bka
1921 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Sultan Alsawaf
|
5ac450d018 |
arch: arm64: configs: Disable SLUB per-CPU partial caches
CONFIG_SLUB_CPU_PARTIAL is not set This causes load spikes when the per-CPU partial caches are filled and need to be drained, which is bad for maintaining low latency. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> |
||
|
Minchan Kim
|
01a6275c21 |
arch: arm64: configs: Disable CONFIG_MEMCG and MEMCG_SWAP
CONFIG_MEMCG is not set Pixel doesn't use the memcg but it hurts 15% performance in minor fault benchmark so disable it until we see strong reason. Bug: 169443770 Signed-off-by: Minchan Kim <minchan@google.com> Change-Id: Ifd9ddcd54559c590260d52f60a2e5e4b79c5480f |
||
|
Mike Rapoport
|
213670f0fe |
BACKPORT: mm: introduce include/linux/pgtable.h
The include/linux/pgtable.h is going to be the home of generic page table manipulation functions. Start with moving asm-generic/pgtable.h to include/linux/pgtable.h and make the latter include asm/pgtable.h. Change-Id: I8a69883a0091366839170f569a44e12544327183 Signed-off-by: Mike Rapoport <rppt@linux.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Cain <bcain@codeaurora.org> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Chris Zankel <chris@zankel.net> Cc: "David S. Miller" <davem@davemloft.net> Cc: Geert Uytterhoeven <geert@linux-m68k.org> Cc: Greentime Hu <green.hu@gmail.com> Cc: Greg Ungerer <gerg@linux-m68k.org> Cc: Guan Xuetao <gxt@pku.edu.cn> Cc: Guo Ren <guoren@kernel.org> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Helge Deller <deller@gmx.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: Ley Foon Tan <ley.foon.tan@intel.com> Cc: Mark Salter <msalter@redhat.com> Cc: Matthew Wilcox <willy@infradead.org> Cc: Matt Turner <mattst88@gmail.com> Cc: Max Filippov <jcmvbkbc@gmail.com> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: Michal Simek <monstr@monstr.eu> Cc: Nick Hu <nickhu@andestech.com> Cc: Paul Walmsley <paul.walmsley@sifive.com> Cc: Richard Weinberger <richard@nod.at> Cc: Rich Felker <dalias@libc.org> Cc: Russell King <linux@armlinux.org.uk> Cc: Stafford Horne <shorne@gmail.com> Cc: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Tony Luck <tony.luck@intel.com> Cc: Vincent Chen <deanbo422@gmail.com> Cc: Vineet Gupta <vgupta@synopsys.com> Cc: Will Deacon <will@kernel.org> Cc: Yoshinori Sato <ysato@users.sourceforge.jp> Link: http://lkml.kernel.org/r/20200514170327.31389-3-rppt@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
Daniel Borkmann
|
110320305a |
UPSTREAM: bpf: Restrict bpf_probe_read{, str}() only to archs where they work
Given the legacy bpf_probe_read{,str}() BPF helpers are broken on archs
with overlapping address ranges, we should really take the next step to
disable them from BPF use there.
To generally fix the situation, we've recently added new helper variants
bpf_probe_read_{user,kernel}() and bpf_probe_read_{user,kernel}_str().
For details on them, see 6ae08ae3dea2 ("bpf: Add probe_read_{user, kernel}
and probe_read_{user,kernel}_str helpers").
Given bpf_probe_read{,str}() have been around for ~5 years by now, there
are plenty of users at least on x86 still relying on them today, so we
cannot remove them entirely w/o breaking the BPF tracing ecosystem.
However, their use should be restricted to archs with non-overlapping
address ranges where they are working in their current form. Therefore,
move this behind a CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE and
have x86, arm64, arm select it (other archs supporting it can follow-up
on it as well).
For the remaining archs, they can workaround easily by relying on the
feature probe from bpftool which spills out defines that can be used out
of BPF C code to implement the drop-in replacement for old/new kernels
via: bpftool feature probe macro
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I2190b9fabdca2cf7ddd16ad4fe36e95bc832963e
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Brendan Gregg <brendan.d.gregg@gmail.com>
Cc: Christoph Hellwig <hch@lst.de>
Link: https://lore.kernel.org/bpf/20200515101118.6508-2-daniel@iogearbox.net
|
||
|
Alexei Starovoitov
|
5fae5cfdcb |
UPSTREAM: bpf: Introduce sleepable BPF programs
Introduce sleepable BPF programs that can request such property for themselves via BPF_F_SLEEPABLE flag at program load time. In such case they will be able to use helpers like bpf_copy_from_user() that might sleep. At present only fentry/fexit/fmod_ret and lsm programs can request to be sleepable and only when they are attached to kernel functions that are known to allow sleeping. The non-sleepable programs are relying on implicit rcu_read_lock() and migrate_disable() to protect life time of programs, maps that they use and per-cpu kernel structures used to pass info between bpf programs and the kernel. The sleepable programs cannot be enclosed into rcu_read_lock(). migrate_disable() maps to preempt_disable() in non-RT kernels, so the progs should not be enclosed in migrate_disable() as well. Therefore rcu_read_lock_trace is used to protect the life time of sleepable progs. There are many networking and tracing program types. In many cases the 'struct bpf_prog *' pointer itself is rcu protected within some other kernel data structure and the kernel code is using rcu_dereference() to load that program pointer and call BPF_PROG_RUN() on it. All these cases are not touched. Instead sleepable bpf programs are allowed with bpf trampoline only. The program pointers are hard-coded into generated assembly of bpf trampoline and synchronize_rcu_tasks_trace() is used to protect the life time of the program. The same trampoline can hold both sleepable and non-sleepable progs. When rcu_read_lock_trace is held it means that some sleepable bpf program is running from bpf trampoline. Those programs can use bpf arrays and preallocated hash/lru maps. These map types are waiting on programs to complete via synchronize_rcu_tasks_trace(); Updates to trampoline now has to do synchronize_rcu_tasks_trace() and synchronize_rcu_tasks() to wait for sleepable progs to finish and for trampoline assembly to finish. This is the first step of introducing sleepable progs. Eventually dynamically allocated hash maps can be allowed and networking program types can become sleepable too. Change-Id: I281471010348f21de4e0832dfc0265dfe85b4a0d Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Josef Bacik <josef@toxicpanda.com> Acked-by: Andrii Nakryiko <andriin@fb.com> Acked-by: KP Singh <kpsingh@google.com> Link: https://lore.kernel.org/bpf/20200827220114.69225-3-alexei.starovoitov@gmail.com |
||
|
Paul E. McKenney
|
bbe95c1ff8 |
BACKPORT: rcu-tasks: Add an RCU Tasks Trace to simplify protection of tracing hooks
Because RCU does not watch exception early-entry/late-exit, idle-loop, or CPU-hotplug execution, protection of tracing and BPF operations is needlessly complicated. This commit therefore adds a variant of Tasks RCU that: o Has explicit read-side markers to allow finite grace periods in the face of in-kernel loops for PREEMPT=n builds. These markers are rcu_read_lock_trace() and rcu_read_unlock_trace(). o Protects code in the idle loop, exception entry/exit, and CPU-hotplug code paths. In this respect, RCU-tasks trace is similar to SRCU, but with lighter-weight readers. o Avoids expensive read-side instruction, having overhead similar to that of Preemptible RCU. There are of course downsides: o The grace-period code can send IPIs to CPUs, even when those CPUs are in the idle loop or in nohz_full userspace. This is mitigated by later commits. o It is necessary to scan the full tasklist, much as for Tasks RCU. o There is a single callback queue guarded by a single lock, again, much as for Tasks RCU. However, those early use cases that request multiple grace periods in quick succession are expected to do so from a single task, which makes the single lock almost irrelevant. If needed, multiple callback queues can be provided using any number of schemes. Perhaps most important, this variant of RCU does not affect the vanilla flavors, rcu_preempt and rcu_sched. The fact that RCU Tasks Trace readers can operate from idle, offline, and exception entry/exit in no way enables rcu_preempt and rcu_sched readers to do so. The memory ordering was outlined here: https://lore.kernel.org/lkml/20200319034030.GX3199@paulmck-ThinkPad-P72/ This effort benefited greatly from off-list discussions of BPF requirements with Alexei Starovoitov and Andrii Nakryiko. At least some of the on-list discussions are captured in the Link: tags below. In addition, KCSAN was quite helpful in finding some early bugs. Link: https://lore.kernel.org/lkml/20200219150744.428764577@infradead.org/ Link: https://lore.kernel.org/lkml/87mu8p797b.fsf@nanos.tec.linutronix.de/ Link: https://lore.kernel.org/lkml/20200225221305.605144982@linutronix.de/ Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com> Cc: Andrii Nakryiko <andriin@fb.com> [ paulmck: Apply feedback from Steve Rostedt and Joel Fernandes. ] [ paulmck: Decrement trc_n_readers_need_end upon IPI failure. ] [ paulmck: Fix locking issue reported by rcutorture. ] Change-Id: I8d076264fb9d08951262eb05b4d109ebe7c41f4f Signed-off-by: Paul E. McKenney <paulmck@kernel.org> |
||
|
Alexei Starovoitov
|
08e13225aa |
BACKPORT: bpf: Add kernel module with user mode driver that populates bpffs.
Add kernel module with user mode driver that populates bpffs with BPF iterators. $ mount bpffs /my/bpffs/ -t bpf $ ls -la /my/bpffs/ total 4 drwxrwxrwt 2 root root 0 Jul 2 00:27 . drwxr-xr-x 19 root root 4096 Jul 2 00:09 .. -rw------- 1 root root 0 Jul 2 00:27 maps.debug -rw------- 1 root root 0 Jul 2 00:27 progs.debug The user mode driver will load BPF Type Formats, create BPF maps, populate BPF maps, load two BPF programs, attach them to BPF iterators, and finally send two bpf_link IDs back to the kernel. The kernel will pin two bpf_links into newly mounted bpffs instance under names "progs.debug" and "maps.debug". These two files become human readable. $ cat /my/bpffs/progs.debug id name attached 11 dump_bpf_map bpf_iter_bpf_map 12 dump_bpf_prog bpf_iter_bpf_prog 27 test_pkt_access 32 test_main test_pkt_access test_pkt_access 33 test_subprog1 test_pkt_access_subprog1 test_pkt_access 34 test_subprog2 test_pkt_access_subprog2 test_pkt_access 35 test_subprog3 test_pkt_access_subprog3 test_pkt_access 36 new_get_skb_len get_skb_len test_pkt_access 37 new_get_skb_ifindex get_skb_ifindex test_pkt_access 38 new_get_constant get_constant test_pkt_access The BPF program dump_bpf_prog() in iterators.bpf.c is printing this data about all BPF programs currently loaded in the system. This information is unstable and will change from kernel to kernel as ".debug" suffix conveys. Change-Id: I17e12383782242c780130f61f35d56f1ce6d8d75 Signed-off-by: Alexei Starovoitov <ast@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/20200819042759.51280-4-alexei.starovoitov@gmail.com |
||
|
KP Singh
|
da90ad3130 |
UPSTREAM: bpf: Introduce BPF_PROG_TYPE_LSM
Introduce types and configs for bpf programs that can be attached to LSM hooks. The programs can be enabled by the config option CONFIG_BPF_LSM. Change-Id: I9949a4e8c5a3ab07dc05089a5267306d6e23087a Signed-off-by: KP Singh <kpsingh@google.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: Brendan Jackman <jackmanb@google.com> Reviewed-by: Florent Revest <revest@google.com> Reviewed-by: Thomas Garnier <thgarnie@google.com> Acked-by: Yonghong Song <yhs@fb.com> Acked-by: Andrii Nakryiko <andriin@fb.com> Acked-by: James Morris <jamorris@linux.microsoft.com> Link: https://lore.kernel.org/bpf/20200329004356.27286-2-kpsingh@chromium.org |
||
|
Daniel Borkmann
|
79b083eb5c |
UPSTREAM: bpf, x86, arm64: Enable jit by default when not built as always-on
After Spectre 2 fix via
|
||
|
Axel Rasmussen
|
459c1ab027 |
BACKPORT: FROMGIT: userfaultfd: add minor fault registration mode
Patch series "userfaultfd: add minor fault handling", v9. Overview ======== This series adds a new userfaultfd feature, UFFD_FEATURE_MINOR_HUGETLBFS. When enabled (via the UFFDIO_API ioctl), this feature means that any hugetlbfs VMAs registered with UFFDIO_REGISTER_MODE_MISSING will *also* get events for "minor" faults. By "minor" fault, I mean the following situation: Let there exist two mappings (i.e., VMAs) to the same page(s) (shared memory). One of the mappings is registered with userfaultfd (in minor mode), and the other is not. Via the non-UFFD mapping, the underlying pages have already been allocated & filled with some contents. The UFFD mapping has not yet been faulted in; when it is touched for the first time, this results in what I'm calling a "minor" fault. As a concrete example, when working with hugetlbfs, we have huge_pte_none(), but find_lock_page() finds an existing page. We also add a new ioctl to resolve such faults: UFFDIO_CONTINUE. The idea is, userspace resolves the fault by either a) doing nothing if the contents are already correct, or b) updating the underlying contents using the second, non-UFFD mapping (via memcpy/memset or similar, or something fancier like RDMA, or etc...). In either case, userspace issues UFFDIO_CONTINUE to tell the kernel "I have ensured the page contents are correct, carry on setting up the mapping". Use Case ======== Consider the use case of VM live migration (e.g. under QEMU/KVM): 1. While a VM is still running, we copy the contents of its memory to a target machine. The pages are populated on the target by writing to the non-UFFD mapping, using the setup described above. The VM is still running (and therefore its memory is likely changing), so this may be repeated several times, until we decide the target is "up to date enough". 2. We pause the VM on the source, and start executing on the target machine. During this gap, the VM's user(s) will *see* a pause, so it is desirable to minimize this window. 3. Between the last time any page was copied from the source to the target, and when the VM was paused, the contents of that page may have changed - and therefore the copy we have on the target machine is out of date. Although we can keep track of which pages are out of date, for VMs with large amounts of memory, it is "slow" to transfer this information to the target machine. We want to resume execution before such a transfer would complete. 4. So, the guest begins executing on the target machine. The first time it touches its memory (via the UFFD-registered mapping), userspace wants to intercept this fault. Userspace checks whether or not the page is up to date, and if not, copies the updated page from the source machine, via the non-UFFD mapping. Finally, whether a copy was performed or not, userspace issues a UFFDIO_CONTINUE ioctl to tell the kernel "I have ensured the page contents are correct, carry on setting up the mapping". We don't have to do all of the final updates on-demand. The userfaultfd manager can, in the background, also copy over updated pages once it receives the map of which pages are up-to-date or not. Interaction with Existing APIs ============================== Because this is a feature, a registered VMA could potentially receive both missing and minor faults. I spent some time thinking through how the existing API interacts with the new feature: UFFDIO_CONTINUE cannot be used to resolve non-minor faults, as it does not allocate a new page. If UFFDIO_CONTINUE is used on a non-minor fault: - For non-shared memory or shmem, -EINVAL is returned. - For hugetlb, -EFAULT is returned. UFFDIO_COPY and UFFDIO_ZEROPAGE cannot be used to resolve minor faults. Without modifications, the existing codepath assumes a new page needs to be allocated. This is okay, since userspace must have a second non-UFFD-registered mapping anyway, thus there isn't much reason to want to use these in any case (just memcpy or memset or similar). - If UFFDIO_COPY is used on a minor fault, -EEXIST is returned. - If UFFDIO_ZEROPAGE is used on a minor fault, -EEXIST is returned (or -EINVAL in the case of hugetlb, as UFFDIO_ZEROPAGE is unsupported in any case). - UFFDIO_WRITEPROTECT simply doesn't work with shared memory, and returns -ENOENT in that case (regardless of the kind of fault). Future Work =========== This series only supports hugetlbfs. I have a second series in flight to support shmem as well, extending the functionality. This series is more mature than the shmem support at this point, and the functionality works fully on hugetlbfs, so this series can be merged first and then shmem support will follow. This patch (of 6): This feature allows userspace to intercept "minor" faults. By "minor" faults, I mean the following situation: Let there exist two mappings (i.e., VMAs) to the same page(s). One of the mappings is registered with userfaultfd (in minor mode), and the other is not. Via the non-UFFD mapping, the underlying pages have already been allocated & filled with some contents. The UFFD mapping has not yet been faulted in; when it is touched for the first time, this results in what I'm calling a "minor" fault. As a concrete example, when working with hugetlbfs, we have huge_pte_none(), but find_lock_page() finds an existing page. This commit adds the new registration mode, and sets the relevant flag on the VMAs being registered. In the hugetlb fault path, if we find that we have huge_pte_none(), but find_lock_page() does indeed find an existing page, then we have a "minor" fault, and if the VMA has the userfaultfd registration flag, we call into userfaultfd to handle it. This is implemented as a new registration mode, instead of an API feature. This is because the alternative implementation has significant drawbacks [1]. However, doing it this was requires we allocate a VM_* flag for the new registration mode. On 32-bit systems, there are no unused bits, so this feature is only supported on architectures with CONFIG_ARCH_USES_HIGH_VMA_FLAGS. When attempting to register a VMA in MINOR mode on 32-bit architectures, we return -EINVAL. [1] https://lore.kernel.org/patchwork/patch/1380226/ Link: https://lkml.kernel.org/r/20210301222728.176417-1-axelrasmussen@google.com Link: https://lkml.kernel.org/r/20210301222728.176417-2-axelrasmussen@google.com Signed-off-by: Axel Rasmussen <axelrasmussen@google.com> Reviewed-by: Peter Xu <peterx@redhat.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Anshuman Khandual <anshuman.khandual@arm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Chinwen Chang <chinwen.chang@mediatek.com> Cc: Huang Ying <ying.huang@intel.com> Cc: Ingo Molnar <mingo@redhat.com> Cc: Jann Horn <jannh@google.com> Cc: Jerome Glisse <jglisse@redhat.com> Cc: Lokesh Gidra <lokeshgidra@google.com> Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Cc: "Michal Koutn" <mkoutny@suse.com> Cc: Michel Lespinasse <walken@google.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Mike Rapoport <rppt@linux.vnet.ibm.com> Cc: Nicholas Piggin <npiggin@gmail.com> Cc: Peter Xu <peterx@redhat.com> Cc: Shaohua Li <shli@fb.com> Cc: Shawn Anastasio <shawn@anastas.io> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Steven Price <steven.price@arm.com> Cc: Vlastimil Babka <vbabka@suse.cz> Cc: Adam Ruprecht <ruprecht@google.com> Cc: Axel Rasmussen <axelrasmussen@google.com> Cc: Cannon Matthews <cannonmatthews@google.com> Cc: "Dr . David Alan Gilbert" <dgilbert@redhat.com> Cc: David Rientjes <rientjes@google.com> Cc: Mina Almasry <almasrymina@google.com> Cc: Oliver Upton <oupton@google.com> Cc: Kirill A. Shutemov <kirill@shutemov.name> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Stephen Rothwell <sfr@canb.auug.org.au> (cherry picked from commit 82a150ec394f6b944e26786b907fc0deab5b2064 https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git akpm) Link: https://lore.kernel.org/patchwork/patch/1388132/ Conflicts: arch/x86/Kconfig fs/userfaultfd.c include/linux/userfaultfd_k.h include/uapi/linux/userfaultfd.h init/Kconfig mm/hugetlb.c (Lack of userfaultfd write-protect support in 5.4 lead to all conflicts. Resolved by carefully rebasing such that write-protect related code doesn't get added) Signed-off-by: Lokesh Gidra <lokeshgidra@google.com> Bug: 160737021 Bug: 169683130 Change-Id: I43b37272d531341439ceaa03213d0e2415e04688 |
||
|
bengris32
|
b7c670dfff |
Merge branch 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip into lineage-22.2
* 'linux-4.19.y-cip' of https://git.kernel.org/pub/scm/linux/kernel/git/cip/linux-cip: x86/bugs: fix backport error in "x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline" CIP: Bump version suffix to -cip121 after merge from cip/linux-4.19.y-st tree Update localversion-st, tree is up-to-date with 5.4.293. x86/bugs: Don't fill RSB on VMEXIT with eIBRS+retpoline clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() PCI: Rename PCI_IRQ_LEGACY to PCI_IRQ_INTX MIPS: cm: Fix warning if MIPS_CM is disabled comedi: jr3_pci: Fix synchronous deletion of timer scsi: pm80xx: Set phy_attached to zero when device is gone ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls selftests: ublk: fix test_stripe_04 KVM: s390: Don't use %pK through tracepoints sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP ntb: reduce stack usage in idt_scan_mws qibfs: fix _another_ leak usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() usb: host: max3421-hcd: Add missing spi_device_id table parisc: PDT: Fix missing prototype warning MIPS: cm: Detect CM quirks from device tree USB: VLI disk crashes if LPM is used usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive usb: dwc3: gadget: check that event count does not exceed event buffer length USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) USB: serial: simple: add OWON HDS200 series oscilloscope support USB: serial: option: add Sierra Wireless EM9291 USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe USB: storage: quirk for ADATA Portable HDD CH94 mcb: fix a double free bug in chameleon_parse_gdd() virtio_console: fix missing byte order handling for cols and rows net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too net_sched: hfsc: Fix a UAF vulnerability in class handling tipc: fix NULL pointer dereference in tipc_mon_reinit_self() net: phy: leds: fix memory leak cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error misc: pci_endpoint_test: Use INTX instead of LEGACY net: dsa: mv88e6xxx: fix VTU methods for 6320 family ext4: fix OOB read when checking dotdot dir ext4: optimize __ext4_check_dir_entry() MIPS: ds1287: Match ds1287_set_base_clock() function types MIPS: cevt-ds1287: Add missing ds1287.h include MIPS: dec: Declare which_prom() as static virtio-net: Add validation for used length openvswitch: fix lockup on tx to unregistering netdev with carrier net: openvswitch: fix race on port output mmc: cqhci: Fix checking of CQHCI_HALT state nvmet-fc: Remove unused functions usb: dwc3: support continuous runtime PM with dual role misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). kbuild: Add '-fno-builtin-wcslen' drm/sti: remove duplicate object names drm/repaper: fix integer overflows in repeat functions module: sign with sha512 instead of sha1 by default isofs: Prevent the use of too small fid i2c: cros-ec-tunnel: defer probe if parent EC is not present hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key btrfs: correctly escape subvol in btrfs_show_options() nfs: move nfs_fhandle_hash to common include file NFSD: Constify @fh argument of knfsd_fh_hash() asus-laptop: Fix an uninitialized variable writeback: fix false warning in inode_to_wb() net: b53: enable BPDU reception for management port net: openvswitch: fix nested key length validation in the set() action Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" Bluetooth: btrtl: Prevent potential NULL dereference Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() scsi: iscsi: Fix missing scsi_host_put() in error path wifi: wl1251: fix memory leak in wl1251_tx_work wifi: mac80211: Purge vif txq in ieee80211_do_stop() wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() wifi: at76c50x: fix use after free access in at76_disconnect HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition Bluetooth: hci_uart: Fix another race during initialization x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() PCI: Fix reference leak in pci_alloc_child_bus() of/irq: Fix device node refcount leakages in of_irq_init() of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() gpio: zynq: Fix wakeup source leaks on device unbind ftrace: Add cond_resched() to ftrace_graph_set_hash() crypto: ccp - Fix check for the primary ASP device thermal/drivers/rockchip: Add missing rk3328 mapping entry sctp: detect and prevent references to a freed transport in sendmsg mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock sparc/mm: disable preemption in lazy mmu mode arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string mtd: inftlcore: Add error check for inftl_read_oob() lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets jbd2: remove wrong sb->s_sequence check ext4: fix off-by-one error in do_split media: venus: hfi_parser: add check to avoid out of bound access media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO media: i2c: ov7251: Set enable GPIO low in probe media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() media: streamzap: prevent processing IR data on URB failure mtd: rawnand: brcmnand: fix PM resume warning arm64: cputype: Add MIDR_CORTEX_A76AE xenfs/xensyms: respect hypervisor's "next" indication media: siano: Fix error handling in smsdvb_module_init() media: venus: hfi: add check to handle incorrect queue size media: venus: hfi: add a check to handle OOB in sfr region media: i2c: adv748x: Fix test pattern selection mask bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags bpf: Add endian modifiers to fix endian warnings fbdev: omapfb: Add 'plane' value check drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off drm/amdkfd: Fix pqm_destroy_queue race with GPU reset drm: allow encoder mode_set even when connectors change for crtc Bluetooth: hci_uart: fix race during initialization tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER net: vlan: don't propagate flags on open scsi: st: Fix array overflow in st_setup() ext4: ignore xattrs past end ext4: protect ext4_release_dquot against freezing ahci: add PCI ID for Marvell 88SE9215 SATA Controller ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode jfs: add sanity check for agwidth in dbMount jfs: Prevent copying of nlink with value 0 from disk inode fs/jfs: Prevent integer overflow in AG size calculation fs/jfs: cast inactags to s64 to prevent potential overflow ALSA: usb-audio: Fix CME quirk for UF series keyboards ALSA: hda: intel: Fix Optimus when GPU has no sound HID: pidff: Fix null pointer dereference in pidff_find_fields HID: pidff: Do not send effect envelope if it's empty HID: pidff: Convert infinite length from Linux API to PID standard perf: arm_pmu: Don't disable counter in armpmu_add() x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine pm: cpupower: bench: Prevent NULL dereference on malloc failure net: ppp: Add bound checking for skb data on ppp_sync_txmung ata: sata_sx4: Add error handling in pdc20621_i2c_read() ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones tipc: fix memory leak in tipc_link_xmit ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() Conflicts: fs/ext4/dir.c Signed-off-by: bengris32 <bengris32@protonmail.ch> Change-Id: Ifff69aae6aeecbbab378fba35b117f05e6076c6e |
||
|
Oleg Nesterov
|
2fc28c13f4 |
sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP
[ Upstream commit 975776841e689dd8ba36df9fa72ac3eca3c2957a ] kernel/sched/isolation.c obviously makes no sense without CONFIG_SMP, but the Kconfig entry we have right now: config CPU_ISOLATION bool "CPU isolation" depends on SMP || COMPILE_TEST allows the creation of pointless .config's which cause build failures. Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Oleg Nesterov <oleg@redhat.com> Signed-off-by: Ingo Molnar <mingo@kernel.org> Link: https://lore.kernel.org/r/20250330134955.GA7910@redhat.com Closes: https://lore.kernel.org/oe-kbuild-all/202503260646.lrUqD3j5-lkp@intel.com/ Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Ulrich Hecht <uli@kernel.org> |
||
|
Thorsten Leemhuis
|
904ca4b37e |
module: sign with sha512 instead of sha1 by default
commit f3b93547b91ad849b58eb5ab2dd070950ad7beb3 upstream. Switch away from using sha1 for module signing by default and use the more modern sha512 instead, which is what among others Arch, Fedora, RHEL, and Ubuntu are currently using for their kernels. Sha1 has not been considered secure against well-funded opponents since 2005[1]; since 2011 the NIST and other organizations furthermore recommended its replacement[2]. This is why OpenSSL on RHEL9, Fedora Linux 41+[3], and likely some other current and future distributions reject the creation of sha1 signatures, which leads to a build error of allmodconfig configurations: 80A20474797F0000:error:03000098:digital envelope routines:do_sigver_init:invalid digest:crypto/evp/m_sigver.c:342: make[4]: *** [.../certs/Makefile:53: certs/signing_key.pem] Error 1 make[4]: *** Deleting file 'certs/signing_key.pem' make[4]: *** Waiting for unfinished jobs.... make[3]: *** [.../scripts/Makefile.build:478: certs] Error 2 make[2]: *** [.../Makefile:1936: .] Error 2 make[1]: *** [.../Makefile:224: __sub-make] Error 2 make[1]: Leaving directory '...' make: *** [Makefile:224: __sub-make] Error 2 This change makes allmodconfig work again and sets a default that is more appropriate for current and future users, too. Link: https://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html [1] Link: https://csrc.nist.gov/projects/hash-functions [2] Link: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustsha1SigVer [3] Signed-off-by: Thorsten Leemhuis <linux@leemhuis.info> Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Tested-by: kdevops <kdevops@lists.linux.dev> [0] Link: https://github.com/linux-kdevops/linux-modules-kpd/actions/runs/11420092929/job/31775404330 [0] Link: https://lore.kernel.org/r/52ee32c0c92afc4d3263cea1f8a1cdc809728aff.1729088288.git.linux@leemhuis.info Signed-off-by: Petr Pavlu <petr.pavlu@suse.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Ulrich Hecht <uli@kernel.org> |
||
|
bengris32
|
dc38585c87 |
Merge branch 'android-4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
* 'android-4.19-stable' of https://android.googlesource.com/kernel/common: Revert "UPSTREAM: unicode: Don't special case ignorable code points" Reapply "UPSTREAM: unicode: Don't special case ignorable code points" Revert "UPSTREAM: unicode: Don't special case ignorable code points" Linux 4.19.325 sh: intc: Fix use-after-free bug in register_intc_controller() modpost: remove incorrect code in do_eisa_entry() 9p/xen: fix release of IRQ 9p/xen: fix init sequence block: return unsigned int from bdev_io_min jffs2: fix use of uninitialized variable ubi: fastmap: Fix duplicate slab cache names while attaching ubifs: Correct the total block count by deducting journal reservation rtc: check if __rtc_read_time was successful in rtc_timer_do_work() NFSv4.0: Fix a use-after-free problem in the asynchronous open() um: Fix the return value of elf_core_copy_task_fpregs rpmsg: glink: Propagate TX failures in intentless mode as well NFSD: Prevent a potential integer overflow lib: string_helpers: silence snprintf() output truncation warning usb: dwc3: gadget: Fix checking for number of TRBs left media: wl128x: Fix atomicity violation in fmc_send_cmd() HID: wacom: Interpret tilt data from Intuos Pro BT as signed values block: fix ordering between checking BLK_MQ_S_STOPPED request adding arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK um: vector: Do not use drvdata in release serial: 8250: omap: Move pm_runtime_get_sync um: net: Do not use drvdata in release um: ubd: Do not use drvdata in release ubi: wl: Put source PEB into correct list if trying locking LEB failed spi: Fix acpi deferred irq probe netfilter: ipset: add missing range check in bitmap_ip_uadt Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" serial: sh-sci: Clean sci_ports[0] after at earlycon exit Revert "usb: gadget: composite: fix OS descriptors w_value logic" ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler PCI: Fix use-after-free of slot->bus on hot remove ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() jfs: xattr: check invalid xattr size more strictly ext4: fix FS_IOC_GETFSMAP handling ext4: supress data-race warnings in ext4_free_inodes_{count,set}() usb: ehci-spear: fix call balance of sehci clk handling routines apparmor: fix 'Do simple duplicate message elimination' misc: apds990x: Fix missing pm_runtime_disable() USB: chaoskey: Fix possible deadlock chaoskey_list_lock USB: chaoskey: fail open after removal usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken marvell: pxa168_eth: fix call balance of pep->clk handling routines net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device power: supply: core: Remove might_sleep() from power_supply_put() vfio/pci: Properly hide first-in-list PCIe extended capability NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() NFSD: Prevent NULL dereference in nfsd4_process_cb_update() rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length rpmsg: glink: Fix GLINK command prefix rpmsg: glink: Send READ_NOTIFY command in FIFO full case rpmsg: glink: Add TX_DATA_CONT command while sending m68k: coldfire/device.c: only build FEC when HW macros are defined m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x PCI: cpqphp: Fix PCIBIOS_* return value confusion PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads perf probe: Correct demangled symbols in C++ program clk: clk-axi-clkgen: make sure to enable the AXI bus clock clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand dt-bindings: clock: axi-clkgen: include AXI clk dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() fbdev/sh7760fb: Alloc DMA memory from hardware device powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static ocfs2: fix uninitialized value in ocfs2_file_read_iter() scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() scsi: fusion: Remove unused variable 'rc' scsi: bfa: Fix use-after-free in bfad_im_module_exit() mfd: rt5033: Fix missing regmap_del_irq_chip() RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey mtd: rawnand: atmel: Fix possible memory leak cpufreq: loongson2: Unregister platform_driver on failure mfd: da9052-spi: Change read-mask to write-mask powerpc/vdso: Flag VDSO64 entry points as functions trace/trace_event_perf: remove duplicate samples on the first tracepoint event netpoll: Use rcu_access_pointer() in netpoll_poll_lock ALSA: 6fire: Release resources at card release ALSA: caiaq: Use snd_card_free_when_closed() at disconnection ALSA: us122l: Use snd_card_free_when_closed() at disconnection net: rfkill: gpio: Add check for clk_enable() drm/etnaviv: hold GPU lock across perfmon sampling drm/etnaviv: fix power register offset on GC300 drm/etnaviv: dump: fix sparse warnings drm/etnaviv: consolidate hardware fence handling in etnaviv_gpu wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() bpf: Fix the xdp_adjust_tail sample prog issue drm/omap: Fix locking in omap_gem_new_dmabuf() wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused firmware: arm_scpi: Check the DVFS OPP count returned by the firmware regmap: irq: Set lockdep class for hierarchical IRQ domains ARM: dts: cubieboard4: Fix DCDC5 regulator constraints mmc: mmc_spi: drop buggy snprintf() soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() time: Fix references to _msecs_to_jiffies() handling of values crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() crypto: bcm - add error check in the ahash_hmac_init function crypto: cavium - Fix the if condition to exit loop after timeout crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY EDAC/fsl_ddr: Fix bad bit shift operations hfsplus: don't query the device logical block size multiple times s390/syscalls: Avoid creation of arch/arch/ directory acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() m68k: mvme147: Reinstate early console m68k: mvme16x: Add and use "mvme16x.h" m68k: mvme147: Fix SCSI controller IRQ numbers initramfs: avoid filename buffer overrun nvme: fix metadata handling in nvme-passthrough proc/softirqs: replace seq_printf with seq_put_decimal_ull_width net: usb: qmi_wwan: add Quectel RG650V x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB selftests/watchdog-test: Fix system accidentally reset after watchdog-test mac80211: fix user-power when emulating chanctx ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet mm: revert "mm: shmem: fix data-race in shmem_getattr()" kbuild: Use uname for LINUX_COMPILE_HOST detection media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint ocfs2: fix UBSAN warning in ocfs2_verify_volume() nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint ocfs2: uncache inode which has failed entering the group netlink: terminate outstanding dump on socket close Linux 4.19.324 9p: fix slab cache name creation for real net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition fs: Fix uninitialized value issue in from_kuid and from_kgid powerpc/powernv: Free name on error in opal_event_init() sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML bpf: use kvzmalloc to allocate BPF verifier environment HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad 9p: Avoid creating multiple slab caches with the same name ALSA: usb-audio: Add endianness annotations vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer ALSA: usb-audio: Add quirks for Dell WD19 dock ALSA: usb-audio: Support jack detection on Dell dock ALSA: usb-audio: Add custom mixer status quirks for RME CC devices ALSA: pcm: Return 0 when size < start_threshold in capture ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() irqchip/gic-v3: Force propagation of the active state with a read-back USB: serial: option: add Quectel RG650V USB: serial: option: add Fibocom FG132 0x0112 composition USB: serial: qcserial: add support for Sierra Wireless EM86xx USB: serial: io_edgeport: fix use after free in debug printk usb: musb: sunxi: Fix accessing an released usb phy fs/proc: fix compile warning about variable 'vmcore_mmap_ops' media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format net: bridge: xmit: make sure we have at least eth header len bytes bonding (gcc13): synchronize bond_{a,t}lb_xmit() types btrfs: reinitialize delayed ref list after deleting it from the list nfs: Fix KMSAN warning in decode_getfattr_attrs() dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow dm cache: fix potential out-of-bounds access on the first resume dm cache: optimize dirty bit checking with find_next_bit when resizing dm cache: fix out-of-bounds access to the dirty bitset when resizing dm cache: correct the number of origin blocks to match the target length drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() media: v4l2-tpg: prevent the risk of a division by zero media: cx24116: prevent overflows on SNR calculus media: s5p-jpeg: prevent buffer overflows ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() media: adv7604: prevent underflow condition when reporting colorspace media: dvb_frontend: don't play tricks with underflow values media: dvbdev: prevent the risk of out of memory access media: stb0899_algo: initialize cfr before using it net: hns3: fix kernel crash when uninstalling driver can: c_can: fix {rx,tx}_errors statistics sctp: properly validate chunk size in sctp_sf_ootb() security/keys: fix slab-out-of-bounds in key_task_permission HID: core: zero-initialize the report buffer ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin ARM: dts: rockchip: drop grf reference from rk3036 hdmi ARM: dts: rockchip: fix rk3036 acodec node arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator Linux 4.19.323 vt: prevent kernel-infoleak in con_font_get() mm: shmem: fix data-race in shmem_getattr() nilfs2: fix kernel bug due to missing clearing of checked flag ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow nilfs2: fix potential deadlock with newly created symlinks wifi: iwlegacy: Clear stale interrupts before resuming device wifi: ath10k: Fix memory leak in management tx wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Revert "driver core: Fix uevent_show() vs driver detach race" xhci: Fix Link TRB DMA in command ring stopped completion event usb: phy: Fix API devm_usb_put_phy() can not release the phy usbip: tools: Fix detach_port() invalid port error path misc: sgi-gru: Don't disable preemption in GRU driver net: amd: mvme147: Fix probe banner message firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() netfilter: nft_payload: sanitize offset and length before calling skb_checksum() net: skip offload for NETIF_F_IPV6_CSUM if ipv6 header contains extension net: support ip generic csum processing in skb_csum_hwoffload_help bpf: Fix out-of-bounds write in trie_get_next_key() net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT gtp: allow -1 to be specified as file description from userspace gtp: simplify error handling code in 'gtp_encap_enable()' wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys cgroup: Fix potential overflow issue when checking max_depth usb: dwc3: core: Stop processing of pending events if controller is halted usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc usb: dwc3: remove generic PHY calibrate() calls xfrm: validate new SA's prefixlen using SA family when sel.family is unset arm64/uprobes: change the uprobe_opcode_t typedef to fix the sparse warning selinux: improve error checking in sel_write_load() hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event nilfs2: fix kernel bug due to missing clearing of buffer delay flag ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue drm/amd: Guard against bad data for ATIF ACPI method ALSA: hda/realtek: Update default depop procedure posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() net: usb: usbnet: fix name regression be2net: fix potential memory leak in be_xmit() net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() jfs: Fix sanity check in dbMount udf: fix uninit-value use in udf_get_fileshortad KVM: s390: gaccess: Check if guest address is in memslot KVM: s390: gaccess: Cleanup access to guest pages KVM: s390: gaccess: Refactor access address range check KVM: s390: gaccess: Refactor gpa and length calculation arm64: probes: Fix uprobes for big-endian kernels arm64:uprobe fix the uprobe SWBP_INSN in big-endian Bluetooth: bnep: fix wild-memory-access in proto_unregister usb: typec: altmode should keep reference to parent net: systemport: fix potential memory leak in bcm_sysport_xmit() net: ethernet: aeroflex: fix potential memory leak in greth_start_xmit_gbit() macsec: don't increment counters for an unrelated SA drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation RDMA/bnxt_re: Return more meaningful error RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP RDMA/bnxt_re: Fix incorrect AVID type in WQE structure clk: Fix slab-out-of-bounds error in devm_clk_release() clk: Fix pointer casting to prevent oops in devm_clk_release() nilfs2: propagate directory read errors from nilfs_find_entry() x86/apic: Always explicitly disarm TSC-deadline timer parport: Proper fix for array out-of-bounds access USB: serial: option: add Telit FN920C04 MBIM compositions USB: serial: option: add support for Quectel EG916Q-GL xhci: Fix incorrect stream context type macro Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 Bluetooth: Remove debugfs directory on module init failure iio: light: opt3001: add missing full-scale range value iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig drm/vmwgfx: Handle surface check failure correctly x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET KVM: s390: Change virtual to physical address access in diag 0x258 handler s390/sclp_vt220: Convert newlines to CRLF instead of LFCR net: dsa: mv88e6xxx: Fix out-of-bound access KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() fat: fix uninitialized variable PCI: Add function 0 DMA alias quirk for Glenfly Arise chip arm64: probes: Fix simulate_ldr*_literal() arm64: probes: Remove broken LDR (literal) uprobe support posix-clock: Fix missing timespec64 check in pc_clock_settime() net: Fix an unsafe loop on the list usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip usb: xhci: Fix problem with xhci resume from suspend Revert "usb: yurex: Replace snprintf() with the safer scnprintf() variant" HID: plantronics: Workaround for an unexcepted opposite volume key CDC-NCM: avoid overflow in sanity checking net: ipv6: ensure we call ipv6_mc_down() at most once ppp: fix ppp_async_encode() illegal access net: ibm: emac: mal: fix wrong goto igb: Do not bring the device up after non-fatal error gpio: aspeed: Use devm_clk api to manage clock source clk: Provide new devm_clk helpers for prepared and enabled clocks clk: generalize devm_clk_get() a bit clk: Add (devm_)clk_get_optional() functions gpio: aspeed: Add the flush write to ensure the write complete. Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change netfilter: br_netfilter: fix panic with metadata_dst skb tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's safe SUNRPC: Fix integer overflow in decode_rc_list() NFS: Remove print_overflow_msg() fbdev: sisfb: Fix strbuf array overflow driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute tools/iio: Add memory allocation failure check for trigger_name usb: chipidea: udc: enable suspend interrupt after usb reset media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() PCI: Mark Creative Labs EMU20k2 INTx masking as broken i2c: i801: Use a different adapter-name for IDF adapters clk: bcm: bcm53573: fix OF node leak in init ktest.pl: Avoid false positives with grub2 skip regex s390/cpum_sf: Remove WARN_ON_ONCE statements ext4: nested locking for xattr inode s390/mm: Add cond_resched() to cmm_alloc/free_pages() s390/facility: Disable compile time optimization for decompressor code bpf: Check percpu map value size first Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal virtio_console: fix misc probe bugs drm/crtc: fix uninitialized variable use even harder drm: Move drm_mode_setcrtc() local re-init to failure path tracing: Remove precision vsnprintf() check from print event net: ethernet: cortina: Drop TSO support ext4: fix inode tree inconsistency caused by ENOMEM ACPI: battery: Fix possible crash when unregistering a battery hook ACPI: battery: Simplify battery hook locking rtc: at91sam9: fix OF node leak in probe() error path rtc: at91sam9: drop platform_data support nfsd: fix delegation_blocked() to block correctly for at least 30 seconds nfsd: use ktime_get_seconds() for timestamps uprobes: fix kernel info leak via "[uprobes]" vma arm64: errata: Expand speculative SSBS workaround once more arm64: cputype: Add Neoverse-N3 definitions arm64: Add Cortex-715 CPU part definition ext4: update orig_path in ext4_find_extent() ext4: fix slab-use-after-free in ext4_split_extent_at() ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path gpio: davinci: fix lazy disable btrfs: wait for fixup workers before stopping cleaner kthread during umount Input: adp5589-keys - fix adp5589_gpio_get_value() tomoyo: fallback to realpath if symlink's pathname does not exist iio: magnetometer: ak8975: Fix reading for ak099xx sensors media: venus: fix use after free bug in venus_remove due to race condition media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags clk: rockchip: fix error for unknown clocks aoe: fix the potential use-after-free problem in more places riscv: define ILLEGAL_POINTER_VALUE for 64bit ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate ocfs2: fix null-ptr-deref when journal load failed. ocfs2: remove unreasonable unlock in ocfs2_read_blocks ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2: reserve space for inline xattr before attaching reflink tree ocfs2: fix uninit-value in ocfs2_get_block() ocfs2: fix the la space leak when unmounting an ocfs2 volume jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error of/irq: Support #msi-cells=<0> in of_msi_get_domain parisc: Fix 64-bit userspace syscall path ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() ext4: fix double brelse() the buffer of the extents path ext4: aovid use-after-free in ext4_ext_insert_extent() ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() ext4: propagate errors from ext4_find_extent() in ext4_insert_range() ext4: no need to continue when the number of entries is 1 ALSA: core: add isascii() check to card ID generator parisc: Fix itlb miss handler for 64-bit programs perf/core: Fix small negative period being ignored spi: bcm63xx: Fix module autoloading i2c: xiic: Wait for TX empty to avoid missed TX NAKs selftests: vDSO: fix vDSO symbols lookup for powerpc64 selftests: breakpoints: use remaining time to check if suspend succeed spi: s3c64xx: fix timeout counters in flush_fifo ext4: fix i_data_sem unlock order in ext4_ind_migrate() ext4: ext4_search_dir should return a proper error of/irq: Refer to actual buffer size in of_irq_parse_one() drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() scsi: aacraid: Rearrange order of struct aac_srb_unit drm/printer: Allow NULL data in devcoredump printer drm/amd/display: Fix index out of bounds in degamma hardware format translation drm/amd/display: Check stream before comparing them jfs: Fix uninit-value access of new_ea in ea_buffer jfs: check if leafidx greater than num leaves per dmap tree jfs: Fix uaf in dbFreeBits jfs: UBSAN: shift-out-of-bounds in dbFindBits ata: sata_sil: Rename sil_blacklist to sil_quirks power: reset: brcmstb: Do not go into infinite loop if reset fails fbdev: pxafb: Fix possible use after free in pxafb_task() ALSA: hdsp: Break infinite MIDI input flush loop ALSA: asihpi: Fix potential OOB array access signal: Replace BUG_ON()s wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() ACPICA: iasl: handle empty connection_node tcp: avoid reusing FIN_WAIT2 when trying to find port in connect() process ipv4: Mask upper DSCP bits and ECN bits in NETLINK_FIB_LOOKUP family ipv4: Check !in_dev earlier for ioctl(SIOCSIFADDR). net: mvpp2: Increase size of queue_name buffer tipc: guard against string buffer overrun ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() ACPI: EC: Do not release locks during operation region accesses ACPICA: Fix memory leak if acpi_ps_get_next_field() fails ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails net: hisilicon: hns_mdio: fix OF node leak in probe() net: hisilicon: hns_dsaf_mac: fix OF node leak in hns_mac_get_info() net: hisilicon: hip04: fix OF node leak in probe() wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() f2fs: Require FMODE_WRITE for atomic write ioctls ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start ipv4: ip_gre: Fix drops of small packets in ipgre_xmit net: add more sanity checks to qdisc_pkt_len_init() net: avoid potential underflow in qdisc_pkt_len_init() with UFO net: ethernet: lantiq_etop: fix memory disclosure r8152: Factor out OOB link list waits netfilter: nf_tables: prevent nf_skb_duplicated corruption netfilter: uapi: NFTA_FLOWTABLE_HOOK is NLA_NESTED ceph: remove the incorrect Fw reference check when dirtying pages mailbox: bcm2835: Fix timeout during suspend mode mailbox: rockchip: fix a typo in module autoloading usb: yurex: Fix inconsistent locking bug in yurex_read() i2c: isch: Add missed 'else' i2c: aspeed: Update the stop sw state when the bus recovery occurs pps: add an error check in parport_attach pps: remove usage of the deprecated ida_simple_xx() API USB: misc: yurex: fix race between read and write usb: yurex: Replace snprintf() with the safer scnprintf() variant soc: versatile: realview: fix soc_dev leak during device remove soc: versatile: realview: fix memory leak during device remove PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler PCI: xilinx-nwl: Use irq_data_get_irq_chip_data() nfs: fix memory leak in error path of nfs4_do_reclaim fs: Fix file_set_fowner LSM hook inconsistencies vfs: fix race between evice_inodes() and find_inode()&iput() f2fs: avoid potential int overflow in sanity_check_area_boundary() f2fs: prevent possible int overflow in dir_block_index() ACPI: sysfs: validate return type of _STR method drbd: Add NULL check for net_conf to prevent dereference in state validation drbd: Fix atomicity violation in drbd_uuid_set_bm() tty: rp2: Fix reset with non forgiving PCIe host bridges firmware_loader: Block path traversal USB: misc: cypress_cy7c63: check for short transfer USB: appledisplay: close race between probe and completion handler soc: versatile: integrator: fix OF node leak in probe() error path Remove *.orig pattern from .gitignore crypto: aead,cipher - zeroize key buffer after use netfilter: ctnetlink: compile ctnetlink_label_size with CONFIG_NF_CONNTRACK_EVENTS net: qrtr: Update packets cloning when broadcasting tcp: check skb is non-NULL in tcp_rto_delta_us() tcp: introduce tcp_skb_timestamp_us() helper net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() coresight: tmc: sg: Do not leak sg_table f2fs: reduce expensive checkpoint trigger frequency f2fs: remove unneeded check condition in __f2fs_setxattr() f2fs: fix to update i_ctime in __f2fs_setxattr() f2fs: fix typo f2fs: enhance to update i_mode and acl atomically in f2fs_setattr() nfsd: call cache_put if xdr_reserve_space returns NULL ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() RDMA/cxgb4: Added NULL check for lookup_atid pinctrl: mvebu: Fix devinit_dove_pinctrl_probe function clk: ti: dra7-atl: Fix leak of of_nodes pinctrl: single: fix missing error code in pcs_probe() RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency PCI: xilinx-nwl: Fix register misspelling drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error clk: rockchip: Set parent rate for DCLK_VOP clock on RK3228 perf time-utils: Fix 32-bit nsec parsing perf sched timehist: Fixed timestamp error when unable to confirm event sched_in time perf sched timehist: Fix missing free of session in perf_sched__timehist() nilfs2: fix potential oob read in nilfs_btree_check_delete() nilfs2: determine empty node blocks as corrupted nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() ext4: avoid OOB when system.data xattr changes underneath the filesystem ext4: return error on ext4_find_inline_entry ext4: avoid negative min_clusters in find_group_orlov() smackfs: Use rcu_assign_pointer() to ensure safe assignment in smk_set_cipso ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard jbd2: introduce/export functions jbd2_journal_submit|finish_inode_data_buffers() kthread: fix task state in kthread worker if being frozen kthread: add kthread_work tracepoints xz: cleanup CRC32 edits from 2018 selftests/bpf: Fix error compiling test_lru_map.c xen/swiotlb: add alignment check for dma buffers xen/swiotlb: simplify range_straddles_page_boundary() xen: use correct end address of kernel for conflict checking drm/msm: fix %s null argument error ipmi: docs: don't advertise deprecated sysfs entries drm/msm/a5xx: fix races in preemption evaluation stage drm/msm/a5xx: properly clear preemption records on resume jfs: fix out-of-bounds in dbNextAG() and diAlloc() drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets drm/rockchip: vop: Allow 4096px width scaling drm/radeon: properly handle vbios fake edid sizing drm/radeon: Replace one-element array with flexible-array member drm/amdgpu: properly handle vbios fake edid sizing drm/amdgpu: Replace one-element array with flexible-array member drm/amd: fix typo drm/stm: Fix an error handling path in stm_drm_platform_probe() fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense hwmon: (ntc_thermistor) fix module autoloading mtd: slram: insert break after errors in parsing the map hwmon: (max16065) Fix overflows seen when writing limits clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() reset: berlin: fix OF node leak in probe() error path ARM: versatile: fix OF node leak in CPUs prepare spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ spi: ppc4xx: handle irq_of_parse_and_map() errors block, bfq: don't break merge chain in bfq_split_bfqq() block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() block, bfq: fix possible UAF for bfqq->bic with merge chain Bluetooth: btusb: Fix not handling ZPL/short-transfer can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() netfilter: nf_tables: elements with timeout below CONFIG_HZ never expire wifi: ath9k: Remove error checks when creating debugfs entries wifi: ath9k: fix parameter check in ath9k_init_debug() ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() USB: serial: pl2303: add device id for Macrosilicon MS3020 gpio: prevent potential speculation leaks in gpio_device_get_desc() ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() ocfs2: add bounds checking to ocfs2_xattr_find_entry() x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency spi: bcm63xx: Enable module autoloading ASoC: tda7419: fix module autoloading wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() net: ftgmac100: Ensure tx descriptor updates are visible microblaze: don't treat zero reserved memory regions as error pinctrl: at91: make it work with current gpiolib ASoC: allow module autoloading for table db1200_pids selftests/kcmp: remove call to ksft_set_plan() selftests/vm: remove call to ksft_set_plan() soundwire: stream: Revert "soundwire: stream: fix programming slave ports for non-continous port maps" net: dpaa: Pad packets to ETH_ZLEN net: ftgmac100: Enable TX interrupt to avoid TX timeout net/mlx5: Update the list of the PCI supported devices arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma scripts: kconfig: merge_config: config files: add a trailing newline net: phy: vitesse: repair vsc73xx autonegotiation net: ethernet: use ip_hdrlen() instead of bit shift usbnet: ipheth: fix carrier detection in modes 1 and 4 staging: iio: frequency: ad9834: Validate frequency parameter value staging: iio: frequency: ad9833: Load clock using clock framework staging: iio: frequency: ad9833: Get frequency value statically Change-Id: Id96e4bf331d59a5f3f52791887390bc747dc31cb Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
Greg Kroah-Hartman
|
874391c94e |
Merge 4.19.325 into android-4.19-stable
Changes in 4.19.325
netlink: terminate outstanding dump on socket close
ocfs2: uncache inode which has failed entering the group
nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
ocfs2: fix UBSAN warning in ocfs2_verify_volume()
nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set
kbuild: Use uname for LINUX_COMPILE_HOST detection
mm: revert "mm: shmem: fix data-race in shmem_getattr()"
ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
mac80211: fix user-power when emulating chanctx
selftests/watchdog-test: Fix system accidentally reset after watchdog-test
x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB
net: usb: qmi_wwan: add Quectel RG650V
proc/softirqs: replace seq_printf with seq_put_decimal_ull_width
nvme: fix metadata handling in nvme-passthrough
initramfs: avoid filename buffer overrun
m68k: mvme147: Fix SCSI controller IRQ numbers
m68k: mvme16x: Add and use "mvme16x.h"
m68k: mvme147: Reinstate early console
acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block()
s390/syscalls: Avoid creation of arch/arch/ directory
hfsplus: don't query the device logical block size multiple times
EDAC/fsl_ddr: Fix bad bit shift operations
crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY
crypto: cavium - Fix the if condition to exit loop after timeout
crypto: bcm - add error check in the ahash_hmac_init function
crypto: cavium - Fix an error handling path in cpt_ucode_load_fw()
time: Fix references to _msecs_to_jiffies() handling of values
soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
mmc: mmc_spi: drop buggy snprintf()
ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
regmap: irq: Set lockdep class for hierarchical IRQ domains
firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused
wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
drm/omap: Fix locking in omap_gem_new_dmabuf()
bpf: Fix the xdp_adjust_tail sample prog issue
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
drm/etnaviv: consolidate hardware fence handling in etnaviv_gpu
drm/etnaviv: dump: fix sparse warnings
drm/etnaviv: fix power register offset on GC300
drm/etnaviv: hold GPU lock across perfmon sampling
net: rfkill: gpio: Add check for clk_enable()
ALSA: us122l: Use snd_card_free_when_closed() at disconnection
ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
ALSA: 6fire: Release resources at card release
netpoll: Use rcu_access_pointer() in netpoll_poll_lock
trace/trace_event_perf: remove duplicate samples on the first tracepoint event
powerpc/vdso: Flag VDSO64 entry points as functions
mfd: da9052-spi: Change read-mask to write-mask
cpufreq: loongson2: Unregister platform_driver on failure
mtd: rawnand: atmel: Fix possible memory leak
RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey
mfd: rt5033: Fix missing regmap_del_irq_chip()
scsi: bfa: Fix use-after-free in bfad_im_module_exit()
scsi: fusion: Remove unused variable 'rc'
scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()
ocfs2: fix uninitialized value in ocfs2_file_read_iter()
powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static
fbdev/sh7760fb: Alloc DMA memory from hardware device
fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format
dt-bindings: clock: axi-clkgen: include AXI clk
clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand
clk: clk-axi-clkgen: make sure to enable the AXI bus clock
perf probe: Correct demangled symbols in C++ program
PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads
PCI: cpqphp: Fix PCIBIOS_* return value confusion
m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
m68k: coldfire/device.c: only build FEC when HW macros are defined
rpmsg: glink: Add TX_DATA_CONT command while sending
rpmsg: glink: Send READ_NOTIFY command in FIFO full case
rpmsg: glink: Fix GLINK command prefix
rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir()
vfio/pci: Properly hide first-in-list PCIe extended capability
power: supply: core: Remove might_sleep() from power_supply_put()
net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration
marvell: pxa168_eth: fix call balance of pep->clk handling routines
net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read()
USB: chaoskey: fail open after removal
USB: chaoskey: Fix possible deadlock chaoskey_list_lock
misc: apds990x: Fix missing pm_runtime_disable()
apparmor: fix 'Do simple duplicate message elimination'
usb: ehci-spear: fix call balance of sehci clk handling routines
ext4: supress data-race warnings in ext4_free_inodes_{count,set}()
ext4: fix FS_IOC_GETFSMAP handling
jfs: xattr: check invalid xattr size more strictly
ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata()
PCI: Fix use-after-free of slot->bus on hot remove
tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler
Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}()
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
Revert "usb: gadget: composite: fix OS descriptors w_value logic"
serial: sh-sci: Clean sci_ports[0] after at earlycon exit
Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
netfilter: ipset: add missing range check in bitmap_ip_uadt
spi: Fix acpi deferred irq probe
ubi: wl: Put source PEB into correct list if trying locking LEB failed
um: ubd: Do not use drvdata in release
um: net: Do not use drvdata in release
serial: 8250: omap: Move pm_runtime_get_sync
um: vector: Do not use drvdata in release
sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
block: fix ordering between checking BLK_MQ_S_STOPPED request adding
HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
media: wl128x: Fix atomicity violation in fmc_send_cmd()
usb: dwc3: gadget: Fix checking for number of TRBs left
lib: string_helpers: silence snprintf() output truncation warning
NFSD: Prevent a potential integer overflow
rpmsg: glink: Propagate TX failures in intentless mode as well
um: Fix the return value of elf_core_copy_task_fpregs
NFSv4.0: Fix a use-after-free problem in the asynchronous open()
rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
ubifs: Correct the total block count by deducting journal reservation
ubi: fastmap: Fix duplicate slab cache names while attaching
jffs2: fix use of uninitialized variable
block: return unsigned int from bdev_io_min
9p/xen: fix init sequence
9p/xen: fix release of IRQ
modpost: remove incorrect code in do_eisa_entry()
sh: intc: Fix use-after-free bug in register_intc_controller()
Linux 4.19.325
Change-Id: I50250c8bd11f9ff4b40da75225c1cfb060e0c258
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
David Disseldorp
|
bb7ac96670 |
initramfs: avoid filename buffer overrun
[ Upstream commit e017671f534dd3f568db9e47b0583e853d2da9b5 ]
The initramfs filename field is defined in
Documentation/driver-api/early-userspace/buffer-format.rst as:
37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data
...
55 ============= ================== =========================
56 Field name Field size Meaning
57 ============= ================== =========================
...
70 c_namesize 8 bytes Length of filename, including final \0
When extracting an initramfs cpio archive, the kernel's do_name() path
handler assumes a zero-terminated path at @collected, passing it
directly to filp_open() / init_mkdir() / init_mknod().
If a specially crafted cpio entry carries a non-zero-terminated filename
and is followed by uninitialized memory, then a file may be created with
trailing characters that represent the uninitialized memory. The ability
to create an initramfs entry would imply already having full control of
the system, so the buffer overrun shouldn't be considered a security
vulnerability.
Append the output of the following bash script to an existing initramfs
and observe any created /initramfs_test_fname_overrunAA* path. E.g.
./reproducer.sh | gzip >> /myinitramfs
It's easiest to observe non-zero uninitialized memory when the output is
gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(),
rather than the initrd_start+initrd_size block.
---- reproducer.sh ----
nilchar="A" # change to "\0" to properly zero terminate / pad
magic="070701"
ino=1
mode=$(( 0100777 ))
uid=0
gid=0
nlink=1
mtime=1
filesize=0
devmajor=0
devminor=1
rdevmajor=0
rdevminor=0
csum=0
fname="initramfs_test_fname_overrun"
namelen=$(( ${#fname} + 1 )) # plus one to account for terminator
printf "%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s" \
$magic $ino $mode $uid $gid $nlink $mtime $filesize \
$devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname
termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) ))
printf "%.s${nilchar}" $(seq 1 $termpadlen)
---- reproducer.sh ----
Symlink filename fields handled in do_symlink() won't overrun past the
data segment, due to the explicit zero-termination of the symlink
target.
Fix filename buffer overrun by aborting the initramfs FSM if any cpio
entry doesn't carry a zero-terminator at the expected (name_len - 1)
offset.
Fixes:
|
||
|
Nikolaus Voss
|
d52038f28f |
init/do_mounts.c: add root=PARTLABEL=<name> support
Support referencing the root partition label from GPT as argument to the root= option on the kernel command line in analogy to referencing the partition uuid as root=PARTUUID=<uuid>. Specifying the partition label instead of the uuid is often much easier, e.g. in embedded environments when there is an A/B rootfs partition scheme for interruptible firmware updates (i.e. rootfsA/ rootfsB). The partition label can be queried with the blkid command. Link: http://lkml.kernel.org/r/20180822060904.828E510665E@pc-niv.weinmann.com Change-Id: Ia7b156d3ef606f678e0e46d66d665f1713b2cea8 Signed-off-by: Nikolaus Voss <nikolaus.voss@loewensteinmedical.de> Reviewed-by: Andrew Morton <akpm@linux-foundation.org> Cc: Dominik Brodowski <linux@dominikbrodowski.net> Cc: Sasha Levin <Alexander.Levin@microsoft.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Jens Axboe <axboe@kernel.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
|
bengris32
|
cb105b6174 |
Merge tag 'ASB-2024-05-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2024-05-01 CVE-2023-4622 * tag 'ASB-2024-05-05_4.19-stable' of https://android.googlesource.com/kernel/common: Revert "timers: Rename del_timer_sync() to timer_delete_sync()" Revert "geneve: make sure to pull inner header in geneve_rx()" Linux 4.19.312 amdkfd: use calloc instead of kzalloc to avoid integer overflow initramfs: fix populate_initrd_image() section mismatch ip_gre: do not report erspan version on GRE interface erspan: Check IFLA_GRE_ERSPAN_VER is set. VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() Bluetooth: btintel: Fixe build regression x86/mm/pat: fix VM_PAT handling in COW mappings virtio: reenable config if freezing device failed drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put() tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc fbmon: prevent division by zero in fb_videomode_from_videomode() fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined tools: iio: replace seekdir() in iio_generic_buffer ktest: force $buildonly = 1 for 'make_warnings_file' test type Input: allocate keycode for Display refresh rate toggle block: prevent division by zero in blk_rq_stat_sum() SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int drm/amd/display: Fix nanosec stat overflow media: sta2x11: fix irq handler cast isofs: handle CDs with bad root inode but good Joliet root directory scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() sysv: don't call sb_bread() with pointers_lock held Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails Bluetooth: btintel: Fix null ptr deref in btintel_read_version btrfs: send: handle path ref underflow in header iterate_inode_ref() btrfs: export: handle invalid inode or root reference in btrfs_get_parent() btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num() arm64: dts: rockchip: fix rk3399 hdmi ports node VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() wifi: ath9k: fix LNA selection in ath_ant_try_scan() ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone ata: sata_mv: Fix PCI device ID table declaration compilation warning ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw erspan: make sure erspan_base_hdr is present in skb->head erspan: Add type I version 0 support. init: open /initrd.image with O_LARGEFILE initramfs: switch initramfs unpacking to struct file based APIs fs: add a vfs_fchmod helper fs: add a vfs_fchown helper initramfs: factor out a helper to populate the initrd image staging: vc04_services: fix information leak in create_component() staging: vc04_services: changen strncpy() to strscpy_pad() staging: mmal-vchiq: Fix client_component for 64 bit kernel staging: mmal-vchiq: Allocate and free components as required staging: mmal-vchiq: Avoid use of bool in structures i40e: fix vf may be used uninitialized in this function warning ipv6: Fix infinite recursion in fib6_dump_done(). selftests: reuseaddr_conflict: add missing new line at the end of the output net: stmmac: fix rx queue priority assignment net/sched: act_skbmod: prevent kernel-infoleak netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped." net/rds: fix possible cp null dereference netfilter: nf_tables: disallow timeout for anonymous sets Bluetooth: Fix TOCTOU in HCI debugfs implementation Bluetooth: hci_event: set the conn encrypted before conn establishes r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d tcp: properly terminate timers for kernel sockets mptcp: add sk_stop_timer_sync helper nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet USB: core: Fix deadlock in usb_deauthorize_interface() scsi: lpfc: Correct size for wqe for memset() x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled scsi: qla2xxx: Fix command flush on cable pull usb: udc: remove warning when queue disabled ep usb: dwc2: gadget: LPM flow fix usb: dwc2: host: Fix ISOC flow in DDMA mode usb: dwc2: host: Fix hibernation flow usb: dwc2: host: Fix remote wakeup from hibernation loop: loop_set_status_from_info() check before assignment loop: Check for overflow while configuring loop loop: Factor out configuring loop from status powerpc: xor_vmx: Add '-mhard-float' to CFLAGS efivarfs: Request at most 512 bytes for variable names perf/core: Fix reentry problem in perf_output_read_group() loop: properly observe rotational flag of underlying device loop: Refactor loop_set_status() size calculation loop: Factor out setting loop device size loop: Remove sector_t truncation checks loop: Call loop_config_discard() only after new config is applied Revert "loop: Check for overflow while configuring loop" btrfs: allocate btrfs_ioctl_defrag_range_args on stack printk: Update @console_may_schedule in console_trylock_spinning() fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs usb: cdc-wdm: close race between read and workqueue exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack() wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes mm/migrate: set swap entry values of THP tail pages properly. mm/memory-failure: fix an incorrect use of tail pages vt: fix memory overlapping when deleting chars in the buffer vt: fix unicode buffer corruption when deleting characters tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled usb: port: Don't try to peer unused USB ports based on location usb: gadget: ncm: Fix handling of zero block length packets USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform xfrm: Avoid clang fortify warning in copy_to_user_tmpl() netfilter: nf_tables: reject constant set with timeout netfilter: nf_tables: disallow anonymous set with timeout flag comedi: comedi_test: Prevent timers rescheduling during deletion ahci: asm1064: asm1166: don't limit reported ports ahci: asm1064: correct count of reported ports x86/CPU/AMD: Update the Zenbleed microcode revisions nilfs2: prevent kernel bug at submit_bh_wbc() nilfs2: use a more common logging style nilfs2: fix failure to detect DAT corruption in btree and direct mappings memtest: use {READ,WRITE}_ONCE in memory scanning drm/vc4: hdmi: do not return negative values from .get_modes() drm/imx/ipuv3: do not return negative values from .get_modes() s390/zcrypt: fix reference counting on zcrypt card objects soc: fsl: qbman: Use raw spinlock for cgr_lock soc: fsl: qbman: Add CGR update function soc: fsl: qbman: Add helper for sanity checking cgr ops soc: fsl: qbman: Always disable interrupts when taking cgr_lock vfio/platform: Disable virqfds on cleanup kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 speakup: Fix 8bit characters from direct synth slimbus: core: Remove usage of the deprecated ida_simple_xx() API ext4: fix corruption during on-line resize hwmon: (amc6821) add of_match table mmc: core: Fix switch on gp3 partition dm-raid: fix lockdep waring in "pers->hot_add_disk" Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"" PCI/PM: Drain runtime-idle callbacks before driver removal PCI: Drop pci_device_remove() test of pci_dev->driver fuse: don't unhash root mmc: tmio: avoid concurrent runs of mmc_request_done() PM: sleep: wakeirq: fix wake irq warning in system suspend USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M USB: serial: option: add MeiG Smart SLM320 product USB: serial: cp210x: add ID for MGP Instruments PDS100 USB: serial: add device ID for VeriFone adapter USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB powerpc/fsl: Fix mfpmr build errors with newer binutils clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays PM: suspend: Set mem_sleep_current during kernel command line setup parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds parisc: Fix csum_ipv6_magic on 64-bit systems parisc: Fix csum_ipv6_magic on 32-bit systems parisc: Fix ip_fast_csum parisc: Do not hardcode registers in checksum functions ubi: correct the calculation of fastmap size ubi: Check for too small LEB size in VTBL code ubifs: Set page uptodate in the correct place fat: fix uninitialized field in nostale filehandles crypto: qat - resolve race condition during AER recovery crypto: qat - fix double free during reset sparc: vDSO: fix return value of __setup handler sparc64: NMI watchdog: fix return value of __setup handler KVM: Always flush async #PF workqueue when vCPU is being destroyed media: xc4000: Fix atomicity violation in xc4000_get_frequency arm: dts: marvell: Fix maxium->maxim typo in brownstone dts ARM: dts: mmp2-brownstone: Don't redeclare phandle references smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity() smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr() wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach timers: Rename del_timer_sync() to timer_delete_sync() timers: Use del_timer_sync() even on UP timers: Update kernel-doc for various functions timers: Prepare support for PREEMPT_RT timer/trace: Improve timer tracing timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps x86/bugs: Use sysfs_emit() x86/cpu: Support AMD Automatic IBRS Documentation/hw-vuln: Update spectre doc Linux 4.19.311 crypto: af_alg - Work around empty control messages without MSG_MORE crypto: af_alg - Fix regression on empty requests spi: spi-mt65xx: Fix NULL pointer access in interrupt handler net/bnx2x: Prevent access to a freed page in page_pool hsr: Handle failures in module init rds: introduce acquire/release ordering in acquire/release_in_xmit() hsr: Fix uninit-value access in hsr_get_node() net: hsr: fix placement of logical operator in a multi-line statement usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin staging: greybus: fix get_channel_from_mode() failure path serial: 8250_exar: Don't remove GPIO device on suspend rtc: mt6397: select IRQ_DOMAIN instead of depending on it kconfig: fix infinite loop when expanding a macro at the end of file tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT serial: max310x: fix syntax error in IRQ error message clk: qcom: gdsc: Add support to update GDSC transition delay NFS: Fix an off by one in root_nfs_cat() net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn scsi: csiostor: Avoid function pointer casts ALSA: usb-audio: Stop parsing channels bits when all channels are found. sparc32: Fix section mismatch in leon_pci_grpci backlight: lp8788: Fully initialize backlight_properties during probe backlight: lm3639: Fully initialize backlight_properties during probe backlight: da9052: Fully initialize backlight_properties during probe backlight: lm3630a: Don't set bl->props.brightness in get_brightness backlight: lm3630a: Initialize backlight_properties on init powerpc/embedded6xx: Fix no previous prototype for avr_uart_send() etc. powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip media: go7007: fix a memleak in go7007_load_encoder media: dvb-frontends: avoid stack overflow warnings with clang media: pvrusb2: fix uaf in pvr2_context_set_notify drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() ASoC: meson: axg-tdm-interface: fix mclk setup without mclk-fs mtd: rawnand: lpc32xx_mlc: fix irq handler prototype crypto: arm/sha - fix function cast warnings crypto: arm - Rename functions to avoid conflict with crypto/sha256.h mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref drm/tegra: put drm_gem_object ref on error in tegra_fb_create clk: hisilicon: hi3519: Release the correct number of gates in hi3519_clk_unregister() PCI: Mark 3ware-9650SE Root Port Extended Tags as broken drm/mediatek: dsi: Fix DSI RGB666 formats and definitions clk: qcom: dispcc-sdm845: Adjust internal GDSC wait times firmware: qcom: scm: Add WLAN VMID for Qualcomm SCM interface media: pvrusb2: fix pvr2_stream_callback casts media: go7007: add check of return value of go7007_read_addr() ALSA: seq: fix function cast warnings drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() quota: Fix rcu annotations of inode dquot pointers quota: Fix potential NULL pointer dereference quota: simplify drop_dquot_ref() quota: check time limit when back out space/inode change fs/quota: erase unused but set variable warning quota: code cleanup for __dquot_alloc_space() clk: qcom: reset: Ensure write completion on reset de/assertion clk: qcom: reset: Commonize the de/assert functions clk: qcom: reset: support resetting multiple bits clk: qcom: reset: Allow specifying custom reset delay media: edia: dvbdev: fix a use-after-free media: dvb-core: Fix use-after-free due to race at dvb_register_device() media: dvbdev: fix error logic at dvb_register_device() media: dvbdev: Fix memleak in dvb_register_device media: media/dvb: Use kmemdup rather than duplicating its implementation media: dvbdev: remove double-unlock media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity media: v4l2-tpg: fix some memleaks in tpg_alloc media: em28xx: annotate unchecked call to media_device_register() ABI: sysfs-bus-pci-devices-aer_stats uses an invalid tag perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() media: tc358743: register v4l2 async device only after successful setup drm/rockchip: lvds: do not print scary message when probing defer drm/rockchip: lvds: do not overwrite error code drm: Don't treat 0 as -1 in drm_fixp2int_ceil drm/rockchip: inno_hdmi: Fix video timing drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() drm/tegra: dsi: Make use of the helper function dev_err_probe() gpu: host1x: mipi: Update tegra_mipi_request() to be node based drm/tegra: dsi: Add missing check for of_find_device_by_node dm: call the resume method on internal suspend dm raid: fix false positive for requeue needed during reshape nfp: flower: handle acti_netdevs allocation failure net/x25: fix incorrect parameter validation in the x25_getsockopt() function net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function udp: fix incorrect parameter validation in the udp_lib_getsockopt() function l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function tcp: fix incorrect parameter validation in the do_tcp_getsockopt() function ipv6: fib6_rules: flush route cache when rule is changed bpf: Fix stackmap overflow check on 32-bit arches bpf: Fix hashtab overflow check on 32-bit arches sr9800: Add check for usbnet_get_endpoints Bluetooth: hci_core: Fix possible buffer overflow Bluetooth: Remove superfluous call to hci_conn_check_pending() igb: Fix missing time sync events igb: move PEROUT and EXTTS isr logic to separate functions mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function SUNRPC: fix some memleaks in gssx_dec_option_array x86, relocs: Ignore relocations in .notes section ACPI: scan: Fix device check notification handling ARM: dts: arm: realview: Fix development chip ROM compatible value wifi: brcmsmac: avoid function pointer casts iommu/amd: Mark interrupt as managed bus: tegra-aconnect: Update dependency to ARCH_TEGRA ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() af_unix: Annotate data-race of gc_in_progress in wait_for_unix_gc(). sock_diag: annotate data-races around sock_diag_handlers[family] wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() wifi: b43: Disable QoS for bcm4331 wifi: b43: Stop correct queue in DMA worker when QoS is disabled b43: main: Fix use true/false for bool type wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled b43: dma: Fix use true/false for bool type variable wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() timekeeping: Fix cross-timestamp interpolation for non-x86 timekeeping: Fix cross-timestamp interpolation corner case decision timekeeping: Fix cross-timestamp interpolation on counter wrap aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts md: Don't clear MD_CLOSING when the raid is about to stop md: implement ->set_read_only to hook into BLKROSET processing block: add a new set_read_only method md: switch to ->check_events for media change notifications fs/select: rework stack allocation hack for clang do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak crypto: algif_aead - Only wake up when ctx->more is zero crypto: af_alg - make some functions static crypto: algif_aead - fix uninitialized ctx->init ASoC: wm8962: Fix up incorrect error message in wm8962_set_fll ASoC: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode ASoC: wm8962: Enable oscillator if selecting WM8962_FLL_OSC Input: gpio_keys_polled - suppress deferred probe error for gpio ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet firewire: core: use long bus reset on gap count error Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security scsi: mpt3sas: Prevent sending diag_reset when the controller is ready dm-verity, dm-crypt: align "struct bvec_iter" correctly block: sed-opal: handle empty atoms when parsing response net/iucv: fix the allocation size of iucv_path_table array MIPS: Clear Cause.BD in instruction_pointer_set x86/xen: Add some null pointer checking to smp.c ASoC: rt5645: Make LattePanda board DMI match more precise Linux 4.19.310 selftests/vm: fix map_hugetlb length used for testing read and write selftests/vm: fix display of page size in map_hugetlb getrusage: use sig->stats_lock rather than lock_task_sighand() getrusage: use __for_each_thread() getrusage: move thread_group_cputime_adjusted() outside of lock_task_sighand() getrusage: add the "signal_struct *sig" local variable y2038: rusage: use __kernel_old_timeval hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed hv_netvsc: use netif_is_bond_master() instead of open code hv_netvsc: Make netvsc/VF binding check both MAC and serial number Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU um: allow not setting extra rpaths in the linux binary selftests: mm: fix map_hugetlb failure on 64K page size systems tools/selftest/vm: allow choosing mem size and page size in map_hugetlb btrfs: ref-verify: free ref cache before clearing mount opt netrom: Fix data-races around sysctl_net_busy_read netrom: Fix a data-race around sysctl_netrom_link_fails_count netrom: Fix a data-race around sysctl_netrom_routing_control netrom: Fix a data-race around sysctl_netrom_transport_no_activity_timeout netrom: Fix a data-race around sysctl_netrom_transport_requested_window_size netrom: Fix a data-race around sysctl_netrom_transport_busy_delay netrom: Fix a data-race around sysctl_netrom_transport_acknowledge_delay netrom: Fix a data-race around sysctl_netrom_transport_maximum_tries netrom: Fix a data-race around sysctl_netrom_transport_timeout netrom: Fix data-races around sysctl_netrom_network_ttl_initialiser netrom: Fix a data-race around sysctl_netrom_obsolescence_count_initialiser netrom: Fix a data-race around sysctl_netrom_default_path_quality netfilter: nf_conntrack_h323: Add protection for bmp length out of range net/rds: fix WARNING in rds_conn_connect_if_down net/ipv6: avoid possible UAF in ip6_route_mpath_notify() geneve: make sure to pull inner header in geneve_rx() net: move definition of pcpu_lstats to header file net: lan78xx: fix runtime PM count underflow on link stop lan78xx: Fix race conditions in suspend/resume handling lan78xx: Fix partial packet errors on suspend/resume lan78xx: Add missing return code checks lan78xx: Fix white space and style issues net: usb: lan78xx: Remove lots of set but unused 'ret' variables Linux 4.19.309 gpio: 74x164: Enable output pins after registers are reset cachefiles: fix memory leak in cachefiles_add_cache() mmc: core: Fix eMMC initialization with 1-bit bus connection btrfs: dev-replace: properly validate device names wifi: nl80211: reject iftype change with mesh ID change gtp: fix use-after-free and null-ptr-deref in gtp_newlink() ALSA: Drop leftover snd-rtctimer stuff from Makefile power: supply: bq27xxx-i2c: Do not free non existing IRQ efi/capsule-loader: fix incorrect allocation size Bluetooth: Enforce validation on max value of connection interval Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST Bluetooth: Avoid potential use-after-free in hci_error_reset net: usb: dm9601: fix wrong return value in dm9601_mdio_read lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected tun: Fix xdp_rxq_info's queue_index when detaching netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter Linux 4.19.308 scripts/bpf: Fix xdp_md forward declaration typo fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() PCI/MSI: Prevent MSI hardware interrupt number truncation s390: use the correct count for __iowrite64_copy() packet: move from strlcpy with unused retval to strscpy ipv6: sr: fix possible use-after-free and null-ptr-deref nouveau: fix function cast warnings scsi: jazz_esp: Only build if SCSI core is builtin bpf, scripts: Correct GPL license name scripts/bpf: teach bpf_helpers_doc.py to dump BPF helper definitions RDMA/srpt: fix function pointer cast warnings RDMA/srpt: Make debug output more detailed RDMA/ulp: Use dev_name instead of ibdev->name RDMA/srpt: Support specifying the srpt_service_guid parameter RDMA/bnxt_re: Return error for SRQ resize IB/hfi1: Fix a memleak in init_credit_return usb: roles: don't get/set_role() when usb_role_switch is unregistered usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs ARM: ep93xx: Add terminator to gpiod_lookup_table l2tp: pass correct message length to ip6_append_data gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() dm-crypt: don't modify the data when using authenticated encryption mm: memcontrol: switch to rcu protection in drain_all_stock() IB/hfi1: Fix sdma.h tx->num_descs off-by-one error pmdomain: renesas: r8a77980-sysc: CR7 must be always on s390/qeth: Fix potential loss of L3-IP@ in case of network issues virtio-blk: Ensure no requests in virtqueues before deleting vqs. firewire: core: send bus reset promptly on gap count error hwmon: (coretemp) Enlarge per package core count limit regulator: pwm-regulator: Add validity checks in continuous .get_voltage ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() ahci: asm1166: correct count of reported ports fbdev: sis: Error out if pixclock equals zero fbdev: savage: Error out if pixclock equals zero wifi: mac80211: fix race condition on enabling fast-xmit wifi: cfg80211: fix missing interfaces when dumping dmaengine: shdma: increase size of 'dev_id' scsi: target: core: Add TMF to tmr_list handling sched/rt: Disallow writing invalid values to sched_rt_period_us sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset sched/rt: Fix sysctl_sched_rr_timeslice intial value userfaultfd: fix mmap_changing checking in mfill_atomic_hugetlb nilfs2: replace WARN_ONs for invalid DAT metadata block requests memcg: add refcnt for pcpu stock to avoid UAF problem in drain_all_stock() net: stmmac: fix notifier registration stmmac: no need to check return value of debugfs_create functions net/sched: Retire dsmark qdisc net/sched: Retire ATM qdisc net/sched: Retire CBQ qdisc Linux 4.19.307 netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() lsm: new security_file_ioctl_compat() hook nilfs2: fix potential bug in end_buffer_async_write sched/membarrier: reduce the ability to hammer on sys_membarrier Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d" pmdomain: core: Move the unused cleanup to a _sync initcall irqchip/irq-brcmstb-l2: Add write memory barrier before exit nfp: use correct macro for LengthSelect in BAR config nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() nilfs2: fix data corruption in dsync block recovery for small block sizes ALSA: hda/conexant: Add quirk for SWS JS201D x86/mm/ident_map: Use gbpages only where full GB page should be mapped. x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 serial: max310x: improve crystal stable clock detection serial: max310x: set default value when reading clock ready bit ring-buffer: Clean ring_buffer_poll_wait() error return staging: iio: ad5933: fix type mismatch regression ext4: fix double-free of blocks due to wrong extents moved_len binder: signal epoll threads of self-work xen-netback: properly sync TX responses nfc: nci: free rx_data_reassembly skb on NCI device cleanup firewire: core: correct documentation of fw_csr_string() kernel API scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" usb: f_mass_storage: forbid async queue when shutdown happen USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT HID: wacom: Do not register input devices until after hid_hw_start HID: wacom: generic: Avoid reporting a serial of '0' to userspace mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again tracing/trigger: Fix to return error if failed to alloc snapshot i40e: Fix waiting for queues of all VSIs to be disabled MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler net: sysfs: Fix /sys/class/net/<iface> path for statistics Documentation: net-sysfs: describe missing statistics ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() spi: ppc4xx: Drop write-only variable btrfs: send: return EOPNOTSUPP on unknown flags btrfs: forbid creating subvol qgroups hrtimer: Report offline hrtimer enqueue vhost: use kzalloc() instead of kmalloc() followed by memset() Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID USB: serial: cp210x: add ID for IMST iM871A-USB USB: serial: option: add Fibocom FM101-GL variant USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e net/af_iucv: clean up a try_then_request_module() netfilter: nft_compat: restrict match/target protocol to u16 netfilter: nft_compat: reject unused compat flag ppp_async: limit MRU to 64K tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() rxrpc: Fix response to PING RESPONSE ACKs to a dead call inet: read sk->sk_family once in inet_recv_error() hwmon: (coretemp) Fix bogus core_id to attr name mapping hwmon: (coretemp) Fix out-of-bounds memory access hwmon: (aspeed-pwm-tacho) mutex for tach reading atm: idt77252: fix a memleak in open_card_ubr0 phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV bonding: remove print in bond_verify_device_path HID: apple: Add 2021 magic keyboard FN key mapping HID: apple: Swap the Fn and Left Control keys on Apple keyboards HID: apple: Add support for the 2021 Magic Keyboard net: sysfs: Fix /sys/class/net/<iface> path af_unix: fix lockdep positive in sk_diag_dump_icons() net: ipv4: fix a memleak in ip_setup_cork netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger llc: call sock_orphan() at release time ipv6: Ensure natural alignment of const ipv6 loopback and router addresses ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550() ixgbe: Refactor overtemp event handling ixgbe: Refactor returning internal error codes ixgbe: Remove non-inclusive language net: remove unneeded break scsi: isci: Fix an error code problem in isci_io_request_build() wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' ceph: fix deadlock or deadcode of misusing dget() blk-mq: fix IO hang from sbitmap wakeup race virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings libsubcmd: Fix memory leak in uniq() usb: hub: Replace hardcoded quirk value with BIT() macro PCI: Only override AMD USB controller if required mfd: ti_am335x_tscadc: Fix TI SoC dependencies um: net: Fix return type of uml_net_start_xmit() um: Don't use vfprintf() for os_info() um: Fix naming clash between UML and scheduler leds: trigger: panic: Don't register panic notifier if creating the trigger failed drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' drm/amdgpu: Let KFD sync with VM fences clk: mmp: pxa168: Fix memory leak in pxa168_clk_init() clk: hi3620: Fix memory leak in hi3620_mmc_clk_init() drm/msm/dpu: Ratelimit framedone timeout msgs media: ddbridge: fix an error code problem in ddb_probe IB/ipoib: Fix mcast list locking drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time ALSA: hda: Intel: add HDA_ARL PCI ID support PCI: add INTEL_HDA_ARL to pci_ids.h media: rockchip: rga: fix swizzling for RGB formats media: stk1160: Fixed high volume of stk1160_dbg messages drm/mipi-dsi: Fix detach call without attach drm/framebuffer: Fix use of uninitialized variable drm/drm_file: fix use of uninitialized variable RDMA/IPoIB: Fix error code return in ipoib_mcast_join fast_dput(): handle underflows gracefully ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument f2fs: fix to check return value of f2fs_reserve_new_block() wifi: cfg80211: free beacon_ies when overridden from hidden BSS wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices md: Whenassemble the array, consult the superblock of the freshest device ARM: dts: imx23/28: Fix the DMA controller node name ARM: dts: imx23-sansa: Use preferred i2c-gpios properties ARM: dts: imx27-apf27dev: Fix LED name ARM: dts: imx1: Fix sram node ARM: dts: imx27: Fix sram node ARM: dts: imx: Use flash@0,0 pattern ARM: dts: imx25/27-eukrea: Fix RTC node name ARM: dts: rockchip: fix rk3036 hdmi ports node scsi: libfc: Fix up timeout error in fc_fcp_rec_error() scsi: libfc: Don't schedule abort twice bpf: Add map and need_defer parameters to .map_fd_put_ptr() wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() ARM: dts: imx7s: Fix nand-controller #size-cells ARM: dts: imx7s: Fix lcdif compatible bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk PCI: Add no PM reset quirk for NVIDIA Spectrum devices scsi: lpfc: Fix possible file string name overflow when updating firmware ext4: avoid online resizing failures due to oversized flex bg ext4: remove unnecessary check from alloc_flex_gd() ext4: unify the type of flexbg_size to unsigned int ext4: fix inconsistent between segment fstrim and full fstrim SUNRPC: Fix a suspicious RCU usage warning KVM: s390: fix setting of fpc register s390/ptrace: handle setting of fpc register correctly jfs: fix array-index-out-of-bounds in diNewExt rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock() afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() crypto: stm32/crc32 - fix parsing list of devices pstore/ram: Fix crash when setting number of cpus to an odd number jfs: fix uaf in jfs_evict_inode jfs: fix array-index-out-of-bounds in dbAdjTree jfs: fix slab-out-of-bounds Read in dtSearch UBSAN: array-index-out-of-bounds in dtSplitRoot FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree ACPI: extlog: fix NULL pointer dereference check PNP: ACPI: fix fortify warning ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop audit: Send netlink ACK before setting connection in auditd_set powerpc/lib: Validate size for vector operations powerpc/mm: Fix build failures due to arch_reserved_kernel_pages() powerpc: Fix build error due to is_valid_bugaddr() powerpc/mm: Fix null-pointer dereference in pgtable_cache_add net/sched: cbs: Fix not adding cbs instance to list x86/entry/ia32: Ensure s32 is sign extended to s64 tick/sched: Preserve number of idle sleeps across CPU hotplug events mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan gpio: eic-sprd: Clear interrupt after set the interrupt type drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume drm/bridge: nxp-ptn3460: simplify some error checking drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking drm: Don't unref the same fb many times by mistake due to deadlock handling gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 netfilter: nf_tables: reject QUEUE/DROP verdict parameters btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args btrfs: don't warn if discard range is not aligned to sector net: fec: fix the unhandled context fault from smmu fjes: fix memleaks in fjes_hw_setup netfilter: nf_tables: restrict anonymous set and map names to 16 bytes net/mlx5e: fix a double-free in arfs_create_groups net/mlx5: Use kfree(ft->g) in arfs_create_groups() netlink: fix potential sleeping issue in mqueue_flush_file Conflicts: drivers/gpu/drm/mediatek/mtk_dsi.c (used ours) kernel/time/timer.c mm/memory-failure.c Change-Id: I9b993a4082cf508287c664e1f8c709558d9cd903 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
56175d5f73 |
Merge tag 'ASB-2023-09-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/docs/security/bulletin/2023-09-01 * tag 'ASB-2023-09-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.294 Revert "ARM: ep93xx: fix missing-prototype warnings" Revert "MIPS: Alchemy: fix dbdma2" Linux 4.19.293 dma-buf/sw_sync: Avoid recursive lock during fence signal clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' scsi: core: raid_class: Remove raid_component_add() scsi: snic: Fix double free in snic_tgt_create() irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable rtnetlink: Reject negative ifindexes in RTM_NEWLINK netfilter: nf_queue: fix socket leak sched/rt: pick_next_rt_entity(): check list_entry mmc: block: Fix in_flight[issue_type] value error x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus media: vcodec: Fix potential array out-of-bounds in encoder queue_setup lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels batman-adv: Fix batadv_v_ogm_aggr_send memory leak batman-adv: Fix TT global entry leak when client roamed back batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Don't increase MTU when set by user batman-adv: Trigger events for auto adjusted MTU nfsd: Fix race to FREE_STATEID and cl_revoked ibmveth: Use dcbf rather than dcbfl ipvs: fix racy memcpy in proc_do_sync_threshold ipvs: Improve robustness to the ipvs sysctl bonding: fix macvlan over alb bond support net: remove bond_slave_has_mac_rcu() net/sched: fix a qdisc modification with ambiguous command request igb: Avoid starting unnecessary workqueues dccp: annotate data-races in dccp_poll() sock: annotate data-races around prot->memory_pressure tracing: Fix memleak due to race between current_tracer and trace drm/amd/display: check TG is non-null before checking if enabled drm/amd/display: do not wait for mpc idle if tg is disabled regmap: Account for register length in SMBus I/O limits dm integrity: reduce vmalloc space footprint on 32-bit architectures dm integrity: increase RECALC_SECTORS to improve recalculate speed powerpc: Fail build if using recordmcount with binutils v2.37 powerpc: remove leftover code of old GCC version checks powerpc/32: add stack protector support fbdev: fix potential OOB read in fast_imageblit() fbdev: Fix sys_imageblit() for arbitrary image widths fbdev: Improve performance of sys_imageblit() tty: serial: fsl_lpuart: add earlycon for imx8ulp platform Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" MIPS: cpu-features: Use boot_cpu_type for CPU type based features MIPS: cpu-features: Enable octeon_cache by cpu_type fs: dlm: fix mismatch of plock results from userspace fs: dlm: use dlm_plock_info for do_unlock_close fs: dlm: change plock interrupted message to debug again fs: dlm: add pid to debug log dlm: replace usage of found with dedicated list iterator variable dlm: improve plock logging if interrupted PCI: acpiphp: Reassign resources on bridge if necessary net: phy: broadcom: stub c45 read/write for 54810 net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled virtio-net: set queues after driver_ok af_unix: Fix null-ptr-deref in unix_stream_sendpage(). netfilter: set default timeout to 3 secs for sctp shutdown send and recv state test_firmware: prevent race conditions by a correct implementation of locking mmc: wbsd: fix double mmc_free_host() in wbsd_init() cifs: Release folio lock on fscache read hit. ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. serial: 8250: Fix oops for port->pm on uart_change_pm() ASoC: meson: axg-tdm-formatter: fix channel slot allocation ASoC: rt5665: add missed regulator_bulk_disable net: do not allow gso_size to be set to GSO_BY_FRAGS sock: Fix misuse of sk_under_memory_pressure() i40e: fix misleading debug logs team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves netfilter: nft_dynset: disallow object maps selftests: mirror_gre_changes: Tighten up the TTL test match xfrm: add NULL check in xfrm_update_ae_params ip_vti: fix potential slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 xfrm: fix slab-use-after-free in decode_session6 xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c net: af_key: fix sadb_x_filter validation net: xfrm: Fix xfrm_address_filter OOB read btrfs: fix BUG_ON condition in btrfs_cancel_balance powerpc/rtas_flash: allow user copy to flash block cache objects fbdev: mmp: fix value check in mmphw_probe() virtio-mmio: don't break lifecycle of vm_dev virtio-mmio: Use to_virtio_mmio_device() to simply code virtio-mmio: convert to devm_platform_ioremap_resource nfsd: Remove incorrect check in nfsd4_validate_stateid nfsd4: kill warnings on testing stateids with mismatched clientids block: fix signed int overflow in Amiga partition support mmc: sunxi: fix deferred probing mmc: bcm2835: fix deferred probing mmc: Remove dev_err() usage after platform_get_irq() mmc: tmio: move tmio_mmc_set_clock() to platform hook mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock() mmc: meson-gx: remove redundant mmc_request_done() call from irq context mmc: meson-gx: remove useless lock USB: dwc3: qcom: fix NULL-deref on suspend usb: dwc3: qcom: Add helper functions to enable,disable wake irqs irqchip/mips-gic: Use raw spinlock for gic_lock irqchip/mips-gic: Get rid of the reliance on irq_cpu_online() x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms powerpc/64s/radix: Fix soft dirty tracking powerpc: Move page table dump files in a dedicated subdirectory powerpc/mm: dump block address translation on book3s/32 powerpc/mm: dump segment registers on book3s/32 powerpc/mm: Move pgtable_t into platform headers powerpc/mm: move platform specific mmu-xxx.h in platform directories iio: addac: stx104: Fix race condition when converting analog-to-digital iio: addac: stx104: Fix race condition for stx104_write_raw() iio: adc: stx104: Implement and utilize register structures iio: adc: stx104: Utilize iomap interface iio: add addac subdirectory IMA: allow/fix UML builds drm/amdgpu: Fix potential fence use-after-free v2 Bluetooth: L2CAP: Fix use-after-free pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() gfs2: Fix possible data races in gfs2_show_options() media: platform: mediatek: vpu: fix NULL ptr dereference media: v4l2-mem2mem: add lock to protect parameter num_rdy FS: JFS: Check for read-only mounted filesystem in txBegin FS: JFS: Fix null-ptr-deref Read in txBegin MIPS: dec: prom: Address -Warray-bounds warning fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev udf: Fix uninitialized array access for some pathnames HID: add quirk for 03f0:464a HP Elite Presenter Mouse quota: fix warning in dqgrab() quota: Properly disable quotas when add_dquot_ref() fails ALSA: emu10k1: roll up loops in DSP setup code for Audigy drm/radeon: Fix integer overflow in radeon_cs_parser_init selftests: forwarding: tc_flower: Relax success criterion lib/mpi: Eliminate unused umul_ppmm definitions for MIPS Revert "posix-timers: Ensure timer ID search-loop limit is valid" UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Linux 4.19.292 sch_netem: fix issues in netem_change() vs get_dist_table() alpha: remove __init annotation from exported page_is_ram() scsi: core: Fix possible memory leak if device_add() fails scsi: snic: Fix possible memory leak if device_add() fails scsi: 53c700: Check that command slot is not NULL scsi: storvsc: Fix handling of virtual Fibre Channel timeouts scsi: core: Fix legacy /proc parsing buffer overflow netfilter: nf_tables: report use refcount overflow netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush btrfs: don't stop integrity writeback too early ibmvnic: Handle DMA unmapping of login buffs in release functions wifi: cfg80211: fix sband iftype data lookup for AP_VLAN IB/hfi1: Fix possible panic during hotplug remove drivers: net: prevent tun_build_skb() to exceed the packet size limit dccp: fix data-race around dp->dccps_mss_cache bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves net/packet: annotate data-races around tp->status mISDN: Update parameter type of dsp_cmx_send() drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes x86: Move gds_ucode_mitigated() declaration to header x86/mm: Fix VDSO and VVAR placement on 5-level paging machines x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 usb: dwc3: Properly handle processing of pending events usb-storage: alauda: Fix uninit-value in alauda_check_media() binder: fix memory leak in binder_init() iio: cros_ec: Fix the allocation size for cros_ec_command nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput radix tree test suite: fix incorrect allocation size for pthreads drm/nouveau/gr: enable memory loads on helper invocation on all channels dmaengine: pl330: Return DMA_PAUSED when transaction is paused ipv6: adjust ndisc_is_useropt() to also return true for PIO mmc: moxart: read scr register without changing byte order sparc: fix up arch_cpu_finalize_init() build breakage. UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free Linux 4.19.291 drm/edid: fix objtool warning in drm_cvt_modes() arm64: dts: stratix10: fix incorrect I2C property for SCL signal drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node ARM: dts: imx6sll: fixup of operating points ARM: dts: imx: add usb alias ARM: dts: imx6sll: Make ssi node name same as other platforms PM: sleep: wakeirq: fix wake irq arming PM / wakeirq: support enabling wake-up irq after runtime_suspend called powerpc/mm/altmap: Fix altmap boundary check mtd: rawnand: omap_elm: Fix incorrect type in assignment test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation test_firmware: fix a memory leak with reqs buffer ext2: Drop fragment support net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb fs/sysv: Null check to prevent null-ptr-deref bug USB: zaurus: Add ID for A-300/B-500/C-700 libceph: fix potential hang in ceph_osdc_notify() scsi: zfcp: Defer fc_rport blocking until after ADISC response tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen tcp_metrics: annotate data-races around tm->tcpm_net tcp_metrics: annotate data-races around tm->tcpm_vals[] tcp_metrics: annotate data-races around tm->tcpm_lock tcp_metrics: annotate data-races around tm->tcpm_stamp tcp_metrics: fix addr_same() helper ip6mr: Fix skb_under_panic in ip6mr_cache_report() net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free net: add missing data-race annotation for sk_ll_usec net: add missing data-race annotations around sk->sk_peek_off net: sched: cls_u32: Fix match key mis-addressing perf test uprobe_from_different_cu: Skip if there is no gcc net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() KVM: s390: fix sthyi error handling word-at-a-time: use the same return type for has_zero regardless of endianness loop: Select I/O scheduler 'none' from inside add_disk() perf: Fix function pointer case net/sched: cls_u32: Fix reference counter leak leading to overflow ASoC: cs42l51: fix driver to properly autoload with automatic module loading net/sched: sch_qfq: account for stab overhead in qfq_enqueue net/sched: cls_fw: Fix improper refcount update leads to use-after-free drm/client: Fix memory leak in drm_client_target_cloned dm cache policy smq: ensure IO doesn't prevent cleaner policy progress ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register s390/dasd: fix hanging device after quiesce/resume virtio-net: fix race between set queues and probe serial: 8250_dw: Preserve original value of DLF register serial: 8250_dw: split Synopsys DesignWare 8250 common functions irq-bcm6345-l1: Do not assume a fixed block to cpu mapping tpm_tis: Explicitly check for error code btrfs: check for commit error at btrfs_attach_transaction_barrier() hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Documentation: security-bugs.rst: clarify CVE handling Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group usb: xhci-mtk: set the dma max_seg_size USB: quirks: add quirk for Focusrite Scarlett usb: ohci-at91: Fix the unhandle interrupt when resume usb: dwc3: don't reset device side if dwc3 was configured as host-only usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED USB: serial: simple: sort driver entries USB: serial: simple: add Kaufmann RKS+CAN VCP USB: serial: option: add Quectel EC200A module support USB: serial: option: support Quectel EM060K_128 tracing: Fix warning in trace_buffered_event_disable() ring-buffer: Fix wrong stat of cpu_buffer->read ata: pata_ns87415: mark ns87560_tf_read static dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths block: Fix a source code comment in include/uapi/linux/blkzoned.h ASoC: fsl_spdif: Silence output on stop drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() RDMA/mlx4: Make check for invalid flags stricter benet: fix return value check in be_lancer_xmit_workarounds() net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 net/sched: mqprio: add extack to mqprio_parse_nlattr() net/sched: mqprio: refactor nlattr parsing to a separate function platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 team: reset team's flags when down link is P2P device bonding: reset bond's flags when down link is P2P device tcp: Reduce chance of collisions in inet6_hashfn(). ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address ethernet: atheros: fix return value check in atl1e_tso_csum() phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() ext4: fix to check return value of freeze_bdev() in ext4_shutdown() scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() ftrace: Store the order of pages allocated in ftrace_page ftrace: Check if pages were allocated before calling free_pages() ftrace: Add information on number of page groups allocated fs: dlm: interrupt posix locks only when process is killed dlm: rearrange async condition return dlm: cleanup plock_op vs plock_xop PCI/ASPM: Avoid link retraining race PCI/ASPM: Factor out pcie_wait_for_retrain() PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() PCI: Rework pcie_retrain_link() wait loop ext4: Fix reusing stale buffer heads from last failed mounting ext4: rename journal_dev to s_journal_dev inside ext4_sb_info btrfs: fix extent buffer leak after tree mod log failure at split_node() bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent bcache: remove 'int n' from parameter list of bch_bucket_alloc_set() bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set gpio: tps68470: Make tps68470_gpio_output() always set the initial value tracing/histograms: Return an error if we fail to add histogram to hist_vars list tcp: annotate data-races around fastopenq.max_qlen tcp: annotate data-races around tp->notsent_lowat tcp: annotate data-races around rskq_defer_accept tcp: annotate data-races around tp->linger2 net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX netfilter: nf_tables: can't schedule in nft_chain_validate netfilter: nf_tables: fix spurious set element insertion failure llc: Don't drop packet from non-root netns. fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe Revert "tcp: avoid the lookup process failing to get sk in ehash table" net:ipv6: check return value of pskb_trim() net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() pinctrl: amd: Use amd_pinconf_set() for all config options fbdev: imxfb: warn about invalid left/right margin spi: bcm63xx: fix max prepend length igb: Fix igb_down hung on surprise removal wifi: iwlwifi: mvm: avoid baid size integer overflow wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() bpf: Address KCSAN report on bpf_lru_list sched/fair: Don't balance task to its current running CPU posix-timers: Ensure timer ID search-loop limit is valid md/raid10: prevent soft lockup while flush writes md: fix data corruption for raid456 when reshape restart while grow up nbd: Add the maximum limit of allocated index in nbd_dev_add debugobjects: Recheck debug_objects_enabled before reporting ext4: correct inline offset when handling xattrs in inode body can: bcm: Fix UAF in bcm_proc_show() fuse: revalidate: don't invalidate if interrupted perf probe: Add test for regression introduced by switch to die_get_decl_file() tracing/histograms: Add histograms to hist_vars if they have referenced variables drm/atomic: Fix potential use-after-free in nonblocking commits scsi: qla2xxx: Pointer may be dereferenced scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Wait for io return on terminate rport xtensa: ISS: fix call to split_if_spec ring-buffer: Fix deadloop issue on reading trace_pipe tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Revert "8250: add support for ASIX devices with a FIFO bug" meson saradc: fix clock divider mask length ceph: don't let check_caps skip sending responses for revoke msgs hwrng: imx-rngc - fix the timeout for init and self check serial: atmel: don't enable IRQs prematurely fs: dlm: return positive pid value for F_GETLK md/raid0: add discard support for the 'original' layout misc: pci_endpoint_test: Re-init completion for every test misc: pci_endpoint_test: Free IRQs before removing the device PCI: rockchip: Use u32 variable to access 32-bit registers PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: qcom: Disable write access to read only registers for IP v2.3.3 PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold jfs: jfs_dmap: Validate db_l2nbperpage while mounting ext4: only update i_reserved_data_blocks on successful block allocation ext4: fix wrong unit use in ext4_mb_clear_bb perf intel-pt: Fix CYC timestamps after standalone CBR SUNRPC: Fix UAF in svc_tcp_listen_data_ready() net: bcmgenet: Ensure MDIO unregistration has clocks enabled tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation pinctrl: amd: Only use special debounce behavior for GPIO 0 pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Fix mistake in handling clearing pins at startup net/sched: make psched_mtu() RTNL-less safe wifi: airo: avoid uninitialized warning in airo_get_rate() ipv6/addrconf: fix a potential refcount underflow for idev NTB: ntb_tool: Add check for devm_kcalloc NTB: ntb_transport: fix possible memory leak while device_register() fails ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: idt: Fix error handling in idt_pci_driver_init() udp6: fix udp6_ehashfn() typo icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). vrf: Increment Icmp6InMsgs on the original netdev net: mvneta: fix txq_map in case of txq_number==1 workqueue: clean up WORK_* constant types, clarify masking net: lan743x: Don't sleep in atomic context netfilter: nf_tables: prevent OOB access in nft_byteorder_eval netfilter: conntrack: Avoid nf_ct_helper_hash uses after free netfilter: nf_tables: fix scheduling-while-atomic splat netfilter: nf_tables: unbind non-anonymous set if rule construction fails netfilter: nf_tables: reject unbound anonymous set before commit phase netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE netfilter: nf_tables: use net_generic infra for transaction data netfilter: add helper function to set up the nfnetlink header and use it netfilter: nftables: add helper function to set the base sequence number netfilter: nf_tables: add rescheduling points during loop detection walks netfilter: nf_tables: fix nat hook table deletion spi: spi-fsl-spi: allow changing bits_per_word while CS is still active spi: spi-fsl-spi: relax message sanity checking a little spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg ARM: orion5x: fix d2net gpio initialization btrfs: fix race when deleting quota root from the dirty cow roots list jffs2: reduce stack usage in jffs2_build_xattr_subsystem() integrity: Fix possible multiple allocation in integrity_inode_get() bcache: Remove unnecessary NULL point check in node allocations mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M mmc: core: disable TRIM on Kingston EMMC04G-M627 NFSD: add encoding of op_recall flag for write delegation ALSA: jack: Fix mutex call in snd_jack_report() i2c: xiic: Don't try to handle more interrupt events after error i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() sh: dma: Fix DMA channel offset calculation net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX tcp: annotate data races in __tcp_oow_rate_limited() net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y f2fs: fix error path handling in truncate_dnode() mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Add MODULE_FIRMWARE() for FIRMWARE_TG357766. sctp: fix potential deadlock on &net->sctp.addr_wq_lock rtc: st-lpc: Release some resources in st_rtc_probe() in case of error mfd: stmpe: Only disable the regulators if they are enabled mfd: intel-lpss: Add missing check for platform_get_resource KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes mfd: rt5033: Drop rt5033-battery sub-device usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() extcon: Fix kernel doc of property capability fields to avoid warnings extcon: Fix kernel doc of property fields to avoid warnings media: usb: siano: Fix warning due to null work_func_t function pointer media: videodev2.h: Fix struct v4l2_input tuner index comment media: usb: Check az6007_read() return value sh: j2: Use ioremap() to translate device tree address into kernel memory w1: fix loop in w1_fini() block: change all __u32 annotations to __be32 in affs_hardblocks.h USB: serial: option: add LARA-R6 01B PIDs ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard ARCv2: entry: rewrite to enable use of double load/stores LDD/STD ARCv2: entry: avoid a branch ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE ARCv2: entry: comments about hardware auto-save on taken interrupts modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} modpost: fix section mismatch message for R_ARM_ABS32 crypto: nx - fix build warnings when DEBUG_FS is not enabled hwrng: virtio - Fix race on data_avail and actual data hwrng: virtio - always add a pending request hwrng: virtio - don't waste entropy hwrng: virtio - don't wait on cleanup hwrng: virtio - add an internal buffer pinctrl: at91-pio4: check return value of devm_kasprintf() perf dwarf-aux: Fix off-by-one in die_get_varname() pinctrl: cherryview: Return correct value if pin in push-pull mode PCI: Add pci_clear_master() stub for non-CONFIG_PCI scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer drm/radeon: fix possible division-by-zero errors fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors soc/fsl/qe: fix usb.c build errors ASoC: es8316: Increment max value for ALC Capture Target Volume control ARM: ep93xx: fix missing-prototype warnings drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Input: adxl34x - do not hardcode interrupt trigger type ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Input: drv260x - sleep between polling GO bit radeon: avoid double free in ci_dpm_init() netlink: Add __sock_i_ino() for __netlink_diag_dump(). ipvlan: Fix return value of ipvlan_queue_xmit() netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. lib/ts_bm: reset initial match offset for every block of text gtp: Fix use-after-free in __gtp_encap_destroy(). netlink: do not hard code device address lenth in fdb dumps netlink: fix potential deadlock in netlink_set_err() wifi: ath9k: convert msecs to jiffies where needed wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() memstick r592: make memstick_debug_get_tpc_name() static kexec: fix a memory leak in crash_shrink_memory() watchdog/perf: more properly prevent false positives with turbo modes watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes wifi: ray_cs: Fix an error handling path in ray_probe() wifi: ray_cs: Drop useless status variable in parse_addr() wifi: ray_cs: Utilize strnlen() in parse_addr() wifi: wl3501_cs: Fix an error handling path in wl3501_probe() wl3501_cs: use eth_hw_addr_set() net: create netdev->dev_addr assignment helpers wl3501_cs: Fix misspelling and provide missing documentation wl3501_cs: Remove unnecessary NULL check wl3501_cs: Fix a bunch of formatting issues related to function docs wifi: atmel: Fix an error handling path in atmel_probe() wifi: orinoco: Fix an error handling path in orinoco_cs_probe() wifi: orinoco: Fix an error handling path in spectrum_cs_probe() nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() nfc: constify several pointers to u8, char and sk_buff wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() samples/bpf: Fix buffer overflow in tcp_basertt wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation evm: Complete description of evm_inode_setattr() ARM: 9303/1: kprobes: avoid missing-declaration warnings PM: domains: fix integer overflow issues in genpd_parse_state() clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe clocksource/drivers/cadence-ttc: Use ttc driver as platform driver clocksource/drivers: Unify the names to timer-* format irqchip/jcore-aic: Fix missing allocation of IRQ descriptors irqchip/jcore-aic: Kill use of irq_create_strict_mappings() md/raid10: fix io loss while replacement replace rdev md/raid10: fix wrong setting of max_corr_read_errors md/raid10: fix overflow of md/safe_mode_delay md/raid10: check slab-out-of-bounds in md_bitmap_get_counter treewide: Remove uninitialized_var() usage drm/amdgpu: Validate VM ioctl flags. scripts/tags.sh: Resolve gtags empty index generation drm/edid: Fix uninitialized variable in drm_cvt_modes() fbdev: imsttfb: Fix use after free bug in imsttfb_probe video: imsttfb: check for ioremap() failures x86/smp: Use dedicated cache-line for mwait_play_dead() gfs2: Don't deref jdesc in evict Linux 4.19.290 x86: fix backwards merge of GDS/SRSO bit xen/netback: Fix buffer overrun triggered by unusual packet Documentation/x86: Fix backwards on/off logic about YMM support x86/xen: Fix secondary processors' FPU initialization KVM: Add GDS_NO support to KVM x86/speculation: Add Kconfig option for GDS x86/speculation: Add force option to GDS mitigation x86/speculation: Add Gather Data Sampling mitigation x86/fpu: Move FPU initialization into arch_cpu_finalize_init() x86/fpu: Mark init functions __init x86/fpu: Remove cpuinfo argument from init functions init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() init: Invoke arch_cpu_finalize_init() earlier init: Remove check_bugs() leftovers um/cpu: Switch to arch_cpu_finalize_init() sparc/cpu: Switch to arch_cpu_finalize_init() sh/cpu: Switch to arch_cpu_finalize_init() mips/cpu: Switch to arch_cpu_finalize_init() m68k/cpu: Switch to arch_cpu_finalize_init() ia64/cpu: Switch to arch_cpu_finalize_init() ARM: cpu: Switch to arch_cpu_finalize_init() x86/cpu: Switch to arch_cpu_finalize_init() init: Provide arch_cpu_finalize_init() Conflicts: drivers/clocksource/Makefile init/main.c Change-Id: Id679da6558c7e9f4513a49aa6992e2966b66c2a6 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
4e4af4ccc3 |
Merge tag 'ASB-2022-08-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2022-08-01 CVE-2022-1786 * tag 'ASB-2022-08-05_4.19-stable' of https://android.googlesource.com/kernel/common: FROMGIT: arm64: fix oops in concurrently setting insn_emulation sysctls ANDROID: cgroup: Fix for a partially backported patch ANDROID: allow add_hwgenerator_randomness() from non-kthread Linux 4.19.252 dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly dmaengine: pl330: Fix lockdep warning about non-static key ida: don't use BUG_ON() for debugging misc: rtsx_usb: set return value in rsp_buf alloc err path misc: rtsx_usb: use separate command and response buffers misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer i2c: cadence: Unregister the clk notifier in error path selftests: forwarding: fix error message in learning_test selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT ibmvnic: Properly dispose of all skbs during a failover. ARM: at91: pm: use proper compatible for sama5d2's rtc pinctrl: sunxi: a83t: Fix NAND function name for some pins ARM: meson: Fix refcount leak in meson_smp_prepare_cpus xfs: remove incorrect ASSERT in xfs_rename can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info powerpc/powernv: delay rng platform device creation until later in boot video: of_display_timing.h: include errno.h fbcon: Disallow setting font bigger than screen size iommu/vt-d: Fix PCI bus rescan device hot add net: rose: fix UAF bug caused by rose_t0timer_expiry usbnet: fix memory leak in error case can: gs_usb: gs_usb_open/close(): fix memory leak can: grcan: grcan_probe(): remove extra of_node_get() can: bcm: use call_rcu() instead of costly synchronize_rcu() mm/slub: add missing TID updates on slab deactivation esp: limit skb_page_frag_refill use to a single page ANDROID: revert some RNG function signature changes ANDROID: cpu/hotplug: avoid breaking Android ABI by fusing cpuhp steps UPSTREAM: lib/crypto: blake2s: avoid indirect calls to compression function for Clang CFI BACKPORT: lib/crypto: add prompts back to crypto libraries BACKPORT: lib/crypto: blake2s: include as built-in Linux 4.19.251 net: usb: qmi_wwan: add Telit 0x1070 composition net: usb: qmi_wwan: add Telit 0x1060 composition xen/arm: Fix race in RB-tree based P2M accounting xen/blkfront: force data bouncing when backend is untrusted xen/netfront: force data bouncing when backend is untrusted xen/netfront: fix leaking data in shared pages xen/blkfront: fix leaking data in shared pages ipv6/sit: fix ipip6_tunnel_get_prl return value sit: use min net: dsa: bcm_sf2: force pause link settings hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails xen/gntdev: Avoid blocking in unmap_grant_pages() net: tun: avoid disabling NAPI twice NFC: nxp-nci: Don't issue a zero length i2c_master_read() nfc: nfcmrvl: Fix irq_of_parse_and_map() return value net: bonding: fix use-after-free after 802.3ad slave unbind net: bonding: fix possible NULL deref in rlb code netfilter: nft_dynset: restore set element counter when failing to update caif_virtio: fix race between virtio_device_ready() and ndo_open() net: ipv6: unexport __init-annotated seg6_hmac_net_init() usbnet: fix memory allocation in helpers RDMA/qedr: Fix reporting QP timeout attribute net: tun: stop NAPI when detaching queues net: tun: unlink NAPI from device on destruction selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test virtio-net: fix race between ndo_open() and virtio_device_ready() net: usb: ax88179_178a: Fix packet receiving net: rose: fix UAF bugs caused by timer handler SUNRPC: Fix READ_PLUS crasher s390/archrandom: simplify back to earlier design and initialize earlier dm raid: fix KASAN warning in raid5_add_disks dm raid: fix accesses beyond end of raid member array nvdimm: Fix badblocks clear off-by-one error UPSTREAM: crypto: poly1305 - fix poly1305_core_setkey() declaration Linux 4.19.250 swiotlb: skip swiotlb_bounce when orig_addr is zero net/sched: move NULL ptr check to qdisc_put() too net: mscc: ocelot: allow unregistered IP multicast flooding kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] fdt: Update CRC check for rng-seed xen: unexport __init-annotated xen_xlate_map_ballooned_pages() drm: remove drm_fb_helper_modinit powerpc/pseries: wire up rng during setup_arch() kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) modpost: fix section mismatch check for exported init/exit sections ARM: cns3xxx: Fix refcount leak in cns3xxx_init ARM: Fix refcount leak in axxia_boot_secondary soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe ARM: exynos: Fix refcount leak in exynos_map_pmu ARM: dts: imx6qdl: correct PU regulator ramp delay powerpc/powernv: wire up rng during setup_arch powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address powerpc: Enable execve syscall exit tracepoint xtensa: Fix refcount leak bug in time.c xtensa: xtfpga: Fix refcount leak bug in setup iio: adc: axp288: Override TS pin bias current for some models iio: trigger: sysfs: fix use-after-free on remove iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() iio: accel: mma8452: ignore the return value of reset operation iio:accel:bma180: rearrange iio trigger get and register iio:chemical:ccs811: rearrange iio trigger get and register usb: chipidea: udc: check request status before setting device address xhci: turn off port power in shutdown iio: adc: vf610: fix conversion mode sysfs node name gpio: winbond: Fix error code in winbond_gpio_get() virtio_net: fix xdp_rxq_info bug after suspend/resume igb: Make DMA faster when CPU is active on the PCIe link afs: Fix dynamic root getattr MIPS: Remove repetitive increase irq_err_count x86/xen: Remove undefined behavior in setup_features() erspan: do not assume transport header is always set net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers USB: serial: option: add Quectel RM500K module support USB: serial: option: add Quectel EM05-G modem USB: serial: option: add Telit LE910Cx 0x1250 composition random: quiet urandom warning ratelimit suppression message dm era: commit metadata in postsuspend after worker stops ata: libata: add qc->flags in ata_qc_complete_template tracepoint ALSA: hda/realtek: Add quirk for Clevo PD70PNT ALSA: hda/conexant: Fix missing beep setup ALSA: hda/via: Fix missing beep setup random: schedule mix_interrupt_randomness() less often vt: drop old FONT ioctls Linux 4.19.249 Revert "hwmon: Make chip parameter for with_info API mandatory" tcp: drop the hash_32() part from the index calculation tcp: increase source port perturb table to 2^16 tcp: dynamically allocate the perturb table used by source ports tcp: add small random increments to the source port tcp: use different parts of the port_offset for index and offset tcp: add some entropy in __inet_hash_connect() xprtrdma: fix incorrect header size calculations usb: gadget: u_ether: fix regression in setting fixed MAC address s390/mm: use non-quiescing sske for KVM switch to keyed guest powerpc/mm: Switch obsolete dssall to .long RISC-V: fix barrier() use in <vdso/processor.h> net: openvswitch: fix leak of nested actions net: openvswitch: fix misuse of the cached connection on tuple changes virtio-pci: Remove wrong address verification in vp_del_vqs() ext4: add reserved GDT blocks check ext4: make variable "count" signed ext4: fix bug_on ext4_mb_use_inode_pa serial: 8250: Store to lsr_save_flags after lsr read usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe usb: dwc2: Fix memory leak in dwc2_hcd_init USB: serial: io_ti: add Agilent E5805A support USB: serial: option: add support for Cinterion MV31 with new baseline comedi: vmk80xx: fix expression for tx buffer size irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions irqchip/gic/realview: Fix refcount leak in realview_gic_of_init faddr2line: Fix overlapping text section failures, the sequel certs/blacklist_hashes.c: fix const confusion in certs blacklist arm64: ftrace: fix branch range checks net: bgmac: Fix an erroneous kfree() in bgmac_remove() mlxsw: spectrum_cnt: Reorder counter pools misc: atmel-ssc: Fix IRQ check in ssc_probe tty: goldfish: Fix free_irq() on remove i40e: Fix call trace in setup_tx_descriptors i40e: Fix adding ADQ filter to TC0 pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE random: credit cpu and bootloader seeds by default net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed scsi: pmcraid: Fix missing resource cleanup in error case scsi: ipr: Fix missing/incorrect resource cleanup in error case scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology scsi: vmw_pvscsi: Expand vcpuHint to 16 bits ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() ASoC: es8328: Fix event generation for deemphasis control ASoC: wm8962: Fix suspend while playing music ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() ASoC: cs42l56: Correct typo in minimum level for SX volume controls ASoC: cs42l52: Correct TLV for Bypass Volume ASoC: cs53l30: Correct number of volume levels on SX controls ASoC: cs42l52: Fix TLV scales for mixer controls powerpc/kasan: Silence KASAN warnings in __get_wchan() random: account for arch randomness in bits random: mark bootloader randomness code as __init random: avoid checking crng_ready() twice in random_init() crypto: drbg - make reseeding from get_random_bytes() synchronous crypto: drbg - always try to free Jitter RNG instance crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() crypto: drbg - prepare for more fine-grained tracking of seeding state crypto: drbg - always seeded with SP800-90B compliant noise source crypto: drbg - add FIPS 140-2 CTRNG for noise source Revert "random: use static branch for crng_ready()" random: check for signals after page of pool writes random: wire up fops->splice_{read,write}_iter() random: convert to using fops->write_iter() random: move randomize_page() into mm where it belongs random: move initialization functions out of hot pages random: use proper return types on get_random_{int,long}_wait() random: remove extern from functions in header random: use static branch for crng_ready() random: credit architectural init the exact amount random: handle latent entropy and command line from random_init() random: use proper jiffies comparison macro random: remove ratelimiting for in-kernel unseeded randomness random: avoid initializing twice in credit race random: use symbolic constants for crng_init states siphash: use one source of truth for siphash permutations random: help compiler out with fast_mix() by using simpler arguments random: do not use input pool from hard IRQs random: order timer entropy functions below interrupt functions random: do not pretend to handle premature next security model random: do not use batches when !crng_ready() random: insist on random_get_entropy() existing in order to simplify xtensa: use fallback for random_get_entropy() instead of zero sparc: use fallback for random_get_entropy() instead of zero um: use fallback for random_get_entropy() instead of zero x86/tsc: Use fallback for random_get_entropy() instead of zero nios2: use fallback for random_get_entropy() instead of zero arm: use fallback for random_get_entropy() instead of zero mips: use fallback for random_get_entropy() instead of just c0 random m68k: use fallback for random_get_entropy() instead of zero timekeeping: Add raw clock fallback for random_get_entropy() powerpc: define get_cycles macro for arch-override alpha: define get_cycles macro for arch-override parisc: define get_cycles macro for arch-override s390: define get_cycles macro for arch-override ia64: define get_cycles macro for arch-override init: call time_init() before rand_initialize() random: fix sysctl documentation nits random: document crng_fast_key_erasure() destination possibility random: make random_get_entropy() return an unsigned long random: check for signals every PAGE_SIZE chunk of /dev/[u]random random: check for signal_pending() outside of need_resched() check random: do not allow user to keep crng key around on stack random: do not split fast init input in add_hwgenerator_randomness() random: mix build-time latent entropy into pool at init random: re-add removed comment about get_random_{u32,u64} reseeding random: treat bootloader trust toggle the same way as cpu trust toggle random: skip fast_init if hwrng provides large chunk of entropy random: check for signal and try earlier when generating entropy random: reseed more often immediately after booting random: make consistent usage of crng_ready() random: use SipHash as interrupt entropy accumulator random: replace custom notifier chain with standard one random: don't let 644 read-only sysctls be written to random: give sysctl_random_min_urandom_seed a more sensible value random: do crng pre-init loading in worker rather than irq random: unify cycles_t and jiffies usage and types random: cleanup UUID handling random: only wake up writers after zap if threshold was passed random: round-robin registers as ulong, not u32 random: clear fast pool, crng, and batches in cpuhp bring up random: pull add_hwgenerator_randomness() declaration into random.h random: check for crng_init == 0 in add_device_randomness() random: unify early init crng load accounting random: do not take pool spinlock at boot random: defer fast pool mixing to worker random: rewrite header introductory comment random: group sysctl functions random: group userspace read/write functions random: group entropy collection functions random: group entropy extraction functions random: group initialization wait functions random: remove whitespace and reorder includes random: remove useless header comment random: introduce drain_entropy() helper to declutter crng_reseed() random: deobfuscate irq u32/u64 contributions random: add proper SPDX header random: remove unused tracepoints random: remove ifdef'd out interrupt bench random: tie batched entropy generation to base_crng generation random: zero buffer after reading entropy from userspace random: remove outdated INT_MAX >> 6 check in urandom_read() random: use hash function for crng_slow_load() random: absorb fast pool into input pool after fast load random: do not xor RDRAND when writing into /dev/random random: ensure early RDSEED goes through mixer on init random: inline leaves of rand_initialize() random: use RDSEED instead of RDRAND in entropy extraction random: fix locking in crng_fast_load() random: remove batched entropy locking random: remove use_input_pool parameter from crng_reseed() random: make credit_entropy_bits() always safe random: always wake up entropy writers after extraction random: use linear min-entropy accumulation crediting random: simplify entropy debiting random: use computational hash for entropy extraction random: only call crng_finalize_init() for primary_crng random: access primary_pool directly rather than through pointer random: continually use hwgenerator randomness random: simplify arithmetic function flow in account() random: access input_pool_data directly rather than through pointer random: cleanup fractional entropy shift constants random: prepend remaining pool constants with POOL_ random: de-duplicate INPUT_POOL constants random: remove unused OUTPUT_POOL constants random: rather than entropy_store abstraction, use global random: remove unused extract_entropy() reserved argument random: remove incomplete last_data logic random: cleanup integer types random: cleanup poolinfo abstraction random: fix typo in comments random: don't reset crng_init_cnt on urandom_read() random: avoid superfluous call to RDRAND in CRNG extraction random: early initialization of ChaCha constants random: initialize ChaCha20 constants with correct endianness random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs random: harmonize "crng init done" messages random: mix bootloader randomness into pool random: do not re-init if crng_reseed completes before primary init random: do not sign extend bytes for rotation when mixing random: use BLAKE2s instead of SHA1 in extraction random: remove unused irq_flags argument from add_interrupt_randomness() random: document add_hwgenerator_randomness() with other input functions crypto: blake2s - adjust include guard naming crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h> MAINTAINERS: co-maintain random.c random: remove dead code left over from blocking pool random: avoid arch_get_random_seed_long() when collecting IRQ randomness random: add arch_get_random_*long_early() powerpc: Use bool in archrandom.h linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check linux/random.h: Use false with bool linux/random.h: Remove arch_has_random, arch_has_random_seed s390: Remove arch_has_random, arch_has_random_seed powerpc: Remove arch_has_random, arch_has_random_seed x86: Remove arch_has_random, arch_has_random_seed random: avoid warnings for !CONFIG_NUMA builds random: split primary/secondary crng init paths random: remove some dead code of poolinfo random: fix typo in add_timer_randomness() random: Add and use pr_fmt() random: convert to ENTROPY_BITS for better code readability random: remove unnecessary unlikely() random: remove kernel.random.read_wakeup_threshold random: delete code to pull data into pools random: remove the blocking pool random: fix crash on multiple early calls to add_bootloader_randomness() char/random: silence a lockdep splat with printk() random: make /dev/random be almost like /dev/urandom random: ignore GRND_RANDOM in getentropy(2) random: add GRND_INSECURE to return best-effort non-cryptographic bytes random: Add a urandom_read_nowait() for random APIs that don't warn random: Don't wake crng_init_wait when crng_init == 1 lib/crypto: sha1: re-roll loops to reduce code size lib/crypto: blake2s: move hmac construction into wireguard crypto: blake2s - generic C library implementation and selftest Revert "hwrng: core - Freeze khwrng thread during suspend" char/random: Add a newline at the end of the file random: Use wait_event_freezable() in add_hwgenerator_randomness() fdt: add support for rng-seed random: Support freezable kthreads in add_hwgenerator_randomness() random: fix soft lockup when trying to read from an uninitialized blocking pool latent_entropy: avoid build error when plugin cflags are not set random: document get_random_int() family random: move rand_initialize() earlier random: only read from /dev/random after its pool has received 128 bits drivers/char/random.c: make primary_crng static drivers/char/random.c: remove unused stuct poolinfo::poolbits drivers/char/random.c: constify poolinfo_table 9p: missing chunk of "fs/9p: Don't update file type when updating file attributes" Conflicts: drivers/usb/gadget/function/u_ether.c Change-Id: I151aaaf9ba3e86cb8c0f7e83e8ed3aa7493e2823 Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
956561314e |
Merge tag 'ASB-2022-05-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2022-05-01
CVE-2022-0847
CVE-2022-20009
CVE-2022-20008
CVE-2021-22600
* tag 'ASB-2022-05-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Linux 4.19.241
lightnvm: disable the subsystem
Revert "net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link"
ia64: kprobes: Fix to pass correct trampoline address to the handler
Revert "ia64: kprobes: Use generic kretprobe trampoline handler"
Revert "ia64: kprobes: Fix to pass correct trampoline address to the handler"
powerpc/64s: Unmerge EX_LR and EX_DAR
powerpc/64/interrupt: Temporarily save PPR on stack to fix register corruption due to SLB miss
net/sched: cls_u32: fix netns refcount changes in u32_change()
hamradio: remove needs_free_netdev to avoid UAF
hamradio: defer 6pack kfree after unregister_netdev
floppy: disable FDRAWCMD by default
media: vicodec: upon release, call m2m release before freeing ctrl handler
Linux 4.19.240
Revert "net: micrel: fix KS8851_MLL Kconfig"
ax25: Fix UAF bugs in ax25 timers
ax25: Fix NULL pointer dereferences in ax25 timers
ax25: fix NPD bug in ax25_disconnect
ax25: fix UAF bug in ax25_send_control()
ax25: Fix refcount leaks caused by ax25_cb_del()
ax25: fix UAF bugs of net_device caused by rebinding operation
ax25: fix reference count leaks of ax25_dev
ax25: add refcount in ax25_dev to avoid UAF bugs
block/compat_ioctl: fix range check in BLKGETSIZE
staging: ion: Prevent incorrect reference counting behavour
ext4: force overhead calculation if the s_overhead_cluster makes no sense
ext4: fix overhead calculation to account for the reserved gdt blocks
ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
ext4: fix symlink file size not match to file content
arm_pmu: Validate single/group leader events
ARC: entry: fix syscall_trace_exit argument
e1000e: Fix possible overflow in LTR decoding
ASoC: soc-dapm: fix two incorrect uses of list iterator
openvswitch: fix OOB access in reserve_sfa_size()
powerpc/perf: Fix power9 event alternatives
drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare
drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised
dma: at_xdmac: fix a missing check on list iterator
ata: pata_marvell: Check the 'bmdma_addr' beforing reading
stat: fix inconsistency between struct stat and struct compat_stat
net: macb: Restart tx only if queue pointer is lagging
drm/msm/mdp5: check the return of kzalloc()
dpaa_eth: Fix missing of_node_put in dpaa_get_ts_info()
brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
mt76: Fix undefined behavior due to shift overflowing the constant
cifs: Check the IOCB_DIRECT flag, not O_DIRECT
vxlan: fix error return code in vxlan_fdb_append
ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
reset: tegra-bpmp: Restore Handle errors in BPMP response
ARM: vexpress/spc: Avoid negative array index when !SMP
netlink: reset network and mac headers in netlink_dump()
net/sched: cls_u32: fix possible leak in u32_init_knode()
net/packet: fix packet_sock xmit return value checking
rxrpc: Restore removed timer deletion
dmaengine: imx-sdma: Fix error checking in sdma_event_remap
ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component
ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek
tcp: Fix potential use-after-free due to double kfree()
tcp: fix race condition when creating child sockets from syncookies
ALSA: usb-audio: Clear MIDI port active flag after draining
gfs2: assign rgrp glock before compute_bitstructs
dm integrity: fix memory corruption when tag_size is less than digest size
can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
tracing: Dump stacktrace trigger to the corresponding instance
mm: page_alloc: fix building error on -Werror=array-compare
etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
Linux 4.19.239
i2c: pasemi: Wait for write xfers to finish
smp: Fix offline cpu check in flush_smp_call_function_queue()
ARM: davinci: da850-evm: Avoid NULL pointer dereference
ipv6: fix panic when forwarding a pkt with no in6 dev
ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
ALSA: hda/realtek: Add quirk for Clevo PD50PNT
gcc-plugins: latent_entropy: use /dev/urandom
mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
mm, page_alloc: fix build_zonerefs_node()
drivers: net: slip: fix NPD bug in sl_tx_timeout()
scsi: mvsas: Add PCI ID of RocketRaid 2640
drm/amd/display: Fix allocate_mst_payload assert on resume
arm64: alternatives: mark patch_alternative() as `noinstr`
gpu: ipu-v3: Fix dev_dbg frequency output
ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
net: micrel: fix KS8851_MLL Kconfig
scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
scsi: target: tcmu: Fix possible page UAF
Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
drm/amdkfd: Check for potential null return of kmalloc_array()
drm/amd: Add USBC connector ID
cifs: potential buffer overflow in handling symlinks
nfc: nci: add flush_workqueue to prevent uaf
testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set
sctp: Initialize daddr on peeled off socket
net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
mlxsw: i2c: Fix initialization error flow
gpiolib: acpi: use correct format characters
veth: Ensure eth header is in skb's linear part
net/sched: flower: fix parsing of ethertype following VLAN header
memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
ANDROID: GKI: fix crc issue with commit
|
||
|
bengris32
|
c1276f9da2 |
Merge tag 'ASB-2022-03-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2022-03-01 CVE-2020-29368 CVE-2021-39685 CVE-2021-39686 CVE-2021-39698 CVE-2021-3655 * tag 'ASB-2022-03-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.232 tty: n_gsm: fix encoding of control signal octet bit DV xhci: Prevent futile URB re-submissions due to incorrect return value. xhci: re-initialize the HC during resume if HCE was set usb: dwc3: gadget: Let the interrupt handler disable bottom halves. usb: dwc3: pci: Fix Bay Trail phy GPIO mappings USB: serial: option: add Telit LE910R1 compositions USB: serial: option: add support for DW5829e tracefs: Set the group ownership in apply_options() not parse_options() USB: gadget: validate endpoint index for xilinx udc usb: gadget: rndis: add spinlock for rndis response list Revert "USB: serial: ch341: add new Product ID for CH341A" ata: pata_hpt37x: disable primary channel on HPT371 iio: adc: men_z188_adc: Fix a resource leak in an error handling path tracing: Have traceon and traceoff trigger honor the instance fget: clarify and improve __fget_files() implementation memblock: use kfree() to release kmalloced memblock regions Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR" gpio: tegra186: Fix chip_data type confusion tty: n_gsm: fix proper link termination after failed open RDMA/ib_srp: Fix a deadlock configfs: fix a race in configfs_{,un}register_subsystem() net/mlx5e: Fix wrong return value on ioctl EEPROM query failure drm/edid: Always set RGB444 openvswitch: Fix setting ipv6 fields causing hw csum failure gso: do not skip outer ip header in case of ipip and net_failover tipc: Fix end of loop tests for list_for_each_entry() net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends ping: remove pr_err from ping_lookup USB: zaurus: support another broken Zaurus sr9700: sanity check for packet length parisc/unaligned: Fix ldw() and stw() unalignment handlers parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel vhost/vsock: don't check owner in vhost_vsock_stop() while releasing cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug Linux 4.19.231 net: macb: Align the dma and coherent dma masks net: usb: qmi_wwan: Add support for Dell DW5829e tracing: Fix tp_printk option related with tp_printk_stop_on_boot ata: libata-core: Disable TRIM on M88V29 kconfig: let 'shell' return enough output for deep path names arm64: dts: meson-gx: add ATF BL32 reserved-memory region netfilter: conntrack: don't refresh sctp entries in closed state irqchip/sifive-plic: Add missing thead,c900-plic match string ARM: OMAP2+: hwmod: Add of_node_put() before break KVM: x86/pmu: Use AMD64_RAW_EVENT_MASK for PERF_TYPE_RAW Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj Drivers: hv: vmbus: Expose monitor data only when monitor pages are used mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status mtd: rawnand: brcmnand: Refactored code to introduce helper functions lib/iov_iter: initialize "flags" in new pipe_buffer i2c: brcmstb: fix support for DSL and CM variants dmaengine: sh: rcar-dmac: Check for error num after setting mask net: sched: limit TC_ACT_REPEAT loops EDAC: Fix calculation of returned address and next offset in edac_align_ptr() mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() NFS: Do not report writeback errors in nfs_getattr() NFS: LOOKUP_DIRECTORY is also ok with symlinks block/wbt: fix negative inflight counter when remove scsi device ext4: check for out-of-order index extents in ext4_valid_extent_entries() powerpc/lib/sstep: fix 'ptesync' build error ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() ALSA: hda: Fix missing codec probe on Shenker Dock 15 ALSA: hda: Fix regression on forced probe mask option libsubcmd: Fix use-after-free for realloc(..., 0) bonding: fix data-races around agg_select_timer drop_monitor: fix data-race in dropmon_net_event / trace_napi_poll_hit ping: fix the dif and sdif check in ping_lookup net: ieee802154: ca8210: Fix lifs/sifs periods net: dsa: lan9303: fix reset on probe iwlwifi: pcie: gen2: fix locking when "HW not ready" iwlwifi: pcie: fix locking when "HW not ready" vsock: remove vsock from connected table when connect is interrupted by a signal mmc: block: fix read single on recovery logic taskstats: Cleanup the use of task->exit_code xfrm: Don't accidentally set RTO_ONLINK in decode_session4() drm/radeon: Fix backlight control on iMac 12,1 iwlwifi: fix use-after-free Revert "module, async: async_synchronize_full() on module init iff async is used" nvme-rdma: fix possible use-after-free in transport error_recovery work nvme: fix a possible use-after-free in controller reset during load quota: make dquot_quota_sync return errors from ->sync_fs vfs: make freeze_super abort when sync_filesystem returns error ax25: improve the incomplete fix to avoid UAF and NPD bugs selftests/zram: Adapt the situation that /dev/zram0 is being used selftests/zram01.sh: Fix compression ratio calculation selftests/zram: Skip max_comp_streams interface on newer kernel net: ieee802154: at86rf230: Stop leaking skb's btrfs: send: in case of IO error log it parisc: Fix sglist access in ccio-dma.c parisc: Fix data TLB miss in sba_unmap_sg serial: parisc: GSC: fix build when IOSAPIC is not set net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup Makefile.extrawarn: Move -Wunaligned-access to W=1 Linux 4.19.230 perf: Fix list corruption in perf_cgroup_switch() hwmon: (dell-smm) Speed up setting of fan speed seccomp: Invalidate seccomp mode to catch death failures USB: serial: cp210x: add CPI Bulk Coin Recycler id USB: serial: cp210x: add NCR Retail IO box id USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: option: add ZTE MF286D modem USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 usb: gadget: rndis: check size of RNDIS_MSG_SET command USB: gadget: validate interface OS descriptor requests usb: dwc3: gadget: Prevent core from processing stale TRBs usb: ulpi: Call of_node_put correctly usb: ulpi: Move of_node_put to ulpi_dev_release n_tty: wake up poll(POLLRDNORM) on receiving data vt_ioctl: add array_index_nospec to VT_ACTIVATE vt_ioctl: fix array_index_nospec in vt_setactivate net: amd-xgbe: disable interrupts during pci removal tipc: rate limit warning for received illegal binding update veth: fix races around rq->rx_notify_masked net: fix a memleak when uncloning an skb dst and its metadata net: do not keep the dst cache when uncloning an skb dst and its metadata ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path bonding: pair enable_port with slave_arr_updates ixgbevf: Require large buffers for build_skb on 82599VF usb: f_fs: Fix use-after-free for epfile ARM: dts: imx6qdl-udoo: Properly describe the SD card detect staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: meson: Fix the UART compatible strings perf probe: Fix ppc64 'perf probe add events failed' case net: bridge: fix stale eth hdr pointer in br_dev_xmit ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group bpf: Add kconfig knob for disabling unpriv bpf by default net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend scsi: target: iscsi: Make sure the np under each tpg is unique net: sched: Clarify error message when qdisc kind is unknown NFSv4 expose nfs_parse_server_name function NFSv4 remove zero number of fs_locations entries error check NFSv4.1: Fix uninitialised variable in devicenotify nfs: nfs4clinet: check the return value of kstrdup() NFSv4 only print the label when its queried NFSD: Fix offset type in I/O trace points NFSD: Clamp WRITE offsets NFS: Fix initialisation of nfs_client cl_flags field net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs mmc: sdhci-of-esdhc: Check for error num after setting mask ima: Allow template selection with ima_template[_fmt]= after ima_hash= ima: Remove ima_policy file before directory integrity: check the return value of audit_log_start() FROMGIT: f2fs: avoid EINVAL by SBI_NEED_FSCK when pinning a file Revert "tracefs: Have tracefs directories not set OTH permission bits by default" ANDROID: GKI: Enable CONFIG_SERIAL_8250_RUNTIME_UARTS=0 Linux 4.19.229 tipc: improve size validations for received domain records moxart: fix potential use-after-free on remove path cgroup-v1: Require capabilities to set release_agent Linux 4.19.228 ext4: fix error handling in ext4_restore_inline_data() EDAC/xgene: Fix deferred probing EDAC/altera: Fix deferred probing rtc: cmos: Evaluate century appropriate selftests: futex: Use variable MAKE instead of make nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe ASoC: max9759: fix underflow in speaker_gain_control_put() ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name ASoC: fsl: Add missing error handling in pcm030_fabric_probe drm/i915/overlay: Prevent divide by zero bugs in scaling net: stmmac: ensure PTP time register reads are consistent net: macsec: Verify that send_sci is on when setting Tx sci explicitly net: ieee802154: Return meaningful error codes from the netlink helpers net: ieee802154: ca8210: Stop leaking skb's net: ieee802154: mcr20a: Fix lifs/sifs periods net: ieee802154: hwsim: Ensure proper channel selection at probe time spi: meson-spicc: add IRQ check in meson_spicc_probe spi: mediatek: Avoid NULL pointer crash in interrupt spi: bcm-qspi: check for valid cs before applying chip select iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() RDMA/mlx4: Don't continue event handler after memory allocation failure Revert "ASoC: mediatek: Check for error clk pointer" block: bio-integrity: Advance seed correctly for larger interval sizes drm/nouveau: fix off by one in BIOS boundary checking ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() audit: improve audit queue handling when "audit=1" on cmdline af_packet: fix data-race in packet_setsockopt / packet_setsockopt rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() net: amd-xgbe: Fix skb data length underflow net: amd-xgbe: ensure to reset the tx_timer_active flag ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback tcp: fix possible socket leaks in internal pacing mode netfilter: nat: limit port clash resolution attempts netfilter: nat: remove l4 protocol port rovers ipv4: tcp: send zero IPID in SYNACK messages ipv4: raw: lock the socket in raw_bind() yam: fix a memory leak in yam_siocdevprivate() ibmvnic: don't spin in tasklet ibmvnic: init ->running_cap_crqs early phylib: fix potential use-after-free NFS: Ensure the server has an up to date ctime before renaming NFS: Ensure the server has an up to date ctime before hardlinking ipv6: annotate accesses to fn->fn_sernum drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable drm/msm: Fix wrong size calculation net-procfs: show net devices bound packet types NFSv4: nfs_atomic_open() can race when looking up a non-regular file NFSv4: Handle case where the lookup of a directory fails hwmon: (lm90) Reduce maximum conversion rate for G781 ipv4: avoid using shared IP generator for connected sockets ping: fix the sk_bound_dev_if match in ping_lookup net: fix information leakage in /proc/net/ptype ipv6_tunnel: Rate limit warning messages scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev i40e: fix unsigned stat widths i40e: Fix queues reservation for XDP i40e: Fix issue when maximum queues is exceeded i40e: Increase delay to 1 s after global EMP reset powerpc/32: Fix boot failure with GCC latent entropy plugin net: sfp: ignore disabled SFP node usb: typec: tcpm: Do not disconnect while receiving VBUS off USB: core: Fix hang in usb_kill_urb by adding memory barriers usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS usb: common: ulpi: Fix crash in ulpi_match() usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge tty: Add support for Brainboxes UC cards. tty: n_gsm: fix SW flow control encoding/handling serial: stm32: fix software flow control transfer serial: 8250: of: Fix mapped region size when using reg-offset property netfilter: nft_payload: do not update layer 4 checksum when mangling fragments drm/etnaviv: relax submit size limits PM: wakeup: simplify the output logic of pm_show_wakelocks() udf: Fix NULL ptr deref when converting from inline format udf: Restore i_lenAlloc when inode expansion fails scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices s390/hypfs: include z/VM guests with access control group set Bluetooth: refactor malicious adv data check ANDROID: Increase x86 cmdline size to 4k Conflicts: drivers/mmc/core/block.c drivers/soc/mediatek/mtk-scpsys.c (used ours) drivers/usb/gadget/composite.c drivers/usb/gadget/function/rndis.c Change-Id: I84ec77991de3fbe52e7b3ffed5c8be943b67093e Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
bengris32
|
ef22f912da |
Merge tag 'ASB-2021-07-05_4.19-stable' of https://android.googlesource.com/kernel/common into lineage-21
https://source.android.com/security/bulletin/2021-07-01 No kernel CVEs * tag 'ASB-2021-07-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.196 i2c: robotfuzz-osif: fix control-request directions nilfs2: fix memory leak in nilfs_sysfs_delete_device_group pinctrl: stm32: fix the reported number of GPIO lines per bank net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY PCI: Add AMD RS690 quirk to enable 64-bit DMA net: qed: Fix memcpy() overflow of qed_dcbx_params() KVM: selftests: Fix kvm_check_cap() assertion r8169: Avoid memcpy() over-reading of ETH_SS_STATS sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS r8152: Avoid memcpy() over-reading of ETH_SS_STATS net/packet: annotate accesses to po->ifindex net/packet: annotate accesses to po->bind net: caif: fix memory leak in ldisc_open inet: annotate date races around sk->sk_txhash ping: Check return value of function 'ping_queue_rcv_skb' net: ethtool: clear heap allocations for ethtool function mac80211: drop multicast fragments cfg80211: call cfg80211_leave_ocb when switching away from OCB mac80211: remove warning in ieee80211_get_sband() Revert "PCI: PM: Do not read power state in pci_enable_device_flags()" MIPS: generic: Update node names to avoid unit addresses Makefile: Move -Wno-unused-but-set-variable out of GCC only block ARM: 9081/1: fix gcc-10 thumb2-kernel regression drm/radeon: wait for moving fence after pinning drm/nouveau: wait for moving fence after pinning v2 module: limit enabling module.sig_enforce x86/fpu: Reset state for all signal restore failures usb: dwc3: core: fix kernel panic when do reboot usb: dwc3: debugfs: Add and remove endpoint dirs dynamically inet: use bigger hash table for IP ID generation can: bcm/raw/isotp: use per module netdevice notifier KVM: arm/arm64: Fix KVM_VGIC_V3_ADDR_TYPE_REDIST read tools headers UAPI: Sync linux/in.h copy with the kernel sources net: fec_ptp: add clock rate zero check mm/slub.c: include swab.h mm/slub: clarify verification reporting net: bridge: fix vlan tunnel dst refcnt when egressing net: bridge: fix vlan tunnel dst null pointer dereference cfg80211: make certificate generation more robust dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc ARCv2: save ABI registers across signal handling PCI: Work around Huawei Intelligent NIC VF FLR erratum PCI: Add ACS quirk for Broadcom BCM57414 NIC PCI: Mark some NVIDIA GPUs to avoid bus reset PCI: Mark TI C667X to avoid bus reset tracing: Do no increment trace_clock_global() by one tracing: Do not stop recording comms if the trace file is being read tracing: Do not stop recording cmdlines when tracing is off usb: core: hub: Disable autosuspend for Cypress CY7C65632 can: mcba_usb: fix memory leak in mcba_usb can: bcm: fix infoleak in struct bcm_msg_head hwmon: (scpi-hwmon) shows the negative temperature properly radeon: use memcpy_to/fromio for UVD fw upload pinctrl: ralink: rt2880: avoid to error in calls is pin is already enabled ASoC: rt5659: Fix the lost powers for the HDA header net: ethernet: fix potential use-after-free in ec_bhf_remove icmp: don't send out ICMP messages with a source address of 0.0.0.0 net: cdc_eem: fix tx fixup skb leak net: hamradio: fix memory leak in mkiss_close be2net: Fix an error handling path in 'be_probe()' net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock net: ipv4: fix memory leak in ip_mc_add1_src net: fec_ptp: fix issue caused by refactor the fec_devtype net: usb: fix possible use-after-free in smsc75xx_bind net: cdc_ncm: switch to eth%d interface naming ptp: improve max_adj check against unreasonable values ptp: ptp_clock: Publish scaled_ppm_to_ppb net: qrtr: fix OOB Read in qrtr_endpoint_post netxen_nic: Fix an error handling path in 'netxen_nic_probe()' qlcnic: Fix an error handling path in 'qlcnic_probe()' net: make get_net_ns return error if NET_NS is disabled net: add documentation to socket.c net: stmmac: dwmac1000: Fix extended MAC address registers definition alx: Fix an error handling path in 'alx_probe()' sch_cake: Fix out of bounds when parsing TCP options and header netfilter: synproxy: Fix out of bounds when parsing TCP options net/mlx5e: Block offload of outer header csum for UDP tunnels net/mlx5e: Remove dependency in IPsec initialization flows rtnetlink: Fix regression in bridge VLAN configuration udp: fix race between close() and udp_abort() net: rds: fix memory leak in rds_recvmsg net: ipv4: fix memory leak in netlbl_cipsov4_add_std batman-adv: Avoid WARN_ON timing related checks mm/memory-failure: make sure wait for page writeback in memory_failure afs: Fix an IS_ERR() vs NULL check dmaengine: stedma40: add missing iounmap() on error in d40_probe() dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM fib: Return the correct errno code net: Return the correct errno code net/x25: Return the correct errno code rtnetlink: Fix missing error code in rtnl_bridge_notify() net: ipconfig: Don't override command-line hostnames or domains nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V ethernet: myri10ge: Fix missing error code in myri10ge_probe() scsi: target: core: Fix warning on realtime kernels gfs2: Fix use-after-free in gfs2_glock_shrink_scan HID: gt683r: add missing MODULE_DEVICE_TABLE gfs2: Prevent direct-I/O write fallback errors from getting lost ARM: OMAP2+: Fix build warning when mmc_omap is not built HID: usbhid: fix info leak in hid_submit_ctrl HID: Add BUS_VIRTUAL to hid_connect logging HID: hid-sensor-hub: Return error for hid_set_field() failure HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 net: ieee802154: fix null deref in parse dev addr FROMGIT: bpf: Do not change gso_size during bpf_skb_change_proto() ANDROID: gki_config: disable per-cgroup pressure tracking BACKPORT: cgroup: make per-cgroup pressure stall tracking configurable ANDROID: selinux: modify RTM_GETNEIGH{TBL} BACKPORT: x86, lto: Pass -stack-alignment only on LLD < 13.0.0 ANDROID: Add CONFIG_LLD_VERSION ANDROID: GKI: Update the ABI XML ANDROID: GKI: Update the symbol list Revert "perf/core: Fix endless multiplex timer" Linux 4.19.195 proc: only require mm_struct for writing tracing: Correct the length check which causes memory corruption ftrace: Do not blindly read the ip address in ftrace_bug() scsi: core: Only put parent device if host state differs from SHOST_CREATED scsi: core: Put .shost_dev in failure path if host state changes to RUNNING scsi: core: Fix error handling of scsi_host_alloc() NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error. NFSv4: Fix second deadlock in nfs4_evict_inode() NFS: Fix use-after-free in nfs4_init_client() kvm: fix previous commit for 32-bit builds perf session: Correct buffer copying when peeking events NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() NFS: Fix a potential NULL dereference in nfs_get_client() IB/mlx5: Fix initializing CQ fragments buffer sched/fair: Make sure to update tg contrib for blocked load perf: Fix data race between pin_count increment/decrement vmlinux.lds.h: Avoid orphan section with !SMP RDMA/mlx4: Do not map the core_clock page to user space unless enabled regulator: max77620: Use device_set_of_node_from_dev() regulator: core: resolve supply for boot-on/always-on regulators usb: fix various gadget panics on 10gbps cabling usb: fix various gadgets null ptr deref on 10gbps cabling. usb: gadget: eem: fix wrong eem header operation USB: serial: cp210x: fix alternate function for CP2102N QFN20 USB: serial: quatech2: fix control-request directions USB: serial: omninet: add device id for Zyxel Omni 56K Plus USB: serial: ftdi_sio: add NovaTech OrionMX product ID usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path usb: dwc3: ep0: fix NULL pointer exception usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms usb: f_ncm: only first packet of aggregate needs to start timer USB: f_ncm: ncm_bitrate (speed) is unsigned cgroup1: don't allow '\n' in renaming btrfs: return value from btrfs_mark_extent_written() in case of error staging: rtl8723bs: Fix uninitialized variables kvm: avoid speculation-based attacks from out-of-range memslot accesses drm: Lock pointer access in drm_master_release() drm: Fix use-after-free read in drm_getunique() ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators ARM: dts: imx6qdl-sabresd: Assign corresponding power supply for LDOs i2c: mpc: implement erratum A-004447 workaround i2c: mpc: Make use of i2c_recover_bus() powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers bnx2x: Fix missing error code in bnx2x_iov_init_one() MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER nvme-fabrics: decode host pathing error for connect net: appletalk: cops: Fix data race in cops_probe1 net: macb: ensure the device is available before accessing GEMGXL control registers scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal scsi: vmw_pvscsi: Set correct residual data length scsi: bnx2fc: Return failure if io_req is already in ABTS processing RDS tcp loopback connection can hang net/qla3xxx: fix schedule while atomic in ql_sem_spinlock wq: handle VM suspension in stall detection cgroup: disable controllers at parse time net: mdiobus: get rid of a BUG_ON() netlink: disable IRQs for netlink_lock_table() bonding: init notify_work earlier to avoid uninitialized use isdn: mISDN: netjet: Fix crash in nj_probe: ASoC: sti-sas: add missing MODULE_DEVICE_TABLE ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet net/nfc/rawsock.c: fix a permission check bug proc: Track /proc/$pid/attr/ opener mm_struct perf/core: Fix endless multiplex timer Revert "perf/cgroups: Don't rotate events for cgroups unnecessarily" Revert "perf/core: Fix corner case in perf_rotate_context()" Linux 4.19.194 xen-pciback: redo VF placement in the virtual topology sched/fair: Optimize select_idle_cpu ACPI: EC: Look for ECDT EC after calling acpi_load_tables() ACPI: probe ECDT before loading AML tables regardless of module-level code flag KVM: arm64: Fix debug register indexing KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode btrfs: fix unmountable seed device after fstrim perf/core: Fix corner case in perf_rotate_context() perf/cgroups: Don't rotate events for cgroups unnecessarily bnxt_en: Remove the setting of dev_port. selftests/bpf: Avoid running unprivileged tests with alignment requirements selftests/bpf: add "any alignment" annotation for some tests bpf: Apply F_NEEDS_EFFICIENT_UNALIGNED_ACCESS to more ACCEPT test cases. bpf: Make more use of 'any' alignment in test_verifier.c bpf: Adjust F_NEEDS_EFFICIENT_UNALIGNED_ACCESS handling in test_verifier.c bpf: Add BPF_F_ANY_ALIGNMENT. selftests/bpf: Generalize dummy program types bpf: test make sure to run unpriv test cases in test_verifier bpf: fix test suite to enable all unpriv program types mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY btrfs: fixup error handling in fixup_inode_link_counts btrfs: return errors from btrfs_del_csums in cleanup_ref_head btrfs: fix error handling in btrfs_del_csums btrfs: mark ordered extent and inode with error if we fail to finish x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect ocfs2: fix data corruption by fallocate pid: take a reference when initializing `cad_pid` usb: dwc2: Fix build in periphal-only mode ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx ALSA: timer: Fix master timer notification HID: multitouch: require Finger field to mark Win8 reports as MT net: caif: fix memory leak in cfusbl_device_notify net: caif: fix memory leak in caif_device_notify net: caif: add proper error handling net: caif: added cfserl_release function Bluetooth: use correct lock to prevent UAF of hdev object Bluetooth: fix the erroneous flush_work() order tipc: fix unique bearer names sanity check tipc: add extack messages for bearer/media failure ixgbevf: add correct exception tracing for XDP ieee802154: fix error return code in ieee802154_llsec_getparams() ieee802154: fix error return code in ieee802154_add_iface() netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches HID: i2c-hid: fix format string mismatch HID: pidff: fix error return code in hid_pidff_init() ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service vfio/platform: fix module_put call in error flow samples: vfio-mdev: fix error handing in mdpy_fb_probe() vfio/pci: zap_vma_ptes() needs MMU vfio/pci: Fix error return code in vfio_ecap_init() efi: cper: fix snprintf() use in cper_dimm_err_location() efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared nl80211: validate key indexes for cfg80211_registered_device ALSA: usb: update old-style static const declaration net: usb: cdc_ncm: don't spew notifications Change-Id: I787fbfcd9573d91e80f49a26192aa23dc36ba06e Signed-off-by: bengris32 <bengris32@protonmail.ch> |
||
|
Greg Kroah-Hartman
|
ec0ad95612 |
Merge 4.19.312 into android-4.19-stable
Changes in 4.19.312
Documentation/hw-vuln: Update spectre doc
x86/cpu: Support AMD Automatic IBRS
x86/bugs: Use sysfs_emit()
timer/trace: Replace deprecated vsprintf pointer extension %pf by %ps
timer/trace: Improve timer tracing
timers: Prepare support for PREEMPT_RT
timers: Update kernel-doc for various functions
timers: Use del_timer_sync() even on UP
timers: Rename del_timer_sync() to timer_delete_sync()
wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
smack: Set SMACK64TRANSMUTE only for dirs in smack_inode_setxattr()
smack: Handle SMACK64TRANSMUTE in smack_inode_setsecurity()
ARM: dts: mmp2-brownstone: Don't redeclare phandle references
arm: dts: marvell: Fix maxium->maxim typo in brownstone dts
media: xc4000: Fix atomicity violation in xc4000_get_frequency
KVM: Always flush async #PF workqueue when vCPU is being destroyed
sparc64: NMI watchdog: fix return value of __setup handler
sparc: vDSO: fix return value of __setup handler
crypto: qat - fix double free during reset
crypto: qat - resolve race condition during AER recovery
fat: fix uninitialized field in nostale filehandles
ubifs: Set page uptodate in the correct place
ubi: Check for too small LEB size in VTBL code
ubi: correct the calculation of fastmap size
parisc: Do not hardcode registers in checksum functions
parisc: Fix ip_fast_csum
parisc: Fix csum_ipv6_magic on 32-bit systems
parisc: Fix csum_ipv6_magic on 64-bit systems
parisc: Strip upper 32 bit of sum in csum_ipv6_magic for 64-bit builds
PM: suspend: Set mem_sleep_current during kernel command line setup
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
powerpc/fsl: Fix mfpmr build errors with newer binutils
USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
USB: serial: add device ID for VeriFone adapter
USB: serial: cp210x: add ID for MGP Instruments PDS100
USB: serial: option: add MeiG Smart SLM320 product
USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M
PM: sleep: wakeirq: fix wake irq warning in system suspend
mmc: tmio: avoid concurrent runs of mmc_request_done()
fuse: don't unhash root
PCI: Drop pci_device_remove() test of pci_dev->driver
PCI/PM: Drain runtime-idle callbacks before driver removal
Revert "Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d""
dm-raid: fix lockdep waring in "pers->hot_add_disk"
mmc: core: Fix switch on gp3 partition
hwmon: (amc6821) add of_match table
ext4: fix corruption during on-line resize
slimbus: core: Remove usage of the deprecated ida_simple_xx() API
speakup: Fix 8bit characters from direct synth
kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1
vfio/platform: Disable virqfds on cleanup
soc: fsl: qbman: Always disable interrupts when taking cgr_lock
soc: fsl: qbman: Add helper for sanity checking cgr ops
soc: fsl: qbman: Add CGR update function
soc: fsl: qbman: Use raw spinlock for cgr_lock
s390/zcrypt: fix reference counting on zcrypt card objects
drm/imx/ipuv3: do not return negative values from .get_modes()
drm/vc4: hdmi: do not return negative values from .get_modes()
memtest: use {READ,WRITE}_ONCE in memory scanning
nilfs2: fix failure to detect DAT corruption in btree and direct mappings
nilfs2: use a more common logging style
nilfs2: prevent kernel bug at submit_bh_wbc()
x86/CPU/AMD: Update the Zenbleed microcode revisions
ahci: asm1064: correct count of reported ports
ahci: asm1064: asm1166: don't limit reported ports
comedi: comedi_test: Prevent timers rescheduling during deletion
netfilter: nf_tables: disallow anonymous set with timeout flag
netfilter: nf_tables: reject constant set with timeout
xfrm: Avoid clang fortify warning in copy_to_user_tmpl()
ALSA: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform
USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
usb: gadget: ncm: Fix handling of zero block length packets
usb: port: Don't try to peer unused USB ports based on location
tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled
vt: fix unicode buffer corruption when deleting characters
vt: fix memory overlapping when deleting chars in the buffer
mm/memory-failure: fix an incorrect use of tail pages
mm/migrate: set swap entry values of THP tail pages properly.
wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
exec: Fix NOMMU linux_binprm::exec in transfer_args_to_stack()
usb: cdc-wdm: close race between read and workqueue
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
printk: Update @console_may_schedule in console_trylock_spinning()
btrfs: allocate btrfs_ioctl_defrag_range_args on stack
Revert "loop: Check for overflow while configuring loop"
loop: Call loop_config_discard() only after new config is applied
loop: Remove sector_t truncation checks
loop: Factor out setting loop device size
loop: Refactor loop_set_status() size calculation
loop: properly observe rotational flag of underlying device
perf/core: Fix reentry problem in perf_output_read_group()
efivarfs: Request at most 512 bytes for variable names
powerpc: xor_vmx: Add '-mhard-float' to CFLAGS
loop: Factor out configuring loop from status
loop: Check for overflow while configuring loop
loop: loop_set_status_from_info() check before assignment
usb: dwc2: host: Fix remote wakeup from hibernation
usb: dwc2: host: Fix hibernation flow
usb: dwc2: host: Fix ISOC flow in DDMA mode
usb: dwc2: gadget: LPM flow fix
usb: udc: remove warning when queue disabled ep
scsi: qla2xxx: Fix command flush on cable pull
x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled
scsi: lpfc: Correct size for wqe for memset()
USB: core: Fix deadlock in usb_deauthorize_interface()
nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
mptcp: add sk_stop_timer_sync helper
tcp: properly terminate timers for kernel sockets
r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d
Bluetooth: hci_event: set the conn encrypted before conn establishes
Bluetooth: Fix TOCTOU in HCI debugfs implementation
netfilter: nf_tables: disallow timeout for anonymous sets
net/rds: fix possible cp null dereference
Revert "x86/mm/ident_map: Use gbpages only where full GB page should be mapped."
mm, vmscan: prevent infinite loop for costly GFP_NOIO | __GFP_RETRY_MAYFAIL allocations
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
net/sched: act_skbmod: prevent kernel-infoleak
net: stmmac: fix rx queue priority assignment
selftests: reuseaddr_conflict: add missing new line at the end of the output
ipv6: Fix infinite recursion in fib6_dump_done().
i40e: fix vf may be used uninitialized in this function warning
staging: mmal-vchiq: Avoid use of bool in structures
staging: mmal-vchiq: Allocate and free components as required
staging: mmal-vchiq: Fix client_component for 64 bit kernel
staging: vc04_services: changen strncpy() to strscpy_pad()
staging: vc04_services: fix information leak in create_component()
initramfs: factor out a helper to populate the initrd image
fs: add a vfs_fchown helper
fs: add a vfs_fchmod helper
initramfs: switch initramfs unpacking to struct file based APIs
init: open /initrd.image with O_LARGEFILE
erspan: Add type I version 0 support.
erspan: make sure erspan_base_hdr is present in skb->head
ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw
ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit
ata: sata_mv: Fix PCI device ID table declaration compilation warning
ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone
wifi: ath9k: fix LNA selection in ath_ant_try_scan()
VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
arm64: dts: rockchip: fix rk3399 hdmi ports node
tools/power x86_energy_perf_policy: Fix file leak in get_pkg_num()
btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
btrfs: export: handle invalid inode or root reference in btrfs_get_parent()
btrfs: send: handle path ref underflow in header iterate_inode_ref()
Bluetooth: btintel: Fix null ptr deref in btintel_read_version
Input: synaptics-rmi4 - fail probing if memory allocation for "phys" fails
sysv: don't call sb_bread() with pointers_lock held
scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
isofs: handle CDs with bad root inode but good Joliet root directory
media: sta2x11: fix irq handler cast
drm/amd/display: Fix nanosec stat overflow
SUNRPC: increase size of rpc_wait_queue.qlen from unsigned short to unsigned int
block: prevent division by zero in blk_rq_stat_sum()
Input: allocate keycode for Display refresh rate toggle
ktest: force $buildonly = 1 for 'make_warnings_file' test type
tools: iio: replace seekdir() in iio_generic_buffer
usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined
fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
fbmon: prevent division by zero in fb_videomode_from_videomode()
tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
drm/vkms: call drm_atomic_helper_shutdown before drm_dev_put()
virtio: reenable config if freezing device failed
x86/mm/pat: fix VM_PAT handling in COW mappings
Bluetooth: btintel: Fixe build regression
VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()
erspan: Check IFLA_GRE_ERSPAN_VER is set.
ip_gre: do not report erspan version on GRE interface
initramfs: fix populate_initrd_image() section mismatch
amdkfd: use calloc instead of kzalloc to avoid integer overflow
Linux 4.19.312
Change-Id: Ic4c50de6afb4c88c8011be6cc93f960d2dc968e0
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Geert Uytterhoeven
|
931e5381cb |
initramfs: fix populate_initrd_image() section mismatch
commit 4ada1e810038e9dbc20e40b524e05ee1a9d31f98 upstream.
With gcc-4.6.3:
WARNING: vmlinux.o(.text.unlikely+0x140): Section mismatch in reference from the function populate_initrd_image() to the variable .init.ramfs.info:__initramfs_size
The function populate_initrd_image() references
the variable __init __initramfs_size.
This is often because populate_initrd_image lacks a __init
annotation or the annotation of __initramfs_size is wrong.
WARNING: vmlinux.o(.text.unlikely+0x14c): Section mismatch in reference from the function populate_initrd_image() to the function .init.text:unpack_to_rootfs()
The function populate_initrd_image() references
the function __init unpack_to_rootfs().
This is often because populate_initrd_image lacks a __init
annotation or the annotation of unpack_to_rootfs is wrong.
WARNING: vmlinux.o(.text.unlikely+0x198): Section mismatch in reference from the function populate_initrd_image() to the function .init.text:xwrite()
The function populate_initrd_image() references
the function __init xwrite().
This is often because populate_initrd_image lacks a __init
annotation or the annotation of xwrite is wrong.
Indeed, if the compiler decides not to inline populate_initrd_image(), a
warning is generated.
Fix this by adding the missing __init annotations.
Link: http://lkml.kernel.org/r/20190617074340.12779-1-geert@linux-m68k.org
Fixes: 7c184ecd262fe64f ("initramfs: factor out a helper to populate the initrd image")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
John Sperbeck
|
9f0dcca773 |
init: open /initrd.image with O_LARGEFILE
[ Upstream commit 4624b346cf67400ef46a31771011fb798dd2f999 ] If initrd data is larger than 2Gb, we'll eventually fail to write to the /initrd.image file when we hit that limit, unless O_LARGEFILE is set. Link: https://lkml.kernel.org/r/20240317221522.896040-1-jsperbeck@google.com Signed-off-by: John Sperbeck <jsperbeck@google.com> Cc: Jens Axboe <axboe@kernel.dk> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: <stable@vger.kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Christoph Hellwig
|
246d6635dc |
initramfs: switch initramfs unpacking to struct file based APIs
[ Upstream commit bf6419e4d5440c6d414a320506c5488857a5b001 ] There is no good reason to mess with file descriptors from in-kernel code, switch the initramfs unpacking to struct file based write instead. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Stable-dep-of: 4624b346cf67 ("init: open /initrd.image with O_LARGEFILE") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Christoph Hellwig
|
a65f5dbf32 |
initramfs: factor out a helper to populate the initrd image
[ Upstream commit 7c184ecd262fe64fe8cf4e099e0f7cefe88d88b2 ] This will allow for cleaner code sharing in the caller. Link: http://lkml.kernel.org/r/20190213174621.29297-5-hch@lst.de Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Mike Rapoport <rppt@linux.ibm.com> Cc: Catalin Marinas <catalin.marinas@arm.com> [arm64] Cc: Geert Uytterhoeven <geert@linux-m68k.org> [m68k] Cc: Steven Price <steven.price@arm.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Guan Xuetao <gxt@pku.edu.cn> Cc: Russell King <linux@armlinux.org.uk> Cc: Will Deacon <will.deacon@arm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Stable-dep-of: 4624b346cf67 ("init: open /initrd.image with O_LARGEFILE") Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
2a9e108639 |
Merge 4.19.290 into android-4.19-stable
Changes in 4.19.290 init: Provide arch_cpu_finalize_init() x86/cpu: Switch to arch_cpu_finalize_init() ARM: cpu: Switch to arch_cpu_finalize_init() ia64/cpu: Switch to arch_cpu_finalize_init() m68k/cpu: Switch to arch_cpu_finalize_init() mips/cpu: Switch to arch_cpu_finalize_init() sh/cpu: Switch to arch_cpu_finalize_init() sparc/cpu: Switch to arch_cpu_finalize_init() um/cpu: Switch to arch_cpu_finalize_init() init: Remove check_bugs() leftovers init: Invoke arch_cpu_finalize_init() earlier init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() x86/fpu: Remove cpuinfo argument from init functions x86/fpu: Mark init functions __init x86/fpu: Move FPU initialization into arch_cpu_finalize_init() x86/speculation: Add Gather Data Sampling mitigation x86/speculation: Add force option to GDS mitigation x86/speculation: Add Kconfig option for GDS KVM: Add GDS_NO support to KVM x86/xen: Fix secondary processors' FPU initialization Documentation/x86: Fix backwards on/off logic about YMM support xen/netback: Fix buffer overrun triggered by unusual packet x86: fix backwards merge of GDS/SRSO bit Linux 4.19.290 Change-Id: I699dd469dfb5a6cbe3ed2ae723a945b9f769922d Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Thomas Gleixner
|
211ec614c9 |
init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
commit 439e17576eb47f26b78c5bbc72e344d4206d2327 upstream Invoke the X86ism mem_encrypt_init() from X86 arch_cpu_finalize_init() and remove the weak fallback from the core code. No functional change. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20230613224545.670360645@linutronix.de Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
82f4acbce8 |
init: Invoke arch_cpu_finalize_init() earlier
commit 9df9d2f0471b4c4702670380b8d8a45b40b23a7d upstream X86 is reworking the boot process so that initializations which are not required during early boot can be moved into the late boot process and out of the fragile and restricted initial boot phase. arch_cpu_finalize_init() is the obvious place to do such initializations, but arch_cpu_finalize_init() is invoked too late in start_kernel() e.g. for initializing the FPU completely. fork_init() requires that the FPU is initialized as the size of task_struct on X86 depends on the size of the required FPU register buffer. Fortunately none of the init calls between calibrate_delay() and arch_cpu_finalize_init() is relevant for the functionality of arch_cpu_finalize_init(). Invoke it right after calibrate_delay() where everything which is relevant for arch_cpu_finalize_init() has been set up already. No functional change intended. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Rick Edgecombe <rick.p.edgecombe@intel.com> Link: https://lore.kernel.org/r/20230613224545.612182854@linutronix.de Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
ecc68c37bb |
init: Remove check_bugs() leftovers
commit 61235b24b9cb37c13fcad5b9596d59a1afdcec30 upstream Everything is converted over to arch_cpu_finalize_init(). Remove the check_bugs() leftovers including the empty stubs in asm-generic, alpha, parisc, powerpc and xtensa. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Link: https://lore.kernel.org/r/20230613224545.553215951@linutronix.de Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Thomas Gleixner
|
ecc9d725a3 |
init: Provide arch_cpu_finalize_init()
commit 7725acaa4f0c04fbefb0e0d342635b967bb7d414 upstream check_bugs() has become a dumping ground for all sorts of activities to finalize the CPU initialization before running the rest of the init code. Most are empty, a few do actual bug checks, some do alternative patching and some cobble a CPU advertisement string together.... Aside of that the current implementation requires duplicated function declaration and mostly empty header files for them. Provide a new function arch_cpu_finalize_init(). Provide a generic declaration if CONFIG_ARCH_HAS_CPU_FINALIZE_INIT is selected and a stub inline otherwise. This requires a temporary #ifdef in start_kernel() which will be removed along with check_bugs() once the architectures are converted over. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20230613224544.957805717@linutronix.de Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
25e813ddc6 |
Merge 4.19.249 into android-4.19-stable
Changes in 4.19.249
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
drivers/char/random.c: constify poolinfo_table
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: make primary_crng static
random: only read from /dev/random after its pool has received 128 bits
random: move rand_initialize() earlier
random: document get_random_int() family
latent_entropy: avoid build error when plugin cflags are not set
random: fix soft lockup when trying to read from an uninitialized blocking pool
random: Support freezable kthreads in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Use wait_event_freezable() in add_hwgenerator_randomness()
char/random: Add a newline at the end of the file
Revert "hwrng: core - Freeze khwrng thread during suspend"
crypto: blake2s - generic C library implementation and selftest
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: sha1: re-roll loops to reduce code size
random: Don't wake crng_init_wait when crng_init == 1
random: Add a urandom_read_nowait() for random APIs that don't warn
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: ignore GRND_RANDOM in getentropy(2)
random: make /dev/random be almost like /dev/urandom
char/random: silence a lockdep splat with printk()
random: fix crash on multiple early calls to add_bootloader_randomness()
random: remove the blocking pool
random: delete code to pull data into pools
random: remove kernel.random.read_wakeup_threshold
random: remove unnecessary unlikely()
random: convert to ENTROPY_BITS for better code readability
random: Add and use pr_fmt()
random: fix typo in add_timer_randomness()
random: remove some dead code of poolinfo
random: split primary/secondary crng init paths
random: avoid warnings for !CONFIG_NUMA builds
x86: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
s390: Remove arch_has_random, arch_has_random_seed
linux/random.h: Remove arch_has_random, arch_has_random_seed
linux/random.h: Use false with bool
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
powerpc: Use bool in archrandom.h
random: add arch_get_random_*long_early()
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: remove dead code left over from blocking pool
MAINTAINERS: co-maintain random.c
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
crypto: blake2s - adjust include guard naming
random: document add_hwgenerator_randomness() with other input functions
random: remove unused irq_flags argument from add_interrupt_randomness()
random: use BLAKE2s instead of SHA1 in extraction
random: do not sign extend bytes for rotation when mixing
random: do not re-init if crng_reseed completes before primary init
random: mix bootloader randomness into pool
random: harmonize "crng init done" messages
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: initialize ChaCha20 constants with correct endianness
random: early initialization of ChaCha constants
random: avoid superfluous call to RDRAND in CRNG extraction
random: don't reset crng_init_cnt on urandom_read()
random: fix typo in comments
random: cleanup poolinfo abstraction
random: cleanup integer types
random: remove incomplete last_data logic
random: remove unused extract_entropy() reserved argument
random: rather than entropy_store abstraction, use global
random: remove unused OUTPUT_POOL constants
random: de-duplicate INPUT_POOL constants
random: prepend remaining pool constants with POOL_
random: cleanup fractional entropy shift constants
random: access input_pool_data directly rather than through pointer
random: simplify arithmetic function flow in account()
random: continually use hwgenerator randomness
random: access primary_pool directly rather than through pointer
random: only call crng_finalize_init() for primary_crng
random: use computational hash for entropy extraction
random: simplify entropy debiting
random: use linear min-entropy accumulation crediting
random: always wake up entropy writers after extraction
random: make credit_entropy_bits() always safe
random: remove use_input_pool parameter from crng_reseed()
random: remove batched entropy locking
random: fix locking in crng_fast_load()
random: use RDSEED instead of RDRAND in entropy extraction
random: inline leaves of rand_initialize()
random: ensure early RDSEED goes through mixer on init
random: do not xor RDRAND when writing into /dev/random
random: absorb fast pool into input pool after fast load
random: use hash function for crng_slow_load()
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: zero buffer after reading entropy from userspace
random: tie batched entropy generation to base_crng generation
random: remove ifdef'd out interrupt bench
random: remove unused tracepoints
random: add proper SPDX header
random: deobfuscate irq u32/u64 contributions
random: introduce drain_entropy() helper to declutter crng_reseed()
random: remove useless header comment
random: remove whitespace and reorder includes
random: group initialization wait functions
random: group entropy extraction functions
random: group entropy collection functions
random: group userspace read/write functions
random: group sysctl functions
random: rewrite header introductory comment
random: defer fast pool mixing to worker
random: do not take pool spinlock at boot
random: unify early init crng load accounting
random: check for crng_init == 0 in add_device_randomness()
random: pull add_hwgenerator_randomness() declaration into random.h
random: clear fast pool, crng, and batches in cpuhp bring up
random: round-robin registers as ulong, not u32
random: only wake up writers after zap if threshold was passed
random: cleanup UUID handling
random: unify cycles_t and jiffies usage and types
random: do crng pre-init loading in worker rather than irq
random: give sysctl_random_min_urandom_seed a more sensible value
random: don't let 644 read-only sysctls be written to
random: replace custom notifier chain with standard one
random: use SipHash as interrupt entropy accumulator
random: make consistent usage of crng_ready()
random: reseed more often immediately after booting
random: check for signal and try earlier when generating entropy
random: skip fast_init if hwrng provides large chunk of entropy
random: treat bootloader trust toggle the same way as cpu trust toggle
random: re-add removed comment about get_random_{u32,u64} reseeding
random: mix build-time latent entropy into pool at init
random: do not split fast init input in add_hwgenerator_randomness()
random: do not allow user to keep crng key around on stack
random: check for signal_pending() outside of need_resched() check
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: make random_get_entropy() return an unsigned long
random: document crng_fast_key_erasure() destination possibility
random: fix sysctl documentation nits
init: call time_init() before rand_initialize()
ia64: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
powerpc: define get_cycles macro for arch-override
timekeeping: Add raw clock fallback for random_get_entropy()
m68k: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
arm: use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
xtensa: use fallback for random_get_entropy() instead of zero
random: insist on random_get_entropy() existing in order to simplify
random: do not use batches when !crng_ready()
random: do not pretend to handle premature next security model
random: order timer entropy functions below interrupt functions
random: do not use input pool from hard IRQs
random: help compiler out with fast_mix() by using simpler arguments
siphash: use one source of truth for siphash permutations
random: use symbolic constants for crng_init states
random: avoid initializing twice in credit race
random: remove ratelimiting for in-kernel unseeded randomness
random: use proper jiffies comparison macro
random: handle latent entropy and command line from random_init()
random: credit architectural init the exact amount
random: use static branch for crng_ready()
random: remove extern from functions in header
random: use proper return types on get_random_{int,long}_wait()
random: move initialization functions out of hot pages
random: move randomize_page() into mm where it belongs
random: convert to using fops->write_iter()
random: wire up fops->splice_{read,write}_iter()
random: check for signals after page of pool writes
Revert "random: use static branch for crng_ready()"
crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - make reseeding from get_random_bytes() synchronous
random: avoid checking crng_ready() twice in random_init()
random: mark bootloader randomness code as __init
random: account for arch randomness in bits
powerpc/kasan: Silence KASAN warnings in __get_wchan()
ASoC: cs42l52: Fix TLV scales for mixer controls
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: wm8962: Fix suspend while playing music
ASoC: es8328: Fix event generation for deemphasis control
ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: ipr: Fix missing/incorrect resource cleanup in error case
scsi: pmcraid: Fix missing resource cleanup in error case
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
random: credit cpu and bootloader seeds by default
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
i40e: Fix adding ADQ filter to TC0
i40e: Fix call trace in setup_tx_descriptors
tty: goldfish: Fix free_irq() on remove
misc: atmel-ssc: Fix IRQ check in ssc_probe
mlxsw: spectrum_cnt: Reorder counter pools
net: bgmac: Fix an erroneous kfree() in bgmac_remove()
arm64: ftrace: fix branch range checks
certs/blacklist_hashes.c: fix const confusion in certs blacklist
faddr2line: Fix overlapping text section failures, the sequel
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions
comedi: vmk80xx: fix expression for tx buffer size
USB: serial: option: add support for Cinterion MV31 with new baseline
USB: serial: io_ti: add Agilent E5805A support
usb: dwc2: Fix memory leak in dwc2_hcd_init
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
serial: 8250: Store to lsr_save_flags after lsr read
ext4: fix bug_on ext4_mb_use_inode_pa
ext4: make variable "count" signed
ext4: add reserved GDT blocks check
virtio-pci: Remove wrong address verification in vp_del_vqs()
net: openvswitch: fix misuse of the cached connection on tuple changes
net: openvswitch: fix leak of nested actions
RISC-V: fix barrier() use in <vdso/processor.h>
powerpc/mm: Switch obsolete dssall to .long
s390/mm: use non-quiescing sske for KVM switch to keyed guest
usb: gadget: u_ether: fix regression in setting fixed MAC address
xprtrdma: fix incorrect header size calculations
tcp: add some entropy in __inet_hash_connect()
tcp: use different parts of the port_offset for index and offset
tcp: add small random increments to the source port
tcp: dynamically allocate the perturb table used by source ports
tcp: increase source port perturb table to 2^16
tcp: drop the hash_32() part from the index calculation
Revert "hwmon: Make chip parameter for with_info API mandatory"
Linux 4.19.249
Merge resolution notes:
- Dropped the changes that added an LTS-specific backport of the
blake2s library, since this branch already has a newer version of
the blake2s library.
- Added CHACHA20_KEY_SIZE and CHACHA20_BLOCK_SIZE constants to
chacha.h, to minimize changes from the 4.19 LTS version of random.c
- Retain a fix to the rng-seed support in drivers/of/fdt.c that this
branch and 4.19.250 have, but 4.19.249 doesn't have.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If9d9e3168f0976f61ae1ab9b36c063558a7f6ebf
|
||
|
Jason A. Donenfeld
|
94a51ffecb |
random: handle latent entropy and command line from random_init()
commit 2f14062bb14b0fcfcc21e6dc7d5b5c0d25966164 upstream. Currently, start_kernel() adds latent entropy and the command line to the entropy bool *after* the RNG has been initialized, deferring when it's actually used by things like stack canaries until the next time the pool is seeded. This surely is not intended. Rather than splitting up which entropy gets added where and when between start_kernel() and random_init(), just do everything in random_init(), which should eliminate these kinds of bugs in the future. While we're at it, rename the awkwardly titled "rand_initialize()" to the more standard "random_init()" nomenclature. Reviewed-by: Dominik Brodowski <linux@dominikbrodowski.net> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jason A. Donenfeld
|
c5c0040fbb |
init: call time_init() before rand_initialize()
commit fe222a6ca2d53c38433cba5d3be62a39099e708e upstream. Currently time_init() is called after rand_initialize(), but rand_initialize() makes use of the timer on various platforms, and sometimes this timer needs to be initialized by time_init() first. In order for random_get_entropy() to not return zero during early boot when it's potentially used as an entropy source, reverse the order of these two calls. The block doing random initialization was right before time_init() before, so changing the order shouldn't have any complicated effects. Cc: Andrew Morton <akpm@linux-foundation.org> Reviewed-by: Stafford Horne <shorne@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kees Cook
|
d7b3bc8b4f |
random: move rand_initialize() earlier
commit d55535232c3dbde9a523a9d10d68670f5fe5dec3 upstream. Right now rand_initialize() is run as an early_initcall(), but it only depends on timekeeping_init() (for mixing ktime_get_real() into the pools). However, the call to boot_init_stack_canary() for stack canary initialization runs earlier, which triggers a warning at boot: random: get_random_bytes called from start_kernel+0x357/0x548 with crng_init=0 Instead, this moves rand_initialize() to after timekeeping_init(), and moves canary initialization here as well. Note that this warning may still remain for machines that do not have UEFI RNG support (which initializes the RNG pools during setup_arch()), or for x86 machines without RDRAND (or booting without "random.trust=on" or CONFIG_RANDOM_TRUST_CPU=y). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
ce7025b713 |
Merge 4.19.238 into android-4.19-stable
Changes in 4.19.238 USB: serial: pl2303: add IBM device IDs USB: serial: simple: add Nokia phone driver netdevice: add the case if dev is NULL xfrm: fix tunnel model fragmentation behavior virtio_console: break out of buf poll on remove ethernet: sun: Free the coherent when failing in probing spi: Fix invalid sgs value net:mcf8390: Use platform_get_irq() to get the interrupt spi: Fix erroneous sgs value with min_t() af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register fuse: fix pipe buffer lifetime for direct_io tpm: fix reference counting for struct tpm_chip block: Add a helper to validate the block size virtio-blk: Use blk_validate_block_size() to validate block size USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c xhci: make xhci_handshake timeout for xhci_reset() adjustable coresight: Fix TRCCONFIGR.QE sysfs interface iio: afe: rescale: use s64 for temporary scale calculations iio: inkern: apply consumer scale on IIO_VAL_INT cases iio: inkern: apply consumer scale when no channel scale is available iio: inkern: make a best effort on offset calculation clk: uniphier: Fix fixed-rate initialization ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE Documentation: add link to stable release candidate tree Documentation: update stable tree link SUNRPC: avoid race between mod_timer() and del_timer_sync() NFSD: prevent underflow in nfssvc_decode_writeargs() NFSD: prevent integer overflow on 32 bit systems f2fs: fix to unlock page correctly in error path of is_alive() pinctrl: samsung: drop pin banks references on error paths can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path jffs2: fix use-after-free in jffs2_clear_xattr_subsystem jffs2: fix memory leak in jffs2_do_mount_fs jffs2: fix memory leak in jffs2_scan_medium mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node mm: invalidate hwpoison page cache page in fault path mempolicy: mbind_range() set_policy() after vma_merge() scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands qed: display VF trust config qed: validate and restrict untrusted VFs vlan promisc mode Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" ALSA: cs4236: fix an incorrect NULL check on list iterator ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 mm,hwpoison: unmap poisoned page before invalidation drbd: fix potential silent data corruption powerpc/kvm: Fix kvm_use_magic_page ACPI: properties: Consistently return -ENOENT if there are no more references drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() block: don't merge across cgroup boundaries if blkcg is enabled drm/edid: check basic audio support on CEA extension block video: fbdev: sm712fb: Fix crash in smtcfb_read() video: fbdev: atari: Atari 2 bpp (STe) palette bugfix ARM: dts: at91: sama5d2: Fix PMERRLOC resource size ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 ARM: dts: exynos: add missing HDMI supplies on SMDK5250 ARM: dts: exynos: add missing HDMI supplies on SMDK5420 carl9170: fix missing bit-wise or operator for tx_params thermal: int340x: Increase bitmap size lib/raid6/test: fix multiple definition linking error DEC: Limit PMAX memory probing to R3k systems media: davinci: vpif: fix unbalanced runtime PM get brcmfmac: firmware: Allocate space for default boardrev in nvram brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio PCI: pciehp: Clear cmd_busy bit in polling mode regulator: qcom_smd: fix for_each_child.cocci warnings crypto: authenc - Fix sleep in atomic context in decrypt_tail crypto: mxs-dcp - Fix scatterlist processing spi: tegra114: Add missing IRQ check in tegra_spi_probe selftests/x86: Add validity check and allow field splitting spi: pxa2xx-pci: Balance reference count for PCI DMA device hwmon: (pmbus) Add mutex to regulator ops hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING block: don't delete queue kobject before its children PM: hibernate: fix __setup handler error handling PM: suspend: fix return value of __setup handler hwrng: atmel - disable trng on failure path crypto: vmx - add missing dependencies clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() ACPI: APEI: fix return value of __setup handlers crypto: ccp - ccp_dmaengine_unregister release dma channels hwmon: (pmbus) Add Vin unit off handling clocksource: acpi_pm: fix return value of __setup handler sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa perf/core: Fix address filter parser for multiple filters perf/x86/intel/pt: Fix address filter config for 32-bit kernel media: coda: Fix missing put_device() call in coda_get_vdoa_data video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() ARM: dts: qcom: ipq4019: fix sleep clock soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe media: em28xx: initialize refcount before kref_get media: usb: go7007: s2250-board: fix leak in probe() ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() ASoC: ti: davinci-i2s: Add check for clk_enable() ALSA: spi: Add check for clk_enable() arm64: dts: ns2: Fix spi-cpol and spi-cpha property arm64: dts: broadcom: Fix sata nodename printk: fix return value of printk.devkmsg __setup handler ASoC: mxs-saif: Handle errors for clk_enable ASoC: atmel_ssc_dai: Handle errors for clk_enable memory: emif: Add check for setup_interrupts memory: emif: check the pointer temp in get_device_details() ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe ASoC: wm8350: Handle error for wm8350_register_irq ASoC: fsi: Add check for clk_enable video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of ASoC: dmaengine: do not use a NULL prepare_slave_config() callback ASoC: mxs: Fix error handling in mxs_sgtl5000_probe ASoC: imx-es8328: Fix error return code in imx_es8328_probe() ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe mmc: davinci_mmc: Handle error for clk_enable drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern Bluetooth: hci_serdev: call init_rwsem() before p->open() mtd: onenand: Check for error irq drm/edid: Don't clear formats if using deep color drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() ath9k_htc: fix uninit value bugs KVM: PPC: Fix vmx/vsx mixup in mmio emulation power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe ray_cs: Check ioremap return value power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports iwlwifi: Fix -EIO error code that is never returned dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS scsi: pm8001: Fix command initialization in pm80XX_send_read_log() scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() scsi: pm8001: Fix abort all task initialization TOMOYO: fix __setup handlers return values ext2: correct max file size computing drm/tegra: Fix reference leak in tegra_dsi_ganged_probe power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt powerpc/Makefile: Don't pass -mcpu=powerpc64 when building 32-bit KVM: x86: Fix emulation in writing cr8 KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() hv_balloon: rate-limit "Unhandled message" warning i2c: xiic: Make bus names unique power: supply: wm8350-power: Handle error for wm8350_register_irq power: supply: wm8350-power: Add missing free in free_charger_irq PCI: Reduce warnings on possible RW1C corruption powerpc/sysdev: fix incorrect use to determine if list is empty mfd: mc13xxx: Add check for mc13xxx_irq_request vxcan: enable local echo for sent CAN frames MIPS: RB532: fix return value of __setup handler mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init USB: storage: ums-realtek: fix error code in rts51x_read_mem() af_netlink: Fix shift out of bounds in group mask calculation i2c: mux: demux-pinctrl: do not deactivate a master that is not active selftests/bpf/test_lirc_mode2.sh: Exit with proper code tcp: ensure PMTU updates are processed during fastopen mfd: asic3: Add missing iounmap() on error asic3_mfd_probe mxser: fix xmit_buf leak in activate when LSR == 0xff pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() staging:iio:adc:ad7280a: Fix handing of device address bit reversing. clk: qcom: ipq8074: Use floor ops for SDCC1 clock serial: 8250_mid: Balance reference count for PCI DMA device serial: 8250: Fix race condition in RTS-after-send handling iio: adc: Add check for devm_request_threaded_irq dma-debug: fix return value of __setup handlers clk: qcom: clk-rcg2: Update the frac table for pixel clock remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region clk: actions: Terminate clk_div_table with sentinel element clk: loongson1: Terminate clk_div_table with sentinel element clk: clps711x: Terminate clk_div_table with sentinel element clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver NFS: remove unneeded check in decode_devicenotify_args() pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe tty: hvc: fix return value of __setup handler kgdboc: fix return value of __setup handler kgdbts: fix return value of __setup handler jfs: fix divide error in dbNextAG netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options clk: qcom: gcc-msm8994: Fix gpll4 width xen: fix is_xen_pmu() net: phy: broadcom: Fix brcm_fet_config_init() qlcnic: dcb: default to returning -EOPNOTSUPP net/x25: Fix null-ptr-deref caused by x25_disconnect NFSv4/pNFS: Fix another issue with a list iterator pointing to the head lib/test: use after free in register_test_dev_kmod() selinux: use correct type for context length loop: use sysfs_emit() in the sysfs xxx show() Fix incorrect type in assignment of ipv6 port for audit irqchip/qcom-pdc: Fix broken locking irqchip/nvic: Release nvic_base upon failure bfq: fix use-after-free in bfq_dispatch_request ACPICA: Avoid walking the ACPI Namespace if it is not there lib/raid6/test/Makefile: Use $(pound) instead of \# for Make 4.3 Revert "Revert "block, bfq: honor already-setup queue merges"" ACPI/APEI: Limit printable size of BERT table data PM: core: keep irq flags in device_pm_check_callbacks() spi: tegra20: Use of_device_get_match_data() ext4: don't BUG if someone dirty pages without asking ext4 first ntfs: add sanity check on allocation size video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow video: fbdev: w100fb: Reset global state video: fbdev: cirrusfb: check pixclock to avoid divide by zero video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960 ARM: dts: bcm2837: Add the missing L1/L2 cache information video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf() video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf() video: fbdev: udlfb: replace snprintf in show functions with sysfs_emit ASoC: soc-core: skip zero num_dai component in searching dai name media: cx88-mpeg: clear interrupt status register before streaming video ARM: tegra: tamonten: Fix I2C3 pad setting ARM: mmp: Fix failure to remove sram device video: fbdev: sm712fb: Fix crash in smtcfb_write() media: Revert "media: em28xx: add missing em28xx_close_extension" media: hdpvr: initialize dev->worker at hdpvr_register_videodev mmc: host: Return an error when ->enable_sdio_irq() ops is missing powerpc/lib/sstep: Fix 'sthcx' instruction powerpc/lib/sstep: Fix build errors with newer binutils powerpc: Fix build errors with newer binutils scsi: qla2xxx: Fix stuck session in gpdb scsi: qla2xxx: Fix warning for missing error code scsi: qla2xxx: Check for firmware dump already collected scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() scsi: qla2xxx: Fix incorrect reporting of task management failure scsi: qla2xxx: Fix hang due to session stuck scsi: qla2xxx: Reduce false trigger to login scsi: qla2xxx: Use correct feature type field during RFF_ID processing KVM: Prevent module exit until all VMs are freed KVM: x86: fix sending PV IPI ubifs: rename_whiteout: Fix double free for whiteout_ui->data ubifs: Fix deadlock in concurrent rename whiteout and inode writeback ubifs: Add missing iput if do_tmpfile() failed in rename whiteout ubifs: setflags: Make dirtied_ino_d 8 bytes aligned ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() ubifs: rename_whiteout: correct old_dir size computing can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path can: mcba_usb: properly check endpoint type gfs2: Make sure FITRIM minlen is rounded up to fs block size pinctrl: pinconf-generic: Print arguments for bias-pull-* ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl ACPI: CPPC: Avoid out of bounds access when parsing _CPC data mm/mmap: return 1 from stack_guard_gap __setup() handler mm/memcontrol: return 1 from cgroup.memory __setup() handler mm/usercopy: return 1 from hardened_usercopy __setup() handler bpf: Fix comment for helper bpf_current_task_under_cgroup() ubi: fastmap: Return error code if memory allocation fails in add_aeb() ASoC: topology: Allow TLV control to be either read or write ARM: dts: spear1340: Update serial node properties ARM: dts: spear13xx: Update SPI dma properties um: Fix uml_mconsole stop/go openvswitch: Fixed nd target mask field in the flow dump. KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated ubifs: Rectify space amount budget for mkdir/tmpfile operations rtc: wm8350: Handle error for wm8350_register_irq riscv module: remove (NOLOAD) ARM: 9187/1: JIVE: fix return value of __setup handler KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs drm: Add orientation quirk for GPD Win Max ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj ptp: replace snprintf with sysfs_emit powerpc: dts: t104xrdb: fix phy type for FMAN 4/5 scsi: mvsas: Replace snprintf() with sysfs_emit() scsi: bfa: Replace snprintf() with sysfs_emit() power: supply: axp20x_battery: properly report current when discharging powerpc: Set crashkernel offset to mid of RMA region PCI: aardvark: Fix support for MSI interrupts iommu/arm-smmu-v3: fix event handling soft lockup usb: ehci: add pci device support for Aspeed platforms PCI: pciehp: Add Qualcomm quirk for Command Completed erratum ipv4: Invalidate neighbour for broadcast address upon address addition dm ioctl: prevent potential spectre v1 gadget drm/amdkfd: make CRAT table missing message informational only scsi: pm8001: Fix pm8001_mpi_task_abort_resp() scsi: aha152x: Fix aha152x_setup() __setup handler return value net/smc: correct settings of RMB window update limit macvtap: advertise link netns via netlink bnxt_en: Eliminate unintended link toggle during FW reset MIPS: fix fortify panic when copying asm exception handlers scsi: libfc: Fix use after free in fc_exch_abts_resp() usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm xtensa: fix DTC warning unit_address_format Bluetooth: Fix use after free in hci_send_acl init/main.c: return 1 from handled __setup() functions minix: fix bug when opening a file with O_DIRECT w1: w1_therm: fixes w1_seq for ds28ea00 sensors NFSv4: Protect the state recovery thread against direct reclaim xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 clk: Enforce that disjoints limits are invalid SUNRPC/call_alloc: async tasks mustn't block waiting for memory NFS: swap IO handling is slightly different for O_DIRECT IO NFS: swap-out must always use STABLE writes. serial: samsung_tty: do not unlock port->lock for uart_write_wakeup() virtio_console: eliminate anonymous module_init & module_exit jfs: prevent NULL deref in diFree parisc: Fix CPU affinity for Lasi, WAX and Dino chips net: add missing SOF_TIMESTAMPING_OPT_ID support mm: fix race between MADV_FREE reclaim and blkdev direct IO read KVM: arm64: Check arm64_get_bp_hardening_data() didn't return NULL drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() Drivers: hv: vmbus: Fix potential crash on module unload scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() net: stmmac: Fix unset max_speed difference between DT and non-DT platforms drm/imx: Fix memory leak in imx_pd_connector_get_modes net: openvswitch: don't send internal clone attribute to the userspace. rxrpc: fix a race in rxrpc_exit_net() qede: confirm skb is allocated before using spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() drbd: Fix five use after free bugs in get_initial_state Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning" mmc: renesas_sdhi: don't overwrite TAP settings when HS400 tuning is complete mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0) mm/mempolicy: fix mpol_new leak in shared_policy_replace x86/pm: Save the MSR validity status at context setup x86/speculation: Restore speculation related MSRs during S3 resume btrfs: fix qgroup reserve overflow the qgroup limit arm64: patch_text: Fixup last cpu should be master ata: sata_dwc_460ex: Fix crash due to OOB write perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator irqchip/gic-v3: Fix GICR_CTLR.RWP polling tools build: Filter out options and warnings not supported by clang tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error" mm: don't skip swap entry even if zap_details specified arm64: module: remove (NOLOAD) from linker script mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning cgroup: Use open-time credentials for process migraton perm checks cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv cgroup: Use open-time cgroup namespace for process migration perm checks selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 selftests: cgroup: Test open-time credential usage for migration checks selftests: cgroup: Test open-time cgroup namespace usage for migration checks xfrm: policy: match with both mark and mask on user interfaces drm/amdgpu: Check if fd really is an amdgpu fd. drm/amdkfd: Use drm_priv to pass VM from KFD to amdgpu Linux 4.19.238 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I55a3615d2fbf9bde9ac152456701b36a6c9d20b6 |
||
|
Randy Dunlap
|
c616808669 |
init/main.c: return 1 from handled __setup() functions
[ Upstream commit f9a40b0890658330c83c95511f9d6b396610defc ] initcall_blacklist() should return 1 to indicate that it handled its cmdline arguments. set_debug_rodata() should return 1 to indicate that it handled its cmdline arguments. Print a warning if the option string is invalid. This prevents these strings from being added to the 'init' program's environment as they are not init arguments/parameters. Link: https://lkml.kernel.org/r/20220221050901.23985-1-rdunlap@infradead.org Signed-off-by: Randy Dunlap <rdunlap@infradead.org> Reported-by: Igor Zhbanov <i.zhbanov@omprussia.ru> Cc: Ingo Molnar <mingo@kernel.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Sami Tolvanen
|
594de64394 |
kbuild: add CONFIG_LD_IS_LLD
commit b744b43f79cc758127042e71f9ad7b1afda30f84 upstream. Similarly to the CC_IS_CLANG config, add LD_IS_LLD to avoid GNU ld specific logic such as ld-version or ld-ifversion and gain the ability to select potential features that depend on the linker at configuration time such as LTO. Signed-off-by: Sami Tolvanen <samitolvanen@google.com> Acked-by: Masahiro Yamada <masahiroy@kernel.org> [nc: Reword commit message] Signed-off-by: Nathan Chancellor <natechancellor@gmail.com> Tested-by: Sedat Dilek <sedat.dilek@gmail.com> Reviewed-by: Sedat Dilek <sedat.dilek@gmail.com> Signed-off-by: Thomas Bogendoerfer <tsbogend@alpha.franken.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
68418bd545 |
Merge 4.19.230 into android-4.19-stable
Changes in 4.19.230 integrity: check the return value of audit_log_start() ima: Remove ima_policy file before directory ima: Allow template selection with ima_template[_fmt]= after ima_hash= mmc: sdhci-of-esdhc: Check for error num after setting mask net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs NFS: Fix initialisation of nfs_client cl_flags field NFSD: Clamp WRITE offsets NFSD: Fix offset type in I/O trace points NFSv4 only print the label when its queried nfs: nfs4clinet: check the return value of kstrdup() NFSv4.1: Fix uninitialised variable in devicenotify NFSv4 remove zero number of fs_locations entries error check NFSv4 expose nfs_parse_server_name function net: sched: Clarify error message when qdisc kind is unknown scsi: target: iscsi: Make sure the np under each tpg is unique usb: dwc2: gadget: don't try to disable ep0 in dwc2_hsotg_suspend net: stmmac: dwmac-sun8i: use return val of readl_poll_timeout() bpf: Add kconfig knob for disabling unpriv bpf by default ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group net: bridge: fix stale eth hdr pointer in br_dev_xmit perf probe: Fix ppc64 'perf probe add events failed' case ARM: dts: meson: Fix the UART compatible strings staging: fbtft: Fix error path in fbtft_driver_module_init() ARM: dts: imx6qdl-udoo: Properly describe the SD card detect usb: f_fs: Fix use-after-free for epfile ixgbevf: Require large buffers for build_skb on 82599VF bonding: pair enable_port with slave_arr_updates ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path net: do not keep the dst cache when uncloning an skb dst and its metadata net: fix a memleak when uncloning an skb dst and its metadata veth: fix races around rq->rx_notify_masked tipc: rate limit warning for received illegal binding update net: amd-xgbe: disable interrupts during pci removal vt_ioctl: fix array_index_nospec in vt_setactivate vt_ioctl: add array_index_nospec to VT_ACTIVATE n_tty: wake up poll(POLLRDNORM) on receiving data usb: ulpi: Move of_node_put to ulpi_dev_release usb: ulpi: Call of_node_put correctly usb: dwc3: gadget: Prevent core from processing stale TRBs USB: gadget: validate interface OS descriptor requests usb: gadget: rndis: check size of RNDIS_MSG_SET command USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 USB: serial: option: add ZTE MF286D modem USB: serial: ch341: add support for GW Instek USB2.0-Serial devices USB: serial: cp210x: add NCR Retail IO box id USB: serial: cp210x: add CPI Bulk Coin Recycler id seccomp: Invalidate seccomp mode to catch death failures hwmon: (dell-smm) Speed up setting of fan speed perf: Fix list corruption in perf_cgroup_switch() Linux 4.19.230 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I01d106ece6e54a9d688f57409c9b37aeb35c6707 |
||
|
Daniel Borkmann
|
07e7f7cc61 |
bpf: Add kconfig knob for disabling unpriv bpf by default
commit 08389d888287c3823f80b0216766b71e17f0aba5 upstream.
Add a kconfig knob which allows for unprivileged bpf to be disabled by default.
If set, the knob sets /proc/sys/kernel/unprivileged_bpf_disabled to value of 2.
This still allows a transition of 2 -> {0,1} through an admin. Similarly,
this also still keeps 1 -> {1} behavior intact, so that once set to permanently
disabled, it cannot be undone aside from a reboot.
We've also added extra2 with max of 2 for the procfs handler, so that an admin
still has a chance to toggle between 0 <-> 2.
Either way, as an additional alternative, applications can make use of CAP_BPF
that we added a while ago.
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/74ec548079189e4e4dffaeb42b8987bb3c852eee.1620765074.git.daniel@iogearbox.net
[fllinden@amazon.com: backported to 4.19]
Signed-off-by: Frank van der Linden <fllinden@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Nathan Chancellor
|
2d3bb19177 |
ANDROID: Add CONFIG_LLD_VERSION
CONFIG_LLD_VERSION was originally added in commit d5750cd3c548 ("kbuild:
Disable CONFIG_LD_ORPHAN_WARN for ld.lld 10.0.1"), which is not
applicable to 4.19. Additionally, lld-version.sh was eliminated and
combined into ld-version.sh in commit 02aff8592204 ("kbuild: check the
minimum linker version in Kconfig") and there was a follow up fix in
commit 1f09af062556 ("kbuild: Fix ld-version.sh script if LLD was built
with LLD_VENDOR"), which is a little large to take into
android-4.19-stable for the sake of fixing an LTO issue.
Add scripts/lld-version.sh but based on the upstream version of
ld-version.sh so that we benefit from the fixes but do not have to
backport a ton of patches just to get access to CONFIG_LLD_VERSION.
Change-Id: I686ce6cc5f503540d8336b914f0fe978951c469b
Signed-off-by: Nathan Chancellor <nathan@kernel.org>
|
||
|
Greg Kroah-Hartman
|
7fb3f18d8f |
Merge 4.19.194 into android-4.19-stable
Changes in 4.19.194 net: usb: cdc_ncm: don't spew notifications ALSA: usb: update old-style static const declaration nl80211: validate key indexes for cfg80211_registered_device efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared efi: cper: fix snprintf() use in cper_dimm_err_location() vfio/pci: Fix error return code in vfio_ecap_init() vfio/pci: zap_vma_ptes() needs MMU samples: vfio-mdev: fix error handing in mdpy_fb_probe() vfio/platform: fix module_put call in error flow ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service HID: pidff: fix error return code in hid_pidff_init() HID: i2c-hid: fix format string mismatch netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches ieee802154: fix error return code in ieee802154_add_iface() ieee802154: fix error return code in ieee802154_llsec_getparams() ixgbevf: add correct exception tracing for XDP tipc: add extack messages for bearer/media failure tipc: fix unique bearer names sanity check Bluetooth: fix the erroneous flush_work() order Bluetooth: use correct lock to prevent UAF of hdev object net: caif: added cfserl_release function net: caif: add proper error handling net: caif: fix memory leak in caif_device_notify net: caif: fix memory leak in cfusbl_device_notify HID: multitouch: require Finger field to mark Win8 reports as MT ALSA: timer: Fix master timer notification ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed usb: dwc2: Fix build in periphal-only mode pid: take a reference when initializing `cad_pid` ocfs2: fix data corruption by fallocate nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing btrfs: mark ordered extent and inode with error if we fail to finish btrfs: fix error handling in btrfs_del_csums btrfs: return errors from btrfs_del_csums in cleanup_ref_head btrfs: fixup error handling in fixup_inode_link_counts mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY bpf: fix test suite to enable all unpriv program types bpf: test make sure to run unpriv test cases in test_verifier selftests/bpf: Generalize dummy program types bpf: Add BPF_F_ANY_ALIGNMENT. bpf: Adjust F_NEEDS_EFFICIENT_UNALIGNED_ACCESS handling in test_verifier.c bpf: Make more use of 'any' alignment in test_verifier.c bpf: Apply F_NEEDS_EFFICIENT_UNALIGNED_ACCESS to more ACCEPT test cases. selftests/bpf: add "any alignment" annotation for some tests selftests/bpf: Avoid running unprivileged tests with alignment requirements bnxt_en: Remove the setting of dev_port. perf/cgroups: Don't rotate events for cgroups unnecessarily perf/core: Fix corner case in perf_rotate_context() btrfs: fix unmountable seed device after fstrim KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode KVM: arm64: Fix debug register indexing ACPI: probe ECDT before loading AML tables regardless of module-level code flag ACPI: EC: Look for ECDT EC after calling acpi_load_tables() sched/fair: Optimize select_idle_cpu xen-pciback: redo VF placement in the virtual topology Linux 4.19.194 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I87188f5f931bdb7987f2946859f899a42e29f4b1 |
||
|
Mark Rutland
|
d106f05432 |
pid: take a reference when initializing cad_pid
commit 0711f0d7050b9e07c44bc159bbc64ac0a1022c7f upstream. During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens proc_do_cad_pid() will increment the refcount on the new pid via get_pid(), and will decrement the refcount on the old pid via put_pid(). As we never called get_pid() when we initialized `cad_pid`, we decrement a reference we never incremented, can therefore free the init task's struct pid early. As there can be dangling references to the struct pid, we can later encounter a use-after-free (e.g. when delivering signals). This was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to have been around since the conversion of `cad_pid` to struct pid in commit |
||
|
bo.ye
|
c44ad28aa0 |
[ALPS05707974] [Do NOT Sync]Merge branch android-4.19-stable into alps-trunk-s0.basic
[Detail]
Target:
|
||
|
Greg Kroah-Hartman
|
a1403b314f |
Merge 4.19.186 into android-4.19-stable
Changes in 4.19.186 ARM: dts: am33xx: add aliases for mmc interfaces bus: ti-sysc: Fix warning on unbind if reset is not deasserted platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 net: pxa168_eth: Fix a potential data race in pxa168_eth_remove mISDN: fix crash in fritzpci mac80211: choose first enabled channel for monitor drm/msm: Ratelimit invalid-fence message platform/x86: thinkpad_acpi: Allow the FnLock LED to change state x86/build: Turn off -fcf-protection for realmode targets scsi: target: pscsi: Clean up after failure in pscsi_map_sg() ia64: mca: allocate early mca with GFP_ATOMIC ia64: fix format strings for err_inject cifs: revalidate mapping when we open files for SMB1 POSIX cifs: Silently ignore unknown oplock break handle bpf, x86: Validate computation of branch displacements for x86-64 bpf, x86: Validate computation of branch displacements for x86-32 init/Kconfig: make COMPILE_TEST depend on !S390 init/Kconfig: make COMPILE_TEST depend on HAS_IOMEM Linux 4.19.186 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ifac76043f9e442570932332337122def0fd8d6eb |
||
|
Masahiro Yamada
|
afee927e82 |
init/Kconfig: make COMPILE_TEST depend on HAS_IOMEM
commit ea29b20a828511de3348334e529a3d046a180416 upstream.
I read the commit log of the following two:
-
|
||
|
Heiko Carstens
|
b97ed64cf8 |
init/Kconfig: make COMPILE_TEST depend on !S390
commit 334ef6ed06fa1a54e35296b77b693bcf6d63ee9e upstream.
While allmodconfig and allyesconfig build for s390 there are also
various bots running compile tests with randconfig, where PCI is
disabled. This reveals that a lot of drivers should actually depend on
HAS_IOMEM.
Adding this to each device driver would be a never ending story,
therefore just disable COMPILE_TEST for s390.
The reasoning is more or less the same as described in
commit
|
||
|
bo.ye
|
47a12e27d4 |
[ALPS05605552] [Do NOT Sync]Merge branch android-4.19-stable into alps-trunk-s0.basic
[Detail]
Target:
|