udc
1558 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Michael Bestas
|
fb6696bad4 |
Merge remote-tracking branch 'common/android-4.9-q' into android12-4.9-sdm845
* common/android-4.9-q:
Linux 4.9.321
swiotlb: skip swiotlb_bounce when orig_addr is zero
kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add]
fdt: Update CRC check for rng-seed
xen: unexport __init-annotated xen_xlate_map_ballooned_pages()
drm: remove drm_fb_helper_modinit
powerpc/pseries: wire up rng during setup_arch()
modpost: fix section mismatch check for exported init/exit sections
ARM: cns3xxx: Fix refcount leak in cns3xxx_init
ARM: Fix refcount leak in axxia_boot_secondary
ARM: exynos: Fix refcount leak in exynos_map_pmu
ARM: dts: imx6qdl: correct PU regulator ramp delay
powerpc: Enable execve syscall exit tracepoint
xtensa: Fix refcount leak bug in time.c
xtensa: xtfpga: Fix refcount leak bug in setup
iio: trigger: sysfs: fix use-after-free on remove
iio: accel: mma8452: ignore the return value of reset operation
iio:accel:bma180: rearrange iio trigger get and register
usb: chipidea: udc: check request status before setting device address
iio: adc: vf610: fix conversion mode sysfs node name
igb: Make DMA faster when CPU is active on the PCIe link
MIPS: Remove repetitive increase irq_err_count
x86/xen: Remove undefined behavior in setup_features()
bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers
USB: serial: option: add Telit LE910Cx 0x1250 composition
random: quiet urandom warning ratelimit suppression message
dm era: commit metadata in postsuspend after worker stops
ata: libata: add qc->flags in ata_qc_complete_template tracepoint
random: schedule mix_interrupt_randomness() less often
vt: drop old FONT ioctls
BACKPORT: l2tp: fix race in pppol2tp_release with session object destroy
BACKPORT: l2tp: don't use inet_shutdown on ppp session destroy
Linux 4.9.320
tcp: drop the hash_32() part from the index calculation
tcp: increase source port perturb table to 2^16
tcp: dynamically allocate the perturb table used by source ports
tcp: add small random increments to the source port
tcp: use different parts of the port_offset for index and offset
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: add some entropy in __inet_hash_connect()
tcp: change source port randomizarion at connect() time
fuse: fix pipe buffer lifetime for direct_io
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
swiotlb: fix info leak with DMA_FROM_DEVICE
xprtrdma: fix incorrect header size calculations
s390/mm: use non-quiescing sske for KVM switch to keyed guest
l2tp: fix race in pppol2tp_release with session object destroy
l2tp: don't use inet_shutdown on ppp session destroy
ext4: add reserved GDT blocks check
ext4: make variable "count" signed
ext4: fix bug_on ext4_mb_use_inode_pa
serial: 8250: Store to lsr_save_flags after lsr read
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
USB: serial: io_ti: add Agilent E5805A support
USB: serial: option: add support for Cinterion MV31 with new baseline
comedi: vmk80xx: fix expression for tx buffer size
irqchip/gic-v3: Iterate over possible CPUs by for_each_possible_cpu()
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
misc: atmel-ssc: Fix IRQ check in ssc_probe
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
random: credit cpu and bootloader seeds by default
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
ASoC: wm8962: Fix suspend while playing music
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Fix TLV scales for mixer controls
random: account for arch randomness in bits
random: mark bootloader randomness code as __init
random: avoid checking crng_ready() twice in random_init()
crypto: drbg - make reseeding from get_random_bytes() synchronous
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - add FIPS 140-2 CTRNG for noise source
Revert "random: use static branch for crng_ready()"
random: check for signals after page of pool writes
random: wire up fops->splice_{read,write}_iter()
random: convert to using fops->write_iter()
random: move randomize_page() into mm where it belongs
random: move initialization functions out of hot pages
random: use proper return types on get_random_{int,long}_wait()
random: remove extern from functions in header
random: use static branch for crng_ready()
random: credit architectural init the exact amount
random: handle latent entropy and command line from random_init()
random: use proper jiffies comparison macro
random: remove ratelimiting for in-kernel unseeded randomness
random: avoid initializing twice in credit race
random: use symbolic constants for crng_init states
siphash: use one source of truth for siphash permutations
random: help compiler out with fast_mix() by using simpler arguments
random: do not use input pool from hard IRQs
random: order timer entropy functions below interrupt functions
random: do not pretend to handle premature next security model
random: do not use batches when !crng_ready()
random: insist on random_get_entropy() existing in order to simplify
uapi: rename ext2_swab() to swab() and share globally in swab.h
xtensa: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
arm: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
m68k: use fallback for random_get_entropy() instead of zero
timekeeping: Add raw clock fallback for random_get_entropy()
powerpc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
ia64: define get_cycles macro for arch-override
init: call time_init() before rand_initialize()
random: fix sysctl documentation nits
random: document crng_fast_key_erasure() destination possibility
random: make random_get_entropy() return an unsigned long
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: check for signal_pending() outside of need_resched() check
random: do not allow user to keep crng key around on stack
random: do not split fast init input in add_hwgenerator_randomness()
random: mix build-time latent entropy into pool at init
random: re-add removed comment about get_random_{u32,u64} reseeding
random: treat bootloader trust toggle the same way as cpu trust toggle
random: skip fast_init if hwrng provides large chunk of entropy
random: check for signal and try earlier when generating entropy
random: reseed more often immediately after booting
random: make consistent usage of crng_ready()
random: use SipHash as interrupt entropy accumulator
random: replace custom notifier chain with standard one
random: don't let 644 read-only sysctls be written to
random: give sysctl_random_min_urandom_seed a more sensible value
random: do crng pre-init loading in worker rather than irq
random: unify cycles_t and jiffies usage and types
random: cleanup UUID handling
random: only wake up writers after zap if threshold was passed
random: round-robin registers as ulong, not u32
random: clear fast pool, crng, and batches in cpuhp bring up
random: pull add_hwgenerator_randomness() declaration into random.h
hwrng: remember rng chosen by user
hwrng: use rng source with best quality
hwrng: core - remove unused PFX macro
hwrng: core - Move hwrng miscdev minor number to include/linux/miscdevice.h
hwrng: core - Rewrite the header
hwrng: core - rewrite better comparison to NULL
hwrng: core - do not use multiple blank lines
random: check for crng_init == 0 in add_device_randomness()
random: unify early init crng load accounting
random: do not take pool spinlock at boot
random: defer fast pool mixing to worker
workqueue: make workqueue available early during boot
random: rewrite header introductory comment
random: group sysctl functions
random: group userspace read/write functions
random: group entropy collection functions
random: group entropy extraction functions
random: group initialization wait functions
random: remove whitespace and reorder includes
random: remove useless header comment
random: introduce drain_entropy() helper to declutter crng_reseed()
random: deobfuscate irq u32/u64 contributions
random: add proper SPDX header
random: remove unused tracepoints
random: remove ifdef'd out interrupt bench
random: tie batched entropy generation to base_crng generation
random: zero buffer after reading entropy from userspace
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: use hash function for crng_slow_load()
random: absorb fast pool into input pool after fast load
random: do not xor RDRAND when writing into /dev/random
random: ensure early RDSEED goes through mixer on init
random: inline leaves of rand_initialize()
random: use RDSEED instead of RDRAND in entropy extraction
random: fix locking in crng_fast_load()
random: remove batched entropy locking
random: remove use_input_pool parameter from crng_reseed()
random: make credit_entropy_bits() always safe
random: always wake up entropy writers after extraction
random: use linear min-entropy accumulation crediting
random: simplify entropy debiting
random: use computational hash for entropy extraction
random: only call crng_finalize_init() for primary_crng
random: access primary_pool directly rather than through pointer
random: continually use hwgenerator randomness
random: simplify arithmetic function flow in account()
random: access input_pool_data directly rather than through pointer
random: cleanup fractional entropy shift constants
random: prepend remaining pool constants with POOL_
random: de-duplicate INPUT_POOL constants
random: remove unused OUTPUT_POOL constants
random: rather than entropy_store abstraction, use global
random: try to actively add entropy rather than passively wait for it
random: remove unused extract_entropy() reserved argument
random: remove incomplete last_data logic
random: cleanup integer types
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup poolinfo abstraction
random: fix typo in comments
random: don't reset crng_init_cnt on urandom_read()
random: avoid superfluous call to RDRAND in CRNG extraction
random: early initialization of ChaCha constants
random: initialize ChaCha20 constants with correct endianness
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: harmonize "crng init done" messages
random: mix bootloader randomness into pool
random: do not re-init if crng_reseed completes before primary init
random: do not sign extend bytes for rotation when mixing
random: use BLAKE2s instead of SHA1 in extraction
random: remove unused irq_flags argument from add_interrupt_randomness()
random: document add_hwgenerator_randomness() with other input functions
crypto: blake2s - adjust include guard naming
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
MAINTAINERS: co-maintain random.c
random: remove dead code left over from blocking pool
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: add arch_get_random_*long_early()
powerpc: Use bool in archrandom.h
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
linux/random.h: Use false with bool
linux/random.h: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
x86: Remove arch_has_random, arch_has_random_seed
random: avoid warnings for !CONFIG_NUMA builds
random: split primary/secondary crng init paths
random: remove some dead code of poolinfo
random: fix typo in add_timer_randomness()
random: Add and use pr_fmt()
random: convert to ENTROPY_BITS for better code readability
random: remove unnecessary unlikely()
random: remove kernel.random.read_wakeup_threshold
random: delete code to pull data into pools
random: remove the blocking pool
random: fix crash on multiple early calls to add_bootloader_randomness()
random: make /dev/random be almost like /dev/urandom
random: ignore GRND_RANDOM in getentropy(2)
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: Add a urandom_read_nowait() for random APIs that don't warn
random: Don't wake crng_init_wait when crng_init == 1
lib/crypto: sha1: re-roll loops to reduce code size
lib/crypto: blake2s: move hmac construction into wireguard
crypto: blake2s - generic C library implementation and selftest
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
Revert "hwrng: core - Freeze khwrng thread during suspend"
char/random: Add a newline at the end of the file
random: Use wait_event_freezable() in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Support freezable kthreads in add_hwgenerator_randomness()
random: fix soft lockup when trying to read from an uninitialized blocking pool
latent_entropy: avoid build error when plugin cflags are not set
random: document get_random_int() family
random: move rand_initialize() earlier
random: only read from /dev/random after its pool has received 128 bits
drivers/char/random.c: make primary_crng static
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: constify poolinfo_table
random: make CPU trust a boot parameter
random: Make crng state queryable
random: remove preempt disabled region
random: add a config option to trust the CPU's hwrng
random: Return nbytes filled from hw RNG
random: Fix whitespace pre random-bytes work
drivers/char/random.c: remove unused dont_count_entropy
random: optimize add_interrupt_randomness
random: always fill buffer in get_random_bytes_wait
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: fix data race on crng_node_pool
random: always use batched entropy for get_random_u{32,64}
Revert "char/random: silence a lockdep splat with printk()"
char/random: silence a lockdep splat with printk()
random: add a spinlock_t to struct batched_entropy
random: rate limit unseeded randomness warnings
random: fix possible sleeping allocation from irq context
random: set up the NUMA crng instances after the CRNG is fully initialized
random: use a different mixing algorithm for add_device_randomness()
random: fix warning message on ia64 and parisc
random: reorder READ_ONCE() in get_random_uXX
random: suppress spammy warnings about unseeded randomness
random: do not ignore early device randomness
random: warn when kernel uses unseeded randomness
random: add get_random_{bytes,u32,u64,int,long,once}_wait family
random: add wait_for_random_bytes() API
random: silence compiler warnings and fix race
random: invalidate batched entropy after crng init
random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block
random: convert get_random_int/long into get_random_u32/u64
random: fix comment for unused random_min_urandom_seed
random: remove variable limit
random: remove stale urandom_init_wait
random: remove stale maybe_reseed_primary_crng
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
Linux 4.9.319
x86/speculation/mmio: Print SMT warning
KVM: x86/speculation: Disable Fill buffer clear within guests
x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
x86/speculation/srbds: Update SRBDS mitigation selection
x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
x86/speculation: Add a common function for MD_CLEAR mitigation update
x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
Documentation: Add documentation for Processor MMIO Stale Data
x86/cpu: Add another Alder Lake CPU to the Intel family
x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
x86/cpu: Add Comet Lake to the Intel CPU models header
x86/CPU: Add more Icelake model numbers
x86/CPU: Add Icelake model number
x86/cpu: Add Cannonlake to Intel family
x86/cpu: Add Jasper Lake to Intel family
cpu/speculation: Add prototype for cpu_show_srbds()
x86/cpu: Add Elkhart Lake to Intel family
ANDROID: arch: fix backported syscall numbers
Linux 4.9.318
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
PCI: qcom: Fix unbalanced PHY init on probe errors
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
cifs: return errors during session setup during reconnects
ALSA: hda/conexant - Fix loopback issue with CX20632
vringh: Fix loop descriptors check in the indirect cases
nodemask: Fix return values to be unsigned
modpost: fix undefined behavior of is_arm_mapping_symbol()
drm/radeon: fix a possible null pointer dereference
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
md: protect md_unregister_thread from reentrancy
serial: msm_serial: disable interrupts in __msm_console_write()
staging: rtl8712: fix uninit-value in r871xu_drv_init()
clocksource/drivers/sp804: Avoid error on multiple instances
misc: rtsx: set NULL intfdata when probe fails
usb: dwc2: gadget: don't reset gadget's driver->bus
USB: hcd-pci: Fully suspend across freeze/thaw cycle
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
tty: Fix a possible resource leak in icom_probe
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
lkdtm/usercopy: Expand size of "out of frame" object
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
net: altera: Fix refcount leak in altera_tse_mdio_create
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
net: fix nla_strcmp to handle more then one trailing null character
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
m68knommu: fix undefined reference to `_init_sp'
m68knommu: set ZERO_PAGE() to the allocated zeroed page
i2c: cadence: Increase timeout per message if necessary
tracing: Avoid adding tracer option before update_tracer_options
tcp: tcp_rtx_synack() can be called from process context
jffs2: fix memory leak in jffs2_do_fill_super
modpost: fix removing numeric suffixes
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: sh-sci: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: digicolor-usart: Don't allow CS5-6
serial: meson: acquire port->lock in startup()
rtc: mt6397: check return value after calling platform_get_resource()
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
pwm: lp3943: Fix duty calculation in case period was clamped
USB: storage: karma: fix rio_karma_init return
usb: usbip: add missing device lock on tweak configuration cmd
usb: usbip: fix a refcount leak in stub_probe()
staging: greybus: codecs: fix type confusion of list iterator variable
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
netfilter: nf_tables: disallow non-stateful expression in sets earlier
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
RDMA/rxe: Generate a completion for unsupported/invalid opcode
dt-bindings: gpio: altera: correct interrupt-cells
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
gma500: fix an incorrect NULL check on list iterator
carl9170: tx: fix an incorrect use of list iterator
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
rtl818x: Prevent using not initialized queues
hugetlb: fix huge_pmd_unshare address update
nodemask.h: fix compilation error with GCC12
iommu/msm: Fix an incorrect NULL check on list iterator
um: Fix out-of-bounds read in LDT setup
um: chan_user: Fix winch_tramp() return value
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
irqchip: irq-xtensa-mx: fix initial IRQ affinity
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
RDMA/hfi1: Fix potential integer multiplication overflow errors
md: fix an incorrect NULL check in md_reload_sb
md: fix an incorrect NULL check in does_sb_need_changing
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
scsi: dc395x: Fix a missing check on list iterator
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
dlm: fix missing lkb refcount handling
dlm: fix plock invalid read
ext4: verify dir block before splitting it
ext4: fix bug_on in ext4_writepages
ext4: fix use-after-free in ext4_rename_dir_prepare
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
iwlwifi: mvm: fix assert 1F04 upon reconfig
wifi: mac80211: fix use-after-free in chanctx code
iommu/amd: Increase timeout waiting for GA log enablement
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
Input: sparcspkr - fix refcount leak in bbc_beep_probe
tty: fix deadlock caused by calling printk() under tty_port->lock
powerpc/4xx/cpm: Fix return value of __setup() handler
powerpc/idle: Fix return value of __setup() handler
powerpc/8xx: export 'cpm_setbrg' for modules
drivers/base/node.c: fix compaction sysfs file leak
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
rxrpc: Don't try to resend the request if we're receiving the reply
rxrpc: Fix listen() setting the bar too high for the prealloc rings
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
m68k: math-emu: Fix dependencies of math emulation support
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: exynos4-is: Change clk_disable to clk_disable_unprepare
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
media: uvcvideo: Fix missing check to determine if element is found in list
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/msm/dsi: fix error checks and return values for DSI xmit functions
x86/pm: Fix false positive kmemleak report in msr_build_context()
inotify: show inotify mask flags in proc fdinfo
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
spi: img-spfi: Fix pm_runtime_get_sync() error checking
HID: hid-led: fix maximum brightness for Dream Cheeky
NFC: NULL out the dev->rfkill to prevent UAF
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
drm/mediatek: Fix mtk_cec_mask()
x86/delay: Fix the wrong asm constraint in delay_loop()
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
drm: fix EDID struct for old ARM OABI format
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
powerpc/xics: fix refcount leak in icp_opal_init()
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
ARM: hisi: Add missing of_node_put after of_find_compatible_node
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: versatile: Add missing of_node_put in dcscb_init
fat: add ratelimit to fat*_ent_bread()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fs: jfs: fix possible NULL pointer dereference in dbFree()
eth: tg3: silence the GCC 12 array-bounds warning
rxrpc: Return an error to sendmsg if call failed
media: exynos4-is: Fix compile warning
ASoC: rt5645: Fix errorenous cleanup order
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
openrisc: start CPU timer early in boot
ipmi:ssif: Check for NULL msg when handling events and messages
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ASoC: dapm: Don't fold register value changes into notifications
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
drm/amd/pm: fix the compile warning
scsi: megaraid: Fix error check return value of register_chrdev()
media: cx25821: Fix the warning when removing the module
ath9k: fix QCA9561 PA bias level
drm/amd/pm: fix double free in si_parse_power_table()
ALSA: jack: Access input_dev under mutex
ACPICA: Avoid cache flush inside virtual machines
ipw2x00: Fix potential NULL dereference in libipw_xmit()
b43: Fix assigning negative value to unsigned variable
b43legacy: Fix assigning negative value to unsigned variable
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
btrfs: add "0x" prefix for unsupported optional features
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
USB: new quirk for Dell Gen 2 devices
BACKPORT: psi: Fix uaf issue when psi trigger is destroyed while being polled
Conflicts:
arch/arm/include/asm/unistd.h
arch/arm/kernel/calls.S
drivers/char/Kconfig
drivers/char/random.c
fs/fat/fatent.c
include/linux/random.h
init/main.c
kernel/cpu.c
lib/Makefile
Change-Id: I43d99223205dec1f47e87016818be23514a62cba
|
||
|
Eric Biggers
|
ea690b6ba4 |
Merge 4.9.320 into android-4.9-q
Changes in 4.9.320
9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
random: remove stale maybe_reseed_primary_crng
random: remove stale urandom_init_wait
random: remove variable limit
random: fix comment for unused random_min_urandom_seed
random: convert get_random_int/long into get_random_u32/u64
random: move random_min_urandom_seed into CONFIG_SYSCTL ifdef block
random: invalidate batched entropy after crng init
random: silence compiler warnings and fix race
random: add wait_for_random_bytes() API
random: add get_random_{bytes,u32,u64,int,long,once}_wait family
random: warn when kernel uses unseeded randomness
random: do not ignore early device randomness
random: suppress spammy warnings about unseeded randomness
random: reorder READ_ONCE() in get_random_uXX
random: fix warning message on ia64 and parisc
random: use a different mixing algorithm for add_device_randomness()
random: set up the NUMA crng instances after the CRNG is fully initialized
random: fix possible sleeping allocation from irq context
random: rate limit unseeded randomness warnings
random: add a spinlock_t to struct batched_entropy
char/random: silence a lockdep splat with printk()
Revert "char/random: silence a lockdep splat with printk()"
random: always use batched entropy for get_random_u{32,64}
random: fix data race on crng_node_pool
crypto: chacha20 - Fix keystream alignment for chacha20_block()
random: always fill buffer in get_random_bytes_wait
random: optimize add_interrupt_randomness
drivers/char/random.c: remove unused dont_count_entropy
random: Fix whitespace pre random-bytes work
random: Return nbytes filled from hw RNG
random: add a config option to trust the CPU's hwrng
random: remove preempt disabled region
random: Make crng state queryable
random: make CPU trust a boot parameter
drivers/char/random.c: constify poolinfo_table
drivers/char/random.c: remove unused stuct poolinfo::poolbits
drivers/char/random.c: make primary_crng static
random: only read from /dev/random after its pool has received 128 bits
random: move rand_initialize() earlier
random: document get_random_int() family
latent_entropy: avoid build error when plugin cflags are not set
random: fix soft lockup when trying to read from an uninitialized blocking pool
random: Support freezable kthreads in add_hwgenerator_randomness()
fdt: add support for rng-seed
random: Use wait_event_freezable() in add_hwgenerator_randomness()
char/random: Add a newline at the end of the file
Revert "hwrng: core - Freeze khwrng thread during suspend"
crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
crypto: blake2s - generic C library implementation and selftest
lib/crypto: blake2s: move hmac construction into wireguard
lib/crypto: sha1: re-roll loops to reduce code size
random: Don't wake crng_init_wait when crng_init == 1
random: Add a urandom_read_nowait() for random APIs that don't warn
random: add GRND_INSECURE to return best-effort non-cryptographic bytes
random: ignore GRND_RANDOM in getentropy(2)
random: make /dev/random be almost like /dev/urandom
random: fix crash on multiple early calls to add_bootloader_randomness()
random: remove the blocking pool
random: delete code to pull data into pools
random: remove kernel.random.read_wakeup_threshold
random: remove unnecessary unlikely()
random: convert to ENTROPY_BITS for better code readability
random: Add and use pr_fmt()
random: fix typo in add_timer_randomness()
random: remove some dead code of poolinfo
random: split primary/secondary crng init paths
random: avoid warnings for !CONFIG_NUMA builds
x86: Remove arch_has_random, arch_has_random_seed
powerpc: Remove arch_has_random, arch_has_random_seed
linux/random.h: Remove arch_has_random, arch_has_random_seed
linux/random.h: Use false with bool
linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
powerpc: Use bool in archrandom.h
random: add arch_get_random_*long_early()
random: avoid arch_get_random_seed_long() when collecting IRQ randomness
random: remove dead code left over from blocking pool
MAINTAINERS: co-maintain random.c
crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
crypto: blake2s - adjust include guard naming
random: document add_hwgenerator_randomness() with other input functions
random: remove unused irq_flags argument from add_interrupt_randomness()
random: use BLAKE2s instead of SHA1 in extraction
random: do not sign extend bytes for rotation when mixing
random: do not re-init if crng_reseed completes before primary init
random: mix bootloader randomness into pool
random: harmonize "crng init done" messages
random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
random: initialize ChaCha20 constants with correct endianness
random: early initialization of ChaCha constants
random: avoid superfluous call to RDRAND in CRNG extraction
random: don't reset crng_init_cnt on urandom_read()
random: fix typo in comments
random: cleanup poolinfo abstraction
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
random: cleanup integer types
random: remove incomplete last_data logic
random: remove unused extract_entropy() reserved argument
random: try to actively add entropy rather than passively wait for it
random: rather than entropy_store abstraction, use global
random: remove unused OUTPUT_POOL constants
random: de-duplicate INPUT_POOL constants
random: prepend remaining pool constants with POOL_
random: cleanup fractional entropy shift constants
random: access input_pool_data directly rather than through pointer
random: simplify arithmetic function flow in account()
random: continually use hwgenerator randomness
random: access primary_pool directly rather than through pointer
random: only call crng_finalize_init() for primary_crng
random: use computational hash for entropy extraction
random: simplify entropy debiting
random: use linear min-entropy accumulation crediting
random: always wake up entropy writers after extraction
random: make credit_entropy_bits() always safe
random: remove use_input_pool parameter from crng_reseed()
random: remove batched entropy locking
random: fix locking in crng_fast_load()
random: use RDSEED instead of RDRAND in entropy extraction
random: inline leaves of rand_initialize()
random: ensure early RDSEED goes through mixer on init
random: do not xor RDRAND when writing into /dev/random
random: absorb fast pool into input pool after fast load
random: use hash function for crng_slow_load()
random: remove outdated INT_MAX >> 6 check in urandom_read()
random: zero buffer after reading entropy from userspace
random: tie batched entropy generation to base_crng generation
random: remove ifdef'd out interrupt bench
random: remove unused tracepoints
random: add proper SPDX header
random: deobfuscate irq u32/u64 contributions
random: introduce drain_entropy() helper to declutter crng_reseed()
random: remove useless header comment
random: remove whitespace and reorder includes
random: group initialization wait functions
random: group entropy extraction functions
random: group entropy collection functions
random: group userspace read/write functions
random: group sysctl functions
random: rewrite header introductory comment
workqueue: make workqueue available early during boot
random: defer fast pool mixing to worker
random: do not take pool spinlock at boot
random: unify early init crng load accounting
random: check for crng_init == 0 in add_device_randomness()
hwrng: core - do not use multiple blank lines
hwrng: core - rewrite better comparison to NULL
hwrng: core - Rewrite the header
hwrng: core - Move hwrng miscdev minor number to include/linux/miscdevice.h
hwrng: core - remove unused PFX macro
hwrng: use rng source with best quality
hwrng: remember rng chosen by user
random: pull add_hwgenerator_randomness() declaration into random.h
random: clear fast pool, crng, and batches in cpuhp bring up
random: round-robin registers as ulong, not u32
random: only wake up writers after zap if threshold was passed
random: cleanup UUID handling
random: unify cycles_t and jiffies usage and types
random: do crng pre-init loading in worker rather than irq
random: give sysctl_random_min_urandom_seed a more sensible value
random: don't let 644 read-only sysctls be written to
random: replace custom notifier chain with standard one
random: use SipHash as interrupt entropy accumulator
random: make consistent usage of crng_ready()
random: reseed more often immediately after booting
random: check for signal and try earlier when generating entropy
random: skip fast_init if hwrng provides large chunk of entropy
random: treat bootloader trust toggle the same way as cpu trust toggle
random: re-add removed comment about get_random_{u32,u64} reseeding
random: mix build-time latent entropy into pool at init
random: do not split fast init input in add_hwgenerator_randomness()
random: do not allow user to keep crng key around on stack
random: check for signal_pending() outside of need_resched() check
random: check for signals every PAGE_SIZE chunk of /dev/[u]random
random: make random_get_entropy() return an unsigned long
random: document crng_fast_key_erasure() destination possibility
random: fix sysctl documentation nits
init: call time_init() before rand_initialize()
ia64: define get_cycles macro for arch-override
s390: define get_cycles macro for arch-override
parisc: define get_cycles macro for arch-override
alpha: define get_cycles macro for arch-override
powerpc: define get_cycles macro for arch-override
timekeeping: Add raw clock fallback for random_get_entropy()
m68k: use fallback for random_get_entropy() instead of zero
mips: use fallback for random_get_entropy() instead of just c0 random
arm: use fallback for random_get_entropy() instead of zero
nios2: use fallback for random_get_entropy() instead of zero
x86/tsc: Use fallback for random_get_entropy() instead of zero
um: use fallback for random_get_entropy() instead of zero
sparc: use fallback for random_get_entropy() instead of zero
xtensa: use fallback for random_get_entropy() instead of zero
uapi: rename ext2_swab() to swab() and share globally in swab.h
random: insist on random_get_entropy() existing in order to simplify
random: do not use batches when !crng_ready()
random: do not pretend to handle premature next security model
random: order timer entropy functions below interrupt functions
random: do not use input pool from hard IRQs
random: help compiler out with fast_mix() by using simpler arguments
siphash: use one source of truth for siphash permutations
random: use symbolic constants for crng_init states
random: avoid initializing twice in credit race
random: remove ratelimiting for in-kernel unseeded randomness
random: use proper jiffies comparison macro
random: handle latent entropy and command line from random_init()
random: credit architectural init the exact amount
random: use static branch for crng_ready()
random: remove extern from functions in header
random: use proper return types on get_random_{int,long}_wait()
random: move initialization functions out of hot pages
random: move randomize_page() into mm where it belongs
random: convert to using fops->write_iter()
random: wire up fops->splice_{read,write}_iter()
random: check for signals after page of pool writes
Revert "random: use static branch for crng_ready()"
crypto: drbg - add FIPS 140-2 CTRNG for noise source
crypto: drbg - always seeded with SP800-90B compliant noise source
crypto: drbg - prepare for more fine-grained tracking of seeding state
crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
crypto: drbg - always try to free Jitter RNG instance
crypto: drbg - make reseeding from get_random_bytes() synchronous
random: avoid checking crng_ready() twice in random_init()
random: mark bootloader randomness code as __init
random: account for arch randomness in bits
ASoC: cs42l52: Fix TLV scales for mixer controls
ASoC: cs53l30: Correct number of volume levels on SX controls
ASoC: cs42l52: Correct TLV for Bypass Volume
ASoC: cs42l56: Correct typo in minimum level for SX volume controls
ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
ASoC: wm8962: Fix suspend while playing music
scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
random: credit cpu and bootloader seeds by default
pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
misc: atmel-ssc: Fix IRQ check in ssc_probe
irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
irqchip/gic-v3: Iterate over possible CPUs by for_each_possible_cpu()
comedi: vmk80xx: fix expression for tx buffer size
USB: serial: option: add support for Cinterion MV31 with new baseline
USB: serial: io_ti: add Agilent E5805A support
usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
serial: 8250: Store to lsr_save_flags after lsr read
ext4: fix bug_on ext4_mb_use_inode_pa
ext4: make variable "count" signed
ext4: add reserved GDT blocks check
l2tp: don't use inet_shutdown on ppp session destroy
l2tp: fix race in pppol2tp_release with session object destroy
s390/mm: use non-quiescing sske for KVM switch to keyed guest
xprtrdma: fix incorrect header size calculations
swiotlb: fix info leak with DMA_FROM_DEVICE
Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""
fuse: fix pipe buffer lifetime for direct_io
tcp: change source port randomizarion at connect() time
tcp: add some entropy in __inet_hash_connect()
secure_seq: use the 64 bits of the siphash for port offset calculation
tcp: use different parts of the port_offset for index and offset
tcp: add small random increments to the source port
tcp: dynamically allocate the perturb table used by source ports
tcp: increase source port perturb table to 2^16
tcp: drop the hash_32() part from the index calculation
Linux 4.9.320
Conflicts:
crypto/chacha20_generic.c
drivers/char/random.c
drivers/of/fdt.c
include/crypto/chacha20.h
lib/chacha20.c
Merge resolution notes:
- Added CHACHA20_KEY_SIZE and CHACHA20_BLOCK_SIZE constants to
chacha.h, to minimize changes from the 4.9.320 version of random.c
- Updated lib/vsprintf.c for
"random: replace custom notifier chain with standard one".
Change-Id: Ia7a12d8883b808f88bbe807d6150552bb084f6b3
Signed-off-by: Eric Biggers <ebiggers@google.com>
|
||
|
Jason A. Donenfeld
|
bb61b00db2 |
timekeeping: Add raw clock fallback for random_get_entropy()
commit 1366992e16bddd5e2d9a561687f367f9f802e2e4 upstream. The addition of random_get_entropy_fallback() provides access to whichever time source has the highest frequency, which is useful for gathering entropy on platforms without available cycle counters. It's not necessarily as good as being able to quickly access a cycle counter that the CPU has, but it's still something, even when it falls back to being jiffies-based. In the event that a given arch does not define get_cycles(), falling back to the get_cycles() default implementation that returns 0 is really not the best we can do. Instead, at least calling random_get_entropy_fallback() would be preferable, because that always needs to return _something_, even falling back to jiffies eventually. It's not as though random_get_entropy_fallback() is super high precision or guaranteed to be entropic, but basically anything that's not zero all the time is better than returning zero all the time. Finally, since random_get_entropy_fallback() is used during extremely early boot when randomizing freelists in mm_init(), it can be called before timekeeping has been initialized. In that case there really is nothing we can do; jiffies hasn't even started ticking yet. So just give up and return 0. Suggested-by: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Michael Bestas
|
e09f411323 |
Merge remote-tracking branch 'common/android-4.9-q' into lineage-18.1-caf-sdm845
* common/android-4.9-q:
Linux 4.9.294
xen/netback: don't queue unlimited number of packages
xen/netback: fix rx queue stall detection
xen/console: harden hvc_xen against event channel storms
xen/netfront: harden netfront against event channel storms
xen/blkfront: harden blkfront against event channel storms
Input: touchscreen - avoid bitwise vs logical OR warning
mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO
ARM: 8805/2: remove unneeded naked function usage
net: lan78xx: Avoid unnecessary self assignment
scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
fuse: annotate lock in fuse_reverse_inval_entry()
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
net: systemport: Add global locking for descriptor lifecycle
timekeeping: Really make sure wall_to_monotonic isn't positive
USB: serial: option: add Telit FN990 compositions
PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error
USB: gadget: bRequestType is a bitfield, not a enum
ixgbe: set X550 MDIO speed before talking to PHY
igbvf: fix double free in `igbvf_probe`
soc/tegra: fuse: Fix bitwise vs. logical OR warning
nfsd: fix use-after-free due to delegation race
dm btree remove: fix use after free in rebalance_children()
recordmcount.pl: look for jgnop instruction as well as bcrl on s390
mac80211: send ADDBA requests using the tid/queue of the aggregation session
hwmon: (dell-smm) Fix warning on /proc/i8k creation error
tracing: Fix a kmemleak false positive in tracing_map
net: netlink: af_netlink: Prevent empty skb by adding a check on len.
i2c: rk3x: Handle a spurious start completion interrupt flag
parisc/agp: Annotate parisc agp init functions with __init
net/mlx4_en: Update reported link modes for 1/10G
nfc: fix segfault in nfc_genl_dump_devices_done
FROMGIT: USB: gadget: bRequestType is a bitfield, not a enum
Linux 4.9.293
irqchip: nvic: Fix offset for Interrupt Priority Offsets
irqchip/irq-gic-v3-its.c: Force synchronisation when issuing INVALL
irqchip/armada-370-xp: Fix support for Multi-MSI interrupts
irqchip/armada-370-xp: Fix return value of armada_370_xp_msi_alloc()
iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove
iio: itg3200: Call iio_trigger_notify_done() on error
iio: kxsd9: Don't return error code in trigger handler
iio: ltr501: Don't return error code in trigger handler
iio: mma8452: Fix trigger reference couting
iio: stk3310: Don't return error code in interrupt handler
usb: core: config: using bit mask instead of individual bits
usb: core: config: fix validation of wMaxPacketValue entries
USB: gadget: zero allocate endpoint 0 buffers
USB: gadget: detect too-big endpoint 0 requests
net/qla3xxx: fix an error code in ql_adapter_up()
net, neigh: clear whole pneigh_entry at alloc time
net: fec: only clear interrupt of handling queue in fec_enet_rx_queue()
net: altera: set a couple error code in probe()
net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero
block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
tracefs: Set all files to the same group ownership as the mount option
signalfd: use wake_up_pollfree()
binder: use wake_up_pollfree()
wait: add wake_up_pollfree()
libata: add horkage for ASMedia 1092
can: pch_can: pch_can_rx_normal: fix use after free
tracefs: Have new files inherit the ownership of their parent
ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*()
ALSA: pcm: oss: Limit the period size to 16MB
ALSA: pcm: oss: Fix negative period/buffer sizes
ALSA: ctl: Fix copy of updated id with element read/write
mm: bdi: initialize bdi_min_ratio when bdi is unregistered
IB/hfi1: Correct guard on eager buffer deallocation
nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done
can: sja1000: fix use after free in ems_pcmcia_add_card()
HID: check for valid USB device for many HID drivers
HID: wacom: fix problems when device is not a valid USB device
HID: add USB_HID dependancy on some USB HID drivers
HID: add USB_HID dependancy to hid-chicony
HID: add USB_HID dependancy to hid-prodikeys
HID: add hid_is_usb() function to make it simpler for USB detection
HID: introduce hid_is_using_ll_driver
UPSTREAM: USB: gadget: zero allocate endpoint 0 buffers
UPSTREAM: USB: gadget: detect too-big endpoint 0 requests
Linux 4.9.292
serial: core: fix transmit-buffer reset and memleak
serial: pl011: Add ACPI SBSA UART match id
tty: serial: msm_serial: Deactivate RX DMA for polling support
vgacon: Propagate console boot parameters before calling `vc_resize'
parisc: Fix "make install" on newer debian releases
net/rds: correct socket tunable error in rds_tcp_tune()
siphash: use _unaligned version by default
net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings()
natsemi: xtensa: fix section mismatch warnings
fget: check that the fd still exists after getting a ref to it
fs: add fget_many() and fput_many()
sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
kprobes: Limit max data_size of the kretprobe instances
vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf dev xmit
net: ethernet: dec: tulip: de4x5: fix possible array overflows in type3_infoblock()
net: tulip: de4x5: fix the problem that the array 'lp->phy[8]' may be out of bound
ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
scsi: iscsi: Unblock session then wake up error handler
thermal: core: Reset previous low and high trip during thermal zone init
s390/setup: avoid using memblock_enforce_memory_limit
platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep
net: return correct error code
hugetlb: take PMD sharing into account when flushing tlb/caches
NFSv42: Fix pagecache invalidation after COPY/CLONE
shm: extend forced shm destroy to support objects from several IPC nses
tty: hvc: replace BUG_ON() with negative return value
xen/netfront: don't trust the backend response data blindly
xen/netfront: disentangle tx_skb_freelist
xen/netfront: don't read data from request on the ring page
xen/netfront: read response from backend only once
xen/blkfront: don't trust the backend response data blindly
xen/blkfront: don't take local copy of a request from the ring page
xen/blkfront: read response from backend only once
xen: sync include/xen/interface/io/ring.h with Xen's newest version
fuse: release pipe buf after last use
NFC: add NCI_UNREG flag to eliminate the race
proc/vmcore: fix clearing user buffer by properly using clear_user()
vhost/vsock: fix incorrect used length reported to the guest
hugetlbfs: flush TLBs correctly after huge_pmd_unshare
tracing: Check pid filtering when creating events
tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows
PM: hibernate: use correct mode for swsusp_close()
drm/vc4: fix error code in vc4_create_object()
scsi: mpt3sas: Fix kernel panic during drive powercycle test
ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
NFSv42: Don't fail clone() unless the OP_CLONE operation failed
net: ieee802154: handle iftypes as u32
ASoC: topology: Add missing rwsem around snd_ctl_remove() calls
ARM: dts: BCM5301X: Add interrupt properties to GPIO node
tracing: Fix pid filtering when triggers are attached
xen: detect uninitialized xenbus in xenbus_init
xen: don't continue xenstore initialization in case of errors
fuse: fix page stealing
staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect()
ALSA: ctxfi: Fix out-of-range access
binder: fix test regression due to sender_euid change
usb: hub: Fix locking issues with address0_mutex
usb: hub: Fix usb enumeration issue due to address0 race
USB: serial: option: add Fibocom FM101-GL variants
USB: serial: option: add Telit LE910S1 0x9200 composition
staging: ion: Prevent incorrect reference counting behavour
Linux 4.9.291
soc/tegra: pmc: Fix imbalanced clock disabling in error code path
usb: max-3421: Use driver data instead of maintaining a list of bound devices
ASoC: DAPM: Cover regression by kctl change notification fix
batman-adv: Don't always reallocate the fragmentation skb head
batman-adv: Reserve needed_*room for fragments
batman-adv: Consider fragmentation for needed_headroom
batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
batman-adv: Fix own OGM check in aggregated OGMs
batman-adv: Keep fragments equally sized
drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors
drm/udl: fix control-message timeout
cfg80211: call cfg80211_stop_ap when switch from P2P_GO type
parisc/sticon: fix reverse colors
btrfs: fix memory ordering between normal and ordered work functions
mm: kmemleak: slob: respect SLAB_NOLEAKTRACE flag
hexagon: export raw I/O routines for modules
tun: fix bonding active backup with arp monitoring
perf/x86/intel/uncore: Fix IIO event constraints for Skylake Server
perf/x86/intel/uncore: Fix filter_tid mask for CHA events on Skylake Server
NFC: reorder the logic in nfc_{un,}register_device
NFC: reorganize the functions in nci_request
platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()'
mips: bcm63xx: add support for clk_get_parent()
iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset
net: bnx2x: fix variable dereferenced before check
sched/core: Mitigate race cpus_share_cache()/update_top_cache_domain()
mips: BCM63XX: ensure that CPU_SUPPORTS_32BIT_KERNEL is set
sh: define __BIG_ENDIAN for math-emu
sh: fix kconfig unmet dependency warning for FRAME_POINTER
maple: fix wrong return value of maple_bus_init().
sh: check return code of request_irq
powerpc/dcr: Use cmplwi instead of 3-argument cmpli
ALSA: gus: fix null pointer dereference on pointer block
powerpc/5200: dts: fix memory node unit name
scsi: target: Fix alua_tg_pt_gps_count tracking
scsi: target: Fix ordered tag handling
MIPS: sni: Fix the build
tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc
usb: host: ohci-tmio: check return value after calling platform_get_resource()
ARM: dts: omap: fix gpmc,mux-add-data type
scsi: advansys: Fix kernel pointer leak
usb: musb: tusb6010: check return value after calling platform_get_resource()
scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
PCI/MSI: Destroy sysfs before freeing entries
parisc/entry: fix trace test in syscall exit path
net: mdio-mux: fix unbalanced put_device
PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros
mm, oom: do not trigger out_of_memory from the #PF
mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks
powerpc/bpf: Fix BPF_SUB when imm == 0x80000000
powerpc/bpf: Validate branch ranges
ARM: 9156/1: drop cc-option fallbacks for architecture selection
USB: chipidea: fix interrupt deadlock
vsock: prevent unnecessary refcnt inc for nonblocking connect
nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails
llc: fix out-of-bound array index in llc_sk_dev_hash()
mm/zsmalloc.c: close race window between zs_pool_dec_isolated() and zs_unregister_migration()
bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed
ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses
net: davinci_emac: Fix interrupt pacing disable
xen-pciback: Fix return in pm_ctrl_init()
i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()'
scsi: qla2xxx: Turn off target reset during issue_lip
watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT
m68k: set a default value for MEMORY_RESERVE
dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result`
netfilter: nfnetlink_queue: fix OOB when mac header was cleared
auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string
dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro
mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare()
fs: orangefs: fix error return code of orangefs_revalidate_lookup()
PCI: aardvark: Don't spam about PIO Response Status
drm/plane-helper: fix uninitialized variable reference
pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds
power: supply: bq27xxx: Fix kernel crash on IRQ handler register error
serial: xilinx_uartps: Fix race condition causing stuck TX
RDMA/mlx4: Return missed an error if device doesn't support steering
scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
power: supply: rt5033_battery: Change voltage values to µV
usb: gadget: hid: fix error code in do_config()
serial: 8250_dw: Drop wrong use of ACPI_PTR()
video: fbdev: chipsfb: use memset_io() instead of memset()
memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe
soc/tegra: Fix an error handling path in tegra_powergate_power_up()
arm: dts: omap3-gta04a4: accelerometer irq fix
JFS: fix memleak in jfs_mount
MIPS: loongson64: make CPU_LOONGSON64 depends on MIPS_FP_SUPPORT
scsi: dc395: Fix error case unwinding
ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc()
RDMA/rxe: Fix wrong port_cap_flags
crypto: pcrypt - Delay write to padata->info
libertas: Fix possible memory leak in probe and disconnect
libertas_tf: Fix possible memory leak in probe and disconnect
samples/kretprobes: Fix return value if register_kretprobe() failed
irq: mips: avoid nested irq_enter()
s390/gmap: don't unconditionally call pte_unmap_unlock() in __gmap_zap()
smackfs: use netlbl_cfg_cipsov4_del() for deleting cipso_v4_doi
phy: micrel: ksz8041nl: do not use power down mode
mwifiex: Send DELBA requests according to spec
platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
mmc: mxs-mmc: disable regulator on error and in the remove function
net: stream: don't purge sk_error_queue in sk_stream_kill_queues()
drm/msm: uninitialized variable in msm_gem_import()
ath10k: fix max antenna gain unit
hwmon: Fix possible memleak in __hwmon_device_register()
memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host()
memstick: avoid out-of-range warning
b43: fix a lower bounds test
b43legacy: fix a lower bounds test
crypto: qat - disregard spurious PFVF interrupts
crypto: qat - detect PFVF collision after ACK
ath9k: Fix potential interrupt storm on queue reset
cpuidle: Fix kobject memory leaks in error paths
media: si470x: Avoid card name truncation
media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()'
media: dvb-usb: fix ununit-value in az6027_rc_query
cgroup: Make rebind_subsystems() disable v2 controllers all at once
parisc/kgdb: add kgdb_roundup() to make kgdb work with idle polling
parisc: fix warning in flush_tlb_all
spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe()
ARM: 9136/1: ARMv7-M uses BE-8, not BE-32
ARM: clang: Do not rely on lr register for stacktrace
smackfs: use __GFP_NOFAIL for smk_cipso_doi()
iwlwifi: mvm: disable RX-diversity in powersave
PM: hibernate: Get block device exclusively in swsusp_check()
mwl8k: Fix use-after-free in mwl8k_fw_state_machine()
tracing/cfi: Fix cmp_entries_* functions signature mismatch
lib/xz: Validate the value before assigning it to an enum variable
lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression
memstick: r592: Fix a UAF bug when removing the driver
ACPI: battery: Accept charges over the design capacity as full
ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create()
tracefs: Have tracefs directories not set OTH permission bits by default
media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte()
ACPICA: Avoid evaluating methods too early during system resume
ia64: don't do IA64_CMPXCHG_DEBUG without CONFIG_PRINTK
media: mceusb: return without resubmitting URB in case of -EPROTO error.
media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe()
media: uvcvideo: Set capability in s_param
media: netup_unidvb: handle interrupt properly according to the firmware
media: mt9p031: Fix corrupted frame after restarting stream
x86: Increase exception stack sizes
smackfs: Fix use-after-free in netlbl_catmap_walk()
locking/lockdep: Avoid RCU-induced noinstr fail
MIPS: lantiq: dma: reset correct number of channel
MIPS: lantiq: dma: add small delay after reset
platform/x86: wmi: do not fail if disabling fails
Bluetooth: fix use-after-free error in lock_sock_nested()
Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
USB: iowarrior: fix control-message timeouts
USB: serial: keyspan: fix memleak on probe errors
iio: dac: ad5446: Fix ad5622_write() return value
quota: correct error number in free_dqentry()
quota: check block number when reading the block in quota file
PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
ALSA: mixer: fix deadlock in snd_mixer_oss_set_volume
ALSA: mixer: oss: Fix racy access to slots
serial: core: Fix initializing and restoring termios speed
powerpc/85xx: Fix oops when mpc85xx_smp_guts_ids node cannot be found
power: supply: max17042_battery: use VFSOC for capacity when no rsns
power: supply: max17042_battery: Prevent int underflow in set_soc_threshold
signal/mips: Update (_save|_restore)_fp_context to fail with -EFAULT
signal: Remove the bogus sigkill_pending in ptrace_stop
RDMA/qedr: Fix NULL deref for query_qp on the GSI QP
wcn36xx: handle connection loss indication
mwifiex: Read a PCI register after writing the TX ring write pointer
wcn36xx: Fix HT40 capability for 2Ghz band
evm: mark evm_fixmode as __ro_after_init
rtl8187: fix control-message timeouts
PCI: Mark Atheros QCA6174 to avoid bus reset
ath6kl: fix control-message timeout
ath6kl: fix division by zero in send path
mwifiex: fix division by zero in fw download path
EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property
regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled
hwmon: (pmbus/lm25066) Add offset coefficients
btrfs: fix lost error handling when replaying directory deletes
vmxnet3: do not stop tx queues after netif_device_detach()
watchdog: Fix OMAP watchdog early handling
spi: spl022: fix Microwire full duplex mode
xen/netfront: stop tx queues during live migration
bpf: Prevent increasing bpf_jit_limit above max
mmc: winbond: don't build on M68K
hyperv/vmbus: include linux/bitops.h
sfc: Don't use netif_info before net_device setup
x86/irq: Ensure PI wakeup handler is unregistered before module unload
ALSA: timer: Unconditionally unlink slave instances, too
ALSA: timer: Fix use-after-free problem
ALSA: synth: missing check for possible NULL after the call to kstrdup
ALSA: line6: fix control and interrupt message timeouts
ALSA: 6fire: fix control and bulk message timeouts
ALSA: ua101: fix division by zero at probe
media: ite-cir: IR receiver stop working after receive overflow
parisc: Fix ptrace check on syscall return
mmc: dw_mmc: Dont wait for DRTO on Write RSP error
ocfs2: fix data corruption on truncate
libata: fix read log timeout value
Input: i8042 - Add quirk for Fujitsu Lifebook T725
Input: elantench - fix misreporting trackpoint coordinates
xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay
binder: use cred instead of task for selinux checks
binder: use euid from cred instead of using task
ANDROID: arm64: process: Match upstream formatting when dumping memory areas
FROMGIT: binder: fix test regression due to sender_euid change
BACKPORT: binder: use cred instead of task for selinux checks
UPSTREAM: binder: use euid from cred instead of using task
Linux 4.9.290
rsi: fix control-message timeout
staging: rtl8192u: fix control-message timeouts
staging: r8712u: fix control-message timeout
comedi: vmk80xx: fix bulk and interrupt message timeouts
comedi: vmk80xx: fix bulk-buffer overflow
comedi: vmk80xx: fix transfer-buffer overflows
comedi: ni_usb6501: fix NULL-deref in command paths
comedi: dt9812: fix DMA buffers on stack
isofs: Fix out of bound access for corrupted isofs image
printk/console: Allow to disable console output by using console="" or console=null
usb-storage: Add compatibility quirk flags for iODD 2531/2541
usb: musb: Balance list entry in musb_gadget_queue
usb: gadget: Mark USB_FSL_QE broken on 64-bit
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
IB/qib: Use struct_size() helper
Revert "x86/kvm: fix vcpu-id indexed array sizes"
usb: hso: fix error handling code of hso_create_net_device
net: hso: register netdev later to avoid a race condition
ARM: 9120/1: Revert "amba: make use of -1 IRQs warn"
arch: pgtable: define MAX_POSSIBLE_PHYSMEM_BITS where needed
mm/zsmalloc: Prepare to variable MAX_PHYSMEM_BITS
scsi: core: Put LLD module refcnt after SCSI device is released
UPSTREAM: security: selinux: allow per-file labeling for bpffs
Conflicts:
drivers/net/usb/lan78xx.c
drivers/usb/core/hub.c
drivers/usb/gadget/composite.c
Change-Id: Ifd5d502576f0a988fa885b4b1abe7d825cc40094
|
||
|
Greg Kroah-Hartman
|
1c817d473c |
Merge 4.9.294 into android-4.9-q
Changes in 4.9.294 nfc: fix segfault in nfc_genl_dump_devices_done net/mlx4_en: Update reported link modes for 1/10G parisc/agp: Annotate parisc agp init functions with __init i2c: rk3x: Handle a spurious start completion interrupt flag net: netlink: af_netlink: Prevent empty skb by adding a check on len. tracing: Fix a kmemleak false positive in tracing_map hwmon: (dell-smm) Fix warning on /proc/i8k creation error mac80211: send ADDBA requests using the tid/queue of the aggregation session recordmcount.pl: look for jgnop instruction as well as bcrl on s390 dm btree remove: fix use after free in rebalance_children() nfsd: fix use-after-free due to delegation race soc/tegra: fuse: Fix bitwise vs. logical OR warning igbvf: fix double free in `igbvf_probe` ixgbe: set X550 MDIO speed before talking to PHY USB: gadget: bRequestType is a bitfield, not a enum PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error USB: serial: option: add Telit FN990 compositions timekeeping: Really make sure wall_to_monotonic isn't positive net: systemport: Add global locking for descriptor lifecycle firmware: arm_scpi: Fix string overflow in SCPI genpd driver fuse: annotate lock in fuse_reverse_inval_entry() scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() net: lan78xx: Avoid unnecessary self assignment ARM: 8805/2: remove unneeded naked function usage mwifiex: Remove unnecessary braces from HostCmd_SET_SEQ_NO_BSS_INFO Input: touchscreen - avoid bitwise vs logical OR warning xen/blkfront: harden blkfront against event channel storms xen/netfront: harden netfront against event channel storms xen/console: harden hvc_xen against event channel storms xen/netback: fix rx queue stall detection xen/netback: don't queue unlimited number of packages Linux 4.9.294 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1f6f7cacef0a205b7bb06cce5c1ed1691879b2fa |
||
|
Yu Liao
|
848a0e10fd |
timekeeping: Really make sure wall_to_monotonic isn't positive
commit 4e8c11b6b3f0b6a283e898344f154641eda94266 upstream. Even after commit |
||
|
Alex Naidis
|
34641fdadb |
alarmtimer: Add ndelay for tight loop
The loop in alarm_cancel() is similar to the ones in the timer drivers as it disables IRQs as well. So we need to add an ndelay() call after the cpu_relax() call to avoid potential scheduling delays due to IRQ stalling. Change-Id: Ic8f5840bc64103e1cdcca4f6ad4fbd76dc0e2a11 Signed-off-by: Alex Naidis <alexander.naidis@razer.com> Reviewed-on: https://g3.razerzone.com:8443/25276 Reviewed-by: Jake Weinstein <jacob.weinstein@razer.com> |
||
|
Michael Bestas
|
2f4670b105 |
Merge branch 'android-4.9-q' of https://android.googlesource.com/kernel/common into lineage-18.1-caf-sdm845
* 'android-4.9-q' of https://android.googlesource.com/kernel/common: (668 commits) Conflicts: drivers/md/dm-table.c drivers/mmc/core/mmc.c drivers/scsi/ufs/ufshcd.c drivers/usb/gadget/configfs.c kernel/exit.c mm/page-writeback.c Change-Id: Id92b0ecfb258ab1741bdb72f4885623a6c476aaa |
||
|
Greg Kroah-Hartman
|
d73e635a21 |
Merge 4.9.263 into android-4.9-q
Changes in 4.9.263 ext4: handle error of ext4_setup_system_zone() on remount ext4: don't allow overlapping system zones ext4: check journal inode extents more carefully net: dsa: b53: Support setting learning on port ixgbe: check for Tx timestamp timeouts during watchdog ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode btrfs: fix race when cloning extent buffer during rewind of an old root nvmet: don't check iosqes,iocqes for discovery controllers NFSD: Repair misuse of sv_lock in 5.10.16-rt30. svcrdma: disable timeouts on rdma backchannel sunrpc: fix refcount leak for rpc auth modules net/qrtr: fix __netdev_alloc_skb call scsi: lpfc: Fix some error codes in debugfs USB: replace hardcode maximum usb string length by definition usb: gadget: configfs: Fix KASAN use-after-free iio: adis16400: Fix an error code in adis16400_initial_setup() PCI: rpadlpar: Fix potential drc_name corruption in store functions perf/x86/intel: Fix a crash caused by zero PEBS status x86/ioapic: Ignore IRQ2 again kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() x86: Move TS_COMPAT back to asm/thread_info.h x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() ext4: find old entry again if failed to rename whiteout ext4: fix potential error in ext4_do_update_inode genirq: Disable interrupts for force threaded handlers Linux 4.9.263 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I1be8f65e8275474e44ac3a61268bee7d3d33302b |
||
|
Oleg Nesterov
|
376a76aa92 |
kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
commit 5abbe51a526253b9f003e9a0a195638dc882d660 upstream.
Preparation for fixing get_nr_restart_syscall() on X86 for COMPAT.
Add a new helper which sets restart_block->fn and calls a dummy
arch_set_restart_data() helper.
Fixes:
|
||
|
Michael Bestas
|
b441756bdb |
Merge branch 'android-4.9-q' of https://android.googlesource.com/kernel/common into lineage-17.1-caf-sdm845
* 'android-4.9-q' of https://android.googlesource.com/kernel/common: (1829 commits) Conflicts: arch/mips/include/uapi/asm/Kbuild arch/powerpc/include/uapi/asm/Kbuild drivers/irqchip/irq-gic.c drivers/scsi/ufs/ufs_quirks.h drivers/scsi/ufs/ufshcd.c drivers/usb/dwc3/core.c drivers/usb/gadget/function/f_accessory.c fs/ext4/namei.c include/uapi/drm/Kbuild include/uapi/linux/Kbuild include/uapi/linux/cifs/Kbuild include/uapi/linux/genwqe/Kbuild mm/page_alloc.c net/ipv6/datagram.c net/netfilter/xt_quota2.c net/netlink/genetlink.c sound/core/compress_offload.c Change-Id: I42de3248e9c43e504df5c9bb4139cbf355d2d7de |
||
|
Greg Kroah-Hartman
|
a3ba0ea9cb |
Merge 4.9.245 into android-4.9-q
Changes in 4.9.245 powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL powerpc/64s: move some exception handlers out of line powerpc/64s: flush L1D on kernel entry powerpc: Add a framework for user access tracking powerpc: Implement user_access_begin and friends powerpc: Fix __clear_user() with KUAP enabled powerpc/uaccess: Evaluate macro arguments once, before user access is allowed powerpc/64s: flush L1D after user accesses i2c: imx: use clk notifier for rate changes i2c: imx: Fix external abort on interrupt in exit paths i2c: mux: pca954x: Add missing pca9546 definition to chip_desc powerpc/8xx: Always fault when _PAGE_ACCESSED is not set Input: sunkbd - avoid use-after-free in teardown paths mac80211: always wind down STA state KVM: x86: clflushopt should be treated as a no-op by emulation ACPI: GED: fix -Wformat Linux 4.9.245 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I688b066e99eeb16270414e0c4cb4dc3bb244486c |
||
|
George Spelvin
|
29da3bb1a8 |
random32: make prandom_u32() output unpredictable
commit c51f8f88d705e06bd696d7510aff22b33eb8e638 upstream.
Non-cryptographic PRNGs may have great statistical properties, but
are usually trivially predictable to someone who knows the algorithm,
given a small sample of their output. An LFSR like prandom_u32() is
particularly simple, even if the sample is widely scattered bits.
It turns out the network stack uses prandom_u32() for some things like
random port numbers which it would prefer are *not* trivially predictable.
Predictability led to a practical DNS spoofing attack. Oops.
This patch replaces the LFSR with a homebrew cryptographic PRNG based
on the SipHash round function, which is in turn seeded with 128 bits
of strong random key. (The authors of SipHash have *not* been consulted
about this abuse of their algorithm.) Speed is prioritized over security;
attacks are rare, while performance is always wanted.
Replacing all callers of prandom_u32() is the quick fix.
Whether to reinstate a weaker PRNG for uses which can tolerate it
is an open question.
Commit f227e3ec3b5c ("random32: update the net random state on interrupt
and activity") was an earlier attempt at a solution. This patch replaces
it.
Reported-by: Amit Klein <aksecurity@gmail.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Eric Dumazet <edumazet@google.com>
Cc: "Jason A. Donenfeld" <Jason@zx2c4.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: tytso@mit.edu
Cc: Florian Westphal <fw@strlen.de>
Cc: Marc Plumb <lkml.mplumb@gmail.com>
Fixes: f227e3ec3b5c ("random32: update the net random state on interrupt and activity")
Signed-off-by: George Spelvin <lkml@sdf.org>
Link: https://lore.kernel.org/netdev/20200808152628.GA27941@SDF.ORG/
[ willy: partial reversal of f227e3ec3b5c; moved SIPROUND definitions
to prandom.h for later use; merged George's prandom_seed() proposal;
inlined siprand_u32(); replaced the net_rand_state[] array with 4
members to fix a build issue; cosmetic cleanups to make checkpatch
happy; fixed RANDOM32_SELFTEST build ]
[wt: backported to 4.9 -- various context adjustments; timer API change]
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
495d499ce7 |
Merge 4.9.238 into android-4.9-q
Changes in 4.9.238 af_key: pfkey_dump needs parameter validation KVM: fix memory leak in kvm_io_bus_unregister_dev() kprobes: fix kill kprobe which has been marked as gone RDMA/ucma: ucma_context reference leak in error path mtd: Fix comparison in map_word_andequal() hdlc_ppp: add range checks in ppp_cp_parse_cr() ip: fix tos reflection in ack and reset packets tipc: use skb_unshare() instead in tipc_buf_append() bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. net: phy: Avoid NPD upon phy_detach() when driver is unbound net/hsr: Check skb_put_padto() return value net: add __must_check to skb_put_padto() serial: 8250: Avoid error message on reprobe scsi: aacraid: fix illegal IO beyond last LBA m68k: q40: Fix info-leak in rtc_ioctl gma/gma500: fix a memory disclosure bug due to uninitialized bytes ASoC: kirkwood: fix IRQ error handling ALSA: usb-audio: Add delay quirk for H570e USB headsets PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out clk/ti/adpll: allocate room for terminating null mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() mfd: mfd-core: Protect against NULL call-back function pointer tracing: Adding NULL checks for trace_array descriptor pointer bcache: fix a lost wake-up problem caused by mca_cannibalize_lock RDMA/i40iw: Fix potential use after free xfs: fix attr leaf header freemap.size underflow RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' debugfs: Fix !DEBUG_FS debugfs_create_automount CIFS: Properly process SMB3 lease breaks kernel/sys.c: avoid copying possible padding bytes in copy_to_user neigh_stat_seq_next() should increase position index rt_cpu_seq_next should increase position index seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier media: ti-vpe: cal: Restrict DMA to avoid memory corruption ACPI: EC: Reference count query handlers under lock dmaengine: zynqmp_dma: fix burst length configuration tracing: Set kernel_stack's caller size properly ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter Bluetooth: Fix refcount use-after-free issue mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: prefetch channel before killing sock KVM: fix overflow of zero page refcount with ksm running ALSA: hda: Clear RIRB status before reading WP skbuff: fix a data race in skb_queue_len() audit: CONFIG_CHANGE don't log internal bookkeeping as an event selinux: sel_avc_get_stat_idx should increase position index scsi: lpfc: Fix RQ buffer leakage when no IOCBs available scsi: lpfc: Fix coverity errors in fmdi attribute handling drm/omap: fix possible object reference leak RDMA/rxe: Fix configuration of atomic queue pair attributes KVM: x86: fix incorrect comparison in trace event x86/pkeys: Add check for pkey "overflow" bpf: Remove recursion prevention from rcu free callback dmaengine: tegra-apb: Prevent race conditions on channel's freeing media: go7007: Fix URB type for interrupt handling Bluetooth: guard against controllers sending zero'd events timekeeping: Prevent 32bit truncation in scale64_check_overflow() drm/amdgpu: increase atombios cmd timeout Bluetooth: L2CAP: handle l2cap config request during open state media: tda10071: fix unsigned sign extension overflow xfs: don't ever return a stale pointer from __xfs_dir3_free_read tpm: ibmvtpm: Wait for buffer to be set before proceeding tracing: Use address-of operator on section symbols serial: 8250_port: Don't service RX FIFO if throttled serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn tools: gpio-hammer: Avoid potential overflow in main SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' svcrdma: Fix leak of transport addresses ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor mm/filemap.c: clear page error before actual read mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area KVM: Remove CREATE_IRQCHIP/SET_PIT2 race bdev: Reduce time holding bd_mutex in sync in blkdev_close() drivers: char: tlclk.c: Avoid data race between init and interrupt handler dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion atm: fix a memory leak of vcc->user_back phy: samsung: s5pv210-usb2: Add delay after reset Bluetooth: Handle Inquiry Cancel error after Inquiry Complete USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() tty: serial: samsung: Correct clock selection logic ALSA: hda: Fix potential race in unsol event handler fuse: don't check refcount after stealing page USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int e1000: Do not perform reset in reset_task if we are already down printk: handle blank console arguments passed in. btrfs: don't force read-only after error in drop snapshot vfio/pci: fix memory leaks of eventfd ctx perf util: Fix memory leak of prefix_if_not_in perf kcore_copy: Fix module map when there are no modules loaded mtd: rawnand: omap_elm: Fix runtime PM imbalance on error ceph: fix potential race in ceph_check_caps mtd: parser: cmdline: Support MTD names containing one or more colons x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline vfio/pci: Clear error and request eventfd ctx after releasing cifs: Fix double add page to memcg when cifs_readpages selftests/x86/syscall_nt: Clear weird flags after each test vfio/pci: fix racy on error and request eventfd ctx s390/init: add missing __init annotations i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() objtool: Fix noreturn detection for ignored functions ieee802154/adf7242: check status of adf7242_read_reg clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() mwifiex: Increase AES key storage size to 256 bits batman-adv: bla: fix type misuse for backbone_gw hash indexing atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: mcast/TT: fix wrongly dropped or rerouted packets mac802154: tx: fix use-after-free batman-adv: Add missing include for in_interrupt() batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh ALSA: asihpi: fix iounmap in error handler MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() lib/string.c: implement stpcpy ata: define AC_ERR_OK ata: make qc_prep return ata_completion_errors ata: sata_mv, avoid trigerrable BUG_ON Linux 4.9.238 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I799877db3bc49e473bbc023ab948cd241755beff |
||
|
Wen Yang
|
61f27ba2dd |
timekeeping: Prevent 32bit truncation in scale64_check_overflow()
[ Upstream commit 4cbbc3a0eeed675449b1a4d080008927121f3da3 ] While unlikely the divisor in scale64_check_overflow() could be >= 32bit in scale64_check_overflow(). do_div() truncates the divisor to 32bit at least on 32bit platforms. Use div64_u64() instead to avoid the truncation to 32-bit. [ tglx: Massaged changelog ] Signed-off-by: Wen Yang <wenyang@linux.alibaba.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20200120100523.45656-1-wenyang@linux.alibaba.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
1e7b6edbb5 |
Merge 4.9.233 into android-4.9-q
Changes in 4.9.233
xfs: catch inode allocation state mismatch corruption
xfs: validate cached inodes are free when allocated
xfs: don't call xfs_da_shrink_inode with NULL bp
net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
crypto: ccp - Release all allocated memory if sha type is invalid
media: rc: prevent memory leak in cx23888_ir_probe
ath9k_htc: release allocated buffer if timed out
ath9k: release allocated buffer if timed out
PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge
ARM: 8986/1: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl()
drm: hold gem reference until object is no longer accessed
f2fs: check memory boundary by insane namelen
f2fs: check if file namelen exceeds max value
9p/trans_fd: abort p9_read_work if req status changed
9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work
x86/build/lto: Fix truncated .bss with -fdata-sections
x86, vmlinux.lds: Page-align end of ..page_aligned sections
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
rds: Prevent kernel-infoleak in rds_notify_queue_get()
xfs: fix missed wakeup on l_flush_wait
uapi: includes linux/types.h before exporting files
install several missing uapi headers
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
net/x25: Fix null-ptr-deref in x25_disconnect
sh: Fix validation of system call number
net: lan78xx: add missing endpoint sanity check
net: lan78xx: fix transfer-buffer memory leak
mlx4: disable device on shutdown
mlxsw: core: Increase scope of RCU read-side critical section
mlxsw: core: Free EMAD transactions using kfree_rcu()
ibmvnic: Fix IRQ mapping disposal in error path
mac80211: mesh: Free ie data when leaving mesh
mac80211: mesh: Free pending skb when destroying a mpath
arm64: csum: Fix handling of bad packets
usb: hso: Fix debug compile warning on sparc32
qed: Disable "MFW indication via attention" SPAM every 5 minutes
nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame
parisc: add support for cmpxchg on u8 pointers
net: ethernet: ravb: exit if re-initialization fails in tx timeout
Revert "i2c: cadence: Fix the hold bit setting"
xen-netfront: fix potential deadlock in xennet_remove()
KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled
x86/i8259: Use printk_deferred() to prevent deadlock
random32: update the net random state on interrupt and activity
ARM: percpu.h: fix build error
random: fix circular include dependency on arm64 after addition of percpu.h
random32: remove net_rand_state from the latent entropy gcc plugin
random32: move the pseudo-random 32-bit definitions to prandom.h
ext4: fix direct I/O read error
USB: serial: qcserial: add EM7305 QDL product ID
net/mlx5e: Don't support phys switch id if not in switchdev mode
ALSA: seq: oss: Serialize ioctls
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
omapfb: dss: Fix max fclk divider for omap36xx
vgacon: Fix for missing check in scrollback handling
mtd: properly check all write ioctls for permissions
leds: wm831x-status: fix use-after-free on unbind
leds: da903x: fix use-after-free on unbind
leds: lm3533: fix use-after-free on unbind
leds: 88pm860x: fix use-after-free on unbind
net/9p: validate fds in p9_fd_open
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
cfg80211: check vendor command doit pointer before use
igb: reinit_locked() should be called with rtnl_lock
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
tools lib traceevent: Fix memory leak in process_dynamic_array_len
xattr: break delegations in {set,remove}xattr
binder: Prevent context manager from incrementing ref 0
ipv4: Silence suspicious RCU usage warning
ipv6: fix memory leaks on IPV6_ADDRFORM path
vxlan: Ensure FDB dump is performed under RCU
net: lan78xx: replace bogus endpoint lookup
Revert "vxlan: fix tos value before xmit"
usb: hso: check for return value in hso_serial_common_create()
Smack: fix use-after-free in smk_write_relabel_self()
tracepoint: Mark __tracepoint_string's __used
gpio: fix oops resulting from calling of_get_named_gpio(NULL, ...)
cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
EDAC: Fix reference count leaks
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
arm64: dts: exynos: Fix silent hang after boot on Espresso
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
md-cluster: fix wild pointer of unlock_all_bitmaps()
drm/nouveau: fix multiple instances of reference count leaks
drm/debugfs: fix plain echo to connector "force" attribute
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
brcmfmac: To fix Bss Info flag definition Bug
iwlegacy: Check the return value of pcie_capability_read_*()
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
agp/intel: Fix a memory leak on module initialisation failure
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
iio: improve IIO_CONCENTRATION channel type description
leds: lm355x: avoid enum conversion warning
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
xfs: fix reflink quota reservation accounting error
PCI: Fix pci_cfg_wait queue locking problem
leds: core: Flush scheduled work for system suspend
drm: panel: simple: Fix bpc for LG LB070WV8 panel
scsi: scsi_debug: Add check for sdebug_max_queue during module init
mwifiex: Prevent memory corruption handling keys
powerpc/vdso: Fix vdso cpu truncation
staging: rtl8192u: fix a dubious looking mask before a shift
PCI/ASPM: Add missing newline in sysfs 'policy'
drm/imx: tve: fix regulator_disable error path
USB: serial: iuu_phoenix: fix led-activity helpers
usb: dwc2: Fix error path in gadget registration
scsi: mesh: Fix panic after host or bus reset
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
selftests/powerpc: Fix CPU affinity for child process
selftests/powerpc: Fix online CPU selection
s390/qeth: don't process empty bridge port events
wl1251: fix always return 0 error
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
fsl/fman: use 32-bit unsigned integer
fsl/fman: fix dereference null return value
fsl/fman: fix unreachable code
fsl/fman: check dereferencing null pointer
fsl/fman: fix eth hash table allocation
dlm: Fix kobject memleak
pinctrl-single: fix pcs_parse_pinconf() return value
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: Set fput_needed iff FDPUT_FPUT is set
USB: serial: cp210x: re-enable auto-RTS on open
USB: serial: cp210x: enable usb generic throttle/unthrottle
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
crypto: qat - fix double free in qat_uclo_create_batch_init_list
crypto: ccp - Fix use of merged scatterlists
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
9p: Fix memory leak in v9fs_mount
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
smb3: warn on confusing error scenario with sec=krb5
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
btrfs: don't allocate anonymous block device for user invisible roots
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
xtensa: fix xtensa_pmu_setup prototype
powerpc: Fix circular dependency between percpu.h and mmu.h
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
net/compat: Add missing sock updates for SCM_RIGHTS
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
mac80211: fix misplaced while instead of if
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
ftrace: Setup correct FTRACE_FL_REGS flags for module
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
pseries: Fix 64 bit logical memory block panic
mfd: arizona: Ensure 32k clock is put on driver unbind and error
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
pwm: bcm-iproc: handle clk_get_rate() return
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Fix two list_for_each loop exit tests
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
nfs: Fix getxattr kernel panic and memory overflow
fs/ufs: avoid potential u32 multiplication overflow
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
sh: landisk: Add missing initialization of sh_io_port_base
khugepaged: retract_page_tables() remember to test exit
mm: Avoid calling build_all_zonelists_init under hotplug context
Linux 4.9.233
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ied62cb0768f5bd8e989d75e7c2ccf6f1e6f2efd4
|
||
|
Willy Tarreau
|
5aa78397e2 |
random32: update the net random state on interrupt and activity
commit f227e3ec3b5cad859ad15666874405e8c1bbc1d4 upstream. This modifies the first 32 bits out of the 128 bits of a random CPU's net_rand_state on interrupt or CPU activity to complicate remote observations that could lead to guessing the network RNG's internal state. Note that depending on some network devices' interrupt rate moderation or binding, this re-seeding might happen on every packet or even almost never. In addition, with NOHZ some CPUs might not even get timer interrupts, leaving their local state rarely updated, while they are running networked processes making use of the random state. For this reason, we also perform this update in update_process_times() in order to at least update the state when there is user or system activity, since it's the only case we care about. Reported-by: Amit Klein <aksecurity@gmail.com> Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Cc: Eric Dumazet <edumazet@google.com> Cc: "Jason A. Donenfeld" <Jason@zx2c4.com> Cc: Andy Lutomirski <luto@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: <stable@vger.kernel.org> Signed-off-by: Willy Tarreau <w@1wt.eu> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
f0363833ad |
Merge 4.9.231 into android-4.9-q
Changes in 4.9.231
KVM: s390: reduce number of IO pins to 1
gpu: host1x: Detach driver on unregister
spi: spidev: fix a race between spidev_release and spidev_remove
spi: spidev: fix a potential use-after-free in spidev_release()
s390/kasan: fix early pgm check handler execution
cifs: update ctime and mtime during truncate
ARM: imx6: add missing put_device() call in imx6q_suspend_init()
scsi: mptscsih: Fix read sense data size
net: cxgb4: fix return error value in t4_prep_fw
smsc95xx: check return value of smsc95xx_reset
smsc95xx: avoid memory leak in smsc95xx_bind
ALSA: compress: fix partial_drain completion state
arm64: kgdb: Fix single-step exception handling oops
bnxt_en: fix NULL dereference in case SR-IOV configuration fails
net: macb: mark device wake capable when "magic-packet" property present
ALSA: opl3: fix infoleak in opl3
ALSA: hda - let hs_mic be picked ahead of hp_mic
ALSA: usb-audio: add quirk for MacroSilicon MS2109
KVM: arm64: Fix definition of PAGE_HYP_DEVICE
KVM: x86: bit 8 of non-leaf PDPEs is not reserved
Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
btrfs: fix fatal extent_buffer readahead vs releasepage race
drm/radeon: fix double free
ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
ARC: elf: use right ELF_ARCH
s390/mm: fix huge pte soft dirty copying
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
llc: make sure applications use ARPHRD_ETHER
net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
genetlink: remove genl_bind
tcp: make sure listeners don't initialize congestion-control state
tcp: md5: do not send silly options in SYNCOOKIES
tcp: md5: allow changing MD5 keys in all socket states
cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
cgroup: Fix sock_cgroup_data on big-endian.
i2c: eg20t: Load module automatically if ID matches
iio:magnetometer:ak8974: Fix alignment and data leak issues
iio: magnetometer: ak8974: Fix runtime PM imbalance on error
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
iio: pressure: zpa2326: handle pm_runtime_get_sync failure
iio:pressure:ms5611 Fix buffer element alignment
iio:health:afe4403 Fix timestamp alignment and prevent data leak.
spi: fix initial SPI_SR value in spi-fsl-dspi
net: dsa: bcm_sf2: Fix node reference count
Revert "usb/ehci-platform: Set PM runtime as active on resume"
Revert "usb/xhci-plat: Set PM runtime as active on resume"
Revert "usb/ohci-platform: Fix a warning when hibernating"
iio:health:afe4404 Fix timestamp alignment and prevent data leak.
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
usb: gadget: udc: atmel: fix uninitialized read in debug printk
staging: comedi: verify array index is correct before using it
Revert "thermal: mediatek: fix register index error"
ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
mtd: rawnand: brcmnand: fix CS0 layout
HID: magicmouse: do not set up autorepeat
usb: core: Add a helper function to check the validity of EP type in URB
ALSA: line6: Perform sanity check for each URB creation
ALSA: usb-audio: Fix race against the error recovery URB submission
USB: c67x00: fix use after free in c67x00_giveback_urb
usb: dwc2: Fix shutdown callback in platform
usb: chipidea: core: add wakeup support for extcon
usb: gadget: function: fix missing spinlock in f_uac1_legacy
USB: serial: iuu_phoenix: fix memory corruption
USB: serial: cypress_m8: enable Simply Automated UPB PIM
USB: serial: ch341: add new Product ID for CH340
USB: serial: option: add GosunCn GM500 series
USB: serial: option: add Quectel EG95 LTE modem
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
mei: bus: don't clean driver pointer
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
uio_pdrv_genirq: fix use without device tree and no interrupt
timer: Fix wheel index calculation on last level
MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
misc: atmel-ssc: lock with mutex instead of spinlock
arm64: ptrace: Override SPSR.SS when single-stepping is enabled
sched/fair: handle case of task_h_load() returning 0
irqchip/gic: Atomically update affinity
x86/cpu: Move x86_cache_bits settings
Linux 4.9.231
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I57b0f3c4ffcdc49231d1c48f3f25fae424daeeb9
|
||
|
Frederic Weisbecker
|
b1ba1298d5 |
timer: Fix wheel index calculation on last level
commit e2a71bdea81690b6ef11f4368261ec6f5b6891aa upstream.
When an expiration delta falls into the last level of the wheel, that delta
has be compared against the maximum possible delay and reduced to fit in if
necessary.
However instead of comparing the delta against the maximum, the code
compares the actual expiry against the maximum. Then instead of fixing the
delta to fit in, it sets the maximum delta as the expiry value.
This can result in various undesired outcomes, the worst possible one
being a timer expiring 15 days ahead to fire immediately.
Fixes:
|
||
|
Srinivasarao P
|
dde3a593a5 |
hrtimer: retain pinned state in timer->state
hrtimer pinned state not retained due to changes in commit |
||
|
jianzhou
|
fd1d80da74 |
Merge android-4.9.224(5791e89) into msm-4.9
* refs/heads/tmp-5791e89: Linux 4.9.224 Makefile: disallow data races on gcc-10 as well KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce ARM: dts: r8a7740: Add missing extal2 to CPG node ARM: dts: r8a73a4: Add missing CMT1 interrupts Revert "ALSA: hda/realtek: Fix pop noise on ALC225" usb: gadget: legacy: fix error return code in cdc_bind() usb: gadget: legacy: fix error return code in gncm_bind() usb: gadget: audio: Fix a missing error return value in audio_bind() usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' exec: Move would_dump into flush_old_exec x86: Fix early boot crash on gcc-10, third try ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list USB: gadget: fix illegal array access in binding with UDC ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset ALSA: rawmidi: Fix racy buffer resize under concurrent accesses ALSA: rawmidi: Initialize allocated buffers ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 netprio_cgroup: Fix unlimited memory leak of v2 cgroups net: ipv4: really enforce backoff for redirects Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" netlabel: cope with NULL catmap net: fix a potential recursive NETDEV_FEAT_CHANGE gcc-10: disable 'restrict' warning for now gcc-10: disable 'stringop-overflow' warning for now gcc-10: disable 'array-bounds' warning for now gcc-10: disable 'zero-length-bounds' warning for now gcc-10: avoid shadowing standard library 'free()' in crypto net: phy: micrel: Use strlcpy() for ethtool::get_strings Stop the ad-hoc games with -Wno-maybe-initialized kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig gcc-10 warnings: fix low-hanging fruit pnp: Use list_for_each_entry() instead of open coding IB/mlx4: Test return value of calls to ib_get_cached_pkey netfilter: conntrack: avoid gcc-10 zero-length-bounds warning i40iw: Fix error handling in i40iw_manage_arp_cache() pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler ipc/util.c: sysvipc_find_ipc() incorrectly updates position index drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() ALSA: hda/hdmi: fix race in monitor detection during probe dmaengine: mmp_tdma: Reset channel error on release dmaengine: pch_dma.c: Avoid data race between probe and irq handler cifs: Fix a race condition with cifs_echo_request cifs: Check for timeout on Negotiate stage spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls scsi: sg: add sg_remove_request in sg_write drop_monitor: work around gcc-10 stringop-overflow warning net: moxa: Fix a potential double 'free_irq()' net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' shmem: fix possible deadlocks on shmlock_user_lock ptp: free ptp device pin descriptors properly ptp: fix the race between the release of ptp_clock and cdev ptp: Fix pass zero to ERR_PTR() in ptp_clock_register chardev: add helper function to register char devs with a struct device ptp: create "pins" together with the rest of attributes ptp: use is_visible method to hide unused attributes ptp: do not explicitly set drvdata in ptp_clock_register() blktrace: fix dereference after null check blktrace: Protect q->blk_trace with RCU blktrace: fix trace mutex deadlock blktrace: fix unlocked access to init/start-stop/teardown blktrace: Fix potential deadlock between delete & sysfs ops net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup net: ipv6: add net argument to ip6_dst_lookup_flow ext4: add cond_resched() to ext4_protect_reserved_inode binfmt_elf: Do not move brk for INTERP-less ET_EXEC scripts/decodecode: fix trapping instruction formatting objtool: Fix stack offset tracking for indirect CFAs batman-adv: Fix refcnt leak in batadv_v_ogm_process batman-adv: Fix refcnt leak in batadv_store_throughput_override batman-adv: Fix refcnt leak in batadv_show_throughput_override batman-adv: fix batadv_nc_random_weight_tq mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() tracing: Add a vmalloc_sync_mappings() for safe measure USB: serial: garmin_gps: add sanity checking for data length USB: uas: add quirk for LaCie 2Big Quadra binfmt_elf: move brk out of mmap when doing direct loader exec Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" bnxt_en: Improve AER slot reset. net/mlx5: Fix command entry leak in Internal Error State net/mlx5: Fix forced completion access non initialized command entry bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). sch_sfq: validate silly quantum values sch_choke: avoid potential panic in choke_reset() net: usb: qmi_wwan: add support for DW5816e net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() net: macsec: preserve ingress frame ordering fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks dp83640: reverse arguments to list_add_tail USB: serial: qcserial: Add DW5816e support ANDROID: hid: steam: remove BT controller matching UPSTREAM: HID: steam: Fix input device disappearing Conflicts: sound/core/rawmidi.c Change-Id: Idabcac94d95f9c060d788c3fe13392ed29e5d9df Signed-off-by: jianzhou <jianzhou@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
5791e89d21 |
Merge 4.9.224 into android-4.9-q
Changes in 4.9.224 USB: serial: qcserial: Add DW5816e support dp83640: reverse arguments to list_add_tail fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks net: macsec: preserve ingress frame ordering net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() net: usb: qmi_wwan: add support for DW5816e sch_choke: avoid potential panic in choke_reset() sch_sfq: validate silly quantum values bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). net/mlx5: Fix forced completion access non initialized command entry net/mlx5: Fix command entry leak in Internal Error State bnxt_en: Improve AER slot reset. Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" binfmt_elf: move brk out of mmap when doing direct loader exec USB: uas: add quirk for LaCie 2Big Quadra USB: serial: garmin_gps: add sanity checking for data length tracing: Add a vmalloc_sync_mappings() for safe measure mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() batman-adv: fix batadv_nc_random_weight_tq batman-adv: Fix refcnt leak in batadv_show_throughput_override batman-adv: Fix refcnt leak in batadv_store_throughput_override batman-adv: Fix refcnt leak in batadv_v_ogm_process objtool: Fix stack offset tracking for indirect CFAs scripts/decodecode: fix trapping instruction formatting binfmt_elf: Do not move brk for INTERP-less ET_EXEC ext4: add cond_resched() to ext4_protect_reserved_inode net: ipv6: add net argument to ip6_dst_lookup_flow net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup blktrace: Fix potential deadlock between delete & sysfs ops blktrace: fix unlocked access to init/start-stop/teardown blktrace: fix trace mutex deadlock blktrace: Protect q->blk_trace with RCU blktrace: fix dereference after null check ptp: do not explicitly set drvdata in ptp_clock_register() ptp: use is_visible method to hide unused attributes ptp: create "pins" together with the rest of attributes chardev: add helper function to register char devs with a struct device ptp: Fix pass zero to ERR_PTR() in ptp_clock_register ptp: fix the race between the release of ptp_clock and cdev ptp: free ptp device pin descriptors properly shmem: fix possible deadlocks on shmlock_user_lock net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' net: moxa: Fix a potential double 'free_irq()' drop_monitor: work around gcc-10 stringop-overflow warning scsi: sg: add sg_remove_request in sg_write spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls cifs: Check for timeout on Negotiate stage cifs: Fix a race condition with cifs_echo_request dmaengine: pch_dma.c: Avoid data race between probe and irq handler dmaengine: mmp_tdma: Reset channel error on release ALSA: hda/hdmi: fix race in monitor detection during probe drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() ipc/util.c: sysvipc_find_ipc() incorrectly updates position index pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler i40iw: Fix error handling in i40iw_manage_arp_cache() netfilter: conntrack: avoid gcc-10 zero-length-bounds warning IB/mlx4: Test return value of calls to ib_get_cached_pkey pnp: Use list_for_each_entry() instead of open coding gcc-10 warnings: fix low-hanging fruit kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig Stop the ad-hoc games with -Wno-maybe-initialized net: phy: micrel: Use strlcpy() for ethtool::get_strings gcc-10: avoid shadowing standard library 'free()' in crypto gcc-10: disable 'zero-length-bounds' warning for now gcc-10: disable 'array-bounds' warning for now gcc-10: disable 'stringop-overflow' warning for now gcc-10: disable 'restrict' warning for now net: fix a potential recursive NETDEV_FEAT_CHANGE netlabel: cope with NULL catmap Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" net: ipv4: really enforce backoff for redirects netprio_cgroup: Fix unlimited memory leak of v2 cgroups ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 ALSA: rawmidi: Initialize allocated buffers ALSA: rawmidi: Fix racy buffer resize under concurrent accesses ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset USB: gadget: fix illegal array access in binding with UDC usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries x86: Fix early boot crash on gcc-10, third try exec: Move would_dump into flush_old_exec usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' usb: gadget: audio: Fix a missing error return value in audio_bind() usb: gadget: legacy: fix error return code in gncm_bind() usb: gadget: legacy: fix error return code in cdc_bind() Revert "ALSA: hda/realtek: Fix pop noise on ALC225" ARM: dts: r8a73a4: Add missing CMT1 interrupts ARM: dts: r8a7740: Add missing extal2 to CPG node KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce Makefile: disallow data races on gcc-10 as well Linux 4.9.224 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib9fdff8dd9e9c92a2e750251b98eb0e4c9496fba |
||
|
Vladis Dronov
|
89e8fc989f |
ptp: fix the race between the release of ptp_clock and cdev
commit a33121e5487b424339636b25c35d3a180eaa5f5e upstream.
In a case when a ptp chardev (like /dev/ptp0) is open but an underlying
device is removed, closing this file leads to a race. This reproduces
easily in a kvm virtual machine:
ts# cat openptp0.c
int main() { ... fp = fopen("/dev/ptp0", "r"); ... sleep(10); }
ts# uname -r
5.5.0-rc3-46cf053e
ts# cat /proc/cmdline
... slub_debug=FZP
ts# modprobe ptp_kvm
ts# ./openptp0 &
[1] 670
opened /dev/ptp0, sleeping 10s...
ts# rmmod ptp_kvm
ts# ls /dev/ptp*
ls: cannot access '/dev/ptp*': No such file or directory
ts# ...woken up
[ 48.010809] general protection fault: 0000 [#1] SMP
[ 48.012502] CPU: 6 PID: 658 Comm: openptp0 Not tainted 5.5.0-rc3-46cf053e #25
[ 48.014624] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ...
[ 48.016270] RIP: 0010:module_put.part.0+0x7/0x80
[ 48.017939] RSP: 0018:ffffb3850073be00 EFLAGS: 00010202
[ 48.018339] RAX: 000000006b6b6b6b RBX: 6b6b6b6b6b6b6b6b RCX: ffff89a476c00ad0
[ 48.018936] RDX: fffff65a08d3ea08 RSI: 0000000000000247 RDI: 6b6b6b6b6b6b6b6b
[ 48.019470] ... ^^^ a slub poison
[ 48.023854] Call Trace:
[ 48.024050] __fput+0x21f/0x240
[ 48.024288] task_work_run+0x79/0x90
[ 48.024555] do_exit+0x2af/0xab0
[ 48.024799] ? vfs_write+0x16a/0x190
[ 48.025082] do_group_exit+0x35/0x90
[ 48.025387] __x64_sys_exit_group+0xf/0x10
[ 48.025737] do_syscall_64+0x3d/0x130
[ 48.026056] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 48.026479] RIP: 0033:0x7f53b12082f6
[ 48.026792] ...
[ 48.030945] Modules linked in: ptp i6300esb watchdog [last unloaded: ptp_kvm]
[ 48.045001] Fixing recursive fault but reboot is needed!
This happens in:
static void __fput(struct file *file)
{ ...
if (file->f_op->release)
file->f_op->release(inode, file); <<< cdev is kfree'd here
if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL &&
!(mode & FMODE_PATH))) {
cdev_put(inode->i_cdev); <<< cdev fields are accessed here
Namely:
__fput()
posix_clock_release()
kref_put(&clk->kref, delete_clock) <<< the last reference
delete_clock()
delete_ptp_clock()
kfree(ptp) <<< cdev is embedded in ptp
cdev_put
module_put(p->owner) <<< *p is kfree'd, bang!
Here cdev is embedded in posix_clock which is embedded in ptp_clock.
The race happens because ptp_clock's lifetime is controlled by two
refcounts: kref and cdev.kobj in posix_clock. This is wrong.
Make ptp_clock's sysfs device a parent of cdev with cdev_device_add()
created especially for such cases. This way the parent device with its
ptp_clock is not released until all references to the cdev are released.
This adds a requirement that an initialized but not exposed struct
device should be provided to posix_clock_register() by a caller instead
of a simple dev_t.
This approach was adopted from the commit 72139dfa2464 ("watchdog: Fix
the race between the release of watchdog_core_data and cdev"). See
details of the implementation in the commit 233ed09d7fda ("chardev: add
helper function to register char devs with a struct device").
Link: https://lore.kernel.org/linux-fsdevel/20191125125342.6189-1-vdronov@redhat.com/T/#u
Analyzed-by: Stephen Johnston <sjohnsto@redhat.com>
Analyzed-by: Vern Lovejoy <vlovejoy@redhat.com>
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Acked-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
jianzhou
|
5687ffb6b6 |
Merge android-4.9.214(c1c5428) into msm-4.9
* refs/heads/tmp-c1c5428:
Linux 4.9.214
libertas: make lbs_ibss_join_existing() return error code on rates overflow
libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
dm: fix potential for q->make_request_fn NULL pointer
scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state
pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW
tools/power/acpi: fix compilation error
ARM: dts: at91: sama5d3: define clock rate range for tcb1
ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
rtc: cmos: Stop using shared IRQ
rtc: hym8563: Return -EINVAL if the time is known to be invalid
NFSv4: try lease recovery on NFS4ERR_EXPIRED
nfs: NFS_SWAP should depend on SWAP
PCI: Don't disable bridge BARs when assigning bus resources
scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
RDMA/netlink: Do not always generate an ACK for some netlink operations
ASoC: pcm: update FE/BE trigger order based on the command
rxrpc: Fix service call disconnection
perf/core: Fix mlock accounting in perf_mmap()
clocksource: Prevent double add_timer_on() for watchdog_timer
cifs: fail i/o on soft mounts if sessionsetup errors out
KVM: nVMX: vmread should not set rflags to specify success in case of #PF
KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
btrfs: flush write bio if we loop in extent_write_cache_pages
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
drm: atmel-hlcdc: enable clock before configuring timing engine
Btrfs: fix race between adding and putting tree mod seq elements and nodes
btrfs: remove trivial locking wrappers of tree mod log
btrfs: use bool argument in free_root_pointers()
Btrfs: fix assertion failure on fsync with NO_HOLES enabled
ext4: fix deadlock allocating crypto bounce page from mempool
NFS: Directory page cache pages need to be locked when read
NFS: Fix bool initialization/comparison
NFS: Fix memory leaks and corruption in readdir
NFS: switch back to to ->iterate()
bonding/alb: properly access headers in bond_alb_xmit()
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
mfd: rn5t618: Mark ADC control register volatile
mfd: da9062: Fix watchdog compatible string
ubi: Fix an error pointer dereference in error handling code
ubi: fastmap: Fix inverted logic in seen selfcheck
nfsd: fix jiffies/time_t mixup in LRU list
nfsd: fix delay timer on 32-bit architectures
IB/mlx5: Fix outstanding_pi index for GSI qps
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
net: smc911x: Adjust indentation in smc911x_phy_configure
ppp: Adjust indentation into ppp_async_input
NFC: pn544: Adjust indentation in pn544_hci_check_presence
powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
ext2: Adjust indentation in ext2_fill_super
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
scsi: csiostor: Adjust indentation in csio_device_reset
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
clk: tegra: Mark fuse clock as critical
KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
sunrpc: expiry_time should be seconds not timeval
mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
btrfs: set trans->drity in btrfs_commit_transaction
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
crypto: api - Fix race condition in crypto_spawn_alg
crypto: atmel-aes - Fix counter overflow in CTR mode
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
dm space map common: fix to ensure new block isn't already in use
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
power: supply: ltc2941-battery-gauge: fix use-after-free
scsi: qla2xxx: Fix mtcp dump collection failure
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
ubifs: Fix deadlock in concurrent bulk-read and writepage
ubifs: Change gfp flags in page allocation for bulk read
PCI: keystone: Fix link training retries initiation
mmc: spi: Toggle SPI polarity, do not hardcode it
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
media/v4l2-core: set pages dirty upon releasing DMA buffers
ALSA: dummy: Fix PCM format loop in proc output
usb: gadget: f_ecm: Use atomic_t to track in-flight request
usb: gadget: f_ncm: Use atomic_t to track in-flight request
usb: gadget: legacy: set max_speed to super-speed
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
mfd: dln2: More sanity checking for endpoints
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
tcp: clear tp->segs_{in|out} in tcp_disconnect()
tcp: clear tp->data_segs{in|out} in tcp_disconnect()
tcp: clear tp->delivered in tcp_disconnect()
tcp: clear tp->total_retrans in tcp_disconnect()
rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect
rxrpc: Fix insufficient receive notification generation
net_sched: fix an OOB access in cls_tcindex
net: hsr: fix possible NULL deref in hsr_handle_frame()
gtp: use __GFP_NOWARN to avoid memalloc warning
cls_rsvp: fix rsvp_policy
ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
sparc32: fix struct ipc64_perm type definition
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
media: iguanair: fix endpoint sanity check
Conflicts:
drivers/md/dm.c
drivers/of/Kconfig
Change-Id: Id940707868e5e36775066aea98caabcc9bbdbabd
Signed-off-by: jianzhou <jianzhou@codeaurora.org>
|
||
|
jianzhou
|
c30521f5b6 |
Merge android-4.9.208(9759f95) into msm-4.9
* refs/heads/tmp-9759f95: Linux 4.9.208 gtp: avoid zero size hashtable gtp: fix wrong condition in gtp_genl_dump_pdp() tcp: do not send empty skb from tcp_write_xmit() tcp/dccp: fix possible race __inet_lookup_established() vhost/vsock: accept only packets with the right dst_cid net: ena: fix napi handler misbehavior when the napi budget is zero mmc: sdhci: Update the tuning failed messages to pr_debug level pinctrl: baytrail: Really serialize all register accesses tty/serial: atmel: fix out of range clock divider handling hrtimer: Annotate lockless access to timer->state net: icmp: fix data-race in cmp_global_allow() netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() 6pack,mkiss: fix possible deadlock netfilter: ebtables: compat: reject all padding in matches/watchers filldir[64]: remove WARN_ON_ONCE() for bad directory entries Make filldir[64]() verify the directory entry filename is valid perf strbuf: Remove redundant va_end() in strbuf_addv() ALSA: hda - Downgrade error message for single-cmd fallback net, sysctl: Fix compiler warning when only cBPF is present x86/mce: Fix possibly incorrect severity calculation on AMD kernel: sysctl: make drop_caches write-only ocfs2: fix passing zero to 'PTR_ERR' warning s390/cpum_sf: Check for SDBT and SDB consistency libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h perf regs: Make perf_reg_name() return "unknown" instead of NULL cdrom: respect device capabilities during opening action scripts/kallsyms: fix definitely-lost memory leak gpio: mpc8xxx: Don't overwrite default irq_set_type callback scsi: target: iscsi: Wait for all commands to finish before freeing a session scsi: scsi_debug: num_tgts must be >= 0 scsi: pm80xx: Fix for SATA device discovery ext4: work around deleting a file with i_nlink == 0 safely HID: Improve Windows Precision Touchpad detection. bcache: at least try to shrink 1 node in bch_mca_scan() clk: pxa: fix one of the pxa RTC clocks scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE powerpc/security: Fix wrong message when RFI Flush is disable powerpc/pseries/cmm: Implement release() function for sysfs device scsi: ufs: fix potential bug which ends in system hang scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long irqchip: ingenic: Error out if IRQ domain creation failed irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary clk: qcom: Allow constant ratio freq tables for rcg scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) jbd2: Fix statistics for the number of logged blocks powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning powerpc/security/book3s64: Report L1TF status in sysfs clocksource/drivers/asm9260: Add a check for of_clk_get dma-debug: add a schedule point in debug_dma_dump_mappings() powerpc/pseries: Don't fail hash page table insert for bolted mapping powerpc/pseries: Mark accumulate_stolen_time() as notrace scsi: csiostor: Don't enable IRQs too early scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices scsi: target: compare full CHAP_A Algorithm strings iommu/tegra-smmu: Fix page tables in > 4 GiB memory Input: atmel_mxt_ts - disable IRQ across suspend scsi: lpfc: Fix locking on mailbox command completion scsi: mpt3sas: Fix clear pending bit in ioctl status perf probe: Fix to show function entry line as probe-able mmc: sdhci-of-esdhc: fix P2020 errata handling powerpc/irq: fix stack overflow verification ext4: check for directory entries too close to block end ext4: fix ext4_empty_dir() for directories with holes staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes USB: EHCI: Do not return -EPIPE when hub is disconnected usbip: Fix error path of vhci_recv_ret_submit() net: dst: Force 4-byte alignment of dst_metrics sctp: fully initialize v4 addr in some functions net: usb: lan78xx: Fix suspend/resume PHY register access error net: qlogic: Fix error paths in ql_alloc_large_buffers() net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() net: hisilicon: Fix a BUG trigered by wrong bytes_compl mod_devicetable: fix PHY module format fjes: fix missed check in fjes_acpi_add af_packet: set defaule value for tmo Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues btrfs: abort transaction after failed inode updates in create_subvol btrfs: return error pointer from alloc_test_extent_buffer btrfs: do not call synchronize_srcu() in inode_tree_del btrfs: don't double lock the subvol_sem for rename exchange usb: xhci: Fix build warning seen with CONFIG_PM=n Revert "mmc: sdhci: Fix incorrect switch to HS mode" btrfs: don't prematurely free work in reada_start_machine_worker() net: phy: initialise phydev speed and duplex sanely libtraceevent: Fix memory leakage in copy_filter_type crypto: vmx - Avoid weird build failures crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c fbtft: Make sure string is NULL terminated iwlwifi: check kasprintf() return value x86/insn: Add some Intel instructions to the opcode map spi: st-ssc4: add missed pm_runtime_disable btrfs: don't prematurely free work in run_ordered_work() btrfs: don't prematurely free work in end_workqueue_fn() mmc: tmio: Add MMC_CAP_ERASE to allow erase/discard/trim requests spi: tegra20-slink: add missed clk_unprepare iwlwifi: mvm: fix unaligned read of rx_pkt_status x86/crash: Add a forward declaration of struct kimage cpufreq: Register drivers only after CPU devices have been registered parport: load lowlevel driver if ports not found s390/disassembler: don't hide instruction addresses ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile spi: pxa2xx: Add missed security checks EDAC/ghes: Fix grain calculation media: si470x-i2c: add missed operations in remove media: pvrusb2: Fix oops on tear-down when radio support is not present ath10k: fix get invalid tx rate for Mesh metric perf probe: Filter out instances except for inlined subroutine and subprogram perf probe: Skip end-of-sequence and non statement lines perf probe: Fix to show calling lines of inlined functions perf probe: Return a better scope DIE if there is no best scope perf probe: Skip overlapped location on searching variables perf probe: Fix to probe a function which has no entry pc perf probe: Fix to show inlined function callsite without entry_pc perf probe: Fix to show ranges of variables in functions without entry_pc perf probe: Fix to probe an inline function which has no entry pc perf probe: Walk function lines in lexical blocks perf probe: Fix to list probe event with correct line number perf probe: Fix to find range-only function instance rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() ALSA: timer: Limit max amount of slave instances spi: img-spfi: fix potential double release bnx2x: Fix PF-VF communication over multi-cos queues. Bluetooth: Fix advertising duplicated flags pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B libata: Ensure ata_port probe has completed before detach arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() x86/ioapic: Prevent inconsistent state when moving an interrupt rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot drm/gma500: fix memory disclosures due to uninitialized bytes x86/mce: Lower throttling MCE messages' priority to warning Bluetooth: hci_core: fix init for HCI_USER_CHANNEL iio: adc: max1027: Reset the device at probe time usb: usbfs: Suppress problematic bind and unbind uevents. perf report: Add warning when libunwind not compiled in perf test: Report failure for mmap events x86/mm: Use the correct function type for native_set_fixmap() extcon: sm5502: Reset registers during initialization media: ti-vpe: vpe: Make sure YUYV is set as default format media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring samples: pktgen: fix proc_cmd command result check logic media: cec-funcs.h: add status_req checks media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled usb: renesas_usbhs: add suspend event support in gadget mode tools/power/cpupower: Fix initializer override in hsw_ext_cstates media: ov6650: Fix stored frame format not in sync with hardware media: i2c: ov2659: Fix missing 720p register config media: i2c: ov2659: fix s_stream return value media: am437x-vpfe: Setting STD to current value is not an error IB/iser: bound protection_sg size by data_sg size libertas: fix a potential NULL pointer dereference rtlwifi: prevent memory leak in rtl_usb_probe staging: rtl8188eu: fix possible null dereference staging: rtl8192u: fix multiple memory leaks on error path spi: Add call to spi_slave_abort() function when spidev driver is released iio: light: bh1750: Resolve compiler warning and make code more readable drm/bridge: analogix-anx78xx: silence -EPROBE_DEFER warnings drm: mst: Fix query_payload ack reply struct ALSA: hda/ca0132 - Avoid endless loop ALSA: hda/ca0132 - Keep power on during processing DSP response ALSA: pcm: Avoid possible info leaks from PCM stream buffers btrfs: handle ENOENT in btrfs_uuid_tree_iterate btrfs: do not leak reloc root if we fail to read the fs root btrfs: skip log replay on orphaned roots UPSTREAM: HID: input: map digitizer battery usage ANDROID: cuttlefish_defconfig: Disable TRANSPARENT_HUGEPAGE Conflicts: arch/arm64/kernel/psci.c kernel/time/hrtimer.c Change-Id: I01dd0697e8a78a5046d5513c2dcd1c6e28ef0328 Signed-off-by: jianzhou <jianzhou@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
c1c5428bed |
Merge 4.9.214 into android-4.9-q
Changes in 4.9.214
media: iguanair: fix endpoint sanity check
x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
sparc32: fix struct ipc64_perm type definition
ASoC: qcom: Fix of-node refcount unbalance to link->codec_of_node
cls_rsvp: fix rsvp_policy
gtp: use __GFP_NOWARN to avoid memalloc warning
net: hsr: fix possible NULL deref in hsr_handle_frame()
net_sched: fix an OOB access in cls_tcindex
rxrpc: Fix insufficient receive notification generation
rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect
tcp: clear tp->total_retrans in tcp_disconnect()
tcp: clear tp->delivered in tcp_disconnect()
tcp: clear tp->data_segs{in|out} in tcp_disconnect()
tcp: clear tp->segs_{in|out} in tcp_disconnect()
media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
mfd: dln2: More sanity checking for endpoints
brcmfmac: Fix memory leak in brcmf_usbdev_qinit
usb: gadget: legacy: set max_speed to super-speed
usb: gadget: f_ncm: Use atomic_t to track in-flight request
usb: gadget: f_ecm: Use atomic_t to track in-flight request
ALSA: dummy: Fix PCM format loop in proc output
media/v4l2-core: set pages dirty upon releasing DMA buffers
media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
mmc: spi: Toggle SPI polarity, do not hardcode it
PCI: keystone: Fix link training retries initiation
ubifs: Change gfp flags in page allocation for bulk read
ubifs: Fix deadlock in concurrent bulk-read and writepage
crypto: api - Check spawn->alg under lock in crypto_drop_spawn
scsi: qla2xxx: Fix mtcp dump collection failure
power: supply: ltc2941-battery-gauge: fix use-after-free
of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
dm space map common: fix to ensure new block isn't already in use
crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
crypto: atmel-aes - Fix counter overflow in CTR mode
crypto: api - Fix race condition in crypto_spawn_alg
crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
btrfs: set trans->drity in btrfs_commit_transaction
ARM: tegra: Enable PLLP bypass during Tegra124 LP1
mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
sunrpc: expiry_time should be seconds not timeval
KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
clk: tegra: Mark fuse clock as critical
scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
scsi: csiostor: Adjust indentation in csio_device_reset
scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
ext2: Adjust indentation in ext2_fill_super
powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
NFC: pn544: Adjust indentation in pn544_hci_check_presence
ppp: Adjust indentation into ppp_async_input
net: smc911x: Adjust indentation in smc911x_phy_configure
net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
IB/mlx5: Fix outstanding_pi index for GSI qps
nfsd: fix delay timer on 32-bit architectures
nfsd: fix jiffies/time_t mixup in LRU list
ubi: fastmap: Fix inverted logic in seen selfcheck
ubi: Fix an error pointer dereference in error handling code
mfd: da9062: Fix watchdog compatible string
mfd: rn5t618: Mark ADC control register volatile
net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
bonding/alb: properly access headers in bond_alb_xmit()
NFS: switch back to to ->iterate()
NFS: Fix memory leaks and corruption in readdir
NFS: Fix bool initialization/comparison
NFS: Directory page cache pages need to be locked when read
ext4: fix deadlock allocating crypto bounce page from mempool
Btrfs: fix assertion failure on fsync with NO_HOLES enabled
btrfs: use bool argument in free_root_pointers()
btrfs: remove trivial locking wrappers of tree mod log
Btrfs: fix race between adding and putting tree mod seq elements and nodes
drm: atmel-hlcdc: enable clock before configuring timing engine
KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
btrfs: flush write bio if we loop in extent_write_cache_pages
KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
KVM: nVMX: vmread should not set rflags to specify success in case of #PF
cifs: fail i/o on soft mounts if sessionsetup errors out
clocksource: Prevent double add_timer_on() for watchdog_timer
perf/core: Fix mlock accounting in perf_mmap()
rxrpc: Fix service call disconnection
ASoC: pcm: update FE/BE trigger order based on the command
RDMA/netlink: Do not always generate an ACK for some netlink operations
scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails
PCI: Don't disable bridge BARs when assigning bus resources
nfs: NFS_SWAP should depend on SWAP
NFSv4: try lease recovery on NFS4ERR_EXPIRED
rtc: hym8563: Return -EINVAL if the time is known to be invalid
rtc: cmos: Stop using shared IRQ
ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node
ARM: dts: at91: sama5d3: fix maximum peripheral clock rates
ARM: dts: at91: sama5d3: define clock rate range for tcb1
tools/power/acpi: fix compilation error
powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW
pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B
scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state
dm: fix potential for q->make_request_fn NULL pointer
mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held
libertas: make lbs_ibss_join_existing() return error code on rates overflow
Linux 4.9.214
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ieac421e286126a690fd2c206ea7b4dde45e4a475
|
||
|
Konstantin Khlebnikov
|
75fc4654a2 |
clocksource: Prevent double add_timer_on() for watchdog_timer
commit febac332a819f0e764aa4da62757ba21d18c182b upstream.
Kernel crashes inside QEMU/KVM are observed:
kernel BUG at kernel/time/timer.c:1154!
BUG_ON(timer_pending(timer) || !timer->function) in add_timer_on().
At the same time another cpu got:
general protection fault: 0000 [#1] SMP PTI of poinson pointer 0xdead000000000200 in:
__hlist_del at include/linux/list.h:681
(inlined by) detach_timer at kernel/time/timer.c:818
(inlined by) expire_timers at kernel/time/timer.c:1355
(inlined by) __run_timers at kernel/time/timer.c:1686
(inlined by) run_timer_softirq at kernel/time/timer.c:1699
Unfortunately kernel logs are badly scrambled, stacktraces are lost.
Printing the timer->function before the BUG_ON() pointed to
clocksource_watchdog().
The execution of clocksource_watchdog() can race with a sequence of
clocksource_stop_watchdog() .. clocksource_start_watchdog():
expire_timers()
detach_timer(timer, true);
timer->entry.pprev = NULL;
raw_spin_unlock_irq(&base->lock);
call_timer_fn
clocksource_watchdog()
clocksource_watchdog_kthread() or
clocksource_unbind()
spin_lock_irqsave(&watchdog_lock, flags);
clocksource_stop_watchdog();
del_timer(&watchdog_timer);
watchdog_running = 0;
spin_unlock_irqrestore(&watchdog_lock, flags);
spin_lock_irqsave(&watchdog_lock, flags);
clocksource_start_watchdog();
add_timer_on(&watchdog_timer, ...);
watchdog_running = 1;
spin_unlock_irqrestore(&watchdog_lock, flags);
spin_lock(&watchdog_lock);
add_timer_on(&watchdog_timer, ...);
BUG_ON(timer_pending(timer) || !timer->function);
timer_pending() -> true
BUG()
I.e. inside clocksource_watchdog() watchdog_timer could be already armed.
Check timer_pending() before calling add_timer_on(). This is sufficient as
all operations are synchronized by watchdog_lock.
Fixes:
|
||
|
Greg Kroah-Hartman
|
9759f952fd |
Merge 4.9.208 into android-4.9-q
Changes in 4.9.208 btrfs: skip log replay on orphaned roots btrfs: do not leak reloc root if we fail to read the fs root btrfs: handle ENOENT in btrfs_uuid_tree_iterate ALSA: pcm: Avoid possible info leaks from PCM stream buffers ALSA: hda/ca0132 - Keep power on during processing DSP response ALSA: hda/ca0132 - Avoid endless loop drm: mst: Fix query_payload ack reply struct drm/bridge: analogix-anx78xx: silence -EPROBE_DEFER warnings iio: light: bh1750: Resolve compiler warning and make code more readable spi: Add call to spi_slave_abort() function when spidev driver is released staging: rtl8192u: fix multiple memory leaks on error path staging: rtl8188eu: fix possible null dereference rtlwifi: prevent memory leak in rtl_usb_probe libertas: fix a potential NULL pointer dereference IB/iser: bound protection_sg size by data_sg size media: am437x-vpfe: Setting STD to current value is not an error media: i2c: ov2659: fix s_stream return value media: i2c: ov2659: Fix missing 720p register config media: ov6650: Fix stored frame format not in sync with hardware tools/power/cpupower: Fix initializer override in hsw_ext_cstates usb: renesas_usbhs: add suspend event support in gadget mode hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() media: cec-funcs.h: add status_req checks samples: pktgen: fix proc_cmd command result check logic mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number media: ti-vpe: vpe: Make sure YUYV is set as default format extcon: sm5502: Reset registers during initialization x86/mm: Use the correct function type for native_set_fixmap() perf test: Report failure for mmap events perf report: Add warning when libunwind not compiled in usb: usbfs: Suppress problematic bind and unbind uevents. iio: adc: max1027: Reset the device at probe time Bluetooth: hci_core: fix init for HCI_USER_CHANNEL x86/mce: Lower throttling MCE messages' priority to warning drm/gma500: fix memory disclosures due to uninitialized bytes rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot x86/ioapic: Prevent inconsistent state when moving an interrupt arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() libata: Ensure ata_port probe has completed before detach pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B Bluetooth: Fix advertising duplicated flags bnx2x: Fix PF-VF communication over multi-cos queues. spi: img-spfi: fix potential double release ALSA: timer: Limit max amount of slave instances rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() perf probe: Fix to find range-only function instance perf probe: Fix to list probe event with correct line number perf probe: Walk function lines in lexical blocks perf probe: Fix to probe an inline function which has no entry pc perf probe: Fix to show ranges of variables in functions without entry_pc perf probe: Fix to show inlined function callsite without entry_pc perf probe: Fix to probe a function which has no entry pc perf probe: Skip overlapped location on searching variables perf probe: Return a better scope DIE if there is no best scope perf probe: Fix to show calling lines of inlined functions perf probe: Skip end-of-sequence and non statement lines perf probe: Filter out instances except for inlined subroutine and subprogram ath10k: fix get invalid tx rate for Mesh metric media: pvrusb2: Fix oops on tear-down when radio support is not present media: si470x-i2c: add missed operations in remove EDAC/ghes: Fix grain calculation spi: pxa2xx: Add missed security checks ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile s390/disassembler: don't hide instruction addresses parport: load lowlevel driver if ports not found cpufreq: Register drivers only after CPU devices have been registered x86/crash: Add a forward declaration of struct kimage iwlwifi: mvm: fix unaligned read of rx_pkt_status spi: tegra20-slink: add missed clk_unprepare mmc: tmio: Add MMC_CAP_ERASE to allow erase/discard/trim requests btrfs: don't prematurely free work in end_workqueue_fn() btrfs: don't prematurely free work in run_ordered_work() spi: st-ssc4: add missed pm_runtime_disable x86/insn: Add some Intel instructions to the opcode map iwlwifi: check kasprintf() return value fbtft: Make sure string is NULL terminated crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c crypto: vmx - Avoid weird build failures libtraceevent: Fix memory leakage in copy_filter_type net: phy: initialise phydev speed and duplex sanely btrfs: don't prematurely free work in reada_start_machine_worker() Revert "mmc: sdhci: Fix incorrect switch to HS mode" usb: xhci: Fix build warning seen with CONFIG_PM=n btrfs: don't double lock the subvol_sem for rename exchange btrfs: do not call synchronize_srcu() in inode_tree_del btrfs: return error pointer from alloc_test_extent_buffer btrfs: abort transaction after failed inode updates in create_subvol Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues af_packet: set defaule value for tmo fjes: fix missed check in fjes_acpi_add mod_devicetable: fix PHY module format net: hisilicon: Fix a BUG trigered by wrong bytes_compl net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() net: qlogic: Fix error paths in ql_alloc_large_buffers() net: usb: lan78xx: Fix suspend/resume PHY register access error sctp: fully initialize v4 addr in some functions net: dst: Force 4-byte alignment of dst_metrics usbip: Fix error path of vhci_recv_ret_submit() USB: EHCI: Do not return -EPIPE when hub is disconnected platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value ext4: fix ext4_empty_dir() for directories with holes ext4: check for directory entries too close to block end powerpc/irq: fix stack overflow verification mmc: sdhci-of-esdhc: fix P2020 errata handling perf probe: Fix to show function entry line as probe-able scsi: mpt3sas: Fix clear pending bit in ioctl status scsi: lpfc: Fix locking on mailbox command completion Input: atmel_mxt_ts - disable IRQ across suspend iommu/tegra-smmu: Fix page tables in > 4 GiB memory scsi: target: compare full CHAP_A Algorithm strings scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices scsi: csiostor: Don't enable IRQs too early powerpc/pseries: Mark accumulate_stolen_time() as notrace powerpc/pseries: Don't fail hash page table insert for bolted mapping dma-debug: add a schedule point in debug_dma_dump_mappings() clocksource/drivers/asm9260: Add a check for of_clk_get powerpc/security/book3s64: Report L1TF status in sysfs powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning jbd2: Fix statistics for the number of logged blocks scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow clk: qcom: Allow constant ratio freq tables for rcg irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary irqchip: ingenic: Error out if IRQ domain creation failed fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences scsi: ufs: fix potential bug which ends in system hang powerpc/pseries/cmm: Implement release() function for sysfs device powerpc/security: Fix wrong message when RFI Flush is disable scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE clk: pxa: fix one of the pxa RTC clocks bcache: at least try to shrink 1 node in bch_mca_scan() HID: Improve Windows Precision Touchpad detection. ext4: work around deleting a file with i_nlink == 0 safely scsi: pm80xx: Fix for SATA device discovery scsi: scsi_debug: num_tgts must be >= 0 scsi: target: iscsi: Wait for all commands to finish before freeing a session gpio: mpc8xxx: Don't overwrite default irq_set_type callback scripts/kallsyms: fix definitely-lost memory leak cdrom: respect device capabilities during opening action perf regs: Make perf_reg_name() return "unknown" instead of NULL libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h s390/cpum_sf: Check for SDBT and SDB consistency ocfs2: fix passing zero to 'PTR_ERR' warning kernel: sysctl: make drop_caches write-only x86/mce: Fix possibly incorrect severity calculation on AMD net, sysctl: Fix compiler warning when only cBPF is present ALSA: hda - Downgrade error message for single-cmd fallback perf strbuf: Remove redundant va_end() in strbuf_addv() Make filldir[64]() verify the directory entry filename is valid filldir[64]: remove WARN_ON_ONCE() for bad directory entries netfilter: ebtables: compat: reject all padding in matches/watchers 6pack,mkiss: fix possible deadlock netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() net: icmp: fix data-race in cmp_global_allow() hrtimer: Annotate lockless access to timer->state tty/serial: atmel: fix out of range clock divider handling pinctrl: baytrail: Really serialize all register accesses mmc: sdhci: Update the tuning failed messages to pr_debug level net: ena: fix napi handler misbehavior when the napi budget is zero vhost/vsock: accept only packets with the right dst_cid tcp/dccp: fix possible race __inet_lookup_established() tcp: do not send empty skb from tcp_write_xmit() gtp: fix wrong condition in gtp_genl_dump_pdp() gtp: avoid zero size hashtable Linux 4.9.208 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Dumazet
|
190d14f3dd |
hrtimer: Annotate lockless access to timer->state
commit 56144737e67329c9aaed15f942d46a6302e2e3d8 upstream. syzbot reported various data-race caused by hrtimer_is_queued() reading timer->state. A READ_ONCE() is required there to silence the warning. Also add the corresponding WRITE_ONCE() when timer->state is set. In remove_hrtimer() the hrtimer_is_queued() helper is open coded to avoid loading timer->state twice. KCSAN reported these cases: BUG: KCSAN: data-race in __remove_hrtimer / tcp_pacing_check write to 0xffff8880b2a7d388 of 1 bytes by interrupt on cpu 0: __remove_hrtimer+0x52/0x130 kernel/time/hrtimer.c:991 __run_hrtimer kernel/time/hrtimer.c:1496 [inline] __hrtimer_run_queues+0x250/0x600 kernel/time/hrtimer.c:1576 hrtimer_run_softirq+0x10e/0x150 kernel/time/hrtimer.c:1593 __do_softirq+0x115/0x33f kernel/softirq.c:292 run_ksoftirqd+0x46/0x60 kernel/softirq.c:603 smpboot_thread_fn+0x37d/0x4a0 kernel/smpboot.c:165 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352 read to 0xffff8880b2a7d388 of 1 bytes by task 24652 on cpu 1: tcp_pacing_check net/ipv4/tcp_output.c:2235 [inline] tcp_pacing_check+0xba/0x130 net/ipv4/tcp_output.c:2225 tcp_xmit_retransmit_queue+0x32c/0x5a0 net/ipv4/tcp_output.c:3044 tcp_xmit_recovery+0x7c/0x120 net/ipv4/tcp_input.c:3558 tcp_ack+0x17b6/0x3170 net/ipv4/tcp_input.c:3717 tcp_rcv_established+0x37e/0xf50 net/ipv4/tcp_input.c:5696 tcp_v4_do_rcv+0x381/0x4e0 net/ipv4/tcp_ipv4.c:1561 sk_backlog_rcv include/net/sock.h:945 [inline] __release_sock+0x135/0x1e0 net/core/sock.c:2435 release_sock+0x61/0x160 net/core/sock.c:2951 sk_stream_wait_memory+0x3d7/0x7c0 net/core/stream.c:145 tcp_sendmsg_locked+0xb47/0x1f30 net/ipv4/tcp.c:1393 tcp_sendmsg+0x39/0x60 net/ipv4/tcp.c:1434 inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg+0x9f/0xc0 net/socket.c:657 BUG: KCSAN: data-race in __remove_hrtimer / __tcp_ack_snd_check write to 0xffff8880a3a65588 of 1 bytes by interrupt on cpu 0: __remove_hrtimer+0x52/0x130 kernel/time/hrtimer.c:991 __run_hrtimer kernel/time/hrtimer.c:1496 [inline] __hrtimer_run_queues+0x250/0x600 kernel/time/hrtimer.c:1576 hrtimer_run_softirq+0x10e/0x150 kernel/time/hrtimer.c:1593 __do_softirq+0x115/0x33f kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0xbb/0xe0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0xe6/0x280 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830 read to 0xffff8880a3a65588 of 1 bytes by task 22891 on cpu 1: __tcp_ack_snd_check+0x415/0x4f0 net/ipv4/tcp_input.c:5265 tcp_ack_snd_check net/ipv4/tcp_input.c:5287 [inline] tcp_rcv_established+0x750/0xf50 net/ipv4/tcp_input.c:5708 tcp_v4_do_rcv+0x381/0x4e0 net/ipv4/tcp_ipv4.c:1561 sk_backlog_rcv include/net/sock.h:945 [inline] __release_sock+0x135/0x1e0 net/core/sock.c:2435 release_sock+0x61/0x160 net/core/sock.c:2951 sk_stream_wait_memory+0x3d7/0x7c0 net/core/stream.c:145 tcp_sendmsg_locked+0xb47/0x1f30 net/ipv4/tcp.c:1393 tcp_sendmsg+0x39/0x60 net/ipv4/tcp.c:1434 inet_sendmsg+0x6d/0x90 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg+0x9f/0xc0 net/socket.c:657 __sys_sendto+0x21f/0x320 net/socket.c:1952 __do_sys_sendto net/socket.c:1964 [inline] __se_sys_sendto net/socket.c:1960 [inline] __x64_sys_sendto+0x89/0xb0 net/socket.c:1960 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 24652 Comm: syz-executor.3 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ tglx: Added comments ] Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lkml.kernel.org/r/20191106174804.74723-1-edumazet@google.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
jianzhou
|
926acc1dd6 |
Merge android-4.9.200(851ba64) into msm-4.9
* refs/heads/tmp-851ba64: Linux 4.9.200 alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP dmaengine: qcom: bam_dma: Fix resource leak net/flow_dissector: switch to siphash kbuild: add -fcf-protection=none when using retpoline flags kbuild: use -fmacro-prefix-map to make __FILE__ a relative path Kbuild: make designated_init attribute fatal inet: stop leaking jiffies on the wire net/mlx4_core: Dynamically set guaranteed amount of counters per VF vxlan: check tun_info options_len properly net: bcmgenet: reset 40nm EPHY on energy detect net: dsa: fix switch tree list net: add READ_ONCE() annotation in __skb_wait_for_more_packets() selftests: net: reuseport_dualstack: fix uninitalized parameter net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() net: hisilicon: Fix ping latency when deal with high throughput net: fix sk_page_frag() recursion from memory reclaim dccp: do not leak jiffies on the wire cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs MIPS: bmips: mark exception vectors as char arrays of: unittest: fix memory leak in unittest_data_add scsi: target: core: Do not overwrite CDB byte 1 ARM: davinci: dm365: Fix McBSP dma_slave_map entry perf kmem: Fix memory leak in compact_gfp_flags() ARM: dts: imx7s: Correct GPT's ipg clock source scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE scsi: sni_53c710: fix compilation error scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions ARM: mm: fix alignment handler faults under memory pressure pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable() ARM: dts: logicpd-torpedo-som: Remove twl_keypad ASoc: rockchip: i2s: Fix RPM imbalance ASoC: wm_adsp: Don't generate kcontrols without READ flags regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone UPSTREAM: HID: steam: fix deadlock with input devices. UPSTREAM: HID: steam: fix boot loop with bluetooth firmware UPSTREAM: HID: steam: remove input device when a hid client is running. UPSTREAM: HID: steam: use hid_device.driver_data instead of hid_set_drvdata() UPSTREAM: HID: steam: add missing fields in client initialization UPSTREAM: HID: steam: add battery device. UPSTREAM: HID: add driver for Valve Steam Controller UPSTREAM: HID: sony: Fix memory corruption issue on cleanup. UPSTREAM: HID: sony: Fix race condition between rumble and device remove. Change-Id: I6ac3e286647ddaa3bbe85c080feb28aa1089e732 Signed-off-by: jianzhou <jianzhou@codeaurora.org> |
||
|
jianzhou
|
234d2c711e |
Merge android-4.9.197(e9766ef) into msm-4.9
* refs/heads/tmp-e9766ef:
Linux 4.9.197
xfs: clear sb->s_fs_info on mount failure
x86/asm: Fix MWAITX C-state hint value
tracing: Get trace_array reference for available_tracers files
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
tracing/hwlat: Report total time spent in all NMIs during the sample
media: stkwebcam: fix runtime PM after driver unbind
Fix the locking in dcache_readdir() and friends
MIPS: Disable Loongson MMI instructions for kernel build
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
staging: fbtft: Stop using BL_CORE_DRIVER1
kernel/sysctl.c: do not override max_threads provided by userspace
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
CIFS: Force revalidate inode when dentry is stale
CIFS: Gracefully handle QueryInfo errors during open
perf inject jit: Fix JIT_CODE_MOVE filename
perf llvm: Don't access out-of-scope array
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
iio: light: opt3001: fix mutex unlock race
iio: adc: ad799x: fix probe error handling
staging: vt6655: Fix memory leak in vt6655_probe
USB: legousbtower: fix use-after-free on release
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix slab info leak at probe
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
USB: dummy-hcd: fix power budget for SuperSpeed mode
USB: microtek: fix info-leak at probe
USB: usblcd: fix I/O after disconnect
USB: serial: fix runtime PM after driver unbind
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: option: add Telit FN980 compositions
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: keyspan: fix NULL-derefs on open() and write()
serial: uartlite: fix exit path null pointer
USB: ldusb: fix NULL-derefs on driver unbind
USB: chaoskey: fix use-after-free on release
USB: usblp: fix runtime PM after driver unbind
USB: iowarrior: fix use-after-free after driver unbind
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: adutux: fix use-after-free on release
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on disconnect
USB: adutux: remove redundant variable minor
xhci: Increase STS_SAVE timeout in xhci_suspend()
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Check all endpoints for LPM timeout
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Fix false warning message about wrong bounce buffer write length
USB: usb-skeleton: fix NULL-deref on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: yurex: fix NULL-derefs on disconnect
USB: yurex: Don't retry on unexpected errors
USB: rio500: Remove Rio 500 kernel driver
panic: ensure preemption is disabled during panic()
ASoC: sgtl5000: Improve VAG power and mute control
nl80211: validate beacon head
cfg80211: Use const more consistently in for_each_element macros
cfg80211: add and use strongly typed element iteration macros
coresight: etm4x: Use explicit barriers on enable/disable
crypto: caam - fix concurrency issue in givencrypt descriptor
perf stat: Reset previous counts on repeat with interval
perf stat: Fix a segmentation fault when using repeat forever
perf tools: Fix segfault in cpu_cache_level__read()
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
kernel/elfcore.c: include proper prototypes
sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
fuse: fix memleak in cuse_channel_open
thermal: Fix use-after-free when unregistering thermal zone device
drm/amdgpu: Check for valid number of registers to read
ceph: reconnect connection if session hang in opening state
ceph: fix directories inode i_blkbits initialization
xen/pci: reserve MCFG areas earlier
9p: avoid attaching writeback_fid on mmap with type PRIVATE
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
ima: always return negative code for error
cfg80211: initialize on-stack chandefs
ieee802154: atusb: fix use-after-free at disconnect
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
timer: Read jiffies once when forwarding base clk
usercopy: Avoid HIGHMEM pfn warning
crypto: qat - Silence smp_processor_id() warning
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
ASoC: Define a set of DAPM pre/post-up events
KVM: nVMX: handle page fault in vmread fix
s390/cio: exclude subchannels with no parent from pseudo check
s390/cio: avoid calling strlen on null pointer
s390/topology: avoid firing events before kobjs are created
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
ANDROID: cuttlefish_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON
Conflicts:
kernel/sched/core.c
Change-Id: I7ee939936455a1664cfacc860e3ac229171cf1e3
Signed-off-by: jianzhou <jianzhou@codeaurora.org>
|
||
|
jianzhou
|
f661fceccb |
Merge android-4.9.195(59aade0) into msm-4.9
* refs/heads/tmp-59aade0: Linux 4.9.195 Btrfs: fix race setting up and completing qgroup rescan workers btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item CIFS: Fix oplock handling for SMB 2.1+ protocols CIFS: fix max ea value size i2c: riic: Clear NACK in tend isr hwrng: core - don't wait on add_early_randomness() quota: fix wrong condition in is_quota_modification() ext4: fix punch hole for inline_data file systems ext4: fix warning inside ext4_convert_unwritten_extents_endio /dev/mem: Bail out upon SIGKILL. cfg80211: Purge frame registrations on iftype change md/raid6: Set R5_ReadError when there is read failure on parity disk btrfs: Relinquish CPUs in btrfs_compare_trees Btrfs: fix use-after-free when using the tree modification log ovl: filter of trusted xattr results in audit memcg, kmem: do not fail __GFP_NOFAIL charges regulator: Defer init completion for a while after late_initcall alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up ASoC: Intel: Fix use of potentially uninitialized variable ASoC: Intel: NHLT: Fix debug print format media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table KVM: x86: Manually calculate reserved bits when loading PDPTRS KVM: x86: set ctxt->have_exception in x86_decode_insn() KVM: x86: always stop emulation on page fault parisc: Disable HP HSC-PCI Cards to prevent kernel crash fuse: fix missing unlock_page in fuse_writepage() printk: Do not lose last line in kmsg buffer dump printk: remove games with previous record flags IB/hfi1: Define variables as unsigned long to fix KASAN warning ALSA: firewire-tascam: check intermediate state of clock status and retry ALSA: firewire-tascam: handle error code when getting current source of clock PM / devfreq: passive: fix compiler warning media: omap3isp: Set device on omap3isp subdevs btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) e1000e: add workaround for possible stalled packet libertas: Add missing sentinel at end of if_usb.c fw_table mmc: sdhci: Fix incorrect switch to HS mode ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding kprobes: Prohibit probing on BUG() and WARN() address dmaengine: ti: edma: Do not reset reserved paRAM slots md/raid1: fail run raid1 array when active disk less than one hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' ACPI / PCI: fix acpi_pci_irq_enable() memory leak ACPI: custom_method: fix memory leaks ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks libtraceevent: Change users plugin directory iommu/amd: Silence warnings under memory pressure nvmet: fix data units read and written counters in SMART log arm64: kpti: ensure patched kernel text is fetched from PoU ACPI / CPPC: do not require the _PSD method media: ov9650: add a sanity check media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() media: cpia2_usb: fix memory leaks media: saa7146: add cleanup in hexium_attach() PM / devfreq: exynos-bus: Correct clock enable sequence PM / devfreq: passive: Use non-devm notifiers media: dvb-core: fix a memory leak bug media: hdpvr: add terminating 0 at end of string media: radio/si470x: kill urb on error ARM: dts: imx7d: cl-som-imx7: make ethernet work again net: lpc-enet: fix printk format strings media: omap3isp: Don't set streaming state on random subdevs dmaengine: iop-adma: use correct printk format strings media: gspca: zero usb_buf on error efi: cper: print AER info of PCIe fatal error md: don't set In_sync if array is frozen md: don't call spare_active in md_reap_sync_thread if all member devices can't work EDAC/altera: Use the proper type for the IRQ status bits ia64:unwind: fix double free for mod->arch.init_unw_table ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid base: soc: Export soc_device_register/unregister APIs media: iguanair: add sanity checks ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() ALSA: hda - Show the fatal CORB/RIRB error more clearly x86/apic: Soft disable APIC before initializing it x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails sched/core: Fix CPU controller for !RT_GROUP_SCHED sched/fair: Fix imbalance due to CPU affinity media: hdpvr: Add device num check and handling media: exynos4-is: fix leaked of_node references media: dib0700: fix link error for dibx000_i2c_set_speed leds: leds-lp5562 allow firmware files up to the maximum length dmaengine: bcm2835: Print error in case setting DMA mask fails ASoC: sgtl5000: Fix charge pump source assignment regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg ALSA: hda: Flush interrupts on disabling nfc: enforce CAP_NET_RAW for raw sockets ieee802154: enforce CAP_NET_RAW for raw sockets ax25: enforce CAP_NET_RAW for raw sockets appletalk: enforce CAP_NET_RAW for raw sockets mISDN: enforce CAP_NET_RAW for raw sockets usbnet: sanity checking of packet sizes and device mtu usbnet: ignore endpoints with invalid wMaxPacketSize skge: fix checksum byte order sch_netem: fix a divide by zero in tabledist() ppp: Fix memory leak in ppp_write openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC net: qrtr: Stop rx_worker before freeing node net/phy: fix DP83865 10 Mbps HDX loopback disable function macsec: drop skb sk before calling gro_cells_receive cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize arcnet: provide a buffer big enough to actually receive packets Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices xfs: don't crash on null attr fork xfs_bmapi_read drm: Flush output polling on shutdown f2fs: fix to do sanity check on segment bitmap of LFS curseg Revert "f2fs: avoid out-of-range memory access" f2fs: check all the data segments against all node ones irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices locking/lockdep: Add debug_locks check in __lock_downgrade() power: supply: sysfs: ratelimit property read error message mac80211: handle deauthentication/disassociation from TDLS peer mac80211: Print text for disassociation reason objtool: Clobber user CFLAGS variable ALSA: hda - Add laptop imic fixup for ASUS M9V laptop ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt() media: tvp5150: fix switch exit in set control handler crypto: talitos - fix missing break in switch statement mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword() HID: hidraw: Fix invalid read in hidraw_ioctl HID: logitech: Fix general protection fault caused by Logitech driver HID: prodikeys: Fix general protection fault during probe IB/core: Add an unbound WQ type to the new CQ API Revert "Bluetooth: validate BLE connection interval updates" BACKPORT: block: annotate refault stalls from IO submission ANDROID: usb: gadget: Fix dependency for f_accessory Remove taskname from lowmemorykiller kill reports Conflicts: fs/f2fs/segment.c fs/f2fs/super.c Change-Id: I74bfa6392af27f28936e1ee4bed62b80444b8f76 Signed-off-by: jianzhou <jianzhou@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
851ba64a93 |
Merge 4.9.200 into android-4.9-q
Changes in 4.9.200 regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized ASoC: wm_adsp: Don't generate kcontrols without READ flags ASoc: rockchip: i2s: Fix RPM imbalance ARM: dts: logicpd-torpedo-som: Remove twl_keypad pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable() ARM: mm: fix alignment handler faults under memory pressure scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions scsi: sni_53c710: fix compilation error scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE ARM: dts: imx7s: Correct GPT's ipg clock source perf kmem: Fix memory leak in compact_gfp_flags() ARM: davinci: dm365: Fix McBSP dma_slave_map entry scsi: target: core: Do not overwrite CDB byte 1 of: unittest: fix memory leak in unittest_data_add MIPS: bmips: mark exception vectors as char arrays cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs dccp: do not leak jiffies on the wire net: fix sk_page_frag() recursion from memory reclaim net: hisilicon: Fix ping latency when deal with high throughput net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() selftests: net: reuseport_dualstack: fix uninitalized parameter net: add READ_ONCE() annotation in __skb_wait_for_more_packets() net: dsa: fix switch tree list net: bcmgenet: reset 40nm EPHY on energy detect vxlan: check tun_info options_len properly net/mlx4_core: Dynamically set guaranteed amount of counters per VF inet: stop leaking jiffies on the wire Kbuild: make designated_init attribute fatal kbuild: use -fmacro-prefix-map to make __FILE__ a relative path kbuild: add -fcf-protection=none when using retpoline flags net/flow_dissector: switch to siphash dmaengine: qcom: bam_dma: Fix resource leak alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP Linux 4.9.200 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Petr Vorel
|
07abe8c6ec |
alarmtimer: Change remaining ENOTSUPP to EOPNOTSUPP
Fix backport of commit f18ddc13af981ce3c7b7f26925f099e7c6929aba upstream.
Update backport to change ENOTSUPP to EOPNOTSUPP in
alarm_timer_{del,set}(), which were removed in
f2c45807d3992fe0f173f34af9c347d907c31686 in v4.13-rc1.
Fixes:
|
||
|
Greg Kroah-Hartman
|
e9766ef8f1 |
Merge 4.9.197 into android-4.9-q
Changes in 4.9.197
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
s390/topology: avoid firing events before kobjs are created
s390/cio: avoid calling strlen on null pointer
s390/cio: exclude subchannels with no parent from pseudo check
KVM: nVMX: handle page fault in vmread fix
ASoC: Define a set of DAPM pre/post-up events
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
crypto: qat - Silence smp_processor_id() warning
usercopy: Avoid HIGHMEM pfn warning
timer: Read jiffies once when forwarding base clk
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
ieee802154: atusb: fix use-after-free at disconnect
cfg80211: initialize on-stack chandefs
ima: always return negative code for error
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
9p: avoid attaching writeback_fid on mmap with type PRIVATE
xen/pci: reserve MCFG areas earlier
ceph: fix directories inode i_blkbits initialization
ceph: reconnect connection if session hang in opening state
drm/amdgpu: Check for valid number of registers to read
thermal: Fix use-after-free when unregistering thermal zone device
fuse: fix memleak in cuse_channel_open
sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
kernel/elfcore.c: include proper prototypes
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
perf tools: Fix segfault in cpu_cache_level__read()
perf stat: Fix a segmentation fault when using repeat forever
perf stat: Reset previous counts on repeat with interval
crypto: caam - fix concurrency issue in givencrypt descriptor
coresight: etm4x: Use explicit barriers on enable/disable
cfg80211: add and use strongly typed element iteration macros
cfg80211: Use const more consistently in for_each_element macros
nl80211: validate beacon head
ASoC: sgtl5000: Improve VAG power and mute control
panic: ensure preemption is disabled during panic()
USB: rio500: Remove Rio 500 kernel driver
USB: yurex: Don't retry on unexpected errors
USB: yurex: fix NULL-derefs on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: usb-skeleton: fix NULL-deref on disconnect
xhci: Fix false warning message about wrong bounce buffer write length
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Check all endpoints for LPM timeout
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Increase STS_SAVE timeout in xhci_suspend()
USB: adutux: remove redundant variable minor
USB: adutux: fix use-after-free on disconnect
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free after driver unbind
USB: usblp: fix runtime PM after driver unbind
USB: chaoskey: fix use-after-free on release
USB: ldusb: fix NULL-derefs on driver unbind
serial: uartlite: fix exit path null pointer
USB: serial: keyspan: fix NULL-derefs on open() and write()
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: option: add Telit FN980 compositions
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: fix runtime PM after driver unbind
USB: usblcd: fix I/O after disconnect
USB: microtek: fix info-leak at probe
USB: dummy-hcd: fix power budget for SuperSpeed mode
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
USB: legousbtower: fix slab info leak at probe
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix use-after-free on release
staging: vt6655: Fix memory leak in vt6655_probe
iio: adc: ad799x: fix probe error handling
iio: light: opt3001: fix mutex unlock race
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
perf llvm: Don't access out-of-scope array
perf inject jit: Fix JIT_CODE_MOVE filename
CIFS: Gracefully handle QueryInfo errors during open
CIFS: Force revalidate inode when dentry is stale
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
kernel/sysctl.c: do not override max_threads provided by userspace
staging: fbtft: Stop using BL_CORE_DRIVER1
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
MIPS: Disable Loongson MMI instructions for kernel build
Fix the locking in dcache_readdir() and friends
media: stkwebcam: fix runtime PM after driver unbind
tracing/hwlat: Report total time spent in all NMIs during the sample
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
tracing: Get trace_array reference for available_tracers files
x86/asm: Fix MWAITX C-state hint value
xfs: clear sb->s_fs_info on mount failure
Linux 4.9.197
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Li RongQing
|
75be612c1e |
timer: Read jiffies once when forwarding base clk
commit e430d802d6a3aaf61bd3ed03d9404888a29b9bf9 upstream.
The timer delayed for more than 3 seconds warning was triggered during
testing.
Workqueue: events_unbound sched_tick_remote
RIP: 0010:sched_tick_remote+0xee/0x100
...
Call Trace:
process_one_work+0x18c/0x3a0
worker_thread+0x30/0x380
kthread+0x113/0x130
ret_from_fork+0x22/0x40
The reason is that the code in collect_expired_timers() uses jiffies
unprotected:
if (next_event > jiffies)
base->clk = jiffies;
As the compiler is allowed to reload the value base->clk can advance
between the check and the store and in the worst case advance farther than
next event. That causes the timer expiry to be delayed until the wheel
pointer wraps around.
Convert the code to use READ_ONCE()
Fixes:
|
||
|
jianzhou
|
79bbe9c88c |
Merge android-4.9.187 (fabc071) into msm-4.9
* refs/heads/tmp-fabc071:
Linux 4.9.187
ceph: hold i_ceph_lock when removing caps for freeing inode
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
sched/fair: Don't free p->numa_faults with concurrent readers
Bluetooth: hci_uart: check for missing tty operations
media: radio-raremono: change devm_k*alloc to k*alloc
media: cpia2_usb: first wake up, then free in disconnect
media: au0828: fix null dereference in error path
ISDN: hfcsusb: checking idx of ep configuration
arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
i2c: qup: fixed releasing dma without flush operation completion
arm64: dts: marvell: Fix A37xx UART0 register size
tcp: reset sk_send_head in tcp_write_queue_purge
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
access: avoid the RCU grace period for the temporary subjective credentials
powerpc/tm: Fix oops on sigreturn on systems without TM
ALSA: hda - Add a conexant codec entry to let mute led work
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
hpet: Fix division by zero in hpet_time_div()
x86/speculation/mds: Apply more accurate check on hypervisor platform
x86/sysfb_efi: Add quirks for some devices with swapped width and height
usb: pci-quirks: Correct AMD PLL quirk detection
usb: wusbcore: fix unbalanced get/put cluster_id
locking/lockdep: Hide unused 'class' variable
locking/lockdep: Fix lock used or unused stats error
mm/mmu_notifier: use hlist_add_head_rcu()
9p: pass the correct prototype to read_cache_page
mm/kmemleak.c: fix check for softirq context
sh: prevent warnings when using iounmap
powerpc/eeh: Handle hugepages in ioremap space
mailbox: handle failed named mailbox channel request
f2fs: avoid out-of-range memory access
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
kallsyms: exclude kasan local symbols on s390
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
serial: sh-sci: Terminate TX DMA during buffer flushing
RDMA/i40iw: Set queue pair state when being queried
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
um: Silence lockdep complaint about mmap_sem
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
mfd: arizona: Fix undefined behavior
mfd: core: Set fwnode for created devices
recordmcount: Fix spurious mcount entries on powerpc
iio: iio-utils: Fix possible incorrect mask calculation
PCI: xilinx-nwl: Fix Multi MSI data programming
kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
PCI: sysfs: Ignore lockdep for remove attribute
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
usb: gadget: Zero ffs_io_data
tty: serial_core: Set port active bit in uart_port_activate
drm/rockchip: Properly adjust to a true clock in adjusted_mode
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/virtio: Add memory barriers for capset cache.
serial: 8250: Fix TX interrupt handling condition
tty: serial: msm_serial: avoid system lockup condition
tty/serial: digicolor: Fix digicolor-usart already registered warning
memstick: Fix error cleanup path of memstick_init
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
drm/bridge: tc358767: read display_props in get_modes()
tty: serial: cpm_uart - fix init when SMC is relocated
pinctrl: rockchip: fix leaked of_node references
tty: max310x: Fix invalid baudrate divisors calculator
usb: core: hub: Disable hub-initiated U1/U2
drm/panel: simple: Fix panel_simple_dsi_probe
nfsd: Fix overflow causing non-working mounts on 1 TB machines
nfsd: fix performance-limiting session calculation
nfsd: give out fewer session slots as limit approaches
nfsd: increase DRC cache limit
NFSv4: Fix open create exclusive when the server reboots
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
perf/x86/amd/uncore: Get correct number of cores sharing last level cache
perf/x86/amd/uncore: Rename 'L2' to 'LLC'
net: bridge: stp: don't cache eth dest pointer before skb pull
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
tcp: Reset bytes_acked and bytes_received when disconnecting
bonding: validate ip header before check IPPROTO_IGMP
netrom: hold sock when setting skb->destructor
netrom: fix a memory leak in nr_rx_frame()
macsec: fix checksumming after decryption
macsec: fix use-after-free of skb during RX
vrf: make sure skb->data contains ip header to make routing
sky2: Disable MSI on ASUS P6T
rxrpc: Fix send on a connected, but unbound socket
nfc: fix potential illegal memory access
net: openvswitch: fix csum updates for MPLS actions
net: neigh: fix multiple neigh timer scheduling
net: dsa: mv88e6xxx: wait after reset deactivation
net: bcmgenet: use promisc for unsupported filters
ipv4: don't set IPv6 only flags to IPv4 addresses
igmp: fix memory leak in igmpv3_del_delrec()
caif-hsi: fix possible deadlock in cfhsi_exit_module()
bnx2x: Prevent ptp_task to be rescheduled indefinitely
bnx2x: Prevent load reordering in tx completion processing
ext4: allow directory holes
lib/strscpy: Shut up KASAN false-positives in strscpy()
compiler.h: Add read_word_at_a_time() function.
compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
dm bufio: fix deadlock with loop device
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
intel_th: msu: Fix single mode with disabled IOMMU
eCryptfs: fix a couple type promotion bugs
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
parisc: Ensure userspace privilege for ptraced processes in regset functions
um: Fix FP register size for XSTATE/XSAVE
um: Allow building and running on older hosts
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
PCI: hv: Delete the device earlier from hbus->children for hot-remove
crypto: ccp - Validate the the error value used to index error messages
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
coda: pass the host file in vma->vm_file on mmap
floppy: fix out-of-bounds read in copy_buffer
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in next_valid_format
floppy: fix div-by-zero in setup_format_params
take floppy compat ioctls to sodding floppy.c
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
Btrfs: add missing inode version, ctime and mtime updates when punching hole
PCI: Do not poll for PME if the device is in D3cold
9p/virtio: Add cleanup path in p9_virtio_init
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
drm/nouveau/i2c: Enable i2c pads & busses during preinit
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
arm64: tegra: Fix AGIC register range
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
media: coda: Remove unbalanced and unneeded mutex unlock
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
ALSA: seq: Break too long mutex context in the write loop
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
NFSv4: Handle the special Linux file open access mode
tracing/snapshot: Resize spare buffer if size changed
iwlwifi: pcie: don't service an interrupt that was masked
arm64: tegra: Update Jetson TX1 GPU regulator timings
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
Input: gtco - bounds check collection indent level
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: ghash - fix unaligned memory access in ghash_setkey()
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
scsi: NCR5380: Always re-enable reselection interrupt
scsi: NCR5380: Reduce goto statements in NCR5380_select()
xen: let alloc_xenballooned_pages() fail if not enough memory free
gtp: fix use-after-free in gtp_newlink()
gtp: fix Illegal context switch in RCU read-side critical section.
Bluetooth: validate BLE connection interval updates
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
net: usb: asix: init MAC address buffers
iwlwifi: mvm: Drop large non sta frames
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
crypto: asymmetric_keys - select CRYPTO_HASH where needed
ixgbe: Check DDM existence in transceiver before access
rslib: Fix handling of of caller provided syndrome
rslib: Fix decoding of shortened codes
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
libata: don't request sense data on !ZAC ATA devices
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
ath10k: fix PCIE device wake up failed
mt7601u: fix possible memory leak when the device is disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: do not schedule rx_tasklet when the device has been disconnected
media: coda: increment sequence offset for the last returned frame
media: coda: fix mpeg2 sequence number handling
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
timer_list: Guard procfs specific code
ntp: Limit TAI-UTC offset
media: i2c: fix warning same module names
ipsec: select crypto ciphers for xfrm_algo
EDAC/sysfs: Fix memory leak when creating a csrow object
ipoib: correcly show a VF hardware address
vhost_net: disable zerocopy by default
perf evsel: Make perf_evsel__name() accept a NULL argument
xfrm: fix sa selector validation
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
rcu: Force inlining of rcu_read_lock()
bpf: silence warning messages in core
regmap: fix bulk writes on paged registers
gpio: omap: ensure irq is enabled before wakeup
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
perf test 6: Fix missing kvm module load for s390
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
s390/qdio: handle PENDING state for QEBSM devices
net: axienet: Fix race condition causing TX hang
net: fec: Do not use netdev messages too early
cpupower : frequency-set -r option misses the last cpu in related cpu list
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
locking/lockdep: Fix merging of hlocks with non-zero references
tua6100: Avoid build warnings.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
crypto: talitos - properly handle split ICV.
net: phy: Check against net_device being NULL
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
media: mc-device.c: don't memset __user pointer contents
xfrm: Fix xfrm sel prefix length validation
af_key: fix leaks in key_pol_get_resp and dump_sp.
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
net: stmmac: dwmac4/5: Clear unused address entries
net: stmmac: dwmac1000: Clear unused address entries
media: media_device_enum_links32: clean a reserved field
media: vpss: fix a potential NULL pointer dereference
media: marvell-ccic: fix DMA s/g desc number calculation
crypto: talitos - fix skcipher failure due to wrong output IV
media: dvb: usb: fix use after free in dvb_usb_device_exit
batman-adv: fix for leaked TVLV handler.
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
ath6kl: add some bounds checking
ath9k: Check for errors when reading SREV register
ath10k: Do not send probe response template for mesh
dmaengine: imx-sdma: fix use-after-free on probe error path
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
MIPS: fix build on non-linux hosts
MIPS: ath79: fix ar933x uart parity mode
ext4: remove unused value
f2fs: use EINVAL for superblock with invalid magic
f2fs: fix to read source block before invalidating it
f2fs: remove redundant check from f2fs_setflags_common()
f2fs: use generic checking and prep function for FS_IOC_SETFLAGS
vfs: use READ_ONCE() to access ->i_link
fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
ANDROID: enable CONFIG_RTC_DRV_TEST on cuttlefish
ANDROID: xfrm: remove in_compat_syscall() checks
UPSTREAM: binder: Set end of SG buffer area properly.
fscrypt: cache decrypted symlink target in ->i_link
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
ext4: remove unused d_name argument from ext4_search_dir() et al.
fscrypt: only set dentry_operations on ciphertext dentries
fscrypt: fix race allowing rename() and link() of ciphertext dentries
fscrypt: clean up and improve dentry revalidation
fscrypt: use READ_ONCE() to access ->i_crypt_info
fscrypt: remove WARN_ON_ONCE() when decryption fails
fscrypt: drop inode argument from fscrypt_get_ctx()
f2fs: improve print log in f2fs_sanity_check_ckpt()
f2fs: avoid out-of-range memory access
f2fs: fix to avoid long latency during umount
f2fs: allow all the users to pin a file
f2fs: support swap file w/ DIO
f2fs: allocate blocks for pinned file
f2fs: fix is_idle() check for discard type
f2fs: add a rw_sem to cover quota flag changes
f2fs: set SBI_NEED_FSCK for xattr corruption case
f2fs: use generic EFSBADCRC/EFSCORRUPTED
f2fs: Use DIV_ROUND_UP() instead of open-coding
f2fs: print kernel message if filesystem is inconsistent
f2fs: introduce f2fs_<level> macros to wrap f2fs_printk()
f2fs: avoid get_valid_blocks() for cleanup
f2fs: ioctl for removing a range from F2FS
f2fs: only set project inherit bit for directory
f2fs: separate f2fs i_flags from fs_flags and ext4 i_flags
f2fs: Add option to limit required GC for checkpoint=disable
f2fs: Fix accounting for unusable blocks
f2fs: Fix root reserved on remount
f2fs: Lower threshold for disable_cp_again
f2fs: fix sparse warning
f2fs: fix f2fs_show_options to show nodiscard mount option
f2fs: add error prints for debugging mount failure
f2fs: fix to do sanity check on segment bitmap of LFS curseg
f2fs: add missing sysfs entries in documentation
f2fs: fix to avoid deadloop if data_flush is on
f2fs: always assume that the device is idle under gc_urgent
f2fs: add bio cache for IPU
f2fs: allow ssr block allocation during checkpoint=disable period
f2fs: fix to check layout on last valid checkpoint park
Conflicts:
drivers/tty/serial/msm_serial.c
fs/crypto/bio.c
fs/crypto/keyinfo.c
fs/f2fs/data.c
Change-Id: I400b66ca62d751839b3e0499cb6c797f5f70b554
Signed-off-by: jianzhou <jianzhou@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
59aade02bb |
Merge 4.9.195 into android-4.9-q
Changes in 4.9.195 Revert "Bluetooth: validate BLE connection interval updates" IB/core: Add an unbound WQ type to the new CQ API HID: prodikeys: Fix general protection fault during probe HID: logitech: Fix general protection fault caused by Logitech driver HID: hidraw: Fix invalid read in hidraw_ioctl mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword() crypto: talitos - fix missing break in switch statement media: tvp5150: fix switch exit in set control handler ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt() ALSA: hda - Add laptop imic fixup for ASUS M9V laptop objtool: Clobber user CFLAGS variable mac80211: Print text for disassociation reason mac80211: handle deauthentication/disassociation from TDLS peer power: supply: sysfs: ratelimit property read error message locking/lockdep: Add debug_locks check in __lock_downgrade() irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices f2fs: check all the data segments against all node ones Revert "f2fs: avoid out-of-range memory access" f2fs: fix to do sanity check on segment bitmap of LFS curseg drm: Flush output polling on shutdown xfs: don't crash on null attr fork xfs_bmapi_read Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices arcnet: provide a buffer big enough to actually receive packets cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize macsec: drop skb sk before calling gro_cells_receive net/phy: fix DP83865 10 Mbps HDX loopback disable function net: qrtr: Stop rx_worker before freeing node openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC ppp: Fix memory leak in ppp_write sch_netem: fix a divide by zero in tabledist() skge: fix checksum byte order usbnet: ignore endpoints with invalid wMaxPacketSize usbnet: sanity checking of packet sizes and device mtu mISDN: enforce CAP_NET_RAW for raw sockets appletalk: enforce CAP_NET_RAW for raw sockets ax25: enforce CAP_NET_RAW for raw sockets ieee802154: enforce CAP_NET_RAW for raw sockets nfc: enforce CAP_NET_RAW for raw sockets ALSA: hda: Flush interrupts on disabling regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg ASoC: sgtl5000: Fix charge pump source assignment dmaengine: bcm2835: Print error in case setting DMA mask fails leds: leds-lp5562 allow firmware files up to the maximum length media: dib0700: fix link error for dibx000_i2c_set_speed media: exynos4-is: fix leaked of_node references media: hdpvr: Add device num check and handling sched/fair: Fix imbalance due to CPU affinity sched/core: Fix CPU controller for !RT_GROUP_SCHED x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails x86/apic: Soft disable APIC before initializing it ALSA: hda - Show the fatal CORB/RIRB error more clearly ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() media: iguanair: add sanity checks base: soc: Export soc_device_register/unregister APIs ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid ia64:unwind: fix double free for mod->arch.init_unw_table EDAC/altera: Use the proper type for the IRQ status bits md: don't call spare_active in md_reap_sync_thread if all member devices can't work md: don't set In_sync if array is frozen efi: cper: print AER info of PCIe fatal error media: gspca: zero usb_buf on error dmaengine: iop-adma: use correct printk format strings media: omap3isp: Don't set streaming state on random subdevs net: lpc-enet: fix printk format strings ARM: dts: imx7d: cl-som-imx7: make ethernet work again media: radio/si470x: kill urb on error media: hdpvr: add terminating 0 at end of string media: dvb-core: fix a memory leak bug PM / devfreq: passive: Use non-devm notifiers PM / devfreq: exynos-bus: Correct clock enable sequence media: saa7146: add cleanup in hexium_attach() media: cpia2_usb: fix memory leaks media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() media: ov9650: add a sanity check ACPI / CPPC: do not require the _PSD method arm64: kpti: ensure patched kernel text is fetched from PoU nvmet: fix data units read and written counters in SMART log iommu/amd: Silence warnings under memory pressure libtraceevent: Change users plugin directory ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks ACPI: custom_method: fix memory leaks ACPI / PCI: fix acpi_pci_irq_enable() memory leak hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' md/raid1: fail run raid1 array when active disk less than one dmaengine: ti: edma: Do not reset reserved paRAM slots kprobes: Prohibit probing on BUG() and WARN() address s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set mmc: sdhci: Fix incorrect switch to HS mode libertas: Add missing sentinel at end of if_usb.c fw_table e1000e: add workaround for possible stalled packet drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type media: omap3isp: Set device on omap3isp subdevs PM / devfreq: passive: fix compiler warning ALSA: firewire-tascam: handle error code when getting current source of clock ALSA: firewire-tascam: check intermediate state of clock status and retry IB/hfi1: Define variables as unsigned long to fix KASAN warning printk: remove games with previous record flags printk: Do not lose last line in kmsg buffer dump fuse: fix missing unlock_page in fuse_writepage() parisc: Disable HP HSC-PCI Cards to prevent kernel crash KVM: x86: always stop emulation on page fault KVM: x86: set ctxt->have_exception in x86_decode_insn() KVM: x86: Manually calculate reserved bits when loading PDPTRS media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table ASoC: Intel: NHLT: Fix debug print format ASoC: Intel: Fix use of potentially uninitialized variable ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP regulator: Defer init completion for a while after late_initcall memcg, kmem: do not fail __GFP_NOFAIL charges ovl: filter of trusted xattr results in audit Btrfs: fix use-after-free when using the tree modification log btrfs: Relinquish CPUs in btrfs_compare_trees md/raid6: Set R5_ReadError when there is read failure on parity disk cfg80211: Purge frame registrations on iftype change /dev/mem: Bail out upon SIGKILL. ext4: fix warning inside ext4_convert_unwritten_extents_endio ext4: fix punch hole for inline_data file systems quota: fix wrong condition in is_quota_modification() hwrng: core - don't wait on add_early_randomness() i2c: riic: Clear NACK in tend isr CIFS: fix max ea value size CIFS: Fix oplock handling for SMB 2.1+ protocols btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item Btrfs: fix race setting up and completing qgroup rescan workers Linux 4.9.195 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Thadeu Lima de Souza Cascardo
|
65b7a5a36a |
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
commit f18ddc13af981ce3c7b7f26925f099e7c6929aba upstream.
ENOTSUPP is not supposed to be returned to userspace. This was found on an
OpenPower machine, where the RTC does not support set_alarm.
On that system, a clock_nanosleep(CLOCK_REALTIME_ALARM, ...) results in
"524 Unknown error 524"
Replace it with EOPNOTSUPP which results in the expected "95 Operation not
supported" error.
Fixes:
|
||
|
Linux Build Service Account
|
9799cdc216 |
Merge "Merge android-4.9.186 (cd46375) into msm-4.9"
|
||
|
Prasad Sodagudi
|
a84e7ded82 |
kernel: time: Add delay after cpu_relax() in tight loops
Tight loops of spin_lock_irqsave() and spin_unlock_irqrestore() in timer and hrtimer are causing scheduling delays. Add delay of few nano seconds after cpu_relax in the timer/hrtimer tight loops. Change-Id: Iaa0ab92da93f7b245b1d922b6edca2bebdc0fbce Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org> Signed-off-by: Chetan C R <cravin@codeaurora.org> |
||
|
jianzhou
|
31d65a6aa1 |
Merge android-4.9.183 (a80a7ab) into msm-4.9
* refs/heads/tmp-a80a7ab: Linux 4.9.183 Abort file_remove_privs() for non-reg. files mlxsw: spectrum: Prevent force of 56G scsi: libsas: delete sas port if expander discover failed scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list ia64: fix build errors by exporting paddr_to_nid() perf record: Fix s390 missing module symbol and warning for non-root users perf data: Fix 'strncat may truncate' build failure with recent gcc configfs: Fix use-after-free when accessing sd->s_dentry i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() gpio: fix gpio-adp5588 build errors perf/ring_buffer: Add ordering to rb->nest increment perf/ring_buffer: Fix exposing a temporarily decreased data_head x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor mISDN: make sure device name is NUL terminated selftests: netfilter: missing error check when setting up veth interface perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints Revert "staging: vc04_services: prevent integer overflow in create_pagelist()" sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg neigh: fix use-after-free read in pneigh_get_next lapb: fixed leak of control-blocks. ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero be2net: Fix number of Rx queues used for flow hashing ax25: fix inconsistent lock state in ax25_destroy_timer rtc: pcf8523: don't return invalid date when battery is low USB: serial: option: add Telit 0x1260 and 0x1261 compositions USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode USB: serial: pl2303: add Allied Telesis VT-Kit3 USB: usb-storage: Add new ID to ums-realtek USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. usb: dwc2: Fix DMA cache alignment issues drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION KVM: x86/pmu: do not mask the value that is written to fixed PMUs usbnet: ipheth: fix racing condition selftests/timers: Add missing fflush(stdout) calls scsi: bnx2fc: fix incorrect cast to u64 on shift operation arm64/mm: Inhibit huge-vmap with ptdump scsi: lpfc: add check for loss of ndlp when sending RRQ Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex" ALSA: seq: Fix race of get-subscription call vs port-delete ioctls ALSA: seq: Protect in-kernel ioctl calls with mutex x86/uaccess, kcov: Disable stack protector ASoC: fsl_asrc: Fix the issue about unsupported rate ASoC: cs42xx8: Add regcache mask dirty cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() bcache: fix stack corruption by PRECEDING_KEY() i2c: acorn: fix i2c warning media: v4l2-ioctl: clear fields in s_parm ptrace: restore smp_rmb() in __ptrace_may_access() signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO fs/ocfs2: fix race in ocfs2_dentry_attach_lock() mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk ALSA: oxfw: allow PCM capture for Stanton SCS.1m ALSA: seq: Cover unsubscribe_port() in list_mutex Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" ARM: exynos: Fix undefined instruction during Exynos5422 resume pwm: Fix deadlock warning when removing PWM device ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: tiehrpwm: Update shadow register for disabling PWMs dmaengine: idma64: Use actual device for DMA transfers gpio: gpio-omap: add check for off wake capable gpios PCI: xilinx: Check for __get_free_pages() failure video: imsttfb: fix potential NULL pointer dereferences video: hgafb: fix potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling PCI: rcar: Fix a potential NULL pointer dereference platform/x86: intel_pmc_ipc: adding error handling PCI: rpadlpar: Fix leaked device_node references in add/remove paths ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher platform/chrome: cros_ec_proto: check for NULL transfer function x86/PCI: Fix PCI IRQ routing table memory leak nfsd: allow fh_want_write to be called twice fuse: retrieve: cap requested size to negotiated max_write nvmem: core: fix read buffer in place ALSA: hda - Register irq handler after the chip initialization iommu/vt-d: Set intel_iommu_gfx_mapped correctly watchdog: fix compile time error of pretimeout governors watchdog: imx2_wdt: Fix set_timeout for big timeout values uml: fix a boot splat wrt use of cpu_all_mask configfs: fix possible use-after-free in configfs_register_group f2fs: fix to do sanity check on valid block count of segment f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to avoid panic in do_recover_data() ntp: Allow TAI-UTC offset to be set to zero pwm: meson: Use the spin-lock only to protect register modifications objtool: Don't use ignore flag for fake jumps drm/bridge: adv7511: Fix low refresh rate selection perf/x86/intel: Allow PEBS multi-entry in watermark mode mfd: twl6040: Fix device init errors for ACCCTL register mfd: intel-lpss: Set the device in reset state when init mfd: tps65912-spi: Add missing of table registration drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER kernel/sys.c: prctl: fix false positive in validate_prctl_map() mm/slab.c: fix an infinite loop in leaks_show() mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE hugetlbfs: on restore reserve error path retain subpool reservation ARM: prevent tracing IPI_CPU_BACKTRACE ipc: prevent lockup on alloc_msg and free_msg sysctl: return -EINVAL if val violates minmax fs/fat/file.c: issue flush after the writeback of FAT rapidio: fix a NULL pointer dereference when create_workqueue() fails ANDROID: kernel: cgroup: cpuset: Clear cpus_requested for empty buf ANDROID: kernel: cgroup: cpuset: Add missing allocation of cpus_requested in alloc_trial_cpuset mm: memcontrol: fix NULL pointer crash in test_clear_page_writeback() Change-Id: I770e617e5d63461d0e9a8ff3a9bc94af8e6a4966 Signed-off-by: jianzhou <jianzhou@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
0eb90dd8f7 |
Merge 4.9.187 into android-4.9-q
Changes in 4.9.187
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
dmaengine: imx-sdma: fix use-after-free on probe error path
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
crypto: talitos - fix skcipher failure due to wrong output IV
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
media: media_device_enum_links32: clean a reserved field
net: stmmac: dwmac1000: Clear unused address entries
net: stmmac: dwmac4/5: Clear unused address entries
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
media: mc-device.c: don't memset __user pointer contents
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
crypto: talitos - properly handle split ICV.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
tua6100: Avoid build warnings.
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
cpupower : frequency-set -r option misses the last cpu in related cpu list
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
perf test 6: Fix missing kvm module load for s390
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
rcu: Force inlining of rcu_read_lock()
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
xfrm: fix sa selector validation
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
ipoib: correcly show a VF hardware address
EDAC/sysfs: Fix memory leak when creating a csrow object
ipsec: select crypto ciphers for xfrm_algo
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: increment sequence offset for the last returned frame
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ath10k: fix PCIE device wake up failed
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
libata: don't request sense data on !ZAC ATA devices
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
crypto: asymmetric_keys - select CRYPTO_HASH where needed
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
iwlwifi: mvm: Drop large non sta frames
net: usb: asix: init MAC address buffers
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: validate BLE connection interval updates
gtp: fix Illegal context switch in RCU read-side critical section.
gtp: fix use-after-free in gtp_newlink()
xen: let alloc_xenballooned_pages() fail if not enough memory free
scsi: NCR5380: Reduce goto statements in NCR5380_select()
scsi: NCR5380: Always re-enable reselection interrupt
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
Input: gtco - bounds check collection indent level
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
arm64: tegra: Update Jetson TX1 GPU regulator timings
iwlwifi: pcie: don't service an interrupt that was masked
tracing/snapshot: Resize spare buffer if size changed
NFSv4: Handle the special Linux file open access mode
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ALSA: seq: Break too long mutex context in the write loop
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
arm64: tegra: Fix AGIC register range
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
9p/virtio: Add cleanup path in p9_virtio_init
PCI: Do not poll for PME if the device is in D3cold
Btrfs: add missing inode version, ctime and mtime updates when punching hole
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
take floppy compat ioctls to sodding floppy.c
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
coda: pass the host file in vma->vm_file on mmap
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
crypto: ccp - Validate the the error value used to index error messages
PCI: hv: Delete the device earlier from hbus->children for hot-remove
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
um: Allow building and running on older hosts
um: Fix FP register size for XSTATE/XSAVE
parisc: Ensure userspace privilege for ptraced processes in regset functions
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
eCryptfs: fix a couple type promotion bugs
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
dm bufio: fix deadlock with loop device
compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
compiler.h: Add read_word_at_a_time() function.
lib/strscpy: Shut up KASAN false-positives in strscpy()
ext4: allow directory holes
bnx2x: Prevent load reordering in tx completion processing
bnx2x: Prevent ptp_task to be rescheduled indefinitely
caif-hsi: fix possible deadlock in cfhsi_exit_module()
igmp: fix memory leak in igmpv3_del_delrec()
ipv4: don't set IPv6 only flags to IPv4 addresses
net: bcmgenet: use promisc for unsupported filters
net: dsa: mv88e6xxx: wait after reset deactivation
net: neigh: fix multiple neigh timer scheduling
net: openvswitch: fix csum updates for MPLS actions
nfc: fix potential illegal memory access
rxrpc: Fix send on a connected, but unbound socket
sky2: Disable MSI on ASUS P6T
vrf: make sure skb->data contains ip header to make routing
macsec: fix use-after-free of skb during RX
macsec: fix checksumming after decryption
netrom: fix a memory leak in nr_rx_frame()
netrom: hold sock when setting skb->destructor
bonding: validate ip header before check IPPROTO_IGMP
tcp: Reset bytes_acked and bytes_received when disconnecting
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: stp: don't cache eth dest pointer before skb pull
perf/x86/amd/uncore: Rename 'L2' to 'LLC'
perf/x86/amd/uncore: Get correct number of cores sharing last level cache
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
NFSv4: Fix open create exclusive when the server reboots
nfsd: increase DRC cache limit
nfsd: give out fewer session slots as limit approaches
nfsd: fix performance-limiting session calculation
nfsd: Fix overflow causing non-working mounts on 1 TB machines
drm/panel: simple: Fix panel_simple_dsi_probe
usb: core: hub: Disable hub-initiated U1/U2
tty: max310x: Fix invalid baudrate divisors calculator
pinctrl: rockchip: fix leaked of_node references
tty: serial: cpm_uart - fix init when SMC is relocated
drm/bridge: tc358767: read display_props in get_modes()
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
memstick: Fix error cleanup path of memstick_init
tty/serial: digicolor: Fix digicolor-usart already registered warning
tty: serial: msm_serial: avoid system lockup condition
serial: 8250: Fix TX interrupt handling condition
drm/virtio: Add memory barriers for capset cache.
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/rockchip: Properly adjust to a true clock in adjusted_mode
tty: serial_core: Set port active bit in uart_port_activate
usb: gadget: Zero ffs_io_data
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
PCI: sysfs: Ignore lockdep for remove attribute
kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
PCI: xilinx-nwl: Fix Multi MSI data programming
iio: iio-utils: Fix possible incorrect mask calculation
recordmcount: Fix spurious mcount entries on powerpc
mfd: core: Set fwnode for created devices
mfd: arizona: Fix undefined behavior
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
um: Silence lockdep complaint about mmap_sem
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
RDMA/i40iw: Set queue pair state when being queried
serial: sh-sci: Terminate TX DMA during buffer flushing
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
kallsyms: exclude kasan local symbols on s390
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
f2fs: avoid out-of-range memory access
mailbox: handle failed named mailbox channel request
powerpc/eeh: Handle hugepages in ioremap space
sh: prevent warnings when using iounmap
mm/kmemleak.c: fix check for softirq context
9p: pass the correct prototype to read_cache_page
mm/mmu_notifier: use hlist_add_head_rcu()
locking/lockdep: Fix lock used or unused stats error
locking/lockdep: Hide unused 'class' variable
usb: wusbcore: fix unbalanced get/put cluster_id
usb: pci-quirks: Correct AMD PLL quirk detection
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/speculation/mds: Apply more accurate check on hypervisor platform
hpet: Fix division by zero in hpet_time_div()
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
ALSA: hda - Add a conexant codec entry to let mute led work
powerpc/tm: Fix oops on sigreturn on systems without TM
access: avoid the RCU grace period for the temporary subjective credentials
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
tcp: reset sk_send_head in tcp_write_queue_purge
arm64: dts: marvell: Fix A37xx UART0 register size
i2c: qup: fixed releasing dma without flush operation completion
arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
ISDN: hfcsusb: checking idx of ep configuration
media: au0828: fix null dereference in error path
media: cpia2_usb: first wake up, then free in disconnect
media: radio-raremono: change devm_k*alloc to k*alloc
Bluetooth: hci_uart: check for missing tty operations
sched/fair: Don't free p->numa_faults with concurrent readers
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
ceph: hold i_ceph_lock when removing caps for freeing inode
Linux 4.9.187
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
fabc071c7d |
Merge 4.9.187 into android-4.9
Changes in 4.9.187
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
dmaengine: imx-sdma: fix use-after-free on probe error path
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
crypto: talitos - fix skcipher failure due to wrong output IV
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
media: media_device_enum_links32: clean a reserved field
net: stmmac: dwmac1000: Clear unused address entries
net: stmmac: dwmac4/5: Clear unused address entries
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
media: mc-device.c: don't memset __user pointer contents
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
crypto: talitos - properly handle split ICV.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
tua6100: Avoid build warnings.
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
cpupower : frequency-set -r option misses the last cpu in related cpu list
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
perf test 6: Fix missing kvm module load for s390
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
rcu: Force inlining of rcu_read_lock()
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
xfrm: fix sa selector validation
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
ipoib: correcly show a VF hardware address
EDAC/sysfs: Fix memory leak when creating a csrow object
ipsec: select crypto ciphers for xfrm_algo
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: increment sequence offset for the last returned frame
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ath10k: fix PCIE device wake up failed
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
libata: don't request sense data on !ZAC ATA devices
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
crypto: asymmetric_keys - select CRYPTO_HASH where needed
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
iwlwifi: mvm: Drop large non sta frames
net: usb: asix: init MAC address buffers
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: 6lowpan: search for destination address in all peers
Bluetooth: Check state in l2cap_disconnect_rsp
Bluetooth: validate BLE connection interval updates
gtp: fix Illegal context switch in RCU read-side critical section.
gtp: fix use-after-free in gtp_newlink()
xen: let alloc_xenballooned_pages() fail if not enough memory free
scsi: NCR5380: Reduce goto statements in NCR5380_select()
scsi: NCR5380: Always re-enable reselection interrupt
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
Input: gtco - bounds check collection indent level
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
arm64: tegra: Update Jetson TX1 GPU regulator timings
iwlwifi: pcie: don't service an interrupt that was masked
tracing/snapshot: Resize spare buffer if size changed
NFSv4: Handle the special Linux file open access mode
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ALSA: seq: Break too long mutex context in the write loop
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
arm64: tegra: Fix AGIC register range
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
9p/virtio: Add cleanup path in p9_virtio_init
PCI: Do not poll for PME if the device is in D3cold
Btrfs: add missing inode version, ctime and mtime updates when punching hole
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
take floppy compat ioctls to sodding floppy.c
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
coda: pass the host file in vma->vm_file on mmap
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
crypto: ccp - Validate the the error value used to index error messages
PCI: hv: Delete the device earlier from hbus->children for hot-remove
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
um: Allow building and running on older hosts
um: Fix FP register size for XSTATE/XSAVE
parisc: Ensure userspace privilege for ptraced processes in regset functions
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
eCryptfs: fix a couple type promotion bugs
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
dm bufio: fix deadlock with loop device
compiler.h, kasan: Avoid duplicating __read_once_size_nocheck()
compiler.h: Add read_word_at_a_time() function.
lib/strscpy: Shut up KASAN false-positives in strscpy()
ext4: allow directory holes
bnx2x: Prevent load reordering in tx completion processing
bnx2x: Prevent ptp_task to be rescheduled indefinitely
caif-hsi: fix possible deadlock in cfhsi_exit_module()
igmp: fix memory leak in igmpv3_del_delrec()
ipv4: don't set IPv6 only flags to IPv4 addresses
net: bcmgenet: use promisc for unsupported filters
net: dsa: mv88e6xxx: wait after reset deactivation
net: neigh: fix multiple neigh timer scheduling
net: openvswitch: fix csum updates for MPLS actions
nfc: fix potential illegal memory access
rxrpc: Fix send on a connected, but unbound socket
sky2: Disable MSI on ASUS P6T
vrf: make sure skb->data contains ip header to make routing
macsec: fix use-after-free of skb during RX
macsec: fix checksumming after decryption
netrom: fix a memory leak in nr_rx_frame()
netrom: hold sock when setting skb->destructor
bonding: validate ip header before check IPPROTO_IGMP
tcp: Reset bytes_acked and bytes_received when disconnecting
net: bridge: mcast: fix stale nsrcs pointer in igmp3/mld2 report handling
net: bridge: mcast: fix stale ipv6 hdr pointer when handling v6 query
net: bridge: stp: don't cache eth dest pointer before skb pull
perf/x86/amd/uncore: Rename 'L2' to 'LLC'
perf/x86/amd/uncore: Get correct number of cores sharing last level cache
perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
NFSv4: Fix open create exclusive when the server reboots
nfsd: increase DRC cache limit
nfsd: give out fewer session slots as limit approaches
nfsd: fix performance-limiting session calculation
nfsd: Fix overflow causing non-working mounts on 1 TB machines
drm/panel: simple: Fix panel_simple_dsi_probe
usb: core: hub: Disable hub-initiated U1/U2
tty: max310x: Fix invalid baudrate divisors calculator
pinctrl: rockchip: fix leaked of_node references
tty: serial: cpm_uart - fix init when SMC is relocated
drm/bridge: tc358767: read display_props in get_modes()
drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz
memstick: Fix error cleanup path of memstick_init
tty/serial: digicolor: Fix digicolor-usart already registered warning
tty: serial: msm_serial: avoid system lockup condition
serial: 8250: Fix TX interrupt handling condition
drm/virtio: Add memory barriers for capset cache.
phy: renesas: rcar-gen2: Fix memory leak at error paths
drm/rockchip: Properly adjust to a true clock in adjusted_mode
tty: serial_core: Set port active bit in uart_port_activate
usb: gadget: Zero ffs_io_data
powerpc/pci/of: Fix OF flags parsing for 64bit BARs
PCI: sysfs: Ignore lockdep for remove attribute
kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS
PCI: xilinx-nwl: Fix Multi MSI data programming
iio: iio-utils: Fix possible incorrect mask calculation
recordmcount: Fix spurious mcount entries on powerpc
mfd: core: Set fwnode for created devices
mfd: arizona: Fix undefined behavior
mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk
um: Silence lockdep complaint about mmap_sem
powerpc/4xx/uic: clear pending interrupt after irq type/pol change
RDMA/i40iw: Set queue pair state when being queried
serial: sh-sci: Terminate TX DMA during buffer flushing
serial: sh-sci: Fix TX DMA buffer flushing and workqueue races
kallsyms: exclude kasan local symbols on s390
perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning
RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM
powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h
f2fs: avoid out-of-range memory access
mailbox: handle failed named mailbox channel request
powerpc/eeh: Handle hugepages in ioremap space
sh: prevent warnings when using iounmap
mm/kmemleak.c: fix check for softirq context
9p: pass the correct prototype to read_cache_page
mm/mmu_notifier: use hlist_add_head_rcu()
locking/lockdep: Fix lock used or unused stats error
locking/lockdep: Hide unused 'class' variable
usb: wusbcore: fix unbalanced get/put cluster_id
usb: pci-quirks: Correct AMD PLL quirk detection
x86/sysfb_efi: Add quirks for some devices with swapped width and height
x86/speculation/mds: Apply more accurate check on hypervisor platform
hpet: Fix division by zero in hpet_time_div()
ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1
ALSA: hda - Add a conexant codec entry to let mute led work
powerpc/tm: Fix oops on sigreturn on systems without TM
access: avoid the RCU grace period for the temporary subjective credentials
ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
tcp: reset sk_send_head in tcp_write_queue_purge
arm64: dts: marvell: Fix A37xx UART0 register size
i2c: qup: fixed releasing dma without flush operation completion
arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ
ISDN: hfcsusb: checking idx of ep configuration
media: au0828: fix null dereference in error path
media: cpia2_usb: first wake up, then free in disconnect
media: radio-raremono: change devm_k*alloc to k*alloc
Bluetooth: hci_uart: check for missing tty operations
sched/fair: Don't free p->numa_faults with concurrent readers
drivers/pps/pps.c: clear offset flags in PPS_SETPARAMS ioctl
ceph: hold i_ceph_lock when removing caps for freeing inode
Linux 4.9.187
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Nathan Huckleberry
|
8cc6df3db2 |
timer_list: Guard procfs specific code
[ Upstream commit a9314773a91a1d3b36270085246a6715a326ff00 ]
With CONFIG_PROC_FS=n the following warning is emitted:
kernel/time/timer_list.c:361:36: warning: unused variable
'timer_list_sops' [-Wunused-const-variable]
static const struct seq_operations timer_list_sops = {
Add #ifdef guard around procfs specific code.
Signed-off-by: Nathan Huckleberry <nhuck@google.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: john.stultz@linaro.org
Cc: sboyd@kernel.org
Cc: clang-built-linux@googlegroups.com
Link: https://github.com/ClangBuiltLinux/linux/issues/534
Link: https://lkml.kernel.org/r/20190614181604.112297-1-nhuck@google.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Miroslav Lichvar
|
5992cebc83 |
ntp: Limit TAI-UTC offset
[ Upstream commit d897a4ab11dc8a9fda50d2eccc081a96a6385998 ] Don't allow the TAI-UTC offset of the system clock to be set by adjtimex() to a value larger than 100000 seconds. This prevents an overflow in the conversion to int, prevents the CLOCK_TAI clock from getting too far ahead of the CLOCK_REALTIME clock, and it is still large enough to allow leap seconds to be inserted at the maximum rate currently supported by the kernel (once per day) for the next ~270 years, however unlikely it is that someone can survive a catastrophic event which slowed down the rotation of the Earth so much. Reported-by: Weikang shi <swkhack@gmail.com> Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: John Stultz <john.stultz@linaro.org> Cc: Prarit Bhargava <prarit@redhat.com> Cc: Richard Cochran <richardcochran@gmail.com> Cc: Stephen Boyd <sboyd@kernel.org> Link: https://lkml.kernel.org/r/20190618154713.20929-1-mlichvar@redhat.com Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
a0b21f86b2 |
Merge 4.9.183 into android-4.9-q
Changes in 4.9.183 rapidio: fix a NULL pointer dereference when create_workqueue() fails fs/fat/file.c: issue flush after the writeback of FAT sysctl: return -EINVAL if val violates minmax ipc: prevent lockup on alloc_msg and free_msg ARM: prevent tracing IPI_CPU_BACKTRACE hugetlbfs: on restore reserve error path retain subpool reservation mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/slab.c: fix an infinite loop in leaks_show() kernel/sys.c: prctl: fix false positive in validate_prctl_map() drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER mfd: tps65912-spi: Add missing of table registration mfd: intel-lpss: Set the device in reset state when init mfd: twl6040: Fix device init errors for ACCCTL register perf/x86/intel: Allow PEBS multi-entry in watermark mode drm/bridge: adv7511: Fix low refresh rate selection objtool: Don't use ignore flag for fake jumps pwm: meson: Use the spin-lock only to protect register modifications ntp: Allow TAI-UTC offset to be set to zero f2fs: fix to avoid panic in do_recover_data() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to do sanity check on valid block count of segment configfs: fix possible use-after-free in configfs_register_group uml: fix a boot splat wrt use of cpu_all_mask watchdog: imx2_wdt: Fix set_timeout for big timeout values watchdog: fix compile time error of pretimeout governors iommu/vt-d: Set intel_iommu_gfx_mapped correctly ALSA: hda - Register irq handler after the chip initialization nvmem: core: fix read buffer in place fuse: retrieve: cap requested size to negotiated max_write nfsd: allow fh_want_write to be called twice x86/PCI: Fix PCI IRQ routing table memory leak platform/chrome: cros_ec_proto: check for NULL transfer function soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA PCI: rpadlpar: Fix leaked device_node references in add/remove paths platform/x86: intel_pmc_ipc: adding error handling PCI: rcar: Fix a potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling video: hgafb: fix potential NULL pointer dereference video: imsttfb: fix potential NULL pointer dereferences PCI: xilinx: Check for __get_free_pages() failure gpio: gpio-omap: add check for off wake capable gpios dmaengine: idma64: Use actual device for DMA transfers pwm: tiehrpwm: Update shadow register for disabling PWMs ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: Fix deadlock warning when removing PWM device ARM: exynos: Fix undefined instruction during Exynos5422 resume Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" ALSA: seq: Cover unsubscribe_port() in list_mutex ALSA: oxfw: allow PCM capture for Stanton SCS.1m libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node fs/ocfs2: fix race in ocfs2_dentry_attach_lock() signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO ptrace: restore smp_rmb() in __ptrace_may_access() media: v4l2-ioctl: clear fields in s_parm i2c: acorn: fix i2c warning bcache: fix stack corruption by PRECEDING_KEY() cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() ASoC: cs42xx8: Add regcache mask dirty ASoC: fsl_asrc: Fix the issue about unsupported rate x86/uaccess, kcov: Disable stack protector ALSA: seq: Protect in-kernel ioctl calls with mutex ALSA: seq: Fix race of get-subscription call vs port-delete ioctls Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex" Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var scsi: lpfc: add check for loss of ndlp when sending RRQ arm64/mm: Inhibit huge-vmap with ptdump scsi: bnx2fc: fix incorrect cast to u64 on shift operation selftests/timers: Add missing fflush(stdout) calls usbnet: ipheth: fix racing condition KVM: x86/pmu: do not mask the value that is written to fixed PMUs KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() usb: dwc2: Fix DMA cache alignment issues USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. USB: usb-storage: Add new ID to ums-realtek USB: serial: pl2303: add Allied Telesis VT-Kit3 USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode USB: serial: option: add Telit 0x1260 and 0x1261 compositions rtc: pcf8523: don't return invalid date when battery is low ax25: fix inconsistent lock state in ax25_destroy_timer be2net: Fix number of Rx queues used for flow hashing ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero lapb: fixed leak of control-blocks. neigh: fix use-after-free read in pneigh_get_next sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg Revert "staging: vc04_services: prevent integer overflow in create_pagelist()" perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints selftests: netfilter: missing error check when setting up veth interface mISDN: make sure device name is NUL terminated x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor perf/ring_buffer: Fix exposing a temporarily decreased data_head perf/ring_buffer: Add ordering to rb->nest increment gpio: fix gpio-adp5588 build errors net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr configfs: Fix use-after-free when accessing sd->s_dentry perf data: Fix 'strncat may truncate' build failure with recent gcc perf record: Fix s390 missing module symbol and warning for non-root users ia64: fix build errors by exporting paddr_to_nid() KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask scsi: libsas: delete sas port if expander discover failed mlxsw: spectrum: Prevent force of 56G Abort file_remove_privs() for non-reg. files Linux 4.9.183 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
a80a7ab5f7 |
Merge 4.9.183 into android-4.9
Changes in 4.9.183 rapidio: fix a NULL pointer dereference when create_workqueue() fails fs/fat/file.c: issue flush after the writeback of FAT sysctl: return -EINVAL if val violates minmax ipc: prevent lockup on alloc_msg and free_msg ARM: prevent tracing IPI_CPU_BACKTRACE hugetlbfs: on restore reserve error path retain subpool reservation mem-hotplug: fix node spanned pages when we have a node with only ZONE_MOVABLE mm/cma.c: fix crash on CMA allocation if bitmap allocation fails mm/cma_debug.c: fix the break condition in cma_maxchunk_get() mm/slab.c: fix an infinite loop in leaks_show() kernel/sys.c: prctl: fix false positive in validate_prctl_map() drivers: thermal: tsens: Don't print error message on -EPROBE_DEFER mfd: tps65912-spi: Add missing of table registration mfd: intel-lpss: Set the device in reset state when init mfd: twl6040: Fix device init errors for ACCCTL register perf/x86/intel: Allow PEBS multi-entry in watermark mode drm/bridge: adv7511: Fix low refresh rate selection objtool: Don't use ignore flag for fake jumps pwm: meson: Use the spin-lock only to protect register modifications ntp: Allow TAI-UTC offset to be set to zero f2fs: fix to avoid panic in do_recover_data() f2fs: fix to clear dirty inode in error path of f2fs_iget() f2fs: fix to do sanity check on valid block count of segment configfs: fix possible use-after-free in configfs_register_group uml: fix a boot splat wrt use of cpu_all_mask watchdog: imx2_wdt: Fix set_timeout for big timeout values watchdog: fix compile time error of pretimeout governors iommu/vt-d: Set intel_iommu_gfx_mapped correctly ALSA: hda - Register irq handler after the chip initialization nvmem: core: fix read buffer in place fuse: retrieve: cap requested size to negotiated max_write nfsd: allow fh_want_write to be called twice x86/PCI: Fix PCI IRQ routing table memory leak platform/chrome: cros_ec_proto: check for NULL transfer function soc: mediatek: pwrap: Zero initialize rdata in pwrap_init_cipher clk: rockchip: Turn on "aclk_dmac1" for suspend on rk3288 ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ahb" clock to SDMA ARM: dts: imx7d: Specify IMX7D_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6ul: Specify IMX6UL_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6sx: Specify IMX6SX_CLK_IPG as "ipg" clock to SDMA ARM: dts: imx6qdl: Specify IMX6QDL_CLK_IPG as "ipg" clock to SDMA PCI: rpadlpar: Fix leaked device_node references in add/remove paths platform/x86: intel_pmc_ipc: adding error handling PCI: rcar: Fix a potential NULL pointer dereference PCI: rcar: Fix 64bit MSI message address handling video: hgafb: fix potential NULL pointer dereference video: imsttfb: fix potential NULL pointer dereferences PCI: xilinx: Check for __get_free_pages() failure gpio: gpio-omap: add check for off wake capable gpios dmaengine: idma64: Use actual device for DMA transfers pwm: tiehrpwm: Update shadow register for disabling PWMs ARM: dts: exynos: Always enable necessary APIO_1V8 and ABB_1V8 regulators on Arndale Octa pwm: Fix deadlock warning when removing PWM device ARM: exynos: Fix undefined instruction during Exynos5422 resume Revert "Bluetooth: Align minimum encryption key size for LE and BR/EDR connections" ALSA: seq: Cover unsubscribe_port() in list_mutex ALSA: oxfw: allow PCM capture for Stanton SCS.1m libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node fs/ocfs2: fix race in ocfs2_dentry_attach_lock() signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO ptrace: restore smp_rmb() in __ptrace_may_access() media: v4l2-ioctl: clear fields in s_parm i2c: acorn: fix i2c warning bcache: fix stack corruption by PRECEDING_KEY() cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() ASoC: cs42xx8: Add regcache mask dirty ASoC: fsl_asrc: Fix the issue about unsupported rate x86/uaccess, kcov: Disable stack protector ALSA: seq: Protect in-kernel ioctl calls with mutex ALSA: seq: Fix race of get-subscription call vs port-delete ioctls Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex" Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var scsi: lpfc: add check for loss of ndlp when sending RRQ arm64/mm: Inhibit huge-vmap with ptdump scsi: bnx2fc: fix incorrect cast to u64 on shift operation selftests/timers: Add missing fflush(stdout) calls usbnet: ipheth: fix racing condition KVM: x86/pmu: do not mask the value that is written to fixed PMUs KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define() usb: dwc2: Fix DMA cache alignment issues USB: Fix chipmunk-like voice when using Logitech C270 for recording audio. USB: usb-storage: Add new ID to ums-realtek USB: serial: pl2303: add Allied Telesis VT-Kit3 USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode USB: serial: option: add Telit 0x1260 and 0x1261 compositions rtc: pcf8523: don't return invalid date when battery is low ax25: fix inconsistent lock state in ax25_destroy_timer be2net: Fix number of Rx queues used for flow hashing ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero lapb: fixed leak of control-blocks. neigh: fix use-after-free read in pneigh_get_next sunhv: Fix device naming inconsistency between sunhv_console and sunhv_reg Revert "staging: vc04_services: prevent integer overflow in create_pagelist()" perf/x86/intel/ds: Fix EVENT vs. UEVENT PEBS constraints selftests: netfilter: missing error check when setting up veth interface mISDN: make sure device name is NUL terminated x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor perf/ring_buffer: Fix exposing a temporarily decreased data_head perf/ring_buffer: Add ordering to rb->nest increment gpio: fix gpio-adp5588 build errors net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() i2c: dev: fix potential memory leak in i2cdev_ioctl_rdwr configfs: Fix use-after-free when accessing sd->s_dentry perf data: Fix 'strncat may truncate' build failure with recent gcc perf record: Fix s390 missing module symbol and warning for non-root users ia64: fix build errors by exporting paddr_to_nid() KVM: PPC: Book3S: Use new mutex to synchronize access to rtas token list KVM: PPC: Book3S HV: Don't take kvm->lock around kvm_for_each_vcpu net: sh_eth: fix mdio access in sh_eth_close() for R-Car Gen2 and RZ/A1 SoCs scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask scsi: libsas: delete sas port if expander discover failed mlxsw: spectrum: Prevent force of 56G Abort file_remove_privs() for non-reg. files Linux 4.9.183 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Miroslav Lichvar
|
5ab0886e03 |
ntp: Allow TAI-UTC offset to be set to zero
[ Upstream commit fdc6bae940ee9eb869e493990540098b8c0fd6ab ]
The ADJ_TAI adjtimex mode sets the TAI-UTC offset of the system clock.
It is typically set by NTP/PTP implementations and it is automatically
updated by the kernel on leap seconds. The initial value is zero (which
applications may interpret as unknown), but this value cannot be set by
adjtimex. This limitation seems to go back to the original "nanokernel"
implementation by David Mills.
Change the ADJ_TAI check to accept zero as a valid TAI-UTC offset in
order to allow setting it back to the initial value.
Fixes:
|
||
|
jianzhou
|
b82a5df2dc |
Merge android-4.9.165 (72b54df) into msm-4.9
* refs/heads/tmp-72b54df: Linux 4.9.165 KVM: X86: Fix residual mmio emulation request to userspace KVM: nVMX: Ignore limit checks on VMX instructions using flat segments KVM: nVMX: Sign extend displacements of VMX instr's mem operands drm/radeon/evergreen_cs: fix missing break in switch statement media: uvcvideo: Avoid NULL pointer dereference at the end of streaming rcu: Do RCU GP kthread self-wakeup from softirq and interrupt md: Fix failed allocation of md_register_thread perf intel-pt: Fix divide by zero when TSC is not available perf intel-pt: Fix overlap calculation for padding perf auxtrace: Define auxtrace record alignment perf intel-pt: Fix CYC timestamp calculation after OVF bcache: never writeback a discard operation PM / wakeup: Rework wakeup source timer cancellation nfsd: fix wrong check in write_v4_end_grace() nfsd: fix memory corruption caused by readdir NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() NFS: Fix an I/O request leakage in nfs_do_recoalesce NFS: Fix I/O request leakages dm: fix to_sector() for 32bit ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest powerpc/83xx: Also save/restore SPRG4-7 during suspend powerpc/powernv: Make opal log only readable by root powerpc/wii: properly disable use of BATs when requested. powerpc/32: Clear on-stack exception marker upon exception return jbd2: fix compile warning when using JBUFFER_TRACE jbd2: clear dirty flag when revoking a buffer from an older transaction serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() serial: 8250_pci: Fix number of ports for ACCES serial cards 8250: FIX Fourth port offset of Pericom PI7C9X7954 boards serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO drm/i915: Relax mmap VMA check i2c: tegra: fix maximum transfer size parport_pc: fix find_superio io compare code, should use equal test. intel_th: Don't reference unassigned outputs device property: Fix the length used in PROPERTY_ENTRY_STRING() kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv mm/vmalloc: fix size check for remap_vmalloc_range_partial() mm: hwpoison: fix thp split handing in soft_offline_in_use_page() nfit: acpi_nfit_ctl(): Check out_obj->type in the right place clk: ingenic: Fix doc of ingenic_cgu_div_info clk: ingenic: Fix round_rate misbehaving with non-integer dividers clk: clk-twl6040: Fix imprecise external abort for pdmclk ext2: Fix underflow in ext2_max_size() ext4: fix crash during online resizing cpufreq: pxa2xx: remove incorrect __init annotation cpufreq: tegra124: add missing of_node_put() libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer crypto: pcbc - remove bogus memcpy()s with src == dest Btrfs: fix corruption reading shared and compressed extents after hole punching btrfs: ensure that a DUP or RAID1 block group has exactly two stripes m68k: Add -ffreestanding to CFLAGS splice: don't merge into linked buffers fs/devpts: always delete dcache dentry-s in dput() scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock scsi: sd: Optimal I/O size should be a multiple of physical block size scsi: virtio_scsi: don't send sc payload with tmfs s390/virtio: handle find on invalid queue gracefully clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR regulator: s2mpa01: Fix step values for some LDOs regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 spi: pxa2xx: Setup maximum supported DMA transfer length spi: ti-qspi: Fix mmap read when more than one CS in use ACPI / device_sysfs: Avoid OF modalias creation for removed device tracing: Do not free iter->trace in fail path of tracing_open_pipe() tracing: Use strncpy instead of memcpy for string keys in hist triggers CIFS: Fix read after write for files with read caching CIFS: Do not reset lease state to NONE on lease break crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails libnvdimm: Fix altmap reservation size calculation libnvdimm/pmem: Honor force_raw for legacy pmem regions libnvdimm/label: Clear 'updating' flag after label-set update stm class: Prevent division by zero tmpfs: fix uninitialized return value in shmem_link net: set static variable an initial value in atl2_probe() nfp: bpf: fix ALU32 high bits clearance bug nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K net: thunderx: make CFG_DONE message to run through generic send-ack sequence mac80211_hwsim: propagate genlmsg_reply return code phonet: fix building with clang ARC: uacces: remove lp_start, lp_end from clobber list ARCv2: lib: memcpy: fix doing prefetchw outside of buffer tmpfs: fix link accounting when a tmpfile is linked in net: marvell: mvneta: fix DMA debug warning arm64: Relax GIC version check during early boot ASoC: topology: free created components in tplg load error net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() qmi_wwan: apply SET_DTR quirk to Sierra WP7607 pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins net: systemport: Fix reception of BPDUs scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task assoc_array: Fix shortcut creation ARM: 8824/1: fix a migrating irq bug when hotplug cpu clk: sunxi: A31: Fix wrong AHB gate number Input: st-keyscan - fix potential zalloc NULL dereference i2c: cadence: Fix the hold bit setting net: hns: Fix object reference leaks in hns_dsaf_roce_reset() mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs mm/gup: fix gup_pmd_range() for dax floppy: check_events callback should not return a negative number Input: matrix_keypad - use flush_delayed_work() Input: cap11xx - switch to using set_brightness_blocking() ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized s390/dasd: fix using offset into zero size array error gpu: ipu-v3: Fix CSI offsets for imx53 gpu: ipu-v3: Fix i.MX51 CSI control registers offset crypto: ahash - fix another early termination in hash walk crypto: caam - fixed handling of sg list stm class: Fix an endless loop in channel allocation iio: adc: exynos-adc: Fix NULL pointer exception on unbind ASoC: fsl_esai: fix register setting issue in RIGHT_J mode 9p/net: fix memory leak in p9_client_create 9p: use inode->i_lock to protect i_size_write() under 32-bit media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() FROMLIST: psi: introduce psi monitor FROMLIST: refactor header includes to allow kthread.h inclusion in psi_types.h FROMLIST: psi: track changed states FROMLIST: psi: split update_stats into parts FROMLIST: psi: rename psi fields in preparation for psi trigger addition FROMLIST: psi: make psi_enable static FROMLIST: psi: introduce state_mask to represent stalled psi states ANDROID: cuttlefish_defconfig: Enable CONFIG_PSI BACKPORT: kernel: cgroup: add poll file operation BACKPORT: fs: kernfs: add poll file operation UPSTREAM: psi: avoid divide-by-zero crash inside virtual machines UPSTREAM: psi: clarify the Kconfig text for the default-disable option UPSTREAM: psi: fix aggregation idle shut-off UPSTREAM: cgroup add cftype->open/release() callbacks UPSTREAM: kernfs: Check KERNFS_HAS_RELEASE before calling kernfs_release_file() UPSTREAM: kernfs: fix locking around kernfs_ops->release() callback UPSTREAM: kernfs: add kernfs_ops->open/release() callbacks UPSTREAM: psi: fix reference to kernel commandline enable BACKPORT: psi: make disabling/enabling easier for vendor kernels UPSTREAM: kernel/sched/psi.c: simplify cgroup_move_task() BACKPORT: psi: cgroup support UPSTREAM: psi: pressure stall information for CPU, memory, and IO BACKPORT: sched: introduce this_rq_lock_irq() BACKPORT: sched: sched.h: make rq locking and clock functions available in stats.h UPSTREAM: sched: loadavg: make calc_load_n() public UPSTREAM: sched: loadavg: consolidate LOAD_INT, LOAD_FRAC, CALC_LOAD BACKPORT: delayacct: track delays from thrashing cache pages BACKPORT: mm: workingset: tell cache transitions from workingset thrashing BACKPORT: cgroup: misc changes UPSTREAM: sched/headers: Remove <linux/sched.h> from <linux/sched/loadavg.h> UPSTREAM: sched/headers: Move loadavg related definitions from <linux/sched.h> to <linux/sched/loadavg.h> UPSTREAM: sched/headers, delayacct: Move the 'struct task_delay_info' definition from <linux/sched.h> to <linux/delayacct.h> UPSTREAM: sched/headers: Prepare for new header dependencies before moving code to <linux/sched/loadavg.h> BACKPORT: sched/core: Add wrappers for lockdep_(un)pin_lock() UPSTREAM: Avoid page waitqueue race leaving possible page locker waiting UPSTREAM: mm: add PageWaiters indicating tasks are waiting for a page bit UPSTREAM: workqueue: make workqueue available early during boot ANDROID: ion_dummy_driver: Remove SYSTEM_CONTIG heap ANDROID: ion_dummy_driver: Rework ion_dummy_driver to avoid direct indexing into the heaps ANDROID: ion_dummy_driver: Use IS_ERR_OR_NULL() before destroying heaps ANDROID: sched/fair: fix energy compute when a cluster is only a cpu core in multi-cluster system Conflicts: arch/arm/kernel/irq.c drivers/scsi/sd.c include/linux/cgroup.h include/linux/sched.h kernel/sched/Makefile kernel/sched/core.c mm/page_alloc.c Change-Id: I387345d8f6d2145e2456fbead266c897475dfb4c Signed-off-by: jianzhou <jianzhou@codeaurora.org> |