msm: uninitialized variable in msm_gem_import()
ath10k: fix max antenna gain unit
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
* hwmon: Fix possible memleak in __hwmon_device_register()
drivers/hwmon/hwmon.c
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
memstick: avoid out-of-range warning
mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
b43: fix a lower bounds test
b43legacy: fix a lower bounds test
hwrng: mtk - Force runtime pm ops for sleep ops
crypto: qat - disregard spurious PFVF interrupts
crypto: qat - detect PFVF collision after ACK
media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
ath9k: Fix potential interrupt storm on queue reset
media: em28xx: Don't use ops->suspend if it is NULL
* cpuidle: Fix kobject memory leaks in error paths
drivers/cpuidle/sysfs.c
media: cx23885: Fix snd_card_free call on null card pointer
media: si470x: Avoid card name truncation
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: dvb-usb: fix ununit-value in az6027_rc_query
media: em28xx: add missing em28xx_close_extension
drm/amdgpu: fix warning for overflow check
net: dsa: rtl8366rb: Fix off-by-one bug
* cgroup: Make rebind_subsystems() disable v2 controllers all at once
kernel/cgroup/cgroup.c
* Bluetooth: fix init and cleanup of sco_conn.timeout_work
net/bluetooth/sco.c
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
* task_stack: Fix end_of_stack() for architectures with upwards-growing stack
include/linux/sched/task_stack.h
parisc: fix warning in flush_tlb_all
x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
* gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
net/ipv6/addrconf.c
ARM: clang: Do not rely on lr register for stacktrace
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
iwlwifi: mvm: disable RX-diversity in powersave
PM: hibernate: Get block device exclusively in swsusp_check()
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
tracing/cfi: Fix cmp_entries_* functions signature mismatch
* workqueue: make sysfs of unbound kworker cpumask more clever
kernel/workqueue.c
* lib/xz: Validate the value before assigning it to an enum variable
lib/xz/xz_dec_stream.c
* lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/xz/xz_dec_lzma2.c
memstick: r592: Fix a UAF bug when removing the driver
leaking_addresses: Always print a trailing newline
ACPI: battery: Accept charges over the design capacity as full
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
* tracefs: Have tracefs directories not set OTH permission bits by default
fs/tracefs/inode.c
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
ACPICA: Avoid evaluating methods too early during system resume
media: rcar-csi2: Add checking to rcsi2_start_receiver()
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
media: mceusb: return without resubmitting URB in case of -EPROTO error.
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: uvcvideo: Return -EIO for control errors
media: uvcvideo: Set capability in s_param
media: netup_unidvb: handle interrupt properly according to the firmware
media: mt9p031: Fix corrupted frame after restarting stream
mwifiex: Properly initialize private structure on interface type changes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
x86: Increase exception stack sizes
smackfs: Fix use-after-free in netlbl_catmap_walk()
* net: sched: update default qdisc visibility after Tx queue cnt changes
include/net/sch_generic.h
net/core/dev.c
net/sched/sch_generic.c
net/sched/sch_mq.c
locking/lockdep: Avoid RCU-induced noinstr fail
MIPS: lantiq: dma: reset correct number of channel
MIPS: lantiq: dma: add small delay after reset
platform/x86: wmi: do not fail if disabling fails
* Bluetooth: fix use-after-free error in lock_sock_nested()
net/bluetooth/l2cap_sock.c
* Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
net/bluetooth/sco.c
* drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
drivers/gpu/drm/drm_panel_orientation_quirks.c
USB: iowarrior: fix control-message timeouts
USB: serial: keyspan: fix memleak on probe errors
iio: dac: ad5446: Fix ad5622_write() return value
* pinctrl: core: fix possible memory leak in pinctrl_enable()
drivers/pinctrl/core.c
* quota: correct error number in free_dqentry()
fs/quota/quota_tree.c
* quota: check block number when reading the block in quota file
fs/quota/quota_tree.c
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Do not clear status bits of masked interrupts
xen/balloon: add late_initcall_sync() for initial ballooning done
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: mixer: oss: Fix racy access to slots
* serial: core: Fix initializing and restoring termios speed
drivers/tty/serial/serial_core.c
include/linux/console.h
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
power: supply: max17042_battery: use VFSOC for capacity when no rsns
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
* signal: Remove the bogus sigkill_pending in ptrace_stop
kernel/signal.c
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
rsi: Fix module dev_oper_mode parameter description
rsi: fix rate mask set leading to P2P failure
rsi: fix key enabled check causing unwanted encryption for vap_id > 0
rsi: fix occasional initialisation failure with BT coex
wcn36xx: handle connection loss indication
libata: fix checking of DMA state
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: Fix HT40 capability for 2Ghz band
evm: mark evm_fixmode as __ro_after_init
rtl8187: fix control-message timeouts
* PCI: Mark Atheros QCA6174 to avoid bus reset
drivers/pci/quirks.c
ath10k: fix division by zero in send path
ath10k: fix control-message timeout
ath6kl: fix control-message timeout
ath6kl: fix division by zero in send path
mwifiex: fix division by zero in fw download path
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
hwmon: (pmbus/lm25066) Add offset coefficients
ia64: kprobes: Fix to pass correct trampoline address to the handler
btrfs: call btrfs_check_rw_degradable only if there is a missing device
btrfs: fix lost error handling when replaying directory deletes
btrfs: clear MISSING device status bit in btrfs_close_one_device
vmxnet3: do not stop tx queues after netif_device_detach()
watchdog: Fix OMAP watchdog early handling
spi: spl022: fix Microwire full duplex mode
xen/netfront: stop tx queues during live migration
* bpf: Prevent increasing bpf_jit_limit above max
include/linux/filter.h
kernel/bpf/core.c
net/core/sysctl_net_core.c
* drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
drivers/gpu/drm/drm_panel_orientation_quirks.c
* mmc: winbond: don't build on M68K
drivers/mmc/host/Kconfig
hyperv/vmbus: include linux/bitops.h
sfc: Don't use netif_info before net_device setup
cavium: Fix return values of the probe function
scsi: qla2xxx: Fix unmap of already freed sgl
cavium: Return negative value when pci_alloc_irq_vectors() fails
x86/irq: Ensure PI wakeup handler is unregistered before module unload
x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
* ALSA: timer: Unconditionally unlink slave instances, too
sound/core/timer.c
* ALSA: timer: Fix use-after-free problem
sound/core/timer.c
ALSA: synth: missing check for possible NULL after the call to kstrdup
* ALSA: usb-audio: Add registration quirk for JBL Quantum 400
sound/usb/quirks.c
ALSA: line6: fix control and interrupt message timeouts
ALSA: 6fire: fix control and bulk message timeouts
ALSA: ua101: fix division by zero at probe
ALSA: hda/realtek: Add quirk for Clevo PC70HS
media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
media: ite-cir: IR receiver stop working after receive overflow
crypto: s5p-sss - Add error handling in s5p_aes_probe()
firmware/psci: fix application of sizeof to pointer
tpm: Check for integer overflow in tpm2_map_response_body()
parisc: Fix ptrace check on syscall return
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
ocfs2: fix data corruption on truncate
* libata: fix read log timeout value
include/linux/libata.h
Input: i8042 - Add quirk for Fujitsu Lifebook T725
Input: elantench - fix misreporting trackpoint coordinates
* binder: use cred instead of task for selinux checks
drivers/android/binder.c
include/linux/lsm_hooks.h
include/linux/security.h
security/security.c
security/selinux/hooks.c
* binder: use euid from cred instead of using task
drivers/android/binder.c
* xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
drivers/usb/host/xhci-hub.c
* ANDROID: usb: gadget: f_accessory: Mitgate handling of non-existent USB request
drivers/usb/gadget/function/f_accessory.c
* UPSTREAM: binder: use cred instead of task for getsecid
drivers/android/binder.c
include/linux/security.h
* FROMGIT: binder: fix test regression due to sender_euid change
drivers/android/binder.c
* BACKPORT: binder: use cred instead of task for selinux checks
drivers/android/binder.c
include/linux/lsm_hooks.h
include/linux/security.h
security/security.c
security/selinux/hooks.c
* UPSTREAM: binder: use euid from cred instead of using task
drivers/android/binder.c
* ANDROID: setlocalversion: make KMI_GENERATION optional
scripts/setlocalversion
Merge 4.19.217 into android-4.19-stable
Linux 4.19.217
rsi: fix control-message timeout
staging: rtl8192u: fix control-message timeouts
staging: r8712u: fix control-message timeout
comedi: vmk80xx: fix bulk and interrupt message timeouts
comedi: vmk80xx: fix bulk-buffer overflow
comedi: vmk80xx: fix transfer-buffer overflows
comedi: ni_usb6501: fix NULL-deref in command paths
comedi: dt9812: fix DMA buffers on stack
isofs: Fix out of bound access for corrupted isofs image
* printk/console: Allow to disable console output by using console="" or console=null
kernel/printk/printk.c
* usb-storage: Add compatibility quirk flags for iODD 2531/2541
drivers/usb/storage/unusual_devs.h
usb: musb: Balance list entry in musb_gadget_queue
* usb: gadget: Mark USB_FSL_QE broken on 64-bit
drivers/usb/gadget/udc/Kconfig
* usb: ehci: handshake CMD_RUN instead of STS_HALT
drivers/usb/host/ehci-hcd.c
drivers/usb/host/ehci-platform.c
drivers/usb/host/ehci.h
Revert "x86/kvm: fix vcpu-id indexed array sizes"
Merge 4.19.216 into android-4.19-stable
Linux 4.19.216
* ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
drivers/amba/bus.c
* arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
include/asm-generic/pgtable.h
sfc: Fix reading non-legacy supported link modes
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
IB/qib: Use struct_size() helper
media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
* scsi: core: Put LLD module refcnt after SCSI device is released
drivers/scsi/scsi.c
drivers/scsi/scsi_sysfs.c
* UPSTREAM: security: selinux: allow per-file labeling for bpffs
security/selinux/hooks.c
Bug: 210364486
Change-Id: I6232c6c7fde1bf54c16a32dd632456dc41e01e6e
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Chengfeng Ye
|
2c5a51f91f |
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
[ Upstream commit 9fec40f850658e00a14a7dd9e06f7fbc7e59cc4a ] skb is already freed by dev_kfree_skb in pn533_fill_fragment_skbs, but follow error handler branch when pn533_fill_fragment_skbs() fails, skb is freed again, results in double free issue. Fix this by not free skb in error path of pn533_fill_fragment_skbs. Fixes: |
||
|
Wilson Sung
|
5084fd58f3 |
Merge android-4.19-stable (4.19.215) into android-msm-pixel-4.19-lts
Merge 4.19.215 into android-4.19-stable
Linux 4.19.215
* sctp: add vtag check in sctp_sf_ootb
net/sctp/sm_statefuns.c
* sctp: add vtag check in sctp_sf_do_8_5_1_E_sa
net/sctp/sm_statefuns.c
* sctp: add vtag check in sctp_sf_violation
net/sctp/sm_statefuns.c
* sctp: fix the processing for COOKIE_ECHO chunk
net/sctp/sm_statefuns.c
* sctp: use init_tag from inithdr for ABORT chunk
net/sctp/sm_statefuns.c
net: nxp: lpc_eth.c: avoid hang when bringing interface down
net: ethernet: microchip: lan743x: Fix dma allocation failure by using dma_set_mask_and_coherent
net: ethernet: microchip: lan743x: Fix driver crash when lan743x_pm_resume fails
nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST
* net: Prevent infinite while loop in skb_tx_hash()
net/core/dev.c
net: batman-adv: fix error handling
* regmap: Fix possible double-free in regcache_rbtree_exit()
drivers/base/regmap/regcache-rbtree.c
arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node
RDMA/mlx5: Set user priority for DCT
net: lan78xx: fix division by zero in send path
mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit
mmc: sdhci: Map more voltage level to SDHCI_POWER_330
mmc: dw_mmc: exynos: fix the finding clock sample value
mmc: cqhci: clear HALT state after CQE enable
mmc: vub300: fix control-message timeouts
* ipv6: make exception cache less predictible
net/ipv6/route.c
* ipv6: use siphash in rt6_exception_hash()
net/ipv6/route.c
* ipv4: use siphash instead of Jenkins in fnhe_hashfun()
net/ipv4/route.c
* Revert "net: mdiobus: Fix memory leak in __mdiobus_register"
drivers/net/phy/mdio_bus.c
nfc: port100: fix using -ERRNO as command type mask
ata: sata_mv: Fix the error handling of mv_chip_id()
* usbnet: fix error return code in usbnet_probe()
drivers/net/usb/usbnet.c
* usbnet: sanity check for maxpacket
drivers/net/usb/usbnet.c
ARM: 8819/1: Remove '-p' from LDFLAGS
* arm64: Avoid premature usercopy failure
arch/arm64/lib/copy_from_user.S
arch/arm64/lib/copy_in_user.S
arch/arm64/lib/copy_to_user.S
powerpc/bpf: Fix BPF_MOD when imm == 1
ARM: 9141/1: only warn about XIP address when not compile testing
ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype
ARM: 9134/1: remove duplicate memcpy() definition
ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned
Merge 4.19.214 into android-4.19-stable
* ANDROID: Incremental fs: Fix dentry get/put imbalance on vfs_mkdir() failure
fs/incfs/vfs.c
Linux 4.19.214
ARM: 9122/1: select HAVE_FUTEX_CMPXCHG
* tracing: Have all levels of checks prevent recursion
kernel/trace/trace.h
* net: mdiobus: Fix memory leak in __mdiobus_register
drivers/net/phy/mdio_bus.c
* scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma()
drivers/scsi/hosts.c
ALSA: hda: avoid write to STATESTS if controller is in reset
platform/x86: intel_scu_ipc: Update timeout value in comment
isdn: mISDN: Fix sleeping function called from invalid context
ARM: dts: spear3xx: Fix gmac node
net: stmmac: add support for dwmac 3.40a
btrfs: deal with errors when checking if a dir entry exists during log replay
* gcc-plugins/structleak: add makefile var for disabling structleak
scripts/Makefile.gcc-plugins
* netfilter: Kconfig: use 'default y' instead of 'm' for bool config option
net/netfilter/Kconfig
isdn: cpai: check ctr->cnr to avoid array index out of bound
nfc: nci: fix the UAF of rf_conn_info object
* mm, slub: fix mismatch between reconstructed freelist depth and cnt
mm/slub.c
* ASoC: DAPM: Fix missing kctl change notifications
sound/soc/soc-dapm.c
ALSA: hda/realtek: Add quirk for Clevo PC50HS
* ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
sound/usb/quirks-table.h
* vfs: check fd has read access in kernel_read_file_from_fd()
fs/exec.c
* elfcore: correct reference to CONFIG_UML
include/linux/elfcore.h
ocfs2: mount fails with buffer overflow in strlen
ocfs2: fix data corruption after conversion from inline format
can: peak_pci: peak_pci_remove(): fix UAF
can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification
can: rcar_can: fix suspend/resume
net: hns3: disable sriov before unload hclge layer
net: hns3: add limit ets dwrr bandwidth cannot be 0
NIOS2: irqflags: rename a redefined register name
* lan78xx: select CRC32
drivers/net/usb/Kconfig
netfilter: ipvs: make global sysctl readonly in non-init netns
ASoC: wm8960: Fix clock configuration on slave mode
dma-debug: fix sg checks in debug_dma_map_sg()
NFSD: Keep existing listeners on portlist error
xtensa: xtfpga: Try software restart before simulating CPU reset
xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF
ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default
Merge 4.19.213 into android-4.19-stable
UPSTREAM: crypto: arm/blake2s - fix for big endian
ANDROID: gki_defconfig: enable BLAKE2b support
BACKPORT: crypto: arm/blake2b - add NEON-accelerated BLAKE2b
BACKPORT: crypto: blake2b - update file comment
* BACKPORT: crypto: blake2b - sync with blake2s implementation
include/crypto/blake2b.h
include/crypto/internal/blake2b.h
* UPSTREAM: wireguard: Kconfig: select CRYPTO_BLAKE2S_ARM
drivers/net/Kconfig
UPSTREAM: crypto: arm/blake2s - add ARM scalar optimized BLAKE2s
* UPSTREAM: crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
include/crypto/blake2s.h
* UPSTREAM: crypto: blake2s - adjust include guard naming
include/crypto/blake2s.h
include/crypto/internal/blake2s.h
* UPSTREAM: crypto: blake2s - add comment for blake2s_state fields
include/crypto/blake2s.h
* UPSTREAM: crypto: blake2s - optimize blake2s initialization
include/crypto/blake2s.h
include/crypto/internal/blake2s.h
* BACKPORT: crypto: blake2s - share the "shash" API boilerplate code
include/crypto/internal/blake2s.h
* UPSTREAM: crypto: blake2s - move update and final logic to internal/blake2s.h
include/crypto/internal/blake2s.h
UPSTREAM: crypto: blake2s - remove unneeded includes
UPSTREAM: crypto: x86/blake2s - define shash_alg structs using macros
UPSTREAM: crypto: blake2s - define shash_alg structs using macros
* UPSTREAM: crypto: lib/blake2s - Move selftest prototype into header file
include/crypto/internal/blake2s.h
UPSTREAM: crypto: blake2b - Fix clang optimization for ARMv7-M
UPSTREAM: crypto: blake2b - rename tfm context and _setkey callback
UPSTREAM: crypto: blake2b - merge _update to api callback
UPSTREAM: crypto: blake2b - open code set last block helper
UPSTREAM: crypto: blake2b - delete unused structs or members
UPSTREAM: crypto: blake2b - simplify key init
UPSTREAM: crypto: blake2b - merge blake2 init to api callback
UPSTREAM: crypto: blake2b - merge _final implementation to callback
* BACKPORT: crypto: testmgr - add test vectors for blake2b
crypto/testmgr.c
* BACKPORT: crypto: blake2b - add blake2b generic implementation
crypto/Kconfig
crypto/Makefile
Linux 4.19.213
* r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256
drivers/net/usb/Kconfig
qed: Fix missing error code in qed_slowpath_start()
mqprio: Correct stats in mqprio_dump_class_stats().
acpi/arm64: fix next_platform_timer() section mismatch error
drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
drm/msm: Fix null pointer dereference on pointer edp
platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
pata_legacy: fix a couple uninitialized variable bugs
NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
nfc: fix error handling of nfc_proto_register()
ethernet: s2io: fix setting mac address during resume
net: encx24j600: check error in devm_regmap_init_encx24j600
* net: korina: select CRC32
drivers/net/ethernet/Kconfig
* net: arc: select CRC32
drivers/net/ethernet/arc/Kconfig
* sctp: account stream padding length for reconf chunk
net/sctp/sm_make_chunk.c
iio: dac: ti-dac5571: fix an error code in probe()
iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
iio: light: opt3001: Fixed timeout error when 0 lux
iio: adc128s052: Fix the error handling path of 'adc128_probe()'
iio: adc: aspeed: set driver data when adc probe.
x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
* nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
drivers/nvmem/core.c
virtio: write back F_VERSION_1 before validate
USB: serial: option: add prod. id for Quectel EG91
USB: serial: option: add Telit LE910Cx composition 0x1204
USB: serial: option: add Quectel EC200S-CN module support
USB: serial: qcserial: add EM9191 QDL support
* Input: xpad - add support for another USB ID of Nacon GC-100
drivers/input/joystick/xpad.c
usb: musb: dsps: Fix the probe error path
efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock()
efi/cper: use stack buffer for error record decoding
cb710: avoid NULL pointer subtraction
* xhci: Enable trust tx length quirk for Fresco FL11 USB controller
drivers/usb/host/xhci-pci.c
* xhci: Fix command ring pointer corruption while aborting a command
drivers/usb/host/xhci-ring.c
* xhci: guard accesses to ep_state in xhci_endpoint_reset()
drivers/usb/host/xhci.c
mei: me: add Ice Lake-N device id.
x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
btrfs: check for error when looking up inode during dir entry replay
btrfs: deal with errors when adding inode reference during log replay
btrfs: deal with errors when replaying dir entry during log replay
s390: fix strrchr() implementation
nds32/ftrace: Fix Error: invalid operands (*UND* and *UND* sections) for `^'
ALSA: hda/realtek - ALC236 headset MIC recording issue
ALSA: hda/realtek: Add quirk for Clevo X170KM-G
ALSA: hda/realtek: Complete partial device name to avoid ambiguity
ALSA: seq: Fix a potential UAF by wrong private_free call order
Merge 4.19.212 into android-4.19-stable
Linux 4.19.212
* sched: Always inline is_percpu_thread()
include/linux/sched.h
perf/x86: Reset destroy callback on event init failure
scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
scsi: ses: Fix unsigned comparison with less than zero
* net: sun: SUNVNET_COMMON should depend on INET
drivers/net/ethernet/sun/Kconfig
mac80211: check return value of rhashtable_init
* net: prevent user from passing illegal stab size
include/net/pkt_sched.h
net/sched/sch_api.c
m68k: Handle arrivals of multiple signals correctly
mac80211: Drop frames from invalid MAC address in ad-hoc mode
* netfilter: ip6_tables: zero-initialize fragment offset
net/ipv6/netfilter/ip6_tables.c
* HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
drivers/hid/hid-apple.c
net: phy: bcm7xxx: Fixed indirect MMD operations
Merge 4.19.211 into android-4.19-stable
* Revert "lib/timerqueue: Rely on rbtree semantics for next timer"
include/linux/timerqueue.h
lib/timerqueue.c
Merge 4.19.210 into android-4.19-stable
Linux 4.19.211
x86/Kconfig: Correct reference to MWINCHIP3D
i2c: acpi: fix resource leak in reconfiguration device addition
i40e: Fix freeing of uninitialized misc IRQ vector
i40e: fix endless loop under rtnl
* rtnetlink: fix if_nlmsg_stats_size() under estimation
net/core/rtnetlink.c
drm/nouveau/debugfs: fix file release memory leak
* netlink: annotate data races around nlk->bound
net/netlink/af_netlink.c
net: sfp: Fix typo in state machine debug string
* net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
net/bridge/br_netlink.c
ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence
ptp_pch: Load module automatically if ID matches
powerpc/fsl/dts: Fix phy-connection-type for fm1mac3
* net_sched: fix NULL deref in fifo_set_limit()
net/sched/sch_fifo.c
* phy: mdio: fix memory leak
drivers/net/phy/mdio_bus.c
* bpf: Fix integer overflow in prealloc_elems_and_freelist()
kernel/bpf/stackmap.c
bpf, arm: Fix register clobbering in div/mod implementation
xtensa: call irqchip_init only when CONFIG_USE_OF is selected
bpf, mips: Validate conditional branch offsets
ARM: dts: qcom: apq8064: use compatible which contains chipid
ARM: dts: omap3430-sdp: Fix NAND device node
xen/balloon: fix cancelled balloon action
nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero
* ovl: fix missing negative dentry check in ovl_rename()
fs/overlayfs/dir.c
xen/privcmd: fix error handling in mmap-resource processing
USB: cdc-acm: fix break reporting
USB: cdc-acm: fix racy tty buffer accesses
* Partially revert "usb: Kconfig: using select for USB_COMMON dependency"
drivers/usb/Kconfig
* ANDROID: Different fix for KABI breakage in 4.19.209 in struct sock
include/net/sock.h
ANDROID: GKI: update .xml file for struct sock change
Linux 4.19.210
* lib/timerqueue: Rely on rbtree semantics for next timer
include/linux/timerqueue.h
lib/timerqueue.c
* libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD.
include/linux/libata.h
tools/vm/page-types: remove dependency on opt_file for idle page tracking
scsi: ses: Retry failed Send/Receive Diagnostic commands
selftests: be sure to make khdr before other targets
usb: dwc2: check return value after calling platform_get_resource()
usb: testusb: Fix for showing the connection speed
* scsi: sd: Free scsi_disk device via put_device()
drivers/scsi/sd.c
ext2: fix sleeping in atomic bugs on error
sparc64: fix pci_iounmap() when CONFIG_PCI is not set
xen-netback: correct success/error reporting for the SKB-with-fraglist case
* net: mdio: introduce a shutdown method to mdio device drivers
drivers/net/phy/mdio_device.c
include/linux/mdio.h
* ANDROID: Fix up KABI breakage in 4.19.209 in struct sock
include/net/sock.h
Merge 4.19.209 into android-4.19-stable
* FROMLIST: dm-verity: skip verity_handle_error on I/O errors
drivers/md/dm-verity-target.c
Linux 4.19.209
* cred: allow get_cred() and put_cred() to be given NULL.
include/linux/cred.h
* HID: usbhid: free raw_report buffers in usbhid_stop
drivers/hid/usbhid/hid-core.c
netfilter: ipset: Fix oversized kvmalloc() calls
HID: betop: fix slab-out-of-bounds Write in betop_probe
crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
usb: hso: remove the bailout parameter
usb: hso: fix error handling code of hso_create_net_device
hso: fix bailout in error case of probe
ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE
ARM: 9079/1: ftrace: Add MODULE_PLTS support
ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
ARM: 9077/1: PLT: Move struct plt_entries definition to header
EDAC/synopsys: Fix wrong value type assignment for edac_mode
* net: udp: annotate data race around udp_sk(sk)->corkflag
net/ipv4/udp.c
net/ipv6/udp.c
* ext4: fix potential infinite loop in ext4_dx_readdir()
fs/ext4/dir.c
ipack: ipoctal: fix module reference leak
ipack: ipoctal: fix missing allocation-failure check
ipack: ipoctal: fix tty-registration error handling
ipack: ipoctal: fix tty registration race
ipack: ipoctal: fix stack information leak
* elf: don't use MAP_FIXED_NOREPLACE for elf interpreter mappings
fs/binfmt_elf.c
* af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
include/net/sock.h
net/core/sock.c
net/unix/af_unix.c
scsi: csiostor: Add module softdep on cxgb4
Revert "block, bfq: honor already-setup queue merges"
e100: fix buffer overrun in e100_get_regs
e100: fix length calculation in e100_get_regs_len
hwmon: (tmp421) fix rounding for negative values
hwmon: (tmp421) report /PVLD condition as fault
hwmon: (tmp421) Replace S_<PERMS> with octal values
* sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb
net/sctp/input.c
mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap
mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs
ipvs: check that ip_vs_conn_tab_bits is between 8 and 20
drm/amd/display: Pass PCI deviceid into DC
x86/kvmclock: Move this_cpu_pvti into kvmclock.h
mac80211: fix use-after-free in CCMP/GCMP RX
* cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory
drivers/cpufreq/cpufreq_governor_attr_set.c
* cpufreq: schedutil: Use kobject release() method to free sugov_tunables
kernel/sched/cpufreq_schedutil.c
tty: Fix out-of-bound vmalloc access in imageblit
qnx4: work around gcc false positive warning bug
xen/balloon: fix balloon kthread freezing
* tcp: adjust rto_base in retransmits_timed_out()
net/ipv4/tcp_timer.c
* tcp: create a helper to model exponential backoff
net/ipv4/tcp_timer.c
* tcp: always set retrans_stamp on recovery
net/ipv4/tcp_output.c
net/ipv4/tcp_timer.c
* tcp: address problems caused by EDT misshaps
net/ipv4/tcp_input.c
net/ipv4/tcp_timer.c
PCI: aardvark: Fix checking for PIO status
arm64: dts: marvell: armada-37xx: Extend PCIe MEM space
erofs: fix up erofs_lookup tracepoint
spi: Fix tegra20 build with CONFIG_PM=n
net: 6pack: Fix tx timeout and slot time
alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile
* arm64: Mark __stack_chk_guard as __ro_after_init
arch/arm64/kernel/process.c
parisc: Use absolute_pointer() to define PAGE0
qnx4: avoid stringop-overread errors
sparc: avoid stringop-overread errors
net: i825xx: Use absolute_pointer for memcpy from fixed memory location
* compiler.h: Introduce absolute_pointer macro
include/linux/compiler.h
nvme-multipath: fix ANA state updates when a namespace is not present
xen/balloon: use a kernel thread instead a workqueue
m68k: Double cast io functions to unsigned long
net: stmmac: allow CSR clock of 300MHz
net: macb: fix use after free on rmmod
* blktrace: Fix uaf in blk_trace access after removing by sysfs
kernel/trace/blktrace.c
md: fix a lock order reversal in md_alloc
* irqchip/gic-v3-its: Fix potential VPE leak on error
drivers/irqchip/irq-gic-v3-its.c
* irqchip/goldfish-pic: Select GENERIC_IRQ_CHIP to fix build
drivers/irqchip/Kconfig
* thermal/core: Potential buffer overflow in thermal_build_list_of_policies()
drivers/thermal/thermal_core.c
fpga: machxo2-spi: Fix missing error code in machxo2_write_complete()
fpga: machxo2-spi: Return an error on failure
tty: synclink_gt: rename a conflicting function name
tty: synclink_gt, drop unneeded forward declarations
scsi: iscsi: Adjust iface sysfs attr detection
net/mlx4_en: Don't allow aRFS for encapsulated packets
gpio: uniphier: Fix void functions to remove return value
net/smc: add missing error check in smc_clc_prfx_set()
bnxt_en: Fix TX timeout when TX ring size is set to the smallest
net: hso: fix muxed tty registration
serial: mvebu-uart: fix driver's tx_empty callback
mcb: fix error handling in mcb_alloc_bus()
USB: serial: option: add device id for Foxconn T99W265
USB: serial: option: remove duplicate USB device ID
USB: serial: option: add Telit LN920 compositions
USB: serial: mos7840: remove duplicated 0xac24 device ID
Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
staging: greybus: uart: fix tty use after free
USB: cdc-acm: fix minor-number release
USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter
* usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
drivers/usb/storage/unusual_devs.h
xen/x86: fix PV trap handling on secondary processors
cifs: fix incorrect check for null pointer in header_assemble
usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned()
usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
usb: gadget: r8a66597: fix a loop in set_feature()
ocfs2: drop acl cache for directories too
Merge 4.19.208 into android-4.19-stable
ANDROID: GKI: update ABI xml
ANDROID: GKI: Update aarch64 cuttlefish symbol list
* ANDROID: GKI: rework the ANDROID_KABI_USE() macro to not use __UNIQUE()
include/linux/android_kabi.h
* BACKPORT: loop: Set correct device size when using LOOP_CONFIGURE
drivers/block/loop.c
Linux 4.19.208
drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
pwm: stm32-lp: Don't modify HW state in .remove() callback
pwm: rockchip: Don't modify HW state in .remove() callback
pwm: img: Don't modify HW state in .remove() callback
nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group
nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group
nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group
nilfs2: fix NULL pointer in nilfs_##name##_attr_release
nilfs2: fix memory leak in nilfs_sysfs_create_device_group
ceph: lockdep annotations for try_nonblocking_invalidate
dmaengine: xilinx_dma: Set DMA mask for coherent APIs
* dmaengine: ioat: depends on !UML
drivers/dma/Kconfig
dmaengine: sprd: Add missing MODULE_DEVICE_TABLE
parisc: Move pci_dev_is_behind_card_dino to where it is used
* drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION()
arch/arm64/kernel/cacheinfo.c
include/linux/cacheinfo.h
* Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH
lib/Kconfig.debug
pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered
* profiling: fix shift-out-of-bounds bugs
kernel/profile.c
nilfs2: use refcount_dec_and_lock() to fix potential UAF
* prctl: allow to setup brk for et_dyn executables
kernel/sys.c
9p/trans_virtio: Remove sysfs file on probe failure
thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
* sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
net/sctp/sm_make_chunk.c
* sctp: validate chunk size in __rcv_asconf_lookup
net/sctp/input.c
tracing/kprobe: Fix kprobe_on_func_entry() modification
crypto: talitos - fix max key size for sha384 and sha512
apparmor: remove duplicate macro list_entry_is_head()
* rcu: Fix missed wakeup of exp_wq waiters
kernel/rcu/tree_exp.h
* KVM: remember position in kvm->vcpus array
include/linux/kvm_host.h
s390/bpf: Fix optimizing out zero-extensions
Bug: 205088357
Change-Id: Ib9d80af897f5c3076e6793dc3db117d198e499c2
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Krzysztof Kozlowski
|
4a9043ba1b |
nfc: port100: fix using -ERRNO as command type mask
commit 2195f2062e4cc93870da8e71c318ef98a1c51cef upstream.
During probing, the driver tries to get a list (mask) of supported
command types in port100_get_command_type_mask() function. The value
is u64 and 0 is treated as invalid mask (no commands supported). The
function however returns also -ERRNO as u64 which will be interpret as
valid command mask.
Return 0 on every error case of port100_get_command_type_mask(), so the
probing will stop.
Cc: <stable@vger.kernel.org>
Fixes:
|
||
|
Lucas Wei
|
f372daffd0 |
LTS: Merge android-4.19-stable (4.19.202) into android-msm-pixel-4.19
Merge android-4.19-stable common kernel (4.19.202) into B5R3 master kernel. Bug: 196282886 Bug: 192901276 Test: Manual testing, SST, vts/vts-kernel, pts/base, pts/postsubmit-long Signed-off-by: Lucas Wei <lucaswei@google.com> Change-Id: I460d39659928a4eddc497d2abdd630ac31ee4b4e |
||
|
Lucas Wei
|
b2bed6615a |
Merge android-4.19-stable (4.19.202) into android-msm-pixel-4.19-lts
Merge 4.19.202 into android-4.19-stable
Linux 4.19.202
spi: mediatek: Fix fifo transfer
* padata: add separate cpuhp node for CPUHP_PADATA_DEAD
include/linux/padata.h
* padata: validate cpumask without removed CPU during offline
include/linux/cpuhotplug.h
Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
firmware: arm_scmi: Ensure drivers provide a probe function
drm/i915: Ensure intel_engine_init_execlist() builds with Clang
* Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
net/bluetooth/hci_core.c
* bdi: add a ->dev_name field to struct backing_dev_info
include/linux/backing-dev-defs.h
mm/backing-dev.c
* bdi: use bdi_dev_name() to get device name
block/blk-cgroup.c
include/trace/events/wbt.h
* bdi: move bdi_dev_name out of line
include/linux/backing-dev.h
mm/backing-dev.c
* net: Fix zero-copy head len calculation.
net/core/skbuff.c
qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
* r8152: Fix potential PM refcount imbalance
drivers/net/usb/r8152.c
ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
* regulator: rt5033: Fix n_voltages settings for BUCK and LDO
include/linux/mfd/rt5033-private.h
btrfs: mark compressed range uptodate only if all bio succeed
Merge 4.19.201 into android-4.19-stable
Linux 4.19.201
i40e: Add additional info to PHY type error
Revert "perf map: Fix dso->nsinfo refcounting"
powerpc/pseries: Fix regression while building external modules
can: hi311x: fix a signedness bug in hi3110_cmd()
sis900: Fix missing pci_disable_device() in probe and remove
tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
* sctp: fix return value check in __sctp_rcv_asconf_lookup
net/sctp/input.c
net/mlx5: Fix flow table chaining
* net: llc: fix skb_over_panic
include/net/llc_pdu.h
mlx4: Fix missing error code in mlx4_load_one()
* tipc: fix sleeping in tipc accept routine
net/tipc/socket.c
i40e: Fix log TC creation failure when max num of queues is exceeded
i40e: Fix logic of disabling queues
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
* netfilter: conntrack: adjust stop timestamp to real expiry value
net/netfilter/nf_conntrack_core.c
* cfg80211: Fix possible memory leak in function cfg80211_bss_update
net/wireless/scan.c
nfc: nfcsim: fix use after free during module unload
NIU: fix incorrect error return, missed in previous revert
can: esd_usb2: fix memory leak
can: ems_usb: fix memory leak
can: usb_8dev: fix memory leak
can: mcba_usb_start(): add missing urb->transfer_dma initialization
can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
ocfs2: issue zeroout to EOF blocks
ocfs2: fix zero out valid data
x86/kvm: fix vcpu-id indexed array sizes
btrfs: fix rw device counting in __btrfs_free_extra_devids
x86/asm: Ensure asm/proto.h can be included stand-alone
* gro: ensure frag0 meets IP header alignment
include/linux/skbuff.h
net/core/dev.c
* virtio_net: Do not pull payload in skb->head
include/linux/virtio_net.h
Merge 4.19.200 into android-4.19-stable
Linux 4.19.200
ARM: dts: versatile: Fix up interrupt controller node names
cifs: fix the out of range assignment to bit fields in parse_server_interfaces
firmware: arm_scmi: Fix range check for the maximum number of pending messages
firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
hfs: add lock nesting notation to hfs_find_init
hfs: fix high memory mapping in hfs_bnode_read
hfs: add missing clean-up in hfs_fill_super
* sctp: move 198 addresses from unusable to private scope
include/net/sctp/constants.h
net/sctp/protocol.c
* net: annotate data race around sk_ll_usec
include/net/busy_poll.h
net/core/sock.c
net/802/garp: fix memleak in garp_request_join()
net/802/mrp: fix memleak in mrp_request_join()
* workqueue: fix UAF in pwq_unbound_release_workfn()
kernel/workqueue.c
* af_unix: fix garbage collect vs MSG_PEEK
net/unix/af_unix.c
* net: split out functions related to registering inflight socket files
include/net/af_unix.h
net/Makefile
net/unix/Kconfig
net/unix/Makefile
net/unix/af_unix.c
net/unix/garbage.c
net/unix/scm.c
net/unix/scm.h
KVM: x86: determine if an exception has an error code only when injecting it.
iio: dac: ds4422/ds4424 drop of_node check
selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
* ANDROID: staging: ion: move buffer kmap from begin/end_cpu_access()
drivers/staging/android/ion/ion.c
Merge 4.19.199 into android-4.19-stable
Linux 4.19.199
* xhci: add xhci_get_virt_ep() helper
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.h
spi: spi-fsl-dspi: Fix a resource leak in an error handling path
* PCI: Mark AMD Navi14 GPU ATS as broken
drivers/pci/quirks.c
btrfs: compression: don't try to compress if we don't have enough pages
iio: accel: bma180: Fix BMA25x bandwidth register values
iio: accel: bma180: Use explicit member assignment
net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
KVM: do not allow mapping valid but non-reference-counted pages
KVM: do not assume PTE is writable after follow_pfn
* drm: Return -ENOTTY for non-drm ioctls
drivers/gpu/drm/drm_ioctl.c
include/drm/drm_ioctl.h
nds32: fix up stack guard gap
selftest: use mmap instead of posix_memalign to allocate memory
ixgbe: Fix packet corruption due to missing DMA sync
media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
* tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
kernel/trace/ring_buffer.c
usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
USB: serial: cp210x: fix comments for GE CS1000
USB: serial: option: add support for u-blox LARA-R6 family
usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
usb: max-3421: Prevent corruption of freed memory
USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
* usb: hub: Fix link power management max exit latency (MEL) calculations
drivers/usb/core/hub.c
* usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
drivers/usb/core/hub.c
KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
* xhci: Fix lost USB 2 remote wake
drivers/usb/host/xhci-hub.c
ALSA: sb: Fix potential ABBA deadlock in CSP driver
* ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
sound/usb/quirks.c
s390/ftrace: fix ftrace_update_ftrace_func implementation
Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one"
* proc: Avoid mixing integer types in mem_rw()
fs/proc/base.c
drm/panel: raspberrypi-touchscreen: Prevent double-free
* net: sched: cls_api: Fix the the wrong parameter
net/sched/cls_api.c
* sctp: update active_key for asoc when old key is being replaced
net/sctp/auth.c
* Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
drivers/usb/core/quirks.c
nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
net/sched: act_skbmod: Skip non-Ethernet packets
* net/tcp_fastopen: fix data races around tfo_active_disable_stamp
net/ipv4/tcp_fastopen.c
spi: cadence: Correct initialisation of runtime PM again
scsi: target: Fix protect handling in WRITE SAME(32)
scsi: iscsi: Fix iface sysfs attr detection
netrom: Decrease sock refcount when sock timers expire
KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
net: decnet: Fix sleeping inside in af_decnet
net: fix uninit-value in caif_seqpkt_sendmsg
bpftool: Check malloc return value in mount_bpffs_for_pin
s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
liquidio: Fix unintentional sign extension issue on left shift of u16
spi: mediatek: fix fifo rx mode
perf probe-file: Delete namelist in del_events() on the error path
perf test bpf: Free obj_buf
perf lzma: Close lzma stream on exit
perf dso: Fix memory leak in dso__new_map()
perf probe: Fix dso->nsinfo refcounting
perf map: Fix dso->nsinfo refcounting
nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
* ipv6: fix 'disable_policy' for fwd packets
net/ipv6/ip6_output.c
igb: Fix position of assignment to *ring
igb: Check if num of q_vectors is smaller than max before array access
iavf: Fix an error handling path in 'iavf_probe()'
e1000e: Fix an error handling path in 'e1000_probe()'
fm10k: Fix an error handling path in 'fm10k_probe()'
igb: Fix an error handling path in 'igb_probe()'
ixgbe: Fix an error handling path in 'ixgbe_probe()'
igb: Fix use-after-free error during reset
* net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
net/ipv4/ip_tunnel.c
* udp: annotate data races around unix_sk(sk)->gso_size
net/ipv4/udp.c
net/ipv6/udp.c
bpftool: Properly close va_list 'ap' by va_end() on error
* ipv6: tcp: drop silly ICMPv6 packet too big messages
net/ipv4/tcp_output.c
net/ipv6/tcp_ipv6.c
* tcp: annotate data races around tp->mtu_info
net/ipv4/tcp_ipv4.c
net/ipv6/tcp_ipv6.c
* dma-buf/sync_file: Don't leak fences on merge failure
drivers/dma-buf/sync_file.c
* net: validate lwtstate->data before returning from skb_tunnel_info()
include/net/dst_metadata.h
* net: send SYNACK packet with accepted fwmark
net/ipv6/tcp_ipv6.c
net: ti: fix UAF in tlan_remove_one
net: qcom/emac: fix UAF in emac_remove
net: moxa: fix UAF in moxart_mac_probe
net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
* net: bridge: sync fdb to new unicast-filtering ports
net/bridge/br_if.c
* netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
net/netfilter/nf_conntrack_netlink.c
* net: ipv6: fix return value of ip6_skb_dst_mtu
include/net/ip6_route.h
net/ipv6/xfrm6_output.c
net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
dm writecache: fix writing beyond end of underlying device when shrinking
dm writecache: return the exact table values that were set
* mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
mm/slab_common.c
* sched/fair: Fix CFS bandwidth hrtimer expiry type
kernel/sched/fair.c
scsi: libfc: Fix array index out of bound exception
scsi: libsas: Add LUN number check in .slave_alloc callback
scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
rtc: max77686: Do not enforce (incorrect) interrupt trigger type
* kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
scripts/mkcompile_h
* thermal/core: Correct function name thermal_zone_device_unregister()
drivers/thermal/thermal_core.c
arm64: dts: ls208xa: remove bus-num from dspi node
soc/tegra: fuse: Fix Tegra234-only builds
ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings
ARM: dts: rockchip: fix supply properties in io-domains nodes
arm64: dts: juno: Update SCPI nodes as per the YAML schema
ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings
ARM: dts: stm32: fix RCC node name on stm32f429 MCU
ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
rtc: mxc_v2: add missing MODULE_DEVICE_TABLE
ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
ARM: dts: Hurricane 2: Fix NAND nodes names
ARM: dts: BCM63xx: Fix NAND nodes names
ARM: NSP: dts: fix NAND nodes names
ARM: Cygnus: dts: fix NAND nodes names
ARM: brcmstb: dts: fix NAND nodes names
reset: ti-syscon: fix to_ti_syscon_reset_data macro
arm64: dts: rockchip: Fix power-controller node names for rk3328
ARM: dts: rockchip: Fix power-controller node names for rk3288
ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
ARM: dts: rockchip: Fix the timer clocks order
arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
ARM: dts: gemini: add device_type on pci
ARM: dts: gemini: rename mdio to the right name
* ANDROID: generate_initcall_order.pl: Use two dash long options for llvm-nm
scripts/generate_initcall_order.pl
* Revert "media: subdev: disallow ioctl for saa6588/davinci"
include/media/v4l2-subdev.h
* ANDROID: GKI: fix up crc change in ip.h
include/net/ip.h
Merge 4.19.198 into android-4.19-stable
Linux 4.19.198
* seq_file: disallow extremely large seq buffer allocations
fs/seq_file.c
scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
* net: bridge: multicast: fix PIM hello router port marking race
net/bridge/br_multicast.c
MIPS: vdso: Invalid GIC access through VDSO
mips: disable branch profiling in boot/decompress.o
mips: always link byteswap helpers into decompressor
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery
ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems
ARM: dts: imx6q-dhcom: Fix ethernet reset time properties
ARM: dts: am437x: align ti,pindir-d0-out-d1-in property with dt-shema
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
memory: fsl_ifc: fix leak of private memory on probe failure
memory: fsl_ifc: fix leak of IO mapping on probe failure
* reset: bail if try_module_get() fails
drivers/reset/core.c
ARM: dts: BCM5301X: Fixup SPI binding
ARM: dts: r8a7779, marzen: Fix DU clock names
arm64: dts: renesas: v3msk: Fix memory size
* rtc: fix snprintf() checking in is_rtc_hctosys()
drivers/rtc/rtc-proc.c
memory: atmel-ebi: add missing of_node_put for loop iteration
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
reset: a10sr: add missing of_match_table reference
hexagon: use common DISCARDS macro
NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
ALSA: isa: Fix error return code in snd_cmi8330_probe()
virtio_net: move tx vq operation under tx queue lock
x86/fpu: Limit xstate copy size in xstateregs_set()
PCI: iproc: Support multi-MSI only on uniprocessor kernel
PCI: iproc: Fix multi-MSI base vector number allocation
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
nfs: fix acl memory leak of posix_acl_create()
watchdog: aspeed: fix hardware timeout calculation
um: fix error return code in winch_tramp()
um: fix error return code in slip_open()
NFSv4: Initialise connection to the server in nfs4_alloc_client()
* power: supply: rt5033_battery: Fix device tree enumeration
drivers/power/supply/Kconfig
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
* f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
fs/f2fs/super.c
virtio_console: Assure used length from device is limited
virtio_net: Fix error handling in virtnet_restore()
virtio-blk: Fix memory leak among suspend/resume procedure
ACPI: video: Add quirk for the Dell Vostro 3350
ACPI: AMBA: Fix resource name in /proc/iomem
pwm: tegra: Don't modify HW state in .remove callback
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
* NFS: nfs_find_open_context() may only select open files
include/linux/nfs_fs.h
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
orangefs: fix orangefs df output.
PCI: tegra: Add missing MODULE_DEVICE_TABLE
x86/fpu: Return proper error codes from user access functions
watchdog: iTCO_wdt: Account for rebooting on second timeout
watchdog: Fix possible use-after-free by calling del_timer_sync()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free in wdt_startup()
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
power: supply: max17042: Do not enforce (incorrect) interrupt trigger type
power: supply: ab8500: Avoid NULL pointers
pwm: spear: Don't modify HW state in .remove callback
* lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
lib/decompress_unlz4.c
* i2c: core: Disable client irq on reboot/shutdown
drivers/i2c/i2c-core-base.c
intel_th: Wait until port is in reset before programming it
staging: rtl8723bs: fix macro value for 2.4Ghz only device
ALSA: hda: Add IRQ check for platform_get_irq()
backlight: lm3630a: Fix return code of .update_status() callback
powerpc/boot: Fixup device-tree on little endian
usb: gadget: hid: fix error return code in hid_bind()
* usb: gadget: f_hid: fix endianness issue with descriptors
drivers/usb/gadget/function/f_hid.c
* ALSA: bebob: add support for ToneWeal FW66
sound/firewire/Kconfig
Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
* ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
sound/soc/soc-core.c
gpio: pca953x: Add support for the On Semi pca9655
selftests/powerpc: Fix "no_handler" EBB selftest
ALSA: ppc: fix error return code in snd_pmac_probe()
gpio: zynq: Check return value of pm_runtime_get_sync
powerpc/ps3: Add dma_mask to ps3_dma_region
ALSA: sb: Fix potential double-free of CSP mixer elements
selftests: timers: rtcpie: skip test if default RTC device does not exist
s390/sclp_vt220: fix console name to match device
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
scsi: qedi: Fix null ref during abort handling
scsi: iscsi: Fix shost->max_id use
* scsi: iscsi: Fix conn use after free during resets
include/scsi/libiscsi.h
* scsi: iscsi: Add iscsi_cls_conn refcount helpers
include/scsi/scsi_transport_iscsi.h
fs/jfs: Fix missing error code in lmLogInit()
scsi: scsi_dh_alua: Check for negative result value
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
ALSA: ac97: fix PM reference leak in ac97_bus_remove()
* scsi: core: Cap scsi_host cmd_per_lun at can_queue
drivers/scsi/hosts.c
scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
w1: ds2438: fixing bug that would always get page0
* Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
sound/firewire/Kconfig
misc/libmasm/module: Fix two use after free in ibmasm_init_one
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
PCI: aardvark: Fix kernel panic during PIO transfer
PCI: aardvark: Don't rely on jiffies while holding spinlock
tracing: Do not reference char * as a string in histograms
* scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
drivers/scsi/hosts.c
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
* smackfs: restrict bytes count in smk_set_cipso()
security/smack/smackfs.c
jfs: fix GPF in diFree
pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
media: gspca/sunplus: fix zero-length control requests
media: gspca/sq905: fix control-request direction
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: dtv5100: fix control-request directions
* media: subdev: disallow ioctl for saa6588/davinci
include/media/v4l2-subdev.h
PCI: aardvark: Fix checking for PIO Non-posted Request
* PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
drivers/pci/quirks.c
dm btree remove: assign new_root only when removal succeeds
* coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
drivers/hwtracing/coresight/coresight-tmc-etf.c
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
* tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
kernel/trace/trace.c
* tracing: Simplify & fix saved_tgids logic
kernel/trace/trace.c
* seq_buf: Fix overflow in seq_buf_putmem_hex()
lib/seq_buf.c
* power: supply: ab8500: Fix an old bug
include/linux/mfd/abx500/ux500_chargalg.h
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ASoC: tegra: Set driver_name=tegra for all machine drivers
* clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
drivers/clocksource/arm_arch_timer.c
* cpu/hotplug: Cure the cpusets trainwreck
kernel/cpu.c
ata: ahci_sunxi: Disable DIPM
mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
mmc: core: clear flags before allowing to retune
mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
drm/msm/mdp4: Fix modifier support enabling
pinctrl/amd: Add device HID for new AMD GPIO controller
drm/amd/display: fix incorrrect valid irq check
drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create()
* usb: gadget: f_fs: Fix setting of device and driver data cross-references
drivers/usb/gadget/function/f_fs.c
powerpc/barrier: Avoid collision with clang's __lwsync macro
* fuse: reject internal errno
fs/fuse/dev.c
serial: mvebu-uart: fix calculation of clock divisor
serial: mvebu-uart: clarify the baud rate derivation
* bdi: Do not use freezable workqueue
mm/backing-dev.c
* fscrypt: don't ignore minor_hash when hash is 0
fs/crypto/fname.c
MIPS: set mips32r5 for virt extensions
* sctp: add size validation when walking chunks
net/sctp/input.c
* sctp: validate from_addr_param return
include/net/sctp/structs.h
net/sctp/bind_addr.c
net/sctp/input.c
net/sctp/ipv6.c
net/sctp/protocol.c
net/sctp/sm_make_chunk.c
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
* Bluetooth: Shutdown controller after workqueues are flushed or cancelled
net/bluetooth/hci_core.c
* Bluetooth: Fix the HCI to MGMT status conversion table
net/bluetooth/mgmt.c
RDMA/cma: Fix rdma_resolve_route() memory leak
* net: ip: avoid OOM kills with large UDP sends over loopback
net/ipv4/ip_output.c
net/ipv6/ip6_output.c
media, bpf: Do not copy more entries than user space requested
* wireless: wext-spy: Fix out-of-bounds warning
net/wireless/wext-spy.c
sfc: error code if SRIOV cannot be disabled
sfc: avoid double pci_remove of VFs
iwlwifi: pcie: free IML DMA memory allocation
iwlwifi: mvm: don't change band on bound PHY contexts
RDMA/rxe: Don't overwrite errno from ib_umem_get()
vsock: notify server to shutdown when client has pending signal
atm: nicstar: register the interrupt handler in the right place
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
rtl8xxxu: Fix device info for RTL8192EU devices
* net: fix mistake path for netdev_features_strings
include/linux/netdev_features.h
include/uapi/linux/ethtool.h
cw1200: add missing MODULE_DEVICE_TABLE
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
* xfrm: Fix error reporting in xfrm_state_construct.
net/xfrm/xfrm_user.c
* selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
security/selinux/avc.c
fjes: check return value after calling platform_get_resource()
net: micrel: check return value after calling platform_get_resource()
net: mvpp2: check return value after calling platform_get_resource()
net: bcmgenet: check return value after calling platform_get_resource()
virtio_net: Remove BUG() to avoid machine dead
ice: set the value of global config lock timeout longer
pinctrl: mcp23s08: fix race condition in irq handler
dm space maps: don't reset space map allocation cursor when committing
RDMA/cxgb4: Fix missing error code in create_qp()
* ipv6: use prandom_u32() for ID generation
net/ipv6/output_core.c
clk: tegra: Ensure that PLLU configuration is applied properly
clk: renesas: r8a77995: Add ZA2 clock
e100: handle eeprom as little endian
udf: Fix NULL pointer dereference in udf_symlink function
drm/virtio: Fix double free on probe failure
reiserfs: add check for invalid 1st journal block
* net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
net/core/dev.c
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: iphase: fix possible use-after-free in ia_module_exit()
hugetlb: clear huge pte during flush function on mips platform
drm/amd/display: fix use_max_lb flag for 420 pixel formats
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
drm/amd/amdgpu/sriov disable all ip hw status by default
* drm/zte: Don't select DRM_KMS_FB_HELPER
drivers/gpu/drm/zte/Kconfig
* drm/mxsfb: Don't select DRM_KMS_FB_HELPER
drivers/gpu/drm/mxsfb/Kconfig
mmc: vub3000: fix control-request direction
mmc: block: Disable CMDQ on the ioctl path
perf llvm: Return -ENOMEM when asprintf() fails
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
vfio/pci: Handle concurrent vma faults
arm64: dts: marvell: armada-37xx: Fix reg for standard variant of UART
serial: mvebu-uart: correctly calculate minimal possible baudrate
powerpc: Offline CPU in stop_this_cpu()
leds: ktd2692: Fix an error handling path
leds: as3645a: Fix error return code in as3645a_parse_node()
* configfs: fix memleak in configfs_release_bin_file
fs/configfs/file.c
ASoC: atmel-i2s: Fix usage of capture and playback at the same time
extcon: max8997: Add missing modalias string
extcon: sm5502: Drop invalid register write in sm5502_reg_data
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume()
* of: Fix truncation of memory sizes on 32-bit platforms
drivers/of/fdt.c
drivers/of/of_reserved_mem.c
ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
staging: mt7621-dts: fix pci address for PCI memory range
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
eeprom: idt_89hpesx: Restore printing the unsupported fwnode name
eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
s390: appldata depends on PROC_SYSCTL
visorbus: fix error return code in visorchipset_init()
fsi/sbefifo: Fix reset timeout
fsi/sbefifo: Clean up correct FIFO when receiving reset request from SBE
fsi: scom: Reset the FSI2PIB engine for any error
fsi: core: Fix return of error values on failures
scsi: FlashPoint: Rename si_flags field
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
Input: hil_kbd - fix error return code in hil_dev_connect()
ASoC: rsnd: tidyup loop on rsnd_adg_clk_query()
ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup()
iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adis_buffer: do not return ints in irq handlers
mwifiex: re-fix for unaligned accesses
tty: nozomi: Fix a resource leak in an error handling function
RDMA/mlx5: Don't access NULL-cleared mpi pointer
net: sched: fix warning in tcindex_alloc_perfect_hash
* net: lwtunnel: handle MTU calculation in forwading
include/net/ip.h
include/net/ip6_route.h
net/ipv4/route.c
* writeback: fix obtain a reference to a freeing memcg css
fs/fs-writeback.c
* Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
net/bluetooth/hci_event.c
* Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
net/bluetooth/mgmt.c
* ipv6: fix out-of-bound access in ip6_parse_tlv()
net/ipv6/exthdrs.c
ibmvnic: free tx_pool if tso_pool alloc fails
Revert "ibmvnic: remove duplicate napi_schedule call in open function"
i40e: Fix autoneg disabling for non-10GBaseT links
i40e: Fix error handling in i40e_vsi_open
* bpf: Do not change gso_size during bpf_skb_change_proto()
net/core/filter.c
* ipv6: exthdrs: do not blindly use init_net
net/ipv6/exthdrs.c
net: bcmgenet: Fix attaching to PYH failed on RPi 4B
mac80211: remove iwlwifi specific workaround NDPs of null_response
ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
ieee802154: hwsim: Fix memory leak in hwsim_add_one
* net/ipv4: swap flow ports when validating source
net/ipv4/fib_frontend.c
vxlan: add missing rcu_read_lock() in neigh_reduce()
pkt_sched: sch_qfq: fix qfq_change_class() error path
net: ethernet: ezchip: fix error handling
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: aeroflex: fix UAF in greth_of_remove
samples/bpf: Fix the error return code of xdp_redirect's main()
RDMA/rxe: Fix qp reference counting for atomic ops
netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
netfilter: nft_osf: check for TCP packet before further processing
netfilter: nft_exthdr: check for IPv6 packet before further processing
RDMA/mlx5: Don't add slave port to unaffiliated list
* netlabel: Fix memory leak in netlbl_mgmt_add_common
net/netlabel/netlabel_mgmt.c
ath10k: Fix an error code in ath10k_add_interface()
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
brcmfmac: correctly report average RSSI in station info
brcmfmac: fix setting of station info chains bitmask
ssb: Fix error return code in ssb_bus_scan()
wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
* wireless: carl9170: fix LEDS build errors & warnings
drivers/net/wireless/ath/carl9170/Kconfig
tools/bpftool: Fix error return code in do_batch()
drm: qxl: ensure surf.data is ininitialized
RDMA/rxe: Fix failure during driver load
ehea: fix error return code in ehea_restart_qps()
drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write()
net: pch_gbe: Propagate error from devm_gpio_request_one()
net: mvpp2: Put fwnode in error case during ->probe()
ocfs2: fix snprintf() checking
blk-wbt: make sure throttle is enabled properly
* blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled()
block/blk-wbt.h
ACPI: sysfs: Fix a buffer overrun problem with description_show()
crypto: nx - Fix RCU warning in nx842_OF_upd_status
spi: spi-sun6i: Fix chipselect/clock bug
btrfs: clear log tree recovering status if starting transaction fails
hwmon: (max31790) Fix fan speed reporting for fan7..12
hwmon: (max31722) Remove non-standard ACPI device IDs
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
media: gspca/gl860: fix zero-length control requests
media: tc358743: Fix error return code in tc358743_probe_of()
media: exynos4-is: Fix a use after free in isp_video_release
pata_ep93xx: fix deferred probing
media: rc: i2c: Fix an error message
crypto: ccp - Fix a resource leak in an error handling path
evm: fix writing <securityfs>/evm overflow
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_rb532_cf: fix deferred probing
sata_highbank: fix deferred probing
crypto: ux500 - Fix error return code in hash_hw_final()
crypto: ixp4xx - dma_unmap the correct address
media: s5p_cec: decrement usage count if disabled
ia64: mca_drv: fix incorrect array size calculation
HID: wacom: Correct base usage for capacitive ExpressKey status bits
ACPI: tables: Add custom DSDT file as makefile prerequisite
* clocksource: Retry clock read if long delays detected
kernel/time/clocksource.c
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
ACPI: bus: Call kobject_put() in acpi_init() error path
ACPICA: Fix memory leak caused by _CID repair function
fs: dlm: fix memory leak when fenced
* random32: Fix implicit truncation warning in prandom_seed_state()
include/linux/prandom.h
fs: dlm: cancel work sync othercon
* block_dump: remove block_dump feature in mark_inode_dirty()
fs/fs-writeback.c
ACPI: EC: Make more Asus laptops use ECDT _GPE
* lib: vsprintf: Fix handling of number field widths in vsscanf
lib/kstrtox.c
lib/kstrtox.h
lib/vsprintf.c
hv_utils: Fix passing zero to 'PTR_ERR' warning
ACPI: processor idle: Fix up C-state latency if not ordered
EDAC/ti: Add missing MODULE_DEVICE_TABLE
* HID: do not use down_interruptible() when unbinding devices
drivers/hid/hid-core.c
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
* btrfs: disable build on platforms having page size 256K
fs/btrfs/Kconfig
btrfs: abort transaction if we fail to update the delayed inode
btrfs: fix error handling in __btrfs_update_delayed_inode
media: imx-csi: Skip first few frames from a BT.656 source
media: siano: fix device register error path
media: dvb_net: avoid speculation from net slot
* crypto: shash - avoid comparing pointers to exported functions under CFI
crypto/shash.c
include/crypto/internal/hash.h
mmc: via-sdmmc: add a check against NULL pointer dereference
media: dvd_usb: memory leak in cinergyt2_fe_attach
media: st-hva: Fix potential NULL pointer dereferences
media: bt8xx: Fix a missing check bug in bt878_probe
* media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
drivers/media/v4l2-core/v4l2-fh.c
media: em28xx: Fix possible memory leak of em28xx struct
* sched/fair: Fix ascii art by relpacing tabs
kernel/sched/fair.c
crypto: qat - remove unused macro in FW loader
crypto: qat - check return code of qat_hal_rd_rel_reg()
media: pvrusb2: fix warning in pvr2_i2c_core_done
media: cobalt: fix race condition in setting HPD
media: cpia2: fix memory leak in cpia2_usb_probe
crypto: nx - add missing MODULE_DEVICE_TABLE
regulator: uniphier: Add missing MODULE_DEVICE_TABLE
spi: omap-100k: Fix the length judgment problem
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
* spi: Make of_register_spi_device also set the fwnode
drivers/spi/spi.c
* fuse: check connected before queueing on fpq->io
fs/fuse/dev.c
evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
evm: Execute evm_inode_init_security() only when an HMAC key is loaded
powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
* seq_buf: Make trace_seq_putmem_hex() support data longer than 8
lib/seq_buf.c
* tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
include/linux/tracepoint.h
kernel/trace/bpf_trace.c
kernel/tracepoint.c
tracing/histograms: Fix parsing of "sym-offset" modifier
rsi: fix AP mode with WPA failure due to encrypted EAPOL
rsi: Assign beacon rate settings to the correct rate_info descriptor field
ssb: sdio: Don't overwrite const buffer if block_write fails
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
serial_cs: remove wrong GLOBETROTTER.cis entry
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: light: tcs3472: do not free unallocated IRQ
rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path
s390/cio: dont call css_wait_for_slow_path() inside a lock
SUNRPC: Should wake up the privileged task firstly.
SUNRPC: Fix the batch tasks count wraparound.
can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path
can: gw: synchronize rcu operations before removing gw job entry
can: bcm: delay release of struct bcm_op after synchronize_rcu()
* ext4: use ext4_grp_locked_error in mb_find_extent
fs/ext4/mballoc.c
* ext4: fix avefreec in find_group_orlov
fs/ext4/ialloc.c
* ext4: remove check for zero nr_to_scan in ext4_es_scan()
fs/ext4/extents_status.c
* ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
fs/ext4/extents_status.c
* ext4: return error code when ext4_fill_flex_info() fails
fs/ext4/super.c
* ext4: fix kernel infoleak via ext4_extent_header
fs/ext4/extents.c
* ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle
fs/ext4/super.c
btrfs: clear defrag status of a root if starting transaction fails
btrfs: send: fix invalid path for unlink operations after parent orphanization
ARM: dts: at91: sama5d4: fix pinctrl muxing
arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
* iov_iter_fault_in_readable() should do nothing in xarray case
lib/iov_iter.c
ntfs: fix validity check for file name attribute
* xhci: solve a double free problem while doing s4
drivers/usb/host/xhci-mem.c
* usb: typec: Add the missed altmode_id_remove() in typec_register_altmode()
drivers/usb/typec/class.c
* usb: dwc3: Fix debugfs creation flow
drivers/usb/dwc3/core.c
USB: cdc-acm: blacklist Heimann USB Appset device
usb: gadget: eem: fix echo command packet response issue
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
Input: usbtouchscreen - fix control-request directions
media: dvb-usb: fix wrong definition
* ALSA: usb-audio: Fix OOB access at proc output
sound/usb/mixer.c
* ALSA: usb-audio: fix rate on Ozone Z90 USB headset
sound/usb/format.c
* scsi: core: Retry I/O for Notify (Enable Spinup) Required error
drivers/scsi/scsi_lib.c
* Revert "clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940"
include/linux/cpuhotplug.h
Merge 4.19.197 into android-4.19-stable
Linux 4.19.197
* clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940
include/linux/cpuhotplug.h
clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue
clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support
ARM: OMAP: replace setup_irq() by request_irq()
KVM: SVM: Call SEV Guest Decommission if ASID binding fails
xen/events: reset active flag for lateeoi events later
* kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
kernel/kthread.c
* kthread_worker: split code for canceling the delayed work timer
kernel/kthread.c
ARM: dts: imx6qdl-sabresd: Remove incorrect power supply assignment
KVM: SVM: Periodically schedule when unregistering regions on destroy
* ext4: eliminate bogus error in ext4_data_block_valid_rcu()
fs/ext4/block_validity.c
drm/nouveau: fix dma_address check for CPU/GPU sync
scsi: sr: Return appropriate error code when disk is ejected
* mm, futex: fix shared futex pgoff on shmem huge page
include/linux/hugetlb.h
include/linux/pagemap.h
kernel/futex.c
* mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk()
mm/page_vma_mapped.c
* mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): get vma_address_end() earlier
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): use goto instead of while (1)
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): add a level of indentation
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): crossing page table boundary
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): settle PageHuge on entry
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): use page for pvmw->page
mm/page_vma_mapped.c
mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
* mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
include/linux/mm.h
mm/memory.c
mm/truncate.c
* mm/thp: fix page_address_in_vma() on file THP tails
mm/rmap.c
* mm/thp: fix vma_address() if virtual address below file offset
mm/internal.h
mm/page_vma_mapped.c
mm/rmap.c
* mm/thp: try_to_unmap() use TTU_SYNC for safe splitting
include/linux/rmap.h
mm/page_vma_mapped.c
mm/rmap.c
* mm/thp: make is_huge_zero_pmd() safe and quicker
include/linux/huge_mm.h
* mm/thp: fix __split_huge_pmd_locked() on shmem migration entry
mm/pgtable-generic.c
* mm/rmap: use page_not_mapped in try_to_unmap()
mm/rmap.c
* mm/rmap: remove unneeded semicolon in page_not_mapped()
mm/rmap.c
* mm: add VM_WARN_ON_ONCE_PAGE() macro
include/linux/mmdebug.h
Bug: 196282886
Change-Id: I0af3abfa9aaa6da3e884f1a692da381e8e140bee
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Krzysztof Kozlowski
|
0bf3eb2e85 |
nfc: nfcsim: fix use after free during module unload
commit 5e7b30d24a5b8cb691c173b45b50e3ca0191be19 upstream.
There is a use after free memory corruption during module exit:
- nfcsim_exit()
- nfcsim_device_free(dev0)
- nfc_digital_unregister_device()
This iterates over command queue and frees all commands,
- dev->up = false
- nfcsim_link_shutdown()
- nfcsim_link_recv_wake()
This wakes the sleeping thread nfcsim_link_recv_skb().
- nfcsim_link_recv_skb()
Wake from wait_event_interruptible_timeout(),
call directly the deb->cb callback even though (dev->up == false),
- digital_send_cmd_complete()
Dereference of "struct digital_cmd" cmd which was freed earlier by
nfc_digital_unregister_device().
This causes memory corruption shortly after (with unrelated stack
trace):
nfc nfc0: NFC: nfcsim_recv_wq: Device is down
llcp: nfc_llcp_recv: err -19
nfc nfc1: NFC: nfcsim_recv_wq: Device is down
BUG: unable to handle page fault for address: ffffffffffffffed
Call Trace:
fsnotify+0x54b/0x5c0
__fsnotify_parent+0x1fe/0x300
? vfs_write+0x27c/0x390
vfs_write+0x27c/0x390
ksys_write+0x63/0xe0
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x44/0xae
KASAN report:
BUG: KASAN: use-after-free in digital_send_cmd_complete+0x16/0x50
Write of size 8 at addr ffff88800a05f720 by task kworker/0:2/71
Workqueue: events nfcsim_recv_wq [nfcsim]
Call Trace:
dump_stack_lvl+0x45/0x59
print_address_description.constprop.0+0x21/0x140
? digital_send_cmd_complete+0x16/0x50
? digital_send_cmd_complete+0x16/0x50
kasan_report.cold+0x7f/0x11b
? digital_send_cmd_complete+0x16/0x50
? digital_dep_link_down+0x60/0x60
digital_send_cmd_complete+0x16/0x50
nfcsim_recv_wq+0x38f/0x3d5 [nfcsim]
? nfcsim_in_send_cmd+0x4a/0x4a [nfcsim]
? lock_is_held_type+0x98/0x110
? finish_wait+0x110/0x110
? rcu_read_lock_sched_held+0x9c/0xd0
? rcu_read_lock_bh_held+0xb0/0xb0
? lockdep_hardirqs_on_prepare+0x12e/0x1f0
This flow of calling digital_send_cmd_complete() callback on driver exit
is specific to nfcsim which implements reading and sending work queues.
Since the NFC digital device was unregistered, the callback should not
be called.
Fixes:
|
||
|
Lucas Wei
|
eeede586e2 |
Merge android-msm-pixel-4.19 into android-msm-barbet-4.19
Bug: 187909050 Change-Id: I3e9e177868b44a23e6e76c194764bd0f273db1bf Signed-off-by: Lucas Wei <lucaswei@google.com> |
||
|
Lucas Wei
|
7ec4bc1d47 |
Merge android-4.19-stable (4.19.191) into android-msm-pixel-4.19-lts
Merge 4.19.191 into android-4.19-stable
Linux 4.19.191
scripts: switch explicitly to Python 3
tweewide: Fix most Shebang lines
* KVM: arm64: Initialize VCPU mdcr_el2 before loading it
arch/arm64/include/asm/kvm_host.h
* iomap: fix sub-page uptodate handling
fs/iomap.c
include/linux/iomap.h
* ipv6: remove extra dev_hold() for fallback tunnels
net/ipv6/ip6_tunnel.c
net/ipv6/ip6_vti.c
net/ipv6/sit.c
* ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
net/ipv6/ip6_tunnel.c
* sit: proper dev_{hold|put} in ndo_[un]init methods
net/ipv6/sit.c
ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
net: stmmac: Do not enable RX FIFO overflow interrupts
lib: stackdepot: turn depot_lock spinlock to raw_spinlock
* block: reexpand iov_iter after read/write
fs/block_dev.c
ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id not found
ceph: fix fscache invalidation
riscv: Workaround mcount name prior to clang-13
scripts/recordmcount.pl: Fix RISC-V regex for clang
ARM: 9075/1: kernel: Fix interrupted SMC calls
um: Mark all kernel symbols as local
Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state
Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices
ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
* PCI: thunder: Fix compile testing
drivers/pci/controller/pci-thunder-ecam.c
drivers/pci/controller/pci-thunder-pem.c
drivers/pci/pci.h
xsk: Simplify detection of empty and full rings
pinctrl: ingenic: Improve unreachable code generation
isdn: capi: fix mismatched prototypes
cxgb4: Fix the -Wmisleading-indentation warning
usb: sl811-hcd: improve misleading indentation
kgdb: fix gcc-11 warning on indentation
x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
nvme: do not try to reconfigure APST when the controller is not live
clk: exynos7: Mark aclk_fsys1_200 as critical
* netfilter: conntrack: Make global sysctls readonly in non-init netns
net/netfilter/nf_conntrack_standalone.c
* kobject_uevent: remove warning in init_uevent_argv()
lib/kobject_uevent.c
thermal/core/fair share: Lock the thermal zone while looping over instances
MIPS: Avoid handcoded DIVU in `__div64_32' altogether
MIPS: Avoid DIVU in `__div64_32' is result would be zero
MIPS: Reinstate platform `__div64_32' handler
* FDDI: defxx: Make MMIO the configuration default except for EISA
drivers/net/fddi/Kconfig
KVM: x86: Cancel pvclock_gtod_work on module removal
cdc-wdm: untangle a circular dependency between callback and softint
iio: tsl2583: Fix division by a zero lux_val
iio: gyro: mpu3050: Fix reported temperature value
* xhci: Add reset resume quirk for AMD xhci controller.
drivers/usb/host/xhci-pci.c
* xhci: Do not use GFP_KERNEL in (potentially) atomic context
drivers/usb/host/xhci.c
* usb: dwc3: gadget: Return success always for kick transfer in ep queue
drivers/usb/dwc3/gadget.c
* usb: core: hub: fix race condition about TRSMRCY of resume
drivers/usb/core/hub.c
usb: dwc2: Fix gadget DMA unmap direction
* usb: xhci: Increase timeout for HC halt
drivers/usb/host/xhci-ext-caps.h
usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield
usb: dwc3: omap: improve extcon initialization
* blk-mq: Swap two calls in blk_mq_exit_queue()
block/blk-mq.c
ACPI: scan: Fix a memory leak in an error handling path
usb: fotg210-hcd: Fix an error message
iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected
* userfaultfd: release page in error path to avoid BUG_ON
mm/shmem.c
squashfs: fix divide error in calculate_skip()
hfsplus: prevent corruption in shrinking truncate
powerpc/64s: Fix crashes when toggling entry flush barrier
powerpc/64s: Fix crashes when toggling stf barrier
ARC: entry: fix off-by-one error in syscall number validation
i40e: Fix use-after-free in i40e_client_subtask()
netfilter: nftables: avoid overflows in nft_hash_buckets()
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
* sched/fair: Fix unfairness caused by missing load decay
kernel/sched/fair.c
netfilter: nfnetlink_osf: Fix a missing skb_header_pointer() NULL check
smc: disallow TCP_ULP in smc_setsockopt()
* net: fix nla_strcmp to handle more then one trailing null character
lib/nlattr.c
ksm: fix potential missing rmap_item for stable_node
mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
drm/radeon: Avoid power table parsing memory leaks
drm/radeon: Fix off-by-one power_state index heap overwrite
* netfilter: xt_SECMARK: add new revision to fix structure layout
include/uapi/linux/netfilter/xt_SECMARK.h
net/netfilter/xt_SECMARK.c
* sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
net/sctp/sm_statefuns.c
ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
* sctp: do asoc update earlier in sctp_sf_do_dupcook_a
net/sctp/sm_statefuns.c
net: hns3: disable phy loopback setting in hclge_mac_start_phy
rtc: ds1307: Fix wday settings for rx8130
NFSv4.2 fix handling of sr_eof in SEEK's reply
pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
PCI: endpoint: Fix missing destroy_workqueue()
NFS: Deal correctly with attribute generation counter overflow
NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
* rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
drivers/rpmsg/qcom_glink_native.c
ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
* PCI: Release OF node in pci_scan_device()'s error path
drivers/pci/probe.c
PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
* f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
fs/f2fs/inline.c
ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
ia64: module: fix symbolizer crash on fdescr
net: ethernet: mtk_eth_soc: fix RX VLAN offload
powerpc/iommu: Annotate nested lock for lockdep
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
powerpc/pseries: Stop calling printk in rtas_stop_self()
samples/bpf: Fix broken tracex1 due to kprobe argument change
* ethtool: ioctl: Fix out-of-bounds warning in store_link_ksettings_for_user()
net/core/ethtool.c
ASoC: rt286: Generalize support for ALC3263 codec
powerpc/smp: Set numa node before updating mask
* sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
net/sctp/sm_make_chunk.c
kconfig: nconf: stop endless search loops
selftests: Set CC to clang in lib.mk if LLVM is set
cuse: prevent clone
pinctrl: samsung: use 'int' for register masks in Exynos
mac80211: clear the beacon's CRC after channel switch
* i2c: Add I2C_AQ_NO_REP_START adapter quirk
include/linux/i2c.h
ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
* ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
net/ipv6/ip6_vti.c
* Bluetooth: check for zapped sk before connecting
net/bluetooth/l2cap_sock.c
* net: bridge: when suppression is enabled exclude RARP packets
net/bridge/br_arp_nd_proxy.c
* Bluetooth: initialize skb_queue_head at l2cap_chan_create()
net/bluetooth/l2cap_core.c
* Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
net/bluetooth/l2cap_core.c
ALSA: rme9652: don't disable if not enabled
ALSA: hdspm: don't disable if not enabled
ALSA: hdsp: don't disable if not enabled
* i2c: bail out early when RDWR parameters are wrong
drivers/i2c/i2c-dev.c
net: stmmac: Set FIFO sizes for ipq806x
ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF
* tipc: convert dest node's address to network order
net/tipc/netlink_compat.c
fs: dlm: fix debugfs dump
tpm: fix error return code in tpm2_get_cc_attrs_tbl()
* Revert "fdt: Properly handle "no-map" field in the memory region"
drivers/of/fdt.c
* Revert "of/fdt: Make sure no-map does not remove already reserved regions"
drivers/of/fdt.c
* sctp: delay auto_asconf init until binding the first addr
net/sctp/socket.c
* Revert "net/sctp: fix race condition in sctp_destroy_sock"
net/sctp/socket.c
* smp: Fix smp_call_function_single_async prototype
include/linux/smp.h
kernel/smp.c
* net: Only allow init netns to set default tcp cong to a restricted algo
net/ipv4/tcp_cong.c
mm/memory-failure: unnecessary amount of unmapping
* mm/sparse: add the missing sparse_buffer_fini() in error branch
mm/sparse.c
kfifo: fix ternary sign extension bugs
net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
arm64: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins for RTL8211E
bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock
ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
net: davinci_emac: Fix incorrect masking of tx and rx error channel
* ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check fails
sound/usb/midi.c
RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
vsock/vmci: log once the failed queue pair allocation
mwl8k: Fix a double Free in mwl8k_probe_hw
i2c: sh7760: fix IRQ error path
rtlwifi: 8821ae: upgrade PHY and RF parameters
powerpc/pseries: extract host bridge from pci_bus prior to bus removal
MIPS: pci-legacy: stop using of_pci_range_to_resource
drm/i915/gvt: Fix error code in intel_gvt_init_device()
ASoC: ak5558: correct reset polarity
i2c: sh7760: add IRQ check
i2c: jz4780: add IRQ check
i2c: emev2: add IRQ check
i2c: cadence: add IRQ check
RDMA/srpt: Fix error return code in srpt_cm_req_recv()
net: thunderx: Fix unintentional sign extension issue
IB/hfi1: Fix error return code in parse_platform_config()
mt7601u: fix always true expression
mac80211: bail out if cipher schemes are invalid
powerpc: iommu: fix build when neither PCI or IBMVIO is set
powerpc/perf: Fix PMU constraint check for EBB events
powerpc/64s: Fix pte update for kernel memory on radix
liquidio: Fix unintented sign extension of a left shift of a u16
* ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
sound/usb/card.c
sound/usb/quirks.c
sound/usb/usbaudio.h
net: hns3: Limiting the scope of vector_ring_chain variable
nfc: pn533: prevent potential memory corruption
* bug: Remove redundant condition check in report_bug
lib/bug.c
* ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
sound/core/init.c
powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
powerpc/prom: Mark identical_pvr_fixup as __init
net: lapbether: Prevent racing when checking whether the netif is running
perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
* HID: plantronics: Workaround for double volume key presses
drivers/hid/hid-ids.h
drivers/hid/hid-plantronics.c
include/linux/hid.h
drivers/block/null_blk/main: Fix a double free in null_init.
* sched/debug: Fix cgroup_path[] serialization
kernel/sched/debug.c
x86/events/amd/iommu: Fix sysfs type mismatch
HSI: core: fix resource leaks in hsi_add_client_from_dt()
mfd: stm32-timers: Avoid clearing auto reload register
scsi: ibmvfc: Fix invalid state machine BUG_ON()
scsi: sni_53c710: Add IRQ check
scsi: sun3x_esp: Add IRQ check
scsi: jazz_esp: Add IRQ check
clk: uniphier: Fix potential infinite loop
clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE
vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
nvme: retrigger ANA log update if group descriptor isn't found
ata: libahci_platform: fix IRQ check
sata_mv: add IRQ checks
pata_ipx4xx_cf: fix IRQ check
pata_arasan_cf: fix IRQ check
x86/kprobes: Fix to check non boostable prefixes correctly
drm/amdkfd: fix build error with AMD_IOMMU_V2=m
media: m88rs6000t: avoid potential out-of-bounds reads on arrays
media: omap4iss: return error code when omap4iss_get() failed
media: vivid: fix assignment of dev->fbuf_out_flags
soc: aspeed: fix a ternary sign expansion bug
* ttyprintk: Add TTY hangup callback.
drivers/char/ttyprintk.c
usb: dwc2: Fix hibernation between host and device modes.
usb: dwc2: Fix host mode hibernation exit with remote wakeup flow.
Drivers: hv: vmbus: Increase wait time for VMbus unload
x86/platform/uv: Fix !KEXEC build failure
platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table
usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
* firmware: qcom-scm: Fix QCOM_SCM configuration
drivers/firmware/Kconfig
* tty: fix return value for unsupported ioctls
drivers/tty/tty_io.c
include/linux/tty_driver.h
* tty: actually undefine superseded ASYNC flags
include/uapi/linux/tty_flags.h
USB: cdc-acm: fix unprivileged TIOCCSERIAL
usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
cpufreq: armada-37xx: Fix determining base CPU frequency
cpufreq: armada-37xx: Fix driver cleanup when registration failed
clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0
clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz
cpufreq: armada-37xx: Fix the AVS value for load L1
clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock
cpufreq: armada-37xx: Fix setting TBG parent for load levels
crypto: qat - Fix a double free in adf_create_ring
ACPI: CPPC: Replace cppc_attr with kobj_attribute
* soc: qcom: mdt_loader: Detect truncated read of segments
drivers/soc/qcom/mdt_loader.c
* soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
drivers/soc/qcom/mdt_loader.c
* spi: Fix use-after-free with devm_spi_alloc_*
drivers/spi/spi.c
include/linux/spi/spi.h
staging: greybus: uart: fix unprivileged TIOCCSERIAL
staging: rtl8192u: Fix potential infinite loop
* irqchip/gic-v3: Fix OF_BAD_ADDR error handling
drivers/irqchip/irq-gic-v3-mbi.c
mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
soundwire: stream: fix memory leak in stream config error path
USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
usb: gadget: aspeed: fix dma map failure
crypto: qat - fix error path in adf_isr_resource_alloc()
* phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally
drivers/phy/marvell/Kconfig
soundwire: bus: Fix device found flag correctly
* bus: qcom: Put child node before return
drivers/bus/qcom-ebi2.c
mtd: require write permissions for locking and badblock ioctls
fotg210-udc: Complete OUT requests on short packets
fotg210-udc: Don't DMA more than the buffer can take
fotg210-udc: Mask GRP2 interrupts we don't handle
fotg210-udc: Remove a dubious condition leading to fotg210_done
fotg210-udc: Fix EP0 IN requests bigger than two packets
fotg210-udc: Fix DMA on EP0 for length > max packet size
crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
crypto: qat - don't release uninitialized resources
usb: gadget: pch_udc: Check for DMA mapping error
usb: gadget: pch_udc: Check if driver is present before calling ->setup()
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
x86/microcode: Check for offline CPUs before requesting new microcode
mtd: rawnand: qcom: Return actual error code instead of -ENODEV
mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions()
mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC
mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe()
* regmap: set debugfs_name to NULL after it is freed
drivers/base/regmap/regmap-debugfs.c
usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
serial: stm32: fix tx_empty condition
serial: stm32: fix incorrect characters on console
ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
ARM: dts: exynos: correct PMIC interrupt trigger level on Midas family
ARM: dts: exynos: correct MUIC interrupt trigger level on Midas family
ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas family
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
usb: gadget: pch_udc: Revert
|
||
|
Dan Carpenter
|
e025909a4a |
nfc: pn533: prevent potential memory corruption
[ Upstream commit ca4d4c34ae9aa5c3c0da76662c5e549d2fc0cc86 ]
If the "type_a->nfcid_len" is too large then it would lead to memory
corruption in pn533_target_found_type_a() when we do:
memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
Fixes:
|
||
|
JohnnLee
|
d2e380a159 |
Merge branch android-msm-pixel-4.19 into android-msm-barbet-4.19
Merged from android-msm-pixel-4.19 au108 Conflicts: android/abi_gki_aarch64_redbull android/abi_gki_aarch64_redbull.xml arch/arm64/boot/dts/google/lito-redbull-display.dtsi build.config.redbull.common build.config.redbull.vintf drivers/power/supply/google/gbms_storage.h drivers/power/supply/google/google_battery.c drivers/power/supply/google/google_bms.h fs/incfs/pseudo_files.c include/uapi/asm-generic/ioctls.h Bug: 184813985 Change-Id: Idfb368a8655f7ca4c5b829669e96624fcb0d7f9e Signed-off-by: JohnnLee <johnnlee@google.com> |
||
|
Lucas Wei
|
e7e6a26ceb |
Merge LA.UM.9.12.R2.10.00.00.685.039 via branch 'qcom-msm-4.19-7250' into android-msm-pixel-4.19
Conflicts: modified: arch/arm64/configs/redbull_defconfig modified: arch/arm64/configs/vendor/kona_defconfig modified: arch/arm64/configs/vendor/lito_defconfig modified: arch/arm64/include/asm/traps.h modified: arch/arm64/kernel/smp.c modified: arch/arm64/mm/dma-mapping.c modified: arch/arm64/mm/fault.c modified: drivers/android/binder.c modified: drivers/base/power/wakeup.c modified: drivers/bus/mhi/core/mhi_main.c modified: drivers/clk/clk.c modified: drivers/clocksource/arm_arch_timer.c modified: drivers/cpuidle/lpm-levels.c modified: drivers/crypto/msm/qcedev.c modified: drivers/devfreq/governor_memlat_trace.h modified: drivers/dma-buf/dma-buf.c modified: drivers/gpu/Makefile modified: drivers/gpu/drm/drm_dp_mst_topology.c modified: drivers/gpu/drm/drm_edid.c modified: drivers/gpu/msm/Kconfig modified: drivers/gpu/msm/kgsl.c modified: drivers/gpu/msm/kgsl_sharedmem.c modified: drivers/hwtracing/coresight/coresight-etm-perf.c modified: drivers/hwtracing/coresight/coresight-tmc-etr.c modified: drivers/iommu/arm-smmu.c modified: drivers/iommu/io-pgtable-arm.c modified: drivers/iommu/io-pgtable-fast.c modified: drivers/iommu/io-pgtable.c modified: drivers/iommu/iommu.c modified: drivers/leds/leds-qpnp-flash-v2.c modified: drivers/misc/Kconfig modified: drivers/misc/qseecom.c modified: drivers/mmc/core/Kconfig modified: drivers/mmc/core/block.c modified: drivers/mmc/host/cqhci-crypto-qti.c modified: drivers/mmc/host/cqhci-crypto.c modified: drivers/mmc/host/cqhci.c modified: drivers/mmc/host/sdhci-msm.c modified: drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c modified: drivers/net/wireless/ath/wil6210/interrupt.c modified: drivers/net/wireless/ath/wil6210/wmi.c modified: drivers/platform/msm/ipa/ipa_v3/ipa_qmi_service.c modified: drivers/power/supply/power_supply_sysfs.c modified: drivers/power/supply/qcom/Kconfig modified: drivers/power/supply/qcom/Makefile modified: drivers/power/supply/qcom/qg-core.h modified: drivers/power/supply/qcom/qpnp-qg.c modified: drivers/power/supply/qcom/qpnp-smb5.c modified: drivers/power/supply/qcom/smb5-lib.c modified: drivers/power/supply/qcom/smb5-lib.h modified: drivers/regulator/core.c modified: drivers/regulator/proxy-consumer.c modified: drivers/scsi/ufs/ufs_quirks.h modified: drivers/scsi/ufs/ufshcd.c modified: drivers/soc/qcom/icnss.c modified: drivers/soc/qcom/minidump_log.c modified: drivers/soc/qcom/watchdog_v2.c modified: drivers/spi/spi-geni-qcom.c modified: drivers/staging/android/ion/Makefile modified: drivers/staging/android/ion/ion.c modified: drivers/thermal/cpu_cooling.c modified: drivers/thermal/of-thermal.c modified: drivers/thermal/thermal_core.c modified: drivers/tty/serial/Kconfig modified: drivers/tty/serial/Makefile modified: drivers/tty/serial/msm_geni_serial.c modified: drivers/usb/core/usb.c modified: drivers/usb/dwc3/gadget.c modified: drivers/usb/dwc3/gadget.h modified: drivers/usb/gadget/composite.c modified: drivers/usb/gadget/epautoconf.c modified: drivers/usb/gadget/udc/core.c modified: drivers/usb/host/xhci.c modified: fs/crypto/crypto.c modified: fs/crypto/keysetup.c modified: fs/crypto/keysetup_v1.c modified: fs/f2fs/checkpoint.c modified: fs/f2fs/data.c modified: fs/f2fs/f2fs.h modified: fs/f2fs/node.c modified: fs/incfs/Kconfig modified: fs/incfs/data_mgmt.c modified: fs/incfs/data_mgmt.h modified: fs/incfs/vfs.c modified: fs/proc/task_mmu.c modified: include/drm/drm_connector.h modified: include/drm/drm_dp_mst_helper.h modified: include/linux/clk-provider.h modified: include/linux/dma-buf.h modified: include/linux/dma-mapping.h modified: include/linux/fs.h modified: include/linux/io-pgtable.h modified: include/linux/iommu.h modified: include/linux/mm.h modified: include/linux/mm_types.h modified: include/linux/mmc/host.h modified: include/linux/mmzone.h modified: include/linux/perf_event.h modified: include/linux/power_supply.h modified: include/linux/pwm.h modified: include/linux/regulator/driver.h modified: include/linux/rwsem.h modified: include/linux/sched.h modified: include/linux/sched/signal.h modified: include/linux/sched/sysctl.h modified: include/linux/sched/topology.h modified: include/linux/sched/user.h modified: include/linux/thermal.h modified: include/linux/usb.h modified: include/linux/usb/gadget.h modified: include/linux/usb/hcd.h modified: include/linux/vm_event_item.h modified: include/net/cfg80211.h modified: include/scsi/scsi_device.h modified: include/soc/qcom/minidump.h modified: include/soc/qcom/qmi_rmnet.h modified: include/soc/qcom/socinfo.h modified: include/trace/events/power.h modified: include/uapi/drm/drm_mode.h modified: include/uapi/linux/coresight-stm.h modified: include/uapi/linux/ip.h modified: include/uapi/linux/nl80211.h modified: include/uapi/linux/videodev2.h modified: kernel/dma/mapping.c modified: kernel/dma/removed.c modified: kernel/panic.c modified: kernel/sched/cpupri.c modified: kernel/sched/cpupri.h modified: kernel/sched/fair.c modified: kernel/sched/rt.c modified: kernel/sched/sched.h modified: kernel/sched/walt.h modified: kernel/sysctl.c modified: mm/Kconfig modified: mm/compaction.c modified: mm/oom_kill.c modified: mm/page_alloc.c modified: mm/vmalloc.c modified: mm/vmscan.c modified: net/qrtr/qrtr.c modified: net/wireless/nl80211.c modified: net/wireless/scan.c modified: sound/core/init.c modified: sound/soc/soc-core.c modified: sound/usb/card.c modified: sound/usb/pcm.c modified: sound/usb/pcm.h modified: sound/usb/usbaudio.h Bug: 172988823 Bug: 173092548 Signed-off-by: Lucas Wei <lucaswei@google.com> Change-Id: I9c86e3a0309b7078e7640788c00172c6e9b4cf67 |