bka
118 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
claxten10
|
fdff989fe2 |
teei: Disable MicroTrust TZ MTK BootProf
Signed-off-by: claxten10 <claxten10@gmail.com> |
||
|
claxten10
|
abf0db11b6 |
tee: teei: Disable MicroTrust Dynamic Core
Signed-off-by: claxten10 <claxten10@gmail.com> |
||
|
Michel Lespinasse
|
b8ba613d40 |
BACKPORT: mmap locking API: use coccinelle to convert mmap_sem rwsem call sites
This change converts the existing mmap_sem rwsem calls to use the new mmap locking API instead. The change is generated using coccinelle with the following rule: // spatch --sp-file mmap_lock_api.cocci --in-place --include-headers --dir . @@ expression mm; @@ ( -init_rwsem +mmap_init_lock | -down_write +mmap_write_lock | -down_write_killable +mmap_write_lock_killable | -down_write_trylock +mmap_write_trylock | -up_write +mmap_write_unlock | -downgrade_write +mmap_write_downgrade | -down_read +mmap_read_lock | -down_read_killable +mmap_read_lock_killable | -down_read_trylock +mmap_read_trylock | -up_read +mmap_read_unlock ) -(&mm->mmap_sem) +(mm) Change-Id: If729000ea8cedab7079ccc1350db26ed71f0df92 Signed-off-by: Michel Lespinasse <walken@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: Daniel Jordan <daniel.m.jordan@oracle.com> Reviewed-by: Laurent Dufour <ldufour@linux.ibm.com> Reviewed-by: Vlastimil Babka <vbabka@suse.cz> Cc: Davidlohr Bueso <dbueso@suse.de> Cc: David Rientjes <rientjes@google.com> Cc: Hugh Dickins <hughd@google.com> Cc: Jason Gunthorpe <jgg@ziepe.ca> Cc: Jerome Glisse <jglisse@redhat.com> Cc: John Hubbard <jhubbard@nvidia.com> Cc: Liam Howlett <Liam.Howlett@oracle.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Ying Han <yinghan@google.com> Link: http://lkml.kernel.org/r/20200520052908.204642-5-walken@google.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
bengris32
|
3b5670d492 |
Merge branch 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip into lineage-22.2
* 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip: CIP: Bump version suffix to -cip122 after merge from cip/linux-4.19.y-st tree Update localversion-st, tree is up-to-date with 5.4.295. ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms ARM: dts: am335x-bone-common: Increase MDIO reset deassert time ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board ARM: dts: am335x-bone-common: get rid of phy_id property mtd: nand: sunxi: Add randomizer configuration before randomizer enable mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() bridge: netfilter: Fix forwarding of fragmented packets vxlan: Annotate FDB data races hwmon: (gpio-fan) Add missing mutex locks nfs: handle failure of nfs_get_lock_context in unlock path sch_htb: make htb_deactivate() idempotent scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() perf: Fix sample vs do_exit() jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() mm/huge_memory: fix dereferencing invalid pmd migration entry posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() net: atm: fix /proc/net/atm/lec handling net: atm: add lec_mutex calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer atm: atmtcp: Free invalid length skb in atmtcp_c_send(). mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). wifi: carl9170: do not ping device which has failed to load firmware drm/nouveau/bl: increase buffer size to avoid truncate warning ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged ALSA: hda/intel: Add Thinkpad E15 to PM deny list Input: sparcspkr - avoid unannotated fall-through HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() atm: Revert atm_account_tx() if copy_from_iter_full() fails. selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len scsi: s390: zfcp: Ensure synchronous unit_add jffs2: check jffs2_prealloc_raw_node_refs() result in few other places jffs2: check that raw node were preallocated before writing summary drivers/rapidio/rio_cm.c: prevent possible heap overwrite Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery platform/x86: dell_rbu: Stop overwriting data buffer tee: Prevent size calculation wraparound on 32-bit kernels ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value watchdog: da9052_wdt: respect TWDMIN i40e: fix MMIO write access to an invalid page in i40e_clear_hw sock: Correct error checking condition for (assign|release)_proto_idx() vxlan: Do not treat dst cache initialization errors as fatal clk: rockchip: rk3036: mark ddrphy as critical wifi: mac80211: do not offer a mesh path if forwarding is disabled net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT tcp: always seek for minimal rtt in tcp_rcv_rtt_update() net: dlink: add synchronization for stats update sctp: Do not wake readers in __sctp_write_space() emulex/benet: correct command version selection in be_cmd_get_stats() i2c: designware: Invoke runtime suspend on quick slave re-registration net: macb: Check return value of dma_set_mask_and_coherent() cpufreq: Force sync policy boost with global boost on sysfs update nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() media: tc358743: ignore video while HPD is low drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB jfs: Fix null-ptr-deref in jfs_ioc_trim drm/amdgpu/gfx9: fix CSIB handling drm/amdgpu/gfx8: fix CSIB handling jfs: fix array-index-out-of-bounds read in add_missing_indices drm/amdgpu/gfx7: fix CSIB handling drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition sunrpc: update nextcheck time when adding new cache entries drm/amdgpu/gfx6: fix CSIB handling ACPI: battery: negate current when discharging power: supply: bq27xxx: Retrieve again when busy ACPICA: fix acpi parse and parseext cache leaks ACPICA: Avoid sequence overread in call to strncmp() ACPICA: fix acpi operand cache leak in dswstate.c PCI: Fix lock symmetry in pci_slot_unlock() regulator: max14577: Add error check for max14577_read_reg() staging: iio: ad5933: Correct settling cycles encoding per datasheet net: ch9200: fix uninitialised access during mii_nway_restart ftrace: Fix UAF when lookup kallsym after ftrace disabled dm-mirror: fix a tiny race condition mm: fix ratelimit_pages update error in dirty_ratio_handler() ipc: fix to protect IPCS lookups using RCU parisc: fix building with gcc-15 vgacon: Add check for vc_origin address range in vgacon_scroll() NFC: nci: uart: Set tty->disc_data only in success path f2fs: prevent kernel warning due to negative i_nlink from corrupted image Input: ims-pcu - check record size in ims_pcu_flash_firmware() ext4: fix calculation of credits for extent tree modification ext4: inline: fix len overflow in ext4_prepare_inline_data ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 media: v4l2-dev: fix error handling in __video_register_device() media: gspca: Add error handling for stv06xx_read_sensor() wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() gfs2: move msleep to sleepable context configfs: Do not override creating attribute file failure in populate_attrs() calipso: unlock rcu before returning -EAFNOSUPPORT usb: Flush altsetting 0 endpoints before reinitializating them after reset. fs/filesystems: Fix potential unsigned integer underflow in fs_name() net/mdiobus: Fix potential out-of-bounds read/write access MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option x86/boot/compressed: prefer cc-option for CFLAGS additions net: mdio: C22 is now optional, EOPNOTSUPP if not provided i40e: retry VFLR handling if there is ongoing VF reset i40e: return false from i40e_reset_vf if reset is in progress net_sched: sch_sfq: fix a potential crash on gso_skb handling scsi: iscsi: Fix incorrect error path labels for flashnode operations NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes NFSD: Fix ia_size underflow Input: synaptics-rmi - fix crash with unsupported versions of F34 Input: synaptics-rmi4 - convert to use sysfs_emit() APIs do_change_type(): refuse to operate on unmounted/not ours mounts net/mlx4_en: Prevent potential integer overflow calculating Hz rtc: Fix offset calculation for .start_secs < 0 rtc: sh: assign correct interrupts with DT perf tests switch-tracking: Fix timestamp comparison mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() perf ui browser hists: Set actions->thread before calling do_zoom_thread() fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() soc: aspeed: lpc: Fix impossible judgment condition arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device bus: fsl-mc: fix double-free on mc_dev nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() nilfs2: add pointer check for nilfs_direct_propagate() Squashfs: check return result of sb_min_blocksize ARM: dts: at91: at91sam9263: fix NAND chip selects ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select f2fs: fix to correct check conditions in f2fs_cross_rename f2fs: use d_inode(dentry) cleanup dentry->d_inode calipso: Don't call calipso functions for AF_INET sk. net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy wifi: ath9k_htc: Abort software beacon handling if disabled bpf: Fix WARN() in get_bpf_raw_tp_regs pinctrl: at91: Fix possible out-of-boundary access net: ncsi: Fix GCPS 64-bit member variables f2fs: fix to do sanity check on sbi->total_valid_block_count drm/tegra: rgb: Fix the unbound reference count drm: rcar-du: Fix memory leak in rcar_du_vsps_init() selftests/seccomp: fix syscall_restart test for arm compat firmware: psci: Fix refcount leak in psci_dt_init m68k: mac: Fix macintosh_config for Mac II drm/vmwgfx: Add seqno waiter for sync_files ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() crypto: marvell/cesa - Avoid empty transfer descriptor crypto: marvell/cesa - Handle zero-length skcipher requests x86/cpu: Sanitize CPUID(0x80000000) output perf/core: Fix broken throttling when max_samples_per_tick=1 gfs2: gfs2_create_inode error handling fix netfilter: nft_socket: fix sk refcount leaks thunderbolt: Do not double dequeue a configuration request usb: usbtmc: Fix timeout value in get_stb usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE pinctrl: armada-37xx: set GPIO output value before setting direction pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 tracing: Fix compilation warning on arm32 platform/x86: thinkpad_acpi: Ignore battery threshold change event notification platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys spi: spi-sun4i: fix early activation um: let 'make clean' properly clean underlying SUBARCH as well platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS nfs: don't share pNFS DS connections between net namespaces HID: quirks: Add ADATA XPG alpha wireless mouse support coredump: fix error handling for replace_fd() smb: client: Reset all search buffer pointers when releasing buffer smb: client: Fix use-after-free in cifs_fill_dirent drm/i915/gvt: fix unterminated-string-initialization warning netfilter: nf_tables: do not defer rule destruction via call_rcu netfilter: nf_tables: wait for rcu grace period on net_device removal netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx mm/page_alloc.c: avoid infinite retries caused by cpuset race llc: fix data loss when reading from a socket in llc_ui_recvmsg() ALSA: pcm: Fix race of buffer access at PCM OSS layer can: bcm: add missing rcu read protection for procfs content can: bcm: add locking for bcm_op runtime updates crypto: algif_hash - fix double free in hash_accept net: dwmac-sun8i: Use parsed internal PHY address instead of 1 __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock xenbus: Allow PVH dom0 a non-local xenstore btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 pinctrl: meson: define the pull up/down resistor value as 60 kOhm drm: Add valid clones check regulator: ad5398: Add device tree support bpftool: Fix readlink usage in get_fd_type HID: usbkbd: Fix the bit shift number for LED_KANA scsi: st: Restore some drive settings after reset scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine hwmon: (xgene-hwmon) use appropriate type for the latency value ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB net/mlx4_core: Avoid impossible mlx4_db_alloc() order value smack: recognize ipv4 CIPSO w/o categories pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map ASoC: ops: Enforce platform maximum on initial value ACPI: HED: Always initialize before evged PCI: Fix old_size lower bound in calculate_iosize() too EDAC/ie31200: work around false positive build warning net: pktgen: fix access outside of user given buffer in pktgen_thread_write() MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core MIPS: Use arch specific syscall name match function cpuidle: menu: Avoid discarding useful information x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() bonding: report duplicate MAC address in all situations net: xgene-v2: remove incorrect ACPI_PTR annotation x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 net: pktgen: fix mpls maximum labels list parsing pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" media: cx231xx: set device_caps for 417 dm cache: prevent BUG_ON by blocking retries on failed device resumes media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 ieee802154: ca8210: Use proper setters and getters for bitwise types rtc: ds1307: stop disabling alarms on probe powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 mmc: sdhci: Disable SD card clock before changing parameters posix-timers: Add cond_resched() to posix_timer_add() search loop xen: Add support for XenServer 6.1 platform device dm: restrict dm device size to 2^63-512 bytes kbuild: fix argument parsing in scripts/config scsi: st: ERASE does not change tape location scsi: st: Tighten the page format heuristics with MODE SELECT ext4: reorder capability check last um: Update min_low_pfn to match changes in uml_reserved um: Store full CSGSFS and SS register from mcontext btrfs: send: return -ENAMETOOLONG when attempting a path that is too long btrfs: avoid linker error in btrfs_find_create_tree_block() i2c: pxa: fix call balance of i2c->clk handling routines mmc: host: Wait for Vdd to settle on card power off pNFS/flexfiles: Report ENETDOWN as a connection error tools/build: Don't pass test log files to linker dql: Fix dql->limit value when reset. SUNRPC: rpc_clnt_set_transport() must not change the autobind setting NFSv4: Treat ENETUNREACH errors as fatal for state recovery fbdev: core: tileblit: Implement missing margin clearing for tileblit fbdev: fsl-diu-fb: add missing device_remove_file() mailbox: use error ret code of of_parse_phandle_with_args() kconfig: merge_config: use an empty file as initfile cgroup: Fix compilation issue due to cgroup_mutex not being exported dma-mapping: avoid potential unused data compilation warning scsi: target: iscsi: Fix timeout on deleted connection openvswitch: Fix unsafe attribute parsing in output_userspace() Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 Input: synaptics - enable SMBus for HP Elitebook 850 G1 phy: Fix error handling in tegra_xusb_port_init ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() ACPI: PPTT: Fix processor subtable walk qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() ALSA: sh: SND_AICA should depend on SH_DMA_API spi: loopback-test: Do not split 1024-byte hexdumps RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug staging: axis-fifo: Correct handling of tx_fifo_depth for size validation staging: axis-fifo: avoid parsing ignored device tree properties platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection do_umount(): add missing barrier before refcount checks in sync case MIPS: Fix MAX_REG_OFFSET iio: adc: dln2: Use aligned_s64 for timestamp types: Complement the aligned types with signed 64-bit one USB: usbtmc: use interruptible sleep in usbtmc_read usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition ocfs2: stop quota recovery before disabling quotas ocfs2: implement handshaking with ocfs2 recovery thread ocfs2: switch osb->disable_recovery to enum module: ensure that kobject_put() is safe for module type kobjects xenbus: Use kref to track req lifetime usb: uhci-platform: Make the clock really optional iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo iio: adis16201: Correct inclinometer channel resolution Input: synaptics - enable InterTouch on Dell Precision M3800 Input: synaptics - enable InterTouch on Dynabook Portege X30L-G Input: synaptics - enable InterTouch on Dynabook Portege X30-D net: dsa: b53: fix learning on VLAN unaware bridges scsi: target: Fix WRITE_SAME No Data Buffer crash dm: fix copying after src array boundaries iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid irqchip/gic-v2m: Add const to of_device_id sch_htb: make htb_qlen_notify() idempotent of: module: add buffer overflow check in of_modalias() net: fec: ERR007885 Workaround for conventional TX lan743x: remove redundant initialization of variable current_head_index net: dlink: Correct endianness handling of led_mode tracing: Fix oob write in trace_seq_to_buffer() dm: always update the array size in realloc_argv on success wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload i2c: imx-lpi2c: Fix clock count when probe defers EDAC/altera: Set DDR and SDMMC interrupt mask before registration EDAC/altera: Test the correct error reg offset signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() x86/bugs: fix backport error in "x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline" Change-Id: Ia48bfc7454e776a311efd14a33b7c414038c8a6d |
||
|
Jann Horn
|
4b06edabbc |
tee: Prevent size calculation wraparound on 32-bit kernels
[ Upstream commit 39bb67edcc582b3b386a9ec983da67fa8a10ec03 ] The current code around TEE_IOCTL_PARAM_SIZE() is a bit wrong on 32-bit kernels: Multiplying a user-provided 32-bit value with the size of a structure can wrap around on such platforms. Fix it by using saturating arithmetic for the size calculation. This has no security consequences because, in all users of TEE_IOCTL_PARAM_SIZE(), the subsequent kcalloc() implicitly checks for wrapping. Signed-off-by: Jann Horn <jannh@google.com> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Tested-by: Rouven Czerwinski <rouven.czerwinski@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Ulrich Hecht <uli@kernel.org> |
||
|
bengris32
|
2162cb9481 |
Merge branch 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip into lineage-22.1
* 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip: CIP: Bump version suffix to -cip120 after merge from cip/linux-4.19.y-st tree Update localversion-st, tree is up-to-date with 5.4.292. net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy jfs: add index corruption check to DT_GETPAGE() jfs: fix slab-out-of-bounds read in ea_get() tracing: Fix use-after-free in print_graph_function_flags during tracer switching mmc: sdhci-pxav3: set NEED_RSP_BUSY capability x86/tsc: Always save/restore TSC sched_clock() on suspend/resume ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() arcnet: Add NULL check in com20020pci_probe() ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS vsock: avoid timeout during connect() if the socket is closing net_sched: skbprio: Remove overly strict queue assertions netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets ntb: intel: Fix using link status DB's ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans spufs: fix a leak in spufs_create_context() spufs: fix a leak on spufs_new_file() failure hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} sched/deadline: Use online cpus for validating runtime affs: don't write overlarge OFS data block size fields affs: generate OFS sequence numbers starting at 1 wifi: iwlwifi: fw: allocate chained SG tables for dump sched/smt: Always inline sched_smt_active() ring-buffer: Fix bytes_dropped calculation issue objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() fs/procfs: fix the comment above proc_pid_wchan() perf python: Check if there is space to copy all the event perf python: Decrement the refcount of just created event on failure perf python: Fixup description of sample.id event member ocfs2: validate l_tree_depth to avoid out-of-bounds access perf units: Fix insufficient array space iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio coresight: catu: Fix number of pages while using 64k pages isofs: fix KMSAN uninit-value bug in do_isofs_readdir() x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment mfd: sm501: Switch to BIT() to mitigate integer overflows RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow power: supply: max77693: Fix wrong conversion of charge input threshold value x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 IB/mad: Check available slots before posting receive WRs clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent lib: 842: Improve error handling in sw842_compress() clk: amlogic: gxbb: drop incorrect flag on 32k clock fbdev: sm501fb: Add some geometry checks. mdacon: rework dependency list fbdev: au1100fb: Move a variable assignment behind a null pointer check PCI/portdrv: Only disable pciehp interrupts early when needed ALSA: hda/realtek: Always honor no_shutup_pins perf/ring_buffer: Allow the EPOLLRDNORM flag for poll lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() thermal: int340x: Add NULL check for adev EDAC/ie31200: Fix the error path order of ie31200_init() EDAC/ie31200: Fix the DIMM size mask for several SoCs x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() net: usb: usbnet: restore usb%d name exception for local mac addresses net: usb: qmi_wwan: add Telit Cinterion FE990B composition net: usb: qmi_wwan: add Telit Cinterion FN990B composition tty: serial: 8250: Add some more device IDs netfilter: socket: Lookup orig tuple for IPv6 SNAT ARM: 9351/1: fault: Add "cut here" line for prefetch aborts ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() atm: Fix NULL pointer dereference ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() batman-adv: Ignore own maximum aggregation size during RX ARM: shmobile: smp: Enforce shmobile_smp_* alignment mmc: atmel-mci: Add missing clk_disable_unprepare() net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES net: atm: fix use after free in lec_send() Bluetooth: Fix error code in chan_alloc_skb_cb() RDMA/hns: Fix wrong value of max_sge_rd RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path xfrm_output: Force software GSO only in tunnel mode i2c: sis630: Fix an error handling path in sis630_probe() i2c: ali15x3: Fix an error handling path in ali15x3_probe() i2c: ali1535: Fix an error handling path in ali1535_probe() ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() qlcnic: fix memory leak issues in qlcnic_sriov_common.c drm/amd/display: Assign normalized_pix_clk when color depth = 14 x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes USB: serial: option: match on interface class for Telit FN990B USB: serial: option: fix Telit Cinterion FE990A name USB: serial: option: add Telit Cinterion FE990B compositions USB: serial: ftdi_sio: add support for Altera USB Blaster 3 block: fix 'kmem_cache of name 'bio-108' already exists' drm/nouveau: Do not override forced connector status x86/irq: Define trace events conditionally nvme: only allow entering LIVE from CONNECTING state sctp: Fix undefined behavior in left shift operation nvmet-rdma: recheck queue state is LIVE in state lock in recv done s390/cio: Fix CHPID "configure" attribute caching HID: ignore non-functional sensor in HP 5MP Camera iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() powercap: call put_device() on an error path in powercap_register_control_type() nvme-fc: go straight to connecting state when initializing net_sched: Prevent creation of classes with TC_H_ROOT ipvs: prevent integer overflow in do_ip_vs_get_ctl() netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() drivers/hv: Replace binary semaphore with mutex netpoll: hold rcu read lock in __netpoll_send_skb() netpoll: netpoll_send_skb() returns transmit status netpoll: move netpoll_send_skb() out of line netpoll: remove dev argument from netpoll_send_skb_on_dev() netpoll: Fix use correct return type for ndo_start_xmit() pinctrl: bcm281xx: Fix incorrect regmap max_registers value sctp: sysctl: auth_enable: avoid using current->nsproxy sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" sched/isolation: Prevent boot crash when the boot CPU is nohz_full CIP: Bump version suffix to -cip119 after merge from cip/linux-4.19.y-st tree watchdog: renesas_wdt: support handover from bootloader Update localversion-st, tree is up-to-date with 5.4.291. gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). gtp: Destroy device along with udp socket's netns dismantle. net: gso: fix ownership in __udp_gso_segment vlan: fix memory leak in vlan_newlink() batman-adv: Drop unmanaged ELP metric worker tee: optee: Fix supplicant wait loop pps: Fix a use-after-free net: rose: lock the socket in rose_bind() btrfs: fix use-after-free when attempting to join an aborted transaction media: lmedm04: Handle errors for lme2510_int_read wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step eeprom: digsy_mtc: Make GPIO lookup table match the device slimbus: messaging: Free transaction ID in delayed interrupt scenario intel_th: pci: Add Panther Lake-P/U support intel_th: pci: Add Panther Lake-H support intel_th: pci: Add Arrow Lake support Squashfs: check the inode number is not the invalid value of zero xhci: pci: Fix indentation in the PCI device ID definitions usb: gadget: Check bmAttributes only if configuration is valid usb: gadget: Fix setting self-powered state on suspend usb: gadget: Set self-powered based on MaxPower and bmAttributes usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality usb: typec: ucsi: increase timeout for PPM reset operations usb: atm: cxacru: fix a flaw in existing endpoint checks usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader usb: renesas_usbhs: Use devm_usb_get_phy() Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" net: ipv6: fix missing dst ref drop in ila lwtunnel net: ipv6: fix dst ref loop in ila lwtunnel net-timestamp: support TCP GSO case for a few missing flags vlan: enforce underlying device type ppp: Fix KMSAN uninit-value warning with bpf be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() llc: do not use skb_get() before dev_queue_xmit() hwmon: (ad7314) Validate leading zero bits and return error hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table hwmon: (pmbus) Initialise page count in pmbus_identify() caif_virtio: fix wrong pointer check in cfv_probe() HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() mm/page_alloc: fix uninitialized variable rapidio: fix an API misues when rio_add_net() fails rapidio: add check for rio_add_net() in rio_scan_alloc_net() wifi: nl80211: reject cooked mode if it is set along with other flags wifi: cfg80211: regulatory: improve invalid hints checking x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 x86/cpu: Validate CPUID leaf 0x2 EDX output x86/cacheinfo: Validate CPUID leaf 0x2 EDX output platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M ALSA: hda/realtek: update ALC222 depop optimize ALSA: hda: intel: Add Dell ALC3271 to power_save denylist HID: appleir: Fix potential NULL dereference at raw event handle Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" drm/amdgpu: disable BAR resize on Dell G5 SE drm/amdgpu: Check extended configuration space register when system uses large bar drm/amdgpu: skip BAR resizing if the bios already did it acct: perform last write from workqueue kernel/acct.c: use dedicated helper to access rlimit values kernel/acct.c: use #elif instead of #end and #elif pfifo_tail_enqueue: Drop new packet when sch->limit == 0 sched/core: Prevent rescheduling when interrupts are disabled phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk usbnet: gl620a: fix endpoint checking in genelink_bind() perf/core: Fix low freq setting via IOC_PERIOD ftrace: Avoid potential division by zero in function_stat_show() x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems ipvs: Always clear ipvs_property flag in skb_scrub_packet() ASoC: es8328: fix route from DAC to output net: cadence: macb: Synchronize stats calculations sunrpc: suppress warnings for unused procfs functions batman-adv: Ignore neighbor throughput metrics in error case acct: block access to kernel internal filesystems ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() power: supply: da9150-fg: fix potential overflow geneve: Suppress list corruption splat in geneve_destroy_tunnels(). geneve: Fix use-after-free in geneve_find_dev(). powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC ALSA: hda/realtek - Add type for ALC287 powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline powerpc/64s/mm: Move __real_pte stubs into hash-4k.h USB: gadget: f_midi: f_midi_complete to call queue_work usb/gadget: f_midi: Replace tasklet with work usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API usb: dwc3: Fix timeout issue during controller enter/exit from halt state mm: update mark_victim tracepoints fields crypto: testmgr - some more fixes to RSA test vectors crypto: testmgr - populate RSA CRT parameters in RSA test vectors crypto: testmgr - fix version number of RSA tests crypto: testmgr - Fix wrong test case of RSA crypto: testmgr - fix wrong key length for pkcs1pad driver core: bus: Fix double free in driver API bus_register() scsi: storvsc: Set correct data length for sending SCSI command without payload vlan: move dev_put into vlan_dev_uninit vlan: introduce vlan_dev_free_egress_priority Revert "btrfs: avoid monopolizing a core when activating a swap file" parport_pc: add support for ASIX AX99100 can: ems_pci: move ASIX AX99100 ids to pci_ids.h nilfs2: protect access to buffers with no active references nilfs2: do not force clear folio if buffer is referenced nilfs2: do not output warnings when clearing dirty buffers alpha: replace hardcoded stack offsets with autogenerated ones ndisc: extend RCU protection in ndisc_send_skb() openvswitch: use RCU protection in ovs_vport_cmd_fill_info() arp: use RCU protection in arp_xmit() neighbour: use RCU protection in __neigh_notify() neighbour: delete redundant judgment statements ndisc: use RCU protection in ndisc_alloc_skb() ipv6: use RCU protection in ip6_default_advmss() ipv4: use RCU protection in inet_select_addr() ipv4: use RCU protection in rt_is_expired() net: add dev_net_rcu() helper net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() partitions: mac: fix handling of bogus partition table gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock alpha: align stack for page fault and user unaligned trap handlers alpha: make stack 16-byte aligned (most cases) can: c_can: fix unbalanced runtime PM disable in error path USB: serial: option: drop MeiG Smart defines USB: serial: option: fix Telit Cinterion FN990A name USB: serial: option: add Telit Cinterion FN990B compositions USB: serial: option: add MeiG Smart SLM828 usb: cdc-acm: Fix handling of oversized fragments usb: cdc-acm: Check control transfer buffer size before access USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk USB: hub: Ignore non-compliant devices with too many configs or interfaces usb: gadget: f_midi: fix MIDI Streaming descriptor lengths USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI usb: dwc2: gadget: remove of_node reference upon udc_stop usb: gadget: udc: renesas_usb3: Fix compiler warning usb: roles: set switch registered flag early on batman-adv: fix panic during interface removal ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V orangefs: fix a oob in orangefs_debug_write Grab mm lock before grabbing pt lock vfio/pci: Enable iowrite64 and ioread64 for vfio pci media: cxd2841er: fix 64-bit division on gcc-9 xen: remove a confusing comment on auto-translated guest I/O gpio: bcm-kona: Add missing newline to dev_err format string gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array team: better TEAM_OPTION_TYPE_STRING validation vrf: use RCU protection in l3mdev_l3_out() ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() HID: multitouch: Add NULL check in mt_input_configured ocfs2: check dir i_size in ocfs2_find_entry MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static ptp: Ensure info->enable callback is always set mtd: onenand: Fix uninitialized retlen in do_otp_read() NFC: nci: Add bounds checking in nci_hci_create_pipe() nilfs2: fix possible int overflows in nilfs_fiemap() ocfs2: handle a symlink read error correctly ocfs2: fix incorrect CPU endianness conversion causing mount failure nvmem: core: improve range check for nvmem_cell_write() crypto: qce - fix goto jump in error path media: uvcvideo: Remove redundant NULL assignment media: uvcvideo: Fix event flags in uvc_ctrl_send_events media: ov5640: fix get_light_freq on auto soc: qcom: smem_state: fix missing of_node_put in error path powerpc/pseries/eeh: Fix get PE state translation serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use serial: sh-sci: Drop __initdata macro for port_cfg usb: gadget: f_tcm: Don't prepare BOT write request twice usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint usb: gadget: f_tcm: Decrement command ref count on cleanup usb: gadget: f_tcm: Translate error to sense wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() HID: hid-sensor-hub: don't use stale platform-data on remove of: reserved-memory: Fix using wrong number of cells to get property 'alignment' of: Fix of_find_node_opts_by_path() handling of alias+path+options of: Correct child specifier used as input of the 2nd nexus node clk: qcom: clk-alpha-pll: fix alpha mode configuration Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc KVM: s390: vsie: fix some corner-cases when grabbing vsie pages KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma binfmt_flat: Fix integer overflow bug on 32 bit systems m68k: vga: Fix I/O defines s390/futex: Fix FUTEX_OP_ANDN implementation leds: lp8860: Write full EEPROM, not only half of it cpufreq: s3c64xx: Fix compilation warning tun: revert fix group permission check netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() udp: gso: do not drop small packets when PMTU reduces tg3: Disable tg3 PCIe AER on system reboot firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry nvme: handle connectivity loss in nvme_set_queue_count usb: xhci: Fix NULL pointer dereference on certain command aborts usb: xhci: Add timeout argument in address_device USB HCD callback media: uvcvideo: Remove dangling pointers media: uvcvideo: Only save async fh if success nilfs2: handle errors that nilfs_prepare_chunk() may return nilfs2: eliminate staggered calls to kunmap in nilfs_rename nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link x86/mm: Don't disable PCID when INVLPG has been fixed by microcode HID: Wacom: Add PCI Wacom device support mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() mmc: core: Respect quirk_max_rate for non-UHS SDIO card tun: fix group permission check printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX sched: Don't try to catch up excess steal time. btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling btrfs: output the reason for open_ctree() failure usb: gadget: f_tcm: Don't free command immediately media: uvcvideo: Fix double free in error path usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE drivers/card_reader/rtsx_usb: Restore interrupt based detection ktest.pl: Check kernelrelease return in get_version NFSD: Reset cb_seq_status after NFS4ERR_DELAY hexagon: Fix unbalanced spinlock in die() hexagon: fix using plain integer as NULL pointer warning in cmpxchg genksyms: fix memory leak when the same symbol is read from *.symref file genksyms: fix memory leak when the same symbol is added from source net: sh_eth: Fix missing rtnl lock in suspend/resume path vsock: Allow retrying on connect() failure net: davicom: fix UAF in dm9000_drv_remove net: rose: fix timer races against user threads PM: hibernate: Add error handling for syscore_suspend() net: fec: implement TSO descriptor cleanup ubifs: skip dumping tnc tree when zroot is null dmaengine: ti: edma: fix OF node reference leaks in edma_driver module: Extend the preempt disabled section in dereference_symbol_descriptor(). ocfs2: mark dquot as inactive if failed to start trans while releasing dquot scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 media: camif-core: Add check for clk_enable() media: mipi-csis: Add check for clk_enable() PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() media: rc: iguanair: handle timeouts fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() ARM: dts: mediatek: mt7623: fix IR nodename arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property rdma/cxgb4: Prevent potential integer overflow on 32bit RDMA/mlx4: Avoid false error about access to uninitialized gids array perf report: Fix misleading help message about --demangle perf top: Don't complain about lack of vmlinux when not resolving some kernel samples padata: fix sysfs store callback check ktest.pl: Remove unused declarations in run_bisect_test function net: sched: Disallow replacing of child qdisc from one parent to another net/mlxfw: Drop hard coded max FW flash image size selftests: harness: fix printing of mismatch values in __EXPECT() selftests/harness: Display signed values correctly wifi: wlcore: fix unbalanced pm_runtime calls regulator: of: Implement the unwind path of of_regulator_match() team: prevent adding a device which is already a team device lower cpupower: fix TSC MHz calculation wifi: rtlwifi: pci: wait for firmware loading before releasing memory wifi: rtlwifi: fix memory leaks and invalid access at probe error path wifi: rtlwifi: remove unused dualmac control leftovers rtlwifi: replace usage of found with dedicated list iterator variable wifi: rtlwifi: usb: fix workqueue leak when probe fails wifi: rtlwifi: do not complete firmware loading needlessly drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table drm/etnaviv: Fix page property being used for non writecombine buffers afs: Fix directory format encoding struct overflow: Allow mixed type arguments overflow: Correct check_shl_overflow() comment overflow: Add __must_check attribute to check_*() helpers udf: Fix use of check_add_overflow() with mixed type arguments Change-Id: Ia7c26633509cfe8ec59d7dd0d6efd602629c87f4 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
Sumit Garg
|
15969a43db |
tee: optee: Fix supplicant wait loop
commit 70b0d6b0a199c5a3ee6c72f5e61681ed6f759612 upstream.
OP-TEE supplicant is a user-space daemon and it's possible for it
be hung or crashed or killed in the middle of processing an OP-TEE
RPC call. It becomes more complicated when there is incorrect shutdown
ordering of the supplicant process vs the OP-TEE client application which
can eventually lead to system hang-up waiting for the closure of the
client application.
Allow the client process waiting in kernel for supplicant response to
be killed rather than indefinitely waiting in an unkillable state. Also,
a normal uninterruptible wait should not have resulted in the hung-task
watchdog getting triggered, but the endless loop would.
This fixes issues observed during system reboot/shutdown when supplicant
got hung for some reason or gets crashed/killed which lead to client
getting hung in an unkillable state. It in turn lead to system being in
hung up state requiring hard power off/on to recover.
Fixes:
|
||
|
bengris32
|
de12f109ac |
Merge tag 'ASB-2022-10-01_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2022-10-01 CVE-2022-1786 CVE-2022-20421 CVE-2022-20422 CVE-2022-20423 CVE-2022-20409 * tag 'ASB-2022-10-01_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.261 clk: iproc: Do not rely on node name for correct PLL setup selftests: Fix the if conditions of in test_extra_filter() nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices nvme: add new line after variable declatation usbnet: Fix memory leak in usbnet_disconnect() Input: melfas_mip4 - fix return value check in mip4_probe() Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time" soc: sunxi: sram: Fix debugfs info for A64 SRAM C soc: sunxi: sram: Fix probe function ordering issues soc: sunxi: sram: Prevent the driver from being unbound soc: sunxi: sram: Actually claim SRAM regions ima: Free the entire rule if it fails to parse ima: Free the entire rule when deleting a list of rules ima: Have the LSM free its audit rule mm/migrate_device.c: flush TLB while holding PTL mm: prevent page_frag_alloc() from corrupting the memory mm/page_alloc: fix race condition between build_all_zonelists and page allocation mmc: moxart: fix 4-bit bus width and remove 8-bit bus width libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 ntfs: fix BUG_ON in ntfs_lookup_inode_by_name() ARM: dts: integrator: Tag PCI host with device_type net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 uas: ignore UAS for Thinkplus chips usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS uas: add no-uas quirk for Hiksemi usb_disk Linux 4.19.260 ext4: make directory inode spreading reflect flexbg size usb: dwc3: pci: Allow Elkhart Lake to utilize DSM method for PM functionality workqueue: don't skip lockdep work dependency in cancel_work_sync() drm/rockchip: Fix return type of cdn_dp_connector_mode_valid drm/amd/display: Limit user regamma to a valid value Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting serial: Create uart_xmit_advance() net: sunhme: Fix packet reception for len < RX_COPY_THRESHOLD perf kcore_copy: Do not check /proc/modules is unchanged perf jit: Include program header in ELF files can: gs_usb: gs_can_open(): fix race dev->can.state condition netfilter: ebtables: fix memory leak when blob is malformed of: mdio: Add of_node_put() when breaking out of for_each_xx i40e: Fix set max_tx_rate when it is lower than 1 Mbps i40e: Fix VF set max MTU size MIPS: lantiq: export clk_get_io() for lantiq_wdt.ko net: team: Unsync device addresses on ndo_stop ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header iavf: Fix cached head and tail value for iavf_get_tx_pending netfilter: nf_conntrack_irc: Tighten matching on DCC message netfilter: nf_conntrack_sip: fix ct_sip_walk_headers arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz mm/slub: fix to return errno if kmalloc() fails efi: libstub: check Shim mode using MokSBStateRT ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop ALSA: hda: add Intel 5 Series / 3400 PCI DID ALSA: hda/tegra: set depop delay for tegra USB: serial: option: add Quectel RM520N USB: serial: option: add Quectel BG95 0x0203 composition USB: core: Fix RST error in hub.c wifi: mac80211: Fix UAF in ieee80211_scan_rx() usb: dwc3: pci: add support for the Intel Alder Lake-S usb: dwc3: pci: add support for the Intel Jasper Lake usb: dwc3: pci: add support for the Intel Tiger Lake PCH -H variant usb: dwc3: pci: add support for TigerLake Devices usb: dwc3: pci: Add Support for Intel Elkhart Lake Devices ALSA: hda/sigmatel: Fix unused variable warning for beep power change video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write mksysmap: Fix the mismatch of 'L0' symbols in System.map MIPS: OCTEON: irq: Fix octeon_irq_force_ciu_mapping() net: usb: qmi_wwan: add Quectel RM520N ALSA: hda/sigmatel: Keep power up while beep is enabled rxrpc: Fix local destruction being repeated regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() ASoC: nau8824: Fix semaphore unbalance at error paths cifs: don't send down the destination address to sendmsg for a SOCK_STREAM mvpp2: no need to check return value of debugfs_create functions nvmet: fix a use-after-free parisc: ccio-dma: Add missing iounmap in error path in ccio_probe() drm/meson: Correct OSD1 global alpha value gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx of: fdt: fix off-by-one error in unflatten_dt_nodes() Revert "xhci: Add grace period after xHC start to prevent premature runtime suspend." Revert "USB: core: Prevent nested device-reset calls" Revert "mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse" Revert "sched/deadline: Fix priority inheritance with multiple scheduling classes" Revert "kernel/sched: Remove dl_boosted flag comment" Revert "fs: check FMODE_LSEEK to control internal pipe splicing" Linux 4.19.259 tracefs: Only clobber mode/uid/gid on remount if asked net: dp83822: disable rx error interrupt mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region() usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes perf/arm_pmu_platform: fix tests for platform_get_irq() failure Input: iforce - add support for Boeder Force Feedback Wheel ieee802154: cc2520: add rc code in cc2520_tx() tg3: Disable tg3 device on system reboot to avoid triggering AER HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo drm/msm/rd: Fix FIFO-full deadlock Linux 4.19.258 SUNRPC: use _bh spinlocking on ->transport_lock MIPS: loongson32: ls1c: Fix hang during startup x86/nospec: Fix i386 RSB stuffing usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup USB: serial: ch341: fix disabled rx timer on older devices USB: serial: ch341: fix lost character on LCR updates usb: dwc3: fix PHY disable sequence sch_sfb: Also store skb len before calling child enqueue tcp: fix early ETIMEDOUT after spurious non-SACK RTO RDMA/mlx5: Set local port to one when accessing counters ipv6: sr: fix out-of-bounds read when setting HMAC data. i40e: Fix kernel crash during module removal tipc: fix shift wrapping bug in map_get() sch_sfb: Don't assume the skb is still around after enqueueing to child netfilter: nf_conntrack_irc: Fix forged IP logic netfilter: br_netfilter: Drop dst references before setting. soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs scsi: mpt3sas: Fix use-after-free warning debugfs: add debugfs_lookup_and_remove() kprobes: Prohibit probes in gate area ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() ALSA: aloop: Fix random zeros in capture data when using jiffies timer ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources() drm/radeon: add a force flush to delay work when radeon drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup. ALSA: seq: Fix data-race at module auto-loading ALSA: seq: oss: Fix data-race for max_midi_devs access net: mac802154: Fix a condition in the receive path wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS USB: core: Prevent nested device-reset calls s390: fix nospec table alignments s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages usb-storage: Add ignore-residue quirk for NXP PN7462AU USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) usb: dwc2: fix wrong order of phy_power_on and phy_init usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode USB: serial: option: add Quectel EM060K modem USB: serial: option: add support for OPPO R11 diag port USB: serial: cp210x: add Decagon UCA device id xhci: Add grace period after xHC start to prevent premature runtime suspend. thunderbolt: Use the actual buffer in tb_async_error() hwmon: (gpio-fan) Fix array out of bounds access Input: rk805-pwrkey - fix module autoloading clk: core: Fix runtime PM sequence in clk_core_unprepare() Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops" clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported" binder: fix UAF of ref->proc caused by race condition USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id vt: Clear selection before changing the font staging: rtl8712: fix use after free bugs serial: fsl_lpuart: RS485 RTS polariy is inverse net/smc: Remove redundant refcount increase Revert "sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb" tcp: annotate data-race around challenge_timestamp sch_cake: Return __NET_XMIT_STOLEN when consuming enqueued skb kcm: fix strp_init() order and cleanup ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler Revert "xhci: turn off port power in shutdown" wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() ieee802154/adf7242: defer destroy_workqueue call platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg drm/msm/dsi: fix the inconsistent indenting net: dp83822: disable false carrier interrupt Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()" fs: only do a memory barrier for the first set_buffer_uptodate() wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() efi: capsule-loader: Fix use-after-free in efi_capsule_write driver core: Don't probe devices after bus_type.match() probe deferral Revert "USB: HCD: Fix URB giveback issue in tasklet function" Linux 4.19.257 net: neigh: don't call kfree_skb() under spin_lock_irqsave() kprobes: don't call disarm_kprobe() for disabled kprobes netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y s390/hypfs: avoid error message under KVM neigh: fix possible DoS due to net iface start/stop loop drm/amd/display: clear optc underflow before turn off odm clock mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead fbdev: fb_pm2fb: Avoid potential divide by zero error HID: hidraw: fix memory leak in hidraw_release() media: pvrusb2: fix memory leak in pvr_probe HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report Bluetooth: L2CAP: Fix build errors in some archs kbuild: Fix include path in scripts/Makefile.modpost x86/bugs: Add "unknown" reporting for MMIO Stale Data s390/mm: do not trigger write fault when vma does not allow VM_WRITE selftests/bpf: Fix test_align verifier log patterns bpf: Fix the off-by-two error in range markings arm64: map FDT as RW for early_init_dt_scan() mm: Force TLB flush for PFNMAP mappings before unlink_file_vma() scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq md: call __md_stop_writes in md_stop mm/hugetlb: fix hugetlb not supporting softdirty tracking s390: fix double free of GS and RI CBs on fork() failure asm-generic: sections: refactor memory_intersects loop: Check for overflow while configuring loop x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry btrfs: check if root is readonly while setting security xattr ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter net: Fix a data-race around sysctl_somaxconn. net: Fix a data-race around netdev_budget_usecs. net: Fix a data-race around netdev_budget. net: Fix a data-race around sysctl_net_busy_read. net: Fix a data-race around sysctl_net_busy_poll. net: Fix a data-race around sysctl_tstamp_allow_data. ratelimit: Fix data-races in ___ratelimit(). net: Fix data-races around netdev_tstamp_prequeue. net: Fix data-races around weight_p and dev_weight_[rt]x_bias. netfilter: nft_tunnel: restrict it to netdev family netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families netfilter: nft_payload: do not truncate csum_offset and csum_type netfilter: nft_payload: report ERANGE for too long offset and length netfilter: ebtables: reject blobs that don't provide all entry points net: ipvtap - add __init/__exit annotations to module init/exit funcs bonding: 802.3ad: fix no transmission of LACPDUs rose: check NULL rose_loopback_neigh->loopback af_key: Do not call xfrm_probe_algs in parallel xfrm: fix refcount leak in __xfrm_policy_check() kernel/sched: Remove dl_boosted flag comment sched/deadline: Fix priority inheritance with multiple scheduling classes sched/deadline: Fix stale throttling on de-/boosted tasks sched/deadline: Unthrottle PI boosted threads while enqueuing pinctrl: amd: Don't save/restore interrupt status and wake status bits kernel/sys_ni: add compat entry for fadvise64_64 parisc: Fix exception handler for fldw and fstw instructions audit: fix potential double free on error path from fsnotify_add_inode_mark Linux 4.19.256 btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() btrfs: only write the sectors in the vertical stripe which has data stripes tracing/probes: Have kprobes and uprobes use $COMM too tee: add overflow check in register_shm_helper() MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0 video: fbdev: i740fb: Check the argument of i740_calc_vclk() powerpc/64: Init jump labels before parse_early_param() smb3: check xattr value length earlier f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() ALSA: timer: Use deferred fasync helper ALSA: core: Add async signal helpers watchdog: export lockup_detector_reconfigure RISC-V: Add fast call path of crash_kexec() riscv: mmap with PROT_WRITE but no PROT_READ is invalid mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start vfio: Clear the caps->buf to NULL after free tty: serial: Fix refcount leak bug in ucc_uart.c lib/list_debug.c: Detect uninitialized lists ext4: avoid resizing to a partial cluster size ext4: avoid remove directory when directory is corrupted drivers:md:fix a potential use-after-free bug dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed cxl: Fix a memory leak in an error handling path gadgetfs: ep_io - wait until IRQ finishes clk: qcom: ipq8074: dont disable gcc_sleep_clk_src vboxguest: Do not use devm for irq usb: renesas: Fix refcount leak bug usb: host: ohci-ppc-of: Fix refcount leak bug irqchip/tegra: Fix overflow implicit truncation warnings PCI: Add ACS quirk for Broadcom BCM5750x NICs drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() locking/atomic: Make test_and_*_bit() ordered on failure gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file igb: Add lock to avoid data race fec: Fix timer capture timing in `fec_ptp_enable_pps()` i40e: Fix to stop tx_timeout recovery if GLOBR fails powerpc/pci: Fix get_phb_number() locking netfilter: nf_tables: really skip inactive sets when allocating name nios2: add force_successful_syscall_return() nios2: restarts apply only to the first sigframe we build... nios2: fix syscall restart checks nios2: traced syscall does need to check the syscall number nios2: don't leave NULLs in sys_call_table[] nios2: page fault et.al. are *not* restartable syscalls... atm: idt77252: fix use-after-free bugs caused by tst_timer xen/xenbus: fix return type in xenbus_file_read() NTB: ntb_tool: uninitialized heap data in tool_fn_write() tools build: Switch to new openssl API for test-libcrypto vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() vsock: Fix memory leak in vsock_connect() geneve: do not use RT_TOS for IPv6 flowlabel ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map SUNRPC: Reinitialise the backchannel request buffers before reuse NFSv4/pnfs: Fix a use-after-free bug in open NFSv4.1: RECLAIM_COMPLETE must handle EACCES NFSv4: Fix races in the legacy idmapper upcall apparmor: Fix memleak in aa_simple_write_to_buffer() apparmor: fix reference count leak in aa_pivotroot() apparmor: fix overlapping attachment computation apparmor: fix aa_label_asxprint return check apparmor: Fix failed mount permission check error message apparmor: fix absroot causing audited secids to begin with = apparmor: fix quiet_denied for file rules can: ems_usb: fix clang's -Wunaligned-access warning tracing: Have filter accept "common_cpu" to be consistent btrfs: fix lost error handling when looking up extended ref on log replay mmc: pxamci: Fix an error handling path in pxamci_probe() mmc: pxamci: Fix another error handling path in pxamci_probe() ata: libata-eh: Add missing command name rds: add missing barrier to release_refill ALSA: info: Fix llseek return value when using callback powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E powerpc/mm: Split dump_pagelinuxtables flag_array table firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails net_sched: cls_route: disallow handle of 0 net/9p: Initialize the iounit field during fid creation Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" scsi: sg: Allow waiting for commands to complete on removed device tcp: fix over estimation in sk_forced_mem_schedule() KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq KVM: Add infrastructure and macro to mark VM as bugged btrfs: reject log replay if there is unsupported RO compat flag net_sched: cls_route: remove from list when handle is 0 ACPI: CPPC: Do not prevent CPPC from working in the future dm writecache: set a default MAX_WRITEBACK_JOBS dm raid: fix address sanitizer warning in raid_status dm raid: fix address sanitizer warning in raid_resume intel_th: pci: Add Meteor Lake-P support intel_th: pci: Add Raptor Lake-S PCH support intel_th: pci: Add Raptor Lake-S CPU support ext4: correct the misjudgment in ext4_iget_extra_inode ext4: correct max_inline_xattr_value_size computing ext4: fix extent status tree race in writeback error recovery path ext4: update s_overhead_clusters in the superblock during an on-line resize ext4: fix use-after-free in ext4_xattr_set_entry ext4: make sure ext4_append() always allocates new block ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h spmi: trace: fix stack-out-of-bound access in SPMI tracing functions x86/olpc: fix 'logical not is only applied to the left hand side' scsi: zfcp: Fix missing auto port scan and thus missing target ports video: fbdev: s3fb: Check the size of screen before memset_io() video: fbdev: arkfb: Check the size of screen before memset_io() video: fbdev: vt8623fb: Check the size of screen before memset_io() tools/thermal: Fix possible path truncations video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() x86/numa: Use cpumask_available instead of hardcoded NULL check scripts/faddr2line: Fix vmlinux detection on arm64 genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO powerpc/pci: Fix PHB numbering when using opal-phbid kprobes: Forbid probing on trampoline and BPF code areas powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address powerpc/xive: Fix refcount leak in xive_get_max_prio powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32 video: fbdev: sis: fix typos in SiS_GetModeID() video: fbdev: amba-clcd: Fix refcount leak bugs ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() s390/zcore: fix race when reading from hardware system area iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop mfd: t7l66xb: Drop platform disable callback kfifo: fix kfifo_to_user() return type rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge iommu/exynos: Handle failed IOMMU device registration properly tty: n_gsm: fix missing corner cases in gsmld_poll() tty: n_gsm: fix DM command tty: n_gsm: fix wrong T1 retry count handling vfio/ccw: Do not change FSM state in subchannel event remoteproc: qcom: wcnss: Fix handling of IRQs tty: n_gsm: fix race condition in gsmld_write() tty: n_gsm: fix packet re-transmission without open control channel tty: n_gsm: fix non flow control frames during mux flow off profiling: fix shift too large makes kernel panic serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe ASoC: codecs: da7210: add check for i2c_add_driver ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted ext4: recover csum seed of tmp_inode after migrating to extents null_blk: fix ida error handling in null_add_dev() RDMA/rxe: Fix error unwind in rxe_create_qp() mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region platform/olpc: Fix uninitialized data in debugfs write USB: serial: fix tty-port initialized comments HID: alps: Declare U1_UNICORN_LEGACY support mmc: cavium-thunderx: Add of_node_put() when breaking out of loop mmc: cavium-octeon: Add of_node_put() when breaking out of loop gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() RDMA/hfi1: fix potential memory leak in setup_base_ctxt() usb: gadget: udc: amd5536 depends on HAS_DMA scsi: smartpqi: Fix DMA direction for RAID requests mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R memstick/ms_block: Fix a memory leak memstick/ms_block: Fix some incorrect memory allocation mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback soundwire: bus_type: fix remove and shutdown support clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks clk: qcom: ipq8074: fix NSS port frequency tables misc: rtsx: Fix an error handling path in rtsx_pci_probe() usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe fpga: altera-pr-ip: fix unsigned comparison with less than zero mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release HID: cp2112: prevent a buffer overflow in cp2112_xfer() mtd: maps: Fix refcount leak in ap_flash_init mtd: maps: Fix refcount leak in of_flash_probe_versatile clk: renesas: r9a06g032: Fix UART clkgrp bitsel dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock net: rose: fix netdev reference changes netdevsim: Avoid allocation warnings triggered from user space net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS wifi: libertas: Fix possible refcount leak in if_usb_probe() wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` i2c: mux-gpmux: Add of_node_put() when breaking out of loop i2c: cadence: Support PEC for SMBus block read Bluetooth: hci_intel: Add check for platform_driver_register can: pch_can: pch_can_error(): initialize errc before using it can: error: specify the values of data[5..7] of CAN error frames can: usb_8dev: do not report txerr and rxerr during bus-off can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off can: sun4i_can: do not report txerr and rxerr during bus-off can: hi311x: do not report txerr and rxerr during bus-off can: sja1000: do not report txerr and rxerr during bus-off can: rcar_can: do not report txerr and rxerr during bus-off can: pch_can: do not report txerr and rxerr during bus-off wifi: p54: add missing parentheses in p54_flush() wifi: p54: Fix an error handling path in p54spi_probe() selftests: timers: clocksource-switch: fix passing errors from child wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() selftests: timers: valid-adjtimex: build fix for newer toolchains fs: check FMODE_LSEEK to control internal pipe splicing libbpf: Fix the name of a reused map tcp: make retransmitted SKB fit into the send window mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq drm/msm/mdp5: Fix global state lock backoff drm: bridge: sii8620: fix possible off-by-one drm/mediatek: dpi: Remove output format of YUV drm/rockchip: vop: Don't crash for invalid duplicate_state() drm/vc4: dsi: Correct DSI divider calculations media: hdpvr: fix error value returns in hdpvr_read drm: bridge: adv7511: Add check for mipi_dsi_driver_register wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() ath9k: fix use-after-free in ath9k_hif_usb_rx_cb media: tw686x: Register the irq at the end of probe i2c: Fix a potential use after free drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() ath10k: do not enforce interrupt trigger type dm: return early from dm_pr_call() if DM device is suspended thermal/tools/tmon: Include pthread and time headers in tmon.h nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() regulator: of: Fix refcount leak bug in of_get_regulation_constraints() arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() ARM: dts: qcom: pm8841: add required thermal-sensor-cells cpufreq: zynq: Fix refcount leak in zynq_get_revision ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init soc: fsl: guts: machine variable might be unset ARM: dts: ast2500-evb: fix board compatible x86/pmem: Fix platform-device leak in error path ARM: bcm: Fix refcount leak in bcm_kona_smc_init meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init ARM: findbit: fix overflowing offset selinux: Add boundary check in put_entry() PM: hibernate: defer device probing when resuming from hibernation arm64: dts: qcom: ipq8074: fix NAND node name ACPI: LPSS: Fix missing check in register_device_clock() ACPI: PM: save NVS memory for Lenovo G40-45 ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks ARM: OMAP2+: display: Fix refcount leak bug ARM: dts: imx6ul: fix qspi node compatible ARM: dts: imx6ul: fix lcdif node compatible ARM: dts: imx6ul: change operating-points to uint32-matrix ARM: dts: imx6ul: add missing properties for sram ext2: Add more validity checks for inode counts USB: HCD: Fix URB giveback issue in tasklet function arm64: fix oops in concurrently setting insn_emulation sysctls arm64: Do not forget syscall when starting a new thread. netfilter: nf_tables: fix null deref due to zeroed list head netfilter: nf_tables: do not allow SET_ID to refer to another table MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK powerpc/powernv: Avoid crashing if rng is NULL powerpc/fsl-pci: Fix Class Code of PCIe Root Port PCI: Add defines for normal and subtractive PCI bridges ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr() md-raid10: fix KASAN warning serial: mvebu-uart: uart2 error bits clearing fuse: limit nsec iio: light: isl29028: Fix the warning in isl29028_remove() bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() drm/amdgpu: Check BO's requested pinning domains against its preferred_domains drm/nouveau: fix another off-by-one in nvbios_addr parisc: Fix device names in /proc/iomem ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh() usbnet: Fix linkwatch use-after-free on disconnect fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters thermal: sysfs: Fix cooling_device_stats_setup() error code path fs: Add missing umask strip in vfs_tmpfile vfs: Check the truncate maximum size in inode_newsize_ok() tty: vt: initialize unicode screen buffer ALSA: hda/cirrus - support for iMac 12,1 model ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 HID: wacom: Don't register pad_input for touch switch add barriers to buffer_uptodate and set_buffer_uptodate wifi: mac80211_hwsim: use 32-bit skb cookie wifi: mac80211_hwsim: add back erroneously removed cast wifi: mac80211_hwsim: fix race condition in pending packet ALSA: bcd2000: Fix a UAF bug on the error path of probing x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments Makefile: link with -z noexecstack --no-warn-rwx-segments Conflicts: drivers/gpu/drm/mediatek/mtk_dsi.c (used ours) Change-Id: Ib3f9c00d77e416211b82938bbd44059b4c5f259c Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
2a74ccb0f4 |
Merge tag 'ASB-2022-02-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2022-02-01 CVE-2021-39685 CVE-2021-39686 * tag 'ASB-2022-02-05_4.19-stable' of https://android.googlesource.com/kernel/common: ANDROID: incremental-fs: remove index and incomplete dir on umount Revert "ASoC: dpcm: prevent snd_soc_dpcm use after free" Revert "ANDROID: android-4.19-stable build canary test." ANDROID: android-4.19-stable build canary test. Linux 4.19.227 drm/vmwgfx: Fix stale file descriptors on failed usercopy select: Fix indefinitely sleeping task in poll_schedule_timeout() net: bridge: clear bridge's private skb space on xmit drm/i915: Flush TLBs before releasing backing store Linux 4.19.226 fuse: fix live lock in fuse_iget() fuse: fix bad inode mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue mtd: nand: bbt: Fix corner case in bad block table handling lib82596: Fix IRQ check in sni_82596_probe scripts/dtc: dtx_diff: remove broken example from help text bcmgenet: add WOL IRQ check net_sched: restore "mpu xxx" handling dmaengine: at_xdmac: Fix at_xdmac_lld struct definition dmaengine: at_xdmac: Fix lld view setting dmaengine: at_xdmac: Print debug message after realeasing the lock dmaengine: at_xdmac: Don't start transactions at tx_submit level libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() netns: add schedule point in ops_exit_list() rtc: pxa: fix null pointer dereference net: axienet: fix number of TX ring slots for available check net: axienet: Wait for PhyRstCmplt after core reset af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses powerpc/cell: Fix clang -Wimplicit-fallthrough warning dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK RDMA/rxe: Fix a typo in opcode name RDMA/hns: Modify the mapping attribute of doorbell to device Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization media: rcar-csi2: Optimize the selection PHTW register firmware: Update Kconfig help text for Google firmware ARM: dts: Fix vcsi regulator to be always-on for droid4 to prevent hangs drm/radeon: fix error handling in radeon_driver_open_kms regulator: core: Let boot-on regulators be powered off ASoC: dpcm: prevent snd_soc_dpcm use after free crypto: stm32/crc32 - Fix kernel BUG triggered in probe() ext4: don't use the orphan list when migrating an inode ext4: Fix BUG_ON in ext4_bread when write quota data ext4: set csum seed in tmp inode while migrating to extents ext4: make sure quota gets properly shutdown on error ext4: make sure to reset inode lockdep class when quota enabling fails drm/etnaviv: limit submit sizes s390/mm: fix 2KB pgtable release race iwlwifi: mvm: Increase the scan timeout guard to 30 seconds cputime, cpuacct: Include guest time in user time in cpuacct.stat serial: Fix incorrect rs485 polarity on uart open ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers rpmsg: core: Clean up resources on announce_create failure. power: bq25890: Enable continuous conversion for ADC at charging ASoC: mediatek: mt8173: fix device_node leak scsi: sr: Don't use GFP_DMA MIPS: Octeon: Fix build errors using clang i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters MIPS: OCTEON: add put_device() after of_find_device_by_node() powerpc: handle kdump appropriately with crash_kexec_post_notifiers option ALSA: seq: Set upper limit of processed events w1: Misuse of get_user()/put_user() reported by sparse i2c: mpc: Correct I2C reset procedure powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING i2c: i801: Don't silently correct invalid transfer size powerpc/watchdog: Fix missed watchdog reset due to memory ordering race powerpc/btext: add missing of_node_put powerpc/cell: add missing of_node_put powerpc/powernv: add missing of_node_put powerpc/6xx: add missing of_node_put parisc: Avoid calling faulthandler_disabled() twice serial: core: Keep mctrl register state and cached copy in sync serial: pl010: Drop CR register reset on set_termios regulator: qcom_smd: Align probe function with rpmh-regulator net: gemini: allow any RGMII interface mode net: phy: marvell: configure RGMII delays for 88E1118 dm space map common: add bounds check to sm_ll_lookup_bitmap() dm btree: add a defensive bounds check to insert_at() mac80211: allow non-standard VHT MCS-10/11 net: mdio: Demote probed message to debug print btrfs: remove BUG_ON(!eie) in find_parent_nodes btrfs: remove BUG_ON() in find_parent_nodes() ACPI: battery: Add the ThinkPad "Not Charging" quirk drm/amdgpu: fixup bad vram size on gmc v8 ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() ACPICA: Utilities: Avoid deleting the same object twice in a row ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions jffs2: GC deadlock reading a page that is used in jffs2_write_begin() um: registers: Rename function names to avoid conflicts and build problems iwlwifi: mvm: Fix calculation of frame length iwlwifi: remove module loading failure message iwlwifi: fix leaks/bad data after failed firmware load ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 arm64: tegra: Adjust length of CCPLEX cluster MMIO region audit: ensure userspace is penalized the same as the kernel when under pressure mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() media: igorplugusb: receiver overflow should be reported HID: quirks: Allow inverting the absolute X/Y values bpf: Do not WARN in bpf_warn_invalid_xdp_action() net: bonding: debug: avoid printing debug logs when bond is not notifying peers x86/mce: Mark mce_read_aux() noinstr x86/mce: Mark mce_end() noinstr x86/mce: Mark mce_panic() noinstr net-sysfs: update the queue counts in the unregistration path ath10k: Fix tx hanging iwlwifi: mvm: synchronize with FW after multicast commands media: m920x: don't use stack on USB reads media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds. floppy: Add max size check for user space request usb: uhci: add aspeed ast2600 uhci support rsi: Fix out-of-bounds read in rsi_read_pkt() mwifiex: Fix skb_over_panic in mwifiex_usb_recv() HSI: core: Fix return freed object in hsi_new_client gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use drm/bridge: megachips: Ensure both bridges are probed before registration mlxsw: pci: Add shutdown method in PCI driver media: b2c2: Add missing check in flexcop_pci_isr: HID: apple: Do not reset quirks when the Fn key is not found usb: gadget: f_fs: Use stream_open() for endpoint files drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply fs: dlm: filter user dlm messages for kernel locks Bluetooth: Fix debugfs entry leak in hci_register_dev() RDMA/cxgb4: Set queue pair state when being queried mips: bcm63xx: add support for clk_set_parent() mips: lantiq: add support for clk_set_parent() misc: lattice-ecp3-config: Fix task hung when firmware load failed ASoC: samsung: idma: Check of ioremap return value ASoC: mediatek: Check for error clk pointer iommu/iova: Fix race between FQ timeout and teardown dmaengine: pxa/mmp: stop referencing config->slave_id ASoC: rt5663: Handle device_property_read_u32_array error codes RDMA/core: Let ib_find_gid() continue search even after empty entry scsi: ufs: Fix race conditions related to driver data iommu/io-pgtable-arm: Fix table descriptor paddr formatting char/mwave: Adjust io port register size ALSA: oss: fix compile error when OSS_DEBUG is enabled ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA powerpc/prom_init: Fix improper check of prom_getprop() RDMA/hns: Validate the pkey index ALSA: hda: Add missing rwsem around snd_ctl_remove() calls ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls ALSA: jack: Add missing rwsem around snd_ctl_remove() calls ext4: avoid trim error on fs with small groups net: mcs7830: handle usb read errors properly pcmcia: fix setting of kthread task states can: xilinx_can: xcan_probe(): check for error irq can: softing: softing_startstop(): fix set but not used variable warning tpm: add request_locality before write TPM_INT_ENABLE spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe Bluetooth: hci_bcm: Check for error irq fsl/fman: Check for null pointer after calling devm_ioremap staging: greybus: audio: Check null pointer ppp: ensure minimum packet size in ppp_write() netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() x86/mce/inject: Avoid out-of-bounds write when setting flags mmc: meson-mx-sdio: add IRQ check ARM: dts: armada-38x: Add generic compatible to UART nodes usb: ftdi-elan: fix memory leak on device disconnect xfrm: state and policy should fail if XFRMA_IF_ID 0 xfrm: interface with if_id 0 should return error drm/msm/dpu: fix safe status debugfs file media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes media: msi001: fix possible null-ptr-deref in msi001_probe() media: dw2102: Fix use after free crypto: stm32/cryp - fix double pm exit xfrm: fix a small bug in xfrm_sa_len() sched/rt: Try to restart rt period timer when rt runtime exceeded media: si2157: Fix "warm" tuner state detection media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() media: dib8000: Fix a memleak in dib8000_init() floppy: Fix hang in watchdog when disk is ejected serial: amba-pl011: do not request memory region twice tty: serial: uartlite: allow 64 bit address drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() arm64: dts: qcom: msm8916: fix MMC controller aliases netfilter: bridge: add support for pppoe filtering media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() media: rcar-csi2: Correct the selection of hsfreqrange tty: serial: atmel: Call dma_async_issue_pending() tty: serial: atmel: Check return code of dmaengine_submit() crypto: qce - fix uaf on qce_ahash_register_one media: dmxdev: fix UAF when dvb_register_device() fails tee: fix put order in teedev_close_context() Bluetooth: stop proccessing malicious adv data arm64: dts: meson-gxbb-wetek: fix missing GPIO binding media: em28xx: fix memory leak in em28xx_init_dev media: videobuf2: Fix the size printk format wcn36xx: Release DMA channel descriptor allocations wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND clk: bcm-2835: Remove rounding up the dividers clk: bcm-2835: Pick the closest clock rate Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails drm/panel: innolux-p079zca: Delete panel on attach() failure shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller lkdtm: Fix content of section containing lkdtm_rodata_do_nothing() can: softing_cs: softingcs_probe(): fix memleak on registration failure media: stk1160: fix control-message timeouts media: pvrusb2: fix control-message timeouts media: redrat3: fix control-message timeouts media: dib0700: fix undefined behavior in tuner shutdown media: s2255: fix control-message timeouts media: cpia2: fix control-message timeouts media: em28xx: fix control-message timeouts media: mceusb: fix control-message timeouts media: flexcop-usb: fix control-message timeouts rtc: cmos: take rtc_lock while reading from CMOS x86/gpu: Reserve stolen memory for first integrated Intel GPU mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() f2fs: fix to do sanity check in is_alive() HID: wacom: Avoid using stale array indicies to read contact count HID: wacom: Ignore the confidence flag when a touch is removed HID: wacom: Reset expected and received contact counts at the same time HID: uhid: Fix worker destroying device without any protection ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows firmware: qemu_fw_cfg: fix kobject leak in probe error path firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries firmware: qemu_fw_cfg: fix sysfs information leak rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled media: uvcvideo: fix division by zero at stream start KVM: s390: Clarify SIGP orders versus STOP/RESTART orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() random: fix data race on crng init time random: fix data race on crng_node_pool can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() veth: Do not record rx queue hint in veth_xmit can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status USB: core: Fix bug in resuming hub's handling of wakeup requests Bluetooth: bfusb: fix division by zero in send path ANDROID: incremental-fs: fix mount_fs issue ANDROID: Add allowed symbols requried from Qualcomm drivers UPSTREAM: drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions UPSTREAM: x86/pci: Fix the function type for check_reserved_t Linux 4.19.225 mISDN: change function names to avoid conflicts net: udp: fix alignment problem in udp4_seq_show() ip6_vti: initialize __ip6_tnl_parm struct in vti6_siocdevprivate scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() usb: mtu3: fix interval value for intr and isoc ipv6: Do cleanup if attribute validation fails in multipath route ipv6: Continue processing multipath route even if gateway attribute is invalid phonet: refcount leak in pep_sock_accep rndis_host: support Hytera digital radios power: reset: ltc2952: Fix use of floating point literals xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc ipv6: Check attribute length for RTA_GATEWAY when deleting multipath route ipv6: Check attribute length for RTA_GATEWAY in multipath route i40e: Fix incorrect netdev's real number of RX/TX queues i40e: fix use-after-free in i40e_sync_filters_subtask() mac80211: initialize variable have_higher_than_11mbit RDMA/core: Don't infoleak GRH fields ieee802154: atusb: fix uninit value in atusb_set_extended_addr tracing: Tag trace_percpu_buffer as a percpu pointer tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() Conflicts: drivers/gpu/drm/panel/panel-innolux-p079zca.c (used ours) drivers/media/platform/mtk-vcodec/mtk_vcodec_enc_drv.c (used ours) drivers/soc/mediatek/mtk-scpsys.c (used ours) fs/fuse/file.c Change-Id: I2174699c0613f05a030f60cfe1faa50617274487 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
74c4856529 |
Merge tag 'ASB-2022-01-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2022-01-01 CVE-2020-14305 CVE-2020-29368 CVE-2021-39633 CVE-2021-39634 * tag 'ASB-2022-01-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.224 net: fix use-after-free in tw_timer_handler Input: spaceball - fix parsing of movement data packets Input: appletouch - initialize work before device registration scsi: vmw_pvscsi: Set residual data length conditionally binder: fix async_free_space accounting for empty parcels usb: mtu3: set interval of FS intr and isoc endpoint usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. uapi: fix linux/nfc.h userspace compilation errors nfc: uapi: use kernel size_t to fix user-space builds i2c: validate user data in compat ioctl fsl/fman: Fix missing put_device() call in fman_port_probe selftests/net: udpgso_bench_tx: fix dst ip argument net/mlx5e: Fix wrong features assignment in case of error NFC: st21nfca: Fix memory leak in device probe and remove net: usb: pegasus: Do not drop long Ethernet frames sctp: use call_rcu to free endpoint selftests: Calculate udpgso segment count without header adjustment udp: using datalen to cap ipv6 udp max gso segments scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() selinux: initialize proto variable in selinux_ip_postroute_compat() recordmcount.pl: fix typo in s390 mcount regex platform/x86: apple-gmux: use resource_size() with res Input: i8042 - enable deferred probe quirk for ASUS UM325UA Input: i8042 - add deferred probe support tee: handle lookup of shm with reference count 0 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option Linux 4.19.223 phonet/pep: refuse to enable an unbound pipe hamradio: improve the incomplete fix to avoid NPD hamradio: defer ax25 kfree after unregister_netdev ax25: NPD bug when detaching AX25 device hwmon: (lm90) Do not report 'busy' status bit as alarm KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state usb: gadget: u_ether: fix race in setting MAC address in setup phase f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines x86/pkey: Fix undefined behaviour with PKRU_WD_BIT parisc: Correct completer in lws start ipmi: fix initialization when workqueue allocation fails ipmi: bail out if init_srcu_struct fails Input: atmel_mxt_ts - fix double free in mxt_read_info_block ALSA: drivers: opl3: Fix incorrect use of vp->state ALSA: jack: Check the return value of kstrdup() hwmon: (lm90) Fix usage of CONFIG2 register in detect function sfc: falcon: Check null pointer of rx_queue->page_ring drivers: net: smc911x: Check for error irq fjes: Check for error irq bonding: fix ad_actor_system option setting to default ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module net: skip virtio_net_hdr_set_proto if protocol already set net: accept UFOv6 packages in virtio_net_hdr_to_skb qlcnic: potential dereference null pointer of rx_queue->page_ring netfilter: fix regression in looped (broad|multi)cast's MAC handling IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() spi: change clk_disable_unprepare to clk_unprepare arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode HID: holtek: fix mouse probing block, bfq: fix use after free in bfq_bfqq_expire block, bfq: fix queue removal from weights tree block, bfq: fix decrement of num_active_groups block, bfq: fix asymmetric scenarios detection block, bfq: improve asymmetric scenarios detection net: usb: lan78xx: add Allied Telesis AT29M2-AF Revert "ARM: 8800/1: use choice for kernel unwinders" Linux 4.19.222 xen/netback: don't queue unlimited number of packages xen/netback: fix rx queue stall detection xen/console: harden hvc_xen against event channel storms xen/netfront: harden netfront against event channel storms xen/blkfront: harden blkfront against event channel storms scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() ovl: fix warning in ovl_create_real() fuse: annotate lock in fuse_reverse_inval_entry() media: mxl111sf: change mutex_init() location ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name firmware: arm_scpi: Fix string overflow in SCPI genpd driver Input: touchscreen - avoid bitwise vs logical OR warning ARM: 8800/1: use choice for kernel unwinders mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO ARM: 8805/2: remove unneeded naked function usage net: lan78xx: Avoid unnecessary self assignment mac80211: validate extended element ID is present net: systemport: Add global locking for descriptor lifecycle drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE libata: if T_LENGTH is zero, dma direction should be DMA_NONE timekeeping: Really make sure wall_to_monotonic isn't positive USB: serial: option: add Telit FN990 compositions USB: serial: cp210x: fix CP2105 GPIO registration PCI/MSI: Mask MSI-X vectors only on success PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) USB: gadget: bRequestType is a bitfield, not a enum sit: do not call ipip6_dev_free() from sit_init_net() net/packet: rx_owner_map depends on pg_vec netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc ixgbe: set X550 MDIO speed before talking to PHY igbvf: fix double free in `igbvf_probe` igb: Fix removal of unicast MAC filters of VFs soc/tegra: fuse: Fix bitwise vs. logical OR warning rds: memory leak in __rds_conn_create() dmaengine: st_fdma: fix MODULE_ALIAS sch_cake: do not call cake_destroy() from cake_init() ARM: socfpga: dts: fix qspi node compatible mac80211: track only QoS data frames for admission control x86/sme: Explicitly map new EFI memmap table as encrypted x86: Make ARCH_USE_MEMREMAP_PROT a generic Kconfig symbol nfsd: fix use-after-free due to delegation race audit: improve robustness of the audit queue handling dm btree remove: fix use after free in rebalance_children() recordmcount.pl: look for jgnop instruction as well as bcrl on s390 mac80211: send ADDBA requests using the tid/queue of the aggregation session hwmon: (dell-smm) Fix warning on /proc/i8k creation error tracing: Fix a kmemleak false positive in tracing_map net: netlink: af_netlink: Prevent empty skb by adding a check on len. i2c: rk3x: Handle a spurious start completion interrupt flag parisc/agp: Annotate parisc agp init functions with __init net/mlx4_en: Update reported link modes for 1/10G drm/msm/dsi: set default num_data_lanes nfc: fix segfault in nfc_genl_dump_devices_done stable: clamp SUBLEVEL in 4.19 FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum ANDROID: GKI: abi workaround for 4.19.221 Linux 4.19.221 net: sched: make function qdisc_free_cb() static net_sched: fix a crash in tc_new_tfilter() irqchip: nvic: Fix offset for Interrupt Priority Offsets irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL irqchip/armada-370-xp: Fix support for Multi-MSI interrupts irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc() iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove iio: adc: axp20x_adc: fix charging current reporting on AXP22x iio: at91-sama5d2: Fix incorrect sign extension iio: dln2: Check return value of devm_iio_trigger_register() iio: dln2-adc: Fix lockdep complaint iio: itg3200: Call iio_trigger_notify_done() on error iio: kxsd9: Don't return error code in trigger handler iio: ltr501: Don't return error code in trigger handler iio: mma8452: Fix trigger reference couting iio: stk3310: Don't return error code in interrupt handler iio: trigger: stm32-timer: fix MODULE_ALIAS iio: trigger: Fix reference counting xhci: avoid race between disable slot command and host runtime suspend usb: core: config: using bit mask instead of individual bits xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending usb: core: config: fix validation of wMaxPacketValue entries USB: gadget: zero allocate endpoint 0 buffers USB: gadget: detect too-big endpoint 0 requests net/qla3xxx: fix an error code in ql_adapter_up() net, neigh: clear whole pneigh_entry at alloc time net: fec: only clear interrupt of handling queue in fec_enet_rx_queue() net: altera: set a couple error code in probe() net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero tools build: Remove needless libpython-version feature check that breaks test-all fast path mtd: rawnand: fsmc: Take instruction delay into account i40e: Fix pre-set max number of queues for VF ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer qede: validate non LSO skb length block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) tracefs: Set all files to the same group ownership as the mount option aio: fix use-after-free due to missing POLLFREE handling aio: keep poll requests on waitqueue until completed signalfd: use wake_up_pollfree() binder: use wake_up_pollfree() wait: add wake_up_pollfree() libata: add horkage for ASMedia 1092 can: m_can: Disable and ignore ELO interrupt can: pch_can: pch_can_rx_normal: fix use after free clk: qcom: regmap-mux: fix parent clock lookup tracefs: Have new files inherit the ownership of their parent ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() ALSA: pcm: oss: Limit the period size to 16MB ALSA: pcm: oss: Fix negative period/buffer sizes ALSA: ctl: Fix copy of updated id with element read/write mm: bdi: initialize bdi_min_ratio when bdi is unregistered IB/hfi1: Correct guard on eager buffer deallocation udp: using datalen to cap max gso segments seg6: fix the iif in the IPv6 socket control block nfp: Fix memory leak in nfp_cpp_area_cache_add() bonding: make tx_rebalance_counter an atomic ice: ignore dropped packets during init bpf: Fix the off-by-two error in range markings nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done net: sched: use Qdisc rcu API instead of relying on rtnl lock net: sched: add helper function to take reference to Qdisc net: sched: extend Qdisc with rcu net: sched: rename qdisc_destroy() to qdisc_put() net: core: netlink: add helper refcount dec and lock function can: sja1000: fix use after free in ems_pcmcia_add_card() can: kvaser_usb: get CAN clock frequency from device HID: check for valid USB device for many HID drivers HID: wacom: fix problems when device is not a valid USB device HID: add USB_HID dependancy on some USB HID drivers HID: add USB_HID dependancy to hid-chicony HID: add USB_HID dependancy to hid-prodikeys HID: add hid_is_usb() function to make it simpler for USB detection HID: google: add eel USB id UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers UPSTREAM: USB: gadget: detect too-big endpoint 0 requests Linux 4.19.220 ipmi: msghandler: Make symbol 'remove_work_wq' static parisc: Mark cr16 CPU clocksource unstable on all SMP machines serial: core: fix transmit-buffer reset and memleak serial: pl011: Add ACPI SBSA UART match id tty: serial: msm_serial: Deactivate RX DMA for polling support x86/64/mm: Map all kernel memory into trampoline_pgd usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub xhci: Fix commad ring abort, write all 64 bits to CRCR register. vgacon: Propagate console boot parameters before calling `vc_resize' parisc: Fix "make install" on newer debian releases parisc: Fix KBUILD_IMAGE for self-extracting kernel drm/msm: Do hw_init() before capturing GPU state net/smc: Keep smc_close_final rc during active close net/rds: correct socket tunable error in rds_tcp_tune() net: annotate data-races on txq->xmit_lock_owner net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() siphash: use _unaligned version by default net: mpls: Fix notifications when deleting a device net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() natsemi: xtensa: fix section mismatch warnings i2c: stm32f7: stop dma transfer in case of NACK i2c: stm32f7: recover the bus on access timeout fget: check that the fd still exists after getting a ref to it fs: add fget_many() and fput_many() sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl ipmi: Move remove_work to dedicated workqueue kprobes: Limit max data_size of the kretprobe instances vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit perf hist: Fix memory leak of a perf_hpp_fmt net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock() net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile scsi: iscsi: Unblock session then wake up error handler thermal: core: Reset previous low and high trip during thermal zone init btrfs: check-integrity: fix a warning on write caching disabled disk s390/setup: avoid using memblock_enforce_memory_limit platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep net: return correct error code atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait gfs2: Fix length of holes reported at end-of-file of: clk: Make <linux/of_clk.h> self-contained NFSv42: Fix pagecache invalidation after COPY/CLONE shm: extend forced shm destroy to support objects from several IPC nses Conflicts: drivers/hid/hid-holtek-mouse.c (used theirs) drivers/usb/gadget/legacy/dbgp.c Change-Id: I7d36754e28ada463e28de2fbd95a5d8c9c9554d9 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
89f762b172 |
Merge tag 'ASB-2021-09-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2021-09-01 CVE-2021-0695 * tag 'ASB-2021-09-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.206 net: don't unconditionally copy_from_user a struct ifreq for socket ioctls Revert "floppy: reintroduce O_NDELAY fix" KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs fbmem: add margin check to fb_check_caps() vt_kdsetmode: extend console locking net/rds: dma_map_sg is entitled to merge entries drm/nouveau/disp: power down unused DP links during init drm: Copy drm_wait_vblank to user before returning qed: Fix null-pointer dereference in qed_rdma_create_qp() qed: qed ll2 race condition fixes vringh: Use wiov->used to check for read/write desc order virtio_pci: Support surprise removal of virtio pci device virtio: Improve vq->broken access to avoid any compiler optimization opp: remove WARN when no valid OPPs remain usb: gadget: u_audio: fix race condition on endpoint stop net: hns3: fix get wrong pfc_en when query PFC configuration net: marvell: fix MVNETA_TX_IN_PRGRS bit number xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' ip_gre: add validation for csum_start e1000e: Fix the max snoop/no-snoop latency for 10M IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() usb: dwc3: gadget: Stop EP0 transfers during pullup disable usb: dwc3: gadget: Fix dwc3_calc_trbs_left() USB: serial: option: add new VID/PID to support Fibocom FG150 Revert "USB: serial: ch341: fix character loss at high transfer rates" can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters once: Fix panic when module unload netfilter: conntrack: collect all entries in one cycle ARC: Fix CONFIG_STACKDEPOT bpf: Fix truncation handling for mod32 dst reg wrt zero bpf: Fix 32 bit src register truncation on div/mod bpf: Do not use ax register in interpreter on div/mod net: qrtr: fix another OOB Read in qrtr_endpoint_post Revert "net: igmp: fix data-race in igmp_ifc_timer_expire()" Revert "net: igmp: increase size of mr_ifc_count" Revert "PCI/MSI: Protect msi_desc::masked for multi-MSI" ANDROID: update ABI representation Linux 4.19.205 netfilter: nft_exthdr: fix endianness of tcp option cast fs: warn about impending deprecation of mandatory locks locks: print a warning when mount fails due to lack of "mand" support ASoC: intel: atom: Fix breakage for PCM buffer address setup PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI btrfs: prevent rename2 from exchanging a subvol with a directory from different parents ipack: tpci200: fix memory leak in the tpci200_register ipack: tpci200: fix many double free issues in tpci200_pci_probe slimbus: ngd: reset dma setup during runtime pm slimbus: messaging: check for valid transaction id slimbus: messaging: start transaction ids from 1 instead of zero tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name ALSA: hda - fix the 'Capture Switch' value change notifications mmc: dw_mmc: Fix hang on data CRC error net: mdio-mux: Handle -EPROBE_DEFER correctly net: mdio-mux: Don't ignore memory allocation errors net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 ptp_pch: Restore dependency on PCI net: 6pack: fix slab-out-of-bounds in decode_data bnxt: disable napi before canceling DIM bnxt: don't lock the tx queue from napi poll vhost: Fix the calculation in vhost_overflow() dccp: add do-while-0 stubs for dccp_pr_debug macros cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant Bluetooth: hidp: use correct wait queue when removing ctrl_wait net: usb: lan78xx: don't modify phy_device state concurrently ARM: dts: nomadik: Fix up interrupt controller node names scsi: core: Avoid printing an error if target_alloc() returns -ENXIO scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218 dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers ath9k: Postpone key cache entry deletion for TXQ frames reference it ath: Modify ath_key_delete() to not need full key entry ath: Export ath_hw_keysetmac() ath9k: Clear key cache explicitly on disabling hardware ath: Use safer key clearing with key cache entries x86/fpu: Make init_fpstate correct with optimized XSAVE KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) mac80211: drop data frames without key on encrypted links iommu/vt-d: Fix agaw for a supported 48 bit guest address width vmlinux.lds.h: Handle clang's module.{c,d}tor sections PCI/MSI: Enforce MSI[X] entry updates to be visible PCI/MSI: Enforce that MSI-X table entry is masked for update PCI/MSI: Mask all unused MSI-X entries PCI/MSI: Protect msi_desc::masked for multi-MSI PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() PCI/MSI: Correct misleading comments PCI/MSI: Do not set invalid bits in MSI mask PCI/MSI: Enable and mask MSI-X early genirq/msi: Ensure deactivation on teardown x86/resctrl: Fix default monitoring groups reporting x86/ioapic: Force affinity setup before startup x86/msi: Force affinity setup before startup genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP x86/tools: Fix objdump version check again powerpc/kprobes: Fix kprobe Oops happens in booke vsock/virtio: avoid potential deadlock when vsock device remove xen/events: Fix race in set_evtchn_to_irq net: igmp: increase size of mr_ifc_count tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets net: bridge: fix memleak in br_add_if() net: dsa: lan9303: fix broken backpressure in .port_fdb_dump net: igmp: fix data-race in igmp_ifc_timer_expire() net: Fix memory leak in ieee802154_raw_deliver psample: Add a fwd declaration for skbuff ppp: Fix generating ifname when empty IFLA_IFNAME is specified net: dsa: mt7530: add the missing RxUnicast MIB counter ASoC: cs42l42: Fix LRCLK frame start edge ASoC: cs42l42: Remove duplicate control for WNF filter frequency ASoC: cs42l42: Fix inversion of ADC Notch Switch control ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J ASoC: cs42l42: Correct definition of ADC Volume control ieee802154: hwsim: fix GPF in hwsim_new_edge_nl ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi ACPI: NFIT: Fix support for virtual SPA ranges i2c: dev: zero out array used for i2c reads from userspace ASoC: intel: atom: Fix reference to PCM buffer address iio: adc: Fix incorrect exit of for-loop iio: humidity: hdc100x: Add margin to the conversion time ANDROID: xt_quota2: set usersize in xt_match registration object ANDROID: xt_quota2: clear quota2_log message before sending ANDROID: xt_quota2: remove trailing junk which might have a digit in it Linux 4.19.204 net: xilinx_emaclite: Do not print real IOMEM pointer ovl: prevent private clone if bind mount is not allowed ppp: Fix generating ppp unit id when ifname is not specified USB:ehci:fix Kunpeng920 ehci hardware problem KVM: X86: MMU: Use the correct inherited permissions to get shadow page bpf, selftests: Adjust few selftest outcomes wrt unreachable code bpf: Fix leakage under speculation on mispredicted branches bpf: Do not mark insn as seen under speculative path verification bpf: Inherit expanded/patched seen count from old aux data tracing: Reject string operand in the histogram expression KVM: SVM: Fix off-by-one indexing when nullifying last used SEV VMCB Linux 4.19.203 ARM: imx: add mmdc ipg clock operation for mmdc net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset alpha: Send stop IPI to send to online CPUs reiserfs: check directory items on read from disk reiserfs: add check for root_inode in reiserfs_fill_super libata: fix ata_pio_sector for CONFIG_HIGHMEM qmi_wwan: add network device usage statistics for qmimux devices perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest spi: meson-spicc: fix memory leak in meson_spicc_remove KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds KVM: x86: accept userspace interrupt only if no event is injected pcmcia: i82092: fix a null pointer dereference bug MIPS: Malta: Do not byte-swap accesses to the CBUS UART serial: 8250: Mask out floating 16/32-bit bus bits ext4: fix potential htree corruption when growing large_dir directories pipe: increase minimum default pipe size to 2 pages media: rtl28xxu: fix zero-length control request staging: rtl8723bs: Fix a resource leak in sd_int_dpc optee: Clear stale cache entries during initialization tracing/histogram: Rename "cpu" to "common_cpu" tracing / histogram: Give calculation hist_fields a size scripts/tracing: fix the bug that can't parse raw_trace_func usb: otg-fsm: Fix hrtimer list corruption usb: gadget: f_hid: idle uses the highest byte for duration usb: gadget: f_hid: fixed NULL pointer dereference usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers ALSA: usb-audio: Add registration quirk for JBL Quantum 600 firmware_loader: fix use-after-free in firmware_fallback_sysfs firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 USB: serial: ch341: fix character loss at high transfer rates USB: serial: option: add Telit FD980 composition 0x1056 USB: usbtmc: Fix RCU stall warning Bluetooth: defer cleanup of resources in hci_unregister_dev() blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() net: vxge: fix use-after-free in vxge_device_unregister net: fec: fix use-after-free in fec_drv_remove net: pegasus: fix uninit-value in get_interrupt_interval bnx2x: fix an error code in bnx2x_nic_load() mips: Fix non-POSIX regexp net: ipv6: fix returned variable type in ip6_skb_dst_mtu nfp: update ethtool reporting of pauseframe control sctp: move the active_key update after sh_keys is added net: natsemi: Fix missing pci_disable_device() in probe and remove media: videobuf2-core: dequeue if start_streaming fails scsi: sr: Return correct event when media event code is 3 omap5-board-common: remove not physically existing vdds_1v8_main fixed-regulator clk: stm32f4: fix post divisor setup for I2S/SAI PLLs ALSA: usb-audio: fix incorrect clock source setting ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz ARM: imx: add missing iounmap() ALSA: seq: Fix racy deletion of subscriber Revert "ACPICA: Fix memory leak caused by _CID repair function" Revert "bdi: add a ->dev_name field to struct backing_dev_info" Revert "padata: validate cpumask without removed CPU during offline" Revert "padata: add separate cpuhp node for CPUHP_PADATA_DEAD" Linux 4.19.202 spi: mediatek: Fix fifo transfer padata: add separate cpuhp node for CPUHP_PADATA_DEAD padata: validate cpumask without removed CPU during offline Revert "watchdog: iTCO_wdt: Account for rebooting on second timeout" firmware: arm_scmi: Ensure drivers provide a probe function drm/i915: Ensure intel_engine_init_execlist() builds with Clang Revert "Bluetooth: Shutdown controller after workqueues are flushed or cancelled" bdi: add a ->dev_name field to struct backing_dev_info bdi: use bdi_dev_name() to get device name bdi: move bdi_dev_name out of line net: Fix zero-copy head len calculation. qed: fix possible unpaired spin_{un}lock_bh in _qed_mcp_cmd_and_union() r8152: Fix potential PM refcount imbalance ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits regulator: rt5033: Fix n_voltages settings for BUCK and LDO btrfs: mark compressed range uptodate only if all bio succeed Linux 4.19.201 i40e: Add additional info to PHY type error Revert "perf map: Fix dso->nsinfo refcounting" powerpc/pseries: Fix regression while building external modules can: hi311x: fix a signedness bug in hi3110_cmd() sis900: Fix missing pci_disable_device() in probe and remove tulip: windbond-840: Fix missing pci_disable_device() in probe and remove sctp: fix return value check in __sctp_rcv_asconf_lookup net/mlx5: Fix flow table chaining net: llc: fix skb_over_panic mlx4: Fix missing error code in mlx4_load_one() tipc: fix sleeping in tipc accept routine i40e: Fix log TC creation failure when max num of queues is exceeded i40e: Fix logic of disabling queues netfilter: nft_nat: allow to specify layer 4 protocol NAT only netfilter: conntrack: adjust stop timestamp to real expiry value cfg80211: Fix possible memory leak in function cfg80211_bss_update nfc: nfcsim: fix use after free during module unload NIU: fix incorrect error return, missed in previous revert can: esd_usb2: fix memory leak can: ems_usb: fix memory leak can: usb_8dev: fix memory leak can: mcba_usb_start(): add missing urb->transfer_dma initialization can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF ocfs2: issue zeroout to EOF blocks ocfs2: fix zero out valid data x86/kvm: fix vcpu-id indexed array sizes btrfs: fix rw device counting in __btrfs_free_extra_devids x86/asm: Ensure asm/proto.h can be included stand-alone gro: ensure frag0 meets IP header alignment virtio_net: Do not pull payload in skb->head Change-Id: I6efce946e476223022d8ad8db874e9e037abf7fc Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
mtk25099
|
438077fa98 |
[ALPS07659850] trustonic: Null pointer
Modify gup_loacal function. MTK-Commit-Id: 5b72b66cd6291c736183581f8aaf6c852591355c Signed-off-by: mtk25099 <wanwan.liu@mediatek.com> CR-Id: ALPS07659850 Feature: Trustonic TEE (Trusted Execution Environment) Change-Id: Ia44a5af9f2fc89034e6c347b898ec5c93b3063af |
||
|
Greg Kroah-Hartman
|
80792f5eeb |
Merge 4.19.256 into android-4.19-stable
Changes in 4.19.256
Makefile: link with -z noexecstack --no-warn-rwx-segments
x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments
ALSA: bcd2000: Fix a UAF bug on the error path of probing
wifi: mac80211_hwsim: fix race condition in pending packet
wifi: mac80211_hwsim: add back erroneously removed cast
wifi: mac80211_hwsim: use 32-bit skb cookie
add barriers to buffer_uptodate and set_buffer_uptodate
HID: wacom: Don't register pad_input for touch switch
KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0
KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP
ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
ALSA: hda/cirrus - support for iMac 12,1 model
tty: vt: initialize unicode screen buffer
vfs: Check the truncate maximum size in inode_newsize_ok()
fs: Add missing umask strip in vfs_tmpfile
thermal: sysfs: Fix cooling_device_stats_setup() error code path
fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
usbnet: Fix linkwatch use-after-free on disconnect
ovl: drop WARN_ON() dentry is NULL in ovl_encode_fh()
parisc: Fix device names in /proc/iomem
drm/nouveau: fix another off-by-one in nvbios_addr
drm/amdgpu: Check BO's requested pinning domains against its preferred_domains
bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
iio: light: isl29028: Fix the warning in isl29028_remove()
fuse: limit nsec
serial: mvebu-uart: uart2 error bits clearing
md-raid10: fix KASAN warning
ia64, processor: fix -Wincompatible-pointer-types in ia64_get_irr()
PCI: Add defines for normal and subtractive PCI bridges
powerpc/fsl-pci: Fix Class Code of PCIe Root Port
powerpc/powernv: Avoid crashing if rng is NULL
MIPS: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
USB: HCD: Fix URB giveback issue in tasklet function
netfilter: nf_tables: do not allow SET_ID to refer to another table
netfilter: nf_tables: fix null deref due to zeroed list head
arm64: Do not forget syscall when starting a new thread.
arm64: fix oops in concurrently setting insn_emulation sysctls
ext2: Add more validity checks for inode counts
ARM: dts: imx6ul: add missing properties for sram
ARM: dts: imx6ul: change operating-points to uint32-matrix
ARM: dts: imx6ul: fix lcdif node compatible
ARM: dts: imx6ul: fix qspi node compatible
ARM: OMAP2+: display: Fix refcount leak bug
ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
ACPI: PM: save NVS memory for Lenovo G40-45
ACPI: LPSS: Fix missing check in register_device_clock()
arm64: dts: qcom: ipq8074: fix NAND node name
PM: hibernate: defer device probing when resuming from hibernation
selinux: Add boundary check in put_entry()
ARM: findbit: fix overflowing offset
meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
ARM: bcm: Fix refcount leak in bcm_kona_smc_init
x86/pmem: Fix platform-device leak in error path
ARM: dts: ast2500-evb: fix board compatible
soc: fsl: guts: machine variable might be unset
ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init
cpufreq: zynq: Fix refcount leak in zynq_get_revision
ARM: dts: qcom: pm8841: add required thermal-sensor-cells
bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe()
arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
thermal/tools/tmon: Include pthread and time headers in tmon.h
dm: return early from dm_pr_call() if DM device is suspended
ath10k: do not enforce interrupt trigger type
wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers()
drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
i2c: Fix a potential use after free
media: tw686x: Register the irq at the end of probe
ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd()
drm: bridge: adv7511: Add check for mipi_dsi_driver_register
media: hdpvr: fix error value returns in hdpvr_read
drm/vc4: dsi: Correct DSI divider calculations
drm/rockchip: vop: Don't crash for invalid duplicate_state()
drm/mediatek: dpi: Remove output format of YUV
drm: bridge: sii8620: fix possible off-by-one
drm/msm/mdp5: Fix global state lock backoff
crypto: hisilicon - Kunpeng916 crypto driver don't sleep when in softirq
media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment
mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
tcp: make retransmitted SKB fit into the send window
libbpf: Fix the name of a reused map
selftests: timers: valid-adjtimex: build fix for newer toolchains
selftests: timers: clocksource-switch: fix passing errors from child
fs: check FMODE_LSEEK to control internal pipe splicing
wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
wifi: p54: Fix an error handling path in p54spi_probe()
wifi: p54: add missing parentheses in p54_flush()
can: pch_can: do not report txerr and rxerr during bus-off
can: rcar_can: do not report txerr and rxerr during bus-off
can: sja1000: do not report txerr and rxerr during bus-off
can: hi311x: do not report txerr and rxerr during bus-off
can: sun4i_can: do not report txerr and rxerr during bus-off
can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
can: usb_8dev: do not report txerr and rxerr during bus-off
can: error: specify the values of data[5..7] of CAN error frames
can: pch_can: pch_can_error(): initialize errc before using it
Bluetooth: hci_intel: Add check for platform_driver_register
i2c: cadence: Support PEC for SMBus block read
i2c: mux-gpmux: Add of_node_put() when breaking out of loop
wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()`
wifi: libertas: Fix possible refcount leak in if_usb_probe()
net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
netdevsim: Avoid allocation warnings triggered from user space
net: rose: fix netdev reference changes
dccp: put dccp_qpolicy_full() and dccp_qpolicy_push() in the same lock
clk: renesas: r9a06g032: Fix UART clkgrp bitsel
mtd: maps: Fix refcount leak in of_flash_probe_versatile
mtd: maps: Fix refcount leak in ap_flash_init
HID: cp2112: prevent a buffer overflow in cp2112_xfer()
mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
fpga: altera-pr-ip: fix unsigned comparison with less than zero
usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
misc: rtsx: Fix an error handling path in rtsx_pci_probe()
clk: qcom: ipq8074: fix NSS port frequency tables
clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
soundwire: bus_type: fix remove and shutdown support
staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback
mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
memstick/ms_block: Fix some incorrect memory allocation
memstick/ms_block: Fix a memory leak
mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
scsi: smartpqi: Fix DMA direction for RAID requests
usb: gadget: udc: amd5536 depends on HAS_DMA
RDMA/hfi1: fix potential memory leak in setup_base_ctxt()
gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
mmc: cavium-octeon: Add of_node_put() when breaking out of loop
mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
HID: alps: Declare U1_UNICORN_LEGACY support
USB: serial: fix tty-port initialized comments
platform/olpc: Fix uninitialized data in debugfs write
mm/mmap.c: fix missing call to vm_unacct_memory in mmap_region
RDMA/rxe: Fix error unwind in rxe_create_qp()
null_blk: fix ida error handling in null_add_dev()
ext4: recover csum seed of tmp_inode after migrating to extents
jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted
ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe
ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
ASoC: codecs: da7210: add check for i2c_add_driver
ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe
serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty()
profiling: fix shift too large makes kernel panic
tty: n_gsm: fix non flow control frames during mux flow off
tty: n_gsm: fix packet re-transmission without open control channel
tty: n_gsm: fix race condition in gsmld_write()
remoteproc: qcom: wcnss: Fix handling of IRQs
vfio/ccw: Do not change FSM state in subchannel event
tty: n_gsm: fix wrong T1 retry count handling
tty: n_gsm: fix DM command
tty: n_gsm: fix missing corner cases in gsmld_poll()
iommu/exynos: Handle failed IOMMU device registration properly
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
kfifo: fix kfifo_to_user() return type
mfd: t7l66xb: Drop platform disable callback
iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
s390/zcore: fix race when reading from hardware system area
ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
video: fbdev: amba-clcd: Fix refcount leak bugs
video: fbdev: sis: fix typos in SiS_GetModeID()
powerpc/32: Do not allow selection of e5500 or e6500 CPUs on PPC32
powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias
powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
powerpc/xive: Fix refcount leak in xive_get_max_prio
powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address
kprobes: Forbid probing on trampoline and BPF code areas
powerpc/pci: Fix PHB numbering when using opal-phbid
genelf: Use HAVE_LIBCRYPTO_SUPPORT, not the never defined HAVE_LIBCRYPTO
scripts/faddr2line: Fix vmlinux detection on arm64
x86/numa: Use cpumask_available instead of hardcoded NULL check
video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
tools/thermal: Fix possible path truncations
video: fbdev: vt8623fb: Check the size of screen before memset_io()
video: fbdev: arkfb: Check the size of screen before memset_io()
video: fbdev: s3fb: Check the size of screen before memset_io()
scsi: zfcp: Fix missing auto port scan and thus missing target ports
x86/olpc: fix 'logical not is only applied to the left hand side'
spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
ext4: make sure ext4_append() always allocates new block
ext4: fix use-after-free in ext4_xattr_set_entry
ext4: update s_overhead_clusters in the superblock during an on-line resize
ext4: fix extent status tree race in writeback error recovery path
ext4: correct max_inline_xattr_value_size computing
ext4: correct the misjudgment in ext4_iget_extra_inode
intel_th: pci: Add Raptor Lake-S CPU support
intel_th: pci: Add Raptor Lake-S PCH support
intel_th: pci: Add Meteor Lake-P support
dm raid: fix address sanitizer warning in raid_resume
dm raid: fix address sanitizer warning in raid_status
dm writecache: set a default MAX_WRITEBACK_JOBS
ACPI: CPPC: Do not prevent CPPC from working in the future
net_sched: cls_route: remove from list when handle is 0
btrfs: reject log replay if there is unsupported RO compat flag
KVM: Add infrastructure and macro to mark VM as bugged
KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
tcp: fix over estimation in sk_forced_mem_schedule()
scsi: sg: Allow waiting for commands to complete on removed device
Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP"
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
net/9p: Initialize the iounit field during fid creation
net_sched: cls_route: disallow handle of 0
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
powerpc/mm: Split dump_pagelinuxtables flag_array table
powerpc/ptdump: Fix display of RW pages on FSL_BOOK3E
ALSA: info: Fix llseek return value when using callback
rds: add missing barrier to release_refill
ata: libata-eh: Add missing command name
mmc: pxamci: Fix another error handling path in pxamci_probe()
mmc: pxamci: Fix an error handling path in pxamci_probe()
btrfs: fix lost error handling when looking up extended ref on log replay
tracing: Have filter accept "common_cpu" to be consistent
can: ems_usb: fix clang's -Wunaligned-access warning
apparmor: fix quiet_denied for file rules
apparmor: fix absroot causing audited secids to begin with =
apparmor: Fix failed mount permission check error message
apparmor: fix aa_label_asxprint return check
apparmor: fix overlapping attachment computation
apparmor: fix reference count leak in aa_pivotroot()
apparmor: Fix memleak in aa_simple_write_to_buffer()
NFSv4: Fix races in the legacy idmapper upcall
NFSv4.1: RECLAIM_COMPLETE must handle EACCES
NFSv4/pnfs: Fix a use-after-free bug in open
SUNRPC: Reinitialise the backchannel request buffers before reuse
pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
geneve: do not use RT_TOS for IPv6 flowlabel
vsock: Fix memory leak in vsock_connect()
vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout()
tools build: Switch to new openssl API for test-libcrypto
NTB: ntb_tool: uninitialized heap data in tool_fn_write()
xen/xenbus: fix return type in xenbus_file_read()
atm: idt77252: fix use-after-free bugs caused by tst_timer
nios2: page fault et.al. are *not* restartable syscalls...
nios2: don't leave NULLs in sys_call_table[]
nios2: traced syscall does need to check the syscall number
nios2: fix syscall restart checks
nios2: restarts apply only to the first sigframe we build...
nios2: add force_successful_syscall_return()
netfilter: nf_tables: really skip inactive sets when allocating name
powerpc/pci: Fix get_phb_number() locking
i40e: Fix to stop tx_timeout recovery if GLOBR fails
fec: Fix timer capture timing in `fec_ptp_enable_pps()`
igb: Add lock to avoid data race
gcc-plugins: Undefine LATENT_ENTROPY_PLUGIN when plugin disabled for a file
locking/atomic: Make test_and_*_bit() ordered on failure
drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
PCI: Add ACS quirk for Broadcom BCM5750x NICs
irqchip/tegra: Fix overflow implicit truncation warnings
usb: host: ohci-ppc-of: Fix refcount leak bug
usb: renesas: Fix refcount leak bug
vboxguest: Do not use devm for irq
clk: qcom: ipq8074: dont disable gcc_sleep_clk_src
gadgetfs: ep_io - wait until IRQ finishes
cxl: Fix a memory leak in an error handling path
dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
drivers:md:fix a potential use-after-free bug
ext4: avoid remove directory when directory is corrupted
ext4: avoid resizing to a partial cluster size
lib/list_debug.c: Detect uninitialized lists
tty: serial: Fix refcount leak bug in ucc_uart.c
vfio: Clear the caps->buf to NULL after free
mips: cavium-octeon: Fix missing of_node_put() in octeon2_usb_clocks_start
riscv: mmap with PROT_WRITE but no PROT_READ is invalid
RISC-V: Add fast call path of crash_kexec()
watchdog: export lockup_detector_reconfigure
ALSA: core: Add async signal helpers
ALSA: timer: Use deferred fasync helper
f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page()
smb3: check xattr value length earlier
powerpc/64: Init jump labels before parse_early_param()
video: fbdev: i740fb: Check the argument of i740_calc_vclk()
MIPS: tlbex: Explicitly compare _PAGE_NO_EXEC against 0
tee: add overflow check in register_shm_helper()
tracing/probes: Have kprobes and uprobes use $COMM too
btrfs: only write the sectors in the vertical stripe which has data stripes
btrfs: raid56: don't trust any cached sector in __raid56_parity_recover()
Linux 4.19.256
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Icc0d54b54bbf59d4f46e021d161581f330e9dea6
|
||
|
Jens Wiklander
|
b37e0f1765 |
tee: add overflow check in register_shm_helper()
commit 573ae4f13f630d6660008f1974c0a8a29c30e18a upstream.
With special lengths supplied by user space, register_shm_helper() has
an integer overflow when calculating the number of pages covered by a
supplied user space memory region.
This causes internal_get_user_pages_fast() a helper function of
pin_user_pages_fast() to do a NULL pointer dereference:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010
Modules linked in:
CPU: 1 PID: 173 Comm: optee_example_a Not tainted 5.19.0 #11
Hardware name: QEMU QEMU Virtual Machine, BIOS 0.0.0 02/06/2015
pc : internal_get_user_pages_fast+0x474/0xa80
Call trace:
internal_get_user_pages_fast+0x474/0xa80
pin_user_pages_fast+0x24/0x4c
register_shm_helper+0x194/0x330
tee_shm_register_user_buf+0x78/0x120
tee_ioctl+0xd0/0x11a0
__arm64_sys_ioctl+0xa8/0xec
invoke_syscall+0x48/0x114
Fix this by adding an an explicit call to access_ok() in
tee_shm_register_user_buf() to catch an invalid user space address
early.
Fixes:
|
||
|
Jiawei li
|
0029974793 |
[ALPS07248194] teei: Fix dead lock warning
A dead lock warning is detected in microtrust teei kernel driver. if /dev/isee_tee0 call tee_mmap() and tee_ioctl() in some particular order,there will be an dead lock situation happened when exceute mutex_lock(&ctx->mutex) in both two functions and tee_ioctl wont get the mutex lock all the time. Remove ctx->mutex usage in tee_mmap() since linux kernel will excute lock operation for mm->mmap_sem once mmap() being called. mutex_lock(&ctx->mutex) is not necessary for tee_mmap(). MTK-Commit-Id: 93a994b2e3eff9f606c90abfd1d23919e6e1eec2 Signed-off-by: Jiawei li <Jiawei.Li@mediatek.com> CR-Id: ALPS07248194 Feature: Microtrust TEEI Change-Id: Ib391fecba056cc816536cbc6c24614e2fcf0027b |
||
|
mtk25099
|
70ffa44fa7 |
[ALPS07247312] trustonic_tee: bind big core
Bind big core. MTK-Commit-Id: 28261af1d1e6b917e3b0c8be73baa5667d769423 Signed-off-by: mtk25099 <wanwan.liu@mediatek.com> CR-Id: ALPS07247312 Feature: trustonic_tee Change-Id: I9a49bef124109f6524d8efea0714a1367630d28b |
||
|
huifen wang
|
b03bb53add |
[ALPS06641447] TEEI:fix KE when play svp
Fix side effect of security vulnerability patch. MTK-Commit-Id: 69639630daa9f778577c73ec2839db13665416a9 Signed-off-by: huifen wang <huifen.wang@mediatek.com> CR-Id: ALPS06641447 Feature: Microtrust TEEI Change-Id: I7bfa6466dfe951e7c46cff7afc421170b76b3a04 |
||
|
huifen wang
|
29d731b54d |
[ALPS06641447] TEEI: fix sec vulnerability
Fix security vulnerability in tee driver H# 1470761(alps06664675) and H#1469239(alps06664701) MTK-Commit-Id: 84730014e9af5a461d08ee591b5a3114674f44d4 Signed-off-by: huifen wang <huifen.wang@mediatek.com> CR-Id: ALPS06641447 Feature: Microtrust TEEI Change-Id: I23fc7267e2807ebd7579586538babeb78db73cc4 |
||
|
huifen wang
|
8731743ac4 |
[ALPS06493842] TEEI:Fix Vunlerability Issue
Remove dma_buf in TEEC_AllocateShareMemory/TEEC_RegisterShareMemory MTK-Commit-Id: 3ee41dcd3ff9a7c5687ef57561b5afc7adc709e9 Signed-off-by: huifen wang <huifen.wang@mediatek.com> CR-Id: ALPS06493842 Feature: Microtrust TEEI Change-Id: I2af93bd1e1a83784fb7d31aef527715d024dc6f4 |
||
|
Greg Kroah-Hartman
|
464464ac47 |
Merge 4.19.226 into android-4.19-stable
Changes in 4.19.226
Bluetooth: bfusb: fix division by zero in send path
USB: core: Fix bug in resuming hub's handling of wakeup requests
USB: Fix "slab-out-of-bounds Write" bug in usb_hcd_poll_rh_status
can: bcm: switch timer to HRTIMER_MODE_SOFT and remove hrtimer_tasklet
veth: Do not record rx queue hint in veth_xmit
mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe()
can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data
can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved}
random: fix data race on crng_node_pool
random: fix data race on crng init time
staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn()
drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk()
kbuild: Add $(KBUILD_HOSTLDFLAGS) to 'has_libelf' test
orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()
KVM: s390: Clarify SIGP orders versus STOP/RESTART
media: uvcvideo: fix division by zero at stream start
rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled
firmware: qemu_fw_cfg: fix sysfs information leak
firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries
firmware: qemu_fw_cfg: fix kobject leak in probe error path
ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows
HID: uhid: Fix worker destroying device without any protection
HID: wacom: Reset expected and received contact counts at the same time
HID: wacom: Ignore the confidence flag when a touch is removed
HID: wacom: Avoid using stale array indicies to read contact count
f2fs: fix to do sanity check in is_alive()
nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind()
mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6
x86/gpu: Reserve stolen memory for first integrated Intel GPU
rtc: cmos: take rtc_lock while reading from CMOS
media: flexcop-usb: fix control-message timeouts
media: mceusb: fix control-message timeouts
media: em28xx: fix control-message timeouts
media: cpia2: fix control-message timeouts
media: s2255: fix control-message timeouts
media: dib0700: fix undefined behavior in tuner shutdown
media: redrat3: fix control-message timeouts
media: pvrusb2: fix control-message timeouts
media: stk1160: fix control-message timeouts
can: softing_cs: softingcs_probe(): fix memleak on registration failure
lkdtm: Fix content of section containing lkdtm_rodata_do_nothing()
PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller
shmem: fix a race between shmem_unused_huge_shrink and shmem_evict_inode
drm/panel: innolux-p079zca: Delete panel on attach() failure
Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails
clk: bcm-2835: Pick the closest clock rate
clk: bcm-2835: Remove rounding up the dividers
wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND
wcn36xx: Release DMA channel descriptor allocations
media: videobuf2: Fix the size printk format
media: em28xx: fix memory leak in em28xx_init_dev
arm64: dts: meson-gxbb-wetek: fix missing GPIO binding
Bluetooth: stop proccessing malicious adv data
tee: fix put order in teedev_close_context()
media: dmxdev: fix UAF when dvb_register_device() fails
crypto: qce - fix uaf on qce_ahash_register_one
tty: serial: atmel: Check return code of dmaengine_submit()
tty: serial: atmel: Call dma_async_issue_pending()
media: rcar-csi2: Correct the selection of hsfreqrange
media: si470x-i2c: fix possible memory leak in si470x_i2c_probe()
media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released
netfilter: bridge: add support for pppoe filtering
arm64: dts: qcom: msm8916: fix MMC controller aliases
drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode()
drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms()
tty: serial: uartlite: allow 64 bit address
serial: amba-pl011: do not request memory region twice
floppy: Fix hang in watchdog when disk is ejected
media: dib8000: Fix a memleak in dib8000_init()
media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach()
media: si2157: Fix "warm" tuner state detection
sched/rt: Try to restart rt period timer when rt runtime exceeded
xfrm: fix a small bug in xfrm_sa_len()
crypto: stm32/cryp - fix double pm exit
media: dw2102: Fix use after free
media: msi001: fix possible null-ptr-deref in msi001_probe()
media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes
drm/msm/dpu: fix safe status debugfs file
xfrm: interface with if_id 0 should return error
xfrm: state and policy should fail if XFRMA_IF_ID 0
usb: ftdi-elan: fix memory leak on device disconnect
ARM: dts: armada-38x: Add generic compatible to UART nodes
mmc: meson-mx-sdio: add IRQ check
x86/mce/inject: Avoid out-of-bounds write when setting flags
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region()
pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region()
netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check()
ppp: ensure minimum packet size in ppp_write()
staging: greybus: audio: Check null pointer
fsl/fman: Check for null pointer after calling devm_ioremap
Bluetooth: hci_bcm: Check for error irq
spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe
tpm: add request_locality before write TPM_INT_ENABLE
can: softing: softing_startstop(): fix set but not used variable warning
can: xilinx_can: xcan_probe(): check for error irq
pcmcia: fix setting of kthread task states
net: mcs7830: handle usb read errors properly
ext4: avoid trim error on fs with small groups
ALSA: jack: Add missing rwsem around snd_ctl_remove() calls
ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls
ALSA: hda: Add missing rwsem around snd_ctl_remove() calls
RDMA/hns: Validate the pkey index
powerpc/prom_init: Fix improper check of prom_getprop()
ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA
ALSA: oss: fix compile error when OSS_DEBUG is enabled
char/mwave: Adjust io port register size
iommu/io-pgtable-arm: Fix table descriptor paddr formatting
scsi: ufs: Fix race conditions related to driver data
RDMA/core: Let ib_find_gid() continue search even after empty entry
ASoC: rt5663: Handle device_property_read_u32_array error codes
dmaengine: pxa/mmp: stop referencing config->slave_id
iommu/iova: Fix race between FQ timeout and teardown
ASoC: mediatek: Check for error clk pointer
ASoC: samsung: idma: Check of ioremap return value
misc: lattice-ecp3-config: Fix task hung when firmware load failed
mips: lantiq: add support for clk_set_parent()
mips: bcm63xx: add support for clk_set_parent()
RDMA/cxgb4: Set queue pair state when being queried
Bluetooth: Fix debugfs entry leak in hci_register_dev()
fs: dlm: filter user dlm messages for kernel locks
ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply
drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR
usb: gadget: f_fs: Use stream_open() for endpoint files
HID: apple: Do not reset quirks when the Fn key is not found
media: b2c2: Add missing check in flexcop_pci_isr:
mlxsw: pci: Add shutdown method in PCI driver
drm/bridge: megachips: Ensure both bridges are probed before registration
gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use
HSI: core: Fix return freed object in hsi_new_client
mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
rsi: Fix out-of-bounds read in rsi_read_pkt()
usb: uhci: add aspeed ast2600 uhci support
floppy: Add max size check for user space request
media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds.
media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach()
media: m920x: don't use stack on USB reads
iwlwifi: mvm: synchronize with FW after multicast commands
ath10k: Fix tx hanging
net-sysfs: update the queue counts in the unregistration path
x86/mce: Mark mce_panic() noinstr
x86/mce: Mark mce_end() noinstr
x86/mce: Mark mce_read_aux() noinstr
net: bonding: debug: avoid printing debug logs when bond is not notifying peers
bpf: Do not WARN in bpf_warn_invalid_xdp_action()
HID: quirks: Allow inverting the absolute X/Y values
media: igorplugusb: receiver overflow should be reported
media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach()
mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO
audit: ensure userspace is penalized the same as the kernel when under pressure
arm64: tegra: Adjust length of CCPLEX cluster MMIO region
usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0
ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream
iwlwifi: fix leaks/bad data after failed firmware load
iwlwifi: remove module loading failure message
iwlwifi: mvm: Fix calculation of frame length
um: registers: Rename function names to avoid conflicts and build problems
jffs2: GC deadlock reading a page that is used in jffs2_write_begin()
ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions
ACPICA: Utilities: Avoid deleting the same object twice in a row
ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R()
ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5
drm/amdgpu: fixup bad vram size on gmc v8
ACPI: battery: Add the ThinkPad "Not Charging" quirk
btrfs: remove BUG_ON() in find_parent_nodes()
btrfs: remove BUG_ON(!eie) in find_parent_nodes
net: mdio: Demote probed message to debug print
mac80211: allow non-standard VHT MCS-10/11
dm btree: add a defensive bounds check to insert_at()
dm space map common: add bounds check to sm_ll_lookup_bitmap()
net: phy: marvell: configure RGMII delays for 88E1118
net: gemini: allow any RGMII interface mode
regulator: qcom_smd: Align probe function with rpmh-regulator
serial: pl010: Drop CR register reset on set_termios
serial: core: Keep mctrl register state and cached copy in sync
parisc: Avoid calling faulthandler_disabled() twice
powerpc/6xx: add missing of_node_put
powerpc/powernv: add missing of_node_put
powerpc/cell: add missing of_node_put
powerpc/btext: add missing of_node_put
powerpc/watchdog: Fix missed watchdog reset due to memory ordering race
i2c: i801: Don't silently correct invalid transfer size
powerpc/smp: Move setup_profiling_timer() under CONFIG_PROFILING
i2c: mpc: Correct I2C reset procedure
w1: Misuse of get_user()/put_user() reported by sparse
ALSA: seq: Set upper limit of processed events
powerpc: handle kdump appropriately with crash_kexec_post_notifiers option
MIPS: OCTEON: add put_device() after of_find_device_by_node()
i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters
MIPS: Octeon: Fix build errors using clang
scsi: sr: Don't use GFP_DMA
ASoC: mediatek: mt8173: fix device_node leak
power: bq25890: Enable continuous conversion for ADC at charging
rpmsg: core: Clean up resources on announce_create failure.
ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers
serial: Fix incorrect rs485 polarity on uart open
cputime, cpuacct: Include guest time in user time in cpuacct.stat
iwlwifi: mvm: Increase the scan timeout guard to 30 seconds
s390/mm: fix 2KB pgtable release race
drm/etnaviv: limit submit sizes
ext4: make sure to reset inode lockdep class when quota enabling fails
ext4: make sure quota gets properly shutdown on error
ext4: set csum seed in tmp inode while migrating to extents
ext4: Fix BUG_ON in ext4_bread when write quota data
ext4: don't use the orphan list when migrating an inode
crypto: stm32/crc32 - Fix kernel BUG triggered in probe()
ASoC: dpcm: prevent snd_soc_dpcm use after free
regulator: core: Let boot-on regulators be powered off
drm/radeon: fix error handling in radeon_driver_open_kms
ARM: dts: Fix vcsi regulator to be always-on for droid4 to prevent hangs
firmware: Update Kconfig help text for Google firmware
media: rcar-csi2: Optimize the selection PHTW register
Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization
RDMA/hns: Modify the mapping attribute of doorbell to device
RDMA/rxe: Fix a typo in opcode name
dmaengine: stm32-mdma: fix STM32_MDMA_CTBR_TSEL_MASK
powerpc/cell: Fix clang -Wimplicit-fallthrough warning
powerpc/fsl/dts: Enable WA for erratum A-009885 on fman3l MDIO buses
net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
parisc: pdc_stable: Fix memory leak in pdcs_register_pathentries
af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress
net: axienet: Wait for PhyRstCmplt after core reset
net: axienet: fix number of TX ring slots for available check
rtc: pxa: fix null pointer dereference
netns: add schedule point in ops_exit_list()
libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route()
dmaengine: at_xdmac: Don't start transactions at tx_submit level
dmaengine: at_xdmac: Print debug message after realeasing the lock
dmaengine: at_xdmac: Fix lld view setting
dmaengine: at_xdmac: Fix at_xdmac_lld struct definition
net_sched: restore "mpu xxx" handling
bcmgenet: add WOL IRQ check
scripts/dtc: dtx_diff: remove broken example from help text
lib82596: Fix IRQ check in sni_82596_probe
mtd: nand: bbt: Fix corner case in bad block table handling
mips,s390,sh,sparc: gup: Work around the "COW can break either way" issue
fuse: fix bad inode
fuse: fix live lock in fuse_iget()
Linux 4.19.226
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie7599317fe668c46e0ceca652b4172ad2ce6533d
|
||
|
Jens Wiklander
|
564a7ca7b4 |
tee: fix put order in teedev_close_context()
[ Upstream commit f18397ab3ae23e8e43bba9986e66af6d4497f2ad ]
Prior to this patch was teedev_close_context() calling tee_device_put()
before teedev_ctx_put() leading to teedev_ctx_release() accessing
ctx->teedev just after the reference counter was decreased on the
teedev. Fix this by calling teedev_ctx_put() before tee_device_put().
Fixes:
|
||
|
huifen wang
|
0740e7ebf5 |
[ALPS06493842] TEEI: fix Security Vulnerability
Fix race condition lead to type confusion issue in teei driver MTK-Commit-Id: aee2bfdbdc880cc24357fb4dc2f0baeefd20f4f7 Signed-off-by: huifen wang <huifen.wang@mediatek.com> CR-Id: ALPS06493842 Feature: Microtrust TEEI Change-Id: I8ffd114250f28de463ef3a0effab326f53fd99d7 |
||
|
Bo Ye
|
425c4a3572 |
[ALPS06486924] ACK: Merge android-4.19-stable into alps-mp-s0.mp1
Target: android-4.19-stable "011b73c995f35959b39ccde045addbc1862fa3e6 Merge 4.19.191 into android-4.19-stable" Version change from 4.19.188 to 4.19.191 MTK-Commit-Id: c8384f99d5a155550b3c0707800ea3d1d83f9ee3 Feature: Kernel SI Operation CR-Id: ALPS06486924 Signed-off-by: Bo Ye <bo.ye@mediatek.com> Change-Id: Ic51822fa66c2d94e5f60b2e65a65153ade20c228 |
||
|
Greg Kroah-Hartman
|
523769c68b |
Merge 4.19.224 into android-4.19-stable
Changes in 4.19.224 HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option tee: handle lookup of shm with reference count 0 Input: i8042 - add deferred probe support Input: i8042 - enable deferred probe quirk for ASUS UM325UA platform/x86: apple-gmux: use resource_size() with res recordmcount.pl: fix typo in s390 mcount regex selinux: initialize proto variable in selinux_ip_postroute_compat() scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() udp: using datalen to cap ipv6 udp max gso segments selftests: Calculate udpgso segment count without header adjustment sctp: use call_rcu to free endpoint net: usb: pegasus: Do not drop long Ethernet frames NFC: st21nfca: Fix memory leak in device probe and remove net/mlx5e: Fix wrong features assignment in case of error selftests/net: udpgso_bench_tx: fix dst ip argument fsl/fman: Fix missing put_device() call in fman_port_probe i2c: validate user data in compat ioctl nfc: uapi: use kernel size_t to fix user-space builds uapi: fix linux/nfc.h userspace compilation errors xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set. usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. usb: mtu3: set interval of FS intr and isoc endpoint binder: fix async_free_space accounting for empty parcels scsi: vmw_pvscsi: Set residual data length conditionally Input: appletouch - initialize work before device registration Input: spaceball - fix parsing of movement data packets net: fix use-after-free in tw_timer_handler Linux 4.19.224 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I152e5f7136d00c553192c65298371353418eed41 |
||
|
Jens Wiklander
|
b4a661b421 |
tee: handle lookup of shm with reference count 0
commit dfd0743f1d9ea76931510ed150334d571fbab49d upstream.
Since the tee subsystem does not keep a strong reference to its idle
shared memory buffers, it races with other threads that try to destroy a
shared memory through a close of its dma-buf fd or by unmapping the
memory.
In tee_shm_get_from_id() when a lookup in teedev->idr has been
successful, it is possible that the tee_shm is in the dma-buf teardown
path, but that path is blocked by the teedev mutex. Since we don't have
an API to tell if the tee_shm is in the dma-buf teardown path or not we
must find another way of detecting this condition.
Fix this by doing the reference counting directly on the tee_shm using a
new refcount_t refcount field. dma-buf is replaced by using
anon_inode_getfd() instead, this separates the life-cycle of the
underlying file from the tee_shm. tee_shm_put() is updated to hold the
mutex when decreasing the refcount to 0 and then remove the tee_shm from
teedev->idr before releasing the mutex. This means that the tee_shm can
never be found unless it has a refcount larger than 0.
Fixes:
|
||
|
huifen wang
|
63f6edf04a |
[ALPS06143051] TEEI: fix svp play fail
TEEI: fix svp play fail because of trustmem TEEC_InitializeContext return 0xffff0008;workaround selinux issue. MTK-Commit-Id: 83b2c8a67b905d90a5f8ae4d9d135449915625cb Signed-off-by: huifen wang <huifen.wang@mediatek.com> CR-Id: ALPS06143051 Feature: Secure Video Path (SVP) Change-Id: I655372212a4085886945b6b739ac0108d1694661 |
||
|
Greg Kroah-Hartman
|
78a4d032ec |
Merge 4.19.203 into android-4.19-stable
Changes in 4.19.203 Revert "ACPICA: Fix memory leak caused by _CID repair function" ALSA: seq: Fix racy deletion of subscriber ARM: imx: add missing iounmap() ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz ALSA: usb-audio: fix incorrect clock source setting clk: stm32f4: fix post divisor setup for I2S/SAI PLLs omap5-board-common: remove not physically existing vdds_1v8_main fixed-regulator scsi: sr: Return correct event when media event code is 3 media: videobuf2-core: dequeue if start_streaming fails net: natsemi: Fix missing pci_disable_device() in probe and remove sctp: move the active_key update after sh_keys is added nfp: update ethtool reporting of pauseframe control net: ipv6: fix returned variable type in ip6_skb_dst_mtu mips: Fix non-POSIX regexp bnx2x: fix an error code in bnx2x_nic_load() net: pegasus: fix uninit-value in get_interrupt_interval net: fec: fix use-after-free in fec_drv_remove net: vxge: fix use-after-free in vxge_device_unregister blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() Bluetooth: defer cleanup of resources in hci_unregister_dev() USB: usbtmc: Fix RCU stall warning USB: serial: option: add Telit FD980 composition 0x1056 USB: serial: ch341: fix character loss at high transfer rates USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback firmware_loader: fix use-after-free in firmware_fallback_sysfs ALSA: usb-audio: Add registration quirk for JBL Quantum 600 usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers usb: gadget: f_hid: fixed NULL pointer dereference usb: gadget: f_hid: idle uses the highest byte for duration usb: otg-fsm: Fix hrtimer list corruption scripts/tracing: fix the bug that can't parse raw_trace_func tracing / histogram: Give calculation hist_fields a size tracing/histogram: Rename "cpu" to "common_cpu" optee: Clear stale cache entries during initialization staging: rtl8723bs: Fix a resource leak in sd_int_dpc media: rtl28xxu: fix zero-length control request pipe: increase minimum default pipe size to 2 pages ext4: fix potential htree corruption when growing large_dir directories serial: 8250: Mask out floating 16/32-bit bus bits MIPS: Malta: Do not byte-swap accesses to the CBUS UART pcmcia: i82092: fix a null pointer dereference bug KVM: x86: accept userspace interrupt only if no event is injected KVM: x86/mmu: Fix per-cpu counter corruption on 32-bit builds spi: meson-spicc: fix memory leak in meson_spicc_remove perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest qmi_wwan: add network device usage statistics for qmimux devices libata: fix ata_pio_sector for CONFIG_HIGHMEM reiserfs: add check for root_inode in reiserfs_fill_super reiserfs: check directory items on read from disk alpha: Send stop IPI to send to online CPUs net/qla3xxx: fix schedule while atomic in ql_wait_for_drvr_lock and ql_adapter_reset ARM: imx: add mmdc ipg clock operation for mmdc Linux 4.19.203 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I4adcce1092ab000faec667eda6cf569e7a269562 |
||
|
Tyler Hicks
|
78264dfb6f |
optee: Clear stale cache entries during initialization
commit b5c10dd04b7418793517e3286cde5c04759a86de upstream. The shm cache could contain invalid addresses if optee_disable_shm_cache() was not called from the .shutdown hook of the previous kernel before a kexec. These addresses could be unmapped or they could point to mapped but unintended locations in memory. Clear the shared memory cache, while being careful to not translate the addresses returned from OPTEE_SMC_DISABLE_SHM_CACHE, during driver initialization. Once all pre-cache shm objects are removed, proceed with enabling the cache so that we know that we can handle cached shm objects with confidence later in the .shutdown hook. Cc: stable@vger.kernel.org Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
huifen wang
|
24f6175c96 |
[ALPS05616287] TEEI:fix teei kernel driver
fix teei kernel-4.19 driver build error "undefined symbol get_current_cpuid" MTK-Commit-Id: 020ae40c2ca12adec444f33af5cc725acf133c4f Change-Id: Ie5be4883b9fa053dce3669d973fddf1935a4c829 Signed-off-by: huifen wang <huifen.wang@mediatek.com> CR-Id: ALPS05616287 Feature: Microtrust TEEI |
||
|
huifen wang
|
a99c506750 |
[ALPS05616287] TEEI: kernel 4.19 driver upgrade
TEEI kernel-4.19 driver upgrade from 300 to 400 MTK-Commit-Id: cdcd840339d68c8bc06ae268077d9a68ba06c156 Change-Id: I7e99e962a8b0169f494c6413583ed9d021ee1e6b Signed-off-by: huifen wang <huifen.wang@mediatek.com> CR-Id: ALPS05616287 Feature: Microtrust TEEI |
||
|
Greg Kroah-Hartman
|
011b73c995 |
Merge 4.19.191 into android-4.19-stable
Changes in 4.19.191 s390/disassembler: increase ebpf disasm buffer size ACPI: custom_method: fix potential use-after-free issue ACPI: custom_method: fix a possible memory leak ftrace: Handle commands when closing set_ftrace_filter file ARM: 9056/1: decompressor: fix BSS size calculation for LLVM ld.lld arm64: dts: marvell: armada-37xx: add syscon compatible to NB clk node arm64: dts: mt8173: fix property typo of 'phys' in dsi node ecryptfs: fix kernel panic with null dev_name mtd: spinand: core: add missing MODULE_DEVICE_TABLE() mtd: rawnand: atmel: Update ecc_stats.corrected counter spi: spi-ti-qspi: Free DMA resources scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers mmc: block: Update ext_csd.cache_ctrl if it was written mmc: block: Issue a cache flush only when it's enabled mmc: core: Do a power cycle when the CMD11 fails mmc: core: Set read only for SD cards with permanent write protect bit erofs: add unsupported inode i_format check cifs: Return correct error code from smb2_get_enc_key btrfs: fix metadata extent leak after failure to create subvolume intel_th: pci: Add Rocket Lake CPU support fbdev: zero-fill colormap in fbcmap.c staging: wimax/i2400m: fix byte-order issue crypto: api - check for ERR pointers in crypto_destroy_tfm() usb: gadget: uvc: add bInterval checking for HS mode genirq/matrix: Prevent allocation counter corruption usb: gadget: f_uac1: validate input parameters usb: dwc3: gadget: Ignore EP queue requests during bus reset usb: xhci: Fix port minor revision PCI: PM: Do not read power state in pci_enable_device_flags() x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS) tee: optee: do not check memref size on return from Secure World perf/arm_pmu_platform: Fix error handling usb: xhci-mtk: support quirk to disable usb2 lpm xhci: check control context is valid before dereferencing it. xhci: fix potential array out of bounds with several interrupters spi: dln2: Fix reference leak to master spi: omap-100k: Fix reference leak to master intel_th: Consistency and off-by-one fix phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe scsi: lpfc: Fix pt2pt connection does not recover after LOGO scsi: target: pscsi: Fix warning in pscsi_complete_cmd() media: ite-cir: check for receive overflow media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB power: supply: bq27xxx: fix power_avg for newer ICs extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged media: media/saa7164: fix saa7164_encoder_register() memory leak bugs media: gspca/sq905.c: fix uninitialized variable power: supply: Use IRQF_ONESHOT drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() scsi: qla2xxx: Fix use after free in bsg scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() media: em28xx: fix memory leak media: vivid: update EDID clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() media: tc358743: fix possible use-after-free in tc358743_remove() media: adv7604: fix possible use-after-free in adv76xx_remove() media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() media: i2c: adv7842: fix possible use-after-free in adv7842_remove() media: dvb-usb: fix memory leak in dvb_usb_adapter_init media: gscpa/stv06xx: fix memory leak drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal amdgpu: avoid incorrect %hu format string drm/amdgpu: fix NULL pointer dereference scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic scsi: libfc: Fix a format specifier s390/archrandom: add parameter check for s390_arch_random_generate ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer ALSA: hda/conexant: Re-order CX5066 quirk table entries ALSA: sb: Fix two use after free in snd_sb_qsound_build ALSA: usb-audio: Explicitly set up the clock selector ALSA: usb-audio: More constifications ALSA: usb-audio: Add dB range mapping for Sennheiser Communications Headset PC 8 ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx btrfs: fix race when picking most recent mod log operation for an old root arm64/vdso: Discard .note.gnu.property sections in vDSO ubifs: Only check replay with inode type to judge if inode linked f2fs: fix to avoid out-of-bounds memory access mlxsw: spectrum_mr: Update egress RIF list before route's action openvswitch: fix stack OOB read while fragmenting IPv4 packets ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure NFS: Don't discard pNFS layout segments that are marked for return NFSv4: Don't discard segments marked for return in _pnfs_return_layout() jffs2: Fix kasan slab-out-of-bounds problem powerpc/eeh: Fix EEH handling for hugepages in ioremap space. powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h intel_th: pci: Add Alder Lake-M support tpm: vtpm_proxy: Avoid reading host log when using a virtual device md/raid1: properly indicate failure when ending a failed write request dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences security: commoncap: fix -Wstringop-overread warning Fix misc new gcc warnings jffs2: check the validity of dstlen in jffs2_zlib_compress() Revert |
||
|
Jerome Forissier
|
f386d162c2 |
tee: optee: do not check memref size on return from Secure World
[ Upstream commit c650b8dc7a7910eb25af0aac1720f778b29e679d ] When Secure World returns, it may have changed the size attribute of the memory references passed as [in/out] parameters. The GlobalPlatform TEE Internal Core API specification does not restrict the values that this size can take. In particular, Secure World may increase the value to be larger than the size of the input buffer to indicate that it needs more. Therefore, the size check in optee_from_msg_param() is incorrect and needs to be removed. This fixes a number of failed test cases in the GlobalPlatform TEE Initial Configuratiom Test Suite v2_0_0_0-2017_06_09 when OP-TEE is compiled without dynamic shared memory support (CFG_CORE_DYN_SHM=n). Reviewed-by: Sumit Garg <sumit.garg@linaro.org> Suggested-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Jerome Forissier <jerome@forissier.org> Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
bo.ye
|
4f099f5a37 |
[ALPS05525109] [Do NOT Sync]Merge branch android-4.19-stable into alps-trunk-s0.basic
[Detail]
Target:
|
||
|
calvin.liao
|
2ee5672309 |
[ALPS05148595] TKCore: Modify RPMB
Modify to control RPMB by kernel driver. MTK-Commit-Id: 16044b3d185938ce0c9272486d820febcf0c179a Change-Id: I57e7433deacb4274d75d69ebe769490a478d21d7 Signed-off-by: calvin.liao <calvin.liao@mediatek.com> CR-Id: ALPS05148595 Feature: TrustKernel TEE |
||
|
calvin.liao
|
2d7ef992e6 |
[ALPS05051925] TEEI: Log to DB
Send the log of TEEI to DB. MTK-Commit-Id: e26612f97f0a85b92262efd674cd6204056b9f84 Change-Id: Ib92988cbdd31ad6a5f3cbbab2e654d2bde154422 Signed-off-by: calvin.liao <calvin.liao@mediatek.com> CR-Id: ALPS05051925 Feature: Microtrust TEEI |
||
|
Neal Liu
|
24d0cfe4ab |
[ALPS04783885] TEEs: add TEE Sanity driver
Add TEE Sanity driver MTK-Commit-Id: 69e4e7ecb47f2953587da035dce5ecfe5bcef85a Change-Id: Iac0307dd616b63d696088cf9fa414b8ca5e451bf Signed-off-by: Neal Liu <neal.liu@mediatek.com> CR-Id: ALPS04783885 Feature: Trustonic TEE (Trusted Execution Environment) |
||
|
calvin.liao
|
729e38dc8e |
[ALPS05051925] TEEI: Remove TUI driver
Remove non-used TUI driver. MTK-Commit-Id: ef047907bac00de303d523c81d76077532ab0b4a Change-Id: I7fba2fce80fa44c5b53852ac6dce6f985b907b06 Signed-off-by: calvin.liao <calvin.liao@mediatek.com> CR-Id: ALPS05051925 Feature: Microtrust TEEI |
||
|
Neal Liu
|
8a34c5411c |
[ALPS04783885] gud: add FOLL_LONGTERM in get_user_pages()
In the CMA case: longterm pins in a CMA region would unnecessarily fragment that region. And so CMA attempts to migrate the page before pinning when FOLL_LONGTERM is specified. MTK-Commit-Id: ee737452230525c50862f416e846cd722c45145c Change-Id: I04284261a5ba669c3a58ab1e8369837ea50f9a83 Signed-off-by: Neal Liu <neal.liu@mediatek.com> CR-Id: ALPS04783885 Feature: Trustonic TEE (Trusted Execution Environment) |
||
|
calvin.liao
|
f0c9d050e7 |
[ALPS05051925] TEEI: Compatible with 32bit
Compatible with 32bit driver. MTK-Commit-Id: 8c4a425a02c5194a1aa93e3e5267740eec944834 Change-Id: I7164836ed71f46a9b027916a0e3fcb07cff169d4 Signed-off-by: calvin.liao <calvin.liao@mediatek.com> CR-Id: ALPS05051925 Feature: Microtrust TEEI |
||
|
calvin.liao
|
3051278619 |
[ALPS05051925] TEEI: Support more TAs
Modify to support more TAs. MTK-Commit-Id: 2f18c411ed94d141631d12d9d69e7f572af4bf26 Change-Id: I5c0e249f0c02a4ddc9ae18e8c5a185cba944e829 Signed-off-by: calvin.liao <calvin.liao@mediatek.com> CR-Id: ALPS05051925 Feature: Microtrust TEEI |
||
|
Pangyen Chen
|
095e26534e |
[ALPS04865088] Trustonic TEE: Switch to Kinibi 500 by default
Use Kinibi 500 as the default Trustonic TEE version. MTK-Commit-Id: 66b6c08566641caf0d071b57648b8b864a274004 Change-Id: I65b28e4290f78640ee8cc89dc66fdd20c681b8f8 Signed-off-by: Pangyen Chen <pangyen.chen@mediatek.com> CR-Id: ALPS04865088 Feature: Trustonic TEE (Trusted Execution Environment) |
||
|
Pangyen Chen
|
5bbd242386 |
[ALPS04865088] Trustonic TEE: Upgrade to Kinibi 500 v003
Upgrade to Kinibi 500 v003 MTK-Commit-Id: 57fec684f0103de7779ed5f3da835b5bcaf5d71d Change-Id: I34472432269d5a631cbbf712975477039f013543 Signed-off-by: Pangyen Chen <pangyen.chen@mediatek.com> CR-Id: ALPS04865088 Feature: Trustonic TEE (Trusted Execution Environment) |
||
|
Pangyen Chen
|
375f4c945e |
[ALPS04865088] Kinibi 500: Fix IRQ line number setting
Fix setting for IRQ line number setting for SWd to NWd notification. SWd and NWd will not be able to communicate if this setting is incorrect and since on Mediatek platform it shifts 32, the option we used on kernel-4.14(CONFIG_MTK_SYSIRQ) to detect this should be changed to kernel-4.19(CONFIG_ARCH_MEDIATEK) instead. MTK-Commit-Id: a9dfe33e41ed38132a228a54e54120165acd1167 Change-Id: Ib99dc85f43b52e30637801322f75998ff71ea74e Signed-off-by: Pangyen Chen <pangyen.chen@mediatek.com> CR-Id: ALPS04865088 Feature: Trustonic TEE (Trusted Execution Environment) |
||
|
calvin.liao
|
333ca866e8 |
[ALPS05051925] TEEI: ISEE 3.5
Migrate TEEI kernel driver to select core dynamically. MTK-Commit-Id: 7ffd2ba611e209d6d28e3ba237dc382f6d353f52 Change-Id: Ic9df42795385fd704c4d1f9761ab0995808c5e65 Signed-off-by: calvin.liao <calvin.liao@mediatek.com> CR-Id: ALPS05051925 Feature: Microtrust TEEI |
||
|
Pangyen Chen
|
dde0eed1a8 |
[ALPS04865088] Trustonic TEE: Solve build error related to ion
Solve build error related to ion. MTK-Commit-Id: 21f07965e20bcf42fa82610c5fb2074ce3d89241 Change-Id: I1c5d1807acb5203f1adba3637536a5d965634a77 Signed-off-by: Pangyen Chen <pangyen.chen@mediatek.com> CR-Id: ALPS04865088 Feature: Trustonic TEE (Trusted Execution Environment) |
||
|
Pangyen Chen
|
66f21f0ff6 |
[ALPS04865088] TEE: Change MTK_TEE_GP_SUPPORT to TEE
We assume that all secure os should comply with GP standard so all features that rely on CONFIG_MTK_TEE_GP_SUPPORT are changed to CONFIG_TEE. MTK-Commit-Id: cd90aacb682c98ca58f7a4d17ad5d6fa2816fd3e Change-Id: I03e02feca98b3449bd9b407f137f93017bf032fb CR-Id: ALPS04865088 Feature: Trustonic TEE (Trusted Execution Environment) Signed-off-by: Pangyen Chen <pangyen.chen@mediatek.com> |
||
|
calvin.liao
|
a2fe67c400 |
[ALPS05051925] TEEI: ISEE 3.5
Migrate TEEI kernel driver to select core dynamically. MTK-Commit-Id: ee9103f33ca2461b7fc6910bc51b4a55124b3f6a Change-Id: Ic2578c9eea4bd489fd8c9f01179987c8342417de Signed-off-by: calvin.liao <calvin.liao@mediatek.com> CR-Id: ALPS05051925 Feature: Microtrust TEEI |
||
|
Guangming Cao
|
bb36305695 |
[ALPS05053211] ion: fix trustonic tee build error
1. remove phase-out config: MTK_LEGACYSECMEM_SUPPORT 2. fix m4u build error: remove file include i debug file m4u wont use api from secmem, because this part function, get secure memory, is provided by ion. 3. fix mobilecore build error add ion_priv.h inlcude for struct ion_buffer MTK-Commit-Id: f061e5113f71b9d98e191adc48c102e2ffa9e200 Change-Id: Idab3bf3fe0158bb83d61f35d5c5caee96b8ff79e Signed-off-by: Guangming Cao <Guangming.Cao@mediatek.com> CR-Id: ALPS05053211 Feature: [Module]ION/M4U |
||
|
Pangyen Chen
|
bfd1aa6117 |
[ALPS04865088] Trustonic TEE: Upload GUD for Kinibi 500
GUD is linux kernel driver for Trustonic TEE which acts as a bridge between normal world and secure world. To upgrade to Kinibi 500, GUD driver is essential. MTK-Commit-Id: c65e1a2242422f2034158f24ba240aa9b027e65f Change-Id: I11dbf8c26210babbc590af2b2f7896cb98ac73dc Signed-off-by: Pangyen Chen <pangyen.chen@mediatek.com> CR-Id: ALPS04865088 Feature: Trustonic TEE (Trusted Execution Environment) |
||
|
Pangyen Chen
|
53e6e1fa14 |
[ALPS05063810] Trustonic TEE: Solve build error due to clang
GCC version should not be used as the criteria for building since toolchain has been switched to Clang. We removed judgement of GCC version in order to solve build error. MTK-Commit-Id: d71376bdf81de33ab7f46a8d348d8b12a05e2931 Change-Id: I15a78c0616c3a10cc63a88d4164cd58ab7ede8cb Signed-off-by: Pangyen Chen <pangyen.chen@mediatek.com> CR-Id: ALPS05063810 Feature: Trustonic TEE (Trusted Execution Environment) |