70f98fe87ab5b332fa6308ae9f05da170d65e9f6
405 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
balgxmr
|
434f599332 | Merge branch 'upstream-linux-4.14.y' of https://android.googlesource.com/kernel/common into rebase | ||
|
Eric Dumazet
|
1250d3b192 |
net: annotate sk->sk_err write from do_recvmmsg()
[ Upstream commit e05a5f510f26607616fecdd4ac136310c8bea56b ]
do_recvmmsg() can write to sk->sk_err from multiple threads.
As said before, many other points reading or writing sk_err
need annotations.
Fixes:
|
||
|
pwnrazr
|
f9e7a9f4f2 | Merge remote-tracking branch 'android-stable/android-4.14-stable' into 12.1 | ||
|
Kuniyuki Iwashima
|
f28f3f8848 |
net: Fix a data-race around sysctl_somaxconn.
[ Upstream commit 3c9ba81d72047f2e81bb535d42856517b613aba7 ]
While reading sysctl_somaxconn, it can be changed concurrently.
Thus, we need to add READ_ONCE() to its reader.
Fixes:
|
||
|
UtsavBalar1231
|
c188008325 |
Merge tag 'LA.UM.9.1.r1-09200-SMxxx0.0' into android11-base
"LA.UM.9.1.r1-09200-SMxxx0.0" * tag 'LA.UM.9.1.r1-09200-SMxxx0.0' of https://source.codeaurora.org/quic/la/kernel/msm-4.14: ARM: dts: msm: Change the FD clock to 400Mhz for SVS msm: kgsl: Access map_count only if entry is successfully allocated dm verity: skip verity work on I/O errors when system is shutting down msm: vidc: Read 4k60D fuse and update max-hw-load value net:sockev: hold file reference till the sock event is sent diag: Sanitize the mempools with pool data size check Set the default slot for Full Disk Encryption key to 31 defconfig: Enable Inline Crypto Engine(ICE) driver msm: kgsl: Poll a6x crashdumper register memory for status Change-Id: Ia906200a392d1dfedb9253bd4a7b89206e2a2bf6 Signed-off-by: UtsavBalar1231 <utsavbalar1231@gmail.com> |
||
|
Sharath Chandra Vurukala
|
033f2e4393 |
net:sockev: hold file reference till the sock event is sent
Hold file reference till the sock event is sent. Change-Id: I14d581f210c86e5771bec22a9aca7c78630e9ac1 Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org> |
||
|
Srinivasarao P
|
f7e8bdc457 |
Merge android-4.14-stable.198 (a008686) into msm-4.14
* refs/heads/tmp-a008686:
Linux 4.14.198
net: disable netpoll on fresh napis
tipc: fix shutdown() of connectionless socket
sctp: not disable bh in the whole sctp_get_port_local()
net: usb: dm9601: Add USB ID of Keenetic Plus DSL
netlabel: fix problems with mapping removal
bnxt: don't enable NAPI until rings are ready
vfio/pci: Fix SR-IOV VF handling with MMIO blocking
vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
vfio-pci: Fault mmaps to enable vma tracking
vfio/type1: Support faulting PFNMAP vmas
block: ensure bdi->io_pages is always initialized
ALSA; firewire-tascam: exclude Tascam FE-8 from detection
Linux 4.14.197
net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
cfg80211: regulatory: reject invalid hints
mm/hugetlb: fix a race between hugetlb sysctl handlers
checkpatch: fix the usage of capture group ( ... )
KVM: arm64: Set HCR_EL2.PTW to prevent AT taking synchronous exception
KVM: arm64: Survive synchronous exceptions caused by AT instructions
KVM: arm64: Defer guest entry when an asynchronous exception is pending
KVM: arm64: Add kvm_extable for vaxorcism code
mm: slub: fix conversion of freelist_corrupted()
dm thin metadata: Avoid returning cmd->bm wild pointer on error
dm cache metadata: Avoid returning cmd->bm wild pointer on error
libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks
block: Move SECTOR_SIZE and SECTOR_SHIFT definitions into <linux/blkdev.h>
block: allow for_each_bvec to support zero len bvec
affs: fix basic permission bits to actually work
ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
ALSA: hda/hdmi: always check pin power status in i915 pin fixup
ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
ALSA: ca0106: fix error code handling
usb: qmi_wwan: add D-Link DWM-222 A2 device ID
net: usb: qmi_wwan: add Telit 0x1050 composition
btrfs: fix potential deadlock in the search ioctl
uaccess: Add non-pagefault user-space write function
uaccess: Add non-pagefault user-space read functions
btrfs: set the lockdep class for log tree extent buffers
btrfs: Remove extraneous extent_buffer_get from tree_mod_log_rewind
btrfs: Remove redundant extent_buffer_get in get_old_root
btrfs: drop path before adding new uuid tree entry
include/linux/log2.h: add missing () around n in roundup_pow_of_two()
thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
iommu/vt-d: Serialize IOMMU GCMD register modifications
tg3: Fix soft lockup when tg3_reset_task() fails.
fix regression in "epoll: Keep a reference on files added to the check list"
net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
perf tools: Correct SNOOPX field offset
nvmet-fc: Fix a missed _irqsave version of spin_lock in 'nvmet_fc_fod_op_done()'
bnxt_en: Fix PCI AER error recovery flow
bnxt_en: Check for zero dir entries in NVRAM.
gtp: add GTPA_LINK info to msg sent to userspace
dmaengine: pl330: Fix burst length if burst size is smaller than bus width
net: arc_emac: Fix memleak in arc_mdio_probe
ravb: Fixed to be able to unload modules
net: systemport: Fix memleak in bcm_sysport_probe
net: hns: Fix memleak in hns_nic_dev_probe
netfilter: nf_tables: fix destination register zeroing
netfilter: nf_tables: incorrect enum nft_list_attributes definition
netfilter: nf_tables: add NFTA_SET_USERDATA if not null
MIPS: BMIPS: Also call bmips_cpu_setup() for secondary cores
MIPS: mm: BMIPS5000 has inclusive physical caches
dmaengine: at_hdmac: check return value of of_find_device_by_node() in at_dma_xlate()
batman-adv: bla: use netif_rx_ni when not in interrupt context
batman-adv: Fix own OGM check in aggregated OGMs
batman-adv: Avoid uninitialized chaddr when handling DHCP
dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
xen/xenbus: Fix granting of vmalloc'd memory
s390: don't trace preemption in percpu macros
cpuidle: Fixup IRQ state
ceph: don't allow setlease on cephfs
nvmet: Disable keep-alive timer when kato is cleared to 0h
hwmon: (applesmc) check status earlier.
drm/msm: add shutdown support for display platform_driver
perf record/stat: Explicitly call out event modifiers in the documentation
HID: core: Sanitize event code and type when mapping input
HID: core: Correctly handle ReportSize being zero
Linux 4.14.196
ALSA: usb-audio: Update documentation comment for MS2109 quirk
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
tpm: Unify the mismatching TPM space buffer sizes
btrfs: check the right error variable in btrfs_del_dir_entries_in_log
usb: storage: Add unusual_uas entry for Sony PSZ drives
USB: cdc-acm: rework notification_buffer resizing
USB: gadget: u_f: Unbreak offset calculation in VLAs
USB: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb()
USB: gadget: u_f: add overflow checks to VLA macros
overflow.h: Add allocation size calculation helpers
usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe()
USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge
USB: quirks: Add no-lpm quirk for another Raydium touchscreen
usb: uas: Add quirk for PNY Pro Elite
USB: yurex: Fix bad gfp argument
drm/amdgpu: Fix buffer overflow in INFO ioctl
device property: Fix the secondary firmware node handling in set_primary_fwnode()
PM: sleep: core: Fix the handling of pending runtime resume requests
xhci: Do warm-reset when both CAS and XDEV_RESUME are set
XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt XEN data pointer which contains XEN specific information.
writeback: Fix sync livelock due to b_dirty_time processing
writeback: Avoid skipping inode writeback
writeback: Protect inode->i_io_list with inode->i_lock
serial: 8250: change lock order in serial8250_do_startup()
serial: 8250_exar: Fix number of ports for Commtech PCIe cards
serial: pl011: Don't leak amba_ports entry on driver register error
serial: pl011: Fix oops on -EPROBE_DEFER
serial: samsung: Removes the IRQ not found warning
vt_ioctl: change VT_RESIZEX ioctl to check for error return from vc_resize()
vt: defer kfree() of vc_screenbuf in vc_do_resize()
USB: lvtest: return proper error code in probe
fbcon: prevent user font height or width change from causing potential out-of-bounds access
btrfs: fix space cache memory leak after transaction abort
HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands
powerpc/perf: Fix soft lockups due to missed interrupt accounting
net: gianfar: Add of_node_put() before goto statement
scsi: ufs: Clean up completed request without interrupt notification
scsi: ufs: Improve interrupt handling for shared interrupts
scsi: ufs: Fix possible infinite loop in ufshcd_hold
s390/cio: add cond_resched() in the slow_eval_known_fn() loop
spi: stm32: fix stm32_spi_prepare_mbr in case of odd clk_rate
fs: prevent BUG_ON in submit_bh_wbc()
jbd2: abort journal if free a async write error metadata buffer
ext4: don't BUG on inconsistent journal feature
jbd2: make sure jh have b_transaction set in refile/unfile_buffer
usb: gadget: f_tcm: Fix some resource leaks in some error paths
i2c: rcar: in slave mode, clear NACK earlier
null_blk: fix passing of REQ_FUA flag in null_handle_rq
nvme-fc: Fix wrong return value in __nvme_fc_init_request()
media: gpio-ir-tx: improve precision of transmitted signal due to scheduling
Revert "ath10k: fix DMA related firmware crashes on multiple devices"
efi: provide empty efi_enter_virtual_mode implementation
USB: sisusbvga: Fix a potential UB casued by left shifting a negative value
powerpc/spufs: add CONFIG_COREDUMP dependency
KVM: arm64: Fix symbol dependency in __hyp_call_panic_nvhe
media: davinci: vpif_capture: fix potential double free
EDAC/ie31200: Fallback if host bridge device is already initialized
scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del()
ceph: fix potential mdsc use-after-free crash
scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
locking/lockdep: Fix overflow in presentation of average lock-time
drm/nouveau: Fix reference count leak in nouveau_connector_detect
drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
f2fs: fix use-after-free issue
cec-api: prevent leaking memory through hole in structure
mips/vdso: Fix resource leaks in genvdso.c
rtlwifi: rtl8192cu: Prevent leaking urb
PCI: Fix pci_create_slot() reference count leak
omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
selftests/powerpc: Purge extra count_pmc() calls of ebb selftests
scsi: lpfc: Fix shost refcount mismatch when deleting vport
drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
drm/amd/display: fix ref count leak in amdgpu_drm_ioctl
drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms
drm/radeon: fix multiple reference count leak
drm/amdkfd: Fix reference count leaks.
iommu/iova: Don't BUG on invalid PFNs
scsi: target: tcmu: Fix crash on ARM during cmd completion
blktrace: ensure our debugfs dir exists
media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA value in debiirq()
powerpc/xive: Ignore kmemleak false positives
arm64: dts: qcom: msm8916: Pull down PDM GPIOs during sleep
mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs
ASoC: tegra: Fix reference count leaks.
ALSA: pci: delete repeated words in comments
gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY
ipvlan: fix device features
tipc: fix uninit skb->data in tipc_nl_compat_dumpit()
net: Fix potential wrong skb->protocol in skb_vlan_untag()
powerpc/64s: Don't init FSCR_DSCR in __init_FSCR()
ANDROID: cuttlefish_defconfig: initialize locals with zeroes
BACKPORT: security: allow using Clang's zero initialization for stack variables
Revert "binder: Prevent context manager from incrementing ref 0"
Linux 4.14.195
KVM: arm/arm64: Don't reschedule in unmap_stage2_range()
clk: Evict unregistered clks from parent caches
xen: don't reschedule in preemption off sections
mm/hugetlb: fix calculation of adjust_range_if_pmd_sharing_possible
do_epoll_ctl(): clean the failure exits up a bit
epoll: Keep a reference on files added to the check list
powerpc/pseries: Do not initiate shutdown when system is running on UPS
net: dsa: b53: check for timeout
hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit()
bonding: fix active-backup failover for current ARP slave
vfio/type1: Add proper error unwind for vfio_iommu_replay()
ASoC: intel: Fix memleak in sst_media_open
ASoC: msm8916-wcd-analog: fix register Interrupt offset
bonding: fix a potential double-unregister
bonding: show saner speed for broadcast mode
net: fec: correct the error path for regulator disable in probe
i40e: Fix crash during removing i40e driver
i40e: Set RX_ONLY mode for unicast promiscuous on VLAN
ext4: fix potential negative array index in do_split()
alpha: fix annotation of io{read,write}{16,32}be()
xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init
virtio_ring: Avoid loop when vq is broken in virtqueue_poll
scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
cpufreq: intel_pstate: Fix cpuinfo_max_freq when MSR_TURBO_RATIO_LIMIT is 0
jffs2: fix UAF problem
xfs: fix inode quota reservation checks
m68knommu: fix overwriting of bits in ColdFire V3 cache control
Input: psmouse - add a newline when printing 'proto' by sysfs
media: vpss: clean up resources in init
rtc: goldfish: Enable interrupt in set_alarm() when necessary
media: budget-core: Improve exception handling in budget_register()
scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
spi: Prevent adding devices below an unregistering controller
jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock()
ext4: fix checking of directory entry validity for inline directories
mm, page_alloc: fix core hung in free_pcppages_bulk()
mm: include CMA pages in lowmem_reserve at boot
kernel/relay.c: fix memleak on destroy relay channel
romfs: fix uninitialized memory leak in romfs_dev_read()
btrfs: sysfs: use NOFS for device creation
btrfs: inode: fix NULL pointer dereference if inode doesn't need compression
btrfs: Move free_pages_out label in inline extent handling branch in compress_file_range
btrfs: don't show full path of bind mounts in subvol=
btrfs: export helpers for subvolume name/id resolution
powerpc: Allow 4224 bytes of stack expansion for the signal frame
powerpc/mm: Only read faulting instruction when necessary in do_page_fault()
khugepaged: adjust VM_BUG_ON_MM() in __khugepaged_enter()
khugepaged: khugepaged_test_exit() check mmget_still_valid()
perf probe: Fix memory leakage when the probe point is not found
drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset()
ANDROID: virtio_gpu.h: move map/unmap to 3d group
Linux 4.14.194
dm cache: remove all obsolete writethrough-specific code
dm cache: submit writethrough writes in parallel to origin and cache
dm cache: pass cache structure to mode functions
genirq/affinity: Make affinity setting if activated opt-in
genirq/affinity: Handle affinity setting on inactive interrupts correctly
khugepaged: retract_page_tables() remember to test exit
sh: landisk: Add missing initialization of sh_io_port_base
tools build feature: Quote CC and CXX for their arguments
perf bench mem: Always memset source before memcpy
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
mfd: dln2: Run event handler loop under spinlock
test_kmod: avoid potential double free in trigger_config_run_type()
fs/ufs: avoid potential u32 multiplication overflow
nfs: Fix getxattr kernel panic and memory overflow
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
drm/vmwgfx: Fix two list_for_each loop exit tests
drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
Input: sentelic - fix error return when fsp_reg_write fails
i2c: rcar: avoid race when unregistering slave
tools build feature: Use CC and CXX from parent
pwm: bcm-iproc: handle clk_get_rate() return
clk: clk-atlas6: fix return value check in atlas6_clk_init()
i2c: rcar: slave: only send STOP event when we have been addressed
iommu/vt-d: Enforce PASID devTLB field mask
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
USB: serial: ftdi_sio: clean up receive processing
USB: serial: ftdi_sio: make process-packet buffer unsigned
RDMA/ipoib: Return void from ipoib_ib_dev_stop()
mfd: arizona: Ensure 32k clock is put on driver unbind and error
drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
perf intel-pt: Fix FUP packet state
pseries: Fix 64 bit logical memory block panic
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
tracing: Use trace_sched_process_free() instead of exit() for pid tracing
tracing/hwlat: Honor the tracing_cpumask
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
ftrace: Setup correct FTRACE_FL_REGS flags for module
ocfs2: change slot number type s16 to u16
ext2: fix missing percpu_counter_inc
MIPS: CPU#0 is not hotpluggable
mac80211: fix misplaced while instead of if
bcache: allocate meta data pages as compound pages
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
net/compat: Add missing sock updates for SCM_RIGHTS
net: stmmac: dwmac1000: provide multicast filter fallback
net: ethernet: stmmac: Disable hardware multicast filter
powerpc: Fix circular dependency between percpu.h and mmu.h
xtensa: fix xtensa_pmu_setup prototype
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
dt-bindings: iio: io-channel-mux: Fix compatible string in example code
btrfs: fix memory leaks after failure to lookup checksums during inode logging
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: don't allocate anonymous block device for user invisible roots
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
smb3: warn on confusing error scenario with sec=krb5
net: initialize fastreuse on inet_inherit_port
xen/balloon: make the balloon wait interruptible
xen/balloon: fix accounting in alloc_xenballooned_pages error path
irqdomain/treewide: Free firmware node after domain removal
ARM: 8992/1: Fix unwind_frame for clang-built kernels
parisc: mask out enable and reserved bits from sba imask
parisc: Implement __smp_store_release and __smp_load_acquire barriers
mtd: rawnand: qcom: avoid write to unavailable register
spi: spidev: Align buffers for DMA
9p: Fix memory leak in v9fs_mount
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
fs/minix: reject too-large maximum file size
fs/minix: don't allow getting deleted inodes
fs/minix: check return value of sb_getblk()
bitfield.h: don't compile-time validate _val in FIELD_FIT
crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
crypto: ccp - Fix use of merged scatterlists
crypto: qat - fix double free in qat_uclo_create_batch_init_list
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
USB: serial: cp210x: enable usb generic throttle/unthrottle
USB: serial: cp210x: re-enable auto-RTS on open
net: Set fput_needed iff FDPUT_FPUT is set
net: refactor bind_bucket fastreuse into helper
net/nfc/rawsock.c: add CAP_NET_RAW check.
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
af_packet: TPACKET_V3: fix fill status rwlock imbalance
crypto: aesni - add compatibility with IAS
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
pinctrl-single: fix pcs_parse_pinconf() return value
dlm: Fix kobject memleak
fsl/fman: fix eth hash table allocation
fsl/fman: check dereferencing null pointer
fsl/fman: fix unreachable code
fsl/fman: fix dereference null return value
fsl/fman: use 32-bit unsigned integer
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
liquidio: Fix wrong return value in cn23xx_get_pf_num()
net: ethernet: aquantia: Fix wrong return value
tools, build: Propagate build failures from tools/build/Makefile.build
wl1251: fix always return 0 error
s390/qeth: don't process empty bridge port events
selftests/powerpc: Fix online CPU selection
PCI: Release IVRS table in AMD ACS quirk
selftests/powerpc: Fix CPU affinity for child process
Bluetooth: hci_serdev: Only unregister device if it was registered
power: supply: check if calc_soc succeeded in pm860x_init_battery
Smack: prevent underflow in smk_set_cipso()
Smack: fix another vsscanf out of bounds
net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
scsi: mesh: Fix panic after host or bus reset
usb: dwc2: Fix error path in gadget registration
MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor()
USB: serial: iuu_phoenix: fix led-activity helpers
drm/imx: tve: fix regulator_disable error path
PCI/ASPM: Add missing newline in sysfs 'policy'
staging: rtl8192u: fix a dubious looking mask before a shift
powerpc/vdso: Fix vdso cpu truncation
mwifiex: Prevent memory corruption handling keys
scsi: scsi_debug: Add check for sdebug_max_queue during module init
drm/bridge: sil_sii8620: initialize return of sii8620_readb
drm: panel: simple: Fix bpc for LG LB070WV8 panel
leds: core: Flush scheduled work for system suspend
PCI: Fix pci_cfg_wait queue locking problem
xfs: fix reflink quota reservation accounting error
media: exynos4-is: Add missed check for pinctrl_lookup_state()
media: firewire: Using uninitialized values in node_probe()
ipvs: allow connection reuse for unconfirmed conntrack
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
drm/radeon: fix array out-of-bounds read and write issues
cxl: Fix kobject memleak
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
ASoC: Intel: bxt_rt298: add missing .owner field
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
leds: lm355x: avoid enum conversion warning
drm/arm: fix unintentional integer overflow on left shift
iio: improve IIO_CONCENTRATION channel type description
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
console: newport_con: fix an issue about leak related system resources
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
agp/intel: Fix a memory leak on module initialisation failure
ACPICA: Do not increment operation_region reference counts for field units
bcache: fix super block seq numbers comparision in register_cache_set()
dyndbg: fix a BUG_ON in ddebug_describe_flags
usb: bdc: Halt controller on suspend
bdc: Fix bug causing crash after multiple disconnects
usb: gadget: net2280: fix memory leak on probe error handling paths
gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
iwlegacy: Check the return value of pcie_capability_read_*()
brcmfmac: set state of hanger slot to FREE when flushing PSQ
brcmfmac: To fix Bss Info flag definition Bug
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
drm/debugfs: fix plain echo to connector "force" attribute
drm/nouveau: fix multiple instances of reference count leaks
arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
md-cluster: fix wild pointer of unlock_all_bitmaps()
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
spi: lantiq: fix: Rx overflow error in full duplex mode
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
m68k: mac: Fix IOP status/control register writes
m68k: mac: Don't send IOP message until channel is idle
arm64: dts: exynos: Fix silent hang after boot on Espresso
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
EDAC: Fix reference count leaks
arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
sched: correct SD_flags returned by tl->sd_flags()
x86/mce/inject: Fix a wrong assignment of i_mce.status
cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
HID: input: Fix devices that return multiple bytes in battery report
tracepoint: Mark __tracepoint_string's __used
Smack: fix use-after-free in smk_write_relabel_self()
rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
usb: hso: check for return value in hso_serial_common_create()
selftests/net: relax cpu affinity requirement in msg_zerocopy test
Revert "vxlan: fix tos value before xmit"
openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
net: gre: recompute gre csum for sctp over gre tunnels
hv_netvsc: do not use VF device if link is down
net: lan78xx: replace bogus endpoint lookup
vxlan: Ensure FDB dump is performed under RCU
net: ethernet: mtk_eth_soc: fix MTU warnings
ipv6: fix memory leaks on IPV6_ADDRFORM path
ipv4: Silence suspicious RCU usage warning
xattr: break delegations in {set,remove}xattr
Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23)
tools lib traceevent: Fix memory leak in process_dynamic_array_len
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
igb: reinit_locked() should be called with rtnl_lock
cfg80211: check vendor command doit pointer before use
i2c: slave: add sanity check when unregistering
i2c: slave: improve sanity check when registering
drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
net/9p: validate fds in p9_fd_open
leds: 88pm860x: fix use-after-free on unbind
leds: lm3533: fix use-after-free on unbind
leds: da903x: fix use-after-free on unbind
leds: wm831x-status: fix use-after-free on unbind
mtd: properly check all write ioctls for permissions
vgacon: Fix for missing check in scrollback handling
binder: Prevent context manager from incrementing ref 0
omapfb: dss: Fix max fclk divider for omap36xx
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
staging: android: ashmem: Fix lockdep warning for write operation
ALSA: seq: oss: Serialize ioctls
usb: xhci: Fix ASMedia ASM1142 DMA addressing
usb: xhci: define IDs for various ASMedia host controllers
USB: iowarrior: fix up report size handling for some devices
net/mlx5e: Don't support phys switch id if not in switchdev mode
USB: serial: qcserial: add EM7305 QDL product ID
ANDROID: tty: fix tty name overflow
ANDROID: fix a bug in quota2
ANDROID: Incremental fs: fix magic compatibility again
Linux 4.14.193
ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel()
ext4: fix direct I/O read error
random32: move the pseudo-random 32-bit definitions to prandom.h
random32: remove net_rand_state from the latent entropy gcc plugin
random: fix circular include dependency on arm64 after addition of percpu.h
ARM: percpu.h: fix build error
random32: update the net random state on interrupt and activity
Revert "scsi: libsas: direct call probe and destruct"
Linux 4.14.192
x86/i8259: Use printk_deferred() to prevent deadlock
KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
xen-netfront: fix potential deadlock in xennet_remove()
cxgb4: add missing release on skb in uld_send()
x86/unwind/orc: Fix ORC for newly forked tasks
Revert "i2c: cadence: Fix the hold bit setting"
net: ethernet: ravb: exit if re-initialization fails in tx timeout
parisc: add support for cmpxchg on u8 pointers
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
qed: Disable "MFW indication via attention" SPAM every 5 minutes
usb: hso: Fix debug compile warning on sparc32
arm64: csum: Fix handling of bad packets
arm64/alternatives: move length validation inside the subsection
mac80211: mesh: Free pending skb when destroying a mpath
mac80211: mesh: Free ie data when leaving mesh
bpf: Fix map leak in HASH_OF_MAPS map
ibmvnic: Fix IRQ mapping disposal in error path
mlxsw: core: Free EMAD transactions using kfree_rcu()
mlxsw: core: Increase scope of RCU read-side critical section
mlx4: disable device on shutdown
net: lan78xx: fix transfer-buffer memory leak
net: lan78xx: add missing endpoint sanity check
sh: Fix validation of system call number
selftests/net: rxtimestamp: fix clang issues for target arch PowerPC
net/x25: Fix null-ptr-deref in x25_disconnect
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
xfs: fix missed wakeup on l_flush_wait
rds: Prevent kernel-infoleak in rds_notify_queue_get()
x86, vmlinux.lds: Page-align end of ..page_aligned sections
x86/build/lto: Fix truncated .bss with -fdata-sections
9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
9p/trans_fd: abort p9_read_work if req status changed
f2fs: check if file namelen exceeds max value
f2fs: check memory boundary by insane namelen
drm: hold gem reference until object is no longer accessed
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
wireless: Use offsetof instead of custom macro.
PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
ath9k: release allocated buffer if timed out
ath9k_htc: release allocated buffer if timed out
iio: imu: adis16400: fix memory leak
media: rc: prevent memory leak in cx23888_ir_probe
crypto: ccp - Release all allocated memory if sha type is invalid
net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
scsi: libsas: direct call probe and destruct
Linux 4.14.191
xfs: set format back to extents if xfs_bmap_extents_to_btree
regmap: debugfs: check count when read regmap file
mm/page_owner.c: remove drain_all_pages from init_early_allocated_pages
tcp: allow at most one TLP probe per flight
rtnetlink: Fix memory(net_device) leak when ->newlink fails
ip6_gre: fix null-ptr-deref in ip6gre_init_net()
AX.25: Prevent integer overflows in connect and sendmsg
rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
net: udp: Fix wrong clean up for IS_UDPLITE macro
net-sysfs: add a newline when printing 'tx_timeout' by sysfs
drivers/net/wan/x25_asy: Fix to make it work
dev: Defer free of skbs in flush_backlog
AX.25: Prevent out-of-bounds read in ax25_sendmsg()
AX.25: Fix out-of-bounds read in ax25_connect()
Conflicts:
drivers/clk/clk.c
drivers/gpu/drm/msm/msm_drv.c
drivers/hwtracing/coresight/coresight-tmc-etf.c
Fixed build errors:
drivers/md/dm-bow.c
Change-Id: Ia70efae18753ba5dbb3b67e00201e2c12eac5e70
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
|
Miaohe Lin
|
bb70a1cbe5 |
net: Set fput_needed iff FDPUT_FPUT is set
[ Upstream commit ce787a5a074a86f76f5d3fd804fa78e01bfb9e89 ]
We should fput() file iff FDPUT_FPUT is set. So we should set fput_needed
accordingly.
Fixes:
|
||
|
Srinivasarao P
|
62eedc7cb9 |
Merge android-4.14.166 (d4dd59f) into msm-4.14
* refs/heads/tmp-d4dd59f: Linux 4.14.166 ocfs2: call journal flush to mark journal as empty after journal recovery when mount hexagon: work around compiler crash hexagon: parenthesize registers in asm predicates ioat: ioat_alloc_ring() failure handling. dmaengine: k3dma: Avoid null pointer traversal MIPS: Prevent link failure with kcov instrumentation mips: cacheinfo: report shared CPU map rseq/selftests: Turn off timeout setting scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() gpio: mpc8xxx: Add platform device to gpiochip->parent rtc: msm6242: Fix reading of 10-hour digit f2fs: fix potential overflow rtlwifi: Remove unnecessary NULL check in rtl_regd_init spi: atmel: fix handling of cs_change set on non-last xfer mtd: spi-nor: fix silent truncation in spi_nor_read_raw() mtd: spi-nor: fix silent truncation in spi_nor_read() media: exynos4-is: Fix recursive locking in isp_video_release() media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support media: ov6650: Fix some format attributes not under control media: ov6650: Fix incorrect use of JPEG colorspace tty: serial: pch_uart: correct usage of dma_unmap_sg tty: serial: imx: use the sg count from dma_map_sg powerpc/powernv: Disable native PCIe port management PCI/PTM: Remove spurious "d" from granularity message compat_ioctl: handle SIOCOUTQNSD af_unix: add compat_ioctl support arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD scsi: sd: enable compat ioctls for sed-opal pinctrl: lewisburg: Update pin list according to v1.1v6 pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume mei: fix modalias documentation iio: imu: adis16480: assign bias value only if operation succeeded NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn xprtrdma: Fix completion wait during device removal platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI scsi: enclosure: Fix stale device oops with hot replug arm64: Check for errata before evaluating cpu features arm64: add sentinel to kpti_safe_list RDMA/srpt: Report the SCSI residual to the initiator RDMA/mlx5: Return proper error value btrfs: simplify inode locking for RWF_NOWAIT cifs: Adjust indentation in smb2_open_file hsr: reset network header when supervision frame is created gpio: Fix error message on out-of-range GPIO in lookup table iommu: Remove device link to group on failure gpio: zynq: Fix for bug in zynq_gpio_restore_context API ASoC: stm32: spdifrx: fix race condition in irq handler ASoC: stm32: spdifrx: fix inconsistent lock state RDMA/bnxt_re: Fix Send Work Entry state check while polling completions rtc: mt6397: fix alarm register overwrite drm/i915: Fix use-after-free when destroying GEM context dccp: Fix memleak in __feat_register_sp iwlwifi: dbg_ini: fix memory leak in alloc_sgtable wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle wimax: i2400: fix memory leak cifs: Fix lease buffer length error media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap mac80211: Do not send Layer 2 Update frame before authorization cfg80211/mac80211: make ieee80211_send_layer2_update a public function arm64: Make sure permission updates happen for pmd/pud arm64: Enforce BBM for huge IO/VMAP mappings arm64: mm: Change page table pointer name in p[md]_set_huge() arm64: don't open code page table entry creation rsi: add fix for crash during assertions fs/select: avoid clang stack usage warning ethtool: reduce stack usage with clang HID: hidraw, uhid: Always report EPOLLOUT HID: hidraw: Fix returning EPOLLOUT from hidraw_poll hidraw: Return EPOLLOUT from hidraw_poll cuttlefish: enable CONFIG_DUMMY=y Conflicts: arch/arm64/mm/mmu.c net/core/ethtool.c net/wireless/util.c Change-Id: I9062404104c97a86c4960f768e0be9220f69d192 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Srinivasarao P
|
84303e9b45 |
Merge android-4.14.163 (1cfd841) into msm-4.14
* refs/heads/tmp-1cfd841:
Revert "BACKPORT: perf_event: Add support for LSM and SELinux checks"
Linux 4.14.163
perf/x86/intel/bts: Fix the use of page_private()
xen/blkback: Avoid unmapping unmapped grant pages
s390/smp: fix physical to logical CPU map for SMT
net: add annotations on hh->hh_len lockless accesses
arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed warning
ath9k_htc: Discard undersized packets
ath9k_htc: Modify byte order for an error message
rxrpc: Fix possible NULL pointer access in ICMP handling
selftests: rtnetlink: add addresses with fixed life time
powerpc/pseries/hvconsole: Fix stack overread via udbg
drm/mst: Fix MST sideband up-reply failure handling
scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails
fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
tty: serial: msm_serial: Fix lockup for sysrq and oops
dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example
media: usb: fix memory leak in af9005_identify_state
regulator: ab8500: Remove AB8505 USB regulator
media: flexcop-usb: ensure -EIO is returned on error condition
Bluetooth: Fix memory leak in hci_connect_le_scan
Bluetooth: delete a stray unlock
Bluetooth: btusb: fix PM leak in error case of setup
platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table
xfs: don't check for AG deadlock for realtime files in bunmapi
scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
nfsd4: fix up replay_matches_cache()
PM / devfreq: Check NULL governor in available_governors_show
arm64: Revert support for execute-only user mappings
ftrace: Avoid potential division by zero in function profiler
exit: panic before exit_mm() on global init exit
ALSA: firewire-motu: Correct a typo in the clock proc string
ALSA: cs4236: fix error return comparison of an unsigned integer
tracing: Have the histogram compare functions convert to u64 first
tracing: Fix lock inversion in trace_event_enable_tgid_record()
gpiolib: fix up emulated open drain outputs
ata: ahci_brcm: Fix AHCI resources management
ata: ahci_brcm: Allow optional reset controller to be used
ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys()
compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE
compat_ioctl: block: handle Persistent Reservations
dmaengine: Fix access to uninitialized dma_slave_caps
locks: print unsigned ino in /proc/locks
pstore/ram: Write new dumps to start of recycled zones
memcg: account security cred as well to kmemcg
mm/zsmalloc.c: fix the migrated zspage statistics.
media: cec: avoid decrementing transmit_queue_sz if it is 0
media: cec: CEC 2.0-only bcast messages were ignored
media: pulse8-cec: fix lost cec_transmit_attempt_done() call
MIPS: Avoid VDSO ABI breakage due to global register variable
drm/sun4i: hdmi: Remove duplicate cleanup calls
ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
drm: limit to INT_MAX in create_blob ioctl
taskstats: fix data-race
xfs: fix mount failure crash on invalid iclog memory access
PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
xen/balloon: fix ballooned page accounting without hotplug enabled
xen-blkback: prevent premature module unload
IB/mlx4: Follow mirror sequence of device add during device removal
s390/cpum_sf: Avoid SBD overflow condition in irq handler
s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
md: raid1: check rdev before reference in raid1_sync_request func
net: make socket read/write_iter() honor IOCB_NOWAIT
usb: gadget: fix wrong endpoint desc
drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit
scsi: libsas: stop discovering if oob mode is disconnected
scsi: iscsi: qla4xxx: fix double free in probe
scsi: qla2xxx: Don't call qlt_async_event twice
scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
rxe: correctly calculate iCRC for unaligned payloads
RDMA/cma: add missed unregister_pernet_subsys in init failure
PM / devfreq: Don't fail devfreq_dev_release if not in list
iio: adc: max9611: Fix too short conversion time delay
nvme_fc: add module to ops template to allow module references
UPSTREAM: selinux: sidtab reverse lookup hash table
UPSTREAM: selinux: avoid atomic_t usage in sidtab
UPSTREAM: selinux: check sidtab limit before adding a new entry
UPSTREAM: selinux: fix context string corruption in convert_context()
BACKPORT: selinux: overhaul sidtab to fix bug and improve performance
UPSTREAM: selinux: refactor mls_context_to_sid() and make it stricter
UPSTREAM: selinux: Cleanup printk logging in services
UPSTREAM: scsi: ilog2: create truly constant version for sparse
BACKPORT: selinux: use separate table for initial SID lookup
UPSTREAM: selinux: make "selinux_policycap_names[]" const char *
UPSTREAM: selinux: refactor sidtab conversion
BACKPORT: selinux: wrap AVC state
UPSTREAM: selinux: wrap selinuxfs state
UPSTREAM: selinux: rename the {is,set}_enforcing() functions
BACKPORT: selinux: wrap global selinux state
UPSTREAM: selinux: Use kmem_cache for hashtab_node
BACKPORT: perf_event: Add support for LSM and SELinux checks
UPSTREAM: binder: Add binder_proc logging to binderfs
UPSTREAM: binder: Make transaction_log available in binderfs
UPSTREAM: binder: Add stats, state and transactions files
UPSTREAM: binder: add a mount option to show global stats
UPSTREAM: binder: Validate the default binderfs device names.
UPSTREAM: binder: Add default binder devices through binderfs when configured
UPSTREAM: binder: fix CONFIG_ANDROID_BINDER_DEVICES
UPSTREAM: android: binder: use kstrdup instead of open-coding it
UPSTREAM: binderfs: remove separate device_initcall()
BACKPORT: binderfs: respect limit on binder control creation
UPSTREAM: binderfs: switch from d_add() to d_instantiate()
UPSTREAM: binderfs: drop lock in binderfs_binder_ctl_create
UPSTREAM: binderfs: kill_litter_super() before cleanup
UPSTREAM: binderfs: rework binderfs_binder_device_create()
UPSTREAM: binderfs: rework binderfs_fill_super()
UPSTREAM: binderfs: prevent renaming the control dentry
UPSTREAM: binderfs: remove outdated comment
UPSTREAM: binderfs: fix error return code in binderfs_fill_super()
UPSTREAM: binderfs: handle !CONFIG_IPC_NS builds
BACKPORT: binderfs: reserve devices for initial mount
UPSTREAM: binderfs: rename header to binderfs.h
BACKPORT: binderfs: implement "max" mount option
UPSTREAM: binderfs: make each binderfs mount a new instance
UPSTREAM: binderfs: remove wrong kern_mount() call
BACKPORT: binder: implement binderfs
UPSTREAM: binder: remove BINDER_DEBUG_ENTRY()
UPSTREAM: seq_file: Introduce DEFINE_SHOW_ATTRIBUTE() helper macro
UPSTREAM: exit: panic before exit_mm() on global init exit
Conflicts:
drivers/gpu/drm/drm_property.c
security/selinux/avc.c
security/selinux/hooks.c
security/selinux/include/security.h
security/selinux/ss/services.c
Changed below files to fix build errors:
gen_headers_arm64.bp
gen_headers_arm.bp
Change-Id: Ie7e5cd66a03cfaa765a491598302b8f073ac159c
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
|
Arnd Bergmann
|
2e3f1f153b |
compat_ioctl: handle SIOCOUTQNSD
commit 9d7bf41fafa5b5ddd4c13eb39446b0045f0a8167 upstream.
Unlike the normal SIOCOUTQ, SIOCOUTQNSD was never handled in compat
mode. Add it to the common socket compat handler along with similar
ones.
Fixes:
|
||
|
Jens Axboe
|
f42504ab0a |
net: make socket read/write_iter() honor IOCB_NOWAIT
[ Upstream commit ebfcd8955c0b52eb793bcbc9e71140e3d0cdb228 ] The socket read/write helpers only look at the file O_NONBLOCK. not the iocb IOCB_NOWAIT flag. This breaks users like preadv2/pwritev2 and io_uring that rely on not having the file itself marked nonblocking, but rather the iocb itself. Cc: netdev@vger.kernel.org Acked-by: David Miller <davem@davemloft.net> Signed-off-by: Jens Axboe <axboe@kernel.dk> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Blagovest Kolenichev
|
8b902c6d60 |
Merge android-4.14-q.140 (2f8eadd) into msm-4.14
* refs/heads/tmp-2f8eadd: Linux 4.14.140 xfrm: policy: remove pcpu policy cache mmc: sdhci-of-arasan: Do now show error message in case of deffered probe bonding: Add vlan tx offload to hw_enc_features team: Add vlan tx offload to hw_enc_features net/mlx5e: Use flow keys dissector to parse packets for ARFS net/mlx5e: Only support tx/rx pause setting for port owner xen/netback: Reset nr_frags before freeing skb sctp: fix the transport error_count check net/packet: fix race in tpacket_snd() net/mlx4_en: fix a memory leak bug bnx2x: Fix VF's VLAN reconfiguration in reload. iommu/amd: Move iommu_init_pci() to .init section Input: psmouse - fix build error of multiple definition netfilter: conntrack: Use consistent ct id hash calculation arm64: ftrace: Ensure module ftrace trampoline is coherent with I-side arm64: compat: Allow single-byte watchpoints on all addresses Revert "tcp: Clear sk_send_head after purging the write queue" bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K USB: serial: option: Add Motorola modem UARTs USB: serial: option: add the BroadMobi BM818 card USB: serial: option: Add support for ZTE MF871A USB: serial: option: add D-Link DWM-222 device ID USB: CDC: fix sanity checks in CDC union parser usb: cdc-acm: make sure a refcount is taken early enough usb: gadget: udc: renesas_usb3: Fix sysfs interface of "role" USB: core: Fix races in character device registration and deregistraion iio: adc: max9611: Fix temperature reading in probe staging: comedi: dt3000: Fix rounding up of timer divisor staging: comedi: dt3000: Fix signed integer overflow 'divider * base' KVM: arm/arm64: Sync ICH_VMCR_EL2 back when about to block asm-generic: fix -Wtype-limits compiler warnings ocfs2: remove set but not used variable 'last_hash' drm: msm: Fix add_gpu_components IB/mad: Fix use-after-free in ib mad completion handling IB/core: Add mitigation for Spectre V1 arm64/mm: fix variable 'pud' set but not used arm64: unwind: Prohibit probing on return_address() arm64/efi: fix variable 'si' set but not used kbuild: modpost: handle KBUILD_EXTRA_SYMBOLS only for external modules ata: libahci: do not complain in case of deferred probe scsi: qla2xxx: Fix possible fcport null-pointer dereferences scsi: hpsa: correct scsi command status issue after reset drm/bridge: lvds-encoder: Fix build error while CONFIG_DRM_KMS_HELPER=m libata: zpodd: Fix small read overflow in zpodd_get_mech_type() perf header: Fix use of unitialized value warning perf header: Fix divide by zero error if f_header.attr_size==0 irqchip/irq-imx-gpcv2: Forward irq type to parent irqchip/gic-v3-its: Free unused vpt_page when alloc vpe table fail xen/pciback: remove set but not used variable 'old_state' clk: renesas: cpg-mssr: Fix reset control race condition clk: at91: generated: Truncate divisor to GENERATED_MAX_DIV + 1 netfilter: ebtables: also count base chain policies net: usb: pegasus: fix improper read if get_registers() fail Input: iforce - add sanity checks Input: kbtab - sanity check for endpoint type HID: hiddev: do cleanup in failure of opening a device HID: hiddev: avoid opening a disconnected device HID: holtek: test for sanity of intfdata ALSA: hda - Let all conexant codec enter D3 when rebooting ALSA: hda - Add a generic reboot_notify ALSA: hda - Fix a memory leak bug ALSA: hda - Apply workaround for another AMD chip 1022:1487 xtensa: add missing isync to the cpu_reset TLB code x86/mm: Use WRITE_ONCE() when setting PTEs bpf: add bpf_jit_limit knob to restrict unpriv allocations bpf: restrict access to core bpf sysctls bpf: get rid of pure_initcall dependency to enable jits mm/memcontrol.c: fix use after free in mem_cgroup_iter() mm/usercopy: use memory range to be accessed for wraparound check sh: kernel: hw_breakpoint: Fix missing break in switch statement scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA Change-Id: I6365fb1dd47655e268bbd361acf0ad5e7ff9d433 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Daniel Borkmann
|
234646dcfc |
bpf: get rid of pure_initcall dependency to enable jits
commit fa9dd599b4dae841924b022768354cfde9affecb upstream. Having a pure_initcall() callback just to permanently enable BPF JITs under CONFIG_BPF_JIT_ALWAYS_ON is unnecessary and could leave a small race window in future where JIT is still disabled on boot. Since we know about the setting at compilation time anyway, just initialize it properly there. Also consolidate all the individual bpf_jit_enable variables into a single one and move them under one location. Moreover, don't allow for setting unspecified garbage values on them. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Alexei Starovoitov <ast@kernel.org> [bwh: Backported to 4.14 as dependency of commit 2e4a30983b0f "bpf: restrict access to core bpf sysctls": - Adjust context] Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
b36940959e |
Merge android-4.14.106 (8ed9bc6) into msm-4.14
* refs/heads/tmp-8ed9bc6:
Revert "staging: android: ion: fix sys heap pool's gfp_flags"
Linux 4.14.106
perf/x86/intel: Implement support for TSX Force Abort
x86: Add TSX Force Abort CPUID/MSR
perf/x86/intel: Generalize dynamic constraint creation
perf/x86/intel: Make cpuc allocations consistent
driver core: Postpone DMA tear-down until after devres release
ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
gfs2: Fix missed wakeups in find_insert_glock
ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
drm: disable uncached DMA optimization for ARM and arm64
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
arm64: dts: hikey: Give wifi some time after power-on
scsi: aacraid: Fix missing break in switch statement
iscsi_ibft: Fix missing break in switch statement
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
qed: Consider TX tcs while deriving the max num_queues for PF.
qed: Fix EQ full firmware assert.
fs: ratelimit __find_get_block_slow() failure message.
i2c: omap: Use noirq system sleep pm ops to idle device for suspend
MIPS: Remove function size check in get_frame_info()
perf trace: Support multiple "vfs_getname" probes
perf symbols: Filter out hidden symbols from labels
s390/qeth: fix use-after-free in error path
netfilter: nf_nat: skip nat clash resolution for same-origin entries
selftests: netfilter: add simple masq/redirect test cases
selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
dmaengine: dmatest: Abort test in case of mapping error
vsock/virtio: reset connected sockets on device removal
vsock/virtio: fix kernel panic after device hot-unplug
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
bpf: fix lockdep false positive in percpu_freelist
bpf, selftests: fix handling of sparse CPU allocations
relay: check return of create_buf_file() properly
irqchip/gic-v3-its: Fix ITT_entry_size accessor
net: stmmac: Disable EEE mode earlier in XMIT callback
net: stmmac: Send TSO packets always from Queue 0
net: stmmac: Fallback to Platform Data clock in Watchdog conversion
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
usb: phy: fix link errors
DTS: CI20: Fix bugs in ci20's device tree.
arm64: dts: add msm8996 compatible to gicv3
ARM: pxa: ssp: unneeded to free devm_ allocated data
bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt()
soc: fsl: qbman: avoid race in clearing QMan interrupt
arm64: dts: renesas: r8a7796: Enable DMA for SCIF2
ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags
autofs: fix error return in autofs_fill_super()
autofs: drop dentry reference only when it is never used
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
lib/test_kmod.c: potential double free in error handling
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
x86_64: increase stack size for KASAN_EXTRA
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
apparmor: Fix aa_label_build() error handling for failed merges
arm64: kprobe: Always blacklist the KVM world-switch code
x86/microcode/amd: Don't falsely trick the late loading mechanism
cifs: fix computation for MAX_SMB2_HDR_SIZE
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
scsi: libfc: free skb when receiving invalid flogi resp
qed: Fix stack out of bounds bug
qed: Fix system crash in ll2 xmit
qed: Fix VF probe failure while FLR
qed: Fix LACP pdu drops for VFs
qed: Fix bug in tx promiscuous mode settings
nfs: Fix NULL pointer dereference of dev_name
selftests: timers: use LDLIBS instead of LDFLAGS
gpio: vf610: Mask all GPIO interrupts
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: hns: Restart autoneg need return failed when autoneg off
net: hns: Fix for missing of_node_put() after of_parse_phandle()
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
xtensa: SMP: limit number of possible CPUs by NR_CPUS
xtensa: SMP: mark each possible CPU as present
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: fix secondary CPU initialization
selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
xtensa: SMP: fix ccount_timer_shutdown
iommu/amd: Fix IOMMU page flush when detach device from a domain
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Unmap all mapped pages in error path of map_sg
iommu/amd: Call free_iova_fast with pfn in map_sg
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
perf tools: Handle TOPOLOGY headers with no CPU
perf core: Fix perf_proc_update_handler() bug
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
media: uvcvideo: Fix 'type' check leading to overflow
scsi: core: reset host byte in DID_NEXUS_FAILURE case
exec: Fix mem leak in kernel_read_file
Bluetooth: Fix locking in bt_accept_enqueue() for BH context
xtensa: fix get_wchan
hugetlbfs: fix races and page leaks during migration
MIPS: irq: Allocate accurate order pages for irq stack
applicom: Fix potential Spectre v1 vulnerabilities
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
net: dsa: mv88e6xxx: Fix statistics on mv88e6161
net: phy: Micrel KSZ8061: link failure after cable connect
tun: remove unnecessary memory barrier
tun: fix blocking read
mpls: Return error for RTA_GATEWAY attribute
ipv6: Return error for RTA_VIA attribute
ipv4: Return error for RTA_VIA attribute
net: avoid use IPCB in cipso_v4_error
net: Add __icmp_send helper.
xen-netback: fix occasional leak of grant ref mappings under memory pressure
xen-netback: don't populate the hash cache on XenBus disconnect
net: socket: set sock->sk to NULL after calling proto_ops::release()
net: sit: fix memory leak in sit_init_net()
net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
net: netem: fix skb length BUG_ON in __skb_to_sgvec
netlabel: fix out-of-bounds memory accesses
net: dsa: mv88e6xxx: Fix u64 statistics
hv_netvsc: Fix IP header checksum for coalesced packets
geneve: correctly handle ipv6.disable module parameter
bnxt_en: Drop oversize TX packets to prevent errors.
tipc: fix RDM/DGRAM connect() regression
team: Free BPF filter when unregistering netdev
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
net-sysfs: Fix mem leak in netdev_register_kobject
net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
staging: android: ion: fix sys heap pool's gfp_flags
staging: wilc1000: fix to set correct value for 'vif_num'
staging: comedi: ni_660x: fix missing break in switch statement
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: option: add Telit ME910 ECM composition
cpufreq: Use struct kobj_attribute instead of struct global_attr
ANDROID: cuttlefish: enable CONFIG_INET_UDP_DIAG=y
ANDROID: cuttlefish: enable CONFIG_USB_RTL8152=y
Change-Id: Id5bc9a3c0ca235fcf07904455ea829c7f49618ad
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Eric Biggers
|
e5e8350da5 |
net: socket: set sock->sk to NULL after calling proto_ops::release()
[ Upstream commit ff7b11aa481f682e0e9711abfeb7d03f5cd612bf ]
Commit 9060cb719e61 ("net: crypto set sk to NULL when af_alg_release.")
fixed a use-after-free in sockfs_setattr() when an AF_ALG socket is
closed concurrently with fchownat(). However, it ignored that many
other proto_ops::release() methods don't set sock->sk to NULL and
therefore allow the same use-after-free:
- base_sock_release
- bnep_sock_release
- cmtp_sock_release
- data_sock_release
- dn_release
- hci_sock_release
- hidp_sock_release
- iucv_sock_release
- l2cap_sock_release
- llcp_sock_release
- llc_ui_release
- rawsock_release
- rfcomm_sock_release
- sco_sock_release
- svc_release
- vcc_release
- x25_release
Rather than fixing all these and relying on every socket type to get
this right forever, just make __sock_release() set sock->sk to NULL
itself after calling proto_ops::release().
Reproducer that produces the KASAN splat when any of these socket types
are configured into the kernel:
#include <pthread.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <unistd.h>
pthread_t t;
volatile int fd;
void *close_thread(void *arg)
{
for (;;) {
usleep(rand() % 100);
close(fd);
}
}
int main()
{
pthread_create(&t, NULL, close_thread, NULL);
for (;;) {
fd = socket(rand() % 50, rand() % 11, 0);
fchownat(fd, "", 1000, 1000, 0x1000);
close(fd);
}
}
Fixes:
|
||
|
Blagovest Kolenichev
|
07d9065fbe |
Merge android-4.14-p.79 (f9cf23e) into msm-4.14
* refs/heads/tmp-f9cf23e: Revert "net: qualcomm: rmnet: Skip processing loopback packets" Linux 4.14.79 net/mlx5: Fix build break when CONFIG_SMP=n net/sched: cls_api: add missing validation of netlink attributes net: bcmgenet: Poll internal PHY for GENETv5 net: ipmr: fix unresolved entry dumps rtnetlink: Disallow FDB configuration for non-Ethernet device net/mlx5e: fix csum adjustments caused by RXFCS net: fix pskb_trim_rcsum_slow() with odd trim offset net: drop skb on failure in ip_check_defrag() net: sched: Fix for duplicate class dump net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type openvswitch: Fix push/pop ethernet validation ip6_tunnel: Fix encapsulation layout bonding: fix length of actor system ethtool: fix a privilege escalation bug virtio_net: avoid using netif_tx_disable() for serializing tx routine vhost: Fix Spectre V1 vulnerability udp6: fix encap return code for resubmitting sctp: fix race on sctp_id2asoc r8169: fix NAPI handling under high load net: udp: fix handling of CHECKSUM_COMPLETE packets net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules net: socket: fix a missing-check bug net: sched: gred: pass the right attribute to gred_change_table_def() net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs net: fec: don't dump RX FIFO register when not available llc: set SOCK_RCU_FREE in llc_sap_add_socket() ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called ipv6: mcast: fix a use-after-free in inet6_mc_check net: bridge: remove ipv6 zero address check in mcast queries bridge: do not add port to router list when receives query with source 0.0.0.0 drm/i915/gvt: fix memory leak of a cmd_entry struct on error exit path perf tools: Disable parallelism for 'make clean' Revert "netfilter: ipv6: nf_defrag: drop skb dst before queueing" ALSA: usx2y: Fix invalid stream URBs media: uvcvideo: Fix driver reference counting ARM: dts: r8a7790: Correct critical CPU temperature kvm: x86: fix WARN due to uninitialized guest FPU state mtd: spi-nor: Add support for is25wp series chips sch_netem: restore skb->dev after dequeuing from the rbtree fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters() selftests: rtnetlink.sh explicitly requires bash. net: ena: fix NULL dereference due to untimely napi initialization net: ena: fix warning in rmmod caused by double iounmap rxrpc: Fix connection-level abort handling rxrpc: Only take the rwind and mtu values from latest ACK rxrpc: Don't check RXRPC_CALL_TX_LAST after calling rxrpc_rotate_tx_window() perf python: Use -Wno-redundant-decls to build with PYTHON=python3 ARM: dts: imx53-qsb: disable 1.2GHz OPP compiler.h: Allow arch-specific asm/compiler.h perf tests: Fix indexing when invoking subtests libertas: call into generic suspend code before turning off power kconfig: fix the rule of mainmenu_stmt symbol net: stmmac: mark PM functions as __maybe_unused x86/paravirt: Fix some warning messages net: phy: phylink: Don't release NULL GPIO btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf scsi: sd: Remember that READ CAPACITY(16) succeeded scsi: ibmvfc: Avoid unnecessary port relogin selftests/powerpc: Add ptrace hw breakpoint test iio: buffer: fix the function signature to match implementation enic: do not overwrite error code lan78xx: Don't reset the interface on open MIPS: Workaround GCC __builtin_unreachable reordering bug mmc: dw_mmc-rockchip: correct property names in debug IB/usnic: Update with bug fixes from core code xen-netfront: Fix mismatched rtnl_unlock xen-netfront: Update features after registering netdev tpm: tpm_crb: relinquish locality on error path. bpf: sockmap, map_release does not hold refcnt for pinned maps tpm: move the delay_msec increment after sleep in tpm_transmit() sparc64: Fix regression in pmdp_invalidate(). KVM: x86: Update the exit_qualification access bits while walking an address test_bpf: Fix testing with CONFIG_BPF_JIT_ALWAYS_ON=y on other arches cifs: Use ULL suffix for 64-bit constant l2tp: remove configurable payload offset ARM: tegra: Fix ULPI regression on Tegra20 IB/mlx5: Avoid passing an invalid QP type to firmware kbuild: set no-integrated-as before incl. arch Makefile scsi: qla2xxx: Avoid double completion of abort command net/mlx5e: Refine ets validation function net: phy: Add general dummy stubs for MMD register access net: phy: realtek: Use the dummy stubs for MMD register access for rtl8211b dm integrity: fail early if required HMAC key is not available powerpc/pseries: Add empty update_numa_cpu_lookup_table() for NUMA=n net/mlx5: Fix mlx5_get_vector_affinity function s390/qeth: fix error handling in adapter command callbacks IB/rxe: put the pool on allocation failure IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush scsi: aacraid: address UBSAN warning regression usbip: vhci_hcd: update 'status' file header and format tools/testing/nvdimm: unit test clear-error commands iwlwifi: fix the ALIVE notification layout iwlwifi: dbg: allow wrt collection before ALIVE iwlwifi: mvm: check for short GI only for OFDM ocfs2: fix crash in ocfs2_duplicate_clusters_by_page() yam: fix a missing-check bug net: cxgb3_main: fix a missing-check bug be2net: don't flip hw_features when VXLANs are added/deleted locking/ww_mutex: Fix runtime warning in the WW mutex selftest net: qualcomm: rmnet: Skip processing loopback packets declance: Fix continuation with the adapter identification message net: fec: fix rare tx timeout perf/x86/amd/uncore: Set ThreadMask and SliceMask for L3 Cache perf events perf/x86/intel/uncore: Fix PCI BDF address of M3UPI on SKX perf/ring_buffer: Prevent concurent ring buffer access perf/core: Fix perf_pmu_unregister() locking cfg80211: fix use-after-free in reg_process_hint() smsc95xx: Check for Wake-on-LAN modes smsc75xx: Check for Wake-on-LAN modes r8152: Check for supported Wake-on-LAN Modes sr9800: Check for supported Wake-on-LAN modes lan78xx: Check for supported Wake-on-LAN modes ax88179_178a: Check for supported Wake-on-LAN modes asix: Check for supported Wake-on-LAN modes nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds qed: Avoid implicit enum conversion in qed_iwarp_parse_rx_pkt qed: Avoid constant logical operation warning in qed_vf_pf_acquire qed: Avoid implicit enum conversion in qed_roce_mode_to_flavor qed: Fix mask parameter in qed_vf_prep_tunn_req_tlv qed: Avoid implicit enum conversion in qed_set_tunn_cls_info pxa168fb: prepare the clock Bluetooth: SMP: fix crash in unpairing mac80211_hwsim: do not omit multicast announce of first added radio nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT soc: fsl: qe: Fix copy/paste bug in ucc_get_tdm_sync_shift() soc: fsl: qbman: qman: avoid allocating from non existing gen_pool net: macb: Clean 64b dma addresses if they are not detected ARM: dts: BCM63xx: Fix incorrect interrupt specifiers arm64: hugetlb: Fix handling of young ptes netfilter: bridge: Don't sabotage nf_hook calls from an l3mdev xfrm: validate template mode ARM: 8799/1: mm: fix pci_ioremap_io() offset check xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry. mac80211: fix TX status reporting for ieee80211s mac80211: TDLS: fix skb queue/priority assignment cfg80211: Address some corner cases in scan result channel updating mac80211: fix pending queue hang due to TX_DROP cfg80211: reg: Init wiphy_idx in regulatory_hint_core() mac80211: Always report TX status xfrm: reset crypto_done when iterating over multiple input xfrms xfrm: reset transport header back to network header after all input transforms ahave been applied xfrm6: call kfree_skb when skb is toobig xfrm: Validate address prefix lengths in the xfrm selector. Conflicts: arch/Kconfig Change-Id: I93e1459c0e7511f2d30bd01fc3f5bf81f23a7bf6 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Wenwen Wang
|
7d58456872 |
net: socket: fix a missing-check bug
[ Upstream commit b6168562c8ce2bd5a30e213021650422e08764dc ] In ethtool_ioctl(), the ioctl command 'ethcmd' is checked through a switch statement to see whether it is necessary to pre-process the ethtool structure, because, as mentioned in the comment, the structure ethtool_rxnfc is defined with padding. If yes, a user-space buffer 'rxnfc' is allocated through compat_alloc_user_space(). One thing to note here is that, if 'ethcmd' is ETHTOOL_GRXCLSRLALL, the size of the buffer 'rxnfc' is partially determined by 'rule_cnt', which is actually acquired from the user-space buffer 'compat_rxnfc', i.e., 'compat_rxnfc->rule_cnt', through get_user(). After 'rxnfc' is allocated, the data in the original user-space buffer 'compat_rxnfc' is then copied to 'rxnfc' through copy_in_user(), including the 'rule_cnt' field. However, after this copy, no check is re-enforced on 'rxnfc->rule_cnt'. So it is possible that a malicious user race to change the value in the 'compat_rxnfc->rule_cnt' between these two copies. Through this way, the attacker can bypass the previous check on 'rule_cnt' and inject malicious data. This can cause undefined behavior of the kernel and introduce potential security risk. This patch avoids the above issue via copying the value acquired by get_user() to 'rxnfc->rule_cn', if 'ethcmd' is ETHTOOL_GRXCLSRLALL. Signed-off-by: Wenwen Wang <wang6495@umn.edu> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Isaac J. Manjarres
|
b2c8463039 |
Merge android-4.14-p.61 (b7e55e8) into msm-4.14
* remotes/origin/tmp-b7e55e8:
Linux 4.14.61
scsi: sg: fix minor memory leak in error path
drm/vc4: Reset ->{x, y}_scaling[1] when dealing with uniplanar formats
crypto: padlock-aes - Fix Nano workaround data corruption
RDMA/uverbs: Expand primary and alt AV port checks
iwlwifi: add more card IDs for 9000 series
userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails
audit: fix potential null dereference 'context->module.name'
kvm: x86: vmx: fix vpid leak
x86/entry/64: Remove %ebx handling from error_entry/exit
x86/apic: Future-proof the TSC_DEADLINE quirk for SKX
virtio_balloon: fix another race between migration and ballooning
net: socket: fix potential spectre v1 gadget in socketcall
can: ems_usb: Fix memory leak on ems_usb_disconnect()
squashfs: more metadata hardenings
squashfs: more metadata hardening
net/mlx5e: E-Switch, Initialize eswitch only if eswitch manager
rxrpc: Fix user call ID check in rxrpc_service_prealloc_one
net: stmmac: Fix WoL for PCI-based setups
netlink: Fix spectre v1 gadget in netlink_create()
net: dsa: Do not suspend/resume closed slave_dev
ipv4: frags: handle possible skb truesize change
inet: frag: enforce memory limits earlier
bonding: avoid lockdep confusion in bond_get_stats()
Linux 4.14.60
tcp: add one more quick ack after after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: do not aggressively quick ack after ECN events
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not force quickack when receiving out-of-order packets
netlink: Don't shift with UB on nlk->ngroups
netlink: Do not subscribe to non-existent groups
xen-netfront: wait xenbus state change when load module manually
tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
NET: stmmac: align DMA stuff to largest cache line length
net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
net: lan78xx: fix rx handling before first packet is send
net: fix amd-xgbe flow-control issue
net: ena: Fix use of uninitialized DMA address bits field
ipv4: remove BUG_ON() from fib_compute_spec_dst
net: dsa: qca8k: Allow overwriting CPU port setting
net: dsa: qca8k: Add QCA8334 binding documentation
net: dsa: qca8k: Enable RXMAC when bringing up a port
net: dsa: qca8k: Force CPU port to its highest bandwidth
RDMA/uverbs: Protect from attempts to create flows on unsupported QP
usb: gadget: udc: renesas_usb3: should remove debugfs
ovl: Sync upper dirty data when syncing overlayfs
PCI: xgene: Remove leftover pci_scan_child_bus() call
PCI: pciehp: Assume NoCompl+ for Thunderbolt ports
ext4: fix check to prevent initializing reserved inodes
ext4: check for allocation block validity with block group locked
ext4: fix inline data updates with checksums enabled
squashfs: be more careful about metadata corruption
random: mix rdrand with entropy sent in from userspace
block: reset bi_iter.bi_done after splitting bio
blkdev: __blkdev_direct_IO_simple: fix leak in error case
block: bio_iov_iter_get_pages: fix size of last iovec
drm/dp/mst: Fix off-by-one typo when dump payload table
drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown()
drm: Add DP PSR2 sink enable bit
ASoC: topology: Add missing clock gating parameter when parsing hw_configs
ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
media: si470x: fix __be16 annotations
media: atomisp: compat32: fix __user annotations
scsi: cxlflash: Avoid clobbering context control register value
scsi: cxlflash: Synchronize reset and remove ops
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: scsi_dh: replace too broad "TP9" string with the exact models
regulator: Don't return or expect -errno from of_map_mode()
media: omap3isp: fix unbalanced dma_iommu_mapping
crypto: authenc - don't leak pointers to authenc keys
crypto: authencesn - don't leak pointers to authenc keys
usb: hub: Don't wait for connect state at resume for powered-off ports
microblaze: Fix simpleImage format generation
soc: imx: gpcv2: Do not pass static memory as platform data
serial: core: Make sure compiler barfs for 16-byte earlycon names
staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
staging: lustre: llite: correct removexattr detection
staging: vchiq_core: Fix missing semaphore release in error case
audit: allow not equal op for audit by executable
rsi: fix nommu_map_sg overflow kernel panic
rsi: Fix 'invalid vdd' warning in mmc
ipconfig: Correctly initialise ic_nameservers
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
igb: Fix queue selection on MAC filters on i210
arm64: defconfig: Enable Rockchip io-domain driver
nvme: lightnvm: add granby support
memory: tegra: Apply interrupts mask per SoC
memory: tegra: Do not handle spurious interrupts
delayacct: Use raw_spinlocks
stop_machine: Use raw spinlocks
backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
net: hns3: Fixes the out of bounds access in hclge_map_tqp
spi: meson-spicc: Fix error handling in meson_spicc_probe()
dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
mmc: pwrseq: Use kmalloc_array instead of stack VLA
mmc: dw_mmc: update actual clock for mmc debugfs
ALSA: hda/ca0132: fix build failure when a local macro is defined
drm/atomic: Handling the case when setting old crtc for plane
media: siano: get rid of __le32/__le16 cast warnings
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
bpf: fix references to free_bpf_prog_info() in comments
thermal: exynos: fix setting rising_threshold for Exynos5433
staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
scsi: qedf: Set the UNLOADING flag when removing a vport
scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
scsi: megaraid: silence a static checker bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: 3w-9xxx: fix a missing-check bug
bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
perf: fix invalid bit in diagnostic entry
s390/cpum_sf: Add data entry sizes to sampling trailer entry
brcmfmac: Add support for bcm43364 wireless chipset
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
media: saa7164: Fix driver name in debug output
media: media-device: fix ioctl function types
ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
libata: Fix command retry decision
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
net: phy: phylink: Release link GPIO
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
tty: Fix data race in tty_insert_flip_string_fixed_flag
i40e: free the skb after clearing the bitlock
nvmem: properly handle returned value nvmem_reg_read
ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
ARM: dts: emev2: Add missing interrupt-affinity to PMU node
ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
EDAC, altera: Fix ARM64 build warning
HID: i2c-hid: check if device is there before really probing
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
drm/amdgpu: Remove VRAM from shared bo domains.
drm/radeon: fix mode_valid's return type
arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
HID: hid-plantronics: Re-resend Update to map button for PTT products
arm64: cmpwait: Clear event register before arming exclusive monitor
media: atomisp: ov2680: don't declare unused vars
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
media: smiapp: fix timeout checking in smiapp_read_nvm
ixgbevf: fix MAC address changes through ixgbevf_set_mac()
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
md/raid1: add error handling of read error from FailFast device
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
ALSA: emu10k1: Rate-limit error messages about page errors
rtc: tps65910: fix possible race condition
rtc: vr41xx: fix possible race condition
rtc: tps6586x: fix possible race condition
Bluetooth: btusb: add ID for LiteOn 04ca:301a
drm/nouveau/fifo/gk104-: poll for runlist update completion
scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
scsi: ufs: fix exception event handling
scsi: ufs: ufshcd: fix possible unclocked register access
fscrypt: use unbound workqueue for decryption
net: hns3: Fix the missing client list node initialization
spi: Add missing pm_runtime_put_noidle() after failed get
drivers/perf: arm-ccn: don't log to dmesg in event_init
ima: based on policy verify firmware signatures (pre-allocated buffer)
mwifiex: correct histogram data with appropriate index
net: dsa: qca8k: Add support for QCA8334 switch
PCI: pciehp: Request control of native hotplug only if supported
bpf: powerpc64: pad function address loads with NOPs
pinctrl: at91-pio4: add missing of_node_put
powerpc/8xx: fix invalid register expression in head_8xx.S
spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
powerpc: Add __printf verification to prom_printf
powerpc/powermac: Mark variable x as unused
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/32: Add a missing include header
ath: Add regulatory mapping for Bahamas
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for FCC3_ETSIC
nvme-pci: Fix AER reset handling
nvme-rdma: stop admin queue before freeing it
PCI: Prevent sysfs disable of device while driver is attached
PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
x86/microcode: Make the late update update_lock a raw lock for RT
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
Btrfs: don't return ino to ino cache if inode item removal fails
media: videobuf2-core: don't call memop 'finish' when queueing
media: tw686x: Fix incorrect vb2_mem_ops GFP flags
net: hns3: Fixes the init of the VALID BD info in the descriptor
wlcore: sdio: check for valid platform device data before suspend
mwifiex: handle race during mwifiex_usb_disconnect
mfd: cros_ec: Fail early if we cannot identify the EC
ASoC: dpcm: fix BE dai not hw_free and shutdown
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
iwlwifi: pcie: fix race in Rx buffer allocator
btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
PCI: Fix devm_pci_alloc_host_bridge() memory leak
selftests: intel_pstate: return Kselftest Skip code for skipped tests
selftests: memfd: return Kselftest Skip code for skipped tests
selftests/intel_pstate: Improve test, minor fixes
perf/x86/intel/uncore: Correct fixed counter index check for NHM
perf/x86/intel/uncore: Correct fixed counter index check in generic code
usbip: dynamically allocate idev by nports found in sysfs
usbip: usbip_detach: Fix memory, udev context and udev leak
block, bfq: remove wrong lock in bfq_requests_merged
f2fs: fix race in between GC and atomic open
f2fs: fix to detect failure of dquot_initialize
f2fs: Fix deadlock in shutdown ioctl
f2fs: fix to wait page writeback during revoking atomic write
f2fs: fix to don't trigger writeback during recovery
f2fs: fix error path of move_data_page
disable loading f2fs module on PAGE_SIZE > 4KB
pnfs: Don't release the sequence slot until we've processed layoutget on open
netfilter: nf_tables: check msg_type before nft_trans_set(trans)
lightnvm: pblk: warn in case of corrupted write buffer
RDMA/mad: Convert BUG_ONs to error flows
powerpc/64s: Fix compiler store ordering to SLB shadow area
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/eeh: Fix use-after-release of EEH driver
powerpc/64s: Add barrier_nospec
powerpc/lib: Adjust .balign inside string functions for PPC32
infiniband: fix a possible use-after-free bug
e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
ceph: fix alignment of rasize
bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
printk: drop in_nmi check from printk_safe_flush_on_panic()
watchdog: da9063: Fix updating timeout value
irqchip/ls-scfg-msi: Map MSIs in the iommu
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
netfilter: ipset: forbid family for hash:mac sets
perf tools: Fix pmu events parsing rule
rtc: ensure rtc_set_alarm fails when alarms are not supported
mm/slub.c: add __printf verification to slab_err()
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm: /proc/pid/pagemap: hide swap entries from unprivileged users
kernel/hung_task.c: show all hung tasks before panic
vfio/type1: Fix task tracking for QEMU vCPU hotplug
vfio/mdev: Check globally for duplicate devices
vfio: platform: Fix reset module leak in error path
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
ALSA: fm801: add error handling for snd_ctl_add
ALSA: emu10k1: add error handling for snd_ctl_add
skip LAYOUTRETURN if layout is invalid
hv_netvsc: fix network namespace issues with VF support
xen/netfront: raise max number of slots in xennet_get_responses()
kcov: ensure irq code sees a valid area
mlxsw: spectrum_switchdev: Fix port_vlan refcounting
arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
tracing: Quiet gcc warning about maybe unused link variable
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
kthread, tracing: Don't expose half-written comm when creating kthreads
tracing: Fix possible double free in event_enable_trigger_func()
tracing: Fix double free of event_trigger_data
delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
kvm, mm: account shadow page tables to kmemcg
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
spi: spi-s3c64xx: Fix system resume support
drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
i2c: core: decrease reference count of device node in i2c_unregister_device
fork: unconditionally clear stack on fork
Linux 4.14.59
turn off -Wattribute-alias
can: m_can.c: fix setup of CCCR register: clear CCCR NISO bit before checking can.ctrlmode
can: peak_canfd: fix firmware < v3.3.0: limit allocation to 32-bit DMA addr only
can: xilinx_can: fix RX overflow interrupt not being enabled
can: xilinx_can: fix incorrect clear of non-processed interrupts
can: xilinx_can: keep only 1-2 frames in TX FIFO to fix TX accounting
can: xilinx_can: fix device dropping off bus on RX overrun
can: xilinx_can: fix recovery from error states not being propagated
can: xilinx_can: fix power management handling
can: xilinx_can: fix RX loop if RXNEMP is asserted without RXOK
driver core: Partially revert "driver core: correct device's shutdown order"
usb: gadget: f_fs: Only return delayed status when len is 0
usb: dwc2: Fix DMA alignment to start at allocated boundary
usb: core: handle hub C_PORT_OVER_CURRENT condition
usb: cdc_acm: Add quirk for Castles VEGA3000
staging: speakup: fix wraparound in uaccess length check
tcp: add tcp_ooo_try_coalesce() helper
tcp: call tcp_drop() from tcp_data_queue_ofo()
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
tcp: avoid collapses in tcp_prune_queue() if possible
tcp: free batches of packets in tcp_prune_ofo_queue()
tcp: do not delay ACK in DCTCP upon CE status change
tcp: do not cancel delay-AcK on DCTCP special ACK
tcp: helpers to send special DCTCP ack
tcp: fix dctcp delayed ACK schedule
vxlan: fix default fdb entry netlink notify ordering during netdev create
vxlan: make netlink notify in vxlan_fdb_destroy optional
vxlan: add new fdb alloc and create helpers
rtnetlink: add rtnl_link_state check in rtnl_configure_link
sock: fix sg page frag coalescing in sk_alloc_sg
net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv
multicast: do not restore deleted record source filter mode to new one
net/ipv6: Fix linklocal to global address with VRF
net/mlx5e: Fix quota counting in aRFS expire flow
net/mlx5e: Don't allow aRFS for encapsulated packets
net/mlx5: Adjust clock overflow work period
net: skb_segment() should not return NULL
net/mlx4_core: Save the qpn from the input modifier in RST2INIT wrapper
ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull
ip: hash fragments consistently
bonding: set default miimon value for non-arp modes if not set
drm/nouveau: Set DRIVER_ATOMIC cap earlier to fix debugfs
drm/nouveau/drm/nouveau: Fix runtime PM leak in nv50_disp_atomic_commit()
KVM: PPC: Check if IOMMU page is contained in the pinned physical page
xen/PVH: Set up GS segment for stack canary
MIPS: Fix off-by-one in pci_resource_to_user()
MIPS: ath79: fix register address in ath79_ddr_wb_flush()
Revert "cifs: Fix slab-out-of-bounds in send_set_info() on SMB2 ACE setting"
ANDROID: verity: really fix android-verity Kconfig
tcp: add tcp_ooo_try_coalesce() helper
tcp: call tcp_drop() from tcp_data_queue_ofo()
tcp: detect malicious patterns in tcp_collapse_ofo_queue()
tcp: avoid collapses in tcp_prune_queue() if possible
tcp: free batches of packets in tcp_prune_ofo_queue()
x86_64_cuttlefish_defconfig: Enable android-verity
x86_64_cuttlefish_defconfig: enable verity cert
ANDROID: android-verity: Fix broken parameter handling.
ANDROID: android-verity: Make it work with newer kernels
ANDROID: android-verity: Add API to verify signature with builtin keys.
ANDROID: verity: fix android-verity Kconfig dependencies
Linux 4.14.58
xhci: Fix perceived dead host due to runtime suspend race with event handler
powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle)
cxl_getfile(): fix double-iput() on alloc_file() failures
alpha: fix osf_wait4() breakage
net: usb: asix: replace mii_nway_restart in resume path
ipv6: make DAD fail with enhanced DAD when nonce length differs
net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite
net/mlx4_en: Don't reuse RX page when XDP is set
hv_netvsc: Fix napi reschedule while receive completion is busy
tg3: Add higher cpu clock for 5762.
qmi_wwan: add support for Quectel EG91
ptp: fix missing break in switch
net: phy: fix flag masking in __set_phy_supported
net/ipv4: Set oif in fib_compute_spec_dst
skbuff: Unconditionally copy pfmemalloc in __skb_clone()
net: Don't copy pfmemalloc flag in __copy_skb_header()
net: diag: Don't double-free TCP_NEW_SYN_RECV sockets in tcp_abort
lib/rhashtable: consider param->min_size when setting initial table size
ipv6: ila: select CONFIG_DST_CACHE
ipv6: fix useless rol32 call on hash
ipv4: Return EINVAL when ping_group_range sysctl doesn't map to user ns
gen_stats: Fix netlink stats dumping in the presence of padding
drm/nouveau: Avoid looping through fake MST connectors
drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
drm/i915: Fix hotplug irq ack on i965/g4x
stop_machine: Disable preemption when waking two stopper threads
vfio/spapr: Use IOMMU pageshift rather than pagesize
vfio/pci: Fix potential Spectre v1
cpufreq: intel_pstate: Register when ACPI PCCH is present
mm/huge_memory.c: fix data loss when splitting a file pmd
mm: memcg: fix use after free in mem_cgroup_iter()
ARC: mm: allow mprotect to make stack mappings executable
ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
ARC: Fix CONFIG_SWAP
ARCv2: [plat-hsdk]: Save accl reg pair by default
ALSA: hda: add mute led support for HP ProBook 455 G5
ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
ALSA: rawmidi: Change resized buffers atomically
fat: fix memory allocation failure handling of match_strdup()
x86/MCE: Remove min interval polling limitation
x86/events/intel/ds: Fix bts_interrupt_threshold alignment
x86/apm: Don't access __preempt_count with zeroed fs
KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in parallel.
scsi: sd_zbc: Fix variable type and bogus comment
ANDROID: uid_sys_stats: Replace tasklist lock with RCU in uid_cputime_show
Linux 4.14.57
string: drop __must_check from strscpy() and restore strscpy() usages in cgroup
arm64: KVM: Add ARCH_WORKAROUND_2 discovery through ARCH_FEATURES_FUNC_ID
arm64: KVM: Handle guest's ARCH_WORKAROUND_2 requests
arm64: KVM: Add ARCH_WORKAROUND_2 support for guests
arm64: KVM: Add HYP per-cpu accessors
arm64: ssbd: Add prctl interface for per-thread mitigation
arm64: ssbd: Introduce thread flag to control userspace mitigation
arm64: ssbd: Restore mitigation status on CPU resume
arm64: ssbd: Skip apply_ssbd if not using dynamic mitigation
arm64: ssbd: Add global mitigation state accessor
arm64: Add 'ssbd' command-line option
arm64: Add ARCH_WORKAROUND_2 probing
arm64: Add per-cpu infrastructure to call ARCH_WORKAROUND_2
arm64: Call ARCH_WORKAROUND_2 on transitions between EL0 and EL1
arm/arm64: smccc: Add SMCCC-specific return codes
KVM: arm64: Avoid storing the vcpu pointer on the stack
KVM: arm/arm64: Do not use kern_hyp_va() with kvm_vgic_global_state
arm64: alternatives: Add dynamic patching feature
KVM: arm64: Stop save/restoring host tpidr_el1 on VHE
arm64: alternatives: use tpidr_el2 on VHE hosts
KVM: arm64: Change hyp_panic()s dependency on tpidr_el2
KVM: arm/arm64: Convert kvm_host_cpu_state to a static per-cpu allocation
KVM: arm64: Store vcpu on the stack during __guest_enter()
net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL.
rds: avoid unenecessary cong_update in loop transport
bdi: Fix another oops in wb_workfn()
netfilter: ipv6: nf_defrag: drop skb dst before queueing
nsh: set mac len based on inner packet
autofs: fix slab out of bounds read in getname_kernel()
tls: Stricter error checking in zerocopy sendmsg path
KEYS: DNS: fix parsing multiple options
reiserfs: fix buffer overflow with long warning messages
netfilter: ebtables: reject non-bridge targets
PCI: hv: Disable/enable IRQs rather than BH in hv_compose_msi_msg()
block: do not use interruptible wait anywhere
mtd: rawnand: denali_dt: set clk_x_rate to 200 MHz unconditionally
crypto: af_alg - Initialize sg_num_bytes in error code path
clocksource: Initialize cs->wd_list
media: rc: oops in ir_timer_keyup after device unplug
xhci: Fix USB3 NULL pointer dereference at logical disconnect.
net: lan78xx: Fix race in tx pending skb size calculation
rtlwifi: rtl8821ae: fix firmware is not ready to run
rtlwifi: Fix kernel Oops "Fw download fail!!"
net: cxgb3_main: fix potential Spectre v1
VSOCK: fix loopback on big-endian systems
vhost_net: validate sock before trying to put its fd
tcp: prevent bogus FRTO undos with non-SACK flows
tcp: fix Fast Open key endianness
strparser: Remove early eaten to fix full tcp receive buffer stall
stmmac: fix DMA channel hang in half-duplex mode
r8152: napi hangup fix after disconnect
qmi_wwan: add support for the Dell Wireless 5821e module
qed: Limit msix vectors in kdump kernel to the minimum required count.
qed: Fix use of incorrect size in memcpy call.
qed: Fix setting of incorrect eswitch mode.
qede: Adverstise software timestamp caps when PHC is not available.
net/tcp: Fix socket lookups with SO_BINDTODEVICE
net: sungem: fix rx checksum support
net_sched: blackhole: tell upper qdisc about dropped packets
net/packet: fix use-after-free
net: mvneta: fix the Rx desc DMA address in the Rx path
net/mlx5: Fix wrong size allocation for QoS ETC TC regitster
net/mlx5: Fix required capability for manipulating MPFS
net/mlx5: Fix incorrect raw command length parsing
net/mlx5: Fix command interface race in polling mode
net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager
net/mlx5e: Don't attempt to dereference the ppriv struct if not being eswitch manager
net/mlx5e: Avoid dealing with vport representors if not being e-switch manager
net: macb: Fix ptp time adjustment for large negative delta
net: fix use-after-free in GRO with ESP
net: dccp: switch rx_tstamp_last_feedback to monotonic clock
net: dccp: avoid crash in ccid3_hc_rx_send_feedback()
ixgbe: split XDP_TX tail and XDP_REDIRECT map flushing
ipvlan: fix IFLA_MTU ignored on NEWLINK
ipv6: sr: fix passing wrong flags to crypto_alloc_shash()
hv_netvsc: split sub-channel setup into async and sync
atm: zatm: Fix potential Spectre v1
atm: Preserve value of skb->truesize when accounting to vcc
alx: take rtnl before calling __alx_open from resume
crypto: crypto4xx - fix crypto4xx_build_pdr, crypto4xx_build_sdr leak
crypto: crypto4xx - remove bad list_del
PCI: exynos: Fix a potential init_clk_resources NULL pointer dereference
bcm63xx_enet: do not write to random DMA channel on BCM6345
bcm63xx_enet: correct clock usage
ocfs2: ip_alloc_sem should be taken in ocfs2_get_block()
ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
xprtrdma: Fix corner cases when handling device removal
cpufreq / CPPC: Set platform specific transition_delay_us
Btrfs: fix duplicate extents after fsync of file with prealloc extents
x86/paravirt: Make native_save_fl() extern inline
x86/asm: Add _ASM_ARG* constants for argument registers to <asm/asm.h>
compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations
ANDROID: Add hold functionality to schedtune CPU boost
ANDROID: sched/rt: Add schedtune accounting to rt task enqueue/dequeue
UPSTREAM: cpuidle: menu: Avoid selecting shallow states with stopped tick
UPSTREAM: cpuidle: menu: Refine idle state selection for running tick
UPSTREAM: sched: idle: Select idle state before stopping the tick
BACKPORT: time: hrtimer: Introduce hrtimer_next_event_without()
BACKPORT: time: tick-sched: Split tick_nohz_stop_sched_tick()
UPSTREAM: cpuidle: Return nohz hint from cpuidle_select()
UPSTREAM: jiffies: Introduce USER_TICK_USEC and redefine TICK_USEC
UPSTREAM: sched: idle: Do not stop the tick before cpuidle_idle_call()
BACKPORT: sched: idle: Do not stop the tick upfront in the idle loop
BACKPORT: time: tick-sched: Reorganize idle tick management code
ANDROID: sched/fair: fix a warning
ANDROID: sched/walt: Fix compilation issue for x86_64
ANDROID: mnt: Fix next_descendent
ANDROID: sched/events: Introduce util_est trace events
ANDROID: sched/fair: schedtune: update before schedutil
FROMLIST: sched/fair: add support to tune PELT ramp/decay timings
BACKPORT: sched/fair: Update util_est before updating schedutil
BACKPORT: sched/fair: Update util_est only on util_avg updates
BACKPORT: sched/fair: Use util_est in LB and WU paths
BACKPORT: sched/fair: Add util_est on top of PELT
ANDROID: sched/fair: Cleanup cpu_util{_wake}()
ANDROID: sched: Update max cpu capacity in case of max frequency constraints
ANDROID: arm: enable max frequency capping
ANDROID: arm64: enable max frequency capping
ANDROID: implement max frequency capping
ANDROID: sched/fair: add arch scaling function for max frequency capping
ANDROID: trace: Add WALT util signal to trace event sched_load_cfs_rq
ANDROID: sched, trace: Remove trace event sched_load_avg_cpu
ANDROID: Rename and move include/linux/sched_energy.h
ANDROID: Adjust juno energy model
ANDROID: Check equality of max cap state cap and cpu scale
ANDROID: Move energy model init call into arch_topology driver
ANDROID: Streamline sched_domain_energy_f functions
ANDROID: Separate cpu_scale and energy model setup
ANDROID: update_group_capacity for single cpu in cluster
ANDROID: sched/fair: return idle CPU immediately for prefer_idle
ANDROID: sched/fair: add idle state filter to prefer_idle case
ANDROID: sched/fair: remove order from CPU selection
ANDROID: sched/fair: unify spare capacity calculation
ANDROID:sched/fair: prefer energy efficient CPUs for !prefer_idle tasks
ANDROID: sched/fair: fix CPU selection for non latency sensitive tasks
ANDROID: sched/fair: Also do misfit in overloaded groups
ANDROID: sched/fair: Don't balance misfits if it would overload local group
ANDROID: sched/fair: Attempt to improve throughput for asym cap systems
FROMLIST: sched/fair: Don't move tasks to lower capacity cpus unless necessary
FROMLIST: sched/core: Disable SD_PREFER_SIBLING on asymmetric cpu capacity domains
FROMLIST: sched/core: Disable SD_ASYM_CPUCAPACITY for root_domains without asymmetry
FROMLIST: sched/fair: Set rq->rd->overload when misfit
FROMLIST: sched: Wrap rq->rd->overload accesses with READ/WRITE_ONCE
FROMLIST: sched: Change root_domain->overload type to int
FROMLIST: sched/fair: Change prefer_sibling type to bool
FROMLIST: sched/fair: Consider misfit tasks when load-balancing
FROMLIST: sched: Add sched_group per-cpu max capacity
FROMLIST: sched/fair: Add group_misfit_task load-balance type
FROMLIST: sched: Add static_key for asymmetric cpu capacity optimizations
UPSTREAM: ANDROID: binder: change down_write to down_read
UPSTREAM: ANDROID: binder: correct the cmd print for BINDER_WORK_RETURN_ERROR
UPSTREAM: ANDROID: binder: remove 32-bit binder interface.
UPSTREAM: android: binder: Use true and false for boolean values
UPSTREAM: android: binder: Use octal permissions
UPSTREAM: android: binder: Prefer __func__ to using hardcoded function name
UPSTREAM: ANDROID: binder: make binder_alloc_new_buf_locked static and indent its arguments
UPSTREAM: android: binder: Check for errors in binder_alloc_shrinker_init().
Conflicts:
arch/arm64/Kconfig
arch/arm64/include/asm/cpucaps.h
arch/arm64/include/asm/cpufeature.h
arch/arm64/include/asm/thread_info.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/cpufeature.c
arch/arm64/kernel/entry.S
arch/arm64/kernel/ssbd.c
drivers/base/arch_topology.c
drivers/md/Kconfig
drivers/scsi/ufs/ufshcd.c
drivers/usb/gadget/function/f_fs.c
include/trace/events/sched.h
kernel/sched/cpufreq_schedutil.c
kernel/sched/energy.c
kernel/sched/fair.c
kernel/sched/features.h
kernel/sched/sched.h
kernel/sched/topology.c
kernel/sched/tune.c
kernel/sched/walt.c
kernel/sched/walt.h
kernel/stop_machine.c
kernel/time/tick-sched.c
net/socket.c
sound/core/rawmidi.c
Change-Id: Ia246711317930ecd55bb42565a04e6b4fdfc26d2
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
|
||
|
Jeremy Cline
|
45c8178cf6 |
net: socket: fix potential spectre v1 gadget in socketcall
commit c8e8cd579bb4265651df8223730105341e61a2d1 upstream. 'call' is a user-controlled value, so sanitize the array index after the bounds check to avoid speculating past the bounds of the 'nargs' array. Found with the help of Smatch: net/socket.c:2508 __do_sys_socketcall() warn: potential spectre issue 'nargs' [r] (local cap) Cc: Josh Poimboeuf <jpoimboe@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: Jeremy Cline <jcline@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Isaac J. Manjarres
|
d46b5c945c |
Merge android-4.14.52 (08850d5) into msm-4.14
* remotes/origin/tmp-08850d5:
Linux 4.14.52
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset
fs/binfmt_misc.c: do not allow offset overflow
vhost: fix info leak due to uninitialized memory
HID: wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large
HID: intel_ish-hid: ipc: register more pm callbacks to support hibernation
orangefs: report attributes_mask and attributes for statx
orangefs: set i_size on new symlink
iwlwifi: fw: harden page loading code
x86/intel_rdt: Enable CMT and MBM on new Skylake stepping
w1: mxc_w1: Enable clock before calling clk_get_rate() on it
libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk
libata: zpodd: small read overflow in eject_tray()
cpufreq: governors: Fix long idle detection logic in load calculation
cpufreq: Fix new policy initialization during limits updates via sysfs
bdi: Move cgroup bdi_writeback to a dedicated low concurrency workqueue
blk-mq: reinit q->tag_set_list entry only after grace period
nbd: use bd_set_size when updating disk size
nbd: update size when connected
nbd: fix nbd device deletion
cifs: For SMB2 security informaion query, check for minimum sized security descriptor instead of sizeof FileAllInformation class
CIFS:
|
||
|
Cong Wang
|
91717ffc90 |
socket: close race condition between sock_close() and sockfs_setattr()
[ Upstream commit 6d8c50dcb029872b298eea68cc6209c866fd3e14 ]
fchownat() doesn't even hold refcnt of fd until it figures out
fd is really needed (otherwise is ignored) and releases it after
it resolves the path. This means sock_close() could race with
sockfs_setattr(), which leads to a NULL pointer dereference
since typically we set sock->sk to NULL in ->release().
As pointed out by Al, this is unique to sockfs. So we can fix this
in socket layer by acquiring inode_lock in sock_close() and
checking against NULL in sockfs_setattr().
sock_release() is called in many places, only the sock_close()
path matters here. And fortunately, this should not affect normal
sock_close() as it is only called when the last fd refcnt is gone.
It only affects sock_close() with a parallel sockfs_setattr() in
progress, which is not common.
Fixes:
|
||
|
Naresh Maradana
|
4438d0403a |
seemp: port instrumentation and logging service
Port seemp related instrumentation and logging service to from msm-4.9 to msm-4.14. This change serves two purposes: - Enable logging service for API events âogged events are read by userspace components. - Log relevant kernel events. Change-Id: I6eeadc0cb0033d167dde49703269946c77f2acda Signed-off-by: Yida Wang <yidaw@codeaurora.org> Signed-off-by: Naresh Maradana <nmardana@codeaurora.org> |
||
|
Devi Sandeep Endluri V V
|
4c159b2a80 |
net: socket: Added notifier chains for socket administrative functions
Allows other areas in the kernel to register notifier callbacks which get invoked whenever something performs an administrative action on a socket. This patch adds hooks in socket(), bind(), listen(), accept(), shutdown(). CRs-Fixed: 626021 Change-Id: I4ae99cb2206d7c4eddba69757335c18d10143045 Acked-by: Manoj Basapathi <manojbm@qti.qualcomm.com> Signed-off-by: Devi Sandeep Endluri V V <dendluri@codeaurora.org> Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org> |
||
|
Levin, Alexander (Sasha Levin)
|
2abfcdf8e7 |
kmemcheck: remove annotations
commit 4950276672fce5c241857540f8561c440663673d upstream. Patch series "kmemcheck: kill kmemcheck", v2. As discussed at LSF/MM, kill kmemcheck. KASan is a replacement that is able to work without the limitation of kmemcheck (single CPU, slow). KASan is already upstream. We are also not aware of any users of kmemcheck (or users who don't consider KASan as a suitable replacement). The only objection was that since KASAN wasn't supported by all GCC versions provided by distros at that time we should hold off for 2 years, and try again. Now that 2 years have passed, and all distros provide gcc that supports KASAN, kill kmemcheck again for the very same reasons. This patch (of 4): Remove kmemcheck annotations, and calls to kmemcheck from the kernel. [alexander.levin@verizon.com: correctly remove kmemcheck call from dma_map_sg_attrs] Link: http://lkml.kernel.org/r/20171012192151.26531-1-alexander.levin@verizon.com Link: http://lkml.kernel.org/r/20171007030159.22241-2-alexander.levin@verizon.com Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Cc: Alexander Potapenko <glider@google.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Pekka Enberg <penberg@kernel.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Tim Hansen <devtimhansen@gmail.com> Cc: Vegard Nossum <vegardno@ifi.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Alexei Starovoitov
|
6fde36d5ce |
bpf: introduce BPF_JIT_ALWAYS_ON config
[ upstream commit 290af86629b25ffd1ed6232c4e9107da031705cb ] The BPF interpreter has been used as part of the spectre 2 attack CVE-2017-5715. A quote from goolge project zero blog: "At this point, it would normally be necessary to locate gadgets in the host kernel code that can be used to actually leak data by reading from an attacker-controlled location, shifting and masking the result appropriately and then using the result of that as offset to an attacker-controlled address for a load. But piecing gadgets together and figuring out which ones work in a speculation context seems annoying. So instead, we decided to use the eBPF interpreter, which is built into the host kernel - while there is no legitimate way to invoke it from inside a VM, the presence of the code in the host kernel's text section is sufficient to make it usable for the attack, just like with ordinary ROP gadgets." To make attacker job harder introduce BPF_JIT_ALWAYS_ON config option that removes interpreter from the kernel in favor of JIT-only mode. So far eBPF JIT is supported by: x64, arm64, arm32, sparc64, s390, powerpc64, mips64 The start of JITed program is randomized and code page is marked as read-only. In addition "constant blinding" can be turned on with net.core.bpf_jit_harden v2->v3: - move __bpf_prog_ret0 under ifdef (Daniel) v1->v2: - fix init order, test_bpf and cBPF (Daniel's feedback) - fix offloaded bpf (Jakub's feedback) - add 'return 0' dummy in case something can invoke prog->bpf_func - retarget bpf tree. For bpf-next the patch would need one extra hunk. It will be sent when the trees are merged back to net-next Considered doing: int bpf_jit_enable __read_mostly = BPF_EBPF_JIT_DEFAULT; but it seems better to land the patch as-is and in bpf-next remove bpf_jit_enable global variable from all JITs, consolidate in one place and remove this jit_init() function. Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
John Fastabend
|
db5980d804 |
net: fixes for skb_send_sock
A couple fixes to new skb_send_sock infrastructure. However, no users
currently exist for this code (adding user in next handful of patches)
so it should not be possible to trigger a panic with existing in-kernel
code.
Fixes:
|
||
|
Tom Herbert
|
306b13eb3c |
proto_ops: Add locked held versions of sendmsg and sendpage
Add new proto_ops sendmsg_locked and sendpage_locked that can be called when the socket lock is already held. Correspondingly, add kernel_sendmsg_locked and kernel_sendpage_locked as front end functions. These functions will be used in zero proxy so that we can take the socket lock in a ULP sendmsg/sendpage and then directly call the backend transport proto_ops functions. Signed-off-by: Tom Herbert <tom@quantonium.net> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
David S. Miller
|
29fda25a2d |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Two minor conflicts in virtio_net driver (bug fix overlapping addition of a helper) and MAINTAINERS (new driver edit overlapping revamp of PHY entry). Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
stephen hemminger
|
614d79c09e |
socket: fix set not used warning
The variable owned_by_user is always set, but only used when kernel is configured with LOCKDEP enabled. Get rid of the warning by moving the code to put the call to owned_by_user into the the rcu_protected call. Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Paolo Abeni
|
864d966424 |
net/socket: fix type in assignment and trim long line
The commit |
||
|
Linus Torvalds
|
2173bd0631 |
Merge branch 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull network field-by-field copy-in updates from Al Viro: "This part of the misc compat queue was held back for review from networking folks and since davem has jus ACKed those..." * 'misc.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: get_compat_bpf_fprog(): don't copyin field-by-field get_compat_msghdr(): get rid of field-by-field copyin copy_msghdr_from_user(): get rid of field-by-field copyin |
||
|
Linus Torvalds
|
3bad2f1c67 |
Merge branch 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull misc user access cleanups from Al Viro:
"The first pile is assorted getting rid of cargo-culted access_ok(),
cargo-culted set_fs() and field-by-field copyouts.
The same description applies to a lot of stuff in other branches -
this is just the stuff that didn't fit into a more specific topical
branch"
* 'work.misc-set_fs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
Switch flock copyin/copyout primitives to copy_{from,to}_user()
fs/fcntl: return -ESRCH in f_setown when pid/pgid can't be found
fs/fcntl: f_setown, avoid undefined behaviour
fs/fcntl: f_setown, allow returning error
lpfc debugfs: get rid of pointless access_ok()
adb: get rid of pointless access_ok()
isdn: get rid of pointless access_ok()
compat statfs: switch to copy_to_user()
fs/locks: don't mess with the address limit in compat_fcntl64
nfsd_readlink(): switch to vfs_get_link()
drbd: ->sendpage() never needed set_fs()
fs/locks: pass kernel struct flock to fcntl_getlk/setlk
fs: locks: Fix some troubles at kernel-doc comments
|
||
|
Al Viro
|
ffb07550c7 |
copy_msghdr_from_user(): get rid of field-by-field copyin
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> |
||
|
Jiri Slaby
|
393cc3f511 |
fs/fcntl: f_setown, allow returning error
Allow f_setown to return an error value. We will fail in the next patch with EINVAL for bad input to f_setown, so tile the path for the later patch. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Reviewed-by: Jeff Layton <jlayton@redhat.com> Cc: Jeff Layton <jlayton@poochiereds.net> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Jeff Layton <jlayton@redhat.com> |
||
|
Rosen, Rami
|
241c4667fc |
net: socket: fix a typo in sockfd_lookup().
This patch fixes a typo in sockfd_lookup() in net/socket.c. Signed-off-by: Rami Rosen <rami.rosen@intel.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Miroslav Lichvar
|
b50a5c70ff |
net: allow simultaneous SW and HW transmit timestamping
Add SOF_TIMESTAMPING_OPT_TX_SWHW option to allow an outgoing packet to be looped to the socket's error queue with a software timestamp even when a hardware transmit timestamp is expected to be provided by the driver. Applications using this option will receive two separate messages from the error queue, one with a software timestamp and the other with a hardware timestamp. As the hardware timestamp is saved to the shared skb info, which may happen before the first message with software timestamp is received by the application, the hardware timestamp is copied to the SCM_TIMESTAMPING control message only when the skb has no software timestamp or it is an incoming packet. While changing sw_tx_timestamp(), inline it in skb_tx_timestamp() as there are no other users. CC: Richard Cochran <richardcochran@gmail.com> CC: Willem de Bruijn <willemb@google.com> Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Miroslav Lichvar
|
aad9c8c470 |
net: add new control message for incoming HW-timestamped packets
Add SOF_TIMESTAMPING_OPT_PKTINFO option to request a new control message for incoming packets with hardware timestamps. It contains the index of the real interface which received the packet and the length of the packet at layer 2. The index is useful with bonding, bridges and other interfaces, where IP_PKTINFO doesn't allow applications to determine which PHC made the timestamp. With the L2 length (and link speed) it is possible to transpose preamble timestamps to trailer timestamps, which are used in the NTP protocol. While this information could be provided by two new socket options independently from timestamping, it doesn't look like they would be very useful. With this option any performance impact is limited to hardware timestamping. Use dev_get_by_napi_id() to get the device and its index. On kernels with disabled CONFIG_NET_RX_BUSY_POLL or drivers not using NAPI, a zero index will be returned in the control message. CC: Richard Cochran <richardcochran@gmail.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
R. Parameswaran
|
57240d0078 |
l2tp: device MTU setup, tunnel socket needs a lock
The MTU overhead calculation in L2TP device set-up
merged via commit
|
||
|
R. Parameswaran
|
113c307593 |
New kernel function to get IP overhead on a socket.
A new function, kernel_sock_ip_overhead(), is provided to calculate the cumulative overhead imposed by the IP Header and IP options, if any, on a socket's payload. The new function returns an overhead of zero for sockets that do not belong to the IPv4 or IPv6 address families. This is used in the L2TP code path to compute the total outer IP overhead on the L2TP tunnel socket when calculating the default MTU for Ethernet pseudowires. Signed-off-by: R. Parameswaran <rparames@brocade.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Soheil Hassas Yeganeh
|
4ef1b28694 |
tcp: mark skbs with SCM_TIMESTAMPING_OPT_STATS
SOF_TIMESTAMPING_OPT_STATS can be enabled and disabled
while packets are collected on the error queue.
So, checking SOF_TIMESTAMPING_OPT_STATS in sk->sk_tsflags
is not enough to safely assume that the skb contains
OPT_STATS data.
Add a bit in sock_exterr_skb to indicate whether the
skb contains opt_stats data.
Fixes:
|
||
|
Soheil Hassas Yeganeh
|
8605330aac |
tcp: fix SCM_TIMESTAMPING_OPT_STATS for normal skbs
__sock_recv_timestamp can be called for both normal skbs (for receive timestamps) and for skbs on the error queue (for transmit timestamps). Commit |
||
|
David Howells
|
cdfbabfb2f |
net: Work around lockdep limitation in sockets that use sockets
Lockdep issues a circular dependency warning when AFS issues an operation
through AF_RXRPC from a context in which the VFS/VM holds the mmap_sem.
The theory lockdep comes up with is as follows:
(1) If the pagefault handler decides it needs to read pages from AFS, it
calls AFS with mmap_sem held and AFS begins an AF_RXRPC call, but
creating a call requires the socket lock:
mmap_sem must be taken before sk_lock-AF_RXRPC
(2) afs_open_socket() opens an AF_RXRPC socket and binds it. rxrpc_bind()
binds the underlying UDP socket whilst holding its socket lock.
inet_bind() takes its own socket lock:
sk_lock-AF_RXRPC must be taken before sk_lock-AF_INET
(3) Reading from a TCP socket into a userspace buffer might cause a fault
and thus cause the kernel to take the mmap_sem, but the TCP socket is
locked whilst doing this:
sk_lock-AF_INET must be taken before mmap_sem
However, lockdep's theory is wrong in this instance because it deals only
with lock classes and not individual locks. The AF_INET lock in (2) isn't
really equivalent to the AF_INET lock in (3) as the former deals with a
socket entirely internal to the kernel that never sees userspace. This is
a limitation in the design of lockdep.
Fix the general case by:
(1) Double up all the locking keys used in sockets so that one set are
used if the socket is created by userspace and the other set is used
if the socket is created by the kernel.
(2) Store the kern parameter passed to sk_alloc() in a variable in the
sock struct (sk_kern_sock). This informs sock_lock_init(),
sock_init_data() and sk_clone_lock() as to the lock keys to be used.
Note that the child created by sk_clone_lock() inherits the parent's
kern setting.
(3) Add a 'kern' parameter to ->accept() that is analogous to the one
passed in to ->create() that distinguishes whether kernel_accept() or
sys_accept4() was the caller and can be passed to sk_alloc().
Note that a lot of accept functions merely dequeue an already
allocated socket. I haven't touched these as the new socket already
exists before we get the parameter.
Note also that there are a couple of places where I've made the accepted
socket unconditionally kernel-based:
irda_accept()
rds_rcp_accept_one()
tcp_accept_from_sock()
because they follow a sock_create_kern() and accept off of that.
Whilst creating this, I noticed that lustre and ocfs don't create sockets
through sock_create_kern() and thus they aren't marked as for-kernel,
though they appear to be internal. I wonder if these should do that so
that they use the new set of lock keys.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||
|
Alexander Potapenko
|
9f138fa609 |
net: initialize msg.msg_flags in recvfrom
KMSAN reports a use of uninitialized memory in put_cmsg() because msg.msg_flags in recvfrom haven't been initialized properly. The flag values don't affect the result on this path, but it's still a good idea to initialize them explicitly. Signed-off-by: Alexander Potapenko <glider@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Maxime Jayat
|
e623a9e9de |
net: socket: fix recvmmsg not returning error from sock_error
Commit |
||
|
David S. Miller
|
02ac5d1487 |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Two AF_* families adding entries to the lockdep tables at the same time. Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
Tobias Klauser
|
dc647ec88e |
net: socket: Make unnecessarily global sockfs_setattr() static
Make sockfs_setattr() static as it is not used outside of net/socket.c
This fixes the following GCC warning:
net/socket.c:534:5: warning: no previous prototype for ‘sockfs_setattr’ [-Wmissing-prototypes]
Fixes:
|
||
|
yuan linyu
|
1e9116327e |
net: change init_inodecache() return void
sock_init() call it but not check it's return value, so change it to void return and add an internal BUG_ON() check. Signed-off-by: yuan linyu <Linyu.Yuan@alcatel-sbell.com.cn> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|
David S. Miller
|
76eb75be79 | Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net | ||
|
David S. Miller
|
ac4340fc3c |
net: Assert at build time the assumptions we make about the CMSG header.
It must always be the case that CMSG_ALIGN(sizeof(hdr)) == sizeof(hdr). Otherwise there are missing adjustments in the various calculations that parse and build these things. Signed-off-by: David S. Miller <davem@davemloft.net> |