udc
2908 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
ec66dd5675 |
Merge remote-tracking branch 'common/android-4.4-p' into android-msm-wahoo-4.4
* common/android-4.4-p: Linux 4.4.296 xen/netback: don't queue unlimited number of packages xen/console: harden hvc_xen against event channel storms xen/netfront: harden netfront against event channel storms xen/blkfront: harden blkfront against event channel storms Input: touchscreen - avoid bitwise vs logical OR warning ARM: 8805/2: remove unneeded naked function usage net: lan78xx: Avoid unnecessary self assignment net: systemport: Add global locking for descriptor lifecycle timekeeping: Really make sure wall_to_monotonic isn't positive USB: serial: option: add Telit FN990 compositions PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error USB: gadget: bRequestType is a bitfield, not a enum igbvf: fix double free in `igbvf_probe` soc/tegra: fuse: Fix bitwise vs. logical OR warning nfsd: fix use-after-free due to delegation race dm btree remove: fix use after free in rebalance_children() recordmcount.pl: look for jgnop instruction as well as bcrl on s390 mac80211: send ADDBA requests using the tid/queue of the aggregation session hwmon: (dell-smm) Fix warning on /proc/i8k creation error net: netlink: af_netlink: Prevent empty skb by adding a check on len. i2c: rk3x: Handle a spurious start completion interrupt flag parisc/agp: Annotate parisc agp init functions with __init nfc: fix segfault in nfc_genl_dump_devices_done FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum Linux 4.4.295 irqchip: nvic: Fix offset for Interrupt Priority Offsets irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove iio: itg3200: Call iio_trigger_notify_done() on error iio: ltr501: Don't return error code in trigger handler iio: mma8452: Fix trigger reference couting iio: stk3310: Don't return error code in interrupt handler usb: core: config: fix validation of wMaxPacketValue entries USB: gadget: zero allocate endpoint 0 buffers USB: gadget: detect too-big endpoint 0 requests net/qla3xxx: fix an error code in ql_adapter_up() net, neigh: clear whole pneigh_entry at alloc time net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() net: altera: set a couple error code in probe() net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) tracefs: Set all files to the same group ownership as the mount option signalfd: use wake_up_pollfree() binder: use wake_up_pollfree() wait: add wake_up_pollfree() libata: add horkage for ASMedia 1092 can: pch_can: pch_can_rx_normal: fix use after free tracefs: Have new files inherit the ownership of their parent ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() ALSA: pcm: oss: Limit the period size to 16MB ALSA: pcm: oss: Fix negative period/buffer sizes ALSA: ctl: Fix copy of updated id with element read/write mm: bdi: initialize bdi_min_ratio when bdi is unregistered nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done can: sja1000: fix use after free in ems_pcmcia_add_card() HID: check for valid USB device for many HID drivers HID: wacom: fix problems when device is not a valid USB device HID: add USB_HID dependancy on some USB HID drivers HID: add USB_HID dependancy to hid-chicony HID: add USB_HID dependancy to hid-prodikeys HID: add hid_is_usb() function to make it simpler for USB detection HID: introduce hid_is_using_ll_driver UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers UPSTREAM: USB: gadget: detect too-big endpoint 0 requests Linux 4.4.294 serial: pl011: Add ACPI SBSA UART match id tty: serial: msm_serial: Deactivate RX DMA for polling support vgacon: Propagate console boot parameters before calling `vc_resize' parisc: Fix "make install" on newer debian releases siphash: use _unaligned version by default net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() natsemi: xtensa: fix section mismatch warnings fget: check that the fd still exists after getting a ref to it fs: add fget_many() and fput_many() sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl kprobes: Limit max data_size of the kretprobe instances net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound scsi: iscsi: Unblock session then wake up error handler s390/setup: avoid using memblock_enforce_memory_limit platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep net: return correct error code hugetlb: take PMD sharing into account when flushing tlb/caches tty: hvc: replace BUG_ON() with negative return value xen/netfront: don't trust the backend response data blindly xen/netfront: disentangle tx_skb_freelist xen/netfront: don't read data from request on the ring page xen/netfront: read response from backend only once xen/blkfront: don't trust the backend response data blindly xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: read response from backend only once xen: sync include/xen/interface/io/ring.h with Xen's newest version shm: extend forced shm destroy to support objects from several IPC nses fuse: release pipe buf after last use fuse: fix page stealing NFC: add NCI_UNREG flag to eliminate the race proc/vmcore: fix clearing user buffer by properly using clear_user() hugetlbfs: flush TLBs correctly after huge_pmd_unshare tracing: Check pid filtering when creating events tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows scsi: mpt3sas: Fix kernel panic during drive powercycle test ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE NFSv42: Don't fail clone() unless the OP_CLONE operation failed net: ieee802154: handle iftypes as u32 ASoC: topology: Add missing rwsem around snd_ctl_remove() calls ARM: dts: BCM5301X: Add interrupt properties to GPIO node xen: detect uninitialized xenbus in xenbus_init xen: don't continue xenstore initialization in case of errors staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() ALSA: ctxfi: Fix out-of-range access binder: fix test regression due to sender_euid change usb: hub: Fix locking issues with address0_mutex usb: hub: Fix usb enumeration issue due to address0 race USB: serial: option: add Fibocom FM101-GL variants USB: serial: option: add Telit LE910S1 0x9200 composition staging: ion: Prevent incorrect reference counting behavour Conflicts: fs/file_table.c Change-Id: Ie66d41bc083d3d53fc89fba73b6e57bcc18e1c4a |
||
|
Greg Kroah-Hartman
|
f9fe8dd7fb |
Merge 4.4.295 into android-4.4-p
Changes in 4.4.295 HID: introduce hid_is_using_ll_driver HID: add hid_is_usb() function to make it simpler for USB detection HID: add USB_HID dependancy to hid-prodikeys HID: add USB_HID dependancy to hid-chicony HID: add USB_HID dependancy on some USB HID drivers HID: wacom: fix problems when device is not a valid USB device HID: check for valid USB device for many HID drivers can: sja1000: fix use after free in ems_pcmcia_add_card() nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done mm: bdi: initialize bdi_min_ratio when bdi is unregistered ALSA: ctl: Fix copy of updated id with element read/write ALSA: pcm: oss: Fix negative period/buffer sizes ALSA: pcm: oss: Limit the period size to 16MB ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() tracefs: Have new files inherit the ownership of their parent can: pch_can: pch_can_rx_normal: fix use after free libata: add horkage for ASMedia 1092 wait: add wake_up_pollfree() binder: use wake_up_pollfree() signalfd: use wake_up_pollfree() tracefs: Set all files to the same group ownership as the mount option block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero net: altera: set a couple error code in probe() net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() net, neigh: clear whole pneigh_entry at alloc time net/qla3xxx: fix an error code in ql_adapter_up() USB: gadget: detect too-big endpoint 0 requests USB: gadget: zero allocate endpoint 0 buffers usb: core: config: fix validation of wMaxPacketValue entries iio: stk3310: Don't return error code in interrupt handler iio: mma8452: Fix trigger reference couting iio: ltr501: Don't return error code in trigger handler iio: itg3200: Call iio_trigger_notify_done() on error iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL irqchip: nvic: Fix offset for Interrupt Priority Offsets Linux 4.4.295 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I4810f7e2ebd538739fb0d62f9eade0921a9badfb |
||
|
Davidlohr Bueso
|
069244317f |
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
commit e6a59aac8a8713f335a37d762db0dbe80e7f6d38 upstream.
do_each_pid_thread(PIDTYPE_PGID) can race with a concurrent
change_pid(PIDTYPE_PGID) that can move the task from one hlist
to another while iterating. Serialize ioprio_get to take
the tasklist_lock in this case, just like it's set counterpart.
Fixes:
|
||
|
Michael Bestas
|
840671ca47 |
Merge remote-tracking branch 'common/android-4.4-p' into android-msm-wahoo-4.4
# By Sergey Shtylyov (9) and others # Via Greg Kroah-Hartman * common/android-4.4-p: Linux 4.4.288 libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. usb: testusb: Fix for showing the connection speed scsi: sd: Free scsi_disk device via put_device() ext2: fix sleeping in atomic bugs on error sparc64: fix pci_iounmap() when CONFIG_PCI is not set xen-netback: correct success/error reporting for the SKB-with-fraglist case af_unix: fix races in sk_peer_pid and sk_peer_cred accesses Linux 4.4.287 Revert "arm64: Mark __stack_chk_guard as __ro_after_init" Linux 4.4.286 cred: allow get_cred() and put_cred() to be given NULL. HID: usbhid: free raw_report buffers in usbhid_stop netfilter: ipset: Fix oversized kvmalloc() calls HID: betop: fix slab-out-of-bounds Write in betop_probe arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55 EDAC/synopsys: Fix wrong value type assignment for edac_mode ext4: fix potential infinite loop in ext4_dx_readdir() ipack: ipoctal: fix module reference leak ipack: ipoctal: fix missing allocation-failure check ipack: ipoctal: fix tty-registration error handling ipack: ipoctal: fix tty registration race ipack: ipoctal: fix stack information leak e100: fix buffer overrun in e100_get_regs e100: fix length calculation in e100_get_regs_len ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 mac80211: fix use-after-free in CCMP/GCMP RX tty: Fix out-of-bound vmalloc access in imageblit qnx4: work around gcc false positive warning bug spi: Fix tegra20 build with CONFIG_PM=n net: 6pack: Fix tx timeout and slot time alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile arm64: Mark __stack_chk_guard as __ro_after_init parisc: Use absolute_pointer() to define PAGE0 qnx4: avoid stringop-overread errors sparc: avoid stringop-overread errors net: i825xx: Use absolute_pointer for memcpy from fixed memory location compiler.h: Introduce absolute_pointer macro m68k: Double cast io functions to unsigned long blktrace: Fix uaf in blk_trace access after removing by sysfs scsi: iscsi: Adjust iface sysfs attr detection net/mlx4_en: Don't allow aRFS for encapsulated packets net: hso: fix muxed tty registration USB: serial: option: add device id for Foxconn T99W265 USB: serial: option: remove duplicate USB device ID USB: serial: option: add Telit LN920 compositions USB: serial: mos7840: remove duplicated 0xac24 device ID USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter xen/x86: fix PV trap handling on secondary processors cifs: fix incorrect check for null pointer in header_assemble usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() usb: gadget: r8a66597: fix a loop in set_feature() Linux 4.4.285 sctp: validate from_addr_param return drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_device_group ceph: lockdep annotations for try_nonblocking_invalidate dmaengine: ioat: depends on !UML parisc: Move pci_dev_is_behind_card_dino to where it is used dmaengine: acpi: Avoid comparison GSI with Linux vIRQ dmaengine: acpi-dma: check for 64-bit MMIO address profiling: fix shift-out-of-bounds bugs prctl: allow to setup brk for et_dyn executables 9p/trans_virtio: Remove sysfs file on probe failure thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() sctp: add param size validation for SCTP_PARAM_SET_PRIMARY sctp: validate chunk size in __rcv_asconf_lookup PM / wakeirq: Fix unbalanced IRQ enable for wakeirq s390/bpf: Fix optimizing out zero-extensions Linux 4.4.284 s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant net: renesas: sh_eth: Fix freeing wrong tx descriptor qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom ARC: export clear_user_page() for modules mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n ethtool: Fix an error code in cxgb2.c dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation x86/mm: Fix kern_addr_valid() to cope with existing but not present entries net/af_unix: fix a data-race in unix_dgram_poll tipc: increase timeout in tipc_sk_enqueue() r6040: Restore MDIO clock frequency after MAC reset net/l2tp: Fix reference count leak in l2tp_udp_recv_core dccp: don't duplicate ccid when cloning dccp sock ptp: dp83640: don't define PAGE0 net-caif: avoid user-triggerable WARN_ON(1) bnx2x: Fix enabling network interfaces without VFs platform/chrome: cros_ec_proto: Send command again when timeout occurs parisc: fix crash with signals and alloca net: fix NULL pointer reference in cipso_v4_doi_free ath9k: fix OOB read ar9300_eeprom_restore_internal parport: remove non-zero check on count Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" cifs: fix wrong release in sess_alloc_buffer() failed path mmc: rtsx_pci: Fix long reads when clock is prescaled gfs2: Don't call dlm after protocol is unmounted rpc: fix gss_svc_init cleanup on failure ARM: tegra: tamonten: Fix UART pad setting gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() Bluetooth: skip invalid hci_sync_conn_complete_evt serial: 8250_pci: make setup_port() parameters explicitly unsigned hvsi: don't panic on tty_register_driver failure xtensa: ISS: don't panic in rs_init serial: 8250: Define RX trigger levels for OxSemi 950 devices s390/jump_label: print real address in a case of a jump label bug ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() video: fbdev: riva: Error out if 'pixclock' equals zero video: fbdev: kyro: Error out if 'pixclock' equals zero video: fbdev: asiliantfb: Error out if 'pixclock' equals zero bpf/tests: Do not PASS tests without actually testing the result bpf/tests: Fix copy-and-paste error in double word test tty: serial: jsm: hold port lock when reporting modem line changes usb: gadget: u_ether: fix a potential null pointer dereference usb: host: fotg210: fix the actual_length of an iso packet Smack: Fix wrong semantics in smk_access_entry() netlink: Deal with ESRCH error in nlmsg_notify() video: fbdev: kyro: fix a DoS bug by restricting user input iio: dac: ad5624r: Fix incorrect handling of an optional regulator. PCI: Use pci_update_current_state() in pci_enable_device_flags() crypto: mxs-dcp - Use sg_mapping_iter to copy data pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() openrisc: don't printk() unconditionally PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported ARM: 9105/1: atags_to_fdt: don't warn about stack size libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs media: rc-loopback: return number of emitters rather than error media: uvc: don't do DMA on stack VMCI: fix NULL pointer dereference when unmapping queue pair power: supply: max17042: handle fails of reading status register xen: fix setting of max_pfn in shared_info PCI/MSI: Skip masking MSI-X on Xen PV rtc: tps65910: Correct driver module alias fbmem: don't allow too huge resolutions clk: kirkwood: Fix a clocking boot regression KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted tty: Fix data race between tiocsti() and flush_to_ldisc() ipv4: make exception cache less predictible bcma: Fix memory leak for internally-handled cores ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() usb: ehci-orion: Handle errors of clk_prepare_enable() in probe i2c: mt65xx: fix IRQ check CIFS: Fix a potencially linear read overflow mmc: moxart: Fix issue with uninitialized dma_slave_config mmc: dw_mmc: Fix issue with uninitialized dma_slave_config i2c: s3c2410: fix IRQ check i2c: iop3xx: fix deferred probing Bluetooth: add timeout sanity check to hci_inquiry usb: gadget: mv_u3d: request_irq() after initializing UDC usb: phy: tahvo: add IRQ check usb: host: ohci-tmio: add IRQ check Bluetooth: Move shutdown callback before flushing tx and rx queue usb: phy: twl6030: add IRQ checks usb: phy: fsl-usb: add IRQ check usb: gadget: udc: at91: add IRQ check drm/msm/dsi: Fix some reference counted resource leaks Bluetooth: fix repeated calls to sco_sock_kill arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow PCI: PM: Enable PME if it can be signaled from D3cold i2c: highlander: add IRQ check net: cipso: fix warnings in netlbl_cipsov4_add_std tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos Bluetooth: sco: prevent information leak in sco_conn_defer_accept() media: go7007: remove redundant initialization media: dvb-usb: fix uninit-value in vp702x_read_mac_addr media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init certs: Trigger creation of RSA module signing key if it's not an RSA key m68k: emu: Fix invalid free in nfeth_cleanup() udf_get_extendedattr() had no boundary checks. crypto: qat - fix reuse of completion variable crypto: qat - do not ignore errors from enable_vf2pf_comms() libata: fix ata_host_start() power: supply: max17042_battery: fix typo in MAx17042_TOFF crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() crypto: mxs-dcp - Check for DMA mapping errors PCI: Call Max Payload Size-related fixup quirks early x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions Revert "btrfs: compression: don't try to compress if we don't have enough pages" mm/page_alloc: speed up the iteration of max_order net: ll_temac: Remove left-over debug message powerpc/boot: Delete unneeded .globl _zimage_start powerpc/module64: Fix comment in R_PPC64_ENTRY handling mm/kmemleak.c: make cond_resched() rate-limiting more efficient s390/disassembler: correct disassembly lines alignment ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) tc358743: fix register i2c_rd/wr function fix PM / wakeirq: Enable dedicated wakeirq for suspend USB: serial: mos7720: improve OOM-handling in read_mos_reg() usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled igmp: Add ip_mc_list lock in ip_check_mc_rcu media: stkwebcam: fix memory leak in stk_camera_probe ath9k: Postpone key cache entry deletion for TXQ frames reference it ath: Modify ath_key_delete() to not need full key entry ath: Export ath_hw_keysetmac() ath9k: Clear key cache explicitly on disabling hardware ath: Use safer key clearing with key cache entries ALSA: pcm: fix divide error in snd_pcm_lib_ioctl ARM: 8918/2: only build return_address() if needed cryptoloop: add a deprecation warning qede: Fix memset corruption ARC: fix allnoconfig build warning xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG ext4: fix race writing to an inline_data file while its xattrs are changing Change-Id: I1ab34741b8a456049ad2d583e71958af0d5ad3cb |
||
|
Greg Kroah-Hartman
|
ab4d40104a |
Merge 4.4.285 into android-4.4-p
Changes in 4.4.285 s390/bpf: Fix optimizing out zero-extensions PM / wakeirq: Fix unbalanced IRQ enable for wakeirq sctp: validate chunk size in __rcv_asconf_lookup sctp: add param size validation for SCTP_PARAM_SET_PRIMARY thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() 9p/trans_virtio: Remove sysfs file on probe failure prctl: allow to setup brk for et_dyn executables profiling: fix shift-out-of-bounds bugs dmaengine: acpi-dma: check for 64-bit MMIO address dmaengine: acpi: Avoid comparison GSI with Linux vIRQ parisc: Move pci_dev_is_behind_card_dino to where it is used dmaengine: ioat: depends on !UML ceph: lockdep annotations for try_nonblocking_invalidate nilfs2: fix memory leak in nilfs_sysfs_create_device_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV sctp: validate from_addr_param return Linux 4.4.285 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I10ef4f8fa6f8c53aaedfa2e6c5212b1faecad1b4 |
||
|
Li Jinlin
|
6743126354 |
blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
[ Upstream commit 884f0e84f1e3195b801319c8ec3d5774e9bf2710 ] The pending timer has been set up in blk_throtl_init(). However, the timer is not deleted in blk_throtl_exit(). This means that the timer handler may still be running after freeing the timer, which would result in a use-after-free. Fix by calling del_timer_sync() to delete the timer in blk_throtl_exit(). Signed-off-by: Li Jinlin <lijinlin3@huawei.com> Link: https://lore.kernel.org/r/20210907121242.2885564-1-lijinlin3@huawei.com Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Michael Bestas
|
29daf360fe |
Merge remote-tracking branch 'common/android-4.4-p' into android-msm-wahoo-4.4
# By Daniel Rosenberg (98) and others
# Via Greg Kroah-Hartman (219) and others
* google/common/android-4.4-p:
ANDROID: xt_qtaguid: fix UAF race
ANDROID: Make vsock virtio packet buff size configurable
ANDROID: cuttlefish_defconfig: add missing CONFIG_BLK_CGROUP
ANDROID: xt_qtaguid: Remove tag_entry from process list on untag
ANDROID: usb: f_accessory: Don't drop NULL reference in acc_disconnect()
ANDROID: usb: f_accessory: Avoid bitfields for shared variables
ANDROID: usb: f_accessory: Cancel any pending work before teardown
ANDROID: usb: f_accessory: Don't corrupt global state on double registration
ANDROID: usb: f_accessory: Fix teardown ordering in acc_release()
ANDROID: usb: f_accessory: Add refcounting to global 'acc_dev'
UPSTREAM: locking/atomic, kref: Add KREF_INIT()
ANDROID: usb: f_accessory: Wrap '_acc_dev' in get()/put() accessors
ANDROID: usb: f_accessory: Remove useless assignment
ANDROID: usb: f_accessory: Remove useless non-debug prints
ANDROID: usb: f_accessory: Remove stale comments
ANDROID: USB: f_accessory: Check dev pointer before decoding ctrl request
ANDROID: usb: gadget: f_accessory: fix CTS test stuck
ANDROID: cuttlefish_defconfig: Disable CONFIG_KSM
UPSTREAM: arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
UPSTREAM: arm64: kaslr: Fix up the kernel image alignment
UPSTREAM: sched/fair: Fix FTQ noise bench regression
UPSTREAM: dm verity fec: fix bufio leaks
UPSTREAM: arm64: kernel: restrict /dev/mem read() calls to linear region
UPSTREAM: binder: fix incorrect cmd to binder_stat_br
UPSTREAM: arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
UPSTREAM: KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
UPSTREAM: fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
UPSTREAM: arm64: fix unwind_frame() for filtered out fn for function graph tracing
UPSTREAM: arm64: kpti: Use early_param for kpti= command-line option
UPSTREAM: arm64: kaslr: ensure randomized quantities are clean to the PoC
UPSTREAM: arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
UPSTREAM: staging: android: vsoc: fix copy_from_user overrun
UPSTREAM: arm64/mm: Inhibit huge-vmap with ptdump
UPSTREAM: drivers/perf: arm_pmu: Fix failure path in PM notifier
UPSTREAM: fs/posix_acl.c: fix kernel-doc warnings
UPSTREAM: ext2: fix debug reference to ext2_xattr_cache
UPSTREAM: arm64: alternative: fix build with clang integrated assembler
UPSTREAM: dm verity fec: fix hash block number in verity_fec_decode
ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
BACKPORT: xfrm/compat: Add 64=>32-bit messages translator
BACKPORT: xfrm: Provide API to register translator module
UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
ANDROID: Publish uncompressed Image on aarch64
ANDROID: Makefile: append BUILD_NUMBER to version string when defined
UPSTREAM: binder: fix UAF when releasing todo list
ANDROID: fix a bug in quota2
UPSTREAM: binder: Prevent context manager from incrementing ref 0
BACKPORT: xtables: extend matches and targets with .usersize
UPSTREAM: ip6tables: use match, target and data copy_to_user helpers
UPSTREAM: iptables: use match, target and data copy_to_user helpers
UPSTREAM: xtables: add xt_match, xt_target and data copy_to_user functions
ANDROID: cuttlefish_defconfig: Drop built-in cmdline (except nopti)
ANDROID: cuttlefish defconfig - enable mount/net/uts namespaces.
ANDROID: hid: steam: remove BT controller matching
UPSTREAM: HID: steam: Fix input device disappearing
Revert "ext2: fix empty body warnings when -Wextra is used"
Revert "net: ipv6: Fix processing of RAs in presence of VRF"
UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
BACKPORT: xfrm: Allow Output Mark to be Updated Using UPDSA
UPSTREAM: socket: close race condition between sock_close() and sockfs_setattr()
UPSTREAM: net: ipv6: Use passed in table for nexthop lookups
ANDROID: cuttlefish_defconfig: Fix dm-verity related options
Revert "ANDROID: dm verity: add minimum prefetch size"
ANDROID: mnt: Propagate remount correctly
BACKPORT: loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl
UPSTREAM: loop: drop caches if offset or block_size are changed
UPSTREAM: loop: add ioctl for changing logical block size
BACKPORT: block/loop: set hw_sectors
ANDROID: cuttlefish_defconfig: Minimally enable EFI
UPSTREAM: bpf: Explicitly memset the bpf_attr structure
FROMLIST: HID: nintendo: add nintendo switch controller driver
UPSTREAM: staging: most: net: fix buffer overflow
UPSTREAM: ALSA: pcm: Add missing copy ops check before clearing buffer
ANDROID: selinux: modify RTM_GETLINK permission
UPSTREAM: HID: input: map digitizer battery usage
UPSTREAM: HID: input: ignore the battery in OKLICK Laser BTmouse
ANDROID: cuttlefish_defconfig: Disable TRANSPARENT_HUGEPAGE
commit e82b9b0727ff ("vhost: introduce vhost_exceeds_weight()")
UPSTREAM: HID: steam: fix deadlock with input devices.
UPSTREAM: HID: steam: fix boot loop with bluetooth firmware
UPSTREAM: HID: steam: remove input device when a hid client is running.
UPSTREAM: HID: steam: use hid_device.driver_data instead of hid_set_drvdata()
UPSTREAM: HID: steam: add missing fields in client initialization
UPSTREAM: HID: steam: add battery device.
UPSTREAM: HID: add driver for Valve Steam Controller
UPSTREAM: HID: sony: Fix memory corruption issue on cleanup.
UPSTREAM: HID: sony: Fix race condition between rumble and device remove.
UPSTREAM: HID: sony: remove redundant check for -ve err
UPSTREAM: HID: sony: Make sure to unregister sensors on failure
UPSTREAM: HID: sony: Make DS4 bt poll interval adjustable
UPSTREAM: HID: sony: Set proper bit flags on DS4 output report
UPSTREAM: HID: sony: DS4 use brighter LED colors
UPSTREAM: HID: sony: Improve navigation controller axis/button mapping
UPSTREAM: HID: sony: Use DS3 MAC address as unique identifier on USB
UPSTREAM: HID: sony: Perform duplicate device check earlier on
UPSTREAM: HID: sony: Expose DS3 motion sensors through separate device
UPSTREAM: HID: sony: Print error on failure to active DS3 / Navigation controllers
UPSTREAM: HID: sony: DS3 comply to Linux gamepad spec
UPSTREAM: HID: sony: Mark DS4 touchpad device as a pointer
UPSTREAM: HID: sony: Support motion sensor calibration on dongle
UPSTREAM: HID: sony: Make work handling more generic
UPSTREAM: HID: sony: Treat the ds4 dongle as a separate device
UPSTREAM: HID: sony: Remove report descriptor fixup for DS4
UPSTREAM: HID: sony: Report hardware timestamp for DS4 sensor values
UPSTREAM: HID: sony: Calibrate DS4 motion sensors
UPSTREAM: HID: sony: Report DS4 motion sensors through a separate device
UPSTREAM: HID: sony: Fix input device leak when connecting a DS4 twice using USB/BT
UPSTREAM: HID: sony: Use LED_CORE_SUSPENDRESUME
UPSTREAM: HID: sony: Ignore DS4 dongle reports when no device is connected
UPSTREAM: HID: sony: Use DS4 MAC address as unique identifier on USB
UPSTREAM: HID: sony: Fix error handling bug when touchpad registration fails
UPSTREAM: HID: sony: Comply to Linux gamepad spec for DS4
UPSTREAM: HID: sony: Make the DS4 touchpad a separate device
UPSTREAM: HID: sony: Fix memory issue when connecting device using both Bluetooth and USB
UPSTREAM: HID: sony: Adjust value range for motion sensors
UPSTREAM: HID: sony: Handle multiple touch events input record
UPSTREAM: HID: sony: Send ds4 output reports on output end-point
UPSTREAM: HID: sony: Perform CRC check on bluetooth input packets
UPSTREAM: HID: sony: Adjust HID report size name definitions
UPSTREAM: HID: sony: Fix race condition in sony_probe
UPSTREAM: HID: sony: Update copyright and add Dualshock 4 rate control note
UPSTREAM: HID: sony: Defer the initial USB Sixaxis output report
UPSTREAM: HID: sony: Relax duplicate checking for USB-only devices
UPSTREAM: HID: sony: underscores are unnecessary for u8, u16, s32
UPSTREAM: HID: sony: fix some warnings from scripts/checkpatch.pl
UPSTREAM: HID: sony: fix errors from scripts/checkpatch.pl
UPSTREAM: HID: sony: fix a typo in descriptors comments s/Joystik/Joystick/
UPSTREAM: HID: sony: Fixup output reports for the nyko core controller
UPSTREAM: HID: sony: Remove the size check for the Dualshock 4 HID Descriptor
UPSTREAM: HID: sony: Save and restore the controller state on suspend and resume
UPSTREAM: HID: sony: Refactor the output report sending functions
ANDROID: cpufreq: times: add /proc/uid_concurrent_{active,policy}_time
rtlwifi: Fix potential overflow on P2P code
ANDROID: clang: update to 9.0.8 based on r365631c
ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
ANDROID: refactor build.config files to remove duplication
ANDROID: usb: gadget: Fix dependency for f_accessory
Remove taskname from lowmemorykiller kill reports
ANDROID: Fixes to locking around handle_lmk_event
Revert "ANDROID: regression introduced override_creds=off"
ANDROID: regression introduced override_creds=off
Fix fallout from changes to bootparam_utils.h
ANDROID: sched: Disallow WALT with CFS bandwidth control
ANDROID: fiq_debugger: remove
ANDROID: arm64: fix leftover RWX when using CONFIG_UNMAP_KERNEL_AT_EL0
ANDROID: fix kernelci build-break in lowmemorykiller
ANDROID: Avoid taking multiple locks in handle_lmk_event
UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier
ANDROID: fix binder change in merge of 4.4.183
Fix overlayfs build break
binder: binder: fix possible UAF when freeing buffer
ANDROID: Revert "f2fs: avoid out-of-range memory access"
ANDROID: overlayfs: Fix a regression in commit
|
||
|
Michael Bestas
|
4cc75538c1 |
Merge tag 'v4.4.259' into android-msm-wahoo-4.4
This is the 4.4.259 stable release # gpg: Signature made Wed Mar 3 17:45:51 2021 EET # gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E # gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [full] # gpg: gregkh@kernel.org: Verified 10 signatures in the past 2 hours. Encrypted # 0 messages. # By Dan Carpenter (7) and others # Via Greg Kroah-Hartman * tag 'v4.4.259': Linux 4.4.259 dm era: Update in-core bitset after committing the metadata futex: Fix OWNER_DEAD fixup dm era: only resize metadata in preresume dm era: Reinitialize bitset cache before digesting a new writeset dm era: Use correct value size in equality function of writeset tree dm era: Fix bitset memory leaks dm era: Verify the data block size hasn't changed dm era: Recover committed writeset after crash gfs2: Don't skip dlm unlock if glock has an lvb sparc32: fix a user-triggerable oops in clear_user() f2fs: fix out-of-repair __setattr_copy() gpio: pcf857x: Fix missing first interrupt module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols libnvdimm/dimm: Avoid race between probe and available_slots_show() usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() mm: hugetlb: fix a race between freeing and dissolving the page floppy: reintroduce O_NDELAY fix x86/reboot: Force all cpus to exit VMX root if VMX is supported staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue btrfs: fix reloc root leak with 0 ref reloc roots on recovery KEYS: trusted: Fix migratable=1 failing usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 USB: serial: mos7720: fix error code in mos7720_write() USB: serial: mos7840: fix error code in mos7840_write() USB: serial: option: update interface mapping for ZTE P685M Input: i8042 - add ASUS Zenbook Flip to noselftest list Input: joydev - prevent potential read overflow in ioctl Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S blk-settings: align max_sectors on "logical_block_size" boundary block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h> scsi: bnx2fc: Fix Kconfig warning & CNIC build errors i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition mm/hugetlb: fix potential double free in hugetlb_register_node() error path mm/memory.c: fix potential pte_unmap_unlock pte error PCI: Align checking of syscall user config accessors VMCI: Use set_page_dirty_lock() when unregistering guest memory misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users misc: eeprom_93xx46: Fix module alias to enable module autoprobe sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set Input: elo - fix an error code in elo_connect() perf test: Fix unaligned access in sample parsing test perf intel-pt: Fix missing CYC processing in PSB powerpc/pseries/dlpar: handle ibm, configure-connector delay status mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() tracepoint: Do not fail unregistering a probe due to memory failure amba: Fix resource leak for drivers without .remove ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe powerpc/47x: Disable 256k page size IB/umad: Return EIO in case of when device disassociated isofs: release buffer head before return regulator: axp20x: Fix reference cout leak clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function dmaengine: fsldma: Fix a resource leak in the remove function HID: core: detect and skip invalid inputs to snto32() clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL jffs2: fix use after free in jffs2_sum_write_data() fs/jfs: fix potential integer overflow on shift of a int btrfs: clarify error returns values in __load_free_space_cache media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values media: cx25821: Fix a bug when reallocating some dma memory media: lmedm04: Fix misuse of comma ASoC: cs42l56: fix up error handling in probe media: tm6000: Fix memleak in tm6000_start_stream media: media/pci: Fix memleak in empress_init MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0 MIPS: c-r4k: Fix section mismatch for loongson2_sc_init gma500: clean up error handling in init drm/gma500: Fix error return code in psb_driver_load() fbdev: aty: SPARC64 requires FB_ATY_CT b43: N-PHY: Fix the update of coef for the PHY revision >= 3case xen/netback: fix spurious event detection for common event case bnxt_en: reverse order of TX disable and carrier off ARM: s3c: fix fiq for clang IAS usb: dwc2: Make "trimming xfer length" a debug message usb: dwc2: Abort transaction after errors with unknown reason Bluetooth: Put HCI device if inquiry procedure interrupts Bluetooth: drop HCI device reference before return ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa ARM: dts: exynos: correct PMIC interrupt trigger level on Spring Bluetooth: Fix initializing response id after clearing struct MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section kdb: Make memory allocations more robust scripts/recordmcount.pl: support big endian for ARCH sh igb: Remove incorrect "unexpected SYS WRAP" log message ntfs: check for valid standard information attribute xen-netback: delete NAPI instance when queue fails to initialize usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable HID: make arrays usage and value to be the same Change-Id: I1e89f14870d9386ef5ad211a4d421745e6b29f89 |
||
|
Michael Bestas
|
43f0fa2b4c |
Merge tag 'v4.4.252' into android-msm-wahoo-4.4
This is the 4.4.252 stable release # gpg: Signature made Sun Jan 17 14:57:14 2021 EET # gpg: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E # gpg: Good signature from "Greg Kroah-Hartman <gregkh@kernel.org>" [full] # gpg: gregkh@kernel.org: Verified 3 signatures in the past 75 minutes. Encrypted # 0 messages. # By David Disseldorp (5) and others # Via Greg Kroah-Hartman * tag 'v4.4.252': Linux 4.4.252 net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet block: fix use-after-free in disk_part_iter_next iommu/intel: Fix memleak in intel_irq_remapping_alloc block: rsxx: select CONFIG_CRC32 wil6210: select CONFIG_CRC32 cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get() spi: pxa2xx: Fix use-after-free on unbind ubifs: wbuf: Don't leak kernel memory to flash vmlinux.lds.h: Add PGO and AutoFDO input sections net: fix pmtu check in nopmtudisc mode net: ip: always refragment ip defragmented packets powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at scsi: target: Fix XCOPY NAA identifier lookup xcopy: loop over devices using idr helper target: use XCOPY segment descriptor CSCD IDs target: simplify XCOPY wwn->se_dev lookup helper target: bounds check XCOPY segment descriptor list target: add XCOPY target/segment desc sense codes Change-Id: I0302ba7b16ea9a7aac9e780fcec18dbe6e2e8f49 |
||
|
Greg Kroah-Hartman
|
04d20538ef |
Merge 4.4.259 into android-4.4-p
Changes in 4.4.259 HID: make arrays usage and value to be the same usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable xen-netback: delete NAPI instance when queue fails to initialize ntfs: check for valid standard information attribute igb: Remove incorrect "unexpected SYS WRAP" log message scripts/recordmcount.pl: support big endian for ARCH sh kdb: Make memory allocations more robust MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section Bluetooth: Fix initializing response id after clearing struct ARM: dts: exynos: correct PMIC interrupt trigger level on Spring ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa Bluetooth: drop HCI device reference before return Bluetooth: Put HCI device if inquiry procedure interrupts usb: dwc2: Abort transaction after errors with unknown reason usb: dwc2: Make "trimming xfer length" a debug message ARM: s3c: fix fiq for clang IAS bnxt_en: reverse order of TX disable and carrier off xen/netback: fix spurious event detection for common event case b43: N-PHY: Fix the update of coef for the PHY revision >= 3case fbdev: aty: SPARC64 requires FB_ATY_CT drm/gma500: Fix error return code in psb_driver_load() gma500: clean up error handling in init MIPS: c-r4k: Fix section mismatch for loongson2_sc_init MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0 media: media/pci: Fix memleak in empress_init media: tm6000: Fix memleak in tm6000_start_stream ASoC: cs42l56: fix up error handling in probe media: lmedm04: Fix misuse of comma media: cx25821: Fix a bug when reallocating some dma memory media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values btrfs: clarify error returns values in __load_free_space_cache fs/jfs: fix potential integer overflow on shift of a int jffs2: fix use after free in jffs2_sum_write_data() clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL HID: core: detect and skip invalid inputs to snto32() dmaengine: fsldma: Fix a resource leak in the remove function dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined regulator: axp20x: Fix reference cout leak isofs: release buffer head before return IB/umad: Return EIO in case of when device disassociated powerpc/47x: Disable 256k page size mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores amba: Fix resource leak for drivers without .remove tracepoint: Do not fail unregistering a probe due to memory failure mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() powerpc/pseries/dlpar: handle ibm, configure-connector delay status perf intel-pt: Fix missing CYC processing in PSB perf test: Fix unaligned access in sample parsing test Input: elo - fix an error code in elo_connect() sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set misc: eeprom_93xx46: Fix module alias to enable module autoprobe misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users VMCI: Use set_page_dirty_lock() when unregistering guest memory PCI: Align checking of syscall user config accessors mm/memory.c: fix potential pte_unmap_unlock pte error mm/hugetlb: fix potential double free in hugetlb_register_node() error path i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition scsi: bnx2fc: Fix Kconfig warning & CNIC build errors block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h> blk-settings: align max_sectors on "logical_block_size" boundary Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S Input: joydev - prevent potential read overflow in ioctl Input: i8042 - add ASUS Zenbook Flip to noselftest list USB: serial: option: update interface mapping for ZTE P685M USB: serial: mos7840: fix error code in mos7840_write() USB: serial: mos7720: fix error code in mos7720_write() usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt KEYS: trusted: Fix migratable=1 failing btrfs: fix reloc root leak with 0 ref reloc roots on recovery drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table x86/reboot: Force all cpus to exit VMX root if VMX is supported floppy: reintroduce O_NDELAY fix mm: hugetlb: fix a race between freeing and dissolving the page usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() libnvdimm/dimm: Avoid race between probe and available_slots_show() module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols gpio: pcf857x: Fix missing first interrupt f2fs: fix out-of-repair __setattr_copy() sparc32: fix a user-triggerable oops in clear_user() gfs2: Don't skip dlm unlock if glock has an lvb dm era: Recover committed writeset after crash dm era: Verify the data block size hasn't changed dm era: Fix bitset memory leaks dm era: Use correct value size in equality function of writeset tree dm era: Reinitialize bitset cache before digesting a new writeset dm era: only resize metadata in preresume futex: Fix OWNER_DEAD fixup dm era: Update in-core bitset after committing the metadata Linux 4.4.259 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I9105f90e1b63990a4db7a241f6568c14ca8fe8b2 |
||
|
Mikulas Patocka
|
b807c76a58 |
blk-settings: align max_sectors on "logical_block_size" boundary
commit 97f433c3601a24d3513d06f575a389a2ca4e11e4 upstream. We get I/O errors when we run md-raid1 on the top of dm-integrity on the top of ramdisk. device-mapper: integrity: Bio not aligned on 8 sectors: 0xff00, 0xff device-mapper: integrity: Bio not aligned on 8 sectors: 0xff00, 0xff device-mapper: integrity: Bio not aligned on 8 sectors: 0xffff, 0x1 device-mapper: integrity: Bio not aligned on 8 sectors: 0xffff, 0x1 device-mapper: integrity: Bio not aligned on 8 sectors: 0x8048, 0xff device-mapper: integrity: Bio not aligned on 8 sectors: 0x8147, 0xff device-mapper: integrity: Bio not aligned on 8 sectors: 0x8246, 0xff device-mapper: integrity: Bio not aligned on 8 sectors: 0x8345, 0xbb The ramdisk device has logical_block_size 512 and max_sectors 255. The dm-integrity device uses logical_block_size 4096 and it doesn't affect the "max_sectors" value - thus, it inherits 255 from the ramdisk. So, we have a device with max_sectors not aligned on logical_block_size. The md-raid device sees that the underlying leg has max_sectors 255 and it will split the bios on 255-sector boundary, making the bios unaligned on logical_block_size. In order to fix the bug, we round down max_sectors to logical_block_size. Cc: stable@vger.kernel.org Reviewed-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
cf3e310ff8 |
Merge 4.4.252 into android-4.4-p
Changes in 4.4.252
target: add XCOPY target/segment desc sense codes
target: bounds check XCOPY segment descriptor list
target: simplify XCOPY wwn->se_dev lookup helper
target: use XCOPY segment descriptor CSCD IDs
xcopy: loop over devices using idr helper
scsi: target: Fix XCOPY NAA identifier lookup
powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
net: ip: always refragment ip defragmented packets
net: fix pmtu check in nopmtudisc mode
vmlinux.lds.h: Add PGO and AutoFDO input sections
ubifs: wbuf: Don't leak kernel memory to flash
spi: pxa2xx: Fix use-after-free on unbind
cpufreq: powernow-k8: pass policy rather than use cpufreq_cpu_get()
wil6210: select CONFIG_CRC32
block: rsxx: select CONFIG_CRC32
iommu/intel: Fix memleak in intel_irq_remapping_alloc
block: fix use-after-free in disk_part_iter_next
net: drop bogus skb with CHECKSUM_PARTIAL and offset beyond end of trimmed packet
Linux 4.4.252
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I52de3890001cf1dd465a82774f65934443485761
|
||
|
Ming Lei
|
a09652089d |
block: fix use-after-free in disk_part_iter_next
commit aebf5db917055b38f4945ed6d621d9f07a44ff30 upstream. Make sure that bdgrab() is done on the 'block_device' instance before referring to it for avoiding use-after-free. Cc: <stable@vger.kernel.org> Reported-by: syzbot+825f0f9657d4e528046e@syzkaller.appspotmail.com Signed-off-by: Ming Lei <ming.lei@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
53454c3459 |
Merge 4.4.224 into android-4.4-p
Changes in 4.4.224 USB: serial: qcserial: Add DW5816e support Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS" dp83640: reverse arguments to list_add_tail net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() sch_sfq: validate silly quantum values sch_choke: avoid potential panic in choke_reset() Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" enic: do not overwrite error code ipv6: fix cleanup ordering for ip6_mr failure binfmt_elf: move brk out of mmap when doing direct loader exec x86/apm: Don't access __preempt_count with zeroed fs Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0" USB: uas: add quirk for LaCie 2Big Quadra USB: serial: garmin_gps: add sanity checking for data length batman-adv: fix batadv_nc_random_weight_tq scripts/decodecode: fix trapping instruction formatting phy: micrel: Ensure interrupts are reenabled on resume binfmt_elf: Do not move brk for INTERP-less ET_EXEC ext4: add cond_resched() to ext4_protect_reserved_inode net: ipv6: add net argument to ip6_dst_lookup_flow net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup blktrace: Fix potential deadlock between delete & sysfs ops blktrace: fix unlocked access to init/start-stop/teardown blktrace: fix trace mutex deadlock blktrace: Protect q->blk_trace with RCU blktrace: fix dereference after null check ptp: do not explicitly set drvdata in ptp_clock_register() ptp: use is_visible method to hide unused attributes ptp: create "pins" together with the rest of attributes chardev: add helper function to register char devs with a struct device ptp: Fix pass zero to ERR_PTR() in ptp_clock_register ptp: fix the race between the release of ptp_clock and cdev ptp: free ptp device pin descriptors properly net: handle no dst on skb in icmp6_send net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' net: moxa: Fix a potential double 'free_irq()' drop_monitor: work around gcc-10 stringop-overflow warning scsi: sg: add sg_remove_request in sg_write spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls cifs: Check for timeout on Negotiate stage cifs: Fix a race condition with cifs_echo_request dmaengine: pch_dma.c: Avoid data race between probe and irq handler dmaengine: mmp_tdma: Reset channel error on release drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() ipc/util.c: sysvipc_find_ipc() incorrectly updates position index net: openvswitch: fix csum updates for MPLS actions gre: do not keep the GRE header around in collect medata mode mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone() scsi: qla2xxx: Avoid double completion of abort command i40e: avoid NVM acquire deadlock during NVM update net/mlx5: Fix driver load error flow when firmware is stuck netfilter: conntrack: avoid gcc-10 zero-length-bounds warning IB/mlx4: Test return value of calls to ib_get_cached_pkey pnp: Use list_for_each_entry() instead of open coding gcc-10 warnings: fix low-hanging fruit kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig Stop the ad-hoc games with -Wno-maybe-initialized gcc-10: disable 'zero-length-bounds' warning for now gcc-10: disable 'array-bounds' warning for now gcc-10: disable 'stringop-overflow' warning for now gcc-10: disable 'restrict' warning for now block: defer timeouts to a workqueue blk-mq: Allow timeouts to run while queue is freezing blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter blk-mq: Allow blocking queue tag iter callbacks x86/paravirt: Remove the unused irq_enable_sysexit pv op gcc-10: avoid shadowing standard library 'free()' in crypto net: fix a potential recursive NETDEV_FEAT_CHANGE net: ipv4: really enforce backoff for redirects netlabel: cope with NULL catmap ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 ALSA: rawmidi: Fix racy buffer resize under concurrent accesses ALSA: rawmidi: Initialize allocated buffers USB: gadget: fix illegal array access in binding with UDC ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries x86: Fix early boot crash on gcc-10, third try exec: Move would_dump into flush_old_exec usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' usb: gadget: audio: Fix a missing error return value in audio_bind() usb: gadget: legacy: fix error return code in gncm_bind() usb: gadget: legacy: fix error return code in cdc_bind() Revert "ALSA: hda/realtek: Fix pop noise on ALC225" ARM: dts: r8a7740: Add missing extal2 to CPG node KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce Makefile: disallow data races on gcc-10 as well scsi: iscsi: Fix a potential deadlock in the timeout handler Linux 4.4.224 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I384313d39dead8b0babb144803269033f4aacc53 |
||
|
Nathan Chancellor
|
1d6ad6def5 |
Merge 4.4.224 into android-msm-wahoo-4.4
Changes in 4.4.224: (87 commits)
USB: serial: qcserial: Add DW5816e support
Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
dp83640: reverse arguments to list_add_tail
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
sch_sfq: validate silly quantum values
sch_choke: avoid potential panic in choke_reset()
Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
enic: do not overwrite error code
ipv6: fix cleanup ordering for ip6_mr failure
binfmt_elf: move brk out of mmap when doing direct loader exec
x86/apm: Don't access __preempt_count with zeroed fs
Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"
USB: uas: add quirk for LaCie 2Big Quadra
USB: serial: garmin_gps: add sanity checking for data length
batman-adv: fix batadv_nc_random_weight_tq
scripts/decodecode: fix trapping instruction formatting
phy: micrel: Ensure interrupts are reenabled on resume
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ext4: add cond_resched() to ext4_protect_reserved_inode
net: ipv6: add net argument to ip6_dst_lookup_flow
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
blktrace: Fix potential deadlock between delete & sysfs ops
blktrace: fix unlocked access to init/start-stop/teardown
blktrace: fix trace mutex deadlock
blktrace: Protect q->blk_trace with RCU
blktrace: fix dereference after null check
ptp: do not explicitly set drvdata in ptp_clock_register()
ptp: use is_visible method to hide unused attributes
ptp: create "pins" together with the rest of attributes
chardev: add helper function to register char devs with a struct device
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
ptp: fix the race between the release of ptp_clock and cdev
ptp: free ptp device pin descriptors properly
net: handle no dst on skb in icmp6_send
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
net: moxa: Fix a potential double 'free_irq()'
drop_monitor: work around gcc-10 stringop-overflow warning
scsi: sg: add sg_remove_request in sg_write
spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
cifs: Check for timeout on Negotiate stage
cifs: Fix a race condition with cifs_echo_request
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
dmaengine: mmp_tdma: Reset channel error on release
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
net: openvswitch: fix csum updates for MPLS actions
gre: do not keep the GRE header around in collect medata mode
mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
scsi: qla2xxx: Avoid double completion of abort command
i40e: avoid NVM acquire deadlock during NVM update
net/mlx5: Fix driver load error flow when firmware is stuck
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
IB/mlx4: Test return value of calls to ib_get_cached_pkey
pnp: Use list_for_each_entry() instead of open coding
gcc-10 warnings: fix low-hanging fruit
kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
Stop the ad-hoc games with -Wno-maybe-initialized
gcc-10: disable 'zero-length-bounds' warning for now
gcc-10: disable 'array-bounds' warning for now
gcc-10: disable 'stringop-overflow' warning for now
gcc-10: disable 'restrict' warning for now
block: defer timeouts to a workqueue
blk-mq: Allow timeouts to run while queue is freezing
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
blk-mq: Allow blocking queue tag iter callbacks
x86/paravirt: Remove the unused irq_enable_sysexit pv op
gcc-10: avoid shadowing standard library 'free()' in crypto
net: fix a potential recursive NETDEV_FEAT_CHANGE
net: ipv4: really enforce backoff for redirects
netlabel: cope with NULL catmap
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: rawmidi: Initialize allocated buffers
USB: gadget: fix illegal array access in binding with UDC
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
x86: Fix early boot crash on gcc-10, third try
exec: Move would_dump into flush_old_exec
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: legacy: fix error return code in cdc_bind()
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
ARM: dts: r8a7740: Add missing extal2 to CPG node
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
Makefile: disallow data races on gcc-10 as well
scsi: iscsi: Fix a potential deadlock in the timeout handler
Linux 4.4.224
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
kernel/trace/blktrace.c
sound/core/rawmidi.c
|
||
|
Keith Busch
|
4764810c45 |
blk-mq: Allow blocking queue tag iter callbacks
commit 530ca2c9bd6949c72c9b5cfc330cb3dbccaa3f5b upstream.
A recent commit runs tag iterator callbacks under the rcu read lock,
but existing callbacks do not satisfy the non-blocking requirement.
The commit intended to prevent an iterator from accessing a queue that's
being modified. This patch fixes the original issue by taking a queue
reference instead of reading it, which allows callbacks to make blocking
calls.
Fixes: f5bbbbe4d6357 ("blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter")
Acked-by: Jianchao Wang <jianchao.w.wang@oracle.com>
Signed-off-by: Keith Busch <keith.busch@intel.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Giuliano Procida <gprocida@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jianchao Wang
|
fa9355afd5 |
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
commit f5bbbbe4d63577026f908a809f22f5fd5a90ea1f upstream. For blk-mq, part_in_flight/rw will invoke blk_mq_in_flight/rw to account the inflight requests. It will access the queue_hw_ctx and nr_hw_queues w/o any protection. When updating nr_hw_queues and blk_mq_in_flight/rw occur concurrently, panic comes up. Before update nr_hw_queues, the q will be frozen. So we could use q_usage_counter to avoid the race. percpu_ref_is_zero is used here so that we will not miss any in-flight request. The access to nr_hw_queues and queue_hw_ctx in blk_mq_queue_tag_busy_iter are under rcu critical section, __blk_mq_update_nr_hw_queues could use synchronize_rcu to ensure the zeroed q_usage_counter to be globally visible. -------------- NOTE: Back-ported to 4.4.y. The upstream commit was intended to prevent concurrent manipulation of nr_hw_queues and iteration over queues. The former doesn't happen in this in 4.4.7 (as __blk_mq_update_nr_hw_queues doesn't exist). The extra locking is also buggy in this commit but fixed in a follow-up. It may protect against other concurrent accesses such as queue removal by synchronising RCU locking around q_usage_counter. -------------- Signed-off-by: Jianchao Wang <jianchao.w.wang@oracle.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Giuliano Procida <gprocida@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Gabriel Krisman Bertazi
|
f06f7a923d |
blk-mq: Allow timeouts to run while queue is freezing
commit 71f79fb3179e69b0c1448a2101a866d871c66e7f upstream. In case a submitted request gets stuck for some reason, the block layer can prevent the request starvation by starting the scheduled timeout work. If this stuck request occurs at the same time another thread has started a queue freeze, the blk_mq_timeout_work will not be able to acquire the queue reference and will return silently, thus not issuing the timeout. But since the request is already holding a q_usage_counter reference and is unable to complete, it will never release its reference, preventing the queue from completing the freeze started by first thread. This puts the request_queue in a hung state, forever waiting for the freeze completion. This was observed while running IO to a NVMe device at the same time we toggled the CPU hotplug code. Eventually, once a request got stuck requiring a timeout during a queue freeze, we saw the CPU Hotplug notification code get stuck inside blk_mq_freeze_queue_wait, as shown in the trace below. [c000000deaf13690] [c000000deaf13738] 0xc000000deaf13738 (unreliable) [c000000deaf13860] [c000000000015ce8] __switch_to+0x1f8/0x350 [c000000deaf138b0] [c000000000ade0e4] __schedule+0x314/0x990 [c000000deaf13940] [c000000000ade7a8] schedule+0x48/0xc0 [c000000deaf13970] [c0000000005492a4] blk_mq_freeze_queue_wait+0x74/0x110 [c000000deaf139e0] [c00000000054b6a8] blk_mq_queue_reinit_notify+0x1a8/0x2e0 [c000000deaf13a40] [c0000000000e7878] notifier_call_chain+0x98/0x100 [c000000deaf13a90] [c0000000000b8e08] cpu_notify_nofail+0x48/0xa0 [c000000deaf13ac0] [c0000000000b92f0] _cpu_down+0x2a0/0x400 [c000000deaf13b90] [c0000000000b94a8] cpu_down+0x58/0xa0 [c000000deaf13bc0] [c0000000006d5dcc] cpu_subsys_offline+0x2c/0x50 [c000000deaf13bf0] [c0000000006cd244] device_offline+0x104/0x140 [c000000deaf13c30] [c0000000006cd40c] online_store+0x6c/0xc0 [c000000deaf13c80] [c0000000006c8c78] dev_attr_store+0x68/0xa0 [c000000deaf13cc0] [c0000000003974d0] sysfs_kf_write+0x80/0xb0 [c000000deaf13d00] [c0000000003963e8] kernfs_fop_write+0x188/0x200 [c000000deaf13d50] [c0000000002e0f6c] __vfs_write+0x6c/0xe0 [c000000deaf13d90] [c0000000002e1ca0] vfs_write+0xc0/0x230 [c000000deaf13de0] [c0000000002e2cdc] SyS_write+0x6c/0x110 [c000000deaf13e30] [c000000000009204] system_call+0x38/0xb4 The fix is to allow the timeout work to execute in the window between dropping the initial refcount reference and the release of the last reference, which actually marks the freeze completion. This can be achieved with percpu_refcount_tryget, which does not require the counter to be alive. This way the timeout work can do it's job and terminate a stuck request even during a freeze, returning its reference and avoiding the deadlock. Allowing the timeout to run is just a part of the fix, since for some devices, we might get stuck again inside the device driver's timeout handler, should it attempt to allocate a new request in that path - which is a quite common action for Abort commands, which need to be sent after a timeout. In NVMe, for instance, we call blk_mq_alloc_request from inside the timeout handler, which will fail during a freeze, since it also tries to acquire a queue reference. I considered a similar change to blk_mq_alloc_request as a generic solution for further device driver hangs, but we can't do that, since it would allow new requests to disturb the freeze process. I thought about creating a new function in the block layer to support unfreezable requests for these occasions, but after working on it for a while, I feel like this should be handled in a per-driver basis. I'm now experimenting with changes to the NVMe timeout path, but I'm open to suggestions of ways to make this generic. Signed-off-by: Gabriel Krisman Bertazi <krisman@linux.vnet.ibm.com> Cc: Brian King <brking@linux.vnet.ibm.com> Cc: Keith Busch <keith.busch@intel.com> Cc: linux-nvme@lists.infradead.org Cc: linux-block@vger.kernel.org Reviewed-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Jens Axboe <axboe@fb.com> Signed-off-by: Giuliano Procida <gprocida@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Christoph Hellwig
|
5fb835b956 |
block: defer timeouts to a workqueue
commit 287922eb0b186e2a5bf54fdd04b734c25c90035c upstream. Timer context is not very useful for drivers to perform any meaningful abort action from. So instead of calling the driver from this useless context defer it to a workqueue as soon as possible. Note that while a delayed_work item would seem the right thing here I didn't dare to use it due to the magic in blk_add_timer that pokes deep into timer internals. But maybe this encourages Tejun to add a sensible API for that to the workqueue API and we'll all be fine in the end :) Contains a major update from Keith Bush: "This patch removes synchronizing the timeout work so that the timer can start a freeze on its own queue. The timer enters the queue, so timer context can only start a freeze, but not wait for frozen." ------------- NOTE: Back-ported to 4.4.y. The only parts of the upstream commit that have been kept are various locking changes, none of which were mentioned in the original commit message which therefore describes this change not at all. Timeout callbacks continue to be run via a timer. Both blk_mq_rq_timer and blk_rq_timed_out_timer will return without without doing any work if they cannot acquire the queue (without waiting). ------------- Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Keith Busch <keith.busch@intel.com> Signed-off-by: Jens Axboe <axboe@fb.com> Signed-off-by: Giuliano Procida <gprocida@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Waiman Long
|
aee60ffbce |
blktrace: Fix potential deadlock between delete & sysfs ops
commit 5acb3cc2c2e9d3020a4fee43763c6463767f1572 upstream.
The lockdep code had reported the following unsafe locking scenario:
CPU0 CPU1
---- ----
lock(s_active#228);
lock(&bdev->bd_mutex/1);
lock(s_active#228);
lock(&bdev->bd_mutex);
*** DEADLOCK ***
The deadlock may happen when one task (CPU1) is trying to delete a
partition in a block device and another task (CPU0) is accessing
tracing sysfs file (e.g. /sys/block/dm-1/trace/act_mask) in that
partition.
The s_active isn't an actual lock. It is a reference count (kn->count)
on the sysfs (kernfs) file. Removal of a sysfs file, however, require
a wait until all the references are gone. The reference count is
treated like a rwsem using lockdep instrumentation code.
The fact that a thread is in the sysfs callback method or in the
ioctl call means there is a reference to the opended sysfs or device
file. That should prevent the underlying block structure from being
removed.
Instead of using bd_mutex in the block_device structure, a new
blk_trace_mutex is now added to the request_queue structure to protect
access to the blk_trace structure.
Suggested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Waiman Long <longman@redhat.com>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Fix typo in patch subject line, and prune a comment detailing how
the code used to work.
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
7f96a9e54d |
Merge 4.4.223 into android-4.4-p
Changes in 4.4.223
mwifiex: fix PCIe register information for 8997 chipset
drm/qxl: qxl_release use after free
drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
staging: rtl8192u: Fix crash due to pointers being "confusing"
usb: gadget: f_acm: Fix configfs attr name
usb: gadged: pch_udc: get rid of redundant assignments
usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
usb: gadget: udc: core: don't starve DMA resources
MIPS: Fix macro typo
MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
MIPS: smp-cps: Stop printing EJTAG exceptions to UART
MIPS: scall: Handle seccomp filters which redirect syscalls
MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
MIPS: BMIPS: Pretty print BMIPS5200 processor name
MIPS: Fix HTW config on XPA kernel without LPA enabled
MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
MIPS: Fix BC1{EQ,NE}Z return offset calculation
MIPS: perf: Fix I6400 event numbers
MIPS: KVM: Fix translation of MFC0 ErrCtl
MIPS: SMP: Update cpu_foreign_map on CPU disable
MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
MIPS: Octeon: Off by one in octeon_irq_gpio_map()
bpf, mips: fix off-by-one in ctx offset allocation
MIPS: RM7000: Double locking bug in rm7k_tc_disable()
MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
mips/panic: replace smp_send_stop() with kdump friendly version in panic path
ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
ARM: imx: select SRC for i.MX7
ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
ARM: dts: kirkwood: use unique machine name for ds112
ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
perf/x86: Fix filter_events() bug with event mappings
x86/LDT: Print the real LDT base address
x86/apic/uv: Silence a shift wrapping warning
ALSA: fm801: explicitly free IRQ line
ALSA: fm801: propagate TUNER_ONLY bit when autodetected
ALSA: fm801: detect FM-only card earlier
netfilter: nfnetlink: use original skbuff when acking batches
xfrm: fix crash in XFRM_MSG_GETSA netlink handler
mwifiex: fix IBSS data path issue.
mwifiex: add missing check for PCIe8997 chipset
iwlwifi: set max firmware version of 7265 to 17
Bluetooth: btmrvl: fix hung task warning dump
dccp: limit sk_filter trim to payload
net/mlx4_core: Do not BUG_ON during reset when PCI is offline
mlxsw: pci: Correctly determine if descriptor queue is full
PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
net/mlx4_core: Implement pci_resume callback
alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not IORESOURCE_IO
vfio/pci: Allow VPD short read
brcmfmac: add eth_type_trans back for PCIe full dongle
mlxsw: Treat local port 64 as valid
IB/mlx4: Initialize hop_limit when creating address handle
ovs/gre,geneve: fix error path when creating an iface
GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
powerpc/pci/of: Parse unassigned resources
firmware: actually return NULL on failed request_firmware_nowait()
c8sectpfe: Rework firmware loading mechanism
net/mlx5: Avoid passing dma address 0 to firmware
IB/mlx5: Fix RC transport send queue overhead computation
net/mlx5: Make command timeout way shorter
IB/mlx5: Fix FW version diaplay in sysfs
net/mlx5e: Fix MLX5E_100BASE_T define
net/mlx5: Fix the size of modify QP mailbox
net/mlx5: Fix masking of reserved bits in XRCD number
net/mlx5e: Fix blue flame quota logic
net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in mlx5_wq_ll_create
net/mlx5: Avoid calling sleeping function by the health poll thread
net/mlx5: Fix wait_vital for VFs and remove fixed sleep
net/mlx5: Fix potential deadlock in command mode change
net/mlx5: Add timeout handle to commands with callback
net/mlx5: Fix pci error recovery flow
net/mlx5e: Copy all L2 headers into inline segment
net_sched: keep backlog updated with qlen
sch_drr: update backlog as well
sch_hfsc: always keep backlog updated
sch_prio: update backlog as well
sch_qfq: keep backlog updated with qlen
sch_sfb: keep backlog updated with qlen
sch_tbf: update backlog as well
btrfs: cleaner_kthread() doesn't need explicit freeze
irda: Free skb on irda_accept error path.
phy: fix device reference leaks
bonding: prevent out of bound accesses
mtd: nand: fix ONFI parameter page layout
ath10k: free cached fw bin contents when get board id fails
xprtrdma: checking for NULL instead of IS_ERR()
xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
xprtrdma: xprt_rdma_free() must not release backchannel reqs
xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
RDMA/cxgb3: device driver frees DMA memory with different size
mlxsw: spectrum: Don't forward packets when STP state is DISABLED
mlxsw: spectrum: Disable learning according to STP state
mlxsw: spectrum: Don't count internal TX header bytes to stats
mlxsw: spectrum: Indicate support for autonegotiation
mlxsw: spectrum: Fix misuse of hard_header_len
net: tcp_memcontrol: properly detect ancestor socket pressure
tcp: do not set rtt_min to 1
RDS:TCP: Synchronize rds_tcp_accept_one with rds_send_xmit when resetting t_sock
net: ipv6: tcp reset, icmp need to consider L3 domain
batman-adv: Fix lockdep annotation of batadv_tlv_container_remove
batman-adv: replace WARN with rate limited output on non-existing VLAN
tty: serial: msm: Support more bauds
serial: samsung: Fix possible out of bounds access on non-DT platform
Drivers: hv: utils: use memdup_user in hvt_op_write
isa: Call isa_bus_init before dependent ISA bus drivers register
Btrfs: clean up an error code in btrfs_init_space_info()
Input: gpio-keys - fix check for disabling unsupported keys
Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree
net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key
xfrm_user: propagate sec ctx allocation errors
xfrm: Fix memory leak of aead algorithm name
mac80211: fix mgmt-tx abort cookie and leak
mac80211: TDLS: always downgrade invalid chandefs
mac80211: TDLS: change BW calculation for WIDER_BW peers
mac80211: Fix BW upgrade for TDLS peers
NFS: Fix an LOCK/OPEN race when unlinking an open file
net: get rid of an signed integer overflow in ip_idents_reserve()
mtd: nand: denali: add missing nand_release() call in denali_remove()
ASoC: Intel: pass correct parameter in sst_alloc_stream_mrfld()
ASoC: tegra_alc5632: check return value
ASoC: fsl_ssi: mark SACNT register volatile
Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
mmc: sdhci: restore behavior when setting VDD via external regulator
mmc: sd: limit SD card power limit according to cards capabilities
mmc: debugfs: correct wrong voltage value
mmc: block: return error on failed mmc_blk_get()
clk: rockchip: Revert "clk: rockchip: reset init state before mmc card initialization"
mmc: dw_mmc: rockchip: Set the drive phase properly
mmc: moxart: fix wait_for_completion_interruptible_timeout return variable type
mmc: sdhci: Fix regression setting power on Trats2 board
perf tools: Fix perf regs mask generation
powerpc/tm: Fix stack pointer corruption in __tm_recheckpoint()
powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
sctp: fix the transports round robin issue when init is retransmitted
sunrpc: Update RPCBIND_MAXNETIDLEN
NFC: nci: memory leak in nci_core_conn_create()
net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS
net: phy: Fix phy_mac_interrupt()
net: phy: bcm7xxx: Fix shadow mode 2 disabling
of_mdio: fix node leak in of_phy_register_fixed_link error path
phy: micrel: Fix finding PHY properties in MAC node for KSZ9031.
net: dsa: slave: fix of-node leak and phy priority
drivers: net: cpsw: don't ignore phy-mode if phy-handle is used
iommu/dma: Respect IOMMU aperture when allocating
mdio-sun4i: oops in error handling in probe
iio:ad7797: Use correct attribute_group
selftests/ipc: Fix test failure seen after initial test run
wimax/i2400m: Fix potential urb refcnt leak
cifs: protect updating server->dstaddr with a spinlock
scripts/config: allow colons in option strings for sed
lib/mpi: Fix building for powerpc with clang
net: bcmgenet: suppress warnings on failed Rx SKB allocations
net: systemport: suppress warnings on failed Rx SKB allocations
rc: allow rc modules to be loaded if rc-main is not a module
lirc_imon: do not leave imon_probe() with mutex held
am437x-vpfe: fix an uninitialized variable bug
cx23885: uninitialized variable in cx23885_av_work_handler()
ath9k_htc: check for underflow in ath9k_htc_rx_msg()
VFIO: platform: reset: fix a warning message condition
net: moxa: fix an error code
mfd: lp8788-irq: Uninitialized variable in irq handler
ethernet: micrel: fix some error codes
power: ipaq-micro-battery: freeing the wrong variable
i40e: fix an uninitialized variable bug
qede: uninitialized variable in qede_start_xmit()
qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
target: Fix a memory leak in target_dev_lba_map_store()
memory/tegra: Add number of TLB lines for Tegra124
pinctrl: bcm2835: Fix memory leak in error path
be2net: Don't leak iomapped memory on removal.
ipv4: Fix memory leak in exception case for splitting tries
flow_dissector: Check for IP fragmentation even if not using IPv4 address
ipv4: fix checksum annotation in udp4_csum_init
ipv4: do not abuse GFP_ATOMIC in inet_netconf_notify_devconf()
ipv4: accept u8 in IP_TOS ancillary data
net: vrf: Fix dev refcnt leak due to IPv6 prefix route
ipv6: fix checksum annotation in udp6_csum_init
ipv6: do not abuse GFP_ATOMIC in inet6_netconf_notify_devconf()
ipv6: add missing netconf notif when 'all' is updated
net: ipv6: Fix processing of RAs in presence of VRF
netfilter: nf_tables: fix a wrong check to skip the inactive rules
netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled
netfilter: nf_tables: destroy the set if fail to add transaction
netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it
udp: restore UDPlite many-cast delivery
clk: st: avoid uninitialized variable use
clk: gpio: handle error codes for of_clk_get_parent_count()
clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
clk: multiplier: Prevent the multiplier from under / over flowing
clk: imx: clk-pllv3: fix incorrect handle of enet powerdown bit
clk: xgene: Don't call __pa on ioremaped address
cls_bpf: reset class and reuse major in da
arm64: bpf: jit JMP_JSET_{X,K}
bpf, trace: check event type in bpf_perf_event_read
bpf: fix map not being uncharged during map creation failure
net/mlx4_core: Fix potential corruption in counters database
net/mlx4_core: Fix access to uninitialized index
net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
net/mlx4_core: Check device state before unregistering it
net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
net/mlx4_en: Process all completions in RX rings after port goes up
net/mlx4_core: Do not access comm channel if it has not yet been initialized
net/mlx4_en: Fix potential deadlock in port statistics flow
net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering
net/mlx4_core: Fix QUERY FUNC CAP flags
mlxsw: switchx2: Fix misuse of hard_header_len
mlxsw: switchx2: Fix ethernet port initialization
sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion
net_sched: flower: Avoid dissection of unmasked keys
pkt_sched: fq: use proper locking in fq_dump_stats()
sched/preempt: Fix preempt_count manipulations
power: bq27xxx: fix reading for bq27000 and bq27010
power: bq27xxx: fix register numbers of bq27500
power: test_power: correctly handle empty writes
power: bq27xxx_battery: Fix bq27541 AveragePower register address
power_supply: tps65217-charger: Fix NULL deref during property export
net: vrf: Fix dst reference counting
net: Don't delete routes in different VRFs
vti6: fix input path
ipv4: Fix table id reference in fib_sync_down_addr
mlx4: do not call napi_schedule() without care
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
ALSA: fm801: Initialize chip after IRQ handler is registered
bonding: fix length of actor system
MIPS: perf: Remove incorrect odd/even counter handling for I6400
Revert "cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT"
net: dsa: mv88e6xxx: unlock DSA and CPU ports
gfs2: fix flock panic issue
blk-mq: fix undefined behaviour in order_to_size()
dm: fix second blk_delay_queue() parameter to be in msec units not jiffies
dmaengine: edma: Add probe callback to edma_tptc_driver
openvswitch: update checksum in {push,pop}_mpls
cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled
net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
net: bcmgenet: device stats are unsigned long
ovs/gre: fix rtnl notifications on iface deletion
gre: do not assign header_ops in collect metadata mode
gre: build header correctly for collect metadata tunnels
gre: reject GUE and FOU in collect metadata mode
sfc: fix potential stack corruption from running past stat bitmask
sfc: clear napi_hash state when copying channels
net: bcmsysport: Device stats are unsigned long
cxgbi: fix uninitialized flowi6
net: macb: add missing free_netdev() on error in macb_probe()
macvtap: segmented packet is consumed
tipc: fix the error handling in tipc_udp_enable()
net: icmp6_send should use dst dev to determine L3 domain
et131x: Fix logical vs bitwise check in et131x_tx_timeout()
net: ethernet: stmmac: dwmac-sti: fix probe error path
rtnl: reset calcit fptr in rtnl_unregister()
net: ethernet: stmmac: dwmac-rk: fix probe error path
fq_codel: return non zero qlen in class dumps
net: ethernet: stmmac: dwmac-generic: fix probe error path
ovs/geneve: fix rtnl notifications on iface deletion
bnxt: add a missing rcu synchronization
qdisc: fix a module refcount leak in qdisc_create_dflt()
net: axienet: Fix return value check in axienet_probe()
bnxt_en: Remove locking around txr->dev_state
net: ethernet: davinci_emac: Fix devioctl while in fixed link
net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented
net: ethernet: ti: cpsw: fix device and of_node leaks
net: ethernet: ti: cpsw: fix secondary-emac probe error path
net: hns: fix device reference leaks
net: bridge: don't increment tx_dropped in br_do_proxy_arp
net: dsa: mv88e6xxx: enable SA learning on DSA ports
net: ehea: avoid null pointer dereference
l2tp: fix use-after-free during module unload
hwrng: exynos - Disable runtime PM on driver unbind
net: icmp_route_lookup should use rt dev to determine L3 domain
net: mvneta: fix trivial cut-off issue in mvneta_ethtool_update_stats
net: macb: replace macb_writel() call by queue_writel() to update queue ISR
ravb: Add missing free_irq() call to ravb_close()
mvpp2: use correct size for memset
net: vxlan: lwt: Fix vxlan local traffic.
net: ethoc: Fix early error paths
ovs/vxlan: fix rtnl notifications on iface deletion
net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets.
regulator: core: Rely on regulator_dev_release to free constraints
net: dsa: mv88e6xxx: fix port VLAN maps
at803x: fix reset handling
cxl: Fix DAR check & use REGION_ID instead of opencoding
net: ethernet: davinci_emac: Fix platform_data overwrite
ata: sata_dwc_460ex: remove incorrect locking
pinctrl: tegra: Correctly check the supported configuration
brcmfmac: add fallback for devices that do not report per-chain values
brcmfmac: restore stopping netdev queue when bus clogs up
bridge: Fix problems around fdb entries pointing to the bridge device
bna: add missing per queue ethtool stat
net: skbuff: Remove errornous length validation in skb_vlan_pop()
net: ep93xx_eth: Do not crash unloading module
macvlan: Fix potential use-after free for broadcasts
sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
ALSA: hda: Match both PCI ID and SSID for driver blacklist
mac80211: add ieee80211_is_any_nullfunc()
Linux 4.4.223
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie7caca39501fe5e82b947964cc474ed1c786d756
|
||
|
Nathan Chancellor
|
576eee06d0 |
Merge 4.4.223 into android-msm-wahoo-4.4
Changes in 4.4.223: (307 commits)
mwifiex: fix PCIe register information for 8997 chipset
drm/qxl: qxl_release use after free
drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
staging: rtl8192u: Fix crash due to pointers being "confusing"
usb: gadget: f_acm: Fix configfs attr name
usb: gadged: pch_udc: get rid of redundant assignments
usb: gadget: pch_udc: reorder spin_[un]lock to avoid deadlock
usb: gadget: udc: core: don't starve DMA resources
MIPS: Fix macro typo
MIPS: ptrace: Drop cp0_tcstatus from regoffset_table[]
MIPS: BMIPS: Fix PRID_IMP_BMIPS5000 masking for BMIPS5200
MIPS: smp-cps: Stop printing EJTAG exceptions to UART
MIPS: scall: Handle seccomp filters which redirect syscalls
MIPS: BMIPS: BMIPS5000 has I cache filing from D cache
MIPS: BMIPS: Clear MIPS_CACHE_ALIASES earlier
MIPS: BMIPS: local_r4k___flush_cache_all needs to blast S-cache
MIPS: BMIPS: Pretty print BMIPS5200 processor name
MIPS: Fix HTW config on XPA kernel without LPA enabled
MIPS: BMIPS: Adjust mips-hpt-frequency for BCM7435
MIPS: math-emu: Fix BC1{EQ,NE}Z emulation
MIPS: Fix BC1{EQ,NE}Z return offset calculation
MIPS: perf: Fix I6400 event numbers
MIPS: KVM: Fix translation of MFC0 ErrCtl
MIPS: SMP: Update cpu_foreign_map on CPU disable
MIPS: c-r4k: Fix protected_writeback_scache_line for EVA
MIPS: Octeon: Off by one in octeon_irq_gpio_map()
bpf, mips: fix off-by-one in ctx offset allocation
MIPS: RM7000: Double locking bug in rm7k_tc_disable()
MIPS: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
mips/panic: replace smp_send_stop() with kdump friendly version in panic path
ARM: dts: armadillo800eva Correct extal1 frequency to 24 MHz
ARM: imx: select SRC for i.MX7
ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wxl/wsxl
ARM: dts: kirkwood: gpio pin fixes for linkstation ls-wvl/vl
ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wxl/wsxl
ARM: dts: kirkwood: gpio-leds fixes for linkstation ls-wvl/vl
ARM: dts: orion5x: gpio pin fixes for linkstation lswtgl
ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
ARM: dts: kirkwood: use unique machine name for ds112
ARM: dts: kirkwood: add kirkwood-ds112.dtb to Makefile
ARM: OMAP2+: hwmod: fix _idle() hwmod state sanity check sequence
perf/x86: Fix filter_events() bug with event mappings
x86/LDT: Print the real LDT base address
x86/apic/uv: Silence a shift wrapping warning
ALSA: fm801: explicitly free IRQ line
ALSA: fm801: propagate TUNER_ONLY bit when autodetected
ALSA: fm801: detect FM-only card earlier
netfilter: nfnetlink: use original skbuff when acking batches
xfrm: fix crash in XFRM_MSG_GETSA netlink handler
mwifiex: fix IBSS data path issue.
mwifiex: add missing check for PCIe8997 chipset
iwlwifi: set max firmware version of 7265 to 17
Bluetooth: btmrvl: fix hung task warning dump
dccp: limit sk_filter trim to payload
net/mlx4_core: Do not BUG_ON during reset when PCI is offline
mlxsw: pci: Correctly determine if descriptor queue is full
PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive()
net/mlx4_core: Implement pci_resume callback
alpha/PCI: Call iomem_is_exclusive() for IORESOURCE_MEM, but not IORESOURCE_IO
vfio/pci: Allow VPD short read
brcmfmac: add eth_type_trans back for PCIe full dongle
mlxsw: Treat local port 64 as valid
IB/mlx4: Initialize hop_limit when creating address handle
ovs/gre,geneve: fix error path when creating an iface
GRE: Disable segmentation offloads w/ CSUM and we are encapsulated via FOU
powerpc/pci/of: Parse unassigned resources
firmware: actually return NULL on failed request_firmware_nowait()
c8sectpfe: Rework firmware loading mechanism
net/mlx5: Avoid passing dma address 0 to firmware
IB/mlx5: Fix RC transport send queue overhead computation
net/mlx5: Make command timeout way shorter
IB/mlx5: Fix FW version diaplay in sysfs
net/mlx5e: Fix MLX5E_100BASE_T define
net/mlx5: Fix the size of modify QP mailbox
net/mlx5: Fix masking of reserved bits in XRCD number
net/mlx5e: Fix blue flame quota logic
net/mlx5: use mlx5_buf_alloc_node instead of mlx5_buf_alloc in mlx5_wq_ll_create
net/mlx5: Avoid calling sleeping function by the health poll thread
net/mlx5: Fix wait_vital for VFs and remove fixed sleep
net/mlx5: Fix potential deadlock in command mode change
net/mlx5: Add timeout handle to commands with callback
net/mlx5: Fix pci error recovery flow
net/mlx5e: Copy all L2 headers into inline segment
net_sched: keep backlog updated with qlen
sch_drr: update backlog as well
sch_hfsc: always keep backlog updated
sch_prio: update backlog as well
sch_qfq: keep backlog updated with qlen
sch_sfb: keep backlog updated with qlen
sch_tbf: update backlog as well
btrfs: cleaner_kthread() doesn't need explicit freeze
irda: Free skb on irda_accept error path.
phy: fix device reference leaks
bonding: prevent out of bound accesses
mtd: nand: fix ONFI parameter page layout
ath10k: free cached fw bin contents when get board id fails
xprtrdma: checking for NULL instead of IS_ERR()
xprtrdma: Fix additional uses of spin_lock_irqsave(rb_lock)
xprtrdma: xprt_rdma_free() must not release backchannel reqs
xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
RDMA/cxgb3: device driver frees DMA memory with different size
mlxsw: spectrum: Don't forward packets when STP state is DISABLED
mlxsw: spectrum: Disable learning according to STP state
mlxsw: spectrum: Don't count internal TX header bytes to stats
mlxsw: spectrum: Indicate support for autonegotiation
mlxsw: spectrum: Fix misuse of hard_header_len
net: tcp_memcontrol: properly detect ancestor socket pressure
tcp: do not set rtt_min to 1
RDS:TCP: Synchronize rds_tcp_accept_one with rds_send_xmit when resetting t_sock
net: ipv6: tcp reset, icmp need to consider L3 domain
batman-adv: Fix lockdep annotation of batadv_tlv_container_remove
batman-adv: replace WARN with rate limited output on non-existing VLAN
tty: serial: msm: Support more bauds
serial: samsung: Fix possible out of bounds access on non-DT platform
Drivers: hv: utils: use memdup_user in hvt_op_write
isa: Call isa_bus_init before dependent ISA bus drivers register
Btrfs: clean up an error code in btrfs_init_space_info()
Input: gpio-keys - fix check for disabling unsupported keys
Input: edt-ft5x06 - fix setting gain, offset, and threshold via device tree
net/xfrm_input: fix possible NULL deref of tunnel.ip6->parms.i_key
xfrm_user: propagate sec ctx allocation errors
xfrm: Fix memory leak of aead algorithm name
mac80211: fix mgmt-tx abort cookie and leak
mac80211: TDLS: always downgrade invalid chandefs
mac80211: TDLS: change BW calculation for WIDER_BW peers
mac80211: Fix BW upgrade for TDLS peers
NFS: Fix an LOCK/OPEN race when unlinking an open file
net: get rid of an signed integer overflow in ip_idents_reserve()
mtd: nand: denali: add missing nand_release() call in denali_remove()
ASoC: Intel: pass correct parameter in sst_alloc_stream_mrfld()
ASoC: tegra_alc5632: check return value
ASoC: fsl_ssi: mark SACNT register volatile
Revert "ACPI / LPSS: allow to use specific PM domain during ->probe()"
mmc: sdhci: restore behavior when setting VDD via external regulator
mmc: sd: limit SD card power limit according to cards capabilities
mmc: debugfs: correct wrong voltage value
mmc: block: return error on failed mmc_blk_get()
clk: rockchip: Revert "clk: rockchip: reset init state before mmc card initialization"
mmc: dw_mmc: rockchip: Set the drive phase properly
mmc: moxart: fix wait_for_completion_interruptible_timeout return variable type
mmc: sdhci: Fix regression setting power on Trats2 board
perf tools: Fix perf regs mask generation
powerpc/tm: Fix stack pointer corruption in __tm_recheckpoint()
powerpc/book3s: Fix MCE console messages for unrecoverable MCE.
sctp: fix the transports round robin issue when init is retransmitted
sunrpc: Update RPCBIND_MAXNETIDLEN
NFC: nci: memory leak in nci_core_conn_create()
net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS
net: phy: Fix phy_mac_interrupt()
net: phy: bcm7xxx: Fix shadow mode 2 disabling
of_mdio: fix node leak in of_phy_register_fixed_link error path
phy: micrel: Fix finding PHY properties in MAC node for KSZ9031.
net: dsa: slave: fix of-node leak and phy priority
drivers: net: cpsw: don't ignore phy-mode if phy-handle is used
iommu/dma: Respect IOMMU aperture when allocating
mdio-sun4i: oops in error handling in probe
iio:ad7797: Use correct attribute_group
selftests/ipc: Fix test failure seen after initial test run
wimax/i2400m: Fix potential urb refcnt leak
cifs: protect updating server->dstaddr with a spinlock
scripts/config: allow colons in option strings for sed
lib/mpi: Fix building for powerpc with clang
net: bcmgenet: suppress warnings on failed Rx SKB allocations
net: systemport: suppress warnings on failed Rx SKB allocations
rc: allow rc modules to be loaded if rc-main is not a module
lirc_imon: do not leave imon_probe() with mutex held
am437x-vpfe: fix an uninitialized variable bug
cx23885: uninitialized variable in cx23885_av_work_handler()
ath9k_htc: check for underflow in ath9k_htc_rx_msg()
VFIO: platform: reset: fix a warning message condition
net: moxa: fix an error code
mfd: lp8788-irq: Uninitialized variable in irq handler
ethernet: micrel: fix some error codes
power: ipaq-micro-battery: freeing the wrong variable
i40e: fix an uninitialized variable bug
qede: uninitialized variable in qede_start_xmit()
qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
qlcnic: use the correct ring in qlcnic_83xx_process_rcv_ring_diag()
target: Fix a memory leak in target_dev_lba_map_store()
memory/tegra: Add number of TLB lines for Tegra124
pinctrl: bcm2835: Fix memory leak in error path
be2net: Don't leak iomapped memory on removal.
ipv4: Fix memory leak in exception case for splitting tries
flow_dissector: Check for IP fragmentation even if not using IPv4 address
ipv4: fix checksum annotation in udp4_csum_init
ipv4: do not abuse GFP_ATOMIC in inet_netconf_notify_devconf()
ipv4: accept u8 in IP_TOS ancillary data
net: vrf: Fix dev refcnt leak due to IPv6 prefix route
ipv6: fix checksum annotation in udp6_csum_init
ipv6: do not abuse GFP_ATOMIC in inet6_netconf_notify_devconf()
ipv6: add missing netconf notif when 'all' is updated
net: ipv6: Fix processing of RAs in presence of VRF
netfilter: nf_tables: fix a wrong check to skip the inactive rules
netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled
netfilter: nf_tables: destroy the set if fail to add transaction
netfilter: nft_dup: do not use sreg_dev if the user doesn't specify it
udp: restore UDPlite many-cast delivery
clk: st: avoid uninitialized variable use
clk: gpio: handle error codes for of_clk_get_parent_count()
clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
clk: multiplier: Prevent the multiplier from under / over flowing
clk: imx: clk-pllv3: fix incorrect handle of enet powerdown bit
clk: xgene: Don't call __pa on ioremaped address
cls_bpf: reset class and reuse major in da
arm64: bpf: jit JMP_JSET_{X,K}
bpf, trace: check event type in bpf_perf_event_read
bpf: fix map not being uncharged during map creation failure
net/mlx4_core: Fix potential corruption in counters database
net/mlx4_core: Fix access to uninitialized index
net/mlx4_en: Fix the return value of a failure in VLAN VID add/kill
net/mlx4_core: Check device state before unregistering it
net/mlx4_core: Fix the resource-type enum in res tracker to conform to FW spec
net/mlx4_en: Process all completions in RX rings after port goes up
net/mlx4_core: Do not access comm channel if it has not yet been initialized
net/mlx4_en: Fix potential deadlock in port statistics flow
net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode to device managed flow steering
net/mlx4_core: Fix QUERY FUNC CAP flags
mlxsw: switchx2: Fix misuse of hard_header_len
mlxsw: switchx2: Fix ethernet port initialization
sched/fair: Fix calc_cfs_shares() fixed point arithmetics width confusion
net_sched: flower: Avoid dissection of unmasked keys
pkt_sched: fq: use proper locking in fq_dump_stats()
sched/preempt: Fix preempt_count manipulations
power: bq27xxx: fix reading for bq27000 and bq27010
power: bq27xxx: fix register numbers of bq27500
power: test_power: correctly handle empty writes
power: bq27xxx_battery: Fix bq27541 AveragePower register address
power_supply: tps65217-charger: Fix NULL deref during property export
net: vrf: Fix dst reference counting
net: Don't delete routes in different VRFs
vti6: fix input path
ipv4: Fix table id reference in fib_sync_down_addr
mlx4: do not call napi_schedule() without care
xprtrdma: Fix backchannel allocation of extra rpcrdma_reps
ALSA: fm801: Initialize chip after IRQ handler is registered
bonding: fix length of actor system
MIPS: perf: Remove incorrect odd/even counter handling for I6400
Revert "cpufreq: Drop rwsem lock around CPUFREQ_GOV_POLICY_EXIT"
net: dsa: mv88e6xxx: unlock DSA and CPU ports
gfs2: fix flock panic issue
blk-mq: fix undefined behaviour in order_to_size()
dm: fix second blk_delay_queue() parameter to be in msec units not jiffies
dmaengine: edma: Add probe callback to edma_tptc_driver
openvswitch: update checksum in {push,pop}_mpls
cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled
net: bcmgenet: fix skb_len in bcmgenet_xmit_single()
net: bcmgenet: device stats are unsigned long
ovs/gre: fix rtnl notifications on iface deletion
gre: do not assign header_ops in collect metadata mode
gre: build header correctly for collect metadata tunnels
gre: reject GUE and FOU in collect metadata mode
sfc: fix potential stack corruption from running past stat bitmask
sfc: clear napi_hash state when copying channels
net: bcmsysport: Device stats are unsigned long
cxgbi: fix uninitialized flowi6
net: macb: add missing free_netdev() on error in macb_probe()
macvtap: segmented packet is consumed
tipc: fix the error handling in tipc_udp_enable()
net: icmp6_send should use dst dev to determine L3 domain
et131x: Fix logical vs bitwise check in et131x_tx_timeout()
net: ethernet: stmmac: dwmac-sti: fix probe error path
rtnl: reset calcit fptr in rtnl_unregister()
net: ethernet: stmmac: dwmac-rk: fix probe error path
fq_codel: return non zero qlen in class dumps
net: ethernet: stmmac: dwmac-generic: fix probe error path
ovs/geneve: fix rtnl notifications on iface deletion
bnxt: add a missing rcu synchronization
qdisc: fix a module refcount leak in qdisc_create_dflt()
net: axienet: Fix return value check in axienet_probe()
bnxt_en: Remove locking around txr->dev_state
net: ethernet: davinci_emac: Fix devioctl while in fixed link
net: ethernet: mvneta: Remove IFF_UNICAST_FLT which is not implemented
net: ethernet: ti: cpsw: fix device and of_node leaks
net: ethernet: ti: cpsw: fix secondary-emac probe error path
net: hns: fix device reference leaks
net: bridge: don't increment tx_dropped in br_do_proxy_arp
net: dsa: mv88e6xxx: enable SA learning on DSA ports
net: ehea: avoid null pointer dereference
l2tp: fix use-after-free during module unload
hwrng: exynos - Disable runtime PM on driver unbind
net: icmp_route_lookup should use rt dev to determine L3 domain
net: mvneta: fix trivial cut-off issue in mvneta_ethtool_update_stats
net: macb: replace macb_writel() call by queue_writel() to update queue ISR
ravb: Add missing free_irq() call to ravb_close()
mvpp2: use correct size for memset
net: vxlan: lwt: Fix vxlan local traffic.
net: ethoc: Fix early error paths
ovs/vxlan: fix rtnl notifications on iface deletion
net: mv643xx_eth: fix packet corruption with TSO and tiny unaligned packets.
regulator: core: Rely on regulator_dev_release to free constraints
net: dsa: mv88e6xxx: fix port VLAN maps
at803x: fix reset handling
cxl: Fix DAR check & use REGION_ID instead of opencoding
net: ethernet: davinci_emac: Fix platform_data overwrite
ata: sata_dwc_460ex: remove incorrect locking
pinctrl: tegra: Correctly check the supported configuration
brcmfmac: add fallback for devices that do not report per-chain values
brcmfmac: restore stopping netdev queue when bus clogs up
bridge: Fix problems around fdb entries pointing to the bridge device
bna: add missing per queue ethtool stat
net: skbuff: Remove errornous length validation in skb_vlan_pop()
net: ep93xx_eth: Do not crash unloading module
macvlan: Fix potential use-after free for broadcasts
sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
ALSA: hda: Match both PCI ID and SSID for driver blacklist
mac80211: add ieee80211_is_any_nullfunc()
Linux 4.4.223
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/base/firmware_class.c
drivers/mmc/host/sdhci.c
drivers/net/wireless/ath/ath10k/core.c
drivers/tty/serial/msm_serial.c
net/ipv6/route.c
|
||
|
Bartlomiej Zolnierkiewicz
|
655a064b05 |
blk-mq: fix undefined behaviour in order_to_size()
commit b3a834b1596ac668df206aa2bb1f191c31f5f5e4 upstream.
When this_order variable in blk_mq_init_rq_map() becomes zero
the code incorrectly decrements the variable and passes the result
to order_to_size() helper causing undefined behaviour:
UBSAN: Undefined behaviour in block/blk-mq.c:1459:27
shift exponent 4294967295 is too large for 32-bit type 'unsigned int'
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.6.0-rc6-00072-g33656a1 #22
Fix the code by checking this_order variable for not having the zero
value first.
Reported-by: Meelis Roos <mroos@linux.ee>
Fixes:
|
||
|
Nathan Chancellor
|
4cf66c0bce |
Merge 4.4.212 into android-msm-wahoo-4.4
Changes in 4.4.212: (184 commits)
xfs: Sanity check flags of Q_XQUOTARM call
powerpc/archrandom: fix arch_get_random_seed_int()
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
ALSA: hda: fix unused variable warning
ALSA: usb-audio: update quirk for B&W PX to remove microphone
staging: comedi: ni_mio_common: protect register write overflow
pcrypt: use format specifier in kobject_add
exportfs: fix 'passing zero to ERR_PTR()' warning
drm/dp_mst: Skip validating ports during destruction, just ref
pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
Input: nomadik-ske-keypad - fix a loop timeout test
clk: highbank: fix refcount leak in hb_clk_init()
clk: qoriq: fix refcount leak in clockgen_init()
clk: socfpga: fix refcount leak
clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
clk: imx6q: fix refcount leak in imx6q_clocks_init()
clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
clk: imx7d: fix refcount leak in imx7d_clocks_init()
clk: vf610: fix refcount leak in vf610_clocks_init()
clk: armada-370: fix refcount leak in a370_clk_init()
clk: kirkwood: fix refcount leak in kirkwood_clk_init()
clk: armada-xp: fix refcount leak in axp_clk_init()
IB/usnic: Fix out of bounds index check in query pkey
RDMA/ocrdma: Fix out of bounds index check in query pkey
media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL
crypto: tgr192 - fix unaligned memory access
ASoC: imx-sgtl5000: put of nodes if finding codec fails
rtc: cmos: ignore bogus century byte
tty: ipwireless: Fix potential NULL pointer dereference
rtc: ds1672: fix unintended sign extension
rtc: 88pm860x: fix unintended sign extension
rtc: 88pm80x: fix unintended sign extension
rtc: pm8xxx: fix unintended sign extension
fbdev: chipsfb: remove set but not used variable 'size'
pinctrl: sh-pfc: emev2: Add missing pinmux functions
pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
block: don't use bio->bi_vcnt to figure out segment number
vfio_pci: Enable memory accesses before calling pci_map_rom
cdc-wdm: pass return value of recover_from_urb_loss
drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
drm/nouveau/pmu: don't print reply values if exec is false
ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
fs/nfs: Fix nfs_parse_devname to not modify it's argument
clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
nios2: ksyms: Add missing symbol exports
scsi: megaraid_sas: reduce module load time
xen, cpu_hotplug: Prevent an out of bounds access
net: sh_eth: fix a missing check of of_get_phy_mode
media: ivtv: update *pos correctly in ivtv_read_pos()
media: cx18: update *pos correctly in cx18_read_pos()
media: wl128x: Fix an error code in fm_download_firmware()
media: cx23885: check allocation return
jfs: fix bogus variable self-initialization
m68k: mac: Fix VIA timer counter accesses
ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
media: davinci-isif: avoid uninitialized variable use
spi: tegra114: clear packed bit for unpacked mode
spi: tegra114: fix for unpacked mode transfers
soc/fsl/qe: Fix an error code in qe_pin_request()
spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
ehea: Fix a copy-paste err in ehea_init_port_res
scsi: qla2xxx: Unregister chrdev if module initialization fails
ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
tipc: set sysctl_tipc_rmem and named_timeout right range
powerpc: vdso: Make vdso32 installation conditional in vdso_install
media: ov2659: fix unbalanced mutex_lock/unlock
6lowpan: Off by one handling ->nexthdr
dmaengine: axi-dmac: Don't check the number of frames for alignment
ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
packet: in recvmsg msg_name return at least sizeof sockaddr_ll
ASoC: fix valid stream condition
IB/mlx5: Add missing XRC options to QP optional params mask
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
media: omap_vout: potential buffer overflow in vidioc_dqbuf()
media: davinci/vpbe: array underflow in vpbe_enum_outputs()
platform/x86: alienware-wmi: printing the wrong error code
netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
ARM: riscpc: fix lack of keyboard interrupts after irq conversion
kdb: do a sanity check on the cpu in kdb_per_cpu()
backlight: lm3630a: Return 0 on success in update_status functions
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
spi: spi-fsl-spi: call spi_finalize_current_message() at the end
misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
iommu: Use right function to get group for device
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
media: vivid: fix incorrect assignment operation when setting video mode
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
drm/msm/mdp5: Fix mdp5_cfg_init error return
net/af_iucv: always register net_device notifier
ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
drm/msm/a3xx: remove TPL1 regs from snapshot
iommu/amd: Make iommu_disable safer
mfd: intel-lpss: Release IDA resources
devres: allow const resource arguments
net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
scsi: libfc: fix null pointer dereference on a null lport
libertas_tf: Use correct channel range in lbtf_geo_init
usb: host: xhci-hub: fix extra endianness conversion
mic: avoid statically declaring a 'struct device'.
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
ALSA: aoa: onyx: always initialize register read value
cifs: fix rmmod regression in cifs.ko caused by force_sig changes
crypto: caam - free resources in case caam_rng registration failed
ext4: set error return correctly when ext4_htree_store_dirent fails
ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
signal: Allow cifs and drbd to receive their terminating signals
dmaengine: dw: platform: Switch to acpi_dma_controller_register()
mac80211: minstrel_ht: fix per-group max throughput rate initialization
mips: avoid explicit UB in assignment of mips_io_port_base
ahci: Do not export local variable ahci_em_messages
Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
power: supply: Init device wakeup after device_add()
x86, perf: Fix the dependency of the x86 insn decoder selftest
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
iio: dac: ad5380: fix incorrect assignment to val
ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
net: sonic: return NETDEV_TX_OK if failed to map buffer
Btrfs: fix hang when loading existing inode cache off disk
hwmon: (shtc1) fix shtc1 and shtw1 id mask
net: sonic: replace dev_kfree_skb in sonic_send_packet
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
iommu/amd: Wait for completion of IOTLB flush in attach_device
net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
mac80211: accept deauth frames in IBSS mode
llc: fix another potential sk_buff leak in llc_ui_sendmsg()
llc: fix sk_buff refcounting in llc_conn_state_process()
net: stmmac: fix length of PTP clock's name string
drm/msm/dsi: Implement reset correctly
dmaengine: imx-sdma: fix size check for sdma script_number
net: qca_spi: Move reset_count to struct qcaspi
media: ov6650: Fix incorrect use of JPEG colorspace
media: ov6650: Fix some format attributes not under control
media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
MIPS: Loongson: Fix return value of loongson_hwmon_init
net: neigh: use long type to store jiffies delta
packet: fix data-race in fanout_flow_is_huge()
dmaengine: ti: edma: fix missed failure handling
drm/radeon: fix bad DMA from INTERRUPT_CNTL2
arm64: dts: juno: Fix UART frequency
m68k: Call timer_interrupt() with interrupts disabled
can, slip: Protect tty->disc_data in write_wakeup and close with RCU
firestream: fix memory leaks
net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
net, ip_tunnel: fix namespaces move
net_sched: fix datalen for ematch
net: usb: lan78xx: Add .ndo_features_check
hwmon: (adt7475) Make volt2reg return same reg as reg2volt input
Input: keyspan-remote - fix control-message timeouts
ARM: 8950/1: ftrace/recordmcount: filter relocation types
mmc: sdhci: fix minimum clock rate for v3 controller
Input: sur40 - fix interface sanity checks
Input: gtco - fix endpoint sanity check
Input: aiptek - fix endpoint sanity check
hwmon: (nct7802) Fix voltage limits to wrong registers
scsi: RDMA/isert: Fix a recently introduced regression related to logout
tracing: xen: Ordered comparison of function pointers
do_last(): fetch directory ->i_mode and ->i_uid before it's too late
iio: buffer: align the size of scan bytes to size of the largest element
scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
md: Avoid namespace collision with bitmap API
bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free()
netfilter: ipset: use bitmap infrastructure completely
net/x25: fix nonblocking connect
libertas: Fix two buffer overflows at parsing bss descriptor
Linux 4.4.212
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
||
|
Greg Kroah-Hartman
|
141714cc1f |
Merge 4.4.212 into android-4.4-p
Changes in 4.4.212
xfs: Sanity check flags of Q_XQUOTARM call
powerpc/archrandom: fix arch_get_random_seed_int()
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
ALSA: hda: fix unused variable warning
ALSA: usb-audio: update quirk for B&W PX to remove microphone
staging: comedi: ni_mio_common: protect register write overflow
pcrypt: use format specifier in kobject_add
exportfs: fix 'passing zero to ERR_PTR()' warning
drm/dp_mst: Skip validating ports during destruction, just ref
pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
Input: nomadik-ske-keypad - fix a loop timeout test
clk: highbank: fix refcount leak in hb_clk_init()
clk: qoriq: fix refcount leak in clockgen_init()
clk: socfpga: fix refcount leak
clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
clk: imx6q: fix refcount leak in imx6q_clocks_init()
clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
clk: imx7d: fix refcount leak in imx7d_clocks_init()
clk: vf610: fix refcount leak in vf610_clocks_init()
clk: armada-370: fix refcount leak in a370_clk_init()
clk: kirkwood: fix refcount leak in kirkwood_clk_init()
clk: armada-xp: fix refcount leak in axp_clk_init()
IB/usnic: Fix out of bounds index check in query pkey
RDMA/ocrdma: Fix out of bounds index check in query pkey
media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL
crypto: tgr192 - fix unaligned memory access
ASoC: imx-sgtl5000: put of nodes if finding codec fails
rtc: cmos: ignore bogus century byte
tty: ipwireless: Fix potential NULL pointer dereference
rtc: ds1672: fix unintended sign extension
rtc: 88pm860x: fix unintended sign extension
rtc: 88pm80x: fix unintended sign extension
rtc: pm8xxx: fix unintended sign extension
fbdev: chipsfb: remove set but not used variable 'size'
pinctrl: sh-pfc: emev2: Add missing pinmux functions
pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
block: don't use bio->bi_vcnt to figure out segment number
vfio_pci: Enable memory accesses before calling pci_map_rom
cdc-wdm: pass return value of recover_from_urb_loss
drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
drm/nouveau/pmu: don't print reply values if exec is false
ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
fs/nfs: Fix nfs_parse_devname to not modify it's argument
clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
nios2: ksyms: Add missing symbol exports
scsi: megaraid_sas: reduce module load time
xen, cpu_hotplug: Prevent an out of bounds access
net: sh_eth: fix a missing check of of_get_phy_mode
media: ivtv: update *pos correctly in ivtv_read_pos()
media: cx18: update *pos correctly in cx18_read_pos()
media: wl128x: Fix an error code in fm_download_firmware()
media: cx23885: check allocation return
jfs: fix bogus variable self-initialization
m68k: mac: Fix VIA timer counter accesses
ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
media: davinci-isif: avoid uninitialized variable use
spi: tegra114: clear packed bit for unpacked mode
spi: tegra114: fix for unpacked mode transfers
soc/fsl/qe: Fix an error code in qe_pin_request()
spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
ehea: Fix a copy-paste err in ehea_init_port_res
scsi: qla2xxx: Unregister chrdev if module initialization fails
ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
tipc: set sysctl_tipc_rmem and named_timeout right range
powerpc: vdso: Make vdso32 installation conditional in vdso_install
media: ov2659: fix unbalanced mutex_lock/unlock
6lowpan: Off by one handling ->nexthdr
dmaengine: axi-dmac: Don't check the number of frames for alignment
ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
packet: in recvmsg msg_name return at least sizeof sockaddr_ll
ASoC: fix valid stream condition
IB/mlx5: Add missing XRC options to QP optional params mask
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
media: omap_vout: potential buffer overflow in vidioc_dqbuf()
media: davinci/vpbe: array underflow in vpbe_enum_outputs()
platform/x86: alienware-wmi: printing the wrong error code
netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
ARM: riscpc: fix lack of keyboard interrupts after irq conversion
kdb: do a sanity check on the cpu in kdb_per_cpu()
backlight: lm3630a: Return 0 on success in update_status functions
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
spi: spi-fsl-spi: call spi_finalize_current_message() at the end
misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
iommu: Use right function to get group for device
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
media: vivid: fix incorrect assignment operation when setting video mode
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
drm/msm/mdp5: Fix mdp5_cfg_init error return
net/af_iucv: always register net_device notifier
ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
drm/msm/a3xx: remove TPL1 regs from snapshot
iommu/amd: Make iommu_disable safer
mfd: intel-lpss: Release IDA resources
devres: allow const resource arguments
net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
scsi: libfc: fix null pointer dereference on a null lport
libertas_tf: Use correct channel range in lbtf_geo_init
usb: host: xhci-hub: fix extra endianness conversion
mic: avoid statically declaring a 'struct device'.
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
ALSA: aoa: onyx: always initialize register read value
cifs: fix rmmod regression in cifs.ko caused by force_sig changes
crypto: caam - free resources in case caam_rng registration failed
ext4: set error return correctly when ext4_htree_store_dirent fails
ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
signal: Allow cifs and drbd to receive their terminating signals
dmaengine: dw: platform: Switch to acpi_dma_controller_register()
mac80211: minstrel_ht: fix per-group max throughput rate initialization
mips: avoid explicit UB in assignment of mips_io_port_base
ahci: Do not export local variable ahci_em_messages
Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
power: supply: Init device wakeup after device_add()
x86, perf: Fix the dependency of the x86 insn decoder selftest
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
iio: dac: ad5380: fix incorrect assignment to val
ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
net: sonic: return NETDEV_TX_OK if failed to map buffer
Btrfs: fix hang when loading existing inode cache off disk
hwmon: (shtc1) fix shtc1 and shtw1 id mask
net: sonic: replace dev_kfree_skb in sonic_send_packet
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
iommu/amd: Wait for completion of IOTLB flush in attach_device
net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
mac80211: accept deauth frames in IBSS mode
llc: fix another potential sk_buff leak in llc_ui_sendmsg()
llc: fix sk_buff refcounting in llc_conn_state_process()
net: stmmac: fix length of PTP clock's name string
drm/msm/dsi: Implement reset correctly
dmaengine: imx-sdma: fix size check for sdma script_number
net: qca_spi: Move reset_count to struct qcaspi
media: ov6650: Fix incorrect use of JPEG colorspace
media: ov6650: Fix some format attributes not under control
media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
MIPS: Loongson: Fix return value of loongson_hwmon_init
net: neigh: use long type to store jiffies delta
packet: fix data-race in fanout_flow_is_huge()
dmaengine: ti: edma: fix missed failure handling
drm/radeon: fix bad DMA from INTERRUPT_CNTL2
arm64: dts: juno: Fix UART frequency
m68k: Call timer_interrupt() with interrupts disabled
can, slip: Protect tty->disc_data in write_wakeup and close with RCU
firestream: fix memory leaks
net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM
net, ip_tunnel: fix namespaces move
net_sched: fix datalen for ematch
net: usb: lan78xx: Add .ndo_features_check
hwmon: (adt7475) Make volt2reg return same reg as reg2volt input
Input: keyspan-remote - fix control-message timeouts
ARM: 8950/1: ftrace/recordmcount: filter relocation types
mmc: sdhci: fix minimum clock rate for v3 controller
Input: sur40 - fix interface sanity checks
Input: gtco - fix endpoint sanity check
Input: aiptek - fix endpoint sanity check
hwmon: (nct7802) Fix voltage limits to wrong registers
scsi: RDMA/isert: Fix a recently introduced regression related to logout
tracing: xen: Ordered comparison of function pointers
do_last(): fetch directory ->i_mode and ->i_uid before it's too late
iio: buffer: align the size of scan bytes to size of the largest element
scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
md: Avoid namespace collision with bitmap API
bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free()
netfilter: ipset: use bitmap infrastructure completely
net/x25: fix nonblocking connect
libertas: Fix two buffer overflows at parsing bss descriptor
Linux 4.4.212
Change-Id: Ic427b213b19cb47b394a4ddc4ed48c7278376c71
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Ming Lei
|
3880087c26 |
block: don't use bio->bi_vcnt to figure out segment number
[ Upstream commit 1a67356e9a4829da2935dd338630a550c59c8489 ] It is wrong to use bio->bi_vcnt to figure out how many segments there are in the bio even though CLONED flag isn't set on this bio, because this bio may be splitted or advanced. So always use bio_segments() in blk_recount_segments(), and it shouldn't cause any performance loss now because the physical segment number is figured out in blk_queue_split() and BIO_SEG_VALID is set meantime since |
||
|
Nathan Chancellor
|
fec6c1de0c |
Merge 4.4.211 into android-msm-wahoo-4.4
Changes in 4.4.211: (77 commits)
hidraw: Return EPOLLOUT from hidraw_poll
HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
HID: hidraw, uhid: Always report EPOLLOUT
rsi: add fix for crash during assertions
cfg80211/mac80211: make ieee80211_send_layer2_update a public function
mac80211: Do not send Layer 2 Update frame before authorization
media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
p54usb: Fix race between disconnect and firmware loading
ALSA: line6: Fix write on zero-sized buffer
ALSA: line6: Fix memory leak at line6_init_pcm() error path
mm/page_alloc.c: calculate 'available' memory in a separate function
xen: let alloc_xenballooned_pages() fail if not enough memory free
wimax: i2400: fix memory leak
wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
ext4: fix use-after-free race with debug_want_extra_isize
ext4: add more paranoia checking in ext4_expand_extra_isize handling
dccp: Fix memleak in __feat_register_sp
rtc: mt6397: fix alarm register overwrite
iommu: Remove device link to group on failure
gpio: Fix error message on out-of-range GPIO in lookup table
hsr: reset network header when supervision frame is created
cifs: Adjust indentation in smb2_open_file
RDMA/srpt: Report the SCSI residual to the initiator
scsi: enclosure: Fix stale device oops with hot replug
scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
iio: imu: adis16480: assign bias value only if operation succeeded
mei: fix modalias documentation
clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume
compat_ioctl: handle SIOCOUTQNSD
tty: serial: imx: use the sg count from dma_map_sg
tty: serial: pch_uart: correct usage of dma_unmap_sg
media: exynos4-is: Fix recursive locking in isp_video_release()
spi: atmel: fix handling of cs_change set on non-last xfer
rtlwifi: Remove unnecessary NULL check in rtl_regd_init
rtc: msm6242: Fix reading of 10-hour digit
rseq/selftests: Turn off timeout setting
hexagon: work around compiler crash
ocfs2: call journal flush to mark journal as empty after journal recovery when mount
ALSA: seq: Fix racy access for queue timer in proc read
Fix built-in early-load Intel microcode alignment
block: fix an integer overflow in logical block size
USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
USB: serial: opticon: fix control-message timeouts
USB: serial: suppress driver bind attributes
USB: serial: ch341: handle unbound port at reset_resume
USB: serial: io_edgeport: add missing active-port sanity check
USB: serial: quatech2: handle unbound ports
scsi: mptfusion: Fix double fetch bug in ioctl
usb: core: hub: Improved device recognition on remote wakeup
x86/efistub: Disable paging at mixed mode entry
mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
net: stmmac: 16KB buffer must be 16 byte aligned
net: stmmac: Enable 16KB buffer size
USB: serial: io_edgeport: use irqsave() in USB's complete callback
USB: serial: io_edgeport: handle unbound ports on URB completion
USB: serial: keyspan: handle unbound ports
scsi: fnic: use kernel's '%pM' format option to print MAC
scsi: fnic: fix invalid stack access
arm64: dts: agilex/stratix10: fix pmu interrupt numbers
netfilter: fix a use-after-free in mtype_destroy()
batman-adv: Fix DAT candidate selection on little endian systems
macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
r8152: add missing endpoint sanity check
tcp: fix marked lost packets not being retransmitted
net: usb: lan78xx: limit size of local TSO packets
xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
cw1200: Fix a signedness bug in cw1200_load_firmware()
cfg80211: check for set_wiphy_params
scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
scsi: qla4xxx: fix double free bug
scsi: bnx2i: fix potential use after free
scsi: target: core: Fix a pr_debug() argument
scsi: core: scsi_trace: Use get_unaligned_be*()
perf probe: Fix wrong address verification
regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
Linux 4.4.211
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
net/wireless/util.c
|
||
|
Greg Kroah-Hartman
|
a5869a66f7 |
Merge 4.4.211 into android-4.4-p
Changes in 4.4.211 hidraw: Return EPOLLOUT from hidraw_poll HID: hidraw: Fix returning EPOLLOUT from hidraw_poll HID: hidraw, uhid: Always report EPOLLOUT rsi: add fix for crash during assertions cfg80211/mac80211: make ieee80211_send_layer2_update a public function mac80211: Do not send Layer 2 Update frame before authorization media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap p54usb: Fix race between disconnect and firmware loading ALSA: line6: Fix write on zero-sized buffer ALSA: line6: Fix memory leak at line6_init_pcm() error path mm/page_alloc.c: calculate 'available' memory in a separate function xen: let alloc_xenballooned_pages() fail if not enough memory free wimax: i2400: fix memory leak wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle ext4: fix use-after-free race with debug_want_extra_isize ext4: add more paranoia checking in ext4_expand_extra_isize handling dccp: Fix memleak in __feat_register_sp rtc: mt6397: fix alarm register overwrite iommu: Remove device link to group on failure gpio: Fix error message on out-of-range GPIO in lookup table hsr: reset network header when supervision frame is created cifs: Adjust indentation in smb2_open_file RDMA/srpt: Report the SCSI residual to the initiator scsi: enclosure: Fix stale device oops with hot replug scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 iio: imu: adis16480: assign bias value only if operation succeeded mei: fix modalias documentation clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume compat_ioctl: handle SIOCOUTQNSD tty: serial: imx: use the sg count from dma_map_sg tty: serial: pch_uart: correct usage of dma_unmap_sg media: exynos4-is: Fix recursive locking in isp_video_release() spi: atmel: fix handling of cs_change set on non-last xfer rtlwifi: Remove unnecessary NULL check in rtl_regd_init rtc: msm6242: Fix reading of 10-hour digit rseq/selftests: Turn off timeout setting hexagon: work around compiler crash ocfs2: call journal flush to mark journal as empty after journal recovery when mount ALSA: seq: Fix racy access for queue timer in proc read Fix built-in early-load Intel microcode alignment block: fix an integer overflow in logical block size USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx USB: serial: opticon: fix control-message timeouts USB: serial: suppress driver bind attributes USB: serial: ch341: handle unbound port at reset_resume USB: serial: io_edgeport: add missing active-port sanity check USB: serial: quatech2: handle unbound ports scsi: mptfusion: Fix double fetch bug in ioctl usb: core: hub: Improved device recognition on remote wakeup x86/efistub: Disable paging at mixed mode entry mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() net: stmmac: 16KB buffer must be 16 byte aligned net: stmmac: Enable 16KB buffer size USB: serial: io_edgeport: use irqsave() in USB's complete callback USB: serial: io_edgeport: handle unbound ports on URB completion USB: serial: keyspan: handle unbound ports scsi: fnic: use kernel's '%pM' format option to print MAC scsi: fnic: fix invalid stack access arm64: dts: agilex/stratix10: fix pmu interrupt numbers netfilter: fix a use-after-free in mtype_destroy() batman-adv: Fix DAT candidate selection on little endian systems macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() r8152: add missing endpoint sanity check tcp: fix marked lost packets not being retransmitted net: usb: lan78xx: limit size of local TSO packets xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk cw1200: Fix a signedness bug in cw1200_load_firmware() cfg80211: check for set_wiphy_params scsi: esas2r: unlock on error in esas2r_nvram_read_direct() scsi: qla4xxx: fix double free bug scsi: bnx2i: fix potential use after free scsi: target: core: Fix a pr_debug() argument scsi: core: scsi_trace: Use get_unaligned_be*() perf probe: Fix wrong address verification regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id Linux 4.4.211 Change-Id: I1e1bbb74e69936896e235fdeb290ff550e61903e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Mikulas Patocka
|
b8cd70b724 |
block: fix an integer overflow in logical block size
commit ad6bf88a6c19a39fb3b0045d78ea880325dfcf15 upstream. Logical block size has type unsigned short. That means that it can be at most 32768. However, there are architectures that can run with 64k pages (for example arm64) and on these architectures, it may be possible to create block devices with 64k block size. For exmaple (run this on an architecture with 64k pages): Mount will fail with this error because it tries to read the superblock using 2-sector access: device-mapper: writecache: I/O is not aligned, sector 2, size 1024, block size 65536 EXT4-fs (dm-0): unable to read superblock This patch changes the logical block size from unsigned short to unsigned int to avoid the overflow. Cc: stable@vger.kernel.org Reviewed-by: Martin K. Petersen <martin.petersen@oracle.com> Reviewed-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Mikulas Patocka <mpatocka@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Nathan Chancellor
|
4747b04527 |
Merge 4.9.209 into android-msm-bluecross-4.9
Changes in 4.9.209: (90 commits)
PM / devfreq: Don't fail devfreq_dev_release if not in list
RDMA/cma: add missed unregister_pernet_subsys in init failure
scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
scsi: qla2xxx: Don't call qlt_async_event twice
scsi: iscsi: qla4xxx: fix double free in probe
scsi: libsas: stop discovering if oob mode is disconnected
usb: gadget: fix wrong endpoint desc
md: raid1: check rdev before reference in raid1_sync_request func
s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
s390/cpum_sf: Avoid SBD overflow condition in irq handler
IB/mlx4: Follow mirror sequence of device add during device removal
xen-blkback: prevent premature module unload
xen/balloon: fix ballooned page accounting without hotplug enabled
PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
xfs: fix mount failure crash on invalid iclog memory access
taskstats: fix data-race
drm: limit to INT_MAX in create_blob ioctl
Revert "perf report: Add warning when libunwind not compiled in"
ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
MIPS: Avoid VDSO ABI breakage due to global register variable
mm/zsmalloc.c: fix the migrated zspage statistics.
memcg: account security cred as well to kmemcg
locks: print unsigned ino in /proc/locks
dmaengine: Fix access to uninitialized dma_slave_caps
compat_ioctl: block: handle Persistent Reservations
ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys()
ata: ahci_brcm: Allow optional reset controller to be used
ata: ahci_brcm: Fix AHCI resources management
gpiolib: fix up emulated open drain outputs
tracing: Have the histogram compare functions convert to u64 first
ALSA: cs4236: fix error return comparison of an unsigned integer
ftrace: Avoid potential division by zero in function profiler
arm64: Revert support for execute-only user mappings
PM / devfreq: Check NULL governor in available_governors_show
nfsd4: fix up replay_matches_cache()
xfs: don't check for AG deadlock for realtime files in bunmapi
Bluetooth: btusb: fix PM leak in error case of setup
Bluetooth: delete a stray unlock
Bluetooth: Fix memory leak in hci_connect_le_scan
media: flexcop-usb: ensure -EIO is returned on error condition
regulator: ab8500: Remove AB8505 USB regulator
media: usb: fix memory leak in af9005_identify_state
tty: serial: msm_serial: Fix lockup for sysrq and oops
fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
drm/mst: Fix MST sideband up-reply failure handling
powerpc/pseries/hvconsole: Fix stack overread via udbg
rxrpc: Fix possible NULL pointer access in ICMP handling
ath9k_htc: Modify byte order for an error message
ath9k_htc: Discard undersized packets
net: add annotations on hh->hh_len lockless accesses
s390/smp: fix physical to logical CPU map for SMT
xen/blkback: Avoid unmapping unmapped grant pages
locking/x86: Remove the unused atomic_inc_short() methd
pstore/ram: Write new dumps to start of recycled zones
locking/spinlock/debug: Fix various data races
netfilter: ctnetlink: netns exit must wait for callbacks
efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs
efi/gop: Return EFI_SUCCESS if a usable GOP was found
efi/gop: Fix memory leak in __gop_query32/64()
ARM: vexpress: Set-up shared OPP table instead of individual for each CPU
netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
spi: spi-cavium-thunderx: Add missing pci_release_regions()
ARM: dts: am437x-gp/epos-evm: fix panel compatible
samples: bpf: Replace symbol compare of trace_event
powerpc: Ensure that swiotlb buffer is allocated from low memory
bnx2x: Do not handle requests from VFs after parity
bnx2x: Fix logic to get total no. of PFs per engine
net: usb: lan78xx: Fix error message format specifier
rfkill: Fix incorrect check to avoid NULL pointer dereference
ASoC: wm8962: fix lambda value
regulator: rn5t618: fix module aliases
kconfig: don't crash on NULL expressions in expr_eq()
perf/x86/intel: Fix PT PMI handling
net: stmmac: RX buffer size must be 16 byte aligned
block: fix memleak when __blk_rq_map_user_iov() is failed
parisc: Fix compiler warnings in debug_core.c
llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)
macvlan: do not assume mac_header is set in macvlan_broadcast()
net: stmmac: dwmac-sunxi: Allow all RGMII modes
net: usb: lan78xx: fix possible skb leak
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
vxlan: fix tos value before xmit
vlan: vlan_changelink() should propagate errors
net: sch_prio: When ungrafting, replace with FIFO
vlan: fix memory leak in vlan_dev_set_egress_priority
USB: core: fix check for duplicate endpoints
USB: serial: option: add Telit ME910G1 0x110a composition
Linux 4.9.209
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/arm64/mm/fault.c
drivers/gpu/drm/drm_property.c
kernel/locking/spinlock_debug.c
|
||
|
Greg Kroah-Hartman
|
bddad4a0ef |
Merge 4.4.209 into android-4.4-p
Changes in 4.4.209 PM / devfreq: Don't fail devfreq_dev_release if not in list RDMA/cma: add missed unregister_pernet_subsys in init failure scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func scsi: qla2xxx: Don't call qlt_async_event twice scsi: iscsi: qla4xxx: fix double free in probe scsi: libsas: stop discovering if oob mode is disconnected usb: gadget: fix wrong endpoint desc md: raid1: check rdev before reference in raid1_sync_request func s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits s390/cpum_sf: Avoid SBD overflow condition in irq handler xen/balloon: fix ballooned page accounting without hotplug enabled xfs: fix mount failure crash on invalid iclog memory access taskstats: fix data-race Revert "perf report: Add warning when libunwind not compiled in" ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code MIPS: Avoid VDSO ABI breakage due to global register variable locks: print unsigned ino in /proc/locks dmaengine: Fix access to uninitialized dma_slave_caps compat_ioctl: block: handle Persistent Reservations gpiolib: fix up emulated open drain outputs ALSA: cs4236: fix error return comparison of an unsigned integer ftrace: Avoid potential division by zero in function profiler Bluetooth: btusb: fix PM leak in error case of setup Bluetooth: delete a stray unlock tty: serial: msm_serial: Fix lockup for sysrq and oops drm/mst: Fix MST sideband up-reply failure handling powerpc/pseries/hvconsole: Fix stack overread via udbg ath9k_htc: Modify byte order for an error message ath9k_htc: Discard undersized packets net: add annotations on hh->hh_len lockless accesses s390/smp: fix physical to logical CPU map for SMT locking/x86: Remove the unused atomic_inc_short() methd pstore/ram: Write new dumps to start of recycled zones locking/spinlock/debug: Fix various data races netfilter: ctnetlink: netns exit must wait for callbacks ARM: vexpress: Set-up shared OPP table instead of individual for each CPU netfilter: uapi: Avoid undefined left-shift in xt_sctp.h ARM: dts: am437x-gp/epos-evm: fix panel compatible powerpc: Ensure that swiotlb buffer is allocated from low memory bnx2x: Do not handle requests from VFs after parity bnx2x: Fix logic to get total no. of PFs per engine net: usb: lan78xx: Fix error message format specifier rfkill: Fix incorrect check to avoid NULL pointer dereference ASoC: wm8962: fix lambda value regulator: rn5t618: fix module aliases kconfig: don't crash on NULL expressions in expr_eq() parisc: Fix compiler warnings in debug_core.c llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c) net: stmmac: dwmac-sunxi: Allow all RGMII modes net: usb: lan78xx: fix possible skb leak pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK vlan: vlan_changelink() should propagate errors vlan: fix memory leak in vlan_dev_set_egress_priority vxlan: fix tos value before xmit macvlan: do not assume mac_header is set in macvlan_broadcast() USB: core: fix check for duplicate endpoints USB: serial: option: add Telit ME910G1 0x110a composition Linux 4.4.209 Change-Id: Id229502365a315c24e126e98eab040cb6f40c1d5 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Arnd Bergmann
|
c9d9978e6d |
compat_ioctl: block: handle Persistent Reservations
commit b2c0fcd28772f99236d261509bcd242135677965 upstream.
These were added to blkdev_ioctl() in linux-5.5 but not
blkdev_compat_ioctl, so add them now.
Cc: <stable@vger.kernel.org> # v4.4+
Fixes:
|
||
|
Nathan Chancellor
|
5634273c61 |
Merge 4.4.207 into android-msm-wahoo-4.4
Changes in 4.4.207: (163 commits)
x86/apic/32: Avoid bogus LDR warnings
usb: gadget: u_serial: add missing port entry locking
tty: serial: msm_serial: Fix flow control
x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
serial: serial_core: Perform NULL checks for break_ctl ops
serial: ifx6x60: add missed pm_runtime_disable
autofs: fix a leak in autofs_expire_indirect()
NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error
Input: cyttsp4_core - fix use after free bug
ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
rsxx: add missed destroy_workqueue calls in remove
net: ep93xx_eth: fix mismatch of request_mem_region in remove
serial: core: Allow processing sysrq at port unlock time
iwlwifi: mvm: Send non offchannel traffic via AP sta
ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
extcon: max8997: Fix lack of path setting in USB device mode
clk: rockchip: fix rk3188 sclk_smc gate data
clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
dlm: fix missing idr_destroy for recover_idr
MIPS: SiByte: Enable ZONE_DMA32 for LittleSur
scsi: zfcp: drop default switch case which might paper over missing case
pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
Staging: iio: adt7316: Fix i2c data reading, set the data field
regulator: Fix return value of _set_load() stub
MIPS: OCTEON: octeon-platform: fix typing
math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()'
rtc: dt-binding: abx80x: fix resistance scale
ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module
dmaengine: coh901318: Fix a double-lock bug
dmaengine: coh901318: Remove unused variable
ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
dma-mapping: fix return type of dma_set_max_seg_size()
altera-stapl: check for a null key before strcasecmp'ing it
serial: imx: fix error handling in console_setup
i2c: imx: don't print error message on probe defer
dlm: NULL check before kmem_cache_destroy is not needed
nfsd: fix a warning in __cld_pipe_upcall()
ARM: OMAP1/2: fix SoC name printing
net/x25: fix called/calling length calculation in x25_parse_address_block
net/x25: fix null_x25_address handling
ARM: dts: mmp2: fix the gpio interrupt cell number
tcp: fix off-by-one bug on aborting window-probing socket
modpost: skip ELF local symbols during section mismatch check
kbuild: fix single target build for external module
ARM: dts: pxa: clean up USB controller nodes
dlm: fix invalid cluster name warning
powerpc/math-emu: Update macros from GCC
MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition
nfsd: Return EPERM, not EACCES, in some SETATTR cases
mlx4: Use snprintf instead of complicated strcpy
ARM: dts: sunxi: Fix PMU compatible strings
sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision
fuse: verify nlink
fuse: verify attributes
ALSA: pcm: oss: Avoid potential buffer overflows
Input: goodix - add upside-down quirk for Teclast X89 tablet
CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
CIFS: Fix SMB2 oplock break processing
tty: vt: keyboard: reject invalid keycodes
can: slcan: Fix use-after-free Read in slcan_open
jbd2: Fix possible overflow in jbd2_log_space_left()
drm/i810: Prevent underflow in ioctl
KVM: x86: do not modify masked bits of shared MSRs
KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
crypto: user - fix memory leak in crypto_report
spi: atmel: Fix CS high support
RDMA/qib: Validate ->show()/store() callbacks before calling them
thermal: Fix deadlock in thermal thermal_zone_device_check
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
appletalk: Fix potential NULL pointer dereference in unregister_snap_client
appletalk: Set error code if register_snap_client failed
ALSA: hda - Fix pending unsol events at shutdown
sched/core: Allow putting thread_info into task_struct
sched/core: Add try_get_task_stack() and put_task_stack()
sched/core, x86: Make struct thread_info arch specific again
fs/proc: Stop reporting eip and esp in /proc/PID/stat
fs/proc: Report eip/esp in /prod/PID/stat for coredumping
proc: fix coredump vs read /proc/*/stat race
fs/proc/array.c: allow reporting eip/esp for all coredumping threads
usb: gadget: configfs: Fix missing spin_lock_init()
usb: Allow USB device to be warm reset in suspended state
staging: rtl8188eu: fix interface sanity check
staging: rtl8712: fix interface sanity check
staging: gigaset: fix general protection fault on probe
staging: gigaset: fix illegal free on probe errors
staging: gigaset: add endpoint-type sanity check
xhci: Increase STS_HALT timeout in xhci_suspend()
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
USB: atm: ueagle-atm: add missing endpoint check
USB: idmouse: fix interface sanity checks
USB: serial: io_edgeport: fix epic endpoint lookup
USB: adutux: fix interface sanity check
usb: core: urb: fix URB structure initialization function
usb: mon: Fix a deadlock in usbmon between mmap and read
mtd: spear_smi: Fix Write Burst mode
virtio-balloon: fix managed page counts when migrating pages between zones
btrfs: check page->mapping when loading free space cache
btrfs: Remove btrfs_bio::flags member
rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
rtlwifi: rtl8192de: Fix missing enable interrupt flag
lib: raid6: fix awk build warnings
workqueue: Fix spurious sanity check failures in destroy_workqueue()
workqueue: Fix pwq ref leak in rescuer_thread()
ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
blk-mq: avoid sysfs buffer overflow with too many CPU cores
cgroup: pids: use atomic64_t for pids->limit
ar5523: check NULL before memcpy() in ar5523_cmd()
media: bdisp: fix memleak on release
media: radio: wl1273: fix interrupt masking on release
cpuidle: Do not unset the driver if it is there already
ACPI: OSL: only free map once in osl.c
ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
ACPI: PM: Avoid attaching ACPI PM domain to certain devices
pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init
pinctrl: samsung: Fix device node refcount leaks in init code
powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
video/hdmi: Fix AVI bar unpack
quota: Check that quota is not dirty before release
quota: fix livelock in dquot_writeback_dquots
scsi: zfcp: trace channel log even for FCP command responses
usb: xhci: only set D3hot for pci device
xhci: Fix memory leak in xhci_add_in_port()
xhci: make sure interrupts are restored to correct state
iio: adis16480: Add debugfs_reg_access entry
Btrfs: fix negative subv_writers counter and data space leak after buffered write
scsi: lpfc: Cap NPIV vports to 256
e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init
scsi: qla2xxx: Fix DMA unmap leak
scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
powerpc: Fix vDSO clock_getres()
mm/shmem.c: cast the type of unmap_start to u64
blk-mq: make sure that line break can be printed
workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
sunrpc: fix crash when cache_head become valid before update
kernel/module.c: wakeup processes in module_wq on module unload
net: bridge: deny dev_set_mac_address() when unregistering
tcp: md5: fix potential overestimation of TCP option space
tipc: fix ordering of tipc module init and exit routine
inet: protect against too small mtu values.
tcp: fix rejected syncookies due to stale timestamps
tcp: tighten acceptance of ACKs not matching a child socket
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
net: ethernet: ti: cpsw: fix extra rx interrupt
PCI: Fix Intel ACS quirk UPDCR register address
PCI/MSI: Fix incorrect MSI-X masking on resume
xtensa: fix TLB sanity checker
CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
ARM: dts: s3c64xx: Fix init order of clock providers
ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
dm btree: increase rebalance threshold in __rebalance2()
drm/radeon: fix r1xx/r2xx register checker for POT textures
xhci: fix USB3 device initiated resume race with roothub autosuspend
net: stmmac: use correct DMA buffer size in the RX descriptor
net: stmmac: don't stop NAPI processing when dropping a packet
Linux 4.4.207
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
include/linux/thread_info.h
|
||
|
Greg Kroah-Hartman
|
a713c5aded |
Merge 4.4.207 into android-4.4-p
Changes in 4.4.207
x86/apic/32: Avoid bogus LDR warnings
usb: gadget: u_serial: add missing port entry locking
tty: serial: msm_serial: Fix flow control
x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
serial: serial_core: Perform NULL checks for break_ctl ops
serial: ifx6x60: add missed pm_runtime_disable
autofs: fix a leak in autofs_expire_indirect()
NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error
Input: cyttsp4_core - fix use after free bug
ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
rsxx: add missed destroy_workqueue calls in remove
net: ep93xx_eth: fix mismatch of request_mem_region in remove
serial: core: Allow processing sysrq at port unlock time
iwlwifi: mvm: Send non offchannel traffic via AP sta
ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
extcon: max8997: Fix lack of path setting in USB device mode
clk: rockchip: fix rk3188 sclk_smc gate data
clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
dlm: fix missing idr_destroy for recover_idr
MIPS: SiByte: Enable ZONE_DMA32 for LittleSur
scsi: zfcp: drop default switch case which might paper over missing case
pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
Staging: iio: adt7316: Fix i2c data reading, set the data field
regulator: Fix return value of _set_load() stub
MIPS: OCTEON: octeon-platform: fix typing
math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()'
rtc: dt-binding: abx80x: fix resistance scale
ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module
dmaengine: coh901318: Fix a double-lock bug
dmaengine: coh901318: Remove unused variable
ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
dma-mapping: fix return type of dma_set_max_seg_size()
altera-stapl: check for a null key before strcasecmp'ing it
serial: imx: fix error handling in console_setup
i2c: imx: don't print error message on probe defer
dlm: NULL check before kmem_cache_destroy is not needed
nfsd: fix a warning in __cld_pipe_upcall()
ARM: OMAP1/2: fix SoC name printing
net/x25: fix called/calling length calculation in x25_parse_address_block
net/x25: fix null_x25_address handling
ARM: dts: mmp2: fix the gpio interrupt cell number
tcp: fix off-by-one bug on aborting window-probing socket
modpost: skip ELF local symbols during section mismatch check
kbuild: fix single target build for external module
ARM: dts: pxa: clean up USB controller nodes
dlm: fix invalid cluster name warning
powerpc/math-emu: Update macros from GCC
MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition
nfsd: Return EPERM, not EACCES, in some SETATTR cases
mlx4: Use snprintf instead of complicated strcpy
ARM: dts: sunxi: Fix PMU compatible strings
sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision
fuse: verify nlink
fuse: verify attributes
ALSA: pcm: oss: Avoid potential buffer overflows
Input: goodix - add upside-down quirk for Teclast X89 tablet
CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
CIFS: Fix SMB2 oplock break processing
tty: vt: keyboard: reject invalid keycodes
can: slcan: Fix use-after-free Read in slcan_open
jbd2: Fix possible overflow in jbd2_log_space_left()
drm/i810: Prevent underflow in ioctl
KVM: x86: do not modify masked bits of shared MSRs
KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
crypto: user - fix memory leak in crypto_report
spi: atmel: Fix CS high support
RDMA/qib: Validate ->show()/store() callbacks before calling them
thermal: Fix deadlock in thermal thermal_zone_device_check
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
appletalk: Fix potential NULL pointer dereference in unregister_snap_client
appletalk: Set error code if register_snap_client failed
ALSA: hda - Fix pending unsol events at shutdown
sched/core: Allow putting thread_info into task_struct
sched/core: Add try_get_task_stack() and put_task_stack()
sched/core, x86: Make struct thread_info arch specific again
fs/proc: Stop reporting eip and esp in /proc/PID/stat
fs/proc: Report eip/esp in /prod/PID/stat for coredumping
proc: fix coredump vs read /proc/*/stat race
fs/proc/array.c: allow reporting eip/esp for all coredumping threads
usb: gadget: configfs: Fix missing spin_lock_init()
usb: Allow USB device to be warm reset in suspended state
staging: rtl8188eu: fix interface sanity check
staging: rtl8712: fix interface sanity check
staging: gigaset: fix general protection fault on probe
staging: gigaset: fix illegal free on probe errors
staging: gigaset: add endpoint-type sanity check
xhci: Increase STS_HALT timeout in xhci_suspend()
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
USB: atm: ueagle-atm: add missing endpoint check
USB: idmouse: fix interface sanity checks
USB: serial: io_edgeport: fix epic endpoint lookup
USB: adutux: fix interface sanity check
usb: core: urb: fix URB structure initialization function
usb: mon: Fix a deadlock in usbmon between mmap and read
mtd: spear_smi: Fix Write Burst mode
virtio-balloon: fix managed page counts when migrating pages between zones
btrfs: check page->mapping when loading free space cache
btrfs: Remove btrfs_bio::flags member
rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
rtlwifi: rtl8192de: Fix missing enable interrupt flag
lib: raid6: fix awk build warnings
workqueue: Fix spurious sanity check failures in destroy_workqueue()
workqueue: Fix pwq ref leak in rescuer_thread()
ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
blk-mq: avoid sysfs buffer overflow with too many CPU cores
cgroup: pids: use atomic64_t for pids->limit
ar5523: check NULL before memcpy() in ar5523_cmd()
media: bdisp: fix memleak on release
media: radio: wl1273: fix interrupt masking on release
cpuidle: Do not unset the driver if it is there already
ACPI: OSL: only free map once in osl.c
ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
ACPI: PM: Avoid attaching ACPI PM domain to certain devices
pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init
pinctrl: samsung: Fix device node refcount leaks in init code
powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
video/hdmi: Fix AVI bar unpack
quota: Check that quota is not dirty before release
quota: fix livelock in dquot_writeback_dquots
scsi: zfcp: trace channel log even for FCP command responses
usb: xhci: only set D3hot for pci device
xhci: Fix memory leak in xhci_add_in_port()
xhci: make sure interrupts are restored to correct state
iio: adis16480: Add debugfs_reg_access entry
Btrfs: fix negative subv_writers counter and data space leak after buffered write
scsi: lpfc: Cap NPIV vports to 256
e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init
scsi: qla2xxx: Fix DMA unmap leak
scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
powerpc: Fix vDSO clock_getres()
mm/shmem.c: cast the type of unmap_start to u64
blk-mq: make sure that line break can be printed
workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
sunrpc: fix crash when cache_head become valid before update
kernel/module.c: wakeup processes in module_wq on module unload
net: bridge: deny dev_set_mac_address() when unregistering
tcp: md5: fix potential overestimation of TCP option space
tipc: fix ordering of tipc module init and exit routine
inet: protect against too small mtu values.
tcp: fix rejected syncookies due to stale timestamps
tcp: tighten acceptance of ACKs not matching a child socket
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
net: ethernet: ti: cpsw: fix extra rx interrupt
PCI: Fix Intel ACS quirk UPDCR register address
PCI/MSI: Fix incorrect MSI-X masking on resume
xtensa: fix TLB sanity checker
CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
ARM: dts: s3c64xx: Fix init order of clock providers
ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
dm btree: increase rebalance threshold in __rebalance2()
drm/radeon: fix r1xx/r2xx register checker for POT textures
xhci: fix USB3 device initiated resume race with roothub autosuspend
net: stmmac: use correct DMA buffer size in the RX descriptor
net: stmmac: don't stop NAPI processing when dropping a packet
Linux 4.4.207
Change-Id: I2505ee1dcf004c7f28e711cd71977ea33150e733
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Ming Lei
|
1f888f82e5 |
blk-mq: make sure that line break can be printed
commit d2c9be89f8ebe7ebcc97676ac40f8dec1cf9b43a upstream.
8962842ca5ab ("blk-mq: avoid sysfs buffer overflow with too many CPU cores")
avoids sysfs buffer overflow, and reserves one character for line break.
However, the last snprintf() doesn't get correct 'size' parameter passed
in, so fixed it.
Fixes: 8962842ca5ab ("blk-mq: avoid sysfs buffer overflow with too many CPU cores")
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Cc: Nobuhiro Iwamatsu <nobuhiro1.iwamatsu@toshiba.co.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Ming Lei
|
6eca9292c5 |
blk-mq: avoid sysfs buffer overflow with too many CPU cores
commit 8962842ca5abdcf98e22ab3b2b45a103f0408b95 upstream. It is reported that sysfs buffer overflow can be triggered if the system has too many CPU cores(>841 on 4K PAGE_SIZE) when showing CPUs of hctx via /sys/block/$DEV/mq/$N/cpu_list. Use snprintf to avoid the potential buffer overflow. This version doesn't change the attribute format, and simply stops showing CPU numbers if the buffer is going to overflow. Cc: stable@vger.kernel.org Fixes: 676141e48af7("blk-mq: don't dump CPU -> hw queue map on driver load") Signed-off-by: Ming Lei <ming.lei@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Nathan Chancellor
|
78d711b973 |
Merge branch 'android-msm-wahoo-4.4' into android-msm-wahoo-4.4-q-preview
* android-msm-wahoo-4.4:
Linux 4.4.189
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
x86/entry/64: Use JMP instead of JMPQ
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/entry/64: Fix context tracking state warning when load_gs_index fails
x86: cpufeatures: Sort feature word 7
spi: bcm2835: Fix 3-wire mode if DMA is enabled
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
bnx2x: Disable multi-cos feature.
net/mlx5: Use reversed order when unregister devices
net: sched: Fix a possible null-pointer dereference in dequeue_func()
tipc: compat: allow tipc commands without arguments
net: fix ifindex collision during namespace removal
net: bridge: delete local fdb on device init failure
atm: iphase: Fix Spectre v1 vulnerability
tcp: be more careful in tcp_fragment()
HID: Add quirk for HP X1200 PIXART OEM mouse
netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
arm64: cpufeature: Fix CTR_EL0 field definitions
Linux 4.4.188
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
s390/dasd: fix endless loop after read unit address configuration
selinux: fix memory leak in policydb_init()
x86/kvm: Don't call kvm_spurious_fault() from .fixup
ipc/mqueue.c: only perform resource calculation if user valid
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
coda: fix build using bare-metal toolchain
coda: add error handling for fget
mm/cma.c: fail if fixed declaration can't be honored
x86: math-emu: Hide clang warnings for 16-bit overflow
x86/apic: Silence -Wtype-limits compiler warnings
be2net: Signal that the device cannot transmit during reconfiguration
ACPI: fix false-positive -Wuninitialized warning
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
ceph: fix improper use of smp_mb__before_atomic()
btrfs: fix minimum number of chunk errors for DUP
fs/adfs: super: fix use-after-free bug
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
MIPS: lantiq: Fix bitfield masking
kernel/module.c: Only return -EEXIST for modules that have finished loading
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
ARM: riscpc: fix DMA
Linux 4.4.187
ceph: hold i_ceph_lock when removing caps for freeing inode
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
sched/fair: Don't free p->numa_faults with concurrent readers
Bluetooth: hci_uart: check for missing tty operations
media: radio-raremono: change devm_k*alloc to k*alloc
media: cpia2_usb: first wake up, then free in disconnect
ISDN: hfcsusb: checking idx of ep configuration
tcp: reset sk_send_head in tcp_write_queue_purge
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
mm, vmstat: make quiet_vmstat lighter
vmstat: Remove BUG_ON from vmstat_update
access: avoid the RCU grace period for the temporary subjective credentials
powerpc/tm: Fix oops on sigreturn on systems without TM
ALSA: hda - Add a conexant codec entry to let mute led work
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
hpet: Fix division by zero in hpet_time_div()
x86/speculation/mds: Apply more accurate check on hypervisor platform
x86/sysfb_efi: Add quirks for some devices with swapped width and height
usb: pci-quirks: Correct AMD PLL quirk detection
usb: wusbcore: fix unbalanced get/put cluster_id
locking/lockdep: Hide unused 'class' variable
locking/lockdep: Fix lock used or unused stats error
mm/mmu_notifier: use hlist_add_head_rcu()
9p: pass the correct prototype to read_cache_page
mm/kmemleak.c: fix check for softirq context
sh: prevent warnings when using iounmap
powerpc/eeh: Handle hugepages in ioremap space
mailbox: handle failed named mailbox channel request
f2fs: avoid out-of-range memory access
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
kallsyms: exclude kasan local symbols on s390
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
um: Silence lockdep complaint about mmap_sem
mfd: arizona: Fix undefined behavior
mfd: core: Set fwnode for created devices
recordmcount: Fix spurious mcount entries on powerpc
iio: iio-utils: Fix possible incorrect mask calculation
PCI: sysfs: Ignore lockdep for remove attribute
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
usb: gadget: Zero ffs_io_data
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/virtio: Add memory barriers for capset cache.
tty: serial: msm_serial: avoid system lockup condition
tty/serial: digicolor: Fix digicolor-usart already registered warning
memstick: Fix error cleanup path of memstick_init
tty: serial: cpm_uart - fix init when SMC is relocated
pinctrl: rockchip: fix leaked of_node references
tty: max310x: Fix invalid baudrate divisors calculator
usb: core: hub: Disable hub-initiated U1/U2
drm/panel: simple: Fix panel_simple_dsi_probe
nfsd: Fix overflow causing non-working mounts on 1 TB machines
nfsd: fix performance-limiting session calculation
nfsd: give out fewer session slots as limit approaches
nfsd: increase DRC cache limit
NFSv4: Fix open create exclusive when the server reboots
elevator: fix truncation of icq_cache_name
net: bridge: stp: don't cache eth dest pointer before skb pull
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
bonding: validate ip header before check IPPROTO_IGMP
tcp: Reset bytes_acked and bytes_received when disconnecting
netrom: hold sock when setting skb->destructor
netrom: fix a memory leak in nr_rx_frame()
sky2: Disable MSI on ASUS P6T
nfc: fix potential illegal memory access
net: neigh: fix multiple neigh timer scheduling
net: bcmgenet: use promisc for unsupported filters
ipv4: don't set IPv6 only flags to IPv4 addresses
caif-hsi: fix possible deadlock in cfhsi_exit_module()
bnx2x: Prevent load reordering in tx completion processing
dm bufio: fix deadlock with loop device
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
intel_th: msu: Fix single mode with disabled IOMMU
eCryptfs: fix a couple type promotion bugs
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
coda: pass the host file in vma->vm_file on mmap
floppy: fix out-of-bounds read in copy_buffer
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in next_valid_format
floppy: fix div-by-zero in setup_format_params
take floppy compat ioctls to sodding floppy.c
PCI: Do not poll for PME if the device is in D3cold
9p/virtio: Add cleanup path in p9_virtio_init
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
drm/nouveau/i2c: Enable i2c pads & busses during preinit
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
media: coda: Remove unbalanced and unneeded mutex unlock
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
ALSA: seq: Break too long mutex context in the write loop
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
NFSv4: Handle the special Linux file open access mode
tracing/snapshot: Resize spare buffer if size changed
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
Input: gtco - bounds check collection indent level
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: ghash - fix unaligned memory access in ghash_setkey()
Bluetooth: validate BLE connection interval updates
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
ixgbe: Check DDM existence in transceiver before access
rslib: Fix handling of of caller provided syndrome
rslib: Fix decoding of shortened codes
ath10k: fix PCIE device wake up failed
mt7601u: fix possible memory leak when the device is disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: do not schedule rx_tasklet when the device has been disconnected
media: coda: increment sequence offset for the last returned frame
media: coda: fix mpeg2 sequence number handling
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
timer_list: Guard procfs specific code
ntp: Limit TAI-UTC offset
media: i2c: fix warning same module names
EDAC/sysfs: Fix memory leak when creating a csrow object
vhost_net: disable zerocopy by default
perf evsel: Make perf_evsel__name() accept a NULL argument
xfrm: fix sa selector validation
rcu: Force inlining of rcu_read_lock()
bpf: silence warning messages in core
regmap: fix bulk writes on paged registers
gpio: omap: ensure irq is enabled before wakeup
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
perf test 6: Fix missing kvm module load for s390
s390/qdio: handle PENDING state for QEBSM devices
net: axienet: Fix race condition causing TX hang
net: fec: Do not use netdev messages too early
cpupower : frequency-set -r option misses the last cpu in related cpu list
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
locking/lockdep: Fix merging of hlocks with non-zero references
tua6100: Avoid build warnings.
net: phy: Check against net_device being NULL
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
xfrm: Fix xfrm sel prefix length validation
af_key: fix leaks in key_pol_get_resp and dump_sp.
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
net: stmmac: dwmac1000: Clear unused address entries
media: vpss: fix a potential NULL pointer dereference
media: marvell-ccic: fix DMA s/g desc number calculation
crypto: talitos - fix skcipher failure due to wrong output IV
media: dvb: usb: fix use after free in dvb_usb_device_exit
batman-adv: fix for leaked TVLV handler.
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
ath6kl: add some bounds checking
ath9k: Check for errors when reading SREV register
ath10k: Do not send probe response template for mesh
dmaengine: imx-sdma: fix use-after-free on probe error path
MIPS: fix build on non-linux hosts
MIPS: ath79: fix ar933x uart parity mode
Linux 4.4.186
KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock
s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
s390/qdio: (re-)initialize tiqdio list entries
s390: fix stfle zero padding
ARC: hide unused function unw_hdr_alloc
kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR
dm verity: use message limit for data block corruption message
sis900: fix TX completion
ppp: mppe: Add softdep to arc4
be2net: fix link failure after ethtool offline test
ARM: omap2: remove incorrect __init annotation
perf/core: Fix perf_sample_regs_user() mm check
e1000e: start network tx queue only when link is up
MIPS: Remove superfluous check for __linux__
VMCI: Fix integer overflow in VMCI handle arrays
carl9170: fix misuse of device driver API
staging: comedi: amplc_pci230: fix null pointer deref on interrupt
staging: comedi: dt282x: fix a null pointer deref on interrupt
usb: renesas_usbhs: add a workaround for a race condition of workqueue
usb: gadget: ether: Fix race between gether_disconnect and rx_submit
USB: serial: option: add support for GosunCn ME3630 RNDIS mode
USB: serial: ftdi_sio: add ID for isodebug v1
mwifiex: Don't abort on small, spec-compliant vendor IEs
fscrypt: don't set policy for a dead directory
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
mwifiex: Abort at too short BSS descriptor element
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
bnx2x: Check if transceiver implements DDM before access
md: fix for divide error in status_resync
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
ARM: davinci: da850-evm: call regulator_has_full_constraints()
Input: imx_keypad - make sure keyboard can always wake up system
can: mcp251x: add support for mcp25625
dt-bindings: can: mcp251x: add mcp25625 support
mwifiex: Fix possible buffer overflows at parsing bss descriptor
mac80211: mesh: fix RCU warning
samples, bpf: fix to change the buffer size for read()
Input: elantech - enable middle button support on 2 ThinkPads
icnss: Add check on msa region
qseecom: set rcv_req_flag to 0 when listener is just registered
qseecom: do not wake up listener to receive request if it is not ready
qseecom: check if listener is not ready to receive request
qseecom: set listener id before sending registration scm_call
qseecom: processing invalid listener request
qseecom: change check_blocked flag to an u32 value
qseecom: check if app is blocked when unloading app
qseecom: abort all listener threads before listener unregistration
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
||
|
Nathan Chancellor
|
7b4f54df73 |
Merge 4.4.189 into android-msm-wahoo-4.4
Changes in 4.4.189: (22 commits)
arm64: cpufeature: Fix CTR_EL0 field definitions
arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
HID: Add quirk for HP X1200 PIXART OEM mouse
tcp: be more careful in tcp_fragment()
atm: iphase: Fix Spectre v1 vulnerability
net: bridge: delete local fdb on device init failure
net: fix ifindex collision during namespace removal
tipc: compat: allow tipc commands without arguments
net: sched: Fix a possible null-pointer dereference in dequeue_func()
net/mlx5: Use reversed order when unregister devices
bnx2x: Disable multi-cos feature.
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
spi: bcm2835: Fix 3-wire mode if DMA is enabled
x86: cpufeatures: Sort feature word 7
x86/entry/64: Fix context tracking state warning when load_gs_index fails
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/entry/64: Use JMP instead of JMPQ
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
Linux 4.4.189
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
||
|
Greg Kroah-Hartman
|
93b2280968 |
Merge 4.4.189 into android-4.4-p
Changes in 4.4.189
arm64: cpufeature: Fix CTR_EL0 field definitions
arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
HID: Add quirk for HP X1200 PIXART OEM mouse
tcp: be more careful in tcp_fragment()
atm: iphase: Fix Spectre v1 vulnerability
net: bridge: delete local fdb on device init failure
net: fix ifindex collision during namespace removal
tipc: compat: allow tipc commands without arguments
net: sched: Fix a possible null-pointer dereference in dequeue_func()
net/mlx5: Use reversed order when unregister devices
bnx2x: Disable multi-cos feature.
compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
spi: bcm2835: Fix 3-wire mode if DMA is enabled
x86: cpufeatures: Sort feature word 7
x86/entry/64: Fix context tracking state warning when load_gs_index fails
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/entry/64: Use JMP instead of JMPQ
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
Linux 4.4.189
Change-Id: Ie53dff8ad9602a66a8c52c3fcbba354c1b7d06e5
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
xiao jin
|
e6ea77dd5a |
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
commit 54648cf1ec2d7f4b6a71767799c45676a138ca24 upstream.
We find the memory use-after-free issue in __blk_drain_queue()
on the kernel 4.14. After read the latest kernel 4.18-rc6 we
think it has the same problem.
Memory is allocated for q->fq in the blk_init_allocated_queue().
If the elevator init function called with error return, it will
run into the fail case to free the q->fq.
Then the __blk_drain_queue() uses the same memory after the free
of the q->fq, it will lead to the unpredictable event.
The patch is to set q->fq as NULL in the fail case of
blk_init_allocated_queue().
Fixes: commit
|
||
|
Nathan Chancellor
|
3c9303b5f9 |
Merge 4.4.187 into android-msm-wahoo-4.4
Changes in 4.4.187: (157 commits)
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
dmaengine: imx-sdma: fix use-after-free on probe error path
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
crypto: talitos - fix skcipher failure due to wrong output IV
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
net: stmmac: dwmac1000: Clear unused address entries
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
tua6100: Avoid build warnings.
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
cpupower : frequency-set -r option misses the last cpu in related cpu list
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
perf test 6: Fix missing kvm module load for s390
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
rcu: Force inlining of rcu_read_lock()
xfrm: fix sa selector validation
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
EDAC/sysfs: Fix memory leak when creating a csrow object
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: increment sequence offset for the last returned frame
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ath10k: fix PCIE device wake up failed
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: validate BLE connection interval updates
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
Input: gtco - bounds check collection indent level
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
tracing/snapshot: Resize spare buffer if size changed
NFSv4: Handle the special Linux file open access mode
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ALSA: seq: Break too long mutex context in the write loop
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
9p/virtio: Add cleanup path in p9_virtio_init
PCI: Do not poll for PME if the device is in D3cold
take floppy compat ioctls to sodding floppy.c
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
coda: pass the host file in vma->vm_file on mmap
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
eCryptfs: fix a couple type promotion bugs
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
dm bufio: fix deadlock with loop device
bnx2x: Prevent load reordering in tx completion processing
caif-hsi: fix possible deadlock in cfhsi_exit_module()
ipv4: don't set IPv6 only flags to IPv4 addresses
net: bcmgenet: use promisc for unsupported filters
net: neigh: fix multiple neigh timer scheduling
nfc: fix potential illegal memory access
sky2: Disable MSI on ASUS P6T
netrom: fix a memory leak in nr_rx_frame()
netrom: hold sock when setting skb->destructor
tcp: Reset bytes_acked and bytes_received when disconnecting
bonding: validate ip header before check IPPROTO_IGMP
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: stp: don't cache eth dest pointer before skb pull
elevator: fix truncation of icq_cache_name
NFSv4: Fix open create exclusive when the server reboots
nfsd: increase DRC cache limit
nfsd: give out fewer session slots as limit approaches
nfsd: fix performance-limiting session calculation
nfsd: Fix overflow causing non-working mounts on 1 TB machines
drm/panel: simple: Fix panel_simple_dsi_probe
usb: core: hub: Disable hub-initiated U1/U2
tty: max310x: Fix invalid baudrate divisors calculator
pinctrl: rockchip: fix leaked of_node references
tty: serial: cpm_uart - fix init when SMC is relocated
memstick: Fix error cleanup path of memstick_init
tty/serial: digicolor: Fix digicolor-usart already registered warning
tty: serial: msm_serial: avoid system lockup condition
drm/virtio: Add memory barriers for capset cache.
phy: renesas: rcar-gen2: Fix memory leak at error paths
usb: gadget: Zero ffs_io_data
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
PCI: sysfs: Ignore lockdep for remove attribute
iio: iio-utils: Fix possible incorrect mask calculation
recordmcount: Fix spurious mcount entries on powerpc
mfd: core: Set fwnode for created devices
mfd: arizona: Fix undefined behavior
um: Silence lockdep complaint about mmap_sem
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
kallsyms: exclude kasan local symbols on s390
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
f2fs: avoid out-of-range memory access
mailbox: handle failed named mailbox channel request
powerpc/eeh: Handle hugepages in ioremap space
sh: prevent warnings when using iounmap
mm/kmemleak.c: fix check for softirq context
9p: pass the correct prototype to read_cache_page
mm/mmu_notifier: use hlist_add_head_rcu()
locking/lockdep: Fix lock used or unused stats error
locking/lockdep: Hide unused 'class' variable
usb: wusbcore: fix unbalanced get/put cluster_id
usb: pci-quirks: Correct AMD PLL quirk detection
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/speculation/mds: Apply more accurate check on hypervisor platform
hpet: Fix division by zero in hpet_time_div()
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
ALSA: hda - Add a conexant codec entry to let mute led work
powerpc/tm: Fix oops on sigreturn on systems without TM
access: avoid the RCU grace period for the temporary subjective credentials
vmstat: Remove BUG_ON from vmstat_update
mm, vmstat: make quiet_vmstat lighter
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
tcp: reset sk_send_head in tcp_write_queue_purge
ISDN: hfcsusb: checking idx of ep configuration
media: cpia2_usb: first wake up, then free in disconnect
media: radio-raremono: change devm_k*alloc to k*alloc
Bluetooth: hci_uart: check for missing tty operations
sched/fair: Don't free p->numa_faults with concurrent readers
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
ceph: hold i_ceph_lock when removing caps for freeing inode
Linux 4.4.187
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
fs/ecryptfs/crypto.c
mm/vmstat.c
|
||
|
Greg Kroah-Hartman
|
ebf4d7ea8d |
Merge 4.4.187 into android-4.4-p
Changes in 4.4.187 MIPS: ath79: fix ar933x uart parity mode MIPS: fix build on non-linux hosts dmaengine: imx-sdma: fix use-after-free on probe error path ath10k: Do not send probe response template for mesh ath9k: Check for errors when reading SREV register ath6kl: add some bounds checking ath: DFS JP domain W56 fixed pulse type 3 RADAR detection batman-adv: fix for leaked TVLV handler. media: dvb: usb: fix use after free in dvb_usb_device_exit crypto: talitos - fix skcipher failure due to wrong output IV media: marvell-ccic: fix DMA s/g desc number calculation media: vpss: fix a potential NULL pointer dereference net: stmmac: dwmac1000: Clear unused address entries signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig af_key: fix leaks in key_pol_get_resp and dump_sp. xfrm: Fix xfrm sel prefix length validation media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails. net: phy: Check against net_device being NULL tua6100: Avoid build warnings. locking/lockdep: Fix merging of hlocks with non-zero references media: wl128x: Fix some error handling in fm_v4l2_init_video_device() cpupower : frequency-set -r option misses the last cpu in related cpu list net: fec: Do not use netdev messages too early net: axienet: Fix race condition causing TX hang s390/qdio: handle PENDING state for QEBSM devices perf test 6: Fix missing kvm module load for s390 gpio: omap: fix lack of irqstatus_raw0 for OMAP4 gpio: omap: ensure irq is enabled before wakeup regmap: fix bulk writes on paged registers bpf: silence warning messages in core rcu: Force inlining of rcu_read_lock() xfrm: fix sa selector validation perf evsel: Make perf_evsel__name() accept a NULL argument vhost_net: disable zerocopy by default EDAC/sysfs: Fix memory leak when creating a csrow object media: i2c: fix warning same module names ntp: Limit TAI-UTC offset timer_list: Guard procfs specific code acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 media: coda: fix mpeg2 sequence number handling media: coda: increment sequence offset for the last returned frame mt7601u: do not schedule rx_tasklet when the device has been disconnected x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c mt7601u: fix possible memory leak when the device is disconnected ath10k: fix PCIE device wake up failed rslib: Fix decoding of shortened codes rslib: Fix handling of of caller provided syndrome ixgbe: Check DDM existence in transceiver before access EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() Bluetooth: hci_bcsp: Fix memory leak in rx_skb Bluetooth: 6lowpan: search for destination address in all peers Bluetooth: Check state in l2cap_disconnect_rsp Bluetooth: validate BLE connection interval updates crypto: ghash - fix unaligned memory access in ghash_setkey() crypto: arm64/sha1-ce - correct digest for empty data in finup crypto: arm64/sha2-ce - correct digest for empty data in finup Input: gtco - bounds check collection indent level regulator: s2mps11: Fix buck7 and buck8 wrong voltages tracing/snapshot: Resize spare buffer if size changed NFSv4: Handle the special Linux file open access mode lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE ALSA: seq: Break too long mutex context in the write loop media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() media: coda: Remove unbalanced and unneeded mutex unlock KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed drm/nouveau/i2c: Enable i2c pads & busses during preinit padata: use smp_mb in padata_reorder to avoid orphaned padata jobs 9p/virtio: Add cleanup path in p9_virtio_init PCI: Do not poll for PME if the device is in D3cold take floppy compat ioctls to sodding floppy.c floppy: fix div-by-zero in setup_format_params floppy: fix out-of-bounds read in next_valid_format floppy: fix invalid pointer dereference in drive_name floppy: fix out-of-bounds read in copy_buffer coda: pass the host file in vma->vm_file on mmap gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1 powerpc/32s: fix suspend/resume when IBATs 4-7 are used powerpc/watchpoint: Restore NV GPRs while returning from exception eCryptfs: fix a couple type promotion bugs intel_th: msu: Fix single mode with disabled IOMMU Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug usb: Handle USB3 remote wakeup for LPM enabled devices correctly dm bufio: fix deadlock with loop device bnx2x: Prevent load reordering in tx completion processing caif-hsi: fix possible deadlock in cfhsi_exit_module() ipv4: don't set IPv6 only flags to IPv4 addresses net: bcmgenet: use promisc for unsupported filters net: neigh: fix multiple neigh timer scheduling nfc: fix potential illegal memory access sky2: Disable MSI on ASUS P6T netrom: fix a memory leak in nr_rx_frame() netrom: hold sock when setting skb->destructor tcp: Reset bytes_acked and bytes_received when disconnecting bonding: validate ip header before check IPPROTO_IGMP net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query net: bridge: stp: don't cache eth dest pointer before skb pull elevator: fix truncation of icq_cache_name NFSv4: Fix open create exclusive when the server reboots nfsd: increase DRC cache limit nfsd: give out fewer session slots as limit approaches nfsd: fix performance-limiting session calculation nfsd: Fix overflow causing non-working mounts on 1 TB machines drm/panel: simple: Fix panel_simple_dsi_probe usb: core: hub: Disable hub-initiated U1/U2 tty: max310x: Fix invalid baudrate divisors calculator pinctrl: rockchip: fix leaked of_node references tty: serial: cpm_uart - fix init when SMC is relocated memstick: Fix error cleanup path of memstick_init tty/serial: digicolor: Fix digicolor-usart already registered warning tty: serial: msm_serial: avoid system lockup condition drm/virtio: Add memory barriers for capset cache. phy: renesas: rcar-gen2: Fix memory leak at error paths usb: gadget: Zero ffs_io_data powerpc/pci/of: Fix OF flags parsing for 64bit BARs PCI: sysfs: Ignore lockdep for remove attribute iio: iio-utils: Fix possible incorrect mask calculation recordmcount: Fix spurious mcount entries on powerpc mfd: core: Set fwnode for created devices mfd: arizona: Fix undefined behavior um: Silence lockdep complaint about mmap_sem powerpc/4xx/uic: clear pending interrupt after irq type/pol change serial: sh-sci: Fix TX DMA buffer flushing and workqueue races kallsyms: exclude kasan local symbols on s390 perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning f2fs: avoid out-of-range memory access mailbox: handle failed named mailbox channel request powerpc/eeh: Handle hugepages in ioremap space sh: prevent warnings when using iounmap mm/kmemleak.c: fix check for softirq context 9p: pass the correct prototype to read_cache_page mm/mmu_notifier: use hlist_add_head_rcu() locking/lockdep: Fix lock used or unused stats error locking/lockdep: Hide unused 'class' variable usb: wusbcore: fix unbalanced get/put cluster_id usb: pci-quirks: Correct AMD PLL quirk detection x86/sysfb_efi: Add quirks for some devices with swapped width and height x86/speculation/mds: Apply more accurate check on hypervisor platform hpet: Fix division by zero in hpet_time_div() ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 ALSA: hda - Add a conexant codec entry to let mute led work powerpc/tm: Fix oops on sigreturn on systems without TM access: avoid the RCU grace period for the temporary subjective credentials vmstat: Remove BUG_ON from vmstat_update mm, vmstat: make quiet_vmstat lighter ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt tcp: reset sk_send_head in tcp_write_queue_purge ISDN: hfcsusb: checking idx of ep configuration media: cpia2_usb: first wake up, then free in disconnect media: radio-raremono: change devm_k*alloc to k*alloc Bluetooth: hci_uart: check for missing tty operations sched/fair: Don't free p->numa_faults with concurrent readers drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl ceph: hold i_ceph_lock when removing caps for freeing inode Linux 4.4.187 Change-Id: I6086b23376cdf9f6a905f727fb07175a7ebdd356 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Al Viro
|
0a18fbb5b0 |
take floppy compat ioctls to sodding floppy.c
[ Upstream commit 229b53c9bf4e1132a4aa6feb9632a7a1f1d08c5c ] all other drivers recognizing those ioctls are very much *not* biarch. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
505ad68286 |
Merge 4.4.179 into android-4.4-p
Changes in 4.4.179 arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals arm64: debug: Ensure debug handlers check triggering exception level ext4: cleanup bh release code in ext4_ind_remove_space() lib/int_sqrt: optimize initial value compute tty/serial: atmel: Add is_half_duplex helper mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA Bluetooth: Fix decrementing reference count twice in releasing socket tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped CIFS: fix POSIX lock leak and invalid ptr deref h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- tracing: kdb: Fix ftdump to not sleep gpio: gpio-omap: fix level interrupt idling sysctl: handle overflow for file-max enic: fix build warning without CONFIG_CPUMASK_OFFSTACK mm/cma.c: cma_declare_contiguous: correct err handling mm/page_ext.c: fix an imbalance with kmemleak mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! mm/slab.c: kmemleak no scan alien caches ocfs2: fix a panic problem caused by o2cb_ctl f2fs: do not use mutex lock in atomic context fs/file.c: initialize init_files.resize_wait cifs: use correct format characters dm thin: add sanity checks to thin-pool and external snapshot creation cifs: Fix NULL pointer dereference of devname fs: fix guard_bio_eod to check for real EOD errors tools lib traceevent: Fix buffer overflow in arg_eval usb: chipidea: Grab the (legacy) USB PHY by phandle first scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c coresight: etm4x: Add support to enable ETMv4.2 ARM: 8840/1: use a raw_spinlock_t in unwind mmc: omap: fix the maximum timeout setting e1000e: Fix -Wformat-truncation warnings IB/mlx4: Increase the timeout for CM cache scsi: megaraid_sas: return error when create DMA pool failed perf test: Fix failure of 'evsel-tp-sched' test on s390 SoC: imx-sgtl5000: add missing put_device() media: sh_veu: Correct return type for mem2mem buffer helpers media: s5p-jpeg: Correct return type for mem2mem buffer helpers media: s5p-g2d: Correct return type for mem2mem buffer helpers media: mx2_emmaprp: Correct return type for mem2mem buffer helpers leds: lp55xx: fix null deref on firmware load failure kprobes: Prohibit probing on bsearch() ARM: 8833/1: Ensure that NEON code always compiles with Clang ALSA: PCM: check if ops are defined before suspending PCM bcache: fix input overflow to cache set sysfs file io_error_halflife bcache: fix input overflow to sequential_cutoff bcache: improve sysfs_strtoul_clamp() fbdev: fbmem: fix memory access if logo is bigger than the screen cdrom: Fix race condition in cdrom_sysctl_register ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe soc: qcom: gsbi: Fix error handling in gsbi_probe() mt7601u: bump supported EEPROM version ARM: avoid Cortex-A9 livelock on tight dmb loops tty: increase the default flip buffer limit to 2*640K media: mt9m111: set initial frame size other than 0x0 hwrng: virtio - Avoid repeated init of completion soc/tegra: fuse: Fix illegal free of IO base address hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable dmaengine: imx-dma: fix warning comparison of distinct pointer types netfilter: physdev: relax br_netfilter dependency media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting wlcore: Fix memory leak in case wl12xx_fetch_firmware failure x86/build: Mark per-CPU symbols as absolute explicitly for LLD dmaengine: tegra: avoid overflow of byte tracking drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers binfmt_elf: switch to new creds when switching to new mm kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD x86/build: Specify elf_i386 linker emulation explicitly for i386 objects x86: vdso: Use $LD instead of $CC to link x86/vdso: Drop implicit common-page-size linker flag lib/string.c: implement a basic bcmp tty: mark Siemens R3964 line discipline as BROKEN tty: ldisc: add sysctl to prevent autoloading of ldiscs ipv6: Fix dangling pointer when ipv6 fragment ipv6: sit: reset ip header pointer in ipip6_rcv net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). openvswitch: fix flow actions reallocation qmi_wwan: add Olicard 600 sctp: initialize _pad of sockaddr_in before copying to user memory tcp: Ensure DCTCP reacts to losses netns: provide pure entropy for net_hash_mix() net: ethtool: not call vzalloc for zero sized memory request ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type ALSA: seq: Fix OOB-reads from strlcpy include/linux/bitrev.h: fix constant bitrev ASoC: fsl_esai: fix channel swap issue when stream starts block: do not leak memory in bio_copy_user_iov() genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() ARM: dts: at91: Fix typo in ISC_D0 on PC9 arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value xen: Prevent buffer overflow in privcmd ioctl sched/fair: Do not re-read ->h_load_next during hierarchical load calculation xtensa: fix return_address PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller perf/core: Restore mmap record type correctly ext4: add missing brelse() in add_new_gdb_meta_bg() ext4: report real fs size after failed resize ALSA: echoaudio: add a check for ioremap_nocache ALSA: sb8: add a check for request_region IB/mlx4: Fix race condition between catas error reset and aliasguid flows mmc: davinci: remove extraneous __init annotation ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration thermal/int340x_thermal: Add additional UUIDs thermal/int340x_thermal: fix mode setting tools/power turbostat: return the exit status of a command perf top: Fix error handling in cmd_top() perf evsel: Free evsel->counts in perf_evsel__exit() perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() x86/hpet: Prevent potential NULL pointer dereference x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors iommu/vt-d: Check capability before disabling protected memory x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error fix incorrect error code mapping for OBJECTID_NOT_FOUND ext4: prohibit fstrim in norecovery mode rsi: improve kernel thread handling to fix kernel panic 9p: do not trust pdu content for stat item size 9p locks: add mount option for lock retry interval f2fs: fix to do sanity check with current segment number serial: uartps: console_setup() can't be placed to init section ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms ACPI / SBS: Fix GPE storm on recent MacBookPro's cifs: fallback to older infolevels on findfirst queryinfo retry crypto: sha256/arm - fix crash bug in Thumb2 build crypto: sha512/arm - fix crash bug in Thumb2 build iommu/dmar: Fix buffer overflow during PCI bus notification ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t appletalk: Fix use-after-free in atalk_proc_exit lib/div64.c: off by one in shift include/linux/swap.h: use offsetof() instead of custom __swapoffset macro tpm/tpm_crb: Avoid unaligned reads in crb_recv() ovl: fix uid/gid when creating over whiteout appletalk: Fix compile regression bonding: fix event handling for stacked bonds net: atm: Fix potential Spectre v1 vulnerabilities net: bridge: multicast: use rcu to access port list from br_multicast_start_querier net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv tcp: tcp_grow_window() needs to respect tcp_space() ipv4: recompile ip options in ipv4_link_failure ipv4: ensure rcu_read_lock() in ipv4_link_failure() crypto: crypto4xx - properly set IV after de- and encrypt modpost: file2alias: go back to simple devtable lookup modpost: file2alias: check prototype of handler tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU iio/gyro/bmg160: Use millidegrees for temperature scale iio: ad_sigma_delta: select channel when reading register iio: adc: at91: disable adc channel interrupt in timeout case io: accel: kxcjk1013: restore the range after resume. staging: comedi: vmk80xx: Fix use of uninitialized semaphore staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf staging: comedi: ni_usb6501: Fix use of uninitialized mutex staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf ALSA: core: Fix card races between register and disconnect crypto: x86/poly1305 - fix overflow during partial reduction arm64: futex: Restore oldval initialization to work around buggy compilers x86/kprobes: Verify stack frame on kretprobe kprobes: Mark ftrace mcount handler functions nokprobe kprobes: Fix error check when reusing optimized probes mac80211: do not call driver wake_tx_queue op during reconfig Revert "kbuild: use -Oz instead of -Os when using clang" sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup device_cgroup: fix RCU imbalance in error case mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n ALSA: info: Fix racy addition/deletion of nodes Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" kernel/sysctl.c: fix out-of-bounds access when setting file-max Linux 4.4.179 Change-Id: Ia88dbd6c37250a682098a4a8540672869c6adf42 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Nathan Chancellor
|
f0c45dd317 |
Merge branch 'android-msm-wahoo-4.4' into android-msm-wahoo-4.4-q-preview
* android-msm-wahoo-4.4: Linux 4.4.179 kernel/sysctl.c: fix out-of-bounds access when setting file-max Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" ALSA: info: Fix racy addition/deletion of nodes mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n device_cgroup: fix RCU imbalance in error case sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup Revert "kbuild: use -Oz instead of -Os when using clang" mac80211: do not call driver wake_tx_queue op during reconfig kprobes: Fix error check when reusing optimized probes kprobes: Mark ftrace mcount handler functions nokprobe x86/kprobes: Verify stack frame on kretprobe arm64: futex: Restore oldval initialization to work around buggy compilers crypto: x86/poly1305 - fix overflow during partial reduction ALSA: core: Fix card races between register and disconnect staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf staging: comedi: ni_usb6501: Fix use of uninitialized mutex staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf staging: comedi: vmk80xx: Fix use of uninitialized semaphore io: accel: kxcjk1013: restore the range after resume. iio: adc: at91: disable adc channel interrupt in timeout case iio: ad_sigma_delta: select channel when reading register iio/gyro/bmg160: Use millidegrees for temperature scale KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete modpost: file2alias: check prototype of handler modpost: file2alias: go back to simple devtable lookup crypto: crypto4xx - properly set IV after de- and encrypt ipv4: ensure rcu_read_lock() in ipv4_link_failure() ipv4: recompile ip options in ipv4_link_failure tcp: tcp_grow_window() needs to respect tcp_space() net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv net: bridge: multicast: use rcu to access port list from br_multicast_start_querier net: atm: Fix potential Spectre v1 vulnerabilities bonding: fix event handling for stacked bonds appletalk: Fix compile regression ovl: fix uid/gid when creating over whiteout tpm/tpm_crb: Avoid unaligned reads in crb_recv() include/linux/swap.h: use offsetof() instead of custom __swapoffset macro lib/div64.c: off by one in shift appletalk: Fix use-after-free in atalk_proc_exit ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t iommu/dmar: Fix buffer overflow during PCI bus notification crypto: sha512/arm - fix crash bug in Thumb2 build crypto: sha256/arm - fix crash bug in Thumb2 build cifs: fallback to older infolevels on findfirst queryinfo retry ACPI / SBS: Fix GPE storm on recent MacBookPro's ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms serial: uartps: console_setup() can't be placed to init section f2fs: fix to do sanity check with current segment number 9p locks: add mount option for lock retry interval 9p: do not trust pdu content for stat item size rsi: improve kernel thread handling to fix kernel panic ext4: prohibit fstrim in norecovery mode fix incorrect error code mapping for OBJECTID_NOT_FOUND x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error iommu/vt-d: Check capability before disabling protected memory x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors x86/hpet: Prevent potential NULL pointer dereference perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test() perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test perf evsel: Free evsel->counts in perf_evsel__exit() perf top: Fix error handling in cmd_top() tools/power turbostat: return the exit status of a command thermal/int340x_thermal: fix mode setting thermal/int340x_thermal: Add additional UUIDs ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration mmc: davinci: remove extraneous __init annotation IB/mlx4: Fix race condition between catas error reset and aliasguid flows ALSA: sb8: add a check for request_region ALSA: echoaudio: add a check for ioremap_nocache ext4: report real fs size after failed resize ext4: add missing brelse() in add_new_gdb_meta_bg() perf/core: Restore mmap record type correctly PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller xtensa: fix return_address sched/fair: Do not re-read ->h_load_next during hierarchical load calculation xen: Prevent buffer overflow in privcmd ioctl arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value ARM: dts: at91: Fix typo in ISC_D0 on PC9 genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() block: do not leak memory in bio_copy_user_iov() ASoC: fsl_esai: fix channel swap issue when stream starts include/linux/bitrev.h: fix constant bitrev ALSA: seq: Fix OOB-reads from strlcpy ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type net: ethtool: not call vzalloc for zero sized memory request netns: provide pure entropy for net_hash_mix() tcp: Ensure DCTCP reacts to losses sctp: initialize _pad of sockaddr_in before copying to user memory qmi_wwan: add Olicard 600 openvswitch: fix flow actions reallocation net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). ipv6: sit: reset ip header pointer in ipip6_rcv ipv6: Fix dangling pointer when ipv6 fragment tty: ldisc: add sysctl to prevent autoloading of ldiscs tty: mark Siemens R3964 line discipline as BROKEN lib/string.c: implement a basic bcmp x86/vdso: Drop implicit common-page-size linker flag x86: vdso: Use $LD instead of $CC to link x86/build: Specify elf_i386 linker emulation explicitly for i386 objects kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD binfmt_elf: switch to new creds when switching to new mm drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers dmaengine: tegra: avoid overflow of byte tracking x86/build: Mark per-CPU symbols as absolute explicitly for LLD wlcore: Fix memory leak in case wl12xx_fetch_firmware failure regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration netfilter: physdev: relax br_netfilter dependency dmaengine: imx-dma: fix warning comparison of distinct pointer types hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable soc/tegra: fuse: Fix illegal free of IO base address hwrng: virtio - Avoid repeated init of completion media: mt9m111: set initial frame size other than 0x0 tty: increase the default flip buffer limit to 2*640K ARM: avoid Cortex-A9 livelock on tight dmb loops mt7601u: bump supported EEPROM version soc: qcom: gsbi: Fix error handling in gsbi_probe() ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe cdrom: Fix race condition in cdrom_sysctl_register fbdev: fbmem: fix memory access if logo is bigger than the screen bcache: improve sysfs_strtoul_clamp() bcache: fix input overflow to sequential_cutoff bcache: fix input overflow to cache set sysfs file io_error_halflife ALSA: PCM: check if ops are defined before suspending PCM ARM: 8833/1: Ensure that NEON code always compiles with Clang kprobes: Prohibit probing on bsearch() leds: lp55xx: fix null deref on firmware load failure media: mx2_emmaprp: Correct return type for mem2mem buffer helpers media: s5p-g2d: Correct return type for mem2mem buffer helpers media: s5p-jpeg: Correct return type for mem2mem buffer helpers media: sh_veu: Correct return type for mem2mem buffer helpers SoC: imx-sgtl5000: add missing put_device() perf test: Fix failure of 'evsel-tp-sched' test on s390 scsi: megaraid_sas: return error when create DMA pool failed IB/mlx4: Increase the timeout for CM cache e1000e: Fix -Wformat-truncation warnings mmc: omap: fix the maximum timeout setting ARM: 8840/1: use a raw_spinlock_t in unwind coresight: etm4x: Add support to enable ETMv4.2 scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c usb: chipidea: Grab the (legacy) USB PHY by phandle first tools lib traceevent: Fix buffer overflow in arg_eval fs: fix guard_bio_eod to check for real EOD errors cifs: Fix NULL pointer dereference of devname dm thin: add sanity checks to thin-pool and external snapshot creation cifs: use correct format characters fs/file.c: initialize init_files.resize_wait f2fs: do not use mutex lock in atomic context ocfs2: fix a panic problem caused by o2cb_ctl mm/slab.c: kmemleak no scan alien caches mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! mm/page_ext.c: fix an imbalance with kmemleak mm/cma.c: cma_declare_contiguous: correct err handling enic: fix build warning without CONFIG_CPUMASK_OFFSTACK sysctl: handle overflow for file-max gpio: gpio-omap: fix level interrupt idling tracing: kdb: Fix ftdump to not sleep h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- CIFS: fix POSIX lock leak and invalid ptr deref tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped Bluetooth: Fix decrementing reference count twice in releasing socket i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified tty/serial: atmel: Add is_half_duplex helper lib/int_sqrt: optimize initial value compute ext4: cleanup bh release code in ext4_ind_remove_space() arm64: debug: Ensure debug handlers check triggering exception level arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> |
||
|
Nathan Chancellor
|
79a097e001 |
Merge 4.4.179 into android-msm-wahoo-4.4
Changes in 4.4.179: (170 commits)
arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arm64: debug: Ensure debug handlers check triggering exception level
ext4: cleanup bh release code in ext4_ind_remove_space()
lib/int_sqrt: optimize initial value compute
tty/serial: atmel: Add is_half_duplex helper
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
Bluetooth: Fix decrementing reference count twice in releasing socket
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
CIFS: fix POSIX lock leak and invalid ptr deref
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
tracing: kdb: Fix ftdump to not sleep
gpio: gpio-omap: fix level interrupt idling
sysctl: handle overflow for file-max
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
mm/cma.c: cma_declare_contiguous: correct err handling
mm/page_ext.c: fix an imbalance with kmemleak
mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/slab.c: kmemleak no scan alien caches
ocfs2: fix a panic problem caused by o2cb_ctl
f2fs: do not use mutex lock in atomic context
fs/file.c: initialize init_files.resize_wait
cifs: use correct format characters
dm thin: add sanity checks to thin-pool and external snapshot creation
cifs: Fix NULL pointer dereference of devname
fs: fix guard_bio_eod to check for real EOD errors
tools lib traceevent: Fix buffer overflow in arg_eval
usb: chipidea: Grab the (legacy) USB PHY by phandle first
scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
coresight: etm4x: Add support to enable ETMv4.2
ARM: 8840/1: use a raw_spinlock_t in unwind
mmc: omap: fix the maximum timeout setting
e1000e: Fix -Wformat-truncation warnings
IB/mlx4: Increase the timeout for CM cache
scsi: megaraid_sas: return error when create DMA pool failed
perf test: Fix failure of 'evsel-tp-sched' test on s390
SoC: imx-sgtl5000: add missing put_device()
media: sh_veu: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
leds: lp55xx: fix null deref on firmware load failure
kprobes: Prohibit probing on bsearch()
ARM: 8833/1: Ensure that NEON code always compiles with Clang
ALSA: PCM: check if ops are defined before suspending PCM
bcache: fix input overflow to cache set sysfs file io_error_halflife
bcache: fix input overflow to sequential_cutoff
bcache: improve sysfs_strtoul_clamp()
fbdev: fbmem: fix memory access if logo is bigger than the screen
cdrom: Fix race condition in cdrom_sysctl_register
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
soc: qcom: gsbi: Fix error handling in gsbi_probe()
mt7601u: bump supported EEPROM version
ARM: avoid Cortex-A9 livelock on tight dmb loops
tty: increase the default flip buffer limit to 2*640K
media: mt9m111: set initial frame size other than 0x0
hwrng: virtio - Avoid repeated init of completion
soc/tegra: fuse: Fix illegal free of IO base address
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
dmaengine: imx-dma: fix warning comparison of distinct pointer types
netfilter: physdev: relax br_netfilter dependency
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
dmaengine: tegra: avoid overflow of byte tracking
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
binfmt_elf: switch to new creds when switching to new mm
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
x86: vdso: Use $LD instead of $CC to link
x86/vdso: Drop implicit common-page-size linker flag
lib/string.c: implement a basic bcmp
tty: mark Siemens R3964 line discipline as BROKEN
tty: ldisc: add sysctl to prevent autoloading of ldiscs
ipv6: Fix dangling pointer when ipv6 fragment
ipv6: sit: reset ip header pointer in ipip6_rcv
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
openvswitch: fix flow actions reallocation
qmi_wwan: add Olicard 600
sctp: initialize _pad of sockaddr_in before copying to user memory
tcp: Ensure DCTCP reacts to losses
netns: provide pure entropy for net_hash_mix()
net: ethtool: not call vzalloc for zero sized memory request
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ALSA: seq: Fix OOB-reads from strlcpy
include/linux/bitrev.h: fix constant bitrev
ASoC: fsl_esai: fix channel swap issue when stream starts
block: do not leak memory in bio_copy_user_iov()
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
ARM: dts: at91: Fix typo in ISC_D0 on PC9
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
xen: Prevent buffer overflow in privcmd ioctl
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xtensa: fix return_address
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
perf/core: Restore mmap record type correctly
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
mmc: davinci: remove extraneous __init annotation
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting
tools/power turbostat: return the exit status of a command
perf top: Fix error handling in cmd_top()
perf evsel: Free evsel->counts in perf_evsel__exit()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
x86/hpet: Prevent potential NULL pointer dereference
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
iommu/vt-d: Check capability before disabling protected memory
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
fix incorrect error code mapping for OBJECTID_NOT_FOUND
ext4: prohibit fstrim in norecovery mode
rsi: improve kernel thread handling to fix kernel panic
9p: do not trust pdu content for stat item size
9p locks: add mount option for lock retry interval
f2fs: fix to do sanity check with current segment number
serial: uartps: console_setup() can't be placed to init section
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
ACPI / SBS: Fix GPE storm on recent MacBookPro's
cifs: fallback to older infolevels on findfirst queryinfo retry
crypto: sha256/arm - fix crash bug in Thumb2 build
crypto: sha512/arm - fix crash bug in Thumb2 build
iommu/dmar: Fix buffer overflow during PCI bus notification
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
appletalk: Fix use-after-free in atalk_proc_exit
lib/div64.c: off by one in shift
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
ovl: fix uid/gid when creating over whiteout
appletalk: Fix compile regression
bonding: fix event handling for stacked bonds
net: atm: Fix potential Spectre v1 vulnerabilities
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
tcp: tcp_grow_window() needs to respect tcp_space()
ipv4: recompile ip options in ipv4_link_failure
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
crypto: crypto4xx - properly set IV after de- and encrypt
modpost: file2alias: go back to simple devtable lookup
modpost: file2alias: check prototype of handler
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
iio/gyro/bmg160: Use millidegrees for temperature scale
iio: ad_sigma_delta: select channel when reading register
iio: adc: at91: disable adc channel interrupt in timeout case
io: accel: kxcjk1013: restore the range after resume.
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
ALSA: core: Fix card races between register and disconnect
crypto: x86/poly1305 - fix overflow during partial reduction
arm64: futex: Restore oldval initialization to work around buggy compilers
x86/kprobes: Verify stack frame on kretprobe
kprobes: Mark ftrace mcount handler functions nokprobe
kprobes: Fix error check when reusing optimized probes
mac80211: do not call driver wake_tx_queue op during reconfig
Revert "kbuild: use -Oz instead of -Os when using clang"
sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
device_cgroup: fix RCU imbalance in error case
mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
ALSA: info: Fix racy addition/deletion of nodes
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
kernel/sysctl.c: fix out-of-bounds access when setting file-max
Linux 4.4.179
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
Makefile
fs/ext4/ioctl.c
|
||
|
Jérôme Glisse
|
f449309b7f |
block: do not leak memory in bio_copy_user_iov()
commit a3761c3c91209b58b6f33bf69dd8bb8ec0c9d925 upstream. When bio_add_pc_page() fails in bio_copy_user_iov() we should free the page we just allocated otherwise we are leaking it. Cc: linux-block@vger.kernel.org Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: stable@vger.kernel.org Reviewed-by: Chaitanya Kulkarni <chaitanya.kulkarni@wdc.com> Signed-off-by: Jérôme Glisse <jglisse@redhat.com> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jens Axboe
|
1b8fd99ea0 |
UPSTREAM: mm: don't cap request size based on read-ahead setting
We ran into a funky issue, where someone doing 256K buffered reads saw 128K requests at the device level. Turns out it is read-ahead capping the request size, since we use 128K as the default setting. This doesn't make a lot of sense - if someone is issuing 256K reads, they should see 256K reads, regardless of the read-ahead setting, if the underlying device can support a 256K read in a single command. This patch introduces a bdi hint, io_pages. This is the soft max IO size for the lower level, I've hooked it up to the bdev settings here. Read-ahead is modified to issue the maximum of the user request size, and the read-ahead max size, but capped to the max request size on the device side. The latter is done to avoid reading ahead too much, if the application asks for a huge read. With this patch, the kernel behaves like the application expects. Change-Id: Ibe52ffac7a6e1ac86ed0c6a59a0f7a32d651ee5f Link: http://lkml.kernel.org/r/1479498073-8657-1-git-send-email-axboe@fb.com Signed-off-by: Jens Axboe <axboe@fb.com> Acked-by: Johannes Weiner <hannes@cmpxchg.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> |
||
|
Greg Kroah-Hartman
|
4de21d48fc |
Merge 4.4.157 into android-msm-wahoo-4.4-lts
Linux 4.4.157
* mm: get rid of vmacache_flush_all() entirely
include/linux/mm_types.h
include/linux/sched.h
include/linux/vm_event_item.h
include/linux/vmacache.h
mm/debug.c
mm/vmacache.c
x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
autofs: fix autofs_sbi() does not check super block type
mtd: ubi: wl: Fix error return code in ubi_wl_init()
crypto: vmx - Fix sleep-in-atomic bugs
ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle
net: ethernet: ti: cpsw: fix mdio device reference leak
drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config
* netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
net/netfilter/x_tables.c
vmw_balloon: include asm/io.h
* xhci: Fix use-after-free in xhci_free_virt_device
drivers/usb/host/xhci.c
RDMA/cma: Do not ignore net namespace for unbound cm_id
MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
* f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
fs/f2fs/super.c
mfd: ti_am335x_tscadc: Fix struct clk memory leak
iommu/ipmmu-vmsa: Fix allocation in atomic context
partitions/aix: fix usage of uninitialized lv_info and lvname structures
partitions/aix: append null character to print data from disk
Input: atmel_mxt_ts - only use first T9 instance
net: dcb: For wild-card lookups, use priority -1, not 0
MIPS: Octeon: add missing of_node_put()
net: mvneta: fix mtu change on port without link
gpio: ml-ioh: Fix buffer underwrite on probe error path
x86/mm: Remove in_nmi() warning from vmalloc_fault()
* Bluetooth: hidp: Fix handling of strncpy for hid->name information
net/bluetooth/hidp/core.c
ath10k: disable bundle mgmt tx completion event support
scsi: 3ware: fix return 0 on the error path of probe
ata: libahci: Correct setting of DEVSLP register
MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
ath10k: prevent active scans on potential unusable channels
macintosh/via-pmu: Add missing mmio accessors
NFSv4.0 fix client reference leak in callback
perf tools: Allow overriding MAX_NR_CPUS at compile time
f2fs: do not set free of current section
tty: rocket: Fix possible buffer overwrite on register_PCI
* uio: potential double frees if __uio_register_device() fails
drivers/uio/uio.c
misc: ti-st: Fix memory leak in the error path of probe()
md/raid5: fix data corruption of replacements after originals dropped
* scsi: target: fix __transport_register_session locking
drivers/target/target_core_transport.c
gpio: tegra: Move driver registration to subsys_init level
* Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
drivers/bluetooth/Kconfig
* ethtool: Remove trailing semicolon for static inline
include/uapi/linux/ethtool.h
misc: mic: SCIF Fix scif_get_new_port() error handling
ARC: [plat-axs*]: Enable SWAP
* locking/osq_lock: Fix osq_lock queue corruption
kernel/locking/osq_lock.c
* selinux: use GFP_NOWAIT in the AVC kmem_caches
security/selinux/avc.c
* locking/rwsem-xadd: Fix missed wakeup due to reordering of load
kernel/locking/rwsem-xadd.c
* block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
block/cfq-iosched.c
staging/rts5208: Fix read overflow in memcpy
staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
kthread: fix boot hang (regression) on MIPS/OpenRISC
* kthread: Fix use-after-free if kthread fork fails
kernel/fork.c
* cfq: Give a chance for arming slice idle timer in case of group_idle
block/cfq-iosched.c
* ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
sound/pci/hda/hda_codec.c
i2c: i801: fix DNV's SMBCTRL register offset
i2c: xiic: Make the start and the byte count write atomic
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
a29988a1dc |
Merge 4.4.157 into android-4.4-p
Changes in 4.4.157
i2c: xiic: Make the start and the byte count write atomic
i2c: i801: fix DNV's SMBCTRL register offset
ALSA: hda - Fix cancel_work_sync() stall from jackpoll work
cfq: Give a chance for arming slice idle timer in case of group_idle
kthread: Fix use-after-free if kthread fork fails
kthread: fix boot hang (regression) on MIPS/OpenRISC
staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page
staging/rts5208: Fix read overflow in memcpy
block,blkcg: use __GFP_NOWARN for best-effort allocations in blkcg
locking/rwsem-xadd: Fix missed wakeup due to reordering of load
selinux: use GFP_NOWAIT in the AVC kmem_caches
locking/osq_lock: Fix osq_lock queue corruption
ARC: [plat-axs*]: Enable SWAP
misc: mic: SCIF Fix scif_get_new_port() error handling
ethtool: Remove trailing semicolon for static inline
Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV
gpio: tegra: Move driver registration to subsys_init level
scsi: target: fix __transport_register_session locking
md/raid5: fix data corruption of replacements after originals dropped
misc: ti-st: Fix memory leak in the error path of probe()
uio: potential double frees if __uio_register_device() fails
tty: rocket: Fix possible buffer overwrite on register_PCI
f2fs: do not set free of current section
perf tools: Allow overriding MAX_NR_CPUS at compile time
NFSv4.0 fix client reference leak in callback
macintosh/via-pmu: Add missing mmio accessors
ath10k: prevent active scans on potential unusable channels
MIPS: Fix ISA virt/bus conversion for non-zero PHYS_OFFSET
ata: libahci: Correct setting of DEVSLP register
scsi: 3ware: fix return 0 on the error path of probe
ath10k: disable bundle mgmt tx completion event support
Bluetooth: hidp: Fix handling of strncpy for hid->name information
x86/mm: Remove in_nmi() warning from vmalloc_fault()
gpio: ml-ioh: Fix buffer underwrite on probe error path
net: mvneta: fix mtu change on port without link
MIPS: Octeon: add missing of_node_put()
net: dcb: For wild-card lookups, use priority -1, not 0
Input: atmel_mxt_ts - only use first T9 instance
partitions/aix: append null character to print data from disk
partitions/aix: fix usage of uninitialized lv_info and lvname structures
iommu/ipmmu-vmsa: Fix allocation in atomic context
mfd: ti_am335x_tscadc: Fix struct clk memory leak
f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize
MIPS: WARN_ON invalid DMA cache maintenance, not BUG_ON
RDMA/cma: Do not ignore net namespace for unbound cm_id
xhci: Fix use-after-free in xhci_free_virt_device
vmw_balloon: include asm/io.h
netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user
drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config
net: ethernet: ti: cpsw: fix mdio device reference leak
ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle
crypto: vmx - Fix sleep-in-atomic bugs
mtd: ubi: wl: Fix error return code in ubi_wl_init()
autofs: fix autofs_sbi() does not check super block type
x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
mm: get rid of vmacache_flush_all() entirely
Linux 4.4.157
Change-Id: I08e4c24c1a22ef0e97f9185bc9da72f4a651ca73
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|