fde41616bce465b52bb01b0c42815be03daabc99
3541 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
171fc237b3 |
Merge 4.14.111 into android-4.14
Changes in 4.14.111 arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals ext4: cleanup bh release code in ext4_ind_remove_space() lib/int_sqrt: optimize initial value compute tty/serial: atmel: Add is_half_duplex helper tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified CIFS: fix POSIX lock leak and invalid ptr deref h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- f2fs: fix to avoid deadlock in f2fs_read_inline_dir() tracing: kdb: Fix ftdump to not sleep net/mlx5: Avoid panic when setting vport rate net/mlx5: Avoid panic when setting vport mac, getting vport config gpio: gpio-omap: fix level interrupt idling include/linux/relay.h: fix percpu annotation in struct rchan sysctl: handle overflow for file-max enic: fix build warning without CONFIG_CPUMASK_OFFSTACK scsi: hisi_sas: Set PHY linkrate when disconnected iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver perf c2c: Fix c2c report for empty numa node mm/cma.c: cma_declare_contiguous: correct err handling mm/page_ext.c: fix an imbalance with kmemleak mm, mempolicy: fix uninit memory access mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! mm/slab.c: kmemleak no scan alien caches ocfs2: fix a panic problem caused by o2cb_ctl f2fs: do not use mutex lock in atomic context fs/file.c: initialize init_files.resize_wait page_poison: play nicely with KASAN cifs: use correct format characters dm thin: add sanity checks to thin-pool and external snapshot creation cifs: Fix NULL pointer dereference of devname jbd2: fix invalid descriptor block checksum fs: fix guard_bio_eod to check for real EOD errors tools lib traceevent: Fix buffer overflow in arg_eval PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() wil6210: check null pointer in _wil_cfg80211_merge_extra_ies crypto: crypto4xx - add missing of_node_put after of_device_is_available crypto: cavium/zip - fix collision with generic cra_driver_name usb: chipidea: Grab the (legacy) USB PHY by phandle first scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc coresight: etm4x: Add support to enable ETMv4.2 serial: 8250_pxa: honor the port number from devicetree ARM: 8840/1: use a raw_spinlock_t in unwind iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback mmc: omap: fix the maximum timeout setting e1000e: Fix -Wformat-truncation warnings mlxsw: spectrum: Avoid -Wformat-truncation warnings IB/mlx4: Increase the timeout for CM cache clk: fractional-divider: check parent rate only if flag is set cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies efi: cper: Fix possible out-of-bounds access scsi: megaraid_sas: return error when create DMA pool failed scsi: fcoe: make use of fip_mode enum complete perf test: Fix failure of 'evsel-tp-sched' test on s390 SoC: imx-sgtl5000: add missing put_device() media: sh_veu: Correct return type for mem2mem buffer helpers media: s5p-jpeg: Correct return type for mem2mem buffer helpers media: s5p-g2d: Correct return type for mem2mem buffer helpers media: mx2_emmaprp: Correct return type for mem2mem buffer helpers media: mtk-jpeg: Correct return type for mem2mem buffer helpers vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 HID: intel-ish-hid: avoid binding wrong ishtp_cl_device jbd2: fix race when writing superblock leds: lp55xx: fix null deref on firmware load failure iwlwifi: pcie: fix emergency path ACPI / video: Refactor and fix dmi_is_desktop() kprobes: Prohibit probing on bsearch() netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm ARM: 8833/1: Ensure that NEON code always compiles with Clang ALSA: PCM: check if ops are defined before suspending PCM usb: f_fs: Avoid crash due to out-of-scope stack ptr access sched/topology: Fix percpu data types in struct sd_data & struct s_data bcache: fix input overflow to cache set sysfs file io_error_halflife bcache: fix input overflow to sequential_cutoff bcache: improve sysfs_strtoul_clamp() genirq: Avoid summation loops for /proc/stat iw_cxgb4: fix srqidx leak during connection abort fbdev: fbmem: fix memory access if logo is bigger than the screen cdrom: Fix race condition in cdrom_sysctl_register e1000e: fix cyclic resets at link up with active tx platform/x86: intel_pmc_core: Fix PCH IP sts reading ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe sched/debug: Initialize sd_sysctl_cpus if !CONFIG_CPUMASK_OFFSTACK efi/memattr: Don't bail on zero VA if it equals the region's PA ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted soc: qcom: gsbi: Fix error handling in gsbi_probe() mt7601u: bump supported EEPROM version ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are really care of ARM: avoid Cortex-A9 livelock on tight dmb loops bpf: fix missing prototype warnings cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix the accounting backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state tty: increase the default flip buffer limit to 2*640K powerpc/pseries: Perform full re-add of CPU for topology update post-migration usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded media: mt9m111: set initial frame size other than 0x0 hwrng: virtio - Avoid repeated init of completion soc/tegra: fuse: Fix illegal free of IO base address HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable cpu/hotplug: Mute hotplug lockdep during init dmaengine: imx-dma: fix warning comparison of distinct pointer types dmaengine: qcom_hidma: assign channel cookie correctly dmaengine: qcom_hidma: initialize tx flags in hidma_prep_dma_* netfilter: physdev: relax br_netfilter dependency media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting drm: Auto-set allow_fb_modifiers when given modifiers at plane init drm/nouveau: Stop using drm_crtc_force_disable x86/build: Specify elf_i386 linker emulation explicitly for i386 objects selinux: do not override context on context mounts wlcore: Fix memory leak in case wl12xx_fetch_firmware failure x86/build: Mark per-CPU symbols as absolute explicitly for LLD clk: rockchip: fix frac settings of GPLL clock for rk3328 dmaengine: tegra: avoid overflow of byte tracking drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers ACPI / video: Extend chassis-type detection with a "Lunch Box" check Linux 4.14.111 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Ondrej Mosnacek
|
0ce68e869a |
selinux: do not override context on context mounts
[ Upstream commit 53e0c2aa9a59a48e3798ef193d573ade85aa80f5 ]
Ignore all selinux_inode_notifysecctx() calls on mounts with SBLABEL_MNT
flag unset. This is achived by returning -EOPNOTSUPP for this case in
selinux_inode_setsecurtity() (because that function should not be called
in such case anyway) and translating this error to 0 in
selinux_inode_notifysecctx().
This fixes behavior of kernfs-based filesystems when mounted with the
'context=' option. Before this patch, if a node's context had been
explicitly set to a non-default value and later the filesystem has been
remounted with the 'context=' option, then this node would show up as
having the manually-set context and not the mount-specified one.
Steps to reproduce:
# mount -t cgroup2 cgroup2 /sys/fs/cgroup/unified
# chcon unconfined_u:object_r:user_home_t:s0 /sys/fs/cgroup/unified/cgroup.stat
# ls -lZ /sys/fs/cgroup/unified
total 0
-r--r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.controllers
-rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.max.depth
-rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.max.descendants
-rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.procs
-r--r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 0 Dec 13 10:41 cgroup.stat
-rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.subtree_control
-rw-r--r--. 1 root root system_u:object_r:cgroup_t:s0 0 Dec 13 10:41 cgroup.threads
# umount /sys/fs/cgroup/unified
# mount -o context=system_u:object_r:tmpfs_t:s0 -t cgroup2 cgroup2 /sys/fs/cgroup/unified
Result before:
# ls -lZ /sys/fs/cgroup/unified
total 0
-r--r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.controllers
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.max.depth
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.max.descendants
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.procs
-r--r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 0 Dec 13 10:41 cgroup.stat
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.subtree_control
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.threads
Result after:
# ls -lZ /sys/fs/cgroup/unified
total 0
-r--r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.controllers
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.max.depth
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.max.descendants
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.procs
-r--r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.stat
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.subtree_control
-rw-r--r--. 1 root root system_u:object_r:tmpfs_t:s0 0 Dec 13 10:41 cgroup.threads
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Maciej Żenczykowski
|
140cda105b |
ANDROID: revert the rest of ANDROID_PARANOID_NETWORK
Primarily based on comments on: https://android-review.googlesource.com/c/kernel/common/+/808133 and the lack of ANDROID_PARANOID_NETWORK in android common kernel based on upstream Linux v4.19. Bug: 128944261 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I3cb269ed5ab963972f95c7acb92b1480d5d18244 |
||
|
Greg Kroah-Hartman
|
4344de2f79 |
Merge 4.14.108 into android-4.14
Changes in 4.14.108 9p: use inode->i_lock to protect i_size_write() under 32-bit 9p/net: fix memory leak in p9_client_create ASoC: fsl_esai: fix register setting issue in RIGHT_J mode iio: adc: exynos-adc: Fix NULL pointer exception on unbind stm class: Fix an endless loop in channel allocation crypto: caam - fixed handling of sg list crypto: ahash - fix another early termination in hash walk crypto: rockchip - fix scatterlist nents error crypto: rockchip - update new iv to device in multiple operations drm/imx: ignore plane updates on disabled crtcs gpu: ipu-v3: Fix i.MX51 CSI control registers offset drm/imx: imx-ldb: add missing of_node_puts gpu: ipu-v3: Fix CSI offsets for imx53 s390/dasd: fix using offset into zero size array error Input: pwm-vibra - prevent unbalanced regulator Input: pwm-vibra - stop regulator after disabling pwm, not before ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug Input: cap11xx - switch to using set_brightness_blocking() Input: ps2-gpio - flush TX work when closing port Input: matrix_keypad - use flush_delayed_work() mac80211: Fix Tx aggregation session tear down with ITXQs ipvs: fix dependency on nf_defrag_ipv6 floppy: check_events callback should not return a negative number NFS: Don't use page_file_mapping after removing the page mm/gup: fix gup_pmd_range() for dax Revert "mm: use early_pfn_to_nid in page_ext_init" mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs net: hns: Fix object reference leaks in hns_dsaf_roce_reset() i2c: cadence: Fix the hold bit setting i2c: bcm2835: Clear current buffer pointers and counts after a transfer auxdisplay: ht16k33: fix potential user-after-free on module unload Input: st-keyscan - fix potential zalloc NULL dereference clk: sunxi-ng: v3s: Fix TCON reset de-assert bit clk: sunxi: A31: Fix wrong AHB gate number esp: Skip TX bytes accounting when sending from a request socket ARM: 8824/1: fix a migrating irq bug when hotplug cpu af_key: unconditionally clone on broadcast assoc_array: Fix shortcut creation keys: Fix dependency loop between construction record and auth key scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task net: systemport: Fix reception of BPDUs pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins qmi_wwan: apply SET_DTR quirk to Sierra WP7607 net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue ASoC: topology: free created components in tplg load error qed: Fix iWARP syn packet mac address validation. arm64: Relax GIC version check during early boot net: marvell: mvneta: fix DMA debug warning tmpfs: fix link accounting when a tmpfile is linked in ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN ARCv2: lib: memcpy: fix doing prefetchw outside of buffer ARC: uacces: remove lp_start, lp_end from clobber list ARCv2: support manual regfile save on interrupts phonet: fix building with clang mac80211_hwsim: propagate genlmsg_reply return code net: thunderx: make CFG_DONE message to run through generic send-ack sequence nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K nfp: bpf: fix ALU32 high bits clearance bug net: set static variable an initial value in atl2_probe() tmpfs: fix uninitialized return value in shmem_link media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() stm class: Prevent division by zero libnvdimm/label: Clear 'updating' flag after label-set update libnvdimm, pfn: Fix over-trim in trim_pfn_device() libnvdimm/pmem: Honor force_raw for legacy pmem regions libnvdimm: Fix altmap reservation size calculation fix cgroup_do_mount() handling of failure exits crypto: arm/crct10dif - revert to C code for short inputs crypto: arm64/crct10dif - revert to C code for short inputs crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails crypto: testmgr - skip crc32c context test for ahash algorithms crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine CIFS: Do not reset lease state to NONE on lease break CIFS: Fix read after write for files with read caching tracing: Use strncpy instead of memcpy for string keys in hist triggers tracing: Do not free iter->trace in fail path of tracing_open_pipe() xen: fix dom0 boot on huge systems ACPI / device_sysfs: Avoid OF modalias creation for removed device mmc: sdhci-esdhc-imx: fix HS400 timing issue spi: ti-qspi: Fix mmap read when more than one CS in use spi: pxa2xx: Setup maximum supported DMA transfer length regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 regulator: max77620: Initialize values for DT properties regulator: s2mpa01: Fix step values for some LDOs clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown s390/setup: fix early warning messages s390/virtio: handle find on invalid queue gracefully scsi: virtio_scsi: don't send sc payload with tmfs scsi: aacraid: Fix performance issue on logical drives scsi: sd: Optimal I/O size should be a multiple of physical block size scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock fs/devpts: always delete dcache dentry-s in dput() splice: don't merge into linked buffers m68k: Add -ffreestanding to CFLAGS Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl btrfs: ensure that a DUP or RAID1 block group has exactly two stripes Btrfs: fix corruption reading shared and compressed extents after hole punching crypto: pcbc - remove bogus memcpy()s with src == dest libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table x86/kprobes: Prohibit probing on optprobe template code cpufreq: tegra124: add missing of_node_put() cpufreq: pxa2xx: remove incorrect __init annotation ext4: add mask of ext4 flags to swap ext4: fix crash during online resizing IB/hfi1: Close race condition on user context disable and close cxl: Wrap iterations over afu slices inside 'afu_list_lock' ext2: Fix underflow in ext2_max_size() clk: uniphier: Fix update register for CPU-gear clk: clk-twl6040: Fix imprecise external abort for pdmclk clk: ingenic: Fix round_rate misbehaving with non-integer dividers clk: ingenic: Fix doc of ingenic_cgu_div_info usb: chipidea: tegra: Fix missed ci_hdrc_remove_device() nfit: acpi_nfit_ctl(): Check out_obj->type in the right place mm: hwpoison: fix thp split handing in soft_offline_in_use_page() mm/vmalloc: fix size check for remap_vmalloc_range_partial() kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv device property: Fix the length used in PROPERTY_ENTRY_STRING() intel_th: Don't reference unassigned outputs parport_pc: fix find_superio io compare code, should use equal test. i2c: tegra: fix maximum transfer size crypto: arm64/aes-neonbs - fix returning final keystream block drm/i915: Relax mmap VMA check serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart serial: 8250_pci: Fix number of ports for ACCES serial cards serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() jbd2: clear dirty flag when revoking a buffer from an older transaction jbd2: fix compile warning when using JBUFFER_TRACE security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock powerpc/32: Clear on-stack exception marker upon exception return powerpc/wii: properly disable use of BATs when requested. powerpc/powernv: Make opal log only readable by root powerpc/83xx: Also save/restore SPRG4-7 during suspend powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration powerpc/traps: fix recoverability of machine check handling on book3s/32 powerpc/traps: Fix the message printed when stack overflows ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify arm64: Fix HCR.TGE status for NMI contexts arm64: debug: Ensure debug handlers check triggering exception level arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 dm: fix to_sector() for 32bit dm integrity: limit the rate of error messages cpcap-charger: generate events for userspace NFS: Fix I/O request leakages NFS: Fix an I/O request leakage in nfs_do_recoalesce NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() nfsd: fix memory corruption caused by readdir nfsd: fix wrong check in write_v4_end_grace() NFSv4.1: Reinitialise sequence results before retransmitting a request PM / wakeup: Rework wakeup source timer cancellation bcache: never writeback a discard operation x86/unwind/orc: Fix ORC unwind table alignment perf intel-pt: Fix CYC timestamp calculation after OVF perf auxtrace: Define auxtrace record alignment perf intel-pt: Fix overlap calculation for padding perf intel-pt: Fix divide by zero when TSC is not available md: Fix failed allocation of md_register_thread tpm/tpm_crb: Avoid unaligned reads in crb_recv() tpm: Unify the send callback behaviour rcu: Do RCU GP kthread self-wakeup from softirq and interrupt media: imx: prpencvf: Stop upstream before disabling IDMA channel media: uvcvideo: Avoid NULL pointer dereference at the end of streaming media: vimc: Add vimc-streamer for stream control media: imx: csi: Disable CSI immediately after last EOF media: imx: csi: Stop upstream before disabling IDMA channel drm/radeon/evergreen_cs: fix missing break in switch statement KVM: Call kvm_arch_memslots_updated() before updating memslots KVM: x86/mmu: Detect MMIO generation wrap in any address space KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux KVM: nVMX: Sign extend displacements of VMX instr's mem operands KVM: nVMX: Apply addr size mask to effective address for VMX instructions KVM: nVMX: Ignore limit checks on VMX instructions using flat segments s390/setup: fix boot crash for machine without EDAT-1 Linux 4.14.108 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
J. Bruce Fields
|
af9e57baf5 |
security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
commit 3815a245b50124f0865415dcb606a034e97494d4 upstream.
In the case when we're reusing a superblock, selinux_sb_clone_mnt_opts()
fails to set set_kern_flags, with the result that
nfs_clone_sb_security() incorrectly clears NFS_CAP_SECURITY_LABEL.
The result is that if you mount the same NFS filesystem twice, NFS
security labels are turned off, even if they would work fine if you
mounted the filesystem only once.
("fixes" may be not exactly the right tag, it may be more like
"fixed-other-cases-but-missed-this-one".)
Cc: Scott Mayhew <smayhew@redhat.com>
Cc: stable@vger.kernel.org
Fixes:
|
||
|
David Howells
|
7b1386a3eb |
keys: Fix dependency loop between construction record and auth key
[ Upstream commit 822ad64d7e46a8e2c8b8a796738d7b657cbb146d ]
In the request_key() upcall mechanism there's a dependency loop by which if
a key type driver overrides the ->request_key hook and the userspace side
manages to lose the authorisation key, the auth key and the internal
construction record (struct key_construction) can keep each other pinned.
Fix this by the following changes:
(1) Killing off the construction record and using the auth key instead.
(2) Including the operation name in the auth key payload and making the
payload available outside of security/keys/.
(3) The ->request_key hook is given the authkey instead of the cons
record and operation name.
Changes (2) and (3) allow the auth key to naturally be cleaned up if the
keyring it is in is destroyed or cleared or the auth key is unlinked.
Fixes: 7ee02a316600 ("keys: Fix dependency loop between construction record and auth key")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
0892a3e235 |
Merge 4.14.107 into android-4.14
Changes in 4.14.107 ACPICA: Reference Counts: increase max to 0x4000 for large servers perf tools: Fix compile error with libunwind x86 gro_cells: make sure device is up in gro_cells_receive() ipv4/route: fail early when inet dev is missing l2tp: fix infoleak in l2tp_ip6_recvmsg() net: hsr: fix memory leak in hsr_dev_finalize() net/hsr: fix possible crash in add_timer() net: sit: fix UBSAN Undefined behaviour in check_6rd net/x25: fix use-after-free in x25_device_event() net/x25: reset state in x25_connect() pptp: dst_release sk_dst_cache in pptp_sock_destruct ravb: Decrease TxFIFO depth of Q3 and Q2 to one route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race rxrpc: Fix client call queueing, waiting for channel tcp: Don't access TCP_SKB_CB before initializing it tcp: handle inet_csk_reqsk_queue_add() failures vxlan: Fix GRO cells race condition between receive and link delete vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() net/mlx4_core: Fix reset flow when in command polling mode net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling net/mlx4_core: Fix qp mtt size calculation net/x25: fix a race in x25_bind() mdio_bus: Fix use-after-free on device_register fails net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 bonding: fix PACKET_ORIGDEV regression missing barriers in some of unix_sock ->addr and ->path accesses ipvlan: disallow userns cap_net_admin to change global mode/flags perf/x86: Fixup typo in stub functions ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 ALSA: firewire-motu: fix construction of PCM frame for capture direction perf/x86/intel: Fix memory corruption perf/x86/intel: Make dev_attr_allow_tsx_force_abort static It's wrong to add len to sector_nr in raid10 reshape twice vhost/vsock: fix vhost vsock cid hashing inconsistent Linux 4.14.107 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Al Viro
|
727a261969 |
missing barriers in some of unix_sock ->addr and ->path accesses
[ Upstream commit ae3b564179bfd06f32d051b9e5d72ce4b2a07c37 ]
Several u->addr and u->path users are not holding any locks in
common with unix_bind(). unix_state_lock() is useless for those
purposes.
u->addr is assign-once and *(u->addr) is fully set up by the time
we set u->addr (all under unix_table_lock). u->path is also
set in the same critical area, also before setting u->addr, and
any unix_sock with ->path filled will have non-NULL ->addr.
So setting ->addr with smp_store_release() is all we need for those
"lockless" users - just have them fetch ->addr with smp_load_acquire()
and don't even bother looking at ->path if they see NULL ->addr.
Users of ->addr and ->path fall into several classes now:
1) ones that do smp_load_acquire(u->addr) and access *(u->addr)
and u->path only if smp_load_acquire() has returned non-NULL.
2) places holding unix_table_lock. These are guaranteed that
*(u->addr) is seen fully initialized. If unix_sock is in one of the
"bound" chains, so's ->path.
3) unix_sock_destructor() using ->addr is safe. All places
that set u->addr are guaranteed to have seen all stores *(u->addr)
while holding a reference to u and unix_sock_destructor() is called
when (atomic) refcount hits zero.
4) unix_release_sock() using ->path is safe. unix_bind()
is serialized wrt unix_release() (normally - by struct file
refcount), and for the instances that had ->path set by unix_bind()
unix_release_sock() comes from unix_release(), so they are fine.
Instances that had it set in unix_stream_connect() either end up
attached to a socket (in unix_accept()), in which case the call
chain to unix_release_sock() and serialization are the same as in
the previous case, or they never get accept'ed and unix_release_sock()
is called when the listener is shut down and its queue gets purged.
In that case the listener's queue lock provides the barriers needed -
unix_stream_connect() shoves our unix_sock into listener's queue
under that lock right after having set ->path and eventual
unix_release_sock() caller picks them from that queue under the
same lock right before calling unix_release_sock().
5) unix_find_other() use of ->path is pointless, but safe -
it happens with successful lookup by (abstract) name, so ->path.dentry
is guaranteed to be NULL there.
earlier-variant-reviewed-by: "Paul E. McKenney" <paulmck@linux.ibm.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
8ed9bc6e64 |
Merge 4.14.106 into android-4.14
Changes in 4.14.106
cpufreq: Use struct kobj_attribute instead of struct global_attr
USB: serial: option: add Telit ME910 ECM composition
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
staging: comedi: ni_660x: fix missing break in switch statement
staging: wilc1000: fix to set correct value for 'vif_num'
staging: android: ion: fix sys heap pool's gfp_flags
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex
net-sysfs: Fix mem leak in netdev_register_kobject
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
team: Free BPF filter when unregistering netdev
tipc: fix RDM/DGRAM connect() regression
bnxt_en: Drop oversize TX packets to prevent errors.
geneve: correctly handle ipv6.disable module parameter
hv_netvsc: Fix IP header checksum for coalesced packets
net: dsa: mv88e6xxx: Fix u64 statistics
netlabel: fix out-of-bounds memory accesses
net: netem: fix skb length BUG_ON in __skb_to_sgvec
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
net: sit: fix memory leak in sit_init_net()
net: socket: set sock->sk to NULL after calling proto_ops::release()
xen-netback: don't populate the hash cache on XenBus disconnect
xen-netback: fix occasional leak of grant ref mappings under memory pressure
net: Add __icmp_send helper.
net: avoid use IPCB in cipso_v4_error
ipv4: Return error for RTA_VIA attribute
ipv6: Return error for RTA_VIA attribute
mpls: Return error for RTA_GATEWAY attribute
tun: fix blocking read
tun: remove unnecessary memory barrier
net: phy: Micrel KSZ8061: link failure after cable connect
net: dsa: mv88e6xxx: Fix statistics on mv88e6161
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
applicom: Fix potential Spectre v1 vulnerabilities
MIPS: irq: Allocate accurate order pages for irq stack
hugetlbfs: fix races and page leaks during migration
xtensa: fix get_wchan
Bluetooth: Fix locking in bt_accept_enqueue() for BH context
exec: Fix mem leak in kernel_read_file
scsi: core: reset host byte in DID_NEXUS_FAILURE case
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf core: Fix perf_proc_update_handler() bug
perf tools: Handle TOPOLOGY headers with no CPU
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
iommu/amd: Call free_iova_fast with pfn in map_sg
iommu/amd: Unmap all mapped pages in error path of map_sg
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
xtensa: SMP: fix ccount_timer_shutdown
selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix for missing of_node_put() after of_parse_phandle()
net: hns: Restart autoneg need return failed when autoneg off
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
gpio: vf610: Mask all GPIO interrupts
selftests: timers: use LDLIBS instead of LDFLAGS
nfs: Fix NULL pointer dereference of dev_name
qed: Fix bug in tx promiscuous mode settings
qed: Fix LACP pdu drops for VFs
qed: Fix VF probe failure while FLR
qed: Fix system crash in ll2 xmit
qed: Fix stack out of bounds bug
scsi: libfc: free skb when receiving invalid flogi resp
scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
cifs: fix computation for MAX_SMB2_HDR_SIZE
x86/microcode/amd: Don't falsely trick the late loading mechanism
arm64: kprobe: Always blacklist the KVM world-switch code
apparmor: Fix aa_label_build() error handling for failed merges
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
lib/test_kmod.c: potential double free in error handling
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags
arm64: dts: renesas: r8a7796: Enable DMA for SCIF2
soc: fsl: qbman: avoid race in clearing QMan interrupt
bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt()
ARM: pxa: ssp: unneeded to free devm_ allocated data
arm64: dts: add msm8996 compatible to gicv3
DTS: CI20: Fix bugs in ci20's device tree.
usb: phy: fix link errors
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
net: stmmac: Fallback to Platform Data clock in Watchdog conversion
net: stmmac: Send TSO packets always from Queue 0
net: stmmac: Disable EEE mode earlier in XMIT callback
irqchip/gic-v3-its: Fix ITT_entry_size accessor
relay: check return of create_buf_file() properly
bpf, selftests: fix handling of sparse CPU allocations
bpf: fix lockdep false positive in percpu_freelist
drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
vsock/virtio: fix kernel panic after device hot-unplug
vsock/virtio: reset connected sockets on device removal
dmaengine: dmatest: Abort test in case of mapping error
selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
selftests: netfilter: add simple masq/redirect test cases
netfilter: nf_nat: skip nat clash resolution for same-origin entries
s390/qeth: fix use-after-free in error path
perf symbols: Filter out hidden symbols from labels
perf trace: Support multiple "vfs_getname" probes
MIPS: Remove function size check in get_frame_info()
i2c: omap: Use noirq system sleep pm ops to idle device for suspend
fs: ratelimit __find_get_block_slow() failure message.
qed: Fix EQ full firmware assert.
qed: Consider TX tcs while deriving the max num_queues for PF.
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
scsi: aacraid: Fix missing break in switch statement
arm64: dts: hikey: Give wifi some time after power-on
ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
drm: disable uncached DMA optimization for ARM and arm64
ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
gfs2: Fix missed wakeups in find_insert_glock
ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
driver core: Postpone DMA tear-down until after devres release
perf/x86/intel: Make cpuc allocations consistent
perf/x86/intel: Generalize dynamic constraint creation
x86: Add TSX Force Abort CPUID/MSR
perf/x86/intel: Implement support for TSX Force Abort
Linux 4.14.106
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
John Johansen
|
865c798a37 |
apparmor: Fix aa_label_build() error handling for failed merges
[ Upstream commit d6d478aee003e19ef90321176552a8ad2929a47f ] aa_label_merge() can return NULL for memory allocations failures make sure to handle and set the correct error in this case. Reported-by: Peng Hao <peng.hao2@zte.com.cn> Signed-off-by: John Johansen <john.johansen@canonical.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
0cc8f104f4 |
Merge 4.14.104 into android-4.14
Changes in 4.14.104
ARM: 8834/1: Fix: kprobes: optimized kprobes illegal instruction
tracing: Fix number of entries in trace header
MIPS: eBPF: Always return sign extended 32b values
mac80211: Restore vif beacon interval if start ap fails
mac80211: Free mpath object when rhashtable insertion fails
libceph: handle an empty authorize reply
ceph: avoid repeatedly adding inode to mdsc->snap_flush_list
numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES
proc, oom: do not report alien mms when setting oom_score_adj
KEYS: allow reaching the keys quotas exactly
mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells
pvcalls-back: set -ENOTCONN in pvcalls_conn_back_read
mfd: twl-core: Fix section annotations on {,un}protect_pm_master
mfd: db8500-prcmu: Fix some section annotations
mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported
mfd: ab8500-core: Return zero in get_register_interruptible()
mfd: bd9571mwv: Add volatile register to make DVFS work
mfd: qcom_rpm: write fw_version to CTRL_REG
mfd: wm5110: Add missing ASRC rate register
mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe()
mfd: mc13xxx: Fix a missing check of a register-read failure
xen/pvcalls: remove set but not used variable 'intf'
qed: Fix qed_chain_set_prod() for PBL chains with non power of 2 page count
qed: Fix qed_ll2_post_rx_buffer_notify_fw() by adding a write memory barrier
net: hns: Fix use after free identified by SLUB debug
MIPS: ath79: Enable OF serial ports in the default config
netfilter: nf_tables: fix leaking object reference count
scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param
scsi: isci: initialize shost fully before calling scsi_add_host()
MIPS: jazz: fix 64bit build
bpf: correctly set initial window on active Fast Open sender
net: stmmac: Fix PCI module removal leak
isdn: i4l: isdn_tty: Fix some concurrency double-free bugs
scsi: ufs: Fix system suspend status
scsi: qedi: Add ep_state for login completion on un-reachable targets
always clear the X2APIC_ENABLE bit for PV guest
drm/meson: add missing of_node_put
atm: he: fix sign-extension overflow on large shift
hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table
leds: lp5523: fix a missing check of return value of lp55xx_read
bpf: bpf_setsockopt: reset sock dst on SO_MARK changes
mlxsw: spectrum_switchdev: Do not treat static FDB entries as sticky
net/mlx5e: Fix wrong (zero) TX drop counter indication for representor
isdn: avm: Fix string plus integer warning from Clang
batman-adv: fix uninit-value in batadv_interface_tx()
ipv6: propagate genlmsg_reply return code
net/mlx5e: Don't overwrite pedit action when multiple pedit used
net/packet: fix 4gb buffer limit due to overflow check
net: sfp: do not probe SFP module before we're attached
sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment
team: avoid complex list operations in team_nl_cmd_options_set()
sit: check if IPv6 enabled before calling ip6_err_gen_icmpv6_unreach()
net/mlx4_en: Force CHECKSUM_NONE for short ethernet frames
inet_diag: fix reporting cgroup classid and fallback to priority
RDMA/srp: Rework SCSI device reset handling
KEYS: user: Align the payload buffer
KEYS: always initialize keyring_index_key::desc_len
parisc: Fix ptrace syscall number modification
ARCv2: Enable unaligned access in early ASM code
ARC: U-boot: check arguments paranoidly
ARC: define ARCH_SLAB_MINALIGN = 8
drm/i915/fbdev: Actually configure untiled displays
net: validate untrusted gso packets without csum offload
net: avoid false positives in untrusted gso validation
Revert "bridge: do not add port to router list when receives query with source 0.0.0.0"
netfilter: nf_tables: fix flush after rule deletion in the same batch
netfilter: nft_compat: use-after-free when deleting targets
netfilter: ipv6: Don't preserve original oif for loopback address
pinctrl: max77620: Use define directive for max77620_pinconf_param values
phy: tegra: remove redundant self assignment of 'map'
sched/sysctl: Fix attributes of some extern declarations
net: phylink: avoid resolving link state too early
Linux 4.14.104
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Eric Biggers
|
50d039d91d |
KEYS: always initialize keyring_index_key::desc_len
commit ede0fa98a900e657d1fcd80b50920efc896c1a4c upstream.
syzbot hit the 'BUG_ON(index_key->desc_len == 0);' in __key_link_begin()
called from construct_alloc_key() during sys_request_key(), because the
length of the key description was never calculated.
The problem is that we rely on ->desc_len being initialized by
search_process_keyrings(), specifically by search_nested_keyrings().
But, if the process isn't subscribed to any keyrings that never happens.
Fix it by always initializing keyring_index_key::desc_len as soon as the
description is set, like we already do in some places.
The following program reproduces the BUG_ON() when it's run as root and
no session keyring has been installed. If it doesn't work, try removing
pam_keyinit.so from /etc/pam.d/login and rebooting.
#include <stdlib.h>
#include <unistd.h>
#include <keyutils.h>
int main(void)
{
int id = add_key("keyring", "syz", NULL, 0, KEY_SPEC_USER_KEYRING);
keyctl_setperm(id, KEY_OTH_WRITE);
setreuid(5000, 5000);
request_key("user", "desc", "", id);
}
Reported-by: syzbot+ec24e95ea483de0a24da@syzkaller.appspotmail.com
Fixes:
|
||
|
Eric Biggers
|
fe303ba7ab |
KEYS: allow reaching the keys quotas exactly
commit a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9 upstream.
If the sysctl 'kernel.keys.maxkeys' is set to some number n, then
actually users can only add up to 'n - 1' keys. Likewise for
'kernel.keys.maxbytes' and the root_* versions of these sysctls. But
these sysctls are apparently supposed to be *maximums*, as per their
names and all documentation I could find -- the keyrings(7) man page,
Documentation/security/keys/core.rst, and all the mentions of EDQUOT
meaning that the key quota was *exceeded* (as opposed to reached).
Thus, fix the code to allow reaching the quotas exactly.
Fixes:
|
||
|
Greg Kroah-Hartman
|
0951849351 |
Merge 4.14.99 into android-4.14
Changes in 4.14.99
drm/bufs: Fix Spectre v1 vulnerability
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
drm/vgem: Fix vgem_init to get drm device available.
pinctrl: bcm2835: Use raw spinlock for RT compatibility
ASoC: Intel: mrfld: fix uninitialized variable access
gpu: ipu-v3: image-convert: Prevent race between run and unprepare
ath9k: dynack: use authentication messages for 'late' ack
scsi: lpfc: Correct LCB RJT handling
scsi: mpt3sas: Call sas_remove_host before removing the target devices
scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
clk: boston: fix possible memory leak in clk_boston_setup()
dlm: Don't swamp the CPU with callbacks queued during recovery
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
powerpc/pseries: add of_node_put() in dlpar_detach_node()
crypto: aes_ti - disable interrupts while accessing S-box
drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE
serial: fsl_lpuart: clear parity enable bit when disable parity
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
MIPS: Boston: Disable EG20T prefetch
staging:iio:ad2s90: Make probe handle spi_setup failure
fpga: altera-cvp: Fix registration for CvP incapable devices
Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1
platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup
staging: iio: ad7780: update voltage on read
usbnet: smsc95xx: fix rx packet alignment
drm/rockchip: fix for mailbox read size
ARM: OMAP2+: hwmod: Fix some section annotations
net/mlx5: EQ, Use the right place to store/read IRQ affinity hint
modpost: validate symbol names also in find_elf_symbol
perf tools: Add Hygon Dhyana support
soc/tegra: Don't leak device tree node reference
media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm()
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll
iio: adc: meson-saradc: check for devm_kasprintf failure
iio: adc: meson-saradc: fix internal clock names
iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID
media: adv*/tc358743/ths8200: fill in min width/height/pixelclock
ACPI: SPCR: Consider baud rate 0 as preconfigured state
staging: pi433: fix potential null dereference
f2fs: move dir data flush to write checkpoint process
f2fs: fix race between write_checkpoint and write_begin
f2fs: fix wrong return value of f2fs_acl_create
i2c: sh_mobile: add support for r8a77990 (R-Car E3)
arm64: io: Ensure calls to delay routines are ordered against prior readX()
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
soc: bcm: brcmstb: Don't leak device tree node reference
nfsd4: fix crash on writing v4_end_grace before nfsd startup
drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state()
arm64: io: Ensure value passed to __iormb() is held in a 64-bit register
Thermal: do not clear passive state during system sleep
firmware/efi: Add NULL pointer checks in efivars API functions
s390/zcrypt: improve special ap message cmd handling
arm64: ftrace: don't adjust the LR value
ARM: dts: mmp2: fix TWSI2
x86/fpu: Add might_fault() to user_insn()
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
smack: fix access permissions for keyring
usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb()
usb: hub: delay hub autosuspend if USB3 port is still link training
timekeeping: Use proper seqcount initializer
usb: mtu3: fix the issue about SetFeature(U1/U2_Enable)
clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks
driver core: Move async_synchronize_full call
kobject: return error code if writing /sys/.../uevent fails
IB/hfi1: Unreserve a reserved request when it is completed
usb: dwc3: trace: add missing break statement to make compiler happy
pinctrl: sx150x: handle failure case of devm_kstrdup
iommu/amd: Fix amd_iommu=force_isolation
ARM: dts: Fix OMAP4430 SDP Ethernet startup
mips: bpf: fix encoding bug for mm_srlv32_op
media: coda: fix H.264 deblocking filter controls
ARM: dts: Fix up the D-Link DIR-685 MTD partition info
watchdog: renesas_wdt: don't set divider while watchdog is running
usb: dwc3: gadget: Disable CSP for stream OUT ep
iommu/arm-smmu: Add support for qcom,smmu-v2 variant
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
sata_rcar: fix deferred probing
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
cpuidle: big.LITTLE: fix refcount leak
OPP: Use opp_table->regulators to verify no regulator case
i2c-axxia: check for error conditions first
phy: sun4i-usb: add support for missing USB PHY index
udf: Fix BUG on corrupted inode
switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite
selftests/bpf: use __bpf_constant_htons in test_prog.c
ARM: pxa: avoid section mismatch warning
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines
mmc: bcm2835: Recover from MMC_SEND_EXT_CSD
mmc: bcm2835: reset host on timeout
memstick: Prevent memstick host from getting runtime suspended during card detection
mmc: sdhci-of-esdhc: Fix timeout checks
mmc: sdhci-xenon: Fix timeout checks
tty: serial: samsung: Properly set flags in autoCTS mode
perf test: Fix perf_event_attr test failure
perf header: Fix unchecked usage of strncpy()
perf probe: Fix unchecked usage of strncpy()
arm64: KVM: Skip MMIO insn after emulation
usb: musb: dsps: fix otg state machine
percpu: convert spin_lock_irq to spin_lock_irqsave.
powerpc/uaccess: fix warning/error with access_ok()
mac80211: fix radiotap vendor presence bitmap handling
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
Bluetooth: Fix unnecessary error message for HCI request completion
mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG
scsi: smartpqi: correct host serial num for ssa
scsi: smartpqi: correct volume status
scsi: smartpqi: increase fw status register read timeout
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
powerpc/perf: Fix thresholding counter data for unknown type
drbd: narrow rcu_read_lock in drbd_sync_handshake
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: Avoid Clang warning about pointless switch statment
video: clps711x-fb: release disp device node in probe()
md: fix raid10 hang issue caused by barrier
fbdev: fbmem: behave better with small rotated displays and many CPUs
i40e: define proper net_device::neigh_priv_len
igb: Fix an issue that PME is not enabled during runtime suspend
ACPI/APEI: Clear GHES block_status before panic()
fbdev: fbcon: Fix unregister crash when more than one framebuffer
powerpc/mm: Fix reporting of kernel execute faults on the 8xx
pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins
pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
powerpc/fadump: Do not allow hot-remove memory from fadump reserved area.
kvm: Change offset in kvm_write_guest_offset_cached to unsigned
NFS: nfs_compare_mount_options always compare auth flavors.
hwmon: (lm80) fix a missing check of the status of SMBus read
hwmon: (lm80) fix a missing check of bus read in lm80 probe
seq_buf: Make seq_buf_puts() null-terminate the buffer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
crypto: ux500 - Use proper enum in hash_set_dma_transfer
MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8
cifs: check ntwrk_buf_start for NULL before dereferencing it
um: Avoid marking pages with "changed protection"
niu: fix missing checks of niu_pci_eeprom_read
f2fs: fix sbi->extent_list corruption issue
cgroup: fix parsing empty mount option string
scripts/decode_stacktrace: only strip base path when a prefix of the path
ocfs2: don't clear bh uptodate for block read
ocfs2: improve ocfs2 Makefile
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
gdrom: fix a memory leak bug
fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address()
block/swim3: Fix -EBUSY error when re-opening device after unmount
thermal: bcm2835: enable hwmon explicitly
kdb: Don't back trace on a cpu that didn't round up
thermal: generic-adc: Fix adc to temp interpolation
HID: lenovo: Add checks to fix of_led_classdev_register
kernel/hung_task.c: break RCU locks based on jiffies
proc/sysctl: fix return error for proc_doulongvec_minmax()
kernel/hung_task.c: force console verbose before panic
fs/epoll: drop ovflist branch prediction
exec: load_script: don't blindly truncate shebang string
scripts/gdb: fix lx-version string output
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
dccp: fool proof ccid_hc_[rt]x_parse_options()
enic: fix checksum validation for IPv6
net: dp83640: expire old TX-skb
rxrpc: bad unlock balance in rxrpc_recvmsg
skge: potential memory corruption in skge_get_regs()
rds: fix refcount bug in rds_sock_addref
net: systemport: Fix WoL with password after deep sleep
net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
net: dsa: slave: Don't propagate flag changes on down slave interfaces
ALSA: compress: Fix stop handling on compressed capture streams
ALSA: hda - Serialize codec registrations
fuse: call pipe_buf_release() under pipe lock
fuse: decrement NR_WRITEBACK_TEMP on the right page
fuse: handle zero sized retrieve correctly
dmaengine: bcm2835: Fix interrupt race on RT
dmaengine: bcm2835: Fix abort of transactions
dmaengine: imx-dma: fix wrong callback invoke
futex: Handle early deadlock return correctly
irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID
usb: phy: am335x: fix race condition in _probe
usb: dwc3: gadget: Handle 0 xfer length for OUT EP
usb: gadget: udc: net2272: Fix bitwise and boolean operations
usb: gadget: musb: fix short isoc packets with inventra dma
staging: speakup: fix tty-operation NULL derefs
scsi: cxlflash: Prevent deadlock when adapter probe fails
scsi: aic94xx: fix module loading
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM
perf/x86/intel/uncore: Add Node ID mask
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/core: Don't WARN() for impossible ring-buffer sizes
perf tests evsel-tp-sched: Fix bitwise operator
serial: fix race between flush_to_ldisc and tty_open
serial: 8250_pci: Make PCI class test non fatal
nfsd4: fix cached replies to solo SEQUENCE compounds
nfsd4: catch some false session retries
IB/hfi1: Add limit test for RC/UC send via loopback
perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu()
ath9k: dynack: make ewma estimation faster
ath9k: dynack: check da->enabled first in sampling routines
Linux 4.14.99
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Zoran Markovic
|
9c58ef240c |
smack: fix access permissions for keyring
[ Upstream commit 5b841bfab695e3b8ae793172a9ff7990f99cc3e2 ] Function smack_key_permission() only issues smack requests for the following operations: - KEY_NEED_READ (issues MAY_READ) - KEY_NEED_WRITE (issues MAY_WRITE) - KEY_NEED_LINK (issues MAY_WRITE) - KEY_NEED_SETATTR (issues MAY_WRITE) A blank smack request is issued in all other cases, resulting in smack access being granted if there is any rule defined between subject and object, or denied with -EACCES otherwise. Request MAY_READ access for KEY_NEED_SEARCH and KEY_NEED_VIEW. Fix the logic in the unlikely case when both MAY_READ and MAY_WRITE are needed. Validate access permission field for valid contents. Signed-off-by: Zoran Markovic <zmarkovic@sierrawireless.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Cc: Casey Schaufler <casey@schaufler-ca.com> Cc: James Morris <jmorris@namei.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
70014b13c2 |
Merge 4.14.96 into android-4.14
Changes in 4.14.96
ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address
mlxsw: spectrum: Disable lag port TX before removing it
mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion
net, skbuff: do not prefer skb allocation fails early
qmi_wwan: add MTU default to qmap network interface
r8169: Add support for new Realtek Ethernet
ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses
net: dsa: mv88x6xxx: mv88e6390 errata
gpio: pl061: Move irq_chip definition inside struct pl061
platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey
e1000e: allow non-monotonic SYSTIM readings
writeback: don't decrement wb->refcnt if !wb->bdi
serial: set suppress_bind_attrs flag only if builtin
ALSA: oxfw: add support for APOGEE duet FireWire
x86/mce: Fix -Wmissing-prototypes warnings
MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur
arm64: perf: set suppress_bind_attrs flag to true
usb: gadget: udc: renesas_usb3: add a safety connection way for forced_b_device
selinux: always allow mounting submounts
rxe: IB_WR_REG_MR does not capture MR's iova field
jffs2: Fix use of uninitialized delayed_work, lockdep breakage
clk: imx: make mux parent strings const
pstore/ram: Do not treat empty buffers as valid
powerpc/xmon: Fix invocation inside lock region
powerpc/pseries/cpuidle: Fix preempt warning
media: firewire: Fix app_info parameter type in avc_ca{,_app}_info
media: venus: core: Set dma maximum segment size
net: call sk_dst_reset when set SO_DONTROUTE
scsi: target: use consistent left-aligned ASCII INQUIRY data
selftests: do not macro-expand failed assertion expressions
clk: imx6q: reset exclusive gates on init
arm64: Fix minor issues with the dcache_by_line_op macro
kconfig: fix file name and line number of warn_ignored_character()
kconfig: fix memory leak when EOF is encountered in quotation
mmc: atmel-mci: do not assume idle after atmci_request_end
btrfs: improve error handling of btrfs_add_link
tty/serial: do not free trasnmit buffer page under port lock
perf intel-pt: Fix error with config term "pt=0"
perf svghelper: Fix unchecked usage of strncpy()
perf parse-events: Fix unchecked usage of strncpy()
netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set
dm crypt: use u64 instead of sector_t to store iv_offset
dm kcopyd: Fix bug causing workqueue stalls
tools lib subcmd: Don't add the kernel sources to the include path
dm snapshot: Fix excessive memory usage and workqueue stalls
quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls.
clocksource/drivers/integrator-ap: Add missing of_node_put()
ALSA: bebob: fix model-id of unit for Apogee Ensemble
sysfs: Disable lockdep for driver bind/unbind files
IB/usnic: Fix potential deadlock
scsi: smartpqi: correct lun reset issues
scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown()
scsi: megaraid: fix out-of-bound array accesses
ocfs2: fix panic due to unrecovered local alloc
mm/page-writeback.c: don't break integrity writeback on ->writepage() error
mm/swap: use nr_node_ids for avail_lists in swap_info_struct
mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps
nfs: fix a deadlock in nfs client initialization
ipmi:pci: Blacklist a Realtek "IPMI" device
cifs: allow disabling insecure dialects in the config
drm/i915/gvt: Fix mmap range check
PCI: dwc: Move interrupt acking into the proper callback
ipmi:ssif: Fix handling of multi-part return messages
Linux 4.14.96
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Ondrej Mosnacek
|
fbbfb5c6bf |
selinux: always allow mounting submounts
[ Upstream commit 2cbdcb882f97a45f7475c67ac6257bbc16277dfe ]
If a superblock has the MS_SUBMOUNT flag set, we should always allow
mounting it. These mounts are done automatically by the kernel either as
part of mounting some parent mount (e.g. debugfs always mounts tracefs
under "tracing" for compatibility) or they are mounted automatically as
needed on subdirectory accesses (e.g. NFS crossmnt mounts). Since such
automounts are either an implicit consequence of the parent mount (which
is already checked) or they can happen during regular accesses (where it
doesn't make sense to check against the current task's context), the
mount permission check should be skipped for them.
Without this patch, attempts to access contents of an automounted
directory can cause unexpected SELinux denials.
In the current kernel tree, the MS_SUBMOUNT flag is set only via
vfs_submount(), which is called only from the following places:
- AFS, when automounting special "symlinks" referencing other cells
- CIFS, when automounting "referrals"
- NFS, when automounting subtrees
- debugfs, when automounting tracefs
In all cases the submounts are meant to be transparent to the user and
it makes sense that if mounting the master is allowed, then so should be
the automounts. Note that CAP_SYS_ADMIN capability checking is already
skipped for (SB_KERNMOUNT|SB_SUBMOUNT) in:
- sget_userns() in fs/super.c:
if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) &&
!(type->fs_flags & FS_USERNS_MOUNT) &&
!capable(CAP_SYS_ADMIN))
return ERR_PTR(-EPERM);
- sget() in fs/super.c:
/* Ensure the requestor has permissions over the target filesystem */
if (!(flags & (SB_KERNMOUNT|SB_SUBMOUNT)) && !ns_capable(user_ns, CAP_SYS_ADMIN))
return ERR_PTR(-EPERM);
Verified internally on patched RHEL 7.6 with a reproducer using
NFS+httpd and selinux-tesuite.
Fixes:
|
||
|
Greg Kroah-Hartman
|
7af2b8dc5a |
Merge 4.14.95 into android-4.14
Changes in 4.14.95 tty/ldsem: Wake up readers after timed out down_write() tty: Hold tty_ldisc_lock() during tty_reopen() tty: Simplify tty->count math in tty_reopen() tty: Don't hold ldisc lock in tty_reopen() if ldisc present can: gw: ensure DLC boundaries after CAN frame modification mmc: sdhci-msm: Disable CDR function on TX media: em28xx: Fix misplaced reset of dev->v4l::field_count sched/fair: Fix bandwidth timer clock drift condition Revert "scsi: target: iscsi: cxgbit: fix csk leak" scsi: target: iscsi: cxgbit: fix csk leak arm64/kvm: consistently handle host HCR_EL2 flags arm64: Don't trap host pointer auth use to EL2 ipv6: fix kernel-infoleak in ipv6_local_error() net: bridge: fix a bug on using a neighbour cache entry without checking its state packet: Do not leak dev refcounts on error exit bonding: update nest level on unlink ip: on queued skb use skb_header_pointer instead of pskb_may_pull crypto: caam - fix zero-length buffer DMA mapping crypto: authencesn - Avoid twice completion call in decrypt path crypto: bcm - convert to use crypto_authenc_extractkeys() crypto: authenc - fix parsing key with misaligned rta_len Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io" btrfs: wait on ordered extents on abort cleanup Yama: Check for pid death before checking ancestry scsi: core: Synchronize request queue PM status only on successful resume scsi: sd: Fix cache_type_store() crypto: talitos - reorder code in talitos_edesc_alloc() crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK mips: fix n32 compat_ipc_parse_version MIPS: lantiq: Fix IPI interrupt handling OF: properties: add missing of_node_put mfd: tps6586x: Handle interrupts on suspend media: v4l: ioctl: Validate num_planes for debug messages pstore/ram: Avoid allocation and leak of platform data arm64: kaslr: ensure randomized quantities are clean to the PoC Disable MSI also when pcie-octeon.pcie_disable on omap2fb: Fix stack memory disclosure media: vivid: fix error handling of kthread_run media: vivid: set min width/height to a value > 0 bpf: in __bpf_redirect_no_mac pull mac only if present LSM: Check for NULL cred-security on free media: vb2: vb2_mmap: move lock up sunrpc: handle ENOMEM in rpcb_getport_async netfilter: ebtables: account ebt_table_info to kmemcg selinux: fix GPF on invalid policy blockdev: Fix livelocks on loop device sctp: allocate sctp_sockaddr_entry with kzalloc tipc: fix uninit-value in tipc_nl_compat_link_reset_stats tipc: fix uninit-value in tipc_nl_compat_bearer_enable tipc: fix uninit-value in tipc_nl_compat_link_set tipc: fix uninit-value in tipc_nl_compat_name_table_dump tipc: fix uninit-value in tipc_nl_compat_doit block/loop: Don't grab "struct file" for vfs_getattr() operation. block/loop: Use global lock for ioctl() operation. loop: Fold __loop_release into loop_release loop: Get rid of loop_index_mutex loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() loop: drop caches if offset or block_size are changed drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock media: vb2: be sure to unlock mutex on errors nbd: Use set_blocksize() to set device blocksize Linux 4.14.95 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Stephen Smalley
|
484636b444 |
selinux: fix GPF on invalid policy
commit 5b0e7310a2a33c06edc7eb81ffc521af9b2c5610 upstream. levdatum->level can be NULL if we encounter an error while loading the policy during sens_read prior to initializing it. Make sure sens_destroy handles that case correctly. Reported-by: syzbot+6664500f0f18f07a5c0e@syzkaller.appspotmail.com Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
James Morris
|
b9f9379336 |
LSM: Check for NULL cred-security on free
commit a5795fd38ee8194451ba3f281f075301a3696ce2 upstream. From: Casey Schaufler <casey@schaufler-ca.com> Check that the cred security blob has been set before trying to clean it up. There is a case during credential initialization that could result in this. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.morris@microsoft.com> Reported-by: syzbot+69ca07954461f189e808@syzkaller.appspotmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Kees Cook
|
41c13bfcc4 |
Yama: Check for pid death before checking ancestry
commit 9474f4e7cd71a633fa1ef93b7daefd44bbdfd482 upstream.
It's possible that a pid has died before we take the rcu lock, in which
case we can't walk the ancestry list as it may be detached. Instead, check
for death first before doing the walk.
Reported-by: syzbot+a9ac39bf55329e206219@syzkaller.appspotmail.com
Fixes:
|
||
|
Greg Kroah-Hartman
|
da2880fa47 |
Merge 4.14.93 into android-4.14
Changes in 4.14.93
pinctrl: meson: fix pull enable register calculation
powerpc: Fix COFF zImage booting on old powermacs
powerpc/mm: Fix linux page tables build with some configs
HID: ite: Add USB id match for another ITE based keyboard rfkill key quirk
ARM: imx: update the cpu power up timing setting on i.mx6sx
ARM: dts: imx7d-nitrogen7: Fix the description of the Wifi clock
Input: restore EV_ABS ABS_RESERVED
checkstack.pl: fix for aarch64
xfrm: Fix error return code in xfrm_output_one()
xfrm: Fix bucket count reported to userspace
xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry.
netfilter: seqadj: re-load tcp header pointer after possible head reallocation
scsi: bnx2fc: Fix NULL dereference in error handling
Input: omap-keypad - fix idle configuration to not block SoC idle states
Input: synaptics - enable RMI on ThinkPad T560
ibmvnic: Fix non-atomic memory allocation in IRQ context
ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done
x86/mm: Fix guard hole handling
x86/dump_pagetables: Fix LDT remap address marker
i40e: fix mac filter delete when setting mac address
netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
netfilter: nat: can't use dst_hold on noref dst
bnx2x: Clear fip MAC when fcoe offload support is disabled
bnx2x: Remove configured vlans as part of unload sequence.
bnx2x: Send update-svid ramrod with retry/poll flags enabled
scsi: target: iscsi: cxgbit: fix csk leak
scsi: target: iscsi: cxgbit: add missing spin_lock_init()
x86, hyperv: remove PCI dependency
drivers: net: xgene: Remove unnecessary forward declarations
w90p910_ether: remove incorrect __init annotation
net: hns: Incorrect offset address used for some registers.
net: hns: All ports can not work when insmod hns ko after rmmod.
net: hns: Some registers use wrong address according to the datasheet.
net: hns: Fixed bug that netdev was opened twice
net: hns: Clean rx fbd when ae stopped.
net: hns: Free irq when exit from abnormal branch
net: hns: Avoid net reset caused by pause frames storm
net: hns: Fix ntuple-filters status error.
net: hns: Add mac pcs config when enable|disable mac
net: hns: Fix ping failed when use net bridge and send multicast
SUNRPC: Fix a race with XPRT_CONNECTING
qed: Fix an error code qed_ll2_start_xmit()
net: macb: fix random memory corruption on RX with 64-bit DMA
net: macb: fix dropped RX frames due to a race
lan78xx: Resolve issue with changing MAC address
vxge: ensure data0 is initialized in when fetching firmware version information
mac80211: free skb fraglist before freeing the skb
kbuild: fix false positive warning/error about missing libelf
virtio: fix test build after uio.h change
gpio: mvebu: only fail on missing clk if pwm is actually to be used
Input: synaptics - enable SMBus for HP EliteBook 840 G4
net: netxen: fix a missing check and an uninitialized use
qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup
serial/sunsu: fix refcount leak
scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown
scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid
genirq/affinity: Don't return with empty affinity masks on error
tools: fix cross-compile var clobbering
fork: record start_time late
zram: fix double free backing device
hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined
mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL
mm, devm_memremap_pages: kill mapping "System RAM" support
mm, hmm: use devm semantics for hmm_devmem_{add, remove}
mm, hmm: mark hmm_devmem_{add, add_resource} EXPORT_SYMBOL_GPL
mm, swap: fix swapoff with KSM pages
sunrpc: fix cache_head leak due to queued request
sunrpc: use SVC_NET() in svcauth_gss_* functions
powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer
powerpc: Disable -Wbuiltin-requires-header when setjmp is used
ftrace: Build with CPPFLAGS to get -Qunused-arguments
md: raid10: remove VLAIS
kbuild: add -no-integrated-as Clang option unconditionally
kbuild: consolidate Clang compiler flags
Makefile: Export clang toolchain variables
powerpc/boot: Set target when cross-compiling for clang
raid6/ppc: Fix build for clang
vhost/vsock: fix uninitialized vhost_vsock->guest_cid
dm verity: fix crash on bufio buffer that was allocated with vmalloc
dm zoned: Fix target BIO completion handling
ALSA: cs46xx: Potential NULL dereference in probe
ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks
dlm: fixed memory leaks after failed ls_remove_names allocation
dlm: possible memory leak on error path in create_lkb()
dlm: lost put_lkb on error path in receive_convert() and receive_unlock()
dlm: memory leaks on error path in dlm_user_request()
gfs2: Get rid of potential double-freeing in gfs2_create_inode
gfs2: Fix loop in gfs2_rbm_find
b43: Fix error in cordic routine
selinux: policydb - fix byte order and alignment issues
lockd: Show pid of lockd for remote locks
scripts/kallsyms: filter arm64's __efistub_ symbols
arm64: drop linker script hack to hide __efistub_ symbols
arm64: relocatable: fix inconsistencies in linker script and options
powerpc/tm: Set MSR[TS] just prior to recheckpoint
9p/net: put a lower bound on msize
rxe: fix error completion wr_id and qp_num
iommu/vt-d: Handle domain agaw being less than iommu agaw
sched/fair: Fix infinite loop in update_blocked_averages() by reverting
|
||
|
Ondrej Mosnacek
|
2524f5d6f4 |
selinux: policydb - fix byte order and alignment issues
commit 5df275cd4cf51c86d49009f1397132f284ba515e upstream.
Do the LE conversions before doing the Infiniband-related range checks.
The incorrect checks are otherwise causing a failure to load any policy
with an ibendportcon rule on BE systems. This can be reproduced by
running (on e.g. ppc64):
cat >my_module.cil <<EOF
(type test_ibendport_t)
(roletype object_r test_ibendport_t)
(ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0))))
EOF
semodule -i my_module.cil
Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to
use a correctly aligned buffer.
Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32)
should be used instead.
Tested internally on a ppc64 machine with a RHEL 7 kernel with this
patch applied.
Cc: Daniel Jurgens <danielj@mellanox.com>
Cc: Eli Cohen <eli@mellanox.com>
Cc: James Morris <jmorris@namei.org>
Cc: Doug Ledford <dledford@redhat.com>
Cc: <stable@vger.kernel.org> # 4.13+
Fixes:
|
||
|
Greg Kroah-Hartman
|
d11d7f1ccf |
Merge 4.14.85 into android-4.14
Changes in 4.14.85 efi/libstub: arm: support building with clang ARM: 8766/1: drop no-thumb-interwork in EABI mode ARM: 8767/1: add support for building ARM kernel with clang bus: arm-cci: remove unnecessary unreachable() ARM: trusted_foundations: do not use naked function usb: core: Fix hub port connection events lost usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers usb: dwc3: gadget: Properly check last unaligned/zero chain TRB usb: dwc3: core: Clean up ULPI device xhci: Add check for invalid byte size error when UAS devices are connected. usb: xhci: fix timeout for transition from RExit to U0 ALSA: oss: Use kvzalloc() for local buffer allocations MAINTAINERS: Add Sasha as a stable branch maintainer mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path iwlwifi: mvm: support sta_statistics() even on older firmware iwlwifi: mvm: fix regulatory domain update when the firmware starts iwlwifi: mvm: don't use SAR Geo if basic SAR is not used brcmfmac: fix reporting support for 160 MHz channels tools/power/cpupower: fix compilation with STATIC=true v9fs_dir_readdir: fix double-free on p9stat_read error selinux: Add __GFP_NOWARN to allocation at str_read() Input: synaptics - avoid using uninitialized variable when probing bfs: add sanity check at bfs_fill_super() sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd llc: do not use sk_eat_skb() mm: don't warn about large allocations for slab mm/memory.c: recheck page table entry with page table lock held tcp: do not release socket ownership in tcp_close() IB/core: Perform modify QP on real one usb: xhci: Prevent bus suspend if a port connect change or polling state is detected drm/ast: change resolution may cause screen blurred drm/ast: fixed cursor may disappear sometimes drm/ast: Remove existing framebuffers before loading driver can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail() can: raw: check for CAN FD capable netdev in raw_sendmsg() can: hi311x: Use level-triggered interrupt IB/hfi1: Eliminate races in the SDMA send error path pinctrl: meson: fix pinconf bias disable KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE cpufreq: imx6q: add return value check for voltage scale rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write crypto: simd - correctly take reqsize of wrapped skcipher into account floppy: fix race condition in __floppy_read_block_0() powerpc/io: Fix the IO workarounds code to work with Radix perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs SUNRPC: Fix a bogus get/put in generic_key_to_expire() kdb: Use strscpy with destination buffer size powerpc/numa: Suppress "VPHN is not supported" messages efi/arm: Revert deferred unmap of early memmap mapping z3fold: fix possible reclaim races tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset mm, page_alloc: check for max order in hot path of: add helper to lookup compatible child node NFC: nfcmrvl_uart: fix OF child-node lookup net: bcmgenet: fix OF child-node lookup drm/mediatek: fix OF sibling-node lookup power: supply: twl4030-charger: fix OF sibling-node lookup arm64: remove no-op -p linker flag xhci: Allow more than 32 quirks xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc mtd: rawnand: atmel: fix OF child-node lookup ubi: fastmap: Check each mapping only once Input: xpad - add PDP device id 0x02a4 Input: xpad - fix some coding style issues Input: xpad - avoid using __set_bit() for capabilities Input: xpad - add support for Xbox1 PDP Camo series gamepad iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE kbuild: allow to use GCC toolchain not in Clang search path PCI: endpoint: Populate func_no before calling pci_epc_add_epf() net/mlx4_core: Fix wrong calculation of free counters i40iw: Fix memory leak in error path of create QP rtc: omap: fix error path when pinctrl_register fails clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices ARM: dts: exynos: Fix invalid node referenced by i2c20 alias in Peach Pit and Pi driver core: Move device_links_purge() after bus_remove_device() include/linux/pfn_t.h: force '~' to be parsed as an unary operator tty: wipe buffer. tty: wipe buffer if not echoing data usb: xhci: fix uninitialized completion when USB3 port got wrong status namei: allow restricted O_CREAT of FIFOs and regular files lan78xx: Read MAC address from DT if present s390/mm: Check for valid vma before zapping in gmap_discard rcu: Make need_resched() respond to urgent RCU-QS needs net: ieee802154: 6lowpan: fix frag reassembly ima: always measure and audit files in policy EVM: Add support for portable signature format ima: re-introduce own integrity cache lock ima: re-initialize iint->atomic_flags Linux 4.14.85 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Mimi Zohar
|
d467320fda |
ima: re-initialize iint->atomic_flags
commit e2598077dc6a26c9644393e5c21f22a90dbdccdb upstream.
Intermittently security.ima is not being written for new files. This
patch re-initializes the new slab iint->atomic_flags field before
freeing it.
Fixes: commit 0d73a55208e9 ("ima: re-introduce own integrity cache lock")
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Cc: Aditya Kali <adityakali@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Dmitry Kasatkin
|
281c07f30f |
ima: re-introduce own integrity cache lock
commit 0d73a55208e94fc9fb6deaeea61438cd3280d4c0 upstream.
Before IMA appraisal was introduced, IMA was using own integrity cache
lock along with i_mutex. process_measurement and ima_file_free took
the iint->mutex first and then the i_mutex, while setxattr, chmod and
chown took the locks in reverse order. To resolve the potential deadlock,
i_mutex was moved to protect entire IMA functionality and the redundant
iint->mutex was eliminated.
Solution was based on the assumption that filesystem code does not take
i_mutex further. But when file is opened with O_DIRECT flag, direct-io
implementation takes i_mutex and produces deadlock. Furthermore, certain
other filesystem operations, such as llseek, also take i_mutex.
More recently some filesystems have replaced their filesystem specific
lock with the global i_rwsem to read a file. As a result, when IMA
attempts to calculate the file hash, reading the file attempts to take
the i_rwsem again.
To resolve O_DIRECT related deadlock problem, this patch re-introduces
iint->mutex. But to eliminate the original chmod() related deadlock
problem, this patch eliminates the requirement for chmod hooks to take
the iint->mutex by introducing additional atomic iint->attr_flags to
indicate calling of the hooks. The allowed locking order is to take
the iint->mutex first and then the i_rwsem.
Original flags were cleared in chmod(), setxattr() or removwxattr()
hooks and tested when file was closed or opened again. New atomic flags
are set or cleared in those hooks and tested to clear iint->flags on
close or on open.
Atomic flags are following:
* IMA_CHANGE_ATTR - indicates that chATTR() was called (chmod, chown,
chgrp) and file attributes have changed. On file open, it causes IMA
to clear iint->flags to re-evaluate policy and perform IMA functions
again.
* IMA_CHANGE_XATTR - indicates that setxattr or removexattr was called
and extended attributes have changed. On file open, it causes IMA to
clear iint->flags IMA_DONE_MASK to re-appraise.
* IMA_UPDATE_XATTR - indicates that security.ima needs to be updated.
It is cleared if file policy changes and no update is needed.
* IMA_DIGSIG - indicates that file security.ima has signature and file
security.ima must not update to file has on file close.
* IMA_MUST_MEASURE - indicates the file is in the measurement policy.
Fixes: Commit
|
||
|
Matthew Garrett
|
e099863340 |
EVM: Add support for portable signature format
commit 50b977481fce90aa5fbda55e330b9d722733e358 upstream. The EVM signature includes the inode number and (optionally) the filesystem UUID, making it impractical to ship EVM signatures in packages. This patch adds a new portable format intended to allow distributions to include EVM signatures. It is identical to the existing format but hardcodes the inode and generation numbers to 0 and does not include the filesystem UUID even if the kernel is configured to do so. Removing the inode means that the metadata and signature from one file could be copied to another file without invalidating it. This is avoided by ensuring that an IMA xattr is present during EVM validation. Portable signatures are intended to be immutable - ie, they will never be transformed into HMACs. Based on earlier work by Dmitry Kasatkin and Mikhail Kurinnoi. Signed-off-by: Matthew Garrett <mjg59@google.com> Cc: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Cc: Mikhail Kurinnoi <viewizard@viewizard.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Cc: Aditya Kali <adityakali@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Mimi Zohar
|
de72a0f9ad |
ima: always measure and audit files in policy
commit f3cc6b25dcc5616f0d5c720009b2ac66f97df2ff upstream. All files matching a "measure" rule must be included in the IMA measurement list, even when the file hash cannot be calculated. Similarly, all files matching an "audit" rule must be audited, even when the file hash can not be calculated. The file data hash field contained in the IMA measurement list template data will contain 0's instead of the actual file hash digest. Note: In general, adding, deleting or in anyway changing which files are included in the IMA measurement list is not a good idea, as it might result in not being able to unseal trusted keys sealed to a specific TPM PCR value. This patch not only adds file measurements that were not previously measured, but specifies that the file hash value for these files will be 0's. As the IMA measurement list ordering is not consistent from one boot to the next, it is unlikely that anyone is sealing keys based on the IMA measurement list. Remote attestation servers should be able to process these new measurement records, but might complain about these unknown records. Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Reviewed-by: Dmitry Kasatkin <dmitry.kasatkin@huawei.com> Cc: Aditya Kali <adityakali@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Tetsuo Handa
|
9520db1675 |
selinux: Add __GFP_NOWARN to allocation at str_read()
commit 4458bba09788e70e8fb39ad003f087cd9dfbd6ac upstream. syzbot is hitting warning at str_read() [1] because len parameter can become larger than KMALLOC_MAX_SIZE. We don't need to emit warning for this case. [1] https://syzkaller.appspot.com/bug?id=7f2f5aad79ea8663c296a2eedb81978401a908f0 Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reported-by: syzbot <syzbot+ac488b9811036cea7ea0@syzkaller.appspotmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
0e1d81608a |
Merge 4.14.84 into android-4.14
Changes in 4.14.84 cifs: don't dereference smb_file_target before null check cifs: fix return value for cifs_listxattr arm64: kprobe: make page to RO mode when allocate it ixgbe: fix MAC anti-spoofing filter after VFLR reiserfs: propagate errors from fill_with_dentries() properly hfs: prevent btree data loss on root split hfsplus: prevent btree data loss on root split um: Give start_idle_thread() a return code drm/edid: Add 6 bpc quirk for BOE panel. platform/x86: intel_telemetry: report debugfs failure clk: fixed-rate: fix of_node_get-put imbalance perf symbols: Set PLT entry/header sizes properly on Sparc fs/exofs: fix potential memory leak in mount option parsing clk: samsung: exynos5420: Enable PERIS clocks for suspend apparmor: Fix uninitialized value in aa_split_fqname x86/earlyprintk: Add a force option for pciserial device platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 arm64: percpu: Initialize ret in the default case s390/vdso: add missing FORCE to build targets netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net s390/mm: Fix ERROR: "__node_distance" undefined! netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() netfilter: xt_IDLETIMER: add sysfs filename checking routine s390/qeth: fix HiperSockets sniffer hwmon: (ibmpowernv) Remove bogus __init annotations Revert "drm/exynos/decon5433: implement frame counter" clk: fixed-factor: fix of_node_get-put imbalance lib/raid6: Fix arm64 test build s390/perf: Change CPUM_CF return code in event init function sched/core: Take the hotplug lock in sched_init_smp() perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features qed: Fix memory/entry leak in qed_init_sp_request() qed: Fix blocking/unlimited SPQ entries leak qed: Fix potential memory corruption net: stmmac: Fix RX packet size > 8191 zram: close udev startup race condition as default groups SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM perf machine: Add machine__is() to identify machine arch perf tools: Fix kernel_start for PTI on x86 perf machine: Add nr_cpus_avail() perf machine: Workaround missing maps for x86 PTI entry trampolines perf test code-reading: Fix perf_env setup for PTI entry trampolines x86/mm: Move LDT remap out of KASLR region on 5-level paging x86/ldt: Unmap PTEs for the slot before freeing LDT pages media: v4l: event: Add subscription to list before calling "add" operation MIPS: OCTEON: cavium_octeon_defconfig: re-enable OCTEON USB driver uio: Fix an Oops on load usb: cdc-acm: add entry for Hiro (Conexant) modem USB: quirks: Add no-lpm quirk for Raydium touchscreens usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data USB: misc: appledisplay: add 20" Apple Cinema Display drivers/misc/sgi-gru: fix Spectre v1 vulnerability ACPI / platform: Add SMB0001 HID to forbidden_id_list HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges libceph: fall back to sendmsg for slab pages Linux 4.14.84 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Zubin Mithra
|
d0a636aa44 |
apparmor: Fix uninitialized value in aa_split_fqname
[ Upstream commit 250f2da49cb8e582215a65c03f50e8ddf5cd119c ]
Syzkaller reported a OOB-read with the stacktrace below. This occurs
inside __aa_lookupn_ns as `n` is not initialized. `n` is obtained from
aa_splitn_fqname. In cases where `name` is invalid, aa_splitn_fqname
returns without initializing `ns_name` and `ns_len`.
Fix this by always initializing `ns_name` and `ns_len`.
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
__asan_report_load1_noabort+0x14/0x20 mm/kasan/report.c:430
memcmp+0xe3/0x160 lib/string.c:861
strnstr+0x4b/0x70 lib/string.c:934
__aa_lookupn_ns+0xc1/0x570 security/apparmor/policy_ns.c:209
aa_lookupn_ns+0x88/0x1e0 security/apparmor/policy_ns.c:240
aa_fqlookupn_profile+0x1b9/0x1010 security/apparmor/policy.c:468
fqlookupn_profile+0x80/0xc0 security/apparmor/label.c:1844
aa_label_strn_parse+0xa3a/0x1230 security/apparmor/label.c:1908
aa_label_parse+0x42/0x50 security/apparmor/label.c:1943
aa_change_profile+0x513/0x3510 security/apparmor/domain.c:1362
apparmor_setprocattr+0xaa4/0x1150 security/apparmor/lsm.c:658
security_setprocattr+0x66/0xc0 security/security.c:1298
proc_pid_attr_write+0x301/0x540 fs/proc/base.c:2555
__vfs_write+0x119/0x9f0 fs/read_write.c:485
vfs_write+0x1fc/0x560 fs/read_write.c:549
ksys_write+0x101/0x260 fs/read_write.c:598
__do_sys_write fs/read_write.c:610 [inline]
__se_sys_write fs/read_write.c:607 [inline]
__x64_sys_write+0x73/0xb0 fs/read_write.c:607
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Fixes:
|
||
|
Greg Kroah-Hartman
|
4e76528bd4 |
Merge 4.14.81 into android-4.14
Changes in 4.14.81
mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB
spi: bcm-qspi: switch back to reading flash using smaller chunks
bcache: trace missed reading by cache_missed
bcache: fix miss key refill->end in writeback
hwmon: (pmbus) Fix page count auto-detection.
jffs2: free jffs2_sb_info through jffs2_kill_sb()
cpufreq: conservative: Take limits changes into account properly
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges
ipmi: Fix timer race with module unload
parisc: Fix address in HPMC IVA
parisc: Fix map_pages() to not overwrite existing pte entries
parisc: Fix exported address of os_hpmc handler
ALSA: hda - Add quirk for ASUS G751 laptop
ALSA: hda - Fix headphone pin config for ASUS G751
ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops
x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
x86/xen: Fix boot loader version reported for PVH guests
x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided
x86/mm/pat: Disable preemption around __flush_tlb_all()
x86/speculation: Support Enhanced IBRS on future CPUs
ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen
bpf: do not blindly change rlimit in reuseport net selftest
Revert "perf tools: Fix PMU term format max value calculation"
xfrm: policy: use hlist rcu variants on insert
perf vendor events intel: Fix wrong filter_band* values for uncore events
sparc: Fix single-pcr perf event counter management.
sparc: Throttle perf events properly.
sparc64: Make proc_id signed.
sched/fair: Fix the min_vruntime update logic in dequeue_entity()
perf tools: Fix use of alternatives to find JDIR
perf cpu_map: Align cpu map synthesized events properly.
x86/fpu: Remove second definition of fpu in __fpu__restore_sig()
net: qla3xxx: Remove overflowing shift statement
selftests: ftrace: Add synthetic event syntax testcase
i2c: rcar: cleanup DMA for all kinds of failure
locking/lockdep: Fix debug_locks off performance problem
ataflop: fix error handling during setup
swim: fix cleanup on setup error
nfp: devlink port split support for 1x100G CXP NIC
tun: Consistently configure generic netdev params via rtnetlink
s390/sthyi: Fix machine name validity indication
hwmon: (pwm-fan) Set fan speed to 0 on suspend
lightnvm: pblk: fix two sleep-in-atomic-context bugs
spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare}
perf tools: Free temporary 'sys' string in read_event_files()
perf tools: Cleanup trace-event-info 'tdata' leak
perf strbuf: Match va_{add,copy} with va_end
cpupower: Fix coredump on VMWare
mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01
iwlwifi: pcie: avoid empty free RB queue
iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface
x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC
ACPI / processor: Fix the return value of acpi_processor_ids_walk()
cpufreq: dt: Try freeing static OPPs only if we have added them
mtd: rawnand: atmel: Fix potential NULL pointer dereference
signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth
x86: boot: Fix EFI stub alignment
pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux
brcmfmac: fix for proper support of 160MHz bandwidth
net: phy: phylink: ensure the carrier is off when starting phylink
block, bfq: correctly charge and reset entity service in all cases
kprobes: Return error if we fail to reuse kprobe instead of BUG_ON()
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers
pinctrl: qcom: spmi-mpp: Fix drive strength setting
pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant
pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant
net: dsa: mv88e6xxx: Fix writing to a PHY page.
iwlwifi: mvm: fix BAR seq ctrl reporting
ixgbevf: VF2VF TCP RSS
ath10k: schedule hardware restart if WMI command times out
thermal: da9062/61: Prevent hardware access during system suspend
cgroup, netclassid: add a preemption point to write_classid
scsi: esp_scsi: Track residual for PIO transfers
UAPI: ndctl: Fix g++-unsupported initialisation in headers
KVM: nVMX: Clear reserved bits of #DB exit qualification
scsi: megaraid_sas: fix a missing-check bug
RDMA/core: Do not expose unsupported counters
IB/ipoib: Clear IPCB before icmp_send
RDMA/bnxt_re: Fix recursive lock warning in debug kernel
usb: host: ohci-at91: fix request of irq for optional gpio
PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask
VMCI: Resource wildcard match fixed
PCI / ACPI: Enable wake automatically for power managed bridges
usb: gadget: udc: atmel: handle at91sam9rl PMC
ext4: fix argument checking in EXT4_IOC_MOVE_EXT
MD: fix invalid stored role for a disk
f2fs: fix to recover inode's i_flags during POR
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice
coresight: etb10: Fix handling of perf mode
PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode
crypto: caam - fix implicit casts in endianness helpers
usb: chipidea: Prevent unbalanced IRQ disable
driver/dma/ioat: Call del_timer_sync() without holding prep_lock
uio: ensure class is registered before devices
scsi: lpfc: Correct soft lockup when running mds diagnostics
scsi: lpfc: Correct race with abort on completion path
f2fs: report error if quota off error during umount
signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init
mfd: menelaus: Fix possible race condition and leak
dmaengine: dma-jz4780: Return error if not probed from DT
IB/rxe: fix for duplicate request processing and ack psns
ALSA: hda: Check the non-cached stream buffers more explicitly
cpupower: Fix AMD Family 0x17 msr_pstate size
Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()"
f2fs: fix to account IO correctly
ARM: dts: exynos: Remove "cooling-{min|max}-level" for CPU nodes
arm: dts: exynos: Add missing cooling device properties for CPUs
ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings
ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250
xen-swiotlb: use actually allocated size on check physical continuous
tpm: Restore functionality to xen vtpm driver.
xen/blkfront: avoid NULL blkfront_info dereference on device removal
xen/balloon: Support xend-based toolstack
xen: fix race in xen_qlock_wait()
xen: make xen_qlock_wait() nestable
xen/pvh: increase early stack size
xen/pvh: don't try to unplug emulated devices
libertas: don't set URB_ZERO_PACKET on IN USB transfer
usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten
usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround"
iwlwifi: mvm: check return value of rs_rate_from_ucode_rate()
net/ipv4: defensive cipso option parsing
dmaengine: ppc4xx: fix off-by-one build failure
dmaengine: stm32-dma: fix incomplete configuration in cyclic mode
libnvdimm: Hold reference on parent while scheduling async init
libnvdimm, region: Fail badblocks listing for inactive regions
ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
IB/mlx5: Fix MR cache initialization
jbd2: fix use after free in jbd2_log_do_checkpoint()
gfs2_meta: ->mount() can get NULL dev_name
ext4: initialize retries variable in ext4_da_write_inline_data_begin()
ext4: fix setattr project check in fssetxattr ioctl
ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR
ext4: fix use-after-free race in ext4_remount()'s error path
HID: hiddev: fix potential Spectre v1
EDAC, amd64: Add Family 17h, models 10h-2fh support
EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting
EDAC, skx_edac: Fix logical channel intermediate decoding
ARM: dts: dra7: Fix up unaligned access setting for PCIe EP
PCI/ASPM: Fix link_state teardown on device removal
PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk
PCI: vmd: White list for fast interrupt handlers
signal/GenWQE: Fix sending of SIGKILL
signal: Guard against negative signal numbers in copy_siginfo_from_user32
crypto: lrw - Fix out-of bounds access on counter overflow
crypto: tcrypt - fix ghash-generic speed test
mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range()
ima: fix showing large 'violations' or 'runtime_measurements_count'
hugetlbfs: dirty pages as they are added to pagecache
mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly
KVM: arm64: Fix caching of host MDCR_EL2 value
kbuild: fix kernel/bounds.c 'W=1' warning
iio: ad5064: Fix regulator handling
iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs()
iio: adc: at91: fix acking DRDY irq on simple conversions
iio: adc: at91: fix wrong channel number in triggered buffer mode
w1: omap-hdq: fix missing bus unregister at removal
smb3: allow stats which track session and share reconnects to be reset
smb3: do not attempt cifs operation in smb3 query info error path
smb3: on kerberos mount if server doesn't specify auth type use krb5
printk: Fix panic caused by passing log_buf_len to command line
genirq: Fix race on spurious interrupt detection
NFSv4.1: Fix the r/wsize checking
nfs: Fix a missed page unlock after pg_doio()
nfsd: Fix an Oops in free_session()
lockd: fix access beyond unterminated strings in prints
dm ioctl: harden copy_params()'s copy_from_user() from malicious users
dm zoned: fix metadata block ref counting
dm zoned: fix various dmz_get_mblock() issues
powerpc/msi: Fix compile error on mpc83xx
MIPS: OCTEON: fix out of bounds array access on CN68XX
iommu/arm-smmu: Ensure that page-table updates are visible before TLBI
TC: Set DMA masks for devices
media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD
kgdboc: Passing ekgdboc to command line causes panic
xen: fix xen_qlock_wait()
xen-blkfront: fix kernel panic with negotiate_mq error path
media: em28xx: use a default format if TRY_FMT fails
media: tvp5150: avoid going past array on v4l2_querymenu()
media: em28xx: fix input name for Terratec AV 350
media: em28xx: make v4l2-compliance happier by starting sequence on zero
media: media colorspaces*.rst: rename AdobeRGB to opRGB
arm64: lse: remove -fcall-used-x0 flag
rpmsg: smd: fix memory leak on channel create
Cramfs: fix abad comparison when wrap-arounds occur
ARM: dts: socfpga: Fix SDRAM node address for Arria10
arm64: dts: stratix10: Correct System Manager register size
soc/tegra: pmc: Fix child-node lookup
selftests/powerpc: Fix ptrace tm failure
btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled
btrfs: Handle owner mismatch gracefully when walking up tree
btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock
btrfs: fix error handling in free_log_tree
btrfs: Enhance btrfs_trim_fs function to handle error better
btrfs: Ensure btrfs_trim_fs can trim the whole filesystem
btrfs: iterate all devices during trim, instead of fs_devices::alloc_list
btrfs: don't attempt to trim devices that don't support it
btrfs: wait on caching when putting the bg cache
btrfs: protect space cache inode alloc with GFP_NOFS
btrfs: reset max_extent_size on clear in a bitmap
btrfs: make sure we create all new block groups
Btrfs: fix warning when replaying log after fsync of a tmpfile
Btrfs: fix wrong dentries after fsync of file that got its parent replaced
btrfs: qgroup: Dirty all qgroups before rescan
Btrfs: fix null pointer dereference on compressed write path error
Btrfs: fix assertion on fsync of regular file when using no-holes feature
btrfs: set max_extent_size properly
btrfs: don't use ctl->free_space for max_extent_size
btrfs: only free reserved extent if we didn't insert it
btrfs: don't run delayed_iputs in commit
btrfs: move the dio_sem higher up the callchain
Btrfs: fix use-after-free during inode eviction
Btrfs: fix use-after-free when dumping free space
Btrfs: fix fsync after hole punching when using no-holes feature
net: sched: Remove TCA_OPTIONS from policy
bpf: wait for running BPF programs when updating map-in-map
MD: fix invalid stored role for a disk - try2
Linux 4.14.81
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Eric Biggers
|
4c6fda12ff |
ima: fix showing large 'violations' or 'runtime_measurements_count'
commit 1e4c8dafbb6bf72fb5eca035b861e39c5896c2b7 upstream. The 12 character temporary buffer is not necessarily long enough to hold a 'long' value. Increase it. Signed-off-by: Eric Biggers <ebiggers@google.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
84ae3e35e1 |
Merge 4.14.73 into android-4.14
Changes in 4.14.73 gso_segment: Reset skb->mac_len after modifying network header ipv6: fix possible use-after-free in ip6_xmit() net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT net: hp100: fix always-true check for link up state pppoe: fix reception of frames with no mac header qmi_wwan: set DTR for modems in forced USB2 mode udp4: fix IP_CMSG_CHECKSUM for connected sockets neighbour: confirm neigh entries when ARP packet is received udp6: add missing checks on edumux packet processing net/sched: act_sample: fix NULL dereference in the data path tls: don't copy the key out of tls12_crypto_info_aes_gcm_128 tls: zero the crypto information from tls_context before freeing tls: clear key material from kernel memory when do_tls_setsockopt_conf fails NFC: Fix possible memory corruption when handling SHDLC I-Frame commands NFC: Fix the number of pipes ASoC: cs4265: fix MMTLR Data switch control ASoC: rsnd: fixup not to call clk_get/set under non-atomic ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at error path ALSA: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping ALSA: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO ALSA: fireface: fix memory leak in ff400_switch_fetching_mode() ALSA: firewire-digi00x: fix memory leak of private data ALSA: firewire-tascam: fix memory leak of private data ALSA: fireworks: fix memory leak of response buffer at error path ALSA: oxfw: fix memory leak for model-dependent data at error path ALSA: oxfw: fix memory leak of discovered stream formats at error path ALSA: oxfw: fix memory leak of private data platform/x86: alienware-wmi: Correct a memory leak xen/netfront: don't bug in case of too many frags xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code spi: fix IDR collision on systems with both fixed and dynamic SPI bus numbers Revert "PCI: Add ACS quirk for Intel 300 series" ring-buffer: Allow for rescheduling when removing pages mm: shmem.c: Correctly annotate new inodes for lockdep Revert "rpmsg: core: add support to power domains for devices" Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name" scsi: target: iscsi: Use hex2bin instead of a re-implementation scsi: target: iscsi: Use bin2hex instead of a re-implementation Revert "ubifs: xattr: Don't operate on deleted inodes" ocfs2: fix ocfs2 read block panic drm/nouveau: Fix deadlocks in nouveau_connector_detect() drm/nouveau/drm/nouveau: Don't forget to cancel hpd_work on suspend/unload drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable() placement drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() drm/nouveau/drm/nouveau: Prevent handling ACPI HPD events too early drm/vc4: Fix the "no scaling" case on multi-planar YUV formats drm: udl: Destroy framebuffer only if it was initialized drm/amdgpu: add new polaris pci id tty: vt_ioctl: fix potential Spectre v1 ext4: check to make sure the rename(2)'s destination is not freed ext4: avoid divide by zero fault when deleting corrupted inline directories ext4: avoid arithemetic overflow that can trigger a BUG ext4: recalucate superblock checksum after updating free blocks/inodes ext4: fix online resize's handling of a too-small final block group ext4: fix online resizing for bigalloc file systems with a 1k block size ext4: don't mark mmp buffer head dirty ext4: show test_dummy_encryption mount option in /proc/mounts sched/fair: Fix vruntime_normalized() for remote non-migration wakeup PCI: aardvark: Size bridges before resources allocation vmw_balloon: include asm/io.h iw_cxgb4: only allow 1 flush on user qps tick/nohz: Prevent bogus softirq pending warning spi: Fix double IDR allocation with DT aliases Linux 4.14.73 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Lubomir Rintel
|
50ec69edf3 |
Revert "uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name"
commit 8c0f9f5b309d627182d5da72a69246f58bde1026 upstream.
This changes UAPI, breaking iwd and libell:
ell/key.c: In function 'kernel_dh_compute':
ell/key.c:205:38: error: 'struct keyctl_dh_params' has no member named 'private'; did you mean 'dh_private'?
struct keyctl_dh_params params = { .private = private,
^~~~~~~
dh_private
This reverts commit 8a2336e549d385bb0b46880435b411df8d8200e8.
Fixes: 8a2336e549d3 ("uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name")
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Randy Dunlap <rdunlap@infradead.org>
cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
cc: Stephan Mueller <smueller@chronox.de>
cc: James Morris <jmorris@namei.org>
cc: "Serge E. Hallyn" <serge@hallyn.com>
cc: Mat Martineau <mathew.j.martineau@linux.intel.com>
cc: Andrew Morton <akpm@linux-foundation.org>
cc: Linus Torvalds <torvalds@linux-foundation.org>
cc: <stable@vger.kernel.org>
Signed-off-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
5efa57938b |
Merge 4.14.72 into android-4.14
Changes in 4.14.72 be2net: Fix memory leak in be_cmd_get_profile_config() net/mlx5: Fix use-after-free in self-healing flow net: qca_spi: Fix race condition in spi transfers rds: fix two RCU related problems net/mlx5: Check for error in mlx5_attach_interface net/mlx5: Fix debugfs cleanup in the device init/remove flow net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables net/tls: Set count of SG entries if sk_alloc_sg returns -ENOSPC erspan: fix error handling for erspan tunnel erspan: return PACKET_REJECT when the appropriate tunnel is not found tcp: really ignore MSG_ZEROCOPY if no SO_ZEROCOPY hv/netvsc: Fix NULL dereference at single queue mode fallback usb: dwc3: change stream event enable bit back to 13 iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register iommu/io-pgtable-arm-v7s: Abort allocation when table address overflows the PTE ALSA: msnd: Fix the default sample sizes ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro xfrm: fix 'passing zero to ERR_PTR()' warning amd-xgbe: use dma_mapping_error to check map errors gfs2: Special-case rindex for gfs2_grow clk: imx6ul: fix missing of_node_put() clk: core: Potentially free connection id clk: clk-fixed-factor: Clear OF_POPULATED flag in case of failure kbuild: add .DELETE_ON_ERROR special target media: tw686x: Fix oops on buffer alloc failure dmaengine: pl330: fix irq race with terminate_all MIPS: ath79: fix system restart media: videobuf2-core: check for q->error in vb2_core_qbuf() IB/rxe: Drop QP0 silently block: allow max_discard_segments to be stacked IB/ipoib: Fix error return code in ipoib_dev_init() mtd/maps: fix solutionengine.c printk format warnings media: ov5645: Supported external clock is 24MHz perf test: Fix subtest number when showing results gfs2: Don't reject a supposedly full bitmap if we have blocks reserved perf tools: Synthesize GROUP_DESC feature in pipe mode fbdev: omapfb: off by one in omapfb_register_client() perf tools: Fix struct comm_str removal crash video: goldfishfb: fix memory leak on driver remove fbdev/via: fix defined but not used warning perf powerpc: Fix callchain ip filtering when return address is in a register video: fbdev: pxafb: clear allocated memory for video modes fbdev: Distinguish between interlaced and progressive modes ARM: exynos: Clear global variable on init error path perf powerpc: Fix callchain ip filtering nvme-rdma: unquiesce queues when deleting the controller KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() powerpc/powernv: opal_put_chars partial write fix staging: bcm2835-camera: fix timeout handling in wait_for_completion_timeout staging: bcm2835-camera: handle wait_for_completion_timeout return properly ASoC: rt5514: Fix the issue of the delay volume applied MIPS: jz4740: Bump zload address mac80211: restrict delayed tailroom needed decrement Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of qe_muram_alloc arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() reset: imx7: Fix always writing bits as 0 efi/arm: preserve early mapping of UEFI memory map longer for BGRT nfp: avoid buffer leak when FW communication fails xen-netfront: fix queue name setting arm64: dts: qcom: db410c: Fix Bluetooth LED trigger ARM: dts: qcom: msm8974-hammerhead: increase load on l20 for sdhci s390/qeth: fix race in used-buffer accounting s390/qeth: reset layer2 attribute on layer switch platform/x86: toshiba_acpi: Fix defined but not used build warnings KVM: arm/arm64: Fix vgic init race drivers/base: stop new probing during shutdown i2c: aspeed: Fix initial values of master and slave state dmaengine: mv_xor_v2: kill the tasklets upon exit crypto: sharah - Unregister correct algorithms for SAHARA 3 x86/pti: Check the return value of pti_user_pagetable_walk_p4d() x86/pti: Check the return value of pti_user_pagetable_walk_pmd() x86/mm/pti: Add an overflow check to pti_clone_pmds() xen-netfront: fix warn message as irq device name has '/' RDMA/cma: Protect cma dev list with lock pstore: Fix incorrect persistent ram buffer mapping xen/netfront: fix waiting for xenbus state change IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler s390/crypto: Fix return code checking in cbc_paes_crypt() mmc: omap_hsmmc: fix wakeirq handling on removal ipmi: Fix I2C client removal in the SSIF driver Tools: hv: Fix a bug in the key delete code misc: hmc6352: fix potential Spectre v1 xhci: Fix use after free for URB cancellation on a reallocated endpoint usb: Don't die twice if PCI xhci host is not responding in resume mei: ignore not found client in the enumeration mei: bus: need to unlink client before freeing USB: Add quirk to support DJI CineSSD usb: uas: add support for more quirk flags usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 USB: net2280: Fix erroneous synchronization change USB: serial: io_ti: fix array underflow in completion handler usb: misc: uss720: Fix two sleep-in-atomic-context bugs USB: serial: ti_usb_3410_5052: fix array underflow in completion handler USB: yurex: Fix buffer over-read in yurex_write() usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() Revert "cdc-acm: implement put_char() and flush_chars()" cifs: prevent integer overflow in nxt_dir_entry() CIFS: fix wrapping bugs in num_entries() xtensa: ISS: don't allocate memory in platform_setup perf/core: Force USER_DS when recording user stack data x86/EISA: Don't probe EISA bus for Xen PV guests NFSv4.1 fix infinite loop on I/O. binfmt_elf: Respect error return from `regset->active' net/mlx5: Add missing SET_DRIVER_VERSION command translation arm64: dts: uniphier: Add missing cooling device properties for CPUs audit: fix use-after-free in audit_add_watch mtdchar: fix overflows in adjustment of `count` vfs: fix freeze protection in mnt_want_write_file() for overlayfs Bluetooth: Use lock_sock_nested in bt_accept_enqueue evm: Don't deadlock if a crypto algorithm is unavailable KVM: PPC: Book3S HV: Add of_node_put() in success path security: check for kstrdup() failure in lsm_append() MIPS: loongson64: cs5536: Fix PCI_OHCI_INT_REG reads configfs: fix registered group removal pinctrl: rza1: Fix selector use for groups and functions sched/core: Use smp_mb() in wake_woken_function() efi/esrt: Only call efi_mem_reserve() for boot services memory ARM: hisi: handle of_iomap and fix missing of_node_put ARM: hisi: fix error handling and missing of_node_put ARM: hisi: check of_iomap and fix missing of_node_put liquidio: fix hang when re-binding VF host drv after running DPDK VF driver gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes tty: fix termios input-speed encoding when using BOTHER tty: fix termios input-speed encoding mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips mmc: tegra: prevent HS200 on Tegra 3 mmc: sdhci: do not try to use 3.3V signaling if not supported drm/nouveau: Fix runtime PM leak in drm_open() drm/nouveau/debugfs: Wake up GPU before doing any reclocking drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping parport: sunbpp: fix error return code sched/fair: Fix util_avg of new tasks for asymmetric systems coresight: Handle errors in finding input/output ports coresight: tpiu: Fix disabling timeouts coresight: ETM: Add support for Arm Cortex-A73 and Cortex-A35 staging: bcm2835-audio: Don't leak workqueue if open fails gpio: pxa: Fix potential NULL dereference gpiolib: Mark gpio_suffixes array with __maybe_unused mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) drm/amdkfd: Fix error codes in kfd_get_process rtc: bq4802: add error handling for devm_ioremap ALSA: pcm: Fix snd_interval_refine first/last with open min/max scsi: libfc: fixup 'sleeping function called from invalid context' selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress drm/panel: type promotion bug in s6e8aa0_read_mtp_id() blk-mq: only attempt to merge bio if there is rq in sw queue blk-mq: avoid to synchronize rcu inside blk_cleanup_queue() pinctrl: msm: Fix msm_config_group_get() to be compliant pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant clk: tegra: bpmp: Don't crash when a clock fails to register mei: bus: type promotion bug in mei_nfc_if_version() earlycon: Initialize port->uartclk based on clock-frequency property earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon ASoC: samsung: i2s: Fix error handling path in i2s_set_sysclk() ASoC: samsung: Fix invalid argument when devm_gpiod_get is called drm/i915: Apply the GTT write flush for all !llc machines net/ipv6: prevent use after free in ip6_route_mpath_notify e1000e: Remove Other from EIAC Partial revert "e1000e: Avoid receiver overrun interrupt bursts" e1000e: Fix queue interrupt re-raising in Other interrupt e1000e: Avoid missed interrupts following ICR read Revert "e1000e: Separate signaling for link check/link up" e1000e: Fix link check race condition e1000e: Fix check_for_link return value with autoneg off Linux 4.14.72 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
55bdb77aa9 |
security: check for kstrdup() failure in lsm_append()
[ Upstream commit 87ea58433208d17295e200d56be5e2a4fe4ce7d6 ]
lsm_append() should return -ENOMEM if memory allocation failed.
Fixes:
|
||
|
Matthew Garrett
|
c818695c71 |
evm: Don't deadlock if a crypto algorithm is unavailable
[ Upstream commit e2861fa71641c6414831d628a1f4f793b6562580 ] When EVM attempts to appraise a file signed with a crypto algorithm the kernel doesn't have support for, it will cause the kernel to trigger a module load. If the EVM policy includes appraisal of kernel modules this will in turn call back into EVM - since EVM is holding a lock until the crypto initialisation is complete, this triggers a deadlock. Add a CRYPTO_NOLOAD flag and skip module loading if it's set, and add that flag in the EVM case in order to fail gracefully with an error message instead of deadlocking. Signed-off-by: Matthew Garrett <mjg59@google.com> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Piotr Sawicki
|
bff663136d |
Smack: Fix handling of IPv4 traffic received by PF_INET6 sockets
[ Upstream commit 129a99890936766f4b69b9da7ed88366313a9210 ] A socket which has sk_family set to PF_INET6 is able to receive not only IPv6 but also IPv4 traffic (IPv4-mapped IPv6 addresses). Prior to this patch, the smk_skb_to_addr_ipv6() could have been called for socket buffers containing IPv4 packets, in result such traffic was allowed. Signed-off-by: Piotr Sawicki <p.sawicki2@partner.samsung.com> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
f8223ece3a |
Merge 4.14.70 into android-4.14
Changes in 4.14.70 act_ife: fix a potential use-after-free ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state net: bcmgenet: use MAC link status for fixed phy net: macb: do not disable MDIO bus at open/close time net: sched: Fix memory exposure from short TCA_U32_SEL qlge: Fix netdev features configuration. r8169: add support for NCube 8168 network card tcp: do not restart timewait timer on rst reception vti6: remove !skb->ignore_df check from vti6_xmit() net/sched: act_pedit: fix dump of extended layered op tipc: fix a missing rhashtable_walk_exit() nfp: wait for posted reconfigs when disabling the device sctp: hold transport before accessing its asoc in sctp_transport_get_next mlxsw: spectrum_switchdev: Do not leak RIFs when removing bridge vhost: correctly check the iova range when waking virtqueue hv_netvsc: ignore devices that are not PCI hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() act_ife: move tcfa_lock down to where necessary act_ife: fix a potential deadlock net: sched: action_ife: take reference to meta module cifs: check if SMB2 PDU size has been padded and suppress the warning hfsplus: don't return 0 when fill_super() failed hfs: prevent crash on exit from failed search sunrpc: Don't use stack buffer with scatterlist fork: don't copy inconsistent signal handler state to child reiserfs: change j_timestamp type to time64_t hfsplus: fix NULL dereference in hfsplus_lookup() fs/proc/kcore.c: use __pa_symbol() for KCORE_TEXT list entries fat: validate ->i_start before using scripts: modpost: check memory allocation results virtio: pci-legacy: Validate queue pfn x86/mce: Add notifier_block forward declaration IB/hfi1: Invalid NUMA node information can cause a divide by zero pwm: meson: Fix mux clock names mm/fadvise.c: fix signed overflow UBSAN complaint fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() platform/x86: intel_punit_ipc: fix build errors netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses s390/kdump: Fix memleak in nt_vmcoreinfo ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() mfd: sm501: Set coherent_dma_mask when creating subdevices platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 netfilter: fix memory leaks on netlink_dump_start error tcp, ulp: add alias for all ulp modules RDMA/hns: Fix usage of bitmap allocation functions return values net: hns3: Fix for command format parsing error in hclge_is_all_function_id_zero net: hns3: Fix for phy link issue when using marvell phy driver perf tools: Check for null when copying nsinfo. irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP net/9p/trans_fd.c: fix race by holding the lock net/9p: fix error path of p9_virtio_probe f2fs: fix to clear PG_checked flag in set_page_dirty() powerpc/uaccess: Enable get_user(u64, *p) on 32-bit powerpc: Fix size calculation using resource_size() perf probe powerpc: Fix trace event post-processing block: bvec_nr_vecs() returns value for wrong slab s390/dasd: fix hanging offline processing due to canceled worker s390/dasd: fix panic for failed online processing ACPI / scan: Initialize status to ACPI_STA_DEFAULT scsi: aic94xx: fix an error code in aic94xx_init() NFSv4: Fix error handling in nfs4_sp4_select_mode() Input: do not use WARN() in input_alloc_absinfo() xen/balloon: fix balloon initialization for PVH Dom0 PCI: mvebu: Fix I/O space end address calculation dm kcopyd: avoid softlockup in run_complete_job staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice ASoC: rt5677: Fix initialization of rt5677_of_match.data iommu/omap: Fix cache flushes on L2 table entries selftests/powerpc: Kill child processes on SIGINT RDS: IB: fix 'passing zero to ERR_PTR()' warning cfq: Suppress compiler warnings about comparisons smb3: fix reset of bytes read and written stats SMB3: Number of requests sent should be displayed for SMB3 not just CIFS powerpc/platforms/85xx: fix t1042rdb_diu.c build errors & warning powerpc/64s: Make rfi_flush_fallback a little more robust powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX. clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 KVM: vmx: track host_state.loaded using a loaded_vmcs pointer kvm: nVMX: Fix fault vector for VMX operation at CPL > 0 btrfs: Exit gracefully when chunk map cannot be inserted to the tree btrfs: replace: Reset on-disk dev stats value after replace btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized btrfs: Don't remove block group that still has pinned down bytes arm64: rockchip: Force CONFIG_PM on Rockchip systems ARM: rockchip: Force CONFIG_PM on Rockchip systems drm/i915/lpe: Mark LPE audio runtime pm as "no callbacks" drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode drm/amd/pp/Polaris12: Fix a chunk of registers missed to program drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 drm/amdgpu: update tmr mc address drm/amdgpu:add tmr mc address into amdgpu_firmware_info drm/amdgpu:add new firmware id for VCN drm/amdgpu:add VCN support in PSP driver drm/amdgpu:add VCN booting with firmware loaded by PSP uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name debugobjects: Make stack check warning more informative sched/deadline: Fix switching to -deadline lightnvm: pblk: free padded entries in write buffer mm: Fix devm_memremap_pages() collision handling HID: add quirk for another PIXART OEM mouse used by HP usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear x86/xen: don't write ptes directly in 32-bit PV guests drm/i915: Increase LSPCON timeout kbuild: make missing $DEPMOD a Warning instead of an Error s390/lib: use expoline for all bcr instructions irda: Fix memory leak caused by repeated binds of irda socket irda: Only insert new objects into the global database via setsockopt Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" kvm: x86: Set highest physical address bits in non-present/reserved SPTEs x86: kvm: avoid unused variable warning arm64: cpu_errata: include required headers ASoC: wm8994: Fix missing break in switch arm64: Fix mismatched cache line size detection arm64: Handle mismatched cache type Linux 4.14.70 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Randy Dunlap
|
448b5498f6 |
uapi/linux/keyctl.h: don't use C++ reserved keyword as a struct member name
commit 8a2336e549d385bb0b46880435b411df8d8200e8 upstream.
Since this header is in "include/uapi/linux/", apparently people want to
use it in userspace programs -- even in C++ ones. However, the header
uses a C++ reserved keyword ("private"), so change that to "dh_private"
instead to allow the header file to be used in C++ userspace.
Fixes https://bugzilla.kernel.org/show_bug.cgi?id=191051
Link: http://lkml.kernel.org/r/0db6c314-1ef4-9bfa-1baa-7214dd2ee061@infradead.org
Fixes:
|
||
|
Greg Kroah-Hartman
|
fc59235394 |
Merge 4.14.69 into android-4.14
Changes in 4.14.69
net: 6lowpan: fix reserved space for single frames
net: mac802154: tx: expand tailroom if necessary
9p/net: Fix zero-copy path in the 9p virtio transport
spi: davinci: fix a NULL pointer dereference
spi: pxa2xx: Add support for Intel Ice Lake
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
spi: cadence: Change usleep_range() to udelay(), for atomic context
mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS
readahead: stricter check for bdi io_pages
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
block: really disable runtime-pm for blk-mq
drm/i915/userptr: reject zero user_size
libertas: fix suspend and resume for SDIO connected cards
media: Revert "[media] tvp5150: fix pad format frame height"
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
Replace magic for trusting the secondary keyring with #define
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
powerpc/fadump: handle crash memory ranges array index overflow
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
PCI: Add wrappers for dev_printk()
powerpc/powernv/pci: Work around races in PCI bridge enabling
cxl: Fix wrong comparison in cxl_adapter_context_get()
ib_srpt: Fix a use-after-free in srpt_close_ch()
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
9p: fix multiple NULL-pointer-dereferences
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p/virtio: fix off-by-one error in sg list bounds check
net/9p/client.c: version pointer uninitialized
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
dm integrity: change 'suspending' variable from bool to int
dm thin: stop no_space_timeout worker when switching to write-mode
dm cache metadata: save in-core policy_hint_size to on-disk superblock
dm cache metadata: set dirty on all cache blocks after a crash
dm crypt: don't decrease device limits
uart: fix race between uart_put_char() and uart_shutdown()
Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind()
iio: sca3000: Fix missing return in switch
iio: ad9523: Fix displayed phase
iio: ad9523: Fix return value for ad952x_store()
extcon: Release locking when sending the notification of connector state
vmw_balloon: fix inflation of 64-bit GFNs
vmw_balloon: do not use 2MB without batching
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: fix VMCI use when balloon built into kernel
rtc: omap: fix potential crash on power off
tracing: Do not call start/stop() functions when tracing_on does not change
tracing/blktrace: Fix to allow setting same value
printk/tracing: Do not trace printk_nmi_enter()
livepatch: Validate module/old func name length
uprobes: Use synchronize_rcu() not synchronize_sched()
mfd: hi655x: Fix regmap area declared size for hi655x
ovl: fix wrong use of impure dir cache in ovl_iterate()
drivers/block/zram/zram_drv.c: fix bug storing backing_dev
cpufreq: governor: Avoid accessing invalid governor_data
PM / sleep: wakeup: Fix build error caused by missing SRCU support
KVM: VMX: fixes for vmentry_l1d_flush module parameter
KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages
xtensa: limit offsets in __loop_cache_{all,page}
xtensa: increase ranges in ___invalidate_{i,d}cache_all
block, bfq: return nbytes and not zero from struct cftype .write() method
pnfs/blocklayout: off by one in bl_map_stripe()
NFSv4 client live hangs after live data migration recovery
NFSv4: Fix locking in pnfs_generic_recover_commit_reqs
NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
mm/tlb: Remove tlb_remove_table() non-concurrent condition
iommu/vt-d: Add definitions for PFSID
iommu/vt-d: Fix dev iotlb pfsid use
sys: don't hold uts_sem while accessing userspace memory
userns: move user access out of the mutex
ubifs: Fix memory leak in lprobs self-check
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Check data node size before truncate
ubifs: xattr: Don't operate on deleted inodes
ubifs: Fix synced_i_size calculation for xattr inodes
pwm: tiehrpwm: Don't use emulation mode bits to control PWM output
pwm: tiehrpwm: Fix disabling of output of PWMs
fb: fix lost console when the user unplugs a USB adapter
udlfb: set optimal write delay
getxattr: use correct xattr length
libnvdimm: fix ars_status output length calculation
bcache: release dc->writeback_lock properly in bch_writeback_thread()
cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
perf auxtrace: Fix queue resize
crypto: vmx - Fix sleep-in-atomic bugs
crypto: caam - fix DMA mapping direction for RSA forms 2 & 3
crypto: caam/jr - fix descriptor DMA unmapping
crypto: caam/qi - fix error path in xts setkey
fs/quota: Fix spectre gadget in do_quotactl
arm64: mm: always enable CONFIG_HOLES_IN_ZONE
Linux 4.14.69
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Eddie.Horng
|
5a842ecca2 |
cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
commit 355139a8dba446cc11a424cddbf7afebc3041ba1 upstream. The code in cap_inode_getsecurity(), introduced by commit |
||
|
Greg Kroah-Hartman
|
2637566c77 |
Merge 4.14.67 into android-4.14
Changes in 4.14.67 ext4: fix spectre gadget in ext4_mb_regular_allocator() drm/i915/kvmgt: Fix potential Spectre v1 EDAC: Add missing MEM_LRDDR4 entry in edac_mem_types[] pty: fix O_CLOEXEC for TIOCGPTPEER arm: dts: armada: Fix "#cooling-cells" property's name vfio: ccw: fix error return in vfio_ccw_sch_event perf tools: Fix error index for pmu event parser Input: synaptics-rmi4 - fix axis-swap behavior IB/mlx4: Fix an error handling path in 'mlx4_ib_rereg_user_mr()' drm/bridge/sii8620: fix loops in EDID fetch logic drm/bridge/sii8620: fix potential buffer overflow ARC: Explicitly add -mmedium-calls to CFLAGS hwmon: (nct6775) Fix loop limit soc: imx: gpcv2: correct PGC offset usb: dwc3: pci: add support for Intel IceLake usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() usb: dwc3: of-simple: fix use-after-free on remove ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th netfilter: ipv6: nf_defrag: reduce struct net memory waste netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister selftests: pstore: return Kselftest Skip code for skipped tests selftests: static_keys: return Kselftest Skip code for skipped tests selftests: sysctl: return Kselftest Skip code for skipped tests selftests: user: return Kselftest Skip code for skipped tests selftests: zram: return Kselftest Skip code for skipped tests selftests: vm: return Kselftest Skip code for skipped tests selftests: sync: add config fragment for testing sync framework ARM: dts: NSP: Fix i2c controller interrupt type ARM: dts: NSP: Fix PCIe controllers interrupt types ARM: dts: BCM5301x: Fix i2c controller interrupt type ARM: dts: Cygnus: Fix I2C controller interrupt type ARM: dts: Cygnus: Fix PCIe controller interrupt type arm64: dts: specify 1.8V EMMC capabilities for bcm958742k arm64: dts: specify 1.8V EMMC capabilities for bcm958742t arm64: dts: ns2: Fix I2C controller interrupt type arm64: dts: ns2: Fix PCIe controller interrupt type arm64: dts: Stingray: Fix I2C controller interrupt type drivers/perf: xgene_pmu: Fix IOB SLOW PMU parser error drm: mali-dp: Enable Global SE interrupts mask for DP500 drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format IB/rxe: Fix missing completion for mem_reg work requests libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() usb: dwc2: alloc dma aligned buffer for isoc split in usb: dwc2: fix isoc split in transfer with no data usb: gadget: composite: fix delayed_status race condition when set_interface usb: gadget: dwc2: fix memory leak in gadget_init() dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation xen: add error handling for xenbus_printf pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception scsi: xen-scsifront: add error handling for xenbus_printf xen/scsiback: add error handling for xenbus_printf arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag arm64: make secondary_start_kernel() notrace qed: Fix possible memory leak in Rx error path handling. qed: Add sanity check for SIMD fastpath handler. qed: Do not advertise DCBX_LLD_MANAGED capability. enic: initialize enic->rfs_h.lock in enic_probe net: hamradio: use eth_broadcast_addr net: propagate dev_get_valid_name return code net: stmmac: socfpga: add additional ocp reset line for Stratix10 nvmet: reset keep alive timer in controller enable block: sed-opal: Fix a couple off by one bugs ARC: Enable machine_desc->init_per_cpu for !CONFIG_SMP nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag. net: davinci_emac: match the mdio device against its compatible if possible sctp: fix erroneous inc of snmp SctpFragUsrMsgs KVM: arm/arm64: Drop resource size check for GICV window drm/bridge/sii8620: fix display of packed pixel modes in MHL2 locking/lockdep: Do not record IRQ state within lockdep code selftests: bpf: notification about privilege required to run test_kmod.sh testing script mtd: dataflash: Use ULL suffix for 64-bit constants x86/microcode/intel: Fix memleak in save_microcode_patch() ipv6: mcast: fix unsolicited report interval after receiving querys Smack: Mark inode instant in smack_task_to_inode arm64: dts: msm8916: fix Coresight ETF graph connections batman-adv: Fix bat_ogm_iv best gw refcnt after netlink dump batman-adv: Fix bat_v best gw refcnt after netlink dump batman-adv: Avoid storing non-TT-sync flags on singular entries too batman-adv: Fix multicast TT issues with bogus ROAM flags cxgb4: when disabling dcb set txq dcb priority to 0 iio: pressure: bmp280: fix relative humidity unit brcmfmac: stop watchdog before detach and free everything ARM: dts: am437x: make edt-ft5x06 a wakeup source ALSA: seq: Fix UBSAN warning at SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT ioctl usb: xhci: remove the code build warning usb: xhci: increase CRS timeout value NFC: pn533: Fix wrong GFP flag usage typec: tcpm: Fix a msecs vs jiffies bug kconfig: fix line numbers for if-entries in menu tree perf record: Support s390 random socket_id assignment perf test session topology: Fix test on s390 perf report powerpc: Fix crash if callchain is empty perf tools: Fix a clang 7.0 compilation error perf bench: Fix numa report output code ARM: davinci: board-da850-evm: fix WP pin polarity for MMC/SD netfilter: nf_log: fix uninit read in nf_log_proc_dostring ceph: fix dentry leak in splice_dentry() net/mlx5: E-Switch, Disallow vlan/spoofcheck setup if not being esw manager nfp: cast sizeof() to int when comparing with error code selftests/x86/sigreturn/64: Fix spurious failures on AMD CPUs selftests/x86/sigreturn: Do minor cleanups ARM: dts: da850: Fix interrups property for gpio ARM64: dts: meson-gxl: fix Mali GPU compatible string dmaengine: pl330: report BURST residue granularity dmaengine: k3dma: Off by one in k3_of_dma_simple_xlate() ath10k: update the phymode along with bandwidth change request md/raid10: fix that replacement cannot complete recovery after reassemble dev-dax: check_vma: ratelimit dev_info-s nl80211: relax ht operation checks for mesh nl80211: check nla_parse_nested() return values drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes drm/exynos: decon5433: Fix WINCONx reset value drbd: Fix drbd_request_prepare() discard handling bpf, s390: fix potential memleak when later bpf_jit_prog fails PCI: xilinx: Add missing of_node_put() PCI: xilinx-nwl: Add missing of_node_put() PCI: faraday: Add missing of_node_put() bnx2x: Fix receiving tx-timeout in error or recovery state. fsl/fman: fix parser reporting bad checksum on short frames dpaa_eth: DPAA SGT needs to be 256B acpi/nfit: fix cmd_rc for acpi_nfit_ctl to always return a value openrisc: entry: Fix delay slot exception detection m68k: fix "bad page state" oops on ColdFire boot objtool: Support GCC 8 '-fnoreorder-functions' ipvlan: call dev_change_flags when ipvlan mode is reset drm/amdgpu: fix swapped emit_ib_size in vce3 x86/mm/32: Initialize the CR4 shadow before __flush_tlb_all() HID: wacom: Correct touch maximum XY of 2nd-gen Intuos ARM: imx_v6_v7_defconfig: Select ULPI support ARM: imx_v4_v5_defconfig: Select ULPI support bpf: hash map: decrement counter on error tracing: Use __printf markup to silence compiler kasan: fix shadow_size calculation error in kasan_module_alloc smsc75xx: Add workaround for gigabit link up hardware errata. drm/bridge/sii8620: Fix display of packed pixel modes samples/bpf: add missing <linux/if_vlan.h> samples/bpf: Check the result of system() samples/bpf: Check the error of write() and read() ieee802154: 6lowpan: set IFLA_LINK netfilter: x_tables: set module owner for icmp(6) matches ipv6: make ipv6_renew_options() interrupt/kernel safe net: qrtr: Broadcast messages only from control port sh_eth: fix invalid context bug while calling auto-negotiation by ethtool sh_eth: fix invalid context bug while changing link options by ethtool ravb: fix invalid context bug while calling auto-negotiation by ethtool ravb: fix invalid context bug while changing link options by ethtool ARM: pxa: irq: fix handling of ICMR registers in suspend/resume net/sched: act_tunnel_key: fix NULL dereference when 'goto chain' is used nvmem: Don't let a NULL cell_id for nvmem_cell_get() crash us ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem ieee802154: at86rf230: use __func__ macro for debug messages ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem gpu: host1x: Check whether size of unpin isn't 0 drm/tegra: Fix comparison operator for buffer size drm/armada: fix colorkey mode property drm/armada: fix irq handling netfilter: nft_compat: explicitly reject ERROR and standard target netfilter: nf_conntrack: Fix possible possible crash on module loading. ARC: Improve cmpxchg syscall implementation bnxt_en: Fix inconsistent BNXT_FLAG_AGG_RINGS logic. bnxt_en: Always set output parameters in bnxt_get_max_rings(). bnxt_en: Fix for system hang if request_irq fails scsi: qedf: Send the driver state to MFW scsi: qedi: Send driver state to MFW perf llvm-utils: Remove bashism from kernel include fetch script perf tools: Fix compilation errors on gcc8 perf script python: Fix dict reference counting nfit: fix unchecked dereference in acpi_nfit_ctl RDMA/mlx5: Fix memory leak in mlx5_ib_create_srq() error path ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for secondary cores ARM: dts: am3517.dtsi: Disable reference to OMAP3 OTG controller ixgbe: Be more careful when modifying MAC filters tools: build: Use HOSTLDFLAGS with fixdep kbuild: suppress warnings from 'getconf LFS_*' packet: reset network header if packet shorter than ll reserved space qlogic: check kstrtoul() for errors tcp: remove DELAYED ACK events in DCTCP pinctrl: ingenic: Fix inverted direction for < JZ4770 pinctrl: nsp: off by ones in nsp_pinmux_enable() pinctrl: nsp: Fix potential NULL dereference drm/nouveau/gem: off by one bugs in nouveau_gem_pushbuf_reloc_apply() hv/netvsc: fix handling of fallback to single queue mode net/ethernet/freescale/fman: fix cross-build error ibmvnic: Fix error recovery on login failure btrfs: scrub: Don't use inode page cache in scrub_handle_errored_block() octeon_mgmt: Fix MIX registers configuration on MTU setup net: usb: rtl8150: demote allmulti message to dev_dbg() kvmclock: fix TSC calibration for nested guests PCI: OF: Fix I/O space page leak PCI: versatile: Fix I/O space page leak net: qca_spi: Avoid packet drop during initial sync net: qca_spi: Make sure the QCA7000 reset is triggered net: qca_spi: Fix log level if probe fails tcp: identify cryptic messages as TCP seq # bugs soc: imx: gpc: restrict register range for regmap access ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems ARM: dts: imx6: RDU2: fix irq type for mv88e6xxx switch nvme: fix handling of metadata_len for NVME_IOCTL_IO_CMD KVM: irqfd: fix race between EPOLLHUP and irq_bypass_register_consumer f2fs: return error during fill_super f2fs: sanity check for total valid node blocks parisc: Remove ordered stores from syscall.S xfrm_user: prevent leaking 2 bytes of kernel memory netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state packet: refine ring v3 block size test to hold one frame net/smc: no shutdown in state SMC_LISTEN parisc: Remove unnecessary barriers from spinlock.h PCI: hotplug: Don't leak pci_slot on registration failure PCI: Skip MPS logic for Virtual Functions (VFs) PCI: pciehp: Fix use-after-free on unplug PCI: pciehp: Fix unprotected list iteration in IRQ handler i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes i2c: imx: Fix race condition in dma read reiserfs: fix broken xattr handling (heap corruption, bad retval) Linux 4.14.67 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Casey Schaufler
|
4545cfb006 |
Smack: Mark inode instant in smack_task_to_inode
[ Upstream commit 7b4e88434c4e7982fb053c49657e1c8bbb8692d9 ] Smack: Mark inode instant in smack_task_to_inode /proc clean-up in commit 1bbc55131e59bd099fdc568d3aa0b42634dbd188 resulted in smack_task_to_inode() being called before smack_d_instantiate. This resulted in the smk_inode value being ignored, even while present for files in /proc/self. Marking the inode as instant here fixes that. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: James Morris <james.morris@microsoft.com> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
6f2e09c90a |
Merge 4.14.60 into android-4.14
Changes in 4.14.60
fork: unconditionally clear stack on fork
i2c: core: decrease reference count of device node in i2c_unregister_device
RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access
drivers/infiniband/core/verbs.c: fix build with gcc-4.4.4
IB/srpt: Fix an out-of-bounds stack access in srpt_zerolength_write()
drivers/infiniband/ulp/srpt/ib_srpt.c: fix build with gcc-4.4.4
spi: spi-s3c64xx: Fix system resume support
Input: elan_i2c - add ACPI ID for lenovo ideapad 330
Input: i8042 - add Lenovo LaVie Z to the i8042 reset list
Input: elan_i2c - add another ACPI ID for Lenovo Ideapad 330-15AST
kvm, mm: account shadow page tables to kmemcg
delayacct: fix crash in delayacct_blkio_end() after delayacct init failure
tracing: Fix double free of event_trigger_data
tracing: Fix possible double free in event_enable_trigger_func()
kthread, tracing: Don't expose half-written comm when creating kthreads
tracing/kprobes: Fix trace_probe flags on enable_trace_kprobe() failure
tracing: Quiet gcc warning about maybe unused link variable
arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups
mlxsw: spectrum_switchdev: Fix port_vlan refcounting
kcov: ensure irq code sees a valid area
xen/netfront: raise max number of slots in xennet_get_responses()
hv_netvsc: fix network namespace issues with VF support
skip LAYOUTRETURN if layout is invalid
ALSA: emu10k1: add error handling for snd_ctl_add
ALSA: fm801: add error handling for snd_ctl_add
NFSv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY
nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo
vfio: platform: Fix reset module leak in error path
vfio/mdev: Check globally for duplicate devices
vfio/type1: Fix task tracking for QEMU vCPU hotplug
kernel/hung_task.c: show all hung tasks before panic
mm: /proc/pid/pagemap: hide swap entries from unprivileged users
mm: vmalloc: avoid racy handling of debugobjects in vunmap
mm/slub.c: add __printf verification to slab_err()
rtc: ensure rtc_set_alarm fails when alarms are not supported
perf tools: Fix pmu events parsing rule
netfilter: ipset: forbid family for hash:mac sets
netfilter: ipset: List timing out entries with "timeout 1" instead of zero
irqchip/ls-scfg-msi: Map MSIs in the iommu
watchdog: da9063: Fix updating timeout value
printk: drop in_nmi check from printk_safe_flush_on_panic()
bpf, arm32: fix inconsistent naming about emit_a32_lsr_{r64,i64}
ceph: fix alignment of rasize
e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes
infiniband: fix a possible use-after-free bug
powerpc/lib: Adjust .balign inside string functions for PPC32
powerpc/64s: Add barrier_nospec
powerpc/eeh: Fix use-after-release of EEH driver
hvc_opal: don't set tb_ticks_per_usec in udbg_init_opal_common()
powerpc/64s: Fix compiler store ordering to SLB shadow area
RDMA/mad: Convert BUG_ONs to error flows
lightnvm: pblk: warn in case of corrupted write buffer
netfilter: nf_tables: check msg_type before nft_trans_set(trans)
pnfs: Don't release the sequence slot until we've processed layoutget on open
disable loading f2fs module on PAGE_SIZE > 4KB
f2fs: fix error path of move_data_page
f2fs: fix to don't trigger writeback during recovery
f2fs: fix to wait page writeback during revoking atomic write
f2fs: Fix deadlock in shutdown ioctl
f2fs: fix to detect failure of dquot_initialize
f2fs: fix race in between GC and atomic open
block, bfq: remove wrong lock in bfq_requests_merged
usbip: usbip_detach: Fix memory, udev context and udev leak
usbip: dynamically allocate idev by nports found in sysfs
perf/x86/intel/uncore: Correct fixed counter index check in generic code
perf/x86/intel/uncore: Correct fixed counter index check for NHM
selftests/intel_pstate: Improve test, minor fixes
selftests: memfd: return Kselftest Skip code for skipped tests
selftests: intel_pstate: return Kselftest Skip code for skipped tests
PCI: Fix devm_pci_alloc_host_bridge() memory leak
btrfs: balance dirty metadata pages in btrfs_finish_ordered_io
iwlwifi: pcie: fix race in Rx buffer allocator
Bluetooth: hci_qca: Fix "Sleep inside atomic section" warning
Bluetooth: btusb: Add a new Realtek 8723DE ID 2ff8:b011
ASoC: dpcm: fix BE dai not hw_free and shutdown
mfd: cros_ec: Fail early if we cannot identify the EC
mwifiex: handle race during mwifiex_usb_disconnect
wlcore: sdio: check for valid platform device data before suspend
net: hns3: Fixes the init of the VALID BD info in the descriptor
media: tw686x: Fix incorrect vb2_mem_ops GFP flags
media: videobuf2-core: don't call memop 'finish' when queueing
Btrfs: don't return ino to ino cache if inode item removal fails
Btrfs: don't BUG_ON() in btrfs_truncate_inode_items()
btrfs: add barriers to btrfs_sync_log before log_commit_wait wakeups
btrfs: qgroup: Finish rescan when hit the last leaf of extent tree
x86/microcode: Make the late update update_lock a raw lock for RT
PM / wakeup: Make s2idle_lock a RAW_SPINLOCK
PCI: Prevent sysfs disable of device while driver is attached
nvme-rdma: stop admin queue before freeing it
nvme-pci: Fix AER reset handling
ath: Add regulatory mapping for FCC3_ETSIC
ath: Add regulatory mapping for ETSI8_WORLD
ath: Add regulatory mapping for APL13_WORLD
ath: Add regulatory mapping for APL2_FCCA
ath: Add regulatory mapping for Uganda
ath: Add regulatory mapping for Tanzania
ath: Add regulatory mapping for Serbia
ath: Add regulatory mapping for Bermuda
ath: Add regulatory mapping for Bahamas
powerpc/32: Add a missing include header
powerpc/chrp/time: Make some functions static, add missing header include
powerpc/powermac: Add missing prototype for note_bootable_part()
powerpc/powermac: Mark variable x as unused
powerpc: Add __printf verification to prom_printf
spi: sh-msiof: Fix setting SIRMDR1.SYNCAC to match SITMDR1.SYNCAC
powerpc/8xx: fix invalid register expression in head_8xx.S
pinctrl: at91-pio4: add missing of_node_put
bpf: powerpc64: pad function address loads with NOPs
PCI: pciehp: Request control of native hotplug only if supported
net: dsa: qca8k: Add support for QCA8334 switch
mwifiex: correct histogram data with appropriate index
ima: based on policy verify firmware signatures (pre-allocated buffer)
drivers/perf: arm-ccn: don't log to dmesg in event_init
spi: Add missing pm_runtime_put_noidle() after failed get
net: hns3: Fix the missing client list node initialization
fscrypt: use unbound workqueue for decryption
scsi: ufs: ufshcd: fix possible unclocked register access
scsi: ufs: fix exception event handling
scsi: zfcp: assert that the ERP lock is held when tracing a recovery trigger
drm/nouveau/fifo/gk104-: poll for runlist update completion
Bluetooth: btusb: add ID for LiteOn 04ca:301a
rtc: tps6586x: fix possible race condition
rtc: vr41xx: fix possible race condition
rtc: tps65910: fix possible race condition
ALSA: emu10k1: Rate-limit error messages about page errors
regulator: pfuze100: add .is_enable() for pfuze100_swb_regulator_ops
md/raid1: add error handling of read error from FailFast device
md: fix NULL dereference of mddev->pers in remove_and_add_spares()
ixgbevf: fix MAC address changes through ixgbevf_set_mac()
media: smiapp: fix timeout checking in smiapp_read_nvm
net: ethernet: ti: cpsw-phy-sel: check bus_find_device() ret value
ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback
media: atomisp: ov2680: don't declare unused vars
arm64: cmpwait: Clear event register before arming exclusive monitor
HID: hid-plantronics: Re-resend Update to map button for PTT products
arm64: dts: renesas: salvator-common: use audio-graph-card for Sound
drm/radeon: fix mode_valid's return type
drm/amdgpu: Remove VRAM from shared bo domains.
powerpc/embedded6xx/hlwd-pic: Prevent interrupts from being handled by Starlet
HID: i2c-hid: check if device is there before really probing
EDAC, altera: Fix ARM64 build warning
ARM: dts: stih407-pinctrl: Fix complain about IRQ_TYPE_NONE usage
ARM: dts: emev2: Add missing interrupt-affinity to PMU node
ARM: dts: sh73a0: Add missing interrupt-affinity to PMU node
nvmem: properly handle returned value nvmem_reg_read
i40e: free the skb after clearing the bitlock
tty: Fix data race in tty_insert_flip_string_fixed_flag
dma-iommu: Fix compilation when !CONFIG_IOMMU_DMA
net: phy: phylink: Release link GPIO
media: rcar_jpu: Add missing clk_disable_unprepare() on error in jpu_open()
libata: Fix command retry decision
ACPI / LPSS: Only call pwm_add_table() for Bay Trail PWM if PMIC HRV is 2
media: media-device: fix ioctl function types
media: saa7164: Fix driver name in debug output
mtd: rawnand: fsl_ifc: fix FSL NAND driver to read all ONFI parameter pages
brcmfmac: Add support for bcm43364 wireless chipset
s390/cpum_sf: Add data entry sizes to sampling trailer entry
perf: fix invalid bit in diagnostic entry
bnxt_en: Check unsupported speeds in bnxt_update_link() on PF only.
scsi: 3w-9xxx: fix a missing-check bug
scsi: 3w-xxxx: fix a missing-check bug
scsi: megaraid: silence a static checker bug
scsi: hisi_sas: config ATA de-reset as an constrained command for v3 hw
scsi: qedf: Set the UNLOADING flag when removing a vport
staging: lustre: o2iblnd: fix race at kiblnd_connect_peer
staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5
thermal: exynos: fix setting rising_threshold for Exynos5433
bpf: fix references to free_bpf_prog_info() in comments
f2fs: avoid fsync() failure caused by EAGAIN in writepage()
media: siano: get rid of __le32/__le16 cast warnings
drm/atomic: Handling the case when setting old crtc for plane
ALSA: hda/ca0132: fix build failure when a local macro is defined
mmc: dw_mmc: update actual clock for mmc debugfs
mmc: pwrseq: Use kmalloc_array instead of stack VLA
dt-bindings: pinctrl: meson: add support for the Meson8m2 SoC
spi: meson-spicc: Fix error handling in meson_spicc_probe()
net: hns3: Fixes the out of bounds access in hclge_map_tqp
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
backlight: pwm_bl: Don't use GPIOF_* with gpiod_get_direction
stop_machine: Use raw spinlocks
delayacct: Use raw_spinlocks
memory: tegra: Do not handle spurious interrupts
memory: tegra: Apply interrupts mask per SoC
nvme: lightnvm: add granby support
arm64: defconfig: Enable Rockchip io-domain driver
igb: Fix queue selection on MAC filters on i210
drm/gma500: fix psb_intel_lvds_mode_valid()'s return type
ipconfig: Correctly initialise ic_nameservers
rsi: Fix 'invalid vdd' warning in mmc
rsi: fix nommu_map_sg overflow kernel panic
audit: allow not equal op for audit by executable
staging: vchiq_core: Fix missing semaphore release in error case
staging: lustre: llite: correct removexattr detection
staging: lustre: ldlm: free resource when ldlm_lock_create() fails.
serial: core: Make sure compiler barfs for 16-byte earlycon names
soc: imx: gpcv2: Do not pass static memory as platform data
microblaze: Fix simpleImage format generation
usb: hub: Don't wait for connect state at resume for powered-off ports
crypto: authencesn - don't leak pointers to authenc keys
crypto: authenc - don't leak pointers to authenc keys
media: omap3isp: fix unbalanced dma_iommu_mapping
regulator: Don't return or expect -errno from of_map_mode()
scsi: scsi_dh: replace too broad "TP9" string with the exact models
scsi: megaraid_sas: Increase timeout by 1 sec for non-RAID fastpath IOs
scsi: cxlflash: Synchronize reset and remove ops
scsi: cxlflash: Avoid clobbering context control register value
media: atomisp: compat32: fix __user annotations
media: si470x: fix __be16 annotations
ASoC: topology: Fix bclk and fsync inversion in set_link_hw_format()
ASoC: topology: Add missing clock gating parameter when parsing hw_configs
drm: Add DP PSR2 sink enable bit
drm/atomic-helper: Drop plane->fb references only for drm_atomic_helper_shutdown()
drm/dp/mst: Fix off-by-one typo when dump payload table
block: bio_iov_iter_get_pages: fix size of last iovec
blkdev: __blkdev_direct_IO_simple: fix leak in error case
block: reset bi_iter.bi_done after splitting bio
random: mix rdrand with entropy sent in from userspace
squashfs: be more careful about metadata corruption
ext4: fix inline data updates with checksums enabled
ext4: check for allocation block validity with block group locked
ext4: fix check to prevent initializing reserved inodes
PCI: pciehp: Assume NoCompl+ for Thunderbolt ports
PCI: xgene: Remove leftover pci_scan_child_bus() call
ovl: Sync upper dirty data when syncing overlayfs
usb: gadget: udc: renesas_usb3: should remove debugfs
RDMA/uverbs: Protect from attempts to create flows on unsupported QP
net: dsa: qca8k: Force CPU port to its highest bandwidth
net: dsa: qca8k: Enable RXMAC when bringing up a port
net: dsa: qca8k: Add QCA8334 binding documentation
net: dsa: qca8k: Allow overwriting CPU port setting
ipv4: remove BUG_ON() from fib_compute_spec_dst
net: ena: Fix use of uninitialized DMA address bits field
net: fix amd-xgbe flow-control issue
net: lan78xx: fix rx handling before first packet is send
net: mdio-mux: bcm-iproc: fix wrong getter and setter pair
NET: stmmac: align DMA stuff to largest cache line length
tcp_bbr: fix bw probing to raise in-flight data for very small BDPs
xen-netfront: wait xenbus state change when load module manually
netlink: Do not subscribe to non-existent groups
netlink: Don't shift with UB on nlk->ngroups
tcp: do not force quickack when receiving out-of-order packets
tcp: add max_quickacks param to tcp_incr_quickack and tcp_enter_quickack_mode
tcp: do not aggressively quick ack after ECN events
tcp: refactor tcp_ecn_check_ce to remove sk type cast
tcp: add one more quick ack after after ECN events
Linux 4.14.60
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Mimi Zohar
|
cffbdb7702 |
ima: based on policy verify firmware signatures (pre-allocated buffer)
[ Upstream commit fd90bc559bfba743ae8de87ff23b92a5e4668062 ]
Don't differentiate, for now, between kernel_read_file_id READING_FIRMWARE
and READING_FIRMWARE_PREALLOC_BUFFER enumerations.
Fixes:
|
||
|
Greg Kroah-Hartman
|
eca84e5091 |
Merge 4.14.48 into android-4.14
Changes in 4.14.48 fix io_destroy()/aio_complete() race mm: fix the NULL mapping case in __isolate_lru_page() objtool: Support GCC 8's cold subfunctions objtool: Support GCC 8 switch tables objtool: Detect RIP-relative switch table references objtool: Detect RIP-relative switch table references, part 2 objtool: Fix "noreturn" detection for recursive sibling calls x86/mce/AMD: Carve out SMCA get_block_address() code x86/MCE/AMD: Cache SMCA MISC block addresses Revert "pinctrl: msm: Use dynamic GPIO numbering" PCI: hv: Fix 2 hang issues in hv_compose_msi_msg() xfs: convert XFS_AGFL_SIZE to a helper function xfs: detect agfl count corruption and reset agfl Input: synaptics - Lenovo Carbon X1 Gen5 (2017) devices should use RMI Input: synaptics - Lenovo Thinkpad X1 Carbon G5 (2017) with Elantech trackpoints should use RMI Input: synaptics - add Intertouch support on X1 Carbon 6th and X280 Input: synaptics - add Lenovo 80 series ids to SMBus Input: elan_i2c_smbus - fix corrupted stack tracing: Fix crash when freeing instances with event triggers tracing: Make the snapshot trigger work with instances selinux: KASAN: slab-out-of-bounds in xattr_getsecurity cfg80211: further limit wiphy names to 64 bytes kbuild: clang: remove crufty HOSTCFLAGS drm/i915: Always sanity check engine state upon idling dma-buf: remove redundant initialization of sg_table drm/amd/powerplay: Fix enum mismatch rtlwifi: rtl8192cu: Remove variable self-assignment in rf.c ASoC: Intel: sst: remove redundant variable dma_dev_name platform/chrome: cros_ec_lpc: remove redundant pointer request kbuild: clang: disable unused variable warnings only when constant tcp: avoid integer overflows in tcp_rcv_space_adjust() iio: ad7793: implement IIO_CHAN_INFO_SAMP_FREQ iio:buffer: make length types match kfifo types iio:kfifo_buf: check for uint overflow iio: adc: select buffer for at91-sama5d2_adc MIPS: lantiq: gphy: Drop reboot/remove reset asserts MIPS: ptrace: Fix PTRACE_PEEKUSR requests for 64-bit FGRs MIPS: prctl: Disallow FRE without FR with PR_SET_FP_MODE requests scsi: scsi_transport_srp: Fix shost to rport translation stm class: Use vmalloc for the master map hwtracing: stm: fix build error on some arches IB/core: Fix error code for invalid GID entry mm/huge_memory.c: __split_huge_page() use atomic ClearPageDirty() Revert "rt2800: use TXOP_BACKOFF for probe frames" intel_th: Use correct device when freeing buffers drm/psr: Fix missed entry in PSR setup time table. drm/i915/lvds: Move acpi lid notification registration to registration phase drm/i915: Disable LVDS on Radiant P845 powerpc/mm/slice: Remove intermediate bitmap copy powerpc/mm/slice: create header files dedicated to slices powerpc/mm/slice: Enhance for supporting PPC32 powerpc/mm/slice: Fix hugepage allocation at hint address on 8xx Linux 4.14.48 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Sachin Grover
|
9808c97d3c |
selinux: KASAN: slab-out-of-bounds in xattr_getsecurity
commit efe3de79e0b52ca281ef6691480c8c68c82a4657 upstream. Call trace: [<ffffff9203a8d7a8>] dump_backtrace+0x0/0x428 [<ffffff9203a8dbf8>] show_stack+0x28/0x38 [<ffffff920409bfb8>] dump_stack+0xd4/0x124 [<ffffff9203d187e8>] print_address_description+0x68/0x258 [<ffffff9203d18c00>] kasan_report.part.2+0x228/0x2f0 [<ffffff9203d1927c>] kasan_report+0x5c/0x70 [<ffffff9203d1776c>] check_memory_region+0x12c/0x1c0 [<ffffff9203d17cdc>] memcpy+0x34/0x68 [<ffffff9203d75348>] xattr_getsecurity+0xe0/0x160 [<ffffff9203d75490>] vfs_getxattr+0xc8/0x120 [<ffffff9203d75d68>] getxattr+0x100/0x2c8 [<ffffff9203d76fb4>] SyS_fgetxattr+0x64/0xa0 [<ffffff9203a83f70>] el0_svc_naked+0x24/0x28 If user get root access and calls security.selinux setxattr() with an embedded NUL on a file and then if some process performs a getxattr() on that file with a length greater than the actual length of the string, it would result in a panic. To fix this, add the actual length of the string to the security context instead of the length passed by the userspace process. Signed-off-by: Sachin Grover <sgrover@codeaurora.org> Cc: stable@vger.kernel.org Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
503f6fecb8 |
Merge 4.14.45 into android-4.14
Changes in 4.14.45
MIPS: c-r4k: Fix data corruption related to cache coherence
MIPS: ptrace: Expose FIR register through FP regset
MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs
KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable"
affs_lookup(): close a race with affs_remove_link()
fs: don't scan the inode cache before SB_BORN is set
aio: fix io_destroy(2) vs. lookup_ioctx() race
ALSA: timer: Fix pause event notification
do d_instantiate/unlock_new_inode combinations safely
mmc: sdhci-iproc: remove hard coded mmc cap 1.8v
mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register
mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus
libata: Blacklist some Sandisk SSDs for NCQ
libata: blacklist Micron 500IT SSD with MU01 firmware
xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent
drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros
arm64: lse: Add early clobbers to some input/output asm operands
powerpc/64s: Clear PCR on boot
IB/hfi1: Use after free race condition in send context error path
IB/umem: Use the correct mm during ib_umem_release
sr: pass down correctly sized SCSI sense buffer
idr: fix invalid ptr dereference on item delete
Revert "ipc/shm: Fix shmat mmap nil-page protection"
ipc/shm: fix shmat() nil address after round-down when remapping
mm/kasan: don't vfree() nonexistent vm_area
kasan: free allocated shadow memory on MEM_CANCEL_ONLINE
kasan: fix memory hotplug during boot
kernel/sys.c: fix potential Spectre v1 issue
KVM/VMX: Expose SSBD properly to guests
KVM: s390: vsie: fix < 8k check for the itdba
KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed
kvm: x86: IA32_ARCH_CAPABILITIES is always supported
x86/kvm: fix LAPIC timer drift when guest uses periodic mode
powerpc/64s: Improve RFI L1-D cache flush fallback
powerpc/pseries: Support firmware disable of RFI flush
powerpc/powernv: Support firmware disable of RFI flush
powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again
powerpc/rfi-flush: Always enable fallback flush on pseries
powerpc/rfi-flush: Differentiate enabled and patched flush types
powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration
powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
powerpc: Add security feature flags for Spectre/Meltdown
powerpc/pseries: Set or clear security feature flags
powerpc/powernv: Set or clear security feature flags
powerpc/64s: Move cpu_show_meltdown()
powerpc/64s: Enhance the information in cpu_show_meltdown()
powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
powerpc/64s: Wire up cpu_show_spectre_v1()
powerpc/64s: Wire up cpu_show_spectre_v2()
powerpc/pseries: Fix clearing of security feature flags
powerpc: Move default security feature flags
powerpc/pseries: Restore default security feature flags on setup
powerpc/64s: Fix section mismatch warnings from setup_rfi_flush()
powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
MIPS: generic: Fix machine compatible matching
mac80211: mesh: fix wrong mesh TTL offset calculation
ARC: Fix malformed ARC_EMUL_UNALIGNED default
ptr_ring: prevent integer overflow when calculating size
arm64: dts: rockchip: fix rock64 gmac2io stability issues
arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire
libata: Fix compile warning with ATA_DEBUG enabled
selftests: sync: missing CFLAGS while compiling
selftest/vDSO: fix O=
selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m
selftests: memfd: add config fragment for fuse
ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt
ARM: OMAP3: Fix prm wake interrupt for resume
ARM: OMAP2+: Fix sar_base inititalization for HS omaps
ARM: OMAP1: clock: Fix debugfs_create_*() usage
ibmvnic: Wait until reset is complete to set carrier on
ibmvnic: Free RX socket buffer in case of adapter error
ibmvnic: Clean RX pool buffers during device close
tls: retrun the correct IV in getsockopt
xhci: workaround for AMD Promontory disabled ports wakeup
IB/uverbs: Fix method merging in uverbs_ioctl_merge
IB/uverbs: Fix possible oops with duplicate ioctl attributes
IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy
arm64: dts: rockchip: Fix DWMMC clocks
ARM: dts: rockchip: Fix DWMMC clocks
iwlwifi: mvm: fix security bug in PN checking
iwlwifi: mvm: fix IBSS for devices that support station type API
iwlwifi: mvm: always init rs with 20mhz bandwidth rates
NFC: llcp: Limit size of SDP URI
rxrpc: Work around usercopy check
MD: Free bioset when md_run fails
md: fix md_write_start() deadlock w/o metadata devices
s390/dasd: fix handling of internal requests
xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos
mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4
mac80211: fix a possible leak of station stats
mac80211: fix calling sleeping function in atomic context
cfg80211: clear wep keys after disconnection
mac80211: Do not disconnect on invalid operating class
mac80211: Fix sending ADDBA response for an ongoing session
gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle
gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle
md raid10: fix NULL deference in handle_write_completed()
drm/exynos: g2d: use monotonic timestamps
drm/exynos: fix comparison to bitshift when dealing with a mask
drm/meson: fix vsync buffer update
arm64: perf: correct PMUVer probing
RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails
RDMA/bnxt_re: Fix system crash during load/unload
ibmvnic: Check for NULL skb's in NAPI poll routine
net/mlx5e: Return error if prio is specified when offloading eswitch vlan push
locking/xchg/alpha: Add unconditional memory barrier to cmpxchg()
md: raid5: avoid string overflow warning
virtio_net: fix XDP code path in receive_small()
kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE
bug.h: work around GCC PR82365 in BUG()
selftests/memfd: add run_fuse_test.sh to TEST_FILES
seccomp: add a selftest for get_metadata
soc: imx: gpc: de-register power domains only if initialized
powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access
s390/cio: fix ccw_device_start_timeout API
s390/cio: fix return code after missing interrupt
s390/cio: clear timer when terminating driver I/O
selftests/bpf/test_maps: exit child process without error in ENOMEM case
PKCS#7: fix direct verification of SignerInfo signature
arm64: dts: cavium: fix PCI bus dtc warnings
nfs: system crashes after NFS4ERR_MOVED recovery
ARM: OMAP: Fix dmtimer init for omap1
smsc75xx: fix smsc75xx_set_features()
regulatory: add NUL to request alpha2
integrity/security: fix digsig.c build error with header file
x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system
locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs
x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations
mac80211: drop frames with unexpected DS bits from fast-rx to slow path
arm64: fix unwind_frame() for filtered out fn for function graph tracing
macvlan: fix use-after-free in macvlan_common_newlink()
KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2
kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds
ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS
fs: dcache: Avoid livelock between d_alloc_parallel and __d_add
fs: dcache: Use READ_ONCE when accessing i_dir_seq
md: fix a potential deadlock of raid5/raid10 reshape
md/raid1: fix NULL pointer dereference
batman-adv: fix packet checksum in receive path
batman-adv: invalidate checksum on fragment reassembly
netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount
netfilter: ipt_CLUSTERIP: put config instead of freeing it
netfilter: ebtables: convert BUG_ONs to WARN_ONs
batman-adv: Ignore invalid batadv_iv_gw during netlink send
batman-adv: Ignore invalid batadv_v_gw during netlink send
batman-adv: Fix netlink dumping of BLA claims
batman-adv: Fix netlink dumping of BLA backbones
nvme-pci: Fix nvme queue cleanup if IRQ setup fails
clocksource/drivers/fsl_ftm_timer: Fix error return checking
libceph, ceph: avoid memory leak when specifying same option several times
ceph: fix dentry leak when failing to init debugfs
xen/pvcalls: fix null pointer dereference on map->sock
ARM: orion5x: Revert commit
|