89c8b27193
https://source.android.com/docs/security/bulletin/2022-12-01
CVE-2022-23960
* tag 'ASB-2022-12-05_4.14-stable' of https://android.googlesource.com/kernel/common:
Linux 4.14.301
Revert "x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"
x86/nospec: Fix i386 RSB stuffing
ipc/sem: Fix dangling sem_array access in semtimedop race
v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
proc: proc_skip_spaces() shouldn't think it is working on C strings
proc: avoid integer type confusion in get_proc_long
mmc: sdhci: Fix voltage switch delay
mmc: sdhci: use FIELD_GET for preset value bit masks
x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
x86/pm: Add enumeration check before spec MSRs save/restore setup
x86/tsx: Add a feature bit for TSX control MSR support
nvme: restrict management ioctls to admin
tcp/udp: Fix memory leak in ipv6_renew_options().
iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
pinctrl: single: Fix potential division by zero
ASoC: ops: Fix bounds check for _sx controls
efi: random: Properly limit the size of the random seed
arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
perf: Add sample_flags to indicate the PMU-filled sample data
hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
hwmon: (coretemp) Check for null before removing sysfs attrs
net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
net: hsr: Fix potential use-after-free
dsa: lan9303: Correct stat name
net/9p: Fix a potential socket leak in p9_socket_open
net: net_netdev: Fix error handling in ntb_netdev_init_module()
net: phy: fix null-ptr-deref while probe() failed
qlcnic: fix sleep-in-atomic-context bugs caused by msleep
can: cc770: cc770_isa_probe(): add missing free_cc770dev()
can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
net/mlx5: Fix uninitialized variable bug in outlen_write()
of: property: decrement node refcount in of_fwnode_get_reference_args()
hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
hwmon: (i5500_temp) fix missing pci_disable_device()
iio: light: rpr0521: add missing Kconfig dependencies
iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
iio: health: afe4403: Fix oob read in afe4403_read_raw
drm/amdgpu: always register an MMU notifier for userptr
net: usb: qmi_wwan: add Telit 0x103a composition
tcp: configurable source port perturb table size
platform/x86: hp-wmi: Ignore Smart Experience App event
platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
xen/platform-pci: add missing free_irq() in error path
serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
kconfig: display recursive dependency resolution hint just once
iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
iio: light: apds9960: fix wrong register for gesture gain
arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
nios2: add FORCE for vmlinuz.gz
s390/crashdump: fix TOD programmable field size
net: thunderx: Fix the ACPI memory leak
nfc: st-nci: fix memory leaks in EVT_TRANSACTION
nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
s390/dasd: fix no record found for raw_track_access
dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
NFC: nci: fix memory leak in nci_rx_data_packet()
xfrm: Fix ignored return value in xfrm6_init()
net/qla3xxx: fix potential memleak in ql3xxx_send()
net/mlx4: Check retval of mlx4_bitmap_init
ARM: mxs: fix memory leak in mxs_machine_init()
9p/fd: fix issue of list_del corruption in p9_fd_cancel()
net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
nfc/nci: fix race with opening and closing
ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
bus: sunxi-rsb: Support atomic transfers
ARM: dts: am335x-pcm-953: Define fixed regulators in root node
af_key: Fix send_acquire race with pfkey_register
MIPS: pic32: treat port as signed integer
spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
wifi: mac80211: Fix ack frame idr leak when mesh has no route
audit: fix undefined behavior in bit shift for AUDIT_BIT
wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
Linux 4.14.300
ntfs: check overflow when iterating ATTR_RECORDs
ntfs: fix out-of-bounds read in ntfs_attr_find()
ntfs: fix use-after-free in ntfs_attr_find()
mm: fs: initialize fsdata passed to write_begin/write_end interface
9p/trans_fd: always use O_NONBLOCK read/write
gfs2: Switch from strlcpy to strscpy
gfs2: Check sb_bsize_shift after reading superblock
9p: trans_fd/p9_conn_cancel: drop client lock earlier
kcm: close race conditions on sk_receive_queue
bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
kcm: avoid potential race in kcm_tx_work
tcp: cdg: allow tcp_cdg_release() to be called multiple times
macvlan: enforce a consistent minimal mtu
serial: 8250: Flush DMA Rx on RLSI
nilfs2: fix use-after-free bug of ns_writer on remount
misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
mmc: core: properly select voltage range without power cycle
serial: 8250_lpss: Configure DMA also w/o DMA filter
serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
dm ioctl: fix misbehavior if list_versions races with module loading
iio: pressure: ms5611: changed hardcoded SPI speed to value limited
iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
usb: chipidea: fix deadlock in ci_otg_del_timer
usb: add NO_LPM quirk for Realforce 87U Keyboard
USB: serial: option: add Fibocom FM160 0x0111 composition
USB: serial: option: add u-blox LARA-L6 modem
USB: serial: option: add u-blox LARA-R6 00B modem
USB: serial: option: remove old LARA-R6 PID
USB: serial: option: add Sierra Wireless EM9191
ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
ring_buffer: Do not deactivate non-existant pages
ftrace: Fix null pointer dereference in ftrace_add_mod()
ftrace: Optimize the allocation for mcount entries
ftrace: Fix the possible incorrect kernel message
cifs: Fix wrong return value checking when GETFLAGS
net/x25: Fix skb leak in x25_lapb_receive_frame()
drbd: use after free in drbd_create_device()
xen/pcpu: fix possible memory leak in register_pcpu()
net: caif: fix double disconnect client in chnl_net_open()
mISDN: fix misuse of put_device() in mISDN_register_device()
mISDN: fix possible memory leak in mISDN_dsp_element_register()
net: bgmac: Drop free_netdev() from bgmac_enet_remove()
pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
parport_pc: Avoid FIFO port location truncation
block: sed-opal: kmalloc the cmd/resp buffers
ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
serial: 8250: omap: Flush PM QOS work on remove
serial: 8250_omap: remove wait loop from Errata i202 workaround
ASoC: core: Fix use-after-free in snd_soc_exit()
Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
selftests/futex: fix build for clang
x86/cpu: Restore AMD's DE_CFG MSR after resume
dmaengine: at_hdmac: Check return code of dma_async_device_register
dmaengine: at_hdmac: Fix impossible condition
dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
dmaengine: at_hdmac: Don't start transactions at tx_submit level
dmaengine: at_hdmac: Fix at_lli struct definition
cert host tools: Stop complaining about deprecated OpenSSL functions
udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
drm/i915/dmabuf: fix sg_table handling in map_dma_buf
nilfs2: fix deadlock in nilfs_count_free_blocks()
ALSA: usb-audio: Add quirk entry for M-Audio Micro
ALSA: hda: fix potential memleak in 'add_widget_node'
arm64: efi: Fix handling of misaligned runtime regions and drop warning
net: macvlan: fix memory leaks of macvlan_common_newlink
net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
ethernet: s2io: disable napi when start nic failed in s2io_card_up()
net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
hamradio: fix issue of dev reference count leakage in bpq_device_event()
net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
net: fman: Unregister ethernet device on removal
bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
net: gso: fix panic on frag_list with mixed head alloc types
HID: hyperv: fix possible memory leak in mousevsc_probe()
Linux 4.14.299
wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
linux/bits.h: make BIT(), GENMASK(), and friends available in assembly
linux/const.h: move UL() macro to include/linux/const.h
linux/const.h: prefix include guard of uapi/linux/const.h with _UAPI
KVM: x86: emulator: update the emulation mode after CR0 write
KVM: x86: emulator: introduce emulator_recalc_and_set_mode
KVM: x86: emulator: em_sysexit should update ctxt->mode
KVM: x86: Mask off reserved bits in CPUID.80000008H
ext4: fix warning in 'ext4_da_release_space'
parisc: Export iosapic_serial_irq() symbol for serial port driver
parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
efi: random: reduce seed size to 32 bytes
ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
tcp/udp: Make early_demux back namespacified.
btrfs: fix type of parameter generation in btrfs_get_dentry
block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
Bluetooth: L2CAP: Fix attempting to access uninitialized memory
i2c: xiic: Add platform module alias
media: dvb-frontends/drxk: initialize err to 0
media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
net, neigh: Fix null-ptr-deref in neigh_table_clear()
net: mdio: fix undefined behavior in bit shift for __mdiobus_register
Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
btrfs: fix ulist leaks in error paths of qgroup self tests
btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
isdn: mISDN: netjet: fix wrong check of device registration
mISDN: fix possible memory leak in mISDN_register_device()
rose: Fix NULL pointer dereference in rose_send_frame()
ipvs: use explicitly signed chars
net: sched: Fix use after free in red_enqueue()
ata: pata_legacy: fix pdc20230_set_piomode()
net: fec: fix improper use of NETDEV_TX_BUSY
nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
net: dsa: Fix possible memory leaks in dsa_loop_init()
nfs4: Fix kmemleak when allocate slot failed
NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
UPSTREAM: linux/const.h: move UL() macro to include/linux/const.h
UPSTREAM: linux/const.h: prefix include guard of uapi/linux/const.h with _UAPI
UPSTREAM: linux/bits.h: make BIT(), GENMASK(), and friends available in assembly
Linux 4.14.298
can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
net: ehea: fix possible memory leak in ehea_register_port()
openvswitch: switch from WARN to pr_warn
ALSA: aoa: Fix I2S device accounting
ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
PM: domains: Fix handling of unavailable/disabled idle states
net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
i40e: Fix flow-type by setting GL_HASH_INSET registers
i40e: Fix ethtool rx-flow-hash setting for X722
media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
media: v4l2-dv-timings: add sanity checks for blanking values
media: vivid: dev->bitmap_cap wasn't freed in all cases
media: vivid: s_fbuf: add more sanity checks
PM: hibernate: Allow hybrid sleep to work with s2idle
can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
tcp: fix indefinite deferral of RTO with SACK reneging
net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
kcm: annotate data-races around kcm->rx_wait
kcm: annotate data-races around kcm->rx_psock
amd-xgbe: add the bit rate quirk for Molex cables
amd-xgbe: fix the SFP compliance codes check for DAC cables
x86/unwind/orc: Fix unreliable stack dump with gcov
ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
arc: iounmap() arg is volatile
drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
net: ieee802154: fix error return code in dgram_bind()
mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
xen/gntdev: Prevent leaking grants
Xen/gntdev: don't ignore kernel unmapping error
s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
kernfs: fix use-after-free in __kernfs_remove
mmc: core: Fix kernel panic when remove non-standard SDIO card
drm/msm/hdmi: fix memory corruption with too many bridges
mac802154: Fix LQI recording
fbdev: smscufx: Fix several use-after-free bugs
iio: light: tsl2583: Fix module unloading
tools: iio: iio_utils: fix digit calculation
xhci: Remove device endpoints from bandwidth list when freeing the device
usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
usb: bdc: change state when port disconnected
usb: dwc3: gadget: Don't set IMI for no_interrupt
USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
ALSA: au88x0: use explicitly signed char
ALSA: Use del_timer_sync() before freeing timer
ACPI: video: Force backlight native for more TongFang devices
media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
iommu/vt-d: Clean up si_domain in the init_dmars() error path
net: hns: fix possible memory leak in hnae_ae_register()
net/atm: fix proc_mpc_write incorrect return value
HID: magicmouse: Do not set BTN_MOUSE on double report
ACPI: extlog: Handle multiple records
btrfs: fix processing of delayed data refs during backref walking
r8152: add PID for the Lenovo OneLink+ Dock
arm64: errata: Remove AES hwcap for COMPAT tasks
KVM: arm64: vgic: Fix exit condition in scan_its_table()
ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
ata: ahci-imx: Fix MODULE_ALIAS
x86/microcode/AMD: Apply the patch early on every logical thread
ocfs2: fix BUG when iput after ocfs2_mknod fails
ocfs2: clear dinode links count in case of error
Linux 4.14.297
x86/speculation: Add RSB VM Exit protections
x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
x86/speculation: Disable RRSBA behavior
x86/bugs: Add Cannon lake to RETBleed affected CPU list
x86/cpu/amd: Enumerate BTC_NO
x86/common: Stamp out the stepping madness
x86/speculation: Fill RSB on vmexit for IBRS
KVM: VMX: Fix IBRS handling after vmexit
KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
x86/speculation: Remove x86_spec_ctrl_mask
x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
x86/speculation: Fix SPEC_CTRL write on SMT state change
x86/speculation: Fix firmware entry SPEC_CTRL handling
x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
x86/speculation: Add LFENCE to RSB fill sequence
x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
entel_idle: Disable IBRS during long idle
x86/bugs: Report Intel retbleed vulnerability
x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
x86/bugs: Optimize SPEC_CTRL MSR writes
x86/entry: Add kernel IBRS implementation
x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
x86/bugs: Add AMD retbleed= boot parameter
x86/bugs: Report AMD retbleed vulnerability
x86/cpufeatures: Move RETPOLINE flags to word 11
x86/entry: Remove skip_r11rcx
x86/cpu: Add a steppings field to struct x86_cpu_id
x86/cpu: Add consistent CPU match macros
x86/devicetable: Move x86 specific macro out of generic code
x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header
x86/cpufeature: Add facility to check for min microcode revisions
Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
Conflicts:
arch/arm64/Kconfig
arch/arm64/include/asm/cpucaps.h
drivers/mmc/host/sdhci.c
scripts/kconfig/symbol.c
Change-Id: I19dc4fe4d3f8ced66f3fd61dd25de82e19d1e3a1
Linux kernel ============ This file was moved to Documentation/admin-guide/README.rst Please notice that there are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. In order to build the documentation, use ``make htmldocs`` or ``make pdfdocs``. There are various text files in the Documentation/ subdirectory, several of them using the Restructured Text markup notation. See Documentation/00-INDEX for a list of what is contained in each file. Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.