udc
1422 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
ec66dd5675 |
Merge remote-tracking branch 'common/android-4.4-p' into android-msm-wahoo-4.4
* common/android-4.4-p: Linux 4.4.296 xen/netback: don't queue unlimited number of packages xen/console: harden hvc_xen against event channel storms xen/netfront: harden netfront against event channel storms xen/blkfront: harden blkfront against event channel storms Input: touchscreen - avoid bitwise vs logical OR warning ARM: 8805/2: remove unneeded naked function usage net: lan78xx: Avoid unnecessary self assignment net: systemport: Add global locking for descriptor lifecycle timekeeping: Really make sure wall_to_monotonic isn't positive USB: serial: option: add Telit FN990 compositions PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error USB: gadget: bRequestType is a bitfield, not a enum igbvf: fix double free in `igbvf_probe` soc/tegra: fuse: Fix bitwise vs. logical OR warning nfsd: fix use-after-free due to delegation race dm btree remove: fix use after free in rebalance_children() recordmcount.pl: look for jgnop instruction as well as bcrl on s390 mac80211: send ADDBA requests using the tid/queue of the aggregation session hwmon: (dell-smm) Fix warning on /proc/i8k creation error net: netlink: af_netlink: Prevent empty skb by adding a check on len. i2c: rk3x: Handle a spurious start completion interrupt flag parisc/agp: Annotate parisc agp init functions with __init nfc: fix segfault in nfc_genl_dump_devices_done FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum Linux 4.4.295 irqchip: nvic: Fix offset for Interrupt Priority Offsets irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove iio: itg3200: Call iio_trigger_notify_done() on error iio: ltr501: Don't return error code in trigger handler iio: mma8452: Fix trigger reference couting iio: stk3310: Don't return error code in interrupt handler usb: core: config: fix validation of wMaxPacketValue entries USB: gadget: zero allocate endpoint 0 buffers USB: gadget: detect too-big endpoint 0 requests net/qla3xxx: fix an error code in ql_adapter_up() net, neigh: clear whole pneigh_entry at alloc time net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() net: altera: set a couple error code in probe() net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) tracefs: Set all files to the same group ownership as the mount option signalfd: use wake_up_pollfree() binder: use wake_up_pollfree() wait: add wake_up_pollfree() libata: add horkage for ASMedia 1092 can: pch_can: pch_can_rx_normal: fix use after free tracefs: Have new files inherit the ownership of their parent ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() ALSA: pcm: oss: Limit the period size to 16MB ALSA: pcm: oss: Fix negative period/buffer sizes ALSA: ctl: Fix copy of updated id with element read/write mm: bdi: initialize bdi_min_ratio when bdi is unregistered nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done can: sja1000: fix use after free in ems_pcmcia_add_card() HID: check for valid USB device for many HID drivers HID: wacom: fix problems when device is not a valid USB device HID: add USB_HID dependancy on some USB HID drivers HID: add USB_HID dependancy to hid-chicony HID: add USB_HID dependancy to hid-prodikeys HID: add hid_is_usb() function to make it simpler for USB detection HID: introduce hid_is_using_ll_driver UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers UPSTREAM: USB: gadget: detect too-big endpoint 0 requests Linux 4.4.294 serial: pl011: Add ACPI SBSA UART match id tty: serial: msm_serial: Deactivate RX DMA for polling support vgacon: Propagate console boot parameters before calling `vc_resize' parisc: Fix "make install" on newer debian releases siphash: use _unaligned version by default net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() natsemi: xtensa: fix section mismatch warnings fget: check that the fd still exists after getting a ref to it fs: add fget_many() and fput_many() sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl kprobes: Limit max data_size of the kretprobe instances net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound scsi: iscsi: Unblock session then wake up error handler s390/setup: avoid using memblock_enforce_memory_limit platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep net: return correct error code hugetlb: take PMD sharing into account when flushing tlb/caches tty: hvc: replace BUG_ON() with negative return value xen/netfront: don't trust the backend response data blindly xen/netfront: disentangle tx_skb_freelist xen/netfront: don't read data from request on the ring page xen/netfront: read response from backend only once xen/blkfront: don't trust the backend response data blindly xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: read response from backend only once xen: sync include/xen/interface/io/ring.h with Xen's newest version shm: extend forced shm destroy to support objects from several IPC nses fuse: release pipe buf after last use fuse: fix page stealing NFC: add NCI_UNREG flag to eliminate the race proc/vmcore: fix clearing user buffer by properly using clear_user() hugetlbfs: flush TLBs correctly after huge_pmd_unshare tracing: Check pid filtering when creating events tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows scsi: mpt3sas: Fix kernel panic during drive powercycle test ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE NFSv42: Don't fail clone() unless the OP_CLONE operation failed net: ieee802154: handle iftypes as u32 ASoC: topology: Add missing rwsem around snd_ctl_remove() calls ARM: dts: BCM5301X: Add interrupt properties to GPIO node xen: detect uninitialized xenbus in xenbus_init xen: don't continue xenstore initialization in case of errors staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() ALSA: ctxfi: Fix out-of-range access binder: fix test regression due to sender_euid change usb: hub: Fix locking issues with address0_mutex usb: hub: Fix usb enumeration issue due to address0 race USB: serial: option: add Fibocom FM101-GL variants USB: serial: option: add Telit LE910S1 0x9200 composition staging: ion: Prevent incorrect reference counting behavour Conflicts: fs/file_table.c Change-Id: Ie66d41bc083d3d53fc89fba73b6e57bcc18e1c4a |
||
|
Greg Kroah-Hartman
|
342cab2951 |
Merge 4.4.296 into android-4.4-p
Changes in 4.4.296 nfc: fix segfault in nfc_genl_dump_devices_done parisc/agp: Annotate parisc agp init functions with __init i2c: rk3x: Handle a spurious start completion interrupt flag net: netlink: af_netlink: Prevent empty skb by adding a check on len. hwmon: (dell-smm) Fix warning on /proc/i8k creation error mac80211: send ADDBA requests using the tid/queue of the aggregation session recordmcount.pl: look for jgnop instruction as well as bcrl on s390 dm btree remove: fix use after free in rebalance_children() nfsd: fix use-after-free due to delegation race soc/tegra: fuse: Fix bitwise vs. logical OR warning igbvf: fix double free in `igbvf_probe` USB: gadget: bRequestType is a bitfield, not a enum PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error USB: serial: option: add Telit FN990 compositions timekeeping: Really make sure wall_to_monotonic isn't positive net: systemport: Add global locking for descriptor lifecycle net: lan78xx: Avoid unnecessary self assignment ARM: 8805/2: remove unneeded naked function usage Input: touchscreen - avoid bitwise vs logical OR warning xen/blkfront: harden blkfront against event channel storms xen/netfront: harden netfront against event channel storms xen/console: harden hvc_xen against event channel storms xen/netback: don't queue unlimited number of packages Linux 4.4.296 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic14e24f8aace34bee9cf82757fa4908dc5ac2c43 |
||
|
Yu Liao
|
ed5dc41bb4 |
timekeeping: Really make sure wall_to_monotonic isn't positive
commit 4e8c11b6b3f0b6a283e898344f154641eda94266 upstream. Even after commit |
||
|
Michael Bestas
|
29daf360fe |
Merge remote-tracking branch 'common/android-4.4-p' into android-msm-wahoo-4.4
# By Daniel Rosenberg (98) and others
# Via Greg Kroah-Hartman (219) and others
* google/common/android-4.4-p:
ANDROID: xt_qtaguid: fix UAF race
ANDROID: Make vsock virtio packet buff size configurable
ANDROID: cuttlefish_defconfig: add missing CONFIG_BLK_CGROUP
ANDROID: xt_qtaguid: Remove tag_entry from process list on untag
ANDROID: usb: f_accessory: Don't drop NULL reference in acc_disconnect()
ANDROID: usb: f_accessory: Avoid bitfields for shared variables
ANDROID: usb: f_accessory: Cancel any pending work before teardown
ANDROID: usb: f_accessory: Don't corrupt global state on double registration
ANDROID: usb: f_accessory: Fix teardown ordering in acc_release()
ANDROID: usb: f_accessory: Add refcounting to global 'acc_dev'
UPSTREAM: locking/atomic, kref: Add KREF_INIT()
ANDROID: usb: f_accessory: Wrap '_acc_dev' in get()/put() accessors
ANDROID: usb: f_accessory: Remove useless assignment
ANDROID: usb: f_accessory: Remove useless non-debug prints
ANDROID: usb: f_accessory: Remove stale comments
ANDROID: USB: f_accessory: Check dev pointer before decoding ctrl request
ANDROID: usb: gadget: f_accessory: fix CTS test stuck
ANDROID: cuttlefish_defconfig: Disable CONFIG_KSM
UPSTREAM: arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
UPSTREAM: arm64: kaslr: Fix up the kernel image alignment
UPSTREAM: sched/fair: Fix FTQ noise bench regression
UPSTREAM: dm verity fec: fix bufio leaks
UPSTREAM: arm64: kernel: restrict /dev/mem read() calls to linear region
UPSTREAM: binder: fix incorrect cmd to binder_stat_br
UPSTREAM: arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
UPSTREAM: KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
UPSTREAM: fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
UPSTREAM: arm64: fix unwind_frame() for filtered out fn for function graph tracing
UPSTREAM: arm64: kpti: Use early_param for kpti= command-line option
UPSTREAM: arm64: kaslr: ensure randomized quantities are clean to the PoC
UPSTREAM: arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
UPSTREAM: staging: android: vsoc: fix copy_from_user overrun
UPSTREAM: arm64/mm: Inhibit huge-vmap with ptdump
UPSTREAM: drivers/perf: arm_pmu: Fix failure path in PM notifier
UPSTREAM: fs/posix_acl.c: fix kernel-doc warnings
UPSTREAM: ext2: fix debug reference to ext2_xattr_cache
UPSTREAM: arm64: alternative: fix build with clang integrated assembler
UPSTREAM: dm verity fec: fix hash block number in verity_fec_decode
ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
BACKPORT: xfrm/compat: Add 64=>32-bit messages translator
BACKPORT: xfrm: Provide API to register translator module
UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
ANDROID: Publish uncompressed Image on aarch64
ANDROID: Makefile: append BUILD_NUMBER to version string when defined
UPSTREAM: binder: fix UAF when releasing todo list
ANDROID: fix a bug in quota2
UPSTREAM: binder: Prevent context manager from incrementing ref 0
BACKPORT: xtables: extend matches and targets with .usersize
UPSTREAM: ip6tables: use match, target and data copy_to_user helpers
UPSTREAM: iptables: use match, target and data copy_to_user helpers
UPSTREAM: xtables: add xt_match, xt_target and data copy_to_user functions
ANDROID: cuttlefish_defconfig: Drop built-in cmdline (except nopti)
ANDROID: cuttlefish defconfig - enable mount/net/uts namespaces.
ANDROID: hid: steam: remove BT controller matching
UPSTREAM: HID: steam: Fix input device disappearing
Revert "ext2: fix empty body warnings when -Wextra is used"
Revert "net: ipv6: Fix processing of RAs in presence of VRF"
UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
BACKPORT: xfrm: Allow Output Mark to be Updated Using UPDSA
UPSTREAM: socket: close race condition between sock_close() and sockfs_setattr()
UPSTREAM: net: ipv6: Use passed in table for nexthop lookups
ANDROID: cuttlefish_defconfig: Fix dm-verity related options
Revert "ANDROID: dm verity: add minimum prefetch size"
ANDROID: mnt: Propagate remount correctly
BACKPORT: loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl
UPSTREAM: loop: drop caches if offset or block_size are changed
UPSTREAM: loop: add ioctl for changing logical block size
BACKPORT: block/loop: set hw_sectors
ANDROID: cuttlefish_defconfig: Minimally enable EFI
UPSTREAM: bpf: Explicitly memset the bpf_attr structure
FROMLIST: HID: nintendo: add nintendo switch controller driver
UPSTREAM: staging: most: net: fix buffer overflow
UPSTREAM: ALSA: pcm: Add missing copy ops check before clearing buffer
ANDROID: selinux: modify RTM_GETLINK permission
UPSTREAM: HID: input: map digitizer battery usage
UPSTREAM: HID: input: ignore the battery in OKLICK Laser BTmouse
ANDROID: cuttlefish_defconfig: Disable TRANSPARENT_HUGEPAGE
commit e82b9b0727ff ("vhost: introduce vhost_exceeds_weight()")
UPSTREAM: HID: steam: fix deadlock with input devices.
UPSTREAM: HID: steam: fix boot loop with bluetooth firmware
UPSTREAM: HID: steam: remove input device when a hid client is running.
UPSTREAM: HID: steam: use hid_device.driver_data instead of hid_set_drvdata()
UPSTREAM: HID: steam: add missing fields in client initialization
UPSTREAM: HID: steam: add battery device.
UPSTREAM: HID: add driver for Valve Steam Controller
UPSTREAM: HID: sony: Fix memory corruption issue on cleanup.
UPSTREAM: HID: sony: Fix race condition between rumble and device remove.
UPSTREAM: HID: sony: remove redundant check for -ve err
UPSTREAM: HID: sony: Make sure to unregister sensors on failure
UPSTREAM: HID: sony: Make DS4 bt poll interval adjustable
UPSTREAM: HID: sony: Set proper bit flags on DS4 output report
UPSTREAM: HID: sony: DS4 use brighter LED colors
UPSTREAM: HID: sony: Improve navigation controller axis/button mapping
UPSTREAM: HID: sony: Use DS3 MAC address as unique identifier on USB
UPSTREAM: HID: sony: Perform duplicate device check earlier on
UPSTREAM: HID: sony: Expose DS3 motion sensors through separate device
UPSTREAM: HID: sony: Print error on failure to active DS3 / Navigation controllers
UPSTREAM: HID: sony: DS3 comply to Linux gamepad spec
UPSTREAM: HID: sony: Mark DS4 touchpad device as a pointer
UPSTREAM: HID: sony: Support motion sensor calibration on dongle
UPSTREAM: HID: sony: Make work handling more generic
UPSTREAM: HID: sony: Treat the ds4 dongle as a separate device
UPSTREAM: HID: sony: Remove report descriptor fixup for DS4
UPSTREAM: HID: sony: Report hardware timestamp for DS4 sensor values
UPSTREAM: HID: sony: Calibrate DS4 motion sensors
UPSTREAM: HID: sony: Report DS4 motion sensors through a separate device
UPSTREAM: HID: sony: Fix input device leak when connecting a DS4 twice using USB/BT
UPSTREAM: HID: sony: Use LED_CORE_SUSPENDRESUME
UPSTREAM: HID: sony: Ignore DS4 dongle reports when no device is connected
UPSTREAM: HID: sony: Use DS4 MAC address as unique identifier on USB
UPSTREAM: HID: sony: Fix error handling bug when touchpad registration fails
UPSTREAM: HID: sony: Comply to Linux gamepad spec for DS4
UPSTREAM: HID: sony: Make the DS4 touchpad a separate device
UPSTREAM: HID: sony: Fix memory issue when connecting device using both Bluetooth and USB
UPSTREAM: HID: sony: Adjust value range for motion sensors
UPSTREAM: HID: sony: Handle multiple touch events input record
UPSTREAM: HID: sony: Send ds4 output reports on output end-point
UPSTREAM: HID: sony: Perform CRC check on bluetooth input packets
UPSTREAM: HID: sony: Adjust HID report size name definitions
UPSTREAM: HID: sony: Fix race condition in sony_probe
UPSTREAM: HID: sony: Update copyright and add Dualshock 4 rate control note
UPSTREAM: HID: sony: Defer the initial USB Sixaxis output report
UPSTREAM: HID: sony: Relax duplicate checking for USB-only devices
UPSTREAM: HID: sony: underscores are unnecessary for u8, u16, s32
UPSTREAM: HID: sony: fix some warnings from scripts/checkpatch.pl
UPSTREAM: HID: sony: fix errors from scripts/checkpatch.pl
UPSTREAM: HID: sony: fix a typo in descriptors comments s/Joystik/Joystick/
UPSTREAM: HID: sony: Fixup output reports for the nyko core controller
UPSTREAM: HID: sony: Remove the size check for the Dualshock 4 HID Descriptor
UPSTREAM: HID: sony: Save and restore the controller state on suspend and resume
UPSTREAM: HID: sony: Refactor the output report sending functions
ANDROID: cpufreq: times: add /proc/uid_concurrent_{active,policy}_time
rtlwifi: Fix potential overflow on P2P code
ANDROID: clang: update to 9.0.8 based on r365631c
ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
ANDROID: refactor build.config files to remove duplication
ANDROID: usb: gadget: Fix dependency for f_accessory
Remove taskname from lowmemorykiller kill reports
ANDROID: Fixes to locking around handle_lmk_event
Revert "ANDROID: regression introduced override_creds=off"
ANDROID: regression introduced override_creds=off
Fix fallout from changes to bootparam_utils.h
ANDROID: sched: Disallow WALT with CFS bandwidth control
ANDROID: fiq_debugger: remove
ANDROID: arm64: fix leftover RWX when using CONFIG_UNMAP_KERNEL_AT_EL0
ANDROID: fix kernelci build-break in lowmemorykiller
ANDROID: Avoid taking multiple locks in handle_lmk_event
UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier
ANDROID: fix binder change in merge of 4.4.183
Fix overlayfs build break
binder: binder: fix possible UAF when freeing buffer
ANDROID: Revert "f2fs: avoid out-of-range memory access"
ANDROID: overlayfs: Fix a regression in commit
|
||
|
Nathan Chancellor
|
de02d35734 |
Merge 4.4.244 into android-msm-wahoo-4.4
Changes in 4.4.244: (64 commits)
ring-buffer: Fix recursion protection transitions between interrupt context
gfs2: Wake up when sd_glock_disposal becomes zero
mm: mempolicy: fix potential pte_unmap_unlock pte error
time: Prevent undefined behaviour in timespec64_to_ns()
btrfs: reschedule when cloning lots of extents
net: xfrm: fix a race condition during allocing spi
perf tools: Add missing swap for ino_generation
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: peak_usb: add range checking in decode operations
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
Btrfs: fix missing error return if writeback for extent buffer never started
pinctrl: devicetree: Avoid taking direct reference to device name string
i40e: Wrong truncation from u16 to u8
i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
geneve: add transport ports in route lookup for geneve
ath9k_htc: Use appropriate rs_datalen type
usb: gadget: goku_udc: fix potential crashes in probe
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
gfs2: check for live vs. read-only file system in gfs2_fitrim
drm/amdgpu: perform srbm soft reset always on SDMA resume
mac80211: fix use of skb payload instead of header
cfg80211: regulatory: Fix inconsistent format argument
iommu/amd: Increase interrupt remapping table limit to 512 entries
xfs: fix a missing unlock on error in xfs_fs_map_blocks
of/address: Fix of_node memory leak in of_dma_is_coherent
cosa: Add missing kfree in error path of cosa_write
perf: Fix get_recursion_context()
ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
mei: protect mei_cl_mtu from null dereference
ocfs2: initialize ip_next_orphan
don't dump the threads that had been already exiting when zapped.
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
pinctrl: amd: use higher precision for 512 RtcClk
pinctrl: amd: fix incorrect way to disable debounce filter
swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
IPv6: Set SIT tunnel hard_header_len to zero
net/af_iucv: fix null pointer dereference on shutdown
net/x25: Fix null-ptr-deref in x25_connect
net: Update window_clamp if SOCK_RCVBUF is set
random32: make prandom_u32() output unpredictable
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
xen/events: avoid removing an event channel while handling it
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a new "late EOI" evtchn framework
xen/blkback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/pciback: use lateeoi irq binding
xen/events: switch user event channels to lateeoi model
xen/events: use a common cpu hotplug hook for event channels
xen/events: defer eoi in case of excessive number of events
xen/events: block rogue events for some time
perf/core: Fix race in the perf_mmap_close() function
Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
reboot: fix overflow parsing reboot cpu number
ext4: fix leaking sysfs kobject after failed mount
Convert trailing spaces and periods in path components
Linux 4.4.244
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
||
|
Greg Kroah-Hartman
|
4e6c6e0085 |
Merge 4.4.244 into android-4.4-p
Changes in 4.4.244
ring-buffer: Fix recursion protection transitions between interrupt context
gfs2: Wake up when sd_glock_disposal becomes zero
mm: mempolicy: fix potential pte_unmap_unlock pte error
time: Prevent undefined behaviour in timespec64_to_ns()
btrfs: reschedule when cloning lots of extents
net: xfrm: fix a race condition during allocing spi
perf tools: Add missing swap for ino_generation
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: peak_usb: add range checking in decode operations
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
Btrfs: fix missing error return if writeback for extent buffer never started
pinctrl: devicetree: Avoid taking direct reference to device name string
i40e: Wrong truncation from u16 to u8
i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
geneve: add transport ports in route lookup for geneve
ath9k_htc: Use appropriate rs_datalen type
usb: gadget: goku_udc: fix potential crashes in probe
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
gfs2: check for live vs. read-only file system in gfs2_fitrim
drm/amdgpu: perform srbm soft reset always on SDMA resume
mac80211: fix use of skb payload instead of header
cfg80211: regulatory: Fix inconsistent format argument
iommu/amd: Increase interrupt remapping table limit to 512 entries
xfs: fix a missing unlock on error in xfs_fs_map_blocks
of/address: Fix of_node memory leak in of_dma_is_coherent
cosa: Add missing kfree in error path of cosa_write
perf: Fix get_recursion_context()
ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
mei: protect mei_cl_mtu from null dereference
ocfs2: initialize ip_next_orphan
don't dump the threads that had been already exiting when zapped.
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
pinctrl: amd: use higher precision for 512 RtcClk
pinctrl: amd: fix incorrect way to disable debounce filter
swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
IPv6: Set SIT tunnel hard_header_len to zero
net/af_iucv: fix null pointer dereference on shutdown
net/x25: Fix null-ptr-deref in x25_connect
net: Update window_clamp if SOCK_RCVBUF is set
random32: make prandom_u32() output unpredictable
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
xen/events: avoid removing an event channel while handling it
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a new "late EOI" evtchn framework
xen/blkback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/pciback: use lateeoi irq binding
xen/events: switch user event channels to lateeoi model
xen/events: use a common cpu hotplug hook for event channels
xen/events: defer eoi in case of excessive number of events
xen/events: block rogue events for some time
perf/core: Fix race in the perf_mmap_close() function
Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
reboot: fix overflow parsing reboot cpu number
ext4: fix leaking sysfs kobject after failed mount
Convert trailing spaces and periods in path components
Linux 4.4.244
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I70bf4c5ac9248a8ca3383b9b0c4871729606e75e
|
||
|
George Spelvin
|
09f5820cfd |
random32: make prandom_u32() output unpredictable
commit c51f8f88d705e06bd696d7510aff22b33eb8e638 upstream.
Non-cryptographic PRNGs may have great statistical properties, but
are usually trivially predictable to someone who knows the algorithm,
given a small sample of their output. An LFSR like prandom_u32() is
particularly simple, even if the sample is widely scattered bits.
It turns out the network stack uses prandom_u32() for some things like
random port numbers which it would prefer are *not* trivially predictable.
Predictability led to a practical DNS spoofing attack. Oops.
This patch replaces the LFSR with a homebrew cryptographic PRNG based
on the SipHash round function, which is in turn seeded with 128 bits
of strong random key. (The authors of SipHash have *not* been consulted
about this abuse of their algorithm.) Speed is prioritized over security;
attacks are rare, while performance is always wanted.
Replacing all callers of prandom_u32() is the quick fix.
Whether to reinstate a weaker PRNG for uses which can tolerate it
is an open question.
Commit f227e3ec3b5c ("random32: update the net random state on interrupt
and activity") was an earlier attempt at a solution. This patch replaces
it.
Reported-by: Amit Klein <aksecurity@gmail.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: tytso@mit.edu
Cc: Florian Westphal <fw@strlen.de>
Cc: Marc Plumb <lkml.mplumb@gmail.com>
Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity")
Signed-off-by: George Spelvin <lkml@sdf.org>
Link: https://lore.kernel.org/netdev/20200808152628.GA27941@SDF.ORG/
[ willy: partial reversal of f227e3ec3b5c; moved SIPROUND definitions
to prandom.h for later use; merged George's prandom_seed() proposal;
inlined siprand_u32(); replaced the net_rand_state[] array with 4
members to fix a build issue; cosmetic cleanups to make checkpatch
happy; fixed RANDOM32_SELFTEST build ]
[wt: backported to 4.4 -- no latent_entropy, drop prandom_reseed_late]
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Nathan Chancellor
|
374d257801 |
Merge 4.4.233 into android-msm-wahoo-4.4
Changes in 4.4.233: (148 commits)
xfs: don't call xfs_da_shrink_inode with NULL bp
net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
media: rc: prevent memory leak in cx23888_ir_probe
ath9k_htc: release allocated buffer if timed out
ath9k: release allocated buffer if timed out
nfs: Move call to security_inode_listsecurity into nfs_listxattr
PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
drm: hold gem reference until object is no longer accessed
f2fs: check memory boundary by insane namelen
f2fs: check if file namelen exceeds max value
ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
rds: Prevent kernel-infoleak in rds_notify_queue_get()
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
net/x25: Fix null-ptr-deref in x25_disconnect
sh: Fix validation of system call number
net: lan78xx: add missing endpoint sanity check
net: lan78xx: fix transfer-buffer memory leak
mlxsw: core: Increase scope of RCU read-side critical section
mac80211: mesh: Free ie data when leaving mesh
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
net: ethernet: ravb: exit if re-initialization fails in tx timeout
Revert "i2c: cadence: Fix the hold bit setting"
xen-netfront: fix potential deadlock in xennet_remove()
x86/i8259: Use printk_deferred() to prevent deadlock
random32: update the net random state on interrupt and activity
ARM: percpu.h: fix build error
random: fix circular include dependency on arm64 after addition of percpu.h
random32: remove net_rand_state from the latent entropy gcc plugin
random32: move the pseudo-random 32-bit definitions to prandom.h
ext4: fix direct I/O read error
USB: serial: qcserial: add EM7305 QDL product ID
ALSA: seq: oss: Serialize ioctls
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
vgacon: Fix for missing check in scrollback handling
mtd: properly check all write ioctls for permissions
net/9p: validate fds in p9_fd_open
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
cfg80211: check vendor command doit pointer before use
igb: reinit_locked() should be called with rtnl_lock
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
tools lib traceevent: Fix memory leak in process_dynamic_array_len
binder: Prevent context manager from incrementing ref 0
ipv4: Silence suspicious RCU usage warning
ipv6: fix memory leaks on IPV6_ADDRFORM path
Revert "vxlan: fix tos value before xmit"
net: lan78xx: replace bogus endpoint lookup
usb: hso: check for return value in hso_serial_common_create()
vxlan: Ensure FDB dump is performed under RCU
Smack: fix use-after-free in smk_write_relabel_self()
tracepoint: Mark __tracepoint_string's __used
udp: drop corrupt packets earlier to avoid data corruption
gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
EDAC: Fix reference count leaks
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
drm/nouveau: fix multiple instances of reference count leaks
drm/debugfs: fix plain echo to connector "force" attribute
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
brcmfmac: To fix Bss Info flag definition Bug
iwlegacy: Check the return value of pcie_capability_read_*()
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
agp/intel: Fix a memory leak on module initialisation failure
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
iio: improve IIO_CONCENTRATION channel type description
leds: lm355x: avoid enum conversion warning
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
drm: panel: simple: Fix bpc for LG LB070WV8 panel
mwifiex: Prevent memory corruption handling keys
powerpc/vdso: Fix vdso cpu truncation
PCI/ASPM: Add missing newline in sysfs 'policy'
usb: dwc2: Fix error path in gadget registration
scsi: mesh: Fix panic after host or bus reset
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
s390/qeth: don't process empty bridge port events
wl1251: fix always return 0 error
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
dlm: Fix kobject memleak
pinctrl-single: fix pcs_parse_pinconf() return value
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: Set fput_needed iff FDPUT_FPUT is set
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
crypto: qat - fix double free in qat_uclo_create_batch_init_list
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
9p: Fix memory leak in v9fs_mount
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
powerpc: Fix circular dependency between percpu.h and mmu.h
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
mac80211: fix misplaced while instead of if
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
pseries: Fix 64 bit logical memory block panic
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Fix two list_for_each loop exit tests
nfs: Fix getxattr kernel panic and memory overflow
fs/ufs: avoid potential u32 multiplication overflow
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
sh: landisk: Add missing initialization of sh_io_port_base
ipv6: check skb->protocol before lookup for nexthop
Linux 4.4.233
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/android/binder.c
fs/ext4/inode.c
|
||
|
Greg Kroah-Hartman
|
5980066824 |
Merge 4.4.233 into android-4.4-p
Changes in 4.4.233 xfs: don't call xfs_da_shrink_inode with NULL bp net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() media: rc: prevent memory leak in cx23888_ir_probe ath9k_htc: release allocated buffer if timed out ath9k: release allocated buffer if timed out nfs: Move call to security_inode_listsecurity into nfs_listxattr PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() drm: hold gem reference until object is no longer accessed f2fs: check memory boundary by insane namelen f2fs: check if file namelen exceeds max value ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. rds: Prevent kernel-infoleak in rds_notify_queue_get() net/x25: Fix x25_neigh refcnt leak when x25 disconnect net/x25: Fix null-ptr-deref in x25_disconnect sh: Fix validation of system call number net: lan78xx: add missing endpoint sanity check net: lan78xx: fix transfer-buffer memory leak mlxsw: core: Increase scope of RCU read-side critical section mac80211: mesh: Free ie data when leaving mesh nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame net: ethernet: ravb: exit if re-initialization fails in tx timeout Revert "i2c: cadence: Fix the hold bit setting" xen-netfront: fix potential deadlock in xennet_remove() x86/i8259: Use printk_deferred() to prevent deadlock random32: update the net random state on interrupt and activity ARM: percpu.h: fix build error random: fix circular include dependency on arm64 after addition of percpu.h random32: remove net_rand_state from the latent entropy gcc plugin random32: move the pseudo-random 32-bit definitions to prandom.h ext4: fix direct I/O read error USB: serial: qcserial: add EM7305 QDL product ID ALSA: seq: oss: Serialize ioctls Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() vgacon: Fix for missing check in scrollback handling mtd: properly check all write ioctls for permissions net/9p: validate fds in p9_fd_open drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason cfg80211: check vendor command doit pointer before use igb: reinit_locked() should be called with rtnl_lock atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent tools lib traceevent: Fix memory leak in process_dynamic_array_len binder: Prevent context manager from incrementing ref 0 ipv4: Silence suspicious RCU usage warning ipv6: fix memory leaks on IPV6_ADDRFORM path Revert "vxlan: fix tos value before xmit" net: lan78xx: replace bogus endpoint lookup usb: hso: check for return value in hso_serial_common_create() vxlan: Ensure FDB dump is performed under RCU Smack: fix use-after-free in smk_write_relabel_self() tracepoint: Mark __tracepoint_string's __used udp: drop corrupt packets earlier to avoid data corruption gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...) EDAC: Fix reference count leaks m68k: mac: Don't send IOP message until channel is idle m68k: mac: Fix IOP status/control register writes ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() drm/tilcdc: fix leak & null ref in panel_connector_get_modes Bluetooth: add a mutex lock to avoid UAF in do_enale_set fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync video: fbdev: neofb: fix memory leak in neo_scan_monitor() drm/nouveau: fix multiple instances of reference count leaks drm/debugfs: fix plain echo to connector "force" attribute mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls brcmfmac: To fix Bss Info flag definition Bug iwlegacy: Check the return value of pcie_capability_read_*() usb: gadget: net2280: fix memory leak on probe error handling paths bdc: Fix bug causing crash after multiple disconnects dyndbg: fix a BUG_ON in ddebug_describe_flags bcache: fix super block seq numbers comparision in register_cache_set() ACPICA: Do not increment operation_region reference counts for field units agp/intel: Fix a memory leak on module initialisation failure video: fbdev: sm712fb: fix an issue about iounmap for a wrong address console: newport_con: fix an issue about leak related system resources iio: improve IIO_CONCENTRATION channel type description leds: lm355x: avoid enum conversion warning media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() cxl: Fix kobject memleak drm/radeon: fix array out-of-bounds read and write issues scsi: powertec: Fix different dev_id between request_irq() and free_irq() scsi: eesox: Fix different dev_id between request_irq() and free_irq() media: firewire: Using uninitialized values in node_probe() media: exynos4-is: Add missed check for pinctrl_lookup_state() drm: panel: simple: Fix bpc for LG LB070WV8 panel mwifiex: Prevent memory corruption handling keys powerpc/vdso: Fix vdso cpu truncation PCI/ASPM: Add missing newline in sysfs 'policy' usb: dwc2: Fix error path in gadget registration scsi: mesh: Fix panic after host or bus reset Smack: fix another vsscanf out of bounds Smack: prevent underflow in smk_set_cipso() power: supply: check if calc_soc succeeded in pm860x_init_battery s390/qeth: don't process empty bridge port events wl1251: fix always return 0 error net: spider_net: Fix the size used in a 'dma_free_coherent()' call dlm: Fix kobject memleak pinctrl-single: fix pcs_parse_pinconf() return value drivers/net/wan/lapbether: Added needed_headroom and a skb->len check net/nfc/rawsock.c: add CAP_NET_RAW check. net: Set fput_needed iff FDPUT_FPUT is set ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 ALSA: usb-audio: add quirk for Pioneer DDJ-RB crypto: qat - fix double free in qat_uclo_create_batch_init_list fs/minix: check return value of sb_getblk() fs/minix: don't allow getting deleted inodes fs/minix: reject too-large maximum file size ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 9p: Fix memory leak in v9fs_mount parisc: mask out enable and reserved bits from sba imask ARM: 8992/1: Fix unwind_frame for clang-built kernels xen/balloon: fix accounting in alloc_xenballooned_pages error path xen/balloon: make the balloon wait interruptible PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() btrfs: only search for left_info if there is no right_info in try_merge_free_space btrfs: fix memory leaks after failure to lookup checksums during inode logging powerpc: Fix circular dependency between percpu.h and mmu.h net: ethernet: stmmac: Disable hardware multicast filter net: stmmac: dwmac1000: provide multicast filter fallback md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 bcache: allocate meta data pages as compound pages mac80211: fix misplaced while instead of if MIPS: CPU#0 is not hotpluggable ext2: fix missing percpu_counter_inc ocfs2: change slot number type s16 to u16 kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler pseries: Fix 64 bit logical memory block panic USB: serial: ftdi_sio: make process-packet buffer unsigned USB: serial: ftdi_sio: clean up receive processing iommu/omap: Check for failure of a call to omap_iommu_dump_ctx iommu/vt-d: Enforce PASID devTLB field mask i2c: rcar: slave: only send STOP event when we have been addressed clk: clk-atlas6: fix return value check in atlas6_clk_init() Input: sentelic - fix error return when fsp_reg_write fails drm/vmwgfx: Fix two list_for_each loop exit tests nfs: Fix getxattr kernel panic and memory overflow fs/ufs: avoid potential u32 multiplication overflow mfd: dln2: Run event handler loop under spinlock ALSA: echoaudio: Fix potential Oops in snd_echo_resume() sh: landisk: Add missing initialization of sh_io_port_base ipv6: check skb->protocol before lookup for nexthop Linux 4.4.233 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Iec7dcf69361bcc247996f3de2e20ba64ed0ce3a8 |
||
|
Willy Tarreau
|
40713057d1 |
random32: update the net random state on interrupt and activity
commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream. This modifies the first 32 bits out of the 128 bits of a random CPU's net_rand_state on interrupt or CPU activity to complicate remote observations that could lead to guessing the network RNG's internal state. Note that depending on some network devices' interrupt rate moderation or binding, this re-seeding might happen on every packet or even almost never. In addition, with NOHZ some CPUs might not even get timer interrupts, leaving their local state rarely updated, while they are running networked processes making use of the random state. For this reason, we also perform this update in update_process_times() in order to at least update the state when there is user or system activity, since it's the only case we care about. Reported-by: Amit Klein <aksecurity@gmail.com> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Eric Dumazet <edumazet@google.com> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Nathan Chancellor
|
158112d028 |
Merge tag 'android-10.0.0_r0.64' into android-msm-wahoo-4.4
Android 10.0.0 Release 0.64 (QQ3A.200605.001/QQ3A.200605.002/QQ3A.200605.002.A1,taimen/walleye) * tag 'android-10.0.0_r0.64': vt: selection, push sel_lock up vt: selection, push console lock down vt: selection, close sel_buffer race Revert "Revert "vfs: fix do_last() regression"" Revert "Revert "do_last(): fetch directory ->i_mode and ->i_uid before it's too late"" Revert "msm: adsprpc: Avoid race condition during map creation and free" qcacld-3.0: Reduce the candidate list to 5 in roam cmd for SAE auth qcacld-3.0: Do rx inorder replenish for fragmented packets diag: Increment data ready only if it is first update diag: Handle data ready notification properly led-class: Fix a led-class de-init bug BACKPORT: leds: class: ensure workqueue is initialized before setting brightness UPSTREAM: ALSA: pcm: Add missing copy ops check before clearing buffer qcacld-3.0: Use policy mgr safe ch list in ACS qcacld-3.0: Lower down the channel BW in 2.4ghz case qcacld-3.0: Prevent wlan suspend if conn in progress qcacld-3.0: Destroy monitor mode vdev during stop adapter qcacld-3.0: Takecare to stop and down vdev in monitor mode msm: ipa3: Fix to add check for dma_map_single return values Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> Conflicts: arch/arm64/kernel/psci.c arch/arm64/kernel/traps.c drivers/usb/gadget/configfs.c kernel/time/hrtimer.c |
||
|
Greg Kroah-Hartman
|
53454c3459 |
Merge 4.4.224 into android-4.4-p
Changes in 4.4.224 USB: serial: qcserial: Add DW5816e support Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS" dp83640: reverse arguments to list_add_tail net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() sch_sfq: validate silly quantum values sch_choke: avoid potential panic in choke_reset() Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" enic: do not overwrite error code ipv6: fix cleanup ordering for ip6_mr failure binfmt_elf: move brk out of mmap when doing direct loader exec x86/apm: Don't access __preempt_count with zeroed fs Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0" USB: uas: add quirk for LaCie 2Big Quadra USB: serial: garmin_gps: add sanity checking for data length batman-adv: fix batadv_nc_random_weight_tq scripts/decodecode: fix trapping instruction formatting phy: micrel: Ensure interrupts are reenabled on resume binfmt_elf: Do not move brk for INTERP-less ET_EXEC ext4: add cond_resched() to ext4_protect_reserved_inode net: ipv6: add net argument to ip6_dst_lookup_flow net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup blktrace: Fix potential deadlock between delete & sysfs ops blktrace: fix unlocked access to init/start-stop/teardown blktrace: fix trace mutex deadlock blktrace: Protect q->blk_trace with RCU blktrace: fix dereference after null check ptp: do not explicitly set drvdata in ptp_clock_register() ptp: use is_visible method to hide unused attributes ptp: create "pins" together with the rest of attributes chardev: add helper function to register char devs with a struct device ptp: Fix pass zero to ERR_PTR() in ptp_clock_register ptp: fix the race between the release of ptp_clock and cdev ptp: free ptp device pin descriptors properly net: handle no dst on skb in icmp6_send net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' net: moxa: Fix a potential double 'free_irq()' drop_monitor: work around gcc-10 stringop-overflow warning scsi: sg: add sg_remove_request in sg_write spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls cifs: Check for timeout on Negotiate stage cifs: Fix a race condition with cifs_echo_request dmaengine: pch_dma.c: Avoid data race between probe and irq handler dmaengine: mmp_tdma: Reset channel error on release drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() ipc/util.c: sysvipc_find_ipc() incorrectly updates position index net: openvswitch: fix csum updates for MPLS actions gre: do not keep the GRE header around in collect medata mode mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone() scsi: qla2xxx: Avoid double completion of abort command i40e: avoid NVM acquire deadlock during NVM update net/mlx5: Fix driver load error flow when firmware is stuck netfilter: conntrack: avoid gcc-10 zero-length-bounds warning IB/mlx4: Test return value of calls to ib_get_cached_pkey pnp: Use list_for_each_entry() instead of open coding gcc-10 warnings: fix low-hanging fruit kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig Stop the ad-hoc games with -Wno-maybe-initialized gcc-10: disable 'zero-length-bounds' warning for now gcc-10: disable 'array-bounds' warning for now gcc-10: disable 'stringop-overflow' warning for now gcc-10: disable 'restrict' warning for now block: defer timeouts to a workqueue blk-mq: Allow timeouts to run while queue is freezing blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter blk-mq: Allow blocking queue tag iter callbacks x86/paravirt: Remove the unused irq_enable_sysexit pv op gcc-10: avoid shadowing standard library 'free()' in crypto net: fix a potential recursive NETDEV_FEAT_CHANGE net: ipv4: really enforce backoff for redirects netlabel: cope with NULL catmap ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 ALSA: rawmidi: Fix racy buffer resize under concurrent accesses ALSA: rawmidi: Initialize allocated buffers USB: gadget: fix illegal array access in binding with UDC ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries x86: Fix early boot crash on gcc-10, third try exec: Move would_dump into flush_old_exec usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' usb: gadget: audio: Fix a missing error return value in audio_bind() usb: gadget: legacy: fix error return code in gncm_bind() usb: gadget: legacy: fix error return code in cdc_bind() Revert "ALSA: hda/realtek: Fix pop noise on ALC225" ARM: dts: r8a7740: Add missing extal2 to CPG node KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce Makefile: disallow data races on gcc-10 as well scsi: iscsi: Fix a potential deadlock in the timeout handler Linux 4.4.224 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I384313d39dead8b0babb144803269033f4aacc53 |
||
|
Nathan Chancellor
|
1d6ad6def5 |
Merge 4.4.224 into android-msm-wahoo-4.4
Changes in 4.4.224: (87 commits)
USB: serial: qcserial: Add DW5816e support
Revert "net: phy: Avoid polling PHY with PHY_IGNORE_INTERRUPTS"
dp83640: reverse arguments to list_add_tail
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
sch_sfq: validate silly quantum values
sch_choke: avoid potential panic in choke_reset()
Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"
enic: do not overwrite error code
ipv6: fix cleanup ordering for ip6_mr failure
binfmt_elf: move brk out of mmap when doing direct loader exec
x86/apm: Don't access __preempt_count with zeroed fs
Revert "IB/ipoib: Update broadcast object if PKey value was changed in index 0"
USB: uas: add quirk for LaCie 2Big Quadra
USB: serial: garmin_gps: add sanity checking for data length
batman-adv: fix batadv_nc_random_weight_tq
scripts/decodecode: fix trapping instruction formatting
phy: micrel: Ensure interrupts are reenabled on resume
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ext4: add cond_resched() to ext4_protect_reserved_inode
net: ipv6: add net argument to ip6_dst_lookup_flow
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
blktrace: Fix potential deadlock between delete & sysfs ops
blktrace: fix unlocked access to init/start-stop/teardown
blktrace: fix trace mutex deadlock
blktrace: Protect q->blk_trace with RCU
blktrace: fix dereference after null check
ptp: do not explicitly set drvdata in ptp_clock_register()
ptp: use is_visible method to hide unused attributes
ptp: create "pins" together with the rest of attributes
chardev: add helper function to register char devs with a struct device
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
ptp: fix the race between the release of ptp_clock and cdev
ptp: free ptp device pin descriptors properly
net: handle no dst on skb in icmp6_send
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
net: moxa: Fix a potential double 'free_irq()'
drop_monitor: work around gcc-10 stringop-overflow warning
scsi: sg: add sg_remove_request in sg_write
spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
cifs: Check for timeout on Negotiate stage
cifs: Fix a race condition with cifs_echo_request
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
dmaengine: mmp_tdma: Reset channel error on release
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
net: openvswitch: fix csum updates for MPLS actions
gre: do not keep the GRE header around in collect medata mode
mm/memory_hotplug.c: fix overflow in test_pages_in_a_zone()
scsi: qla2xxx: Avoid double completion of abort command
i40e: avoid NVM acquire deadlock during NVM update
net/mlx5: Fix driver load error flow when firmware is stuck
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
IB/mlx4: Test return value of calls to ib_get_cached_pkey
pnp: Use list_for_each_entry() instead of open coding
gcc-10 warnings: fix low-hanging fruit
kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
Stop the ad-hoc games with -Wno-maybe-initialized
gcc-10: disable 'zero-length-bounds' warning for now
gcc-10: disable 'array-bounds' warning for now
gcc-10: disable 'stringop-overflow' warning for now
gcc-10: disable 'restrict' warning for now
block: defer timeouts to a workqueue
blk-mq: Allow timeouts to run while queue is freezing
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
blk-mq: Allow blocking queue tag iter callbacks
x86/paravirt: Remove the unused irq_enable_sysexit pv op
gcc-10: avoid shadowing standard library 'free()' in crypto
net: fix a potential recursive NETDEV_FEAT_CHANGE
net: ipv4: really enforce backoff for redirects
netlabel: cope with NULL catmap
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: rawmidi: Initialize allocated buffers
USB: gadget: fix illegal array access in binding with UDC
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
x86: Fix early boot crash on gcc-10, third try
exec: Move would_dump into flush_old_exec
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: legacy: fix error return code in cdc_bind()
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
ARM: dts: r8a7740: Add missing extal2 to CPG node
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
Makefile: disallow data races on gcc-10 as well
scsi: iscsi: Fix a potential deadlock in the timeout handler
Linux 4.4.224
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
kernel/trace/blktrace.c
sound/core/rawmidi.c
|
||
|
Vladis Dronov
|
6f5e3bb787 |
ptp: fix the race between the release of ptp_clock and cdev
commit a33121e5487b424339636b25c35d3a180eaa5f5e upstream.
In a case when a ptp chardev (like /dev/ptp0) is open but an underlying
device is removed, closing this file leads to a race. This reproduces
easily in a kvm virtual machine:
ts# cat openptp0.c
int main() { ... fp = fopen("/dev/ptp0", "r"); ... sleep(10); }
ts# uname -r
5.5.0-rc3-46cf053e
ts# cat /proc/cmdline
... slub_debug=FZP
ts# modprobe ptp_kvm
ts# ./openptp0 &
[1] 670
opened /dev/ptp0, sleeping 10s...
ts# rmmod ptp_kvm
ts# ls /dev/ptp*
ls: cannot access '/dev/ptp*': No such file or directory
ts# ...woken up
[ 48.010809] general protection fault: 0000 [#1] SMP
[ 48.012502] CPU: 6 PID: 658 Comm: openptp0 Not tainted 5.5.0-rc3-46cf053e #25
[ 48.014624] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...
[ 48.016270] RIP: 0010:module_put.part.0+0x7/0x80
[ 48.017939] RSP: 0018:ffffb3850073be00 EFLAGS: 00010202
[ 48.018339] RAX: 000000006b6b6b6b RBX: 6b6b6b6b6b6b6b6b RCX: ffff89a476c00ad0
[ 48.018936] RDX: fffff65a08d3ea08 RSI: 0000000000000247 RDI: 6b6b6b6b6b6b6b6b
[ 48.019470] ... ^^^ a slub poison
[ 48.023854] Call Trace:
[ 48.024050] __fput+0x21f/0x240
[ 48.024288] task_work_run+0x79/0x90
[ 48.024555] do_exit+0x2af/0xab0
[ 48.024799] ? vfs_write+0x16a/0x190
[ 48.025082] do_group_exit+0x35/0x90
[ 48.025387] __x64_sys_exit_group+0xf/0x10
[ 48.025737] do_syscall_64+0x3d/0x130
[ 48.026056] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 48.026479] RIP: 0033:0x7f53b12082f6
[ 48.026792] ...
[ 48.030945] Modules linked in: ptp i6300esb watchdog [last unloaded: ptp_kvm]
[ 48.045001] Fixing recursive fault but reboot is needed!
This happens in:
static void __fput(struct file *file)
{ ...
if (file->f_op->release)
file->f_op->release(inode, file); <<< cdev is kfree'd here
if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL &&
!(mode & FMODE_PATH))) {
cdev_put(inode->i_cdev); <<< cdev fields are accessed here
Namely:
__fput()
posix_clock_release()
kref_put(&clk->kref, delete_clock) <<< the last reference
delete_clock()
delete_ptp_clock()
kfree(ptp) <<< cdev is embedded in ptp
cdev_put
module_put(p->owner) <<< *p is kfree'd, bang!
Here cdev is embedded in posix_clock which is embedded in ptp_clock.
The race happens because ptp_clock's lifetime is controlled by two
refcounts: kref and cdev.kobj in posix_clock. This is wrong.
Make ptp_clock's sysfs device a parent of cdev with cdev_device_add()
created especially for such cases. This way the parent device with its
ptp_clock is not released until all references to the cdev are released.
This adds a requirement that an initialized but not exposed struct
device should be provided to posix_clock_register() by a caller instead
of a simple dev_t.
This approach was adopted from the commit 72139dfa2464 ("watchdog: Fix
the race between the release of watchdog_core_data and cdev"). See
details of the implementation in the commit 233ed09d7fda ("chardev: add
helper function to register char devs with a struct device").
Link: https://lore.kernel.org/linux-fsdevel/20191125125342.6189-1-vdronov@redhat.com/T/#u
Analyzed-by: Stephen Johnston <sjohnsto@redhat.com>
Analyzed-by: Vern Lovejoy <vlovejoy@redhat.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Nathan Chancellor
|
3b04238a2f |
Merge 4.4.214 into android-msm-wahoo-4.4
Changes in 4.4.214: (90 commits)
media: iguanair: fix endpoint sanity check
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
sparc32: fix struct ipc64_perm type definition
ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
cls_rsvp: fix rsvp_policy
net: hsr: fix possible NULL deref in hsr_handle_frame()
net_sched: fix an OOB access in cls_tcindex
tcp: clear tp->total_retrans in tcp_disconnect()
tcp: clear tp->segs_{in|out} in tcp_disconnect()
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
mfd: dln2: More sanity checking for endpoints
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
usb: gadget: legacy: set max_speed to super-speed
usb: gadget: f_ncm: Use atomic_t to track in-flight request
usb: gadget: f_ecm: Use atomic_t to track in-flight request
ALSA: dummy: Fix PCM format loop in proc output
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
mmc: spi: Toggle SPI polarity, do not hardcode it
PCI: keystone: Fix link training retries initiation
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
scsi: qla2xxx: Fix mtcp dump collection failure
power: supply: ltc2941-battery-gauge: fix use-after-free
Revert "ovl: modify ovl_permission() to do checks on two inodes"
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
dm space map common: fix to ensure new block isn't already in use
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
crypto: api - Fix race condition in crypto_spawn_alg
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
btrfs: set trans->drity in btrfs_commit_transaction
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
sunrpc: expiry_time should be seconds not timeval
KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
scsi: csiostor: Adjust indentation in csio_device_reset
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
ext2: Adjust indentation in ext2_fill_super
powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
NFC: pn544: Adjust indentation in pn544_hci_check_presence
ppp: Adjust indentation into ppp_async_input
net: smc911x: Adjust indentation in smc911x_phy_configure
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
mfd: da9062: Fix watchdog compatible string
mfd: rn5t618: Mark ADC control register volatile
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
bonding/alb: properly access headers in bond_alb_xmit()
NFS: Fix memory leaks and corruption in readdir
NFS: Fix bool initialization/comparison
NFS: Directory page cache pages need to be locked when read
Btrfs: fix assertion failure on fsync with NO_HOLES enabled
btrfs: remove trivial locking wrappers of tree mod log
Btrfs: fix race between adding and putting tree mod seq elements and nodes
drm: atmel-hlcdc: enable clock before configuring timing engine
KVM: x86: drop picdev_in_range()
KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
btrfs: flush write bio if we loop in extent_write_cache_pages
KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
KVM: nVMX: vmread should not set rflags to specify success in case of #PF
cifs: fail i/o on soft mounts if sessionsetup errors out
clocksource: Prevent double add_timer_on() for watchdog_timer
perf/core: Fix mlock accounting in perf_mmap()
ASoC: pcm: update FE/BE trigger order based on the command
scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
rtc: hym8563: Return -EINVAL if the time is known to be invalid
ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
ARM: dts: at91: sama5d3: define clock rate range for tcb1
powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW
pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
libertas: make lbs_ibss_join_existing() return error code on rates overflow
dm: fix potential for q->make_request_fn NULL pointer
Linux 4.4.214
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/of/Kconfig
|
||
|
Greg Kroah-Hartman
|
10d123aeb4 |
Merge 4.4.214 into android-4.4-p
Changes in 4.4.214
media: iguanair: fix endpoint sanity check
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
sparc32: fix struct ipc64_perm type definition
ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
cls_rsvp: fix rsvp_policy
net: hsr: fix possible NULL deref in hsr_handle_frame()
net_sched: fix an OOB access in cls_tcindex
tcp: clear tp->total_retrans in tcp_disconnect()
tcp: clear tp->segs_{in|out} in tcp_disconnect()
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
mfd: dln2: More sanity checking for endpoints
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
usb: gadget: legacy: set max_speed to super-speed
usb: gadget: f_ncm: Use atomic_t to track in-flight request
usb: gadget: f_ecm: Use atomic_t to track in-flight request
ALSA: dummy: Fix PCM format loop in proc output
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
mmc: spi: Toggle SPI polarity, do not hardcode it
PCI: keystone: Fix link training retries initiation
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
scsi: qla2xxx: Fix mtcp dump collection failure
power: supply: ltc2941-battery-gauge: fix use-after-free
Revert "ovl: modify ovl_permission() to do checks on two inodes"
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
dm space map common: fix to ensure new block isn't already in use
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
crypto: api - Fix race condition in crypto_spawn_alg
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
btrfs: set trans->drity in btrfs_commit_transaction
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
sunrpc: expiry_time should be seconds not timeval
KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
scsi: csiostor: Adjust indentation in csio_device_reset
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
ext2: Adjust indentation in ext2_fill_super
powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
NFC: pn544: Adjust indentation in pn544_hci_check_presence
ppp: Adjust indentation into ppp_async_input
net: smc911x: Adjust indentation in smc911x_phy_configure
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
mfd: da9062: Fix watchdog compatible string
mfd: rn5t618: Mark ADC control register volatile
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
bonding/alb: properly access headers in bond_alb_xmit()
NFS: Fix memory leaks and corruption in readdir
NFS: Fix bool initialization/comparison
NFS: Directory page cache pages need to be locked when read
Btrfs: fix assertion failure on fsync with NO_HOLES enabled
btrfs: remove trivial locking wrappers of tree mod log
Btrfs: fix race between adding and putting tree mod seq elements and nodes
drm: atmel-hlcdc: enable clock before configuring timing engine
KVM: x86: drop picdev_in_range()
KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
btrfs: flush write bio if we loop in extent_write_cache_pages
KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
KVM: nVMX: vmread should not set rflags to specify success in case of #PF
cifs: fail i/o on soft mounts if sessionsetup errors out
clocksource: Prevent double add_timer_on() for watchdog_timer
perf/core: Fix mlock accounting in perf_mmap()
ASoC: pcm: update FE/BE trigger order based on the command
scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
rtc: hym8563: Return -EINVAL if the time is known to be invalid
ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
ARM: dts: at91: sama5d3: define clock rate range for tcb1
powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW
pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
libertas: make lbs_ibss_join_existing() return error code on rates overflow
dm: fix potential for q->make_request_fn NULL pointer
Linux 4.4.214
Change-Id: I4c59fc6feb5cc34402bc8bbaf29f3d1debfe6951
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Konstantin Khlebnikov
|
d663366bee |
clocksource: Prevent double add_timer_on() for watchdog_timer
commit febac332a819f0e764aa4da62757ba21d18c182b upstream.
Kernel crashes inside QEMU/KVM are observed:
kernel BUG at kernel/time/timer.c:1154!
BUG_ON(timer_pending(timer) || !timer->function) in add_timer_on().
At the same time another cpu got:
general protection fault: 0000 [#1] SMP PTI of poinson pointer 0xdead000000000200 in:
__hlist_del at include/linux/list.h:681
(inlined by) detach_timer at kernel/time/timer.c:818
(inlined by) expire_timers at kernel/time/timer.c:1355
(inlined by) __run_timers at kernel/time/timer.c:1686
(inlined by) run_timer_softirq at kernel/time/timer.c:1699
Unfortunately kernel logs are badly scrambled, stacktraces are lost.
Printing the timer->function before the BUG_ON() pointed to
clocksource_watchdog().
The execution of clocksource_watchdog() can race with a sequence of
clocksource_stop_watchdog() .. clocksource_start_watchdog():
expire_timers()
detach_timer(timer, true);
timer->entry.pprev = NULL;
raw_spin_unlock_irq(&base->lock);
call_timer_fn
clocksource_watchdog()
clocksource_watchdog_kthread() or
clocksource_unbind()
spin_lock_irqsave(&watchdog_lock, flags);
clocksource_stop_watchdog();
del_timer(&watchdog_timer);
watchdog_running = 0;
spin_unlock_irqrestore(&watchdog_lock, flags);
spin_lock_irqsave(&watchdog_lock, flags);
clocksource_start_watchdog();
add_timer_on(&watchdog_timer, ...);
watchdog_running = 1;
spin_unlock_irqrestore(&watchdog_lock, flags);
spin_lock(&watchdog_lock);
add_timer_on(&watchdog_timer, ...);
BUG_ON(timer_pending(timer) || !timer->function);
timer_pending() -> true
BUG()
I.e. inside clocksource_watchdog() watchdog_timer could be already armed.
Check timer_pending() before calling add_timer_on(). This is sufficient as
all operations are synchronized by watchdog_lock.
Fixes:
|
||
|
lucaswei
|
abddbf054a |
Merge upstream-linux-4.4.y (4.4.210) into android-msm-wahoo-4.4-qt-lts
Linux 4.4.210
drm/i915/gen9: Clear residual context state on context switch
netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present
* netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
net/ipv4/netfilter/arp_tables.c
* USB: Fix: Don't skip endpoint descriptors with maxpacket=0
drivers/usb/core/config.c
rtl8xxxu: prevent leaking urb
scsi: bfa: release allocated memory in case of error
mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
* tty: always relink the port
drivers/tty/tty_port.c
* tty: link tty and port before configuring it as console
drivers/tty/serial/serial_core.c
drivers/tty/tty_port.c
staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21
usb: musb: dma: Correct parameter passed to IRQ handler
usb: musb: Disable pullup at init
USB: serial: option: add ZLP support for 0x1bc7/0x9010
staging: vt6656: set usb_set_intfdata on driver fail.
can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs
can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode
can: gs_usb: gs_usb_probe(): use descriptors of current altsetting
drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ
* Input: add safety guards to input_set_keycode()
drivers/input/input.c
* HID: hid-input: clear unmapped usages
drivers/hid/hid-input.c
* HID: uhid: Fix returning EPOLLOUT from uhid_char_poll
drivers/hid/uhid.c
* HID: Fix slab-out-of-bounds read in hid_field_extract
drivers/hid/hid-core.c
tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined
kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail
* ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5
sound/usb/quirks.c
usb: chipidea: host: Disable port power only if previously enabled
* chardev: Avoid potential use-after-free in 'chrdev_open()'
fs/char_dev.c
* kobject: Export kobject_get_unless_zero()
include/linux/kobject.h
lib/kobject.c
Linux 4.4.209
USB: serial: option: add Telit ME910G1 0x110a composition
* USB: core: fix check for duplicate endpoints
drivers/usb/core/config.c
* macvlan: do not assume mac_header is set in macvlan_broadcast()
include/linux/if_ether.h
vxlan: fix tos value before xmit
vlan: fix memory leak in vlan_dev_set_egress_priority
vlan: vlan_changelink() should propagate errors
* tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
net/ipv4/tcp_input.c
sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY
pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM
net: usb: lan78xx: fix possible skb leak
net: stmmac: dwmac-sunxi: Allow all RGMII modes
llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c)
parisc: Fix compiler warnings in debug_core.c
* kconfig: don't crash on NULL expressions in expr_eq()
scripts/kconfig/expr.c
regulator: rn5t618: fix module aliases
ASoC: wm8962: fix lambda value
* rfkill: Fix incorrect check to avoid NULL pointer dereference
net/rfkill/core.c
net: usb: lan78xx: Fix error message format specifier
bnx2x: Fix logic to get total no. of PFs per engine
bnx2x: Do not handle requests from VFs after parity
powerpc: Ensure that swiotlb buffer is allocated from low memory
ARM: dts: am437x-gp/epos-evm: fix panel compatible
netfilter: uapi: Avoid undefined left-shift in xt_sctp.h
ARM: vexpress: Set-up shared OPP table instead of individual for each CPU
* netfilter: ctnetlink: netns exit must wait for callbacks
net/netfilter/nf_conntrack_netlink.c
locking/spinlock/debug: Fix various data races
* pstore/ram: Write new dumps to start of recycled zones
fs/pstore/ram.c
locking/x86: Remove the unused atomic_inc_short() methd
s390/smp: fix physical to logical CPU map for SMT
* net: add annotations on hh->hh_len lockless accesses
include/net/neighbour.h
net/core/neighbour.c
net/ethernet/eth.c
ath9k_htc: Discard undersized packets
ath9k_htc: Modify byte order for an error message
powerpc/pseries/hvconsole: Fix stack overread via udbg
drm/mst: Fix MST sideband up-reply failure handling
* tty: serial: msm_serial: Fix lockup for sysrq and oops
drivers/tty/serial/msm_serial.c
* Bluetooth: delete a stray unlock
net/bluetooth/l2cap_core.c
Bluetooth: btusb: fix PM leak in error case of setup
ftrace: Avoid potential division by zero in function profiler
ALSA: cs4236: fix error return comparison of an unsigned integer
* gpiolib: fix up emulated open drain outputs
drivers/gpio/gpiolib.c
* compat_ioctl: block: handle Persistent Reservations
block/compat_ioctl.c
* dmaengine: Fix access to uninitialized dma_slave_caps
include/linux/dmaengine.h
* locks: print unsigned ino in /proc/locks
fs/locks.c
MIPS: Avoid VDSO ABI breakage due to global register variable
ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
Revert "perf report: Add warning when libunwind not compiled in"
* taskstats: fix data-race
kernel/taskstats.c
xfs: fix mount failure crash on invalid iclog memory access
xen/balloon: fix ballooned page accounting without hotplug enabled
s390/cpum_sf: Avoid SBD overflow condition in irq handler
s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
md: raid1: check rdev before reference in raid1_sync_request func
usb: gadget: fix wrong endpoint desc
scsi: libsas: stop discovering if oob mode is disconnected
scsi: iscsi: qla4xxx: fix double free in probe
scsi: qla2xxx: Don't call qlt_async_event twice
scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
RDMA/cma: add missed unregister_pernet_subsys in init failure
* PM / devfreq: Don't fail devfreq_dev_release if not in list
drivers/devfreq/devfreq.c
Linux 4.4.208
* tcp: do not send empty skb from tcp_write_xmit()
net/ipv4/tcp_output.c
mmc: sdhci: Update the tuning failed messages to pr_debug level
* hrtimer: Annotate lockless access to timer->state
include/linux/hrtimer.h
kernel/time/hrtimer.c
* net: icmp: fix data-race in cmp_global_allow()
net/ipv4/icmp.c
netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
6pack,mkiss: fix possible deadlock
* netfilter: ebtables: compat: reject all padding in matches/watchers
net/bridge/netfilter/ebtables.c
net: davinci_cpdma: use dma_addr_t for DMA address
* filldir[64]: remove WARN_ON_ONCE() for bad directory entries
fs/readdir.c
* Make filldir[64]() verify the directory entry filename is valid
fs/readdir.c
ALSA: hda - Downgrade error message for single-cmd fallback
* kernel: sysctl: make drop_caches write-only
kernel/sysctl.c
ocfs2: fix passing zero to 'PTR_ERR' warning
s390/cpum_sf: Check for SDBT and SDB consistency
* libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h
include/linux/libfdt_env.h
perf regs: Make perf_reg_name() return "unknown" instead of NULL
cdrom: respect device capabilities during opening action
* scripts/kallsyms: fix definitely-lost memory leak
scripts/kallsyms.c
gpio: mpc8xxx: Don't overwrite default irq_set_type callback
scsi: target: iscsi: Wait for all commands to finish before freeing a session
scsi: pm80xx: Fix for SATA device discovery
* ext4: work around deleting a file with i_nlink == 0 safely
fs/ext4/namei.c
* HID: Improve Windows Precision Touchpad detection.
drivers/hid/hid-core.c
bcache: at least try to shrink 1 node in bch_mca_scan()
clk: pxa: fix one of the pxa RTC clocks
powerpc/security: Fix wrong message when RFI Flush is disable
powerpc/pseries/cmm: Implement release() function for sysfs device
* scsi: ufs: fix potential bug which ends in system hang
drivers/scsi/ufs/ufshcd.c
scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
* fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long
fs/quota/dquot.c
include/linux/quota.h
irqchip: ingenic: Error out if IRQ domain creation failed
irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary
clk: qcom: Allow constant ratio freq tables for rcg
scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
* scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6)
drivers/scsi/scsi_trace.c
* jbd2: Fix statistics for the number of logged blocks
fs/jbd2/commit.c
powerpc/security/book3s64: Report L1TF status in sysfs
clocksource/drivers/asm9260: Add a check for of_clk_get
dma-debug: add a schedule point in debug_dma_dump_mappings()
powerpc/pseries: Mark accumulate_stolen_time() as notrace
scsi: csiostor: Don't enable IRQs too early
scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
scsi: target: compare full CHAP_A Algorithm strings
iommu/tegra-smmu: Fix page tables in > 4 GiB memory
Input: atmel_mxt_ts - disable IRQ across suspend
scsi: lpfc: Fix locking on mailbox command completion
scsi: mpt3sas: Fix clear pending bit in ioctl status
perf probe: Fix to show function entry line as probe-able
mmc: sdhci-of-esdhc: fix P2020 errata handling
powerpc/irq: fix stack overflow verification
* ext4: check for directory entries too close to block end
fs/ext4/dir.c
staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes
USB: EHCI: Do not return -EPIPE when hub is disconnected
usbip: Fix error path of vhci_recv_ret_submit()
* net: dst: Force 4-byte alignment of dst_metrics
include/net/dst.h
sctp: fully initialize v4 addr in some functions
net: usb: lan78xx: Fix suspend/resume PHY register access error
net: qlogic: Fix error paths in ql_alloc_large_buffers()
net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive()
net: hisilicon: Fix a BUG trigered by wrong bytes_compl
* mod_devicetable: fix PHY module format
include/linux/mod_devicetable.h
fjes: fix missed check in fjes_acpi_add
* af_packet: set defaule value for tmo
net/packet/af_packet.c
* ALSA: pcm: Avoid possible info leaks from PCM stream buffers
sound/core/pcm_native.c
Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues
btrfs: abort transaction after failed inode updates in create_subvol
btrfs: return error pointer from alloc_test_extent_buffer
btrfs: do not call synchronize_srcu() in inode_tree_del
* usb: xhci: Fix build warning seen with CONFIG_PM=n
drivers/usb/host/xhci-pci.c
Revert "mmc: sdhci: Fix incorrect switch to HS mode"
* net: phy: initialise phydev speed and duplex sanely
drivers/net/phy/phy_device.c
libtraceevent: Fix memory leakage in copy_filter_type
crypto: vmx - Avoid weird build failures
crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
fbtft: Make sure string is NULL terminated
iwlwifi: check kasprintf() return value
btrfs: don't prematurely free work in end_workqueue_fn()
spi: tegra20-slink: add missed clk_unprepare
x86/crash: Add a forward declaration of struct kimage
* cpufreq: Register drivers only after CPU devices have been registered
drivers/cpufreq/cpufreq.c
parport: load lowlevel driver if ports not found
ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
spi: pxa2xx: Add missed security checks
EDAC/ghes: Fix grain calculation
media: si470x-i2c: add missed operations in remove
media: pvrusb2: Fix oops on tear-down when radio support is not present
ath10k: fix get invalid tx rate for Mesh metric
perf probe: Filter out instances except for inlined subroutine and subprogram
perf probe: Skip end-of-sequence and non statement lines
perf probe: Fix to show calling lines of inlined functions
perf probe: Return a better scope DIE if there is no best scope
perf probe: Skip overlapped location on searching variables
perf probe: Fix to show inlined function callsite without entry_pc
perf probe: Fix to show ranges of variables in functions without entry_pc
perf probe: Fix to probe an inline function which has no entry pc
perf probe: Walk function lines in lexical blocks
perf probe: Fix to list probe event with correct line number
perf probe: Fix to find range-only function instance
rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
spi: img-spfi: fix potential double release
bnx2x: Fix PF-VF communication over multi-cos queues.
pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B
libata: Ensure ata_port probe has completed before detach
* arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill()
arch/arm64/kernel/psci.c
x86/ioapic: Prevent inconsistent state when moving an interrupt
drm/gma500: fix memory disclosures due to uninitialized bytes
* Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
net/bluetooth/hci_core.c
iio: adc: max1027: Reset the device at probe time
perf report: Add warning when libunwind not compiled in
x86/mm: Use the correct function type for native_set_fixmap()
extcon: sm5502: Reset registers during initialization
media: ti-vpe: vpe: Make sure YUYV is set as default format
media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number
media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format
mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
samples: pktgen: fix proc_cmd command result check logic
media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe()
hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
usb: renesas_usbhs: add suspend event support in gadget mode
tools/power/cpupower: Fix initializer override in hsw_ext_cstates
media: ov6650: Fix stored frame format not in sync with hardware
media: i2c: ov2659: Fix missing 720p register config
media: i2c: ov2659: fix s_stream return value
media: am437x-vpfe: Setting STD to current value is not an error
IB/iser: bound protection_sg size by data_sg size
rtlwifi: prevent memory leak in rtl_usb_probe
staging: rtl8188eu: fix possible null dereference
* spi: Add call to spi_slave_abort() function when spidev driver is released
drivers/spi/spidev.c
iio: light: bh1750: Resolve compiler warning and make code more readable
drm: mst: Fix query_payload ack reply struct
ALSA: hda/ca0132 - Avoid endless loop
ALSA: hda/ca0132 - Keep power on during processing DSP response
btrfs: handle ENOENT in btrfs_uuid_tree_iterate
btrfs: do not leak reloc root if we fail to read the fs root
Linux 4.4.207
net: stmmac: don't stop NAPI processing when dropping a packet
net: stmmac: use correct DMA buffer size in the RX descriptor
* xhci: fix USB3 device initiated resume race with roothub autosuspend
drivers/usb/host/xhci-hub.c
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.h
drm/radeon: fix r1xx/r2xx register checker for POT textures
dm btree: increase rebalance threshold in __rebalance2()
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
ARM: dts: s3c64xx: Fix init order of clock providers
CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
xtensa: fix TLB sanity checker
* PCI/MSI: Fix incorrect MSI-X masking on resume
drivers/pci/msi.c
* PCI: Fix Intel ACS quirk UPDCR register address
drivers/pci/quirks.c
net: ethernet: ti: cpsw: fix extra rx interrupt
* tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
include/net/tcp.h
* tcp: tighten acceptance of ACKs not matching a child socket
include/net/tcp.h
* tcp: fix rejected syncookies due to stale timestamps
include/linux/time.h
include/net/tcp.h
* inet: protect against too small mtu values.
include/linux/netdevice.h
include/net/ip.h
net/core/dev.c
net/ipv4/devinet.c
net/ipv4/ip_output.c
tipc: fix ordering of tipc module init and exit routine
* tcp: md5: fix potential overestimation of TCP option space
net/ipv4/tcp_output.c
* net: bridge: deny dev_set_mac_address() when unregistering
net/bridge/br_device.c
* kernel/module.c: wakeup processes in module_wq on module unload
kernel/module.c
sunrpc: fix crash when cache_head become valid before update
* workqueue: Fix missing kfree(rescuer) in destroy_workqueue()
kernel/workqueue.c
* blk-mq: make sure that line break can be printed
block/blk-mq-sysfs.c
* mm/shmem.c: cast the type of unmap_start to u64
mm/shmem.c
powerpc: Fix vDSO clock_getres()
scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value
scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()
scsi: qla2xxx: Fix DMA unmap leak
pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init
ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity
x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models
e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait
scsi: lpfc: Cap NPIV vports to 256
Btrfs: fix negative subv_writers counter and data space leak after buffered write
iio: adis16480: Add debugfs_reg_access entry
* xhci: make sure interrupts are restored to correct state
drivers/usb/host/xhci-hub.c
* xhci: Fix memory leak in xhci_add_in_port()
drivers/usb/host/xhci-mem.c
* usb: xhci: only set D3hot for pci device
drivers/usb/host/xhci-pci.c
drivers/usb/host/xhci.c
drivers/usb/host/xhci.h
scsi: zfcp: trace channel log even for FCP command responses
* quota: fix livelock in dquot_writeback_dquots
fs/quota/dquot.c
* quota: Check that quota is not dirty before release
fs/quota/dquot.c
include/linux/quotaops.h
video/hdmi: Fix AVI bar unpack
powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB
pinctrl: samsung: Fix device node refcount leaks in init code
pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init
* ACPI: PM: Avoid attaching ACPI PM domain to certain devices
drivers/acpi/device_pm.c
* ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data()
drivers/acpi/bus.c
* ACPI: OSL: only free map once in osl.c
drivers/acpi/osl.c
* cpuidle: Do not unset the driver if it is there already
drivers/cpuidle/driver.c
media: radio: wl1273: fix interrupt masking on release
media: bdisp: fix memleak on release
ar5523: check NULL before memcpy() in ar5523_cmd()
cgroup: pids: use atomic64_t for pids->limit
* blk-mq: avoid sysfs buffer overflow with too many CPU cores
block/blk-mq-sysfs.c
* ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report
sound/soc/soc-jack.c
* workqueue: Fix pwq ref leak in rescuer_thread()
kernel/workqueue.c
* workqueue: Fix spurious sanity check failures in destroy_workqueue()
kernel/workqueue.c
lib: raid6: fix awk build warnings
rtlwifi: rtl8192de: Fix missing enable interrupt flag
rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer
rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address
btrfs: Remove btrfs_bio::flags member
btrfs: check page->mapping when loading free space cache
virtio-balloon: fix managed page counts when migrating pages between zones
mtd: spear_smi: Fix Write Burst mode
usb: mon: Fix a deadlock in usbmon between mmap and read
* usb: core: urb: fix URB structure initialization function
drivers/usb/core/urb.c
USB: adutux: fix interface sanity check
USB: serial: io_edgeport: fix epic endpoint lookup
USB: idmouse: fix interface sanity checks
USB: atm: ueagle-atm: add missing endpoint check
iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting
* xhci: Increase STS_HALT timeout in xhci_suspend()
drivers/usb/host/xhci.c
staging: gigaset: add endpoint-type sanity check
staging: gigaset: fix illegal free on probe errors
staging: gigaset: fix general protection fault on probe
staging: rtl8712: fix interface sanity check
staging: rtl8188eu: fix interface sanity check
* usb: Allow USB device to be warm reset in suspended state
drivers/usb/core/hub.c
* usb: gadget: configfs: Fix missing spin_lock_init()
drivers/usb/gadget/configfs.c
* fs/proc/array.c: allow reporting eip/esp for all coredumping threads
fs/proc/array.c
* proc: fix coredump vs read /proc/*/stat race
fs/proc/array.c
* fs/proc: Report eip/esp in /prod/PID/stat for coredumping
fs/proc/array.c
* fs/proc: Stop reporting eip and esp in /proc/PID/stat
fs/proc/array.c
* sched/core, x86: Make struct thread_info arch specific again
include/linux/thread_info.h
* sched/core: Add try_get_task_stack() and put_task_stack()
include/linux/sched.h
init/Kconfig
* sched/core: Allow putting thread_info into task_struct
include/linux/init_task.h
include/linux/sched.h
include/linux/thread_info.h
init/Kconfig
init/init_task.c
kernel/sched/sched.h
ALSA: hda - Fix pending unsol events at shutdown
appletalk: Set error code if register_snap_client failed
* appletalk: Fix potential NULL pointer dereference in unregister_snap_client
include/linux/atalk.h
KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
* thermal: Fix deadlock in thermal thermal_zone_device_check
drivers/thermal/thermal_core.c
RDMA/qib: Validate ->show()/store() callbacks before calling them
spi: atmel: Fix CS high support
crypto: user - fix memory leak in crypto_report
crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr
KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES
KVM: x86: do not modify masked bits of shared MSRs
drm/i810: Prevent underflow in ioctl
* jbd2: Fix possible overflow in jbd2_log_space_left()
include/linux/jbd2.h
can: slcan: Fix use-after-free Read in slcan_open
tty: vt: keyboard: reject invalid keycodes
CIFS: Fix SMB2 oplock break processing
CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks
Input: goodix - add upside-down quirk for Teclast X89 tablet
ALSA: pcm: oss: Avoid potential buffer overflows
* fuse: verify attributes
fs/fuse/dir.c
fs/fuse/fuse_i.h
* fuse: verify nlink
fs/fuse/dir.c
* sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision
kernel/sched/fair.c
ARM: dts: sunxi: Fix PMU compatible strings
mlx4: Use snprintf instead of complicated strcpy
nfsd: Return EPERM, not EACCES, in some SETATTR cases
MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition
powerpc/math-emu: Update macros from GCC
dlm: fix invalid cluster name warning
ARM: dts: pxa: clean up USB controller nodes
* kbuild: fix single target build for external module
Makefile
* modpost: skip ELF local symbols during section mismatch check
scripts/mod/modpost.c
* tcp: fix off-by-one bug on aborting window-probing socket
net/ipv4/tcp_timer.c
ARM: dts: mmp2: fix the gpio interrupt cell number
net/x25: fix null_x25_address handling
net/x25: fix called/calling length calculation in x25_parse_address_block
ARM: OMAP1/2: fix SoC name printing
nfsd: fix a warning in __cld_pipe_upcall()
dlm: NULL check before kmem_cache_destroy is not needed
i2c: imx: don't print error message on probe defer
serial: imx: fix error handling in console_setup
altera-stapl: check for a null key before strcasecmp'ing it
* dma-mapping: fix return type of dma_set_max_seg_size()
include/linux/dma-mapping.h
* ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion()
include/linux/acpi.h
dmaengine: coh901318: Remove unused variable
dmaengine: coh901318: Fix a double-lock bug
ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module
rtc: dt-binding: abx80x: fix resistance scale
rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()'
math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning
MIPS: OCTEON: octeon-platform: fix typing
* regulator: Fix return value of _set_load() stub
include/linux/regulator/consumer.h
Staging: iio: adt7316: Fix i2c data reading, set the data field
pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues
scsi: zfcp: drop default switch case which might paper over missing case
MIPS: SiByte: Enable ZONE_DMA32 for LittleSur
dlm: fix missing idr_destroy for recover_idr
clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering
clk: rockchip: fix rk3188 sclk_smc gate data
extcon: max8997: Fix lack of path setting in USB device mode
ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+
iwlwifi: mvm: Send non offchannel traffic via AP sta
* serial: core: Allow processing sysrq at port unlock time
include/linux/serial_core.h
net: ep93xx_eth: fix mismatch of request_mem_region in remove
rsxx: add missed destroy_workqueue calls in remove
* ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed()
sound/core/pcm_lib.c
Input: cyttsp4_core - fix use after free bug
NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error
autofs: fix a leak in autofs_expire_indirect()
serial: ifx6x60: add missed pm_runtime_disable
* serial: serial_core: Perform NULL checks for break_ctl ops
drivers/tty/serial/serial_core.c
x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect
* tty: serial: msm_serial: Fix flow control
drivers/tty/serial/msm_serial.c
usb: gadget: u_serial: add missing port entry locking
x86/apic/32: Avoid bogus LDR warnings
Linux 4.4.206
platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer
hwrng: stm32 - fix unbalanced pm_runtime_enable
* HID: core: check whether Usage Page item is after Usage ID items
drivers/hid/hid-core.c
* net: sched: fix `tc -s class show` no bstats on class with nolock subqueues
net/sched/sch_mq.c
net/sched/sch_multiq.c
net/sched/sch_prio.c
tipc: fix link name length check
openvswitch: remove another BUG_ON()
openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
slip: Fix use-after-free Read in slip_open
openvswitch: fix flow command message size
macvlan: schedule bc_work even if error
* pwm: Clear chip_data in pwm_put()
drivers/pwm/core.c
net: macb: fix error format in dev_err()
* media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE
drivers/media/v4l2-core/v4l2-ctrls.c
mei: bus: prefix device names on bus with the bus name
USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
staging: rtl8192e: fix potential use after free
mtd: Remove a debug trace in mtdpart.c
powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
scsi: libsas: Check SMP PHY control function result
ACPI / APEI: Switch estatus pool to use vmalloc memory
scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery
* net: dev: Use unsigned integer as an argument to left-shift
include/linux/netdevice.h
* net: fix possible overflow in __sk_mem_raise_allocated()
include/net/sock.h
net/core/sock.c
sfc: initialise found bitmap in efx_ef10_mtd_probe
tipc: fix skb may be leaky in tipc_link_input
decnet: fix DN_IFREQ_SIZE
sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
* net/core/neighbour: fix kmemleak minimal reference count for hash tables
net/core/neighbour.c
* net/core/neighbour: tell kmemleak about hash tables
net/core/neighbour.c
tipc: fix memory leak in tipc_nl_compat_publ_dump
mtd: Check add_mtd_device() ret code
* lib/genalloc.c: include vmalloc.h
lib/genalloc.c
* lib/genalloc.c: use vzalloc_node() to allocate the bitmap
lib/genalloc.c
ocfs2: clear journal dirty flag after shutdown journal
tipc: fix a missing check of genlmsg_put
atl1e: checking the status of atl1e_write_phy_reg
net: stmicro: fix a missing check of clk_prepare
um: Make GCOV depend on !KCOV
* net/net_namespace: Check the return value of register_pernet_subsys()
net/core/net_namespace.c
regulator: tps65910: fix a missing check of return value
drbd: fix print_st_err()'s prototype to match the definition
drbd: reject attach of unsuitable uuids even if connected
powerpc/44x/bamboo: Fix PCI range
powerpc/mm: Make NULL pointer deferences explicit on bad page faults.
powerpc/prom: fix early DEBUG messages
ath6kl: Fix off by one error in scan completion
ath6kl: Only use match sets when firmware supports it
scsi: csiostor: fix incorrect dma device in case of vport
scsi: qla2xxx: deadlock by configfs_depend_item
RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer
openrisc: Fix broken paths to arch/or32
serial: max310x: Fix tx_empty() callback
drivers/regulator: fix a missing check of return value
powerpc/xmon: fix dump_segments()
powerpc/book3s/32: fix number of bats in p/v_block_mapped()
IB/qib: Fix an error code in qib_sdma_verbs_send()
xfs: Align compat attrlist_by_handle with native implementation.
gfs2: take jdata unstuff into account in do_grow
HID: doc: fix wrong data structure reference for UHID_OUTPUT
pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10
pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration
KVM: s390: unregister debug feature on failing arch init
xen/pciback: Check dev_data before using it
btrfs: only track ref_heads in delayed_ref_updates
VSOCK: bind to random port for VMADDR_PORT_ANY
* gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB
include/linux/gpio/consumer.h
microblaze: move "... is ready" messages to arch/microblaze/Makefile
microblaze: adjust the help to the real behavior
ubi: Do not drop UBI device reference before using
ubi: Put MTD device after it is not used
xfs: require both realtime inodes to mount
rtl818x: fix potential use after free
mwifiex: debugfs: correct histogram spacing, formatting
mwifiex: fix potential NULL dereference and use after free
crypto: user - support incremental algorithm dumps
* ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
drivers/acpi/acpi_lpss.c
ARM: ks8695: fix section mismatch warning
PM / AVS: SmartReflex: NULL check before some freeing functions is not needed
* arm64: smp: Handle errors reported by the firmware
arch/arm64/kernel/smp.c
parisc: Fix HP SDC hpa address output
parisc: Fix serio address output
ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication
ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed
scsi: lpfc: Fix dif and first burst use in write commands
block: drbd: remove a stray unlock in __drbd_send_protocol()
scripts/gdb: fix debugging modules compiled with hot/cold partitioning
can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
can: peak_usb: report bus recovery as well
* reset: fix reset_control_ops kerneldoc comment
include/linux/reset-controller.h
clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume
ASoC: kirkwood: fix external clock probe defer
* ASoC: compress: fix unsigned integer overflow check
sound/core/compress_offload.c
Change-Id: I42d8f774ccf01ac4a21979a591c760175e809353
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Greg Kroah-Hartman
|
5ddfe4cd13 |
Merge 4.4.208 into android-4.4-p
Changes in 4.4.208 btrfs: do not leak reloc root if we fail to read the fs root btrfs: handle ENOENT in btrfs_uuid_tree_iterate ALSA: hda/ca0132 - Keep power on during processing DSP response ALSA: hda/ca0132 - Avoid endless loop drm: mst: Fix query_payload ack reply struct iio: light: bh1750: Resolve compiler warning and make code more readable spi: Add call to spi_slave_abort() function when spidev driver is released staging: rtl8188eu: fix possible null dereference rtlwifi: prevent memory leak in rtl_usb_probe IB/iser: bound protection_sg size by data_sg size media: am437x-vpfe: Setting STD to current value is not an error media: i2c: ov2659: fix s_stream return value media: i2c: ov2659: Fix missing 720p register config media: ov6650: Fix stored frame format not in sync with hardware tools/power/cpupower: Fix initializer override in hsw_ext_cstates usb: renesas_usbhs: add suspend event support in gadget mode hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() samples: pktgen: fix proc_cmd command result check logic mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number media: ti-vpe: vpe: Make sure YUYV is set as default format extcon: sm5502: Reset registers during initialization x86/mm: Use the correct function type for native_set_fixmap() perf report: Add warning when libunwind not compiled in iio: adc: max1027: Reset the device at probe time Bluetooth: hci_core: fix init for HCI_USER_CHANNEL drm/gma500: fix memory disclosures due to uninitialized bytes x86/ioapic: Prevent inconsistent state when moving an interrupt arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() libata: Ensure ata_port probe has completed before detach pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B bnx2x: Fix PF-VF communication over multi-cos queues. spi: img-spfi: fix potential double release rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() perf probe: Fix to find range-only function instance perf probe: Fix to list probe event with correct line number perf probe: Walk function lines in lexical blocks perf probe: Fix to probe an inline function which has no entry pc perf probe: Fix to show ranges of variables in functions without entry_pc perf probe: Fix to show inlined function callsite without entry_pc perf probe: Skip overlapped location on searching variables perf probe: Return a better scope DIE if there is no best scope perf probe: Fix to show calling lines of inlined functions perf probe: Skip end-of-sequence and non statement lines perf probe: Filter out instances except for inlined subroutine and subprogram ath10k: fix get invalid tx rate for Mesh metric media: pvrusb2: Fix oops on tear-down when radio support is not present media: si470x-i2c: add missed operations in remove EDAC/ghes: Fix grain calculation spi: pxa2xx: Add missed security checks ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile parport: load lowlevel driver if ports not found cpufreq: Register drivers only after CPU devices have been registered x86/crash: Add a forward declaration of struct kimage spi: tegra20-slink: add missed clk_unprepare btrfs: don't prematurely free work in end_workqueue_fn() iwlwifi: check kasprintf() return value fbtft: Make sure string is NULL terminated crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c crypto: vmx - Avoid weird build failures libtraceevent: Fix memory leakage in copy_filter_type net: phy: initialise phydev speed and duplex sanely Revert "mmc: sdhci: Fix incorrect switch to HS mode" usb: xhci: Fix build warning seen with CONFIG_PM=n btrfs: do not call synchronize_srcu() in inode_tree_del btrfs: return error pointer from alloc_test_extent_buffer btrfs: abort transaction after failed inode updates in create_subvol Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues ALSA: pcm: Avoid possible info leaks from PCM stream buffers af_packet: set defaule value for tmo fjes: fix missed check in fjes_acpi_add mod_devicetable: fix PHY module format net: hisilicon: Fix a BUG trigered by wrong bytes_compl net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() net: qlogic: Fix error paths in ql_alloc_large_buffers() net: usb: lan78xx: Fix suspend/resume PHY register access error sctp: fully initialize v4 addr in some functions net: dst: Force 4-byte alignment of dst_metrics usbip: Fix error path of vhci_recv_ret_submit() USB: EHCI: Do not return -EPIPE when hub is disconnected platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value ext4: check for directory entries too close to block end powerpc/irq: fix stack overflow verification mmc: sdhci-of-esdhc: fix P2020 errata handling perf probe: Fix to show function entry line as probe-able scsi: mpt3sas: Fix clear pending bit in ioctl status scsi: lpfc: Fix locking on mailbox command completion Input: atmel_mxt_ts - disable IRQ across suspend iommu/tegra-smmu: Fix page tables in > 4 GiB memory scsi: target: compare full CHAP_A Algorithm strings scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices scsi: csiostor: Don't enable IRQs too early powerpc/pseries: Mark accumulate_stolen_time() as notrace dma-debug: add a schedule point in debug_dma_dump_mappings() clocksource/drivers/asm9260: Add a check for of_clk_get powerpc/security/book3s64: Report L1TF status in sysfs jbd2: Fix statistics for the number of logged blocks scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow clk: qcom: Allow constant ratio freq tables for rcg irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary irqchip: ingenic: Error out if IRQ domain creation failed fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences scsi: ufs: fix potential bug which ends in system hang powerpc/pseries/cmm: Implement release() function for sysfs device powerpc/security: Fix wrong message when RFI Flush is disable clk: pxa: fix one of the pxa RTC clocks bcache: at least try to shrink 1 node in bch_mca_scan() HID: Improve Windows Precision Touchpad detection. ext4: work around deleting a file with i_nlink == 0 safely scsi: pm80xx: Fix for SATA device discovery scsi: target: iscsi: Wait for all commands to finish before freeing a session gpio: mpc8xxx: Don't overwrite default irq_set_type callback scripts/kallsyms: fix definitely-lost memory leak cdrom: respect device capabilities during opening action perf regs: Make perf_reg_name() return "unknown" instead of NULL libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h s390/cpum_sf: Check for SDBT and SDB consistency ocfs2: fix passing zero to 'PTR_ERR' warning kernel: sysctl: make drop_caches write-only ALSA: hda - Downgrade error message for single-cmd fallback Make filldir[64]() verify the directory entry filename is valid filldir[64]: remove WARN_ON_ONCE() for bad directory entries net: davinci_cpdma: use dma_addr_t for DMA address netfilter: ebtables: compat: reject all padding in matches/watchers 6pack,mkiss: fix possible deadlock netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() net: icmp: fix data-race in cmp_global_allow() hrtimer: Annotate lockless access to timer->state mmc: sdhci: Update the tuning failed messages to pr_debug level tcp: do not send empty skb from tcp_write_xmit() Linux 4.4.208 Change-Id: I1c710061be5b595f822b45a87d852b85512d7783 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Dumazet
|
8f9fc3e649 |
hrtimer: Annotate lockless access to timer->state
commit 56144737e67329c9aaed15f942d46a6302e2e3d8 upstream. syzbot reported various data-race caused by hrtimer_is_queued() reading timer->state. A READ_ONCE() is required there to silence the warning. Also add the corresponding WRITE_ONCE() when timer->state is set. In remove_hrtimer() the hrtimer_is_queued() helper is open coded to avoid loading timer->state twice. KCSAN reported these cases: BUG: KCSAN: data-race in __remove_hrtimer / tcp_pacing_check write to 0xffff8880b2a7d388 of 1 bytes by interrupt on cpu 0: __remove_hrtimer+0x52/0x130 kernel/time/hrtimer.c:991 __run_hrtimer kernel/time/hrtimer.c:1496 [inline] __hrtimer_run_queues+0x250/0x600 kernel/time/hrtimer.c:1576 hrtimer_run_softirq+0x10e/0x150 kernel/time/hrtimer.c:1593 __do_softirq+0x115/0x33f kernel/softirq.c:292 run_ksoftirqd+0x46/0x60 kernel/softirq.c:603 smpboot_thread_fn+0x37d/0x4a0 kernel/smpboot.c:165 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352 read to 0xffff8880b2a7d388 of 1 bytes by task 24652 on cpu 1: tcp_pacing_check net/ipv4/tcp_output.c:2235 [inline] tcp_pacing_check+0xba/0x130 net/ipv4/tcp_output.c:2225 tcp_xmit_retransmit_queue+0x32c/0x5a0 net/ipv4/tcp_output.c:3044 tcp_xmit_recovery+0x7c/0x120 net/ipv4/tcp_input.c:3558 tcp_ack+0x17b6/0x3170 net/ipv4/tcp_input.c:3717 tcp_rcv_established+0x37e/0xf50 net/ipv4/tcp_input.c:5696 tcp_v4_do_rcv+0x381/0x4e0 net/ipv4/tcp_ipv4.c:1561 sk_backlog_rcv include/net/sock.h:945 [inline] __release_sock+0x135/0x1e0 net/core/sock.c:2435 release_sock+0x61/0x160 net/core/sock.c:2951 sk_stream_wait_memory+0x3d7/0x7c0 net/core/stream.c:145 tcp_sendmsg_locked+0xb47/0x1f30 net/ipv4/tcp.c:1393 tcp_sendmsg+0x39/0x60 net/ipv4/tcp.c:1434 inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg+0x9f/0xc0 net/socket.c:657 BUG: KCSAN: data-race in __remove_hrtimer / __tcp_ack_snd_check write to 0xffff8880a3a65588 of 1 bytes by interrupt on cpu 0: __remove_hrtimer+0x52/0x130 kernel/time/hrtimer.c:991 __run_hrtimer kernel/time/hrtimer.c:1496 [inline] __hrtimer_run_queues+0x250/0x600 kernel/time/hrtimer.c:1576 hrtimer_run_softirq+0x10e/0x150 kernel/time/hrtimer.c:1593 __do_softirq+0x115/0x33f kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0xbb/0xe0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0xe6/0x280 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830 read to 0xffff8880a3a65588 of 1 bytes by task 22891 on cpu 1: __tcp_ack_snd_check+0x415/0x4f0 net/ipv4/tcp_input.c:5265 tcp_ack_snd_check net/ipv4/tcp_input.c:5287 [inline] tcp_rcv_established+0x750/0xf50 net/ipv4/tcp_input.c:5708 tcp_v4_do_rcv+0x381/0x4e0 net/ipv4/tcp_ipv4.c:1561 sk_backlog_rcv include/net/sock.h:945 [inline] __release_sock+0x135/0x1e0 net/core/sock.c:2435 release_sock+0x61/0x160 net/core/sock.c:2951 sk_stream_wait_memory+0x3d7/0x7c0 net/core/stream.c:145 tcp_sendmsg_locked+0xb47/0x1f30 net/ipv4/tcp.c:1393 tcp_sendmsg+0x39/0x60 net/ipv4/tcp.c:1434 inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg+0x9f/0xc0 net/socket.c:657 __sys_sendto+0x21f/0x320 net/socket.c:1952 __do_sys_sendto net/socket.c:1964 [inline] __se_sys_sendto net/socket.c:1960 [inline] __x64_sys_sendto+0x89/0xb0 net/socket.c:1960 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 24652 Comm: syz-executor.3 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ tglx: Added comments ] Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20191106174804.74723-1-edumazet@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
lucaswei
|
ea68ab5c50 |
Merge upstream-linux-4.4.y (4.4.200) into android-msm-wahoo-4.4-qt-lts
Linux 4.4.200
* fs/dcache: move security_d_instantiate() behind attaching dentry to inode
fs/dcache.c
* alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP
kernel/time/alarmtimer.c
ARM: fix the cockup in the previous patch
ARM: ensure that processor vtables is not lost after boot
ARM: spectre-v2: per-CPU vtables to work around big.Little systems
ARM: add PROC_VTABLE and PROC_TABLE macros
ARM: clean up per-processor check_bugs method call
ARM: split out processor lookup
ARM: make lookup_processor_type() non-__init
ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc
ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization
ARM: 8795/1: spectre-v1.1: use put_user() for __put_user()
ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit
ARM: 8793/1: signal: replace __put_user_error with __put_user
ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user()
ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state
ARM: 8789/1: signal: copy registers using __copy_to_user()
ARM: spectre-v1: mitigate user accesses
ARM: spectre-v1: use get_user() for __get_user()
ARM: use __inttype() in get_user()
ARM: oabi-compat: copy semops using __copy_from_user()
ARM: vfp: use __copy_from_user() when restoring VFP state
ARM: signal: copy registers using __copy_from_user()
ARM: spectre-v1: fix syscall entry
ARM: spectre-v1: add array_index_mask_nospec() implementation
ARM: spectre-v1: add speculation barrier (csdb) macros
ARM: spectre-v2: warn about incorrect context switching functions
ARM: spectre-v2: add firmware based hardening
ARM: spectre-v2: harden user aborts in kernel space
ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit
ARM: spectre-v2: harden branch predictor on context switches
ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre
ARM: bugs: add support for per-processor bug checking
ARM: bugs: hook processor bug checking into SMP and suspend paths
ARM: bugs: prepare processor bug infrastructure
ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs
* arm/arm64: smccc-1.1: Handle function result as parameters
include/linux/arm-smccc.h
* arm/arm64: smccc-1.1: Make return values unsigned long
include/linux/arm-smccc.h
* arm/arm64: smccc: Add SMCCC-specific return codes
include/linux/arm-smccc.h
* arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
include/linux/arm-smccc.h
* arm/arm64: smccc: Make function identifiers an unsigned quantity
include/linux/arm-smccc.h
* firmware/psci: Expose SMCCC version through psci_ops
drivers/firmware/psci.c
include/linux/psci.h
* firmware/psci: Expose PSCI conduit
drivers/firmware/psci.c
include/linux/psci.h
* arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
include/linux/arm-smccc.h
* arm/arm64: KVM: Advertise SMCCC v1.1
include/linux/arm-smccc.h
ARM: Move system register accessors to asm/cp15.h
ARM: uaccess: remove put_user() code duplication
* ARM: 8481/2: drivers: psci: replace psci firmware calls
arch/arm64/kernel/Makefile
drivers/firmware/psci.c
* ARM: 8480/2: arm64: add implementation for arm-smccc
arch/arm64/Kconfig
arch/arm64/kernel/Makefile
arch/arm64/kernel/arm64ksyms.c
arch/arm64/kernel/asm-offsets.c
arch/arm64/kernel/smccc-call.S
ARM: 8479/2: add implementation for arm-smccc
* ARM: 8478/2: arm/arm64: add arm-smccc
drivers/firmware/Kconfig
include/linux/arm-smccc.h
ARM: 8051/1: put_user: fix possible data corruption in put_user
dmaengine: qcom: bam_dma: Fix resource leak
* net/flow_dissector: switch to siphash
include/linux/skbuff.h
include/net/flow_dissector.h
net/core/flow_dissector.c
* inet: stop leaking jiffies on the wire
net/ipv4/datagram.c
net/ipv4/tcp_ipv4.c
net/mlx4_core: Dynamically set guaranteed amount of counters per VF
vxlan: check tun_info options_len properly
* net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
net/core/datagram.c
* net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
net/core/ethtool.c
net: hisilicon: Fix ping latency when deal with high throughput
* net: fix sk_page_frag() recursion from memory reclaim
include/linux/gfp.h
include/net/sock.h
dccp: do not leak jiffies on the wire
cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
MIPS: bmips: mark exception vectors as char arrays
of: unittest: fix memory leak in unittest_data_add
scsi: target: core: Do not overwrite CDB byte 1
perf kmem: Fix memory leak in compact_gfp_flags()
* scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
drivers/scsi/Kconfig
scsi: sni_53c710: fix compilation error
ARM: mm: fix alignment handler faults under memory pressure
ARM: dts: logicpd-torpedo-som: Remove twl_keypad
ASoc: rockchip: i2s: Fix RPM imbalance
regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized
regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
* kbuild: add -fcf-protection=none when using retpoline flags
Makefile
Linux 4.4.199
Revert "ALSA: hda: Flush interrupts on disabling"
xfs: Correctly invert xfs_buftarg LRU isolation logic
sctp: not bind the socket in sctp_connect
* sctp: fix the issue that flags are ignored when using kernel_connect
include/net/sctp/sctp.h
* sch_netem: fix rcu splat in netem_enqueue()
include/net/sch_generic.h
net: usb: sr9800: fix uninitialized local variable
* bonding: fix potential NULL deref in bond_update_slave_arr
drivers/net/bonding/bond_main.c
llc: fix sk_buff leak in llc_conn_service()
llc: fix sk_buff leak in llc_sap_state_process()
rtlwifi: Fix potential overflow on P2P code
s390/cmm: fix information leak in cmm_timeout_handler()
* nl80211: fix validation of mesh path nexthop
net/wireless/nl80211.c
* HID: fix error message in hid_open_report()
drivers/hid/hid-core.c
* HID: Fix assumption that devices have inputs
drivers/hid/hid-dr.c
drivers/hid/hid-gaff.c
drivers/hid/hid-lg2ff.c
drivers/hid/hid-lg3ff.c
drivers/hid/hid-lg4ff.c
drivers/hid/hid-lgff.c
drivers/hid/hid-sony.c
drivers/hid/hid-tmff.c
USB: serial: whiteheat: fix line-speed endianness
USB: serial: whiteheat: fix potential slab corruption
USB: ldusb: fix control-message timeout
USB: ldusb: fix ring-buffer locking
* USB: gadget: Reject endpoints with 0 maxpacket value
include/linux/usb/gadget.h
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
ALSA: bebob: Fix prototype of helper function to return negative value
* fuse: truncate pending writes on O_TRUNC
fs/fuse/file.c
* fuse: flush dirty data/metadata before non-truncate setattr
fs/fuse/dir.c
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
USB: legousbtower: fix a signedness bug in tower_probe()
* tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
kernel/trace/trace.c
NFSv4: Fix leak of clp->cl_acceptor string
MIPS: fw: sni: Fix out of bounds init of o32 stack
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
efi/x86: Do not clean dummy variable in kexec path
efi/cper: Fix endianness of PCIe class code
serial: mctrl_gpio: Check for NULL pointer
fs: cifs: mute -Wunused-const-variable message
RDMA/iwcm: Fix a lock inversion issue
perf map: Fix overlapped map handling
iio: fix center temperature of bmc150-accel-core
* exec: load_script: Do not exec truncated interpreter path
fs/binfmt_script.c
* usb: handle warm-reset port requests on hub resume
drivers/usb/core/hub.c
* scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
scripts/setlocalversion
x86/cpu: Add Atom Tremont (Jacobsville)
sc16is7xx: Fix for "Unexpected interrupt: 8"
* dm: Use kzalloc for all structs with embedded biosets/mempools
drivers/md/dm-io.c
drivers/md/dm-kcopyd.c
dm snapshot: rework COW throttling to fix deadlock
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: use mutex instead of rw_semaphore
Linux 4.4.198
RDMA/cxgb4: Do not dma memory off of the stack
* net: sched: Fix memory exposure from short TCA_U32_SEL
net/sched/cls_u32.c
* PCI: PM: Fix pci_power_up()
drivers/pci/pci.c
xen/netback: fix error path of xenvif_connect_data()
* cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
drivers/base/core.c
drivers/cpufreq/cpufreq.c
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
CIFS: avoid using MID 0xFFFF
parisc: Fix vmap memory leak in ioremap()/iounmap()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
* mm/slub: fix a deadlock in show_slab_objects()
mm/slub.c
scsi: zfcp: fix reaction on bit error threshold notification
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
mac80211: Reject malformed SSID elements
cfg80211: wext: avoid copying malformed SSIDs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
* scsi: core: try to get module before removing device
drivers/scsi/scsi_sysfs.c
USB: ldusb: fix read info leaks
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix memleak on disconnect
USB: serial: ti_usb_3410_5052: fix port-close races
usb: udc: lpc32xx: fix bad bit shift operation
USB: legousbtower: fix memleak on disconnect
* memfd: Fix locking when tagging pins
mm/shmem.c
* ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net/ipv4/route.c
* net: avoid potential infinite loop in tc_ctl_action()
net/sched/act_api.c
sctp: change sctp_prot .no_autobind with true
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
* loop: Add LOOP_SET_DIRECT_IO to compat ioctl
drivers/block/loop.c
namespace: fix namespace.pl script to support relative paths
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
* nl80211: fix null pointer dereference
net/wireless/nl80211.c
ARM: dts: am4372: Set memory bandwidth limit for DISPC
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
scsi: megaraid: disable device when probe failed after enabled device
* scsi: ufs: skip shutdown if hba is not powered
drivers/scsi/ufs/ufshcd.c
Linux 4.4.197
xfs: clear sb->s_fs_info on mount failure
x86/asm: Fix MWAITX C-state hint value
* tracing: Get trace_array reference for available_tracers files
kernel/trace/trace.c
media: stkwebcam: fix runtime PM after driver unbind
CIFS: Force revalidate inode when dentry is stale
cifs: Check uniqueid for SMB2+ and return -ESTALE if necessary
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
* arm64: Rename cpuid_feature field extract routines
arch/arm64/include/asm/cpufeature.h
arch/arm64/kernel/cpufeature.c
arch/arm64/kernel/debug-monitors.c
arch/arm64/mm/context.c
* arm64: capabilities: Handle sign of the feature bit
arch/arm64/include/asm/cpufeature.h
arch/arm64/kernel/cpufeature.c
* kernel/sysctl.c: do not override max_threads provided by userspace
kernel/fork.c
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
CIFS: Gracefully handle QueryInfo errors during open
perf llvm: Don't access out-of-scope array
iio: light: opt3001: fix mutex unlock race
iio: adc: ad799x: fix probe error handling
staging: vt6655: Fix memory leak in vt6655_probe
USB: legousbtower: fix use-after-free on release
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix slab info leak at probe
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
USB: dummy-hcd: fix power budget for SuperSpeed mode
USB: microtek: fix info-leak at probe
USB: usblcd: fix I/O after disconnect
USB: serial: fix runtime PM after driver unbind
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: option: add Telit FN980 compositions
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: keyspan: fix NULL-derefs on open() and write()
serial: uartlite: fix exit path null pointer
USB: ldusb: fix NULL-derefs on driver unbind
USB: chaoskey: fix use-after-free on release
USB: usblp: fix runtime PM after driver unbind
USB: iowarrior: fix use-after-free after driver unbind
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: adutux: fix use-after-free on release
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on disconnect
USB: adutux: remove redundant variable minor
* xhci: Increase STS_SAVE timeout in xhci_suspend()
drivers/usb/host/xhci.c
* usb: xhci: wait for CNR controller not ready bit in xhci resume
drivers/usb/host/xhci.c
* xhci: Check all endpoints for LPM timeout
drivers/usb/host/xhci.c
* xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
drivers/usb/host/xhci.c
USB: usb-skeleton: fix NULL-deref on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: yurex: fix NULL-derefs on disconnect
USB: yurex: Don't retry on unexpected errors
* USB: rio500: Remove Rio 500 kernel driver
drivers/usb/misc/Kconfig
drivers/usb/misc/Makefile
* panic: ensure preemption is disabled during panic()
kernel/panic.c
ASoC: sgtl5000: Improve VAG power and mute control
* nl80211: validate beacon head
net/wireless/nl80211.c
* cfg80211: Use const more consistently in for_each_element macros
include/linux/ieee80211.h
* cfg80211: add and use strongly typed element iteration macros
include/linux/ieee80211.h
crypto: caam - fix concurrency issue in givencrypt descriptor
perf stat: Fix a segmentation fault when using repeat forever
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
* kernel/elfcore.c: include proper prototypes
kernel/elfcore.c
fuse: fix memleak in cuse_channel_open
* thermal: Fix use-after-free when unregistering thermal zone device
drivers/thermal/thermal_core.c
drm/amdgpu: Check for valid number of registers to read
ceph: fix directories inode i_blkbits initialization
xen/pci: reserve MCFG areas earlier
9p: avoid attaching writeback_fid on mmap with type PRIVATE
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
ima: always return negative code for error
* cfg80211: initialize on-stack chandefs
net/wireless/nl80211.c
net/wireless/reg.c
ieee802154: atusb: fix use-after-free at disconnect
crypto: qat - Silence smp_processor_id() warning
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
* ASoC: Define a set of DAPM pre/post-up events
include/sound/soc-dapm.h
KVM: nVMX: handle page fault in vmread fix
s390/cio: exclude subchannels with no parent from pseudo check
s390/cio: avoid calling strlen on null pointer
s390/topology: avoid firing events before kobjs are created
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
Change-Id: I78a8ba32f5c2fd5d448e6f8893473c90da4b2c65
Signed-off-by: lucaswei <lucaswei@google.com>
|
||
|
Nathan Chancellor
|
9c861acde6 |
Merge 4.4.200 into android-msm-wahoo-4.4
Changes in 4.4.200: (76 commits)
kbuild: add -fcf-protection=none when using retpoline flags
regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone
regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized
ASoc: rockchip: i2s: Fix RPM imbalance
ARM: dts: logicpd-torpedo-som: Remove twl_keypad
ARM: mm: fix alignment handler faults under memory pressure
scsi: sni_53c710: fix compilation error
scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
perf kmem: Fix memory leak in compact_gfp_flags()
scsi: target: core: Do not overwrite CDB byte 1
of: unittest: fix memory leak in unittest_data_add
MIPS: bmips: mark exception vectors as char arrays
cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs
dccp: do not leak jiffies on the wire
net: fix sk_page_frag() recursion from memory reclaim
net: hisilicon: Fix ping latency when deal with high throughput
net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol()
net: add READ_ONCE() annotation in __skb_wait_for_more_packets()
vxlan: check tun_info options_len properly
net/mlx4_core: Dynamically set guaranteed amount of counters per VF
inet: stop leaking jiffies on the wire
net/flow_dissector: switch to siphash
dmaengine: qcom: bam_dma: Fix resource leak
ARM: 8051/1: put_user: fix possible data corruption in put_user
ARM: 8478/2: arm/arm64: add arm-smccc
ARM: 8479/2: add implementation for arm-smccc
ARM: 8480/2: arm64: add implementation for arm-smccc
ARM: 8481/2: drivers: psci: replace psci firmware calls
ARM: uaccess: remove put_user() code duplication
ARM: Move system register accessors to asm/cp15.h
arm/arm64: KVM: Advertise SMCCC v1.1
arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
firmware/psci: Expose PSCI conduit
firmware/psci: Expose SMCCC version through psci_ops
arm/arm64: smccc: Make function identifiers an unsigned quantity
arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
arm/arm64: smccc: Add SMCCC-specific return codes
arm/arm64: smccc-1.1: Make return values unsigned long
arm/arm64: smccc-1.1: Handle function result as parameters
ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs
ARM: bugs: prepare processor bug infrastructure
ARM: bugs: hook processor bug checking into SMP and suspend paths
ARM: bugs: add support for per-processor bug checking
ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre
ARM: spectre-v2: harden branch predictor on context switches
ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit
ARM: spectre-v2: harden user aborts in kernel space
ARM: spectre-v2: add firmware based hardening
ARM: spectre-v2: warn about incorrect context switching functions
ARM: spectre-v1: add speculation barrier (csdb) macros
ARM: spectre-v1: add array_index_mask_nospec() implementation
ARM: spectre-v1: fix syscall entry
ARM: signal: copy registers using __copy_from_user()
ARM: vfp: use __copy_from_user() when restoring VFP state
ARM: oabi-compat: copy semops using __copy_from_user()
ARM: use __inttype() in get_user()
ARM: spectre-v1: use get_user() for __get_user()
ARM: spectre-v1: mitigate user accesses
ARM: 8789/1: signal: copy registers using __copy_to_user()
ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state
ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user()
ARM: 8793/1: signal: replace __put_user_error with __put_user
ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit
ARM: 8795/1: spectre-v1.1: use put_user() for __put_user()
ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization
ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc
ARM: make lookup_processor_type() non-__init
ARM: split out processor lookup
ARM: clean up per-processor check_bugs method call
ARM: add PROC_VTABLE and PROC_TABLE macros
ARM: spectre-v2: per-CPU vtables to work around big.Little systems
ARM: ensure that processor vtables is not lost after boot
ARM: fix the cockup in the previous patch
alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP
fs/dcache: move security_d_instantiate() behind attaching dentry to inode
Linux 4.4.200
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/arm64/Kconfig
arch/arm64/kernel/arm64ksyms.c
arch/arm64/kernel/vdso32/vdso.S
arch/arm64/kvm/hyp/fpsimd.S
drivers/firmware/psci.c
include/linux/arm-smccc.h
include/linux/psci.h
|
||
|
Greg Kroah-Hartman
|
903fbe76b8 |
Merge 4.4.200 into android-4.4-p
Changes in 4.4.200 kbuild: add -fcf-protection=none when using retpoline flags regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized ASoc: rockchip: i2s: Fix RPM imbalance ARM: dts: logicpd-torpedo-som: Remove twl_keypad ARM: mm: fix alignment handler faults under memory pressure scsi: sni_53c710: fix compilation error scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE perf kmem: Fix memory leak in compact_gfp_flags() scsi: target: core: Do not overwrite CDB byte 1 of: unittest: fix memory leak in unittest_data_add MIPS: bmips: mark exception vectors as char arrays cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs dccp: do not leak jiffies on the wire net: fix sk_page_frag() recursion from memory reclaim net: hisilicon: Fix ping latency when deal with high throughput net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() net: add READ_ONCE() annotation in __skb_wait_for_more_packets() vxlan: check tun_info options_len properly net/mlx4_core: Dynamically set guaranteed amount of counters per VF inet: stop leaking jiffies on the wire net/flow_dissector: switch to siphash dmaengine: qcom: bam_dma: Fix resource leak ARM: 8051/1: put_user: fix possible data corruption in put_user ARM: 8478/2: arm/arm64: add arm-smccc ARM: 8479/2: add implementation for arm-smccc ARM: 8480/2: arm64: add implementation for arm-smccc ARM: 8481/2: drivers: psci: replace psci firmware calls ARM: uaccess: remove put_user() code duplication ARM: Move system register accessors to asm/cp15.h arm/arm64: KVM: Advertise SMCCC v1.1 arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support firmware/psci: Expose PSCI conduit firmware/psci: Expose SMCCC version through psci_ops arm/arm64: smccc: Make function identifiers an unsigned quantity arm/arm64: smccc: Implement SMCCC v1.1 inline primitive arm/arm64: smccc: Add SMCCC-specific return codes arm/arm64: smccc-1.1: Make return values unsigned long arm/arm64: smccc-1.1: Handle function result as parameters ARM: add more CPU part numbers for Cortex and Brahma B15 CPUs ARM: bugs: prepare processor bug infrastructure ARM: bugs: hook processor bug checking into SMP and suspend paths ARM: bugs: add support for per-processor bug checking ARM: spectre: add Kconfig symbol for CPUs vulnerable to Spectre ARM: spectre-v2: harden branch predictor on context switches ARM: spectre-v2: add Cortex A8 and A15 validation of the IBE bit ARM: spectre-v2: harden user aborts in kernel space ARM: spectre-v2: add firmware based hardening ARM: spectre-v2: warn about incorrect context switching functions ARM: spectre-v1: add speculation barrier (csdb) macros ARM: spectre-v1: add array_index_mask_nospec() implementation ARM: spectre-v1: fix syscall entry ARM: signal: copy registers using __copy_from_user() ARM: vfp: use __copy_from_user() when restoring VFP state ARM: oabi-compat: copy semops using __copy_from_user() ARM: use __inttype() in get_user() ARM: spectre-v1: use get_user() for __get_user() ARM: spectre-v1: mitigate user accesses ARM: 8789/1: signal: copy registers using __copy_to_user() ARM: 8791/1: vfp: use __copy_to_user() when saving VFP state ARM: 8792/1: oabi-compat: copy oabi events using __copy_to_user() ARM: 8793/1: signal: replace __put_user_error with __put_user ARM: 8794/1: uaccess: Prevent speculative use of the current addr_limit ARM: 8795/1: spectre-v1.1: use put_user() for __put_user() ARM: 8796/1: spectre-v1,v1.1: provide helpers for address sanitization ARM: 8810/1: vfp: Fix wrong assignement to ufp_exc ARM: make lookup_processor_type() non-__init ARM: split out processor lookup ARM: clean up per-processor check_bugs method call ARM: add PROC_VTABLE and PROC_TABLE macros ARM: spectre-v2: per-CPU vtables to work around big.Little systems ARM: ensure that processor vtables is not lost after boot ARM: fix the cockup in the previous patch alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP fs/dcache: move security_d_instantiate() behind attaching dentry to inode Linux 4.4.200 Change-Id: I6f7542c59929ba1043caf7414d5c0d0d86adaeca Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Petr Vorel
|
87fb5df321 |
alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP
Fix backport of commit f18ddc13af981ce3c7b7f26925f099e7c6929aba upstream.
Update backport to change ENOTSUPP to EOPNOTSUPP in
alarm_timer_{del,set}(), which were removed in
f2c45807d3992fe0f173f34af9c347d907c31686 in v4.13-rc1.
Fixes:
|
||
|
Robin Peng
|
62b159444e |
Merge upstream-linux-4.4.y (4.4.196) into android-msm-wahoo-4.4-qt-lts
Linux 4.4.196
NFC: fix attrs checks in netlink interface
* smack: use GFP_NOFS while holding inode_smack::smk_lock
security/smack/smack_access.c
security/smack/smack_lsm.c
* Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
security/smack/smack_lsm.c
sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
net/rds: Fix error handling in rds_ib_add_one()
xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
sch_dsmark: fix potential NULL deref in dsmark_init()
nfc: fix memory leak in llcp_sock_bind()
net: qlogic: Fix memory leak in ql_alloc_large_buffers
* net: ipv4: avoid mixed n_redirects and rate_tokens usage
net/ipv4/route.c
* ipv6: drop incoming packets having a v4mapped source address
net/ipv6/ip6_input.c
hso: fix NULL-deref on tty open
* ANDROID: binder: synchronize_rcu() when using POLLFREE.
drivers/android/binder.c
* ANDROID: binder: remove waitqueue when thread exits.
drivers/android/binder.c
* kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
lib/Kconfig.debug
ocfs2: wait for recovering done after direct unlock request
hypfs: Fix error number left in struct pointer member
* fat: work around race with userspace's read via blockdev while mounting
fs/fat/dir.c
fs/fat/fatent.c
* security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
security/smack/smack_lsm.c
* HID: apple: Fix stuck function keys when using FN
drivers/hid/hid-apple.c
ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
mfd: intel-lpss: Remove D3cold delay
* scsi: core: Reduce memory required for SCSI logging
drivers/scsi/scsi_logging.c
include/scsi/scsi_dbg.h
powerpc/pseries: correctly track irq state in default idle
powerpc/64s/exception: machine check use correct cfar for late handler
vfio_pci: Restore original state on release
pinctrl: tegra: Fix write barrier placement in pmx_writel
powerpc/pseries/mobility: use cond_resched when updating device tree
powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
powerpc/rtas: use device model APIs and serialization during LPM
clk: sirf: Don't reference clk_init_data after registration
clk: qoriq: Fix -Wunused-const-variable
ipmi_si: Only schedule continuously in the thread in maintenance mode
gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
video: ssd1307fb: Start page range at page_offset
Linux 4.4.195
Btrfs: fix race setting up and completing qgroup rescan workers
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix use-after-free when using the tree modification log
* ovl: filter of trusted xattr results in audit
fs/overlayfs/inode.c
CIFS: Fix oplock handling for SMB 2.1+ protocols
i2c: riic: Clear NACK in tend isr
* hwrng: core - don't wait on add_early_randomness()
drivers/char/hw_random/core.c
* quota: fix wrong condition in is_quota_modification()
include/linux/quotaops.h
* ext4: fix punch hole for inline_data file systems
fs/ext4/inode.c
* /dev/mem: Bail out upon SIGKILL.
drivers/char/mem.c
* cfg80211: Purge frame registrations on iftype change
net/wireless/util.c
md/raid6: Set R5_ReadError when there is read failure on parity disk
* alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
kernel/time/alarmtimer.c
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
ASoC: Intel: Fix use of potentially uninitialized variable
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
KVM: x86: Manually calculate reserved bits when loading PDPTRS
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: always stop emulation on page fault
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
* fuse: fix missing unlock_page in fuse_writepage()
fs/fuse/file.c
* printk: Do not lose last line in kmsg buffer dump
kernel/printk/printk.c
ALSA: firewire-tascam: check intermediate state of clock status and retry
ALSA: firewire-tascam: handle error code when getting current source of clock
media: omap3isp: Set device on omap3isp subdevs
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
libertas: Add missing sentinel at end of if_usb.c fw_table
mmc: sdhci: Fix incorrect switch to HS mode
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
* kprobes: Prohibit probing on BUG() and WARN() address
include/linux/bug.h
dmaengine: ti: edma: Do not reset reserved paRAM slots
md/raid1: fail run raid1 array when active disk less than one
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
ACPI: custom_method: fix memory leaks
libtraceevent: Change users plugin directory
ACPI / CPPC: do not require the _PSD method
media: ov9650: add a sanity check
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: cpia2_usb: fix memory leaks
media: saa7146: add cleanup in hexium_attach()
media: hdpvr: add terminating 0 at end of string
media: radio/si470x: kill urb on error
net: lpc-enet: fix printk format strings
media: omap3isp: Don't set streaming state on random subdevs
dmaengine: iop-adma: use correct printk format strings
media: gspca: zero usb_buf on error
efi: cper: print AER info of PCIe fatal error
* md: don't set In_sync if array is frozen
drivers/md/md.c
* md: don't call spare_active in md_reap_sync_thread if all member devices can't work
drivers/md/md.c
ia64:unwind: fix double free for mod->arch.init_unw_table
* ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
sound/usb/pcm.c
* base: soc: Export soc_device_register/unregister APIs
drivers/base/soc.c
media: iguanair: add sanity checks
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
ALSA: hda - Show the fatal CORB/RIRB error more clearly
x86/apic: Soft disable APIC before initializing it
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
* sched/core: Fix CPU controller for !RT_GROUP_SCHED
kernel/sched/core.c
* sched/fair: Fix imbalance due to CPU affinity
kernel/sched/fair.c
media: hdpvr: Add device num check and handling
media: dib0700: fix link error for dibx000_i2c_set_speed
leds: leds-lp5562 allow firmware files up to the maximum length
dmaengine: bcm2835: Print error in case setting DMA mask fails
ASoC: sgtl5000: Fix charge pump source assignment
ALSA: hda: Flush interrupts on disabling
nfc: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
mISDN: enforce CAP_NET_RAW for raw sockets
* usbnet: sanity checking of packet sizes and device mtu
drivers/net/usb/usbnet.c
* usbnet: ignore endpoints with invalid wMaxPacketSize
drivers/net/usb/usbnet.c
skge: fix checksum byte order
sch_netem: fix a divide by zero in tabledist()
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
net/phy: fix DP83865 10 Mbps HDX loopback disable function
* cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
drivers/net/usb/cdc_ncm.c
arcnet: provide a buffer big enough to actually receive packets
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
drm: Flush output polling on shutdown
f2fs: fix to do sanity check on segment bitmap of LFS curseg
Revert "f2fs: avoid out-of-range memory access"
f2fs: check all the data segments against all node ones
* irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
drivers/irqchip/irq-gic-v3-its.c
locking/lockdep: Add debug_locks check in __lock_downgrade()
mac80211: handle deauthentication/disassociation from TDLS peer
mac80211: Print text for disassociation reason
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
net: rds: Fix NULL ptr use in rds_tcp_kill_sock
crypto: talitos - fix missing break in switch statement
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
* HID: hidraw: Fix invalid read in hidraw_ioctl
drivers/hid/hidraw.c
* HID: logitech: Fix general protection fault caused by Logitech driver
drivers/hid/hid-lg.c
drivers/hid/hid-lg4ff.c
* HID: lg: make transfer buffers DMA capable
drivers/hid/hid-lg.c
HID: prodikeys: Fix general protection fault during probe
* Revert "Bluetooth: validate BLE connection interval updates"
net/bluetooth/hci_event.c
net/bluetooth/l2cap_core.c
Linux 4.4.194
* net_sched: let qdisc_put() accept NULL pointer
net/sched/sch_generic.c
ARC: export "abort" for modules
media: technisat-usb2: break out of loop at end of buffer
floppy: fix usercopy direction
* keys: Fix missing null pointer check in request_key_auth_describe()
security/keys/request_key_auth.c
dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
net: seeq: Fix the function used to release some memory in an error handling path
tools/power turbostat: fix buffer overrun
sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
cifs: Use kzfree() to zero out the password
cifs: set domainName when a domain-key is used in multiuser
NFSv2: Fix write regression
NFSv2: Fix eof handling
* netfilter: nf_conntrack_ftp: Fix debug output
net/netfilter/nf_conntrack_ftp.c
x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
* r8152: Set memory to all 0xFFs on failed reg reads
drivers/net/usb/r8152.c
ARM: 8874/1: mm: only adjust sections of valid mm structures
* Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
drivers/atm/Kconfig
NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
NFSv4: Fix return values for nfs4_file_open()
s390/bpf: use 32-bit index for tail calls
ARM: OMAP2+: Fix omap4 errata warning on other SoCs
s390/bpf: fix lcgr instruction encoding
mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
tty/serial: atmel: reschedule TX after RX was started
serial: sprd: correct the wrong sequence of arguments
KVM: coalesced_mmio: add bounds checking
xen-netfront: do not assume sk_buff_head list is empty in error handling
x86/boot: Add missing bootparam that breaks boot on some platforms
media: tm6000: double free if usb disconnect while streaming
* USB: usbcore: Fix slab-out-of-bounds bug during device reset
drivers/usb/core/config.c
ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send()
x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
crypto: talitos - check data blocksize in ablkcipher.
crypto: talitos - check AES key size
* driver core: Fix use-after-free and double free on glue directory
drivers/base/core.c
clk: rockchip: Don't yell about bad mmc phases when getting
MIPS: VDSO: Use same -m%-float cflag as the kernel proper
MIPS: VDSO: Prevent use of smp_processor_id()
KVM: nVMX: handle page fault in vmread
KVM: x86: work around leak of uninitialized stack contents
KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
* genirq: Prevent NULL pointer dereference in resend_irqs()
kernel/irq/resend.c
Btrfs: fix assertion failure during fsync and use of stale transaction
Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
* tun: fix use-after-free when register netdev failed
drivers/net/tun.c
tipc: add NULL pointer check before calling kfree_rcu
* tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
net/ipv4/tcp_input.c
sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
* net: Fix null de-reference of device refcount
net/core/dev.c
isdn/capi: check message length in capi_write()
* ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
net/ipv6/ping.c
* cdc_ether: fix rndis support for Mediatek based smartphones
drivers/net/usb/cdc_ether.c
* bridge/mdb: remove wrong use of NLM_F_MULTI
net/bridge/br_mdb.c
Linux 4.4.193
vhost: make sure log_num < in_num
* af_packet: tone down the Tx-ring unsupported spew.
net/packet/af_packet.c
x86, boot: Remove multiple copy of static function sanitize_boot_params()
clk: s2mps11: Add used attribute to s2mps11_dt_match
scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
vhost/test: fix build for vhost test
* xfrm: clean up xfrm protocol checks
include/net/xfrm.h
net/key/af_key.c
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
ALSA: hda/realtek - Fix overridden device-specific initialization
ALSA: hda - Fix potential endless loop at applying quirks
Linux 4.4.192
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
net: fix skb use after free in netpoll
Revert "x86/apic: Include the LDR when clearing out APIC registers"
spi: bcm2835aux: fix corruptions for longer spi transfers
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: unifying code between polling and interrupt driven code
spi: bcm2835aux: ensure interrupts are enabled for shared handler
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
KVM: arm/arm64: Only skip MMIO insn once
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
IB/mlx4: Fix memory leaks
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
ravb: Fix use-after-free ravb_tstamp_skb
wimax/i2400m: fix a memory leak bug
net: kalmia: fix memory leaks
cx82310_eth: fix a memory leak bug
net: myri10ge: fix memory leaks
cxgb4: fix a memory leak bug
* gpio: Fix build error of function redefinition
include/linux/gpio.h
ibmveth: Convert multicast list size for little-endian system
Bluetooth: btqca: Add a short delay before downloading the NVM
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
Linux 4.4.191
x86/ptrace: fix up botched merge of spectrev1 fix
mac80211: fix possible sta leak
* Revert "cfg80211: fix processing world regdomain when non modular"
net/wireless/reg.c
VMCI: Release resource if the work is already queued
stm class: Fix a double free of stm_source_device
mmc: core: Fix init of SD cards reporting an invalid VDD range
mmc: sdhci-of-at91: add quirk for broken HS200
uprobes/x86: Fix detection of 32-bit user mode
ptrace,x86: Make user_64bit_mode() available to 32-bit builds
USB: storage: ums-realtek: Whitelist auto-delink support
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
usb: host: ohci: fix a race condition between shutdown and irq
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
* usb-storage: Add new JMS567 revision to unusual_devs
drivers/usb/storage/unusual_devs.h
x86/apic: Include the LDR when clearing out APIC registers
x86/apic: Do not initialize LDR and DFR for bigsmp
KVM: x86: Don't update RIP or do single-step on faulting emulation
ALSA: seq: Fix potential concurrent access to the deleted pool
* tcp: make sure EPOLLOUT wont be missed
net/core/stream.c
* ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
sound/usb/mixer.c
* ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
sound/usb/mixer.c
* tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
include/net/tcp.h
watchdog: bcm2835_wdt: Fix module autoload
tools: hv: fix KVP and VSS daemons exit code
usb: host: fotg2: restart hcd after port reset
* usb: gadget: composite: Clear "suspended" on reset/disconnect
drivers/usb/gadget/composite.c
dmaengine: ste_dma40: fix unneeded variable warning
* scsi: ufs: Fix NULL pointer dereference in ufshcd_config_vreg_hpm()
drivers/scsi/ufs/ufshcd.c
x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h
x86/pm: Introduce quirk framework to save/restore extra MSR registers around suspend/resume
Revert "perf test 6: Fix missing kvm module load for s390"
* netfilter: conntrack: Use consistent ct id hash calculation
net/netfilter/nf_conntrack_core.c
* netfilter: ctnetlink: don't use conntrack/expect object addresses as id
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_netlink.c
* inet: switch IP ID generator to siphash
include/linux/siphash.h
include/net/netns/ipv4.h
net/ipv4/route.c
net/ipv6/output_core.c
* siphash: implement HalfSipHash1-3 for hash tables
include/linux/siphash.h
lib/siphash.c
* siphash: add cryptographically secure PRF
include/linux/siphash.h
lib/Kconfig.debug
lib/Makefile
lib/siphash.c
vhost: scsi: add weight support
vhost_net: fix possible infinite loop
vhost: introduce vhost_exceeds_weight()
vhost_net: introduce vhost_exceeds_weight()
vhost_net: use packet weight for rx handler, too
vhost-net: set packet weight of tx polling to 2 * vq size
net: arc_emac: fix koops caused by sk_buff free
GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
* cgroup: Disable IRQs while holding css_set_lock
kernel/cgroup.c
* dm table: fix invalid memory accesses with too high sector number
drivers/md/dm-table.c
dm space map metadata: fix missing store of apply_bops() return value
dm btree: fix order of block initialization in btree_split_beneath
x86/boot: Fix boot regression caused by bootparam sanitizing
x86/boot: Save fields explicitly, zero out everything else
x86/apic: Handle missing global clockevent gracefully
x86/retpoline: Don't clobber RFLAGS during CALL_NOSPEC on i386
userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx
* Revert "dm bufio: fix deadlock with loop device"
drivers/md/dm-bufio.c
* HID: wacom: correct misreported EKR ring values
drivers/hid/wacom_wac.c
selftests: kvm: Adding config fragments
libata: add SG safety checks in SFF pio transfers
net: hisilicon: Fix dma_map_single failed on arm64
net: hisilicon: fix hip04-xmit never return TX_BUSY
net: hisilicon: make hip04_tx_reclaim non-reentrant
net: cxgb3_main: Fix a resource leak in a error path in 'init_one()'
NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim()
can: peak_usb: force the string buffer NULL-terminated
can: sja1000: force the string buffer NULL-terminated
perf bench numa: Fix cpu0 binding
isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack
isdn: mISDN: hfcsusb: Fix possible null-pointer dereferences in start_isoc_chain()
net: usb: qmi_wwan: Add the BroadMobi BM818 card
ASoC: ti: davinci-mcasp: Correct slot_width posed constraint
st_nci_hci_connectivity_event_received: null check the allocation
st21nfca_connectivity_event_received: null check the allocation
can: dev: call netif_carrier_off() in register_candev()
* bonding: Force slave speed check after link state recovery for 802.3ad
drivers/net/bonding/bond_main.c
* netfilter: ebtables: fix a memory leak bug in compat
net/bridge/netfilter/ebtables.c
MIPS: kernel: only use i8253 clocksource with periodic clockevent
* HID: Add 044f:b320 ThrustMaster, Inc. 2 in 1 DT
drivers/hid/hid-tmff.c
Linux 4.4.190
* bonding: Add vlan tx offload to hw_enc_features
drivers/net/bonding/bond_main.c
sctp: fix the transport error_count check
net/mlx5e: Only support tx/rx pause setting for port owner
xen/netback: Reset nr_frags before freeing skb
* net/packet: fix race in tpacket_snd()
net/packet/af_packet.c
x86/boot: Disable the address-of-packed-member compiler warning
iommu/amd: Move iommu_init_pci() to .init section
x86/vdso: Remove direct HPET access through the vDSO
IB/mlx5: Make coding style more consistent
RDMA: Directly cast the sockaddr union to sockaddr
scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
* asm-generic: default BUG_ON(x) to if(x)BUG()
include/asm-generic/bug.h
Input: psmouse - fix build error of multiple definition
* arm64: compat: Allow single-byte watchpoints on all addresses
arch/arm64/kernel/hw_breakpoint.c
* include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
include/linux/module.h
* Backport minimal compiler_attributes.h to support GCC 9
include/linux/compiler.h
USB: serial: option: Add Motorola modem UARTs
USB: serial: option: add the BroadMobi BM818 card
USB: serial: option: Add support for ZTE MF871A
USB: serial: option: add D-Link DWM-222 device ID
usb: cdc-acm: make sure a refcount is taken early enough
* USB: core: Fix races in character device registration and deregistraion
drivers/usb/core/file.c
staging: comedi: dt3000: Fix rounding up of timer divisor
staging: comedi: dt3000: Fix signed integer overflow 'divider * base'
* asm-generic: fix -Wtype-limits compiler warnings
include/asm-generic/getorder.h
ocfs2: remove set but not used variable 'last_hash'
IB/core: Add mitigation for Spectre V1
* kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules
scripts/Makefile.modpost
ata: libahci: do not complain in case of deferred probe
scsi: hpsa: correct scsi command status issue after reset
libata: zpodd: Fix small read overflow in zpodd_get_mech_type()
perf header: Fix use of unitialized value warning
perf header: Fix divide by zero error if f_header.attr_size==0
irqchip/irq-imx-gpcv2: Forward irq type to parent
xen/pciback: remove set but not used variable 'old_state'
net: usb: pegasus: fix improper read if get_registers() fail
Input: iforce - add sanity checks
Input: kbtab - sanity check for endpoint type
HID: hiddev: do cleanup in failure of opening a device
HID: hiddev: avoid opening a disconnected device
HID: holtek: test for sanity of intfdata
ALSA: hda - Fix a memory leak bug
mm/memcontrol.c: fix use after free in mem_cgroup_iter()
* USB: gadget: f_midi: fixing a possible double-free in f_midi
drivers/usb/gadget/function/f_midi.c
drivers/usb/gadget/u_f.h
* usb: gadget: f_midi: fail if set_alt fails to allocate requests
drivers/usb/gadget/function/f_midi.c
sh: kernel: hw_breakpoint: Fix missing break in switch statement
scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
mwifiex: fix 802.11n/WPA detection
smb3: send CAP_DFS capability during session setup
SMB3: Fix deadlock in validate negotiate hits reconnect
mac80211: don't WARN on short WMM parameters from AP
ALSA: firewire: fix a memory leak bug
hwmon: (nct7802) Fix wrong detection of in4 presence
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
* perf/core: Fix creating kernel counters for PMUs that override event->cpu
kernel/events/core.c
* tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
drivers/tty/tty_ldsem.c
scsi: ibmvfc: fix WARN_ON during event pool release
scsi: megaraid_sas: fix panic on loading firmware crashdump
ARM: davinci: fix sleep.S build error on ARMv4
perf probe: Avoid calling freeing routine multiple times for same pointer
* ALSA: compress: Be more restrictive about when a drain is allowed
sound/core/compress_offload.c
* ALSA: compress: Prevent bypasses of set_params
sound/core/compress_offload.c
* ALSA: compress: Fix regression on compressed capture streams
include/sound/compress_driver.h
sound/core/compress_offload.c
s390/qdio: add sanity checks to the fast-requeue path
cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
mac80211: don't warn about CW params when not using them
* iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
drivers/firmware/Kconfig
* netfilter: nfnetlink: avoid deadlock due to synchronous request_module
net/netfilter/nfnetlink.c
can: peak_usb: fix potential double kfree_skb()
usb: yurex: Fix use-after-free in yurex_delete
perf db-export: Fix thread__exec_comm()
* mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
mm/vmalloc.c
x86/mm: Sync also unmappings in vmalloc_sync_all()
x86/mm: Check for pfn instead of page in vmalloc_sync_one()
* sound: fix a memory leak bug
sound/sound_core.c
usb: iowarrior: fix deadlock on disconnect
Linux 4.4.189
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
x86/entry/64: Use JMP instead of JMPQ
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/entry/64: Fix context tracking state warning when load_gs_index fails
x86: cpufeatures: Sort feature word 7
spi: bcm2835: Fix 3-wire mode if DMA is enabled
* block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block/blk-core.c
* compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
drivers/net/ppp/pppoe.c
drivers/net/ppp/pppox.c
fs/compat_ioctl.c
include/linux/if_pppox.h
net/l2tp/l2tp_ppp.c
bnx2x: Disable multi-cos feature.
net/mlx5: Use reversed order when unregister devices
net: sched: Fix a possible null-pointer dereference in dequeue_func()
tipc: compat: allow tipc commands without arguments
* net: fix ifindex collision during namespace removal
net/core/dev.c
net: bridge: delete local fdb on device init failure
atm: iphase: Fix Spectre v1 vulnerability
* tcp: be more careful in tcp_fragment()
include/net/tcp.h
net/ipv4/tcp_output.c
* HID: Add quirk for HP X1200 PIXART OEM mouse
drivers/hid/hid-ids.h
drivers/hid/usbhid/hid-quirks.c
netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter
* arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
arch/arm64/include/asm/cpufeature.h
arch/arm64/kernel/cpufeature.c
* arm64: cpufeature: Fix CTR_EL0 field definitions
arch/arm64/kernel/cpufeature.c
Linux 4.4.188
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
s390/dasd: fix endless loop after read unit address configuration
* selinux: fix memory leak in policydb_init()
security/selinux/ss/policydb.c
x86/kvm: Don't call kvm_spurious_fault() from .fixup
ipc/mqueue.c: only perform resource calculation if user valid
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
coda: fix build using bare-metal toolchain
coda: add error handling for fget
* mm/cma.c: fail if fixed declaration can't be honored
mm/cma.c
x86: math-emu: Hide clang warnings for 16-bit overflow
x86/apic: Silence -Wtype-limits compiler warnings
be2net: Signal that the device cannot transmit during reconfiguration
* ACPI: fix false-positive -Wuninitialized warning
include/linux/acpi.h
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
ceph: fix improper use of smp_mb__before_atomic()
btrfs: fix minimum number of chunk errors for DUP
fs/adfs: super: fix use-after-free bug
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
MIPS: lantiq: Fix bitfield masking
* kernel/module.c: Only return -EEXIST for modules that have finished loading
kernel/module.c
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
ARM: riscpc: fix DMA
Linux 4.4.187
ceph: hold i_ceph_lock when removing caps for freeing inode
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
* sched/fair: Don't free p->numa_faults with concurrent readers
fs/exec.c
include/linux/sched.h
kernel/fork.c
kernel/sched/fair.c
Bluetooth: hci_uart: check for missing tty operations
media: radio-raremono: change devm_k*alloc to k*alloc
media: cpia2_usb: first wake up, then free in disconnect
ISDN: hfcsusb: checking idx of ep configuration
* tcp: reset sk_send_head in tcp_write_queue_purge
include/net/tcp.h
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
* mm, vmstat: make quiet_vmstat lighter
mm/vmstat.c
* vmstat: Remove BUG_ON from vmstat_update
mm/vmstat.c
* access: avoid the RCU grace period for the temporary subjective credentials
fs/open.c
include/linux/cred.h
kernel/cred.c
powerpc/tm: Fix oops on sigreturn on systems without TM
ALSA: hda - Add a conexant codec entry to let mute led work
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
hpet: Fix division by zero in hpet_time_div()
x86/speculation/mds: Apply more accurate check on hypervisor platform
x86/sysfb_efi: Add quirks for some devices with swapped width and height
* usb: pci-quirks: Correct AMD PLL quirk detection
drivers/usb/host/pci-quirks.c
usb: wusbcore: fix unbalanced get/put cluster_id
locking/lockdep: Hide unused 'class' variable
locking/lockdep: Fix lock used or unused stats error
mm/mmu_notifier: use hlist_add_head_rcu()
9p: pass the correct prototype to read_cache_page
mm/kmemleak.c: fix check for softirq context
sh: prevent warnings when using iounmap
powerpc/eeh: Handle hugepages in ioremap space
mailbox: handle failed named mailbox channel request
f2fs: avoid out-of-range memory access
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
* kallsyms: exclude kasan local symbols on s390
scripts/kallsyms.c
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
um: Silence lockdep complaint about mmap_sem
mfd: arizona: Fix undefined behavior
* mfd: core: Set fwnode for created devices
drivers/mfd/mfd-core.c
recordmcount: Fix spurious mcount entries on powerpc
iio: iio-utils: Fix possible incorrect mask calculation
* PCI: sysfs: Ignore lockdep for remove attribute
drivers/pci/pci-sysfs.c
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
* usb: gadget: Zero ffs_io_data
drivers/usb/gadget/function/f_fs.c
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/virtio: Add memory barriers for capset cache.
* tty: serial: msm_serial: avoid system lockup condition
drivers/tty/serial/msm_serial.c
tty/serial: digicolor: Fix digicolor-usart already registered warning
memstick: Fix error cleanup path of memstick_init
tty: serial: cpm_uart - fix init when SMC is relocated
pinctrl: rockchip: fix leaked of_node references
tty: max310x: Fix invalid baudrate divisors calculator
* usb: core: hub: Disable hub-initiated U1/U2
drivers/usb/core/hub.c
drm/panel: simple: Fix panel_simple_dsi_probe
nfsd: Fix overflow causing non-working mounts on 1 TB machines
nfsd: fix performance-limiting session calculation
nfsd: give out fewer session slots as limit approaches
nfsd: increase DRC cache limit
NFSv4: Fix open create exclusive when the server reboots
* elevator: fix truncation of icq_cache_name
include/linux/elevator.h
* net: bridge: stp: don't cache eth dest pointer before skb pull
net/bridge/br_stp_bpdu.c
* net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net/bridge/br_multicast.c
* net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net/bridge/br_multicast.c
* bonding: validate ip header before check IPPROTO_IGMP
drivers/net/bonding/bond_main.c
* tcp: Reset bytes_acked and bytes_received when disconnecting
net/ipv4/tcp.c
netrom: hold sock when setting skb->destructor
netrom: fix a memory leak in nr_rx_frame()
sky2: Disable MSI on ASUS P6T
nfc: fix potential illegal memory access
* net: neigh: fix multiple neigh timer scheduling
net/core/neighbour.c
net: bcmgenet: use promisc for unsupported filters
* ipv4: don't set IPv6 only flags to IPv4 addresses
net/ipv4/devinet.c
caif-hsi: fix possible deadlock in cfhsi_exit_module()
bnx2x: Prevent load reordering in tx completion processing
* dm bufio: fix deadlock with loop device
drivers/md/dm-bufio.c
* usb: Handle USB3 remote wakeup for LPM enabled devices correctly
drivers/usb/core/hub.c
* Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
net/bluetooth/smp.c
intel_th: msu: Fix single mode with disabled IOMMU
eCryptfs: fix a couple type promotion bugs
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
coda: pass the host file in vma->vm_file on mmap
floppy: fix out-of-bounds read in copy_buffer
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in next_valid_format
floppy: fix div-by-zero in setup_format_params
* take floppy compat ioctls to sodding floppy.c
block/compat_ioctl.c
* PCI: Do not poll for PME if the device is in D3cold
drivers/pci/pci.c
9p/virtio: Add cleanup path in p9_virtio_init
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
drm/nouveau/i2c: Enable i2c pads & busses during preinit
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
media: coda: Remove unbalanced and unneeded mutex unlock
* media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
drivers/media/v4l2-core/v4l2-ctrls.c
ALSA: seq: Break too long mutex context in the write loop
* lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
lib/scatterlist.c
NFSv4: Handle the special Linux file open access mode
* tracing/snapshot: Resize spare buffer if size changed
kernel/trace/trace.c
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
Input: gtco - bounds check collection indent level
* crypto: arm64/sha2-ce - correct digest for empty data in finup
arch/arm64/crypto/sha2-ce-glue.c
* crypto: arm64/sha1-ce - correct digest for empty data in finup
arch/arm64/crypto/sha1-ce-glue.c
* crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto/ghash-generic.c
* Bluetooth: validate BLE connection interval updates
net/bluetooth/hci_event.c
net/bluetooth/l2cap_core.c
* Bluetooth: Check state in l2cap_disconnect_rsp
net/bluetooth/l2cap_core.c
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
* EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
drivers/edac/edac_mc_sysfs.c
drivers/edac/edac_module.h
ixgbe: Check DDM existence in transceiver before access
* rslib: Fix handling of of caller provided syndrome
lib/reed_solomon/decode_rs.c
* rslib: Fix decoding of shortened codes
lib/reed_solomon/decode_rs.c
ath10k: fix PCIE device wake up failed
mt7601u: fix possible memory leak when the device is disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: do not schedule rx_tasklet when the device has been disconnected
media: coda: increment sequence offset for the last returned frame
media: coda: fix mpeg2 sequence number handling
* acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
arch/arm64/kernel/acpi.c
* timer_list: Guard procfs specific code
kernel/time/timer_list.c
* ntp: Limit TAI-UTC offset
kernel/time/ntp.c
* media: i2c: fix warning same module names
drivers/media/i2c/Makefile
* EDAC/sysfs: Fix memory leak when creating a csrow object
drivers/edac/edac_mc_sysfs.c
vhost_net: disable zerocopy by default
perf evsel: Make perf_evsel__name() accept a NULL argument
* xfrm: fix sa selector validation
net/xfrm/xfrm_user.c
* rcu: Force inlining of rcu_read_lock()
include/linux/rcupdate.h
* bpf: silence warning messages in core
kernel/bpf/Makefile
* regmap: fix bulk writes on paged registers
drivers/base/regmap/regmap.c
gpio: omap: ensure irq is enabled before wakeup
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
perf test 6: Fix missing kvm module load for s390
s390/qdio: handle PENDING state for QEBSM devices
net: axienet: Fix race condition causing TX hang
net: fec: Do not use netdev messages too early
cpupower : frequency-set -r option misses the last cpu in related cpu list
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
locking/lockdep: Fix merging of hlocks with non-zero references
tua6100: Avoid build warnings.
* net: phy: Check against net_device being NULL
drivers/net/phy/phy_device.c
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
* xfrm: Fix xfrm sel prefix length validation
net/xfrm/xfrm_user.c
* af_key: fix leaks in key_pol_get_resp and dump_sp.
net/key/af_key.c
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
net: stmmac: dwmac1000: Clear unused address entries
media: vpss: fix a potential NULL pointer dereference
media: marvell-ccic: fix DMA s/g desc number calculation
crypto: talitos - fix skcipher failure due to wrong output IV
media: dvb: usb: fix use after free in dvb_usb_device_exit
batman-adv: fix for leaked TVLV handler.
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
ath6kl: add some bounds checking
ath9k: Check for errors when reading SREV register
ath10k: Do not send probe response template for mesh
dmaengine: imx-sdma: fix use-after-free on probe error path
MIPS: fix build on non-linux hosts
MIPS: ath79: fix ar933x uart parity mode
Linux 4.4.186
KVM: x86: protect KVM_CREATE_PIT/KVM_CREATE_PIT2 with kvm->lock
s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
s390/qdio: (re-)initialize tiqdio list entries
s390: fix stfle zero padding
ARC: hide unused function unw_hdr_alloc
kvm: x86: avoid warning on repeated KVM_SET_TSS_ADDR
dm verity: use message limit for data block corruption message
sis900: fix TX completion
* ppp: mppe: Add softdep to arc4
drivers/net/ppp/ppp_mppe.c
be2net: fix link failure after ethtool offline test
ARM: omap2: remove incorrect __init annotation
* perf/core: Fix perf_sample_regs_user() mm check
kernel/events/core.c
e1000e: start network tx queue only when link is up
MIPS: Remove superfluous check for __linux__
VMCI: Fix integer overflow in VMCI handle arrays
carl9170: fix misuse of device driver API
staging: comedi: amplc_pci230: fix null pointer deref on interrupt
staging: comedi: dt282x: fix a null pointer deref on interrupt
usb: renesas_usbhs: add a workaround for a race condition of workqueue
* usb: gadget: ether: Fix race between gether_disconnect and rx_submit
drivers/usb/gadget/function/u_ether.c
USB: serial: option: add support for GosunCn ME3630 RNDIS mode
USB: serial: ftdi_sio: add ID for isodebug v1
mwifiex: Don't abort on small, spec-compliant vendor IEs
* fscrypt: don't set policy for a dead directory
fs/ext4/crypto_policy.c
mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
mwifiex: Abort at too short BSS descriptor element
x86/tls: Fix possible spectre-v1 in do_get_thread_area()
x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()
udf: Fix incorrect final NOT_ALLOCATED (hole) extent length
bnx2x: Check if transceiver implements DDM before access
* md: fix for divide error in status_resync
drivers/md/md.c
ARM: davinci: da8xx: specify dma_coherent_mask for lcdc
ARM: davinci: da850-evm: call regulator_has_full_constraints()
Input: imx_keypad - make sure keyboard can always wake up system
* can: mcp251x: add support for mcp25625
drivers/net/can/spi/Kconfig
dt-bindings: can: mcp251x: add mcp25625 support
mwifiex: Fix possible buffer overflows at parsing bss descriptor
mac80211: mesh: fix RCU warning
samples, bpf: fix to change the buffer size for read()
Input: elantech - enable middle button support on 2 ThinkPads
Linux 4.4.185
dmaengine: imx-sdma: remove BD_INTR for channel0
KVM: x86: degrade WARN to pr_warn_ratelimited
* arm64, vdso: Define vdso_{start,end} as array
arch/arm64/kernel/vdso.c
ARC: handle gcc generated __builtin_trap for older compiler
tty: rocket: fix incorrect forward declaration of 'rp_init()'
btrfs: Ensure replaced device doesn't have pending chunk allocation
* lib/mpi: Fix karactx leak in mpi_powm
lib/mpi/mpi-pow.c
* ALSA: usb-audio: fix sign unintended sign extension on left shifts
sound/usb/mixer_quirks.c
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
crypto: user - prevent operating on larval algorithms
* ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
kernel/ptrace.c
MIPS: Workaround GCC __builtin_unreachable reordering bug
* bug.h: work around GCC PR82365 in BUG()
include/asm-generic/bug.h
include/linux/compiler-gcc.h
include/linux/compiler.h
* swiotlb: Make linux/swiotlb.h standalone includible
include/linux/swiotlb.h
mfd: omap-usb-tll: Fix register offsets
MIPS: math-emu: do not use bools for arithmetic
ARC: fix build warning in elf.h
ARC: Assume multiplier is always present
scsi: hpsa: correct ioaccel2 chaining
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
ASoC: max98090: remove 24-bit format support if RJ is 0
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
ASoC : cs4265 : readable register too low
um: Compile with modern headers
* Bluetooth: Fix faulty expression for minimum encryption key size check
net/bluetooth/l2cap_core.c
* net: check before dereferencing netdev_ops during busy poll
include/net/busy_poll.h
* bonding: Always enable vlan tx offload
drivers/net/bonding/bond_main.c
* ipv4: Use return value of inet_iif() for __raw_v4_lookup in the while loop
net/ipv4/raw.c
team: Always enable vlan tx offload
tipc: check msg->req data len in tipc_nl_compat_bearer_disable
tipc: change to use register_pernet_device
sctp: change to hold sk after auth shkey is created successfully
* cpu/speculation: Warn on unsupported mitigations= parameter
kernel/cpu.c
x86/speculation: Allow guests to use SSBD even if host does not
* ovl: modify ovl_permission() to do checks on two inodes
fs/overlayfs/inode.c
KVM: X86: Fix scan ioapic use-before-initialization
net/9p: include trans_common.h to fix missing prototype warning.
9p: p9dirent_read: check network-provided name length
9p/rdma: remove useless check in cm_event_handler
9p: acl: fix uninitialized iattr access
9p/rdma: do not disconnect on down_interruptible EAGAIN
perf help: Remove needless use of strncpy()
perf ui helpline: Use strlcpy() as a shorter form of strncpy() + explicit set nul
mac80211: drop robust management frames from unknown TA
* cfg80211: fix memory leak of wiphy device name
net/wireless/core.c
SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
* Bluetooth: Fix regression with minimum encryption key size alignment
net/bluetooth/hci_conn.c
net/bluetooth/l2cap_core.c
* Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
can: purge socket error queue on sock destruct
can: flexcan: fix timeout when set small bitrate
btrfs: start readahead also in seed devices
Btrfs: fix race between readahead and device replace/removal
hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
* scsi: ufs: Check that space was properly alloced in copy_query_response
drivers/scsi/ufs/ufshcd.c
scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
net: hns: Fix loopback test failed at copper ports
MIPS: uprobes: remove set but not used variable 'epc'
IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
parisc: Fix compiler warnings in float emulation code
parport: Fix mem leak in parport_register_dev_model
apparmor: enforce nullbyte at end of tag string
* Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
drivers/input/misc/uinput.c
usb: chipidea: udc: workaround for endpoint conflict issue
* gcc-9: silence 'address-of-packed-member' warning
Makefile
* tracing: Silence GCC 9 array bounds warning
kernel/trace/trace.c
kernel/trace/trace.h
scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck()
mm/page_idle.c: fix oops because end_pfn is larger than max_pfn
fs/binfmt_flat.c: make load_flat_shared_library() work
Linux 4.4.184
* tcp: refine memory limit test in tcp_fragment()
net/ipv4/tcp_output.c
Linux 4.4.183
* Abort file_remove_privs() for non-reg. files
fs/inode.c
* coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
drivers/android/binder.c
fs/proc/task_mmu.c
include/linux/mm.h
mm/mmap.c
Revert "crypto: crypto4xx - properly set IV after de- and encrypt"
scsi: libsas: delete sas port if expander discover failed
scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
ia64: fix build errors by exporting paddr_to_nid()
* configfs: Fix use-after-free when accessing sd->s_dentry
fs/configfs/dir.c
* i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
drivers/i2c/i2c-dev.c
net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
* gpio: fix gpio-adp5588 build errors
drivers/gpio/Kconfig
* perf/ring_buffer: Add ordering to rb->nest increment
kernel/events/ring_buffer.c
* perf/ring_buffer: Fix exposing a temporarily decreased data_head
kernel/events/ring_buffer.c
x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
mISDN: make sure device name is NUL terminated
sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
* neigh: fix use-after-free read in pneigh_get_next
net/core/neighbour.c
lapb: fixed leak of control-blocks.
* ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
net/ipv6/ip6_flowlabel.c
be2net: Fix number of Rx queues used for flow hashing
ax25: fix inconsistent lock state in ax25_destroy_timer
USB: serial: option: add Telit 0x1260 and 0x1261 compositions
USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
USB: serial: pl2303: add Allied Telesis VT-Kit3
* USB: usb-storage: Add new ID to ums-realtek
drivers/usb/storage/unusual_realtek.h
* USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
drivers/usb/core/quirks.c
drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read
KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
KVM: x86/pmu: do not mask the value that is written to fixed PMUs
usbnet: ipheth: fix racing condition
scsi: bnx2fc: fix incorrect cast to u64 on shift operation
scsi: lpfc: add check for loss of ndlp when sending RRQ
Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
ASoC: cs42xx8: Add regcache mask dirty
* cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
include/linux/cgroup.h
bcache: fix stack corruption by PRECEDING_KEY()
i2c: acorn: fix i2c warning
* ptrace: restore smp_rmb() in __ptrace_may_access()
kernel/cred.c
kernel/ptrace.c
* signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
kernel/ptrace.c
fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
* mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
mm/list_lru.c
libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
ALSA: seq: Cover unsubscribe_port() in list_mutex
* Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
* futex: Fix futex lock the wrong page
kernel/futex.c
ARM: exynos: Fix undefined instruction during Exynos5422 resume
* pwm: Fix deadlock warning when removing PWM device
drivers/pwm/core.c
drivers/pwm/sysfs.c
include/linux/pwm.h
ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa
pwm: tiehrpwm: Update shadow register for disabling PWMs
dmaengine: idma64: Use actual device for DMA transfers
gpio: gpio-omap: add check for off wake capable gpios
PCI: xilinx: Check for __get_free_pages() failure
video: imsttfb: fix potential NULL pointer dereferences
video: hgafb: fix potential NULL pointer dereference
PCI: rcar: Fix a potential NULL pointer dereference
PCI: rpadlpar: Fix leaked device_node references in add/remove paths
ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
platform/chrome: cros_ec_proto: check for NULL transfer function
x86/PCI: Fix PCI IRQ routing table memory leak
nfsd: allow fh_want_write to be called twice
* fuse: retrieve: cap requested size to negotiated max_write
fs/fuse/dev.c
nvmem: core: fix read buffer in place
ALSA: hda - Register irq handler after the chip initialization
iommu/vt-d: Set intel_iommu_gfx_mapped correctly
f2fs: fix to do sanity check on valid block count of segment
f2fs: fix to avoid panic in do_recover_data()
* ntp: Allow TAI-UTC offset to be set to zero
kernel/time/ntp.c
drm/bridge: adv7511: Fix low refresh rate selection
perf/x86/intel: Allow PEBS multi-entry in watermark mode
mfd: twl6040: Fix device init errors for ACCCTL register
mfd: intel-lpss: Set the device in reset state when init
* kernel/sys.c: prctl: fix false positive in validate_prctl_map()
kernel/sys.c
* mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
mm/cma_debug.c
* mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
mm/cma.c
hugetlbfs: on restore reserve error path retain subpool reservation
ipc: prevent lockup on alloc_msg and free_msg
* sysctl: return -EINVAL if val violates minmax
kernel/sysctl.c
* fs/fat/file.c: issue flush after the writeback of FAT
fs/fat/file.c
Linux 4.4.182
* tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
net/ipv4/tcp_timer.c
* tcp: add tcp_min_snd_mss sysctl
include/net/netns/ipv4.h
net/ipv4/sysctl_net_ipv4.c
net/ipv4/tcp_ipv4.c
net/ipv4/tcp_output.c
* tcp: tcp_fragment() should apply sane memory limits
include/uapi/linux/snmp.h
net/ipv4/proc.c
net/ipv4/tcp_output.c
* tcp: limit payload size of sacked skbs
include/linux/tcp.h
include/net/tcp.h
net/ipv4/tcp.c
net/ipv4/tcp_input.c
net/ipv4/tcp_output.c
Linux 4.4.181
* ethtool: check the return value of get_regs_len
net/core/ethtool.c
* ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
include/net/arp.h
* fuse: Add FOPEN_STREAM to use stream_open()
fs/fuse/file.c
include/uapi/linux/fuse.h
* fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock
fs/open.c
fs/read_write.c
include/linux/fs.h
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
genwqe: Prevent an integer overflow in the ioctl
MIPS: pistachio: Build uImage.gz by default
* fuse: fallocate: fix return with locked inode
fs/fuse/file.c
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
* rcu: locking and unlocking need to always be at least barriers
include/linux/rcupdate.h
pktgen: do not sleep with the thread lock held.
net: rds: fix memory leak in rds_ib_flush_mr_pool
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
* neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
net/core/neighbour.c
* ethtool: fix potential userspace buffer overflow
net/core/ethtool.c
media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
* usb: gadget: fix request length error for isoc transfer
include/linux/usb/gadget.h
* net: cdc_ncm: GetNtbFormat endian fix
drivers/net/usb/cdc_ncm.c
Revert "x86/build: Move _etext to actual end of .text"
* userfaultfd: don't pin the user memory in userfaultfd_file_create()
include/linux/sched.h
brcmfmac: add subtype check for event handling in data path
brcmfmac: add length checks in scheduled scan result handler
brcmfmac: fix incorrect event channel deduction
brcmfmac: revise handling events in receive path
brcmfmac: screening firmware event packet
brcmfmac: Add length checks on firmware events
bnx2x: disable GSO where gso_size is too big for hardware
* net: create skb_gso_validate_mac_len()
include/linux/skbuff.h
* binder: replace "%p" with "%pK"
drivers/android/binder.c
* binder: Replace "%p" with "%pK" for stable
drivers/android/binder.c
CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
* kernel/signal.c: trace_signal_deliver when signal_group_exit
kernel/signal.c
* memcg: make it work on sparse non-0-node systems
include/linux/list_lru.h
mm/list_lru.c
tty: max310x: Fix external crystal register setup
* tty: serial: msm_serial: Fix XON/XOFF
drivers/tty/serial/msm_serial.c
drm/nouveau/i2c: Disable i2c bus access after ->fini()
ALSA: hda/realtek - Set default power save node to 0
Btrfs: fix race updating log root item during fsync
scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
media: smsusb: better handle optional alignment
media: usb: siano: Fix false-positive "uninitialized variable" warning
media: usb: siano: Fix general protection fault in smsusb
USB: rio500: fix memory leak in close after disconnect
USB: rio500: refuse more than one device at a time
* USB: Add LPM quirk for Surface Dock GigE adapter
drivers/usb/core/quirks.c
USB: sisusbvga: fix oops in error path of sisusb_probe
* USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
drivers/usb/core/config.c
* usb: xhci: avoid null pointer deref when bos field is NULL
drivers/usb/host/xhci.c
* xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
drivers/usb/host/xhci.c
* include/linux/bitops.h: sanitize rotate primitives
include/linux/bitops.h
sparc64: Fix regression in non-hypervisor TLB flush xcall
tipc: fix modprobe tipc failed after switch order of device registration -v2
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
crypto: vmx - ghash: do nosimd fallback manually
net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
bnxt_en: Fix aggregation buffer leak under OOM condition.
tipc: Avoid copying bytes beyond the supplied data
* usbnet: fix kernel crash after disconnect
drivers/net/usb/usbnet.c
net: stmmac: fix reset gpio free missing
* net-gro: fix use-after-free read in napi_gro_frags()
net/core/dev.c
* llc: fix skb leak in llc_build_and_send_ui_pkt()
net/llc/llc_output.c
* ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
net/ipv6/raw.c
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
* spi: Fix zero length xfer bug
drivers/spi/spi.c
spi: rspi: Fix sequencer reset during initialization
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
media: saa7146: avoid high stack usage with clang
media: go7007: avoid clang frame overflow warning with KASAN
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
scsi: qla4xxx: avoid freeing unallocated dma memory
* usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
drivers/usb/core/hcd.c
rcutorture: Fix cleanup path for invalid torture_type strings
tty: ipwireless: fix missing checks for ioremap
virtio_console: initialize vtermno value for ports
media: wl128x: prevent two potential buffer overflows
spi: tegra114: reset controller on probe
cxgb3/l2t: Fix undefined behaviour
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
* HID: core: move Usage Page concatenation to Main item
drivers/hid/hid-core.c
include/linux/hid.h
* chardev: add additional check for minor range overlap
fs/char_dev.c
x86/ia32: Fix ia32_restore_sigcontext() AC leak
* arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
arch/arm64/kernel/cpu_ops.c
* scsi: ufs: Avoid configuring regulator with undefined voltage range
drivers/scsi/ufs/ufshcd.c
* scsi: ufs: Fix regulator load and icc-level configuration
drivers/scsi/ufs/ufshcd.c
brcmfmac: fix race during disconnect when USB completion is in progress
brcmfmac: convert dev_init_lock mutex to completion
b43: shut up clang -Wuninitialized variable warning
brcmfmac: fix missing checks for kmemdup
rtlwifi: fix a potential NULL pointer dereference
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
iio: hmc5843: fix potential NULL pointer dereferences
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
x86/build: Keep local relocations with ld.lld
cpufreq: pmac32: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: ppc_cbe: fix possible object reference leak
s390: cio: fix cio_irb declaration
extcon: arizona: Disable mic detect if running when driver is removed
* PM / core: Propagate dev->power.wakeup_path when no callbacks
drivers/base/power/main.c
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc_spi: add a status check for spi_sync_locked
scsi: libsas: Do discovery on empty PHY to update PHY info
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
i40e: don't allow changes to HW VLAN stripping on active port VLANs
x86/irq/64: Limit IST stack overflow check to #DB stack
* USB: core: Don't unbind interfaces following device reset failure
drivers/usb/core/hub.c
* sched/core: Handle overflow in cpu_shares_write_u64
kernel/sched/core.c
* sched/core: Check quota and period overflow at usec to nsec conversion
kernel/sched/core.c
powerpc/numa: improve control of topology updates
media: pvrusb2: Prevent a buffer overflow
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
* audit: fix a memory leak bug
kernel/auditfilter.c
media: ov2659: make S_FMT succeed even if requested format doesn't match
media: au0828: stop video streaming only when last user stops
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
media: coda: clear error return value before picture run
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
pinctrl: pistachio: fix leaked of_node references
* HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
drivers/hid/hid-logitech-hidpp.c
* mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
lib/strncpy_from_user.c
lib/strnlen_user.c
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
* smpboot: Place the __percpu annotation correctly
include/linux/smpboot.h
x86/build: Move _etext to actual end of .text
bcache: avoid clang -Wunintialized warning
bcache: add failure check to run_cache_set() for journal replay
bcache: fix failure in journal relplay
bcache: return error immediately in bch_journal_replay()
net: cw1200: fix a NULL pointer dereference
mwifiex: prevent an array overflow
ASoC: fsl_sai: Update is_slave_mode with correct value
* mac80211/cfg80211: update bss channel on channel switch
net/wireless/nl80211.c
dmaengine: pl330: _stop: clear interrupt status
w1: fix the resume command API
rtc: 88pm860x: prevent use-after-free on device remove
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
spi: pxa2xx: fix SCR (divisor) calculation
* ASoC: imx: fix fiq dependencies
sound/soc/fsl/Kconfig
powerpc/boot: Fix missing check of lseek() return value
mmc: core: Verify SD bus width
cxgb4: Fix error path in cxgb4_init_module
gfs2: Fix lru_count going negative
tools include: Adopt linux/bits.h
perf tools: No need to include bitops.h in util.h
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
media: cpia2: Fix use-after-free in cpia2_exit
* fbdev: fix WARNING in __alloc_pages_nodemask bug
drivers/video/fbdev/core/fbcmap.c
* hugetlb: use same fault hash key for shared and private mappings
include/linux/hugetlb.h
* fbdev: fix divide error in fb_var_to_videomode
drivers/video/fbdev/core/modedb.c
btrfs: sysfs: don't leak memory when failing add fsid
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
gfs2: Fix sign extension bug in gfs2_update_stats
crypto: vmx - CTR: always increment IV as quadword
* Revert "scsi: sd: Keep disk read-only when re-reading partition"
drivers/scsi/sd.c
* bio: fix improper use of smp_mb__before_atomic()
include/linux/bio.h
KVM: x86: fix return value for reserved EFER
* ext4: do not delete unlinked inode from orphan list on failed truncate
fs/ext4/inode.c
fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
btrfs: Honour FITRIM range constraints during free space trim
md/raid: raid5 preserve the writeback action after the parity check
Revert "Don't jump to compute_result state from check_result state"
perf bench numa: Add define for RUSAGE_THREAD if not present
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
* power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG
drivers/power/power_supply_sysfs.c
KVM: arm/arm64: Ensure vcpu target is unset on reset failure
* xfrm4: Fix uninitialized memory read in _decode_session4
net/ipv4/xfrm4_policy.c
* vti4: ipip tunnel deregistration fixes.
net/ipv4/ip_vti.c
* xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
net/ipv6/xfrm6_tunnel.c
* xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
net/xfrm/xfrm_user.c
dm delay: fix a crash when invalid device is specified
* PCI: Mark Atheros AR9462 to avoid bus reset
drivers/pci/quirks.c
fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
fbdev: sm712fb: fix support for 1024x768-16 mode
fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
fbdev: sm712fb: fix brightness control on reboot, don't set SR30
perf intel-pt: Fix sample timestamp wrt non-taken branches
perf intel-pt: Fix improved sample timestamp
perf intel-pt: Fix instructions sampling rate
memory: tegra: Fix integer overflow on tick value calculation
* tracing: Fix partial reading of trace event's id file
kernel/trace/trace_events.c
ceph: flush dirty inodes before proceeding with remount
iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
* fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
fs/fuse/file.c
* fuse: fix writepages on 32bit
fs/fuse/file.c
clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
NFS4: Fix v4.0 client state corruption when mount
media: ov6650: Fix sensor possibly not detected on probe
cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()
* of: fix clang -Wunsequenced for be32_to_cpu()
include/linux/of.h
intel_th: msu: Fix single mode with IOMMU
* md: add mddev->pers to avoid potential NULL pointer dereference
drivers/md/md.c
stm class: Fix channel free in stm output free path
tipc: fix modprobe tipc failed after switch order of device registration
tipc: switch order of device registration to fix a crash
* ppp: deflate: Fix possible crash in deflate_init
drivers/net/ppp/ppp_deflate.c
net/mlx4_core: Change the error print to info print
* net: avoid weird emergency message
net/core/dev.c
KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
* ext4: zero out the unused memory region in the extent tree block
fs/ext4/extents.c
* fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
fs/fs-writeback.c
* writeback: synchronize sync(2) against cgroup writeback membership switches
fs/fs-writeback.c
include/linux/backing-dev-defs.h
mm/backing-dev.c
crypto: arm/aes-neonbs - don't access already-freed walk.iv
crypto: salsa20 - don't access already-freed walk.iv
crypto: chacha20poly1305 - set cra_name correctly
* crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
crypto/gcm.c
* crypto: gcm - Fix error return code in crypto_gcm_create_common()
crypto/gcm.c
ipmi:ssif: compare block number correctly for multi-part return messages
bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
bcache: fix a race between cache register and cacheset unregister
Btrfs: do not start a transaction at iterate_extent_inodes()
* ext4: fix ext4_show_options for file systems w/o journal
fs/ext4/super.c
* ext4: actually request zeroing of inode table after grow
fs/ext4/ioctl.c
tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
* mm/mincore.c: make mincore() more conservative
mm/mincore.c
ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
ASoC: max98090: Fix restore of DAPM Muxes
ALSA: hda/realtek - EAPD turn on later
ALSA: hda/hdmi - Consider eld_valid when reporting jack event
* ALSA: usb-audio: Fix a memory leak bug
sound/usb/mixer.c
crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
crypto: crct10dif-generic - fix use via crypto_shash_digest()
crypto: vmx - fix copy-paste error in CTR mode
ARM: exynos: Fix a leaked reference by adding missing of_node_put
x86/speculation/mds: Improve CPU buffer clear documentation
x86/speculation/mds: Revert CPU buffer clear on double fault exit
Linux 4.4.180
powerpc/lib: fix book3s/32 boot failure due to code patching
powerpc/booke64: set RI in default MSR
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
* bonding: fix arp_validate toggling in active-backup mode
drivers/net/bonding/bond_options.c
* ipv4: Fix raw socket lookup for local traffic
net/ipv4/raw.c
* vrf: sit mtu should not be updated when vrf netdev is the link
net/ipv6/sit.c
vlan: disable SIOCSHWTSTAMP in container
* packet: Fix error path in packet_init
net/packet/af_packet.c
net: ucc_geth - fix Oops when changing number of buffers in the ring
* bridge: Fix error path for kobject_init_and_add()
net/bridge/br_if.c
powerpc/64s: Include cpu header
USB: serial: fix unthrottle races
USB: serial: use variable for status
x86/bugs: Change L1TF mitigation string to match upstream
x86/speculation/mds: Fix documentation typo
Documentation: Correct the possible MDS sysfs values
x86/mds: Add MDSUM variant to the MDS documentation
x86/speculation/mds: Add 'mitigations=' support for MDS
x86/speculation: Support 'mitigations=' cmdline option
* cpu/speculation: Add 'mitigations=' cmdline option
include/linux/cpu.h
kernel/cpu.c
x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
x86/speculation/mds: Fix comment
x86/speculation/mds: Add SMT warning message
x86/speculation: Move arch_smt_update() call to after mitigation decisions
x86/cpu/bugs: Use __initconst for 'const' init data
Documentation: Add MDS vulnerability documentation
Documentation: Move L1TF to separate directory
x86/speculation/mds: Add mitigation mode VMWERV
* x86/speculation/mds: Add sysfs reporting for MDS
drivers/base/cpu.c
include/linux/cpu.h
x86/speculation/l1tf: Document l1tf in sysfs
x86/speculation/mds: Add mitigation control for MDS
x86/speculation/mds: Conditionally clear CPU buffers on idle entry
x86/speculation/mds: Clear CPU buffers on exit to user
x86/speculation/mds: Add mds_clear_cpu_buffers()
x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
x86/speculation/mds: Add BUG_MSBDS_ONLY
x86/speculation/mds: Add basic bug infrastructure for MDS
x86/speculation: Consolidate CPU whitelists
x86/msr-index: Cleanup bit defines
kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
x86/speculation: Provide IBPB always command line options
x86/speculation: Add seccomp Spectre v2 user space protection mode
x86/speculation: Enable prctl mode for spectre_v2_user
* x86/speculation: Add prctl() control for indirect branch speculation
include/linux/sched.h
include/uapi/linux/prctl.h
x86/speculation: Prevent stale SPEC_CTRL msr content
x86/speculation: Prepare arch_smt_update() for PRCTL mode
x86/speculation: Split out TIF update
x86/speculation: Prepare for conditional IBPB in switch_mm()
x86/speculation: Avoid __switch_to_xtra() calls
x86/process: Consolidate and simplify switch_to_xtra() code
x86/speculation: Prepare for per task indirect branch speculation control
x86/speculation: Add command line control for indirect branch speculation
x86/speculation: Unify conditional spectre v2 print functions
x86/speculataion: Mark command line parser data __initdata
x86/speculation: Mark string arrays const correctly
x86/speculation: Reorder the spec_v2 code
* x86/speculation: Rework SMT state change
include/linux/sched/smt.h
kernel/cpu.c
* sched: Add sched_smt_active()
include/linux/sched/smt.h
kernel/sched/core.c
kernel/sched/sched.h
x86/Kconfig: Select SCHED_SMT if SMP enabled
x86/speculation: Reorganize speculation control MSRs update
x86/speculation: Rename SSBD update functions
x86/speculation: Disable STIBP when enhanced IBRS is in use
x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
x86/speculation: Remove unnecessary ret variable in cpu_show_common()
x86/speculation: Clean up spectre_v2_parse_cmdline()
x86/speculation: Update the TIF_SSBD comment
x86/speculation: Propagate information about RSB filling mitigation to sysfs
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
* x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
include/linux/ptrace.h
kernel/ptrace.c
x86/mm: Use WRITE_ONCE() when setting PTEs
KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
x86/cpu: Sanitize FAM6_ATOM naming
x86/microcode: Update the new microcode revision unconditionally
x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
* locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file
include/linux/bitops.h
include/linux/bits.h
x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
x86/bugs: Add AMD's SPEC_CTRL MSR usage
x86/bugs: Add AMD's variant of SSB_NO
x86/speculation: Simplify the CPU bug detection logic
x86/speculation: Support Enhanced IBRS on future CPUs
x86/cpufeatures: Hide AMD-specific speculation flags
x86/MCE: Save microcode revision in machine check records
x86/microcode/intel: Check microcode revision before updating sibling threads
* bitops: avoid integer overflow in GENMASK(_ULL)
include/linux/bitops.h
x86: stop exporting msr-index.h to userland
x86/microcode/intel: Add a helper which gives the microcode revision
* locking/static_keys: Provide DECLARE and well as DEFINE macros
include/linux/jump_label.h
Don't jump to compute_result state from check_result state
x86/vdso: Pass --eh-frame-hdr to the linker
cw1200: fix missing unlock on error in cw1200_hw_scan()
gpu: ipu-v3: dp: fix CSC handling
selftests/net: correct the return value for run_netsocktests
s390: ctcm: fix ctcm_new_device error return code
ipvs: do not schedule icmp errors from tunnels
* init: initialize jump labels before command line option parsing
init/main.c
tools lib traceevent: Fix missing equality check for strcmp
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
s390/3270: fix lockdep false positive on view->lock
s390/dasd: Fix capacity calculation for large volumes
libnvdimm/btt: Fix a kmemdup failure check
* HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
drivers/hid/hid-input.c
* HID: input: add mapping for Expose/Overview key
drivers/hid/hid-input.c
iio: adc: xilinx: fix potential use-after-free on remove
platform/x86: sony-laptop: Fix unintentional fall-through
* netfilter: compat: initialize all fields in xt_init
net/netfilter/x_tables.c
* timer/debug: Change /proc/timer_stats from 0644 to 0600
kernel/time/timer_stats.c
ASoC: Intel: avoid Oops if DMA setup fails
* ipv6: fix a potential deadlock in do_ipv6_setsockopt()
include/net/addrconf.h
net/ipv6/ipv6_sockglue.c
net/ipv6/mcast.c
UAS: fix alignment of scatter/gather segments
* Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
include/net/bluetooth/hci_core.h
net/bluetooth/hci_conn.c
Bluetooth: hidp: fix buffer overflow
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
* usb: dwc3: Fix default lpm_nyet_threshold value
drivers/usb/dwc3/core.c
* genirq: Prevent use-after-free and work list corruption
kernel/irq/manage.c
iommu/amd: Set exclusion range correctly
scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
ASoC: tlv320aic32x4: Fix Common Pins
ASoC: cs4270: Set auto-increment bit for register writes
* ASoC:soc-pcm:fix a codec fixup issue in TDM case
sound/soc/soc-pcm.c
scsi: libsas: fix a race condition when smp task timeout
media: v4l2: i2c: ov7670: Fix PLL bypass register values
x86/mce: Improve error message when kernel cannot recover, p2
* selinux: never allow relabeling on context mounts
security/selinux/hooks.c
Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
staging: iio: adt7316: fix the dac write calculation
staging: iio: adt7316: fix the dac read calculation
staging: iio: adt7316: allow adt751x to use internal vref for all dacs
usb: usbip: fix isoc packet num validation in get_pipe
ARM: iop: don't use using 64-bit DMA masks
ARM: orion: don't use using 64-bit DMA masks
xsysace: Fix error handling in ace_setup
hugetlbfs: fix memory leak for resv_map
net: hns: Fix WARNING when remove HNS driver with SMMU enabled
net: hns: Use NAPI_POLL_WEIGHT for hns driver
scsi: storvsc: Fix calculation of sub-channel count
vfio/pci: use correct format characters
rtc: da9063: set uie_unsupported when relevant
* debugfs: fix use-after-free on symlink traversal
fs/debugfs/inode.c
jffs2: fix use-after-free on symlink traversal
* bonding: show full hw address in sysfs for slave entries
drivers/net/bonding/bond_sysfs_slave.c
igb: Fix WARN_ONCE on runtime suspend
rtc: sh: Fix invalid alarm warning for non-enabled alarm
* HID: debug: fix race condition with between rdesc_show() and device removal
drivers/hid/hid-debug.c
* USB: core: Fix bug caused by duplicate interface PM usage counter
drivers/usb/core/driver.c
include/linux/usb.h
* USB: core: Fix unterminated string returned by usb_string()
drivers/usb/core/message.c
USB: w1 ds2490: Fix bug caused by improper use of altsetting array
USB: yurex: Fix protection fault after device removal
* packet: validate msg_namelen in send directly
net/packet/af_packet.c
bnxt_en: Improve multicast address setup logic.
* ipv6: invert flowlabel sharing check in process and user mode
net/ipv6/ip6_flowlabel.c
* ipv6/flowlabel: wait rcu grace period before put_pid()
net/ipv6/ip6_flowlabel.c
* ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
net/ipv4/ip_output.c
ALSA: line6: use dynamic buffers
vfio/type1: Limit DMA mappings per container
kconfig/[mn]conf: handle backspace (^H) key
libata: fix using DMA buffers on stack
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
ceph: fix use-after-free on symlink traversal
usb: u132-hcd: fix resource leak
scsi: qla4xxx: fix a potential NULL pointer dereference
net: ethernet: ti: fix possible object reference leak
net: ibm: fix possible object reference leak
net: xilinx: fix possible object reference leak
net: ks8851: Set initial carrier state to down
net: ks8851: Delay requesting IRQ until opened
net: ks8851: Reassert reset pin if chip ID check fails
net: ks8851: Dequeue RX packets explicitly
ARM: dts: pfla02: increase phy reset duration
usb: gadget: net2272: Fix net2272_dequeue()
usb: gadget: net2280: Fix net2280_dequeue()
usb: gadget: net2280: Fix overrun of OUT messages
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
qlcnic: Avoid potential NULL pointer dereference
usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
usbnet: ipheth: prevent TX queue timeouts when device not ready
Documentation: Add nospectre_v1 parameter
powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
powerpc/fsl: Emulate SPRN_BUCSR register
powerpc/fsl: Flush branch predictor when entering KVM
powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
* ipv4: set the tcp_min_rtt_wlen range from 0 to one day
net/ipv4/sysctl_net_ipv4.c
net: stmmac: move stmmac_check_ether_addr() to driver probe
team: fix possible recursive locking when add slaves
* ipv4: add sanity checks in ipv4_link_failure()
net/ipv4/route.c
* Revert "block/loop: Use global lock for ioctl() operation."
drivers/block/loop.c
drivers/block/loop.h
* bpf: reject wrong sized filters earlier
net/core/filter.c
tipc: check link name with right length in tipc_nl_compat_link_set
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
* netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
net/bridge/netfilter/ebtables.c
NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
* fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
fs/proc/proc_sysctl.c
intel_th: gth: Fix an off-by-one in output unassigning
* slip: make slhc_free() silently accept an error pointer
drivers/net/slip/slhc.c
tipc: handle the err returned from cmd header function
powerpc/fsl: Fix the flush of branch predictor.
powerpc/security: Fix spectre_v2 reporting
powerpc/fsl: Update Spectre v2 reporting
powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
powerpc/fsl: Add nospectre_v2 command line argument
powerpc/fsl: Fix spectre_v2 mitigations reporting
powerpc/fsl: Add macro to flush the branch predictor
powerpc/fsl: Add infrastructure to fixup branch predictor flush
powerpc: Avoid code patching freed init sections
powerpc/powernv: Query firmware for count cache flush settings
powerpc/pseries: Query hypervisor for count cache flush settings
powerpc/64s: Add support for software count cache flush
powerpc/64s: Add new security feature flags for count cache flush
powerpc/asm: Add a patch_site macro & helpers for patching instructions
powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
powerpc/64: Make meltdown reporting Book3S 64 specific
powerpc/64: Call setup_barrier_nospec() from setup_arch()
powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
powerpc/64: Disable the speculation barrier from the command line
powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
powerpc/64s: Enhance the information in cpu_show_spectre_v1()
powerpc: Use barrier_nospec in copy_from_user()
powerpc/64: Use barrier_nospec in syscall entry
powerpc/64s: Enable barrier_nospec based on firmware settings
powerpc/64s: Patch barrier_nospec in modules
powerpc/64s: Add support for ori barrier_nospec patching
powerpc/64s: Add barrier_nospec
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
powerpc/pseries: Restore default security feature flags on setup
powerpc: Move default security feature flags
powerpc/pseries: Fix clearing of security feature flags
powerpc/64s: Wire up cpu_show_spectre_v2()
powerpc/64s: Wire up cpu_show_spectre_v1()
powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
powerpc/64s: Enhance the information in cpu_show_meltdown()
powerpc/64s: Move cpu_show_meltdown()
powerpc/powernv: Set or clear security feature flags
powerpc/pseries: Set or clear security feature flags
powerpc: Add security feature flags for Spectre/Meltdown
powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
powerpc/rfi-flush: Differentiate enabled and patched flush types
powerpc/rfi-flush: Always enable fallback flush on pseries
powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
powerpc/powernv: Support firmware disable of RFI flush
powerpc/pseries: Support firmware disable of RFI flush
powerpc/64s: Improve RFI L1-D cache flush fallback
powerpc/xmon: Add RFI flush related fields to paca dump
* USB: Consolidate LPM checks to avoid enabling LPM twice
drivers/usb/core/driver.c
drivers/usb/core/hub.c
drivers/usb/core/message.c
* USB: Add new USB LPM helpers
drivers/usb/core/driver.c
drivers/usb/core/hub.c
drivers/usb/core/message.c
drivers/usb/core/sysfs.c
drivers/usb/core/usb.h
sunrpc: don't mark uninitialised items as VALID.
nfsd: Don't release the callback slot unless it was actually held
ceph: fix ci->i_head_snapc leak
ceph: ensure d_name stability in ceph_dentry_hash()
* sched/numa: Fix a possible divide-by-zero
kernel/sched/fair.c
* trace: Fix preempt_enable_no_resched() abuse
kernel/trace/ring_buffer.c
MIPS: scall64-o32: Fix indirect syscall number load
cifs: do not attempt cifs operation on smb2+ rename error
KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
* kbuild: simplify ld-option implementation
scripts/Kbuild.include
Linux 4.4.179
* kernel/sysctl.c: fix out-of-bounds access when setting file-max
kernel/sysctl.c
Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
* ALSA: info: Fix racy addition/deletion of nodes
sound/core/info.c
* mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
mm/vmstat.c
device_cgroup: fix RCU imbalance in error case
* sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
kernel/sched/fair.c
* Revert "kbuild: use -Oz instead of -Os when using clang"
Makefile
mac80211: do not call driver wake_tx_queue op during reconfig
kprobes: Fix error check when reusing optimized probes
kprobes: Mark ftrace mcount handler functions nokprobe
* x86/kprobes: Verify stack frame on kretprobe
include/linux/kprobes.h
* arm64: futex: Restore oldval initialization to work around buggy compilers
arch/arm64/include/asm/futex.h
crypto: x86/poly1305 - fix overflow during partial reduction
* ALSA: core: Fix card races between register and disconnect
sound/core/init.c
staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
staging: comedi: ni_usb6501: Fix use of uninitialized mutex
staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
staging: comedi: vmk80xx: Fix use of uninitialized semaphore
io: accel: kxcjk1013: restore the range after resume.
iio: adc: at91: disable adc channel interrupt in timeout case
iio: ad_sigma_delta: select channel when reading register
iio/gyro/bmg160: Use millidegrees for temperature scale
KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
* modpost: file2alias: check prototype of handler
scripts/mod/file2alias.c
* modpost: file2alias: go back to simple devtable lookup
scripts/mod/file2alias.c
crypto: crypto4xx - properly set IV after de- and encrypt
* ipv4: ensure rcu_read_lock() in ipv4_link_failure()
net/ipv4/route.c
* ipv4: recompile ip options in ipv4_link_failure
net/ipv4/route.c
* tcp: tcp_grow_window() needs to respect tcp_space()
net/ipv4/tcp_input.c
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
* net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
net/bridge/br_multicast.c
net: atm: Fix potential Spectre v1 vulnerabilities
* bonding: fix event handling for stacked bonds
drivers/net/bonding/bond_main.c
* appletalk: Fix compile regression
include/linux/atalk.h
* ovl: fix uid/gid when creating over whiteout
fs/overlayfs/dir.c
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
* include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
include/linux/swap.h
* lib/div64.c: off by one in shift
lib/div64.c
* appletalk: Fix use-after-free in atalk_proc_exit
include/linux/atalk.h
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
iommu/dmar: Fix buffer overflow during PCI bus notification
crypto: sha512/arm - fix crash bug in Thumb2 build
crypto: sha256/arm - fix crash bug in Thumb2 build
cifs: fallback to older infolevels on findfirst queryinfo retry
ACPI / SBS: Fix GPE storm on recent MacBookPro's
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
serial: uartps: console_setup() can't be placed to init section
f2fs: fix to do sanity check with current segment number
9p locks: add mount option for lock retry interval
9p: do not trust pdu content for stat item size
rsi: improve kernel thread handling to fix kernel panic
* ext4: prohibit fstrim in norecovery mode
fs/ext4/ioctl.c
fix incorrect error code mapping for OBJECTID_NOT_FOUND
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
iommu/vt-d: Check capability before disabling protected memory
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
x86/hpet: Prevent potential NULL pointer dereference
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf evsel: Free evsel->counts in perf_evsel__exit()
perf top: Fix error handling in cmd_top()
tools/power turbostat: return the exit status of a command
thermal/int340x_thermal: fix mode setting
thermal/int340x_thermal: Add additional UUIDs
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
mmc: davinci: remove extraneous __init annotation
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
ALSA: sb8: add a check for request_region
ALSA: echoaudio: add a check for ioremap_nocache
* ext4: report real fs size after failed resize
fs/ext4/resize.c
* ext4: add missing brelse() in add_new_gdb_meta_bg()
fs/ext4/resize.c
* perf/core: Restore mmap record type correctly
kernel/events/core.c
* PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
drivers/pci/quirks.c
xtensa: fix return_address
* sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
kernel/sched/fair.c
xen: Prevent buffer overflow in privcmd ioctl
* arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
arch/arm64/include/asm/futex.h
ARM: dts: at91: Fix typo in ISC_D0 on PC9
* genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
kernel/irq/chip.c
* block: do not leak memory in bio_copy_user_iov()
block/bio.c
ASoC: fsl_esai: fix channel swap issue when stream starts
* include/linux/bitrev.h: fix constant bitrev
include/linux/bitrev.h
ALSA: seq: Fix OOB-reads from strlcpy
* ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
net/ipv6/ip6_tunnel.c
* net: ethtool: not call vzalloc for zero sized memory request
net/core/ethtool.c
* netns: provide pure entropy for net_hash_mix()
include/net/net_namespace.h
include/net/netns/hash.h
net/core/net_namespace.c
tcp: Ensure DCTCP reacts to losses
sctp: initialize _pad of sockaddr_in before copying to user memory
qmi_wwan: add Olicard 600
openvswitch: fix flow actions reallocation
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
* ipv6: sit: reset ip header pointer in ipip6_rcv
net/ipv6/sit.c
* ipv6: Fix dangling pointer when ipv6 fragment
net/ipv6/ip6_output.c
* tty: ldisc: add sysctl to prevent autoloading of ldiscs
drivers/tty/Kconfig
drivers/tty/tty_io.c
drivers/tty/tty_ldisc.c
* tty: mark Siemens R3964 line discipline as BROKEN
drivers/char/Kconfig
* lib/string.c: implement a basic bcmp
include/linux/string.h
lib/string.c
x86/vdso: Drop implicit common-page-size linker flag
x86: vdso: Use $LD instead of $CC to link
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
* kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
Makefile
* binfmt_elf: switch to new creds when switching to new mm
fs/binfmt_elf.c
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
dmaengine: tegra: avoid overflow of byte tracking
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
netfilter: physdev: relax br_netfilter dependency
dmaengine: imx-dma: fix warning comparison of distinct pointer types
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
soc/tegra: fuse: Fix illegal free of IO base address
hwrng: virtio - Avoid repeated init of completion
media: mt9m111: set initial frame size other than 0x0
* tty: increase the default flip buffer limit to 2*640K
drivers/tty/tty_buffer.c
ARM: avoid Cortex-A9 livelock on tight dmb loops
mt7601u: bump supported EEPROM version
soc: qcom: gsbi: Fix error handling in gsbi_probe()
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
cdrom: Fix race condition in cdrom_sysctl_register
* fbdev: fbmem: fix memory access if logo is bigger than the screen
drivers/video/fbdev/core/fbmem.c
bcache: improve sysfs_strtoul_clamp()
bcache: fix input overflow to sequential_cutoff
bcache: fix input overflow to cache set sysfs file io_error_halflife
* ALSA: PCM: check if ops are defined before suspending PCM
sound/core/pcm_native.c
ARM: 8833/1: Ensure that NEON code always compiles with Clang
* kprobes: Prohibit probing on bsearch()
lib/bsearch.c
leds: lp55xx: fix null deref on firmware load failure
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: sh_veu: Correct return type for mem2mem buffer helpers
SoC: imx-sgtl5000: add missing put_device()
perf test: Fix failure of 'evsel-tp-sched' test on s390
scsi: megaraid_sas: return error when create DMA pool failed
IB/mlx4: Increase the timeout for CM cache
e1000e: Fix -Wformat-truncation warnings
mmc: omap: fix the maximum timeout setting
ARM: 8840/1: use a raw_spinlock_t in unwind
coresight: etm4x: Add support to enable ETMv4.2
* scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
drivers/scsi/scsi_scan.c
usb: chipidea: Grab the (legacy) USB PHY by phandle first
tools lib traceevent: Fix buffer overflow in arg_eval
* fs: fix guard_bio_eod to check for real EOD errors
fs/buffer.c
cifs: Fix NULL pointer dereference of devname
dm thin: add sanity checks to thin-pool and external snapshot creation
cifs: use correct format characters
* fs/file.c: initialize init_files.resize_wait
fs/file.c
f2fs: do not use mutex lock in atomic context
ocfs2: fix a panic problem caused by o2cb_ctl
mm/slab.c: kmemleak no scan alien caches
* mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/vmalloc.c
mm/page_ext.c: fix an imbalance with kmemleak
* mm/cma.c: cma_declare_contiguous: correct err handling
mm/cma.c
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
* sysctl: handle overflow for file-max
kernel/sysctl.c
gpio: gpio-omap: fix level interrupt idling
* tracing: kdb: Fix ftdump to not sleep
include/linux/ring_buffer.h
kernel/trace/ring_buffer.c
kernel/trace/trace.c
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
CIFS: fix POSIX lock leak and invalid ptr deref
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
* Bluetooth: Fix decrementing reference count twice in releasing socket
net/bluetooth/hci_sock.c
* i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
drivers/i2c/i2c-core.c
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
tty/serial: atmel: Add is_half_duplex helper
* lib/int_sqrt: optimize initial value compute
lib/int_sqrt.c
* ext4: cleanup bh release code in ext4_ind_remove_space()
fs/ext4/indirect.c
arm64: debug: Ensure debug handlers check triggering exception level
* arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
arch/arm64/mm/fault.c
Linux 4.4.178
* stm class: Hide STM-specific options if STM is disabled
drivers/hwtracing/stm/Kconfig
coresight: removing bind/unbind options from sysfs
* arm64: support keyctl() system call in 32-bit mode
arch/arm64/Kconfig
* Revert "USB: core: only clean up what we allocated"
drivers/usb/core/config.c
* xhci: Fix port resume done detection for SS ports with LPM enabled
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.h
KVM: Reject device ioctls from processes other than the VM's creator
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
perf intel-pt: Fix TSC slip
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
* fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
fs/proc/proc_sysctl.c
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
USB: serial: option: add Olicard 600
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: cp210x: add new device id
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
serial: max310x: Fix to avoid potential NULL pointer dereference
staging: vt6655: Fix interrupt race condition on device start up.
staging: vt6655: Remove vif check from vnt_interrupt
tty: atmel_serial: fix a potential NULL pointer dereference
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
* scsi: sd: Fix a race between closing an sd device and sd I/O
drivers/scsi/sd.c
* ALSA: pcm: Don't suspend stream in unrecoverable PCM state
sound/core/pcm_native.c
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: seq: oss: Fix Spectre v1 vulnerability
* ALSA: rawmidi: Fix potential Spectre v1 vulnerability
sound/core/rawmidi.c
* ALSA: compress: add support for 32bit calls in a 64bit kernel
sound/core/compress_offload.c
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
btrfs: remove WARN_ON in log_dir_items
mac8390: Fix mmio access size probe
* sctp: get sctphdr by offset in sctp_compute_cksum
include/net/sctp/checksum.h
vxlan: Don't call gro_cells_destroy() before device is unregistered
* tcp: do not use ipv6 header for ipv4 flow
net/ipv6/tcp_ipv6.c
* packets: Always register packet sk in the same order
include/net/sock.h
net/packet/af_packet.c
* Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
include/linux/rculist.h
net: rose: fix a possible stack overflow
* net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
net/packet/af_packet.c
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
dccp: do not use ipv6 header for ipv4 flow
stmmac: copy unicast mac address to MAC registers
* cfg80211: size various nl80211 messages correctly
net/wireless/nl80211.c
mmc: mmc: fix switch timeout issue caused by jiffies precision
* arm64: kconfig: drop CONFIG_RTC_LIB dependency
arch/arm64/Kconfig
video: fbdev: Set pixclock = 0 in goldfishfb
* cpu/hotplug: Handle unbalanced hotplug enable/disable
kernel/cpu.c
* usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
drivers/usb/gadget/function/rndis.c
* usb: gadget: configfs: add mutex lock before unregister gadget
drivers/usb/gadget/configfs.c
* ipv6: fix endianness error in icmpv6_err
net/ipv6/icmp.c
stm class: Fix stm device initialization order
stm class: Do not leak the chrdev in error path
PM / Hibernate: Call flush_icache_range() on pages restored in-place
* arm64: kernel: Include _AC definition in page.h
arch/arm64/include/asm/page.h
* perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
kernel/events/ring_buffer.c
mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
* arm64/kernel: fix incorrect EL0 check in inv_entry macro
arch/arm64/kernel/entry.S
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
staging: goldfish: audio: fix compiliation on arm
* staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
drivers/staging/android/ion/ion_carveout_heap.c
* staging: ashmem: Add missing include
drivers/staging/android/uapi/ashmem.h
* staging: ashmem: Avoid deadlock with mmap/shrink
drivers/staging/android/ashmem.c
* asm-generic: Fix local variable shadow in __set_fixmap_offset
include/asm-generic/fixmap.h
coresight: etm4x: Check every parameter used by dma_xx_coherent.
coresight: "DEVICE_ATTR_RO" should defined as static.
stm class: Fix a race in unlinking
stm class: Fix unbalanced module/device refcounting
stm class: Guard output assignment against concurrency
stm class: Fix unlocking braino in the error path
stm class: Support devices with multiple instances
stm class: Prevent user-controllable allocations
stm class: Fix link list locking
stm class: Fix locking in unbinding policy path
coresight: remove csdev's link from topology
coresight: release reference taken by 'bus_find_device()'
coresight: coresight_unregister() function cleanup
coresight: fixing lockdep error
* writeback: initialize inode members that track writeback history
fs/inode.c
Revert "mmc: block: don't use parameter prefix if built as module"
* net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
net/ipv4/inet_diag.c
* perf: Synchronously free aux pages in case of allocation failure
kernel/events/ring_buffer.c
* arm64: hide __efistub_ aliases from kallsyms
arch/arm64/kernel/image.h
hid-sensor-hub.c: fix wrong do_div() usage
* vmstat: make vmstat_updater deferrable again and shut down on idle
include/linux/vmstat.h
kernel/sched/idle.c
mm/vmstat.c
* android: unconditionally remove callbacks in sync_fence_free()
drivers/staging/android/sync.c
ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
ARM: 8458/1: bL_switcher: add GIC dependency
* efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
drivers/firmware/efi/libstub/Makefile
* arm64: fix COMPAT_SHMLBA definition for large pages
arch/arm64/include/asm/shmparam.h
mmc: block: Allow more than 8 partitions per card
* sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()
kernel/sched/fair.c
* Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
net/bluetooth/l2cap_core.c
* Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
net/bluetooth/l2cap_core.c
ath10k: avoid possible string overflow
* rtc: Fix overflow when converting time64_t to rtc_time
drivers/rtc/rtc-lib.c
* USB: core: only clean up what we allocated
drivers/usb/core/config.c
* lib/int_sqrt: optimize small argument
lib/int_sqrt.c
serial: sprd: clear timeout interrupt only rather than all interrupts
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
* arm64: traps: disable irq in die()
arch/arm64/kernel/traps.c
* Hang/soft lockup in d_invalidate with simultaneous calls
fs/dcache.c
serial: sprd: adjust TIMEOUT to a big value
* tcp/dccp: drop SYN packets if accept queue is full
include/net/inet_connection_sock.h
net/ipv4/tcp_input.c
usb: gadget: Add the gserial port checking in gs_start_tx()
* usb: gadget: composite: fix dereference after null check coverify warning
drivers/usb/gadget/composite.c
* kbuild: setlocalversion: print error to STDERR
scripts/setlocalversion
extcon: usb-gpio: Don't miss event during suspend/resume
* mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
mm/rmap.c
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
* arm64: mm: Add trace_irqflags annotations to do_debug_exception()
arch/arm64/mm/fault.c
* usb: dwc3: gadget: Fix suspend/resume during device mode
drivers/usb/dwc3/gadget.c
mmc: core: shut up "voltage-ranges unspecified" pr_info()
mmc: sanitize 'bus width' in debug output
mmc: make MAN_BKOPS_EN message a debug
mmc: debugfs: Add a restriction to mmc debugfs clock setting
mmc: pwrseq_simple: Make reset-gpios optional to match doc
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
ALSA: hda - Record the current power state before suspend/resume calls
locking/lockdep: Add debug_locks check in __lock_downgrade()
* media: v4l2-ctrls.c/uvc: zero v4l2_event
drivers/media/v4l2-core/v4l2-ctrls.c
mmc: tmio_mmc_core: don't claim spurious interrupts
* ext4: brelse all indirect buffer in ext4_ind_remove_space()
fs/ext4/indirect.c
* ext4: fix data corruption caused by unaligned direct AIO
fs/ext4/file.c
* ext4: fix NULL pointer dereference while journal is aborted
fs/ext4/ext4_jbd2.h
* futex: Ensure that futex address is aligned in handle_futex_death()
kernel/futex.c
MIPS: Fix kernel crash for R6 in jump label branch function
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
udf: Fix crash on IO error during truncate
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
mmc: pxamci: fix enum type confusion
Change-Id: Ib7e4ac2952d7fc0808e515749ea6b3c2bbfc40e5
Signed-off-by: Robin Peng <robinpeng@google.com>
|
||
|
Greg Kroah-Hartman
|
4af3204c43 |
Merge 4.4.195 into android-4.4-p
Changes in 4.4.195 Revert "Bluetooth: validate BLE connection interval updates" HID: prodikeys: Fix general protection fault during probe HID: lg: make transfer buffers DMA capable HID: logitech: Fix general protection fault caused by Logitech driver HID: hidraw: Fix invalid read in hidraw_ioctl mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword() crypto: talitos - fix missing break in switch statement net: rds: Fix NULL ptr use in rds_tcp_kill_sock ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt() ALSA: hda - Add laptop imic fixup for ASUS M9V laptop mac80211: Print text for disassociation reason mac80211: handle deauthentication/disassociation from TDLS peer locking/lockdep: Add debug_locks check in __lock_downgrade() irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices f2fs: check all the data segments against all node ones Revert "f2fs: avoid out-of-range memory access" f2fs: fix to do sanity check on segment bitmap of LFS curseg drm: Flush output polling on shutdown Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices arcnet: provide a buffer big enough to actually receive packets cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize net/phy: fix DP83865 10 Mbps HDX loopback disable function openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC sch_netem: fix a divide by zero in tabledist() skge: fix checksum byte order usbnet: ignore endpoints with invalid wMaxPacketSize usbnet: sanity checking of packet sizes and device mtu mISDN: enforce CAP_NET_RAW for raw sockets appletalk: enforce CAP_NET_RAW for raw sockets ax25: enforce CAP_NET_RAW for raw sockets ieee802154: enforce CAP_NET_RAW for raw sockets nfc: enforce CAP_NET_RAW for raw sockets ALSA: hda: Flush interrupts on disabling ASoC: sgtl5000: Fix charge pump source assignment dmaengine: bcm2835: Print error in case setting DMA mask fails leds: leds-lp5562 allow firmware files up to the maximum length media: dib0700: fix link error for dibx000_i2c_set_speed media: hdpvr: Add device num check and handling sched/fair: Fix imbalance due to CPU affinity sched/core: Fix CPU controller for !RT_GROUP_SCHED x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails x86/apic: Soft disable APIC before initializing it ALSA: hda - Show the fatal CORB/RIRB error more clearly ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() media: iguanair: add sanity checks base: soc: Export soc_device_register/unregister APIs ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid ia64:unwind: fix double free for mod->arch.init_unw_table md: don't call spare_active in md_reap_sync_thread if all member devices can't work md: don't set In_sync if array is frozen efi: cper: print AER info of PCIe fatal error media: gspca: zero usb_buf on error dmaengine: iop-adma: use correct printk format strings media: omap3isp: Don't set streaming state on random subdevs net: lpc-enet: fix printk format strings media: radio/si470x: kill urb on error media: hdpvr: add terminating 0 at end of string media: saa7146: add cleanup in hexium_attach() media: cpia2_usb: fix memory leaks media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() media: ov9650: add a sanity check ACPI / CPPC: do not require the _PSD method libtraceevent: Change users plugin directory ACPI: custom_method: fix memory leaks hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' md/raid1: fail run raid1 array when active disk less than one dmaengine: ti: edma: Do not reset reserved paRAM slots kprobes: Prohibit probing on BUG() and WARN() address ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set mmc: sdhci: Fix incorrect switch to HS mode libertas: Add missing sentinel at end of if_usb.c fw_table media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type media: omap3isp: Set device on omap3isp subdevs ALSA: firewire-tascam: handle error code when getting current source of clock ALSA: firewire-tascam: check intermediate state of clock status and retry printk: Do not lose last line in kmsg buffer dump fuse: fix missing unlock_page in fuse_writepage() parisc: Disable HP HSC-PCI Cards to prevent kernel crash KVM: x86: always stop emulation on page fault KVM: x86: set ctxt->have_exception in x86_decode_insn() KVM: x86: Manually calculate reserved bits when loading PDPTRS media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table ASoC: Intel: Fix use of potentially uninitialized variable ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP md/raid6: Set R5_ReadError when there is read failure on parity disk cfg80211: Purge frame registrations on iftype change /dev/mem: Bail out upon SIGKILL. ext4: fix punch hole for inline_data file systems quota: fix wrong condition in is_quota_modification() hwrng: core - don't wait on add_early_randomness() i2c: riic: Clear NACK in tend isr CIFS: Fix oplock handling for SMB 2.1+ protocols ovl: filter of trusted xattr results in audit Btrfs: fix use-after-free when using the tree modification log btrfs: Relinquish CPUs in btrfs_compare_trees Btrfs: fix race setting up and completing qgroup rescan workers Linux 4.4.195 Change-Id: I0a333f55c8fd4273b37044e4e4e89ac1fb0fad1a Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Nathan Chancellor
|
4da1300261 |
Merge 4.4.195 into android-msm-wahoo-4.4
Changes in 4.4.195: (100 commits)
Revert "Bluetooth: validate BLE connection interval updates"
HID: prodikeys: Fix general protection fault during probe
HID: lg: make transfer buffers DMA capable
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
net: rds: Fix NULL ptr use in rds_tcp_kill_sock
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
mac80211: Print text for disassociation reason
mac80211: handle deauthentication/disassociation from TDLS peer
locking/lockdep: Add debug_locks check in __lock_downgrade()
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
Revert "f2fs: avoid out-of-range memory access"
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
net/phy: fix DP83865 10 Mbps HDX loopback disable function
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
ALSA: hda: Flush interrupts on disabling
ASoC: sgtl5000: Fix charge pump source assignment
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: hdpvr: Add device num check and handling
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
efi: cper: print AER info of PCIe fatal error
media: gspca: zero usb_buf on error
dmaengine: iop-adma: use correct printk format strings
media: omap3isp: Don't set streaming state on random subdevs
net: lpc-enet: fix printk format strings
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: ov9650: add a sanity check
ACPI / CPPC: do not require the _PSD method
libtraceevent: Change users plugin directory
ACPI: custom_method: fix memory leaks
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
mmc: sdhci: Fix incorrect switch to HS mode
libertas: Add missing sentinel at end of if_usb.c fw_table
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
printk: Do not lose last line in kmsg buffer dump
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
md/raid6: Set R5_ReadError when there is read failure on parity disk
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: Fix oplock handling for SMB 2.1+ protocols
ovl: filter of trusted xattr results in audit
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix race setting up and completing qgroup rescan workers
Linux 4.4.195
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
||
|
Thadeu Lima de Souza Cascardo
|
c22df8ea7c |
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
commit f18ddc13af981ce3c7b7f26925f099e7c6929aba upstream.
ENOTSUPP is not supposed to be returned to userspace. This was found on an
OpenPower machine, where the RTC does not support set_alarm.
On that system, a clock_nanosleep(CLOCK_REALTIME_ALARM, ...) results in
"524 Unknown error 524"
Replace it with EOPNOTSUPP which results in the expected "95 Operation not
supported" error.
Fixes:
|
||
|
Nathan Chancellor
|
3c9303b5f9 |
Merge 4.4.187 into android-msm-wahoo-4.4
Changes in 4.4.187: (157 commits)
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
dmaengine: imx-sdma: fix use-after-free on probe error path
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
crypto: talitos - fix skcipher failure due to wrong output IV
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
net: stmmac: dwmac1000: Clear unused address entries
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
tua6100: Avoid build warnings.
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
cpupower : frequency-set -r option misses the last cpu in related cpu list
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
perf test 6: Fix missing kvm module load for s390
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
rcu: Force inlining of rcu_read_lock()
xfrm: fix sa selector validation
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
EDAC/sysfs: Fix memory leak when creating a csrow object
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: increment sequence offset for the last returned frame
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ath10k: fix PCIE device wake up failed
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: validate BLE connection interval updates
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
Input: gtco - bounds check collection indent level
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
tracing/snapshot: Resize spare buffer if size changed
NFSv4: Handle the special Linux file open access mode
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ALSA: seq: Break too long mutex context in the write loop
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
9p/virtio: Add cleanup path in p9_virtio_init
PCI: Do not poll for PME if the device is in D3cold
take floppy compat ioctls to sodding floppy.c
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
coda: pass the host file in vma->vm_file on mmap
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
eCryptfs: fix a couple type promotion bugs
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
dm bufio: fix deadlock with loop device
bnx2x: Prevent load reordering in tx completion processing
caif-hsi: fix possible deadlock in cfhsi_exit_module()
ipv4: don't set IPv6 only flags to IPv4 addresses
net: bcmgenet: use promisc for unsupported filters
net: neigh: fix multiple neigh timer scheduling
nfc: fix potential illegal memory access
sky2: Disable MSI on ASUS P6T
netrom: fix a memory leak in nr_rx_frame()
netrom: hold sock when setting skb->destructor
tcp: Reset bytes_acked and bytes_received when disconnecting
bonding: validate ip header before check IPPROTO_IGMP
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: stp: don't cache eth dest pointer before skb pull
elevator: fix truncation of icq_cache_name
NFSv4: Fix open create exclusive when the server reboots
nfsd: increase DRC cache limit
nfsd: give out fewer session slots as limit approaches
nfsd: fix performance-limiting session calculation
nfsd: Fix overflow causing non-working mounts on 1 TB machines
drm/panel: simple: Fix panel_simple_dsi_probe
usb: core: hub: Disable hub-initiated U1/U2
tty: max310x: Fix invalid baudrate divisors calculator
pinctrl: rockchip: fix leaked of_node references
tty: serial: cpm_uart - fix init when SMC is relocated
memstick: Fix error cleanup path of memstick_init
tty/serial: digicolor: Fix digicolor-usart already registered warning
tty: serial: msm_serial: avoid system lockup condition
drm/virtio: Add memory barriers for capset cache.
phy: renesas: rcar-gen2: Fix memory leak at error paths
usb: gadget: Zero ffs_io_data
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
PCI: sysfs: Ignore lockdep for remove attribute
iio: iio-utils: Fix possible incorrect mask calculation
recordmcount: Fix spurious mcount entries on powerpc
mfd: core: Set fwnode for created devices
mfd: arizona: Fix undefined behavior
um: Silence lockdep complaint about mmap_sem
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
kallsyms: exclude kasan local symbols on s390
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
f2fs: avoid out-of-range memory access
mailbox: handle failed named mailbox channel request
powerpc/eeh: Handle hugepages in ioremap space
sh: prevent warnings when using iounmap
mm/kmemleak.c: fix check for softirq context
9p: pass the correct prototype to read_cache_page
mm/mmu_notifier: use hlist_add_head_rcu()
locking/lockdep: Fix lock used or unused stats error
locking/lockdep: Hide unused 'class' variable
usb: wusbcore: fix unbalanced get/put cluster_id
usb: pci-quirks: Correct AMD PLL quirk detection
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/speculation/mds: Apply more accurate check on hypervisor platform
hpet: Fix division by zero in hpet_time_div()
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
ALSA: hda - Add a conexant codec entry to let mute led work
powerpc/tm: Fix oops on sigreturn on systems without TM
access: avoid the RCU grace period for the temporary subjective credentials
vmstat: Remove BUG_ON from vmstat_update
mm, vmstat: make quiet_vmstat lighter
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
tcp: reset sk_send_head in tcp_write_queue_purge
ISDN: hfcsusb: checking idx of ep configuration
media: cpia2_usb: first wake up, then free in disconnect
media: radio-raremono: change devm_k*alloc to k*alloc
Bluetooth: hci_uart: check for missing tty operations
sched/fair: Don't free p->numa_faults with concurrent readers
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
ceph: hold i_ceph_lock when removing caps for freeing inode
Linux 4.4.187
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
fs/ecryptfs/crypto.c
mm/vmstat.c
|
||
|
Greg Kroah-Hartman
|
ebf4d7ea8d |
Merge 4.4.187 into android-4.4-p
Changes in 4.4.187 MIPS: ath79: fix ar933x uart parity mode MIPS: fix build on non-linux hosts dmaengine: imx-sdma: fix use-after-free on probe error path ath10k: Do not send probe response template for mesh ath9k: Check for errors when reading SREV register ath6kl: add some bounds checking ath: DFS JP domain W56 fixed pulse type 3 RADAR detection batman-adv: fix for leaked TVLV handler. media: dvb: usb: fix use after free in dvb_usb_device_exit crypto: talitos - fix skcipher failure due to wrong output IV media: marvell-ccic: fix DMA s/g desc number calculation media: vpss: fix a potential NULL pointer dereference net: stmmac: dwmac1000: Clear unused address entries signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig af_key: fix leaks in key_pol_get_resp and dump_sp. xfrm: Fix xfrm sel prefix length validation media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails. net: phy: Check against net_device being NULL tua6100: Avoid build warnings. locking/lockdep: Fix merging of hlocks with non-zero references media: wl128x: Fix some error handling in fm_v4l2_init_video_device() cpupower : frequency-set -r option misses the last cpu in related cpu list net: fec: Do not use netdev messages too early net: axienet: Fix race condition causing TX hang s390/qdio: handle PENDING state for QEBSM devices perf test 6: Fix missing kvm module load for s390 gpio: omap: fix lack of irqstatus_raw0 for OMAP4 gpio: omap: ensure irq is enabled before wakeup regmap: fix bulk writes on paged registers bpf: silence warning messages in core rcu: Force inlining of rcu_read_lock() xfrm: fix sa selector validation perf evsel: Make perf_evsel__name() accept a NULL argument vhost_net: disable zerocopy by default EDAC/sysfs: Fix memory leak when creating a csrow object media: i2c: fix warning same module names ntp: Limit TAI-UTC offset timer_list: Guard procfs specific code acpi/arm64: ignore 5.1 FADTs that are reported as 5.0 media: coda: fix mpeg2 sequence number handling media: coda: increment sequence offset for the last returned frame mt7601u: do not schedule rx_tasklet when the device has been disconnected x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c mt7601u: fix possible memory leak when the device is disconnected ath10k: fix PCIE device wake up failed rslib: Fix decoding of shortened codes rslib: Fix handling of of caller provided syndrome ixgbe: Check DDM existence in transceiver before access EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush() Bluetooth: hci_bcsp: Fix memory leak in rx_skb Bluetooth: 6lowpan: search for destination address in all peers Bluetooth: Check state in l2cap_disconnect_rsp Bluetooth: validate BLE connection interval updates crypto: ghash - fix unaligned memory access in ghash_setkey() crypto: arm64/sha1-ce - correct digest for empty data in finup crypto: arm64/sha2-ce - correct digest for empty data in finup Input: gtco - bounds check collection indent level regulator: s2mps11: Fix buck7 and buck8 wrong voltages tracing/snapshot: Resize spare buffer if size changed NFSv4: Handle the special Linux file open access mode lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE ALSA: seq: Break too long mutex context in the write loop media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom() media: coda: Remove unbalanced and unneeded mutex unlock KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed drm/nouveau/i2c: Enable i2c pads & busses during preinit padata: use smp_mb in padata_reorder to avoid orphaned padata jobs 9p/virtio: Add cleanup path in p9_virtio_init PCI: Do not poll for PME if the device is in D3cold take floppy compat ioctls to sodding floppy.c floppy: fix div-by-zero in setup_format_params floppy: fix out-of-bounds read in next_valid_format floppy: fix invalid pointer dereference in drive_name floppy: fix out-of-bounds read in copy_buffer coda: pass the host file in vma->vm_file on mmap gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1 powerpc/32s: fix suspend/resume when IBATs 4-7 are used powerpc/watchpoint: Restore NV GPRs while returning from exception eCryptfs: fix a couple type promotion bugs intel_th: msu: Fix single mode with disabled IOMMU Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug usb: Handle USB3 remote wakeup for LPM enabled devices correctly dm bufio: fix deadlock with loop device bnx2x: Prevent load reordering in tx completion processing caif-hsi: fix possible deadlock in cfhsi_exit_module() ipv4: don't set IPv6 only flags to IPv4 addresses net: bcmgenet: use promisc for unsupported filters net: neigh: fix multiple neigh timer scheduling nfc: fix potential illegal memory access sky2: Disable MSI on ASUS P6T netrom: fix a memory leak in nr_rx_frame() netrom: hold sock when setting skb->destructor tcp: Reset bytes_acked and bytes_received when disconnecting bonding: validate ip header before check IPPROTO_IGMP net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query net: bridge: stp: don't cache eth dest pointer before skb pull elevator: fix truncation of icq_cache_name NFSv4: Fix open create exclusive when the server reboots nfsd: increase DRC cache limit nfsd: give out fewer session slots as limit approaches nfsd: fix performance-limiting session calculation nfsd: Fix overflow causing non-working mounts on 1 TB machines drm/panel: simple: Fix panel_simple_dsi_probe usb: core: hub: Disable hub-initiated U1/U2 tty: max310x: Fix invalid baudrate divisors calculator pinctrl: rockchip: fix leaked of_node references tty: serial: cpm_uart - fix init when SMC is relocated memstick: Fix error cleanup path of memstick_init tty/serial: digicolor: Fix digicolor-usart already registered warning tty: serial: msm_serial: avoid system lockup condition drm/virtio: Add memory barriers for capset cache. phy: renesas: rcar-gen2: Fix memory leak at error paths usb: gadget: Zero ffs_io_data powerpc/pci/of: Fix OF flags parsing for 64bit BARs PCI: sysfs: Ignore lockdep for remove attribute iio: iio-utils: Fix possible incorrect mask calculation recordmcount: Fix spurious mcount entries on powerpc mfd: core: Set fwnode for created devices mfd: arizona: Fix undefined behavior um: Silence lockdep complaint about mmap_sem powerpc/4xx/uic: clear pending interrupt after irq type/pol change serial: sh-sci: Fix TX DMA buffer flushing and workqueue races kallsyms: exclude kasan local symbols on s390 perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning f2fs: avoid out-of-range memory access mailbox: handle failed named mailbox channel request powerpc/eeh: Handle hugepages in ioremap space sh: prevent warnings when using iounmap mm/kmemleak.c: fix check for softirq context 9p: pass the correct prototype to read_cache_page mm/mmu_notifier: use hlist_add_head_rcu() locking/lockdep: Fix lock used or unused stats error locking/lockdep: Hide unused 'class' variable usb: wusbcore: fix unbalanced get/put cluster_id usb: pci-quirks: Correct AMD PLL quirk detection x86/sysfb_efi: Add quirks for some devices with swapped width and height x86/speculation/mds: Apply more accurate check on hypervisor platform hpet: Fix division by zero in hpet_time_div() ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 ALSA: hda - Add a conexant codec entry to let mute led work powerpc/tm: Fix oops on sigreturn on systems without TM access: avoid the RCU grace period for the temporary subjective credentials vmstat: Remove BUG_ON from vmstat_update mm, vmstat: make quiet_vmstat lighter ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt tcp: reset sk_send_head in tcp_write_queue_purge ISDN: hfcsusb: checking idx of ep configuration media: cpia2_usb: first wake up, then free in disconnect media: radio-raremono: change devm_k*alloc to k*alloc Bluetooth: hci_uart: check for missing tty operations sched/fair: Don't free p->numa_faults with concurrent readers drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl ceph: hold i_ceph_lock when removing caps for freeing inode Linux 4.4.187 Change-Id: I6086b23376cdf9f6a905f727fb07175a7ebdd356 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Nathan Huckleberry
|
66166f9a0e |
timer_list: Guard procfs specific code
[ Upstream commit a9314773a91a1d3b36270085246a6715a326ff00 ]
With CONFIG_PROC_FS=n the following warning is emitted:
kernel/time/timer_list.c:361:36: warning: unused variable
'timer_list_sops' [-Wunused-const-variable]
static const struct seq_operations timer_list_sops = {
Add #ifdef guard around procfs specific code.
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: john.stultz@linaro.org
Cc: sboyd@kernel.org
Cc: clang-built-linux@googlegroups.com
Link: https://github.com/ClangBuiltLinux/linux/issues/534
Link: https://lkml.kernel.org/r/20190614181604.112297-1-nhuck@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Miroslav Lichvar
|
41164dd563 |
ntp: Limit TAI-UTC offset
[ Upstream commit d897a4ab11dc8a9fda50d2eccc081a96a6385998 ] Don't allow the TAI-UTC offset of the system clock to be set by adjtimex() to a value larger than 100000 seconds. This prevents an overflow in the conversion to int, prevents the CLOCK_TAI clock from getting too far ahead of the CLOCK_REALTIME clock, and it is still large enough to allow leap seconds to be inserted at the maximum rate currently supported by the kernel (once per day) for the next ~270 years, however unlikely it is that someone can survive a catastrophic event which slowed down the rotation of the Earth so much. Reported-by: Weikang shi <swkhack@gmail.com> Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: John Stultz <john.stultz@linaro.org> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Richard Cochran <richardcochran@gmail.com> Cc: Stephen Boyd <sboyd@kernel.org> Link: https://lkml.kernel.org/r/20190618154713.20929-1-mlichvar@redhat.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Nathan Chancellor
|
2458b36258 |
Merge 4.4.183 into android-msm-wahoo-4.4
Changes in 4.4.183: (85 commits)
fs/fat/file.c: issue flush after the writeback of FAT
sysctl: return -EINVAL if val violates minmax
ipc: prevent lockup on alloc_msg and free_msg
hugetlbfs: on restore reserve error path retain subpool reservation
mm/cma.c: fix crash on CMA allocation if bitmap allocation fails
mm/cma_debug.c: fix the break condition in cma_maxchunk_get()
kernel/sys.c: prctl: fix false positive in validate_prctl_map()
mfd: intel-lpss: Set the device in reset state when init
mfd: twl6040: Fix device init errors for ACCCTL register
perf/x86/intel: Allow PEBS multi-entry in watermark mode
drm/bridge: adv7511: Fix low refresh rate selection
ntp: Allow TAI-UTC offset to be set to zero
f2fs: fix to avoid panic in do_recover_data()
f2fs: fix to do sanity check on valid block count of segment
iommu/vt-d: Set intel_iommu_gfx_mapped correctly
ALSA: hda - Register irq handler after the chip initialization
nvmem: core: fix read buffer in place
fuse: retrieve: cap requested size to negotiated max_write
nfsd: allow fh_want_write to be called twice
x86/PCI: Fix PCI IRQ routing table memory leak
platform/chrome: cros_ec_proto: check for NULL transfer function
soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher
clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA
ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA
ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA
PCI: rpadlpar: Fix leaked device_node references in add/remove paths
PCI: rcar: Fix a potential NULL pointer dereference
video: hgafb: fix potential NULL pointer dereference
video: imsttfb: fix potential NULL pointer dereferences
PCI: xilinx: Check for __get_free_pages() failure
gpio: gpio-omap: add check for off wake capable gpios
dmaengine: idma64: Use actual device for DMA transfers
pwm: tiehrpwm: Update shadow register for disabling PWMs
ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa
pwm: Fix deadlock warning when removing PWM device
ARM: exynos: Fix undefined instruction during Exynos5422 resume
futex: Fix futex lock the wrong page
Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections"
ALSA: seq: Cover unsubscribe_port() in list_mutex
libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
ptrace: restore smp_rmb() in __ptrace_may_access()
i2c: acorn: fix i2c warning
bcache: fix stack corruption by PRECEDING_KEY()
cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
ASoC: cs42xx8: Add regcache mask dirty
Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
scsi: lpfc: add check for loss of ndlp when sending RRQ
scsi: bnx2fc: fix incorrect cast to u64 on shift operation
usbnet: ipheth: fix racing condition
KVM: x86/pmu: do not mask the value that is written to fixed PMUs
KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read
drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
USB: usb-storage: Add new ID to ums-realtek
USB: serial: pl2303: add Allied Telesis VT-Kit3
USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
USB: serial: option: add Telit 0x1260 and 0x1261 compositions
ax25: fix inconsistent lock state in ax25_destroy_timer
be2net: Fix number of Rx queues used for flow hashing
ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
lapb: fixed leak of control-blocks.
neigh: fix use-after-free read in pneigh_get_next
sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg
mISDN: make sure device name is NUL terminated
x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor
perf/ring_buffer: Fix exposing a temporarily decreased data_head
perf/ring_buffer: Add ordering to rb->nest increment
gpio: fix gpio-adp5588 build errors
net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE()
i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr
configfs: Fix use-after-free when accessing sd->s_dentry
ia64: fix build errors by exporting paddr_to_nid()
KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list
net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs
scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route()
scsi: libsas: delete sas port if expander discover failed
Revert "crypto: crypto4xx - properly set IV after de- and encrypt"
coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
Abort file_remove_privs() for non-reg. files
Linux 4.4.183
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/android/binder.c
|
||
|
Greg Kroah-Hartman
|
032bab8306 |
Merge 4.4.183 into android-4.4-p
Changes in 4.4.183 fs/fat/file.c: issue flush after the writeback of FAT sysctl: return -EINVAL if val violates minmax ipc: prevent lockup on alloc_msg and free_msg hugetlbfs: on restore reserve error path retain subpool reservation mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mm/cma_debug.c: fix the break condition in cma_maxchunk_get() kernel/sys.c: prctl: fix false positive in validate_prctl_map() mfd: intel-lpss: Set the device in reset state when init mfd: twl6040: Fix device init errors for ACCCTL register perf/x86/intel: Allow PEBS multi-entry in watermark mode drm/bridge: adv7511: Fix low refresh rate selection ntp: Allow TAI-UTC offset to be set to zero f2fs: fix to avoid panic in do_recover_data() f2fs: fix to do sanity check on valid block count of segment iommu/vt-d: Set intel_iommu_gfx_mapped correctly ALSA: hda - Register irq handler after the chip initialization nvmem: core: fix read buffer in place fuse: retrieve: cap requested size to negotiated max_write nfsd: allow fh_want_write to be called twice x86/PCI: Fix PCI IRQ routing table memory leak platform/chrome: cros_ec_proto: check for NULL transfer function soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA PCI: rpadlpar: Fix leaked device_node references in add/remove paths PCI: rcar: Fix a potential NULL pointer dereference video: hgafb: fix potential NULL pointer dereference video: imsttfb: fix potential NULL pointer dereferences PCI: xilinx: Check for __get_free_pages() failure gpio: gpio-omap: add check for off wake capable gpios dmaengine: idma64: Use actual device for DMA transfers pwm: tiehrpwm: Update shadow register for disabling PWMs ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: Fix deadlock warning when removing PWM device ARM: exynos: Fix undefined instruction during Exynos5422 resume futex: Fix futex lock the wrong page Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" ALSA: seq: Cover unsubscribe_port() in list_mutex libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node fs/ocfs2: fix race in ocfs2_dentry_attach_lock() signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO ptrace: restore smp_rmb() in __ptrace_may_access() i2c: acorn: fix i2c warning bcache: fix stack corruption by PRECEDING_KEY() cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() ASoC: cs42xx8: Add regcache mask dirty Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var scsi: lpfc: add check for loss of ndlp when sending RRQ scsi: bnx2fc: fix incorrect cast to u64 on shift operation usbnet: ipheth: fix racing condition KVM: x86/pmu: do not mask the value that is written to fixed PMUs KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. USB: usb-storage: Add new ID to ums-realtek USB: serial: pl2303: add Allied Telesis VT-Kit3 USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode USB: serial: option: add Telit 0x1260 and 0x1261 compositions ax25: fix inconsistent lock state in ax25_destroy_timer be2net: Fix number of Rx queues used for flow hashing ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero lapb: fixed leak of control-blocks. neigh: fix use-after-free read in pneigh_get_next sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg mISDN: make sure device name is NUL terminated x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor perf/ring_buffer: Fix exposing a temporarily decreased data_head perf/ring_buffer: Add ordering to rb->nest increment gpio: fix gpio-adp5588 build errors net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr configfs: Fix use-after-free when accessing sd->s_dentry ia64: fix build errors by exporting paddr_to_nid() KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() scsi: libsas: delete sas port if expander discover failed Revert "crypto: crypto4xx - properly set IV after de- and encrypt" coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping Abort file_remove_privs() for non-reg. files Linux 4.4.183 Change-Id: I26e2772a587b1dcf557adede5bcff66962f72432 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Miroslav Lichvar
|
90a238a8a2 |
ntp: Allow TAI-UTC offset to be set to zero
[ Upstream commit fdc6bae940ee9eb869e493990540098b8c0fd6ab ]
The ADJ_TAI adjtimex mode sets the TAI-UTC offset of the system clock.
It is typically set by NTP/PTP implementations and it is automatically
updated by the kernel on leap seconds. The initial value is zero (which
applications may interpret as unknown), but this value cannot be set by
adjtimex. This limitation seems to go back to the original "nanokernel"
implementation by David Mills.
Change the ADJ_TAI check to accept zero as a valid TAI-UTC offset in
order to allow setting it back to the initial value.
Fixes:
|
||
|
Nathan Chancellor
|
06d423a807 |
Merge 4.4.180 into android-msm-wahoo-4.4
Changes in 4.4.180: (267 commits)
kbuild: simplify ld-option implementation
KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number
cifs: do not attempt cifs operation on smb2+ rename error
MIPS: scall64-o32: Fix indirect syscall number load
trace: Fix preempt_enable_no_resched() abuse
sched/numa: Fix a possible divide-by-zero
ceph: ensure d_name stability in ceph_dentry_hash()
ceph: fix ci->i_head_snapc leak
nfsd: Don't release the callback slot unless it was actually held
sunrpc: don't mark uninitialised items as VALID.
USB: Add new USB LPM helpers
USB: Consolidate LPM checks to avoid enabling LPM twice
powerpc/xmon: Add RFI flush related fields to paca dump
powerpc/64s: Improve RFI L1-D cache flush fallback
powerpc/pseries: Support firmware disable of RFI flush
powerpc/powernv: Support firmware disable of RFI flush
powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
powerpc/rfi-flush: Always enable fallback flush on pseries
powerpc/rfi-flush: Differentiate enabled and patched flush types
powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
powerpc: Add security feature flags for Spectre/Meltdown
powerpc/pseries: Set or clear security feature flags
powerpc/powernv: Set or clear security feature flags
powerpc/64s: Move cpu_show_meltdown()
powerpc/64s: Enhance the information in cpu_show_meltdown()
powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
powerpc/64s: Wire up cpu_show_spectre_v1()
powerpc/64s: Wire up cpu_show_spectre_v2()
powerpc/pseries: Fix clearing of security feature flags
powerpc: Move default security feature flags
powerpc/pseries: Restore default security feature flags on setup
powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
powerpc/64s: Add barrier_nospec
powerpc/64s: Add support for ori barrier_nospec patching
powerpc/64s: Patch barrier_nospec in modules
powerpc/64s: Enable barrier_nospec based on firmware settings
powerpc/64: Use barrier_nospec in syscall entry
powerpc: Use barrier_nospec in copy_from_user()
powerpc/64s: Enhance the information in cpu_show_spectre_v1()
powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
powerpc/64: Disable the speculation barrier from the command line
powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
powerpc/64: Call setup_barrier_nospec() from setup_arch()
powerpc/64: Make meltdown reporting Book3S 64 specific
powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E
powerpc/asm: Add a patch_site macro & helpers for patching instructions
powerpc/64s: Add new security feature flags for count cache flush
powerpc/64s: Add support for software count cache flush
powerpc/pseries: Query hypervisor for count cache flush settings
powerpc/powernv: Query firmware for count cache flush settings
powerpc: Avoid code patching freed init sections
powerpc/fsl: Add infrastructure to fixup branch predictor flush
powerpc/fsl: Add macro to flush the branch predictor
powerpc/fsl: Fix spectre_v2 mitigations reporting
powerpc/fsl: Add nospectre_v2 command line argument
powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
powerpc/fsl: Update Spectre v2 reporting
powerpc/security: Fix spectre_v2 reporting
powerpc/fsl: Fix the flush of branch predictor.
tipc: handle the err returned from cmd header function
slip: make slhc_free() silently accept an error pointer
intel_th: gth: Fix an off-by-one in output unassigning
fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
tipc: check link name with right length in tipc_nl_compat_link_set
bpf: reject wrong sized filters earlier
Revert "block/loop: Use global lock for ioctl() operation."
ipv4: add sanity checks in ipv4_link_failure()
team: fix possible recursive locking when add slaves
net: stmmac: move stmmac_check_ether_addr() to driver probe
ipv4: set the tcp_min_rtt_wlen range from 0 to one day
powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
powerpc/fsl: Flush branch predictor when entering KVM
powerpc/fsl: Emulate SPRN_BUCSR register
powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms
powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
Documentation: Add nospectre_v1 parameter
usbnet: ipheth: prevent TX queue timeouts when device not ready
usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
qlcnic: Avoid potential NULL pointer dereference
netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
usb: gadget: net2280: Fix overrun of OUT messages
usb: gadget: net2280: Fix net2280_dequeue()
usb: gadget: net2272: Fix net2272_dequeue()
ARM: dts: pfla02: increase phy reset duration
net: ks8851: Dequeue RX packets explicitly
net: ks8851: Reassert reset pin if chip ID check fails
net: ks8851: Delay requesting IRQ until opened
net: ks8851: Set initial carrier state to down
net: xilinx: fix possible object reference leak
net: ibm: fix possible object reference leak
net: ethernet: ti: fix possible object reference leak
scsi: qla4xxx: fix a potential NULL pointer dereference
usb: u132-hcd: fix resource leak
ceph: fix use-after-free on symlink traversal
scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
libata: fix using DMA buffers on stack
kconfig/[mn]conf: handle backspace (^H) key
vfio/type1: Limit DMA mappings per container
ALSA: line6: use dynamic buffers
ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
ipv6/flowlabel: wait rcu grace period before put_pid()
ipv6: invert flowlabel sharing check in process and user mode
bnxt_en: Improve multicast address setup logic.
packet: validate msg_namelen in send directly
USB: yurex: Fix protection fault after device removal
USB: w1 ds2490: Fix bug caused by improper use of altsetting array
USB: core: Fix unterminated string returned by usb_string()
USB: core: Fix bug caused by duplicate interface PM usage counter
HID: debug: fix race condition with between rdesc_show() and device removal
rtc: sh: Fix invalid alarm warning for non-enabled alarm
igb: Fix WARN_ONCE on runtime suspend
bonding: show full hw address in sysfs for slave entries
jffs2: fix use-after-free on symlink traversal
debugfs: fix use-after-free on symlink traversal
rtc: da9063: set uie_unsupported when relevant
vfio/pci: use correct format characters
scsi: storvsc: Fix calculation of sub-channel count
net: hns: Use NAPI_POLL_WEIGHT for hns driver
net: hns: Fix WARNING when remove HNS driver with SMMU enabled
hugetlbfs: fix memory leak for resv_map
xsysace: Fix error handling in ace_setup
ARM: orion: don't use using 64-bit DMA masks
ARM: iop: don't use using 64-bit DMA masks
usb: usbip: fix isoc packet num validation in get_pipe
staging: iio: adt7316: allow adt751x to use internal vref for all dacs
staging: iio: adt7316: fix the dac read calculation
staging: iio: adt7316: fix the dac write calculation
Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
selinux: never allow relabeling on context mounts
x86/mce: Improve error message when kernel cannot recover, p2
media: v4l2: i2c: ov7670: Fix PLL bypass register values
scsi: libsas: fix a race condition when smp task timeout
ASoC:soc-pcm:fix a codec fixup issue in TDM case
ASoC: cs4270: Set auto-increment bit for register writes
ASoC: tlv320aic32x4: Fix Common Pins
perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
iommu/amd: Set exclusion range correctly
genirq: Prevent use-after-free and work list corruption
usb: dwc3: Fix default lpm_nyet_threshold value
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
Bluetooth: hidp: fix buffer overflow
Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
UAS: fix alignment of scatter/gather segments
ipv6: fix a potential deadlock in do_ipv6_setsockopt()
ASoC: Intel: avoid Oops if DMA setup fails
timer/debug: Change /proc/timer_stats from 0644 to 0600
netfilter: compat: initialize all fields in xt_init
platform/x86: sony-laptop: Fix unintentional fall-through
iio: adc: xilinx: fix potential use-after-free on remove
HID: input: add mapping for Expose/Overview key
HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
libnvdimm/btt: Fix a kmemdup failure check
s390/dasd: Fix capacity calculation for large volumes
s390/3270: fix lockdep false positive on view->lock
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
tools lib traceevent: Fix missing equality check for strcmp
init: initialize jump labels before command line option parsing
ipvs: do not schedule icmp errors from tunnels
s390: ctcm: fix ctcm_new_device error return code
selftests/net: correct the return value for run_netsocktests
gpu: ipu-v3: dp: fix CSC handling
cw1200: fix missing unlock on error in cw1200_hw_scan()
x86/vdso: Pass --eh-frame-hdr to the linker
Don't jump to compute_result state from check_result state
locking/static_keys: Provide DECLARE and well as DEFINE macros
x86/microcode/intel: Add a helper which gives the microcode revision
x86: stop exporting msr-index.h to userland
bitops: avoid integer overflow in GENMASK(_ULL)
x86/microcode/intel: Check microcode revision before updating sibling threads
x86/MCE: Save microcode revision in machine check records
x86/cpufeatures: Hide AMD-specific speculation flags
x86/speculation: Support Enhanced IBRS on future CPUs
x86/speculation: Simplify the CPU bug detection logic
x86/bugs: Add AMD's variant of SSB_NO
x86/bugs: Add AMD's SPEC_CTRL MSR usage
x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file
x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
x86/microcode: Update the new microcode revision unconditionally
x86/cpu: Sanitize FAM6_ATOM naming
KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
x86/mm: Use WRITE_ONCE() when setting PTEs
x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/speculation: Propagate information about RSB filling mitigation to sysfs
x86/speculation: Update the TIF_SSBD comment
x86/speculation: Clean up spectre_v2_parse_cmdline()
x86/speculation: Remove unnecessary ret variable in cpu_show_common()
x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common()
x86/speculation: Disable STIBP when enhanced IBRS is in use
x86/speculation: Rename SSBD update functions
x86/speculation: Reorganize speculation control MSRs update
x86/Kconfig: Select SCHED_SMT if SMP enabled
sched: Add sched_smt_active()
x86/speculation: Rework SMT state change
x86/speculation: Reorder the spec_v2 code
x86/speculation: Mark string arrays const correctly
x86/speculataion: Mark command line parser data __initdata
x86/speculation: Unify conditional spectre v2 print functions
x86/speculation: Add command line control for indirect branch speculation
x86/speculation: Prepare for per task indirect branch speculation control
x86/process: Consolidate and simplify switch_to_xtra() code
x86/speculation: Avoid __switch_to_xtra() calls
x86/speculation: Prepare for conditional IBPB in switch_mm()
x86/speculation: Split out TIF update
x86/speculation: Prepare arch_smt_update() for PRCTL mode
x86/speculation: Prevent stale SPEC_CTRL msr content
x86/speculation: Add prctl() control for indirect branch speculation
x86/speculation: Enable prctl mode for spectre_v2_user
x86/speculation: Add seccomp Spectre v2 user space protection mode
x86/speculation: Provide IBPB always command line options
kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
x86/msr-index: Cleanup bit defines
x86/speculation: Consolidate CPU whitelists
x86/speculation/mds: Add basic bug infrastructure for MDS
x86/speculation/mds: Add BUG_MSBDS_ONLY
x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
x86/speculation/mds: Add mds_clear_cpu_buffers()
x86/speculation/mds: Clear CPU buffers on exit to user
x86/speculation/mds: Conditionally clear CPU buffers on idle entry
x86/speculation/mds: Add mitigation control for MDS
x86/speculation/l1tf: Document l1tf in sysfs
x86/speculation/mds: Add sysfs reporting for MDS
x86/speculation/mds: Add mitigation mode VMWERV
Documentation: Move L1TF to separate directory
Documentation: Add MDS vulnerability documentation
x86/cpu/bugs: Use __initconst for 'const' init data
x86/speculation: Move arch_smt_update() call to after mitigation decisions
x86/speculation/mds: Add SMT warning message
x86/speculation/mds: Fix comment
x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
cpu/speculation: Add 'mitigations=' cmdline option
x86/speculation: Support 'mitigations=' cmdline option
x86/speculation/mds: Add 'mitigations=' support for MDS
x86/mds: Add MDSUM variant to the MDS documentation
Documentation: Correct the possible MDS sysfs values
x86/speculation/mds: Fix documentation typo
x86/bugs: Change L1TF mitigation string to match upstream
USB: serial: use variable for status
USB: serial: fix unthrottle races
powerpc/64s: Include cpu header
bridge: Fix error path for kobject_init_and_add()
net: ucc_geth - fix Oops when changing number of buffers in the ring
packet: Fix error path in packet_init
vlan: disable SIOCSHWTSTAMP in container
vrf: sit mtu should not be updated when vrf netdev is the link
ipv4: Fix raw socket lookup for local traffic
bonding: fix arp_validate toggling in active-backup mode
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
powerpc/booke64: set RI in default MSR
powerpc/lib: fix book3s/32 boot failure due to code patching
Linux 4.4.180
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/powerpc/include/asm/uaccess.h
include/linux/cpu.h
kernel/cpu.c
kernel/irq/manage.c
net/ipv4/sysctl_net_ipv4.c
|
||
|
Greg Kroah-Hartman
|
4521d273cf |
Merge 4.4.180 into android-4.4-p
Changes in 4.4.180 kbuild: simplify ld-option implementation KVM: fail KVM_SET_VCPU_EVENTS with invalid exception number cifs: do not attempt cifs operation on smb2+ rename error MIPS: scall64-o32: Fix indirect syscall number load trace: Fix preempt_enable_no_resched() abuse sched/numa: Fix a possible divide-by-zero ceph: ensure d_name stability in ceph_dentry_hash() ceph: fix ci->i_head_snapc leak nfsd: Don't release the callback slot unless it was actually held sunrpc: don't mark uninitialised items as VALID. USB: Add new USB LPM helpers USB: Consolidate LPM checks to avoid enabling LPM twice powerpc/xmon: Add RFI flush related fields to paca dump powerpc/64s: Improve RFI L1-D cache flush fallback powerpc/pseries: Support firmware disable of RFI flush powerpc/powernv: Support firmware disable of RFI flush powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Set or clear security feature flags powerpc/powernv: Set or clear security feature flags powerpc/64s: Move cpu_show_meltdown() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/pseries: Fix clearing of security feature flags powerpc: Move default security feature flags powerpc/pseries: Restore default security feature flags on setup powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit powerpc/64s: Add barrier_nospec powerpc/64s: Add support for ori barrier_nospec patching powerpc/64s: Patch barrier_nospec in modules powerpc/64s: Enable barrier_nospec based on firmware settings powerpc/64: Use barrier_nospec in syscall entry powerpc: Use barrier_nospec in copy_from_user() powerpc/64s: Enhance the information in cpu_show_spectre_v1() powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 powerpc/64: Disable the speculation barrier from the command line powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC powerpc/64: Call setup_barrier_nospec() from setup_arch() powerpc/64: Make meltdown reporting Book3S 64 specific powerpc/fsl: Add barrier_nospec implementation for NXP PowerPC Book3E powerpc/asm: Add a patch_site macro & helpers for patching instructions powerpc/64s: Add new security feature flags for count cache flush powerpc/64s: Add support for software count cache flush powerpc/pseries: Query hypervisor for count cache flush settings powerpc/powernv: Query firmware for count cache flush settings powerpc: Avoid code patching freed init sections powerpc/fsl: Add infrastructure to fixup branch predictor flush powerpc/fsl: Add macro to flush the branch predictor powerpc/fsl: Fix spectre_v2 mitigations reporting powerpc/fsl: Add nospectre_v2 command line argument powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) powerpc/fsl: Update Spectre v2 reporting powerpc/security: Fix spectre_v2 reporting powerpc/fsl: Fix the flush of branch predictor. tipc: handle the err returned from cmd header function slip: make slhc_free() silently accept an error pointer intel_th: gth: Fix an off-by-one in output unassigning fs/proc/proc_sysctl.c: Fix a NULL pointer dereference NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON tipc: check bearer name with right length in tipc_nl_compat_bearer_enable tipc: check link name with right length in tipc_nl_compat_link_set bpf: reject wrong sized filters earlier Revert "block/loop: Use global lock for ioctl() operation." ipv4: add sanity checks in ipv4_link_failure() team: fix possible recursive locking when add slaves net: stmmac: move stmmac_check_ether_addr() to driver probe ipv4: set the tcp_min_rtt_wlen range from 0 to one day powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used powerpc/fsl: Flush branch predictor when entering KVM powerpc/fsl: Emulate SPRN_BUCSR register powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) powerpc/fsl: Sanitize the syscall table for NXP PowerPC 32 bit platforms powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg Documentation: Add nospectre_v1 parameter usbnet: ipheth: prevent TX queue timeouts when device not ready usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set qlcnic: Avoid potential NULL pointer dereference netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() usb: gadget: net2280: Fix overrun of OUT messages usb: gadget: net2280: Fix net2280_dequeue() usb: gadget: net2272: Fix net2272_dequeue() ARM: dts: pfla02: increase phy reset duration net: ks8851: Dequeue RX packets explicitly net: ks8851: Reassert reset pin if chip ID check fails net: ks8851: Delay requesting IRQ until opened net: ks8851: Set initial carrier state to down net: xilinx: fix possible object reference leak net: ibm: fix possible object reference leak net: ethernet: ti: fix possible object reference leak scsi: qla4xxx: fix a potential NULL pointer dereference usb: u132-hcd: fix resource leak ceph: fix use-after-free on symlink traversal scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN libata: fix using DMA buffers on stack kconfig/[mn]conf: handle backspace (^H) key vfio/type1: Limit DMA mappings per container ALSA: line6: use dynamic buffers ipv4: ip_do_fragment: Preserve skb_iif during fragmentation ipv6/flowlabel: wait rcu grace period before put_pid() ipv6: invert flowlabel sharing check in process and user mode bnxt_en: Improve multicast address setup logic. packet: validate msg_namelen in send directly USB: yurex: Fix protection fault after device removal USB: w1 ds2490: Fix bug caused by improper use of altsetting array USB: core: Fix unterminated string returned by usb_string() USB: core: Fix bug caused by duplicate interface PM usage counter HID: debug: fix race condition with between rdesc_show() and device removal rtc: sh: Fix invalid alarm warning for non-enabled alarm igb: Fix WARN_ONCE on runtime suspend bonding: show full hw address in sysfs for slave entries jffs2: fix use-after-free on symlink traversal debugfs: fix use-after-free on symlink traversal rtc: da9063: set uie_unsupported when relevant vfio/pci: use correct format characters scsi: storvsc: Fix calculation of sub-channel count net: hns: Use NAPI_POLL_WEIGHT for hns driver net: hns: Fix WARNING when remove HNS driver with SMMU enabled hugetlbfs: fix memory leak for resv_map xsysace: Fix error handling in ace_setup ARM: orion: don't use using 64-bit DMA masks ARM: iop: don't use using 64-bit DMA masks usb: usbip: fix isoc packet num validation in get_pipe staging: iio: adt7316: allow adt751x to use internal vref for all dacs staging: iio: adt7316: fix the dac read calculation staging: iio: adt7316: fix the dac write calculation Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ selinux: never allow relabeling on context mounts x86/mce: Improve error message when kernel cannot recover, p2 media: v4l2: i2c: ov7670: Fix PLL bypass register values scsi: libsas: fix a race condition when smp task timeout ASoC:soc-pcm:fix a codec fixup issue in TDM case ASoC: cs4270: Set auto-increment bit for register writes ASoC: tlv320aic32x4: Fix Common Pins perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS scsi: csiostor: fix missing data copy in csio_scsi_err_handler() iommu/amd: Set exclusion range correctly genirq: Prevent use-after-free and work list corruption usb: dwc3: Fix default lpm_nyet_threshold value scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines Bluetooth: hidp: fix buffer overflow Bluetooth: Align minimum encryption key size for LE and BR/EDR connections UAS: fix alignment of scatter/gather segments ipv6: fix a potential deadlock in do_ipv6_setsockopt() ASoC: Intel: avoid Oops if DMA setup fails timer/debug: Change /proc/timer_stats from 0644 to 0600 netfilter: compat: initialize all fields in xt_init platform/x86: sony-laptop: Fix unintentional fall-through iio: adc: xilinx: fix potential use-after-free on remove HID: input: add mapping for Expose/Overview key HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys libnvdimm/btt: Fix a kmemdup failure check s390/dasd: Fix capacity calculation for large volumes s390/3270: fix lockdep false positive on view->lock KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing tools lib traceevent: Fix missing equality check for strcmp init: initialize jump labels before command line option parsing ipvs: do not schedule icmp errors from tunnels s390: ctcm: fix ctcm_new_device error return code selftests/net: correct the return value for run_netsocktests gpu: ipu-v3: dp: fix CSC handling cw1200: fix missing unlock on error in cw1200_hw_scan() x86/vdso: Pass --eh-frame-hdr to the linker Don't jump to compute_result state from check_result state locking/static_keys: Provide DECLARE and well as DEFINE macros x86/microcode/intel: Add a helper which gives the microcode revision x86: stop exporting msr-index.h to userland bitops: avoid integer overflow in GENMASK(_ULL) x86/microcode/intel: Check microcode revision before updating sibling threads x86/MCE: Save microcode revision in machine check records x86/cpufeatures: Hide AMD-specific speculation flags x86/speculation: Support Enhanced IBRS on future CPUs x86/speculation: Simplify the CPU bug detection logic x86/bugs: Add AMD's variant of SSB_NO x86/bugs: Add AMD's SPEC_CTRL MSR usage x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a new <linux/bits.h> file x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation x86/microcode: Make sure boot_cpu_data.microcode is up-to-date x86/microcode: Update the new microcode revision unconditionally x86/cpu: Sanitize FAM6_ATOM naming KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled x86/mm: Use WRITE_ONCE() when setting PTEs x86/speculation: Apply IBPB more strictly to avoid cross-process data leak x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation x86/speculation: Propagate information about RSB filling mitigation to sysfs x86/speculation: Update the TIF_SSBD comment x86/speculation: Clean up spectre_v2_parse_cmdline() x86/speculation: Remove unnecessary ret variable in cpu_show_common() x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() x86/speculation: Disable STIBP when enhanced IBRS is in use x86/speculation: Rename SSBD update functions x86/speculation: Reorganize speculation control MSRs update x86/Kconfig: Select SCHED_SMT if SMP enabled sched: Add sched_smt_active() x86/speculation: Rework SMT state change x86/speculation: Reorder the spec_v2 code x86/speculation: Mark string arrays const correctly x86/speculataion: Mark command line parser data __initdata x86/speculation: Unify conditional spectre v2 print functions x86/speculation: Add command line control for indirect branch speculation x86/speculation: Prepare for per task indirect branch speculation control x86/process: Consolidate and simplify switch_to_xtra() code x86/speculation: Avoid __switch_to_xtra() calls x86/speculation: Prepare for conditional IBPB in switch_mm() x86/speculation: Split out TIF update x86/speculation: Prepare arch_smt_update() for PRCTL mode x86/speculation: Prevent stale SPEC_CTRL msr content x86/speculation: Add prctl() control for indirect branch speculation x86/speculation: Enable prctl mode for spectre_v2_user x86/speculation: Add seccomp Spectre v2 user space protection mode x86/speculation: Provide IBPB always command line options kvm: x86: Report STIBP on GET_SUPPORTED_CPUID x86/msr-index: Cleanup bit defines x86/speculation: Consolidate CPU whitelists x86/speculation/mds: Add basic bug infrastructure for MDS x86/speculation/mds: Add BUG_MSBDS_ONLY x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests x86/speculation/mds: Add mds_clear_cpu_buffers() x86/speculation/mds: Clear CPU buffers on exit to user x86/speculation/mds: Conditionally clear CPU buffers on idle entry x86/speculation/mds: Add mitigation control for MDS x86/speculation/l1tf: Document l1tf in sysfs x86/speculation/mds: Add sysfs reporting for MDS x86/speculation/mds: Add mitigation mode VMWERV Documentation: Move L1TF to separate directory Documentation: Add MDS vulnerability documentation x86/cpu/bugs: Use __initconst for 'const' init data x86/speculation: Move arch_smt_update() call to after mitigation decisions x86/speculation/mds: Add SMT warning message x86/speculation/mds: Fix comment x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off cpu/speculation: Add 'mitigations=' cmdline option x86/speculation: Support 'mitigations=' cmdline option x86/speculation/mds: Add 'mitigations=' support for MDS x86/mds: Add MDSUM variant to the MDS documentation Documentation: Correct the possible MDS sysfs values x86/speculation/mds: Fix documentation typo x86/bugs: Change L1TF mitigation string to match upstream USB: serial: use variable for status USB: serial: fix unthrottle races powerpc/64s: Include cpu header bridge: Fix error path for kobject_init_and_add() net: ucc_geth - fix Oops when changing number of buffers in the ring packet: Fix error path in packet_init vlan: disable SIOCSHWTSTAMP in container vrf: sit mtu should not be updated when vrf netdev is the link ipv4: Fix raw socket lookup for local traffic bonding: fix arp_validate toggling in active-backup mode drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl powerpc/booke64: set RI in default MSR powerpc/lib: fix book3s/32 boot failure due to code patching Linux 4.4.180 Change-Id: I72f6c596cc992689d95abc8b5d1303d6ec22b051 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Ben Hutchings
|
a9bdfbd494 |
timer/debug: Change /proc/timer_stats from 0644 to 0600
The timer_stats facility should filter and translate PIDs if opened from a non-initial PID namespace, to avoid leaking information about the wider system. It should also not show kernel virtual addresses. Unfortunately it has now been removed upstream (as redundant) instead of being fixed. For stable, fix the leak by restricting access to root only. A similar change was already made for the /proc/timer_list file. Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Petri Gynther
|
1c1a8fe37f |
Merge 4.4.175 into android-msm-wahoo-4.4-lts
Linux 4.4.175
* uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
include/uapi/linux/if_ether.h
include/uapi/linux/libc-compat.h
* pinctrl: msm: fix gpio-hog related boot issues
drivers/pinctrl/qcom/pinctrl-msm.c
usb: dwc2: Remove unnecessary kfree
kaweth: use skb_cow_head() to deal with cloned skbs
ch9200: use skb_cow_head() to deal with cloned skbs
smsc95xx: Use skb_cow_head to deal with cloned skbs
dm thin: fix bug where bio that overwrites thin block ignores FUA
x86/a.out: Clear the dump structure initially
* signal: Restore the stop PTRACE_EVENT_EXIT
kernel/signal.c
* x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
drivers/firmware/efi/runtime-wrappers.c
tracing/uprobes: Fix output for multiple string arguments
alpha: Fix Eiger NR_IRQS to 128
alpha: fix page fault handling for r16-r18 targets
Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
Input: bma150 - register input device after setting private data
* ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
sound/usb/pcm.c
ALSA: hda - Add quirk for HP EliteBook 840 G5
* perf/core: Fix impossible ring-buffer sizes warning
kernel/events/ring_buffer.c
Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
Documentation/network: reword kernel version reference
cifs: Limit memory used by lock request calls to a page
gpio: pl061: handle failed allocations
ARM: dts: kirkwood: Fix polarity of GPIO fan lines
ARM: dts: da850-evm: Correct the sound card name
* uapi/if_ether.h: prevent redefinition of struct ethhdr
include/uapi/linux/if_ether.h
include/uapi/linux/libc-compat.h
* Revert "exec: load_script: don't blindly truncate shebang string"
fs/binfmt_script.c
batman-adv: Force mac header to start of data on xmit
batman-adv: Avoid WARN on net_device without parent in netns
* xfrm: refine validation of template and selector families
net/xfrm/xfrm_user.c
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
* Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)"
fs/cifs/Kconfig
NFC: nxp-nci: Include unaligned.h instead of access_ok.h
* HID: debug: fix the ring buffer implementation
drivers/hid/hid-debug.c
include/linux/hid-debug.h
drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
drm/vmwgfx: Fix setting of dma masks
drm/modes: Prevent division by zero htotal
mac80211: ensure that mgmt tx skbs have tailroom for encryption
ARM: iop32x/n2100: fix PCI IRQ mapping
MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled
mips: cm: reprime error cause
* debugfs: fix debugfs_rename parameter checking
fs/debugfs/inode.c
misc: vexpress: Off by one in vexpress_syscfg_exec()
* signal: Better detection of synchronous signals
kernel/signal.c
* signal: Always notice exiting tasks
kernel/signal.c
mtd: rawnand: gpmi: fix MX28 bus master lockup problem
perf tests evsel-tp-sched: Fix bitwise operator
* perf/core: Don't WARN() for impossible ring-buffer sizes
kernel/events/ring_buffer.c
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/x86/intel/uncore: Add Node ID mask
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
usb: gadget: udc: net2272: Fix bitwise and boolean operations
usb: phy: am335x: fix race condition in _probe
dmaengine: imx-dma: fix wrong callback invoke
* fuse: handle zero sized retrieve correctly
fs/fuse/dev.c
* fuse: decrement NR_WRITEBACK_TEMP on the right page
fs/fuse/file.c
* fuse: call pipe_buf_release() under pipe lock
fs/fuse/dev.c
ALSA: hda - Serialize codec registrations
* ALSA: compress: Fix stop handling on compressed capture streams
include/sound/compress_driver.h
net: dsa: slave: Don't propagate flag changes on down slave interfaces
net: systemport: Fix WoL with password after deep sleep
skge: potential memory corruption in skge_get_regs()
net: dp83640: expire old TX-skb
enic: fix checksum validation for IPv6
dccp: fool proof ccid_hc_[rt]x_parse_options()
* string: drop __must_check from strscpy() and restore strscpy() usages in cgroup
include/linux/string.h
tipc: use destination length for copy string
test_hexdump: use memcpy instead of strncpy
* thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
drivers/thermal/thermal_hwmon.h
* exec: load_script: don't blindly truncate shebang string
fs/binfmt_script.c
* fs/epoll: drop ovflist branch prediction
fs/eventpoll.c
* kernel/hung_task.c: break RCU locks based on jiffies
kernel/hung_task.c
HID: lenovo: Add checks to fix of_led_classdev_register
block/swim3: Fix -EBUSY error when re-opening device after unmount
gdrom: fix a memory leak bug
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
ocfs2: don't clear bh uptodate for block read
scripts/decode_stacktrace: only strip base path when a prefix of the path
niu: fix missing checks of niu_pci_eeprom_read
um: Avoid marking pages with "changed protection"
cifs: check ntwrk_buf_start for NULL before dereferencing it
crypto: ux500 - Use proper enum in hash_set_dma_transfer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
* seq_buf: Make seq_buf_puts() null-terminate the buffer
lib/seq_buf.c
hwmon: (lm80) fix a missing check of bus read in lm80 probe
hwmon: (lm80) fix a missing check of the status of SMBus read
NFS: nfs_compare_mount_options always compare auth flavors.
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
fbdev: fbcon: Fix unregister crash when more than one framebuffer
igb: Fix an issue that PME is not enabled during runtime suspend
* fbdev: fbmem: behave better with small rotated displays and many CPUs
drivers/video/fbdev/core/fbmem.c
video: clps711x-fb: release disp device node in probe()
drbd: Avoid Clang warning about pointless switch statment
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: narrow rcu_read_lock in drbd_sync_handshake
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
* Bluetooth: Fix unnecessary error message for HCI request completion
net/bluetooth/hci_event.c
* xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
net/ipv6/xfrm6_tunnel.c
mac80211: fix radiotap vendor presence bitmap handling
powerpc/uaccess: fix warning/error with access_ok()
arm64: KVM: Skip MMIO insn after emulation
tty: serial: samsung: Properly set flags in autoCTS mode
memstick: Prevent memstick host from getting runtime suspended during card detection
* ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
sound/soc/fsl/Kconfig
ARM: pxa: avoid section mismatch warning
udf: Fix BUG on corrupted inode
i2c-axxia: check for error conditions first
cpuidle: big.LITTLE: fix refcount leak
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
sata_rcar: fix deferred probing
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
mips: bpf: fix encoding bug for mm_srlv32_op
ARM: dts: Fix OMAP4430 SDP Ethernet startup
* timekeeping: Use proper seqcount initializer
kernel/time/timekeeping.c
* usb: hub: delay hub autosuspend if USB3 port is still link training
drivers/usb/core/hub.c
* smack: fix access permissions for keyring
security/smack/smack_lsm.c
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
x86/fpu: Add might_fault() to user_insn()
ARM: dts: mmp2: fix TWSI2
arm64: ftrace: don't adjust the LR value
nfsd4: fix crash on writing v4_end_grace before nfsd startup
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
f2fs: fix wrong return value of f2fs_acl_create
f2fs: move dir data flush to write checkpoint process
soc/tegra: Don't leak device tree node reference
perf tools: Add Hygon Dhyana support
* modpost: validate symbol names also in find_elf_symbol
scripts/mod/modpost.c
ARM: OMAP2+: hwmod: Fix some section annotations
staging: iio: ad7780: update voltage on read
staging:iio:ad2s90: Make probe handle spi_setup failure
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
serial: fsl_lpuart: clear parity enable bit when disable parity
powerpc/pseries: add of_node_put() in dlpar_detach_node()
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
dlm: Don't swamp the CPU with callbacks queued during recovery
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
scsi: lpfc: Correct LCB RJT handling
ASoC: Intel: mrfld: fix uninitialized variable access
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
drm/bufs: Fix Spectre v1 vulnerability
Change-Id: If064e7646cc87070a5c0a6b8f8b935cd93f5c88d
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Nathan Chancellor
|
b4daa97401 |
Merge 4.4.175 into android-msm-wahoo-4.4
Changes in 4.4.175: (144 commits)
drm/bufs: Fix Spectre v1 vulnerability
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
ASoC: Intel: mrfld: fix uninitialized variable access
scsi: lpfc: Correct LCB RJT handling
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
dlm: Don't swamp the CPU with callbacks queued during recovery
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
powerpc/pseries: add of_node_put() in dlpar_detach_node()
serial: fsl_lpuart: clear parity enable bit when disable parity
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
staging:iio:ad2s90: Make probe handle spi_setup failure
staging: iio: ad7780: update voltage on read
ARM: OMAP2+: hwmod: Fix some section annotations
modpost: validate symbol names also in find_elf_symbol
perf tools: Add Hygon Dhyana support
soc/tegra: Don't leak device tree node reference
f2fs: move dir data flush to write checkpoint process
f2fs: fix wrong return value of f2fs_acl_create
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
nfsd4: fix crash on writing v4_end_grace before nfsd startup
arm64: ftrace: don't adjust the LR value
ARM: dts: mmp2: fix TWSI2
x86/fpu: Add might_fault() to user_insn()
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
smack: fix access permissions for keyring
usb: hub: delay hub autosuspend if USB3 port is still link training
timekeeping: Use proper seqcount initializer
ARM: dts: Fix OMAP4430 SDP Ethernet startup
mips: bpf: fix encoding bug for mm_srlv32_op
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
sata_rcar: fix deferred probing
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
cpuidle: big.LITTLE: fix refcount leak
i2c-axxia: check for error conditions first
udf: Fix BUG on corrupted inode
ARM: pxa: avoid section mismatch warning
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
memstick: Prevent memstick host from getting runtime suspended during card detection
tty: serial: samsung: Properly set flags in autoCTS mode
arm64: KVM: Skip MMIO insn after emulation
powerpc/uaccess: fix warning/error with access_ok()
mac80211: fix radiotap vendor presence bitmap handling
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
Bluetooth: Fix unnecessary error message for HCI request completion
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
drbd: narrow rcu_read_lock in drbd_sync_handshake
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: Avoid Clang warning about pointless switch statment
video: clps711x-fb: release disp device node in probe()
fbdev: fbmem: behave better with small rotated displays and many CPUs
igb: Fix an issue that PME is not enabled during runtime suspend
fbdev: fbcon: Fix unregister crash when more than one framebuffer
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
NFS: nfs_compare_mount_options always compare auth flavors.
hwmon: (lm80) fix a missing check of the status of SMBus read
hwmon: (lm80) fix a missing check of bus read in lm80 probe
seq_buf: Make seq_buf_puts() null-terminate the buffer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
crypto: ux500 - Use proper enum in hash_set_dma_transfer
cifs: check ntwrk_buf_start for NULL before dereferencing it
um: Avoid marking pages with "changed protection"
niu: fix missing checks of niu_pci_eeprom_read
scripts/decode_stacktrace: only strip base path when a prefix of the path
ocfs2: don't clear bh uptodate for block read
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
gdrom: fix a memory leak bug
block/swim3: Fix -EBUSY error when re-opening device after unmount
HID: lenovo: Add checks to fix of_led_classdev_register
kernel/hung_task.c: break RCU locks based on jiffies
fs/epoll: drop ovflist branch prediction
exec: load_script: don't blindly truncate shebang string
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
test_hexdump: use memcpy instead of strncpy
tipc: use destination length for copy string
string: drop __must_check from strscpy() and restore strscpy() usages in cgroup
dccp: fool proof ccid_hc_[rt]x_parse_options()
enic: fix checksum validation for IPv6
net: dp83640: expire old TX-skb
skge: potential memory corruption in skge_get_regs()
net: systemport: Fix WoL with password after deep sleep
net: dsa: slave: Don't propagate flag changes on down slave interfaces
ALSA: compress: Fix stop handling on compressed capture streams
ALSA: hda - Serialize codec registrations
fuse: call pipe_buf_release() under pipe lock
fuse: decrement NR_WRITEBACK_TEMP on the right page
fuse: handle zero sized retrieve correctly
dmaengine: imx-dma: fix wrong callback invoke
usb: phy: am335x: fix race condition in _probe
usb: gadget: udc: net2272: Fix bitwise and boolean operations
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
perf/x86/intel/uncore: Add Node ID mask
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/core: Don't WARN() for impossible ring-buffer sizes
perf tests evsel-tp-sched: Fix bitwise operator
mtd: rawnand: gpmi: fix MX28 bus master lockup problem
signal: Always notice exiting tasks
signal: Better detection of synchronous signals
misc: vexpress: Off by one in vexpress_syscfg_exec()
debugfs: fix debugfs_rename parameter checking
mips: cm: reprime error cause
MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled
MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds
ARM: iop32x/n2100: fix PCI IRQ mapping
mac80211: ensure that mgmt tx skbs have tailroom for encryption
drm/modes: Prevent division by zero htotal
drm/vmwgfx: Fix setting of dma masks
drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user
HID: debug: fix the ring buffer implementation
NFC: nxp-nci: Include unaligned.h instead of access_ok.h
Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)"
libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive()
xfrm: refine validation of template and selector families
batman-adv: Avoid WARN on net_device without parent in netns
batman-adv: Force mac header to start of data on xmit
Revert "exec: load_script: don't blindly truncate shebang string"
uapi/if_ether.h: prevent redefinition of struct ethhdr
ARM: dts: da850-evm: Correct the sound card name
ARM: dts: kirkwood: Fix polarity of GPIO fan lines
gpio: pl061: handle failed allocations
cifs: Limit memory used by lock request calls to a page
Documentation/network: reword kernel version reference
Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G"
Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK
perf/core: Fix impossible ring-buffer sizes warning
ALSA: hda - Add quirk for HP EliteBook 840 G5
ALSA: usb-audio: Fix implicit fb endpoint setup by quirk
Input: bma150 - register input device after setting private data
Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780
alpha: fix page fault handling for r16-r18 targets
alpha: Fix Eiger NR_IRQS to 128
tracing/uprobes: Fix output for multiple string arguments
x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls
signal: Restore the stop PTRACE_EVENT_EXIT
x86/a.out: Clear the dump structure initially
dm thin: fix bug where bio that overwrites thin block ignores FUA
smsc95xx: Use skb_cow_head to deal with cloned skbs
ch9200: use skb_cow_head() to deal with cloned skbs
kaweth: use skb_cow_head() to deal with cloned skbs
usb: dwc2: Remove unnecessary kfree
pinctrl: msm: fix gpio-hog related boot issues
uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define
Linux 4.4.175
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
|
||
|
Greg Kroah-Hartman
|
d93cfb73cd |
Merge 4.4.175 into android-4.4-p
Changes in 4.4.175 drm/bufs: Fix Spectre v1 vulnerability staging: iio: adc: ad7280a: handle error from __ad7280_read32() ASoC: Intel: mrfld: fix uninitialized variable access scsi: lpfc: Correct LCB RJT handling ARM: 8808/1: kexec:offline panic_smp_self_stop CPU dlm: Don't swamp the CPU with callbacks queued during recovery x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux) powerpc/pseries: add of_node_put() in dlpar_detach_node() serial: fsl_lpuart: clear parity enable bit when disable parity ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl staging:iio:ad2s90: Make probe handle spi_setup failure staging: iio: ad7780: update voltage on read ARM: OMAP2+: hwmod: Fix some section annotations modpost: validate symbol names also in find_elf_symbol perf tools: Add Hygon Dhyana support soc/tegra: Don't leak device tree node reference f2fs: move dir data flush to write checkpoint process f2fs: fix wrong return value of f2fs_acl_create sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN nfsd4: fix crash on writing v4_end_grace before nfsd startup arm64: ftrace: don't adjust the LR value ARM: dts: mmp2: fix TWSI2 x86/fpu: Add might_fault() to user_insn() media: DaVinci-VPBE: fix error handling in vpbe_initialize() smack: fix access permissions for keyring usb: hub: delay hub autosuspend if USB3 port is still link training timekeeping: Use proper seqcount initializer ARM: dts: Fix OMAP4430 SDP Ethernet startup mips: bpf: fix encoding bug for mm_srlv32_op iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer sata_rcar: fix deferred probing clk: imx6sl: ensure MMDC CH0 handshake is bypassed cpuidle: big.LITTLE: fix refcount leak i2c-axxia: check for error conditions first udf: Fix BUG on corrupted inode ARM: pxa: avoid section mismatch warning ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M memstick: Prevent memstick host from getting runtime suspended during card detection tty: serial: samsung: Properly set flags in autoCTS mode arm64: KVM: Skip MMIO insn after emulation powerpc/uaccess: fix warning/error with access_ok() mac80211: fix radiotap vendor presence bitmap handling xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi Bluetooth: Fix unnecessary error message for HCI request completion cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() drbd: narrow rcu_read_lock in drbd_sync_handshake drbd: disconnect, if the wrong UUIDs are attached on a connected peer drbd: skip spurious timeout (ping-timeo) when failing promote drbd: Avoid Clang warning about pointless switch statment video: clps711x-fb: release disp device node in probe() fbdev: fbmem: behave better with small rotated displays and many CPUs igb: Fix an issue that PME is not enabled during runtime suspend fbdev: fbcon: Fix unregister crash when more than one framebuffer KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported NFS: nfs_compare_mount_options always compare auth flavors. hwmon: (lm80) fix a missing check of the status of SMBus read hwmon: (lm80) fix a missing check of bus read in lm80 probe seq_buf: Make seq_buf_puts() null-terminate the buffer crypto: ux500 - Use proper enum in cryp_set_dma_transfer crypto: ux500 - Use proper enum in hash_set_dma_transfer cifs: check ntwrk_buf_start for NULL before dereferencing it um: Avoid marking pages with "changed protection" niu: fix missing checks of niu_pci_eeprom_read scripts/decode_stacktrace: only strip base path when a prefix of the path ocfs2: don't clear bh uptodate for block read isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() gdrom: fix a memory leak bug block/swim3: Fix -EBUSY error when re-opening device after unmount HID: lenovo: Add checks to fix of_led_classdev_register kernel/hung_task.c: break RCU locks based on jiffies fs/epoll: drop ovflist branch prediction exec: load_script: don't blindly truncate shebang string thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set test_hexdump: use memcpy instead of strncpy tipc: use destination length for copy string string: drop __must_check from strscpy() and restore strscpy() usages in cgroup dccp: fool proof ccid_hc_[rt]x_parse_options() enic: fix checksum validation for IPv6 net: dp83640: expire old TX-skb skge: potential memory corruption in skge_get_regs() net: systemport: Fix WoL with password after deep sleep net: dsa: slave: Don't propagate flag changes on down slave interfaces ALSA: compress: Fix stop handling on compressed capture streams ALSA: hda - Serialize codec registrations fuse: call pipe_buf_release() under pipe lock fuse: decrement NR_WRITEBACK_TEMP on the right page fuse: handle zero sized retrieve correctly dmaengine: imx-dma: fix wrong callback invoke usb: phy: am335x: fix race condition in _probe usb: gadget: udc: net2272: Fix bitwise and boolean operations KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) perf/x86/intel/uncore: Add Node ID mask x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out() perf/core: Don't WARN() for impossible ring-buffer sizes perf tests evsel-tp-sched: Fix bitwise operator mtd: rawnand: gpmi: fix MX28 bus master lockup problem signal: Always notice exiting tasks signal: Better detection of synchronous signals misc: vexpress: Off by one in vexpress_syscfg_exec() debugfs: fix debugfs_rename parameter checking mips: cm: reprime error cause MIPS: OCTEON: don't set octeon_dma_bar_type if PCI is disabled MIPS: VDSO: Include $(ccflags-vdso) in o32,n32 .lds builds ARM: iop32x/n2100: fix PCI IRQ mapping mac80211: ensure that mgmt tx skbs have tailroom for encryption drm/modes: Prevent division by zero htotal drm/vmwgfx: Fix setting of dma masks drm/vmwgfx: Return error code from vmw_execbuf_copy_fence_user HID: debug: fix the ring buffer implementation NFC: nxp-nci: Include unaligned.h instead of access_ok.h Revert "cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)" libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() xfrm: refine validation of template and selector families batman-adv: Avoid WARN on net_device without parent in netns batman-adv: Force mac header to start of data on xmit Revert "exec: load_script: don't blindly truncate shebang string" uapi/if_ether.h: prevent redefinition of struct ethhdr ARM: dts: da850-evm: Correct the sound card name ARM: dts: kirkwood: Fix polarity of GPIO fan lines gpio: pl061: handle failed allocations cifs: Limit memory used by lock request calls to a page Documentation/network: reword kernel version reference Revert "Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G" Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK perf/core: Fix impossible ring-buffer sizes warning ALSA: hda - Add quirk for HP EliteBook 840 G5 ALSA: usb-audio: Fix implicit fb endpoint setup by quirk Input: bma150 - register input device after setting private data Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 alpha: fix page fault handling for r16-r18 targets alpha: Fix Eiger NR_IRQS to 128 tracing/uprobes: Fix output for multiple string arguments x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls signal: Restore the stop PTRACE_EVENT_EXIT x86/a.out: Clear the dump structure initially dm thin: fix bug where bio that overwrites thin block ignores FUA smsc95xx: Use skb_cow_head to deal with cloned skbs ch9200: use skb_cow_head() to deal with cloned skbs kaweth: use skb_cow_head() to deal with cloned skbs usb: dwc2: Remove unnecessary kfree pinctrl: msm: fix gpio-hog related boot issues uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define Linux 4.4.175 Change-Id: Icf5316d73fea133f42eda7113b196de74c9ba7f6 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Bart Van Assche
|
eb9c64e728 |
timekeeping: Use proper seqcount initializer
[ Upstream commit ce10a5b3954f2514af726beb78ed8d7350c5e41c ] tk_core.seq is initialized open coded, but that misses to initialize the lockdep map when lockdep is enabled. Lockdep splats involving tk_core seq consequently lack a name and are hard to read. Use the proper initializer which takes care of the lockdep map initialization. [ tglx: Massaged changelog ] Signed-off-by: Bart Van Assche <bvanassche@acm.org> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: peterz@infradead.org Cc: tj@kernel.org Cc: johannes.berg@intel.com Link: https://lkml.kernel.org/r/20181128234325.110011-12-bvanassche@acm.org Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Petri Gynther
|
d7eb2d1549 |
Merge 4.4.169 into android-msm-wahoo-4.4-lts
Linux 4.4.169
ALSA: isa/wavefront: prevent some out of bound writes
rtc: snvs: Add timeouts to avoid kernel lockups
rtc: snvs: add a missing write sync
i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
i2c: axxia: properly handle master timeout
* cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
fs/cifs/Kconfig
ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling
mv88e6060: disable hardware level MAC learning
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
Input: omap-keypad - fix keyboard debounce configuration
clk: mmp: Off by one in mmp_clk_add()
ide: pmac: add of_node_put()
drivers/tty: add missing of_node_put()
drivers/sbus/char: add of_node_put()
sbus: char: add of_node_put()
SUNRPC: Fix a potential race in xprt_connect()
* bonding: fix 802.3ad state sent to partner when unbinding slave
drivers/net/bonding/bond_3ad.c
ARC: io.h: Implement reads{x}()/writes{x}()
drm/msm: Grab a vblank reference when waiting for commit_done
x86/earlyprintk/efi: Fix infinite loop on some screen widths
scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload
scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
mac80211_hwsim: fix module init error paths for netlink
mac80211: Fix condition validating WMM IE
mac80211: don't WARN on bad WMM parameters from buggy APs
f2fs: fix a panic caused by NULL flush_cmd_control
Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
powerpc/msi: Fix NULL pointer access in teardown code
tracing: Fix memory leak of instance function hash filters
* tracing: Fix memory leak in set_trigger_filter()
kernel/trace/trace_events_trigger.c
MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
* aio: fix spectre gadget in lookup_ioctx
fs/aio.c
pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
powerpc/boot: Fix random libfdt related build errors
* timer/debug: Change /proc/timer_list from 0444 to 0400
kernel/time/timer_list.c
lib/interval_tree_test.c: allow users to limit scope of endpoint
lib/rbtree-test: lower default params
lib/rbtree_test.c: make input module parameters
lib/interval_tree_test.c: allow full tree search
lib/interval_tree_test.c: make test options module parameters
Change-Id: I1fe38fe51dbdee291374b3e7b6f51fc53bc2f8fa
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Nathan Chancellor
|
43356f2b3b |
Merge 4.4.169 into android-msm-wahoo-4.4
Changes in 4.4.169: (41 commits)
lib/interval_tree_test.c: make test options module parameters
lib/interval_tree_test.c: allow full tree search
lib/rbtree_test.c: make input module parameters
lib/rbtree-test: lower default params
lib/interval_tree_test.c: allow users to limit scope of endpoint
timer/debug: Change /proc/timer_list from 0444 to 0400
powerpc/boot: Fix random libfdt related build errors
pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
aio: fix spectre gadget in lookup_ioctx
MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
tracing: Fix memory leak in set_trigger_filter()
tracing: Fix memory leak of instance function hash filters
powerpc/msi: Fix NULL pointer access in teardown code
Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
f2fs: fix a panic caused by NULL flush_cmd_control
mac80211: don't WARN on bad WMM parameters from buggy APs
mac80211: Fix condition validating WMM IE
mac80211_hwsim: fix module init error paths for netlink
scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload
x86/earlyprintk/efi: Fix infinite loop on some screen widths
drm/msm: Grab a vblank reference when waiting for commit_done
ARC: io.h: Implement reads{x}()/writes{x}()
bonding: fix 802.3ad state sent to partner when unbinding slave
SUNRPC: Fix a potential race in xprt_connect()
sbus: char: add of_node_put()
drivers/sbus/char: add of_node_put()
drivers/tty: add missing of_node_put()
ide: pmac: add of_node_put()
clk: mmp: Off by one in mmp_clk_add()
Input: omap-keypad - fix keyboard debounce configuration
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
mv88e6060: disable hardware level MAC learning
ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling
cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
i2c: axxia: properly handle master timeout
i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
rtc: snvs: add a missing write sync
rtc: snvs: Add timeouts to avoid kernel lockups
ALSA: isa/wavefront: prevent some out of bound writes
Linux 4.4.169
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/gpu/drm/msm/msm_atomic.c
|
||
|
Greg Kroah-Hartman
|
908e869944 |
Merge 4.4.169 into android-4.4-p
Changes in 4.4.169
lib/interval_tree_test.c: make test options module parameters
lib/interval_tree_test.c: allow full tree search
lib/rbtree_test.c: make input module parameters
lib/rbtree-test: lower default params
lib/interval_tree_test.c: allow users to limit scope of endpoint
timer/debug: Change /proc/timer_list from 0444 to 0400
powerpc/boot: Fix random libfdt related build errors
pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11
aio: fix spectre gadget in lookup_ioctx
MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310
tracing: Fix memory leak in set_trigger_filter()
tracing: Fix memory leak of instance function hash filters
powerpc/msi: Fix NULL pointer access in teardown code
Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec"
f2fs: fix a panic caused by NULL flush_cmd_control
mac80211: don't WARN on bad WMM parameters from buggy APs
mac80211: Fix condition validating WMM IE
mac80211_hwsim: fix module init error paths for netlink
scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset
scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload
x86/earlyprintk/efi: Fix infinite loop on some screen widths
drm/msm: Grab a vblank reference when waiting for commit_done
ARC: io.h: Implement reads{x}()/writes{x}()
bonding: fix 802.3ad state sent to partner when unbinding slave
SUNRPC: Fix a potential race in xprt_connect()
sbus: char: add of_node_put()
drivers/sbus/char: add of_node_put()
drivers/tty: add missing of_node_put()
ide: pmac: add of_node_put()
clk: mmp: Off by one in mmp_clk_add()
Input: omap-keypad - fix keyboard debounce configuration
libata: whitelist all SAMSUNG MZ7KM* solid-state disks
mv88e6060: disable hardware level MAC learning
ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling
cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs)
i2c: axxia: properly handle master timeout
i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node
rtc: snvs: add a missing write sync
rtc: snvs: Add timeouts to avoid kernel lockups
ALSA: isa/wavefront: prevent some out of bound writes
Linux 4.4.169
Change-Id: Ic00ba639ef8c4d6fbe19c872b33f30af7371971d
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Ingo Molnar
|
bd5ceb985c |
timer/debug: Change /proc/timer_list from 0444 to 0400
[ Upstream commit 8e7df2b5b7f245c9bd11064712db5cb69044a362 ] While it uses %pK, there's still few reasons to read this file as non-root. Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Acked-by: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
4074ea50e0 |
Merge 4.4.168 into android-4.4-p
Changes in 4.4.168
ipv6: Check available headroom in ip6_xmit() even without options
net: 8139cp: fix a BUG triggered by changing mtu with network traffic
net: phy: don't allow __set_phy_supported to add unsupported modes
net: Prevent invalid access to skb->prev in __qdisc_drop_all
rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
tcp: fix NULL ref in tail loss probe
tun: forbid iface creation with rtnl ops
neighbour: Avoid writing before skb->head in neigh_hh_output()
ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup
ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
sysv: return 'err' instead of 0 in __sysv_write_inode
s390/cpum_cf: Reject request for sampling in event initialization
hwmon: (ina2xx) Fix current value calculation
ASoC: dapm: Recalculate audio map forcely when card instantiated
hwmon: (w83795) temp4_type has writable permission
Btrfs: send, fix infinite loop due to directory rename dependencies
ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
exportfs: do not read dentry after free
bpf: fix check of allowed specifiers in bpf_trace_printk
USB: omap_udc: use devm_request_irq()
USB: omap_udc: fix crashes on probe error and module removal
USB: omap_udc: fix omap_udc_start() on 15xx machines
USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
KVM: x86: fix empty-body warnings
net: thunderx: fix NULL pointer dereference in nic_remove
ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
net: hisilicon: remove unexpected free_netdev
drm/ast: fixed reading monitor EDID not stable issue
xen: xlate_mmu: add missing header to fix 'W=1' warning
fscache: fix race between enablement and dropping of object
fscache, cachefiles: remove redundant variable 'cache'
ocfs2: fix deadlock caused by ocfs2_defrag_extent()
hfs: do not free node before using
hfsplus: do not free node before using
debugobjects: avoid recursive calls with kmemleak
ocfs2: fix potential use after free
pstore: Convert console write to use ->write_buf
ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
KVM: nVMX: mark vmcs12 pages dirty on L2 exit
KVM: nVMX: Eliminate vmcs02 pool
KVM: VMX: introduce alloc_loaded_vmcs
KVM: VMX: make MSR bitmaps per-VCPU
KVM/x86: Add IBPB support
KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
x86: reorganize SMAP handling in user space accesses
x86: fix SMAP in 32-bit environments
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
KVM: SVM: Move spec control call after restore of GS
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
bpf: support 8-byte metafield access
bpf/verifier: Add spi variable to check_stack_write()
bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()
bpf: Prevent memory disambiguation attack
wil6210: missing length check in wmi_set_ie
posix-timers: Sanitize overrun handling
mm/hugetlb.c: don't call region_abort if region_chg fails
hugetlbfs: fix offset overflow in hugetlbfs mmap
hugetlbfs: check for pgoff value overflow
hugetlbfs: fix bug in pgoff overflow checking
swiotlb: clean up reporting
sr: pass down correctly sized SCSI sense buffer
mm: remove write/force parameters from __get_user_pages_locked()
mm: remove write/force parameters from __get_user_pages_unlocked()
mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages()
mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
mm: replace get_user_pages_locked() write/force parameters with gup_flags
mm: replace get_vaddr_frames() write/force parameters with gup_flags
mm: replace get_user_pages() write/force parameters with gup_flags
mm: replace __access_remote_vm() write parameter with gup_flags
mm: replace access_remote_vm() write parameter with gup_flags
proc: don't use FOLL_FORCE for reading cmdline and environment
proc: do not access cmdline nor environ from file-backed areas
media: dvb-frontends: fix i2c access helpers for KASAN
matroxfb: fix size of memcpy
staging: speakup: Replace strncpy with memcpy
rocker: fix rocker_tlv_put_* functions for KASAN
selftests: Move networking/timestamping from Documentation
Linux 4.4.168
Change-Id: Icd04a723739ae5e38258a2f6b0aee875f306a0bc
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Petri Gynther
|
d2140a64de |
Merge 4.4.168 into android-msm-wahoo-4.4-lts
Linux 4.4.168
selftests: Move networking/timestamping from Documentation
rocker: fix rocker_tlv_put_* functions for KASAN
staging: speakup: Replace strncpy with memcpy
matroxfb: fix size of memcpy
media: dvb-frontends: fix i2c access helpers for KASAN
* proc: do not access cmdline nor environ from file-backed areas
fs/proc/base.c
include/linux/mm.h
mm/gup.c
* proc: don't use FOLL_FORCE for reading cmdline and environment
fs/proc/base.c
* mm: replace access_remote_vm() write parameter with gup_flags
fs/proc/base.c
include/linux/mm.h
mm/memory.c
* mm: replace __access_remote_vm() write parameter with gup_flags
mm/memory.c
* mm: replace get_user_pages() write/force parameters with gup_flags
fs/exec.c
include/linux/mm.h
mm/gup.c
mm/memory.c
* mm: replace get_vaddr_frames() write/force parameters with gup_flags
include/linux/mm.h
* mm: replace get_user_pages_locked() write/force parameters with gup_flags
include/linux/mm.h
mm/gup.c
* mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
include/linux/mm.h
mm/gup.c
mm/process_vm_access.c
mm/util.c
mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages()
* mm: remove write/force parameters from __get_user_pages_unlocked()
include/linux/mm.h
mm/gup.c
* mm: remove write/force parameters from __get_user_pages_locked()
mm/gup.c
sr: pass down correctly sized SCSI sense buffer
* swiotlb: clean up reporting
lib/swiotlb.c
hugetlbfs: fix bug in pgoff overflow checking
hugetlbfs: check for pgoff value overflow
hugetlbfs: fix offset overflow in hugetlbfs mmap
mm/hugetlb.c: don't call region_abort if region_chg fails
* posix-timers: Sanitize overrun handling
include/linux/posix-timers.h
kernel/time/posix-cpu-timers.c
kernel/time/posix-timers.c
wil6210: missing length check in wmi_set_ie
bpf: Prevent memory disambiguation attack
bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()
bpf/verifier: Add spi variable to check_stack_write()
bpf: support 8-byte metafield access
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
KVM: SVM: Move spec control call after restore of GS
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86: fix SMAP in 32-bit environments
x86: reorganize SMAP handling in user space accesses
KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
KVM/x86: Add IBPB support
KVM: VMX: make MSR bitmaps per-VCPU
KVM: VMX: introduce alloc_loaded_vmcs
KVM: nVMX: Eliminate vmcs02 pool
KVM: nVMX: mark vmcs12 pages dirty on L2 exit
KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
* ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
include/sound/pcm.h
sound/core/pcm_lib.c
sound/core/pcm_native.c
* pstore: Convert console write to use ->write_buf
fs/pstore/platform.c
ocfs2: fix potential use after free
debugobjects: avoid recursive calls with kmemleak
hfsplus: do not free node before using
hfs: do not free node before using
ocfs2: fix deadlock caused by ocfs2_defrag_extent()
fscache, cachefiles: remove redundant variable 'cache'
fscache: fix race between enablement and dropping of object
xen: xlate_mmu: add missing header to fix 'W=1' warning
drm/ast: fixed reading monitor EDID not stable issue
net: hisilicon: remove unexpected free_netdev
ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
net: thunderx: fix NULL pointer dereference in nic_remove
KVM: x86: fix empty-body warnings
USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
USB: omap_udc: fix omap_udc_start() on 15xx machines
USB: omap_udc: fix crashes on probe error and module removal
USB: omap_udc: use devm_request_irq()
bpf: fix check of allowed specifiers in bpf_trace_printk
exportfs: do not read dentry after free
ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
Btrfs: send, fix infinite loop due to directory rename dependencies
hwmon: (w83795) temp4_type has writable permission
* ASoC: dapm: Recalculate audio map forcely when card instantiated
sound/soc/soc-core.c
hwmon: (ina2xx) Fix current value calculation
s390/cpum_cf: Reject request for sampling in event initialization
sysv: return 'err' instead of 0 in __sysv_write_inode
ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup
* neighbour: Avoid writing before skb->head in neigh_hh_output()
include/net/neighbour.h
* tun: forbid iface creation with rtnl ops
drivers/net/tun.c
* tcp: fix NULL ref in tail loss probe
net/ipv4/tcp_output.c
* rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
net/core/rtnetlink.c
net: Prevent invalid access to skb->prev in __qdisc_drop_all
* net: phy: don't allow __set_phy_supported to add unsupported modes
drivers/net/phy/phy_device.c
net: 8139cp: fix a BUG triggered by changing mtu with network traffic
* ipv6: Check available headroom in ip6_xmit() even without options
net/ipv6/ip6_output.c
Change-Id: Ifee8847fb2dcd30035801e50ffef3aebbf08c289
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Nathan Chancellor
|
3ca05e0d41 |
Merge 4.4.168 into android-msm-wahoo-4.4
Changes in 4.4.168: (89 commits)
ipv6: Check available headroom in ip6_xmit() even without options
net: 8139cp: fix a BUG triggered by changing mtu with network traffic
net: phy: don't allow __set_phy_supported to add unsupported modes
net: Prevent invalid access to skb->prev in __qdisc_drop_all
rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices
tcp: fix NULL ref in tail loss probe
tun: forbid iface creation with rtnl ops
neighbour: Avoid writing before skb->head in neigh_hh_output()
ARM: OMAP2+: prm44xx: Fix section annotation on omap44xx_prm_enable_io_wakeup
ARM: OMAP1: ams-delta: Fix possible use of uninitialized field
sysv: return 'err' instead of 0 in __sysv_write_inode
s390/cpum_cf: Reject request for sampling in event initialization
hwmon: (ina2xx) Fix current value calculation
ASoC: dapm: Recalculate audio map forcely when card instantiated
hwmon: (w83795) temp4_type has writable permission
Btrfs: send, fix infinite loop due to directory rename dependencies
ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE
ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE
exportfs: do not read dentry after free
bpf: fix check of allowed specifiers in bpf_trace_printk
USB: omap_udc: use devm_request_irq()
USB: omap_udc: fix crashes on probe error and module removal
USB: omap_udc: fix omap_udc_start() on 15xx machines
USB: omap_udc: fix USB gadget functionality on Palm Tungsten E
KVM: x86: fix empty-body warnings
net: thunderx: fix NULL pointer dereference in nic_remove
ixgbe: recognize 1000BaseLX SFP modules as 1Gbps
net: hisilicon: remove unexpected free_netdev
drm/ast: fixed reading monitor EDID not stable issue
xen: xlate_mmu: add missing header to fix 'W=1' warning
fscache: fix race between enablement and dropping of object
fscache, cachefiles: remove redundant variable 'cache'
ocfs2: fix deadlock caused by ocfs2_defrag_extent()
hfs: do not free node before using
hfsplus: do not free node before using
debugobjects: avoid recursive calls with kmemleak
ocfs2: fix potential use after free
pstore: Convert console write to use ->write_buf
ALSA: pcm: remove SNDRV_PCM_IOCTL1_INFO internal command
KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC
KVM: nVMX: mark vmcs12 pages dirty on L2 exit
KVM: nVMX: Eliminate vmcs02 pool
KVM: VMX: introduce alloc_loaded_vmcs
KVM: VMX: make MSR bitmaps per-VCPU
KVM/x86: Add IBPB support
KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/x86: Remove indirect MSR op calls from SPEC_CTRL
x86: reorganize SMAP handling in user space accesses
x86: fix SMAP in 32-bit environments
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/bugs, KVM: Support the combination of guest and host IBRS
x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
KVM: SVM: Move spec control call after restore of GS
x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL
x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP
KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD
bpf: support 8-byte metafield access
bpf/verifier: Add spi variable to check_stack_write()
bpf/verifier: Pass instruction index to check_mem_access() and check_xadd()
bpf: Prevent memory disambiguation attack
wil6210: missing length check in wmi_set_ie
posix-timers: Sanitize overrun handling
mm/hugetlb.c: don't call region_abort if region_chg fails
hugetlbfs: fix offset overflow in hugetlbfs mmap
hugetlbfs: check for pgoff value overflow
hugetlbfs: fix bug in pgoff overflow checking
swiotlb: clean up reporting
sr: pass down correctly sized SCSI sense buffer
mm: remove write/force parameters from __get_user_pages_locked()
mm: remove write/force parameters from __get_user_pages_unlocked()
mm/nommu.c: Switch __get_user_pages_unlocked() to use __get_user_pages()
mm: replace get_user_pages_unlocked() write/force parameters with gup_flags
mm: replace get_user_pages_locked() write/force parameters with gup_flags
mm: replace get_vaddr_frames() write/force parameters with gup_flags
mm: replace get_user_pages() write/force parameters with gup_flags
mm: replace __access_remote_vm() write parameter with gup_flags
mm: replace access_remote_vm() write parameter with gup_flags
proc: don't use FOLL_FORCE for reading cmdline and environment
proc: do not access cmdline nor environ from file-backed areas
media: dvb-frontends: fix i2c access helpers for KASAN
matroxfb: fix size of memcpy
staging: speakup: Replace strncpy with memcpy
rocker: fix rocker_tlv_put_* functions for KASAN
selftests: Move networking/timestamping from Documentation
Linux 4.4.168
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
arch/x86/include/asm/uaccess.h
arch/x86/include/asm/uaccess_32.h
arch/x86/include/asm/uaccess_64.h
|
||
|
Thomas Gleixner
|
954648ebf8 |
posix-timers: Sanitize overrun handling
commit 78c9c4dfbf8c04883941445a195276bb4bb92c76 upstream. The posix timer overrun handling is broken because the forwarding functions can return a huge number of overruns which does not fit in an int. As a consequence timer_getoverrun(2) and siginfo::si_overrun can turn into random number generators. The k_clock::timer_forward() callbacks return a 64 bit value now. Make k_itimer::ti_overrun[_last] 64bit as well, so the kernel internal accounting is correct. 3Remove the temporary (int) casts. Add a helper function which clamps the overrun value returned to user space via timer_getoverrun(2) or siginfo::si_overrun limited to a positive value between 0 and INT_MAX. INT_MAX is an indicator for user space that the overrun value has been clamped. Reported-by: Team OWL337 <icytxw@gmail.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: John Stultz <john.stultz@linaro.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Link: https://lkml.kernel.org/r/20180626132705.018623573@linutronix.de [florian: Make patch apply to v4.9.135] Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |