bq1
236 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
0752673e2a |
Merge branch 'linux-4.14.y' of github.com:openela/kernel-lts into android13-4.14-msmnile
* 'linux-4.14.y' of github.com:openela/kernel-lts: (173 commits) LTS: Update to 4.14.353 net: fix __dst_negative_advice() race selftests: make order checking verbose in msg_zerocopy selftest selftests: fix OOM in msg_zerocopy selftest Revert "selftests/net: reap zerocopy completions passed up as ancillary data." Revert "selftests: fix OOM in msg_zerocopy selftest" Revert "selftests: make order checking verbose in msg_zerocopy selftest" nvme/pci: Add APST quirk for Lenovo N60z laptop exec: Fix ToCToU between perm check and set-uid/gid usage drm/i915/gem: Fix Virtual Memory mapping boundaries calculation drm/i915: Try GGTT mmapping whole object as partial netfilter: nf_tables: set element extended ACK reporting support kbuild: Fix '-S -c' in x86 stack protector scripts drm/mgag200: Set DDC timeout in milliseconds drm/bridge: analogix_dp: properly handle zero sized AUX transactions drm/bridge: analogix_dp: Properly log AUX CH errors drm/bridge: analogix_dp: Reset aux channel if an error occurred drm/bridge: analogix_dp: Check AUX_EN status when doing AUX transfer x86/mtrr: Check if fixed MTRRs exist before saving them tracing: Fix overflow in get_free_elt() ... Conflicts: fs/f2fs/inode.c fs/f2fs/namei.c Change-Id: I68c57961b18ed42f76c9a6d7463e1cf5173fcb3f |
||
|
Carlos Llamas
|
080400d003 |
binder: fix hang of unregistered readers
commit 31643d84b8c3d9c846aa0e20bc033e46c68c7e7d upstream. With the introduction of binder_available_for_proc_work_ilocked() in commit |
||
|
Michael Bestas
|
e935a8876e |
Merge branch 'linux-4.14.y' of github.com:openela/kernel-lts into android13-4.14-msmnile
* 'linux-4.14.y' of github.com:openela/kernel-lts:
LTS: Update to 4.14.350
SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
arm64: dts: rockchip: Add sound-dai-cells for RK3368
tcp: Fix data races around icsk->icsk_af_ops.
ipv6: Fix data races around sk->sk_prot.
ipv6: annotate some data-races around sk->sk_prot
pwm: stm32: Refuse too small period requests
ftruncate: pass a signed offset
batman-adv: Don't accept TT entries for out-of-spec VIDs
batman-adv: include gfp.h for GFP_* defines
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
hexagon: fix fadvise64_64 calling conventions
tty: mcf: MCF54418 has 10 UARTS
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
usb: musb: da8xx: fix a resource leak in probe()
usb: gadget: printer: SS+ support
net: usb: ax88179_178a: improve link status logs
iio: adc: ad7266: Fix variable checking bug
mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
x86: stop playing stack games in profile_pc()
i2c: ocores: set IACK bit after core is enabled
i2c: ocores: stop transfer on timeout
nvme: fixup comment for nvme RDMA Provider Type
soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
media: dvbdev: Initialize sbuf
ALSA: emux: improve patch ioctl data validation
net/iucv: Avoid explicit cpumask var allocation on stack
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
ASoC: fsl-asoc-card: set priv->pdev before using it
drm/amdgpu: fix UBSAN warning in kv_dpm.c
pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
usb: xhci: do not perform Soft Retry for some xHCI hosts
xhci: Set correct transferred length for cancelled bulk transfers
xhci: Use soft retry to recover faster from transaction errors
usb: xhci: Remove ep_trb from xhci_cleanup_halted_endpoint()
scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
scsi: mpt3sas: Gracefully handle online firmware update
scsi: mpt3sas: Add ioc_<level> logging macros
iio: dac: ad5592r: fix temperature channel scaling value
iio: dac: ad5592r: un-indent code-block for scale read
iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock
x86/amd_nb: Check for invalid SMN reads
PCI: Add PCI_ERROR_RESPONSE and related definitions
ARM: dts: samsung: smdk4412: fix keypad no-autorepeat
ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat
ARM: dts: samsung: smdkv310: fix keypad no-autorepeat
gcov: add support for GCC 14
drm/radeon: fix UBSAN warning in kv_dpm.c
ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
dmaengine: ioatdma: Fix missing kmem_cache_destroy()
regulator: core: Fix modpost error "regulator_get_regmap" undefined
net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings
virtio_net: checksum offloading handling fix
xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
netrom: Fix a memory leak in nr_heartbeat_expiry()
cipso: fix total option length computation
MIPS: Routerboard 532: Fix vendor retry check code
MIPS: Octeon: Add PCIe link status check
udf: udftime: prevent overflow in udf_disk_stamp_to_time()
udf: Simplify calls to udf_disk_stamp_to_time
udf: Sanitize nanoseconds for time stamps
usb: misc: uss720: check for incompatible versions of the Belkin F5U002
powerpc/io: Avoid clang null pointer arithmetic warnings
powerpc/pseries: Enforce hcall result buffer validity and size
scsi: qedi: Fix crash while reading debugfs attribute
batman-adv: bypass empty buckets in batadv_purge_orig_ref()
rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment
usb-storage: alauda: Check whether the media is initialized
hugetlb_encode.h: fix undefined behaviour (34 << 26)
mm/hugetlb: add mmap() encodings for 32MB and 512MB page sizes
hv_utils: drain the timesync packets on onchannelcallback
nilfs2: fix potential kernel bug due to lack of writeback flag waiting
intel_th: pci: Add Lunar Lake support
intel_th: pci: Add Meteor Lake-S support
intel_th: pci: Add Sapphire Rapids SOC support
intel_th: pci: Add Granite Rapids SOC support
intel_th: pci: Add Granite Rapids support
dmaengine: axi-dmac: fix possible race in remove()
ocfs2: fix races between hole punching and AIO+DIO
ocfs2: use coarse time for new created files
fs/proc: fix softlockup in __read_vmcore
vmci: prevent speculation leaks by sanitizing event in event_deliver()
drm/exynos/vidi: fix memory leak in .get_modes()
drivers: core: synchronize really_probe() and dev_uevent()
net/ipv6: Fix the RT cache flush via sysctl using a previous delay
ipv6/route: Add a missing check on proc_dointvec
Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
tcp: fix race in tcp_v6_syn_recv_sock()
drm/bridge/panel: Fix runtime warning on panel bridge release
iommu/amd: Fix sysfs leak in iommu init
HID: core: remove unnecessary WARN_ON() in implement()
Input: try trimming too long modalias strings
xhci: Apply broken streams quirk to Etron EJ188 xHCI host
xhci: Apply reset resume quirk to Etron EJ188 xHCI host
jfs: xattr: fix buffer overflow for invalid xattr
mei: me: release irq in mei_me_pci_resume error path
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
nilfs2: return the mapped address from nilfs_get_page()
nilfs2: Remove check for PageError
selftests/mm: compaction_test: fix bogus test success on Aarch64
selftests/mm: conform test to TAP format output
selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages
media: mc: mark the media devnode as registered from the, start
serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg().
af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll().
af_unix: Fix data races around sk->sk_shutdown.
af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
af_unix: Fix a data-race in unix_dgram_peer_wake_me().
af_unix: ensure POLLOUT on remote close() for connected dgram socket
ptp: Fix error message on failed pin verification
tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
vxlan: Fix regression when dropping packets due to invalid src addresses
ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
wifi: iwlwifi: mvm: don't read past the mfuart notifcation
wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
Revert "tcp: remove redundant check on tskb"
Revert "tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets"
Revert "scsi: target: Fix SELinux error when systemd-modules loads the target module"
LTS: Update to 4.14.349
x86/kvm: Disable all PV features on crash
x86/kvm: Disable kvmclock on all CPUs on shutdown
x86/kvm: Teardown PV features on boot CPU as well
crypto: algif_aead - fix uninitialized ctx->init
nfs: fix undefined behavior in nfs_block_bits()
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
sparc: move struct termio to asm/termios.h
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
kdb: Merge identical case statements in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix buffer overflow during tab-complete
sparc64: Fix number of online CPUs
intel_th: pci: Add Meteor Lake-S CPU support
net/9p: fix uninit-value in p9_client_rpc()
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
netfilter: nft_dynset: relax superfluous check on set updates
netfilter: nft_dynset: report EOPNOTSUPP on missing set feature
netfilter: nf_tables: don't skip expired elements during walk
netfilter: nf_tables: drop map element references from preparation phase
netfilter: nf_tables: pass ctx to nf_tables_expr_destroy()
netfilter: nftables: rename set element data activation/deactivation functions
netfilter: nf_tables: pass context to nft_set_destroy()
netfilter: nf_tables: fix set double-free in abort path
netfilter: nf_tables: add nft_set_is_anonymous() helper
fbdev: savage: Handle err return when savagefb_check_var failed
media: v4l2-core: hold videodev_lock until dev reg, finishes
media: mxl5xx: Move xpt structures off stack
arm64: dts: hi3798cv200: fix the size of GICR
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
arm64: tegra: Correct Tegra132 I2C alias
ata: pata_legacy: make legacy_exit() work again
neighbour: fix unaligned access to pneigh_entry
vxlan: Fix regression when dropping packets due to invalid src addresses
nilfs2: fix use-after-free of timer for log writer thread
fs/nilfs2: convert timers to use timer_setup()
mmc: core: Do not force a retune before RPMB switch
binder: fix max_thread type inconsistency
ALSA: timer: Set lower bound of start tick time
ALSA: timer: Simplify timer hw resolution calls
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
ipvlan: add ipvlan_route_v6_outbound() helper
ipvlan: properly track tx_errors
net: add DEV_STATS_READ() helper
kconfig: fix comparison to constant symbols, 'm', 'n'
net:fec: Add fec_enet_deinit()
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
smsc95xx: use usbnet->driver_priv
smsc95xx: remove redundant function arguments
enic: Validate length of nl attributes in enic_set_vf_port
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
nvmet: fix ns enable/disable possible hang
spi: Don't mark message DMA mapped when no transfer in it is
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
nfc: nci: Fix kcov check in nci_rx_work()
net: fec: avoid lock evasion when reading pps_enable
net: fec: remove redundant variable 'inc'
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
openvswitch: Set the skbuff pkt_type for proper pmtud support.
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
params: lift param_set_uint_minmax to common code
ipv6: sr: fix memleak in seg6_hmac_init_algo
nfc: nci: Fix uninit-value in nci_rx_work
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
media: cec: cec-api: add locking in cec_release()
um: Fix the -Wmissing-prototypes warning for __switch_mm
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
media: stk1160: fix bounds checking in stk1160_copy_video()
um: Add winch to winch_handlers before registering winch IRQ
um: Fix return value in ubd_init()
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
Input: ims-pcu - fix printf string overflow
libsubcmd: Fix parse-options memory leak
f2fs: add error prints for debugging mount failure
extcon: max8997: select IRQ_DOMAIN instead of depending on it
ppdev: Add an error check in register_device
stm class: Fix a double free in stm_register_device()
usb: gadget: u_audio: Clear uac pointer when freed.
greybus: arche-ctrl: move device table to its right location
serial: max3100: Fix bitwise types
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
firmware: dmi-id: add a release callback function
dmaengine: idma64: Add check for dma_set_max_seg_size
greybus: lights: check return of get_channel_from_mode
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
netrom: fix possible dead-lock in nr_rt_ioctl()
RDMA/IPoIB: Fix format truncation compilation errors
RDMA/ipoib: Fix use of sizeof()
selftests/kcmp: remove unused open mode
selftests/kcmp: Make the test output consistent and clear
ext4: avoid excessive credit estimate in ext4_tmpfile()
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
fbdev: sh7760fb: allow modular build
media: radio-shark2: Avoid led_names truncations
media: ngene: Add dvb_ca_en50221_init return value check
powerpc/fsl-soc: hide unused const variable
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
fbdev: shmobile: fix snprintf truncation
mtd: rawnand: hynix: fixed typo
ipv6: sr: fix invalid unregister error path
ipv6: sr: fix incorrect unregister order
ipv6: sr: add missing seg6_local_exit
net: openvswitch: fix overwriting ct original tuple for ICMPv6
net: usb: smsc95xx: stop lying about skb->truesize
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
m68k: mac: Fix reboot hang on Mac IIci
m68k/mac: Use '030 reset method on SE/30
m68k: Fix spinlock race in kernel thread creation
net: usb: sr9700: stop lying about skb->truesize
wifi: mwl8k: initialize cmd->addr[] properly
scsi: qedf: Ensure the copied buf is NUL terminated
scsi: bfa: Ensure the copied buf is NUL terminated
Revert "sh: Handle calling csum_partial with misaligned data"
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
wifi: ar5523: enable proper endpoint verification
wifi: carl9170: add a proper sanity check for endpoints
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
macintosh/via-macii, macintosh/adb-iop: Clean up whitespace
m68k/mac: Add mutual exclusion for IOP interrupt polling
macintosh/via-macii: Remove BUG_ON assertions
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
scsi: hpsa: Fix allocation size for Scsi_Host private data
scsi: libsas: Fix the failure of adding phy with zero-address to port
ACPI: disable -Wstringop-truncation
irqchip/alpine-msi: Fix off-by-one in allocation error path
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: qcom: Perform read back after writing reset bit
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
wifi: ath10k: poll service ready message before failing
nfsd: drop st_mutex before calling move_to_close_lru()
null_blk: Fix missing mutex_destroy() at module removal
jffs2: prevent xattr node from overflowing the eraseblock
crypto: ccp - drop platform ifdef checks
crypto: ccp - Remove forward declaration
parisc: add missing export of __cmpxchg_u8()
nilfs2: fix out-of-range warning
ecryptfs: Fix buffer size for tag 66 packet
firmware: raspberrypi: Use correct device for DMA mappings
crypto: bcm - Fix pointer arithmetic
ASoC: da7219-aad: fix usage of device_get_named_child_node()
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
net: usb: qmi_wwan: add Telit FN920C04 compositions
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
nilfs2: fix potential hang in nilfs_detach_log_writer()
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
ring-buffer: Fix a race between readers and resize checks
speakup: Fix sizeof() vs ARRAY_SIZE() bug
Conflicts:
fs/f2fs/segment.c
fs/f2fs/super.c
Change-Id: I0c91af7340a7aa467e1a242f9d6dc49d540997af
|
||
|
Carlos Llamas
|
f642f364e2 |
binder: fix max_thread type inconsistency
commit 42316941335644a98335f209daafa4c122f28983 upstream.
The type defined for the BINDER_SET_MAX_THREADS ioctl was changed from
size_t to __u32 in order to avoid incompatibility issues between 32 and
64-bit kernels. However, the internal types used to copy from user and
store the value were never updated. Use u32 to fix the inconsistency.
Fixes:
|
||
|
Michael Bestas
|
6da2aa5b5b |
Merge branch 'linux-4.14.y' of github.com:openela/kernel-lts into android13-4.14-msmnile
* 'linux-4.14.y' of github.com:openela/kernel-lts:
LTS: Update to 4.14.348
docs: kernel_include.py: Cope with docutils 0.21
serial: kgdboc: Fix NMI-safety problems from keyboard reset code
btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks()
dm: limit the number of targets and parameter size area
Revert "selftests: mm: fix map_hugetlb failure on 64K page size systems"
LTS: Update to 4.14.347
rds: Fix build regression.
RDS: IB: Use DEFINE_PER_CPU_SHARED_ALIGNED for rds_ib_stats
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
net: fix out-of-bounds access in ops_init
drm/vmwgfx: Fix invalid reads in fence signaled events
dyndbg: fix old BUG_ON in >control parser
tipc: fix UAF in error path
usb: gadget: f_fs: Fix a race condition when processing setup packets.
usb: gadget: composite: fix OS descriptors w_value logic
firewire: nosy: ensure user_length is taken into account when fetching packet contents
af_unix: Fix garbage collector racing against connect()
af_unix: Do not use atomic ops for unix_sk(sk)->inflight.
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
net/ipv6: Refactor fib6_rule_action
net: bridge: fix corrupted ethernet header on multicast-to-unicast
net: bridge: use DEV_STATS_INC()
phonet: fix rtm_phonet_notify() skb allocation
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
tcp: remove redundant check on tskb
net:usb:qmi_wwan: support Rolling modules
fs/9p: drop inodes immediately on non-.L too
gpio: crystalcove: Use -ENOTSUPP consistently
gpio: wcove: Use -ENOTSUPP consistently
9p: explicitly deny setlease attempts
fs/9p: translate O_TRUNC into OTRUNC
fs/9p: only translate RWX permissions for plain 9P2000
selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior
scsi: target: Fix SELinux error when systemd-modules loads the target module
tools/power turbostat: Fix Bzy_MHz documentation typo
tools/power turbostat: Fix added raw MSR output
firewire: ohci: mask bus reset interrupts between ISR and bottom half
ata: sata_gemini: Check clk_enable() result
net: bcmgenet: Reset RBUF on first open
ALSA: line6: Zero-initialize message buffers
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
net: mark racy access on sk->sk_rcvbuf
wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc
scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic
tipc: fix a possible memleak in tipc_buf_append
net: bridge: fix multicast-to-unicast with fraglist GSO
net: dsa: mv88e6xxx: Fix number of databases for 88E6141 / 88E6341
net: dsa: mv88e6xxx: Fix name of switch 88E6141
net: dsa: mv88e6xxx: Add number of MACs in the ATU
net l2tp: drop flow hash on forward
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
bna: ensure the copied buf is NUL terminated
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
power: rt9455: hide unused rt9455_boost_voltage_values
pinctrl: core: delete incorrect free in pinctrl_enable()
ethernet: Add helper for assigning packet type when dest address does not match device address
ethernet: add a helper for assigning port addresses
net: create netdev->dev_addr assignment helpers
net: slightly optimize eth_type_trans
wifi: nl80211: don't free NULL coalescing rule
dmaengine: Revert "dmaengine: pl330: issue_pending waits until WFP state"
dmaengine: pl330: issue_pending waits until WFP state
LTS: Update to 4.14.346
Simplify major/minor non-dynamic logic
net: fix unused variable warning in do_tcp_setsockopt()
serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
i2c: smbus: fix NULL function pointer dereference
i2c: add param sanity check to i2c_transfer()
idma64: Don't try to serve interrupts when device is powered off
mtd: diskonchip: work around ubsan link failure
stackdepot: respect __GFP_NOLOCKDEP allocation flag
net: b44: set pause params only when interface is up
irqchip/gic-v3-its: Prevent double free on error
arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together
tracing: Show size of requested perf buffer
Revert "crypto: api - Disallow identical driver names"
drm/amdgpu: validate the parameters of bo mapping operations more clearly
amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
drm/amdgpu: restrict bo mapping within gpu address limits
serial: mxs-auart: add spinlock around changing cts state
serial: core: Provide port lock wrappers
i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
ipvs: Fix checksumming on GSO of SCTP packets
bpf: fix bpf_skb_adjust_net/bpf_skb_proto_xlat to deal with gso sctp skbs
docs: segmentation-offloads.txt: add SCTP info
net: gtp: Fix Use-After-Free in gtp_dellink
net: usb: ax88179_178a: stop lying about skb->truesize
NFC: trf7970a: disable all regulators on removal
mlxsw: core: Unregister EMAD trap using FORWARD action
vxlan: drop packets from invalid src-address
ARC: [plat-hsdk]: Remove misplaced interrupt-cells property
arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma
arm64: dts: rockchip: fix alphabetical ordering RK3399 puma
nilfs2: fix OOB in nilfs_set_de_type
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
speakup: Avoid crash on very long word
usb: dwc2: host: Fix dereference issue in DDMA completion flow.
Revert "usb: cdc-wdm: close race between read and workqueue"
USB: serial: option: add Telit FN920C04 rmnet compositions
USB: serial: option: add Rolling RW101-GL and RW135-GL support
USB: serial: option: support Quectel EM060K sub-models
USB: serial: option: add Lonsung U8300/U9300 product
USB: serial: option: add support for Fibocom FM650/FG650
USB: serial: option: add Fibocom FM135-GL variants
serial/pmac_zilog: Remove flawed mitigation for rx irq flood
comedi: vmk80xx: fix incomplete endpoint checking
drm: nv04: Fix out of bounds access
tun: limit printing rate when illegal packet received by tun dev
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
netfilter: nf_tables: __nft_expr_type_get() selects specific family type
Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
kprobes: Fix possible use-after-free issue on kprobe registration
selftests/ftrace: Limit length in subsystem-enable tests
x86/apic: Force native_apic_mem_read() to use the MOV instruction
selftests: timers: Fix abs() warning in posix_timers test
vhost: Add smp_rmb() in vhost_vq_avail_empty()
tracing: hide unused ftrace_event_id_fops
net/mlx5: Properly link new fs rules into the tree
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
ipv4/route: avoid unused-but-set-variable warning
geneve: fix header validation in geneve[6]_xmit_skb
nouveau: fix function cast warning
Bluetooth: Fix memory leak in hci_req_sync_complete()
batman-adv: Avoid infinite loop trying to resize local TT
LTS: Update to 4.14.345
net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()
Revert "net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()"
netfilter: nftables: exthdr: fix 4-byte stack OOB write
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
Revert "ext4: fix to check return value of freeze_bdev() in ext4_shutdown()"
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
Bluetooth: btintel: Fixe build regression
x86/mm/pat: fix VM_PAT handling in COW mappings
virtio: reenable config if freezing device failed
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
fbmon: prevent division by zero in fb_videomode_from_videomode()
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
tools: iio: replace seekdir() in iio_generic_buffer
block: prevent division by zero in blk_rq_stat_sum()
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
media: sta2x11: fix irq handler cast
isofs: handle CDs with bad root inode but good Joliet root directory
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
sysv: don't call sb_bread() with pointers_lock held
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
btrfs: send: handle path ref underflow in header iterate_inode_ref()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
arm64: dts: rockchip: fix rk3399 hdmi ports node
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
init: open /initrd.image with O_LARGEFILE
staging: vc04_services: fix information leak in create_component()
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: mmal-vchiq: Fix client_component for 64 bit kernel
staging: mmal-vchiq: Allocate and free components as required
staging: mmal-vchiq: Avoid use of bool in structures
ipv6: Fix infinite recursion in fib6_dump_done().
selftests: reuseaddr_conflict: add missing new line at the end of the output
net/sched: act_skbmod: prevent kernel-infoleak
net: stmmac: fix rx queue priority assignment
net: stmmac: Fix issues when number of Queues >= 4
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
netfilter: nf_tables: disallow timeout for anonymous sets
Bluetooth: Fix TOCTOU in HCI debugfs implementation
Bluetooth: hci_event: set the conn encrypted before conn establishes
tcp: properly terminate timers for kernel sockets
mptcp: add sk_stop_timer_sync helper
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
USB: core: Fix deadlock in usb_deauthorize_interface()
scsi: lpfc: Correct size for wqe for memset()
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
scsi: qla2xxx: Fix command flush on cable pull
usb: udc: remove warning when queue disabled ep
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: host: Fix hibernation flow
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
efivarfs: Request at most 512 bytes for variable names
perf/core: Fix reentry problem in perf_output_read_group()
loop: Call loop_config_discard() only after new config is applied
Revert "loop: Check for overflow while configuring loop"
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
btrfs: add define for oldest generation
printk: Update @console_may_schedule in console_trylock_spinning()
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
ALSA: aica: Fix a long-time build breakage
ALSA: sh: aica: Convert timers to use timer_setup()
usb: cdc-wdm: close race between read and workqueue
USB: cdc-wdm: Fix use after free in service_outstanding_interrupt().
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
mm/migrate: set swap entry values of THP tail pages properly.
mm/memory-failure: fix an incorrect use of tail pages
vt: fix memory overlapping when deleting chars in the buffer
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
usb: port: Don't try to peer unused USB ports based on location
usb: gadget: ncm: Fix handling of zero block length packets
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
netfilter: nf_tables: reject constant set with timeout
netfilter: nf_tables: disallow anonymous set with timeout flag
comedi: comedi_test: Prevent timers rescheduling during deletion
ahci: asm1064: asm1166: don't limit reported ports
ahci: asm1064: correct count of reported ports
nilfs2: prevent kernel bug at submit_bh_wbc()
nilfs2: use a more common logging style
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
memtest: use {READ,WRITE}_ONCE in memory scanning
drm/vc4: hdmi: do not return negative values from .get_modes()
drm/imx/ipuv3: do not return negative values from .get_modes()
s390/zcrypt: fix reference counting on zcrypt card objects
soc: fsl: qbman: Use raw spinlock for cgr_lock
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
vfio/platform: Disable virqfds on cleanup
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
speakup: Fix 8bit characters from direct synth
ext4: fix corruption during on-line resize
hwmon: (amc6821) add of_match table
mmc: core: Fix switch on gp3 partition
dm-raid: fix lockdep waring in "pers->hot_add_disk"
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
PCI/PM: Drain runtime-idle callbacks before driver removal
PCI: Drop pci_device_remove() test of pci_dev->driver
fuse: don't unhash root
mmc: tmio: avoid concurrent runs of mmc_request_done()
PM: sleep: wakeirq: fix wake irq warning in system suspend
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: add device ID for VeriFone adapter
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
powerpc/fsl: Fix mfpmr build errors with newer binutils
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
PM: suspend: Set mem_sleep_current during kernel command line setup
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix ip_fast_csum
parisc: Do not hardcode registers in checksum functions
ubi: correct the calculation of fastmap size
ubi: Check for too small LEB size in VTBL code
ubifs: Set page uptodate in the correct place
fat: fix uninitialized field in nostale filehandles
crypto: qat - resolve race condition during AER recovery
crypto: qat - fix double free during reset
sparc64: NMI watchdog: fix return value of __setup handler
KVM: Always flush async #PF workqueue when vCPU is being destroyed
media: xc4000: Fix atomicity violation in xc4000_get_frequency
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
ARM: dts: mmp2-brownstone: Don't redeclare phandle references
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
x86/bugs: Use sysfs_emit()
x86/pti: Don't report XenPV as vulnerable
x86/cpu: Support AMD Automatic IBRS
Documentation/hw-vuln: Update spectre doc
LTS: Update to 4.14.344
binder: signal epoll threads of self-work
ANDROID: binder: Add thread->process_todo flag.
scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
scsi: bnx2fc: Remove set but not used variable 'oxid'
net: check dev->gso_max_size in gso_features_check()
driver: staging: count ashmem_range into SLAB_RECLAIMBLE
net: warn if gso_type isn't set for a GSO SKB
staging: android: ashmem: Remove use of unlikely()
ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
ALSA: hda/realtek: Enable headset onLenovo M70/M90
ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
ALSA: hda/realtek - ALC897 headset MIC no sound
ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
ALSA: hda/realtek - The front Mic on a HP machine doesn't work
ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
ALSA: hda/realtek - Add Headset Mic supported for HP cPC
ALSA: hda/realtek - More constifications
Add Acer Aspire Ethos 8951G model quirk
devcoredump: Send uevent once devcd is ready
devcoredump : Serialize devcd_del work
netfilter: xt_owner: Fix for unsafe access of sk->sk_socket
netfilter: xt_owner: Add supplementary groups option
mtd: cfi_cmdset_0001: Byte swap OTP info
mtd: cfi_cmdset_0001: Support the absence of protection registers
s390/cmma: fix detection of DAT pages
s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family
ALSA: hda/realtek: Headset Mic VREF to 100%
hfsplus: unmap the page in the "fail_page" label
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
ALSA: hda/realtek: Enable audio jacks of ASUS D700SA with ALC887
ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
ALSA: hda/realtek - Headset microphone and internal speaker support for System76 oryp5
ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup
ALSA: hda/realtek - Add support for ALC1220
hv_netvsc: Fix race of register_netdevice_notifier and VF register
hv_netvsc: use reciprocal divide to speed up percent calculation
pwm: sti: Reduce number of allocations and drop usage of chip_data
pwm: sti: Avoid conditional gotos
tools: iio: iio_generic_buffer ensure alignment
tools: iio: iio_generic_buffer: Fix some integer type and calculation
tools: iio: privatize globals and functions in iio_generic_buffer.c file
leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu'
ledtrig-cpu: Limit to 8 CPUs
leds: pwm: Don't disable the PWM when the LED should be off
leds: pwm: convert to atomic PWM API
leds: pwm: simplify if condition
regmap: debugfs: Fix a erroneous check after snprintf()
regmap: Allow missing device in regmap_name_read_file()
tcp_metrics: add missing barriers on delete
tcp: batch tcp_net_metrics_exit
tcp: fix excessive TLP and RACK timeouts from HZ rounding
tcp: Namespace-ify sysctl_tcp_early_retrans
net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
ata: libata-core: Do not register PM operations for SAS ports
libata: make ata_port_type const
libata: Add new med_power_with_dipm link_power_management_policy setting
ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q
ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
ALSA: hda: Add Intel NUC7i3BNB to the power_save blacklist
ext4: mark group as trimmed only if it was fully scanned
ext4: add new helper interface ext4_try_to_trim_range()
ext4: remove the 'group' parameter of ext4_trim_extent
scsi: qla2xxx: Remove unsupported ql2xenabledif option
scsi: qla2xxx: Add protection mask module parameters
scsi: qla2xxx: Add option for use reserve exch for ELS
scsi: qla2xxx: Reinstate module parameter ql2xenablemsix
scsi: lpfc: remove redundant null check on eqe
usb: typec: tcpci: clear the fault status bit
usb: typec: add fwnode to tcpc
staging: typec: fix endianness mismatch identified by sparse
staging: typec: tcpm: Document data structures
serial: sc16is7xx: fix broken port 0 uart init
sc16is7xx: Set iobase to device index
dlm: fix plock lookup when using multiple lockspaces
drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
drm/tegra: Remove superfluous error messages around platform_get_irq()
ARM: dts: BCM53573: Drop nonexistent #usb-cells
ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name
wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx
ath9k: use irqsave() in USB's complete callback
wifi: mwifiex: fix error recovery in PCIE buffer descriptor management
mwifiex: switch from 'pci_' to 'dma_' API
mwifiex: drop 'set_consistent_dma_mask' log message
bonding: fix macvlan over alb bond support
net: remove bond_slave_has_mac_rcu()
fbdev: fix potential OOB read in fast_imageblit()
fbdev: Fix sys_imageblit() for arbitrary image widths
fbdev: Improve performance of sys_imageblit()
tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP"
MIPS: cpu-features: Use boot_cpu_type for CPU type based features
MIPS: cpu-features: Enable octeon_cache by cpu_type
fs: dlm: fix mismatch of plock results from userspace
fs: dlm: use dlm_plock_info for do_unlock_close
fs: dlm: change plock interrupted message to debug again
fs: dlm: add pid to debug log
dlm: replace usage of found with dedicated list iterator variable
dlm: improve plock logging if interrupted
nfsd: Remove incorrect check in nfsd4_validate_stateid
nfsd4: kill warnings on testing stateids with mismatched clientids
mmc: meson-gx: remove redundant mmc_request_done() call from irq context
mmc: meson-gx: remove useless lock
PM: sleep: wakeirq: fix wake irq arming
PM / wakeirq: support enabling wake-up irq after runtime_suspend called
scsi: zfcp: Defer fc_rport blocking until after ADISC response
scsi: zfcp: workqueue: set description for port work items with their WWPN as context
btrfs: check for commit error at btrfs_attach_transaction_barrier()
btrfs: simplify IS_ERR/PTR_ERR checks
fs: dlm: interrupt posix locks only when process is killed
dlm: rearrange async condition return
dlm: cleanup plock_op vs plock_xop
ext4: Fix reusing stale buffer heads from last failed mounting
ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
tcp: annotate data-races around tp->linger2
net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
ceph: don't let check_caps skip sending responses for revoke msgs
ceph: define argument structure for handle_cap_grant
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
net: bcmgenet: Avoid calling platform_device_put() twice in bcmgenet_mii_exit()
net: tcp_input: Neaten DBGUNDO
i2c: xiic: Don't try to handle more interrupt events after error
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
i2c: xiic: Fix broken locking on tx_msg
i2c: xiic: Change code alignment to 1 space only
i2c: xiic: Add timeout to the rx fifo wait loop
i2c: xiic: Fix kerneldoc warnings
hwrng: virtio - Fix race on data_avail and actual data
hwrng: virtio - always add a pending request
hwrng: virtio - don't waste entropy
hwrng: virtio - don't wait on cleanup
hwrng: virtio - add an internal buffer
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
nfc: constify several pointers to u8, char and sk_buff
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
Documentation: fix little inconsistencies
usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling
net/rose: fix races in rose_kill_by_device()
reset: Fix crash when freeing non-existent optional resets
ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE
PCI: keystone: Don't discard .probe() callback
PCI: keystone: Don't discard .remove() callback
can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on()
can: dev: can_restart(): don't crash kernel if carrier is OK
r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1
xen-netback: use default TX queue size for vifs
MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled
arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller
sched/rt: pick_next_rt_entity(): check list_entry
regmap: Account for register length in SMBus I/O limits
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
PCI: qcom: Disable write access to read only registers for IP v2.3.3
pinctrl: amd: Only use special debounce behavior for GPIO 0
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
usb: fotg210-hcd: delete an incorrect bounds test
smb: client: fix OOB in smbCalcSize()
btrfs: do not allow non subvolume root targets for snapshot
pinctrl: at91-pio4: use dedicated lock class for IRQ
net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev()
arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names
IB/isert: Fix unaligned immediate-data handling
fbdev: stifb: Make the STI next font pointer a 32-bit signed offset
smb3: fix touch -h of symlink
MIPS: KVM: Fix a build warning about variable set but not used
cifs: spnego: add ';' in HOST_KEY_LEN
macvlan: Don't propagate promisc change to lower dev in passthru
ppp: limit MRU to 64K
ptp: annotate data-race around q->head and q->tail
xen/events: fix delayed eoi list handling
tipc: Fix kernel-infoleak due to uninitialized TLV value
tty: Fix uninit-value access in ppp_sync_receive()
iio: exynos-adc: request second interupt only when touchscreen mode is used
selftests/ftrace: Add new test case which checks non unique symbol
media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling
block: fix signed int overflow in Amiga partition support
iio: addac: stx104: Fix race condition for stx104_write_raw()
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
btrfs: fix extent buffer leak after tree mod log failure at split_node()
pinctrl: amd: Detect internal GPIO0 debounce handling
ALSA: jack: Fix mutex call in snd_jack_report()
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
ARM: 9303/1: kprobes: avoid missing-declaration warnings
LTS: Update to 4.14.343
crypto: af_alg - Work around empty control messages without MSG_MORE
crypto: af_alg - Fix regression on empty requests
spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
net/bnx2x: Prevent access to a freed page in page_pool
hsr: Handle failures in module init
rds: introduce acquire/release ordering in acquire/release_in_xmit()
hsr: Fix uninit-value access in hsr_get_node()
net: hsr: fix placement of logical operator in a multi-line statement
usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin
staging: greybus: fix get_channel_from_mode() failure path
serial: 8250_exar: Don't remove GPIO device on suspend
rtc: mt6397: select IRQ_DOMAIN instead of depending on it
rtc: mediatek: enhance the description for MediaTek PMIC based RTC
tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT
serial: max310x: fix syntax error in IRQ error message
clk: qcom: gdsc: Add support to update GDSC transition delay
NFS: Fix an off by one in root_nfs_cat()
net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr()
scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn
scsi: csiostor: Avoid function pointer casts
ALSA: usb-audio: Stop parsing channels bits when all channels are found.
sparc32: Fix section mismatch in leon_pci_grpci
backlight: lp8788: Fully initialize backlight_properties during probe
backlight: lm3639: Fully initialize backlight_properties during probe
backlight: da9052: Fully initialize backlight_properties during probe
backlight: lm3630a: Don't set bl->props.brightness in get_brightness
backlight: lm3630a: Initialize backlight_properties on init
powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc.
powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
media: go7007: fix a memleak in go7007_load_encoder
media: dvb-frontends: avoid stack overflow warnings with clang
media: pvrusb2: fix uaf in pvr2_context_set_notify
drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int()
mtd: rawnand: lpc32xx_mlc: fix irq handler prototype
crypto: arm/sha - fix function cast warnings
crypto: arm - Rename functions to avoid conflict with crypto/sha256.h
mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref
drm/tegra: put drm_gem_object ref on error in tegra_fb_create
clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister()
PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
drm/mediatek: dsi: Fix DSI RGB666 formats and definitions
media: pvrusb2: fix pvr2_stream_callback casts
media: go7007: add check of return value of go7007_read_addr()
ALSA: seq: fix function cast warnings
drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str()
quota: Fix rcu annotations of inode dquot pointers
quota: Fix potential NULL pointer dereference
quota: simplify drop_dquot_ref()
quota: check time limit when back out space/inode change
fs/quota: erase unused but set variable warning
quota: code cleanup for __dquot_alloc_space()
clk: qcom: reset: Ensure write completion on reset de/assertion
clk: qcom: reset: Commonize the de/assert functions
clk: qcom: reset: support resetting multiple bits
clk: qcom: reset: Allow specifying custom reset delay
media: edia: dvbdev: fix a use-after-free
media: dvb-core: Fix use-after-free due to race at dvb_register_device()
media: dvbdev: convert DVB device types into an enum
media: dvbdev: fix error logic at dvb_register_device()
media: dvbdev: Fix memleak in dvb_register_device
media: media/dvb: Use kmemdup rather than duplicating its implementation
media: dvbdev: remove double-unlock
media: v4l2-tpg: fix some memleaks in tpg_alloc
media: em28xx: annotate unchecked call to media_device_register()
media: tc358743: register v4l2 async device only after successful setup
drm: Don't treat 0 as -1 in drm_fixp2int_ceil
drm/rockchip: inno_hdmi: Fix video timing
drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe()
drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe()
drm/tegra: dsi: Make use of the helper function dev_err_probe()
gpu: host1x: mipi: Update tegra_mipi_request() to be node based
drm/tegra: dsi: Add missing check for of_find_device_by_node
dm: call the resume method on internal suspend
dm raid: fix false positive for requeue needed during reshape
net/x25: fix incorrect parameter validation in the x25_getsockopt() function
net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function
udp: fix incorrect parameter validation in the udp_lib_getsockopt() function
l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function
tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function
ipv6: fib6_rules: flush route cache when rule is changed
bpf: Fix stackmap overflow check on 32-bit arches
bpf: Fix hashtab overflow check on 32-bit arches
sr9800: Add check for usbnet_get_endpoints
Bluetooth: hci_core: Fix possible buffer overflow
Bluetooth: Remove superfluous call to hci_conn_check_pending()
igb: Fix missing time sync events
igb: move PEROUT and EXTTS isr logic to separate functions
mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function
SUNRPC: fix some memleaks in gssx_dec_option_array
x86, relocs: Ignore relocations in .notes section
ACPI: scan: Fix device check notification handling
ARM: dts: arm: realview: Fix development chip ROM compatible value
wifi: brcmsmac: avoid function pointer casts
iommu/amd: Mark interrupt as managed
bus: tegra-aconnect: Update dependency to ARCH_TEGRA
ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc().
sock_diag: annotate data-races around sock_diag_handlers[family]
sock_diag: request _diag module only when the family or proto has been registered
wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir()
wifi: b43: Disable QoS for bcm4331
wifi: b43: Stop correct queue in DMA worker when QoS is disabled
b43: main: Fix use true/false for bool type
wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled
wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
b43: dma: Fix use true/false for bool type variable
timekeeping: Fix cross-timestamp interpolation for non-x86
timekeeping: Fix cross-timestamp interpolation corner case decision
timekeeping: Fix cross-timestamp interpolation on counter wrap
aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
md: Don't clear MD_CLOSING when the raid is about to stop
md: implement ->set_read_only to hook into BLKROSET processing
block: add a new set_read_only method
md: switch to ->check_events for media change notifications
fs/select: rework stack allocation hack for clang
do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
crypto: algif_aead - Only wake up when ctx->more is zero
crypto: af_alg - make some functions static
ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll
ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode
ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC
Input: gpio_keys_polled - suppress deferred probe error for gpio
firewire: core: use long bus reset on gap count error
Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
scsi: mpt3sas: Prevent sending diag_reset when the controller is ready
dm-verity, dm-crypt: align "struct bvec_iter" correctly
block: sed-opal: handle empty atoms when parsing response
net/iucv: fix the allocation size of iucv_path_table array
MIPS: Clear Cause.BD in instruction_pointer_set
x86/xen: Add some null pointer checking to smp.c
x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
xen/events: only register debug interrupt for 2-level events
LTS: Update to 4.14.342
selftests/vm: fix map_hugetlb length used for testing read and write
selftests/vm: fix display of page size in map_hugetlb
getrusage: use sig->stats_lock rather than lock_task_sighand()
getrusage: use __for_each_thread()
getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand()
getrusage: add the "signal_struct *sig" local variable
hv_netvsc: use netif_is_bond_master() instead of open code
um: allow not setting extra rpaths in the linux binary
selftests: mm: fix map_hugetlb failure on 64K page size systems
tools/selftest/vm: allow choosing mem size and page size in map_hugetlb
netrom: Fix data-races around sysctl_net_busy_read
netrom: Fix a data-race around sysctl_netrom_link_fails_count
netrom: Fix a data-race around sysctl_netrom_routing_control
netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout
netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size
netrom: Fix a data-race around sysctl_netrom_transport_busy_delay
netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay
netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries
netrom: Fix a data-race around sysctl_netrom_transport_timeout
netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser
netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser
netrom: Fix a data-race around sysctl_netrom_default_path_quality
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
netfilter: nf_ct_h323: Extend nf_h323_error_boundary to work on bits as well
netfilter: nf_ct_h323: Convert CHECK_BOUND macro to function
netfilter: nf_ct_h323: Out Of Bound Read in Netfilter Conntrack
netfilter: nf_conntrack_h323: Remove typedef struct
geneve: make sure to pull inner header in geneve_rx()
net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb
net: move definition of pcpu_lstats to header file
net: lan78xx: fix runtime PM count underflow on link stop
lan78xx: Fix race conditions in suspend/resume handling
lan78xx: Fix partial packet errors on suspend/resume
lan78xx: Add missing return code checks
lan78xx: Fix white space and style issues
net: usb: lan78xx: Remove lots of set but unused 'ret' variables
net: usb: lan78xx: Disable interrupts before calling generic_handle_irq()
net: lan78xx: Allow for VLAN headers in timeout calcs
ip: validate header length on virtual device xmit
LTS: Update to 4.14.341
gpio: 74x164: Enable output pins after registers are reset
cachefiles: fix memory leak in cachefiles_add_cache()
mmc: core: Fix eMMC initialization with 1-bit bus connection
btrfs: dev-replace: properly validate device names
wifi: nl80211: reject iftype change with mesh ID change
gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
ALSA: Drop leftover snd-rtctimer stuff from Makefile
power: supply: bq27xxx-i2c: Do not free non existing IRQ
efi/capsule-loader: fix incorrect allocation size
Bluetooth: Enforce validation on max value of connection interval
Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
Bluetooth: Avoid potential use-after-free in hci_error_reset
net: usb: dm9601: fix wrong return value in dm9601_mdio_read
lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
Conflicts:
drivers/android/binder.c
fs/aio.c
fs/select.c
include/net/netns/ipv4.h
mm/memory-failure.c
mm/page_alloc.c
net/core/filter.c
net/ipv4/sysctl_net_ipv4.c
net/ipv4/tcp_ipv4.c
sound/usb/stream.c
Change-Id: I8096aaa78b418b341e428ada23445295d781a238
|
||
|
Carlos Llamas
|
aaf0101b79 |
binder: signal epoll threads of self-work
[ Upstream commit 97830f3c3088638ff90b20dfba2eb4d487bf14d7 ]
In (e)poll mode, threads often depend on I/O events to determine when
data is ready for consumption. Within binder, a thread may initiate a
command via BINDER_WRITE_READ without a read buffer and then make use
of epoll_wait() or similar to consume any responses afterwards.
It is then crucial that epoll threads are signaled via wakeup when they
queue their own work. Otherwise, they risk waiting indefinitely for an
event leaving their work unhandled. What is worse, subsequent commands
won't trigger a wakeup either as the thread has pending work.
Fixes:
|
||
|
Martijn Coenen
|
abd2c4dd77 |
ANDROID: binder: Add thread->process_todo flag.
[ Upstream commit 148ade2c4d4f46b3ecc1ddad1c762371e8708e35 ] This flag determines whether the thread should currently process the work in the thread->todo worklist. The prime usecase for this is improving the performance of synchronous transactions: all synchronous transactions post a BR_TRANSACTION_COMPLETE to the calling thread, but there's no reason to return that command to userspace right away - userspace anyway needs to wait for the reply. Likewise, a synchronous transaction that contains a binder object can cause a BC_ACQUIRE/BC_INCREFS to be returned to userspace; since the caller must anyway hold a strong/weak ref for the duration of the call, postponing these commands until the reply comes in is not a problem. Note that this flag is not used to determine whether a thread can handle process work; a thread should never pick up process work when thread work is still pending. Before patch: ------------------------------------------------------------------ Benchmark Time CPU Iterations ------------------------------------------------------------------ BM_sendVec_binderize/4 45959 ns 20288 ns 34351 BM_sendVec_binderize/8 45603 ns 20080 ns 34909 BM_sendVec_binderize/16 45528 ns 20113 ns 34863 BM_sendVec_binderize/32 45551 ns 20122 ns 34881 BM_sendVec_binderize/64 45701 ns 20183 ns 34864 BM_sendVec_binderize/128 45824 ns 20250 ns 34576 BM_sendVec_binderize/256 45695 ns 20171 ns 34759 BM_sendVec_binderize/512 45743 ns 20211 ns 34489 BM_sendVec_binderize/1024 46169 ns 20430 ns 34081 After patch: ------------------------------------------------------------------ Benchmark Time CPU Iterations ------------------------------------------------------------------ BM_sendVec_binderize/4 42939 ns 17262 ns 40653 BM_sendVec_binderize/8 42823 ns 17243 ns 40671 BM_sendVec_binderize/16 42898 ns 17243 ns 40594 BM_sendVec_binderize/32 42838 ns 17267 ns 40527 BM_sendVec_binderize/64 42854 ns 17249 ns 40379 BM_sendVec_binderize/128 42881 ns 17288 ns 40427 BM_sendVec_binderize/256 42917 ns 17297 ns 40429 BM_sendVec_binderize/512 43184 ns 17395 ns 40411 BM_sendVec_binderize/1024 43119 ns 17357 ns 40432 Signed-off-by: Martijn Coenen <maco@android.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Stable-dep-of: 97830f3c3088 ("binder: signal epoll threads of self-work") Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com> |
||
|
Michael Bestas
|
f5a1de2a76 |
Merge tag 'v4.14.340-openela' into android13-4.14-msmnile
This is the 4.14.340 OpenELA-Extended LTS stable release
* tag 'v4.14.340-openela':
LTS: Update to 4.14.340
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
PCI/MSI: Prevent MSI hardware interrupt number truncation
s390: use the correct count for __iowrite64_copy()
packet: move from strlcpy with unused retval to strscpy
ipv6: sr: fix possible use-after-free and null-ptr-deref
nouveau: fix function cast warnings
scsi: jazz_esp: Only build if SCSI core is builtin
RDMA/srpt: fix function pointer cast warnings
RDMA/srpt: Support specifying the srpt_service_guid parameter
IB/hfi1: Fix a memleak in init_credit_return
usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
l2tp: pass correct message length to ip6_append_data
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
dm-crypt: don't modify the data when using authenticated encryption
mm: memcontrol: switch to rcu protection in drain_all_stock()
s390/qeth: Fix potential loss of L3-IP@ in case of network issues
virtio-blk: Ensure no requests in virtqueues before deleting vqs.
firewire: core: send bus reset promptly on gap count error
hwmon: (coretemp) Enlarge per package core count limit
regulator: pwm-regulator: Add validity checks in continuous .get_voltage
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
ahci: asm1166: correct count of reported ports
fbdev: sis: Error out if pixclock equals zero
fbdev: savage: Error out if pixclock equals zero
wifi: mac80211: fix race condition on enabling fast-xmit
wifi: cfg80211: fix missing interfaces when dumping
dmaengine: shdma: increase size of 'dev_id'
scsi: target: core: Add TMF to tmr_list handling
sched/rt: Disallow writing invalid values to sched_rt_period_us
sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset
sched/rt: Fix sysctl_sched_rr_timeslice intial value
nilfs2: replace WARN_ONs for invalid DAT metadata block requests
memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock()
net/sched: Retire dsmark qdisc
net/sched: Retire ATM qdisc
net/sched: Retire CBQ qdisc
LTS: Update to 4.14.339
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
lsm: new security_file_ioctl_compat() hook
nilfs2: fix potential bug in end_buffer_async_write
sched/membarrier: reduce the ability to hammer on sys_membarrier
Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
pmdomain: core: Move the unused cleanup to a _sync initcall
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
nfp: use correct macro for LengthSelect in BAR config
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
nilfs2: fix data corruption in dsync block recovery for small block sizes
ALSA: hda/conexant: Add quirk for SWS JS201D
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
staging: iio: ad5933: fix type mismatch regression
ext4: fix double-free of blocks due to wrong extents moved_len
xen-netback: properly sync TX responses
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
firewire: core: correct documentation of fw_csr_string() kernel API
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
usb: f_mass_storage: forbid async queue when shutdown happen
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
HID: wacom: Do not register input devices until after hid_hw_start
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
tracing/trigger: Fix to return error if failed to alloc snapshot
i40e: Fix waiting for queues of all VSIs to be disabled
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
net: sysfs: Fix /sys/class/net/<iface> path for statistics
Documentation: net-sysfs: describe missing statistics
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
spi: ppc4xx: Drop write-only variable
btrfs: send: return EOPNOTSUPP on unknown flags
vhost: use kzalloc() instead of kmalloc() followed by memset()
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
USB: serial: cp210x: add ID for IMST iM871A-USB
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
net/af_iucv: clean up a try_then_request_module()
netfilter: nft_compat: restrict match/target protocol to u16
netfilter: nft_compat: reject unused compat flag
ppp_async: limit MRU to 64K
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
inet: read sk->sk_family once in inet_recv_error()
hwmon: (aspeed-pwm-tacho) mutex for tach reading
atm: idt77252: fix a memleak in open_card_ubr0
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
bonding: remove print in bond_verify_device_path
HID: apple: Add 2021 magic keyboard FN key mapping
HID: apple: Add support for the 2021 Magic Keyboard
HID: apple: Swap the Fn and Left Control keys on Apple keyboards
net: sysfs: Fix /sys/class/net/<iface> path
af_unix: fix lockdep positive in sk_diag_dump_icons()
net: ipv4: fix a memleak in ip_setup_cork
net: Fix one possible memleak in ip_setup_cork
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
llc: call sock_orphan() at release time
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ixgbe: Refactor overtemp event handling
ixgbe: Remove non-inclusive language
net: remove unneeded break
scsi: isci: Fix an error code problem in isci_io_request_build()
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
ceph: fix deadlock or deadcode of misusing dget()
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
libsubcmd: Fix memory leak in uniq()
usb: hub: Replace hardcoded quirk value with BIT() macro
PCI: Only override AMD USB controller if required
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
um: net: Fix return type of uml_net_start_xmit()
um: Don't use vfprintf() for os_info()
um: Fix naming clash between UML and scheduler
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
media: ddbridge: fix an error code problem in ddb_probe
IB/ipoib: Fix mcast list locking
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
ALSA: hda: Intel: add HDA_ARL PCI ID support
ALSA: hda: Add Icelake PCI ID
PCI: add INTEL_HDA_ARL to pci_ids.h
media: stk1160: Fixed high volume of stk1160_dbg messages
drm/mipi-dsi: Fix detach call without attach
drm/framebuffer: Fix use of uninitialized variable
drm/drm_file: fix use of uninitialized variable
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
fast_dput(): handle underflows gracefully
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
md: Whenassemble the array, consult the superblock of the freshest device
ARM: dts: imx23/28: Fix the DMA controller node name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx1: Fix sram node
ARM: dts: imx27: Fix sram node
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: rockchip: fix rk3036 hdmi ports node
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
scsi: libfc: Don't schedule abort twice
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
ARM: dts: imx7s: Fix nand-controller #size-cells
ARM: dts: imx7s: Fix lcdif compatible
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
scsi: lpfc: Fix possible file string name overflow when updating firmware
ext4: unify the type of flexbg_size to unsigned int
SUNRPC: Fix a suspicious RCU usage warning
KVM: s390: fix setting of fpc register
s390/ptrace: handle setting of fpc register correctly
jfs: fix array-index-out-of-bounds in diNewExt
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
pstore/ram: Fix crash when setting number of cpus to an odd number
jfs: fix uaf in jfs_evict_inode
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix slab-out-of-bounds Read in dtSearch
UBSAN: array-index-out-of-bounds in dtSplitRoot
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
ACPI: extlog: fix NULL pointer dereference check
PNP: ACPI: fix fortify warning
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
audit: Send netlink ACK before setting connection in auditd_set
powerpc/lib: Validate size for vector operations
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
tick/sched: Preserve number of idle sleeps across CPU hotplug events
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
drm/bridge: nxp-ptn3460: simplify some error checking
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm: Don't unref the same fb many times by mistake due to deadlock handling
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
btrfs: don't warn if discard range is not aligned to sector
net: fec: fix the unhandled context fault from smmu
fjes: fix memleaks in fjes_hw_setup
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
net/mlx5e: fix a double-free in arfs_create_groups
net/mlx5: Use kfree(ft->g) in arfs_create_groups()
netlink: fix potential sleeping issue in mqueue_flush_file
tcp: Add memory barrier to tcp_push()
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
llc: Drop support for ETH_P_TR_802_2.
llc: make llc_ui_sendmsg() more robust against bonding changes
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
drivers: core: fix kernel-doc markup for dev_err_probe()
driver code: print symbolic error code
Revert "driver core: Annotate dev_err_probe() with __must_check"
driver core: Annotate dev_err_probe() with __must_check
x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum
powerpc: Use always instead of always-y in for crtsavres.o
block: Remove special-casing of compound pages
parisc/firmware: Fix F-extend for PDC addresses
rpmsg: virtio: Free driver_override when rpmsg_remove()
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
PM: hibernate: Enforce ordering during image compression/decompression
crypto: api - Disallow identical driver names
serial: sc16is7xx: add check for unsupported SPI modes during probe
spi: introduce SPI_MODE_X_MASK macro
driver core: add device probe log helper
serial: sc16is7xx: set safe default SPI clock frequency
units: add the HZ macros
units: change from 'L' to 'UL'
units: Add Watt units
include/linux/units.h: add helpers for kelvin to/from Celsius conversion
PCI: mediatek: Clear interrupt status before dispatching handler
LTS: Update to 4.14.338
crypto: scompress - initialize per-CPU variables on each CPU
Revert "NFSD: Fix possible sleep during nfsd4_release_lockowner()"
i2c: s3c24xx: fix transferring more than one message in polling mode
i2c: s3c24xx: fix read transfers in polling mode
kdb: Fix a potential buffer overflow in kdb_local()
kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ
ipvs: avoid stat macros calls from preemptible context
net: ravb: Fix dma_addr_t truncation in error case
serial: imx: Correct clock error message in function probe()
apparmor: avoid crash when parsed profile name is empty
MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup()
MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup()
HID: wacom: Correct behavior when processing some confidence == false touches
wifi: mwifiex: configure BSSID consistently when starting AP
wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors
wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code
fbdev: flush deferred work in fb_deferred_io_fsync()
ALSA: oxygen: Fix right channel of capture volume mixer
usb: mon: Fix atomicity violation in mon_bin_vma_fault
usb: chipidea: wait controller resume finished for wakeup irq
usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host()
tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug
binder: fix unused alloc->free_async_space
binder: fix race between mmput() and do_exit()
xen-netback: don't produce zero-size SKB frags
Input: atkbd - use ab83 as id when skipping the getid command
binder: fix async space check for 0-sized buffers
watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling
watchdog: set cdev owner before adding
gpu/drm/radeon: fix two memleaks in radeon_vm_init
drivers/amd/pm: fix a use-after-free in kv_parse_power_table
drm/amd/pm: fix a double-free in si_dpm_init
media: dvbdev: drop refcount on error path in dvb_device_open()
media: cx231xx: fix a memleak in cx231xx_init_isoc
drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table
drm/radeon/dpm: fix a memleak in sumo_parse_power_table
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
drm/drv: propagate errors from drm_modeset_register_all()
drm/msm/mdp4: flush vblank event on disable
ASoC: cs35l34: Fix GPIO name and drop legacy include
ASoC: cs35l33: Fix GPIO name and drop legacy include
drm/radeon: check return value of radeon_ring_lock()
drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check()
drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg()
f2fs: fix to avoid dirent corruption
drm/bridge: Fix typo in post_disable() description
media: pvrusb2: fix use after free on context disconnection
RDMA/usnic: Silence uninitialized symbol smatch warnings
ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
Bluetooth: Fix bogus check for re-auth no supported with non-ssp
wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
rtlwifi: rtl8192de: make arrays static const, makes object smaller
wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
wifi: rtlwifi: add calculate_bit_shift()
wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior
rtlwifi: Use ffs in <foo>_phy_calculate_bit_shift
firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create()
net/ncsi: Fix netlink major/minor version numbers
ncsi: internal.h: Fix a spello
wifi: libertas: stop selecting wext
bpf, lpm: Fix check prefixlen before walking trie
NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT
crypto: scomp - fix req->dst buffer overflow
crypto: scompress - Use per-CPU struct instead multiple variables
crypto: scompress - return proper error code for allocation failure
crypto: sahara - do not resize req->src when doing hash operations
crypto: sahara - fix processing hash requests with req->nbytes < sg->length
crypto: sahara - improve error handling in sahara_sha_process()
crypto: sahara - fix wait_for_completion_timeout() error handling
crypto: sahara - fix ahash reqsize
crypto: virtio - Wait for tasklet to complete on device remove
pstore: ram_core: fix possible overflow in persistent_ram_init_ecc()
crypto: sahara - fix error handling in sahara_hw_descriptor_create()
crypto: sahara - fix processing requests with cryptlen < sg->length
crypto: sahara - fix ahash selftest failure
crypto: sahara - remove FLAGS_NEW_KEY logic
crypto: af_alg - Disallow multiple in-flight AIO requests
crypto: ccp - fix memleak in ccp_init_dm_workarea
crypto: virtio - Handle dataq logic with tasklet
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
calipso: fix memory leak in netlbl_calipso_add_pass()
netlabel: remove unused parameter in netlbl_netlink_auditinfo()
net: netlabel: Fix kerneldoc warnings
ACPI: video: check for error while searching for backlight device parent
mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response
powerpc/imc-pmu: Add a null pointer check in update_events_in_group()
powerpc/powernv: Add a null pointer check in opal_event_init()
selftests/powerpc: Fix error handling in FPU/VMX preemption tests
powerpc/pseries/memhp: Fix access beyond end of drmem array
powerpc/pseries/memhotplug: Quieten some DLPAR operations
powerpc/44x: select I2C for CURRITUCK
powerpc: remove redundant 'default n' from Kconfig-s
powerpc: add crtsavres.o to always-y instead of extra-y
EDAC/thunderx: Fix possible out-of-bounds string access
x86/lib: Fix overflow when counting digits
coresight: etm4x: Fix width of CCITMIN field
uio: Fix use-after-free in uio_open
binder: fix comment on binder_alloc_new_buf() return value
drm/crtc: fix uninitialized variable use
Input: xpad - add Razer Wolverine V2 support
ARC: fix spare error
s390/scm: fix virtual vs physical address confusion
Input: atkbd - skip ATKBD_CMD_GETID in translated mode
reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI
tracing: Add size check when printing trace_marker output
tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing
drm/crtc: Fix uninit-value bug in drm_mode_setcrtc
jbd2: correct the printing of write_flags in jbd2_write_superblock()
clk: rockchip: rk3128: Fix HCLK_OTG gate register
drm/exynos: fix a potential error pointer dereference
ASoC: da7219: Support low DC impedance headset
net/tg3: fix race condition in tg3_reset_task()
ASoC: rt5650: add mutex to avoid the jack detection failure
ASoC: cs43130: Fix incorrect frame delay configuration
ASoC: cs43130: Fix the position of const qualifier
f2fs: explicitly null-terminate the xattr list
LTS: Update to 4.14.337
ipv6: remove max_size check inline with ipv4
ipv6: make ip6_rt_gc_expire an atomic_t
net/dst: use a smaller percpu_counter batch for dst entries accounting
net: add a route cache full diagnostic message
netfilter: nf_tables: Reject tables of unsupported family
fuse: nlookup missing decrement in fuse_direntplus_link
mm: fix unmap_mapping_range high bits shift bug
mm/memory-failure: check the mapcount of the precise page
bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters()
asix: Add check for usbnet_get_endpoints
net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues
net/qla3xxx: switch from 'pci_' to 'dma_' API
LTS: create metadata for 4.14.y
Conflicts:
drivers/android/binder_alloc.c
drivers/infiniband/ulp/srpt/ib_srpt.c
fs/aio.c
fs/f2fs/namei.c
include/linux/fs.h
kernel/power/swap.c
mm/memory-failure.c
Change-Id: I559d04dc6e27861ffd63ac8ae8ae9db8ff498e24
|
||
|
Carlos Llamas
|
09f65d968e |
binder: fix unused alloc->free_async_space
commit c6d05e0762ab276102246d24affd1e116a46aa0c upstream. Each transaction is associated with a 'struct binder_buffer' that stores the metadata about its buffer area. Since commit |
||
|
Carlos Llamas
|
553b9fbf5d |
binder: fix race between mmput() and do_exit()
commit 9a9ab0d963621d9d12199df9817e66982582d5a5 upstream.
Task A calls binder_update_page_range() to allocate and insert pages on
a remote address space from Task B. For this, Task A pins the remote mm
via mmget_not_zero() first. This can race with Task B do_exit() and the
final mmput() refcount decrement will come from Task A.
Task A | Task B
------------------+------------------
mmget_not_zero() |
| do_exit()
| exit_mm()
| mmput()
mmput() |
exit_mmap() |
remove_vma() |
fput() |
In this case, the work of ____fput() from Task B is queued up in Task A
as TWA_RESUME. So in theory, Task A returns to userspace and the cleanup
work gets executed. However, Task A instead sleep, waiting for a reply
from Task B that never comes (it's dead).
This means the binder_deferred_release() is blocked until an unrelated
binder event forces Task A to go back to userspace. All the associated
death notifications will also be delayed until then.
In order to fix this use mmput_async() that will schedule the work in
the corresponding mm->async_put_work WQ instead of Task A.
Fixes:
|
||
|
Carlos Llamas
|
d0bbd4afe4 |
binder: fix async space check for 0-sized buffers
commit 3091c21d3e9322428691ce0b7a0cfa9c0b239eeb upstream.
Move the padding of 0-sized buffers to an earlier stage to account for
this round up during the alloc->free_async_space check.
Fixes:
|
||
|
Carlos Llamas
|
40db091e8d |
binder: fix comment on binder_alloc_new_buf() return value
commit e1090371e02b601cbfcea175c2a6cc7c955fa830 upstream.
Update the comments of binder_alloc_new_buf() to reflect that the return
value of the function is now ERR_PTR(-errno) on failure.
No functional changes in this patch.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Michael Bestas
|
eee597de47 |
Merge tag 'ASB-2023-09-05_4.14-stable' of https://android.googlesource.com/kernel/common into android13-4.14-msmnile
https://source.android.com/docs/security/bulletin/2023-09-01 * tag 'ASB-2023-09-05_4.14-stable' of https://android.googlesource.com/kernel/common: Linux 4.14.325 Revert "ARM: ep93xx: fix missing-prototype warnings" Revert "MIPS: Alchemy: fix dbdma2" Linux 4.14.324 dma-buf/sw_sync: Avoid recursive lock during fence signal scsi: core: raid_class: Remove raid_component_add() scsi: snic: Fix double free in snic_tgt_create() rtnetlink: Reject negative ifindexes in RTM_NEWLINK x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 media: vcodec: Fix potential array out-of-bounds in encoder queue_setup lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels batman-adv: Fix batadv_v_ogm_aggr_send memory leak batman-adv: Fix TT global entry leak when client roamed back batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Trigger events for auto adjusted MTU ibmveth: Use dcbf rather than dcbfl ipvs: fix racy memcpy in proc_do_sync_threshold ipvs: Improve robustness to the ipvs sysctl igb: Avoid starting unnecessary workqueues sock: annotate data-races around prot->memory_pressure tracing: Fix memleak due to race between current_tracer and trace net: phy: broadcom: stub c45 read/write for 54810 net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled af_unix: Fix null-ptr-deref in unix_stream_sendpage(). ASoC: rt5665: add missed regulator_bulk_disable netfilter: set default timeout to 3 secs for sctp shutdown send and recv state test_firmware: prevent race conditions by a correct implementation of locking binder: fix memory leak in binder_init() serial: 8250: Fix oops for port->pm on uart_change_pm() mmc: wbsd: fix double mmc_free_host() in wbsd_init() cifs: Release folio lock on fscache read hit. ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. net: do not allow gso_size to be set to GSO_BY_FRAGS sock: Fix misuse of sk_under_memory_pressure() i40e: fix misleading debug logs team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves netfilter: nft_dynset: disallow object maps xfrm: add NULL check in xfrm_update_ae_params ip_vti: fix potential slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 net: af_key: fix sadb_x_filter validation net: xfrm: Fix xfrm_address_filter OOB read fbdev: mmp: fix value check in mmphw_probe() drm/amdgpu: Fix potential fence use-after-free v2 Bluetooth: L2CAP: Fix use-after-free pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() gfs2: Fix possible data races in gfs2_show_options() media: platform: mediatek: vpu: fix NULL ptr dereference media: v4l2-mem2mem: add lock to protect parameter num_rdy FS: JFS: Check for read-only mounted filesystem in txBegin FS: JFS: Fix null-ptr-deref Read in txBegin MIPS: dec: prom: Address -Warray-bounds warning fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev udf: Fix uninitialized array access for some pathnames quota: fix warning in dqgrab() quota: Properly disable quotas when add_dquot_ref() fails ALSA: emu10k1: roll up loops in DSP setup code for Audigy drm/radeon: Fix integer overflow in radeon_cs_parser_init lib/mpi: Eliminate unused umul_ppmm definitions for MIPS UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Linux 4.14.323 alpha: remove __init annotation from exported page_is_ram() scsi: core: Fix possible memory leak if device_add() fails scsi: snic: Fix possible memory leak if device_add() fails scsi: 53c700: Check that command slot is not NULL scsi: storvsc: Fix handling of virtual Fibre Channel timeouts scsi: core: Fix legacy /proc parsing buffer overflow netfilter: nf_tables: report use refcount overflow btrfs: don't stop integrity writeback too early IB/hfi1: Fix possible panic during hotplug remove drivers: net: prevent tun_build_skb() to exceed the packet size limit dccp: fix data-race around dp->dccps_mss_cache bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves net/packet: annotate data-races around tp->status drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes x86: Move gds_ucode_mitigated() declaration to header x86/mm: Fix VDSO and VVAR placement on 5-level paging machines usb: dwc3: Properly handle processing of pending events usb-storage: alauda: Fix uninit-value in alauda_check_media() iio: cros_ec: Fix the allocation size for cros_ec_command test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput radix tree test suite: fix incorrect allocation size for pthreads dmaengine: pl330: Return DMA_PAUSED when transaction is paused ipv6: adjust ndisc_is_useropt() to also return true for PIO mmc: moxart: read scr register without changing byte order sparc: fix up arch_cpu_finalize_init() build breakage. Linux 4.14.322 drm/edid: fix objtool warning in drm_cvt_modes() mtd: rawnand: omap_elm: Fix incorrect type in assignment test_firmware: fix a memory leak with reqs buffer ext2: Drop fragment support net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb fs/sysv: Null check to prevent null-ptr-deref bug USB: zaurus: Add ID for A-300/B-500/C-700 libceph: fix potential hang in ceph_osdc_notify() loop: Select I/O scheduler 'none' from inside add_disk() tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen tcp_metrics: annotate data-races around tm->tcpm_net tcp_metrics: annotate data-races around tm->tcpm_vals[] tcp_metrics: annotate data-races around tm->tcpm_lock tcp_metrics: annotate data-races around tm->tcpm_stamp tcp_metrics: fix addr_same() helper ip6mr: Fix skb_under_panic in ip6mr_cache_report() net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free net: add missing data-race annotation for sk_ll_usec net: add missing data-race annotations around sk->sk_peek_off perf test uprobe_from_different_cu: Skip if there is no gcc net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() word-at-a-time: use the same return type for has_zero regardless of endianness perf: Fix function pointer case net/sched: cls_u32: Fix reference counter leak leading to overflow net/sched: sch_qfq: account for stab overhead in qfq_enqueue net/sched: cls_fw: Fix improper refcount update leads to use-after-free drm/client: Fix memory leak in drm_client_target_cloned dm cache policy smq: ensure IO doesn't prevent cleaner policy progress ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register s390/dasd: fix hanging device after quiesce/resume irq-bcm6345-l1: Do not assume a fixed block to cpu mapping tpm_tis: Explicitly check for error code hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group usb: xhci-mtk: set the dma max_seg_size usb: ohci-at91: Fix the unhandle interrupt when resume can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED USB: serial: simple: sort driver entries USB: serial: simple: add Kaufmann RKS+CAN VCP USB: serial: option: add Quectel EC200A module support USB: serial: option: support Quectel EM060K_128 tracing: Fix warning in trace_buffered_event_disable() ring-buffer: Fix wrong stat of cpu_buffer->read ata: pata_ns87415: mark ns87560_tf_read static dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths block: Fix a source code comment in include/uapi/linux/blkzoned.h ASoC: fsl_spdif: Silence output on stop benet: fix return value check in be_lancer_xmit_workarounds() platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 team: reset team's flags when down link is P2P device bonding: reset bond's flags when down link is P2P device tcp: Reduce chance of collisions in inet6_hashfn(). ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address ethernet: atheros: fix return value check in atl1e_tso_csum() i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() gpio: tps68470: Make tps68470_gpio_output() always set the initial value tcp: annotate data-races around fastopenq.max_qlen tcp: annotate data-races around tp->notsent_lowat tcp: annotate data-races around rskq_defer_accept netfilter: nf_tables: fix spurious set element insertion failure llc: Don't drop packet from non-root netns. fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() pinctrl: amd: Use amd_pinconf_set() for all config options fbdev: imxfb: warn about invalid left/right margin spi: bcm63xx: fix max prepend length igb: Fix igb_down hung on surprise removal wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() bpf: Address KCSAN report on bpf_lru_list sched/fair: Don't balance task to its current running CPU posix-timers: Ensure timer ID search-loop limit is valid md/raid10: prevent soft lockup while flush writes md: fix data corruption for raid456 when reshape restart while grow up nbd: Add the maximum limit of allocated index in nbd_dev_add debugobjects: Recheck debug_objects_enabled before reporting ext4: correct inline offset when handling xattrs in inode body can: bcm: Fix UAF in bcm_proc_show() fuse: revalidate: don't invalidate if interrupted perf probe: Add test for regression introduced by switch to die_get_decl_file() serial: atmel: don't enable IRQs prematurely scsi: qla2xxx: Pointer may be dereferenced scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Wait for io return on terminate rport xtensa: ISS: fix call to split_if_spec ring-buffer: Fix deadloop issue on reading trace_pipe tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Revert "8250: add support for ASIX devices with a FIFO bug" meson saradc: fix clock divider mask length hwrng: imx-rngc - fix the timeout for init and self check fs: dlm: return positive pid value for F_GETLK md/raid0: add discard support for the 'original' layout misc: pci_endpoint_test: Re-init completion for every test PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 jfs: jfs_dmap: Validate db_l2nbperpage while mounting ext4: only update i_reserved_data_blocks on successful block allocation ext4: fix wrong unit use in ext4_mb_clear_bb perf intel-pt: Fix CYC timestamps after standalone CBR SUNRPC: Fix UAF in svc_tcp_listen_data_ready() tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation net/sched: make psched_mtu() RTNL-less safe wifi: airo: avoid uninitialized warning in airo_get_rate() ipv6/addrconf: fix a potential refcount underflow for idev NTB: ntb_transport: fix possible memory leak while device_register() fails ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: idt: Fix error handling in idt_pci_driver_init() udp6: fix udp6_ehashfn() typo net: mvneta: fix txq_map in case of txq_number==1 workqueue: clean up WORK_* constant types, clarify masking netfilter: nf_tables: prevent OOB access in nft_byteorder_eval netfilter: conntrack: Avoid nf_ct_helper_hash uses after free netfilter: nf_tables: unbind non-anonymous set if rule construction fails netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE spi: spi-fsl-spi: allow changing bits_per_word while CS is still active spi: spi-fsl-spi: relax message sanity checking a little spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg ARM: orion5x: fix d2net gpio initialization btrfs: fix race when deleting quota root from the dirty cow roots list jffs2: reduce stack usage in jffs2_build_xattr_subsystem() integrity: Fix possible multiple allocation in integrity_inode_get() mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M mmc: core: disable TRIM on Kingston EMMC04G-M627 NFSD: add encoding of op_recall flag for write delegation sh: dma: Fix DMA channel offset calculation net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX tcp: annotate data races in __tcp_oow_rate_limited() net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Add MODULE_FIRMWARE() for FIRMWARE_TG357766. sctp: fix potential deadlock on &net->sctp.addr_wq_lock rtc: st-lpc: Release some resources in st_rtc_probe() in case of error mfd: stmpe: Only disable the regulators if they are enabled mfd: intel-lpss: Add missing check for platform_get_resource mfd: rt5033: Drop rt5033-battery sub-device usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() extcon: Fix kernel doc of property capability fields to avoid warnings extcon: Fix kernel doc of property fields to avoid warnings media: usb: siano: Fix warning due to null work_func_t function pointer media: videodev2.h: Fix struct v4l2_input tuner index comment media: usb: Check az6007_read() return value sh: j2: Use ioremap() to translate device tree address into kernel memory w1: fix loop in w1_fini() block: change all __u32 annotations to __be32 in affs_hardblocks.h USB: serial: option: add LARA-R6 01B PIDs modpost: fix off by one in is_executable_section() modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} modpost: fix section mismatch message for R_ARM_ABS32 crypto: nx - fix build warnings when DEBUG_FS is not enabled pinctrl: at91-pio4: check return value of devm_kasprintf() perf dwarf-aux: Fix off-by-one in die_get_varname() pinctrl: cherryview: Return correct value if pin in push-pull mode PCI: Add pci_clear_master() stub for non-CONFIG_PCI scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer drm/radeon: fix possible division-by-zero errors fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() soc/fsl/qe: fix usb.c build errors ASoC: es8316: Increment max value for ALC Capture Target Volume control ARM: ep93xx: fix missing-prototype warnings drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Input: adxl34x - do not hardcode interrupt trigger type ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Input: drv260x - sleep between polling GO bit radeon: avoid double free in ci_dpm_init() netlink: Add __sock_i_ino() for __netlink_diag_dump(). netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. lib/ts_bm: reset initial match offset for every block of text gtp: Fix use-after-free in __gtp_encap_destroy(). netlink: do not hard code device address lenth in fdb dumps netlink: fix potential deadlock in netlink_set_err() wifi: ath9k: convert msecs to jiffies where needed wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() memstick r592: make memstick_debug_get_tpc_name() static kexec: fix a memory leak in crash_shrink_memory() watchdog/perf: more properly prevent false positives with turbo modes watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes wifi: ray_cs: Fix an error handling path in ray_probe() wifi: wl3501_cs: Fix an error handling path in wl3501_probe() wifi: atmel: Fix an error handling path in atmel_probe() wifi: orinoco: Fix an error handling path in orinoco_cs_probe() wifi: orinoco: Fix an error handling path in spectrum_cs_probe() wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation evm: Complete description of evm_inode_setattr() PM: domains: fix integer overflow issues in genpd_parse_state() md/raid10: fix io loss while replacement replace rdev md/raid10: fix wrong setting of max_corr_read_errors md/raid10: fix overflow of md/safe_mode_delay treewide: Remove uninitialized_var() usage drm/amdgpu: Validate VM ioctl flags. scripts/tags.sh: Resolve gtags empty index generation drm/edid: Fix uninitialized variable in drm_cvt_modes() fbdev: imsttfb: Fix use after free bug in imsttfb_probe x86/smp: Use dedicated cache-line for mwait_play_dead() x86/microcode/AMD: Load late on both threads too gfs2: Don't deref jdesc in evict Linux 4.14.321 x86: fix backwards merge of GDS/SRSO bit xen/netback: Fix buffer overrun triggered by unusual packet Documentation/x86: Fix backwards on/off logic about YMM support x86/xen: Fix secondary processors' FPU initialization KVM: Add GDS_NO support to KVM x86/speculation: Add Kconfig option for GDS x86/speculation: Add force option to GDS mitigation x86/speculation: Add Gather Data Sampling mitigation x86/fpu: Move FPU initialization into arch_cpu_finalize_init() x86/fpu: Mark init functions __init x86/fpu: Remove cpuinfo argument from init functions init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() init: Invoke arch_cpu_finalize_init() earlier init: Remove check_bugs() leftovers um/cpu: Switch to arch_cpu_finalize_init() sparc/cpu: Switch to arch_cpu_finalize_init() sh/cpu: Switch to arch_cpu_finalize_init() mips/cpu: Switch to arch_cpu_finalize_init() m68k/cpu: Switch to arch_cpu_finalize_init() ia64/cpu: Switch to arch_cpu_finalize_init() ARM: cpu: Switch to arch_cpu_finalize_init() x86/cpu: Switch to arch_cpu_finalize_init() init: Provide arch_cpu_finalize_init() Conflicts: drivers/usb/dwc3/gadget.c Change-Id: I768a646cf224b88cc616358f481218f16671094b |
||
|
Greg Kroah-Hartman
|
274c7d23b7 |
Merge 4.14.324 into android-4.14-stable
Changes in 4.14.324 lib/mpi: Eliminate unused umul_ppmm definitions for MIPS drm/radeon: Fix integer overflow in radeon_cs_parser_init ALSA: emu10k1: roll up loops in DSP setup code for Audigy quota: Properly disable quotas when add_dquot_ref() fails quota: fix warning in dqgrab() udf: Fix uninitialized array access for some pathnames fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev MIPS: dec: prom: Address -Warray-bounds warning FS: JFS: Fix null-ptr-deref Read in txBegin FS: JFS: Check for read-only mounted filesystem in txBegin media: v4l2-mem2mem: add lock to protect parameter num_rdy media: platform: mediatek: vpu: fix NULL ptr dereference gfs2: Fix possible data races in gfs2_show_options() pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() Bluetooth: L2CAP: Fix use-after-free drm/amdgpu: Fix potential fence use-after-free v2 fbdev: mmp: fix value check in mmphw_probe() net: xfrm: Fix xfrm_address_filter OOB read net: af_key: fix sadb_x_filter validation ip6_vti: fix slab-use-after-free in decode_session6 ip_vti: fix potential slab-use-after-free in decode_session6 xfrm: add NULL check in xfrm_update_ae_params netfilter: nft_dynset: disallow object maps team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves i40e: fix misleading debug logs sock: Fix misuse of sk_under_memory_pressure() net: do not allow gso_size to be set to GSO_BY_FRAGS ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. cifs: Release folio lock on fscache read hit. mmc: wbsd: fix double mmc_free_host() in wbsd_init() serial: 8250: Fix oops for port->pm on uart_change_pm() binder: fix memory leak in binder_init() test_firmware: prevent race conditions by a correct implementation of locking netfilter: set default timeout to 3 secs for sctp shutdown send and recv state ASoC: rt5665: add missed regulator_bulk_disable af_unix: Fix null-ptr-deref in unix_stream_sendpage(). net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: phy: broadcom: stub c45 read/write for 54810 tracing: Fix memleak due to race between current_tracer and trace sock: annotate data-races around prot->memory_pressure igb: Avoid starting unnecessary workqueues ipvs: Improve robustness to the ipvs sysctl ipvs: fix racy memcpy in proc_do_sync_threshold ibmveth: Use dcbf rather than dcbfl batman-adv: Trigger events for auto adjusted MTU batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Fix TT global entry leak when client roamed back batman-adv: Fix batadv_v_ogm_aggr_send memory leak lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels media: vcodec: Fix potential array out-of-bounds in encoder queue_setup x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 rtnetlink: Reject negative ifindexes in RTM_NEWLINK scsi: snic: Fix double free in snic_tgt_create() scsi: core: raid_class: Remove raid_component_add() dma-buf/sw_sync: Avoid recursive lock during fence signal Linux 4.14.324 Change-Id: I91a1deeaf4c37592b26abd9d9314eff77329c0f0 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Qi Zheng
|
486dd742ba |
binder: fix memory leak in binder_init()
commit adb9743d6a08778b78d62d16b4230346d3508986 upstream.
In binder_init(), the destruction of binder_alloc_shrinker_init() is not
performed in the wrong path, which will cause memory leaks. So this commit
introduces binder_alloc_shrinker_exit() and calls it in the wrong path to
fix that.
Signed-off-by: Qi Zheng <zhengqi.arch@bytedance.com>
Acked-by: Carlos Llamas <cmllamas@google.com>
Fixes:
|
||
|
Michael Bestas
|
0801c4b226 |
Merge tag 'ASB-2022-09-05_4.14-stable' of https://android.googlesource.com/kernel/common into android13-4.14-msmnile
https://source.android.com/docs/security/bulletin/2022-09-01 CVE-2022-20399 CVE-2022-23960 CVE-2021-4083 CVE-2022-29582 * tag 'ASB-2022-09-05_4.14-stable' of https://android.googlesource.com/kernel/common: Linux 4.14.291 MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 video: fbdev: i740fb: Check the argument of i740_calc_vclk() powerpc/64: Init jump labels before parse_early_param() smb3: check xattr value length earlier ALSA: timer: Use deferred fasync helper ALSA: core: Add async signal helpers mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start vfio: Clear the caps->buf to NULL after free tty: serial: Fix refcount leak bug in ucc_uart.c ext4: avoid resizing to a partial cluster size ext4: avoid remove directory when directory is corrupted drivers:md:fix a potential use-after-free bug cxl: Fix a memory leak in an error handling path gadgetfs: ep_io - wait until IRQ finishes clk: qcom: ipq8074: dont disable gcc_sleep_clk_src usb: host: ohci-ppc-of: Fix refcount leak bug irqchip/tegra: Fix overflow implicit truncation warnings PCI: Add ACS quirk for Broadcom BCM5750x NICs drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() btrfs: only write the sectors in the vertical stripe which has data stripes kbuild: clear LDFLAGS in the top Makefile igb: Add lock to avoid data race fec: Fix timer capture timing in `fec_ptp_enable_pps()` i40e: Fix to stop tx_timeout recovery if GLOBR fails powerpc/pci: Fix get_phb_number() locking netfilter: nf_tables: really skip inactive sets when allocating name nios2: add force_successful_syscall_return() nios2: restarts apply only to the first sigframe we build... nios2: fix syscall restart checks nios2: traced syscall does need to check the syscall number atm: idt77252: fix use-after-free bugs caused by tst_timer nios2: don't leave NULLs in sys_call_table[] xen/xenbus: fix return type in xenbus_file_read() nios2: page fault et.al. are *not* restartable syscalls... tools build: Switch to new openssl API for test-libcrypto vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() vsock: Fix memory leak in vsock_connect() geneve: do not use RT_TOS for IPv6 flowlabel ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map SUNRPC: Reinitialise the backchannel request buffers before reuse NFSv4.1: RECLAIM_COMPLETE must handle EACCES NFSv4: Fix races in the legacy idmapper upcall apparmor: fix reference count leak in aa_pivotroot() apparmor: fix aa_label_asxprint return check apparmor: Fix failed mount permission check error message apparmor: fix quiet_denied for file rules can: ems_usb: fix clang's -Wunaligned-access warning btrfs: fix lost error handling when looking up extended ref on log replay ata: libata-eh: Add missing command name rds: add missing barrier to release_refill ALSA: info: Fix llseek return value when using callback scsi: sg: Allow waiting for commands to complete on removed device powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E tcp: fix over estimation in sk_forced_mem_schedule() net_sched: cls_route: disallow handle of 0 KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() net/9p: Initialize the iounit field during fid creation Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq KVM: Add infrastructure and macro to mark VM as bugged btrfs: reject log replay if there is unsupported RO compat flag net_sched: cls_route: remove from list when handle is 0 dm raid: fix address sanitizer warning in raid_status dm raid: fix address sanitizer warning in raid_resume intel_th: pci: Add Meteor Lake-P support intel_th: pci: Add Raptor Lake-S PCH support intel_th: pci: Add Raptor Lake-S CPU support ext4: correct the misjudgment in ext4_iget_extra_inode ext4: correct max_inline_xattr_value_size computing ext4: fix extent status tree race in writeback error recovery path ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix use-after-free in ext4_xattr_set_entry ext4: make sure ext4_append() always allocates new block x86/olpc: fix 'logical not is only applied to the left hand side' ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h scsi: zfcp: Fix missing auto port scan and thus missing target ports spmi: trace: fix stack-out-of-bound access in SPMI tracing functions video: fbdev: s3fb: Check the size of screen before memset_io() video: fbdev: arkfb: Check the size of screen before memset_io() video: fbdev: vt8623fb: Check the size of screen before memset_io() tools/thermal: Fix possible path truncations video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() x86/numa: Use cpumask_available instead of hardcoded NULL check genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO powerpc/pci: Fix PHB numbering when using opal-phbid kprobes: Forbid probing on trampoline and BPF code areas powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address powerpc/xive: Fix refcount leak in xive_get_max_prio powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias video: fbdev: sis: fix typos in SiS_GetModeID() video: fbdev: amba-clcd: Fix refcount leak bugs s390/zcore: fix race when reading from hardware system area iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop mfd: t7l66xb: Drop platform disable callback kfifo: fix kfifo_to_user() return type iommu/exynos: Handle failed IOMMU device registration properly remoteproc: qcom: wcnss: Fix handling of IRQs tty: n_gsm: fix DM command tty: n_gsm: fix race condition in gsmld_write() tty: n_gsm: fix wrong T1 retry count handling tty: n_gsm: fix packet re-transmission without open control channel vfio/ccw: Do not change FSM state in subchannel event tty: n_gsm: fix non flow control frames during mux flow off profiling: fix shift too large makes kernel panic ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe ASoC: codecs: da7210: add check for i2c_add_driver ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted ext4: recover csum seed of tmp_inode after migrating to extents RDMA/rxe: Fix error unwind in rxe_create_qp() mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region RDMA/hfi1: fix potential memory leak in setup_base_ctxt() platform/olpc: Fix uninitialized data in debugfs write usb: gadget: udc: amd5536 depends on HAS_DMA USB: serial: fix tty-port initialized comments scsi: smartpqi: Fix DMA direction for RAID requests mmc: cavium-thunderx: Add of_node_put() when breaking out of loop mmc: cavium-octeon: Add of_node_put() when breaking out of loop gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R memstick/ms_block: Fix a memory leak memstick/ms_block: Fix some incorrect memory allocation mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch misc: rtsx: Fix an error handling path in rtsx_pci_probe() usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe fpga: altera-pr-ip: fix unsigned comparison with less than zero mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release mtd: maps: Fix refcount leak in ap_flash_init mtd: maps: Fix refcount leak in of_flash_probe_versatile dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock net: rose: fix netdev reference changes wifi: libertas: Fix possible refcount leak in if_usb_probe() wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` i2c: mux-gpmux: Add of_node_put() when breaking out of loop i2c: cadence: Support PEC for SMBus block read Bluetooth: hci_intel: Add check for platform_driver_register can: pch_can: pch_can_error(): initialize errc before using it can: error: specify the values of data[5..7] of CAN error frames can: usb_8dev: do not report txerr and rxerr during bus-off can: sun4i_can: do not report txerr and rxerr during bus-off can: hi311x: do not report txerr and rxerr during bus-off can: sja1000: do not report txerr and rxerr during bus-off fs: check FMODE_LSEEK to control internal pipe splicing selftests: timers: clocksource-switch: fix passing errors from child can: rcar_can: do not report txerr and rxerr during bus-off selftests: timers: valid-adjtimex: build fix for newer toolchains can: pch_can: do not report txerr and rxerr during bus-off wifi: p54: add missing parentheses in p54_flush() wifi: p54: Fix an error handling path in p54spi_probe() wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() tcp: make retransmitted SKB fit into the send window media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment drm: bridge: sii8620: fix possible off-by-one drm/mediatek: dpi: Remove output format of YUV drm/rockchip: vop: Don't crash for invalid duplicate_state() drm/vc4: dsi: Correct DSI divider calculations media: hdpvr: fix error value returns in hdpvr_read drm: bridge: adv7511: Add check for mipi_dsi_driver_register wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() ath9k: fix use-after-free in ath9k_hif_usb_rx_cb i2c: Fix a potential use after free drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() dm: return early from dm_pr_call() if DM device is suspended thermal/tools/tmon: Include pthread and time headers in tmon.h regulator: of: Fix refcount leak bug in of_get_regulation_constraints() arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node ARM: dts: qcom: pm8841: add required thermal-sensor-cells cpufreq: zynq: Fix refcount leak in zynq_get_revision soc: fsl: guts: machine variable might be unset ARM: dts: ast2500-evb: fix board compatible x86/pmem: Fix platform-device leak in error path ARM: bcm: Fix refcount leak in bcm_kona_smc_init ARM: findbit: fix overflowing offset selinux: Add boundary check in put_entry() PM: hibernate: defer device probing when resuming from hibernation ACPI: LPSS: Fix missing check in register_device_clock() ACPI: PM: save NVS memory for Lenovo G40-45 ARM: OMAP2+: display: Fix refcount leak bug ARM: dts: imx6ul: fix qspi node compatible ARM: dts: imx6ul: add missing properties for sram ext2: Add more validity checks for inode counts arm64: fix oops in concurrently setting insn_emulation sysctls arm64: Do not forget syscall when starting a new thread. netfilter: nf_tables: fix null deref due to zeroed list head USB: HCD: Fix URB giveback issue in tasklet function MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK powerpc/powernv: Avoid crashing if rng is NULL powerpc/fsl-pci: Fix Class Code of PCIe Root Port PCI: Add defines for normal and subtractive PCI bridges ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() md-raid10: fix KASAN warning fuse: limit nsec iio: light: isl29028: Fix the warning in isl29028_remove() drm/amdgpu: Check BO's requested pinning domains against its preferred_domains drm/nouveau: fix another off-by-one in nvbios_addr parisc: Fix device names in /proc/iomem usbnet: Fix linkwatch use-after-free on disconnect fs: Add missing umask strip in vfs_tmpfile vfs: Check the truncate maximum size in inode_newsize_ok() ALSA: hda/cirrus - support for iMac 12,1 model ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 HID: wacom: Don't register pad_input for touch switch add barriers to buffer_uptodate and set_buffer_uptodate ALSA: bcd2000: Fix a UAF bug on the error path of probing x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments Makefile: link with -z noexecstack --no-warn-rwx-segments macintosh/adb: fix oob read in do_adb_query() function ACPI: video: Shortening quirk list by identifying Clevo by board_name only ACPI: video: Force backlight native for some TongFang devices mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. ARM: crypto: comment out gcc warning that breaks clang builds netfilter: nf_queue: do not allow packet truncation below transport header offset net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() net: ping6: Fix memleak in ipv6_renew_options(). scsi: ufs: host: Hold reference returned by of_parse_phandle() s390/archrandom: prevent CPACF trng invocations in interrupt context ntfs: fix use-after-free in ntfs_ucsncmp() Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put FROMLIST: binder: fix UAF of ref->proc caused by race condition UPSTREAM: x86/pci: Fix the function type for check_reserved_t Linux 4.14.290 PCI: hv: Fix interrupt mapping for multi-MSI PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI PCI: hv: Fix multi-MSI to allow more than one MSI vector net: usb: ax88179_178a needs FLAG_SEND_ZLP tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() tty: drop tty_schedule_flip() tty: the rest, stop using tty_schedule_flip() tty: drivers/tty/, stop using tty_schedule_flip() Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks Bluetooth: SCO: Fix sco_send_frame returning skb->len Bluetooth: Fix passing NULL to PTR_ERR Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg Bluetooth: Add bt_skb_sendmmsg helper Bluetooth: Add bt_skb_sendmsg helper ALSA: memalloc: Align buffer allocations in page size tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator drm/tilcdc: Remove obsolete crtc_mode_valid() hack bpf: Make sure mac_header was set before using it mm/mempolicy: fix uninit-value in mpol_rebind_policy() Revert "Revert "char/random: silence a lockdep splat with printk()"" be2net: Fix buffer overflow in be_get_module_eeprom tcp: Fix a data-race around sysctl_tcp_notsent_lowat. igmp: Fix a data-race around sysctl_igmp_max_memberships. igmp: Fix data-races around sysctl_igmp_llm_reports. net: stmmac: fix dma queue left shift overflow issue i2c: cadence: Change large transfer count reset logic to be unconditional tcp: Fix a data-race around sysctl_tcp_probe_interval. tcp: Fix a data-race around sysctl_tcp_probe_threshold. tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. ip: Fix a data-race around sysctl_fwmark_reflect. perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE Change-Id: Iab76f00bf045e70ec56279ce70a6ce8a212c1ac0 |
||
|
Michael Bestas
|
d71d5354f8 |
Merge tag 'ASB-2022-08-05_4.14-stable' of https://android.googlesource.com/kernel/common into android13-4.14-msmnile
https://source.android.com/security/bulletin/2022-08-01 CVE-2022-1786 # By Greg Kroah-Hartman (147) and others # Via Greg Kroah-Hartman (98) and others * tag 'ASB-2022-08-05_4.14-stable' of https://android.googlesource.com/kernel/common: FROMGIT: arm64: fix oops in concurrently setting insn_emulation sysctls Linux 4.14.289 can: m_can: m_can_tx_handler(): fix use after free of skb mm: invalidate hwpoison page cache page in fault path serial: 8250: fix return error code in serial8250_request_std_resource() tty: serial: samsung_tty: set dma burst_size to 1 usb: dwc3: gadget: Fix event pending check USB: serial: ftdi_sio: add Belimo device ids signal handling: don't use BUG_ON() for debugging x86: Clear .brk area at early boot irqchip: or1k-pic: Undefine mask_ack for level triggered hardware ASoC: wm5110: Fix DRE control ASoC: ops: Fix off by one in range control validation net: sfp: fix memory leak in sfp_probe() NFC: nxp-nci: don't print header length mismatch on i2c error net: tipc: fix possible refcount leak in tipc_sk_create() platform/x86: hp-wmi: Ignore Sanitization Mode event cpufreq: pmac32-cpufreq: Fix refcount leak bug netfilter: br_netfilter: do not skip all hooks with 0 priority virtio_mmio: Restore guest page size on resume virtio_mmio: Add missing PM calls to freeze/restore sfc: fix kernel panic when creating VF seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors seg6: fix skb checksum evaluation in SRH encapsulation/insertion sfc: fix use after free when disabling sriov ipv4: Fix data-races around sysctl_ip_dynaddr. icmp: Fix a data-race around sysctl_icmp_ratemask. icmp: Fix a data-race around sysctl_icmp_ratelimit. ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero icmp: Fix data-races around sysctl. cipso: Fix data-races around sysctl. net: Fix data-races around sysctl_mem. inetpeer: Fix data-races around sysctl. ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle xhci: make xhci_handshake timeout for xhci_reset() adjustable xhci: bail out early if driver can't accress host in resume net: dsa: bcm_sf2: force pause link settings nilfs2: fix incorrect masking of permission flags for symlinks cgroup: Use separate src/dst nodes when preloading css_sets for migration ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction ARM: 9213/1: Print message about disabled Spectre workarounds only once net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model ALSA: hda - Add fixup for Dell Latitidue E5430 ANDROID: cgroup: Fix for a partially backported patch Linux 4.14.288 dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly ida: don't use BUG_ON() for debugging i2c: cadence: Unregister the clk notifier in error path pinctrl: sunxi: a83t: Fix NAND function name for some pins xfs: remove incorrect ASSERT in xfs_rename powerpc/powernv: delay rng platform device creation until later in boot video: of_display_timing.h: include errno.h fbcon: Disallow setting font bigger than screen size iommu/vt-d: Fix PCI bus rescan device hot add net: rose: fix UAF bug caused by rose_t0timer_expiry usbnet: fix memory leak in error case can: gs_usb: gs_usb_open/close(): fix memory leak can: grcan: grcan_probe(): remove extra of_node_get() mm/slub: add missing TID updates on slab deactivation esp: limit skb_page_frag_refill use to a single page Linux 4.14.287 net: usb: qmi_wwan: add Telit 0x1070 composition net: usb: qmi_wwan: add Telit 0x1060 composition xen/arm: Fix race in RB-tree based P2M accounting xen/blkfront: force data bouncing when backend is untrusted xen/netfront: force data bouncing when backend is untrusted xen/netfront: fix leaking data in shared pages xen/blkfront: fix leaking data in shared pages net: Rename and export copy_skb_header ipv6/sit: fix ipip6_tunnel_get_prl return value sit: use min hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails xen/gntdev: Avoid blocking in unmap_grant_pages() NFC: nxp-nci: Don't issue a zero length i2c_master_read() nfc: nfcmrvl: Fix irq_of_parse_and_map() return value net: bonding: fix use-after-free after 802.3ad slave unbind net: bonding: fix possible NULL deref in rlb code netfilter: nft_dynset: restore set element counter when failing to update caif_virtio: fix race between virtio_device_ready() and ndo_open() net: ipv6: unexport __init-annotated seg6_hmac_net_init() usbnet: fix memory allocation in helpers RDMA/qedr: Fix reporting QP timeout attribute net: usb: ax88179_178a: Fix packet receiving net: rose: fix UAF bugs caused by timer handler SUNRPC: Fix READ_PLUS crasher s390/archrandom: simplify back to earlier design and initialize earlier dm raid: fix KASAN warning in raid5_add_disks dm raid: fix accesses beyond end of raid member array nvdimm: Fix badblocks clear off-by-one error UPSTREAM: mm: fix misplaced unlock_page in do_wp_page() BACKPORT: mm: do_wp_page() simplification UPSTREAM: mm/ksm: Remove reuse_ksm_page() UPSTREAM: mm: reuse only-pte-mapped KSM page in do_wp_page() Linux 4.14.286 swiotlb: skip swiotlb_bounce when orig_addr is zero kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] fdt: Update CRC check for rng-seed xen: unexport __init-annotated xen_xlate_map_ballooned_pages() drm: remove drm_fb_helper_modinit powerpc/pseries: wire up rng during setup_arch() modpost: fix section mismatch check for exported init/exit sections ARM: cns3xxx: Fix refcount leak in cns3xxx_init ARM: Fix refcount leak in axxia_boot_secondary ARM: exynos: Fix refcount leak in exynos_map_pmu ARM: dts: imx6qdl: correct PU regulator ramp delay powerpc/powernv: wire up rng during setup_arch powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address powerpc: Enable execve syscall exit tracepoint xtensa: Fix refcount leak bug in time.c xtensa: xtfpga: Fix refcount leak bug in setup iio: adc: axp288: Override TS pin bias current for some models iio: trigger: sysfs: fix use-after-free on remove iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() iio: accel: mma8452: ignore the return value of reset operation iio:accel:bma180: rearrange iio trigger get and register usb: chipidea: udc: check request status before setting device address iio: adc: vf610: fix conversion mode sysfs node name igb: Make DMA faster when CPU is active on the PCIe link MIPS: Remove repetitive increase irq_err_count x86/xen: Remove undefined behavior in setup_features() bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers USB: serial: option: add Quectel RM500K module support USB: serial: option: add Quectel EM05-G modem USB: serial: option: add Telit LE910Cx 0x1250 composition random: quiet urandom warning ratelimit suppression message dm era: commit metadata in postsuspend after worker stops ata: libata: add qc->flags in ata_qc_complete_template tracepoint random: schedule mix_interrupt_randomness() less often vt: drop old FONT ioctls UPSTREAM: lib/vsprintf: Hash printed address for netdev bits fallback UPSTREAM: lib/vsprintf: Prepare for more general use of ptr_to_id() UPSTREAM: lib/vsprintf: Make ptr argument conts in ptr_to_id() UPSTREAM: vsprintf: Replace memory barrier with static_key for random_ptr_key update UPSTREAM: lib/test_printf.c: accept "ptrval" as valid result for plain 'p' tests UPSTREAM: lib/vsprintf: Do not handle %pO[^F] as %px BACKPORT: l2tp: fix race in pppol2tp_release with session object destroy BACKPORT: l2tp: don't use inet_shutdown on ppp session destroy Linux 4.14.285 tcp: drop the hash_32() part from the index calculation tcp: increase source port perturb table to 2^16 tcp: dynamically allocate the perturb table used by source ports tcp: add small random increments to the source port tcp: use different parts of the port_offset for index and offset tcp: add some entropy in __inet_hash_connect() xprtrdma: fix incorrect header size calculations usb: gadget: u_ether: fix regression in setting fixed MAC address s390/mm: use non-quiescing sske for KVM switch to keyed guest l2tp: fix race in pppol2tp_release with session object destroy l2tp: don't use inet_shutdown on ppp session destroy virtio-pci: Remove wrong address verification in vp_del_vqs() ext4: add reserved GDT blocks check ext4: make variable "count" signed ext4: fix bug_on ext4_mb_use_inode_pa serial: 8250: Store to lsr_save_flags after lsr read usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe usb: dwc2: Fix memory leak in dwc2_hcd_init USB: serial: io_ti: add Agilent E5805A support USB: serial: option: add support for Cinterion MV31 with new baseline comedi: vmk80xx: fix expression for tx buffer size irqchip/gic/realview: Fix refcount leak in realview_gic_of_init certs/blacklist_hashes.c: fix const confusion in certs blacklist arm64: ftrace: fix branch range checks net: bgmac: Fix an erroneous kfree() in bgmac_remove() misc: atmel-ssc: Fix IRQ check in ssc_probe tty: goldfish: Fix free_irq() on remove i40e: Fix call trace in setup_tx_descriptors pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE random: credit cpu and bootloader seeds by default net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed scsi: pmcraid: Fix missing resource cleanup in error case scsi: ipr: Fix missing/incorrect resource cleanup in error case scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology scsi: vmw_pvscsi: Expand vcpuHint to 16 bits ASoC: wm8962: Fix suspend while playing music ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() ASoC: cs42l56: Correct typo in minimum level for SX volume controls ASoC: cs42l52: Correct TLV for Bypass Volume ASoC: cs53l30: Correct number of volume levels on SX controls ASoC: cs42l52: Fix TLV scales for mixer controls random: account for arch randomness in bits random: mark bootloader randomness code as __init random: avoid checking crng_ready() twice in random_init() crypto: drbg - make reseeding from get_random_bytes() synchronous crypto: drbg - always try to free Jitter RNG instance crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() crypto: drbg - prepare for more fine-grained tracking of seeding state crypto: drbg - always seeded with SP800-90B compliant noise source crypto: drbg - add FIPS 140-2 CTRNG for noise source Revert "random: use static branch for crng_ready()" random: check for signals after page of pool writes random: wire up fops->splice_{read,write}_iter() random: convert to using fops->write_iter() random: move randomize_page() into mm where it belongs random: move initialization functions out of hot pages random: use proper return types on get_random_{int,long}_wait() random: remove extern from functions in header random: use static branch for crng_ready() random: credit architectural init the exact amount random: handle latent entropy and command line from random_init() random: use proper jiffies comparison macro random: remove ratelimiting for in-kernel unseeded randomness random: avoid initializing twice in credit race random: use symbolic constants for crng_init states siphash: use one source of truth for siphash permutations random: help compiler out with fast_mix() by using simpler arguments random: do not use input pool from hard IRQs random: order timer entropy functions below interrupt functions random: do not pretend to handle premature next security model random: do not use batches when !crng_ready() random: insist on random_get_entropy() existing in order to simplify xtensa: use fallback for random_get_entropy() instead of zero sparc: use fallback for random_get_entropy() instead of zero um: use fallback for random_get_entropy() instead of zero x86/tsc: Use fallback for random_get_entropy() instead of zero nios2: use fallback for random_get_entropy() instead of zero arm: use fallback for random_get_entropy() instead of zero mips: use fallback for random_get_entropy() instead of just c0 random m68k: use fallback for random_get_entropy() instead of zero timekeeping: Add raw clock fallback for random_get_entropy() powerpc: define get_cycles macro for arch-override alpha: define get_cycles macro for arch-override parisc: define get_cycles macro for arch-override s390: define get_cycles macro for arch-override ia64: define get_cycles macro for arch-override init: call time_init() before rand_initialize() random: fix sysctl documentation nits random: document crng_fast_key_erasure() destination possibility random: make random_get_entropy() return an unsigned long random: check for signals every PAGE_SIZE chunk of /dev/[u]random random: check for signal_pending() outside of need_resched() check random: do not allow user to keep crng key around on stack random: do not split fast init input in add_hwgenerator_randomness() random: mix build-time latent entropy into pool at init random: re-add removed comment about get_random_{u32,u64} reseeding random: treat bootloader trust toggle the same way as cpu trust toggle random: skip fast_init if hwrng provides large chunk of entropy random: check for signal and try earlier when generating entropy random: reseed more often immediately after booting random: make consistent usage of crng_ready() random: use SipHash as interrupt entropy accumulator random: replace custom notifier chain with standard one random: don't let 644 read-only sysctls be written to random: give sysctl_random_min_urandom_seed a more sensible value random: do crng pre-init loading in worker rather than irq random: unify cycles_t and jiffies usage and types random: cleanup UUID handling random: only wake up writers after zap if threshold was passed random: round-robin registers as ulong, not u32 random: clear fast pool, crng, and batches in cpuhp bring up random: pull add_hwgenerator_randomness() declaration into random.h random: check for crng_init == 0 in add_device_randomness() random: unify early init crng load accounting random: do not take pool spinlock at boot random: defer fast pool mixing to worker random: rewrite header introductory comment random: group sysctl functions random: group userspace read/write functions random: group entropy collection functions random: group entropy extraction functions random: group initialization wait functions random: remove whitespace and reorder includes random: remove useless header comment random: introduce drain_entropy() helper to declutter crng_reseed() random: deobfuscate irq u32/u64 contributions random: add proper SPDX header random: remove unused tracepoints random: remove ifdef'd out interrupt bench random: tie batched entropy generation to base_crng generation random: zero buffer after reading entropy from userspace random: remove outdated INT_MAX >> 6 check in urandom_read() random: use hash function for crng_slow_load() random: absorb fast pool into input pool after fast load random: do not xor RDRAND when writing into /dev/random random: ensure early RDSEED goes through mixer on init random: inline leaves of rand_initialize() random: use RDSEED instead of RDRAND in entropy extraction random: fix locking in crng_fast_load() random: remove batched entropy locking random: remove use_input_pool parameter from crng_reseed() random: make credit_entropy_bits() always safe random: always wake up entropy writers after extraction random: use linear min-entropy accumulation crediting random: simplify entropy debiting random: use computational hash for entropy extraction random: only call crng_finalize_init() for primary_crng random: access primary_pool directly rather than through pointer random: continually use hwgenerator randomness random: simplify arithmetic function flow in account() random: access input_pool_data directly rather than through pointer random: cleanup fractional entropy shift constants random: prepend remaining pool constants with POOL_ random: de-duplicate INPUT_POOL constants random: remove unused OUTPUT_POOL constants random: rather than entropy_store abstraction, use global random: try to actively add entropy rather than passively wait for it random: remove unused extract_entropy() reserved argument random: remove incomplete last_data logic random: cleanup integer types crypto: chacha20 - Fix chacha20_block() keystream alignment (again) random: cleanup poolinfo abstraction random: fix typo in comments random: don't reset crng_init_cnt on urandom_read() random: avoid superfluous call to RDRAND in CRNG extraction random: early initialization of ChaCha constants random: initialize ChaCha20 constants with correct endianness random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs random: harmonize "crng init done" messages random: mix bootloader randomness into pool random: do not re-init if crng_reseed completes before primary init random: do not sign extend bytes for rotation when mixing random: use BLAKE2s instead of SHA1 in extraction random: remove unused irq_flags argument from add_interrupt_randomness() random: document add_hwgenerator_randomness() with other input functions crypto: blake2s - adjust include guard naming crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> MAINTAINERS: co-maintain random.c random: remove dead code left over from blocking pool random: avoid arch_get_random_seed_long() when collecting IRQ randomness random: add arch_get_random_*long_early() powerpc: Use bool in archrandom.h linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check linux/random.h: Use false with bool linux/random.h: Remove arch_has_random, arch_has_random_seed s390: Remove arch_has_random, arch_has_random_seed powerpc: Remove arch_has_random, arch_has_random_seed x86: Remove arch_has_random, arch_has_random_seed random: avoid warnings for !CONFIG_NUMA builds random: split primary/secondary crng init paths random: remove some dead code of poolinfo random: fix typo in add_timer_randomness() random: Add and use pr_fmt() random: convert to ENTROPY_BITS for better code readability random: remove unnecessary unlikely() random: remove kernel.random.read_wakeup_threshold random: delete code to pull data into pools random: remove the blocking pool random: fix crash on multiple early calls to add_bootloader_randomness() char/random: silence a lockdep splat with printk() random: make /dev/random be almost like /dev/urandom random: ignore GRND_RANDOM in getentropy(2) random: add GRND_INSECURE to return best-effort non-cryptographic bytes random: Add a urandom_read_nowait() for random APIs that don't warn random: Don't wake crng_init_wait when crng_init == 1 lib/crypto: sha1: re-roll loops to reduce code size lib/crypto: blake2s: move hmac construction into wireguard crypto: blake2s - generic C library implementation and selftest crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() Revert "hwrng: core - Freeze khwrng thread during suspend" char/random: Add a newline at the end of the file random: Use wait_event_freezable() in add_hwgenerator_randomness() fdt: add support for rng-seed random: Support freezable kthreads in add_hwgenerator_randomness() random: fix soft lockup when trying to read from an uninitialized blocking pool latent_entropy: avoid build error when plugin cflags are not set random: document get_random_int() family random: move rand_initialize() earlier random: only read from /dev/random after its pool has received 128 bits drivers/char/random.c: make primary_crng static drivers/char/random.c: remove unused stuct poolinfo::poolbits drivers/char/random.c: constify poolinfo_table random: make CPU trust a boot parameter random: Make crng state queryable random: remove preempt disabled region random: add a config option to trust the CPU's hwrng random: Return nbytes filled from hw RNG random: Fix whitespace pre random-bytes work drivers/char/random.c: remove unused dont_count_entropy random: optimize add_interrupt_randomness random: always fill buffer in get_random_bytes_wait crypto: chacha20 - Fix keystream alignment for chacha20_block() 9p: missing chunk of "fs/9p: Don't update file type when updating file attributes" UPSTREAM: ext4: verify dir block before splitting it UPSTREAM: ext4: fix use-after-free in ext4_rename_dir_prepare BACKPORT: ext4: Only advertise encrypted_casefold when encryption and unicode are enabled BACKPORT: ext4: fix no-key deletion for encrypt+casefold BACKPORT: ext4: optimize match for casefolded encrypted dirs BACKPORT: ext4: handle casefolding with encryption Revert "ANDROID: ext4: Handle casefolding with encryption" Revert "ANDROID: ext4: Optimize match for casefolded encrypted dirs" Revert "ext4: fix use-after-free in ext4_rename_dir_prepare" Revert "ext4: verify dir block before splitting it" Linux 4.14.284 x86/speculation/mmio: Print SMT warning KVM: x86/speculation: Disable Fill buffer clear within guests x86/speculation/mmio: Reuse SRBDS mitigation for SBDS x86/speculation/srbds: Update SRBDS mitigation selection x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data x86/speculation/mmio: Enable CPU Fill buffer clearing on idle x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data x86/speculation: Add a common function for MD_CLEAR mitigation update x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug Documentation: Add documentation for Processor MMIO Stale Data x86/cpu: Add another Alder Lake CPU to the Intel family x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family x86/cpu: Add Comet Lake to the Intel CPU models header x86/CPU: Add more Icelake model numbers x86/CPU: Add Icelake model number x86/cpu: Add Cannonlake to Intel family x86/cpu: Add Jasper Lake to Intel family cpu/speculation: Add prototype for cpu_show_srbds() x86/cpu: Add Elkhart Lake to Intel family Linux 4.14.283 tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd PCI: qcom: Fix unbalanced PHY init on probe errors mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write md/raid0: Ignore RAID0 layout if the second zone has only one device powerpc/32: Fix overread/overwrite of thread_struct via ptrace Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag ixgbe: fix unexpected VLAN Rx in promisc mode on VF ixgbe: fix bcast packets Rx on VF after promisc removal nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files cifs: return errors during session setup during reconnects ALSA: hda/conexant - Fix loopback issue with CX20632 vringh: Fix loop descriptors check in the indirect cases nodemask: Fix return values to be unsigned nbd: fix io hung while disconnecting device nbd: fix race between nbd_alloc_config() and module removal nbd: call genl_unregister_family() first in nbd_cleanup() modpost: fix undefined behavior of is_arm_mapping_symbol() drm/radeon: fix a possible null pointer dereference Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" md: protect md_unregister_thread from reentrancy kernfs: Separate kernfs_pr_cont_buf and rename_lock. serial: msm_serial: disable interrupts in __msm_console_write() staging: rtl8712: fix uninit-value in r871xu_drv_init() clocksource/drivers/sp804: Avoid error on multiple instances extcon: Modify extcon device to be created after driver data is set misc: rtsx: set NULL intfdata when probe fails usb: dwc2: gadget: don't reset gadget's driver->bus USB: hcd-pci: Fully suspend across freeze/thaw cycle drivers: usb: host: Fix deadlock in oxu_bus_suspend() drivers: tty: serial: Fix deadlock in sa1100_set_termios() USB: host: isp116x: check return value after calling platform_get_resource() drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() tty: Fix a possible resource leak in icom_probe tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() lkdtm/usercopy: Expand size of "out of frame" object iio: dummy: iio_simple_dummy: check the return value of kstrdup() drm: imx: fix compiler warning with gcc-12 net: altera: Fix refcount leak in altera_tse_mdio_create net: ipv6: unexport __init-annotated seg6_hmac_init() net: xfrm: unexport __init-annotated xfrm4_protocol_init() net: mdio: unexport __init-annotated mdio_bus_init() SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe xprtrdma: treat all calls not a bcall when bc_serv is NULL video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() m68knommu: fix undefined reference to `_init_sp' m68knommu: set ZERO_PAGE() to the allocated zeroed page i2c: cadence: Increase timeout per message if necessary tracing: Avoid adding tracer option before update_tracer_options tracing: Fix sleeping function called from invalid context on RT kernel mips: cpc: Fix refcount leak in mips_cpc_default_phys_base perf c2c: Fix sorting in percent_rmt_hitm_cmp() tcp: tcp_rtx_synack() can be called from process context ubi: ubi_create_volume: Fix use-after-free when volume creation failed jffs2: fix memory leak in jffs2_do_fill_super modpost: fix removing numeric suffixes net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 serial: sh-sci: Don't allow CS5-6 serial: txx9: Don't allow CS5-6 serial: digicolor-usart: Don't allow CS5-6 serial: meson: acquire port->lock in startup() rtc: mt6397: check return value after calling platform_get_resource() soc: rockchip: Fix refcount leak in rockchip_grf_init coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value pwm: lp3943: Fix duty calculation in case period was clamped USB: storage: karma: fix rio_karma_init return usb: usbip: add missing device lock on tweak configuration cmd usb: usbip: fix a refcount leak in stub_probe() tty: goldfish: Use tty_port_destroy() to destroy port staging: greybus: codecs: fix type confusion of list iterator variable pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards netfilter: nf_tables: disallow non-stateful expression in sets earlier MIPS: IP27: Remove incorrect `cpu_has_fpu' override RDMA/rxe: Generate a completion for unsupported/invalid opcode phy: qcom-qmp: fix reset-controller leak on probe errors dt-bindings: gpio: altera: correct interrupt-cells docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 phy: qcom-qmp: fix struct clk leak on probe errors arm64: dts: qcom: ipq8074: fix the sleep clock frequency gma500: fix an incorrect NULL check on list iterator carl9170: tx: fix an incorrect use of list iterator ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control rtl818x: Prevent using not initialized queues hugetlb: fix huge_pmd_unshare address update nodemask.h: fix compilation error with GCC12 iommu/msm: Fix an incorrect NULL check on list iterator um: Fix out-of-bounds read in LDT setup um: chan_user: Fix winch_tramp() return value mac80211: upgrade passive scan to active scan on DFS channels after beacon rx irqchip: irq-xtensa-mx: fix initial IRQ affinity irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x RDMA/hfi1: Fix potential integer multiplication overflow errors md: fix an incorrect NULL check in md_reload_sb md: fix an incorrect NULL check in does_sb_need_changing drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX drm/nouveau/clk: Fix an incorrect NULL check on list iterator drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled scsi: dc395x: Fix a missing check on list iterator ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock dlm: fix missing lkb refcount handling dlm: fix plock invalid read ext4: avoid cycles in directory h-tree ext4: verify dir block before splitting it ext4: fix bug_on in ext4_writepages ext4: fix use-after-free in ext4_rename_dir_prepare fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages iwlwifi: mvm: fix assert 1F04 upon reconfig wifi: mac80211: fix use-after-free in chanctx code perf jevents: Fix event syntax error caused by ExtSel perf c2c: Use stdio interface if slang is not supported iommu/amd: Increase timeout waiting for GA log enablement video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup iommu/mediatek: Add list_del in mtk_iommu_remove mailbox: forward the hrtimer if not queued and under a lock powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup powerpc/perf: Fix the threshold compare group constraint for power9 Input: sparcspkr - fix refcount leak in bbc_beep_probe tty: fix deadlock caused by calling printk() under tty_port->lock powerpc/4xx/cpm: Fix return value of __setup() handler powerpc/idle: Fix return value of __setup() handler powerpc/8xx: export 'cpm_setbrg' for modules drivers/base/node.c: fix compaction sysfs file leak pinctrl: mvebu: Fix irq_of_parse_and_map() return value scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() mfd: ipaq-micro: Fix error check return value of platform_get_irq() ARM: dts: bcm2835-rpi-b: Fix GPIO line names ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc rxrpc: Don't try to resend the request if we're receiving the reply rxrpc: Fix listen() setting the bar too high for the prealloc rings ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() sctp: read sk->sk_bound_dev_if once in sctp_rcv() m68k: math-emu: Fix dependencies of math emulation support Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init media: exynos4-is: Change clk_disable to clk_disable_unprepare media: st-delta: Fix PM disable depth imbalance in delta_probe regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe media: uvcvideo: Fix missing check to determine if element is found in list drm/msm: return an error pointer in msm_gem_prime_get_sg_table() x86/mm: Cleanup the control_va_addr_alignment() __setup handler irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value x86: Fix return value of __setup handlers drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() drm/msm/hdmi: check return value after calling platform_get_resource_byname() drm/msm/dsi: fix error checks and return values for DSI xmit functions x86/pm: Fix false positive kmemleak report in msr_build_context() fsnotify: fix wrong lockdep annotations inotify: show inotify mask flags in proc fdinfo ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix spi: img-spfi: Fix pm_runtime_get_sync() error checking HID: hid-led: fix maximum brightness for Dream Cheeky efi: Add missing prototype for efi_capsule_setup_info NFC: NULL out the dev->rfkill to prevent UAF spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout drm/mediatek: Fix mtk_cec_mask() x86/delay: Fix the wrong asm constraint in delay_loop() ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe ath9k: fix ar9003_get_eepmisc drm: fix EDID struct for old ARM OABI format RDMA/hfi1: Prevent panic when SDMA is disabled macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled powerpc/xics: fix refcount leak in icp_opal_init() tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() ARM: hisi: Add missing of_node_put after of_find_compatible_node ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM ARM: versatile: Add missing of_node_put in dcscb_init fat: add ratelimit to fat*_ent_bread() ARM: OMAP1: clock: Fix UART rate reporting algorithm fs: jfs: fix possible NULL pointer dereference in dbFree() ARM: dts: ox820: align interrupt controller node name with dtschema eth: tg3: silence the GCC 12 array-bounds warning rxrpc: Return an error to sendmsg if call failed media: exynos4-is: Fix compile warning net: phy: micrel: Allow probing without .driver_data ASoC: rt5645: Fix errorenous cleanup order nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags openrisc: start CPU timer early in boot rtlwifi: Use pr_warn instead of WARN_ONCE ipmi:ssif: Check for NULL msg when handling events and messages dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES ASoC: dapm: Don't fold register value changes into notifications ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL drm/amd/pm: fix the compile warning scsi: megaraid: Fix error check return value of register_chrdev() media: cx25821: Fix the warning when removing the module media: pci: cx23885: Fix the error handling in cx23885_initdev() media: venus: hfi: avoid null dereference in deinit ath9k: fix QCA9561 PA bias level drm/amd/pm: fix double free in si_parse_power_table() ALSA: jack: Access input_dev under mutex ACPICA: Avoid cache flush inside virtual machines ipw2x00: Fix potential NULL dereference in libipw_xmit() b43: Fix assigning negative value to unsigned variable b43legacy: Fix assigning negative value to unsigned variable mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes btrfs: repair super block num_devices automatically btrfs: add "0x" prefix for unsupported optional features ptrace: Reimplement PTRACE_KILL by always sending SIGKILL ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP USB: new quirk for Dell Gen 2 devices USB: serial: option: add Quectel BG95 modem binfmt_flat: do not stop relocating GOT entries prematurely on riscv BACKPORT: psi: Fix uaf issue when psi trigger is destroyed while being polled FROMGIT: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" ANDROID: android-verity: Prevent double-freeing metadata Linux 4.14.282 bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes NFSD: Fix possible sleep during nfsd4_release_lockowner() docs: submitting-patches: Fix crossref to 'The canonical patch format' tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() dm verity: set DM_TARGET_IMMUTABLE feature flag dm stats: add cond_resched when looping over entries dm crypt: make printing of the key constant-time dm integrity: fix error code in dm_integrity_ctr() zsmalloc: fix races between asynchronous zspage free and page migration netfilter: conntrack: re-fetch conntrack after insertion exec: Force single empty string when argv is empty block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() assoc_array: Fix BUG_ON during garbage collect drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers net: ftgmac100: Disable hardware checksum on AST2600 net: af_key: check encryption module availability consistency ACPI: sysfs: Fix BERT error region memory mapping ACPI: sysfs: Make sparse happy about address space in use secure_seq: use the 64 bits of the siphash for port offset calculation tcp: change source port randomizarion at connect() time staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests Linux 4.14.281 Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" swiotlb: fix info leak with DMA_FROM_DEVICE net: atlantic: verify hw_head_ lies within TX buffer ring net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() mac80211: fix rx reordering with non explicit / psmp ack policy scsi: qla2xxx: Fix missed DMA unmap for aborted commands perf bench numa: Address compiler error on s390 gpio: mvebu/pwm: Refuse requests with inverted polarity gpio: gpio-vf610: do not touch other bits when set the target bit net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. igb: skip phy status check where unavailable ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 ARM: 9196/1: spectre-bhb: enable for Cortex-A15 net: af_key: add check for pfkey_broadcast in function pfkey_process NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc net/qla3xxx: Fix a test in ql_reset_work() clk: at91: generated: consider range when calculating best rate net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC drm/dp/mst: fix a possible memory leak in fetch_monitor_name() perf: Fix sys_perf_event_open() race against self ALSA: wavefront: Proper check of get_user() error ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() drbd: remove usage of list iterator variable after loop MIPS: lantiq: check the return value of kzalloc() Input: stmfts - fix reference leak in stmfts_input_open Input: add bounds checking to input_set_capability() um: Cleanup syscall_handler_t definition/cast, fix warning floppy: use a statically allocated error counter Linux 4.14.280 tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() ping: fix address binding wrt vrf drm/vmwgfx: Initialize drm_mode_fb_cmd2 cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() USB: serial: option: add Fibocom MA510 modem USB: serial: option: add Fibocom L610 modem USB: serial: qcserial: add support for Sierra Wireless EM7590 USB: serial: pl2303: add device id for HP LM930 Display usb: cdc-wdm: fix reading stuck on device close tcp: resalt the secret every 10 seconds ASoC: ops: Validate input values in snd_soc_put_volsw_range() ASoC: max98090: Generate notifications on changes for custom control ASoC: max98090: Reject invalid values in custom control put() hwmon: (f71882fg) Fix negative temperature net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending s390/lcs: fix variable dereferenced before check s390/ctcm: fix potential memory leak s390/ctcm: fix variable dereferenced before check hwmon: (ltq-cputemp) restrict it to SOC_XWAY mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection netlink: do not reset transport header in netlink_recvmsg() ipv4: drop dst in multicast routing path net: Fix features skip in for_each_netdev_feature() batman-adv: Don't skb_split skbuffs with frag_list Linux 4.14.279 VFS: Fix memory leak caused by concurrently mounting fs with subtype ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock ALSA: pcm: Fix races among concurrent prealloc proc writes ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls ALSA: pcm: Fix races among concurrent read/write and buffer changes ALSA: pcm: Fix races among concurrent hw_params and hw_free calls mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() mmc: rtsx: add 74 Clocks in power on flow Bluetooth: Fix the creation of hdev->name can: grcan: only use the NAPI poll budget for RX can: grcan: grcan_probe(): fix broken system id check for errata workaround needs block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit MIPS: Use address-of operator on section symbols Linux 4.14.278 PCI: aardvark: Fix reading MSI interrupt number PCI: aardvark: Clear all MSIs at setup dm: interlock pending dm_io and dm_wait_for_bios_completion dm: fix mempool NULL pointer race when completing IO net: ipv6: ensure we call ipv6_mc_down() at most once kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() btrfs: always log symlinks in full mode smsc911x: allow using IRQ0 net: emaclite: Add error handling for of_address_to_resource() ASoC: dmaengine: Restore NULL prepare_slave_config() callback hwmon: (adt7470) Fix warning on module removal NFC: netlink: fix sleep in atomic bug when firmware download timeout nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs nfc: replace improper check device_is_registered() in netlink related functions can: grcan: use ofdev->dev when allocating DMA memory can: grcan: grcan_close(): fix deadlock ASoC: wm8958: Fix change notifications for DSP controls firewire: core: extend card->lock in fw_core_handle_bus_reset firewire: remove check of list iterator against head past the loop body firewire: fix potential uaf in outbound_phy_packet_callback() Revert "SUNRPC: attempt AF_LOCAL connect on setup" ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes parisc: Merge model and model name into one line in /proc/cpuinfo MIPS: Fix CP0 counter erratum detection for R4k CPUs drm/vgem: Close use-after-free race in vgem_gem_create tty: n_gsm: fix incorrect UA handling tty: n_gsm: fix wrong command frame length field encoding tty: n_gsm: fix wrong command retry handling tty: n_gsm: fix missing explicit ldisc flush tty: n_gsm: fix insufficient txframe size tty: n_gsm: fix malformed counter for out of frame data tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 x86/cpu: Load microcode during restore_processor_state() drivers: net: hippi: Fix deadlock in rr_close() cifs: destage any unwritten data to the server before calling copychunk_write x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 ASoC: wm8731: Disable the regulator when probing fails bnx2x: fix napi API usage sequence net: bcmgenet: hide status block before TX timestamping clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT ip_gre: Make o_seqno start from 0 in native mode pinctrl: pistachio: fix use of irq_of_parse_and_map() sctp: check asoc strreset_chunk in sctp_generate_reconf_event mtd: rawnand: Fix return value check of wait_for_completion_timeout ipvs: correctly print the memory size of ip_vs_conn_tab ARM: dts: Fix mmc order for omap3-gta04 ARM: OMAP2+: Fix refcount leak in omap_gic_of_init phy: samsung: exynos5250-sata: fix missing device put in probe error paths phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue USB: Fix xhci event ring dequeue pointer ERDP update issue hex2bin: fix access beyond string end hex2bin: make the function hex_to_bin constant-time serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device serial: 8250: Also set sticky MCR bits in console restoration usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() usb: gadget: uvc: Fix crash when encoding data for usb request usb: misc: fix improper handling of refcount in uss720_probe() iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() iio: dac: ad5446: Fix read_raw not returning set value iio: dac: ad5592r: Fix the missing return value. xhci: stop polling roothubs after shutdown USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions USB: serial: option: add support for Cinterion MV32-WA/MV32-WB USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS USB: quirks: add STRING quirk for VCOM device USB: quirks: add a Realtek card reader usb: mtu3: fix USB 3.0 dual-role-switch from device to host lightnvm: disable the subsystem Revert "net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link" net/sched: cls_u32: fix netns refcount changes in u32_change() hamradio: remove needs_free_netdev to avoid UAF hamradio: defer 6pack kfree after unregister_netdev floppy: disable FDRAWCMD by default Linux 4.14.277 Revert "net: micrel: fix KS8851_MLL Kconfig" ax25: Fix UAF bugs in ax25 timers ax25: Fix NULL pointer dereferences in ax25 timers ax25: fix NPD bug in ax25_disconnect ax25: fix UAF bug in ax25_send_control() ax25: Fix refcount leaks caused by ax25_cb_del() ax25: fix UAF bugs of net_device caused by rebinding operation ax25: fix reference count leaks of ax25_dev ax25: add refcount in ax25_dev to avoid UAF bugs block/compat_ioctl: fix range check in BLKGETSIZE staging: ion: Prevent incorrect reference counting behavour ext4: force overhead calculation if the s_overhead_cluster makes no sense ext4: fix overhead calculation to account for the reserved gdt blocks ext4: limit length to bitmap_maxbytes - blocksize in punch_hole ext4: fix symlink file size not match to file content ARC: entry: fix syscall_trace_exit argument e1000e: Fix possible overflow in LTR decoding ASoC: soc-dapm: fix two incorrect uses of list iterator openvswitch: fix OOB access in reserve_sfa_size() powerpc/perf: Fix power9 event alternatives dma: at_xdmac: fix a missing check on list iterator ata: pata_marvell: Check the 'bmdma_addr' beforing reading stat: fix inconsistency between struct stat and struct compat_stat net: macb: Restart tx only if queue pointer is lagging drm/msm/mdp5: check the return of kzalloc() brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant cifs: Check the IOCB_DIRECT flag, not O_DIRECT vxlan: fix error return code in vxlan_fdb_append ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative ARM: vexpress/spc: Avoid negative array index when !SMP netlink: reset network and mac headers in netlink_dump() net/packet: fix packet_sock xmit return value checking dmaengine: imx-sdma: Fix error checking in sdma_event_remap tcp: Fix potential use-after-free due to double kfree() tcp: fix race condition when creating child sockets from syncookies ALSA: usb-audio: Clear MIDI port active flag after draining gfs2: assign rgrp glock before compute_bitstructs can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path tracing: Dump stacktrace trigger to the corresponding instance tracing: Have traceon and traceoff trigger honor the instance mm: page_alloc: fix building error on -Werror=array-compare etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead Linux 4.14.276 i2c: pasemi: Wait for write xfers to finish smp: Fix offline cpu check in flush_smp_call_function_queue() ARM: davinci: da850-evm: Avoid NULL pointer dereference ALSA: pcm: Test for "silence" field in struct "pcm_format_data" gcc-plugins: latent_entropy: use /dev/urandom mm: kmemleak: take a full lowmem check in kmemleak_*_phys() mm, page_alloc: fix build_zonerefs_node() drivers: net: slip: fix NPD bug in sl_tx_timeout() scsi: mvsas: Add PCI ID of RocketRaid 2640 gpu: ipu-v3: Fix dev_dbg frequency output ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs net: micrel: fix KS8851_MLL Kconfig scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 scsi: target: tcmu: Fix possible page UAF Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer drm/amdkfd: Check for potential null return of kmalloc_array() drm/amd: Add USBC connector ID cifs: potential buffer overflow in handling symlinks nfc: nci: add flush_workqueue to prevent uaf net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link mlxsw: i2c: Fix initialization error flow gpiolib: acpi: use correct format characters veth: Ensure eth header is in skb's linear part memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe xfrm: policy: match with both mark and mask on user interfaces cgroup: Use open-time cgroup namespace for process migration perm checks cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv cgroup: Use open-time credentials for process migraton perm checks mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning arm64: module: remove (NOLOAD) from linker script mm: don't skip swap entry even if zap_details specified dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator arm64: patch_text: Fixup last cpu should be master btrfs: fix qgroup reserve overflow the qgroup limit x86/speculation: Restore speculation related MSRs during S3 resume x86/pm: Save the MSR validity status at context setup mm/mempolicy: fix mpol_new leak in shared_policy_replace mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" drbd: Fix five use after free bugs in get_initial_state drm/imx: Fix memory leak in imx_pd_connector_get_modes net: stmmac: Fix unset max_speed difference between DT and non-DT platforms scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() mm: fix race between MADV_FREE reclaim and blkdev direct IO read net: add missing SOF_TIMESTAMPING_OPT_ID support ipv6: add missing tx timestamping on IPPROTO_RAW parisc: Fix CPU affinity for Lasi, WAX and Dino chips jfs: prevent NULL deref in diFree virtio_console: eliminate anonymous module_init & module_exit serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() NFS: swap-out must always use STABLE writes. NFS: swap IO handling is slightly different for O_DIRECT IO SUNRPC/call_alloc: async tasks mustn't block waiting for memory w1: w1_therm: fixes w1_seq for ds28ea00 sensors init/main.c: return 1 from handled __setup() functions Bluetooth: Fix use after free in hci_send_acl xtensa: fix DTC warning unit_address_format usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm scsi: libfc: Fix use after free in fc_exch_abts_resp() MIPS: fix fortify panic when copying asm exception handlers bnxt_en: Eliminate unintended link toggle during FW reset macvtap: advertise link netns via netlink net/smc: correct settings of RMB window update limit scsi: aha152x: Fix aha152x_setup() __setup handler return value scsi: pm8001: Fix pm8001_mpi_task_abort_resp() dm ioctl: prevent potential spectre v1 gadget iommu/arm-smmu-v3: fix event handling soft lockup PCI: aardvark: Fix support for MSI interrupts powerpc: Set crashkernel offset to mid of RMA region power: supply: axp20x_battery: properly report current when discharging scsi: bfa: Replace snprintf() with sysfs_emit() scsi: mvsas: Replace snprintf() with sysfs_emit() powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 ptp: replace snprintf with sysfs_emit ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs ARM: 9187/1: JIVE: fix return value of __setup handler rtc: wm8350: Handle error for wm8350_register_irq ubifs: Rectify space amount budget for mkdir/tmpfile operations KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated openvswitch: Fixed nd target mask field in the flow dump. ARM: dts: spear13xx: Update SPI dma properties ARM: dts: spear1340: Update serial node properties ASoC: topology: Allow TLV control to be either read or write ubi: fastmap: Return error code if memory allocation fails in add_aeb() mm/memcontrol: return 1 from cgroup.memory __setup() handler mm/mmap: return 1 from stack_guard_gap __setup() handler ACPI: CPPC: Avoid out of bounds access when parsing _CPC data ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl pinctrl: pinconf-generic: Print arguments for bias-pull-* gfs2: Make sure FITRIM minlen is rounded up to fs block size can: mcba_usb: properly check endpoint type can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path ubifs: rename_whiteout: correct old_dir size computing ubifs: setflags: Make dirtied_ino_d 8 bytes aligned ubifs: Add missing iput if do_tmpfile() failed in rename whiteout ubifs: rename_whiteout: Fix double free for whiteout_ui->data KVM: Prevent module exit until all VMs are freed scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() scsi: qla2xxx: Fix warning for missing error code powerpc/lib/sstep: Fix build errors with newer binutils powerpc/lib/sstep: Fix 'sthcx' instruction mmc: host: Return an error when ->enable_sdio_irq() ops is missing media: hdpvr: initialize dev->worker at hdpvr_register_videodev video: fbdev: sm712fb: Fix crash in smtcfb_write() ARM: mmp: Fix failure to remove sram device ARM: tegra: tamonten: Fix I2C3 pad setting media: cx88-mpeg: clear interrupt status register before streaming video ASoC: soc-core: skip zero num_dai component in searching dai name video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() ARM: dts: bcm2837: Add the missing L1/L2 cache information ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit video: fbdev: cirrusfb: check pixclock to avoid divide by zero video: fbdev: w100fb: Reset global state video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow ntfs: add sanity check on allocation size ext4: don't BUG if someone dirty pages without asking ext4 first spi: tegra20: Use of_device_get_match_data() PM: core: keep irq flags in device_pm_check_callbacks() ACPI/APEI: Limit printable size of BERT table data ACPICA: Avoid walking the ACPI Namespace if it is not there irqchip/nvic: Release nvic_base upon failure Fix incorrect type in assignment of ipv6 port for audit loop: use sysfs_emit() in the sysfs xxx show() selinux: use correct type for context length lib/test: use after free in register_test_dev_kmod() NFSv4/pNFS: Fix another issue with a list iterator pointing to the head net/x25: Fix null-ptr-deref caused by x25_disconnect qlcnic: dcb: default to returning -EOPNOTSUPP net: phy: broadcom: Fix brcm_fet_config_init() xen: fix is_xen_pmu() netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options jfs: fix divide error in dbNextAG kgdbts: fix return value of __setup handler kgdboc: fix return value of __setup handler tty: hvc: fix return value of __setup handler pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init NFS: remove unneeded check in decode_devicenotify_args() clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver clk: clps711x: Terminate clk_div_table with sentinel element clk: loongson1: Terminate clk_div_table with sentinel element remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region clk: qcom: clk-rcg2: Update the frac table for pixel clock iio: adc: Add check for devm_request_threaded_irq serial: 8250: Fix race condition in RTS-after-send handling serial: 8250_mid: Balance reference count for PCI DMA device staging:iio:adc:ad7280a: Fix handing of device address bit reversing. pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() mxser: fix xmit_buf leak in activate when LSR == 0xff mfd: asic3: Add missing iounmap() on error asic3_mfd_probe tcp: ensure PMTU updates are processed during fastopen i2c: mux: demux-pinctrl: do not deactivate a master that is not active af_netlink: Fix shift out of bounds in group mask calculation USB: storage: ums-realtek: fix error code in rts51x_read_mem() mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init MIPS: RB532: fix return value of __setup handler vxcan: enable local echo for sent CAN frames mfd: mc13xxx: Add check for mc13xxx_irq_request powerpc/sysdev: fix incorrect use to determine if list is empty PCI: Reduce warnings on possible RW1C corruption power: supply: wm8350-power: Add missing free in free_charger_irq power: supply: wm8350-power: Handle error for wm8350_register_irq i2c: xiic: Make bus names unique KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() KVM: x86: Fix emulation in writing cr8 power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return drm/tegra: Fix reference leak in tegra_dsi_ganged_probe ext2: correct max file size computing TOMOYO: fix __setup handlers return values scsi: pm8001: Fix abort all task initialization scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() scsi: pm8001: Fix command initialization in pm80XX_send_read_log() dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS iwlwifi: Fix -EIO error code that is never returned HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init ray_cs: Check ioremap return value power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe ath9k_htc: fix uninit value bugs drm/edid: Don't clear formats if using deep color mtd: onenand: Check for error irq ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe ASoC: imx-es8328: Fix error return code in imx_es8328_probe() ASoC: mxs: Fix error handling in mxs_sgtl5000_probe ASoC: dmaengine: do not use a NULL prepare_slave_config() callback video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of ASoC: fsi: Add check for clk_enable ASoC: wm8350: Handle error for wm8350_register_irq ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction memory: emif: check the pointer temp in get_device_details() memory: emif: Add check for setup_interrupts ASoC: atmel_ssc_dai: Handle errors for clk_enable ASoC: mxs-saif: Handle errors for clk_enable printk: fix return value of printk.devkmsg __setup handler arm64: dts: broadcom: Fix sata nodename arm64: dts: ns2: Fix spi-cpol and spi-cpha property ALSA: spi: Add check for clk_enable() ASoC: ti: davinci-i2s: Add check for clk_enable() media: usb: go7007: s2250-board: fix leak in probe() soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe ARM: dts: qcom: ipq4019: fix sleep clock video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() media: coda: Fix missing put_device() call in coda_get_vdoa_data perf/x86/intel/pt: Fix address filter config for 32-bit kernel perf/core: Fix address filter parser for multiple filters sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa clocksource: acpi_pm: fix return value of __setup handler hwmon: (pmbus) Add Vin unit off handling crypto: ccp - ccp_dmaengine_unregister release dma channels ACPI: APEI: fix return value of __setup handlers crypto: vmx - add missing dependencies hwrng: atmel - disable trng on failure path PM: suspend: fix return value of __setup handler PM: hibernate: fix __setup handler error handling hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING hwmon: (pmbus) Add mutex to regulator ops spi: pxa2xx-pci: Balance reference count for PCI DMA device selftests/x86: Add validity check and allow field splitting spi: tegra114: Add missing IRQ check in tegra_spi_probe crypto: mxs-dcp - Fix scatterlist processing crypto: authenc - Fix sleep in atomic context in decrypt_tail PCI: pciehp: Clear cmd_busy bit in polling mode brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio brcmfmac: firmware: Allocate space for default boardrev in nvram media: davinci: vpif: fix unbalanced runtime PM get DEC: Limit PMAX memory probing to R3k systems lib/raid6/test: fix multiple definition linking error thermal: int340x: Increase bitmap size carl9170: fix missing bit-wise or operator for tx_params ARM: dts: exynos: add missing HDMI supplies on SMDK5420 ARM: dts: exynos: add missing HDMI supplies on SMDK5250 ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 ARM: dts: at91: sama5d2: Fix PMERRLOC resource size video: fbdev: atari: Atari 2 bpp (STe) palette bugfix video: fbdev: sm712fb: Fix crash in smtcfb_read() drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() ACPI: properties: Consistently return -ENOENT if there are no more references drbd: fix potential silent data corruption ALSA: cs4236: fix an incorrect NULL check on list iterator Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" qed: validate and restrict untrusted VFs vlan promisc mode qed: display VF trust config scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands mempolicy: mbind_range() set_policy() after vma_merge() mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node jffs2: fix memory leak in jffs2_scan_medium jffs2: fix memory leak in jffs2_do_mount_fs jffs2: fix use-after-free in jffs2_clear_xattr_subsystem can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path pinctrl: samsung: drop pin banks references on error paths NFSD: prevent underflow in nfssvc_decode_writeargs() SUNRPC: avoid race between mod_timer() and del_timer_sync() Documentation: update stable tree link Documentation: add link to stable release candidate tree ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE clk: uniphier: Fix fixed-rate initialization iio: inkern: make a best effort on offset calculation iio: inkern: apply consumer scale when no channel scale is available iio: inkern: apply consumer scale on IIO_VAL_INT cases coresight: Fix TRCCONFIGR.QE sysfs interface USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c virtio-blk: Use blk_validate_block_size() to validate block size block: Add a helper to validate the block size tpm: fix reference counting for struct tpm_chip fuse: fix pipe buffer lifetime for direct_io af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register spi: Fix erroneous sgs value with min_t() spi: Fix invalid sgs value ethernet: sun: Free the coherent when failing in probing virtio_console: break out of buf poll on remove netdevice: add the case if dev is NULL USB: serial: simple: add Nokia phone driver USB: serial: pl2303: add IBM device IDs ANDROID: incremental-fs: limit mount stack depth UPSTREAM: binderfs: use __u32 for device numbers Linux 4.14.275 arm64: Use the clearbhb instruction in mitigations arm64: add ID_AA64ISAR2_EL1 sys register KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated arm64: Mitigate spectre style branch history side channels KVM: arm64: Add templates for BHB mitigation sequences arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 arm64: Add percpu vectors for EL1 arm64: entry: Add macro for reading symbol addresses from the trampoline arm64: entry: Add vectors that have the bhb mitigation sequences arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations arm64: entry: Allow the trampoline text to occupy multiple pages arm64: entry: Make the kpti trampoline's kpti sequence optional arm64: entry: Move trampoline macros out of ifdef'd section arm64: entry: Don't assume tramp_vectors is the start of the vectors arm64: entry: Allow tramp_alias to access symbols after the 4K boundary arm64: entry: Move the trampoline data page before the text page arm64: entry: Free up another register on kpti's tramp_exit path arm64: entry: Make the trampoline cleanup optional arm64: entry.S: Add ventry overflow sanity checks arm64: Add Cortex-X2 CPU part definition arm64: Add Neoverse-N2, Cortex-A710 CPU part definition arm64: Add part number for Arm Cortex-A77 arm64: Add part number for Neoverse N1 arm64: Make ARM64_ERRATUM_1188873 depend on COMPAT arm64: Add silicon-errata.txt entry for ARM erratum 1188873 arm64: arch_timer: avoid unused function warning arm64: arch_timer: Add workaround for ARM erratum 1188873 Linux 4.14.274 llc: only change llc->dev when bind() succeeds mac80211: fix potential double free on mesh join crypto: qat - disable registration of algorithms ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board netfilter: nf_tables: initialize registers in nft_do_chain() drivers: net: xgene: Fix regression in CRC stripping ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec ALSA: cmipci: Restore aux vol on suspend/resume ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB ALSA: pcm: Add stream lock during PCM reset ioctl operations llc: fix netdevice reference leaks in llc_ui_bind() thermal: int340x: fix memory leak in int3400_notify() staging: fbtft: fb_st7789v: reset display before initialization esp: Fix possible buffer overflow in ESP transformation net: ipv6: fix skb_over_panic in __ip6_append_data nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION Linux 4.14.273 perf symbols: Fix symbol size calculation condition Input: aiptek - properly check endpoint type usb: gadget: Fix use-after-free bug by not setting udc->dev.driver usb: gadget: rndis: prevent integer overflow in rndis_set_response() net: handle ARPHRD_PIMREG in dev_is_mac_header_xmit() atm: eni: Add check for dma_map_single net/packet: fix slab-out-of-bounds access in packet_recvmsg() efi: fix return value of __setup handlers fs: sysfs_emit: Remove PAGE_SIZE alignment check kselftest/vm: fix tests build with old libc sfc: extend the locking on mcdi->seqno tcp: make tcp_read_sock() more robust nl80211: Update bss channel on channel switch for P2P_CLIENT atm: firestream: check the return value of ioremap() in fs_init() can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready ARM: 9178/1: fix unmet dependency on BITREVERSE for HAVE_ARCH_BITREVERSE MIPS: smp: fill in sibling and core maps earlier ARM: dts: rockchip: fix a typo on rk3288 crypto-controller arm64: dts: rockchip: fix rk3399-puma eMMC HS400 signal integrity xfrm: Fix xfrm migrate issues when address family changes sctp: fix the processing for INIT_ACK chunk sctp: fix the processing for INIT chunk Linux 4.14.272 btrfs: unlock newly allocated extent buffer after error ext4: add check to prevent attempting to resize an fs with sparse_super2 ARM: fix Thumb2 regression with Spectre BHB virtio: acknowledge all features before access virtio: unexport virtio_finalize_features staging: gdm724x: fix use after free in gdm_lte_rx() ARM: Spectre-BHB: provide empty stub for non-config selftests/memfd: clean up mapping in mfd_fail_write tracing: Ensure trace buffer is at least 4096 bytes large Revert "xen-netback: Check for hotplug-status existence before watching" Revert "xen-netback: remove 'hotplug-status' once it has served its purpose" net-sysfs: add check for netdevice being present to speed_show sctp: fix kernel-infoleak for SCTP sockets gpio: ts4900: Do not set DAT and OE together NFC: port100: fix use-after-free in port100_send_complete net/mlx5: Fix size field in bufferx_reg struct ax25: Fix NULL pointer dereference in ax25_kill_by_device net: ethernet: lpc_eth: Handle error for clk_enable net: ethernet: ti: cpts: Handle error for clk_enable ethernet: Fix error handling in xemaclite_of_probe qed: return status of qed_iov_get_link net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() Linux 4.14.271 xen/netfront: react properly to failing gnttab_end_foreign_access_ref() xen/gnttab: fix gnttab_end_foreign_access() without page specified xen/9p: use alloc/free_pages_exact() xen: remove gnttab_query_foreign_access() xen/gntalloc: don't use gnttab_query_foreign_access() xen/scsifront: don't use gnttab_query_foreign_access() for mapped status xen/netfront: don't use gnttab_query_foreign_access() for mapped status xen/blkfront: don't use gnttab_query_foreign_access() for mapped status xen/grant-table: add gnttab_try_end_foreign_access() xen/xenbus: don't let xenbus_grant_ring() remove grants in error case ARM: fix build warning in proc-v7-bugs.c ARM: Do not use NOCROSSREFS directive with ld.lld ARM: fix co-processor register typo ARM: fix build error when BPF_SYSCALL is disabled ARM: include unprivileged BPF status in Spectre V2 reporting ARM: Spectre-BHB workaround ARM: use LOADADDR() to get load address of sections ARM: early traps initialisation ARM: report Spectre v2 status through sysfs arm/arm64: smccc/psci: add arm_smccc_1_1_get_conduit() arm/arm64: Provide a wrapper for SMCCC 1.1 calls x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT x86/speculation: Warn about Spectre v2 LFENCE mitigation x86/speculation: Update link to AMD speculation whitepaper x86/speculation: Use generic retpoline by default on AMD x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting Documentation/hw-vuln: Update spectre doc x86/speculation: Add eIBRS + Retpoline options x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE x86,bugs: Unconditionally allow spectre_v2=retpoline,amd x86/speculation: Merge one test in spectre_v2_user_select_mitigation() Revert "ANDROID: incremental-fs: fix mount_fs issue" Linux 4.14.270 hamradio: fix macro redefine warning net: dcb: disable softirqs in dcbnl_flush_dev() memfd: fix F_SEAL_WRITE after shmem huge page allocated HID: add mapping for KEY_ALL_APPLICATIONS Input: elan_i2c - fix regulator enable count imbalance after suspend/resume Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() nl80211: Handle nla_memdup failures in handle_nan_filter net: chelsio: cxgb3: check the return value of pci_find_capability() soc: fsl: qe: Check of ioremap return value ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions can: gs_usb: change active_channels's type from atomic_t to u8 efivars: Respect "block" flag in efivar_entry_set_safe() net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() net: sxgbe: fix return value of __setup handler net: stmmac: fix return value of __setup handler mac80211: fix forwarded mesh frames AC & queue selection firmware: qemu_fw_cfg: fix kobject leak in probe error path firmware: Fix a reference count leak. net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error cause by server net/smc: fix unexpected SMC_CLC_DECL_ERR_REGRMB error generated by client net: dcb: flush lingering app table entries for unregistered devices batman-adv: Don't expect inter-netns unique iflink indices batman-adv: Request iflink once in batadv_get_real_netdevice batman-adv: Request iflink once in batadv-on-batadv check netfilter: nf_queue: fix possible use-after-free netfilter: nf_queue: don't assume sk is full socket xfrm: enforce validity of offload input flags netfilter: fix use-after-free in __nf_register_net_hook() xfrm: fix MTU regression ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min ALSA: intel_hdmi: Fix reference to PCM buffer address ata: pata_hpt37x: fix PCI clock detection usb: gadget: clear related members when goto fail usb: gadget: don't release an existing dev->buf net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 i2c: qup: allow COMPILE_TEST i2c: cadence: allow COMPILE_TEST dmaengine: shdma: Fix runtime PM imbalance on error cifs: fix double free race when mount fails in cifs_get_root() Input: clear BTN_RIGHT/MIDDLE on buttonpads i2c: bcm2835: Avoid clock stretching timeouts mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work mac80211_hwsim: report NOACK frames in tx_status Linux 4.14.269 fget: clarify and improve __fget_files() implementation memblock: use kfree() to release kmalloced memblock regions Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" tty: n_gsm: fix proper link termination after failed open tty: n_gsm: fix encoding of control signal octet bit DV xhci: Prevent futile URB re-submissions due to incorrect return value. xhci: re-initialize the HC during resume if HCE was set usb: dwc3: gadget: Let the interrupt handler disable bottom halves. USB: serial: option: add Telit LE910R1 compositions USB: serial: option: add support for DW5829e tracefs: Set the group ownership in apply_options() not parse_options() USB: gadget: validate endpoint index for xilinx udc usb: gadget: rndis: add spinlock for rndis response list Revert "USB: serial: ch341: add new Product ID for CH341A" ata: pata_hpt37x: disable primary channel on HPT371 iio: adc: men_z188_adc: Fix a resource leak in an error handling path RDMA/ib_srp: Fix a deadlock configfs: fix a race in configfs_{,un}register_subsystem() net/mlx5e: Fix wrong return value on ioctl EEPROM query failure drm/edid: Always set RGB444 openvswitch: Fix setting ipv6 fields causing hw csum failure gso: do not skip outer ip header in case of ipip and net_failover net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends ping: remove pr_err from ping_lookup serial: 8250: of: Fix mapped region size when using reg-offset property USB: zaurus: support another broken Zaurus sr9700: sanity check for packet length parisc/unaligned: Fix ldw() and stw() unalignment handlers parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel vhost/vsock: don't check owner in vhost_vsock_stop() while releasing cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug Linux 4.14.268 net: macb: Align the dma and coherent dma masks net: usb: qmi_wwan: Add support for Dell DW5829e tracing: Fix tp_printk option related with tp_printk_stop_on_boot ata: libata-core: Disable TRIM on M88V29 ARM: OMAP2+: hwmod: Add of_node_put() before break NFS: Do not report writeback errors in nfs_getattr() KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status mtd: rawnand: brcmnand: Refactored code to introduce helper functions lib/iov_iter: initialize "flags" in new pipe_buffer i2c: brcmstb: fix support for DSL and CM variants dmaengine: sh: rcar-dmac: Check for error num after setting mask net: sched: limit TC_ACT_REPEAT loops EDAC: Fix calculation of returned address and next offset in edac_align_ptr() NFS: LOOKUP_DIRECTORY is also ok with symlinks powerpc/lib/sstep: fix 'ptesync' build error ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() ALSA: hda: Fix missing codec probe on Shenker Dock 15 ALSA: hda: Fix regression on forced probe mask option libsubcmd: Fix use-after-free for realloc(..., 0) bonding: fix data-races around agg_select_timer drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit ping: fix the dif and sdif check in ping_lookup net: ieee802154: ca8210: Fix lifs/sifs periods iwlwifi: pcie: gen2: fix locking when "HW not ready" iwlwifi: pcie: fix locking when "HW not ready" vsock: remove vsock from connected table when connect is interrupted by a signal taskstats: Cleanup the use of task->exit_code xfrm: Don't accidentally set RTO_ONLINK in decode_session4() drm/radeon: Fix backlight control on iMac 12,1 iwlwifi: fix use-after-free Revert "module, async: async_synchronize_full() on module init iff async is used" quota: make dquot_quota_sync return errors from ->sync_fs vfs: make freeze_super abort when sync_filesystem returns error ax25: improve the incomplete fix to avoid UAF and NPD bugs selftests/zram: Adapt the situation that /dev/zram0 is being used selftests/zram01.sh: Fix compression ratio calculation selftests/zram: Skip max_comp_streams interface on newer kernel net: ieee802154: at86rf230: Stop leaking skb's btrfs: send: in case of IO error log it parisc: Fix sglist access in ccio-dma.c parisc: Fix data TLB miss in sba_unmap_sg serial: parisc: GSC: fix build when IOSAPIC is not set net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup Makefile.extrawarn: Move -Wunaligned-access to W=1 Linux 4.14.267 perf: Fix list corruption in perf_cgroup_switch() hwmon: (dell-smm) Speed up setting of fan speed seccomp: Invalidate seccomp mode to catch death failures USB: serial: cp210x: add CPI Bulk Coin Recycler id USB: serial: cp210x: add NCR Retail IO box id USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: option: add ZTE MF286D modem USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 usb: gadget: rndis: check size of RNDIS_MSG_SET command USB: gadget: validate interface OS descriptor requests usb: dwc3: gadget: Prevent core from processing stale TRBs usb: ulpi: Call of_node_put correctly usb: ulpi: Move of_node_put to ulpi_dev_release n_tty: wake up poll(POLLRDNORM) on receiving data vt_ioctl: add array_index_nospec to VT_ACTIVATE vt_ioctl: fix array_index_nospec in vt_setactivate net: amd-xgbe: disable interrupts during pci removal tipc: rate limit warning for received illegal binding update net: fix a memleak when uncloning an skb dst and its metadata net: do not keep the dst cache when uncloning an skb dst and its metadata ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path bonding: pair enable_port with slave_arr_updates usb: f_fs: Fix use-after-free for epfile ARM: dts: imx6qdl-udoo: Properly describe the SD card detect staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: meson: Fix the UART compatible strings ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group bpf: Add kconfig knob for disabling unpriv bpf by default Revert "net: axienet: Wait for PhyRstCmplt after core reset" net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend scsi: target: iscsi: Make sure the np under each tpg is unique NFSv4 expose nfs_parse_server_name function NFSv4 remove zero number of fs_locations entries error check NFSv4.1: Fix uninitialised variable in devicenotify nfs: nfs4clinet: check the return value of kstrdup() NFSv4 only print the label when its queried NFSD: Clamp WRITE offsets NFS: Fix initialisation of nfs_client cl_flags field net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs mmc: sdhci-of-esdhc: Check for error num after setting mask ima: Allow template selection with ima_template[_fmt]= after ima_hash= ima: Remove ima_policy file before directory integrity: check the return value of audit_log_start() FROMGIT: f2fs: avoid EINVAL by SBI_NEED_FSCK when pinning a file Revert "tracefs: Have tracefs directories not set OTH permission bits by default" Linux 4.14.266 tipc: improve size validations for received domain records x86/mm, mm/hwpoison: Fix the unmap kernel 1:1 pages check condition moxart: fix potential use-after-free on remove path cgroup-v1: Require capabilities to set release_agent Linux 4.14.265 ext4: fix error handling in ext4_restore_inline_data() EDAC/xgene: Fix deferred probing EDAC/altera: Fix deferred probing rtc: cmos: Evaluate century appropriate selftests: futex: Use variable MAKE instead of make nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe ASoC: fsl: Add missing error handling in pcm030_fabric_probe drm/i915/overlay: Prevent divide by zero bugs in scaling net: macsec: Verify that send_sci is on when setting Tx sci explicitly net: ieee802154: Return meaningful error codes from the netlink helpers net: ieee802154: ca8210: Stop leaking skb's spi: meson-spicc: add IRQ check in meson_spicc_probe spi: mediatek: Avoid NULL pointer crash in interrupt spi: bcm-qspi: check for valid cs before applying chip select iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() RDMA/mlx4: Don't continue event handler after memory allocation failure block: bio-integrity: Advance seed correctly for larger interval sizes drm/nouveau: fix off by one in BIOS boundary checking ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() audit: improve audit queue handling when "audit=1" on cmdline af_packet: fix data-race in packet_setsockopt / packet_setsockopt rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() net: amd-xgbe: Fix skb data length underflow net: amd-xgbe: ensure to reset the tx_timer_active flag ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback netfilter: nat: limit port clash resolution attempts netfilter: nat: remove l4 protocol port rovers bpf: fix truncated jump targets on heavy expansions ipv4: tcp: send zero IPID in SYNACK messages ipv4: raw: lock the socket in raw_bind() yam: fix a memory leak in yam_siocdevprivate() ibmvnic: don't spin in tasklet drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable drm/msm: Fix wrong size calculation net-procfs: show net devices bound packet types NFSv4: nfs_atomic_open() can race when looking up a non-regular file NFSv4: Handle case where the lookup of a directory fails hwmon: (lm90) Reduce maximum conversion rate for G781 ipv4: avoid using shared IP generator for connected sockets ping: fix the sk_bound_dev_if match in ping_lookup net: fix information leakage in /proc/net/ptype ipv6_tunnel: Rate limit warning messages scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev i40e: fix unsigned stat widths i40e: Increase delay to 1 s after global EMP reset lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() powerpc/32: Fix boot failure with GCC latent entropy plugin net: sfp: ignore disabled SFP node usb: typec: tcpm: Do not disconnect while receiving VBUS off USB: core: Fix hang in usb_kill_urb by adding memory barriers usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS usb: common: ulpi: Fix crash in ulpi_match() usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge tty: Add support for Brainboxes UC cards. tty: n_gsm: fix SW flow control encoding/handling serial: stm32: fix software flow control transfer netfilter: nft_payload: do not update layer 4 checksum when mangling fragments PM: wakeup: simplify the output logic of pm_show_wakelocks() udf: Fix NULL ptr deref when converting from inline format udf: Restore i_lenAlloc when inode expansion fails scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices s390/hypfs: include z/VM guests with access control group set Bluetooth: refactor malicious adv data check ANDROID: incremental-fs: remove index and incomplete dir on umount BACKPORT: ipv6: Implement draft-ietf-6man-rfc4941bis Linux 4.14.264 drm/vmwgfx: Fix stale file descriptors on failed usercopy can: bcm: fix UAF of bcm op drm/i915: Flush TLBs before releasing backing store Linux 4.14.263 NFSv4: Initialise connection to the server in nfs4_alloc_client() gianfar: fix jumbo packets+napi+rx overrun crash gianfar: simplify FCS handling and fix memory leak fuse: fix live lock in fuse_iget() fuse: fix bad inode drm/ttm/nouveau: don't call tt destroy callback on alloc failure. mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue lib82596: Fix IRQ check in sni_82596_probe scripts/dtc: dtx_diff: remove broken example from help text bcmgenet: add WOL IRQ check net_sched: restore "mpu xxx" handling dmaengine: at_xdmac: Fix at_xdmac_lld struct definition dmaengine: at_xdmac: Fix lld view setting dmaengine: at_xdmac: Print debug message after realeasing the lock dmaengine: at_xdmac: Don't start transactions at tx_submit level libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() netns: add schedule point in ops_exit_list() net: axienet: fix number of TX ring slots for available check net: axienet: Wait for PhyRstCmplt after core reset af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses powerpc/cell: Fix clang -Wimplicit-fallthrough warning RDMA/rxe: Fix a typo in opcode name RDMA/hns: Modify the mapping attribute of doorbell to device Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization firmware: Update Kconfig help text for Google firmware drm/radeon: fix error handling in radeon_driver_open_kms crypto: stm32/crc32 - Fix kernel BUG triggered in probe() ext4: don't use the orphan list when migrating an inode ext4: Fix BUG_ON in ext4_bread when write quota data ext4: set csum seed in tmp inode while migrating to extents ext4: make sure quota gets properly shutdown on error iwlwifi: mvm: Increase the scan timeout guard to 30 seconds cputime, cpuacct: Include guest time in user time in cpuacct.stat serial: Fix incorrect rs485 polarity on uart open ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers power: bq25890: Enable continuous conversion for ADC at charging ASoC: mediatek: mt8173: fix device_node leak scsi: sr: Don't use GFP_DMA MIPS: Octeon: Fix build errors using clang i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters MIPS: OCTEON: add put_device() after of_find_device_by_node() ALSA: seq: Set upper limit of processed events w1: Misuse of get_user()/put_user() reported by sparse i2c: mpc: Correct I2C reset procedure powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING i2c: i801: Don't silently correct invalid transfer size powerpc/watchdog: Fix missed watchdog reset due to memory ordering race powerpc/btext: add missing of_node_put powerpc/cell: add missing of_node_put powerpc/powernv: add missing of_node_put powerpc/6xx: add missing of_node_put parisc: Avoid calling faulthandler_disabled() twice serial: core: Keep mctrl register state and cached copy in sync serial: pl010: Drop CR register reset on set_termios net: phy: marvell: configure RGMII delays for 88E1118 dm space map common: add bounds check to sm_ll_lookup_bitmap() dm btree: add a defensive bounds check to insert_at() mac80211: allow non-standard VHT MCS-10/11 net: mdio: Demote probed message to debug print btrfs: remove BUG_ON(!eie) in find_parent_nodes btrfs: remove BUG_ON() in find_parent_nodes() ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() ACPICA: Utilities: Avoid deleting the same object twice in a row ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions jffs2: GC deadlock reading a page that is used in jffs2_write_begin() um: registers: Rename function names to avoid conflicts and build problems iwlwifi: remove module loading failure message iwlwifi: fix leaks/bad data after failed firmware load ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 arm64: tegra: Adjust length of CCPLEX cluster MMIO region mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() media: igorplugusb: receiver overflow should be reported bpf: Do not WARN in bpf_warn_invalid_xdp_action() net: bonding: debug: avoid printing debug logs when bond is not notifying peers ath10k: Fix tx hanging iwlwifi: mvm: synchronize with FW after multicast commands media: m920x: don't use stack on USB reads media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. floppy: Add max size check for user space request usb: uhci: add aspeed ast2600 uhci support mwifiex: Fix skb_over_panic in mwifiex_usb_recv() HSI: core: Fix return freed object in hsi_new_client gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use drm/bridge: megachips: Ensure both bridges are probed before registration mlxsw: pci: Add shutdown method in PCI driver media: b2c2: Add missing check in flexcop_pci_isr: HID: apple: Do not reset quirks when the Fn key is not found usb: gadget: f_fs: Use stream_open() for endpoint files drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply fs: dlm: filter user dlm messages for kernel locks Bluetooth: Fix debugfs entry leak in hci_register_dev() RDMA/cxgb4: Set queue pair state when being queried mips: bcm63xx: add support for clk_set_parent() mips: lantiq: add support for clk_set_parent() misc: lattice-ecp3-config: Fix task hung when firmware load failed ASoC: samsung: idma: Check of ioremap return value iommu/iova: Fix race between FQ timeout and teardown dmaengine: pxa/mmp: stop referencing config->slave_id RDMA/core: Let ib_find_gid() continue search even after empty entry scsi: ufs: Fix race conditions related to driver data char/mwave: Adjust io port register size ALSA: oss: fix compile error when OSS_DEBUG is enabled powerpc/prom_init: Fix improper check of prom_getprop() RDMA/hns: Validate the pkey index ALSA: hda: Add missing rwsem around snd_ctl_remove() calls ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls ALSA: jack: Add missing rwsem around snd_ctl_remove() calls ext4: avoid trim error on fs with small groups net: mcs7830: handle usb read errors properly pcmcia: fix setting of kthread task states can: xilinx_can: xcan_probe(): check for error irq can: softing: softing_startstop(): fix set but not used variable warning tpm: add request_locality before write TPM_INT_ENABLE spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe fsl/fman: Check for null pointer after calling devm_ioremap ppp: ensure minimum packet size in ppp_write() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() x86/mce/inject: Avoid out-of-bounds write when setting flags usb: ftdi-elan: fix memory leak on device disconnect media: msi001: fix possible null-ptr-deref in msi001_probe() media: dw2102: Fix use after free sched/rt: Try to restart rt period timer when rt runtime exceeded media: si2157: Fix "warm" tuner state detection media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() media: dib8000: Fix a memleak in dib8000_init() floppy: Fix hang in watchdog when disk is ejected serial: amba-pl011: do not request memory region twice drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() arm64: dts: qcom: msm8916: fix MMC controller aliases netfilter: bridge: add support for pppoe filtering media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released tty: serial: atmel: Call dma_async_issue_pending() tty: serial: atmel: Check return code of dmaengine_submit() crypto: qce - fix uaf on qce_ahash_register_one media: dmxdev: fix UAF when dvb_register_device() fails Bluetooth: stop proccessing malicious adv data media: em28xx: fix memory leak in em28xx_init_dev wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND clk: bcm-2835: Remove rounding up the dividers clk: bcm-2835: Pick the closest clock rate Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode can: softing_cs: softingcs_probe(): fix memleak on registration failure media: stk1160: fix control-message timeouts media: pvrusb2: fix control-message timeouts media: redrat3: fix control-message timeouts media: dib0700: fix undefined behavior in tuner shutdown media: s2255: fix control-message timeouts media: cpia2: fix control-message timeouts media: em28xx: fix control-message timeouts media: mceusb: fix control-message timeouts media: flexcop-usb: fix control-message timeouts rtc: cmos: take rtc_lock while reading from CMOS nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() HID: wacom: Avoid using stale array indicies to read contact count HID: wacom: Ignore the confidence flag when a touch is removed HID: uhid: Fix worker destroying device without any protection Bluetooth: fix init and cleanup of sco_conn.timeout_work Bluetooth: schedule SCO timeouts with delayed_work rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled media: uvcvideo: fix division by zero at stream start orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() random: fix data race on crng init time random: fix data race on crng_node_pool can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status USB: core: Fix bug in resuming hub's handling of wakeup requests Bluetooth: bfusb: fix division by zero in send path ANDROID: incremental-fs: fix mount_fs issue UPSTREAM: drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions Linux 4.14.262 mISDN: change function names to avoid conflicts net: udp: fix alignment problem in udp4_seq_show() ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() ipv6: Do cleanup if attribute validation fails in multipath route ipv6: Continue processing multipath route even if gateway attribute is invalid phonet: refcount leak in pep_sock_accep rndis_host: support Hytera digital radios power: reset: ltc2952: Fix use of floating point literals xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route ipv6: Check attribute length for RTA_GATEWAY in multipath route i40e: Fix incorrect netdev's real number of RX/TX queues i40e: fix use-after-free in i40e_sync_filters_subtask() mac80211: initialize variable have_higher_than_11mbit RDMA/core: Don't infoleak GRH fields ieee802154: atusb: fix uninit value in atusb_set_extended_addr virtio_pci: Support surprise removal of virtio pci device tracing: Tag trace_percpu_buffer as a percpu pointer tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() Bluetooth: btusb: Apply QCA Rome patches for some ATH3012 models Linux 4.14.261 sctp: use call_rcu to free endpoint net: fix use-after-free in tw_timer_handler Input: spaceball - fix parsing of movement data packets Input: appletouch - initialize work before device registration scsi: vmw_pvscsi: Set residual data length conditionally binder: fix async_free_space accounting for empty parcels usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. uapi: fix linux/nfc.h userspace compilation errors nfc: uapi: use kernel size_t to fix user-space builds fsl/fman: Fix missing put_device() call in fman_port_probe NFC: st21nfca: Fix memory leak in device probe and remove net: usb: pegasus: Do not drop long Ethernet frames scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() selinux: initialize proto variable in selinux_ip_postroute_compat() recordmcount.pl: fix typo in s390 mcount regex platform/x86: apple-gmux: use resource_size() with res tee: handle lookup of shm with reference count 0 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option Linux 4.14.260 phonet/pep: refuse to enable an unbound pipe hamradio: improve the incomplete fix to avoid NPD hamradio: defer ax25 kfree after unregister_netdev ax25: NPD bug when detaching AX25 device hwmon: (lm90) Do not report 'busy' status bit as alarm KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state usb: gadget: u_ether: fix race in setting MAC address in setup phase f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines x86/pkey: Fix undefined behaviour with PKRU_WD_BIT Input: atmel_mxt_ts - fix double free in mxt_read_info_block ALSA: drivers: opl3: Fix incorrect use of vp->state ALSA: jack: Check the return value of kstrdup() hwmon: (lm90) Fix usage of CONFIG2 register in detect function sfc: falcon: Check null pointer of rx_queue->page_ring drivers: net: smc911x: Check for error irq fjes: Check for error irq bonding: fix ad_actor_system option setting to default net: skip virtio_net_hdr_set_proto if protocol already set net: accept UFOv6 packages in virtio_net_hdr_to_skb qlcnic: potential dereference null pointer of rx_queue->page_ring netfilter: fix regression in looped (broad|multi)cast's MAC handling IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() spi: change clk_disable_unprepare to clk_unprepare HID: holtek: fix mouse probing can: kvaser_usb: get CAN clock frequency from device net: usb: lan78xx: add Allied Telesis AT29M2-AF Linux 4.14.259 xen/netback: don't queue unlimited number of packages xen/netback: fix rx queue stall detection xen/console: harden hvc_xen against event channel storms xen/netfront: harden netfront against event channel storms xen/blkfront: harden blkfront against event channel storms Input: touchscreen - avoid bitwise vs logical OR warning ARM: 8800/1: use choice for kernel unwinders mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO ARM: 8805/2: remove unneeded naked function usage net: lan78xx: Avoid unnecessary self assignment scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() fuse: annotate lock in fuse_reverse_inval_entry() ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name firmware: arm_scpi: Fix string overflow in SCPI genpd driver net: systemport: Add global locking for descriptor lifecycle libata: if T_LENGTH is zero, dma direction should be DMA_NONE timekeeping: Really make sure wall_to_monotonic isn't positive USB: serial: option: add Telit FN990 compositions PCI/MSI: Mask MSI-X vectors only on success PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error USB: gadget: bRequestType is a bitfield, not a enum sit: do not call ipip6_dev_free() from sit_init_net() net/packet: rx_owner_map depends on pg_vec ixgbe: set X550 MDIO speed before talking to PHY igbvf: fix double free in `igbvf_probe` soc/tegra: fuse: Fix bitwise vs. logical OR warning dmaengine: st_fdma: fix MODULE_ALIAS ARM: socfpga: dts: fix qspi node compatible x86/sme: Explicitly map new EFI memmap table as encrypted x86: Make ARCH_USE_MEMREMAP_PROT a generic Kconfig symbol nfsd: fix use-after-free due to delegation race audit: improve robustness of the audit queue handling dm btree remove: fix use after free in rebalance_children() recordmcount.pl: look for jgnop instruction as well as bcrl on s390 mac80211: send ADDBA requests using the tid/queue of the aggregation session hwmon: (dell-smm) Fix warning on /proc/i8k creation error bpf: fix panic due to oob in bpf_prog_test_run_skb tracing: Fix a kmemleak false positive in tracing_map net: netlink: af_netlink: Prevent empty skb by adding a check on len. i2c: rk3x: Handle a spurious start completion interrupt flag parisc/agp: Annotate parisc agp init functions with __init net/mlx4_en: Update reported link modes for 1/10G drm/msm/dsi: set default num_data_lanes nfc: fix segfault in nfc_genl_dump_devices_done FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum Linux 4.14.258 irqchip: nvic: Fix offset for Interrupt Priority Offsets irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL irqchip/armada-370-xp: Fix support for Multi-MSI interrupts irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove iio: adc: axp20x_adc: fix charging current reporting on AXP22x iio: dln2: Check return value of devm_iio_trigger_register() iio: dln2-adc: Fix lockdep complaint iio: itg3200: Call iio_trigger_notify_done() on error iio: kxsd9: Don't return error code in trigger handler iio: ltr501: Don't return error code in trigger handler iio: mma8452: Fix trigger reference couting iio: stk3310: Don't return error code in interrupt handler iio: trigger: stm32-timer: fix MODULE_ALIAS iio: trigger: Fix reference counting usb: core: config: using bit mask instead of individual bits xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending usb: core: config: fix validation of wMaxPacketValue entries USB: gadget: zero allocate endpoint 0 buffers USB: gadget: detect too-big endpoint 0 requests net/qla3xxx: fix an error code in ql_adapter_up() net, neigh: clear whole pneigh_entry at alloc time net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() net: altera: set a couple error code in probe() net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero qede: validate non LSO skb length block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) tracefs: Set all files to the same group ownership as the mount option signalfd: use wake_up_pollfree() binder: use wake_up_pollfree() wait: add wake_up_pollfree() libata: add horkage for ASMedia 1092 can: m_can: Disable and ignore ELO interrupt can: pch_can: pch_can_rx_normal: fix use after free tracefs: Have new files inherit the ownership of their parent ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() ALSA: pcm: oss: Limit the period size to 16MB ALSA: pcm: oss: Fix negative period/buffer sizes ALSA: ctl: Fix copy of updated id with element read/write mm: bdi: initialize bdi_min_ratio when bdi is unregistered IB/hfi1: Correct guard on eager buffer deallocation seg6: fix the iif in the IPv6 socket control block nfp: Fix memory leak in nfp_cpp_area_cache_add() bpf: Fix the off-by-two error in range markings nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done can: sja1000: fix use after free in ems_pcmcia_add_card() HID: check for valid USB device for many HID drivers HID: wacom: fix problems when device is not a valid USB device HID: add USB_HID dependancy on some USB HID drivers HID: add USB_HID dependancy to hid-chicony HID: add USB_HID dependancy to hid-prodikeys HID: add hid_is_usb() function to make it simpler for USB detection UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers UPSTREAM: USB: gadget: detect too-big endpoint 0 requests Linux 4.14.257 parisc: Mark cr16 CPU clocksource unstable on all SMP machines serial: core: fix transmit-buffer reset and memleak serial: pl011: Add ACPI SBSA UART match id tty: serial: msm_serial: Deactivate RX DMA for polling support x86/64/mm: Map all kernel memory into trampoline_pgd usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect xhci: Fix commad ring abort, write all 64 bits to CRCR register. vgacon: Propagate console boot parameters before calling `vc_resize' parisc: Fix "make install" on newer debian releases parisc: Fix KBUILD_IMAGE for self-extracting kernel net/smc: Keep smc_close_final rc during active close net/rds: correct socket tunable error in rds_tcp_tune() net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() siphash: use _unaligned version by default net: mpls: Fix notifications when deleting a device net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() natsemi: xtensa: fix section mismatch warnings fget: check that the fd still exists after getting a ref to it fs: add fget_many() and fput_many() sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl kprobes: Limit max data_size of the kretprobe instances vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit perf hist: Fix memory leak of a perf_hpp_fmt net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() scsi: iscsi: Unblock session then wake up error handler thermal: core: Reset previous low and high trip during thermal zone init btrfs: check-integrity: fix a warning on write caching disabled disk s390/setup: avoid using memblock_enforce_memory_limit platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep net: return correct error code hugetlb: take PMD sharing into account when flushing tlb/caches NFSv42: Fix pagecache invalidation after COPY/CLONE ipc: WARN if trying to remove ipc object which is absent shm: extend forced shm destroy to support objects from several IPC nses tty: hvc: replace BUG_ON() with negative return value xen/netfront: don't trust the backend response data blindly xen/netfront: disentangle tx_skb_freelist xen/netfront: don't read data from request on the ring page xen/netfront: read response from backend only once xen/blkfront: don't trust the backend response data blindly xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: read response from backend only once xen: sync include/xen/interface/io/ring.h with Xen's newest version fuse: release pipe buf after last use NFC: add NCI_UNREG flag to eliminate the race proc/vmcore: fix clearing user buffer by properly using clear_user() hugetlbfs: flush TLBs correctly after huge_pmd_unshare arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function arm64: dts: marvell: armada-37xx: declare PCIe reset pin pinctrl: armada-37xx: Correct PWM pins definitions pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup pinctrl: armada-37xx: Correct mpp definitions PCI: aardvark: Fix checking for link up via LTSSM state PCI: aardvark: Fix link training PCI: Add PCI_EXP_LNKCTL2_TLS* macros PCI: aardvark: Fix PCIe Max Payload Size setting PCI: aardvark: Configure PCIe resources from 'ranges' DT property PCI: aardvark: Remove PCIe outbound window configuration PCI: aardvark: Update comment about disabling link training PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() PCI: aardvark: Fix compilation on s390 PCI: aardvark: Don't touch PCIe registers if no card connected PCI: aardvark: Introduce an advk_pcie_valid_device() helper PCI: aardvark: Indicate error in 'val' when config read fails PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros PCI: aardvark: Issue PERST via GPIO PCI: aardvark: Improve link training PCI: aardvark: Train link immediately after enabling training PCI: aardvark: Wait for endpoint to be ready before training link PCI: aardvark: Fix a leaked reference by adding missing of_node_put() PCI: aardvark: Fix I/O space page leak s390/mm: validate VMA in PGSTE manipulation functions tracing: Check pid filtering when creating events vhost/vsock: fix incorrect used length reported to the guest net/smc: Don't call clcsock shutdown twice when smc shutdown MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows PM: hibernate: use correct mode for swsusp_close() net/smc: Ensure the active closing peer first closes clcsock ipv6: fix typos in __ip6_finish_output() drm/vc4: fix error code in vc4_create_object() scsi: mpt3sas: Fix kernel panic during drive powercycle test ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE NFSv42: Don't fail clone() unless the OP_CLONE operation failed net: ieee802154: handle iftypes as u32 ASoC: topology: Add missing rwsem around snd_ctl_remove() calls ARM: dts: BCM5301X: Add interrupt properties to GPIO node ARM: dts: BCM5301X: Fix I2C controller interrupt netfilter: ipvs: Fix reuse connection if RS weight is 0 tracing: Fix pid filtering when triggers are attached xen: detect uninitialized xenbus in xenbus_init xen: don't continue xenstore initialization in case of errors fuse: fix page stealing staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts media: cec: copy sequence field for the reply ALSA: ctxfi: Fix out-of-range access binder: fix test regression due to sender_euid change usb: hub: Fix locking issues with address0_mutex usb: hub: Fix usb enumeration issue due to address0 race USB: serial: option: add Fibocom FM101-GL variants USB: serial: option: add Telit LE910S1 0x9200 composition Linux 4.14.256 soc/tegra: pmc: Fix imbalanced clock disabling in error code path usb: max-3421: Use driver data instead of maintaining a list of bound devices ASoC: DAPM: Cover regression by kctl change notification fix RDMA/netlink: Add __maybe_unused to static inline in C file batman-adv: Don't always reallocate the fragmentation skb head batman-adv: Reserve needed_*room for fragments batman-adv: Consider fragmentation for needed_headroom batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN perf/core: Avoid put_page() when GUP fails drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors drm/udl: fix control-message timeout cfg80211: call cfg80211_stop_ap when switch from P2P_GO type parisc/sticon: fix reverse colors btrfs: fix memory ordering between normal and ordered work functions mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag hexagon: export raw I/O routines for modules tun: fix bonding active backup with arp monitoring perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server NFC: reorder the logic in nfc_{un,}register_device NFC: reorganize the functions in nci_request i40e: Fix NULL ptr dereference on VSI filter sync net: virtio_net_hdr_to_skb: count transport header in UFO platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' mips: lantiq: add support for clk_get_parent() mips: bcm63xx: add support for clk_get_parent() MIPS: generic/yamon-dt: fix uninitialized variable error iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset net: bnx2x: fix variable dereferenced before check sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain() mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set sh: define __BIG_ENDIAN for math-emu sh: fix kconfig unmet dependency warning for FRAME_POINTER maple: fix wrong return value of maple_bus_init(). sh: check return code of request_irq powerpc/dcr: Use cmplwi instead of 3-argument cmpli ALSA: gus: fix null pointer dereference on pointer block powerpc/5200: dts: fix memory node unit name scsi: target: Fix alua_tg_pt_gps_count tracking scsi: target: Fix ordered tag handling MIPS: sni: Fix the build tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc usb: host: ohci-tmio: check return value after calling platform_get_resource() ARM: dts: omap: fix gpmc,mux-add-data type scsi: advansys: Fix kernel pointer leak usb: musb: tusb6010: check return value after calling platform_get_resource() scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() arm64: zynqmp: Fix serial compatible string PCI/MSI: Destroy sysfs before freeing entries parisc/entry: fix trace test in syscall exit path tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT ext4: fix lazy initialization next schedule time computation in more granular unit PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros s390/cio: check the subchannel validity for dev_busid mm, oom: do not trigger out_of_memory from the #PF mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 powerpc/bpf: Validate branch ranges powerpc/lib: Add helper to check if offset is within conditional branch range ARM: 9156/1: drop cc-option fallbacks for architecture selection ARM: 9155/1: fix early early_iounmap() USB: chipidea: fix interrupt deadlock vsock: prevent unnecessary refcnt inc for nonblocking connect nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails llc: fix out-of-bound array index in llc_sk_dev_hash() mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration() bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses net: davinci_emac: Fix interrupt pacing disable xen-pciback: Fix return in pm_ctrl_init() i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' scsi: qla2xxx: Turn off target reset during issue_lip ar7: fix kernel builds for compiler test watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT m68k: set a default value for MEMORY_RESERVE dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` netfilter: nfnetlink_queue: fix OOB when mac header was cleared auxdisplay: ht16k33: Fix frame buffer device blanking auxdisplay: ht16k33: Connect backlight to fbdev auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() fs: orangefs: fix error return code of orangefs_revalidate_lookup() NFS: Fix deadlocks in nfs_scan_commit_list() PCI: aardvark: Don't spam about PIO Response Status drm/plane-helper: fix uninitialized variable reference pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds rpmsg: Fix rpmsg_create_ept return when RPMSG config is not defined apparmor: fix error check power: supply: bq27xxx: Fix kernel crash on IRQ handler register error mips: cm: Convert to bitfield API to fix out-of-bounds access serial: xilinx_uartps: Fix race condition causing stuck TX ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER ASoC: cs42l42: Correct some register default values RDMA/mlx4: Return missed an error if device doesn't support steering scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() power: supply: rt5033_battery: Change voltage values to µV usb: gadget: hid: fix error code in do_config() serial: 8250_dw: Drop wrong use of ACPI_PTR() video: fbdev: chipsfb: use memset_io() instead of memset() memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe soc/tegra: Fix an error handling path in tegra_powergate_power_up() arm: dts: omap3-gta04a4: accelerometer irq fix ALSA: hda: Reduce udelay() at SKL+ position reporting JFS: fix memleak in jfs_mount MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT scsi: dc395: Fix error case unwinding ARM: dts: at91: tse850: the emac<->phy interface is rmii ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() RDMA/rxe: Fix wrong port_cap_flags ibmvnic: Process crqs after enabling interrupts crypto: pcrypt - Delay write to padata->info net: phylink: avoid mvneta warning when setting pause parameters net: amd-xgbe: Toggle PLL settings during rate change libertas: Fix possible memory leak in probe and disconnect libertas_tf: Fix possible memory leak in probe and disconnect samples/kretprobes: Fix return value if register_kretprobe() failed irq: mips: avoid nested irq_enter() s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap() smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi PM: hibernate: fix sparse warnings phy: micrel: ksz8041nl: do not use power down mode mwifiex: Send DELBA requests according to spec platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning mmc: mxs-mmc: disable regulator on error and in the remove function net: stream: don't purge sk_error_queue in sk_stream_kill_queues() drm/msm: uninitialized variable in msm_gem_import() ath10k: fix max antenna gain unit hwmon: Fix possible memleak in __hwmon_device_register() memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() memstick: avoid out-of-range warning b43: fix a lower bounds test b43legacy: fix a lower bounds test hwrng: mtk - Force runtime pm ops for sleep ops crypto: qat - disregard spurious PFVF interrupts crypto: qat - detect PFVF collision after ACK ath9k: Fix potential interrupt storm on queue reset cpuidle: Fix kobject memory leaks in error paths media: cx23885: Fix snd_card_free call on null card pointer media: si470x: Avoid card name truncation media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' media: dvb-usb: fix ununit-value in az6027_rc_query cgroup: Make rebind_subsystems() disable v2 controllers all at once parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling task_stack: Fix end_of_stack() for architectures with upwards-growing stack parisc: fix warning in flush_tlb_all spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() ARM: 9136/1: ARMv7-M uses BE-8, not BE-32 gre/sit: Don't generate link-local addr if addr_gen_mode is IN6_ADDR_GEN_MODE_NONE ARM: clang: Do not rely on lr register for stacktrace smackfs: use __GFP_NOFAIL for smk_cipso_doi() iwlwifi: mvm: disable RX-diversity in powersave PM: hibernate: Get block device exclusively in swsusp_check() mwl8k: Fix use-after-free in mwl8k_fw_state_machine() tracing/cfi: Fix cmp_entries_* functions signature mismatch lib/xz: Validate the value before assigning it to an enum variable lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression memstick: r592: Fix a UAF bug when removing the driver leaking_addresses: Always print a trailing newline ACPI: battery: Accept charges over the design capacity as full ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() tracefs: Have tracefs directories not set OTH permission bits by default media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() ACPICA: Avoid evaluating methods too early during system resume ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK media: mceusb: return without resubmitting URB in case of -EPROTO error. media: s5p-mfc: Add checking to s5p_mfc_probe(). media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() media: uvcvideo: Set capability in s_param media: netup_unidvb: handle interrupt properly according to the firmware media: mt9p031: Fix corrupted frame after restarting stream mwifiex: Properly initialize private structure on interface type changes mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type x86: Increase exception stack sizes smackfs: Fix use-after-free in netlbl_catmap_walk() locking/lockdep: Avoid RCU-induced noinstr fail MIPS: lantiq: dma: reset correct number of channel MIPS: lantiq: dma: add small delay after reset platform/x86: wmi: do not fail if disabling fails Bluetooth: fix use-after-free error in lock_sock_nested() Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() USB: iowarrior: fix control-message timeouts USB: serial: keyspan: fix memleak on probe errors iio: dac: ad5446: Fix ad5622_write() return value pinctrl: core: fix possible memory leak in pinctrl_enable() quota: correct error number in free_dqentry() quota: check block number when reading the block in quota file PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG PCI: aardvark: Fix return value of MSI domain .alloc() method PCI: aardvark: Do not unmask unused interrupts PCI: aardvark: Do not clear status bits of masked interrupts xen/balloon: add late_initcall_sync() for initial ballooning done ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume ALSA: mixer: oss: Fix racy access to slots serial: core: Fix initializing and restoring termios speed powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found power: supply: max17042_battery: use VFSOC for capacity when no rsns power: supply: max17042_battery: Prevent int underflow in set_soc_threshold signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT signal: Remove the bogus sigkill_pending in ptrace_stop RDMA/qedr: Fix NULL deref for query_qp on the GSI QP wcn36xx: handle connection loss indication libata: fix checking of DMA state mwifiex: Read a PCI register after writing the TX ring write pointer wcn36xx: Fix HT40 capability for 2Ghz band evm: mark evm_fixmode as __ro_after_init rtl8187: fix control-message timeouts PCI: Mark Atheros QCA6174 to avoid bus reset ath10k: fix division by zero in send path ath10k: fix control-message timeout ath6kl: fix control-message timeout ath6kl: fix division by zero in send path mwifiex: fix division by zero in fw download path EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled hwmon: (pmbus/lm25066) Add offset coefficients btrfs: fix lost error handling when replaying directory deletes vmxnet3: do not stop tx queues after netif_device_detach() watchdog: Fix OMAP watchdog early handling spi: spl022: fix Microwire full duplex mode xen/netfront: stop tx queues during live migration bpf: Prevent increasing bpf_jit_limit above max mmc: winbond: don't build on M68K hyperv/vmbus: include linux/bitops.h sfc: Don't use netif_info before net_device setup cavium: Fix return values of the probe function scsi: qla2xxx: Fix unmap of already freed sgl cavium: Return negative value when pci_alloc_irq_vectors() fails x86/irq: Ensure PI wakeup handler is unregistered before module unload ALSA: timer: Unconditionally unlink slave instances, too ALSA: timer: Fix use-after-free problem ALSA: synth: missing check for possible NULL after the call to kstrdup ALSA: line6: fix control and interrupt message timeouts ALSA: 6fire: fix control and bulk message timeouts ALSA: ua101: fix division by zero at probe media: ite-cir: IR receiver stop working after receive overflow tpm: Check for integer overflow in tpm2_map_response_body() parisc: Fix ptrace check on syscall return mmc: dw_mmc: Dont wait for DRTO on Write RSP error ocfs2: fix data corruption on truncate libata: fix read log timeout value Input: i8042 - Add quirk for Fujitsu Lifebook T725 Input: elantench - fix misreporting trackpoint coordinates binder: use cred instead of task for selinux checks binder: use euid from cred instead of using task xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay ANDROID: usb: gadget: f_accessory: Mitgate handling of non-existent USB request ANDROID: arm64: process: Match upstream formatting when dumping memory areas FROMGIT: binder: fix test regression due to sender_euid change BACKPORT: binder: use cred instead of task for selinux checks UPSTREAM: binder: use euid from cred instead of using task Linux 4.14.255 rsi: fix control-message timeout staging: rtl8192u: fix control-message timeouts staging: r8712u: fix control-message timeout comedi: vmk80xx: fix bulk and interrupt message timeouts comedi: vmk80xx: fix bulk-buffer overflow comedi: vmk80xx: fix transfer-buffer overflows comedi: ni_usb6501: fix NULL-deref in command paths comedi: dt9812: fix DMA buffers on stack isofs: Fix out of bound access for corrupted isofs image printk/console: Allow to disable console output by using console="" or console=null usb-storage: Add compatibility quirk flags for iODD 2531/2541 usb: musb: Balance list entry in musb_gadget_queue usb: gadget: Mark USB_FSL_QE broken on 64-bit Revert "x86/kvm: fix vcpu-id indexed array sizes" block: introduce multi-page bvec helpers IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields IB/qib: Use struct_size() helper ARM: 9120/1: Revert "amba: make use of -1 IRQs warn" arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() scsi: core: Put LLD module refcnt after SCSI device is released UPSTREAM: security: selinux: allow per-file labeling for bpffs Linux 4.14.254 sctp: add vtag check in sctp_sf_ootb sctp: add vtag check in sctp_sf_do_8_5_1_E_sa sctp: add vtag check in sctp_sf_violation sctp: fix the processing for COOKIE_ECHO chunk sctp: use init_tag from inithdr for ABORT chunk net: nxp: lpc_eth.c: avoid hang when bringing interface down nios2: Make NIOS2_DTB_SOURCE_BOOL depend on !COMPILE_TEST net: batman-adv: fix error handling regmap: Fix possible double-free in regcache_rbtree_exit() net: lan78xx: fix division by zero in send path mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit mmc: sdhci: Map more voltage level to SDHCI_POWER_330 mmc: dw_mmc: exynos: fix the finding clock sample value mmc: vub300: fix control-message timeouts ipv4: use siphash instead of Jenkins in fnhe_hashfun() Revert "net: mdiobus: Fix memory leak in __mdiobus_register" nfc: port100: fix using -ERRNO as command type mask ata: sata_mv: Fix the error handling of mv_chip_id() usbnet: fix error return code in usbnet_probe() usbnet: sanity check for maxpacket ARM: 8819/1: Remove '-p' from LDFLAGS powerpc/bpf: Fix BPF_MOD when imm == 1 ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype ARM: 9134/1: remove duplicate memcpy() definition ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned ANDROID: Incremental fs: Fix dentry get/put imbalance on vfs_mkdir() failure Linux 4.14.253 ARM: 9122/1: select HAVE_FUTEX_CMPXCHG tracing: Have all levels of checks prevent recursion net: mdiobus: Fix memory leak in __mdiobus_register scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() ALSA: hda: avoid write to STATESTS if controller is in reset platform/x86: intel_scu_ipc: Update timeout value in comment isdn: mISDN: Fix sleeping function called from invalid context ARM: dts: spear3xx: Fix gmac node net: stmmac: add support for dwmac 3.40a btrfs: deal with errors when checking if a dir entry exists during log replay netfilter: Kconfig: use 'default y' instead of 'm' for bool config option isdn: cpai: check ctr->cnr to avoid array index out of bound nfc: nci: fix the UAF of rf_conn_info object ASoC: DAPM: Fix missing kctl change notifications ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset vfs: check fd has read access in kernel_read_file_from_fd() elfcore: correct reference to CONFIG_UML ocfs2: mount fails with buffer overflow in strlen ocfs2: fix data corruption after conversion from inline format can: peak_pci: peak_pci_remove(): fix UAF can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification can: rcar_can: fix suspend/resume NIOS2: irqflags: rename a redefined register name netfilter: ipvs: make global sysctl readonly in non-init netns NFSD: Keep existing listeners on portlist error xtensa: xtfpga: Try software restart before simulating CPU reset xtensa: xtfpga: use CONFIG_USE_OF instead of CONFIG_OF ARM: dts: at91: sama5d2_som1_ek: disable ISC node by default btrfs: always wait on ordered extents at fsync time Linux 4.14.252 r8152: select CRC32 and CRYPTO/CRYPTO_HASH/CRYPTO_SHA256 qed: Fix missing error code in qed_slowpath_start() acpi/arm64: fix next_platform_timer() section mismatch error drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling drm/msm: Fix null pointer dereference on pointer edp pata_legacy: fix a couple uninitialized variable bugs NFC: digital: fix possible memory leak in digital_in_send_sdd_req() NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() nfc: fix error handling of nfc_proto_register() ethernet: s2io: fix setting mac address during resume net: encx24j600: check error in devm_regmap_init_encx24j600 net: korina: select CRC32 net: arc: select CRC32 sctp: account stream padding length for reconf chunk iio: ssp_sensors: fix error code in ssp_print_mcu_debug() iio: ssp_sensors: add more range checking in ssp_parse_dataframe() iio: light: opt3001: Fixed timeout error when 0 lux iio: adc128s052: Fix the error handling path of 'adc128_probe()' iio: adc: aspeed: set driver data when adc probe. x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells virtio: write back F_VERSION_1 before validate USB: serial: option: add prod. id for Quectel EG91 USB: serial: option: add Telit LE910Cx composition 0x1204 USB: serial: option: add Quectel EC200S-CN module support USB: serial: qcserial: add EM9191 QDL support Input: xpad - add support for another USB ID of Nacon GC-100 usb: musb: dsps: Fix the probe error path efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() efi/cper: use stack buffer for error record decoding cb710: avoid NULL pointer subtraction xhci: Enable trust tx length quirk for Fresco FL11 USB controller xhci: Fix command ring pointer corruption while aborting a command btrfs: check for error when looking up inode during dir entry replay btrfs: deal with errors when adding inode reference during log replay btrfs: deal with errors when replaying dir entry during log replay s390: fix strrchr() implementation ALSA: seq: Fix a potential UAF by wrong private_free call order stable: clamp SUBLEVEL in 4.14 BACKPORT: dmabuf: fix use-after-free of dmabuf's file->f_inode BACKPORT: cgroup: make per-cgroup pressure stall tracking configurable Linux 4.14.251 sched: Always inline is_percpu_thread() perf/x86: Reset destroy callback on event init failure scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" scsi: ses: Fix unsigned comparison with less than zero net: sun: SUNVNET_COMMON should depend on INET m68k: Handle arrivals of multiple signals correctly mac80211: Drop frames from invalid MAC address in ad-hoc mode netfilter: ip6_tables: zero-initialize fragment offset HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS net: phy: bcm7xxx: Fixed indirect MMD operations i2c: acpi: fix resource leak in reconfiguration device addition i40e: fix endless loop under rtnl rtnetlink: fix if_nlmsg_stats_size() under estimation drm/nouveau/debugfs: fix file release memory leak netlink: annotate data races around nlk->bound net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence ptp_pch: Load module automatically if ID matches powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 net_sched: fix NULL deref in fifo_set_limit() phy: mdio: fix memory leak bpf: Fix integer overflow in prealloc_elems_and_freelist() xtensa: call irqchip_init only when CONFIG_USE_OF is selected bpf, mips: Validate conditional branch offsets bpf: add also cbpf long jump test cases with heavy expansion ARM: dts: qcom: apq8064: use compatible which contains chipid ARM: dts: omap3430-sdp: Fix NAND device node xen/balloon: fix cancelled balloon action nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero ovl: fix missing negative dentry check in ovl_rename() USB: cdc-acm: fix break reporting USB: cdc-acm: fix racy tty buffer accesses Partially revert "usb: Kconfig: using select for USB_COMMON dependency" Linux 4.14.250 lib/timerqueue: Rely on rbtree semantics for next timer libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD. scsi: ses: Retry failed Send/Receive Diagnostic commands usb: dwc2: check return value after calling platform_get_resource() usb: testusb: Fix for showing the connection speed scsi: sd: Free scsi_disk device via put_device() ext2: fix sleeping in atomic bugs on error sparc64: fix pci_iounmap() when CONFIG_PCI is not set xen-netback: correct success/error reporting for the SKB-with-fraglist case net: mdio: introduce a shutdown method to mdio device drivers Linux 4.14.249 cred: allow get_cred() and put_cred() to be given NULL. HID: usbhid: free raw_report buffers in usbhid_stop netfilter: ipset: Fix oversized kvmalloc() calls HID: betop: fix slab-out-of-bounds Write in betop_probe crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() usb: hso: remove the bailout parameter usb: hso: fix error handling code of hso_create_net_device hso: fix bailout in error case of probe arm64: Extend workaround for erratum 1024718 to all versions of Cortex-A55 ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE ARM: 9079/1: ftrace: Add MODULE_PLTS support ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() ARM: 9077/1: PLT: Move struct plt_entries definition to header EDAC/synopsys: Fix wrong value type assignment for edac_mode net: udp: annotate data race around udp_sk(sk)->corkflag ext4: fix potential infinite loop in ext4_dx_readdir() ipack: ipoctal: fix module reference leak ipack: ipoctal: fix missing allocation-failure check ipack: ipoctal: fix tty-registration error handling ipack: ipoctal: fix tty registration race ipack: ipoctal: fix stack information leak af_unix: fix races in sk_peer_pid and sk_peer_cred accesses scsi: csiostor: Add module softdep on cxgb4 e100: fix buffer overrun in e100_get_regs e100: fix length calculation in e100_get_regs_len hwmon: (tmp421) fix rounding for negative values sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 mac80211: fix use-after-free in CCMP/GCMP RX cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory cpufreq: schedutil: Use kobject release() method to free sugov_tunables tty: Fix out-of-bound vmalloc access in imageblit qnx4: work around gcc false positive warning bug xen/balloon: fix balloon kthread freezing PCI: aardvark: Fix checking for PIO status PCI: aardvark: Fix checking for PIO Non-posted Request arm64: dts: marvell: armada-37xx: Extend PCIe MEM space spi: Fix tegra20 build with CONFIG_PM=n net: 6pack: Fix tx timeout and slot time alpha: Declare virt_to_phys and virt_to_bus parameter as pointer to volatile arm64: Mark __stack_chk_guard as __ro_after_init parisc: Use absolute_pointer() to define PAGE0 qnx4: avoid stringop-overread errors sparc: avoid stringop-overread errors net: i825xx: Use absolute_pointer for memcpy from fixed memory location compiler.h: Introduce absolute_pointer macro xen/balloon: use a kernel thread instead a workqueue m68k: Double cast io functions to unsigned long net: stmmac: allow CSR clock of 300MHz net: macb: fix use after free on rmmod blktrace: Fix uaf in blk_trace access after removing by sysfs md: fix a lock order reversal in md_alloc irqchip/gic-v3-its: Fix potential VPE leak on error thermal/core: Potential buffer overflow in thermal_build_list_of_policies() scsi: iscsi: Adjust iface sysfs attr detection net/mlx4_en: Don't allow aRFS for encapsulated packets bnxt_en: Fix TX timeout when TX ring size is set to the smallest net: hso: fix muxed tty registration serial: mvebu-uart: fix driver's tx_empty callback mcb: fix error handling in mcb_alloc_bus() USB: serial: option: add device id for Foxconn T99W265 USB: serial: option: remove duplicate USB device ID USB: serial: option: add Telit LN920 compositions USB: serial: mos7840: remove duplicated 0xac24 device ID Re-enable UAS for LaCie Rugged USB3-FW with fk quirk staging: greybus: uart: fix tty use after free USB: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c xen/x86: fix PV trap handling on secondary processors cifs: fix incorrect check for null pointer in header_assemble usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() usb: gadget: r8a66597: fix a loop in set_feature() ocfs2: drop acl cache for directories too Linux 4.14.248 drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV blk-throttle: fix UAF by deleteing timer in blk_throtl_exit() pwm: rockchip: Don't modify HW state in .remove() callback nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group nilfs2: fix NULL pointer in nilfs_##name##_attr_release nilfs2: fix memory leak in nilfs_sysfs_create_device_group ceph: lockdep annotations for try_nonblocking_invalidate dmaengine: xilinx_dma: Set DMA mask for coherent APIs dmaengine: ioat: depends on !UML parisc: Move pci_dev_is_behind_card_dino to where it is used Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH pwm: lpc32xx: Don't modify HW state in .probe() after the PWM chip was registered profiling: fix shift-out-of-bounds bugs prctl: allow to setup brk for et_dyn executables 9p/trans_virtio: Remove sysfs file on probe failure thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() dmaengine: acpi: Avoid comparison GSI with Linux vIRQ sctp: add param size validation for SCTP_PARAM_SET_PRIMARY sctp: validate chunk size in __rcv_asconf_lookup crypto: talitos - fix max key size for sha384 and sha512 apparmor: remove duplicate macro list_entry_is_head() rcu: Fix missed wakeup of exp_wq waiters s390/bpf: Fix optimizing out zero-extensions Linux 4.14.247 s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant net: renesas: sh_eth: Fix freeing wrong tx descriptor qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom netfilter: socket: icmp6: fix use-after-scope net: dsa: b53: Fix calculating number of switch ports ARC: export clear_user_page() for modules mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n ethtool: Fix an error code in cxgb2.c net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920 PCI: Add ACS quirks for Cavium multi-function devices mfd: Don't use irq_create_mapping() to resolve a mapping dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() tcp: fix tp->undo_retrans accounting in tcp_sacktag_one() net/af_unix: fix a data-race in unix_dgram_poll events: Reuse value read using READ_ONCE instead of re-reading it tipc: increase timeout in tipc_sk_enqueue() r6040: Restore MDIO clock frequency after MAC reset net/l2tp: Fix reference count leak in l2tp_udp_recv_core dccp: don't duplicate ccid when cloning dccp sock ptp: dp83640: don't define PAGE0 net-caif: avoid user-triggerable WARN_ON(1) x86/mm: Fix kern_addr_valid() to cope with existing but not present entries PM: base: power: don't try to use non-existing RTC for storing data bnx2x: Fix enabling network interfaces without VFs xen: reset legacy rtc flag for PV domU platform/chrome: cros_ec_proto: Send command again when timeout occurs memcg: enable accounting for pids in nested pid namespaces mm/hugetlb: initialize hugetlb_usage in mm_init cpufreq: powernv: Fix init_chip_info initialization in numa=off scsi: qla2xxx: Sync queue idx with queue_pair_map idx scsi: BusLogic: Fix missing pr_cont() use parisc: fix crash with signals and alloca net: w5100: check return value after calling platform_get_resource() net: fix NULL pointer reference in cipso_v4_doi_free ath9k: fix sleeping in atomic context ath9k: fix OOB read ar9300_eeprom_restore_internal parport: remove non-zero check on count ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B ASoC: rockchip: i2s: Fix regmap_ops hang usbip:vhci_hcd USB port can get stuck in the disabled state usbip: give back URBs for unsent unlink requests during cleanup usb: musb: musb_dsps: request_irq() after initializing musb Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set" cifs: fix wrong release in sess_alloc_buffer() failed path selftests/bpf: Enlarge select() timeout for test_maps mmc: rtsx_pci: Fix long reads when clock is prescaled mmc: sdhci-of-arasan: Check return value of non-void funtions gfs2: Don't call dlm after protocol is unmounted staging: rts5208: Fix get_ms_information() heap buffer size rpc: fix gss_svc_init cleanup on failure ARM: tegra: tamonten: Fix UART pad setting gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() Bluetooth: avoid circular locks in sco_sock_connect net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe() arm64: dts: qcom: sdm660: use reg value for memory node media: v4l2-dv-timings.c: fix wrong condition in two for-loops ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output Bluetooth: skip invalid hci_sync_conn_complete_evt ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() staging: ks7010: Fix the initialization of the 'sleep_status' structure serial: 8250_pci: make setup_port() parameters explicitly unsigned hvsi: don't panic on tty_register_driver failure xtensa: ISS: don't panic in rs_init serial: 8250: Define RX trigger levels for OxSemi 950 devices s390/jump_label: print real address in a case of a jump label bug flow_dissector: Fix out-of-bounds warnings ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs() video: fbdev: riva: Error out if 'pixclock' equals zero video: fbdev: kyro: Error out if 'pixclock' equals zero video: fbdev: asiliantfb: Error out if 'pixclock' equals zero bpf/tests: Do not PASS tests without actually testing the result bpf/tests: Fix copy-and-paste error in double word test tty: serial: jsm: hold port lock when reporting modem line changes staging: board: Fix uninitialized spinlock when attaching genpd usb: gadget: composite: Allow bMaxPower=0 if self-powered usb: gadget: u_ether: fix a potential null pointer dereference usb: host: fotg210: fix the actual_length of an iso packet usb: host: fotg210: fix the endpoint's transactional opportunities calculation Smack: Fix wrong semantics in smk_access_entry() netlink: Deal with ESRCH error in nlmsg_notify() video: fbdev: kyro: fix a DoS bug by restricting user input ARM: dts: qcom: apq8064: correct clock names iio: dac: ad5624r: Fix incorrect handling of an optional regulator. PCI: Use pci_update_current_state() in pci_enable_device_flags() crypto: mxs-dcp - Use sg_mapping_iter to copy data media: dib8000: rewrite the init prbs logic MIPS: Malta: fix alignment of the devicetree buffer scsi: qedi: Fix error codes in qedi_alloc_global_queues() pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() openrisc: don't printk() unconditionally vfio: Use config not menuconfig for VFIO_NOIOMMU pinctrl: samsung: Fix pinctrl bank pin count docs: Fix infiniband uverbs minor number RDMA/iwcm: Release resources if iw_cm module initialization fails HID: input: do not report stylus battery state as "full" PCI: aardvark: Fix masking and unmasking legacy INTx interrupts PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response PCI: xilinx-nwl: Enable the clock through CCF PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported ARM: 9105/1: atags_to_fdt: don't warn about stack size libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs media: rc-loopback: return number of emitters rather than error media: uvc: don't do DMA on stack VMCI: fix NULL pointer dereference when unmapping queue pair dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() power: supply: max17042: handle fails of reading status register block: bfq: fix bfq_set_next_ioprio_data() crypto: public_key: fix overflow during implicit conversion soc: aspeed: lpc-ctrl: Fix boundary check for mmap 9p/xen: Fix end of loop tests for list_for_each_entry include/linux/list.h: add a macro to test if entry is pointing to the head xen: fix setting of max_pfn in shared_info powerpc/perf/hv-gpci: Fix counter value parsing PCI/MSI: Skip masking MSI-X on Xen PV blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN blk-zoned: allow zone management send operations without CAP_SYS_ADMIN rtc: tps65910: Correct driver module alias fbmem: don't allow too huge resolutions clk: kirkwood: Fix a clocking boot regression backlight: pwm_bl: Improve bootloader/kernel device handover IMA: remove -Wmissing-prototypes warning KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted x86/resctrl: Fix a maybe-uninitialized build warning treated as error tty: Fix data race between tiocsti() and flush_to_ldisc() netns: protect netns ID lookups with RCU net: qualcomm: fix QCA7000 checksum handling net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed ipv4: make exception cache less predictible bcma: Fix memory leak for internally-handled cores ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() tty: serial: fsl_lpuart: fix the wrong mapbase value usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available usb: ehci-orion: Handle errors of clk_prepare_enable() in probe i2c: mt65xx: fix IRQ check CIFS: Fix a potencially linear read overflow mmc: moxart: Fix issue with uninitialized dma_slave_config mmc: dw_mmc: Fix issue with uninitialized dma_slave_config i2c: s3c2410: fix IRQ check i2c: iop3xx: fix deferred probing Bluetooth: add timeout sanity check to hci_inquiry usb: gadget: mv_u3d: request_irq() after initializing UDC mac80211: Fix insufficient headroom issue for AMSDU usb: phy: tahvo: add IRQ check usb: host: ohci-tmio: add IRQ check Bluetooth: Move shutdown callback before flushing tx and rx queue usb: phy: twl6030: add IRQ checks usb: phy: fsl-usb: add IRQ check usb: gadget: udc: at91: add IRQ check drm/msm/dsi: Fix some reference counted resource leaks Bluetooth: fix repeated calls to sco_sock_kill arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7 Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow soc: qcom: smsm: Fix missed interrupts if state changes while masked PCI: PM: Enable PME if it can be signaled from D3cold PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently media: em28xx-input: fix refcount bug in em28xx_usb_disconnect i2c: highlander: add IRQ check net: cipso: fix warnings in netlbl_cipsov4_add_std tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos Bluetooth: sco: prevent information leak in sco_conn_defer_accept() media: go7007: remove redundant initialization media: dvb-usb: fix uninit-value in vp702x_read_mac_addr media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally certs: Trigger creation of RSA module signing key if it's not an RSA key crypto: qat - use proper type for vf_mask clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel spi: spi-pic32: Fix issue with uninitialized dma_slave_config spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config m68k: emu: Fix invalid free in nfeth_cleanup() udf_get_extendedattr() had no boundary checks. crypto: qat - do not export adf_iov_putmsg() crypto: qat - fix naming for init/shutdown VF to PF notifications crypto: qat - fix reuse of completion variable crypto: qat - handle both source of interrupt in VF ISR crypto: qat - do not ignore errors from enable_vf2pf_comms() libata: fix ata_host_start() s390/cio: add dev_busid sysfs entry for each subchannel power: supply: max17042_battery: fix typo in MAx17042_TOFF nvme-rdma: don't update queue count when failing to set io queues isofs: joliet: Fix iocharset=utf8 mount option udf: Check LVID earlier crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors crypto: mxs-dcp - Check for DMA mapping errors regmap: fix the offset of register error log PCI: Call Max Payload Size-related fixup quirks early x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions usb: host: xhci-rcar: Don't reload firmware after the completion Revert "btrfs: compression: don't try to compress if we don't have enough pages" mm/page_alloc: speed up the iteration of max_order net: ll_temac: Remove left-over debug message powerpc/boot: Delete unneeded .globl _zimage_start powerpc/module64: Fix comment in R_PPC64_ENTRY handling crypto: talitos - reduce max key size for SEC1 mm/kmemleak.c: make cond_resched() rate-limiting more efficient s390/disassembler: correct disassembly lines alignment ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2) ath10k: fix recent bandwidth conversion bug f2fs: fix potential overflow USB: serial: mos7720: improve OOM-handling in read_mos_reg() igmp: Add ip_mc_list lock in ip_check_mc_rcu media: stkwebcam: fix memory leak in stk_camera_probe clk: fix build warning for orphan_list ALSA: pcm: fix divide error in snd_pcm_lib_ioctl ARM: 8918/2: only build return_address() if needed cryptoloop: add a deprecation warning perf/x86/amd/ibs: Work around erratum #1197 perf/x86/intel/pt: Fix mask of num_address_ranges qede: Fix memset corruption net: macb: Add a NULL check on desc_ptp qed: Fix the VF msix vectors flow xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG ext4: fix race writing to an inline_data file while its xattrs are changing Linux 4.14.246 Revert "floppy: reintroduce O_NDELAY fix" KVM: X86: MMU: Use the correct inherited permissions to get shadow page KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs fbmem: add margin check to fb_check_caps() vt_kdsetmode: extend console locking net/rds: dma_map_sg is entitled to merge entries drm/nouveau/disp: power down unused DP links during init drm: Copy drm_wait_vblank to user before returning vringh: Use wiov->used to check for read/write desc order virtio: Improve vq->broken access to avoid any compiler optimization opp: remove WARN when no valid OPPs remain usb: gadget: u_audio: fix race condition on endpoint stop net: marvell: fix MVNETA_TX_IN_PRGRS bit number xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' ip_gre: add validation for csum_start e1000e: Fix the max snoop/no-snoop latency for 10M IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() usb: dwc3: gadget: Stop EP0 transfers during pullup disable usb: dwc3: gadget: Fix dwc3_calc_trbs_left() USB: serial: option: add new VID/PID to support Fibocom FG150 Revert "USB: serial: ch341: fix character loss at high transfer rates" can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters ARC: Fix CONFIG_STACKDEPOT Linux 4.14.245 netfilter: nft_exthdr: fix endianness of tcp option cast fs: warn about impending deprecation of mandatory locks locks: print a warning when mount fails due to lack of "mand" support ASoC: intel: atom: Fix breakage for PCM buffer address setup btrfs: prevent rename2 from exchanging a subvol with a directory from different parents ipack: tpci200: fix many double free issues in tpci200_pci_probe ALSA: hda - fix the 'Capture Switch' value change notifications mmc: dw_mmc: Fix hang on data CRC error net: mdio-mux: Handle -EPROBE_DEFER correctly net: mdio-mux: Don't ignore memory allocation errors net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 ptp_pch: Restore dependency on PCI net: 6pack: fix slab-out-of-bounds in decode_data bnxt: don't lock the tx queue from napi poll vhost: Fix the calculation in vhost_overflow() dccp: add do-while-0 stubs for dccp_pr_debug macros Bluetooth: hidp: use correct wait queue when removing ctrl_wait net: usb: lan78xx: don't modify phy_device state concurrently ARM: dts: nomadik: Fix up interrupt controller node names scsi: core: Avoid printing an error if target_alloc() returns -ENXIO scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218 dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() ath9k: Postpone key cache entry deletion for TXQ frames reference it ath: Modify ath_key_delete() to not need full key entry ath: Export ath_hw_keysetmac() ath9k: Clear key cache explicitly on disabling hardware ath: Use safer key clearing with key cache entries x86/fpu: Make init_fpstate correct with optimized XSAVE KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) mac80211: drop data frames without key on encrypted links vmlinux.lds.h: Handle clang's module.{c,d}tor sections PCI/MSI: Enforce MSI[X] entry updates to be visible PCI/MSI: Enforce that MSI-X table entry is masked for update PCI/MSI: Mask all unused MSI-X entries PCI/MSI: Protect msi_desc::masked for multi-MSI PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() PCI/MSI: Correct misleading comments PCI/MSI: Do not set invalid bits in MSI mask PCI/MSI: Enable and mask MSI-X early x86/resctrl: Fix default monitoring groups reporting x86/tools: Fix objdump version check again powerpc/kprobes: Fix kprobe Oops happens in booke vsock/virtio: avoid potential deadlock when vsock device remove xen/events: Fix race in set_evtchn_to_irq tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets net: bridge: fix memleak in br_add_if() net: Fix memory leak in ieee802154_raw_deliver psample: Add a fwd declaration for skbuff ppp: Fix generating ifname when empty IFLA_IFNAME is specified net: dsa: mt7530: add the missing RxUnicast MIB counter ASoC: cs42l42: Remove duplicate control for WNF filter frequency ASoC: cs42l42: Fix inversion of ADC Notch Switch control ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J ASoC: cs42l42: Correct definition of ADC Volume control ACPI: NFIT: Fix support for virtual SPA ranges i2c: dev: zero out array used for i2c reads from userspace ASoC: intel: atom: Fix reference to PCM buffer address iio: adc: Fix incorrect exit of for-loop iio: humidity: hdc100x: Add margin to the conversion time ANDROID: xt_quota2: set usersize in xt_match registration object ANDROID: xt_quota2: clear quota2_log message before sending ANDROID: xt_quota2: remove trailing junk which might have a digit in it Linux 4.14.244 net: xilinx_emaclite: Do not print real IOMEM pointer ovl: prevent private clone if bind mount is not allowed ppp: Fix generating ppp unit id when ifname is not specified USB:ehci:fix Kunpeng920 ehci hardware problem net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset alpha: Send stop IPI to send to online CPUs reiserfs: check directory items on read from disk reiserfs: add check for root_inode in reiserfs_fill_super libata: fix ata_pio_sector for CONFIG_HIGHMEM qmi_wwan: add network device usage statistics for qmimux devices perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest spi: meson-spicc: fix memory leak in meson_spicc_remove pcmcia: i82092: fix a null pointer dereference bug MIPS: Malta: Do not byte-swap accesses to the CBUS UART serial: 8250: Mask out floating 16/32-bit bus bits ext4: fix potential htree corruption when growing large_dir directories pipe: increase minimum default pipe size to 2 pages media: rtl28xxu: fix zero-length control request staging: rtl8723bs: Fix a resource leak in sd_int_dpc scripts/tracing: fix the bug that can't parse raw_trace_func usb: otg-fsm: Fix hrtimer list corruption usb: gadget: f_hid: idle uses the highest byte for duration usb: gadget: f_hid: fixed NULL pointer dereference usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 USB: serial: ch341: fix character loss at high transfer rates USB: serial: option: add Telit FD980 composition 0x1056 USB: usbtmc: Fix RCU stall warning Bluetooth: defer cleanup of resources in hci_unregister_dev() net: vxge: fix use-after-free in vxge_device_unregister net: fec: fix use-after-free in fec_drv_remove net: pegasus: fix uninit-value in get_interrupt_interval bnx2x: fix an error code in bnx2x_nic_load() mips: Fix non-POSIX regexp nfp: update ethtool reporting of pauseframe control net: natsemi: Fix missing pci_disable_device() in probe and remove media: videobuf2-core: dequeue if start_streaming fails scsi: sr: Return correct event when media event code is 3 omap5-board-common: remove not physically existing vdds_1v8_main fixed-regulator clk: stm32f4: fix post divisor setup for I2S/SAI PLLs ALSA: seq: Fix racy deletion of subscriber Revert "ACPICA: Fix memory leak caused by _CID repair function" ANDROID: staging: ion: move buffer kmap from begin/end_cpu_access() Linux 4.14.243 spi: mediatek: Fix fifo transfer Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" KVM: Use kvm_pfn_t for local PFN variable in hva_to_pfn_remapped() KVM: do not allow mapping valid but non-reference-counted pages KVM: do not assume PTE is writable after follow_pfn Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" net: Fix zero-copy head len calculation. qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() r8152: Fix potential PM refcount imbalance regulator: rt5033: Fix n_voltages settings for BUCK and LDO btrfs: mark compressed range uptodate only if all bio succeed Linux 4.14.242 Revert "perf map: Fix dso->nsinfo refcounting" can: hi311x: fix a signedness bug in hi3110_cmd() sis900: Fix missing pci_disable_device() in probe and remove tulip: windbond-840: Fix missing pci_disable_device() in probe and remove sctp: fix return value check in __sctp_rcv_asconf_lookup net/mlx5: Fix flow table chaining net: llc: fix skb_over_panic mlx4: Fix missing error code in mlx4_load_one() tipc: fix sleeping in tipc accept routine netfilter: nft_nat: allow to specify layer 4 protocol NAT only netfilter: conntrack: adjust stop timestamp to real expiry value cfg80211: Fix possible memory leak in function cfg80211_bss_update x86/asm: Ensure asm/proto.h can be included stand-alone nfc: nfcsim: fix use after free during module unload NIU: fix incorrect error return, missed in previous revert can: esd_usb2: fix memory leak can: ems_usb: fix memory leak can: usb_8dev: fix memory leak can: mcba_usb_start(): add missing urb->transfer_dma initialization can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF ocfs2: issue zeroout to EOF blocks ocfs2: fix zero out valid data x86/kvm: fix vcpu-id indexed array sizes gro: ensure frag0 meets IP header alignment virtio_net: Do not pull payload in skb->head ARM: dts: versatile: Fix up interrupt controller node names hfs: add lock nesting notation to hfs_find_init hfs: fix high memory mapping in hfs_bnode_read hfs: add missing clean-up in hfs_fill_super sctp: move 198 addresses from unusable to private scope net: annotate data race around sk_ll_usec net/802/garp: fix memleak in garp_request_join() net/802/mrp: fix memleak in mrp_request_join() workqueue: fix UAF in pwq_unbound_release_workfn() af_unix: fix garbage collect vs MSG_PEEK net: split out functions related to registering inflight socket files KVM: x86: determine if an exception has an error code only when injecting it. selftest: fix build error in tools/testing/selftests/vm/userfaultfd.c Linux 4.14.241 xhci: add xhci_get_virt_ep() helper spi: spi-fsl-dspi: Fix a resource leak in an error handling path btrfs: compression: don't try to compress if we don't have enough pages iio: accel: bma180: Fix BMA25x bandwidth register values iio: accel: bma180: Use explicit member assignment net: bcmgenet: ensure EXT_ENERGY_DET_MASK is clear drm: Return -ENOTTY for non-drm ioctls selftest: use mmap instead of posix_memalign to allocate memory ixgbe: Fix packet corruption due to missing DMA sync media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. usb: dwc2: gadget: Fix sending zero length packet in DDMA mode. USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick USB: serial: cp210x: fix comments for GE CS1000 USB: serial: option: add support for u-blox LARA-R6 family usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() usb: max-3421: Prevent corruption of freed memory USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS usb: hub: Disable USB 3 device initiated lpm if exit latency is too high KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow xhci: Fix lost USB 2 remote wake ALSA: sb: Fix potential ABBA deadlock in CSP driver s390/ftrace: fix ftrace_update_ftrace_func implementation Revert "MIPS: add PMD table accounting into MIPS'pmd_alloc_one" proc: Avoid mixing integer types in mem_rw() Revert "USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem" spi: cadence: Correct initialisation of runtime PM again scsi: target: Fix protect handling in WRITE SAME(32) scsi: iscsi: Fix iface sysfs attr detection netrom: Decrease sock refcount when sock timers expire net: decnet: Fix sleeping inside in af_decnet net: fix uninit-value in caif_seqpkt_sendmsg s390/bpf: Perform r1 range checking before accessing jit->seen_reg[r1] liquidio: Fix unintentional sign extension issue on left shift of u16 spi: mediatek: fix fifo rx mode perf probe-file: Delete namelist in del_events() on the error path perf test bpf: Free obj_buf perf lzma: Close lzma stream on exit perf probe: Fix dso->nsinfo refcounting perf map: Fix dso->nsinfo refcounting igb: Check if num of q_vectors is smaller than max before array access iavf: Fix an error handling path in 'iavf_probe()' e1000e: Fix an error handling path in 'e1000_probe()' fm10k: Fix an error handling path in 'fm10k_probe()' igb: Fix an error handling path in 'igb_probe()' ixgbe: Fix an error handling path in 'ixgbe_probe()' igb: Fix use-after-free error during reset ipv6: tcp: drop silly ICMPv6 packet too big messages tcp: annotate data races around tp->mtu_info dma-buf/sync_file: Don't leak fences on merge failure net: validate lwtstate->data before returning from skb_tunnel_info() net: send SYNACK packet with accepted fwmark net: ti: fix UAF in tlan_remove_one net: qcom/emac: fix UAF in emac_remove net: moxa: fix UAF in moxart_mac_probe net: bcmgenet: Ensure all TX/RX queues DMAs are disabled net: bridge: sync fdb to new unicast-filtering ports netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo net: ipv6: fix return value of ip6_skb_dst_mtu sched/fair: Fix CFS bandwidth hrtimer expiry type scsi: libfc: Fix array index out of bound exception scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 rtc: max77686: Do not enforce (incorrect) interrupt trigger type kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set thermal/core: Correct function name thermal_zone_device_unregister() arm64: dts: ls208xa: remove bus-num from dspi node arm64: dts: juno: Update SCPI nodes as per the YAML schema ARM: dts: stm32: fix RCC node name on stm32f429 MCU ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info ARM: dts: imx6: phyFLEX: Fix UART hardware flow control ARM: dts: BCM63xx: Fix NAND nodes names ARM: NSP: dts: fix NAND nodes names ARM: Cygnus: dts: fix NAND nodes names ARM: brcmstb: dts: fix NAND nodes names reset: ti-syscon: fix to_ti_syscon_reset_data macro arm64: dts: rockchip: Fix power-controller node names for rk3328 ARM: dts: rockchip: Fix power-controller node names for rk3288 ARM: dts: rockchip: Fix the timer clocks order arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 ARM: dts: gemini: add device_type on pci ANDROID: generate_initcall_order.pl: Use two dash long options for llvm-nm Linux 4.14.240 seq_file: disallow extremely large seq buffer allocations net: bridge: multicast: fix PIM hello router port marking race MIPS: vdso: Invalid GIC access through VDSO mips: disable branch profiling in boot/decompress.o mips: always link byteswap helpers into decompressor scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema memory: fsl_ifc: fix leak of private memory on probe failure memory: fsl_ifc: fix leak of IO mapping on probe failure reset: bail if try_module_get() fails ARM: dts: BCM5301X: Fixup SPI binding ARM: dts: r8a7779, marzen: Fix DU clock names rtc: fix snprintf() checking in is_rtc_hctosys() memory: atmel-ebi: add missing of_node_put for loop iteration ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 reset: a10sr: add missing of_match_table reference hexagon: use common DISCARDS macro NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times ALSA: isa: Fix error return code in snd_cmi8330_probe() x86/fpu: Limit xstate copy size in xstateregs_set() ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode nfs: fix acl memory leak of posix_acl_create() watchdog: aspeed: fix hardware timeout calculation um: fix error return code in winch_tramp() um: fix error return code in slip_open() power: supply: rt5033_battery: Fix device tree enumeration PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun f2fs: add MODULE_SOFTDEP to ensure crc32 is included in the initramfs virtio_console: Assure used length from device is limited virtio_net: Fix error handling in virtnet_restore() virtio-blk: Fix memory leak among suspend/resume procedure ACPI: video: Add quirk for the Dell Vostro 3350 ACPI: AMBA: Fix resource name in /proc/iomem pwm: tegra: Don't modify HW state in .remove callback power: supply: ab8500: add missing MODULE_DEVICE_TABLE power: supply: charger-manager: add missing MODULE_DEVICE_TABLE NFS: nfs_find_open_context() may only select open files ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty orangefs: fix orangefs df output. x86/fpu: Return proper error codes from user access functions watchdog: iTCO_wdt: Account for rebooting on second timeout watchdog: Fix possible use-after-free by calling del_timer_sync() watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() watchdog: Fix possible use-after-free in wdt_startup() ARM: 9087/1: kprobes: test-thumb: fix for LLVM_IAS=1 power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE power: supply: max17042: Do not enforce (incorrect) interrupt trigger type power: supply: ab8500: Avoid NULL pointers pwm: spear: Don't modify HW state in .remove callback lib/decompress_unlz4.c: correctly handle zero-padding around initrds. i2c: core: Disable client irq on reboot/shutdown intel_th: Wait until port is in reset before programming it staging: rtl8723bs: fix macro value for 2.4Ghz only device ALSA: hda: Add IRQ check for platform_get_irq() backlight: lm3630a: Fix return code of .update_status() callback powerpc/boot: Fixup device-tree on little endian usb: gadget: hid: fix error return code in hid_bind() usb: gadget: f_hid: fix endianness issue with descriptors ALSA: bebob: add support for ToneWeal FW66 ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() selftests/powerpc: Fix "no_handler" EBB selftest ALSA: ppc: fix error return code in snd_pmac_probe() gpio: zynq: Check return value of pm_runtime_get_sync powerpc/ps3: Add dma_mask to ps3_dma_region ALSA: sb: Fix potential double-free of CSP mixer elements s390/sclp_vt220: fix console name to match device mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE scsi: qedi: Fix null ref during abort handling scsi: iscsi: Fix shost->max_id use scsi: iscsi: Add iscsi_cls_conn refcount helpers fs/jfs: Fix missing error code in lmLogInit() tty: serial: 8250: serial_cs: Fix a memory leak in error handling path scsi: core: Cap scsi_host cmd_per_lun at can_queue scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs scsi: lpfc: Fix "Unexpected timeout" error in direct attach topology w1: ds2438: fixing bug that would always get page0 Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro" misc/libmasm/module: Fix two use after free in ibmasm_init_one tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero PCI: aardvark: Fix kernel panic during PIO transfer PCI: aardvark: Don't rely on jiffies while holding spinlock tracing: Do not reference char * as a string in histograms scsi: core: Fix bad pointer dereference when ehandler kthread is invalid KVM: X86: Disable hardware breakpoints unconditionally before kvm_x86->run() KVM: x86: Use guest MAXPHYADDR from CPUID.0x8000_0008 iff TDP is enabled smackfs: restrict bytes count in smk_set_cipso() jfs: fix GPF in diFree media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K media: gspca/sunplus: fix zero-length control requests media: gspca/sq905: fix control-request direction media: zr364xx: fix memory leak in zr364xx_start_readpipe media: dtv5100: fix control-request directions dm btree remove: assign new_root only when removal succeeds ipack/carriers/tpci200: Fix a double free in tpci200_pci_probe tracing: Simplify & fix saved_tgids logic seq_buf: Fix overflow in seq_buf_putmem_hex() power: supply: ab8500: Fix an old bug ipmi/watchdog: Stop watchdog timer when the current action is 'none' qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute ASoC: tegra: Set driver_name=tegra for all machine drivers cpu/hotplug: Cure the cpusets trainwreck ata: ahci_sunxi: Disable DIPM mmc: core: Allow UHS-I voltage switch for SDSC cards if supported mmc: core: clear flags before allowing to retune mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode pinctrl/amd: Add device HID for new AMD GPIO controller drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() usb: gadget: f_fs: Fix setting of device and driver data cross-references powerpc/barrier: Avoid collision with clang's __lwsync macro mac80211: fix memory corruption in EAPOL handling fuse: reject internal errno bdi: Do not use freezable workqueue fscrypt: don't ignore minor_hash when hash is 0 sctp: add size validation when walking chunks sctp: validate from_addr_param return Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc. Bluetooth: Shutdown controller after workqueues are flushed or cancelled Bluetooth: Fix the HCI to MGMT status conversion table RDMA/cma: Fix rdma_resolve_route() memory leak wireless: wext-spy: Fix out-of-bounds warning sfc: error code if SRIOV cannot be disabled sfc: avoid double pci_remove of VFs iwlwifi: mvm: don't change band on bound PHY contexts RDMA/rxe: Don't overwrite errno from ib_umem_get() vsock: notify server to shutdown when client has pending signal atm: nicstar: register the interrupt handler in the right place atm: nicstar: use 'dma_free_coherent' instead of 'kfree' MIPS: add PMD table accounting into MIPS'pmd_alloc_one cw1200: add missing MODULE_DEVICE_TABLE wl1251: Fix possible buffer overflow in wl1251_cmd_scan wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP xfrm: Fix error reporting in xfrm_state_construct. selinux: use __GFP_NOWARN with GFP_NOWAIT in the AVC fjes: check return value after calling platform_get_resource() net: micrel: check return value after calling platform_get_resource() net: bcmgenet: check return value after calling platform_get_resource() virtio_net: Remove BUG() to avoid machine dead dm space maps: don't reset space map allocation cursor when committing RDMA/cxgb4: Fix missing error code in create_qp() ipv6: use prandom_u32() for ID generation clk: tegra: Ensure that PLLU configuration is applied properly clk: renesas: r8a77995: Add ZA2 clock e100: handle eeprom as little endian udf: Fix NULL pointer dereference in udf_symlink function drm/virtio: Fix double free on probe failure reiserfs: add check for invalid 1st journal block net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT atm: nicstar: Fix possible use-after-free in nicstar_cleanup() mISDN: fix possible use-after-free in HFC_cleanup() atm: iphase: fix possible use-after-free in ia_module_exit() hugetlb: clear huge pte during flush function on mips platform net: pch_gbe: Use proper accessors to BE data in pch_ptp_match() drm/amd/amdgpu/sriov disable all ip hw status by default drm/zte: Don't select DRM_KMS_FB_HELPER drm/mxsfb: Don't select DRM_KMS_FB_HELPER scsi: core: Retry I/O for Notify (Enable Spinup) Required error mmc: vub3000: fix control-request direction selftests/vm/pkeys: fix alloc_random_pkey() to make it really, really random mm/huge_memory.c: don't discard hugepage if other processes are mapping it leds: ktd2692: Fix an error handling path leds: as3645a: Fix error return code in as3645a_parse_node() configfs: fix memleak in configfs_release_bin_file extcon: max8997: Add missing modalias string extcon: sm5502: Drop invalid register write in sm5502_reg_data phy: ti: dm816x: Fix the error handling path in 'dm816x_usb_phy_probe() scsi: mpt3sas: Fix error return value in _scsih_expander_add() of: Fix truncation of memory sizes on 32-bit platforms ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK staging: gdm724x: check for overflow in gdm_lte_netif_rx() staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() s390: appldata depends on PROC_SYSCTL scsi: FlashPoint: Rename si_flags field tty: nozomi: Fix the error handling path of 'nozomi_card_init()' char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() Input: hil_kbd - fix error return code in hil_dev_connect() ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() iio: adis_buffer: do not return ints in irq handlers mwifiex: re-fix for unaligned accesses tty: nozomi: Fix a resource leak in an error handling function net: sched: fix warning in tcindex_alloc_perfect_hash writeback: fix obtain a reference to a freeing memcg css Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid Revert "ibmvnic: remove duplicate napi_schedule call in open function" i40e: Fix error handling in i40e_vsi_open net: bcmgenet: Fix attaching to PYH failed on RPi 4B vxlan: add missing rcu_read_lock() in neigh_reduce() pkt_sched: sch_qfq: fix qfq_change_class() error path net: ethernet: ezchip: fix error handling net: ethernet: ezchip: fix UAF in nps_enet_remove net: ethernet: aeroflex: fix UAF in greth_of_remove samples/bpf: Fix the error return code of xdp_redirect's main() netfilter: nft_exthdr: check for IPv6 packet before further processing netlabel: Fix memory leak in netlbl_mgmt_add_common ath10k: Fix an error code in ath10k_add_interface() brcmsmac: mac80211_if: Fix a resource leak in an error handling path wireless: carl9170: fix LEDS build errors & warnings drm: qxl: ensure surf.data is ininitialized RDMA/rxe: Fix failure during driver load ehea: fix error return code in ehea_restart_qps() drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() net: pch_gbe: Propagate error from devm_gpio_request_one() ocfs2: fix snprintf() checking ACPI: sysfs: Fix a buffer overrun problem with description_show() crypto: nx - Fix RCU warning in nx842_OF_upd_status spi: spi-sun6i: Fix chipselect/clock bug btrfs: clear log tree recovering status if starting transaction fails hwmon: (max31790) Fix fan speed reporting for fan7..12 hwmon: (max31722) Remove non-standard ACPI device IDs media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx mmc: usdhi6rol0: fix error return code in usdhi6_probe() media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() media: tc358743: Fix error return code in tc358743_probe_of() media: exynos4-is: Fix a use after free in isp_video_release pata_ep93xx: fix deferred probing crypto: ccp - Fix a resource leak in an error handling path pata_octeon_cf: avoid WARN_ON() in ata_host_activate() media: I2C: change 'RST' to "RSET" to fix multiple build errors pata_rb532_cf: fix deferred probing sata_highbank: fix deferred probing crypto: ux500 - Fix error return code in hash_hw_final() crypto: ixp4xx - dma_unmap the correct address media: s5p_cec: decrement usage count if disabled ia64: mca_drv: fix incorrect array size calculation HID: wacom: Correct base usage for capacitive ExpressKey status bits ACPI: tables: Add custom DSDT file as makefile prerequisite platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() ACPI: bus: Call kobject_put() in acpi_init() error path ACPICA: Fix memory leak caused by _CID repair function fs: dlm: fix memory leak when fenced random32: Fix implicit truncation warning in prandom_seed_state() fs: dlm: cancel work sync othercon block_dump: remove block_dump feature in mark_inode_dirty() ACPI: EC: Make more Asus laptops use ECDT _GPE lib: vsprintf: Fix handling of number field widths in vsscanf hv_utils: Fix passing zero to 'PTR_ERR' warning ACPI: processor idle: Fix up C-state latency if not ordered HID: do not use down_interruptible() when unbinding devices regulator: da9052: Ensure enough delay time for .set_voltage_time_sel btrfs: disable build on platforms having page size 256K btrfs: abort transaction if we fail to update the delayed inode btrfs: fix error handling in __btrfs_update_delayed_inode media: siano: fix device register error path media: dvb_net: avoid speculation from net slot crypto: shash - avoid comparing pointers to exported functions under CFI mmc: via-sdmmc: add a check against NULL pointer dereference media: dvd_usb: memory leak in cinergyt2_fe_attach media: st-hva: Fix potential NULL pointer dereferences media: bt8xx: Fix a missing check bug in bt878_probe media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release media: em28xx: Fix possible memory leak of em28xx struct crypto: qat - remove unused macro in FW loader crypto: qat - check return code of qat_hal_rd_rel_reg() media: pvrusb2: fix warning in pvr2_i2c_core_done media: cobalt: fix race condition in setting HPD media: cpia2: fix memory leak in cpia2_usb_probe crypto: nx - add missing MODULE_DEVICE_TABLE spi: omap-100k: Fix the length judgment problem spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' spi: Make of_register_spi_device also set the fwnode fuse: check connected before queueing on fpq->io seq_buf: Make trace_seq_putmem_hex() support data longer than 8 rsi: Assign beacon rate settings to the correct rate_info descriptor field ssb: sdio: Don't overwrite const buffer if block_write fails ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() serial_cs: remove wrong GLOBETROTTER.cis entry serial_cs: Add Option International GSM-Ready 56K/ISDN modem serial: sh-sci: Stop dmaengine transfer in sci_stop_tx() iio: ltr501: ltr501_read_ps(): add missing endianness conversion iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path s390/cio: dont call css_wait_for_slow_path() inside a lock SUNRPC: Should wake up the privileged task firstly. SUNRPC: Fix the batch tasks count wraparound. can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path can: gw: synchronize rcu operations before removing gw job entry can: bcm: delay release of struct bcm_op after synchronize_rcu() ext4: use ext4_grp_locked_error in mb_find_extent ext4: fix avefreec in find_group_orlov ext4: remove check for zero nr_to_scan in ext4_es_scan() ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit ext4: fix kernel infoleak via ext4_extent_header ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle btrfs: clear defrag status of a root if starting transaction fails btrfs: send: fix invalid path for unlink operations after parent orphanization ARM: dts: at91: sama5d4: fix pinctrl muxing Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl iov_iter_fault_in_readable() should do nothing in xarray case ntfs: fix validity check for file name attribute USB: cdc-acm: blacklist Heimann USB Appset device usb: gadget: eem: fix echo command packet response issue net: can: ems_usb: fix use-after-free in ems_usb_disconnect() Input: usbtouchscreen - fix control-request directions media: dvb-usb: fix wrong definition ALSA: usb-audio: fix rate on Ozone Z90 USB headset Linux 4.14.239 xen/events: reset active flag for lateeoi events later kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() kthread_worker: split code for canceling the delayed work timer kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit drm/nouveau: fix dma_address check for CPU/GPU sync scsi: sr: Return appropriate error code when disk is ejected mm, futex: fix shared futex pgoff on shmem huge page mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes mm: page_vma_mapped_walk(): get vma_address_end() earlier mm: page_vma_mapped_walk(): use goto instead of while (1) mm: page_vma_mapped_walk(): add a level of indentation mm: page_vma_mapped_walk(): crossing page table boundary mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd mm: page_vma_mapped_walk(): settle PageHuge on entry mm: page_vma_mapped_walk(): use page for pvmw->page mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split mm/thp: fix page_address_in_vma() on file THP tails mm/thp: fix vma_address() if virtual address below file offset mm/thp: try_to_unmap() use TTU_SYNC for safe splitting mm/rmap: use page_not_mapped in try_to_unmap() mm/rmap: remove unneeded semicolon in page_not_mapped() mm: add VM_WARN_ON_ONCE_PAGE() macro include/linux/mmdebug.h: make VM_WARN* non-rvals Linux 4.14.238 i2c: robotfuzz-osif: fix control-request directions nilfs2: fix memory leak in nilfs_sysfs_delete_device_group pinctrl: stm32: fix the reported number of GPIO lines per bank net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY net: qed: Fix memcpy() overflow of qed_dcbx_params() r8169: Avoid memcpy() over-reading of ETH_SS_STATS sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS r8152: Avoid memcpy() over-reading of ETH_SS_STATS net/packet: annotate accesses to po->ifindex net/packet: annotate accesses to po->bind net: caif: fix memory leak in ldisc_open inet: annotate date races around sk->sk_txhash ping: Check return value of function 'ping_queue_rcv_skb' mac80211: drop multicast fragments cfg80211: call cfg80211_leave_ocb when switching away from OCB mac80211: remove warning in ieee80211_get_sband() Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" arm64: perf: Disable PMU while processing counter overflows MIPS: generic: Update node names to avoid unit addresses Makefile: Move -Wno-unused-but-set-variable out of GCC only block ARM: 9081/1: fix gcc-10 thumb2-kernel regression drm/radeon: wait for moving fence after pinning drm/nouveau: wait for moving fence after pinning v2 x86/fpu: Reset state for all signal restore failures unfuck sysfs_mount() kernfs: deal with kernfs_fill_super() failures usb: dwc3: core: fix kernel panic when do reboot inet: use bigger hash table for IP ID generation can: bcm/raw/isotp: use per module netdevice notifier net: fec_ptp: add clock rate zero check mm/slub.c: include swab.h net: bridge: fix vlan tunnel dst refcnt when egressing net: bridge: fix vlan tunnel dst null pointer dereference dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc ARCv2: save ABI registers across signal handling PCI: Work around Huawei Intelligent NIC VF FLR erratum PCI: Add ACS quirk for Broadcom BCM57414 NIC PCI: Mark some NVIDIA GPUs to avoid bus reset PCI: Mark TI C667X to avoid bus reset tracing: Do no increment trace_clock_global() by one tracing: Do not stop recording comms if the trace file is being read tracing: Do not stop recording cmdlines when tracing is off usb: core: hub: Disable autosuspend for Cypress CY7C65632 can: mcba_usb: fix memory leak in mcba_usb can: bcm: fix infoleak in struct bcm_msg_head hwmon: (scpi-hwmon) shows the negative temperature properly radeon: use memcpy_to/fromio for UVD fw upload net: ethernet: fix potential use-after-free in ec_bhf_remove icmp: don't send out ICMP messages with a source address of 0.0.0.0 net: cdc_eem: fix tx fixup skb leak net: hamradio: fix memory leak in mkiss_close be2net: Fix an error handling path in 'be_probe()' net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock net: ipv4: fix memory leak in ip_mc_add1_src net: usb: fix possible use-after-free in smsc75xx_bind net: cdc_ncm: switch to eth%d interface naming netxen_nic: Fix an error handling path in 'netxen_nic_probe()' qlcnic: Fix an error handling path in 'qlcnic_probe()' net: stmmac: dwmac1000: Fix extended MAC address registers definition alx: Fix an error handling path in 'alx_probe()' netfilter: synproxy: Fix out of bounds when parsing TCP options rtnetlink: Fix regression in bridge VLAN configuration udp: fix race between close() and udp_abort() net: rds: fix memory leak in rds_recvmsg net: ipv4: fix memory leak in netlbl_cipsov4_add_std batman-adv: Avoid WARN_ON timing related checks mm/memory-failure: make sure wait for page writeback in memory_failure dmaengine: stedma40: add missing iounmap() on error in d40_probe() dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM fib: Return the correct errno code net: Return the correct errno code net/x25: Return the correct errno code rtnetlink: Fix missing error code in rtnl_bridge_notify() net: ipconfig: Don't override command-line hostnames or domains nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() ethernet: myri10ge: Fix missing error code in myri10ge_probe() scsi: target: core: Fix warning on realtime kernels gfs2: Fix use-after-free in gfs2_glock_shrink_scan HID: gt683r: add missing MODULE_DEVICE_TABLE ARM: OMAP2+: Fix build warning when mmc_omap is not built HID: usbhid: fix info leak in hid_submit_ctrl HID: Add BUS_VIRTUAL to hid_connect logging HID: hid-sensor-hub: Return error for hid_set_field() failure net: ieee802154: fix null deref in parse dev addr FROMGIT: bpf: Do not change gso_size during bpf_skb_change_proto() ANDROID: selinux: modify RTM_GETNEIGH{TBL} Linux 4.14.237 proc: only require mm_struct for writing tracing: Correct the length check which causes memory corruption ftrace: Do not blindly read the ip address in ftrace_bug() scsi: core: Only put parent device if host state differs from SHOST_CREATED scsi: core: Put .shost_dev in failure path if host state changes to RUNNING scsi: core: Fix error handling of scsi_host_alloc() NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. NFS: Fix use-after-free in nfs4_init_client() kvm: fix previous commit for 32-bit builds perf session: Correct buffer copying when peeking events NFS: Fix a potential NULL dereference in nfs_get_client() perf: Fix data race between pin_count increment/decrement regulator: max77620: Use device_set_of_node_from_dev() regulator: core: resolve supply for boot-on/always-on regulators usb: fix various gadget panics on 10gbps cabling usb: fix various gadgets null ptr deref on 10gbps cabling. usb: gadget: eem: fix wrong eem header operation USB: serial: quatech2: fix control-request directions USB: serial: omninet: add device id for Zyxel Omni 56K Plus USB: serial: ftdi_sio: add NovaTech OrionMX product ID usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path usb: dwc3: ep0: fix NULL pointer exception USB: f_ncm: ncm_bitrate (speed) is unsigned cgroup1: don't allow '\n' in renaming btrfs: return value from btrfs_mark_extent_written() in case of error staging: rtl8723bs: Fix uninitialized variables kvm: avoid speculation-based attacks from out-of-range memslot accesses drm: Lock pointer access in drm_master_release() drm: Fix use-after-free read in drm_getunique() i2c: mpc: implement erratum A-004447 workaround i2c: mpc: Make use of i2c_recover_bus() powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers bnx2x: Fix missing error code in bnx2x_iov_init_one() MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER net: appletalk: cops: Fix data race in cops_probe1 net: macb: ensure the device is available before accessing GEMGXL control registers scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal scsi: vmw_pvscsi: Set correct residual data length net/qla3xxx: fix schedule while atomic in ql_sem_spinlock wq: handle VM suspension in stall detection cgroup: disable controllers at parse time net: mdiobus: get rid of a BUG_ON() netlink: disable IRQs for netlink_lock_table() bonding: init notify_work earlier to avoid uninitialized use isdn: mISDN: netjet: Fix crash in nj_probe: ASoC: sti-sas: add missing MODULE_DEVICE_TABLE net/nfc/rawsock.c: fix a permission check bug proc: Track /proc/$pid/attr/ opener mm_struct Linux 4.14.236 xen-pciback: redo VF placement in the virtual topology sched/fair: Optimize select_idle_cpu KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode bnxt_en: Remove the setting of dev_port. bpf: No need to simulate speculative domain for immediates bpf: Fix mask direction swap upon off reg sign change bpf: Wrap aux data inside bpf_sanitize_info container bpf: Fix leakage of uninitialized bpf stack under speculation selftests/bpf: make 'dubious pointer arithmetic' test useful selftests/bpf: fix test_align bpf/verifier: disallow pointer subtraction bpf: do not allow root to mangle valid pointers bpf: Update selftests to reflect new error states bpf: Tighten speculative pointer arithmetic mask bpf: Move sanitize_val_alu out of op switch bpf: Refactor and streamline bounds check into helper bpf: Improve verifier error messages for users bpf: Rework ptr_limit into alu_limit and add common error path bpf: Ensure off_reg has no mixed signed bounds for all types bpf: Move off_reg into sanitize_ptr_alu bpf, selftests: Fix up some test_verifier cases for unprivileged mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY btrfs: fixup error handling in fixup_inode_link_counts btrfs: fix error handling in btrfs_del_csums nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect ocfs2: fix data corruption by fallocate pid: take a reference when initializing `cad_pid` ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed ALSA: timer: Fix master timer notification net: caif: fix memory leak in cfusbl_device_notify net: caif: fix memory leak in caif_device_notify net: caif: add proper error handling net: caif: added cfserl_release function Bluetooth: use correct lock to prevent UAF of hdev object Bluetooth: fix the erroneous flush_work() order ieee802154: fix error return code in ieee802154_llsec_getparams() ieee802154: fix error return code in ieee802154_add_iface() netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches HID: i2c-hid: fix format string mismatch HID: pidff: fix error return code in hid_pidff_init() ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service vfio/platform: fix module_put call in error flow vfio/pci: zap_vma_ptes() needs MMU vfio/pci: Fix error return code in vfio_ecap_init() efi: cper: fix snprintf() use in cper_dimm_err_location() efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared net: usb: cdc_ncm: don't spew notifications Linux 4.14.235 usb: core: reduce power-on-good delay time of root hub drivers/net/ethernet: clean up unused assignments hugetlbfs: hugetlb_fault_mutex_hash() cleanup MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c MIPS: alchemy: xxs1500: add gpio-au1000.h header file sch_dsmark: fix a NULL deref in qdisc_reset() ipv6: record frag_max_size in atomic fragments in input path scsi: libsas: Use _safe() loop in sas_resume_port() ixgbe: fix large MTU request from VF bpf: Set mac_len in bpf_skb_change_head ASoC: cs35l33: fix an error code in probe() staging: emxx_udc: fix loop in _nbu2ss_nuke() mld: fix panic in mld_newpack() net: bnx2: Fix error return code in bnx2_init_board() net: mdio: octeon: Fix some double free issues net: mdio: thunder: Fix a double free issue in the .remove function net: netcp: Fix an error message drm/amdgpu: Fix a use-after-free SMB3: incorrect file id in requests compounded with open platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI platform/x86: hp-wireless: add AMD's hardware id to the supported list btrfs: do not BUG_ON in link_to_fixup_dir openrisc: Define memory barrier mb scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic media: gspca: properly check for errors in po1030_probe() media: dvb: Add check on sp8870_readreg return libertas: register sysfs groups properly dmaengine: qcom_hidma: comment platform_driver_register call isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io char: hpet: add checks after calling ioremap net: caif: remove BUG_ON(dev == NULL) in caif_xmit net: fujitsu: fix potential null-ptr-deref serial: max310x: unregister uart driver in case of failure and abort platform/x86: hp_accel: Avoid invoking _INI to speed up resume perf jevents: Fix getting maximum number of fds i2c: i801: Don't generate an interrupt on bus reset i2c: s3c2410: fix possible NULL pointer deref on read message after write tipc: skb_linearize the head skb when reassembling msgs Revert "net:tipc: Fix a double free in tipc_sk_mcast_rcv" net/mlx4: Fix EEPROM dump support drm/meson: fix shutdown crash when component not probed NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() NFS: fix an incorrect limit in filelayout_decode_layout() Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails net: usb: fix memory leak in smsc75xx_bind usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() USB: serial: pl2303: add device id for ADLINK ND-6530 GC USB: serial: ftdi_sio: add IDs for IDS GmbH Products USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 USB: serial: ti_usb_3410_5052: add startech.com device id serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' serial: sh-sci: Fix off-by-one error in FIFO threshold register setting USB: trancevibrator: fix control-request direction iio: adc: ad7793: Add missing error code in ad7793_setup() staging: iio: cdc: ad7746: avoid overwrite of num_channels mei: request autosuspend after sending rx flow control thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue misc/uss720: fix memory leak in uss720_probe kgdb: fix gcc-11 warnings harder dm snapshot: properly fix a crash when an origin has no snapshots ath10k: Validate first subframe of A-MSDU before processing the list mac80211: extend protection against mixed key and fragment cache attacks mac80211: do not accept/forward invalid EAPOL frames mac80211: prevent attacks on TKIP/WEP as well mac80211: check defrag PN against current frame mac80211: add fragment cache to sta_info mac80211: drop A-MSDUs on old ciphers cfg80211: mitigate A-MSDU aggregation attacks mac80211: properly handle A-MSDUs that start with an RFC 1042 header mac80211: prevent mixed key and fragment cache attacks mac80211: assure all fragments are encrypted net: hso: fix control-request directions proc: Check /proc/$pid/attr/ writes against file opener perf intel-pt: Fix transaction abort handling perf intel-pt: Fix sample instruction bytes iommu/vt-d: Fix sysfs leak in alloc_iommu() NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() NFC: nci: fix memory leak in nci_allocate_device netfilter: x_tables: Use correct memory barriers. usb: dwc3: gadget: Enable suspend events scripts: switch explicitly to Python 3 tweewide: Fix most Shebang lines mm, vmstat: drop zone->lock in /proc/pagetypeinfo Linux 4.14.234 Bluetooth: SMP: Fail if remote and local public keys are identical video: hgafb: correctly handle card detect failure during probe tty: vt: always invoke vc->vc_sw->con_resize callback vt: Fix character height handling with VT_RESIZEX vgacon: Record video mode changes with VT_RESIZEX video: hgafb: fix potential NULL pointer dereference qlcnic: Add null check after calling netdev_alloc_skb leds: lp5523: check return value of lp5xx_read and jump to cleanup code net: rtlwifi: properly check for alloc_workqueue() failure net: stmicro: handle clk_prepare() failure during init ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() Revert "niu: fix missing checks of niu_pci_eeprom_read" Revert "qlcnic: Avoid potential NULL pointer dereference" Revert "rtlwifi: fix a potential NULL pointer dereference" Revert "media: rcar_drif: fix a memory disclosure" cdrom: gdrom: initialize global variable at init time cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom Revert "gdrom: fix a memory leak bug" Revert "ecryptfs: replace BUG_ON with error handling code" Revert "video: imsttfb: fix potential NULL pointer dereferences" Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe" Revert "leds: lp5523: fix a missing check of return value of lp55xx_read" Revert "net: stmicro: fix a missing check of clk_prepare" Revert "video: hgafb: fix potential NULL pointer dereference" dm snapshot: fix crash with transient storage and zero chunk size xen-pciback: reconfigure also from backend watch handler rapidio: handle create_workqueue() failure Revert "rapidio: fix a NULL pointer dereference when create_workqueue() fails" ALSA: hda/realtek: reset eapd coeff to default value for alc287 Revert "ALSA: sb8: add a check for request_region" ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro ALSA: usb-audio: Validate MS endpoint descriptors ALSA: line6: Fix racy initialization of LINE6 MIDI cifs: fix memory leak in smb2_copychunk_range ptrace: make ptrace() fail if the tracee changed its pid unexpectedly scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() RDMA/rxe: Clear all QP fields if creation failed openrisc: Fix a memory leak Linux 4.14.233 ipv6: remove extra dev_hold() for fallback tunnels xhci: Do not use GFP_KERNEL in (potentially) atomic context ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods sit: proper dev_{hold|put} in ndo_[un]init methods serial: 8250: fix potential deadlock in rs485-mode lib: stackdepot: turn depot_lock spinlock to raw_spinlock block: reexpand iov_iter after read/write ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 ceph: fix fscache invalidation um: Mark all kernel symbols as local Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices ACPI / hotplug / PCI: Fix reference count leak in enable_slot() ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend() PCI: thunder: Fix compile testing isdn: capi: fix mismatched prototypes cxgb4: Fix the -Wmisleading-indentation warning usb: sl811-hcd: improve misleading indentation kgdb: fix gcc-11 warning on indentation x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes clk: exynos7: Mark aclk_fsys1_200 as critical netfilter: conntrack: Make global sysctls readonly in non-init netns kobject_uevent: remove warning in init_uevent_argv() RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint thermal/core/fair share: Lock the thermal zone while looping over instances MIPS: Avoid handcoded DIVU in `__div64_32' altogether MIPS: Avoid DIVU in `__div64_32' is result would be zero MIPS: Reinstate platform `__div64_32' handler FDDI: defxx: Make MMIO the configuration default except for EISA KVM: x86: Cancel pvclock_gtod_work on module removal iio: tsl2583: Fix division by a zero lux_val iio: gyro: mpu3050: Fix reported temperature value usb: core: hub: fix race condition about TRSMRCY of resume usb: dwc2: Fix gadget DMA unmap direction usb: xhci: Increase timeout for HC halt usb: dwc3: omap: improve extcon initialization blk-mq: Swap two calls in blk_mq_exit_queue() ACPI: scan: Fix a memory leak in an error handling path usb: fotg210-hcd: Fix an error message iio: proximity: pulsedlight: Fix rumtime PM imbalance on error drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected userfaultfd: release page in error path to avoid BUG_ON squashfs: fix divide error in calculate_skip() powerpc/64s: Fix crashes when toggling entry flush barrier powerpc/64s: Fix crashes when toggling stf barrier ARC: entry: fix off-by-one error in syscall number validation netfilter: nftables: avoid overflows in nft_hash_buckets() kernel: kexec_file: fix error return code of kexec_calculate_store_digests() net: fix nla_strcmp to handle more then one trailing null character ksm: fix potential missing rmap_item for stable_node mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts() khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate() drm/radeon: Fix off-by-one power_state index heap overwrite sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b rtc: ds1307: Fix wday settings for rx8130 NFSv4.2 fix handling of sr_eof in SEEK's reply pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() NFS: Deal correctly with attribute generation counter overflow NFSv4.2: Always flush out writes in nfs42_proc_fallocate() rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data() ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook PCI: Release OF node in pci_scan_device()'s error path f2fs: fix a redundant call to f2fs_balance_fs if an error occurs ASoC: rt286: Make RT286_SET_GPIO_* readable and writable net: ethernet: mtk_eth_soc: fix RX VLAN offload powerpc/iommu: Annotate nested lock for lockdep wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt powerpc/pseries: Stop calling printk in rtas_stop_self() samples/bpf: Fix broken tracex1 due to kprobe argument change ASoC: rt286: Generalize support for ALC3263 codec powerpc/smp: Set numa node before updating mask sctp: Fix out-of-bounds warning in sctp_process_asconf_param() kconfig: nconf: stop endless search loops selftests: Set CC to clang in lib.mk if LLVM is set cuse: prevent clone pinctrl: samsung: use 'int' for register masks in Exynos mac80211: clear the beacon's CRC after channel switch ip6_vti: proper dev_{hold|put} in ndo_[un]init methods Bluetooth: check for zapped sk before connecting Bluetooth: initialize skb_queue_head at l2cap_chan_create() Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default ALSA: rme9652: don't disable if not enabled ALSA: hdspm: don't disable if not enabled ALSA: hdsp: don't disable if not enabled net: stmmac: Set FIFO sizes for ipq806x tipc: convert dest node's address to network order fs: dlm: fix debugfs dump tpm: fix error return code in tpm2_get_cc_attrs_tbl() Revert "fdt: Properly handle "no-map" field in the memory region" Revert "of/fdt: Make sure no-map does not remove already reserved regions" sctp: delay auto_asconf init until binding the first addr Revert "net/sctp: fix race condition in sctp_destroy_sock" smp: Fix smp_call_function_single_async prototype kfifo: fix ternary sign extension bugs net:nfc:digital: Fix a double free in digital_tg_recv_dep_req net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add') ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices net: davinci_emac: Fix incorrect masking of tx and rx error channel RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails vsock/vmci: log once the failed queue pair allocation mwl8k: Fix a double Free in mwl8k_probe_hw i2c: sh7760: fix IRQ error path rtlwifi: 8821ae: upgrade PHY and RF parameters powerpc/pseries: extract host bridge from pci_bus prior to bus removal MIPS: pci-legacy: stop using of_pci_range_to_resource i2c: sh7760: add IRQ check i2c: jz4780: add IRQ check i2c: emev2: add IRQ check i2c: cadence: add IRQ check net: thunderx: Fix unintentional sign extension issue IB/hfi1: Fix error return code in parse_platform_config() mt7601u: fix always true expression mac80211: bail out if cipher schemes are invalid powerpc: iommu: fix build when neither PCI or IBMVIO is set powerpc/perf: Fix PMU constraint check for EBB events liquidio: Fix unintented sign extension of a left shift of a u16 ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls nfc: pn533: prevent potential memory corruption bug: Remove redundant condition check in report_bug ALSA: core: remove redundant spin_lock pair in snd_card_disconnect powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration powerpc/prom: Mark identical_pvr_fixup as __init net: lapbether: Prevent racing when checking whether the netif is running perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars HID: plantronics: Workaround for double volume key presses x86/events/amd/iommu: Fix sysfs type mismatch HSI: core: fix resource leaks in hsi_add_client_from_dt() mfd: stm32-timers: Avoid clearing auto reload register scsi: sni_53c710: Add IRQ check scsi: sun3x_esp: Add IRQ check scsi: jazz_esp: Add IRQ check clk: uniphier: Fix potential infinite loop vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer ata: libahci_platform: fix IRQ check sata_mv: add IRQ checks pata_ipx4xx_cf: fix IRQ check pata_arasan_cf: fix IRQ check x86/kprobes: Fix to check non boostable prefixes correctly media: m88rs6000t: avoid potential out-of-bounds reads on arrays media: omap4iss: return error code when omap4iss_get() failed media: vivid: fix assignment of dev->fbuf_out_flags ttyprintk: Add TTY hangup callback. Drivers: hv: vmbus: Increase wait time for VMbus unload x86/platform/uv: Fix !KEXEC build failure platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table firmware: qcom-scm: Fix QCOM_SCM configuration tty: fix return value for unsupported ioctls tty: actually undefine superseded ASYNC flags USB: cdc-acm: fix unprivileged TIOCCSERIAL usb: gadget: r8a66597: Add missing null check on return from platform_get_resource crypto: qat - Fix a double free in adf_create_ring ACPI: CPPC: Replace cppc_attr with kobj_attribute soc: qcom: mdt_loader: Detect truncated read of segments soc: qcom: mdt_loader: Validate that p_filesz < p_memsz spi: Fix use-after-free with devm_spi_alloc_* staging: greybus: uart: fix unprivileged TIOCCSERIAL staging: rtl8192u: Fix potential infinite loop mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() crypto: qat - fix error path in adf_isr_resource_alloc() phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally bus: qcom: Put child node before return mtd: require write permissions for locking and badblock ioctls fotg210-udc: Complete OUT requests on short packets fotg210-udc: Don't DMA more than the buffer can take fotg210-udc: Mask GRP2 interrupts we don't handle fotg210-udc: Remove a dubious condition leading to fotg210_done fotg210-udc: Fix EP0 IN requests bigger than two packets fotg210-udc: Fix DMA on EP0 for length > max packet size crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init crypto: qat - don't release uninitialized resources usb: gadget: pch_udc: Check for DMA mapping error usb: gadget: pch_udc: Check if driver is present before calling ->setup() usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() x86/microcode: Check for offline CPUs before requesting new microcode usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS serial: stm32: fix tx_empty condition serial: stm32: fix incorrect characters on console ARM: dts: exynos: correct PMIC interrupt trigger level on Snow ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] usb: gadget: pch_udc: Revert |
||
|
Carlos Llamas
|
229f47603d |
binder: fix UAF of ref->proc caused by race condition
commit a0e44c64b6061dda7e00b7c458e4523e2331b739 upstream. A transaction of type BINDER_TYPE_WEAK_HANDLE can fail to increment the reference for a node. In this case, the target proc normally releases the failed reference upon close as expected. However, if the target is dying in parallel the call will race with binder_deferred_release(), so the target could have released all of its references by now leaving the cleanup of the new failed reference unhandled. The transaction then ends and the target proc gets released making the ref->proc now a dangling pointer. Later on, ref->node is closed and we attempt to take spin_lock(&ref->proc->inner_lock), which leads to the use-after-free bug reported below. Let's fix this by cleaning up the failed reference on the spot instead of relying on the target to do so. ================================================================== BUG: KASAN: use-after-free in _raw_spin_lock+0xa8/0x150 Write of size 4 at addr ffff5ca207094238 by task kworker/1:0/590 CPU: 1 PID: 590 Comm: kworker/1:0 Not tainted 5.19.0-rc8 #10 Hardware name: linux,dummy-virt (DT) Workqueue: events binder_deferred_func Call trace: dump_backtrace.part.0+0x1d0/0x1e0 show_stack+0x18/0x70 dump_stack_lvl+0x68/0x84 print_report+0x2e4/0x61c kasan_report+0xa4/0x110 kasan_check_range+0xfc/0x1a4 __kasan_check_write+0x3c/0x50 _raw_spin_lock+0xa8/0x150 binder_deferred_func+0x5e0/0x9b0 process_one_work+0x38c/0x5f0 worker_thread+0x9c/0x694 kthread+0x188/0x190 ret_from_fork+0x10/0x20 Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org> Signed-off-by: Carlos Llamas <cmllamas@google.com> Cc: stable <stable@kernel.org> # 4.14+ Link: https://lore.kernel.org/r/20220801182511.3371447-1-cmllamas@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Carlos Llamas
|
7c57e75125 |
FROMLIST: binder: fix UAF of ref->proc caused by race condition
A transaction of type BINDER_TYPE_WEAK_HANDLE can fail to increment the reference for a node. In this case, the target proc normally releases the failed reference upon close as expected. However, if the target is dying in parallel the call will race with binder_deferred_release(), so the target could have released all of its references by now leaving the cleanup of the new failed reference unhandled. The transaction then ends and the target proc gets released making the ref->proc now a dangling pointer. Later on, ref->node is closed and we attempt to take spin_lock(&ref->proc->inner_lock), which leads to the use-after-free bug reported below. Let's fix this by cleaning up the failed reference on the spot instead of relying on the target to do so. ================================================================== BUG: KASAN: use-after-free in _raw_spin_lock+0xa8/0x150 Write of size 4 at addr ffff5ca207094238 by task kworker/1:0/590 CPU: 1 PID: 590 Comm: kworker/1:0 Not tainted 5.19.0-rc8 #10 Hardware name: linux,dummy-virt (DT) Workqueue: events binder_deferred_func Call trace: dump_backtrace.part.0+0x1d0/0x1e0 show_stack+0x18/0x70 dump_stack_lvl+0x68/0x84 print_report+0x2e4/0x61c kasan_report+0xa4/0x110 kasan_check_range+0xfc/0x1a4 __kasan_check_write+0x3c/0x50 _raw_spin_lock+0xa8/0x150 binder_deferred_func+0x5e0/0x9b0 process_one_work+0x38c/0x5f0 worker_thread+0x9c/0x694 kthread+0x188/0x190 ret_from_fork+0x10/0x20 Signed-off-by: Carlos Llamas <cmllamas@google.com> Acked-by: Christian Brauner (Microsoft) <brauner@kernel.org> Bug: 239630375 Link: https://lore.kernel.org/all/20220801182511.3371447-1-cmllamas@google.com/ Signed-off-by: Carlos Llamas <cmllamas@google.com> Change-Id: I5085dd0dc805a780a64c057e5819f82dd8f02868 (cherry picked from commit ae3fa5d16a02ba7c7b170e0e1ab56d6f0ba33964) |
||
|
Greg Kroah-Hartman
|
f3a2f786eb |
Merge 4.14.261 into android-4.14-stable
Changes in 4.14.261 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option tee: handle lookup of shm with reference count 0 platform/x86: apple-gmux: use resource_size() with res recordmcount.pl: fix typo in s390 mcount regex selinux: initialize proto variable in selinux_ip_postroute_compat() scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() net: usb: pegasus: Do not drop long Ethernet frames NFC: st21nfca: Fix memory leak in device probe and remove fsl/fman: Fix missing put_device() call in fman_port_probe nfc: uapi: use kernel size_t to fix user-space builds uapi: fix linux/nfc.h userspace compilation errors xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. binder: fix async_free_space accounting for empty parcels scsi: vmw_pvscsi: Set residual data length conditionally Input: appletouch - initialize work before device registration Input: spaceball - fix parsing of movement data packets net: fix use-after-free in tw_timer_handler sctp: use call_rcu to free endpoint Linux 4.14.261 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I778bc28ac0835029328e2b503cb8fa241981c610 |
||
|
Todd Kjos
|
2d2df539d0 |
binder: fix async_free_space accounting for empty parcels
commit cfd0d84ba28c18b531648c9d4a35ecca89ad9901 upstream. In 4.13, commit |
||
|
Greg Kroah-Hartman
|
2a09bcb0c2 |
Merge 4.14.258 into android-4.14-stable
Changes in 4.14.258 HID: add hid_is_usb() function to make it simpler for USB detection HID: add USB_HID dependancy to hid-prodikeys HID: add USB_HID dependancy to hid-chicony HID: add USB_HID dependancy on some USB HID drivers HID: wacom: fix problems when device is not a valid USB device HID: check for valid USB device for many HID drivers can: sja1000: fix use after free in ems_pcmcia_add_card() nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done bpf: Fix the off-by-two error in range markings nfp: Fix memory leak in nfp_cpp_area_cache_add() seg6: fix the iif in the IPv6 socket control block IB/hfi1: Correct guard on eager buffer deallocation mm: bdi: initialize bdi_min_ratio when bdi is unregistered ALSA: ctl: Fix copy of updated id with element read/write ALSA: pcm: oss: Fix negative period/buffer sizes ALSA: pcm: oss: Limit the period size to 16MB ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() tracefs: Have new files inherit the ownership of their parent can: pch_can: pch_can_rx_normal: fix use after free can: m_can: Disable and ignore ELO interrupt libata: add horkage for ASMedia 1092 wait: add wake_up_pollfree() binder: use wake_up_pollfree() signalfd: use wake_up_pollfree() tracefs: Set all files to the same group ownership as the mount option block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) qede: validate non LSO skb length net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero net: altera: set a couple error code in probe() net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() net, neigh: clear whole pneigh_entry at alloc time net/qla3xxx: fix an error code in ql_adapter_up() USB: gadget: detect too-big endpoint 0 requests USB: gadget: zero allocate endpoint 0 buffers usb: core: config: fix validation of wMaxPacketValue entries xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending usb: core: config: using bit mask instead of individual bits iio: trigger: Fix reference counting iio: trigger: stm32-timer: fix MODULE_ALIAS iio: stk3310: Don't return error code in interrupt handler iio: mma8452: Fix trigger reference couting iio: ltr501: Don't return error code in trigger handler iio: kxsd9: Don't return error code in trigger handler iio: itg3200: Call iio_trigger_notify_done() on error iio: dln2-adc: Fix lockdep complaint iio: dln2: Check return value of devm_iio_trigger_register() iio: adc: axp20x_adc: fix charging current reporting on AXP22x iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() irqchip/armada-370-xp: Fix support for Multi-MSI interrupts irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL irqchip: nvic: Fix offset for Interrupt Priority Offsets Linux 4.14.258 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Iecbe5bcba94e422ef4f43e57c673b15fbc8706f8 |
||
|
Eric Biggers
|
7bfd8e1fd8 |
binder: use wake_up_pollfree()
commit a880b28a71e39013e357fd3adccd1d8a31bc69a8 upstream. wake_up_poll() uses nr_exclusive=1, so it's not guaranteed to wake up all exclusive waiters. Yet, POLLFREE *must* wake up all waiters. epoll and aio poll are fortunately not affected by this, but it's very fragile. Thus, the new function wake_up_pollfree() has been introduced. Convert binder to use wake_up_pollfree(). Reported-by: Linus Torvalds <torvalds@linux-foundation.org> Fixes: f5cb779ba163 ("ANDROID: binder: remove waitqueue when thread exits.") Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20211209010455.42744-3-ebiggers@kernel.org Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Todd Kjos
|
db918af2a6 |
binder: fix test regression due to sender_euid change
commit c21a80ca0684ec2910344d72556c816cb8940c01 upstream.
This is a partial revert of commit
29bc22ac5e5b ("binder: use euid from cred instead of using task").
Setting sender_euid using proc->cred caused some Android system test
regressions that need further investigation. It is a partial
reversion because subsequent patches rely on proc->cred.
Fixes: 29bc22ac5e5b ("binder: use euid from cred instead of using task")
Cc: stable@vger.kernel.org # 4.4+
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I9b1769a3510fed250bb21859ef8beebabe034c66
Link: https://lore.kernel.org/r/20211112180720.2858135-1-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Todd Kjos
|
84b7952669 |
binder: use cred instead of task for selinux checks
commit 52f88693378a58094c538662ba652aff0253c4fe upstream.
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.
Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.
Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes:
|
||
|
Todd Kjos
|
8989da231b |
binder: use euid from cred instead of using task
commit 29bc22ac5e5bc63275e850f0c8fc549e3d0e306b upstream.
Save the 'struct cred' associated with a binder process
at initial open to avoid potential race conditions
when converting to an euid.
Set a transaction's sender_euid from the 'struct cred'
saved at binder_open() instead of looking up the euid
from the binder proc's 'struct task'. This ensures
the euid is associated with the security context that
of the task that opened binder.
Cc: stable@vger.kernel.org # 4.4+
Fixes:
|
||
|
Todd Kjos
|
29af89acb2 |
FROMGIT: binder: fix test regression due to sender_euid change
This is a partial revert of commit
29bc22ac5e5b ("binder: use euid from cred instead of using task").
Setting sender_euid using proc->cred caused some Android system test
regressions that need further investigation. It is a partial
reversion because subsequent patches rely on proc->cred.
Fixes: 29bc22ac5e5b ("binder: use euid from cred instead of using task")
Cc: stable@vger.kernel.org # 4.4+
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Change-Id: I9b1769a3510fed250bb21859ef8beebabe034c66
Link: https://lore.kernel.org/r/20211112180720.2858135-1-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bug: 200688826
(cherry picked from commit c21a80ca0684ec2910344d72556c816cb8940c01
git: //git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc.git char-misc-linus)
Signed-off-by: Todd Kjos <tkjos@google.com>
|
||
|
Todd Kjos
|
9693ca7b52 |
BACKPORT: binder: use cred instead of task for selinux checks
commit 52f88693378a58094c538662ba652aff0253c4fe upstream.
Since binder was integrated with selinux, it has passed
'struct task_struct' associated with the binder_proc
to represent the source and target of transactions.
The conversion of task to SID was then done in the hook
implementations. It turns out that there are race conditions
which can result in an incorrect security context being used.
Fix by using the 'struct cred' saved during binder_open and pass
it to the selinux subsystem.
Cc: stable@vger.kernel.org # 5.14 (need backport for earlier stables)
Fixes:
|
||
|
Todd Kjos
|
ae4a7b9165 |
UPSTREAM: binder: use euid from cred instead of using task
commit 29bc22ac5e5bc63275e850f0c8fc549e3d0e306b upstream.
Save the 'struct cred' associated with a binder process
at initial open to avoid potential race conditions
when converting to an euid.
Set a transaction's sender_euid from the 'struct cred'
saved at binder_open() instead of looking up the euid
from the binder proc's 'struct task'. This ensures
the euid is associated with the security context that
of the task that opened binder.
Cc: stable@vger.kernel.org # 4.4+
Fixes:
|
||
|
Todd Kjos
|
d4c49b6733 |
binder: fix UAF when releasing todo list
commit f3277cbfba763cd2826396521b9296de67cf1bbc upstream. When releasing a thread todo list when tearing down a binder_proc, the following race was possible which could result in a use-after-free: 1. Thread 1: enter binder_release_work from binder_thread_release 2. Thread 2: binder_update_ref_for_handle() -> binder_dec_node_ilocked() 3. Thread 2: dec nodeA --> 0 (will free node) 4. Thread 1: ACQ inner_proc_lock 5. Thread 2: block on inner_proc_lock 6. Thread 1: dequeue work (BINDER_WORK_NODE, part of nodeA) 7. Thread 1: REL inner_proc_lock 8. Thread 2: ACQ inner_proc_lock 9. Thread 2: todo list cleanup, but work was already dequeued 10. Thread 2: free node 11. Thread 2: REL inner_proc_lock 12. Thread 1: deref w->type (UAF) The problem was that for a BINDER_WORK_NODE, the binder_work element must not be accessed after releasing the inner_proc_lock while processing the todo list elements since another thread might be handling a deref on the node containing the binder_work element leading to the node being freed. Signed-off-by: Todd Kjos <tkjos@google.com> Link: https://lore.kernel.org/r/20201009232455.4054810-1-tkjos@google.com Cc: <stable@vger.kernel.org> # 4.14, 4.19, 5.4, 5.8 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Todd Kjos
|
be84da1dd8 |
UPSTREAM: binder: fix UAF when releasing todo list
When releasing a thread todo list when tearing down a binder_proc, the following race was possible which could result in a use-after-free: 1. Thread 1: enter binder_release_work from binder_thread_release 2. Thread 2: binder_update_ref_for_handle() -> binder_dec_node_ilocked() 3. Thread 2: dec nodeA --> 0 (will free node) 4. Thread 1: ACQ inner_proc_lock 5. Thread 2: block on inner_proc_lock 6. Thread 1: dequeue work (BINDER_WORK_NODE, part of nodeA) 7. Thread 1: REL inner_proc_lock 8. Thread 2: ACQ inner_proc_lock 9. Thread 2: todo list cleanup, but work was already dequeued 10. Thread 2: free node 11. Thread 2: REL inner_proc_lock 12. Thread 1: deref w->type (UAF) The problem was that for a BINDER_WORK_NODE, the binder_work element must not be accessed after releasing the inner_proc_lock while processing the todo list elements since another thread might be handling a deref on the node containing the binder_work element leading to the node being freed. Signed-off-by: Todd Kjos <tkjos@google.com> Link: https://lore.kernel.org/r/20201009232455.4054810-1-tkjos@google.com Cc: <stable@vger.kernel.org> # 4.14, 4.19, 5.4, 5.8 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> (cherry picked from commit f3277cbfba763cd2826396521b9296de67cf1bbc) Change-Id: I7c1bf0b74824f272664e76206c5dc3b66b9eeaff Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Anurag Chouhan
|
91aa47009a |
binder: binder: fix possible UAF when freeing buffer
There is a race between the binder driver cleaning up a completed transaction via binder_free_transaction() and a user calling binder_ioctl(BC_FREE_BUFFER) to release a buffer. It doesn't matter which is first but they need to be protected against running concurrently which can result in a UAF. Bug: 133758011 Change-Id: Ie1426ff3d00218d050d61ff77b333ddf8818b7c9 Signed-off-by: Todd Kjos <tkjos@google.com> Git-commit: 0e1b964ab45ea74a54c988228c777d3b701c265f Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Rahul Shahare <rshaha@codeaurora.org> Signed-off-by: Naitik Bharadiya <bharad@codeaurora.org> Signed-off-by: Anurag Chouhan <achouhan@codeaurora.org> |
||
|
Srinivasarao P
|
0190a01fb1 |
Merge android-4.14-stable.190 (d2d05bc) into msm-4.14
* refs/heads/tmp-d2d05bc:
Linux 4.14.190
ath9k: Fix regression with Atheros 9271
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
io-mapping: indicate mapping failure
mm/memcg: fix refcount error while moving and swapping
Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
vt: Reject zero-sized screen buffer size.
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
serial: 8250_mtk: Fix high-speed baud rates clamping
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: wlan-ng: properly check endpoint types
Revert "cifs: Fix the target file was deleted when rename failed."
usb: xhci: Fix ASM2142/ASM3142 DMA addressing
usb: xhci-mtk: fix the failure of bandwidth allocation
binder: Don't use mmput() from shrinker function.
x86: math-emu: Fix up 'cmp' insn for clang ias
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
dmaengine: ioat setting ioat timeout as module parameter
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
regmap: dev_get_regmap_match(): fix string comparison
spi: mediatek: use correct SPI_CFG2_REG MACRO
Input: add `SW_MACHINE_COVER`
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
HID: apple: Disable Fn-key key-re-mapping on clone keyboards
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
scripts/decode_stacktrace: strip basepath from all paths
serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
bonding: check return value of register_netdevice() in bond_newlink()
i2c: rcar: always clear ICSAR to avoid side effects
ipvs: fix the connection sync failed in some cases
mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
bonding: check error value of register_netdevice() immediately
net: smc91x: Fix possible memory leak in smc_drv_probe()
drm: sun4i: hdmi: Fix inverted HPD result
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
ax88172a: fix ax88172a_unbind() failures
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
bnxt_en: Fix race when modifying pause settings.
btrfs: fix page leaks after failure to lock page for delalloc
btrfs: fix mount failure caused by race with umount
btrfs: fix double free on ulist after backref resolution failure
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
IB/umem: fix reference count leak in ib_umem_odp_get()
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
irqdomain/treewide: Keep firmware node unconditionally allocated
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
net: sky2: initialize return of gm_phy_read
drivers/net/wan/lapbether: Fixed the value of hard_header_len
xtensa: update *pos in cpuinfo_op.next
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
scsi: scsi_transport_spi: Fix function pointer check
mac80211: allow rx of mesh eapol frames with default rx key
pinctrl: amd: fix npins for uart0 in kerncz_groups
gpio: arizona: put pm_runtime in case of failure
gpio: arizona: handle pm_runtime_get_sync failure case
ANDROID: Incremental fs: magic number compatible 32-bit
ANDROID: kbuild: don't merge .*..compoundliteral in modules
Revert "arm64/alternatives: use subsections for replacement sequences"
Linux 4.14.189
rxrpc: Fix trace string
libceph: don't omit recovery_deletes in target_copy()
x86/cpu: Move x86_cache_bits settings
sched/fair: handle case of task_h_load() returning 0
arm64: ptrace: Override SPSR.SS when single-stepping is enabled
thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
misc: atmel-ssc: lock with mutex instead of spinlock
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
intel_th: pci: Add Emmitsburg PCH support
intel_th: pci: Add Tiger Lake PCH-H support
intel_th: pci: Add Jasper Lake CPU support
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
timer: Fix wheel index calculation on last level
uio_pdrv_genirq: fix use without device tree and no interrupt
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
mei: bus: don't clean driver pointer
Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
USB: serial: option: add Quectel EG95 LTE modem
USB: serial: option: add GosunCn GM500 series
USB: serial: ch341: add new Product ID for CH340
USB: serial: cypress_m8: enable Simply Automated UPB PIM
USB: serial: iuu_phoenix: fix memory corruption
usb: gadget: function: fix missing spinlock in f_uac1_legacy
usb: chipidea: core: add wakeup support for extcon
usb: dwc2: Fix shutdown callback in platform
USB: c67x00: fix use after free in c67x00_giveback_urb
ALSA: usb-audio: Fix race against the error recovery URB submission
ALSA: line6: Perform sanity check for each URB creation
HID: magicmouse: do not set up autorepeat
mtd: rawnand: oxnas: Release all devices in the _remove() path
mtd: rawnand: oxnas: Unregister all devices on error
mtd: rawnand: oxnas: Keep track of registered devices
mtd: rawnand: brcmnand: fix CS0 layout
perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
copy_xstate_to_kernel: Fix typo which caused GDB regression
ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
Revert "thermal: mediatek: fix register index error"
staging: comedi: verify array index is correct before using it
usb: gadget: udc: atmel: fix uninitialized read in debug printk
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
arm64: dts: meson: add missing gxl rng clock
phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
iio:health:afe4404 Fix timestamp alignment and prevent data leak.
ACPI: video: Use native backlight on Acer TravelMate 5735Z
ACPI: video: Use native backlight on Acer Aspire 5783z
mmc: sdhci: do not enable card detect interrupt for gpio cd type
doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode
Revert "usb/xhci-plat: Set PM runtime as active on resume"
Revert "usb/ehci-platform: Set PM runtime as active on resume"
Revert "usb/ohci-platform: Fix a warning when hibernating"
of: of_mdio: Correct loop scanning logic
net: dsa: bcm_sf2: Fix node reference count
spi: fix initial SPI_SR value in spi-fsl-dspi
spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
iio:health:afe4403 Fix timestamp alignment and prevent data leak.
iio:pressure:ms5611 Fix buffer element alignment
iio: pressure: zpa2326: handle pm_runtime_get_sync failure
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
iio: magnetometer: ak8974: Fix runtime PM imbalance on error
iio:humidity:hdc100x Fix alignment and data leak issues
iio:magnetometer:ak8974: Fix alignment and data leak issues
arm64/alternatives: don't patch up internal branches
arm64: alternative: Use true and false for boolean values
i2c: eg20t: Load module automatically if ID matches
gfs2: read-only mounts should grab the sd_freeze_gl glock
tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
arm64/alternatives: use subsections for replacement sequences
drm/exynos: fix ref count leak in mic_pre_enable
cgroup: Fix sock_cgroup_data on big-endian.
cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
tcp: md5: do not send silly options in SYNCOOKIES
tcp: make sure listeners don't initialize congestion-control state
net_sched: fix a memory leak in atm_tc_init()
tcp: md5: allow changing MD5 keys in all socket states
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
llc: make sure applications use ARPHRD_ETHER
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
genetlink: remove genl_bind
s390/mm: fix huge pte soft dirty copying
ARC: elf: use right ELF_ARCH
ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
dm: use noio when sending kobject event
drm/radeon: fix double free
btrfs: fix fatal extent_buffer readahead vs releasepage race
Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
KVM: x86: Mark CR4.TSD as being possibly owned by the guest
KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
KVM: x86: bit 8 of non-leaf PDPEs is not reserved
KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART
KVM: arm64: Fix definition of PAGE_HYP_DEVICE
ALSA: usb-audio: add quirk for MacroSilicon MS2109
ALSA: hda - let hs_mic be picked ahead of hp_mic
ALSA: opl3: fix infoleak in opl3
mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
net: macb: mark device wake capable when "magic-packet" property present
bnxt_en: fix NULL dereference in case SR-IOV configuration fails
nbd: Fix memory leak in nbd_add_socket
arm64: kgdb: Fix single-step exception handling oops
ALSA: compress: fix partial_drain completion state
smsc95xx: avoid memory leak in smsc95xx_bind
smsc95xx: check return value of smsc95xx_reset
net: cxgb4: fix return error value in t4_prep_fw
x86/entry: Increase entry_stack size to a full page
nvme-rdma: assign completion vector correctly
scsi: mptscsih: Fix read sense data size
ARM: imx6: add missing put_device() call in imx6q_suspend_init()
cifs: update ctime and mtime during truncate
s390/kasan: fix early pgm check handler execution
ixgbe: protect ring accesses with READ- and WRITE_ONCE
spi: spidev: fix a potential use-after-free in spidev_release()
spi: spidev: fix a race between spidev_release and spidev_remove
gpu: host1x: Detach driver on unregister
ARM: dts: omap4-droid4: Fix spi configuration and increase rate
spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ
spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer
spi: spi-fsl-dspi: Adding shutdown hook
KVM: s390: reduce number of IO pins to 1
UPSTREAM: perf/core: Fix crash when using HW tracing kernel filters
ANDROID: fscrypt: fix DUN contiguity with inline encryption + IV_INO_LBLK_32 policies
ANDROID: f2fs: add back compress inode check
Linux 4.14.188
efi: Make it possible to disable efivar_ssdt entirely
dm zoned: assign max_io_len correctly
irqchip/gic: Atomically update affinity
MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
cifs: Fix the target file was deleted when rename failed.
SMB3: Honor persistent/resilient handle flags for multiuser mounts
SMB3: Honor 'seal' flag for multiuser mounts
Revert "ALSA: usb-audio: Improve frames size computation"
nfsd: apply umask on fs without ACL support
i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
virtio-blk: free vblk-vqs in error path of virtblk_probe()
drm: sun4i: hdmi: Remove extra HPD polling
hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add()
hwmon: (max6697) Make sure the OVERT mask is set correctly
cxgb4: parse TC-U32 key values and masks natively
cxgb4: use unaligned conversion for fetching timestamp
crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
kgdb: Avoid suspicious RCU usage warning
usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
mm/slub: fix stack overruns with SLUB_STATS
mm/slub.c: fix corrupted freechain in deactivate_slab()
usbnet: smsc95xx: Fix use-after-free after removal
EDAC/amd64: Read back the scrub rate PCI register on F15h
mm: fix swap cache node allocation mask
btrfs: fix data block group relocation failure due to concurrent scrub
btrfs: cow_file_range() num_bytes and disk_num_bytes are same
btrfs: fix a block group ref counter leak after failure to remove block group
UPSTREAM: binder: fix null deref of proc->context
ANDROID: GKI: scripts: Makefile: update the lz4 command (#2)
Linux 4.14.187
Revert "tty: hvc: Fix data abort due to race in hvc_open"
xfs: add agf freeblocks verify in xfs_agf_verify
NFSv4 fix CLOSE not waiting for direct IO compeletion
pNFS/flexfiles: Fix list corruption if the mirror count changes
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
sunrpc: fixed rollback in rpc_gssd_dummy_populate()
Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
drm/radeon: fix fb_div check in ni_init_smc_spll_table()
tracing: Fix event trigger to accept redundant spaces
arm64: perf: Report the PC value in REGS_ABI_32 mode
ocfs2: fix panic on nfs server over ocfs2
ocfs2: fix value of OCFS2_INVALID_SLOT
ocfs2: load global_inode_alloc
mm/slab: use memzero_explicit() in kzfree()
btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
KVM: nVMX: Plumb L2 GPA through to PML emulation
KVM: X86: Fix MSR range of APIC registers in X2APIC mode
ACPI: sysfs: Fix pm_profile_attr type
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
blktrace: break out of blktrace setup on concurrent calls
kbuild: improve cc-option to clean up all temporary files
s390/ptrace: fix setting syscall number
net: alx: fix race condition in alx_remove
ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function
sched/core: Fix PI boosting between RT and DEADLINE tasks
net: bcmgenet: use hardware padding of runt frames
netfilter: ipset: fix unaligned atomic access
usb: gadget: udc: Potential Oops in error handling code
ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
net: qed: fix excessive QM ILT lines consumption
net: qed: fix NVMe login fails over VFs
net: qed: fix left elements count calculation
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
ASoC: rockchip: Fix a reference count leak.
RDMA/cma: Protect bind_list and listen_list while finding matching cm id
rxrpc: Fix handling of rwind from an ACK packet
ARM: dts: NSP: Correct FA2 mailbox node
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
cifs/smb3: Fix data inconsistent when zero file range
cifs/smb3: Fix data inconsistent when punch hole
xhci: Poll for U0 after disabling USB2 LPM
ALSA: usb-audio: Fix OOB access of mixer element list
ALSA: usb-audio: Clean up mixer element list traverse
ALSA: usb-audio: uac1: Invalidate ctl on interrupt
loop: replace kill_bdev with invalidate_bdev
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
xhci: Fix enumeration issue when setting max packet size for FS devices.
xhci: Fix incorrect EP_STATE_MASK
ALSA: usb-audio: add quirk for Denon DCD-1500RE
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
usb: host: xhci-mtk: avoid runtime suspend when removing hcd
USB: ehci: reopen solution for Synopsys HC bug
usb: add USB_QUIRK_DELAY_INIT for Logitech C922
usb: dwc2: Postponed gadget registration to the udc class driver
USB: ohci-sm501: Add missed iounmap() in remove
net: core: reduce recursion limit value
net: Do not clear the sock TX queue in sk_set_socket()
net: Fix the arp error in some cases
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
ip_tunnel: fix use-after-free in ip_tunnel_lookup()
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
tcp: grow window for OOO packets only for SACK flows
sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
rxrpc: Fix notification call on completion of discarded calls
rocker: fix incorrect error handling in dma_rings_init
net: usb: ax88179_178a: fix packet alignment padding
net: fix memleak in register_netdevice()
net: bridge: enfore alignment for ethernet address
mld: fix memory leak in ipv6_mc_destroy_dev()
ibmveth: Fix max MTU limit
apparmor: don't try to replace stale label in ptraceme check
fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()"
net: sched: export __netdev_watchdog_up()
block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
net: be more gentle about silly gso requests coming from user
scsi: scsi_devinfo: handle non-terminated strings
ANDROID: Makefile: append BUILD_NUMBER to version string when defined
Linux 4.14.186
KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
kvm: x86: Fix reserved bits related calculation errors caused by MKTME
kvm: x86: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c
md: add feature flag MD_FEATURE_RAID0_LAYOUT
net: core: device_rename: Use rwsem instead of a seqcount
sched/rt, net: Use CONFIG_PREEMPTION.patch
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
e1000e: Do not wake up the system via WOL if device wakeup is disabled
kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
crypto: algboss - don't wait during notifier callback
crypto: algif_skcipher - Cap recv SG list at ctx->used
mtd: rawnand: tmio: Fix the probe error path
mtd: rawnand: mtk: Fix the probe error path
mtd: rawnand: plat_nand: Fix the probe error path
mtd: rawnand: socrates: Fix the probe error path
mtd: rawnand: oxnas: Fix the probe error path
mtd: rawnand: oxnas: Add of_node_put()
mtd: rawnand: orion: Fix the probe error path
mtd: rawnand: xway: Fix the probe error path
mtd: rawnand: sharpsl: Fix the probe error path
mtd: rawnand: diskonchip: Fix the probe error path
mtd: rawnand: Pass a nand_chip object to nand_release()
block: nr_sects_write(): Disable preemption on seqcount write
x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
drm/dp_mst: Increase ACT retry timeout to 3s
ext4: fix partial cluster initialization when splitting extent
selinux: fix double free
drm/qxl: Use correct notify port address when creating cursor ring
drm/dp_mst: Reformat drm_dp_check_act_status() a bit
drm: encoder_slave: fix refcouting error for modules
libata: Use per port sync for detach
arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
block: Fix use-after-free in blkdev_get()
bcache: fix potential deadlock problem in btree_gc_coalesce
perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events()
usb/ehci-platform: Set PM runtime as active on resume
usb/xhci-plat: Set PM runtime as active on resume
scsi: acornscsi: Fix an error handling path in acornscsi_probe()
drm/sun4i: hdmi ddc clk: Fix size of m divider
selftests/net: in timestamping, strncpy needs to preserve null byte
gfs2: fix use-after-free on transaction ail lists
blktrace: fix endianness for blk_log_remap()
blktrace: fix endianness in get_pdu_int()
blktrace: use errno instead of bi_status
selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
elfnote: mark all .note sections SHF_ALLOC
include/linux/bitops.h: avoid clang shift-count-overflow warnings
lib/zlib: remove outdated and incorrect pre-increment optimization
geneve: change from tx_error to tx_dropped on missing metadata
crypto: omap-sham - add proper load balancing support for multicore
pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'
pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
scsi: ufs: Don't update urgent bkops level when toggling auto bkops
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
gfs2: Allow lock_nolock mount to specify jid=X
openrisc: Fix issue with argument clobbering for clone/fork
vfio/mdev: Fix reference count leak in add_mdev_supported_type
ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
powerpc/4xx: Don't unmap NULL mbase
NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
scsi: ufs-qcom: Fix scheduling while atomic issue
clk: bcm2835: Fix return type of bcm2835_register_gate
x86/apic: Make TSC deadline timer detection message visible
usb: gadget: Fix issue with config_ep_by_speed function
usb: gadget: fix potential double-free in m66592_probe.
usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke
usb: dwc2: gadget: move gadget resume after the core is in L0 state
watchdog: da9062: No need to ping manually before setting timeout
IB/cma: Fix ports memory leak in cma_configfs
PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
powerpc/64s/pgtable: fix an undefined behaviour
clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
tty: n_gsm: Fix bogus i++ in gsm_data_kick
USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
usb/ohci-platform: Fix a warning when hibernating
vfio-pci: Mask cap zero
powerpc/ps3: Fix kexec shutdown hang
powerpc/pseries/ras: Fix FWNMI_VALID off by one
tty: n_gsm: Fix waking up upper tty layer when room available
tty: n_gsm: Fix SOF skipping
PCI: Fix pci_register_host_bridge() device_register() error handling
clk: ti: composite: fix memory leak
dlm: remove BUG() before panic()
scsi: mpt3sas: Fix double free warnings
power: supply: smb347-charger: IRQSTAT_D is volatile
power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()'
scsi: qla2xxx: Fix warning after FC target reset
PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
PCI: rcar: Fix incorrect programming of OB windows
drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish
serial: amba-pl011: Make sure we initialize the port.lock spinlock
i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
staging: sm750fb: add missing case while setting FB_VISUAL
thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR
tty: hvc: Fix data abort due to race in hvc_open
s390/qdio: put thinint indicator after early error
ALSA: usb-audio: Improve frames size computation
scsi: qedi: Do not flush offload work if ARP not resolved
staging: greybus: fix a missing-check bug in gb_lights_light_config()
scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
scsi: sr: Fix sr_probe() missing deallocate of device minor
apparmor: fix introspection of of task mode for unconfined tasks
mksysmap: Fix the mismatch of '.L' symbols in System.map
NTB: Fix the default port and peer numbers for legacy drivers
yam: fix possible memory leak in yam_init_driver
powerpc/crashkernel: Take "mem=" option into account
nfsd: Fix svc_xprt refcnt leak when setup callback client failed
powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run
clk: clk-flexgen: fix clock-critical handling
scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
mfd: wm8994: Fix driver operation if loaded as modules
m68k/PCI: Fix a memory leak in an error handling path
vfio/pci: fix memory leaks in alloc_perm_bits()
ps3disk: use the default segment boundary
PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register
dm mpath: switch paths in dm_blk_ioctl() code path
usblp: poison URBs upon disconnect
i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
f2fs: report delalloc reserve as non-free in statfs for project quota
iio: bmp280: fix compensation of humidity
scsi: qla2xxx: Fix issue with adapter's stopping state
ALSA: isa/wavefront: prevent out of bounds write in ioctl
scsi: qedi: Check for buffer overflow in qedi_set_path()
ARM: integrator: Add some Kconfig selections
ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
backlight: lp855x: Ensure regulators are disabled on probe failure
clk: qcom: msm8916: Fix the address location of pll->config_reg
remoteproc: Fix IDR initialisation in rproc_alloc()
iio: pressure: bmp280: Tolerate IRQ before registering
i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
clk: sunxi: Fix incorrect usage of round_down()
power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
s390: fix syscall_get_error for compat processes
ANDROID: ext4: Optimize match for casefolded encrypted dirs
ANDROID: ext4: Handle casefolding with encryption
ANDROID: cuttlefish_defconfig: x86: Enable KERNEL_LZ4
ANDROID: GKI: scripts: Makefile: update the lz4 command
FROMLIST: f2fs: fix use-after-free when accessing bio->bi_crypt_context
Linux 4.14.185
perf symbols: Fix debuginfo search for Ubuntu
perf probe: Fix to check blacklist address correctly
perf probe: Do not show the skipped events
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
mtd: rawnand: pasemi: Fix the probe error path
mtd: rawnand: brcmnand: fix hamming oob layout
sunrpc: clean up properly in gss_mech_unregister()
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
kbuild: force to build vmlinux if CONFIG_MODVERSION=y
powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
powerpc/64s: Don't let DT CPU features set FSCR_DSCR
drivers/macintosh: Fix memleak in windfarm_pm112 driver
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
kernel/cpu_pm: Fix uninitted local in cpu_pm
dm crypt: avoid truncating the logical block size
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
sparc32: fix register window handling in genregs32_[gs]et()
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
power: vexpress: add suppress_bind_attrs to true
igb: Report speed and duplex as unknown when device is runtime suspended
media: ov5640: fix use of destroyed mutex
b43_legacy: Fix connection problem with WPA3
b43: Fix connection problem with WPA3
b43legacy: Fix case where channel status is corrupted
media: go7007: fix a miss of snd_card_free
carl9170: remove P2P_GO support
e1000e: Relax condition to trigger reset for ME workaround
e1000e: Disable TSO for buffer overrun workaround
PCI: Program MPS for RCiEP devices
blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call
btrfs: fix wrong file range cleanup after an error filling dealloc range
btrfs: fix error handling when submitting direct I/O bio
PCI: Unify ACS quirk desired vs provided checking
PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
PCI: Generalize multi-function power dependency device links
vga_switcheroo: Use device link for HDA controller
vga_switcheroo: Deduplicate power state tracking
PCI: Make ACS quirk implementations more uniform
PCI: Add ACS quirk for Ampere root ports
PCI: Add ACS quirk for iProc PAXB
PCI: Avoid FLR for AMD Starship USB 3.0
PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
PCI: Disable MSI for Freescale Layerscape PCIe RC mode
ext4: fix race between ext4_sync_parent() and rename()
ext4: fix error pointer dereference
ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
ima: Directly assign the ima_default_policy pointer to ima_rules
ima: Fix ima digest hash table key calculation
mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
btrfs: send: emit file capabilities after chown
string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
cpuidle: Fix three reference count leaks
spi: dw: Return any value retrieved from the dma_transfer callback
mmc: sdhci-esdhc-imx: fix the mask for tuning start point
ixgbe: fix signed-integer-overflow warning
mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
PCI: Don't disable decoding when mmio_always_on is set
macvlan: Skip loopback packets in RX handler
m68k: mac: Don't call via_flush_cache() on Mac IIfx
x86/mm: Stop printing BRK addresses
mips: Add udelay lpj numbers adjustment
mips: MAAR: Use more precise address mask
x86/boot: Correct relocation destination on old linkers
mwifiex: Fix memory corruption in dump_station
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
md: don't flush workqueue unconditionally in md_open
net: qed*: Reduce RX and TX default ring count when running inside kdump kernel
wcn36xx: Fix error handling path in 'wcn36xx_probe()'
nvme: refine the Qemu Identify CNS quirk
kgdb: Fix spurious true from in_dbg_master()
mips: cm: Fix an invalid error code of INTVN_*_ERR
MIPS: Truncate link address into 32bit for 32bit kernel
Crypto/chcr: fix for ccm(aes) failed test
powerpc/spufs: fix copy_to_user while atomic
net: allwinner: Fix use correct return type for ndo_start_xmit()
media: cec: silence shift wrapping warning in __cec_s_log_addrs()
net: lpc-enet: fix error return code in lpc_mii_init()
exit: Move preemption fixup up, move blocking operations down
lib/mpi: Fix 64-bit MIPS build with Clang
net: bcmgenet: set Rx mode before starting netif
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
audit: fix a net reference leak in audit_list_rules_send()
MIPS: Make sparse_init() using top-down allocation
media: platform: fcp: Set appropriate DMA parameters
media: dvb: return -EREMOTEIO on i2c transfer failure.
audit: fix a net reference leak in audit_send_reply()
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
e1000: Distribute switch variables for initialization
tools api fs: Make xxx__mountpoint() more scalable
brcmfmac: fix wrong location to get firmware feature
staging: android: ion: use vmap instead of vm_map_ram
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
spi: dw: Fix Rx-only DMA transfers
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
clocksource: dw_apb_timer_of: Fix missing clockevent timers
clocksource: dw_apb_timer: Make CPU-affiliation being optional
spi: dw: Enable interrupts in accordance with DMA xfer mode
kgdb: Prevent infinite recursive entries to the debugger
Bluetooth: Add SCO fallback for invalid LMP parameters error
MIPS: Loongson: Build ATI Radeon GPU driver as module
ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
spi: dw: Zero DMA Tx and Rx configurations on stack
net: ena: fix error returning in ena_com_get_hash_function()
spi: pxa2xx: Apply CS clk quirk to BXT
objtool: Ignore empty alternatives
media: si2157: Better check for running tuner in init
crypto: ccp -- don't "select" CONFIG_DMADEVICES
drm: bridge: adv7511: Extend list of audio sample rates
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
xen/pvcalls-back: test for errors when calling backend_connect()
can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
agp/intel: Reinforce the barrier after GTT updates
perf: Add cond_resched() to task_function_call()
fat: don't allow to mount if the FAT length == 0
mm/slub: fix a memory leak in sysfs_slab_add()
Smack: slab-out-of-bounds in vsscanf
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
KVM: nSVM: leave ASID aside in copy_vmcb_control_area
KVM: nSVM: fix condition for filtering async PF
video: fbdev: w100fb: Fix a potential double free.
proc: Use new_inode not new_inode_pseudo
ovl: initialize error in ovl_copy_xattr
selftests/net: in rxtimestamp getopt_long needs terminating null entry
crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req()
crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
spi: bcm2835: Fix controller unregister order
spi: pxa2xx: Fix controller unregister order
spi: Fix controller unregister order
spi: No need to assign dummy value in spi_unregister_controller()
spi: dw: Fix controller unregister order
spi: dw: fix possible race condition
x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
x86/speculation: Add support for STIBP always-on preferred mode
x86/speculation: Change misspelled STIPB to STIBP
KVM: x86: only do L1TF workaround on affected processors
KVM: x86/mmu: Consolidate "is MMIO SPTE" code
kvm: x86: Fix L1TF mitigation for shadow MMU
ALSA: pcm: disallow linking stream to itself
crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated
spi: bcm-qspi: when tx/rx buffer is NULL set to 0
spi: bcm2835aux: Fix controller unregister order
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
ACPI: PM: Avoid using power resources if there are none for D0
ACPI: GED: add support for _Exx / _Lxx handler methods
ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
ALSA: usb-audio: Fix inconsistent card PM state after resume
ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
ALSA: es1688: Add the missed snd_card_free()
efi/efivars: Add missing kobject_put() in sysfs entry creation error path
x86/reboot/quirks: Add MacBook6,1 reboot quirk
x86/speculation: Prevent rogue cross-process SSBD shutdown
x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
x86_64: Fix jiffies ODR violation
mm: add kvfree_sensitive() for freeing sensitive data objects
perf probe: Accept the instance number of kretprobe event
ath9k_htc: Silence undersized packet warnings
powerpc/xive: Clear the page tables for the ESB IO mapping
drivers/net/ibmvnic: Update VNIC protocol version reporting
Input: synaptics - add a second working PNP_ID for Lenovo T470s
sched/fair: Don't NUMA balance for kthreads
ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
crypto: talitos - fix ECB and CBC algs ivsize
serial: imx: Fix handling of TC irq in combination with DMA
lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
arch/openrisc: Fix issues with access_ok()
Fix 'acccess_ok()' on alpha and SH
make 'user_access_begin()' do 'access_ok()'
vxlan: Avoid infinite loop when suppressing NS messages with invalid options
ipv6: fix IPV6_ADDRFORM operation logic
writeback: Drop I_DIRTY_TIME_EXPIRE
writeback: Fix sync livelock due to b_dirty_time processing
writeback: Avoid skipping inode writeback
writeback: Protect inode->i_io_list with inode->i_lock
Revert "writeback: Avoid skipping inode writeback"
ANDROID: Enable LZ4_RAMDISK
fscrypt: remove stale definition
fs-verity: remove unnecessary extern keywords
fs-verity: fix all kerneldoc warnings
fscrypt: add support for IV_INO_LBLK_32 policies
fscrypt: make test_dummy_encryption use v2 by default
fscrypt: support test_dummy_encryption=v2
fscrypt: add fscrypt_add_test_dummy_key()
linux/parser.h: add include guards
fscrypt: remove unnecessary extern keywords
fscrypt: name all function parameters
fscrypt: fix all kerneldoc warnings
ANDROID: kbuild: merge more sections with LTO
Linux 4.14.184
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
iio: vcnl4000: Fix i2c swapped word reading.
x86/speculation: Add Ivy Bridge to affected list
x86/speculation: Add SRBDS vulnerability and mitigation documentation
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
x86/cpu: Add 'table' argument to cpu_matches()
x86/cpu: Add a steppings field to struct x86_cpu_id
nvmem: qfprom: remove incorrect write support
CDC-ACM: heed quirk also in error handling
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
tty: hvc_console, fix crashes on parallel open/close
vt: keyboard: avoid signed integer overflow in k_ascii
usb: musb: Fix runtime PM imbalance on error
usb: musb: start session in resume for host port
USB: serial: option: add Telit LE910C1-EUX compositions
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
USB: serial: qcserial: add DW5816e QDL support
l2tp: add sk_family checks to l2tp_validate_socket
net: check untrusted gso_size at kernel entry
vsock: fix timeout in vsock_accept()
NFC: st21nfca: add missed kfree_skb() in an error path
net: usb: qmi_wwan: add Telit LE910C1-EUX composition
l2tp: do not use inet_hash()/inet_unhash()
devinet: fix memleak in inetdev_init()
airo: Fix read overflows sending packets
scsi: ufs: Release clock if DMA map fails
mmc: fix compilation of user API
kernel/relay.c: handle alloc_percpu returning NULL in relay_open
p54usb: add AirVasT USB stick device-id
HID: i2c-hid: add Schneider SCL142ALM to descriptor override
HID: sony: Fix for broken buttons on DS3 USB dongles
mm: Fix mremap not considering huge pmd devmap
net: smsc911x: Fix runtime PM imbalance on error
net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
net/ethernet/freescale: rework quiesce/activate for ucc_geth
net: bmac: Fix read of MAC address from ROM
x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
i2c: altera: Fix race between xfer_msg and isr thread
ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT
ARC: Fix ICCM & DCCM runtime size checks
pppoe: only process PADT targeted at local interfaces
s390/ftrace: save traced function caller
spi: dw: use "smp_mb()" to avoid sending spi data error
scsi: hisi_sas: Check sas_port before using it
libnvdimm: Fix endian conversion issues
scsi: scsi_devinfo: fixup string compare
ANDROID: Incremental fs: Remove dependency on PKCS7_MESSAGE_PARSER
f2fs: attach IO flags to the missing cases
f2fs: add node_io_flag for bio flags likewise data_io_flag
f2fs: remove unused parameter of f2fs_put_rpages_mapping()
f2fs: handle readonly filesystem in f2fs_ioc_shutdown()
f2fs: avoid utf8_strncasecmp() with unstable name
f2fs: don't return vmalloc() memory from f2fs_kmalloc()
ANDROID: dm-bow: Add block_size option
ANDROID: Incremental fs: Cache successful hash calculations
ANDROID: Incremental fs: Fix four error-path bugs
ANDROID: cuttlefish_defconfig: Disable CMOS RTC driver
f2fs: fix retry logic in f2fs_write_cache_pages()
ANDROID: modules: fix lockprove warning
BACKPORT: arm64: vdso: Explicitly add build-id option
BACKPORT: arm64: vdso: use $(LD) instead of $(CC) to link VDSO
Linux 4.14.183
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
genirq/generic_pending: Do not lose pending affinity update
net: hns: Fixes the missing put_device in positive leg for roce reset
net: hns: fix unsigned comparison to less than zero
KVM: VMX: check for existence of secondary exec controls before accessing
rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
sc16is7xx: move label 'err_spi' to correct section
mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
bonding: Fix reference count leak in bond_sysfs_slave_add.
qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
esp6: get the right proto for transport mode in esp6_gso_encap
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
netfilter: nfnetlink_cthelper: unbreak userspace helper support
netfilter: ipset: Fix subcounter update skip
netfilter: nft_reject_bridge: enable reject with bridge vlan
ip_vti: receive ipip packet by calling ip_tunnel_rcv
vti4: eliminated some duplicate code.
xfrm: fix error in comment
xfrm: fix a NULL-ptr deref in xfrm_local_error
xfrm: fix a warning in xfrm_policy_insert_list
xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
copy_xstate_to_kernel(): don't leave parts of destination uninitialized
x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
mac80211: mesh: fix discovery timer re-arming issue / crash
parisc: Fix kernel panic in mem_init()
iommu: Fix reference count leak in iommu_group_alloc.
include/asm-generic/topology.h: guard cpumask_of_node() macro argument
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
libceph: ignore pool overlay and cache logic on redirects
ALSA: hda/realtek - Add new codec supported for ALC287
exec: Always set cap_ambient in cap_bprm_set_creds
ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
ALSA: hwdep: fix a left shifting 1 by 31 UB bug
RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
mmc: block: Fix use-after-free issue for rpmb
ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
ARM: dts/imx6q-bx50v3: Set display interface clock parents
ARM: dts: imx6q-bx50v3: Add internal switch
IB/qib: Call kobject_put() when kobject_init_and_add() fails
gpio: exar: Fix bad handling for ida_simple_get error path
ARM: uaccess: fix DACR mismatch with nested exceptions
ARM: uaccess: integrate uaccess_save and uaccess_restore
ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
ARM: 8843/1: use unified assembler in headers
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
Input: synaptics-rmi4 - really fix attn_data use-after-free
Input: i8042 - add ThinkPad S230u to i8042 reset list
Input: dlink-dir685-touchkeys - fix a typo in driver name
Input: xpad - add custom init packet for Xbox One S controllers
Input: evdev - call input_flush_device() on release(), not flush()
Input: usbtouchscreen - add support for BonXeon TP
samples: bpf: Fix build error
cifs: Fix null pointer check in cifs_read
net: freescale: select CONFIG_FIXED_PHY where needed
usb: gadget: legacy: fix redundant initialization warnings
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
gfs2: move privileged user check to gfs2_quota_lock_check
net: microchip: encx24j600: add missed kthread_stop
gpio: tegra: mask GPIO IRQs during IRQ shutdown
ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
ARM: dts: rockchip: fix phy nodename for rk3228-evb
net/mlx4_core: fix a memory leak bug.
net: sun: fix missing release regions in cas_init_one().
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
net/mlx5e: Update netdev txq on completions during closure
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
r8152: support additional Microsoft Surface Ethernet Adapter variant
net sched: fix reporting the first-time use timestamp
net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
net/mlx5: Add command entry handling completion
net: ipip: fix wrong address family in init error path
ax25: fix setsockopt(SO_BINDTODEVICE)
ANDROID: scs: fix recursive spinlock in scs_check_usage
ANDROID: timer: fix timer_setup with CFI
FROMGIT: USB: dummy-hcd: use configurable endpoint naming scheme
UPSTREAM: USB: dummy-hcd: remove unsupported isochronous endpoints
UPSTREAM: usb: raw-gadget: fix null-ptr-deref when reenabling endpoints
UPSTREAM: usb: raw-gadget: documentation updates
UPSTREAM: usb: raw-gadget: support stalling/halting/wedging endpoints
UPSTREAM: usb: raw-gadget: fix gadget endpoint selection
UPSTREAM: usb: raw-gadget: improve uapi headers comments
UPSTREAM: usb: raw-gadget: fix return value of ep read ioctls
UPSTREAM: usb: raw-gadget: fix raw_event_queue_fetch locking
UPSTREAM: usb: raw-gadget: Fix copy_to/from_user() checks
f2fs: fix wrong discard space
f2fs: compress: don't compress any datas after cp stop
f2fs: remove unneeded return value of __insert_discard_tree()
f2fs: fix wrong value of tracepoint parameter
f2fs: protect new segment allocation in expand_inode_data
f2fs: code cleanup by removing ifdef macro surrounding
writeback: Avoid skipping inode writeback
ANDROID: net: bpf: permit redirect from ingress L3 to egress L2 devices at near max mtu
Revert "ANDROID: Incremental fs: Avoid continually recalculating hashes"
Linux 4.14.182
iio: adc: stm32-adc: fix device used to request dma
iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel()
x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
rxrpc: Fix a memory leak in rxkad_verify_response()
rapidio: fix an error in get_user_pages_fast() error handling
mei: release me_cl object reference
iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
iio: sca3000: Remove an erroneous 'get_device()'
staging: greybus: Fix uninitialized scalar variable
staging: iio: ad2s1210: Fix SPI reading
Revert "gfs2: Don't demote a glock until its revokes are written"
cxgb4/cxgb4vf: Fix mac_hlist initialization and free
cxgb4: free mac_hlist properly
media: fdp1: Fix R-Car M3-N naming in debug message
libnvdimm/btt: Fix LBA masking during 'free list' population
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
ubsan: build ubsan.c more conservatively
x86/uaccess, ubsan: Fix UBSAN vs. SMAP
powerpc/64s: Disable STRICT_KERNEL_RWX
powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
powerpc: restore alphabetic order in Kconfig
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
apparmor: Fix aa_label refcnt leak in policy_update
ALSA: pcm: fix incorrect hw_base increase
ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option
l2tp: initialise PPP sessions before registering them
l2tp: protect sock pointer of struct pppol2tp_session with RCU
l2tp: initialise l2tp_eth sessions before registering them
l2tp: don't register sessions in l2tp_session_create()
arm64: fix the flush_icache_range arguments in machine_kexec
padata: purge get_cpu and reorder_via_wq from padata_do_serial
padata: initialize pd->cpu with effective cpumask
padata: Replace delayed timer with immediate workqueue in padata_reorder
padata: set cpu_index of unused CPUs to -1
ARM: futex: Address build warning
platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
USB: core: Fix misleading driver bug report
ceph: fix double unlock in handle_cap_export()
gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
x86/apic: Move TSC deadline timer debug printk
scsi: ibmvscsi: Fix WARN_ON during event pool release
component: Silence bind error on -EPROBE_DEFER
vhost/vsock: fix packet delivery order to monitoring devices
configfs: fix config_item refcnt leak in configfs_rmdir()
scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
HID: multitouch: add eGalaxTouch P80H84 support
gcc-common.h: Update for GCC 10
ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'
iommu/amd: Fix over-read of ACPI UID from IVRS table
fix multiplication overflow in copy_fdtable()
ima: Fix return value of ima_write_policy()
evm: Check also if *tfm is an error pointer in init_desc()
ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
padata: ensure padata_do_serial() runs on the correct CPU
padata: ensure the reorder timer callback runs on the correct CPU
i2c: dev: Fix the race between the release of i2c_dev and cdev
watchdog: Fix the race between the release of watchdog_core_data and cdev
ext4: add cond_resched() to ext4_protect_reserved_inode
ANDROID: scsi: ufs: Handle clocks when lrbp fails
ANDROID: fscrypt: handle direct I/O with IV_INO_LBLK_32
BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_32 policies
f2fs: avoid inifinite loop to wait for flushing node pages at cp_error
ANDROID: namespace'ify tcp_default_init_rwnd implementation
Linux 4.14.181
Makefile: disallow data races on gcc-10 as well
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
ARM: dts: r8a7740: Add missing extal2 to CPG node
ARM: dts: r8a73a4: Add missing CMT1 interrupts
arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy
arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
usb: gadget: legacy: fix error return code in cdc_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
exec: Move would_dump into flush_old_exec
x86/unwind/orc: Fix error handling in __unwind_start()
usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
USB: gadget: fix illegal array access in binding with UDC
usb: host: xhci-plat: keep runtime active when removing host
usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
x86: Fix early boot crash on gcc-10, third try
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
ARM: dts: dra7: Fix bus_dma_limit for PCIe
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: rawmidi: Initialize allocated buffers
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
net: tcp: fix rx timestamp behavior for tcp_recvmsg
netprio_cgroup: Fix unlimited memory leak of v2 cgroups
net: ipv4: really enforce backoff for redirects
net: dsa: loop: Add module soft dependency
hinic: fix a bug of ndo_stop
Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
net: phy: fix aneg restart in phy_ethtool_set_eee
netlabel: cope with NULL catmap
net: fix a potential recursive NETDEV_FEAT_CHANGE
net: phy: micrel: Use strlcpy() for ethtool::get_strings
x86/asm: Add instruction suffixes to bitops
gcc-10: avoid shadowing standard library 'free()' in crypto
gcc-10: disable 'restrict' warning for now
gcc-10: disable 'stringop-overflow' warning for now
gcc-10: disable 'array-bounds' warning for now
gcc-10: disable 'zero-length-bounds' warning for now
Stop the ad-hoc games with -Wno-maybe-initialized
kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
gcc-10 warnings: fix low-hanging fruit
pnp: Use list_for_each_entry() instead of open coding
hwmon: (da9052) Synchronize access with mfd
IB/mlx4: Test return value of calls to ib_get_cached_pkey
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
i40iw: Fix error handling in i40iw_manage_arp_cache()
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
pinctrl: baytrail: Enable pin configuration setting for GPIO chip
ipmi: Fix NULL pointer dereference in ssif_probe
x86/entry/64: Fix unwind hints in register clearing code
ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ALSA: hda/hdmi: fix race in monitor detection during probe
cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
dmaengine: mmp_tdma: Reset channel error on release
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
scsi: sg: add sg_remove_request in sg_write
virtio-blk: handle block_device_operations callbacks after hot unplug
drop_monitor: work around gcc-10 stringop-overflow warning
net: moxa: Fix a potential double 'free_irq()'
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
shmem: fix possible deadlocks on shmlock_user_lock
net: stmmac: Use mutex instead of spinlock
f2fs: fix to avoid memory leakage in f2fs_listxattr
f2fs: fix to avoid accessing xattr across the boundary
f2fs: sanity check of xattr entry size
f2fs: introduce read_xattr_block
f2fs: introduce read_inline_xattr
blktrace: fix dereference after null check
blktrace: Protect q->blk_trace with RCU
blktrace: fix trace mutex deadlock
blktrace: fix unlocked access to init/start-stop/teardown
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
net: ipv6: add net argument to ip6_dst_lookup_flow
scripts/decodecode: fix trapping instruction formatting
objtool: Fix stack offset tracking for indirect CFAs
netfilter: nat: never update the UDP checksum when it's 0
x86/unwind/orc: Fix error path for bad ORC entry type
x86/unwind/orc: Prevent unwinding before ORC initialization
x86/unwind/orc: Don't skip the first frame for inactive tasks
x86/entry/64: Fix unwind hints in rewind_stack_do_exit()
x86/entry/64: Fix unwind hints in kernel exit path
batman-adv: Fix refcnt leak in batadv_v_ogm_process
batman-adv: Fix refcnt leak in batadv_store_throughput_override
batman-adv: Fix refcnt leak in batadv_show_throughput_override
batman-adv: fix batadv_nc_random_weight_tq
coredump: fix crash when umh is disabled
mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER
tracing: Add a vmalloc_sync_mappings() for safe measure
USB: serial: garmin_gps: add sanity checking for data length
USB: uas: add quirk for LaCie 2Big Quadra
HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6
HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices
ipv6: fix cleanup ordering for ip6_mr failure
net: stricter validation of untrusted gso packets
bnxt_en: Fix VF anti-spoof filter setup.
bnxt_en: Improve AER slot reset.
net/mlx5: Fix command entry leak in Internal Error State
net/mlx5: Fix forced completion access non initialized command entry
bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
sch_sfq: validate silly quantum values
sch_choke: avoid potential panic in choke_reset()
net: usb: qmi_wwan: add support for DW5816e
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
net: macsec: preserve ingress frame ordering
fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
dp83640: reverse arguments to list_add_tail
USB: serial: qcserial: Add DW5816e support
f2fs: compress: fix zstd data corruption
f2fs: add compressed/gc data read IO stat
f2fs: fix potential use-after-free issue
f2fs: compress: don't handle non-compressed data in workqueue
f2fs: remove redundant assignment to variable err
f2fs: refactor resize_fs to avoid meta updates in progress
f2fs: use round_up to enhance calculation
f2fs: introduce F2FS_IOC_RESERVE_COMPRESS_BLOCKS
f2fs: Avoid double lock for cp_rwsem during checkpoint
f2fs: report delalloc reserve as non-free in statfs for project quota
f2fs: Fix wrong stub helper update_sit_info
f2fs: compress: let lz4 compressor handle output buffer budget properly
f2fs: remove blk_plugging in block_operations
f2fs: introduce F2FS_IOC_RELEASE_COMPRESS_BLOCKS
f2fs: shrink spinlock coverage
f2fs: correctly fix the parent inode number during fsync()
f2fs: introduce mempool for {,de}compress intermediate page allocation
f2fs: introduce f2fs_bmap_compress()
f2fs: support fiemap on compressed inode
f2fs: support partial truncation on compressed inode
f2fs: remove redundant compress inode check
f2fs: flush dirty meta pages when flushing them
f2fs: use strcmp() in parse_options()
f2fs: fix checkpoint=disable:%u%%
f2fs: Use the correct style for SPDX License Identifier
f2fs: rework filename handling
f2fs: split f2fs_d_compare() from f2fs_match_name()
f2fs: don't leak filename in f2fs_try_convert_inline_dir()
ANDROID: clang: update to 11.0.1
FROMLIST: x86_64: fix jiffies ODR violation
ANDROID: cuttlefish_defconfig: Enable net testing options
ANDROID: Incremental fs: wake up log pollers less often
ANDROID: Incremental fs: Fix scheduling while atomic error
ANDROID: Incremental fs: Avoid continually recalculating hashes
Revert "f2fs: refactor resize_fs to avoid meta updates in progress"
UPSTREAM: HID: steam: Fix input device disappearing
ANDROID: fscrypt: set dun_bytes more precisely
ANDROID: dm-default-key: set dun_bytes more precisely
ANDROID: block: backport the ability to specify max_dun_bytes
ANDROID: hid: steam: remove BT controller matching
ANDROID: dm-default-key: Update key size for wrapped keys
ANDROID: cuttlefish_defconfig: Enable CONFIG_STATIC_USERMODEHELPER
ANDROID: cuttlefish_defconfig: enable CONFIG_MMC_CRYPTO
ANDROID: Add padding for crypto related structs in UFS and MMC
ANDROID: mmc: MMC crypto API
f2fs: fix missing check for f2fs_unlock_op
f2fs: refactor resize_fs to avoid meta updates in progress
Conflicts:
Documentation/devicetree/bindings/usb/dwc3.txt
drivers/block/virtio_blk.c
drivers/mmc/core/Kconfig
drivers/mmc/core/block.c
drivers/mmc/host/sdhci-msm.c
drivers/net/ethernet/stmicro/stmmac/stmmac.h
drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
drivers/scsi/ufs/ufs-qcom.c
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/f_uac1_legacy.c
fs/crypto/crypto.c
fs/crypto/inline_crypt.c
fs/crypto/keyring.c
fs/f2fs/checkpoint.c
include/linux/fs.h
include/linux/mmc/host.h
include/linux/mod_devicetable.h
include/uapi/linux/input-event-codes.h
net/qrtr/qrtr.c
sound/core/compress_offload.c
sound/core/rawmidi.c
Fixed build errors:
drivers/scsi/ufs/ufshcd.c
Change-Id: I2add911b58d3c87b666ffa0fe46cbceb6cc56430
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
|
Todd Kjos
|
5206f78a3f |
Revert "binder: Prevent context manager from incrementing ref 0"
This reverts commit c5665cafbedd2e2a523fe933e452391a02d3adb3. This patch was causing display hangs for Qualcomm after the 5.4.58 merge. Bug: 166779391 Change-Id: Iaf22ede68247422709b00f059e5c4d517f219adf Signed-off-by: Todd Kjos <tkjos@google.com> |
||
|
Greg Kroah-Hartman
|
831ff8141a |
Merge 4.14.194 into android-4.14-stable
Changes in 4.14.194
USB: serial: qcserial: add EM7305 QDL product ID
net/mlx5e: Don't support phys switch id if not in switchdev mode
USB: iowarrior: fix up report size handling for some devices
usb: xhci: define IDs for various ASMedia host controllers
usb: xhci: Fix ASMedia ASM1142 DMA addressing
ALSA: seq: oss: Serialize ioctls
staging: android: ashmem: Fix lockdep warning for write operation
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
omapfb: dss: Fix max fclk divider for omap36xx
binder: Prevent context manager from incrementing ref 0
vgacon: Fix for missing check in scrollback handling
mtd: properly check all write ioctls for permissions
leds: wm831x-status: fix use-after-free on unbind
leds: da903x: fix use-after-free on unbind
leds: lm3533: fix use-after-free on unbind
leds: 88pm860x: fix use-after-free on unbind
net/9p: validate fds in p9_fd_open
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure
i2c: slave: improve sanity check when registering
i2c: slave: add sanity check when unregistering
cfg80211: check vendor command doit pointer before use
igb: reinit_locked() should be called with rtnl_lock
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
tools lib traceevent: Fix memory leak in process_dynamic_array_len
Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23)
xattr: break delegations in {set,remove}xattr
ipv4: Silence suspicious RCU usage warning
ipv6: fix memory leaks on IPV6_ADDRFORM path
net: ethernet: mtk_eth_soc: fix MTU warnings
vxlan: Ensure FDB dump is performed under RCU
net: lan78xx: replace bogus endpoint lookup
hv_netvsc: do not use VF device if link is down
net: gre: recompute gre csum for sctp over gre tunnels
openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
Revert "vxlan: fix tos value before xmit"
selftests/net: relax cpu affinity requirement in msg_zerocopy test
usb: hso: check for return value in hso_serial_common_create()
rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
Smack: fix use-after-free in smk_write_relabel_self()
tracepoint: Mark __tracepoint_string's __used
HID: input: Fix devices that return multiple bytes in battery report
cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
x86/mce/inject: Fix a wrong assignment of i_mce.status
sched: correct SD_flags returned by tl->sd_flags()
arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
EDAC: Fix reference count leaks
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
arm64: dts: exynos: Fix silent hang after boot on Espresso
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
spi: lantiq: fix: Rx overflow error in full duplex mode
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
md-cluster: fix wild pointer of unlock_all_bitmaps()
arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
drm/nouveau: fix multiple instances of reference count leaks
drm/debugfs: fix plain echo to connector "force" attribute
irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
brcmfmac: To fix Bss Info flag definition Bug
brcmfmac: set state of hanger slot to FREE when flushing PSQ
iwlegacy: Check the return value of pcie_capability_read_*()
gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
usb: bdc: Halt controller on suspend
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
agp/intel: Fix a memory leak on module initialisation failure
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
iio: improve IIO_CONCENTRATION channel type description
drm/arm: fix unintentional integer overflow on left shift
leds: lm355x: avoid enum conversion warning
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
ASoC: Intel: bxt_rt298: add missing .owner field
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
ipvs: allow connection reuse for unconfirmed conntrack
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
xfs: fix reflink quota reservation accounting error
PCI: Fix pci_cfg_wait queue locking problem
leds: core: Flush scheduled work for system suspend
drm: panel: simple: Fix bpc for LG LB070WV8 panel
drm/bridge: sil_sii8620: initialize return of sii8620_readb
scsi: scsi_debug: Add check for sdebug_max_queue during module init
mwifiex: Prevent memory corruption handling keys
powerpc/vdso: Fix vdso cpu truncation
staging: rtl8192u: fix a dubious looking mask before a shift
PCI/ASPM: Add missing newline in sysfs 'policy'
drm/imx: tve: fix regulator_disable error path
USB: serial: iuu_phoenix: fix led-activity helpers
thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor()
coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
usb: dwc2: Fix error path in gadget registration
scsi: mesh: Fix panic after host or bus reset
net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
Bluetooth: hci_serdev: Only unregister device if it was registered
selftests/powerpc: Fix CPU affinity for child process
PCI: Release IVRS table in AMD ACS quirk
selftests/powerpc: Fix online CPU selection
s390/qeth: don't process empty bridge port events
wl1251: fix always return 0 error
tools, build: Propagate build failures from tools/build/Makefile.build
net: ethernet: aquantia: Fix wrong return value
liquidio: Fix wrong return value in cn23xx_get_pf_num()
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
fsl/fman: use 32-bit unsigned integer
fsl/fman: fix dereference null return value
fsl/fman: fix unreachable code
fsl/fman: check dereferencing null pointer
fsl/fman: fix eth hash table allocation
dlm: Fix kobject memleak
pinctrl-single: fix pcs_parse_pinconf() return value
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
crypto: aesni - add compatibility with IAS
af_packet: TPACKET_V3: fix fill status rwlock imbalance
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: refactor bind_bucket fastreuse into helper
net: Set fput_needed iff FDPUT_FPUT is set
USB: serial: cp210x: re-enable auto-RTS on open
USB: serial: cp210x: enable usb generic throttle/unthrottle
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
crypto: qat - fix double free in qat_uclo_create_batch_init_list
crypto: ccp - Fix use of merged scatterlists
crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
bitfield.h: don't compile-time validate _val in FIELD_FIT
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
9p: Fix memory leak in v9fs_mount
spi: spidev: Align buffers for DMA
mtd: rawnand: qcom: avoid write to unavailable register
parisc: Implement __smp_store_release and __smp_load_acquire barriers
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
irqdomain/treewide: Free firmware node after domain removal
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
net: initialize fastreuse on inet_inherit_port
smb3: warn on confusing error scenario with sec=krb5
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
btrfs: don't allocate anonymous block device for user invisible roots
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
dt-bindings: iio: io-channel-mux: Fix compatible string in example code
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
xtensa: fix xtensa_pmu_setup prototype
powerpc: Fix circular dependency between percpu.h and mmu.h
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
net/compat: Add missing sock updates for SCM_RIGHTS
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
mac80211: fix misplaced while instead of if
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
ftrace: Setup correct FTRACE_FL_REGS flags for module
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
tracing/hwlat: Honor the tracing_cpumask
tracing: Use trace_sched_process_free() instead of exit() for pid tracing
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
pseries: Fix 64 bit logical memory block panic
perf intel-pt: Fix FUP packet state
drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
mfd: arizona: Ensure 32k clock is put on driver unbind and error
RDMA/ipoib: Return void from ipoib_ib_dev_stop()
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
pwm: bcm-iproc: handle clk_get_rate() return
tools build feature: Use CC and CXX from parent
i2c: rcar: avoid race when unregistering slave
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
drm/vmwgfx: Fix two list_for_each loop exit tests
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
nfs: Fix getxattr kernel panic and memory overflow
fs/ufs: avoid potential u32 multiplication overflow
test_kmod: avoid potential double free in trigger_config_run_type()
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
perf bench mem: Always memset source before memcpy
tools build feature: Quote CC and CXX for their arguments
sh: landisk: Add missing initialization of sh_io_port_base
khugepaged: retract_page_tables() remember to test exit
genirq/affinity: Handle affinity setting on inactive interrupts correctly
genirq/affinity: Make affinity setting if activated opt-in
dm cache: pass cache structure to mode functions
dm cache: submit writethrough writes in parallel to origin and cache
dm cache: remove all obsolete writethrough-specific code
Linux 4.14.194
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0a759b837bffc0f5af5fe1b6a38ccdd465e41e6e
|
||
|
Jann Horn
|
f40f289b96 |
binder: Prevent context manager from incrementing ref 0
commit 4b836a1426cb0f1ef2a6e211d7e553221594f8fc upstream.
Binder is designed such that a binder_proc never has references to
itself. If this rule is violated, memory corruption can occur when a
process sends a transaction to itself; see e.g.
<https://syzkaller.appspot.com/bug?extid=09e05aba06723a94d43d>.
There is a remaining edgecase through which such a transaction-to-self
can still occur from the context of a task with BINDER_SET_CONTEXT_MGR
access:
- task A opens /dev/binder twice, creating binder_proc instances P1
and P2
- P1 becomes context manager
- P2 calls ACQUIRE on the magic handle 0, allocating index 0 in its
handle table
- P1 dies (by closing the /dev/binder fd and waiting a bit)
- P2 becomes context manager
- P2 calls ACQUIRE on the magic handle 0, allocating index 1 in its
handle table
[this triggers a warning: "binder: 1974:1974 tried to acquire
reference to desc 0, got 1 instead"]
- task B opens /dev/binder once, creating binder_proc instance P3
- P3 calls P2 (via magic handle 0) with (void*)1 as argument (two-way
transaction)
- P2 receives the handle and uses it to call P3 (two-way transaction)
- P3 calls P2 (via magic handle 0) (two-way transaction)
- P2 calls P2 (via handle 1) (two-way transaction)
And then, if P2 does *NOT* accept the incoming transaction work, but
instead closes the binder fd, we get a crash.
Solve it by preventing the context manager from using ACQUIRE on ref 0.
There shouldn't be any legitimate reason for the context manager to do
that.
Additionally, print a warning if someone manages to find another way to
trigger a transaction-to-self bug in the future.
Cc: stable@vger.kernel.org
Fixes:
|
||
|
Christian Brauner
|
641be7d2db |
binderfs: use refcount for binder control devices too
Binderfs binder-control devices are cleaned up via binderfs_evict_inode
too() which will use refcount_dec_and_test(). However, we missed to set
the refcount for binderfs binder-control devices and so we underflowed
when the binderfs instance got unmounted. Pretty obvious oversight and
should have been part of the more general UAF fix. The good news is that
having test cases (suprisingly) helps.
Technically, we could detect that we're about to cleanup the
binder-control dentry in binderfs_evict_inode() and then simply clean it
up. But that makes the assumption that the binder driver itself will
never make use of a binderfs binder-control device after the binderfs
instance it belongs to has been unmounted and the superblock for it been
destroyed. While it is unlikely to ever come to this let's be on the
safe side. Performance-wise this also really doesn't matter since the
binder-control device is only every really when creating the binderfs
filesystem or creating additional binder devices. Both operations are
pretty rare.
Change-Id: Ia2eedd8b11621c9358c372b024ffb776055600f6
Fixes: f0fe2c0f050d ("binder: prevent UAF for binderfs devices II")
Link: https://lore.kernel.org/r/CA+G9fYusdfg7PMfC9Xce-xLT7NiyKSbgojpK35GOm=Pf9jXXrA@mail.gmail.com
Reported-by: Naresh Kamboju <naresh.kamboju@linaro.org>
Cc: stable@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Acked-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20200311105309.1742827-1-christian.brauner@ubuntu.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Git-repo: git://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git
Git-commit: 211b64e4b5b6bd5fdc19cd525c2cc9a90e6b0ec9
Signed-off-by: Lei wang <leiwan@codeaurora.org>
|
||
|
Srinivasarao P
|
90bb7a2b24 |
Merge android-4.14-stable.180 (816f245) into msm-4.14
* refs/heads/tmp-816f245:
Revert "clk: qcom: rcg2: Don't crash if our parent can't be found; return an error"
Reverting crypto patches
Reverting incremental fs changes
Linux 4.14.180
cgroup, netclassid: remove double cond_resched
mac80211: add ieee80211_is_any_nullfunc()
ALSA: hda: Match both PCI ID and SSID for driver blacklist
tracing: Reverse the order of trace_types_lock and event_mutex
sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
net: systemport: suppress warnings on failed Rx SKB allocations
net: bcmgenet: suppress warnings on failed Rx SKB allocations
lib/mpi: Fix building for powerpc with clang
net: dsa: b53: Rework ARL bin logic
scripts/config: allow colons in option strings for sed
s390/ftrace: fix potential crashes when switching tracers
cifs: protect updating server->dstaddr with a spinlock
net: stmmac: Fix sub-second increment
net: stmmac: fix enabling socfpga's ptp_ref_clock
wimax/i2400m: Fix potential urb refcnt leak
ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry
ASoC: rsnd: Fix HDMI channel mapping for multi-SSI mode
ASoC: sgtl5000: Fix VAG power-on handling
selftests/ipc: Fix test failure seen after initial test run
ASoC: topology: Check return value of pcm_new_ver
powerpc/pci/of: Parse unassigned resources
vhost: vsock: kick send_pkt worker once device is started
ANDROID: arm64: fix a mismerge in proc.S
Linux 4.14.179
selinux: properly handle multiple messages in selinux_netlink_send()
dmaengine: dmatest: Fix iteration non-stop logic
nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
ALSA: opti9xx: shut up gcc-10 range warning
iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system
scsi: target/iblock: fix WRITE SAME zeroing
iommu/qcom: Fix local_base status check
vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
vfio: avoid possible overflow in vfio_iommu_type1_pin_pages
RDMA/mlx4: Initialize ib_spec on the stack
RDMA/mlx5: Set GRH fields in query QP on RoCE
dm verity fec: fix hash block number in verity_fec_decode
PM: hibernate: Freeze kernel threads in software_resume()
PM: ACPI: Output correct message on target power state
ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
ALSA: hda/hdmi: fix without unlocked before return
ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter
mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers
mmc: sdhci-xenon: fix annoying 1.8V regulator warning
btrfs: fix partial loss of prealloc extent past i_size after fsync
btrfs: fix block group leak when removing fails
drm/qxl: qxl_release use after free
drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
drm/edid: Fix off-by-one in DispID DTD pixel clock
ext4: fix special inode number checks in __ext4_iget()
ANDROID: Incremental fs: Fix issues with very large files
Linux 4.14.178
propagate_one(): mnt_set_mountpoint() needs mount_lock
ext4: check for non-zero journal inum in ext4_calculate_overhead
qed: Fix use after free in qed_chain_free
ext4: unsigned int compared against zero
ext4: fix block validity checks for journal inodes using indirect blocks
ext4: don't perform block validity checks on the journal inode
ext4: protect journal inode's blocks using block_validity
ext4: avoid declaring fs inconsistent due to invalid file handles
hwmon: (jc42) Fix name to have no illegal characters
ext4: convert BUG_ON's to WARN_ON's in mballoc.c
ext4: increase wait time needed before reuse of deleted inode numbers
ext4: use matching invalidatepage in ext4_writepage
arm64: Delete the space separator in __emit_inst
xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
objtool: Support Clang non-section symbols in ORC dump
objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings
scsi: target: fix PR IN / READ FULL STATUS for FC
xfs: fix partially uninitialized structure in xfs_reflink_remap_extent
x86: hyperv: report value of misc_features
bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path
perf/core: fix parent pid/tid in task exit events
ARM: dts: bcm283x: Disable dsi0 node
net/cxgb4: Check the return from t4_query_params properly
i2c: altera: use proper variable to hold errno
nfsd: memory corruption in nfsd4_lock()
iio:ad7797: Use correct attribute_group
usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
usb: dwc3: gadget: Do link recovery for SS and SSP
binder: take read mode of mmap_sem in binder_alloc_free_page()
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
remoteproc: Fix wrong rvring index computation
xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT
xfs: validate sb_logsunit is a multiple of the fs blocksize
serial: sh-sci: Make sure status register SCxSR is read in correct sequence
usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
UAS: fix deadlock in error handling and PM flushing work
UAS: no use logging any details in case of ENODEV
cdc-acm: introduce a cool down
cdc-acm: close race betrween suspend() and acm_softint
staging: vt6656: Power save stop wake_up_count wrap around.
staging: vt6656: Fix pairwise key entry save.
staging: vt6656: Fix drivers TBTT timing counter.
staging: vt6656: Fix calling conditions of vnt_set_bss_mode
staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
vt: don't hardcode the mem allocation upper bound
staging: comedi: Fix comedi_device refcnt leak in comedi_open
staging: comedi: dt2815: fix writing hi byte of analog output
powerpc/setup_64: Set cache-line-size based on cache-block-size
ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
iwlwifi: pcie: actually release queue memory in TVQM
ASoC: dapm: fixup dapm kcontrol widget
audit: check the length of userspace generated audit records
usb-storage: Add unusual_devs entry for JMicron JMS566
tty: rocket, avoid OOB access
tty: hvc: fix buffer overflow during hvc_alloc().
KVM: VMX: Enable machine check support for 32bit targets
KVM: Check validity of resolved slot when searching memslots
tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send()
tpm/tpm_tis: Free IRQ if probing fails
ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
ALSA: hda/realtek - Add new codec supported for ALC245
ALSA: usx2y: Fix potential NULL dereference
tools/vm: fix cross-compile build
mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
mm/hugetlb: fix a addressing exception caused by huge_pte_offset
vmalloc: fix remap_vmalloc_range() bounds checks
overflow.h: Add arithmetic shift helper
USB: hub: Fix handling of connect changes during sleep
USB: core: Fix free-while-in-use bug in the USB S-Glibrary
USB: early: Handle AMD's spec-compliant identifiers, too
USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE
USB: sisusbvga: Change port variable from signed to unsigned
fs/namespace.c: fix mountpoint reference counter race
iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode
iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
iio: xilinx-xadc: Fix ADC-B powerdown
iio: adc: stm32-adc: fix sleep in atomic context
ALSA: hda: Remove ASUS ROG Zenith from the blacklist
KEYS: Avoid false positive ENOMEM error on key read
vrf: Check skb for XFRM_TRANSFORMED flag
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
net: dsa: b53: Fix ARL register definitions
team: fix hang in team_mode_get()
tcp: cache line align MAX_TCP_HEADER
net/x25: Fix x25_neigh refcnt leak when receiving frame
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
net: bcmgenet: correct per TX/RX ring statistics
macvlan: fix null dereference in macvlan_device_event()
macsec: avoid to set wrong mtu
ipv6: fix restrict IPV6_ADDRFORM operation
cxgb4: fix large delays in PTP synchronization
mm, slub: restore the original intention of prefetch_freepointer()
PCI/ASPM: Allow re-enabling Clock PM
perf/core: Disable page faults when getting phys address
pwm: bcm2835: Dynamically allocate base
pwm: renesas-tpu: Fix late Runtime PM enablement
s390/cio: avoid duplicated 'ADD' uevents
ipc/util.c: sysvipc_find_ipc() should increase position index
selftests: kmod: fix handling test numbers above 9
kernel/gcov/fs.c: gcov_seq_next() should increase position index
ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map()
scsi: iscsi: Report unbind session event when the target has been removed
pwm: rcar: Fix late Runtime PM enablement
ceph: don't skip updating wanted caps when cap is stale
ceph: return ceph_mdsc_do_request() errors from __get_parent()
scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
watchdog: reset last_hw_keepalive time at start
vti4: removed duplicate log message.
crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static
drm/msm: Use the correct dma_sync calls harder
keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
net: ipv4: avoid unused variable warning for sysctl
net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
ext4: fix extent_status fragmentation for plain files
FROMGIT: f2fs: fix missing check for f2fs_unlock_op
ANDROID: Fix kernel build regressions from virtio-gpu-next patches
ANDROID: Incremental fs: Add setattr call
ANDROID: cuttlefish_defconfig: enable LTO and CFI
ANDROID: x86: map CFI jump tables in pti_clone_entry_text
ANDROID: crypto: aesni: fix function types for aesni_(enc|dec)
ANDROID: x86: disable CFI for do_syscall_*
ANDROID: BACKPORT: x86, module: Ignore __typeid__ relocations
ANDROID: BACKPORT: x86, relocs: Ignore __typeid__ relocations
ANDROID: BACKPORT: x86/extable: Do not mark exception callback as CFI
FROMLIST: crypto, x86/sha: Eliminate casts on asm implementations
UPSTREAM: crypto: x86 - Rename functions to avoid conflict with crypto/sha256.h
BACKPORT: x86/vmlinux: Actually use _etext for the end of the text segment
ANDROID: x86: disable STACK_VALIDATION with LTO_CLANG
ANDROID: x86: add support for CONFIG_LTO_CLANG
ANDROID: x86/vdso: disable LTO only for VDSO
ANDROID: x86/cpu/vmware: use the full form of inl in VMWARE_PORT
UPSTREAM: x86/build/lto: Fix truncated .bss with -fdata-sections
ANDROID: kbuild: don't select LD_DEAD_CODE_DATA_ELIMINATION with LTO
ANDROID: kbuild: export LTO and CFI flags
ANDROID: cfi: remove unnecessary <asm/memory.h> include
ANDROID: drm/virtio: rebase to latest virgl/drm-misc-next (take 2)
UPSTREAM: sysrq: Use panic() to force a crash
ANDROID: Incremental fs: Use simple compression in log buffer
ANDROID: dm-bow: Fix not to skip trim at framented range
ANDROID: Remove VLA from uid_sys_stats.c
ANDROID: cuttlefish_defconfig: enable CONFIG_DEBUG_LIST
Linux 4.14.177
KEYS: Don't write out to userspace while holding key semaphore
KEYS: Use individual pages in big_key for crypto buffers
mtd: phram: fix a double free issue in error path
mtd: lpddr: Fix a double free in probe()
locktorture: Print ratio of acquisitions, not failures
tty: evh_bytechan: Fix out of bounds accesses
fbdev: potential information leak in do_fb_ioctl()
net: dsa: bcm_sf2: Fix overflow checks
iommu/amd: Fix the configuration of GCR3 table root pointer
libnvdimm: Out of bounds read in __nd_ioctl()
ext2: fix debug reference to ext2_xattr_cache
ext2: fix empty body warnings when -Wextra is used
iommu/vt-d: Fix mm reference leak
NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
drm/amdkfd: kfree the wrong pointer
x86: ACPI: fix CPU hotplug deadlock
KVM: s390: vsie: Fix possible race when shadowing region 3 tables
compiler.h: fix error in BUILD_BUG_ON() reporting
percpu_counter: fix a data race at vm_committed_as
include/linux/swapops.h: correct guards for non_swap_entry()
ext4: do not commit super on read-only bdev
powerpc/maple: Fix declaration made after definition
s390/cpuinfo: fix wrong output when CPU0 is offline
NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid()
rtc: 88pm860x: fix possible race condition
soc: imx: gpc: fix power up sequencing
clk: tegra: Fix Tegra PMC clock out parents
power: supply: bq27xxx_battery: Silence deferred-probe error
clk: at91: usb: continue if clk_hw_round_rate() return zero
of: unittest: kmemleak in of_unittest_platform_populate()
rbd: call rbd_dev_unprobe() after unwatching and flushing notifies
rbd: avoid a deadlock on header_rwsem when flushing notifies
of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
soc: qcom: smem: Use le32_to_cpu for comparison
wil6210: abort properly in cfg suspend
wil6210: fix length check in __wmi_send
wil6210: add block size checks during FW load
wil6210: fix PCIe bus mastering in case of interface down
rpmsg: glink: smem: Ensure ordering during tx
rpmsg: glink: Fix missing mutex_init() in qcom_glink_alloc_channel()
rtc: pm8xxx: Fix issue in RTC write path
rpmsg: glink: use put_device() if device_register fail
wil6210: rate limit wil_rx_refill error
scsi: ufs: ufs-qcom: remove broken hci version quirk
scsi: ufs: make sure all interrupts are processed
wil6210: fix temperature debugfs
wil6210: increase firmware ready timeout
arch_topology: Fix section miss match warning due to free_raw_capacity()
arm64: traps: Don't print stack or raw PC/LR values in backtraces
arm64: perf: remove unsupported events for Cortex-A73
Revert "gpio: set up initial state from .get_direction()"
clk: Fix debugfs_create_*() usage
drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
video: fbdev: sis: Remove unnecessary parentheses and commented code
lib/raid6: use vdupq_n_u8 to avoid endianness warnings
ALSA: hda: Don't release card at firmware loading error
irqchip/mbigen: Free msi_desc on device teardown
netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type
arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0
ext4: use non-movable memory for superblock readahead
scsi: sg: add sg_remove_request in sg_common_write
objtool: Fix switch table detection in .text.unlikely
mm/vmalloc.c: move 'area->pages' after if statement
x86/resctrl: Fix invalid attempt at removing the default resource group
x86/resctrl: Preserve CDP enable over CPU hotplug
x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG
x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization (CDP)
x86/intel_rdt: Enumerate L2 Code and Data Prioritization (CDP) feature
x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE
scsi: target: fix hang when multiple threads try to destroy the same iscsi session
scsi: target: remove boilerplate code
kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
dm flakey: check for null arg_name in parse_features()
ext4: do not zeroout extents beyond i_disksize
mac80211_hwsim: Use kstrndup() in place of kasprintf()
btrfs: check commit root generation in should_ignore_root
tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
ALSA: usb-audio: Don't override ignore_ctl_error value from the map
ASoC: Intel: mrfld: return error codes when an error occurs
ASoC: Intel: mrfld: fix incorrect check on p->sink
ext4: fix incorrect inodes per group in error message
ext4: fix incorrect group count in ext4_fill_super error message
pwm: pca9685: Fix PWM/GPIO inter-operation
jbd2: improve comments about freeing data buffers whose page mapping is NULL
scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
net: revert default NAPI poll timeout to 2 jiffies
net: qrtr: send msgs from local of same id as broadcast
net: ipv6: do not consider routes via gateways for anycast address check
net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
hsr: check protocol version in hsr_newlink()
amd-xgbe: Use __napi_schedule() in BH context
mfd: dln2: Fix sanity checking for endpoints
misc: echo: Remove unnecessary parentheses and simplify check for zero
powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
ipmi: fix hung processes in __get_guid()
ftrace/kprobe: Show the maxactive number on kprobe_events
drm: Remove PageReserved manipulation from drm_pci_alloc
drm/dp_mst: Fix clearing payload state on topology disable
crypto: caam - update xts sector size for large input length
dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone()
btrfs: use nofs allocations for running delayed items
Btrfs: fix crash during unmount due to race with delayed inode workers
powerpc: Make setjmp/longjmp signature standard
powerpc: Add attributes for setjmp/longjmp
scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
powerpc/kprobes: Ignore traps that happened in real mode
powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs
powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries
powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle
libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set
hfsplus: fix crash and filesystem corruption when deleting files
cpufreq: powernv: Fix use-after-free
kmod: make request_module() return an error when autoloading is disabled
Input: i8042 - add Acer Aspire 5738z to nomux list
s390/diag: fix display of diagnose call statistics
perf tools: Support Python 3.8+ in Makefile
ocfs2: no need try to truncate file beyond i_size
fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once()
ext4: fix a data race at inode->i_blocks
NFS: Fix a page leak in nfs_destroy_unlinked_subrequests()
rtc: omap: Use define directive for PIN_CONFIG_ACTIVE_HIGH
arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
dm verity fec: fix memory leak in verity_fec_dtr
mm: Use fixed constant in page_frag_alloc instead of size + 1
tools: gpio: Fix out-of-tree build regression
x86/speculation: Remove redundant arch_smt_update() invocation
powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init()
net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
ALSA: hda: Initialize power_state field properly
crypto: mxs-dcp - fix scatterlist linearization for hash
btrfs: drop block from cache on error in relocation
CIFS: Fix bug which the return value by asynchronous read is error
KVM: VMX: fix crash cleanup when KVM wasn't used
KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support
KVM: x86: Allocate new rmap and large page tracking when moving memslot
KVM: s390: vsie: Fix delivery of addressing exceptions
KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks
KVM: nVMX: Properly handle userspace interrupt window request
x86/entry/32: Add missing ASM_CLAC to general_protection entry
signal: Extend exec_id to 64bits
ath9k: Handle txpower changes even when TPC is disabled
MIPS: OCTEON: irq: Fix potential NULL pointer dereference
irqchip/versatile-fpga: Apply clear-mask earlier
KEYS: reaching the keys quotas correctly
PCI: endpoint: Fix for concurrent memory allocation in OB address region
PCI/ASPM: Clear the correct bits when enabling L1 substates
nvme-fc: Revert "add module to ops template to allow module references"
thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
acpi/x86: ignore unspecified bit positions in the ACPI global lock field
media: ti-vpe: cal: fix disable_irqs to only the intended target
ALSA: hda/realtek - Set principled PC Beep configuration for ALC256
ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256
ALSA: pcm: oss: Fix regression by buffer overflow fix
ALSA: ice1724: Fix invalid access for enumerated ctl items
ALSA: hda: Fix potential access overflow in beep helper
ALSA: hda: Add driver blacklist
ALSA: usb-audio: Add mixer workaround for TRX40 and co
usb: gadget: composite: Inform controller driver of self-powered
usb: gadget: f_fs: Fix use after free issue as part of queue failure
ASoC: topology: use name_prefix for new kcontrol
ASoC: dpcm: allow start or stop during pause for backend
ASoC: dapm: connect virtual mux with default value
ASoC: fix regwmask
slub: improve bit diffusion for freelist ptr obfuscation
misc: rtsx: set correct pcr_ops for rts522A
uapi: rename ext2_swab() to swab() and share globally in swab.h
btrfs: track reloc roots based on their commit root bytenr
btrfs: remove a BUG_ON() from merge_reloc_roots()
block, bfq: fix use-after-free in bfq_idle_slice_timer_body
locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
irqchip/gic-v4: Provide irq_retrigger to avoid circular locking dependency
usb: dwc3: core: add support for disabling SS instances in park mode
block: Fix use-after-free issue accessing struct io_cq
genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy()
efi/x86: Ignore the memory attributes table on i386
x86/boot: Use unsigned comparison for addresses
gfs2: Don't demote a glock until its revokes are written
libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
PCI/switchtec: Fix init_completion race condition with poll_wait()
selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
sched: Avoid scale real weight down to zero
irqchip/versatile-fpga: Handle chained IRQs properly
block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices
x86: Don't let pgprot_modify() change the page encryption bit
null_blk: fix spurious IO errors after failed past-wp access
null_blk: Handle null_add_dev() failures properly
null_blk: Fix the null_add_dev() error path
i2c: st: fix missing struct parameter description
qlcnic: Fix bad kzalloc null test
cxgb4/ptp: pass the sign of offset delta in FW CMD
hinic: fix wrong para of wait_for_completion_timeout
hinic: fix a bug of waitting for IO stopped
net: vxge: fix wrong __VA_ARGS__ usage
bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
ANDROID: fix wakeup reason findings
UPSTREAM: gpu/trace: add a gpu total memory usage tracepoint
CHROMIUM: drm/virtio: rebase zero-copy patches to virgl/drm-misc-next
CHROMIUM: virtio-gpu: add VIRTIO_GPU_F_RESOURCE_UUID feature
CHROMIUM: drm/virtgpu: add legacy VIRTIO_GPU_* values for non-upstream variants
CHROMIUM: drm/virtgpu: fix various warnings
CHROMIUM: drm/virtgpu: implement metadata allocation ioctl
CHROMIUM: drm/virtgpu: introduce request IDRs
CHROMIUM: drm/virtgpu: implement DRM_VIRTGPU_RESOURCE_CREATE_V2
CHROMIUM: drm/virtgpu: add stub ioctl implementation
CHROMIUM: drm/virtgpu: check for revelant capabilites
CHROMIUM: drm/virtgpu: add memory type to virtio_gpu_object_params
CHROMIUM: drm/virtgpu: make memory and resource creation opaque
CHROMIUM: virtio-gpu api: VIRTIO_GPU_F_MEMORY
CHROMIUM: virtwl: store plane info per virtio_gpu_object
CHROMIUM: drm/virtgpu: expose new ioctls to userspace
BACKPORT: drm/virtio: move virtio_gpu_object_{attach, detach} calls.
ANDROID: drm: ttm: Add ttm_tt_create2 driver hook
UPSTREAM: virtio-gpu api: comment feature flags
UPSTREAM: drm/virtio: module_param_named() requires linux/moduleparam.h
BACKPORT: drm/virtio: fix resource id creation race
BACKPORT: drm/virtio: make resource id workaround runtime switchable.
BACKPORT: drm/virtio: do NOT reuse resource ids
BACKPORT: drm/virtio: Drop deprecated load/unload initialization
f2fs: fix quota_sync failure due to f2fs_lock_op
f2fs: support read iostat
f2fs: Fix the accounting of dcc->undiscard_blks
f2fs: fix to handle error path of f2fs_ra_meta_pages()
f2fs: report the discard cmd errors properly
f2fs: fix long latency due to discard during umount
f2fs: add tracepoint for f2fs iostat
f2fs: introduce sysfs/data_io_flag to attach REQ_META/FUA
UPSTREAM: kheaders: include only headers into kheaders_data.tar.xz
UPSTREAM: kheaders: remove meaningless -R option of 'ls'
ANDROID: Incremental fs: Fix create_file performance
ANDROID: Incremental fs: Fix compound page usercopy crash
ANDROID: Incremental fs: Clean up incfs_test build process
ANDROID: Incremental fs: make remount log buffer change atomic
ANDROID: Incremental fs: Optimize get_filled_block
ANDROID: Incremental fs: Fix mislabeled __user ptrs
ANDROID: Incremental fs: Use 64-bit int for file_size when writing hash blocks
Revert "ANDROID: Incremental fs: Fix initialization, use of bitfields"
Linux 4.14.176
drm/msm: Use the correct dma_sync calls in msm_gem
rpmsg: glink: smem: Support rx peak for size less than 4 bytes
drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
usb: dwc3: don't set gadget->is_otg flag
rpmsg: glink: Remove chunk size word align warning
arm64: Fix size of __early_cpu_boot_status
drm/msm: stop abusing dma_map/unmap for cache
clk: qcom: rcg: Return failure for RCG update
acpi/nfit: Fix bus command validation
fbcon: fix null-ptr-deref in fbcon_switch
RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
ceph: canonicalize server path in place
ceph: remove the extra slashes in the server path
IB/hfi1: Fix memory leaks in sysfs registration and unregistration
IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
ASoC: jz4740-i2s: Fix divider written at incorrect offset in register
hwrng: imx-rngc - fix an error path
tools/accounting/getdelays.c: fix netlink attribute length
random: always use batched entropy for get_random_u{32,64}
mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE
slcan: Don't transmit uninitialized stack data in padding
net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting
net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers
net: dsa: bcm_sf2: Ensure correct sub-node is parsed
ipv6: don't auto-add link-local address to lag ports
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
padata: always acquire cpu_hotplug_lock before pinst->lock
coresight: do not use the BIT() macro in the UAPI header
misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices
blk-mq: Allow blocking queue tag iter callbacks
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
drm/etnaviv: replace MMU flush marker with flush sequence
tools/power turbostat: Fix gcc build warnings
initramfs: restore default compression behavior
drm/bochs: downgrade pci_request_region failure from error to warning
sctp: fix possibly using a bad saddr with a given dst
sctp: fix refcount bug in sctp_wfree
net, ip_tunnel: fix interface lookup with no key
ipv4: fix a RCU-list lock in fib_triestat_seq_show
ANDROID: power: wakeup_reason: wake reason enhancements
ubifs: wire up FS_IOC_GET_ENCRYPTION_NONCE
f2fs: wire up FS_IOC_GET_ENCRYPTION_NONCE
ext4: wire up FS_IOC_GET_ENCRYPTION_NONCE
fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl
FROMLIST: power_supply: Add additional health properties to the header
UPSTREAM: power: supply: core: Update sysfs-class-power ABI document
BACKPORT: FROMGIT: kbuild: mkcompile_h: Include $LD version in /proc/version
ANDROID: fscrypt: fall back to filesystem-layer crypto when needed
ANDROID: block: require drivers to declare supported crypto key type(s)
ANDROID: block: make blk_crypto_start_using_mode() properly check for support
f2fs: keep inline_data when compression conversion
f2fs: fix to disable compression on directory
f2fs: add missing CONFIG_F2FS_FS_COMPRESSION
f2fs: switch discard_policy.timeout to bool type
f2fs: fix to verify tpage before releasing in f2fs_free_dic()
f2fs: show compression in statx
f2fs: clean up dic->tpages assignment
f2fs: compress: support zstd compress algorithm
f2fs: compress: add .{init,destroy}_decompress_ctx callback
f2fs: compress: fix to call missing destroy_compress_ctx()
f2fs: change default compression algorithm
f2fs: clean up {cic,dic}.ref handling
f2fs: fix to use f2fs_readpage_limit() in f2fs_read_multi_pages()
f2fs: xattr.h: Make stub helpers inline
f2fs: fix to avoid double unlock
f2fs: fix potential .flags overflow on 32bit architecture
f2fs: fix NULL pointer dereference in f2fs_verity_work()
f2fs: fix to clear PG_error if fsverity failed
f2fs: don't call fscrypt_get_encryption_info() explicitly in f2fs_tmpfile()
f2fs: don't trigger data flush in foreground operation
f2fs: fix NULL pointer dereference in f2fs_write_begin()
f2fs: clean up f2fs_may_encrypt()
f2fs: fix to avoid potential deadlock
f2fs: don't change inode status under page lock
f2fs: fix potential deadlock on compressed quota file
f2fs: delete DIO read lock
f2fs: don't mark compressed inode dirty during f2fs_iget()
f2fs: fix to account compressed blocks in f2fs_compressed_blocks()
f2fs: xattr.h: Replace zero-length array with flexible-array member
f2fs: fix to update f2fs_super_block fields under sb_lock
f2fs: Add a new CP flag to help fsck fix resize SPO issues
f2fs: Fix mount failure due to SPO after a successful online resize FS
f2fs: use kmem_cache pool during inline xattr lookups
f2fs: skip migration only when BG_GC is called
f2fs: fix to show tracepoint correctly
f2fs: avoid __GFP_NOFAIL in f2fs_bio_alloc
f2fs: introduce F2FS_IOC_GET_COMPRESS_BLOCKS
f2fs: fix to avoid triggering IO in write path
f2fs: add prefix for f2fs slab cache name
f2fs: introduce DEFAULT_IO_TIMEOUT
f2fs: skip GC when section is full
f2fs: add migration count iff migration happens
f2fs: clean up bggc mount option
f2fs: clean up lfs/adaptive mount option
f2fs: fix to show norecovery mount option
f2fs: clean up parameter of macro XATTR_SIZE()
f2fs: clean up codes with {f2fs_,}data_blkaddr()
f2fs: show mounted time
f2fs: Use scnprintf() for avoiding potential buffer overflow
f2fs: allow to clear F2FS_COMPR_FL flag
f2fs: fix to check dirty pages during compressed inode conversion
f2fs: fix to account compressed inode correctly
f2fs: fix wrong check on F2FS_IOC_FSSETXATTR
f2fs: fix to avoid use-after-free in f2fs_write_multi_pages()
f2fs: fix to avoid using uninitialized variable
f2fs: fix inconsistent comments
f2fs: remove i_sem lock coverage in f2fs_setxattr()
f2fs: cover last_disk_size update with spinlock
f2fs: fix to check i_compr_blocks correctly
FROMLIST: kmod: make request_module() return an error when autoloading is disabled
UPSTREAM: loop: Only freeze block queue when needed.
UPSTREAM: loop: Only change blocksize when needed.
ANDROID: Incremental fs: Fix remount
ANDROID: Incremental fs: Protect get_fill_block, and add a field
ANDROID: Incremental fs: Fix crash polling 0 size read_log
ANDROID: Incremental fs: get_filled_blocks: better index_out
ANDROID: Fix wq fp check for CFI builds
ANDROID: Incremental fs: Fix four resource bugs
ANDROID: kbuild: ensure __cfi_check is correctly aligned
ANDROID: kbuild: fix module linker script flags for LTO
Linux 4.14.175
arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode
arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id
ARM: bcm2835-rpi-zero-w: Add missing pinctrl name
ARM: dts: oxnas: Fix clear-mask property
perf map: Fix off by one in strncpy() size argument
arm64: alternative: fix build with clang integrated assembler
net: ks8851-ml: Fix IO operations, again
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model
bpf: Explicitly memset some bpf info structures declared on the stack
bpf: Explicitly memset the bpf_attr structure
platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table
vt: vt_ioctl: fix use-after-free in vt_in_use()
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
vt: vt_ioctl: remove unnecessary console allocation checks
vt: switch vt_dont_switch to bool
vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines
vt: selection, introduce vc_is_sel
mac80211: fix authentication with iwlwifi/mvm
mac80211: Check port authorization in the ieee80211_tx_dequeue() case
media: xirlink_cit: add missing descriptor sanity checks
media: stv06xx: add missing descriptor sanity checks
media: dib0700: fix rc endpoint lookup
media: ov519: add missing endpoint sanity checks
libfs: fix infoleak in simple_attr_read()
staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
media: usbtv: fix control-message timeouts
media: flexcop-usb: fix endpoint sanity check
usb: musb: fix crash with highmen PIO and usbmon
USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback
USB: cdc-acm: restore capability check order
USB: serial: option: add Wistron Neweb D19Q1
USB: serial: option: add BroadMobi BM806U
USB: serial: option: add support for ASKEY WWHC050
afs: Fix some tracing details
Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger()
Input: raydium_i2c_ts - use true and false for boolean values
vti6: Fix memory leak of skb if input policy check fails
netfilter: nft_fwd_netdev: validate family and chain type
xfrm: policy: Fix doulbe free in xfrm_policy_timer
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
xfrm: fix uctx len check in verify_sec_ctx_len
RDMA/mlx5: Block delay drop to unprivileged users
vti[6]: fix packet tx through bpf_redirect() in XinY cases
xfrm: handle NETDEV_UNREGISTER for xfrm device
genirq: Fix reference leaks on irq affinity notifiers
RDMA/core: Ensure security pkey modify is not lost
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model
gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk
mac80211: mark station unauthorized before key removal
scsi: sd: Fix optimal I/O size for devices that change reported values
scripts/dtc: Remove redundant YYLOC global declaration
tools: Let O= makes handle a relative path with -C option
perf probe: Do not depend on dwfl_module_addrsym()
ARM: dts: omap5: Add bus_dma_limit for L3 bus
ARM: dts: dra7: Add bus_dma_limit for L3 bus
Input: avoid BIT() macro usage in the serio.h UAPI header
Input: synaptics - enable RMI on HP Envy 13-ad105ng
i2c: hix5hd2: add missed clk_disable_unprepare in remove
ftrace/x86: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare()
arm64: compat: map SPSR_ELx<->PSR for signals
arm64: ptrace: map SPSR_ELx<->PSR for compat tasks
sxgbe: Fix off by one in samsung driver strncpy size arg
dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom
mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
scsi: ipr: Fix softlockup when rescanning devices in petitboot
fsl/fman: detect FMan erratum A050385
arm64: dts: ls1043a: FMan erratum A050385
dt-bindings: net: FMan erratum A050385
cgroup1: don't call release_agent when it is ""
drivers/of/of_mdio.c:fix of_mdiobus_register()
cpupower: avoid multiple definition with gcc -fno-common
cgroup-v1: cgroup_pidlist_next should update position index
net: ipv4: don't let PMTU updates increase route MTU
hsr: set .netnsok flag
hsr: add restart routine into hsr_get_node_list()
hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
vxlan: check return value of gro_cells_init()
net: dsa: mt7530: Change the LINK bit to reflect the link status
bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets()
slcan: not call free_netdev before rtnl_unlock in slcan_open
NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
net: stmmac: dwmac-rk: fix error path in rk_gmac_probe
net_sched: keep alloc_hash updated after hash allocation
net_sched: cls_route: remove the right filter from hashtable
net: qmi_wwan: add support for ASKEY WWHC050
net/packet: tpacket_rcv: avoid a producer race condition
net: mvneta: Fix the case where the last poll did not process all rx
net: dsa: Fix duplicate frames flooded by learning
macsec: restrict to ethernet devices
hsr: fix general protection fault in hsr_addr_is_self()
Revert "drm/dp_mst: Skip validating ports during destruction, just ref"
staging: greybus: loopback_test: fix potential path truncations
staging: greybus: loopback_test: fix potential path truncation
drm/bridge: dw-hdmi: fix AVI frame colorimetry
arm64: smp: fix crash_smp_send_stop() behaviour
arm64: smp: fix smp_send_stop() behaviour
ALSA: hda/realtek: Fix pop noise on ALC225
Revert "ipv6: Fix handling of LLA with VRF and sockets bound to VRF"
Revert "vrf: mark skb for multicast or link-local as enslaved to VRF"
futex: Unbreak futex hashing
futex: Fix inode life-time issue
kbuild: Disable -Wpointer-to-enum-cast
iio: adc: at91-sama5d2_adc: fix differential channels in triggered mode
iio: adc: at91-sama5d2_adc: fix channel configuration for differential channels
USB: cdc-acm: fix rounding error in TIOCSSERIAL
USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
x86/mm: split vmalloc_sync_all()
page-flags: fix a crash at SetPageError(THP_SWAP)
mm, slub: prevent kmalloc_node crashes and memory leaks
mm: slub: be more careful about the double cmpxchg of freelist
memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
xhci: Do not open code __print_symbolic() in xhci trace events
rtc: max8907: add missing select REGMAP_IRQ
intel_th: pci: Add Elkhart Lake CPU support
intel_th: Fix user-visible error codes
staging/speakup: fix get_word non-space look-ahead
staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
iio: magnetometer: ak8974: Fix negative raw values in sysfs
iio: trigger: stm32-timer: disable master mode when stopping
ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
ALSA: pcm: oss: Avoid plugin buffer overflow
ALSA: seq: oss: Fix running status after receiving sysex
ALSA: seq: virmidi: Fix running status after receiving sysex
ALSA: line6: Fix endless MIDI read loop
usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c
USB: serial: pl2303: add device-id for HP LD381
usb: host: xhci-plat: add a shutdown
USB: serial: option: add ME910G1 ECM composition 0x110b
usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
USB: Disable LPM on WD19's Realtek Hub
parse-maintainers: Mark as executable
block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()
xenbus: req->err should be updated before req->state
xenbus: req->body should be updated before req->state
dm bio record: save/restore bi_end_io and bi_integrity
altera-stapl: altera_get_note: prevent write beyond end of 'key'
drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer
drm/exynos: dsi: fix workaround for the legacy clock name
drm/exynos: dsi: propagate error value and silence meaningless warning
spi/zynqmp: remove entry that causes a cs glitch
spi: pxa2xx: Add CS control clock quirk
ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
powerpc: Include .BTF section
spi: qup: call spi_qup_pm_resume_runtime before suspending
UPSTREAM: ubifs: wire up FS_IOC_GET_ENCRYPTION_NONCE
UPSTREAM: f2fs: wire up FS_IOC_GET_ENCRYPTION_NONCE
UPSTREAM: ext4: wire up FS_IOC_GET_ENCRYPTION_NONCE
UPSTREAM: fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl
UPSTREAM: usb: raw_gadget: fix compilation warnings in uapi headers
BACKPORT: usb: gadget: add raw-gadget interface
UPSTREAM: usb: gadget: move choice ... endchoice to legacy/Kconfig
ANDROID: clang: update to 10.0.5
FROMLIST: arm64: define __alloc_zeroed_user_highpage
ANDROID: Incremental fs: Add INCFS_IOC_GET_FILLED_BLOCKS
ANDROID: Incremental fs: Fix two typos
f2fs: fix to avoid potential deadlock
f2fs: add missing function name in kernel message
f2fs: recycle unused compress_data.chksum feild
f2fs: fix to avoid NULL pointer dereference
f2fs: fix leaking uninitialized memory in compressed clusters
f2fs: fix the panic in do_checkpoint()
f2fs: fix to wait all node page writeback
mm/swapfile.c: move inode_lock out of claim_swapfile
UPSTREAM: ipv6: ndisc: add support for 'PREF64' dns64 prefix identifier
UPSTREAM: ipv6: ndisc: add support for 'PREF64' dns64 prefix identifier
ANDROID: dm-bow: Fix free_show value is incorrect
UPSTREAM: coresight: Potential uninitialized variable in probe()
ANDROID: kbuild: do not merge .section..* into .section in modules
ANDROID: scsi: ufs: add ->map_sg_crypto() variant op
UPSTREAM: bpf: Explicitly memset some bpf info structures declared on the stack
UPSTREAM: bpf: Explicitly memset the bpf_attr structure
Linux 4.14.174
ipv4: ensure rcu_read_lock() in cipso_v4_error()
mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
ARM: 8958/1: rename missed uaccess .fixup section
ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
jbd2: fix data races at struct journal_head
net: rmnet: fix NULL pointer dereference in rmnet_newlink()
hinic: fix a bug of setting hw_ioctxt
slip: not call free_netdev before rtnl_unlock in slip_open
signal: avoid double atomic counter increments for user accounting
mac80211: rx: avoid RCU list traversal under mutex
net: ks8851-ml: Fix IRQ handling and locking
net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch
scsi: libfc: free response frame from GPN_ID
cfg80211: check reg_rule for NULL in handle_channel_custom()
HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override
HID: apple: Add support for recent firmware on Magic Keyboards
ACPI: watchdog: Allow disabling WDAT at boot
perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
batman-adv: Don't schedule OGM for disabled interface
batman-adv: Avoid free/alloc race when handling OGM buffer
batman-adv: Avoid free/alloc race when handling OGM2 buffer
batman-adv: Fix duplicated OGMs on NETDEV_UP
batman-adv: Fix debugfs path for renamed softif
batman-adv: Fix debugfs path for renamed hardif
batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
batman-adv: Fix TT sync flags for intermediate TT responses
batman-adv: Avoid race in TT TVLV allocator helper
batman-adv: update data pointers after skb_cow()
batman-adv: Fix internal interface indices types
batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq
batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible
batman-adv: Always initialize fragment header priority
batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation
efi: Add a sanity check to efivar_store_raw()
net/smc: check for valid ib_client_data
ipv6: restrict IPV6_ADDRFORM operation
i2c: acpi: put device when verifying client fails
iommu/vt-d: Ignore devices with out-of-spec domain number
iommu/vt-d: Fix the wrong printing in RHSA parsing
netfilter: nft_payload: add missing attribute validation for payload csum flags
netfilter: cthelper: add missing attribute validation for cthelper
nl80211: add missing attribute validation for channel switch
nl80211: add missing attribute validation for beacon report scanning
nl80211: add missing attribute validation for critical protocol indication
pinctrl: core: Remove extra kref_get which blocks hogs being freed
pinctrl: meson-gxl: fix GPIOX sdio pins
iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
iommu/dma: Fix MSI reservation allocation
x86/mce: Fix logic and comments around MSR_PPIN_CTL
efi: Fix a race and a buffer overflow while reading efivars via sysfs
ARC: define __ALIGN_STR and __ALIGN symbols for ARC
KVM: x86: clear stale x86_emulate_ctxt->intercept value
gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
cifs_atomic_open(): fix double-put on late allocation failure
ktest: Add timeout for ssh sync testing
drm/amd/display: remove duplicated assignment to grph_obj_type
workqueue: don't use wq_select_unbound_cpu() for bound works
iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint
virtio-blk: fix hw_queue stopped on arbitrary error
iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices
cgroup: Iterate tasks that did not finish do_exit()
cgroup: cgroup_procs_next should increase position index
ipvlan: don't deref eth hdr before checking it's set
ipvlan: egress mcast packets are not exceptional
ipvlan: do not add hardware address of master to its unicast filter list
inet_diag: return classid for all socket types
macvlan: add cond_resched() during multicast processing
net: fec: validate the new settings in fec_enet_set_coalesce()
slip: make slhc_compress() more robust against malicious packets
bonding/alb: make sure arp header is pulled before accessing it
net: phy: fix MDIO bus PM PHY resuming
nfc: add missing attribute validation for vendor subcommand
nfc: add missing attribute validation for SE API
team: add missing attribute validation for array index
team: add missing attribute validation for port ifindex
net: fq: add missing attribute validation for orphan mask
macsec: add missing attribute validation for port
can: add missing attribute validation for termination
nl802154: add missing attribute validation for dev_type
nl802154: add missing attribute validation
fib: add missing attribute validation for tun_id
net: memcg: fix lockdep splat in inet_csk_accept()
net: memcg: late association of sock to memcg
cgroup: memcg: net: do not associate sock with unrelated cgroup
bnxt_en: reinitialize IRQs when MTU is modified
sfc: detach from cb_page in efx_copy_channel()
r8152: check disconnect status after long sleep
net/packet: tpacket_rcv: do not increment ring index on drop
net: nfc: fix bounds checking bugs on "pipe"
net: macsec: update SCI upon MAC address change.
netlink: Use netlink header as base to calculate bad attribute offset
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
ipvlan: add cond_resched_rcu() while processing muticast backlog
ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
gre: fix uninit-value in __iptunnel_pull_header
cgroup, netclassid: periodically release file_lock on classid updating
net: phy: Avoid multiple suspends
phy: Revert toggling reset changes.
ANDROID: Incremental fs: Add INCFS_IOC_PERMIT_FILL
ANDROID: Incremental fs: Remove signature checks from kernel
ANDROID: Incremental fs: Pad hash blocks
ANDROID: Incremental fs: Make fill block an ioctl
ANDROID: Incremental fs: Remove all access_ok checks
UPSTREAM: cgroup: Iterate tasks that did not finish do_exit()
UPSTREAM: arm64: memory: Add missing brackets to untagged_addr() macro
UPSTREAM: mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()
ANDROID: Add TPM support and the vTPM proxy to Cuttlefish.
ANDROID: serdev: restrict claim of platform devices
UPSTREAM: fscrypt: don't evict dirty inodes after removing key
fscrypt: don't evict dirty inodes after removing key
Linux 4.14.173
ASoC: topology: Fix memleak in soc_tplg_manifest_load()
xhci: handle port status events for removed USB3 hcd
dm integrity: fix a deadlock due to offloading to an incorrect workqueue
powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems
dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
ARM: imx: build v7_cpu_resume() unconditionally
IB/hfi1, qib: Ensure RCU is locked when accessing list
RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
RDMA/iwcm: Fix iwcm work deallocation
ASoC: dapm: Correct DAPM handling of active widgets during shutdown
ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
ASoC: intel: skl: Fix possible buffer overflow in debug outputs
ASoC: intel: skl: Fix pin debug prints
ASoC: topology: Fix memleak in soc_tplg_link_elems_load()
ARM: dts: ls1021a: Restore MDIO compatible to gianfar
dm cache: fix a crash due to incorrect work item cancelling
dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
dmaengine: tegra-apb: Fix use-after-free
x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
vt: selection, push sel_lock up
vt: selection, push console lock down
vt: selection, close sel_buffer race
serial: 8250_exar: add support for ACCES cards
tty:serial:mvebu-uart:fix a wrong return
arm: dts: dra76x: Fix mmc3 max-frequency
fat: fix uninit-memory access for partial initialized inode
mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa
vgacon: Fix a UAF in vgacon_invert_region
usb: core: port: do error out if usb_autopm_get_interface() fails
usb: core: hub: do error out if usb_autopm_get_interface() fails
usb: core: hub: fix unhandled return by employing a void function
usb: quirks: add NO_LPM quirk for Logitech Screen Share
usb: storage: Add quirk for Samsung Fit flash
cifs: don't leak -EAGAIN for stat() during reconnect
net: thunderx: workaround BGX TX Underflow issue
x86/xen: Distribute switch variables for initialization
nvme: Fix uninitialized-variable warning
x86/boot/compressed: Don't declare __force_order in kaslr_64.c
s390/cio: cio_ignore_proc_seq_next should increase position index
watchdog: da9062: do not ping the hw during stop()
net: ks8851-ml: Fix 16-bit IO operation
net: ks8851-ml: Fix 16-bit data access
net: ks8851-ml: Remove 8-bit bus accessors
drm/msm/dsi: save pll state before dsi host is powered off
drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
drm/msm/mdp5: rate limit pp done timeout warnings
usb: gadget: serial: fix Tx stall after buffer overflow
usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
usb: gadget: composite: Support more than 500mA MaxPower
selftests: fix too long argument
serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic
RDMA/core: Fix use of logical OR in get_new_pps
RDMA/core: Fix pkey and port assignment in get_new_pps
net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec
EDAC/amd64: Set grain per DIMM
x86/mce: Handle varying MCA bank counts
vhost: Check docket sk_family instead of call getname
audit: always check the netlink payload length in audit_receive_msg()
Revert "char/random: silence a lockdep splat with printk()"
mm, thp: fix defrag setting if newline is not used
mm/huge_memory.c: use head to check huge zero page
perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
kprobes: Set unoptimized flag after unoptimizing code
drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()'
tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
KVM: Check for a bad hva before dropping into the ghc slow path
KVM: SVM: Override default MMIO mask if memory encryption is enabled
mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame()
namei: only return -ECHILD from follow_dotdot_rcu()
net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
net: atlantic: fix potential error handling
net: netlink: cap max groups which will be considered in netlink_bind()
include/linux/bitops.h: introduce BITS_PER_TYPE
ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66
usb: charger: assign specific number for enum value
drm/i915/gvt: Separate display reset from ALL_ENGINES reset
i2c: jz4780: silence log flood on txabrt
i2c: altera: Fix potential integer overflow
MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
HID: hiddev: Fix race in in hiddev_disconnect()
Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"
tracing: Disable trace_printk() on post poned tests
HID: core: increase HID report buffer size to 8KiB
HID: core: fix off-by-one memset in hid_report_raw_event()
HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock
KVM: VMX: check descriptor table exits on instruction emulation
ACPI: watchdog: Fix gas->access_width usage
ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro
audit: fix error handling in audit_data_to_entry()
ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
net: sched: correct flower port blocking
qede: Fix race between rdma destroy workqueue and link change event
ipv6: Fix route replacement with dev-only route
ipv6: Fix nlmsg_flags when splitting a multipath route
sctp: move the format error check out of __sctp_sf_do_9_1_abort
nfc: pn544: Fix occasional HW initialization failure
net: phy: restore mdio regs in the iproc mdio driver
net: fib_rules: Correctly set table field when table number exceeds 8 bits
sysrq: Remove duplicated sysrq message
sysrq: Restore original console_loglevel when sysrq disabled
cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
cifs: Fix mode output in debugging statements
net: ena: ena-com.c: prevent NULL pointer dereference
net: ena: ethtool: use correct value for crc32 hash
net: ena: fix incorrectly saving queue numbers when setting RSS indirection table
net: ena: rss: store hash function as values and not bits
net: ena: rss: fix failure to get indirection table
net: ena: fix incorrect default RSS key
net: ena: add missing ethtool TX timestamping indication
net: ena: fix uses of round_jiffies()
net: ena: fix potential crash when rxfh key is NULL
qmi_wwan: unconditionally reject 2 ep interfaces
qmi_wwan: re-add DW5821e pre-production variant
cfg80211: check wiphy driver existence for drvinfo report
mac80211: consider more elements in parsing CRC
dax: pass NOWAIT flag to iomap_apply
drm/msm: Set dma maximum segment size for mdss
ipmi:ssif: Handle a possible NULL pointer reference
ext4: fix potential race between s_group_info online resizing and access
ext4: fix potential race between s_flex_groups online resizing and access
ext4: fix potential race between online resizing and write operations
netfilter: nf_conntrack: resolve clash for matching conntracks
iwlwifi: pcie: fix rb_allocator workqueue allocation
FROMLIST: f2fs: fix wrong check on F2FS_IOC_FSSETXATTR
UPSTREAM: binder: prevent UAF for binderfs devices II
UPSTREAM: binder: prevent UAF for binderfs devices
FROMLIST: lib: test_stackinit.c: XFAIL switch variable init tests
ANDROID: cuttlefish: disable KPROBES
ANDROID: scsi: ufs: allow ufs variants to override sg entry size
FROMLIST: ufs: fix a bug on printing PRDT
BACKPORT: loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl
ANDROID: fix build issue in security/selinux/avc.c
ANDROID: cuttlefish_defconfig: Disable CONFIG_RT_GROUP_SCHED
ANDROID: Enable HID_NINTENDO as y
FROMLIST: HID: nintendo: add nintendo switch controller driver
Linux 4.14.172
s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
xen: Enable interrupts when calling _cond_resched()
ata: ahci: Add shutdown to freeze hardware resources of ahci
netfilter: xt_hashlimit: limit the max size of hashtable
ALSA: seq: Fix concurrent access to queue current tick/time
ALSA: seq: Avoid concurrent access to queue flags
ALSA: rawmidi: Avoid bit fields for state flags
genirq/proc: Reject invalid affinity masks (again)
iommu/vt-d: Fix compile warning from intel-svm.h
ecryptfs: replace BUG_ON with error handling code
staging: greybus: use after free in gb_audio_manager_remove_all()
staging: rtl8723bs: fix copy of overlapping memory
usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"
scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"
Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents
btrfs: do not check delayed items are empty for single transaction cleanup
btrfs: fix bytes_may_use underflow in prealloc error condtition
KVM: apic: avoid calculating pending eoi from an uninitialized val
KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
KVM: nVMX: Check IO instruction VM-exit conditions
KVM: nVMX: Refactor IO bitmap checks into helper function
ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
ext4: rename s_journal_flag_rwsem to s_writepages_rwsem
ext4: fix mount failure with quota configured as module
ext4: add cond_resched() to __ext4_find_entry()
ext4: fix a data race in EXT4_I(inode)->i_disksize
KVM: nVMX: Don't emulate instructions in guest mode
lib/stackdepot.c: fix global out-of-bounds in stack_slabs
serial: 8250: Check UPF_IRQ_SHARED in advance
vt: vt_ioctl: fix race in VT_RESIZEX
VT_RESIZEX: get rid of field-by-field copyin
xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI
drm/amdgpu/soc15: fix xclk for raven
mm/vmscan.c: don't round up scan size for online memory cgroup
Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
MAINTAINERS: Update drm/i915 bug filing URL
serdev: ttyport: restore client ops on deregistration
tty: serial: imx: setup the correct sg entry for tx dma
tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode
x86/mce/amd: Fix kobject lifetime
x86/mce/amd: Publish the bank pointer only after setup has succeeded
staging: rtl8723bs: Fix potential overuse of kernel memory
staging: rtl8723bs: Fix potential security hole
staging: rtl8188eu: Fix potential overuse of kernel memory
staging: rtl8188eu: Fix potential security hole
USB: hub: Fix the broken detection of USB3 device in SMSC hub
USB: hub: Don't record a connect-change event during reset-resume
USB: Fix novation SourceControl XL after suspend
usb: uas: fix a plug & unplug racing
usb: host: xhci: update event ring dequeue pointer on purpose
xhci: fix runtime pm enabling for quirky Intel hosts
xhci: Force Maximum Packet size for Full-speed bulk devices to valid range.
staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
staging: android: ashmem: Disallow ashmem memory from being remapped
vt: selection, handle pending signals in paste_selection
floppy: check FDC index for errors before assigning it
USB: misc: iowarrior: add support for the 100 device
USB: misc: iowarrior: add support for the 28 and 28L devices
USB: misc: iowarrior: add support for 2 OEMed devices
thunderbolt: Prevent crash if non-active NVMem file is read
net/smc: fix leak of kernel memory to user space
net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
net: dsa: tag_qca: Make sure there is headroom for tag
enic: prevent waking up stopped tx queues over watchdog reset
selinux: ensure we cleanup the internal AVC counters on error in avc_update()
mlxsw: spectrum_dpipe: Add missing error path
virtio_balloon: prevent pfn array overflow
help_next should increase position index
brd: check and limit max_part par
microblaze: Prevent the overflow of the start
iwlwifi: mvm: Fix thermal zone registration
irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL
bcache: explicity type cast in bset_bkey_last()
reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
lib/scatterlist.c: adjust indentation in __sg_alloc_table
ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans()
radeon: insert 10ms sleep in dce5_crtc_load_lut
trigger_next should increase position index
ftrace: fpid_next() should increase position index
drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
irqchip/gic-v3: Only provision redistributors that are enabled in ACPI
ceph: check availability of mds cluster on mount after wait timeout
cifs: fix NULL dereference in match_prepath
iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
hostap: Adjust indentation in prism2_hostapd_add_sta
ARM: 8951/1: Fix Kexec compilation issue.
jbd2: make sure ESHUTDOWN to be recorded in the journal superblock
jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record
powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
driver core: platform: fix u32 greater or equal to zero comparison
s390/ftrace: generate traced function stack frame
x86/decoder: Add TEST opcode to Group3-2
ALSA: hda/hdmi - add retry logic to parse_intel_hdmi()
irqchip/mbigen: Set driver .suppress_bind_attrs to avoid remove problems
remoteproc: Initialize rproc_class before use
btrfs: device stats, log when stats are zeroed
btrfs: safely advance counter when looking up bio csums
btrfs: fix possible NULL-pointer dereference in integrity checks
pwm: Remove set but not set variable 'pwm'
ide: serverworks: potential overflow in svwks_set_pio_mode()
cmd64x: potential buffer overflow in cmd64x_program_timings()
pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional
x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd
f2fs: fix memleak of kobject
watchdog/softlockup: Enforce that timestamp is valid on boot
arm64: fix alternatives with LLVM's integrated assembler
scsi: iscsi: Don't destroy session if there are outstanding connections
f2fs: free sysfs kobject
iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw
drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new()
vme: bridges: reduce stack usage
driver core: Print device when resources present in really_probe()
driver core: platform: Prevent resouce overflow from causing infinite loops
tty: synclink_gt: Adjust indentation in several functions
tty: synclinkmp: Adjust indentation in several functions
ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
wan: ixp4xx_hss: fix compile-testing on 64-bit
Input: edt-ft5x06 - work around first register access error
rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
efi/x86: Don't panic or BUG() on non-critical error conditions
soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
IB/hfi1: Add software counter for ctxt0 seq drop
udf: Fix free space reporting for metadata and virtual partitions
usbip: Fix unsafe unaligned pointer usage
drm: remove the newline for CRC source name.
tools lib api fs: Fix gcc9 stringop-truncation compilation error
ALSA: sh: Fix compile warning wrt const
ALSA: sh: Fix unused variable warnings
clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock
RDMA/rxe: Fix error type of mmap_offset
pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
x86/vdso: Provide missing include file
dmaengine: Store module owner in dma_device struct
ARM: dts: r8a7779: Add device node for ARM global timer
drm/mediatek: handle events when enabling/disabling crtc
scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
scsi: ufs: Complete pending requests in host reset and restore path
ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
orinoco: avoid assertion in case of NULL pointer
rtlwifi: rtl_pci: Fix -Wcast-function-type
iwlegacy: Fix -Wcast-function-type
ipw2x00: Fix -Wcast-function-type
b43legacy: Fix -Wcast-function-type
ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
fore200e: Fix incorrect checks of NULL pointer dereference
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros
ARM: dts: imx6: rdu2: Disable WP for USDHC2 and USDHC3
arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core
NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu().
PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
net/wan/fsl_ucc_hdlc: reject muram offsets above 64K
regulator: rk808: Lower log level on optional GPIOs being not available
drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table
clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
kconfig: fix broken dependency in randconfig-generated .config
KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups
nbd: add a flush_workqueue in nbd_start_device
ext4, jbd2: ensure panic when aborting with zero errno
tracing: Fix very unlikely race of registering two stat tracers
tracing: Fix tracing_stat return values in error handling paths
x86/sysfb: Fix check for bad VRAM size
jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal
kselftest: Minimise dependency of get_size on C library interfaces
clocksource/drivers/bcm2835_timer: Fix memory leak of timer
usb: dwc2: Fix IN FIFO allocation
usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
sparc: Add .exit.data section.
MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
efi/x86: Map the entire EFI vendor string before copying it
pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run()
char/random: silence a lockdep splat with printk()
gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap()
powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number
media: i2c: mt9v032: fix enum mbus codes and frame sizes
pxa168fb: Fix the function used to release some memory in an error handling path
pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
gianfar: Fix TX timestamping with a stacked DSA driver
ALSA: ctl: allow TLV read operation for callback type of element in locked case
ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT
leds: pca963x: Fix open-drain initialization
brcmfmac: Fix use after free in brcmf_sdio_readframes()
cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order
drm/gma500: Fixup fbdev stolen size usage evaluation
KVM: nVMX: Use correct root level for nested EPT shadow page tables
Revert "KVM: VMX: Add non-canonical check on writes to RTIT address MSRs"
Revert "KVM: nVMX: Use correct root level for nested EPT shadow page tables"
scsi: qla2xxx: fix a potential NULL pointer dereference
jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
perf/x86/intel: Fix inaccurate period in context switch for auto-reload
s390/time: Fix clk type in get_tod_clock
RDMA/core: Fix protection fault in get_pkey_idx_qp_list
IB/hfi1: Close window for pq and request coliding
serial: imx: Only handle irqs that are actually enabled
serial: imx: ensure that RX irqs are off if RX is off
padata: Remove broken queue flushing
perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's event map
KVM: nVMX: Use correct root level for nested EPT shadow page tables
arm64: ssbs: Fix context-switch when SSBS is present on all CPUs
btrfs: log message when rw remount is attempted with unclean tree-log
btrfs: print message when tree-log replay starts
Btrfs: fix race between using extent maps and merging them
ext4: improve explanation of a mount failure caused by a misconfigured kernel
ext4: fix checksum errors with indexed dirs
ext4: fix support for inode sizes > 1024 bytes
ext4: don't assume that mmp_nodename/bdevname have NUL
ARM: 8723/2: always assume the "unified" syntax for assembly code
arm64: nofpsimd: Handle TIF_FOREIGN_FPSTATE flag cleanly
arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations
arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly
ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list
Input: synaptics - enable SMBus on ThinkPad L470
Input: synaptics - switch T470s to RMI4 by default
ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
ecryptfs: fix a memory leak bug in parse_tag_1_packet()
ASoC: sun8i-codec: Fix setting DAI data format
ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
iommu/qcom: Fix bogus detach logic
KVM: x86: emulate RDPID
UPSTREAM: sched/psi: Fix OOB write when writing 0 bytes to PSI files
UPSTREAM: psi: Fix a division error in psi poll()
UPSTREAM: sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime
UPSTREAM: sched/psi: Correct overly pessimistic size calculation
FROMLIST: f2fs: Handle casefolding with Encryption
FROMLIST: fscrypt: Have filesystems handle their d_ops
FROMLIST: ext4: Use generic casefolding support
FROMLIST: f2fs: Use generic casefolding support
FROMLIST: Add standard casefolding support
FROMLIST: unicode: Add utf8_casefold_hash
ANDROID: cuttlefish_defconfig: Add CONFIG_UNICODE
ANDROID: sdcardfs: fix -ENOENT lookup race issue
ANDROID: gki_defconfig: Enable CONFIG_RD_LZ4
ANDROID: dm: Add wrapped key support in dm-default-key
ANDROID: dm: add support for passing through derive_raw_secret
ANDROID: block: Prevent crypto fallback for wrapped keys
ANDROID: Disable wq fp check in CFI builds
ANDROID: increase limit on sched-tune boost groups
ANDROID: ufs, block: fix crypto power management and move into block layer
ANDROID: Incremental fs: Support xattrs
ANDROID: test_stackinit: work around LLVM PR44916
ANDROID: clang: update to 10.0.4
fs-verity: use u64_to_user_ptr()
fs-verity: use mempool for hash requests
fs-verity: implement readahead of Merkle tree pages
ext4: readpages() should submit IO as read-ahead
fs-verity: implement readahead for FS_IOC_ENABLE_VERITY
fscrypt: improve format of no-key names
ubifs: allow both hash and disk name to be provided in no-key names
ubifs: don't trigger assertion on invalid no-key filename
fscrypt: clarify what is meant by a per-file key
fscrypt: derive dirhash key for casefolded directories
fscrypt: don't allow v1 policies with casefolding
fscrypt: add "fscrypt_" prefix to fname_encrypt()
fscrypt: don't print name of busy file when removing key
fscrypt: document gfp_flags for bounce page allocation
fscrypt: optimize fscrypt_zeroout_range()
fscrypt: remove redundant bi_status check
fscrypt: Allow modular crypto algorithms
fscrypt: include <linux/ioctl.h> in UAPI header
fscrypt: don't check for ENOKEY from fscrypt_get_encryption_info()
fscrypt: remove fscrypt_is_direct_key_policy()
fscrypt: move fscrypt_valid_enc_modes() to policy.c
fscrypt: check for appropriate use of DIRECT_KEY flag earlier
fscrypt: split up fscrypt_supported_policy() by policy version
fscrypt: introduce fscrypt_needs_contents_encryption()
fscrypt: move fscrypt_d_revalidate() to fname.c
fscrypt: constify inode parameter to filename encryption functions
fscrypt: constify struct fscrypt_hkdf parameter to fscrypt_hkdf_expand()
fscrypt: verify that the crypto_skcipher has the correct ivsize
fscrypt: use crypto_skcipher_driver_name()
fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY
keys: Export lookup_user_key to external users
f2fs: fix build error on PAGE_KERNEL_RO
Conflicts:
arch/arm64/kernel/smp.c
arch/arm64/kernel/traps.c
block/blk-crypto-fallback.c
block/keyslot-manager.c
drivers/base/power/wakeup.c
drivers/clk/clk.c
drivers/clk/qcom/clk-rcg2.c
drivers/gpu/Makefile
drivers/gpu/drm/msm/msm_drv.c
drivers/gpu/drm/msm/msm_gem.c
drivers/hwtracing/coresight/coresight-funnel.c
drivers/irqchip/irq-gic-v3.c
drivers/md/dm.c
drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c
drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c
drivers/net/macsec.c
drivers/net/phy/micrel.c
drivers/net/wireless/ath/wil6210/cfg80211.c
drivers/net/wireless/ath/wil6210/fw_inc.c
drivers/net/wireless/ath/wil6210/pcie_bus.c
drivers/net/wireless/ath/wil6210/pm.c
drivers/net/wireless/ath/wil6210/wil6210.h
drivers/of/base.c
drivers/power/supply/power_supply_sysfs.c
drivers/rpmsg/qcom_glink_smem.c
drivers/scsi/sd.c
drivers/scsi/ufs/ufshcd-crypto.c
drivers/scsi/ufs/ufshcd.c
drivers/scsi/ufs/ufshcd.h
drivers/scsi/ufs/ufshci.h
drivers/usb/dwc3/core.c
drivers/usb/dwc3/gadget.c
drivers/usb/gadget/Kconfig
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/legacy/Makefile
drivers/usb/host/xhci-mem.c
fs/ext4/readpage.c
fs/sdcardfs/lookup.c
include/linux/key.h
include/linux/keyslot-manager.h
include/linux/power_supply.h
include/uapi/linux/coresight-stm.h
net/qrtr/qrtr.c
Change-Id: Iaa9fcbe987e721f02596e167249a519781ed3888
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
d2d05bcf4b |
Merge 4.14.190 into android-4.14-stable
Changes in 4.14.190
gpio: arizona: handle pm_runtime_get_sync failure case
gpio: arizona: put pm_runtime in case of failure
pinctrl: amd: fix npins for uart0 in kerncz_groups
mac80211: allow rx of mesh eapol frames with default rx key
scsi: scsi_transport_spi: Fix function pointer check
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
xtensa: update *pos in cpuinfo_op.next
drivers/net/wan/lapbether: Fixed the value of hard_header_len
net: sky2: initialize return of gm_phy_read
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
irqdomain/treewide: Keep firmware node unconditionally allocated
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
IB/umem: fix reference count leak in ib_umem_odp_get()
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
btrfs: fix double free on ulist after backref resolution failure
btrfs: fix mount failure caused by race with umount
btrfs: fix page leaks after failure to lock page for delalloc
bnxt_en: Fix race when modifying pause settings.
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
ax88172a: fix ax88172a_unbind() failures
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
drm: sun4i: hdmi: Fix inverted HPD result
net: smc91x: Fix possible memory leak in smc_drv_probe()
bonding: check error value of register_netdevice() immediately
mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
ipvs: fix the connection sync failed in some cases
i2c: rcar: always clear ICSAR to avoid side effects
bonding: check return value of register_netdevice() in bond_newlink()
serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
scripts/decode_stacktrace: strip basepath from all paths
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
HID: apple: Disable Fn-key key-re-mapping on clone keyboards
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
Input: add `SW_MACHINE_COVER`
spi: mediatek: use correct SPI_CFG2_REG MACRO
regmap: dev_get_regmap_match(): fix string comparison
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
dmaengine: ioat setting ioat timeout as module parameter
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
x86: math-emu: Fix up 'cmp' insn for clang ias
binder: Don't use mmput() from shrinker function.
usb: xhci-mtk: fix the failure of bandwidth allocation
usb: xhci: Fix ASM2142/ASM3142 DMA addressing
Revert "cifs: Fix the target file was deleted when rename failed."
staging: wlan-ng: properly check endpoint types
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
serial: 8250_mtk: Fix high-speed baud rates clamping
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
vt: Reject zero-sized screen buffer size.
Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
mm/memcg: fix refcount error while moving and swapping
io-mapping: indicate mapping failure
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9k: Fix regression with Atheros 9271
Linux 4.14.190
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0d395679325e47e1f916bc0aa64d6299563559f4
|
||
|
Tetsuo Handa
|
d5a5f0e7b3 |
binder: Don't use mmput() from shrinker function.
commit f867c771f98891841c217fa8459244ed0dd28921 upstream.
syzbot is reporting that mmput() from shrinker function has a risk of
deadlock [1], for delayed_uprobe_add() from update_ref_ctr() calls
kzalloc(GFP_KERNEL) with delayed_uprobe_lock held, and
uprobe_clear_state() from __mmput() also holds delayed_uprobe_lock.
Commit
|
||
|
Gaurav Kohli
|
b35fdb3b85 |
binder: fix braces warning in binderfs
Add braces to avoid compile time warning of missing braces. Change-Id: I9e9e26bfcf7cdb7ea24a8530989ff4480b6eb757 Signed-off-by: Gaurav Kohli <gkohli@codeaurora.org> |
||
|
Todd Kjos
|
9cf08b8575 |
UPSTREAM: binder: fix null deref of proc->context
commit d35d3660e065b69fdb8bf512f3d899f350afce52 upstream.
The binder driver makes the assumption proc->context pointer is invariant after
initialization (as documented in the kerneldoc header for struct proc).
However, in commit f0fe2c0f050d ("binder: prevent UAF for binderfs devices II")
proc->context is set to NULL during binder_deferred_release().
Another proc was in the middle of setting up a transaction to the dying
process and crashed on a NULL pointer deref on "context" which is a local
set to &proc->context:
new_ref->data.desc = (node == context->binder_context_mgr_node) ? 0 : 1;
Here's the stack:
[ 5237.855435] Call trace:
[ 5237.855441] binder_get_ref_for_node_olocked+0x100/0x2ec
[ 5237.855446] binder_inc_ref_for_node+0x140/0x280
[ 5237.855451] binder_translate_binder+0x1d0/0x388
[ 5237.855456] binder_transaction+0x2228/0x3730
[ 5237.855461] binder_thread_write+0x640/0x25bc
[ 5237.855466] binder_ioctl_write_read+0xb0/0x464
[ 5237.855471] binder_ioctl+0x30c/0x96c
[ 5237.855477] do_vfs_ioctl+0x3e0/0x700
[ 5237.855482] __arm64_sys_ioctl+0x78/0xa4
[ 5237.855488] el0_svc_common+0xb4/0x194
[ 5237.855493] el0_svc_handler+0x74/0x98
[ 5237.855497] el0_svc+0x8/0xc
The fix is to move the kfree of the binder_device to binder_free_proc()
so the binder_device is freed when we know there are no references
remaining on the binder_proc.
Fixes: f0fe2c0f050d ("binder: prevent UAF for binderfs devices II")
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Todd Kjos <tkjos@google.com>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20200622200715.114382-1-tkjos@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Change-Id: I933c938ea85889f77fb634bbed29a7cd74527dcc
|
||
|
Greg Kroah-Hartman
|
a810d3c5bf |
Merge 4.14.178 into android-4.14-stable
Changes in 4.14.178
ext4: fix extent_status fragmentation for plain files
net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
net: ipv4: avoid unused variable warning for sysctl
keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
drm/msm: Use the correct dma_sync calls harder
crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static
vti4: removed duplicate log message.
watchdog: reset last_hw_keepalive time at start
scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
ceph: return ceph_mdsc_do_request() errors from __get_parent()
ceph: don't skip updating wanted caps when cap is stale
pwm: rcar: Fix late Runtime PM enablement
scsi: iscsi: Report unbind session event when the target has been removed
ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map()
kernel/gcov/fs.c: gcov_seq_next() should increase position index
selftests: kmod: fix handling test numbers above 9
ipc/util.c: sysvipc_find_ipc() should increase position index
s390/cio: avoid duplicated 'ADD' uevents
pwm: renesas-tpu: Fix late Runtime PM enablement
pwm: bcm2835: Dynamically allocate base
perf/core: Disable page faults when getting phys address
PCI/ASPM: Allow re-enabling Clock PM
mm, slub: restore the original intention of prefetch_freepointer()
cxgb4: fix large delays in PTP synchronization
ipv6: fix restrict IPV6_ADDRFORM operation
macsec: avoid to set wrong mtu
macvlan: fix null dereference in macvlan_device_event()
net: bcmgenet: correct per TX/RX ring statistics
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
net/x25: Fix x25_neigh refcnt leak when receiving frame
tcp: cache line align MAX_TCP_HEADER
team: fix hang in team_mode_get()
net: dsa: b53: Fix ARL register definitions
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
vrf: Check skb for XFRM_TRANSFORMED flag
KEYS: Avoid false positive ENOMEM error on key read
ALSA: hda: Remove ASUS ROG Zenith from the blacklist
iio: adc: stm32-adc: fix sleep in atomic context
iio: xilinx-xadc: Fix ADC-B powerdown
iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode
fs/namespace.c: fix mountpoint reference counter race
USB: sisusbvga: Change port variable from signed to unsigned
USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE
USB: early: Handle AMD's spec-compliant identifiers, too
USB: core: Fix free-while-in-use bug in the USB S-Glibrary
USB: hub: Fix handling of connect changes during sleep
overflow.h: Add arithmetic shift helper
vmalloc: fix remap_vmalloc_range() bounds checks
mm/hugetlb: fix a addressing exception caused by huge_pte_offset
mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
tools/vm: fix cross-compile build
ALSA: usx2y: Fix potential NULL dereference
ALSA: hda/realtek - Add new codec supported for ALC245
ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
tpm/tpm_tis: Free IRQ if probing fails
tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send()
KVM: Check validity of resolved slot when searching memslots
KVM: VMX: Enable machine check support for 32bit targets
tty: hvc: fix buffer overflow during hvc_alloc().
tty: rocket, avoid OOB access
usb-storage: Add unusual_devs entry for JMicron JMS566
audit: check the length of userspace generated audit records
ASoC: dapm: fixup dapm kcontrol widget
iwlwifi: pcie: actually release queue memory in TVQM
ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
powerpc/setup_64: Set cache-line-size based on cache-block-size
staging: comedi: dt2815: fix writing hi byte of analog output
staging: comedi: Fix comedi_device refcnt leak in comedi_open
vt: don't hardcode the mem allocation upper bound
staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
staging: vt6656: Fix calling conditions of vnt_set_bss_mode
staging: vt6656: Fix drivers TBTT timing counter.
staging: vt6656: Fix pairwise key entry save.
staging: vt6656: Power save stop wake_up_count wrap around.
cdc-acm: close race betrween suspend() and acm_softint
cdc-acm: introduce a cool down
UAS: no use logging any details in case of ENODEV
UAS: fix deadlock in error handling and PM flushing work
usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
serial: sh-sci: Make sure status register SCxSR is read in correct sequence
xfs: validate sb_logsunit is a multiple of the fs blocksize
xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT
remoteproc: Fix wrong rvring index computation
mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
binder: take read mode of mmap_sem in binder_alloc_free_page()
usb: dwc3: gadget: Do link recovery for SS and SSP
usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
iio:ad7797: Use correct attribute_group
nfsd: memory corruption in nfsd4_lock()
i2c: altera: use proper variable to hold errno
net/cxgb4: Check the return from t4_query_params properly
ARM: dts: bcm283x: Disable dsi0 node
perf/core: fix parent pid/tid in task exit events
mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path
bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
x86: hyperv: report value of misc_features
xfs: fix partially uninitialized structure in xfs_reflink_remap_extent
scsi: target: fix PR IN / READ FULL STATUS for FC
objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings
objtool: Support Clang non-section symbols in ORC dump
xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
arm64: Delete the space separator in __emit_inst
ext4: use matching invalidatepage in ext4_writepage
ext4: increase wait time needed before reuse of deleted inode numbers
ext4: convert BUG_ON's to WARN_ON's in mballoc.c
hwmon: (jc42) Fix name to have no illegal characters
ext4: avoid declaring fs inconsistent due to invalid file handles
ext4: protect journal inode's blocks using block_validity
ext4: don't perform block validity checks on the journal inode
ext4: fix block validity checks for journal inodes using indirect blocks
ext4: unsigned int compared against zero
qed: Fix use after free in qed_chain_free
ext4: check for non-zero journal inum in ext4_calculate_overhead
propagate_one(): mnt_set_mountpoint() needs mount_lock
Linux 4.14.178
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia3d4a2b883413346daf1779820545cb0b0e35948
|
||
|
Tyler Hicks
|
19e6af05a2 |
binder: take read mode of mmap_sem in binder_alloc_free_page()
commit 60d4885710836595192c42d3e04b27551d30ec91 upstream.
Restore the behavior of locking mmap_sem for reading in
binder_alloc_free_page(), as was first done in commit 3013bf62b67a
("binder: reduce mmap_sem write-side lock"). That change was
inadvertently reverted by commit 5cec2d2e5839 ("binder: fix race between
munmap() and direct reclaim").
In addition, change the name of the label for the error path to
accurately reflect that we're taking the lock for reading.
Backporting note: This fix is only needed when *both* of the commits
mentioned above are applied. That's an unlikely situation since they
both landed during the development of v5.1 but only one of them is
targeted for stable.
Fixes: 5cec2d2e5839 ("binder: fix race between munmap() and direct reclaim")
Signed-off-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Todd Kjos <tkjos@android.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Christian Brauner
|
bbfd216527 |
UPSTREAM: binder: prevent UAF for binderfs devices II
This is a necessary follow up to the first fix I proposed and we merged
in 2669b8b0c79 ("binder: prevent UAF for binderfs devices"). I have been
overly optimistic that the simple fix I proposed would work. But alas,
ihold() + iput() won't work since the inodes won't survive the
destruction of the superblock.
So all we get with my prior fix is a different race with a tinier
race-window but it doesn't solve the issue. Fwiw, the problem lies with
generic_shutdown_super(). It even has this cozy Al-style comment:
if (!list_empty(&sb->s_inodes)) {
printk("VFS: Busy inodes after unmount of %s. "
"Self-destruct in 5 seconds. Have a nice day...\n",
sb->s_id);
}
On binder_release(), binder_defer_work(proc, BINDER_DEFERRED_RELEASE) is
called which punts the actual cleanup operation to a workqueue. At some
point, binder_deferred_func() will be called which will end up calling
binder_deferred_release() which will retrieve and cleanup the
binder_context attach to this struct binder_proc.
If we trace back where this binder_context is attached to binder_proc we
see that it is set in binder_open() and is taken from the struct
binder_device it is associated with. This obviously assumes that the
struct binder_device that context is attached to is _never_ freed. While
that might be true for devtmpfs binder devices it is most certainly
wrong for binderfs binder devices.
So, assume binder_open() is called on a binderfs binder devices. We now
stash away the struct binder_context associated with that struct
binder_devices:
proc->context = &binder_dev->context;
/* binderfs stashes devices in i_private */
if (is_binderfs_device(nodp)) {
binder_dev = nodp->i_private;
info = nodp->i_sb->s_fs_info;
binder_binderfs_dir_entry_proc = info->proc_log_dir;
} else {
.
.
.
proc->context = &binder_dev->context;
Now let's assume that the binderfs instance for that binder devices is
shutdown via umount() and/or the mount namespace associated with it goes
away. As long as there is still an fd open for that binderfs binder
device things are fine. But let's assume we now close the last fd for
that binderfs binder device. Now binder_release() is called and punts to
the workqueue. Assume that the workqueue has quite a bit of stuff to do
and doesn't get to cleaning up the struct binder_proc and the associated
struct binder_context with it for that binderfs binder device right
away. In the meantime, the VFS is killing the super block and is
ultimately calling sb->evict_inode() which means it will call
binderfs_evict_inode() which does:
static void binderfs_evict_inode(struct inode *inode)
{
struct binder_device *device = inode->i_private;
struct binderfs_info *info = BINDERFS_I(inode);
clear_inode(inode);
if (!S_ISCHR(inode->i_mode) || !device)
return;
mutex_lock(&binderfs_minors_mutex);
--info->device_count;
ida_free(&binderfs_minors, device->miscdev.minor);
mutex_unlock(&binderfs_minors_mutex);
kfree(device->context.name);
kfree(device);
}
thereby freeing the struct binder_device including struct
binder_context.
Now the workqueue finally has time to get around to cleaning up struct
binder_proc and is now trying to access the associate struct
binder_context. Since it's already freed it will OOPs.
Fix this by introducing a refounct on binder devices.
This is an alternative fix to 51d8a7eca677 ("binder: prevent UAF read in
print_binder_transaction_log_entry()").
Fixes: 3ad20fe393b3 ("binder: implement binderfs")
Fixes: 2669b8b0c798 ("binder: prevent UAF for binderfs devices")
Fixes: 03e2e07e3814 ("binder: Make transaction_log available in binderfs")
Related: 51d8a7eca677 ("binder: prevent UAF read in print_binder_transaction_log_entry()")
Cc: stable@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Acked-by: Todd Kjos <tkjos@google.com>
Link: https://lore.kernel.org/r/20200303164340.670054-1-christian.brauner@ubuntu.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit f0fe2c0f050d31babcad7d65f1d550d462a40064)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I54a6c910002bf1077ba0c34c48fb96f4ffbf012e
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Christian Brauner
|
0e97eac233 |
UPSTREAM: binder: prevent UAF for binderfs devices
On binder_release(), binder_defer_work(proc, BINDER_DEFERRED_RELEASE) is
called which punts the actual cleanup operation to a workqueue. At some
point, binder_deferred_func() will be called which will end up calling
binder_deferred_release() which will retrieve and cleanup the
binder_context attach to this struct binder_proc.
If we trace back where this binder_context is attached to binder_proc we
see that it is set in binder_open() and is taken from the struct
binder_device it is associated with. This obviously assumes that the
struct binder_device that context is attached to is _never_ freed. While
that might be true for devtmpfs binder devices it is most certainly
wrong for binderfs binder devices.
So, assume binder_open() is called on a binderfs binder devices. We now
stash away the struct binder_context associated with that struct
binder_devices:
proc->context = &binder_dev->context;
/* binderfs stashes devices in i_private */
if (is_binderfs_device(nodp)) {
binder_dev = nodp->i_private;
info = nodp->i_sb->s_fs_info;
binder_binderfs_dir_entry_proc = info->proc_log_dir;
} else {
.
.
.
proc->context = &binder_dev->context;
Now let's assume that the binderfs instance for that binder devices is
shutdown via umount() and/or the mount namespace associated with it goes
away. As long as there is still an fd open for that binderfs binder
device things are fine. But let's assume we now close the last fd for
that binderfs binder device. Now binder_release() is called and punts to
the workqueue. Assume that the workqueue has quite a bit of stuff to do
and doesn't get to cleaning up the struct binder_proc and the associated
struct binder_context with it for that binderfs binder device right
away. In the meantime, the VFS is killing the super block and is
ultimately calling sb->evict_inode() which means it will call
binderfs_evict_inode() which does:
static void binderfs_evict_inode(struct inode *inode)
{
struct binder_device *device = inode->i_private;
struct binderfs_info *info = BINDERFS_I(inode);
clear_inode(inode);
if (!S_ISCHR(inode->i_mode) || !device)
return;
mutex_lock(&binderfs_minors_mutex);
--info->device_count;
ida_free(&binderfs_minors, device->miscdev.minor);
mutex_unlock(&binderfs_minors_mutex);
kfree(device->context.name);
kfree(device);
}
thereby freeing the struct binder_device including struct
binder_context.
Now the workqueue finally has time to get around to cleaning up struct
binder_proc and is now trying to access the associate struct
binder_context. Since it's already freed it will OOPs.
Fix this by holding an additional reference to the inode that is only
released once the workqueue is done cleaning up struct binder_proc. This
is an easy alternative to introducing separate refcounting on struct
binder_device which we can always do later if it becomes necessary.
This is an alternative fix to 51d8a7eca677 ("binder: prevent UAF read in
print_binder_transaction_log_entry()").
Fixes: 3ad20fe393b3 ("binder: implement binderfs")
Fixes: 03e2e07e3814 ("binder: Make transaction_log available in binderfs")
Related: 51d8a7eca677 ("binder: prevent UAF read in print_binder_transaction_log_entry()")
Cc: stable@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Acked-by: Todd Kjos <tkjos@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
(cherry picked from commit 2669b8b0c798fbe1a31d49e07aa33233d469ad9b)
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I047a1e360b4146872bbc1d206dce7a864bb4588b
|
||
|
Hridya Valsaraju
|
1405bf2e0f |
UPSTREAM: binder: Add binder_proc logging to binderfs
Currently /sys/kernel/debug/binder/proc contains the debug data for every binder_proc instance. This patch makes this information also available in a binderfs instance mounted with a mount option "stats=global" in addition to debugfs. The patch does not affect the presence of the file in debugfs. If a binderfs instance is mounted at path /dev/binderfs, this file would be present at /dev/binderfs/binder_logs/proc. This change provides an alternate way to access this file when debugfs is not mounted. Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Hridya Valsaraju <hridya@google.com> Link: https://lore.kernel.org/r/20190903161655.107408-5-hridya@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bug: 136497735 (cherry picked from commit 4feb80faf428a02d407a9ea1952004af01308765) Change-Id: I3aa974979f2d4aebbe79ea9df30ede2813826157 |
||
|
Hridya Valsaraju
|
3741393c2d |
UPSTREAM: binder: Make transaction_log available in binderfs
Currently, the binder transaction log files 'transaction_log' and 'failed_transaction_log' live in debugfs at the following locations: /sys/kernel/debug/binder/failed_transaction_log /sys/kernel/debug/binder/transaction_log This patch makes these files also available in a binderfs instance mounted with the mount option "stats=global". It does not affect the presence of these files in debugfs. If a binderfs instance is mounted at path /dev/binderfs, the location of these files will be as follows: /dev/binderfs/binder_logs/failed_transaction_log /dev/binderfs/binder_logs/transaction_log This change provides an alternate option to access these files when debugfs is not mounted. Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Hridya Valsaraju <hridya@google.com> Link: https://lore.kernel.org/r/20190903161655.107408-4-hridya@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bug: 136497735 (cherry picked from commit c31e73121f4c1ec41143423ac6ce3ce6dafdcec1) Change-Id: I20d9e6c4c7115297f9740cc42a516c315b3a209e |
||
|
Hridya Valsaraju
|
a575fb2979 |
UPSTREAM: binder: Add stats, state and transactions files
The following binder stat files currently live in debugfs. /sys/kernel/debug/binder/state /sys/kernel/debug/binder/stats /sys/kernel/debug/binder/transactions This patch makes these files available in a binderfs instance mounted with the mount option 'stats=global'. For example, if a binderfs instance is mounted at path /dev/binderfs, the above files will be available at the following locations: /dev/binderfs/binder_logs/state /dev/binderfs/binder_logs/stats /dev/binderfs/binder_logs/transactions This provides a way to access them even when debugfs is not mounted. Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Hridya Valsaraju <hridya@google.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Link: https://lore.kernel.org/r/20190903161655.107408-3-hridya@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bug: 136497735 (cherry picked from commit 0e13e452dafc009049a9a5a4153e2f9e51b23915) Change-Id: Ieeb666a719fb3195133403054de7b103a358e1ae |
||
|
Hridya Valsaraju
|
4d96097431 |
UPSTREAM: binder: add a mount option to show global stats
Currently, all binder state and statistics live in debugfs. We need this information even when debugfs is not mounted. This patch adds the mount option 'stats' to enable a binderfs instance to have binder debug information present in the same. 'stats=global' will enable the global binder statistics. In the future, 'stats=local' will enable binder statistics local to the binderfs instance. The two modes 'global' and 'local' will be mutually exclusive. 'stats=global' option is only available for a binderfs instance mounted in the initial user namespace. An attempt to use the option to mount a binderfs instance in another user namespace will return an EPERM error. Signed-off-by: Hridya Valsaraju <hridya@google.com> Acked-by: Christian Brauner <christian.brauner@ubuntu.com> Link: https://lore.kernel.org/r/20190903161655.107408-2-hridya@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Bug: 136497735 (cherry picked from commit f00834518ed3194b866f5f3d63b71e0ed7f6bc00) Change-Id: I4c9da221e7e19729a6489436ffa6233864eac4f7 |