udc
378 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Daniel Borkmann
|
612c465497 |
bpf: get rid of pure_initcall dependency to enable jits
commit fa9dd599b4dae841924b022768354cfde9affecb upstream. Having a pure_initcall() callback just to permanently enable BPF JITs under CONFIG_BPF_JIT_ALWAYS_ON is unnecessary and could leave a small race window in future where JIT is still disabled on boot. Since we know about the setting at compilation time anyway, just initialize it properly there. Also consolidate all the individual bpf_jit_enable variables into a single one and move them under one location. Moreover, don't allow for setting unspecified garbage values on them. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org> [bwh: Backported to 4.9 as dependency of commit 2e4a30983b0f "bpf: restrict access to core bpf sysctls": - Drop change in arch/mips/net/ebpf_jit.c - Drop change to bpf_jit_kallsyms - Adjust filenames, context] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Chatur27 <jasonbright2709@gmail.com> |
||
|
Alexei Starovoitov
|
977d4121a6 |
bpf: introduce BPF_JIT_ALWAYS_ON config
[ upstream commit 290af86629b25ffd1ed6232c4e9107da031705cb ] The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715. A quote from goolge project zero blog: "At this point, it would normally be necessary to locate gadgets in the host kernel code that can be used to actually leak data by reading from an attacker-controlled location, shifting and masking the result appropriately and then using the result of that as offset to an attacker-controlled address for a load. But piecing gadgets together and figuring out which ones work in a speculation context seems annoying. So instead, we decided to use the eBPF interpreter, which is built into the host kernel - while there is no legitimate way to invoke it from inside a VM, the presence of the code in the host kernel's text section is sufficient to make it usable for the attack, just like with ordinary ROP gadgets." To make attacker job harder introduce BPF_JIT_ALWAYS_ON config option that removes interpreter from the kernel in favor of JIT-only mode. So far eBPF JIT is supported by: x64, arm64, arm32, sparc64, s390, powerpc64, mips64 The start of JITed program is randomized and code page is marked as read-only. In addition "constant blinding" can be turned on with net.core.bpf_jit_harden v2->v3: - move __bpf_prog_ret0 under ifdef (Daniel) v1->v2: - fix init order, test_bpf and cBPF (Daniel's feedback) - fix offloaded bpf (Jakub's feedback) - add 'return 0' dummy in case something can invoke prog->bpf_func - retarget bpf tree. For bpf-next the patch would need one extra hunk. It will be sent when the trees are merged back to net-next Considered doing: int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT; but it seems better to land the patch as-is and in bpf-next remove bpf_jit_enable global variable from all JITs, consolidate in one place and remove this jit_init() function. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Chatur27 <jasonbright2709@gmail.com> |
||
|
Anay Wadhera
|
1c3cb5f271 |
Revert "bpf: introduce BPF_JIT_ALWAYS_ON config"
This reverts commit
|
||
|
Michael Bestas
|
29daf360fe |
Merge remote-tracking branch 'common/android-4.4-p' into android-msm-wahoo-4.4
# By Daniel Rosenberg (98) and others
# Via Greg Kroah-Hartman (219) and others
* google/common/android-4.4-p:
ANDROID: xt_qtaguid: fix UAF race
ANDROID: Make vsock virtio packet buff size configurable
ANDROID: cuttlefish_defconfig: add missing CONFIG_BLK_CGROUP
ANDROID: xt_qtaguid: Remove tag_entry from process list on untag
ANDROID: usb: f_accessory: Don't drop NULL reference in acc_disconnect()
ANDROID: usb: f_accessory: Avoid bitfields for shared variables
ANDROID: usb: f_accessory: Cancel any pending work before teardown
ANDROID: usb: f_accessory: Don't corrupt global state on double registration
ANDROID: usb: f_accessory: Fix teardown ordering in acc_release()
ANDROID: usb: f_accessory: Add refcounting to global 'acc_dev'
UPSTREAM: locking/atomic, kref: Add KREF_INIT()
ANDROID: usb: f_accessory: Wrap '_acc_dev' in get()/put() accessors
ANDROID: usb: f_accessory: Remove useless assignment
ANDROID: usb: f_accessory: Remove useless non-debug prints
ANDROID: usb: f_accessory: Remove stale comments
ANDROID: USB: f_accessory: Check dev pointer before decoding ctrl request
ANDROID: usb: gadget: f_accessory: fix CTS test stuck
ANDROID: cuttlefish_defconfig: Disable CONFIG_KSM
UPSTREAM: arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
UPSTREAM: arm64: kaslr: Fix up the kernel image alignment
UPSTREAM: sched/fair: Fix FTQ noise bench regression
UPSTREAM: dm verity fec: fix bufio leaks
UPSTREAM: arm64: kernel: restrict /dev/mem read() calls to linear region
UPSTREAM: binder: fix incorrect cmd to binder_stat_br
UPSTREAM: arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
UPSTREAM: KVM: arm/arm64: Check pagesize when allocating a hugepage at Stage 2
UPSTREAM: fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
UPSTREAM: arm64: fix unwind_frame() for filtered out fn for function graph tracing
UPSTREAM: arm64: kpti: Use early_param for kpti= command-line option
UPSTREAM: arm64: kaslr: ensure randomized quantities are clean to the PoC
UPSTREAM: arm64: kaslr: ensure randomized quantities are clean also when kaslr is off
UPSTREAM: staging: android: vsoc: fix copy_from_user overrun
UPSTREAM: arm64/mm: Inhibit huge-vmap with ptdump
UPSTREAM: drivers/perf: arm_pmu: Fix failure path in PM notifier
UPSTREAM: fs/posix_acl.c: fix kernel-doc warnings
UPSTREAM: ext2: fix debug reference to ext2_xattr_cache
UPSTREAM: arm64: alternative: fix build with clang integrated assembler
UPSTREAM: dm verity fec: fix hash block number in verity_fec_decode
ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
BACKPORT: xfrm/compat: Translate 32-bit user_policy from sockptr
BACKPORT: xfrm/compat: Add 32=>64-bit messages translator
UPSTREAM: xfrm/compat: Attach xfrm dumps to 64=>32 bit translator
BACKPORT: xfrm/compat: Add 64=>32-bit messages translator
BACKPORT: xfrm: Provide API to register translator module
UPSTREAM: mm/sl[uo]b: export __kmalloc_track(_node)_caller
ANDROID: Publish uncompressed Image on aarch64
ANDROID: Makefile: append BUILD_NUMBER to version string when defined
UPSTREAM: binder: fix UAF when releasing todo list
ANDROID: fix a bug in quota2
UPSTREAM: binder: Prevent context manager from incrementing ref 0
BACKPORT: xtables: extend matches and targets with .usersize
UPSTREAM: ip6tables: use match, target and data copy_to_user helpers
UPSTREAM: iptables: use match, target and data copy_to_user helpers
UPSTREAM: xtables: add xt_match, xt_target and data copy_to_user functions
ANDROID: cuttlefish_defconfig: Drop built-in cmdline (except nopti)
ANDROID: cuttlefish defconfig - enable mount/net/uts namespaces.
ANDROID: hid: steam: remove BT controller matching
UPSTREAM: HID: steam: Fix input device disappearing
Revert "ext2: fix empty body warnings when -Wextra is used"
Revert "net: ipv6: Fix processing of RAs in presence of VRF"
UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
BACKPORT: xfrm: Allow Output Mark to be Updated Using UPDSA
UPSTREAM: socket: close race condition between sock_close() and sockfs_setattr()
UPSTREAM: net: ipv6: Use passed in table for nexthop lookups
ANDROID: cuttlefish_defconfig: Fix dm-verity related options
Revert "ANDROID: dm verity: add minimum prefetch size"
ANDROID: mnt: Propagate remount correctly
BACKPORT: loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl
UPSTREAM: loop: drop caches if offset or block_size are changed
UPSTREAM: loop: add ioctl for changing logical block size
BACKPORT: block/loop: set hw_sectors
ANDROID: cuttlefish_defconfig: Minimally enable EFI
UPSTREAM: bpf: Explicitly memset the bpf_attr structure
FROMLIST: HID: nintendo: add nintendo switch controller driver
UPSTREAM: staging: most: net: fix buffer overflow
UPSTREAM: ALSA: pcm: Add missing copy ops check before clearing buffer
ANDROID: selinux: modify RTM_GETLINK permission
UPSTREAM: HID: input: map digitizer battery usage
UPSTREAM: HID: input: ignore the battery in OKLICK Laser BTmouse
ANDROID: cuttlefish_defconfig: Disable TRANSPARENT_HUGEPAGE
commit e82b9b0727ff ("vhost: introduce vhost_exceeds_weight()")
UPSTREAM: HID: steam: fix deadlock with input devices.
UPSTREAM: HID: steam: fix boot loop with bluetooth firmware
UPSTREAM: HID: steam: remove input device when a hid client is running.
UPSTREAM: HID: steam: use hid_device.driver_data instead of hid_set_drvdata()
UPSTREAM: HID: steam: add missing fields in client initialization
UPSTREAM: HID: steam: add battery device.
UPSTREAM: HID: add driver for Valve Steam Controller
UPSTREAM: HID: sony: Fix memory corruption issue on cleanup.
UPSTREAM: HID: sony: Fix race condition between rumble and device remove.
UPSTREAM: HID: sony: remove redundant check for -ve err
UPSTREAM: HID: sony: Make sure to unregister sensors on failure
UPSTREAM: HID: sony: Make DS4 bt poll interval adjustable
UPSTREAM: HID: sony: Set proper bit flags on DS4 output report
UPSTREAM: HID: sony: DS4 use brighter LED colors
UPSTREAM: HID: sony: Improve navigation controller axis/button mapping
UPSTREAM: HID: sony: Use DS3 MAC address as unique identifier on USB
UPSTREAM: HID: sony: Perform duplicate device check earlier on
UPSTREAM: HID: sony: Expose DS3 motion sensors through separate device
UPSTREAM: HID: sony: Print error on failure to active DS3 / Navigation controllers
UPSTREAM: HID: sony: DS3 comply to Linux gamepad spec
UPSTREAM: HID: sony: Mark DS4 touchpad device as a pointer
UPSTREAM: HID: sony: Support motion sensor calibration on dongle
UPSTREAM: HID: sony: Make work handling more generic
UPSTREAM: HID: sony: Treat the ds4 dongle as a separate device
UPSTREAM: HID: sony: Remove report descriptor fixup for DS4
UPSTREAM: HID: sony: Report hardware timestamp for DS4 sensor values
UPSTREAM: HID: sony: Calibrate DS4 motion sensors
UPSTREAM: HID: sony: Report DS4 motion sensors through a separate device
UPSTREAM: HID: sony: Fix input device leak when connecting a DS4 twice using USB/BT
UPSTREAM: HID: sony: Use LED_CORE_SUSPENDRESUME
UPSTREAM: HID: sony: Ignore DS4 dongle reports when no device is connected
UPSTREAM: HID: sony: Use DS4 MAC address as unique identifier on USB
UPSTREAM: HID: sony: Fix error handling bug when touchpad registration fails
UPSTREAM: HID: sony: Comply to Linux gamepad spec for DS4
UPSTREAM: HID: sony: Make the DS4 touchpad a separate device
UPSTREAM: HID: sony: Fix memory issue when connecting device using both Bluetooth and USB
UPSTREAM: HID: sony: Adjust value range for motion sensors
UPSTREAM: HID: sony: Handle multiple touch events input record
UPSTREAM: HID: sony: Send ds4 output reports on output end-point
UPSTREAM: HID: sony: Perform CRC check on bluetooth input packets
UPSTREAM: HID: sony: Adjust HID report size name definitions
UPSTREAM: HID: sony: Fix race condition in sony_probe
UPSTREAM: HID: sony: Update copyright and add Dualshock 4 rate control note
UPSTREAM: HID: sony: Defer the initial USB Sixaxis output report
UPSTREAM: HID: sony: Relax duplicate checking for USB-only devices
UPSTREAM: HID: sony: underscores are unnecessary for u8, u16, s32
UPSTREAM: HID: sony: fix some warnings from scripts/checkpatch.pl
UPSTREAM: HID: sony: fix errors from scripts/checkpatch.pl
UPSTREAM: HID: sony: fix a typo in descriptors comments s/Joystik/Joystick/
UPSTREAM: HID: sony: Fixup output reports for the nyko core controller
UPSTREAM: HID: sony: Remove the size check for the Dualshock 4 HID Descriptor
UPSTREAM: HID: sony: Save and restore the controller state on suspend and resume
UPSTREAM: HID: sony: Refactor the output report sending functions
ANDROID: cpufreq: times: add /proc/uid_concurrent_{active,policy}_time
rtlwifi: Fix potential overflow on P2P code
ANDROID: clang: update to 9.0.8 based on r365631c
ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
ANDROID: refactor build.config files to remove duplication
ANDROID: usb: gadget: Fix dependency for f_accessory
Remove taskname from lowmemorykiller kill reports
ANDROID: Fixes to locking around handle_lmk_event
Revert "ANDROID: regression introduced override_creds=off"
ANDROID: regression introduced override_creds=off
Fix fallout from changes to bootparam_utils.h
ANDROID: sched: Disallow WALT with CFS bandwidth control
ANDROID: fiq_debugger: remove
ANDROID: arm64: fix leftover RWX when using CONFIG_UNMAP_KERNEL_AT_EL0
ANDROID: fix kernelci build-break in lowmemorykiller
ANDROID: Avoid taking multiple locks in handle_lmk_event
UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier
ANDROID: fix binder change in merge of 4.4.183
Fix overlayfs build break
binder: binder: fix possible UAF when freeing buffer
ANDROID: Revert "f2fs: avoid out-of-range memory access"
ANDROID: overlayfs: Fix a regression in commit
|
||
|
Nathan Chancellor
|
374d257801 |
Merge 4.4.233 into android-msm-wahoo-4.4
Changes in 4.4.233: (148 commits)
xfs: don't call xfs_da_shrink_inode with NULL bp
net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
media: rc: prevent memory leak in cx23888_ir_probe
ath9k_htc: release allocated buffer if timed out
ath9k: release allocated buffer if timed out
nfs: Move call to security_inode_listsecurity into nfs_listxattr
PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
drm: hold gem reference until object is no longer accessed
f2fs: check memory boundary by insane namelen
f2fs: check if file namelen exceeds max value
ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
rds: Prevent kernel-infoleak in rds_notify_queue_get()
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
net/x25: Fix null-ptr-deref in x25_disconnect
sh: Fix validation of system call number
net: lan78xx: add missing endpoint sanity check
net: lan78xx: fix transfer-buffer memory leak
mlxsw: core: Increase scope of RCU read-side critical section
mac80211: mesh: Free ie data when leaving mesh
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
net: ethernet: ravb: exit if re-initialization fails in tx timeout
Revert "i2c: cadence: Fix the hold bit setting"
xen-netfront: fix potential deadlock in xennet_remove()
x86/i8259: Use printk_deferred() to prevent deadlock
random32: update the net random state on interrupt and activity
ARM: percpu.h: fix build error
random: fix circular include dependency on arm64 after addition of percpu.h
random32: remove net_rand_state from the latent entropy gcc plugin
random32: move the pseudo-random 32-bit definitions to prandom.h
ext4: fix direct I/O read error
USB: serial: qcserial: add EM7305 QDL product ID
ALSA: seq: oss: Serialize ioctls
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
vgacon: Fix for missing check in scrollback handling
mtd: properly check all write ioctls for permissions
net/9p: validate fds in p9_fd_open
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
cfg80211: check vendor command doit pointer before use
igb: reinit_locked() should be called with rtnl_lock
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
tools lib traceevent: Fix memory leak in process_dynamic_array_len
binder: Prevent context manager from incrementing ref 0
ipv4: Silence suspicious RCU usage warning
ipv6: fix memory leaks on IPV6_ADDRFORM path
Revert "vxlan: fix tos value before xmit"
net: lan78xx: replace bogus endpoint lookup
usb: hso: check for return value in hso_serial_common_create()
vxlan: Ensure FDB dump is performed under RCU
Smack: fix use-after-free in smk_write_relabel_self()
tracepoint: Mark __tracepoint_string's __used
udp: drop corrupt packets earlier to avoid data corruption
gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
EDAC: Fix reference count leaks
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
drm/nouveau: fix multiple instances of reference count leaks
drm/debugfs: fix plain echo to connector "force" attribute
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
brcmfmac: To fix Bss Info flag definition Bug
iwlegacy: Check the return value of pcie_capability_read_*()
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
agp/intel: Fix a memory leak on module initialisation failure
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
iio: improve IIO_CONCENTRATION channel type description
leds: lm355x: avoid enum conversion warning
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
drm: panel: simple: Fix bpc for LG LB070WV8 panel
mwifiex: Prevent memory corruption handling keys
powerpc/vdso: Fix vdso cpu truncation
PCI/ASPM: Add missing newline in sysfs 'policy'
usb: dwc2: Fix error path in gadget registration
scsi: mesh: Fix panic after host or bus reset
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
s390/qeth: don't process empty bridge port events
wl1251: fix always return 0 error
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
dlm: Fix kobject memleak
pinctrl-single: fix pcs_parse_pinconf() return value
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: Set fput_needed iff FDPUT_FPUT is set
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
crypto: qat - fix double free in qat_uclo_create_batch_init_list
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
9p: Fix memory leak in v9fs_mount
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
powerpc: Fix circular dependency between percpu.h and mmu.h
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
mac80211: fix misplaced while instead of if
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
pseries: Fix 64 bit logical memory block panic
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Fix two list_for_each loop exit tests
nfs: Fix getxattr kernel panic and memory overflow
fs/ufs: avoid potential u32 multiplication overflow
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
sh: landisk: Add missing initialization of sh_io_port_base
ipv6: check skb->protocol before lookup for nexthop
Linux 4.4.233
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
drivers/android/binder.c
fs/ext4/inode.c
|
||
|
Greg Kroah-Hartman
|
5980066824 |
Merge 4.4.233 into android-4.4-p
Changes in 4.4.233 xfs: don't call xfs_da_shrink_inode with NULL bp net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() media: rc: prevent memory leak in cx23888_ir_probe ath9k_htc: release allocated buffer if timed out ath9k: release allocated buffer if timed out nfs: Move call to security_inode_listsecurity into nfs_listxattr PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() drm: hold gem reference until object is no longer accessed f2fs: check memory boundary by insane namelen f2fs: check if file namelen exceeds max value ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. rds: Prevent kernel-infoleak in rds_notify_queue_get() net/x25: Fix x25_neigh refcnt leak when x25 disconnect net/x25: Fix null-ptr-deref in x25_disconnect sh: Fix validation of system call number net: lan78xx: add missing endpoint sanity check net: lan78xx: fix transfer-buffer memory leak mlxsw: core: Increase scope of RCU read-side critical section mac80211: mesh: Free ie data when leaving mesh nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame net: ethernet: ravb: exit if re-initialization fails in tx timeout Revert "i2c: cadence: Fix the hold bit setting" xen-netfront: fix potential deadlock in xennet_remove() x86/i8259: Use printk_deferred() to prevent deadlock random32: update the net random state on interrupt and activity ARM: percpu.h: fix build error random: fix circular include dependency on arm64 after addition of percpu.h random32: remove net_rand_state from the latent entropy gcc plugin random32: move the pseudo-random 32-bit definitions to prandom.h ext4: fix direct I/O read error USB: serial: qcserial: add EM7305 QDL product ID ALSA: seq: oss: Serialize ioctls Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() vgacon: Fix for missing check in scrollback handling mtd: properly check all write ioctls for permissions net/9p: validate fds in p9_fd_open drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason cfg80211: check vendor command doit pointer before use igb: reinit_locked() should be called with rtnl_lock atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent tools lib traceevent: Fix memory leak in process_dynamic_array_len binder: Prevent context manager from incrementing ref 0 ipv4: Silence suspicious RCU usage warning ipv6: fix memory leaks on IPV6_ADDRFORM path Revert "vxlan: fix tos value before xmit" net: lan78xx: replace bogus endpoint lookup usb: hso: check for return value in hso_serial_common_create() vxlan: Ensure FDB dump is performed under RCU Smack: fix use-after-free in smk_write_relabel_self() tracepoint: Mark __tracepoint_string's __used udp: drop corrupt packets earlier to avoid data corruption gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...) EDAC: Fix reference count leaks m68k: mac: Don't send IOP message until channel is idle m68k: mac: Fix IOP status/control register writes ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() drm/tilcdc: fix leak & null ref in panel_connector_get_modes Bluetooth: add a mutex lock to avoid UAF in do_enale_set fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync video: fbdev: neofb: fix memory leak in neo_scan_monitor() drm/nouveau: fix multiple instances of reference count leaks drm/debugfs: fix plain echo to connector "force" attribute mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls brcmfmac: To fix Bss Info flag definition Bug iwlegacy: Check the return value of pcie_capability_read_*() usb: gadget: net2280: fix memory leak on probe error handling paths bdc: Fix bug causing crash after multiple disconnects dyndbg: fix a BUG_ON in ddebug_describe_flags bcache: fix super block seq numbers comparision in register_cache_set() ACPICA: Do not increment operation_region reference counts for field units agp/intel: Fix a memory leak on module initialisation failure video: fbdev: sm712fb: fix an issue about iounmap for a wrong address console: newport_con: fix an issue about leak related system resources iio: improve IIO_CONCENTRATION channel type description leds: lm355x: avoid enum conversion warning media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() cxl: Fix kobject memleak drm/radeon: fix array out-of-bounds read and write issues scsi: powertec: Fix different dev_id between request_irq() and free_irq() scsi: eesox: Fix different dev_id between request_irq() and free_irq() media: firewire: Using uninitialized values in node_probe() media: exynos4-is: Add missed check for pinctrl_lookup_state() drm: panel: simple: Fix bpc for LG LB070WV8 panel mwifiex: Prevent memory corruption handling keys powerpc/vdso: Fix vdso cpu truncation PCI/ASPM: Add missing newline in sysfs 'policy' usb: dwc2: Fix error path in gadget registration scsi: mesh: Fix panic after host or bus reset Smack: fix another vsscanf out of bounds Smack: prevent underflow in smk_set_cipso() power: supply: check if calc_soc succeeded in pm860x_init_battery s390/qeth: don't process empty bridge port events wl1251: fix always return 0 error net: spider_net: Fix the size used in a 'dma_free_coherent()' call dlm: Fix kobject memleak pinctrl-single: fix pcs_parse_pinconf() return value drivers/net/wan/lapbether: Added needed_headroom and a skb->len check net/nfc/rawsock.c: add CAP_NET_RAW check. net: Set fput_needed iff FDPUT_FPUT is set ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 ALSA: usb-audio: add quirk for Pioneer DDJ-RB crypto: qat - fix double free in qat_uclo_create_batch_init_list fs/minix: check return value of sb_getblk() fs/minix: don't allow getting deleted inodes fs/minix: reject too-large maximum file size ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 9p: Fix memory leak in v9fs_mount parisc: mask out enable and reserved bits from sba imask ARM: 8992/1: Fix unwind_frame for clang-built kernels xen/balloon: fix accounting in alloc_xenballooned_pages error path xen/balloon: make the balloon wait interruptible PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() btrfs: only search for left_info if there is no right_info in try_merge_free_space btrfs: fix memory leaks after failure to lookup checksums during inode logging powerpc: Fix circular dependency between percpu.h and mmu.h net: ethernet: stmmac: Disable hardware multicast filter net: stmmac: dwmac1000: provide multicast filter fallback md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 bcache: allocate meta data pages as compound pages mac80211: fix misplaced while instead of if MIPS: CPU#0 is not hotpluggable ext2: fix missing percpu_counter_inc ocfs2: change slot number type s16 to u16 kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler pseries: Fix 64 bit logical memory block panic USB: serial: ftdi_sio: make process-packet buffer unsigned USB: serial: ftdi_sio: clean up receive processing iommu/omap: Check for failure of a call to omap_iommu_dump_ctx iommu/vt-d: Enforce PASID devTLB field mask i2c: rcar: slave: only send STOP event when we have been addressed clk: clk-atlas6: fix return value check in atlas6_clk_init() Input: sentelic - fix error return when fsp_reg_write fails drm/vmwgfx: Fix two list_for_each loop exit tests nfs: Fix getxattr kernel panic and memory overflow fs/ufs: avoid potential u32 multiplication overflow mfd: dln2: Run event handler loop under spinlock ALSA: echoaudio: Fix potential Oops in snd_echo_resume() sh: landisk: Add missing initialization of sh_io_port_base ipv6: check skb->protocol before lookup for nexthop Linux 4.4.233 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Iec7dcf69361bcc247996f3de2e20ba64ed0ce3a8 |
||
|
Miaohe Lin
|
f1f8c3303a |
net: Set fput_needed iff FDPUT_FPUT is set
[ Upstream commit ce787a5a074a86f76f5d3fd804fa78e01bfb9e89 ]
We should fput() file iff FDPUT_FPUT is set. So we should set fput_needed
accordingly.
Fixes:
|
||
|
Nathan Chancellor
|
c7ccf81651 |
Merge 4.4.225 into android-msm-wahoo-4.4
Changes in 4.4.225: (67 commits)
igb: use igb_adapter->io_addr instead of e1000_hw->hw_addr
padata: Remove unused but set variables
padata: get_next is never NULL
padata: ensure the reorder timer callback runs on the correct CPU
padata: ensure padata_do_serial() runs on the correct CPU
evm: Check also if *tfm is an error pointer in init_desc()
fix multiplication overflow in copy_fdtable()
HID: multitouch: add eGalaxTouch P80H84 support
ceph: fix double unlock in handle_cap_export()
USB: core: Fix misleading driver bug report
platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
ARM: futex: Address build warning
media: Fix media_open() to clear filp->private_data in error leg
drivers/media/media-devnode: clear private_data before put_device()
media-devnode: add missing mutex lock in error handler
media-devnode: fix namespace mess
media-device: dynamically allocate struct media_devnode
media: fix use-after-free in cdev_put() when app exits after driver unbind
media: fix media devnode ioctl/syscall and unregister race
i2c: dev: switch from register_chrdev to cdev API
i2c: dev: don't start function name with 'return'
i2c: dev: use after free in detach
i2c-dev: don't get i2c adapter via i2c_dev
i2c: dev: Fix the race between the release of i2c_dev and cdev
padata: set cpu_index of unused CPUs to -1
sched/fair, cpumask: Export for_each_cpu_wrap()
padata: Replace delayed timer with immediate workqueue in padata_reorder
padata: initialize pd->cpu with effective cpumask
padata: purge get_cpu and reorder_via_wq from padata_do_serial
ALSA: pcm: fix incorrect hw_base increase
ext4: lock the xattr block before checksuming it
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
l2tp: lock socket before checking flags in connect()
l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind()
l2tp: hold session while sending creation notifications
l2tp: take a reference on sessions used in genetlink handlers
l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6
net: l2tp: export debug flags to UAPI
net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*
net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_*
New kernel function to get IP overhead on a socket.
L2TP:Adjust intf MTU, add underlay L3, L2 hdrs.
l2tp: remove useless duplicate session detection in l2tp_netlink
l2tp: remove l2tp_session_find()
l2tp: define parameters of l2tp_session_get*() as "const"
l2tp: define parameters of l2tp_tunnel_find*() as "const"
l2tp: initialise session's refcount before making it reachable
l2tp: hold tunnel while looking up sessions in l2tp_netlink
l2tp: hold tunnel while processing genl delete command
l2tp: hold tunnel while handling genl tunnel updates
l2tp: hold tunnel while handling genl TUNNEL_GET commands
l2tp: hold tunnel used while creating sessions with netlink
l2tp: prevent creation of sessions on terminated tunnels
l2tp: pass tunnel pointer to ->session_create()
l2tp: fix l2tp_eth module loading
l2tp: don't register sessions in l2tp_session_create()
l2tp: initialise l2tp_eth sessions before registering them
l2tp: protect sock pointer of struct pppol2tp_session with RCU
l2tp: initialise PPP sessions before registering them
Revert "gfs2: Don't demote a glock until its revokes are written"
staging: iio: ad2s1210: Fix SPI reading
mei: release me_cl object reference
iio: sca3000: Remove an erroneous 'get_device()'
l2tp: device MTU setup, tunnel socket needs a lock
cpumask: Make for_each_cpu_wrap() available on UP as well
Linux 4.4.225
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
fs/ext4/xattr.c
net/l2tp/l2tp_core.c
net/socket.c
|
||
|
Greg Kroah-Hartman
|
aa9dc801ac |
Merge 4.4.225 into android-4.4-p
Changes in 4.4.225 igb: use igb_adapter->io_addr instead of e1000_hw->hw_addr padata: Remove unused but set variables padata: get_next is never NULL padata: ensure the reorder timer callback runs on the correct CPU padata: ensure padata_do_serial() runs on the correct CPU evm: Check also if *tfm is an error pointer in init_desc() fix multiplication overflow in copy_fdtable() HID: multitouch: add eGalaxTouch P80H84 support ceph: fix double unlock in handle_cap_export() USB: core: Fix misleading driver bug report platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA ARM: futex: Address build warning media: Fix media_open() to clear filp->private_data in error leg drivers/media/media-devnode: clear private_data before put_device() media-devnode: add missing mutex lock in error handler media-devnode: fix namespace mess media-device: dynamically allocate struct media_devnode media: fix use-after-free in cdev_put() when app exits after driver unbind media: fix media devnode ioctl/syscall and unregister race i2c: dev: switch from register_chrdev to cdev API i2c: dev: don't start function name with 'return' i2c: dev: use after free in detach i2c-dev: don't get i2c adapter via i2c_dev i2c: dev: Fix the race between the release of i2c_dev and cdev padata: set cpu_index of unused CPUs to -1 sched/fair, cpumask: Export for_each_cpu_wrap() padata: Replace delayed timer with immediate workqueue in padata_reorder padata: initialize pd->cpu with effective cpumask padata: purge get_cpu and reorder_via_wq from padata_do_serial ALSA: pcm: fix incorrect hw_base increase ext4: lock the xattr block before checksuming it platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer libnvdimm/btt: Remove unnecessary code in btt_freelist_init l2tp: lock socket before checking flags in connect() l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() l2tp: hold session while sending creation notifications l2tp: take a reference on sessions used in genetlink handlers l2tp: don't use l2tp_tunnel_find() in l2tp_ip and l2tp_ip6 net: l2tp: export debug flags to UAPI net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_* net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_* New kernel function to get IP overhead on a socket. L2TP:Adjust intf MTU, add underlay L3, L2 hdrs. l2tp: remove useless duplicate session detection in l2tp_netlink l2tp: remove l2tp_session_find() l2tp: define parameters of l2tp_session_get*() as "const" l2tp: define parameters of l2tp_tunnel_find*() as "const" l2tp: initialise session's refcount before making it reachable l2tp: hold tunnel while looking up sessions in l2tp_netlink l2tp: hold tunnel while processing genl delete command l2tp: hold tunnel while handling genl tunnel updates l2tp: hold tunnel while handling genl TUNNEL_GET commands l2tp: hold tunnel used while creating sessions with netlink l2tp: prevent creation of sessions on terminated tunnels l2tp: pass tunnel pointer to ->session_create() l2tp: fix l2tp_eth module loading l2tp: don't register sessions in l2tp_session_create() l2tp: initialise l2tp_eth sessions before registering them l2tp: protect sock pointer of struct pppol2tp_session with RCU l2tp: initialise PPP sessions before registering them Revert "gfs2: Don't demote a glock until its revokes are written" staging: iio: ad2s1210: Fix SPI reading mei: release me_cl object reference iio: sca3000: Remove an erroneous 'get_device()' l2tp: device MTU setup, tunnel socket needs a lock cpumask: Make for_each_cpu_wrap() available on UP as well Linux 4.4.225 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I87dc4ca47f34d594fff7c1da28c7a4596659c029 |
||
|
R. Parameswaran
|
403a7a561a |
l2tp: device MTU setup, tunnel socket needs a lock
commit 57240d007816486131bee88cd474c2a71f0fe224 upstream. The MTU overhead calculation in L2TP device set-up merged via commit b784e7ebfce8cfb16c6f95e14e8532d0768ab7ff needs to be adjusted to lock the tunnel socket while referencing the sub-data structures to derive the socket's IP overhead. Reported-by: Guillaume Nault <g.nault@alphalink.fr> Tested-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: R. Parameswaran <rparames@brocade.com> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Giuliano Procida <gprocida@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
R. Parameswaran
|
d222f4ad7b |
New kernel function to get IP overhead on a socket.
commit 113c3075931a334f899008f6c753abe70a3a9323 upstream. A new function, kernel_sock_ip_overhead(), is provided to calculate the cumulative overhead imposed by the IP Header and IP options, if any, on a socket's payload. The new function returns an overhead of zero for sockets that do not belong to the IPv4 or IPv6 address families. This is used in the L2TP code path to compute the total outer IP overhead on the L2TP tunnel socket when calculating the default MTU for Ethernet pseudowires. Signed-off-by: R. Parameswaran <rparames@brocade.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Giuliano Procida <gprocida@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
96b09cba55 |
UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
Commit 9060cb719e61 ("net: crypto set sk to NULL when af_alg_release.")
fixed a use-after-free in sockfs_setattr() when an AF_ALG socket is
closed concurrently with fchownat(). However, it ignored that many
other proto_ops::release() methods don't set sock->sk to NULL and
therefore allow the same use-after-free:
- base_sock_release
- bnep_sock_release
- cmtp_sock_release
- data_sock_release
- dn_release
- hci_sock_release
- hidp_sock_release
- iucv_sock_release
- l2cap_sock_release
- llcp_sock_release
- llc_ui_release
- rawsock_release
- rfcomm_sock_release
- sco_sock_release
- svc_release
- vcc_release
- x25_release
Rather than fixing all these and relying on every socket type to get
this right forever, just make __sock_release() set sock->sk to NULL
itself after calling proto_ops::release().
Reproducer that produces the KASAN splat when any of these socket types
are configured into the kernel:
#include <pthread.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <unistd.h>
pthread_t t;
volatile int fd;
void *close_thread(void *arg)
{
for (;;) {
usleep(rand() % 100);
close(fd);
}
}
int main()
{
pthread_create(&t, NULL, close_thread, NULL);
for (;;) {
fd = socket(rand() % 50, rand() % 11, 0);
fchownat(fd, "", 1000, 1000, 0x1000);
close(fd);
}
}
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit ff7b11aa481f682e0e9711abfeb7d03f5cd612bf)
Bug: 125367761
Test: used reproducer above
Change-Id: Ied4bbca5c7eb80c201fec6e0aabc95c24acc1b59
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Cong Wang
|
956f790b17 |
UPSTREAM: socket: close race condition between sock_close() and sockfs_setattr()
fchownat() doesn't even hold refcnt of fd until it figures out
fd is really needed (otherwise is ignored) and releases it after
it resolves the path. This means sock_close() could race with
sockfs_setattr(), which leads to a NULL pointer dereference
since typically we set sock->sk to NULL in ->release().
As pointed out by Al, this is unique to sockfs. So we can fix this
in socket layer by acquiring inode_lock in sock_close() and
checking against NULL in sockfs_setattr().
sock_release() is called in many places, only the sock_close()
path matters here. And fortunately, this should not affect normal
sock_close() as it is only called when the last fd refcnt is gone.
It only affects sock_close() with a parallel sockfs_setattr() in
progress, which is not common.
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Reported-by: shankarapailoor <shankarapailoor@gmail.com>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 6d8c50dcb029872b298eea68cc6209c866fd3e14)
Signed-off-by: Chenbo Feng <fengc@google.com>
Bug: 112220999
Test: syzcaller reproducer doesn't trigger the crash anymore
Change-Id: I90bec1515889e0dfd23f94e3f29b366c7bbfcd11
|
||
|
Nathan Chancellor
|
fec6c1de0c |
Merge 4.4.211 into android-msm-wahoo-4.4
Changes in 4.4.211: (77 commits)
hidraw: Return EPOLLOUT from hidraw_poll
HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
HID: hidraw, uhid: Always report EPOLLOUT
rsi: add fix for crash during assertions
cfg80211/mac80211: make ieee80211_send_layer2_update a public function
mac80211: Do not send Layer 2 Update frame before authorization
media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
p54usb: Fix race between disconnect and firmware loading
ALSA: line6: Fix write on zero-sized buffer
ALSA: line6: Fix memory leak at line6_init_pcm() error path
mm/page_alloc.c: calculate 'available' memory in a separate function
xen: let alloc_xenballooned_pages() fail if not enough memory free
wimax: i2400: fix memory leak
wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
ext4: fix use-after-free race with debug_want_extra_isize
ext4: add more paranoia checking in ext4_expand_extra_isize handling
dccp: Fix memleak in __feat_register_sp
rtc: mt6397: fix alarm register overwrite
iommu: Remove device link to group on failure
gpio: Fix error message on out-of-range GPIO in lookup table
hsr: reset network header when supervision frame is created
cifs: Adjust indentation in smb2_open_file
RDMA/srpt: Report the SCSI residual to the initiator
scsi: enclosure: Fix stale device oops with hot replug
scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
iio: imu: adis16480: assign bias value only if operation succeeded
mei: fix modalias documentation
clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume
compat_ioctl: handle SIOCOUTQNSD
tty: serial: imx: use the sg count from dma_map_sg
tty: serial: pch_uart: correct usage of dma_unmap_sg
media: exynos4-is: Fix recursive locking in isp_video_release()
spi: atmel: fix handling of cs_change set on non-last xfer
rtlwifi: Remove unnecessary NULL check in rtl_regd_init
rtc: msm6242: Fix reading of 10-hour digit
rseq/selftests: Turn off timeout setting
hexagon: work around compiler crash
ocfs2: call journal flush to mark journal as empty after journal recovery when mount
ALSA: seq: Fix racy access for queue timer in proc read
Fix built-in early-load Intel microcode alignment
block: fix an integer overflow in logical block size
USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx
USB: serial: opticon: fix control-message timeouts
USB: serial: suppress driver bind attributes
USB: serial: ch341: handle unbound port at reset_resume
USB: serial: io_edgeport: add missing active-port sanity check
USB: serial: quatech2: handle unbound ports
scsi: mptfusion: Fix double fetch bug in ioctl
usb: core: hub: Improved device recognition on remote wakeup
x86/efistub: Disable paging at mixed mode entry
mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio()
net: stmmac: 16KB buffer must be 16 byte aligned
net: stmmac: Enable 16KB buffer size
USB: serial: io_edgeport: use irqsave() in USB's complete callback
USB: serial: io_edgeport: handle unbound ports on URB completion
USB: serial: keyspan: handle unbound ports
scsi: fnic: use kernel's '%pM' format option to print MAC
scsi: fnic: fix invalid stack access
arm64: dts: agilex/stratix10: fix pmu interrupt numbers
netfilter: fix a use-after-free in mtype_destroy()
batman-adv: Fix DAT candidate selection on little endian systems
macvlan: use skb_reset_mac_header() in macvlan_queue_xmit()
r8152: add missing endpoint sanity check
tcp: fix marked lost packets not being retransmitted
net: usb: lan78xx: limit size of local TSO packets
xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk
cw1200: Fix a signedness bug in cw1200_load_firmware()
cfg80211: check for set_wiphy_params
scsi: esas2r: unlock on error in esas2r_nvram_read_direct()
scsi: qla4xxx: fix double free bug
scsi: bnx2i: fix potential use after free
scsi: target: core: Fix a pr_debug() argument
scsi: core: scsi_trace: Use get_unaligned_be*()
perf probe: Fix wrong address verification
regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id
Linux 4.4.211
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Conflicts:
net/wireless/util.c
|
||
|
Greg Kroah-Hartman
|
a5869a66f7 |
Merge 4.4.211 into android-4.4-p
Changes in 4.4.211 hidraw: Return EPOLLOUT from hidraw_poll HID: hidraw: Fix returning EPOLLOUT from hidraw_poll HID: hidraw, uhid: Always report EPOLLOUT rsi: add fix for crash during assertions cfg80211/mac80211: make ieee80211_send_layer2_update a public function mac80211: Do not send Layer 2 Update frame before authorization media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap p54usb: Fix race between disconnect and firmware loading ALSA: line6: Fix write on zero-sized buffer ALSA: line6: Fix memory leak at line6_init_pcm() error path mm/page_alloc.c: calculate 'available' memory in a separate function xen: let alloc_xenballooned_pages() fail if not enough memory free wimax: i2400: fix memory leak wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle ext4: fix use-after-free race with debug_want_extra_isize ext4: add more paranoia checking in ext4_expand_extra_isize handling dccp: Fix memleak in __feat_register_sp rtc: mt6397: fix alarm register overwrite iommu: Remove device link to group on failure gpio: Fix error message on out-of-range GPIO in lookup table hsr: reset network header when supervision frame is created cifs: Adjust indentation in smb2_open_file RDMA/srpt: Report the SCSI residual to the initiator scsi: enclosure: Fix stale device oops with hot replug scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 iio: imu: adis16480: assign bias value only if operation succeeded mei: fix modalias documentation clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume compat_ioctl: handle SIOCOUTQNSD tty: serial: imx: use the sg count from dma_map_sg tty: serial: pch_uart: correct usage of dma_unmap_sg media: exynos4-is: Fix recursive locking in isp_video_release() spi: atmel: fix handling of cs_change set on non-last xfer rtlwifi: Remove unnecessary NULL check in rtl_regd_init rtc: msm6242: Fix reading of 10-hour digit rseq/selftests: Turn off timeout setting hexagon: work around compiler crash ocfs2: call journal flush to mark journal as empty after journal recovery when mount ALSA: seq: Fix racy access for queue timer in proc read Fix built-in early-load Intel microcode alignment block: fix an integer overflow in logical block size USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx USB: serial: opticon: fix control-message timeouts USB: serial: suppress driver bind attributes USB: serial: ch341: handle unbound port at reset_resume USB: serial: io_edgeport: add missing active-port sanity check USB: serial: quatech2: handle unbound ports scsi: mptfusion: Fix double fetch bug in ioctl usb: core: hub: Improved device recognition on remote wakeup x86/efistub: Disable paging at mixed mode entry mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() net: stmmac: 16KB buffer must be 16 byte aligned net: stmmac: Enable 16KB buffer size USB: serial: io_edgeport: use irqsave() in USB's complete callback USB: serial: io_edgeport: handle unbound ports on URB completion USB: serial: keyspan: handle unbound ports scsi: fnic: use kernel's '%pM' format option to print MAC scsi: fnic: fix invalid stack access arm64: dts: agilex/stratix10: fix pmu interrupt numbers netfilter: fix a use-after-free in mtype_destroy() batman-adv: Fix DAT candidate selection on little endian systems macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() r8152: add missing endpoint sanity check tcp: fix marked lost packets not being retransmitted net: usb: lan78xx: limit size of local TSO packets xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk cw1200: Fix a signedness bug in cw1200_load_firmware() cfg80211: check for set_wiphy_params scsi: esas2r: unlock on error in esas2r_nvram_read_direct() scsi: qla4xxx: fix double free bug scsi: bnx2i: fix potential use after free scsi: target: core: Fix a pr_debug() argument scsi: core: scsi_trace: Use get_unaligned_be*() perf probe: Fix wrong address verification regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id Linux 4.4.211 Change-Id: I1e1bbb74e69936896e235fdeb290ff550e61903e Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Arnd Bergmann
|
e78bd32d94 |
compat_ioctl: handle SIOCOUTQNSD
commit 9d7bf41fafa5b5ddd4c13eb39446b0045f0a8167 upstream.
Unlike the normal SIOCOUTQ, SIOCOUTQNSD was never handled in compat
mode. Add it to the common socket compat handler along with similar
ones.
Fixes:
|
||
|
Eric Biggers
|
5326a5a1b4 |
UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
Commit 9060cb719e61 ("net: crypto set sk to NULL when af_alg_release.")
fixed a use-after-free in sockfs_setattr() when an AF_ALG socket is
closed concurrently with fchownat(). However, it ignored that many
other proto_ops::release() methods don't set sock->sk to NULL and
therefore allow the same use-after-free:
- base_sock_release
- bnep_sock_release
- cmtp_sock_release
- data_sock_release
- dn_release
- hci_sock_release
- hidp_sock_release
- iucv_sock_release
- l2cap_sock_release
- llcp_sock_release
- llc_ui_release
- rawsock_release
- rfcomm_sock_release
- sco_sock_release
- svc_release
- vcc_release
- x25_release
Rather than fixing all these and relying on every socket type to get
this right forever, just make __sock_release() set sock->sk to NULL
itself after calling proto_ops::release().
Reproducer that produces the KASAN splat when any of these socket types
are configured into the kernel:
#include <pthread.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <unistd.h>
pthread_t t;
volatile int fd;
void *close_thread(void *arg)
{
for (;;) {
usleep(rand() % 100);
close(fd);
}
}
int main()
{
pthread_create(&t, NULL, close_thread, NULL);
for (;;) {
fd = socket(rand() % 50, rand() % 11, 0);
fchownat(fd, "", 1000, 1000, 0x1000);
close(fd);
}
}
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit ff7b11aa481f682e0e9711abfeb7d03f5cd612bf)
Bug: 125367761
Test: used reproducer above
Change-Id: Ied4bbca5c7eb80c201fec6e0aabc95c24acc1b59
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Cong Wang
|
825cd296ff |
UPSTREAM: socket: close race condition between sock_close() and sockfs_setattr()
fchownat() doesn't even hold refcnt of fd until it figures out
fd is really needed (otherwise is ignored) and releases it after
it resolves the path. This means sock_close() could race with
sockfs_setattr(), which leads to a NULL pointer dereference
since typically we set sock->sk to NULL in ->release().
As pointed out by Al, this is unique to sockfs. So we can fix this
in socket layer by acquiring inode_lock in sock_close() and
checking against NULL in sockfs_setattr().
sock_release() is called in many places, only the sock_close()
path matters here. And fortunately, this should not affect normal
sock_close() as it is only called when the last fd refcnt is gone.
It only affects sock_close() with a parallel sockfs_setattr() in
progress, which is not common.
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Reported-by: shankarapailoor <shankarapailoor@gmail.com>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 6d8c50dcb029872b298eea68cc6209c866fd3e14)
Signed-off-by: Chenbo Feng <fengc@google.com>
Bug: 112220999
Bug: 125367761
Test: syzcaller reproducer doesn't trigger the crash anymore
Change-Id: I90bec1515889e0dfd23f94e3f29b366c7bbfcd11
|
||
|
Petri Gynther
|
460fb232ea |
Merge 4.4.177 into android-msm-wahoo-4.4-lts
Linux 4.4.177
KVM: X86: Fix residual mmio emulation request to userspace
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
drm/radeon/evergreen_cs: fix missing break in switch statement
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
* rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
kernel/rcu/tree.c
* PM / wakeup: Rework wakeup source timer cancellation
drivers/base/power/wakeup.c
nfsd: fix wrong check in write_v4_end_grace()
nfsd: fix memory corruption caused by readdir
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
NFS: Fix an I/O request leakage in nfs_do_recoalesce
md: Fix failed allocation of md_register_thread
perf intel-pt: Fix overlap calculation for padding
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix CYC timestamp calculation after OVF
NFS41: pop some layoutget errors to application
* dm: fix to_sector() for 32bit
include/linux/device-mapper.h
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
powerpc/83xx: Also save/restore SPRG4-7 during suspend
powerpc/powernv: Make opal log only readable by root
powerpc/wii: properly disable use of BATs when requested.
powerpc/32: Clear on-stack exception marker upon exception return
* jbd2: fix compile warning when using JBUFFER_TRACE
fs/jbd2/transaction.c
* jbd2: clear dirty flag when revoking a buffer from an older transaction
fs/jbd2/transaction.c
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
serial: 8250_pci: Fix number of ports for ACCES serial cards
perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks
i2c: tegra: fix maximum transfer size
parport_pc: fix find_superio io compare code, should use equal test.
intel_th: Don't reference unassigned outputs
* kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
kernel/sysctl.c
* mm/vmalloc: fix size check for remap_vmalloc_range_partial()
mm/vmalloc.c
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
ext2: Fix underflow in ext2_max_size()
* ext4: fix crash during online resizing
fs/ext4/resize.c
cpufreq: pxa2xx: remove incorrect __init annotation
cpufreq: tegra124: add missing of_node_put()
crypto: pcbc - remove bogus memcpy()s with src == dest
Btrfs: fix corruption reading shared and compressed extents after hole punching
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
m68k: Add -ffreestanding to CFLAGS
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
scsi: virtio_scsi: don't send sc payload with tmfs
s390/virtio: handle find on invalid queue gracefully
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
regulator: s2mpa01: Fix step values for some LDOs
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
* ACPI / device_sysfs: Avoid OF modalias creation for removed device
drivers/acpi/device_sysfs.c
* tracing: Do not free iter->trace in fail path of tracing_open_pipe()
kernel/trace/trace.c
CIFS: Fix read after write for files with read caching
* crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
arch/arm64/crypto/aes-ce-ccm-core.S
stm class: Prevent division by zero
* tmpfs: fix uninitialized return value in shmem_link
mm/shmem.c
net: set static variable an initial value in atl2_probe()
mac80211_hwsim: propagate genlmsg_reply return code
phonet: fix building with clang
ARC: uacces: remove lp_start, lp_end from clobber list
* tmpfs: fix link accounting when a tmpfile is linked in
mm/shmem.c
* arm64: Relax GIC version check during early boot
arch/arm64/kernel/head.S
ASoC: topology: free created components in tplg load error
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
net: systemport: Fix reception of BPDUs
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
* assoc_array: Fix shortcut creation
lib/assoc_array.c
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
Input: st-keyscan - fix potential zalloc NULL dereference
i2c: cadence: Fix the hold bit setting
Input: matrix_keypad - use flush_delayed_work()
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
s390/dasd: fix using offset into zero size array error
gpu: ipu-v3: Fix CSI offsets for imx53
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
* crypto: ahash - fix another early termination in hash walk
crypto/ahash.c
crypto: caam - fixed handling of sg list
stm class: Fix an endless loop in channel allocation
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
9p/net: fix memory leak in p9_client_create
9p: use inode->i_lock to protect i_size_write() under 32-bit
* media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
drivers/media/v4l2-core/videobuf2-v4l2.c
It's wrong to add len to sector_nr in raid10 reshape twice
fs/9p: use fscache mutex rather than spinlock
ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56
* tcp/dccp: remove reqsk_put() from inet_child_forget()
net/ipv4/inet_connection_sock.c
* gro_cells: make sure device is up in gro_cells_receive()
include/net/gro_cells.h
net/hsr: fix possible crash in add_timer()
vxlan: Fix GRO cells race condition between receive and link delete
vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
ipvlan: disallow userns cap_net_admin to change global mode/flags
* missing barriers in some of unix_sock ->addr and ->path accesses
net/unix/af_unix.c
security/lsm_audit.c
* net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
net/ipv6/route.c
* mdio_bus: Fix use-after-free on device_register fails
drivers/net/phy/mdio_bus.c
net/x25: fix a race in x25_bind()
net/mlx4_core: Fix qp mtt size calculation
net/mlx4_core: Fix reset flow when in command polling mode
* tcp: handle inet_csk_reqsk_queue_add() failures
net/ipv4/tcp_input.c
* route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
net/ipv4/route.c
ravb: Decrease TxFIFO depth of Q3 and Q2 to one
pptp: dst_release sk_dst_cache in pptp_sock_destruct
net/x25: reset state in x25_connect()
net/x25: fix use-after-free in x25_device_event()
* net: sit: fix UBSAN Undefined behaviour in check_6rd
net/ipv6/sit.c
net: hsr: fix memory leak in hsr_dev_finalize()
* l2tp: fix infoleak in l2tp_ip6_recvmsg()
net/l2tp/l2tp_ip6.c
* KEYS: restrict /proc/keys by credentials at open time
security/keys/proc.c
* netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options
net/netfilter/nf_conntrack_proto_tcp.c
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
* netfilter: nfnetlink_log: just returns error for unknown command
net/netfilter/nfnetlink_log.c
* netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
net/bridge/netfilter/ebtables.c
net/ipv4/netfilter/arp_tables.c
net/ipv4/netfilter/ip_tables.c
net/ipv6/netfilter/ip6_tables.c
* udplite: call proper backlog handlers
net/ipv4/udp.c
net/ipv4/udp_impl.h
net/ipv4/udplite.c
net/ipv6/udp.c
net/ipv6/udp_impl.h
net/ipv6/udplite.c
ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420
* Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls"
drivers/firmware/efi/runtime-wrappers.c
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
* futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
kernel/futex.c
kernel/locking/rtmutex.c
kernel/locking/rtmutex_common.h
iscsi_ibft: Fix missing break in switch statement
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
MIPS: Remove function size check in get_frame_info()
perf symbols: Filter out hidden symbols from labels
s390/qeth: fix use-after-free in error path
dmaengine: dmatest: Abort test in case of mapping error
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
ARM: pxa: ssp: unneeded to free devm_ allocated data
autofs: fix error return in autofs_fill_super()
autofs: drop dentry reference only when it is never used
* fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
fs/drop_caches.c
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
x86_64: increase stack size for KASAN_EXTRA
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
cifs: fix computation for MAX_SMB2_HDR_SIZE
* platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
drivers/platform/x86/Kconfig
scsi: libfc: free skb when receiving invalid flogi resp
nfs: Fix NULL pointer dereference of dev_name
gpio: vf610: Mask all GPIO interrupts
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
xtensa: SMP: limit number of possible CPUs by NR_CPUS
xtensa: SMP: mark each possible CPU as present
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: fix secondary CPU initialization
xtensa: SMP: fix ccount_timer_shutdown
iommu/amd: Fix IOMMU page flush when detach device from a domain
ipvs: Fix signed integer overflow when setsockopt timeout
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
perf tools: Handle TOPOLOGY headers with no CPU
* vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
net/ipv4/ip_vti.c
media: uvcvideo: Fix 'type' check leading to overflow
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
net: dsa: mv88e6xxx: Fix u64 statistics
* netlabel: fix out-of-bounds memory accesses
net/ipv4/cipso_ipv4.c
* hugetlbfs: fix races and page leaks during migration
mm/migrate.c
MIPS: irq: Allocate accurate order pages for irq stack
applicom: Fix potential Spectre v1 vulnerabilities
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
net: phy: Micrel KSZ8061: link failure after cable connect
* net: avoid use IPCB in cipso_v4_error
include/net/ip.h
net/ipv4/cipso_ipv4.c
net/ipv4/ip_options.c
* net: Add __icmp_send helper.
include/net/icmp.h
net/ipv4/icmp.c
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
bnxt_en: Drop oversize TX packets to prevent errors.
team: Free BPF filter when unregistering netdev
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
* net-sysfs: Fix mem leak in netdev_register_kobject
net/core/net-sysfs.c
staging: lustre: fix buffer overflow of string buffer
isdn: isdn_tty: fix build warning of strncpy
ncpfs: fix build warning of strncpy
* sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
net/socket.c
* cpufreq: Use struct kobj_attribute instead of struct global_attr
drivers/cpufreq/cpufreq.c
drivers/cpufreq/cpufreq_governor.h
include/linux/cpufreq.h
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: option: add Telit ME910 ECM composition
x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
* mm: enforce min addr even if capable() in expand_downwards()
mm/mmap.c
mmc: spi: Fix card detection during probe
powerpc: Always initialize input array when calling epapr_hypercall()
KVM: arm/arm64: Fix MMIO emulation data handling
arm/arm64: KVM: Feed initialized memory to MMIO accesses
KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1
* cfg80211: extend range deviation for DMG
net/wireless/reg.c
mac80211: don't initiate TDLS connection if station is not associated to AP
ibmveth: Do not process frames after calling napi_reschedule
net: altera_tse: fix connect_local_phy error path
scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
mac80211: fix miscounting of ttl-dropped frames
ARC: fix __ffs return value to avoid build warnings
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
* ASoC: dapm: change snprintf to scnprintf for possible overflow
sound/soc/soc-dapm.c
usb: gadget: Potential NULL dereference on allocation error
* usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
drivers/usb/dwc3/gadget.c
thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
* ALSA: compress: prevent potential divide by zero bugs
sound/core/compress_offload.c
ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
drm/msm: Unblock writer if reader closes file
scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
libceph: handle an empty authorize reply
* Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
net/bridge/br_multicast.c
ARCv2: Enable unaligned access in early ASM code
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
* sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
net/ipv6/sit.c
team: avoid complex list operations in team_nl_cmd_options_set()
* net/packet: fix 4gb buffer limit due to overflow check
net/packet/af_packet.c
batman-adv: fix uninit-value in batadv_interface_tx()
* KEYS: always initialize keyring_index_key::desc_len
security/keys/keyring.c
security/keys/proc.c
security/keys/request_key.c
security/keys/request_key_auth.c
* KEYS: user: Align the payload buffer
include/keys/user-type.h
RDMA/srp: Rework SCSI device reset handling
isdn: avm: Fix string plus integer warning from Clang
leds: lp5523: fix a missing check of return value of lp55xx_read
atm: he: fix sign-extension overflow on large shift
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
MIPS: jazz: fix 64bit build
scsi: isci: initialize shost fully before calling scsi_add_host()
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
MIPS: ath79: Enable OF serial ports in the default config
net: hns: Fix use after free identified by SLUB debug
mfd: mc13xxx: Fix a missing check of a register-read failure
mfd: wm5110: Add missing ASRC rate register
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: db8500-prcmu: Fix some section annotations
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
* KEYS: allow reaching the keys quotas exactly
security/keys/key.c
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
Change-Id: Ifa4de1c07a3ca4ca200bbddadd6348c4372f0179
Signed-off-by: Petri Gynther <pgynther@google.com>
|
||
|
Greg Kroah-Hartman
|
349ac1a59c |
Merge 4.4.177 into android-4.4-p
Changes in 4.4.177
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
KEYS: allow reaching the keys quotas exactly
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: db8500-prcmu: Fix some section annotations
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: wm5110: Add missing ASRC rate register
mfd: mc13xxx: Fix a missing check of a register-read failure
net: hns: Fix use after free identified by SLUB debug
MIPS: ath79: Enable OF serial ports in the default config
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
scsi: isci: initialize shost fully before calling scsi_add_host()
MIPS: jazz: fix 64bit build
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
atm: he: fix sign-extension overflow on large shift
leds: lp5523: fix a missing check of return value of lp55xx_read
isdn: avm: Fix string plus integer warning from Clang
RDMA/srp: Rework SCSI device reset handling
KEYS: user: Align the payload buffer
KEYS: always initialize keyring_index_key::desc_len
batman-adv: fix uninit-value in batadv_interface_tx()
net/packet: fix 4gb buffer limit due to overflow check
team: avoid complex list operations in team_nl_cmd_options_set()
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
ARCv2: Enable unaligned access in early ASM code
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
libceph: handle an empty authorize reply
scsi: libsas: Fix rphy phy_identifier for PHYs with end devices attached
drm/msm: Unblock writer if reader closes file
ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field
ALSA: compress: prevent potential divide by zero bugs
thermal: int340x_thermal: Fix a NULL vs IS_ERR() check
usb: dwc3: gadget: Fix the uninitialized link_state when udc starts
usb: gadget: Potential NULL dereference on allocation error
ASoC: dapm: change snprintf to scnprintf for possible overflow
ASoC: imx-audmux: change snprintf to scnprintf for possible overflow
ARC: fix __ffs return value to avoid build warnings
mac80211: fix miscounting of ttl-dropped frames
serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling
scsi: csiostor: fix NULL pointer dereference in csio_vport_set_state()
net: altera_tse: fix connect_local_phy error path
ibmveth: Do not process frames after calling napi_reschedule
mac80211: don't initiate TDLS connection if station is not associated to AP
cfg80211: extend range deviation for DMG
KVM: nSVM: clear events pending from svm_complete_interrupts() when exiting to L1
arm/arm64: KVM: Feed initialized memory to MMIO accesses
KVM: arm/arm64: Fix MMIO emulation data handling
powerpc: Always initialize input array when calling epapr_hypercall()
mmc: spi: Fix card detection during probe
mm: enforce min addr even if capable() in expand_downwards()
x86/uaccess: Don't leak the AC flag into __put_user() value evaluation
USB: serial: option: add Telit ME910 ECM composition
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
cpufreq: Use struct kobj_attribute instead of struct global_attr
sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
ncpfs: fix build warning of strncpy
isdn: isdn_tty: fix build warning of strncpy
staging: lustre: fix buffer overflow of string buffer
net-sysfs: Fix mem leak in netdev_register_kobject
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
team: Free BPF filter when unregistering netdev
bnxt_en: Drop oversize TX packets to prevent errors.
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: Add __icmp_send helper.
net: avoid use IPCB in cipso_v4_error
net: phy: Micrel KSZ8061: link failure after cable connect
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
applicom: Fix potential Spectre v1 vulnerabilities
MIPS: irq: Allocate accurate order pages for irq stack
hugetlbfs: fix races and page leaks during migration
netlabel: fix out-of-bounds memory accesses
net: dsa: mv88e6xxx: Fix u64 statistics
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf tools: Handle TOPOLOGY headers with no CPU
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
xtensa: SMP: fix ccount_timer_shutdown
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
gpio: vf610: Mask all GPIO interrupts
nfs: Fix NULL pointer dereference of dev_name
scsi: libfc: free skb when receiving invalid flogi resp
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
cifs: fix computation for MAX_SMB2_HDR_SIZE
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
ARM: pxa: ssp: unneeded to free devm_ allocated data
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
dmaengine: dmatest: Abort test in case of mapping error
s390/qeth: fix use-after-free in error path
perf symbols: Filter out hidden symbols from labels
MIPS: Remove function size check in get_frame_info()
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
futex,rt_mutex: Restructure rt_mutex_finish_proxy_lock()
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
Revert "x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls"
ARM: dts: exynos: Do not ignore real-world fuse values for thermal zone 0 on Exynos5420
udplite: call proper backlog handlers
netfilter: x_tables: enforce nul-terminated table name from getsockopt GET_ENTRIES
netfilter: nfnetlink_log: just returns error for unknown command
netfilter: nfnetlink_acct: validate NFACCT_FILTER parameters
netfilter: nf_conntrack_tcp: Fix stack out of bounds when parsing TCP options
KEYS: restrict /proc/keys by credentials at open time
l2tp: fix infoleak in l2tp_ip6_recvmsg()
net: hsr: fix memory leak in hsr_dev_finalize()
net: sit: fix UBSAN Undefined behaviour in check_6rd
net/x25: fix use-after-free in x25_device_event()
net/x25: reset state in x25_connect()
pptp: dst_release sk_dst_cache in pptp_sock_destruct
ravb: Decrease TxFIFO depth of Q3 and Q2 to one
route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race
tcp: handle inet_csk_reqsk_queue_add() failures
net/mlx4_core: Fix reset flow when in command polling mode
net/mlx4_core: Fix qp mtt size calculation
net/x25: fix a race in x25_bind()
mdio_bus: Fix use-after-free on device_register fails
net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255
missing barriers in some of unix_sock ->addr and ->path accesses
ipvlan: disallow userns cap_net_admin to change global mode/flags
vxlan: test dev->flags & IFF_UP before calling gro_cells_receive()
vxlan: Fix GRO cells race condition between receive and link delete
net/hsr: fix possible crash in add_timer()
gro_cells: make sure device is up in gro_cells_receive()
tcp/dccp: remove reqsk_put() from inet_child_forget()
ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56
fs/9p: use fscache mutex rather than spinlock
It's wrong to add len to sector_nr in raid10 reshape twice
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
9p: use inode->i_lock to protect i_size_write() under 32-bit
9p/net: fix memory leak in p9_client_create
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
stm class: Fix an endless loop in channel allocation
crypto: caam - fixed handling of sg list
crypto: ahash - fix another early termination in hash walk
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
gpu: ipu-v3: Fix CSI offsets for imx53
s390/dasd: fix using offset into zero size array error
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
Input: matrix_keypad - use flush_delayed_work()
i2c: cadence: Fix the hold bit setting
Input: st-keyscan - fix potential zalloc NULL dereference
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
assoc_array: Fix shortcut creation
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
net: systemport: Fix reception of BPDUs
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
ASoC: topology: free created components in tplg load error
arm64: Relax GIC version check during early boot
tmpfs: fix link accounting when a tmpfile is linked in
ARC: uacces: remove lp_start, lp_end from clobber list
phonet: fix building with clang
mac80211_hwsim: propagate genlmsg_reply return code
net: set static variable an initial value in atl2_probe()
tmpfs: fix uninitialized return value in shmem_link
stm class: Prevent division by zero
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
CIFS: Fix read after write for files with read caching
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
ACPI / device_sysfs: Avoid OF modalias creation for removed device
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
regulator: s2mpa01: Fix step values for some LDOs
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
s390/virtio: handle find on invalid queue gracefully
scsi: virtio_scsi: don't send sc payload with tmfs
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
m68k: Add -ffreestanding to CFLAGS
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
Btrfs: fix corruption reading shared and compressed extents after hole punching
crypto: pcbc - remove bogus memcpy()s with src == dest
cpufreq: tegra124: add missing of_node_put()
cpufreq: pxa2xx: remove incorrect __init annotation
ext4: fix crash during online resizing
ext2: Fix underflow in ext2_max_size()
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
intel_th: Don't reference unassigned outputs
parport_pc: fix find_superio io compare code, should use equal test.
i2c: tegra: fix maximum transfer size
perf bench: Copy kernel files needed to build mem{cpy,set} x86_64 benchmarks
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
jbd2: clear dirty flag when revoking a buffer from an older transaction
jbd2: fix compile warning when using JBUFFER_TRACE
powerpc/32: Clear on-stack exception marker upon exception return
powerpc/wii: properly disable use of BATs when requested.
powerpc/powernv: Make opal log only readable by root
powerpc/83xx: Also save/restore SPRG4-7 during suspend
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
dm: fix to_sector() for 32bit
NFS41: pop some layoutget errors to application
perf intel-pt: Fix CYC timestamp calculation after OVF
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix overlap calculation for padding
md: Fix failed allocation of md_register_thread
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
nfsd: fix memory corruption caused by readdir
nfsd: fix wrong check in write_v4_end_grace()
PM / wakeup: Rework wakeup source timer cancellation
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
drm/radeon/evergreen_cs: fix missing break in switch statement
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
KVM: X86: Fix residual mmio emulation request to userspace
Linux 4.4.177
Change-Id: Ia33b88c9634e04612874d79ce4cc166e8aa8096a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Andreas Gruenbacher
|
c776cff6de |
sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names
commit 971df15bd54ad46e907046ff33750a137b2f0096 upstream. The standard return value for unsupported attribute names is -EOPNOTSUPP, as opposed to undefined but supported attributes (-ENODATA). Also, fail for attribute names like "system.sockprotonameXXX" and simplify the code a bit. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> [removes a build warning on 4.4.y - gregkh] Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2e33202bb4 |
Merge 4.4.163 into android-msm-wahoo-4.4-lts
Linux 4.4.163
x86/time: Correct the attribute on jiffies' definition
* l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6
net/l2tp/l2tp_ip.c
net/l2tp/l2tp_ip6.c
* cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE
include/linux/cpuidle.h
kernel/sched/idle.c
x86/percpu: Fix this_cpu_read()
* sched/fair: Fix throttle_list starvation with low CFS quota
kernel/sched/fair.c
kernel/sched/sched.h
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
* USB: fix the usbfs flag sanitization for control transfers
drivers/usb/core/devio.c
* usb: gadget: storage: Fix Spectre v1 vulnerability
drivers/usb/gadget/function/f_mass_storage.c
* cdc-acm: correct counting of UART states in serial state notification
drivers/usb/class/cdc-acm.c
IB/ucm: Fix Spectre v1 vulnerability
RDMA/ucma: Fix Spectre v1 vulnerability
ptp: fix Spectre v1 vulnerability
cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
ahci: don't ignore result code of ahci_reset_controller()
* crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
crypto/shash.c
* mremap: properly flush TLB before releasing the page
mm/huge_memory.c
mm/mremap.c
* rtnetlink: Disallow FDB configuration for non-Ethernet device
net/core/rtnetlink.c
vhost: Fix Spectre V1 vulnerability
* net: drop skb on failure in ip_check_defrag()
net/ipv4/ip_fragment.c
* sctp: fix race on sctp_id2asoc
net/sctp/socket.c
r8169: fix NAPI handling under high load
net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
* net: socket: fix a missing-check bug
net/socket.c
net: sched: gred: pass the right attribute to gred_change_table_def()
* net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
net/ipv6/addrconf.c
* ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
net/ipv6/ndisc.c
* ipv6: mcast: fix a use-after-free in inet6_mc_check
net/ipv6/mcast.c
* net: bridge: remove ipv6 zero address check in mcast queries
net/bridge/br_multicast.c
* bridge: do not add port to router list when receives query with source 0.0.0.0
net/bridge/br_multicast.c
perf tools: Disable parallelism for 'make clean'
mtd: spi-nor: Add support for is25wp series chips
* fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
fs/fat/fatent.c
ARM: dts: imx53-qsb: disable 1.2GHz OPP
MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression
igb: Remove superfluous reset to PHY and page 0 selection
MIPS: microMIPS: Fix decoding of swsp16 instruction
scsi: aacraid: Fix typo in blink status
* bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal
drivers/net/bonding/bond_main.c
PM / devfreq: tegra: fix error return code in tegra_devfreq_probe()
ASoC: spear: fix error return code in spdif_in_probe()
spi: xlp: fix error return code in xlp_spi_probe()
spi/bcm63xx: fix error return code in bcm63xx_spi_probe()
MIPS: Handle non word sized instructions when examining frame
spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe()
usb: dwc3: omap: fix error return code in dwc3_omap_probe()
usb: ehci-omap: fix error return code in ehci_hcd_omap_probe()
usb: imx21-hcd: fix error return code in imx21_probe()
gpio: msic: fix error return code in platform_msic_gpio_probe()
sparc64: Fix exception handling in UltraSPARC-III memcpy.
gpu: host1x: fix error return code in host1x_probe()
sparc64 mm: Fix more TSB sizing issues
video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe()
tty: serial: sprd: fix error return code in sprd_probe()
* l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()
net/l2tp/l2tp_ip.c
net/l2tp/l2tp_ip6.c
brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
gro: Allow tunnel stacking in the case of FOU/GUE
* vti6: flush x-netns xfrm cache when vti interface is removed
net/ipv6/ip6_vti.c
* ALSA: timer: Fix zero-division by continue of uninitialized instance
sound/core/timer.c
ixgbe: Correct X550EM_x revision check
ixgbe: fix RSS limit for X550
net/mlx5e: Correctly handle RSS indirection table when changing number of channels
net/mlx5e: Fix LRO modify
ixgbevf: Fix handling of NAPI budget when multiple queues are enabled per vector
* fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio
fs/fuse/file.c
fs/fuse/fuse_i.h
drm/nouveau/fbcon: fix oops without fbdev emulation
* bpf: generally move prog destruction to RCU deferral
include/linux/bpf.h
kernel/bpf/arraymap.c
kernel/bpf/syscall.c
kernel/events/core.c
* usb-storage: fix bogus hardware error messages for ATA pass-thru devices
drivers/usb/storage/transport.c
sch_red: update backlog as well
sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata
* scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
drivers/scsi/scsi_scan.c
drivers/scsi/scsi_sysfs.c
include/scsi/scsi_device.h
* xfrm: Clear sk_dst_cache when applying per-socket policy.
net/xfrm/xfrm_state.c
* arm64: Fix potential race with hardware DBM in ptep_set_access_flags()
arch/arm64/mm/fault.c
* CIFS: handle guest access errors to Windows shares
fs/cifs/connect.c
ASoC: wm8940: Enable cache usage to fix crashes on resume
ASoC: ak4613: Enable cache usage to fix crashes on resume
MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue
usbvision: revert commit 588afcc1
* perf/core: Don't leak event in the syscall error path
kernel/events/core.c
aacraid: Start adapter after updating number of MSIX vectors
x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs
tpm: fix: return rc when devm_add_action() fails
* thermal: allow u8500-thermal driver to be a module
drivers/thermal/Kconfig
* thermal: allow spear-thermal driver to be a module
drivers/thermal/Kconfig
btrfs: don't create or leak aliased root while cleaning up orphans
* sched/cgroup: Fix cgroup entity load tracking tear-down
kernel/sched/core.c
kernel/sched/fair.c
kernel/sched/sched.h
um: Avoid longjmp/setjmp symbol clashes with libpthread.a
* ipv6: orphan skbs in reassembly unit
net/ipv6/netfilter/nf_conntrack_reasm.c
net/mlx4_en: Resolve dividing by zero in 32-bit system
af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers
* radix-tree: fix radix_tree_iter_retry() for tagged iterators.
include/linux/radix-tree.h
x86/mm/pat: Prevent hang during boot when mapping pages
ARM: dts: apq8064: add ahci ports-implemented mask
* tracing: Skip more functions when doing stack tracing of events
kernel/trace/trace.c
ser_gigaset: use container_of() instead of detour
* net: drop write-only stack variable
net/unix/af_unix.c
* ipv6: suppress sparse warnings in IP6_ECN_set_ce()
include/net/inet_ecn.h
* KEYS: put keyring if install_session_keyring_to_cred() fails
security/keys/process_keys.c
net: cxgb3_main: fix a missing-check bug
* perf/ring_buffer: Prevent concurent ring buffer access
kernel/events/core.c
smsc95xx: Check for Wake-on-LAN modes
smsc75xx: Check for Wake-on-LAN modes
* r8152: Check for supported Wake-on-LAN Modes
drivers/net/usb/r8152.c
sr9800: Check for supported Wake-on-LAN modes
lan78xx: Check for supported Wake-on-LAN modes
* ax88179_178a: Check for supported Wake-on-LAN modes
drivers/net/usb/ax88179_178a.c
* asix: Check for supported Wake-on-LAN modes
drivers/net/usb/asix_common.c
pxa168fb: prepare the clock
* Bluetooth: SMP: fix crash in unpairing
net/bluetooth/mgmt.c
net/bluetooth/smp.c
net/bluetooth/smp.h
mac80211_hwsim: do not omit multicast announce of first added radio
* xfrm: validate template mode
net/xfrm/xfrm_user.c
ARM: 8799/1: mm: fix pci_ioremap_io() offset check
* cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
net/wireless/reg.c
mac80211: Always report TX status
* xfrm6: call kfree_skb when skb is toobig
net/ipv6/xfrm6_output.c
* xfrm: Validate address prefix lengths in the xfrm selector.
net/xfrm/xfrm_user.c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
831965bd2d |
Merge 4.4.163 into android-4.4-p
Changes in 4.4.163
xfrm: Validate address prefix lengths in the xfrm selector.
xfrm6: call kfree_skb when skb is toobig
mac80211: Always report TX status
cfg80211: reg: Init wiphy_idx in regulatory_hint_core()
ARM: 8799/1: mm: fix pci_ioremap_io() offset check
xfrm: validate template mode
mac80211_hwsim: do not omit multicast announce of first added radio
Bluetooth: SMP: fix crash in unpairing
pxa168fb: prepare the clock
asix: Check for supported Wake-on-LAN modes
ax88179_178a: Check for supported Wake-on-LAN modes
lan78xx: Check for supported Wake-on-LAN modes
sr9800: Check for supported Wake-on-LAN modes
r8152: Check for supported Wake-on-LAN Modes
smsc75xx: Check for Wake-on-LAN modes
smsc95xx: Check for Wake-on-LAN modes
perf/ring_buffer: Prevent concurent ring buffer access
net: cxgb3_main: fix a missing-check bug
KEYS: put keyring if install_session_keyring_to_cred() fails
ipv6: suppress sparse warnings in IP6_ECN_set_ce()
net: drop write-only stack variable
ser_gigaset: use container_of() instead of detour
tracing: Skip more functions when doing stack tracing of events
ARM: dts: apq8064: add ahci ports-implemented mask
x86/mm/pat: Prevent hang during boot when mapping pages
radix-tree: fix radix_tree_iter_retry() for tagged iterators.
af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers
net/mlx4_en: Resolve dividing by zero in 32-bit system
ipv6: orphan skbs in reassembly unit
um: Avoid longjmp/setjmp symbol clashes with libpthread.a
sched/cgroup: Fix cgroup entity load tracking tear-down
btrfs: don't create or leak aliased root while cleaning up orphans
thermal: allow spear-thermal driver to be a module
thermal: allow u8500-thermal driver to be a module
tpm: fix: return rc when devm_add_action() fails
x86/PCI: Mark Broadwell-EP Home Agent 1 as having non-compliant BARs
aacraid: Start adapter after updating number of MSIX vectors
perf/core: Don't leak event in the syscall error path
usbvision: revert commit 588afcc1
MIPS: Fix FCSR Cause bit handling for correct SIGFPE issue
ASoC: ak4613: Enable cache usage to fix crashes on resume
ASoC: wm8940: Enable cache usage to fix crashes on resume
CIFS: handle guest access errors to Windows shares
arm64: Fix potential race with hardware DBM in ptep_set_access_flags()
xfrm: Clear sk_dst_cache when applying per-socket policy.
scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state
sparc/pci: Refactor dev_archdata initialization into pci_init_dev_archdata
sch_red: update backlog as well
usb-storage: fix bogus hardware error messages for ATA pass-thru devices
bpf: generally move prog destruction to RCU deferral
drm/nouveau/fbcon: fix oops without fbdev emulation
fuse: Dont call set_page_dirty_lock() for ITER_BVEC pages for async_dio
ixgbevf: Fix handling of NAPI budget when multiple queues are enabled per vector
net/mlx5e: Fix LRO modify
net/mlx5e: Correctly handle RSS indirection table when changing number of channels
ixgbe: fix RSS limit for X550
ixgbe: Correct X550EM_x revision check
ALSA: timer: Fix zero-division by continue of uninitialized instance
vti6: flush x-netns xfrm cache when vti interface is removed
gro: Allow tunnel stacking in the case of FOU/GUE
brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain
l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv()
tty: serial: sprd: fix error return code in sprd_probe()
video: fbdev: pxa3xx_gcu: fix error return code in pxa3xx_gcu_probe()
sparc64 mm: Fix more TSB sizing issues
gpu: host1x: fix error return code in host1x_probe()
sparc64: Fix exception handling in UltraSPARC-III memcpy.
gpio: msic: fix error return code in platform_msic_gpio_probe()
usb: imx21-hcd: fix error return code in imx21_probe()
usb: ehci-omap: fix error return code in ehci_hcd_omap_probe()
usb: dwc3: omap: fix error return code in dwc3_omap_probe()
spi/bcm63xx-hspi: fix error return code in bcm63xx_hsspi_probe()
MIPS: Handle non word sized instructions when examining frame
spi/bcm63xx: fix error return code in bcm63xx_spi_probe()
spi: xlp: fix error return code in xlp_spi_probe()
ASoC: spear: fix error return code in spdif_in_probe()
PM / devfreq: tegra: fix error return code in tegra_devfreq_probe()
bonding: avoid defaulting hard_header_len to ETH_HLEN on slave removal
scsi: aacraid: Fix typo in blink status
MIPS: microMIPS: Fix decoding of swsp16 instruction
igb: Remove superfluous reset to PHY and page 0 selection
MIPS: DEC: Fix an int-handler.S CPU_DADDI_WORKAROUNDS regression
ARM: dts: imx53-qsb: disable 1.2GHz OPP
fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
mtd: spi-nor: Add support for is25wp series chips
perf tools: Disable parallelism for 'make clean'
bridge: do not add port to router list when receives query with source 0.0.0.0
net: bridge: remove ipv6 zero address check in mcast queries
ipv6: mcast: fix a use-after-free in inet6_mc_check
ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs
net: sched: gred: pass the right attribute to gred_change_table_def()
net: socket: fix a missing-check bug
net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules
r8169: fix NAPI handling under high load
sctp: fix race on sctp_id2asoc
net: drop skb on failure in ip_check_defrag()
vhost: Fix Spectre V1 vulnerability
rtnetlink: Disallow FDB configuration for non-Ethernet device
mremap: properly flush TLB before releasing the page
crypto: shash - Fix a sleep-in-atomic bug in shash_setkey_unaligned
ahci: don't ignore result code of ahci_reset_controller()
cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
ptp: fix Spectre v1 vulnerability
RDMA/ucma: Fix Spectre v1 vulnerability
IB/ucm: Fix Spectre v1 vulnerability
cdc-acm: correct counting of UART states in serial state notification
usb: gadget: storage: Fix Spectre v1 vulnerability
USB: fix the usbfs flag sanitization for control transfers
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
sched/fair: Fix throttle_list starvation with low CFS quota
x86/percpu: Fix this_cpu_read()
cpuidle: Do not access cpuidle_devices when !CONFIG_CPU_IDLE
l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6
x86/time: Correct the attribute on jiffies' definition
Linux 4.4.163
Change-Id: Ic88925a69ebd358554c032f243219ff0b9b73e0d
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Wenwen Wang
|
98528072a2 |
net: socket: fix a missing-check bug
[ Upstream commit b6168562c8ce2bd5a30e213021650422e08764dc ] In ethtool_ioctl(), the ioctl command 'ethcmd' is checked through a switch statement to see whether it is necessary to pre-process the ethtool structure, because, as mentioned in the comment, the structure ethtool_rxnfc is defined with padding. If yes, a user-space buffer 'rxnfc' is allocated through compat_alloc_user_space(). One thing to note here is that, if 'ethcmd' is ETHTOOL_GRXCLSRLALL, the size of the buffer 'rxnfc' is partially determined by 'rule_cnt', which is actually acquired from the user-space buffer 'compat_rxnfc', i.e., 'compat_rxnfc->rule_cnt', through get_user(). After 'rxnfc' is allocated, the data in the original user-space buffer 'compat_rxnfc' is then copied to 'rxnfc' through copy_in_user(), including the 'rule_cnt' field. However, after this copy, no check is re-enforced on 'rxnfc->rule_cnt'. So it is possible that a malicious user race to change the value in the 'compat_rxnfc->rule_cnt' between these two copies. Through this way, the attacker can bypass the previous check on 'rule_cnt' and inject malicious data. This can cause undefined behavior of the kernel and introduce potential security risk. This patch avoids the above issue via copying the value acquired by get_user() to 'rxnfc->rule_cn', if 'ethcmd' is ETHTOOL_GRXCLSRLALL. Signed-off-by: Wenwen Wang <wang6495@umn.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
72b7cafa0d |
Merge 4.4.146 into android-msm-wahoo-4.4-lts
Linux 4.4.146
* scsi: sg: fix minor memory leak in error path
drivers/scsi/sg.c
crypto: padlock-aes - Fix Nano workaround data corruption
kvm: x86: vmx: fix vpid leak
* virtio_balloon: fix another race between migration and ballooning
drivers/virtio/virtio_balloon.c
* net: socket: fix potential spectre v1 gadget in socketcall
net/socket.c
can: ems_usb: Fix memory leak on ems_usb_disconnect()
squashfs: more metadata hardenings
squashfs: more metadata hardening
* netlink: Fix spectre v1 gadget in netlink_create()
net/netlink/af_netlink.c
* net: dsa: Do not suspend/resume closed slave_dev
net/dsa/slave.c
* inet: frag: enforce memory limits earlier
net/ipv4/inet_fragment.c
* tcp: add one more quick ack after after ECN events
net/ipv4/tcp_input.c
* tcp: refactor tcp_ecn_check_ce to remove sk type cast
net/ipv4/tcp_input.c
* tcp: do not aggressively quick ack after ECN events
net/ipv4/tcp_input.c
* tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
include/net/tcp.h
net/ipv4/tcp_input.c
* tcp: do not force quickack when receiving out-of-order packets
net/ipv4/tcp_input.c
NET: stmmac: align DMA stuff to largest cache line length
xen-netfront: wait xenbus state change when load module manually
net: lan78xx: fix rx handling before first packet is send
net: fix amd-xgbe flow-control issue
* ipv4: remove BUG_ON() from fib_compute_spec_dst
net/ipv4/fib_frontend.c
ASoC: pxa: Fix module autoload for platform drivers
dmaengine: pxa_dma: remove duplicate const qualifier
* ext4: check for allocation block validity with block group locked
fs/ext4/balloc.c
fs/ext4/ialloc.c
* ext4: fix inline data updates with checksums enabled
fs/ext4/inline.c
fs/ext4/inode.c
* squashfs: be more careful about metadata corruption
fs/squashfs/squashfs_fs.h
* random: mix rdrand with entropy sent in from userspace
drivers/char/random.c
drm: Add DP PSR2 sink enable bit
media: si470x: fix __be16 annotations
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: scsi_dh: replace too broad "TP9" string with the exact models
media: omap3isp: fix unbalanced dma_iommu_mapping
* crypto: authenc - don't leak pointers to authenc keys
crypto/authenc.c
* crypto: authencesn - don't leak pointers to authenc keys
crypto/authencesn.c
* usb: hub: Don't wait for connect state at resume for powered-off ports
drivers/usb/core/hub.c
microblaze: Fix simpleImage format generation
* audit: allow not equal op for audit by executable
kernel/auditfilter.c
rsi: Fix 'invalid vdd' warning in mmc
* ipconfig: Correctly initialise ic_nameservers
net/ipv4/ipconfig.c
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
memory: tegra: Apply interrupts mask per SoC
memory: tegra: Do not handle spurious interrupts
ALSA: hda/ca0132: fix build failure when a local macro is defined
drm/atomic: Handling the case when setting old crtc for plane
media: siano: get rid of __le32/__le16 cast warnings
* bpf: fix references to free_bpf_prog_info() in comments
kernel/bpf/verifier.c
thermal: exynos: fix setting rising_threshold for Exynos5433
scsi: megaraid: silence a static checker bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: 3w-9xxx: fix a missing-check bug
perf: fix invalid bit in diagnostic entry
s390/cpum_sf: Add data entry sizes to sampling trailer entry
brcmfmac: Add support for bcm43364 wireless chipset
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
media: saa7164: Fix driver name in debug output
libata: Fix command retry decision
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
* tty: Fix data race in tty_insert_flip_string_fixed_flag
drivers/tty/pty.c
HID: i2c-hid: check if device is there before really probing
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
drm/radeon: fix mode_valid's return type
* HID: hid-plantronics: Re-resend Update to map button for PTT products
drivers/hid/hid-plantronics.c
* ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
sound/usb/pcm.c
media: smiapp: fix timeout checking in smiapp_read_nvm
* md: fix NULL dereference of mddev->pers in remove_and_add_spares()
drivers/md/md.c
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
ALSA: emu10k1: Rate-limit error messages about page errors
* scsi: ufs: fix exception event handling
drivers/scsi/ufs/ufshcd.c
mwifiex: correct histogram data with appropriate index
* PCI: pciehp: Request control of native hotplug only if supported
drivers/acpi/pci_root.c
pinctrl: at91-pio4: add missing of_node_put
powerpc/8xx: fix invalid register expression in head_8xx.S
powerpc/powermac: Mark variable x as unused
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/32: Add a missing include header
ath: Add regulatory mapping for Bahamas
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for FCC3_ETSIC
* PCI: Prevent sysfs disable of device while driver is attached
drivers/pci/pci-sysfs.c
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
* media: videobuf2-core: don't call memop 'finish' when queueing
drivers/media/v4l2-core/videobuf2-core.c
wlcore: sdio: check for valid platform device data before suspend
mwifiex: handle race during mwifiex_usb_disconnect
mfd: cros_ec: Fail early if we cannot identify the EC
* ASoC: dpcm: fix BE dai not hw_free and shutdown
sound/soc/soc-pcm.c
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
iwlwifi: pcie: fix race in Rx buffer allocator
perf/x86/intel/uncore: Correct fixed counter index check for NHM
perf/x86/intel/uncore: Correct fixed counter index check in generic code
usbip: usbip_detach: Fix memory, udev context and udev leak
f2fs: fix to don't trigger writeback during recovery
* disable loading f2fs module on PAGE_SIZE > 4KB
fs/f2fs/super.c
RDMA/mad: Convert BUG_ONs to error flows
powerpc/64s: Fix compiler store ordering to SLB shadow area
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
infiniband: fix a possible use-after-free bug
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
* rtc: ensure rtc_set_alarm fails when alarms are not supported
drivers/rtc/interface.c
* mm/slub.c: add __printf verification to slab_err()
mm/slub.c
* mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm/vmalloc.c
* nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
fs/nfsd/nfs4xdr.c
ALSA: fm801: add error handling for snd_ctl_add
ALSA: emu10k1: add error handling for snd_ctl_add
xen/netfront: raise max number of slots in xennet_get_responses()
* tracing: Quiet gcc warning about maybe unused link variable
kernel/trace/trace_kprobe.c
* tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
kernel/trace/trace_kprobe.c
* tracing: Fix possible double free in event_enable_trigger_func()
kernel/trace/trace_events_trigger.c
* tracing: Fix double free of event_trigger_data
kernel/trace/trace_events_trigger.c
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
MIPS: Fix off-by-one in pci_resource_to_user()
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
a38145abaa |
Merge 4.4.146 into android-4.4-p
Changes in 4.4.146 MIPS: Fix off-by-one in pci_resource_to_user() Input: elan_i2c - add ACPI ID for lenovo ideapad 330 Input: i8042 - add Lenovo LaVie Z to the i8042 reset list Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST tracing: Fix double free of event_trigger_data tracing: Fix possible double free in event_enable_trigger_func() tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure tracing: Quiet gcc warning about maybe unused link variable xen/netfront: raise max number of slots in xennet_get_responses() ALSA: emu10k1: add error handling for snd_ctl_add ALSA: fm801: add error handling for snd_ctl_add nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo mm: vmalloc: avoid racy handling of debugobjects in vunmap mm/slub.c: add __printf verification to slab_err() rtc: ensure rtc_set_alarm fails when alarms are not supported netfilter: ipset: List timing out entries with "timeout 1" instead of zero infiniband: fix a possible use-after-free bug hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common() powerpc/64s: Fix compiler store ordering to SLB shadow area RDMA/mad: Convert BUG_ONs to error flows disable loading f2fs module on PAGE_SIZE > 4KB f2fs: fix to don't trigger writeback during recovery usbip: usbip_detach: Fix memory, udev context and udev leak perf/x86/intel/uncore: Correct fixed counter index check in generic code perf/x86/intel/uncore: Correct fixed counter index check for NHM iwlwifi: pcie: fix race in Rx buffer allocator Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011 ASoC: dpcm: fix BE dai not hw_free and shutdown mfd: cros_ec: Fail early if we cannot identify the EC mwifiex: handle race during mwifiex_usb_disconnect wlcore: sdio: check for valid platform device data before suspend media: videobuf2-core: don't call memop 'finish' when queueing btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups btrfs: qgroup: Finish rescan when hit the last leaf of extent tree PCI: Prevent sysfs disable of device while driver is attached ath: Add regulatory mapping for FCC3_ETSIC ath: Add regulatory mapping for ETSI8_WORLD ath: Add regulatory mapping for APL13_WORLD ath: Add regulatory mapping for APL2_FCCA ath: Add regulatory mapping for Uganda ath: Add regulatory mapping for Tanzania ath: Add regulatory mapping for Serbia ath: Add regulatory mapping for Bermuda ath: Add regulatory mapping for Bahamas powerpc/32: Add a missing include header powerpc/chrp/time: Make some functions static, add missing header include powerpc/powermac: Add missing prototype for note_bootable_part() powerpc/powermac: Mark variable x as unused powerpc/8xx: fix invalid register expression in head_8xx.S pinctrl: at91-pio4: add missing of_node_put PCI: pciehp: Request control of native hotplug only if supported mwifiex: correct histogram data with appropriate index scsi: ufs: fix exception event handling ALSA: emu10k1: Rate-limit error messages about page errors regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops md: fix NULL dereference of mddev->pers in remove_and_add_spares() media: smiapp: fix timeout checking in smiapp_read_nvm ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback HID: hid-plantronics: Re-resend Update to map button for PTT products drm/radeon: fix mode_valid's return type powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet HID: i2c-hid: check if device is there before really probing tty: Fix data race in tty_insert_flip_string_fixed_flag dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open() libata: Fix command retry decision media: saa7164: Fix driver name in debug output mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages brcmfmac: Add support for bcm43364 wireless chipset s390/cpum_sf: Add data entry sizes to sampling trailer entry perf: fix invalid bit in diagnostic entry scsi: 3w-9xxx: fix a missing-check bug scsi: 3w-xxxx: fix a missing-check bug scsi: megaraid: silence a static checker bug thermal: exynos: fix setting rising_threshold for Exynos5433 bpf: fix references to free_bpf_prog_info() in comments media: siano: get rid of __le32/__le16 cast warnings drm/atomic: Handling the case when setting old crtc for plane ALSA: hda/ca0132: fix build failure when a local macro is defined memory: tegra: Do not handle spurious interrupts memory: tegra: Apply interrupts mask per SoC drm/gma500: fix psb_intel_lvds_mode_valid()'s return type ipconfig: Correctly initialise ic_nameservers rsi: Fix 'invalid vdd' warning in mmc audit: allow not equal op for audit by executable microblaze: Fix simpleImage format generation usb: hub: Don't wait for connect state at resume for powered-off ports crypto: authencesn - don't leak pointers to authenc keys crypto: authenc - don't leak pointers to authenc keys media: omap3isp: fix unbalanced dma_iommu_mapping scsi: scsi_dh: replace too broad "TP9" string with the exact models scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs media: si470x: fix __be16 annotations drm: Add DP PSR2 sink enable bit random: mix rdrand with entropy sent in from userspace squashfs: be more careful about metadata corruption ext4: fix inline data updates with checksums enabled ext4: check for allocation block validity with block group locked dmaengine: pxa_dma: remove duplicate const qualifier ASoC: pxa: Fix module autoload for platform drivers ipv4: remove BUG_ON() from fib_compute_spec_dst net: fix amd-xgbe flow-control issue net: lan78xx: fix rx handling before first packet is send xen-netfront: wait xenbus state change when load module manually NET: stmmac: align DMA stuff to largest cache line length tcp: do not force quickack when receiving out-of-order packets tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode tcp: do not aggressively quick ack after ECN events tcp: refactor tcp_ecn_check_ce to remove sk type cast tcp: add one more quick ack after after ECN events inet: frag: enforce memory limits earlier net: dsa: Do not suspend/resume closed slave_dev netlink: Fix spectre v1 gadget in netlink_create() squashfs: more metadata hardening squashfs: more metadata hardenings can: ems_usb: Fix memory leak on ems_usb_disconnect() net: socket: fix potential spectre v1 gadget in socketcall virtio_balloon: fix another race between migration and ballooning kvm: x86: vmx: fix vpid leak crypto: padlock-aes - Fix Nano workaround data corruption scsi: sg: fix minor memory leak in error path Linux 4.4.146 Change-Id: I7b8ad5e297804f92b3e3a8c5daf8a26ba684029b Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Jeremy Cline
|
d856749a77 |
net: socket: fix potential spectre v1 gadget in socketcall
commit c8e8cd579bb4265651df8223730105341e61a2d1 upstream. 'call' is a user-controlled value, so sanitize the array index after the bounds check to avoid speculating past the bounds of the 'nargs' array. Found with the help of Smatch: net/socket.c:2508 __do_sys_socketcall() warn: potential spectre issue 'nargs' [r] (local cap) Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Jeremy Cline <jcline@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thierry Strudel
|
5308266998 |
Merge 4.4.116 into android-msm-wahoo-4.4
Linux 4.4.116
ftrace: Remove incorrect setting of glob search field
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
ovl: fix failure to fsync lower dir
ACPI: sbshc: remove raw pointer from printk() message
nvme: Fix managing degraded controllers
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
pktcdvd: Fix pkt_setup_dev() error path
EDAC, octeon: Fix an uninitialized variable warning
xtensa: fix futex_atomic_cmpxchg_inatomic
alpha: fix reboot on Avanti platform
alpha: fix crash if pthread_create races with signal delivery
signal/sh: Ensure si_signo is initialized in do_divide_error
signal/openrisc: Fix do_unaligned_access to send the proper signal
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btsdio: Do not bind to non-removable BCM43341
* HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
* kernel/async.c: revert "async: simplify lowest_in_progress()"
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
media: ts2020: avoid integer overflows on 32 bit machines
watchdog: imx2_wdt: restore previous timeout after suspend+resume
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
crypto: caam - fix endless loop when DECO acquire fails
* media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
* media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
* media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
* media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
* media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
* media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
* media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
* media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
* media: v4l2-compat-ioctl32.c: avoid sizeof(type)
* media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
* media: v4l2-compat-ioctl32.c: fix the indentation
* media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
* vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
* media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
* nsfs: mark dentry with DCACHE_RCUACCESS
crypto: poly1305 - remove ->setkey() method
* crypto: cryptd - pass through absence of ->setkey()
* crypto: hash - introduce crypto_hash_alg_has_setkey()
ahci: Add Intel Cannon Lake PCH-H PCI ID
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Annotate PCI ids for mobile Intel chipsets as such
* kernfs: fix regression in kernfs_fop_write caused by wrong type
NFS: reject request for id_legacy key without auxdata
NFS: commit direct writes even if they fail partially
NFS: Add a cond_resched() to nfs_commit_release_pages()
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
ubi: block: Fix locking for idr_alloc/idr_remove
mtd: nand: sunxi: Fix ECC strength choice
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: brcmnand: Disable prefetch by default
mtd: cfi: convert inline functions to macros
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
dccp: CVE-2017-8824: use-after-free in DCCP code
* sched/rt: Up the root domain ref count when passing it around via IPIs
* sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
usb: gadget: uvc: Missing files for configfs interface
* posix-timer: Properly check sigevent->sigev_notify
* netfilter: nf_queue: Make the queue_handler pernet
kaiser: fix compile error without vsyscall
x86/kaiser: fix build error with KASAN && !FUNCTION_GRAPH_TRACER
dmaengine: dmatest: fix container_of member in dmatest_callback
CIFS: zero sensitive data when freeing
cifs: Fix autonegotiate security settings mismatch
cifs: Fix missing put_xid in cifs_file_strict_mmap
powerpc/pseries: include linux/types.h in asm/hvcall.h
x86/microcode: Do the family check first
x86/microcode/AMD: Do not load when running on a hypervisor
crypto: tcrypt - fix S/G table for test_aead_speed()
* don't put symlink bodies in pagecache into highmem
KEYS: encrypted: fix buffer overread in valid_master_desc()
media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
vhost_net: stop device during reset owner
* tcp: release sk_frag.page in tcp_disconnect
r8169: fix RTL8168EP take too long to complete driver initialization.
qlcnic: fix deadlock bug
* net: igmp: add a missing rcu locking section
ip6mr: fix stale iterator
x86/asm: Fix inline asm call constraints for GCC 4.4
drm: rcar-du: Fix race condition when disabling planes at CRTC stop
drm: rcar-du: Use the VBK interrupt for vblank events
ASoC: rsnd: avoid duplicate free_irq()
ASoC: rsnd: don't call free_irq() on Parent SSI
ASoC: simple-card: Fix misleading error message
* net: cdc_ncm: initialize drvflags before usage
usbip: fix 3eee23c3ec14 tcp_socket address still in the status file
usbip: vhci_hcd: clear just the USB_PORT_STAT_POWER bit
ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
powerpc/64s: Allow control of RFI flush via debugfs
powerpc/64s: Wire up cpu_show_meltdown()
powerpc/powernv: Check device-tree for RFI flush settings
powerpc/pseries: Query hypervisor for RFI flush settings
powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti
powerpc/64s: Add support for RFI flush of L1-D cache
powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL
powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL
powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL
powerpc/64s: Simple RFI macro conversions
powerpc/64: Add macros for annotating the destination of rfid/hrfid
powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
* powerpc: Simplify module TOC handling
powerpc: Fix VSX enabling/flushing to also test MSR_FP and MSR_VEC
powerpc/64: Fix flush_(d|i)cache_range() called from modules
powerpc/bpf/jit: Disable classic BPF JIT on ppc64le
Linux 4.4.115
spi: imx: do not access registers while clocks disabled
serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS
* selinux: general protection fault in sock_has_perm
usb: uas: unconditionally bring back host after reset
* usb: f_fs: Prevent gadget unbind if it is already unbound
* USB: serial: simple: add Motorola Tetra driver
usbip: list: don't list devices attached to vhci_hcd
usbip: prevent bind loops on devices attached to vhci_hcd
USB: serial: io_edgeport: fix possible sleep-in-atomic
CDC-ACM: apply quirk for card reader
USB: cdc-acm: Do not log urb submission errors on disconnect
USB: serial: pl2303: new device id for Chilitag
usb: option: Add support for FS040U modem
staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID
* usb: gadget: don't dereference g until after it has been null checked
media: usbtv: add a new usbid
* scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg
scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path
xfs: ubsan fixes
drm/omap: Fix error handling path in 'omap_dmm_probe()'
kmemleak: add scheduling point to kmemleak_scan()
SUNRPC: Allow connect to return EHOSTUNREACH
* quota: Check for register_shrinker() failure.
* net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit
hwmon: (pmbus) Use 64bit math for DIRECT format values
lockd: fix "list_add double add" caused by legacy signal interface
nfsd: check for use of the closed special stateid
grace: replace BUG_ON by WARN_ONCE in exit_net hook
nfsd: Ensure we check stateid validity in the seqid operation checks
nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0)
xen-netfront: remove warning when unloading module
KVM: VMX: Fix rflags cache during vCPU reset
btrfs: fix deadlock when writing out space cache
mac80211: fix the update of path metric for RANN frame
openvswitch: fix the incorrect flow action alloc size
drm/amdkfd: Fix SDMA oversubsription handling
drm/amdkfd: Fix SDMA ring buffer size calculation
drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode
bcache: check return value of register_shrinker
* cpufreq: Add Loongson machine dependencies
* ACPI / bus: Leave modalias empty for devices which are not present
KVM: x86: ioapic: Preserve read-only values in the redirection table
KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered
KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race
KVM: X86: Fix operand/address-size during instruction decoding
KVM: x86: Don't re-execute instruction when not passing CR2 value
KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure
igb: Free IRQs when device is hotplugged
mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE
gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
crypto: af_alg - whitelist mask and type
crypto: aesni - handle zero length dst buffer
ALSA: seq: Make ioctls race-free
kaiser: fix intel_bts perf crashes
x86/pti: Make unpoison of pgd for trusted boot work for real
bpf: reject stores into ctx via st and xadd
* bpf: fix 32-bit divide by zero
* bpf: fix divides by zero
* bpf: avoid false sharing of map refcount with max_entries
bpf: arsh is not supported in 32 bit alu thus reject it
* bpf: introduce BPF_JIT_ALWAYS_ON config
* bpf: fix bpf_tail_call() x64 JIT
x86: bpf_jit: small optimization in emit_bpf_tail_call()
bpf: fix branch pruning logic
* loop: fix concurrent lo_open/lo_release
Linux 4.4.114
nfsd: auth: Fix gid sorting when rootsquash enabled
* net: tcp: close sock if net namespace is exiting
* flow_dissector: properly cap thoff field
* ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY
* net: Allow neigh contructor functions ability to modify the primary_key
vmxnet3: repair memory leak
sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf
sctp: do not allow the v4 socket to bind a v4mapped v6 address
r8169: fix memory corruption on retrieval of hardware statistics.
* pppoe: take ->needed_headroom of lower device into account on xmit
* net: qdisc_pkt_len_init() should be more robust
* tcp: __tcp_hdrlen() helper
* net: igmp: fix source address check for IGMPv3 reports
lan78xx: Fix failure in USB Full Speed
* ipv6: ip6_make_skb() needs to clear cork.base.dst
* ipv6: fix udpv6 sendmsg crash caused by too small MTU
* ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL
dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state
* hrtimer: Reset hrtimer cpu base proper on CPU hotplug
x86/microcode/intel: Extend BDW late-loading further with LLC size check
* eventpoll.h: add missing epoll event masks
vsyscall: Fix permissions for emulate mode with KAISER/PTI
um: link vmlinux with -no-pie
usbip: prevent leaking socket pointer address in messages
usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
usbip: fix stub_rx: get_pipe() to validate endpoint number
usb: usbip: Fix possible deadlocks reported by lockdep
Input: trackpoint - force 3 buttons if 0 button is reported
* Revert "module: Add retpoline tag to VERMAGIC"
scsi: libiscsi: fix shifting of DID_REQUEUE host byte
* fs/fcntl: f_setown, avoid undefined behaviour
reiserfs: Don't clear SGID when inheriting ACLs
reiserfs: don't preallocate blocks for extended attributes
reiserfs: fix race in prealloc discard
ext2: Don't clear SGID when inheriting ACLs
netfilter: xt_osf: Add missing permission checks
netfilter: nfnetlink_cthelper: Add missing permission checks
* netfilter: fix IS_ERR_VALUE usage
* netfilter: use fwmark_reflect in nf_send_reset
netfilter: nf_conntrack_sip: extend request line validation
* netfilter: restart search if moved to other chain
* netfilter: nfnetlink_queue: reject verdict request from different portid
* netfilter: nf_ct_expect: remove the redundant slash when policy name is empty
* netfilter: nf_dup_ipv6: set again FLOWI_FLAG_KNOWN_NH at flowi6_flags
* netfilter: arp_tables: fix invoking 32bit "iptable -P INPUT ACCEPT" failed in 64bit kernel
* netfilter: x_tables: speed up jump target validation
* ACPICA: Namespace: fix operand cache leak
* ACPI / scan: Prefer devices without _HID/_CID for _ADR matching
* ACPI / processor: Avoid reserving IO regions too early
x86/ioapic: Fix incorrect pointers in ioapic_setup_resources()
ipc: msg, make msgrcv work with LONG_MIN
* mm, page_alloc: fix potential false positive in __zone_watermark_ok
* cma: fix calculation of aligned offset
hwpoison, memcg: forcibly uncharge LRU pages
* mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack
* fs/select: add vmalloc fallback for select(2)
mmc: sdhci-of-esdhc: add/remove some quirks according to vendor version
PCI: layerscape: Fix MSG TLP drop setting
PCI: layerscape: Add "fsl,ls2085a-pcie" compatible ID
* drivers: base: cacheinfo: fix boot error message when acpi is enabled
* drivers: base: cacheinfo: fix x86 with CONFIG_OF enabled
Prevent timer value 0 for MWAITX
* timers: Plug locking race vs. timer migration
* time: Avoid undefined behaviour in ktime_add_safe()
PM / sleep: declare __tracedata symbols as char[] rather than char
can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once
can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once
* sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks
x86/retpoline: Fill RSB on context switch for affected CPUs
x86/cpu/intel: Introduce macros for Intel family numbers
x86/microcode/intel: Fix BDW late-loading revision check
usbip: Fix potential format overflow in userspace tools
usbip: Fix implicit fallthrough warning
usbip: prevent vhci_hcd driver from leaking a socket pointer address
x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels
Linux 4.4.113
MIPS: AR7: ensure the port type's FCR value is used
x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
x86/pti: Document fix wrong index
kprobes/x86: Disable optimizing on the function jumps to indirect thunk
kprobes/x86: Blacklist indirect thunk functions for kprobes
retpoline: Introduce start/end markers of indirect thunk
x86/mce: Make machine check speculation protected
* kbuild: modversions for EXPORT_SYMBOL() for asm
x86/cpu, x86/pti: Do not enable PTI on AMD processors
arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6
dm btree: fix serious bug in btree_split_beneath()
libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
can: peak: fix potential bug in packet fragmentation
ARM: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7
* phy: work around 'phys' references to usb-nop-xceiv devices
* tracing: Fix converting enum's from the map in trace_event_eval_update()
Input: twl4030-vibra - fix sibling-node lookup
Input: twl6040-vibra - fix child-node lookup
Input: twl6040-vibra - fix DT node memory management
Input: 88pm860x-ts - fix child-node lookup
x86/apic/vector: Fix off by one in error path
* pipe: avoid round_pipe_size() nr_pages overflow on 32-bit
* module: Add retpoline tag to VERMAGIC
x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
* sched/deadline: Zero out positive runtime after throttling constrained tasks
scsi: hpsa: fix volume offline state
* af_key: fix buffer overread in parse_exthdrs()
* af_key: fix buffer overread in verify_address_len()
ALSA: hda - Apply the existing quirk to iMac 14,1
ALSA: hda - Apply headphone noise quirk for another Dell XPS 13 variant
* ALSA: pcm: Remove yet superfluous WARN_ON()
* futex: Prevent overflow by strengthen input validation
* scsi: sg: disable SET_FORCE_LOW_DMA
x86/retpoline: Remove compile time warning
x86/retpoline: Fill return stack buffer on vmexit
x86/retpoline/irq32: Convert assembler indirect jumps
x86/retpoline/checksum32: Convert assembler indirect jumps
x86/retpoline/xen: Convert Xen hypercall indirect jumps
x86/retpoline/hyperv: Convert assembler indirect jumps
x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
x86/retpoline/entry: Convert entry assembler indirect jumps
x86/retpoline/crypto: Convert crypto assembler indirect jumps
x86/spectre: Add boot time option to select Spectre v2 mitigation
x86/retpoline: Add initial retpoline support
* kconfig.h: use __is_defined() to check if MODULE is defined
EXPORT_SYMBOL() for asm
x86/asm: Make asm/alternative.h safe from assembly
x86/kbuild: enable modversions for symbols exported from asm
x86/asm: Use register variable to get stack pointer value
x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier
x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
x86/cpu/AMD: Make LFENCE a serializing instruction
* gcov: disable for COMPILE_TEST
Linux 4.4.112
selftests/x86: Add test_vsyscall
x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
x86/alternatives: Fix optimize_nops() checking
sysfs/cpu: Fix typos in vulnerability documentation
x86/cpu: Implement CPU vulnerabilites sysfs functions
* sysfs/cpu: Add vulnerability folder
x86/cpu: Merge bugs.c and bugs_64.c
x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
x86/cpufeatures: Add X86_BUG_CPU_INSECURE
x86/cpufeatures: Make CPU bugs sticky
x86/cpu: Factor out application of forced CPU caps
x86/Documentation: Add PTI description
e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
uas: ignore UAS for Norelsys NS1068(X) chips
* Bluetooth: Prevent stack info leak from the EFS element.
* staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
usbip: remove kernel addresses from usb device and urb debug msgs
USB: fix usbmon BUG trigger
usb: misc: usb3503: make sure reset is low for at least 100us
USB: serial: cp210x: add new device ID ELV ALC 8xxx
USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ
target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK
iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref
bpf, array: fix overflow in max_entries and undefined behavior in index_mask
* bpf: prevent out-of-bounds speculation
bpf: adjust insn_aux_data when patching insns
bpf: refactor fixup_bpf_calls()
bpf: move fixup_bpf_calls() function
bpf: don't (ab)use instructions to store state
* bpf: add bpf_patch_insn_single helper
kaiser: Set _PAGE_NX only if supported
drm/vmwgfx: Potential off by one in vmw_view_add()
KVM: x86: Add memory barrier on vmcs field lookup
x86/microcode/intel: Extend BDW late-loading with a revision check
rbd: set max_segments to USHRT_MAX
* crypto: algapi - fix NULL dereference in crypto_remove_spawns()
* ipv6: fix possible mem leaks in ipv6_make_skb()
* net: stmmac: enable EEE in MII, GMII or RGMII only
sh_eth: fix SH7757 GEther initialization
sh_eth: fix TSU resource handling
RDS: null pointer dereference in rds_atomic_free_op
RDS: Heap OOB write in rds_message_alloc_sgs()
* net: core: fix module type in sock_diag_bind
* ip6_tunnel: disable dst caching if tunnel is dual-stack
8021q: fix a memory leak for VLAN 0 device
x86/pti/efi: broken conversion from efi to kernel page table
Revert "userfaultfd: selftest: vm: allow to build in vm/ directory"
* xhci: Fix ring leak in failure path of xhci_alloc_virt_device()
* sysrq: Fix warning in sysrq generated crash.
* hwrng: core - sleep interruptible in read
* x86/mm/pat, /dev/mem: Remove superfluous error message
cx82310_eth: use skb_cow_head() to deal with cloned skbs
smsc75xx: use skb_cow_head() to deal with cloned skbs
sr9700: use skb_cow_head() to deal with cloned skbs
lan78xx: use skb_cow_head() to deal with cloned skbs
* r8152: adjust ALDPS function
* r8152: use test_and_clear_bit
* r8152: fix the wake event
usb: musb: ux500: Fix NULL pointer dereference at system PM
usbvision fix overflow of interfaces array
* locking/mutex: Allow next waiter lockless wakeup
* futex: Replace barrier() in unqueue_me() with READ_ONCE()
* locks: don't check for race with close when setting OFD lock
zswap: don't param_set_charp while holding spinlock
mm/zswap: use workqueue to destroy pool
* mm/page-writeback: fix dirty_ratelimit calculation
* mm/compaction: pass only pageblock aligned range to pageblock_pfn_to_page
* mm/compaction: fix invalid free_pfn and compact_cached_free_pfn
x86/acpi: Reduce code duplication in mp_override_legacy_irq()
ALSA: aloop: Fix racy hw constraints adjustment
ALSA: aloop: Fix inconsistent format due to incomplete rule
ALSA: aloop: Release cable upon open error path
ALSA: pcm: Allow aborting mutex lock at OSS read/write loops
ALSA: pcm: Abort properly at pending signal in OSS read/write loops
ALSA: pcm: Add missing error checks in OSS emulation plugin builder
* ALSA: pcm: Remove incorrect snd_BUG_ON() usages
iommu/arm-smmu-v3: Don't free page table ops twice
x86/acpi: Handle SCI interrupts above legacy space gracefully
x86/vsdo: Fix build on PARAVIRT_CLOCK=y, KVM_GUEST=n
kvm: vmx: Scrub hardware GPRs at VM-exit
net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y
MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses
MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET
MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA
MIPS: Consistently handle buffer counter with PTRACE_SETREGSET
MIPS: Guard against any partial write attempt with PTRACE_SETREGSET
MIPS: Factor out NT_PRFPREG regset access helpers
MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task
IB/srpt: Disable RDMA access by the initiator
can: gs_usb: fix return value of the "set_bittiming" callback
KVM: Fix stack-out-of-bounds read in write_mmio
* dm bufio: fix shrinker scans when (nr_to_scan < retain_target)
Linux 4.4.111
Fix build error in vma.c
Map the vsyscall page with _PAGE_USER
* proc: much faster /proc/vmstat
* module: Issue warnings when tainting kernel
* module: keep percpu symbols in module's symtab
* genksyms: Handle string literals with spaces in reference files
x86/tlb: Drop the _GPL from the cpu_tlbstate export
parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel
x86/microcode/AMD: Add support for fam17h microcode loading
Input: elantech - add new icbody type 15
ARC: uaccess: dont use "l" gcc inline asm constraint modifier
* kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal()
* kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals
* kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL
* kernel: make groups_sort calling a responsibility group_info allocators
fscache: Fix the default for fscache_maybe_release_page()
sunxi-rsb: Include OF based modalias in device uevent
crypto: pcrypt - fix freeing pcrypt instances
crypto: chacha20poly1305 - validate the digest size
crypto: n2 - cure use after free
kernel/acct.c: fix the acct->needcheck check in check_free_space()
x86/kasan: Write protect kasan zero shadow
Linux 4.4.110
kaiser: Set _PAGE_NX only if supported
x86/kasan: Clear kasan_zero_page after TLB flush
x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap
x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader
KPTI: Report when enabled
* KPTI: Rename to PAGE_TABLE_ISOLATION
x86/kaiser: Move feature detection up
kaiser: disabled on Xen PV
* x86/kaiser: Reenable PARAVIRT
x86/paravirt: Dont patch flush_tlb_single
kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
kaiser: asm/tlbflush.h handle noPGE at lower level
kaiser: drop is_atomic arg to kaiser_pagetable_walk()
kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
x86/kaiser: Check boottime cmdline params
x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
kaiser: add "nokaiser" boot option, using ALTERNATIVE
kaiser: fix unlikely error in alloc_ldt_struct()
kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls
kaiser: paranoid_entry pass cr3 need to paranoid_exit
kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user
kaiser: PCID 0 for kernel and 128 for user
kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user
kaiser: enhanced by kernel and user PCIDs
* kaiser: vmstat show NR_KAISERTABLE as nr_overhead
* kaiser: delete KAISER_REAL_SWITCH option
kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET
* kaiser: cleanups while trying for gold link
kaiser: kaiser_remove_mapping() move along the pgd
kaiser: tidied up kaiser_add/remove_mapping slightly
kaiser: tidied up asm/kaiser.h somewhat
kaiser: ENOMEM if kaiser_pagetable_walk() NULL
kaiser: fix perf crashes
kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER
* kaiser: KAISER depends on SMP
kaiser: fix build and FIXME in alloc_ldt_struct()
* kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE
kaiser: do not set _PAGE_NX on pgd_none
* kaiser: merged update
* KAISER: Kernel Address Isolation
x86/boot: Add early cmdline parsing for options with arguments
Linux 4.4.109
* mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP
* n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
x86/smpboot: Remove stale TLB flush invocations
* nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick()
* usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201
* USB: Fix off by one in type-specific length check of BOS SSP capability
* usb: add RESET_RESUME for ELSA MicroLink 56K
* usb: Add device quirk for Logitech HD Pro Webcam C925e
USB: serial: option: adding support for YUGA CLM920-NC5
USB: serial: option: add support for Telit ME910 PID 0x1101
USB: serial: qcserial: add Sierra Wireless EM7565
USB: serial: ftdi_sio: add id for Airbus DS P8GR
usbip: vhci: stop printing kernel pointer addresses in messages
usbip: stub: stop printing kernel pointer addresses in messages
usbip: fix usbip bind writing random string after command in match_busid
* sock: free skb in skb_complete_tx_timestamp on error
net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround
* net: Fix double free and memory corruption in get_net_ns_by_id()
* net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks
* ipv4: Fix use-after-free when flushing FIB tables
sctp: Replace use of sockets_allocated with specified macro.
net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case
* net: ipv4: fix for a race condition in raw_sendmsg
tg3: Fix rx hang on MTU change with 5717/5719
* tcp md5sig: Use skb's saddr when replying to an incoming segment
* net: reevalulate autoflowlabel setting after sysctl setting
net: qmi_wwan: add Sierra EM7565 1199:9091
* netlink: Add netns check on taps
* net: igmp: Use correct source address on IGMPv3 reports
* ipv6: mcast: better catch silly mtu values
* ipv4: igmp: guard against silly MTU values
* kbuild: add '-fno-stack-check' to kernel build options
x86/mm/64: Fix reboot interaction with CR4.PCIDE
x86/mm: Enable CR4.PCIDE on supported systems
x86/mm: Add the 'nopcid' boot option to turn off PCID
x86/mm: Disable PCID on 32-bit kernels
x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP code
x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
x86/mm: Make flush_tlb_mm_range() more predictable
x86/mm: Remove flush_tlb() and flush_tlb_current_task()
x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
ALSA: hda - fix headset mic detection issue on a Dell machine
ALSA: hda: Drop useless WARN_ON()
ASoC: twl4030: fix child-node lookup
ASoC: fsl_ssi: AC'97 ops need regmap, clock and cleaning up on failure
iw_cxgb4: Only validate the MSN for successful completions
* ring-buffer: Mask out the info bits when returning buffer page length
* tracing: Fix crash when it fails to alloc ring buffer
* tracing: Fix possible double free on failure of allocating trace buffer
* tracing: Remove extra zeroing out of the ring buffer page
net: mvneta: clear interface link status on port disable
powerpc/perf: Dereference BHRB entries safely
kvm: x86: fix RSM when PCID is non-zero
KVM: X86: Fix load RFLAGS w/o the fixed bit
spi: xilinx: Detect stall with Unknown commands
parisc: Hide Diva-built-in serial aux and graphics card
* PCI / PM: Force devices to D0 in pci_pm_thaw_noirq()
* ALSA: usb-audio: Fix the missing ctl name suffix at parsing SU
* ALSA: rawmidi: Avoid racy info ioctl via ctl device
mfd: twl6040: Fix child-node lookup
mfd: twl4030-audio: Fix sibling-node lookup
mfd: cros ec: spi: Don't send first message too soon
crypto: mcryptd - protect the per-CPU queue with a lock
ACPI: APEI / ERST: Fix missing error handling in erst_reader()
Linux 4.4.108
alpha: fix build failures
ALSA: hda - Fix yet another i915 pointer leftover in error path
ALSA: hda - Degrade i915 binding failure message
ALSA: hda - Clear the leftover component assignment at snd_hdac_i915_exit()
Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
MIPS: math-emu: Fix final emulation phase for certain instructions
thermal: hisilicon: Handle return value of clk_prepare_enable
* cpuidle: fix broadcast control when broadcast can not be entered
* rtc: set the alarm to the next expiring timer
tcp: fix under-evaluated ssthresh in TCP Vegas
fm10k: ensure we process SM mbx when processing VF mbx
scsi: lpfc: PLOGI failures during NPIV testing
scsi: lpfc: Fix secure firmware updates
PCI/AER: Report non-fatal errors only to the affected endpoint
ixgbe: fix use of uninitialized padding
igb: check memory allocation failure
PCI: Create SR-IOV virtfn/physfn links before attaching driver
scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive
scsi: cxgb4i: fix Tx skb leak
* PCI: Avoid bus reset if bridge itself is broken
net: phy: at803x: Change error to EINVAL for invalid MAC
rtc: pl031: make interrupt optional
crypto: crypto4xx - increase context and scatter ring buffer elements
backlight: pwm_bl: Fix overflow condition
bnxt_en: Fix NULL pointer dereference in reopen failure path
cpuidle: powernv: Pass correct drv->cpumask for registration
ARM: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory
* netfilter: nfnetlink_queue: fix secctx memory leak
* xhci: plat: Register shutdown for xhci_plat
isdn: kcapi: avoid uninitialized data
KVM: pci-assign: do not map smm memory slot pages in vt-d page tables
ARM: dts: am335x-evmsk: adjust mmc2 param to allow suspend
netfilter: nf_nat_snmp: Fix panic when snmp_trap_helper fails to register
netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table
irda: vlsi_ir: fix check for DMA mapping errors
RDMA/iser: Fix possible mr leak on device removal event
i40e: Do not enable NAPI on q_vectors that have no rings
* net: Do not allow negative values for busy_read and busy_poll sysctl interfaces
bna: avoid writing uninitialized data into hw registers
s390/qeth: no ETH header for outbound AF_IUCV
* r8152: prevent the driver from transmitting packets with carrier off
* HID: xinmo: fix for out of range for THT 2P arcade controller.
hwmon: (asus_atk0110) fix uninitialized data access
ARM: dts: ti: fix PCI bus dtc warnings
KVM: VMX: Fix enable VPID conditions
KVM: x86: correct async page present tracepoint
scsi: lpfc: Fix PT2PT PRLI reject
pinctrl: st: add irq_request/release_resources callbacks
* inet: frag: release spinlock before calling icmp_send()
netfilter: nfnl_cthelper: Fix memory leak
netfilter: nfnl_cthelper: fix runtime expectation policy updates
usb: gadget: udc: remove pointer dereference after free
usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed
net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4
bna: integer overflow bug in debugfs
sch_dsmark: fix invalid skb_cow() usage
* crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex
* r8152: fix the list rx_done may be used without initialization
* cpuidle: Validate cpu_dev in cpuidle_add_sysfs()
arm: kprobes: Align stack to 8-bytes in test code
arm: kprobes: Fix the return address of multiple kretprobes
ALSA: hda - add support for docking station for HP 840 G3
ALSA: hda - add support for docking station for HP 820 G2
x86/irq: Do not substract irq_tlb_count from irq_call_count
* sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
ARM: Hide finish_arch_post_lock_switch() from modules
x86/mm, sched/core: Turn off IRQs in switch_mm()
x86/mm, sched/core: Uninline switch_mm()
x86/mm: Build arch/x86/mm/tlb.c even on !SMP
* sched/core: Add switch_mm_irqs_off() and use it in the scheduler
* mm/mmu_context, sched/core: Fix mmu_context.h assumption
* mm/rmap: batched invalidations should use existing api
x86/mm: If INVPCID is available, use it to flush global mappings
x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
x86/mm: Fix INVPCID asm constraint
x86/mm: Add INVPCID helpers
cxl: Check if vphb exists before iterating over AFU devices
* arm64: Initialise high_memory global variable earlier
Linux 4.4.107
ath9k: fix tx99 potential info leak
IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop
RDMA/cma: Avoid triggering undefined behavior
macvlan: Only deliver one copy of the frame to the macvlan interface
udf: Avoid overflow when session starts at large offset
scsi: bfa: integer overflow in debugfs
* scsi: sd: change allow_restart to bool in sysfs interface
* scsi: sd: change manage_start_stop to bool in sysfs interface
vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend
* scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry
raid5: Set R5_Expanded on parity devices as well as data.
* pinctrl: adi2: Fix Kconfig build problem
usb: musb: da8xx: fix babble condition handling
* tty fix oops when rmmod 8250
powerpc/perf/hv-24x7: Fix incorrect comparison in memord
scsi: hpsa: destroy sas transport properties before scsi_host
scsi: hpsa: cleanup sas_phy structures in sysfs when unloading
* PCI: Detach driver before procfs & sysfs teardown on device remove
xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real
xfs: fix log block underflow during recovery cycle verification
* l2tp: cleanup l2tp_tunnel_delete calls
bcache: fix wrong cache_misses statistics
bcache: explicitly destroy mutex while exiting
GFS2: Take inode off order_write list when setting jdata flag
* thermal/drivers/step_wise: Fix temperature regulation misbehavior
* ppp: Destroy the mutex when cleanup
clk: tegra: Fix cclk_lp divisor register
clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU
clk: mediatek: add the option for determining PLL source clock
* mm: Handle 0 flags in _calc_vm_trans() macro
crypto: tcrypt - fix buffer lengths in test_aead_speed()
arm-ccn: perf: Prevent module unload while PMU is in use
target/file: Do not return error for UNMAP if length is zero
target:fix condition return in core_pr_dump_initiator_port()
iscsi-target: fix memory leak in lio_target_tiqn_addtpg()
target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd()
powerpc/ipic: Fix status get and status clear
powerpc/opal: Fix EBUSY bug in acquiring tokens
netfilter: ipvs: Fix inappropriate output of procfs
powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo
PCI/PME: Handle invalid data when reading Root Status
dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type
rtc: pcf8563: fix output clock rate
video: fbdev: au1200fb: Return an error code if a memory allocation fails
video: fbdev: au1200fb: Release some resources if a memory allocation fails
video: udlfb: Fix read EDID timeout
fbdev: controlfb: Add missing modes to fix out of bounds access
sfc: don't warn on successful change of MAC
target: fix race during implicit transition work flushes
target: fix ALUA transition timeout handling
target: Use system workqueue for ALUA transitions
btrfs: add missing memset while reading compressed inline extents
NFSv4.1 respect server's max size in CREATE_SESSION
* efi/esrt: Cleanup bad memory map log messages
perf symbols: Fix symbols__fixup_end heuristic for corner cases
net/mlx4_core: Avoid delays during VF driver device shutdown
afs: Fix afs_kill_pages()
afs: Fix page leak in afs_write_begin()
afs: Populate and use client modification time
afs: Fix the maths in afs_fs_store_data()
afs: Prevent callback expiry timer overflow
afs: Migrate vlocation fields to 64-bit
afs: Flush outstanding writes when an fd is closed
afs: Adjust mode bits processing
afs: Populate group ID from vnode status
afs: Fix missing put_page()
drm/radeon: reinstate oland workaround for sclk
mmc: mediatek: Fixed bug where clock frequency could be set wrong
* sched/deadline: Use deadline instead of period when calculating overflow
* sched/deadline: Throttle a constrained deadline task activated after the deadline
* sched/deadline: Make sure the replenishment timer fires in the next period
drm/radeon/si: add dpm quirk for Oland
fjes: Fix wrong netdevice feature flags
scsi: hpsa: limit outstanding rescans
scsi: hpsa: update check for logical volume status
openrisc: fix issue handling 8 byte get_user calls
intel_th: pci: Add Gemini Lake support
mlxsw: reg: Fix SPVMLR max record count
mlxsw: reg: Fix SPVM max record count
* net: Resend IGMP memberships upon peer notification.
* dmaengine: Fix array index out of bounds warning in __get_unmap_pool()
net: wimax/i2400m: fix NULL-deref at probe
* writeback: fix memory leak in wb_queue_work()
netfilter: bridge: honor frag_max_size when refragmenting
drm/omap: fix dmabuf mmap for dma_alloc'ed buffers
Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list
NFSD: fix nfsd_reset_versions for NFSv4.
NFSD: fix nfsd_minorversion(.., NFSD_AVAIL)
net: bcmgenet: Power up the internal PHY before probing the MII
net: bcmgenet: power down internal phy if open or resume fails
net: bcmgenet: reserved phy revisions must be checked first
net: bcmgenet: correct MIB access of UniMAC RUNT counters
net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values
* net: initialize msg.msg_flags in recvfrom
userfaultfd: selftest: vm: allow to build in vm/ directory
userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE
md-cluster: free md_cluster_info if node leave cluster
usb: phy: isp1301: Add OF device ID table
mac80211: Fix addition of mesh configuration element
* KEYS: add missing permission check for request_key() destination
* ext4: fix crash when a directory's i_size is too small
* ext4: fix fdatasync(2) after fallocate(2) operation
dmaengine: dmatest: move callback wait queue to thread context
* sched/rt: Do not pull from current CPU if only one CPU to pull
* xhci: Don't add a virt_dev to the devs array before it's fully allocated
Bluetooth: btusb: driver to enable the usb-wakeup feature
ceph: drop negative child dentries before try pruning inode's alias
usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
* USB: core: prevent malicious bNumInterfaces overflow
* USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID
* tracing: Allocate mask_str buffer dynamically
autofs: fix careless error in recent commit
crypto: salsa20 - fix blkcipher_walk API usage
* crypto: hmac - require that the underlying hash algorithm is unkeyed
Linux 4.4.106
* usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping
arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one
Revert "x86/mm/pat: Ensure cpa->pfn only contains page frame numbers"
Revert "x86/efi: Hoist page table switching code into efi_call_virt()"
Revert "x86/efi: Build our own page table structures"
* net/packet: fix a race in packet_bind() and packet_notifier()
* packet: fix crash in fanout_demux_rollover()
* sit: update frag_off info
rds: Fix NULL pointer dereference in __rds_rdma_map
tipc: fix memory leak in tipc_accept_from_sock()
* more bio_map_user_iov() leak fixes
s390: always save and restore all registers on context switch
ipmi: Stop timers before cleaning up the module
* audit: ensure that 'audit=1' actually enables audit for PID 1
ipvlan: fix ipv6 outbound device
afs: Connect up the CB.ProbeUuid
IB/mlx5: Assign send CQ and recv CQ of UMR QP
IB/mlx4: Increase maximal message size under UD QP
* xfrm: Copy policy family in clone_policy
* jump_label: Invoke jump_label_test() via early_initcall()
atm: horizon: Fix irq release error
sctp: use the right sk after waking up from wait_buf sleep
sctp: do not free asoc when it is already dead in sctp_sendmsg
sparc64/mm: set fields in deferred pages
* block: wake up all tasks blocked in get_request()
sunrpc: Fix rpc_task_begin trace point
NFS: Fix a typo in nfs_rename()
* dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0
* lib/genalloc.c: make the avail variable an atomic_long_t
* route: update fnhe_expires for redirect when the fnhe exists
* route: also update fnhe_genid when updating a route cache
mac80211_hwsim: Fix memory leak in hwsim_new_radio_nl()
* kbuild: pkg: use --transform option to prefix paths in tar
EDAC, i5000, i5400: Fix definition of NRECMEMB register
EDAC, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro
powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested
drm/amd/amdgpu: fix console deadlock if late init failed
axonram: Fix gendisk handling
* netfilter: don't track fragmented packets
* zram: set physical queue limits to avoid array out of bounds accesses
i2c: riic: fix restart condition
crypto: s5p-sss - Fix completing crypto request in IRQ handler
* ipv6: reorder icmpv6_init() and ip6_mr_init()
bnx2x: do not rollback VF MAC/VLAN filters we did not configure
bnx2x: fix possible overrun of VFPF multicast addresses array
bnx2x: prevent crash when accessing PTP with interface down
spi_ks8995: fix "BUG: key accdaa28 not in .data!"
arm64: KVM: Survive unknown traps from guests
arm: KVM: Survive unknown traps from guests
KVM: nVMX: reset nested_run_pending if the vCPU is going to be reset
irqchip/crossbar: Fix incorrect type of register size
scsi: lpfc: Fix crash during Hardware error recovery on SLI3 adapters
* workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq
libata: drop WARN from protocol error in ata_sff_qc_issue()
kvm: nVMX: VMCLEAR should not cause the vCPU to shut down
USB: gadgetfs: Fix a potential memory leak in 'dev_config()'
* usb: gadget: configs: plug memory leak
* HID: chicony: Add support for another ASUS Zen AiO keyboard
gpio: altera: Use handle_level_irq when configured as a level_high
ARM: OMAP2+: Release device node after it is no longer needed.
ARM: OMAP2+: Fix device node reference counts
* module: set __jump_table alignment to 8
selftest/powerpc: Fix false failures for skipped tests
x86/hpet: Prevent might sleep splat on resume
ARM: OMAP2+: gpmc-onenand: propagate error on initialization failure
* vti6: Don't report path MTU below IPV6_MIN_MTU.
Revert "s390/kbuild: enable modversions for symbols exported from asm"
* Revert "spi: SPI_FSL_DSPI should depend on HAS_DMA"
* Revert "drm/armada: Fix compile fail"
* mm: drop unused pmdp_huge_get_and_clear_notify()
thp: fix MADV_DONTNEED vs. numa balancing race
thp: reduce indentation level in change_huge_pmd()
scsi: storvsc: Workaround for virtual DVD SCSI version
ARM: avoid faulting on qemu
ARM: BUG if jumping to usermode address in kernel mode
* arm64: fpsimd: Prevent registers leaking from dead tasks
KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
* arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one
media: dvb: i2c transfers over usb cannot be done from stack
drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU
drm: extra printk() wrapper macros
kdb: Fix handling of kallsyms_symbol_next() return value
s390: fix compat system call table
iommu/vt-d: Fix scatterlist offset handling
* ALSA: usb-audio: Add check return value for usb_string()
* ALSA: usb-audio: Fix out-of-bound error
ALSA: seq: Remove spurious WARN_ON() at timer check
* ALSA: pcm: prevent UAF in snd_pcm_info
x86/PCI: Make broadcom_postcore_init() check acpi_disabled
* X.509: reject invalid BIT STRING for subjectPublicKey
* ASN.1: check for error from ASN1_OP_END__ACT actions
* ASN.1: fix out-of-bounds read when parsing indefinite length item
* efi: Move some sysfs files to be read-only by root
scsi: libsas: align sata_device's rps_resp on a cacheline
isa: Prevent NULL dereference in isa_bus driver callbacks
hv: kvp: Avoid reading past allocated blocks from KVP file
virtio: release virtio index when fail to device_register
can: usb_8dev: cancel urb on -EPIPE and -EPROTO
can: esd_usb2: cancel urb on -EPIPE and -EPROTO
can: ems_usb: cancel urb on -EPIPE and -EPROTO
can: kvaser_usb: cancel urb on -EPIPE and -EPROTO
can: kvaser_usb: ratelimit errors if incomplete messages are received
can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback()
can: kvaser_usb: free buf in error paths
can: ti_hecc: Fix napi poll return value for repoll
Linux 4.4.105
xen-netfront: avoid crashing on resume after a failure in talk_to_netback()
usb: host: fix incorrect updating of offset
* USB: usbfs: Filter flags passed in from user space
* USB: devio: Prevent integer overflow in proc_do_submiturb()
* USB: Increase usbfs transfer limit
* USB: core: Add type-specific length check of BOS descriptors
* usb: ch9: Add size macro for SSP dev cap descriptor
* usb: Add USB 3.1 Precision time measurement capability descriptor support
* usb: xhci: fix panic in xhci_free_virt_devices_depth_first
* usb: hub: Cycle HUB power when initialization fails
Revert "ocfs2: should wait dio before inode lock in ocfs2_setattr()"
net: fec: fix multicast filtering hardware setup
xen-netfront: Improve error handling during initialization
* mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers
* tcp: correct memory barrier usage in tcp_check_space()
dmaengine: pl330: fix double lock
tipc: fix cleanup at module unload
net: sctp: fix array overrun read on sctp_timer_tbl
drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement
NFSv4: Fix client recovery when server reboots multiple times
KVM: arm/arm64: Fix occasional warning from the timer work function
nfs: Don't take a reference on fl->fl_file for LOCK operation
ravb: Remove Rx overflow log messages
net/appletalk: Fix kernel memory disclosure
* vti6: fix device register to report IFLA_INFO_KIND
ARM: OMAP1: DMA: Correct the number of logical channels
net: systemport: Pad packet before inserting TSB
net: systemport: Utilize skb_put_padto()
kprobes/x86: Disable preemption in ftrace-based jprobes
perf test attr: Fix ignored test case result
* sysrq : fix Show Regs call trace on ARM
EDAC, sb_edac: Fix missing break in switch
x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X
usb: phy: tahvo: fix error handling in tahvo_usb_probe()
spi: sh-msiof: Fix DMA transfer size check
serial: 8250_fintek: Fix rs485 disablement on invalid ioctl()
selftests/x86/ldt_get: Add a few additional tests for limits
s390/pci: do not require AIS facility
ima: fix hash algorithm initialization
USB: serial: option: add Quectel BG96 id
s390/runtime instrumentation: simplify task exit handling
serial: 8250_pci: Add Amazon PCI serial device ID
* usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub
uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices
bcache: recover data from backing when data is clean
bcache: only permit to recovery read error when cache device is clean
Linux 4.4.104
nfsd: Fix another OPEN stateid race
nfsd: Fix stateid races between OPEN and CLOSE
nfsd: Make init_open_stateid() a bit more whole
drm/i915: Prevent zero length "index" write
drm/i915: Don't try indexed reads to alternate slave addresses
NFS: revalidate "." etc correctly on "open".
mtd: nand: Fix writing mtdoops to nand flash.
drm/panel: simple: Add missing panel_simple_unprepare() calls
drm/radeon: fix atombios on big endian
Revert "drm/radeon: dont switch vt on suspend"
bcache: Fix building error on MIPS
eeprom: at24: check at24_read/write arguments
mmc: core: Do not leave the block driver in a suspended state
KVM: x86: inject exceptions produced by x86_decode_insn
KVM: x86: Exit to user-mode on #UD intercept when emulator requires
KVM: x86: pvclock: Handle first-time write to pvclock-page contains random junk
btrfs: clear space cache inode generation always
* mm/madvise.c: fix madvise() infinite loop under special circumstances
mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
x86/efi-bgrt: Replace early_memremap() with memremap()
* x86/efi-bgrt: Fix kernel panic when mapping BGRT data
ARM: dts: omap3: logicpd-torpedo-37xx-devkit: Fix MMC1 cd-gpio
x86/efi: Build our own page table structures
x86/efi: Hoist page table switching code into efi_call_virt()
x86/mm/pat: Ensure cpa->pfn only contains page frame numbers
* ipsec: Fix aborted xfrm policy dump crash
* netlink: add a start callback for starting a netlink dump
Linux 4.4.103
Revert "sctp: do not peel off an assoc from one netns to another one"
xen: xenbus driver must not accept invalid transaction ids
s390/kbuild: enable modversions for symbols exported from asm
ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data
btrfs: return the actual error value from from btrfs_uuid_tree_iterate
ASoC: rsnd: don't double free kctrl
netfilter: nf_tables: fix oob access
netfilter: nft_queue: use raw_smp_processor_id()
* spi: SPI_FSL_DSPI should depend on HAS_DMA
staging: iio: cdc: fix improper return value
iio: light: fix improper return value
mac80211: Suppress NEW_PEER_CANDIDATE event if no room
mac80211: Remove invalid flag operations in mesh TSF synchronization
drm: Apply range restriction after color adjustment when allocation
ALSA: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE
ath10k: set CTS protection VDEV param only if VDEV is up
ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats()
ath10k: ignore configuring the incorrect board_id
ath10k: fix incorrect txpower set by P2P_DEVICE interface
* drm/armada: Fix compile fail
net: 3com: typhoon: typhoon_init_one: fix incorrect return values
net: 3com: typhoon: typhoon_init_one: make return values more specific
* net: Allow IP_MULTICAST_IF to set index to L3 slave
dmaengine: zx: set DMA_CYCLIC cap_mask bit
* PCI: Apply _HPX settings only to relevant devices
RDS: RDMA: return appropriate error on rdma map failures
e1000e: Separate signaling for link check/link up
e1000e: Fix return value test
e1000e: Fix error path in link detection
* PM / OPP: Add missing of_node_put(np)
net/9p: Switch to wait_event_killable()
* fscrypt: lock mutex before checking for bounce page pool
* sched/rt: Simplify the IPI based RT balancing logic
* media: v4l2-ctrl: Fix flags field on Control events
cx231xx-cards: fix NULL-deref on missing association descriptor
media: rc: check for integer overflow
media: Don't do DMA on stack for firmware upload in the AS102 driver
powerpc/signal: Properly handle return value from uprobe_deny_signal()
parisc: Fix validity check of pointer size argument in new CAS implementation
ixgbe: Fix skb list corruption on Power systems
fm10k: Use smp_rmb rather than read_barrier_depends
i40evf: Use smp_rmb rather than read_barrier_depends
ixgbevf: Use smp_rmb rather than read_barrier_depends
igbvf: Use smp_rmb rather than read_barrier_depends
igb: Use smp_rmb rather than read_barrier_depends
i40e: Use smp_rmb rather than read_barrier_depends
NFC: fix device-allocation error return
IB/srp: Avoid that a cable pull can trigger a kernel crash
IB/srpt: Do not accept invalid initiator port names
libnvdimm, namespace: make 'resource' attribute only readable by root
libnvdimm, namespace: fix label initialization to use valid seq numbers
clk: ti: dra7-atl-clock: fix child-node lookups
clk: ti: dra7-atl-clock: Fix of_node reference counting
SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status
KVM: SVM: obey guest PAT
KVM: nVMX: set IDTR and GDTR limits when loading L1 host state
target: Fix QUEUE_FULL + SCSI task attribute handling
iscsi-target: Fix non-immediate TMR reference leak
fs/9p: Compare qid.path in v9fs_test_inode
fix a page leak in vhost_scsi_iov_to_sgl() error recovery
ALSA: hda/realtek - Fix ALC700 family no sound issue
* ALSA: timer: Remove kernel warning at compat ioctl error paths
* ALSA: usb-audio: Add sanity checks in v2 clock parsers
* ALSA: usb-audio: Fix potential out-of-bound access at parsing SU
* ALSA: usb-audio: Add sanity checks to FE parser
* ALSA: pcm: update tstamp only if audio_tstamp changed
* ext4: fix interaction between i_size, fallocate, and delalloc after a crash
ata: fixes kernel crash while tracing ata_eh_link_autopsy event
rtlwifi: fix uninitialized rtlhal->last_suspend_sec time
rtlwifi: rtl8192ee: Fix memory leak when loading firmware
nfsd: deal with revoked delegations appropriately
nfs: Fix ugly referral attributes
NFS: Fix typo in nomigration mount option
isofs: fix timestamps beyond 2027
bcache: check ca->alloc_thread initialized before wake up it
eCryptfs: use after free in ecryptfs_release_messaging()
nilfs2: fix race condition that causes file system corruption
autofs: don't fail mount for transient error
MIPS: BCM47XX: Fix LED inversion for WRT54GSv1
MIPS: Fix an n32 core file generation regset support regression
* dm: fix race between dm_get_from_kobject() and __dm_destroy()
* dm bufio: fix integer overflow when limiting maximum cache size
ALSA: hda: Add Raven PCI ID
MIPS: ralink: Fix typo in mt7628 pinmux function
MIPS: ralink: Fix MT7628 pinmux
ARM: 8721/1: mm: dump: check hardware RO bit for LPAE
ARM: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE
x86/decoder: Add new TEST instruction pattern
* lib/mpi: call cond_resched() from mpi_powm() loop
* sched: Make resched_cpu() unconditional
vsock: use new wait API for vsock_stream_sendmsg()
AF_VSOCK: Shrink the area influenced by prepare_to_wait
* ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER
s390/disassembler: increase show_code buffer size
s390/disassembler: add missing end marker for e7 table
s390/runtime instrumention: fix possible memory corruption
s390: fix transactional execution control register handling
Linux 4.4.102
mm, hwpoison: fixup "mm: check the return value of lookup_page_ext for all call sites"
Linux 4.4.101
* mm/pagewalk.c: report holes in hugetlb ranges
mm/page_ext.c: check if page_ext is not prepared
* mm: check the return value of lookup_page_ext for all call sites
coda: fix 'kernel memory exposure attempt' in fsync
* mm/page_alloc.c: broken deferred calculation
ipmi: fix unsigned long underflow
ocfs2: should wait dio before inode lock in ocfs2_setattr()
nvme: Fix memory order on async queue deletion
* arm64: fix dump_instr when PAN and UAO are in use
serial: omap: Fix EFR write on RTS deassertion
ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
net/sctp: Always set scope_id in sctp_inet6_skb_msgname
fealnx: Fix building error on MIPS
sctp: do not peel off an assoc from one netns to another one
* af_netlink: ensure that NLMSG_DONE never fails in dumps
vlan: fix a use-after-free in vlan_device_event()
* bonding: discard lowest hash bit for 802.3ad layer3+4
* netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
* tcp: do not mangle skb->cb[] in tcp_make_synack()
Linux 4.4.100
USB: serial: garmin_gps: fix memory leak on probe errors
USB: serial: garmin_gps: fix I/O after failed probe and remove
USB: serial: qcserial: add pid/vid for Sierra Wireless EM7355 fw update
* USB: Add delay-init quirk for Corsair K70 LUX keyboards
* USB: usbfs: compute urb->actual_length for isochronous
uapi: fix linux/rds.h userspace compilation errors
uapi: fix linux/rds.h userspace compilation error
Revert "uapi: fix linux/rds.h userspace compilation errors"
* Revert "crypto: xts - Add ECB dependency"
MIPS: Netlogic: Exclude netlogic,xlp-pic code from XLR builds
MIPS: init: Ensure reserved memory regions are not added to bootmem
MIPS: init: Ensure bootmem does not corrupt reserved memory
* mm: add PHYS_PFN, use it in __phys_to_pfn()
MIPS: End asm function prologue macros with .insn
staging: rtl8712: fixed little endian problem
ixgbe: do not disable FEC from the driver
ixgbe: add mask for 64 RSS queues
ixgbe: Reduce I2C retry count on X550 devices
ixgbe: handle close/suspend race with netif_device_detach/present
ixgbe: fix AER error handling
arm64: dts: NS2: reserve memory for Nitro firmware
ALSA: hda/realtek - Add new codec ID ALC299
gpu: drm: mgag200: mgag200_main:- Handle error from pci_iomap
backlight: adp5520: Fix error handling in adp5520_bl_probe()
backlight: lcd: Fix race condition during register
ALSA: vx: Fix possible transfer overflow
ALSA: vx: Don't try to update capture stream before running
scsi: lpfc: Clear the VendorVersion in the PLOGI/PLOGI ACC payload
scsi: lpfc: Correct issue leading to oops during link reset
scsi: lpfc: Correct host name in symbolic_name field
scsi: lpfc: FCoE VPort enable-disable does not bring up the VPort
scsi: lpfc: Add missing memory barrier
staging: rtl8188eu: fix incorrect ERROR tags from logs
* scsi: ufs: add capability to keep auto bkops always enabled
* scsi: ufs-qcom: Fix module autoload
igb: Fix hw_dbg logging in igb_update_flash_i210
igb: close/suspend race in netif_device_detach
igb: reset the PHY before reading the PHY ID
drm/sti: sti_vtg: Handle return NULL error from devm_ioremap_nocache
* ata: SATA_MV should depend on HAS_DMA
* ata: SATA_HIGHBANK should depend on HAS_DMA
* ata: ATA_BMDMA should depend on HAS_DMA
ARM: dts: Fix omap3 off mode pull defines
ARM: OMAP2+: Fix init for multiple quirks for the same SoC
ARM: dts: Fix am335x and dm814x scm syscon to probe children
ARM: dts: Fix compatible for ti81xx uarts for 8250
fm10k: request reset when mbx->state changes
extcon: palmas: Check the parent instance to prevent the NULL
dmaengine: dmatest: warn user when dma test times out
Bluetooth: btusb: fix QCA Rome suspend/resume
arm: crypto: reduce priority of bit-sliced AES cipher
net: qmi_wwan: fix divide by 0 on bad descriptors
* net: cdc_ether: fix divide by 0 on bad descriptors
sctp: do not peel off an assoc from one netns to another one
xen-blkback: don't leak stack data via response ring
bpf: don't let ldimm64 leak map addresses on unprivileged
KVM: x86: fix singlestepping over syscall
* ext4: fix data exposure after a crash
media: dib0700: fix invalid dvb_detach argument
media: imon: Fix null-ptr-deref in imon_probe
Linux 4.4.99
misc: panel: properly restore atomic counter on error path
target: Fix node_acl demo-mode + uncached dynamic shutdown regression
target/iscsi: Fix iSCSI task reassignment handling
brcmfmac: remove setting IBSS mode when stopping AP
tipc: fix link attribute propagation bug
* security/keys: add CONFIG_KEYS_COMPAT to Kconfig
* tcp/dccp: fix other lockdep splats accessing ireq_opt
* tcp/dccp: fix lockdep splat in inet_csk_route_req()
* tcp/dccp: fix ireq->opt races
ipip: only increase err_count for some certain type icmp in ipip_err
* ppp: fix race in ppp device destruction
sctp: reset owner sk for data chunks on out queues when migrating a sock
* tun: allow positive return values on dev_get_valid_name() call
ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err
net/unix: don't show information about sockets from other namespaces
* ipv6: flowlabel: do not leave opt->tot_len with garbage
* packet: avoid panic in packet_getsockopt()
sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect
* tun: call dev_get_valid_name() before register_netdevice()
* l2tp: check ps->sock before running pppol2tp_session_ioctl()
* tcp: fix tcp_mtu_probe() vs highest_sack
* tun/tap: sanitize TUNSETSNDBUF input
ALSA: seq: Cancel pending autoload work at unbinding device
Input: ims-psu - check if CDC union descriptor is sane
usb: usbtest: fix NULL pointer dereference
mac80211: don't compare TKIP TX MIC key in reinstall prevention
mac80211: use constant time comparison with keys
mac80211: accept key reinstall without changing anything
Linux 4.4.98
* PKCS#7: fix unitialized boolean 'want'
x86/oprofile/ppro: Do not use __this_cpu*() in preemptible context
can: c_can: don't indicate triple sampling support for D_CAN
can: sun4i: handle overrun in RX FIFO
rbd: use GFP_NOIO for parent stat and data requests
drm/vmwgfx: Fix Ubuntu 17.10 Wayland black screen issue
Input: elan_i2c - add ELAN060C to the ACPI table
MIPS: AR7: Ensure that serial ports are properly set up
MIPS: AR7: Defer registration of GPIO
tools: firmware: check for distro fallback udev cancel rule
selftests: firmware: send expected errors to /dev/null
selftests: firmware: add empty string and async tests
test: firmware_class: report errors properly on failure
MIPS: SMP: Fix deadlock & online race
MIPS: Fix race on setting and getting cpu_online_mask
MIPS: SMP: Use a completion event to signal CPU up
MIPS: Fix CM region target definitions
MIPS: microMIPS: Fix incorrect mask in insn_table_MM
ALSA: seq: Avoid invalid lockdep class warning
ALSA: seq: Fix OSS sysex delivery in OSS emulation
ARM: 8720/1: ensure dump_instr() checks addr_limit
* KEYS: fix NULL pointer dereference during ASN.1 parsing [ver #2]
crypto: x86/sha1-mb - fix panic due to unaligned access
* workqueue: Fix NULL pointer dereference
* x86/uaccess, sched/preempt: Verify access_ok() context
platform/x86: hp-wmi: Do not shadow error values
platform/x86: hp-wmi: Fix error value for hp_wmi_tablet_state
KEYS: trusted: fix writing past end of buffer in trusted_read()
KEYS: trusted: sanitize all key material
* cdc_ncm: Set NTB format again after altsetting switch for Huawei devices
platform/x86: hp-wmi: Fix detection for dock and tablet mode
* net: dsa: select NET_SWITCHDEV
s390/qeth: issue STARTLAN as first IPA command
IB/ipoib: Change list_del to list_del_init in the tx object
Input: mpr121 - set missing event capability
Input: mpr121 - handle multiple bits change of status register
* IPsec: do not ignore crypto err in ah4 input
netfilter: nft_meta: deal with PACKET_LOOPBACK in netdev family
* usb: hcd: initialize hcd->flags to 0 when rm hcd
serial: sh-sci: Fix register offsets for the IRDA serial port
* phy: increase size of MII_BUS_ID_SIZE and bus_id
iio: trigger: free trigger resource correctly
crypto: vmx - disable preemption to enable vsx in aes_ctr.c
ARM: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6
powerpc/corenet: explicitly disable the SDHC controller on kmcoge4
iommu/arm-smmu-v3: Clear prior settings when updating STEs
KVM: PPC: Book 3S: XICS: correct the real mode ICP rejecting counter
drm: drm_minor_register(): Clean up debugfs on failure
xen/netback: set default upper limit of tx/rx queues to 8
PCI: mvebu: Handle changes to the bridge windows while enabled
video: fbdev: pmag-ba-fb: Remove bad `__init' annotation
adv7604: Initialize drive strength to default when using DT
Linux 4.4.97
staging: r8712u: Fix Sparse warning in rtl871x_xmit.c
xen: don't print error message in case of missing Xenstore entry
bt8xx: fix memory leak
s390/dasd: check for device error pointer within state change interrupts
mei: return error on notification request to a disconnected client
exynos4-is: fimc-is: Unmap region obtained by of_iomap()
staging: lustre: ptlrpc: skip lock if export failed
staging: lustre: hsm: stack overrun in hai_dump_data_field
staging: lustre: llite: don't invoke direct_IO for the EOF case
platform/x86: intel_mid_thermal: Fix module autoload
scsi: aacraid: Process Error for response I/O
xen/manage: correct return value check on xenbus_scanf()
cx231xx: Fix I2C on Internal Master 3 Bus
perf tools: Only increase index if perf_evsel__new_idx() succeeds
drm/amdgpu: when dpm disabled, also need to stop/start vce.
i2c: riic: correctly finish transfers
* ext4: do not use stripe_width if it is not set
* ext4: fix stripe-unaligned allocations
staging: rtl8712u: Fix endian settings for structs describing network packets
mfd: axp20x: Fix axp288 PEK_DBR and PEK_DBF irqs being swapped
mfd: ab8500-sysctrl: Handle probe deferral
ARM: pxa: Don't rely on public mmc header to include leds.h
mmc: s3cmci: include linux/interrupt.h for tasklet_struct
* PM / wakeirq: report a wakeup_event on dedicated wekup irq
Fix tracing sample code warning.
tracing/samples: Fix creation and deletion of simple_thread_fn creation
drm/msm: fix an integer overflow test
drm/msm: Fix potential buffer overflow issue
perf tools: Fix build failure on perl script context
ocfs2: fstrim: Fix start offset of first cluster group during fstrim
ARM: 8715/1: add a private asm/unaligned.h
ARM: dts: mvebu: pl310-cache disable double-linefill
* arm64: ensure __dump_instr() checks addr_limit
ASoC: adau17x1: Workaround for noise bug in ADC
* KEYS: fix out-of-bounds read during ASN.1 parsing
* KEYS: return full count in keyring_read() if buffer is too small
cifs: check MaxPathNameComponentLength != 0 before using it
ALSA: seq: Fix nested rwsem annotation for lockdep splat
* ALSA: timer: Add missing mutex lock for compat ioctls
Linux 4.4.96
Revert "drm: bridge: add DT bindings for TI ths8135"
* ecryptfs: fix dereference of NULL user_key_payload
x86/microcode/intel: Disable late loading on model 79
regulator: fan53555: fix I2C device ids
can: kvaser_usb: Ignore CMD_FLUSH_QUEUE_REPLY messages
can: kvaser_usb: Correct return value in printout
can: sun4i: fix loopback mode
* scsi: sg: Re-fix off by one in sg_fill_request_table()
scsi: zfcp: fix erp_action use-before-initialize in REC action trace
* assoc_array: Fix a buggy node-splitting case
Input: gtco - fix potential out-of-bound access
Input: elan_i2c - add ELAN0611 to the ACPI table
xen/gntdev: avoid out of bounds access in case of partial gntdev_mmap()
* fuse: fix READDIRPLUS skipping an entry
* spi: uapi: spidev: add missing ioctl header
* usb: xhci: Handle error condition in xhci_stop_device()
ceph: unlock dangling spinlock in try_flush_caps()
ALSA: hda - fix headset mic problem for Dell machines with alc236
ALSA: hda/realtek - Add support for ALC236/ALC3204
* workqueue: replace pool->manager_arb mutex with a flag
Linux 4.4.95
FS-Cache: fix dereference of NULL user_key_payload
fscrypto: require write access to mount to set encryption policy
* KEYS: Fix race between updating and finding a negative key
* fscrypt: fix dereference of NULL user_key_payload
f2fs crypto: add missing locking for keyring_key access
f2fs crypto: replace some BUG_ON()'s with error checks
sched/autogroup: Fix autogroup_move_group() to never skip sched_move_task()
parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
parisc: Avoid trashing sr2 and sr3 in LWS code
* pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
* KEYS: don't let add_key() update an uninstantiated key
lib/digsig: fix dereference of NULL user_key_payload
KEYS: encrypted: fix dereference of NULL user_key_payload
rtlwifi: rtl8821ae: Fix connection lost problem
clockevents/drivers/cs5535: Improve resilience to spurious interrupts
bus: mbus: fix window size calculation for 4GB windows
brcmsmac: make some local variables 'static const' to reduce stack size
i2c: ismt: Separate I2C block read from SMBus block read
ALSA: hda: Remove superfluous '-' added by printk conversion
ALSA: seq: Enable 'use' locking in all configurations
drm/nouveau/mmu: flush tlbs before deleting page tables
drm/nouveau/bsp/g92: disable by default
can: esd_usb2: Fix can_dlc value for received RTR, frames
usb: musb: Check for host-mode using is_host_active() on reset interrupt
usb: musb: sunxi: Explicitly release USB PHY on exit
can: gs_usb: fix busy loop if no more TX context is available
* ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
* usb: hub: Allow reset retry for USB2 devices on connect bounce
* usb: quirks: add quirk for WORLDE MINI MIDI keyboard
usb: cdc_acm: Add quirk for Elatec TWN3
USB: serial: metro-usb: add MS7820 device id
* USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
* USB: devio: Revert "USB: devio: Don't corrupt user memory"
Linux 4.4.94
Revert "tty: goldfish: Fix a parameter of a call to free_irq"
* cpufreq: CPPC: add ACPI_PROCESSOR dependency
nfsd/callback: Cleanup callback cred on shutdown
target/iscsi: Fix unsolicited data seq_end_offset calculation
* uapi: fix linux/mroute6.h userspace compilation errors
uapi: fix linux/rds.h userspace compilation errors
ceph: clean up unsafe d_parent accesses in build_dentry_path
i2c: at91: ensure state is restored after suspending
net: mvpp2: release reference to txq_cpu[] entry after unmapping
scsi: scsi_dh_emc: return success in clariion_std_inquiry()
* slub: do not merge cache if slub_debug contains a never-merge flag
ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock
* crypto: xts - Add ECB dependency
net/mlx4_core: Fix VF overwrite of module param which disables DMFS on new probed PFs
sparc64: Migrate hvcons irq to panicked cpu
* md/linear: shutup lockdep warnning
f2fs: do not wait for writeback in write_begin
Btrfs: send, fix failure to rename top level inode due to name collision
iio: adc: xilinx: Fix error handling
* netfilter: nf_ct_expect: Change __nf_ct_expect_check() return value.
net/mlx4_en: fix overflow in mlx4_en_init_timestamp()
mac80211: fix power saving clients handling in iwlwifi
mac80211_hwsim: check HWSIM_ATTR_RADIO_NAME length
irqchip/crossbar: Fix incorrect type of local variables
watchdog: kempld: fix gcc-4.3 build
locking/lockdep: Add nest_lock integrity test
Revert "bsg-lib: don't free job in bsg_prepare_job"
tipc: use only positive error codes in messages
* net: Set sk_prot_creator when cloning sockets to the right proto
* packet: only test po->has_vnet_hdr once in packet_snd
* packet: in packet_do_bind, test fanout with bind_lock held
* tun: bail out from tun_get_user() if the skb is empty
* l2tp: fix race condition in l2tp_tunnel_delete
* l2tp: Avoid schedule while atomic in exit_net
* vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit
isdn/i4l: fetch the ppp_write buffer in one shot
* bpf: one perf event close won't free bpf program attached by another perf event
* packet: hold bind lock when rebinding to fanout hook
net: emac: Fix napi poll list corruption
ip6_gre: skb_push ipv6hdr before packing the header in ip6gre_header
* udpv6: Fix the checksum computation when HW checksum does not apply
bpf/verifier: reject BPF_ALU64|BPF_END
* sctp: potential read out of bounds in sctp_ulpevent_type_enabled()
MIPS: Fix minimum alignment requirement of IRQ stack
drm/dp/mst: save vcpi with payloads
* percpu: make this_cpu_generic_read() atomic w.r.t. interrupts
Linux 4.4.93
x86/alternatives: Fix alt_max_short macro to really be a max()
USB: serial: console: fix use-after-free after failed setup
USB: serial: qcserial: add Dell DW5818, DW5819
USB: serial: option: add support for TP-Link LTE module
USB: serial: cp210x: add support for ELV TFD500
USB: serial: ftdi_sio: add id for Cypress WICED dev board
* fix unbalanced page refcounting in bio_map_user_iov
* direct-io: Prevent NULL pointer access in submit_page_section
* usb: gadget: composite: Fix use-after-free in usb_composite_overwrite_options
ALSA: line6: Fix leftover URB at error-path during probe
ALSA: caiaq: Fix stray URB at probe error path
ALSA: seq: Fix copy_from_user() call inside lock
ALSA: seq: Fix use-after-free at creating a port
* ALSA: usb-audio: Kill stray URB at exiting
iommu/amd: Finish TLB flush in amd_iommu_unmap()
usb: renesas_usbhs: Fix DMAC sequence for receiving zero-length packet
KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit
* crypto: shash - Fix zero-length shash ahash digest crash
* HID: usbhid: fix out-of-bounds bug
dmaengine: edma: Align the memcpy acnt array size with the transfer
MIPS: math-emu: Remove pr_err() calls from fpu_emu()
USB: dummy-hcd: Fix deadlock caused by disconnect detection
* rcu: Allow for page faults in NMI handlers
iwlwifi: mvm: use IWL_HCMD_NOCOPY for MCAST_FILTER_CMD
* nl80211: Define policy for packet pattern attributes
CIFS: Reconnect expired SMB sessions
* ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
brcmfmac: add length check in brcmf_cfg80211_escan_handler()
Linux 4.4.92
* ext4: don't allow encrypted operations without keys
ext4: Don't clear SGID when inheriting ACLs
* ext4: fix data corruption for mmap writes
* sched/cpuset/pm: Fix cpuset vs. suspend-resume bugs
nvme: protect against simultaneous shutdown invocations
drm/i915/bios: ignore HDMI on port A
brcmfmac: setup passive scan if requested by user-space
uwb: ensure that endpoint is interrupt
uwb: properly check kthread_run return value
iio: adc: mcp320x: Fix oops on module unload
iio: adc: mcp320x: Fix readout of negative voltages
iio: ad7793: Fix the serial interface reset
* iio: core: Return error for failed read_reg
staging: iio: ad7192: Fix - use the dedicated reset function avoiding dma from stack.
iio: ad_sigma_delta: Implement a dedicated reset function
iio: adc: twl4030: Disable the vusb3v1 rugulator in the error handling path of 'twl4030_madc_probe()'
iio: adc: twl4030: Fix an error handling path in 'twl4030_madc_probe()'
* xhci: fix finding correct bus_state structure for USB 3.1 hosts
* USB: fix out-of-bounds in usb_set_configuration
* usb: Increase quirk delay for USB devices
* USB: core: harden cdc_parse_cdc_header
USB: uas: fix bug in handling of alternate settings
* scsi: sd: Do not override max_sectors_kb sysfs setting
iwlwifi: add workaround to disable wide channels in 5GHz
HID: i2c-hid: allocate hid buffers for real worst case
ftrace: Fix kmemleak in unregister_ftrace_graph
stm class: Fix a use-after-free
Drivers: hv: fcopy: restore correct transfer length
* driver core: platform: Don't read past the end of "driver_override" buffer
ALSA: usx2y: Suppress kernel warning at page allocation failures
* ALSA: compress: Remove unused variable
* lsm: fix smack_inode_removexattr and xattr_getsecurity memleak
* USB: g_mass_storage: Fix deadlock when driver is unbound
usb: gadget: mass_storage: set msg_registered after msg registered
* USB: devio: Don't corrupt user memory
USB: dummy-hcd: Fix erroneous synchronization change
USB: dummy-hcd: fix infinite-loop resubmission bug
USB: dummy-hcd: fix connection failures (wrong speed)
* usb: pci-quirks.c: Corrected timeout values used in handshake
* ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
usb: renesas_usbhs: fix usbhsf_fifo_clear() for RX direction
usb: renesas_usbhs: fix the BCLR setting condition for non-DCP pipe
* usb-storage: unusual_devs entry to fix write-access regression for Seagate external drives
usb: gadget: udc: atmel: set vbus irqflags explicitly
USB: gadgetfs: fix copy_to_user while holding spinlock
USB: gadgetfs: Fix crash caused by inadequate synchronization
usb: gadget: inode.c: fix unbalanced spin_lock in ep0_write
Linux 4.4.91
ttpci: address stringop overflow warning
ALSA: au88x0: avoid theoretical uninitialized access
ARM: remove duplicate 'const' annotations'
IB/qib: fix false-postive maybe-uninitialized warning
* drivers: firmware: psci: drop duplicate const from psci_of_match
libata: transport: Remove circular dependency at free time
xfs: remove kmem_zalloc_greedy
i2c: meson: fix wrong variable usage in meson_i2c_put_data
md/raid10: submit bio directly to replacement disk
rds: ib: add error handle
* iommu/io-pgtable-arm: Check for leaf entry before dereferencing it
parisc: perf: Fix potential NULL pointer dereference
netfilter: nfnl_cthelper: fix incorrect helper->expect_class_max
exynos-gsc: Do not swap cb/cr for semi planar formats
MIPS: IRQ Stack: Unwind IRQ stack onto task stack
* netfilter: invoke synchronize_rcu after set the _hook_ to NULL
* bridge: netlink: register netdevice before executing changelink
* mmc: sdio: fix alignment issue in struct sdio_func
* usb: plusb: Add support for PL-27A1
team: fix memory leaks
* net/packet: check length in getsockopt() called with PACKET_HDRLEN
* net: core: Prevent from dereferencing null pointer when releasing SKB
MIPS: Lantiq: Fix another request_mem_region() return code check
* ASoC: dapm: fix some pointer error handling
usb: chipidea: vbus event may exist before starting gadget
* audit: log 32-bit socketcalls
* ASoC: dapm: handle probe deferrals
* partitions/efi: Fix integer overflow in GPT size calculation
USB: serial: mos7840: fix control-message error handling
USB: serial: mos7720: fix control-message error handling
drm/amdkfd: fix improper return value on error
IB/ipoib: Replace list_del of the neigh->list with list_del_init
IB/ipoib: rtnl_unlock can not come after free_netdev
IB/ipoib: Fix deadlock over vlan_mutex
tty: goldfish: Fix a parameter of a call to free_irq
ARM: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM
iio: adc: hx711: Add DT binding for avia,hx711
iio: adc: axp288: Drop bogus AXP288_ADC_TS_PIN_CTRL register modifications
hwmon: (gl520sm) Fix overflows and crash seen when writing into limit attributes
sh_eth: use correct name for ECMR_MPDE bit
extcon: axp288: Use vbus-valid instead of -present to determine cable presence
igb: re-assign hw address pointer on reset after PCI error
MIPS: ralink: Fix incorrect assignment on ralink_soc
MIPS: Ensure bss section ends on a long-aligned address
ARM: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes
RDS: RDMA: Fix the composite message user notification
GFS2: Fix reference to ERR_PTR in gfs2_glock_iter_next
drm: bridge: add DT bindings for TI ths8135
drm_fourcc: Fix DRM_FORMAT_MOD_LINEAR #define
Linux 4.4.90
fix xen_swiotlb_dma_mmap prototype
swiotlb-xen: implement xen_swiotlb_dma_mmap callback
video: fbdev: aty: do not leak uninitialized padding in clk to userspace
KVM: VMX: use cmpxchg64
ARM: pxa: fix the number of DMA requestor lines
ARM: pxa: add the number of DMA requestor lines
dmaengine: mmp-pdma: add number of requestors
cxl: Fix driver use count
KVM: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
KVM: VMX: do not change SN bit in vmx_update_pi_irte()
* timer/sysclt: Restrict timer migration sysctl values to 0 and 1
gfs2: Fix debugfs glocks dump
x86/fpu: Don't let userspace set bogus xcomp_bv
btrfs: prevent to set invalid default subvolid
btrfs: propagate error to btrfs_cmp_data_prepare caller
btrfs: fix NULL pointer dereference from free_reloc_roots()
* PCI: Fix race condition with driver_override
kvm: nVMX: Don't allow L2 to access the hardware CR8
KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
* arm64: fault: Route pte translation faults via do_translation_fault
* arm64: Make sure SPsel is always set
* seccomp: fix the usage of get/put_seccomp_filter() in seccomp_get_filter()
bsg-lib: don't free job in bsg_prepare_job
* nl80211: check for the required netlink attributes presence
* vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets
SMB3: Don't ignore O_SYNC/O_DSYNC and O_DIRECT flags
SMB: Validate negotiate (to protect against downgrade) even if signing off
Fix SMB3.1.1 guest authentication to Samba
powerpc/pseries: Fix parent_dn reference leak in add_dt_node()
* KEYS: prevent KEYCTL_READ on negative key
* KEYS: prevent creating a different user's keyrings
* KEYS: fix writing past end of user-supplied buffer in keyring_read()
crypto: talitos - fix sha224
crypto: talitos - Don't provide setkey for non hmac hashing algs.
scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
md/raid5: fix a race condition in stripe batch
* tracing: Erase irqsoff trace with empty write
* tracing: Fix trace_pipe behavior for instance traces
KVM: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()
mac80211: flush hw_roc_start work before cancelling the ROC
cifs: release auth_key.response for reconnect.
Linux 4.4.89
ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
bcache: fix bch_hprint crash and improve output
bcache: fix for gc and write-back race
bcache: Correct return value for sysfs attach errors
bcache: correct cache_dirty_target in __update_writeback_rate()
bcache: do not subtract sectors_to_gc for bypassed IO
bcache: Fix leak of bdev reference
bcache: initialize dirty stripes in flash_dev_run()
media: uvcvideo: Prevent heap overflow when accessing mapped controls
* media: v4l2-compat-ioctl32: Fix timespec conversion
PCI: shpchp: Enable bridge bus mastering if MSI is enabled
ARC: Re-enable MMU upon Machine Check exception
* tracing: Apply trace_clock changes to instance max buffer
ftrace: Fix selftest goto location on error
scsi: qla2xxx: Fix an integer overflow in sysfs code
* scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
* scsi: sg: factor out sg_fill_request_table()
* scsi: sg: off by one in sg_ioctl()
* scsi: sg: use standard lists for sg_requests
* scsi: sg: remove 'save_scat_len'
scsi: storvsc: fix memory leak on ring buffer busy
scsi: megaraid_sas: Return pended IOCTLs with cmd_status MFI_STAT_WRONG_STATE in case adapter is dead
scsi: megaraid_sas: Check valid aen class range to avoid kernel panic
scsi: zfcp: trace high part of "new" 64 bit SCSI LUN
scsi: zfcp: trace HBA FSF response by default on dismiss or timedout late response
scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records
scsi: zfcp: fix missing trace records for early returns in TMF eh handlers
scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with HBA
scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace records
scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path
scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled
skd: Submit requests to firmware before triggering the doorbell
skd: Avoid that module unloading triggers a use-after-free
* md/bitmap: disable bitmap_resize for file-backed bitmaps.
* block: Relax a check in blk_start_queue()
powerpc: Fix DAR reporting when alignment handler faults
* ext4: fix quota inconsistency during orphan cleanup for read-only mounts
* ext4: fix incorrect quotaoff if the quota feature is enabled
crypto: AF_ALG - remove SGL terminator indicator when chaining
MIPS: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs
MIPS: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with opposite signs
MIPS: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero
MIPS: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation
Input: i8042 - add Gigabyte P57 to the keyboard reset table
* tty: fix __tty_insert_flip_char regression
* tty: improve tty_insert_flip_char() slow path
* tty: improve tty_insert_flip_char() fast path
* mm: prevent double decrease of nr_reserved_highatomic
nfsd: Fix general protection fault in release_lock_stateid()
md/raid5: release/flush io in raid5_do_work()
x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps
f2fs: check hot_data for roll-forward recovery
* ipv6: fix typo in fib6_net_exit()
* ipv6: fix memory leak with multiple tables during netns destruction
gianfar: Fix Tx flow control deactivation
* Revert "net: fix percpu memory leaks"
* Revert "net: use lib/percpu_counter API for fragmentation mem accounting"
* tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
* Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"
qlge: avoid memcpy buffer overflow
* ipv6: fix sparse warning on rt6i_node
* ipv6: add rcu grace period before freeing fib6_node
* ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
Conflicts:
arch/arm/include/asm/kvm_arm.h
arch/x86/include/asm/thread_info.h
drivers/gpu/drm/msm/msm_gem_submit.c
drivers/md/dm-bufio.c
drivers/media/v4l2-core/v4l2-compat-ioctl32.c
drivers/mmc/core/bus.c
drivers/net/wireless/iwlwifi/iwl-nvm-parse.c
drivers/scsi/sg.c
drivers/scsi/ufs/ufshcd.h
drivers/usb/gadget/function/f_fs.c
drivers/usb/host/xhci-hub.c
kernel/fork.c
kernel/power/process.c
net/ipv4/raw.c
net/wireless/nl80211.c
scripts/Makefile.build
security/keys/keyctl.c
sound/usb/card.c
sound/usb/mixer.c
Change-Id: Ia5c1e792a3f23d9035d9843e7d520c67da04b03e
Signed-off-by: Thierry Strudel <tstrudel@google.com>
|
||
|
Greg Kroah-Hartman
|
aa856bd83c |
Merge 4.4.115 into android-4.4
Changes in 4.4.115 loop: fix concurrent lo_open/lo_release bpf: fix branch pruning logic x86: bpf_jit: small optimization in emit_bpf_tail_call() bpf: fix bpf_tail_call() x64 JIT bpf: introduce BPF_JIT_ALWAYS_ON config bpf: arsh is not supported in 32 bit alu thus reject it bpf: avoid false sharing of map refcount with max_entries bpf: fix divides by zero bpf: fix 32-bit divide by zero bpf: reject stores into ctx via st and xadd x86/pti: Make unpoison of pgd for trusted boot work for real kaiser: fix intel_bts perf crashes ALSA: seq: Make ioctls race-free crypto: aesni - handle zero length dst buffer crypto: af_alg - whitelist mask and type power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE igb: Free IRQs when device is hotplugged KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure KVM: x86: Don't re-execute instruction when not passing CR2 value KVM: X86: Fix operand/address-size during instruction decoding KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered KVM: x86: ioapic: Preserve read-only values in the redirection table ACPI / bus: Leave modalias empty for devices which are not present cpufreq: Add Loongson machine dependencies bcache: check return value of register_shrinker drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode drm/amdkfd: Fix SDMA ring buffer size calculation drm/amdkfd: Fix SDMA oversubsription handling openvswitch: fix the incorrect flow action alloc size mac80211: fix the update of path metric for RANN frame btrfs: fix deadlock when writing out space cache KVM: VMX: Fix rflags cache during vCPU reset xen-netfront: remove warning when unloading module nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) nfsd: Ensure we check stateid validity in the seqid operation checks grace: replace BUG_ON by WARN_ONCE in exit_net hook nfsd: check for use of the closed special stateid lockd: fix "list_add double add" caused by legacy signal interface hwmon: (pmbus) Use 64bit math for DIRECT format values net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit quota: Check for register_shrinker() failure. SUNRPC: Allow connect to return EHOSTUNREACH kmemleak: add scheduling point to kmemleak_scan() drm/omap: Fix error handling path in 'omap_dmm_probe()' xfs: ubsan fixes scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg media: usbtv: add a new usbid usb: gadget: don't dereference g until after it has been null checked staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID usb: option: Add support for FS040U modem USB: serial: pl2303: new device id for Chilitag USB: cdc-acm: Do not log urb submission errors on disconnect CDC-ACM: apply quirk for card reader USB: serial: io_edgeport: fix possible sleep-in-atomic usbip: prevent bind loops on devices attached to vhci_hcd usbip: list: don't list devices attached to vhci_hcd USB: serial: simple: add Motorola Tetra driver usb: f_fs: Prevent gadget unbind if it is already unbound usb: uas: unconditionally bring back host after reset selinux: general protection fault in sock_has_perm serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS spi: imx: do not access registers while clocks disabled Linux 4.4.115 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Alexei Starovoitov
|
28c486744e |
bpf: introduce BPF_JIT_ALWAYS_ON config
[ upstream commit 290af86629b25ffd1ed6232c4e9107da031705cb ] The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715. A quote from goolge project zero blog: "At this point, it would normally be necessary to locate gadgets in the host kernel code that can be used to actually leak data by reading from an attacker-controlled location, shifting and masking the result appropriately and then using the result of that as offset to an attacker-controlled address for a load. But piecing gadgets together and figuring out which ones work in a speculation context seems annoying. So instead, we decided to use the eBPF interpreter, which is built into the host kernel - while there is no legitimate way to invoke it from inside a VM, the presence of the code in the host kernel's text section is sufficient to make it usable for the attack, just like with ordinary ROP gadgets." To make attacker job harder introduce BPF_JIT_ALWAYS_ON config option that removes interpreter from the kernel in favor of JIT-only mode. So far eBPF JIT is supported by: x64, arm64, arm32, sparc64, s390, powerpc64, mips64 The start of JITed program is randomized and code page is marked as read-only. In addition "constant blinding" can be turned on with net.core.bpf_jit_harden v2->v3: - move __bpf_prog_ret0 under ifdef (Daniel) v1->v2: - fix init order, test_bpf and cBPF (Daniel's feedback) - fix offloaded bpf (Jakub's feedback) - add 'return 0' dummy in case something can invoke prog->bpf_func - retarget bpf tree. For bpf-next the patch would need one extra hunk. It will be sent when the trees are merged back to net-next Considered doing: int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT; but it seems better to land the patch as-is and in bpf-next remove bpf_jit_enable global variable from all JITs, consolidate in one place and remove this jit_init() function. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
79f138ac8c |
Merge 4.4.107 into android-4.4
Changes in 4.4.107 crypto: hmac - require that the underlying hash algorithm is unkeyed crypto: salsa20 - fix blkcipher_walk API usage autofs: fix careless error in recent commit tracing: Allocate mask_str buffer dynamically USB: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID USB: core: prevent malicious bNumInterfaces overflow usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer ceph: drop negative child dentries before try pruning inode's alias Bluetooth: btusb: driver to enable the usb-wakeup feature xhci: Don't add a virt_dev to the devs array before it's fully allocated sched/rt: Do not pull from current CPU if only one CPU to pull dmaengine: dmatest: move callback wait queue to thread context ext4: fix fdatasync(2) after fallocate(2) operation ext4: fix crash when a directory's i_size is too small KEYS: add missing permission check for request_key() destination mac80211: Fix addition of mesh configuration element usb: phy: isp1301: Add OF device ID table md-cluster: free md_cluster_info if node leave cluster userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE userfaultfd: selftest: vm: allow to build in vm/ directory net: initialize msg.msg_flags in recvfrom net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values net: bcmgenet: correct MIB access of UniMAC RUNT counters net: bcmgenet: reserved phy revisions must be checked first net: bcmgenet: power down internal phy if open or resume fails net: bcmgenet: Power up the internal PHY before probing the MII NFSD: fix nfsd_minorversion(.., NFSD_AVAIL) NFSD: fix nfsd_reset_versions for NFSv4. Input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list drm/omap: fix dmabuf mmap for dma_alloc'ed buffers netfilter: bridge: honor frag_max_size when refragmenting writeback: fix memory leak in wb_queue_work() net: wimax/i2400m: fix NULL-deref at probe dmaengine: Fix array index out of bounds warning in __get_unmap_pool() net: Resend IGMP memberships upon peer notification. mlxsw: reg: Fix SPVM max record count mlxsw: reg: Fix SPVMLR max record count intel_th: pci: Add Gemini Lake support openrisc: fix issue handling 8 byte get_user calls scsi: hpsa: update check for logical volume status scsi: hpsa: limit outstanding rescans fjes: Fix wrong netdevice feature flags drm/radeon/si: add dpm quirk for Oland sched/deadline: Make sure the replenishment timer fires in the next period sched/deadline: Throttle a constrained deadline task activated after the deadline sched/deadline: Use deadline instead of period when calculating overflow mmc: mediatek: Fixed bug where clock frequency could be set wrong drm/radeon: reinstate oland workaround for sclk afs: Fix missing put_page() afs: Populate group ID from vnode status afs: Adjust mode bits processing afs: Flush outstanding writes when an fd is closed afs: Migrate vlocation fields to 64-bit afs: Prevent callback expiry timer overflow afs: Fix the maths in afs_fs_store_data() afs: Populate and use client modification time afs: Fix page leak in afs_write_begin() afs: Fix afs_kill_pages() net/mlx4_core: Avoid delays during VF driver device shutdown perf symbols: Fix symbols__fixup_end heuristic for corner cases efi/esrt: Cleanup bad memory map log messages NFSv4.1 respect server's max size in CREATE_SESSION btrfs: add missing memset while reading compressed inline extents target: Use system workqueue for ALUA transitions target: fix ALUA transition timeout handling target: fix race during implicit transition work flushes sfc: don't warn on successful change of MAC fbdev: controlfb: Add missing modes to fix out of bounds access video: udlfb: Fix read EDID timeout video: fbdev: au1200fb: Release some resources if a memory allocation fails video: fbdev: au1200fb: Return an error code if a memory allocation fails rtc: pcf8563: fix output clock rate dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type PCI/PME: Handle invalid data when reading Root Status powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo netfilter: ipvs: Fix inappropriate output of procfs powerpc/opal: Fix EBUSY bug in acquiring tokens powerpc/ipic: Fix status get and status clear target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() iscsi-target: fix memory leak in lio_target_tiqn_addtpg() target:fix condition return in core_pr_dump_initiator_port() target/file: Do not return error for UNMAP if length is zero arm-ccn: perf: Prevent module unload while PMU is in use crypto: tcrypt - fix buffer lengths in test_aead_speed() mm: Handle 0 flags in _calc_vm_trans() macro clk: mediatek: add the option for determining PLL source clock clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU clk: tegra: Fix cclk_lp divisor register ppp: Destroy the mutex when cleanup thermal/drivers/step_wise: Fix temperature regulation misbehavior GFS2: Take inode off order_write list when setting jdata flag bcache: explicitly destroy mutex while exiting bcache: fix wrong cache_misses statistics l2tp: cleanup l2tp_tunnel_delete calls xfs: fix log block underflow during recovery cycle verification xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real PCI: Detach driver before procfs & sysfs teardown on device remove scsi: hpsa: cleanup sas_phy structures in sysfs when unloading scsi: hpsa: destroy sas transport properties before scsi_host powerpc/perf/hv-24x7: Fix incorrect comparison in memord tty fix oops when rmmod 8250 usb: musb: da8xx: fix babble condition handling pinctrl: adi2: Fix Kconfig build problem raid5: Set R5_Expanded on parity devices as well as data. scsi: scsi_devinfo: Add REPORTLUN2 to EMC SYMMETRIX blacklist entry vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend scsi: sd: change manage_start_stop to bool in sysfs interface scsi: sd: change allow_restart to bool in sysfs interface scsi: bfa: integer overflow in debugfs udf: Avoid overflow when session starts at large offset macvlan: Only deliver one copy of the frame to the macvlan interface RDMA/cma: Avoid triggering undefined behavior IB/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop ath9k: fix tx99 potential info leak Linux 4.4.107 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Alexander Potapenko
|
accbd99507 |
net: initialize msg.msg_flags in recvfrom
[ Upstream commit 9f138fa609c47403374a862a08a41394be53d461 ] KMSAN reports a use of uninitialized memory in put_cmsg() because msg.msg_flags in recvfrom haven't been initialized properly. The flag values don't affect the result on this path, but it's still a good idea to initialize them explicitly. Signed-off-by: Alexander Potapenko <glider@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Tobias Klauser
|
2a8af3ae8d |
UPSTREAM: net: socket: Make unnecessarily global sockfs_setattr() static
Make sockfs_setattr() static as it is not used outside of net/socket.c
This fixes the following GCC warning:
net/socket.c:534:5: warning: no previous prototype for ‘sockfs_setattr’ [-Wmissing-prototypes]
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Cc: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Change-Id: Ie613c441b3fe081bdaec8c480d3aade482873bf8
Fixes: Change-Id: Idbc3e9a0cec91c4c6e01916b967b6237645ebe59
("net: core: Add a UID field to struct sock.")
(cherry picked from commit dc647ec88e029307e60e6bf9988056605f11051a)
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
|
||
|
Blagovest Kolenichev
|
a4b9c109c2 |
Merge tag v4.4.55 into branch 'msm-4.4'
refs/heads/tmp-28ec98b: Linux 4.4.55 ext4: don't BUG when truncating encrypted inodes on the orphan list dm: flush queued bios when process blocks to avoid deadlock nfit, libnvdimm: fix interleave set cookie calculation s390/kdump: Use "LINUX" ELF note name instead of "CORE" KVM: s390: Fix guest migration for huge guests resulting in panic mvsas: fix misleading indentation serial: samsung: Continue to work if DMA request fails USB: serial: io_ti: fix information leak in completion handler USB: serial: io_ti: fix NULL-deref in interrupt callback USB: iowarrior: fix NULL-deref in write USB: iowarrior: fix NULL-deref at probe USB: serial: omninet: fix reference leaks at open USB: serial: safe_serial: fix information leak in completion handler usb: host: xhci-plat: Fix timeout on removal of hot pluggable xhci controllers usb: host: xhci-dbg: HCIVERSION should be a binary number usb: gadget: function: f_fs: pass companion descriptor along usb: dwc3: gadget: make Set Endpoint Configuration macros safe usb: gadget: dummy_hcd: clear usb_gadget region before registration powerpc: Emulation support for load/store instructions on LE tracing: Add #undef to fix compile error MIPS: Netlogic: Fix CP0_EBASE redefinition warnings MIPS: DEC: Avoid la pseudo-instruction in delay slots mm: memcontrol: avoid unused function warning cpmac: remove hopeless #warning MIPS: ralink: Remove unused rt*_wdt_reset functions MIPS: ralink: Cosmetic change to prom_init(). mtd: pmcmsp: use kstrndup instead of kmalloc+strncpy MIPS: Update lemote2f_defconfig for CPU_FREQ_STAT change MIPS: ip22: Fix ip28 build for modern gcc MIPS: Update ip27_defconfig for SCSI_DH change MIPS: ip27: Disable qlge driver in defconfig MIPS: Update defconfigs for NF_CT_PROTO_DCCP/UDPLITE change crypto: improve gcc optimization flags for serpent and wp512 USB: serial: digi_acceleport: fix OOB-event processing USB: serial: digi_acceleport: fix OOB data sanity check Linux 4.4.54 drivers: hv: Turn off write permission on the hypercall page fat: fix using uninitialized fields of fat_inode/fsinfo_inode libceph: use BUG() instead of BUG_ON(1) drm/i915/dsi: Do not clear DPOUNIT_CLOCK_GATE_DISABLE from vlv_init_display_clock_gating fakelb: fix schedule while atomic drm/atomic: fix an error code in mode_fixup() drm/ttm: Make sure BOs being swapped out are cacheable drm/edid: Add EDID_QUIRK_FORCE_8BPC quirk for Rotel RSX-1058 drm/ast: Fix AST2400 POST failure without BMC FW or VBIOS drm/ast: Call open_key before enable_mmio in POST code drm/ast: Fix test for VGA enabled drm/amdgpu: add more cases to DCE11 possible crtc mask setup mac80211: flush delayed work when entering suspend xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD pwm: pca9685: Fix period change with same duty cycle nlm: Ensure callback code also checks that the files match target: Fix NULL dereference during LUN lookup + active I/O shutdown ceph: remove req from unsafe list when unregistering it ktest: Fix child exit code processing IB/srp: Fix race conditions related to task management IB/srp: Avoid that duplicate responses trigger a kernel bug IB/IPoIB: Add destination address when re-queue packet IB/ipoib: Fix deadlock between rmmod and set_mode mnt: Tuck mounts under others instead of creating shadow/side mounts. net: mvpp2: fix DMA address calculation in mvpp2_txq_inc_put() s390: use correct input data address for setup_randomness s390: make setup_randomness work s390: TASK_SIZE for kernel threads s390/dcssblk: fix device size calculation in dcssblk_direct_access() s390/qdio: clear DSCI prior to scanning multiple input queues Bluetooth: Add another AR3012 04ca:3018 device KVM: VMX: use correct vmcs_read/write for guest segment selector/base KVM: s390: Disable dirty log retrieval for UCONTROL guests serial: 8250_pci: Add MKS Tenta SCOM-0800 and SCOM-0801 cards tty: n_hdlc: get rid of racy n_hdlc.tbuf TTY: n_hdlc, fix lockdep false positive Linux 4.4.53 scsi: lpfc: Correct WQ creation for pagesize MIPS: IP22: Fix build error due to binutils 2.25 uselessnes. MIPS: IP22: Reformat inline assembler code to modern standards. powerpc/xmon: Fix data-breakpoint dmaengine: ipu: Make sure the interrupt routine checks all interrupts. bcma: use (get|put)_device when probing/removing device driver md linear: fix a race between linear_add() and linear_congested() rtc: sun6i: Switch to the external oscillator rtc: sun6i: Add some locking NFSv4: fix getacl ERANGE for some ACL buffer sizes NFSv4: fix getacl head length estimation NFSv4: Fix memory and state leak in _nfs4_open_and_get_state nfsd: special case truncates some more nfsd: minor nfsd_setattr cleanup rtlwifi: rtl8192c-common: Fix "BUG: KASAN: rtlwifi: Fix alignment issues gfs2: Add missing rcu locking for glock lookup rdma_cm: fail iwarp accepts w/o connection params RDMA/core: Fix incorrect structure packing for booleans Drivers: hv: util: Backup: Fix a rescind processing issue Drivers: hv: util: Fcopy: Fix a rescind processing issue Drivers: hv: util: kvp: Fix a rescind processing issue hv: init percpu_list in hv_synic_alloc() hv: allocate synic pages for all present CPUs usb: gadget: udc: fsl: Add missing complete function. usb: host: xhci: plat: check hcc_params after add hcd usb: musb: da8xx: Remove CPPI 3.0 quirk and methods w1: ds2490: USB transfer buffers need to be DMAable w1: don't leak refcount on slave attach failure in w1_attach_slave_device() can: usb_8dev: Fix memory leak of priv->cmd_msg_buffer iio: pressure: mpl3115: do not rely on structure field ordering iio: pressure: mpl115: do not rely on structure field ordering arm/arm64: KVM: Enforce unconditional flush to PoC when mapping to stage-2 fuse: add missing FR_FORCE crypto: testmgr - Pad aes_ccm_enc_tv_template vector ath9k: use correct OTP register offsets for the AR9340 and AR9550 ath9k: fix race condition in enabling/disabling IRQs ath5k: drop bogus warning on drv_set_key with unsupported cipher target: Fix multi-session dynamic se_node_acl double free OOPs target: Obtain se_node_acl->acl_kref during get_initiator_node_acl samples/seccomp: fix 64-bit comparison macros ext4: return EROFS if device is r/o and journal replay is needed ext4: preserve the needs_recovery flag when the journal is aborted ext4: fix inline data error paths ext4: fix data corruption in data=journal mode ext4: trim allocation requests to group size ext4: do not polute the extents cache while shifting extents ext4: Include forgotten start block on fallocate insert range loop: fix LO_FLAGS_PARTSCAN hang block/loop: fix race between I/O and set_status jbd2: don't leak modified metadata buffers on an aborted journal Fix: Disable sys_membarrier when nohz_full is enabled sd: get disk reference in sd_check_events() scsi: use 'scsi_device_from_queue()' for scsi_dh scsi: aacraid: Reorder Adapter status check scsi: storvsc: properly set residual data length on errors scsi: storvsc: properly handle SRB_ERROR when sense message is present scsi: storvsc: use tagged SRB requests if supported by the device dm stats: fix a leaked s->histogram_boundaries array dm cache: fix corruption seen when using cache > 2TB ipc/shm: Fix shmat mmap nil-page protection mm: do not access page->mapping directly on page_endio mm: vmpressure: fix sending wrong events on underflow mm/page_alloc: fix nodes for reclaim in fast path iommu/vt-d: Tylersburg isoch identity map check is done too late. iommu/vt-d: Fix some macros that are incorrectly specified in intel-iommu regulator: Fix regulator_summary for deviceless consumers staging: rtl: fix possible NULL pointer dereference ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine ALSA: hda - Add subwoofer support for Dell Inspiron 17 7000 Gaming ALSA: seq: Fix link corruption by event error handling ALSA: ctxfi: Fallback DMA mask to 32bit ALSA: timer: Reject user params with too small ticks ALSA: hda - fix Lewisburg audio issue ALSA: hda/realtek - Cannot adjust speaker's volume on a Dell AIO ARM: dts: at91: Enable DMA on sama5d2_xplained console ARM: dts: at91: Enable DMA on sama5d4_xplained console ARM: at91: define LPDDR types media: fix dm1105.c build error uvcvideo: Fix a wrong macro am437x-vpfe: always assign bpp variable MIPS: Handle microMIPS jumps in the same way as MIPS32/MIPS64 jumps MIPS: Calculate microMIPS ra properly when unwinding the stack MIPS: Fix is_jump_ins() handling of 16b microMIPS instructions MIPS: Fix get_frame_info() handling of microMIPS function size MIPS: Prevent unaligned accesses during stack unwinding MIPS: Clear ISA bit correctly in get_frame_info() MIPS: Lantiq: Keep ethernet enabled during boot MIPS: OCTEON: Fix copy_from_user fault handling for large buffers MIPS: BCM47XX: Fix button inversion for Asus WL-500W MIPS: Fix special case in 64 bit IP checksumming. samples: move mic/mpssd example code from Documentation Linux 4.4.52 kvm: vmx: ensure VMCS is current while enabling PML Revert "usb: chipidea: imx: enable CI_HDRC_SET_NON_ZERO_TTHA" rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down block: fix double-free in the failure path of cgwb_bdi_init() goldfish: Sanitize the broken interrupt handler x86/platform/goldfish: Prevent unconditional loading USB: serial: ark3116: fix register-accessor error handling USB: serial: opticon: fix CTS retrieval at open USB: serial: spcp8x5: fix modem-status handling USB: serial: ftdi_sio: fix line-status over-reporting USB: serial: ftdi_sio: fix extreme low-latency setting USB: serial: ftdi_sio: fix modem-status error handling USB: serial: cp210x: add new IDs for GE Bx50v3 boards USB: serial: mos7840: fix another NULL-deref at open tty: serial: msm: Fix module autoload net: socket: fix recvmmsg not returning error from sock_error ip: fix IP_CHECKSUM handling irda: Fix lockdep annotations in hashbin_delete(). dccp: fix freeing skb too early for IPV6_RECVPKTINFO packet: Do not call fanout_release from atomic contexts packet: fix races in fanout_add() net/llc: avoid BUG_ON() in skb_orphan() blk-mq: really fix plug list flushing for nomerge queues rtc: interface: ignore expired timers when enqueuing new timers rtlwifi: rtl_usb: Fix missing entry in USB driver's private data Linux 4.4.51 mmc: core: fix multi-bit bus width without high-speed mode bcache: Make gc wakeup sane, remove set_task_state() ntb_transport: Pick an unused queue NTB: ntb_transport: fix debugfs_remove_recursive printk: use rcuidle console tracepoint ARM: 8658/1: uaccess: fix zeroing of 64-bit get_user() futex: Move futex_init() to core_initcall drm/dp/mst: fix kernel oops when turning off secondary monitor drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor Input: elan_i2c - add ELAN0605 to the ACPI table Fix missing sanity check in /dev/sg scsi: don't BUG_ON() empty DMA transfers fuse: fix use after free issue in fuse_dev_do_read() siano: make it work again with CONFIG_VMAP_STACK vfs: fix uninitialized flags in splice_to_pipe() Linux 4.4.50 l2tp: do not use udp_ioctl() ping: fix a null pointer dereference packet: round up linear to header len net: introduce device min_header_len sit: fix a double free on error path sctp: avoid BUG_ON on sctp_wait_for_sndbuf mlx4: Invoke softirqs after napi_reschedule macvtap: read vnet_hdr_size once tun: read vnet_hdr_sz once tcp: avoid infinite loop in tcp_splice_read() ipv6: tcp: add a missing tcp_v6_restore_cb() ip6_gre: fix ip6gre_err() invalid reads netlabel: out of bound access in cipso_v4_validate() ipv4: keep skb->dst around in presence of IP options net: use a work queue to defer net_disable_timestamp() work tcp: fix 0 divide in __tcp_select_window() ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim() ipv6: fix ip6_tnl_parse_tlv_enc_lim() can: Fix kernel panic at security_sock_rcv_skb Conflicts: drivers/scsi/sd.c drivers/usb/gadget/function/f_fs.c drivers/usb/host/xhci-plat.c CRs-Fixed: 2023471 Change-Id: I396051a8de30271af77b3890d4b19787faa1c31e Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Runmin Wang
|
78cbd38fd5 |
Merge tag 'lsk-v4.4-17.02-android' into branch 'msm-4.4'
* refs/heads/tmp-26c8156:
Linux 4.4.49
drm/i915: fix use-after-free in page_flip_completed()
ALSA: seq: Don't handle loop timeout at snd_seq_pool_done()
ALSA: seq: Fix race at creating a queue
xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend()
scsi: mpt3sas: disable ASPM for MPI2 controllers
scsi: aacraid: Fix INTx/MSI-x issue with older controllers
scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send
netvsc: Set maximum GSO size in the right place
mac80211: Fix adding of mesh vendor IEs
ARM: 8642/1: LPAE: catch pending imprecise abort on unmask
target: Fix COMPARE_AND_WRITE ref leak for non GOOD status
target: Fix early transport_generic_handle_tmr abort scenario
target: Use correct SCSI status during EXTENDED_COPY exception
target: Don't BUG_ON during NodeACL dynamic -> explicit conversion
ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write
hns: avoid stack overflow with CONFIG_KASAN
cpumask: use nr_cpumask_bits for parsing functions
Revert "x86/ioapic: Restore IO-APIC irq_chip retrigger callback"
selinux: fix off-by-one in setprocattr
ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup
Linux 4.4.48
base/memory, hotplug: fix a kernel oops in show_valid_zones()
x86/irq: Make irq activate operations symmetric
USB: serial: option: add device ID for HP lt2523 (Novatel E371)
usb: gadget: f_fs: Assorted buffer overflow checks.
USB: Add quirk for WORLDE easykey.25 MIDI keyboard
USB: serial: pl2303: add ATEN device ID
USB: serial: qcserial: add Dell DW5570 QDL
KVM: x86: do not save guest-unsupported XSAVE state
HID: wacom: Fix poor prox handling in 'wacom_pl_irq'
percpu-refcount: fix reference leak during percpu-atomic transition
mmc: sdhci: Ignore unexpected CARD_INT interrupts
can: bcm: fix hrtimer/tasklet termination in bcm op removal
mm, fs: check for fatal signals in do_generic_file_read()
mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone()
cifs: initialize file_info_lock
zswap: disable changing params if init fails
svcrpc: fix oops in absence of krb5 module
NFSD: Fix a null reference case in find_or_create_lock_stateid()
powerpc: Add missing error check to prom_find_boot_cpu()
powerpc/eeh: Fix wrong flag passed to eeh_unfreeze_pe()
libata: apply MAX_SEC_1024 to all CX1-JB*-HP devices
ata: sata_mv:- Handle return value of devm_ioremap.
perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory
crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes
crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg
drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval
drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215
ext4: validate s_first_meta_bg at mount time
PCI/ASPM: Handle PCI-to-PCIe bridges as roots of PCIe hierarchies
ANDROID: security: export security_path_chown()
Linux 4.4.47
net: dsa: Bring back device detaching in dsa_slave_suspend()
qmi_wwan/cdc_ether: add device ID for HP lt2523 (Novatel E371) WWAN card
af_unix: move unix_mknod() out of bindlock
r8152: don't execute runtime suspend if the tx is not empty
bridge: netlink: call br_changelink() during br_dev_newlink()
tcp: initialize max window for a new fastopen socket
ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock
net: phy: bcm63xx: Utilize correct config_intr function
net: fix harmonize_features() vs NETIF_F_HIGHDMA
ax25: Fix segfault after sock connection timeout
ravb: do not use zero-length alignment DMA descriptor
openvswitch: maintain correct checksum state in conntrack actions
tcp: fix tcp_fastopen unaligned access complaints on sparc
net: systemport: Decouple flow control from __bcm_sysport_tx_reclaim
net: ipv4: fix table id in getroute response
net: lwtunnel: Handle lwtunnel_fill_encap failure
mlxsw: pci: Fix EQE structure definition
mlxsw: switchx2: Fix memory leak at skb reallocation
mlxsw: spectrum: Fix memory leak at skb reallocation
r8152: fix the sw rx checksum is unavailable
ANDROID: sdcardfs: Switch strcasecmp for internal call
ANDROID: sdcardfs: switch to full_name_hash and qstr
ANDROID: sdcardfs: Add GID Derivation to sdcardfs
ANDROID: sdcardfs: Remove redundant operation
ANDROID: sdcardfs: add support for user permission isolation
ANDROID: sdcardfs: Refactor configfs interface
ANDROID: sdcardfs: Allow non-owners to touch
ANDROID: binder: fix format specifier for type binder_size_t
ANDROID: fs: Export vfs_rmdir2
ANDROID: fs: Export free_fs_struct and set_fs_pwd
ANDROID: mnt: remount should propagate to slaves of slaves
ANDROID: sdcardfs: Switch ->d_inode to d_inode()
ANDROID: sdcardfs: Fix locking issue with permision fix up
ANDROID: sdcardfs: Change magic value
ANDROID: sdcardfs: Use per mount permissions
ANDROID: sdcardfs: Add gid and mask to private mount data
ANDROID: sdcardfs: User new permission2 functions
ANDROID: vfs: Add setattr2 for filesystems with per mount permissions
ANDROID: vfs: Add permission2 for filesystems with per mount permissions
ANDROID: vfs: Allow filesystems to access their private mount data
ANDROID: mnt: Add filesystem private data to mount points
ANDROID: sdcardfs: Move directory unlock before touch
ANDROID: sdcardfs: fix external storage exporting incorrect uid
ANDROID: sdcardfs: Added top to sdcardfs_inode_info
ANDROID: sdcardfs: Switch package list to RCU
ANDROID: sdcardfs: Fix locking for permission fix up
ANDROID: sdcardfs: Check for other cases on path lookup
ANDROID: sdcardfs: override umask on mkdir and create
Linux 4.4.46
mm, memcg: do not retry precharge charges
platform/x86: intel_mid_powerbtn: Set IRQ_ONESHOT
pinctrl: broxton: Use correct PADCFGLOCK offset
s5k4ecgx: select CRC32 helper
IB/umem: Release pid in error and ODP flow
IB/ipoib: move back IB LL address into the hard header
drm/i915: Don't leak edid in intel_crt_detect_ddc()
SUNRPC: cleanup ida information when removing sunrpc module
NFSv4.0: always send mode in SETATTR after EXCLUSIVE4
nfs: Don't increment lock sequence ID after NFS4ERR_MOVED
parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header
ARC: [arcompact] handle unaligned access delay slot corner case
ARC: udelay: fix inline assembler by adding LP_COUNT to clobber list
can: ti_hecc: add missing prepare and unprepare of the clock
can: c_can_pci: fix null-pointer-deref in c_can_start() - set device pointer
s390/ptrace: Preserve previous registers for short regset write
RDMA/cma: Fix unknown symbol when CONFIG_IPV6 is not enabled
ISDN: eicon: silence misleading array-bounds warning
sysctl: fix proc_doulongvec_ms_jiffies_minmax()
mm/mempolicy.c: do not put mempolicy before using its nodemask
drm: Fix broken VT switch with video=1366x768 option
tile/ptrace: Preserve previous registers for short regset write
fbdev: color map copying bounds checking
Linux 4.4.45
arm64: avoid returning from bad_mode
selftest/powerpc: Wrong PMC initialized in pmc56_overflow test
dmaengine: pl330: Fix runtime PM support for terminated transfers
ite-cir: initialize use_demodulator before using it
blackfin: check devm_pinctrl_get() for errors
ARM: 8613/1: Fix the uaccess crash on PB11MPCore
ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation
ARM: dts: imx6qdl-nitrogen6_max: fix sgtl5000 pinctrl init
arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields
arm64/ptrace: Avoid uninitialised struct padding in fpr_set()
arm64/ptrace: Preserve previous registers for short regset write - 3
arm64/ptrace: Preserve previous registers for short regset write - 2
arm64/ptrace: Preserve previous registers for short regset write
ARM: dts: da850-evm: fix read access to SPI flash
ceph: fix bad endianness handling in parse_reply_info_extra
ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs
svcrdma: avoid duplicate dma unmapping during error recovery
clocksource/exynos_mct: Clear interrupt when cpu is shut down
ubifs: Fix journal replay wrt. xattr nodes
qla2xxx: Fix crash due to null pointer access
x86/ioapic: Restore IO-APIC irq_chip retrigger callback
mtd: nand: xway: disable module support
ieee802154: atusb: do not use the stack for buffers to make them DMA able
mmc: mxs-mmc: Fix additional cycles after transmission stop
HID: corsair: fix control-transfer error handling
HID: corsair: fix DMA buffers on stack
PCI: Enumerate switches below PCI-to-PCIe bridges
fuse: clear FR_PENDING flag when moving requests out of pending queue
svcrpc: don't leak contexts on PROC_DESTROY
x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F
tmpfs: clear S_ISGID when setting posix ACLs
ARM: dts: imx31: fix AVIC base address
ARM: dts: imx31: move CCM device node to AIPS2 bus devices
ARM: dts: imx31: fix clock control module interrupts description
perf scripting: Avoid leaking the scripting_context variable
IB/IPoIB: Remove can't use GFP_NOIO warning
IB/mlx4: When no DMFS for IPoIB, don't allow NET_IF QPs
IB/mlx4: Fix port query for 56Gb Ethernet links
IB/mlx4: Fix out-of-range array index in destroy qp flow
IB/mlx4: Set traffic class in AH
IB/mlx5: Wait for all async command completions to complete
ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it
Linux 4.4.44
pinctrl: sh-pfc: Do not unconditionally support PIN_CONFIG_BIAS_DISABLE
powerpc/ibmebus: Fix device reference leaks in sysfs interface
powerpc/ibmebus: Fix further device reference leaks
bus: vexpress-config: fix device reference leak
blk-mq: Always schedule hctx->next_cpu
ACPI / APEI: Fix NMI notification handling
block: cfq_cpd_alloc() should use @gfp
cpufreq: powernv: Disable preemption while checking CPU throttling state
NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success.
NFS: Fix a performance regression in readdir
pNFS: Fix race in pnfs_wait_on_layoutreturn
pinctrl: meson: fix gpio request disabling other modes
btrfs: fix error handling when run_delayed_extent_op fails
btrfs: fix locking when we put back a delayed ref that's too new
x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option
USB: serial: ch341: fix modem-control and B0 handling
USB: serial: ch341: fix resume after reset
drm/radeon: drop verde dpm quirks
sysctl: Drop reference added by grab_header in proc_sys_readdir
sysrq: attach sysrq handler correctly for 32-bit kernel
tty/serial: atmel_serial: BUG: stop DMA from transmitting in stop_tx
mnt: Protect the mountpoint hashtable with mount_lock
vme: Fix wrong pointer utilization in ca91cx42_slave_get
xhci: fix deadlock at host remove by running watchdog correctly
i2c: fix kernel memory disclosure in dev interface
i2c: print correct device invalid address
Input: elants_i2c - avoid divide by 0 errors on bad touchscreen data
USB: serial: ch341: fix open and resume after B0
USB: serial: ch341: fix control-message error handling
USB: serial: ch341: fix open error handling
USB: serial: ch341: fix initial modem-control state
USB: serial: kl5kusb105: fix line-state error handling
nl80211: fix sched scan netlink socket owner destruction
KVM: x86: Introduce segmented_write_std
KVM: x86: emulate FXSAVE and FXRSTOR
KVM: x86: add asm_safe wrapper
KVM: x86: add Align16 instruction flag
KVM: x86: flush pending lapic jump label updates on module unload
jump_labels: API for flushing deferred jump label updates
KVM: eventfd: fix NULL deref irqbypass consumer
KVM: x86: fix emulation of "MOV SS, null selector"
mm/hugetlb.c: fix reservation race when freeing surplus pages
ocfs2: fix crash caused by stale lvb with fsdlm plugin
mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done}
selftests: do not require bash for the generated test
selftests: do not require bash to run netsocktests testcase
Input: i8042 - add Pegatron touchpad to noloop table
Input: xpad - use correct product id for x360w controllers
DEBUG: sched/fair: Fix sched_load_avg_cpu events for task_groups
DEBUG: sched/fair: Fix missing sched_load_avg_cpu events
net: socket: don't set sk_uid to garbage value in ->setattr()
ANDROID: configs: CONFIG_ARM64_SW_TTBR0_PAN=y
UPSTREAM: arm64: Disable PAN on uaccess_enable()
UPSTREAM: arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN
UPSTREAM: arm64: xen: Enable user access before a privcmd hvc call
UPSTREAM: arm64: Handle faults caused by inadvertent user access with PAN enabled
BACKPORT: arm64: Disable TTBR0_EL1 during normal kernel execution
BACKPORT: arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1
BACKPORT: arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro
BACKPORT: arm64: Factor out PAN enabling/disabling into separate uaccess_* macros
UPSTREAM: arm64: alternative: add auto-nop infrastructure
UPSTREAM: arm64: barriers: introduce nops and __nops macros for NOP sequences
Revert "FROMLIST: arm64: Factor out PAN enabling/disabling into separate uaccess_* macros"
Revert "FROMLIST: arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro"
Revert "FROMLIST: arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1"
Revert "FROMLIST: arm64: Disable TTBR0_EL1 during normal kernel execution"
Revert "FROMLIST: arm64: Handle faults caused by inadvertent user access with PAN enabled"
Revert "FROMLIST: arm64: xen: Enable user access before a privcmd hvc call"
Revert "FROMLIST: arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN"
ANDROID: sched/walt: fix build failure if FAIR_GROUP_SCHED=n
Linux 4.4.43
mm/init: fix zone boundary creation
ALSA: usb-audio: Add a quirk for Plantronics BT600
spi: mvebu: fix baudrate calculation for armada variant
ARM: OMAP4+: Fix bad fallthrough for cpuidle
ARM: zynq: Reserve correct amount of non-DMA RAM
powerpc: Fix build warning on 32-bit PPC
ALSA: firewire-tascam: Fix to handle error from initialization of stream data
HID: hid-cypress: validate length of report
net: vrf: do not allow table id 0
net: ipv4: Fix multipath selection with vrf
gro: Disable frag0 optimization on IPv6 ext headers
gro: use min_t() in skb_gro_reset_offset()
gro: Enter slow-path if there is no tailroom
r8152: fix rx issue for runtime suspend
r8152: split rtl8152_suspend function
ipv4: Do not allow MAIN to be alias for new LOCAL w/ custom rules
igmp: Make igmp group member RFC 3376 compliant
drop_monitor: consider inserted data in genlmsg_end
drop_monitor: add missing call to genlmsg_end
net/mlx5: Avoid shadowing numa_node
net/mlx5: Check FW limitations on log_max_qp before setting it
net: stmmac: Fix race between stmmac_drv_probe and stmmac_open
net, sched: fix soft lockup in tc_classify
ipv6: handle -EFAULT from skb_copy_bits
net: vrf: Drop conntrack data after pass through VRF device on Tx
ser_gigaset: return -ENOMEM on error instead of success
netvsc: reduce maximum GSO size
Linux 4.4.42
usb: gadget: composite: always set ep->mult to a sensible value
Revert "usb: gadget: composite: always set ep->mult to a sensible value"
tick/broadcast: Prevent NULL pointer dereference
drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values
cx23885-dvb: move initialization of a8293_pdata
net: vxge: avoid unused function warnings
net: ti: cpmac: Fix compiler warning due to type confusion
cred/userns: define current_user_ns() as a function
staging: comedi: dt282x: tidy up register bit defines
powerpc/pci/rpadlpar: Fix device reference leaks
md: MD_RECOVERY_NEEDED is set for mddev->recovery
crypto: arm64/aes-ce - fix for big endian
crypto: arm64/aes-xts-ce: fix for big endian
crypto: arm64/sha1-ce - fix for big endian
crypto: arm64/aes-neon - fix for big endian
crypto: arm64/aes-ccm-ce: fix for big endian
crypto: arm/aes-ce - fix for big endian
crypto: arm64/ghash-ce - fix for big endian
crypto: arm64/sha2-ce - fix for big endian
s390/crypto: unlock on error in prng_tdes_read()
mmc: mmc_test: Uninitialized return value
PM / wakeirq: Fix dedicated wakeirq for drivers not using autosuspend
irqchip/bcm7038-l1: Implement irq_cpu_offline() callback
target/iscsi: Fix double free in lio_target_tiqn_addtpg()
scsi: mvsas: fix command_active typo
ASoC: samsung: i2s: Fixup last IRQ unsafe spin lock call
iommu/vt-d: Flush old iommu caches for kdump when the device gets context mapped
iommu/vt-d: Fix pasid table size encoding
iommu/amd: Fix the left value check of cmd buffer
iommu/amd: Missing error code in amd_iommu_init_device()
clk: imx31: fix rewritten input argument of mx31_clocks_init()
clk: clk-wm831x: fix a logic error
hwmon: (g762) Fix overflows and crash seen when writing limit attributes
hwmon: (nct7802) Fix overflows seen when writing into limit attributes
hwmon: (ds620) Fix overflows seen when writing temperature limits
hwmon: (amc6821) sign extension temperature
hwmon: (scpi) Fix module autoload
cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected
ath10k: use the right length of "background"
stable-fixup: hotplug: fix unused function warning
usb: dwc3: ep0: explicitly call dwc3_ep0_prepare_one_trb()
usb: dwc3: ep0: add dwc3_ep0_prepare_one_trb()
usb: dwc3: gadget: always unmap EP0 requests
staging: iio: ad7606: fix improper setting of oversampling pins
mei: bus: fix mei_cldev_enable KDoc
USB: serial: io_ti: bind to interface after fw download
USB: phy: am335x-control: fix device and of_node leaks
ARM: dts: r8a7794: Correct hsusb parent clock
USB: serial: kl5kusb105: abort on open exception path
ALSA: usb-audio: Fix bogus error return in snd_usb_create_stream()
usb: musb: blackfin: add bfin_fifo_offset in bfin_ops
usb: hub: Move hub_port_disable() to fix warning if PM is disabled
usb: musb: Fix trying to free already-free IRQ 4
usb: dwc3: pci: add Intel Gemini Lake PCI ID
xhci: Fix race related to abort operation
xhci: Use delayed_work instead of timer for command timeout
usb: xhci-mem: use passed in GFP flags instead of GFP_KERNEL
USB: serial: mos7720: fix parallel probe
USB: serial: mos7720: fix parport use-after-free on probe errors
USB: serial: mos7720: fix use-after-free on probe errors
USB: serial: mos7720: fix NULL-deref at open
USB: serial: mos7840: fix NULL-deref at open
USB: serial: kobil_sct: fix NULL-deref in write
USB: serial: cyberjack: fix NULL-deref at open
USB: serial: oti6858: fix NULL-deref at open
USB: serial: io_edgeport: fix NULL-deref at open
USB: serial: ti_usb_3410_5052: fix NULL-deref at open
USB: serial: garmin_gps: fix memory leak on failed URB submit
USB: serial: iuu_phoenix: fix NULL-deref at open
USB: serial: io_ti: fix I/O after disconnect
USB: serial: io_ti: fix another NULL-deref at open
USB: serial: io_ti: fix NULL-deref at open
USB: serial: spcp8x5: fix NULL-deref at open
USB: serial: keyspan_pda: verify endpoints at probe
USB: serial: pl2303: fix NULL-deref at open
USB: serial: quatech2: fix sleep-while-atomic in close
USB: serial: omninet: fix NULL-derefs at open and disconnect
usb: xhci: hold lock over xhci_abort_cmd_ring()
xhci: Handle command completion and timeout race
usb: host: xhci: Fix possible wild pointer when handling abort command
usb: xhci: fix return value of xhci_setup_device()
xhci: free xhci virtual devices with leaf nodes first
usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Apollo Lake
xhci: workaround for hosts missing CAS bit
usb: xhci: fix possible wild pointer
usb: dwc3: core: avoid Overflow events
usb: gadget: composite: Test get_alt() presence instead of set_alt()
USB: dummy-hcd: fix bug in stop_activity (handle ep0)
USB: fix problems with duplicate endpoint addresses
USB: gadgetfs: fix checks of wTotalLength in config descriptors
USB: gadgetfs: fix use-after-free bug
USB: gadgetfs: fix unbounded memory allocation bug
usb: gadgetfs: restrict upper bound on device configuration size
usb: storage: unusual_uas: Add JMicron JMS56x to unusual device
usb: musb: dsps: implement clear_ep_rxintr() callback
usb: musb: core: add clear_ep_rxintr() to musb_platform_ops
KVM: MIPS: Flush KVM entry code from icache globally
KVM: x86: reset MMU on KVM_SET_VCPU_EVENTS
mac80211: initialize fast-xmit 'info' later
ARM: davinci: da850: don't add emac clock to lookup table twice
ALSA: usb-audio: Fix irq/process data synchronization
ALSA: hda - Apply asus-mode8 fixup to ASUS X71SL
ALSA: hda - Fix up GPIO for ASUS ROG Ranger
Linux 4.4.41
net: mvpp2: fix dma unmapping of TX buffers for fragments
sg_write()/bsg_write() is not fit to be called under KERNEL_DS
kconfig/nconf: Fix hang when editing symbol with a long prompt
target/user: Fix use-after-free of tcmu_cmds if they are expired
powerpc: Convert cmp to cmpd in idle enter sequence
powerpc/ps3: Fix system hang with GCC 5 builds
nfs_write_end(): fix handling of short copies
libceph: verify authorize reply on connect
PCI: Check for PME in targeted sleep state
Input: drv260x - fix input device's parent assignment
media: solo6x10: fix lockup by avoiding delayed register write
IB/cma: Fix a race condition in iboe_addr_get_sgid()
IB/multicast: Check ib_find_pkey() return value
IPoIB: Avoid reading an uninitialized member variable
IB/mad: Fix an array index check
fgraph: Handle a case where a tracer ignores set_graph_notrace
platform/x86: asus-nb-wmi.c: Add X45U quirk
ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it
kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
KVM: PPC: Book3S HV: Don't lose hardware R/C bit updates in H_PROTECT
KVM: PPC: Book3S HV: Save/restore XER in checkpointed register state
md/raid5: limit request size according to implementation limits
sc16is7xx: Drop bogus use of IRQF_ONESHOT
s390/vmlogrdr: fix IUCV buffer allocation
firmware: fix usermode helper fallback loading
ARC: mm: arc700: Don't assume 2 colours for aliasing VIPT dcache
scsi: avoid a permanent stop of the scsi device's request queue
scsi: zfcp: fix rport unblock race with LUN recovery
scsi: zfcp: do not trace pure benign residual HBA responses at default level
scsi: zfcp: fix use-after-"free" in FC ingress path after TMF
scsi: megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map
scsi: megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits for 30secs before reset
vt: fix Scroll Lock LED trigger name
block: protect iterate_bdevs() against concurrent close
mei: request async autosuspend at the end of enumeration
drivers/gpu/drm/ast: Fix infinite loop if read fails
drm/gma500: Add compat ioctl
drm/radeon: add additional pci revision to dpm workaround
drm/radeon: Hide the HW cursor while it's out of bounds
drm/radeon: Also call cursor_move_locked when the cursor size changes
drm/nouveau/i2c/gk110b,gm10x: use the correct implementation
drm/nouveau/fifo/gf100-: protect channel preempt with subdev mutex
drm/nouveau/ltc: protect clearing of comptags with mutex
drm/nouveau/bios: require checksum to match for fast acpi shadow method
drm/nouveau/kms: lvds panel strap moved again on maxwell
ACPI / video: Add force_native quirk for HP Pavilion dv6
ACPI / video: Add force_native quirk for Dell XPS 17 L702X
staging: comedi: ni_mio_common: fix E series ni_ai_insn_read() data
staging: comedi: ni_mio_common: fix M Series ni_ai_insn_read() data mask
thermal: hwmon: Properly report critical temperature in sysfs
clk: bcm2835: Avoid overwriting the div info when disabling a pll_div clk
timekeeping_Force_unsigned_clocksource_to_nanoseconds_conversion
regulator: stw481x-vmmc: fix ages old enable error
mmc: sdhci: Fix recovery from tuning timeout
ath9k: Really fix LED polarity for some Mini PCI AR9220 MB92 cards.
cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts
rtlwifi: Fix enter/exit power_save
ssb: Fix error routine when fallback SPROM fails
Linux 4.4.40
ppp: defer netns reference release for ppp channel
driver core: fix race between creating/querying glue dir and its cleanup
xfs: set AGI buffer type in xlog_recover_clear_agi_bucket
arm/xen: Use alloc_percpu rather than __alloc_percpu
xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing
tpm xen: Remove bogus tpm_chip_unregister
kernel/debug/debug_core.c: more properly delay for secondary CPUs
kernel/watchdog: use nmi registers snapshot in hardlockup handler
CIFS: Fix a possible memory corruption in push locks
CIFS: Fix missing nls unload in smb2_reconnect()
CIFS: Fix a possible memory corruption during reconnect
ASoC: intel: Fix crash at suspend/resume without card registration
dm space map metadata: fix 'struct sm_metadata' leak on failed create
dm crypt: mark key as invalid until properly loaded
dm flakey: return -EINVAL on interval bounds error in flakey_ctr()
blk-mq: Do not invoke .queue_rq() for a stopped queue
usb: gadget: composite: always set ep->mult to a sensible value
exec: Ensure mm->user_ns contains the execed files
fs: exec: apply CLOEXEC before changing dumpable task flags
mm/vmscan.c: set correct defer count for shrinker
loop: return proper error from loop_queue_rq()
f2fs: set ->owner for debugfs status file's file_operations
ext4: do not perform data journaling when data is encrypted
ext4: return -ENOMEM instead of success
ext4: reject inodes with negative size
ext4: add sanity checking to count_overhead()
ext4: fix in-superblock mount options processing
ext4: use more strict checks for inodes_per_block on mount
ext4: fix stack memory corruption with 64k block size
ext4: fix mballoc breakage with 64k block size
crypto: caam - fix AEAD givenc descriptors
ptrace: Capture the ptracer's creds not PT_PTRACE_CAP
mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
block_dev: don't test bdev->bd_contains when it is not stable
btrfs: make file clone aware of fatal signals
Btrfs: don't BUG() during drop snapshot
Btrfs: fix memory leak in do_walk_down
Btrfs: don't leak reloc root nodes on error
Btrfs: return gracefully from balance if fs tree is corrupted
Btrfs: bail out if block group has different mixed flag
Btrfs: fix memory leak in reading btree blocks
clk: ti: omap36xx: Work around sprz319 advisory 2.1
ALSA: hda: when comparing pin configurations, ignore assoc in addition to seq
ALSA: hda - Gate the mic jack on HP Z1 Gen3 AiO
ALSA: hda - fix headset-mic problem on a Dell laptop
ALSA: hda - ignore the assoc and seq when comparing pin configurations
ALSA: hda/ca0132 - Add quirk for Alienware 15 R2 2016
ALSA: hiface: Fix M2Tech hiFace driver sampling rate change
ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to volume_control_quirks
USB: UHCI: report non-PME wakeup signalling for Intel hardware
usb: gadget: composite: correctly initialize ep->maxpacket
usb: gadget: f_uac2: fix error handling at afunc_bind
usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices
USB: cdc-acm: add device id for GW Instek AFG-125
USB: serial: kl5kusb105: fix open error path
USB: serial: option: add dlink dwm-158
USB: serial: option: add support for Telit LE922A PIDs 0x1040, 0x1041
Btrfs: fix qgroup rescan worker initialization
btrfs: store and load values of stripes_min/stripes_max in balance status item
Btrfs: fix tree search logic when replaying directory entry deletes
btrfs: limit async_work allocation and worker func duration
ANDROID: trace: net: use %pK for kernel pointers
ANDROID: android-base: Enable QUOTA related configs
net: ipv4: Don't crash if passing a null sk to ip_rt_update_pmtu.
net: inet: Support UID-based routing in IP protocols.
Revert "net: ipv6: fix virtual tunneling build"
net: core: add UID to flows, rules, and routes
net: core: Add a UID field to struct sock.
Revert "net: core: Support UID-based routing."
Revert "net: core: Handle 'sk' being NULL in UID-based routing"
Revert "ANDROID: net: fix 'const' warnings"
Revert "ANDROID: net: fib: remove duplicate assignment"
Revert "ANDROID: net: core: fix UID-based routing"
UPSTREAM: efi/arm64: Don't apply MEMBLOCK_NOMAP to UEFI memory map mapping
UPSTREAM: arm64: enable CONFIG_DEBUG_RODATA by default
goldfish: enable CONFIG_INET_DIAG_DESTROY
sched/walt: kill {min,max}_capacity
sched: fix wrong truncation of walt_avg
ANDROID: dm verity: add minimum prefetch size
Linux 4.4.39
crypto: rsa - Add Makefile dependencies to fix parallel builds
hotplug: Make register and unregister notifier API symmetric
batman-adv: Check for alloc errors when preparing TT local data
m68k: Fix ndelay() macro
arm64: futex.h: Add missing PAN toggling
can: peak: fix bad memory access and free sequence
can: raw: raw_setsockopt: limit number of can_filter that can be set
crypto: mcryptd - Check mcryptd algorithm compatibility
perf/x86: Fix full width counter, counter overflow
locking/rtmutex: Use READ_ONCE() in rt_mutex_owner()
locking/rtmutex: Prevent dequeue vs. unlock race
zram: restrict add/remove attributes to root only
parisc: Fix TLB related boot crash on SMP machines
parisc: Remove unnecessary TLB purges from flush_dcache_page_asm and flush_icache_page_asm
parisc: Purge TLB before setting PTE
powerpc/eeh: Fix deadlock when PE frozen state can't be cleared
Conflicts:
arch/arm64/kernel/traps.c
drivers/usb/dwc3/core.h
drivers/usb/dwc3/ep0.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/host/xhci-mem.c
drivers/usb/host/xhci-ring.c
drivers/usb/host/xhci.c
drivers/video/fbdev/core/fbcmap.c
include/trace/events/sched.h
mm/vmscan.c
Change-Id: I3faa0010ecb98972cd8e6470377a493b56d95f89
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
Signed-off-by: Runmin Wang <runminw@codeaurora.org>
|
||
|
Todd Kjos
|
837de638dc | Merge branch 'upstream-linux-4.4.y' into android-4.4 | ||
|
Runmin Wang
|
4b7c952db6 |
Merge tag 'lsk-v4.4-16.12-android' into branch 'msm-4.4'
* remotes/origin/tmp-2f0de51:
Linux 4.4.38
esp6: Fix integrity verification when ESN are used
esp4: Fix integrity verification when ESN are used
ipv4: Set skb->protocol properly for local output
ipv6: Set skb->protocol properly for local output
Don't feed anything but regular iovec's to blk_rq_map_user_iov
constify iov_iter_count() and iter_is_iovec()
sparc64: fix compile warning section mismatch in find_node()
sparc64: Fix find_node warning if numa node cannot be found
sparc32: Fix inverted invalid_frame_pointer checks on sigreturns
net: ping: check minimum size on ICMP header length
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
geneve: avoid use-after-free of skb->data
sh_eth: remove unchecked interrupts for RZ/A1
net: bcmgenet: Utilize correct struct device for all DMA operations
packet: fix race condition in packet_set_ring
net/dccp: fix use-after-free in dccp_invalid_packet
netlink: Do not schedule work from sk_destruct
netlink: Call cb->done from a worker thread
net/sched: pedit: make sure that offset is valid
net, sched: respect rcu grace period on cls destruction
net: dsa: bcm_sf2: Ensure we re-negotiate EEE during after link change
l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
rtnetlink: fix FDB size computation
af_unix: conditionally use freezable blocking calls in read
net: sky2: Fix shutdown crash
ip6_tunnel: disable caching when the traffic class is inherited
net: check dead netns for peernet2id_alloc()
virtio-net: add a missing synchronize_net()
Linux 4.4.37
arm64: suspend: Reconfigure PSTATE after resume from idle
arm64: mm: Set PSTATE.PAN from the cpu_enable_pan() call
arm64: cpufeature: Schedule enable() calls instead of calling them via IPI
pwm: Fix device reference leak
mwifiex: printk() overflow with 32-byte SSIDs
PCI: Set Read Completion Boundary to 128 iff Root Port supports it (_HPX)
PCI: Export pcie_find_root_port
rcu: Fix soft lockup for rcu_nocb_kthread
ALSA: pcm : Call kill_fasync() in stream lock
x86/traps: Ignore high word of regs->cs in early_fixup_exception()
kasan: update kasan_global for gcc 7
zram: fix unbalanced idr management at hot removal
ARC: Don't use "+l" inline asm constraint
Linux 4.4.36
scsi: mpt3sas: Unblock device after controller reset
flow_dissect: call init_default_flow_dissectors() earlier
mei: fix return value on disconnection
mei: me: fix place for kaby point device ids.
mei: me: disable driver on SPT SPS firmware
drm/radeon: Ensure vblank interrupt is enabled on DPMS transition to on
mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
parisc: Also flush data TLB in flush_icache_page_asm
parisc: Fix race in pci-dma.c
parisc: Fix races in parisc_setup_cache_timing()
NFSv4.x: hide array-bounds warning
apparmor: fix change_hat not finding hat after policy replacement
cfg80211: limit scan results cache size
tile: avoid using clocksource_cyc2ns with absolute cycle count
scsi: mpt3sas: Fix secure erase premature termination
Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y
USB: serial: ftdi_sio: add support for TI CC3200 LaunchPad
USB: serial: cp210x: add ID for the Zone DPMX
usb: chipidea: move the lock initialization to core file
KVM: x86: check for pic and ioapic presence before use
KVM: x86: drop error recovery in em_jmp_far and em_ret_far
iommu/vt-d: Fix IOMMU lookup for SR-IOV Virtual Functions
iommu/vt-d: Fix PASID table allocation
sched: tune: Fix lacking spinlock initialization
UPSTREAM: trace: Update documentation for mono, mono_raw and boot clock
UPSTREAM: trace: Add an option for boot clock as trace clock
UPSTREAM: timekeeping: Add a fast and NMI safe boot clock
ANDROID: goldfish_pipe: fix allmodconfig build
ANDROID: goldfish: goldfish_pipe: fix locking errors
ANDROID: video: goldfishfb: fix platform_no_drv_owner.cocci warnings
ANDROID: goldfish_pipe: fix call_kern.cocci warnings
arm64: rename ranchu defconfig to ranchu64
ANDROID: arch: x86: disable pic for Android toolchain
ANDROID: goldfish_pipe: An implementation of more parallel pipe
ANDROID: goldfish_pipe: bugfixes and performance improvements.
ANDROID: goldfish: Add goldfish sync driver
ANDROID: goldfish: add ranchu defconfigs
ANDROID: goldfish_audio: Clear audio read buffer status after each read
ANDROID: goldfish_events: no extra EV_SYN; register goldfish
ANDROID: goldfish_fb: Set pixclock = 0
ANDROID: goldfish: Enable ACPI-based enumeration for goldfish audio
ANDROID: goldfish: Enable ACPI-based enumeration for goldfish framebuffer
ANDROID: video: goldfishfb: add devicetree bindings
BACKPORT: staging: goldfish: audio: fix compiliation on arm
BACKPORT: Input: goldfish_events - enable ACPI-based enumeration for goldfish events
BACKPORT: goldfish: Enable ACPI-based enumeration for goldfish battery
BACKPORT: drivers: tty: goldfish: Add device tree bindings
BACKPORT: tty: goldfish: support platform_device with id -1
BACKPORT: Input: goldfish_events - add devicetree bindings
BACKPORT: power: goldfish_battery: add devicetree bindings
BACKPORT: staging: goldfish: audio: add devicetree bindings
ANDROID: usb: gadget: function: cleanup: Add blank line after declaration
cpufreq: sched: Fix kernel crash on accessing sysfs file
usb: gadget: f_mtp: simplify ptp NULL pointer check
cgroup: replace unified-hierarchy.txt with a proper cgroup v2 documentation
cgroup: rename Documentation/cgroups/ to Documentation/cgroup-legacy/
cgroup: replace __DEVEL__sane_behavior with cgroup2 fs type
writeback: initialize inode members that track writeback history
mm: page_alloc: generalize the dirty balance reserve
block: fix module reference leak on put_disk() call for cgroups throttle
Linux 4.4.35
netfilter: nft_dynset: fix element timeout for HZ != 1000
IB/cm: Mark stale CM id's whenever the mad agent was unregistered
IB/uverbs: Fix leak of XRC target QPs
IB/core: Avoid unsigned int overflow in sg_alloc_table
IB/mlx5: Fix fatal error dispatching
IB/mlx5: Use cache line size to select CQE stride
IB/mlx4: Fix create CQ error flow
IB/mlx4: Check gid_index return value
PM / sleep: don't suspend parent when async child suspend_{noirq, late} fails
PM / sleep: fix device reference leak in test_suspend
uwb: fix device reference leaks
mfd: core: Fix device reference leak in mfd_clone_cell
iwlwifi: pcie: fix SPLC structure parsing
rtc: omap: Fix selecting external osc
clk: mmp: mmp2: fix return value check in mmp2_clk_init()
clk: mmp: pxa168: fix return value check in pxa168_clk_init()
clk: mmp: pxa910: fix return value check in pxa910_clk_init()
drm/amdgpu: Attach exclusive fence to prime exported bo's. (v5)
crypto: caam - do not register AES-XTS mode on LP units
ext4: sanity check the block and cluster size at mount time
kbuild: Steal gcc's pie from the very beginning
x86/kexec: add -fno-PIE
scripts/has-stack-protector: add -fno-PIE
kbuild: add -fno-PIE
i2c: mux: fix up dependencies
can: bcm: fix warning in bcm_connect/proc_register
mfd: intel-lpss: Do not put device in reset state on suspend
fuse: fix fuse_write_end() if zero bytes were copied
KVM: Disable irq while unregistering user notifier
KVM: x86: fix missed SRCU usage in kvm_lapic_set_vapic_addr
x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems
Linux 4.4.34
sparc64: Delete now unused user copy fixup functions.
sparc64: Delete now unused user copy assembler helpers.
sparc64: Convert U3copy_{from,to}_user to accurate exception reporting.
sparc64: Convert NG2copy_{from,to}_user to accurate exception reporting.
sparc64: Convert NGcopy_{from,to}_user to accurate exception reporting.
sparc64: Convert NG4copy_{from,to}_user to accurate exception reporting.
sparc64: Convert U1copy_{from,to}_user to accurate exception reporting.
sparc64: Convert GENcopy_{from,to}_user to accurate exception reporting.
sparc64: Convert copy_in_user to accurate exception reporting.
sparc64: Prepare to move to more saner user copy exception handling.
sparc64: Delete __ret_efault.
sparc64: Handle extremely large kernel TLB range flushes more gracefully.
sparc64: Fix illegal relative branches in hypervisor patched TLB cross-call code.
sparc64: Fix instruction count in comment for __hypervisor_flush_tlb_pending.
sparc64: Fix illegal relative branches in hypervisor patched TLB code.
sparc64: Handle extremely large kernel TSB range flushes sanely.
sparc: Handle negative offsets in arch_jump_label_transform
sparc64 mm: Fix base TSB sizing when hugetlb pages are used
sparc: serial: sunhv: fix a double lock bug
sparc: Don't leak context bits into thread->fault_address
tty: Prevent ldisc drivers from re-using stale tty fields
tcp: take care of truncations done by sk_filter()
ipv4: use new_gw for redirect neigh lookup
net: __skb_flow_dissect() must cap its return value
sock: fix sendmmsg for partial sendmsg
fib_trie: Correct /proc/net/route off by one error
sctp: assign assoc_id earlier in __sctp_connect
ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
ipv6: dccp: fix out of bound access in dccp_v6_err()
dccp: fix out of bound access in dccp_v4_err()
dccp: do not send reset to already closed sockets
tcp: fix potential memory corruption
ip6_tunnel: Clear IP6CB in ip6tunnel_xmit()
bgmac: stop clearing DMA receive control register right after it is set
net: mangle zero checksum in skb_checksum_help()
net: clear sk_err_soft in sk_clone_lock()
dctcp: avoid bogus doubling of cwnd after loss
ARM: 8485/1: cpuidle: remove cpu parameter from the cpuidle_ops suspend hook
Linux 4.4.33
netfilter: fix namespace handling in nf_log_proc_dostring
btrfs: qgroup: Prevent qgroup->reserved from going subzero
mmc: mxs: Initialize the spinlock prior to using it
ASoC: sun4i-codec: return error code instead of NULL when create_card fails
ACPI / APEI: Fix incorrect return value of ghes_proc()
i40e: fix call of ndo_dflt_bridge_getlink()
hwrng: core - Don't use a stack buffer in add_early_randomness()
lib/genalloc.c: start search from start of chunk
mei: bus: fix received data size check in NFC fixup
iommu/vt-d: Fix dead-locks in disable_dmar_iommu() path
iommu/amd: Free domain id when free a domain of struct dma_ops_domain
tty/serial: at91: fix hardware handshake on Atmel platforms
dmaengine: at_xdmac: fix spurious flag status for mem2mem transfers
drm/i915: Respect alternate_ddc_pin for all DDI ports
KVM: MIPS: Precalculate MMIO load resume PC
scsi: mpt3sas: Fix for block device of raid exists even after deleting raid disk
scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init
iio: orientation: hid-sensor-rotation: Add PM function (fix non working driver)
iio: hid-sensors: Increase the precision of scale to fix wrong reading interpretation.
clk: qoriq: Don't allow CPU clocks higher than starting value
toshiba-wmi: Fix loading the driver on non Toshiba laptops
drbd: Fix kernel_sendmsg() usage - potential NULL deref
usb: gadget: u_ether: remove interrupt throttling
USB: cdc-acm: fix TIOCMIWAIT
staging: nvec: remove managed resource from PS2 driver
Revert "staging: nvec: ps2: change serio type to passthrough"
drivers: staging: nvec: remove bogus reset command for PS/2 interface
staging: iio: ad5933: avoid uninitialized variable in error case
pinctrl: cherryview: Prevent possible interrupt storm on resume
pinctrl: cherryview: Serialize register access in suspend/resume
ARC: timer: rtc: implement read loop in "C" vs. inline asm
s390/hypfs: Use get_free_page() instead of kmalloc to ensure page alignment
coredump: fix unfreezable coredumping task
swapfile: fix memory corruption via malformed swapfile
dib0700: fix nec repeat handling
ASoC: cs4270: fix DAPM stream name mismatch
ALSA: info: Limit the proc text input size
ALSA: info: Return error for invalid read/write
arm64: Enable KPROBES/HIBERNATION/CORESIGHT in defconfig
arm64: kvm: allows kvm cpu hotplug
arm64: KVM: Register CPU notifiers when the kernel runs at HYP
arm64: KVM: Skip HYP setup when already running in HYP
arm64: hyp/kvm: Make hyp-stub reject kvm_call_hyp()
arm64: hyp/kvm: Make hyp-stub extensible
arm64: kvm: Move lr save/restore from do_el2_call into EL1
arm64: kvm: deal with kernel symbols outside of linear mapping
arm64: introduce KIMAGE_VADDR as the virtual base of the kernel region
ANDROID: video: adf: Avoid directly referencing user pointers
ANDROID: usb: gadget: audio_source: fix comparison of distinct pointer types
android: binder: support for file-descriptor arrays.
android: binder: support for scatter-gather.
android: binder: add extra size to allocator.
android: binder: refactor binder_transact()
android: binder: support multiple /dev instances.
android: binder: deal with contexts in debugfs.
android: binder: support multiple context managers.
android: binder: split flat_binder_object.
disable aio support in recommended configuration
Linux 4.4.32
scsi: megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression
drm/radeon: fix DP mode validation
drm/radeon/dp: add back special handling for NUTMEG
drm/amdgpu: fix DP mode validation
drm/amdgpu/dp: add back special handling for NUTMEG
KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
Revert KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
of: silence warnings due to max() usage
packet: on direct_xmit, limit tso and csum to supported devices
sctp: validate chunk len before actually using it
net sched filters: fix notification of filter delete with proper handle
udp: fix IP_CHECKSUM handling
net: sctp, forbid negative length
ipv4: use the right lock for ping_group_range
ipv4: disable BH in set_ping_group_range()
net: add recursion limit to GRO
rtnetlink: Add rtnexthop offload flag to compare mask
bridge: multicast: restore perm router ports on multicast enable
net: pktgen: remove rcu locking in pktgen_change_name()
ipv6: correctly add local routes when lo goes up
ip6_tunnel: fix ip6_tnl_lookup
ipv6: tcp: restore IP6CB for pktoptions skbs
netlink: do not enter direct reclaim from netlink_dump()
packet: call fanout_release, while UNREGISTERING a netdev
net: Add netdev all_adj_list refcnt propagation to fix panic
net/sched: act_vlan: Push skb->data to mac_header prior calling skb_vlan_*() functions
net: pktgen: fix pkt_size
net: fec: set mac address unconditionally
tg3: Avoid NULL pointer dereference in tg3_io_error_detected()
ipmr, ip6mr: fix scheduling while atomic and a deadlock with ipmr_get_route
ip6_gre: fix flowi6_proto value in ip6gre_xmit_other()
tcp: fix a compile error in DBGUNDO()
tcp: fix wrong checksum calculation on MTU probing
net: avoid sk_forward_alloc overflows
tcp: fix overflow in __tcp_retransmit_skb()
arm64/kvm: fix build issue on kvm debug
arm64: ptdump: Indicate whether memory should be faulting
arm64: Add support for ARCH_SUPPORTS_DEBUG_PAGEALLOC
arm64: Drop alloc function from create_mapping
arm64: allow vmalloc regions to be set with set_memory_*
arm64: kernel: implement ACPI parking protocol
arm64: mm: create new fine-grained mappings at boot
arm64: ensure _stext and _etext are page-aligned
arm64: mm: allow passing a pgdir to alloc_init_*
arm64: mm: allocate pagetables anywhere
arm64: mm: use fixmap when creating page tables
arm64: mm: add functions to walk tables in fixmap
arm64: mm: add __{pud,pgd}_populate
arm64: mm: avoid redundant __pa(__va(x))
Linux 4.4.31
HID: usbhid: add ATEN CS962 to list of quirky devices
ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap()
kvm: x86: Check memopp before dereference (CVE-2016-8630)
tty: vt, fix bogus division in csi_J
usb: dwc3: Fix size used in dma_free_coherent()
pwm: Unexport children before chip removal
UBI: fastmap: scrub PEB when bitflips are detected in a free PEB EC header
Disable "frame-address" warning
smc91x: avoid self-comparison warning
cgroup: avoid false positive gcc-6 warning
drm/exynos: fix error handling in exynos_drm_subdrv_open
mm/cma: silence warnings due to max() usage
ARM: 8584/1: floppy: avoid gcc-6 warning
powerpc/ptrace: Fix out of bounds array access warning
x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
perf build: Fix traceevent plugins build race
drm/dp/mst: Check peer device type before attempting EDID read
drm/radeon: drop register readback in cayman_cp_int_cntl_setup
drm/radeon/si_dpm: workaround for SI kickers
drm/radeon/si_dpm: Limit clocks on HD86xx part
Revert "drm/radeon: fix DP link training issue with second 4K monitor"
mmc: dw_mmc-pltfm: fix the potential NULL pointer dereference
scsi: arcmsr: Send SYNCHRONIZE_CACHE command to firmware
scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded
scsi: megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices
mac80211: discard multicast and 4-addr A-MSDUs
firewire: net: fix fragmented datagram_size off-by-one
firewire: net: guard against rx buffer overflows
Input: i8042 - add XMG C504 to keyboard reset table
dm mirror: fix read error on recovery after default leg failure
virtio: console: Unlock vqs while freeing buffers
virtio_ring: Make interrupt suppression spec compliant
parisc: Ensure consistent state when switching to kernel stack at syscall entry
ovl: fsync after copy-up
KVM: MIPS: Make ERET handle ERL before EXL
KVM: x86: fix wbinvd_dirty_mask use-after-free
dm: free io_barrier after blk_cleanup_queue call
USB: serial: cp210x: fix tiocmget error handling
tty: limit terminal size to 4M chars
xhci: add restart quirk for Intel Wildcatpoint PCH
hv: do not lose pending heartbeat vmbus packets
vt: clear selection before resizing
Fix potential infoleak in older kernels
GenWQE: Fix bad page access during abort of resource allocation
usb: increase ohci watchdog delay to 275 msec
xhci: use default USB_RESUME_TIMEOUT when resuming ports.
USB: serial: ftdi_sio: add support for Infineon TriBoard TC2X7
USB: serial: fix potential NULL-dereference at probe
usb: gadget: function: u_ether: don't starve tx request queue
mei: txe: don't clean an unprocessed interrupt cause.
ubifs: Fix regression in ubifs_readdir()
ubifs: Abort readdir upon error
btrfs: fix races on root_log_ctx lists
ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct
ANDROID: binder: Add strong ref checks
ALSA: hda - Fix headset mic detection problem for two Dell laptops
ALSA: hda - Adding a new group of pin cfg into ALC295 pin quirk table
ALSA: hda - allow 40 bit DMA mask for NVidia devices
ALSA: hda - Raise AZX_DCAPS_RIRB_DELAY handling into top drivers
ALSA: hda - Merge RIRB_PRE_DELAY into CTX_WORKAROUND caps
ALSA: usb-audio: Add quirk for Syntek STK1160
KEYS: Fix short sprintf buffer in /proc/keys show function
mm: memcontrol: do not recurse in direct reclaim
mm/list_lru.c: avoid error-path NULL pointer deref
libxfs: clean up _calc_dquots_per_chunk
h8300: fix syscall restarting
drm/dp/mst: Clear port->pdt when tearing down the i2c adapter
i2c: core: fix NULL pointer dereference under race condition
i2c: xgene: Avoid dma_buffer overrun
arm64:cpufeature ARM64_NCAPS is the indicator of last feature
arm64: hibernate: Refuse to hibernate if the boot cpu is offline
PM / sleep: Add support for read-only sysfs attributes
arm64: kernel: Add support for hibernate/suspend-to-disk
arm64: mm: add functions to walk page tables by PA
arm64: mm: move pte_* macros
PM / Hibernate: Call flush_icache_range() on pages restored in-place
arm64: Add new asm macro copy_page
arm64: Promote KERNEL_START/KERNEL_END definitions to a header file
arm64: kernel: Include _AC definition in page.h
arm64: Change cpu_resume() to enable mmu early then access sleep_sp by va
arm64: kernel: Rework finisher callback out of __cpu_suspend_enter()
arm64: Cleanup SCTLR flags
arm64: Fold proc-macros.S into assembler.h
arm/arm64: KVM: Add hook for C-based stage2 init
arm/arm64: KVM: Detect vGIC presence at runtime
arm64: KVM: Add support for 16-bit VMID
arm: KVM: Make kvm_arm.h friendly to assembly code
arm/arm64: KVM: Remove unreferenced S2_PGD_ORDER
arm64: KVM: debug: Remove spurious inline attributes
ARM: KVM: Cleanup exception injection
arm64: KVM: Remove weak attributes
arm64: KVM: Cleanup asm-offset.c
arm64: KVM: Turn system register numbers to an enum
arm64: KVM: VHE: Patch out use of HVC
arm64: Add ARM64_HAS_VIRT_HOST_EXTN feature
arm/arm64: Add new is_kernel_in_hyp_mode predicate
arm64: KVM: Move away from the assembly version of the world switch
arm64: KVM: Map the kernel RO section into HYP
arm64: KVM: Add compatibility aliases
arm64: KVM: Implement vgic-v3 save/restore
arm64: KVM: Add panic handling
arm64: KVM: HYP mode entry points
arm64: KVM: Implement TLB handling
arm64: KVM: Implement fpsimd save/restore
arm64: KVM: Implement the core world switch
arm64: KVM: Add patchable function selector
arm64: KVM: Implement guest entry
arm64: KVM: Implement debug save/restore
arm64: KVM: Implement 32bit system register save/restore
arm64: KVM: Implement system register save/restore
arm64: KVM: Implement timer save/restore
arm64: KVM: Implement vgic-v2 save/restore
arm64: KVM: Add a HYP-specific header file
KVM: arm/arm64: vgic-v3: Make the LR indexing macro public
arm64: Add macros to read/write system registers
Linux 4.4.30
Revert "fix minor infoleak in get_user_ex()"
Revert "x86/mm: Expand the exception table logic to allow new handling options"
Linux 4.4.29
ARM: pxa: pxa_cplds: fix interrupt handling
powerpc/nvram: Fix an incorrect partition merge
mpt3sas: Don't spam logs if logging level is 0
perf symbols: Fixup symbol sizes before picking best ones
perf symbols: Check symbol_conf.allow_aliases for kallsyms loading too
perf hists browser: Fix event group display
clk: divider: Fix clk_divider_round_rate() to use clk_readl()
clk: qoriq: fix a register offset error
s390/con3270: fix insufficient space padding
s390/con3270: fix use of uninitialised data
s390/cio: fix accidental interrupt enabling during resume
x86/mm: Expand the exception table logic to allow new handling options
dmaengine: ipu: remove bogus NO_IRQ reference
power: bq24257: Fix use of uninitialized pointer bq->charger
staging: r8188eu: Fix scheduling while atomic splat
ASoC: dapm: Fix kcontrol creation for output driver widget
ASoC: dapm: Fix value setting for _ENUM_DOUBLE MUX's second channel
ASoC: dapm: Fix possible uninitialized variable in snd_soc_dapm_get_volsw()
ASoC: topology: Fix error return code in soc_tplg_dapm_widget_create()
hwrng: omap - Only fail if pm_runtime_get_sync returns < 0
crypto: arm/ghash-ce - add missing async import/export
crypto: gcm - Fix IV buffer size in crypto_gcm_setkey
mwifiex: correct aid value during tdls setup
spi: spi-fsl-dspi: Drop extra spi_master_put in device remove function
ARM: clk-imx35: fix name for ckil clk
uio: fix dmem_region_start computation
genirq/generic_chip: Add irq_unmap callback
perf stat: Fix interval output values
powerpc/eeh: Null check uses of eeh_pe_bus_get
tunnels: Remove encapsulation offloads on decap.
tunnels: Don't apply GRO to multiple layers of encapsulation.
ipip: Properly mark ipip GRO packets as encapsulated.
posix_acl: Clear SGID bit when setting file permissions
brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
mm/hugetlb: fix memory offline with hugepage size > memory block size
drm/i915: Unalias obj->phys_handle and obj->userptr
drm/i915: Account for TSEG size when determining 865G stolen base
Revert "drm/i915: Check live status before reading edid"
drm/i915/gen9: fix the WaWmMemoryReadLatency implementation
xenbus: don't look up transaction IDs for ordinary writes
drm/vmwgfx: Limit the user-space command buffer size
drm/radeon: change vblank_time's calculation method to reduce computational error.
drm/radeon/si/dpm: fix phase shedding setup
drm/radeon: narrow asic_init for virtualization
drm/amdgpu: change vblank_time's calculation method to reduce computational error.
drm/amdgpu/dce11: add missing drm_mode_config_cleanup call
drm/amdgpu/dce11: disable hpd on local panels
drm/amdgpu/dce8: disable hpd on local panels
drm/amdgpu/dce10: disable hpd on local panels
drm/amdgpu: fix IB alignment for UVD
drm/prime: Pass the right module owner through to dma_buf_export()
Linux 4.4.28
target: Don't override EXTENDED_COPY xcopy_pt_cmd SCSI status code
target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE
target: Re-add missing SCF_ACK_KREF assignment in v4.1.y
ubifs: Fix xattr_names length in exit paths
jbd2: fix incorrect unlock on j_list_lock
ext4: do not advertise encryption support when disabled
mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led
mmc: rtsx_usb_sdmmc: Avoid keeping the device runtime resumed when unused
mmc: core: Annotate cmd_hdr as __le32
powerpc/mm: Prevent unlikely crash in copro_calculate_slb()
ceph: fix error handling in ceph_read_iter
arm64: kernel: Init MDCR_EL2 even in the absence of a PMU
arm64: percpu: rewrite ll/sc loops in assembly
memstick: rtsx_usb_ms: Manage runtime PM when accessing the device
memstick: rtsx_usb_ms: Runtime resume the device when polling for cards
isofs: Do not return EACCES for unknown filesystems
irqchip/gic-v3-its: Fix entry size mask for GITS_BASER
s390/mm: fix gmap tlb flush issues
Using BUG_ON() as an assert() is _never_ acceptable
mm: filemap: fix mapping->nrpages double accounting in fuse
mm: workingset: fix crash in shadow node shrinker caused by replace_page_cache_page()
acpi, nfit: check for the correct event code in notifications
net/mlx4_core: Allow resetting VF admin mac to zero
bnx2x: Prevent false warning for lack of FC NPIV
PKCS#7: Don't require SpcSpOpusInfo in Authenticode pkcs7 signatures
hpsa: correct skipping masked peripherals
sd: Fix rw_max for devices that report an optimal xfer size
irqchip/gicv3: Handle loop timeout proper
kvm: x86: memset whole irq_eoi
x86/e820: Don't merge consecutive E820_PRAM ranges
blkcg: Unlock blkcg_pol_mutex only once when cpd == NULL
Fix regression which breaks DFS mounting
Cleanup missing frees on some ioctls
Do not send SMB3 SET_INFO request if nothing is changing
SMB3: GUIDs should be constructed as random but valid uuids
Set previous session id correctly on SMB3 reconnect
Display number of credits available
Clarify locking of cifs file and tcon structures and make more granular
fs/cifs: keep guid when assigning fid to fileinfo
cifs: Limit the overall credit acquired
fs/super.c: fix race between freeze_super() and thaw_super()
arc: don't leak bits of kernel stack into coredump
lightnvm: ensure that nvm_dev_ops can be used without CONFIG_NVM
ipc/sem.c: fix complex_count vs. simple op race
mm: filemap: don't plant shadow entries without radix tree node
metag: Only define atomic_dec_if_positive conditionally
scsi: Fix use-after-free
NFSv4.2: Fix a reference leak in nfs42_proc_layoutstats_generic
NFSv4: Open state recovery must account for file permission changes
NFSv4: nfs4_copy_delegation_stateid() must fail if the delegation is invalid
NFSv4: Don't report revoked delegations as valid in nfs_have_delegation()
sunrpc: fix write space race causing stalls
Input: elantech - add Fujitsu Lifebook E556 to force crc_enabled
Input: elantech - force needed quirks on Fujitsu H760
Input: i8042 - skip selftest on ASUS laptops
lib: add "on"/"off" support to kstrtobool
lib: update single-char callers of strtobool()
lib: move strtobool() to kstrtobool()
MIPS: ptrace: Fix regs_return_value for kernel context
MIPS: Fix -mabi=64 build of vdso.lds
ALSA: hda - Fix a failure of micmute led when having multi adcs
cx231xx: fix GPIOs for Pixelview SBTVD hybrid
cx231xx: don't return error on success
mb86a20s: fix demod settings
mb86a20s: fix the locking logic
ovl: copy_up_xattr(): use strnlen
ovl: Fix info leak in ovl_lookup_temp()
fbdev/efifb: Fix 16 color palette entry calculation
scsi: zfcp: spin_lock_irqsave() is not nestable
zfcp: trace full payload of all SAN records (req,resp,iels)
zfcp: fix payload trace length for SAN request&response
zfcp: fix D_ID field with actual value on tracing SAN responses
zfcp: restore tracing of handle for port and LUN with HBA records
zfcp: trace on request for open and close of WKA port
zfcp: restore: Dont use 0 to indicate invalid LUN in rec trace
zfcp: retain trace level for SCSI and HBA FSF response records
zfcp: close window with unblocked rport during rport gone
zfcp: fix ELS/GS request&response length for hardware data router
zfcp: fix fc_host port_type with NPIV
ubi: Deal with interrupted erasures in WL
powerpc/pseries: Fix stack corruption in htpe code
powerpc/64: Fix incorrect return value from __copy_tofrom_user
powerpc/powernv: Use CPU-endian PEST in pnv_pci_dump_p7ioc_diag_data()
powerpc/powernv: Use CPU-endian hub diag-data type in pnv_eeh_get_and_dump_hub_diag()
powerpc/powernv: Pass CPU-endian PE number to opal_pci_eeh_freeze_clear()
powerpc/vdso64: Use double word compare on pointers
dm crypt: fix crash on exit
dm mpath: check if path's request_queue is dying in activate_path()
dm: return correct error code in dm_resume()'s retry loop
dm: mark request_queue dead before destroying the DM device
perf intel-pt: Fix MTC timestamp calculation for large MTC periods
perf intel-pt: Fix estimated timestamps for cycle-accurate mode
perf intel-pt: Fix snapshot overlap detection decoder errors
pstore/ram: Use memcpy_fromio() to save old buffer
pstore/ram: Use memcpy_toio instead of memcpy
pstore/core: drop cmpxchg based updates
pstore/ramoops: fixup driver removal
parisc: Increase initial kernel mapping size
parisc: Fix kernel memory layout regarding position of __gp
parisc: Increase KERNEL_INITIAL_SIZE for 32-bit SMP kernels
cpufreq: intel_pstate: Fix unsafe HWP MSR access
platform: don't return 0 from platform_get_irq[_byname]() on error
PCI: Mark Atheros AR9580 to avoid bus reset
mmc: sdhci: cast unsigned int to unsigned long long to avoid unexpeted error
mmc: block: don't use CMD23 with very old MMC cards
rtlwifi: Fix missing country code for Great Britain
PM / devfreq: event: remove duplicate devfreq_event_get_drvdata()
clk: imx6: initialize GPU clocks
regulator: tps65910: Work around silicon erratum SWCZ010
mei: me: add kaby point device ids
gpio: mpc8xxx: Correct irq handler function
cgroup: Change from CAP_SYS_NICE to CAP_SYS_RESOURCE for cgroup migration permissions
UPSTREAM: cpu/hotplug: Handle unbalanced hotplug enable/disable
UPSTREAM: arm64: kaslr: fix breakage with CONFIG_MODVERSIONS=y
UPSTREAM: arm64: kaslr: keep modules close to the kernel when DYNAMIC_FTRACE=y
cgroup: Remove leftover instances of allow_attach
BACKPORT: lib: harden strncpy_from_user
CHROMIUM: cgroups: relax permissions on moving tasks between cgroups
CHROMIUM: remove Android's cgroup generic permissions checks
Linux 4.4.27
cfq: fix starvation of asynchronous writes
vfs: move permission checking into notify_change() for utimes(NULL)
dlm: free workqueues after the connections
crypto: vmx - Fix memory corruption caused by p8_ghash
crypto: ghash-generic - move common definitions to a new header file
ext4: release bh in make_indexed_dir
ext4: allow DAX writeback for hole punch
ext4: fix memory leak in ext4_insert_range()
ext4: reinforce check of i_dtime when clearing high fields of uid and gid
ext4: enforce online defrag restriction for encrypted files
scsi: ibmvfc: Fix I/O hang when port is not mapped
scsi: arcmsr: Simplify user_len checking
scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
async_pq_val: fix DMA memory leak
reiserfs: switch to generic_{get,set,remove}xattr()
reiserfs: Unlock superblock before calling reiserfs_quota_on_mount()
ASoC: Intel: Atom: add a missing star in a memcpy call
brcmfmac: fix memory leak in brcmf_fill_bss_param
i40e: avoid NULL pointer dereference and recursive errors on early PCI error
fuse: fix killing s[ug]id in setattr
fuse: invalidate dir dentry after chmod
fuse: listxattr: verify xattr list
drivers: base: dma-mapping: page align the size when unmap_kernel_range
btrfs: assign error values to the correct bio structs
serial: 8250_dw: Check the data->pclk when get apb_pclk
arm64: Use PoU cache instr for I/D coherency
arm64: mm: add code to safely replace TTBR1_EL1
arm64: mm: place __cpu_setup in .text
arm64: add function to install the idmap
arm64: unmap idmap earlier
arm64: unify idmap removal
arm64: mm: place empty_zero_page in bss
arm64: head.S: use memset to clear BSS
arm64: mm: specialise pagetable allocators
arm64: mm: remove pointless PAGE_MASKing
asm-generic: Fix local variable shadow in __set_fixmap_offset
arm64: mm: fold alternatives into .init
ARM: 8511/1: ARM64: kernel: PSCI: move PSCI idle management code to drivers/firmware
ARM: 8481/2: drivers: psci: replace psci firmware calls
ARM: 8480/2: arm64: add implementation for arm-smccc
ARM: 8479/2: add implementation for arm-smccc
ARM: 8478/2: arm/arm64: add arm-smccc
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
ARM: 8458/1: bL_switcher: add GIC dependency
Linux 4.4.26
mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
x86/build: Build compressed x86 kernels as PIE
arm64: Remove stack duplicating code from jprobes
arm64: kprobes: Add KASAN instrumentation around stack accesses
arm64: kprobes: Cleanup jprobe_return
arm64: kprobes: Fix overflow when saving stack
arm64: kprobes: WARN if attempting to step with PSTATE.D=1
kprobes: Add arm64 case in kprobe example module
arm64: Add kernel return probes support (kretprobes)
arm64: Add trampoline code for kretprobes
arm64: kprobes instruction simulation support
arm64: Treat all entry code as non-kprobe-able
arm64: Blacklist non-kprobe-able symbol
arm64: Kprobes with single stepping support
arm64: add conditional instruction simulation support
arm64: Add more test functions to insn.c
arm64: Add HAVE_REGS_AND_STACK_ACCESS_API feature
Linux 4.4.25
tpm_crb: fix crb_req_canceled behavior
tpm: fix a race condition in tpm2_unseal_trusted()
ima: use file_dentry()
ARM: cpuidle: Fix error return code
ARM: dts: MSM8064 remove flags from SPMI/MPP IRQs
ARM: dts: mvebu: armada-390: add missing compatibility string and bracket
x86/dumpstack: Fix x86_32 kernel_stack_pointer() previous stack access
x86/irq: Prevent force migration of irqs which are not in the vector domain
x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation
KVM: PPC: BookE: Fix a sanity check
KVM: MIPS: Drop other CPU ASIDs on guest MMU changes
KVM: PPC: Book3s PR: Allow access to unprivileged MMCR2 register
mfd: wm8350-i2c: Make sure the i2c regmap functions are compiled
mfd: 88pm80x: Double shifting bug in suspend/resume
mfd: atmel-hlcdc: Do not sleep in atomic context
mfd: rtsx_usb: Avoid setting ucr->current_sg.status
ALSA: usb-line6: use the same declaration as definition in header for MIDI manufacturer ID
ALSA: usb-audio: Extend DragonFly dB scale quirk to cover other variants
ALSA: ali5451: Fix out-of-bound position reporting
timekeeping: Fix __ktime_get_fast_ns() regression
time: Add cycles to nanoseconds translation
mm: Fix build for hardened usercopy
ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct
ANDROID: binder: Add strong ref checks
UPSTREAM: staging/android/ion : fix a race condition in the ion driver
ANDROID: android-base: CONFIG_HARDENED_USERCOPY=y
UPSTREAM: fs/proc/kcore.c: Add bounce buffer for ktext data
UPSTREAM: fs/proc/kcore.c: Make bounce buffer global for read
BACKPORT: arm64: Correctly bounds check virt_addr_valid
Fix a build breakage in IO latency hist code.
UPSTREAM: efi: include asm/early_ioremap.h not asm/efi.h to get early_memremap
UPSTREAM: ia64: split off early_ioremap() declarations into asm/early_ioremap.h
FROMLIST: arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN
FROMLIST: arm64: xen: Enable user access before a privcmd hvc call
FROMLIST: arm64: Handle faults caused by inadvertent user access with PAN enabled
FROMLIST: arm64: Disable TTBR0_EL1 during normal kernel execution
FROMLIST: arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1
FROMLIST: arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro
FROMLIST: arm64: Factor out PAN enabling/disabling into separate uaccess_* macros
UPSTREAM: arm64: Handle el1 synchronous instruction aborts cleanly
UPSTREAM: arm64: include alternative handling in dcache_by_line_op
UPSTREAM: arm64: fix "dc cvau" cache operation on errata-affected core
UPSTREAM: Revert "arm64: alternatives: add enable parameter to conditional asm macros"
UPSTREAM: arm64: Add new asm macro copy_page
UPSTREAM: arm64: kill ESR_LNX_EXEC
UPSTREAM: arm64: add macro to extract ESR_ELx.EC
UPSTREAM: arm64: mm: mark fault_info table const
UPSTREAM: arm64: fix dump_instr when PAN and UAO are in use
BACKPORT: arm64: Fold proc-macros.S into assembler.h
UPSTREAM: arm64: choose memstart_addr based on minimum sparsemem section alignment
UPSTREAM: arm64/mm: ensure memstart_addr remains sufficiently aligned
UPSTREAM: arm64/kernel: fix incorrect EL0 check in inv_entry macro
UPSTREAM: arm64: Add macros to read/write system registers
UPSTREAM: arm64/efi: refactor EFI init and runtime code for reuse by 32-bit ARM
UPSTREAM: arm64/efi: split off EFI init and runtime code for reuse by 32-bit ARM
UPSTREAM: arm64/efi: mark UEFI reserved regions as MEMBLOCK_NOMAP
BACKPORT: arm64: only consider memblocks with NOMAP cleared for linear mapping
UPSTREAM: mm/memblock: add MEMBLOCK_NOMAP attribute to memblock memory table
ANDROID: dm: android-verity: Remove fec_header location constraint
BACKPORT: audit: consistently record PIDs with task_tgid_nr()
android-base.cfg: Enable kernel ASLR
UPSTREAM: vmlinux.lds.h: allow arch specific handling of ro_after_init data section
UPSTREAM: arm64: spinlock: fix spin_unlock_wait for LSE atomics
UPSTREAM: arm64: avoid TLB conflict with CONFIG_RANDOMIZE_BASE
UPSTREAM: arm64: Only select ARM64_MODULE_PLTS if MODULES=y
sched: Add Kconfig option DEFAULT_USE_ENERGY_AWARE to set ENERGY_AWARE feature flag
sched/fair: remove printk while schedule is in progress
ANDROID: fs: FS tracepoints to track IO.
sched/walt: Drop arch-specific timer access
ANDROID: fiq_debugger: Pass task parameter to unwind_frame()
eas/sched/fair: Fixing comments in find_best_target.
input: keyreset: switch to orderly_reboot
UPSTREAM: tun: fix transmit timestamp support
UPSTREAM: arch/arm/include/asm/pgtable-3level.h: add pmd_mkclean for THP
net: inet: diag: expose the socket mark to privileged processes.
net: diag: make udp_diag_destroy work for mapped addresses.
net: diag: support SOCK_DESTROY for UDP sockets
net: diag: allow socket bytecode filters to match socket marks
net: diag: slightly refactor the inet_diag_bc_audit error checks.
net: diag: Add support to filter on device index
UPSTREAM: brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
Linux 4.4.24
ALSA: hda - Add the top speaker pin config for HP Spectre x360
ALSA: hda - Fix headset mic detection problem for several Dell laptops
ACPICA: acpi_get_sleep_type_data: Reduce warnings
ALSA: hda - Adding one more ALC255 pin definition for headset problem
Revert "usbtmc: convert to devm_kzalloc"
USB: serial: cp210x: Add ID for a Juniper console
Staging: fbtft: Fix bug in fbtft-core
usb: misc: legousbtower: Fix NULL pointer deference
USB: serial: cp210x: fix hardware flow-control disable
dm log writes: fix bug with too large bios
clk: xgene: Add missing parenthesis when clearing divider value
aio: mark AIO pseudo-fs noexec
batman-adv: remove unused callback from batadv_algo_ops struct
IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV
IB/mlx4: Fix code indentation in QP1 MAD flow
IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
IB/ipoib: Don't allow MC joins during light MC flush
IB/core: Fix use after free in send_leave function
IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
KVM: nVMX: postpone VMCS changes on MSR_IA32_APICBASE write
dmaengine: at_xdmac: fix to pass correct device identity to free_irq()
kernel/fork: fix CLONE_CHILD_CLEARTID regression in nscd
ASoC: omap-mcpdm: Fix irq resource handling
sysctl: handle error writing UINT_MAX to u32 fields
powerpc/prom: Fix sub-processor option passed to ibm, client-architecture-support
brcmsmac: Initialize power in brcms_c_stf_ss_algo_channel_get()
brcmsmac: Free packet if dma_mapping_error() fails in dma_rxfill
brcmfmac: Fix glob_skb leak in brcmf_sdiod_recv_chain
ASoC: Intel: Skylake: Fix error return code in skl_probe()
pNFS/flexfiles: Fix layoutcommit after a commit to DS
pNFS/files: Fix layoutcommit after a commit to DS
NFS: Don't drop CB requests with invalid principals
svc: Avoid garbage replies when pc_func() returns rpc_drop_reply
dmaengine: at_xdmac: fix debug string
fnic: pci_dma_mapping_error() doesn't return an error code
avr32: off by one in at32_init_pio()
ath9k: Fix programming of minCCA power threshold
gspca: avoid unused variable warnings
em28xx-i2c: rt_mutex_trylock() returns zero on failure
NFC: fdp: Detect errors from fdp_nci_create_conn()
iwlmvm: mvm: set correct state in smart-fifo configuration
tile: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
pstore: drop file opened reference count
blk-mq: actually hook up defer list when running requests
hwrng: omap - Fix assumption that runtime_get_sync will always succeed
ARM: sa1111: fix pcmcia suspend/resume
ARM: shmobile: fix regulator quirk for Gen2
ARM: sa1100: clear reset status prior to reboot
ARM: sa1100: fix 3.6864MHz clock
ARM: sa1100: register clocks early
ARM: sun5i: Fix typo in trip point temperature
regulator: qcom_smd: Fix voltage ranges for pm8x41
regulator: qcom_spmi: Update mvs1/mvs2 switches on pm8941
regulator: qcom_spmi: Add support for get_mode/set_mode on switches
regulator: qcom_spmi: Add support for S4 supply on pm8941
tpm: fix byte-order for the value read by tpm2_get_tpm_pt
printk: fix parsing of "brl=" option
MIPS: uprobes: fix use of uninitialised variable
MIPS: Malta: Fix IOCU disable switch read for MIPS64
MIPS: fix uretprobe implementation
MIPS: uprobes: remove incorrect set_orig_insn
arm64: debug: avoid resetting stepping state machine when TIF_SINGLESTEP
ARM: 8618/1: decompressor: reset ttbcr fields to use TTBR0 on ARMv7
irqchip/gicv3: Silence noisy DEBUG_PER_CPU_MAPS warning
gpio: sa1100: fix irq probing for ucb1x00
usb: gadget: fsl_qe_udc: signedness bug in qe_get_frame()
ceph: fix race during filling readdir cache
iwlwifi: mvm: don't use ret when not initialised
iwlwifi: pcie: fix access to scratch buffer
spi: sh-msiof: Avoid invalid clock generator parameters
hwmon: (adt7411) set bit 3 in CFG1 register
nvmem: Declare nvmem_cell_read() consistently
ipvs: fix bind to link-local mcast IPv6 address in backup
tools/vm/slabinfo: fix an unintentional printf
mmc: pxamci: fix potential oops
drivers/perf: arm_pmu: Fix leak in error path
pinctrl: Flag strict is a field in struct pinmux_ops
pinctrl: uniphier: fix .pin_dbg_show() callback
i40e: avoid null pointer dereference
perf/core: Fix pmu::filter_match for SW-led groups
iwlwifi: mvm: fix a few firmware capability checks
usb: musb: fix DMA for host mode
usb: musb: Fix DMA desired mode for Mentor DMA engine
ARM: 8617/1: dma: fix dma_max_pfn()
ARM: 8616/1: dt: Respect property size when parsing CPUs
drm/radeon/si/dpm: add workaround for for Jet parts
drm/nouveau/fifo/nv04: avoid ramht race against cookie insertion
x86/boot: Initialize FPU and X86_FEATURE_ALWAYS even if we don't have CPUID
x86/init: Fix cr4_init_shadow() on CR4-less machines
can: dev: fix deadlock reported after bus-off
mm,ksm: fix endless looping in allocating memory when ksm enable
mtd: nand: davinci: Reinitialize the HW ECC engine in 4bit hwctl
cpuset: handle race between CPU hotplug and cpuset_hotplug_work
usercopy: fold builtin_const check into inline function
Linux 4.4.23
hostfs: Freeing an ERR_PTR in hostfs_fill_sb_common()
qxl: check for kmap failures
power: supply: max17042_battery: fix model download bug.
power_supply: tps65217-charger: fix missing platform_set_drvdata()
PM / hibernate: Fix rtree_next_node() to avoid walking off list ends
PM / hibernate: Restore processor state before using per-CPU variables
MIPS: paravirt: Fix undefined reference to smp_bootstrap
MIPS: Add a missing ".set pop" in an early commit
MIPS: Avoid a BUG warning during prctl(PR_SET_FP_MODE, ...)
MIPS: Remove compact branch policy Kconfig entries
MIPS: vDSO: Fix Malta EVA mapping to vDSO page structs
MIPS: SMP: Fix possibility of deadlock when bringing CPUs online
MIPS: Fix pre-r6 emulation FPU initialisation
i2c: qup: skip qup_i2c_suspend if the device is already runtime suspended
i2c-eg20t: fix race between i2c init and interrupt enable
btrfs: ensure that file descriptor used with subvol ioctls is a dir
nl80211: validate number of probe response CSA counters
can: flexcan: fix resume function
mm: delete unnecessary and unsafe init_tlb_ubc()
tracing: Move mutex to protect against resetting of seq data
fix memory leaks in tracing_buffers_splice_read()
power: reset: hisi-reboot: Unmap region obtained by of_iomap
mtd: pmcmsp-flash: Allocating too much in init_msp_flash()
mtd: maps: sa1100-flash: potential NULL dereference
fix fault_in_multipages_...() on architectures with no-op access_ok()
fanotify: fix list corruption in fanotify_get_response()
fsnotify: add a way to stop queueing events on group shutdown
xfs: prevent dropping ioend completions during buftarg wait
autofs: use dentry flags to block walks during expire
autofs races
pwm: Mark all devices as "might sleep"
bridge: re-introduce 'fix parsing of MLDv2 reports'
net: smc91x: fix SMC accesses
Revert "phy: IRQ cannot be shared"
net: dsa: bcm_sf2: Fix race condition while unmasking interrupts
net/mlx5: Added missing check of msg length in verifying its signature
tipc: fix NULL pointer dereference in shutdown()
net/irda: handle iriap_register_lsap() allocation failure
vti: flush x-netns xfrm cache when vti interface is removed
af_unix: split 'u->readlock' into two: 'iolock' and 'bindlock'
Revert "af_unix: Fix splice-bind deadlock"
bonding: Fix bonding crash
megaraid: fix null pointer check in megasas_detach_one().
nouveau: fix nv40_perfctr_next() cleanup regression
Staging: iio: adc: fix indent on break statement
iwlegacy: avoid warning about missing braces
ath9k: fix misleading indentation
am437x-vfpe: fix typo in vpfe_get_app_input_index
Add braces to avoid "ambiguous ‘else’" compiler warnings
net: caif: fix misleading indentation
Makefile: Mute warning for __builtin_return_address(>0) for tracing only
Disable "frame-address" warning
Disable "maybe-uninitialized" warning globally
gcov: disable -Wmaybe-uninitialized warning
Kbuild: disable 'maybe-uninitialized' warning for CONFIG_PROFILE_ALL_BRANCHES
kbuild: forbid kernel directory to contain spaces and colons
tools: Support relative directory path for 'O='
Makefile: revert "Makefile: Document ability to make file.lst and file.S" partially
kbuild: Do not run modules_install and install in paralel
ocfs2: fix start offset to ocfs2_zero_range_for_truncate()
ocfs2/dlm: fix race between convert and migration
crypto: echainiv - Replace chaining with multiplication
crypto: skcipher - Fix blkcipher walk OOM crash
crypto: arm/aes-ctr - fix NULL dereference in tail processing
crypto: arm64/aes-ctr - fix NULL dereference in tail processing
tcp: properly scale window in tcp_v[46]_reqsk_send_ack()
tcp: fix use after free in tcp_xmit_retransmit_queue()
tcp: cwnd does not increase in TCP YeAH
ipv6: release dst in ping_v6_sendmsg
ipv4: panic in leaf_walk_rcu due to stale node pointer
reiserfs: fix "new_insert_key may be used uninitialized ..."
Fix build warning in kernel/cpuset.c
include/linux/kernel.h: change abs() macro so it uses consistent return type
Linux 4.4.22
openrisc: fix the fix of copy_from_user()
avr32: fix 'undefined reference to `___copy_from_user'
ia64: copy_from_user() should zero the destination on access_ok() failure
genirq/msi: Fix broken debug output
ppc32: fix copy_from_user()
sparc32: fix copy_from_user()
mn10300: copy_from_user() should zero on access_ok() failure...
nios2: copy_from_user() should zero the tail of destination
openrisc: fix copy_from_user()
parisc: fix copy_from_user()
metag: copy_from_user() should zero the destination on access_ok() failure
alpha: fix copy_from_user()
asm-generic: make copy_from_user() zero the destination properly
mips: copy_from_user() must zero the destination on access_ok() failure
hexagon: fix strncpy_from_user() error return
sh: fix copy_from_user()
score: fix copy_from_user() and friends
blackfin: fix copy_from_user()
cris: buggered copy_from_user/copy_to_user/clear_user
frv: fix clear_user()
asm-generic: make get_user() clear the destination on errors
ARC: uaccess: get_user to zero out dest in cause of fault
s390: get_user() should zero on failure
score: fix __get_user/get_user
nios2: fix __get_user()
sh64: failing __get_user() should zero
m32r: fix __get_user()
mn10300: failing __get_user() and get_user() should zero
fix minor infoleak in get_user_ex()
microblaze: fix copy_from_user()
avr32: fix copy_from_user()
microblaze: fix __get_user()
fix iov_iter_fault_in_readable()
irqchip/atmel-aic: Fix potential deadlock in ->xlate()
genirq: Provide irq_gc_{lock_irqsave,unlock_irqrestore}() helpers
drm: Only use compat ioctl for addfb2 on X86/IA64
drm: atmel-hlcdc: Fix vertical scaling
net: simplify napi_synchronize() to avoid warnings
kconfig: tinyconfig: provide whole choice blocks to avoid warnings
soc: qcom/spm: shut up uninitialized variable warning
pinctrl: at91-pio4: use %pr format string for resource
mmc: dw_mmc: use resource_size_t to store physical address
drm/i915: Avoid pointer arithmetic in calculating plane surface offset
mpssd: fix buffer overflow warning
gma500: remove annoying deprecation warning
ipv6: addrconf: fix dev refcont leak when DAD failed
sched/core: Fix a race between try_to_wake_up() and a woken up task
Revert "wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel"
ath9k: fix using sta->drv_priv before initializing it
md-cluster: make md-cluster also can work when compiled into kernel
xhci: fix null pointer dereference in stop command timeout function
fuse: direct-io: don't dirty ITER_BVEC pages
Btrfs: remove root_log_ctx from ctx list before btrfs_sync_log returns
crypto: cryptd - initialize child shash_desc on import
arm64: spinlocks: implement smp_mb__before_spinlock() as smp_mb()
pinctrl: sunxi: fix uart1 CTS/RTS pins at PG on A23/A33
pinctrl: pistachio: fix mfio pll_lock pinmux
dm crypt: fix error with too large bios
dm log writes: move IO accounting earlier to fix error path
dm log writes: fix check of kthread_run() return value
bus: arm-ccn: Fix XP watchpoint settings bitmask
bus: arm-ccn: Do not attempt to configure XPs for cycle counter
bus: arm-ccn: Fix PMU handling of MN
ARM: dts: STiH407-family: Provide interconnect clock for consumption in ST SDHCI
ARM: dts: overo: fix gpmc nand on boards with ethernet
ARM: dts: overo: fix gpmc nand cs0 range
ARM: dts: imx6qdl: Fix SPDIF regression
ARM: OMAP3: hwmod data: Add sysc information for DSI
ARM: kirkwood: ib62x0: fix size of u-boot environment partition
ARM: imx6: add missing BM_CLPCR_BYPASS_PMIC_READY setting for imx6sx
ARM: imx6: add missing BM_CLPCR_BYP_MMDC_CH0_LPM_HS setting for imx6ul
ARM: AM43XX: hwmod: Fix RSTST register offset for pruss
cpuset: make sure new tasks conform to the current config of the cpuset
net: thunderx: Fix OOPs with ethtool --register-dump
USB: change bInterval default to 10 ms
ARM: dts: STiH410: Handle interconnect clock required by EHCI/OHCI (USB)
usb: chipidea: udc: fix NULL ptr dereference in isr_setup_status_phase
usb: renesas_usbhs: fix clearing the {BRDY,BEMP}STS condition
USB: serial: simple: add support for another Infineon flashloader
serial: 8250: added acces i/o products quad and octal serial cards
serial: 8250_mid: fix divide error bug if baud rate is 0
iio: ensure ret is initialized to zero before entering do loop
iio:core: fix IIO_VAL_FRACTIONAL sign handling
iio: accel: kxsd9: Fix scaling bug
iio: fix pressure data output unit in hid-sensor-attributes
iio: accel: bmc150: reset chip at init time
iio: adc: at91: unbreak channel adc channel 3
iio: ad799x: Fix buffered capture for ad7991/ad7995/ad7999
iio: adc: ti_am335x_adc: Increase timeout value waiting for ADC sample
iio: adc: ti_am335x_adc: Protect FIFO1 from concurrent access
iio: adc: rockchip_saradc: reset saradc controller before programming it
iio: proximity: as3935: set up buffer timestamps for non-zero values
iio: accel: kxsd9: Fix raw read return
kvm-arm: Unmap shadow pagetables properly
x86/AMD: Apply erratum 665 on machines without a BIOS fix
x86/paravirt: Do not trace _paravirt_ident_*() functions
ARC: mm: fix build breakage with STRICT_MM_TYPECHECKS
IB/uverbs: Fix race between uverbs_close and remove_one
dm flakey: fix reads to be issued if drop_writes configured
audit: fix exe_file access in audit_exe_compare
mm: introduce get_task_exe_file
kexec: fix double-free when failing to relocate the purgatory
NFSv4.1: Fix the CREATE_SESSION slot number accounting
pNFS: Ensure LAYOUTGET and LAYOUTRETURN are properly serialised
nfsd: Close race between nfsd4_release_lockowner and nfsd4_lock
NFSv4.x: Fix a refcount leak in nfs_callback_up_net
pNFS: The client must not do I/O to the DS if it's lease has expired
kernfs: don't depend on d_find_any_alias() when generating notifications
powerpc/mm: Don't alias user region to other regions below PAGE_OFFSET
powerpc/powernv : Drop reference added by kset_find_obj()
powerpc/tm: do not use r13 for tabort_syscall
tipc: move linearization of buffers to generic code
lightnvm: put bio before return
fscrypto: require write access to mount to set encryption policy
Revert "KVM: x86: fix missed hardware breakpoints"
MIPS: KVM: Check for pfn noslot case
clocksource/drivers/sun4i: Clear interrupts after stopping timer in probe function
fscrypto: add authorization check for setting encryption policy
ext4: use __GFP_NOFAIL in ext4_free_blocks()
Conflicts:
arch/arm/kernel/devtree.c
arch/arm64/Kconfig
arch/arm64/kernel/arm64ksyms.c
arch/arm64/kernel/psci.c
arch/arm64/mm/fault.c
drivers/android/binder.c
drivers/usb/host/xhci-hub.c
fs/ext4/readpage.c
include/linux/mmc/core.h
include/linux/mmzone.h
mm/memcontrol.c
net/core/filter.c
net/netlink/af_netlink.c
net/netlink/af_netlink.h
Change-Id: I99fe7a0914e83e284b11b33185b71448a8999d1f
Signed-off-by: Runmin Wang <runminw@codeaurora.org>
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Maxime Jayat
|
49ed630750 |
net: socket: fix recvmmsg not returning error from sock_error
[ Upstream commit e623a9e9dec29ae811d11f83d0074ba254aba374 ]
Commit 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path"),
changed the exit path of recvmmsg to always return the datagrams
variable and modified the error paths to set the variable to the error
code returned by recvmsg if necessary.
However in the case sock_error returned an error, the error code was
then ignored, and recvmmsg returned 0.
Change the error path of recvmmsg to correctly return the error code
of sock_error.
The bug was triggered by using recvmmsg on a CAN interface which was
not up. Linux 4.6 and later return 0 in this case while earlier
releases returned -ENETDOWN.
Fixes: 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path")
Signed-off-by: Maxime Jayat <maxime.jayat@mobile-devices.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Al Viro
|
e26164ecb1 |
net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom
Change-Id: I4bbd1bd2b661bc21aa0fdcc436b09b3bd23803be
Cc: stable@vger.kernel.org # v3.19
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Git-commit:
|
||
|
Eric Biggers
|
ab53926305 |
net: socket: don't set sk_uid to garbage value in ->setattr()
->setattr() was recently implemented for socket files to sync the socket
inode's uid to the new 'sk_uid' member of struct sock. It does this by
copying over the ia_uid member of struct iattr. However, ia_uid is
actually only valid when ATTR_UID is set in ia_valid, indicating that
the uid is being changed, e.g. by chown. Other metadata operations such
as chmod or utimes leave ia_uid uninitialized. Therefore, sk_uid could
be set to a "garbage" value from the stack.
Fix this by only copying the uid over when ATTR_UID is set.
[cherry-pick of net e1a3a60a2ebe991605acb14cd58e39c0545e174e]
Bug: 16355602
Change-Id: I20e53848e54282b72a388ce12bfa88da5e3e9efe
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Tested-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|
Dmitry Shmidt
|
cf0533acda | Merge remote-tracking branch 'common/android-4.4' into android-4.4.y | ||
|
Eric Biggers
|
d5ed6f6f5f |
net: socket: don't set sk_uid to garbage value in ->setattr()
->setattr() was recently implemented for socket files to sync the socket
inode's uid to the new 'sk_uid' member of struct sock. It does this by
copying over the ia_uid member of struct iattr. However, ia_uid is
actually only valid when ATTR_UID is set in ia_valid, indicating that
the uid is being changed, e.g. by chown. Other metadata operations such
as chmod or utimes leave ia_uid uninitialized. Therefore, sk_uid could
be set to a "garbage" value from the stack.
Fix this by only copying the uid over when ATTR_UID is set.
[cherry-pick of net e1a3a60a2ebe991605acb14cd58e39c0545e174e]
Bug: 16355602
Change-Id: I20e53848e54282b72a388ce12bfa88da5e3e9efe
Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Tested-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|
Dmitry Shmidt
|
aceae9be74 |
Merge remote-tracking branch 'common/android-4.4' into android-4.4.y
Change-Id: I44dc2744898ca59ad15cd77b49ad84da0220250a |
||
|
Lorenzo Colitti
|
04ac0fa0d1 |
net: core: Add a UID field to struct sock.
Protocol sockets (struct sock) don't have UIDs, but most of the
time, they map 1:1 to userspace sockets (struct socket) which do.
Various operations such as the iptables xt_owner match need
access to the "UID of a socket", and do so by following the
backpointer to the struct socket. This involves taking
sk_callback_lock and doesn't work when there is no socket
because userspace has already called close().
Simplify this by adding a sk_uid field to struct sock whose value
matches the UID of the corresponding struct socket. The semantics
are as follows:
1. Whenever sk_socket is non-null: sk_uid is the same as the UID
in sk_socket, i.e., matches the return value of sock_i_uid.
Specifically, the UID is set when userspace calls socket(),
fchown(), or accept().
2. When sk_socket is NULL, sk_uid is defined as follows:
- For a socket that no longer has a sk_socket because
userspace has called close(): the previous UID.
- For a cloned socket (e.g., an incoming connection that is
established but on which userspace has not yet called
accept): the UID of the socket it was cloned from.
- For a socket that has never had an sk_socket: UID 0 inside
the user namespace corresponding to the network namespace
the socket belongs to.
Kernel sockets created by sock_create_kern are a special case
of #1 and sk_uid is the user that created them. For kernel
sockets created at network namespace creation time, such as the
per-processor ICMP and TCP sockets, this is the user that created
the network namespace.
Bug: 16355602
Change-Id: Idbc3e9a0cec91c4c6e01916b967b6237645ebe59
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|
Lorenzo Colitti
|
eb964bdba7 |
net: core: Add a UID field to struct sock.
Protocol sockets (struct sock) don't have UIDs, but most of the
time, they map 1:1 to userspace sockets (struct socket) which do.
Various operations such as the iptables xt_owner match need
access to the "UID of a socket", and do so by following the
backpointer to the struct socket. This involves taking
sk_callback_lock and doesn't work when there is no socket
because userspace has already called close().
Simplify this by adding a sk_uid field to struct sock whose value
matches the UID of the corresponding struct socket. The semantics
are as follows:
1. Whenever sk_socket is non-null: sk_uid is the same as the UID
in sk_socket, i.e., matches the return value of sock_i_uid.
Specifically, the UID is set when userspace calls socket(),
fchown(), or accept().
2. When sk_socket is NULL, sk_uid is defined as follows:
- For a socket that no longer has a sk_socket because
userspace has called close(): the previous UID.
- For a cloned socket (e.g., an incoming connection that is
established but on which userspace has not yet called
accept): the UID of the socket it was cloned from.
- For a socket that has never had an sk_socket: UID 0 inside
the user namespace corresponding to the network namespace
the socket belongs to.
Kernel sockets created by sock_create_kern are a special case
of #1 and sk_uid is the user that created them. For kernel
sockets created at network namespace creation time, such as the
per-processor ICMP and TCP sockets, this is the user that created
the network namespace.
Bug: 16355602
Change-Id: Idbc3e9a0cec91c4c6e01916b967b6237645ebe59
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|
Soheil Hassas Yeganeh
|
b67ed647d1 |
sock: fix sendmmsg for partial sendmsg
[ Upstream commit 3023898b7d4aac65987bd2f485cc22390aae6f78 ]
Do not send the next message in sendmmsg for partial sendmsg
invocations.
sendmmsg assumes that it can continue sending the next message
when the return value of the individual sendmsg invocations
is positive. It results in corrupting the data for TCP,
SCTP, and UNIX streams.
For example, sendmmsg([["abcd"], ["efgh"]]) can result in a stream
of "aefgh" if the first sendmsg invocation sends only the first
byte while the second sendmsg goes through.
Datagram sockets either send the entire datagram or fail, so
this patch affects only sockets of type SOCK_STREAM and
SOCK_SEQPACKET.
Fixes:
|
||
|
Arnaldo Carvalho de Melo
|
ee247d4205 |
UPSTREAM: net: Fix use after free in the recvmmsg exit path
(cherry picked from commit 34b88a68f26a75e4fded796f1a49c40f82234b7d)
The syzkaller fuzzer hit the following use-after-free:
Call Trace:
[<ffffffff8175ea0e>] __asan_report_load8_noabort+0x3e/0x40 mm/kasan/report.c:295
[<ffffffff851cc31a>] __sys_recvmmsg+0x6fa/0x7f0 net/socket.c:2261
[< inline >] SYSC_recvmmsg net/socket.c:2281
[<ffffffff851cc57f>] SyS_recvmmsg+0x16f/0x180 net/socket.c:2270
[<ffffffff86332bb6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
And, as Dmitry rightly assessed, that is because we can drop the
reference and then touch it when the underlying recvmsg calls return
some packets and then hit an error, which will make recvmmsg to set
sock->sk->sk_err, oops, fix it.
Reported-and-Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Fixes:
|
||
|
Trilok Soni
|
f145f41478 |
Merge remote-tracking branch 'msm-4.4/tmp-2bf7955' into msm-4.4
* msm-4.4/tmp-2bf7955:
Linux 4.4.8
Revert "usb: hub: do not clear BOS field during reset device"
usbvision: fix crash on detecting device with invalid configuration
staging: android: ion: Set the length of the DMA sg entries in buffer
Revert "PCI, x86: Implement pcibios_alloc_irq() and pcibios_free_irq()"
Revert "PCI: Add helpers to manage pci_dev->irq and pci_dev->irq_managed"
Revert "x86/PCI: Don't alloc pcibios-irq when MSI is enabled"
HID: usbhid: fix inconsistent reset/resume/reset-resume behavior
HID: wacom: fix Bamboo ONE oops
ALSA: usb-audio: Skip volume controls triggers hangup on Dell USB Dock
ALSA: usb-audio: Add a quirk for Plantronics BT300
ALSA: usb-audio: Add a sample rate quirk for Phoenix Audio TMX320
ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T460s
ALSA: hda - fix front mic problem for a HP desktop
ALSA: hda - Fix headset support and noise on HP EliteBook 755 G2
ALSA: hda - Fixup speaker pass-through control for nid 0x14 on ALC225
mmc: sdhci-pci: Add support and PCI IDs for more Broxton host controllers
perf: Cure event->pending_disable race
perf: Do not double free
arm64: replace read_lock to rcu lock in call_step_hook
Btrfs: fix file/data loss caused by fsync after rename and new inode
iommu: Don't overwrite domain pointer when there is no default_domain
ext4: ignore quota mount options if the quota feature is enabled
ext4: add lockdep annotations for i_data_sem
btrfs: fix crash/invalid memory access on fsync when using overlayfs
nfs: use file_dentry()
fs: add file_dentry()
sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes
iio: gyro: bmg160: fix endianness when reading axes
iio: gyro: bmg160: fix buffer read values
iio: accel: bmc150: fix endianness when reading axes
iio: st_magn: always define ST_MAGN_TRIGGER_SET_STATE
usb: renesas_usbhs: fix to avoid using a disabled ep in usbhsg_queue_done()
usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer
usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler()
mac80211: fix txq queue related crashes
mac80211: fix unnecessary frame drops in mesh fwding
mac80211: fix ibss scan parameters
mac80211: avoid excessive stack usage in sta_info
mac80211: properly deal with station hashtable insert errors
virtio: virtio 1.0 cs04 spec compliance for reset
rbd: use GFP_NOIO consistently for request allocations
pcmcia: db1xxx_ss: fix last irq_to_gpio user
v4l: vsp1: Set the SRU CTRL0 register when starting the stream
coda: fix error path in case of missing pdata on non-DT platform
au0828: Fix dev_state handling
au0828: fix au0828_v4l2_close() dev_state race condition
pinctrl: freescale: imx: fix bogus check of of_iomap() return value
pinctrl: nomadik: fix pull debug print inversion
pinctrl: sunxi: Fix A33 external interrupts not working
pinctrl: sh-pfc: only use dummy states for non-DT platforms
pinctrl: pistachio: fix mfio84-89 function description and pinmux.
MIPS: Fix MSA ld unaligned failure cases
KVM: x86: reduce default value of halt_poll_ns parameter
KVM: x86: Inject pending interrupt even if pending nmi exist
cdc-acm: fix NULL pointer reference
USB: uas: Add a new NO_REPORT_LUNS quirk
USB: uas: Limit qdepth at the scsi-host level
mpls: find_outdev: check for err ptr in addition to NULL check
ipv6: Count in extension headers in skb->network_header
ip6_tunnel: set rtnl_link_ops before calling register_netdevice
ipv6: l2tp: fix a potential issue in l2tp_ip6_recv
ipv4: l2tp: fix a potential issue in l2tp_ip_recv
tuntap: restore default qdisc
tun, bpf: fix suspicious RCU usage in tun_{attach, detach}_filter
rtnl: fix msg size calculation in if_nlmsg_size()
bridge: Allow set bridge ageing time when switchdev disabled
ipv6: udp: fix UDP_MIB_IGNOREDMULTI updates
qmi_wwan: add "D-Link DWM-221 B1" device id
xfrm: Fix crash observed during device unregistration and decryption
ppp: take reference on channels netns
ipv4: initialize flowi4_flags before calling fib_lookup()
ipv4: fix broadcast packets reception
bonding: fix bond_get_stats()
net: bcmgenet: fix dma api length mismatch
qlge: Fix receive packets drop.
tcp/dccp: remove obsolete WARN_ON() in icmp handlers
ppp: ensure file->private_data can't be overridden
ath9k: fix buffer overrun for ar9287
farsync: fix off-by-one bug in fst_add_one
mlx4: add missing braces in verify_qp_parameters
net: Fix use after free in the recvmmsg exit path
ipv4: Don't do expensive useless work during inetdev destroy.
bridge: allow zero ageing time
rocker: set FDB cleanup timer according to lowest ageing time
mlxsw: spectrum: Check requested ageing time is valid
macvtap: always pass ethernet header in linear
qlcnic: Fix mailbox completion handling during spurious interrupt
qlcnic: Remove unnecessary usage of atomic_t
sh_eth: advance 'rxdesc' later in sh_eth_ring_format()
sh_eth: fix NULL pointer dereference in sh_eth_ring_format()
bpf: avoid copying junk bytes in bpf_get_current_comm()
packet: validate variable length ll headers
ax25: add link layer header validation function
net: validate variable length ll headers
ppp: release rtnl mutex when interface creation fails
tcp: fix tcpi_segs_in after connection establishment
udp6: fix UDP/IPv6 encap resubmit path
usbnet: cleanup after bind() in probe()
cdc_ncm: toggle altsetting to force reset before setup
vxlan: fix missing options_len update on RX with collect metadata
ipv6: re-enable fragment header matching in ipv6_find_hdr
qmi_wwan: add Sierra Wireless EM74xx device ID
tipc: Revert "tipc: use existing sk_write_queue for outgoing packet chain"
mld, igmp: Fix reserved tailroom calculation
sctp: lack the check for ports in sctp_v6_cmp_addr
net: fix bridge multicast packet checksum validation
net: qca_spi: clear IFF_TX_SKB_SHARING
net: qca_spi: Don't clear IFF_BROADCAST
net: vrf: Remove direct access to skb->data
net: jme: fix suspend/resume on JMC260
ipv4: only create late gso-skb if skb is already set up with CHECKSUM_PARTIAL
tunnel: Clear IPCB(skb)->opt before dst_link_failure called
tcp: convert cached rtt from usec to jiffies when feeding initial rto
xen/events: Mask a moving irq
drm/amdgpu/gmc: use proper register for vram type on Fiji
drm/amdgpu/gmc: move vram type fetching into sw_init
drm/radeon: add a dpm quirk for all R7 370 parts
drm/radeon: add another R7 370 quirk
drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5
drm/udl: Use unlocked gem unreferencing
drm/dp: move hw_mutex up the call stack
arm64: opcodes.h: Add arm big-endian config options before including arm header
compiler-gcc: disable -ftracer for __noclone functions
libnvdimm, pfn: fix uuid validation
libnvdimm: fix smart data retrieval
powerpc/mm: Fixup preempt underflow with huge pages
mm: fix invalid node in alloc_migrate_target()
ALSA: hda - Apply fix for white noise on Asus N550JV, too
ALSA: hda - Fix white noise on Asus N750JV headphone
ALSA: hda - Asus N750JV external subwoofer fixup
ALSA: timer: Use mod_timer() for rearming the system timer
parisc: Unbreak handling exceptions from kernel modules
parisc: Fix kernel crash with reversed copy_from_user()
parisc: Avoid function pointers for kernel exception routines
PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument
hwmon: (max1111) Return -ENODEV from max1111_read_channel if not instantiated
Linux 4.4.7
perf/x86/intel: Fix PEBS data source interpretation on Nehalem/Westmere
perf/x86/intel: Use PAGE_SIZE for PEBS buffer size on Core2
perf/x86/intel: Fix PEBS warning by only restoring active PMU in pmi
perf/x86/pebs: Add workaround for broken OVFL status on HSW+
sched/cputime: Fix steal time accounting vs. CPU hotplug
scsi_common: do not clobber fixed sense information
PM / sleep: Clear pm_suspend_global_flags upon hibernate
intel_idle: prevent SKL-H boot failure when C8+C9+C10 enabled
mtd: onenand: fix deadlock in onenand_block_markbad
mm/page_alloc: prevent merging between isolated and other pageblocks
ocfs2/dlm: fix BUG in dlm_move_lockres_to_recovery_list
ocfs2/dlm: fix race between convert and recovery
Input: ati_remote2 - fix crashes on detecting device with invalid descriptor
Input: ims-pcu - sanity check against missing interfaces
Input: synaptics - handle spurious release of trackstick buttons, again
writeback, cgroup: fix use of the wrong bdi_writeback which mismatches the inode
writeback, cgroup: fix premature wb_put() in locked_inode_to_wb_and_lock_list()
ACPI / PM: Runtime resume devices when waking from hibernate
ARM: dts: at91: sama5d4 Xplained: don't disable hsmci regulator
ARM: dts: at91: sama5d3 Xplained: don't disable hsmci regulator
nfsd: fix deadlock secinfo+readdir compound
nfsd4: fix bad bounds checking
iser-target: Rework connection termination
iser-target: Separate flows for np listeners and connections cma events
iser-target: Add new state ISER_CONN_BOUND to isert_conn
iser-target: Fix identification of login rx descriptor type
target: Fix target_release_cmd_kref shutdown comp leak
clk: bcm2835: Fix setting of PLL divider clock rates
clk: rockchip: add hclk_cpubus to the list of rk3188 critical clocks
clk: rockchip: rk3368: fix hdmi_cec gate-register
clk: rockchip: rk3368: fix parents of video encoder/decoder
clk: rockchip: rk3368: fix cpuclk core dividers
clk: rockchip: rk3368: fix cpuclk mux bit of big cpu-cluster
mmc: sdhci: Fix override of timeout clk wrt max_busy_timeout
mmc: sdhci: fix data timeout (part 2)
mmc: sdhci: fix data timeout (part 1)
mmc: mmc_spi: Add Card Detect comments and fix CD GPIO case
mmc: block: fix ABI regression of mmc_blk_ioctl
ideapad-laptop: Add ideapad Y700 (15) to the no_hw_rfkill DMI list
MAINTAINERS: Update mailing list and web page for hwmon subsystem
kbuild/mkspec: fix grub2 installkernel issue
scripts/kconfig: allow building with make 3.80 again
scripts/coccinelle: modernize &
bitops: Do not default to __clear_bit() for __clear_bit_unlock()
tracing: Fix trace_printk() to print when not using bprintk()
tracing: Fix crash from reading trace_pipe with sendfile
tracing: Have preempt(irqs)off trace preempt disabled functions
IB/ipoib: fix for rare multicast join race condition
drm/amdgpu: include the right version of gmc header files for iceland
drm/amdgpu: disable runtime pm on PX laptops without dGPU power control
drm/radeon: Don't drop DP 2.7 Ghz link setup on some cards.
drm/radeon: disable runtime pm on PX laptops without dGPU power control
iwlwifi: mvm: Fix paging memory leak
ipr: Fix regression when loading firmware
ipr: Fix out-of-bounds null overwrite
rapidio/rionet: fix deadlock on SMP
fs/coredump: prevent fsuid=0 dumps into user-controlled directories
fuse: Add reference counting for fuse_io_priv
fuse: do not use iocb after it may have been freed
md: multipath: don't hardcopy bio in .make_request path
md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list
raid10: include bio_end_io_list in nr_queued to prevent freeze_array hang
RAID5: revert
|
||
|
Arnaldo Carvalho de Melo
|
405f10a394 |
net: Fix use after free in the recvmmsg exit path
[ Upstream commit 34b88a68f26a75e4fded796f1a49c40f82234b7d ]
The syzkaller fuzzer hit the following use-after-free:
Call Trace:
[<ffffffff8175ea0e>] __asan_report_load8_noabort+0x3e/0x40 mm/kasan/report.c:295
[<ffffffff851cc31a>] __sys_recvmmsg+0x6fa/0x7f0 net/socket.c:2261
[< inline >] SYSC_recvmmsg net/socket.c:2281
[<ffffffff851cc57f>] SyS_recvmmsg+0x16f/0x180 net/socket.c:2270
[<ffffffff86332bb6>] entry_SYSCALL_64_fastpath+0x16/0x7a
arch/x86/entry/entry_64.S:185
And, as Dmitry rightly assessed, that is because we can drop the
reference and then touch it when the underlying recvmsg calls return
some packets and then hit an error, which will make recvmmsg to set
sock->sk->sk_err, oops, fix it.
Reported-and-Tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Fixes:
|
||
|
Mona Hossain
|
e0f32de9cf |
qmp: Add support for QSSP Enhancements
update seemp_api header file update seemp_parm_id header file update seemp_core to log data with blk header set to 64B remove logging from fs proc base and net socket modules Change-Id: I583e3129d62651b155b0372e173564d5a17e3153 Signed-off-by: Mona Hossain <mhossain@codeaurora.org> |