d4414bc0e93d8da170fd0fc9fef65fe84015677d
255 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
bf15dd2933 |
Merge tag 'ASB-2024-09-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-09-01 CVE-2024-36972 * tag 'ASB-2024-09-05_4.19-stable' of https://android.googlesource.com/kernel/common: (331 commits) Linux 4.19.321 drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var ipc: remove memcg accounting for sops objects in do_semtimedop() scsi: aacraid: Fix double-free on probe failure usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() usb: dwc3: st: fix probed platform device ref count on probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: omap: add missing depopulate in probe error path USB: serial: option: add MeiG Smart SRM825L cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller net: busy-poll: use ktime_get_ns() instead of local_clock() gtp: fix a potential NULL pointer dereference soundwire: stream: fix programming slave ports for non-continous port maps net: prevent mss overflow in skb_segment() ida: Fix crash in ida_free when the bitmap is empty net:rds: Fix possible deadlock in rds_message_put fbmem: Check virtual screen sizes in fb_set_var() fbcon: Prevent that screen size is smaller than font size memcg: enable accounting of ipc resources cgroup/cpuset: Prevent UAF in proc_cpuset_show() ... Conflicts: Documentation/arm64/silicon-errata.txt arch/arm64/include/asm/cpucaps.h arch/arm64/include/asm/cputype.h arch/arm64/kernel/cpu_errata.c drivers/mmc/core/mmc_test.c Change-Id: Id6bbf5f84f4823b601b92267408ab2025b6ba9f4 |
||
|
Greg Kroah-Hartman
|
d757552385 |
Merge 4.19.321 into android-4.19-stable
Changes in 4.19.321 fuse: Initialize beyond-EOF page contents before setting uptodate ALSA: usb-audio: Support Yamaha P-125 quirk entry xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to NUMA_NO_NODE dm resume: don't return EINVAL when signalled dm persistent data: fix memory allocation failure bitmap: introduce generic optimized bitmap_size() fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE selinux: fix potential counting error in avc_add_xperms_decision() drm/amdgpu: Actually check flags for all context ops. memcg_write_event_control(): fix a user-triggerable oops s390/cio: rename bitmap_size() -> idset_bitmap_size() overflow.h: Add flex_array_size() helper overflow: Implement size_t saturating arithmetic helpers btrfs: rename bitmap_set_bits() -> btrfs_bitmap_set_bits() net/mlx5e: Correctly report errors for ethtool rx flows atm: idt77252: prevent use after free in dequeue_rx() net: dsa: vsc73xx: pass value in phy_write operation ssb: Fix division by zero issue in ssb_calc_clock_rate wifi: cw1200: Avoid processing an invalid TIM IE i2c: riic: avoid potential division by zero staging: ks7010: disable bh on tx_dev_lock binfmt_misc: cleanup on filesystem umount scsi: spi: Fix sshdr use gfs2: setattr_chown: Add missing initialization wifi: iwlwifi: abort scan when rfkill on but device enabled powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu ext4: do not trim the group with corrupted block bitmap quota: Remove BUG_ON from dqget() media: pci: cx23885: check cx23885_vdev_init() return fs: binfmt_elf_efpic: don't use missing interpreter's properties scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() net/sun3_82586: Avoid reading past buffer in debug output md: clean up invalid BUG_ON in md_ioctl parisc: Use irq_enter_rcu() to fix warning at kernel/context_tracking.c:367 powerpc/boot: Handle allocation failure in simple_realloc() powerpc/boot: Only free if realloc() succeeds btrfs: change BUG_ON to assertion when checking for delayed_node root btrfs: handle invalid root reference found in may_destroy_subvol() btrfs: send: handle unexpected data in header buffer in begin_cmd() btrfs: delete pointless BUG_ON check on quota root in btrfs_qgroup_account_extent() f2fs: fix to do sanity check in update_sit_entry usb: gadget: fsl: Increase size of name buffer for endpoints Bluetooth: bnep: Fix out-of-bound access NFS: avoid infinite loop in pnfs_update_layout. openrisc: Call setup_memory() earlier in the init sequence s390/iucv: fix receive buffer virtual vs physical address confusion usb: dwc3: core: Skip setting event buffers for host only controllers irqchip/gic-v3-its: Remove BUG_ON in its_vpe_irq_domain_alloc ext4: set the type of max_zeroout to unsigned int to avoid overflow nvmet-rdma: fix possible bad dereference when freeing rsps hrtimer: Prevent queuing of hrtimer without a function callback gtp: pull network headers in gtp_dev_xmit() block: use "unsigned long" for blk_validate_block_size(). Bluetooth: Make use of __check_timeout on hci_sched_le Bluetooth: hci_core: Fix not handling link timeouts propertly Bluetooth: hci_core: Fix LE quote calculation kcm: Serialise kcm_sendmsg() for the same socket. netfilter: nft_counter: Synchronize nft_counter_reset() against reader. ipv6: prevent UAF in ip6_send_skb() net: xilinx: axienet: Always disable promiscuous mode drm/msm: use drm_debug_enabled() to check for debug categories drm/msm/dpu: don't play tricks with debug macros mmc: mmc_test: Fix NULL dereference on allocation failure Bluetooth: MGMT: Add error handling to pair_device() HID: wacom: Defer calculation of resolution until resolution_code is known cxgb4: add forgotten u64 ivlan cast before shift mmc: dw_mmc: allow biu and ciu clocks to defer ALSA: timer: Relax start tick time check for slave timer elements Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO Input: MT - limit max slots tools: move alignment-related macros to new <linux/align.h> drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc pinctrl: single: fix potential NULL dereference in pcs_get_function() wifi: mwifiex: duplicate static structs used in driver instances dm suspend: return -ERESTARTSYS instead of -EINTR scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES filelock: Correct the filelock owner in fcntl_setlk/fcntl_setlk64 media: uvcvideo: Fix integer overflow calculating timestamp ata: libata-core: Fix null pointer dereference on error cgroup/cpuset: Prevent UAF in proc_cpuset_show() memcg: enable accounting of ipc resources fbcon: Prevent that screen size is smaller than font size fbmem: Check virtual screen sizes in fb_set_var() net:rds: Fix possible deadlock in rds_message_put ida: Fix crash in ida_free when the bitmap is empty net: prevent mss overflow in skb_segment() soundwire: stream: fix programming slave ports for non-continous port maps gtp: fix a potential NULL pointer dereference net: busy-poll: use ktime_get_ns() instead of local_clock() cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller USB: serial: option: add MeiG Smart SRM825L usb: dwc3: omap: add missing depopulate in probe error path usb: dwc3: core: Prevent USB core invalid event buffer address access usb: dwc3: st: fix probed platform device ref count on probe error path usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() scsi: aacraid: Fix double-free on probe failure ipc: remove memcg accounting for sops objects in do_semtimedop() drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var Linux 4.19.321 Change-Id: I5ee663c7c3343a99e3c73dd8f663ca5c4e298478 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jann Horn
|
4993486151 |
fuse: Initialize beyond-EOF page contents before setting uptodate
commit 3c0da3d163eb32f1f91891efaade027fa9b245b9 upstream.
fuse_notify_store(), unlike fuse_do_readpage(), does not enable page
zeroing (because it can be used to change partial page contents).
So fuse_notify_store() must be more careful to fully initialize page
contents (including parts of the page that are beyond end-of-file)
before marking the page uptodate.
The current code can leave beyond-EOF page contents uninitialized, which
makes these uninitialized page contents visible to userspace via mmap().
This is an information leak, but only affects systems which do not
enable init-on-alloc (via CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y or the
corresponding kernel command line parameter).
Link: https://bugs.chromium.org/p/project-zero/issues/detail?id=2574
Cc: stable@kernel.org
Fixes:
|
||
|
Wilson Sung
|
09d634c1ac |
Merge android-4.19-stable (4.19.278) into android-msm-pixel-4.19-lts
Merge 4.19.278 into android-4.19-stable
Linux 4.19.278
ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
net: caif: Fix use-after-free in cfusbl_device_notify()
drm/i915: Don't use BAR mappings for ring buffers with LLC
* tipc: improve function tipc_wait_for_cond()
net/tipc/socket.c
media: ov5640: Fix analogue gain control
* PCI: Add SolidRun vendor ID
include/linux/pci_ids.h
macintosh: windfarm: Use unsigned type for 1-bit bitfields
alpha: fix R_ALPHA_LITERAL reloc for large modules
MIPS: Fix a compilation issue
Revert "spi: mt7621: Fix an error message in mt7621_spi_probe()"
* scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
drivers/scsi/hosts.c
* kbuild: generate modules.order only in directories visited by obj-y/m
scripts/Makefile.build
* kbuild: fix false-positive need-builtin calculation
scripts/Makefile.build
udf: Detect system inodes linked into directory hierarchy
udf: Preserve link count of system files
udf: Remove pointless union in udf_inode_info
udf: reduce leakage of blocks related to named streams
udf: Explain handling of load_nls() failure
nfc: change order inside nfc_se_io error path
* ext4: zero i_disksize when initializing the bootloader inode
fs/ext4/ioctl.c
* ext4: fix WARNING in ext4_update_inline_data
fs/ext4/xattr.c
* ext4: move where set the MAY_INLINE_DATA flag is set
fs/ext4/inline.c
fs/ext4/inode.c
* ext4: fix another off-by-one fsmap error on 1k block filesystems
fs/ext4/fsmap.c
* ext4: fix RENAME_WHITEOUT handling for inline directories
fs/ext4/namei.c
x86/CPU/AMD: Disable XSAVES on AMD family 0x17
* fs: prevent out-of-bounds array speculation when closing a file descriptor
fs/file.c
Merge 4.19.277 into android-4.19-stable
Linux 4.19.277
staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh
staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script
* wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext"
net/wireless/sme.c
Merge 4.19.276 into android-4.19-stable
Linux 4.19.276
thermal: intel: powerclamp: Fix cur_state for multi package system
* f2fs: fix cgroup writeback accounting with fs-layer encryption
fs/f2fs/data.c
media: uvcvideo: Fix race condition with usb_kill_urb
media: uvcvideo: Provide sync and async uvc_ctrl_status_event
* tcp: Fix listen() regression in 4.19.270
net/ipv4/inet_connection_sock.c
s390/setup: init jump labels before command line parsing
s390/maccess: add no DAT mode to kernel_write
* Bluetooth: hci_sock: purge socket queues in the destruct() callback
net/bluetooth/hci_sock.c
phy: rockchip-typec: Fix unsigned comparison with less than zero
* usb: uvc: Enumerate valid values for color matching
include/uapi/linux/usb/video.h
USB: ene_usb6250: Allocate enough memory for full object
usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
tools/iio/iio_utils:fix memory leak
mei: bus-fixup:upon error print return values of send and receive
tty: serial: fsl_lpuart: disable the CTS when send break signal
* tty: fix out-of-bounds access in tty_driver_lookup_tty()
drivers/tty/tty_io.c
* media: uvcvideo: Silence memcpy() run-time false positive warnings
include/uapi/linux/uvcvideo.h
media: uvcvideo: Handle errors from calls to usb_string
media: uvcvideo: Handle cameras with invalid descriptors
firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
* tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
kernel/trace/ring_buffer.c
thermal: intel: quark_dts: fix error pointer dereference
scsi: ipr: Work around fortify-string warning
vc_screen: modify vcs_size() handling in vcs_read()
* tcp: tcp_check_req() can be called from process context
net/ipv4/tcp_minisocks.c
ARM: dts: spear320-hmi: correct STMPE GPIO compatible
nfc: fix memory leak of se_io context in nfc_genl_se_io
9p/rdma: unmap receive dma buffer in rdma_request()/post_recv()
9p/xen: fix connection sequence
9p/xen: fix version parsing
* net: fix __dev_kfree_skb_any() vs drop monitor
net/core/dev.c
* netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
net/netfilter/nf_conntrack_netlink.c
watchdog: pcwd_usb: Fix attempting to access uninitialized memory
* watchdog: Fix kmemleak in watchdog_cdev_register
drivers/watchdog/watchdog_dev.c
watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
ubifs: ubifs_writepage: Mark page dirty after writing inode failed
ubifs: dirty_cow_znode: Fix memleak in error handling path
ubifs: Re-statistic cleaned znode count if commit failed
ubi: Fix possible null-ptr-deref in ubi_free_volume()
ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
ubi: Fix use-after-free when volume resizing failed
ubifs: Reserve one leb for each journal head while doing budget
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
ubifs: Fix wrong dirty space budget for dirty inode
ubifs: Rectify space budget for ubifs_xrename()
ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted
ubi: ensure that VID header offset + VID header size <= alloc, size
um: vector: Fix memory leak in vector_config
pwm: stm32-lp: fix the check on arr and cmp registers update
fs/jfs: fix shift exponent db_agl2size negative
* net/sched: Retire tcindex classifier
net/sched/Kconfig
net/sched/Makefile
* kbuild: Port silent mode detection to future gnu make.
Makefile
wifi: ath9k: use proper statements in conditionals
drm/radeon: Fix eDP for single-display iMac11,2
* PCI: Avoid FLR for AMD FCH AHCI adapters
drivers/pci/quirks.c
scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
scsi: ses: Fix possible desc_ptr out-of-bounds accesses
scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
scsi: ses: Don't attach if enclosure has no components
scsi: qla2xxx: Fix erroneous link down
scsi: qla2xxx: Fix link failure in NPIV environment
ktest.pl: Add RUN_TIMEOUT option with default unlimited
ktest.pl: Fix missing "end_monitor" when machine check fails
ktest.pl: Give back console on Ctrt^C on monitor
media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
mips: fix syscall_get_nr
alpha: fix FEN fault handling
rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
ARM: dts: exynos: correct TMU phandle in Odroid XU
ARM: dts: exynos: correct TMU phandle in Exynos4
dm flakey: don't corrupt the zero page
dm flakey: fix logic when corrupting a bio
* wifi: cfg80211: Fix use after free for wext
net/wireless/sme.c
wifi: rtl8xxxu: Use a longer retry limit of 48
* ext4: refuse to create ea block when umounted
fs/ext4/xattr.c
* ext4: optimize ea_inode block expansion
fs/ext4/xattr.c
ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
* irqdomain: Drop bogus fwspec-mapping error handling
kernel/irq/irqdomain.c
* irqdomain: Fix disassociation race
kernel/irq/irqdomain.c
* irqdomain: Fix association race
kernel/irq/irqdomain.c
* ima: Align ima_file_mmap() parameters with mmap_file LSM hook
include/linux/ima.h
security/security.c
Documentation/hw-vuln: Document the interaction between IBRS and STIBP
x86/speculation: Allow enabling STIBP with legacy IBRS
x86/microcode/AMD: Fix mixed steppings support
x86/microcode/AMD: Add a @cpu parameter to the reloading functions
x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
* x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
include/linux/kprobes.h
* x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
include/linux/kprobes.h
x86/reboot: Disable SVM, not just VMX, when stopping CPUs
x86/reboot: Disable virtualization in an emergency if SVM is supported
x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
udf: Fix file corruption when appending just after end of preallocated extent
udf: Do not update file length for failed writes to inline files
udf: Do not bother merging very long extents
udf: Truncate added extents on failed expansion
ocfs2: fix non-auto defrag path not working issue
ocfs2: fix defrag path triggering jbd2 ASSERT
* f2fs: fix information leak in f2fs_move_inline_dirents()
fs/f2fs/inline.c
fs: hfsplus: fix UAF issue in hfsplus_put_super
hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
ARM: dts: exynos: correct HDMI phy compatible in Exynos4
s390/kprobes: fix current_kprobe never cleared after kprobes reenter
s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
s390: discard .interp section
* rtc: pm8xxx: fix set-alarm race
drivers/rtc/rtc-pm8xxx.c
firmware: coreboot: framebuffer: Ignore reserved pixel color bits
wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
dm cache: add cond_resched() to various workqueue loops
dm thin: add cond_resched() to various workqueue loops
pinctrl: at91: use devm_kasprintf() to avoid potential leaks
regulator: s5m8767: Bounds check id indexing into arrays
regulator: max77802: Bounds check regulator id against opmode
ASoC: kirkwood: Iterate over array indexes instead of using pointer math
docs/scripts/gdb: add necessary make scripts_gdb step
drm/msm/dsi: Add missing check for alloc_ordered_workqueue
drm/radeon: free iio for atombios when driver shutdown
drm/amd/display: Fix potential null-deref in dm_resume
net/mlx5: fw_tracer: Fix debug print
ACPI: video: Fix Lenovo Ideapad Z570 DMI match
m68k: Check syscall_trace_enter() return code
net: bcmgenet: Add a check for oversized packets
ACPI: Don't build ACPICA with '-Os'
* inet: fix fast path in __inet_hash_connect()
net/ipv4/inet_hashtables.c
wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds
x86/bugs: Reset speculation control settings on init
* timers: Prevent union confusion from unexpected restart_syscall()
kernel/time/hrtimer.c
kernel/time/posix-timers.c
thermal: intel: Fix unsigned comparison with less than zero
* rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
kernel/rcu/tree_exp.h
wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
udf: Define EFSCORRUPTED error code
* rpmsg: glink: Avoid infinite loop on intent for missing channel
drivers/rpmsg/qcom_glink_native.c
media: usb: siano: Fix use after free bugs caused by do_submit_urb
media: i2c: ov7670: 0 instead of -EINVAL was returned
media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
media: i2c: ov772x: Fix memleak in ov772x_probe()
powerpc: Remove linker flag from KBUILD_AFLAGS
media: platform: ti: Add missing check for devm_regulator_get
MIPS: vpe-mt: drop physical_memsize
powerpc/rtas: ensure 4KB alignment for rtas_data_buf
powerpc/rtas: make all exports GPL
powerpc/pseries/lparcfg: add missing RTAS retry status handling
* clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
drivers/clk/clk.c
powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
Input: ads7846 - don't check penirq immediately for 7845
Input: ads7846 - don't report pressure for ads7845
mtd: rawnand: sunxi: Fix the size of the last OOB region
mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
selftests/ftrace: Fix bash specific "==" operator
sparc: allow PM configs for sparc32 COMPILE_TEST
perf tools: Fix auto-complete on aarch64
perf llvm: Fix inadvertent file creation
gfs2: jdata writepage fix
cifs: Fix warning and UAF when destroy the MR list
cifs: Fix lost destroy smbd connection when MR allocate failed
nfsd: fix race to check ls_layouts
* dm: remove flush_scheduled_work() during local_exit()
drivers/md/dm.c
hwmon: (mlxreg-fan) Return zero speed for broken fan
spi: bcm63xx-hsspi: Fix multi-bit mode setting
spi: bcm63xx-hsspi: fix pm_runtime
scsi: aic94xx: Add missing check for dma_map_single()
hwmon: (ltc2945) Handle error case in ltc2945_value_store
gpio: vf610: connect GPIO label to dev name
* ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
sound/soc/soc-compress.c
drm/mediatek: Clean dangling pointer on bind error path
drm/mediatek: Drop unbalanced obj unref
gpu: host1x: Don't skip assigning syncpoints to channels
drm/msm/dpu: Add check for pstates
drm/msm: use strscpy instead of strncpy
* drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
drivers/gpu/drm/drm_mipi_dsi.c
include/drm/drm_mipi_dsi.h
ALSA: hda/ca0132: minor fix for allocation size
pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours
drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
drm/vc4: dpi: Fix format mapping for RGB565
drm/vc4: dpi: Add option for inverting pixel clock and output enable
* drm: Clarify definition of the DRM_BUS_FLAG_(PIXDATA|SYNC)_* macros
include/drm/drm_connector.h
drm/bridge: megachips: Fix error handling in i2c_register_driver()
* drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
drivers/gpu/drm/mxsfb/Kconfig
selftest: fib_tests: Always cleanup before exit
irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts
can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
crypto: crypto4xx - Call dma_unmap_page when done
wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
wifi: iwl3945: Add missing check for create_singlethread_workqueue
RISC-V: time: initialize hrtimer based broadcast clock event device
m68k: /proc/hardware should depend on PROC_FS
* crypto: rsa-pkcs1pad - Use akcipher_request_complete
crypto/rsa-pkcs1pad.c
rds: rds_rm_zerocopy_callback() correct order for list_add_tail()
libbpf: Fix alen calculation in libbpf_nla_dump_errormsg()
* Bluetooth: L2CAP: Fix potential user-after-free
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
net/mlx5: Enhance debug print in page allocation failure
powercap: fix possible name leak in powercap_register_zone()
* crypto: seqiv - Handle EBUSY correctly
crypto/seqiv.c
ACPI: battery: Fix missing NUL-termination with large strings
wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails
ath9k: htc: clean up statistics macros
ath9k: hif_usb: simplify if-if to if-else
wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
wifi: orinoco: check return value of hermes_write_wordrec()
ACPICA: nsrepair: handle cases without a return value correctly
* lib/mpi: Fix buffer overrun when SG is too long
lib/mpi/mpicoder.c
* genirq: Fix the return type of kstat_cpu_irqs_sum()
include/linux/kernel_stat.h
ACPICA: Drop port I/O validation for some regions
wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave()
wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave()
wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
wifi: ipw2200: fix memory leak in ipw_wdev_init()
wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave()
ipw2x00: switch from 'pci_' to 'dma_' API
wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit()
rtlwifi: fix -Wpointer-sign warning
wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
wifi: libertas: fix memory leak in lbs_init_adapter()
wifi: rsi: Fix memory leak in rsi_coex_attach()
block: bio-integrity: Copy flags when bio_integrity_payload is cloned
* blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx
block/blk-mq-sched.c
arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible
arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
arm64: dts: meson-axg: enable SCPI
arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
ARM: imx: Call ida_simple_remove() for ida_simple_get
ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
arm64: dts: meson-gx: Fix Ethernet MAC address unit name
ARM: zynq: Fix refcount leak in zynq_early_slcr_init
ARM: OMAP2+: Fix memory leak in realtime_counter_init()
HID: asus: use spinlock to safely schedule workers
HID: asus: use spinlock to protect concurrent accesses
HID: asus: Remove check for same LED brightness on set
Merge 4.19.275 into android-4.19-stable
Linux 4.19.275
* USB: core: Don't hold device lock while reading the "descriptors" sysfs file
drivers/usb/core/hub.c
drivers/usb/core/sysfs.c
USB: serial: option: add support for VW/Skoda "Carstick LTE"
dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
vc_screen: don't clobber return value in vcs_read
* net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
net/core/stream.c
IB/hfi1: Assign npages earlier
btrfs: send: limit number of clones and allocated memory size
ACPI: NFIT: fix a potential deadlock during NFIT teardown
ARM: dts: rockchip: add power-domains property to dp node on rk3288
* UPSTREAM: selinux: check return value of sel_make_avc_files
security/selinux/selinuxfs.c
UPSTREAM: lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test
UPSTREAM: wireguard: ratelimiter: use kvcalloc() instead of kvzalloc()
UPSTREAM: wireguard: receive: drop handshakes if queue lock is contended
UPSTREAM: wireguard: receive: use ring buffer for incoming handshakes
* UPSTREAM: wireguard: device: reset peer src endpoint when netns exits
include/net/dst_cache.h
net/core/dst_cache.c
UPSTREAM: wireguard: selftests: actually test for routing loops
UPSTREAM: kasan: fix tag for large allocations when using CONFIG_SLAB
* UPSTREAM: usb: musb: select GENERIC_PHY instead of depending on it
drivers/usb/musb/Kconfig
* UPSTREAM: driver core: Reject pointless SYNC_STATE_ONLY device links
drivers/base/core.c
* BACKPORT: PM: EM: Fix inefficient states detection
kernel/power/energy_model.c
* UPSTREAM: cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
net/wireless/scan.c
* UPSTREAM: thermal/core: Fix thermal_cooling_device_register() prototype
include/linux/thermal.h
* UPSTREAM: PM: EM: Increase energy calculation precision
include/linux/energy_model.h
kernel/power/energy_model.c
UPSTREAM: lib/test_stackinit: Fix static initializer test
BACKPORT: userfaultfd: do not untag user pointers
UPSTREAM: net/xfrm/compat: Copy xfrm_spdattr_type_t atributes
* UPSTREAM: sched/uclamp: Ignore max aggregation if rq is idle
kernel/sched/sched.h
* UPSTREAM: net: xfrm: fix memory leak in xfrm_user_rcv_msg
net/xfrm/xfrm_user.c
* UPSTREAM: f2fs: Advertise encrypted casefolding in sysfs
fs/f2fs/sysfs.c
* UPSTREAM: fuse: ignore PG_workingset after stealing
fs/fuse/dev.c
* BACKPORT: loop: Fix missing discard support when using LOOP_CONFIGURE
drivers/block/loop.c
* BACKPORT: nvmem: core: add a missing of_node_put
drivers/nvmem/core.c
* UPSTREAM: usb: typec: mux: Fix copy-paste mistake in typec_mux_match
drivers/usb/typec/mux.c
Merge 4.19.274 into android-4.19-stable
Linux 4.19.274
* bpf: add missing header file include
kernel/bpf/core.c
* ext4: Fix function prototype mismatch for ext4_feat_ktype
fs/ext4/sysfs.c
wifi: mwifiex: Add missing compatible string for SD8787
* uaccess: Add speculation barrier to copy_from_user()
include/linux/nospec.h
kernel/bpf/core.c
lib/usercopy.c
mac80211: mesh: embedd mesh_paths and mpp_paths into ieee80211_if_mesh
drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
* alarmtimer: Prevent starvation by small intervals and SIG_IGN
kernel/time/alarmtimer.c
powerpc: dts: t208x: Disable 10G on MAC1 and MAC2
can: kvaser_usb: hydra: help gcc-13 to figure out cmd_len
* random: always mix cycle counter in add_latent_entropy()
include/linux/random.h
powerpc: dts: t208x: Mark MAC1 and MAC2 as 10G
wifi: rtl8xxxu: gen2: Turn on the rate control
* BACKPORT: fscrypt: fix derivation of SipHash keys on big endian CPUs
fs/crypto/keysetup.c
UPSTREAM: wireguard: allowedips: free empty intermediate nodes when removing single node
BACKPORT: wireguard: allowedips: allocate nodes in kmem_cache
Merge "Merge 4.19.273 into android-4.19-stable" into android-4.19-stable
Merge 4.19.273 into android-4.19-stable
Linux 4.19.273
net: phy: meson-gxl: Add generic dummy stubs for MMD register access
nilfs2: fix underflow in second superblock position calculations
kvm: initialize all of the kvm_debugregs structure before sending it to userspace
i40e: Add checking for null for nlmsg_find_attr()
* ipv6: Fix tcp socket connection with DSCP.
net/ipv6/tcp_ipv6.c
* ipv6: Fix datagram socket connection with DSCP.
net/ipv6/datagram.c
net: mpls: fix stale pointer if allocation fails during device rename
net: stmmac: Restrict warning on disabling DMA store and fwd mode
bnxt_en: Fix mqprio and XDP ring checking logic
net: stmmac: fix order of dwmac5 FlexPPS parametrization sequence
net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
* dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions.
include/net/sock.h
net/ipv6/tcp_ipv6.c
net: bgmac: fix BCM5358 support by setting correct flags
i40e: add double of VLAN header when computing the max MTU
revert "squashfs: harden sanity check in squashfs_read_xattr_id_table"
* hugetlb: check for undefined shift on 32 bit architectures
include/linux/hugetlb.h
ALSA: hda/realtek - fixed wrong gpio assigned
ALSA: hda/conexant: add a new hda codec SN6180
mmc: sdio: fix possible resource leaks in some error paths
Revert "x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN"
netfilter: nft_tproxy: restrict to prerouting hook
* aio: fix mremap after fork null-deref
fs/aio.c
nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association
net/rose: Fix to not accept on connected socket
tools/virtio: fix the vringh test for virtio ring changes
ASoC: cs42l56: fix DT probe
migrate: hugetlb: check for hugetlb shared PMD in node migration
* bpf: Always return target ifindex in bpf_fib_lookup
net/core/filter.c
arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive
arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive
riscv: Fixup race condition on PG_dcache_clean in flush_icache_pte
usb: typec: altmodes/displayport: Fix probe pin assign check
* usb: core: add quirk for Alcor Link AK9563 smartcard reader
drivers/usb/core/quirks.c
net: USB: Fix wrong-direction WARNING in plusb.c
pinctrl: intel: Restore the pins that used to be in Direct IRQ mode
pinctrl: intel: Convert unsigned to unsigned int
pinctrl: single: fix potential NULL dereference
pinctrl: aspeed: Fix confusing types in return value
ALSA: pci: lx6464es: fix a debug loop
selftests: forwarding: lib: quote the sysctl values
rds: rds_rm_zerocopy_callback() use list_first_entry()
net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY
net: phy: meson-gxl: add g12a support
* net: phy: add macros for PHYID matching
include/linux/phy.h
IB/hfi1: Restore allocated resources on failed copyout
ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control()
btrfs: limit device extents to the device size
iio:adc:twl6030: Enable measurement of VAC
thermal: intel: int340x: Add locking to int340x_thermal_get_trip_type()
serial: 8250_dma: Fix DMA Rx rearm race
serial: 8250_dma: Fix DMA Rx completion race
* Squashfs: fix handling and sanity checking of xattr_ids count
fs/squashfs/squashfs_fs.h
* mm/swapfile: add cond_resched() in get_swap_pages()
mm/swapfile.c
* mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps
fs/proc/task_mmu.c
include/linux/hugetlb.h
riscv: disable generation of unwind tables
parisc: Wire up PTRACE_GETREGS/PTRACE_SETREGS for compat case
parisc: Fix return code of pdc_iodc_print()
iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
iio: adc: berlin2-adc: Add missing of_node_put() in error path
iio: hid: fix the retval in accel_3d_capture_sample
efi: Accept version 2 of memory attributes table
watchdog: diag288_wdt: fix __diag288() inline assembly
watchdog: diag288_wdt: do not use stack buffers for hardware data
fbcon: Check font dimension limits
thermal: intel: int340x: Protect trip temperature from concurrent updates
KVM: x86/vmx: Do not skip segment attributes if unusable bit is set
KVM: VMX: Move caching of MSR_IA32_XSS to hardware_setup()
KVM: VMX: Move VMX specific files to a "vmx" subdirectory
nVMX x86: Check VMX-preemption timer controls on vmentry of L2 guests
Input: i8042 - add Clevo PCX0DX to i8042 quirk table
Input: i8042 - add TUXEDO devices to i8042 quirk tables
Input: i8042 - merge quirk tables
Input: i8042 - move __initconst to fix code styling warning
vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
* usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait
drivers/usb/gadget/function/f_fs.c
* usb: dwc3: qcom: enable vbus override when in OTG dr-mode
drivers/usb/dwc3/dwc3-qcom.c
* usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API
drivers/usb/dwc3/dwc3-qcom.c
iio: adc: stm32-dfsdm: fill module aliases
net/x25: Fix to not accept on connected socket
i2c: rk3x: fix a bunch of kernel-doc warnings
scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
scsi: target: core: Fix warning on RT kernels
net: openvswitch: fix flow memory leak in ovs_flow_cmd_new
ata: libata: Fix sata_down_spd_limit() when no link speed is reported
squashfs: harden sanity check in squashfs_read_xattr_id_table
netrom: Fix use-after-free caused by accept on already connected socket
ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()
bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region
UPSTREAM: wireguard: allowedips: remove nodes in O(1)
UPSTREAM: wireguard: allowedips: initialize list head in selftest
UPSTREAM: wireguard: use synchronize_net rather than synchronize_rcu
UPSTREAM: wireguard: do not use -O3
UPSTREAM: wireguard: selftests: make sure rp_filter is disabled on vethc
BACKPORT: wireguard: selftests: remove old conntrack kconfig value
* BACKPORT: usb: typec: mux: Fix matching with typec_altmode_desc
drivers/usb/typec/mux.c
* UPSTREAM: sched/uclamp: Fix locking around cpu_util_update_eff()
kernel/sched/core.c
* UPSTREAM: sched/uclamp: Fix wrong implementation of cpu.uclamp.min
kernel/sched/core.c
UPSTREAM: usb: musb: Fix an error message
UPSTREAM: arm64: doc: Add brk/mmap/mremap() to the Tagged Address ABI Exceptions
* BACKPORT: selinux: add proper NULL termination to the secclass_map permissions
security/selinux/include/classmap.h
UPSTREAM: crypto: arm/curve25519 - Move '.fpu' after '.arch'
UPSTREAM: libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC
* UPSTREAM: of: property: fw_devlink: do not link ".*,nr-gpios"
drivers/of/property.c
UPSTREAM: xfrm/compat: Cleanup WARN()s that can be user-triggered
UPSTREAM: wireguard: selftests: test multiple parallel streams
UPSTREAM: crypto: mips: add poly1305-core.S to .gitignore
* BACKPORT: arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
arch/arm64/include/asm/memory.h
* UPSTREAM: crypto: mips/poly1305 - enable for all MIPS processors
crypto/Kconfig
drivers/net/Kconfig
UPSTREAM: kbuild: do not include include/config/auto.conf from adjust_autoksyms.sh
* UPSTREAM: wireguard: kconfig: use arm chacha even with no neon
drivers/net/Kconfig
UPSTREAM: wireguard: queueing: get rid of per-peer ring buffers
UPSTREAM: wireguard: device: do not generate ICMP for non-IP packets
BACKPORT: mac80211_hwsim: notify wmediumd of used MAC addresses
BACKPORT: mac80211_hwsim: add concurrent channels scanning support over virtio
* BACKPORT: perf_event_open: switch to copy_struct_from_user()
kernel/events/core.c
* BACKPORT: sched_setattr: switch to copy_struct_from_user()
kernel/sched/core.c
Bug: 274413561
Change-Id: I4334c7024c0a0b0ff52123bda3f51c09f35ebf56
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Miklos Szeredi
|
18a579e7fa |
UPSTREAM: fuse: ignore PG_workingset after stealing
Fix the "fuse: trying to steal weird page" warning. Description from Johannes Weiner: "Think of it as similar to PG_active. It's just another usage/heat indicator of file and anon pages on the reclaim LRU that, unlike PG_active, persists across deactivation and even reclaim (we store it in the page cache / swapper cache tree until the page refaults). So if fuse accepts pages that can legally have PG_active set, PG_workingset is fine too." Bug: 254441685 Reported-by: Thomas Lindroth <thomas.lindroth@gmail.com> Fixes: 1899ad18c607 ("mm: workingset: tell cache transitions from workingset thrashing") Cc: <stable@vger.kernel.org> # v4.20 Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> (cherry picked from commit b89ecd60d38ec042d63bdb376c722a16f92bcb88) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: Ife78b93cf979bdb87756aaf570cb0935264b7e4d |
||
|
Lucas Wei
|
a452d64169 |
Merge android-4.19-stable (4.19.239) into android-msm-pixel-4.19-lts
Merge 4.19.239 into android-4.19-stable
Linux 4.19.239
i2c: pasemi: Wait for write xfers to finish
* smp: Fix offline cpu check in flush_smp_call_function_queue()
kernel/smp.c
ARM: davinci: da850-evm: Avoid NULL pointer dereference
* ipv6: fix panic when forwarding a pkt with no in6 dev
net/ipv6/ip6_output.c
* ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
sound/core/pcm_misc.c
ALSA: hda/realtek: Add quirk for Clevo PD50PNT
gcc-plugins: latent_entropy: use /dev/urandom
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
* mm, page_alloc: fix build_zonerefs_node()
mm/page_alloc.c
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: mvsas: Add PCI ID of RocketRaid 2640
drm/amd/display: Fix allocate_mst_payload assert on resume
* arm64: alternatives: mark patch_alternative() as `noinstr`
arch/arm64/kernel/alternative.c
gpu: ipu-v3: Fix dev_dbg frequency output
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
* net: micrel: fix KS8851_MLL Kconfig
drivers/net/ethernet/micrel/Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
scsi: target: tcmu: Fix possible page UAF
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
drm/amdkfd: Check for potential null return of kmalloc_array()
drm/amd: Add USBC connector ID
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
* sctp: Initialize daddr on peeled off socket
net/sctp/socket.c
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
mlxsw: i2c: Fix initialization error flow
gpiolib: acpi: use correct format characters
* veth: Ensure eth header is in skb's linear part
drivers/net/veth.c
* net/sched: flower: fix parsing of ethertype following VLAN header
include/net/flow_dissector.h
net/core/flow_dissector.c
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
* ANDROID: GKI: fix crc issue with commit
|
||
|
Greg Kroah-Hartman
|
ce7025b713 |
Merge 4.19.238 into android-4.19-stable
Changes in 4.19.238 USB: serial: pl2303: add IBM device IDs USB: serial: simple: add Nokia phone driver netdevice: add the case if dev is NULL xfrm: fix tunnel model fragmentation behavior virtio_console: break out of buf poll on remove ethernet: sun: Free the coherent when failing in probing spi: Fix invalid sgs value net:mcf8390: Use platform_get_irq() to get the interrupt spi: Fix erroneous sgs value with min_t() af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register fuse: fix pipe buffer lifetime for direct_io tpm: fix reference counting for struct tpm_chip block: Add a helper to validate the block size virtio-blk: Use blk_validate_block_size() to validate block size USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c xhci: make xhci_handshake timeout for xhci_reset() adjustable coresight: Fix TRCCONFIGR.QE sysfs interface iio: afe: rescale: use s64 for temporary scale calculations iio: inkern: apply consumer scale on IIO_VAL_INT cases iio: inkern: apply consumer scale when no channel scale is available iio: inkern: make a best effort on offset calculation clk: uniphier: Fix fixed-rate initialization ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE Documentation: add link to stable release candidate tree Documentation: update stable tree link SUNRPC: avoid race between mod_timer() and del_timer_sync() NFSD: prevent underflow in nfssvc_decode_writeargs() NFSD: prevent integer overflow on 32 bit systems f2fs: fix to unlock page correctly in error path of is_alive() pinctrl: samsung: drop pin banks references on error paths can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path jffs2: fix use-after-free in jffs2_clear_xattr_subsystem jffs2: fix memory leak in jffs2_do_mount_fs jffs2: fix memory leak in jffs2_scan_medium mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node mm: invalidate hwpoison page cache page in fault path mempolicy: mbind_range() set_policy() after vma_merge() scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands qed: display VF trust config qed: validate and restrict untrusted VFs vlan promisc mode Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" ALSA: cs4236: fix an incorrect NULL check on list iterator ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 mm,hwpoison: unmap poisoned page before invalidation drbd: fix potential silent data corruption powerpc/kvm: Fix kvm_use_magic_page ACPI: properties: Consistently return -ENOENT if there are no more references drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() block: don't merge across cgroup boundaries if blkcg is enabled drm/edid: check basic audio support on CEA extension block video: fbdev: sm712fb: Fix crash in smtcfb_read() video: fbdev: atari: Atari 2 bpp (STe) palette bugfix ARM: dts: at91: sama5d2: Fix PMERRLOC resource size ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 ARM: dts: exynos: add missing HDMI supplies on SMDK5250 ARM: dts: exynos: add missing HDMI supplies on SMDK5420 carl9170: fix missing bit-wise or operator for tx_params thermal: int340x: Increase bitmap size lib/raid6/test: fix multiple definition linking error DEC: Limit PMAX memory probing to R3k systems media: davinci: vpif: fix unbalanced runtime PM get brcmfmac: firmware: Allocate space for default boardrev in nvram brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio PCI: pciehp: Clear cmd_busy bit in polling mode regulator: qcom_smd: fix for_each_child.cocci warnings crypto: authenc - Fix sleep in atomic context in decrypt_tail crypto: mxs-dcp - Fix scatterlist processing spi: tegra114: Add missing IRQ check in tegra_spi_probe selftests/x86: Add validity check and allow field splitting spi: pxa2xx-pci: Balance reference count for PCI DMA device hwmon: (pmbus) Add mutex to regulator ops hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING block: don't delete queue kobject before its children PM: hibernate: fix __setup handler error handling PM: suspend: fix return value of __setup handler hwrng: atmel - disable trng on failure path crypto: vmx - add missing dependencies clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() ACPI: APEI: fix return value of __setup handlers crypto: ccp - ccp_dmaengine_unregister release dma channels hwmon: (pmbus) Add Vin unit off handling clocksource: acpi_pm: fix return value of __setup handler sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa perf/core: Fix address filter parser for multiple filters perf/x86/intel/pt: Fix address filter config for 32-bit kernel media: coda: Fix missing put_device() call in coda_get_vdoa_data video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() ARM: dts: qcom: ipq4019: fix sleep clock soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe media: em28xx: initialize refcount before kref_get media: usb: go7007: s2250-board: fix leak in probe() ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() ASoC: ti: davinci-i2s: Add check for clk_enable() ALSA: spi: Add check for clk_enable() arm64: dts: ns2: Fix spi-cpol and spi-cpha property arm64: dts: broadcom: Fix sata nodename printk: fix return value of printk.devkmsg __setup handler ASoC: mxs-saif: Handle errors for clk_enable ASoC: atmel_ssc_dai: Handle errors for clk_enable memory: emif: Add check for setup_interrupts memory: emif: check the pointer temp in get_device_details() ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe ASoC: wm8350: Handle error for wm8350_register_irq ASoC: fsi: Add check for clk_enable video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of ASoC: dmaengine: do not use a NULL prepare_slave_config() callback ASoC: mxs: Fix error handling in mxs_sgtl5000_probe ASoC: imx-es8328: Fix error return code in imx_es8328_probe() ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe mmc: davinci_mmc: Handle error for clk_enable drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern Bluetooth: hci_serdev: call init_rwsem() before p->open() mtd: onenand: Check for error irq drm/edid: Don't clear formats if using deep color drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() ath9k_htc: fix uninit value bugs KVM: PPC: Fix vmx/vsx mixup in mmio emulation power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe ray_cs: Check ioremap return value power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports iwlwifi: Fix -EIO error code that is never returned dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS scsi: pm8001: Fix command initialization in pm80XX_send_read_log() scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() scsi: pm8001: Fix abort all task initialization TOMOYO: fix __setup handlers return values ext2: correct max file size computing drm/tegra: Fix reference leak in tegra_dsi_ganged_probe power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit KVM: x86: Fix emulation in writing cr8 KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() hv_balloon: rate-limit "Unhandled message" warning i2c: xiic: Make bus names unique power: supply: wm8350-power: Handle error for wm8350_register_irq power: supply: wm8350-power: Add missing free in free_charger_irq PCI: Reduce warnings on possible RW1C corruption powerpc/sysdev: fix incorrect use to determine if list is empty mfd: mc13xxx: Add check for mc13xxx_irq_request vxcan: enable local echo for sent CAN frames MIPS: RB532: fix return value of __setup handler mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init USB: storage: ums-realtek: fix error code in rts51x_read_mem() af_netlink: Fix shift out of bounds in group mask calculation i2c: mux: demux-pinctrl: do not deactivate a master that is not active selftests/bpf/test_lirc_mode2.sh: Exit with proper code tcp: ensure PMTU updates are processed during fastopen mfd: asic3: Add missing iounmap() on error asic3_mfd_probe mxser: fix xmit_buf leak in activate when LSR == 0xff pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() staging:iio:adc:ad7280a: Fix handing of device address bit reversing. clk: qcom: ipq8074: Use floor ops for SDCC1 clock serial: 8250_mid: Balance reference count for PCI DMA device serial: 8250: Fix race condition in RTS-after-send handling iio: adc: Add check for devm_request_threaded_irq dma-debug: fix return value of __setup handlers clk: qcom: clk-rcg2: Update the frac table for pixel clock remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region clk: actions: Terminate clk_div_table with sentinel element clk: loongson1: Terminate clk_div_table with sentinel element clk: clps711x: Terminate clk_div_table with sentinel element clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver NFS: remove unneeded check in decode_devicenotify_args() pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe tty: hvc: fix return value of __setup handler kgdboc: fix return value of __setup handler kgdbts: fix return value of __setup handler jfs: fix divide error in dbNextAG netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options clk: qcom: gcc-msm8994: Fix gpll4 width xen: fix is_xen_pmu() net: phy: broadcom: Fix brcm_fet_config_init() qlcnic: dcb: default to returning -EOPNOTSUPP net/x25: Fix null-ptr-deref caused by x25_disconnect NFSv4/pNFS: Fix another issue with a list iterator pointing to the head lib/test: use after free in register_test_dev_kmod() selinux: use correct type for context length loop: use sysfs_emit() in the sysfs xxx show() Fix incorrect type in assignment of ipv6 port for audit irqchip/qcom-pdc: Fix broken locking irqchip/nvic: Release nvic_base upon failure bfq: fix use-after-free in bfq_dispatch_request ACPICA: Avoid walking the ACPI Namespace if it is not there lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 Revert "Revert "block, bfq: honor already-setup queue merges"" ACPI/APEI: Limit printable size of BERT table data PM: core: keep irq flags in device_pm_check_callbacks() spi: tegra20: Use of_device_get_match_data() ext4: don't BUG if someone dirty pages without asking ext4 first ntfs: add sanity check on allocation size video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow video: fbdev: w100fb: Reset global state video: fbdev: cirrusfb: check pixclock to avoid divide by zero video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 ARM: dts: bcm2837: Add the missing L1/L2 cache information video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit ASoC: soc-core: skip zero num_dai component in searching dai name media: cx88-mpeg: clear interrupt status register before streaming video ARM: tegra: tamonten: Fix I2C3 pad setting ARM: mmp: Fix failure to remove sram device video: fbdev: sm712fb: Fix crash in smtcfb_write() media: Revert "media: em28xx: add missing em28xx_close_extension" media: hdpvr: initialize dev->worker at hdpvr_register_videodev mmc: host: Return an error when ->enable_sdio_irq() ops is missing powerpc/lib/sstep: Fix 'sthcx' instruction powerpc/lib/sstep: Fix build errors with newer binutils powerpc: Fix build errors with newer binutils scsi: qla2xxx: Fix stuck session in gpdb scsi: qla2xxx: Fix warning for missing error code scsi: qla2xxx: Check for firmware dump already collected scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() scsi: qla2xxx: Fix incorrect reporting of task management failure scsi: qla2xxx: Fix hang due to session stuck scsi: qla2xxx: Reduce false trigger to login scsi: qla2xxx: Use correct feature type field during RFF_ID processing KVM: Prevent module exit until all VMs are freed KVM: x86: fix sending PV IPI ubifs: rename_whiteout: Fix double free for whiteout_ui->data ubifs: Fix deadlock in concurrent rename whiteout and inode writeback ubifs: Add missing iput if do_tmpfile() failed in rename whiteout ubifs: setflags: Make dirtied_ino_d 8 bytes aligned ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() ubifs: rename_whiteout: correct old_dir size computing can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path can: mcba_usb: properly check endpoint type gfs2: Make sure FITRIM minlen is rounded up to fs block size pinctrl: pinconf-generic: Print arguments for bias-pull-* ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl ACPI: CPPC: Avoid out of bounds access when parsing _CPC data mm/mmap: return 1 from stack_guard_gap __setup() handler mm/memcontrol: return 1 from cgroup.memory __setup() handler mm/usercopy: return 1 from hardened_usercopy __setup() handler bpf: Fix comment for helper bpf_current_task_under_cgroup() ubi: fastmap: Return error code if memory allocation fails in add_aeb() ASoC: topology: Allow TLV control to be either read or write ARM: dts: spear1340: Update serial node properties ARM: dts: spear13xx: Update SPI dma properties um: Fix uml_mconsole stop/go openvswitch: Fixed nd target mask field in the flow dump. KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated ubifs: Rectify space amount budget for mkdir/tmpfile operations rtc: wm8350: Handle error for wm8350_register_irq riscv module: remove (NOLOAD) ARM: 9187/1: JIVE: fix return value of __setup handler KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs drm: Add orientation quirk for GPD Win Max ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj ptp: replace snprintf with sysfs_emit powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 scsi: mvsas: Replace snprintf() with sysfs_emit() scsi: bfa: Replace snprintf() with sysfs_emit() power: supply: axp20x_battery: properly report current when discharging powerpc: Set crashkernel offset to mid of RMA region PCI: aardvark: Fix support for MSI interrupts iommu/arm-smmu-v3: fix event handling soft lockup usb: ehci: add pci device support for Aspeed platforms PCI: pciehp: Add Qualcomm quirk for Command Completed erratum ipv4: Invalidate neighbour for broadcast address upon address addition dm ioctl: prevent potential spectre v1 gadget drm/amdkfd: make CRAT table missing message informational only scsi: pm8001: Fix pm8001_mpi_task_abort_resp() scsi: aha152x: Fix aha152x_setup() __setup handler return value net/smc: correct settings of RMB window update limit macvtap: advertise link netns via netlink bnxt_en: Eliminate unintended link toggle during FW reset MIPS: fix fortify panic when copying asm exception handlers scsi: libfc: Fix use after free in fc_exch_abts_resp() usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm xtensa: fix DTC warning unit_address_format Bluetooth: Fix use after free in hci_send_acl init/main.c: return 1 from handled __setup() functions minix: fix bug when opening a file with O_DIRECT w1: w1_therm: fixes w1_seq for ds28ea00 sensors NFSv4: Protect the state recovery thread against direct reclaim xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 clk: Enforce that disjoints limits are invalid SUNRPC/call_alloc: async tasks mustn't block waiting for memory NFS: swap IO handling is slightly different for O_DIRECT IO NFS: swap-out must always use STABLE writes. serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() virtio_console: eliminate anonymous module_init & module_exit jfs: prevent NULL deref in diFree parisc: Fix CPU affinity for Lasi, WAX and Dino chips net: add missing SOF_TIMESTAMPING_OPT_ID support mm: fix race between MADV_FREE reclaim and blkdev direct IO read KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() Drivers: hv: vmbus: Fix potential crash on module unload scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() net: stmmac: Fix unset max_speed difference between DT and non-DT platforms drm/imx: Fix memory leak in imx_pd_connector_get_modes net: openvswitch: don't send internal clone attribute to the userspace. rxrpc: fix a race in rxrpc_exit_net() qede: confirm skb is allocated before using spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() drbd: Fix five use after free bugs in get_initial_state Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) mm/mempolicy: fix mpol_new leak in shared_policy_replace x86/pm: Save the MSR validity status at context setup x86/speculation: Restore speculation related MSRs during S3 resume btrfs: fix qgroup reserve overflow the qgroup limit arm64: patch_text: Fixup last cpu should be master ata: sata_dwc_460ex: Fix crash due to OOB write perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator irqchip/gic-v3: Fix GICR_CTLR.RWP polling tools build: Filter out options and warnings not supported by clang tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" mm: don't skip swap entry even if zap_details specified arm64: module: remove (NOLOAD) from linker script mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning cgroup: Use open-time credentials for process migraton perm checks cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv cgroup: Use open-time cgroup namespace for process migration perm checks selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 selftests: cgroup: Test open-time credential usage for migration checks selftests: cgroup: Test open-time cgroup namespace usage for migration checks xfrm: policy: match with both mark and mask on user interfaces drm/amdgpu: Check if fd really is an amdgpu fd. drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu Linux 4.19.238 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I55a3615d2fbf9bde9ac152456701b36a6c9d20b6 |
||
|
Miklos Szeredi
|
99db28212b |
fuse: fix pipe buffer lifetime for direct_io
commit 0c4bcfdecb1ac0967619ee7ff44871d93c08c909 upstream.
In FOPEN_DIRECT_IO mode, fuse_file_write_iter() calls
fuse_direct_write_iter(), which normally calls fuse_direct_io(), which then
imports the write buffer with fuse_get_user_pages(), which uses
iov_iter_get_pages() to grab references to userspace pages instead of
actually copying memory.
On the filesystem device side, these pages can then either be read to
userspace (via fuse_dev_read()), or splice()d over into a pipe using
fuse_dev_splice_read() as pipe buffers with &nosteal_pipe_buf_ops.
This is wrong because after fuse_dev_do_read() unlocks the FUSE request,
the userspace filesystem can mark the request as completed, causing write()
to return. At that point, the userspace filesystem should no longer have
access to the pipe buffer.
Fix by copying pages coming from the user address space to new pipe
buffers.
Reported-by: Jann Horn <jannh@google.com>
Fixes:
|
||
|
Wilson Sung
|
7418288acf |
Merge android-4.19-stable (4.19.220) into android-msm-pixel-4.19-lts
Merge 4.19.220 into android-4.19-stable
Linux 4.19.220
ipmi: msghandler: Make symbol 'remove_work_wq' static
parisc: Mark cr16 CPU clocksource unstable on all SMP machines
* serial: core: fix transmit-buffer reset and memleak
drivers/tty/serial/serial_core.c
serial: pl011: Add ACPI SBSA UART match id
tty: serial: msm_serial: Deactivate RX DMA for polling support
x86/64/mm: Map all kernel memory into trampoline_pgd
usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
* USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
drivers/usb/core/quirks.c
* xhci: Fix commad ring abort, write all 64 bits to CRCR register.
drivers/usb/host/xhci-ring.c
vgacon: Propagate console boot parameters before calling `vc_resize'
parisc: Fix "make install" on newer debian releases
parisc: Fix KBUILD_IMAGE for self-extracting kernel
drm/msm: Do hw_init() before capturing GPU state
net/smc: Keep smc_close_final rc during active close
net/rds: correct socket tunable error in rds_tcp_tune()
* net: annotate data-races on txq->xmit_lock_owner
include/linux/netdevice.h
net/core/dev.c
net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available
rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
* siphash: use _unaligned version by default
include/linux/siphash.h
lib/siphash.c
net: mpls: Fix notifications when deleting a device
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
natsemi: xtensa: fix section mismatch warnings
i2c: stm32f7: stop dma transfer in case of NACK
i2c: stm32f7: recover the bus on access timeout
* fget: check that the fd still exists after getting a ref to it
fs/file.c
* fs: add fget_many() and fput_many()
fs/file.c
fs/file_table.c
include/linux/file.h
include/linux/fs.h
sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
ipmi: Move remove_work to dedicated workqueue
* kprobes: Limit max data_size of the kretprobe instances
include/linux/kprobes.h
vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
perf hist: Fix memory leak of a perf_hpp_fmt
net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
scsi: iscsi: Unblock session then wake up error handler
* thermal: core: Reset previous low and high trip during thermal zone init
drivers/thermal/thermal_core.c
btrfs: check-integrity: fix a warning on write caching disabled disk
s390/setup: avoid using memblock_enforce_memory_limit
platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
* net: return correct error code
net/ipv4/devinet.c
atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
gfs2: Fix length of holes reported at end-of-file
* of: clk: Make <linux/of_clk.h> self-contained
include/linux/of_clk.h
NFSv42: Fix pagecache invalidation after COPY/CLONE
* shm: extend forced shm destroy to support objects from several IPC nses
include/linux/ipc_namespace.h
include/linux/sched/task.h
* BACKPORT: arm64: vdso32: suppress error message for 'make mrproper'
arch/arm64/kernel/vdso32/Makefile
Merge 4.19.219 into android-4.19-stable
Linux 4.19.219
tty: hvc: replace BUG_ON() with negative return value
xen/netfront: don't trust the backend response data blindly
xen/netfront: disentangle tx_skb_freelist
xen/netfront: don't read data from request on the ring page
xen/netfront: read response from backend only once
xen/blkfront: don't trust the backend response data blindly
xen/blkfront: don't take local copy of a request from the ring page
xen/blkfront: read response from backend only once
* xen: sync include/xen/interface/io/ring.h with Xen's newest version
include/xen/interface/io/ring.h
* fuse: release pipe buf after last use
fs/fuse/dev.c
* NFC: add NCI_UNREG flag to eliminate the race
include/net/nfc/nci_core.h
* hugetlbfs: flush TLBs correctly after huge_pmd_unshare
include/asm-generic/tlb.h
mm/memory.c
s390/mm: validate VMA in PGSTE manipulation functions
* tracing: Check pid filtering when creating events
kernel/trace/trace_events.c
vhost/vsock: fix incorrect used length reported to the guest
net: hns3: fix VF RSS failed problem after PF enable multi-TCs
net/smc: Don't call clcsock shutdown twice when smc shutdown
MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
* tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
net/ipv4/tcp_cubic.c
PM: hibernate: use correct mode for swsusp_close()
net/smc: Ensure the active closing peer first closes clcsock
* ipv6: fix typos in __ip6_finish_output()
net/ipv6/ip6_output.c
drm/vc4: fix error code in vc4_create_object()
scsi: mpt3sas: Fix kernel panic during drive powercycle test
ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
NFSv42: Don't fail clone() unless the OP_CLONE operation failed
firmware: arm_scmi: pm: Propagate return value to caller
* net: ieee802154: handle iftypes as u32
include/net/nl802154.h
ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
ARM: dts: BCM5301X: Add interrupt properties to GPIO node
ARM: dts: BCM5301X: Fix I2C controller interrupt
netfilter: ipvs: Fix reuse connection if RS weight is 0
arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
arm64: dts: marvell: armada-37xx: declare PCIe reset pin
pinctrl: armada-37xx: Correct PWM pins definitions
pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup
pinctrl: armada-37xx: Correct mpp definitions
PCI: aardvark: Fix checking for link up via LTSSM state
PCI: aardvark: Fix link training
PCI: aardvark: Fix PCIe Max Payload Size setting
PCI: aardvark: Configure PCIe resources from 'ranges' DT property
PCI: aardvark: Update comment about disabling link training
PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
PCI: aardvark: Fix compilation on s390
PCI: aardvark: Don't touch PCIe registers if no card connected
PCI: aardvark: Indicate error in 'val' when config read fails
PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros
PCI: aardvark: Issue PERST via GPIO
PCI: aardvark: Improve link training
PCI: aardvark: Train link immediately after enabling training
PCI: aardvark: Wait for endpoint to be ready before training link
PCI: aardvark: Fix a leaked reference by adding missing of_node_put()
proc/vmcore: fix clearing user buffer by properly using clear_user()
xtensa: use CONFIG_USE_OF instead of CONFIG_OF
* tracing: Fix pid filtering when triggers are attached
kernel/trace/trace.h
xen: detect uninitialized xenbus in xenbus_init
xen: don't continue xenstore initialization in case of errors
* fuse: fix page stealing
fs/fuse/dev.c
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
media: cec: copy sequence field for the reply
ALSA: ctxfi: Fix out-of-range access
* binder: fix test regression due to sender_euid change
drivers/android/binder.c
* usb: hub: Fix locking issues with address0_mutex
drivers/usb/core/hub.c
* usb: hub: Fix usb enumeration issue due to address0 race
drivers/usb/core/hub.c
usb: dwc2: hcd_queue: Fix use of floating point literal
USB: serial: option: add Fibocom FM101-GL variants
USB: serial: option: add Telit LE910S1 0x9200 composition
* Revert "net: sched: update default qdisc visibility after Tx queue cnt changes"
include/net/sch_generic.h
net/core/dev.c
net/sched/sch_generic.c
net/sched/sch_mq.c
* Revert "serial: core: Fix initializing and restoring termios speed"
drivers/tty/serial/serial_core.c
include/linux/console.h
ANDROID: GKI: disable CONFIG_FORTIFY_SOURCE
Merge 4.19.218 into android-4.19-stable
Linux 4.19.218
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
usb: max-3421: Use driver data instead of maintaining a list of bound devices
* ASoC: DAPM: Cover regression by kctl change notification fix
sound/soc/soc-dapm.c
* RDMA/netlink: Add __maybe_unused to static inline in C file
include/rdma/rdma_netlink.h
batman-adv: Don't always reallocate the fragmentation skb head
batman-adv: Reserve needed_*room for fragments
batman-adv: Consider fragmentation for needed_headroom
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
* perf/core: Avoid put_page() when GUP fails
kernel/events/core.c
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drm/udl: fix control-message timeout
* cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
net/wireless/util.c
parisc/sticon: fix reverse colors
btrfs: fix memory ordering between normal and ordered work functions
udf: Fix crash after seekdir
x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
* mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
mm/slab.h
ipc: WARN if trying to remove ipc object which is absent
hexagon: export raw I/O routines for modules
* tun: fix bonding active backup with arp monitoring
drivers/net/tun.c
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
NFC: reorder the logic in nfc_{un,}register_device
NFC: reorganize the functions in nci_request
i40e: Fix display error code in dmesg
i40e: Fix changing previously set num_queue_pairs for PFs
i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix correct max_pkt_size on VF RX queue
* net: virtio_net_hdr_to_skb: count transport header in UFO
include/linux/virtio_net.h
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
mips: lantiq: add support for clk_get_parent()
mips: bcm63xx: add support for clk_get_parent()
MIPS: generic/yamon-dt: fix uninitialized variable error
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
iavf: check for null in iavf_fix_features
net: bnx2x: fix variable dereferenced before check
drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
* sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
kernel/sched/core.c
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sh: define __BIG_ENDIAN for math-emu
sh: fix kconfig unmet dependency warning for FRAME_POINTER
* f2fs: fix up f2fs_lookup tracepoints
include/trace/events/f2fs.h
maple: fix wrong return value of maple_bus_init().
sh: check return code of request_irq
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
ALSA: gus: fix null pointer dereference on pointer block
powerpc/5200: dts: fix memory node unit name
scsi: target: Fix alua_tg_pt_gps_count tracking
* scsi: target: Fix ordered tag handling
include/target/target_core_base.h
MIPS: sni: Fix the build
* tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
drivers/tty/tty_buffer.c
* ALSA: ISA: not for M68K
sound/core/Makefile
sound/isa/Kconfig
sound/pci/Kconfig
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ARM: dts: omap: fix gpmc,mux-add-data type
* firmware_loader: fix pre-allocated buf built-in firmware use
drivers/base/firmware_loader/main.c
scsi: advansys: Fix kernel pointer leak
ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
arm64: dts: freescale: fix arm,sp805 compatible string
usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
usb: musb: tusb6010: check return value after calling platform_get_resource()
arm64: dts: hisilicon: fix arm,sp805 compatible string
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
arm64: zynqmp: Fix serial compatible string
arm64: zynqmp: Do not duplicate flash partition label property
erofs: fix unsafe pagevec reuse of hooked pclusters
erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
* PCI: Add MSI masking quirk for Nvidia ION AHCI
drivers/pci/quirks.c
* PCI/MSI: Deal with devices lying about their MSI mask capability
drivers/pci/msi.c
include/linux/pci.h
* PCI/MSI: Destroy sysfs before freeing entries
drivers/pci/msi.c
parisc/entry: fix trace test in syscall exit path
* fortify: Explicitly disable Clang support
security/Kconfig
* ext4: fix lazy initialization next schedule time computation in more granular unit
fs/ext4/super.c
x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
* fuse: truncate pagecache on atomic_o_trunc
fs/fuse/file.c
* PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
include/uapi/linux/pci_regs.h
s390/tape: fix timer initialization in tape_std_assign()
s390/cio: check the subchannel validity for dev_busid
* video: backlight: Drop maximum brightness override for brightness zero
drivers/video/backlight/backlight.c
backlight: gpio-backlight: Correct initial power state handling
* mm, oom: do not trigger out_of_memory from the #PF
mm/oom_kill.c
* mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
mm/oom_kill.c
powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
powerpc/security: Add a helper to query stf_barrier type
powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
powerpc/bpf: Validate branch ranges
powerpc/lib: Add helper to check if offset is within conditional branch range
9p/net: fix missing error check in p9_check_errors
* f2fs: should use GFP_NOFS for directory inodes
fs/f2fs/inode.c
fs/f2fs/namei.c
ARM: 9156/1: drop cc-option fallbacks for architecture selection
ARM: 9155/1: fix early early_iounmap()
USB: chipidea: fix interrupt deadlock
cxgb4: fix eeprom len when diagnostics not implemented
vsock: prevent unnecessary refcnt inc for nonblocking connect
* arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
arch/arm64/include/asm/pgtable.h
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
* llc: fix out-of-bound array index in llc_sk_dev_hash()
include/net/llc.h
* zram: off by one in read_block_state()
drivers/block/zram/zram_drv.c
* mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
mm/zsmalloc.c
* bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
drivers/net/bonding/bond_sysfs_slave.c
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
net: davinci_emac: Fix interrupt pacing disable
xen-pciback: Fix return in pm_ctrl_init()
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
scsi: qla2xxx: Turn off target reset during issue_lip
scsi: qla2xxx: Fix gnl list corruption
* ar7: fix kernel builds for compiler test
drivers/watchdog/Kconfig
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
m68k: set a default value for MEMORY_RESERVE
* dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
drivers/dma/dmaengine.h
* netfilter: nfnetlink_queue: fix OOB when mac header was cleared
net/netfilter/nfnetlink_queue.c
auxdisplay: ht16k33: Fix frame buffer device blanking
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
NFS: Fix deadlocks in nfs_scan_commit_list()
PCI: aardvark: Don't spam about PIO Response Status
* drm/plane-helper: fix uninitialized variable reference
drivers/gpu/drm/drm_plane_helper.c
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
* rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
include/linux/rpmsg.h
apparmor: fix error check
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
mips: cm: Convert to bitfield API to fix out-of-bounds access
serial: xilinx_uartps: Fix race condition causing stuck TX
phy: qcom-qusb2: Fix a memory leak on probe
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
ASoC: cs42l42: Correct some register default values
RDMA/mlx4: Return missed an error if device doesn't support steering
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
power: supply: rt5033_battery: Change voltage values to µV
usb: gadget: hid: fix error code in do_config()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
video: fbdev: chipsfb: use memset_io() instead of memset()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
arm: dts: omap3-gta04a4: accelerometer irq fix
ALSA: hda: Reduce udelay() at SKL+ position reporting
JFS: fix memleak in jfs_mount
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
scsi: dc395: Fix error case unwinding
ARM: dts: at91: tse850: the emac<->phy interface is rmii
RDMA/bnxt_re: Fix query SRQ failure
arm64: dts: rockchip: Fix GPU register width for RK3328
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
RDMA/rxe: Fix wrong port_cap_flags
ibmvnic: Process crqs after enabling interrupts
selftests/bpf: Fix fclose/pclose mismatch in test_progs
crypto: pcrypt - Delay write to padata->info
net: phylink: avoid mvneta warning when setting pause parameters
net: amd-xgbe: Toggle PLL settings during rate change
wcn36xx: add proper DMA memory barriers in rx path
libertas: Fix possible memory leak in probe and disconnect
libertas_tf: Fix possible memory leak in probe and disconnect
KVM: s390: Fix handle_sske page fault handling
samples/kretprobes: Fix return value if register_kretprobe() failed
* tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
net/ipv4/tcp.c
irq: mips: avoid nested irq_enter()
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
drm/msm: Fix potential NULL dereference in DPU SSPP
* clocksource/drivers/timer-ti-dm: Select TIMER_OF
drivers/clocksource/Kconfig
PM: hibernate: fix sparse warnings
nvme-rdma: fix error code in nvme_rdma_setup_ctrl
phy: micrel: ksz8041nl: do not use power down mode
mwifiex: Send DELBA requests according to spec
rsi: stop thread firstly in rsi_91x_init() error handling
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mmc: mxs-mmc: disable regulator on error and in the remove function
* net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
net/core/stream.c
drm/msm: uninitialized variable in msm_gem_import()
ath10k: fix max antenna gain unit
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
* hwmon: Fix possible memleak in __hwmon_device_register()
drivers/hwmon/hwmon.c
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
memstick: avoid out-of-range warning
mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
b43: fix a lower bounds test
b43legacy: fix a lower bounds test
hwrng: mtk - Force runtime pm ops for sleep ops
crypto: qat - disregard spurious PFVF interrupts
crypto: qat - detect PFVF collision after ACK
media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
ath9k: Fix potential interrupt storm on queue reset
media: em28xx: Don't use ops->suspend if it is NULL
* cpuidle: Fix kobject memory leaks in error paths
drivers/cpuidle/sysfs.c
media: cx23885: Fix snd_card_free call on null card pointer
media: si470x: Avoid card name truncation
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: dvb-usb: fix ununit-value in az6027_rc_query
media: em28xx: add missing em28xx_close_extension
drm/amdgpu: fix warning for overflow check
net: dsa: rtl8366rb: Fix off-by-one bug
* cgroup: Make rebind_subsystems() disable v2 controllers all at once
kernel/cgroup/cgroup.c
* Bluetooth: fix init and cleanup of sco_conn.timeout_work
net/bluetooth/sco.c
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
* task_stack: Fix end_of_stack() for architectures with upwards-growing stack
include/linux/sched/task_stack.h
parisc: fix warning in flush_tlb_all
x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
* gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
net/ipv6/addrconf.c
ARM: clang: Do not rely on lr register for stacktrace
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
iwlwifi: mvm: disable RX-diversity in powersave
PM: hibernate: Get block device exclusively in swsusp_check()
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
tracing/cfi: Fix cmp_entries_* functions signature mismatch
* workqueue: make sysfs of unbound kworker cpumask more clever
kernel/workqueue.c
* lib/xz: Validate the value before assigning it to an enum variable
lib/xz/xz_dec_stream.c
* lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/xz/xz_dec_lzma2.c
memstick: r592: Fix a UAF bug when removing the driver
leaking_addresses: Always print a trailing newline
ACPI: battery: Accept charges over the design capacity as full
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
* tracefs: Have tracefs directories not set OTH permission bits by default
fs/tracefs/inode.c
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
ACPICA: Avoid evaluating methods too early during system resume
media: rcar-csi2: Add checking to rcsi2_start_receiver()
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
media: mceusb: return without resubmitting URB in case of -EPROTO error.
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: uvcvideo: Return -EIO for control errors
media: uvcvideo: Set capability in s_param
media: netup_unidvb: handle interrupt properly according to the firmware
media: mt9p031: Fix corrupted frame after restarting stream
mwifiex: Properly initialize private structure on interface type changes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
x86: Increase exception stack sizes
smackfs: Fix use-after-free in netlbl_catmap_walk()
* net: sched: update default qdisc visibility after Tx queue cnt changes
include/net/sch_generic.h
net/core/dev.c
net/sched/sch_generic.c
net/sched/sch_mq.c
locking/lockdep: Avoid RCU-induced noinstr fail
MIPS: lantiq: dma: reset correct number of channel
MIPS: lantiq: dma: add small delay after reset
platform/x86: wmi: do not fail if disabling fails
* Bluetooth: fix use-after-free error in lock_sock_nested()
net/bluetooth/l2cap_sock.c
* Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
net/bluetooth/sco.c
* drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
drivers/gpu/drm/drm_panel_orientation_quirks.c
USB: iowarrior: fix control-message timeouts
USB: serial: keyspan: fix memleak on probe errors
iio: dac: ad5446: Fix ad5622_write() return value
* pinctrl: core: fix possible memory leak in pinctrl_enable()
drivers/pinctrl/core.c
* quota: correct error number in free_dqentry()
fs/quota/quota_tree.c
* quota: check block number when reading the block in quota file
fs/quota/quota_tree.c
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Do not clear status bits of masked interrupts
xen/balloon: add late_initcall_sync() for initial ballooning done
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: mixer: oss: Fix racy access to slots
* serial: core: Fix initializing and restoring termios speed
drivers/tty/serial/serial_core.c
include/linux/console.h
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
power: supply: max17042_battery: use VFSOC for capacity when no rsns
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
* signal: Remove the bogus sigkill_pending in ptrace_stop
kernel/signal.c
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
rsi: Fix module dev_oper_mode parameter description
rsi: fix rate mask set leading to P2P failure
rsi: fix key enabled check causing unwanted encryption for vap_id > 0
rsi: fix occasional initialisation failure with BT coex
wcn36xx: handle connection loss indication
libata: fix checking of DMA state
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: Fix HT40 capability for 2Ghz band
evm: mark evm_fixmode as __ro_after_init
rtl8187: fix control-message timeouts
* PCI: Mark Atheros QCA6174 to avoid bus reset
drivers/pci/quirks.c
ath10k: fix division by zero in send path
ath10k: fix control-message timeout
ath6kl: fix control-message timeout
ath6kl: fix division by zero in send path
mwifiex: fix division by zero in fw download path
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
hwmon: (pmbus/lm25066) Add offset coefficients
ia64: kprobes: Fix to pass correct trampoline address to the handler
btrfs: call btrfs_check_rw_degradable only if there is a missing device
btrfs: fix lost error handling when replaying directory deletes
btrfs: clear MISSING device status bit in btrfs_close_one_device
vmxnet3: do not stop tx queues after netif_device_detach()
watchdog: Fix OMAP watchdog early handling
spi: spl022: fix Microwire full duplex mode
xen/netfront: stop tx queues during live migration
* bpf: Prevent increasing bpf_jit_limit above max
include/linux/filter.h
kernel/bpf/core.c
net/core/sysctl_net_core.c
* drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
drivers/gpu/drm/drm_panel_orientation_quirks.c
* mmc: winbond: don't build on M68K
drivers/mmc/host/Kconfig
hyperv/vmbus: include linux/bitops.h
sfc: Don't use netif_info before net_device setup
cavium: Fix return values of the probe function
scsi: qla2xxx: Fix unmap of already freed sgl
cavium: Return negative value when pci_alloc_irq_vectors() fails
x86/irq: Ensure PI wakeup handler is unregistered before module unload
x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
* ALSA: timer: Unconditionally unlink slave instances, too
sound/core/timer.c
* ALSA: timer: Fix use-after-free problem
sound/core/timer.c
ALSA: synth: missing check for possible NULL after the call to kstrdup
* ALSA: usb-audio: Add registration quirk for JBL Quantum 400
sound/usb/quirks.c
ALSA: line6: fix control and interrupt message timeouts
ALSA: 6fire: fix control and bulk message timeouts
ALSA: ua101: fix division by zero at probe
ALSA: hda/realtek: Add quirk for Clevo PC70HS
media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
media: ite-cir: IR receiver stop working after receive overflow
crypto: s5p-sss - Add error handling in s5p_aes_probe()
firmware/psci: fix application of sizeof to pointer
tpm: Check for integer overflow in tpm2_map_response_body()
parisc: Fix ptrace check on syscall return
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
ocfs2: fix data corruption on truncate
* libata: fix read log timeout value
include/linux/libata.h
Input: i8042 - Add quirk for Fujitsu Lifebook T725
Input: elantench - fix misreporting trackpoint coordinates
* binder: use cred instead of task for selinux checks
drivers/android/binder.c
include/linux/lsm_hooks.h
include/linux/security.h
security/security.c
security/selinux/hooks.c
* binder: use euid from cred instead of using task
drivers/android/binder.c
* xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
drivers/usb/host/xhci-hub.c
* ANDROID: usb: gadget: f_accessory: Mitgate handling of non-existent USB request
drivers/usb/gadget/function/f_accessory.c
* UPSTREAM: binder: use cred instead of task for getsecid
drivers/android/binder.c
include/linux/security.h
* FROMGIT: binder: fix test regression due to sender_euid change
drivers/android/binder.c
* BACKPORT: binder: use cred instead of task for selinux checks
drivers/android/binder.c
include/linux/lsm_hooks.h
include/linux/security.h
security/security.c
security/selinux/hooks.c
* UPSTREAM: binder: use euid from cred instead of using task
drivers/android/binder.c
* ANDROID: setlocalversion: make KMI_GENERATION optional
scripts/setlocalversion
Merge 4.19.217 into android-4.19-stable
Linux 4.19.217
rsi: fix control-message timeout
staging: rtl8192u: fix control-message timeouts
staging: r8712u: fix control-message timeout
comedi: vmk80xx: fix bulk and interrupt message timeouts
comedi: vmk80xx: fix bulk-buffer overflow
comedi: vmk80xx: fix transfer-buffer overflows
comedi: ni_usb6501: fix NULL-deref in command paths
comedi: dt9812: fix DMA buffers on stack
isofs: Fix out of bound access for corrupted isofs image
* printk/console: Allow to disable console output by using console="" or console=null
kernel/printk/printk.c
* usb-storage: Add compatibility quirk flags for iODD 2531/2541
drivers/usb/storage/unusual_devs.h
usb: musb: Balance list entry in musb_gadget_queue
* usb: gadget: Mark USB_FSL_QE broken on 64-bit
drivers/usb/gadget/udc/Kconfig
* usb: ehci: handshake CMD_RUN instead of STS_HALT
drivers/usb/host/ehci-hcd.c
drivers/usb/host/ehci-platform.c
drivers/usb/host/ehci.h
Revert "x86/kvm: fix vcpu-id indexed array sizes"
Merge 4.19.216 into android-4.19-stable
Linux 4.19.216
* ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
drivers/amba/bus.c
* arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
include/asm-generic/pgtable.h
sfc: Fix reading non-legacy supported link modes
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
IB/qib: Use struct_size() helper
media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
* scsi: core: Put LLD module refcnt after SCSI device is released
drivers/scsi/scsi.c
drivers/scsi/scsi_sysfs.c
* UPSTREAM: security: selinux: allow per-file labeling for bpffs
security/selinux/hooks.c
Bug: 210364486
Change-Id: I6232c6c7fde1bf54c16a32dd632456dc41e01e6e
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Greg Kroah-Hartman
|
c8fea9b939 |
Merge 4.19.219 into android-4.19-stable
Changes in 4.19.219 USB: serial: option: add Telit LE910S1 0x9200 composition USB: serial: option: add Fibocom FM101-GL variants usb: dwc2: hcd_queue: Fix use of floating point literal usb: hub: Fix usb enumeration issue due to address0 race usb: hub: Fix locking issues with address0_mutex binder: fix test regression due to sender_euid change ALSA: ctxfi: Fix out-of-range access media: cec: copy sequence field for the reply HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() fuse: fix page stealing xen: don't continue xenstore initialization in case of errors xen: detect uninitialized xenbus in xenbus_init tracing: Fix pid filtering when triggers are attached xtensa: use CONFIG_USE_OF instead of CONFIG_OF proc/vmcore: fix clearing user buffer by properly using clear_user() PCI: aardvark: Fix a leaked reference by adding missing of_node_put() PCI: aardvark: Wait for endpoint to be ready before training link PCI: aardvark: Train link immediately after enabling training PCI: aardvark: Improve link training PCI: aardvark: Issue PERST via GPIO PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros PCI: aardvark: Indicate error in 'val' when config read fails PCI: aardvark: Don't touch PCIe registers if no card connected PCI: aardvark: Fix compilation on s390 PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() PCI: aardvark: Update comment about disabling link training PCI: aardvark: Configure PCIe resources from 'ranges' DT property PCI: aardvark: Fix PCIe Max Payload Size setting PCI: aardvark: Fix link training PCI: aardvark: Fix checking for link up via LTSSM state pinctrl: armada-37xx: Correct mpp definitions pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup pinctrl: armada-37xx: Correct PWM pins definitions arm64: dts: marvell: armada-37xx: declare PCIe reset pin arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function netfilter: ipvs: Fix reuse connection if RS weight is 0 ARM: dts: BCM5301X: Fix I2C controller interrupt ARM: dts: BCM5301X: Add interrupt properties to GPIO node ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer ASoC: topology: Add missing rwsem around snd_ctl_remove() calls net: ieee802154: handle iftypes as u32 firmware: arm_scmi: pm: Propagate return value to caller NFSv42: Don't fail clone() unless the OP_CLONE operation failed ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE scsi: mpt3sas: Fix kernel panic during drive powercycle test drm/vc4: fix error code in vc4_create_object() ipv6: fix typos in __ip6_finish_output() net/smc: Ensure the active closing peer first closes clcsock PM: hibernate: use correct mode for swsusp_close() tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 net/smc: Don't call clcsock shutdown twice when smc shutdown net: hns3: fix VF RSS failed problem after PF enable multi-TCs vhost/vsock: fix incorrect used length reported to the guest tracing: Check pid filtering when creating events s390/mm: validate VMA in PGSTE manipulation functions hugetlbfs: flush TLBs correctly after huge_pmd_unshare NFC: add NCI_UNREG flag to eliminate the race fuse: release pipe buf after last use xen: sync include/xen/interface/io/ring.h with Xen's newest version xen/blkfront: read response from backend only once xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: don't trust the backend response data blindly xen/netfront: read response from backend only once xen/netfront: don't read data from request on the ring page xen/netfront: disentangle tx_skb_freelist xen/netfront: don't trust the backend response data blindly tty: hvc: replace BUG_ON() with negative return value Linux 4.19.219 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I08d2ac89cddf44071c644a999ca39fc5230b1b21 |
||
|
Miklos Szeredi
|
22b814fdce |
fuse: release pipe buf after last use
commit 473441720c8616dfaf4451f9c7ea14f0eb5e5d65 upstream. Checking buf->flags should be done before the pipe_buf_release() is called on the pipe buffer, since releasing the buffer might modify the flags. This is exactly what page_cache_pipe_buf_release() does, and which results in the same VM_BUG_ON_PAGE(PageLRU(page)) that the original patch was trying to fix. Reported-by: Justin Forbes <jmforbes@linuxtx.org> Fixes: 712a951025c0 ("fuse: fix page stealing") Cc: <stable@vger.kernel.org> # v2.6.35 Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Miklos Szeredi
|
65f1f3eb09 |
fuse: fix page stealing
commit 712a951025c0667ff00b25afc360f74e639dfabe upstream.
It is possible to trigger a crash by splicing anon pipe bufs to the fuse
device.
The reason for this is that anon_pipe_buf_release() will reuse buf->page if
the refcount is 1, but that page might have already been stolen and its
flags modified (e.g. PG_lru added).
This happens in the unlikely case of fuse_dev_splice_write() getting around
to calling pipe_buf_release() after a page has been stolen, added to the
page cache and removed from the page cache.
Fix by calling pipe_buf_release() right after the page was inserted into
the page cache. In this case the page has an elevated refcount so any
release function will know that the page isn't reusable.
Reported-by: Frank Dinoff <fdinoff@google.com>
Link: https://lore.kernel.org/r/CAAmZXrsGg2xsP1CK+cbuEMumtrqdvD-NKnWzhNcvn71RV3c1yw@mail.gmail.com/
Fixes:
|
||
|
Lucas Wei
|
b2bed6615a |
Merge android-4.19-stable (4.19.202) into android-msm-pixel-4.19-lts
Merge 4.19.202 into android-4.19-stable
Linux 4.19.202
spi: mediatek: Fix fifo transfer
* padata: add separate cpuhp node for CPUHP_PADATA_DEAD
include/linux/padata.h
* padata: validate cpumask without removed CPU during offline
include/linux/cpuhotplug.h
Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
firmware: arm_scmi: Ensure drivers provide a probe function
drm/i915: Ensure intel_engine_init_execlist() builds with Clang
* Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
net/bluetooth/hci_core.c
* bdi: add a ->dev_name field to struct backing_dev_info
include/linux/backing-dev-defs.h
mm/backing-dev.c
* bdi: use bdi_dev_name() to get device name
block/blk-cgroup.c
include/trace/events/wbt.h
* bdi: move bdi_dev_name out of line
include/linux/backing-dev.h
mm/backing-dev.c
* net: Fix zero-copy head len calculation.
net/core/skbuff.c
qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
* r8152: Fix potential PM refcount imbalance
drivers/net/usb/r8152.c
ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
* regulator: rt5033: Fix n_voltages settings for BUCK and LDO
include/linux/mfd/rt5033-private.h
btrfs: mark compressed range uptodate only if all bio succeed
Merge 4.19.201 into android-4.19-stable
Linux 4.19.201
i40e: Add additional info to PHY type error
Revert "perf map: Fix dso->nsinfo refcounting"
powerpc/pseries: Fix regression while building external modules
can: hi311x: fix a signedness bug in hi3110_cmd()
sis900: Fix missing pci_disable_device() in probe and remove
tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
* sctp: fix return value check in __sctp_rcv_asconf_lookup
net/sctp/input.c
net/mlx5: Fix flow table chaining
* net: llc: fix skb_over_panic
include/net/llc_pdu.h
mlx4: Fix missing error code in mlx4_load_one()
* tipc: fix sleeping in tipc accept routine
net/tipc/socket.c
i40e: Fix log TC creation failure when max num of queues is exceeded
i40e: Fix logic of disabling queues
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
* netfilter: conntrack: adjust stop timestamp to real expiry value
net/netfilter/nf_conntrack_core.c
* cfg80211: Fix possible memory leak in function cfg80211_bss_update
net/wireless/scan.c
nfc: nfcsim: fix use after free during module unload
NIU: fix incorrect error return, missed in previous revert
can: esd_usb2: fix memory leak
can: ems_usb: fix memory leak
can: usb_8dev: fix memory leak
can: mcba_usb_start(): add missing urb->transfer_dma initialization
can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
ocfs2: issue zeroout to EOF blocks
ocfs2: fix zero out valid data
x86/kvm: fix vcpu-id indexed array sizes
btrfs: fix rw device counting in __btrfs_free_extra_devids
x86/asm: Ensure asm/proto.h can be included stand-alone
* gro: ensure frag0 meets IP header alignment
include/linux/skbuff.h
net/core/dev.c
* virtio_net: Do not pull payload in skb->head
include/linux/virtio_net.h
Merge 4.19.200 into android-4.19-stable
Linux 4.19.200
ARM: dts: versatile: Fix up interrupt controller node names
cifs: fix the out of range assignment to bit fields in parse_server_interfaces
firmware: arm_scmi: Fix range check for the maximum number of pending messages
firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
hfs: add lock nesting notation to hfs_find_init
hfs: fix high memory mapping in hfs_bnode_read
hfs: add missing clean-up in hfs_fill_super
* sctp: move 198 addresses from unusable to private scope
include/net/sctp/constants.h
net/sctp/protocol.c
* net: annotate data race around sk_ll_usec
include/net/busy_poll.h
net/core/sock.c
net/802/garp: fix memleak in garp_request_join()
net/802/mrp: fix memleak in mrp_request_join()
* workqueue: fix UAF in pwq_unbound_release_workfn()
kernel/workqueue.c
* af_unix: fix garbage collect vs MSG_PEEK
net/unix/af_unix.c
* net: split out functions related to registering inflight socket files
include/net/af_unix.h
net/Makefile
net/unix/Kconfig
net/unix/Makefile
net/unix/af_unix.c
net/unix/garbage.c
net/unix/scm.c
net/unix/scm.h
KVM: x86: determine if an exception has an error code only when injecting it.
iio: dac: ds4422/ds4424 drop of_node check
selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
* ANDROID: staging: ion: move buffer kmap from begin/end_cpu_access()
drivers/staging/android/ion/ion.c
Merge 4.19.199 into android-4.19-stable
Linux 4.19.199
* xhci: add xhci_get_virt_ep() helper
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.h
spi: spi-fsl-dspi: Fix a resource leak in an error handling path
* PCI: Mark AMD Navi14 GPU ATS as broken
drivers/pci/quirks.c
btrfs: compression: don't try to compress if we don't have enough pages
iio: accel: bma180: Fix BMA25x bandwidth register values
iio: accel: bma180: Use explicit member assignment
net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
KVM: do not allow mapping valid but non-reference-counted pages
KVM: do not assume PTE is writable after follow_pfn
* drm: Return -ENOTTY for non-drm ioctls
drivers/gpu/drm/drm_ioctl.c
include/drm/drm_ioctl.h
nds32: fix up stack guard gap
selftest: use mmap instead of posix_memalign to allocate memory
ixgbe: Fix packet corruption due to missing DMA sync
media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
* tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
kernel/trace/ring_buffer.c
usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
USB: serial: cp210x: fix comments for GE CS1000
USB: serial: option: add support for u-blox LARA-R6 family
usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
usb: max-3421: Prevent corruption of freed memory
USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
* usb: hub: Fix link power management max exit latency (MEL) calculations
drivers/usb/core/hub.c
* usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
drivers/usb/core/hub.c
KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
* xhci: Fix lost USB 2 remote wake
drivers/usb/host/xhci-hub.c
ALSA: sb: Fix potential ABBA deadlock in CSP driver
* ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
sound/usb/quirks.c
s390/ftrace: fix ftrace_update_ftrace_func implementation
Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one"
* proc: Avoid mixing integer types in mem_rw()
fs/proc/base.c
drm/panel: raspberrypi-touchscreen: Prevent double-free
* net: sched: cls_api: Fix the the wrong parameter
net/sched/cls_api.c
* sctp: update active_key for asoc when old key is being replaced
net/sctp/auth.c
* Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
drivers/usb/core/quirks.c
nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
net/sched: act_skbmod: Skip non-Ethernet packets
* net/tcp_fastopen: fix data races around tfo_active_disable_stamp
net/ipv4/tcp_fastopen.c
spi: cadence: Correct initialisation of runtime PM again
scsi: target: Fix protect handling in WRITE SAME(32)
scsi: iscsi: Fix iface sysfs attr detection
netrom: Decrease sock refcount when sock timers expire
KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
net: decnet: Fix sleeping inside in af_decnet
net: fix uninit-value in caif_seqpkt_sendmsg
bpftool: Check malloc return value in mount_bpffs_for_pin
s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
liquidio: Fix unintentional sign extension issue on left shift of u16
spi: mediatek: fix fifo rx mode
perf probe-file: Delete namelist in del_events() on the error path
perf test bpf: Free obj_buf
perf lzma: Close lzma stream on exit
perf dso: Fix memory leak in dso__new_map()
perf probe: Fix dso->nsinfo refcounting
perf map: Fix dso->nsinfo refcounting
nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
* ipv6: fix 'disable_policy' for fwd packets
net/ipv6/ip6_output.c
igb: Fix position of assignment to *ring
igb: Check if num of q_vectors is smaller than max before array access
iavf: Fix an error handling path in 'iavf_probe()'
e1000e: Fix an error handling path in 'e1000_probe()'
fm10k: Fix an error handling path in 'fm10k_probe()'
igb: Fix an error handling path in 'igb_probe()'
ixgbe: Fix an error handling path in 'ixgbe_probe()'
igb: Fix use-after-free error during reset
* net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
net/ipv4/ip_tunnel.c
* udp: annotate data races around unix_sk(sk)->gso_size
net/ipv4/udp.c
net/ipv6/udp.c
bpftool: Properly close va_list 'ap' by va_end() on error
* ipv6: tcp: drop silly ICMPv6 packet too big messages
net/ipv4/tcp_output.c
net/ipv6/tcp_ipv6.c
* tcp: annotate data races around tp->mtu_info
net/ipv4/tcp_ipv4.c
net/ipv6/tcp_ipv6.c
* dma-buf/sync_file: Don't leak fences on merge failure
drivers/dma-buf/sync_file.c
* net: validate lwtstate->data before returning from skb_tunnel_info()
include/net/dst_metadata.h
* net: send SYNACK packet with accepted fwmark
net/ipv6/tcp_ipv6.c
net: ti: fix UAF in tlan_remove_one
net: qcom/emac: fix UAF in emac_remove
net: moxa: fix UAF in moxart_mac_probe
net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
* net: bridge: sync fdb to new unicast-filtering ports
net/bridge/br_if.c
* netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
net/netfilter/nf_conntrack_netlink.c
* net: ipv6: fix return value of ip6_skb_dst_mtu
include/net/ip6_route.h
net/ipv6/xfrm6_output.c
net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
dm writecache: fix writing beyond end of underlying device when shrinking
dm writecache: return the exact table values that were set
* mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
mm/slab_common.c
* sched/fair: Fix CFS bandwidth hrtimer expiry type
kernel/sched/fair.c
scsi: libfc: Fix array index out of bound exception
scsi: libsas: Add LUN number check in .slave_alloc callback
scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
rtc: max77686: Do not enforce (incorrect) interrupt trigger type
* kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
scripts/mkcompile_h
* thermal/core: Correct function name thermal_zone_device_unregister()
drivers/thermal/thermal_core.c
arm64: dts: ls208xa: remove bus-num from dspi node
soc/tegra: fuse: Fix Tegra234-only builds
ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings
ARM: dts: rockchip: fix supply properties in io-domains nodes
arm64: dts: juno: Update SCPI nodes as per the YAML schema
ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings
ARM: dts: stm32: fix RCC node name on stm32f429 MCU
ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
rtc: mxc_v2: add missing MODULE_DEVICE_TABLE
ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
ARM: dts: Hurricane 2: Fix NAND nodes names
ARM: dts: BCM63xx: Fix NAND nodes names
ARM: NSP: dts: fix NAND nodes names
ARM: Cygnus: dts: fix NAND nodes names
ARM: brcmstb: dts: fix NAND nodes names
reset: ti-syscon: fix to_ti_syscon_reset_data macro
arm64: dts: rockchip: Fix power-controller node names for rk3328
ARM: dts: rockchip: Fix power-controller node names for rk3288
ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
ARM: dts: rockchip: Fix the timer clocks order
arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
ARM: dts: gemini: add device_type on pci
ARM: dts: gemini: rename mdio to the right name
* ANDROID: generate_initcall_order.pl: Use two dash long options for llvm-nm
scripts/generate_initcall_order.pl
* Revert "media: subdev: disallow ioctl for saa6588/davinci"
include/media/v4l2-subdev.h
* ANDROID: GKI: fix up crc change in ip.h
include/net/ip.h
Merge 4.19.198 into android-4.19-stable
Linux 4.19.198
* seq_file: disallow extremely large seq buffer allocations
fs/seq_file.c
scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
* net: bridge: multicast: fix PIM hello router port marking race
net/bridge/br_multicast.c
MIPS: vdso: Invalid GIC access through VDSO
mips: disable branch profiling in boot/decompress.o
mips: always link byteswap helpers into decompressor
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery
ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems
ARM: dts: imx6q-dhcom: Fix ethernet reset time properties
ARM: dts: am437x: align ti,pindir-d0-out-d1-in property with dt-shema
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
memory: fsl_ifc: fix leak of private memory on probe failure
memory: fsl_ifc: fix leak of IO mapping on probe failure
* reset: bail if try_module_get() fails
drivers/reset/core.c
ARM: dts: BCM5301X: Fixup SPI binding
ARM: dts: r8a7779, marzen: Fix DU clock names
arm64: dts: renesas: v3msk: Fix memory size
* rtc: fix snprintf() checking in is_rtc_hctosys()
drivers/rtc/rtc-proc.c
memory: atmel-ebi: add missing of_node_put for loop iteration
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
reset: a10sr: add missing of_match_table reference
hexagon: use common DISCARDS macro
NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
ALSA: isa: Fix error return code in snd_cmi8330_probe()
virtio_net: move tx vq operation under tx queue lock
x86/fpu: Limit xstate copy size in xstateregs_set()
PCI: iproc: Support multi-MSI only on uniprocessor kernel
PCI: iproc: Fix multi-MSI base vector number allocation
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
nfs: fix acl memory leak of posix_acl_create()
watchdog: aspeed: fix hardware timeout calculation
um: fix error return code in winch_tramp()
um: fix error return code in slip_open()
NFSv4: Initialise connection to the server in nfs4_alloc_client()
* power: supply: rt5033_battery: Fix device tree enumeration
drivers/power/supply/Kconfig
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
* f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
fs/f2fs/super.c
virtio_console: Assure used length from device is limited
virtio_net: Fix error handling in virtnet_restore()
virtio-blk: Fix memory leak among suspend/resume procedure
ACPI: video: Add quirk for the Dell Vostro 3350
ACPI: AMBA: Fix resource name in /proc/iomem
pwm: tegra: Don't modify HW state in .remove callback
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
* NFS: nfs_find_open_context() may only select open files
include/linux/nfs_fs.h
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
orangefs: fix orangefs df output.
PCI: tegra: Add missing MODULE_DEVICE_TABLE
x86/fpu: Return proper error codes from user access functions
watchdog: iTCO_wdt: Account for rebooting on second timeout
watchdog: Fix possible use-after-free by calling del_timer_sync()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free in wdt_startup()
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
power: supply: max17042: Do not enforce (incorrect) interrupt trigger type
power: supply: ab8500: Avoid NULL pointers
pwm: spear: Don't modify HW state in .remove callback
* lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
lib/decompress_unlz4.c
* i2c: core: Disable client irq on reboot/shutdown
drivers/i2c/i2c-core-base.c
intel_th: Wait until port is in reset before programming it
staging: rtl8723bs: fix macro value for 2.4Ghz only device
ALSA: hda: Add IRQ check for platform_get_irq()
backlight: lm3630a: Fix return code of .update_status() callback
powerpc/boot: Fixup device-tree on little endian
usb: gadget: hid: fix error return code in hid_bind()
* usb: gadget: f_hid: fix endianness issue with descriptors
drivers/usb/gadget/function/f_hid.c
* ALSA: bebob: add support for ToneWeal FW66
sound/firewire/Kconfig
Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
* ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
sound/soc/soc-core.c
gpio: pca953x: Add support for the On Semi pca9655
selftests/powerpc: Fix "no_handler" EBB selftest
ALSA: ppc: fix error return code in snd_pmac_probe()
gpio: zynq: Check return value of pm_runtime_get_sync
powerpc/ps3: Add dma_mask to ps3_dma_region
ALSA: sb: Fix potential double-free of CSP mixer elements
selftests: timers: rtcpie: skip test if default RTC device does not exist
s390/sclp_vt220: fix console name to match device
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
scsi: qedi: Fix null ref during abort handling
scsi: iscsi: Fix shost->max_id use
* scsi: iscsi: Fix conn use after free during resets
include/scsi/libiscsi.h
* scsi: iscsi: Add iscsi_cls_conn refcount helpers
include/scsi/scsi_transport_iscsi.h
fs/jfs: Fix missing error code in lmLogInit()
scsi: scsi_dh_alua: Check for negative result value
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
ALSA: ac97: fix PM reference leak in ac97_bus_remove()
* scsi: core: Cap scsi_host cmd_per_lun at can_queue
drivers/scsi/hosts.c
scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
w1: ds2438: fixing bug that would always get page0
* Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
sound/firewire/Kconfig
misc/libmasm/module: Fix two use after free in ibmasm_init_one
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
PCI: aardvark: Fix kernel panic during PIO transfer
PCI: aardvark: Don't rely on jiffies while holding spinlock
tracing: Do not reference char * as a string in histograms
* scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
drivers/scsi/hosts.c
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
* smackfs: restrict bytes count in smk_set_cipso()
security/smack/smackfs.c
jfs: fix GPF in diFree
pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
media: gspca/sunplus: fix zero-length control requests
media: gspca/sq905: fix control-request direction
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: dtv5100: fix control-request directions
* media: subdev: disallow ioctl for saa6588/davinci
include/media/v4l2-subdev.h
PCI: aardvark: Fix checking for PIO Non-posted Request
* PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
drivers/pci/quirks.c
dm btree remove: assign new_root only when removal succeeds
* coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
drivers/hwtracing/coresight/coresight-tmc-etf.c
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
* tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
kernel/trace/trace.c
* tracing: Simplify & fix saved_tgids logic
kernel/trace/trace.c
* seq_buf: Fix overflow in seq_buf_putmem_hex()
lib/seq_buf.c
* power: supply: ab8500: Fix an old bug
include/linux/mfd/abx500/ux500_chargalg.h
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ASoC: tegra: Set driver_name=tegra for all machine drivers
* clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
drivers/clocksource/arm_arch_timer.c
* cpu/hotplug: Cure the cpusets trainwreck
kernel/cpu.c
ata: ahci_sunxi: Disable DIPM
mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
mmc: core: clear flags before allowing to retune
mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
drm/msm/mdp4: Fix modifier support enabling
pinctrl/amd: Add device HID for new AMD GPIO controller
drm/amd/display: fix incorrrect valid irq check
drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create()
* usb: gadget: f_fs: Fix setting of device and driver data cross-references
drivers/usb/gadget/function/f_fs.c
powerpc/barrier: Avoid collision with clang's __lwsync macro
* fuse: reject internal errno
fs/fuse/dev.c
serial: mvebu-uart: fix calculation of clock divisor
serial: mvebu-uart: clarify the baud rate derivation
* bdi: Do not use freezable workqueue
mm/backing-dev.c
* fscrypt: don't ignore minor_hash when hash is 0
fs/crypto/fname.c
MIPS: set mips32r5 for virt extensions
* sctp: add size validation when walking chunks
net/sctp/input.c
* sctp: validate from_addr_param return
include/net/sctp/structs.h
net/sctp/bind_addr.c
net/sctp/input.c
net/sctp/ipv6.c
net/sctp/protocol.c
net/sctp/sm_make_chunk.c
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
* Bluetooth: Shutdown controller after workqueues are flushed or cancelled
net/bluetooth/hci_core.c
* Bluetooth: Fix the HCI to MGMT status conversion table
net/bluetooth/mgmt.c
RDMA/cma: Fix rdma_resolve_route() memory leak
* net: ip: avoid OOM kills with large UDP sends over loopback
net/ipv4/ip_output.c
net/ipv6/ip6_output.c
media, bpf: Do not copy more entries than user space requested
* wireless: wext-spy: Fix out-of-bounds warning
net/wireless/wext-spy.c
sfc: error code if SRIOV cannot be disabled
sfc: avoid double pci_remove of VFs
iwlwifi: pcie: free IML DMA memory allocation
iwlwifi: mvm: don't change band on bound PHY contexts
RDMA/rxe: Don't overwrite errno from ib_umem_get()
vsock: notify server to shutdown when client has pending signal
atm: nicstar: register the interrupt handler in the right place
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
rtl8xxxu: Fix device info for RTL8192EU devices
* net: fix mistake path for netdev_features_strings
include/linux/netdev_features.h
include/uapi/linux/ethtool.h
cw1200: add missing MODULE_DEVICE_TABLE
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
* xfrm: Fix error reporting in xfrm_state_construct.
net/xfrm/xfrm_user.c
* selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
security/selinux/avc.c
fjes: check return value after calling platform_get_resource()
net: micrel: check return value after calling platform_get_resource()
net: mvpp2: check return value after calling platform_get_resource()
net: bcmgenet: check return value after calling platform_get_resource()
virtio_net: Remove BUG() to avoid machine dead
ice: set the value of global config lock timeout longer
pinctrl: mcp23s08: fix race condition in irq handler
dm space maps: don't reset space map allocation cursor when committing
RDMA/cxgb4: Fix missing error code in create_qp()
* ipv6: use prandom_u32() for ID generation
net/ipv6/output_core.c
clk: tegra: Ensure that PLLU configuration is applied properly
clk: renesas: r8a77995: Add ZA2 clock
e100: handle eeprom as little endian
udf: Fix NULL pointer dereference in udf_symlink function
drm/virtio: Fix double free on probe failure
reiserfs: add check for invalid 1st journal block
* net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
net/core/dev.c
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: iphase: fix possible use-after-free in ia_module_exit()
hugetlb: clear huge pte during flush function on mips platform
drm/amd/display: fix use_max_lb flag for 420 pixel formats
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
drm/amd/amdgpu/sriov disable all ip hw status by default
* drm/zte: Don't select DRM_KMS_FB_HELPER
drivers/gpu/drm/zte/Kconfig
* drm/mxsfb: Don't select DRM_KMS_FB_HELPER
drivers/gpu/drm/mxsfb/Kconfig
mmc: vub3000: fix control-request direction
mmc: block: Disable CMDQ on the ioctl path
perf llvm: Return -ENOMEM when asprintf() fails
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
vfio/pci: Handle concurrent vma faults
arm64: dts: marvell: armada-37xx: Fix reg for standard variant of UART
serial: mvebu-uart: correctly calculate minimal possible baudrate
powerpc: Offline CPU in stop_this_cpu()
leds: ktd2692: Fix an error handling path
leds: as3645a: Fix error return code in as3645a_parse_node()
* configfs: fix memleak in configfs_release_bin_file
fs/configfs/file.c
ASoC: atmel-i2s: Fix usage of capture and playback at the same time
extcon: max8997: Add missing modalias string
extcon: sm5502: Drop invalid register write in sm5502_reg_data
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume()
* of: Fix truncation of memory sizes on 32-bit platforms
drivers/of/fdt.c
drivers/of/of_reserved_mem.c
ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
staging: mt7621-dts: fix pci address for PCI memory range
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
eeprom: idt_89hpesx: Restore printing the unsupported fwnode name
eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
s390: appldata depends on PROC_SYSCTL
visorbus: fix error return code in visorchipset_init()
fsi/sbefifo: Fix reset timeout
fsi/sbefifo: Clean up correct FIFO when receiving reset request from SBE
fsi: scom: Reset the FSI2PIB engine for any error
fsi: core: Fix return of error values on failures
scsi: FlashPoint: Rename si_flags field
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
Input: hil_kbd - fix error return code in hil_dev_connect()
ASoC: rsnd: tidyup loop on rsnd_adg_clk_query()
ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup()
iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adis_buffer: do not return ints in irq handlers
mwifiex: re-fix for unaligned accesses
tty: nozomi: Fix a resource leak in an error handling function
RDMA/mlx5: Don't access NULL-cleared mpi pointer
net: sched: fix warning in tcindex_alloc_perfect_hash
* net: lwtunnel: handle MTU calculation in forwading
include/net/ip.h
include/net/ip6_route.h
net/ipv4/route.c
* writeback: fix obtain a reference to a freeing memcg css
fs/fs-writeback.c
* Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
net/bluetooth/hci_event.c
* Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
net/bluetooth/mgmt.c
* ipv6: fix out-of-bound access in ip6_parse_tlv()
net/ipv6/exthdrs.c
ibmvnic: free tx_pool if tso_pool alloc fails
Revert "ibmvnic: remove duplicate napi_schedule call in open function"
i40e: Fix autoneg disabling for non-10GBaseT links
i40e: Fix error handling in i40e_vsi_open
* bpf: Do not change gso_size during bpf_skb_change_proto()
net/core/filter.c
* ipv6: exthdrs: do not blindly use init_net
net/ipv6/exthdrs.c
net: bcmgenet: Fix attaching to PYH failed on RPi 4B
mac80211: remove iwlwifi specific workaround NDPs of null_response
ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
ieee802154: hwsim: Fix memory leak in hwsim_add_one
* net/ipv4: swap flow ports when validating source
net/ipv4/fib_frontend.c
vxlan: add missing rcu_read_lock() in neigh_reduce()
pkt_sched: sch_qfq: fix qfq_change_class() error path
net: ethernet: ezchip: fix error handling
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: aeroflex: fix UAF in greth_of_remove
samples/bpf: Fix the error return code of xdp_redirect's main()
RDMA/rxe: Fix qp reference counting for atomic ops
netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
netfilter: nft_osf: check for TCP packet before further processing
netfilter: nft_exthdr: check for IPv6 packet before further processing
RDMA/mlx5: Don't add slave port to unaffiliated list
* netlabel: Fix memory leak in netlbl_mgmt_add_common
net/netlabel/netlabel_mgmt.c
ath10k: Fix an error code in ath10k_add_interface()
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
brcmfmac: correctly report average RSSI in station info
brcmfmac: fix setting of station info chains bitmask
ssb: Fix error return code in ssb_bus_scan()
wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
* wireless: carl9170: fix LEDS build errors & warnings
drivers/net/wireless/ath/carl9170/Kconfig
tools/bpftool: Fix error return code in do_batch()
drm: qxl: ensure surf.data is ininitialized
RDMA/rxe: Fix failure during driver load
ehea: fix error return code in ehea_restart_qps()
drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write()
net: pch_gbe: Propagate error from devm_gpio_request_one()
net: mvpp2: Put fwnode in error case during ->probe()
ocfs2: fix snprintf() checking
blk-wbt: make sure throttle is enabled properly
* blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled()
block/blk-wbt.h
ACPI: sysfs: Fix a buffer overrun problem with description_show()
crypto: nx - Fix RCU warning in nx842_OF_upd_status
spi: spi-sun6i: Fix chipselect/clock bug
btrfs: clear log tree recovering status if starting transaction fails
hwmon: (max31790) Fix fan speed reporting for fan7..12
hwmon: (max31722) Remove non-standard ACPI device IDs
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
media: gspca/gl860: fix zero-length control requests
media: tc358743: Fix error return code in tc358743_probe_of()
media: exynos4-is: Fix a use after free in isp_video_release
pata_ep93xx: fix deferred probing
media: rc: i2c: Fix an error message
crypto: ccp - Fix a resource leak in an error handling path
evm: fix writing <securityfs>/evm overflow
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_rb532_cf: fix deferred probing
sata_highbank: fix deferred probing
crypto: ux500 - Fix error return code in hash_hw_final()
crypto: ixp4xx - dma_unmap the correct address
media: s5p_cec: decrement usage count if disabled
ia64: mca_drv: fix incorrect array size calculation
HID: wacom: Correct base usage for capacitive ExpressKey status bits
ACPI: tables: Add custom DSDT file as makefile prerequisite
* clocksource: Retry clock read if long delays detected
kernel/time/clocksource.c
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
ACPI: bus: Call kobject_put() in acpi_init() error path
ACPICA: Fix memory leak caused by _CID repair function
fs: dlm: fix memory leak when fenced
* random32: Fix implicit truncation warning in prandom_seed_state()
include/linux/prandom.h
fs: dlm: cancel work sync othercon
* block_dump: remove block_dump feature in mark_inode_dirty()
fs/fs-writeback.c
ACPI: EC: Make more Asus laptops use ECDT _GPE
* lib: vsprintf: Fix handling of number field widths in vsscanf
lib/kstrtox.c
lib/kstrtox.h
lib/vsprintf.c
hv_utils: Fix passing zero to 'PTR_ERR' warning
ACPI: processor idle: Fix up C-state latency if not ordered
EDAC/ti: Add missing MODULE_DEVICE_TABLE
* HID: do not use down_interruptible() when unbinding devices
drivers/hid/hid-core.c
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
* btrfs: disable build on platforms having page size 256K
fs/btrfs/Kconfig
btrfs: abort transaction if we fail to update the delayed inode
btrfs: fix error handling in __btrfs_update_delayed_inode
media: imx-csi: Skip first few frames from a BT.656 source
media: siano: fix device register error path
media: dvb_net: avoid speculation from net slot
* crypto: shash - avoid comparing pointers to exported functions under CFI
crypto/shash.c
include/crypto/internal/hash.h
mmc: via-sdmmc: add a check against NULL pointer dereference
media: dvd_usb: memory leak in cinergyt2_fe_attach
media: st-hva: Fix potential NULL pointer dereferences
media: bt8xx: Fix a missing check bug in bt878_probe
* media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
drivers/media/v4l2-core/v4l2-fh.c
media: em28xx: Fix possible memory leak of em28xx struct
* sched/fair: Fix ascii art by relpacing tabs
kernel/sched/fair.c
crypto: qat - remove unused macro in FW loader
crypto: qat - check return code of qat_hal_rd_rel_reg()
media: pvrusb2: fix warning in pvr2_i2c_core_done
media: cobalt: fix race condition in setting HPD
media: cpia2: fix memory leak in cpia2_usb_probe
crypto: nx - add missing MODULE_DEVICE_TABLE
regulator: uniphier: Add missing MODULE_DEVICE_TABLE
spi: omap-100k: Fix the length judgment problem
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
* spi: Make of_register_spi_device also set the fwnode
drivers/spi/spi.c
* fuse: check connected before queueing on fpq->io
fs/fuse/dev.c
evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
evm: Execute evm_inode_init_security() only when an HMAC key is loaded
powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
* seq_buf: Make trace_seq_putmem_hex() support data longer than 8
lib/seq_buf.c
* tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
include/linux/tracepoint.h
kernel/trace/bpf_trace.c
kernel/tracepoint.c
tracing/histograms: Fix parsing of "sym-offset" modifier
rsi: fix AP mode with WPA failure due to encrypted EAPOL
rsi: Assign beacon rate settings to the correct rate_info descriptor field
ssb: sdio: Don't overwrite const buffer if block_write fails
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
serial_cs: remove wrong GLOBETROTTER.cis entry
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: light: tcs3472: do not free unallocated IRQ
rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path
s390/cio: dont call css_wait_for_slow_path() inside a lock
SUNRPC: Should wake up the privileged task firstly.
SUNRPC: Fix the batch tasks count wraparound.
can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path
can: gw: synchronize rcu operations before removing gw job entry
can: bcm: delay release of struct bcm_op after synchronize_rcu()
* ext4: use ext4_grp_locked_error in mb_find_extent
fs/ext4/mballoc.c
* ext4: fix avefreec in find_group_orlov
fs/ext4/ialloc.c
* ext4: remove check for zero nr_to_scan in ext4_es_scan()
fs/ext4/extents_status.c
* ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
fs/ext4/extents_status.c
* ext4: return error code when ext4_fill_flex_info() fails
fs/ext4/super.c
* ext4: fix kernel infoleak via ext4_extent_header
fs/ext4/extents.c
* ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle
fs/ext4/super.c
btrfs: clear defrag status of a root if starting transaction fails
btrfs: send: fix invalid path for unlink operations after parent orphanization
ARM: dts: at91: sama5d4: fix pinctrl muxing
arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
* iov_iter_fault_in_readable() should do nothing in xarray case
lib/iov_iter.c
ntfs: fix validity check for file name attribute
* xhci: solve a double free problem while doing s4
drivers/usb/host/xhci-mem.c
* usb: typec: Add the missed altmode_id_remove() in typec_register_altmode()
drivers/usb/typec/class.c
* usb: dwc3: Fix debugfs creation flow
drivers/usb/dwc3/core.c
USB: cdc-acm: blacklist Heimann USB Appset device
usb: gadget: eem: fix echo command packet response issue
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
Input: usbtouchscreen - fix control-request directions
media: dvb-usb: fix wrong definition
* ALSA: usb-audio: Fix OOB access at proc output
sound/usb/mixer.c
* ALSA: usb-audio: fix rate on Ozone Z90 USB headset
sound/usb/format.c
* scsi: core: Retry I/O for Notify (Enable Spinup) Required error
drivers/scsi/scsi_lib.c
* Revert "clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940"
include/linux/cpuhotplug.h
Merge 4.19.197 into android-4.19-stable
Linux 4.19.197
* clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940
include/linux/cpuhotplug.h
clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue
clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support
ARM: OMAP: replace setup_irq() by request_irq()
KVM: SVM: Call SEV Guest Decommission if ASID binding fails
xen/events: reset active flag for lateeoi events later
* kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
kernel/kthread.c
* kthread_worker: split code for canceling the delayed work timer
kernel/kthread.c
ARM: dts: imx6qdl-sabresd: Remove incorrect power supply assignment
KVM: SVM: Periodically schedule when unregistering regions on destroy
* ext4: eliminate bogus error in ext4_data_block_valid_rcu()
fs/ext4/block_validity.c
drm/nouveau: fix dma_address check for CPU/GPU sync
scsi: sr: Return appropriate error code when disk is ejected
* mm, futex: fix shared futex pgoff on shmem huge page
include/linux/hugetlb.h
include/linux/pagemap.h
kernel/futex.c
* mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk()
mm/page_vma_mapped.c
* mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): get vma_address_end() earlier
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): use goto instead of while (1)
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): add a level of indentation
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): crossing page table boundary
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): settle PageHuge on entry
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): use page for pvmw->page
mm/page_vma_mapped.c
mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
* mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
include/linux/mm.h
mm/memory.c
mm/truncate.c
* mm/thp: fix page_address_in_vma() on file THP tails
mm/rmap.c
* mm/thp: fix vma_address() if virtual address below file offset
mm/internal.h
mm/page_vma_mapped.c
mm/rmap.c
* mm/thp: try_to_unmap() use TTU_SYNC for safe splitting
include/linux/rmap.h
mm/page_vma_mapped.c
mm/rmap.c
* mm/thp: make is_huge_zero_pmd() safe and quicker
include/linux/huge_mm.h
* mm/thp: fix __split_huge_pmd_locked() on shmem migration entry
mm/pgtable-generic.c
* mm/rmap: use page_not_mapped in try_to_unmap()
mm/rmap.c
* mm/rmap: remove unneeded semicolon in page_not_mapped()
mm/rmap.c
* mm: add VM_WARN_ON_ONCE_PAGE() macro
include/linux/mmdebug.h
Bug: 196282886
Change-Id: I0af3abfa9aaa6da3e884f1a692da381e8e140bee
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
97fd50773c |
Merge 4.19.198 into android-4.19-stable
Changes in 4.19.198
scsi: core: Retry I/O for Notify (Enable Spinup) Required error
ALSA: usb-audio: fix rate on Ozone Z90 USB headset
ALSA: usb-audio: Fix OOB access at proc output
media: dvb-usb: fix wrong definition
Input: usbtouchscreen - fix control-request directions
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
usb: gadget: eem: fix echo command packet response issue
USB: cdc-acm: blacklist Heimann USB Appset device
usb: dwc3: Fix debugfs creation flow
usb: typec: Add the missed altmode_id_remove() in typec_register_altmode()
xhci: solve a double free problem while doing s4
ntfs: fix validity check for file name attribute
iov_iter_fault_in_readable() should do nothing in xarray case
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
ARM: dts: at91: sama5d4: fix pinctrl muxing
btrfs: send: fix invalid path for unlink operations after parent orphanization
btrfs: clear defrag status of a root if starting transaction fails
ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle
ext4: fix kernel infoleak via ext4_extent_header
ext4: return error code when ext4_fill_flex_info() fails
ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
ext4: remove check for zero nr_to_scan in ext4_es_scan()
ext4: fix avefreec in find_group_orlov
ext4: use ext4_grp_locked_error in mb_find_extent
can: bcm: delay release of struct bcm_op after synchronize_rcu()
can: gw: synchronize rcu operations before removing gw job entry
can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path
SUNRPC: Fix the batch tasks count wraparound.
SUNRPC: Should wake up the privileged task firstly.
s390/cio: dont call css_wait_for_slow_path() inside a lock
rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path
iio: light: tcs3472: do not free unallocated IRQ
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial_cs: remove wrong GLOBETROTTER.cis entry
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
ssb: sdio: Don't overwrite const buffer if block_write fails
rsi: Assign beacon rate settings to the correct rate_info descriptor field
rsi: fix AP mode with WPA failure due to encrypted EAPOL
tracing/histograms: Fix parsing of "sym-offset" modifier
tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
seq_buf: Make trace_seq_putmem_hex() support data longer than 8
powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
evm: Execute evm_inode_init_security() only when an HMAC key is loaded
evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
fuse: check connected before queueing on fpq->io
spi: Make of_register_spi_device also set the fwnode
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: omap-100k: Fix the length judgment problem
regulator: uniphier: Add missing MODULE_DEVICE_TABLE
crypto: nx - add missing MODULE_DEVICE_TABLE
media: cpia2: fix memory leak in cpia2_usb_probe
media: cobalt: fix race condition in setting HPD
media: pvrusb2: fix warning in pvr2_i2c_core_done
crypto: qat - check return code of qat_hal_rd_rel_reg()
crypto: qat - remove unused macro in FW loader
sched/fair: Fix ascii art by relpacing tabs
media: em28xx: Fix possible memory leak of em28xx struct
media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
media: bt8xx: Fix a missing check bug in bt878_probe
media: st-hva: Fix potential NULL pointer dereferences
media: dvd_usb: memory leak in cinergyt2_fe_attach
mmc: via-sdmmc: add a check against NULL pointer dereference
crypto: shash - avoid comparing pointers to exported functions under CFI
media: dvb_net: avoid speculation from net slot
media: siano: fix device register error path
media: imx-csi: Skip first few frames from a BT.656 source
btrfs: fix error handling in __btrfs_update_delayed_inode
btrfs: abort transaction if we fail to update the delayed inode
btrfs: disable build on platforms having page size 256K
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
HID: do not use down_interruptible() when unbinding devices
EDAC/ti: Add missing MODULE_DEVICE_TABLE
ACPI: processor idle: Fix up C-state latency if not ordered
hv_utils: Fix passing zero to 'PTR_ERR' warning
lib: vsprintf: Fix handling of number field widths in vsscanf
ACPI: EC: Make more Asus laptops use ECDT _GPE
block_dump: remove block_dump feature in mark_inode_dirty()
fs: dlm: cancel work sync othercon
random32: Fix implicit truncation warning in prandom_seed_state()
fs: dlm: fix memory leak when fenced
ACPICA: Fix memory leak caused by _CID repair function
ACPI: bus: Call kobject_put() in acpi_init() error path
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
clocksource: Retry clock read if long delays detected
ACPI: tables: Add custom DSDT file as makefile prerequisite
HID: wacom: Correct base usage for capacitive ExpressKey status bits
ia64: mca_drv: fix incorrect array size calculation
media: s5p_cec: decrement usage count if disabled
crypto: ixp4xx - dma_unmap the correct address
crypto: ux500 - Fix error return code in hash_hw_final()
sata_highbank: fix deferred probing
pata_rb532_cf: fix deferred probing
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
evm: fix writing <securityfs>/evm overflow
crypto: ccp - Fix a resource leak in an error handling path
media: rc: i2c: Fix an error message
pata_ep93xx: fix deferred probing
media: exynos4-is: Fix a use after free in isp_video_release
media: tc358743: Fix error return code in tc358743_probe_of()
media: gspca/gl860: fix zero-length control requests
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
hwmon: (max31722) Remove non-standard ACPI device IDs
hwmon: (max31790) Fix fan speed reporting for fan7..12
btrfs: clear log tree recovering status if starting transaction fails
spi: spi-sun6i: Fix chipselect/clock bug
crypto: nx - Fix RCU warning in nx842_OF_upd_status
ACPI: sysfs: Fix a buffer overrun problem with description_show()
blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled()
blk-wbt: make sure throttle is enabled properly
ocfs2: fix snprintf() checking
net: mvpp2: Put fwnode in error case during ->probe()
net: pch_gbe: Propagate error from devm_gpio_request_one()
drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write()
ehea: fix error return code in ehea_restart_qps()
RDMA/rxe: Fix failure during driver load
drm: qxl: ensure surf.data is ininitialized
tools/bpftool: Fix error return code in do_batch()
wireless: carl9170: fix LEDS build errors & warnings
ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
ssb: Fix error return code in ssb_bus_scan()
brcmfmac: fix setting of station info chains bitmask
brcmfmac: correctly report average RSSI in station info
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
ath10k: Fix an error code in ath10k_add_interface()
netlabel: Fix memory leak in netlbl_mgmt_add_common
RDMA/mlx5: Don't add slave port to unaffiliated list
netfilter: nft_exthdr: check for IPv6 packet before further processing
netfilter: nft_osf: check for TCP packet before further processing
netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
RDMA/rxe: Fix qp reference counting for atomic ops
samples/bpf: Fix the error return code of xdp_redirect's main()
net: ethernet: aeroflex: fix UAF in greth_of_remove
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: ezchip: fix error handling
pkt_sched: sch_qfq: fix qfq_change_class() error path
vxlan: add missing rcu_read_lock() in neigh_reduce()
net/ipv4: swap flow ports when validating source
ieee802154: hwsim: Fix memory leak in hwsim_add_one
ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
mac80211: remove iwlwifi specific workaround NDPs of null_response
net: bcmgenet: Fix attaching to PYH failed on RPi 4B
ipv6: exthdrs: do not blindly use init_net
bpf: Do not change gso_size during bpf_skb_change_proto()
i40e: Fix error handling in i40e_vsi_open
i40e: Fix autoneg disabling for non-10GBaseT links
Revert "ibmvnic: remove duplicate napi_schedule call in open function"
ibmvnic: free tx_pool if tso_pool alloc fails
ipv6: fix out-of-bound access in ip6_parse_tlv()
Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
writeback: fix obtain a reference to a freeing memcg css
net: lwtunnel: handle MTU calculation in forwading
net: sched: fix warning in tcindex_alloc_perfect_hash
RDMA/mlx5: Don't access NULL-cleared mpi pointer
tty: nozomi: Fix a resource leak in an error handling function
mwifiex: re-fix for unaligned accesses
iio: adis_buffer: do not return ints in irq handlers
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup()
ASoC: rsnd: tidyup loop on rsnd_adg_clk_query()
Input: hil_kbd - fix error return code in hil_dev_connect()
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
scsi: FlashPoint: Rename si_flags field
fsi: core: Fix return of error values on failures
fsi: scom: Reset the FSI2PIB engine for any error
fsi/sbefifo: Clean up correct FIFO when receiving reset request from SBE
fsi/sbefifo: Fix reset timeout
visorbus: fix error return code in visorchipset_init()
s390: appldata depends on PROC_SYSCTL
eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
eeprom: idt_89hpesx: Restore printing the unsupported fwnode name
iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
staging: mt7621-dts: fix pci address for PCI memory range
serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
of: Fix truncation of memory sizes on 32-bit platforms
mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume()
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
extcon: sm5502: Drop invalid register write in sm5502_reg_data
extcon: max8997: Add missing modalias string
ASoC: atmel-i2s: Fix usage of capture and playback at the same time
configfs: fix memleak in configfs_release_bin_file
leds: as3645a: Fix error return code in as3645a_parse_node()
leds: ktd2692: Fix an error handling path
powerpc: Offline CPU in stop_this_cpu()
serial: mvebu-uart: correctly calculate minimal possible baudrate
arm64: dts: marvell: armada-37xx: Fix reg for standard variant of UART
vfio/pci: Handle concurrent vma faults
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
perf llvm: Return -ENOMEM when asprintf() fails
mmc: block: Disable CMDQ on the ioctl path
mmc: vub3000: fix control-request direction
drm/mxsfb: Don't select DRM_KMS_FB_HELPER
drm/zte: Don't select DRM_KMS_FB_HELPER
drm/amd/amdgpu/sriov disable all ip hw status by default
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
drm/amd/display: fix use_max_lb flag for 420 pixel formats
hugetlb: clear huge pte during flush function on mips platform
atm: iphase: fix possible use-after-free in ia_module_exit()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
reiserfs: add check for invalid 1st journal block
drm/virtio: Fix double free on probe failure
udf: Fix NULL pointer dereference in udf_symlink function
e100: handle eeprom as little endian
clk: renesas: r8a77995: Add ZA2 clock
clk: tegra: Ensure that PLLU configuration is applied properly
ipv6: use prandom_u32() for ID generation
RDMA/cxgb4: Fix missing error code in create_qp()
dm space maps: don't reset space map allocation cursor when committing
pinctrl: mcp23s08: fix race condition in irq handler
ice: set the value of global config lock timeout longer
virtio_net: Remove BUG() to avoid machine dead
net: bcmgenet: check return value after calling platform_get_resource()
net: mvpp2: check return value after calling platform_get_resource()
net: micrel: check return value after calling platform_get_resource()
fjes: check return value after calling platform_get_resource()
selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
xfrm: Fix error reporting in xfrm_state_construct.
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
cw1200: add missing MODULE_DEVICE_TABLE
net: fix mistake path for netdev_features_strings
rtl8xxxu: Fix device info for RTL8192EU devices
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
atm: nicstar: register the interrupt handler in the right place
vsock: notify server to shutdown when client has pending signal
RDMA/rxe: Don't overwrite errno from ib_umem_get()
iwlwifi: mvm: don't change band on bound PHY contexts
iwlwifi: pcie: free IML DMA memory allocation
sfc: avoid double pci_remove of VFs
sfc: error code if SRIOV cannot be disabled
wireless: wext-spy: Fix out-of-bounds warning
media, bpf: Do not copy more entries than user space requested
net: ip: avoid OOM kills with large UDP sends over loopback
RDMA/cma: Fix rdma_resolve_route() memory leak
Bluetooth: Fix the HCI to MGMT status conversion table
Bluetooth: Shutdown controller after workqueues are flushed or cancelled
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
sctp: validate from_addr_param return
sctp: add size validation when walking chunks
MIPS: set mips32r5 for virt extensions
fscrypt: don't ignore minor_hash when hash is 0
bdi: Do not use freezable workqueue
serial: mvebu-uart: clarify the baud rate derivation
serial: mvebu-uart: fix calculation of clock divisor
fuse: reject internal errno
powerpc/barrier: Avoid collision with clang's __lwsync macro
usb: gadget: f_fs: Fix setting of device and driver data cross-references
drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create()
drm/amd/display: fix incorrrect valid irq check
pinctrl/amd: Add device HID for new AMD GPIO controller
drm/msm/mdp4: Fix modifier support enabling
mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
mmc: core: clear flags before allowing to retune
mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
ata: ahci_sunxi: Disable DIPM
cpu/hotplug: Cure the cpusets trainwreck
clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
ASoC: tegra: Set driver_name=tegra for all machine drivers
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
power: supply: ab8500: Fix an old bug
seq_buf: Fix overflow in seq_buf_putmem_hex()
tracing: Simplify & fix saved_tgids logic
tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
dm btree remove: assign new_root only when removal succeeds
PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
PCI: aardvark: Fix checking for PIO Non-posted Request
media: subdev: disallow ioctl for saa6588/davinci
media: dtv5100: fix control-request directions
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: gspca/sq905: fix control-request direction
media: gspca/sunplus: fix zero-length control requests
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
jfs: fix GPF in diFree
smackfs: restrict bytes count in smk_set_cipso()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
tracing: Do not reference char * as a string in histograms
PCI: aardvark: Don't rely on jiffies while holding spinlock
PCI: aardvark: Fix kernel panic during PIO transfer
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
misc/libmasm/module: Fix two use after free in ibmasm_init_one
Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
w1: ds2438: fixing bug that would always get page0
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs
scsi: core: Cap scsi_host cmd_per_lun at can_queue
ALSA: ac97: fix PM reference leak in ac97_bus_remove()
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
scsi: scsi_dh_alua: Check for negative result value
fs/jfs: Fix missing error code in lmLogInit()
scsi: iscsi: Add iscsi_cls_conn refcount helpers
scsi: iscsi: Fix conn use after free during resets
scsi: iscsi: Fix shost->max_id use
scsi: qedi: Fix null ref during abort handling
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
s390/sclp_vt220: fix console name to match device
selftests: timers: rtcpie: skip test if default RTC device does not exist
ALSA: sb: Fix potential double-free of CSP mixer elements
powerpc/ps3: Add dma_mask to ps3_dma_region
gpio: zynq: Check return value of pm_runtime_get_sync
ALSA: ppc: fix error return code in snd_pmac_probe()
selftests/powerpc: Fix "no_handler" EBB selftest
gpio: pca953x: Add support for the On Semi pca9655
ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
ALSA: bebob: add support for ToneWeal FW66
usb: gadget: f_hid: fix endianness issue with descriptors
usb: gadget: hid: fix error return code in hid_bind()
powerpc/boot: Fixup device-tree on little endian
backlight: lm3630a: Fix return code of .update_status() callback
ALSA: hda: Add IRQ check for platform_get_irq()
staging: rtl8723bs: fix macro value for 2.4Ghz only device
intel_th: Wait until port is in reset before programming it
i2c: core: Disable client irq on reboot/shutdown
lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
pwm: spear: Don't modify HW state in .remove callback
power: supply: ab8500: Avoid NULL pointers
power: supply: max17042: Do not enforce (incorrect) interrupt trigger type
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
watchdog: Fix possible use-after-free in wdt_startup()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free by calling del_timer_sync()
watchdog: iTCO_wdt: Account for rebooting on second timeout
x86/fpu: Return proper error codes from user access functions
PCI: tegra: Add missing MODULE_DEVICE_TABLE
orangefs: fix orangefs df output.
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
NFS: nfs_find_open_context() may only select open files
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
pwm: tegra: Don't modify HW state in .remove callback
ACPI: AMBA: Fix resource name in /proc/iomem
ACPI: video: Add quirk for the Dell Vostro 3350
virtio-blk: Fix memory leak among suspend/resume procedure
virtio_net: Fix error handling in virtnet_restore()
virtio_console: Assure used length from device is limited
f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
power: supply: rt5033_battery: Fix device tree enumeration
NFSv4: Initialise connection to the server in nfs4_alloc_client()
um: fix error return code in slip_open()
um: fix error return code in winch_tramp()
watchdog: aspeed: fix hardware timeout calculation
nfs: fix acl memory leak of posix_acl_create()
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
PCI: iproc: Fix multi-MSI base vector number allocation
PCI: iproc: Support multi-MSI only on uniprocessor kernel
x86/fpu: Limit xstate copy size in xstateregs_set()
virtio_net: move tx vq operation under tx queue lock
ALSA: isa: Fix error return code in snd_cmi8330_probe()
NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
hexagon: use common DISCARDS macro
reset: a10sr: add missing of_match_table reference
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
memory: atmel-ebi: add missing of_node_put for loop iteration
rtc: fix snprintf() checking in is_rtc_hctosys()
arm64: dts: renesas: v3msk: Fix memory size
ARM: dts: r8a7779, marzen: Fix DU clock names
ARM: dts: BCM5301X: Fixup SPI binding
reset: bail if try_module_get() fails
memory: fsl_ifc: fix leak of IO mapping on probe failure
memory: fsl_ifc: fix leak of private memory on probe failure
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
ARM: dts: am437x: align ti,pindir-d0-out-d1-in property with dt-shema
ARM: dts: imx6q-dhcom: Fix ethernet reset time properties
ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems
ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
mips: always link byteswap helpers into decompressor
mips: disable branch profiling in boot/decompress.o
MIPS: vdso: Invalid GIC access through VDSO
net: bridge: multicast: fix PIM hello router port marking race
scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
seq_file: disallow extremely large seq buffer allocations
Linux 4.19.198
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iaa8a95c4d30ca85021bae6c60b4818038797e04e
|
||
|
Miklos Szeredi
|
e7779b7470 |
fuse: reject internal errno
commit 49221cf86d18bb66fe95d3338cb33bd4b9880ca5 upstream.
Don't allow userspace to report errors that could be kernel-internal.
Reported-by: Anatoly Trosinenko <anatoly.trosinenko@gmail.com>
Fixes:
|
||
|
Miklos Szeredi
|
1c37784a00 |
fuse: check connected before queueing on fpq->io
commit 80ef08670d4c28a06a3de954bd350368780bcfef upstream.
A request could end up on the fpq->io list after fuse_abort_conn() has
reset fpq->connected and aborted requests on that list:
Thread-1 Thread-2
======== ========
->fuse_simple_request() ->shutdown
->__fuse_request_send()
->queue_request() ->fuse_abort_conn()
->fuse_dev_do_read() ->acquire(fpq->lock)
->wait_for(fpq->lock) ->set err to all req's in fpq->io
->release(fpq->lock)
->acquire(fpq->lock)
->add req to fpq->io
After the userspace copy is done the request will be ended, but
req->out.h.error will remain uninitialized. Also the copy might block
despite being already aborted.
Fix both issues by not allowing the request to be queued on the fpq->io
list after fuse_abort_conn() has processed this list.
Reported-by: Pradeep P V K <pragalla@codeaurora.org>
Fixes:
|
||
|
Alessio Balsini
|
d02368d679 |
FROMLIST: fuse: Definitions and ioctl for passthrough
Expose the FUSE_PASSTHROUGH interface to user space and declare all the basic data structures and functions as the skeleton on top of which the FUSE passthrough functionality will be built. As part of this, introduce the new FUSE passthrough ioctl, which allows the FUSE daemon to specify a direct connection between a FUSE file and a lower file system file. Such ioctl requires user space to pass the file descriptor of one of its opened files through the fuse_passthrough_out data structure introduced in this patch. This structure includes extra fields for possible future extensions. Also, add the passthrough functions for the set-up and tear-down of the data structures and locks that will be used both when fuse_conns and fuse_files are created/deleted. Bug: 179164095 Link: https://lore.kernel.org/lkml/20210125153057.3623715-4-balsini@android.com/ Signed-off-by: Alessio Balsini <balsini@android.com> Change-Id: I732532581348adadda5b5048a9346c2b0868d539 Signed-off-by: Alessio Balsini <balsini@google.com> |
||
|
Alessio Balsini
|
af4048924e |
FROMLIST: fuse: 32-bit user space ioctl compat for fuse device
With a 64-bit kernel build the FUSE device cannot handle ioctl requests coming from 32-bit user space. This is due to the ioctl command translation that generates different command identifiers that thus cannot be used for direct comparisons without proper manipulation. Explicitly extract type and number from the ioctl command to enable 32-bit user space compatibility on 64-bit kernel builds. Bug: 179164095 Link: https://lore.kernel.org/lkml/20210125153057.3623715-3-balsini@android.com/ Signed-off-by: Alessio Balsini <balsini@android.com> Change-Id: I595517c54d551be70e83c7fcb4b62397a3615004 Signed-off-by: Alessio Balsini <balsini@google.com> |
||
|
Daniel Rosenberg
|
fa199896a3 |
ANDROID: fuse: Add support for d_canonical_path
Allows FUSE to report to inotify that it is acting as a layered filesystem. The userspace component returns a string representing the location of the underlying file. If the string cannot be resolved into a path, the top level path is returned instead. Bug: 23904372 Bug: 171780975 Test: Pixel 4.19 Change-Id: Iabdca0bbedfbff59e9c820c58636a68ef9683d9f Signed-off-by: Daniel Rosenberg <drosen@google.com> Signed-off-by: Alessio Balsini <balsini@google.com> |
||
|
Miklos Szeredi
|
6ef8232790 |
fuse: fix page dereference after free
commit d78092e4937de9ce55edcb4ee4c5e3c707be0190 upstream. After unlock_request() pages from the ap->pages[] array may be put (e.g. by aborting the connection) and the pages can be freed. Prevent use after free by grabbing a reference to the page before calling unlock_request(). The original patch was created by Pradeep P V K. Reported-by: Pradeep P V K <ppvk@codeaurora.org> Cc: <stable@vger.kernel.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Miklos Szeredi
|
59da76a171 |
fuse: don't check refcount after stealing page
[ Upstream commit 32f98877c57bee6bc27f443a96f49678a2cd6a50 ] page_count() is unstable. Unless there has been an RCU grace period between when the page was removed from the page cache and now, a speculative reference may exist from the page cache. Reported-by: Matthew Wilcox <willy@infradead.org> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Miklos Szeredi
|
02c4ddf189 |
fuse: fix weird page warning
commit a5005c3cda6eeb6b95645e6cc32f58dafeffc976 upstream.
When PageWaiters was added, updating this check was missed.
Reported-by: Nikolaus Rath <Nikolaus@rath.org>
Reported-by: Hugh Dickins <hughd@google.com>
Fixes:
|
||
|
Eric Biggers
|
5bead06b34 |
fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock
[ Upstream commit 76e43c8ccaa35c30d5df853013561145a0f750a5 ]
When IOCB_CMD_POLL is used on the FUSE device, aio_poll() disables IRQs
and takes kioctx::ctx_lock, then fuse_iqueue::waitq.lock.
This may have to wait for fuse_iqueue::waitq.lock to be released by one
of many places that take it with IRQs enabled. Since the IRQ handler
may take kioctx::ctx_lock, lockdep reports that a deadlock is possible.
Fix it by protecting the state of struct fuse_iqueue with a separate
spinlock, and only accessing fuse_iqueue::waitq using the versions of
the waitqueue functions which do IRQ-safe locking internally.
Reproducer:
#include <fcntl.h>
#include <stdio.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/syscall.h>
#include <unistd.h>
#include <linux/aio_abi.h>
int main()
{
char opts[128];
int fd = open("/dev/fuse", O_RDWR);
aio_context_t ctx = 0;
struct iocb cb = { .aio_lio_opcode = IOCB_CMD_POLL, .aio_fildes = fd };
struct iocb *cbp = &cb;
sprintf(opts, "fd=%d,rootmode=040000,user_id=0,group_id=0", fd);
mkdir("mnt", 0700);
mount("foo", "mnt", "fuse", 0, opts);
syscall(__NR_io_setup, 1, &ctx);
syscall(__NR_io_submit, ctx, 1, &cbp);
}
Beginning of lockdep output:
=====================================================
WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected
5.3.0-rc5 #9 Not tainted
-----------------------------------------------------
syz_fuse/135 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
000000003590ceda (&fiq->waitq){+.+.}, at: spin_lock include/linux/spinlock.h:338 [inline]
000000003590ceda (&fiq->waitq){+.+.}, at: aio_poll fs/aio.c:1751 [inline]
000000003590ceda (&fiq->waitq){+.+.}, at: __io_submit_one.constprop.0+0x203/0x5b0 fs/aio.c:1825
and this task is already holding:
0000000075037284 (&(&ctx->ctx_lock)->rlock){..-.}, at: spin_lock_irq include/linux/spinlock.h:363 [inline]
0000000075037284 (&(&ctx->ctx_lock)->rlock){..-.}, at: aio_poll fs/aio.c:1749 [inline]
0000000075037284 (&(&ctx->ctx_lock)->rlock){..-.}, at: __io_submit_one.constprop.0+0x1f4/0x5b0 fs/aio.c:1825
which would create a new lock dependency:
(&(&ctx->ctx_lock)->rlock){..-.} -> (&fiq->waitq){+.+.}
but this new dependency connects a SOFTIRQ-irq-safe lock:
(&(&ctx->ctx_lock)->rlock){..-.}
[...]
Reported-by: syzbot+af05535bb79520f95431@syzkaller.appspotmail.com
Reported-by: syzbot+d86c4426a01f60feddc7@syzkaller.appspotmail.com
Fixes:
|
||
|
Kirill Smelkov
|
ae35c325d8 |
fuse: retrieve: cap requested size to negotiated max_write
[ Upstream commit 7640682e67b33cab8628729afec8ca92b851394f ] FUSE filesystem server and kernel client negotiate during initialization phase, what should be the maximum write size the client will ever issue. Correspondingly the filesystem server then queues sys_read calls to read requests with buffer capacity large enough to carry request header + that max_write bytes. A filesystem server is free to set its max_write in anywhere in the range between [1*page, fc->max_pages*page]. In particular go-fuse[2] sets max_write by default as 64K, wheres default fc->max_pages corresponds to 128K. Libfuse also allows users to configure max_write, but by default presets it to possible maximum. If max_write is < fc->max_pages*page, and in NOTIFY_RETRIEVE handler we allow to retrieve more than max_write bytes, corresponding prepared NOTIFY_REPLY will be thrown away by fuse_dev_do_read, because the filesystem server, in full correspondence with server/client contract, will be only queuing sys_read with ~max_write buffer capacity, and fuse_dev_do_read throws away requests that cannot fit into server request buffer. In turn the filesystem server could get stuck waiting indefinitely for NOTIFY_REPLY since NOTIFY_RETRIEVE handler returned OK which is understood by clients as that NOTIFY_REPLY was queued and will be sent back. Cap requested size to negotiate max_write to avoid the problem. This aligns with the way NOTIFY_RETRIEVE handler works, which already unconditionally caps requested retrieve size to fuse_conn->max_pages. This way it should not hurt NOTIFY_RETRIEVE semantic if we return less data than was originally requested. Please see [1] for context where the problem of stuck filesystem was hit for real, how the situation was traced and for more involving patch that did not make it into the tree. [1] https://marc.info/?l=linux-fsdevel&m=155057023600853&w=2 [2] https://github.com/hanwen/go-fuse Signed-off-by: Kirill Smelkov <kirr@nexedi.com> Cc: Han-Wen Nienhuys <hanwen@google.com> Cc: Jakob Unterwurzacher <jakobunt@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Matthew Wilcox
|
0311ff82b7 |
fs: prevent page refcount overflow in pipe_buf_get
commit 15fab63e1e57be9fdb5eec1bbc5916e9825e9acb upstream. Change pipe_buf_get() to return a bool indicating whether it succeeded in raising the refcount of the page (if the thing in the pipe is a page). This removes another mechanism for overflowing the page refcount. All callers converted to handle a failure. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Matthew Wilcox <willy@infradead.org> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Miklos Szeredi
|
6ccc9e1128 |
fuse: handle zero sized retrieve correctly
commit 97e1532ef81acb31c30f9e75bf00306c33a77812 upstream.
Dereferencing req->page_descs[0] will Oops if req->max_pages is zero.
Reported-by: syzbot+c1e36d30ee3416289cc0@syzkaller.appspotmail.com
Tested-by: syzbot+c1e36d30ee3416289cc0@syzkaller.appspotmail.com
Fixes:
|
||
|
Jann Horn
|
48be0eb05e |
fuse: call pipe_buf_release() under pipe lock
commit 9509941e9c534920ccc4771ae70bd6cbbe79df1c upstream.
Some of the pipe_buf_release() handlers seem to assume that the pipe is
locked - in particular, anon_pipe_buf_release() accesses pipe->tmp_page
without taking any extra locks. From a glance through the callers of
pipe_buf_release(), it looks like FUSE is the only one that calls
pipe_buf_release() without having the pipe locked.
This bug should only lead to a memory leak, nothing terrible.
Fixes:
|
||
|
Miklos Szeredi
|
18cd6106cf |
fuse: fix possibly missed wake-up after abort
commit 2d84a2d19b6150c6dbac1e6ebad9c82e4c123772 upstream.
In current fuse_drop_waiting() implementation it's possible that
fuse_wait_aborted() will not be woken up in the unlikely case that
fuse_abort_conn() + fuse_wait_aborted() runs in between checking
fc->connected and calling atomic_dec(&fc->num_waiting).
Do the atomic_dec_and_test() unconditionally, which also provides the
necessary barrier against reordering with the fc->connected check.
The explicit smp_mb() in fuse_wait_aborted() is not actually needed, since
the spin_unlock() in fuse_abort_conn() provides the necessary RELEASE
barrier after resetting fc->connected. However, this is not a performance
sensitive path, and adding the explicit barrier makes it easier to
document.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes:
|
||
|
Miklos Szeredi
|
280da47603 |
fuse: fix leaked notify reply
commit 7fabaf303458fcabb694999d6fa772cc13d4e217 upstream. fuse_request_send_notify_reply() may fail if the connection was reset for some reason (e.g. fs was unmounted). Don't leak request reference in this case. Besides leaking memory, this resulted in fc->num_waiting not being decremented and hence fuse_wait_aborted() left in a hanging and unkillable state. Fixes: |
||
|
Miklos Szeredi
|
c1ef6c983a |
fuse: set FR_SENT while locked
commit 4c316f2f3ff315cb48efb7435621e5bfb81df96d upstream.
Otherwise fuse_dev_do_write() could come in and finish off the request, and
the set_bit(FR_SENT, ...) could trigger the WARN_ON(test_bit(FR_SENT, ...))
in request_end().
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reported-by: syzbot+ef054c4d3f64cd7f7cec@syzkaller.appspotmai
Fixes:
|
||
|
Miklos Szeredi
|
1ed087a7d7 |
fuse: fix blocked_waitq wakeup
commit 908a572b80f6e9577b45e81b3dfe2e22111286b8 upstream.
Using waitqueue_active() is racy. Make sure we issue a wake_up()
unconditionally after storing into fc->blocked. After that it's okay to
optimize with waitqueue_active() since the first wake up provides the
necessary barrier for all waiters, not the just the woken one.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes:
|
||
|
Kirill Tkhai
|
569fda5c01 |
fuse: Fix use-after-free in fuse_dev_do_write()
commit d2d2d4fb1f54eff0f3faa9762d84f6446a4bc5d0 upstream.
After we found req in request_find() and released the lock,
everything may happen with the req in parallel:
cpu0 cpu1
fuse_dev_do_write() fuse_dev_do_write()
req = request_find(fpq, ...) ...
spin_unlock(&fpq->lock) ...
... req = request_find(fpq, oh.unique)
... spin_unlock(&fpq->lock)
queue_interrupt(&fc->iq, req); ...
... ...
... ...
request_end(fc, req);
fuse_put_request(fc, req);
... queue_interrupt(&fc->iq, req);
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes:
|
||
|
Kirill Tkhai
|
e8e17b1be3 |
fuse: Fix use-after-free in fuse_dev_do_read()
commit bc78abbd55dd28e2287ec6d6502b842321a17c87 upstream.
We may pick freed req in this way:
[cpu0] [cpu1]
fuse_dev_do_read() fuse_dev_do_write()
list_move_tail(&req->list, ...); ...
spin_unlock(&fpq->lock); ...
... request_end(fc, req);
... fuse_put_request(fc, req);
if (test_bit(FR_INTERRUPTED, ...))
queue_interrupt(fiq, req);
Fix that by keeping req alive until we finish all manipulations.
Reported-by: syzbot+4e975615ca01f2277bdd@syzkaller.appspotmail.com
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes:
|
||
|
Andrey Ryabinin
|
9635453572 |
fuse: reduce allocation size for splice_write
The 'bufs' array contains 'pipe->buffers' elements, but the fuse_dev_splice_write() uses only 'pipe->nrbufs' elements. So reduce the allocation size to 'pipe->nrbufs' elements. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Andrey Ryabinin
|
d6d931adce |
fuse: use kvmalloc to allocate array of pipe_buffer structs.
The amount of pipe->buffers is basically controlled by userspace by fcntl(... F_SETPIPE_SZ ...) so it could be large. High order allocations could be slow (if memory is heavily fragmented) or may fail if the order is larger than PAGE_ALLOC_COSTLY_ORDER. Since the 'bufs' doesn't need to be physically contiguous, use the kvmalloc_array() to allocate memory. If high order page isn't available, the kvamalloc*() will fallback to 0-order. Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Miklos Szeredi
|
75f3ee4c28 |
fuse: simplify fuse_abort_conn()
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Andrey Ryabinin
|
a2477b0e67 |
fuse: Don't access pipe->buffers without pipe_lock()
fuse_dev_splice_write() reads pipe->buffers to determine the size of
'bufs' array before taking the pipe_lock(). This is not safe as
another thread might change the 'pipe->buffers' between the allocation
and taking the pipe_lock(). So we end up with too small 'bufs' array.
Move the bufs allocations inside pipe_lock()/pipe_unlock() to fix this.
Fixes:
|
||
|
Miklos Szeredi
|
b8f95e5d13 |
fuse: umount should wait for all requests
fuse_abort_conn() does not guarantee that all async requests have actually
finished aborting (i.e. their ->end() function is called). This could
actually result in still used inodes after umount.
Add a helper to wait until all requests are fully done. This is done by
looking at the "num_waiting" counter. When this counter drops to zero, we
can be sure that no more requests are outstanding.
Fixes:
|
||
|
Miklos Szeredi
|
45ff350bbd |
fuse: fix unlocked access to processing queue
fuse_dev_release() assumes that it's the only one referencing the
fpq->processing list, but that's not true, since fuse_abort_conn() can be
doing the same without any serialization between the two.
Fixes:
|
||
|
Miklos Szeredi
|
87114373ea |
fuse: fix double request_end()
Refcounting of request is broken when fuse_abort_conn() is called and
request is on the fpq->io list:
- ref is taken too late
- then it is not dropped
Fixes:
|
||
|
Kees Cook
|
6da2ec5605 |
treewide: kmalloc() -> kmalloc_array()
The kmalloc() function has a 2-factor argument form, kmalloc_array(). This
patch replaces cases of:
kmalloc(a * b, gfp)
with:
kmalloc_array(a * b, gfp)
as well as handling cases of:
kmalloc(a * b * c, gfp)
with:
kmalloc(array3_size(a, b, c), gfp)
as it's slightly less ugly than:
kmalloc_array(array_size(a, b), c, gfp)
This does, however, attempt to ignore constant size factors like:
kmalloc(4 * 1024, gfp)
though any constants defined via macros get caught up in the conversion.
Any factors with a sizeof() of "unsigned char", "char", and "u8" were
dropped, since they're redundant.
The tools/ directory was manually excluded, since it has its own
implementation of kmalloc().
The Coccinelle script used for this was:
// Fix redundant parens around sizeof().
@@
type TYPE;
expression THING, E;
@@
(
kmalloc(
- (sizeof(TYPE)) * E
+ sizeof(TYPE) * E
, ...)
|
kmalloc(
- (sizeof(THING)) * E
+ sizeof(THING) * E
, ...)
)
// Drop single-byte sizes and redundant parens.
@@
expression COUNT;
typedef u8;
typedef __u8;
@@
(
kmalloc(
- sizeof(u8) * (COUNT)
+ COUNT
, ...)
|
kmalloc(
- sizeof(__u8) * (COUNT)
+ COUNT
, ...)
|
kmalloc(
- sizeof(char) * (COUNT)
+ COUNT
, ...)
|
kmalloc(
- sizeof(unsigned char) * (COUNT)
+ COUNT
, ...)
|
kmalloc(
- sizeof(u8) * COUNT
+ COUNT
, ...)
|
kmalloc(
- sizeof(__u8) * COUNT
+ COUNT
, ...)
|
kmalloc(
- sizeof(char) * COUNT
+ COUNT
, ...)
|
kmalloc(
- sizeof(unsigned char) * COUNT
+ COUNT
, ...)
)
// 2-factor product with sizeof(type/expression) and identifier or constant.
@@
type TYPE;
expression THING;
identifier COUNT_ID;
constant COUNT_CONST;
@@
(
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * (COUNT_ID)
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * COUNT_ID
+ COUNT_ID, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * (COUNT_CONST)
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * COUNT_CONST
+ COUNT_CONST, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * (COUNT_ID)
+ COUNT_ID, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * COUNT_ID
+ COUNT_ID, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * (COUNT_CONST)
+ COUNT_CONST, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * COUNT_CONST
+ COUNT_CONST, sizeof(THING)
, ...)
)
// 2-factor product, only identifiers.
@@
identifier SIZE, COUNT;
@@
- kmalloc
+ kmalloc_array
(
- SIZE * COUNT
+ COUNT, SIZE
, ...)
// 3-factor product with 1 sizeof(type) or sizeof(expression), with
// redundant parens removed.
@@
expression THING;
identifier STRIDE, COUNT;
type TYPE;
@@
(
kmalloc(
- sizeof(TYPE) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kmalloc(
- sizeof(TYPE) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kmalloc(
- sizeof(TYPE) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kmalloc(
- sizeof(TYPE) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(TYPE))
, ...)
|
kmalloc(
- sizeof(THING) * (COUNT) * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kmalloc(
- sizeof(THING) * (COUNT) * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kmalloc(
- sizeof(THING) * COUNT * (STRIDE)
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
|
kmalloc(
- sizeof(THING) * COUNT * STRIDE
+ array3_size(COUNT, STRIDE, sizeof(THING))
, ...)
)
// 3-factor product with 2 sizeof(variable), with redundant parens removed.
@@
expression THING1, THING2;
identifier COUNT;
type TYPE1, TYPE2;
@@
(
kmalloc(
- sizeof(TYPE1) * sizeof(TYPE2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
kmalloc(
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(TYPE2))
, ...)
|
kmalloc(
- sizeof(THING1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
kmalloc(
- sizeof(THING1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(THING1), sizeof(THING2))
, ...)
|
kmalloc(
- sizeof(TYPE1) * sizeof(THING2) * COUNT
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
|
kmalloc(
- sizeof(TYPE1) * sizeof(THING2) * (COUNT)
+ array3_size(COUNT, sizeof(TYPE1), sizeof(THING2))
, ...)
)
// 3-factor product, only identifiers, with redundant parens removed.
@@
identifier STRIDE, SIZE, COUNT;
@@
(
kmalloc(
- (COUNT) * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- COUNT * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- COUNT * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- (COUNT) * (STRIDE) * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- COUNT * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- (COUNT) * STRIDE * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- (COUNT) * (STRIDE) * (SIZE)
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
|
kmalloc(
- COUNT * STRIDE * SIZE
+ array3_size(COUNT, STRIDE, SIZE)
, ...)
)
// Any remaining multi-factor products, first at least 3-factor products,
// when they're not all constants...
@@
expression E1, E2, E3;
constant C1, C2, C3;
@@
(
kmalloc(C1 * C2 * C3, ...)
|
kmalloc(
- (E1) * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
|
kmalloc(
- (E1) * (E2) * E3
+ array3_size(E1, E2, E3)
, ...)
|
kmalloc(
- (E1) * (E2) * (E3)
+ array3_size(E1, E2, E3)
, ...)
|
kmalloc(
- E1 * E2 * E3
+ array3_size(E1, E2, E3)
, ...)
)
// And then all remaining 2 factors products when they're not all constants,
// keeping sizeof() as the second factor argument.
@@
expression THING, E1, E2;
type TYPE;
constant C1, C2, C3;
@@
(
kmalloc(sizeof(THING) * C2, ...)
|
kmalloc(sizeof(TYPE) * C2, ...)
|
kmalloc(C1 * C2 * C3, ...)
|
kmalloc(C1 * C2, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * (E2)
+ E2, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(TYPE) * E2
+ E2, sizeof(TYPE)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * (E2)
+ E2, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- sizeof(THING) * E2
+ E2, sizeof(THING)
, ...)
|
- kmalloc
+ kmalloc_array
(
- (E1) * E2
+ E1, E2
, ...)
|
- kmalloc
+ kmalloc_array
(
- (E1) * (E2)
+ E1, E2
, ...)
|
- kmalloc
+ kmalloc_array
(
- E1 * E2
+ E1, E2
, ...)
)
Signed-off-by: Kees Cook <keescook@chromium.org>
|
||
|
Tejun Heo
|
8a301eb16d |
fuse: fix congested state leak on aborted connections
If a connection gets aborted while congested, FUSE can leave
nr_wb_congested[] stuck until reboot causing wait_iff_congested() to
wait spuriously which can lead to severe performance degradation.
The leak is caused by gating congestion state clearing with
fc->connected test in request_end(). This was added way back in 2009
by
|
||
|
Eric W. Biederman
|
8cb08329b0 |
fuse: Support fuse filesystems outside of init_user_ns
In order to support mounts from namespaces other than init_user_ns, fuse must translate uids and gids to/from the userns of the process servicing requests on /dev/fuse. This patch does that, with a couple of restrictions on the namespace: - The userns for the fuse connection is fixed to the namespace from which /dev/fuse is opened. - The namespace must be the same as s_user_ns. These restrictions simplify the implementation by avoiding the need to pass around userns references and by allowing fuse to rely on the checks in setattr_prepare for ownership changes. Either restriction could be relaxed in the future if needed. For cuse the userns used is the opener of /dev/cuse. Semantically the cuse support does not appear safe for unprivileged users. Practically the permissions on /dev/cuse only make it accessible to the global root user. If something slips through the cracks in a user namespace the only users who will be able to use the cuse device are those users mapped into the user namespace. Translation in the posix acl is updated to use the uuser namespace of the filesystem. Avoiding cases which might bypass this translation is handled in a following change. This change is stronlgy based on a similar change from Seth Forshee and Dongsu Park. Cc: Seth Forshee <seth.forshee@canonical.com> Cc: Dongsu Park <dongsu@kinvolk.io> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Eric W. Biederman
|
c9582eb0ff |
fuse: Fail all requests with invalid uids or gids
Upon a cursory examinination the uid and gid of a fuse request are necessary for correct operation. Failing a fuse request where those values are not reliable seems a straight forward and reliable means of ensuring that fuse requests with bad data are not sent or processed. In most cases the vfs will avoid actions it suspects will cause an inode write back of an inode with an invalid uid or gid. But that does not map precisely to what fuse is doing, so test for this and solve this at the fuse level as well. Performing this work in fuse_req_init_context is cheap as the code is already performing the translation here and only needs to check the result of the translation to see if things are not representable in a form the fuse server can handle. [SzM] Don't zero the context for the nofail case, just keep using the munging version (makes sense for debugging and doesn't hurt). Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Eric W. Biederman
|
dbf107b2a7 |
fuse: Remove the buggy retranslation of pids in fuse_dev_do_read
At the point of fuse_dev_do_read the user space process that initiated the
action on the fuse filesystem may no longer exist. The process have been
killed or may have fired an asynchronous request and exited.
If the initial process has exited, the code "pid_vnr(find_pid_ns(in->h.pid,
fc->pid_ns)" will either return a pid of 0, or in the unlikely event that
the pid has been reallocated it can return practically any pid. Any pid is
possible as the pid allocator allocates pid numbers in different pid
namespaces independently.
The only way to make translation in fuse_dev_do_read reliable is to call
get_pid in fuse_req_init_context, and pid_vnr followed by put_pid in
fuse_dev_do_read. That reference counting in other contexts has been shown
to bounce cache lines between processors and in general be slow. So that
is not desirable.
The only known user of running the fuse server in a different pid namespace
from the filesystem does not care what the pids are in the fuse messages so
removing this code should not matter.
Getting the translation to a server running outside of the pid namespace of
a container can still be achieved by playing setns games at mount time. It
is also possible to add an option to pass a pid namespace into the fuse
filesystem at mount time.
Fixes:
|
||
|
Szymon Lukasz
|
3b7008b226 |
fuse: return -ECONNABORTED on /dev/fuse read after abort
Currently the userspace has no way of knowing whether the fuse connection ended because of umount or abort via sysfs. It makes it hard for filesystems to free the mountpoint after abort without worrying about removing some new mount. The patch fixes it by returning different errors when userspace reads from /dev/fuse (-ENODEV for umount and -ECONNABORTED for abort). Add a new capability flag FUSE_ABORT_ERROR. If set and the connection is gone because of sysfs abort, reading from the device will return -ECONNABORTED. Signed-off-by: Szymon Lukasz <noh4hss@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
||
|
Linus Torvalds
|
a9a08845e9 |
vfs: do bulk POLL* -> EPOLL* replacement
This is the mindless scripted replacement of kernel use of POLL*
variables as described by Al, done by this script:
for V in IN OUT PRI ERR RDNORM RDBAND WRNORM WRBAND HUP RDHUP NVAL MSG; do
L=`git grep -l -w POLL$V | grep -v '^t' | grep -v /um/ | grep -v '^sa' | grep -v '/poll.h$'|grep -v '^D'`
for f in $L; do sed -i "-es/^\([^\"]*\)\(\<POLL$V\>\)/\\1E\\2/" $f; done
done
with de-mangling cleanups yet to come.
NOTE! On almost all architectures, the EPOLL* constants have the same
values as the POLL* constants do. But they keyword here is "almost".
For various bad reasons they aren't the same, and epoll() doesn't
actually work quite correctly in some cases due to this on Sparc et al.
The next patch from Al will sort out the final differences, and we
should be all done.
Scripted-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
|
||
|
Al Viro
|
076ccb76e1 |
fs: annotate ->poll() instances
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Mel Gorman
|
c6f92f9fbe |
mm: remove cold parameter for release_pages
All callers of release_pages claim the pages being released are cache hot. As no one cares about the hotness of pages being released to the allocator, just ditch the parameter. No performance impact is expected as the overhead is marginal. The parameter is removed simply because it is a bit stupid to have a useless parameter copied everywhere. Link: http://lkml.kernel.org/r/20171018075952.10627-7-mgorman@techsingularity.net Signed-off-by: Mel Gorman <mgorman@techsingularity.net> Acked-by: Vlastimil Babka <vbabka@suse.cz> Cc: Andi Kleen <ak@linux.intel.com> Cc: Dave Chinner <david@fromorbit.com> Cc: Dave Hansen <dave.hansen@intel.com> Cc: Jan Kara <jack@suse.cz> Cc: Johannes Weiner <hannes@cmpxchg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Mark Rutland
|
6aa7de0591 |
locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()
Please do not apply this to mainline directly, instead please re-run the
coccinelle script shown below and apply its output.
For several reasons, it is desirable to use {READ,WRITE}_ONCE() in
preference to ACCESS_ONCE(), and new code is expected to use one of the
former. So far, there's been no reason to change most existing uses of
ACCESS_ONCE(), as these aren't harmful, and changing them results in
churn.
However, for some features, the read/write distinction is critical to
correct operation. To distinguish these cases, separate read/write
accessors must be used. This patch migrates (most) remaining
ACCESS_ONCE() instances to {READ,WRITE}_ONCE(), using the following
coccinelle script:
----
// Convert trivial ACCESS_ONCE() uses to equivalent READ_ONCE() and
// WRITE_ONCE()
// $ make coccicheck COCCI=/home/mark/once.cocci SPFLAGS="--include-headers" MODE=patch
virtual patch
@ depends on patch @
expression E1, E2;
@@
- ACCESS_ONCE(E1) = E2
+ WRITE_ONCE(E1, E2)
@ depends on patch @
expression E;
@@
- ACCESS_ONCE(E)
+ READ_ONCE(E)
----
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: davem@davemloft.net
Cc: linux-arch@vger.kernel.org
Cc: mpe@ellerman.id.au
Cc: shuah@kernel.org
Cc: snitzer@redhat.com
Cc: thor.thayer@linux.intel.com
Cc: tj@kernel.org
Cc: viro@zeniv.linux.org.uk
Cc: will.deacon@arm.com
Link: http://lkml.kernel.org/r/1508792849-3115-19-git-send-email-paulmck@linux.vnet.ibm.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
|