https://source.android.com/docs/security/bulletin/2024-07-01
CVE-2024-26923
* tag 'ASB-2024-07-05_4.19-stable' of https://android.googlesource.com/kernel/common:
Linux 4.19.317
arm64: dts: rockchip: Add sound-dai-cells for RK3368
tcp: Fix data races around icsk->icsk_af_ops.
ipv6: Fix data races around sk->sk_prot.
ipv6: annotate some data-races around sk->sk_prot
pwm: stm32: Refuse too small period requests
ftruncate: pass a signed offset
ata: libata-core: Fix double free on error
batman-adv: Don't accept TT entries for out-of-spec VIDs
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
hexagon: fix fadvise64_64 calling conventions
tty: mcf: MCF54418 has 10 UARTS
usb: atm: cxacru: fix endpoint checking in cxacru_bind()
usb: musb: da8xx: fix a resource leak in probe()
usb: gadget: printer: SS+ support
net: usb: ax88179_178a: improve link status logs
iio: chemical: bme680: Fix sensor data read operation
iio: chemical: bme680: Fix overflows in compensate() functions
iio: chemical: bme680: Fix calibration data variable
iio: chemical: bme680: Fix pressure value output
iio: adc: ad7266: Fix variable checking bug
mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos
x86: stop playing stack games in profile_pc()
i2c: ocores: set IACK bit after core is enabled
i2c: ocores: stop transfer on timeout
gpio: davinci: Validate the obtained number of IRQs
nvme: fixup comment for nvme RDMA Provider Type
soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message
media: dvbdev: Initialize sbuf
ALSA: emux: improve patch ioctl data validation
net/iucv: Avoid explicit cpumask var allocation on stack
drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
ASoC: fsl-asoc-card: set priv->pdev before using it
netfilter: nf_tables: validate family when identifying table via handle
drm/amdgpu: fix UBSAN warning in kv_dpm.c
pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set
pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins
pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins
pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER
usb: xhci: do not perform Soft Retry for some xHCI hosts
xhci: Set correct transferred length for cancelled bulk transfers
xhci: Use soft retry to recover faster from transaction errors
scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
scsi: mpt3sas: Gracefully handle online firmware update
scsi: mpt3sas: Add ioc_<level> logging macros
iio: dac: ad5592r: fix temperature channel scaling value
iio: dac: ad5592r: un-indent code-block for scale read
iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock
x86/amd_nb: Check for invalid SMN reads
PCI: Add PCI_ERROR_RESPONSE and related definitions
perf/core: Fix missing wakeup when waiting for context reference
tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test
selftests/ftrace: Fix checkbashisms errors
ARM: dts: samsung: smdk4412: fix keypad no-autorepeat
ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat
ARM: dts: samsung: smdkv310: fix keypad no-autorepeat
gcov: add support for GCC 14
drm/radeon: fix UBSAN warning in kv_dpm.c
ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
dmaengine: ioatdma: Fix missing kmem_cache_destroy()
regulator: core: Fix modpost error "regulator_get_regmap" undefined
net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings
virtio_net: checksum offloading handling fix
xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
ipv6: prevent possible NULL dereference in rt6_probe()
netrom: Fix a memory leak in nr_heartbeat_expiry()
cipso: fix total option length computation
MIPS: Routerboard 532: Fix vendor retry check code
MIPS: Octeon: Add PCIe link status check
PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports
udf: udftime: prevent overflow in udf_disk_stamp_to_time()
usb: misc: uss720: check for incompatible versions of the Belkin F5U002
powerpc/io: Avoid clang null pointer arithmetic warnings
powerpc/pseries: Enforce hcall result buffer validity and size
scsi: qedi: Fix crash while reading debugfs attribute
batman-adv: bypass empty buckets in batadv_purge_orig_ref()
rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment
usb-storage: alauda: Check whether the media is initialized
hugetlb_encode.h: fix undefined behaviour (34 << 26)
hv_utils: drain the timesync packets on onchannelcallback
nilfs2: fix potential kernel bug due to lack of writeback flag waiting
intel_th: pci: Add Lunar Lake support
intel_th: pci: Add Meteor Lake-S support
intel_th: pci: Add Sapphire Rapids SOC support
intel_th: pci: Add Granite Rapids SOC support
intel_th: pci: Add Granite Rapids support
dmaengine: axi-dmac: fix possible race in remove()
PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id
ocfs2: fix races between hole punching and AIO+DIO
ocfs2: use coarse time for new created files
fs/proc: fix softlockup in __read_vmcore
vmci: prevent speculation leaks by sanitizing event in event_deliver()
drm/exynos/vidi: fix memory leak in .get_modes()
drivers: core: synchronize really_probe() and dev_uevent()
net/ipv6: Fix the RT cache flush via sysctl using a previous delay
ipv6/route: Add a missing check on proc_dointvec
Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ
tcp: fix race in tcp_v6_syn_recv_sock()
drm/bridge/panel: Fix runtime warning on panel bridge release
liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
iommu/amd: Fix sysfs leak in iommu init
HID: core: remove unnecessary WARN_ON() in implement()
xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
Input: try trimming too long modalias strings
xhci: Apply broken streams quirk to Etron EJ188 xHCI host
xhci: Apply reset resume quirk to Etron EJ188 xHCI host
jfs: xattr: fix buffer overflow for invalid xattr
mei: me: release irq in mei_me_pci_resume error path
USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
nilfs2: return the mapped address from nilfs_get_page()
nilfs2: Remove check for PageError
selftests/mm: compaction_test: fix bogus test success on Aarch64
selftests/mm: conform test to TAP format output
selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages
media: mc: mark the media devnode as registered from the, start
serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler
serial: sc16is7xx: replace hardcoded divisor value with BIT() macro
drm/amd/display: Handle Y carry-over in VCP X.Y calculation
usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill().
af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen().
af_unix: Use unix_recvq_full_lockless() in unix_stream_connect().
af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen.
af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG.
af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg().
af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll().
af_unix: Annotate data-race of sk->sk_state in unix_inq_len().
ptp: Fix error message on failed pin verification
tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB
vxlan: Fix regression when dropping packets due to invalid src addresses
ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
wifi: iwlwifi: mvm: don't read past the mfuart notifcation
wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64
wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()
wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
ANDROID: arm64: Place CFI jump table sections in .text
Linux 4.19.316
nfs: fix undefined behavior in nfs_block_bits()
s390/ap: Fix crash in AP internal function modify_bitmap()
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
sparc: move struct termio to asm/termios.h
net: fix __dst_negative_advice() race
kdb: Use format-specifiers rather than memset() for padding in kdb_read()
kdb: Merge identical case statements in kdb_read()
kdb: Fix console handling when editing and tab-completing commands
kdb: Use format-strings rather than '\0' injection in kdb_read()
kdb: Fix buffer overflow during tab-complete
sparc64: Fix number of online CPUs
intel_th: pci: Add Meteor Lake-S CPU support
net/9p: fix uninit-value in p9_client_rpc()
crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode
netfilter: nf_tables: discard table flag update with pending basechain deletion
netfilter: nf_tables: reject new basechain after table flag update
netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout
netfilter: nf_tables: do not compare internal table flags on updates
netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate()
netfilter: nf_tables: set dormant flag on hook register failure
netfilter: nft_set_rbtree: skip end interval element from gc
netfilter: nf_tables: validate NFPROTO_* family
netfilter: nf_tables: skip dead set elements in netlink dump
netfilter: nf_tables: mark newset as dead on transaction abort
netfilter: nft_dynset: relax superfluous check on set updates
netfilter: nft_dynset: report EOPNOTSUPP on missing set feature
netfilter: nftables: exthdr: fix 4-byte stack OOB write
netfilter: nft_dynset: fix timeouts later than 23 days
netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush (for 4.19)
netfilter: nf_tables: disable toggling dormant table state more than once
netfilter: nf_tables: fix table flag updates
netfilter: nftables: update table flags from the commit phase
netfilter: nf_tables: double hook unregistration in netns path
netfilter: nf_tables: unregister flowtable hooks on netns exit
netfilter: nf_tables: fix memleak when more than 255 elements expired
netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration
netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
netfilter: nf_tables: defer gc run if previous batch is still pending
netfilter: nf_tables: GC transaction race with abort path
netfilter: nf_tables: GC transaction race with netns dismantle
netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
netfilter: nf_tables: remove busy mark and gc batch API
netfilter: nf_tables: adapt set backend to use GC transaction API
netfilter: nf_tables: GC transaction API to avoid race with control plane
netfilter: nf_tables: don't skip expired elements during walk
netfilter: nft_set_rbtree: fix overlap expiration walk
netfilter: nft_set_rbtree: fix null deref on element insertion
netfilter: nft_set_rbtree: Switch to node list walk for overlap detection
netfilter: nft_set_rbtree: Add missing expired checks
netfilter: nft_set_rbtree: allow loose matching of closing element in interval
netfilter: nf_tables: drop map element references from preparation phase
netfilter: nftables: rename set element data activation/deactivation functions
netfilter: nf_tables: pass context to nft_set_destroy()
fbdev: savage: Handle err return when savagefb_check_var failed
media: v4l2-core: hold videodev_lock until dev reg, finishes
media: mxl5xx: Move xpt structures off stack
arm64: dts: hi3798cv200: fix the size of GICR
wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
arm64: tegra: Correct Tegra132 I2C alias
ata: pata_legacy: make legacy_exit() work again
neighbour: fix unaligned access to pneigh_entry
vxlan: Fix regression when dropping packets due to invalid src addresses
nilfs2: fix use-after-free of timer for log writer thread
mmc: core: Do not force a retune before RPMB switch
binder: fix max_thread type inconsistency
SUNRPC: Fix loop termination condition in gss_free_in_token_pages()
genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
ALSA: timer: Set lower bound of start tick time
ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
kconfig: fix comparison to constant symbols, 'm', 'n'
net:fec: Add fec_enet_deinit()
net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM
smsc95xx: use usbnet->driver_priv
smsc95xx: remove redundant function arguments
enic: Validate length of nl attributes in enic_set_vf_port
dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion
nvmet: fix ns enable/disable possible hang
spi: Don't mark message DMA mapped when no transfer in it is
netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()
nfc: nci: Fix handling of zero-length payload packets in nci_rx_work()
nfc: nci: Fix kcov check in nci_rx_work()
net: fec: avoid lock evasion when reading pps_enable
virtio: delete vq in vp_find_vqs_msix() when request_irq() fails
arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
openvswitch: Set the skbuff pkt_type for proper pmtud support.
tcp: Fix shift-out-of-bounds in dctcp_update_alpha().
params: lift param_set_uint_minmax to common code
ipv6: sr: fix memleak in seg6_hmac_init_algo
nfc: nci: Fix uninit-value in nci_rx_work
x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y
null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION()
media: cec: cec-api: add locking in cec_release()
media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
um: Fix the -Wmissing-prototypes warning for __switch_mm
powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp
media: stk1160: fix bounds checking in stk1160_copy_video()
um: Add winch to winch_handlers before registering winch IRQ
um: Fix return value in ubd_init()
drm/msm/dpu: use kms stored hw mdp block
Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation
Input: ims-pcu - fix printf string overflow
libsubcmd: Fix parse-options memory leak
serial: sh-sci: protect invalidating RXDMA on shutdown
serial: sh-sci: Extract sci_dma_rx_chan_invalidate()
f2fs: fix to release node block count in error path of f2fs_new_node_page()
f2fs: add error prints for debugging mount failure
extcon: max8997: select IRQ_DOMAIN instead of depending on it
ppdev: Add an error check in register_device
ppdev: Remove usage of the deprecated ida_simple_xx() API
stm class: Fix a double free in stm_register_device()
usb: gadget: u_audio: Clear uac pointer when freed.
microblaze: Remove early printk call from cpuinfo-static.c
microblaze: Remove gcc flag for non existing early_printk.c file
greybus: arche-ctrl: move device table to its right location
serial: max3100: Fix bitwise types
serial: max3100: Update uart_driver_registered on driver removal
serial: max3100: Lock port->lock when calling uart_handle_cts_change()
firmware: dmi-id: add a release callback function
dmaengine: idma64: Add check for dma_set_max_seg_size
greybus: lights: check return of get_channel_from_mode
sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level
sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax
af_packet: do not call packet_read_pending() from tpacket_destruct_skb()
netrom: fix possible dead-lock in nr_rt_ioctl()
RDMA/IPoIB: Fix format truncation compilation errors
selftests/kcmp: remove unused open mode
selftests/kcmp: Make the test output consistent and clear
SUNRPC: Fix gss_free_in_token_pages()
ext4: avoid excessive credit estimate in ext4_tmpfile()
x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map
RDMA/hns: Use complete parentheses in macros
ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value
drm/arm/malidp: fix a possible null pointer dereference
fbdev: sh7760fb: allow modular build
media: radio-shark2: Avoid led_names truncations
media: ngene: Add dvb_ca_en50221_init return value check
fbdev: sisfb: hide unused variables
powerpc/fsl-soc: hide unused const variable
drm/mediatek: Add 0 size check to mtk_drm_gem_obj
fbdev: shmobile: fix snprintf truncation
mtd: rawnand: hynix: fixed typo
drm/amd/display: Fix potential index out of bounds in color transformation function
ipv6: sr: fix invalid unregister error path
ipv6: sr: fix incorrect unregister order
ipv6: sr: add missing seg6_local_exit
net: openvswitch: fix overwriting ct original tuple for ICMPv6
net: usb: smsc95xx: stop lying about skb->truesize
af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
net: ethernet: cortina: Locking fixes
m68k: mac: Fix reboot hang on Mac IIci
m68k/mac: Use '030 reset method on SE/30
m68k: Fix spinlock race in kernel thread creation
net: usb: sr9700: stop lying about skb->truesize
wifi: mwl8k: initialize cmd->addr[] properly
scsi: qedf: Ensure the copied buf is NUL terminated
scsi: bfa: Ensure the copied buf is NUL terminated
Revert "sh: Handle calling csum_partial with misaligned data"
sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe()
wifi: ar5523: enable proper endpoint verification
wifi: carl9170: add a proper sanity check for endpoints
macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
macintosh/via-macii, macintosh/adb-iop: Clean up whitespace
macintosh/via-macii: Remove BUG_ON assertions
wifi: ath10k: populate board data for WCN3990
wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger()
x86/purgatory: Switch to the position-independent small code model
scsi: hpsa: Fix allocation size for Scsi_Host private data
scsi: libsas: Fix the failure of adding phy with zero-address to port
ACPI: disable -Wstringop-truncation
irqchip/alpine-msi: Fix off-by-one in allocation error path
scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL
scsi: ufs: core: Perform read back after disabling interrupts
scsi: ufs: add a low-level __ufshcd_issue_tm_cmd helper
scsi: ufs: cleanup struct utp_task_req_desc
scsi: ufs: qcom: Perform read back after writing reset bit
qed: avoid truncating work queue length
x86/boot: Ignore relocations in .notes sections in walk_relocs() too
wifi: ath10k: poll service ready message before failing
nfsd: drop st_mutex before calling move_to_close_lru()
power: supply: cros_usbpd: provide ID table for avoiding fallback match
md: fix resync softlockup when bitmap size is less than array size
null_blk: Fix missing mutex_destroy() at module removal
jffs2: prevent xattr node from overflowing the eraseblock
s390/cio: fix tracepoint subchannel type field
crypto: ccp - drop platform ifdef checks
crypto: ccp - Remove forward declaration
parisc: add missing export of __cmpxchg_u8()
nilfs2: fix out-of-range warning
ecryptfs: Fix buffer size for tag 66 packet
firmware: raspberrypi: Use correct device for DMA mappings
crypto: bcm - Fix pointer arithmetic
ASoC: da7219-aad: fix usage of device_get_named_child_node()
ASoC: dt-bindings: rt5645: add cbj sleeve gpio property
ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating
drm/amd/display: Set color_mgmt_changed to true on unsuspend
net: usb: qmi_wwan: add Telit FN920C04 compositions
wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
nilfs2: fix potential hang in nilfs_detach_log_writer()
nilfs2: fix unexpected freezing of nilfs_segctor_sync()
net: smc91x: Fix m68k kernel compilation for ColdFire CPU
ring-buffer: Fix a race between readers and resize checks
speakup: Fix sizeof() vs ARRAY_SIZE() bug
x86/tsc: Trust initial offset in architectural TSC-adjust MSRs
Change-Id: Ia8a0522057b7e917a9c165a869bec3a24bb9eb58
Signed-off-by: bengris32 <bengris32@protonmail.ch>
425dddb2d1