bka
213 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
bengris32
|
3b5670d492 |
Merge branch 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip into lineage-22.2
* 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip: CIP: Bump version suffix to -cip122 after merge from cip/linux-4.19.y-st tree Update localversion-st, tree is up-to-date with 5.4.295. ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms ARM: dts: am335x-bone-common: Increase MDIO reset deassert time ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board ARM: dts: am335x-bone-common: get rid of phy_id property mtd: nand: sunxi: Add randomizer configuration before randomizer enable mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() bridge: netfilter: Fix forwarding of fragmented packets vxlan: Annotate FDB data races hwmon: (gpio-fan) Add missing mutex locks nfs: handle failure of nfs_get_lock_context in unlock path sch_htb: make htb_deactivate() idempotent scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() perf: Fix sample vs do_exit() jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() mm/huge_memory: fix dereferencing invalid pmd migration entry posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() net: atm: fix /proc/net/atm/lec handling net: atm: add lec_mutex calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer atm: atmtcp: Free invalid length skb in atmtcp_c_send(). mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). wifi: carl9170: do not ping device which has failed to load firmware drm/nouveau/bl: increase buffer size to avoid truncate warning ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged ALSA: hda/intel: Add Thinkpad E15 to PM deny list Input: sparcspkr - avoid unannotated fall-through HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() atm: Revert atm_account_tx() if copy_from_iter_full() fails. selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len scsi: s390: zfcp: Ensure synchronous unit_add jffs2: check jffs2_prealloc_raw_node_refs() result in few other places jffs2: check that raw node were preallocated before writing summary drivers/rapidio/rio_cm.c: prevent possible heap overwrite Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery platform/x86: dell_rbu: Stop overwriting data buffer tee: Prevent size calculation wraparound on 32-bit kernels ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value watchdog: da9052_wdt: respect TWDMIN i40e: fix MMIO write access to an invalid page in i40e_clear_hw sock: Correct error checking condition for (assign|release)_proto_idx() vxlan: Do not treat dst cache initialization errors as fatal clk: rockchip: rk3036: mark ddrphy as critical wifi: mac80211: do not offer a mesh path if forwarding is disabled net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT tcp: always seek for minimal rtt in tcp_rcv_rtt_update() net: dlink: add synchronization for stats update sctp: Do not wake readers in __sctp_write_space() emulex/benet: correct command version selection in be_cmd_get_stats() i2c: designware: Invoke runtime suspend on quick slave re-registration net: macb: Check return value of dma_set_mask_and_coherent() cpufreq: Force sync policy boost with global boost on sysfs update nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() media: tc358743: ignore video while HPD is low drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB jfs: Fix null-ptr-deref in jfs_ioc_trim drm/amdgpu/gfx9: fix CSIB handling drm/amdgpu/gfx8: fix CSIB handling jfs: fix array-index-out-of-bounds read in add_missing_indices drm/amdgpu/gfx7: fix CSIB handling drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition sunrpc: update nextcheck time when adding new cache entries drm/amdgpu/gfx6: fix CSIB handling ACPI: battery: negate current when discharging power: supply: bq27xxx: Retrieve again when busy ACPICA: fix acpi parse and parseext cache leaks ACPICA: Avoid sequence overread in call to strncmp() ACPICA: fix acpi operand cache leak in dswstate.c PCI: Fix lock symmetry in pci_slot_unlock() regulator: max14577: Add error check for max14577_read_reg() staging: iio: ad5933: Correct settling cycles encoding per datasheet net: ch9200: fix uninitialised access during mii_nway_restart ftrace: Fix UAF when lookup kallsym after ftrace disabled dm-mirror: fix a tiny race condition mm: fix ratelimit_pages update error in dirty_ratio_handler() ipc: fix to protect IPCS lookups using RCU parisc: fix building with gcc-15 vgacon: Add check for vc_origin address range in vgacon_scroll() NFC: nci: uart: Set tty->disc_data only in success path f2fs: prevent kernel warning due to negative i_nlink from corrupted image Input: ims-pcu - check record size in ims_pcu_flash_firmware() ext4: fix calculation of credits for extent tree modification ext4: inline: fix len overflow in ext4_prepare_inline_data ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 media: v4l2-dev: fix error handling in __video_register_device() media: gspca: Add error handling for stv06xx_read_sensor() wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() gfs2: move msleep to sleepable context configfs: Do not override creating attribute file failure in populate_attrs() calipso: unlock rcu before returning -EAFNOSUPPORT usb: Flush altsetting 0 endpoints before reinitializating them after reset. fs/filesystems: Fix potential unsigned integer underflow in fs_name() net/mdiobus: Fix potential out-of-bounds read/write access MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option x86/boot/compressed: prefer cc-option for CFLAGS additions net: mdio: C22 is now optional, EOPNOTSUPP if not provided i40e: retry VFLR handling if there is ongoing VF reset i40e: return false from i40e_reset_vf if reset is in progress net_sched: sch_sfq: fix a potential crash on gso_skb handling scsi: iscsi: Fix incorrect error path labels for flashnode operations NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes NFSD: Fix ia_size underflow Input: synaptics-rmi - fix crash with unsupported versions of F34 Input: synaptics-rmi4 - convert to use sysfs_emit() APIs do_change_type(): refuse to operate on unmounted/not ours mounts net/mlx4_en: Prevent potential integer overflow calculating Hz rtc: Fix offset calculation for .start_secs < 0 rtc: sh: assign correct interrupts with DT perf tests switch-tracking: Fix timestamp comparison mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() perf ui browser hists: Set actions->thread before calling do_zoom_thread() fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() soc: aspeed: lpc: Fix impossible judgment condition arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device bus: fsl-mc: fix double-free on mc_dev nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() nilfs2: add pointer check for nilfs_direct_propagate() Squashfs: check return result of sb_min_blocksize ARM: dts: at91: at91sam9263: fix NAND chip selects ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select f2fs: fix to correct check conditions in f2fs_cross_rename f2fs: use d_inode(dentry) cleanup dentry->d_inode calipso: Don't call calipso functions for AF_INET sk. net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy wifi: ath9k_htc: Abort software beacon handling if disabled bpf: Fix WARN() in get_bpf_raw_tp_regs pinctrl: at91: Fix possible out-of-boundary access net: ncsi: Fix GCPS 64-bit member variables f2fs: fix to do sanity check on sbi->total_valid_block_count drm/tegra: rgb: Fix the unbound reference count drm: rcar-du: Fix memory leak in rcar_du_vsps_init() selftests/seccomp: fix syscall_restart test for arm compat firmware: psci: Fix refcount leak in psci_dt_init m68k: mac: Fix macintosh_config for Mac II drm/vmwgfx: Add seqno waiter for sync_files ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() crypto: marvell/cesa - Avoid empty transfer descriptor crypto: marvell/cesa - Handle zero-length skcipher requests x86/cpu: Sanitize CPUID(0x80000000) output perf/core: Fix broken throttling when max_samples_per_tick=1 gfs2: gfs2_create_inode error handling fix netfilter: nft_socket: fix sk refcount leaks thunderbolt: Do not double dequeue a configuration request usb: usbtmc: Fix timeout value in get_stb usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE pinctrl: armada-37xx: set GPIO output value before setting direction pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 tracing: Fix compilation warning on arm32 platform/x86: thinkpad_acpi: Ignore battery threshold change event notification platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys spi: spi-sun4i: fix early activation um: let 'make clean' properly clean underlying SUBARCH as well platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS nfs: don't share pNFS DS connections between net namespaces HID: quirks: Add ADATA XPG alpha wireless mouse support coredump: fix error handling for replace_fd() smb: client: Reset all search buffer pointers when releasing buffer smb: client: Fix use-after-free in cifs_fill_dirent drm/i915/gvt: fix unterminated-string-initialization warning netfilter: nf_tables: do not defer rule destruction via call_rcu netfilter: nf_tables: wait for rcu grace period on net_device removal netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx mm/page_alloc.c: avoid infinite retries caused by cpuset race llc: fix data loss when reading from a socket in llc_ui_recvmsg() ALSA: pcm: Fix race of buffer access at PCM OSS layer can: bcm: add missing rcu read protection for procfs content can: bcm: add locking for bcm_op runtime updates crypto: algif_hash - fix double free in hash_accept net: dwmac-sun8i: Use parsed internal PHY address instead of 1 __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock xenbus: Allow PVH dom0 a non-local xenstore btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 pinctrl: meson: define the pull up/down resistor value as 60 kOhm drm: Add valid clones check regulator: ad5398: Add device tree support bpftool: Fix readlink usage in get_fd_type HID: usbkbd: Fix the bit shift number for LED_KANA scsi: st: Restore some drive settings after reset scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine hwmon: (xgene-hwmon) use appropriate type for the latency value ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB net/mlx4_core: Avoid impossible mlx4_db_alloc() order value smack: recognize ipv4 CIPSO w/o categories pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map ASoC: ops: Enforce platform maximum on initial value ACPI: HED: Always initialize before evged PCI: Fix old_size lower bound in calculate_iosize() too EDAC/ie31200: work around false positive build warning net: pktgen: fix access outside of user given buffer in pktgen_thread_write() MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core MIPS: Use arch specific syscall name match function cpuidle: menu: Avoid discarding useful information x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() bonding: report duplicate MAC address in all situations net: xgene-v2: remove incorrect ACPI_PTR annotation x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 net: pktgen: fix mpls maximum labels list parsing pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" media: cx231xx: set device_caps for 417 dm cache: prevent BUG_ON by blocking retries on failed device resumes media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 ieee802154: ca8210: Use proper setters and getters for bitwise types rtc: ds1307: stop disabling alarms on probe powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 mmc: sdhci: Disable SD card clock before changing parameters posix-timers: Add cond_resched() to posix_timer_add() search loop xen: Add support for XenServer 6.1 platform device dm: restrict dm device size to 2^63-512 bytes kbuild: fix argument parsing in scripts/config scsi: st: ERASE does not change tape location scsi: st: Tighten the page format heuristics with MODE SELECT ext4: reorder capability check last um: Update min_low_pfn to match changes in uml_reserved um: Store full CSGSFS and SS register from mcontext btrfs: send: return -ENAMETOOLONG when attempting a path that is too long btrfs: avoid linker error in btrfs_find_create_tree_block() i2c: pxa: fix call balance of i2c->clk handling routines mmc: host: Wait for Vdd to settle on card power off pNFS/flexfiles: Report ENETDOWN as a connection error tools/build: Don't pass test log files to linker dql: Fix dql->limit value when reset. SUNRPC: rpc_clnt_set_transport() must not change the autobind setting NFSv4: Treat ENETUNREACH errors as fatal for state recovery fbdev: core: tileblit: Implement missing margin clearing for tileblit fbdev: fsl-diu-fb: add missing device_remove_file() mailbox: use error ret code of of_parse_phandle_with_args() kconfig: merge_config: use an empty file as initfile cgroup: Fix compilation issue due to cgroup_mutex not being exported dma-mapping: avoid potential unused data compilation warning scsi: target: iscsi: Fix timeout on deleted connection openvswitch: Fix unsafe attribute parsing in output_userspace() Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Input: synaptics - enable SMBus for HP Elitebook 850 G1 phy: Fix error handling in tegra_xusb_port_init ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() ACPI: PPTT: Fix processor subtable walk qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() ALSA: sh: SND_AICA should depend on SH_DMA_API spi: loopback-test: Do not split 1024-byte hexdumps RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug staging: axis-fifo: Correct handling of tx_fifo_depth for size validation staging: axis-fifo: avoid parsing ignored device tree properties platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection do_umount(): add missing barrier before refcount checks in sync case MIPS: Fix MAX_REG_OFFSET iio: adc: dln2: Use aligned_s64 for timestamp types: Complement the aligned types with signed 64-bit one USB: usbtmc: use interruptible sleep in usbtmc_read usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition ocfs2: stop quota recovery before disabling quotas ocfs2: implement handshaking with ocfs2 recovery thread ocfs2: switch osb->disable_recovery to enum module: ensure that kobject_put() is safe for module type kobjects xenbus: Use kref to track req lifetime usb: uhci-platform: Make the clock really optional iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo iio: adis16201: Correct inclinometer channel resolution Input: synaptics - enable InterTouch on Dell Precision M3800 Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Input: synaptics - enable InterTouch on Dynabook Portege X30-D net: dsa: b53: fix learning on VLAN unaware bridges scsi: target: Fix WRITE_SAME No Data Buffer crash dm: fix copying after src array boundaries iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid irqchip/gic-v2m: Add const to of_device_id sch_htb: make htb_qlen_notify() idempotent of: module: add buffer overflow check in of_modalias() net: fec: ERR007885 Workaround for conventional TX lan743x: remove redundant initialization of variable current_head_index net: dlink: Correct endianness handling of led_mode tracing: Fix oob write in trace_seq_to_buffer() dm: always update the array size in realloc_argv on success wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload i2c: imx-lpi2c: Fix clock count when probe defers EDAC/altera: Set DDR and SDMMC interrupt mask before registration EDAC/altera: Test the correct error reg offset signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() x86/bugs: fix backport error in "x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline" Change-Id: Ia48bfc7454e776a311efd14a33b7c414038c8a6d |
||
|
Dan Carpenter
|
c11d5ef455 |
rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send()
[ Upstream commit 5de775df3362090a6e90046d1f2d83fe62489aa0 ]
The "ret" variable isn't initialized if we don't enter the loop. For
example, if "channel->state" is not SMD_CHANNEL_OPENED.
Fixes:
|
||
|
bengris32
|
dc38585c87 |
Merge branch 'android-4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
* 'android-4.19-stable' of https://android.googlesource.com/kernel/common: Revert "UPSTREAM: unicode: Don't special case ignorable code points" Reapply "UPSTREAM: unicode: Don't special case ignorable code points" Revert "UPSTREAM: unicode: Don't special case ignorable code points" Linux 4.19.325 sh: intc: Fix use-after-free bug in register_intc_controller() modpost: remove incorrect code in do_eisa_entry() 9p/xen: fix release of IRQ 9p/xen: fix init sequence block: return unsigned int from bdev_io_min jffs2: fix use of uninitialized variable ubi: fastmap: Fix duplicate slab cache names while attaching ubifs: Correct the total block count by deducting journal reservation rtc: check if __rtc_read_time was successful in rtc_timer_do_work() NFSv4.0: Fix a use-after-free problem in the asynchronous open() um: Fix the return value of elf_core_copy_task_fpregs rpmsg: glink: Propagate TX failures in intentless mode as well NFSD: Prevent a potential integer overflow lib: string_helpers: silence snprintf() output truncation warning usb: dwc3: gadget: Fix checking for number of TRBs left media: wl128x: Fix atomicity violation in fmc_send_cmd() HID: wacom: Interpret tilt data from Intuos Pro BT as signed values block: fix ordering between checking BLK_MQ_S_STOPPED request adding arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK um: vector: Do not use drvdata in release serial: 8250: omap: Move pm_runtime_get_sync um: net: Do not use drvdata in release um: ubd: Do not use drvdata in release ubi: wl: Put source PEB into correct list if trying locking LEB failed spi: Fix acpi deferred irq probe netfilter: ipset: add missing range check in bitmap_ip_uadt Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" serial: sh-sci: Clean sci_ports[0] after at earlycon exit Revert "usb: gadget: composite: fix OS descriptors w_value logic" ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler PCI: Fix use-after-free of slot->bus on hot remove ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() jfs: xattr: check invalid xattr size more strictly ext4: fix FS_IOC_GETFSMAP handling ext4: supress data-race warnings in ext4_free_inodes_{count,set}() usb: ehci-spear: fix call balance of sehci clk handling routines apparmor: fix 'Do simple duplicate message elimination' misc: apds990x: Fix missing pm_runtime_disable() USB: chaoskey: Fix possible deadlock chaoskey_list_lock USB: chaoskey: fail open after removal usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken marvell: pxa168_eth: fix call balance of pep->clk handling routines net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device power: supply: core: Remove might_sleep() from power_supply_put() vfio/pci: Properly hide first-in-list PCIe extended capability NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() NFSD: Prevent NULL dereference in nfsd4_process_cb_update() rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length rpmsg: glink: Fix GLINK command prefix rpmsg: glink: Send READ_NOTIFY command in FIFO full case rpmsg: glink: Add TX_DATA_CONT command while sending m68k: coldfire/device.c: only build FEC when HW macros are defined m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x PCI: cpqphp: Fix PCIBIOS_* return value confusion PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads perf probe: Correct demangled symbols in C++ program clk: clk-axi-clkgen: make sure to enable the AXI bus clock clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand dt-bindings: clock: axi-clkgen: include AXI clk dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() fbdev/sh7760fb: Alloc DMA memory from hardware device powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static ocfs2: fix uninitialized value in ocfs2_file_read_iter() scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() scsi: fusion: Remove unused variable 'rc' scsi: bfa: Fix use-after-free in bfad_im_module_exit() mfd: rt5033: Fix missing regmap_del_irq_chip() RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey mtd: rawnand: atmel: Fix possible memory leak cpufreq: loongson2: Unregister platform_driver on failure mfd: da9052-spi: Change read-mask to write-mask powerpc/vdso: Flag VDSO64 entry points as functions trace/trace_event_perf: remove duplicate samples on the first tracepoint event netpoll: Use rcu_access_pointer() in netpoll_poll_lock ALSA: 6fire: Release resources at card release ALSA: caiaq: Use snd_card_free_when_closed() at disconnection ALSA: us122l: Use snd_card_free_when_closed() at disconnection net: rfkill: gpio: Add check for clk_enable() drm/etnaviv: hold GPU lock across perfmon sampling drm/etnaviv: fix power register offset on GC300 drm/etnaviv: dump: fix sparse warnings drm/etnaviv: consolidate hardware fence handling in etnaviv_gpu wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() bpf: Fix the xdp_adjust_tail sample prog issue drm/omap: Fix locking in omap_gem_new_dmabuf() wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused firmware: arm_scpi: Check the DVFS OPP count returned by the firmware regmap: irq: Set lockdep class for hierarchical IRQ domains ARM: dts: cubieboard4: Fix DCDC5 regulator constraints mmc: mmc_spi: drop buggy snprintf() soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() time: Fix references to _msecs_to_jiffies() handling of values crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() crypto: bcm - add error check in the ahash_hmac_init function crypto: cavium - Fix the if condition to exit loop after timeout crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY EDAC/fsl_ddr: Fix bad bit shift operations hfsplus: don't query the device logical block size multiple times s390/syscalls: Avoid creation of arch/arch/ directory acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() m68k: mvme147: Reinstate early console m68k: mvme16x: Add and use "mvme16x.h" m68k: mvme147: Fix SCSI controller IRQ numbers initramfs: avoid filename buffer overrun nvme: fix metadata handling in nvme-passthrough proc/softirqs: replace seq_printf with seq_put_decimal_ull_width net: usb: qmi_wwan: add Quectel RG650V x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB selftests/watchdog-test: Fix system accidentally reset after watchdog-test mac80211: fix user-power when emulating chanctx ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet mm: revert "mm: shmem: fix data-race in shmem_getattr()" kbuild: Use uname for LINUX_COMPILE_HOST detection media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint ocfs2: fix UBSAN warning in ocfs2_verify_volume() nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint ocfs2: uncache inode which has failed entering the group netlink: terminate outstanding dump on socket close Linux 4.19.324 9p: fix slab cache name creation for real net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition fs: Fix uninitialized value issue in from_kuid and from_kgid powerpc/powernv: Free name on error in opal_event_init() sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML bpf: use kvzmalloc to allocate BPF verifier environment HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad 9p: Avoid creating multiple slab caches with the same name ALSA: usb-audio: Add endianness annotations vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer ALSA: usb-audio: Add quirks for Dell WD19 dock ALSA: usb-audio: Support jack detection on Dell dock ALSA: usb-audio: Add custom mixer status quirks for RME CC devices ALSA: pcm: Return 0 when size < start_threshold in capture ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() irqchip/gic-v3: Force propagation of the active state with a read-back USB: serial: option: add Quectel RG650V USB: serial: option: add Fibocom FG132 0x0112 composition USB: serial: qcserial: add support for Sierra Wireless EM86xx USB: serial: io_edgeport: fix use after free in debug printk usb: musb: sunxi: Fix accessing an released usb phy fs/proc: fix compile warning about variable 'vmcore_mmap_ops' media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format net: bridge: xmit: make sure we have at least eth header len bytes bonding (gcc13): synchronize bond_{a,t}lb_xmit() types btrfs: reinitialize delayed ref list after deleting it from the list nfs: Fix KMSAN warning in decode_getfattr_attrs() dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow dm cache: fix potential out-of-bounds access on the first resume dm cache: optimize dirty bit checking with find_next_bit when resizing dm cache: fix out-of-bounds access to the dirty bitset when resizing dm cache: correct the number of origin blocks to match the target length drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() media: v4l2-tpg: prevent the risk of a division by zero media: cx24116: prevent overflows on SNR calculus media: s5p-jpeg: prevent buffer overflows ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() media: adv7604: prevent underflow condition when reporting colorspace media: dvb_frontend: don't play tricks with underflow values media: dvbdev: prevent the risk of out of memory access media: stb0899_algo: initialize cfr before using it net: hns3: fix kernel crash when uninstalling driver can: c_can: fix {rx,tx}_errors statistics sctp: properly validate chunk size in sctp_sf_ootb() security/keys: fix slab-out-of-bounds in key_task_permission HID: core: zero-initialize the report buffer ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin ARM: dts: rockchip: drop grf reference from rk3036 hdmi ARM: dts: rockchip: fix rk3036 acodec node arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator Linux 4.19.323 vt: prevent kernel-infoleak in con_font_get() mm: shmem: fix data-race in shmem_getattr() nilfs2: fix kernel bug due to missing clearing of checked flag ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow nilfs2: fix potential deadlock with newly created symlinks wifi: iwlegacy: Clear stale interrupts before resuming device wifi: ath10k: Fix memory leak in management tx wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Revert "driver core: Fix uevent_show() vs driver detach race" xhci: Fix Link TRB DMA in command ring stopped completion event usb: phy: Fix API devm_usb_put_phy() can not release the phy usbip: tools: Fix detach_port() invalid port error path misc: sgi-gru: Don't disable preemption in GRU driver net: amd: mvme147: Fix probe banner message firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() netfilter: nft_payload: sanitize offset and length before calling skb_checksum() net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension net: support ip generic csum processing in skb_csum_hwoffload_help bpf: Fix out-of-bounds write in trie_get_next_key() net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT gtp: allow -1 to be specified as file description from userspace gtp: simplify error handling code in 'gtp_encap_enable()' wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys cgroup: Fix potential overflow issue when checking max_depth usb: dwc3: core: Stop processing of pending events if controller is halted usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc usb: dwc3: remove generic PHY calibrate() calls xfrm: validate new SA's prefixlen using SA family when sel.family is unset arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning selinux: improve error checking in sel_write_load() hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event nilfs2: fix kernel bug due to missing clearing of buffer delay flag ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue drm/amd: Guard against bad data for ATIF ACPI method ALSA: hda/realtek: Update default depop procedure posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() net: usb: usbnet: fix name regression be2net: fix potential memory leak in be_xmit() net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() jfs: Fix sanity check in dbMount udf: fix uninit-value use in udf_get_fileshortad KVM: s390: gaccess: Check if guest address is in memslot KVM: s390: gaccess: Cleanup access to guest pages KVM: s390: gaccess: Refactor access address range check KVM: s390: gaccess: Refactor gpa and length calculation arm64: probes: Fix uprobes for big-endian kernels arm64:uprobe fix the uprobe SWBP_INSN in big-endian Bluetooth: bnep: fix wild-memory-access in proto_unregister usb: typec: altmode should keep reference to parent net: systemport: fix potential memory leak in bcm_sysport_xmit() net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() macsec: don't increment counters for an unrelated SA drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation RDMA/bnxt_re: Return more meaningful error RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP RDMA/bnxt_re: Fix incorrect AVID type in WQE structure clk: Fix slab-out-of-bounds error in devm_clk_release() clk: Fix pointer casting to prevent oops in devm_clk_release() nilfs2: propagate directory read errors from nilfs_find_entry() x86/apic: Always explicitly disarm TSC-deadline timer parport: Proper fix for array out-of-bounds access USB: serial: option: add Telit FN920C04 MBIM compositions USB: serial: option: add support for Quectel EG916Q-GL xhci: Fix incorrect stream context type macro Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 Bluetooth: Remove debugfs directory on module init failure iio: light: opt3001: add missing full-scale range value iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig drm/vmwgfx: Handle surface check failure correctly x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET KVM: s390: Change virtual to physical address access in diag 0x258 handler s390/sclp_vt220: Convert newlines to CRLF instead of LFCR net: dsa: mv88e6xxx: Fix out-of-bound access KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() fat: fix uninitialized variable PCI: Add function 0 DMA alias quirk for Glenfly Arise chip arm64: probes: Fix simulate_ldr*_literal() arm64: probes: Remove broken LDR (literal) uprobe support posix-clock: Fix missing timespec64 check in pc_clock_settime() net: Fix an unsafe loop on the list usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip usb: xhci: Fix problem with xhci resume from suspend Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" HID: plantronics: Workaround for an unexcepted opposite volume key CDC-NCM: avoid overflow in sanity checking net: ipv6: ensure we call ipv6_mc_down() at most once ppp: fix ppp_async_encode() illegal access net: ibm: emac: mal: fix wrong goto igb: Do not bring the device up after non-fatal error gpio: aspeed: Use devm_clk api to manage clock source clk: Provide new devm_clk helpers for prepared and enabled clocks clk: generalize devm_clk_get() a bit clk: Add (devm_)clk_get_optional() functions gpio: aspeed: Add the flush write to ensure the write complete. Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change netfilter: br_netfilter: fix panic with metadata_dst skb tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe SUNRPC: Fix integer overflow in decode_rc_list() NFS: Remove print_overflow_msg() fbdev: sisfb: Fix strbuf array overflow driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute tools/iio: Add memory allocation failure check for trigger_name usb: chipidea: udc: enable suspend interrupt after usb reset media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() PCI: Mark Creative Labs EMU20k2 INTx masking as broken i2c: i801: Use a different adapter-name for IDF adapters clk: bcm: bcm53573: fix OF node leak in init ktest.pl: Avoid false positives with grub2 skip regex s390/cpum_sf: Remove WARN_ON_ONCE statements ext4: nested locking for xattr inode s390/mm: Add cond_resched() to cmm_alloc/free_pages() s390/facility: Disable compile time optimization for decompressor code bpf: Check percpu map value size first Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal virtio_console: fix misc probe bugs drm/crtc: fix uninitialized variable use even harder drm: Move drm_mode_setcrtc() local re-init to failure path tracing: Remove precision vsnprintf() check from print event net: ethernet: cortina: Drop TSO support ext4: fix inode tree inconsistency caused by ENOMEM ACPI: battery: Fix possible crash when unregistering a battery hook ACPI: battery: Simplify battery hook locking rtc: at91sam9: fix OF node leak in probe() error path rtc: at91sam9: drop platform_data support nfsd: fix delegation_blocked() to block correctly for at least 30 seconds nfsd: use ktime_get_seconds() for timestamps uprobes: fix kernel info leak via "[uprobes]" vma arm64: errata: Expand speculative SSBS workaround once more arm64: cputype: Add Neoverse-N3 definitions arm64: Add Cortex-715 CPU part definition ext4: update orig_path in ext4_find_extent() ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path gpio: davinci: fix lazy disable btrfs: wait for fixup workers before stopping cleaner kthread during umount Input: adp5589-keys - fix adp5589_gpio_get_value() tomoyo: fallback to realpath if symlink's pathname does not exist iio: magnetometer: ak8975: Fix reading for ak099xx sensors media: venus: fix use after free bug in venus_remove due to race condition media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags clk: rockchip: fix error for unknown clocks aoe: fix the potential use-after-free problem in more places riscv: define ILLEGAL_POINTER_VALUE for 64bit ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate ocfs2: fix null-ptr-deref when journal load failed. ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2: reserve space for inline xattr before attaching reflink tree ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: fix the la space leak when unmounting an ocfs2 volume jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error of/irq: Support #msi-cells=<0> in of_msi_get_domain parisc: Fix 64-bit userspace syscall path ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() ext4: fix double brelse() the buffer of the extents path ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: no need to continue when the number of entries is 1 ALSA: core: add isascii() check to card ID generator parisc: Fix itlb miss handler for 64-bit programs perf/core: Fix small negative period being ignored spi: bcm63xx: Fix module autoloading i2c: xiic: Wait for TX empty to avoid missed TX NAKs selftests: vDSO: fix vDSO symbols lookup for powerpc64 selftests: breakpoints: use remaining time to check if suspend succeed spi: s3c64xx: fix timeout counters in flush_fifo ext4: fix i_data_sem unlock order in ext4_ind_migrate() ext4: ext4_search_dir should return a proper error of/irq: Refer to actual buffer size in of_irq_parse_one() drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() scsi: aacraid: Rearrange order of struct aac_srb_unit drm/printer: Allow NULL data in devcoredump printer drm/amd/display: Fix index out of bounds in degamma hardware format translation drm/amd/display: Check stream before comparing them jfs: Fix uninit-value access of new_ea in ea_buffer jfs: check if leafidx greater than num leaves per dmap tree jfs: Fix uaf in dbFreeBits jfs: UBSAN: shift-out-of-bounds in dbFindBits ata: sata_sil: Rename sil_blacklist to sil_quirks power: reset: brcmstb: Do not go into infinite loop if reset fails fbdev: pxafb: Fix possible use after free in pxafb_task() ALSA: hdsp: Break infinite MIDI input flush loop ALSA: asihpi: Fix potential OOB array access signal: Replace BUG_ON()s wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() ACPICA: iasl: handle empty connection_node tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). net: mvpp2: Increase size of queue_name buffer tipc: guard against string buffer overrun ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() ACPI: EC: Do not release locks during operation region accesses ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails net: hisilicon: hns_mdio: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hip04: fix OF node leak in probe() wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() f2fs: Require FMODE_WRITE for atomic write ioctls ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start ipv4: ip_gre: Fix drops of small packets in ipgre_xmit net: add more sanity checks to qdisc_pkt_len_init() net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: ethernet: lantiq_etop: fix memory disclosure r8152: Factor out OOB link list waits netfilter: nf_tables: prevent nf_skb_duplicated corruption netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED ceph: remove the incorrect Fw reference check when dirtying pages mailbox: bcm2835: Fix timeout during suspend mode mailbox: rockchip: fix a typo in module autoloading usb: yurex: Fix inconsistent locking bug in yurex_read() i2c: isch: Add missed 'else' i2c: aspeed: Update the stop sw state when the bus recovery occurs pps: add an error check in parport_attach pps: remove usage of the deprecated ida_simple_xx() API USB: misc: yurex: fix race between read and write usb: yurex: Replace snprintf() with the safer scnprintf() variant soc: versatile: realview: fix soc_dev leak during device remove soc: versatile: realview: fix memory leak during device remove PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() nfs: fix memory leak in error path of nfs4_do_reclaim fs: Fix file_set_fowner LSM hook inconsistencies vfs: fix race between evice_inodes() and find_inode()&iput() f2fs: avoid potential int overflow in sanity_check_area_boundary() f2fs: prevent possible int overflow in dir_block_index() ACPI: sysfs: validate return type of _STR method drbd: Add NULL check for net_conf to prevent dereference in state validation drbd: Fix atomicity violation in drbd_uuid_set_bm() tty: rp2: Fix reset with non forgiving PCIe host bridges firmware_loader: Block path traversal USB: misc: cypress_cy7c63: check for short transfer USB: appledisplay: close race between probe and completion handler soc: versatile: integrator: fix OF node leak in probe() error path Remove *.orig pattern from .gitignore crypto: aead,cipher - zeroize key buffer after use netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS net: qrtr: Update packets cloning when broadcasting tcp: check skb is non-NULL in tcp_rto_delta_us() tcp: introduce tcp_skb_timestamp_us() helper net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() coresight: tmc: sg: Do not leak sg_table f2fs: reduce expensive checkpoint trigger frequency f2fs: remove unneeded check condition in __f2fs_setxattr() f2fs: fix to update i_ctime in __f2fs_setxattr() f2fs: fix typo f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() nfsd: call cache_put if xdr_reserve_space returns NULL ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() RDMA/cxgb4: Added NULL check for lookup_atid pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function clk: ti: dra7-atl: Fix leak of of_nodes pinctrl: single: fix missing error code in pcs_probe() RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency PCI: xilinx-nwl: Fix register misspelling drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 perf time-utils: Fix 32-bit nsec parsing perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time perf sched timehist: Fix missing free of session in perf_sched__timehist() nilfs2: fix potential oob read in nilfs_btree_check_delete() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() ext4: avoid OOB when system.data xattr changes underneath the filesystem ext4: return error on ext4_find_inline_entry ext4: avoid negative min_clusters in find_group_orlov() smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard jbd2: introduce/export functions jbd2_journal_submit|finish_inode_data_buffers() kthread: fix task state in kthread worker if being frozen kthread: add kthread_work tracepoints xz: cleanup CRC32 edits from 2018 selftests/bpf: Fix error compiling test_lru_map.c xen/swiotlb: add alignment check for dma buffers xen/swiotlb: simplify range_straddles_page_boundary() xen: use correct end address of kernel for conflict checking drm/msm: fix %s null argument error ipmi: docs: don't advertise deprecated sysfs entries drm/msm/a5xx: fix races in preemption evaluation stage drm/msm/a5xx: properly clear preemption records on resume jfs: fix out-of-bounds in dbNextAG() and diAlloc() drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets drm/rockchip: vop: Allow 4096px width scaling drm/radeon: properly handle vbios fake edid sizing drm/radeon: Replace one-element array with flexible-array member drm/amdgpu: properly handle vbios fake edid sizing drm/amdgpu: Replace one-element array with flexible-array member drm/amd: fix typo drm/stm: Fix an error handling path in stm_drm_platform_probe() fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense hwmon: (ntc_thermistor) fix module autoloading mtd: slram: insert break after errors in parsing the map hwmon: (max16065) Fix overflows seen when writing limits clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() reset: berlin: fix OF node leak in probe() error path ARM: versatile: fix OF node leak in CPUs prepare spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ spi: ppc4xx: handle irq_of_parse_and_map() errors block, bfq: don't break merge chain in bfq_split_bfqq() block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: fix possible UAF for bfqq->bic with merge chain Bluetooth: btusb: Fix not handling ZPL/short-transfer can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire wifi: ath9k: Remove error checks when creating debugfs entries wifi: ath9k: fix parameter check in ath9k_init_debug() ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() USB: serial: pl2303: add device id for Macrosilicon MS3020 gpio: prevent potential speculation leaks in gpio_device_get_desc() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() ocfs2: add bounds checking to ocfs2_xattr_find_entry() x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency spi: bcm63xx: Enable module autoloading ASoC: tda7419: fix module autoloading wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() net: ftgmac100: Ensure tx descriptor updates are visible microblaze: don't treat zero reserved memory regions as error pinctrl: at91: make it work with current gpiolib ASoC: allow module autoloading for table db1200_pids selftests/kcmp: remove call to ksft_set_plan() selftests/vm: remove call to ksft_set_plan() soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" net: dpaa: Pad packets to ETH_ZLEN net: ftgmac100: Enable TX interrupt to avoid TX timeout net/mlx5: Update the list of the PCI supported devices arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma scripts: kconfig: merge_config: config files: add a trailing newline net: phy: vitesse: repair vsc73xx autonegotiation net: ethernet: use ip_hdrlen() instead of bit shift usbnet: ipheth: fix carrier detection in modes 1 and 4 staging: iio: frequency: ad9834: Validate frequency parameter value staging: iio: frequency: ad9833: Load clock using clock framework staging: iio: frequency: ad9833: Get frequency value statically Change-Id: Id96e4bf331d59a5f3f52791887390bc747dc31cb Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
Bjorn Andersson
|
4fbbee6fa5 |
rpmsg: glink: Propagate TX failures in intentless mode as well
commit 7a68f9fa97357a0f2073c9c31ed4101da4fce93e upstream.
As support for splitting transmission over several messages using
TX_DATA_CONT was introduced it does not immediately return the return
value of qcom_glink_tx().
The result is that in the intentless case (i.e. intent == NULL), the
code will continue to send all additional chunks. This is wasteful, and
it's possible that the send operation could incorrectly indicate
success, if the last chunk fits in the TX fifo.
Fix the condition.
Fixes: 8956927faed3 ("rpmsg: glink: Add TX_DATA_CONT command while sending")
Reviewed-by: Chris Lew <quic_clew@quicinc.com>
Signed-off-by: Bjorn Andersson <quic_bjorande@quicinc.com>
Signed-off-by: Bjorn Andersson <andersson@kernel.org>
Link: https://lore.kernel.org/r/20230418163018.785524-2-quic_bjorande@quicinc.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jonathan Marek
|
64b88683ba |
rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
[ Upstream commit 06c59d97f63c1b8af521fa5aef8a716fb988b285 ]
The name len field of the CMD_OPEN packet is only 16-bits and the upper
16-bits of "param2" are a different "prio" field, which can be nonzero in
certain situations, and CMD_OPEN packets can be unexpectedly dropped
because of this.
Fix this by masking out the upper 16 bits of param2.
Fixes:
|
||
|
Bjorn Andersson
|
a4eb1871a2 |
rpmsg: glink: Fix GLINK command prefix
[ Upstream commit 4e816d0318fdfe8932da80dbf04ba318b13e4b3a ] The upstream GLINK driver was first introduced to communicate with the RPM on MSM8996, presumably as an artifact from that era the command defines was prefixed RPM_CMD, while they actually are GLINK_CMDs. Let's rename these, to keep things tidy. No functional change. Signed-off-by: Bjorn Andersson <quic_bjorande@quicinc.com> Reviewed-by: Chris Lew <quic_clew@quicinc.com> Signed-off-by: Bjorn Andersson <andersson@kernel.org> Link: https://lore.kernel.org/r/20230214225933.2025595-1-quic_bjorande@quicinc.com Stable-dep-of: 06c59d97f63c ("rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Arun Kumar Neelakantam
|
7b843ae956 |
rpmsg: glink: Send READ_NOTIFY command in FIFO full case
[ Upstream commit b16a37e1846c9573a847a56fa2f31ba833dae45a ] The current design sleeps unconditionally in TX FIFO full case and wakeup only after sleep timer expires which adds random delays in clients TX path. Avoid sleep and use READ_NOTIFY command so that writer can be woken up when remote notifies about read completion by sending IRQ. Signed-off-by: Deepak Kumar Singh <deesin@codeaurora.org> Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> Link: https://lore.kernel.org/r/1596086296-28529-7-git-send-email-deesin@codeaurora.org Stable-dep-of: 06c59d97f63c ("rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Arun Kumar Neelakantam
|
4baa86ed5f |
rpmsg: glink: Add TX_DATA_CONT command while sending
[ Upstream commit 8956927faed366b60b0355f4a4317a10e281ced7 ] With current design the transport can send packets of size upto FIFO_SIZE which is 16k and return failure for all packets above 16k. Add TX_DATA_CONT command to send packets greater than 16k by splitting into 8K chunks. Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org> Signed-off-by: Deepak Kumar Singh <deesin@codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> Link: https://lore.kernel.org/r/1596086296-28529-4-git-send-email-deesin@codeaurora.org Stable-dep-of: 06c59d97f63c ("rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
bengris32
|
581ddd928b |
Merge tag 'ASB-2024-04-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2024-04-01 * tag 'ASB-2024-04-05_4.19-stable' of https://android.googlesource.com/kernel/common: Revert "Reapply "cred: switch to using atomic_long_t"" Reapply "cred: switch to using atomic_long_t" BACKPORT: net: core: enable SO_BINDTODEVICE for non-root users tcp: Add memory barrier to tcp_push() tracing: Ensure visibility when inserting an element into tracing_map net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv llc: Drop support for ETH_P_TR_802_2. llc: make llc_ui_sendmsg() more robust against bonding changes vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING net/smc: fix illegal rmb_desc access in SMC-D connection dump drivers: core: fix kernel-doc markup for dev_err_probe() driver code: print symbolic error code block: Remove special-casing of compound pages Revert "driver core: Annotate dev_err_probe() with __must_check" nouveau/vmm: don't set addr on the fail path to avoid warning driver core: Annotate dev_err_probe() with __must_check parisc/firmware: Fix F-extend for PDC addresses x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum rpmsg: virtio: Free driver_override when rpmsg_remove() powerpc: Use always instead of always-y in for crtsavres.o hwrng: core - Fix page fault dead lock on mmap-ed hwrng PM: hibernate: Enforce ordering during image compression/decompression crypto: api - Disallow identical driver names ext4: allow for the last group to be marked as trimmed serial: sc16is7xx: add check for unsupported SPI modes during probe spi: introduce SPI_MODE_X_MASK macro driver core: add device probe log helper serial: sc16is7xx: set safe default SPI clock frequency units: add the HZ macros units: change from 'L' to 'UL' units: Add Watt units include/linux/units.h: add helpers for kelvin to/from Celsius conversion PCI: mediatek: Clear interrupt status before dispatching handler Change-Id: Idb5f6b4c8b5512fb44d27a07a4af675ba817926e Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
fe34954d7f |
Merge tag 'ASB-2023-12-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2023-12-01 * tag 'ASB-2023-12-05_4.19-stable' of https://android.googlesource.com/kernel/common: Revert "macsec: use DEV_STATS_INC()" Revert "net: add DEV_STATS_READ() helper" Linux 4.19.300 net: sched: fix race condition in qdisc_graft() iomap: Set all uptodate bits for an Uptodate page scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids drm/amdgpu: fix error handling in amdgpu_bo_list_get() ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks ext4: correct return value of ext4_convert_meta_bg ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: apply umask if ACL support is disabled Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" media: venus: hfi: add checks to handle capabilities from firmware media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi_parser: Add check to keep the number of codecs within range media: sharp: fix sharp encoding media: lirc: drop trailing space from scancode transmit i2c: i801: fix potential race in i801_block_transaction_byte_by_byte net: dsa: lan9303: consequently nested-lock physical MDIO tty: serial: meson: fix hard LOCKUP on crtscts mode serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: retrieve port FIFO size from DT serial: meson: remove redundant initialization of variable id tty: serial: meson: if no alias specified use an available id ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC ALSA: info: Fix potential deadlock at disconnection parisc/pgtable: Do not drop upper 5 address bits of physical address parisc: Prevent booting 64-bit kernels on PA1.x machines dmaengine: stm32-mdma: correct desc prep when channel running mcb: fix error handling for different scenarios when parsing quota: explicitly forbid quota files from being encrypted jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev PM: hibernate: Clean up sync_read handling in snapshot_write_next() PM: hibernate: Use __get_safe_page() rather than touching the list mmc: vub300: fix an error code clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks parisc/pdc: Add width field to struct pdc_model PCI: keystone: Don't discard .probe() callback PCI: keystone: Don't discard .remove() callback genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware mmc: meson-gx: Remove setting of CMD_CFG_ERROR PCI/sysfs: Protect driver's D3cold preference from user space hvc/xen: fix error path in xen_hvc_init() to always register frontend driver audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() audit: don't take task_lock() in audit_exe_compare() code path KVM: x86: Ignore MSR_AMD64_TW_CFG access randstruct: Fix gcc-plugin performance mode to stay in group media: venus: hfi: add checks to perform sanity on queue pointers cifs: spnego: add ';' in HOST_KEY_LEN macvlan: Don't propagate promisc change to lower dev in passthru net: ethernet: cortina: Fix MTU max setting net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix max RX frame define ptp: annotate data-race around q->head and q->tail xen/events: fix delayed eoi list handling ppp: limit MRU to 64K tipc: Fix kernel-infoleak due to uninitialized TLV value tty: Fix uninit-value access in ppp_sync_receive() ipvlan: add ipvlan_route_v6_outbound() helper NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO pwm: Fix double shift bug drm/amd/display: Avoid NULL dereference of timing generator gfs2: ignore negated quota changes media: vivid: avoid integer overflow media: gspca: cpia1: shift-out-of-bounds in set_flicker i2c: sun6i-p2wi: Prevent potential division by zero usb: gadget: f_ncm: Always set current gadget in ncm_bind() tty: vcc: Add check for kstrdup() in vcc_probe() HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() atm: iphase: Do PCI error checks on own line ALSA: hda: Fix possible null-ptr-deref when assigning a stream ARM: 9320/1: fix stack depot IRQ stack filter jfs: fix array-index-out-of-bounds in diAlloc jfs: fix array-index-out-of-bounds in dbFindLeaf fs/jfs: Add validity check for db_maxag and db_agpref fs/jfs: Add check for negative db_l2nbperpage RDMA/hfi1: Use FIELD_GET() to extract Link Width crypto: pcrypt - Fix hungtask for PADATA_RESET selftests/efivarfs: create-read: fix a resource leak drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e Bluetooth: Fix double free in hci_conn_cleanup net: annotate data-races around sk->sk_dst_pending_confirm net: annotate data-races around sk->sk_tx_queue_mapping wifi: ath10k: fix clang-specific fortify warning wifi: ath9k: fix clang-specific fortify warnings wifi: mac80211: don't return unset power in ieee80211_get_tx_power() x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware clocksource/drivers/timer-imx-gpt: Fix potential memory leak perf/core: Bail out early if the request AUX area is out of bound locking/ww_mutex/test: Fix potential workqueue corruption Revert "ipvlan: properly track tx_errors" ANDROID: fix up platform_device ABI break Linux 4.19.299 btrfs: use u64 for buffer sizes in the tree search ioctls Revert "mmc: core: Capture correct oemid-bits for eMMC cards" fbdev: fsl-diu-fb: mark wr_reg_wa() static fbdev: imsttfb: fix a resource leak in probe fbdev: imsttfb: Fix error path of imsttfb_probe() netfilter: xt_recent: fix (increase) ipv6 literal buffer length r8169: respect userspace disabling IFF_MULTICAST tg3: power down device only on SYSTEM_POWER_OFF net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT net/smc: wait for pending work before clcsock release_sock net/smc: postpone release of clcsock net: r8169: Disable multicast filter for RTL8168H and RTL8107E r8169: improve rtl_set_rx_mode dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. dccp: Call security_inet_conn_request() after setting IPv4 addresses. tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING llc: verify mac len before reading mac header Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume pwm: sti: Reduce number of allocations and drop usage of chip_data pwm: sti: Avoid conditional gotos media: dvb-usb-v2: af9035: fix missing unlock media: s3c-camif: Avoid inappropriate kfree() media: bttv: fix use after free error due to btv->timeout timer pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() pcmcia: ds: fix refcount leak in pcmcia_device_add() pcmcia: cs: fix possible hung task and memory leak pccardd() f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() USB: usbip: fix stub_dev hub disconnect tools: iio: iio_generic_buffer ensure alignment tools: iio: iio_generic_buffer: Fix some integer type and calculation tools: iio: privatize globals and functions in iio_generic_buffer.c file misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() dmaengine: ti: edma: handle irq_of_parse_and_map() errors usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency tty: tty_jobctrl: fix pid memleak in disassociate_ctty() leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' ledtrig-cpu: Limit to 8 CPUs leds: pwm: Don't disable the PWM when the LED should be off leds: pwm: convert to atomic PWM API leds: pwm: simplify if condition mfd: dln2: Fix double put in dln2_probe ASoC: ams-delta.c: use component after check ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails sh: bios: Revive earlyprintk support RDMA/hfi1: Workaround truncation compilation error ext4: move 'ix' sanity check to corrent position ARM: 9321/1: memset: cast the constant byte to unsigned char hid: cp2112: Fix duplicate workqueue initialization HID: cp2112: Use irqchip template nd_btt: Make BTT lanes preemptible sched/rt: Provide migrate_disable/enable() inlines hwrng: geode - fix accessing registers clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped firmware: ti_sci: Mark driver as non removable ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() drm/radeon: possible buffer overflow drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs hwmon: (coretemp) Fix potentially truncated sysfs attribute name platform/x86: wmi: Fix opening of char device platform/x86: wmi: remove unnecessary initializations platform/x86: wmi: Fix probe failure when failing to register WMI devices clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data clk: npcm7xx: Fix incorrect kfree clk: keystone: pll: fix a couple NULL vs IS_ERR() checks clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies regmap: debugfs: Fix a erroneous check after snprintf() ipvlan: properly track tx_errors net: add DEV_STATS_READ() helper macsec: use DEV_STATS_INC() macsec: Fix traffic counters/statistics ipv6: avoid atomic fragment on GSO packets ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() chtls: fix tp->rcv_tstamp initialization thermal: core: prevent potential string overflow can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() can: dev: can_restart(): don't crash kernel if carrier is OK can: dev: move driver related infrastructure into separate subdir wifi: rtlwifi: fix EDCA limit set by BT coexistence tcp_metrics: do not create an entry from tcp_init_metrics() tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() tcp_metrics: add missing barriers on delete i40e: fix potential memory leaks in i40e_remove() genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() vfs: fix readahead(2) on block devices Linux 4.19.298 tty: 8250: Add support for Intashield IS-100 tty: 8250: Add support for Brainboxes UP cards tty: 8250: Add support for additional Brainboxes UC cards tty: 8250: Remove UC-257 and UC-431 usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device remove the sx8 block driver ata: ahci: fix enum constants for gcc-13 net: chelsio: cxgb4: add an error code check in t4_load_phy_fw platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e scsi: mpt3sas: Fix in error path fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() ASoC: rt5650: fix the wrong result of key button netfilter: nfnetlink_log: silence bogus compiler warning fbdev: atyfb: only use ioremap_uc() on i386 and ia64 Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe irqchip/stm32-exti: add missing DT IRQ flag translation Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table ASoC: simple-card: fixup asoc_simple_probe() error handling MAINTAINERS: r8169: Update path to the driver x86: Fix .brk attribute in linker script rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg: glink: Release driver_override rpmsg: Fix calling device_lock() on non-initialized device rpmsg: Fix kfree() of static memory on setting driver_override rpmsg: Constify local variable in field store macro driver: platform: Add helper for safer setting of driver_override x86/mm: Fix RESERVE_BRK() for older binutils x86/mm: Simplify RESERVE_BRK() nfsd: lock_rename() needs both directories to live on the same fs f2fs: fix to do sanity check on inode type during garbage collection smbdirect: missing rc checks while waiting for rdma events kobject: Fix slab-out-of-bounds in fill_kobj_path() arm64: fix a concurrency issue in emulation_proc_handler() drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() ARM: 8933/1: replace Sun/Solaris style flag on section directive NFS: Don't call generic_error_remove_page() while holding locks x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility iio: exynos-adc: request second interupt only when touchscreen mode is used perf/core: Fix potential NULL deref nvmem: imx: correct nregs for i.MX6UL nvmem: imx: correct nregs for i.MX6SLL i2c: stm32f7: Fix PEC handling in case of SMBUS transfers i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR gtp: fix fragmentation needed check with gso igb: Fix potential memory leak in igb_add_ethtool_nfc_entry treewide: Spelling fix in comment r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 r8169: rename r8169.c to r8169_main.c virtio-mmio: fix memory leak of vm_dev virtio_balloon: Fix endless deflation and inflation on arm64 mcb-lpc: Reallocate memory region to avoid memory overlapping mcb: Return actual parsed size when reading chameleon table selftests/ftrace: Add new test case which checks non unique symbol mmc: core: sdio: hold retuning if sdio in 1-bit mode mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume Change-Id: Ife4a7158c93f0d2d4c464a3dee7563e01091d78b Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
bba5e67101 |
Merge tag 'ASB-2023-10-06_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2023-10-01 * tag 'ASB-2023-10-06_4.19-stable' of https://android.googlesource.com/kernel/common: UPSTREAM: net/sched: sch_hfsc: Ensure inner classes have fsc curve UPSTREAM: net: sched: sch_qfq: Fix UAF in qfq_dequeue() Linux 4.19.295 net/sched: Retire rsvp classifier net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller nfsd: fix change_info in NFSv4 RENAME replies btrfs: fix lockdep splat and potential deadlock after failure running delayed items attr: block mode changes of symlinks md/raid1: fix error: ISO C90 forbids mixed declarations kobject: Add sanity check for kset->kobj.ktype in kset_register() media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning serial: cpm_uart: Avoid suspicious locking scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc media: pci: cx23885: replace BUG with error return media: tuners: qt1010: replace BUG_ON with a regular error iio: core: Use min() instead of min_t() to make code more robust media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() media: anysee: fix null-ptr-deref in anysee_master_xfer media: af9005: Fix null-ptr-deref in af9005_i2c_xfer media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer powerpc/pseries: fix possible memory leak in ibmebus_bus_init() jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() ext2: fix datatype of block number in ext2_xattr_set2() md: raid1: fix potential OOB in raid1_remove_disk() drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() alx: fix OOB-read compiler warning tpm_tis: Resend command to recover from data transfer errors crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() wifi: mwifiex: fix fortify warning wifi: ath9k: fix printk specifier hw_breakpoint: fix single-stepping when using bpf_overflow_handler ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer btrfs: output extra debug info if we failed to find an inline backref autofs: fix memory leak of waitqueues in autofs_catatonic_mode parisc: Drop loops_per_jiffy from per_cpu struct drm/amd/display: Fix a bug when searching for insert_above_mpcc kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). ixgbe: fix timestamp configuration code kcm: Fix memory leak in error path of kcm_sendmsg() net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() perf hists browser: Fix hierarchy mode header mtd: rawnand: brcmnand: Fix potential false time out warning mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write mtd: rawnand: brcmnand: Fix crash during the panic_write btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART ata: pata_ftide010: Add missing MODULE_DESCRIPTION ata: sata_gemini: Add missing MODULE_DESCRIPTION netfilter: nfnetlink_osf: avoid OOB read idr: fix param name in idr_alloc_cyclic() doc igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 kcm: Destroy mutex in kcm_exit_net() net: sched: sch_qfq: Fix UAF in qfq_dequeue() af_unix: Fix data race around sk->sk_err. af_unix: Fix data-races around sk->sk_shutdown. af_unix: Fix data-race around unix_tot_inflight. af_unix: Fix data-races around user->unix_inflight. net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr veth: Fixing transmit return status for dropped packets igb: disable virtualization features on 82580 net: read sk->sk_family once in sk_mc_loop() pwm: lpc32xx: Remove handling of PWM channels watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() kconfig: fix possible buffer overflow NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info soc: qcom: qmi_encdec: Restrict string length in decode clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock parisc: led: Reduce CPU overhead for disk & lan LED computation parisc: led: Fix LAN receive and transmit LEDs drm/ast: Fix DRAM init on AST2200 fbdev/ep93xx-fb: Do not assign to struct fb_info.dev scsi: qla2xxx: Turn off noisy message log scsi: qla2xxx: fix inconsistent TMF timeout udf: initialize newblock to 0 usb: typec: tcpci: clear the fault status bit serial: sc16is7xx: fix broken port 0 uart init sc16is7xx: Set iobase to device index PCI/ATS: Add inline to pci_prg_resp_pasid_required() pstore/ram: Check start of empty przs during init net: handle ARPHRD_PPP in dev_is_mac_header_xmit() X.509: if signature is unsupported skip validation cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug crypto: stm32 - fix loop iterating through scatterlist for DMA dccp: Fix out of bounds access in DCCP error handler dlm: fix plock lookup when using multiple lockspaces parisc: Fix /proc/cpuinfo output for lscpu procfs: block chmod on /proc/thread-self/comm Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" ntb: Fix calculation ntb_transport_tx_free_entry() ntb: Clean up tx tail index on link down ntb: Drop packets when qp link is down media: dvb: symbol fixup for dvb_attach() backlight/lv5207lp: Compare against struct fb_info.device backlight/bd6107: Compare against struct fb_info.device backlight/gpio_backlight: Compare against struct fb_info.device ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() ipmi_si: fix a memleak in try_smi_init() ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl PM / devfreq: Fix leak in devfreq_dev_release() igb: set max size RX buffer when store bad packet is enabled skbuff: skb_segment, Call zero copy functions before using skbuff frags netfilter: xt_sctp: validate the flag_info count netfilter: xt_u32: validate user space input netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU dmaengine: ste_dma40: Add missing IRQ check in d40_probe um: Fix hostaudio build errors arch: um: drivers: Kconfig: pedantic formatting rpmsg: glink: Add check for kstrdup HID: multitouch: Correct devm device reference for hidinput input_dev name Revert "IB/isert: Fix incorrect release of isert connection" amba: bus: fix refcount leak serial: tegra: handle clk prepare error in tegra_uart_hw_init() scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock scsi: core: Use 32-bit hostnum in scsi_host_lookup() cgroup:namespace: Remove unused cgroup_namespaces_init() media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors media: ov2680: Fix vflip / hflip set functions media: ov2680: Fix ov2680_bayer_order() media: ov2680: Remove auto-gain and auto-exposure controls media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips USB: gadget: f_mass_storage: Fix unused variable warning media: go7007: Remove redundant if statement IB/uverbs: Fix an potential error pointer dereference dma-buf/sync_file: Fix docs syntax scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly x86/APM: drop the duplicate APM_MINOR_DEV macro scsi: qla4xxx: Add length check when parsing nlattrs scsi: be2iscsi: Add length check when parsing nlattrs scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() media: mediatek: vcodec: Return NULL if no vdec_fb is found media: cx24120: Add retval check for cx24120_message_send() media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() media: dib7000p: Fix potential division by zero drivers: usb: smsusb: fix error handling code in smsusb_init_device media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() media: v4l2-fwnode: simplify v4l2_fwnode_parse_link media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling media: Use of_node_name_eq for node name comparisons NFSD: da_addr_body field missing in some GETDEVICEINFO replies fs: lockd: avoid possible wrong NULL parameter jfs: validate max amount of blocks before allocation. powerpc/iommu: Fix notifiers being shared by PCI and VIO buses nfs/blocklayout: Use the passed in gfp flags wifi: ath10k: Use RMW accessors for changing LNKCTL drm/radeon: Use RMW accessors for changing LNKCTL drm/radeon: Prefer pcie_capability_read_word() drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions drm/radeon: Correct Transmit Margin masks drm/amdgpu: Use RMW accessors for changing LNKCTL drm/amdgpu: Prefer pcie_capability_read_word() drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions drm/amdgpu: Correct Transmit Margin masks PCI: Add #defines for Enter Compliance, Transmit Margin PCI: Decode PCIe 32 GT/s link speed PCI: Cleanup register definition width and whitespace PCI/ATS: Add pci_prg_resp_pasid_required() interface. PCI/ASPM: Use RMW accessors for changing LNKCTL PCI: pciehp: Use RMW accessors for changing LNKCTL PCI: Mark NVIDIA T4 GPUs to avoid bus reset clk: sunxi-ng: Modify mismatched function name drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() ALSA: ac97: Fix possible error value of *rac97 of: unittest: Fix overlay type in apply/revert check audit: fix possible soft lockup in __audit_inode_child() smackfs: Prevent underflow in smk_set_cipso() drm/msm/mdp5: Don't leak some plane state drm/msm: Replace drm_framebuffer_{un/reference} with put, get functions of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() drm/tegra: dpaux: Fix incorrect return value of platform_get_irq drm/tegra: Remove superfluous error messages around platform_get_irq() ARM: dts: BCM53573: Fix Ethernet info for Luxul devices drm: adv7511: Fix low refresh rate register for ADV7533/5 ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 ARM: dts: s5pv210: correct ethernet unit address in SMDKV210 ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210 ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210 ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) ARM: dts: s3c64xx: align pinctrl with dtschema ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410 ARM: dts: s3c6410: move fixed clocks under root node in Mini6410 ARM: dts: BCM53573: Use updated "spi-gpio" binding properties ARM: dts: BCM53573: Add cells sizes to PCIe node ARM: dts: BCM53573: Drop nonexistent #usb-cells ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller arm64: dts: msm8996: thermal: Add interrupt support quota: fix dqput() to follow the guarantees dquot_srcu should provide quota: add new helper dquot_active() quota: rename dquot_active() to inode_quota_active() quota: factor out dquot_write_dquot() quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list quota: add dqi_dirty_list description to comment of Dquot List Management netrom: Deny concurrent connect(). net/sched: sch_hfsc: Ensure inner classes have fsc curve net: arcnet: Do not call kfree_skb() under local_irq_disable() wifi: ath9k: use IS_ERR() with debugfs_create_dir() wifi: mwifiex: avoid possible NULL skb pointer dereference wifi: ath9k: protect WMI command response buffer replacement with a lock wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx wifi: mwifiex: Fix missed return in oob checks failed path wifi: mwifiex: fix memory leak in mwifiex_histogram_read() fs: ocfs2: namei: check return value of ocfs2_add_entry() lwt: Check LWTUNNEL_XMIT_CONTINUE strictly crypto: caam - fix unchecked return value error Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() wifi: mwifiex: fix error recovery in PCIE buffer descriptor management mwifiex: switch from 'pci_' to 'dma_' API mwifiex: drop 'set_consistent_dma_mask' log message wifi: mwifiex: Fix OOB and integer underflow when rx packets can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() regmap: rbtree: Use alloc_flags for memory allocations tcp: tcp_enter_quickack_mode() should be static bpf: Clear the probe_addr for uprobe cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() fs: Fix error checking for d_hash_and_lookup() netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation netfilter: nft_flow_offload: fix underflow in flowtable reference counter new helper: lookup_positive_unlocked() eventfd: prevent underflow for eventfd semaphores eventfd: Export eventfd_ctx_do_read() reiserfs: Check the return value from __getblk() Revert "net: macsec: preserve ingress frame ordering" udf: Handle error when adding extent to a file udf: Check consistency of Space Bitmap Descriptor powerpc/32s: Fix assembler warning about r0 powerpc/32: Include .branch_lt in data section net: Avoid address overwrite in kernel_connect ALSA: seq: oss: Fix racy open/close of MIDI devices cifs: add a warning when the in-flight count goes negative sctp: handle invalid error codes without calling BUG() bnx2x: fix page fault following EEH recovery netlabel: fix shift wrapping bug in netlbl_catmap_setlong() scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM net: usb: qmi_wwan: add Quectel EM05GV2 security: keys: perform capable check only on privileged operations platform/x86: intel: hid: Always call BTNL ACPI method ASoC: atmel: Fix the 8K sample parameter in I2SC master ASoc: codecs: ES8316: Fix DMIC config fs/nls: make load_nls() take a const parameter s390/dasd: fix hanging device after request requeue s390/dasd: use correct number of retries for ERP requests m68k: Fix invalid .section syntax vxlan: generalize vxlan_parse_gpe_hdr and remove unused args ethernet: atheros: fix return value check in atl1c_tso_csum() ASoC: da7219: Check for failure reading AAD IRQ events ASoC: da7219: Flush pending AAD IRQ when suspending 9p: virtio: make sure 'offs' is initialized in zc_request pinctrl: amd: Don't show `Invalid config param` errors nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() fsi: master-ast-cf: Add MODULE_FIRMWARE macro serial: sc16is7xx: fix bug when first setting GPIO direction Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition HID: wacom: remove the battery when the EKR is off USB: serial: option: add FOXCONN T99W368/T99W373 product USB: serial: option: add Quectel EM05G variant (0x030e) modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff mmc: au1xmmc: force non-modular build and remove symbol_get usage ARM: pxa: remove use of symbol_get() erofs: ensure that the post-EOF tails are all zeroed Conflicts: drivers/media/platform/mtk-vcodec/vdec/vdec_vp9_if.c Change-Id: I4498db3591235eb5f243a4e7217f4f737323ae6f Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
409a666605 |
Merge tag 'ASB-2023-04-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2023-04-01 CVE-2022-4696 CVE-2023-20941 * tag 'ASB-2023-04-05_4.19-stable' of https://android.googlesource.com/kernel/common: UPSTREAM: ext4: fix kernel BUG in 'ext4_write_inline_data_end()' UPSTREAM: fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY UPSTREAM: fsverity: Remove WQ_UNBOUND from fsverity read workqueue BACKPORT: blk-mq: clear stale request in tags->rq[] before freeing one request pool Linux 4.19.279 HID: uhid: Over-ride the default maximum data buffer value with our own HID: core: Provide new max_buffer_size attribute to over-ride the default serial: 8250_em: Fix UART port type drm/i915: Don't use stolen memory for ring buffers with LLC x86/mm: Fix use of uninitialized buffer in sme_enable() fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks ftrace: Fix invalid address access in lookup_rec() when index is 0 tracing: Make tracepoint lockdep check actually test something tracing: Check field value in hist_field_name() sh: intc: Avoid spurious sizeof-pointer-div warning drm/amdkfd: Fix an illegal memory access ext4: fix task hung in ext4_xattr_delete_inode ext4: fail ext4_iget if special inode unallocated jffs2: correct logic when creating a hole in jffs2_write_begin mmc: atmel-mci: fix race between stop command and start of next command media: m5mols: fix off-by-one loop termination error hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition hwmon: (adt7475) Fix masking of hysteresis registers hwmon: (adt7475) Display smoothing attributes in correct order ethernet: sun: add check for the mdesc_grab() net/iucv: Fix size of interrupt data net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull ipv4: Fix incorrect table ID in IOCTL path block: sunvdc: add check for mdesc_grab() returning NULL nvmet: avoid potential UAF in nvmet_req_complete() net: usb: smsc75xx: Limit packet length to skb->len nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails net: tunnels: annotate lockless accesses to dev->needed_headroom qed/qed_dev: guard against a possible division by zero nfc: pn533: initialize struct pn533_out_arg properly tcp: tcp_make_synack() can be called from process context clk: HI655X: select REGMAP instead of depending on it fs: sysfs_emit_at: Remove PAGE_SIZE alignment check ext4: fix cgroup writeback accounting with fs-layer encryption UPSTREAM: ext4: fix another off-by-one fsmap error on 1k block filesystems Linux 4.19.278 ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties net: caif: Fix use-after-free in cfusbl_device_notify() drm/i915: Don't use BAR mappings for ring buffers with LLC tipc: improve function tipc_wait_for_cond() media: ov5640: Fix analogue gain control PCI: Add SolidRun vendor ID macintosh: windfarm: Use unsigned type for 1-bit bitfields alpha: fix R_ALPHA_LITERAL reloc for large modules MIPS: Fix a compilation issue Revert "spi: mt7621: Fix an error message in mt7621_spi_probe()" scsi: core: Remove the /proc/scsi/${proc_name} directory earlier kbuild: generate modules.order only in directories visited by obj-y/m kbuild: fix false-positive need-builtin calculation udf: Detect system inodes linked into directory hierarchy udf: Preserve link count of system files udf: Remove pointless union in udf_inode_info udf: reduce leakage of blocks related to named streams udf: Explain handling of load_nls() failure nfc: change order inside nfc_se_io error path ext4: zero i_disksize when initializing the bootloader inode ext4: fix WARNING in ext4_update_inline_data ext4: move where set the MAY_INLINE_DATA flag is set ext4: fix another off-by-one fsmap error on 1k block filesystems ext4: fix RENAME_WHITEOUT handling for inline directories x86/CPU/AMD: Disable XSAVES on AMD family 0x17 fs: prevent out-of-bounds array speculation when closing a file descriptor Linux 4.19.277 staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" Linux 4.19.276 thermal: intel: powerclamp: Fix cur_state for multi package system f2fs: fix cgroup writeback accounting with fs-layer encryption media: uvcvideo: Fix race condition with usb_kill_urb media: uvcvideo: Provide sync and async uvc_ctrl_status_event tcp: Fix listen() regression in 4.19.270 s390/setup: init jump labels before command line parsing s390/maccess: add no DAT mode to kernel_write Bluetooth: hci_sock: purge socket queues in the destruct() callback phy: rockchip-typec: Fix unsigned comparison with less than zero usb: uvc: Enumerate valid values for color matching USB: ene_usb6250: Allocate enough memory for full object usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() tools/iio/iio_utils:fix memory leak mei: bus-fixup:upon error print return values of send and receive tty: serial: fsl_lpuart: disable the CTS when send break signal tty: fix out-of-bounds access in tty_driver_lookup_tty() media: uvcvideo: Silence memcpy() run-time false positive warnings media: uvcvideo: Handle errors from calls to usb_string media: uvcvideo: Handle cameras with invalid descriptors firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 tracing: Add NULL checks for buffer in ring_buffer_free_read_page() thermal: intel: quark_dts: fix error pointer dereference scsi: ipr: Work around fortify-string warning vc_screen: modify vcs_size() handling in vcs_read() tcp: tcp_check_req() can be called from process context ARM: dts: spear320-hmi: correct STMPE GPIO compatible nfc: fix memory leak of se_io context in nfc_genl_se_io 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() 9p/xen: fix connection sequence 9p/xen: fix version parsing net: fix __dev_kfree_skb_any() vs drop monitor netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() watchdog: pcwd_usb: Fix attempting to access uninitialized memory watchdog: Fix kmemleak in watchdog_cdev_register watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show() ubifs: ubifs_writepage: Mark page dirty after writing inode failed ubifs: dirty_cow_znode: Fix memleak in error handling path ubifs: Re-statistic cleaned znode count if commit failed ubi: Fix possible null-ptr-deref in ubi_free_volume() ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() ubi: Fix use-after-free when volume resizing failed ubifs: Reserve one leb for each journal head while doing budget ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 ubifs: Fix wrong dirty space budget for dirty inode ubifs: Rectify space budget for ubifs_xrename() ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted ubi: ensure that VID header offset + VID header size <= alloc, size um: vector: Fix memory leak in vector_config pwm: stm32-lp: fix the check on arr and cmp registers update fs/jfs: fix shift exponent db_agl2size negative net/sched: Retire tcindex classifier kbuild: Port silent mode detection to future gnu make. wifi: ath9k: use proper statements in conditionals drm/radeon: Fix eDP for single-display iMac11,2 PCI: Avoid FLR for AMD FCH AHCI adapters scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() scsi: ses: Fix possible desc_ptr out-of-bounds accesses scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() scsi: ses: Don't attach if enclosure has no components scsi: qla2xxx: Fix erroneous link down scsi: qla2xxx: Fix link failure in NPIV environment ktest.pl: Add RUN_TIMEOUT option with default unlimited ktest.pl: Fix missing "end_monitor" when machine check fails ktest.pl: Give back console on Ctrt^C on monitor media: ipu3-cio2: Fix PM runtime usage_count in driver unbind mips: fix syscall_get_nr alpha: fix FEN fault handling rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails ARM: dts: exynos: correct TMU phandle in Odroid XU ARM: dts: exynos: correct TMU phandle in Exynos4 dm flakey: don't corrupt the zero page dm flakey: fix logic when corrupting a bio wifi: cfg80211: Fix use after free for wext wifi: rtl8xxxu: Use a longer retry limit of 48 ext4: refuse to create ea block when umounted ext4: optimize ea_inode block expansion ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() irqdomain: Drop bogus fwspec-mapping error handling irqdomain: Fix disassociation race irqdomain: Fix association race ima: Align ima_file_mmap() parameters with mmap_file LSM hook Documentation/hw-vuln: Document the interaction between IBRS and STIBP x86/speculation: Allow enabling STIBP with legacy IBRS x86/microcode/AMD: Fix mixed steppings support x86/microcode/AMD: Add a @cpu parameter to the reloading functions x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range x86/kprobes: Fix __recover_optprobed_insn check optimizing logic x86/reboot: Disable SVM, not just VMX, when stopping CPUs x86/reboot: Disable virtualization in an emergency if SVM is supported x86/crash: Disable virt in core NMI crash handler to avoid double shootdown x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) udf: Fix file corruption when appending just after end of preallocated extent udf: Do not update file length for failed writes to inline files udf: Do not bother merging very long extents udf: Truncate added extents on failed expansion ocfs2: fix non-auto defrag path not working issue ocfs2: fix defrag path triggering jbd2 ASSERT f2fs: fix information leak in f2fs_move_inline_dirents() fs: hfsplus: fix UAF issue in hfsplus_put_super hfs: fix missing hfs_bnode_get() in __hfs_bnode_create ARM: dts: exynos: correct HDMI phy compatible in Exynos4 s390/kprobes: fix current_kprobe never cleared after kprobes reenter s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler s390: discard .interp section rtc: pm8xxx: fix set-alarm race firmware: coreboot: framebuffer: Ignore reserved pixel color bits wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu dm cache: add cond_resched() to various workqueue loops dm thin: add cond_resched() to various workqueue loops pinctrl: at91: use devm_kasprintf() to avoid potential leaks regulator: s5m8767: Bounds check id indexing into arrays regulator: max77802: Bounds check regulator id against opmode ASoC: kirkwood: Iterate over array indexes instead of using pointer math docs/scripts/gdb: add necessary make scripts_gdb step drm/msm/dsi: Add missing check for alloc_ordered_workqueue drm/radeon: free iio for atombios when driver shutdown drm/amd/display: Fix potential null-deref in dm_resume net/mlx5: fw_tracer: Fix debug print ACPI: video: Fix Lenovo Ideapad Z570 DMI match m68k: Check syscall_trace_enter() return code net: bcmgenet: Add a check for oversized packets ACPI: Don't build ACPICA with '-Os' inet: fix fast path in __inet_hash_connect() wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds x86/bugs: Reset speculation control settings on init timers: Prevent union confusion from unexpected restart_syscall() thermal: intel: Fix unsigned comparison with less than zero rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait() wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy udf: Define EFSCORRUPTED error code rpmsg: glink: Avoid infinite loop on intent for missing channel media: usb: siano: Fix use after free bugs caused by do_submit_urb media: i2c: ov7670: 0 instead of -EINVAL was returned media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() media: i2c: ov772x: Fix memleak in ov772x_probe() powerpc: Remove linker flag from KBUILD_AFLAGS media: platform: ti: Add missing check for devm_regulator_get MIPS: vpe-mt: drop physical_memsize powerpc/rtas: ensure 4KB alignment for rtas_data_buf powerpc/rtas: make all exports GPL powerpc/pseries/lparcfg: add missing RTAS retry status handling clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() powerpc/powernv/ioda: Skip unallocated resources when mapping to PE Input: ads7846 - don't check penirq immediately for 7845 Input: ads7846 - don't report pressure for ads7845 mtd: rawnand: sunxi: Fix the size of the last OOB region mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() selftests/ftrace: Fix bash specific "==" operator sparc: allow PM configs for sparc32 COMPILE_TEST perf tools: Fix auto-complete on aarch64 perf llvm: Fix inadvertent file creation gfs2: jdata writepage fix cifs: Fix warning and UAF when destroy the MR list cifs: Fix lost destroy smbd connection when MR allocate failed nfsd: fix race to check ls_layouts dm: remove flush_scheduled_work() during local_exit() hwmon: (mlxreg-fan) Return zero speed for broken fan spi: bcm63xx-hsspi: Fix multi-bit mode setting spi: bcm63xx-hsspi: fix pm_runtime scsi: aic94xx: Add missing check for dma_map_single() hwmon: (ltc2945) Handle error case in ltc2945_value_store gpio: vf610: connect GPIO label to dev name ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() drm/mediatek: Clean dangling pointer on bind error path drm/mediatek: Drop unbalanced obj unref gpu: host1x: Don't skip assigning syncpoints to channels drm/msm/dpu: Add check for pstates drm/msm: use strscpy instead of strncpy drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness ALSA: hda/ca0132: minor fix for allocation size pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours drm/msm/hdmi: Add missing check for alloc_ordered_workqueue gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() drm/vc4: dpi: Fix format mapping for RGB565 drm/vc4: dpi: Add option for inverting pixel clock and output enable drm: Clarify definition of the DRM_BUS_FLAG_(PIXDATA|SYNC)_* macros drm/bridge: megachips: Fix error handling in i2c_register_driver() drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC selftest: fib_tests: Always cleanup before exit irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts irqchip/irq-brcmstb-l2: Set IRQ_LEVEL for level triggered interrupts can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error wifi: mac80211: make rate u32 in sta_set_rate_info_rx() crypto: crypto4xx - Call dma_unmap_page when done wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() wifi: iwl4965: Add missing check for create_singlethread_workqueue() wifi: iwl3945: Add missing check for create_singlethread_workqueue RISC-V: time: initialize hrtimer based broadcast clock event device m68k: /proc/hardware should depend on PROC_FS crypto: rsa-pkcs1pad - Use akcipher_request_complete rds: rds_rm_zerocopy_callback() correct order for list_add_tail() libbpf: Fix alen calculation in libbpf_nla_dump_errormsg() Bluetooth: L2CAP: Fix potential user-after-free irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains net/mlx5: Enhance debug print in page allocation failure powercap: fix possible name leak in powercap_register_zone() crypto: seqiv - Handle EBUSY correctly ACPI: battery: Fix missing NUL-termination with large strings wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails ath9k: htc: clean up statistics macros ath9k: hif_usb: simplify if-if to if-else wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function wifi: orinoco: check return value of hermes_write_wordrec() ACPICA: nsrepair: handle cases without a return value correctly lib/mpi: Fix buffer overrun when SG is too long genirq: Fix the return type of kstat_cpu_irqs_sum() ACPICA: Drop port I/O validation for some regions wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas: if_usb: don't call kfree_skb() under spin_lock_irqsave() wifi: libertas_tf: don't call kfree_skb() under spin_lock_irqsave() wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() wifi: ipw2200: fix memory leak in ipw_wdev_init() wifi: ipw2x00: don't call dev_kfree_skb() under spin_lock_irqsave() ipw2x00: switch from 'pci_' to 'dma_' API wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() rtlwifi: fix -Wpointer-sign warning wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave() wifi: libertas: fix memory leak in lbs_init_adapter() wifi: rsi: Fix memory leak in rsi_coex_attach() block: bio-integrity: Copy flags when bio_integrity_payload is cloned blk-mq: remove stale comment for blk_mq_sched_mark_restart_hctx arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name arm64: dts: amlogic: meson-gx: add missing unit address to rng node name arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name arm64: dts: meson-axg: enable SCPI arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name ARM: imx: Call ida_simple_remove() for ida_simple_get ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address arm64: dts: meson-gx: Fix Ethernet MAC address unit name ARM: zynq: Fix refcount leak in zynq_early_slcr_init ARM: OMAP2+: Fix memory leak in realtime_counter_init() HID: asus: use spinlock to safely schedule workers HID: asus: use spinlock to protect concurrent accesses HID: asus: Remove check for same LED brightness on set Conflicts: drivers/gpu/drm/mediatek/mtk_drm_drv.c Change-Id: I8ed30840ecc6696815fac3f6026d4084f6611fdb Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
4e9a406212 |
Merge tag 'ASB-2022-11-01_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2022-11-01 * tag 'ASB-2022-11-01_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.264 can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive net/mlx5e: Do not increment ESN when updating IPsec ESN state net: ehea: fix possible memory leak in ehea_register_port() openvswitch: switch from WARN to pr_warn ALSA: aoa: Fix I2S device accounting ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() PM: domains: Fix handling of unavailable/disabled idle states net: ksz884x: fix missing pci_disable_device() on error in pcidev_init() i40e: Fix flow-type by setting GL_HASH_INSET registers i40e: Fix VF hang when reset is triggered on another VF i40e: Fix ethtool rx-flow-hash setting for X722 media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' media: v4l2-dv-timings: add sanity checks for blanking values media: vivid: dev->bitmap_cap wasn't freed in all cases media: vivid: s_fbuf: add more sanity checks PM: hibernate: Allow hybrid sleep to work with s2idle can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path tcp: fix indefinite deferral of RTO with SACK reneging net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed kcm: annotate data-races around kcm->rx_wait kcm: annotate data-races around kcm->rx_psock amd-xgbe: add the bit rate quirk for Molex cables amd-xgbe: fix the SFP compliance codes check for DAC cables x86/unwind/orc: Fix unreliable stack dump with gcov net: netsec: fix error handling in netsec_register_mdio() tipc: fix a null-ptr-deref in tipc_topsrv_accept ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() arc: iounmap() arg is volatile drm/msm: Fix return type of mdp4_lvds_connector_mode_valid net: ieee802154: fix error return code in dgram_bind() mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages xen/gntdev: Prevent leaking grants Xen/gntdev: don't ignore kernel unmapping error s390/futex: add missing EX_TABLE entry to __futex_atomic_op() perf auxtrace: Fix address filter symbol name match for modules kernfs: fix use-after-free in __kernfs_remove mmc: core: Fix kernel panic when remove non-standard SDIO card drm/msm/hdmi: fix memory corruption with too many bridges drm/msm/dsi: fix memory corruption with too many bridges mac802154: Fix LQI recording fbdev: smscufx: Fix several use-after-free bugs iio: light: tsl2583: Fix module unloading tools: iio: iio_utils: fix digit calculation xhci: Remove device endpoints from bandwidth list when freeing the device usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller usb: bdc: change state when port disconnected usb: dwc3: gadget: Don't set IMI for no_interrupt usb: dwc3: gadget: Stop processing more requests on IMI USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM ALSA: au88x0: use explicitly signed char ALSA: Use del_timer_sync() before freeing timer can: kvaser_usb: Fix possible completions during init_completion mm: /proc/pid/smaps_rollup: fix no vma's null-deref hv_netvsc: Fix race between VF offering and VF association message from host Makefile.debug: re-enable debug info for .S files ACPI: video: Force backlight native for more TongFang devices media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls iommu/vt-d: Clean up si_domain in the init_dmars() error path net: hns: fix possible memory leak in hnae_ae_register() net: sched: cake: fix null pointer access issue when cake_init() fails net/atm: fix proc_mpc_write incorrect return value HID: magicmouse: Do not set BTN_MOUSE on double report tipc: fix an information leak in tipc_topsrv_kern_subscr tipc: Fix recognition of trial period ACPI: extlog: Handle multiple records btrfs: fix processing of delayed tree block refs during backref walking btrfs: fix processing of delayed data refs during backref walking r8152: add PID for the Lenovo OneLink+ Dock arm64: errata: Remove AES hwcap for COMPAT tasks media: venus: dec: Handle the case where find_format fails KVM: arm64: vgic: Fix exit condition in scan_its_table() ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS ata: ahci-imx: Fix MODULE_ALIAS hwmon/coretemp: Handle large core ID value x86/microcode/AMD: Apply the patch early on every logical thread ocfs2: fix BUG when iput after ocfs2_mknod fails ocfs2: clear dinode links count in case of error UPSTREAM: once: fix section mismatch on clang builds Revert "serial: 8250: Fix restoring termios speed after suspend" UPSTREAM: ARM: 8788/1: ftrace: remove old mcount support Linux 4.19.263 once: fix section mismatch on clang builds Linux 4.19.262 gcov: support GCC 12.1 and newer compilers thermal: intel_powerclamp: Use first online CPU as control_cpu inet: fully convert sk->sk_rx_dst to RCU rules efi: libstub: drop pointless get_memory_map() call md: Replace snprintf with scnprintf ext4: continue to expand file system when the target size doesn't reach net/ieee802154: don't warn zero-sized raw_sendmsg() net: ieee802154: return -EINVAL for unknown addr type perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc clk: bcm2835: Make peripheral PLLC critical usb: idmouse: fix an uninit-value in idmouse_open nvme: copy firmware_rev on each init Revert "usb: storage: Add quirk for Samsung Fit flash" usb: musb: Fix musb_gadget.c rxstate overflow bug usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d HID: roccat: Fix use-after-free in roccat_read() ata: libahci_platform: Sanity check the DT child nodes number staging: vt6655: fix potential memory leak power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() nbd: Fix hung when signal interrupts nbd_start_device_ioctl() scsi: 3w-9xxx: Avoid disabling device if failing to enable it media: cx88: Fix a null-ptr-deref bug in buffer_prepare() ARM: dts: imx6sx: add missing properties for sram ARM: dts: imx6sll: add missing properties for sram ARM: dts: imx6sl: add missing properties for sram ARM: dts: imx6qp: add missing properties for sram ARM: dts: imx6dl: add missing properties for sram ARM: dts: imx6q: add missing properties for sram ARM: dts: imx7d-sdb: config the max pressure for tsc2046 drm/amdgpu: fix initial connector audio value platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading drm: panel-orientation-quirks: Add quirk for Anbernic Win600 drm/vc4: vec: Fix timings for VEC modes drm/amd/display: fix overflow on MIN_I64 definition drm: Prevent drm_copy_field() to attempt copying a NULL pointer drm: Use size_t type for len variable in drm_copy_field() r8152: Rate limit overflow messages Bluetooth: L2CAP: Fix user-after-free net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory wifi: rt2x00: correctly set BBP register 86 for MT7620 wifi: rt2x00: set SoC wmac clock register wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 can: bcm: check the result of can_send() in bcm_can_tx() Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() xfrm: Update ipcomp_scratches with NULL when freed wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() tcp: annotate data-race around tcp_md5sig_pool_populated openvswitch: Fix overreporting of drops in dropwatch openvswitch: Fix double reporting of drops in dropwatch wifi: brcmfmac: fix invalid address access when enabling SCAN log level NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue MIPS: BCM47XX: Cast memcmp() of function to (void *) ACPI: video: Add Toshiba Satellite/Portege Z830 quirk f2fs: fix race condition on setting FI_NO_EXTENT flag crypto: cavium - prevent integer overflow loading firmware iommu/iova: Fix module config properly iommu/omap: Fix buffer overflow in debugfs powerpc: Fix SPE Power ISA properties for e500v1 platforms powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition powerpc/powernv: add missing of_node_put() in opal_export_attrs() powerpc/pci_dn: Add missing of_node_put() powerpc/sysdev/fsl_msi: Add missing of_node_put() powerpc/math_emu/efp: Include module.h mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration spmi: pmic-arb: correct duplicate APID to PPID mapping logic dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() mfd: sm501: Add check for platform_driver_register() mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() mfd: lp8788: Fix an error handling path in lp8788_probe() mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() fsi: core: Check error number after calling ida_simple_get serial: 8250: Fix restoring termios speed after suspend firmware: google: Test spinlock on panic path to avoid lockups staging: vt6655: fix some erroneous memory clean-up loops phy: qualcomm: call clk_disable_unprepare in the error handling drivers: serial: jsm: fix some leaks in probe usb: gadget: function: fix dangling pnp_string in f_printer.c xhci: Don't show warning for reinit on known broken suspend md/raid5: Ensure stripe_fill happens on non-read IO with journal ata: fix ata_id_has_dipm() ata: fix ata_id_has_ncq_autosense() ata: fix ata_id_has_devslp() ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() mtd: devices: docg3: check the return value of devm_ioremap() in the probe dyndbg: let query-modname override actual module name dyndbg: fix module.dyndbg handling RDMA/rxe: Fix the error caused by qp->sk RDMA/rxe: Fix "kernel NULL pointer dereference" error media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init tty: xilinx_uartps: Fix the ignore_status media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop HSI: omap_ssi_port: Fix dma_map_sg error check HSI: omap_ssi: Fix refcount leak in ssi_probe clk: tegra20: Fix refcount leak in tegra20_clock_init clk: tegra: Fix refcount leak in tegra114_clock_init clk: tegra: Fix refcount leak in tegra210_clock_init clk: berlin: Add of_node_put() for of_get_parent() clk: oxnas: Hold reference returned by of_get_parent() iio: ABI: Fix wrong format of differential capacitance channel ABI. iio: inkern: only release the device node when done with it iio: adc: at91-sama5d2_adc: check return status for pressure and touch iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX ARM: dts: exynos: fix polarity of VBUS GPIO of Origen ARM: Drop CMDLINE_* dependency on ATAGS ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family ARM: dts: kirkwood: lsxl: remove first ethernet port ARM: dts: kirkwood: lsxl: fix serial line ARM: dts: turris-omnia: Fix mpp26 pin name and comment soc: qcom: smem_state: Add refcounting for the 'state->of_node' soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() memory: of: Fix refcount leak bug in of_get_ddr_timings() ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() ALSA: dmaengine: increment buffer pointer atomically drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() drm/bridge: megachips: Fix a null pointer dereference bug platform/x86: msi-laptop: Fix resource cleanup platform/x86: msi-laptop: Fix old-ec check for backlight registering platform/chrome: fix double-free in chromeos_laptop_prepare() drm/mipi-dsi: Detach devices when removing the host drm: bridge: adv7511: fix CEC power down control register offset net: mvpp2: fix mvpp2 debugfs leak once: add DO_ONCE_SLOW() for sleepable contexts bnx2x: fix potential memory leak in bnx2x_tpa_stop() net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited sctp: handle the error returned from sctp_auth_asoc_init_active_key mISDN: fix use-after-free bugs in l1oip timer handlers vhost/vsock: Use kvmalloc/kvfree for larger packets. spi: s3c64xx: Fix large transfers with DMA netfilter: nft_fib: Fix for rpath check with VRF devices spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe bpf: Ensure correct locking around vulnerable function find_vpid() net: fs_enet: Fix wrong check in do_pd_setup wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration bpf: btf: fix truncated last_member_type_id in btf_struct_resolve wifi: rtl8xxxu: Fix skb misuse in TX queue selection spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() spi: mt7621: Fix an error message in mt7621_spi_probe() bpftool: Fix a wrong type cast in btf_dumper_int wifi: mac80211: allow bw change during channel switch in mesh wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() sh: machvec: Use char[] for section boundaries selinux: use "grep -E" instead of "egrep" KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility ring-buffer: Fix race between reset page and reading page ring-buffer: Check pending waiters when doing wake ups as well ring-buffer: Allow splice to read previous partially read pages ftrace: Properly unset FTRACE_HASH_FL_MOD livepatch: fix race between fork and KLP transition ext4: place buffer head allocation before handle start ext4: make ext4_lazyinit_thread freezable ext4: fix null-ptr-deref in ext4_write_info ext4: avoid crash when inline data creation follows DIO write nilfs2: fix use-after-free bug of struct nilfs_root riscv: fix build with binutils 2.38 btrfs: fix race between quota enable and quota rescan ioctl fbdev: smscufx: Fix use-after-free in ufx_ops_open() PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK riscv: Allow PROT_WRITE-only mmap() parisc: fbdev/stifb: Align graphics memory size to 4MB Revert "fs: check FMODE_LSEEK to control internal pipe splicing" regulator: qcom_rpm: Fix circular deferral regression quota: Check next/prev free block number after reading from quota file HID: multitouch: Add memory barriers fs: dlm: handle -EBUSY first in lock arg validation fs: dlm: fix race between test_bit() and queue_work() can: kvaser_usb_leaf: Fix CAN state after restart can: kvaser_usb_leaf: Fix TX queue out of sync after restart can: kvaser_usb_leaf: Fix overread with an invalid command can: kvaser_usb: Fix use of uninitialized completion usb: add quirks for Lenovo OneLink+ Dock iio: dac: ad5593r: Fix i2c read protocol requirements mtd: rawnand: atmel: Unmap streaming DMA mappings ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 ALSA: usb-audio: Fix NULL dererence at error path ALSA: usb-audio: Fix potential memory leaks ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() ALSA: oss: Fix potential deadlock at unregistration Input: xpad - fix wireless 360 controller breaking after suspend Input: xpad - add supported devices as contributed on github wifi: mac80211_hwsim: avoid mac80211 warning on bad rate random: use expired timer rather than wq for mixing fast pool random: avoid reading two cache lines on irq randomness random: restore O_NONBLOCK support USB: serial: qcserial: add new usb-id for Dell branded EM7455 scsi: stex: Properly zero out the passthrough command structure ALSA: hda: Fix position reporting on Poulsbo random: clamp credited irq bits to maximum mixed ceph: don't truncate file in atomic_open nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure nilfs2: fix leak of nilfs_root in case of writer thread creation failure nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() rpmsg: qcom: glink: replace strncpy() with strscpy_pad() mmc: core: Terminate infinite loop in SD-UHS voltage switch mmc: core: Replace with already defined values for readability USB: serial: ftdi_sio: fix 300 bps rate for SIO usb: mon: make mmapped memory read only um: Cleanup compiler warning in arch/x86/um/tls_32.c um: Cleanup syscall_handler_t cast in syscalls_32.h net/ieee802154: fix uninit value bug in dgram_sendmsg scsi: qedf: Fix a UAF bug in __qedf_probe() ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property firmware: arm_scmi: Add SCMI PM driver remove routine fs: fix UAF/GPF bug in nilfs_mdt_destroy ARM: fix function graph tracer and unwinder dependencies docs: update mediator information in CoC docs Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 BACKPORT: arm64: compat: vdso: Use legacy syscalls as fallback ANDROID: Drop explicit 'CONFIG_INIT_STACK_ALL_ZERO=y' from gki_defconfig UPSTREAM: hardening: Remove Clang's enable flag for -ftrivial-auto-var-init=zero UPSTREAM: hardening: Avoid harmless Clang option under CONFIG_INIT_STACK_ALL_ZERO UPSTREAM: hardening: Clarify Kconfig text for auto-var-init ANDROID: Fix kenelci build-break for !CONFIG_PERF_EVENTS UPSTREAM: f2fs: guarantee to write dirty data when enabling checkpoint back Conflicts: drivers/media/v4l2-core/v4l2-mem2mem.c Change-Id: I3c51e7c66eb498f31efe107d121b411361439ac4 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
de12f109ac |
Merge tag 'ASB-2022-10-01_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2022-10-01 CVE-2022-1786 CVE-2022-20421 CVE-2022-20422 CVE-2022-20423 CVE-2022-20409 * tag 'ASB-2022-10-01_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.261 clk: iproc: Do not rely on node name for correct PLL setup selftests: Fix the if conditions of in test_extra_filter() nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices nvme: add new line after variable declatation usbnet: Fix memory leak in usbnet_disconnect() Input: melfas_mip4 - fix return value check in mip4_probe() Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" soc: sunxi: sram: Fix debugfs info for A64 SRAM C soc: sunxi: sram: Fix probe function ordering issues soc: sunxi: sram: Prevent the driver from being unbound soc: sunxi: sram: Actually claim SRAM regions ima: Free the entire rule if it fails to parse ima: Free the entire rule when deleting a list of rules ima: Have the LSM free its audit rule mm/migrate_device.c: flush TLB while holding PTL mm: prevent page_frag_alloc() from corrupting the memory mm/page_alloc: fix race condition between build_all_zonelists and page allocation mmc: moxart: fix 4-bit bus width and remove 8-bit bus width libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() ARM: dts: integrator: Tag PCI host with device_type net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 uas: ignore UAS for Thinkplus chips usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS uas: add no-uas quirk for Hiksemi usb_disk Linux 4.19.260 ext4: make directory inode spreading reflect flexbg size usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality workqueue: don't skip lockdep work dependency in cancel_work_sync() drm/rockchip: Fix return type of cdn_dp_connector_mode_valid drm/amd/display: Limit user regamma to a valid value Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting serial: Create uart_xmit_advance() net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD perf kcore_copy: Do not check /proc/modules is unchanged perf jit: Include program header in ELF files can: gs_usb: gs_can_open(): fix race dev->can.state condition netfilter: ebtables: fix memory leak when blob is malformed of: mdio: Add of_node_put() when breaking out of for_each_xx i40e: Fix set max_tx_rate when it is lower than 1 Mbps i40e: Fix VF set max MTU size MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko net: team: Unsync device addresses on ndo_stop ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header iavf: Fix cached head and tail value for iavf_get_tx_pending netfilter: nf_conntrack_irc: Tighten matching on DCC message netfilter: nf_conntrack_sip: fix ct_sip_walk_headers arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz mm/slub: fix to return errno if kmalloc() fails efi: libstub: check Shim mode using MokSBStateRT ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop ALSA: hda: add Intel 5 Series / 3400 PCI DID ALSA: hda/tegra: set depop delay for tegra USB: serial: option: add Quectel RM520N USB: serial: option: add Quectel BG95 0x0203 composition USB: core: Fix RST error in hub.c wifi: mac80211: Fix UAF in ieee80211_scan_rx() usb: dwc3: pci: add support for the Intel Alder Lake-S usb: dwc3: pci: add support for the Intel Jasper Lake usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant usb: dwc3: pci: add support for TigerLake Devices usb: dwc3: pci: Add Support for Intel Elkhart Lake Devices ALSA: hda/sigmatel: Fix unused variable warning for beep power change video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write mksysmap: Fix the mismatch of 'L0' symbols in System.map MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() net: usb: qmi_wwan: add Quectel RM520N ALSA: hda/sigmatel: Keep power up while beep is enabled rxrpc: Fix local destruction being repeated regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() ASoC: nau8824: Fix semaphore unbalance at error paths cifs: don't send down the destination address to sendmsg for a SOCK_STREAM mvpp2: no need to check return value of debugfs_create functions nvmet: fix a use-after-free parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() drm/meson: Correct OSD1 global alpha value gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx of: fdt: fix off-by-one error in unflatten_dt_nodes() Revert "xhci: Add grace period after xHC start to prevent premature runtime suspend." Revert "USB: core: Prevent nested device-reset calls" Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse" Revert "sched/deadline: Fix priority inheritance with multiple scheduling classes" Revert "kernel/sched: Remove dl_boosted flag comment" Revert "fs: check FMODE_LSEEK to control internal pipe splicing" Linux 4.19.259 tracefs: Only clobber mode/uid/gid on remount if asked net: dp83822: disable rx error interrupt mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes perf/arm_pmu_platform: fix tests for platform_get_irq() failure Input: iforce - add support for Boeder Force Feedback Wheel ieee802154: cc2520: add rc code in cc2520_tx() tg3: Disable tg3 device on system reboot to avoid triggering AER HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo drm/msm/rd: Fix FIFO-full deadlock Linux 4.19.258 SUNRPC: use _bh spinlocking on ->transport_lock MIPS: loongson32: ls1c: Fix hang during startup x86/nospec: Fix i386 RSB stuffing usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup USB: serial: ch341: fix disabled rx timer on older devices USB: serial: ch341: fix lost character on LCR updates usb: dwc3: fix PHY disable sequence sch_sfb: Also store skb len before calling child enqueue tcp: fix early ETIMEDOUT after spurious non-SACK RTO RDMA/mlx5: Set local port to one when accessing counters ipv6: sr: fix out-of-bounds read when setting HMAC data. i40e: Fix kernel crash during module removal tipc: fix shift wrapping bug in map_get() sch_sfb: Don't assume the skb is still around after enqueueing to child netfilter: nf_conntrack_irc: Fix forged IP logic netfilter: br_netfilter: Drop dst references before setting. soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs scsi: mpt3sas: Fix use-after-free warning debugfs: add debugfs_lookup_and_remove() kprobes: Prohibit probes in gate area ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() ALSA: aloop: Fix random zeros in capture data when using jiffies timer ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() drm/radeon: add a force flush to delay work when radeon drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. ALSA: seq: Fix data-race at module auto-loading ALSA: seq: oss: Fix data-race for max_midi_devs access net: mac802154: Fix a condition in the receive path wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS USB: core: Prevent nested device-reset calls s390: fix nospec table alignments s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages usb-storage: Add ignore-residue quirk for NXP PN7462AU USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) usb: dwc2: fix wrong order of phy_power_on and phy_init usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode USB: serial: option: add Quectel EM060K modem USB: serial: option: add support for OPPO R11 diag port USB: serial: cp210x: add Decagon UCA device id xhci: Add grace period after xHC start to prevent premature runtime suspend. thunderbolt: Use the actual buffer in tb_async_error() hwmon: (gpio-fan) Fix array out of bounds access Input: rk805-pwrkey - fix module autoloading clk: core: Fix runtime PM sequence in clk_core_unprepare() Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" binder: fix UAF of ref->proc caused by race condition USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id vt: Clear selection before changing the font staging: rtl8712: fix use after free bugs serial: fsl_lpuart: RS485 RTS polariy is inverse net/smc: Remove redundant refcount increase Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" tcp: annotate data-race around challenge_timestamp sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb kcm: fix strp_init() order and cleanup ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler Revert "xhci: turn off port power in shutdown" wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() ieee802154/adf7242: defer destroy_workqueue call platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg drm/msm/dsi: fix the inconsistent indenting net: dp83822: disable false carrier interrupt Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" fs: only do a memory barrier for the first set_buffer_uptodate() wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() efi: capsule-loader: Fix use-after-free in efi_capsule_write driver core: Don't probe devices after bus_type.match() probe deferral Revert "USB: HCD: Fix URB giveback issue in tasklet function" Linux 4.19.257 net: neigh: don't call kfree_skb() under spin_lock_irqsave() kprobes: don't call disarm_kprobe() for disabled kprobes netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y s390/hypfs: avoid error message under KVM neigh: fix possible DoS due to net iface start/stop loop drm/amd/display: clear optc underflow before turn off odm clock mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead fbdev: fb_pm2fb: Avoid potential divide by zero error HID: hidraw: fix memory leak in hidraw_release() media: pvrusb2: fix memory leak in pvr_probe HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report Bluetooth: L2CAP: Fix build errors in some archs kbuild: Fix include path in scripts/Makefile.modpost x86/bugs: Add "unknown" reporting for MMIO Stale Data s390/mm: do not trigger write fault when vma does not allow VM_WRITE selftests/bpf: Fix test_align verifier log patterns bpf: Fix the off-by-two error in range markings arm64: map FDT as RW for early_init_dt_scan() mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq md: call __md_stop_writes in md_stop mm/hugetlb: fix hugetlb not supporting softdirty tracking s390: fix double free of GS and RI CBs on fork() failure asm-generic: sections: refactor memory_intersects loop: Check for overflow while configuring loop x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry btrfs: check if root is readonly while setting security xattr ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter net: Fix a data-race around sysctl_somaxconn. net: Fix a data-race around netdev_budget_usecs. net: Fix a data-race around netdev_budget. net: Fix a data-race around sysctl_net_busy_read. net: Fix a data-race around sysctl_net_busy_poll. net: Fix a data-race around sysctl_tstamp_allow_data. ratelimit: Fix data-races in ___ratelimit(). net: Fix data-races around netdev_tstamp_prequeue. net: Fix data-races around weight_p and dev_weight_[rt]x_bias. netfilter: nft_tunnel: restrict it to netdev family netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families netfilter: nft_payload: do not truncate csum_offset and csum_type netfilter: nft_payload: report ERANGE for too long offset and length netfilter: ebtables: reject blobs that don't provide all entry points net: ipvtap - add __init/__exit annotations to module init/exit funcs bonding: 802.3ad: fix no transmission of LACPDUs rose: check NULL rose_loopback_neigh->loopback af_key: Do not call xfrm_probe_algs in parallel xfrm: fix refcount leak in __xfrm_policy_check() kernel/sched: Remove dl_boosted flag comment sched/deadline: Fix priority inheritance with multiple scheduling classes sched/deadline: Fix stale throttling on de-/boosted tasks sched/deadline: Unthrottle PI boosted threads while enqueuing pinctrl: amd: Don't save/restore interrupt status and wake status bits kernel/sys_ni: add compat entry for fadvise64_64 parisc: Fix exception handler for fldw and fstw instructions audit: fix potential double free on error path from fsnotify_add_inode_mark Linux 4.19.256 btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() btrfs: only write the sectors in the vertical stripe which has data stripes tracing/probes: Have kprobes and uprobes use $COMM too tee: add overflow check in register_shm_helper() MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 video: fbdev: i740fb: Check the argument of i740_calc_vclk() powerpc/64: Init jump labels before parse_early_param() smb3: check xattr value length earlier f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() ALSA: timer: Use deferred fasync helper ALSA: core: Add async signal helpers watchdog: export lockup_detector_reconfigure RISC-V: Add fast call path of crash_kexec() riscv: mmap with PROT_WRITE but no PROT_READ is invalid mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start vfio: Clear the caps->buf to NULL after free tty: serial: Fix refcount leak bug in ucc_uart.c lib/list_debug.c: Detect uninitialized lists ext4: avoid resizing to a partial cluster size ext4: avoid remove directory when directory is corrupted drivers:md:fix a potential use-after-free bug dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed cxl: Fix a memory leak in an error handling path gadgetfs: ep_io - wait until IRQ finishes clk: qcom: ipq8074: dont disable gcc_sleep_clk_src vboxguest: Do not use devm for irq usb: renesas: Fix refcount leak bug usb: host: ohci-ppc-of: Fix refcount leak bug irqchip/tegra: Fix overflow implicit truncation warnings PCI: Add ACS quirk for Broadcom BCM5750x NICs drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() locking/atomic: Make test_and_*_bit() ordered on failure gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file igb: Add lock to avoid data race fec: Fix timer capture timing in `fec_ptp_enable_pps()` i40e: Fix to stop tx_timeout recovery if GLOBR fails powerpc/pci: Fix get_phb_number() locking netfilter: nf_tables: really skip inactive sets when allocating name nios2: add force_successful_syscall_return() nios2: restarts apply only to the first sigframe we build... nios2: fix syscall restart checks nios2: traced syscall does need to check the syscall number nios2: don't leave NULLs in sys_call_table[] nios2: page fault et.al. are *not* restartable syscalls... atm: idt77252: fix use-after-free bugs caused by tst_timer xen/xenbus: fix return type in xenbus_file_read() NTB: ntb_tool: uninitialized heap data in tool_fn_write() tools build: Switch to new openssl API for test-libcrypto vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() vsock: Fix memory leak in vsock_connect() geneve: do not use RT_TOS for IPv6 flowlabel ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map SUNRPC: Reinitialise the backchannel request buffers before reuse NFSv4/pnfs: Fix a use-after-free bug in open NFSv4.1: RECLAIM_COMPLETE must handle EACCES NFSv4: Fix races in the legacy idmapper upcall apparmor: Fix memleak in aa_simple_write_to_buffer() apparmor: fix reference count leak in aa_pivotroot() apparmor: fix overlapping attachment computation apparmor: fix aa_label_asxprint return check apparmor: Fix failed mount permission check error message apparmor: fix absroot causing audited secids to begin with = apparmor: fix quiet_denied for file rules can: ems_usb: fix clang's -Wunaligned-access warning tracing: Have filter accept "common_cpu" to be consistent btrfs: fix lost error handling when looking up extended ref on log replay mmc: pxamci: Fix an error handling path in pxamci_probe() mmc: pxamci: Fix another error handling path in pxamci_probe() ata: libata-eh: Add missing command name rds: add missing barrier to release_refill ALSA: info: Fix llseek return value when using callback powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E powerpc/mm: Split dump_pagelinuxtables flag_array table firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails net_sched: cls_route: disallow handle of 0 net/9p: Initialize the iounit field during fid creation Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" scsi: sg: Allow waiting for commands to complete on removed device tcp: fix over estimation in sk_forced_mem_schedule() KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq KVM: Add infrastructure and macro to mark VM as bugged btrfs: reject log replay if there is unsupported RO compat flag net_sched: cls_route: remove from list when handle is 0 ACPI: CPPC: Do not prevent CPPC from working in the future dm writecache: set a default MAX_WRITEBACK_JOBS dm raid: fix address sanitizer warning in raid_status dm raid: fix address sanitizer warning in raid_resume intel_th: pci: Add Meteor Lake-P support intel_th: pci: Add Raptor Lake-S PCH support intel_th: pci: Add Raptor Lake-S CPU support ext4: correct the misjudgment in ext4_iget_extra_inode ext4: correct max_inline_xattr_value_size computing ext4: fix extent status tree race in writeback error recovery path ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix use-after-free in ext4_xattr_set_entry ext4: make sure ext4_append() always allocates new block ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h spmi: trace: fix stack-out-of-bound access in SPMI tracing functions x86/olpc: fix 'logical not is only applied to the left hand side' scsi: zfcp: Fix missing auto port scan and thus missing target ports video: fbdev: s3fb: Check the size of screen before memset_io() video: fbdev: arkfb: Check the size of screen before memset_io() video: fbdev: vt8623fb: Check the size of screen before memset_io() tools/thermal: Fix possible path truncations video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() x86/numa: Use cpumask_available instead of hardcoded NULL check scripts/faddr2line: Fix vmlinux detection on arm64 genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO powerpc/pci: Fix PHB numbering when using opal-phbid kprobes: Forbid probing on trampoline and BPF code areas powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address powerpc/xive: Fix refcount leak in xive_get_max_prio powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 video: fbdev: sis: fix typos in SiS_GetModeID() video: fbdev: amba-clcd: Fix refcount leak bugs ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() s390/zcore: fix race when reading from hardware system area iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop mfd: t7l66xb: Drop platform disable callback kfifo: fix kfifo_to_user() return type rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge iommu/exynos: Handle failed IOMMU device registration properly tty: n_gsm: fix missing corner cases in gsmld_poll() tty: n_gsm: fix DM command tty: n_gsm: fix wrong T1 retry count handling vfio/ccw: Do not change FSM state in subchannel event remoteproc: qcom: wcnss: Fix handling of IRQs tty: n_gsm: fix race condition in gsmld_write() tty: n_gsm: fix packet re-transmission without open control channel tty: n_gsm: fix non flow control frames during mux flow off profiling: fix shift too large makes kernel panic serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe ASoC: codecs: da7210: add check for i2c_add_driver ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted ext4: recover csum seed of tmp_inode after migrating to extents null_blk: fix ida error handling in null_add_dev() RDMA/rxe: Fix error unwind in rxe_create_qp() mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region platform/olpc: Fix uninitialized data in debugfs write USB: serial: fix tty-port initialized comments HID: alps: Declare U1_UNICORN_LEGACY support mmc: cavium-thunderx: Add of_node_put() when breaking out of loop mmc: cavium-octeon: Add of_node_put() when breaking out of loop gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() RDMA/hfi1: fix potential memory leak in setup_base_ctxt() usb: gadget: udc: amd5536 depends on HAS_DMA scsi: smartpqi: Fix DMA direction for RAID requests mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R memstick/ms_block: Fix a memory leak memstick/ms_block: Fix some incorrect memory allocation mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback soundwire: bus_type: fix remove and shutdown support clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks clk: qcom: ipq8074: fix NSS port frequency tables misc: rtsx: Fix an error handling path in rtsx_pci_probe() usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe fpga: altera-pr-ip: fix unsigned comparison with less than zero mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release HID: cp2112: prevent a buffer overflow in cp2112_xfer() mtd: maps: Fix refcount leak in ap_flash_init mtd: maps: Fix refcount leak in of_flash_probe_versatile clk: renesas: r9a06g032: Fix UART clkgrp bitsel dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock net: rose: fix netdev reference changes netdevsim: Avoid allocation warnings triggered from user space net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS wifi: libertas: Fix possible refcount leak in if_usb_probe() wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` i2c: mux-gpmux: Add of_node_put() when breaking out of loop i2c: cadence: Support PEC for SMBus block read Bluetooth: hci_intel: Add check for platform_driver_register can: pch_can: pch_can_error(): initialize errc before using it can: error: specify the values of data[5..7] of CAN error frames can: usb_8dev: do not report txerr and rxerr during bus-off can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off can: sun4i_can: do not report txerr and rxerr during bus-off can: hi311x: do not report txerr and rxerr during bus-off can: sja1000: do not report txerr and rxerr during bus-off can: rcar_can: do not report txerr and rxerr during bus-off can: pch_can: do not report txerr and rxerr during bus-off wifi: p54: add missing parentheses in p54_flush() wifi: p54: Fix an error handling path in p54spi_probe() selftests: timers: clocksource-switch: fix passing errors from child wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() selftests: timers: valid-adjtimex: build fix for newer toolchains fs: check FMODE_LSEEK to control internal pipe splicing libbpf: Fix the name of a reused map tcp: make retransmitted SKB fit into the send window mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq drm/msm/mdp5: Fix global state lock backoff drm: bridge: sii8620: fix possible off-by-one drm/mediatek: dpi: Remove output format of YUV drm/rockchip: vop: Don't crash for invalid duplicate_state() drm/vc4: dsi: Correct DSI divider calculations media: hdpvr: fix error value returns in hdpvr_read drm: bridge: adv7511: Add check for mipi_dsi_driver_register wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() ath9k: fix use-after-free in ath9k_hif_usb_rx_cb media: tw686x: Register the irq at the end of probe i2c: Fix a potential use after free drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() ath10k: do not enforce interrupt trigger type dm: return early from dm_pr_call() if DM device is suspended thermal/tools/tmon: Include pthread and time headers in tmon.h nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() regulator: of: Fix refcount leak bug in of_get_regulation_constraints() arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() ARM: dts: qcom: pm8841: add required thermal-sensor-cells cpufreq: zynq: Fix refcount leak in zynq_get_revision ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init soc: fsl: guts: machine variable might be unset ARM: dts: ast2500-evb: fix board compatible x86/pmem: Fix platform-device leak in error path ARM: bcm: Fix refcount leak in bcm_kona_smc_init meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init ARM: findbit: fix overflowing offset selinux: Add boundary check in put_entry() PM: hibernate: defer device probing when resuming from hibernation arm64: dts: qcom: ipq8074: fix NAND node name ACPI: LPSS: Fix missing check in register_device_clock() ACPI: PM: save NVS memory for Lenovo G40-45 ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks ARM: OMAP2+: display: Fix refcount leak bug ARM: dts: imx6ul: fix qspi node compatible ARM: dts: imx6ul: fix lcdif node compatible ARM: dts: imx6ul: change operating-points to uint32-matrix ARM: dts: imx6ul: add missing properties for sram ext2: Add more validity checks for inode counts USB: HCD: Fix URB giveback issue in tasklet function arm64: fix oops in concurrently setting insn_emulation sysctls arm64: Do not forget syscall when starting a new thread. netfilter: nf_tables: fix null deref due to zeroed list head netfilter: nf_tables: do not allow SET_ID to refer to another table MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK powerpc/powernv: Avoid crashing if rng is NULL powerpc/fsl-pci: Fix Class Code of PCIe Root Port PCI: Add defines for normal and subtractive PCI bridges ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() md-raid10: fix KASAN warning serial: mvebu-uart: uart2 error bits clearing fuse: limit nsec iio: light: isl29028: Fix the warning in isl29028_remove() bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() drm/amdgpu: Check BO's requested pinning domains against its preferred_domains drm/nouveau: fix another off-by-one in nvbios_addr parisc: Fix device names in /proc/iomem ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() usbnet: Fix linkwatch use-after-free on disconnect fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters thermal: sysfs: Fix cooling_device_stats_setup() error code path fs: Add missing umask strip in vfs_tmpfile vfs: Check the truncate maximum size in inode_newsize_ok() tty: vt: initialize unicode screen buffer ALSA: hda/cirrus - support for iMac 12,1 model ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 HID: wacom: Don't register pad_input for touch switch add barriers to buffer_uptodate and set_buffer_uptodate wifi: mac80211_hwsim: use 32-bit skb cookie wifi: mac80211_hwsim: add back erroneously removed cast wifi: mac80211_hwsim: fix race condition in pending packet ALSA: bcd2000: Fix a UAF bug on the error path of probing x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments Makefile: link with -z noexecstack --no-warn-rwx-segments Conflicts: drivers/gpu/drm/mediatek/mtk_dsi.c (used ours) Change-Id: Ib3f9c00d77e416211b82938bbd44059b4c5f259c Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
da1b627dfa |
Merge tag 'ASB-2022-07-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2022-07-01 CVE-2020-29374 CVE-2022-20227 * tag 'ASB-2022-07-05_4.19-stable' of https://android.googlesource.com/kernel/common: UPSTREAM: mm: fix misplaced unlock_page in do_wp_page() BACKPORT: mm: do_wp_page() simplification UPSTREAM: mm/ksm: Remove reuse_ksm_page() UPSTREAM: mm: reuse only-pte-mapped KSM page in do_wp_page() UPSTREAM: ext4: verify dir block before splitting it UPSTREAM: ext4: fix use-after-free in ext4_rename_dir_prepare BACKPORT: ext4: Only advertise encrypted_casefold when encryption and unicode are enabled BACKPORT: ext4: fix no-key deletion for encrypt+casefold BACKPORT: ext4: optimize match for casefolded encrypted dirs BACKPORT: ext4: handle casefolding with encryption Revert "ANDROID: ext4: Handle casefolding with encryption" Revert "ANDROID: ext4: Optimize match for casefolded encrypted dirs" UPSTREAM: Revert "hwmon: Make chip parameter for with_info API mandatory" ANDROID: extcon: fix allocation for edev->bnh Revert "drm: fix EDID struct for old ARM OABI format" Revert "mailbox: forward the hrtimer if not queued and under a lock" Revert "ALSA: jack: Access input_dev under mutex" Revert "ext4: fix use-after-free in ext4_rename_dir_prepare" Revert "ext4: verify dir block before splitting it" Linux 4.19.248 x86/speculation/mmio: Print SMT warning KVM: x86/speculation: Disable Fill buffer clear within guests x86/speculation/mmio: Reuse SRBDS mitigation for SBDS x86/speculation/srbds: Update SRBDS mitigation selection x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data x86/speculation/mmio: Enable CPU Fill buffer clearing on idle x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data x86/speculation: Add a common function for MD_CLEAR mitigation update x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug Documentation: Add documentation for Processor MMIO Stale Data x86/cpu: Add another Alder Lake CPU to the Intel family x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family x86/cpu: Add Jasper Lake to Intel family cpu/speculation: Add prototype for cpu_show_srbds() x86/cpu: Add Elkhart Lake to Intel family Linux 4.19.247 tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write md/raid0: Ignore RAID0 layout if the second zone has only one device powerpc/32: Fix overread/overwrite of thread_struct via ptrace Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag ixgbe: fix unexpected VLAN Rx in promisc mode on VF ixgbe: fix bcast packets Rx on VF after promisc removal nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION mmc: block: Fix CQE recovery reset success ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files cifs: return errors during session setup during reconnects ALSA: hda/conexant - Fix loopback issue with CX20632 vringh: Fix loop descriptors check in the indirect cases nodemask: Fix return values to be unsigned nbd: fix io hung while disconnecting device nbd: fix race between nbd_alloc_config() and module removal nbd: call genl_unregister_family() first in nbd_cleanup() modpost: fix undefined behavior of is_arm_mapping_symbol() drm/radeon: fix a possible null pointer dereference ceph: allow ceph.dir.rctime xattr to be updatable Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" md: protect md_unregister_thread from reentrancy kernfs: Separate kernfs_pr_cont_buf and rename_lock. serial: msm_serial: disable interrupts in __msm_console_write() staging: rtl8712: fix uninit-value in r871xu_drv_init() clocksource/drivers/sp804: Avoid error on multiple instances extcon: Modify extcon device to be created after driver data is set misc: rtsx: set NULL intfdata when probe fails usb: dwc2: gadget: don't reset gadget's driver->bus USB: hcd-pci: Fully suspend across freeze/thaw cycle drivers: usb: host: Fix deadlock in oxu_bus_suspend() drivers: tty: serial: Fix deadlock in sa1100_set_termios() USB: host: isp116x: check return value after calling platform_get_resource() drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() tty: Fix a possible resource leak in icom_probe tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() lkdtm/usercopy: Expand size of "out of frame" object iio: dummy: iio_simple_dummy: check the return value of kstrdup() drm: imx: fix compiler warning with gcc-12 net: altera: Fix refcount leak in altera_tse_mdio_create ip_gre: test csum_start instead of transport header net/mlx5: Rearm the FW tracer after each tracer event net: ipv6: unexport __init-annotated seg6_hmac_init() net: xfrm: unexport __init-annotated xfrm4_protocol_init() net: mdio: unexport __init-annotated mdio_bus_init() SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure bpf, arm64: Clear prog->jited_len along prog->jited af_unix: Fix a data-race in unix_dgram_peer_wake_me(). ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe xprtrdma: treat all calls not a bcall when bc_serv is NULL video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() NFSv4: Don't hold the layoutget locks across multiple RPC calls m68knommu: fix undefined reference to `_init_sp' m68knommu: set ZERO_PAGE() to the allocated zeroed page i2c: cadence: Increase timeout per message if necessary tracing: Avoid adding tracer option before update_tracer_options tracing: Fix sleeping function called from invalid context on RT kernel mips: cpc: Fix refcount leak in mips_cpc_default_phys_base perf c2c: Fix sorting in percent_rmt_hitm_cmp() tipc: check attribute length for bearer name afs: Fix infinite loop found by xfstest generic/676 tcp: tcp_rtx_synack() can be called from process context net/mlx5e: Update netdev features after changing XDP state nfp: only report pause frame configuration for physical device ubi: ubi_create_volume: Fix use-after-free when volume creation failed jffs2: fix memory leak in jffs2_do_fill_super modpost: fix removing numeric suffixes net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() s390/crypto: fix scatterwalk_unmap() callers in AES-GCM clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value bus: ti-sysc: Fix warnings for unbind for serial firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle serial: stm32-usart: Correct CSIZE, bits, and parity serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 serial: sh-sci: Don't allow CS5-6 serial: txx9: Don't allow CS5-6 serial: digicolor-usart: Don't allow CS5-6 serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 serial: meson: acquire port->lock in startup() rtc: mt6397: check return value after calling platform_get_resource() clocksource/drivers/riscv: Events are stopped during CPU suspend soc: rockchip: Fix refcount leak in rockchip_grf_init coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails iio: adc: sc27xx: fix read big scale voltage not right usb: dwc3: pci: Fix pm_runtime_get_sync() error checking rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value pwm: lp3943: Fix duty calculation in case period was clamped usb: musb: Fix missing of_node_put() in omap2430_probe USB: storage: karma: fix rio_karma_init return usb: usbip: add missing device lock on tweak configuration cmd usb: usbip: fix a refcount leak in stub_probe() tty: goldfish: Use tty_port_destroy() to destroy port staging: greybus: codecs: fix type confusion of list iterator variable pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards md: bcache: check the return value of kzalloc() in detached_dev_do_request() MIPS: IP27: Remove incorrect `cpu_has_fpu' override RDMA/rxe: Generate a completion for unsupported/invalid opcode phy: qcom-qmp: fix reset-controller leak on probe errors blk-iolatency: Fix inflight count imbalances and IO hangs on offline dt-bindings: gpio: altera: correct interrupt-cells docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 phy: qcom-qmp: fix struct clk leak on probe errors arm64: dts: qcom: ipq8074: fix the sleep clock frequency gma500: fix an incorrect NULL check on list iterator carl9170: tx: fix an incorrect use of list iterator ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control rtl818x: Prevent using not initialized queues hugetlb: fix huge_pmd_unshare address update nodemask.h: fix compilation error with GCC12 iommu/msm: Fix an incorrect NULL check on list iterator um: Fix out-of-bounds read in LDT setup um: chan_user: Fix winch_tramp() return value mac80211: upgrade passive scan to active scan on DFS channels after beacon rx irqchip: irq-xtensa-mx: fix initial IRQ affinity irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x RDMA/hfi1: Fix potential integer multiplication overflow errors media: coda: Add more H264 levels for CODA960 media: coda: Fix reported H264 profile md: fix an incorrect NULL check in md_reload_sb md: fix an incorrect NULL check in does_sb_need_changing drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX drm/nouveau/clk: Fix an incorrect NULL check on list iterator drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled scsi: dc395x: Fix a missing check on list iterator ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock dlm: fix missing lkb refcount handling dlm: fix plock invalid read PCI: qcom: Fix unbalanced PHY init on probe errors PCI: qcom: Fix runtime PM imbalance on probe errors PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 tracing: Fix potential double free in create_var_ref() ext4: avoid cycles in directory h-tree ext4: verify dir block before splitting it ext4: fix bug_on in ext4_writepages ext4: fix use-after-free in ext4_rename_dir_prepare netfilter: nf_tables: disallow non-stateful expression in sets earlier fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages iwlwifi: mvm: fix assert 1F04 upon reconfig wifi: mac80211: fix use-after-free in chanctx code f2fs: fix deadloop in foreground GC perf jevents: Fix event syntax error caused by ExtSel perf c2c: Use stdio interface if slang is not supported iommu/amd: Increase timeout waiting for GA log enablement dmaengine: stm32-mdma: remove GISR1 register video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout i2c: at91: Initialize dma_buf in at91_twi_xfer() i2c: at91: use dma safe buffers iommu/mediatek: Add list_del in mtk_iommu_remove f2fs: fix dereference of stale list iterator after loop body RDMA/hfi1: Prevent use of lock before it is initialized mailbox: forward the hrtimer if not queued and under a lock powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup powerpc/perf: Fix the threshold compare group constraint for power9 Input: sparcspkr - fix refcount leak in bbc_beep_probe tty: fix deadlock caused by calling printk() under tty_port->lock proc: fix dentry/inode overinstantiating under /proc/${pid}/net powerpc/4xx/cpm: Fix return value of __setup() handler powerpc/idle: Fix return value of __setup() handler powerpc/8xx: export 'cpm_setbrg' for modules dax: fix cache flush on PMD-mapped pages drivers/base/node.c: fix compaction sysfs file leak pinctrl: mvebu: Fix irq_of_parse_and_map() return value firmware: arm_scmi: Fix list protocols enumeration in the base protocol scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() mfd: ipaq-micro: Fix error check return value of platform_get_irq() crypto: marvell/cesa - ECB does not IV ARM: dts: bcm2835-rpi-b: Fix GPIO line names ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT PCI: rockchip: Fix find_first_zero_bit() limit PCI: cadence: Fix find_first_zero_bit() limit soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc rxrpc: Don't try to resend the request if we're receiving the reply rxrpc: Fix listen() setting the bar too high for the prealloc rings NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() ext4: reject the 'commit' option on ext2 filesystems sctp: read sk->sk_bound_dev_if once in sctp_rcv() m68k: math-emu: Fix dependencies of math emulation support Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout media: vsp1: Fix offset calculation for plane cropping media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init media: exynos4-is: Change clk_disable to clk_disable_unprepare media: st-delta: Fix PM disable depth imbalance in delta_probe scripts/faddr2line: Fix overlapping text section failures regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe perf/amd/ibs: Use interrupt regs ip for stack unwinding media: uvcvideo: Fix missing check to determine if element is found in list drm/msm: return an error pointer in msm_gem_prime_get_sg_table() drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected x86/mm: Cleanup the control_va_addr_alignment() __setup handler irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value x86: Fix return value of __setup handlers drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() drm/msm/hdmi: check return value after calling platform_get_resource_byname() drm/msm/dsi: fix error checks and return values for DSI xmit functions drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume x86/speculation: Add missing prototype for unpriv_ebpf_notify() x86/pm: Fix false positive kmemleak report in msr_build_context() scsi: ufs: core: Exclude UECxx from SFR dump list of: overlay: do not break notify on NOTIFY_{OK|STOP} fsnotify: fix wrong lockdep annotations inotify: show inotify mask flags in proc fdinfo ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix spi: img-spfi: Fix pm_runtime_get_sync() error checking HID: elan: Fix potential double free in elan_input_configured HID: hid-led: fix maximum brightness for Dream Cheeky efi: Add missing prototype for efi_capsule_setup_info NFC: NULL out the dev->rfkill to prevent UAF spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout nl80211: show SSID for P2P_GO interfaces drm/vc4: txp: Force alpha to be 0xff if it's disabled drm/vc4: txp: Don't set TXP_VSTART_AT_EOF drm/mediatek: Fix mtk_cec_mask() x86/delay: Fix the wrong asm constraint in delay_loop() ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe drm/bridge: adv7511: clean up CEC adapter when probe fails drm/edid: fix invalid EDID extension block filtering ath9k: fix ar9003_get_eepmisc drm: fix EDID struct for old ARM OABI format RDMA/hfi1: Prevent panic when SDMA is disabled macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled powerpc/xics: fix refcount leak in icp_opal_init() tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() ARM: hisi: Add missing of_node_put after of_find_compatible_node ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM ARM: versatile: Add missing of_node_put in dcscb_init fat: add ratelimit to fat*_ent_bread() ARM: OMAP1: clock: Fix UART rate reporting algorithm fs: jfs: fix possible NULL pointer dereference in dbFree() PM / devfreq: rk3399_dmc: Disable edev on remove() ARM: dts: ox820: align interrupt controller node name with dtschema eth: tg3: silence the GCC 12 array-bounds warning rxrpc: Return an error to sendmsg if call failed hwmon: Make chip parameter for with_info API mandatory media: exynos4-is: Fix compile warning net: phy: micrel: Allow probing without .driver_data ASoC: rt5645: Fix errorenous cleanup order nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags openrisc: start CPU timer early in boot media: cec-adap.c: fix is_configuring state rtlwifi: Use pr_warn instead of WARN_ONCE ipmi:ssif: Check for NULL msg when handling events and messages dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES ASoC: tscs454: Add endianness flag in snd_soc_component_driver mlxsw: spectrum_dcb: Do not warn about priority changes ASoC: dapm: Don't fold register value changes into notifications ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL drm/amd/pm: fix the compile warning drm/plane: Move range check for format_count earlier scsi: megaraid: Fix error check return value of register_chrdev() md/bitmap: don't set sb values if can't pass sanity check media: cx25821: Fix the warning when removing the module media: pci: cx23885: Fix the error handling in cx23885_initdev() media: venus: hfi: avoid null dereference in deinit ath9k: fix QCA9561 PA bias level drm/amd/pm: fix double free in si_parse_power_table() ALSA: jack: Access input_dev under mutex ACPICA: Avoid cache flush inside virtual machines fbcon: Consistently protect deferred_takeover with console_lock() ipv6: fix locking issues with loops over idev->addr_list ipw2x00: Fix potential NULL dereference in libipw_xmit() b43: Fix assigning negative value to unsigned variable b43legacy: Fix assigning negative value to unsigned variable mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes btrfs: repair super block num_devices automatically btrfs: add "0x" prefix for unsupported optional features ptrace: Reimplement PTRACE_KILL by always sending SIGKILL ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP USB: new quirk for Dell Gen 2 devices USB: serial: option: add Quectel BG95 modem ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS binfmt_flat: do not stop relocating GOT entries prematurely on riscv BACKPORT: psi: Fix uaf issue when psi trigger is destroyed while being polled FROMGIT: Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process" Conflicts: mm/memory.c Change-Id: I59f8235d3cfb1c002fa44f1f12936b0a9034a230 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
c1276f9da2 |
Merge tag 'ASB-2022-03-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2022-03-01 CVE-2020-29368 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-3655 * tag 'ASB-2022-03-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.232 tty: n_gsm: fix encoding of control signal octet bit DV xhci: Prevent futile URB re-submissions due to incorrect return value. xhci: re-initialize the HC during resume if HCE was set usb: dwc3: gadget: Let the interrupt handler disable bottom halves. usb: dwc3: pci: Fix Bay Trail phy GPIO mappings USB: serial: option: add Telit LE910R1 compositions USB: serial: option: add support for DW5829e tracefs: Set the group ownership in apply_options() not parse_options() USB: gadget: validate endpoint index for xilinx udc usb: gadget: rndis: add spinlock for rndis response list Revert "USB: serial: ch341: add new Product ID for CH341A" ata: pata_hpt37x: disable primary channel on HPT371 iio: adc: men_z188_adc: Fix a resource leak in an error handling path tracing: Have traceon and traceoff trigger honor the instance fget: clarify and improve __fget_files() implementation memblock: use kfree() to release kmalloced memblock regions Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" gpio: tegra186: Fix chip_data type confusion tty: n_gsm: fix proper link termination after failed open RDMA/ib_srp: Fix a deadlock configfs: fix a race in configfs_{,un}register_subsystem() net/mlx5e: Fix wrong return value on ioctl EEPROM query failure drm/edid: Always set RGB444 openvswitch: Fix setting ipv6 fields causing hw csum failure gso: do not skip outer ip header in case of ipip and net_failover tipc: Fix end of loop tests for list_for_each_entry() net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends ping: remove pr_err from ping_lookup USB: zaurus: support another broken Zaurus sr9700: sanity check for packet length parisc/unaligned: Fix ldw() and stw() unalignment handlers parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel vhost/vsock: don't check owner in vhost_vsock_stop() while releasing cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug Linux 4.19.231 net: macb: Align the dma and coherent dma masks net: usb: qmi_wwan: Add support for Dell DW5829e tracing: Fix tp_printk option related with tp_printk_stop_on_boot ata: libata-core: Disable TRIM on M88V29 kconfig: let 'shell' return enough output for deep path names arm64: dts: meson-gx: add ATF BL32 reserved-memory region netfilter: conntrack: don't refresh sctp entries in closed state irqchip/sifive-plic: Add missing thead,c900-plic match string ARM: OMAP2+: hwmod: Add of_node_put() before break KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj Drivers: hv: vmbus: Expose monitor data only when monitor pages are used mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status mtd: rawnand: brcmnand: Refactored code to introduce helper functions lib/iov_iter: initialize "flags" in new pipe_buffer i2c: brcmstb: fix support for DSL and CM variants dmaengine: sh: rcar-dmac: Check for error num after setting mask net: sched: limit TC_ACT_REPEAT loops EDAC: Fix calculation of returned address and next offset in edac_align_ptr() mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() NFS: Do not report writeback errors in nfs_getattr() NFS: LOOKUP_DIRECTORY is also ok with symlinks block/wbt: fix negative inflight counter when remove scsi device ext4: check for out-of-order index extents in ext4_valid_extent_entries() powerpc/lib/sstep: fix 'ptesync' build error ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() ALSA: hda: Fix missing codec probe on Shenker Dock 15 ALSA: hda: Fix regression on forced probe mask option libsubcmd: Fix use-after-free for realloc(..., 0) bonding: fix data-races around agg_select_timer drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit ping: fix the dif and sdif check in ping_lookup net: ieee802154: ca8210: Fix lifs/sifs periods net: dsa: lan9303: fix reset on probe iwlwifi: pcie: gen2: fix locking when "HW not ready" iwlwifi: pcie: fix locking when "HW not ready" vsock: remove vsock from connected table when connect is interrupted by a signal mmc: block: fix read single on recovery logic taskstats: Cleanup the use of task->exit_code xfrm: Don't accidentally set RTO_ONLINK in decode_session4() drm/radeon: Fix backlight control on iMac 12,1 iwlwifi: fix use-after-free Revert "module, async: async_synchronize_full() on module init iff async is used" nvme-rdma: fix possible use-after-free in transport error_recovery work nvme: fix a possible use-after-free in controller reset during load quota: make dquot_quota_sync return errors from ->sync_fs vfs: make freeze_super abort when sync_filesystem returns error ax25: improve the incomplete fix to avoid UAF and NPD bugs selftests/zram: Adapt the situation that /dev/zram0 is being used selftests/zram01.sh: Fix compression ratio calculation selftests/zram: Skip max_comp_streams interface on newer kernel net: ieee802154: at86rf230: Stop leaking skb's btrfs: send: in case of IO error log it parisc: Fix sglist access in ccio-dma.c parisc: Fix data TLB miss in sba_unmap_sg serial: parisc: GSC: fix build when IOSAPIC is not set net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup Makefile.extrawarn: Move -Wunaligned-access to W=1 Linux 4.19.230 perf: Fix list corruption in perf_cgroup_switch() hwmon: (dell-smm) Speed up setting of fan speed seccomp: Invalidate seccomp mode to catch death failures USB: serial: cp210x: add CPI Bulk Coin Recycler id USB: serial: cp210x: add NCR Retail IO box id USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: option: add ZTE MF286D modem USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 usb: gadget: rndis: check size of RNDIS_MSG_SET command USB: gadget: validate interface OS descriptor requests usb: dwc3: gadget: Prevent core from processing stale TRBs usb: ulpi: Call of_node_put correctly usb: ulpi: Move of_node_put to ulpi_dev_release n_tty: wake up poll(POLLRDNORM) on receiving data vt_ioctl: add array_index_nospec to VT_ACTIVATE vt_ioctl: fix array_index_nospec in vt_setactivate net: amd-xgbe: disable interrupts during pci removal tipc: rate limit warning for received illegal binding update veth: fix races around rq->rx_notify_masked net: fix a memleak when uncloning an skb dst and its metadata net: do not keep the dst cache when uncloning an skb dst and its metadata ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path bonding: pair enable_port with slave_arr_updates ixgbevf: Require large buffers for build_skb on 82599VF usb: f_fs: Fix use-after-free for epfile ARM: dts: imx6qdl-udoo: Properly describe the SD card detect staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: meson: Fix the UART compatible strings perf probe: Fix ppc64 'perf probe add events failed' case net: bridge: fix stale eth hdr pointer in br_dev_xmit ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group bpf: Add kconfig knob for disabling unpriv bpf by default net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend scsi: target: iscsi: Make sure the np under each tpg is unique net: sched: Clarify error message when qdisc kind is unknown NFSv4 expose nfs_parse_server_name function NFSv4 remove zero number of fs_locations entries error check NFSv4.1: Fix uninitialised variable in devicenotify nfs: nfs4clinet: check the return value of kstrdup() NFSv4 only print the label when its queried NFSD: Fix offset type in I/O trace points NFSD: Clamp WRITE offsets NFS: Fix initialisation of nfs_client cl_flags field net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs mmc: sdhci-of-esdhc: Check for error num after setting mask ima: Allow template selection with ima_template[_fmt]= after ima_hash= ima: Remove ima_policy file before directory integrity: check the return value of audit_log_start() FROMGIT: f2fs: avoid EINVAL by SBI_NEED_FSCK when pinning a file Revert "tracefs: Have tracefs directories not set OTH permission bits by default" ANDROID: GKI: Enable CONFIG_SERIAL_8250_RUNTIME_UARTS=0 Linux 4.19.229 tipc: improve size validations for received domain records moxart: fix potential use-after-free on remove path cgroup-v1: Require capabilities to set release_agent Linux 4.19.228 ext4: fix error handling in ext4_restore_inline_data() EDAC/xgene: Fix deferred probing EDAC/altera: Fix deferred probing rtc: cmos: Evaluate century appropriate selftests: futex: Use variable MAKE instead of make nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe ASoC: max9759: fix underflow in speaker_gain_control_put() ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name ASoC: fsl: Add missing error handling in pcm030_fabric_probe drm/i915/overlay: Prevent divide by zero bugs in scaling net: stmmac: ensure PTP time register reads are consistent net: macsec: Verify that send_sci is on when setting Tx sci explicitly net: ieee802154: Return meaningful error codes from the netlink helpers net: ieee802154: ca8210: Stop leaking skb's net: ieee802154: mcr20a: Fix lifs/sifs periods net: ieee802154: hwsim: Ensure proper channel selection at probe time spi: meson-spicc: add IRQ check in meson_spicc_probe spi: mediatek: Avoid NULL pointer crash in interrupt spi: bcm-qspi: check for valid cs before applying chip select iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() RDMA/mlx4: Don't continue event handler after memory allocation failure Revert "ASoC: mediatek: Check for error clk pointer" block: bio-integrity: Advance seed correctly for larger interval sizes drm/nouveau: fix off by one in BIOS boundary checking ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() audit: improve audit queue handling when "audit=1" on cmdline af_packet: fix data-race in packet_setsockopt / packet_setsockopt rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() net: amd-xgbe: Fix skb data length underflow net: amd-xgbe: ensure to reset the tx_timer_active flag ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback tcp: fix possible socket leaks in internal pacing mode netfilter: nat: limit port clash resolution attempts netfilter: nat: remove l4 protocol port rovers ipv4: tcp: send zero IPID in SYNACK messages ipv4: raw: lock the socket in raw_bind() yam: fix a memory leak in yam_siocdevprivate() ibmvnic: don't spin in tasklet ibmvnic: init ->running_cap_crqs early phylib: fix potential use-after-free NFS: Ensure the server has an up to date ctime before renaming NFS: Ensure the server has an up to date ctime before hardlinking ipv6: annotate accesses to fn->fn_sernum drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable drm/msm: Fix wrong size calculation net-procfs: show net devices bound packet types NFSv4: nfs_atomic_open() can race when looking up a non-regular file NFSv4: Handle case where the lookup of a directory fails hwmon: (lm90) Reduce maximum conversion rate for G781 ipv4: avoid using shared IP generator for connected sockets ping: fix the sk_bound_dev_if match in ping_lookup net: fix information leakage in /proc/net/ptype ipv6_tunnel: Rate limit warning messages scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev i40e: fix unsigned stat widths i40e: Fix queues reservation for XDP i40e: Fix issue when maximum queues is exceeded i40e: Increase delay to 1 s after global EMP reset powerpc/32: Fix boot failure with GCC latent entropy plugin net: sfp: ignore disabled SFP node usb: typec: tcpm: Do not disconnect while receiving VBUS off USB: core: Fix hang in usb_kill_urb by adding memory barriers usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS usb: common: ulpi: Fix crash in ulpi_match() usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge tty: Add support for Brainboxes UC cards. tty: n_gsm: fix SW flow control encoding/handling serial: stm32: fix software flow control transfer serial: 8250: of: Fix mapped region size when using reg-offset property netfilter: nft_payload: do not update layer 4 checksum when mangling fragments drm/etnaviv: relax submit size limits PM: wakeup: simplify the output logic of pm_show_wakelocks() udf: Fix NULL ptr deref when converting from inline format udf: Restore i_lenAlloc when inode expansion fails scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices s390/hypfs: include z/VM guests with access control group set Bluetooth: refactor malicious adv data check ANDROID: Increase x86 cmdline size to 4k Conflicts: drivers/mmc/core/block.c drivers/soc/mediatek/mtk-scpsys.c (used ours) drivers/usb/gadget/composite.c drivers/usb/gadget/function/rndis.c Change-Id: I84ec77991de3fbe52e7b3ffed5c8be943b67093e Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
2a74ccb0f4 |
Merge tag 'ASB-2022-02-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2022-02-01 CVE-2021-39685 CVE-2021-39686 * tag 'ASB-2022-02-05_4.19-stable' of https://android.googlesource.com/kernel/common: ANDROID: incremental-fs: remove index and incomplete dir on umount Revert "ASoC: dpcm: prevent snd_soc_dpcm use after free" Revert "ANDROID: android-4.19-stable build canary test." ANDROID: android-4.19-stable build canary test. Linux 4.19.227 drm/vmwgfx: Fix stale file descriptors on failed usercopy select: Fix indefinitely sleeping task in poll_schedule_timeout() net: bridge: clear bridge's private skb space on xmit drm/i915: Flush TLBs before releasing backing store Linux 4.19.226 fuse: fix live lock in fuse_iget() fuse: fix bad inode mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue mtd: nand: bbt: Fix corner case in bad block table handling lib82596: Fix IRQ check in sni_82596_probe scripts/dtc: dtx_diff: remove broken example from help text bcmgenet: add WOL IRQ check net_sched: restore "mpu xxx" handling dmaengine: at_xdmac: Fix at_xdmac_lld struct definition dmaengine: at_xdmac: Fix lld view setting dmaengine: at_xdmac: Print debug message after realeasing the lock dmaengine: at_xdmac: Don't start transactions at tx_submit level libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() netns: add schedule point in ops_exit_list() rtc: pxa: fix null pointer dereference net: axienet: fix number of TX ring slots for available check net: axienet: Wait for PhyRstCmplt after core reset af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses powerpc/cell: Fix clang -Wimplicit-fallthrough warning dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK RDMA/rxe: Fix a typo in opcode name RDMA/hns: Modify the mapping attribute of doorbell to device Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization media: rcar-csi2: Optimize the selection PHTW register firmware: Update Kconfig help text for Google firmware ARM: dts: Fix vcsi regulator to be always-on for droid4 to prevent hangs drm/radeon: fix error handling in radeon_driver_open_kms regulator: core: Let boot-on regulators be powered off ASoC: dpcm: prevent snd_soc_dpcm use after free crypto: stm32/crc32 - Fix kernel BUG triggered in probe() ext4: don't use the orphan list when migrating an inode ext4: Fix BUG_ON in ext4_bread when write quota data ext4: set csum seed in tmp inode while migrating to extents ext4: make sure quota gets properly shutdown on error ext4: make sure to reset inode lockdep class when quota enabling fails drm/etnaviv: limit submit sizes s390/mm: fix 2KB pgtable release race iwlwifi: mvm: Increase the scan timeout guard to 30 seconds cputime, cpuacct: Include guest time in user time in cpuacct.stat serial: Fix incorrect rs485 polarity on uart open ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers rpmsg: core: Clean up resources on announce_create failure. power: bq25890: Enable continuous conversion for ADC at charging ASoC: mediatek: mt8173: fix device_node leak scsi: sr: Don't use GFP_DMA MIPS: Octeon: Fix build errors using clang i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters MIPS: OCTEON: add put_device() after of_find_device_by_node() powerpc: handle kdump appropriately with crash_kexec_post_notifiers option ALSA: seq: Set upper limit of processed events w1: Misuse of get_user()/put_user() reported by sparse i2c: mpc: Correct I2C reset procedure powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING i2c: i801: Don't silently correct invalid transfer size powerpc/watchdog: Fix missed watchdog reset due to memory ordering race powerpc/btext: add missing of_node_put powerpc/cell: add missing of_node_put powerpc/powernv: add missing of_node_put powerpc/6xx: add missing of_node_put parisc: Avoid calling faulthandler_disabled() twice serial: core: Keep mctrl register state and cached copy in sync serial: pl010: Drop CR register reset on set_termios regulator: qcom_smd: Align probe function with rpmh-regulator net: gemini: allow any RGMII interface mode net: phy: marvell: configure RGMII delays for 88E1118 dm space map common: add bounds check to sm_ll_lookup_bitmap() dm btree: add a defensive bounds check to insert_at() mac80211: allow non-standard VHT MCS-10/11 net: mdio: Demote probed message to debug print btrfs: remove BUG_ON(!eie) in find_parent_nodes btrfs: remove BUG_ON() in find_parent_nodes() ACPI: battery: Add the ThinkPad "Not Charging" quirk drm/amdgpu: fixup bad vram size on gmc v8 ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() ACPICA: Utilities: Avoid deleting the same object twice in a row ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions jffs2: GC deadlock reading a page that is used in jffs2_write_begin() um: registers: Rename function names to avoid conflicts and build problems iwlwifi: mvm: Fix calculation of frame length iwlwifi: remove module loading failure message iwlwifi: fix leaks/bad data after failed firmware load ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 arm64: tegra: Adjust length of CCPLEX cluster MMIO region audit: ensure userspace is penalized the same as the kernel when under pressure mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() media: igorplugusb: receiver overflow should be reported HID: quirks: Allow inverting the absolute X/Y values bpf: Do not WARN in bpf_warn_invalid_xdp_action() net: bonding: debug: avoid printing debug logs when bond is not notifying peers x86/mce: Mark mce_read_aux() noinstr x86/mce: Mark mce_end() noinstr x86/mce: Mark mce_panic() noinstr net-sysfs: update the queue counts in the unregistration path ath10k: Fix tx hanging iwlwifi: mvm: synchronize with FW after multicast commands media: m920x: don't use stack on USB reads media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. floppy: Add max size check for user space request usb: uhci: add aspeed ast2600 uhci support rsi: Fix out-of-bounds read in rsi_read_pkt() mwifiex: Fix skb_over_panic in mwifiex_usb_recv() HSI: core: Fix return freed object in hsi_new_client gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use drm/bridge: megachips: Ensure both bridges are probed before registration mlxsw: pci: Add shutdown method in PCI driver media: b2c2: Add missing check in flexcop_pci_isr: HID: apple: Do not reset quirks when the Fn key is not found usb: gadget: f_fs: Use stream_open() for endpoint files drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply fs: dlm: filter user dlm messages for kernel locks Bluetooth: Fix debugfs entry leak in hci_register_dev() RDMA/cxgb4: Set queue pair state when being queried mips: bcm63xx: add support for clk_set_parent() mips: lantiq: add support for clk_set_parent() misc: lattice-ecp3-config: Fix task hung when firmware load failed ASoC: samsung: idma: Check of ioremap return value ASoC: mediatek: Check for error clk pointer iommu/iova: Fix race between FQ timeout and teardown dmaengine: pxa/mmp: stop referencing config->slave_id ASoC: rt5663: Handle device_property_read_u32_array error codes RDMA/core: Let ib_find_gid() continue search even after empty entry scsi: ufs: Fix race conditions related to driver data iommu/io-pgtable-arm: Fix table descriptor paddr formatting char/mwave: Adjust io port register size ALSA: oss: fix compile error when OSS_DEBUG is enabled ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA powerpc/prom_init: Fix improper check of prom_getprop() RDMA/hns: Validate the pkey index ALSA: hda: Add missing rwsem around snd_ctl_remove() calls ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls ALSA: jack: Add missing rwsem around snd_ctl_remove() calls ext4: avoid trim error on fs with small groups net: mcs7830: handle usb read errors properly pcmcia: fix setting of kthread task states can: xilinx_can: xcan_probe(): check for error irq can: softing: softing_startstop(): fix set but not used variable warning tpm: add request_locality before write TPM_INT_ENABLE spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe Bluetooth: hci_bcm: Check for error irq fsl/fman: Check for null pointer after calling devm_ioremap staging: greybus: audio: Check null pointer ppp: ensure minimum packet size in ppp_write() netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() x86/mce/inject: Avoid out-of-bounds write when setting flags mmc: meson-mx-sdio: add IRQ check ARM: dts: armada-38x: Add generic compatible to UART nodes usb: ftdi-elan: fix memory leak on device disconnect xfrm: state and policy should fail if XFRMA_IF_ID 0 xfrm: interface with if_id 0 should return error drm/msm/dpu: fix safe status debugfs file media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes media: msi001: fix possible null-ptr-deref in msi001_probe() media: dw2102: Fix use after free crypto: stm32/cryp - fix double pm exit xfrm: fix a small bug in xfrm_sa_len() sched/rt: Try to restart rt period timer when rt runtime exceeded media: si2157: Fix "warm" tuner state detection media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() media: dib8000: Fix a memleak in dib8000_init() floppy: Fix hang in watchdog when disk is ejected serial: amba-pl011: do not request memory region twice tty: serial: uartlite: allow 64 bit address drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() arm64: dts: qcom: msm8916: fix MMC controller aliases netfilter: bridge: add support for pppoe filtering media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() media: rcar-csi2: Correct the selection of hsfreqrange tty: serial: atmel: Call dma_async_issue_pending() tty: serial: atmel: Check return code of dmaengine_submit() crypto: qce - fix uaf on qce_ahash_register_one media: dmxdev: fix UAF when dvb_register_device() fails tee: fix put order in teedev_close_context() Bluetooth: stop proccessing malicious adv data arm64: dts: meson-gxbb-wetek: fix missing GPIO binding media: em28xx: fix memory leak in em28xx_init_dev media: videobuf2: Fix the size printk format wcn36xx: Release DMA channel descriptor allocations wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND clk: bcm-2835: Remove rounding up the dividers clk: bcm-2835: Pick the closest clock rate Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails drm/panel: innolux-p079zca: Delete panel on attach() failure shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() can: softing_cs: softingcs_probe(): fix memleak on registration failure media: stk1160: fix control-message timeouts media: pvrusb2: fix control-message timeouts media: redrat3: fix control-message timeouts media: dib0700: fix undefined behavior in tuner shutdown media: s2255: fix control-message timeouts media: cpia2: fix control-message timeouts media: em28xx: fix control-message timeouts media: mceusb: fix control-message timeouts media: flexcop-usb: fix control-message timeouts rtc: cmos: take rtc_lock while reading from CMOS x86/gpu: Reserve stolen memory for first integrated Intel GPU mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() f2fs: fix to do sanity check in is_alive() HID: wacom: Avoid using stale array indicies to read contact count HID: wacom: Ignore the confidence flag when a touch is removed HID: wacom: Reset expected and received contact counts at the same time HID: uhid: Fix worker destroying device without any protection ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows firmware: qemu_fw_cfg: fix kobject leak in probe error path firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries firmware: qemu_fw_cfg: fix sysfs information leak rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled media: uvcvideo: fix division by zero at stream start KVM: s390: Clarify SIGP orders versus STOP/RESTART orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() random: fix data race on crng init time random: fix data race on crng_node_pool can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() veth: Do not record rx queue hint in veth_xmit can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status USB: core: Fix bug in resuming hub's handling of wakeup requests Bluetooth: bfusb: fix division by zero in send path ANDROID: incremental-fs: fix mount_fs issue ANDROID: Add allowed symbols requried from Qualcomm drivers UPSTREAM: drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions UPSTREAM: x86/pci: Fix the function type for check_reserved_t Linux 4.19.225 mISDN: change function names to avoid conflicts net: udp: fix alignment problem in udp4_seq_show() ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() usb: mtu3: fix interval value for intr and isoc ipv6: Do cleanup if attribute validation fails in multipath route ipv6: Continue processing multipath route even if gateway attribute is invalid phonet: refcount leak in pep_sock_accep rndis_host: support Hytera digital radios power: reset: ltc2952: Fix use of floating point literals xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route ipv6: Check attribute length for RTA_GATEWAY in multipath route i40e: Fix incorrect netdev's real number of RX/TX queues i40e: fix use-after-free in i40e_sync_filters_subtask() mac80211: initialize variable have_higher_than_11mbit RDMA/core: Don't infoleak GRH fields ieee802154: atusb: fix uninit value in atusb_set_extended_addr tracing: Tag trace_percpu_buffer as a percpu pointer tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() Conflicts: drivers/gpu/drm/panel/panel-innolux-p079zca.c (used ours) drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c (used ours) drivers/soc/mediatek/mtk-scpsys.c (used ours) fs/fuse/file.c Change-Id: I2174699c0613f05a030f60cfe1faa50617274487 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
Xiaolei Wang
|
229ce47cbf |
rpmsg: virtio: Free driver_override when rpmsg_remove()
commit d5362c37e1f8a40096452fc201c30e705750e687 upstream.
Free driver_override when rpmsg_remove(), otherwise
the following memory leak will occur:
unreferenced object 0xffff0000d55d7080 (size 128):
comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s)
hex dump (first 32 bytes):
72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000009c94c9c1>] __kmem_cache_alloc_node+0x1f8/0x320
[<000000002300d89b>] __kmalloc_node_track_caller+0x44/0x70
[<00000000228a60c3>] kstrndup+0x4c/0x90
[<0000000077158695>] driver_set_override+0xd0/0x164
[<000000003e9c4ea5>] rpmsg_register_device_override+0x98/0x170
[<000000001c0c89a8>] rpmsg_ns_register_device+0x24/0x30
[<000000008bbf8fa2>] rpmsg_probe+0x2e0/0x3ec
[<00000000e65a68df>] virtio_dev_probe+0x1c0/0x280
[<00000000443331cc>] really_probe+0xbc/0x2dc
[<00000000391064b1>] __driver_probe_device+0x78/0xe0
[<00000000a41c9a5b>] driver_probe_device+0xd8/0x160
[<000000009c3bd5df>] __device_attach_driver+0xb8/0x140
[<0000000043cd7614>] bus_for_each_drv+0x7c/0xd4
[<000000003b929a36>] __device_attach+0x9c/0x19c
[<00000000a94e0ba8>] device_initial_probe+0x14/0x20
[<000000003c999637>] bus_probe_device+0xa0/0xac
Signed-off-by: Xiaolei Wang <xiaolei.wang@windriver.com>
Fixes:
|
||
|
Hangyu Hua
|
c449b28e43 |
rpmsg: Fix possible refcount leak in rpmsg_register_device_override()
commit d7bd416d35121c95fe47330e09a5c04adbc5f928 upstream.
rpmsg_register_device_override need to call put_device to free vch when
driver_set_override fails.
Fix this by adding a put_device() to the error path.
Fixes: bb17d110cbf2 ("rpmsg: Fix calling device_lock() on non-initialized device")
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Link: https://lore.kernel.org/r/20220624024120.11576-1-hbh25y@gmail.com
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Bjorn Andersson
|
dd1d7ff307 |
rpmsg: glink: Release driver_override
commit fb80ef67e8ff6a00d3faad4cb348dafdb8eccfd8 upstream.
Upon termination of the rpmsg_device, driver_override needs to be freed
to avoid leaking the potentially assigned string.
Fixes: 42cd402b8fd4 ("rpmsg: Fix kfree() of static memory on setting driver_override")
Fixes:
|
||
|
Krzysztof Kozlowski
|
c14c6676ad |
rpmsg: Fix calling device_lock() on non-initialized device
commit bb17d110cbf270d5247a6e261c5ad50e362d1675 upstream.
driver_set_override() helper uses device_lock() so it should not be
called before rpmsg_register_device() (which calls device_register()).
Effect can be seen with CONFIG_DEBUG_MUTEXES:
DEBUG_LOCKS_WARN_ON(lock->magic != lock)
WARNING: CPU: 3 PID: 57 at kernel/locking/mutex.c:582 __mutex_lock+0x1ec/0x430
...
Call trace:
__mutex_lock+0x1ec/0x430
mutex_lock_nested+0x44/0x50
driver_set_override+0x124/0x150
qcom_glink_native_probe+0x30c/0x3b0
glink_rpm_probe+0x274/0x350
platform_probe+0x6c/0xe0
really_probe+0x17c/0x3d0
__driver_probe_device+0x114/0x190
driver_probe_device+0x3c/0xf0
...
Refactor the rpmsg_register_device() function to use two-step device
registering (initialization + add) and call driver_set_override() in
proper moment.
This moves the code around, so while at it also NULL-ify the
rpdev->driver_override in error path to be sure it won't be kfree()
second time.
Fixes: 42cd402b8fd4 ("rpmsg: Fix kfree() of static memory on setting driver_override")
Reported-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Tested-by: Marek Szyprowski <m.szyprowski@samsung.com>
Link: https://lore.kernel.org/r/20220429195946.1061725-2-krzysztof.kozlowski@linaro.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Lee Jones <lee@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Krzysztof Kozlowski
|
2f3048f383 |
rpmsg: Fix kfree() of static memory on setting driver_override
commit 42cd402b8fd4672b692400fe5f9eecd55d2794ac upstream.
The driver_override field from platform driver should not be initialized
from static memory (string literal) because the core later kfree() it,
for example when driver_override is set via sysfs.
Use dedicated helper to set driver_override properly.
Fixes: 950a7388f02b ("rpmsg: Turn name service into a stand alone driver")
Fixes:
|
||
|
Krzysztof Kozlowski
|
70956ad74a |
rpmsg: Constify local variable in field store macro
commit e5f89131a06142e91073b6959d91cea73861d40e upstream. Memory pointed by variable 'old' in field store macro is not modified, so it can be made a pointer to const. Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20220419113435.246203-12-krzysztof.kozlowski@linaro.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Lee Jones <lee@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jiasheng Jiang
|
13928a837e |
rpmsg: glink: Add check for kstrdup
[ Upstream commit b5c9ee8296a3760760c7b5d2e305f91412adc795 ]
Add check for the return value of kstrdup() and return the error
if it fails in order to avoid NULL pointer dereference.
Fixes:
|
||
|
Bjorn Andersson
|
fec6a375fd |
rpmsg: glink: Avoid infinite loop on intent for missing channel
[ Upstream commit 3e74ec2f39362bffbd42854acbb67c7f4cb808f9 ]
In the event that an intent advertisement arrives on an unknown channel
the fifo is not advanced, resulting in the same message being handled
over and over.
Fixes:
|
||
|
Krzysztof Kozlowski
|
1a4762141c |
rpmsg: qcom: glink: replace strncpy() with strscpy_pad()
commit 766279a8f85df32345dbda03b102ca1ee3d5ddea upstream.
The use of strncpy() is considered deprecated for NUL-terminated
strings[1]. Replace strncpy() with strscpy_pad(), to keep existing
pad-behavior of strncpy, similarly to commit 08de420a8014 ("rpmsg:
glink: Replace strncpy() with strscpy_pad()"). This fixes W=1 warning:
In function ‘qcom_glink_rx_close’,
inlined from ‘qcom_glink_work’ at ../drivers/rpmsg/qcom_glink_native.c:1638:4:
drivers/rpmsg/qcom_glink_native.c:1549:17: warning: ‘strncpy’ specified bound 32 equals destination size [-Wstringop-truncation]
1549 | strncpy(chinfo.name, channel->name, sizeof(chinfo.name));
[1] https://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: Stephen Boyd <sboyd@kernel.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220519073330.7187-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Andrew Chernyakov <acherniakov@astralinux.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Miaoqian Lin
|
cb50423e46 |
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
[ Upstream commit 65382585f067d4256ba087934f30f85c9b6984de ]
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
Fixes:
|
||
|
Krzysztof Kozlowski
|
e14ad3b4a6 |
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
[ Upstream commit 59d6f72f6f9c92fec8757d9e29527da828e9281f ]
irq_of_parse_and_map() returns 0 on failure, so this should not be
passed further as error return code.
Fixes: 1a358d350664 ("rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value")
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
Link: https://lore.kernel.org/r/20220423093932.32136-1-krzysztof.kozlowski@linaro.org
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Krzysztof Kozlowski
|
691376fedb |
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
[ Upstream commit 1a358d35066487d228a68303d808bc4721c6b1b9 ]
The irq_of_parse_and_map() returns 0 on failure, not a negative ERRNO.
Fixes:
|
||
|
Matthias Kaehlcke
|
4305697de7 |
rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev
commit 7a534ae89e34e9b51acb5a63dd0f88308178b46a upstream.
struct rpmsg_eptdev contains a struct cdev. The current code frees
the rpmsg_eptdev struct in rpmsg_eptdev_destroy(), but the cdev is
a managed object, therefore its release is not predictable and the
rpmsg_eptdev could be freed before the cdev is entirely released.
The cdev_device_add/del() API was created to address this issue
(see commit '233ed09d7fda ("chardev: add helper function to register
char devs with a struct device")'), use it instead of cdev add/del().
Fixes:
|
||
|
Sujit Kautkar
|
70cb4295ec |
rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
commit b7fb2dad571d1e21173c06cef0bced77b323990a upstream.
struct rpmsg_ctrldev contains a struct cdev. The current code frees
the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the
cdev is a managed object, therefore its release is not predictable
and the rpmsg_ctrldev could be freed before the cdev is entirely
released, as in the backtrace below.
[ 93.625603] ODEBUG: free active (active state 0) object type: timer_list hint: delayed_work_timer_fn+0x0/0x7c
[ 93.636115] WARNING: CPU: 0 PID: 12 at lib/debugobjects.c:488 debug_print_object+0x13c/0x1b0
[ 93.644799] Modules linked in: veth xt_cgroup xt_MASQUERADE rfcomm algif_hash algif_skcipher af_alg uinput ip6table_nat fuse uvcvideo videobuf2_vmalloc venus_enc venus_dec videobuf2_dma_contig hci_uart btandroid btqca snd_soc_rt5682_i2c bluetooth qcom_spmi_temp_alarm snd_soc_rt5682v
[ 93.715175] CPU: 0 PID: 12 Comm: kworker/0:1 Tainted: G B 5.4.163-lockdep #26
[ 93.723855] Hardware name: Google Lazor (rev3 - 8) with LTE (DT)
[ 93.730055] Workqueue: events kobject_delayed_cleanup
[ 93.735271] pstate: 60c00009 (nZCv daif +PAN +UAO)
[ 93.740216] pc : debug_print_object+0x13c/0x1b0
[ 93.744890] lr : debug_print_object+0x13c/0x1b0
[ 93.749555] sp : ffffffacf5bc7940
[ 93.752978] x29: ffffffacf5bc7940 x28: dfffffd000000000
[ 93.758448] x27: ffffffacdb11a800 x26: dfffffd000000000
[ 93.763916] x25: ffffffd0734f856c x24: dfffffd000000000
[ 93.769389] x23: 0000000000000000 x22: ffffffd0733c35b0
[ 93.774860] x21: ffffffd0751994a0 x20: ffffffd075ec27c0
[ 93.780338] x19: ffffffd075199100 x18: 00000000000276e0
[ 93.785814] x17: 0000000000000000 x16: dfffffd000000000
[ 93.791291] x15: ffffffffffffffff x14: 6e6968207473696c
[ 93.796768] x13: 0000000000000000 x12: ffffffd075e2b000
[ 93.802244] x11: 0000000000000001 x10: 0000000000000000
[ 93.807723] x9 : d13400dff1921900 x8 : d13400dff1921900
[ 93.813200] x7 : 0000000000000000 x6 : 0000000000000000
[ 93.818676] x5 : 0000000000000080 x4 : 0000000000000000
[ 93.824152] x3 : ffffffd0732a0fa4 x2 : 0000000000000001
[ 93.829628] x1 : ffffffacf5bc7580 x0 : 0000000000000061
[ 93.835104] Call trace:
[ 93.837644] debug_print_object+0x13c/0x1b0
[ 93.841963] __debug_check_no_obj_freed+0x25c/0x3c0
[ 93.846987] debug_check_no_obj_freed+0x18/0x20
[ 93.851669] slab_free_freelist_hook+0xbc/0x1e4
[ 93.856346] kfree+0xfc/0x2f4
[ 93.859416] rpmsg_ctrldev_release_device+0x78/0xb8
[ 93.864445] device_release+0x84/0x168
[ 93.868310] kobject_cleanup+0x12c/0x298
[ 93.872356] kobject_delayed_cleanup+0x10/0x18
[ 93.876948] process_one_work+0x578/0x92c
[ 93.881086] worker_thread+0x804/0xcf8
[ 93.884963] kthread+0x2a8/0x314
[ 93.888303] ret_from_fork+0x10/0x18
The cdev_device_add/del() API was created to address this issue (see
commit '233ed09d7fda ("chardev: add helper function to register char
devs with a struct device")'), use it instead of cdev add/del().
Fixes:
|
||
|
Arnaud Pouliquen
|
2df257b6d7 |
rpmsg: core: Clean up resources on announce_create failure.
commit 8066c615cb69b7da8a94f59379847b037b3a5e46 upstream.
During the rpmsg_dev_probe, if rpdev->ops->announce_create returns an
error, the rpmsg device and default endpoint should be freed before
exiting the function.
Fixes:
|
||
|
Bo Ye
|
425c4a3572 |
[ALPS06486924] ACK: Merge android-4.19-stable into alps-mp-s0.mp1
Target: android-4.19-stable "011b73c995f35959b39ccde045addbc1862fa3e6 Merge 4.19.191 into android-4.19-stable" Version change from 4.19.188 to 4.19.191 MTK-Commit-Id: c8384f99d5a155550b3c0707800ea3d1d83f9ee3 Feature: Kernel SI Operation CR-Id: ALPS06486924 Signed-off-by: Bo Ye <bo.ye@mediatek.com> Change-Id: Ic51822fa66c2d94e5f60b2e65a65153ade20c228 |
||
|
Alan Hu
|
c79121177b |
[ALPS06334486] build: add new platform
add mt6833/mt6739/mt6768/mt6893/mt6781/mt6877 MTK-Commit-Id: c9b1573613fde4f1905a5021752d1de2f2cecf73 Signed-off-by: Alan Hu <alan.hu@mediatek.com> CR-Id: ALPS06334486 Feature: SI Operation Change-Id: I45f6d19854c156bcec5c3a19e6eb938ceed82cef |
||
|
Jia-Ju Bai
|
85b1a9c342 |
rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
[ Upstream commit 26594c6bbb60c6bc87e3762a86ceece57d164c66 ]
When idr_find() returns NULL to intent, no error return code of
qcom_glink_rx_data() is assigned.
To fix this bug, ret is assigned with -ENOENT in this case.
Fixes:
|
||
|
Chris Lew
|
fe5fe1ec36 |
rpmsg: glink: Use complete_all for open states
[ Upstream commit 4fcdaf6e28d11e2f3820d54dd23cd12a47ddd44e ] The open_req and open_ack completion variables are the state variables to represet a remote channel as open. Use complete_all so there are no races with waiters and using completion_done. Signed-off-by: Chris Lew <clew@codeaurora.org> Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org> Signed-off-by: Deepak Kumar Singh <deesin@codeaurora.org> Link: https://lore.kernel.org/r/1593017121-7953-2-git-send-email-deesin@codeaurora.org Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Dan Carpenter
|
df6e89d637 |
rpmsg: smd: Fix a kobj leak in in qcom_smd_parse_edge()
[ Upstream commit e69ee0cf655e8e0c4a80f4319e36019b74f17639 ]
We need to call of_node_put(node) on the error paths for this function.
Fixes:
|
||
|
Chris Lew
|
7abfe9914d |
rpmsg: glink: Remove chunk size word align warning
commit f0beb4ba9b185d497c8efe7b349363700092aee0 upstream. It is possible for the chunk sizes coming from the non RPM remote procs to not be word aligned. Remove the alignment warning and continue to read from the FIFO so execution is not stalled. Signed-off-by: Chris Lew <clew@codeaurora.org> Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Lee Jones <lee.jones@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Bjorn Andersson
|
7438617d2c |
rpmsg: glink: Free pending deferred work on remove
commit 278bcb7300f61785dba63840bd2a8cf79f14554c upstream.
By just cancelling the deferred rx worker during GLINK instance teardown
any pending deferred commands are leaked, so free them.
Fixes:
|
||
|
Bjorn Andersson
|
6f48229519 |
rpmsg: glink: Don't send pending rx_done during remove
commit c3dadc19b7564c732598b30d637c6f275c3b77b6 upstream.
Attempting to transmit rx_done messages after the GLINK instance is
being torn down will cause use after free and memory leaks. So cancel
the intent_work and free up the pending intents.
With this there are no concurrent accessors of the channel left during
qcom_glink_native_remove() and there is therefor no need to hold the
spinlock during this operation - which would prohibit the use of
cancel_work_sync() in the release function. So remove this.
Fixes:
|
||
|
Chris Lew
|
a033a2a6be |
rpmsg: glink: Fix rpmsg_register_device err handling
commit f7e714988edaffe6ac578318e99501149b067ba0 upstream.
The device release function is set before registering with rpmsg. If
rpmsg registration fails, the framework will call device_put(), which
invokes the release function. The channel create logic does not need to
free rpdev if rpmsg_register_device() fails and release is called.
Fixes:
|
||
|
Chris Lew
|
478963b1f8 |
rpmsg: glink: Put an extra reference during cleanup
commit b646293e272816dd0719529dcebbd659de0722f7 upstream.
In a remote processor crash scenario, there is no guarantee the remote
processor sent close requests before it went into a bad state. Remove
the reference that is normally handled by the close command in the
so channel resources can be released.
Fixes:
|
||
|
Arun Kumar Neelakantam
|
8a5b99adbf |
rpmsg: glink: Fix use after free in open_ack TIMEOUT case
commit ac74ea01860170699fb3b6ea80c0476774c8e94f upstream.
Extra channel reference put when remote sending OPEN_ACK after timeout
causes use-after-free while handling next remote CLOSE command.
Remove extra reference put in timeout case to avoid use-after-free.
Fixes:
|
||
|
Arun Kumar Neelakantam
|
b909f12e3c |
rpmsg: glink: Fix reuse intents memory leak issue
commit b85f6b601407347f5425c4c058d1b7871f5bf4f0 upstream.
Memory allocated for re-usable intents are not freed during channel
cleanup which causes memory leak in system.
Check and free all re-usable memory to avoid memory leak.
Fixes:
|
||
|
Chris Lew
|
6c4560364d |
rpmsg: glink: Set tail pointer to 0 at end of FIFO
commit 4623e8bf1de0b86e23a56cdb39a72f054e89c3bd upstream.
When wrapping around the FIFO, the remote expects the tail pointer to
be reset to 0 on the edge case where the tail equals the FIFO length.
Fixes:
|
||
|
Arun Kumar Neelakantam
|
674b223d7a |
rpmsg: glink: smem: Support rx peak for size less than 4 bytes
[ Upstream commit 928002a5e9dab2ddc1a0fe3e00739e89be30dc6b ] The current rx peak function fails to read the data if size is less than 4bytes. Use memcpy_fromio to support data reads of size less than 4 bytes. Cc: stable@vger.kernel.org Fixes: f0beb4ba9b18 ("rpmsg: glink: Remove chunk size word align warning") Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Colin Ian King
|
9632c0339b |
rpmsg: smd: fix memory leak on channel create
commit 940c620d6af8fca7d115de40f19870fba415efac upstream.
Currently a failed allocation of channel->name leads to an
immediate return without freeing channel. Fix this by setting
ret to -ENOMEM and jumping to an exit path that kfree's channel.
Detected by CoverityScan, CID#1473692 ("Resource Leak")
Fixes:
|
||
|
Arun Kumar Neelakantam
|
00b645e0b4 |
rpmsg: Add compat ioctl for rpmsg char driver
Add compat ioctl callback to support 32bit user space applications. Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> |
||
|
Chris Lew
|
475452fca1 |
rpmsg: glink: Store edge name for glink device
Channels may need to identify the edge their channel was probed for. Store the edge name by reading the label property from device tree or default to the node name. Signed-off-by: Chris Lew <clew@codeaurora.org> Signed-off-by: Arun Kumar Neelakantam <aneela@codeaurora.org> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> |
||
|
Srinivas Kandagatla
|
fe782affd0 |
rpmsg: core: add support to power domains for devices
Some of the rpmsg devices need to switch on power domains to communicate with remote processor. For example on Qualcomm DB820c platform LPASS power domain needs to switched on for any kind of audio services. This patch adds the missing power domain support in rpmsg core. Without this patch attempting to play audio via QDSP on DB820c would reboot the system. Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> |