d4414bc0e93d8da170fd0fc9fef65fe84015677d
948 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Johannes Weiner
|
63ff61ab21 |
BACKPORT: mm: drop mmap_sem before calling balance_dirty_pages() in write fault
[ Upstream commit 89b15332af7c0312a41e50846819ca6613b58b4c ]
One of our services is observing hanging ps/top/etc under heavy write
IO, and the task states show this is an mmap_sem priority inversion:
A write fault is holding the mmap_sem in read-mode and waiting for
(heavily cgroup-limited) IO in balance_dirty_pages():
balance_dirty_pages+0x724/0x905
balance_dirty_pages_ratelimited+0x254/0x390
fault_dirty_shared_page.isra.96+0x4a/0x90
do_wp_page+0x33e/0x400
__handle_mm_fault+0x6f0/0xfa0
handle_mm_fault+0xe4/0x200
__do_page_fault+0x22b/0x4a0
page_fault+0x45/0x50
Somebody tries to change the address space, contending for the mmap_sem in
write-mode:
call_rwsem_down_write_failed_killable+0x13/0x20
do_mprotect_pkey+0xa8/0x330
SyS_mprotect+0xf/0x20
do_syscall_64+0x5b/0x100
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
The waiting writer locks out all subsequent readers to avoid lock
starvation, and several threads can be seen hanging like this:
call_rwsem_down_read_failed+0x14/0x30
proc_pid_cmdline_read+0xa0/0x480
__vfs_read+0x23/0x140
vfs_read+0x87/0x130
SyS_read+0x42/0x90
do_syscall_64+0x5b/0x100
entry_SYSCALL_64_after_hwframe+0x3d/0xa2
To fix this, do what we do for cache read faults already: drop the
mmap_sem before calling into anything IO bound, in this case the
balance_dirty_pages() function, and return VM_FAULT_RETRY.
Link: http://lkml.kernel.org/r/20190924194238.GA29030@cmpxchg.org
Change-Id: I7d4d692b23b402e3aa283fa06b3fe2f09485035c
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Reviewed-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Josef Bacik <josef@toxicpanda.com>
Cc: Hillf Danton <hdanton@sina.com>
Cc: Hugh Dickins <hughd@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Nadav Amit
|
eba7893731 |
UPSTREAM: mm/userfaultfd: fix memory corruption due to writeprotect
Userfaultfd self-test fails occasionally, indicating a memory corruption.
Analyzing this problem indicates that there is a real bug since mmap_lock
is only taken for read in mwriteprotect_range() and defers flushes, and
since there is insufficient consideration of concurrent deferred TLB
flushes in wp_page_copy(). Although the PTE is flushed from the TLBs in
wp_page_copy(), this flush takes place after the copy has already been
performed, and therefore changes of the page are possible between the time
of the copy and the time in which the PTE is flushed.
To make matters worse, memory-unprotection using userfaultfd also poses a
problem. Although memory unprotection is logically a promotion of PTE
permissions, and therefore should not require a TLB flush, the current
userrfaultfd code might actually cause a demotion of the architectural PTE
permission: when userfaultfd_writeprotect() unprotects memory region, it
unintentionally *clears* the RW-bit if it was already set. Note that this
unprotecting a PTE that is not write-protected is a valid use-case: the
userfaultfd monitor might ask to unprotect a region that holds both
write-protected and write-unprotected PTEs.
The scenario that happens in selftests/vm/userfaultfd is as follows:
cpu0 cpu1 cpu2
---- ---- ----
[ Writable PTE
cached in TLB ]
userfaultfd_writeprotect()
[ write-*unprotect* ]
mwriteprotect_range()
mmap_read_lock()
change_protection()
change_protection_range()
...
change_pte_range()
[ *clear* “write”-bit ]
[ defer TLB flushes ]
[ page-fault ]
...
wp_page_copy()
cow_user_page()
[ copy page ]
[ write to old
page ]
...
set_pte_at_notify()
A similar scenario can happen:
cpu0 cpu1 cpu2 cpu3
---- ---- ---- ----
[ Writable PTE
cached in TLB ]
userfaultfd_writeprotect()
[ write-protect ]
[ deferred TLB flush ]
userfaultfd_writeprotect()
[ write-unprotect ]
[ deferred TLB flush]
[ page-fault ]
wp_page_copy()
cow_user_page()
[ copy page ]
... [ write to page ]
set_pte_at_notify()
This race exists since commit 292924b26024 ("userfaultfd: wp: apply
_PAGE_UFFD_WP bit"). Yet, as Yu Zhao pointed, these races became apparent
since commit 09854ba94c6a ("mm: do_wp_page() simplification") which made
wp_page_copy() more likely to take place, specifically if page_count(page)
> 1.
To resolve the aforementioned races, check whether there are pending
flushes on uffd-write-protected VMAs, and if there are, perform a flush
before doing the COW.
Further optimizations will follow to avoid during uffd-write-unprotect
unnecassary PTE write-protection and TLB flushes.
Bug: 254441685
Link: https://lkml.kernel.org/r/20210304095423.3825684-1-namit@vmware.com
Fixes: 09854ba94c6a ("mm: do_wp_page() simplification")
Signed-off-by: Nadav Amit <namit@vmware.com>
Suggested-by: Yu Zhao <yuzhao@google.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Tested-by: Peter Xu <peterx@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Pavel Emelyanov <xemul@openvz.org>
Cc: Mike Kravetz <mike.kravetz@oracle.com>
Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Will Deacon <will@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: <stable@vger.kernel.org> [5.9+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit 6ce64428d62026a10cb5d80138ff2f90cc21d367)
Signed-off-by: Lee Jones <joneslee@google.com>
Change-Id: Ie35334aa739acfade88b74c9e5dde5c8a387925d
|
||
|
Axel Rasmussen
|
65d3a867f1 |
BACKPORT: FROMGIT: userfaultfd/shmem: support minor fault registration for shmem
This patch allows shmem-backed VMAs to be registered for minor faults. Minor faults are appropriately relayed to userspace in the fault path, for VMAs with the relevant flag. This commit doesn't hook up the UFFDIO_CONTINUE ioctl for shmem-backed minor faults, though, so userspace doesn't yet have a way to resolve such faults. Because of this, we also don't yet advertise this as a supported feature. That will be done in a separate commit when the feature is fully implemented. Link: https://lkml.kernel.org/r/20210503180737.2487560-4-axelrasmussen@google.com Signed-off-by: Axel Rasmussen <axelrasmussen@google.com> Acked-by: Peter Xu <peterx@redhat.com> Acked-by: Hugh Dickins <hughd@google.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Brian Geffon <bgeffon@google.com> Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com> Cc: Jerome Glisse <jglisse@redhat.com> Cc: Joe Perches <joe@perches.com> Cc: Kirill A. Shutemov <kirill@shutemov.name> Cc: Lokesh Gidra <lokeshgidra@google.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Mina Almasry <almasrymina@google.com> Cc: Oliver Upton <oupton@google.com> Cc: Shaohua Li <shli@fb.com> Cc: Shuah Khan <shuah@kernel.org> Cc: Stephen Rothwell <sfr@canb.auug.org.au> Cc: Wang Qing <wangqing@vivo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> (cherry picked from commit 6867a29320b7d178feb9786856e5ea2cf40f6d33 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm) Link: https://lore.kernel.org/patchwork/patch/1420970/ Conflicts: mm/shmem.c (Manual rebase) Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 187930641 Change-Id: Ib8e3fe202feab7404742814f4250a0981065368c |
||
|
Lokesh Gidra
|
6fa6518b18 |
Revert "BACKPORT: FROMGIT: userfaultfd: support minor fault handling for shmem"
This reverts commit 0309b3f479b967acb644f99d214e2b25297a20b1 as an updated version of the patch-set will be merged later. Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 187930641 Change-Id: I765fe86a2dc0305482a0590c14143dee27840b8a |
||
|
Axel Rasmussen
|
a7c5b47b14 |
BACKPORT: FROMGIT: userfaultfd: support minor fault handling for shmem
Patch series "userfaultfd: support minor fault handling for shmem", v2. Overview ======== See my original series [1] for a detailed overview of minor fault handling in general. The feature in this series works exactly like the hugetblfs version (from userspace's perspective). I'm sending this as a separate series because: - The original minor fault handling series has a full set of R-Bs, and seems close to being merged. So, it seems reasonable to start looking at this next step, which extends the basic functionality. - shmem is different enough that this series may require some additional work before it's ready, and I don't want to delay the original series unnecessarily by bundling them together. Use Case ======== In some cases it is useful to have VM memory backed by tmpfs instead of hugetlbfs. So, this feature will be used to support the same VM live migration use case described in my original series. Additionally, Android folks (Lokesh Gidra <lokeshgidra@google.com>) hope to optimize the Android Runtime garbage collector using this feature: "The plan is to use userfaultfd for concurrently compacting the heap. With this feature, the heap can be shared-mapped at another location where the GC-thread(s) could continue the compaction operation without the need to invoke userfault ioctl(UFFDIO_COPY) each time. OTOH, if and when Java threads get faults on the heap, UFFDIO_CONTINUE can be used to resume execution. Furthermore, this feature enables updating references in the 'non-moving' portion of the heap efficiently. Without this feature, uneccessary page copying (ioctl(UFFDIO_COPY)) would be required." [1] https://lore.kernel.org/linux-fsdevel/20210301222728.176417-1-axelrasmussen@google.com/T/#t This patch (of 5): Modify the userfaultfd register API to allow registering shmem VMAs in minor mode. Modify the shmem mcopy implementation to support UFFDIO_CONTINUE in order to resolve such faults. Combine the shmem mcopy handler functions into a single shmem_mcopy_atomic_pte, which takes a mode parameter. This matches how the hugetlbfs implementation is structured, and lets us remove a good chunk of boilerplate. Link: https://lkml.kernel.org/r/20210302000133.272579-1-axelrasmussen@google.com Link: https://lkml.kernel.org/r/20210302000133.272579-2-axelrasmussen@google.com Signed-off-by: Axel Rasmussen <axelrasmussen@google.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jerome Glisse <jglisse@redhat.com> Cc: Joe Perches <joe@perches.com> Cc: Lokesh Gidra <lokeshgidra@google.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Peter Xu <peterx@redhat.com> Cc: Shaohua Li <shli@fb.com> Cc: Shuah Khan <shuah@kernel.org> Cc: Wang Qing <wangqing@vivo.com> Cc: Brian Geffon <bgeffon@google.com> Cc: Cannon Matthews <cannonmatthews@google.com> Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com> Cc: David Rientjes <rientjes@google.com> Cc: Michel Lespinasse <walken@google.com> Cc: Mina Almasry <almasrymina@google.com> Cc: Oliver Upton <oupton@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> (cherry picked from commit 4cc6e15679966aa49afc5b114c3c83ba0ac39b05 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm) Link: https://lore.kernel.org/patchwork/patch/1388146/ Conflicts: include/linux/shmem_fs.h mm/shmem.c mm/userfaultfd.c (1. write-protect related conflicts, rebased manually 2. Enclose shmem_mcopy_atomic_pte() with CONFIG_USERFAULTFD to avoid compile errors when USERFAULTFD is not enabled.) Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 160737021 Bug: 169683130 Change-Id: Idcd822b2a124a089121b9ad8c65061f6979126ec |
||
|
Peter Zijlstra
|
be34758f37 |
BACKPORT: asm-generic/tlb: Remove tlb_flush_mmu_free()
As the comment notes; it is a potentially dangerous operation. Just use tlb_flush_mmu(), that will skip the (double) TLB invalidate if it really isn't needed anyway. No change in behavior intended. Change-Id: Id47600e5c233599de020ff095e8433d25d92e1b2 Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Will Deacon <will.deacon@arm.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Borislav Petkov <bp@alien8.de> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rik van Riel <riel@surriel.com> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Peter Zijlstra
|
8006d7cdd3 |
BACKPORT: asm-generic/tlb, arch: Provide CONFIG_HAVE_MMU_GATHER_PAGE_SIZE
Move the mmu_gather::page_size things into the generic code instead of PowerPC specific bits. No change in behavior intended. Change-Id: Iaffd5cb4600ce0f2f4225946fac22757bf0e1eb5 Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Will Deacon <will.deacon@arm.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Andy Lutomirski <luto@kernel.org> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Cc: Borislav Petkov <bp@alien8.de> Cc: Dave Hansen <dave.hansen@linux.intel.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Nick Piggin <npiggin@gmail.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Rik van Riel <riel@surriel.com> Cc: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Ingo Molnar <mingo@kernel.org> |
||
|
Peter Zijlstra
|
05b0b0ef6f |
BACKPORT: mm/memory: Move mmu_gather and TLB invalidation code into its own file
In preparation for maintaining the mmu_gather code as its own entity, move the implementation out of memory.c and into its own file. Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Michal Hocko <mhocko@suse.com> Change-Id: I524249ea128eea26e417eaf7f575e3f464e0f734 Signed-off-by: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Will Deacon <will.deacon@arm.com> |
||
|
Atakan
|
0700fa011f |
Revert "hugetlbfs: flush TLBs correctly after huge_pmd_unshare"
This reverts commit
|
||
|
Will Deacon
|
16fd1df198 |
UPSTREAM: asm-generic/tlb: Track which levels of the page tables have been cleared
It is common for architectures with hugepage support to require only a single TLB invalidation operation per hugepage during unmap(), rather than iterating through the mapping at a PAGE_SIZE increment. Currently, however, the level in the page table where the unmap() operation occurs is not stored in the mmu_gather structure, therefore forcing architectures to issue additional TLB invalidation operations or to give up and over-invalidate by e.g. invalidating the entire TLB. Ideally, we could add an interval rbtree to the mmu_gather structure, which would allow us to associate the correct mapping granule with the various sub-mappings within the range being invalidated. However, this is costly in terms of book-keeping and memory management, so instead we approximate by keeping track of the page table levels that are cleared and provide a means to query the smallest granule required for invalidation. Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: Nicholas Piggin <npiggin@gmail.com> Change-Id: I5db807ab1cd3559d9a93187cf38f2f7635278b96 Signed-off-by: Will Deacon <will.deacon@arm.com> |
||
|
Michael Bestas
|
0d750eaafc |
Merge tag 'ASB-2024-08-05_4.19-stable' of https://android.googlesource.com/kernel/common into android-msm-pixel-4.19
https://source.android.com/docs/security/bulletin/2024-08-01 CVE-2024-36971 * tag 'ASB-2024-08-05_4.19-stable' of https://android.googlesource.com/kernel/common: (2363 commits) Linux 4.19.318 i2c: rcar: bring hardware to known state when probing nilfs2: fix kernel bug on rename operation of broken directory SUNRPC: Fix RPC client cleaned up the freed pipefs dentries tcp: avoid too many retransmit packets tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() net: tcp: fix unexcepted socket die when snd_wnd is 0 tcp: refactor tcp_retransmit_timer() libceph: fix race between delayed_work() and ceph_monc_stop() hpet: Support 32-bit userspace USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k USB: serial: option: add Rolling RW350-GL variants USB: serial: option: add Netprisma LCUK54 series modules USB: serial: option: add support for Foxconn T99W651 USB: serial: option: add Fibocom FM350-GL USB: serial: option: add Telit FN912 rmnet compositions USB: serial: option: add Telit generic core-dump composition ARM: davinci: Convert comma to semicolon ... Conflicts: Documentation/devicetree/bindings/sound/rt5645.txt android/abi_gki_aarch64.xml drivers/clk/qcom/clk-rcg2.c drivers/hwtracing/coresight/coresight-etm4x.c drivers/leds/leds-pwm.c drivers/mmc/core/host.c drivers/mmc/core/sdio.c drivers/mmc/host/cqhci.c drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c drivers/rpmsg/qcom_glink_native.c drivers/scsi/ufs/ufshcd.c drivers/thermal/thermal_core.c drivers/usb/dwc3/core.c drivers/usb/gadget/function/f_ncm.c fs/f2fs/gc.c fs/pstore/ram_core.c include/linux/fs.h include/linux/timer.h include/net/tcp.h init/initramfs.c kernel/events/core.c kernel/sched/idle.c kernel/time/timer.c mm/page_alloc.c net/wireless/scan.c scripts/checkpatch.pl Change-Id: Ice08f3ba5dc64a093bc381710ef2408d963cb983 |
||
|
Greg Kroah-Hartman
|
ec0ad95612 |
Merge 4.19.312 into android-4.19-stable
Changes in 4.19.312
Documentation/hw-vuln: Update spectre doc
x86/cpu: Support AMD Automatic IBRS
x86/bugs: Use sysfs_emit()
timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps
timer/trace: Improve timer tracing
timers: Prepare support for PREEMPT_RT
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
ARM: dts: mmp2-brownstone: Don't redeclare phandle references
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
media: xc4000: Fix atomicity violation in xc4000_get_frequency
KVM: Always flush async #PF workqueue when vCPU is being destroyed
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
crypto: qat - fix double free during reset
crypto: qat - resolve race condition during AER recovery
fat: fix uninitialized field in nostale filehandles
ubifs: Set page uptodate in the correct place
ubi: Check for too small LEB size in VTBL code
ubi: correct the calculation of fastmap size
parisc: Do not hardcode registers in checksum functions
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
PM: suspend: Set mem_sleep_current during kernel command line setup
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
powerpc/fsl: Fix mfpmr build errors with newer binutils
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
USB: serial: add device ID for VeriFone adapter
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
PM: sleep: wakeirq: fix wake irq warning in system suspend
mmc: tmio: avoid concurrent runs of mmc_request_done()
fuse: don't unhash root
PCI: Drop pci_device_remove() test of pci_dev->driver
PCI/PM: Drain runtime-idle callbacks before driver removal
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
dm-raid: fix lockdep waring in "pers->hot_add_disk"
mmc: core: Fix switch on gp3 partition
hwmon: (amc6821) add of_match table
ext4: fix corruption during on-line resize
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
speakup: Fix 8bit characters from direct synth
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
vfio/platform: Disable virqfds on cleanup
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
s390/zcrypt: fix reference counting on zcrypt card objects
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
memtest: use {READ,WRITE}_ONCE in memory scanning
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: use a more common logging style
nilfs2: prevent kernel bug at submit_bh_wbc()
x86/CPU/AMD: Update the Zenbleed microcode revisions
ahci: asm1064: correct count of reported ports
ahci: asm1064: asm1166: don't limit reported ports
comedi: comedi_test: Prevent timers rescheduling during deletion
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
usb: gadget: ncm: Fix handling of zero block length packets
usb: port: Don't try to peer unused USB ports based on location
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
vt: fix unicode buffer corruption when deleting characters
vt: fix memory overlapping when deleting chars in the buffer
mm/memory-failure: fix an incorrect use of tail pages
mm/migrate: set swap entry values of THP tail pages properly.
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
usb: cdc-wdm: close race between read and workqueue
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
printk: Update @console_may_schedule in console_trylock_spinning()
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
Revert "loop: Check for overflow while configuring loop"
loop: Call loop_config_discard() only after new config is applied
loop: Remove sector_t truncation checks
loop: Factor out setting loop device size
loop: Refactor loop_set_status() size calculation
loop: properly observe rotational flag of underlying device
perf/core: Fix reentry problem in perf_output_read_group()
efivarfs: Request at most 512 bytes for variable names
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
loop: Factor out configuring loop from status
loop: Check for overflow while configuring loop
loop: loop_set_status_from_info() check before assignment
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
usb: udc: remove warning when queue disabled ep
scsi: qla2xxx: Fix command flush on cable pull
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
scsi: lpfc: Correct size for wqe for memset()
USB: core: Fix deadlock in usb_deauthorize_interface()
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
mptcp: add sk_stop_timer_sync helper
tcp: properly terminate timers for kernel sockets
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
Bluetooth: hci_event: set the conn encrypted before conn establishes
Bluetooth: Fix TOCTOU in HCI debugfs implementation
netfilter: nf_tables: disallow timeout for anonymous sets
net/rds: fix possible cp null dereference
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
net/sched: act_skbmod: prevent kernel-infoleak
net: stmmac: fix rx queue priority assignment
selftests: reuseaddr_conflict: add missing new line at the end of the output
ipv6: Fix infinite recursion in fib6_dump_done().
i40e: fix vf may be used uninitialized in this function warning
staging: mmal-vchiq: Avoid use of bool in structures
staging: mmal-vchiq: Allocate and free components as required
staging: mmal-vchiq: Fix client_component for 64 bit kernel
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: vc04_services: fix information leak in create_component()
initramfs: factor out a helper to populate the initrd image
fs: add a vfs_fchown helper
fs: add a vfs_fchmod helper
initramfs: switch initramfs unpacking to struct file based APIs
init: open /initrd.image with O_LARGEFILE
erspan: Add type I version 0 support.
erspan: make sure erspan_base_hdr is present in skb->head
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
arm64: dts: rockchip: fix rk3399 hdmi ports node
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
sysv: don't call sb_bread() with pointers_lock held
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
isofs: handle CDs with bad root inode but good Joliet root directory
media: sta2x11: fix irq handler cast
drm/amd/display: Fix nanosec stat overflow
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
block: prevent division by zero in blk_rq_stat_sum()
Input: allocate keycode for Display refresh rate toggle
ktest: force $buildonly = 1 for 'make_warnings_file' test type
tools: iio: replace seekdir() in iio_generic_buffer
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
fbmon: prevent division by zero in fb_videomode_from_videomode()
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
Bluetooth: btintel: Fixe build regression
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
erspan: Check IFLA_GRE_ERSPAN_VER is set.
ip_gre: do not report erspan version on GRE interface
initramfs: fix populate_initrd_image() section mismatch
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Linux 4.19.312
Change-Id: Ic4c50de6afb4c88c8011be6cc93f960d2dc968e0
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
David Hildenbrand
|
f18681daae |
x86/mm/pat: fix VM_PAT handling in COW mappings
commit 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 upstream.
PAT handling won't do the right thing in COW mappings: the first PTE (or,
in fact, all PTEs) can be replaced during write faults to point at anon
folios. Reliably recovering the correct PFN and cachemode using
follow_phys() from PTEs will not work in COW mappings.
Using follow_phys(), we might just get the address+protection of the anon
folio (which is very wrong), or fail on swap/nonswap entries, failing
follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and
track_pfn_copy(), not properly calling free_pfn_range().
In free_pfn_range(), we either wouldn't call memtype_free() or would call
it with the wrong range, possibly leaking memory.
To fix that, let's update follow_phys() to refuse returning anon folios,
and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings
if we run into that.
We will now properly handle untrack_pfn() with COW mappings, where we
don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if
the first page was replaced by an anon folio, though: we'd have to store
the cachemode in the VMA to make this work, likely growing the VMA size.
For now, lets keep it simple and let track_pfn_copy() just fail in that
case: it would have failed in the past with swap/nonswap entries already,
and it would have done the wrong thing with anon folios.
Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn():
<--- C reproducer --->
#include <stdio.h>
#include <sys/mman.h>
#include <unistd.h>
#include <liburing.h>
int main(void)
{
struct io_uring_params p = {};
int ring_fd;
size_t size;
char *map;
ring_fd = io_uring_setup(1, &p);
if (ring_fd < 0) {
perror("io_uring_setup");
return 1;
}
size = p.sq_off.array + p.sq_entries * sizeof(unsigned);
/* Map the submission queue ring MAP_PRIVATE */
map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE,
ring_fd, IORING_OFF_SQ_RING);
if (map == MAP_FAILED) {
perror("mmap");
return 1;
}
/* We have at least one page. Let's COW it. */
*map = 0;
pause();
return 0;
}
<--- C reproducer --->
On a system with 16 GiB RAM and swap configured:
# ./iouring &
# memhog 16G
# killall iouring
[ 301.552930] ------------[ cut here ]------------
[ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100
[ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g
[ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1
[ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4
[ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100
[ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000
[ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282
[ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047
[ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200
[ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000
[ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000
[ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000
[ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000
[ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0
[ 301.565725] PKRU: 55555554
[ 301.565944] Call Trace:
[ 301.566148] <TASK>
[ 301.566325] ? untrack_pfn+0xf4/0x100
[ 301.566618] ? __warn+0x81/0x130
[ 301.566876] ? untrack_pfn+0xf4/0x100
[ 301.567163] ? report_bug+0x171/0x1a0
[ 301.567466] ? handle_bug+0x3c/0x80
[ 301.567743] ? exc_invalid_op+0x17/0x70
[ 301.568038] ? asm_exc_invalid_op+0x1a/0x20
[ 301.568363] ? untrack_pfn+0xf4/0x100
[ 301.568660] ? untrack_pfn+0x65/0x100
[ 301.568947] unmap_single_vma+0xa6/0xe0
[ 301.569247] unmap_vmas+0xb5/0x190
[ 301.569532] exit_mmap+0xec/0x340
[ 301.569801] __mmput+0x3e/0x130
[ 301.570051] do_exit+0x305/0xaf0
...
Link: https://lkml.kernel.org/r/20240403212131.929421-3-david@redhat.com
Signed-off-by: David Hildenbrand <david@redhat.com>
Reported-by: Wupeng Ma <mawupeng1@huawei.com>
Closes: https://lkml.kernel.org/r/20240227122814.3781907-1-mawupeng1@huawei.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
e94b508133 |
Merge 4.19.305 into android-4.19-stable
Changes in 4.19.305 nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local i40e: Fix filter input checks to prevent config with invalid values net: sched: em_text: fix possible memory leak in em_text_destroy() ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init net: bcmgenet: Fix FCS generation for fragmented skbuffs net: Save and restore msg_namelen in sock_sendmsg i40e: fix use-after-free in i40e_aqc_add_filters() i40e: Restore VF MSI-X state during PCI reset net/qla3xxx: switch from 'pci_' to 'dma_' API net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues asix: Add check for usbnet_get_endpoints bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() mm/memory-failure: check the mapcount of the precise page firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards mm: fix unmap_mapping_range high bits shift bug mmc: rpmb: fixes pause retune on all RPMB partitions. mmc: core: Cancel delayed work before releasing host fuse: nlookup missing decrement in fuse_direntplus_link netfilter: nf_tables: Reject tables of unsupported family PCI: Extract ATS disabling to a helper function PCI: Disable ATS for specific Intel IPU E2000 devices net: add a route cache full diagnostic message net/dst: use a smaller percpu_counter batch for dst entries accounting ipv6: make ip6_rt_gc_expire an atomic_t ipv6: remove max_size check inline with ipv4 Linux 4.19.305 Change-Id: Idf89ecb57f78ee64046775110bcc887d081d1862 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jiajun Xie
|
2db1c46c39 |
mm: fix unmap_mapping_range high bits shift bug
commit 9eab0421fa94a3dde0d1f7e36ab3294fc306c99d upstream.
The bug happens when highest bit of holebegin is 1, suppose holebegin is
0x8000000111111000, after shift, hba would be 0xfff8000000111111, then
vma_interval_tree_foreach would look it up fail or leads to the wrong
result.
error call seq e.g.:
- mmap(..., offset=0x8000000111111000)
|- syscall(mmap, ... unsigned long, off):
|- ksys_mmap_pgoff( ... , off >> PAGE_SHIFT);
here pgoff is correctly shifted to 0x8000000111111,
but pass 0x8000000111111000 as holebegin to unmap
would then cause terrible result, as shown below:
- unmap_mapping_range(..., loff_t const holebegin)
|- pgoff_t hba = holebegin >> PAGE_SHIFT;
/* hba = 0xfff8000000111111 unexpectedly */
The issue happens in Heterogeneous computing, where the device(e.g.
gpu) and host share the same virtual address space.
A simple workflow pattern which hit the issue is:
/* host */
1. userspace first mmap a file backed VA range with specified offset.
e.g. (offset=0x800..., mmap return: va_a)
2. write some data to the corresponding sys page
e.g. (va_a = 0xAABB)
/* device */
3. gpu workload touches VA, triggers gpu fault and notify the host.
/* host */
4. reviced gpu fault notification, then it will:
4.1 unmap host pages and also takes care of cpu tlb
(use unmap_mapping_range with offset=0x800...)
4.2 migrate sys page to device
4.3 setup device page table and resolve device fault.
/* device */
5. gpu workload continued, it accessed va_a and got 0xAABB.
6. gpu workload continued, it wrote 0xBBCC to va_a.
/* host */
7. userspace access va_a, as expected, it will:
7.1 trigger cpu vm fault.
7.2 driver handling fault to migrate gpu local page to host.
8. userspace then could correctly get 0xBBCC from va_a
9. done
But in step 4.1, if we hit the bug this patch mentioned, then userspace
would never trigger cpu fault, and still get the old value: 0xAABB.
Making holebegin unsigned first fixes the bug.
Link: https://lkml.kernel.org/r/20231220052839.26970-1-jiajun.xie.sh@gmail.com
Signed-off-by: Jiajun Xie <jiajun.xie.sh@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Wilson Sung
|
63376759a1 |
Merge android-4.19-stable (4.19.272) into android-msm-pixel-4.19-lts
Merge 4.19.272 into android-4.19-stable
Linux 4.19.272
* usb: host: xhci-plat: add wakeup entry at sysfs
drivers/usb/host/xhci-plat.c
* ipv6: ensure sane device mtu in tunnels
net/ipv6/ip6_tunnel.c
net/ipv6/sit.c
* exit: Use READ_ONCE() for all oops/warn limit reads
kernel/exit.c
kernel/panic.c
docs: Fix path paste-o for /sys/kernel/warn_count
* panic: Expose "warn_count" to sysfs
kernel/panic.c
* panic: Introduce warn_limit
kernel/panic.c
* panic: Consolidate open-coded panic_on_warn checks
include/linux/kernel.h
kernel/panic.c
kernel/sched/core.c
* exit: Allow oops_limit to be disabled
kernel/exit.c
* exit: Expose "oops_count" to sysfs
kernel/exit.c
* exit: Put an upper limit on how often we can oops
kernel/exit.c
ia64: make IA64_MCA_RECOVERY bool instead of tristate
h8300: Fix build errors from do_exit() to make_task_dead() transition
hexagon: Fix function name in die()
objtool: Add a missing comma to avoid string concatenation
* exit: Add and use make_task_dead.
arch/arm64/kernel/traps.c
arch/arm64/mm/fault.c
include/linux/sched/task.h
kernel/exit.c
* panic: unset panic_on_warn inside panic()
kernel/panic.c
* sysctl: add a new register_sysctl_init() interface
fs/proc/proc_sysctl.c
include/linux/sysctl.h
dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
ARM: dts: imx: Fix pca9547 i2c-mux node name
x86/entry/64: Add instruction suffix to SYSRET
x86/asm: Fix an assembler warning with current binutils
drm/i915/display: fix compiler warning about array overrun
x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode"
net/tg3: resolve deadlock in tg3_reset_task() during EEH
net: ravb: Fix possible hang if RIS2_QFF1 happen
* sctp: fail if no bound addresses can be used for a given scope
net/sctp/bind_addr.c
netrom: Fix use-after-free of a listening socket.
* netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
net/netfilter/nf_conntrack_proto_sctp.c
* ipv4: prevent potential spectre v1 gadget in ip_metrics_convert()
net/ipv4/metrics.c
* netlink: annotate data races around sk_state
net/netlink/af_netlink.c
* netlink: annotate data races around dst_portid and dst_group
net/netlink/af_netlink.c
* netlink: annotate data races around nlk->portid
net/netlink/af_netlink.c
* netlink: remove hash::nelems check in netlink_insert
net/netlink/af_netlink.c
netfilter: nft_set_rbtree: skip elements in transaction from garbage collection
* net: fix UaF in netns ops registration error path
net/core/net_namespace.c
* EDAC/device: Respect any driver-supplied workqueue polling value
drivers/edac/edac_device.c
ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
cifs: Fix oops due to uncleared server->smbd_conn in reconnect
smbd: Make upper layer decide when to destroy the transport
trace_events_hist: add check for return value of 'create_hist_field'
* tracing: Make sure trace_printk() can output as soon as it can be used
kernel/trace/trace.c
kernel/trace/trace.h
kernel/trace/trace_output.c
* module: Don't wait for GOING modules
kernel/module.c
scsi: hpsa: Fix allocation size for scsi_host_alloc()
* Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
net/bluetooth/hci_core.c
fs: reiserfs: remove useless new_opts in reiserfs_remount
perf env: Do not return pointers to local variables
* block: fix and cleanup bio_check_ro
block/blk-core.c
* netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state
net/netfilter/nf_conntrack_proto_tcp.c
w1: fix WARNING after calling w1_process()
w1: fix deadloop in __w1_remove_master_device()
* tcp: avoid the lookup process failing to get sk in ehash table
net/ipv4/inet_hashtables.c
net/ipv4/inet_timewait_sock.c
dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node()
dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling
dmaengine: xilinx_dma: program hardware supported buffer length
dmaengine: xilinx_dma: commonize DMA copy size calculation
HID: betop: check shape of output reports
net: macb: fix PTP TX timestamp failure due to packet padding
* dmaengine: Fix double increment of client_count in dma_chan_get()
drivers/dma/dmaengine.c
net: mlx5: eliminate anonymous module_init & module_exit
* usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
drivers/usb/gadget/function/f_fs.c
* usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
drivers/usb/gadget/function/f_fs.c
* HID: check empty report_list in hid_validate_values()
drivers/hid/hid-core.c
* net: mdio: validate parameter addr in mdiobus_get_phy()
drivers/net/phy/mdio_bus.c
net: usb: sr9700: Handle negative len
wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
net: nfc: Fix use-after-free in local_cleanup()
phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on()
* bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation
kernel/bpf/verifier.c
amd-xgbe: Delay AN timeout during KR training
amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
affs: initialize fsdata in affs_truncate()
IB/hfi1: Fix expected receive setup error exit issues
IB/hfi1: Reserve user expected TIDs
IB/hfi1: Reject a zero-length user expected buffer
tomoyo: fix broken dependency on *.conf.default
EDAC/highbank: Fix memory leak in highbank_mc_probe()
HID: intel_ish-hid: Add check for ishtp_dma_tx_map
ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
UPSTREAM: tcp: fix tcp_rmem documentation
* UPSTREAM: nvmem: core: skip child nodes not matching binding
drivers/nvmem/core.c
* BACKPORT: nvmem: core: Fix a resource leak on error in nvmem_add_cells_from_of()
drivers/nvmem/core.c
* UPSTREAM: sched/eas: Don't update misfit status if the task is pinned
kernel/sched/fair.c
* BACKPORT: arm64: link with -z norelro for LLD or aarch64-elf
arch/arm64/Makefile
* UPSTREAM: driver: core: Fix list corruption after device_del()
drivers/base/core.c
* UPSTREAM: coresight: tmc-etr: Fix barrier packet insertion for perf buffer
drivers/hwtracing/coresight/coresight-tmc-etr.c
* UPSTREAM: f2fs: fix double free of unicode map
fs/f2fs/super.c
* BACKPORT: net: xfrm: fix memory leak in xfrm_user_policy()
net/xfrm/xfrm_state.c
UPSTREAM: xfrm/compat: Don't allocate memory with __GFP_ZERO
UPSTREAM: xfrm/compat: memset(0) 64-bit padding at right place
UPSTREAM: xfrm/compat: Translate by copying XFRMA_UNSPEC attribute
* UPSTREAM: scsi: ufs: Fix missing brace warning for old compilers
drivers/scsi/ufs/ufshcd-crypto.c
* UPSTREAM: arm64: vdso32: make vdso32 install conditional
arch/arm64/Makefile
* UPSTREAM: loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE
drivers/block/loop.c
BACKPORT: drm/virtio: fix missing dma_fence_put() in virtio_gpu_execbuffer_ioctl()
* BACKPORT: sched/uclamp: Protect uclamp fast path code with static key
kernel/sched/core.c
kernel/sched/cpufreq_schedutil.c
kernel/sched/sched.h
* BACKPORT: sched/uclamp: Fix initialization of struct uclamp_rq
kernel/sched/core.c
* UPSTREAM: coresight: etmv4: Fix CPU power management setup in probe() function
drivers/hwtracing/coresight/coresight-etm4x.c
* UPSTREAM: arm64: vdso: Add --eh-frame-hdr to ldflags
arch/arm64/kernel/vdso/Makefile
* BACKPORT: arm64: vdso: Add '-Bsymbolic' to ldflags
arch/arm64/kernel/vdso/Makefile
UPSTREAM: drm/virtio: fix a wait_event condition
* BACKPORT: sched/topology: Don't try to build empty sched domains
kernel/cgroup/cpuset.c
kernel/sched/topology.c
* BACKPORT: binder: prevent UAF read in print_binder_transaction_log_entry()
drivers/android/binder.c
drivers/android/binder_internal.h
* BACKPORT: copy_process(): don't use ksys_close() on cleanups
kernel/fork.c
* BACKPORT: arm64: vdso: Remove unnecessary asm-offsets.c definitions
arch/arm64/kernel/asm-offsets.c
* UPSTREAM: locking/lockdep, cpu/hotplug: Annotate AP thread
kernel/cpu.c
* Revert "xhci: Add a flag to disable USB3 lpm on a xhci root port level."
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
Merge 4.19.271 into android-4.19-stable
BACKPORT: mac80211_hwsim: add concurrent channels scanning support over virtio
* BACKPORT: mac80211_hwsim: add frame transmission support over virtio This allows communication with external entities.
include/uapi/linux/virtio_ids.h
* BACKPORT: driver core: Skip unnecessary work when device doesn't have sync_state()
drivers/base/core.c
Linux 4.19.271
x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN
* Revert "ext4: generalize extents status tree search functions"
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* Revert "ext4: add new pending reservation mechanism"
fs/ext4/ext4.h
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/super.c
* Revert "ext4: fix reserved cluster accounting at delayed write time"
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* Revert "ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline"
fs/ext4/extents.c
gsmi: fix null-deref in gsmi_get_variable
serial: atmel: fix incorrect baudrate setup
serial: pch_uart: Pass correct sg to dma_unmap_sg()
usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
* usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
drivers/usb/gadget/function/f_ncm.c
usb: gadget: g_webcam: Send color matching descriptor per frame
usb: typec: altmodes/displayport: Fix pin assignment calculation
usb: typec: altmodes/displayport: Add pin assignment helper
usb: host: ehci-fsl: Fix module alias
USB: serial: cp210x: add SCALANCE LPE-9000 device id
cifs: do not include page data when checking signature
mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
comedi: adv_pci1760: Fix PWM instruction handling
* usb: core: hub: disable autosuspend for TI TUSB8041
drivers/usb/core/hub.c
USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100
USB: serial: option: add Quectel EM05CN modem
USB: serial: option: add Quectel EM05CN (SG) modem
USB: serial: option: add Quectel EC200U modem
USB: serial: option: add Quectel EM05-G (RS) modem
USB: serial: option: add Quectel EM05-G (CS) modem
USB: serial: option: add Quectel EM05-G (GR) modem
* prlimit: do_prlimit needs to have a speculation check
kernel/sys.c
* xhci: Add a flag to disable USB3 lpm on a xhci root port level.
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
* xhci: Fix null pointer dereference when host dies
drivers/usb/host/xhci.c
* usb: xhci: Check endpoint is valid before dereferencing it
drivers/usb/host/xhci-ring.c
* xhci-pci: set the dma max_seg_size
drivers/usb/host/xhci-pci.c
nilfs2: fix general protection fault in nilfs_btree_insert()
Add exception protection processing for vd in axi_chan_handle_err function
* f2fs: let's avoid panic if extent_tree is not created
fs/f2fs/extent_cache.c
RDMA/srp: Move large values to a new enum for gcc13
* net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats
net/core/ethtool.c
pNFS/filelayout: Fix coalescing test for single DS
* ANDROID: usb: f_accessory: Check buffer size when initialised via composite
drivers/usb/gadget/configfs.c
drivers/usb/gadget/function/f_accessory.c
Merge 4.19.270 into android-4.19-stable
Linux 4.19.270
serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
serial: tegra: Only print FIFO error message when an error occurs
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
efi: fix NULL-deref in init error path
* arm64: cmpxchg_double*: hazard against entire exchange variable
arch/arm64/include/asm/atomic_ll_sc.h
arch/arm64/include/asm/atomic_lse.h
drm/virtio: Fix GEM handle creation UAF
x86/resctrl: Fix task CLOSID/RMID update race
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
net/mlx5: Fix ptp max frequency adjustment range
net/mlx5: Rename ptp clock info
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
hvc/xen: lock console list traversal
regulator: da9211: Use irq handler when ready
* EDAC/device: Fix period calculation in edac_device_reset_delay_period()
drivers/edac/edac_device.c
drivers/edac/edac_module.h
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
* ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
fs/ext4/exten Conflicts:
drivers/edac/edac_device.c
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/usb/core/hub.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/function/f_hid.c
kernel/panic.c
mm/kasan/report.cts.c
* ext4: fix reserved cluster accounting at delayed write time
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* ext4: add new pending reservation mechanism
fs/ext4/ext4.h
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/super.c
* ext4: generalize extents status tree search functions
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/extents_status.c
fs/ext4/extents_status.h
fs/ext4/inode.c
include/trace/events/ext4.h
* ext4: fix uninititialized value in 'ext4_evict_inode'
fs/ext4/super.c
* ext4: fix use-after-free in ext4_orphan_cleanup
fs/ext4/inode.c
* ext4: lost matching-pair of trace in ext4_truncate
fs/ext4/inode.c
* ext4: fix bug_on in __es_tree_search caused by bad quota inode
fs/quota/dquot.c
* quota: Factor out setup of quota inode
fs/quota/dquot.c
include/linux/quotaops.h
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
kest.pl: Fix grub2 menu handling for rebooting
ktest.pl: Fix incorrect reboot for grub2bls
ktest: introduce grub2bls REBOOT_TYPE option
ktest: cleanup get_grub_index
ktest: introduce _get_grub_index
ktest: Add support for meta characters in GRUB_MENU
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
wifi: wilc1000: sdio: fix module autoloading
* ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
net/ipv6/raw.c
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
cifs: Fix uninitialized memory read for smb311 posix symlink create
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
sound/core/control_compat.c
* net/ulp: prevent ULP without clone op from entering the LISTEN status
net/ipv4/inet_connection_sock.c
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
perf auxtrace: Fix address filter duplicate symbol selection
docs: Fix the docs build with Sphinx 6.0
* net: sched: disallow noqueue for qdisc classes
net/sched/sch_api.c
* driver core: Fix bus_type.match() error handling in __driver_attach()
drivers/base/dd.c
parisc: Align parisc MADV_XXX constants with all other architectures
* mbcache: Avoid nesting of cache->c_list_lock under bit locks
fs/mbcache.c
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
hfs/hfsplus: use WARN_ON for sanity check
* ext4: don't allow journal inode to have encrypt flag
fs/ext4/super.c
riscv: uaccess: fix type of 0 variable on error in get_user()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
x86/bugs: Flush IBP in ib_prctl_set()
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
udf: Fix extension of the last extent in the file
caif: fix memory leak in cfctrl_linkup_request()
usb: rndis_host: Secure rndis_query check against int overflow
net: sched: atm: dont intepret cls results when asked to drop
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
net: amd-xgbe: add missed tasklet_kill
nfc: Fix potential resource leaks
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
* bpf: pull before calling skb_postpull_rcsum()
net/core/filter.c
* SUNRPC: ensure the matching upcall is in-flight upon downcall
include/linux/sunrpc/rpc_pipe_fs.h
* ext4: fix deadlock due to mbcache entry corruption
fs/ext4/xattr.c
fs/mbcache.c
include/linux/mbcache.h
* mbcache: automatically delete entries from cache on freeing
fs/mbcache.c
include/linux/mbcache.h
* ext4: fix race when reusing xattr blocks
fs/ext4/xattr.c
* ext4: unindent codeblock in ext4_xattr_block_set()
fs/ext4/xattr.c
* ext4: remove EA inode entry from mbcache on inode eviction
fs/ext4/inode.c
fs/ext4/xattr.c
fs/ext4/xattr.h
* mbcache: add functions to delete entry if unused
fs/mbcache.c
include/linux/mbcache.h
* mbcache: don't reclaim used entries
fs/mbcache.c
* ext4: use kmemdup() to replace kmalloc + memcpy
fs/ext4/xattr.c
* ext4: correct inconsistent error msg in nojournal mode
fs/ext4/super.c
* ext4: goto right label 'failed_mount3a'
fs/ext4/super.c
* driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
drivers/base/dd.c
ravb: Fix "failed to switch device to config mode" message during unbind
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
dm thin: resume even if in FAIL mode
media: s5p-mfc: Fix in register read and write for H264
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix to handle reference queue during finishing
btrfs: replace strncpy() with strscpy()
btrfs: send: avoid unnecessary backref lookups when finding clone source
* ext4: allocate extended attribute value in vmalloc area
fs/ext4/xattr.c
* ext4: avoid unaccounted block allocation when expanding inode
fs/ext4/inode.c
* ext4: initialize quota before expanding inode in setproject ioctl
fs/ext4/ioctl.c
* ext4: fix inode leak in ext4_xattr_inode_create() on an error path
fs/ext4/xattr.c
* ext4: avoid BUG_ON when creating xattrs
fs/ext4/xattr.c
* ext4: fix error code return to user-space in ext4_get_branch()
fs/ext4/indirect.c
* ext4: fix corruption when online resizing a 1K bigalloc fs
fs/ext4/resize.c
* ext4: init quota for 'old.inode' in 'ext4_rename'
fs/ext4/namei.c
* ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
fs/ext4/ioctl.c
* ext4: add helper to check quota inums
fs/ext4/super.c
* ext4: fix undefined behavior in bit shift for ext4_check_flag_values
fs/ext4/ext4.h
* ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
fs/ext4/inode.c
drm/vmwgfx: Validate the box size for the snooped cursor
* drm/connector: send hotplug uevent on connector cleanup
drivers/gpu/drm/drm_connector.c
device_cgroup: Roll back to original exceptions after copy failure
parisc: led: Fix potential null-ptr-deref in start_task()
iommu/amd: Fix ivrs_acpihid cmdline parsing code
crypto: n2 - add missing hash statesize
* PCI/sysfs: Fix double free in error path
drivers/pci/pci-sysfs.c
* PCI: Fix pci_device_is_present() for VFs by checking PF
drivers/pci/pci.c
ipmi: fix use after free in _ipmi_destroy_user()
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix long wait in unload when IPMI disconnect
md/bitmap: Fix bitmap chunk size overflow issues
cifs: fix confusing debug message
media: dvb-core: Fix UAF due to refcount races at releasing
media: dvb-core: Fix double free in dvb_register_device()
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
* tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
kernel/trace/trace.c
x86/microcode/intel: Do not retry microcode reloading on the APs
dm cache: set needs_check flag after aborting metadata
dm cache: Fix UAF in destroy()
dm thin: Fix UAF in run_timer_softirq()
dm thin: Use last transaction's pmd->root when commit failed
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
binfmt: Fix error return code in load_elf_fdpic_binary()
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
selftests: Use optional USERCFLAGS and USERLDFLAGS
ARM: ux500: do not directly dereference __iomem
ktest.pl minconfig: Unset configs instead of just removing them
* soc: qcom: Select REMAP_MMIO for LLCC driver
drivers/soc/qcom/Kconfig
media: stv0288: use explicitly signed char
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
md: fix a crash in mempool_free
* pnode: terminate at peers of source
fs/pnode.c
ALSA: line6: fix stack overflow in line6_midi_transmit
ALSA: line6: correct midi status byte when receiving data from podxt
* ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
fs/overlayfs/dir.c
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
* HID: plantronics: Additional PIDs for double volume key presses quirk
drivers/hid/hid-ids.h
drivers/hid/hid-plantronics.c
powerpc/rtas: avoid scheduling in rtas_os_term()
powerpc/rtas: avoid device tree lookups in rtas_os_term()
ata: ahci: Fix PCS quirk application for suspend
media: dvbdev: fix refcnt bug
* media: dvbdev: fix build warning due to comments
include/media/dvbdev.h
gcov: add support for checksum field
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
reiserfs: Add missing calls to reiserfs_security_free()
* HID: wacom: Ensure bootloader PID is usable in hidraw mode
drivers/hid/wacom_sys.c
drivers/hid/wacom_wac.c
drivers/hid/wacom_wac.h
* usb: dwc3: core: defer probe on ulpi_read_id timeout
drivers/usb/dwc3/core.c
* pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
fs/pstore/Kconfig
* pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
fs/pstore/pmsg.c
ASoC: rt5670: Remove unbalanced pm_runtime_put()
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
clk: st: Fix memory leak in st_of_quadfs_setup()
media: si470x: Fix use-after-free in si470x_int_in_callback()
mmc: f-sdh30: Add quirks for broken timeout clock capability
* regulator: core: fix use_count leakage when handling boot-on
drivers/regulator/core.c
* blk-mq: fix possible memleak when register 'hctx' failed
block/blk-mq-sysfs.c
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
* media: dvbdev: adopts refcnt to avoid UAF
include/media/dvbdev.h
media: dvb-frontends: fix leak of memory fw
* ppp: associate skb with a device at tx
drivers/net/ppp/ppp_generic.c
* mrp: introduce active flags to prevent UAF when applicant uninit
include/net/mrp.h
md/raid1: stop mdx_raid1 thread when raid1 array run failed
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
drm/sti: Use drm_mode_copy()
s390/lcs: Fix return type of lcs_start_xmit()
s390/netiucv: Fix return type of netiucv_tx()
s390/ctcm: Fix return type of ctc{mp,}m_tx()
drm/amdgpu: Fix type of second parameter in trans_msg() callback
igb: Do not free q_vector unless new one was allocated
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
* bpf: make sure skb->len != 0 when redirecting to a tunneling device
net/core/filter.c
ipmi: fix memleak when unload ipmi driver
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
wifi: ath9k: verify the expected usb_endpoints are present
hfs: fix OOB Read in __hfs_brec_find
acct: fix potential integer overflow in encode_comp_t()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
ACPICA: Fix error code path in acpi_ds_call_control_method()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbAllocAG
binfmt_misc: fix shift-out-of-bounds in check_special_flags
* net: stream: purge sk_error_queue in sk_stream_kill_queues()
net/core/stream.c
myri10ge: Fix an error handling path in myri10ge_probe()
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
* net_sched: reject TCF_EM_SIMPLE case for complex ematch module
net/sched/ematch.c
* skbuff: Account for tail adjustment during pull operations
net/core/skbuff.c
openvswitch: Fix flow lookup to use unmasked key
rtc: mxc_v2: Add missing clk_disable_unprepare()
r6040: Fix kmemleak in probe and remove
nfc: pn533: Clear nfc_target before being used
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
selftests/powerpc: Fix resource leaks
powerpc/hv-gpci: Fix hv_gpci event list
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/52xx: Fix a resource leak in an error handling path
macintosh/macio-adb: check the return value of ioremap()
macintosh: fix possible memory leak in macio_add_one_device()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
iommu/amd: Fix pci device refcount leak in ppr_notifier()
rtc: snvs: Allow a time difference on clock register read
* include/uapi/linux/swab: Fix potentially missing __always_inline
include/uapi/linux/swab.h
HSI: omap_ssi_core: Fix error handling in ssi_init()
perf symbol: correction while adjusting symbol
* power: supply: fix residue sysfs file in error handle route of __power_supply_register()
drivers/power/supply/power_supply_core.c
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
fbdev: vermilion: decrease reference count in error path
fbdev: via: Fix error in via_core_init()
fbdev: pm2fb: fix missing pci_disable_device()
* fbdev: ssd1307fb: Drop optional dependency
drivers/video/fbdev/Kconfig
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
tracing/hist: Fix issue of losting command info in error_log
usb: storage: Add check for kcalloc
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
vme: Fix error not catched in fake_init()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
staging: rtl8192u: Fix use after free in ieee80211_rx()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
* chardev: fix error handling in cdev_device_add()
fs/char_dev.c
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
drivers: mcb: fix resource leak in mcb_probe()
* usb: gadget: f_hid: fix refcount leak on error path
drivers/usb/gadget/function/f_hid.c
* usb: gadget: f_hid: fix f_hidg lifetime vs cdev
drivers/usb/gadget/function/f_hid.c
* usb: gadget: f_hid: optional SETUP/SET_REPORT mode
drivers/usb/gadget/function/f_hid.c
drivers/usb/gadget/function/u_hid.h
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
test_firmware: fix memory leak in test_firmware_init()
serial: sunsab: Fix error handling in sunsab_init()
serial: altera_uart: fix locking in polling mode
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
serial: pch: Fix PCI device refcount leak in pch_request_dma()
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: amba-pl011: avoid SBSA UART accessing DMACR register
* usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
drivers/usb/typec/bus.c
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: fotg210-udc: Fix ages old endianness issues
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
vfio: platform: Do not pass return buffer to ACPI _RST method
* class: fix possible memory leak in __class_register()
drivers/base/class.c
serial: tegra: Read DMA status before terminating
tty: serial: tegra: Activate RX DMA transfer by request
serial: tegra: Add PIO mode support
serial: tegra: report clk rate errors
serial: tegra: add support to adjust baud rate
serial: tegra: add support to use 8 bytes trigger
serial: tegra: set maximum num of uart ports to 8
serial: tegra: check for FIFO mode enabled status
serial: tegra: avoid reg access when clk disabled
drivers: dio: fix possible memory leak in dio_init()
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
hwrng: geode - Fix PCI device refcount leak
hwrng: amd - Fix PCI device refcount leak
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
orangefs: Fix sysfs not cleanup when dev init failed
RDMA/hfi1: Fix error return code in parse_platform_config()
scsi: snic: Fix possible UAF in snic_tgt_create()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
scsi: hpsa: use local workqueues instead of system workqueues
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/hfi: Decrease PCI device reference count in error path
* PCI: Check for alloc failure in pci_request_irq()
drivers/pci/irq.c
scsi: scsi_debug: Fix a warning in resp_write_scat()
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
* f2fs: fix normal discard process
fs/f2fs/segment.c
apparmor: Fix abi check to include v8 abi
apparmor: fix lockdep warning when removing a namespace
apparmor: fix a memleak in multi_transaction_new()
stmmac: fix potential division by 0
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
* Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
net/bluetooth/hci_core.c
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
net: lan9303: Fix read error execution path
net: amd-xgbe: Check only the minimum speed for active/passive cables
net: amd-xgbe: Fix logic around active and passive cables
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
* net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net/ipv4/udp_tunnel.c
net: farsync: Fix kmemleak when rmmods farsync
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
net: defxx: Fix missing err handling in dfx_init()
net: vmw_vsock: vmci: Check memcpy_from_msg()
clk: socfpga: use clk_hw_register for a5/c5
clk: socfpga: clk-pll: Remove unused variable 'rc'
* blktrace: Fix output non-blktrace event when blk_classic option enabled
kernel/trace/blktrace.c
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
rtl8xxxu: add enumeration for channel bandwidth
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
media: coda: Add check for kmalloc
media: coda: Add check for dcoda_iram_alloc
media: c8sectpfe: Add of_node_put() when breaking out of loop
mmc: mmci: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: moxart: fix return value check of mmc_add_host()
NFSv4.x: Fail client initialisation if state manager thread can't run
SUNRPC: Fix missing release socket in rpc_sockname()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
media: saa7164: fix missing pci_disable_device()
* regulator: core: fix module refcount leak in set_supply()
drivers/regulator/core.c
* wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
net/wireless/reg.c
* bonding: uninitialized variable in bond_miimon_inspect()
drivers/net/bonding/bond_main.c
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
ALSA: asihpi: fix missing pci_disable_device()
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
NFSv4.2: Fix a memory stomp in decode_attr_security_label
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
* pinctrl: pinconf-generic: add missing of_node_put()
drivers/pinctrl/pinconf-generic.c
media: imon: fix a race condition in send_packet()
drbd: remove call to memset before free device/resource/connection
mtd: maps: pxa2xx-flash: fix memory leak in probe
* bonding: Export skip slave logic to function
drivers/net/bonding/bond_main.c
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
* ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
include/uapi/sound/asequencer.h
HID: hid-sensor-custom: set fixed size for custom attributes
media: platform: exynos4-is: Fix error handling in fimc_md_init()
media: solo6x10: fix possible memory leak in solo_sysfs_init()
Input: elants_i2c - properly handle the reset GPIO when power is off
mtd: lpddr2_nvm: Fix possible null-ptr-deref
wifi: ath10k: Fix return value in ath10k_pci_init()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
* regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
drivers/regulator/core.c
ASoC: pxa: fix null-pointer dereference in filter()
drm/radeon: Add the missed acpi_put_table() to fix memory leak
* net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
include/linux/proc_fs.h
media: camss: Clean up received buffers on failed start of streaming
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
mtd: Fix device name leak when register device failed in add_mtd_device()
media: vivid: fix compose size exceed boundary
spi: Update reference to struct spi_controller
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: do not increase tx statistics when sending error message frames
media: i2c: ad5820: Fix error path
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
wifi: rtl8xxxu: Fix reading the vendor of combo chips
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
rapidio: devices: fix missing put_device in mport_cdev_open
hfs: Fix OOB Write in hfs_asc2mac
relay: fix type mismatch when allocating memory in relay_create_buf()
* eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
include/linux/eventfd.h
rapidio: fix possible UAF when kfifo_alloc() fails
fs: sysv: Fix sysv_nblocks() returns wrong value
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
* PM: runtime: Do not call __rpm_callback() from rpm_idle()
drivers/base/power/runtime.c
* PM: runtime: Improve path in rpm_idle() when no callback
drivers/base/power/runtime.c
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
x86/xen: Fix memory leak in xen_init_lock_cpu()
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
xen/events: only register debug interrupt for 2-level events
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
rapidio: rio: fix possible name leak in rio_register_mport()
rapidio: fix possible name leaks when rio_add_device() fails
* debugfs: fix error when writing negative value to atomic_t debugfs file
fs/debugfs/file.c
include/linux/debugfs.h
lib/notifier-error-inject: fix error when writing -errno to debugfs file
* libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
fs/libfs.c
include/linux/fs.h
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
PNP: fix name memory leak in pnp_alloc_dev()
MIPS: vpe-cmp: fix possible memory leak while module exiting
MIPS: vpe-mt: fix possible memory leak while module exiting
ocfs2: fix memory leak in ocfs2_stack_glue_init()
proc: fixup uptime selftest
* timerqueue: Use rb_entry_safe() in timerqueue_getnext()
include/linux/timerqueue.h
* perf: Fix possible memleak in pmu_dev_alloc()
kernel/events/core.c
selftests/ftrace: event_triggers: wait longer for test_event_enable
* fs: don't audit the capability check in simple_xattr_list()
fs/xattr.c
alpha: fix syscall entry in !AUDUT_SYSCALL case
* cpuidle: dt: Return the correct numbers of parsed idle states
drivers/cpuidle/dt_idle_states.c
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
* pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
fs/pstore/ram_core.c
ARM: mmp: fix timer_read delay
* pstore/ram: Fix error return code in ramoops_probe()
fs/pstore/ram.c
ARM: dts: turris-omnia: Add switch port 6 node
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
arm: dts: spear600: Fix clcd interrupt
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
ARM: dts: qcom: apq8064: fix coresight compatible
usb: musb: remove extra check in musb_gadget_vbus_draw
* net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
drivers/net/loopback.c
* Bluetooth: L2CAP: Fix u8 overflow
net/bluetooth/l2cap_core.c
igb: Initialize mailbox message for VF reset
USB: serial: f81534: fix division by zero on line-speed change
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
USB: serial: option: add Quectel EM05-G modem
usb: gadget: uvc: Prevent buffer overflow in setup handler
udf: Fix extending file within last block
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix preallocation discarding at indirect extent boundary
udf: Discard preallocation before extending file with a hole
perf script python: Remove explicit shebang from tests/attr.c
* ASoC: ops: Correct bounds check for second channel on SX controls
sound/soc/soc-ops.c
can: mcba_usb: Fix termination command argument
* can: sja1000: fix size of OCR_MODE_MASK define
include/linux/can/platform/sja1000.h
pinctrl: meditatek: Startup with the IRQs disabled
* ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
sound/soc/soc-ops.c
nfp: fix use-after-free in area_cache_get()
* block: unhash blkdev part inode when the part is deleted
block/partition-generic.c
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
* mm/khugepaged: fix GUP-fast interaction by sending IPI
include/asm-generic/tlb.h
mm/memory.c
ANDROID: Add more hvc devices for virtio-console.
ANDROID: Add allowed symbols required from Qualcomm drivers
* BACKPORT: lib: introduce copy_struct_from_user() helper
include/linux/bitops.h
include/linux/uaccess.h
lib/strnlen_user.c
lib/usercopy.c
* ANDROID: fix BIT() redefinition
include/linux/bits.h
include/vdso/bits.h
Bug: 268137599
Change-Id: I1ae5c7cfdd0387ced375d87341327c27bd3ae454
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Greg Kroah-Hartman
|
f66335a3cf |
Merge 4.19.270 into android-4.19-stable
Changes in 4.19.270
mm/khugepaged: fix GUP-fast interaction by sending IPI
mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
block: unhash blkdev part inode when the part is deleted
nfp: fix use-after-free in area_cache_get()
ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
pinctrl: meditatek: Startup with the IRQs disabled
can: sja1000: fix size of OCR_MODE_MASK define
can: mcba_usb: Fix termination command argument
ASoC: ops: Correct bounds check for second channel on SX controls
perf script python: Remove explicit shebang from tests/attr.c
udf: Discard preallocation before extending file with a hole
udf: Fix preallocation discarding at indirect extent boundary
udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
udf: Fix extending file within last block
usb: gadget: uvc: Prevent buffer overflow in setup handler
USB: serial: option: add Quectel EM05-G modem
USB: serial: cp210x: add Kamstrup RF sniffer PIDs
USB: serial: f81534: fix division by zero on line-speed change
igb: Initialize mailbox message for VF reset
Bluetooth: L2CAP: Fix u8 overflow
net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
usb: musb: remove extra check in musb_gadget_vbus_draw
ARM: dts: qcom: apq8064: fix coresight compatible
drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
arm: dts: spear600: Fix clcd interrupt
soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init()
arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators
arm64: dts: mt2712e: Fix unit address for pinctrl node
arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
ARM: dts: turris-omnia: Add ethernet aliases
ARM: dts: turris-omnia: Add switch port 6 node
pstore/ram: Fix error return code in ramoops_probe()
ARM: mmp: fix timer_read delay
pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
cpuidle: dt: Return the correct numbers of parsed idle states
alpha: fix syscall entry in !AUDUT_SYSCALL case
fs: don't audit the capability check in simple_xattr_list()
selftests/ftrace: event_triggers: wait longer for test_event_enable
perf: Fix possible memleak in pmu_dev_alloc()
timerqueue: Use rb_entry_safe() in timerqueue_getnext()
proc: fixup uptime selftest
ocfs2: fix memory leak in ocfs2_stack_glue_init()
MIPS: vpe-mt: fix possible memory leak while module exiting
MIPS: vpe-cmp: fix possible memory leak while module exiting
PNP: fix name memory leak in pnp_alloc_dev()
perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()
irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
cpufreq: amd_freq_sensitivity: Add missing pci_dev_put()
libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
lib/notifier-error-inject: fix error when writing -errno to debugfs file
debugfs: fix error when writing negative value to atomic_t debugfs file
rapidio: fix possible name leaks when rio_add_device() fails
rapidio: rio: fix possible name leak in rio_register_mport()
clocksource/drivers/sh_cmt: Make sure channel clock supply is enabled
ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
xen/events: only register debug interrupt for 2-level events
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
x86/xen: Fix memory leak in xen_init_lock_cpu()
xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource()
PM: runtime: Improve path in rpm_idle() when no callback
PM: runtime: Do not call __rpm_callback() from rpm_idle()
platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
MIPS: BCM63xx: Add check for NULL for clk in clk_enable
fs: sysv: Fix sysv_nblocks() returns wrong value
rapidio: fix possible UAF when kfifo_alloc() fails
eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
relay: fix type mismatch when allocating memory in relay_create_buf()
hfs: Fix OOB Write in hfs_asc2mac
rapidio: devices: fix missing put_device in mport_cdev_open
wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
wifi: rtl8xxxu: Fix reading the vendor of combo chips
pata_ipx4xx_cf: Fix unsigned comparison with less than zero
media: i2c: ad5820: Fix error path
can: kvaser_usb: do not increase tx statistics when sending error message frames
can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event
can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
can: kvaser_usb_leaf: Set Warning state even without bus errors
can: kvaser_usb_leaf: Fix improved state not being reported
can: kvaser_usb_leaf: Fix wrong CAN state after stopping
can: kvaser_usb_leaf: Fix bogus restart events
can: kvaser_usb: Add struct kvaser_usb_busparams
can: kvaser_usb: Compare requested bittiming parameters with actual parameters in do_set_{,data}_bittiming
spi: Update reference to struct spi_controller
media: vivid: fix compose size exceed boundary
mtd: Fix device name leak when register device failed in add_mtd_device()
wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port
media: camss: Clean up received buffers on failed start of streaming
net, proc: Provide PROC_FS=n fallback for proc_create_net_single_write()
drm/radeon: Add the missed acpi_put_table() to fix memory leak
ASoC: pxa: fix null-pointer dereference in filter()
regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
ima: Fix misuse of dereference of pointer in template_desc_init_fields()
wifi: ath10k: Fix return value in ath10k_pci_init()
mtd: lpddr2_nvm: Fix possible null-ptr-deref
Input: elants_i2c - properly handle the reset GPIO when power is off
media: solo6x10: fix possible memory leak in solo_sysfs_init()
media: platform: exynos4-is: Fix error handling in fimc_md_init()
HID: hid-sensor-custom: set fixed size for custom attributes
ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
bonding: Export skip slave logic to function
mtd: maps: pxa2xx-flash: fix memory leak in probe
drbd: remove call to memset before free device/resource/connection
media: imon: fix a race condition in send_packet()
pinctrl: pinconf-generic: add missing of_node_put()
media: dvb-core: Fix ignored return value in dvb_register_frontend()
media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe()
NFSv4.2: Fix a memory stomp in decode_attr_security_label
NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
ALSA: asihpi: fix missing pci_disable_device()
drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
bonding: uninitialized variable in bond_miimon_inspect()
wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails
regulator: core: fix module refcount leak in set_supply()
media: saa7164: fix missing pci_disable_device()
ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
SUNRPC: Fix missing release socket in rpc_sockname()
NFSv4.x: Fail client initialisation if state manager thread can't run
mmc: moxart: fix return value check of mmc_add_host()
mmc: mxcmmc: fix return value check of mmc_add_host()
mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
mmc: toshsd: fix return value check of mmc_add_host()
mmc: vub300: fix return value check of mmc_add_host()
mmc: wmt-sdmmc: fix return value check of mmc_add_host()
mmc: atmel-mci: fix return value check of mmc_add_host()
mmc: meson-gx: fix return value check of mmc_add_host()
mmc: via-sdmmc: fix return value check of mmc_add_host()
mmc: wbsd: fix return value check of mmc_add_host()
mmc: mmci: fix return value check of mmc_add_host()
media: c8sectpfe: Add of_node_put() when breaking out of loop
media: coda: Add check for dcoda_iram_alloc
media: coda: Add check for kmalloc
clk: samsung: Fix memory leak in _samsung_clk_register_pll()
wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
rtl8xxxu: add enumeration for channel bandwidth
wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
blktrace: Fix output non-blktrace event when blk_classic option enabled
clk: socfpga: clk-pll: Remove unused variable 'rc'
clk: socfpga: use clk_hw_register for a5/c5
net: vmw_vsock: vmci: Check memcpy_from_msg()
net: defxx: Fix missing err handling in dfx_init()
drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
net: farsync: Fix kmemleak when rmmods farsync
net/tunnel: wait until all sk_user_data reader finish before releasing the sock
net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
net: amd-xgbe: Fix logic around active and passive cables
net: amd-xgbe: Check only the minimum speed for active/passive cables
net: lan9303: Fix read error execution path
ntb_netdev: Use dev_kfree_skb_any() in interrupt context
Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
stmmac: fix potential division by 0
apparmor: fix a memleak in multi_transaction_new()
apparmor: fix lockdep warning when removing a namespace
apparmor: Fix abi check to include v8 abi
f2fs: fix normal discard process
RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port
scsi: scsi_debug: Fix a warning in resp_write_scat()
PCI: Check for alloc failure in pci_request_irq()
RDMA/hfi: Decrease PCI device reference count in error path
crypto: ccree - Make cc_debugfs_global_fini() available for module init function
RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
scsi: hpsa: use local workqueues instead of system workqueues
scsi: hpsa: Fix possible memory leak in hpsa_init_one()
crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
scsi: hpsa: Fix error handling in hpsa_add_sas_host()
scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
scsi: fcoe: Fix possible name leak when device_register() fails
scsi: ipr: Fix WARNING in ipr_init()
scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
scsi: snic: Fix possible UAF in snic_tgt_create()
RDMA/hfi1: Fix error return code in parse_platform_config()
orangefs: Fix sysfs not cleanup when dev init failed
crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
hwrng: amd - Fix PCI device refcount leak
hwrng: geode - Fix PCI device refcount leak
IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
drivers: dio: fix possible memory leak in dio_init()
serial: tegra: avoid reg access when clk disabled
serial: tegra: check for FIFO mode enabled status
serial: tegra: set maximum num of uart ports to 8
serial: tegra: add support to use 8 bytes trigger
serial: tegra: add support to adjust baud rate
serial: tegra: report clk rate errors
serial: tegra: Add PIO mode support
tty: serial: tegra: Activate RX DMA transfer by request
serial: tegra: Read DMA status before terminating
class: fix possible memory leak in __class_register()
vfio: platform: Do not pass return buffer to ACPI _RST method
uio: uio_dmem_genirq: Fix missing unlock in irq configuration
uio: uio_dmem_genirq: Fix deadlock between irq config and handling
usb: fotg210-udc: Fix ages old endianness issues
staging: vme_user: Fix possible UAF in tsi148_dma_list_add
usb: typec: Check for ops->exit instead of ops->enter in altmode_exit
serial: amba-pl011: avoid SBSA UART accessing DMACR register
serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle.
serial: pch: Fix PCI device refcount leak in pch_request_dma()
tty: serial: clean up stop-tx part in altera_uart_tx_chars()
tty: serial: altera_uart_{r,t}x_chars() need only uart_port
serial: altera_uart: fix locking in polling mode
serial: sunsab: Fix error handling in sunsab_init()
test_firmware: fix memory leak in test_firmware_init()
misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
usb: gadget: f_hid: optional SETUP/SET_REPORT mode
usb: gadget: f_hid: fix f_hidg lifetime vs cdev
usb: gadget: f_hid: fix refcount leak on error path
drivers: mcb: fix resource leak in mcb_probe()
mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
chardev: fix error handling in cdev_device_add()
i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
staging: rtl8192u: Fix use after free in ieee80211_rx()
staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
vme: Fix error not catched in fake_init()
i2c: ismt: Fix an out-of-bounds bug in ismt_access()
usb: storage: Add check for kcalloc
tracing/hist: Fix issue of losting command info in error_log
samples: vfio-mdev: Fix missing pci_disable_device() in mdpy_fb_probe()
fbdev: ssd1307fb: Drop optional dependency
fbdev: pm2fb: fix missing pci_disable_device()
fbdev: via: Fix error in via_core_init()
fbdev: vermilion: decrease reference count in error path
fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
power: supply: fix residue sysfs file in error handle route of __power_supply_register()
perf symbol: correction while adjusting symbol
HSI: omap_ssi_core: Fix error handling in ssi_init()
include/uapi/linux/swab: Fix potentially missing __always_inline
rtc: snvs: Allow a time difference on clock register read
iommu/amd: Fix pci device refcount leak in ppr_notifier()
iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
macintosh: fix possible memory leak in macio_add_one_device()
macintosh/macio-adb: check the return value of ioremap()
powerpc/52xx: Fix a resource leak in an error handling path
cxl: Fix refcount leak in cxl_calc_capp_routing
powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
powerpc/perf: callchain validate kernel stack pointer bounds
powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
powerpc/hv-gpci: Fix hv_gpci event list
selftests/powerpc: Fix resource leaks
rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
nfc: pn533: Clear nfc_target before being used
r6040: Fix kmemleak in probe and remove
rtc: mxc_v2: Add missing clk_disable_unprepare()
openvswitch: Fix flow lookup to use unmasked key
skbuff: Account for tail adjustment during pull operations
net_sched: reject TCF_EM_SIMPLE case for complex ematch module
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
myri10ge: Fix an error handling path in myri10ge_probe()
net: stream: purge sk_error_queue in sk_stream_kill_queues()
binfmt_misc: fix shift-out-of-bounds in check_special_flags
fs: jfs: fix shift-out-of-bounds in dbAllocAG
udf: Avoid double brelse() in udf_rename()
fs: jfs: fix shift-out-of-bounds in dbDiscardAG
ACPICA: Fix error code path in acpi_ds_call_control_method()
nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
acct: fix potential integer overflow in encode_comp_t()
hfs: fix OOB Read in __hfs_brec_find
wifi: ath9k: verify the expected usb_endpoints are present
wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
ipmi: fix memleak when unload ipmi driver
bpf: make sure skb->len != 0 when redirecting to a tunneling device
net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
hamradio: baycom_epp: Fix return type of baycom_send_packet()
wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
igb: Do not free q_vector unless new one was allocated
drm/amdgpu: Fix type of second parameter in trans_msg() callback
s390/ctcm: Fix return type of ctc{mp,}m_tx()
s390/netiucv: Fix return type of netiucv_tx()
s390/lcs: Fix return type of lcs_start_xmit()
drm/sti: Use drm_mode_copy()
drivers/md/md-bitmap: check the return value of md_bitmap_get_counter()
md/raid1: stop mdx_raid1 thread when raid1 array run failed
mrp: introduce active flags to prevent UAF when applicant uninit
ppp: associate skb with a device at tx
media: dvb-frontends: fix leak of memory fw
media: dvbdev: adopts refcnt to avoid UAF
media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
blk-mq: fix possible memleak when register 'hctx' failed
regulator: core: fix use_count leakage when handling boot-on
mmc: f-sdh30: Add quirks for broken timeout clock capability
media: si470x: Fix use-after-free in si470x_int_in_callback()
clk: st: Fix memory leak in st_of_quadfs_setup()
drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
ASoC: wm8994: Fix potential deadlock
ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
ASoC: rt5670: Remove unbalanced pm_runtime_put()
pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
usb: dwc3: core: defer probe on ulpi_read_id timeout
HID: wacom: Ensure bootloader PID is usable in hidraw mode
reiserfs: Add missing calls to reiserfs_security_free()
iio: adc: ad_sigma_delta: do not use internal iio_dev lock
gcov: add support for checksum field
media: dvbdev: fix build warning due to comments
media: dvbdev: fix refcnt bug
ata: ahci: Fix PCS quirk application for suspend
powerpc/rtas: avoid device tree lookups in rtas_os_term()
powerpc/rtas: avoid scheduling in rtas_os_term()
HID: plantronics: Additional PIDs for double volume key presses quirk
hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
ovl: Use ovl mounter's fsuid and fsgid in ovl_link()
ALSA: line6: correct midi status byte when receiving data from podxt
ALSA: line6: fix stack overflow in line6_midi_transmit
pnode: terminate at peers of source
md: fix a crash in mempool_free
mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails
media: stv0288: use explicitly signed char
soc: qcom: Select REMAP_MMIO for LLCC driver
ktest.pl minconfig: Unset configs instead of just removing them
ARM: ux500: do not directly dereference __iomem
selftests: Use optional USERCFLAGS and USERLDFLAGS
binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
binfmt: Fix error return code in load_elf_fdpic_binary()
dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
dm thin: Use last transaction's pmd->root when commit failed
dm thin: Fix UAF in run_timer_softirq()
dm cache: Fix UAF in destroy()
dm cache: set needs_check flag after aborting metadata
x86/microcode/intel: Do not retry microcode reloading on the APs
tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
media: dvb-core: Fix double free in dvb_register_device()
media: dvb-core: Fix UAF due to refcount races at releasing
cifs: fix confusing debug message
md/bitmap: Fix bitmap chunk size overflow issues
ipmi: fix long wait in unload when IPMI disconnect
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
ipmi: fix use after free in _ipmi_destroy_user()
PCI: Fix pci_device_is_present() for VFs by checking PF
PCI/sysfs: Fix double free in error path
crypto: n2 - add missing hash statesize
iommu/amd: Fix ivrs_acpihid cmdline parsing code
parisc: led: Fix potential null-ptr-deref in start_task()
device_cgroup: Roll back to original exceptions after copy failure
drm/connector: send hotplug uevent on connector cleanup
drm/vmwgfx: Validate the box size for the snooped cursor
ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
ext4: fix undefined behavior in bit shift for ext4_check_flag_values
ext4: add helper to check quota inums
ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
ext4: init quota for 'old.inode' in 'ext4_rename'
ext4: fix corruption when online resizing a 1K bigalloc fs
ext4: fix error code return to user-space in ext4_get_branch()
ext4: avoid BUG_ON when creating xattrs
ext4: fix inode leak in ext4_xattr_inode_create() on an error path
ext4: initialize quota before expanding inode in setproject ioctl
ext4: avoid unaccounted block allocation when expanding inode
ext4: allocate extended attribute value in vmalloc area
btrfs: send: avoid unnecessary backref lookups when finding clone source
btrfs: replace strncpy() with strscpy()
media: s5p-mfc: Fix to handle reference queue during finishing
media: s5p-mfc: Clear workbit to handle error condition
media: s5p-mfc: Fix in register read and write for H264
dm thin: resume even if in FAIL mode
perf probe: Use dwarf_attr_integrate as generic DWARF attr accessor
perf probe: Fix to get the DW_AT_decl_file and DW_AT_call_file as unsinged data
ravb: Fix "failed to switch device to config mode" message during unbind
driver core: Set deferred_probe_timeout to a longer default if CONFIG_MODULES is set
ext4: goto right label 'failed_mount3a'
ext4: correct inconsistent error msg in nojournal mode
ext4: use kmemdup() to replace kmalloc + memcpy
mbcache: don't reclaim used entries
mbcache: add functions to delete entry if unused
ext4: remove EA inode entry from mbcache on inode eviction
ext4: unindent codeblock in ext4_xattr_block_set()
ext4: fix race when reusing xattr blocks
mbcache: automatically delete entries from cache on freeing
ext4: fix deadlock due to mbcache entry corruption
SUNRPC: ensure the matching upcall is in-flight upon downcall
bpf: pull before calling skb_postpull_rcsum()
qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
nfc: Fix potential resource leaks
net: amd-xgbe: add missed tasklet_kill
net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
RDMA/mlx5: Fix validation of max_rd_atomic caps for DC
net: sched: atm: dont intepret cls results when asked to drop
usb: rndis_host: Secure rndis_query check against int overflow
caif: fix memory leak in cfctrl_linkup_request()
udf: Fix extension of the last extent in the file
ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet
x86/bugs: Flush IBP in ib_prctl_set()
nfsd: fix handling of readdir in v4root vs. mount upcall timeout
riscv: uaccess: fix type of 0 variable on error in get_user()
ext4: don't allow journal inode to have encrypt flag
hfs/hfsplus: use WARN_ON for sanity check
hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
mbcache: Avoid nesting of cache->c_list_lock under bit locks
parisc: Align parisc MADV_XXX constants with all other architectures
driver core: Fix bus_type.match() error handling in __driver_attach()
net: sched: disallow noqueue for qdisc classes
docs: Fix the docs build with Sphinx 6.0
perf auxtrace: Fix address filter duplicate symbol selection
s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
net/ulp: prevent ULP without clone op from entering the LISTEN status
ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
cifs: Fix uninitialized memory read for smb311 posix symlink create
platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
wifi: wilc1000: sdio: fix module autoloading
ALSA: hda/hdmi: fix failures at PCM open on Intel ICL and later
ktest: Add support for meta characters in GRUB_MENU
ktest: introduce _get_grub_index
ktest: cleanup get_grub_index
ktest: introduce grub2bls REBOOT_TYPE option
ktest.pl: Fix incorrect reboot for grub2bls
kest.pl: Fix grub2 menu handling for rebooting
usb: ulpi: defer ulpi_register on ulpi_read_id timeout
quota: Factor out setup of quota inode
ext4: fix bug_on in __es_tree_search caused by bad quota inode
ext4: lost matching-pair of trace in ext4_truncate
ext4: fix use-after-free in ext4_orphan_cleanup
ext4: fix uninititialized value in 'ext4_evict_inode'
ext4: generalize extents status tree search functions
ext4: add new pending reservation mechanism
ext4: fix reserved cluster accounting at delayed write time
ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline
netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
EDAC/device: Fix period calculation in edac_device_reset_delay_period()
regulator: da9211: Use irq handler when ready
hvc/xen: lock console list traversal
nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
net/mlx5: Rename ptp clock info
net/mlx5: Fix ptp max frequency adjustment range
iommu/mediatek-v1: Add error handle for mtk_iommu_probe
iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe()
x86/resctrl: Use task_curr() instead of task_struct->on_cpu to prevent unnecessary IPI
x86/resctrl: Fix task CLOSID/RMID update race
drm/virtio: Fix GEM handle creation UAF
arm64: cmpxchg_double*: hazard against entire exchange variable
efi: fix NULL-deref in init error path
Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
tty: serial: tegra: Handle RX transfer in PIO mode if DMA wasn't started
serial: tegra: Only print FIFO error message when an error occurs
serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30
Linux 4.19.270
Change-Id: Ieb5e7f318a7e06effcc51e5f93751ec02dbb50c4
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Jann Horn
|
f0700ae268 |
mm/khugepaged: fix GUP-fast interaction by sending IPI
commit 2ba99c5e08812494bc57f319fb562f527d9bacd8 upstream.
Since commit 70cbc3cc78a99 ("mm: gup: fix the fast GUP race against THP
collapse"), the lockless_pages_from_mm() fastpath rechecks the pmd_t to
ensure that the page table was not removed by khugepaged in between.
However, lockless_pages_from_mm() still requires that the page table is
not concurrently freed. Fix it by sending IPIs (if the architecture uses
semi-RCU-style page table freeing) before freeing/reusing page tables.
Link: https://lkml.kernel.org/r/20221129154730.2274278-2-jannh@google.com
Link: https://lkml.kernel.org/r/20221128180252.1684965-2-jannh@google.com
Link: https://lkml.kernel.org/r/20221125213714.4115729-2-jannh@google.com
Fixes:
|
||
|
Lucas Wei
|
eae5a83bf8 |
Merge android-4.19-stable (4.19.252) into android-msm-pixel-4.19-lts
Merge 4.19.252 into android-4.19-stable
Linux 4.19.252
dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
dmaengine: pl330: Fix lockdep warning about non-static key
* ida: don't use BUG_ON() for debugging
lib/idr.c
misc: rtsx_usb: set return value in rsp_buf alloc err path
* misc: rtsx_usb: use separate command and response buffers
include/linux/rtsx_usb.h
* misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
include/linux/rtsx_usb.h
i2c: cadence: Unregister the clk notifier in error path
selftests: forwarding: fix error message in learning_test
selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT
selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT
ibmvnic: Properly dispose of all skbs during a failover.
ARM: at91: pm: use proper compatible for sama5d2's rtc
pinctrl: sunxi: a83t: Fix NAND function name for some pins
ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
xfs: remove incorrect ASSERT in xfs_rename
can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression
can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info
powerpc/powernv: delay rng platform device creation until later in boot
* video: of_display_timing.h: include errno.h
include/video/of_display_timing.h
fbcon: Disallow setting font bigger than screen size
iommu/vt-d: Fix PCI bus rescan device hot add
net: rose: fix UAF bug caused by rose_t0timer_expiry
* usbnet: fix memory leak in error case
drivers/net/usb/usbnet.c
can: gs_usb: gs_usb_open/close(): fix memory leak
can: grcan: grcan_probe(): remove extra of_node_get()
can: bcm: use call_rcu() instead of costly synchronize_rcu()
* mm/slub: add missing TID updates on slab deactivation
mm/slub.c
* esp: limit skb_page_frag_refill use to a single page
include/net/esp.h
net/ipv4/esp4.c
net/ipv6/esp6.c
Merge 4.19.251 into android-4.19-stable
Merge 4.19.250 into android-4.19-stable
* ANDROID: revert some RNG function signature changes
drivers/char/random.c
include/linux/random.h
* ANDROID: cpu/hotplug: avoid breaking Android ABI by fusing cpuhp steps
include/linux/cpuhotplug.h
kernel/cpu.c
Merge 4.19.249 into android-4.19-stable
* UPSTREAM: lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI
include/crypto/internal/blake2s.h
lib/crypto/blake2s.c
* BACKPORT: lib/crypto: add prompts back to crypto libraries
crypto/Kconfig
lib/Kconfig
lib/crypto/Kconfig
* BACKPORT: lib/crypto: blake2s: include as built-in
crypto/Kconfig
drivers/net/Kconfig
include/crypto/internal/blake2s.h
lib/crypto/Kconfig
lib/crypto/Makefile
lib/crypto/blake2s-generic.c
lib/crypto/blake2s.c
Linux 4.19.251
net: usb: qmi_wwan: add Telit 0x1070 composition
net: usb: qmi_wwan: add Telit 0x1060 composition
xen/arm: Fix race in RB-tree based P2M accounting
xen/blkfront: force data bouncing when backend is untrusted
xen/netfront: force data bouncing when backend is untrusted
xen/netfront: fix leaking data in shared pages
xen/blkfront: fix leaking data in shared pages
* ipv6/sit: fix ipip6_tunnel_get_prl return value
net/ipv6/sit.c
* sit: use min
net/ipv6/sit.c
net: dsa: bcm_sf2: force pause link settings
hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails
xen/gntdev: Avoid blocking in unmap_grant_pages()
* net: tun: avoid disabling NAPI twice
drivers/net/tun.c
NFC: nxp-nci: Don't issue a zero length i2c_master_read()
nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
* net: bonding: fix use-after-free after 802.3ad slave unbind
drivers/net/bonding/bond_3ad.c
* net: bonding: fix possible NULL deref in rlb code
drivers/net/bonding/bond_alb.c
netfilter: nft_dynset: restore set element counter when failing to update
caif_virtio: fix race between virtio_device_ready() and ndo_open()
net: ipv6: unexport __init-annotated seg6_hmac_net_init()
* usbnet: fix memory allocation in helpers
drivers/net/usb/usbnet.c
RDMA/qedr: Fix reporting QP timeout attribute
* net: tun: stop NAPI when detaching queues
drivers/net/tun.c
* net: tun: unlink NAPI from device on destruction
drivers/net/tun.c
selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
virtio-net: fix race between ndo_open() and virtio_device_ready()
* net: usb: ax88179_178a: Fix packet receiving
drivers/net/usb/ax88179_178a.c
net: rose: fix UAF bugs caused by timer handler
SUNRPC: Fix READ_PLUS crasher
s390/archrandom: simplify back to earlier design and initialize earlier
dm raid: fix KASAN warning in raid5_add_disks
dm raid: fix accesses beyond end of raid member array
nvdimm: Fix badblocks clear off-by-one error
* UPSTREAM: crypto: poly1305 - fix poly1305_core_setkey() declaration
include/crypto/internal/poly1305.h
include/crypto/poly1305.h
lib/crypto/poly1305-donna64.c
lib/crypto/poly1305.c
* UPSTREAM: mm: fix misplaced unlock_page in do_wp_page()
mm/memory.c
* BACKPORT: mm: do_wp_page() simplification
mm/memory.c
* UPSTREAM: mm/ksm: Remove reuse_ksm_page()
include/linux/ksm.h
* UPSTREAM: mm: reuse only-pte-mapped KSM page in do_wp_page()
include/linux/ksm.h
mm/memory.c
Linux 4.19.250
* swiotlb: skip swiotlb_bounce when orig_addr is zero
kernel/dma/swiotlb.c
* net/sched: move NULL ptr check to qdisc_put() too
net/sched/sch_generic.c
net: mscc: ocelot: allow unregistered IP multicast flooding
* kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
include/linux/kexec.h
* fdt: Update CRC check for rng-seed
drivers/of/fdt.c
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
* drm: remove drm_fb_helper_modinit
drivers/gpu/drm/drm_crtc_helper_internal.h
drivers/gpu/drm/drm_kms_helper_common.c
powerpc/pseries: wire up rng during setup_arch()
* kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt)
Makefile
* modpost: fix section mismatch check for exported init/exit sections
scripts/mod/modpost.c
ARM: cns3xxx: Fix refcount leak in cns3xxx_init
ARM: Fix refcount leak in axxia_boot_secondary
soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
ARM: exynos: Fix refcount leak in exynos_map_pmu
ARM: dts: imx6qdl: correct PU regulator ramp delay
powerpc/powernv: wire up rng during setup_arch
powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
powerpc: Enable execve syscall exit tracepoint
xtensa: Fix refcount leak bug in time.c
xtensa: xtfpga: Fix refcount leak bug in setup
iio: adc: axp288: Override TS pin bias current for some models
iio: trigger: sysfs: fix use-after-free on remove
iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
iio: accel: mma8452: ignore the return value of reset operation
iio:accel:bma180: rearrange iio trigger get and register
iio:chemical:ccs811: rearrange iio trigger get and register
usb: chipidea: udc: check request status before setting device address
* xhci: turn off port power in shutdown
drivers/usb/host/xhci-hub.c
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
iio: adc: vf610: fix conversion mode sysfs node name
gpio: winbond: Fix error code in winbond_gpio_get()
virtio_net: fix xdp_rxq_info bug after suspend/resume
igb: Make DMA faster when CPU is active on the PCIe link
afs: Fix dynamic root getattr
MIPS: Remove repetitive increase irq_err_count
x86/xen: Remove undefined behavior in setup_features()
erspan: do not assume transport header is always set
* net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms
net/sched/sch_netem.c
* bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
drivers/net/bonding/bond_main.c
USB: serial: option: add Quectel RM500K module support
USB: serial: option: add Quectel EM05-G modem
USB: serial: option: add Telit LE910Cx 0x1250 composition
* random: quiet urandom warning ratelimit suppression message
drivers/char/random.c
include/linux/ratelimit.h
dm era: commit metadata in postsuspend after worker stops
* ata: libata: add qc->flags in ata_qc_complete_template tracepoint
include/trace/events/libata.h
ALSA: hda/realtek: Add quirk for Clevo PD70PNT
ALSA: hda/conexant: Fix missing beep setup
ALSA: hda/via: Fix missing beep setup
* random: schedule mix_interrupt_randomness() less often
drivers/char/random.c
vt: drop old FONT ioctls
Linux 4.19.249
* Revert "hwmon: Make chip parameter for with_info API mandatory"
drivers/hwmon/hwmon.c
* tcp: drop the hash_32() part from the index calculation
net/ipv4/inet_hashtables.c
* tcp: increase source port perturb table to 2^16
net/ipv4/inet_hashtables.c
* tcp: dynamically allocate the perturb table used by source ports
net/ipv4/inet_hashtables.c
* tcp: add small random increments to the source port
net/ipv4/inet_hashtables.c
* tcp: use different parts of the port_offset for index and offset
net/ipv4/inet_hashtables.c
* tcp: add some entropy in __inet_hash_connect()
net/ipv4/inet_hashtables.c
xprtrdma: fix incorrect header size calculations
* usb: gadget: u_ether: fix regression in setting fixed MAC address
drivers/usb/gadget/function/u_ether.c
s390/mm: use non-quiescing sske for KVM switch to keyed guest
powerpc/mm: Switch obsolete dssall to .long
RISC-V: fix barrier() use in <vdso/processor.h>
net: openvswitch: fix leak of nested actions
net: openvswitch: fix misuse of the cached connection on tuple changes
virtio-pci: Remove wrong address verification in vp_del_vqs()
* ext4: add reserved GDT blocks check
fs/ext4/resize.c
* ext4: make variable "count" signed
fs/ext4/namei.c
* ext4: fix bug_on ext4_mb_use_inode_pa
fs/ext4/mballoc.c
serial: 8250: Store to lsr_save_flags after lsr read
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
usb: dwc2: Fix memory leak in dwc2_hcd_init
USB: serial: io_ti: add Agilent E5805A support
USB: serial: option: add support for Cinterion MV31 with new baseline
comedi: vmk80xx: fix expression for tx buffer size
* irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
drivers/irqchip/irq-gic-v3.c
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
faddr2line: Fix overlapping text section failures, the sequel
certs/blacklist_hashes.c: fix const confusion in certs blacklist
arm64: ftrace: fix branch range checks
net: bgmac: Fix an erroneous kfree() in bgmac_remove()
mlxsw: spectrum_cnt: Reorder counter pools
misc: atmel-ssc: Fix IRQ check in ssc_probe
tty: goldfish: Fix free_irq() on remove
i40e: Fix call trace in setup_tx_descriptors
i40e: Fix adding ADQ filter to TC0
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
* random: credit cpu and bootloader seeds by default
drivers/char/Kconfig
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
* ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net/l2tp/l2tp_ip6.c
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
scsi: pmcraid: Fix missing resource cleanup in error case
scsi: ipr: Fix missing/incorrect resource cleanup in error case
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
* ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
sound/soc/codecs/wm_adsp.c
ASoC: es8328: Fix event generation for deemphasis control
ASoC: wm8962: Fix suspend while playing music
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Fix TLV scales for mixer controls
powerpc/kasan: Silence KASAN warnings in __get_wchan()
* random: account for arch randomness in bits
drivers/char/random.c
* random: mark bootloader randomness code as __init
drivers/char/random.c
include/linux/random.h
* random: avoid checking crng_ready() twice in random_init()
drivers/char/random.c
* crypto: drbg - make reseeding from get_random_bytes() synchronous
crypto/drbg.c
drivers/char/random.c
include/crypto/drbg.h
* crypto: drbg - always try to free Jitter RNG instance
crypto/drbg.c
* crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto/drbg.c
* crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto/drbg.c
include/crypto/drbg.h
* crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto/drbg.c
include/crypto/drbg.h
* crypto: drbg - always seeded with SP800-90B compliant noise source
crypto/drbg.c
include/crypto/drbg.h
* crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto/drbg.c
include/crypto/drbg.h
* Revert "random: use static branch for crng_ready()"
drivers/char/random.c
* random: check for signals after page of pool writes
drivers/char/random.c
* random: wire up fops->splice_{read,write}_iter()
drivers/char/random.c
* random: convert to using fops->write_iter()
drivers/char/random.c
* random: move randomize_page() into mm where it belongs
drivers/char/random.c
include/linux/mm.h
include/linux/random.h
mm/util.c
* random: move initialization functions out of hot pages
drivers/char/random.c
* random: use proper return types on get_random_{int,long}_wait()
drivers/char/random.c
include/linux/random.h
* random: remove extern from functions in header
include/linux/random.h
* random: use static branch for crng_ready()
drivers/char/random.c
* random: credit architectural init the exact amount
drivers/char/random.c
* random: handle latent entropy and command line from random_init()
drivers/char/random.c
include/linux/random.h
init/main.c
* random: use proper jiffies comparison macro
drivers/char/random.c
* random: remove ratelimiting for in-kernel unseeded randomness
drivers/char/random.c
lib/Kconfig.debug
* random: avoid initializing twice in credit race
drivers/char/random.c
* random: use symbolic constants for crng_init states
drivers/char/random.c
* siphash: use one source of truth for siphash permutations
drivers/char/random.c
include/linux/prandom.h
include/linux/siphash.h
lib/siphash.c
* random: help compiler out with fast_mix() by using simpler arguments
drivers/char/random.c
* random: do not use input pool from hard IRQs
drivers/char/random.c
* random: order timer entropy functions below interrupt functions
drivers/char/random.c
* random: do not pretend to handle premature next security model
drivers/char/random.c
* random: do not use batches when !crng_ready()
drivers/char/random.c
* random: insist on random_get_entropy() existing in order to simplify
drivers/char/random.c
xtensa: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
arm: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
m68k: use fallback for random_get_entropy() instead of zero
* timekeeping: Add raw clock fallback for random_get_entropy()
include/linux/timex.h
kernel/time/timekeeping.c
powerpc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
ia64: define get_cycles macro for arch-override
* init: call time_init() before rand_initialize()
init/main.c
random: fix sysctl documentation nits
* random: document crng_fast_key_erasure() destination possibility
drivers/char/random.c
* random: make random_get_entropy() return an unsigned long
drivers/char/random.c
include/linux/timex.h
* random: check for signals every PAGE_SIZE chunk of /dev/[u]random
drivers/char/random.c
* random: check for signal_pending() outside of need_resched() check
drivers/char/random.c
* random: do not allow user to keep crng key around on stack
drivers/char/random.c
* random: do not split fast init input in add_hwgenerator_randomness()
drivers/char/random.c
* random: mix build-time latent entropy into pool at init
drivers/char/random.c
* random: re-add removed comment about get_random_{u32,u64} reseeding
drivers/char/random.c
* random: treat bootloader trust toggle the same way as cpu trust toggle
drivers/char/Kconfig
drivers/char/random.c
* random: skip fast_init if hwrng provides large chunk of entropy
drivers/char/random.c
* random: check for signal and try earlier when generating entropy
drivers/char/random.c
* random: reseed more often immediately after booting
drivers/char/random.c
* random: make consistent usage of crng_ready()
drivers/char/random.c
* random: use SipHash as interrupt entropy accumulator
drivers/char/random.c
* random: replace custom notifier chain with standard one
crypto/drbg.c
drivers/char/random.c
include/crypto/drbg.h
include/linux/random.h
lib/random32.c
lib/vsprintf.c
* random: don't let 644 read-only sysctls be written to
drivers/char/random.c
* random: give sysctl_random_min_urandom_seed a more sensible value
drivers/char/random.c
* random: do crng pre-init loading in worker rather than irq
drivers/char/random.c
* random: unify cycles_t and jiffies usage and types
drivers/char/random.c
* random: cleanup UUID handling
drivers/char/random.c
* random: only wake up writers after zap if threshold was passed
drivers/char/random.c
* random: round-robin registers as ulong, not u32
drivers/char/random.c
* random: clear fast pool, crng, and batches in cpuhp bring up
drivers/char/random.c
include/linux/cpuhotplug.h
include/linux/random.h
kernel/cpu.c
* random: pull add_hwgenerator_randomness() declaration into random.h
drivers/char/hw_random/core.c
include/linux/hw_random.h
include/linux/random.h
* random: check for crng_init == 0 in add_device_randomness()
drivers/char/random.c
* random: unify early init crng load accounting
drivers/char/random.c
* random: do not take pool spinlock at boot
drivers/char/random.c
* random: defer fast pool mixing to worker
drivers/char/random.c
* random: rewrite header introductory comment
drivers/char/random.c
* random: group sysctl functions
drivers/char/random.c
* random: group userspace read/write functions
drivers/char/random.c
* random: group entropy collection functions
drivers/char/random.c
* random: group entropy extraction functions
drivers/char/random.c
* random: group initialization wait functions
drivers/char/random.c
* random: remove whitespace and reorder includes
drivers/char/random.c
* random: remove useless header comment
include/linux/random.h
* random: introduce drain_entropy() helper to declutter crng_reseed()
drivers/char/random.c
* random: deobfuscate irq u32/u64 contributions
drivers/char/random.c
* random: add proper SPDX header
drivers/char/random.c
* random: remove unused tracepoints
drivers/char/random.c
lib/random32.c
* random: remove ifdef'd out interrupt bench
drivers/char/random.c
* random: tie batched entropy generation to base_crng generation
drivers/char/random.c
* random: zero buffer after reading entropy from userspace
drivers/char/random.c
* random: remove outdated INT_MAX >> 6 check in urandom_read()
drivers/char/random.c
* random: use hash function for crng_slow_load()
drivers/char/random.c
include/linux/hw_random.h
include/linux/random.h
* random: absorb fast pool into input pool after fast load
drivers/char/random.c
* random: do not xor RDRAND when writing into /dev/random
drivers/char/random.c
* random: ensure early RDSEED goes through mixer on init
drivers/char/random.c
* random: inline leaves of rand_initialize()
drivers/char/random.c
* random: use RDSEED instead of RDRAND in entropy extraction
drivers/char/random.c
* random: fix locking in crng_fast_load()
drivers/char/random.c
* random: remove batched entropy locking
drivers/char/random.c
* random: remove use_input_pool parameter from crng_reseed()
drivers/char/random.c
* random: make credit_entropy_bits() always safe
drivers/char/random.c
* random: always wake up entropy writers after extraction
drivers/char/random.c
* random: use linear min-entropy accumulation crediting
drivers/char/random.c
* random: simplify entropy debiting
drivers/char/random.c
* random: use computational hash for entropy extraction
drivers/char/random.c
* random: only call crng_finalize_init() for primary_crng
drivers/char/random.c
* random: access primary_pool directly rather than through pointer
drivers/char/random.c
* random: continually use hwgenerator randomness
drivers/char/random.c
* random: simplify arithmetic function flow in account()
drivers/char/random.c
* random: access input_pool_data directly rather than through pointer
drivers/char/random.c
* random: cleanup fractional entropy shift constants
drivers/char/random.c
* random: prepend remaining pool constants with POOL_
drivers/char/random.c
* random: de-duplicate INPUT_POOL constants
drivers/char/random.c
* random: remove unused OUTPUT_POOL constants
drivers/char/random.c
* random: rather than entropy_store abstraction, use global
drivers/char/random.c
* random: remove unused extract_entropy() reserved argument
drivers/char/random.c
* random: remove incomplete last_data logic
drivers/char/random.c
* random: cleanup integer types
drivers/char/random.c
* random: cleanup poolinfo abstraction
drivers/char/random.c
* random: fix typo in comments
drivers/char/random.c
* random: don't reset crng_init_cnt on urandom_read()
drivers/char/random.c
* random: avoid superfluous call to RDRAND in CRNG extraction
drivers/char/random.c
* random: early initialization of ChaCha constants
drivers/char/random.c
* random: initialize ChaCha20 constants with correct endianness
drivers/char/random.c
* random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
drivers/char/random.c
* random: harmonize "crng init done" messages
drivers/char/random.c
* random: mix bootloader randomness into pool
drivers/char/random.c
* random: do not re-init if crng_reseed completes before primary init
drivers/char/random.c
* random: do not sign extend bytes for rotation when mixing
drivers/char/random.c
* random: use BLAKE2s instead of SHA1 in extraction
drivers/char/random.c
* random: remove unused irq_flags argument from add_interrupt_randomness()
drivers/char/random.c
include/linux/random.h
kernel/irq/handle.c
* random: document add_hwgenerator_randomness() with other input functions
drivers/char/random.c
* crypto: blake2s - adjust include guard naming
include/crypto/blake2s.h
include/crypto/internal/blake2s.h
* crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
include/crypto/blake2s.h
MAINTAINERS: co-maintain random.c
* random: remove dead code left over from blocking pool
drivers/char/random.c
* random: avoid arch_get_random_seed_long() when collecting IRQ randomness
drivers/char/random.c
* random: add arch_get_random_*long_early()
drivers/char/random.c
include/linux/random.h
powerpc: Use bool in archrandom.h
* linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
include/linux/random.h
* linux/random.h: Use false with bool
include/linux/random.h
* linux/random.h: Remove arch_has_random, arch_has_random_seed
include/linux/random.h
s390: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
x86: Remove arch_has_random, arch_has_random_seed
* random: avoid warnings for !CONFIG_NUMA builds
drivers/char/random.c
* random: split primary/secondary crng init paths
drivers/char/random.c
* random: remove some dead code of poolinfo
drivers/char/random.c
* random: fix typo in add_timer_randomness()
drivers/char/random.c
* random: Add and use pr_fmt()
drivers/char/random.c
* random: convert to ENTROPY_BITS for better code readability
drivers/char/random.c
* random: remove unnecessary unlikely()
drivers/char/random.c
* random: remove kernel.random.read_wakeup_threshold
drivers/char/random.c
* random: delete code to pull data into pools
drivers/char/random.c
* random: remove the blocking pool
drivers/char/random.c
* random: fix crash on multiple early calls to add_bootloader_randomness()
drivers/char/random.c
* char/random: silence a lockdep splat with printk()
drivers/char/random.c
* random: make /dev/random be almost like /dev/urandom
drivers/char/random.c
* random: ignore GRND_RANDOM in getentropy(2)
drivers/char/random.c
include/uapi/linux/random.h
* random: add GRND_INSECURE to return best-effort non-cryptographic bytes
drivers/char/random.c
include/uapi/linux/random.h
* random: Add a urandom_read_nowait() for random APIs that don't warn
drivers/char/random.c
* random: Don't wake crng_init_wait when crng_init == 1
drivers/char/random.c
* lib/crypto: sha1: re-roll loops to reduce code size
lib/sha1.c
* lib/crypto: blake2s: move hmac construction into wireguard
include/crypto/blake2s.h
lib/crypto/blake2s.c
* crypto: blake2s - generic C library implementation and selftest
include/crypto/blake2s.h
include/crypto/internal/blake2s.h
lib/Makefile
lib/crypto/Makefile
lib/crypto/blake2s-generic.c
lib/crypto/blake2s.c
* Revert "hwrng: core - Freeze khwrng thread during suspend"
drivers/char/random.c
* char/random: Add a newline at the end of the file
drivers/char/random.c
* random: Use wait_event_freezable() in add_hwgenerator_randomness()
drivers/char/random.c
* fdt: add support for rng-seed
drivers/char/Kconfig
drivers/char/random.c
drivers/of/fdt.c
include/linux/random.h
* random: Support freezable kthreads in add_hwgenerator_randomness()
drivers/char/random.c
* random: fix soft lockup when trying to read from an uninitialized blocking pool
drivers/char/random.c
* latent_entropy: avoid build error when plugin cflags are not set
include/linux/random.h
* random: document get_random_int() family
drivers/char/random.c
* random: move rand_initialize() earlier
drivers/char/random.c
include/linux/random.h
init/main.c
* random: only read from /dev/random after its pool has received 128 bits
drivers/char/random.c
* drivers/char/random.c: make primary_crng static
drivers/char/random.c
* drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c
* drivers/char/random.c: constify poolinfo_table
drivers/char/random.c
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
Bug: 240880948
Change-Id: I46de87f5e1ff2146dbc394d88275d609ee871bc1
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Linus Torvalds
|
c056f215dc |
UPSTREAM: mm: fix misplaced unlock_page in do_wp_page()
Commit 09854ba94c6a ("mm: do_wp_page() simplification") reorganized all
the code around the page re-use vs copy, but in the process also moved
the final unlock_page() around to after the wp_page_reuse() call.
That normally doesn't matter - but it means that the unlock_page() is
now done after releasing the page table lock. Again, not a big deal,
you'd think.
But it turns out that it's very wrong indeed, because once we've
released the page table lock, we've basically lost our only reference to
the page - the page tables - and it could now be free'd at any time. We
do hold the mmap_sem, so no actual unmap() can happen, but madvise can
come in and a MADV_DONTNEED will zap the page range - and free the page.
So now the page may be free'd just as we're unlocking it, which in turn
will usually trigger a "Bad page state" error in the freeing path. To
make matters more confusing, by the time the debug code prints out the
page state, the unlock has typically completed and everything looks fine
again.
This all doesn't happen in any normal situations, but it does trigger
with the dirtyc0w_child LTP test. And it seems to trigger much more
easily (but not expclusively) on s390 than elsewhere, probably because
s390 doesn't do the "batch pages up for freeing after the TLB flush"
that gives the unlock_page() more time to complete and makes the race
harder to hit.
Fixes: 09854ba94c6a ("mm: do_wp_page() simplification")
Link: https://lore.kernel.org/lkml/a46e9bbef2ed4e17778f5615e818526ef848d791.camel@redhat.com/
Link: https://lore.kernel.org/linux-mm/c41149a8-211e-390b-af1d-d5eee690fecb@linux.alibaba.com/
Reported-by: Qian Cai <cai@redhat.com>
Reported-by: Alex Shi <alex.shi@linux.alibaba.com>
Bisected-and-analyzed-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Tested-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
(cherry picked from commit be068f29034fb00530a053d18b8cf140c32b12b3)
Bug: 176847924
Signed-off-by: Kalesh Singh <kaleshsingh@google.com>
Change-Id: I85ea395b6b722fbfc63036041d11615dacf96a7b
|
||
|
Linus Torvalds
|
1f444665ed |
BACKPORT: mm: do_wp_page() simplification
How about we just make sure we're the only possible valid user fo the page before we bother to reuse it? Simplify, simplify, simplify. And get rid of the nasty serialization on the page lock at the same time. [peterx: add subject prefix] Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> (cherry picked from commit 09854ba94c6aad7886996bfbee2530b3d8a7f4f4) [Kalesh Singh: Resolve conflict in mm/memory.c] Bug: 176847924 Signed-off-by: Kalesh Singh <kaleshsingh@google.com> Change-Id: I0b855b305332564670b8cbea9660405fed89a044 |
||
|
Kirill Tkhai
|
1ce88842dc |
UPSTREAM: mm: reuse only-pte-mapped KSM page in do_wp_page()
commit 52d1e606ee733921e984770d47539a6bb91e8506 upstream. Add an optimization for KSM pages almost in the same way that we have for ordinary anonymous pages. If there is a write fault in a page, which is mapped to an only pte, and it is not related to swap cache; the page may be reused without copying its content. [ Note that we do not consider PageSwapCache() pages at least for now, since we don't want to complicate __get_ksm_page(), which has nice optimization based on this (for the migration case). Currenly it is spinning on PageSwapCache() pages, waiting for when they have unfreezed counters (i.e., for the migration finish). But we don't want to make it also spinning on swap cache pages, which we try to reuse, since there is not a very high probability to reuse them. So, for now we do not consider PageSwapCache() pages at all. ] So in reuse_ksm_page() we check for 1) PageSwapCache() and 2) page_stable_node(), to skip a page, which KSM is currently trying to link to stable tree. Then we do page_ref_freeze() to prohibit KSM to merge one more page into the page, we are reusing. After that, nobody can refer to the reusing page: KSM skips !PageSwapCache() pages with zero refcount; and the protection against of all other participants is the same as for reused ordinary anon pages pte lock, page lock and mmap_sem. [akpm@linux-foundation.org: replace BUG_ON()s with WARN_ON()s] Link: http://lkml.kernel.org/r/154471491016.31352.1168978849911555609.stgit@localhost.localdomain Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Reviewed-by: Yang Shi <yang.shi@linux.alibaba.com> Cc: "Kirill A. Shutemov" <kirill@shutemov.name> Cc: Hugh Dickins <hughd@google.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Christian Koenig <christian.koenig@amd.com> Cc: Claudio Imbrenda <imbrenda@linux.vnet.ibm.com> Cc: Rik van Riel <riel@surriel.com> Cc: Huang Ying <ying.huang@intel.com> Cc: Minchan Kim <minchan@kernel.org> Cc: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Change-Id: Ic301afb9d0739de5643209a4c753728a9e20d411 |
||
|
Lucas Wei
|
b6987f068a |
Merge android-4.19-stable (4.19.245) into android-msm-pixel-4.19-lts
Merge 4.19.245 into android-4.19-stable
Linux 4.19.245
afs: Fix afs_getattr() to refetch file status if callback break occurred
* Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
include/linux/dma-mapping.h
kernel/dma/swiotlb.c
* swiotlb: fix info leak with DMA_FROM_DEVICE
include/linux/dma-mapping.h
kernel/dma/swiotlb.c
net: atlantic: verify hw_head_ lies within TX buffer ring
net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe()
ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one()
mac80211: fix rx reordering with non explicit / psmp ack policy
scsi: qla2xxx: Fix missed DMA unmap for aborted commands
perf bench numa: Address compiler error on s390
gpio: mvebu/pwm: Refuse requests with inverted polarity
gpio: gpio-vf610: do not touch other bits when set the target bit
* net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.
net/bridge/br_input.c
igb: skip phy status check where unavailable
ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2
ARM: 9196/1: spectre-bhb: enable for Cortex-A15
* net: af_key: add check for pfkey_broadcast in function pfkey_process
net/key/af_key.c
net/mlx5e: Properly block LRO when XDP is enabled
NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc
net/qla3xxx: Fix a test in ql_reset_work()
clk: at91: generated: consider range when calculating best rate
net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()
net/sched: act_pedit: sanitize shift argument before usage
net: macb: Increment rx bd head after allocating skb and buffer
mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch()
mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD
mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
mmc: core: Cleanup BKOPS support
* drm/dp/mst: fix a possible memory leak in fetch_monitor_name()
drivers/gpu/drm/drm_dp_mst_topology.c
crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ
* PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold
drivers/pci/pci.c
Fix double fget() in vhost_net_set_backend()
* perf: Fix sys_perf_event_open() race against self
kernel/events/core.c
ALSA: wavefront: Proper check of get_user() error
nilfs2: fix lockdep warnings during disk space reclamation
nilfs2: fix lockdep warnings in page operations for btree nodes
ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame()
drbd: remove usage of list iterator variable after loop
MIPS: lantiq: check the return value of kzalloc()
crypto: stm32 - fix reference leak in stm32_crc_remove
Input: stmfts - fix reference leak in stmfts_input_open
* Input: add bounds checking to input_set_capability()
drivers/input/input.c
um: Cleanup syscall_handler_t definition/cast, fix warning
floppy: use a statically allocated error counter
Merge 4.19.244 into android-4.19-stable
* ANDROID: fix up abi issue with struct snd_pcm_runtime
include/sound/pcm.h
Linux 4.19.244
tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe()
* ping: fix address binding wrt vrf
net/ipv4/ping.c
MIPS: fix allmodconfig build with latest mkimage
drm/vmwgfx: Initialize drm_mode_fb_cmd2
* cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp()
kernel/cgroup/cpuset.c
slimbus: qcom: Fix IRQ check in qcom_slim_probe
USB: serial: option: add Fibocom MA510 modem
USB: serial: option: add Fibocom L610 modem
USB: serial: qcserial: add support for Sierra Wireless EM7590
USB: serial: pl2303: add device id for HP LM930 Display
usb: typec: tcpci: Don't skip cleanup in .remove() on error
usb: cdc-wdm: fix reading stuck on device close
* tcp: resalt the secret every 10 seconds
net/core/secure_seq.c
s390: disable -Warray-bounds
* ASoC: ops: Validate input values in snd_soc_put_volsw_range()
sound/soc/soc-ops.c
ASoC: max98090: Generate notifications on changes for custom control
ASoC: max98090: Reject invalid values in custom control put()
hwmon: (f71882fg) Fix negative temperature
gfs2: Fix filesystem block deallocation for short writes
net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe()
net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending
* net/sched: act_pedit: really ensure the skb is writable
include/net/tc_act/tc_pedit.h
s390/lcs: fix variable dereferenced before check
s390/ctcm: fix potential memory leak
s390/ctcm: fix variable dereferenced before check
* hwmon: (ltq-cputemp) restrict it to SOC_XWAY
drivers/hwmon/Kconfig
mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection
* netlink: do not reset transport header in netlink_recvmsg()
net/netlink/af_netlink.c
* ipv4: drop dst in multicast routing path
net/ipv4/route.c
* net: Fix features skip in for_each_netdev_feature()
include/linux/netdev_features.h
hwmon: (tmp401) Add OF device ID table
batman-adv: Don't skb_split skbuffs with frag_list
Merge 4.19.243 into android-4.19-stable
Linux 4.19.243
* VFS: Fix memory leak caused by concurrently mounting fs with subtype
fs/namespace.c
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
* mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
mm/memory.c
* ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
include/sound/pcm.h
sound/core/pcm.c
sound/core/pcm_lib.c
sound/core/pcm_native.c
* ALSA: pcm: Fix races among concurrent prealloc proc writes
sound/core/pcm_memory.c
* ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
sound/core/pcm_native.c
* ALSA: pcm: Fix races among concurrent read/write and buffer changes
sound/core/pcm_lib.c
* ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
include/sound/pcm.h
sound/core/pcm.c
sound/core/pcm_native.c
* Bluetooth: Fix the creation of hdev->name
include/net/bluetooth/hci_core.h
net/bluetooth/hci_core.c
can: grcan: only use the NAPI poll budget for RX
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
nfp: bpf: silence bitwise vs. logical OR warning
drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
MIPS: Use address-of operator on section symbols
* ANDROID: GKI: update the abi .xml file due to hex_to_bin() changes
include/linux/kernel.h
lib/hexdump.c
Merge 4.19.242 into android-4.19-stable
Linux 4.19.242
mmc: rtsx: add 74 Clocks in power on flow
PCI: aardvark: Fix reading MSI interrupt number
PCI: aardvark: Clear all MSIs at setup
* dm: interlock pending dm_io and dm_wait_for_bios_completion
drivers/md/dm.c
* dm: fix mempool NULL pointer race when completing IO
drivers/md/dm.c
* tcp: make sure treq->af_specific is initialized
include/net/tcp.h
net/ipv4/syncookies.c
net/ipv4/tcp_ipv4.c
net/ipv6/syncookies.c
net/ipv6/tcp_ipv6.c
* mm: fix unexpected zeroed page mapping with zram swap
mm/page_io.c
kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU
* net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter()
net/ipv4/igmp.c
btrfs: always log symlinks in full mode
smsc911x: allow using IRQ0
selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational
net: emaclite: Add error handling for of_address_to_resource()
net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux()
ASoC: dmaengine: Restore NULL prepare_slave_config() callback
hwmon: (adt7470) Fix warning on module removal
NFC: netlink: fix sleep in atomic bug when firmware download timeout
nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
nfc: replace improper check device_is_registered() in netlink related functions
can: grcan: use ofdev->dev when allocating DMA memory
can: grcan: grcan_close(): fix deadlock
ASoC: wm8958: Fix change notifications for DSP controls
* genirq: Synchronize interrupt thread startup
kernel/irq/internals.h
kernel/irq/irqdesc.c
kernel/irq/manage.c
firewire: core: extend card->lock in fw_core_handle_bus_reset
firewire: remove check of list iterator against head past the loop body
firewire: fix potential uaf in outbound_phy_packet_callback()
Revert "SUNRPC: attempt AF_LOCAL connect on setup"
* gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
drivers/gpio/gpiolib-of.c
ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes
parisc: Merge model and model name into one line in /proc/cpuinfo
MIPS: Fix CP0 counter erratum detection for R4k CPUs
drm/vgem: Close use-after-free race in vgem_gem_create
tty: n_gsm: fix incorrect UA handling
tty: n_gsm: fix wrong command frame length field encoding
tty: n_gsm: fix wrong command retry handling
tty: n_gsm: fix missing explicit ldisc flush
tty: n_gsm: fix insufficient txframe size
netfilter: nft_socket: only do sk lookups when indev is available
tty: n_gsm: fix malformed counter for out of frame data
tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
x86/cpu: Load microcode during restore_processor_state()
drivers: net: hippi: Fix deadlock in rr_close()
cifs: destage any unwritten data to the server before calling copychunk_write
x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
ip6_gre: Avoid updating tunnel->tun_hlen in __gre6_xmit()
ASoC: wm8731: Disable the regulator when probing fails
bnx2x: fix napi API usage sequence
net: bcmgenet: hide status block before TX timestamping
clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource()
bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create()
* tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT
include/net/tcp.h
net/ipv4/tcp_input.c
net/ipv4/tcp_output.c
ip_gre: Make o_seqno start from 0 in native mode
net: hns3: add validity check for message data length
pinctrl: pistachio: fix use of irq_of_parse_and_map()
ARM: dts: imx6ull-colibri: fix vqmmc regulator
* sctp: check asoc strreset_chunk in sctp_generate_reconf_event
net/sctp/sm_sideeffect.c
* tcp: md5: incorrect tcp_header_len for incoming connections
net/ipv4/tcp_minisocks.c
mtd: rawnand: Fix return value check of wait_for_completion_timeout
ipvs: correctly print the memory size of ip_vs_conn_tab
ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35
ARM: dts: Fix mmc order for omap3-gta04
ARM: OMAP2+: Fix refcount leak in omap_gic_of_init
phy: samsung: exynos5250-sata: fix missing device put in probe error paths
phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue
* USB: Fix xhci event ring dequeue pointer ERDP update issue
drivers/usb/host/xhci-ring.c
mtd: rawnand: fix ecc parameters for mt7622
* hex2bin: fix access beyond string end
lib/hexdump.c
* hex2bin: make the function hex_to_bin constant-time
include/linux/kernel.h
lib/hexdump.c
serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
serial: 8250: Also set sticky MCR bits in console restoration
serial: imx: fix overrun interrupts in DMA mode
* usb: dwc3: gadget: Return proper request status
drivers/usb/dwc3/gadget.c
* usb: dwc3: core: Fix tx/rx threshold settings
drivers/usb/dwc3/core.c
* usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind()
drivers/usb/gadget/configfs.c
usb: gadget: uvc: Fix crash when encoding data for usb request
usb: misc: fix improper handling of refcount in uss720_probe()
iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on()
iio: dac: ad5446: Fix read_raw not returning set value
iio: dac: ad5592r: Fix the missing return value.
* xhci: stop polling roothubs after shutdown
drivers/usb/host/xhci.c
USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions
USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS
* USB: quirks: add STRING quirk for VCOM device
drivers/usb/core/quirks.c
* USB: quirks: add a Realtek card reader
drivers/usb/core/quirks.c
usb: mtu3: fix USB 3.0 dual-role-switch from device to host
ANDROID: dm-bow: Protect Ranges fetched and erased from the RB tree
Merge 4.19.241 into android-4.19-stable
Linux 4.19.241
* lightnvm: disable the subsystem
drivers/lightnvm/Kconfig
Revert "net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link"
ia64: kprobes: Fix to pass correct trampoline address to the handler
Revert "ia64: kprobes: Use generic kretprobe trampoline handler"
Revert "ia64: kprobes: Fix to pass correct trampoline address to the handler"
powerpc/64s: Unmerge EX_LR and EX_DAR
powerpc/64/interrupt: Temporarily save PPR on stack to fix register corruption due to SLB miss
* net/sched: cls_u32: fix netns refcount changes in u32_change()
net/sched/cls_u32.c
hamradio: remove needs_free_netdev to avoid UAF
hamradio: defer 6pack kfree after unregister_netdev
* floppy: disable FDRAWCMD by default
drivers/block/Kconfig
* media: vicodec: upon release, call m2m release before freeing ctrl handler
drivers/media/platform/vicodec/vicodec-core.c
Merge 4.19.240 into android-4.19-stable
Linux 4.19.240
* Revert "net: micrel: fix KS8851_MLL Kconfig"
drivers/net/ethernet/micrel/Kconfig
ax25: Fix UAF bugs in ax25 timers
ax25: Fix NULL pointer dereferences in ax25 timers
ax25: fix NPD bug in ax25_disconnect
ax25: fix UAF bug in ax25_send_control()
ax25: Fix refcount leaks caused by ax25_cb_del()
ax25: fix UAF bugs of net_device caused by rebinding operation
* ax25: fix reference count leaks of ax25_dev
include/net/ax25.h
* ax25: add refcount in ax25_dev to avoid UAF bugs
include/net/ax25.h
* block/compat_ioctl: fix range check in BLKGETSIZE
block/compat_ioctl.c
* staging: ion: Prevent incorrect reference counting behavour
drivers/staging/android/ion/ion.c
* ext4: force overhead calculation if the s_overhead_cluster makes no sense
fs/ext4/super.c
* ext4: fix overhead calculation to account for the reserved gdt blocks
fs/ext4/super.c
* ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
fs/ext4/inode.c
* ext4: fix symlink file size not match to file content
fs/ext4/page-io.c
* arm_pmu: Validate single/group leader events
drivers/perf/arm_pmu.c
ARC: entry: fix syscall_trace_exit argument
e1000e: Fix possible overflow in LTR decoding
* ASoC: soc-dapm: fix two incorrect uses of list iterator
sound/soc/soc-dapm.c
openvswitch: fix OOB access in reserve_sfa_size()
powerpc/perf: Fix power9 event alternatives
drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
dma: at_xdmac: fix a missing check on list iterator
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
* stat: fix inconsistency between struct stat and struct compat_stat
fs/stat.c
net: macb: Restart tx only if queue pointer is lagging
drm/msm/mdp5: check the return of kzalloc()
dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
mt76: Fix undefined behavior due to shift overflowing the constant
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
vxlan: fix error return code in vxlan_fdb_append
* ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
sound/usb/usbaudio.h
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
reset: tegra-bpmp: Restore Handle errors in BPMP response
ARM: vexpress/spc: Avoid negative array index when !SMP
* netlink: reset network and mac headers in netlink_dump()
net/netlink/af_netlink.c
* net/sched: cls_u32: fix possible leak in u32_init_knode()
net/sched/cls_u32.c
* net/packet: fix packet_sock xmit return value checking
net/packet/af_packet.c
rxrpc: Restore removed timer deletion
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
* tcp: Fix potential use-after-free due to double kfree()
net/ipv4/tcp_ipv4.c
* tcp: fix race condition when creating child sockets from syncookies
include/net/inet_hashtables.h
net/ipv4/inet_connection_sock.c
net/ipv4/inet_hashtables.c
net/ipv4/tcp_ipv4.c
net/ipv6/tcp_ipv6.c
* ALSA: usb-audio: Clear MIDI port active flag after draining
sound/usb/midi.c
gfs2: assign rgrp glock before compute_bitstructs
dm integrity: fix memory corruption when tag_size is less than digest size
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
* tracing: Dump stacktrace trigger to the corresponding instance
kernel/trace/trace_events_trigger.c
* mm: page_alloc: fix building error on -Werror=array-compare
mm/page_alloc.c
* etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
include/linux/etherdevice.h
Bug: 233713524
Change-Id: Ia5fbea973ff8863eb2b24e37f1aa8f5738c7d23a
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
b4b59322a5 |
Merge 4.19.243 into android-4.19-stable
Changes in 4.19.243
MIPS: Use address-of operator on section symbols
block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types
nfp: bpf: silence bitwise vs. logical OR warning
can: grcan: grcan_probe(): fix broken system id check for errata workaround needs
can: grcan: only use the NAPI poll budget for RX
Bluetooth: Fix the creation of hdev->name
ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
ALSA: pcm: Fix races among concurrent read/write and buffer changes
ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls
ALSA: pcm: Fix races among concurrent prealloc proc writes
ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock
mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic()
VFS: Fix memory leak caused by concurrently mounting fs with subtype
Linux 4.19.243
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I44b9e3ce71b3902ba330f785918ab2d8f0f2b7c6
|
||
|
Muchun Song
|
5ca7aa4331 |
mm: hugetlb: fix missing cache flush in copy_huge_page_from_user()
commit e763243cc6cb1fcc720ec58cfd6e7c35ae90a479 upstream.
userfaultfd calls copy_huge_page_from_user() which does not do any cache
flushing for the target page. Then the target page will be mapped to
the user space with a different address (user address), which might have
an alias issue with the kernel address used to copy the data from the
user to.
Fix this issue by flushing dcache in copy_huge_page_from_user().
Link: https://lkml.kernel.org/r/20220210123058.79206-4-songmuchun@bytedance.com
Fixes:
|
||
|
Lucas Wei
|
a452d64169 |
Merge android-4.19-stable (4.19.239) into android-msm-pixel-4.19-lts
Merge 4.19.239 into android-4.19-stable
Linux 4.19.239
i2c: pasemi: Wait for write xfers to finish
* smp: Fix offline cpu check in flush_smp_call_function_queue()
kernel/smp.c
ARM: davinci: da850-evm: Avoid NULL pointer dereference
* ipv6: fix panic when forwarding a pkt with no in6 dev
net/ipv6/ip6_output.c
* ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
sound/core/pcm_misc.c
ALSA: hda/realtek: Add quirk for Clevo PD50PNT
gcc-plugins: latent_entropy: use /dev/urandom
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
* mm, page_alloc: fix build_zonerefs_node()
mm/page_alloc.c
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: mvsas: Add PCI ID of RocketRaid 2640
drm/amd/display: Fix allocate_mst_payload assert on resume
* arm64: alternatives: mark patch_alternative() as `noinstr`
arch/arm64/kernel/alternative.c
gpu: ipu-v3: Fix dev_dbg frequency output
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
* net: micrel: fix KS8851_MLL Kconfig
drivers/net/ethernet/micrel/Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
scsi: target: tcmu: Fix possible page UAF
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
drm/amdkfd: Check for potential null return of kmalloc_array()
drm/amd: Add USBC connector ID
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
* sctp: Initialize daddr on peeled off socket
net/sctp/socket.c
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
mlxsw: i2c: Fix initialization error flow
gpiolib: acpi: use correct format characters
* veth: Ensure eth header is in skb's linear part
drivers/net/veth.c
* net/sched: flower: fix parsing of ethertype following VLAN header
include/net/flow_dissector.h
net/core/flow_dissector.c
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
* ANDROID: GKI: fix crc issue with commit
|
||
|
Greg Kroah-Hartman
|
ce7025b713 |
Merge 4.19.238 into android-4.19-stable
Changes in 4.19.238 USB: serial: pl2303: add IBM device IDs USB: serial: simple: add Nokia phone driver netdevice: add the case if dev is NULL xfrm: fix tunnel model fragmentation behavior virtio_console: break out of buf poll on remove ethernet: sun: Free the coherent when failing in probing spi: Fix invalid sgs value net:mcf8390: Use platform_get_irq() to get the interrupt spi: Fix erroneous sgs value with min_t() af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register fuse: fix pipe buffer lifetime for direct_io tpm: fix reference counting for struct tpm_chip block: Add a helper to validate the block size virtio-blk: Use blk_validate_block_size() to validate block size USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c xhci: make xhci_handshake timeout for xhci_reset() adjustable coresight: Fix TRCCONFIGR.QE sysfs interface iio: afe: rescale: use s64 for temporary scale calculations iio: inkern: apply consumer scale on IIO_VAL_INT cases iio: inkern: apply consumer scale when no channel scale is available iio: inkern: make a best effort on offset calculation clk: uniphier: Fix fixed-rate initialization ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE Documentation: add link to stable release candidate tree Documentation: update stable tree link SUNRPC: avoid race between mod_timer() and del_timer_sync() NFSD: prevent underflow in nfssvc_decode_writeargs() NFSD: prevent integer overflow on 32 bit systems f2fs: fix to unlock page correctly in error path of is_alive() pinctrl: samsung: drop pin banks references on error paths can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path jffs2: fix use-after-free in jffs2_clear_xattr_subsystem jffs2: fix memory leak in jffs2_do_mount_fs jffs2: fix memory leak in jffs2_scan_medium mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node mm: invalidate hwpoison page cache page in fault path mempolicy: mbind_range() set_policy() after vma_merge() scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands qed: display VF trust config qed: validate and restrict untrusted VFs vlan promisc mode Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" ALSA: cs4236: fix an incorrect NULL check on list iterator ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 mm,hwpoison: unmap poisoned page before invalidation drbd: fix potential silent data corruption powerpc/kvm: Fix kvm_use_magic_page ACPI: properties: Consistently return -ENOENT if there are no more references drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() block: don't merge across cgroup boundaries if blkcg is enabled drm/edid: check basic audio support on CEA extension block video: fbdev: sm712fb: Fix crash in smtcfb_read() video: fbdev: atari: Atari 2 bpp (STe) palette bugfix ARM: dts: at91: sama5d2: Fix PMERRLOC resource size ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 ARM: dts: exynos: add missing HDMI supplies on SMDK5250 ARM: dts: exynos: add missing HDMI supplies on SMDK5420 carl9170: fix missing bit-wise or operator for tx_params thermal: int340x: Increase bitmap size lib/raid6/test: fix multiple definition linking error DEC: Limit PMAX memory probing to R3k systems media: davinci: vpif: fix unbalanced runtime PM get brcmfmac: firmware: Allocate space for default boardrev in nvram brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio PCI: pciehp: Clear cmd_busy bit in polling mode regulator: qcom_smd: fix for_each_child.cocci warnings crypto: authenc - Fix sleep in atomic context in decrypt_tail crypto: mxs-dcp - Fix scatterlist processing spi: tegra114: Add missing IRQ check in tegra_spi_probe selftests/x86: Add validity check and allow field splitting spi: pxa2xx-pci: Balance reference count for PCI DMA device hwmon: (pmbus) Add mutex to regulator ops hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING block: don't delete queue kobject before its children PM: hibernate: fix __setup handler error handling PM: suspend: fix return value of __setup handler hwrng: atmel - disable trng on failure path crypto: vmx - add missing dependencies clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() ACPI: APEI: fix return value of __setup handlers crypto: ccp - ccp_dmaengine_unregister release dma channels hwmon: (pmbus) Add Vin unit off handling clocksource: acpi_pm: fix return value of __setup handler sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa perf/core: Fix address filter parser for multiple filters perf/x86/intel/pt: Fix address filter config for 32-bit kernel media: coda: Fix missing put_device() call in coda_get_vdoa_data video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() ARM: dts: qcom: ipq4019: fix sleep clock soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe media: em28xx: initialize refcount before kref_get media: usb: go7007: s2250-board: fix leak in probe() ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() ASoC: ti: davinci-i2s: Add check for clk_enable() ALSA: spi: Add check for clk_enable() arm64: dts: ns2: Fix spi-cpol and spi-cpha property arm64: dts: broadcom: Fix sata nodename printk: fix return value of printk.devkmsg __setup handler ASoC: mxs-saif: Handle errors for clk_enable ASoC: atmel_ssc_dai: Handle errors for clk_enable memory: emif: Add check for setup_interrupts memory: emif: check the pointer temp in get_device_details() ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe ASoC: wm8350: Handle error for wm8350_register_irq ASoC: fsi: Add check for clk_enable video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of ASoC: dmaengine: do not use a NULL prepare_slave_config() callback ASoC: mxs: Fix error handling in mxs_sgtl5000_probe ASoC: imx-es8328: Fix error return code in imx_es8328_probe() ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe mmc: davinci_mmc: Handle error for clk_enable drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern Bluetooth: hci_serdev: call init_rwsem() before p->open() mtd: onenand: Check for error irq drm/edid: Don't clear formats if using deep color drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() ath9k_htc: fix uninit value bugs KVM: PPC: Fix vmx/vsx mixup in mmio emulation power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe ray_cs: Check ioremap return value power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports iwlwifi: Fix -EIO error code that is never returned dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS scsi: pm8001: Fix command initialization in pm80XX_send_read_log() scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() scsi: pm8001: Fix abort all task initialization TOMOYO: fix __setup handlers return values ext2: correct max file size computing drm/tegra: Fix reference leak in tegra_dsi_ganged_probe power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit KVM: x86: Fix emulation in writing cr8 KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() hv_balloon: rate-limit "Unhandled message" warning i2c: xiic: Make bus names unique power: supply: wm8350-power: Handle error for wm8350_register_irq power: supply: wm8350-power: Add missing free in free_charger_irq PCI: Reduce warnings on possible RW1C corruption powerpc/sysdev: fix incorrect use to determine if list is empty mfd: mc13xxx: Add check for mc13xxx_irq_request vxcan: enable local echo for sent CAN frames MIPS: RB532: fix return value of __setup handler mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init USB: storage: ums-realtek: fix error code in rts51x_read_mem() af_netlink: Fix shift out of bounds in group mask calculation i2c: mux: demux-pinctrl: do not deactivate a master that is not active selftests/bpf/test_lirc_mode2.sh: Exit with proper code tcp: ensure PMTU updates are processed during fastopen mfd: asic3: Add missing iounmap() on error asic3_mfd_probe mxser: fix xmit_buf leak in activate when LSR == 0xff pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() staging:iio:adc:ad7280a: Fix handing of device address bit reversing. clk: qcom: ipq8074: Use floor ops for SDCC1 clock serial: 8250_mid: Balance reference count for PCI DMA device serial: 8250: Fix race condition in RTS-after-send handling iio: adc: Add check for devm_request_threaded_irq dma-debug: fix return value of __setup handlers clk: qcom: clk-rcg2: Update the frac table for pixel clock remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region clk: actions: Terminate clk_div_table with sentinel element clk: loongson1: Terminate clk_div_table with sentinel element clk: clps711x: Terminate clk_div_table with sentinel element clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver NFS: remove unneeded check in decode_devicenotify_args() pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe tty: hvc: fix return value of __setup handler kgdboc: fix return value of __setup handler kgdbts: fix return value of __setup handler jfs: fix divide error in dbNextAG netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options clk: qcom: gcc-msm8994: Fix gpll4 width xen: fix is_xen_pmu() net: phy: broadcom: Fix brcm_fet_config_init() qlcnic: dcb: default to returning -EOPNOTSUPP net/x25: Fix null-ptr-deref caused by x25_disconnect NFSv4/pNFS: Fix another issue with a list iterator pointing to the head lib/test: use after free in register_test_dev_kmod() selinux: use correct type for context length loop: use sysfs_emit() in the sysfs xxx show() Fix incorrect type in assignment of ipv6 port for audit irqchip/qcom-pdc: Fix broken locking irqchip/nvic: Release nvic_base upon failure bfq: fix use-after-free in bfq_dispatch_request ACPICA: Avoid walking the ACPI Namespace if it is not there lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 Revert "Revert "block, bfq: honor already-setup queue merges"" ACPI/APEI: Limit printable size of BERT table data PM: core: keep irq flags in device_pm_check_callbacks() spi: tegra20: Use of_device_get_match_data() ext4: don't BUG if someone dirty pages without asking ext4 first ntfs: add sanity check on allocation size video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow video: fbdev: w100fb: Reset global state video: fbdev: cirrusfb: check pixclock to avoid divide by zero video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 ARM: dts: bcm2837: Add the missing L1/L2 cache information video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit ASoC: soc-core: skip zero num_dai component in searching dai name media: cx88-mpeg: clear interrupt status register before streaming video ARM: tegra: tamonten: Fix I2C3 pad setting ARM: mmp: Fix failure to remove sram device video: fbdev: sm712fb: Fix crash in smtcfb_write() media: Revert "media: em28xx: add missing em28xx_close_extension" media: hdpvr: initialize dev->worker at hdpvr_register_videodev mmc: host: Return an error when ->enable_sdio_irq() ops is missing powerpc/lib/sstep: Fix 'sthcx' instruction powerpc/lib/sstep: Fix build errors with newer binutils powerpc: Fix build errors with newer binutils scsi: qla2xxx: Fix stuck session in gpdb scsi: qla2xxx: Fix warning for missing error code scsi: qla2xxx: Check for firmware dump already collected scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() scsi: qla2xxx: Fix incorrect reporting of task management failure scsi: qla2xxx: Fix hang due to session stuck scsi: qla2xxx: Reduce false trigger to login scsi: qla2xxx: Use correct feature type field during RFF_ID processing KVM: Prevent module exit until all VMs are freed KVM: x86: fix sending PV IPI ubifs: rename_whiteout: Fix double free for whiteout_ui->data ubifs: Fix deadlock in concurrent rename whiteout and inode writeback ubifs: Add missing iput if do_tmpfile() failed in rename whiteout ubifs: setflags: Make dirtied_ino_d 8 bytes aligned ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() ubifs: rename_whiteout: correct old_dir size computing can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path can: mcba_usb: properly check endpoint type gfs2: Make sure FITRIM minlen is rounded up to fs block size pinctrl: pinconf-generic: Print arguments for bias-pull-* ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl ACPI: CPPC: Avoid out of bounds access when parsing _CPC data mm/mmap: return 1 from stack_guard_gap __setup() handler mm/memcontrol: return 1 from cgroup.memory __setup() handler mm/usercopy: return 1 from hardened_usercopy __setup() handler bpf: Fix comment for helper bpf_current_task_under_cgroup() ubi: fastmap: Return error code if memory allocation fails in add_aeb() ASoC: topology: Allow TLV control to be either read or write ARM: dts: spear1340: Update serial node properties ARM: dts: spear13xx: Update SPI dma properties um: Fix uml_mconsole stop/go openvswitch: Fixed nd target mask field in the flow dump. KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated ubifs: Rectify space amount budget for mkdir/tmpfile operations rtc: wm8350: Handle error for wm8350_register_irq riscv module: remove (NOLOAD) ARM: 9187/1: JIVE: fix return value of __setup handler KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs drm: Add orientation quirk for GPD Win Max ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj ptp: replace snprintf with sysfs_emit powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 scsi: mvsas: Replace snprintf() with sysfs_emit() scsi: bfa: Replace snprintf() with sysfs_emit() power: supply: axp20x_battery: properly report current when discharging powerpc: Set crashkernel offset to mid of RMA region PCI: aardvark: Fix support for MSI interrupts iommu/arm-smmu-v3: fix event handling soft lockup usb: ehci: add pci device support for Aspeed platforms PCI: pciehp: Add Qualcomm quirk for Command Completed erratum ipv4: Invalidate neighbour for broadcast address upon address addition dm ioctl: prevent potential spectre v1 gadget drm/amdkfd: make CRAT table missing message informational only scsi: pm8001: Fix pm8001_mpi_task_abort_resp() scsi: aha152x: Fix aha152x_setup() __setup handler return value net/smc: correct settings of RMB window update limit macvtap: advertise link netns via netlink bnxt_en: Eliminate unintended link toggle during FW reset MIPS: fix fortify panic when copying asm exception handlers scsi: libfc: Fix use after free in fc_exch_abts_resp() usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm xtensa: fix DTC warning unit_address_format Bluetooth: Fix use after free in hci_send_acl init/main.c: return 1 from handled __setup() functions minix: fix bug when opening a file with O_DIRECT w1: w1_therm: fixes w1_seq for ds28ea00 sensors NFSv4: Protect the state recovery thread against direct reclaim xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 clk: Enforce that disjoints limits are invalid SUNRPC/call_alloc: async tasks mustn't block waiting for memory NFS: swap IO handling is slightly different for O_DIRECT IO NFS: swap-out must always use STABLE writes. serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() virtio_console: eliminate anonymous module_init & module_exit jfs: prevent NULL deref in diFree parisc: Fix CPU affinity for Lasi, WAX and Dino chips net: add missing SOF_TIMESTAMPING_OPT_ID support mm: fix race between MADV_FREE reclaim and blkdev direct IO read KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() Drivers: hv: vmbus: Fix potential crash on module unload scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() net: stmmac: Fix unset max_speed difference between DT and non-DT platforms drm/imx: Fix memory leak in imx_pd_connector_get_modes net: openvswitch: don't send internal clone attribute to the userspace. rxrpc: fix a race in rxrpc_exit_net() qede: confirm skb is allocated before using spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() drbd: Fix five use after free bugs in get_initial_state Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) mm/mempolicy: fix mpol_new leak in shared_policy_replace x86/pm: Save the MSR validity status at context setup x86/speculation: Restore speculation related MSRs during S3 resume btrfs: fix qgroup reserve overflow the qgroup limit arm64: patch_text: Fixup last cpu should be master ata: sata_dwc_460ex: Fix crash due to OOB write perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator irqchip/gic-v3: Fix GICR_CTLR.RWP polling tools build: Filter out options and warnings not supported by clang tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" mm: don't skip swap entry even if zap_details specified arm64: module: remove (NOLOAD) from linker script mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning cgroup: Use open-time credentials for process migraton perm checks cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv cgroup: Use open-time cgroup namespace for process migration perm checks selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 selftests: cgroup: Test open-time credential usage for migration checks selftests: cgroup: Test open-time cgroup namespace usage for migration checks xfrm: policy: match with both mark and mask on user interfaces drm/amdgpu: Check if fd really is an amdgpu fd. drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu Linux 4.19.238 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I55a3615d2fbf9bde9ac152456701b36a6c9d20b6 |
||
|
Peter Xu
|
7265c88000 |
mm: don't skip swap entry even if zap_details specified
commit 5abfd71d936a8aefd9f9ccd299dea7a164a5d455 upstream.
Patch series "mm: Rework zap ptes on swap entries", v5.
Patch 1 should fix a long standing bug for zap_pte_range() on
zap_details usage. The risk is we could have some swap entries skipped
while we should have zapped them.
Migration entries are not the major concern because file backed memory
always zap in the pattern that "first time without page lock, then
re-zap with page lock" hence the 2nd zap will always make sure all
migration entries are already recovered.
However there can be issues with real swap entries got skipped
errornoously. There's a reproducer provided in commit message of patch
1 for that.
Patch 2-4 are cleanups that are based on patch 1. After the whole
patchset applied, we should have a very clean view of zap_pte_range().
Only patch 1 needs to be backported to stable if necessary.
This patch (of 4):
The "details" pointer shouldn't be the token to decide whether we should
skip swap entries.
For example, when the callers specified details->zap_mapping==NULL, it
means the user wants to zap all the pages (including COWed pages), then
we need to look into swap entries because there can be private COWed
pages that was swapped out.
Skipping some swap entries when details is non-NULL may lead to wrongly
leaving some of the swap entries while we should have zapped them.
A reproducer of the problem:
===8<===
#define _GNU_SOURCE /* See feature_test_macros(7) */
#include <stdio.h>
#include <assert.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
int page_size;
int shmem_fd;
char *buffer;
void main(void)
{
int ret;
char val;
page_size = getpagesize();
shmem_fd = memfd_create("test", 0);
assert(shmem_fd >= 0);
ret = ftruncate(shmem_fd, page_size * 2);
assert(ret == 0);
buffer = mmap(NULL, page_size * 2, PROT_READ | PROT_WRITE,
MAP_PRIVATE, shmem_fd, 0);
assert(buffer != MAP_FAILED);
/* Write private page, swap it out */
buffer[page_size] = 1;
madvise(buffer, page_size * 2, MADV_PAGEOUT);
/* This should drop private buffer[page_size] already */
ret = ftruncate(shmem_fd, page_size);
assert(ret == 0);
/* Recover the size */
ret = ftruncate(shmem_fd, page_size * 2);
assert(ret == 0);
/* Re-read the data, it should be all zero */
val = buffer[page_size];
if (val == 0)
printf("Good\n");
else
printf("BUG\n");
}
===8<===
We don't need to touch up the pmd path, because pmd never had a issue with
swap entries. For example, shmem pmd migration will always be split into
pte level, and same to swapping on anonymous.
Add another helper should_zap_cows() so that we can also check whether we
should zap private mappings when there's no page pointer specified.
This patch drops that trick, so we handle swap ptes coherently. Meanwhile
we should do the same check upon migration entry, hwpoison entry and
genuine swap entries too.
To be explicit, we should still remember to keep the private entries if
even_cows==false, and always zap them when even_cows==true.
The issue seems to exist starting from the initial commit of git.
[peterx@redhat.com: comment tweaks]
Link: https://lkml.kernel.org/r/20220217060746.71256-2-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220217060746.71256-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220216094810.60572-1-peterx@redhat.com
Link: https://lkml.kernel.org/r/20220216094810.60572-2-peterx@redhat.com
Fixes:
|
||
|
Rik van Riel
|
79a8b36e12 |
mm,hwpoison: unmap poisoned page before invalidation
commit 3149c79f3cb0e2e3bafb7cfadacec090cbd250d3 upstream. In some cases it appears the invalidation of a hwpoisoned page fails because the page is still mapped in another process. This can cause a program to be continuously restarted and die when it page faults on the page that was not invalidated. Avoid that problem by unmapping the hwpoisoned page when we find it. Another issue is that sometimes we end up oopsing in finish_fault, if the code tries to do something with the now-NULL vmf->page. I did not hit this error when submitting the previous patch because there are several opportunities for alloc_set_pte to bail out before accessing vmf->page, and that apparently happened on those systems, and most of the time on other systems, too. However, across several million systems that error does occur a handful of times a day. It can be avoided by returning VM_FAULT_NOPAGE which will cause do_read_fault to return before calling finish_fault. Link: https://lkml.kernel.org/r/20220325161428.5068d97e@imladris.surriel.com Fixes: e53ac7374e64 ("mm: invalidate hwpoison page cache page in fault path") Signed-off-by: Rik van Riel <riel@surriel.com> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com> Tested-by: Naoya Horiguchi <naoya.horiguchi@nec.com> Reviewed-by: Oscar Salvador <osalvador@suse.de> Cc: Mel Gorman <mgorman@suse.de> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Rik van Riel
|
e83d418490 |
mm: invalidate hwpoison page cache page in fault path
commit e53ac7374e64dede04d745ff0e70ff5048378d1f upstream. Sometimes the page offlining code can leave behind a hwpoisoned clean page cache page. This can lead to programs being killed over and over and over again as they fault in the hwpoisoned page, get killed, and then get re-spawned by whatever wanted to run them. This is particularly embarrassing when the page was offlined due to having too many corrected memory errors. Now we are killing tasks due to them trying to access memory that probably isn't even corrupted. This problem can be avoided by invalidating the page from the page fault handler, which already has a branch for dealing with these kinds of pages. With this patch we simply pretend the page fault was successful if the page was invalidated, return to userspace, incur another page fault, read in the file from disk (to a new memory page), and then everything works again. Link: https://lkml.kernel.org/r/20220212213740.423efcea@imladris.surriel.com Signed-off-by: Rik van Riel <riel@surriel.com> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com> Acked-by: Naoya Horiguchi <naoya.horiguchi@nec.com> Reviewed-by: Oscar Salvador <osalvador@suse.de> Cc: John Hubbard <jhubbard@nvidia.com> Cc: Mel Gorman <mgorman@suse.de> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Matthew Wilcox <willy@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Wilson Sung
|
7418288acf |
Merge android-4.19-stable (4.19.220) into android-msm-pixel-4.19-lts
Merge 4.19.220 into android-4.19-stable
Linux 4.19.220
ipmi: msghandler: Make symbol 'remove_work_wq' static
parisc: Mark cr16 CPU clocksource unstable on all SMP machines
* serial: core: fix transmit-buffer reset and memleak
drivers/tty/serial/serial_core.c
serial: pl011: Add ACPI SBSA UART match id
tty: serial: msm_serial: Deactivate RX DMA for polling support
x86/64/mm: Map all kernel memory into trampoline_pgd
usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
* USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub
drivers/usb/core/quirks.c
* xhci: Fix commad ring abort, write all 64 bits to CRCR register.
drivers/usb/host/xhci-ring.c
vgacon: Propagate console boot parameters before calling `vc_resize'
parisc: Fix "make install" on newer debian releases
parisc: Fix KBUILD_IMAGE for self-extracting kernel
drm/msm: Do hw_init() before capturing GPU state
net/smc: Keep smc_close_final rc during active close
net/rds: correct socket tunable error in rds_tcp_tune()
* net: annotate data-races on txq->xmit_lock_owner
include/linux/netdevice.h
net/core/dev.c
net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available
rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources()
* siphash: use _unaligned version by default
include/linux/siphash.h
lib/siphash.c
net: mpls: Fix notifications when deleting a device
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
natsemi: xtensa: fix section mismatch warnings
i2c: stm32f7: stop dma transfer in case of NACK
i2c: stm32f7: recover the bus on access timeout
* fget: check that the fd still exists after getting a ref to it
fs/file.c
* fs: add fget_many() and fput_many()
fs/file.c
fs/file_table.c
include/linux/file.h
include/linux/fs.h
sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
ipmi: Move remove_work to dedicated workqueue
* kprobes: Limit max data_size of the kretprobe instances
include/linux/kprobes.h
vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
perf hist: Fix memory leak of a perf_hpp_fmt
net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile
scsi: iscsi: Unblock session then wake up error handler
* thermal: core: Reset previous low and high trip during thermal zone init
drivers/thermal/thermal_core.c
btrfs: check-integrity: fix a warning on write caching disabled disk
s390/setup: avoid using memblock_enforce_memory_limit
platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
* net: return correct error code
net/ipv4/devinet.c
atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
gfs2: Fix length of holes reported at end-of-file
* of: clk: Make <linux/of_clk.h> self-contained
include/linux/of_clk.h
NFSv42: Fix pagecache invalidation after COPY/CLONE
* shm: extend forced shm destroy to support objects from several IPC nses
include/linux/ipc_namespace.h
include/linux/sched/task.h
* BACKPORT: arm64: vdso32: suppress error message for 'make mrproper'
arch/arm64/kernel/vdso32/Makefile
Merge 4.19.219 into android-4.19-stable
Linux 4.19.219
tty: hvc: replace BUG_ON() with negative return value
xen/netfront: don't trust the backend response data blindly
xen/netfront: disentangle tx_skb_freelist
xen/netfront: don't read data from request on the ring page
xen/netfront: read response from backend only once
xen/blkfront: don't trust the backend response data blindly
xen/blkfront: don't take local copy of a request from the ring page
xen/blkfront: read response from backend only once
* xen: sync include/xen/interface/io/ring.h with Xen's newest version
include/xen/interface/io/ring.h
* fuse: release pipe buf after last use
fs/fuse/dev.c
* NFC: add NCI_UNREG flag to eliminate the race
include/net/nfc/nci_core.h
* hugetlbfs: flush TLBs correctly after huge_pmd_unshare
include/asm-generic/tlb.h
mm/memory.c
s390/mm: validate VMA in PGSTE manipulation functions
* tracing: Check pid filtering when creating events
kernel/trace/trace_events.c
vhost/vsock: fix incorrect used length reported to the guest
net: hns3: fix VF RSS failed problem after PF enable multi-TCs
net/smc: Don't call clcsock shutdown twice when smc shutdown
MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48
* tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
net/ipv4/tcp_cubic.c
PM: hibernate: use correct mode for swsusp_close()
net/smc: Ensure the active closing peer first closes clcsock
* ipv6: fix typos in __ip6_finish_output()
net/ipv6/ip6_output.c
drm/vc4: fix error code in vc4_create_object()
scsi: mpt3sas: Fix kernel panic during drive powercycle test
ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
NFSv42: Don't fail clone() unless the OP_CLONE operation failed
firmware: arm_scmi: pm: Propagate return value to caller
* net: ieee802154: handle iftypes as u32
include/net/nl802154.h
ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer
ARM: dts: BCM5301X: Add interrupt properties to GPIO node
ARM: dts: BCM5301X: Fix I2C controller interrupt
netfilter: ipvs: Fix reuse connection if RS weight is 0
arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
arm64: dts: marvell: armada-37xx: declare PCIe reset pin
pinctrl: armada-37xx: Correct PWM pins definitions
pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup
pinctrl: armada-37xx: Correct mpp definitions
PCI: aardvark: Fix checking for link up via LTSSM state
PCI: aardvark: Fix link training
PCI: aardvark: Fix PCIe Max Payload Size setting
PCI: aardvark: Configure PCIe resources from 'ranges' DT property
PCI: aardvark: Update comment about disabling link training
PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link()
PCI: aardvark: Fix compilation on s390
PCI: aardvark: Don't touch PCIe registers if no card connected
PCI: aardvark: Indicate error in 'val' when config read fails
PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros
PCI: aardvark: Issue PERST via GPIO
PCI: aardvark: Improve link training
PCI: aardvark: Train link immediately after enabling training
PCI: aardvark: Wait for endpoint to be ready before training link
PCI: aardvark: Fix a leaked reference by adding missing of_node_put()
proc/vmcore: fix clearing user buffer by properly using clear_user()
xtensa: use CONFIG_USE_OF instead of CONFIG_OF
* tracing: Fix pid filtering when triggers are attached
kernel/trace/trace.h
xen: detect uninitialized xenbus in xenbus_init
xen: don't continue xenstore initialization in case of errors
* fuse: fix page stealing
fs/fuse/dev.c
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts
media: cec: copy sequence field for the reply
ALSA: ctxfi: Fix out-of-range access
* binder: fix test regression due to sender_euid change
drivers/android/binder.c
* usb: hub: Fix locking issues with address0_mutex
drivers/usb/core/hub.c
* usb: hub: Fix usb enumeration issue due to address0 race
drivers/usb/core/hub.c
usb: dwc2: hcd_queue: Fix use of floating point literal
USB: serial: option: add Fibocom FM101-GL variants
USB: serial: option: add Telit LE910S1 0x9200 composition
* Revert "net: sched: update default qdisc visibility after Tx queue cnt changes"
include/net/sch_generic.h
net/core/dev.c
net/sched/sch_generic.c
net/sched/sch_mq.c
* Revert "serial: core: Fix initializing and restoring termios speed"
drivers/tty/serial/serial_core.c
include/linux/console.h
ANDROID: GKI: disable CONFIG_FORTIFY_SOURCE
Merge 4.19.218 into android-4.19-stable
Linux 4.19.218
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
usb: max-3421: Use driver data instead of maintaining a list of bound devices
* ASoC: DAPM: Cover regression by kctl change notification fix
sound/soc/soc-dapm.c
* RDMA/netlink: Add __maybe_unused to static inline in C file
include/rdma/rdma_netlink.h
batman-adv: Don't always reallocate the fragmentation skb head
batman-adv: Reserve needed_*room for fragments
batman-adv: Consider fragmentation for needed_headroom
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
* perf/core: Avoid put_page() when GUP fails
kernel/events/core.c
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drm/udl: fix control-message timeout
* cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
net/wireless/util.c
parisc/sticon: fix reverse colors
btrfs: fix memory ordering between normal and ordered work functions
udf: Fix crash after seekdir
x86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails
* mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
mm/slab.h
ipc: WARN if trying to remove ipc object which is absent
hexagon: export raw I/O routines for modules
* tun: fix bonding active backup with arp monitoring
drivers/net/tun.c
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
NFC: reorder the logic in nfc_{un,}register_device
NFC: reorganize the functions in nci_request
i40e: Fix display error code in dmesg
i40e: Fix changing previously set num_queue_pairs for PFs
i40e: Fix NULL ptr dereference on VSI filter sync
i40e: Fix correct max_pkt_size on VF RX queue
* net: virtio_net_hdr_to_skb: count transport header in UFO
include/linux/virtio_net.h
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
mips: lantiq: add support for clk_get_parent()
mips: bcm63xx: add support for clk_get_parent()
MIPS: generic/yamon-dt: fix uninitialized variable error
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
iavf: check for null in iavf_fix_features
net: bnx2x: fix variable dereferenced before check
drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame
* sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
kernel/sched/core.c
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sh: define __BIG_ENDIAN for math-emu
sh: fix kconfig unmet dependency warning for FRAME_POINTER
* f2fs: fix up f2fs_lookup tracepoints
include/trace/events/f2fs.h
maple: fix wrong return value of maple_bus_init().
sh: check return code of request_irq
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
ALSA: gus: fix null pointer dereference on pointer block
powerpc/5200: dts: fix memory node unit name
scsi: target: Fix alua_tg_pt_gps_count tracking
* scsi: target: Fix ordered tag handling
include/target/target_core_base.h
MIPS: sni: Fix the build
* tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
drivers/tty/tty_buffer.c
* ALSA: ISA: not for M68K
sound/core/Makefile
sound/isa/Kconfig
sound/pci/Kconfig
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ARM: dts: omap: fix gpmc,mux-add-data type
* firmware_loader: fix pre-allocated buf built-in firmware use
drivers/base/firmware_loader/main.c
scsi: advansys: Fix kernel pointer leak
ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect
arm64: dts: freescale: fix arm,sp805 compatible string
usb: typec: tipd: Remove WARN_ON in tps6598x_block_read
usb: musb: tusb6010: check return value after calling platform_get_resource()
arm64: dts: hisilicon: fix arm,sp805 compatible string
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
arm64: zynqmp: Fix serial compatible string
arm64: zynqmp: Do not duplicate flash partition label property
erofs: fix unsafe pagevec reuse of hooked pclusters
erofs: remove the occupied parameter from z_erofs_pagevec_enqueue()
* PCI: Add MSI masking quirk for Nvidia ION AHCI
drivers/pci/quirks.c
* PCI/MSI: Deal with devices lying about their MSI mask capability
drivers/pci/msi.c
include/linux/pci.h
* PCI/MSI: Destroy sysfs before freeing entries
drivers/pci/msi.c
parisc/entry: fix trace test in syscall exit path
* fortify: Explicitly disable Clang support
security/Kconfig
* ext4: fix lazy initialization next schedule time computation in more granular unit
fs/ext4/super.c
x86/cpu: Fix migration safety with X86_BUG_NULL_SEL
* fuse: truncate pagecache on atomic_o_trunc
fs/fuse/file.c
* PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
include/uapi/linux/pci_regs.h
s390/tape: fix timer initialization in tape_std_assign()
s390/cio: check the subchannel validity for dev_busid
* video: backlight: Drop maximum brightness override for brightness zero
drivers/video/backlight/backlight.c
backlight: gpio-backlight: Correct initial power state handling
* mm, oom: do not trigger out_of_memory from the #PF
mm/oom_kill.c
* mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
mm/oom_kill.c
powerpc/bpf: Emit stf barrier instruction sequences for BPF_NOSPEC
powerpc/security: Add a helper to query stf_barrier type
powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
powerpc/bpf: Validate branch ranges
powerpc/lib: Add helper to check if offset is within conditional branch range
9p/net: fix missing error check in p9_check_errors
* f2fs: should use GFP_NOFS for directory inodes
fs/f2fs/inode.c
fs/f2fs/namei.c
ARM: 9156/1: drop cc-option fallbacks for architecture selection
ARM: 9155/1: fix early early_iounmap()
USB: chipidea: fix interrupt deadlock
cxgb4: fix eeprom len when diagnostics not implemented
vsock: prevent unnecessary refcnt inc for nonblocking connect
* arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions
arch/arm64/include/asm/pgtable.h
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
* llc: fix out-of-bound array index in llc_sk_dev_hash()
include/net/llc.h
* zram: off by one in read_block_state()
drivers/block/zram/zram_drv.c
* mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
mm/zsmalloc.c
* bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
drivers/net/bonding/bond_sysfs_slave.c
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
net: davinci_emac: Fix interrupt pacing disable
xen-pciback: Fix return in pm_ctrl_init()
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
scsi: qla2xxx: Turn off target reset during issue_lip
scsi: qla2xxx: Fix gnl list corruption
* ar7: fix kernel builds for compiler test
drivers/watchdog/Kconfig
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
m68k: set a default value for MEMORY_RESERVE
* dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
drivers/dma/dmaengine.h
* netfilter: nfnetlink_queue: fix OOB when mac header was cleared
net/netfilter/nfnetlink_queue.c
auxdisplay: ht16k33: Fix frame buffer device blanking
auxdisplay: ht16k33: Connect backlight to fbdev
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
NFS: Fix deadlocks in nfs_scan_commit_list()
PCI: aardvark: Don't spam about PIO Response Status
* drm/plane-helper: fix uninitialized variable reference
drivers/gpu/drm/drm_plane_helper.c
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
* rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined
include/linux/rpmsg.h
apparmor: fix error check
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
mips: cm: Convert to bitfield API to fix out-of-bounds access
serial: xilinx_uartps: Fix race condition causing stuck TX
phy: qcom-qusb2: Fix a memory leak on probe
ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER
ASoC: cs42l42: Correct some register default values
RDMA/mlx4: Return missed an error if device doesn't support steering
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
power: supply: rt5033_battery: Change voltage values to µV
usb: gadget: hid: fix error code in do_config()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
video: fbdev: chipsfb: use memset_io() instead of memset()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
arm: dts: omap3-gta04a4: accelerometer irq fix
ALSA: hda: Reduce udelay() at SKL+ position reporting
JFS: fix memleak in jfs_mount
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
scsi: dc395: Fix error case unwinding
ARM: dts: at91: tse850: the emac<->phy interface is rmii
RDMA/bnxt_re: Fix query SRQ failure
arm64: dts: rockchip: Fix GPU register width for RK3328
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
RDMA/rxe: Fix wrong port_cap_flags
ibmvnic: Process crqs after enabling interrupts
selftests/bpf: Fix fclose/pclose mismatch in test_progs
crypto: pcrypt - Delay write to padata->info
net: phylink: avoid mvneta warning when setting pause parameters
net: amd-xgbe: Toggle PLL settings during rate change
wcn36xx: add proper DMA memory barriers in rx path
libertas: Fix possible memory leak in probe and disconnect
libertas_tf: Fix possible memory leak in probe and disconnect
KVM: s390: Fix handle_sske page fault handling
samples/kretprobes: Fix return value if register_kretprobe() failed
* tcp: don't free a FIN sk_buff in tcp_remove_empty_skb()
net/ipv4/tcp.c
irq: mips: avoid nested irq_enter()
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
drm/msm: Fix potential NULL dereference in DPU SSPP
* clocksource/drivers/timer-ti-dm: Select TIMER_OF
drivers/clocksource/Kconfig
PM: hibernate: fix sparse warnings
nvme-rdma: fix error code in nvme_rdma_setup_ctrl
phy: micrel: ksz8041nl: do not use power down mode
mwifiex: Send DELBA requests according to spec
rsi: stop thread firstly in rsi_91x_init() error handling
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mmc: mxs-mmc: disable regulator on error and in the remove function
* net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
net/core/stream.c
drm/msm: uninitialized variable in msm_gem_import()
ath10k: fix max antenna gain unit
hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff
* hwmon: Fix possible memleak in __hwmon_device_register()
drivers/hwmon/hwmon.c
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
memstick: avoid out-of-range warning
mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured
b43: fix a lower bounds test
b43legacy: fix a lower bounds test
hwrng: mtk - Force runtime pm ops for sleep ops
crypto: qat - disregard spurious PFVF interrupts
crypto: qat - detect PFVF collision after ACK
media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable()
ath9k: Fix potential interrupt storm on queue reset
media: em28xx: Don't use ops->suspend if it is NULL
* cpuidle: Fix kobject memory leaks in error paths
drivers/cpuidle/sysfs.c
media: cx23885: Fix snd_card_free call on null card pointer
media: si470x: Avoid card name truncation
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: dvb-usb: fix ununit-value in az6027_rc_query
media: em28xx: add missing em28xx_close_extension
drm/amdgpu: fix warning for overflow check
net: dsa: rtl8366rb: Fix off-by-one bug
* cgroup: Make rebind_subsystems() disable v2 controllers all at once
kernel/cgroup/cgroup.c
* Bluetooth: fix init and cleanup of sco_conn.timeout_work
net/bluetooth/sco.c
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
parisc/unwind: fix unwinder when CONFIG_64BIT is enabled
* task_stack: Fix end_of_stack() for architectures with upwards-growing stack
include/linux/sched/task_stack.h
parisc: fix warning in flush_tlb_all
x86/hyperv: Protect set_hv_tscchange_cb() against getting preempted
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
* gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE
net/ipv6/addrconf.c
ARM: clang: Do not rely on lr register for stacktrace
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
iwlwifi: mvm: disable RX-diversity in powersave
PM: hibernate: Get block device exclusively in swsusp_check()
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
tracing/cfi: Fix cmp_entries_* functions signature mismatch
* workqueue: make sysfs of unbound kworker cpumask more clever
kernel/workqueue.c
* lib/xz: Validate the value before assigning it to an enum variable
lib/xz/xz_dec_stream.c
* lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
lib/xz/xz_dec_lzma2.c
memstick: r592: Fix a UAF bug when removing the driver
leaking_addresses: Always print a trailing newline
ACPI: battery: Accept charges over the design capacity as full
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
* tracefs: Have tracefs directories not set OTH permission bits by default
fs/tracefs/inode.c
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
ACPICA: Avoid evaluating methods too early during system resume
media: rcar-csi2: Add checking to rcsi2_start_receiver()
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
media: mceusb: return without resubmitting URB in case of -EPROTO error.
media: s5p-mfc: Add checking to s5p_mfc_probe().
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: uvcvideo: Return -EIO for control errors
media: uvcvideo: Set capability in s_param
media: netup_unidvb: handle interrupt properly according to the firmware
media: mt9p031: Fix corrupted frame after restarting stream
mwifiex: Properly initialize private structure on interface type changes
mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type
x86: Increase exception stack sizes
smackfs: Fix use-after-free in netlbl_catmap_walk()
* net: sched: update default qdisc visibility after Tx queue cnt changes
include/net/sch_generic.h
net/core/dev.c
net/sched/sch_generic.c
net/sched/sch_mq.c
locking/lockdep: Avoid RCU-induced noinstr fail
MIPS: lantiq: dma: reset correct number of channel
MIPS: lantiq: dma: add small delay after reset
platform/x86: wmi: do not fail if disabling fails
* Bluetooth: fix use-after-free error in lock_sock_nested()
net/bluetooth/l2cap_sock.c
* Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
net/bluetooth/sco.c
* drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1
drivers/gpu/drm/drm_panel_orientation_quirks.c
USB: iowarrior: fix control-message timeouts
USB: serial: keyspan: fix memleak on probe errors
iio: dac: ad5446: Fix ad5622_write() return value
* pinctrl: core: fix possible memory leak in pinctrl_enable()
drivers/pinctrl/core.c
* quota: correct error number in free_dqentry()
fs/quota/quota_tree.c
* quota: check block number when reading the block in quota file
fs/quota/quota_tree.c
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
PCI: aardvark: Fix return value of MSI domain .alloc() method
PCI: aardvark: Do not unmask unused interrupts
PCI: aardvark: Do not clear status bits of masked interrupts
xen/balloon: add late_initcall_sync() for initial ballooning done
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: mixer: oss: Fix racy access to slots
* serial: core: Fix initializing and restoring termios speed
drivers/tty/serial/serial_core.c
include/linux/console.h
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
power: supply: max17042_battery: use VFSOC for capacity when no rsns
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
* signal: Remove the bogus sigkill_pending in ptrace_stop
kernel/signal.c
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
rsi: Fix module dev_oper_mode parameter description
rsi: fix rate mask set leading to P2P failure
rsi: fix key enabled check causing unwanted encryption for vap_id > 0
rsi: fix occasional initialisation failure with BT coex
wcn36xx: handle connection loss indication
libata: fix checking of DMA state
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: Fix HT40 capability for 2Ghz band
evm: mark evm_fixmode as __ro_after_init
rtl8187: fix control-message timeouts
* PCI: Mark Atheros QCA6174 to avoid bus reset
drivers/pci/quirks.c
ath10k: fix division by zero in send path
ath10k: fix control-message timeout
ath6kl: fix control-message timeout
ath6kl: fix division by zero in send path
mwifiex: fix division by zero in fw download path
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
hwmon: (pmbus/lm25066) Add offset coefficients
ia64: kprobes: Fix to pass correct trampoline address to the handler
btrfs: call btrfs_check_rw_degradable only if there is a missing device
btrfs: fix lost error handling when replaying directory deletes
btrfs: clear MISSING device status bit in btrfs_close_one_device
vmxnet3: do not stop tx queues after netif_device_detach()
watchdog: Fix OMAP watchdog early handling
spi: spl022: fix Microwire full duplex mode
xen/netfront: stop tx queues during live migration
* bpf: Prevent increasing bpf_jit_limit above max
include/linux/filter.h
kernel/bpf/core.c
net/core/sysctl_net_core.c
* drm: panel-orientation-quirks: Add quirk for Aya Neo 2021
drivers/gpu/drm/drm_panel_orientation_quirks.c
* mmc: winbond: don't build on M68K
drivers/mmc/host/Kconfig
hyperv/vmbus: include linux/bitops.h
sfc: Don't use netif_info before net_device setup
cavium: Fix return values of the probe function
scsi: qla2xxx: Fix unmap of already freed sgl
cavium: Return negative value when pci_alloc_irq_vectors() fails
x86/irq: Ensure PI wakeup handler is unregistered before module unload
x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c
* ALSA: timer: Unconditionally unlink slave instances, too
sound/core/timer.c
* ALSA: timer: Fix use-after-free problem
sound/core/timer.c
ALSA: synth: missing check for possible NULL after the call to kstrdup
* ALSA: usb-audio: Add registration quirk for JBL Quantum 400
sound/usb/quirks.c
ALSA: line6: fix control and interrupt message timeouts
ALSA: 6fire: fix control and bulk message timeouts
ALSA: ua101: fix division by zero at probe
ALSA: hda/realtek: Add quirk for Clevo PC70HS
media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers
media: ite-cir: IR receiver stop working after receive overflow
crypto: s5p-sss - Add error handling in s5p_aes_probe()
firmware/psci: fix application of sizeof to pointer
tpm: Check for integer overflow in tpm2_map_response_body()
parisc: Fix ptrace check on syscall return
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
ocfs2: fix data corruption on truncate
* libata: fix read log timeout value
include/linux/libata.h
Input: i8042 - Add quirk for Fujitsu Lifebook T725
Input: elantench - fix misreporting trackpoint coordinates
* binder: use cred instead of task for selinux checks
drivers/android/binder.c
include/linux/lsm_hooks.h
include/linux/security.h
security/security.c
security/selinux/hooks.c
* binder: use euid from cred instead of using task
drivers/android/binder.c
* xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
drivers/usb/host/xhci-hub.c
* ANDROID: usb: gadget: f_accessory: Mitgate handling of non-existent USB request
drivers/usb/gadget/function/f_accessory.c
* UPSTREAM: binder: use cred instead of task for getsecid
drivers/android/binder.c
include/linux/security.h
* FROMGIT: binder: fix test regression due to sender_euid change
drivers/android/binder.c
* BACKPORT: binder: use cred instead of task for selinux checks
drivers/android/binder.c
include/linux/lsm_hooks.h
include/linux/security.h
security/security.c
security/selinux/hooks.c
* UPSTREAM: binder: use euid from cred instead of using task
drivers/android/binder.c
* ANDROID: setlocalversion: make KMI_GENERATION optional
scripts/setlocalversion
Merge 4.19.217 into android-4.19-stable
Linux 4.19.217
rsi: fix control-message timeout
staging: rtl8192u: fix control-message timeouts
staging: r8712u: fix control-message timeout
comedi: vmk80xx: fix bulk and interrupt message timeouts
comedi: vmk80xx: fix bulk-buffer overflow
comedi: vmk80xx: fix transfer-buffer overflows
comedi: ni_usb6501: fix NULL-deref in command paths
comedi: dt9812: fix DMA buffers on stack
isofs: Fix out of bound access for corrupted isofs image
* printk/console: Allow to disable console output by using console="" or console=null
kernel/printk/printk.c
* usb-storage: Add compatibility quirk flags for iODD 2531/2541
drivers/usb/storage/unusual_devs.h
usb: musb: Balance list entry in musb_gadget_queue
* usb: gadget: Mark USB_FSL_QE broken on 64-bit
drivers/usb/gadget/udc/Kconfig
* usb: ehci: handshake CMD_RUN instead of STS_HALT
drivers/usb/host/ehci-hcd.c
drivers/usb/host/ehci-platform.c
drivers/usb/host/ehci.h
Revert "x86/kvm: fix vcpu-id indexed array sizes"
Merge 4.19.216 into android-4.19-stable
Linux 4.19.216
* ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
drivers/amba/bus.c
* arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
include/asm-generic/pgtable.h
sfc: Fix reading non-legacy supported link modes
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
IB/qib: Use struct_size() helper
media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
* scsi: core: Put LLD module refcnt after SCSI device is released
drivers/scsi/scsi.c
drivers/scsi/scsi_sysfs.c
* UPSTREAM: security: selinux: allow per-file labeling for bpffs
security/selinux/hooks.c
Bug: 210364486
Change-Id: I6232c6c7fde1bf54c16a32dd632456dc41e01e6e
Signed-off-by: JohnnLee <johnnlee@google.com>
|
||
|
Greg Kroah-Hartman
|
c8fea9b939 |
Merge 4.19.219 into android-4.19-stable
Changes in 4.19.219 USB: serial: option: add Telit LE910S1 0x9200 composition USB: serial: option: add Fibocom FM101-GL variants usb: dwc2: hcd_queue: Fix use of floating point literal usb: hub: Fix usb enumeration issue due to address0 race usb: hub: Fix locking issues with address0_mutex binder: fix test regression due to sender_euid change ALSA: ctxfi: Fix out-of-range access media: cec: copy sequence field for the reply HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() fuse: fix page stealing xen: don't continue xenstore initialization in case of errors xen: detect uninitialized xenbus in xenbus_init tracing: Fix pid filtering when triggers are attached xtensa: use CONFIG_USE_OF instead of CONFIG_OF proc/vmcore: fix clearing user buffer by properly using clear_user() PCI: aardvark: Fix a leaked reference by adding missing of_node_put() PCI: aardvark: Wait for endpoint to be ready before training link PCI: aardvark: Train link immediately after enabling training PCI: aardvark: Improve link training PCI: aardvark: Issue PERST via GPIO PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros PCI: aardvark: Indicate error in 'val' when config read fails PCI: aardvark: Don't touch PCIe registers if no card connected PCI: aardvark: Fix compilation on s390 PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() PCI: aardvark: Update comment about disabling link training PCI: aardvark: Configure PCIe resources from 'ranges' DT property PCI: aardvark: Fix PCIe Max Payload Size setting PCI: aardvark: Fix link training PCI: aardvark: Fix checking for link up via LTSSM state pinctrl: armada-37xx: Correct mpp definitions pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup pinctrl: armada-37xx: Correct PWM pins definitions arm64: dts: marvell: armada-37xx: declare PCIe reset pin arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function netfilter: ipvs: Fix reuse connection if RS weight is 0 ARM: dts: BCM5301X: Fix I2C controller interrupt ARM: dts: BCM5301X: Add interrupt properties to GPIO node ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer ASoC: topology: Add missing rwsem around snd_ctl_remove() calls net: ieee802154: handle iftypes as u32 firmware: arm_scmi: pm: Propagate return value to caller NFSv42: Don't fail clone() unless the OP_CLONE operation failed ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE scsi: mpt3sas: Fix kernel panic during drive powercycle test drm/vc4: fix error code in vc4_create_object() ipv6: fix typos in __ip6_finish_output() net/smc: Ensure the active closing peer first closes clcsock PM: hibernate: use correct mode for swsusp_close() tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 net/smc: Don't call clcsock shutdown twice when smc shutdown net: hns3: fix VF RSS failed problem after PF enable multi-TCs vhost/vsock: fix incorrect used length reported to the guest tracing: Check pid filtering when creating events s390/mm: validate VMA in PGSTE manipulation functions hugetlbfs: flush TLBs correctly after huge_pmd_unshare NFC: add NCI_UNREG flag to eliminate the race fuse: release pipe buf after last use xen: sync include/xen/interface/io/ring.h with Xen's newest version xen/blkfront: read response from backend only once xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: don't trust the backend response data blindly xen/netfront: read response from backend only once xen/netfront: don't read data from request on the ring page xen/netfront: disentangle tx_skb_freelist xen/netfront: don't trust the backend response data blindly tty: hvc: replace BUG_ON() with negative return value Linux 4.19.219 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I08d2ac89cddf44071c644a999ca39fc5230b1b21 |
||
|
Nadav Amit
|
b0313bc7f5 |
hugetlbfs: flush TLBs correctly after huge_pmd_unshare
commit a4a118f2eead1d6c49e00765de89878288d4b890 upstream.
When __unmap_hugepage_range() calls to huge_pmd_unshare() succeed, a TLB
flush is missing. This TLB flush must be performed before releasing the
i_mmap_rwsem, in order to prevent an unshared PMDs page from being
released and reused before the TLB flush took place.
Arguably, a comprehensive solution would use mmu_gather interface to
batch the TLB flushes and the PMDs page release, however it is not an
easy solution: (1) try_to_unmap_one() and try_to_migrate_one() also call
huge_pmd_unshare() and they cannot use the mmu_gather interface; and (2)
deferring the release of the page reference for the PMDs page until
after i_mmap_rwsem is dropeed can confuse huge_pmd_unshare() into
thinking PMDs are shared when they are not.
Fix __unmap_hugepage_range() by adding the missing TLB flush, and
forcing a flush when unshare is successful.
Fixes:
|
||
|
Lucas Wei
|
b2bed6615a |
Merge android-4.19-stable (4.19.202) into android-msm-pixel-4.19-lts
Merge 4.19.202 into android-4.19-stable
Linux 4.19.202
spi: mediatek: Fix fifo transfer
* padata: add separate cpuhp node for CPUHP_PADATA_DEAD
include/linux/padata.h
* padata: validate cpumask without removed CPU during offline
include/linux/cpuhotplug.h
Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout"
firmware: arm_scmi: Ensure drivers provide a probe function
drm/i915: Ensure intel_engine_init_execlist() builds with Clang
* Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled"
net/bluetooth/hci_core.c
* bdi: add a ->dev_name field to struct backing_dev_info
include/linux/backing-dev-defs.h
mm/backing-dev.c
* bdi: use bdi_dev_name() to get device name
block/blk-cgroup.c
include/trace/events/wbt.h
* bdi: move bdi_dev_name out of line
include/linux/backing-dev.h
mm/backing-dev.c
* net: Fix zero-copy head len calculation.
net/core/skbuff.c
qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union()
* r8152: Fix potential PM refcount imbalance
drivers/net/usb/r8152.c
ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
* regulator: rt5033: Fix n_voltages settings for BUCK and LDO
include/linux/mfd/rt5033-private.h
btrfs: mark compressed range uptodate only if all bio succeed
Merge 4.19.201 into android-4.19-stable
Linux 4.19.201
i40e: Add additional info to PHY type error
Revert "perf map: Fix dso->nsinfo refcounting"
powerpc/pseries: Fix regression while building external modules
can: hi311x: fix a signedness bug in hi3110_cmd()
sis900: Fix missing pci_disable_device() in probe and remove
tulip: windbond-840: Fix missing pci_disable_device() in probe and remove
* sctp: fix return value check in __sctp_rcv_asconf_lookup
net/sctp/input.c
net/mlx5: Fix flow table chaining
* net: llc: fix skb_over_panic
include/net/llc_pdu.h
mlx4: Fix missing error code in mlx4_load_one()
* tipc: fix sleeping in tipc accept routine
net/tipc/socket.c
i40e: Fix log TC creation failure when max num of queues is exceeded
i40e: Fix logic of disabling queues
netfilter: nft_nat: allow to specify layer 4 protocol NAT only
* netfilter: conntrack: adjust stop timestamp to real expiry value
net/netfilter/nf_conntrack_core.c
* cfg80211: Fix possible memory leak in function cfg80211_bss_update
net/wireless/scan.c
nfc: nfcsim: fix use after free during module unload
NIU: fix incorrect error return, missed in previous revert
can: esd_usb2: fix memory leak
can: ems_usb: fix memory leak
can: usb_8dev: fix memory leak
can: mcba_usb_start(): add missing urb->transfer_dma initialization
can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
ocfs2: issue zeroout to EOF blocks
ocfs2: fix zero out valid data
x86/kvm: fix vcpu-id indexed array sizes
btrfs: fix rw device counting in __btrfs_free_extra_devids
x86/asm: Ensure asm/proto.h can be included stand-alone
* gro: ensure frag0 meets IP header alignment
include/linux/skbuff.h
net/core/dev.c
* virtio_net: Do not pull payload in skb->head
include/linux/virtio_net.h
Merge 4.19.200 into android-4.19-stable
Linux 4.19.200
ARM: dts: versatile: Fix up interrupt controller node names
cifs: fix the out of range assignment to bit fields in parse_server_interfaces
firmware: arm_scmi: Fix range check for the maximum number of pending messages
firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow
hfs: add lock nesting notation to hfs_find_init
hfs: fix high memory mapping in hfs_bnode_read
hfs: add missing clean-up in hfs_fill_super
* sctp: move 198 addresses from unusable to private scope
include/net/sctp/constants.h
net/sctp/protocol.c
* net: annotate data race around sk_ll_usec
include/net/busy_poll.h
net/core/sock.c
net/802/garp: fix memleak in garp_request_join()
net/802/mrp: fix memleak in mrp_request_join()
* workqueue: fix UAF in pwq_unbound_release_workfn()
kernel/workqueue.c
* af_unix: fix garbage collect vs MSG_PEEK
net/unix/af_unix.c
* net: split out functions related to registering inflight socket files
include/net/af_unix.h
net/Makefile
net/unix/Kconfig
net/unix/Makefile
net/unix/af_unix.c
net/unix/garbage.c
net/unix/scm.c
net/unix/scm.h
KVM: x86: determine if an exception has an error code only when injecting it.
iio: dac: ds4422/ds4424 drop of_node check
selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c
* ANDROID: staging: ion: move buffer kmap from begin/end_cpu_access()
drivers/staging/android/ion/ion.c
Merge 4.19.199 into android-4.19-stable
Linux 4.19.199
* xhci: add xhci_get_virt_ep() helper
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.h
spi: spi-fsl-dspi: Fix a resource leak in an error handling path
* PCI: Mark AMD Navi14 GPU ATS as broken
drivers/pci/quirks.c
btrfs: compression: don't try to compress if we don't have enough pages
iio: accel: bma180: Fix BMA25x bandwidth register values
iio: accel: bma180: Use explicit member assignment
net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear
net: dsa: mv88e6xxx: use correct .stats_set_histogram() on Topaz
KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped()
KVM: do not allow mapping valid but non-reference-counted pages
KVM: do not assume PTE is writable after follow_pfn
* drm: Return -ENOTTY for non-drm ioctls
drivers/gpu/drm/drm_ioctl.c
include/drm/drm_ioctl.h
nds32: fix up stack guard gap
selftest: use mmap instead of posix_memalign to allocate memory
ixgbe: Fix packet corruption due to missing DMA sync
media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf()
* tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
kernel/trace/ring_buffer.c
usb: dwc2: gadget: Fix sending zero length packet in DDMA mode.
USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
USB: serial: cp210x: fix comments for GE CS1000
USB: serial: option: add support for u-blox LARA-R6 family
usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop()
usb: max-3421: Prevent corruption of freed memory
USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
* usb: hub: Fix link power management max exit latency (MEL) calculations
drivers/usb/core/hub.c
* usb: hub: Disable USB 3 device initiated lpm if exit latency is too high
drivers/usb/core/hub.c
KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
* xhci: Fix lost USB 2 remote wake
drivers/usb/host/xhci-hub.c
ALSA: sb: Fix potential ABBA deadlock in CSP driver
* ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
sound/usb/quirks.c
s390/ftrace: fix ftrace_update_ftrace_func implementation
Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one"
* proc: Avoid mixing integer types in mem_rw()
fs/proc/base.c
drm/panel: raspberrypi-touchscreen: Prevent double-free
* net: sched: cls_api: Fix the the wrong parameter
net/sched/cls_api.c
* sctp: update active_key for asoc when old key is being replaced
net/sctp/auth.c
* Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem"
drivers/usb/core/quirks.c
nvme-pci: don't WARN_ON in nvme_reset_work if ctrl.state is not RESETTING
net/sched: act_skbmod: Skip non-Ethernet packets
* net/tcp_fastopen: fix data races around tfo_active_disable_stamp
net/ipv4/tcp_fastopen.c
spi: cadence: Correct initialisation of runtime PM again
scsi: target: Fix protect handling in WRITE SAME(32)
scsi: iscsi: Fix iface sysfs attr detection
netrom: Decrease sock refcount when sock timers expire
KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak
net: decnet: Fix sleeping inside in af_decnet
net: fix uninit-value in caif_seqpkt_sendmsg
bpftool: Check malloc return value in mount_bpffs_for_pin
s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1]
liquidio: Fix unintentional sign extension issue on left shift of u16
spi: mediatek: fix fifo rx mode
perf probe-file: Delete namelist in del_events() on the error path
perf test bpf: Free obj_buf
perf lzma: Close lzma stream on exit
perf dso: Fix memory leak in dso__new_map()
perf probe: Fix dso->nsinfo refcounting
perf map: Fix dso->nsinfo refcounting
nvme-pci: do not call nvme_dev_remove_admin from nvme_remove
* ipv6: fix 'disable_policy' for fwd packets
net/ipv6/ip6_output.c
igb: Fix position of assignment to *ring
igb: Check if num of q_vectors is smaller than max before array access
iavf: Fix an error handling path in 'iavf_probe()'
e1000e: Fix an error handling path in 'e1000_probe()'
fm10k: Fix an error handling path in 'fm10k_probe()'
igb: Fix an error handling path in 'igb_probe()'
ixgbe: Fix an error handling path in 'ixgbe_probe()'
igb: Fix use-after-free error during reset
* net: ip_tunnel: fix mtu calculation for ETHER tunnel devices
net/ipv4/ip_tunnel.c
* udp: annotate data races around unix_sk(sk)->gso_size
net/ipv4/udp.c
net/ipv6/udp.c
bpftool: Properly close va_list 'ap' by va_end() on error
* ipv6: tcp: drop silly ICMPv6 packet too big messages
net/ipv4/tcp_output.c
net/ipv6/tcp_ipv6.c
* tcp: annotate data races around tp->mtu_info
net/ipv4/tcp_ipv4.c
net/ipv6/tcp_ipv6.c
* dma-buf/sync_file: Don't leak fences on merge failure
drivers/dma-buf/sync_file.c
* net: validate lwtstate->data before returning from skb_tunnel_info()
include/net/dst_metadata.h
* net: send SYNACK packet with accepted fwmark
net/ipv6/tcp_ipv6.c
net: ti: fix UAF in tlan_remove_one
net: qcom/emac: fix UAF in emac_remove
net: moxa: fix UAF in moxart_mac_probe
net: bcmgenet: Ensure all TX/RX queues DMAs are disabled
* net: bridge: sync fdb to new unicast-filtering ports
net/bridge/br_if.c
* netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
net/netfilter/nf_conntrack_netlink.c
* net: ipv6: fix return value of ip6_skb_dst_mtu
include/net/ip6_route.h
net/ipv6/xfrm6_output.c
net: dsa: mv88e6xxx: enable .rmu_disable() on Topaz
dm writecache: fix writing beyond end of underlying device when shrinking
dm writecache: return the exact table values that were set
* mm: slab: fix kmem_cache_create failed when sysfs node not destroyed
mm/slab_common.c
* sched/fair: Fix CFS bandwidth hrtimer expiry type
kernel/sched/fair.c
scsi: libfc: Fix array index out of bound exception
scsi: libsas: Add LUN number check in .slave_alloc callback
scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8
rtc: max77686: Do not enforce (incorrect) interrupt trigger type
* kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set
scripts/mkcompile_h
* thermal/core: Correct function name thermal_zone_device_unregister()
drivers/thermal/thermal_core.c
arm64: dts: ls208xa: remove bus-num from dspi node
soc/tegra: fuse: Fix Tegra234-only builds
ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15
ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings
ARM: dts: rockchip: fix supply properties in io-domains nodes
arm64: dts: juno: Update SCPI nodes as per the YAML schema
ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings
ARM: dts: stm32: fix RCC node name on stm32f429 MCU
ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards
rtc: mxc_v2: add missing MODULE_DEVICE_TABLE
ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info
ARM: dts: imx6: phyFLEX: Fix UART hardware flow control
ARM: dts: Hurricane 2: Fix NAND nodes names
ARM: dts: BCM63xx: Fix NAND nodes names
ARM: NSP: dts: fix NAND nodes names
ARM: Cygnus: dts: fix NAND nodes names
ARM: brcmstb: dts: fix NAND nodes names
reset: ti-syscon: fix to_ti_syscon_reset_data macro
arm64: dts: rockchip: Fix power-controller node names for rk3328
ARM: dts: rockchip: Fix power-controller node names for rk3288
ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x
ARM: dts: rockchip: Fix the timer clocks order
arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi
ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288
ARM: dts: gemini: add device_type on pci
ARM: dts: gemini: rename mdio to the right name
* ANDROID: generate_initcall_order.pl: Use two dash long options for llvm-nm
scripts/generate_initcall_order.pl
* Revert "media: subdev: disallow ioctl for saa6588/davinci"
include/media/v4l2-subdev.h
* ANDROID: GKI: fix up crc change in ip.h
include/net/ip.h
Merge 4.19.198 into android-4.19-stable
Linux 4.19.198
* seq_file: disallow extremely large seq buffer allocations
fs/seq_file.c
scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg()
* net: bridge: multicast: fix PIM hello router port marking race
net/bridge/br_multicast.c
MIPS: vdso: Invalid GIC access through VDSO
mips: disable branch profiling in boot/decompress.o
mips: always link byteswap helpers into decompressor
scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe()
ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery
ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems
ARM: dts: imx6q-dhcom: Fix ethernet reset time properties
ARM: dts: am437x: align ti,pindir-d0-out-d1-in property with dt-shema
ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema
memory: fsl_ifc: fix leak of private memory on probe failure
memory: fsl_ifc: fix leak of IO mapping on probe failure
* reset: bail if try_module_get() fails
drivers/reset/core.c
ARM: dts: BCM5301X: Fixup SPI binding
ARM: dts: r8a7779, marzen: Fix DU clock names
arm64: dts: renesas: v3msk: Fix memory size
* rtc: fix snprintf() checking in is_rtc_hctosys()
drivers/rtc/rtc-proc.c
memory: atmel-ebi: add missing of_node_put for loop iteration
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4
ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1
ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3
reset: a10sr: add missing of_match_table reference
hexagon: use common DISCARDS macro
NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
ALSA: isa: Fix error return code in snd_cmi8330_probe()
virtio_net: move tx vq operation under tx queue lock
x86/fpu: Limit xstate copy size in xstateregs_set()
PCI: iproc: Support multi-MSI only on uniprocessor kernel
PCI: iproc: Fix multi-MSI base vector number allocation
ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
nfs: fix acl memory leak of posix_acl_create()
watchdog: aspeed: fix hardware timeout calculation
um: fix error return code in winch_tramp()
um: fix error return code in slip_open()
NFSv4: Initialise connection to the server in nfs4_alloc_client()
* power: supply: rt5033_battery: Fix device tree enumeration
drivers/power/supply/Kconfig
PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
* f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs
fs/f2fs/super.c
virtio_console: Assure used length from device is limited
virtio_net: Fix error handling in virtnet_restore()
virtio-blk: Fix memory leak among suspend/resume procedure
ACPI: video: Add quirk for the Dell Vostro 3350
ACPI: AMBA: Fix resource name in /proc/iomem
pwm: tegra: Don't modify HW state in .remove callback
power: supply: ab8500: add missing MODULE_DEVICE_TABLE
power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
* NFS: nfs_find_open_context() may only select open files
include/linux/nfs_fs.h
ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
orangefs: fix orangefs df output.
PCI: tegra: Add missing MODULE_DEVICE_TABLE
x86/fpu: Return proper error codes from user access functions
watchdog: iTCO_wdt: Account for rebooting on second timeout
watchdog: Fix possible use-after-free by calling del_timer_sync()
watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff()
watchdog: Fix possible use-after-free in wdt_startup()
ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1
power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
power: supply: max17042: Do not enforce (incorrect) interrupt trigger type
power: supply: ab8500: Avoid NULL pointers
pwm: spear: Don't modify HW state in .remove callback
* lib/decompress_unlz4.c: correctly handle zero-padding around initrds.
lib/decompress_unlz4.c
* i2c: core: Disable client irq on reboot/shutdown
drivers/i2c/i2c-core-base.c
intel_th: Wait until port is in reset before programming it
staging: rtl8723bs: fix macro value for 2.4Ghz only device
ALSA: hda: Add IRQ check for platform_get_irq()
backlight: lm3630a: Fix return code of .update_status() callback
powerpc/boot: Fixup device-tree on little endian
usb: gadget: hid: fix error return code in hid_bind()
* usb: gadget: f_hid: fix endianness issue with descriptors
drivers/usb/gadget/function/f_hid.c
* ALSA: bebob: add support for ToneWeal FW66
sound/firewire/Kconfig
Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
* ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing()
sound/soc/soc-core.c
gpio: pca953x: Add support for the On Semi pca9655
selftests/powerpc: Fix "no_handler" EBB selftest
ALSA: ppc: fix error return code in snd_pmac_probe()
gpio: zynq: Check return value of pm_runtime_get_sync
powerpc/ps3: Add dma_mask to ps3_dma_region
ALSA: sb: Fix potential double-free of CSP mixer elements
selftests: timers: rtcpie: skip test if default RTC device does not exist
s390/sclp_vt220: fix console name to match device
mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
scsi: qedi: Fix null ref during abort handling
scsi: iscsi: Fix shost->max_id use
* scsi: iscsi: Fix conn use after free during resets
include/scsi/libiscsi.h
* scsi: iscsi: Add iscsi_cls_conn refcount helpers
include/scsi/scsi_transport_iscsi.h
fs/jfs: Fix missing error code in lmLogInit()
scsi: scsi_dh_alua: Check for negative result value
tty: serial: 8250: serial_cs: Fix a memory leak in error handling path
ALSA: ac97: fix PM reference leak in ac97_bus_remove()
* scsi: core: Cap scsi_host cmd_per_lun at can_queue
drivers/scsi/hosts.c
scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs
scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology
w1: ds2438: fixing bug that would always get page0
* Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
sound/firewire/Kconfig
misc/libmasm/module: Fix two use after free in ibmasm_init_one
tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero
PCI: aardvark: Fix kernel panic during PIO transfer
PCI: aardvark: Don't rely on jiffies while holding spinlock
tracing: Do not reference char * as a string in histograms
* scsi: core: Fix bad pointer dereference when ehandler kthread is invalid
drivers/scsi/hosts.c
KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run()
KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled
* smackfs: restrict bytes count in smk_set_cipso()
security/smack/smackfs.c
jfs: fix GPF in diFree
pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
media: gspca/sunplus: fix zero-length control requests
media: gspca/sq905: fix control-request direction
media: zr364xx: fix memory leak in zr364xx_start_readpipe
media: dtv5100: fix control-request directions
* media: subdev: disallow ioctl for saa6588/davinci
include/media/v4l2-subdev.h
PCI: aardvark: Fix checking for PIO Non-posted Request
* PCI: Leave Apple Thunderbolt controllers on for s2idle or standby
drivers/pci/quirks.c
dm btree remove: assign new_root only when removal succeeds
* coresight: tmc-etf: Fix global-out-of-bounds in tmc_update_etf_buffer()
drivers/hwtracing/coresight/coresight-tmc-etf.c
ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe
* tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
kernel/trace/trace.c
* tracing: Simplify & fix saved_tgids logic
kernel/trace/trace.c
* seq_buf: Fix overflow in seq_buf_putmem_hex()
lib/seq_buf.c
* power: supply: ab8500: Fix an old bug
include/linux/mfd/abx500/ux500_chargalg.h
ipmi/watchdog: Stop watchdog timer when the current action is 'none'
qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
ASoC: tegra: Set driver_name=tegra for all machine drivers
* clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround
drivers/clocksource/arm_arch_timer.c
* cpu/hotplug: Cure the cpusets trainwreck
kernel/cpu.c
ata: ahci_sunxi: Disable DIPM
mmc: core: Allow UHS-I voltage switch for SDSC cards if supported
mmc: core: clear flags before allowing to retune
mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
drm/msm/mdp4: Fix modifier support enabling
pinctrl/amd: Add device HID for new AMD GPIO controller
drm/amd/display: fix incorrrect valid irq check
drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create()
* usb: gadget: f_fs: Fix setting of device and driver data cross-references
drivers/usb/gadget/function/f_fs.c
powerpc/barrier: Avoid collision with clang's __lwsync macro
* fuse: reject internal errno
fs/fuse/dev.c
serial: mvebu-uart: fix calculation of clock divisor
serial: mvebu-uart: clarify the baud rate derivation
* bdi: Do not use freezable workqueue
mm/backing-dev.c
* fscrypt: don't ignore minor_hash when hash is 0
fs/crypto/fname.c
MIPS: set mips32r5 for virt extensions
* sctp: add size validation when walking chunks
net/sctp/input.c
* sctp: validate from_addr_param return
include/net/sctp/structs.h
net/sctp/bind_addr.c
net/sctp/input.c
net/sctp/ipv6.c
net/sctp/protocol.c
net/sctp/sm_make_chunk.c
Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc.
* Bluetooth: Shutdown controller after workqueues are flushed or cancelled
net/bluetooth/hci_core.c
* Bluetooth: Fix the HCI to MGMT status conversion table
net/bluetooth/mgmt.c
RDMA/cma: Fix rdma_resolve_route() memory leak
* net: ip: avoid OOM kills with large UDP sends over loopback
net/ipv4/ip_output.c
net/ipv6/ip6_output.c
media, bpf: Do not copy more entries than user space requested
* wireless: wext-spy: Fix out-of-bounds warning
net/wireless/wext-spy.c
sfc: error code if SRIOV cannot be disabled
sfc: avoid double pci_remove of VFs
iwlwifi: pcie: free IML DMA memory allocation
iwlwifi: mvm: don't change band on bound PHY contexts
RDMA/rxe: Don't overwrite errno from ib_umem_get()
vsock: notify server to shutdown when client has pending signal
atm: nicstar: register the interrupt handler in the right place
atm: nicstar: use 'dma_free_coherent' instead of 'kfree'
MIPS: add PMD table accounting into MIPS'pmd_alloc_one
rtl8xxxu: Fix device info for RTL8192EU devices
* net: fix mistake path for netdev_features_strings
include/linux/netdev_features.h
include/uapi/linux/ethtool.h
cw1200: add missing MODULE_DEVICE_TABLE
wl1251: Fix possible buffer overflow in wl1251_cmd_scan
wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
* xfrm: Fix error reporting in xfrm_state_construct.
net/xfrm/xfrm_user.c
* selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC
security/selinux/avc.c
fjes: check return value after calling platform_get_resource()
net: micrel: check return value after calling platform_get_resource()
net: mvpp2: check return value after calling platform_get_resource()
net: bcmgenet: check return value after calling platform_get_resource()
virtio_net: Remove BUG() to avoid machine dead
ice: set the value of global config lock timeout longer
pinctrl: mcp23s08: fix race condition in irq handler
dm space maps: don't reset space map allocation cursor when committing
RDMA/cxgb4: Fix missing error code in create_qp()
* ipv6: use prandom_u32() for ID generation
net/ipv6/output_core.c
clk: tegra: Ensure that PLLU configuration is applied properly
clk: renesas: r8a77995: Add ZA2 clock
e100: handle eeprom as little endian
udf: Fix NULL pointer dereference in udf_symlink function
drm/virtio: Fix double free on probe failure
reiserfs: add check for invalid 1st journal block
* net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT
net/core/dev.c
atm: nicstar: Fix possible use-after-free in nicstar_cleanup()
mISDN: fix possible use-after-free in HFC_cleanup()
atm: iphase: fix possible use-after-free in ia_module_exit()
hugetlb: clear huge pte during flush function on mips platform
drm/amd/display: fix use_max_lb flag for 420 pixel formats
net: pch_gbe: Use proper accessors to BE data in pch_ptp_match()
drm/amd/amdgpu/sriov disable all ip hw status by default
* drm/zte: Don't select DRM_KMS_FB_HELPER
drivers/gpu/drm/zte/Kconfig
* drm/mxsfb: Don't select DRM_KMS_FB_HELPER
drivers/gpu/drm/mxsfb/Kconfig
mmc: vub3000: fix control-request direction
mmc: block: Disable CMDQ on the ioctl path
perf llvm: Return -ENOMEM when asprintf() fails
selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random
mm/huge_memory.c: don't discard hugepage if other processes are mapping it
vfio/pci: Handle concurrent vma faults
arm64: dts: marvell: armada-37xx: Fix reg for standard variant of UART
serial: mvebu-uart: correctly calculate minimal possible baudrate
powerpc: Offline CPU in stop_this_cpu()
leds: ktd2692: Fix an error handling path
leds: as3645a: Fix error return code in as3645a_parse_node()
* configfs: fix memleak in configfs_release_bin_file
fs/configfs/file.c
ASoC: atmel-i2s: Fix usage of capture and playback at the same time
extcon: max8997: Add missing modalias string
extcon: sm5502: Drop invalid register write in sm5502_reg_data
phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe()
scsi: mpt3sas: Fix error return value in _scsih_expander_add()
mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume()
* of: Fix truncation of memory sizes on 32-bit platforms
drivers/of/fdt.c
drivers/of/of_reserved_mem.c
ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
staging: mt7621-dts: fix pci address for PCI memory range
staging: gdm724x: check for overflow in gdm_lte_netif_rx()
staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
eeprom: idt_89hpesx: Restore printing the unsupported fwnode name
eeprom: idt_89hpesx: Put fwnode in matching case during ->probe()
s390: appldata depends on PROC_SYSCTL
visorbus: fix error return code in visorchipset_init()
fsi/sbefifo: Fix reset timeout
fsi/sbefifo: Clean up correct FIFO when receiving reset request from SBE
fsi: scom: Reset the FSI2PIB engine for any error
fsi: core: Fix return of error values on failures
scsi: FlashPoint: Rename si_flags field
tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol()
Input: hil_kbd - fix error return code in hil_dev_connect()
ASoC: rsnd: tidyup loop on rsnd_adg_clk_query()
ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup()
iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp()
iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp()
iio: adis_buffer: do not return ints in irq handlers
mwifiex: re-fix for unaligned accesses
tty: nozomi: Fix a resource leak in an error handling function
RDMA/mlx5: Don't access NULL-cleared mpi pointer
net: sched: fix warning in tcindex_alloc_perfect_hash
* net: lwtunnel: handle MTU calculation in forwading
include/net/ip.h
include/net/ip6_route.h
net/ipv4/route.c
* writeback: fix obtain a reference to a freeing memcg css
fs/fs-writeback.c
* Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event
net/bluetooth/hci_event.c
* Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
net/bluetooth/mgmt.c
* ipv6: fix out-of-bound access in ip6_parse_tlv()
net/ipv6/exthdrs.c
ibmvnic: free tx_pool if tso_pool alloc fails
Revert "ibmvnic: remove duplicate napi_schedule call in open function"
i40e: Fix autoneg disabling for non-10GBaseT links
i40e: Fix error handling in i40e_vsi_open
* bpf: Do not change gso_size during bpf_skb_change_proto()
net/core/filter.c
* ipv6: exthdrs: do not blindly use init_net
net/ipv6/exthdrs.c
net: bcmgenet: Fix attaching to PYH failed on RPi 4B
mac80211: remove iwlwifi specific workaround NDPs of null_response
ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl()
ieee802154: hwsim: Fix memory leak in hwsim_add_one
* net/ipv4: swap flow ports when validating source
net/ipv4/fib_frontend.c
vxlan: add missing rcu_read_lock() in neigh_reduce()
pkt_sched: sch_qfq: fix qfq_change_class() error path
net: ethernet: ezchip: fix error handling
net: ethernet: ezchip: fix UAF in nps_enet_remove
net: ethernet: aeroflex: fix UAF in greth_of_remove
samples/bpf: Fix the error return code of xdp_redirect's main()
RDMA/rxe: Fix qp reference counting for atomic ops
netfilter: nft_tproxy: restrict support to TCP and UDP transport protocols
netfilter: nft_osf: check for TCP packet before further processing
netfilter: nft_exthdr: check for IPv6 packet before further processing
RDMA/mlx5: Don't add slave port to unaffiliated list
* netlabel: Fix memory leak in netlbl_mgmt_add_common
net/netlabel/netlabel_mgmt.c
ath10k: Fix an error code in ath10k_add_interface()
brcmsmac: mac80211_if: Fix a resource leak in an error handling path
brcmfmac: correctly report average RSSI in station info
brcmfmac: fix setting of station info chains bitmask
ssb: Fix error return code in ssb_bus_scan()
wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others
* wireless: carl9170: fix LEDS build errors & warnings
drivers/net/wireless/ath/carl9170/Kconfig
tools/bpftool: Fix error return code in do_batch()
drm: qxl: ensure surf.data is ininitialized
RDMA/rxe: Fix failure during driver load
ehea: fix error return code in ehea_restart_qps()
drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write()
net: pch_gbe: Propagate error from devm_gpio_request_one()
net: mvpp2: Put fwnode in error case during ->probe()
ocfs2: fix snprintf() checking
blk-wbt: make sure throttle is enabled properly
* blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled()
block/blk-wbt.h
ACPI: sysfs: Fix a buffer overrun problem with description_show()
crypto: nx - Fix RCU warning in nx842_OF_upd_status
spi: spi-sun6i: Fix chipselect/clock bug
btrfs: clear log tree recovering status if starting transaction fails
hwmon: (max31790) Fix fan speed reporting for fan7..12
hwmon: (max31722) Remove non-standard ACPI device IDs
media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
mmc: usdhi6rol0: fix error return code in usdhi6_probe()
media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
media: gspca/gl860: fix zero-length control requests
media: tc358743: Fix error return code in tc358743_probe_of()
media: exynos4-is: Fix a use after free in isp_video_release
pata_ep93xx: fix deferred probing
media: rc: i2c: Fix an error message
crypto: ccp - Fix a resource leak in an error handling path
evm: fix writing <securityfs>/evm overflow
pata_octeon_cf: avoid WARN_ON() in ata_host_activate()
media: I2C: change 'RST' to "RSET" to fix multiple build errors
pata_rb532_cf: fix deferred probing
sata_highbank: fix deferred probing
crypto: ux500 - Fix error return code in hash_hw_final()
crypto: ixp4xx - dma_unmap the correct address
media: s5p_cec: decrement usage count if disabled
ia64: mca_drv: fix incorrect array size calculation
HID: wacom: Correct base usage for capacitive ExpressKey status bits
ACPI: tables: Add custom DSDT file as makefile prerequisite
* clocksource: Retry clock read if long delays detected
kernel/time/clocksource.c
platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard()
ACPI: bus: Call kobject_put() in acpi_init() error path
ACPICA: Fix memory leak caused by _CID repair function
fs: dlm: fix memory leak when fenced
* random32: Fix implicit truncation warning in prandom_seed_state()
include/linux/prandom.h
fs: dlm: cancel work sync othercon
* block_dump: remove block_dump feature in mark_inode_dirty()
fs/fs-writeback.c
ACPI: EC: Make more Asus laptops use ECDT _GPE
* lib: vsprintf: Fix handling of number field widths in vsscanf
lib/kstrtox.c
lib/kstrtox.h
lib/vsprintf.c
hv_utils: Fix passing zero to 'PTR_ERR' warning
ACPI: processor idle: Fix up C-state latency if not ordered
EDAC/ti: Add missing MODULE_DEVICE_TABLE
* HID: do not use down_interruptible() when unbinding devices
drivers/hid/hid-core.c
regulator: da9052: Ensure enough delay time for .set_voltage_time_sel
* btrfs: disable build on platforms having page size 256K
fs/btrfs/Kconfig
btrfs: abort transaction if we fail to update the delayed inode
btrfs: fix error handling in __btrfs_update_delayed_inode
media: imx-csi: Skip first few frames from a BT.656 source
media: siano: fix device register error path
media: dvb_net: avoid speculation from net slot
* crypto: shash - avoid comparing pointers to exported functions under CFI
crypto/shash.c
include/crypto/internal/hash.h
mmc: via-sdmmc: add a check against NULL pointer dereference
media: dvd_usb: memory leak in cinergyt2_fe_attach
media: st-hva: Fix potential NULL pointer dereferences
media: bt8xx: Fix a missing check bug in bt878_probe
* media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
drivers/media/v4l2-core/v4l2-fh.c
media: em28xx: Fix possible memory leak of em28xx struct
* sched/fair: Fix ascii art by relpacing tabs
kernel/sched/fair.c
crypto: qat - remove unused macro in FW loader
crypto: qat - check return code of qat_hal_rd_rel_reg()
media: pvrusb2: fix warning in pvr2_i2c_core_done
media: cobalt: fix race condition in setting HPD
media: cpia2: fix memory leak in cpia2_usb_probe
crypto: nx - add missing MODULE_DEVICE_TABLE
regulator: uniphier: Add missing MODULE_DEVICE_TABLE
spi: omap-100k: Fix the length judgment problem
spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages()
spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
* spi: Make of_register_spi_device also set the fwnode
drivers/spi/spi.c
* fuse: check connected before queueing on fpq->io
fs/fuse/dev.c
evm: Refuse EVM_ALLOW_METADATA_WRITES only if an HMAC key is loaded
evm: Execute evm_inode_init_security() only when an HMAC key is loaded
powerpc/stacktrace: Fix spurious "stale" traces in raise_backtrace_ipi()
* seq_buf: Make trace_seq_putmem_hex() support data longer than 8
lib/seq_buf.c
* tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
include/linux/tracepoint.h
kernel/trace/bpf_trace.c
kernel/tracepoint.c
tracing/histograms: Fix parsing of "sym-offset" modifier
rsi: fix AP mode with WPA failure due to encrypted EAPOL
rsi: Assign beacon rate settings to the correct rate_info descriptor field
ssb: sdio: Don't overwrite const buffer if block_write fails
ath9k: Fix kernel NULL pointer dereference during ath_reset_internal()
serial_cs: remove wrong GLOBETROTTER.cis entry
serial_cs: Add Option International GSM-Ready 56K/ISDN modem
serial: sh-sci: Stop dmaengine transfer in sci_stop_tx()
iio: ltr501: ltr501_read_ps(): add missing endianness conversion
iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too
iio: light: tcs3472: do not free unallocated IRQ
rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path
s390/cio: dont call css_wait_for_slow_path() inside a lock
SUNRPC: Should wake up the privileged task firstly.
SUNRPC: Fix the batch tasks count wraparound.
can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path
can: gw: synchronize rcu operations before removing gw job entry
can: bcm: delay release of struct bcm_op after synchronize_rcu()
* ext4: use ext4_grp_locked_error in mb_find_extent
fs/ext4/mballoc.c
* ext4: fix avefreec in find_group_orlov
fs/ext4/ialloc.c
* ext4: remove check for zero nr_to_scan in ext4_es_scan()
fs/ext4/extents_status.c
* ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
fs/ext4/extents_status.c
* ext4: return error code when ext4_fill_flex_info() fails
fs/ext4/super.c
* ext4: fix kernel infoleak via ext4_extent_header
fs/ext4/extents.c
* ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle
fs/ext4/super.c
btrfs: clear defrag status of a root if starting transaction fails
btrfs: send: fix invalid path for unlink operations after parent orphanization
ARM: dts: at91: sama5d4: fix pinctrl muxing
arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl
* iov_iter_fault_in_readable() should do nothing in xarray case
lib/iov_iter.c
ntfs: fix validity check for file name attribute
* xhci: solve a double free problem while doing s4
drivers/usb/host/xhci-mem.c
* usb: typec: Add the missed altmode_id_remove() in typec_register_altmode()
drivers/usb/typec/class.c
* usb: dwc3: Fix debugfs creation flow
drivers/usb/dwc3/core.c
USB: cdc-acm: blacklist Heimann USB Appset device
usb: gadget: eem: fix echo command packet response issue
net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
Input: usbtouchscreen - fix control-request directions
media: dvb-usb: fix wrong definition
* ALSA: usb-audio: Fix OOB access at proc output
sound/usb/mixer.c
* ALSA: usb-audio: fix rate on Ozone Z90 USB headset
sound/usb/format.c
* scsi: core: Retry I/O for Notify (Enable Spinup) Required error
drivers/scsi/scsi_lib.c
* Revert "clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940"
include/linux/cpuhotplug.h
Merge 4.19.197 into android-4.19-stable
Linux 4.19.197
* clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940
include/linux/cpuhotplug.h
clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue
clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support
ARM: OMAP: replace setup_irq() by request_irq()
KVM: SVM: Call SEV Guest Decommission if ASID binding fails
xen/events: reset active flag for lateeoi events later
* kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync()
kernel/kthread.c
* kthread_worker: split code for canceling the delayed work timer
kernel/kthread.c
ARM: dts: imx6qdl-sabresd: Remove incorrect power supply assignment
KVM: SVM: Periodically schedule when unregistering regions on destroy
* ext4: eliminate bogus error in ext4_data_block_valid_rcu()
fs/ext4/block_validity.c
drm/nouveau: fix dma_address check for CPU/GPU sync
scsi: sr: Return appropriate error code when disk is ejected
* mm, futex: fix shared futex pgoff on shmem huge page
include/linux/hugetlb.h
include/linux/pagemap.h
kernel/futex.c
* mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk()
mm/page_vma_mapped.c
* mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): get vma_address_end() earlier
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): use goto instead of while (1)
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): add a level of indentation
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): crossing page table boundary
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): settle PageHuge on entry
mm/page_vma_mapped.c
* mm: page_vma_mapped_walk(): use page for pvmw->page
mm/page_vma_mapped.c
mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split
* mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
include/linux/mm.h
mm/memory.c
mm/truncate.c
* mm/thp: fix page_address_in_vma() on file THP tails
mm/rmap.c
* mm/thp: fix vma_address() if virtual address below file offset
mm/internal.h
mm/page_vma_mapped.c
mm/rmap.c
* mm/thp: try_to_unmap() use TTU_SYNC for safe splitting
include/linux/rmap.h
mm/page_vma_mapped.c
mm/rmap.c
* mm/thp: make is_huge_zero_pmd() safe and quicker
include/linux/huge_mm.h
* mm/thp: fix __split_huge_pmd_locked() on shmem migration entry
mm/pgtable-generic.c
* mm/rmap: use page_not_mapped in try_to_unmap()
mm/rmap.c
* mm/rmap: remove unneeded semicolon in page_not_mapped()
mm/rmap.c
* mm: add VM_WARN_ON_ONCE_PAGE() macro
include/linux/mmdebug.h
Bug: 196282886
Change-Id: I0af3abfa9aaa6da3e884f1a692da381e8e140bee
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
ec10e35858 |
Merge 4.19.197 into android-4.19-stable
Changes in 4.19.197 mm: add VM_WARN_ON_ONCE_PAGE() macro mm/rmap: remove unneeded semicolon in page_not_mapped() mm/rmap: use page_not_mapped in try_to_unmap() mm/thp: fix __split_huge_pmd_locked() on shmem migration entry mm/thp: make is_huge_zero_pmd() safe and quicker mm/thp: try_to_unmap() use TTU_SYNC for safe splitting mm/thp: fix vma_address() if virtual address below file offset mm/thp: fix page_address_in_vma() on file THP tails mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split mm: page_vma_mapped_walk(): use page for pvmw->page mm: page_vma_mapped_walk(): settle PageHuge on entry mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block mm: page_vma_mapped_walk(): crossing page table boundary mm: page_vma_mapped_walk(): add a level of indentation mm: page_vma_mapped_walk(): use goto instead of while (1) mm: page_vma_mapped_walk(): get vma_address_end() earlier mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() mm, futex: fix shared futex pgoff on shmem huge page scsi: sr: Return appropriate error code when disk is ejected drm/nouveau: fix dma_address check for CPU/GPU sync ext4: eliminate bogus error in ext4_data_block_valid_rcu() KVM: SVM: Periodically schedule when unregistering regions on destroy ARM: dts: imx6qdl-sabresd: Remove incorrect power supply assignment kthread_worker: split code for canceling the delayed work timer kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() xen/events: reset active flag for lateeoi events later KVM: SVM: Call SEV Guest Decommission if ASID binding fails ARM: OMAP: replace setup_irq() by request_irq() clocksource/drivers/timer-ti-dm: Add clockevent and clocksource support clocksource/drivers/timer-ti-dm: Prepare to handle dra7 timer wrap issue clocksource/drivers/timer-ti-dm: Handle dra7 timer wrap errata i940 Linux 4.19.197 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I733cdb08e37808851f4ff54a2e333f3c7d4e9257 |
||
|
Hugh Dickins
|
d5cd96a788 |
mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
[ Upstream commit 22061a1ffabdb9c3385de159c5db7aac3a4df1cc ]
There is a race between THP unmapping and truncation, when truncate sees
pmd_none() and skips the entry, after munmap's zap_huge_pmd() cleared
it, but before its page_remove_rmap() gets to decrement
compound_mapcount: generating false "BUG: Bad page cache" reports that
the page is still mapped when deleted. This commit fixes that, but not
in the way I hoped.
The first attempt used try_to_unmap(page, TTU_SYNC|TTU_IGNORE_MLOCK)
instead of unmap_mapping_range() in truncate_cleanup_page(): it has
often been an annoyance that we usually call unmap_mapping_range() with
no pages locked, but there apply it to a single locked page.
try_to_unmap() looks more suitable for a single locked page.
However, try_to_unmap_one() contains a VM_BUG_ON_PAGE(!pvmw.pte,page):
it is used to insert THP migration entries, but not used to unmap THPs.
Copy zap_huge_pmd() and add THP handling now? Perhaps, but their TLB
needs are different, I'm too ignorant of the DAX cases, and couldn't
decide how far to go for anon+swap. Set that aside.
The second attempt took a different tack: make no change in truncate.c,
but modify zap_huge_pmd() to insert an invalidated huge pmd instead of
clearing it initially, then pmd_clear() between page_remove_rmap() and
unlocking at the end. Nice. But powerpc blows that approach out of the
water, with its serialize_against_pte_lookup(), and interesting pgtable
usage. It would need serious help to get working on powerpc (with a
minor optimization issue on s390 too). Set that aside.
Just add an "if (page_mapped(page)) synchronize_rcu();" or other such
delay, after unmapping in truncate_cleanup_page()? Perhaps, but though
that's likely to reduce or eliminate the number of incidents, it would
give less assurance of whether we had identified the problem correctly.
This successful iteration introduces "unmap_mapping_page(page)" instead
of try_to_unmap(), and goes the usual unmap_mapping_range_tree() route,
with an addition to details. Then zap_pmd_range() watches for this
case, and does spin_unlock(pmd_lock) if so - just like
page_vma_mapped_walk() now does in the PVMW_SYNC case. Not pretty, but
safe.
Note that unmap_mapping_page() is doing a VM_BUG_ON(!PageLocked) to
assert its interface; but currently that's only used to make sure that
page->mapping is stable, and zap_pmd_range() doesn't care if the page is
locked or not. Along these lines, in invalidate_inode_pages2_range()
move the initial unmap_mapping_range() out from under page lock, before
then calling unmap_mapping_page() under page lock if still mapped.
Link: https://lkml.kernel.org/r/a2a4a148-cdd8-942c-4ef8-51b77f643dbe@google.com
Fixes:
|
||
|
Lucas Wei
|
a93de36337 |
Merge android-4.19-stable (4.19.189) into android-msm-pixel-4.19-lts
Merge 4.19.189 into android-4.19-stable
Linux 4.19.189
USB: CDC-ACM: fix poison/unpoison imbalance
net: hso: fix NULL-deref on disconnect regression
x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access
ia64: tools: remove duplicate definition of ia64_mf() on ia64
ia64: fix discontig.c section mismatches
cavium/liquidio: Fix duplicate argument
xen-netback: Check for hotplug-status existence before watching
s390/entry: save the caller of psw_idle
net: geneve: check skb is large enough for IPv4/IPv6 header
ARM: dts: Fix swapped mmc order for omap3
HID: wacom: Assign boolean values to a bool variable
HID: alps: fix error return code in alps_input_configured()
* HID: google: add don USB id
drivers/hid/hid-ids.h
perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3
* locking/qrwlock: Fix ordering in queued_write_lock_slowpath()
kernel/locking/qrwlock.c
pinctrl: lewisburg: Update number of pins in community
* gup: document and work around "COW can break either way" issue
mm/gup.c
* net: phy: marvell: fix detection of PHY on Topaz switches
include/linux/marvell_phy.h
ARM: 9071/1: uprobes: Don't hook on thumb instructions
ARM: footbridge: fix PCI interrupt mapping
ibmvnic: remove duplicate napi_schedule call in open function
ibmvnic: remove duplicate napi_schedule call in do_reset function
ibmvnic: avoid calling napi_disable() twice
i40e: fix the panic when running bpf in xdpdrv mode
* net: ip6_tunnel: Unregister catch-all devices
net/ipv6/ip6_tunnel.c
* net: sit: Unregister catch-all devices
net/ipv6/sit.c
net: davicom: Fix regulator not turned off on failed probe
netfilter: nft_limit: avoid possible divide error in nft_limit_init
* netfilter: conntrack: do not print icmpv6 as unknown via /proc
net/netfilter/nf_conntrack_standalone.c
scsi: libsas: Reset num_scatter if libata marks qc as NODATA
* arm64: alternatives: Move length validation in alternative_{insn, endif}
arch/arm64/include/asm/alternative.h
* arm64: fix inline asm in load_unaligned_zeropad()
arch/arm64/include/asm/word-at-a-time.h
* readdir: make sure to verify directory entry for legacy interfaces too
fs/readdir.c
* dm verity fec: fix misaligned RS roots IO
drivers/md/dm-verity-fec.c
drivers/md/dm-verity-fec.h
HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices
Input: i8042 - fix Pegatron C15B ID entry
Input: s6sy761 - fix coordinate read bit shift
mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN
pcnet32: Use pci_resource_len to validate PCI resource
net: ieee802154: forbid monitor for add llsec seclevel
net: ieee802154: stop dump llsec seclevels for monitors
net: ieee802154: forbid monitor for add llsec devkey
net: ieee802154: stop dump llsec devkeys for monitors
net: ieee802154: forbid monitor for add llsec dev
net: ieee802154: stop dump llsec devs for monitors
net: ieee802154: stop dump llsec keys for monitors
scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state
ASoC: fsl_esai: Fix TDM slot setup for I2S mode
drm/msm: Fix a5xx/a6xx timestamps
ARM: keystone: fix integer overflow warning
* neighbour: Disregard DEAD dst in neigh_update
net/core/neighbour.c
arc: kernel: Return -EFAULT if copy_to_user() fails
lockdep: Add a missing initialization hint to the "INFO: Trying to register non-static key" message
ARM: dts: Fix moving mmc devices with aliases for omap4 & 5
ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race
* dmaengine: dw: Make it dependent to HAS_IOMEM
drivers/dma/dw/Kconfig
* gpio: sysfs: Obey valid_mask
drivers/gpio/gpiolib-sysfs.c
Input: nspire-keypad - enable interrupts only when opened
* net/sctp: fix race condition in sctp_destroy_sock
net/sctp/socket.c
ANDROID: GKI: update allowed list for incrementalfs.ko
* ANDROID: fs-verity: Export function to check signatures
fs/verity/signature.c
include/linux/fsverity.h
* UPSTREAM: fs-verity: move structs needed for file signing to UAPI header
fs/verity/fsverity_private.h
include/uapi/linux/fsverity.h
* UPSTREAM: fs-verity: rename "file measurement" to "file digest"
fs/verity/enable.c
fs/verity/fsverity_private.h
fs/verity/measure.c
fs/verity/open.c
fs/verity/signature.c
* UPSTREAM: fs-verity: rename fsverity_signed_digest to fsverity_formatted_digest
fs/verity/fsverity_private.h
fs/verity/signature.c
* UPSTREAM: fs-verity: remove filenames from file comments
fs/verity/enable.c
fs/verity/hash_algs.c
fs/verity/init.c
fs/verity/measure.c
fs/verity/open.c
fs/verity/signature.c
fs/verity/verify.c
ANDROID: clang: update to 12.0.5
Merge 4.19.188 into android-4.19-stable
Linux 4.19.188
xen/events: fix setting irq affinity
perf map: Tighten snprintf() string precision to pass gcc check on some 32-bit arches
* driver core: Fix locking bug in deferred_probe_timeout_work_func()
drivers/base/dd.c
* netfilter: x_tables: fix compat match/target pad out-of-bound write
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c
net/netfilter/x_tables.c
* staging: m57621-mmc: delete driver from the tree.
drivers/staging/Kconfig
drivers/staging/Makefile
net: phy: broadcom: Only advertise EEE for supported modes
riscv,entry: fix misaligned base for excp_vect_table
* block: only update parent bi_status when bio fail
block/bio.c
drm/tegra: dc: Don't set PLL clock to 0Hz
gfs2: report "already frozen/thawed" errors
drm/imx: imx-ldb: fix out of bounds array access warning
* KVM: arm64: Disable guest access to trace filter controls
arch/arm64/include/asm/kvm_arm.h
* KVM: arm64: Hide system instruction access to Trace registers
arch/arm64/kernel/cpufeature.c
* Revert "net: xfrm: Localize sequence counter per network namespace"
include/net/netns/xfrm.h
net/xfrm/xfrm_state.c
Merge 4.19.187 into android-4.19-stable
* ANDROID: Incremental fs: Set credentials before reading/writing
fs/incfs/data_mgmt.c
fs/incfs/format.c
fs/incfs/format.h
fs/incfs/main.c
fs/incfs/vfs.c
Linux 4.19.187
Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath."
net: ieee802154: stop dump llsec params for monitors
net: ieee802154: forbid monitor for del llsec seclevel
net: ieee802154: forbid monitor for set llsec params
net: ieee802154: fix nl802154 del llsec devkey
net: ieee802154: fix nl802154 add llsec key
net: ieee802154: fix nl802154 del llsec dev
net: ieee802154: fix nl802154 del llsec key
net: ieee802154: nl-mac: fix check on panid
net: mac802154: Fix general protection fault
drivers: net: fix memory leak in peak_usb_create_dev
drivers: net: fix memory leak in atusb_probe
* net: tun: set tun->dev->addr_len during TUNSETLINK processing
drivers/net/tun.c
* cfg80211: remove WARN_ON() in cfg80211_sme_connect
net/wireless/sme.c
* net: sched: bump refcount for new action in ACT replace mode
net/sched/act_api.c
clk: socfpga: fix iomem pointer cast on 64-bit
RDMA/cxgb4: check for ipv6 address properly while destroying listener
* net/mlx5: Fix PBMC register mapping
include/linux/mlx5/mlx5_ifc.h
* net/mlx5: Fix placement of log_max_flow_counter
include/linux/mlx5/mlx5_ifc.h
s390/cpcmd: fix inline assembly register clobbering
* workqueue: Move the position of debug_work_activate() in __queue_work()
kernel/workqueue.c
* clk: fix invalid usage of list cursor in unregister
drivers/clk/clk.c
* clk: fix invalid usage of list cursor in register
drivers/clk/clk.c
soc/fsl: qbman: fix conflicting alignment attributes
ASoC: sunxi: sun4i-codec: fill ASoC card owner
net/ncsi: Avoid channel_monitor hrtimer deadlock
ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces
* net:tipc: Fix a double free in tipc_sk_mcast_rcv
net/tipc/socket.c
cxgb4: avoid collecting SGE_QBASE regs during traffic
gianfar: Handle error code at MAC address change
* sch_red: fix off-by-one checks in red_check_params()
include/net/red.h
amd-xgbe: Update DMA coherency values
i40e: Fix kernel oops when i40e driver removes VF's
i40e: Added Asym_Pause to supported link modes
ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
* net: xfrm: Localize sequence counter per network namespace
include/net/netns/xfrm.h
net/xfrm/xfrm_state.c
regulator: bd9571mwv: Fix AVS and DVFS voltage range
* xfrm: interface: fix ipv4 pmtu check to honor ip header df
net/xfrm/xfrm_interface.c
virtio_net: Add XDP meta data support
* i2c: turn recovery error on init to debug
drivers/i2c/i2c-core-base.c
usbip: synchronize event handler with sysfs code paths
usbip: vudc synchronize sysfs code paths
usbip: stub-dev synchronize sysfs code paths
usbip: add sysfs_lock to synchronize sysfs code paths
* net-ipv6: bugfix - raw & sctp - switch to ipv6_can_nonlocal_bind()
net/ipv6/raw.c
net/sctp/ipv6.c
net: sched: sch_teql: fix null-pointer dereference
* net: ensure mac header is set in virtio_net_hdr_to_skb()
include/linux/virtio_net.h
net: hso: fix null-ptr-deref during tty device unregistration
ice: Increase control queue timeout
batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin
parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers
* parisc: parisc-agp requires SBA IOMMU driver
drivers/char/agp/Kconfig
* fs: direct-io: fix missing sdio->boundary
fs/direct-io.c
ocfs2: fix deadlock between setattr and dio_end_io_write
nds32: flush_dcache_page: use page_mapping_file to avoid races with swapoff
ia64: fix user_stack_pointer() for ptrace()
* net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh
net/ipv6/route.c
xen/evtchn: Change irq_info lock to raw_spinlock_t
nfc: Avoid endless loops caused by repeated llcp_sock_connect()
nfc: fix memory leak in llcp_sock_connect()
nfc: fix refcount leak in llcp_sock_connect()
nfc: fix refcount leak in llcp_sock_bind()
ASoC: intel: atom: Stop advertising non working S24LE support
ALSA: aloop: Fix initialization of controls
Merge 4.19.186 into android-4.19-stable
Linux 4.19.186
* init/Kconfig: make COMPILE_TEST depend on HAS_IOMEM
init/Kconfig
* init/Kconfig: make COMPILE_TEST depend on !S390
init/Kconfig
bpf, x86: Validate computation of branch displacements for x86-32
bpf, x86: Validate computation of branch displacements for x86-64
cifs: Silently ignore unknown oplock break handle
cifs: revalidate mapping when we open files for SMB1 POSIX
ia64: fix format strings for err_inject
ia64: mca: allocate early mca with GFP_ATOMIC
scsi: target: pscsi: Clean up after failure in pscsi_map_sg()
x86/build: Turn off -fcf-protection for realmode targets
platform/x86: thinkpad_acpi: Allow the FnLock LED to change state
drm/msm: Ratelimit invalid-fence message
mac80211: choose first enabled channel for monitor
mISDN: fix crash in fritzpci
net: pxa168_eth: Fix a potential data race in pxa168_eth_remove
platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2
bus: ti-sysc: Fix warning on unbind if reset is not deasserted
ARM: dts: am33xx: add aliases for mmc interfaces
Merge 4.19.185 into android-4.19-stable
Linux 4.19.185
drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
staging: rtl8192e: Change state information from u16 to u8
staging: rtl8192e: Fix incorrect source in memcpy()
usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board.
usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference
USB: cdc-acm: fix use-after-free after probe failure
USB: cdc-acm: fix double free on probe failure
USB: cdc-acm: downgrade message to debug
USB: cdc-acm: untangle a circular dependency between callback and softint
cdc-acm: fix BREAK rx code path adding necessary calls
usb: xhci-mtk: fix broken streams issue on 0.96 xHCI
usb: musb: Fix suspend with devices connected for a64
* USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
drivers/usb/core/quirks.c
usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
* extcon: Fix error handling in extcon_dev_register
drivers/extcon/extcon.c
* extcon: Add stubs for extcon_register_notifier_all() functions
include/linux/extcon.h
pinctrl: rockchip: fix restore error in resume
reiserfs: update reiserfs_xattrs_initialized() condition
drm/amdgpu: check alignment on CPU page for bo map
drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
* mm: fix race by making init_zero_pfn() early_initcall
mm/memory.c
* tracing: Fix stack trace event size
kernel/trace/trace.c
* PM: runtime: Fix ordering in pm_runtime_get_suppliers()
drivers/base/power/runtime.c
* PM: runtime: Fix race getting/putting suppliers at probe
drivers/base/power/runtime.c
ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook
ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO
* ALSA: usb-audio: Apply sample rate quirk to Logitech Connect
sound/usb/quirks.c
* bpf: Remove MTU check in __bpf_skb_max_len
net/core/filter.c
net: wan/lmc: unregister device when no matching device is found
appletalk: Fix skb allocation size in loopback case
net: ethernet: aquantia: Handle error cleanup of start on open
ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
brcmfmac: clear EAP/association status bits on linkdown events
* ext4: do not iput inode under running transaction in ext4_rename()
fs/ext4/namei.c
* locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling
kernel/locking/mutex.c
* thermal/core: Add NULL pointer check before using cooling device stats
drivers/thermal/thermal_sysfs.c
ASoC: rt5659: Update MCLK rate in set_sysclk()
staging: comedi: cb_pcidas64: fix request_irq() warn
staging: comedi: cb_pcidas: fix request_irq() warn
scsi: qla2xxx: Fix broken #endif placement
scsi: st: Fix a use after free in st_open()
vhost: Fix vhost_vq_reset()
ASoC: cs42l42: Always wait at least 3ms after reset
ASoC: cs42l42: Fix mixer volume control
ASoC: cs42l42: Fix channel width support
ASoC: cs42l42: Fix Bitclock polarity inversion
ASoC: es8316: Simplify adc_pga_gain_tlv table
ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe
ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10
ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10
rpc: fix NULL dereference on kmalloc failure
* ext4: fix bh ref count on error paths
fs/ext4/inode.c
* ipv6: weaken the v4mapped source check
net/ipv6/ip6_input.c
net/ipv6/tcp_ipv6.c
* tcp: relookup sock for RST+ACK packets handled by obsolete req sock
include/net/inet_connection_sock.h
net/ipv4/inet_connection_sock.c
net/ipv4/tcp_minisocks.c
selinux: vsock: Set SID for socket returned by accept()
* Revert "can: dev: Move device back to init netns on owning netns delete"
include/net/rtnetlink.h
net/core/dev.c
Merge 4.19.184 into android-4.19-stable
ANDROID: Add OWNERS files referring to the respective android-mainline OWNERS
BACKPORT: drm/virtio: Use vmalloc for command buffer allocations.
UPSTREAM: drm/virtio: Rewrite virtio_gpu_queue_ctrl_buffer using fenced version.
Linux 4.19.184
xen-blkback: don't leak persistent grants from xen_blkbk_map()
can: peak_usb: Revert "can: peak_usb: add forgotten supported devices"
* ext4: add reclaim checks to xattr code
fs/ext4/xattr.c
mac80211: fix double free in ibss_leave
* net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
net/qrtr/qrtr.c
* net: sched: validate stab values
include/net/red.h
* can: dev: Move device back to init netns on owning netns delete
include/net/rtnetlink.h
net/core/dev.c
x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc()
* locking/mutex: Fix non debug version of mutex_lock_io_nested()
include/linux/mutex.h
scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
scsi: qedi: Fix error return code of qedi_alloc_global_queues()
perf auxtrace: Fix auxtrace queue conflict
* dm verity: add root hash pkcs#7 signature verification
drivers/md/dm-verity-target.c
* ACPI: scan: Use unique number for instance_no
include/acpi/acpi_bus.h
ACPI: scan: Rearrange memory allocation in acpi_device_add()
* Revert "netfilter: x_tables: Update remaining dereference to RCU"
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c
* netfilter: x_tables: Use correct memory barriers.
include/linux/netfilter/x_tables.h
net/netfilter/x_tables.c
* Revert "netfilter: x_tables: Switch synchronization to RCU"
include/linux/netfilter/x_tables.h
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c
net/netfilter/x_tables.c
* bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs
include/linux/bpf.h
RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server
net/mlx5e: Fix error path for ethtool set-priv-flag
arm64: kdump: update ppos when reading elfcorehdr
drm/msm: fix shutdown hook in case GPU components failed to bind
net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
net: cdc-phonet: fix data-interface release on probe failure
mac80211: fix rate mask reset
can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
can: c_can: move runtime PM enable/disable to c_can_platform
can: c_can_pci: c_can_pci_remove(): fix use-after-free
can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate
can: peak_usb: add forgotten supported devices
* netfilter: ctnetlink: fix dump of the expect mask attribute
net/netfilter/nf_conntrack_netlink.c
ftgmac100: Restart MAC HW once
net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
e1000e: add rtnl_lock() to e1000_reset_task
net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
* macvlan: macvlan_count_rx() needs to be aware of preemption
include/linux/if_macvlan.h
libbpf: Fix INSTALL flag order
* veth: Store queue_mapping independently of XDP prog presence
drivers/net/veth.c
bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
* dm ioctl: fix out of bounds array access when no devices
drivers/md/dm-ioctl.c
ARM: dts: at91-sama5d27_som1: fix phy address to 7
arm64: dts: ls1043a: mark crypto engine dma coherent
arm64: dts: ls1012a: mark crypto engine dma coherent
arm64: dts: ls1046a: mark crypto engine dma coherent
squashfs: fix xattr id and id lookup sanity checks
* squashfs: fix inode lookup sanity checks
fs/squashfs/squashfs_fs.h
platform/x86: intel-vbtn: Stop reporting SW_DOCK events
netsec: restore phy power state after controller reset
ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign
ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls
* block: Suppress uevent for hidden device when removed
block/genhd.c
nfs: we don't support removing system.nfs4_acl
* drm/radeon: fix AGP dependency
drivers/gpu/drm/Kconfig
* u64_stats,lockdep: Fix u64_stats_init() vs lockdep
include/linux/u64_stats_sync.h
sparc64: Fix opcode filtering in handling of no fault loads
atm: idt77252: fix null-ptr-dereference
atm: uPD98402: fix incorrect allocation
net: wan: fix error return code of uhdlc_init()
net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch()
NFS: Correct size calculation for create reply length
* nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
fs/nfs/Kconfig
gpiolib: acpi: Add missing IRQF_ONESHOT
gianfar: fix jumbo packets+napi+rx overrun crash
sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
net: tehuti: fix error return code in bdx_probe()
ixgbe: Fix memleak in ixgbe_configure_clsu32
* Revert "r8152: adjust the settings about MAC clock speed down for RTL8153"
drivers/net/usb/r8152.c
atm: lanai: dont run lanai_dev_close if not open
atm: eni: dont release is never initialized
powerpc/4xx: Fix build errors from mfdcr()
net: fec: ptp: avoid register access when ipg clock is disabled
* ANDROID: Make vsock virtio packet buff size configurable
include/linux/virtio_vsock.h
* ANDROID: fix up ext4 build from 4.19.183
fs/ext4/namei.c
Bug: 187007303
Change-Id: I7bd7cc06a4928013a8ef194a55aadbb59ff0c6c1
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Lucas Wei
|
5ff9988b08 |
Merge android-4.19-stable (4.19.183) into android-msm-pixel-4.19-lts
Merge 4.19.183 into android-4.19-stable
ANDROID: refresh ABI XML to new version
ANDROID: refresh ABI XML
Linux 4.19.183
cifs: Fix preauth hash corruption
x86/apic/of: Fix CPU devicetree-node lookups
* genirq: Disable interrupts for force threaded handlers
kernel/irq/manage.c
* ext4: fix potential error in ext4_do_update_inode
fs/ext4/inode.c
* ext4: do not try to set xattr into ea_inode if value is empty
fs/ext4/xattr.c
* ext4: find old entry again if failed to rename whiteout
fs/ext4/namei.c
x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
x86: Move TS_COMPAT back to asm/thread_info.h
* kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
fs/select.c
include/linux/thread_info.h
kernel/futex.c
kernel/time/alarmtimer.c
kernel/time/hrtimer.c
kernel/time/posix-cpu-timers.c
x86/ioapic: Ignore IRQ2 again
perf/x86/intel: Fix a crash caused by zero PEBS status
PCI: rpadlpar: Fix potential drc_name corruption in store functions
iio: hid-sensor-temperature: Fix issues of timestamp channel
iio: hid-sensor-prox: Fix scale not correct issue
iio: hid-sensor-humidity: Fix alignment issue of timestamp channel
iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler
iio: adis16400: Fix an error code in adis16400_initial_setup()
iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel
* iio:adc:stm32-adc: Add HAS_IOMEM dependency
drivers/iio/adc/Kconfig
* usb: gadget: configfs: Fix KASAN use-after-free
drivers/usb/gadget/configfs.c
* USB: replace hardcode maximum usb string length by definition
drivers/usb/gadget/composite.c
drivers/usb/gadget/configfs.c
drivers/usb/gadget/usbstring.c
include/uapi/linux/usb/ch9.h
usbip: Fix incorrect double assignment to udc->ud.tcp_rx
* usb-storage: Add quirk to defeat Kindle's automatic unload
drivers/usb/storage/transport.c
drivers/usb/storage/unusual_devs.h
include/linux/usb_usual.h
powerpc: Force inlining of cpu_has_feature() to avoid build failure
nvme-rdma: fix possible hang when failing to set io queues
scsi: lpfc: Fix some error codes in debugfs
* net/qrtr: fix __netdev_alloc_skb call
net/qrtr/qrtr.c
sunrpc: fix refcount leak for rpc auth modules
svcrdma: disable timeouts on rdma backchannel
NFSD: Repair misuse of sv_lock in 5.10.16-rt30.
nvmet: don't check iosqes,iocqes for discovery controllers
ASoC: fsl_ssi: Fix TDM slot setup for I2S mode
btrfs: fix slab cache flags for free space tree bitmap
btrfs: fix race when cloning extent buffer during rewind of an old root
tools build: Check if gettid() is available before providing helper
tools build feature: Check if eventfd() is available
tools build feature: Check if get_current_dir_name() is available
perf tools: Use %define api.pure full instead of %pure-parser
lkdtm: don't move ctors to .rodata
* vmlinux.lds.h: Create section for protection against instrumentation
include/asm-generic/sections.h
include/asm-generic/vmlinux.lds.h
include/linux/compiler.h
include/linux/compiler_types.h
scripts/mod/modpost.c
* Revert "PM: runtime: Update device status before letting suppliers suspend"
drivers/base/power/runtime.c
ALSA: hda: generic: Fix the micmute led init state
ASoC: ak5558: Add MODULE_DEVICE_TABLE
ASoC: ak4458: Add MODULE_DEVICE_TABLE
ANDROID: clang: update to 12.0.4
Merge 4.19.182 into android-4.19-stable
Linux 4.19.182
net: dsa: b53: Support setting learning on port
net: dsa: tag_mtk: fix 802.1ad VLAN egress
* bpf: Add sanity check for upper ptr_limit
kernel/bpf/verifier.c
* bpf: Simplify alu_limit masking for pointer arithmetic
kernel/bpf/verifier.c
* bpf: Fix off-by-one for area size in creating mask to left
kernel/bpf/verifier.c
* bpf: Prohibit alu ops for pointer types not defining ptr_limit
kernel/bpf/verifier.c
* KVM: arm64: nvhe: Save the SPE context early
arch/arm64/include/asm/kvm_hyp.h
* ext4: check journal inode extents more carefully
fs/ext4/block_validity.c
fs/ext4/ext4.h
fs/ext4/extents.c
fs/ext4/indirect.c
fs/ext4/inode.c
fs/ext4/mballoc.c
* Revert "net: Introduce parse_protocol header_ops callback"
include/linux/netdevice.h
* Revert "net: check if protocol extracted by virtio_net_hdr_set_proto is correct"
include/linux/virtio_net.h
Merge 4.19.181 into android-4.19-stable
Linux 4.19.181
xen/events: avoid handling the same event on two cpus at the same time
xen/events: don't unmask an event channel when an eoi is pending
xen/events: reset affinity of 2-level event when tearing it down
KVM: arm64: Fix exclusive limit for IPA size
hwmon: (lm90) Fix max6658 sporadic wrong temperature reading
x86/unwind/orc: Disable KASAN checking in the ORC unwinder, part 2
binfmt_misc: fix possible deadlock in bm_register_write
powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
* include/linux/sched/mm.h: use rcu_dereference in in_vfork()
include/linux/sched/mm.h
* stop_machine: mark helpers __always_inline
include/linux/stop_machine.h
* hrtimer: Update softirq_expires_next correctly after __hrtimer_get_next_event()
kernel/time/hrtimer.c
* configfs: fix a use-after-free in __configfs_open_file
fs/configfs/file.c
block: rsxx: fix error return code of rsxx_pci_probe()
NFSv4.2: fix return value of _nfs4_get_security_label()
sh_eth: fix TRSCER mask for R7S72100
staging: comedi: pcl818: Fix endian problem for AI command data
staging: comedi: pcl711: Fix endian problem for AI command data
staging: comedi: me4000: Fix endian problem for AI command data
staging: comedi: dmm32at: Fix endian problem for AI command data
staging: comedi: das800: Fix endian problem for AI command data
staging: comedi: das6402: Fix endian problem for AI command data
staging: comedi: adv_pci1710: Fix endian problem for AI command data
staging: comedi: addi_apci_1500: Fix endian problem for command sample
staging: comedi: addi_apci_1032: Fix endian problem for COS sample
staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data()
staging: rtl8712: unterminated string leads to read overflow
staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
usbip: fix vudc usbip_sockfd_store races leading to gpf
usbip: fix vhci_hcd attach_store() races leading to gpf
usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
usbip: fix vudc to check for stream socket
usbip: fix vhci_hcd to check for stream socket
usbip: fix stub_dev to check for stream socket
USB: serial: cp210x: add some more GE USB IDs
USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
USB: serial: ch341: add new Product ID
USB: serial: io_edgeport: fix memory leak in edge_startup
* usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
drivers/usb/host/xhci-pci.c
* xhci: Improve detection of device initiated wake signal.
drivers/usb/host/xhci.c
usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
USB: usblp: fix a hang in poll() if disconnected
* usb: dwc3: qcom: Honor wakeup enabled/disabled state
drivers/usb/dwc3/dwc3-qcom.c
usb: gadget: f_uac1: stop playback on function disable
usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot
* USB: gadget: u_ether: Fix a configfs return code
drivers/usb/gadget/function/u_ether_configfs.h
Goodix Fingerprint device is not a modem
mmc: cqhci: Fix random crash when remove mmc module/card
mmc: core: Fix partition switch time for eMMC
s390/dasd: fix hanging IO request during DASD driver unbind
s390/dasd: fix hanging DASD driver unbind
* Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")
security/commoncap.c
* ALSA: usb-audio: Apply the control quirk to Plantronics headsets
sound/usb/quirks.c
* ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
sound/usb/quirks.c
ALSA: hda: Avoid spurious unsol event handling during S3/S4
ALSA: hda: Drop the BATCH workaround for AMD controllers
ALSA: hda/hdmi: Cancel pending works before suspend
* ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk
sound/usb/quirks.c
scsi: target: core: Prevent underflow for service actions
* scsi: target: core: Add cmd length set before cmd complete
include/target/target_core_backend.h
scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
s390/smp: __smp_rescan_cpus() - move cpumask away from stack
i40e: Fix memory leak in i40e_probe
* PCI: Fix pci_register_io_range() memory leak
drivers/pci/pci.c
lib/logic_pio.c
PCI: mediatek: Add missing of_node_put() to fix reference leak
PCI: xgene-msi: Fix race in installing chained irq handler
sparc64: Use arch_validate_flags() to validate ADI flag
sparc32: Limit memblock allocation to low memory
powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
powerpc: improve handling of unrecoverable system reset
powerpc/pci: Add ppc_md.discover_phbs()
mmc: mediatek: fix race condition between msdc_request_timeout and irq
mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()'
udf: fix silent AED tagLocation corruption
i2c: rcar: optimize cacheline to minimize HW race condition
* net: phy: fix save wrong speed and duplex problem if autoneg is on
drivers/net/phy/phy.c
media: v4l: vsp1: Fix bru null pointer access
media: v4l: vsp1: Fix uif null pointer access
media: usbtv: Fix deadlock on suspend
sh_eth: fix TRSCER mask for R7S9210
s390/cio: return -EFAULT if copy_to_user() fails
drm: meson_drv add shutdown function
* drm/compat: Clear bounce structures
drivers/gpu/drm/drm_ioc32.c
s390/cio: return -EFAULT if copy_to_user() fails again
perf traceevent: Ensure read cmdlines are null terminated.
selftests: forwarding: Fix race condition in mirror installation
net: stmmac: fix watchdog timeout during suspend/resume stress test
net: stmmac: stop each tx channel independently
* net: qrtr: fix error return code of qrtr_sendmsg()
net/qrtr/qrtr.c
net: davicom: Fix regulator not turned off on driver removal
net: davicom: Fix regulator not turned off on failed probe
net: lapbether: Remove netif_start_queue / netif_stop_queue
* cipso,calipso: resolve a number of problems with the DOI refcounts
net/ipv4/cipso_ipv4.c
net/ipv6/calipso.c
net/netlabel/netlabel_cipso_v4.c
net: usb: qmi_wwan: allow qmimux add/del with master up
* net: sched: avoid duplicates in classes dump
net/sched/sch_api.c
net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
net/mlx4_en: update moderation when config reset
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
* net: check if protocol extracted by virtio_net_hdr_set_proto is correct
include/linux/virtio_net.h
sh_eth: fix TRSCER mask for SH771x
* Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
mm/slub.c
scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section names
cifs: return proper error code in statfs(2)
* tcp: add sanity tests to TCP_QUEUE_SEQ
net/ipv4/tcp.c
* tcp: annotate tp->write_seq lockless reads
include/net/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_diag.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_minisocks.c
net/ipv4/tcp_output.c
net/ipv6/tcp_ipv6.c
* tcp: annotate tp->copied_seq lockless reads
net/ipv4/tcp.c
net/ipv4/tcp_diag.c
net/ipv4/tcp_input.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_minisocks.c
net/ipv4/tcp_output.c
net/ipv6/tcp_ipv6.c
mt76: dma: do not report truncated frames to mac80211
* netfilter: x_tables: gpf inside xt_find_revision()
net/netfilter/x_tables.c
can: flexcan: enable RX FIFO after FRZ/HALT valid
can: flexcan: assert FRZ bit in flexcan_chip_freeze()
* can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership
include/linux/can/skb.h
* net: Introduce parse_protocol header_ops callback
include/linux/netdevice.h
* net: Fix gro aggregation for udp encaps with zero csum
net/ipv4/udp_offload.c
ath9k: fix transmitting to stations in dynamic SMPS mode
ethernet: alx: fix order of calls on resume
* uapi: nfnetlink_cthelper.h: fix userspace compilation error
include/uapi/linux/netfilter/nfnetlink_cthelper.h
* FROMGIT: configfs: fix a use-after-free in __configfs_open_file
fs/configfs/file.c
ANDROID: GKI: Enable CONFIG_BT for x86
* Revert "Revert "zram: close udev startup race condition as default groups""
drivers/block/zram/zram_drv.c
* Revert "block: genhd: add 'groups' argument to device_add_disk"
block/genhd.c
drivers/scsi/sd.c
include/linux/genhd.h
Revert "nvme: register ns_id attributes as default sysfs groups"
Revert "aoe: register default groups with device_add_disk()"
* Revert "zram: register default groups with device_add_disk()"
drivers/block/zram/zram_drv.c
Revert "virtio-blk: modernize sysfs attribute creation"
Merge 4.19.180 into android-4.19-stable
Linux 4.19.180
mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
* misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom
include/linux/eeprom_93xx46.h
* PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
drivers/pci/quirks.c
ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140
media: cx23885: add more quirks for reset DMA on some AMD IOMMU
* HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016
platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices
platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag
platform/x86: acer-wmi: Add new force_caps module parameter
platform/x86: acer-wmi: Cleanup accelerometer device handling
platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines
mwifiex: pcie: skip cancel_work_sync() on reset failure path
iommu/amd: Fix sleeping in atomic in increase_address_space()
* dm table: fix zoned iterate_devices based device capability checks
drivers/md/dm-table.c
* dm table: fix DAX iterate_devices based device capability checks
drivers/md/dm-table.c
* dm table: fix iterate_devices based device capability checks
drivers/md/dm-table.c
* net: dsa: add GRO support via gro_cells
net/dsa/Kconfig
r8169: fix resuming from suspend on RTL8105e if machine runs on battery
* dm verity: fix FEC for RS roots unaligned to block size
drivers/md/dm-verity-fec.c
rsxx: Return -EFAULT if copy_to_user() fails
* RDMA/rxe: Fix missing kconfig dependency on CRYPTO
drivers/infiniband/sw/rxe/Kconfig
ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits
virtio-blk: modernize sysfs attribute creation
* zram: register default groups with device_add_disk()
drivers/block/zram/zram_drv.c
aoe: register default groups with device_add_disk()
nvme: register ns_id attributes as default sysfs groups
* block: genhd: add 'groups' argument to device_add_disk
block/genhd.c
drivers/scsi/sd.c
include/linux/genhd.h
* Revert "zram: close udev startup race condition as default groups"
drivers/block/zram/zram_drv.c
usbip: tools: fix build error for multiple definition
drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie
* dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size
drivers/md/dm-bufio.c
* PM: runtime: Update device status before letting suppliers suspend
drivers/base/power/runtime.c
btrfs: unlock extents in btrfs_zero_range in case of quota reservation errors
btrfs: free correct amount of space in btrfs_delayed_inode_reserve_metadata
btrfs: validate qgroup inherit for SNAP_CREATE_V2 ioctl
btrfs: fix raid6 qstripe kmap
btrfs: raid56: simplify tracking of Q stripe presence
* ANDROID: GKI: hack up fs/sysfs/file.c to prevent GENKSYMS change
fs/sysfs/file.c
* Revert "arm64: Avoid redundant type conversions in xchg() and cmpxchg()"
arch/arm64/include/asm/atomic_ll_sc.h
arch/arm64/include/asm/atomic_lse.h
arch/arm64/include/asm/cmpxchg.h
Merge 4.19.179 into android-4.19-stable
Linux 4.19.179
ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board
ALSA: hda/realtek: Add quirk for Clevo NH55RZQ
* media: v4l: ioctl: Fix memory leak in video_usercopy
drivers/media/v4l2-core/v4l2-ioctl.c
* swap: fix swapfile read/write offset
mm/page_io.c
mm/swapfile.c
* zsmalloc: account the number of compacted pages correctly
drivers/block/zram/zram_drv.c
include/linux/zsmalloc.h
mm/zsmalloc.c
xen-netback: respect gnttab_map_refs()'s return value
Xen/gnttab: handle p2m update errors on a per-slot basis
scsi: iscsi: Verify lengths on passthrough PDUs
scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
* sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
fs/sysfs/file.c
include/linux/sysfs.h
scsi: iscsi: Restrict sessions and handles to admin capabilities
ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet
ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet
ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet
parisc: Bump 64-bit IRQ stack size to 64 KB
btrfs: fix error handling in commit_fs_roots
* f2fs: fix to set/clear I_LINKABLE under i_lock
fs/f2fs/namei.c
* f2fs: handle unallocated section and zone on pinned/atgc
fs/f2fs/segment.h
media: uvcvideo: Allow entities with no pads
drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails
* PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse
drivers/pci/pci.c
crypto: tcrypt - avoid signed overflow in byte count
staging: most: sound: add sanity check for function argument
* Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
net/bluetooth/amp.c
x86/build: Treat R_386_PLT32 relocation as R_386_PC32
ath10k: fix wmi mgmt tx queue full due to race condition
pktgen: fix misuse of BUG_ON() in pktgen_thread_worker()
Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl
wlcore: Fix command execute failure 19 for wl12xx
vt/consolemap: do font sum unsigned
x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk
staging: fwserial: Fix error handling in fwserial_create
rsi: Move card interrupt handling to RX thread
rsi: Fix TX EAPOL packet handling against iwlwifi AP
dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/
* net: bridge: use switchdev for port flags set through sysfs too
net/bridge/br_sysfs_if.c
mm/hugetlb.c: fix unnecessary address expansion of pmd sharing
* net: fix up truesize of cloned skb in skb_prepare_for_shift()
net/core/skbuff.c
* smackfs: restrict bytes count in smackfs write functions
security/smack/smackfs.c
xfs: Fix assert failure in xfs_setattr_size()
media: mceusb: sanity check for prescaler value
udlfb: Fix memory leak in dlfb_usb_probe
JFS: more checks for invalid superblock
MIPS: VDSO: Use CLANG_FLAGS instead of filtering out '--target='
* arm64: Use correct ll/sc atomic constraints
arch/arm64/include/asm/atomic_ll_sc.h
* arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint
arch/arm64/include/asm/atomic_ll_sc.h
* arm64: Avoid redundant type conversions in xchg() and cmpxchg()
arch/arm64/include/asm/atomic_ll_sc.h
arch/arm64/include/asm/atomic_lse.h
arch/arm64/include/asm/cmpxchg.h
* arm64 module: set plt* section addresses to 0x0
arch/arm64/kernel/module.lds
virtio/s390: implement virtio-ccw revision 2 correctly
drm/virtio: use kvmalloc for large allocations
hugetlb: fix update_and_free_page contig page struct assumption
net: usb: qmi_wwan: support ZTE P685M modem
ANDROID: clang: update to 12.0.3
* Revert "block: split .sysfs_lock into two locks"
block/blk-core.c
block/blk-mq-sysfs.c
block/blk-sysfs.c
block/blk.h
block/elevator.c
include/linux/blkdev.h
* Revert "block: fix race between switching elevator and removing queues"
block/blk-sysfs.c
* Revert "block: don't release queue's sysfs lock during switching elevator"
block/blk-sysfs.c
block/elevator.c
* Revert "dm: fix deadlock when swapping to encrypted device"
drivers/md/dm-core.h
drivers/md/dm.c
include/linux/device-mapper.h
Merge 4.19.178 into android-4.19-stable
Linux 4.19.178
ARM: dts: aspeed: Add LCLK to lpc-snoop
net: qrtr: Fix memory leak in qrtr_tun_open
dm era: Update in-core bitset after committing the metadata
* net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
include/linux/icmpv6.h
include/linux/ipv6.h
include/net/icmp.h
net/ipv4/icmp.c
net/ipv6/icmp.c
net/ipv6/ip6_icmp.c
* ipv6: silence compilation warning for non-IPV6 builds
include/linux/icmpv6.h
* ipv6: icmp6: avoid indirect call for icmpv6_send()
include/linux/icmpv6.h
net/ipv6/icmp.c
net/ipv6/ip6_icmp.c
* xfrm: interface: use icmp_ndo_send helper
net/xfrm/xfrm_interface.c
sunvnet: use icmp_ndo_send helper
gtp: use icmp_ndo_send helper
* icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
include/linux/icmpv6.h
* icmp: introduce helper for nat'd source address in network device context
include/linux/icmpv6.h
include/net/icmp.h
net/ipv4/icmp.c
net/ipv6/ip6_icmp.c
dm era: only resize metadata in preresume
dm era: Reinitialize bitset cache before digesting a new writeset
dm era: Use correct value size in equality function of writeset tree
dm era: Fix bitset memory leaks
dm era: Verify the data block size hasn't changed
dm era: Recover committed writeset after crash
* dm: fix deadlock when swapping to encrypted device
drivers/md/dm-core.h
drivers/md/dm.c
include/linux/device-mapper.h
gfs2: Don't skip dlm unlock if glock has an lvb
sparc32: fix a user-triggerable oops in clear_user()
* f2fs: fix out-of-repair __setattr_copy()
fs/f2fs/file.c
cpufreq: intel_pstate: Get per-CPU max freq via MSR_HWP_CAPABILITIES if available
* printk: fix deadlock when kernel panic
kernel/printk/printk_safe.c
gpio: pcf857x: Fix missing first interrupt
mmc: sdhci-esdhc-imx: fix kernel panic when remove module
* module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
kernel/module.c
* arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55
arch/arm64/Kconfig
arch/arm64/kernel/cpufeature.c
libnvdimm/dimm: Avoid race between probe and available_slots_show()
* hugetlb: fix copy_huge_page_from_user contig page struct assumption
mm/memory.c
x86: fix seq_file iteration for pat/memtype.c
seq_file: document how per-entry resources are managed.
fs/affs: release old buffer head on error path
mtd: spi-nor: hisi-sfc: Put child node np on error path
watchdog: mei_wdt: request stop on unregister
* arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
arch/arm64/kernel/probes/uprobes.c
floppy: reintroduce O_NDELAY fix
x86/reboot: Force all cpus to exit VMX root if VMX is supported
media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt()
staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
staging: gdm724x: Fix DMA from stack
staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c
dts64: mt7622: fix slow sd card access
* pstore: Fix typo in compression option name
fs/pstore/platform.c
drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
misc: rtsx: init of rts522a add OCP power off when no card is present
* seccomp: Add missing return in non-void function
kernel/seccomp.c
crypto: sun4i-ss - handle BigEndian for cipher
crypto: sun4i-ss - checking sg length is not sufficient
* crypto: arm64/sha - add missing module aliases
arch/arm64/crypto/sha1-ce-glue.c
arch/arm64/crypto/sha2-ce-glue.c
btrfs: fix extent buffer leak on failure to copy root
btrfs: fix reloc root leak with 0 ref reloc roots on recovery
btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
KEYS: trusted: Fix migratable=1 failing
tpm_tis: Clean up locality release
tpm_tis: Fix check_locality for correct locality acquisition
ALSA: hda/realtek: modify EAPD in the ALC886
USB: serial: mos7720: fix error code in mos7720_write()
USB: serial: mos7840: fix error code in mos7840_write()
USB: serial: ftdi_sio: fix FTX sub-integer prescaler
* usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
drivers/usb/dwc3/gadget.c
* usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
drivers/usb/dwc3/gadget.c
usb: musb: Fix runtime PM race in musb_queue_resume_work
USB: serial: option: update interface mapping for ZTE P685M
Input: i8042 - add ASUS Zenbook Flip to noselftest list
Input: joydev - prevent potential read overflow in ioctl
* Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S
drivers/input/joystick/xpad.c
Input: raydium_ts_i2c - do not send zero length
HID: wacom: Ignore attempts to overwrite the touch_max value from HID
ACPI: configfs: add missing check after configfs_register_default_group()
ACPI: property: Fix fwnode string properties matching
* blk-settings: align max_sectors on "logical_block_size" boundary
block/blk-settings.c
* scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
drivers/scsi/bnx2fc/Kconfig
* mm/rmap: fix potential pte_unmap on an not mapped pte
include/linux/rmap.h
i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
* arm64: Add missing ISB after invalidating TLB in __primary_switch
arch/arm64/kernel/head.S
r8169: fix jumbo packet handling on RTL8168e
mm/hugetlb: fix potential double free in hugetlb_register_node() error path
* mm/memory.c: fix potential pte_unmap_unlock pte error
mm/memory.c
ocfs2: fix a use after free on error
vxlan: move debug check after netdev unregister
net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
i40e: Fix add TC filter for IPv6
i40e: Fix VFs not created
i40e: Fix overwriting flow control settings during driver loading
i40e: Add zero-initialization of AQ command structures
i40e: Fix flow for IPv6 next header (extension header)
regmap: sdw: use _no_pm functions in regmap_read/write
* ext4: fix potential htree index checksum corruption
fs/ext4/namei.c
drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
* PCI: Align checking of syscall user config accessors
drivers/pci/syscall.c
VMCI: Use set_page_dirty_lock() when unregistering guest memory
pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users
misc: eeprom_93xx46: Fix module alias to enable module autoprobe
sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
Input: elo - fix an error code in elo_connect()
perf test: Fix unaligned access in sample parsing test
perf intel-pt: Fix missing CYC processing in PSB
Input: sur40 - fix an error code in sur40_probe()
spi: pxa2xx: Fix the controller numbering for Wildcat Point
clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs
powerpc/8xx: Fix software emulation interrupt
powerpc/pseries/dlpar: handle ibm, configure-connector delay status
mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
spi: stm32: properly handle 0 byte transfer
RDMA/rxe: Correct skb on loopback path
RDMA/rxe: Fix coding error in rxe_recv.c
perf tools: Fix DSO filtering when not finding a map for a sampled address
* tracepoint: Do not fail unregistering a probe due to memory failure
kernel/tracepoint.c
* amba: Fix resource leak for drivers without .remove
drivers/amba/bus.c
ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes
mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
powerpc/47x: Disable 256k page size
KVM: PPC: Make the VMX instruction emulation routines static
IB/umad: Return EPOLLERR in case of when device disassociated
IB/umad: Return EIO in case of when device disassociated
auxdisplay: ht16k33: Fix refresh rate handling
isofs: release buffer head before return
regulator: s5m8767: Drop regulators OF node reference
spi: atmel: Put allocated master before return
* certs: Fix blacklist flag type confusion
include/linux/key.h
security/keys/key.c
regulator: axp20x: Fix reference cout leak
clk: sunxi-ng: h6: Fix clock divider range on some clocks
RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation
clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
* rtc: s5m: select REGMAP_I2C
drivers/rtc/Kconfig
power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
* of/fdt: Make sure no-map does not remove already reserved regions
drivers/of/fdt.c
* fdt: Properly handle "no-map" field in the memory region
drivers/of/fdt.c
mfd: bd9571mwv: Use devm_mfd_add_devices()
dmaengine: hsu: disable spurious interrupt
dmaengine: owl-dma: Fix a resource leak in the remove function
dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function
dmaengine: fsldma: Fix a resource leak in the remove function
* HID: core: detect and skip invalid inputs to snto32()
drivers/hid/hid-core.c
clk: sunxi-ng: h6: Fix CEC clock
spi: cadence-quadspi: Abort read if dummy cycles required are too many
* quota: Fix memory leak when handling corrupted quota file
fs/quota/quota_v2.c
clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
* capabilities: Don't allow writing ambiguous v3 file capabilities
security/commoncap.c
jffs2: fix use after free in jffs2_sum_write_data()
fs/jfs: fix potential integer overflow on shift of a int
* ima: Free IMA measurement buffer after kexec syscall
include/linux/kexec.h
ima: Free IMA measurement buffer on error
* crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
crypto/ecdh_helper.c
hwrng: timeriomem - Fix cooldown period calculation
btrfs: clarify error returns values in __load_free_space_cache
Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind()
drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask()
* f2fs: fix to avoid inconsistent quota data
fs/f2fs/file.c
fs/f2fs/inline.c
ASoC: cpcap: fix microphone timeslot mask
ata: ahci_brcm: Add back regulators management
crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error)
media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
media: pxa_camera: declare variable when DEBUG is defined
media: cx25821: Fix a bug when reallocating some dma memory
media: qm1d1c0042: fix error return code in qm1d1c0042_init()
media: lmedm04: Fix misuse of comma
drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction.
crypto: bcm - Rename struct device_private to bcm_device_private
ASoC: cs42l56: fix up error handling in probe
media: tm6000: Fix memleak in tm6000_start_stream
media: media/pci: Fix memleak in empress_init
media: em28xx: Fix use-after-free in em28xx_alloc_urbs
media: vsp1: Fix an error handling path in the probe function
media: camss: missing error code in msm_video_register()
media: i2c: ov5670: Fix PIXEL_RATE minimum value
MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition
crypto: sun4i-ss - fix kmap usage
gma500: clean up error handling in init
drm/gma500: Fix error return code in psb_driver_load()
* fbdev: aty: SPARC64 requires FB_ATY_CT
drivers/video/fbdev/Kconfig
net: mvneta: Remove per-cpu queue mapping for Armada 3700
net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP
net: amd-xgbe: Reset link when the link never comes back
net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning
net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout
ibmvnic: skip send_request_unmap for timeout reset
ibmvnic: add memory barrier to protect long term buffer
b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds
* tcp: fix SO_RCVLOWAT related hangs under mem pressure
include/net/tcp.h
* bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx
net/core/filter.c
mac80211: fix potential overflow when multiplying to u32 integers
xen/netback: fix spurious event detection for common event case
bnxt_en: reverse order of TX disable and carrier off
ibmvnic: Set to CLOSED state even on error
ath9k: fix data bus crash when setting nf_override via debugfs
* bpf_lru_list: Read double-checked variable once without lock
kernel/bpf/bpf_lru_list.c
soc: aspeed: snoop: Add clock control logic
ARM: s3c: fix fiq for clang IAS
arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
ARM: dts: armada388-helios4: assign pinctrl to each fan
ARM: dts: armada388-helios4: assign pinctrl to LEDs
staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules
usb: dwc2: Make "trimming xfer length" a debug message
usb: dwc2: Abort transaction after errors with unknown reason
usb: dwc2: Do not update data length if it is 0 on inbound transfers
ARM: dts: Configure missing thermal interrupt for 4430
memory: ti-aemif: Drop child node when jumping out loop
* Bluetooth: Put HCI device if inquiry procedure interrupts
net/bluetooth/hci_core.c
* Bluetooth: drop HCI device reference before return
net/bluetooth/a2mp.c
usb: gadget: u_audio: Free requests only after callback
* ACPICA: Fix exception code class checks
include/acpi/acexcep.h
cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove()
cpufreq: brcmstb-avs-cpufreq: Free resources in error path
arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz
arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD card
arm64: dts: allwinner: A64: properly connect USB PHY to port 0
* bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args
include/linux/filter.h
arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso
arm64: dts: exynos: correct PMIC interrupt trigger level on TM2
ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 family
ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato
ARM: dts: exynos: correct PMIC interrupt trigger level on Monk
ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5
* Bluetooth: Fix initializing response id after clearing struct
net/bluetooth/a2mp.c
Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function
ath10k: Fix error handling in case of CE pipe init failure
* random: fix the RNDRESEEDCRNG ioctl
drivers/char/random.c
MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
* ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode
sound/usb/pcm.c
bfq: Avoid false bfq queue merging
PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064
kdb: Make memory allocations more robust
* vmlinux.lds.h: add DWARF v5 sections
include/asm-generic/vmlinux.lds.h
* locking/static_key: Fix false positive warnings on concurrent dec/inc
kernel/jump_label.c
* jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked() operations
kernel/jump_label.c
scripts/recordmcount.pl: support big endian for ARCH sh
cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
NET: usb: qmi_wwan: Adding support for Cinterion MV31
* block: don't release queue's sysfs lock during switching elevator
block/blk-sysfs.c
block/elevator.c
* block: fix race between switching elevator and removing queues
block/blk-sysfs.c
* block: split .sysfs_lock into two locks
block/blk-core.c
block/blk-mq-sysfs.c
block/blk-sysfs.c
block/blk.h
block/elevator.c
include/linux/blkdev.h
* block: add helper for checking if queue is registered
block/blk-sysfs.c
block/elevator.c
include/linux/blkdev.h
* scripts: set proper OpenSSL include dir also for sign-file
scripts/Makefile
* scripts: use pkg-config to locate libcrypto
scripts/Makefile
arm64: tegra: Add power-domain for Tegra210 HDA
ntfs: check for valid standard information attribute
* usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
drivers/usb/core/quirks.c
* USB: quirks: sort quirk entries
drivers/usb/core/quirks.c
* HID: make arrays usage and value to be the same
drivers/hid/hid-core.c
ANDROID: syscalls/x86: use a weak function for IA32 compat syscalls
ANDROID: Adding kprobes build configs for Cuttlefish
* UPSTREAM: locking/static_key: Fix false positive warnings on concurrent dec/inc
kernel/jump_label.c
* UPSTREAM: jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked() operations
kernel/jump_label.c
ANDROID: Add symbol of _proc_mkdir
Bug: 184596728
Change-Id: I0dddfc3da829cf53c4716a6df1072ed3396b6f4a
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
8c62f42548 |
Merge 4.19.185 into android-4.19-stable
Changes in 4.19.185 selinux: vsock: Set SID for socket returned by accept() tcp: relookup sock for RST+ACK packets handled by obsolete req sock ipv6: weaken the v4mapped source check ext4: fix bh ref count on error paths rpc: fix NULL dereference on kmalloc failure ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe ASoC: es8316: Simplify adc_pga_gain_tlv table ASoC: cs42l42: Fix Bitclock polarity inversion ASoC: cs42l42: Fix channel width support ASoC: cs42l42: Fix mixer volume control ASoC: cs42l42: Always wait at least 3ms after reset vhost: Fix vhost_vq_reset() scsi: st: Fix a use after free in st_open() scsi: qla2xxx: Fix broken #endif placement staging: comedi: cb_pcidas: fix request_irq() warn staging: comedi: cb_pcidas64: fix request_irq() warn ASoC: rt5659: Update MCLK rate in set_sysclk() thermal/core: Add NULL pointer check before using cooling device stats locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling ext4: do not iput inode under running transaction in ext4_rename() brcmfmac: clear EAP/association status bits on linkdown events ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() net: ethernet: aquantia: Handle error cleanup of start on open appletalk: Fix skb allocation size in loopback case net: wan/lmc: unregister device when no matching device is found bpf: Remove MTU check in __bpf_skb_max_len ALSA: usb-audio: Apply sample rate quirk to Logitech Connect ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook PM: runtime: Fix race getting/putting suppliers at probe PM: runtime: Fix ordering in pm_runtime_get_suppliers() tracing: Fix stack trace event size mm: fix race by making init_zero_pfn() early_initcall drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() drm/amdgpu: check alignment on CPU page for bo map reiserfs: update reiserfs_xattrs_initialized() condition pinctrl: rockchip: fix restore error in resume extcon: Add stubs for extcon_register_notifier_all() functions extcon: Fix error handling in extcon_dev_register firewire: nosy: Fix a use-after-free bug in nosy_ioctl() usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem usb: musb: Fix suspend with devices connected for a64 usb: xhci-mtk: fix broken streams issue on 0.96 xHCI cdc-acm: fix BREAK rx code path adding necessary calls USB: cdc-acm: untangle a circular dependency between callback and softint USB: cdc-acm: downgrade message to debug USB: cdc-acm: fix double free on probe failure USB: cdc-acm: fix use-after-free after probe failure usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. staging: rtl8192e: Fix incorrect source in memcpy() staging: rtl8192e: Change state information from u16 to u8 drivers: video: fbcon: fix NULL dereference in fbcon_cursor() Linux 4.19.185 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I65f4fd7d1b60193895371093882ab33943d22e7c |
||
|
Ilya Lipnitskiy
|
7d1b3f635a |
mm: fix race by making init_zero_pfn() early_initcall
commit e720e7d0e983bf05de80b231bccc39f1487f0f16 upstream.
There are code paths that rely on zero_pfn to be fully initialized
before core_initcall. For example, wq_sysfs_init() is a core_initcall
function that eventually results in a call to kernel_execve, which
causes a page fault with a subsequent mmput. If zero_pfn is not
initialized by then it may not get cleaned up properly and result in an
error:
BUG: Bad rss-counter state mm:(ptrval) type:MM_ANONPAGES val:1
Here is an analysis of the race as seen on a MIPS device. On this
particular MT7621 device (Ubiquiti ER-X), zero_pfn is PFN 0 until
initialized, at which point it becomes PFN 5120:
1. wq_sysfs_init calls into kobject_uevent_env at core_initcall:
kobject_uevent_env+0x7e4/0x7ec
kset_register+0x68/0x88
bus_register+0xdc/0x34c
subsys_virtual_register+0x34/0x78
wq_sysfs_init+0x1c/0x4c
do_one_initcall+0x50/0x1a8
kernel_init_freeable+0x230/0x2c8
kernel_init+0x10/0x100
ret_from_kernel_thread+0x14/0x1c
2. kobject_uevent_env() calls call_usermodehelper_exec() which executes
kernel_execve asynchronously.
3. Memory allocations in kernel_execve cause a page fault, bumping the
MM reference counter:
add_mm_counter_fast+0xb4/0xc0
handle_mm_fault+0x6e4/0xea0
__get_user_pages.part.78+0x190/0x37c
__get_user_pages_remote+0x128/0x360
get_arg_page+0x34/0xa0
copy_string_kernel+0x194/0x2a4
kernel_execve+0x11c/0x298
call_usermodehelper_exec_async+0x114/0x194
4. In case zero_pfn has not been initialized yet, zap_pte_range does
not decrement the MM_ANONPAGES RSS counter and the BUG message is
triggered shortly afterwards when __mmdrop checks the ref counters:
__mmdrop+0x98/0x1d0
free_bprm+0x44/0x118
kernel_execve+0x160/0x1d8
call_usermodehelper_exec_async+0x114/0x194
ret_from_kernel_thread+0x14/0x1c
To avoid races such as described above, initialize init_zero_pfn at
early_initcall level. Depending on the architecture, ZERO_PAGE is
either constant or gets initialized even earlier, at paging_init, so
there is no issue with initializing zero_pfn earlier.
Link: https://lkml.kernel.org/r/CALCv0x2YqOXEAy2Q=hafjhHCtTHVodChv1qpM=niAXOpqEbt7w@mail.gmail.com
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: stable@vger.kernel.org
Tested-by: 周琰杰 (Zhou Yanjie) <zhouyanjie@wanyeetech.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
6455a150fa |
Merge 4.19.178 into android-4.19-stable
Changes in 4.19.178
HID: make arrays usage and value to be the same
USB: quirks: sort quirk entries
usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
ntfs: check for valid standard information attribute
arm64: tegra: Add power-domain for Tegra210 HDA
scripts: use pkg-config to locate libcrypto
scripts: set proper OpenSSL include dir also for sign-file
block: add helper for checking if queue is registered
block: split .sysfs_lock into two locks
block: fix race between switching elevator and removing queues
block: don't release queue's sysfs lock during switching elevator
NET: usb: qmi_wwan: Adding support for Cinterion MV31
cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
scripts/recordmcount.pl: support big endian for ARCH sh
jump_label/lockdep: Assert we hold the hotplug lock for _cpuslocked() operations
locking/static_key: Fix false positive warnings on concurrent dec/inc
vmlinux.lds.h: add DWARF v5 sections
kdb: Make memory allocations more robust
PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064
bfq: Avoid false bfq queue merging
ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode
MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
random: fix the RNDRESEEDCRNG ioctl
ath10k: Fix error handling in case of CE pipe init failure
Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function
Bluetooth: Fix initializing response id after clearing struct
ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5
ARM: dts: exynos: correct PMIC interrupt trigger level on Monk
ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato
ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 family
arm64: dts: exynos: correct PMIC interrupt trigger level on TM2
arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso
bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args
arm64: dts: allwinner: A64: properly connect USB PHY to port 0
arm64: dts: allwinner: Drop non-removable from SoPine/LTS SD card
arm64: dts: allwinner: A64: Limit MMC2 bus frequency to 150 MHz
cpufreq: brcmstb-avs-cpufreq: Free resources in error path
cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove()
ACPICA: Fix exception code class checks
usb: gadget: u_audio: Free requests only after callback
Bluetooth: drop HCI device reference before return
Bluetooth: Put HCI device if inquiry procedure interrupts
memory: ti-aemif: Drop child node when jumping out loop
ARM: dts: Configure missing thermal interrupt for 4430
usb: dwc2: Do not update data length if it is 0 on inbound transfers
usb: dwc2: Abort transaction after errors with unknown reason
usb: dwc2: Make "trimming xfer length" a debug message
staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules
ARM: dts: armada388-helios4: assign pinctrl to LEDs
ARM: dts: armada388-helios4: assign pinctrl to each fan
arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
ARM: s3c: fix fiq for clang IAS
soc: aspeed: snoop: Add clock control logic
bpf_lru_list: Read double-checked variable once without lock
ath9k: fix data bus crash when setting nf_override via debugfs
ibmvnic: Set to CLOSED state even on error
bnxt_en: reverse order of TX disable and carrier off
xen/netback: fix spurious event detection for common event case
mac80211: fix potential overflow when multiplying to u32 integers
bpf: Fix bpf_fib_lookup helper MTU check for SKB ctx
tcp: fix SO_RCVLOWAT related hangs under mem pressure
cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds
b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
ibmvnic: add memory barrier to protect long term buffer
ibmvnic: skip send_request_unmap for timeout reset
net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout
net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning
net: amd-xgbe: Reset link when the link never comes back
net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP
net: mvneta: Remove per-cpu queue mapping for Armada 3700
fbdev: aty: SPARC64 requires FB_ATY_CT
drm/gma500: Fix error return code in psb_driver_load()
gma500: clean up error handling in init
crypto: sun4i-ss - fix kmap usage
drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition
MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
media: i2c: ov5670: Fix PIXEL_RATE minimum value
media: camss: missing error code in msm_video_register()
media: vsp1: Fix an error handling path in the probe function
media: em28xx: Fix use-after-free in em28xx_alloc_urbs
media: media/pci: Fix memleak in empress_init
media: tm6000: Fix memleak in tm6000_start_stream
ASoC: cs42l56: fix up error handling in probe
crypto: bcm - Rename struct device_private to bcm_device_private
drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction.
media: lmedm04: Fix misuse of comma
media: qm1d1c0042: fix error return code in qm1d1c0042_init()
media: cx25821: Fix a bug when reallocating some dma memory
media: pxa_camera: declare variable when DEBUG is defined
media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error)
ata: ahci_brcm: Add back regulators management
ASoC: cpcap: fix microphone timeslot mask
f2fs: fix to avoid inconsistent quota data
drm/amdgpu: Prevent shift wrapping in amdgpu_read_mask()
Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind()
btrfs: clarify error returns values in __load_free_space_cache
hwrng: timeriomem - Fix cooldown period calculation
crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
ima: Free IMA measurement buffer on error
ima: Free IMA measurement buffer after kexec syscall
fs/jfs: fix potential integer overflow on shift of a int
jffs2: fix use after free in jffs2_sum_write_data()
capabilities: Don't allow writing ambiguous v3 file capabilities
clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
quota: Fix memory leak when handling corrupted quota file
spi: cadence-quadspi: Abort read if dummy cycles required are too many
clk: sunxi-ng: h6: Fix CEC clock
HID: core: detect and skip invalid inputs to snto32()
dmaengine: fsldma: Fix a resource leak in the remove function
dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function
dmaengine: owl-dma: Fix a resource leak in the remove function
dmaengine: hsu: disable spurious interrupt
mfd: bd9571mwv: Use devm_mfd_add_devices()
fdt: Properly handle "no-map" field in the memory region
of/fdt: Make sure no-map does not remove already reserved regions
power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
rtc: s5m: select REGMAP_I2C
clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation
clk: sunxi-ng: h6: Fix clock divider range on some clocks
regulator: axp20x: Fix reference cout leak
certs: Fix blacklist flag type confusion
spi: atmel: Put allocated master before return
regulator: s5m8767: Drop regulators OF node reference
isofs: release buffer head before return
auxdisplay: ht16k33: Fix refresh rate handling
IB/umad: Return EIO in case of when device disassociated
IB/umad: Return EPOLLERR in case of when device disassociated
KVM: PPC: Make the VMX instruction emulation routines static
powerpc/47x: Disable 256k page size
mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes
ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
amba: Fix resource leak for drivers without .remove
tracepoint: Do not fail unregistering a probe due to memory failure
perf tools: Fix DSO filtering when not finding a map for a sampled address
RDMA/rxe: Fix coding error in rxe_recv.c
RDMA/rxe: Correct skb on loopback path
spi: stm32: properly handle 0 byte transfer
mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
powerpc/pseries/dlpar: handle ibm, configure-connector delay status
powerpc/8xx: Fix software emulation interrupt
clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs
spi: pxa2xx: Fix the controller numbering for Wildcat Point
Input: sur40 - fix an error code in sur40_probe()
perf intel-pt: Fix missing CYC processing in PSB
perf test: Fix unaligned access in sample parsing test
Input: elo - fix an error code in elo_connect()
sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
misc: eeprom_93xx46: Fix module alias to enable module autoprobe
misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users
pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
VMCI: Use set_page_dirty_lock() when unregistering guest memory
PCI: Align checking of syscall user config accessors
drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
ext4: fix potential htree index checksum corruption
regmap: sdw: use _no_pm functions in regmap_read/write
i40e: Fix flow for IPv6 next header (extension header)
i40e: Add zero-initialization of AQ command structures
i40e: Fix overwriting flow control settings during driver loading
i40e: Fix VFs not created
i40e: Fix add TC filter for IPv6
net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
vxlan: move debug check after netdev unregister
ocfs2: fix a use after free on error
mm/memory.c: fix potential pte_unmap_unlock pte error
mm/hugetlb: fix potential double free in hugetlb_register_node() error path
r8169: fix jumbo packet handling on RTL8168e
arm64: Add missing ISB after invalidating TLB in __primary_switch
i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
mm/rmap: fix potential pte_unmap on an not mapped pte
scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
blk-settings: align max_sectors on "logical_block_size" boundary
ACPI: property: Fix fwnode string properties matching
ACPI: configfs: add missing check after configfs_register_default_group()
HID: wacom: Ignore attempts to overwrite the touch_max value from HID
Input: raydium_ts_i2c - do not send zero length
Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S
Input: joydev - prevent potential read overflow in ioctl
Input: i8042 - add ASUS Zenbook Flip to noselftest list
USB: serial: option: update interface mapping for ZTE P685M
usb: musb: Fix runtime PM race in musb_queue_resume_work
usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
USB: serial: ftdi_sio: fix FTX sub-integer prescaler
USB: serial: mos7840: fix error code in mos7840_write()
USB: serial: mos7720: fix error code in mos7720_write()
ALSA: hda/realtek: modify EAPD in the ALC886
tpm_tis: Fix check_locality for correct locality acquisition
tpm_tis: Clean up locality release
KEYS: trusted: Fix migratable=1 failing
btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
btrfs: fix reloc root leak with 0 ref reloc roots on recovery
btrfs: fix extent buffer leak on failure to copy root
crypto: arm64/sha - add missing module aliases
crypto: sun4i-ss - checking sg length is not sufficient
crypto: sun4i-ss - handle BigEndian for cipher
seccomp: Add missing return in non-void function
misc: rtsx: init of rts522a add OCP power off when no card is present
drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
pstore: Fix typo in compression option name
dts64: mt7622: fix slow sd card access
staging/mt7621-dma: mtk-hsdma.c->hsdma-mt7621.c
staging: gdm724x: Fix DMA from stack
staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt()
x86/reboot: Force all cpus to exit VMX root if VMX is supported
floppy: reintroduce O_NDELAY fix
arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
watchdog: mei_wdt: request stop on unregister
mtd: spi-nor: hisi-sfc: Put child node np on error path
fs/affs: release old buffer head on error path
seq_file: document how per-entry resources are managed.
x86: fix seq_file iteration for pat/memtype.c
hugetlb: fix copy_huge_page_from_user contig page struct assumption
libnvdimm/dimm: Avoid race between probe and available_slots_show()
arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55
module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
mmc: sdhci-esdhc-imx: fix kernel panic when remove module
gpio: pcf857x: Fix missing first interrupt
printk: fix deadlock when kernel panic
cpufreq: intel_pstate: Get per-CPU max freq via MSR_HWP_CAPABILITIES if available
f2fs: fix out-of-repair __setattr_copy()
sparc32: fix a user-triggerable oops in clear_user()
gfs2: Don't skip dlm unlock if glock has an lvb
dm: fix deadlock when swapping to encrypted device
dm era: Recover committed writeset after crash
dm era: Verify the data block size hasn't changed
dm era: Fix bitset memory leaks
dm era: Use correct value size in equality function of writeset tree
dm era: Reinitialize bitset cache before digesting a new writeset
dm era: only resize metadata in preresume
icmp: introduce helper for nat'd source address in network device context
icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
gtp: use icmp_ndo_send helper
sunvnet: use icmp_ndo_send helper
xfrm: interface: use icmp_ndo_send helper
ipv6: icmp6: avoid indirect call for icmpv6_send()
ipv6: silence compilation warning for non-IPV6 builds
net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
dm era: Update in-core bitset after committing the metadata
net: qrtr: Fix memory leak in qrtr_tun_open
ARM: dts: aspeed: Add LCLK to lpc-snoop
Linux 4.19.178
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8c07c10dd29a1233f238b533622d7b32bd22bdb0
|
||
|
Mike Kravetz
|
669e2d7db2 |
hugetlb: fix copy_huge_page_from_user contig page struct assumption
commit 3272cfc2525b3a2810a59312d7a1e6f04a0ca3ef upstream.
page structs are not guaranteed to be contiguous for gigantic pages. The
routine copy_huge_page_from_user can encounter gigantic pages, yet it
assumes page structs are contiguous when copying pages from user space.
Since page structs for the target gigantic page are not contiguous, the
data copied from user space could overwrite other pages not associated
with the gigantic page and cause data corruption.
Non-contiguous page structs are generally not an issue. However, they can
exist with a specific kernel configuration and hotplug operations. For
example: Configure the kernel with CONFIG_SPARSEMEM and
!CONFIG_SPARSEMEM_VMEMMAP. Then, hotplug add memory for the area where
the gigantic page will be allocated.
Link: https://lkml.kernel.org/r/20210217184926.33567-2-mike.kravetz@oracle.com
Fixes:
|
||
|
Miaohe Lin
|
39e913ee4c |
mm/memory.c: fix potential pte_unmap_unlock pte error
[ Upstream commit 90a3e375d324b2255b83e3dd29e99e2b05d82aaf ] Since commit |
||
|
lucaswei
|
3ff70092e4 |
Merge android-4.19-stable (4.19.160) into android-msm-pixel-4.19-lts
Merge 4.19.160 into android-4.19-stable
Linux 4.19.160
mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault()
x86/microcode/intel: Check patch signature before saving microcode for early loading
* seccomp: Set PF_SUPERPRIV when checking capability
kernel/seccomp.c
* ptrace: Set PF_SUPERPRIV when checking capability
kernel/ptrace.c
s390/dasd: fix null pointer dereference for ERP requests
s390/cpum_sf.c: fix file permission for cpum_sfb_size
mac80211: free sta in sta_info_insert_finish() on errors
mac80211: minstrel: fix tx status processing corner case
mac80211: minstrel: remove deferred sampling code
xtensa: disable preemption around cache alias management calls
* regulator: workaround self-referent regulators
drivers/regulator/core.c
* regulator: avoid resolve_supply() infinite recursion
drivers/regulator/core.c
* regulator: fix memory leak with repeated set_machine_constraints()
drivers/regulator/core.c
regulator: pfuze100: limit pfuze-support-disable-sw to pfuze{100,200}
iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode
iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum
* ext4: fix bogus warning in ext4_update_dx_flag()
fs/ext4/ext4.h
staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids
efivarfs: fix memory leak in efivarfs_create()
tty: serial: imx: keep console clocks always on
ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220)
ALSA: mixart: Fix mutex deadlock
* ALSA: ctl: fix error path at adding user-defined element set
sound/core/control.c
* ALSA: usb-audio: Add delay quirk for all Logitech USB devices
sound/usb/quirks.c
ALSA: firewire: Clean up a locking issue in copy_resp_to_buf()
speakup: Do not let the line discipline be used several times
* libfs: fix error cast of negative value in simple_attr_write()
fs/libfs.c
efi/x86: Free efi_pgd with free_pages()
xfs: revert "xfs: fix rmap key and record comparison functions"
fail_function: Remove a redundant mutex unlock
regulator: ti-abb: Fix array out of bound read access on the first transition
xfs: strengthen rmap record flags checking
xfs: fix the minrecs logic when dealing with inode root child blocks
can: kvaser_usb: kvaser_usb_hydra: Fix KCAN bittiming limits
drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind()
MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu
ASoC: qcom: lpass-platform: Fix memory leak
can: m_can: m_can_handle_state_change(): fix state change
can: peak_usb: fix potential integer overflow on shift of a int
can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb()
can: ti_hecc: Fix memleak in ti_hecc_probe
can: dev: can_restart(): post buffer from the right context
can: af_can: prevent potential access of uninitialized member in canfd_rcv()
can: af_can: prevent potential access of uninitialized member in can_rcv()
* ip_tunnels: Set tunnel option flag when tunnel metadata is present
include/net/ip_tunnels.h
perf lock: Don't free "lock_seq_stat" if read_count isn't zero
* Input: resistive-adc-touch - fix kconfig dependency on IIO_BUFFER
drivers/input/touchscreen/Kconfig
ARM: dts: imx50-evk: Fix the chip select 1 IOMUX
arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy
arm64: dts: allwinner: h5: OrangePi Prime: Fix ethernet node
MIPS: export has_transparent_hugepage() for modules
Input: adxl34x - clean up a data type in adxl34x_probe()
arm64: dts: allwinner: a64: bananapi-m64: Enable RGMII RX/TX delay on PHY
ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY
ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on Ethernet PHY
Revert "arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to active high"
ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node
arm64: dts: allwinner: h5: OrangePi PC2: Fix ethernet node
arm64: dts: allwinner: a64: Pine64 Plus: Fix ethernet node
* vfs: remove lockdep bogosity in __sb_start_write
fs/super.c
* arm64: psci: Avoid printing in cpu_psci_cpu_die()
arch/arm64/kernel/psci.c
ACPI: button: Add DMI quirk for Medion Akoya E2228T
selftests: kvm: Fix the segment descriptor layout to match the actual layout
* scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold()
drivers/scsi/ufs/ufshcd.c
pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
net: ftgmac100: Fix crash when removing driver
net/ncsi: Fix netlink registration
net: usb: qmi_wwan: Set DTR quirk for MR400
net/mlx5: Disable QoS when min_rates on all VFs are zero
tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate
* sctp: change to hold/put transport for proto_unreach_timer
net/sctp/input.c
net/sctp/sm_sideeffect.c
net/sctp/transport.c
qlcnic: fix error return code in qlcnic_83xx_restart_hw()
qed: fix error return code in qed_iwarp_ll2_start()
* page_frag: Recover from memory pressure
mm/page_alloc.c
net: x25: Increase refcnt of "struct x25_neigh" in x25_rx_call_request
* net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup
drivers/net/ethernet/qualcomm/rmnet/rmnet_handlers.c
net/mlx4_core: Fix init_hca fields offset
* netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
* netlabel: fix our progress tracking in netlbl_unlabel_staticlist()
net/netlabel/netlabel_unlabeled.c
net: Have netpoll bring-up DSA management interface
net: dsa: mv88e6xxx: Avoid VTU corruption on 6097
* net: bridge: add missing counters to ndo_get_stats64 callback
net/bridge/br_device.c
net: b44: fix error return code in b44_init_one()
mlxsw: core: Use variable timeout for EMAD retries
lan743x: prevent entire kernel HANG on open, for some platforms
lan743x: fix issue causing intermittent kernel log warnings
* inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill()
net/ipv4/inet_diag.c
devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill()
bnxt_en: read EEPROM A2h address using page 0
atm: nicstar: Unmap DMA on send error
* ah6: fix error return code in ah6_input()
net/ipv6/ah6.c
Merge 4.19.159 into android-4.19-stable
Linux 4.19.159
ACPI: GED: fix -Wformat
KVM: x86: clflushopt should be treated as a no-op by emulation
can: proc: can_remove_proc(): silence remove_proc_entry warning
mac80211: always wind down STA state
Input: sunkbd - avoid use-after-free in teardown paths
powerpc/8xx: Always fault when _PAGE_ACCESSED is not set
Revert "perf cs-etm: Move definition of 'traceid_list' global variable from header file"
powerpc/64s: flush L1D after user accesses
powerpc/uaccess: Evaluate macro arguments once, before user access is allowed
powerpc: Fix __clear_user() with KUAP enabled
powerpc: Implement user_access_begin and friends
powerpc: Add a framework for user access tracking
powerpc/64s: flush L1D on kernel entry
powerpc/64s: move some exception handlers out of line
ANDROID: GKI: Update ABI for incfs and dm-user
Revert "ANDROID: Add dependencies of dm-user.ko"
* ANDROID: Incremental fs: Add zstd compression support
fs/incfs/Kconfig
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/format.h
include/uapi/linux/incrementalfs.h
* ANDROID: Incremental fs: Small improvements
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/format.c
fs/incfs/format.h
fs/incfs/pseudo_files.c
fs/incfs/vfs.c
* ANDROID: Incremental fs: Initialize mount options correctly
fs/incfs/vfs.c
ANDROID: Incremental fs: Fix read_log_test which failed sporadically
* ANDROID: Incremental fs: Fix misuse of cpu_to_leXX and poll return
fs/incfs/format.c
fs/incfs/pseudo_files.c
* ANDROID: Incremental fs: Add per UID read timeouts
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/pseudo_files.c
fs/incfs/vfs.c
include/uapi/linux/incrementalfs.h
* ANDROID: Incremental fs: Add .incomplete folder
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/pseudo_files.c
fs/incfs/vfs.c
* ANDROID: Incremental fs: Fix dangling else
fs/incfs/data_mgmt.c
* ANDROID: Incremental fs: Fix uninitialized variable
fs/incfs/vfs.c
* ANDROID: Incremental fs: Fix filled block count from get filled blocks
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/format.c
fs/incfs/format.h
fs/incfs/pseudo_files.c
fs/incfs/vfs.c
fs/incfs/vfs.h
* ANDROID: Incremental fs: Add hash block counts to IOC_IOCTL_GET_BLOCK_COUNT
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/format.c
fs/incfs/format.h
fs/incfs/vfs.c
include/uapi/linux/incrementalfs.h
* ANDROID: Incremental fs: Add INCFS_IOC_GET_BLOCK_COUNT
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/format.c
fs/incfs/format.h
fs/incfs/vfs.c
include/uapi/linux/incrementalfs.h
* ANDROID: Incremental fs: Make compatible with existing files
fs/incfs/format.c
fs/incfs/format.h
* ANDROID: Incremental fs: Remove block HASH flag
fs/incfs/format.c
fs/incfs/format.h
* ANDROID: Incremental fs: Remove back links and crcs
fs/incfs/format.c
fs/incfs/format.h
* ANDROID: Incremental fs: Remove attributes from file
fs/incfs/data_mgmt.c
fs/incfs/format.c
fs/incfs/format.h
fs/incfs/pseudo_files.c
* ANDROID: Incremental fs: Add .blocks_written file
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/pseudo_files.c
fs/incfs/pseudo_files.h
include/uapi/linux/incrementalfs.h
* ANDROID: Incremental fs: Separate pseudo-file code
fs/incfs/Makefile
fs/incfs/pseudo_files.c
fs/incfs/pseudo_files.h
fs/incfs/vfs.c
fs/incfs/vfs.h
* ANDROID: Incremental fs: Add UID to pending_read
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/main.c
fs/incfs/vfs.c
include/uapi/linux/incrementalfs.h
* ANDROID: Incremental fs: Create mapped file
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/format.c
fs/incfs/format.h
fs/incfs/vfs.c
include/uapi/linux/incrementalfs.h
* ANDROID: Incremental fs: Don't allow renaming .index directory.
fs/incfs/vfs.c
* ANDROID: Incremental fs: Fix incfs to work on virtio-9p
fs/incfs/format.c
fs/incfs/vfs.c
ANDROID: Incremental fs: Allow running a single test
ANDROID: Incremental fs: Adding perf test
ANDROID: Incremental fs: Stress tool
* ANDROID: Incremental fs: Use R/W locks to read/write segment blockmap.
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
fs/incfs/vfs.c
* ANDROID: Incremental fs: Remove unnecessary dependencies
fs/incfs/Kconfig
* ANDROID: Incremental fs: Remove annoying pr_debugs
fs/incfs/data_mgmt.c
* ANDROID: Incremental fs: dentry_revalidate should not return -EBADF.
fs/incfs/vfs.c
* ANDROID: Incremental fs: Fix minor bugs
fs/incfs/data_mgmt.c
fs/incfs/vfs.c
* ANDROID: Incremental fs: RCU locks instead of mutex for pending_reads.
fs/incfs/data_mgmt.c
fs/incfs/data_mgmt.h
* ANDROID: Incremental fs: fix up attempt to copy structures with READ/WRITE_ONCE
fs/incfs/vfs.c
Merge 4.19.158 into android-4.19-stable
Revert "ANDROID: clang: update to 11.0.5"
Linux 4.19.158
Convert trailing spaces and periods in path components
* net: sch_generic: fix the missing new qdisc assignment bug
net/sched/sch_generic.c
* reboot: fix overflow parsing reboot cpu number
kernel/reboot.c
* Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
kernel/reboot.c
* perf/core: Fix race in the perf_mmap_close() function
kernel/events/core.c
perf scripting python: Avoid declaring function pointers with a visibility attribute
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
* random32: make prandom_u32() output unpredictable
drivers/char/random.c
include/linux/prandom.h
kernel/time/timer.c
lib/random32.c
r8169: fix potential skb double free in an error path
vrf: Fix fast path output packet handling with async Netfilter rules
* tipc: fix memory leak in tipc_topsrv_start()
net/tipc/topsrv.c
net/x25: Fix null-ptr-deref in x25_connect
* net: Update window_clamp if SOCK_RCVBUF is set
net/ipv4/syncookies.c
net/ipv6/syncookies.c
net/af_iucv: fix null pointer dereference on shutdown
* IPv6: Set SIT tunnel hard_header_len to zero
net/ipv6/sit.c
* swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
kernel/dma/swiotlb.c
erofs: derive atime instead of leaving it empty
pinctrl: amd: fix incorrect way to disable debounce filter
pinctrl: amd: use higher precision for 512 RtcClk
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
* don't dump the threads that had been already exiting when zapped.
kernel/exit.c
mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove
gpio: pcie-idio-24: Enable PEX8311 interrupts
gpio: pcie-idio-24: Fix IRQ Enable Register value
gpio: pcie-idio-24: Fix irq mask when masking
selinux: Fix error return code in sel_ib_pkey_sid_slow()
btrfs: fix potential overflow in cluster_pages_for_defrag on 32bit arch
ocfs2: initialize ip_next_orphan
* futex: Don't enable IRQs unconditionally in put_pi_state()
kernel/futex.c
mei: protect mei_cl_mtu from null dereference
xhci: hisilicon: fix refercence leak in xhci_histb_probe
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
* uio: Fix use-after-free in uio_unregister_device()
drivers/uio/uio.c
thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
thunderbolt: Fix memory leak if ida_simple_get() fails in enumerate_services()
btrfs: dev-replace: fail mount if we don't have replace item with target device
btrfs: ref-verify: fix memory leak in btrfs_ref_tree_mod
* ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
fs/ext4/inline.c
* ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
fs/ext4/super.c
* perf: Fix get_recursion_context()
kernel/events/internal.h
cosa: Add missing kfree in error path of cosa_write
* of/address: Fix of_node memory leak in of_dma_is_coherent
drivers/of/address.c
xfs: fix a missing unlock on error in xfs_fs_map_blocks
lan743x: fix "BUG: invalid wait context" when setting rx mode
xfs: fix brainos in the refcount scrubber's rmap fragment processor
xfs: fix rmap key and record comparison functions
xfs: set the unwritten bit in rmap lookup flags in xchk_bmap_get_rmapextents
xfs: fix flags argument to rmap lookup when converting shared file rmaps
nbd: fix a block_device refcount leak in nbd_release
pinctrl: aspeed: Fix GPI only function problem.
ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
pinctrl: intel: Set default bias in case no particular value given
mfd: sprd: Add wakeup capability for PMIC IRQ
* tick/common: Touch watchdog in tick_unfreeze() on all CPUs
kernel/time/tick-common.c
tpm_tis: Disable interrupts on ThinkPad T490s
selftests: proc: fix warning: _GNU_SOURCE redefined
vfio: platform: fix reference leak in vfio_platform_open
s390/smp: move rcu_cpu_starting() earlier
iommu/amd: Increase interrupt remapping table limit to 512 entries
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
* cfg80211: regulatory: Fix inconsistent format argument
net/wireless/reg.c
mac80211: fix use of skb payload instead of header
drm/amd/pm: do not use ixFEATURE_STATUS for checking smc running
drm/amd/pm: perform SMC reset on suspend/hibernation
drm/amdgpu: perform srbm soft reset always on SDMA resume
scsi: hpsa: Fix memory leak in hpsa_init_one()
gfs2: check for live vs. read-only file system in gfs2_fitrim
gfs2: Add missing truncate_inode_pages_final for sd_aspace
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
usb: gadget: goku_udc: fix potential crashes in probe
* crypto: arm64/aes-modes - get rid of literal load of addend vector
arch/arm64/crypto/aes-modes.S
* netfilter: use actual socket sk rather than skb sk when routing harder
include/linux/netfilter_ipv4.h
include/linux/netfilter_ipv6.h
net/ipv4/netfilter.c
net/ipv4/netfilter/iptable_mangle.c
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
net/ipv4/netfilter/nf_reject_ipv4.c
net/ipv6/netfilter.c
net/ipv6/netfilter/ip6table_mangle.c
ath9k_htc: Use appropriate rs_datalen type
Btrfs: fix missing error return if writeback for extent buffer never started
tpm: efi: Don't create binary_bios_measurements file for an empty log
xfs: fix scrub flagging rtinherit even if there is no rt device
xfs: flush new eof page on truncate to avoid post-eof corruption
can: flexcan: remove FLEXCAN_QUIRK_DISABLE_MECR quirk for LS1021A
can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_usb: add range checking in decode operations
* can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
include/linux/can/skb.h
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
can: rx-offload: don't call kfree_skb() from IRQ context
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
perf tools: Add missing swap for ino_generation
netfilter: ipset: Update byte and packet counters regardless of whether they match
xfs: set xefi_discard when creating a deferred agfl free log intent item
* net: xfrm: fix a race condition during allocing spi
net/xfrm/xfrm_state.c
hv_balloon: disable warning when floor reached
* genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
kernel/irq/Kconfig
btrfs: reschedule when cloning lots of extents
btrfs: sysfs: init devices outside of the chunk_mutex
* usb: dwc3: gadget: Reclaim extra TRBs after request completion
drivers/usb/dwc3/gadget.c
* usb: dwc3: gadget: Continue to process pending requests
drivers/usb/dwc3/gadget.c
nbd: don't update block size after device is started
* time: Prevent undefined behaviour in timespec64_to_ns()
include/linux/time64.h
kernel/time/itimer.c
* regulator: defer probe when trying to get voltage from unresolved supply
drivers/regulator/core.c
* FROMGIT: Input: Add devices for HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
* ANDROID: arm64: Fix off-by-one vdso trampoline return value
arch/arm64/include/asm/vdso.h
ANDROID: Add dependencies of dm-user.ko
* UPSTREAM: arm64: vdso: Add -fasynchronous-unwind-tables to cflags
arch/arm64/kernel/vdso/Makefile
* UPSTREAM: of: property: Fix create device links for all child-supplier dependencies
drivers/of/property.c
* UPSTREAM: of: property: Do not link to disabled devices
drivers/of/property.c
* UPSTREAM: drm: Fix doc warning in drm_connector_attach_edid_property()
drivers/gpu/drm/drm_connector.c
* UPSTREAM: selinux: fix non-MLS handling in mls_context_to_sid()
security/selinux/ss/mls.c
* UPSTREAM: drm/prime: Fix drm_gem_prime_mmap() stack use
drivers/gpu/drm/drm_prime.c
* UPSTREAM: crypto: chacha-generic - fix use as arm64 no-NEON fallback
crypto/chacha_generic.c
UPSTREAM: slab: store tagged freelist for off-slab slabmgmt
UPSTREAM: parisc: Switch from DISCONTIGMEM to SPARSEMEM
* UPSTREAM: cgroup: Move cgroup_parse_float() implementation out of CONFIG_SYSFS
kernel/cgroup/cgroup.c
* UPSTREAM: fork: don't check parent_tidptr with CLONE_PIDFD
kernel/fork.c
* UPSTREAM: vdso: Remove superfluous #ifdef __KERNEL__ in vdso/datapage.h
include/vdso/datapage.h
* UPSTREAM: arm64: compat: No need for pre-ARMv7 barriers on an ARMv8 system
arch/arm64/include/asm/vdso/compat_barrier.h
* UPSTREAM: timekeeping/vsyscall: Use __iter_div_u64_rem()
kernel/time/vsyscall.c
* UPSTREAM: kasan: remove clang version check for KASAN_STACK
lib/Kconfig.kasan
* UPSTREAM: page flags: prioritize kasan bits over last-cpuid
include/linux/page-flags-layout.h
* UPSTREAM: timekeeping/vsyscall: Prevent math overflow in BOOTTIME update
include/linux/timekeeper_internal.h
kernel/time/timekeeping.c
kernel/time/vsyscall.c
UPSTREAM: kcm: disable preemption in kcm_parse_func_strparser()
* UPSTREAM: cfg80211: validate SSID/MBSSID element ordering assumption
net/wireless/scan.c
UPSTREAM: MIPS: VDSO: Fix build for binutils < 2.25
UPSTREAM: virt_wifi: fix refcnt leak in module exit routine
* UPSTREAM: sched/topology: Allow sched_asym_cpucapacity to be disabled
kernel/sched/topology.c
* UPSTREAM: scripts/tools-support-relr.sh: un-quote variables
scripts/tools-support-relr.sh
* UPSTREAM: fork: fix pidfd_poll()'s return type
kernel/fork.c
UPSTREAM: virt_wifi: fix use-after-free in virt_wifi_newlink()
* UPSTREAM: of/platform: Unconditionally pause/resume sync state during kernel init
drivers/of/platform.c
* UPSTREAM: selinux: ensure the policy has been loaded before reading the sidtab stats
security/selinux/ss/services.c
* UPSTREAM: raid6/test: fix a compilation error
include/linux/raid/pq.h
UPSTREAM: PM: hibernate: fix crashes with init_on_free=1
UPSTREAM: ARM: bcm2835_defconfig: Explicitly restore CONFIG_DEBUG_FS
UPSTREAM: ARM: socfpga_defconfig: Add back DEBUG_FS
* UPSTREAM: binderfs: use refcount for binder control devices too
drivers/android/binderfs.c
UPSTREAM: um: Fix header inclusion
* UPSTREAM: PM: sleep: wakeup: Skip wakeup_source_sysfs_remove() if device is not there
drivers/base/power/wakeup.c
* UPSTREAM: Input: fix stale timestamp on key autorepeat events
drivers/input/input.c
* UPSTREAM: mm/filemap.c: don't bother dropping mmap_sem for zero size readahead
mm/filemap.c
* UPSTREAM: arm64: vdso: don't free unallocated pages
arch/arm64/kernel/vdso.c
* UPSTREAM: usb: typec: altmode: Fix typec_altmode_get_partner sometimes returning an invalid pointer
drivers/usb/typec/bus.c
* UPSTREAM: ipv6: ndisc: RFC-ietf-6man-ra-pref64-09 is now published as RFC8781
include/net/ndisc.h
UPSTREAM: s390/setup: init jump labels before command line parsing
* UPSTREAM: dma-buf: free dmabuf->name in dma_buf_release()
drivers/dma-buf/dma-buf.c
* UPSTREAM: driver core: Don't do deferred probe in parallel with kernel_init thread
drivers/base/base.h
drivers/base/core.c
drivers/base/dd.c
* UPSTREAM: fscrypt: restrict IV_INO_LBLK_* to AES-256-XTS
fs/crypto/policy.c
* UPSTREAM: fscrypt: use smp_load_acquire() for fscrypt_prepared_key
fs/crypto/fscrypt_private.h
fs/crypto/inline_crypt.c
fs/crypto/keysetup.c
* UPSTREAM: mm/page_alloc: silence a KASAN false positive
mm/page_alloc.c
* UPSTREAM: ARM64: vdso32: Install vdso32 from vdso_install
arch/arm64/Makefile
arch/arm64/kernel/vdso32/Makefile
* UPSTREAM: fscrypt: restrict IV_INO_LBLK_32 to ino_bits <= 32
fs/crypto/policy.c
* UPSTREAM: coresight: tmc: Fix bad register address for CLAIM
drivers/hwtracing/coresight/coresight-tmc-etf.c
* UPSTREAM: coresight: etm4x: Fix unused function warning
drivers/hwtracing/coresight/coresight-etm4x.c
* UPSTREAM: coresight: etm4x: Fix use-after-free of per-cpu etm drvdata
drivers/hwtracing/coresight/coresight-etm4x.c
* UPSTREAM: coresight: etm4x: Fix save/restore during cpu idle
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/hwtracing/coresight/coresight-etm4x.h
* UPSTREAM: coresight: etm4x: Handle unreachable sink in perf mode
drivers/hwtracing/coresight/coresight-etm-perf.c
* UPSTREAM: coresight: etm4x: Fix issues on trcseqevr access
drivers/hwtracing/coresight/coresight-etm4x.c
* UPSTREAM: coresight: etm: perf: Fix warning caused by etm_setup_aux failure
drivers/hwtracing/coresight/coresight-etm-perf.c
* UPSTREAM: coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register
drivers/hwtracing/coresight/coresight-etm4x.c
Merge 4.19.157 into android-4.19-stable
Linux 4.19.157
powercap: restrict energy meter to root access
* Revert "ANDROID: Kbuild, LLVMLinux: allow overriding clang target triple"
Makefile
build.config.aarch64
build.config.allmodconfig
build.config.arm
build.config.x86_64
Merge 4.19.156 into android-4.19-stable
Linux 4.19.156
arm64: dts: marvell: espressobin: Add ethernet switch aliases
* net: dsa: read mac address from DT for slave device
include/net/dsa.h
tools: perf: Fix build error in v4.19.y
* perf/core: Fix a memory leak in perf_event_parse_addr_filter()
kernel/events/core.c
* PM: runtime: Resume the device earlier in __device_release_driver()
drivers/base/dd.c
Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
ARC: stack unwinding: avoid indefinite looping
usb: mtu3: fix panic in mtu3_gadget_stop()
* USB: Add NO_LPM quirk for Kingston flash drive
drivers/usb/core/quirks.c
USB: serial: option: add Telit FN980 composition 0x1055
USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
USB: serial: option: add Quectel EC200T module support
USB: serial: cyberjack: fix write-URB completion race
serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
serial: 8250_mtk: Fix uart_get_baud_rate warning
* fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
kernel/fork.c
vt: Disable KD_FONT_OP_COPY
ACPI: NFIT: Fix comparison to '-ENXIO'
drm/vc4: drv: Add error handding for bind
vsock: use ns_capable_noaudit() on socket create
* scsi: core: Don't start concurrent async scan on same host
drivers/scsi/scsi_scan.c
* blk-cgroup: Pre-allocate tree node on blkg_conf_prep
block/blk-cgroup.c
* blk-cgroup: Fix memleak on error path
block/blk-cgroup.c
* of: Fix reserved-memory overlap detection
drivers/of/of_reserved_mem.c
x86/kexec: Use up-to-dated screen_info copy to fill boot params
ARM: dts: sun4i-a10: fix cpu_alert temperature
* futex: Handle transient "ownerless" rtmutex state correctly
kernel/futex.c
* tracing: Fix out of bounds write in get_trace_buf
kernel/trace/trace.c
* ftrace: Handle tracing when switching between context
kernel/trace/trace.h
* ftrace: Fix recursion check for NMI test
kernel/trace/trace.h
* ring-buffer: Fix recursion protection transitions between interrupt context
kernel/trace/ring_buffer.c
gfs2: Wake up when sd_glock_disposal becomes zero
* mm: always have io_remap_pfn_range() set pgprot_decrypted()
include/asm-generic/pgtable.h
include/linux/mm.h
* kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
kernel/kthread.c
lib/crc32test: remove extra local_irq_disable/enable
mm: mempolicy: fix potential pte_unmap_unlock pte error
* ALSA: usb-audio: Add implicit feedback quirk for MODX
sound/usb/pcm.c
* ALSA: usb-audio: Add implicit feedback quirk for Qu-16
sound/usb/pcm.c
* ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices
sound/usb/quirks.c
* ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2
sound/usb/pcm.c
Fonts: Replace discarded const qualifier
btrfs: tree-checker: fix the error message for transid error
btrfs: tree-checker: Verify inode item
btrfs: tree-checker: Enhance chunk checker to validate chunk profile
btrfs: tree-checker: Fix wrong check on max devid
btrfs: tree-checker: Verify dev item
btrfs: tree-checker: Check chunk item at tree block read time
btrfs: tree-checker: Make btrfs_check_chunk_valid() return EUCLEAN instead of EIO
btrfs: tree-checker: Make chunk item checker messages more readable
btrfs: Move btrfs_check_chunk_valid() to tree-check.[ch] and export it
btrfs: Don't submit any btree write bio if the fs has errors
Btrfs: fix unwritten extent buffers and hangs on future writeback attempts
btrfs: extent_io: add proper error handling to lock_extent_buffer_for_io()
btrfs: extent_io: Handle errors better in btree_write_cache_pages()
btrfs: extent_io: Handle errors better in extent_write_full_page()
btrfs: flush write bio if we loop in extent_write_cache_pages
Revert "btrfs: flush write bio if we loop in extent_write_cache_pages"
btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
btrfs: extent_io: Kill the forward declaration of flush_write_bio
* blktrace: fix debugfs use after free
kernel/trace/blktrace.c
sfp: Fix error handing in sfp_probe()
* sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
net/sctp/sm_sideeffect.c
net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
gianfar: Account for Tx PTP timestamp in the skb headroom
gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
chelsio/chtls: fix always leaking ctrl_skb
chelsio/chtls: fix memory leaks caused by a race
cadence: force nonlinear buffers to be cloned
* ptrace: fix task_join_group_stop() for the case when current is traced
kernel/signal.c
* tipc: fix use-after-free in tipc_bcast_get_mode
net/tipc/core.c
drm/i915: Break up error capture compression loops with cond_resched()
* ANDROID: fuse: Add support for d_canonical_path
fs/fuse/dev.c
fs/fuse/dir.c
fs/fuse/fuse_i.h
include/uapi/linux/fuse.h
* ANDROID: vfs: add d_canonical_path for stacked filesystem support
fs/notify/inotify/inotify_user.c
include/linux/dcache.h
include/linux/fsnotify.h
* ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
Merge 4.19.155 into android-4.19-stable
Linux 4.19.155
staging: octeon: Drop on uncorrectable alignment or FCS error
staging: octeon: repair "fixed-link" support
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
* KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
arch/arm64/include/asm/kvm_host.h
* device property: Don't clear secondary pointer for shared primary firmware node
drivers/base/core.c
* device property: Keep secondary firmware node secondary by type
drivers/base/core.c
ARM: s3c24xx: fix missing system reset
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
arm: dts: mt7623: add missing pause for switchport
* hil/parisc: Disable HIL driver when it gets stuck
include/linux/hil_mlc.h
cachefiles: Handle readpage error correctly
* arm64: berlin: Select DW_APB_TIMER_OF
arch/arm64/Kconfig.platforms
tty: make FONTX ioctl use the tty pointer they were actually passed
rtc: rx8010: don't modify the global rtc ops
drm/ttm: fix eviction valuable range check.
* ext4: fix invalid inode checksum
fs/ext4/inode.c
* ext4: fix error handling code in add_new_gdb
fs/ext4/resize.c
* ext4: fix leaking sysfs kobject after failed mount
fs/ext4/super.c
vringh: fix __vringh_iov() when riov and wiov are different
* ring-buffer: Return 0 on success from ring_buffer_resize()
kernel/trace/ring_buffer.c
9P: Cast to loff_t before multiplying
libceph: clear con->out_msg on Policy::stateful_server faults
ceph: promote to unsigned long long before shifting
drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally
drm/amdgpu: don't map BO in reserved region
i2c: imx: Fix external abort on interrupt in exit paths
ia64: fix build error with !COREDUMP
ubi: check kthread_should_stop() after the setting of task state
perf python scripting: Fix printable strings in python3 scripts
ubifs: dent: Fix some potential memory leaks while iterating entries
NFSD: Add missing NFSv2 .pc_func methods
* NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
include/uapi/linux/nfs4.h
powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation
powerpc/powernv/elog: Fix race while processing OPAL error log event.
powerpc: Warn about use of smt_snooze_delay
powerpc/rtas: Restrict RTAS requests from userspace
s390/stp: add locking to sysfs functions
powerpc/drmem: Make lmb_size 64 bit
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:adc:ti-adc0832 Fix alignment issue with timestamp
iio:light:si1145: Fix timestamp alignment and prevent data leak.
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
udf: Fix memory leak when mounting
HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
vt: keyboard, extend func_buf_lock to readers
vt: keyboard, simplify vt_kdgkbsent
drm/i915: Force VT'd workarounds when running as a guest OS
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
usb: typec: tcpm: reset hard_reset_count for any disconnect
usb: cdc-acm: fix cooldown mechanism
* usb: dwc3: core: don't trigger runtime pm when remove driver
drivers/usb/dwc3/core.c
* usb: dwc3: core: add phy cleanup for probe error handling
drivers/usb/dwc3/core.c
* usb: dwc3: gadget: Check MPS of the request length
drivers/usb/dwc3/gadget.c
* usb: dwc3: ep0: Fix ZLP for OUT ep0 requests
drivers/usb/dwc3/ep0.c
* usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC
drivers/usb/host/xhci-pci.c
drivers/usb/host/xhci.h
btrfs: fix use-after-free on readahead extent after failure to create it
btrfs: cleanup cow block on error
btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
btrfs: send, recompute reference path after orphanization of a directory
btrfs: reschedule if necessary when logging directory items
btrfs: improve device scanning messages
btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode
scsi: qla2xxx: Fix crash on session cleanup with unload
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
w1: mxc_w1: Fix timeout resolution problem leading to bus error
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
ACPI: debug: don't allow debugging when ACPI is disabled
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI / extlog: Check for RDMSR failure
ACPI: button: fix handling lid state changes when input device closed
NFS: fix nfs_path in case of a rename retry
* fs: Don't invalidate page buffers in block_write_full_page()
fs/buffer.c
media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect
leds: bcm6328, bcm6358: use devres LED registering function
perf/x86/amd/ibs: Fix raw sample data accumulation
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
md/raid5: fix oops during stripe resizing
nvme-rdma: fix crash when connect rejected
* sgl_alloc_order: fix memory leak
lib/scatterlist.c
nbd: make the config put is called before the notifying the waiter
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
memory: emif: Remove bogus debugfs error handling
ARM: dts: omap4: Fix sgx clock rate for 4430
arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes
cifs: handle -EINTR in cifs_setattr
gfs2: add validation checks for size of superblock
* ext4: Detect already used quota file early
fs/ext4/super.c
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
clk: ti: clockdomain: fix static checker warning
* rpmsg: glink: Use complete_all for open states
drivers/rpmsg/qcom_glink_native.c
bnxt_en: Log unknown link speed appropriately.
md/bitmap: md_bitmap_get_counter returns wrong blocks
btrfs: fix replace of seed device
drm/amd/display: HDMI remote sink need mode validation for Linux
power: supply: test_power: add missing newlines when printing parameters by sysfs
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
ACPI: Add out of bounds and numa_off protections to pxm_to_node()
xfs: don't free rt blocks when we're doing a REMAP bunmapi call
* arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
arch/arm64/include/asm/numa.h
* usb: xhci: omit duplicate actions when suspending a runtime suspended host.
drivers/usb/host/xhci.c
* uio: free uio id after uio file node is freed
drivers/uio/uio.c
USB: adutux: fix debugging
cpufreq: sti-cpufreq: add stih418 support
riscv: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
media: uvcvideo: Fix dereference of out-of-bound list iterator
kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
ia64: kprobes: Use generic kretprobe trampoline handler
* printk: reduce LOG_BUF_SHIFT range for H8300
init/Kconfig
* arm64: topology: Stop using MPIDR for topology information
arch/arm64/kernel/topology.c
drm/bridge/synopsys: dsi: add support for non-continuous HS clock
mmc: via-sdmmc: Fix data race bug
media: imx274: fix frame interval handling
media: tw5864: check status of tw5864_frameinterval_get
* usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart
include/linux/usb/pd.h
media: platform: Improve queue set up flow for bug fixing
* media: videodev2.h: RGB BT2020 and HSV are always full range
include/uapi/linux/videodev2.h
drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly
ath10k: fix VHT NSS calculation when STBC is enabled
ath10k: start recovery process when payload length exceeds max htc length for sdio
video: fbdev: pvr2fb: initialize variables
xfs: fix realtime bitmap/summary file truncation when growing rt volume
power: supply: bq27xxx: report "not charging" on all types
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
um: change sigio_spinlock to a mutex
* f2fs: fix to check segment boundary during SIT page readahead
fs/f2fs/checkpoint.c
* f2fs: fix uninit-value in f2fs_lookup
fs/f2fs/dir.c
* f2fs: add trace exit in exception path
fs/f2fs/checkpoint.c
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
* mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
arch/Kconfig
fs/exec.c
powerpc/powernv/smp: Fix spurious DBG() warning
* futex: Fix incorrect should_fail_futex() handling
kernel/futex.c
ata: sata_nv: Fix retrieving of active qcs
RDMA/qedr: Fix memory leak in iWARP CM
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
xen/events: block rogue events for some time
xen/events: defer eoi in case of excessive number of events
xen/events: use a common cpu hotplug hook for event channels
xen/events: switch user event channels to lateeoi model
xen/pciback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/blkback: use lateeoi irq binding
* xen/events: add a new "late EOI" evtchn framework
include/xen/events.h
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: avoid removing an event channel while handling it
xen/events: don't use chip_data for legacy IRQs
* Revert "block: ratelimit handle_bad_sector() message"
block/blk-core.c
* fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
fs/crypto/fname.c
fs/crypto/hooks.c
fs/ext4/ext4.h
fs/ext4/namei.c
fs/f2fs/namei.c
include/linux/fscrypt.h
* fscrypt: only set dentry_operations on ciphertext dentries
fs/crypto/hooks.c
* fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
fs/dcache.c
* fscrypt: fix race allowing rename() and link() of ciphertext dentries
fs/crypto/hooks.c
include/linux/fscrypt.h
* fscrypt: clean up and improve dentry revalidation
fs/crypto/crypto.c
fs/crypto/hooks.c
include/linux/dcache.h
include/linux/fscrypt.h
* fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
fs/crypto/hooks.c
fs/crypto/policy.c
include/linux/fscrypt.h
ata: sata_rcar: Fix DMA boundary mask
serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt
* mtd: lpddr: Fix bad logic in print_drs_error
include/linux/mtd/pfow.h
RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
cxl: Rework error message for incompatible slots
p54: avoid accessing the data mapped to streaming DMA
evm: Check size of security.evm before using it
* bpf: Fix comment for helper bpf_current_task_under_cgroup()
include/uapi/linux/bpf.h
* fuse: fix page dereference after free
fs/fuse/dev.c
x86/xen: disable Firmware First mode for correctable memory errors
arch/x86/amd/ibs: Fix re-arming IBS Fetch
cxgb4: set up filter action after rewrites
r8169: fix issue with forced threading in combination with shared interrupts
* tipc: fix memory leak caused by tipc_buf_append()
net/tipc/msg.c
* tcp: Prevent low rmem stalls with SO_RCVLOWAT.
net/ipv4/tcp.c
net/ipv4/tcp_input.c
ravb: Fix bit fields checking in ravb_hwtstamp_get()
* netem: fix zero division in tabledist
net/sched/sch_netem.c
mlxsw: core: Fix memory leak on module removal
gtp: fix an use-before-init in gtp_newlink()
chelsio/chtls: fix tls record info to user
chelsio/chtls: fix memory leaks in CPL handlers
chelsio/chtls: fix deadlock issue
efivarfs: Replace invalid slashes with exclamation marks in dentries.
x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
* arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
arch/arm64/Makefile
* arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
arch/arm64/kernel/cpu_errata.c
* scripts/setlocalversion: make git describe output more reliable
scripts/setlocalversion
objtool: Support Clang non-section symbols in ORC generation
ANDROID: GKI: Enable DEBUG_INFO_DWARF4
* UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
mm/slub.c
* BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
include/net/xfrm.h
net/xfrm/xfrm_state.c
* BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/xfrm_user.c
* UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
net/xfrm/xfrm_user.c
* UPSTREAM: xfrm/compat: Add 64=>32-bit messages translator
include/net/xfrm.h
net/xfrm/xfrm_user.c
* BACKPORT: xfrm: Provide API to register translator module
include/net/xfrm.h
net/xfrm/Kconfig
net/xfrm/Makefile
net/xfrm/xfrm_state.c
* ANDROID: Publish uncompressed Image on aarch64
build.config.aarch64
FROMLIST: crypto: arm64/poly1305-neon - reorder PAC authentication with SP update
UPSTREAM: crypto: arm64/chacha - fix chacha_4block_xor_neon() for big endian
UPSTREAM: crypto: arm64/chacha - fix hchacha_block_neon() for big endian
Merge 4.19.154 into android-4.19-stable
Linux 4.19.154
* usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets.
drivers/usb/gadget/function/f_ncm.c
eeprom: at25: set minimum read/write access stride to 1
USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync().
usb: cdc-acm: add quirk to blacklist ETAS ES58X devices
tty: serial: fsl_lpuart: fix lpuart32_poll_get_char
net: korina: cast KSEG0 address to pointer in kfree
ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n()
* scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config()
drivers/scsi/ufs/ufs-qcom.c
* usb: core: Solve race condition in anchor cleanup functions
drivers/usb/core/urb.c
brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach
mwifiex: don't call del_timer_sync() on uninitialized timer
reiserfs: Fix memory leak in reiserfs_parse_options()
ipvs: Fix uninit-value in do_ip_vs_set_ctl()
tty: ipwireless: fix error handling
scsi: qedi: Fix list_del corruption while removing active I/O
scsi: qedi: Protect active command list to avoid list corruption
Fix use after free in get_capset_info callback.
rtl8xxxu: prevent potential memory leak
brcmsmac: fix memory leak in wlc_phy_attach_lcnphy
scsi: ibmvfc: Fix error return in ibmvfc_probe()
* Bluetooth: Only mark socket zapped after unlocking
net/bluetooth/l2cap_sock.c
* usb: ohci: Default to per-port over-current protection
drivers/usb/host/ohci-hcd.c
xfs: make sure the rt allocator doesn't run off the end
reiserfs: only call unlock_new_inode() if I_NEW
misc: rtsx: Fix memory leak in rtsx_pci_probe
ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs()
can: flexcan: flexcan_chip_stop(): add error handling and propagate error value
* usb: dwc3: simple: add support for Hikey 970
drivers/usb/dwc3/dwc3-of-simple.c
USB: cdc-acm: handle broken union descriptors
udf: Avoid accessing uninitialized data on failed inode read
udf: Limit sparing table size
usb: gadget: function: printer: fix use-after-free in __lock_acquire
misc: vop: add round_up(x,4) for vring_size to avoid kernel panic
mic: vop: copy data to kernel space then write to io memory
* scsi: target: core: Add CONTROL field for trace events
include/scsi/scsi_common.h
include/trace/events/target.h
scsi: mvumi: Fix error return in mvumi_io_attach()
PM: hibernate: remove the bogus call to get_gendisk() in software_resume()
mac80211: handle lack of sband->bitrates in rates
ip_gre: set dev->hard_header_len and dev->needed_headroom properly
ntfs: add check for mft record size in superblock
media: venus: core: Fix runtime PM imbalance in venus_probe
fs: dlm: fix configfs memory leak
media: saa7134: avoid a shift overflow
mmc: sdio: Check for CISTPL_VERS_1 buffer size
media: uvcvideo: Ensure all probed info is returned to v4l2
media: media/pci: prevent memory leak in bttv_probe
media: bdisp: Fix runtime PM imbalance on error
media: platform: sti: hva: Fix runtime PM imbalance on error
media: platform: s3c-camif: Fix runtime PM imbalance on error
media: vsp1: Fix runtime PM imbalance on error
media: exynos4-is: Fix a reference count leak
media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync
media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync
media: sti: Fix reference count leaks
media: st-delta: Fix reference count leak in delta_run_work
media: ati_remote: sanity check for both endpoints
media: firewire: fix memory leak
crypto: ccp - fix error handling
* block: ratelimit handle_bad_sector() message
block/blk-core.c
i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs
* perf: correct SNOOPX field offset
include/uapi/linux/perf_event.h
* sched/features: Fix !CONFIG_JUMP_LABEL case
kernel/sched/core.c
kernel/sched/sched.h
NTB: hw: amd: fix an issue about leak system resources
nvmet: fix uninitialized work for zero kato
powerpc/powernv/dump: Fix race while processing OPAL dump
arm64: dts: zynqmp: Remove additional compatible string for i2c IPs
ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers
arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts
arm64: dts: qcom: pm8916: Remove invalid reg size from wcd_codec
memory: fsl-corenet-cf: Fix handling of platform_get_irq() error
memory: omap-gpmc: Fix build error without CONFIG_OF
memory: omap-gpmc: Fix a couple off by ones
ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator
ARM: dts: imx6sl: fix rng node
netfilter: nf_fwd_netdev: clear timestamp in forwarding path
* netfilter: conntrack: connection timeout after re-register
net/netfilter/nf_conntrack_proto_tcp.c
KVM: x86: emulating RDPID failure shall return #UD rather than #GP
Input: sun4i-ps2 - fix handling of platform_get_irq() error
Input: twl4030_keypad - fix handling of platform_get_irq() error
Input: omap4-keypad - fix handling of platform_get_irq() error
Input: ep93xx_keypad - fix handling of platform_get_irq() error
Input: stmfts - fix a & vs && typo
Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume()
SUNRPC: fix copying of multiple pages in gss_read_proxy_verf()
vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages
vfio/pci: Clear token on bypass registration failure
* ext4: limit entries returned when counting fsmap records
fs/ext4/fsmap.c
svcrdma: fix bounce buffers for unaligned offsets and multiple pages
watchdog: sp5100: Fix definition of EFCH_PM_DECODEEN3
* watchdog: Use put_device on error
drivers/watchdog/watchdog_dev.c
* watchdog: Fix memleak in watchdog_cdev_register
drivers/watchdog/watchdog_dev.c
clk: bcm2835: add missing release if devm_clk_hw_register fails
clk: at91: clk-main: update key before writing AT91_CKGR_MOR
clk: rockchip: Initialize hw to error to avoid undefined behavior
pwm: img: Fix null pointer access in probe
rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge()
PCI: iproc: Set affinity mask on MSI interrupts
* i2c: rcar: Auto select RESET_CONTROLLER
drivers/i2c/busses/Kconfig
* mailbox: avoid timer start from callback
drivers/mailbox/mailbox.c
rapidio: fix the missed put_device() for rio_mport_add_riodev
rapidio: fix error handling path
ramfs: fix nommu mmap with gaps in the page cache
* lib/crc32.c: fix trivial typo in preprocessor condition
lib/crc32.c
* f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info
fs/f2fs/sysfs.c
IB/rdmavt: Fix sizeof mismatch
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier
powerpc/perf/hv-gpci: Fix starting index value
powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints
* overflow: Include header file with SIZE_MAX declaration
include/linux/overflow.h
kdb: Fix pager search for multi-line strings
RDMA/hns: Fix missing sq_sig_type when querying QP
RDMA/hns: Set the unsupported wr opcode
perf intel-pt: Fix "context_switch event has no tid" error
RDMA/cma: Consolidate the destruction of a cma_multicast in one place
RDMA/cma: Remove dead code for kernel rdmacm multicast
powerpc/64s/radix: Fix mm_cpumask trimming race vs kthread_use_mm
powerpc/tau: Disable TAU between measurements
powerpc/tau: Check processor type before enabling TAU interrupt
ANDROID: GKI: update the ABI xml
Merge 4.19.153 into android-4.19-stable
Linux 4.19.153
powerpc/tau: Remove duplicated set_thresholds() call
powerpc/tau: Convert from timer to workqueue
powerpc/tau: Use appropriate temperature sample interval
RDMA/qedr: Fix inline size returned for iWARP
RDMA/qedr: Fix use of uninitialized field
xfs: fix high key handling in the rt allocator's query_range function
xfs: limit entries returned when counting fsmap records
arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER
ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values
mtd: mtdoops: Don't write panic data twice
powerpc/pseries: explicitly reschedule during drmem_lmb list traversal
mtd: lpddr: fix excessive stack usage with clang
RDMA/ucma: Add missing locking around rdma_leave_multicast()
RDMA/ucma: Fix locking for ctx->events_reported
powerpc/icp-hv: Fix missing of_node_put() in success path
powerpc/pseries: Fix missing of_node_put() in rng_init()
IB/mlx4: Adjust delayed work when a dup is observed
IB/mlx4: Fix starvation in paravirt mux/demux
* mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary
fs/proc/base.c
include/linux/oom.h
include/linux/sched/coredump.h
kernel/fork.c
mm/oom_kill.c
* mm/memcg: fix device private memcg accounting
mm/memcontrol.c
* netfilter: nf_log: missing vlan offload tag and proto
include/net/netfilter/nf_log.h
net/ipv4/netfilter/nf_log_ipv4.c
net/ipv6/netfilter/nf_log_ipv6.c
net/netfilter/nf_log_common.c
net: korina: fix kfree of rx/tx descriptor array
ipvs: clear skb->tstamp in forwarding path
mwifiex: fix double free
platform/x86: mlx-platform: Remove PSU EEPROM configuration
scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
scsi: target: tcmu: Fix warning: 'page' may be used uninitialized
usb: dwc2: Fix INTR OUT transfers in DDMA mode.
* nl80211: fix non-split wiphy information
net/wireless/nl80211.c
* usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well
drivers/usb/gadget/function/u_ether.c
* usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above.
drivers/usb/gadget/function/f_ncm.c
iwlwifi: mvm: split a print to avoid a WARNING in ROC
mfd: sm501: Fix leaks in probe()
net: enic: Cure the enic api locking trainwreck
qtnfmac: fix resource leaks on unsupported iftype error return path
* HID: hid-input: fix stylus battery reporting
drivers/hid/hid-input.c
slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback
slimbus: core: do not enter to clock pause mode in core
slimbus: core: check get_addr before removing laddr ida
* quota: clear padding in v2r1_mem2diskdqb()
fs/quota/quota_v2.c
usb: dwc2: Fix parameter type in function pointer prototype
ALSA: seq: oss: Avoid mutex lock for a long-time ioctl
misc: mic: scif: Fix error handling path
ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd()
net: dsa: rtl8366rb: Support all 4096 VLANs
net: dsa: rtl8366: Skip PVID setting if not requested
net: dsa: rtl8366: Refactor VLAN/PVID init
net: dsa: rtl8366: Check validity of passed VLANs
cpufreq: armada-37xx: Add missing MODULE_DEVICE_TABLE
net: stmmac: use netif_tx_start|stop_all_queues() function
net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow
pinctrl: mcp23s08: Fix mcp23x17 precious range
pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser
HID: roccat: add bounds checking in kone_sysfs_write_settings()
video: fbdev: radeon: Fix memleak in radeonfb_pci_register
video: fbdev: sis: fix null ptr dereference
video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error
drivers/virt/fsl_hypervisor: Fix error handling path
pwm: lpss: Add range limit check for the base_unit register value
pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare()
* pty: do tty_flip_buffer_push without port->lock in pty_write
drivers/tty/pty.c
tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup()
* tty: serial: earlycon dependency
drivers/tty/serial/Kconfig
VMCI: check return value of get_user_pages_fast() for errors
backlight: sky81452-backlight: Fix refcount imbalance on error
scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
drm/gma500: fix error check
staging: rtl8192u: Do not use GFP_KERNEL in atomic context
mwifiex: Do not use GFP_KERNEL in atomic context
brcmfmac: check ndev pointer
ASoC: qcom: lpass-cpu: fix concurrency issue
ASoC: qcom: lpass-platform: fix memory leak
wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680
ath10k: Fix the size used in a 'dma_free_coherent()' call in an error handling path
ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb()
ath6kl: prevent potential array overflow in ath6kl_add_new_sta()
Bluetooth: hci_uart: Cancel init work before unregistering
ath10k: provide survey info as accumulated data
spi: spi-s3c64xx: Check return values
spi: spi-s3c64xx: swap s3c64xx_spi_set_cs() and s3c64xx_enable_datapath()
* pinctrl: bcm: fix kconfig dependency warning when !GPIOLIB
drivers/pinctrl/bcm/Kconfig
* regulator: resolve supply after creating regulator
drivers/regulator/core.c
media: ti-vpe: Fix a missing check and reference count leak
media: stm32-dcmi: Fix a reference count leak
media: s5p-mfc: Fix a reference count leak
media: camss: Fix a reference count leak.
media: platform: fcp: Fix a reference count leak.
media: rockchip/rga: Fix a reference count leak.
media: rcar-vin: Fix a reference count leak.
media: tc358743: cleanup tc358743_cec_isr
media: tc358743: initialize variable
media: mx2_emmaprp: Fix memleak in emmaprp_probe
cypto: mediatek - fix leaks in mtk_desc_ring_alloc
hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61}
crypto: omap-sham - fix digcnt register handling with export/import
media: omap3isp: Fix memleak in isp_probe
media: uvcvideo: Silence shift-out-of-bounds warning
media: uvcvideo: Set media controller entity functions
media: m5mols: Check function pointer in m5mols_sensor_power
media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()"
media: tuner-simple: fix regression in simple_set_radio_freq
crypto: picoxcell - Fix potential race condition bug
crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call
crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc()
crypto: algif_skcipher - EBUSY on aio should be an error
x86/events/amd/iommu: Fix sizeof mismatch
x86/nmi: Fix nmi_handle() duration miscalculation
drivers/perf: xgene_pmu: Fix uninitialized resource struct
x86/fpu: Allow multiple bits in clearcpuid= parameter
EDAC/ti: Fix handling of platform_get_irq() error
EDAC/i5100: Fix error handling order in i5100_init_one()
crypto: algif_aead - Do not set MAY_BACKLOG on the async path
ima: Don't ignore errors from crypto_shash_update()
KVM: SVM: Initialize prev_ga_tag before use
KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages
cifs: Return the error from crypt_message when enc/dec key not found.
cifs: remove bogus debug code
ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
* icmp: randomize the global rate limiter
net/ipv4/icmp.c
r8169: fix operation under forced interrupt threading
* tcp: fix to update snd_wl1 in bulk receiver fast path
net/ipv4/tcp_input.c
nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download()
net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels
net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup
net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
chelsio/chtls: correct function return and return type
chelsio/chtls: correct netdevice for vlan interface
chelsio/chtls: fix socket lock
ALSA: bebob: potential info leak in hwdep_read()
* binder: fix UAF when releasing todo list
drivers/android/binder.c
net/tls: sendfile fails with ktls offload
r8169: fix data corruption issue on RTL8402
* net/ipv4: always honour route mtu during forwarding
include/net/ip.h
* tipc: fix the skb_unshare() in tipc_buf_append()
net/tipc/msg.c
net: usb: qmi_wwan: add Cellient MPL200 card
net/smc: fix valid DMBE buffer sizes
* net: fix pos incrementment in ipv6_route_seq_next
net/ipv6/ip6_fib.c
net: fec: Fix PHY init after phy_reset_after_clk_enable()
net: fec: Fix phy_device lookup for phy_reset_after_clk_enable()
mlx4: handle non-napi callers to napi_poll
* ipv4: Restore flowi4_oif update before call to xfrm_lookup_route
net/ipv4/route.c
ibmveth: Identify ingress large send packets.
ibmveth: Switch order of ibmveth_helper calls.
ANDROID: clang: update to 11.0.5
* FROMLIST: arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
arch/arm64/Makefile
ANDROID: GKI: enable CONFIG_WIREGUARD
UPSTREAM: wireguard: peerlookup: take lock before checking hash in replace operation
UPSTREAM: wireguard: noise: take lock when removing handshake entry from table
UPSTREAM: wireguard: queueing: make use of ip_tunnel_parse_protocol
* UPSTREAM: net: ip_tunnel: add header_ops for layer 3 devices
include/net/ip_tunnels.h
net/ipv4/ip_tunnel_core.c
UPSTREAM: wireguard: receive: account for napi_gro_receive never returning GRO_DROP
UPSTREAM: wireguard: device: avoid circular netns references
UPSTREAM: wireguard: noise: do not assign initiation time in if condition
UPSTREAM: wireguard: noise: separate receive counter from send counter
UPSTREAM: wireguard: queueing: preserve flow hash across packet scrubbing
UPSTREAM: wireguard: noise: read preshared key while taking lock
UPSTREAM: wireguard: selftests: use newer iproute2 for gcc-10
UPSTREAM: wireguard: send/receive: use explicit unlikely branch instead of implicit coalescing
UPSTREAM: wireguard: selftests: initalize ipv6 members to NULL to squelch clang warning
UPSTREAM: wireguard: send/receive: cond_resched() when processing worker ringbuffers
UPSTREAM: wireguard: socket: remove errant restriction on looping to self
UPSTREAM: wireguard: selftests: use normal kernel stack size on ppc64
UPSTREAM: wireguard: receive: use tunnel helpers for decapsulating ECN markings
UPSTREAM: wireguard: queueing: cleanup ptr_ring in error path of packet_queue_init
UPSTREAM: wireguard: send: remove errant newline from packet_encrypt_worker
UPSTREAM: wireguard: noise: error out precomputed DH during handshake rather than config
UPSTREAM: wireguard: receive: remove dead code from default packet type case
UPSTREAM: wireguard: queueing: account for skb->protocol==0
UPSTREAM: wireguard: selftests: remove duplicated include <sys/types.h>
UPSTREAM: wireguard: socket: remove extra call to synchronize_net
UPSTREAM: wireguard: send: account for mtu=0 devices
UPSTREAM: wireguard: receive: reset last_under_load to zero
UPSTREAM: wireguard: selftests: reduce complexity and fix make races
UPSTREAM: wireguard: device: use icmp_ndo_send helper
UPSTREAM: wireguard: selftests: tie socket waiting to target pid
UPSTREAM: wireguard: selftests: ensure non-addition of peers with failed precomputation
UPSTREAM: wireguard: noise: reject peers with low order public keys
UPSTREAM: wireguard: allowedips: fix use-after-free in root_remove_peer_lists
* UPSTREAM: net: skbuff: disambiguate argument and member for skb_list_walk_safe helper
include/linux/skbuff.h
* UPSTREAM: net: introduce skb_list_walk_safe for skb segment walking
include/linux/skbuff.h
UPSTREAM: wireguard: socket: mark skbs as not on list when receiving via gro
UPSTREAM: wireguard: queueing: do not account for pfmemalloc when clearing skb header
UPSTREAM: wireguard: selftests: remove ancient kernel compatibility code
UPSTREAM: wireguard: allowedips: use kfree_rcu() instead of call_rcu()
UPSTREAM: wireguard: main: remove unused include <linux/version.h>
* UPSTREAM: wireguard: global: fix spelling mistakes in comments
include/uapi/linux/wireguard.h
* UPSTREAM: wireguard: Kconfig: select parent dependency for crypto
drivers/net/Kconfig
UPSTREAM: wireguard: selftests: import harness makefile for test suite
* UPSTREAM: net: WireGuard secure network tunnel
drivers/net/Kconfig
drivers/net/Makefile
include/uapi/linux/wireguard.h
* UPSTREAM: timekeeping: Boot should be boottime for coarse ns accessor
include/linux/timekeeping.h
* UPSTREAM: timekeeping: Add missing _ns functions for coarse accessors
include/linux/timekeeping.h
* UPSTREAM: icmp: introduce helper for nat'd source address in network device context
include/linux/icmpv6.h
include/net/icmp.h
net/ipv4/icmp.c
net/ipv6/ip6_icmp.c
UPSTREAM: crypto: poly1305-x86_64 - Use XORL r32,32
UPSTREAM: crypto: curve25519-x86_64 - Use XORL r32,32
UPSTREAM: crypto: arm/poly1305 - Add prototype for poly1305_blocks_neon
UPSTREAM: crypto: arm/curve25519 - include <linux/scatterlist.h>
UPSTREAM: crypto: x86/curve25519 - Remove unused carry variables
* UPSTREAM: crypto: x86/chacha-sse3 - use unaligned loads for state array
include/crypto/chacha.h
* UPSTREAM: crypto: lib/chacha20poly1305 - Add missing function declaration
include/crypto/chacha20poly1305.h
UPSTREAM: crypto: arch/lib - limit simd usage to 4k chunks
UPSTREAM: crypto: arm[64]/poly1305 - add artifact to .gitignore files
UPSTREAM: crypto: x86/curve25519 - leave r12 as spare register
UPSTREAM: crypto: x86/curve25519 - replace with formally verified implementation
UPSTREAM: crypto: arm64/chacha - correctly walk through blocks
* UPSTREAM: crypto: x86/curve25519 - support assemblers with no adx support
include/crypto/curve25519.h
UPSTREAM: crypto: chacha20poly1305 - prevent integer overflow on large input
* UPSTREAM: crypto: Kconfig - allow tests to be disabled when manager is disabled
crypto/Kconfig
UPSTREAM: crypto: arm/chacha - fix build failured when kernel mode NEON is disabled
UPSTREAM: crypto: x86/poly1305 - emit does base conversion itself
UPSTREAM: crypto: chacha20poly1305 - add back missing test vectors and test chunking
UPSTREAM: crypto: x86/poly1305 - fix .gitignore typo
* UPSTREAM: crypto: curve25519 - Fix selftest build error
lib/crypto/Makefile
UPSTREAM: crypto: {arm,arm64,mips}/poly1305 - remove redundant non-reduction from emit
* UPSTREAM: crypto: x86/poly1305 - wire up faster implementations for kernel
lib/crypto/Kconfig
UPSTREAM: crypto: x86/poly1305 - import unmodified cryptogams implementation
* UPSTREAM: crypto: poly1305 - add new 32 and 64-bit generic versions
crypto/poly1305_generic.c
include/crypto/internal/poly1305.h
include/crypto/nhpoly1305.h
include/crypto/poly1305.h
lib/crypto/Makefile
lib/crypto/poly1305-donna64.c
lib/crypto/poly1305.c
* UPSTREAM: crypto: lib/curve25519 - re-add selftests
lib/crypto/Makefile
UPSTREAM: crypto: arm/curve25519 - add arch-specific key generation function
* UPSTREAM: crypto: chacha - fix warning message in header file
include/crypto/internal/chacha.h
UPSTREAM: crypto: arch - conditionalize crypto api in arch glue for lib code
UPSTREAM: crypto: lib/chacha20poly1305 - use chacha20_crypt()
UPSTREAM: crypto: x86/chacha - only unregister algorithms if registered
* UPSTREAM: crypto: chacha_generic - remove unnecessary setkey() functions
crypto/chacha_generic.c
* UPSTREAM: crypto: lib/chacha20poly1305 - reimplement crypt_from_sg() routine
include/crypto/chacha20poly1305.h
* UPSTREAM: crypto: chacha20poly1305 - import construction and selftest from Zinc
include/crypto/chacha20poly1305.h
lib/crypto/Kconfig
lib/crypto/Makefile
UPSTREAM: crypto: arm/curve25519 - wire up NEON implementation
UPSTREAM: crypto: arm/curve25519 - import Bernstein and Schwabe's Curve25519 ARM implementation
* UPSTREAM: crypto: curve25519 - x86_64 library and KPP implementations
crypto/Kconfig
UPSTREAM: crypto: lib/curve25519 - work around Clang stack spilling issue
* UPSTREAM: crypto: curve25519 - implement generic KPP driver
crypto/Kconfig
crypto/Makefile
* UPSTREAM: crypto: curve25519 - add kpp selftest
crypto/testmgr.c
* UPSTREAM: crypto: curve25519 - generic C library implementations
include/crypto/curve25519.h
lib/crypto/Kconfig
lib/crypto/Makefile
* UPSTREAM: crypto: blake2s - x86_64 SIMD implementation
crypto/Kconfig
* UPSTREAM: crypto: blake2s - implement generic shash driver
crypto/Kconfig
crypto/Makefile
include/crypto/internal/blake2s.h
* UPSTREAM: crypto: testmgr - add test cases for Blake2s
crypto/testmgr.c
* UPSTREAM: crypto: blake2s - generic C library implementation and selftest
include/crypto/blake2s.h
include/crypto/internal/blake2s.h
lib/crypto/Kconfig
lib/crypto/Makefile
* UPSTREAM: crypto: mips/poly1305 - incorporate OpenSSL/CRYPTOGAMS optimized implementation
crypto/Kconfig
lib/crypto/Kconfig
* UPSTREAM: crypto: arm/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
lib/crypto/Kconfig
* UPSTREAM: crypto: arm64/poly1305 - incorporate OpenSSL/CRYPTOGAMS NEON implementation
arch/arm64/crypto/Kconfig
arch/arm64/crypto/Makefile
lib/crypto/Kconfig
* UPSTREAM: crypto: x86/poly1305 - expose existing driver as poly1305 library
crypto/Kconfig
lib/crypto/Kconfig
* UPSTREAM: crypto: x86/poly1305 - depend on generic library not generic shash
crypto/Kconfig
crypto/poly1305_generic.c
include/crypto/internal/poly1305.h
* UPSTREAM: crypto: poly1305 - expose init/update/final library interface
crypto/poly1305_generic.c
include/crypto/poly1305.h
lib/crypto/Kconfig
lib/crypto/poly1305.c
* UPSTREAM: crypto: x86/poly1305 - unify Poly1305 state struct with generic code
crypto/poly1305_generic.c
include/crypto/internal/poly1305.h
include/crypto/poly1305.h
* UPSTREAM: crypto: poly1305 - move core routines into a separate library
crypto/Kconfig
crypto/poly1305_generic.c
include/crypto/internal/poly1305.h
include/crypto/poly1305.h
lib/crypto/Kconfig
lib/crypto/Makefile
lib/crypto/poly1305.c
* UPSTREAM: crypto: chacha - unexport chacha_generic routines
crypto/chacha_generic.c
include/crypto/internal/chacha.h
* UPSTREAM: crypto: mips/chacha - wire up accelerated 32r2 code from Zinc
crypto/Kconfig
UPSTREAM: crypto: mips/chacha - import 32r2 ChaCha code from Zinc
UPSTREAM: crypto: arm/chacha - expose ARM ChaCha routine as library function
UPSTREAM: crypto: arm/chacha - remove dependency on generic ChaCha driver
UPSTREAM: crypto: arm/chacha - import Eric Biggers's scalar accelerated ChaCha code
* UPSTREAM: crypto: arm64/chacha - expose arm64 ChaCha routine as library function
arch/arm64/crypto/Kconfig
* UPSTREAM: crypto: arm64/chacha - depend on generic chacha library instead of crypto driver
arch/arm64/crypto/Kconfig
UPSTREAM: crypto: arm64/chacha - use combined SIMD/ALU routine for more speed
UPSTREAM: crypto: arm64/chacha - optimize for arbitrary length inputs
* UPSTREAM: crypto: x86/chacha - expose SIMD ChaCha routine as library function
crypto/Kconfig
include/crypto/chacha.h
* UPSTREAM: crypto: x86/chacha - depend on generic chacha library instead of crypto driver
crypto/Kconfig
* UPSTREAM: crypto: chacha - move existing library code into lib/crypto
crypto/Kconfig
crypto/chacha_generic.c
include/crypto/chacha.h
include/crypto/internal/chacha.h
lib/Makefile
lib/crypto/Kconfig
lib/crypto/Makefile
lib/crypto/libchacha.c
* UPSTREAM: crypto: lib - tidy up lib/crypto Kconfig and Makefile
crypto/Kconfig
lib/Makefile
lib/crypto/Kconfig
lib/crypto/Makefile
* UPSTREAM: crypto: chacha - constify ctx and iv arguments
crypto/chacha_generic.c
include/crypto/chacha.h
UPSTREAM: crypto: x86/poly1305 - Clear key material from stack in SSE2 variant
UPSTREAM: crypto: xchacha20 - fix comments for test vectors
UPSTREAM: crypto: xchacha - add test vector from XChaCha20 draft RFC
* UPSTREAM: crypto: arm64/chacha - add XChaCha12 support
arch/arm64/crypto/Kconfig
* UPSTREAM: crypto: arm64/chacha20 - refactor to allow varying number of rounds
arch/arm64/crypto/Makefile
* UPSTREAM: crypto: arm64/chacha20 - add XChaCha20 support
arch/arm64/crypto/Kconfig
UPSTREAM: crypto: x86/chacha - avoid sleeping under kernel_fpu_begin()
UPSTREAM: crypto: x86/chacha - yield the FPU occasionally
* UPSTREAM: crypto: x86/chacha - add XChaCha12 support
crypto/Kconfig
UPSTREAM: crypto: x86/chacha20 - refactor to allow varying number of rounds
* UPSTREAM: crypto: x86/chacha20 - add XChaCha20 support
crypto/Kconfig
UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 8-block AVX-512VL variant
UPSTREAM: crypto: x86/chacha20 - Add a 4-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Add a 2-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Use larger block functions more aggressively
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 8-block AVX2 variant
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 4-block SSSE3 variant
UPSTREAM: crypto: x86/chacha20 - Support partial lengths in 1-block SSSE3 variant
ANDROID: GKI: Enable CONFIG_USB_ANNOUNCE_NEW_DEVICES
ANDROID: GKI: Enable CONFIG_X86_X2APIC
* ANDROID: move builds to use gas prebuilts
build.config.aarch64
build.config.arm
build.config.x86_64
* UPSTREAM: binder: fix UAF when releasing todo list
drivers/android/binder.c
Merge 4.19.152 into android-4.19-stable
Linux 4.19.152
crypto: qat - check cipher length for aead AES-CBC-HMAC-SHA
crypto: bcm - Verify GCM/CCM key length in setkey
drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case
reiserfs: Fix oops during mount
reiserfs: Initialize inode keys properly
USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters
USB: serial: pl2303: add device-id for HP GC device
staging: comedi: check validity of wMaxPacketSize of usb endpoints found
USB: serial: option: Add Telit FT980-KS composition
USB: serial: option: add Cellient MPL200 card
media: usbtv: Fix refcounting mixup
* Bluetooth: Disconnect if E0 is used for Level 4
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
net/bluetooth/hci_event.c
* Bluetooth: Fix update of connection state in `hci_encrypt_cfm`
include/net/bluetooth/hci_core.h
* Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
include/net/bluetooth/hci_core.h
net/bluetooth/hci_event.c
* Bluetooth: MGMT: Fix not checking if BT_HS is enabled
net/bluetooth/mgmt.c
* Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
include/net/bluetooth/l2cap.h
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
* Bluetooth: A2MP: Fix not initializing all members
net/bluetooth/a2mp.c
ARM: 8867/1: vdso: pass --be8 to linker if necessary
ARM: 8939/1: kbuild: use correct nm executable
ARM: 8858/1: vdso: use $(LD) instead of $(CC) to link VDSO
perf cs-etm: Move definition of 'traceid_list' global variable from header file
* FROMLIST: arm64: vdso32: Allow ld.lld to properly link the VDSO
arch/arm64/kernel/vdso32/Makefile
Merge 4.19.151 into android-4.19-stable
Linux 4.19.151
* net: usb: rtl8150: set random MAC address when set_ethernet_addr() fails
drivers/net/usb/rtl8150.c
* mm: khugepaged: recalculate min_free_kbytes after memory hotplug as expected by khugepaged
include/linux/khugepaged.h
mm/page_alloc.c
mmc: core: don't set limits.discard_granularity as 0
* perf: Fix task_function_call() error handling
kernel/events/core.c
rxrpc: Fix server keyring leak
rxrpc: Fix some missing _bh annotations on locking conn->state_lock
rxrpc: Downgrade the BUG() for unsupported token type in rxrpc_read()
rxrpc: Fix rxkad token xdr encoding
net/mlx5e: Fix VLAN create flow
net/mlx5e: Fix VLAN cleanup flow
* net: usb: ax88179_178a: fix missing stop entry in driver_info
drivers/net/usb/ax88179_178a.c
* mdio: fix mdio-thunder.c dependency & build error
drivers/net/phy/Kconfig
* bonding: set dev->needed_headroom in bond_setup_by_slave()
drivers/net/bonding/bond_main.c
* xfrm: Use correct address family in xfrm_state_find
net/xfrm/xfrm_state.c
* platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
drivers/platform/x86/Kconfig
net: stmmac: removed enabling eee in EEE set callback
* xfrm: clone whole liftime_cur structure in xfrm_do_migrate
net/xfrm/xfrm_state.c
* xfrm: clone XFRMA_SEC_CTX in xfrm_do_migrate
net/xfrm/xfrm_state.c
* xfrm: clone XFRMA_REPLAY_ESN_VAL in xfrm_do_migrate
include/net/xfrm.h
* xfrm: clone XFRMA_SET_MARK in xfrm_do_migrate
net/xfrm/xfrm_state.c
drm/amdgpu: prevent double kfree ttm->sg
openvswitch: handle DNAT tuple collision
net: team: fix memory leak in __team_options_register
team: set dev->needed_headroom in team_setup_by_port()
* sctp: fix sctp_auth_init_hmacs() error path
net/sctp/auth.c
i2c: owl: Clear NACK and BUS error bits
i2c: meson: fixup rate calculation with filter delay
i2c: meson: fix clock setting overwrite
cifs: Fix incomplete memory allocation on setxattr path
* xfrmi: drop ignore_df check before updating pmtu
net/xfrm/xfrm_interface.c
mm/khugepaged: fix filemap page_to_pgoff(page) != offset
macsec: avoid use-after-free in macsec_handle_frame()
nvme-core: put ctrl ref when module ref get fail
arm64: dts: stratix10: add status to qspi dts node
mtd: rawnand: sunxi: Fix the probe error path
i2c: i801: Exclude device from suspend direct complete optimization
perf top: Fix stdio interface input handling with glibc 2.28+
* driver core: Fix probe_count imbalance in really_probe()
drivers/base/dd.c
platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
platform/x86: intel-vbtn: Switch to an allow-list for SW_TABLET_MODE reporting
platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting 1 on the HP Pavilion 11 x360
* usermodehelper: reset umask to default before executing user process
kernel/umh.c
drm/nouveau/mem: guard against NULL pointer access in mem_del
* net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key()
net/wireless/nl80211.c
Revert "ravb: Fixed to be able to unload modules"
fbcon: Fix global-out-of-bounds read in fbcon_get_font()
* Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts
include/linux/font.h
* fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
include/linux/font.h
Merge 4.19.150 into android-4.19-stable
Linux 4.19.150
* netfilter: ctnetlink: add a range check for l3/l4 protonum
net/netfilter/nf_conntrack_netlink.c
* ep_create_wakeup_source(): dentry name can change under you...
fs/eventpoll.c
* epoll: EPOLL_CTL_ADD: close the race in decision to take fast path
fs/eventpoll.c
* epoll: replace ->visited/visited_list with generation count
fs/eventpoll.c
* epoll: do not insert into poll queues until all sanity checks are done
fs/eventpoll.c
* net/packet: fix overflow in tpacket_rcv
net/packet/af_packet.c
* mm: don't rely on system state to detect hot-plug operations
include/linux/node.h
* mm: replace memmap_context by meminit_context
include/linux/mm.h
include/linux/mmzone.h
mm/page_alloc.c
* random32: Restore __latent_entropy attribute on net_rand_state
lib/random32.c
Input: trackpoint - enable Synaptics trackpoints
i2c: cpm: Fix i2c_ram structure
iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
nfs: Fix security label length not being reset
pinctrl: mvebu: Fix i2c sda definition for 98DX3236
gpio: sprd: Clear interrupt when setting the type as edge
nvme-fc: fail new connections to a deleted host or remote port
spi: fsl-espi: Only process interrupts for expected events
mac80211: do not allow bigger VHT MPDUs than the hardware supports
drivers/net/wan/hdlc: Set skb->protocol before transmitting
drivers/net/wan/lapbether: Make skb->protocol consistent with the header
nvme-core: get/put ctrl and transport module in nvme_dev_open/release()
rndis_host: increase sleep time in the query-response loop
net: dec: de2104x: Increase receive ring size for Tulip
drm/sun4i: mixer: Extend regmap max_register
drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices
drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config
ftrace: Move RCU is watching check after recursion check
Input: i8042 - add nopnp quirk for Acer Aspire 5 A515
net: virtio_vsock: Enhance connection semantics
* vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock()
include/linux/virtio_vsock.h
vsock/virtio: stop workers during the .remove()
vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock
clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk
gpio: tc35894: fix up tc35894 interrupt configuration
gpio: mockup: fix resource leak in error path
* USB: gadget: f_ncm: Fix NDP16 datagram validation
drivers/usb/gadget/function/f_ncm.c
mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models
* ANDROID: use arm-linux-androidkernel- for CROSS_COMPILE_COMPAT
build.config.aarch64
ANDROID: build.config.common: enable LLVM=1
Merge 4.19.149 into android-4.19-stable
Linux 4.19.149
* KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch
arch/arm64/include/asm/kvm_emulate.h
ata: sata_mv, avoid trigerrable BUG_ON
* ata: make qc_prep return ata_completion_errors
include/linux/libata.h
* ata: define AC_ERR_OK
include/linux/libata.h
kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl
* mm, THP, swap: fix allocating cluster for swapfile by mistake
mm/swapfile.c
kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
s390/dasd: Fix zero write for FBA devices
tracing: fix double free
KVM: SVM: Add a dedicated INVD intercept routine
KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE
MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
* regmap: fix page selection for noinc reads
drivers/base/regmap/regmap.c
ALSA: asihpi: fix iounmap in error handler
* bpf: Fix a rcu warning for bpffs map pretty-print
kernel/bpf/inode.c
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
batman-adv: Add missing include for in_interrupt()
drm/sun4i: sun8i-csc: Secondary CSC register correction
net: qed: RDMA personality shouldn't fail VF load
drm/vc4/vc4_hdmi: fill ASoC card owner
* bpf: Fix clobbering of r2 in bpf_gen_ld_abs
net/core/filter.c
mac802154: tx: fix use-after-free
batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
atm: eni: fix the missed pci_disable_device() for eni_init_one()
batman-adv: bla: fix type misuse for backbone_gw hash indexing
mwifiex: Increase AES key storage size to 256 bits
clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
ieee802154/adf7242: check status of adf7242_read_reg
ieee802154: fix one possible memleak in ca8210_dev_com_init
objtool: Fix noreturn detection for ignored functions
* i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()
drivers/i2c/i2c-core-base.c
drm/amdkfd: fix a memory leak issue
lockdep: fix order in trace_hardirqs_off_caller()
s390/init: add missing __init annotations
RISC-V: Take text_mutex in ftrace_init_nop()
ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1
ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions
ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811
nvme: explicitly update mpath disk capacity on revalidation
net: openvswitch: use div_u64() for 64-by-32 divisions
perf parse-events: Use strcmp() to compare the PMU name
ubi: fastmap: Free unused fastmap anchor peb during detach
btrfs: qgroup: fix data leak caused by race between writeback and truncate
vfio/pci: fix racy on error and request eventfd ctx
selftests/x86/syscall_nt: Clear weird flags after each test
scsi: libfc: Skip additional kref updating work event
scsi: libfc: Handling of extra kref
nvme: fix possible deadlock when I/O is blocked
cifs: Fix double add page to memcg when cifs_readpages
vfio/pci: Clear error and request eventfd ctx after releasing
x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
mtd: parser: cmdline: Support MTD names containing one or more colons
rapidio: avoid data race between file operation callbacks and mport_cdev_add().
* mm/swap_state: fix a data race in swapin_nr_pages
mm/swap_state.c
ceph: fix potential race in ceph_check_caps
PCI: tegra: Fix runtime PM imbalance on error
mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
wlcore: fix runtime pm imbalance in wlcore_regdomain_config
wlcore: fix runtime pm imbalance in wl1271_tx_work
ASoC: img-i2s-out: Fix runtime PM imbalance on error
perf kcore_copy: Fix module map when there are no modules loaded
perf metricgroup: Free metric_events on error
perf util: Fix memory leak of prefix_if_not_in
perf stat: Fix duration_time value for higher intervals
perf trace: Fix the selection for architectures to generate the errno name tables
perf evsel: Fix 2 memory leaks
vfio/pci: fix memory leaks of eventfd ctx
btrfs: don't force read-only after error in drop snapshot
* usb: dwc3: Increase timeout for CmdAct cleared by device controller
drivers/usb/dwc3/gadget.c
* printk: handle blank console arguments passed in.
kernel/printk/printk.c
drm/nouveau/dispnv50: fix runtime pm imbalance on error
drm/nouveau: fix runtime pm imbalance on error
drm/nouveau/debugfs: fix runtime pm imbalance on error
e1000: Do not perform reset in reset_task if we are already down
* arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
arch/arm64/kernel/cpufeature.c
scsi: cxlflash: Fix error return code in cxlflash_probe()
USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
* fuse: don't check refcount after stealing page
fs/fuse/dev.c
powerpc/traps: Make unrecoverable NMIs die instead of panic
ALSA: hda: Fix potential race in unsol event handler
tty: serial: samsung: Correct clock selection logic
* tipc: fix memory leak in service subscripting
net/tipc/topsrv.c
USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
* Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
net/bluetooth/hci_event.c
phy: samsung: s5pv210-usb2: Add delay after reset
power: supply: max17040: Correct voltage reading
perf mem2node: Avoid double free related to realloc
atm: fix a memory leak of vcc->user_back
dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
* arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
arch/arm64/kernel/cpufeature.c
sparc64: vcc: Fix error return code in vcc_probe()
staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
scsi: aacraid: Fix error handling paths in aac_probe_one()
net: openvswitch: use u64 for meter bucket
KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi()
drivers: char: tlclk.c: Avoid data race between init and interrupt handler
* bdev: Reduce time holding bd_mutex in sync in blkdev_close()
fs/block_dev.c
KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
serial: uartps: Wait for tx_empty in console setup
scsi: qedi: Fix termination timeouts in session logout
* mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
mm/mmap.c
nvmet-rdma: fix double free of rdma queue
* mm/vmscan.c: fix data races using kswapd_classzone_idx
mm/vmscan.c
* mm/filemap.c: clear page error before actual read
mm/filemap.c
mm/kmemleak.c: use address-of operator on section symbols
* NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
include/linux/nfs_page.h
PCI: pciehp: Fix MSI interrupt race
* ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
sound/usb/midi.c
ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
* PCI: Use ioremap(), not phys_to_virt() for platform ROM
drivers/pci/rom.c
include/linux/pci.h
svcrdma: Fix leak of transport addresses
SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
scsi: hpsa: correct race condition in offload enabled
RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
nvme: Fix controller creation races with teardown flow
nvme-multipath: do not reset on unknown status
tools: gpio-hammer: Avoid potential overflow in main
cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
perf cpumap: Fix snprintf overflow check
serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
serial: 8250_omap: Fix sleeping function called from invalid context during probe
serial: 8250_port: Don't service RX FIFO if throttled
perf parse-events: Fix 3 use after frees found with clang ASAN
thermal: rcar_thermal: Handle probe error gracefully
* tracing: Use address-of operator on section symbols
kernel/trace/trace.c
drm/msm/a5xx: Always set an OPP supported hardware value
drm/msm: fix leaks if initialization fails
KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones
RDMA/cm: Remove a race freeing timewait_info
nfsd: Don't add locks to closed or closing open stateids
rtc: ds1374: fix possible race condition
rtc: sa1100: fix possible race condition
tpm: ibmvtpm: Wait for buffer to be set before proceeding
* ext4: mark block bitmap corrupted when found instead of BUGON
fs/ext4/mballoc.c
xfs: mark dir corrupt when lookup-by-hash fails
xfs: don't ever return a stale pointer from __xfs_dir3_free_read
media: tda10071: fix unsigned sign extension overflow
* Bluetooth: L2CAP: handle l2cap config request during open state
net/bluetooth/l2cap_core.c
scsi: aacraid: Disabling TM path and only processing IOP reset
ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
drm/amd/display: Stop if retimer is not available
drm/amdgpu: increase atombios cmd timeout
* mm: avoid data corruption on CoW fault into PFN-mapped VMA
mm/memory.c
perf jevents: Fix leak of mapfile memory
* ext4: fix a data race at inode->i_disksize
fs/ext4/inode.c
* timekeeping: Prevent 32bit truncation in scale64_check_overflow()
kernel/time/timekeeping.c
* Bluetooth: guard against controllers sending zero'd events
net/bluetooth/hci_event.c
media: go7007: Fix URB type for interrupt handling
bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal
* random: fix data races at timer_rand_state
drivers/char/random.c
firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp
drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
dmaengine: tegra-apb: Prevent race conditions on channel's freeing
dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all
* bpf: Remove recursion prevention from rcu free callback
kernel/bpf/hashtab.c
x86/pkeys: Add check for pkey "overflow"
media: staging/imx: Missing assignment in imx_media_capture_device_register()
dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all
KVM: x86: fix incorrect comparison in trace event
RDMA/rxe: Fix configuration of atomic queue pair attributes
perf test: Fix test trace+probe_vfs_getname.sh on s390
* ALSA: usb-audio: Don't create a mixer element with bogus volume range
sound/usb/mixer.c
mt76: clear skb pointers from rx aggregation reorder buffer during cleanup
crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test
clk: stratix10: use do_div() for 64-bit calculation
drm/omap: fix possible object reference leak
scsi: lpfc: Fix coverity errors in fmdi attribute handling
scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
* selinux: sel_avc_get_stat_idx should increase position index
security/selinux/selinuxfs.c
* audit: CONFIG_CHANGE don't log internal bookkeeping as an event
kernel/audit_watch.c
* skbuff: fix a data race in skb_queue_len()
include/linux/skbuff.h
net/unix/af_unix.c
ALSA: hda: Clear RIRB status before reading WP
KVM: fix overflow of zero page refcount with ksm running
* Bluetooth: prefetch channel before killing sock
net/bluetooth/l2cap_sock.c
* mm: pagewalk: fix termination condition in walk_pte_range()
mm/pagewalk.c
* mm/swapfile.c: swap_next should increase position index
mm/swapfile.c
* Bluetooth: Fix refcount use-after-free issue
net/bluetooth/l2cap_core.c
net/bluetooth/l2cap_sock.c
tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
selftests/ftrace: fix glob selftest
ceph: ensure we have a new cap before continuing in fill_inode
ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
ARM: 8948/1: Prevent OOB access in stacktrace
* tracing: Set kernel_stack's caller size properly
kernel/trace/trace_entries.h
Bluetooth: btrtl: Use kvmalloc for FW allocations
powerpc/eeh: Only dump stack once if an MMIO loop is detected
s390/cpum_sf: Use kzalloc and minor changes
dmaengine: zynqmp_dma: fix burst length configuration
* scsi: ufs: Fix a race condition in the tracing code
drivers/scsi/ufs/ufshcd.c
* scsi: ufs: Make ufshcd_add_command_trace() easier to read
drivers/scsi/ufs/ufshcd.c
ACPI: EC: Reference count query handlers under lock
* sctp: move trace_sctp_probe_path into sctp_outq_sack
include/trace/events/sctp.h
net/sctp/outqueue.c
media: ti-vpe: cal: Restrict DMA to avoid memory corruption
* seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
include/linux/seqlock.h
* ipv6_route_seq_next should increase position index
net/ipv6/ip6_fib.c
* rt_cpu_seq_next should increase position index
net/ipv4/route.c
* neigh_stat_seq_next() should increase position index
net/core/neighbour.c
xfs: fix log reservation overflows when allocating large rt extents
KVM: arm/arm64: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy()
* kernel/sys.c: avoid copying possible padding bytes in copy_to_user
kernel/sys.c
ASoC: max98090: remove msleep in PLL unlocked workaround
CIFS: Properly process SMB3 lease breaks
* debugfs: Fix !DEBUG_FS debugfs_create_automount
include/linux/debugfs.h
scsi: pm80xx: Cleanup command when a reset times out
gfs2: clean up iopen glock mess in gfs2_create_inode
* mmc: core: Fix size overflow for mmc partitions
include/linux/mmc/card.h
ubi: Fix producing anchor PEBs
RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
xfs: fix attr leaf header freemap.size underflow
* fix dget_parent() fastpath race
fs/dcache.c
RDMA/i40iw: Fix potential use after free
RDMA/qedr: Fix potential use after free
dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails
bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
* tracing: Adding NULL checks for trace_array descriptor pointer
kernel/trace/trace.c
kernel/trace/trace_events.c
tpm_crb: fix fTPM on AMD Zen+ CPUs
drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table
* mfd: mfd-core: Protect against NULL call-back function pointer
drivers/mfd/mfd-core.c
mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table
clk/ti/adpll: allocate room for terminating null
* net: silence data-races on sk_backlog.tail
include/net/sock.h
net/ipv4/tcp.c
scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce
scsi: fnic: fix use after free
PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
leds: mlxreg: Fix possible buffer overflow
* lib/string.c: implement stpcpy
lib/string.c
ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520
ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
* ALSA: usb-audio: Add delay quirk for H570e USB headsets
sound/usb/quirks.c
x86/ioapic: Unbreak check_timer()
arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
media: smiapp: Fix error handling at NVM reading
ASoC: kirkwood: fix IRQ error handling
gma/gma500: fix a memory disclosure bug due to uninitialized bytes
m68k: q40: Fix info-leak in rtc_ioctl
scsi: aacraid: fix illegal IO beyond last LBA
* mm: fix double page fault on arm64 if PTE_AF is cleared
mm/memory.c
ath10k: fix memory leak for tpc_stats_final
ath10k: fix array out-of-bounds access
* dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling)
drivers/dma-buf/dma-fence.c
* media: mc-device.c: fix memleak in media_device_register_entity
drivers/media/media-device.c
* selinux: allow labeling before policy is loaded
security/selinux/hooks.c
ANDROID: GKI: prevent removal of monitored symbols
ANDROID: Refresh ABI.xmls with libabigail 1.8.0-98bbf30d
Merge 4.19.148 into android-4.19-stable
Linux 4.19.148
serial: 8250: Avoid error message on reprobe
* tcp_bbr: adapt cwnd based on ack aggregation estimation
include/net/inet_connection_sock.h
tcp_bbr: refactor bbr_target_cwnd() for general inflight provisioning
* mm: memcg: fix memcg reclaim soft lockup
mm/vmscan.c
* kbuild: support LLVM=1 to switch the default tools to Clang/LLVM
Makefile
* kbuild: replace AS=clang with LLVM_IAS=1
Makefile
* kbuild: remove AS variable
Makefile
* x86/boot: kbuild: allow readelf executable to be specified
Makefile
net: wan: wanxl: use $(M68KCC) instead of $(M68KAS) for rebuilding firmware
* net: wan: wanxl: use allow to pass CROSS_COMPILE_M68k for rebuilding firmware
drivers/net/wan/Kconfig
Documentation/llvm: fix the name of llvm-size
Documentation/llvm: add documentation on building w/ Clang/LLVM
* kbuild: add OBJSIZE variable for the size tool
Makefile
MAINTAINERS: add CLANG/LLVM BUILD SUPPORT info
* ipv4: Update exception handling for multipath routes via same device
net/ipv4/route.c
* net: add __must_check to skb_put_padto()
include/linux/skbuff.h
* net: qrtr: check skb_put_padto() return value
net/qrtr/qrtr.c
* net: phy: Avoid NPD upon phy_detach() when driver is unbound
drivers/net/phy/phy_device.c
bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
bnxt_en: return proper error codes in bnxt_show_temp
* tipc: use skb_unshare() instead in tipc_buf_append()
net/tipc/msg.c
* tipc: fix shutdown() of connection oriented socket
net/tipc/socket.c
* tipc: Fix memory leak in tipc_group_create_member()
net/tipc/group.c
nfp: use correct define to return NONE fec
* net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc
net/sched/sch_generic.c
* net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
net/ipv6/Kconfig
net: dsa: rtl8366: Properly clear member config
net: DCB: Validate DCB_ATTR_DCB_BUFFER argument
* ipv6: avoid lockdep issue in fib6_del()
net/ipv6/ip6_fib.c
* ip: fix tos reflection in ack and reset packets
net/ipv4/ip_output.c
hdlc_ppp: add range checks in ppp_cp_parse_cr()
geneve: add transport ports in route lookup for geneve
cxgb4: Fix offset when clearing filter byte counters
mm/thp: fix __split_huge_pmd_locked() for migration PMD
kprobes: fix kill kprobe which has been marked as gone
KVM: fix memory leak in kvm_io_bus_unregister_dev()
* af_key: pfkey_dump needs parameter validation
net/key/af_key.c
ANDROID: drop KERNEL_DIR setting in build.config.common
Merge 4.19.147 into android-4.19-stable
Linux 4.19.147
x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y
powerpc/dma: Fix dma_map_ops::get_required_mask
* ehci-hcd: Move include to keep CRC stable
drivers/usb/host/ehci-hcd.c
drivers/usb/host/ehci-hub.c
x86/boot/compressed: Disable relocation relaxation
serial: 8250_pci: Add Realtek 816a and 816b
Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
Input: trackpoint - add new trackpoint variant IDs
* percpu: fix first chunk size calculation for populated bitmap
mm/percpu.c
Revert "ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO"
i2c: i801: Fix resume bug
usblp: fix race between disconnect() and read()
USB: UAS: fix disconnect by unplugging a hub
* USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook
drivers/usb/core/quirks.c
drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata()
drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail
MIPS: SNI: Fix spurious interrupts
fbcon: Fix user font detection test at fbcon_resize().
perf test: Free formats for perf pmu parse test
MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
perf test: Fix the "signal" test inline assembly
Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload
ASoC: qcom: Set card->owner to avoid warnings
clk: rockchip: Fix initialization of mux_pll_src_4plls_p
clk: davinci: Use the correct size when allocating memory
* KVM: MIPS: Change the definition of kvm type
include/uapi/linux/kvm.h
* spi: Fix memory leak on splited transfers
drivers/spi/spi.c
* i2c: algo: pca: Reapply i2c bus settings after reset
include/linux/i2c-algo-pca.h
* f2fs: Return EOF on unaligned end of file DIO read
fs/f2fs/data.c
* f2fs: fix indefinite loop scanning for free nid
fs/f2fs/node.c
nvme-rdma: cancel async events before freeing event struct
nvme-fc: cancel async events before freeing event struct
openrisc: Fix cache API compile issue when not inlining
rapidio: Replace 'select' DMAENGINES 'with depends on'
SUNRPC: stop printk reading past end of string
NFS: Zero-stateid SETATTR should first return delegation
spi: spi-loopback-test: Fix out-of-bounds read
regulator: pwm: Fix machine constraints application
scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
scsi: libfc: Fix for double free()
scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
hv_netvsc: Remove "unlikely" from netvsc_select_queue
* net: handle the return value of pskb_carve_frag_list() correctly
net/core/skbuff.c
RDMA/bnxt_re: Restrict the max_gids to 256
gfs2: initialize transaction tr_ailX_lists earlier
scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up
scsi: qla2xxx: Move rport registration out of internal work_list
scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed
dsa: Allow forwarding of redirected IGMP traffic
ANDROID: Refresh ABI.xmls with libabigail 1.8.0-1dca710a
ANDROID: KMI symbol lists: migrate section name
Merge 4.19.146 into android-4.19-stable
Linux 4.19.146
* gcov: add support for GCC 10.1
kernel/gcov/Kconfig
usb: typec: ucsi: acpi: Check the _DEP dependencies
* usb: Fix out of sync data toggle if a configured device is reconfigured
drivers/usb/core/message.c
USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
USB: serial: option: support dynamic Quectel USB compositions
USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
* usb: core: fix slab-out-of-bounds Read in read_descriptors
drivers/usb/core/sysfs.c
phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init
staging: greybus: audio: fix uninitialized value issue
video: fbdev: fix OOB read in vga_8planes_imageblit()
ARM: dts: vfxxx: Add syscon compatible with OCOTP
KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
fbcon: remove now unusued 'softback_lines' cursor() argument
fbcon: remove soft scrollback code
* vgacon: remove software scrollback support
drivers/video/console/Kconfig
RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars
rbd: require global CAP_SYS_ADMIN for mapping and unmapping
drm/msm: Disable preemption on all 5xx targets
drm/tve200: Stabilize enable/disable
scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem
scsi: target: iscsi: Fix data digest calculation
* regulator: push allocation in set_consumer_device_supply() out of lock
drivers/regulator/core.c
btrfs: fix wrong address when faulting in pages in the search ioctl
btrfs: fix lockdep splat in add_missing_dev
btrfs: require only sector size alignment for parent eb bytenr
staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
iio:accel:mma8452: Fix timestamp alignment and prevent data leak.
iio:accel:mma7455: Fix timestamp alignment and prevent data leak.
iio: accel: kxsd9: Fix alignment of local buffer.
iio:chemical:ccs811: Fix timestamp alignment and prevent data leak.
iio:light:max44000 Fix timestamp alignment and prevent data leak.
iio:magnetometer:ak8975 Fix alignment and data leak issues.
iio:adc:ti-adc081c Fix alignment and data leak issues
iio:adc:max1118 Fix alignment of timestamp and data leak issues
iio:adc:ina2xx Fix timestamp alignment issue.
iio:adc:ti-adc084s021 Fix alignment and data leak issues.
iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
iio:light:ltr501 Fix timestamp alignment issue.
iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
iio: adc: mcp3422: fix locking on error path
iio: adc: mcp3422: fix locking scope
* gcov: Disable gcov build with GCC 10
kernel/gcov/Kconfig
iommu/amd: Do not use IOMMUv2 functionality when SME is active
drm/amdgpu: Fix bug in reporting voltage for CIK
ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled
cpufreq: intel_pstate: Refuse to turn off with HWP enabled
ARC: [plat-hsdk]: Switch ethernet phy-mode to rgmii-id
HID: elan: Fix memleak in elan_input_configured
drivers/net/wan/hdlc_cisco: Add hard_header_len
* HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices
drivers/hid/hid-ids.h
drivers/hid/hid-quirks.c
nvme-rdma: serialize controller teardown sequences
nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance
* irqchip/eznps: Fix build error for !ARC700 builds
include/soc/nps/common.h
xfs: initialize the shortform attr header padding entry
drivers/net/wan/lapbether: Set network_header before transmitting
ALSA: hda: Fix 2 channel swapping for Tegra
firestream: Fix memleak in fs_open
NFC: st95hf: Fix memleak in st95hf_in_send_cmd
drivers/net/wan/lapbether: Added needed_tailroom
* netfilter: conntrack: allow sctp hearbeat after connection re-use
include/linux/netfilter/nf_conntrack_sctp.h
net/netfilter/nf_conntrack_proto_sctp.c
dmaengine: acpi: Put the CSRT table after using it
ARC: HSDK: wireup perf irq
arm64: dts: ns2: Fixed QSPI compatible string
ARM: dts: BCM5301X: Fixed QSPI compatible string
ARM: dts: NSP: Fixed QSPI compatible string
ARM: dts: bcm: HR2: Fixed QSPI compatible string
mmc: sdhci-msm: Add retries when all tuning phases are found valid
RDMA/core: Fix reported speed and width
scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
drm/sun4i: Fix dsi dcs long write function
RDMA/bnxt_re: Do not report transparent vlan from QP1
RDMA/rxe: Drop pointless checks in rxe_init_ports
RDMA/rxe: Fix memleak in rxe_mem_init_user
ARM: dts: ls1021a: fix QuadSPI-memory reg range
ARM: dts: socfpga: fix register entry for timer3 on Arria10
ARM: dts: logicpd-som-lv-baseboard: Fix broken audio
ARM: dts: logicpd-torpedo-baseboard: Fix broken audio
ANDROID: ABI: refresh with latest libabigail 94f5d4ae
Change-Id: Iae064df7e1dd74cd417c0f1b30a86a2f26686ac1
Signed-off-by: Lucas Wei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
9ce79d9bed |
Merge 4.19.149 into android-4.19-stable
Changes in 4.19.149 selinux: allow labeling before policy is loaded media: mc-device.c: fix memleak in media_device_register_entity dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) ath10k: fix array out-of-bounds access ath10k: fix memory leak for tpc_stats_final mm: fix double page fault on arm64 if PTE_AF is cleared scsi: aacraid: fix illegal IO beyond last LBA m68k: q40: Fix info-leak in rtc_ioctl gma/gma500: fix a memory disclosure bug due to uninitialized bytes ASoC: kirkwood: fix IRQ error handling media: smiapp: Fix error handling at NVM reading arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback x86/ioapic: Unbreak check_timer() ALSA: usb-audio: Add delay quirk for H570e USB headsets ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 lib/string.c: implement stpcpy leds: mlxreg: Fix possible buffer overflow PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out scsi: fnic: fix use after free scsi: lpfc: Fix kernel crash at lpfc_nvme_info_show during remote port bounce net: silence data-races on sk_backlog.tail clk/ti/adpll: allocate room for terminating null drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() mfd: mfd-core: Protect against NULL call-back function pointer drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table tpm_crb: fix fTPM on AMD Zen+ CPUs tracing: Adding NULL checks for trace_array descriptor pointer bcache: fix a lost wake-up problem caused by mca_cannibalize_lock dmaengine: mediatek: hsdma_probe: fixed a memory leak when devm_request_irq fails RDMA/qedr: Fix potential use after free RDMA/i40iw: Fix potential use after free fix dget_parent() fastpath race xfs: fix attr leaf header freemap.size underflow RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' ubi: Fix producing anchor PEBs mmc: core: Fix size overflow for mmc partitions gfs2: clean up iopen glock mess in gfs2_create_inode scsi: pm80xx: Cleanup command when a reset times out debugfs: Fix !DEBUG_FS debugfs_create_automount CIFS: Properly process SMB3 lease breaks ASoC: max98090: remove msleep in PLL unlocked workaround kernel/sys.c: avoid copying possible padding bytes in copy_to_user KVM: arm/arm64: vgic: Fix potential double free dist->spis in __kvm_vgic_destroy() xfs: fix log reservation overflows when allocating large rt extents neigh_stat_seq_next() should increase position index rt_cpu_seq_next should increase position index ipv6_route_seq_next should increase position index seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier media: ti-vpe: cal: Restrict DMA to avoid memory corruption sctp: move trace_sctp_probe_path into sctp_outq_sack ACPI: EC: Reference count query handlers under lock scsi: ufs: Make ufshcd_add_command_trace() easier to read scsi: ufs: Fix a race condition in the tracing code dmaengine: zynqmp_dma: fix burst length configuration s390/cpum_sf: Use kzalloc and minor changes powerpc/eeh: Only dump stack once if an MMIO loop is detected Bluetooth: btrtl: Use kvmalloc for FW allocations tracing: Set kernel_stack's caller size properly ARM: 8948/1: Prevent OOB access in stacktrace ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter ceph: ensure we have a new cap before continuing in fill_inode selftests/ftrace: fix glob selftest tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility Bluetooth: Fix refcount use-after-free issue mm/swapfile.c: swap_next should increase position index mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: prefetch channel before killing sock KVM: fix overflow of zero page refcount with ksm running ALSA: hda: Clear RIRB status before reading WP skbuff: fix a data race in skb_queue_len() audit: CONFIG_CHANGE don't log internal bookkeeping as an event selinux: sel_avc_get_stat_idx should increase position index scsi: lpfc: Fix RQ buffer leakage when no IOCBs available scsi: lpfc: Fix coverity errors in fmdi attribute handling drm/omap: fix possible object reference leak clk: stratix10: use do_div() for 64-bit calculation crypto: chelsio - This fixes the kernel panic which occurs during a libkcapi test mt76: clear skb pointers from rx aggregation reorder buffer during cleanup ALSA: usb-audio: Don't create a mixer element with bogus volume range perf test: Fix test trace+probe_vfs_getname.sh on s390 RDMA/rxe: Fix configuration of atomic queue pair attributes KVM: x86: fix incorrect comparison in trace event dmaengine: stm32-mdma: use vchan_terminate_vdesc() in .terminate_all media: staging/imx: Missing assignment in imx_media_capture_device_register() x86/pkeys: Add check for pkey "overflow" bpf: Remove recursion prevention from rcu free callback dmaengine: stm32-dma: use vchan_terminate_vdesc() in .terminate_all dmaengine: tegra-apb: Prevent race conditions on channel's freeing drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp random: fix data races at timer_rand_state bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal media: go7007: Fix URB type for interrupt handling Bluetooth: guard against controllers sending zero'd events timekeeping: Prevent 32bit truncation in scale64_check_overflow() ext4: fix a data race at inode->i_disksize perf jevents: Fix leak of mapfile memory mm: avoid data corruption on CoW fault into PFN-mapped VMA drm/amdgpu: increase atombios cmd timeout drm/amd/display: Stop if retimer is not available ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read scsi: aacraid: Disabling TM path and only processing IOP reset Bluetooth: L2CAP: handle l2cap config request during open state media: tda10071: fix unsigned sign extension overflow xfs: don't ever return a stale pointer from __xfs_dir3_free_read xfs: mark dir corrupt when lookup-by-hash fails ext4: mark block bitmap corrupted when found instead of BUGON tpm: ibmvtpm: Wait for buffer to be set before proceeding rtc: sa1100: fix possible race condition rtc: ds1374: fix possible race condition nfsd: Don't add locks to closed or closing open stateids RDMA/cm: Remove a race freeing timewait_info KVM: PPC: Book3S HV: Treat TM-related invalid form instructions on P9 like the valid ones drm/msm: fix leaks if initialization fails drm/msm/a5xx: Always set an OPP supported hardware value tracing: Use address-of operator on section symbols thermal: rcar_thermal: Handle probe error gracefully perf parse-events: Fix 3 use after frees found with clang ASAN serial: 8250_port: Don't service RX FIFO if throttled serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout perf cpumap: Fix snprintf overflow check cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn tools: gpio-hammer: Avoid potential overflow in main nvme-multipath: do not reset on unknown status nvme: Fix controller creation races with teardown flow RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices scsi: hpsa: correct race condition in offload enabled SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' svcrdma: Fix leak of transport addresses PCI: Use ioremap(), not phys_to_virt() for platform ROM ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor PCI: pciehp: Fix MSI interrupt race NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() mm/kmemleak.c: use address-of operator on section symbols mm/filemap.c: clear page error before actual read mm/vmscan.c: fix data races using kswapd_classzone_idx nvmet-rdma: fix double free of rdma queue mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area scsi: qedi: Fix termination timeouts in session logout serial: uartps: Wait for tx_empty in console setup KVM: Remove CREATE_IRQCHIP/SET_PIT2 race bdev: Reduce time holding bd_mutex in sync in blkdev_close() drivers: char: tlclk.c: Avoid data race between init and interrupt handler KVM: arm64: vgic-its: Fix memory leak on the error path of vgic_add_lpi() net: openvswitch: use u64 for meter bucket scsi: aacraid: Fix error handling paths in aac_probe_one() staging:r8188eu: avoid skb_clone for amsdu to msdu conversion sparc64: vcc: Fix error return code in vcc_probe() arm64: cpufeature: Relax checks for AArch32 support at EL[0-2] dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion atm: fix a memory leak of vcc->user_back perf mem2node: Avoid double free related to realloc power: supply: max17040: Correct voltage reading phy: samsung: s5pv210-usb2: Add delay after reset Bluetooth: Handle Inquiry Cancel error after Inquiry Complete USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() tipc: fix memory leak in service subscripting tty: serial: samsung: Correct clock selection logic ALSA: hda: Fix potential race in unsol event handler powerpc/traps: Make unrecoverable NMIs die instead of panic fuse: don't check refcount after stealing page USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int scsi: cxlflash: Fix error return code in cxlflash_probe() arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register e1000: Do not perform reset in reset_task if we are already down drm/nouveau/debugfs: fix runtime pm imbalance on error drm/nouveau: fix runtime pm imbalance on error drm/nouveau/dispnv50: fix runtime pm imbalance on error printk: handle blank console arguments passed in. usb: dwc3: Increase timeout for CmdAct cleared by device controller btrfs: don't force read-only after error in drop snapshot vfio/pci: fix memory leaks of eventfd ctx perf evsel: Fix 2 memory leaks perf trace: Fix the selection for architectures to generate the errno name tables perf stat: Fix duration_time value for higher intervals perf util: Fix memory leak of prefix_if_not_in perf metricgroup: Free metric_events on error perf kcore_copy: Fix module map when there are no modules loaded ASoC: img-i2s-out: Fix runtime PM imbalance on error wlcore: fix runtime pm imbalance in wl1271_tx_work wlcore: fix runtime pm imbalance in wlcore_regdomain_config mtd: rawnand: omap_elm: Fix runtime PM imbalance on error PCI: tegra: Fix runtime PM imbalance on error ceph: fix potential race in ceph_check_caps mm/swap_state: fix a data race in swapin_nr_pages rapidio: avoid data race between file operation callbacks and mport_cdev_add(). mtd: parser: cmdline: Support MTD names containing one or more colons x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline vfio/pci: Clear error and request eventfd ctx after releasing cifs: Fix double add page to memcg when cifs_readpages nvme: fix possible deadlock when I/O is blocked scsi: libfc: Handling of extra kref scsi: libfc: Skip additional kref updating work event selftests/x86/syscall_nt: Clear weird flags after each test vfio/pci: fix racy on error and request eventfd ctx btrfs: qgroup: fix data leak caused by race between writeback and truncate ubi: fastmap: Free unused fastmap anchor peb during detach perf parse-events: Use strcmp() to compare the PMU name net: openvswitch: use div_u64() for 64-by-32 divisions nvme: explicitly update mpath disk capacity on revalidation ASoC: wm8994: Skip setting of the WM8994_MICBIAS register for WM1811 ASoC: wm8994: Ensure the device is resumed in wm89xx_mic_detect functions ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN Converter9 2-in-1 RISC-V: Take text_mutex in ftrace_init_nop() s390/init: add missing __init annotations lockdep: fix order in trace_hardirqs_off_caller() drm/amdkfd: fix a memory leak issue i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() objtool: Fix noreturn detection for ignored functions ieee802154: fix one possible memleak in ca8210_dev_com_init ieee802154/adf7242: check status of adf7242_read_reg clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() mwifiex: Increase AES key storage size to 256 bits batman-adv: bla: fix type misuse for backbone_gw hash indexing atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: mcast/TT: fix wrongly dropped or rerouted packets mac802154: tx: fix use-after-free bpf: Fix clobbering of r2 in bpf_gen_ld_abs drm/vc4/vc4_hdmi: fill ASoC card owner net: qed: RDMA personality shouldn't fail VF load drm/sun4i: sun8i-csc: Secondary CSC register correction batman-adv: Add missing include for in_interrupt() batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh bpf: Fix a rcu warning for bpffs map pretty-print ALSA: asihpi: fix iounmap in error handler regmap: fix page selection for noinc reads MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() KVM: x86: Reset MMU context if guest toggles CR4.SMAP or CR4.PKE KVM: SVM: Add a dedicated INVD intercept routine tracing: fix double free s390/dasd: Fix zero write for FBA devices kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() mm, THP, swap: fix allocating cluster for swapfile by mistake s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE ata: define AC_ERR_OK ata: make qc_prep return ata_completion_errors ata: sata_mv, avoid trigerrable BUG_ON KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch Linux 4.19.149 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Idfc1b35ec63b4b464aeb6e32709102bee0efc872 |
||
|
Kirill A. Shutemov
|
2b294ac325 |
mm: avoid data corruption on CoW fault into PFN-mapped VMA
[ Upstream commit c3e5ea6ee574ae5e845a40ac8198de1fb63bb3ab ]
Jeff Moyer has reported that one of xfstests triggers a warning when run
on DAX-enabled filesystem:
WARNING: CPU: 76 PID: 51024 at mm/memory.c:2317 wp_page_copy+0xc40/0xd50
...
wp_page_copy+0x98c/0xd50 (unreliable)
do_wp_page+0xd8/0xad0
__handle_mm_fault+0x748/0x1b90
handle_mm_fault+0x120/0x1f0
__do_page_fault+0x240/0xd70
do_page_fault+0x38/0xd0
handle_page_fault+0x10/0x30
The warning happens on failed __copy_from_user_inatomic() which tries to
copy data into a CoW page.
This happens because of race between MADV_DONTNEED and CoW page fault:
CPU0 CPU1
handle_mm_fault()
do_wp_page()
wp_page_copy()
do_wp_page()
madvise(MADV_DONTNEED)
zap_page_range()
zap_pte_range()
ptep_get_and_clear_full()
<TLB flush>
__copy_from_user_inatomic()
sees empty PTE and fails
WARN_ON_ONCE(1)
clear_page()
The solution is to re-try __copy_from_user_inatomic() under PTL after
checking that PTE is matches the orig_pte.
The second copy attempt can still fail, like due to non-readable PTE, but
there's nothing reasonable we can do about, except clearing the CoW page.
Reported-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Tested-by: Jeff Moyer <jmoyer@redhat.com>
Cc: <stable@vger.kernel.org>
Cc: Justin He <Justin.He@arm.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Link: http://lkml.kernel.org/r/20200218154151.13349-1-kirill.shutemov@linux.intel.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Jia He
|
8579a04403 |
mm: fix double page fault on arm64 if PTE_AF is cleared
[ Upstream commit 83d116c53058d505ddef051e90ab27f57015b025 ]
When we tested pmdk unit test [1] vmmalloc_fork TEST3 on arm64 guest, there
will be a double page fault in __copy_from_user_inatomic of cow_user_page.
To reproduce the bug, the cmd is as follows after you deployed everything:
make -C src/test/vmmalloc_fork/ TEST_TIME=60m check
Below call trace is from arm64 do_page_fault for debugging purpose:
[ 110.016195] Call trace:
[ 110.016826] do_page_fault+0x5a4/0x690
[ 110.017812] do_mem_abort+0x50/0xb0
[ 110.018726] el1_da+0x20/0xc4
[ 110.019492] __arch_copy_from_user+0x180/0x280
[ 110.020646] do_wp_page+0xb0/0x860
[ 110.021517] __handle_mm_fault+0x994/0x1338
[ 110.022606] handle_mm_fault+0xe8/0x180
[ 110.023584] do_page_fault+0x240/0x690
[ 110.024535] do_mem_abort+0x50/0xb0
[ 110.025423] el0_da+0x20/0x24
The pte info before __copy_from_user_inatomic is (PTE_AF is cleared):
[ffff9b007000] pgd=000000023d4f8003, pud=000000023da9b003,
pmd=000000023d4b3003, pte=360000298607bd3
As told by Catalin: "On arm64 without hardware Access Flag, copying from
user will fail because the pte is old and cannot be marked young. So we
always end up with zeroed page after fork() + CoW for pfn mappings. we
don't always have a hardware-managed access flag on arm64."
This patch fixes it by calling pte_mkyoung. Also, the parameter is
changed because vmf should be passed to cow_user_page()
Add a WARN_ON_ONCE when __copy_from_user_inatomic() returns error
in case there can be some obscure use-case (by Kirill).
[1] https://github.com/pmem/pmdk/tree/master/src/test/vmmalloc_fork
Signed-off-by: Jia He <justin.he@arm.com>
Reported-by: Yibo Cai <Yibo.Cai@arm.com>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Suren Baghdasaryan
|
ae78439f0d |
GKI: mm: export mm_trace_rss_stat for modules to report RSS changes
RSS changes are reported by calling {add|dec|inc}_mm_counter which
in turn call mm_trace_rss_stat. Export mm_trace_rss_stat to allow
modules to report RSS changes.
Bug: 153945060
Bug: 153826075
Bug: 153823050
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I6ceb817eca1e7e73328cb1af3bfc08f2c8043aa4
|
||
|
lucaswei
|
95ddbb8a09 |
Merge LA.UM.9.12.R1.10.00.00.597.042 via branch 'qcom-msm-4.19-7250' into android-msm-pixel-4.19
Conflicts: Documentation/ABI/testing/sysfs-fs-f2fs Documentation/filesystems/f2fs.txt Documentation/filesystems/fscrypt.rst Documentation/filesystems/fsverity.rst Makefile arch/arm64/configs/vendor/kona_defconfig arch/arm64/configs/vendor/lito_defconfig block/blk-core.c build.config.common drivers/base/core.c drivers/base/power/main.c drivers/clk/clk.c drivers/clk/qcom/clk-alpha-pll.c drivers/dma-buf/dma-buf.c drivers/gpu/msm/kgsl_pool.c drivers/input/misc/qpnp-power-on.c drivers/iommu/dma-mapping-fast.c drivers/iommu/io-pgtable-fast.c drivers/iommu/io-pgtable-msm-secure.c drivers/iommu/io-pgtable.c drivers/of/property.c drivers/platform/msm/ipa/ipa_clients/ipa_gsb.c drivers/platform/msm/ipa/ipa_clients/ipa_mhi_client.c drivers/platform/msm/ipa/ipa_v3/ipa_mpm.c drivers/power/supply/power_supply_sysfs.c drivers/power/supply/qcom/qg-core.h drivers/power/supply/qcom/qpnp-qg.c drivers/soc/qcom/scm.c drivers/staging/android/ion/ion_page_pool.c drivers/tty/serial/msm_geni_serial.c fs/crypto/Kconfig fs/crypto/bio.c fs/crypto/crypto.c fs/crypto/fname.c fs/crypto/fscrypt_private.h fs/crypto/hooks.c fs/crypto/keyinfo.c fs/crypto/policy.c fs/ext4/ext4.h fs/ext4/hash.c fs/ext4/inode.c fs/ext4/namei.c fs/ext4/page-io.c fs/ext4/readpage.c fs/ext4/super.c fs/ext4/verity.c fs/f2fs/Makefile fs/f2fs/data.c fs/f2fs/dir.c fs/f2fs/f2fs.h fs/f2fs/file.c fs/f2fs/gc.c fs/f2fs/hash.c fs/f2fs/inline.c fs/f2fs/namei.c fs/f2fs/segment.c fs/f2fs/super.c fs/f2fs/sysfs.c fs/f2fs/verity.c fs/inode.c fs/ubifs/dir.c fs/unicode/utf8-core.c fs/verity/enable.c fs/verity/fsverity_private.h fs/verity/hash_algs.c fs/verity/open.c fs/verity/verify.c include/linux/coresight.h include/linux/device.h include/linux/dma-buf.h include/linux/f2fs_fs.h include/linux/fscrypt.h include/linux/fsverity.h include/linux/fwnode.h include/linux/leds-qpnp-flash.h include/linux/perf_event.h include/linux/power_supply.h include/linux/unicode.h include/soc/qcom/scm.h include/uapi/linux/nl80211.h kernel/events/core.c kernel/sched/core.c kernel/sched/fair.c lib/Kconfig.debug lib/Makefile lib/test_meminit.c mm/slub.c mm/swapfile.c mm/vmalloc.c net/wireless/nl80211.c security/selinux/include/security.h Bug: 153823050 Bug: 153825378 Signed-off-by: lucaswei <lucaswei@google.com> Change-Id: Ia2bfb56f0d48504ba600b52bdde958a76d5bff72 |
||
|
Minchan Kim
|
6df920a8fa |
mm: mm_event: add swapin stat
Many embedded devices use zram as swap. Compared to storage swap (e.g. UFS), swapin from zram(ie., decompression) is extremly fast so it might be not major fault but minor. So this patch provides swapin latency tracking to distinguish them from storage major fault. Bug: 80168800 Bug: 116825053 Bug: 153442668 Test: boot Change-Id: I1c32430e32a051916ede5219bd5f40a9002652bc Signed-off-by: Minchan Kim <minchan@google.com> (cherry picked from commit 9de60685b99e819e57fb6c2bf636d5ac973e4f01) Signed-off-by: Martin Liu <liumartin@google.com> |