malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
812,269 Commits 5 Branches 0 Tags
Commit Graph

1972 Commits

Author SHA1 Message Date
Richard Raya
2cd059fb56 This is the 4.14.354 OpenELA-Extended LTS stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEERFwmR4yFob14UDOYC8702P6YulgFAmcgko0ZHHZlZ2FyZC5u
 b3NzdW1Ab3JhY2xlLmNvbQAKCRALzvTY/pi6WL/GD/0em+uP/O8QiPYqeGrEECpW
 bgRsBiN3XnyEsghAjplWX12G/zjxA0PY0u2zh9K9sdPw60n8nVZ1OxvPHINwuSC9
 kE9N60SCpJ88ju9OtU+4xz/nxtEmlel8fWy5elagB5wqbWbvsjT52ceZXqSxqhy7
 pQdIDHSiUUwx9JL6vDuJSL+Z/Y216qvBETZLnDSo90raFp/MDa5JmQsh81lLeUt8
 wGKwC/Olnbd21QTStNK34aQGyX5b+3YeACFVPud66Zs9airz9EE6Yq78gwL29L2k
 4jxzihXxSkkfa66eR63ap53+/mEqOZX72m2qEMVOvAcAwU0XsNDTdkXN7z8YQ5T3
 E1rJwr4Ox0hmM+hHBA20w9xRDXZoZmdrcjsU1aNKuK2zTJ0h9DBIvMM2XY5n5sWK
 I4F8E15KyKmu4nXBETreXZixqVLZMgjNFncRLf8XBIL1kxXm65LYCHypp3AgdVgo
 Ccdq5PbC6LAyNPrIOaftIaS9VlU15cqcalu7A+gSoWq55LGWAa3G9vX0ZtYQB9QX
 0R18fbzyjqG6Wa5J5KRDJ+HyS4IvdnEWS8hMR3jfosjMNgJhfDlDeev8NARBiDpX
 d26xogNA7xOOvtdpuwEbnxD5kR0zUdnC73pC4wxdMptYSK6ULKNPmTkA0dKE9qvl
 TDgw4DML8vXQqJ4P+w3Njw==
 =gX2R
 -----END PGP SIGNATURE-----

Merge tag 'v4.14.354-openela' of https://github.com/openela/kernel-lts

This is the 4.14.354 OpenELA-Extended LTS stable release

* tag 'v4.14.354-openela' of https://github.com/openela/kernel-lts: (90 commits)
  LTS: Update to 4.14.354
  drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
  ipc: remove memcg accounting for sops objects in do_semtimedop()
  scsi: aacraid: Fix double-free on probe failure
  usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes()
  usb: dwc3: st: fix probed platform device ref count on probe error path
  usb: dwc3: core: Prevent USB core invalid event buffer address access
  usb: dwc3: omap: add missing depopulate in probe error path
  USB: serial: option: add MeiG Smart SRM825L
  cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller
  net: busy-poll: use ktime_get_ns() instead of local_clock()
  gtp: fix a potential NULL pointer dereference
  net: prevent mss overflow in skb_segment()
  ida: Fix crash in ida_free when the bitmap is empty
  net:rds: Fix possible deadlock in rds_message_put
  fbmem: Check virtual screen sizes in fb_set_var()
  fbcon: Prevent that screen size is smaller than font size
  printk: Export is_console_locked
  memcg: enable accounting of ipc resources
  cgroup/cpuset: Prevent UAF in proc_cpuset_show()
  ...

Change-Id: I7da4d8d188dec9d2833216e5d6580dbd72b99240
Signed-off-by: Richard Raya <rdxzv.dev@gmail.com>
 2024-10-29 20:17:04 -03:00
Andreas Gruenbacher
431cbbd124 gfs2: setattr_chown: Add missing initialization 
[ Upstream commit 2d8d7990619878a848b1d916c2f936d3012ee17d ]

Add a missing initialization of variable ap in setattr_chown().
Without, chown() may be able to bypass quotas.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 686ef69ca191dcba8d325334c65a04a2589383e6)
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
 2024-10-24 10:07:37 +00:00
Greg Kroah-Hartman
52d13de272 This is the 4.14.331 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVmGT0ACgkQONu9yGCS
 aT5ERQ//Tx5hvAL4WlnyNLMshNB5Ep8cuB1JryM1pi5BbtQxToDFZv3aJKkqj2K3
 CRFq1x5hO9dli5MK5RTaO4JwCSwOphBDEqswOrtIdI7nHHzkMGBF7UUwezc6M5TZ
 7cjs3LFnsVJJITBUAM/f33HyYXUPiMw/TEcWcFnJLJgWQafpOQ4kRH5k5UOL8Kgm
 LV+E9YhBikaRpPpsC6obxT7KnaSnOScdUjjD+DRBm+UNhx/F3HVSY2ZY/Mr1XTyJ
 v0QhzMAgWdBVGja8+9qU2e8pPw36NcEli539iU4HfrmCUry4J0Mh+XFYbpzvhQLC
 U72e0vIoievkxYM1krnI2+wIFh58qlFGwKEIYag+eg0DuJn4ttaTFG9+rkn2lcI9
 +d6JqALAImPtd5ZdISj7mBI8mWoTl73Hl5RNnJQQBaBwdHZQc2IXXJQUSbfyDE8/
 gor9eEls3E2FtucEtihbsCF/5M0IXs+tr4b67qo73HfS6lqGFGLAFQUlKvhPr0R/
 baoEoIb6bsH9oTCLjNoH1vSRPM9VEj3+AFOzK4D3wlfEhDRYkNZDQ/MF3btv6HTp
 ifLXerLLxSK56OOqn3yyGOmUhtpR+sPLBrjhrALrcWOjESH9i7zvmHRLCow9qbmx
 bf6Qxz6L8/+JIkdDNCN/l7NuzNyCUj0U/ObR1WWXp/n8ZqUpGR0=
 =rkdh
 -----END PGP SIGNATURE-----

Merge 4.14.331 into android-4.14-stable

Changes in 4.14.331
	locking/ww_mutex/test: Fix potential workqueue corruption
	clocksource/drivers/timer-imx-gpt: Fix potential memory leak
	clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware
	x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
	wifi: mac80211: don't return unset power in ieee80211_get_tx_power()
	wifi: ath9k: fix clang-specific fortify warnings
	wifi: ath10k: fix clang-specific fortify warning
	net: annotate data-races around sk->sk_dst_pending_confirm
	drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
	drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga
	selftests/efivarfs: create-read: fix a resource leak
	crypto: pcrypt - Fix hungtask for PADATA_RESET
	RDMA/hfi1: Use FIELD_GET() to extract Link Width
	fs/jfs: Add check for negative db_l2nbperpage
	fs/jfs: Add validity check for db_maxag and db_agpref
	jfs: fix array-index-out-of-bounds in dbFindLeaf
	jfs: fix array-index-out-of-bounds in diAlloc
	ALSA: hda: Fix possible null-ptr-deref when assigning a stream
	atm: iphase: Do PCI error checks on own line
	scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
	tty: vcc: Add check for kstrdup() in vcc_probe()
	i2c: sun6i-p2wi: Prevent potential division by zero
	media: gspca: cpia1: shift-out-of-bounds in set_flicker
	media: vivid: avoid integer overflow
	gfs2: ignore negated quota changes
	pwm: Fix double shift bug
	media: venus: hfi: add checks to perform sanity on queue pointers
	randstruct: Fix gcc-plugin performance mode to stay in group
	KVM: x86: Ignore MSR_AMD64_TW_CFG access
	audit: don't take task_lock() in audit_exe_compare() code path
	audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare()
	hvc/xen: fix error path in xen_hvc_init() to always register frontend driver
	PCI/sysfs: Protect driver's D3cold preference from user space
	mmc: vub300: fix an error code
	PM: hibernate: Use __get_safe_page() rather than touching the list
	PM: hibernate: Clean up sync_read handling in snapshot_write_next()
	mmc: meson-gx: Remove setting of CMD_CFG_ERROR
	genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware
	jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev
	mcb: fix error handling for different scenarios when parsing
	parisc: Prevent booting 64-bit kernels on PA1.x machines
	parisc/pgtable: Do not drop upper 5 address bits of physical address
	ALSA: info: Fix potential deadlock at disconnection
	net: dsa: lan9303: consequently nested-lock physical MDIO
	i2c: i801: fix potential race in i801_block_transaction_byte_by_byte
	media: sharp: fix sharp encoding
	media: venus: hfi: fix the check to handle session buffer requirement
	ext4: apply umask if ACL support is disabled
	ext4: correct offset of gdb backup in non meta_bg group to update_backups
	ext4: correct return value of ext4_convert_meta_bg
	ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks
	scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids
	net: sched: fix race condition in qdisc_graft()
	Linux 4.14.331

Change-Id: I1a1bce75363d3b2c731f3e947543c6506bed9817
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-11-28 17:35:00 +00:00
Bob Peterson
1c28dace66 gfs2: ignore negated quota changes 
[ Upstream commit 4c6a08125f2249531ec01783a5f4317d7342add5 ]

When lots of quota changes are made, there may be cases in which an
inode's quota information is increased and then decreased, such as when
blocks are added to a file, then deleted from it. If the timing is
right, function do_qc can add pending quota changes to a transaction,
then later, another call to do_qc can negate those changes, resulting
in a net gain of 0. The quota_change information is recorded in the qc
buffer (and qd element of the inode as well). The buffer is added to the
transaction by the first call to do_qc, but a subsequent call changes
the value from non-zero back to zero. At that point it's too late to
remove the buffer_head from the transaction. Later, when the quota sync
code is called, the zero-change qd element is discovered and flagged as
an assert warning. If the fs is mounted with errors=panic, the kernel
will panic.

This is usually seen when files are truncated and the quota changes are
negated by punch_hole/truncate which uses gfs2_quota_hold and
gfs2_quota_unhold rather than block allocations that use gfs2_quota_lock
and gfs2_quota_unlock which automatically do quota sync.

This patch solves the problem by adding a check to qd_check_sync such
that net-zero quota changes already added to the transaction are no
longer deemed necessary to be synced, and skipped.

In this case references are taken for the qd and the slot from do_qc
so those need to be put. The normal sequence of events for a normal
non-zero quota change is as follows:

gfs2_quota_change
   do_qc
      qd_hold
      slot_hold

Later, when the changes are to be synced:

gfs2_quota_sync
   qd_fish
      qd_check_sync
         gets qd ref via lockref_get_not_dead
   do_sync
      do_qc(QC_SYNC)
         qd_put
	    lockref_put_or_lock
   qd_unlock
      qd_put
         lockref_put_or_lock

In the net-zero change case, we add a check to qd_check_sync so it puts
the qd and slot references acquired in gfs2_quota_change and skip the
unneeded sync.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2023-11-28 16:45:44 +00:00
Greg Kroah-Hartman
274c7d23b7 This is the 4.14.324 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTvU6sACgkQONu9yGCS
 aT7tCA/+NOCZdKPoP34xWXLBPld8l2sloFb8+srIz3aB3WTGW65hpuog172pKfKI
 NZNVMPMQq8yJXoob4w+IuYAdaYVkQE7W3aTLanO5X510xrH3WRonSX6obqWk+prd
 HGuxvhb6Eulk4lFLyv3IM0xwv/iRPo9X96Gddg19niWYYmc08wKozXfw4fduIjVU
 LnuhLt1fnscexQP8BOA3g/jQ8X7aat+Os/Ggmyp2NBscFhCvQO8c0U1T/gBS632q
 al5lSr474oXFXLPPUy11D/yxkUg1YKe7CNUgMqKdGsnMqCDvVm8jik1+Md9FHNdV
 1FVi2LNzJ0OZZGgwEwba12QsHEj1BtBxo/Zzbw48nBet4HFBYFIWrZjm51EIn1IU
 gtteWKuM5wpDANsvhrJbXjGrRL3bEJ+fmAszqMcQeGOQk6Gxpmut2LVGZimvPToL
 aa7pmA+I+MXvfx8ZYxmizxxMvEuoSxDYPFsGR+GUZTYOq572N6HBoxqiPmo79EYL
 Ib3CqxuEmnOAl+Fefe7pKJqh5eR+RHCmWmtvhJMjk8FHrlzdlBtsXZUWD/vRdgGa
 GIxjOm8IuEbS3zaB62guvvpljD8d17Xtl/1eDcRqbpnUKd61a83WXw/x9Str3bHo
 AbXhE+/2pFlya7JMELDD6G5qrNuSok+V1SZy0dALTpiY5NPdqYU=
 =Jsjj
 -----END PGP SIGNATURE-----

Merge 4.14.324 into android-4.14-stable

Changes in 4.14.324
	lib/mpi: Eliminate unused umul_ppmm definitions for MIPS
	drm/radeon: Fix integer overflow in radeon_cs_parser_init
	ALSA: emu10k1: roll up loops in DSP setup code for Audigy
	quota: Properly disable quotas when add_dquot_ref() fails
	quota: fix warning in dqgrab()
	udf: Fix uninitialized array access for some pathnames
	fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
	MIPS: dec: prom: Address -Warray-bounds warning
	FS: JFS: Fix null-ptr-deref Read in txBegin
	FS: JFS: Check for read-only mounted filesystem in txBegin
	media: v4l2-mem2mem: add lock to protect parameter num_rdy
	media: platform: mediatek: vpu: fix NULL ptr dereference
	gfs2: Fix possible data races in gfs2_show_options()
	pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db()
	Bluetooth: L2CAP: Fix use-after-free
	drm/amdgpu: Fix potential fence use-after-free v2
	fbdev: mmp: fix value check in mmphw_probe()
	net: xfrm: Fix xfrm_address_filter OOB read
	net: af_key: fix sadb_x_filter validation
	ip6_vti: fix slab-use-after-free in decode_session6
	ip_vti: fix potential slab-use-after-free in decode_session6
	xfrm: add NULL check in xfrm_update_ae_params
	netfilter: nft_dynset: disallow object maps
	team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves
	i40e: fix misleading debug logs
	sock: Fix misuse of sk_under_memory_pressure()
	net: do not allow gso_size to be set to GSO_BY_FRAGS
	ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces.
	cifs: Release folio lock on fscache read hit.
	mmc: wbsd: fix double mmc_free_host() in wbsd_init()
	serial: 8250: Fix oops for port->pm on uart_change_pm()
	binder: fix memory leak in binder_init()
	test_firmware: prevent race conditions by a correct implementation of locking
	netfilter: set default timeout to 3 secs for sctp shutdown send and recv state
	ASoC: rt5665: add missed regulator_bulk_disable
	af_unix: Fix null-ptr-deref in unix_stream_sendpage().
	net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled
	net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure
	net: phy: broadcom: stub c45 read/write for 54810
	tracing: Fix memleak due to race between current_tracer and trace
	sock: annotate data-races around prot->memory_pressure
	igb: Avoid starting unnecessary workqueues
	ipvs: Improve robustness to the ipvs sysctl
	ipvs: fix racy memcpy in proc_do_sync_threshold
	ibmveth: Use dcbf rather than dcbfl
	batman-adv: Trigger events for auto adjusted MTU
	batman-adv: Do not get eth header before batadv_check_management_packet
	batman-adv: Fix TT global entry leak when client roamed back
	batman-adv: Fix batadv_v_ogm_aggr_send memory leak
	lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels
	media: vcodec: Fix potential array out-of-bounds in encoder queue_setup
	x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
	rtnetlink: Reject negative ifindexes in RTM_NEWLINK
	scsi: snic: Fix double free in snic_tgt_create()
	scsi: core: raid_class: Remove raid_component_add()
	dma-buf/sw_sync: Avoid recursive lock during fence signal
	Linux 4.14.324

Change-Id: I91a1deeaf4c37592b26abd9d9314eff77329c0f0
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-08-30 16:35:16 +00:00
Tuo Li
7e5bbeb7eb gfs2: Fix possible data races in gfs2_show_options() 
[ Upstream commit 6fa0a72cbbe45db4ed967a51f9e6f4e3afe61d20 ]

Some fields such as gt_logd_secs of the struct gfs2_tune are accessed
without holding the lock gt_spin in gfs2_show_options():

  val = sdp->sd_tune.gt_logd_secs;
  if (val != 30)
    seq_printf(s, ",commit=%d", val);

And thus can cause data races when gfs2_show_options() and other functions
such as gfs2_reconfigure() are concurrently executed:

  spin_lock(&gt->gt_spin);
  gt->gt_logd_secs = newargs->ar_commit;

To fix these possible data races, the lock sdp->sd_tune.gt_spin is
acquired before accessing the fields of gfs2_tune and released after these
accesses.

Further changes by Andreas:

- Don't hold the spin lock over the seq_printf operations.

Reported-by: BassCheck <bass@buaa.edu.cn>
Signed-off-by: Tuo Li <islituo@gmail.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2023-08-30 16:35:11 +02:00
Greg Kroah-Hartman
fce78edbb4 This is the 4.14.322 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTWAT4ACgkQONu9yGCS
 aT6kKxAA00HDcoEbS4CpQxK1ggeeW6xMFqPHHwUz62ScZPR1zcrR4ag5UrKOQALF
 cCQwt2nVBMUXciiQd3gY+MciAYPRVIXLMK9QqQEJSBZ+2p8zY3nb/HbM6o8iKQeV
 xIhUneiyHtbOyTo3oQcyET7ngwxtDp9uEnd+8I+sSbGi8Wyh8Z8L2daVQTrke1Js
 QIe3wDQsUj0pEDhRfYx29JKeQ8fBOfZlxtFEsdHvGgP/4j2EXGwyMVnt3/DVuwM8
 5/b/SML0skSh8YM9JfMQwpYpR+MAFGyyYKoF2pGu1trvyoh2Jd3TYuYcNqjwIywg
 W+ODGmULcYUYPBzUMdvrefwpn4l/2qpPCJ8FHB80h+4Jmy6PMN7lm1YnMBeQK4GP
 ACLr2BzJ4Tp5LavWZpTpqdRlC039aSZqY+7K+H/eoNstwZMU3hKc3Kn2KrPss0pp
 K0M7+8oukTnSiFNgIXVJOsr+kN1nNvtQmqCVRWlrn2cQckdDf8pVkPl/QtC3ZtWf
 aI8xYr6UpAr0z1elK5p9lO6N0R8FLwVmDG7B4b/6nLbWtRSt53ay/nMAzebodpn1
 8r+6ZoXO5LedNJsUOMJqE58X0ywbUgcx8mfkuRS8PLXEk7yI4+PR7DCeWyZ/YdVX
 dUqaYIK0yYx9yXAkMaSdrnMs+OSqa6lK9c9juPDvFox+ngLAjNk=
 =67ef
 -----END PGP SIGNATURE-----

Merge 4.14.322 into android-4.14-stable

Changes in 4.14.322
	gfs2: Don't deref jdesc in evict
	x86/microcode/AMD: Load late on both threads too
	x86/smp: Use dedicated cache-line for mwait_play_dead()
	fbdev: imsttfb: Fix use after free bug in imsttfb_probe
	drm/edid: Fix uninitialized variable in drm_cvt_modes()
	scripts/tags.sh: Resolve gtags empty index generation
	drm/amdgpu: Validate VM ioctl flags.
	treewide: Remove uninitialized_var() usage
	md/raid10: fix overflow of md/safe_mode_delay
	md/raid10: fix wrong setting of max_corr_read_errors
	md/raid10: fix io loss while replacement replace rdev
	PM: domains: fix integer overflow issues in genpd_parse_state()
	evm: Complete description of evm_inode_setattr()
	wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
	wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
	wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
	wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
	wifi: atmel: Fix an error handling path in atmel_probe()
	wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
	wifi: ray_cs: Fix an error handling path in ray_probe()
	wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
	watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
	watchdog/perf: more properly prevent false positives with turbo modes
	kexec: fix a memory leak in crash_shrink_memory()
	memstick r592: make memstick_debug_get_tpc_name() static
	wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
	wifi: ath9k: convert msecs to jiffies where needed
	netlink: fix potential deadlock in netlink_set_err()
	netlink: do not hard code device address lenth in fdb dumps
	gtp: Fix use-after-free in __gtp_encap_destroy().
	lib/ts_bm: reset initial match offset for every block of text
	netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
	netlink: Add __sock_i_ino() for __netlink_diag_dump().
	radeon: avoid double free in ci_dpm_init()
	Input: drv260x - sleep between polling GO bit
	ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
	Input: adxl34x - do not hardcode interrupt trigger type
	drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
	ARM: ep93xx: fix missing-prototype warnings
	ASoC: es8316: Increment max value for ALC Capture Target Volume control
	soc/fsl/qe: fix usb.c build errors
	fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
	drm/radeon: fix possible division-by-zero errors
	ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
	scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
	PCI: Add pci_clear_master() stub for non-CONFIG_PCI
	pinctrl: cherryview: Return correct value if pin in push-pull mode
	perf dwarf-aux: Fix off-by-one in die_get_varname()
	pinctrl: at91-pio4: check return value of devm_kasprintf()
	crypto: nx - fix build warnings when DEBUG_FS is not enabled
	modpost: fix section mismatch message for R_ARM_ABS32
	modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
	modpost: fix off by one in is_executable_section()
	USB: serial: option: add LARA-R6 01B PIDs
	block: change all __u32 annotations to __be32 in affs_hardblocks.h
	w1: fix loop in w1_fini()
	sh: j2: Use ioremap() to translate device tree address into kernel memory
	media: usb: Check az6007_read() return value
	media: videodev2.h: Fix struct v4l2_input tuner index comment
	media: usb: siano: Fix warning due to null work_func_t function pointer
	extcon: Fix kernel doc of property fields to avoid warnings
	extcon: Fix kernel doc of property capability fields to avoid warnings
	usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
	mfd: rt5033: Drop rt5033-battery sub-device
	mfd: intel-lpss: Add missing check for platform_get_resource
	mfd: stmpe: Only disable the regulators if they are enabled
	rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
	sctp: fix potential deadlock on &net->sctp.addr_wq_lock
	Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
	spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
	mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
	powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
	net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
	tcp: annotate data races in __tcp_oow_rate_limited()
	net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
	sh: dma: Fix DMA channel offset calculation
	NFSD: add encoding of op_recall flag for write delegation
	mmc: core: disable TRIM on Kingston EMMC04G-M627
	mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
	integrity: Fix possible multiple allocation in integrity_inode_get()
	jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
	btrfs: fix race when deleting quota root from the dirty cow roots list
	ARM: orion5x: fix d2net gpio initialization
	spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
	spi: spi-fsl-spi: relax message sanity checking a little
	spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
	netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
	netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
	netfilter: nf_tables: unbind non-anonymous set if rule construction fails
	netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
	netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
	workqueue: clean up WORK_* constant types, clarify masking
	net: mvneta: fix txq_map in case of txq_number==1
	udp6: fix udp6_ehashfn() typo
	ntb: idt: Fix error handling in idt_pci_driver_init()
	NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
	ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
	NTB: ntb_transport: fix possible memory leak while device_register() fails
	ipv6/addrconf: fix a potential refcount underflow for idev
	wifi: airo: avoid uninitialized warning in airo_get_rate()
	net/sched: make psched_mtu() RTNL-less safe
	tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
	SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
	perf intel-pt: Fix CYC timestamps after standalone CBR
	ext4: fix wrong unit use in ext4_mb_clear_bb
	ext4: only update i_reserved_data_blocks on successful block allocation
	jfs: jfs_dmap: Validate db_l2nbperpage while mounting
	PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
	misc: pci_endpoint_test: Re-init completion for every test
	md/raid0: add discard support for the 'original' layout
	fs: dlm: return positive pid value for F_GETLK
	hwrng: imx-rngc - fix the timeout for init and self check
	meson saradc: fix clock divider mask length
	Revert "8250: add support for ASIX devices with a FIFO bug"
	tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
	tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
	ring-buffer: Fix deadloop issue on reading trace_pipe
	xtensa: ISS: fix call to split_if_spec
	scsi: qla2xxx: Wait for io return on terminate rport
	scsi: qla2xxx: Fix potential NULL pointer dereference
	scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
	scsi: qla2xxx: Pointer may be dereferenced
	serial: atmel: don't enable IRQs prematurely
	perf probe: Add test for regression introduced by switch to die_get_decl_file()
	fuse: revalidate: don't invalidate if interrupted
	can: bcm: Fix UAF in bcm_proc_show()
	ext4: correct inline offset when handling xattrs in inode body
	debugobjects: Recheck debug_objects_enabled before reporting
	nbd: Add the maximum limit of allocated index in nbd_dev_add
	md: fix data corruption for raid456 when reshape restart while grow up
	md/raid10: prevent soft lockup while flush writes
	posix-timers: Ensure timer ID search-loop limit is valid
	sched/fair: Don't balance task to its current running CPU
	bpf: Address KCSAN report on bpf_lru_list
	wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
	igb: Fix igb_down hung on surprise removal
	spi: bcm63xx: fix max prepend length
	fbdev: imxfb: warn about invalid left/right margin
	pinctrl: amd: Use amd_pinconf_set() for all config options
	net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
	fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
	llc: Don't drop packet from non-root netns.
	netfilter: nf_tables: fix spurious set element insertion failure
	tcp: annotate data-races around rskq_defer_accept
	tcp: annotate data-races around tp->notsent_lowat
	tcp: annotate data-races around fastopenq.max_qlen
	gpio: tps68470: Make tps68470_gpio_output() always set the initial value
	i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
	ethernet: atheros: fix return value check in atl1e_tso_csum()
	ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
	tcp: Reduce chance of collisions in inet6_hashfn().
	bonding: reset bond's flags when down link is P2P device
	team: reset team's flags when down link is P2P device
	platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
	benet: fix return value check in be_lancer_xmit_workarounds()
	ASoC: fsl_spdif: Silence output on stop
	block: Fix a source code comment in include/uapi/linux/blkzoned.h
	dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
	ata: pata_ns87415: mark ns87560_tf_read static
	ring-buffer: Fix wrong stat of cpu_buffer->read
	tracing: Fix warning in trace_buffered_event_disable()
	USB: serial: option: support Quectel EM060K_128
	USB: serial: option: add Quectel EC200A module support
	USB: serial: simple: add Kaufmann RKS+CAN VCP
	USB: serial: simple: sort driver entries
	can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
	usb: ohci-at91: Fix the unhandle interrupt when resume
	usb: xhci-mtk: set the dma max_seg_size
	Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
	staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
	hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
	tpm_tis: Explicitly check for error code
	irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
	s390/dasd: fix hanging device after quiesce/resume
	ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
	dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
	drm/client: Fix memory leak in drm_client_target_cloned
	net/sched: cls_fw: Fix improper refcount update leads to use-after-free
	net/sched: sch_qfq: account for stab overhead in qfq_enqueue
	net/sched: cls_u32: Fix reference counter leak leading to overflow
	perf: Fix function pointer case
	word-at-a-time: use the same return type for has_zero regardless of endianness
	net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
	perf test uprobe_from_different_cu: Skip if there is no gcc
	net: add missing data-race annotations around sk->sk_peek_off
	net: add missing data-race annotation for sk_ll_usec
	net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
	net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
	ip6mr: Fix skb_under_panic in ip6mr_cache_report()
	tcp_metrics: fix addr_same() helper
	tcp_metrics: annotate data-races around tm->tcpm_stamp
	tcp_metrics: annotate data-races around tm->tcpm_lock
	tcp_metrics: annotate data-races around tm->tcpm_vals[]
	tcp_metrics: annotate data-races around tm->tcpm_net
	tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
	loop: Select I/O scheduler 'none' from inside add_disk()
	libceph: fix potential hang in ceph_osdc_notify()
	USB: zaurus: Add ID for A-300/B-500/C-700
	fs/sysv: Null check to prevent null-ptr-deref bug
	Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
	net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
	ext2: Drop fragment support
	test_firmware: fix a memory leak with reqs buffer
	mtd: rawnand: omap_elm: Fix incorrect type in assignment
	drm/edid: fix objtool warning in drm_cvt_modes()
	Linux 4.14.322

Change-Id: Ia25c00bd23a112b634b83577ec7d54569e8b7c70
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-08-23 14:54:21 +00:00
Kees Cook
d68627697d treewide: Remove uninitialized_var() usage 
commit 3f649ab728cda8038259d8f14492fe400fbab911 upstream.

Using uninitialized_var() is dangerous as it papers over real bugs[1]
(or can in the future), and suppresses unrelated compiler warnings
(e.g. "unused variable"). If the compiler thinks it is uninitialized,
either simply initialize the variable or make compiler changes.

In preparation for removing[2] the[3] macro[4], remove all remaining
needless uses with the following script:

git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \
	xargs perl -pi -e \
		's/\buninitialized_var\(([^\)]+)\)/\1/g;
		 s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;'

drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid
pathological white-space.

No outstanding warnings were found building allmodconfig with GCC 9.3.0
for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64,
alpha, and m68k.

[1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/
[2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/
[3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/
[4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/

Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5
Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB
Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers
Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-08-11 11:33:32 +02:00
Bob Peterson
6fb4b34438 gfs2: Don't deref jdesc in evict 
commit 504a10d9e46bc37b23d0a1ae2f28973c8516e636 upstream.

On corrupt gfs2 file systems the evict code can try to reference the
journal descriptor structure, jdesc, after it has been freed and set to
NULL. The sequence of events is:

init_journal()
...
fail_jindex:
   gfs2_jindex_free(sdp); <------frees journals, sets jdesc = NULL
      if (gfs2_holder_initialized(&ji_gh))
         gfs2_glock_dq_uninit(&ji_gh);
fail:
   iput(sdp->sd_jindex); <--references jdesc in evict_linked_inode
      evict()
         gfs2_evict_inode()
            evict_linked_inode()
               ret = gfs2_trans_begin(sdp, 0, sdp->sd_jdesc->jd_blocks);
<------references the now freed/zeroed sd_jdesc pointer.

The call to gfs2_trans_begin is done because the truncate_inode_pages
call can cause gfs2 events that require a transaction, such as removing
journaled data (jdata) blocks from the journal.

This patch fixes the problem by adding a check for sdp->sd_jdesc to
function gfs2_evict_inode. In theory, this should only happen to corrupt
gfs2 file systems, when gfs2 detects the problem, reports it, then tries
to evict all the system inodes it has read in up to that point.

Reported-by: Yang Lan <lanyang0908@gmail.com>
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
[DP: adjusted context]
Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2023-08-11 11:33:31 +02:00
Greg Kroah-Hartman
a1789769b3 This is the 4.14.316 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmR14EYACgkQONu9yGCS
 aT5FaBAAmUwAPNKytdgTNtrVo+mZdK8IQFL3ye+gI60A8DtleJjExE/vnVVrho4k
 PsWp8QdRuEgCWRWwe3u+59z0o/3Z+PK3L3G6rge/e/oso/FanrSZOHClbaZSfegm
 iRfj6IqlvAxLaFFPUyci0z5MlKeNj16XtCo64WmDGk+VIBgvYowj5ji0kgBk/JN8
 lKpgstPhY88jA6cmLLbN5C5h8pKMOXo2DuQiJXLh3QO1LKO5gU7r1XAGD7yVM6bm
 LKT7Gi6mXnfsrfntI77h8F6bY8BOr4rgDaSizBVsx0o1DDcaLgk07xP+uM/pzuCx
 hxiS2g0vi4maR+agO2PkvjDGt3QWDXh1XyqzBH93QJ5OZcoak+UWpbHqqqVjAdmm
 eJ7GJAaqKDwWn4nLefoJw6kLz3a1MpfNZiFPsTdb5VYml9ilZat/80X1EVBWldgq
 bXIsBW/ktju/LRbr/HP3FqEhPLV8n5wdEb49qTN7nVx5+jIzZhO0hfiYq7OT5FHb
 /Ff6qOuFJ37ax50LYQQniXwpT43DBkb5oMElaLX7rQHqd6EPqX6hFpruwyK56m47
 TvnezUveh5841XYNBB7d3vneMfB5TB9WWpZ39/1ocmN1A5iUFSNghXG4C4aXNYrY
 2KYyk7IN4+rmZwuMjTKmpQ/mACrURT0StFJ/xdwKaMavg6DOa8A=
 =qekP
 -----END PGP SIGNATURE-----

Merge 4.14.316 into android-4.14-stable

Changes in 4.14.316
	net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs().
	netlink: annotate accesses to nlk->cb_running
	net: annotate sk->sk_err write from do_recvmmsg()
	ipvlan:Fix out-of-bounds caused by unclear skb->cb
	af_unix: Fix a data race of sk->sk_receive_queue->qlen.
	fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode()
	regmap: cache: Return error in cache sync operations for REGCACHE_NONE
	memstick: r592: Fix UAF bug in r592_remove due to race condition
	ACPI: EC: Fix oops when removing custom query handlers
	drm/tegra: Avoid potential 32-bit integer overflow
	ACPICA: Avoid undefined behavior: applying zero offset to null pointer
	ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects
	wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
	ext2: Check block size validity during mount
	net: pasemi: Fix return type of pasemi_mac_start_tx()
	net: Catch invalid index in XPS mapping
	lib: cpu_rmap: Avoid use after free on rmap->obj array entries
	scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition
	gfs2: Fix inode height consistency check
	ext4: set goal start correctly in ext4_mb_normalize_request
	ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa()
	wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace
	Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp
	staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
	HID: logitech-hidpp: Don't use the USB serial for USB devices
	HID: logitech-hidpp: Reconcile USB and Unifying serials
	spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3
	HID: wacom: generic: Set battery quirk only when we see battery data
	serial: 8250: Reinit port->pm on port specific driver unbind
	mcb-pci: Reallocate memory region to avoid memory overlapping
	sched: Fix KCSAN noinstr violation
	recordmcount: Fix memory leaks in the uwrite function
	clk: tegra20: fix gcc-7 constant overflow warning
	Input: xpad - add constants for GIP interface numbers
	phy: st: miphy28lp: use _poll_timeout functions for waits
	mfd: dln2: Fix memory leak in dln2_probe()
	cpupower: Make TSC read per CPU for Mperf monitor
	af_key: Reject optional tunnel/BEET mode templates in outbound policies
	net: fec: Better handle pm_runtime_get() failing in .remove()
	vsock: avoid to close connected socket after the timeout
	media: netup_unidvb: fix use-after-free at del_timer()
	net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()
	cassini: Fix a memory leak in the error handling path of cas_init_one()
	igb: fix bit_shift to be in [1..8] range
	vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit()
	usb-storage: fix deadlock when a scsi command timeouts more than once
	ALSA: hda: Fix Oops by 9.1 surround channel names
	ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
	statfs: enforce statfs[64] structure initialization
	serial: Add support for Advantech PCI-1611U card
	ceph: force updating the msg pointer in non-split case
	nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode()
	netfilter: nf_tables: bogus EBUSY in helper removal from transaction
	spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode
	spi: fsl-spi: Re-organise transfer bits_per_word adaptation
	spi: fsl-cpm: Use 16 bit mode for large transfers with even size
	m68k: Move signal frame following exception on 68020/030
	parisc: Allow to reboot machine after system halt
	netfilter: nftables: add nft_parse_register_load() and use it
	netfilter: nftables: add nft_parse_register_store() and use it
	netfilter: nftables: statify nft_parse_register()
	netfilter: nf_tables: validate registers coming from userspace.
	netfilter: nf_tables: add nft_setelem_parse_key()
	netfilter: nf_tables: allow up to 64 bytes in the set element data area
	netfilter: nf_tables: stricter validation of element data
	netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL
	netfilter: nf_tables: do not allow RULE_ID to refer to another chain
	netfilter: nf_tables: do not allow SET_ID to refer to another table
	netfilter: nf_tables: fix register ordering
	x86/mm: Avoid incomplete Global INVLPG flushes
	selftests/memfd: Fix unknown type name build failure
	USB: core: Add routines for endpoint checks in old drivers
	USB: sisusbvga: Add endpoint checks
	media: radio-shark: Add endpoint checks
	net: fix skb leak in __skb_tstamp_tx()
	ipv6: Fix out-of-bounds access in ipv6_find_tlv()
	power: supply: leds: Fix blink to LED on transition
	power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition
	power: supply: bq27xxx: Fix I2C IRQ race on remove
	power: supply: bq27xxx: Fix poll_interval handling and races on remove
	power: supply: sbs-charger: Fix INHIBITED bit for Status reg
	xen/pvcalls-back: fix double frees with pvcalls_new_active_socket()
	x86/show_trace_log_lvl: Ensure stack pointer is aligned, again
	forcedeth: Fix an error handling path in nv_probe()
	3c589_cs: Fix an error handling path in tc589_probe()
	Linux 4.14.316

Change-Id: I3057e11d999112040cd36a7715309365928e3c02
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2023-05-30 17:53:01 +00:00
Andreas Gruenbacher
12b32076a5 gfs2: Fix inode height consistency check 
[ Upstream commit cfcdb5bad34f600aed7613c3c1a5e618111f77b7 ]

The maximum allowed height of an inode's metadata tree depends on the
filesystem block size; it is lower for bigger-block filesystems.  When
reading in an inode, make sure that the height doesn't exceed the
maximum allowed height.

Arrays like sd_heightsize are sized to be big enough for any filesystem
block size; they will often be slightly bigger than what's needed for a
specific filesystem.

Reported-by: syzbot+45d4691b1ed3c48eba05@syzkaller.appspotmail.com
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2023-05-30 12:38:35 +01:00
Greg Kroah-Hartman
980d7f36ac This is the 4.14.300 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmOA76gACgkQONu9yGCS
 aT6Otg//dHBmQrTUsn9PalX7N8EfYPYzS46gb3VP5Zz2FWeXUs8uw6SIG6s/ChWt
 9u7T6VI6e8IwQRCzhsQBlPYKzWMl80bZXft8VpahdhtSxZ0bnWoVK+KH/x+0rono
 3Xe/yZHmkEEe2R2pn+kIBG6Bn3IIcTdlRM9EOy6Hy1yiiklq2T+z9y8yaBuYi0fs
 QG1lbU/hDc6WoYAjt4xYDUAfkPvPT7NfCHLyFAr7q0G64E8QkgQr3BqHCDeEtOlw
 dewGYUVHAluWWOUohPHyW+22gXep/eWUFxdathiamrYACR9dOIMYOczKAvorWMCF
 qSRADK6NB/tIC6kc7pR0foj0yUSowh5AYDMPxu+lF/W13bEV/3m9MBSJMztzGIys
 4dW/RG4IjtgR3LBL8fffeXCnmy2VgFOeUqbhKchSQtrJq2DDqdeOcA1RJZpej4v+
 leSLitRshASAXu+vBeSzyQC8Y1m4vH/uDzBlEA+tHFpavhx3nP4+JoAoXfUDcWAo
 rNiUq2+/X7iqpm8nNa3UGKqTefW/ztXU2BtF+n1H5tfFPIb/L+j9LEnScSUlbtRN
 i478lX6pfkx/hfF30lAb0vySyfz0ed6+neEykW4n1mrlE22rxrlH1SIb4o1M6Njr
 cns7/0aQ6wNxkkShKUttlhpmqPth+ANTMUW2gYfvtkYrDYeiD30=
 =Cb2k
 -----END PGP SIGNATURE-----

Merge 4.14.300 into android-4.14-stable

Changes in 4.14.300
	HID: hyperv: fix possible memory leak in mousevsc_probe()
	net: gso: fix panic on frag_list with mixed head alloc types
	bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
	net: fman: Unregister ethernet device on removal
	capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
	net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
	hamradio: fix issue of dev reference count leakage in bpq_device_event()
	drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
	ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
	tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
	dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
	drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
	net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
	ethernet: s2io: disable napi when start nic failed in s2io_card_up()
	net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
	net: macvlan: fix memory leaks of macvlan_common_newlink
	arm64: efi: Fix handling of misaligned runtime regions and drop warning
	ALSA: hda: fix potential memleak in 'add_widget_node'
	ALSA: usb-audio: Add quirk entry for M-Audio Micro
	nilfs2: fix deadlock in nilfs_count_free_blocks()
	drm/i915/dmabuf: fix sg_table handling in map_dma_buf
	platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
	btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
	udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
	cert host tools: Stop complaining about deprecated OpenSSL functions
	dmaengine: at_hdmac: Fix at_lli struct definition
	dmaengine: at_hdmac: Don't start transactions at tx_submit level
	dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
	dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
	dmaengine: at_hdmac: Fix impossible condition
	dmaengine: at_hdmac: Check return code of dma_async_device_register
	x86/cpu: Restore AMD's DE_CFG MSR after resume
	selftests/futex: fix build for clang
	drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
	Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
	ASoC: core: Fix use-after-free in snd_soc_exit()
	serial: 8250_omap: remove wait loop from Errata i202 workaround
	serial: 8250: omap: Flush PM QOS work on remove
	tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
	ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
	block: sed-opal: kmalloc the cmd/resp buffers
	parport_pc: Avoid FIFO port location truncation
	pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
	net: bgmac: Drop free_netdev() from bgmac_enet_remove()
	mISDN: fix possible memory leak in mISDN_dsp_element_register()
	mISDN: fix misuse of put_device() in mISDN_register_device()
	net: caif: fix double disconnect client in chnl_net_open()
	xen/pcpu: fix possible memory leak in register_pcpu()
	drbd: use after free in drbd_create_device()
	net/x25: Fix skb leak in x25_lapb_receive_frame()
	cifs: Fix wrong return value checking when GETFLAGS
	ftrace: Fix the possible incorrect kernel message
	ftrace: Optimize the allocation for mcount entries
	ftrace: Fix null pointer dereference in ftrace_add_mod()
	ring_buffer: Do not deactivate non-existant pages
	ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
	USB: serial: option: add Sierra Wireless EM9191
	USB: serial: option: remove old LARA-R6 PID
	USB: serial: option: add u-blox LARA-R6 00B modem
	USB: serial: option: add u-blox LARA-L6 modem
	USB: serial: option: add Fibocom FM160 0x0111 composition
	usb: add NO_LPM quirk for Realforce 87U Keyboard
	usb: chipidea: fix deadlock in ci_otg_del_timer
	iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
	iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
	iio: pressure: ms5611: changed hardcoded SPI speed to value limited
	dm ioctl: fix misbehavior if list_versions races with module loading
	serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
	serial: 8250_lpss: Configure DMA also w/o DMA filter
	mmc: core: properly select voltage range without power cycle
	mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
	misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
	nilfs2: fix use-after-free bug of ns_writer on remount
	serial: 8250: Flush DMA Rx on RLSI
	macvlan: enforce a consistent minimal mtu
	tcp: cdg: allow tcp_cdg_release() to be called multiple times
	kcm: avoid potential race in kcm_tx_work
	bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
	kcm: close race conditions on sk_receive_queue
	9p: trans_fd/p9_conn_cancel: drop client lock earlier
	gfs2: Check sb_bsize_shift after reading superblock
	gfs2: Switch from strlcpy to strscpy
	9p/trans_fd: always use O_NONBLOCK read/write
	mm: fs: initialize fsdata passed to write_begin/write_end interface
	ntfs: fix use-after-free in ntfs_attr_find()
	ntfs: fix out-of-bounds read in ntfs_attr_find()
	ntfs: check overflow when iterating ATTR_RECORDs
	Linux 4.14.300

Change-Id: I6e30b49a26cfda34ab6d259641dc4ea488d312eb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2022-11-28 16:00:17 +00:00
Andreas Gruenbacher
aa9ac2adb9 gfs2: Switch from strlcpy to strscpy 
commit 204c0300c4e99707e9fb6e57840aa1127060e63f upstream.

Switch from strlcpy to strscpy and make sure that @count is the size of
the smaller of the source and destination buffers.  This prevents
reading beyond the end of the source buffer when the source string isn't
null terminated.

Found by a modified version of syzkaller.

Suggested-by: Wolfram Sang <wsa+renesas@sang-engineering.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-11-25 17:36:55 +01:00
Andrew Price
1ad1970973 gfs2: Check sb_bsize_shift after reading superblock 
commit 670f8ce56dd0632dc29a0322e188cc73ce3c6b92 upstream.

Fuzzers like to scribble over sb_bsize_shift but in reality it's very
unlikely that this field would be corrupted on its own. Nevertheless it
should be checked to avoid the possibility of messy mount errors due to
bad calculations. It's always a fixed value based on the block size so
we can just check that it's the expected value.

Tested with:

    mkfs.gfs2 -O -p lock_nolock /dev/vdb
    for i in 0 -1 64 65 32 33; do
        gfs2_edit -p sb field sb_bsize_shift $i /dev/vdb
        mount /dev/vdb /mnt/test && umount /mnt/test
    done

Before this patch we get a withdraw after

[   76.413681] gfs2: fsid=loop0.0: fatal: invalid metadata block
[   76.413681]   bh = 19 (type: exp=5, found=4)
[   76.413681]   function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 492

and with UBSAN configured we also get complaints like

[   76.373395] UBSAN: shift-out-of-bounds in fs/gfs2/ops_fstype.c:295:19
[   76.373815] shift exponent 4294967287 is too large for 64-bit type 'long unsigned int'

After the patch, these complaints don't appear, mount fails immediately
and we get an explanation in dmesg.

Reported-by: syzbot+dcf33a7aae997956fe06@syzkaller.appspotmail.com
Signed-off-by: Andrew Price <anprice@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-11-25 17:36:54 +01:00
Greg Kroah-Hartman
1f81516a88 This is the 4.14.277 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJpJdkACgkQONu9yGCS
 aT5RwRAAo8Dj4JhtWbXPrlYvoyJsLq0xo9jNIg+z7FahZnLKLBXAbTGVl+3Y3AJz
 AxntuiM8CIw7A1t7mMNwjtBhkbEZmlLtCg9Nxa8y5NBzjrlU+VdptRkLB26tcd7V
 bnen4mgX85d2OkvCqtcnYh7bE+tJSzT6nylcS43SrW7zkeU4WL/VN1viBaflKmYg
 xjd/R26+y479w/uKA+G7kvE0NeRxNDdMHVPWQZz9ZFKPmaDwMQedFSppZvE4TBth
 Ut5aNsSX0M6Nc3AQ15vhUq0W+LV6EpK793WRrhfDc2cYL/sxz/QBLrR5tbP5M4ay
 uQ8hYHsSHH9CH2srR6eJqR3c6ATn1u2H2DW2trMSWpUBYXYfG6uCjnZOygxNis2r
 r4f+IRmnZn7ussKfSZGC+HVfrvQFeUK4fldmdLAxRRnpVU5xYBxvNPI/Da+GmISz
 Km/zlLnpt/VJMK5ppHZCvp6L5FEA5dkMouoh8Mihiig1GoxjUemoHZYq/1PHp30p
 W5OCvumGhwzDMyYiUaBl1FJ3VpiSNRCqj0z5Xp8sdc6oaDYjbJUXr8g1FkLN9jxw
 kimjnzgcTsPgHPfP8UEIMo8Qh4HqmQKPUwZpYNhSZcNyId4PjZxR2uNX2ABDki+t
 oOiV1oORx7dv0LAg3tCown7uWirzIE1LRt8ahKkSi3VYkwibf6U=
 =HfMy
 -----END PGP SIGNATURE-----

Merge 4.14.277 into android-4.14-stable

Changes in 4.14.277
	etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
	mm: page_alloc: fix building error on -Werror=array-compare
	tracing: Have traceon and traceoff trigger honor the instance
	tracing: Dump stacktrace trigger to the corresponding instance
	can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
	gfs2: assign rgrp glock before compute_bitstructs
	ALSA: usb-audio: Clear MIDI port active flag after draining
	tcp: fix race condition when creating child sockets from syncookies
	tcp: Fix potential use-after-free due to double kfree()
	dmaengine: imx-sdma: Fix error checking in sdma_event_remap
	net/packet: fix packet_sock xmit return value checking
	netlink: reset network and mac headers in netlink_dump()
	ARM: vexpress/spc: Avoid negative array index when !SMP
	platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative
	ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant
	vxlan: fix error return code in vxlan_fdb_append
	cifs: Check the IOCB_DIRECT flag, not O_DIRECT
	brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant
	drm/msm/mdp5: check the return of kzalloc()
	net: macb: Restart tx only if queue pointer is lagging
	stat: fix inconsistency between struct stat and struct compat_stat
	ata: pata_marvell: Check the 'bmdma_addr' beforing reading
	dma: at_xdmac: fix a missing check on list iterator
	powerpc/perf: Fix power9 event alternatives
	openvswitch: fix OOB access in reserve_sfa_size()
	ASoC: soc-dapm: fix two incorrect uses of list iterator
	e1000e: Fix possible overflow in LTR decoding
	ARC: entry: fix syscall_trace_exit argument
	ext4: fix symlink file size not match to file content
	ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
	ext4: fix overhead calculation to account for the reserved gdt blocks
	ext4: force overhead calculation if the s_overhead_cluster makes no sense
	staging: ion: Prevent incorrect reference counting behavour
	block/compat_ioctl: fix range check in BLKGETSIZE
	ax25: add refcount in ax25_dev to avoid UAF bugs
	ax25: fix reference count leaks of ax25_dev
	ax25: fix UAF bugs of net_device caused by rebinding operation
	ax25: Fix refcount leaks caused by ax25_cb_del()
	ax25: fix UAF bug in ax25_send_control()
	ax25: fix NPD bug in ax25_disconnect
	ax25: Fix NULL pointer dereferences in ax25 timers
	ax25: Fix UAF bugs in ax25 timers
	Revert "net: micrel: fix KS8851_MLL Kconfig"
	Linux 4.14.277

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8df77df882183aec177fa9d6d0f8cbe8ebbf54c2
 2022-04-27 13:36:01 +02:00
Bob Peterson
419adf1106 gfs2: assign rgrp glock before compute_bitstructs 
commit 428f651cb80b227af47fc302e4931791f2fb4741 upstream.

Before this patch, function read_rindex_entry called compute_bitstructs
before it allocated a glock for the rgrp. But if compute_bitstructs found
a problem with the rgrp, it called gfs2_consist_rgrpd, and that called
gfs2_dump_glock for rgd->rd_gl which had not yet been assigned.

read_rindex_entry
   compute_bitstructs
      gfs2_consist_rgrpd
         gfs2_dump_glock <---------rgd->rd_gl was not set.

This patch changes read_rindex_entry so it assigns an rgrp glock before
calling compute_bitstructs so gfs2_dump_glock does not reference an
unassigned pointer. If an error is discovered, the glock must also be
put, so a new goto and label were added.

Reported-by: syzbot+c6fd14145e2f62ca0784@syzkaller.appspotmail.com
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-04-27 13:15:29 +02:00
Greg Kroah-Hartman
b296bf0cb0 This is the 4.14.276 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmJfsXYACgkQONu9yGCS
 aT4FSg/+JNuh/FNAa4Es7pC4O3BpsaIIji6MEYjSw1sMMgqtmXCnbm+1TCsgCOee
 auBiVGZzNjLRNESrqOPisEA5aUs31i3fVOD0c55bHgOhqxtLxaU7HmtqIlfvnEKu
 a49LRtqq3AEObilBFeBHQnUrTEGO/MnI4XoUsLdR6FWJBnYsBLczDdNGYIWZ/hCX
 y129piS/P53nHfmPTMH0De6soOXFIx3d82437pwA0vDEANtMx8lyaW+kdPSsgZl7
 03JAQFW1KRjiLzHt+9w7c78dbnyEIQd78W4wn4NFglN7Ybxi7NFEjaf0xnyerwG2
 b38ofe8Gw5IqUzF6eCHliG1UgQwZD7pNBjOIKukrpxL3bIEcTOhIQeu1HCm901k0
 /Y53ju6tNCrv2PbHVylYibasxPiA2gxzFwJW/JvWWTtZZ6AwkZV0fs3LXXpmDix3
 7n/QBjQcz4sOAAWwFoaxneUOTaNoFseZtW/dgqbq+Ukgt2SCP15EUDMVjIXi3fDr
 3z5+QvO5IbjbcsFShVfDQ6RfnALp4TWXbrPQ+RTK77BZTbMNg7wjKxBC2MmTmStI
 8aiDYecKR4FOXdW930zxYHS76gx57V30hur7jlqjFz0uNYnXU/R42kKUxEqD/86G
 UNX+zMv9uH5INANIy4P6DNZyZoTHQgdMIuuhKvntg/G3BcQ5I7k=
 =zpoO
 -----END PGP SIGNATURE-----

Merge 4.14.276 into android-4.14-stable

Changes in 4.14.276
	USB: serial: pl2303: add IBM device IDs
	USB: serial: simple: add Nokia phone driver
	netdevice: add the case if dev is NULL
	virtio_console: break out of buf poll on remove
	ethernet: sun: Free the coherent when failing in probing
	spi: Fix invalid sgs value
	spi: Fix erroneous sgs value with min_t()
	af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
	fuse: fix pipe buffer lifetime for direct_io
	tpm: fix reference counting for struct tpm_chip
	block: Add a helper to validate the block size
	virtio-blk: Use blk_validate_block_size() to validate block size
	USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c
	coresight: Fix TRCCONFIGR.QE sysfs interface
	iio: inkern: apply consumer scale on IIO_VAL_INT cases
	iio: inkern: apply consumer scale when no channel scale is available
	iio: inkern: make a best effort on offset calculation
	clk: uniphier: Fix fixed-rate initialization
	ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
	Documentation: add link to stable release candidate tree
	Documentation: update stable tree link
	SUNRPC: avoid race between mod_timer() and del_timer_sync()
	NFSD: prevent underflow in nfssvc_decode_writeargs()
	pinctrl: samsung: drop pin banks references on error paths
	can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
	jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
	jffs2: fix memory leak in jffs2_do_mount_fs
	jffs2: fix memory leak in jffs2_scan_medium
	mm/pages_alloc.c: don't create ZONE_MOVABLE beyond the end of a node
	mempolicy: mbind_range() set_policy() after vma_merge()
	scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands
	qed: display VF trust config
	qed: validate and restrict untrusted VFs vlan promisc mode
	Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
	ALSA: cs4236: fix an incorrect NULL check on list iterator
	drbd: fix potential silent data corruption
	ACPI: properties: Consistently return -ENOENT if there are no more references
	drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
	video: fbdev: sm712fb: Fix crash in smtcfb_read()
	video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
	ARM: dts: at91: sama5d2: Fix PMERRLOC resource size
	ARM: dts: exynos: fix UART3 pins configuration in Exynos5250
	ARM: dts: exynos: add missing HDMI supplies on SMDK5250
	ARM: dts: exynos: add missing HDMI supplies on SMDK5420
	carl9170: fix missing bit-wise or operator for tx_params
	thermal: int340x: Increase bitmap size
	lib/raid6/test: fix multiple definition linking error
	DEC: Limit PMAX memory probing to R3k systems
	media: davinci: vpif: fix unbalanced runtime PM get
	brcmfmac: firmware: Allocate space for default boardrev in nvram
	brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio
	PCI: pciehp: Clear cmd_busy bit in polling mode
	crypto: authenc - Fix sleep in atomic context in decrypt_tail
	crypto: mxs-dcp - Fix scatterlist processing
	spi: tegra114: Add missing IRQ check in tegra_spi_probe
	selftests/x86: Add validity check and allow field splitting
	spi: pxa2xx-pci: Balance reference count for PCI DMA device
	hwmon: (pmbus) Add mutex to regulator ops
	hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
	PM: hibernate: fix __setup handler error handling
	PM: suspend: fix return value of __setup handler
	hwrng: atmel - disable trng on failure path
	crypto: vmx - add missing dependencies
	ACPI: APEI: fix return value of __setup handlers
	crypto: ccp - ccp_dmaengine_unregister release dma channels
	hwmon: (pmbus) Add Vin unit off handling
	clocksource: acpi_pm: fix return value of __setup handler
	sched/debug: Remove mpol_get/put and task_lock/unlock from sched_show_numa
	perf/core: Fix address filter parser for multiple filters
	perf/x86/intel/pt: Fix address filter config for 32-bit kernel
	media: coda: Fix missing put_device() call in coda_get_vdoa_data
	video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
	video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
	ARM: dts: qcom: ipq4019: fix sleep clock
	soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
	media: usb: go7007: s2250-board: fix leak in probe()
	ASoC: ti: davinci-i2s: Add check for clk_enable()
	ALSA: spi: Add check for clk_enable()
	arm64: dts: ns2: Fix spi-cpol and spi-cpha property
	arm64: dts: broadcom: Fix sata nodename
	printk: fix return value of printk.devkmsg __setup handler
	ASoC: mxs-saif: Handle errors for clk_enable
	ASoC: atmel_ssc_dai: Handle errors for clk_enable
	memory: emif: Add check for setup_interrupts
	memory: emif: check the pointer temp in get_device_details()
	ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction
	media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED
	ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe
	ASoC: wm8350: Handle error for wm8350_register_irq
	ASoC: fsi: Add check for clk_enable
	video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
	ASoC: dmaengine: do not use a NULL prepare_slave_config() callback
	ASoC: mxs: Fix error handling in mxs_sgtl5000_probe
	ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
	ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe
	mtd: onenand: Check for error irq
	drm/edid: Don't clear formats if using deep color
	ath9k_htc: fix uninit value bugs
	power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe
	ray_cs: Check ioremap return value
	power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
	HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
	iwlwifi: Fix -EIO error code that is never returned
	dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
	scsi: pm8001: Fix command initialization in pm80XX_send_read_log()
	scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req()
	scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config()
	scsi: pm8001: Fix abort all task initialization
	TOMOYO: fix __setup handlers return values
	ext2: correct max file size computing
	drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
	power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return
	KVM: x86: Fix emulation in writing cr8
	KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor()
	i2c: xiic: Make bus names unique
	power: supply: wm8350-power: Handle error for wm8350_register_irq
	power: supply: wm8350-power: Add missing free in free_charger_irq
	PCI: Reduce warnings on possible RW1C corruption
	powerpc/sysdev: fix incorrect use to determine if list is empty
	mfd: mc13xxx: Add check for mc13xxx_irq_request
	vxcan: enable local echo for sent CAN frames
	MIPS: RB532: fix return value of __setup handler
	mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init
	USB: storage: ums-realtek: fix error code in rts51x_read_mem()
	af_netlink: Fix shift out of bounds in group mask calculation
	i2c: mux: demux-pinctrl: do not deactivate a master that is not active
	tcp: ensure PMTU updates are processed during fastopen
	mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
	mxser: fix xmit_buf leak in activate when LSR == 0xff
	pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add()
	staging:iio:adc:ad7280a: Fix handing of device address bit reversing.
	serial: 8250_mid: Balance reference count for PCI DMA device
	serial: 8250: Fix race condition in RTS-after-send handling
	iio: adc: Add check for devm_request_threaded_irq
	clk: qcom: clk-rcg2: Update the frac table for pixel clock
	remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region
	clk: loongson1: Terminate clk_div_table with sentinel element
	clk: clps711x: Terminate clk_div_table with sentinel element
	clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver
	NFS: remove unneeded check in decode_devicenotify_args()
	pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
	pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
	pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe
	tty: hvc: fix return value of __setup handler
	kgdboc: fix return value of __setup handler
	kgdbts: fix return value of __setup handler
	jfs: fix divide error in dbNextAG
	netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options
	xen: fix is_xen_pmu()
	net: phy: broadcom: Fix brcm_fet_config_init()
	qlcnic: dcb: default to returning -EOPNOTSUPP
	net/x25: Fix null-ptr-deref caused by x25_disconnect
	NFSv4/pNFS: Fix another issue with a list iterator pointing to the head
	lib/test: use after free in register_test_dev_kmod()
	selinux: use correct type for context length
	loop: use sysfs_emit() in the sysfs xxx show()
	Fix incorrect type in assignment of ipv6 port for audit
	irqchip/nvic: Release nvic_base upon failure
	ACPICA: Avoid walking the ACPI Namespace if it is not there
	ACPI/APEI: Limit printable size of BERT table data
	PM: core: keep irq flags in device_pm_check_callbacks()
	spi: tegra20: Use of_device_get_match_data()
	ext4: don't BUG if someone dirty pages without asking ext4 first
	ntfs: add sanity check on allocation size
	video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
	video: fbdev: w100fb: Reset global state
	video: fbdev: cirrusfb: check pixclock to avoid divide by zero
	video: fbdev: omapfb: acx565akm: replace snprintf with sysfs_emit
	ARM: dts: qcom: fix gic_irq_domain_translate warnings for msm8960
	ARM: dts: bcm2837: Add the missing L1/L2 cache information
	video: fbdev: omapfb: panel-dsi-cm: Use sysfs_emit() instead of snprintf()
	video: fbdev: omapfb: panel-tpo-td043mtea1: Use sysfs_emit() instead of snprintf()
	ASoC: soc-core: skip zero num_dai component in searching dai name
	media: cx88-mpeg: clear interrupt status register before streaming video
	ARM: tegra: tamonten: Fix I2C3 pad setting
	ARM: mmp: Fix failure to remove sram device
	video: fbdev: sm712fb: Fix crash in smtcfb_write()
	media: hdpvr: initialize dev->worker at hdpvr_register_videodev
	mmc: host: Return an error when ->enable_sdio_irq() ops is missing
	powerpc/lib/sstep: Fix 'sthcx' instruction
	powerpc/lib/sstep: Fix build errors with newer binutils
	scsi: qla2xxx: Fix warning for missing error code
	scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
	KVM: Prevent module exit until all VMs are freed
	ubifs: rename_whiteout: Fix double free for whiteout_ui->data
	ubifs: Add missing iput if do_tmpfile() failed in rename whiteout
	ubifs: setflags: Make dirtied_ino_d 8 bytes aligned
	ubifs: rename_whiteout: correct old_dir size computing
	can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
	can: mcba_usb: properly check endpoint type
	gfs2: Make sure FITRIM minlen is rounded up to fs block size
	pinctrl: pinconf-generic: Print arguments for bias-pull-*
	ubi: Fix race condition between ctrl_cdev_ioctl and ubi_cdev_ioctl
	ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
	mm/mmap: return 1 from stack_guard_gap __setup() handler
	mm/memcontrol: return 1 from cgroup.memory __setup() handler
	ubi: fastmap: Return error code if memory allocation fails in add_aeb()
	ASoC: topology: Allow TLV control to be either read or write
	ARM: dts: spear1340: Update serial node properties
	ARM: dts: spear13xx: Update SPI dma properties
	openvswitch: Fixed nd target mask field in the flow dump.
	KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated
	ubifs: Rectify space amount budget for mkdir/tmpfile operations
	rtc: wm8350: Handle error for wm8350_register_irq
	ARM: 9187/1: JIVE: fix return value of __setup handler
	KVM: x86/svm: Clear reserved bits written to PerfEvtSeln MSRs
	ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
	ptp: replace snprintf with sysfs_emit
	powerpc: dts: t104xrdb: fix phy type for FMAN 4/5
	scsi: mvsas: Replace snprintf() with sysfs_emit()
	scsi: bfa: Replace snprintf() with sysfs_emit()
	power: supply: axp20x_battery: properly report current when discharging
	powerpc: Set crashkernel offset to mid of RMA region
	PCI: aardvark: Fix support for MSI interrupts
	iommu/arm-smmu-v3: fix event handling soft lockup
	dm ioctl: prevent potential spectre v1 gadget
	scsi: pm8001: Fix pm8001_mpi_task_abort_resp()
	scsi: aha152x: Fix aha152x_setup() __setup handler return value
	net/smc: correct settings of RMB window update limit
	macvtap: advertise link netns via netlink
	bnxt_en: Eliminate unintended link toggle during FW reset
	MIPS: fix fortify panic when copying asm exception handlers
	scsi: libfc: Fix use after free in fc_exch_abts_resp()
	usb: dwc3: omap: fix "unbalanced disables for smps10_out1" on omap5evm
	xtensa: fix DTC warning unit_address_format
	Bluetooth: Fix use after free in hci_send_acl
	init/main.c: return 1 from handled __setup() functions
	w1: w1_therm: fixes w1_seq for ds28ea00 sensors
	SUNRPC/call_alloc: async tasks mustn't block waiting for memory
	NFS: swap IO handling is slightly different for O_DIRECT IO
	NFS: swap-out must always use STABLE writes.
	serial: samsung_tty: do not unlock port->lock for uart_write_wakeup()
	virtio_console: eliminate anonymous module_init & module_exit
	jfs: prevent NULL deref in diFree
	parisc: Fix CPU affinity for Lasi, WAX and Dino chips
	ipv6: add missing tx timestamping on IPPROTO_RAW
	net: add missing SOF_TIMESTAMPING_OPT_ID support
	mm: fix race between MADV_FREE reclaim and blkdev direct IO read
	drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
	scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
	net: stmmac: Fix unset max_speed difference between DT and non-DT platforms
	drm/imx: Fix memory leak in imx_pd_connector_get_modes
	drbd: Fix five use after free bugs in get_initial_state
	Revert "mmc: sdhci-xenon: fix annoying 1.8V regulator warning"
	mmmremap.c: avoid pointless invalidate_range_start/end on mremap(old_size=0)
	mm/mempolicy: fix mpol_new leak in shared_policy_replace
	x86/pm: Save the MSR validity status at context setup
	x86/speculation: Restore speculation related MSRs during S3 resume
	btrfs: fix qgroup reserve overflow the qgroup limit
	arm64: patch_text: Fixup last cpu should be master
	perf: qcom_l2_pmu: fix an incorrect NULL check on list iterator
	tools build: Use $(shell ) instead of `` to get embedded libperl's ccopts
	dmaengine: Revert "dmaengine: shdma: Fix runtime PM imbalance on error"
	mm: don't skip swap entry even if zap_details specified
	arm64: module: remove (NOLOAD) from linker script
	mm/sparsemem: fix 'mem_section' will never be NULL gcc 12 warning
	cgroup: Use open-time credentials for process migraton perm checks
	cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
	cgroup: Use open-time cgroup namespace for process migration perm checks
	xfrm: policy: match with both mark and mask on user interfaces
	memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
	veth: Ensure eth header is in skb's linear part
	gpiolib: acpi: use correct format characters
	mlxsw: i2c: Fix initialization error flow
	net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link
	nfc: nci: add flush_workqueue to prevent uaf
	cifs: potential buffer overflow in handling symlinks
	drm/amd: Add USBC connector ID
	drm/amdkfd: Check for potential null return of kmalloc_array()
	Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer
	scsi: target: tcmu: Fix possible page UAF
	scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
	net: micrel: fix KS8851_MLL Kconfig
	ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
	gpu: ipu-v3: Fix dev_dbg frequency output
	scsi: mvsas: Add PCI ID of RocketRaid 2640
	drivers: net: slip: fix NPD bug in sl_tx_timeout()
	mm, page_alloc: fix build_zonerefs_node()
	mm: kmemleak: take a full lowmem check in kmemleak_*_phys()
	gcc-plugins: latent_entropy: use /dev/urandom
	ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
	ARM: davinci: da850-evm: Avoid NULL pointer dereference
	smp: Fix offline cpu check in flush_smp_call_function_queue()
	i2c: pasemi: Wait for write xfers to finish
	Linux 4.14.276

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I45d8292ce654c0236758030a89b4618cf3a3d87b
 2022-04-21 14:08:46 +02:00
Andrew Price
a598bd99b0 gfs2: Make sure FITRIM minlen is rounded up to fs block size 
commit 27ca8273fda398638ca994a207323a85b6d81190 upstream.

Per fstrim(8) we must round up the minlen argument to the fs block size.
The current calculation doesn't take into account devices that have a
discard granularity and requested minlen less than 1 fs block, so the
value can get shifted away to zero in the translation to fs blocks.

The zero minlen passed to gfs2_rgrp_send_discards() then allows
sb_issue_discard() to be called with nr_sects == 0 which returns -EINVAL
and results in gfs2_rgrp_send_discards() returning -EIO.

Make sure minlen is never < 1 fs block by taking the max of the
requested minlen and the fs block size before comparing to the device's
discard granularity and shifting to fs blocks.

Fixes: 076f0faa764ab ("GFS2: Fix FITRIM argument handling")
Signed-off-by: Andrew Price <anprice@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2022-04-20 09:08:24 +02:00
Greg Kroah-Hartman
1dff798c56 This is the 4.14.247 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFK+1EACgkQONu9yGCS
 aT7r6hAArGmJXgI+6YUtwD5lyBuN5L4epJeT3IZklAFcWlQKllkT1t9p4D9TSkgJ
 KxelHIKWkh3Mi67rERzT35vR69s43UgFluSn/oUGqJApG6MUHGsb4T9QC6lvqDRs
 TAGt5RY8WQPwkEcnR5qSRKxejdqQGpz8N0g8xSiLpakAavJO2/1jERYUDNDlS05b
 oZlQdZB2CHFDL7xjDLB7Zl12mRPWWnEGTjcVGaurRuUivJxVFVqCFN2tiozwC0f1
 5ZdVsAynPMl06Q8Kr+S5LfHeZ8XzqwPD4VUJfZAfak6AOsvsBa27vqJ7G6qgMfoj
 7uXBXwhw7AJwnQ8j2yLkvrh1Q0TdeL6dHAekuc8+ekPvyD026FwiqNUZFlL9JANu
 63EY3arvXg1vfugNE13GYcRcMuo7wdYViGYvQbhG4B/lhsvYfpHcTgaORqQwnsOh
 gSm4SdNmGcKG7ih/oe1mrPRtI86t7eN2oAnKFpCe57I50xfKv+IGBDELy3SeVx1O
 jXRgR6+TeLZ3lrgMxSrrRThn4q+OOwWYzZ3Z9AVEsFZ2HZSsRC3/I71YcU2N8pvl
 VEGbXhhuDvGzI94ouyep7p9zXliy7k+c3RYzXAoStkxdGIpACbca9a6qxpCkkRRA
 l8ZIqYYGs/jGasTsoOYHaMz9GVG9EsP3g6XyQL4LCQ6xBKuPzRY=
 =Fuci
 -----END PGP SIGNATURE-----

Merge 4.14.247 into android-4.14-stable

Changes in 4.14.247
	ext4: fix race writing to an inline_data file while its xattrs are changing
	xtensa: fix kconfig unmet dependency warning for HAVE_FUTEX_CMPXCHG
	qed: Fix the VF msix vectors flow
	net: macb: Add a NULL check on desc_ptp
	qede: Fix memset corruption
	perf/x86/intel/pt: Fix mask of num_address_ranges
	perf/x86/amd/ibs: Work around erratum #1197
	cryptoloop: add a deprecation warning
	ARM: 8918/2: only build return_address() if needed
	ALSA: pcm: fix divide error in snd_pcm_lib_ioctl
	clk: fix build warning for orphan_list
	media: stkwebcam: fix memory leak in stk_camera_probe
	igmp: Add ip_mc_list lock in ip_check_mc_rcu
	USB: serial: mos7720: improve OOM-handling in read_mos_reg()
	f2fs: fix potential overflow
	ath10k: fix recent bandwidth conversion bug
	ipv4/icmp: l3mdev: Perform icmp error route lookup on source device routing table (v2)
	s390/disassembler: correct disassembly lines alignment
	mm/kmemleak.c: make cond_resched() rate-limiting more efficient
	crypto: talitos - reduce max key size for SEC1
	powerpc/module64: Fix comment in R_PPC64_ENTRY handling
	powerpc/boot: Delete unneeded .globl _zimage_start
	net: ll_temac: Remove left-over debug message
	mm/page_alloc: speed up the iteration of max_order
	Revert "btrfs: compression: don't try to compress if we don't have enough pages"
	usb: host: xhci-rcar: Don't reload firmware after the completion
	x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
	PCI: Call Max Payload Size-related fixup quirks early
	regmap: fix the offset of register error log
	crypto: mxs-dcp - Check for DMA mapping errors
	power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors
	crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop()
	udf: Check LVID earlier
	isofs: joliet: Fix iocharset=utf8 mount option
	nvme-rdma: don't update queue count when failing to set io queues
	power: supply: max17042_battery: fix typo in MAx17042_TOFF
	s390/cio: add dev_busid sysfs entry for each subchannel
	libata: fix ata_host_start()
	crypto: qat - do not ignore errors from enable_vf2pf_comms()
	crypto: qat - handle both source of interrupt in VF ISR
	crypto: qat - fix reuse of completion variable
	crypto: qat - fix naming for init/shutdown VF to PF notifications
	crypto: qat - do not export adf_iov_putmsg()
	udf_get_extendedattr() had no boundary checks.
	m68k: emu: Fix invalid free in nfeth_cleanup()
	spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
	spi: spi-pic32: Fix issue with uninitialized dma_slave_config
	clocksource/drivers/sh_cmt: Fix wrong setting if don't request IRQ for clock source channel
	crypto: qat - use proper type for vf_mask
	certs: Trigger creation of RSA module signing key if it's not an RSA key
	soc: rockchip: ROCKCHIP_GRF should not default to y, unconditionally
	media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
	media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
	media: go7007: remove redundant initialization
	Bluetooth: sco: prevent information leak in sco_conn_defer_accept()
	tcp: seq_file: Avoid skipping sk during tcp_seek_last_pos
	net: cipso: fix warnings in netlbl_cipsov4_add_std
	i2c: highlander: add IRQ check
	media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
	PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
	PCI: PM: Enable PME if it can be signaled from D3cold
	soc: qcom: smsm: Fix missed interrupts if state changes while masked
	Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow
	arm64: dts: exynos: correct GIC CPU interfaces address range on Exynos7
	Bluetooth: fix repeated calls to sco_sock_kill
	drm/msm/dsi: Fix some reference counted resource leaks
	usb: gadget: udc: at91: add IRQ check
	usb: phy: fsl-usb: add IRQ check
	usb: phy: twl6030: add IRQ checks
	Bluetooth: Move shutdown callback before flushing tx and rx queue
	usb: host: ohci-tmio: add IRQ check
	usb: phy: tahvo: add IRQ check
	mac80211: Fix insufficient headroom issue for AMSDU
	usb: gadget: mv_u3d: request_irq() after initializing UDC
	Bluetooth: add timeout sanity check to hci_inquiry
	i2c: iop3xx: fix deferred probing
	i2c: s3c2410: fix IRQ check
	mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
	mmc: moxart: Fix issue with uninitialized dma_slave_config
	CIFS: Fix a potencially linear read overflow
	i2c: mt65xx: fix IRQ check
	usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
	usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available
	tty: serial: fsl_lpuart: fix the wrong mapbase value
	ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
	bcma: Fix memory leak for internally-handled cores
	ipv4: make exception cache less predictible
	net: sched: Fix qdisc_rate_table refcount leak when get tcf_block failed
	net: qualcomm: fix QCA7000 checksum handling
	netns: protect netns ID lookups with RCU
	tty: Fix data race between tiocsti() and flush_to_ldisc()
	x86/resctrl: Fix a maybe-uninitialized build warning treated as error
	KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted
	IMA: remove -Wmissing-prototypes warning
	backlight: pwm_bl: Improve bootloader/kernel device handover
	clk: kirkwood: Fix a clocking boot regression
	fbmem: don't allow too huge resolutions
	rtc: tps65910: Correct driver module alias
	blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
	blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
	PCI/MSI: Skip masking MSI-X on Xen PV
	powerpc/perf/hv-gpci: Fix counter value parsing
	xen: fix setting of max_pfn in shared_info
	include/linux/list.h: add a macro to test if entry is pointing to the head
	9p/xen: Fix end of loop tests for list_for_each_entry
	soc: aspeed: lpc-ctrl: Fix boundary check for mmap
	crypto: public_key: fix overflow during implicit conversion
	block: bfq: fix bfq_set_next_ioprio_data()
	power: supply: max17042: handle fails of reading status register
	dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
	VMCI: fix NULL pointer dereference when unmapping queue pair
	media: uvc: don't do DMA on stack
	media: rc-loopback: return number of emitters rather than error
	libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
	ARM: 9105/1: atags_to_fdt: don't warn about stack size
	PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
	PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
	PCI: xilinx-nwl: Enable the clock through CCF
	PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response
	PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
	HID: input: do not report stylus battery state as "full"
	RDMA/iwcm: Release resources if iw_cm module initialization fails
	docs: Fix infiniband uverbs minor number
	pinctrl: samsung: Fix pinctrl bank pin count
	vfio: Use config not menuconfig for VFIO_NOIOMMU
	openrisc: don't printk() unconditionally
	pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry()
	scsi: qedi: Fix error codes in qedi_alloc_global_queues()
	MIPS: Malta: fix alignment of the devicetree buffer
	media: dib8000: rewrite the init prbs logic
	crypto: mxs-dcp - Use sg_mapping_iter to copy data
	PCI: Use pci_update_current_state() in pci_enable_device_flags()
	iio: dac: ad5624r: Fix incorrect handling of an optional regulator.
	ARM: dts: qcom: apq8064: correct clock names
	video: fbdev: kyro: fix a DoS bug by restricting user input
	netlink: Deal with ESRCH error in nlmsg_notify()
	Smack: Fix wrong semantics in smk_access_entry()
	usb: host: fotg210: fix the endpoint's transactional opportunities calculation
	usb: host: fotg210: fix the actual_length of an iso packet
	usb: gadget: u_ether: fix a potential null pointer dereference
	usb: gadget: composite: Allow bMaxPower=0 if self-powered
	staging: board: Fix uninitialized spinlock when attaching genpd
	tty: serial: jsm: hold port lock when reporting modem line changes
	bpf/tests: Fix copy-and-paste error in double word test
	bpf/tests: Do not PASS tests without actually testing the result
	video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
	video: fbdev: kyro: Error out if 'pixclock' equals zero
	video: fbdev: riva: Error out if 'pixclock' equals zero
	ipv4: ip_output.c: Fix out-of-bounds warning in ip_copy_addrs()
	flow_dissector: Fix out-of-bounds warnings
	s390/jump_label: print real address in a case of a jump label bug
	serial: 8250: Define RX trigger levels for OxSemi 950 devices
	xtensa: ISS: don't panic in rs_init
	hvsi: don't panic on tty_register_driver failure
	serial: 8250_pci: make setup_port() parameters explicitly unsigned
	staging: ks7010: Fix the initialization of the 'sleep_status' structure
	ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
	Bluetooth: skip invalid hci_sync_conn_complete_evt
	ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output
	media: v4l2-dv-timings.c: fix wrong condition in two for-loops
	arm64: dts: qcom: sdm660: use reg value for memory node
	net: ethernet: stmmac: Do not use unreachable() in ipq806x_gmac_probe()
	Bluetooth: avoid circular locks in sco_sock_connect
	gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port()
	ARM: tegra: tamonten: Fix UART pad setting
	rpc: fix gss_svc_init cleanup on failure
	staging: rts5208: Fix get_ms_information() heap buffer size
	gfs2: Don't call dlm after protocol is unmounted
	mmc: sdhci-of-arasan: Check return value of non-void funtions
	mmc: rtsx_pci: Fix long reads when clock is prescaled
	selftests/bpf: Enlarge select() timeout for test_maps
	cifs: fix wrong release in sess_alloc_buffer() failed path
	Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set"
	usb: musb: musb_dsps: request_irq() after initializing musb
	usbip: give back URBs for unsent unlink requests during cleanup
	usbip:vhci_hcd USB port can get stuck in the disabled state
	ASoC: rockchip: i2s: Fix regmap_ops hang
	ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
	parport: remove non-zero check on count
	ath9k: fix OOB read ar9300_eeprom_restore_internal
	ath9k: fix sleeping in atomic context
	net: fix NULL pointer reference in cipso_v4_doi_free
	net: w5100: check return value after calling platform_get_resource()
	parisc: fix crash with signals and alloca
	scsi: BusLogic: Fix missing pr_cont() use
	scsi: qla2xxx: Sync queue idx with queue_pair_map idx
	cpufreq: powernv: Fix init_chip_info initialization in numa=off
	mm/hugetlb: initialize hugetlb_usage in mm_init
	memcg: enable accounting for pids in nested pid namespaces
	platform/chrome: cros_ec_proto: Send command again when timeout occurs
	xen: reset legacy rtc flag for PV domU
	bnx2x: Fix enabling network interfaces without VFs
	PM: base: power: don't try to use non-existing RTC for storing data
	x86/mm: Fix kern_addr_valid() to cope with existing but not present entries
	net-caif: avoid user-triggerable WARN_ON(1)
	ptp: dp83640: don't define PAGE0
	dccp: don't duplicate ccid when cloning dccp sock
	net/l2tp: Fix reference count leak in l2tp_udp_recv_core
	r6040: Restore MDIO clock frequency after MAC reset
	tipc: increase timeout in tipc_sk_enqueue()
	events: Reuse value read using READ_ONCE instead of re-reading it
	net/af_unix: fix a data-race in unix_dgram_poll
	tcp: fix tp->undo_retrans accounting in tcp_sacktag_one()
	mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range()
	dt-bindings: mtd: gpmc: Fix the ECC bytes vs. OOB bytes equation
	mfd: Don't use irq_create_mapping() to resolve a mapping
	PCI: Add ACS quirks for Cavium multi-function devices
	net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
	ethtool: Fix an error code in cxgb2.c
	PCI: Sync __pci_register_driver() stub for CONFIG_PCI=n
	mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()'
	ARC: export clear_user_page() for modules
	net: dsa: b53: Fix calculating number of switch ports
	netfilter: socket: icmp6: fix use-after-scope
	qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
	net: renesas: sh_eth: Fix freeing wrong tx descriptor
	s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
	Linux 4.14.247

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If4d48fb4bfd873036c9584406e8cf4ebbdb8a655
 2021-09-22 13:49:42 +02:00
Bob Peterson
3554b46204 gfs2: Don't call dlm after protocol is unmounted 
[ Upstream commit d1340f80f0b8066321b499a376780da00560e857 ]

In the gfs2 withdraw sequence, the dlm protocol is unmounted with a call
to lm_unmount. After a withdraw, users are allowed to unmount the
withdrawn file system. But at that point we may still have glocks left
over that we need to free via unmount's call to gfs2_gl_hash_clear.
These glocks may have never been completed because of whatever problem
caused the withdraw (IO errors or whatever).

Before this patch, function gdlm_put_lock would still try to call into
dlm to unlock these leftover glocks, which resulted in dlm returning
-EINVAL because the lock space was abandoned. These glocks were never
freed because there was no mechanism after that to free them.

This patch adds a check to gdlm_put_lock to see if the locking protocol
was inactive (DFL_UNMOUNT flag) and if so, free the glock and not
make the invalid call into dlm.

I could have combined this "if" with the one that follows, related to
leftover glock LVBs, but I felt the code was more readable with its own
if clause.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2021-09-22 11:45:30 +02:00
Greg Kroah-Hartman
954b37d98c Linux 4.14.238 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAmDcb/YACgkQ3qZv95d3
 LNxvtBAAmSuqNUAn7N49MxIV8WF0Vljy1XdWlpJ2GMYEshqQ2/YJ4wMvYWU/+Ric
 5qDVI9Ul79ZBDr2WJc3nZvAXn/IPUqSzTlZLgT+231qlAL1zFHkt0ul8T6078YqR
 5I5qoKYBE21lfkZAG974GXo0rKy82raWgrqV85r54G2JJ1ZHZmcPjBZjwaobXoby
 hs+fNRcqv02ZIiGp6Ap9Je/vkzytuqUU4V96GrbaJrDAOS4e2JmZpWQTFYwNKn4W
 n9uozBLAGwrvWFiTZ4BLKDT2+xwBXtlRzwieJb57XdWWg7OgvlFst7n3owqzNMTv
 Zai9+Ux/p0VhFDdLLLtDG+igXj33vhy/75bt+NasIrc+NHxWztwOqbdA7er1OPk0
 cGUe5r0AVK8/Z01hjkdL/qaqqVVoZy2vh88wpn1Dh9g7L82HLxyRMZS0jpSrrFpx
 GL35p+hxHyxDvixBDlenz7YQhU420D9wDcOpowdPxwbhpsK5Icpjm1tnEm6ljlzz
 fk5oa8Lg183eWPZH9OWaL5SycMuzJMdhvTCVJSyMzDuZxSq6jw6WIjdT352GCemV
 8Ctq5nQkarhcHvbHOjFviLjIUCJgNWPCMGFs47nR+6/iE920ZSWi3NJajeFjtjmI
 INYo792mUNf75uJqVhWpCTQU1x2uXqLh9oG/6iXTfv2FN42ddDM=
 =UgHQ
 -----END PGP SIGNATURE-----

Merge 4.14.238 into android-4.14-stable

Changes in 4.14.238
	net: ieee802154: fix null deref in parse dev addr
	HID: hid-sensor-hub: Return error for hid_set_field() failure
	HID: Add BUS_VIRTUAL to hid_connect logging
	HID: usbhid: fix info leak in hid_submit_ctrl
	ARM: OMAP2+: Fix build warning when mmc_omap is not built
	HID: gt683r: add missing MODULE_DEVICE_TABLE
	gfs2: Fix use-after-free in gfs2_glock_shrink_scan
	scsi: target: core: Fix warning on realtime kernels
	ethernet: myri10ge: Fix missing error code in myri10ge_probe()
	nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues()
	nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails
	nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue()
	net: ipconfig: Don't override command-line hostnames or domains
	rtnetlink: Fix missing error code in rtnl_bridge_notify()
	net/x25: Return the correct errno code
	net: Return the correct errno code
	fib: Return the correct errno code
	dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM
	dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM
	dmaengine: stedma40: add missing iounmap() on error in d40_probe()
	mm/memory-failure: make sure wait for page writeback in memory_failure
	batman-adv: Avoid WARN_ON timing related checks
	net: ipv4: fix memory leak in netlbl_cipsov4_add_std
	net: rds: fix memory leak in rds_recvmsg
	udp: fix race between close() and udp_abort()
	rtnetlink: Fix regression in bridge VLAN configuration
	netfilter: synproxy: Fix out of bounds when parsing TCP options
	alx: Fix an error handling path in 'alx_probe()'
	net: stmmac: dwmac1000: Fix extended MAC address registers definition
	qlcnic: Fix an error handling path in 'qlcnic_probe()'
	netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
	net: cdc_ncm: switch to eth%d interface naming
	net: usb: fix possible use-after-free in smsc75xx_bind
	net: ipv4: fix memory leak in ip_mc_add1_src
	net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock
	be2net: Fix an error handling path in 'be_probe()'
	net: hamradio: fix memory leak in mkiss_close
	net: cdc_eem: fix tx fixup skb leak
	icmp: don't send out ICMP messages with a source address of 0.0.0.0
	net: ethernet: fix potential use-after-free in ec_bhf_remove
	radeon: use memcpy_to/fromio for UVD fw upload
	hwmon: (scpi-hwmon) shows the negative temperature properly
	can: bcm: fix infoleak in struct bcm_msg_head
	can: mcba_usb: fix memory leak in mcba_usb
	usb: core: hub: Disable autosuspend for Cypress CY7C65632
	tracing: Do not stop recording cmdlines when tracing is off
	tracing: Do not stop recording comms if the trace file is being read
	tracing: Do no increment trace_clock_global() by one
	PCI: Mark TI C667X to avoid bus reset
	PCI: Mark some NVIDIA GPUs to avoid bus reset
	PCI: Add ACS quirk for Broadcom BCM57414 NIC
	PCI: Work around Huawei Intelligent NIC VF FLR erratum
	ARCv2: save ABI registers across signal handling
	dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
	net: bridge: fix vlan tunnel dst null pointer dereference
	net: bridge: fix vlan tunnel dst refcnt when egressing
	mm/slub.c: include swab.h
	net: fec_ptp: add clock rate zero check
	can: bcm/raw/isotp: use per module netdevice notifier
	inet: use bigger hash table for IP ID generation
	usb: dwc3: core: fix kernel panic when do reboot
	kernfs: deal with kernfs_fill_super() failures
	unfuck sysfs_mount()
	x86/fpu: Reset state for all signal restore failures
	drm/nouveau: wait for moving fence after pinning v2
	drm/radeon: wait for moving fence after pinning
	ARM: 9081/1: fix gcc-10 thumb2-kernel regression
	Makefile: Move -Wno-unused-but-set-variable out of GCC only block
	MIPS: generic: Update node names to avoid unit addresses
	arm64: perf: Disable PMU while processing counter overflows
	Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
	mac80211: remove warning in ieee80211_get_sband()
	cfg80211: call cfg80211_leave_ocb when switching away from OCB
	mac80211: drop multicast fragments
	ping: Check return value of function 'ping_queue_rcv_skb'
	inet: annotate date races around sk->sk_txhash
	net: caif: fix memory leak in ldisc_open
	net/packet: annotate accesses to po->bind
	net/packet: annotate accesses to po->ifindex
	r8152: Avoid memcpy() over-reading of ETH_SS_STATS
	sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS
	r8169: Avoid memcpy() over-reading of ETH_SS_STATS
	net: qed: Fix memcpy() overflow of qed_dcbx_params()
	net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY
	pinctrl: stm32: fix the reported number of GPIO lines per bank
	nilfs2: fix memory leak in nilfs_sysfs_delete_device_group
	i2c: robotfuzz-osif: fix control-request directions
	Linux 4.14.238

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: If0fafb89548f179bcf4114cc962164be23717637
 2021-06-30 19:16:01 +02:00
Hillf Danton
0364742dec gfs2: Fix use-after-free in gfs2_glock_shrink_scan 
[ Upstream commit 1ab19c5de4c537ec0d9b21020395a5b5a6c059b2 ]

The GLF_LRU flag is checked under lru_lock in gfs2_glock_remove_from_lru() to
remove the glock from the lru list in __gfs2_glock_put().

On the shrink scan path, the same flag is cleared under lru_lock but because
of cond_resched_lock(&lru_lock) in gfs2_dispose_glock_lru(), progress on the
put side can be made without deleting the glock from the lru list.

Keep GLF_LRU across the race window opened by cond_resched_lock(&lru_lock) to
ensure correct behavior on both sides - clear GLF_LRU after list_del under
lru_lock.

Reported-by: syzbot <syzbot+34ba7ddbf3021981a228@syzkaller.appspotmail.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2021-06-30 08:48:46 -04:00
Greg Kroah-Hartman
d45bd6ee16 This is the 4.14.231 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmB5X7IACgkQONu9yGCS
 aT7h8w/+PO3GtGFL65xIMTx1e7HY7M8WsKIYIXGZ8yd8G+AvtlWMiUxTtiQWpYY7
 Iy3BFGNSPr/ZYxQh2dkzruktWuBn0avM08XWvpM30NzuwJdhzV2FD1KdPj5OJsHv
 YV0x2kBIYvsdcDR2LtEpyeNCZj/i4PPleIIUMmqMayuXSrqzxlvQTZpW8LfqUCqM
 GOS3cf5wZl0BPfkEFAyLVNub2CotlxoDUUY6XavNOTOGnCzRB0m6nEBKwZ25g7Uw
 kdvdNo6zAgIEhgFvE8HCrDK0rBowj7zG/qk16CZXYZELRdFY/DJA+dljmqbxK+Ip
 ys6+05073Xbor5LbvmvZ4/DFR3g2f3KgR0gN/nZktyn3ECdW5opeQ0/xP3VZH73x
 wYLbhVNx6wjqdaJnu0/fffRluZtFdhKxLdABJnOVSNTkBoRPEQwnx2DpKSuXxxU/
 ofCq20nKah6S7CVpsq7bdHqcupKkEsxfAG/UaAoyBwJ4MQlpPMs4WOor09SJ05+j
 PzXozwZjFrDas/SjM0Ijg/5jdSaZBn0a23JkVYkrg/f4I+4WOZd/eb3+2135O8Nm
 ptYQxrgv4Gz7a/DSvu4FXPSRkReCKXrD28Qw1XkCqD0zQayaqMywdjGz3/FVvo2x
 ohjnJYIsD2EJpxt4GWjP5BAiREHJEFubg8Dcjq/7IQAZgBJjkSw=
 =SoaZ
 -----END PGP SIGNATURE-----

Merge 4.14.231 into android-4.14-stable

Changes in 4.14.231
	ALSA: aloop: Fix initialization of controls
	ASoC: intel: atom: Stop advertising non working S24LE support
	nfc: fix refcount leak in llcp_sock_bind()
	nfc: fix refcount leak in llcp_sock_connect()
	nfc: fix memory leak in llcp_sock_connect()
	nfc: Avoid endless loops caused by repeated llcp_sock_connect()
	xen/evtchn: Change irq_info lock to raw_spinlock_t
	net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh
	ia64: fix user_stack_pointer() for ptrace()
	ocfs2: fix deadlock between setattr and dio_end_io_write
	fs: direct-io: fix missing sdio->boundary
	parisc: parisc-agp requires SBA IOMMU driver
	parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers
	ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin
	batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
	net: ensure mac header is set in virtio_net_hdr_to_skb()
	net: sched: sch_teql: fix null-pointer dereference
	usbip: add sysfs_lock to synchronize sysfs code paths
	usbip: stub-dev synchronize sysfs code paths
	usbip: synchronize event handler with sysfs code paths
	i2c: turn recovery error on init to debug
	regulator: bd9571mwv: Fix AVS and DVFS voltage range
	ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
	amd-xgbe: Update DMA coherency values
	sch_red: fix off-by-one checks in red_check_params()
	gianfar: Handle error code at MAC address change
	net:tipc: Fix a double free in tipc_sk_mcast_rcv
	ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces
	net/ncsi: Avoid channel_monitor hrtimer deadlock
	ASoC: sunxi: sun4i-codec: fill ASoC card owner
	soc/fsl: qbman: fix conflicting alignment attributes
	clk: fix invalid usage of list cursor in register
	clk: fix invalid usage of list cursor in unregister
	workqueue: Move the position of debug_work_activate() in __queue_work()
	s390/cpcmd: fix inline assembly register clobbering
	net/mlx5: Fix placement of log_max_flow_counter
	RDMA/cxgb4: check for ipv6 address properly while destroying listener
	clk: socfpga: fix iomem pointer cast on 64-bit
	net/ncsi: Make local function ncsi_get_filter() static
	net/ncsi: Improve general state logging
	net/ncsi: Don't return error on normal response
	net/ncsi: Add generic netlink family
	net/ncsi: Refactor MAC, VLAN filters
	net/ncsi: Avoid GFP_KERNEL in response handler
	usbip: fix vudc usbip_sockfd_store races leading to gpf
	cfg80211: remove WARN_ON() in cfg80211_sme_connect
	net: tun: set tun->dev->addr_len during TUNSETLINK processing
	drivers: net: fix memory leak in atusb_probe
	drivers: net: fix memory leak in peak_usb_create_dev
	net: mac802154: Fix general protection fault
	net: ieee802154: nl-mac: fix check on panid
	net: ieee802154: fix nl802154 del llsec key
	net: ieee802154: fix nl802154 del llsec dev
	net: ieee802154: fix nl802154 add llsec key
	net: ieee802154: fix nl802154 del llsec devkey
	net: ieee802154: forbid monitor for set llsec params
	net: ieee802154: forbid monitor for del llsec seclevel
	net: ieee802154: stop dump llsec params for monitors
	Revert "cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath."
	KVM: arm64: Hide system instruction access to Trace registers
	KVM: arm64: Disable guest access to trace filter controls
	drm/imx: imx-ldb: fix out of bounds array access warning
	gfs2: report "already frozen/thawed" errors
	block: only update parent bi_status when bio fail
	net: phy: broadcom: Only advertise EEE for supported modes
	netfilter: x_tables: fix compat match/target pad out-of-bound write
	perf map: Tighten snprintf() string precision to pass gcc check on some 32-bit arches
	xen/events: fix setting irq affinity
	Linux 4.14.231

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5000f92ba1b384d06e2be0faafdf345854765b54
 2021-04-16 12:09:05 +02:00
Bob Peterson
bbae0543ef gfs2: report "already frozen/thawed" errors 
[ Upstream commit ff132c5f93c06bd4432bbab5c369e468653bdec4 ]

Before this patch, gfs2's freeze function failed to report an error
when the target file system was already frozen as it should (and as
generic vfs function freeze_super does. Similarly, gfs2's thaw function
failed to report an error when trying to thaw a file system that is not
frozen, as vfs function thaw_super does. The errors were checked, but
it always returned a 0 return code.

This patch adds the missing error return codes to gfs2 freeze and thaw.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2021-04-16 11:57:53 +02:00
Greg Kroah-Hartman
a2e73af4e5 This is the 4.14.223 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmA/xiMACgkQONu9yGCS
 aT6xPRAAubIMjvou8+ByMLEOK5HfhXN3VSi7iUQvBMsWPtW609hYMucIi6BdgUS5
 vIXy/kwMRhQ0YW8H+rsf94Doliw6kgu4ebHLZqe7aP4EMeIoJ/HXtVfxpcrc4TzK
 SdUxEEilHKlxSzhmi3Qi53KBLsJusoBg/jzNJ3PQQrX3V8Zc5XCzt1ZZIpxrnQK0
 Bv/CVqAFauMX27pqJq/Y4cSJZtZ6EbUjRekIC5tjqBDMi4Pf7wHGYj/tUSdm76Es
 9eTDmfO9Rvk0XeKKxm0dv5ffkhyi9xBmBK82GqBnHBSDpG03JOKcK5RAWRLT84Zv
 joby0dsEPYTLG3nZ7cmRW0R5952BfvkabuRj07W2zu9DanMVnQtiquFZw2YdS/7a
 Ed5lUWxdPysObd53keXtlv3hhjB+5lPIU5d3SLbsp6W08MIk9+YA1JBHeIJX9ulX
 xy7kR0kUmiqCOspCKYZKmiU8DTqzko5yQfJWHYxuNosqnUYH+K9vTz1JBStdzrGM
 ZAIDhhxPxNuC/gRlbavmbuyaHoPrBO2+l+dF/8be1YFyqMm3iIabROBWOqjnri4+
 ZAGyGpr8ktJNv8rAlFvvDbg2fYO8j8FdA1Olf+UgCWZvzKPKESGrSwHg458c37XN
 x0oWmytn5eXaY0LJgCo0D3Pf5uqrXKsazNSc/QZ9gwqf7hZJU8Y=
 =nNVc
 -----END PGP SIGNATURE-----

Merge 4.14.223 into android-4.14-stable

Changes in 4.14.223
	HID: make arrays usage and value to be the same
	usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
	ntfs: check for valid standard information attribute
	arm64: tegra: Add power-domain for Tegra210 HDA
	NET: usb: qmi_wwan: Adding support for Cinterion MV31
	cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
	scripts/recordmcount.pl: support big endian for ARCH sh
	vmlinux.lds.h: add DWARF v5 sections
	kdb: Make memory allocations more robust
	MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
	random: fix the RNDRESEEDCRNG ioctl
	Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function
	Bluetooth: Fix initializing response id after clearing struct
	ARM: dts: exynos: correct PMIC interrupt trigger level on Monk
	ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato
	ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
	ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
	arm64: dts: exynos: correct PMIC interrupt trigger level on TM2
	arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso
	cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove()
	usb: gadget: u_audio: Free requests only after callback
	Bluetooth: drop HCI device reference before return
	Bluetooth: Put HCI device if inquiry procedure interrupts
	ARM: dts: Configure missing thermal interrupt for 4430
	usb: dwc2: Do not update data length if it is 0 on inbound transfers
	usb: dwc2: Abort transaction after errors with unknown reason
	usb: dwc2: Make "trimming xfer length" a debug message
	staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules
	arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
	ARM: s3c: fix fiq for clang IAS
	bpf_lru_list: Read double-checked variable once without lock
	ath9k: fix data bus crash when setting nf_override via debugfs
	bnxt_en: reverse order of TX disable and carrier off
	xen/netback: fix spurious event detection for common event case
	mac80211: fix potential overflow when multiplying to u32 integers
	b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
	ibmvnic: skip send_request_unmap for timeout reset
	net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout
	net: amd-xgbe: Reset link when the link never comes back
	net: mvneta: Remove per-cpu queue mapping for Armada 3700
	fbdev: aty: SPARC64 requires FB_ATY_CT
	drm/gma500: Fix error return code in psb_driver_load()
	gma500: clean up error handling in init
	crypto: sun4i-ss - fix kmap usage
	MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
	MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
	media: i2c: ov5670: Fix PIXEL_RATE minimum value
	media: vsp1: Fix an error handling path in the probe function
	media: media/pci: Fix memleak in empress_init
	media: tm6000: Fix memleak in tm6000_start_stream
	ASoC: cs42l56: fix up error handling in probe
	crypto: bcm - Rename struct device_private to bcm_device_private
	media: lmedm04: Fix misuse of comma
	media: qm1d1c0042: fix error return code in qm1d1c0042_init()
	media: cx25821: Fix a bug when reallocating some dma memory
	media: pxa_camera: declare variable when DEBUG is defined
	media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
	ata: ahci_brcm: Add back regulators management
	Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind()
	btrfs: clarify error returns values in __load_free_space_cache
	hwrng: timeriomem - Fix cooldown period calculation
	crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
	ima: Free IMA measurement buffer on error
	ima: Free IMA measurement buffer after kexec syscall
	fs/jfs: fix potential integer overflow on shift of a int
	jffs2: fix use after free in jffs2_sum_write_data()
	capabilities: Don't allow writing ambiguous v3 file capabilities
	clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
	quota: Fix memory leak when handling corrupted quota file
	spi: cadence-quadspi: Abort read if dummy cycles required are too many
	HID: core: detect and skip invalid inputs to snto32()
	dmaengine: fsldma: Fix a resource leak in the remove function
	dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function
	dmaengine: hsu: disable spurious interrupt
	mfd: bd9571mwv: Use devm_mfd_add_devices()
	fdt: Properly handle "no-map" field in the memory region
	of/fdt: Make sure no-map does not remove already reserved regions
	power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
	rtc: s5m: select REGMAP_I2C
	clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
	regulator: axp20x: Fix reference cout leak
	certs: Fix blacklist flag type confusion
	spi: atmel: Put allocated master before return
	isofs: release buffer head before return
	auxdisplay: ht16k33: Fix refresh rate handling
	IB/umad: Return EIO in case of when device disassociated
	powerpc/47x: Disable 256k page size
	mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
	ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
	amba: Fix resource leak for drivers without .remove
	tracepoint: Do not fail unregistering a probe due to memory failure
	perf tools: Fix DSO filtering when not finding a map for a sampled address
	RDMA/rxe: Fix coding error in rxe_recv.c
	spi: stm32: properly handle 0 byte transfer
	mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
	powerpc/pseries/dlpar: handle ibm, configure-connector delay status
	powerpc/8xx: Fix software emulation interrupt
	spi: pxa2xx: Fix the controller numbering for Wildcat Point
	perf intel-pt: Fix missing CYC processing in PSB
	perf test: Fix unaligned access in sample parsing test
	Input: elo - fix an error code in elo_connect()
	sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
	misc: eeprom_93xx46: Fix module alias to enable module autoprobe
	misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users
	pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
	VMCI: Use set_page_dirty_lock() when unregistering guest memory
	PCI: Align checking of syscall user config accessors
	drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
	ext4: fix potential htree index checksum corruption
	i40e: Fix flow for IPv6 next header (extension header)
	i40e: Fix overwriting flow control settings during driver loading
	net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
	ocfs2: fix a use after free on error
	mm/memory.c: fix potential pte_unmap_unlock pte error
	mm/hugetlb: fix potential double free in hugetlb_register_node() error path
	arm64: Add missing ISB after invalidating TLB in __primary_switch
	i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
	mm/rmap: fix potential pte_unmap on an not mapped pte
	scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
	blk-settings: align max_sectors on "logical_block_size" boundary
	ACPI: property: Fix fwnode string properties matching
	ACPI: configfs: add missing check after configfs_register_default_group()
	HID: wacom: Ignore attempts to overwrite the touch_max value from HID
	Input: raydium_ts_i2c - do not send zero length
	Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S
	Input: joydev - prevent potential read overflow in ioctl
	Input: i8042 - add ASUS Zenbook Flip to noselftest list
	USB: serial: option: update interface mapping for ZTE P685M
	usb: musb: Fix runtime PM race in musb_queue_resume_work
	USB: serial: mos7840: fix error code in mos7840_write()
	USB: serial: mos7720: fix error code in mos7720_write()
	usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
	usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
	ALSA: hda/realtek: modify EAPD in the ALC886
	tpm_tis: Fix check_locality for correct locality acquisition
	KEYS: trusted: Fix migratable=1 failing
	btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
	btrfs: fix reloc root leak with 0 ref reloc roots on recovery
	btrfs: fix extent buffer leak on failure to copy root
	crypto: sun4i-ss - checking sg length is not sufficient
	crypto: sun4i-ss - handle BigEndian for cipher
	seccomp: Add missing return in non-void function
	drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
	staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
	x86/reboot: Force all cpus to exit VMX root if VMX is supported
	floppy: reintroduce O_NDELAY fix
	arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
	watchdog: mei_wdt: request stop on unregister
	mtd: spi-nor: hisi-sfc: Put child node np on error path
	fs/affs: release old buffer head on error path
	hugetlb: fix copy_huge_page_from_user contig page struct assumption
	mm: hugetlb: fix a race between freeing and dissolving the page
	usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
	libnvdimm/dimm: Avoid race between probe and available_slots_show()
	module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
	mmc: sdhci-esdhc-imx: fix kernel panic when remove module
	gpio: pcf857x: Fix missing first interrupt
	printk: fix deadlock when kernel panic
	f2fs: fix out-of-repair __setattr_copy()
	sparc32: fix a user-triggerable oops in clear_user()
	gfs2: Don't skip dlm unlock if glock has an lvb
	dm era: Recover committed writeset after crash
	dm era: Verify the data block size hasn't changed
	dm era: Fix bitset memory leaks
	dm era: Use correct value size in equality function of writeset tree
	dm era: Reinitialize bitset cache before digesting a new writeset
	dm era: only resize metadata in preresume
	icmp: introduce helper for nat'd source address in network device context
	icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
	gtp: use icmp_ndo_send helper
	sunvnet: use icmp_ndo_send helper
	ipv6: icmp6: avoid indirect call for icmpv6_send()
	ipv6: silence compilation warning for non-IPV6 builds
	net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
	dm era: Update in-core bitset after committing the metadata
	Linux 4.14.223

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib3da7b72393e257416645cd59c380fce3c801177
 2021-03-03 18:58:56 +01:00
Bob Peterson
eb540057b5 gfs2: Don't skip dlm unlock if glock has an lvb 
commit 78178ca844f0eb88f21f31c7fde969384be4c901 upstream.

Patch fb6791d100d1 was designed to allow gfs2 to unmount quicker by
skipping the step where it tells dlm to unlock glocks in EX with lvbs.
This was done because when gfs2 unmounts a file system, it destroys the
dlm lockspace shortly after it destroys the glocks so it doesn't need to
unlock them all: the unlock is implied when the lockspace is destroyed
by dlm.

However, that patch introduced a use-after-free in dlm: as part of its
normal dlm_recoverd process, it can call ls_recovery to recover dead
locks. In so doing, it can call recover_rsbs which calls recover_lvb for
any mastered rsbs. Func recover_lvb runs through the list of lkbs queued
to the given rsb (if the glock is cached but unlocked, it will still be
queued to the lkb, but in NL--Unlocked--mode) and if it has an lvb,
copies it to the rsb, thus trying to preserve the lkb. However, when
gfs2 skips the dlm unlock step, it frees the glock and its lvb, which
means dlm's function recover_lvb references the now freed lvb pointer,
copying the freed lvb memory to the rsb.

This patch changes the check in gdlm_put_lock so that it calls
dlm_unlock for all glocks that contain an lvb pointer.

Fixes: fb6791d100d1 ("GFS2: skip dlm_unlock calls in unmount")
Cc: stable@vger.kernel.org # v3.8+
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-03-03 18:22:55 +01:00
Greg Kroah-Hartman
75c9a7e934 This is the 4.14.218 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmAVUZ0ACgkQONu9yGCS
 aT6ZfBAApAlZxvvlJ6tk6WwCKs9hPqlSjifCOielIZHidYK/cKTvZZqH5ht7OvQp
 pOnEJ+zv0Y0WfzgzNH39ylMAaHjubKUVOlbiEkSkIPPrbMBpZG//eyf5dtwlmTWW
 nIavem/+bUvEqDTalueAu3XmjsAdk0TjqCrcMduxGMw9tDAMBy8ZDnUfYoL37U6Y
 vm7UIyPpl/1zoVHNPtznI7cVDNaOShDN5ktheozykjeZRmes9taBVCVzC4F2pgev
 Xf11eBj9KuBYwz+0Ee7D0SQ7DRssKb5P6jxm9aAqmCdH9l9Vkhqqx40+DjCM9OYg
 m0118XDaVSt6QJHVnndY2ukGu6Arsplr5erdkr6Q7dwf6HaO6pBH64P5vVk3DFpI
 I41XMRgPvuQN6VgjPN5cjmtSTzj4NcjXrp/2i+Baijk+Ob39p13o4LiLi/RAMecN
 5N3GYMbLi18V0NG3b7MOXfnnVwRo8M6HCQpShTyOxj1HO6VSvqd6/H3GXJjoWx3g
 TcYsJt55Q1cttVDZbuQpp/YIVWle5AiX9JMJfRPl2hasQNTQjOO0IBn3i1Sc+vAJ
 o6o9VNowU0bDkt99/1o1l8gQo2U/bxOoeHJ965usfovdwFizrUnSN8OUbb2yeRI4
 XHwwleRLyz9DgexHLUjtTZWYOhA3xzjaZbkjkfdYqM92V5uabKk=
 =ocgV
 -----END PGP SIGNATURE-----

Merge 4.14.218 into android-4.14-stable

Changes in 4.14.218
	i2c: bpmp-tegra: Ignore unknown I2C_M flags
	ALSA: seq: oss: Fix missing error check in snd_seq_oss_synth_make_info()
	ALSA: hda/via: Add minimum mute flag
	ACPI: scan: Make acpi_bus_get_device() clear return pointer on error
	mmc: sdhci-xenon: fix 1.8v regulator stabilization
	dm: avoid filesystem lookup in dm_get_dev_t()
	drm/atomic: put state on error path
	ASoC: Intel: haswell: Add missing pm_ops
	scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
	xen: Fix event channel callback via INTX/GSI
	drm/nouveau/bios: fix issue shadowing expansion ROMs
	drm/nouveau/privring: ack interrupts the same way as RM
	drm/nouveau/i2c/gm200: increase width of aux semaphore owner fields
	i2c: octeon: check correct size of maximum RECV_LEN packet
	can: dev: can_restart: fix use after free bug
	can: vxcan: vxcan_xmit: fix use after free bug
	iio: ad5504: Fix setting power-down state
	irqchip/mips-cpu: Set IPI domain parent chip
	intel_th: pci: Add Alder Lake-P support
	stm class: Fix module init return on allocation failure
	ehci: fix EHCI host controller initialization sequence
	USB: ehci: fix an interrupt calltrace error
	usb: udc: core: Use lock when write to soft_connect
	usb: bdc: Make bdc pci driver depend on BROKEN
	xhci: make sure TRB is fully written before giving it to the controller
	xhci: tegra: Delay for disabling LFPS detector
	compiler.h: Raise minimum version of GCC to 5.1 for arm64
	netfilter: rpfilter: mask ecn bits before fib lookup
	sh: dma: fix kconfig dependency for G2_DMA
	sh_eth: Fix power down vs. is_opened flag ordering
	skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too
	udp: mask TOS bits in udp_v4_early_demux()
	ipv6: create multicast route with RTPROT_KERNEL
	net_sched: avoid shift-out-of-bounds in tcindex_set_parms()
	net: dsa: b53: fix an off by one in checking "vlan->vid"
	futex: futex_wake_op, fix sign_extend32 sign bits
	gpio: mvebu: fix pwm .get_state period calculation
	Revert "mm/slub: fix a memory leak in sysfs_slab_add()"
	futex: Ensure the correct return value from futex_lock_pi()
	futex: Replace pointless printk in fixup_owner()
	futex: Provide and use pi_state_update_owner()
	rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
	futex: Use pi_state_update_owner() in put_pi_state()
	futex: Simplify fixup_pi_state_owner()
	futex: Handle faults correctly for PI futexes
	tracing: Fix race in trace_open and buffer resize call
	x86/boot/compressed: Disable relocation relaxation
	fs: move I_DIRTY_INODE to fs.h
	writeback: Drop I_DIRTY_TIME_EXPIRE
	fs: fix lazytime expiration handling in __writeback_single_inode()
	Linux 4.14.218

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9517930d61a86cad6d2c5c040dd20e8a44ee5d3f
 2021-01-30 14:56:15 +01:00
Christoph Hellwig
2f15ad510e fs: move I_DIRTY_INODE to fs.h 
commit 0e11f6443f522f89509495b13ef1f3745640144d upstream.

And use it in a few more places rather than opencoding the values.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2021-01-30 13:31:16 +01:00
Greg Kroah-Hartman
a40c17631d This is the 4.14.212 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl/TaHoACgkQONu9yGCS
 aT7nnBAAjAmqUgWoQncvvHzqZGnDDEciXOJNa54wYhqXp7UAopbDm0PsL3UGbT05
 7Jax7HHYzxzsgUlGMVqw2/dcuS2LaUvDisLUCVkPtFx7QgRMmJkEtMX9Cog/wmzw
 nHxWR3yEHn/BZpjasmjR+7vQj+QfI5AwzcVOhqH1gWCJ9m0vuaNz+fGdV/uJxxND
 NgmdjBnwwtXhLYfv+5oQ/KlNBThCS3p8BadoUweWurx9ZjXfLHnjEtoInzeRkV8E
 m3UfBLvnjL2HvklQ+oYXDgwqxTB9qGc33u1a2xocQLAo9gR9JR3ZN2zdlxUzaoSz
 EC/saIdD+BfVR+VMJP8tkUnimcRGSZf2asTe1o3aPaUMpt2uitOADg7KZ59Ej/W4
 WPc1eezGwGQ8wV8MrQspoo2q7dDkd2Y0SY8vH6VfEn5LiDbR9RKQhQaeI5DPMYne
 Q1zGji1pw2LGlhdothRjqihg/AzETX85MTw3Ytqxt/JckNZ/of0D+ymn2uttVAyE
 uszsI6ooKYJq93zxNBemHxa47s6Pr7KAt9FRMKBRhG9bNIGcgedNA1wuK+NSzeDh
 jU5al15RHk5GAGpkGUFkR84h1tkRiGmLdcBMATgLqmoURRp9IZOJo9VZvyK421Og
 uP2trCnmCuwhh13TsJMcCrLtvc5qX6THEsyrWKEQ+ath9c65xYM=
 =DS+6
 -----END PGP SIGNATURE-----

Merge 4.14.212 into android-4.14-stable

Changes in 4.14.212
	pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output
	pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH)
	vlan: consolidate VLAN parsing code and limit max parsing depth
	usb: gadget: f_fs: Use local copy of descriptors for userspace copy
	USB: serial: kl5kusb105: fix memleak on open
	USB: serial: ch341: add new Product ID for CH341A
	USB: serial: ch341: sort device-id entries
	USB: serial: option: add Fibocom NL668 variants
	USB: serial: option: add support for Thales Cinterion EXS82
	USB: serial: option: fix Quectel BG96 matching
	tty: Fix ->pgrp locking in tiocspgrp()
	tty: Fix ->session locking
	ALSA: hda/realtek - Add new codec supported for ALC897
	ALSA: hda/generic: Add option to enforce preferred_dacs pairs
	ftrace: Fix updating FTRACE_FL_TRAMP
	cifs: fix potential use-after-free in cifs_echo_request()
	mm/swapfile: do not sleep with a spin lock held
	i2c: imx: Fix reset of I2SR_IAL flag
	i2c: imx: Check for I2SR_IAL after every byte
	speakup: Reject setting the speakup line discipline outside of speakup
	iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs
	spi: Introduce device-managed SPI controller allocation
	spi: bcm-qspi: Fix use-after-free on unbind
	spi: bcm2835: Fix use-after-free on unbind
	spi: bcm2835: Release the DMA channel if probe fails after dma_init
	tracing: Fix userstacktrace option for instances
	gfs2: check for empty rgrp tree in gfs2_ri_update
	i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()
	Input: i8042 - fix error return code in i8042_setup_aux()
	x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes
	Linux 4.14.212

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9987d035e66f77fb885fb68c949316f5b35aa52c
 2020-12-11 14:54:55 +01:00
Bob Peterson
03c271625a gfs2: check for empty rgrp tree in gfs2_ri_update 
commit 778721510e84209f78e31e2ccb296ae36d623f5e upstream.

If gfs2 tries to mount a (corrupt) file system that has no resource
groups it still tries to set preferences on the first one, which causes
a kernel null pointer dereference. This patch adds a check to function
gfs2_ri_update so this condition is detected and reported back as an
error.

Reported-by: syzbot+e3f23ce40269a4c9053a@syzkaller.appspotmail.com
Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-12-11 13:39:06 +01:00
Greg Kroah-Hartman
76cc1c09f4 This is the 4.14.207 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+1WhoACgkQONu9yGCS
 aT7xTA/+Nec9KMVmw+In7CAgj4p6uwshPaBGVjlfrcCriuT33QlWT5aaCCm52YJt
 uQCCQKD1g+Lkd4P1bWCnRDi791dh1L7hwhPWWmKTLJitte1i/aaAUtPQRtUCeZQT
 8fNzuqBZpg5QMEnEeY8duEVfh0q/f1Gm39uB7Dvt6Z8UXbJstTgvz6XQ0AL6I+ap
 L9alHzQxOtD5c5SQoIf+qyr/zE/XPZVBxFDGsGszG/QKAtwh0vf0/R4dSKbL3Bel
 aja5xD+QS7xgyEppW8Ta/2M0oPV/1bjJj/JgkDnB4xSq1kAuHb1WAemfkhUfchW/
 LKPtjo2UzamPLjUZmd9D4WklNRiJTkoE9WdLbCUBDjFPpTSmYTlsAYs8iBczJAwX
 NO/inyOYSShg//TPpv924DVkS4blwOiNV1uRYbhxeCOlrj0VZ2BIMvKymm3k6wUY
 tVOlV7CLmdOO9tliJTs/HDZBy8qdLTxJQsKwb2MvidxX1a9VDRt2Zx5gFUJmLKMj
 GN3a77fZkBsUUrPe/tENzW9n70trS5UDJiDAIcgNvQj3N2FeBCDSojhfiQOc3gG0
 SXba1VTUX8pPzfa/4X0gJR1dN/2zM7RNDEIE29mS27j9PJFPYAsCcMTs4+iltror
 mO3gMh4jhCTvcC69gITNW1o+5RBe0NN3jq7GlVmsWmZ4MsmwfwA=
 =/Wvr
 -----END PGP SIGNATURE-----

Merge 4.14.207 into android-4.14-stable

Changes in 4.14.207
	regulator: defer probe when trying to get voltage from unresolved supply
	ring-buffer: Fix recursion protection transitions between interrupt context
	mm: mempolicy: fix potential pte_unmap_unlock pte error
	time: Prevent undefined behaviour in timespec64_to_ns()
	nbd: don't update block size after device is started
	btrfs: sysfs: init devices outside of the chunk_mutex
	btrfs: reschedule when cloning lots of extents
	genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
	hv_balloon: disable warning when floor reached
	net: xfrm: fix a race condition during allocing spi
	perf tools: Add missing swap for ino_generation
	ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
	can: rx-offload: don't call kfree_skb() from IRQ context
	can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
	can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
	can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
	can: peak_usb: add range checking in decode operations
	can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
	can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
	xfs: flush new eof page on truncate to avoid post-eof corruption
	Btrfs: fix missing error return if writeback for extent buffer never started
	ath9k_htc: Use appropriate rs_datalen type
	usb: gadget: goku_udc: fix potential crashes in probe
	gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
	gfs2: Add missing truncate_inode_pages_final for sd_aspace
	gfs2: check for live vs. read-only file system in gfs2_fitrim
	scsi: hpsa: Fix memory leak in hpsa_init_one()
	drm/amdgpu: perform srbm soft reset always on SDMA resume
	mac80211: fix use of skb payload instead of header
	cfg80211: regulatory: Fix inconsistent format argument
	scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
	iommu/amd: Increase interrupt remapping table limit to 512 entries
	pinctrl: intel: Set default bias in case no particular value given
	ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
	pinctrl: aspeed: Fix GPI only function problem.
	nbd: fix a block_device refcount leak in nbd_release
	xfs: fix flags argument to rmap lookup when converting shared file rmaps
	xfs: fix rmap key and record comparison functions
	xfs: fix a missing unlock on error in xfs_fs_map_blocks
	of/address: Fix of_node memory leak in of_dma_is_coherent
	cosa: Add missing kfree in error path of cosa_write
	perf: Fix get_recursion_context()
	ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
	ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
	thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
	uio: Fix use-after-free in uio_unregister_device()
	usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
	mei: protect mei_cl_mtu from null dereference
	futex: Don't enable IRQs unconditionally in put_pi_state()
	ocfs2: initialize ip_next_orphan
	selinux: Fix error return code in sel_ib_pkey_sid_slow()
	don't dump the threads that had been already exiting when zapped.
	drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
	pinctrl: amd: use higher precision for 512 RtcClk
	pinctrl: amd: fix incorrect way to disable debounce filter
	swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
	IPv6: Set SIT tunnel hard_header_len to zero
	net/af_iucv: fix null pointer dereference on shutdown
	net/x25: Fix null-ptr-deref in x25_connect
	vrf: Fix fast path output packet handling with async Netfilter rules
	r8169: fix potential skb double free in an error path
	net: Update window_clamp if SOCK_RCVBUF is set
	random32: make prandom_u32() output unpredictable
	x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
	perf/core: Fix bad use of igrab()
	perf/core: Fix crash when using HW tracing kernel filters
	perf/core: Fix a memory leak in perf_event_parse_addr_filter()
	xen/events: avoid removing an event channel while handling it
	xen/events: add a proper barrier to 2-level uevent unmasking
	xen/events: fix race in evtchn_fifo_unmask()
	xen/events: add a new "late EOI" evtchn framework
	xen/blkback: use lateeoi irq binding
	xen/netback: use lateeoi irq binding
	xen/scsiback: use lateeoi irq binding
	xen/pvcallsback: use lateeoi irq binding
	xen/pciback: use lateeoi irq binding
	xen/events: switch user event channels to lateeoi model
	xen/events: use a common cpu hotplug hook for event channels
	xen/events: defer eoi in case of excessive number of events
	xen/events: block rogue events for some time
	perf/core: Fix race in the perf_mmap_close() function
	Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
	reboot: fix overflow parsing reboot cpu number
	Convert trailing spaces and periods in path components
	mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
	Linux 4.14.207

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id9671f12372dd8919395ce4f175ce1a5a06ef68f
 2020-11-19 09:53:10 +01:00
Bob Peterson
73ba53619f gfs2: check for live vs. read-only file system in gfs2_fitrim 
[ Upstream commit c5c68724696e7d2f8db58a5fce3673208d35c485 ]

Before this patch, gfs2_fitrim was not properly checking for a "live" file
system. If the file system had something to trim and the file system
was read-only (or spectator) it would start the trim, but when it starts
the transaction, gfs2_trans_begin returns -EROFS (read-only file system)
and it errors out. However, if the file system was already trimmed so
there's no work to do, it never called gfs2_trans_begin. That code is
bypassed so it never returns the error. Instead, it returns a good
return code with 0 work. All this makes for inconsistent behavior:
The same fstrim command can return -EROFS in one case and 0 in another.
This tripped up xfstests generic/537 which reports the error as:

    +fstrim with unrecovered metadata just ate your filesystem

This patch adds a check for a "live" (iow, active journal, iow, RW)
file system, and if not, returns the error properly.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-11-18 18:27:55 +01:00
Bob Peterson
0bc72fb1f4 gfs2: Add missing truncate_inode_pages_final for sd_aspace 
[ Upstream commit a9dd945ccef07a904e412f208f8de708a3d7159e ]

Gfs2 creates an address space for its rgrps called sd_aspace, but it never
called truncate_inode_pages_final on it. This confused vfs greatly which
tried to reference the address space after gfs2 had freed the superblock
that contained it.

This patch adds a call to truncate_inode_pages_final for sd_aspace, thus
avoiding the use-after-free.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-11-18 18:27:55 +01:00
Bob Peterson
0a637f7c46 gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free 
[ Upstream commit d0f17d3883f1e3f085d38572c2ea8edbd5150172 ]

Function gfs2_clear_rgrpd calls kfree(rgd->rd_bits) before calling
return_all_reservations, but return_all_reservations still dereferences
rgd->rd_bits in __rs_deltree.  Fix that by moving the call to kfree below the
call to return_all_reservations.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-11-18 18:27:55 +01:00
Greg Kroah-Hartman
155b2a3170 This is the 4.14.205 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+qXXkACgkQONu9yGCS
 aT65dQ//XSAlbGEPmBNEI4Snj3xzNQFkWRDRC7+eGqkI92vpkL8H6M8f6OVUlTXA
 WgtSWK0KixoSj8oGhHoB3mylZ1KZpgb6kIMIjwP0bUYV4psav8C9khr2zfDfLnxR
 NCv6XxVKq1e2wnER42nbjqClxbE39R2YgZ3KfiMkXeo7HNsEwU3ZKLx5XdN6AfEz
 T7ZmXmSQ5+zZ7GxJhNbyI3xKAV/jYLueK2Bp/IebZY3elDS4DyklENKPsUmfP6AA
 7fvogAwy/vHoHCD7IUSInqF+Cx8g8S+Dj1gil9yqwsyLuaWB1EcOkDJFznwg9+sN
 pcpLwvGishwVJRzQzDc+p2hUp1cfu1PUZlLeaTU3qP6QELhnz4hx88ksfSvk6QOY
 8uKWM7AvnQ/Dp9a48b0gaT+wTEeYAhDXK9wj+EBmCykFYEui+8X+S93niJcmo0IY
 ciEyaKsVYv2ajjHrFaWV4VEn5U1rrzbxRw/gx3xuRnd413CYluhqSkKR1QBQ0EIV
 Z/BEaM4QSIckaSIBtXCeQAsyr2gX8kE1a3cx9xe2YylSBkbc0kLtk+lLFtBziiIK
 epnCisEOc3PY+0WyVH1McqWYtXwfsvbSEqCS/ZUFWgxKOnLyjmcKK5X/brC3fhAI
 RtomnNtdFPzaHFRLcJ8oGImhGMmFyEGJ2Xmdpinv1RQA56kxbW0=
 =MDvs
 -----END PGP SIGNATURE-----

Merge 4.14.205 into android-4.14-stable

Changes in 4.14.205
	drm/i915: Break up error capture compression loops with cond_resched()
	xen/events: don't use chip_data for legacy IRQs
	tipc: fix use-after-free in tipc_bcast_get_mode
	gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
	gianfar: Account for Tx PTP timestamp in the skb headroom
	net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition
	sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms
	sfp: Fix error handing in sfp_probe()
	Blktrace: bail out early if block debugfs is not configured
	blktrace: fix debugfs use after free
	i40e: Fix a potential NULL pointer dereference
	i40e: add num_vectors checker in iwarp handler
	i40e: Wrong truncation from u16 to u8
	i40e: Fix of memory leak and integer truncation in i40e_virtchnl.c
	i40e: Memory leak in i40e_config_iwarp_qvlist
	Fonts: Replace discarded const qualifier
	ALSA: usb-audio: Add implicit feedback quirk for Qu-16
	lib/crc32test: remove extra local_irq_disable/enable
	kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled
	mm: always have io_remap_pfn_range() set pgprot_decrypted()
	gfs2: Wake up when sd_glock_disposal becomes zero
	ftrace: Fix recursion check for NMI test
	ftrace: Handle tracing when switching between context
	tracing: Fix out of bounds write in get_trace_buf
	futex: Handle transient "ownerless" rtmutex state correctly
	ARM: dts: sun4i-a10: fix cpu_alert temperature
	x86/kexec: Use up-to-dated screen_info copy to fill boot params
	of: Fix reserved-memory overlap detection
	blk-cgroup: Fix memleak on error path
	blk-cgroup: Pre-allocate tree node on blkg_conf_prep
	scsi: core: Don't start concurrent async scan on same host
	vsock: use ns_capable_noaudit() on socket create
	drm/vc4: drv: Add error handding for bind
	ACPI: NFIT: Fix comparison to '-ENXIO'
	vt: Disable KD_FONT_OP_COPY
	fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
	serial: 8250_mtk: Fix uart_get_baud_rate warning
	serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init
	USB: serial: cyberjack: fix write-URB completion race
	USB: serial: option: add Quectel EC200T module support
	USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231
	USB: serial: option: add Telit FN980 composition 0x1055
	USB: Add NO_LPM quirk for Kingston flash drive
	usb: mtu3: fix panic in mtu3_gadget_stop()
	ARC: stack unwinding: avoid indefinite looping
	Revert "ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE"
	PM: runtime: Resume the device earlier in __device_release_driver()
	arm64: dts: marvell: espressobin: add ethernet alias
	Linux 4.14.205

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I57cdf9a75fc420bc9013c1a8e7228d2e52d44743
 2020-11-10 12:58:25 +01:00
Alexander Aring
93372bf841 gfs2: Wake up when sd_glock_disposal becomes zero 
commit da7d554f7c62d0c17c1ac3cc2586473c2d99f0bd upstream.

Commit fc0e38dae645 ("GFS2: Fix glock deallocation race") fixed a
sd_glock_disposal accounting bug by adding a missing atomic_dec
statement, but it failed to wake up sd_glock_wait when that decrement
causes sd_glock_disposal to reach zero.  As a consequence,
gfs2_gl_hash_clear can now run into a 10-minute timeout instead of
being woken up.  Add the missing wakeup.

Fixes: fc0e38dae645 ("GFS2: Fix glock deallocation race")
Cc: stable@vger.kernel.org # v2.6.39+
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-11-10 10:29:04 +01:00
Greg Kroah-Hartman
890226def6 This is the 4.14.204 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+jzuAACgkQONu9yGCS
 aT7HQhAAgdVyTKGg2cRfirxFQ8L4kHNU7Zf0NYSeFwL9lTEaC/f6jHhqzzHln/W8
 fN7u7c5KM9P7w6YjemqCeRt4b7jXuUtyx0dvGblXAGaabbUaa34yLshwv4zAW37h
 FMPBjORfmI9JIh2EgcWpmECDE6HjeP5b828LL/5FTfcOamhA6XiOFO+0vNRlMRXX
 IJY+GwfmcBRb7j7ks9q5At6bigow1UvAc7NXZPCTZRrM/RVK36nOq6aDyhegHtKg
 h4UN2NzJcR0ItyBGKiKbeyPOQfWAVzEhvD8gjNLBRt3kb5Uc0z8XWfXhFtQiBEGm
 EK4Wb8JOOcQDpUmobG9klT49sgC84qsGzwNgbSIUwyLRYxS66ouDsXf7p4T6vlKY
 Msz5sEKLXGJncDPPy3E5wtIzm7Htp8cNBUkrcjjD2mZx8CuDRy7NTKrX2mjdJa5n
 zLoW4QeMZAcMYqmfz+Z5edWY3PXflWv69kQhDXEs70rpnNg51OmeqSiJWfUnx+FT
 o0UOVsqmUqOQfDsOIY7L2rem7K7HBX14QyYAi6ZaoXzglz1ev5VBI+PgfJtc9uLf
 SMoY8K5l215zc3BWTLkLj8sq/QiZ03Jj3QKIpCZyxDiZP2/3Tn7hnprfy0x1JbqE
 bX3A8DZfkH7MvW8U42vlxQNHoFYBKUx27BP8yirwkhspLt0oHxo=
 =2cR2
 -----END PGP SIGNATURE-----

Merge 4.14.204 into android-4.14-stable

Changes in 4.14.204
	scripts/setlocalversion: make git describe output more reliable
	arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
	efivarfs: Replace invalid slashes with exclamation marks in dentries.
	gtp: fix an use-before-init in gtp_newlink()
	ravb: Fix bit fields checking in ravb_hwtstamp_get()
	tipc: fix memory leak caused by tipc_buf_append()
	arch/x86/amd/ibs: Fix re-arming IBS Fetch
	x86/xen: disable Firmware First mode for correctable memory errors
	fuse: fix page dereference after free
	p54: avoid accessing the data mapped to streaming DMA
	mtd: lpddr: Fix bad logic in print_drs_error
	ata: sata_rcar: Fix DMA boundary mask
	fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
	x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
	mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
	futex: Fix incorrect should_fail_futex() handling
	powerpc/powernv/smp: Fix spurious DBG() warning
	powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
	sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
	f2fs: add trace exit in exception path
	f2fs: fix to check segment boundary during SIT page readahead
	um: change sigio_spinlock to a mutex
	ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
	xfs: fix realtime bitmap/summary file truncation when growing rt volume
	video: fbdev: pvr2fb: initialize variables
	ath10k: start recovery process when payload length exceeds max htc length for sdio
	ath10k: fix VHT NSS calculation when STBC is enabled
	drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly
	media: videodev2.h: RGB BT2020 and HSV are always full range
	media: platform: Improve queue set up flow for bug fixing
	usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart
	media: tw5864: check status of tw5864_frameinterval_get
	mmc: via-sdmmc: Fix data race bug
	drm/bridge/synopsys: dsi: add support for non-continuous HS clock
	printk: reduce LOG_BUF_SHIFT range for H8300
	kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
	cpufreq: sti-cpufreq: add stih418 support
	USB: adutux: fix debugging
	uio: free uio id after uio file node is freed
	arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
	ACPI: Add out of bounds and numa_off protections to pxm_to_node()
	drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
	bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
	power: supply: test_power: add missing newlines when printing parameters by sysfs
	md/bitmap: md_bitmap_get_counter returns wrong blocks
	bnxt_en: Log unknown link speed appropriately.
	clk: ti: clockdomain: fix static checker warning
	net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
	drivers: watchdog: rdc321x_wdt: Fix race condition bugs
	ext4: Detect already used quota file early
	gfs2: add validation checks for size of superblock
	arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes
	memory: emif: Remove bogus debugfs error handling
	ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
	ARM: dts: s5pv210: move PMU node out of clock controller
	ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
	nbd: make the config put is called before the notifying the waiter
	sgl_alloc_order: fix memory leak
	nvme-rdma: fix crash when connect rejected
	md/raid5: fix oops during stripe resizing
	perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
	perf/x86/amd/ibs: Fix raw sample data accumulation
	leds: bcm6328, bcm6358: use devres LED registering function
	fs: Don't invalidate page buffers in block_write_full_page()
	NFS: fix nfs_path in case of a rename retry
	ACPI / extlog: Check for RDMSR failure
	ACPI: video: use ACPI backlight for HP 635 Notebook
	ACPI: debug: don't allow debugging when ACPI is disabled
	acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
	w1: mxc_w1: Fix timeout resolution problem leading to bus error
	scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
	btrfs: reschedule if necessary when logging directory items
	btrfs: send, recompute reference path after orphanization of a directory
	btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
	btrfs: cleanup cow block on error
	btrfs: fix use-after-free on readahead extent after failure to create it
	usb: dwc3: ep0: Fix ZLP for OUT ep0 requests
	usb: dwc3: core: add phy cleanup for probe error handling
	usb: dwc3: core: don't trigger runtime pm when remove driver
	usb: cdc-acm: fix cooldown mechanism
	usb: host: fsl-mph-dr-of: check return of dma_set_mask()
	drm/i915: Force VT'd workarounds when running as a guest OS
	vt: keyboard, simplify vt_kdgkbsent
	vt: keyboard, extend func_buf_lock to readers
	dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
	iio:light:si1145: Fix timestamp alignment and prevent data leak.
	iio:adc:ti-adc0832 Fix alignment issue with timestamp
	iio:adc:ti-adc12138 Fix alignment issue with timestamp
	iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
	s390/stp: add locking to sysfs functions
	powerpc/rtas: Restrict RTAS requests from userspace
	powerpc: Warn about use of smt_snooze_delay
	powerpc/powernv/elog: Fix race while processing OPAL error log event.
	NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
	NFSD: Add missing NFSv2 .pc_func methods
	ubifs: dent: Fix some potential memory leaks while iterating entries
	perf python scripting: Fix printable strings in python3 scripts
	ubi: check kthread_should_stop() after the setting of task state
	ia64: fix build error with !COREDUMP
	drm/amdgpu: don't map BO in reserved region
	ceph: promote to unsigned long long before shifting
	libceph: clear con->out_msg on Policy::stateful_server faults
	9P: Cast to loff_t before multiplying
	ring-buffer: Return 0 on success from ring_buffer_resize()
	vringh: fix __vringh_iov() when riov and wiov are different
	ext4: fix leaking sysfs kobject after failed mount
	ext4: fix error handling code in add_new_gdb
	ext4: fix invalid inode checksum
	drm/ttm: fix eviction valuable range check.
	rtc: rx8010: don't modify the global rtc ops
	tty: make FONTX ioctl use the tty pointer they were actually passed
	arm64: berlin: Select DW_APB_TIMER_OF
	cachefiles: Handle readpage error correctly
	hil/parisc: Disable HIL driver when it gets stuck
	arm: dts: mt7623: add missing pause for switchport
	ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
	ARM: s3c24xx: fix missing system reset
	device property: Keep secondary firmware node secondary by type
	device property: Don't clear secondary pointer for shared primary firmware node
	KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
	staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
	staging: octeon: repair "fixed-link" support
	staging: octeon: Drop on uncorrectable alignment or FCS error
	Linux 4.14.204

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ibed153216ddb983a9ef0640ae9c82781f51880fe
 2020-11-05 13:16:23 +01:00
Anant Thazhemadam
78734edd11 gfs2: add validation checks for size of superblock 
[ Upstream commit 0ddc5154b24c96f20e94d653b0a814438de6032b ]

In gfs2_check_sb(), no validation checks are performed with regards to
the size of the superblock.
syzkaller detected a slab-out-of-bounds bug that was primarily caused
because the block size for a superblock was set to zero.
A valid size for a superblock is a power of 2 between 512 and PAGE_SIZE.
Performing validation checks and ensuring that the size of the superblock
is valid fixes this bug.

Reported-by: syzbot+af90d47a37376844e731@syzkaller.appspotmail.com
Tested-by: syzbot+af90d47a37376844e731@syzkaller.appspotmail.com
Suggested-by: Andrew Price <anprice@redhat.com>
Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com>
[Minor code reordering.]
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-11-05 11:06:57 +01:00
Greg Kroah-Hartman
c1013a481e This is the 4.14.200 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl91udkACgkQONu9yGCS
 aT5wdw//Wn7Nd1kcd1h2umXWcn2rjLbrflmFMtAY32YSDhT85EQaTQMckeLzVKSi
 KPIPdNbjKhOirlizM6+mBv3EKn3bNbdDFeq0qGy0WI7DAT2Amyn8JRi18GKgM1z/
 BBzmOldG2oeFUlFes5ADdVm0b3p+iiQ5WqzIJvLkBeV1HrLAQ2/zAl6ixpUwP2wr
 sZymWkCXUUG2ZYn7ZxX6SXKvfvSv+GKUD0ImX82Q1DvAcQHSyiZ9/o9/pZbS4m1t
 innS1EXJEEZHd1x61EBu2WrQkNwXvlpTDZNa7at9Lc5Uys6NsgfUkx4+fTyqDT8h
 FfnxGaP9qHJRImVpxdBHsZGvUheDTVPPUk3eNNyeR1wmEz/OPCQmPIPIz0sw1TJt
 LL0d4XN1rLjRSUGv+q1+Y6nbc85eU7nyJG/qB35Fag4z27x3P7D/4queR1hAij37
 xp6MesrmEHPA7I4xV9jTzCRvY+O5MAughhOJMzZrn2f95EpC3Mg48OHdYRtktc1b
 4L9Vb/HeQ6s0hgVZhkdNfoBPsi797YNCd5WNccKpAdq17mG5s6+6qJxBgCqgHS/i
 4gjeR2IgSOL0KW2eE7STn8fgyY86ZepNsONkX6I+7n1h0lC7gVH6VtW5fzyvg9Bw
 RLA5ulOqUc+f8Ll7MwzbRL3+wiNN4jkX5NHYpaQB2nWVEO9A+cs=
 =76oN
 -----END PGP SIGNATURE-----

Merge 4.14.200 into android-4.14-stable

Changes in 4.14.200
	af_key: pfkey_dump needs parameter validation
	phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init
	KVM: fix memory leak in kvm_io_bus_unregister_dev()
	kprobes: fix kill kprobe which has been marked as gone
	mm/thp: fix __split_huge_pmd_locked() for migration PMD
	RDMA/ucma: ucma_context reference leak in error path
	hdlc_ppp: add range checks in ppp_cp_parse_cr()
	ip: fix tos reflection in ack and reset packets
	net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC
	tipc: fix shutdown() of connection oriented socket
	tipc: use skb_unshare() instead in tipc_buf_append()
	bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex.
	net: phy: Avoid NPD upon phy_detach() when driver is unbound
	net: add __must_check to skb_put_padto()
	ipv4: Update exception handling for multipath routes via same device
	geneve: add transport ports in route lookup for geneve
	serial: 8250: Avoid error message on reprobe
	mm: fix double page fault on arm64 if PTE_AF is cleared
	scsi: aacraid: fix illegal IO beyond last LBA
	m68k: q40: Fix info-leak in rtc_ioctl
	gma/gma500: fix a memory disclosure bug due to uninitialized bytes
	ASoC: kirkwood: fix IRQ error handling
	media: smiapp: Fix error handling at NVM reading
	arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback
	x86/ioapic: Unbreak check_timer()
	ALSA: usb-audio: Add delay quirk for H570e USB headsets
	ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
	PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out
	scsi: fnic: fix use after free
	clk/ti/adpll: allocate room for terminating null
	mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup()
	mfd: mfd-core: Protect against NULL call-back function pointer
	tracing: Adding NULL checks for trace_array descriptor pointer
	bcache: fix a lost wake-up problem caused by mca_cannibalize_lock
	RDMA/i40iw: Fix potential use after free
	xfs: fix attr leaf header freemap.size underflow
	RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()'
	mmc: core: Fix size overflow for mmc partitions
	gfs2: clean up iopen glock mess in gfs2_create_inode
	debugfs: Fix !DEBUG_FS debugfs_create_automount
	CIFS: Properly process SMB3 lease breaks
	kernel/sys.c: avoid copying possible padding bytes in copy_to_user
	neigh_stat_seq_next() should increase position index
	rt_cpu_seq_next should increase position index
	seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier
	media: ti-vpe: cal: Restrict DMA to avoid memory corruption
	ACPI: EC: Reference count query handlers under lock
	dmaengine: zynqmp_dma: fix burst length configuration
	powerpc/eeh: Only dump stack once if an MMIO loop is detected
	tracing: Set kernel_stack's caller size properly
	ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter
	selftests/ftrace: fix glob selftest
	tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility
	Bluetooth: Fix refcount use-after-free issue
	mm: pagewalk: fix termination condition in walk_pte_range()
	Bluetooth: prefetch channel before killing sock
	KVM: fix overflow of zero page refcount with ksm running
	ALSA: hda: Clear RIRB status before reading WP
	skbuff: fix a data race in skb_queue_len()
	audit: CONFIG_CHANGE don't log internal bookkeeping as an event
	selinux: sel_avc_get_stat_idx should increase position index
	scsi: lpfc: Fix RQ buffer leakage when no IOCBs available
	scsi: lpfc: Fix coverity errors in fmdi attribute handling
	drm/omap: fix possible object reference leak
	perf test: Fix test trace+probe_vfs_getname.sh on s390
	RDMA/rxe: Fix configuration of atomic queue pair attributes
	KVM: x86: fix incorrect comparison in trace event
	media: staging/imx: Missing assignment in imx_media_capture_device_register()
	x86/pkeys: Add check for pkey "overflow"
	bpf: Remove recursion prevention from rcu free callback
	dmaengine: tegra-apb: Prevent race conditions on channel's freeing
	media: go7007: Fix URB type for interrupt handling
	Bluetooth: guard against controllers sending zero'd events
	timekeeping: Prevent 32bit truncation in scale64_check_overflow()
	ext4: fix a data race at inode->i_disksize
	mm: avoid data corruption on CoW fault into PFN-mapped VMA
	drm/amdgpu: increase atombios cmd timeout
	ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read
	scsi: aacraid: Disabling TM path and only processing IOP reset
	Bluetooth: L2CAP: handle l2cap config request during open state
	media: tda10071: fix unsigned sign extension overflow
	xfs: don't ever return a stale pointer from __xfs_dir3_free_read
	tpm: ibmvtpm: Wait for buffer to be set before proceeding
	rtc: ds1374: fix possible race condition
	tracing: Use address-of operator on section symbols
	serial: 8250_port: Don't service RX FIFO if throttled
	serial: 8250_omap: Fix sleeping function called from invalid context during probe
	serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
	perf cpumap: Fix snprintf overflow check
	cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn
	tools: gpio-hammer: Avoid potential overflow in main
	RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices
	SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()'
	svcrdma: Fix leak of transport addresses
	ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len
	ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor
	NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests()
	mm/kmemleak.c: use address-of operator on section symbols
	mm/filemap.c: clear page error before actual read
	mm/vmscan.c: fix data races using kswapd_classzone_idx
	mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area
	scsi: qedi: Fix termination timeouts in session logout
	serial: uartps: Wait for tx_empty in console setup
	KVM: Remove CREATE_IRQCHIP/SET_PIT2 race
	bdev: Reduce time holding bd_mutex in sync in blkdev_close()
	drivers: char: tlclk.c: Avoid data race between init and interrupt handler
	staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
	sparc64: vcc: Fix error return code in vcc_probe()
	arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]
	dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion
	atm: fix a memory leak of vcc->user_back
	power: supply: max17040: Correct voltage reading
	phy: samsung: s5pv210-usb2: Add delay after reset
	Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
	USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe()
	tty: serial: samsung: Correct clock selection logic
	ALSA: hda: Fix potential race in unsol event handler
	powerpc/traps: Make unrecoverable NMIs die instead of panic
	fuse: don't check refcount after stealing page
	USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
	arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register
	e1000: Do not perform reset in reset_task if we are already down
	drm/nouveau/debugfs: fix runtime pm imbalance on error
	printk: handle blank console arguments passed in.
	usb: dwc3: Increase timeout for CmdAct cleared by device controller
	btrfs: don't force read-only after error in drop snapshot
	vfio/pci: fix memory leaks of eventfd ctx
	perf util: Fix memory leak of prefix_if_not_in
	perf kcore_copy: Fix module map when there are no modules loaded
	mtd: rawnand: omap_elm: Fix runtime PM imbalance on error
	ceph: fix potential race in ceph_check_caps
	mm/swap_state: fix a data race in swapin_nr_pages
	rapidio: avoid data race between file operation callbacks and mport_cdev_add().
	mtd: parser: cmdline: Support MTD names containing one or more colons
	x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline
	vfio/pci: Clear error and request eventfd ctx after releasing
	cifs: Fix double add page to memcg when cifs_readpages
	scsi: libfc: Handling of extra kref
	scsi: libfc: Skip additional kref updating work event
	selftests/x86/syscall_nt: Clear weird flags after each test
	vfio/pci: fix racy on error and request eventfd ctx
	btrfs: qgroup: fix data leak caused by race between writeback and truncate
	s390/init: add missing __init annotations
	i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices()
	objtool: Fix noreturn detection for ignored functions
	ieee802154: fix one possible memleak in ca8210_dev_com_init
	ieee802154/adf7242: check status of adf7242_read_reg
	clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init()
	mwifiex: Increase AES key storage size to 256 bits
	batman-adv: bla: fix type misuse for backbone_gw hash indexing
	atm: eni: fix the missed pci_disable_device() for eni_init_one()
	batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
	mac802154: tx: fix use-after-free
	drm/vc4/vc4_hdmi: fill ASoC card owner
	net: qed: RDMA personality shouldn't fail VF load
	batman-adv: Add missing include for in_interrupt()
	batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
	ALSA: asihpi: fix iounmap in error handler
	MIPS: Add the missing 'CPU_1074K' into __get_cpu_type()
	s390/dasd: Fix zero write for FBA devices
	kprobes: Fix to check probe enabled before disarm_kprobe_ftrace()
	mm, THP, swap: fix allocating cluster for swapfile by mistake
	lib/string.c: implement stpcpy
	ata: define AC_ERR_OK
	ata: make qc_prep return ata_completion_errors
	ata: sata_mv, avoid trigerrable BUG_ON
	Linux 4.14.200

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I3d3049dca196c46cb6b2a66d60a5a6a3a099efbb
 2020-10-01 17:59:29 +02:00
Bob Peterson
13c66d2d2b gfs2: clean up iopen glock mess in gfs2_create_inode 
[ Upstream commit 2c47c1be51fbded1f7baa2ceaed90f97932f79be ]

Before this patch, gfs2_create_inode had a use-after-free for the
iopen glock in some error paths because it did this:

	gfs2_glock_put(io_gl);
fail_gunlock2:
	if (io_gl)
		clear_bit(GLF_INODE_CREATING, &io_gl->gl_flags);

In some cases, the io_gl was used for create and only had one
reference, so the glock might be freed before the clear_bit().
This patch tries to straighten it out by only jumping to the
error paths where iopen is properly set, and moving the
gfs2_glock_put after the clear_bit.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-10-01 13:12:30 +02:00
Greg Kroah-Hartman
1d828fe52e This is the 4.14.199 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl9rHwIACgkQONu9yGCS
 aT5uXQ/9F4c/EVElUcq9n0zHnwwXulsFZQs0tDI0HwGLs0fgpx0LAW9KMorfLX0i
 nLsrTcXDGZebZcOlh8b8UGWn9+hKoH13iPfkGEnveSizLUPx3t5y2uCJlq67Dlcy
 p0448IrmcHsUjqwjcHXw8Ai/yWbCq1xxKzJyBGXIWnXgR261HRy4TLyaDeFjnK5Q
 XiheRJqrlWFCB0wn5gOaLrhlPy68EAkum0mjc7XEcDOsqLkoWwc795M4RdB6xAwo
 slLazDW2WVUh0Swv+XUubDisRbYEIF+EA08RX9aKtMLPeGxidQfvXVJPHod11NKK
 qwNlyIKkGsGb0Z0nWT7WzuHPnvJN31ygSxj89FKjwN4cKO+BsqsVGUyRcm4Kh9js
 zaUsHM8rFbY3BvzFvWrk+kvMtNfg1HxB2bZ+RLAza/OkxiKA4xpbok1nQZFRZf1g
 tyPmvMfhLGNv7c27parXU2o0lLUqRnNzhPAdA2x0Vj/mExdaIwdCMzweJf8MsoML
 DfmgrV2XA6EMyVgt6G8xoQplg+v3gBEOZxony9SxvtXx53xytCBvGitpC8KAfpRI
 E1vrgYqm6zz79lpJAy+nh5HrvFQz9X9xQwvzsouMtGVUGn7BeYBtfqlK7yG9XDa3
 eM0UTBWzuCJKFMeRxlT9FHgYlSWnXSTJ/MUVIqfkikZEeDzXGu8=
 =KSuS
 -----END PGP SIGNATURE-----

Merge 4.14.199 into android-4.14-stable

Changes in 4.14.199
	ARM: dts: socfpga: fix register entry for timer3 on Arria10
	RDMA/rxe: Fix memleak in rxe_mem_init_user
	RDMA/rxe: Drop pointless checks in rxe_init_ports
	scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
	RDMA/core: Fix reported speed and width
	mmc: sdhci-msm: Add retries when all tuning phases are found valid
	ARM: dts: BCM5301X: Fixed QSPI compatible string
	arm64: dts: ns2: Fixed QSPI compatible string
	ARC: HSDK: wireup perf irq
	dmaengine: acpi: Put the CSRT table after using it
	drivers/net/wan/lapbether: Added needed_tailroom
	NFC: st95hf: Fix memleak in st95hf_in_send_cmd
	firestream: Fix memleak in fs_open
	ALSA: hda: Fix 2 channel swapping for Tegra
	drivers/net/wan/lapbether: Set network_header before transmitting
	xfs: initialize the shortform attr header padding entry
	irqchip/eznps: Fix build error for !ARC700 builds
	drivers/net/wan/hdlc_cisco: Add hard_header_len
	ARC: [plat-hsdk]: Switch ethernet phy-mode to rgmii-id
	cpufreq: intel_pstate: Refuse to turn off with HWP enabled
	ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
	gcov: Disable gcov build with GCC 10
	iio: adc: mcp3422: fix locking scope
	iio: adc: mcp3422: fix locking on error path
	iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
	iio:light:ltr501 Fix timestamp alignment issue.
	iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak.
	iio:adc:ti-adc084s021 Fix alignment and data leak issues.
	iio:adc:ina2xx Fix timestamp alignment issue.
	iio:adc:max1118 Fix alignment of timestamp and data leak issues
	iio:adc:ti-adc081c Fix alignment and data leak issues
	iio:magnetometer:ak8975 Fix alignment and data leak issues.
	iio:light:max44000 Fix timestamp alignment and prevent data leak.
	iio:chemical:ccs811: Fix timestamp alignment and prevent data leak.
	iio: accel: kxsd9: Fix alignment of local buffer.
	iio:accel:mma7455: Fix timestamp alignment and prevent data leak.
	iio:accel:mma8452: Fix timestamp alignment and prevent data leak.
	staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()
	btrfs: require only sector size alignment for parent eb bytenr
	btrfs: fix lockdep splat in add_missing_dev
	btrfs: fix wrong address when faulting in pages in the search ioctl
	regulator: push allocation in set_consumer_device_supply() out of lock
	scsi: target: iscsi: Fix data digest calculation
	scsi: target: iscsi: Fix hang in iscsit_access_np() when getting tpg->np_login_sem
	rbd: require global CAP_SYS_ADMIN for mapping and unmapping
	RDMA/rxe: Fix the parent sysfs read when the interface has 15 chars
	fbcon: remove soft scrollback code
	fbcon: remove now unusued 'softback_lines' cursor() argument
	vgacon: remove software scrollback support
	KVM: VMX: Don't freeze guest when event delivery causes an APIC-access exit
	ARM: dts: vfxxx: Add syscon compatible with OCOTP
	video: fbdev: fix OOB read in vga_8planes_imageblit()
	staging: greybus: audio: fix uninitialized value issue
	usb: core: fix slab-out-of-bounds Read in read_descriptors
	USB: serial: ftdi_sio: add IDs for Xsens Mti USB converter
	USB: serial: option: support dynamic Quectel USB compositions
	USB: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
	usb: Fix out of sync data toggle if a configured device is reconfigured
	usb: typec: ucsi: acpi: Check the _DEP dependencies
	gcov: add support for GCC 10.1
	gfs2: initialize transaction tr_ailX_lists earlier
	net: handle the return value of pskb_carve_frag_list() correctly
	hv_netvsc: Remove "unlikely" from netvsc_select_queue
	NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall
	scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
	scsi: libfc: Fix for double free()
	scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery
	spi: spi-loopback-test: Fix out-of-bounds read
	SUNRPC: stop printk reading past end of string
	rapidio: Replace 'select' DMAENGINES 'with depends on'
	nvme-fc: cancel async events before freeing event struct
	f2fs: fix indefinite loop scanning for free nid
	i2c: algo: pca: Reapply i2c bus settings after reset
	spi: Fix memory leak on splited transfers
	KVM: MIPS: Change the definition of kvm type
	clk: rockchip: Fix initialization of mux_pll_src_4plls_p
	Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload
	MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT
	perf test: Free formats for perf pmu parse test
	fbcon: Fix user font detection test at fbcon_resize().
	MIPS: SNI: Fix spurious interrupts
	drm/mediatek: Add exception handing in mtk_drm_probe() if component init fail
	drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata()
	USB: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin notebook
	USB: UAS: fix disconnect by unplugging a hub
	usblp: fix race between disconnect() and read()
	i2c: i801: Fix resume bug
	percpu: fix first chunk size calculation for populated bitmap
	Input: trackpoint - add new trackpoint variant IDs
	Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
	serial: 8250_pci: Add Realtek 816a and 816b
	ehci-hcd: Move include to keep CRC stable
	powerpc/dma: Fix dma_map_ops::get_required_mask
	x86/defconfig: Enable CONFIG_USB_XHCI_HCD=y
	Linux 4.14.199

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I9a95bfa5df8d7a17dc63052ae7d3757c4dea6373
 2020-09-24 12:45:16 +02:00
Bob Peterson
9a81aa7adf gfs2: initialize transaction tr_ailX_lists earlier 
commit cbcc89b630447ec7836aa2b9242d9bb1725f5a61 upstream.

Since transactions may be freed shortly after they're created, before
a log_flush occurs, we need to initialize their ail1 and ail2 lists
earlier. Before this patch, the ail1 list was initialized in gfs2_log_flush().
This moves the initialization to the point when the transaction is first
created.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Cc: Salvatore Bonaccorso <carnil@debian.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-09-23 10:46:33 +02:00
Greg Kroah-Hartman
4437a4dfa7 This is the 4.14.189 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl8X60kACgkQONu9yGCS
 aT4/IRAAh0BIC235Kv3HWLk6TKeoJPfj9aKp5tIj6+PDOZleTw3mejaoUjPQSvMz
 kVEOM1AcBG9wx3kSWnJ5uUcAGjlnaEXnwXQOhRNbFM7lvQ2OZaFh6Z/tdTmwpXVB
 IBLtUJbcLQ1pi2MK3z/F/k1X0U8X007QycmQZs5asC4ZzUEeTq/a6tJwK5utqWIO
 wHqGjXei0Qw/b7IZWdb5CGk3RHqvrYy7dlKDddUnO75tM2YSE6mXFDr5Zl+931kn
 kHJwGW94d5LG7jiIn8Yt3HW3lV1kW/leovZTmzXor1nU8ZGv1nWqfsz18OAlAAKy
 ye7rUaOSFAESi+tuB++k7zSqmdXcWb/SxLrA41sNfIzMq/KJZx3wm/6Q2VxQP16k
 Ysh4+ECOQqPvoMHlxjJ2Nn3hteSXt9gQ2LVH8G/PNeicya6GVCzRqz3RV4MtMF37
 zPPklWIONgg/2UJkaHYLBJOtmjFlM6vNQALa5zjdBjiFkl50p6Z7GKf6D7X+j97x
 bOT4lRgfjigyqmB1HSsrBJU81BW7ilF+s6IhWdNB16Jvmlp9d7oHRWrsWPBVgF9+
 ih8OBT/Lsq/tr7OdufyEiiyjt0DAKBPTOV7ctgilIDVdgCNfxLkXSL8Edd6fbM/8
 ZeF7hKF/RT+spNZVx25tHEN/k0lKJfuLkmhNpyHPnkIB11HkggY=
 =EGIW
 -----END PGP SIGNATURE-----

Merge 4.14.189 into android-4.14-stable

Changes in 4.14.189
	KVM: s390: reduce number of IO pins to 1
	spi: spi-fsl-dspi: Adding shutdown hook
	spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer
	spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ
	spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
	ARM: dts: omap4-droid4: Fix spi configuration and increase rate
	gpu: host1x: Detach driver on unregister
	spi: spidev: fix a race between spidev_release and spidev_remove
	spi: spidev: fix a potential use-after-free in spidev_release()
	ixgbe: protect ring accesses with READ- and WRITE_ONCE
	s390/kasan: fix early pgm check handler execution
	cifs: update ctime and mtime during truncate
	ARM: imx6: add missing put_device() call in imx6q_suspend_init()
	scsi: mptscsih: Fix read sense data size
	nvme-rdma: assign completion vector correctly
	x86/entry: Increase entry_stack size to a full page
	net: cxgb4: fix return error value in t4_prep_fw
	smsc95xx: check return value of smsc95xx_reset
	smsc95xx: avoid memory leak in smsc95xx_bind
	ALSA: compress: fix partial_drain completion state
	arm64: kgdb: Fix single-step exception handling oops
	nbd: Fix memory leak in nbd_add_socket
	bnxt_en: fix NULL dereference in case SR-IOV configuration fails
	net: macb: mark device wake capable when "magic-packet" property present
	mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
	ALSA: opl3: fix infoleak in opl3
	ALSA: hda - let hs_mic be picked ahead of hp_mic
	ALSA: usb-audio: add quirk for MacroSilicon MS2109
	KVM: arm64: Fix definition of PAGE_HYP_DEVICE
	KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART
	KVM: x86: bit 8 of non-leaf PDPEs is not reserved
	KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
	KVM: x86: Mark CR4.TSD as being possibly owned by the guest
	Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
	btrfs: fix fatal extent_buffer readahead vs releasepage race
	drm/radeon: fix double free
	dm: use noio when sending kobject event
	ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
	ARC: elf: use right ELF_ARCH
	s390/mm: fix huge pte soft dirty copying
	genetlink: remove genl_bind
	ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
	l2tp: remove skb_dst_set() from l2tp_xmit_skb()
	llc: make sure applications use ARPHRD_ETHER
	net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
	net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
	tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
	tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
	tcp: md5: allow changing MD5 keys in all socket states
	net_sched: fix a memory leak in atm_tc_init()
	tcp: make sure listeners don't initialize congestion-control state
	tcp: md5: do not send silly options in SYNCOOKIES
	cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
	cgroup: Fix sock_cgroup_data on big-endian.
	drm/exynos: fix ref count leak in mic_pre_enable
	arm64/alternatives: use subsections for replacement sequences
	tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
	gfs2: read-only mounts should grab the sd_freeze_gl glock
	i2c: eg20t: Load module automatically if ID matches
	arm64: alternative: Use true and false for boolean values
	arm64/alternatives: don't patch up internal branches
	iio:magnetometer:ak8974: Fix alignment and data leak issues
	iio:humidity:hdc100x Fix alignment and data leak issues
	iio: magnetometer: ak8974: Fix runtime PM imbalance on error
	iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
	iio: pressure: zpa2326: handle pm_runtime_get_sync failure
	iio:pressure:ms5611 Fix buffer element alignment
	iio:health:afe4403 Fix timestamp alignment and prevent data leak.
	spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
	spi: fix initial SPI_SR value in spi-fsl-dspi
	net: dsa: bcm_sf2: Fix node reference count
	of: of_mdio: Correct loop scanning logic
	Revert "usb/ohci-platform: Fix a warning when hibernating"
	Revert "usb/ehci-platform: Set PM runtime as active on resume"
	Revert "usb/xhci-plat: Set PM runtime as active on resume"
	doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode
	mmc: sdhci: do not enable card detect interrupt for gpio cd type
	ACPI: video: Use native backlight on Acer Aspire 5783z
	ACPI: video: Use native backlight on Acer TravelMate 5735Z
	iio:health:afe4404 Fix timestamp alignment and prevent data leak.
	phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
	arm64: dts: meson: add missing gxl rng clock
	spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
	usb: gadget: udc: atmel: fix uninitialized read in debug printk
	staging: comedi: verify array index is correct before using it
	Revert "thermal: mediatek: fix register index error"
	ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
	copy_xstate_to_kernel: Fix typo which caused GDB regression
	perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
	mtd: rawnand: brcmnand: fix CS0 layout
	mtd: rawnand: oxnas: Keep track of registered devices
	mtd: rawnand: oxnas: Unregister all devices on error
	mtd: rawnand: oxnas: Release all devices in the _remove() path
	HID: magicmouse: do not set up autorepeat
	ALSA: line6: Perform sanity check for each URB creation
	ALSA: usb-audio: Fix race against the error recovery URB submission
	USB: c67x00: fix use after free in c67x00_giveback_urb
	usb: dwc2: Fix shutdown callback in platform
	usb: chipidea: core: add wakeup support for extcon
	usb: gadget: function: fix missing spinlock in f_uac1_legacy
	USB: serial: iuu_phoenix: fix memory corruption
	USB: serial: cypress_m8: enable Simply Automated UPB PIM
	USB: serial: ch341: add new Product ID for CH340
	USB: serial: option: add GosunCn GM500 series
	USB: serial: option: add Quectel EG95 LTE modem
	virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
	fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
	Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
	mei: bus: don't clean driver pointer
	Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
	uio_pdrv_genirq: fix use without device tree and no interrupt
	timer: Fix wheel index calculation on last level
	MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
	hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
	intel_th: pci: Add Jasper Lake CPU support
	intel_th: pci: Add Tiger Lake PCH-H support
	intel_th: pci: Add Emmitsburg PCH support
	dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
	misc: atmel-ssc: lock with mutex instead of spinlock
	thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
	arm64: ptrace: Override SPSR.SS when single-stepping is enabled
	sched/fair: handle case of task_h_load() returning 0
	x86/cpu: Move x86_cache_bits settings
	libceph: don't omit recovery_deletes in target_copy()
	rxrpc: Fix trace string
	Linux 4.14.189

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib5da2b58af11e2738c78990bf691a0211a55a40f
 2020-07-24 10:08:39 +02:00
Bob Peterson
9a9d2bbc1b gfs2: read-only mounts should grab the sd_freeze_gl glock 
[ Upstream commit b780cc615ba4795a7ef0e93b19424828a5ad456a ]

Before this patch, only read-write mounts would grab the freeze
glock in read-only mode, as part of gfs2_make_fs_rw. So the freeze
glock was never initialized. That meant requests to freeze, which
request the glock in EX, were granted without any state transition.
That meant you could mount a gfs2 file system, which is currently
frozen on a different cluster node, in read-only mode.

This patch makes read-only mounts lock the freeze glock in SH mode,
which will block for file systems that are frozen on another node.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-07-22 09:22:21 +02:00
Greg Kroah-Hartman
e570b0fb2f This is the 4.14.186 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl70qaoACgkQONu9yGCS
 aT47KBAAuBj7O/teYsWuuqSn02hBOlNBOSN1QMKgt72FZmZqusM3GHIII2N0dk0y
 RATaEXpI/WxgJ7DZ8G9FdTbIyTtbtSV6M190xfjU5gYSdRJv/eDNEYMGiXrCPzJz
 4LX/fQUJJQymw1PY89VHMsMcFCVyOlQiZHKQNCfNKFb0xxv6CzbaDM91OlNfJOA4
 6w4f3+kB91b+UW/50T9S+ZbJmnX40Lg6GW5yPZP8U2W2gXhHqgWvX5wKbVmr/VLz
 fcFz8wLxX18Qjp475r185SNp0pN5QyctiwqXm+ngMTbs1DXXHVHUrV5PFwEnc8/Y
 1OUWQUfqhvzQetgkhm+WkGtt+TtC12+yjnWy0nTPNt9Uj0/WkM7PpEAjV0Q5qEuS
 TCJuzzNtrK0vXbTpNCorh3DUzTyH3EhAM8AO4HyVQxie4nfpqaOY/MqdKGuk3LlH
 jKKn5xjYt0jjRjPBUjphbJs2PU8mOmc4X2cK9tKPHfgPk6KrPJTnPUyCYMBie8g+
 5h15lBqv/SvdUMhtjD+p7LnP6iMIV7DZUW06NFQQ91Q/ZVyb4kJyynmr40ScJJ6O
 +f+GOdkhy3JSVFtKOgwDOx/V6HSPzVgvI6fhxfdCc9jMxmksE5LcEy7FN0m5jLYL
 diUbkrinK2dGq1XjJ7N/zx4HzeR6Nvg56aCMaGJvXqHgWv9znNc=
 =W8kd
 -----END PGP SIGNATURE-----

Merge 4.14.186 into android-4.14-stable

Changes in 4.14.186
	s390: fix syscall_get_error for compat processes
	drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
	power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
	clk: sunxi: Fix incorrect usage of round_down()
	i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
	iio: pressure: bmp280: Tolerate IRQ before registering
	remoteproc: Fix IDR initialisation in rproc_alloc()
	clk: qcom: msm8916: Fix the address location of pll->config_reg
	backlight: lp855x: Ensure regulators are disabled on probe failure
	ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
	ARM: integrator: Add some Kconfig selections
	scsi: qedi: Check for buffer overflow in qedi_set_path()
	ALSA: isa/wavefront: prevent out of bounds write in ioctl
	scsi: qla2xxx: Fix issue with adapter's stopping state
	iio: bmp280: fix compensation of humidity
	f2fs: report delalloc reserve as non-free in statfs for project quota
	i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
	usblp: poison URBs upon disconnect
	dm mpath: switch paths in dm_blk_ioctl() code path
	PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register
	ps3disk: use the default segment boundary
	vfio/pci: fix memory leaks in alloc_perm_bits()
	m68k/PCI: Fix a memory leak in an error handling path
	mfd: wm8994: Fix driver operation if loaded as modules
	scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
	clk: clk-flexgen: fix clock-critical handling
	powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run
	nfsd: Fix svc_xprt refcnt leak when setup callback client failed
	powerpc/crashkernel: Take "mem=" option into account
	yam: fix possible memory leak in yam_init_driver
	NTB: Fix the default port and peer numbers for legacy drivers
	mksysmap: Fix the mismatch of '.L' symbols in System.map
	apparmor: fix introspection of of task mode for unconfined tasks
	scsi: sr: Fix sr_probe() missing deallocate of device minor
	scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
	staging: greybus: fix a missing-check bug in gb_lights_light_config()
	scsi: qedi: Do not flush offload work if ARP not resolved
	ALSA: usb-audio: Improve frames size computation
	s390/qdio: put thinint indicator after early error
	tty: hvc: Fix data abort due to race in hvc_open
	thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR
	staging: sm750fb: add missing case while setting FB_VISUAL
	i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
	serial: amba-pl011: Make sure we initialize the port.lock spinlock
	drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish
	PCI: rcar: Fix incorrect programming of OB windows
	PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
	scsi: qla2xxx: Fix warning after FC target reset
	power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()'
	power: supply: smb347-charger: IRQSTAT_D is volatile
	scsi: mpt3sas: Fix double free warnings
	dlm: remove BUG() before panic()
	clk: ti: composite: fix memory leak
	PCI: Fix pci_register_host_bridge() device_register() error handling
	tty: n_gsm: Fix SOF skipping
	tty: n_gsm: Fix waking up upper tty layer when room available
	powerpc/pseries/ras: Fix FWNMI_VALID off by one
	powerpc/ps3: Fix kexec shutdown hang
	vfio-pci: Mask cap zero
	usb/ohci-platform: Fix a warning when hibernating
	drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
	USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
	tty: n_gsm: Fix bogus i++ in gsm_data_kick
	clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
	powerpc/64s/pgtable: fix an undefined behaviour
	dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
	PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
	IB/cma: Fix ports memory leak in cma_configfs
	watchdog: da9062: No need to ping manually before setting timeout
	usb: dwc2: gadget: move gadget resume after the core is in L0 state
	USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke
	usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
	usb: gadget: fix potential double-free in m66592_probe.
	usb: gadget: Fix issue with config_ep_by_speed function
	x86/apic: Make TSC deadline timer detection message visible
	clk: bcm2835: Fix return type of bcm2835_register_gate
	scsi: ufs-qcom: Fix scheduling while atomic issue
	net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
	NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
	powerpc/4xx: Don't unmap NULL mbase
	extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
	ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
	vfio/mdev: Fix reference count leak in add_mdev_supported_type
	openrisc: Fix issue with argument clobbering for clone/fork
	gfs2: Allow lock_nolock mount to specify jid=X
	scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
	scsi: ufs: Don't update urgent bkops level when toggling auto bkops
	pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
	pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'
	crypto: omap-sham - add proper load balancing support for multicore
	geneve: change from tx_error to tx_dropped on missing metadata
	lib/zlib: remove outdated and incorrect pre-increment optimization
	include/linux/bitops.h: avoid clang shift-count-overflow warnings
	elfnote: mark all .note sections SHF_ALLOC
	selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
	blktrace: use errno instead of bi_status
	blktrace: fix endianness in get_pdu_int()
	blktrace: fix endianness for blk_log_remap()
	gfs2: fix use-after-free on transaction ail lists
	selftests/net: in timestamping, strncpy needs to preserve null byte
	drm/sun4i: hdmi ddc clk: Fix size of m divider
	scsi: acornscsi: Fix an error handling path in acornscsi_probe()
	usb/xhci-plat: Set PM runtime as active on resume
	usb/ehci-platform: Set PM runtime as active on resume
	perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events()
	bcache: fix potential deadlock problem in btree_gc_coalesce
	block: Fix use-after-free in blkdev_get()
	arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
	libata: Use per port sync for detach
	drm: encoder_slave: fix refcouting error for modules
	drm/dp_mst: Reformat drm_dp_check_act_status() a bit
	drm/qxl: Use correct notify port address when creating cursor ring
	selinux: fix double free
	ext4: fix partial cluster initialization when splitting extent
	drm/dp_mst: Increase ACT retry timeout to 3s
	x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
	block: nr_sects_write(): Disable preemption on seqcount write
	mtd: rawnand: Pass a nand_chip object to nand_release()
	mtd: rawnand: diskonchip: Fix the probe error path
	mtd: rawnand: sharpsl: Fix the probe error path
	mtd: rawnand: xway: Fix the probe error path
	mtd: rawnand: orion: Fix the probe error path
	mtd: rawnand: oxnas: Add of_node_put()
	mtd: rawnand: oxnas: Fix the probe error path
	mtd: rawnand: socrates: Fix the probe error path
	mtd: rawnand: plat_nand: Fix the probe error path
	mtd: rawnand: mtk: Fix the probe error path
	mtd: rawnand: tmio: Fix the probe error path
	crypto: algif_skcipher - Cap recv SG list at ctx->used
	crypto: algboss - don't wait during notifier callback
	kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
	e1000e: Do not wake up the system via WOL if device wakeup is disabled
	kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
	sched/rt, net: Use CONFIG_PREEMPTION.patch
	net: core: device_rename: Use rwsem instead of a seqcount
	md: add feature flag MD_FEATURE_RAID0_LAYOUT
	kvm: x86: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c
	kvm: x86: Fix reserved bits related calculation errors caused by MKTME
	KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
	Linux 4.14.186

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5a9f5c8483f37ac08cf01991ffa43b333fdfa0a3
 2020-06-25 16:12:13 +02:00
Bob Peterson
04017f6617 gfs2: fix use-after-free on transaction ail lists 
[ Upstream commit 83d060ca8d90fa1e3feac227f995c013100862d3 ]

Before this patch, transactions could be merged into the system
transaction by function gfs2_merge_trans(), but the transaction ail
lists were never merged. Because the ail flushing mechanism can run
separately, bd elements can be attached to the transaction's buffer
list during the transaction (trans_add_meta, etc) but quickly moved
to its ail lists. Later, in function gfs2_trans_end, the transaction
can be freed (by gfs2_trans_end) while it still has bd elements
queued to its ail lists, which can cause it to either lose track of
the bd elements altogether (memory leak) or worse, reference the bd
elements after the parent transaction has been freed.

Although I've not seen any serious consequences, the problem becomes
apparent with the previous patch's addition of:

	gfs2_assert_warn(sdp, list_empty(&tr->tr_ail1_list));

to function gfs2_trans_free().

This patch adds logic into gfs2_merge_trans() to move the merged
transaction's ail lists to the sdp transaction. This prevents the
use-after-free. To do this properly, we need to hold the ail lock,
so we pass sdp into the function instead of the transaction itself.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-06-25 15:41:58 +02:00
Bob Peterson
5bd3a2e81a gfs2: Allow lock_nolock mount to specify jid=X 
[ Upstream commit ea22eee4e6027d8927099de344f7fff43c507ef9 ]

Before this patch, a simple typo accidentally added \n to the jid=
string for lock_nolock mounts. This made it impossible to mount a
gfs2 file system with a journal other than journal0. Thus:

mount -tgfs2 -o hostdata="jid=1" <device> <mount pt>

Resulted in:
mount: wrong fs type, bad option, bad superblock on <device>

In most cases this is not a problem. However, for debugging and
testing purposes we sometimes want to test the integrity of other
journals. This patch removes the unnecessary \n and thus allows
lock_nolock users to specify an alternate journal.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-06-25 15:41:56 +02:00
Greg Kroah-Hartman
40fc2b4825 This is the 4.14.183 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7XQKUACgkQONu9yGCS
 aT5OSxAAz28rgSZtf4zZtryA+dB1VHAXUpqmLgs9gZP8dPQ6qrwBHXIzawvmyfoj
 KY5DCsAbJSotCuy1XmCGTwzkqk9G3W1Rv4F1+7eDh37sOLUjNjeGn69dCiKKD1HH
 6YaBIDsZOYrm207Y1fyTB23hHWGVNMHAVGwBV/lyvy7Lpz+o/JNc+DoqtWtsKCpB
 0lhm5qlQttTMKzIgfDSXznJOo5LuO3TWmC94M2JkQwvvoz5C+9njWGO0JB99dIkt
 svBCX+0xz2stlInxGR8ZQZNRUgM6UMBUyjkljSxpYpEUPnIDRPtE8jY9+gx4aYCk
 er76ZTBBnWPWH+hlY4biPpg1fWRtj6SLvD3hNgDAuou9re1HVROSdCapcoGVEAvd
 dYX9RrXsVTRK9QdIQn9zBVuK9YOHNps9+JSL359QzCZ8Kc5t8LlUcxKbTi6P3OZA
 bnb7yu+/qxpdBeP/AoCkQUdcWUAXrPgR+odQEVm+w4AczYwp0AGbcVqZIM0wZ5zW
 euSE7W/O/Y6mK89C+D6qOzC/Pz9mTPg9IrLP2tFGAgWd2ZhWJim2YdydZRB/BTfg
 QEbKOXzjiAxckdqFdfH+JEQ1KIiriu7Y8kdhVzTd2gwqPAsl48/C4rMaOzfwBrk8
 W29ZhbDK5cpmiftzay6AxOacMhxDdI9jA7Q5ndtG2qKwsHh5soU=
 =bPeb
 -----END PGP SIGNATURE-----

Merge 4.14.183 into android-4.14-stable

Changes in 4.14.183
	ax25: fix setsockopt(SO_BINDTODEVICE)
	net: ipip: fix wrong address family in init error path
	net/mlx5: Add command entry handling completion
	net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
	net sched: fix reporting the first-time use timestamp
	r8152: support additional Microsoft Surface Ethernet Adapter variant
	sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
	net/mlx5e: Update netdev txq on completions during closure
	net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
	net: sun: fix missing release regions in cas_init_one().
	net/mlx4_core: fix a memory leak bug.
	ARM: dts: rockchip: fix phy nodename for rk3228-evb
	arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
	ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
	gpio: tegra: mask GPIO IRQs during IRQ shutdown
	net: microchip: encx24j600: add missed kthread_stop
	gfs2: move privileged user check to gfs2_quota_lock_check
	cachefiles: Fix race between read_waiter and read_copier involving op->to_do
	usb: gadget: legacy: fix redundant initialization warnings
	net: freescale: select CONFIG_FIXED_PHY where needed
	cifs: Fix null pointer check in cifs_read
	samples: bpf: Fix build error
	Input: usbtouchscreen - add support for BonXeon TP
	Input: evdev - call input_flush_device() on release(), not flush()
	Input: xpad - add custom init packet for Xbox One S controllers
	Input: dlink-dir685-touchkeys - fix a typo in driver name
	Input: i8042 - add ThinkPad S230u to i8042 reset list
	Input: synaptics-rmi4 - really fix attn_data use-after-free
	Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
	ARM: 8843/1: use unified assembler in headers
	ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
	ARM: uaccess: integrate uaccess_save and uaccess_restore
	ARM: uaccess: fix DACR mismatch with nested exceptions
	gpio: exar: Fix bad handling for ida_simple_get error path
	IB/qib: Call kobject_put() when kobject_init_and_add() fails
	ARM: dts: imx6q-bx50v3: Add internal switch
	ARM: dts/imx6q-bx50v3: Set display interface clock parents
	ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
	mmc: block: Fix use-after-free issue for rpmb
	RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
	ALSA: hwdep: fix a left shifting 1 by 31 UB bug
	ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
	exec: Always set cap_ambient in cap_bprm_set_creds
	ALSA: hda/realtek - Add new codec supported for ALC287
	libceph: ignore pool overlay and cache logic on redirects
	mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
	fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
	include/asm-generic/topology.h: guard cpumask_of_node() macro argument
	iommu: Fix reference count leak in iommu_group_alloc.
	parisc: Fix kernel panic in mem_init()
	mac80211: mesh: fix discovery timer re-arming issue / crash
	x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
	copy_xstate_to_kernel(): don't leave parts of destination uninitialized
	xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
	xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
	xfrm: fix a warning in xfrm_policy_insert_list
	xfrm: fix a NULL-ptr deref in xfrm_local_error
	xfrm: fix error in comment
	vti4: eliminated some duplicate code.
	ip_vti: receive ipip packet by calling ip_tunnel_rcv
	netfilter: nft_reject_bridge: enable reject with bridge vlan
	netfilter: ipset: Fix subcounter update skip
	netfilter: nfnetlink_cthelper: unbreak userspace helper support
	netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
	esp6: get the right proto for transport mode in esp6_gso_encap
	qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
	bonding: Fix reference count leak in bond_sysfs_slave_add.
	netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
	mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
	sc16is7xx: move label 'err_spi' to correct section
	rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
	KVM: VMX: check for existence of secondary exec controls before accessing
	net: hns: fix unsigned comparison to less than zero
	net: hns: Fixes the missing put_device in positive leg for roce reset
	genirq/generic_pending: Do not lose pending affinity update
	scsi: zfcp: fix request object use-after-free in send path causing wrong traces
	Linux 4.14.183

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib69018849fcc55dacce4a6aaaad70921bdee4cd0
 2020-06-03 13:37:46 +02:00
Bob Peterson
af3cc80bdc gfs2: move privileged user check to gfs2_quota_lock_check 
[ Upstream commit 4ed0c30811cb4d30ef89850b787a53a84d5d2bcb ]

Before this patch, function gfs2_quota_lock checked if it was called
from a privileged user, and if so, it bypassed the quota check:
superuser can operate outside the quotas.
That's the wrong place for the check because the lock/unlock functions
are separate from the lock_check function, and you can do lock and
unlock without actually checking the quotas.

This patch moves the check to gfs2_quota_lock_check.

Signed-off-by: Bob Peterson <rpeterso@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-06-03 08:17:52 +02:00
Greg Kroah-Hartman
433305b0af This is the 4.14.182 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7OfIMACgkQONu9yGCS
 aT5dxRAAooSpyWoPEdRPKVVF1FybPCn+0U0LZfTGEBbhNdFqb8RoLUxjUXhmYRId
 Wu6BWbRuxMIPFMweR8LNwgs7mmY83ogRk91vnWDAfJ3kvNlxNfdWBNYtrnm6+YhQ
 Nne8k/W7yj+oyYAPBm+SSblFGMgz8krCyRvRRf16TubZmwwFipQhJ0BdlPun5rzz
 Fz99tzmt99+8nkphBMI2UIQfJN6bYUD03SRJTO7o3hD3viT5/FgfG1BQtf5eFttS
 PXU2wGqBfiIaupILpOJ5ulT7Mkael9DERLx6SjDMD8eA6nOkn8oJeJHBFisjrt4k
 h0TT8nlE11dyF8QrKjyFzF82pv0Gaatc7tfGdiZTHRhUHY/wcnSNCdOcGP3rLMJf
 f9+cjIxSQJQr45Y+hEp5Z87GaPjg5rJiSJYvPGDrVAE4HZ9uJH1CSza3DQGPq8CB
 ihssDrn9cnvqVGaCWRYMyUy8nro2VRiXSUwxAavWuIu9fRB5/66g1a8B5Fr3Npmz
 Eyqlmafck+aLA5XtV+eX2tEzouIMaBKCFTvB970MeCIg1cma+P7QxMO89mvxTAwY
 C//kE4bvR8o0WJHnVUreqiEPwnu2IlpmtEVEphxWXUG+VOACOfgQQnuvGSwk8F5q
 thZJLwS5LOtC/s0uwXmLm8PL52nUBvT1bEyWzVgXaH/cmGKi/hs=
 =Ljah
 -----END PGP SIGNATURE-----

Merge 4.14.182 into android-4.14-stable

Changes in 4.14.182
	ext4: add cond_resched() to ext4_protect_reserved_inode
	watchdog: Fix the race between the release of watchdog_core_data and cdev
	i2c: dev: Fix the race between the release of i2c_dev and cdev
	padata: ensure the reorder timer callback runs on the correct CPU
	padata: ensure padata_do_serial() runs on the correct CPU
	ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
	evm: Check also if *tfm is an error pointer in init_desc()
	ima: Fix return value of ima_write_policy()
	fix multiplication overflow in copy_fdtable()
	iommu/amd: Fix over-read of ACPI UID from IVRS table
	i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'
	ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
	gcc-common.h: Update for GCC 10
	HID: multitouch: add eGalaxTouch P80H84 support
	scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
	configfs: fix config_item refcnt leak in configfs_rmdir()
	vhost/vsock: fix packet delivery order to monitoring devices
	component: Silence bind error on -EPROBE_DEFER
	scsi: ibmvscsi: Fix WARN_ON during event pool release
	x86/apic: Move TSC deadline timer debug printk
	gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
	ceph: fix double unlock in handle_cap_export()
	USB: core: Fix misleading driver bug report
	platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
	ARM: futex: Address build warning
	padata: set cpu_index of unused CPUs to -1
	padata: Replace delayed timer with immediate workqueue in padata_reorder
	padata: initialize pd->cpu with effective cpumask
	padata: purge get_cpu and reorder_via_wq from padata_do_serial
	arm64: fix the flush_icache_range arguments in machine_kexec
	l2tp: don't register sessions in l2tp_session_create()
	l2tp: initialise l2tp_eth sessions before registering them
	l2tp: protect sock pointer of struct pppol2tp_session with RCU
	l2tp: initialise PPP sessions before registering them
	ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option
	ALSA: pcm: fix incorrect hw_base increase
	apparmor: Fix aa_label refcnt leak in policy_update
	dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
	powerpc: restore alphabetic order in Kconfig
	powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
	powerpc/64s: Disable STRICT_KERNEL_RWX
	x86/uaccess, ubsan: Fix UBSAN vs. SMAP
	ubsan: build ubsan.c more conservatively
	libnvdimm/btt: Remove unnecessary code in btt_freelist_init
	libnvdimm/btt: Fix LBA masking during 'free list' population
	media: fdp1: Fix R-Car M3-N naming in debug message
	cxgb4: free mac_hlist properly
	cxgb4/cxgb4vf: Fix mac_hlist initialization and free
	Revert "gfs2: Don't demote a glock until its revokes are written"
	staging: iio: ad2s1210: Fix SPI reading
	staging: greybus: Fix uninitialized scalar variable
	iio: sca3000: Remove an erroneous 'get_device()'
	iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
	mei: release me_cl object reference
	rapidio: fix an error in get_user_pages_fast() error handling
	rxrpc: Fix a memory leak in rxkad_verify_response()
	x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
	iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel()
	iio: adc: stm32-adc: fix device used to request dma
	Linux 4.14.182

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5c1fd52b8c5565f2b3be89efeefc5a66fe806247
 2020-05-28 12:17:10 +02:00