malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
812,312 Commits 5 Branches 0 Tags
Commit Graph

5700 Commits

Author SHA1 Message Date
Ard Biesheuvel
c3f5ee8d43 lib/xor: Make xor prototypes more friendly to compiler vectorization 
Modern compilers are perfectly capable of extracting parallelism from
the XOR routines, provided that the prototypes reflect the nature of the
input accurately, in particular, the fact that the input vectors are
expected not to overlap. This is not documented explicitly, but is
implied by the interchangeability of the various C routines, some of
which use temporary variables while others don't: this means that these
routines only behave identically for non-overlapping inputs.

So let's decorate these input vectors with the __restrict modifier,
which informs the compiler that there is no overlap. While at it, make
the input-only vectors pointer-to-const as well.

Link: https://github.com/ClangBuiltLinux/linux/issues/563
Change-Id: I5bf93880b158aa01f2b5155e7a9f6cd7b9088fc6
Tested-by: Nathan Chancellor <nathan@kernel.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
 2024-12-13 02:57:44 -03:00
Richard Raya
59c72f3544 Merge branch 'linux-4.14.y' of https://github.com/openela/kernel-lts 
* 'linux-4.14.y' of https://github.com/openela/kernel-lts: (186 commits)
  LTS: Update to 4.14.344
  binder: signal epoll threads of self-work
  ANDROID: binder: Add thread->process_todo flag.
  scsi: bnx2fc: Fix skb double free in bnx2fc_rcv()
  scsi: bnx2fc: Remove set but not used variable 'oxid'
  net: check dev->gso_max_size in gso_features_check()
  driver: staging: count ashmem_range into SLAB_RECLAIMBLE
  net: warn if gso_type isn't set for a GSO SKB
  staging: android: ashmem: Remove use of unlikely()
  ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
  ALSA: hda/realtek: Enable headset onLenovo M70/M90
  ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
  ALSA: hda/realtek - ALC897 headset MIC no sound
  ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform
  ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
  ALSA: hda/realtek - The front Mic on a HP machine doesn't work
  ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
  ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
  ALSA: hda/realtek - Add Headset Mic supported for HP cPC
  ALSA: hda/realtek - More constifications
  ...

Change-Id: I3d093c0e457ab7e7e7b98b46eb44e82b6f4636f9
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
 2024-05-08 19:24:35 -03:00
Heiko Carstens
617738d9f5 s390/cmma: fix detection of DAT pages 
[ Upstream commit 44d93045247661acbd50b1629e62f415f2747577 ]

If the cmma no-dat feature is available the kernel page tables are walked
to identify and mark all pages which are used for address translation (all
region, segment, and page tables). In a subsequent loop all other pages are
marked as "no-dat" pages with the ESSA instruction.

This information is visible to the hypervisor, so that the hypervisor can
optimize purging of guest TLB entries. The initial loop however is
incorrect: only the first three of the four pages which belong to segment
and region tables will be marked as being used for DAT. The last page is
incorrectly marked as no-dat.

This can result in incorrect guest TLB flushes.

Fix this by simply marking all four pages.

Cc: <stable@vger.kernel.org>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
 2024-05-06 14:36:42 +00:00
Alexander Gordeev
2d92e52824 s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family 
[ Upstream commit 3784231b1e091857bd129fd9658a8b3cedbdcd58 ]

Due to historical reasons mark_kernel_pXd() functions
misuse the notion of physical vs virtual addresses
difference.

Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Stable-dep-of: 44d930452476 ("s390/cmma: fix detection of DAT pages")
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
 2024-05-06 14:36:42 +00:00
Richard Raya
a9e2d194be Merge branch 'linux-4.14.y' of https://github.com/openela/kernel-lts 
* 'linux-4.14.y' of https://github.com/openela/kernel-lts: (350 commits)
  LTS: Update to 4.14.340
  fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
  KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table()
  PCI/MSI: Prevent MSI hardware interrupt number truncation
  s390: use the correct count for __iowrite64_copy()
  packet: move from strlcpy with unused retval to strscpy
  ipv6: sr: fix possible use-after-free and null-ptr-deref
  nouveau: fix function cast warnings
  scsi: jazz_esp: Only build if SCSI core is builtin
  RDMA/srpt: fix function pointer cast warnings
  RDMA/srpt: Support specifying the srpt_service_guid parameter
  IB/hfi1: Fix a memleak in init_credit_return
  usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
  l2tp: pass correct message length to ip6_append_data
  gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
  dm-crypt: don't modify the data when using authenticated encryption
  mm: memcontrol: switch to rcu protection in drain_all_stock()
  s390/qeth: Fix potential loss of L3-IP@ in case of network issues
  virtio-blk: Ensure no requests in virtqueues before deleting vqs.
  firewire: core: send bus reset promptly on gap count error
  ...

Change-Id: Ieafdd459ee41343bf15ed781b3e45adc2be29cc1
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
 2024-03-26 00:15:05 -03:00
Richard Raya
669eb74484 Merge branch 'deprecated/android-4.14-stable' of https://android.googlesource.com/kernel/common into HEAD 
* 'deprecated/android-4.14-stable' of https://android.googlesource.com/kernel/common: (101 commits)
  Linux 4.14.336
  mmc: core: Cancel delayed work before releasing host
  mmc: rpmb: fixes pause retune on all RPMB partitions.
  firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards
  i40e: fix use-after-free in i40e_aqc_add_filters()
  net: bcmgenet: Fix FCS generation for fragmented skbuffs
  net: sched: em_text: fix possible memory leak in em_text_destroy()
  nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local
  UPSTREAM: drm: Fix doc warning in drm_connector_attach_edid_property()
  BACKPORT: lib/vsprintf: Hash legacy clock addresses
  UPSTREAM: xfrm: fix gro_cells leak when remove virtual xfrm interfaces
  UPSTREAM: xfrm: Make function xfrmi_get_link_net() static
  UPSTREAM: cpuidle: menu: Retain tick when shallow state is selected
  UPSTREAM: bpf: fix rcu annotations in compute_effective_progs()
  UPSTREAM: bpf: bpf_prog_array_alloc() should return a generic non-rcu pointer
  UPSTREAM: sched/util_est: Fix util_est_dequeue() for throttled cfs_rq
  UPSTREAM: softirq: Reorder trace_softirqs_on to prevent lockdep splat
  UPSTREAM: l2tp: fix refcount leakage on PPPoL2TP sockets
  UPSTREAM: HID: steam: select CONFIG_POWER_SUPPLY
  BACKPORT: mac80211_hwsim: fix a possible memory leak in hwsim_new_radio_nl()
  ...

Change-Id: I1c98fbb0918986a06bee16b0c11fe8bee003fd3f
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
 2024-03-25 23:54:05 -03:00
Jason Gunthorpe
92a10e44f1 s390: use the correct count for __iowrite64_copy() 
[ Upstream commit 723a2cc8d69d4342b47dfddbfe6c19f1b135f09b ]

The signature for __iowrite64_copy() requires the number of 64 bit
quantities, not bytes. Multiple by 8 to get to a byte length before
invoking zpci_memcpy_toio()

Fixes: 87bc359b9822 ("s390/pci: speed up __iowrite64_copy by using pci store block insn")
Acked-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Link: https://lore.kernel.org/r/0-v1-9223d11a7662+1d7785-s390_iowrite64_jgg@nvidia.com
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 2b505745a91e84338e4b728314f858a1b60b67e2)
Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
 2024-03-21 13:32:26 +00:00
Heiko Carstens
1f85aac19a KVM: s390: fix setting of fpc register 
[ Upstream commit b988b1bb0053c0dcd26187d29ef07566a565cf55 ]

kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control
(fpc) register of a guest cpu. The new value is tested for validity by
temporarily loading it into the fpc register.

This may lead to corruption of the fpc register of the host process:
if an interrupt happens while the value is temporarily loaded into the fpc
register, and within interrupt context floating point or vector registers
are used, the current fp/vx registers are saved with save_fpu_regs()
assuming they belong to user space and will be loaded into fp/vx registers
when returning to user space.

test_fp_ctl() restores the original user space / host process fpc register
value, however it will be discarded, when returning to user space.

In result the host process will incorrectly continue to run with the value
that was supposed to be used for a guest cpu.

Fix this by simply removing the test. There is another test right before
the SIE context is entered which will handles invalid values.

This results in a change of behaviour: invalid values will now be accepted
instead of that the ioctl fails with -EINVAL. This seems to be acceptable,
given that this interface is most likely not used anymore, and this is in
addition the same behaviour implemented with the memory mapped interface
(replace invalid values with zero) - see sync_regs() in kvm-s390.c.

Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 3a04410b0bc7e056e0843ac598825dd359246d18)
[vegard: fix conflict due to missing commit
 6a96bc7fa0cdd96bac2b8298d708a94f8de6f6d4 ("KVM: Move vcpu_load to
 arch-specific kvm_arch_vcpu_ioctl_set_fpu")]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
 2024-03-08 08:21:31 +00:00
Heiko Carstens
4208eff2d2 s390/ptrace: handle setting of fpc register correctly 
[ Upstream commit 8b13601d19c541158a6e18b278c00ba69ae37829 ]

If the content of the floating point control (fpc) register of a traced
process is modified with the ptrace interface the new value is tested for
validity by temporarily loading it into the fpc register.

This may lead to corruption of the fpc register of the tracing process:
if an interrupt happens while the value is temporarily loaded into the
fpc register, and within interrupt context floating point or vector
registers are used, the current fp/vx registers are saved with
save_fpu_regs() assuming they belong to user space and will be loaded into
fp/vx registers when returning to user space.

test_fp_ctl() restores the original user space fpc register value, however
it will be discarded, when returning to user space.

In result the tracer will incorrectly continue to run with the value that
was supposed to be used for the traced process.

Fix this by saving fpu register contents with save_fpu_regs() before using
test_fp_ctl().

Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 6ccf904aac0292e1f6b1a1be6c407c414f7cf713)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
 2024-03-08 08:21:30 +00:00
Greg Kroah-Hartman
11c40e9fe9 This is the 4.14.335 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWbzYYACgkQONu9yGCS
 aT5yuA//cfIIRarmgTer4zke1a3IvizQR8mIR8dELEimi0Zcws6ZrLa3Dr6CXhEc
 olKM5OtMypYU/VjlAb4j8PMLoGzHoUxZo1sbBwQ3JhmPU0JpKPM5R/W+GE1+++Se
 1Wgqv1r5/DXsPEI6Tmn1a0W2B/oTe7hLdCWoCpQUmgYeIBF63Ayh5c4a1jyCJHuv
 zb4JJR2WteUiZ3A7E3UvjSNR1ydwKXH3Prb3zuhqtwo5AWy7Xzot3U34IXEUYNkL
 D1I+5JwGullBJUqHS86Fn6geAo51+H+faO9u8C8HwusnxXxpX6YymhuW49yX+DVI
 B+cEBh0itKZJPeIRYk3Gr4kJ2qP9xn3pxvF1xHYiBrQtcp5feVuth0lqyo7n1YPp
 Uca7Ap6GzLKalZA6sK3ZpJLUFSA4yj84VJzp9b3wC0QztRuSGkVeAEXSAdF/kVDM
 YCjWjIXlLj1A/vQ1HQC5wOKcrn6P04so4uRMVN7LukSdJFn9yuk4v6ZxMoKCPBJc
 Z8U0dF1hGgWjwe3ggdWOnfqOKti2EJ6+OmSsJkPoWS0zk9q3pSknQ56XgB+ejIBQ
 OLl93RKrkojO4xR1U7rPl2Qhbat2Q0NY4mj0ZxLGTX/Nxo0SyKuX+d9t+cDRbRzP
 lGNjjQlfeP2IXHLluqxNea+2sc86m7ce9gyJ3D/6SEcnE2plWi8=
 =Y9Wv
 -----END PGP SIGNATURE-----

Merge 4.14.335 into android-4.14-stable

Changes in 4.14.335
	ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init
	s390/vx: fix save/restore of fpu kernel context
	wifi: mac80211: mesh_plink: fix matches_local logic
	net: sched: ife: fix potential use-after-free
	ethernet: atheros: fix a memleak in atl1e_setup_ring_resources
	iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw
	Input: ipaq-micro-keys - add error handling for devm_kmemdup
	iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table
	wifi: cfg80211: Add my certificate
	wifi: cfg80211: fix certs build to not depend on file order
	USB: serial: ftdi_sio: update Actisense PIDs constant names
	USB: serial: option: add Quectel EG912Y module support
	USB: serial: option: add Foxconn T99W265 with new baseline
	USB: serial: option: add Quectel RM500Q R13 firmware support
	Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent
	net: 9p: avoid freeing uninit memory in p9pdu_vreadf
	net: rfkill: gpio: set GPIO direction
	dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata()
	block: Don't invalidate pagecache for invalid falloc modes
	Linux 4.14.335

Change-Id: I27a09c889fddbb96c9312d6a2483272318aa678c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2024-01-08 16:04:59 +00:00
Heiko Carstens
65def53e04 s390/vx: fix save/restore of fpu kernel context 
[ Upstream commit e6b2dab41888332bf83f592131e7ea07756770a4 ]

The KERNEL_FPR mask only contains a flag for the first eight vector
registers. However floating point registers overlay parts of the first
sixteen vector registers.

This could lead to vector register corruption if a kernel fpu context uses
any of the vector registers 8 to 15 and is interrupted or calls a
KERNEL_FPR context. If that context uses also vector registers 8 to 15,
their contents will be corrupted on return.

Luckily this is currently not a real bug, since the kernel has only one
KERNEL_FPR user with s390_adjust_jiffies() and it is only using floating
point registers 0 to 2.

Fix this by using the correct bits for KERNEL_FPR.

Fixes: 7f79695cc1b6 ("s390/fpu: improve kernel_fpu_[begin|end]")
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Reviewed-by: Hendrik Brueckner <brueckner@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2024-01-08 11:25:02 +01:00
Greg Kroah-Hartman
8382692884 This is the 4.14.333 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmV50c4ACgkQONu9yGCS
 aT7NBxAAtKBLAoVN5J4r4/i/H6ac1RonF4Lq6Y2S0CgV81IYPH602dV6OsC6bGh6
 UrSBiA0p2jBDLSFcDJOyrneMxJHveA0KSczAPNscE+ml7bVmiT47ySw6KxdM8wEU
 3fnSdmUZ96Sa0CQoJSU50ot7lhzAiiMG8JWCLRPDRofIN0+qpTw5oCSnwKGsqyO8
 LJkRujzKfWAykYQIrUYXqeIzzxww0JbE/8MRbeNT+2OfjG/jZamZwBQPFUWih67Q
 qAGFxV4n1MUdo4+kd5rpaYw5/5boPoVo8KIaxnrCWbauXn2MUT0ZWLDKnGu5hptL
 6PHy66FFTYQjFJpuTc4+X7vzqptSJta8SSDqpcJ9FX9bVUdTuH07QDkA5yGmttb6
 2W1fJKR9rTyt1+J526xBWgNdyilv08IUP4R6g4RUe2aRuqDMFrPAegcCyeQ7g99f
 cpg5z/knynn1qvJ4CznM83z1ZxwgG861G94ZJPPd2hKTPRltQpt9fF35ekeaHzcF
 f8vZfnYzD228R0FgtDcA8d9VIU/K3gICbhr1SCASy8uUyt+8RRtxxjGX4QUOwbZW
 PQwdX500xLzV5Lg7fOzyuaM/6+oYk+vU5iYJnkeglg5ReYtfEerHNtVRh4PAtgEu
 04G81HY9cHjSqne6I5MTE/sx9L3JZj5dED8ZqDMqag5pB+G/1EQ=
 =ey14
 -----END PGP SIGNATURE-----

Merge 4.14.333 into android-4.14-stable

Changes in 4.14.333
	tg3: Move the [rt]x_dropped counters to tg3_napi
	tg3: Increment tx_dropped in tg3_tso_bug()
	drm/amdgpu: correct chunk_ptr to a pointer to chunk.
	net: hns: fix fake link up on xge port
	tcp: do not accept ACK of bytes we never sent
	RDMA/bnxt_re: Correct module description string
	hwmon: (acpi_power_meter) Fix 4.29 MW bug
	tracing: Fix a warning when allocating buffered events fails
	scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
	ALSA: pcm: fix out-of-bounds in snd_pcm_state_names
	nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
	tracing: Always update snapshot buffer size
	tracing: Fix incomplete locking when disabling buffered events
	tracing: Fix a possible race when disabling buffered events
	packet: Move reference count in packet_sock to atomic_long_t
	parport: Add support for Brainboxes IX/UC/PX parallel cards
	serial: sc16is7xx: address RX timeout interrupt errata
	serial: 8250_omap: Add earlycon support for the AM654 UART controller
	KVM: s390/mm: Properly reset no-dat
	nilfs2: fix missing error check for sb_set_blocksize call
	netlink: don't call ->netlink_bind with table lock held
	genetlink: add CAP_NET_ADMIN test for multicast bind
	psample: Require 'CAP_NET_ADMIN' when joining "packets" group
	drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group
	Linux 4.14.333

Change-Id: Iebcaaf9d6c5e2ef71dd23c3c6246f6cef45d296a
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-12-14 08:59:48 +00:00
Claudio Imbrenda
e42b3e30f1 KVM: s390/mm: Properly reset no-dat 
commit 27072b8e18a73ffeffb1c140939023915a35134b upstream.

When the CMMA state needs to be reset, the no-dat bit also needs to be
reset. Failure to do so could cause issues in the guest, since the
guest expects the bit to be cleared after a reset.

Cc: <stable@vger.kernel.org>
Reviewed-by: Nico Boehr <nrb@linux.ibm.com>
Message-ID: <20231109123624.37314-1-imbrenda@linux.ibm.com>
Signed-off-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-12-13 16:46:17 +01:00
Richard Raya
9cdc78c354 Merge branch 'android-4.14-stable' of https://android.googlesource.com/kernel/common 
* 'android-4.14-stable' of https://android.googlesource.com/kernel/common: (2966 commits)
  Linux 4.14.331
  net: sched: fix race condition in qdisc_graft()
  scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids
  ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
  ext4: correct return value of ext4_convert_meta_bg
  ext4: correct offset of gdb backup in non meta_bg group to update_backups
  ext4: apply umask if ACL support is disabled
  media: venus: hfi: fix the check to handle session buffer requirement
  media: sharp: fix sharp encoding
  i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
  net: dsa: lan9303: consequently nested-lock physical MDIO
  ALSA: info: Fix potential deadlock at disconnection
  parisc/pgtable: Do not drop upper 5 address bits of physical address
  parisc: Prevent booting 64-bit kernels on PA1.x machines
  mcb: fix error handling for different scenarios when parsing
  jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
  genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
  mmc: meson-gx: Remove setting of CMD_CFG_ERROR
  PM: hibernate: Clean up sync_read handling in snapshot_write_next()
  PM: hibernate: Use __get_safe_page() rather than touching the list
  ...

Change-Id: I755d2aa7c525ace28adc4aee433572b3110ea39b
 2023-12-07 20:15:44 -03:00
Greg Kroah-Hartman
67419faf9f This is the 4.14.328 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmU43EMACgkQONu9yGCS
 aT7lzQ/+LlalhbWmaKVFXymwhXfy7Z2KvWC7SxMTi0DvMryyZqwM1o52XS7zuPyt
 pB1d1hlhgPV8TkpVkGL9BAovDiF7f6vx8m/13DdPS1VDwliD5jgan/0Cjrz7nMyF
 B5zHwspMnkKiEX0Ye4rEy2Z6UMd29CZ75HLpqzVukJ3rY0tswIPqTJ8gO3jrj4Vq
 rPNUWT4h8TqAlG41Gq452MKrtTRpNyRyS/wD7LDrfAuDBmhLje3QbWc5E0w0RAnh
 4GngjeXB5FZFVwZTr5uC6N5r9tesJGpa7fF77dSkRGC+LDIm01mr8/RdWDIxKbmV
 Cr+TgkX1VeYtKvNb/5KS077axXiY8sDSRmgViUN1EXoBLm7E4gllTRrX0m7S7jHQ
 K9EDMqPdNyvYxPUnFptNdlZBAxtqndkv0SZ7TSrjYApD5A5l8xv/juZVDePUsfwg
 WLIB8QheKX+18vaUy3khsBBcsCEVxp8o/Xq6pZuvJLH53MOl1n2Ml24h2xhu2MMu
 ZuLznKpWo3O89h51tD+zVX+cgCWMJDAt1mH46at+5W5A4xRd00h7jBCdfkMSBwb9
 hXpb2g8bb6KSJsKgPcD6hvyvg8/9c5yzhV3CmPseOSvy6wnOupHUBUJCiG/tLFBm
 ht11wb1pgdk5MlpXiBZGjE6QsaGIGw7Y98Hl7rpyLLdna6gSKls=
 =8Zs3
 -----END PGP SIGNATURE-----

Merge 4.14.328 into android-4.14-stable

Changes in 4.14.328
	RDMA/cxgb4: Check skb value for failure to allocate
	HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
	drm: etvnaviv: fix bad backport leading to warning
	ieee802154: ca8210: Fix a potential UAF in ca8210_probe
	drm/vmwgfx: fix typo of sizeof argument
	ixgbe: fix crash with empty VF macvlan list
	nfc: nci: assert requested protocol is valid
	workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()
	usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
	net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read
	usb: musb: Get the musb_qh poniter after musb_giveback
	usb: musb: Modify the "HWVers" register address
	iio: pressure: bmp280: Fix NULL pointer exception
	iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
	mcb: remove is_added flag from mcb_device struct
	ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
	Input: powermate - fix use-after-free in powermate_config_complete
	Input: xpad - add PXN V900 support
	cgroup: Remove duplicates in cgroup v1 tasks file
	pinctrl: avoid unsafe code pattern in find_pinctrl()
	usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
	usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call
	x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
	usb: hub: Guard against accesses to uninitialized BOS descriptors
	Bluetooth: hci_event: Ignore NULL link key
	Bluetooth: Reject connection with the device which has same BD_ADDR
	Bluetooth: Fix a refcnt underflow problem for hci_conn
	Bluetooth: vhci: Fix race when opening vhci device
	Bluetooth: hci_event: Fix coding style
	Bluetooth: avoid memcmp() out of bounds warning
	nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
	regmap: fix NULL deref on lookup
	KVM: x86: Mask LVTPC when handling a PMI
	netfilter: nft_payload: fix wrong mac header matching
	xfrm: fix a data-race in xfrm_gen_index()
	net: ipv4: fix return value check in esp_remove_trailer
	net: ipv6: fix return value check in esp_remove_trailer
	net: rfkill: gpio: prevent value glitch during probe
	net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
	i40e: prevent crash on probe if hw registers have invalid values
	ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone
	btrfs: initialize start_slot in btrfs_log_prealloc_extents
	i2c: mux: Avoid potential false error message in i2c_mux_add_adapter
	overlayfs: set ctime when setting mtime and atime
	gpio: timberdale: Fix potential deadlock on &tgpio->lock
	ata: libata-eh: Fix compilation warning in ata_eh_link_report()
	tracing: relax trace_event_eval_update() execution with cond_resched()
	HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event
	Bluetooth: Avoid redundant authentication
	Bluetooth: hci_core: Fix build warnings
	wifi: mac80211: allow transmitting EAPOL frames with tainted key
	wifi: cfg80211: avoid leaking stack data into trace
	sky2: Make sure there is at least one frag_addr available
	mmc: core: Capture correct oemid-bits for eMMC cards
	Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
	ACPI: irq: Fix incorrect return value in acpi_register_gsi()
	USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
	USB: serial: option: add entry for Sierra EM9191 with new firmware
	USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
	perf: Disallow mis-matched inherited group reads
	s390/pci: fix iommu bitmap allocation
	gpio: vf610: set value before the direction to avoid a glitch
	Bluetooth: hci_sock: fix slab oob read in create_monitor_event
	Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name
	Bluetooth: hci_event: Fix using memcmp when comparing keys
	Linux 4.14.328

Change-Id: I0ad6691640e3f75a6016e2004f005414a50dc7b9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-10-25 11:33:41 +00:00
Niklas Schnelle
8670eb7100 s390/pci: fix iommu bitmap allocation 
commit c1ae1c59c8c6e0b66a718308c623e0cb394dab6b upstream.

Since the fixed commits both zdev->iommu_bitmap and zdev->lazy_bitmap
are allocated as vzalloc(zdev->iommu_pages / 8). The problem is that
zdev->iommu_bitmap is a pointer to unsigned long but the above only
yields an allocation that is a multiple of sizeof(unsigned long) which
is 8 on s390x if the number of IOMMU pages is a multiple of 64.
This in turn is the case only if the effective IOMMU aperture is
a multiple of 64 * 4K = 256K. This is usually the case and so didn't
cause visible issues since both the virt_to_phys(high_memory) reduced
limit and hardware limits use nice numbers.

Under KVM, and in particular with QEMU limiting the IOMMU aperture to
the vfio DMA limit (default 65535), it is possible for the reported
aperture not to be a multiple of 256K however. In this case we end up
with an iommu_bitmap whose allocation is not a multiple of
8 causing bitmap operations to access it out of bounds.

Sadly we can't just fix this in the obvious way and use bitmap_zalloc()
because for large RAM systems (tested on 8 TiB) the zdev->iommu_bitmap
grows too large for kmalloc(). So add our own bitmap_vzalloc() wrapper.
This might be a candidate for common code, but this area of code will
be replaced by the upcoming conversion to use the common code DMA API on
s390 so just add a local routine.

Fixes: 224593215525 ("s390/pci: use virtual memory for iommu bitmap")
Fixes: 13954fd6913a ("s390/pci_dma: improve lazy flush for unmap")
Cc: stable@vger.kernel.org
Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com>
Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-10-25 11:13:33 +02:00
Greg Kroah-Hartman
fce78edbb4 This is the 4.14.322 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTWAT4ACgkQONu9yGCS
 aT6kKxAA00HDcoEbS4CpQxK1ggeeW6xMFqPHHwUz62ScZPR1zcrR4ag5UrKOQALF
 cCQwt2nVBMUXciiQd3gY+MciAYPRVIXLMK9QqQEJSBZ+2p8zY3nb/HbM6o8iKQeV
 xIhUneiyHtbOyTo3oQcyET7ngwxtDp9uEnd+8I+sSbGi8Wyh8Z8L2daVQTrke1Js
 QIe3wDQsUj0pEDhRfYx29JKeQ8fBOfZlxtFEsdHvGgP/4j2EXGwyMVnt3/DVuwM8
 5/b/SML0skSh8YM9JfMQwpYpR+MAFGyyYKoF2pGu1trvyoh2Jd3TYuYcNqjwIywg
 W+ODGmULcYUYPBzUMdvrefwpn4l/2qpPCJ8FHB80h+4Jmy6PMN7lm1YnMBeQK4GP
 ACLr2BzJ4Tp5LavWZpTpqdRlC039aSZqY+7K+H/eoNstwZMU3hKc3Kn2KrPss0pp
 K0M7+8oukTnSiFNgIXVJOsr+kN1nNvtQmqCVRWlrn2cQckdDf8pVkPl/QtC3ZtWf
 aI8xYr6UpAr0z1elK5p9lO6N0R8FLwVmDG7B4b/6nLbWtRSt53ay/nMAzebodpn1
 8r+6ZoXO5LedNJsUOMJqE58X0ywbUgcx8mfkuRS8PLXEk7yI4+PR7DCeWyZ/YdVX
 dUqaYIK0yYx9yXAkMaSdrnMs+OSqa6lK9c9juPDvFox+ngLAjNk=
 =67ef
 -----END PGP SIGNATURE-----

Merge 4.14.322 into android-4.14-stable

Changes in 4.14.322
	gfs2: Don't deref jdesc in evict
	x86/microcode/AMD: Load late on both threads too
	x86/smp: Use dedicated cache-line for mwait_play_dead()
	fbdev: imsttfb: Fix use after free bug in imsttfb_probe
	drm/edid: Fix uninitialized variable in drm_cvt_modes()
	scripts/tags.sh: Resolve gtags empty index generation
	drm/amdgpu: Validate VM ioctl flags.
	treewide: Remove uninitialized_var() usage
	md/raid10: fix overflow of md/safe_mode_delay
	md/raid10: fix wrong setting of max_corr_read_errors
	md/raid10: fix io loss while replacement replace rdev
	PM: domains: fix integer overflow issues in genpd_parse_state()
	evm: Complete description of evm_inode_setattr()
	wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
	wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
	wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
	wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
	wifi: atmel: Fix an error handling path in atmel_probe()
	wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
	wifi: ray_cs: Fix an error handling path in ray_probe()
	wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
	watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
	watchdog/perf: more properly prevent false positives with turbo modes
	kexec: fix a memory leak in crash_shrink_memory()
	memstick r592: make memstick_debug_get_tpc_name() static
	wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
	wifi: ath9k: convert msecs to jiffies where needed
	netlink: fix potential deadlock in netlink_set_err()
	netlink: do not hard code device address lenth in fdb dumps
	gtp: Fix use-after-free in __gtp_encap_destroy().
	lib/ts_bm: reset initial match offset for every block of text
	netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
	netlink: Add __sock_i_ino() for __netlink_diag_dump().
	radeon: avoid double free in ci_dpm_init()
	Input: drv260x - sleep between polling GO bit
	ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
	Input: adxl34x - do not hardcode interrupt trigger type
	drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
	ARM: ep93xx: fix missing-prototype warnings
	ASoC: es8316: Increment max value for ALC Capture Target Volume control
	soc/fsl/qe: fix usb.c build errors
	fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
	drm/radeon: fix possible division-by-zero errors
	ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
	scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
	PCI: Add pci_clear_master() stub for non-CONFIG_PCI
	pinctrl: cherryview: Return correct value if pin in push-pull mode
	perf dwarf-aux: Fix off-by-one in die_get_varname()
	pinctrl: at91-pio4: check return value of devm_kasprintf()
	crypto: nx - fix build warnings when DEBUG_FS is not enabled
	modpost: fix section mismatch message for R_ARM_ABS32
	modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
	modpost: fix off by one in is_executable_section()
	USB: serial: option: add LARA-R6 01B PIDs
	block: change all __u32 annotations to __be32 in affs_hardblocks.h
	w1: fix loop in w1_fini()
	sh: j2: Use ioremap() to translate device tree address into kernel memory
	media: usb: Check az6007_read() return value
	media: videodev2.h: Fix struct v4l2_input tuner index comment
	media: usb: siano: Fix warning due to null work_func_t function pointer
	extcon: Fix kernel doc of property fields to avoid warnings
	extcon: Fix kernel doc of property capability fields to avoid warnings
	usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
	mfd: rt5033: Drop rt5033-battery sub-device
	mfd: intel-lpss: Add missing check for platform_get_resource
	mfd: stmpe: Only disable the regulators if they are enabled
	rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
	sctp: fix potential deadlock on &net->sctp.addr_wq_lock
	Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
	spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
	mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
	powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
	net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
	tcp: annotate data races in __tcp_oow_rate_limited()
	net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
	sh: dma: Fix DMA channel offset calculation
	NFSD: add encoding of op_recall flag for write delegation
	mmc: core: disable TRIM on Kingston EMMC04G-M627
	mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
	integrity: Fix possible multiple allocation in integrity_inode_get()
	jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
	btrfs: fix race when deleting quota root from the dirty cow roots list
	ARM: orion5x: fix d2net gpio initialization
	spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
	spi: spi-fsl-spi: relax message sanity checking a little
	spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
	netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
	netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
	netfilter: nf_tables: unbind non-anonymous set if rule construction fails
	netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
	netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
	workqueue: clean up WORK_* constant types, clarify masking
	net: mvneta: fix txq_map in case of txq_number==1
	udp6: fix udp6_ehashfn() typo
	ntb: idt: Fix error handling in idt_pci_driver_init()
	NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
	ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
	NTB: ntb_transport: fix possible memory leak while device_register() fails
	ipv6/addrconf: fix a potential refcount underflow for idev
	wifi: airo: avoid uninitialized warning in airo_get_rate()
	net/sched: make psched_mtu() RTNL-less safe
	tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
	SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
	perf intel-pt: Fix CYC timestamps after standalone CBR
	ext4: fix wrong unit use in ext4_mb_clear_bb
	ext4: only update i_reserved_data_blocks on successful block allocation
	jfs: jfs_dmap: Validate db_l2nbperpage while mounting
	PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
	misc: pci_endpoint_test: Re-init completion for every test
	md/raid0: add discard support for the 'original' layout
	fs: dlm: return positive pid value for F_GETLK
	hwrng: imx-rngc - fix the timeout for init and self check
	meson saradc: fix clock divider mask length
	Revert "8250: add support for ASIX devices with a FIFO bug"
	tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
	tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
	ring-buffer: Fix deadloop issue on reading trace_pipe
	xtensa: ISS: fix call to split_if_spec
	scsi: qla2xxx: Wait for io return on terminate rport
	scsi: qla2xxx: Fix potential NULL pointer dereference
	scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
	scsi: qla2xxx: Pointer may be dereferenced
	serial: atmel: don't enable IRQs prematurely
	perf probe: Add test for regression introduced by switch to die_get_decl_file()
	fuse: revalidate: don't invalidate if interrupted
	can: bcm: Fix UAF in bcm_proc_show()
	ext4: correct inline offset when handling xattrs in inode body
	debugobjects: Recheck debug_objects_enabled before reporting
	nbd: Add the maximum limit of allocated index in nbd_dev_add
	md: fix data corruption for raid456 when reshape restart while grow up
	md/raid10: prevent soft lockup while flush writes
	posix-timers: Ensure timer ID search-loop limit is valid
	sched/fair: Don't balance task to its current running CPU
	bpf: Address KCSAN report on bpf_lru_list
	wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
	igb: Fix igb_down hung on surprise removal
	spi: bcm63xx: fix max prepend length
	fbdev: imxfb: warn about invalid left/right margin
	pinctrl: amd: Use amd_pinconf_set() for all config options
	net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
	fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
	llc: Don't drop packet from non-root netns.
	netfilter: nf_tables: fix spurious set element insertion failure
	tcp: annotate data-races around rskq_defer_accept
	tcp: annotate data-races around tp->notsent_lowat
	tcp: annotate data-races around fastopenq.max_qlen
	gpio: tps68470: Make tps68470_gpio_output() always set the initial value
	i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
	ethernet: atheros: fix return value check in atl1e_tso_csum()
	ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
	tcp: Reduce chance of collisions in inet6_hashfn().
	bonding: reset bond's flags when down link is P2P device
	team: reset team's flags when down link is P2P device
	platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
	benet: fix return value check in be_lancer_xmit_workarounds()
	ASoC: fsl_spdif: Silence output on stop
	block: Fix a source code comment in include/uapi/linux/blkzoned.h
	dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
	ata: pata_ns87415: mark ns87560_tf_read static
	ring-buffer: Fix wrong stat of cpu_buffer->read
	tracing: Fix warning in trace_buffered_event_disable()
	USB: serial: option: support Quectel EM060K_128
	USB: serial: option: add Quectel EC200A module support
	USB: serial: simple: add Kaufmann RKS+CAN VCP
	USB: serial: simple: sort driver entries
	can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
	usb: ohci-at91: Fix the unhandle interrupt when resume
	usb: xhci-mtk: set the dma max_seg_size
	Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
	staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
	hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
	tpm_tis: Explicitly check for error code
	irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
	s390/dasd: fix hanging device after quiesce/resume
	ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
	dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
	drm/client: Fix memory leak in drm_client_target_cloned
	net/sched: cls_fw: Fix improper refcount update leads to use-after-free
	net/sched: sch_qfq: account for stab overhead in qfq_enqueue
	net/sched: cls_u32: Fix reference counter leak leading to overflow
	perf: Fix function pointer case
	word-at-a-time: use the same return type for has_zero regardless of endianness
	net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
	perf test uprobe_from_different_cu: Skip if there is no gcc
	net: add missing data-race annotations around sk->sk_peek_off
	net: add missing data-race annotation for sk_ll_usec
	net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
	net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
	ip6mr: Fix skb_under_panic in ip6mr_cache_report()
	tcp_metrics: fix addr_same() helper
	tcp_metrics: annotate data-races around tm->tcpm_stamp
	tcp_metrics: annotate data-races around tm->tcpm_lock
	tcp_metrics: annotate data-races around tm->tcpm_vals[]
	tcp_metrics: annotate data-races around tm->tcpm_net
	tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
	loop: Select I/O scheduler 'none' from inside add_disk()
	libceph: fix potential hang in ceph_osdc_notify()
	USB: zaurus: Add ID for A-300/B-500/C-700
	fs/sysv: Null check to prevent null-ptr-deref bug
	Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
	net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
	ext2: Drop fragment support
	test_firmware: fix a memory leak with reqs buffer
	mtd: rawnand: omap_elm: Fix incorrect type in assignment
	drm/edid: fix objtool warning in drm_cvt_modes()
	Linux 4.14.322

Change-Id: Ia25c00bd23a112b634b83577ec7d54569e8b7c70
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-08-23 14:54:21 +00:00
Kees Cook
d68627697d treewide: Remove uninitialized_var() usage 
commit 3f649ab728cda8038259d8f14492fe400fbab911 upstream.

Using uninitialized_var() is dangerous as it papers over real bugs[1]
(or can in the future), and suppresses unrelated compiler warnings
(e.g. "unused variable"). If the compiler thinks it is uninitialized,
either simply initialize the variable or make compiler changes.

In preparation for removing[2] the[3] macro[4], remove all remaining
needless uses with the following script:

git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \
	xargs perl -pi -e \
		's/\buninitialized_var\(([^\)]+)\)/\1/g;
		 s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;'

drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid
pathological white-space.

No outstanding warnings were found building allmodconfig with GCC 9.3.0
for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64,
alpha, and m68k.

[1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/
[2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/
[3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/
[4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/

Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5
Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB
Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers
Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-08-11 11:33:32 +02:00
Greg Kroah-Hartman
d764c607e6 This is the 4.14.314 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmRI7IkACgkQONu9yGCS
 aT5W0RAAyh1rFPBBDZGQ+jlVeU5DrfZcMCl6NnGJuV5GNnY9eTqo7qIb06oDyjvx
 ykq0x7S0FsLRFuV4+MOmpC9gPATOo02yPxjVYr9iunDYY+MKlmJPhGfTQqLCZ9BQ
 h8ZZMoTkUW3h5lkh193Eel+tD+chBK3uBU//FGWbGtM3OLT62kJNWVwBwPOvIdP2
 e2470Yf/UdwC8kYVdvdXEiU8I8KZPlzS+jV0CRRrsunLGWVCp6BpKf28KKkGJLLw
 KJhwuJCOhOpG77Be0bYhJABCm8wzKHIsYJyk65MoOszL8zBBV8da0y0b4dk8mgSC
 pFrz/KNV3ut/8hUIgfYIKQGNXE7Rc3JOyOtekPF48WvxfBCkhYemVlupYaR4SMwQ
 uq7At7xEoM97Nxdc9w1RJ1bwwn4AdXyiKg7mmUozKXFlXqumiigJicomsFBlsb+X
 adesKcUOHcfSvnNIXmQAxZYreIM/aM60c38HKc4bb9uzYnm4CCvnLkh495Wx4pZn
 SVzdzDKlDf0b3gXDshj/0XPol1Kw+UPCQV7/W179oA00OJf6zwMfzOdvxb/R6OGs
 lwye1fwEqXg1fhrK19bSU61ebaRZCNXl72V6tw+lZkBYZbIKDCljUdyG+BLoH4dH
 AI9YGAH6ZC3Y7XlyGTRuNU6hm6ZMK02J0ci8vQWMMC14os+GkfI=
 =GlZE
 -----END PGP SIGNATURE-----

Merge 4.14.314 into android-4.14-stable

Changes in 4.14.314
	ARM: dts: rockchip: fix a typo error for rk3288 spdif node
	net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
	virtio_net: bugfix overflow inside xdp_linearize_page()
	i40e: fix accessing vsi->active_filters without holding lock
	i40e: fix i40e_setup_misc_vector() error handling
	mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()
	e1000e: Disable TSO on i219-LM card to increase speed
	f2fs: Fix f2fs_truncate_partial_nodes ftrace event
	selftests: sigaltstack: fix -Wuninitialized
	scsi: megaraid_sas: Fix fw_crash_buffer_show()
	scsi: core: Improve scsi_vpd_inquiry() checks
	net: dsa: b53: mmap: add phy ops
	s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling
	xen/netback: use same error messages for same errors
	nilfs2: initialize unused bytes in segment summary blocks
	memstick: fix memory leak if card device is never registered
	x86/purgatory: Don't generate debug info for purgatory.ro
	Revert "ext4: fix use-after-free in ext4_xattr_set_entry"
	ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()
	ext4: fix use-after-free in ext4_xattr_set_entry
	udp: Call inet6_destroy_sock() in setsockopt(IPV6_ADDRFORM).
	tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
	inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy().
	dccp: Call inet6_destroy_sock() via sk->sk_destruct().
	sctp: Call inet6_destroy_sock() via sk->sk_destruct().
	counter: 104-quad-8: Fix race condition between FLAG and CNTR reads
	iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger()
	ASN.1: Fix check for strdup() success
	Linux 4.14.314

Change-Id: I8793bc8329f8c8b927a91686eaa4fa6bb556c3f1
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-04-26 13:06:46 +00:00
Heiko Carstens
c3d455d396 s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling 
[ Upstream commit f9bbf25e7b2b74b52b2f269216a92657774f239c ]

Return -EFAULT if put_user() for the PTRACE_GET_LAST_BREAK
request fails, instead of silently ignoring it.

Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2023-04-26 11:18:56 +02:00
Greg Kroah-Hartman
3bfa20247d Merge 4.14.312 into android-4.14-stable 
Changes in 4.14.312
	power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
	iavf: fix inverted Rx hash condition leading to disabled hash
	intel/igbvf: free irq on the error path in igbvf_request_msix()
	igbvf: Regard vf reset nack as success
	i2c: imx-lpi2c: check only for enabled interrupt flags
	scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
	net: usb: smsc95xx: Limit packet length to skb->len
	qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info
	xirc2ps_cs: Fix use after free bug in xirc2ps_detach
	net: qcom/emac: Fix use after free bug in emac_remove due to race condition
	net/ps3_gelic_net: Fix RX sk_buff length
	net/ps3_gelic_net: Use dma_mapping_error
	bpf: Adjust insufficient default bpf_jit_limit
	net/mlx5: Read the TC mapping of all priorities on ETS query
	atm: idt77252: fix kmemleak when rmmod idt77252
	hvc/xen: prevent concurrent accesses to the shared ring
	net: mdio: thunder: Add missing fwnode_handle_put()
	Bluetooth: btqcomsmd: Fix command timeout after setting BD address
	Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
	hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs
	uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
	thunderbolt: Use const qualifier for `ring_interrupt_index`
	riscv: Bump COMMAND_LINE_SIZE value to 1024
	ca8210: fix mac_len negative array access
	m68k: Only force 030 bus error if PC not in exception table
	scsi: target: iscsi: Fix an error message in iscsi_check_key()
	scsi: ufs: core: Add soft dependency on governor_simpleondemand
	net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
	net: usb: qmi_wwan: add Telit 0x1080 composition
	sh: sanitize the flags on sigreturn
	scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
	usb: gadget: u_audio: don't let userspace block driver unbind
	igb: revert rtnl_lock() that causes deadlock
	usb: chipdea: core: fix return -EINVAL if request role is the same with current role
	usb: chipidea: core: fix possible concurrent when switch role
	nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
	i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
	dm stats: check for and propagate alloc_percpu failure
	dm crypt: add cond_resched() to dmcrypt_write()
	sched/fair: sanitize vruntime of entity being placed
	sched/fair: Sanitize vruntime of entity being migrated
	ocfs2: fix data corruption after failed write
	md: avoid signed overflow in slot_store()
	ALSA: asihpi: check pao in control_message()
	ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
	fbdev: tgafb: Fix potential divide by zero
	sched_getaffinity: don't assume 'cpumask_size()' is fully initialized
	fbdev: nvidia: Fix potential divide by zero
	fbdev: intelfb: Fix potential divide by zero
	fbdev: lxfb: Fix potential divide by zero
	fbdev: au1200fb: Fix potential divide by zero
	scsi: megaraid_sas: Fix crash after a double completion
	can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
	i40e: fix registers dump after run ethtool adapter self test
	Input: focaltech - use explicitly signed char type
	cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
	xen/netback: don't do grant copy across page boundary
	pinctrl: at91-pio4: fix domain name assignment
	ALSA: hda/conexant: Partial revert of a quirk for Lenovo
	ALSA: usb-audio: Fix regression on detection of Roland VS-100
	drm/etnaviv: fix reference leak when mmaping imported buffer
	s390/uaccess: add missing earlyclobber annotations to __clear_user()
	usb: host: ohci-pxa27x: Fix and & vs | typo
	ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
	net: sched: cbq: dont intepret cls results when asked to drop
	ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx()
	Linux 4.14.312

Change-Id: I8b50d063dbf890c3936986159d159710c2d6d6e0
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-04-18 14:21:28 +00:00
Heiko Carstens
0fcb038adc s390/uaccess: add missing earlyclobber annotations to __clear_user() 
commit 89aba4c26fae4e459f755a18912845c348ee48f3 upstream.

Add missing earlyclobber annotation to size, to, and tmp2 operands of the
__clear_user() inline assembly since they are modified or written to before
the last usage of all input operands. This can lead to incorrect register
allocation for the inline assembly.

Fixes: 6c2a9e6df604 ("[S390] Use alternative user-copy operations for new hardware.")
Reported-by: Mark Rutland <mark.rutland@arm.com>
Link: https://lore.kernel.org/all/20230321122514.1743889-3-mark.rutland@arm.com/
Cc: stable@vger.kernel.org
Reviewed-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-04-05 11:14:21 +02:00
Greg Kroah-Hartman
dcf8e96bea This is the 4.14.308 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmQMngEACgkQONu9yGCS
 aT5ifBAAlRcsirDWn3jLJYYFuBv02tDCwZWOlkNUhobBYP6V5Qiu0clDb8GOW7px
 VLSy6uxKS3FSVFxv7Jg0tM0Kb4id6u3hn1OpXDgKFDpofwH1mF/pHHm0TszlwBkK
 1d3X04HfowiGrmFEx0uz5RCJSFj/7xDcmq2AivRs2KmTvThHmOZBVSIiv5kr+t1z
 7TJ5JNE3OK9IaHK/Ic9p3/8r3Xx0pwpZnS9vBL2KbPOjDiYIAnwtfQ5efg++Dfw8
 rCeFpDFGVVW0Biau17Q+1NBN8GhVcn0A7C6oCZZhEgGhWdEPkTn3UVaYaYE8FPnV
 wM1zPhcYUus0QVUUE9wgsxmVFsiSc2KcSraii98PPgnNFdj2nYQzYNAfmiyByKnr
 U3wuQvF69L+Z9sRo4z3zjjVnO2gYNgdygdwekbXnVraTDv5NhbVwyJ7LngaseGXN
 QQZMD2AEJtAbng9zDi8kQbHM1MpdRWhtcUyhP2R9qZ2rcnXyk1cJz2Qw3oqJV6Av
 yLl8g74112CErNyVDJqMJV1TzQDtkN6A1xXzLwUtMLUJ8dYedlopduhhDRaM94Xx
 ZJjiduSsif1eeYMheNC82F3pR5As7FJFlnqTBcJIYSmfYQ3ooYUBGhyGhp3tFn1F
 HY7AXdIQRqtbRcJMx2Hs0ZA86FCWHYafQDr+4QO9WEU1d8y5vvg=
 =ch57
 -----END PGP SIGNATURE-----

Merge 4.14.308 into android-4.14-stable

Changes in 4.14.308
	ARM: dts: rockchip: add power-domains property to dp node on rk3288
	btrfs: send: limit number of clones and allocated memory size
	IB/hfi1: Assign npages earlier
	net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues().
	bpf: Do not use ax register in interpreter on div/mod
	bpf: fix subprog verifier bypass by div/mod by 0 exception
	bpf: Fix 32 bit src register truncation on div/mod
	bpf: Fix truncation handling for mod32 dst reg wrt zero
	dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size
	USB: serial: option: add support for VW/Skoda "Carstick LTE"
	USB: core: Don't hold device lock while reading the "descriptors" sysfs file
	HID: asus: Remove check for same LED brightness on set
	HID: asus: use spinlock to protect concurrent accesses
	HID: asus: use spinlock to safely schedule workers
	ARM: OMAP2+: Fix memory leak in realtime_counter_init()
	ARM: zynq: Fix refcount leak in zynq_early_slcr_init
	arm64: dts: meson-gx: Fix Ethernet MAC address unit name
	arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address
	ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init()
	ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato
	arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
	arm64: dts: amlogic: meson-gx: add missing unit address to rng node name
	arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name
	block: bio-integrity: Copy flags when bio_integrity_payload is cloned
	wifi: libertas: fix memory leak in lbs_init_adapter()
	wifi: rtl8xxxu: don't call dev_kfree_skb() under spin_lock_irqsave()
	wifi: ipw2200: fix memory leak in ipw_wdev_init()
	wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit()
	wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
	wifi: libertas: main: don't call kfree_skb() under spin_lock_irqsave()
	wifi: libertas: cmdresp: don't call kfree_skb() under spin_lock_irqsave()
	wifi: wl3501_cs: don't call kfree_skb() under spin_lock_irqsave()
	genirq: Fix the return type of kstat_cpu_irqs_sum()
	lib/mpi: Fix buffer overrun when SG is too long
	ACPICA: nsrepair: handle cases without a return value correctly
	wifi: orinoco: check return value of hermes_write_wordrec()
	wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function
	wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback()
	ACPI: battery: Fix missing NUL-termination with large strings
	crypto: seqiv - Handle EBUSY correctly
	net/mlx5: Enhance debug print in page allocation failure
	irqchip/alpine-msi: Fix refcount leak in alpine_msix_init_domains
	irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
	cpufreq: davinci: Fix clk use after free
	Bluetooth: L2CAP: Fix potential user-after-free
	crypto: rsa-pkcs1pad - Use akcipher_request_complete
	m68k: /proc/hardware should depend on PROC_FS
	wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize()
	can: esd_usb: Move mislocated storage of SJA1000_ECC_SEG bits in case of a bus error
	irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts
	drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
	drm/bridge: megachips: Fix error handling in i2c_register_driver()
	gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id()
	drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
	pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups
	ALSA: hda/ca0132: minor fix for allocation size
	drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
	drm/mediatek: Drop unbalanced obj unref
	ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress()
	gpio: vf610: connect GPIO label to dev name
	hwmon: (ltc2945) Handle error case in ltc2945_value_store
	scsi: aic94xx: Add missing check for dma_map_single()
	dm: remove flush_scheduled_work() during local_exit()
	mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()
	mtd: rawnand: sunxi: Fix the size of the last OOB region
	Input: ads7846 - don't report pressure for ads7845
	Input: ads7846 - don't check penirq immediately for 7845
	powerpc/powernv/ioda: Skip unallocated resources when mapping to PE
	powerpc/pseries/lparcfg: add missing RTAS retry status handling
	MIPS: vpe-mt: drop physical_memsize
	media: platform: ti: Add missing check for devm_regulator_get
	media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
	media: usb: siano: Fix use after free bugs caused by do_submit_urb
	rpmsg: glink: Avoid infinite loop on intent for missing channel
	udf: Define EFSCORRUPTED error code
	ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy
	wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds()
	rcu: Suppress smp_processor_id() complaint in synchronize_rcu_expedited_wait()
	thermal: intel: Fix unsigned comparison with less than zero
	timers: Prevent union confusion from unexpected restart_syscall()
	x86/bugs: Reset speculation control settings on init
	inet: fix fast path in __inet_hash_connect()
	ACPI: Don't build ACPICA with '-Os'
	net: bcmgenet: Add a check for oversized packets
	m68k: Check syscall_trace_enter() return code
	ACPI: video: Fix Lenovo Ideapad Z570 DMI match
	drm/radeon: free iio for atombios when driver shutdown
	drm/msm/dsi: Add missing check for alloc_ordered_workqueue
	docs/scripts/gdb: add necessary make scripts_gdb step
	ASoC: kirkwood: Iterate over array indexes instead of using pointer math
	regulator: max77802: Bounds check regulator id against opmode
	regulator: s5m8767: Bounds check id indexing into arrays
	pinctrl: at91: use devm_kasprintf() to avoid potential leaks
	dm thin: add cond_resched() to various workqueue loops
	dm cache: add cond_resched() to various workqueue loops
	spi: bcm63xx-hsspi: Fix multi-bit mode setting
	wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
	rtc: pm8xxx: fix set-alarm race
	s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler
	s390/kprobes: fix current_kprobe never cleared after kprobes reenter
	hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
	fs: hfsplus: fix UAF issue in hfsplus_put_super
	f2fs: fix information leak in f2fs_move_inline_dirents()
	ocfs2: fix defrag path triggering jbd2 ASSERT
	ocfs2: fix non-auto defrag path not working issue
	udf: Truncate added extents on failed expansion
	udf: Do not bother merging very long extents
	udf: Do not update file length for failed writes to inline files
	udf: Fix file corruption when appending just after end of preallocated extent
	x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows)
	x86/crash: Disable virt in core NMI crash handler to avoid double shootdown
	x86/reboot: Disable virtualization in an emergency if SVM is supported
	x86/reboot: Disable SVM, not just VMX, when stopping CPUs
	x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
	x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range
	x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
	x86/microcode/AMD: Add a @cpu parameter to the reloading functions
	x86/microcode/AMD: Fix mixed steppings support
	x86/speculation: Allow enabling STIBP with legacy IBRS
	Documentation/hw-vuln: Document the interaction between IBRS and STIBP
	ima: Align ima_file_mmap() parameters with mmap_file LSM hook
	irqdomain: Fix association race
	irqdomain: Fix disassociation race
	irqdomain: Drop bogus fwspec-mapping error handling
	ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls()
	ext4: optimize ea_inode block expansion
	ext4: refuse to create ea block when umounted
	wifi: rtl8xxxu: Use a longer retry limit of 48
	wifi: cfg80211: Fix use after free for wext
	dm flakey: fix logic when corrupting a bio
	dm flakey: don't corrupt the zero page
	ARM: dts: exynos: correct TMU phandle in Exynos4
	ARM: dts: exynos: correct TMU phandle in Odroid XU
	rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails
	alpha: fix FEN fault handling
	mips: fix syscall_get_nr
	ktest.pl: Fix missing "end_monitor" when machine check fails
	scsi: qla2xxx: Fix link failure in NPIV environment
	scsi: qla2xxx: Fix erroneous link down
	scsi: ses: Don't attach if enclosure has no components
	scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process()
	scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
	scsi: ses: Fix possible desc_ptr out-of-bounds accesses
	scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
	PCI: Avoid FLR for AMD FCH AHCI adapters
	drm/radeon: Fix eDP for single-display iMac11,2
	kbuild: Port silent mode detection to future gnu make.
	net/sched: Retire tcindex classifier
	fs/jfs: fix shift exponent db_agl2size negative
	pwm: stm32-lp: fix the check on arr and cmp registers update
	ubi: ensure that VID header offset + VID header size <= alloc, size
	ubifs: Rectify space budget for ubifs_xrename()
	ubifs: Fix wrong dirty space budget for dirty inode
	ubifs: Reserve one leb for each journal head while doing budget
	ubi: Fix use-after-free when volume resizing failed
	ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume()
	ubi: Fix possible null-ptr-deref in ubi_free_volume()
	ubifs: Re-statistic cleaned znode count if commit failed
	ubifs: dirty_cow_znode: Fix memleak in error handling path
	ubifs: ubifs_writepage: Mark page dirty after writing inode failed
	ubi: Fix UAF wear-leveling entry in eraseblk_count_seq_show()
	ubi: ubi_wl_put_peb: Fix infinite loop when wear-leveling work failed
	x86: um: vdso: Add '%rcx' and '%r11' to the syscall clobber list
	watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path
	watchdog: Fix kmemleak in watchdog_cdev_register
	watchdog: pcwd_usb: Fix attempting to access uninitialized memory
	netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
	net: fix __dev_kfree_skb_any() vs drop monitor
	9p/xen: fix version parsing
	9p/xen: fix connection sequence
	nfc: fix memory leak of se_io context in nfc_genl_se_io
	ARM: dts: spear320-hmi: correct STMPE GPIO compatible
	tcp: tcp_check_req() can be called from process context
	scsi: ipr: Work around fortify-string warning
	thermal: intel: quark_dts: fix error pointer dereference
	tracing: Add NULL checks for buffer in ring_buffer_free_read_page()
	firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
	media: uvcvideo: Handle cameras with invalid descriptors
	tty: fix out-of-bounds access in tty_driver_lookup_tty()
	tty: serial: fsl_lpuart: disable the CTS when send break signal
	tools/iio/iio_utils:fix memory leak
	iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word()
	iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word()
	usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math
	USB: ene_usb6250: Allocate enough memory for full object
	usb: uvc: Enumerate valid values for color matching
	phy: rockchip-typec: Fix unsigned comparison with less than zero
	Bluetooth: hci_sock: purge socket queues in the destruct() callback
	s390/maccess: add no DAT mode to kernel_write
	s390/setup: init jump labels before command line parsing
	tcp: Fix listen() regression in 4.14.303.
	thermal: intel: powerclamp: Fix cur_state for multi package system
	Linux 4.14.308

Change-Id: Iad2a41de33ff004df8050f949aa00955604b4cf6
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-03-12 15:40:21 +00:00
Vasily Gorbik
02266aeda1 s390/setup: init jump labels before command line parsing 
commit 95e61b1b5d6394b53d147c0fcbe2ae70fbe09446 upstream.

Command line parameters might set static keys. This is true for s390 at
least since commit 6471384af2a6 ("mm: security: introduce init_on_alloc=1
and init_on_free=1 boot options"). To avoid the following WARN:

static_key_enable_cpuslocked(): static key 'init_on_alloc+0x0/0x40' used
before call to jump_label_init()

call jump_label_init() just before parse_early_param().
jump_label_init() is safe to call multiple times (x86 does that), doesn't
do any memory allocations and hence should be safe to call that early.

Fixes: 6471384af2a6 ("mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options")
Cc: <stable@vger.kernel.org> # 5.3: d6df52e9996d: s390/maccess: add no DAT mode to kernel_write
Cc: <stable@vger.kernel.org> # 5.3
Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-03-11 16:26:55 +01:00
Vasily Gorbik
daa3b3a991 s390/maccess: add no DAT mode to kernel_write 
commit d6df52e9996dcc2062c3d9c9123288468bb95b52 upstream.

To be able to patch kernel code before paging is initialized do plain
memcpy if DAT is off. This is required to enable early jump label
initialization.

Reviewed-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-03-11 16:26:55 +01:00
Vasily Gorbik
5c4862ea44 s390/kprobes: fix current_kprobe never cleared after kprobes reenter 
commit cd57953936f2213dfaccce10d20f396956222c7d upstream.

Recent test_kprobe_missed kprobes kunit test uncovers the following
problem. Once kprobe is triggered from another kprobe (kprobe reenter),
all future kprobes on this cpu are considered as kprobe reenter, thus
pre_handler and post_handler are not being called and kprobes are counted
as "missed".

Commit b9599798f953 ("[S390] kprobes: activation and deactivation")
introduced a simpler scheme for kprobes (de)activation and status
tracking by using push_kprobe/pop_kprobe, which supposed to work for
both initial kprobe entry as well as kprobe reentry and helps to avoid
handling those two cases differently. The problem is that a sequence of
calls in case of kprobes reenter:
push_kprobe() <- NULL (current_kprobe)
push_kprobe() <- kprobe1 (current_kprobe)
pop_kprobe() -> kprobe1 (current_kprobe)
pop_kprobe() -> kprobe1 (current_kprobe)
leaves "kprobe1" as "current_kprobe" on this cpu, instead of setting it
to NULL. In fact push_kprobe/pop_kprobe can only store a single state
(there is just one prev_kprobe in kprobe_ctlblk). Which is a hack but
sufficient, there is no need to have another prev_kprobe just to store
NULL. To make a simple and backportable fix simply reset "prev_kprobe"
when kprobe is poped from this "stack". No need to worry about
"kprobe_status" in this case, because its value is only checked when
current_kprobe != NULL.

Cc: stable@vger.kernel.org
Fixes: b9599798f953 ("[S390] kprobes: activation and deactivation")
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-03-11 16:26:44 +01:00
Vasily Gorbik
be6c6b3773 s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler 
commit 42e19e6f04984088b6f9f0507c4c89a8152d9730 upstream.

Recent test_kprobe_missed kprobes kunit test uncovers the following error
(reported when CONFIG_DEBUG_ATOMIC_SLEEP is enabled):

BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 662, name: kunit_try_catch
preempt_count: 0, expected: 0
RCU nest depth: 0, expected: 0
no locks held by kunit_try_catch/662.
irq event stamp: 280
hardirqs last  enabled at (279): [<00000003e60a3d42>] __do_pgm_check+0x17a/0x1c0
hardirqs last disabled at (280): [<00000003e3bd774a>] kprobe_exceptions_notify+0x27a/0x318
softirqs last  enabled at (0): [<00000003e3c5c890>] copy_process+0x14a8/0x4c80
softirqs last disabled at (0): [<0000000000000000>] 0x0
CPU: 46 PID: 662 Comm: kunit_try_catch Tainted: G                 N 6.2.0-173644-g44c18d77f0c0 #2
Hardware name: IBM 3931 A01 704 (LPAR)
Call Trace:
 [<00000003e60a3a00>] dump_stack_lvl+0x120/0x198
 [<00000003e3d02e82>] __might_resched+0x60a/0x668
 [<00000003e60b9908>] __mutex_lock+0xc0/0x14e0
 [<00000003e60bad5a>] mutex_lock_nested+0x32/0x40
 [<00000003e3f7b460>] unregister_kprobe+0x30/0xd8
 [<00000003e51b2602>] test_kprobe_missed+0xf2/0x268
 [<00000003e51b5406>] kunit_try_run_case+0x10e/0x290
 [<00000003e51b7dfa>] kunit_generic_run_threadfn_adapter+0x62/0xb8
 [<00000003e3ce30f8>] kthread+0x2d0/0x398
 [<00000003e3b96afa>] __ret_from_fork+0x8a/0xe8
 [<00000003e60ccada>] ret_from_fork+0xa/0x40

The reason for this error report is that kprobes handling code failed
to restore irqs.

The problem is that when kprobe is triggered from another kprobe
post_handler current sequence of enable_singlestep / disable_singlestep
is the following:
enable_singlestep  <- original kprobe (saves kprobe_saved_imask)
enable_singlestep  <- kprobe triggered from post_handler (clobbers kprobe_saved_imask)
disable_singlestep <- kprobe triggered from post_handler (restores kprobe_saved_imask)
disable_singlestep <- original kprobe (restores wrong clobbered kprobe_saved_imask)

There is just one kprobe_ctlblk per cpu and both calls saves and
loads irq mask to kprobe_saved_imask. To fix the problem simply move
resume_execution (which calls disable_singlestep) before calling
post_handler. This also fixes the problem that post_handler is called
with pt_regs which were not yet adjusted after single-stepping.

Cc: stable@vger.kernel.org
Fixes: 4ba069b802c2 ("[S390] add kprobes support.")
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-03-11 16:26:44 +01:00
Greg Kroah-Hartman
4415bf5e08 This is the 4.14.305 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmPgol4ACgkQONu9yGCS
 aT4TVBAA0hReFdGDL6oRRy4HWh1EEJNpDpFE92pxpObOZdM4mZD5TebHvFpBMyK8
 pET5upYQ6icDKWpVusNhYzZJpLdYYCZmwCXZnPAtsUTw2msFDRyrQlN/jv+AQYV3
 Zdbjy/uF+W1T6HbNAS3fWP9StW3Y1jItm8bGmB53uyKb/Zwz3hgfq4G/LsuRu11g
 wUh/odsuQX4dM6G+kZAdsPgxasUf8tOpZpxqfT84nqWftJgH2Ro6pJMPUQGGKZTP
 Dmw2zhQtSi/zMYZxCaaB5JFx4aO2vePFMJJNW06OOtvKhFZIOJStmuGNyozYRtp5
 IQfDkqtwNQFOl4KojZj/ETtfDnzxG978XHhl3VykMdtInoBJ9vER3GeV0Sx1JBJk
 O3phudZ97ePX9JZq3gCuYCI7YlBDF3/hwhNBmv0mHeyd0EJF06r/7M+egdp9GnP3
 nbSZo+IrfsnurwRyIu+1o4648vJbYT66CclD4K1sDqbHJ8P3J1bf/Eiz5J33Na05
 nGyGY70jJNfmJbnU+MEmbSndjulio46FqieQNhEn5BWiW05IkDQ2ZZpsWz/b8NfR
 6Zt6Gp6YGQzpSecpyQ/TRrEIZ/sbDuYgRUUtNYdlxNHJIloXzecw8fN4/ACRfmHo
 IsXxq6V1sZu7CClHv7tfLvxIBFMCgJmE00WbM+Fk/jJEthhI/As=
 =8UAu
 -----END PGP SIGNATURE-----

Merge 4.14.305 into android-4.14

Changes in 4.14.305
	ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
	HID: intel_ish-hid: Add check for ishtp_dma_tx_map
	EDAC/highbank: Fix memory leak in highbank_mc_probe()
	tomoyo: fix broken dependency on *.conf.default
	IB/hfi1: Reject a zero-length user expected buffer
	IB/hfi1: Reserve user expected TIDs
	affs: initialize fsdata in affs_truncate()
	amd-xgbe: TX Flow Ctrl Registers are h/w ver dependent
	phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on()
	net: nfc: Fix use-after-free in local_cleanup()
	wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
	net: usb: sr9700: Handle negative len
	net: mdio: validate parameter addr in mdiobus_get_phy()
	HID: check empty report_list in hid_validate_values()
	usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
	usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
	net: mlx5: eliminate anonymous module_init & module_exit
	dmaengine: Fix double increment of client_count in dma_chan_get()
	HID: betop: check shape of output reports
	w1: fix deadloop in __w1_remove_master_device()
	w1: fix WARNING after calling w1_process()
	comedi: adv_pci1760: Fix PWM instruction handling
	fs: reiserfs: remove useless new_opts in reiserfs_remount
	Bluetooth: hci_sync: cancel cmd_timer if hci_open failed
	scsi: hpsa: Fix allocation size for scsi_host_alloc()
	module: Don't wait for GOING modules
	tracing: Make sure trace_printk() can output as soon as it can be used
	ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer assignment
	EDAC/device: Respect any driver-supplied workqueue polling value
	netlink: annotate data races around dst_portid and dst_group
	netlink: annotate data races around sk_state
	netfilter: conntrack: fix vtag checks for ABORT/SHUTDOWN_COMPLETE
	netrom: Fix use-after-free of a listening socket.
	sctp: fail if no bound addresses can be used for a given scope
	net: ravb: Fix possible hang if RIS2_QFF1 happen
	net/tg3: resolve deadlock in tg3_reset_task() during EEH
	Revert "Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode"
	x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL
	wifi: brcmfmac: fix up incorrect 4.14.y backport for brcmf_fw_map_chip_to_name()
	xen: Fix up build warning with xen_init_time_ops() reference
	drm/radeon/dp: make radeon_dp_get_dp_link_config static
	scsi: qla2xxx: don't break the bsg-lib abstractions
	x86/asm: Fix an assembler warning with current binutils
	x86/entry/64: Add instruction suffix to SYSRET
	sysctl: add a new register_sysctl_init() interface
	panic: unset panic_on_warn inside panic()
	exit: Add and use make_task_dead.
	objtool: Add a missing comma to avoid string concatenation
	hexagon: Fix function name in die()
	h8300: Fix build errors from do_exit() to make_task_dead() transition
	ia64: make IA64_MCA_RECOVERY bool instead of tristate
	exit: Put an upper limit on how often we can oops
	exit: Expose "oops_count" to sysfs
	exit: Allow oops_limit to be disabled
	panic: Consolidate open-coded panic_on_warn checks
	panic: Introduce warn_limit
	panic: Expose "warn_count" to sysfs
	docs: Fix path paste-o for /sys/kernel/warn_count
	exit: Use READ_ONCE() for all oops/warn limit reads
	mm: kvmalloc does not fallback to vmalloc for incompatible gfp flags
	ipv6: ensure sane device mtu in tunnels
	usb: host: xhci-plat: add wakeup entry at sysfs
	Linux 4.14.305

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I63d98b772289d5417008eec559caf16812d343a1
 2023-02-06 08:05:40 +01:00
Eric W. Biederman
5eded74b49 exit: Add and use make_task_dead. 
commit 0e25498f8cd43c1b5aa327f373dd094e9a006da7 upstream.

There are two big uses of do_exit.  The first is it's design use to be
the guts of the exit(2) system call.  The second use is to terminate
a task after something catastrophic has happened like a NULL pointer
in kernel code.

Add a function make_task_dead that is initialy exactly the same as
do_exit to cover the cases where do_exit is called to handle
catastrophic failure.  In time this can probably be reduced to just a
light wrapper around do_task_dead. For now keep it exactly the same so
that there will be no behavioral differences introducing this new
concept.

Replace all of the uses of do_exit that use it for catastraphic
task cleanup with make_task_dead to make it clear what the code
is doing.

As part of this rename rewind_stack_do_exit
rewind_stack_and_make_dead.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-02-06 07:46:33 +01:00
Greg Kroah-Hartman
524b0e422c This is the 4.14.303 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmPHrWcACgkQONu9yGCS
 aT5CpQ//ZY5pRk/M5QREXNbAhBY8NPBVAsBEXooK+nBIfD8Qi4KFGyxUG8nns8/G
 6YiNVt0xjEkIre1U9u0+WmXMpWEwSZIWuAdrO+R1B9SjzaT5NIypm9lIjXjTungm
 S4Z4X85BfLL46z3CnKfuuiX5Y08qDON8NKmvjBWKHhNMOaehYDnCk/CC1COlW7iJ
 r59VhsmHrvVQuYVZIOLKrERfIyIj2xzgobaKmb/El0UVzylEyIXsyGC4pe+PV8uD
 8/xTqiC+rAJGeS7ZzrObPvEjJrnwt5AqI/bHMnWTMgsXtgx+X7Q6ppdU1795ZnU4
 Db56rIWNzkZ5YGI1sadNA8DTeVWKh1UkElz81ABj+eCyfCTSb8GH86zPflDb3oQT
 0fFGtpKjSXPDSEJ5qKU+4xGO7VAkW6GLl2W6bwkOUp29+iifbGt2TbzNB/DObuVK
 /eH4GdNC4CXy/+bHzwv2uahNUQDQpnhwHey83rjvpP6uG4K9sZnn/ufrV3O/b8xQ
 jg+iiuicz1GWAdkiNZtwRj52VrLVRuP6VnoUVvD3k7i5insdXsptzqz+UNZh6bei
 UmxWkHz1RRaH6tGwsNFQaMkTbodzMFWOzw8zoeUwNQxfid1bhdigJAHotpIJmkkJ
 c21fW/HJDO8Z9KEd3HPOfz8q/pPkiCGOg4CURn2Vqr1DofmjXLo=
 =HUNl
 -----END PGP SIGNATURE-----

Merge 4.14.303 into android-4.14-stable

Changes in 4.14.303
	libtraceevent: Fix build with binutils 2.35
	once: add DO_ONCE_SLOW() for sleepable contexts
	mm/khugepaged: fix GUP-fast interaction by sending IPI
	mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
	block: unhash blkdev part inode when the part is deleted
	nfp: fix use-after-free in area_cache_get()
	ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx()
	can: sja1000: fix size of OCR_MODE_MASK define
	can: mcba_usb: Fix termination command argument
	ASoC: ops: Correct bounds check for second channel on SX controls
	perf script python: Remove explicit shebang from tests/attr.c
	udf: Discard preallocation before extending file with a hole
	udf: Drop unused arguments of udf_delete_aext()
	udf: Fix preallocation discarding at indirect extent boundary
	udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size
	udf: Fix extending file within last block
	usb: gadget: uvc: Prevent buffer overflow in setup handler
	USB: serial: option: add Quectel EM05-G modem
	USB: serial: cp210x: add Kamstrup RF sniffer PIDs
	igb: Initialize mailbox message for VF reset
	Bluetooth: L2CAP: Fix u8 overflow
	net: loopback: use NET_NAME_PREDICTABLE for name_assign_type
	usb: musb: remove extra check in musb_gadget_vbus_draw
	ARM: dts: qcom: apq8064: fix coresight compatible
	drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static
	arm: dts: spear600: Fix clcd interrupt
	soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe
	arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
	ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
	ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port
	ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port
	ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port
	ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port
	ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port
	ARM: dts: turris-omnia: Add ethernet aliases
	ARM: dts: turris-omnia: Add switch port 6 node
	pstore/ram: Fix error return code in ramoops_probe()
	ARM: mmp: fix timer_read delay
	pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
	tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
	cpuidle: dt: Return the correct numbers of parsed idle states
	alpha: fix syscall entry in !AUDUT_SYSCALL case
	PM: hibernate: Fix mistake in kerneldoc comment
	fs: don't audit the capability check in simple_xattr_list()
	perf: Fix possible memleak in pmu_dev_alloc()
	timerqueue: Use rb_entry_safe() in timerqueue_getnext()
	ocfs2: fix memory leak in ocfs2_stack_glue_init()
	MIPS: vpe-mt: fix possible memory leak while module exiting
	MIPS: vpe-cmp: fix possible memory leak while module exiting
	PNP: fix name memory leak in pnp_alloc_dev()
	irqchip: gic-pm: Use pm_runtime_resume_and_get() in gic_probe()
	libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
	lib/notifier-error-inject: fix error when writing -errno to debugfs file
	rapidio: fix possible name leaks when rio_add_device() fails
	rapidio: rio: fix possible name leak in rio_register_mport()
	ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage()
	uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix
	x86/xen: Fix memory leak in xen_init_lock_cpu()
	platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
	MIPS: BCM63xx: Add check for NULL for clk in clk_enable
	fs: sysv: Fix sysv_nblocks() returns wrong value
	rapidio: fix possible UAF when kfifo_alloc() fails
	eventfd: change int to __u64 in eventfd_signal() ifndef CONFIG_EVENTFD
	hfs: Fix OOB Write in hfs_asc2mac
	rapidio: devices: fix missing put_device in mport_cdev_open
	wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs()
	wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb()
	media: i2c: ad5820: Fix error path
	spi: Update reference to struct spi_controller
	media: vivid: fix compose size exceed boundary
	mtd: Fix device name leak when register device failed in add_mtd_device()
	media: camss: Clean up received buffers on failed start of streaming
	drm/radeon: Add the missed acpi_put_table() to fix memory leak
	ASoC: pxa: fix null-pointer dereference in filter()
	regulator: core: fix unbalanced of node refcount in regulator_dev_lookup()
	ima: Fix misuse of dereference of pointer in template_desc_init_fields()
	wifi: ath10k: Fix return value in ath10k_pci_init()
	mtd: lpddr2_nvm: Fix possible null-ptr-deref
	Input: elants_i2c - properly handle the reset GPIO when power is off
	media: solo6x10: fix possible memory leak in solo_sysfs_init()
	media: platform: exynos4-is: Fix error handling in fimc_md_init()
	HID: hid-sensor-custom: set fixed size for custom attributes
	ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT
	clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
	mtd: maps: pxa2xx-flash: fix memory leak in probe
	media: imon: fix a race condition in send_packet()
	pinctrl: pinconf-generic: add missing of_node_put()
	media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
	media: s5p-mfc: Add variant data for MFC v7 hardware for Exynos 3250 SoC
	NFSv4.2: Fix a memory stomp in decode_attr_security_label
	NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn
	ALSA: asihpi: fix missing pci_disable_device()
	drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios()
	drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios()
	ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
	bonding: uninitialized variable in bond_miimon_inspect()
	regulator: core: fix module refcount leak in set_supply()
	media: saa7164: fix missing pci_disable_device()
	ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
	SUNRPC: Fix missing release socket in rpc_sockname()
	NFSv4.x: Fail client initialisation if state manager thread can't run
	mmc: moxart: fix return value check of mmc_add_host()
	mmc: mxcmmc: fix return value check of mmc_add_host()
	mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
	mmc: toshsd: fix return value check of mmc_add_host()
	mmc: vub300: fix return value check of mmc_add_host()
	mmc: wmt-sdmmc: fix return value check of mmc_add_host()
	mmc: via-sdmmc: fix return value check of mmc_add_host()
	mmc: wbsd: fix return value check of mmc_add_host()
	mmc: mmci: fix return value check of mmc_add_host()
	media: c8sectpfe: Add of_node_put() when breaking out of loop
	media: coda: Add check for dcoda_iram_alloc
	media: coda: Add check for kmalloc
	clk: samsung: Fix memory leak in _samsung_clk_register_pll()
	wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
	wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware()
	blktrace: Fix output non-blktrace event when blk_classic option enabled
	net: vmw_vsock: vmci: Check memcpy_from_msg()
	net: defxx: Fix missing err handling in dfx_init()
	drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init()
	ethernet: s2io: don't call dev_kfree_skb() under spin_lock_irqsave()
	net: farsync: Fix kmemleak when rmmods farsync
	net/tunnel: wait until all sk_user_data reader finish before releasing the sock
	net: apple: mace: don't call dev_kfree_skb() under spin_lock_irqsave()
	net: apple: bmac: don't call dev_kfree_skb() under spin_lock_irqsave()
	net: emaclite: don't call dev_kfree_skb() under spin_lock_irqsave()
	net: ethernet: dnet: don't call dev_kfree_skb() under spin_lock_irqsave()
	hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
	net: amd: lance: don't call dev_kfree_skb() under spin_lock_irqsave()
	net: amd-xgbe: Check only the minimum speed for active/passive cables
	net: lan9303: Fix read error execution path
	ntb_netdev: Use dev_kfree_skb_any() in interrupt context
	Bluetooth: btusb: don't call kfree_skb() under spin_lock_irqsave()
	Bluetooth: hci_qca: don't call kfree_skb() under spin_lock_irqsave()
	Bluetooth: hci_h5: don't call kfree_skb() under spin_lock_irqsave()
	Bluetooth: hci_bcsp: don't call kfree_skb() under spin_lock_irqsave()
	Bluetooth: hci_core: don't call kfree_skb() under spin_lock_irqsave()
	Bluetooth: RFCOMM: don't call kfree_skb() under spin_lock_irqsave()
	stmmac: fix potential division by 0
	apparmor: fix a memleak in multi_transaction_new()
	PCI: Check for alloc failure in pci_request_irq()
	RDMA/hfi: Decrease PCI device reference count in error path
	RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed
	scsi: hpsa: Fix error handling in hpsa_add_sas_host()
	scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
	scsi: fcoe: Fix possible name leak when device_register() fails
	scsi: ipr: Fix WARNING in ipr_init()
	scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails
	scsi: snic: Fix possible UAF in snic_tgt_create()
	RDMA/hfi1: Fix error return code in parse_platform_config()
	orangefs: Fix sysfs not cleanup when dev init failed
	crypto: img-hash - Fix variable dereferenced before check 'hdev->req'
	hwrng: amd - Fix PCI device refcount leak
	hwrng: geode - Fix PCI device refcount leak
	IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces
	drivers: dio: fix possible memory leak in dio_init()
	class: fix possible memory leak in __class_register()
	vfio: platform: Do not pass return buffer to ACPI _RST method
	uio: uio_dmem_genirq: Fix missing unlock in irq configuration
	uio: uio_dmem_genirq: Fix deadlock between irq config and handling
	usb: fotg210-udc: Fix ages old endianness issues
	staging: vme_user: Fix possible UAF in tsi148_dma_list_add
	serial: amba-pl011: avoid SBSA UART accessing DMACR register
	serial: pch: Fix PCI device refcount leak in pch_request_dma()
	serial: sunsab: Fix error handling in sunsab_init()
	test_firmware: fix memory leak in test_firmware_init()
	misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
	misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
	cxl: fix possible null-ptr-deref in cxl_guest_init_afu|adapter()
	cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter()
	drivers: mcb: fix resource leak in mcb_probe()
	mcb: mcb-parse: fix error handing in chameleon_parse_gdd()
	chardev: fix error handling in cdev_device_add()
	i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe
	staging: rtl8192u: Fix use after free in ieee80211_rx()
	staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor()
	vme: Fix error not catched in fake_init()
	i2c: ismt: Fix an out-of-bounds bug in ismt_access()
	usb: storage: Add check for kcalloc
	fbdev: ssd1307fb: Drop optional dependency
	fbdev: pm2fb: fix missing pci_disable_device()
	fbdev: via: Fix error in via_core_init()
	fbdev: vermilion: decrease reference count in error path
	fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
	HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
	HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
	power: supply: fix residue sysfs file in error handle route of __power_supply_register()
	HSI: omap_ssi_core: Fix error handling in ssi_init()
	include/uapi/linux/swab: Fix potentially missing __always_inline
	rtc: snvs: Allow a time difference on clock register read
	iommu/amd: Fix pci device refcount leak in ppr_notifier()
	iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
	macintosh: fix possible memory leak in macio_add_one_device()
	macintosh/macio-adb: check the return value of ioremap()
	powerpc/52xx: Fix a resource leak in an error handling path
	cxl: Fix refcount leak in cxl_calc_capp_routing
	powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data()
	powerpc/perf: callchain validate kernel stack pointer bounds
	powerpc/83xx/mpc832x_rdb: call platform_device_put() in error case in of_fsl_spi_probe()
	powerpc/hv-gpci: Fix hv_gpci event list
	selftests/powerpc: Fix resource leaks
	rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
	nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure
	mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
	mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
	mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under spin_lock_irqsave()
	nfc: pn533: Clear nfc_target before being used
	r6040: Fix kmemleak in probe and remove
	openvswitch: Fix flow lookup to use unmasked key
	skbuff: Account for tail adjustment during pull operations
	net_sched: reject TCF_EM_SIMPLE case for complex ematch module
	myri10ge: Fix an error handling path in myri10ge_probe()
	net: stream: purge sk_error_queue in sk_stream_kill_queues()
	binfmt_misc: fix shift-out-of-bounds in check_special_flags
	fs: jfs: fix shift-out-of-bounds in dbAllocAG
	udf: Avoid double brelse() in udf_rename()
	fs: jfs: fix shift-out-of-bounds in dbDiscardAG
	ACPICA: Fix error code path in acpi_ds_call_control_method()
	nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset()
	acct: fix potential integer overflow in encode_comp_t()
	hfs: fix OOB Read in __hfs_brec_find
	wifi: ath9k: verify the expected usb_endpoints are present
	wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
	ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
	ipmi: fix memleak when unload ipmi driver
	bpf: make sure skb->len != 0 when redirecting to a tunneling device
	net: ethernet: ti: Fix return type of netcp_ndo_start_xmit()
	hamradio: baycom_epp: Fix return type of baycom_send_packet()
	wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request()
	igb: Do not free q_vector unless new one was allocated
	s390/ctcm: Fix return type of ctc{mp,}m_tx()
	s390/netiucv: Fix return type of netiucv_tx()
	s390/lcs: Fix return type of lcs_start_xmit()
	drm/sti: Use drm_mode_copy()
	md/raid1: stop mdx_raid1 thread when raid1 array run failed
	mrp: introduce active flags to prevent UAF when applicant uninit
	ppp: associate skb with a device at tx
	media: dvb-frontends: fix leak of memory fw
	media: dvbdev: adopts refcnt to avoid UAF
	media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
	blk-mq: fix possible memleak when register 'hctx' failed
	mmc: f-sdh30: Add quirks for broken timeout clock capability
	media: si470x: Fix use-after-free in si470x_int_in_callback()
	clk: st: Fix memory leak in st_of_quadfs_setup()
	drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid()
	drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid()
	orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
	ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe()
	ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume()
	ASoC: wm8994: Fix potential deadlock
	ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume()
	ASoC: rt5670: Remove unbalanced pm_runtime_put()
	pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion
	pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
	usb: dwc3: core: defer probe on ulpi_read_id timeout
	HID: wacom: Ensure bootloader PID is usable in hidraw mode
	reiserfs: Add missing calls to reiserfs_security_free()
	iio: adc: ad_sigma_delta: do not use internal iio_dev lock
	gcov: add support for checksum field
	media: dvbdev: fix refcnt bug
	powerpc/rtas: avoid device tree lookups in rtas_os_term()
	powerpc/rtas: avoid scheduling in rtas_os_term()
	HID: plantronics: Additional PIDs for double volume key presses quirk
	hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount
	ALSA: line6: correct midi status byte when receiving data from podxt
	ALSA: line6: fix stack overflow in line6_midi_transmit
	pnode: terminate at peers of source
	md: fix a crash in mempool_free
	mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING
	tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
	tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
	media: stv0288: use explicitly signed char
	ktest.pl minconfig: Unset configs instead of just removing them
	ARM: ux500: do not directly dereference __iomem
	selftests: Use optional USERCFLAGS and USERLDFLAGS
	dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort
	dm thin: Use last transaction's pmd->root when commit failed
	dm thin: Fix UAF in run_timer_softirq()
	dm cache: Fix UAF in destroy()
	dm cache: set needs_check flag after aborting metadata
	x86/microcode/intel: Do not retry microcode reloading on the APs
	tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line
	ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
	media: dvb-core: Fix double free in dvb_register_device()
	media: dvb-core: Fix UAF due to refcount races at releasing
	cifs: fix confusing debug message
	ima: Fix a potential NULL pointer access in ima_restore_measurement_list
	PCI: Fix pci_device_is_present() for VFs by checking PF
	PCI/sysfs: Fix double free in error path
	crypto: n2 - add missing hash statesize
	iommu/amd: Fix ivrs_acpihid cmdline parsing code
	parisc: led: Fix potential null-ptr-deref in start_task()
	device_cgroup: Roll back to original exceptions after copy failure
	drm/connector: send hotplug uevent on connector cleanup
	drm/vmwgfx: Validate the box size for the snooped cursor
	ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop
	ext4: fix undefined behavior in bit shift for ext4_check_flag_values
	ext4: fix bug_on in __es_tree_search caused by bad boot loader inode
	ext4: init quota for 'old.inode' in 'ext4_rename'
	ext4: fix error code return to user-space in ext4_get_branch()
	ext4: avoid BUG_ON when creating xattrs
	ext4: fix inode leak in ext4_xattr_inode_create() on an error path
	ext4: initialize quota before expanding inode in setproject ioctl
	ext4: avoid unaccounted block allocation when expanding inode
	ext4: allocate extended attribute value in vmalloc area
	SUNRPC: ensure the matching upcall is in-flight upon downcall
	bpf: pull before calling skb_postpull_rcsum()
	qlcnic: prevent ->dcb use-after-free on qlcnic_dcb_enable() failure
	nfc: Fix potential resource leaks
	net: amd-xgbe: add missed tasklet_kill
	net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
	net: sched: atm: dont intepret cls results when asked to drop
	usb: rndis_host: Secure rndis_query check against int overflow
	caif: fix memory leak in cfctrl_linkup_request()
	udf: Fix extension of the last extent in the file
	x86/bugs: Flush IBP in ib_prctl_set()
	nfsd: fix handling of readdir in v4root vs. mount upcall timeout
	hfs/hfsplus: use WARN_ON for sanity check
	hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling
	parisc: Align parisc MADV_XXX constants with all other architectures
	driver core: Fix bus_type.match() error handling in __driver_attach()
	ravb: Fix "failed to switch device to config mode" message during unbind
	net: sched: disallow noqueue for qdisc classes
	docs: Fix the docs build with Sphinx 6.0
	perf auxtrace: Fix address filter duplicate symbol selection
	s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
	net/ulp: prevent ULP without clone op from entering the LISTEN status
	ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
	platform/x86: sony-laptop: Don't turn off 0x153 keyboard backlight during probe
	ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
	netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function.
	x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
	EDAC/device: Fix period calculation in edac_device_reset_delay_period()
	regulator: da9211: Use irq handler when ready
	hvc/xen: lock console list traversal
	nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
	Revert "usb: ulpi: defer ulpi_register on ulpi_read_id timeout"
	Linux 4.14.303

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If642f7084f2f69491d3104a3a2565bafd19765c9
 2023-01-18 09:32:42 +01:00
Heiko Carstens
fbf628a77f s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() 
commit e3f360db08d55a14112bd27454e616a24296a8b0 upstream.

Make sure that *ptr__ within arch_this_cpu_to_op_simple() is only
dereferenced once by using READ_ONCE(). Otherwise the compiler could
generate incorrect code.

Cc: <stable@vger.kernel.org>
Reviewed-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-01-18 09:26:42 +01:00
Greg Kroah-Hartman
d37ce01b39 This is the 4.14.302 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmOZpREACgkQONu9yGCS
 aT6/6hAArov5YIrgkT+4zSFyQsGtt5SWr5WU8fQk6DXJi2gQEYRSq7E22JaKvksp
 8GUASjuIIQYRmydGjhKcjklGBmR6adZbqHLWJmnSCx8tBaEhe25ViNnsNspKQo7P
 0nTZvHrLEgRqLc7USmeDmWp6iUieUcB2bwhijjl0RViFn9NdLm9Mv2OAZO3wDfSZ
 cql5TLQ3lUfn9trJrvV6H1MCEChIkPEhvqvNqgJ3okj+KVdmlG9nASPtiDCdPJpx
 /WQ+gvIPEzFlJL5NcmRvkBajUjqZ+5lE0lN04HFy134ZVCI/8wX+KZSzJFkJT+xx
 0licesx8AXo9animZvZWQbWCC+ZoQAANsGuni5P4ntVtceTK8MeKznmMEBoI59nC
 vqlK/CL8iPb/khV1wNZ4t5i0Iz8zxX3ycxonwdRplXJUqVHnd4dhR8hh45jeYbcy
 NOBJcq2JiYJANc2hITh9jBt+nVGFQF/HkfziqrvBj84yf+ZGGfW0S1TucDAb0mgG
 6oHB87MbemSMxxOzBxob5Sf6jY3f6gDby7b2qmdMp+pKjDCHC/vDYcG0h4gHEy+e
 zzt0K4l94p+DEZwHFgZd6HtmAS3bdMuKH9a8qM5vMbeYixgAUt/rvKj6i83dutlT
 a9DeVaE01z0hcdIfyLI77iGKMwDrIAm5667e6OqLls5fh04VfNo=
 =w9Gz
 -----END PGP SIGNATURE-----

Merge 4.14.302 into android-4.14-stable

Changes in 4.14.302
	arm: dts: rockchip: fix node name for hym8563 rtc
	ARM: dts: rockchip: fix ir-receiver node names
	ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels
	ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation
	ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188
	ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event
	ASoC: soc-pcm: Add NULL check in BE reparenting
	regulator: twl6030: fix get status of twl6032 regulators
	net: usb: qmi_wwan: add u-blox 0x1342 composition
	xen/netback: Ensure protocol headers don't fall in the non-linear area
	xen/netback: do some code cleanup
	xen/netback: don't call kfree_skb() with interrupts disabled
	rcutorture: Automatically create initrd directory
	media: v4l2-dv-timings.c: fix too strict blanking sanity checks
	memcg: fix possible use-after-free in memcg_write_event_control()
	KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
	HID: hid-lg4ff: Add check for empty lbuf
	HID: core: fix shift-out-of-bounds in hid_report_raw_event
	ieee802154: cc2520: Fix error return code in cc2520_hw_init()
	ca8210: Fix crash by zero initializing data
	gpio: amd8111: Fix PCI device reference count leak
	e1000e: Fix TX dispatch condition
	igb: Allocate MSI-X vector when testing
	Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn()
	mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
	net: encx24j600: Add parentheses to fix precedence
	net: encx24j600: Fix invalid logic in reading of MISTAT register
	net: mvneta: Prevent out of bounds read in mvneta_config_rss()
	NFC: nci: Bounds check struct nfc_target arrays
	net: stmmac: fix "snps,axi-config" node property parsing
	net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
	net: hisilicon: Fix potential use-after-free in hix5hd2_rx()
	tipc: Fix potential OOB in tipc_link_proto_rcv()
	ethernet: aeroflex: fix potential skb leak in greth_init_rings()
	xen/netback: fix build warning
	net: plip: don't call kfree_skb/dev_kfree_skb() under spin_lock_irq()
	ipv6: avoid use-after-free in ip6_fragment()
	net: mvneta: Fix an out of bounds check
	Linux 4.14.302

Change-Id: Ib0ab479becf815972d3fab39a7b33fdbcfafc8f9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2022-12-14 21:17:23 +01:00
Thomas Huth
cd331f7b43 KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field 
commit 0dd4cdccdab3d74bd86b868768a7dca216bcce7e upstream.

We recently experienced some weird huge time jumps in nested guests when
rebooting them in certain cases. After adding some debug code to the epoch
handling in vsie.c (thanks to David Hildenbrand for the idea!), it was
obvious that the "epdx" field (the multi-epoch extension) did not get set
to 0xff in case the "epoch" field was negative.
Seems like the code misses to copy the value from the epdx field from
the guest to the shadow control block. By doing so, the weird time
jumps are gone in our scenarios.

Link: https://bugzilla.redhat.com/show_bug.cgi?id=2140899
Fixes: 8fa1696ea781 ("KVM: s390: Multiple Epoch Facility support")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Claudio Imbrenda <imbrenda@linux.ibm.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Cc: stable@vger.kernel.org # 4.19+
Link: https://lore.kernel.org/r/20221123090833.292938-1-thuth@redhat.com
Message-Id: <20221123090833.292938-1-thuth@redhat.com>
Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-12-14 11:26:13 +01:00
Greg Kroah-Hartman
8e45015ccc This is the 4.14.301 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmORudAACgkQONu9yGCS
 aT4vRg/7B8euq4DmhfFCT7DR4FJ2oulsoEOstgsCqoY1tRoI2IFFIZhmsrsL6Xcf
 6v3qsEMkXnKZSGYsdUeAGNvRCCXFROnKD+vpDgTYNmkdFcWGhJM4Bv0FScMbuHoI
 ButLYeNYfafk2NTHny/q2mvpa50iXcOXBOgExQhmiSb0O8ymysfK1xwU/1EpFoww
 ZTbSlpNaSSRO8ZUwJgkCmYhzhGuhci9aU/jUiwsnJvFrg6a+dE2LNlKdSHhl4MrQ
 cNKURvvTKz461Hltrfw+EGeq2vts9sZOkAEqfipeTQLFf/xV655tiR6K8EQLJjtm
 SQ4IsNjLQWgM8NnJYR0jgze+xCzhPDMb0Dlg9g9gQegOx9cymSnlaXB59WhUtNOR
 xJQUSoOAFsz/kUYuYqe9Ar6hpCUohukqBB/t2P0prSlIk9PNBTOBJ/xALiH+I2D5
 7jidkQ4xQ6sUx4mYHHlEGK8nJxYufa9lSYeLoQCXMYuy0OG9H6utZP1FJsvU5S4N
 83pEE4LBYEht0GuHr6i6vjaz2Gq8aCcap1KiTMy+YPlk0215/P29boqQAaR/nn9/
 z2Lwf+2HOl3RXuAX3RiwmEMtqbWUgeOnxB3gDE5aeZ0kydSMlrkn7c0NHe/cR/pf
 EBN7Bs2KDSkpKbYKE0rRSXRmwCFoPDnowBPomzRHzx00LUui8KE=
 =IZRW
 -----END PGP SIGNATURE-----

Merge 4.14.301 into android-4.14-stable

Changes in 4.14.301
	wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
	audit: fix undefined behavior in bit shift for AUDIT_BIT
	wifi: mac80211: Fix ack frame idr leak when mesh has no route
	spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
	MIPS: pic32: treat port as signed integer
	af_key: Fix send_acquire race with pfkey_register
	ARM: dts: am335x-pcm-953: Define fixed regulators in root node
	bus: sunxi-rsb: Support atomic transfers
	ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
	nfc/nci: fix race with opening and closing
	net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
	9p/fd: fix issue of list_del corruption in p9_fd_cancel()
	ARM: mxs: fix memory leak in mxs_machine_init()
	net/mlx4: Check retval of mlx4_bitmap_init
	net/qla3xxx: fix potential memleak in ql3xxx_send()
	xfrm: Fix ignored return value in xfrm6_init()
	NFC: nci: fix memory leak in nci_rx_data_packet()
	dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
	s390/dasd: fix no record found for raw_track_access
	nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
	nfc: st-nci: fix memory leaks in EVT_TRANSACTION
	net: thunderx: Fix the ACPI memory leak
	s390/crashdump: fix TOD programmable field size
	nios2: add FORCE for vmlinuz.gz
	arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
	iio: light: apds9960: fix wrong register for gesture gain
	iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
	kconfig: display recursive dependency resolution hint just once
	nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
	Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
	serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
	xen/platform-pci: add missing free_irq() in error path
	platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
	platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
	platform/x86: hp-wmi: Ignore Smart Experience App event
	tcp: configurable source port perturb table size
	net: usb: qmi_wwan: add Telit 0x103a composition
	drm/amdgpu: always register an MMU notifier for userptr
	iio: health: afe4403: Fix oob read in afe4403_read_raw
	iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
	iio: light: rpr0521: add missing Kconfig dependencies
	hwmon: (i5500_temp) fix missing pci_disable_device()
	hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
	of: property: decrement node refcount in of_fwnode_get_reference_args()
	net/mlx5: Fix uninitialized variable bug in outlen_write()
	can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
	can: cc770: cc770_isa_probe(): add missing free_cc770dev()
	qlcnic: fix sleep-in-atomic-context bugs caused by msleep
	net: phy: fix null-ptr-deref while probe() failed
	net: net_netdev: Fix error handling in ntb_netdev_init_module()
	net/9p: Fix a potential socket leak in p9_socket_open
	dsa: lan9303: Correct stat name
	net: hsr: Fix potential use-after-free
	packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
	net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
	hwmon: (coretemp) Check for null before removing sysfs attrs
	hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
	perf: Add sample_flags to indicate the PMU-filled sample data
	btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
	tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
	nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
	x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
	arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
	arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
	efi: random: Properly limit the size of the random seed
	ASoC: ops: Fix bounds check for _sx controls
	pinctrl: single: Fix potential division by zero
	iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
	tcp/udp: Fix memory leak in ipv6_renew_options().
	nvme: restrict management ioctls to admin
	x86/tsx: Add a feature bit for TSX control MSR support
	x86/pm: Add enumeration check before spec MSRs save/restore setup
	Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
	x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
	mmc: sdhci: use FIELD_GET for preset value bit masks
	mmc: sdhci: Fix voltage switch delay
	proc: avoid integer type confusion in get_proc_long
	proc: proc_skip_spaces() shouldn't think it is working on C strings
	v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
	ipc/sem: Fix dangling sem_array access in semtimedop race
	x86/nospec: Fix i386 RSB stuffing
	Revert "x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"
	Linux 4.14.301

Change-Id: I4c27385f0c1a0b71629ec158a1ce88540584db49
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2022-12-08 14:11:18 +00:00
Heiko Carstens
772af1897d s390/crashdump: fix TOD programmable field size 
[ Upstream commit f44e07a8afdd713ddc1a8832c39372fe5dd86895 ]

The size of the TOD programmable field was incorrectly increased from
four to eight bytes with commit 1a2c5840acf9 ("s390/dump: cleanup CPU
save area handling").
This leads to an elf notes section NT_S390_TODPREG which has a size of
eight instead of four bytes in case of kdump, however even worse is
that the contents is incorrect: it is supposed to contain only the
contents of the TOD programmable field, but in fact contains a mix of
the TOD programmable field (32 bit upper bits) and parts of the CPU
timer register (lower 32 bits).

Fix this by simply changing the size of the todpreg field within the
save area structure. This will implicitly also fix the size of the
corresponding elf notes sections.

This also gets rid of this compile time warning:

in function ‘fortify_memcpy_chk’,
    inlined from ‘save_area_add_regs’ at arch/s390/kernel/crash_dump.c:99:2:
./include/linux/fortify-string.h:413:25: error: call to ‘__read_overflow2_field’
   declared with attribute warning: detected read beyond size of field
   (2nd parameter); maybe use struct_group()? [-Werror=attribute-warning]
  413 |                         __read_overflow2_field(q_size_field, size);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fixes: 1a2c5840acf9 ("s390/dump: cleanup CPU save area handling")
Reviewed-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2022-12-08 11:16:30 +01:00
Greg Kroah-Hartman
d3693c5e4a This is the 4.14.298 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmNj1V4ACgkQONu9yGCS
 aT4W2Q//bsj9ozGUJJAWRoNXmGgt5BlEr07ZMGLz3YK0T2lN9wSoj7ZVPCSbbcVp
 1FrtwG7FuRpzu1puY2HOgvgL2Yk42p+8jpmMLS+AO9aOqYca4/ciUEyQaa4gQLk0
 WnvUE6Q4ho74y6G9cntQU08zXMhKT5AYxy+7vdb43Q8NzQwICwQ1beSpSLIVSO99
 kL/qElLVly3n+2KtjPmpOlF+JFEbWzaZShCma4H12EkSVPvNyfrb8dyDVyS8znbh
 BwAFHJyWZ7rqAvDL54YG6aaBOP5MgexFs/g5a6fbmhQp7V81mz/Bxn89+KbH9lVQ
 jXD435J6Hm+/XTSHTEyoG6YVwtld6nIwQ2hadMuhEi9PPE7TlGswiHOobxF1HbCS
 qNdSrxKAH2KuRMc/7cPIt5hNGKFLgCSn5SWLLIZ0hki1XajPa3pfHPczkqjTUiGh
 2BW9NjaarfgpSJsQbUYHCQ5v32ggPSYSeFWNOBogdmMuiBk5mCHjqRM1rY/PtpPo
 MEgAJdo0UGoMCuuhb9navczFFJYrwlqhUdFdbnRFN1MZnJ63vUMhebgHVGFQYUq3
 JM92wC20VvOMhDKjDkzH8bS4qX7YXWKtofSvFmHBZZbcFtqzNCT74MAC9gm4FoLM
 q8zudgQU20tmUZc6CfxyaMTEO+fmtwLn0vlsrrNZ8fLl+gMS5zQ=
 =R+9S
 -----END PGP SIGNATURE-----

Merge 4.14.298 into android-4.14-stable

Changes in 4.14.298
	ocfs2: clear dinode links count in case of error
	ocfs2: fix BUG when iput after ocfs2_mknod fails
	x86/microcode/AMD: Apply the patch early on every logical thread
	ata: ahci-imx: Fix MODULE_ALIAS
	ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS
	KVM: arm64: vgic: Fix exit condition in scan_its_table()
	arm64: errata: Remove AES hwcap for COMPAT tasks
	r8152: add PID for the Lenovo OneLink+ Dock
	btrfs: fix processing of delayed data refs during backref walking
	ACPI: extlog: Handle multiple records
	HID: magicmouse: Do not set BTN_MOUSE on double report
	net/atm: fix proc_mpc_write incorrect return value
	net: hns: fix possible memory leak in hnae_ae_register()
	iommu/vt-d: Clean up si_domain in the init_dmars() error path
	media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
	ACPI: video: Force backlight native for more TongFang devices
	ALSA: Use del_timer_sync() before freeing timer
	ALSA: au88x0: use explicitly signed char
	USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM
	usb: dwc3: gadget: Don't set IMI for no_interrupt
	usb: bdc: change state when port disconnected
	usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller
	xhci: Remove device endpoints from bandwidth list when freeing the device
	tools: iio: iio_utils: fix digit calculation
	iio: light: tsl2583: Fix module unloading
	fbdev: smscufx: Fix several use-after-free bugs
	mac802154: Fix LQI recording
	drm/msm/hdmi: fix memory corruption with too many bridges
	mmc: core: Fix kernel panic when remove non-standard SDIO card
	kernfs: fix use-after-free in __kernfs_remove
	s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
	Xen/gntdev: don't ignore kernel unmapping error
	xen/gntdev: Prevent leaking grants
	mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages
	net: ieee802154: fix error return code in dgram_bind()
	drm/msm: Fix return type of mdp4_lvds_connector_mode_valid
	arc: iounmap() arg is volatile
	ALSA: ac97: fix possible memory leak in snd_ac97_dev_register()
	x86/unwind/orc: Fix unreliable stack dump with gcov
	amd-xgbe: fix the SFP compliance codes check for DAC cables
	amd-xgbe: add the bit rate quirk for Molex cables
	kcm: annotate data-races around kcm->rx_psock
	kcm: annotate data-races around kcm->rx_wait
	net: lantiq_etop: don't free skb when returning NETDEV_TX_BUSY
	tcp: fix indefinite deferral of RTO with SACK reneging
	can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path
	PM: hibernate: Allow hybrid sleep to work with s2idle
	media: vivid: s_fbuf: add more sanity checks
	media: vivid: dev->bitmap_cap wasn't freed in all cases
	media: v4l2-dv-timings: add sanity checks for blanking values
	media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced'
	i40e: Fix ethtool rx-flow-hash setting for X722
	i40e: Fix flow-type by setting GL_HASH_INSET registers
	net: ksz884x: fix missing pci_disable_device() on error in pcidev_init()
	PM: domains: Fix handling of unavailable/disabled idle states
	ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()
	ALSA: aoa: Fix I2S device accounting
	openvswitch: switch from WARN to pr_warn
	net: ehea: fix possible memory leak in ehea_register_port()
	can: rcar_canfd: rcar_canfd_handle_global_receive(): fix IRQ storm on global FIFO receive
	Linux 4.14.298

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Icecdfe113c36f021fb51189827cd5c65b67c76e3
 2022-11-10 20:08:10 +01:00
Heiko Carstens
71c3b012f5 s390/futex: add missing EX_TABLE entry to __futex_atomic_op() 
commit a262d3ad6a433e4080cecd0a8841104a5906355e upstream.

For some exception types the instruction address points behind the
instruction that caused the exception. Take that into account and add
the missing exception table entry.

Cc: <stable@vger.kernel.org>
Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-11-03 23:50:53 +09:00
Greg Kroah-Hartman
9d728cabf6 This is the 4.14.293 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmMi/T0ACgkQONu9yGCS
 aT5Wpw//ewcidG2pSbIbsB3OYGwHXjXrViam1xNYVO22XJs7gjmL0HB+K/cieKUW
 BAweci2VRtFHOplLZLt9DqDUgMpY7Pq7zh/5wXNZcxgFUE01rqz4BBn0dDJJdm+N
 WxlTOIAmCm9I6uapVct4jelpeXk3ZGkDrQ9nV0iOKEYw+OHGlbT9Xsq675GeuPLb
 0v9e0lGW6RRfxTp2Z5Ahj5Wme8MulUIOi/ByRMiaZez3g6+ws3vGrKY7dAiWeomh
 ms44ipwyJwPdJ5jTkD+tNiTw1ob5jLNw/Z5Um6cb9Ujv4UurnYgS2CxhoQl8bqkr
 4G2auIV63r0J8Ocr9xImmcdoDzGHPNhnxWSqgyP92tBX1WNMZnQsyYyWpU8HwyAj
 8nGX0rMY5pKaGz01GaGNoFXxAmlQm877L3jI/KL/TEfogJ3qyKCdWWZubJZFnGYd
 eWu9ZVFGVVBEs5LlsXXg/bdmeg52fgOoGu4PMyay6fQefhaW26VLX3dQPGajk+rt
 UcvJj2ALiU7Z5P82TaDcKLnhqTe30lAG3X1xL6ZP4SOC6I3F+83AAaQDMD0HCPKf
 WiHNocb9JlO0xyI1EK3/1cilq8nzYIEFR2NTpDE6nfkJquoGzTbZOmHjjpAKPsjF
 w72MNQhv+VneYbIyZjjnvmskPMpbfaU5aI2giY1mjCN6RH0EWDo=
 =HIpa
 -----END PGP SIGNATURE-----

Merge 4.14.293 into android-4.14-stable

Changes in 4.14.293
	bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
	selftests/bpf: Fix test_align verifier log patterns
	bpf: Fix the off-by-two error in range markings
	drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
	platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask
	wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
	ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
	kcm: fix strp_init() order and cleanup
	serial: fsl_lpuart: RS485 RTS polariy is inverse
	staging: rtl8712: fix use after free bugs
	vt: Clear selection before changing the font
	USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
	binder: fix UAF of ref->proc caused by race condition
	drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
	Input: rk805-pwrkey - fix module autoloading
	hwmon: (gpio-fan) Fix array out of bounds access
	thunderbolt: Use the actual buffer in tb_async_error()
	xhci: Add grace period after xHC start to prevent premature runtime suspend.
	USB: serial: cp210x: add Decagon UCA device id
	USB: serial: option: add support for OPPO R11 diag port
	USB: serial: option: add Quectel EM060K modem
	USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode
	usb: dwc2: fix wrong order of phy_power_on and phy_init
	USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
	usb-storage: Add ignore-residue quirk for NXP PN7462AU
	s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
	s390: fix nospec table alignments
	USB: core: Prevent nested device-reset calls
	usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
	wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected
	net: mac802154: Fix a condition in the receive path
	ALSA: seq: oss: Fix data-race for max_midi_devs access
	ALSA: seq: Fix data-race at module auto-loading
	efi: capsule-loader: Fix use-after-free in efi_capsule_write
	wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd()
	fs: only do a memory barrier for the first set_buffer_uptodate()
	Revert "mm: kmemleak: take a full lowmem check in kmemleak_*_phys()"
	drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup.
	drm/radeon: add a force flush to delay work when radeon
	parisc: ccio-dma: Handle kmalloc failure in ccio_init_resources()
	parisc: Add runtime check to prevent PA2.0 kernels on PA1.x machines
	fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init()
	ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
	ALSA: aloop: Fix random zeros in capture data when using jiffies timer
	ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
	kprobes: Prohibit probes in gate area
	scsi: mpt3sas: Fix use-after-free warning
	driver core: Don't probe devices after bus_type.match() probe deferral
	netfilter: br_netfilter: Drop dst references before setting.
	netfilter: nf_conntrack_irc: Fix forged IP logic
	sch_sfb: Don't assume the skb is still around after enqueueing to child
	tipc: fix shift wrapping bug in map_get()
	ipv6: sr: fix out-of-bounds read when setting HMAC data.
	tcp: fix early ETIMEDOUT after spurious non-SACK RTO
	sch_sfb: Also store skb len before calling child enqueue
	usb: dwc3: fix PHY disable sequence
	USB: serial: ch341: fix lost character on LCR updates
	USB: serial: ch341: fix disabled rx timer on older devices
	MIPS: loongson32: ls1c: Fix hang during startup
	SUNRPC: use _bh spinlocking on ->transport_lock
	Linux 4.14.293

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I09a1870af864e1674593e596bfc91c3153353e39
 2022-09-20 16:06:08 +02:00
Josh Poimboeuf
34385e0ab8 s390: fix nospec table alignments 
commit c9305b6c1f52060377c72aebe3a701389e9f3172 upstream.

Add proper alignment for .nospec_call_table and .nospec_return_table in
vmlinux.

[hca@linux.ibm.com]: The problem with the missing alignment of the nospec
tables exist since a long time, however only since commit e6ed91fd0768
("s390/alternatives: remove padding generation code") and with
CONFIG_RELOCATABLE=n the kernel may also crash at boot time.

The above named commit reduced the size of struct alt_instr by one byte,
so its new size is 11 bytes. Therefore depending on the number of cpu
alternatives the size of the __alt_instructions array maybe odd, which
again also causes that the addresses of the nospec tables will be odd.

If the address of __nospec_call_start is odd and the kernel is compiled
With CONFIG_RELOCATABLE=n the compiler may generate code that loads the
address of __nospec_call_start with a 'larl' instruction.

This will generate incorrect code since the 'larl' instruction only works
with even addresses. In result the members of the nospec tables will be
accessed with an off-by-one offset, which subsequently may lead to
addressing exceptions within __nospec_revert().

Fixes: f19fbd5ed642 ("s390: introduce execute-trampolines for branches")
Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org>
Link: https://lore.kernel.org/r/8719bf1ce4a72ebdeb575200290094e9ce047bcc.1661557333.git.jpoimboe@kernel.org
Cc: <stable@vger.kernel.org> # 4.16
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-09-15 12:23:51 +02:00
Gerald Schaefer
162cbbd845 s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages 
commit 7c8d42fdf1a84b1a0dd60d6528309c8ec127e87c upstream.

The alignment check in prepare_hugepage_range() is wrong for 2 GB
hugepages, it only checks for 1 MB hugepage alignment.

This can result in kernel crash in __unmap_hugepage_range() at the
BUG_ON(start & ~huge_page_mask(h)) alignment check, for mappings
created with MAP_FIXED at unaligned address.

Fix this by correctly handling multiple hugepage sizes, similar to the
generic version of prepare_hugepage_range().

Fixes: d08de8e2d867 ("s390/mm: add support for 2GB hugepages")
Cc: <stable@vger.kernel.org> # 4.8+
Acked-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-09-15 12:23:51 +02:00
Greg Kroah-Hartman
c934915478 This is the 4.14.292 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmMVsmcACgkQONu9yGCS
 aT4FUg/9FObnfhdvPAIvN+OySfvNRBFX88CMTl0b4BoxBwc6Rkp0vrE9mrakxISV
 ShysLvA3tDdnHpOQgvCZSFDKt8zoAztFIfpOP6qY9GzM1rdVZ/+uThrviWjj6AOC
 nFJDt53cTqAsIj7BTzJZSdRW6JtcQnjnYIIL1aIWBKbcP3Tqoot/pJIKogdtvqRJ
 WS+HryL27osDXzDLU/sEcDwJy09zoJPYxVujW2bx9U6jN+EF/NtS2ZWueIvome2J
 qzSbYefXMup+0V0VjJqbz525HLlRiD2To6IEx0icoRgPyHDS30Z+bgiEMEJcqcqZ
 pY2sityQ26xE68jBwbMUomojl7CQVhB5JcZeMhwBdDT7GybyqghuiPbFYEQNU9Dl
 21+08CvbbTf/Lh01gRgDMQQLwcaJhmtrbtk6BwmW+nxyqKmmEQeqvjnsIyskZb1Y
 DZNbwsJe5vo/fXg7+PF3OhP2hiuawdcDaVQ8BHIxYIfv2G9aTyjFIGI/6V1lbAPj
 WdwF/kYl2X8jJr3cAkxx9ligQJkgJpZ1SZwLZKX8/en/Gom55pO4TfTDj62Nn25D
 BfB58RBzDcZSTNfGNset9D/kYqWhSZ7vSXVBnR4o3Ii2UslObvyGwc3XN7+/PYjF
 +bMqDb0Mky2Wp90eZE2fTkkd08pe/jzvMW13OUg2xg8yESzmce8=
 =1Med
 -----END PGP SIGNATURE-----

Merge 4.14.292 into android-4.14-stable

Changes in 4.14.292
	audit: fix potential double free on error path from fsnotify_add_inode_mark
	parisc: Fix exception handler for fldw and fstw instructions
	pinctrl: amd: Don't save/restore interrupt status and wake status bits
	xfrm: fix refcount leak in __xfrm_policy_check()
	af_key: Do not call xfrm_probe_algs in parallel
	rose: check NULL rose_loopback_neigh->loopback
	bonding: 802.3ad: fix no transmission of LACPDUs
	net: ipvtap - add __init/__exit annotations to module init/exit funcs
	netfilter: ebtables: reject blobs that don't provide all entry points
	netfilter: nft_payload: report ERANGE for too long offset and length
	netfilter: nft_payload: do not truncate csum_offset and csum_type
	net: Fix data-races around weight_p and dev_weight_[rt]x_bias.
	ratelimit: Fix data-races in ___ratelimit().
	net: Fix a data-race around sysctl_tstamp_allow_data.
	net: Fix a data-race around sysctl_net_busy_poll.
	net: Fix a data-race around sysctl_net_busy_read.
	net: Fix a data-race around netdev_budget.
	net: Fix a data-race around netdev_budget_usecs.
	net: Fix a data-race around sysctl_somaxconn.
	ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
	btrfs: check if root is readonly while setting security xattr
	loop: Check for overflow while configuring loop
	asm-generic: sections: refactor memory_intersects
	mm/hugetlb: fix hugetlb not supporting softdirty tracking
	md: call __md_stop_writes in md_stop
	mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
	arm64: map FDT as RW for early_init_dt_scan()
	s390/mm: do not trigger write fault when vma does not allow VM_WRITE
	x86/cpu: Add Tiger Lake to Intel family
	x86/bugs: Add "unknown" reporting for MMIO Stale Data
	kbuild: Fix include path in scripts/Makefile.modpost
	Bluetooth: L2CAP: Fix build errors in some archs
	media: pvrusb2: fix memory leak in pvr_probe
	HID: hidraw: fix memory leak in hidraw_release()
	fbdev: fb_pm2fb: Avoid potential divide by zero error
	ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
	mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
	neigh: fix possible DoS due to net iface start/stop loop
	s390/hypfs: avoid error message under KVM
	netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y
	kprobes: don't call disarm_kprobe() for disabled kprobes
	net: neigh: don't call kfree_skb() under spin_lock_irqsave()
	Linux 4.14.292

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Icce4d9faec621a80f1945d04c7e6e0c7acac8eee
 2022-09-07 09:18:37 +02:00
Greg Kroah-Hartman
c753af8d28 Merge 9d5fec6ba2e4 ("arm64: fix oops in concurrently setting insn_emulation sysctls") into android-mainline 
Steps on the way to 4.14.291

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7aa992b2fb777829ed30903f2850e72741425424
 2022-09-06 15:35:55 +02:00
Juergen Gross
d6de425328 s390/hypfs: avoid error message under KVM 
[ Upstream commit 7b6670b03641ac308aaa6fa2e6f964ac993b5ea3 ]

When booting under KVM the following error messages are issued:

hypfs.7f5705: The hardware system does not support hypfs
hypfs.7a79f0: Initialization of hypfs failed with rc=-61

Demote the severity of first message from "error" to "info" and issue
the second message only in other error cases.

Signed-off-by: Juergen Gross <jgross@suse.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@linux.ibm.com>
Link: https://lore.kernel.org/r/20220620094534.18967-1-jgross@suse.com
[arch/s390/hypfs/hypfs_diag.c changed description]
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2022-09-05 10:25:07 +02:00
Gerald Schaefer
88acf68aa1 s390/mm: do not trigger write fault when vma does not allow VM_WRITE 
commit 41ac42f137080bc230b5882e3c88c392ab7f2d32 upstream.

For non-protection pXd_none() page faults in do_dat_exception(), we
call do_exception() with access == (VM_READ | VM_WRITE | VM_EXEC).
In do_exception(), vma->vm_flags is checked against that before
calling handle_mm_fault().

Since commit 92f842eac7ee3 ("[S390] store indication fault optimization"),
we call handle_mm_fault() with FAULT_FLAG_WRITE, when recognizing that
it was a write access. However, the vma flags check is still only
checking against (VM_READ | VM_WRITE | VM_EXEC), and therefore also
calling handle_mm_fault() with FAULT_FLAG_WRITE in cases where the vma
does not allow VM_WRITE.

Fix this by changing access check in do_exception() to VM_WRITE only,
when recognizing write access.

Link: https://lkml.kernel.org/r/20220811103435.188481-3-david@redhat.com
Fixes: 92f842eac7ee3 ("[S390] store indication fault optimization")
Cc: <stable@vger.kernel.org>
Reported-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
Signed-off-by: Gerald Schaefer <gerald.schaefer@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-09-05 10:25:05 +02:00
Harald Freudenberger
fd174ecef9 s390/archrandom: prevent CPACF trng invocations in interrupt context 
commit 918e75f77af7d2e049bb70469ec0a2c12782d96a upstream.

This patch slightly reworks the s390 arch_get_random_seed_{int,long}
implementation: Make sure the CPACF trng instruction is never
called in any interrupt context. This is done by adding an
additional condition in_task().

Justification:

There are some constrains to satisfy for the invocation of the
arch_get_random_seed_{int,long}() functions:
- They should provide good random data during kernel initialization.
- They should not be called in interrupt context as the TRNG
  instruction is relatively heavy weight and may for example
  make some network loads cause to timeout and buck.

However, it was not clear what kind of interrupt context is exactly
encountered during kernel init or network traffic eventually calling
arch_get_random_seed_long().

After some days of investigations it is clear that the s390
start_kernel function is not running in any interrupt context and
so the trng is called:

Jul 11 18:33:39 t35lp54 kernel:  [<00000001064e90ca>] arch_get_random_seed_long.part.0+0x32/0x70
Jul 11 18:33:39 t35lp54 kernel:  [<000000010715f246>] random_init+0xf6/0x238
Jul 11 18:33:39 t35lp54 kernel:  [<000000010712545c>] start_kernel+0x4a4/0x628
Jul 11 18:33:39 t35lp54 kernel:  [<000000010590402a>] startup_continue+0x2a/0x40

The condition in_task() is true and the CPACF trng provides random data
during kernel startup.

The network traffic however, is more difficult. A typical call stack
looks like this:

Jul 06 17:37:07 t35lp54 kernel:  [<000000008b5600fc>] extract_entropy.constprop.0+0x23c/0x240
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b560136>] crng_reseed+0x36/0xd8
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b5604b8>] crng_make_state+0x78/0x340
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b5607e0>] _get_random_bytes+0x60/0xf8
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b56108a>] get_random_u32+0xda/0x248
Jul 06 17:37:07 t35lp54 kernel:  [<000000008aefe7a8>] kfence_guarded_alloc+0x48/0x4b8
Jul 06 17:37:07 t35lp54 kernel:  [<000000008aeff35e>] __kfence_alloc+0x18e/0x1b8
Jul 06 17:37:07 t35lp54 kernel:  [<000000008aef7f10>] __kmalloc_node_track_caller+0x368/0x4d8
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b611eac>] kmalloc_reserve+0x44/0xa0
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b611f98>] __alloc_skb+0x90/0x178
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b6120dc>] __napi_alloc_skb+0x5c/0x118
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b8f06b4>] qeth_extract_skb+0x13c/0x680
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b8f6526>] qeth_poll+0x256/0x3f8
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b63d76e>] __napi_poll.constprop.0+0x46/0x2f8
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b63dbec>] net_rx_action+0x1cc/0x408
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b937302>] __do_softirq+0x132/0x6b0
Jul 06 17:37:07 t35lp54 kernel:  [<000000008abf46ce>] __irq_exit_rcu+0x13e/0x170
Jul 06 17:37:07 t35lp54 kernel:  [<000000008abf531a>] irq_exit_rcu+0x22/0x50
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b922506>] do_io_irq+0xe6/0x198
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b935826>] io_int_handler+0xd6/0x110
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b9358a6>] psw_idle_exit+0x0/0xa
Jul 06 17:37:07 t35lp54 kernel: ([<000000008ab9c59a>] arch_cpu_idle+0x52/0xe0)
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b933cfe>] default_idle_call+0x6e/0xd0
Jul 06 17:37:07 t35lp54 kernel:  [<000000008ac59f4e>] do_idle+0xf6/0x1b0
Jul 06 17:37:07 t35lp54 kernel:  [<000000008ac5a28e>] cpu_startup_entry+0x36/0x40
Jul 06 17:37:07 t35lp54 kernel:  [<000000008abb0d90>] smp_start_secondary+0x148/0x158
Jul 06 17:37:07 t35lp54 kernel:  [<000000008b935b9e>] restart_int_handler+0x6e/0x90

which confirms that the call is in softirq context. So in_task() covers exactly
the cases where we want to have CPACF trng called: not in nmi, not in hard irq,
not in soft irq but in normal task context and during kernel init.

Signed-off-by: Harald Freudenberger <freude@linux.ibm.com>
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Juergen Christ <jchrist@linux.ibm.com>
Link: https://lore.kernel.org/r/20220713131721.257907-1-freude@linux.ibm.com
Fixes: e4f74400308c ("s390/archrandom: simplify back to earlier design and initialize earlier")
[agordeev@linux.ibm.com changed desc, added Fixes and Link, removed -stable]
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-08-25 11:11:09 +02:00
Dominik Brodowski
1ac66d789f
BACKPORT: mm: add ksys_fadvise64_64() helper; remove in-kernel call to sys_fadvise64_64() 
Using the ksys_fadvise64_64() helper allows us to avoid the in-kernel
calls to the sys_fadvise64_64() syscall. The ksys_ prefix denotes that
this function is meant as a drop-in replacement for the syscall. In
particular, it uses the same calling convention as ksys_fadvise64_64().

Some compat stubs called sys_fadvise64(), which then just passed through
the arguments to sys_fadvise64_64(). Get rid of this indirection, and call
ksys_fadvise64_64() directly.

This patch is part of a series which removes in-kernel calls to syscalls.
On this basis, the syscall entry path can be streamlined. For details, see
http://lkml.kernel.org/r/20180325162527.GA17492@light.dominikbrodowski.net

Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: linux-mm@kvack.org
Signed-off-by: Dominik Brodowski <linux@dominikbrodowski.net>
[Dark-Matter7232: backport to 4.14]
Signed-off-by: Dark-Matter7232 <kerneldeveloper7232@gmail.com>
Signed-off-by: azrim <mirzaspc@gmail.com>
 2022-07-31 09:27:38 +00:00
azrim
684432cf73
Merge remote-tracking branch 'google/android-4.14-stable' into richelieu 
* google/android-4.14-stable:
  Linux 4.14.287
  net: usb: qmi_wwan: add Telit 0x1070 composition
  net: usb: qmi_wwan: add Telit 0x1060 composition
  xen/arm: Fix race in RB-tree based P2M accounting
  xen/blkfront: force data bouncing when backend is untrusted
  xen/netfront: force data bouncing when backend is untrusted
  xen/netfront: fix leaking data in shared pages
  xen/blkfront: fix leaking data in shared pages
  net: Rename and export copy_skb_header
  ipv6/sit: fix ipip6_tunnel_get_prl return value
  sit: use min
  hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails
  xen/gntdev: Avoid blocking in unmap_grant_pages()
  NFC: nxp-nci: Don't issue a zero length i2c_master_read()
  nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
  net: bonding: fix use-after-free after 802.3ad slave unbind
  net: bonding: fix possible NULL deref in rlb code
  netfilter: nft_dynset: restore set element counter when failing to update
  caif_virtio: fix race between virtio_device_ready() and ndo_open()
  net: ipv6: unexport __init-annotated seg6_hmac_net_init()
  usbnet: fix memory allocation in helpers
  RDMA/qedr: Fix reporting QP timeout attribute
  net: usb: ax88179_178a: Fix packet receiving
  net: rose: fix UAF bugs caused by timer handler
  SUNRPC: Fix READ_PLUS crasher
  s390/archrandom: simplify back to earlier design and initialize earlier
  dm raid: fix KASAN warning in raid5_add_disks
  dm raid: fix accesses beyond end of raid member array
  nvdimm: Fix badblocks clear off-by-one error
  UPSTREAM: mm: fix misplaced unlock_page in do_wp_page()
  BACKPORT: mm: do_wp_page() simplification
  UPSTREAM: mm/ksm: Remove reuse_ksm_page()
  UPSTREAM: mm: reuse only-pte-mapped KSM page in do_wp_page()
 2022-07-08 01:19:31 +00:00
Greg Kroah-Hartman
0069fed6df This is the 4.14.287 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmLG/IAACgkQONu9yGCS
 aT790hAAtXs2Ha5QD/jVGEfCUSLrlZiRyBkx7owXnZzGS1T8FwVHby64UMOn/h2r
 YnB8HHWDNoUZzESvMGL/DGHD3mixd+SnEdgesRwpxB2GsF9/2RUkHnDXdLpRkIjK
 JumPHK1ZY2CNoeitE6dg2Jhn9i/4SESZyWvh7KhxYK5/MNHjl+GbgDA8kDKFGiUm
 MWNP35YoKT536cq/dso14/PtmTl6KCTE1kRKmuTk0SGLDkebBwRiny/YtjOfz+pV
 VlXkY7mk/Xxd2p8LTOd6Uhyet9daNlv+vSBsaOWv/QXnGsRR9aKLydOBtQx7fjVO
 2Svdrj0BneNYetz6J8sHlAtEjE0+Cf9iAUpRB0jfWtTN0B8f8SWewW+LT7V2FP4y
 PQqyYljGjROSDqnPSV43JJ5mtdgrqr6pEEB3CC3VJlXBK0b4SEhu+x3M2Z0NR3aB
 C0MuhmJQyxDyYWDg5Df2QoUUuInqOWmBDxBehdGAqrxboGUuvSvfjL4/kYsBIsaq
 NaWsxN1NYFxhgl3Ee9wr6X5gGZHsiQvvPpeQS4l/riAb5z6HQ0kmbcBXOk89G87r
 gVhKwzka9KpWHtxGOo/HA8uGUjrvMzB92q2im0CLRiInJu2YzpWo20PpBtjNVHq6
 Ss4zlj67BkGy4wxhW/1+8zn4vwk7oPZjuWzJiNusazAuje7AtVk=
 =/q/3
 -----END PGP SIGNATURE-----

Merge 4.14.287 into android-4.14-stable

Changes in 4.14.287
	nvdimm: Fix badblocks clear off-by-one error
	dm raid: fix accesses beyond end of raid member array
	dm raid: fix KASAN warning in raid5_add_disks
	s390/archrandom: simplify back to earlier design and initialize earlier
	SUNRPC: Fix READ_PLUS crasher
	net: rose: fix UAF bugs caused by timer handler
	net: usb: ax88179_178a: Fix packet receiving
	RDMA/qedr: Fix reporting QP timeout attribute
	usbnet: fix memory allocation in helpers
	net: ipv6: unexport __init-annotated seg6_hmac_net_init()
	caif_virtio: fix race between virtio_device_ready() and ndo_open()
	netfilter: nft_dynset: restore set element counter when failing to update
	net: bonding: fix possible NULL deref in rlb code
	net: bonding: fix use-after-free after 802.3ad slave unbind
	nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
	NFC: nxp-nci: Don't issue a zero length i2c_master_read()
	xen/gntdev: Avoid blocking in unmap_grant_pages()
	hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails
	sit: use min
	ipv6/sit: fix ipip6_tunnel_get_prl return value
	net: Rename and export copy_skb_header
	xen/blkfront: fix leaking data in shared pages
	xen/netfront: fix leaking data in shared pages
	xen/netfront: force data bouncing when backend is untrusted
	xen/blkfront: force data bouncing when backend is untrusted
	xen/arm: Fix race in RB-tree based P2M accounting
	net: usb: qmi_wwan: add Telit 0x1060 composition
	net: usb: qmi_wwan: add Telit 0x1070 composition
	Linux 4.14.287

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I974462e48fbda757f8360d41f33373954d792eb3
 2022-07-07 18:15:07 +02:00
Jason A. Donenfeld
836a2cea5b s390/archrandom: simplify back to earlier design and initialize earlier 
commit e4f74400308cb8abde5fdc9cad609c2aba32110c upstream.

s390x appears to present two RNG interfaces:
- a "TRNG" that gathers entropy using some hardware function; and
- a "DRBG" that takes in a seed and expands it.

Previously, the TRNG was wired up to arch_get_random_{long,int}(), but
it was observed that this was being called really frequently, resulting
in high overhead. So it was changed to be wired up to arch_get_random_
seed_{long,int}(), which was a reasonable decision. Later on, the DRBG
was then wired up to arch_get_random_{long,int}(), with a complicated
buffer filling thread, to control overhead and rate.

Fortunately, none of the performance issues matter much now. The RNG
always attempts to use arch_get_random_seed_{long,int}() first, which
means a complicated implementation of arch_get_random_{long,int}() isn't
really valuable or useful to have around. And it's only used when
reseeding, which means it won't hit the high throughput complications
that were faced before.

So this commit returns to an earlier design of just calling the TRNG in
arch_get_random_seed_{long,int}(), and returning false in arch_get_
random_{long,int}().

Part of what makes the simplification possible is that the RNG now seeds
itself using the TRNG at bootup. But this only works if the TRNG is
detected early in boot, before random_init() is called. So this commit
also causes that check to happen in setup_arch().

Cc: stable@vger.kernel.org
Cc: Harald Freudenberger <freude@linux.ibm.com>
Cc: Ingo Franzki <ifranzki@linux.ibm.com>
Cc: Juergen Christ <jchrist@linux.ibm.com>
Cc: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Link: https://lore.kernel.org/r/20220610222023.378448-1-Jason@zx2c4.com
Reviewed-by: Harald Freudenberger <freude@linux.ibm.com>
Acked-by: Heiko Carstens <hca@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-07-07 17:31:16 +02:00
azrim
9c642251ed
Merge remote-tracking branch 'google/android-4.14-stable' into richelieu 
* google/android-4.14-stable:
  UPSTREAM: lib/vsprintf: Hash printed address for netdev bits fallback
  UPSTREAM: lib/vsprintf: Prepare for more general use of ptr_to_id()
  UPSTREAM: lib/vsprintf: Make ptr argument conts in ptr_to_id()
  UPSTREAM: vsprintf: Replace memory barrier with static_key for random_ptr_key update
  UPSTREAM: lib/test_printf.c: accept "ptrval" as valid result for plain 'p' tests
  UPSTREAM: lib/vsprintf: Do not handle %pO[^F] as %px
  BACKPORT: l2tp: fix race in pppol2tp_release with session object destroy
  BACKPORT: l2tp: don't use inet_shutdown on ppp session destroy
  Linux 4.14.285
  tcp: drop the hash_32() part from the index calculation
  tcp: increase source port perturb table to 2^16
  tcp: dynamically allocate the perturb table used by source ports
  tcp: add small random increments to the source port
  tcp: use different parts of the port_offset for index and offset
  tcp: add some entropy in __inet_hash_connect()
  xprtrdma: fix incorrect header size calculations
  usb: gadget: u_ether: fix regression in setting fixed MAC address
  s390/mm: use non-quiescing sske for KVM switch to keyed guest
  l2tp: fix race in pppol2tp_release with session object destroy
  l2tp: don't use inet_shutdown on ppp session destroy
  virtio-pci: Remove wrong address verification in vp_del_vqs()
  ext4: add reserved GDT blocks check
  ext4: make variable "count" signed
  ext4: fix bug_on ext4_mb_use_inode_pa
  serial: 8250: Store to lsr_save_flags after lsr read
  usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
  usb: dwc2: Fix memory leak in dwc2_hcd_init
  USB: serial: io_ti: add Agilent E5805A support
  USB: serial: option: add support for Cinterion MV31 with new baseline
  comedi: vmk80xx: fix expression for tx buffer size
  irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
  certs/blacklist_hashes.c: fix const confusion in certs blacklist
  arm64: ftrace: fix branch range checks
  net: bgmac: Fix an erroneous kfree() in bgmac_remove()
  misc: atmel-ssc: Fix IRQ check in ssc_probe
  tty: goldfish: Fix free_irq() on remove
  i40e: Fix call trace in setup_tx_descriptors
  pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE
  random: credit cpu and bootloader seeds by default
  net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag
  ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
  nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
  virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed
  scsi: pmcraid: Fix missing resource cleanup in error case
  scsi: ipr: Fix missing/incorrect resource cleanup in error case
  scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
  scsi: vmw_pvscsi: Expand vcpuHint to 16 bits
  ASoC: wm8962: Fix suspend while playing music
  ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
  ASoC: cs42l56: Correct typo in minimum level for SX volume controls
  ASoC: cs42l52: Correct TLV for Bypass Volume
  ASoC: cs53l30: Correct number of volume levels on SX controls
  ASoC: cs42l52: Fix TLV scales for mixer controls
  random: account for arch randomness in bits
  random: mark bootloader randomness code as __init
  random: avoid checking crng_ready() twice in random_init()
  crypto: drbg - make reseeding from get_random_bytes() synchronous
  crypto: drbg - always try to free Jitter RNG instance
  crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed()
  crypto: drbg - track whether DRBG was seeded with !rng_is_initialized()
  crypto: drbg - prepare for more fine-grained tracking of seeding state
  crypto: drbg - always seeded with SP800-90B compliant noise source
  crypto: drbg - add FIPS 140-2 CTRNG for noise source
  Revert "random: use static branch for crng_ready()"
  random: check for signals after page of pool writes
  random: wire up fops->splice_{read,write}_iter()
  random: convert to using fops->write_iter()
  random: move randomize_page() into mm where it belongs
  random: move initialization functions out of hot pages
  random: use proper return types on get_random_{int,long}_wait()
  random: remove extern from functions in header
  random: use static branch for crng_ready()
  random: credit architectural init the exact amount
  random: handle latent entropy and command line from random_init()
  random: use proper jiffies comparison macro
  random: remove ratelimiting for in-kernel unseeded randomness
  random: avoid initializing twice in credit race
  random: use symbolic constants for crng_init states
  siphash: use one source of truth for siphash permutations
  random: help compiler out with fast_mix() by using simpler arguments
  random: do not use input pool from hard IRQs
  random: order timer entropy functions below interrupt functions
  random: do not pretend to handle premature next security model
  random: do not use batches when !crng_ready()
  random: insist on random_get_entropy() existing in order to simplify
  xtensa: use fallback for random_get_entropy() instead of zero
  sparc: use fallback for random_get_entropy() instead of zero
  um: use fallback for random_get_entropy() instead of zero
  x86/tsc: Use fallback for random_get_entropy() instead of zero
  nios2: use fallback for random_get_entropy() instead of zero
  arm: use fallback for random_get_entropy() instead of zero
  mips: use fallback for random_get_entropy() instead of just c0 random
  m68k: use fallback for random_get_entropy() instead of zero
  timekeeping: Add raw clock fallback for random_get_entropy()
  powerpc: define get_cycles macro for arch-override
  alpha: define get_cycles macro for arch-override
  parisc: define get_cycles macro for arch-override
  s390: define get_cycles macro for arch-override
  ia64: define get_cycles macro for arch-override
  init: call time_init() before rand_initialize()
  random: fix sysctl documentation nits
  random: document crng_fast_key_erasure() destination possibility
  random: make random_get_entropy() return an unsigned long
  random: check for signals every PAGE_SIZE chunk of /dev/[u]random
  random: check for signal_pending() outside of need_resched() check
  random: do not allow user to keep crng key around on stack
  random: do not split fast init input in add_hwgenerator_randomness()
  random: mix build-time latent entropy into pool at init
  random: re-add removed comment about get_random_{u32,u64} reseeding
  random: treat bootloader trust toggle the same way as cpu trust toggle
  random: skip fast_init if hwrng provides large chunk of entropy
  random: check for signal and try earlier when generating entropy
  random: reseed more often immediately after booting
  random: make consistent usage of crng_ready()
  random: use SipHash as interrupt entropy accumulator
  random: replace custom notifier chain with standard one
  random: don't let 644 read-only sysctls be written to
  random: give sysctl_random_min_urandom_seed a more sensible value
  random: do crng pre-init loading in worker rather than irq
  random: unify cycles_t and jiffies usage and types
  random: cleanup UUID handling
  random: only wake up writers after zap if threshold was passed
  random: round-robin registers as ulong, not u32
  random: clear fast pool, crng, and batches in cpuhp bring up
  random: pull add_hwgenerator_randomness() declaration into random.h
  random: check for crng_init == 0 in add_device_randomness()
  random: unify early init crng load accounting
  random: do not take pool spinlock at boot
  random: defer fast pool mixing to worker
  random: rewrite header introductory comment
  random: group sysctl functions
  random: group userspace read/write functions
  random: group entropy collection functions
  random: group entropy extraction functions
  random: group initialization wait functions
  random: remove whitespace and reorder includes
  random: remove useless header comment
  random: introduce drain_entropy() helper to declutter crng_reseed()
  random: deobfuscate irq u32/u64 contributions
  random: add proper SPDX header
  random: remove unused tracepoints
  random: remove ifdef'd out interrupt bench
  random: tie batched entropy generation to base_crng generation
  random: zero buffer after reading entropy from userspace
  random: remove outdated INT_MAX >> 6 check in urandom_read()
  random: use hash function for crng_slow_load()
  random: absorb fast pool into input pool after fast load
  random: do not xor RDRAND when writing into /dev/random
  random: ensure early RDSEED goes through mixer on init
  random: inline leaves of rand_initialize()
  random: use RDSEED instead of RDRAND in entropy extraction
  random: fix locking in crng_fast_load()
  random: remove batched entropy locking
  random: remove use_input_pool parameter from crng_reseed()
  random: make credit_entropy_bits() always safe
  random: always wake up entropy writers after extraction
  random: use linear min-entropy accumulation crediting
  random: simplify entropy debiting
  random: use computational hash for entropy extraction
  random: only call crng_finalize_init() for primary_crng
  random: access primary_pool directly rather than through pointer
  random: continually use hwgenerator randomness
  random: simplify arithmetic function flow in account()
  random: access input_pool_data directly rather than through pointer
  random: cleanup fractional entropy shift constants
  random: prepend remaining pool constants with POOL_
  random: de-duplicate INPUT_POOL constants
  random: remove unused OUTPUT_POOL constants
  random: rather than entropy_store abstraction, use global
  random: try to actively add entropy rather than passively wait for it
  random: remove unused extract_entropy() reserved argument
  random: remove incomplete last_data logic
  random: cleanup integer types
  crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
  random: cleanup poolinfo abstraction
  random: fix typo in comments
  random: don't reset crng_init_cnt on urandom_read()
  random: avoid superfluous call to RDRAND in CRNG extraction
  random: early initialization of ChaCha constants
  random: initialize ChaCha20 constants with correct endianness
  random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs
  random: harmonize "crng init done" messages
  random: mix bootloader randomness into pool
  random: do not re-init if crng_reseed completes before primary init
  random: do not sign extend bytes for rotation when mixing
  random: use BLAKE2s instead of SHA1 in extraction
  random: remove unused irq_flags argument from add_interrupt_randomness()
  random: document add_hwgenerator_randomness() with other input functions
  crypto: blake2s - adjust include guard naming
  crypto: blake2s - include <linux/bug.h> instead of <asm/bug.h>
  MAINTAINERS: co-maintain random.c
  random: remove dead code left over from blocking pool
  random: avoid arch_get_random_seed_long() when collecting IRQ randomness
  random: add arch_get_random_*long_early()
  powerpc: Use bool in archrandom.h
  linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
  linux/random.h: Use false with bool
  linux/random.h: Remove arch_has_random, arch_has_random_seed
  s390: Remove arch_has_random, arch_has_random_seed
  powerpc: Remove arch_has_random, arch_has_random_seed
  x86: Remove arch_has_random, arch_has_random_seed
  random: avoid warnings for !CONFIG_NUMA builds
  random: split primary/secondary crng init paths
  random: remove some dead code of poolinfo
  random: fix typo in add_timer_randomness()
  random: Add and use pr_fmt()
  random: convert to ENTROPY_BITS for better code readability
  random: remove unnecessary unlikely()
  random: remove kernel.random.read_wakeup_threshold
  random: delete code to pull data into pools
  random: remove the blocking pool
  random: fix crash on multiple early calls to add_bootloader_randomness()
  char/random: silence a lockdep splat with printk()
  random: make /dev/random be almost like /dev/urandom
  random: ignore GRND_RANDOM in getentropy(2)
  random: add GRND_INSECURE to return best-effort non-cryptographic bytes
  random: Add a urandom_read_nowait() for random APIs that don't warn
  random: Don't wake crng_init_wait when crng_init == 1
  lib/crypto: sha1: re-roll loops to reduce code size
  lib/crypto: blake2s: move hmac construction into wireguard
  crypto: blake2s - generic C library implementation and selftest
  crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array()
  Revert "hwrng: core - Freeze khwrng thread during suspend"
  char/random: Add a newline at the end of the file
  random: Use wait_event_freezable() in add_hwgenerator_randomness()
  fdt: add support for rng-seed
  random: Support freezable kthreads in add_hwgenerator_randomness()
  random: fix soft lockup when trying to read from an uninitialized blocking pool
  latent_entropy: avoid build error when plugin cflags are not set
  random: document get_random_int() family
  random: move rand_initialize() earlier
  random: only read from /dev/random after its pool has received 128 bits
  drivers/char/random.c: make primary_crng static
  drivers/char/random.c: remove unused stuct poolinfo::poolbits
  drivers/char/random.c: constify poolinfo_table
  random: make CPU trust a boot parameter
  random: Make crng state queryable
  random: remove preempt disabled region
  random: add a config option to trust the CPU's hwrng
  random: Return nbytes filled from hw RNG
  random: Fix whitespace pre random-bytes work
  drivers/char/random.c: remove unused dont_count_entropy
  random: optimize add_interrupt_randomness
  random: always fill buffer in get_random_bytes_wait
  crypto: chacha20 - Fix keystream alignment for chacha20_block()
  9p: missing chunk of "fs/9p: Don't update file type when updating file attributes"
  UPSTREAM: ext4: verify dir block before splitting it
  UPSTREAM: ext4: fix use-after-free in ext4_rename_dir_prepare
  BACKPORT: ext4: Only advertise encrypted_casefold when encryption and unicode are enabled
  BACKPORT: ext4: fix no-key deletion for encrypt+casefold
  BACKPORT: ext4: optimize match for casefolded encrypted dirs
  BACKPORT: ext4: handle casefolding with encryption
  Revert "ANDROID: ext4: Handle casefolding with encryption"
  Revert "ANDROID: ext4: Optimize match for casefolded encrypted dirs"
  Revert "ext4: fix use-after-free in ext4_rename_dir_prepare"
  Revert "ext4: verify dir block before splitting it"
  Linux 4.14.284
  x86/speculation/mmio: Print SMT warning
  KVM: x86/speculation: Disable Fill buffer clear within guests
  x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
  x86/speculation/srbds: Update SRBDS mitigation selection
  x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data
  x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
  x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations
  x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
  x86/speculation: Add a common function for MD_CLEAR mitigation update
  x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug
  Documentation: Add documentation for Processor MMIO Stale Data
  x86/cpu: Add another Alder Lake CPU to the Intel family
  x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family
  x86/cpu: Add Comet Lake to the Intel CPU models header
  x86/CPU: Add more Icelake model numbers
  x86/CPU: Add Icelake model number
  x86/cpu: Add Cannonlake to Intel family
  x86/cpu: Add Jasper Lake to Intel family
  cpu/speculation: Add prototype for cpu_show_srbds()
  x86/cpu: Add Elkhart Lake to Intel family
  Linux 4.14.283
  tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
  PCI: qcom: Fix unbalanced PHY init on probe errors
  mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
  mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
  md/raid0: Ignore RAID0 layout if the second zone has only one device
  powerpc/32: Fix overread/overwrite of thread_struct via ptrace
  Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
  ixgbe: fix unexpected VLAN Rx in promisc mode on VF
  ixgbe: fix bcast packets Rx on VF after promisc removal
  nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
  nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
  ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
  cifs: return errors during session setup during reconnects
  ALSA: hda/conexant - Fix loopback issue with CX20632
  vringh: Fix loop descriptors check in the indirect cases
  nodemask: Fix return values to be unsigned
  nbd: fix io hung while disconnecting device
  nbd: fix race between nbd_alloc_config() and module removal
  nbd: call genl_unregister_family() first in nbd_cleanup()
  modpost: fix undefined behavior of is_arm_mapping_symbol()
  drm/radeon: fix a possible null pointer dereference
  Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
  md: protect md_unregister_thread from reentrancy
  kernfs: Separate kernfs_pr_cont_buf and rename_lock.
  serial: msm_serial: disable interrupts in __msm_console_write()
  staging: rtl8712: fix uninit-value in r871xu_drv_init()
  clocksource/drivers/sp804: Avoid error on multiple instances
  extcon: Modify extcon device to be created after driver data is set
  misc: rtsx: set NULL intfdata when probe fails
  usb: dwc2: gadget: don't reset gadget's driver->bus
  USB: hcd-pci: Fully suspend across freeze/thaw cycle
  drivers: usb: host: Fix deadlock in oxu_bus_suspend()
  drivers: tty: serial: Fix deadlock in sa1100_set_termios()
  USB: host: isp116x: check return value after calling platform_get_resource()
  drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
  tty: Fix a possible resource leak in icom_probe
  tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
  lkdtm/usercopy: Expand size of "out of frame" object
  iio: dummy: iio_simple_dummy: check the return value of kstrdup()
  drm: imx: fix compiler warning with gcc-12
  net: altera: Fix refcount leak in altera_tse_mdio_create
  net: ipv6: unexport __init-annotated seg6_hmac_init()
  net: xfrm: unexport __init-annotated xfrm4_protocol_init()
  net: mdio: unexport __init-annotated mdio_bus_init()
  SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
  net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
  ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
  xprtrdma: treat all calls not a bcall when bc_serv is NULL
  video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
  m68knommu: fix undefined reference to `_init_sp'
  m68knommu: set ZERO_PAGE() to the allocated zeroed page
  i2c: cadence: Increase timeout per message if necessary
  tracing: Avoid adding tracer option before update_tracer_options
  tracing: Fix sleeping function called from invalid context on RT kernel
  mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
  perf c2c: Fix sorting in percent_rmt_hitm_cmp()
  tcp: tcp_rtx_synack() can be called from process context
  ubi: ubi_create_volume: Fix use-after-free when volume creation failed
  jffs2: fix memory leak in jffs2_do_fill_super
  modpost: fix removing numeric suffixes
  net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
  net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
  clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
  firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
  serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
  serial: sh-sci: Don't allow CS5-6
  serial: txx9: Don't allow CS5-6
  serial: digicolor-usart: Don't allow CS5-6
  serial: meson: acquire port->lock in startup()
  rtc: mt6397: check return value after calling platform_get_resource()
  soc: rockchip: Fix refcount leak in rockchip_grf_init
  coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
  rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
  pwm: lp3943: Fix duty calculation in case period was clamped
  USB: storage: karma: fix rio_karma_init return
  usb: usbip: add missing device lock on tweak configuration cmd
  usb: usbip: fix a refcount leak in stub_probe()
  tty: goldfish: Use tty_port_destroy() to destroy port
  staging: greybus: codecs: fix type confusion of list iterator variable
  pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
  netfilter: nf_tables: disallow non-stateful expression in sets earlier
  MIPS: IP27: Remove incorrect `cpu_has_fpu' override
  RDMA/rxe: Generate a completion for unsupported/invalid opcode
  phy: qcom-qmp: fix reset-controller leak on probe errors
  dt-bindings: gpio: altera: correct interrupt-cells
  docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
  phy: qcom-qmp: fix struct clk leak on probe errors
  arm64: dts: qcom: ipq8074: fix the sleep clock frequency
  gma500: fix an incorrect NULL check on list iterator
  carl9170: tx: fix an incorrect use of list iterator
  ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
  rtl818x: Prevent using not initialized queues
  hugetlb: fix huge_pmd_unshare address update
  nodemask.h: fix compilation error with GCC12
  iommu/msm: Fix an incorrect NULL check on list iterator
  um: Fix out-of-bounds read in LDT setup
  um: chan_user: Fix winch_tramp() return value
  mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
  irqchip: irq-xtensa-mx: fix initial IRQ affinity
  irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
  RDMA/hfi1: Fix potential integer multiplication overflow errors
  md: fix an incorrect NULL check in md_reload_sb
  md: fix an incorrect NULL check in does_sb_need_changing
  drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
  drm/nouveau/clk: Fix an incorrect NULL check on list iterator
  drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
  scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
  scsi: dc395x: Fix a missing check on list iterator
  ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
  dlm: fix missing lkb refcount handling
  dlm: fix plock invalid read
  ext4: avoid cycles in directory h-tree
  ext4: verify dir block before splitting it
  ext4: fix bug_on in ext4_writepages
  ext4: fix use-after-free in ext4_rename_dir_prepare
  fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
  iwlwifi: mvm: fix assert 1F04 upon reconfig
  wifi: mac80211: fix use-after-free in chanctx code
  perf jevents: Fix event syntax error caused by ExtSel
  perf c2c: Use stdio interface if slang is not supported
  iommu/amd: Increase timeout waiting for GA log enablement
  video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
  iommu/mediatek: Add list_del in mtk_iommu_remove
  mailbox: forward the hrtimer if not queued and under a lock
  powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
  powerpc/perf: Fix the threshold compare group constraint for power9
  Input: sparcspkr - fix refcount leak in bbc_beep_probe
  tty: fix deadlock caused by calling printk() under tty_port->lock
  powerpc/4xx/cpm: Fix return value of __setup() handler
  powerpc/idle: Fix return value of __setup() handler
  powerpc/8xx: export 'cpm_setbrg' for modules
  drivers/base/node.c: fix compaction sysfs file leak
  pinctrl: mvebu: Fix irq_of_parse_and_map() return value
  scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
  mfd: ipaq-micro: Fix error check return value of platform_get_irq()
  ARM: dts: bcm2835-rpi-b: Fix GPIO line names
  ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
  soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
  soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
  rxrpc: Don't try to resend the request if we're receiving the reply
  rxrpc: Fix listen() setting the bar too high for the prealloc rings
  ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
  sctp: read sk->sk_bound_dev_if once in sctp_rcv()
  m68k: math-emu: Fix dependencies of math emulation support
  Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
  media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
  media: exynos4-is: Change clk_disable to clk_disable_unprepare
  media: st-delta: Fix PM disable depth imbalance in delta_probe
  regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
  ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
  media: uvcvideo: Fix missing check to determine if element is found in list
  drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
  x86/mm: Cleanup the control_va_addr_alignment() __setup handler
  irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
  x86: Fix return value of __setup handlers
  drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
  drm/msm/hdmi: check return value after calling platform_get_resource_byname()
  drm/msm/dsi: fix error checks and return values for DSI xmit functions
  x86/pm: Fix false positive kmemleak report in msr_build_context()
  fsnotify: fix wrong lockdep annotations
  inotify: show inotify mask flags in proc fdinfo
  ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
  spi: img-spfi: Fix pm_runtime_get_sync() error checking
  HID: hid-led: fix maximum brightness for Dream Cheeky
  efi: Add missing prototype for efi_capsule_setup_info
  NFC: NULL out the dev->rfkill to prevent UAF
  spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
  drm/mediatek: Fix mtk_cec_mask()
  x86/delay: Fix the wrong asm constraint in delay_loop()
  ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
  ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
  ath9k: fix ar9003_get_eepmisc
  drm: fix EDID struct for old ARM OABI format
  RDMA/hfi1: Prevent panic when SDMA is disabled
  macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
  powerpc/xics: fix refcount leak in icp_opal_init()
  tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
  PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
  ARM: hisi: Add missing of_node_put after of_find_compatible_node
  ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
  ARM: versatile: Add missing of_node_put in dcscb_init
  fat: add ratelimit to fat*_ent_bread()
  ARM: OMAP1: clock: Fix UART rate reporting algorithm
  fs: jfs: fix possible NULL pointer dereference in dbFree()
  ARM: dts: ox820: align interrupt controller node name with dtschema
  eth: tg3: silence the GCC 12 array-bounds warning
  rxrpc: Return an error to sendmsg if call failed
  media: exynos4-is: Fix compile warning
  net: phy: micrel: Allow probing without .driver_data
  ASoC: rt5645: Fix errorenous cleanup order
  nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
  openrisc: start CPU timer early in boot
  rtlwifi: Use pr_warn instead of WARN_ONCE
  ipmi:ssif: Check for NULL msg when handling events and messages
  dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
  s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
  ASoC: dapm: Don't fold register value changes into notifications
  ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
  drm/amd/pm: fix the compile warning
  scsi: megaraid: Fix error check return value of register_chrdev()
  media: cx25821: Fix the warning when removing the module
  media: pci: cx23885: Fix the error handling in cx23885_initdev()
  media: venus: hfi: avoid null dereference in deinit
  ath9k: fix QCA9561 PA bias level
  drm/amd/pm: fix double free in si_parse_power_table()
  ALSA: jack: Access input_dev under mutex
  ACPICA: Avoid cache flush inside virtual machines
  ipw2x00: Fix potential NULL dereference in libipw_xmit()
  b43: Fix assigning negative value to unsigned variable
  b43legacy: Fix assigning negative value to unsigned variable
  mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
  drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
  btrfs: repair super block num_devices automatically
  btrfs: add "0x" prefix for unsupported optional features
  ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
  ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
  USB: new quirk for Dell Gen 2 devices
  USB: serial: option: add Quectel BG95 modem
  binfmt_flat: do not stop relocating GOT entries prematurely on riscv
 2022-06-30 14:03:54 +00:00