mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
809 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
qctecmdr
|
2cf5a3b890 | Merge "Merge android-4.14.158 (84afceb) into msm-4.14" | ||
Srinivasarao P
|
5cae863d50 |
Merge android-4.14.157 (13855a6) into msm-4.14
* refs/heads/tmp-13855a6: Linux 4.14.157 x86/hyperv: mark hyperv_init as __init function KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel powerpc/book3s64: Fix link stack flush on context switch powerpc/64s: support nospectre_v2 cmdline option staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error USB: serial: option: add support for Foxconn T77W968 LTE modules USB: serial: option: add support for DW5821e with eSIM support USB: serial: mos7840: fix remote wakeup USB: serial: mos7720: fix remote wakeup USB: serial: mos7840: add USB ID to support Moxa UPort 2210 appledisplay: fix error handling in the scheduled work USB: chaoskey: fix error case of a timeout usb-serial: cp201x: support Mark-10 digital force gauge usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() usbip: tools: fix fd leakage in the function of read_attr_usbip_status virtio_ring: fix return code on DMA mapping fails media: imon: invalid dereference in imon_touch_event media: cxusb: detect cxusb_ctrl_msg error in query media: b2c2-flexcop-usb: add sanity checking media: uvcvideo: Fix error path in control parsing failure cpufreq: Add NULL checks to show() and store() methods of cpufreq media: usbvision: Fix races among open, close, and disconnect media: vivid: Fix wrong locking that causes race conditions on streaming stop media: vivid: Set vid_cap_streaming and vid_out_streaming to true nfc: port100: handle command failure cleanly nbd: prevent memory leak x86/speculation: Fix redundant MDS mitigation message x86/speculation: Fix incorrect MDS/TAA mitigation status x86/insn: Fix awk regexp warnings ARC: perf: Accommodate big-endian CPU ARM: 8904/1: skip nomap memblocks while finding the lowmem/highmem boundary ocfs2: remove ocfs2_is_o2cb_active() cpufreq: Skip cpufreq resume if it's not suspended arm64: fix for bad_mode() handler to always result in panic net: phy: dp83867: increase SGMII autoneg timer duration net: phy: dp83867: fix speed 10 in sgmii mode mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() md/raid10: prevent access of uninitialized resync_pages offset ath9k_hw: fix uninitialized variable data ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved Bluetooth: Fix invalid-free in bcsp_close() cfg80211: call disconnect_wk when AP stops ipv6: Fix handling of LLA with VRF and sockets bound to VRF mm/memory_hotplug: Do not unlock when fails to take the device_hotplug_lock i2c: uniphier-f: fix timeout error after reading 8 bytes spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch PCI: keystone: Use quirk to limit MRRS for K2G pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces of: unittest: allow base devicetree to have symbol metadata net: bcmgenet: return correct value 'ret' from bcmgenet_power_down ACPICA: Use %d for signed int print formatting instead of %u vrf: mark skb for multicast or link-local as enslaved to VRF dlm: don't leak kernel pointer to userspace dlm: fix invalid free scsi: lpfc: Correct loss of fc4 type on remote port address change scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces scsi: megaraid_sas: Fix goto labels in error handling scsi: megaraid_sas: Fix msleep granularity scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11 scsi: mpt3sas: Don't modify EEDPTagMode field setting on SAS3.5 HBA devices scsi: mpt3sas: Fix Sync cache command failure during driver unload net: dsa: bcm_sf2: Turn on PHY to allow successful registration rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information wireless: airo: potential buffer overflow in sprintf() brcmsmac: never log "tid x is not agg'able" by default rtl8xxxu: Fix missing break in switch wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' wil6210: fix locking in wmi_call btrfs: avoid link error with CONFIG_NO_AUTO_INLINE audit: print empty EXECVE args clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS sched/fair: Don't increase sd->balance_interval on newidle balance sched/topology: Fix off by one bug net: do not abort bulk send on BQL status ocfs2: fix clusters leak in ocfs2_defrag_extent() ocfs2: don't put and assigning null to bh allocated outside arm64: makefile fix build of .i file in external module case ntb: intel: fix return value for ndev_vec_mask() ntb_netdev: fix sleep time mismatch net: hns3: bugfix for buffer not free problem during resetting igb: shorten maximum PHC timecounter update interval mm/memory_hotplug: make add_memory() take the device_hotplug_lock fs/hfs/extent.c: fix array out of bounds read of array extent hfs: update timestamp on truncate() hfsplus: update timestamps on truncate() hfs: fix return value of hfs_get_block() hfsplus: fix return value of hfsplus_get_block() hfs: prevent btree data loss on ENOSPC hfsplus: prevent btree data loss on ENOSPC hfs: fix BUG on bnode parent update hfsplus: fix BUG on bnode parent update linux/bitmap.h: fix type of nbits in bitmap_shift_right() linux/bitmap.h: handle constant zero-size bitmaps correctly selftests/powerpc/cache_shape: Fix out-of-tree build selftests/powerpc/switch_endian: Fix out-of-tree build selftests/powerpc/signal: Fix out-of-tree build powerpc/xmon: Relax frame size for clang vfs: avoid problematic remapping requests into partial EOF block um: Make line/tty semantics use true write IRQ i2c: uniphier-f: fix race condition when IRQ is cleared i2c: uniphier-f: fix occasional timeout error i2c: uniphier-f: make driver robust against concurrency block: fix the DISCARD request merge macsec: let the administrator set UP state even if lowerdev is down macsec: update operstate when lower device changes mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() arm64: lib: use C string functions with KASAN enabled sparc64: Rework xchg() definition to avoid warnings. powerpc/process: Fix flush_all_to_thread for SPE bpf: devmap: fix wrong interface selection in notifier_call thermal: rcar_thermal: Prevent hardware access during system suspend selftests: watchdog: Fix error message. selftests: watchdog: fix message when /dev/watchdog open fails selftests/ftrace: Fix to test kprobe $comm arg only if available mfd: max8997: Enale irq-wakeup unconditionally mfd: intel_soc_pmic_bxtwc: Chain power button IRQs as well mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values mfd: arizona: Correct calling of runtime_put_sync net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode qlcnic: fix a return in qlcnic_dcb_get_capability() mISDN: Fix type of switch control variable in ctrl_teimanager f2fs: fix to spread clear_cold_data() rtc: s35390a: Change buf's type to u8 in s35390a_init ceph: fix dentry leak in ceph_readdir_prepopulate powerpc/pseries: Export raw per-CPU VPA data via debugfs sparc: Fix parport build warnings. spi: omap2-mcspi: Set FIFO DMA trigger level to word length s390/perf: Return error when debug_register fails atm: zatm: Fix empty body Clang warnings sunrpc: safely reallow resvport min/max inversion SUNRPC: Fix a compile warning for cmpxchg64() dm raid: avoid bitmap with raid4/5/6 journal device usbip: tools: fix atoi() on non-null terminated string USB: misc: appledisplay: fix backlight update_status return code PCI: vmd: Detach resources after stopping root bus macintosh/windfarm_smu_sat: Fix debug output ALSA: i2c/cs8427: Fix int to char conversion PM / Domains: Deal with multiple states but no governor in genpd kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack xfs: fix use-after-free race in xfs_buf_rele net: ena: Fix Kconfig dependency on X86 net: fix warning in af_unix net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed scsi: dc395x: fix DMA API usage in sg_update_list scsi: dc395x: fix dma API usage in srb_done ASoC: tegra_sgtl5000: fix device_node refcounting clk: at91: audio-pll: fix audio pmc type clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk nvmet-fcloop: suppress a compiler warning crypto: ccree - avoid implicit enum conversion scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param scsi: isci: Change sci_controller_start_task's return type to sci_status scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler KVM/x86: Fix invvpid and invept register operand size in 64-bit mode KVM: nVMX: reset cache/shadows when switching loaded VMCS scsi: ips: fix missing break in switch qed: Align local and global PTT to propagate through the APIs. amiflop: clean up on errors during setup pwm: lpss: Only set update bit if we are actually changing the settings pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' RDMA/bnxt_re: Fix qp async event reporting m68k: fix command-line parsing when passed from u-boot w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size). misc: mic: fix a DMA pool free failure gsmi: Fix bug in append_to_eventlog sysfs handler btrfs: handle error of get_old_root mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail spi: sh-msiof: fix deferred probing cdrom: don't attempt to fiddle with cdo->capability skd: fixup usage of legacy IO API ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem brcmsmac: AP mode: update beacon when TIM changes EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field powerpc/boot: Disable vector instructions powerpc: Fix signedness bug in update_flash_db() synclink_gt(): fix compat_ioctl() pty: fix compat ioctls gfs2: Fix marking bitmaps non-full printk: fix integer overflow in setup_log_buf() ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback mwifiex: Fix NL80211_TX_POWER_LIMITED platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ drm/i915/userptr: Try to acquire the page lock around set_page_dirty() mm/ksm.c: don't WARN if page is still mapped in remove_stable_node() Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()" virtio_console: allocate inbufs in add_port() only if it is needed nbd:fix memory leak in nbd_get_socket() tools: gpio: Correctly add make dependencies for gpio_utils gpio: max77620: Fixup debounce delays vhost/vsock: split packets to send using multiple buffers net/sched: act_pedit: fix WARN() in the traffic path net/mlxfw: Verify FSM error code translation doesn't exceed array size net/mlx5e: Fix set vf link state error flow sfc: Only cancel the PPS workqueue if it exists net: rtnetlink: prevent underflows in do_setvfinfo() net/mlx4_en: fix mlx4 ethtool -N insertion ANDROID: removed CONFIG_PM_WAKELOCKS Conflicts: block/blk-merge.c drivers/pinctrl/qcom/pinctrl-spmi-gpio.c Discarding the commit "block: fix the DISCARD request merge" as it is causing stability issues. Change-Id: I05fea476d3bce65663beac6552d7d5c6cd7445d5 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
Aniket Randive
|
26e2629e54 |
usb: misc: Add host driver support for telematics PIDs
Add host driver support for the new telematics PIDs such as 910A, 910B, 910C and 910D. Change-Id: Ic872ed72a943818eb9e24a68b69dde34b8f1a326 Signed-off-by: Aniket Randive <arandive@codeaurora.org> |
||
Blagovest Kolenichev
|
9f5be70fa4 |
Merge android-4.14-q.154 (b7f5267) into msm-4.14
* refs/heads/tmp-b7f5267: usb: gadget: configfs: Fix missing spin_lock_init() Linux 4.14.154 kvm: x86: mmu: Recovery of shattered NX large pages kvm: Add helper function for creating VM worker threads kvm: mmu: ITLB_MULTIHIT mitigation KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active KVM: x86: add tracepoints around __direct_map and FNAME(fetch) KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON KVM: x86: remove now unneeded hugepage gfn adjustment KVM: x86: make FNAME(fetch) and __direct_map more similar kvm: mmu: Do not release the page inside mmu_set_spte() kvm: Convert kvm_lock to a mutex kvm: x86, powerpc: do not allow clearing largepages debugfs entry Documentation: Add ITLB_MULTIHIT documentation cpu/speculation: Uninline and export CPU mitigations helpers x86/cpu: Add Tremont to the cpu vulnerability whitelist x86/bugs: Add ITLB_MULTIHIT bug infrastructure x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs x86/tsx: Add config options to set tsx=on|off|auto x86/speculation/taa: Add documentation for TSX Async Abort x86/tsx: Add "auto" option to the tsx= cmdline parameter kvm/x86: Export MDS_NO=0 to guests when TSX is enabled x86/speculation/taa: Add sysfs reporting for TSX Async Abort x86/speculation/taa: Add mitigation for TSX Async Abort x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default x86/cpu: Add a helper function x86_read_arch_cap_msr() x86/msr: Add the IA32_TSX_CTRL MSR KVM: x86: use Intel speculation bugs and features as derived in generic x86 code drm/i915/cmdparser: Fix jump whitelist clearing drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/cmdparser: Ignore Length operands during command matching drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Use explicit goto for error paths drm/i915: Add gen9 BCS cmdparsing drm/i915: Allow parsing of unsized batches drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Add support for mandatory cmdparsing drm/i915: Remove Master tables from cmdparser drm/i915: Disable Secure Batches for gen6+ drm/i915: Rename gen7 cmdparser tables drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Don't use GPU relocations prior to cmdparser stalls drm/i915: Silence smatch for cmdparser drm/i915/cmdparser: Do not check past the cmd length. drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/gtt: Disable read-only support under GVT drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Add read only pages to gen8_pte_encode net: prevent load/store tearing on sk->sk_stamp usbip: Fix free of unallocated memory in vhci tx cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead mm/filemap.c: don't initiate writeback if mapping has no dirty pages can: flexcan: disable completely the ECC mechanism x86/apic/32: Avoid bogus LDR warnings x86/apic: Drop logical_smp_processor_id() inline x86/apic: Move pending interrupt check code into it's own function e1000: fix memory leaks igb: Fix constant media auto sense switching when no cable is connected net: ethernet: arc: add the missed clk_disable_unprepare NFSv4: Don't allow a cached open with a revoked delegation hv_netvsc: Fix error handling in netvsc_attach() net: hisilicon: Fix "Trying to free already-free IRQ" fjes: Handle workqueue allocation failure scsi: qla2xxx: stop timer in shutdown path RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case USB: ldusb: use unsigned size format specifiers USB: Skip endpoints with 0 maxpacket length perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity usb: dwc3: remove the call trace of USBx_GFLADJ usb: gadget: configfs: fix concurrent issue between composite APIs usb: gadget: composite: Fix possible double free memory bug usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: fsl: Check memory resource before releasing it macsec: fix refcnt leak in module exit routine bonding: fix unexpected IFF_BONDING bit unset ipvs: move old_secure_tcp into struct netns_ipvs ipvs: don't ignore errors in case refcounting ip_vs module fails scsi: qla2xxx: Initialized mailbox to prevent driver load failure scsi: lpfc: Honor module parameter lpfc_use_adisc net: openvswitch: free vport unless register_netdevice() succeeds RDMA/uverbs: Prevent potential underflow scsi: qla2xxx: fixup incorrect usage of host_byte net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq RDMA/qedr: Fix reported firmware version HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 usbip: Implement SG support to vhci-hcd and stub driver usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path lib/scatterlist: Introduce sgl_alloc() and sgl_free() sched/fair: Fix -Wunused-but-set-variable warnings sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices ARM: dts: dra7: Disable USB metastability workaround for USB2 cpufreq: ti-cpufreq: add missing of_node_put() i2c: omap: Trigger bus recovery in lockup case ASoC: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' ASoC: davinci: Kill BUG_ON() usage ASoC: davinci-mcasp: Handle return value of devm_kasprintf ASoC: tlv320dac31xx: mark expected switch fall-through mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi() PCI: dra7xx: Add shutdown handler to cleanly turn off clocks misc: pci_endpoint_test: Prevent some integer overflows mtd: spi-nor: cadence-quadspi: add a delay in write sequence mtd: spi-nor: enable 4B opcodes for mx66l51235l ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes mfd: palmas: Assign the right powerhold mask for tps65917 usb: dwc3: Allow disabling of metastability workaround configfs: fix a deadlock in configfs_symlink() configfs: provide exclusion between IO and removals configfs: new object reprsenting tree fragments configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: stash the data we need into configfs_buffer at open time configfs: Fix bool initialization/comparison can: peak_usb: fix slab info leak can: mcba_usb: fix use-after-free on disconnect can: gs_usb: gs_can_open(): prevent memory leak can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak can: peak_usb: fix a potential out-of-sync while decoding packets can: c_can: c_can_poll(): only read status register after status IRQ can: usb_8dev: fix use-after-free on disconnect intel_th: pci: Add Jasper Lake PCH support intel_th: pci: Add Comet Lake PCH support netfilter: ipset: Fix an error code in ip_set_sockfn_get() netfilter: nf_tables: Align nft_expr private data to 64-bit iio: srf04: fix wrong limitation in distance measuring iio: imu: adis16480: make sure provided frequency is positive iio: adc: stm32-adc: fix stopping dma ceph: add missing check in d_revalidate snapdir handling ceph: fix use-after-free in __ceph_remove_cap() arm64: Do not mask out PTE_RDONLY in pte_same() HID: wacom: generic: Treat serial number and related fields as unsigned drm/radeon: fix si_enable_smc_cac() failed issue perf tools: Fix time sorting tools: gpio: Use !building_out_of_srctree to determine srctree dump_stack: avoid the livelock of the dump_lock mm, vmstat: hide /proc/pagetypeinfo from normal users mm: thp: handle page cache THP correctly in PageTransCompoundMap ALSA: hda/ca0132 - Fix possible workqueue stall ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: timer: Fix incorrectly assigned timer instance qede: fix NULL pointer deref in __qede_remove() NFC: st21nfca: fix double free nfc: netlink: fix double device reference drop NFC: fdp: fix incorrect free object net: usb: qmi_wwan: add support for DW5821e with eSIM support net: qualcomm: rmnet: Fix potential UAF when unregistering net: fix data-race in neigh_event_send() net: ethernet: octeon_mgmt: Account for second possible VLAN header ipv4: Fix table id reference in fib_sync_down_addr CDC-NCM: handle incomplete transfer of MTU bonding: fix state transition issue in link monitoring Conflicts: Documentation/devicetree/bindings/usb/dwc3.txt drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c drivers/usb/dwc3/core.h kernel/cpu.c Change-Id: I81b1613324c238a6e612cf1c6cf2c67ca17b4adc Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
d00a7c7600 |
Merge android-4.14-q.152 (e986400) into msm-4.14
* refs/heads/tmp-e986400:
arm64: Do not mask out PTE_RDONLY in pte_same()
Linux 4.14.152
Revert "ALSA: hda: Flush interrupts on disabling"
ALSA: timer: Fix mutex deadlock at releasing card
ALSA: timer: Simplify error path in snd_timer_open()
xfs: Correctly invert xfs_buftarg LRU isolation logic
sctp: not bind the socket in sctp_connect
sctp: fix the issue that flags are ignored when using kernel_connect
sch_netem: fix rcu splat in netem_enqueue()
net: usb: sr9800: fix uninitialized local variable
bonding: fix potential NULL deref in bond_update_slave_arr
NFC: pn533: fix use-after-free and memleaks
rxrpc: Fix call ref leak
llc: fix sk_buff leak in llc_conn_service()
llc: fix sk_buff leak in llc_sap_state_process()
dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
rtlwifi: Fix potential overflow on P2P code
arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default
s390/idle: fix cpu idle time calculation
s390/cmm: fix information leak in cmm_timeout_handler()
nl80211: fix validation of mesh path nexthop
HID: fix error message in hid_open_report()
HID: Fix assumption that devices have inputs
HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
scsi: target: cxgbit: Fix cxgbit_fw4_ack()
USB: serial: whiteheat: fix line-speed endianness
USB: serial: whiteheat: fix potential slab corruption
USB: ldusb: fix control-message timeout
USB: ldusb: fix ring-buffer locking
usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
USB: gadget: Reject endpoints with 0 maxpacket value
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
ALSA: hda/realtek - Add support for ALC623
ALSA: hda/realtek - Fix 2 front mics of codec 0x623
ALSA: bebob: Fix prototype of helper function to return negative value
fuse: truncate pending writes on O_TRUNC
fuse: flush dirty data/metadata before non-truncate setattr
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
net_sched: check cops->tcf_block in tc_bind_tclass()
USB: legousbtower: fix a signedness bug in tower_probe()
nbd: verify socket is supported during setup
tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
s390/uaccess: avoid (false positive) compiler warnings
NFSv4: Fix leak of clp->cl_acceptor string
nbd: fix possible sysfs duplicate warning
MIPS: fw: sni: Fix out of bounds init of o32 stack
MIPS: include: Mark __xchg as __always_inline
perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp
sched/vtime: Fix guest/system mis-accounting on task switch
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock()
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
ocfs2: clear zero in unaligned direct IO
x86/xen: Return from panic notifier
MIPS: include: Mark __cmpxchg as __always_inline
efi/x86: Do not clean dummy variable in kexec path
efi/cper: Fix endianness of PCIe class code
serial: mctrl_gpio: Check for NULL pointer
fs: cifs: mute -Wunused-const-variable message
gpio: max77620: Use correct unit for debounce times
tty: n_hdlc: fix build on SPARC
tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
HID: hyperv: Use in-place iterator API in the channel callback
RDMA/iwcm: Fix a lock inversion issue
RDMA/hfi1: Prevent memory leak in sdma_init
staging: rtl8188eu: fix null dereference when kzalloc fails
perf jevents: Fix period for Intel fixed counters
perf map: Fix overlapped map handling
perf tests: Avoid raising SEGV using an obvious NULL dereference
libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
iio: fix center temperature of bmc150-accel-core
iio: adc: meson_saradc: Fix memory allocation order
power: supply: max14656: fix potential use-after-free
PCI/PME: Fix possible use-after-free on remove
exec: load_script: Do not exec truncated interpreter path
media: vimc: Remove unused but set variables
ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume
mlxsw: spectrum: Set LAG port collector only when active
rtc: pcf8523: set xtal load capacitance from DT
usb: handle warm-reset port requests on hub resume
HID: Add ASUS T100CHI keyboard dock battery quirks
scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
clk: boston: unregister clks on failure in clk_boston_setup()
HID: i2c-hid: Add Odys Winbook 13 to descriptor override
x86/cpu: Add Atom Tremont (Jacobsville)
HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages()
sc16is7xx: Fix for "Unexpected interrupt: 8"
scsi: lpfc: Fix a duplicate 0711 log message number.
f2fs: flush quota blocks after turnning it off
dm: Use kzalloc for all structs with embedded biosets/mempools
dm snapshot: rework COW throttling to fix deadlock
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: use mutex instead of rw_semaphore
zram: fix race between backing_dev_show and backing_dev_store
ANDROID: overlayfs: internal getxattr operations without sepolicy checking
ANDROID: overlayfs: add __get xattr method
ANDROID: Add optional __get xattr method paired to __vfs_getxattr
Conflicts:
fs/overlayfs/namei.c
Change-Id: I39c3365b62b5d55eab2896897532ab065c786c50
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
0f3b8ff636 |
Merge android-4.14-q.151 (93b2755) into msm-4.14
* refs/heads/tmp-93b2755:
Linux 4.14.151
RDMA/cxgb4: Do not dma memory off of the stack
kvm: vmx: Basic APIC virtualization controls have three settings
kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
kvm: vmx: Introduce lapic_mode enumeration
KVM: X86: introduce invalidate_gpa argument to tlb flush
PCI: PM: Fix pci_power_up()
xen/netback: fix error path of xenvif_connect_data()
cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
pinctrl: armada-37xx: swap polarity on LED group
pinctrl: armada-37xx: fix control of pins 32 and up
x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
CIFS: avoid using MID 0xFFFF
parisc: Fix vmap memory leak in ioremap()/iounmap()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
mm/slub: fix a deadlock in show_slab_objects()
scsi: zfcp: fix reaction on bit error threshold notification
fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store()
drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
mac80211: Reject malformed SSID elements
cfg80211: wext: avoid copying malformed SSIDs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
Input: synaptics-rmi4 - avoid processing unknown IRQs
Input: da9063 - fix capability and drop KEY_SLEEP
scsi: ch: Make it possible to open a ch device multiple times again
scsi: core: try to get module before removing device
scsi: core: save/restore command resid for error handling
scsi: sd: Ignore a failure to sync cache due to lack of authorization
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
arm64/speculation: Support 'mitigations=' cmdline option
arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
arm64: Force SSBS on context switch
arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB
arm64: add sysfs vulnerability show for speculative store bypass
arm64: add sysfs vulnerability show for spectre-v2
arm64: Always enable spectre-v2 vulnerability detection
arm64: Advertise mitigation of Spectre-v2, or lack thereof
arm64: Provide a command line to disable spectre_v2 mitigation
arm64: Always enable ssb vulnerability detection
arm64: enable generic CPU vulnerabilites support
arm64: add sysfs vulnerability show for meltdown
arm64: Add sysfs vulnerability show for spectre-v1
arm64: fix SSBS sanitization
KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe
arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3
arm64: cpufeature: Detect SSBS and advertise to userspace
arm64: Get rid of __smccc_workaround_1_hvc_*
arm64: don't zero DIT on signal return
arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening
arm64: capabilities: Add support for checks based on a list of MIDRs
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
arm64: Add helpers for checking CPU MIDR against a range
arm64: capabilities: Clean up midr range helpers
arm64: capabilities: Change scope of VHE to Boot CPU feature
arm64: capabilities: Add support for features enabled early
arm64: capabilities: Restrict KPTI detection to boot-time CPUs
arm64: capabilities: Introduce weak features based on local CPU
arm64: capabilities: Group handling of features and errata workarounds
arm64: capabilities: Allow features based on local CPU scope
arm64: capabilities: Split the processing of errata work arounds
arm64: capabilities: Prepare for grouping features and errata work arounds
arm64: capabilities: Filter the entries based on a given mask
arm64: capabilities: Unify the verification
arm64: capabilities: Add flags to handle the conflicts on late CPU
arm64: capabilities: Prepare for fine grained capabilities
arm64: capabilities: Move errata processing code
arm64: capabilities: Move errata work around check on boot CPU
arm64: capabilities: Update prototype for enable call back
arm64: Introduce sysreg_clear_set()
arm64: add PSR_AA32_* definitions
arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h>
arm64: Expose Arm v8.4 features
arm64: Documentation: cpu-feature-registers: Remove RES0 fields
arm64: v8.4: Support for new floating point multiplication instructions
arm64: Fix the feature type for ID register fields
arm64: Expose support for optional ARMv8-A features
arm64: sysreg: Move to use definitions for all the SCTLR bits
USB: ldusb: fix read info leaks
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix memleak on disconnect
USB: serial: ti_usb_3410_5052: fix port-close races
usb: udc: lpc32xx: fix bad bit shift operation
ALSA: hda/realtek - Add support for ALC711
USB: legousbtower: fix memleak on disconnect
memfd: Fix locking when tagging pins
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
net: avoid potential infinite loop in tc_ctl_action()
sctp: change sctp_prot .no_autobind with true
net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
net: i82596: fix dma_alloc_attr for sni_82596
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
ocfs2: fix panic due to ocfs2_wq is null
Revert "drm/radeon: Fix EEH during kexec"
md/raid0: fix warning message for parameter default_layout
namespace: fix namespace.pl script to support relative paths
r8152: Set macpassthru in reset_resume callback
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
mac80211: fix txq null pointer dereference
nl80211: fix null pointer dereference
xen/efi: Set nonblocking callbacks
MIPS: dts: ar9331: fix interrupt-controller size
net: dsa: qca8k: Use up to 7 ports for all operations
ARM: dts: am4372: Set memory bandwidth limit for DISPC
ieee802154: ca8210: prevent memory leak
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
scsi: megaraid: disable device when probe failed after enabled device
scsi: ufs: skip shutdown if hba is not powered
rtlwifi: Fix potential overflow on P2P code
ANDROID: clang: update to 9.0.8 based on r365631c
ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
ANDROID: refactor build.config files to remove duplication
Conflicts:
arch/arm64/include/asm/cpucaps.h
arch/arm64/include/asm/cputype.h
arch/arm64/include/asm/processor.h
arch/arm64/include/asm/ptrace.h
arch/arm64/include/asm/sysreg.h
arch/arm64/include/uapi/asm/hwcap.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/cpufeature.c
arch/arm64/kernel/ssbd.c
Change-Id: Ia6d7b060214022efcb061ea4029bb583e4a68aa2
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
qctecmdr
|
3cbe813dc7 | Merge "usb: misc: ks_bridge: Add support for 900E PID" | ||
Ajay Agarwal
|
bf29a23d6b |
usb: misc: ks_bridge: Add support for 900E PID
Some compositions might not have diag as the first interface. If a device goes to download mode from such a composition and the device has never been in a composition having diag as the first interface, the diag_dload cookie has 900E PID value. So add support for this PID in the ks_bridge device_id table to add download mode support. Also remove support for 90EF and 90F0. Change-Id: I75ccbaa4de82216c3a2b724aaa0a71617f3e3701 Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org> |
||
|
Ajay Agarwal
|
64fc8cb766 |
usb: mdm_data: Add support for QDLOADER bridging
Add necessary support to flash images to connected MDM in EDL
mode from host PC, via external AP. Also, add a module parameter
'prevent_edl_probe' to prevent 9008 PID (EDL PID) to bind to
ks_bridge driver.
Usage:
To prevent binding to ks_bridge and bind to mdm_data_bridge:
echo 1 > /sys/module/ks_bridge/parameters/prevent_edl_probe
To switch back to default behavior (allow bind to ks_bridge):
echo 0 > /sys/module/ks_bridge/parameters/prevent_edl_probe
While at it, fix potential null pointer dereference in
data_bridge_write.
Change-Id: I170c820803f016a03dcc5952424358e1a9835cfa
Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org>
|
||
Greg Kroah-Hartman
|
13855a652b |
This is the 4.14.157 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3jdnkACgkQONu9yGCS aT63nhAAnjTfLWAkeluVyLdyTRSoAedY21PJUtMYJVsULQcU886kRluCuz9Md/Um GVuZDTqlsXroH88xeiwKLsjt8bYOnjFwWQKoexi4MjtePkTkhmEAca3zl5CG7GH6 /e4VdkYvGMc9/+Lkv/+lBgZx7w+hoSEpEyAQ9NFFDDySEnzKpdg66e4fuSU54xhH 9sHAc/dpQX3a9+tgCs5V+tMczGqJH04MiX3zjS/SYvbI45QTOse4KVsZdxuHE0ip Ls4vEporl0C08bnZwyjFaJ7qT/j5vcXAGQ2ikqpegn/jSThG3rgPE1NB4+rUvLS6 3CRcu6CLuoYIpo/7BAzjZTPbYbgDwXqk3P9SSxSGHtt/Iy3nQ0Qt7J129IloHqm8 6mpqtM+D1xbxM/bi7C/16HAYmENos3HW5mv835yc8Xa7hi47FuQCNLY1cRYssDnE RxsCOni/im5Zp+rxbWmXGr0m/BZ7B2P5KdwXuUIeMVit2ROcDKy6DxZNH05RpjDp tTCqjSB27ubl6IfmvSsOD6JjHHNRqgvzsW8PVaSI/dx0jfiAOvn/tRoeHf/gNLQ4 SXVsYCpXyRgGCysABnYOT84ZioGpJABCQDDC6Tpoc8ikbGU7YA3Ju7vpGBl0qBAU 8S/Z0LHoGZFJtIVbJei3176QE/uASDqLctIR6FZMJuw+6pfXEZE= =cWv6 -----END PGP SIGNATURE----- Merge 4.14.157 into android-4.14 Changes in 4.14.157 net/mlx4_en: fix mlx4 ethtool -N insertion net: rtnetlink: prevent underflows in do_setvfinfo() sfc: Only cancel the PPS workqueue if it exists net/mlx5e: Fix set vf link state error flow net/mlxfw: Verify FSM error code translation doesn't exceed array size net/sched: act_pedit: fix WARN() in the traffic path vhost/vsock: split packets to send using multiple buffers gpio: max77620: Fixup debounce delays tools: gpio: Correctly add make dependencies for gpio_utils nbd:fix memory leak in nbd_get_socket() virtio_console: allocate inbufs in add_port() only if it is needed Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()" mm/ksm.c: don't WARN if page is still mapped in remove_stable_node() drm/i915/userptr: Try to acquire the page lock around set_page_dirty() platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi mwifiex: Fix NL80211_TX_POWER_LIMITED ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback printk: fix integer overflow in setup_log_buf() gfs2: Fix marking bitmaps non-full pty: fix compat ioctls synclink_gt(): fix compat_ioctl() powerpc: Fix signedness bug in update_flash_db() powerpc/boot: Disable vector instructions powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() brcmsmac: AP mode: update beacon when TIM changes ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem skd: fixup usage of legacy IO API cdrom: don't attempt to fiddle with cdo->capability spi: sh-msiof: fix deferred probing mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail btrfs: handle error of get_old_root gsmi: Fix bug in append_to_eventlog sysfs handler misc: mic: fix a DMA pool free failure w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size). m68k: fix command-line parsing when passed from u-boot RDMA/bnxt_re: Fix qp async event reporting pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' pwm: lpss: Only set update bit if we are actually changing the settings amiflop: clean up on errors during setup qed: Align local and global PTT to propagate through the APIs. scsi: ips: fix missing break in switch KVM: nVMX: reset cache/shadows when switching loaded VMCS KVM/x86: Fix invvpid and invept register operand size in 64-bit mode scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler scsi: isci: Change sci_controller_start_task's return type to sci_status scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param crypto: ccree - avoid implicit enum conversion nvmet-fcloop: suppress a compiler warning clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk clk: at91: audio-pll: fix audio pmc type ASoC: tegra_sgtl5000: fix device_node refcounting scsi: dc395x: fix dma API usage in srb_done scsi: dc395x: fix DMA API usage in sg_update_list net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed net: fix warning in af_unix net: ena: Fix Kconfig dependency on X86 xfs: fix use-after-free race in xfs_buf_rele kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack PM / Domains: Deal with multiple states but no governor in genpd ALSA: i2c/cs8427: Fix int to char conversion macintosh/windfarm_smu_sat: Fix debug output PCI: vmd: Detach resources after stopping root bus USB: misc: appledisplay: fix backlight update_status return code usbip: tools: fix atoi() on non-null terminated string dm raid: avoid bitmap with raid4/5/6 journal device SUNRPC: Fix a compile warning for cmpxchg64() sunrpc: safely reallow resvport min/max inversion atm: zatm: Fix empty body Clang warnings s390/perf: Return error when debug_register fails spi: omap2-mcspi: Set FIFO DMA trigger level to word length sparc: Fix parport build warnings. powerpc/pseries: Export raw per-CPU VPA data via debugfs ceph: fix dentry leak in ceph_readdir_prepopulate rtc: s35390a: Change buf's type to u8 in s35390a_init f2fs: fix to spread clear_cold_data() mISDN: Fix type of switch control variable in ctrl_teimanager qlcnic: fix a return in qlcnic_dcb_get_capability() net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode mfd: arizona: Correct calling of runtime_put_sync mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values mfd: intel_soc_pmic_bxtwc: Chain power button IRQs as well mfd: max8997: Enale irq-wakeup unconditionally selftests/ftrace: Fix to test kprobe $comm arg only if available selftests: watchdog: fix message when /dev/watchdog open fails selftests: watchdog: Fix error message. thermal: rcar_thermal: Prevent hardware access during system suspend bpf: devmap: fix wrong interface selection in notifier_call powerpc/process: Fix flush_all_to_thread for SPE sparc64: Rework xchg() definition to avoid warnings. arm64: lib: use C string functions with KASAN enabled fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock macsec: update operstate when lower device changes macsec: let the administrator set UP state even if lowerdev is down block: fix the DISCARD request merge i2c: uniphier-f: make driver robust against concurrency i2c: uniphier-f: fix occasional timeout error i2c: uniphier-f: fix race condition when IRQ is cleared um: Make line/tty semantics use true write IRQ vfs: avoid problematic remapping requests into partial EOF block powerpc/xmon: Relax frame size for clang selftests/powerpc/signal: Fix out-of-tree build selftests/powerpc/switch_endian: Fix out-of-tree build selftests/powerpc/cache_shape: Fix out-of-tree build linux/bitmap.h: handle constant zero-size bitmaps correctly linux/bitmap.h: fix type of nbits in bitmap_shift_right() hfsplus: fix BUG on bnode parent update hfs: fix BUG on bnode parent update hfsplus: prevent btree data loss on ENOSPC hfs: prevent btree data loss on ENOSPC hfsplus: fix return value of hfsplus_get_block() hfs: fix return value of hfs_get_block() hfsplus: update timestamps on truncate() hfs: update timestamp on truncate() fs/hfs/extent.c: fix array out of bounds read of array extent mm/memory_hotplug: make add_memory() take the device_hotplug_lock igb: shorten maximum PHC timecounter update interval net: hns3: bugfix for buffer not free problem during resetting ntb_netdev: fix sleep time mismatch ntb: intel: fix return value for ndev_vec_mask() arm64: makefile fix build of .i file in external module case ocfs2: don't put and assigning null to bh allocated outside ocfs2: fix clusters leak in ocfs2_defrag_extent() net: do not abort bulk send on BQL status sched/topology: Fix off by one bug sched/fair: Don't increase sd->balance_interval on newidle balance openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock audit: print empty EXECVE args btrfs: avoid link error with CONFIG_NO_AUTO_INLINE wil6210: fix locking in wmi_call wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' rtl8xxxu: Fix missing break in switch brcmsmac: never log "tid x is not agg'able" by default wireless: airo: potential buffer overflow in sprintf() rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information net: dsa: bcm_sf2: Turn on PHY to allow successful registration scsi: mpt3sas: Fix Sync cache command failure during driver unload scsi: mpt3sas: Don't modify EEDPTagMode field setting on SAS3.5 HBA devices scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11 scsi: megaraid_sas: Fix msleep granularity scsi: megaraid_sas: Fix goto labels in error handling scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces scsi: lpfc: Correct loss of fc4 type on remote port address change dlm: fix invalid free dlm: don't leak kernel pointer to userspace vrf: mark skb for multicast or link-local as enslaved to VRF ACPICA: Use %d for signed int print formatting instead of %u net: bcmgenet: return correct value 'ret' from bcmgenet_power_down of: unittest: allow base devicetree to have symbol metadata cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD PCI: keystone: Use quirk to limit MRRS for K2G spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch i2c: uniphier-f: fix timeout error after reading 8 bytes mm/memory_hotplug: Do not unlock when fails to take the device_hotplug_lock ipv6: Fix handling of LLA with VRF and sockets bound to VRF cfg80211: call disconnect_wk when AP stops Bluetooth: Fix invalid-free in bcsp_close() KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe ath9k_hw: fix uninitialized variable data md/raid10: prevent access of uninitialized resync_pages offset mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() net: phy: dp83867: fix speed 10 in sgmii mode net: phy: dp83867: increase SGMII autoneg timer duration arm64: fix for bad_mode() handler to always result in panic cpufreq: Skip cpufreq resume if it's not suspended ocfs2: remove ocfs2_is_o2cb_active() ARM: 8904/1: skip nomap memblocks while finding the lowmem/highmem boundary ARC: perf: Accommodate big-endian CPU x86/insn: Fix awk regexp warnings x86/speculation: Fix incorrect MDS/TAA mitigation status x86/speculation: Fix redundant MDS mitigation message nbd: prevent memory leak nfc: port100: handle command failure cleanly media: vivid: Set vid_cap_streaming and vid_out_streaming to true media: vivid: Fix wrong locking that causes race conditions on streaming stop media: usbvision: Fix races among open, close, and disconnect cpufreq: Add NULL checks to show() and store() methods of cpufreq media: uvcvideo: Fix error path in control parsing failure media: b2c2-flexcop-usb: add sanity checking media: cxusb: detect cxusb_ctrl_msg error in query media: imon: invalid dereference in imon_touch_event virtio_ring: fix return code on DMA mapping fails usbip: tools: fix fd leakage in the function of read_attr_usbip_status usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() usb-serial: cp201x: support Mark-10 digital force gauge USB: chaoskey: fix error case of a timeout appledisplay: fix error handling in the scheduled work USB: serial: mos7840: add USB ID to support Moxa UPort 2210 USB: serial: mos7720: fix remote wakeup USB: serial: mos7840: fix remote wakeup USB: serial: option: add support for DW5821e with eSIM support USB: serial: option: add support for Foxconn T77W968 LTE modules staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error powerpc/64s: support nospectre_v2 cmdline option powerpc/book3s64: Fix link stack flush on context switch KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel x86/hyperv: mark hyperv_init as __init function Linux 4.14.157 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Oliver Neukum
|
dd41c3f591 |
appledisplay: fix error handling in the scheduled work
commit 91feb01596e5efc0cc922cc73f5583114dccf4d2 upstream. The work item can operate on 1. stale memory left over from the last transfer the actual length of the data transfered needs to be checked 2. memory already freed the error handling in appledisplay_probe() needs to cancel the work in that case Reported-and-tested-by: syzbot+495dab1f175edc9c2f13@syzkaller.appspotmail.com Signed-off-by: Oliver Neukum <oneukum@suse.com> Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20191106124902.7765-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Oliver Neukum
|
79ac186da1 |
USB: chaoskey: fix error case of a timeout
commit 92aa5986f4f7b5a8bf282ca0f50967f4326559f5 upstream. In case of a timeout or if a signal aborts a read communication with the device needs to be ended lest we overwrite an active URB the next time we do IO to the device, as the URB may still be active. Signed-off-by: Oliver Neukum <oneukum@suse.de> Cc: stable <stable@vger.kernel.org> Link: https://lore.kernel.org/r/20191107142856.16774-1-oneukum@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Mattias Jacobsson
|
1827fafe48 |
USB: misc: appledisplay: fix backlight update_status return code
[ Upstream commit 090158555ff8d194a98616034100b16697dd80d0 ] Upon success the update_status handler returns a positive number corresponding to the number of bytes transferred by usb_control_msg. However the return code of the update_status handler should indicate if an error occurred(negative) or how many bytes of the user's input to sysfs that was consumed. Return code zero indicates all bytes were consumed. The bug can for example result in the update_status handler being called twice, the second time with only the "unconsumed" part of the user's input to sysfs. Effectively setting an incorrect brightness. Change the update_status handler to return zero for all successful transactions and forward usb_control_msg's error code upon failure. Signed-off-by: Mattias Jacobsson <2pi@mok.nu> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
qctecmdr
|
7dc1d0e2a8 | Merge "Merge android-4.14-q.150 (80f767f) into msm-4.14" | ||
|
Greg Kroah-Hartman
|
babe48d2e9 |
This is the 4.14.154 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3K950ACgkQONu9yGCS aT7RzBAAujUlFkoT646z8Zi6najTF9/Bcpkt48h0QbGAlp44OvwzqTv0Vk9cp6hy WdCLIvH5SE2MzokMzIoanr4p2JKTBNk1FxCUYdXgGfETNbraplNRQ9yxyWo2G7Ic koWhEwQO2u7bbalD+kxbfG6w3yQN1mpTzUFzTS5lsK2IMD4WrNk0V2CNEZAPNBf/ QBig/z8ixbEHRvp7uFI/v8W/QyimQ1uVxs9nsVsAlgsQA+hUnywRXaYgeYRjEw+s x7g3FCxuvjzNEpboijSTXiUqbY33HCnSoRB+GC4IzdDQ6MBJ8blC96+jBpQM2Vhf 1nHqMB6G4BRVuC4dI/XQ3KxGxsVGEwgzuQags4mMHgXeudVoYQgntjpJlJyu5h5Y yQ4NZSRiKDY27AO1tnst2jjQwNDGF8dS4FPB/KpCNGjOlzFb351q34Lqj8fEoCt6 O3822FFjA5OhnrlqgRwIuf2qN8po+iJWR2Dg3jZXizs/eO2PBZ1h5tUNDB03MQEr Y43DeRogWCFoaYTET198qBw6pJGNYbmKR2H0LAlGpyJsGkfsSHQVks+KT5EaiCCL 96hRGZ5V1vs/hdqAB1rDMG7AVXQC51zOK5aMjvJ0jzEjRCO2fulOHH0nfaQAGhaD JhZc8eYouLj1p1+3K7yHzYZSWdzDH11182a7aHA5wd8ZTBonr0A= =qwqY -----END PGP SIGNATURE----- Merge 4.14.154 into android-4.14 Changes in 4.14.154 bonding: fix state transition issue in link monitoring CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: ethernet: octeon_mgmt: Account for second possible VLAN header net: fix data-race in neigh_event_send() net: qualcomm: rmnet: Fix potential UAF when unregistering net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock tools: gpio: Use !building_out_of_srctree to determine srctree perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue HID: wacom: generic: Treat serial number and related fields as unsigned arm64: Do not mask out PTE_RDONLY in pte_same() ceph: fix use-after-free in __ceph_remove_cap() ceph: add missing check in d_revalidate snapdir handling iio: adc: stm32-adc: fix stopping dma iio: imu: adis16480: make sure provided frequency is positive iio: srf04: fix wrong limitation in distance measuring netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() intel_th: pci: Add Comet Lake PCH support intel_th: pci: Add Jasper Lake PCH support can: usb_8dev: fix use-after-free on disconnect can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak can: gs_usb: gs_can_open(): prevent memory leak can: mcba_usb: fix use-after-free on disconnect can: peak_usb: fix slab info leak configfs: Fix bool initialization/comparison configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() usb: dwc3: Allow disabling of metastability workaround mfd: palmas: Assign the right powerhold mask for tps65917 ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes mtd: spi-nor: enable 4B opcodes for mx66l51235l mtd: spi-nor: cadence-quadspi: add a delay in write sequence misc: pci_endpoint_test: Prevent some integer overflows PCI: dra7xx: Add shutdown handler to cleanly turn off clocks misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi() mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone ASoC: tlv320dac31xx: mark expected switch fall-through ASoC: davinci-mcasp: Handle return value of devm_kasprintf ASoC: davinci: Kill BUG_ON() usage ASoC: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' i2c: omap: Trigger bus recovery in lockup case cpufreq: ti-cpufreq: add missing of_node_put() ARM: dts: dra7: Disable USB metastability workaround for USB2 sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices sched/fair: Fix -Wunused-but-set-variable warnings lib/scatterlist: Introduce sgl_alloc() and sgl_free() usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Implement SG support to vhci-hcd and stub driver PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() RDMA/qedr: Fix reported firmware version net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq scsi: qla2xxx: fixup incorrect usage of host_byte RDMA/uverbs: Prevent potential underflow net: openvswitch: free vport unless register_netdevice() succeeds scsi: lpfc: Honor module parameter lpfc_use_adisc scsi: qla2xxx: Initialized mailbox to prevent driver load failure ipvs: don't ignore errors in case refcounting ip_vs module fails ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset macsec: fix refcnt leak in module exit routine usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) USB: Skip endpoints with 0 maxpacket length USB: ldusb: use unsigned size format specifiers RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case scsi: qla2xxx: stop timer in shutdown path fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" hv_netvsc: Fix error handling in netvsc_attach() NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks x86/apic: Move pending interrupt check code into it's own function x86/apic: Drop logical_smp_processor_id() inline x86/apic/32: Avoid bogus LDR warnings can: flexcan: disable completely the ECC mechanism mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead usbip: Fix free of unallocated memory in vhci tx net: prevent load/store tearing on sk->sk_stamp drm/i915/gtt: Add read only pages to gen8_pte_encode drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Disable read-only support under GVT drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check past the cmd length. drm/i915: Silence smatch for cmdparser drm/i915: Don't use GPU relocations prior to cmdparser stalls drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing KVM: x86: use Intel speculation bugs and features as derived in generic x86 code x86/msr: Add the IA32_TSX_CTRL MSR x86/cpu: Add a helper function x86_read_arch_cap_msr() x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default x86/speculation/taa: Add mitigation for TSX Async Abort x86/speculation/taa: Add sysfs reporting for TSX Async Abort kvm/x86: Export MDS_NO=0 to guests when TSX is enabled x86/tsx: Add "auto" option to the tsx= cmdline parameter x86/speculation/taa: Add documentation for TSX Async Abort x86/tsx: Add config options to set tsx=on|off|auto x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs x86/bugs: Add ITLB_MULTIHIT bug infrastructure x86/cpu: Add Tremont to the cpu vulnerability whitelist cpu/speculation: Uninline and export CPU mitigations helpers Documentation: Add ITLB_MULTIHIT documentation kvm: x86, powerpc: do not allow clearing largepages debugfs entry kvm: Convert kvm_lock to a mutex kvm: mmu: Do not release the page inside mmu_set_spte() KVM: x86: make FNAME(fetch) and __direct_map more similar KVM: x86: remove now unneeded hugepage gfn adjustment KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON KVM: x86: add tracepoints around __direct_map and FNAME(fetch) KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active kvm: mmu: ITLB_MULTIHIT mitigation kvm: Add helper function for creating VM worker threads kvm: x86: mmu: Recovery of shattered NX large pages Linux 4.14.154 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
b7f526714d |
This is the 4.14.154 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3K950ACgkQONu9yGCS aT7RzBAAujUlFkoT646z8Zi6najTF9/Bcpkt48h0QbGAlp44OvwzqTv0Vk9cp6hy WdCLIvH5SE2MzokMzIoanr4p2JKTBNk1FxCUYdXgGfETNbraplNRQ9yxyWo2G7Ic koWhEwQO2u7bbalD+kxbfG6w3yQN1mpTzUFzTS5lsK2IMD4WrNk0V2CNEZAPNBf/ QBig/z8ixbEHRvp7uFI/v8W/QyimQ1uVxs9nsVsAlgsQA+hUnywRXaYgeYRjEw+s x7g3FCxuvjzNEpboijSTXiUqbY33HCnSoRB+GC4IzdDQ6MBJ8blC96+jBpQM2Vhf 1nHqMB6G4BRVuC4dI/XQ3KxGxsVGEwgzuQags4mMHgXeudVoYQgntjpJlJyu5h5Y yQ4NZSRiKDY27AO1tnst2jjQwNDGF8dS4FPB/KpCNGjOlzFb351q34Lqj8fEoCt6 O3822FFjA5OhnrlqgRwIuf2qN8po+iJWR2Dg3jZXizs/eO2PBZ1h5tUNDB03MQEr Y43DeRogWCFoaYTET198qBw6pJGNYbmKR2H0LAlGpyJsGkfsSHQVks+KT5EaiCCL 96hRGZ5V1vs/hdqAB1rDMG7AVXQC51zOK5aMjvJ0jzEjRCO2fulOHH0nfaQAGhaD JhZc8eYouLj1p1+3K7yHzYZSWdzDH11182a7aHA5wd8ZTBonr0A= =qwqY -----END PGP SIGNATURE----- Merge 4.14.154 into android-4.14-q Changes in 4.14.154 bonding: fix state transition issue in link monitoring CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: ethernet: octeon_mgmt: Account for second possible VLAN header net: fix data-race in neigh_event_send() net: qualcomm: rmnet: Fix potential UAF when unregistering net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock tools: gpio: Use !building_out_of_srctree to determine srctree perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue HID: wacom: generic: Treat serial number and related fields as unsigned arm64: Do not mask out PTE_RDONLY in pte_same() ceph: fix use-after-free in __ceph_remove_cap() ceph: add missing check in d_revalidate snapdir handling iio: adc: stm32-adc: fix stopping dma iio: imu: adis16480: make sure provided frequency is positive iio: srf04: fix wrong limitation in distance measuring netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() intel_th: pci: Add Comet Lake PCH support intel_th: pci: Add Jasper Lake PCH support can: usb_8dev: fix use-after-free on disconnect can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak can: gs_usb: gs_can_open(): prevent memory leak can: mcba_usb: fix use-after-free on disconnect can: peak_usb: fix slab info leak configfs: Fix bool initialization/comparison configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() usb: dwc3: Allow disabling of metastability workaround mfd: palmas: Assign the right powerhold mask for tps65917 ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes mtd: spi-nor: enable 4B opcodes for mx66l51235l mtd: spi-nor: cadence-quadspi: add a delay in write sequence misc: pci_endpoint_test: Prevent some integer overflows PCI: dra7xx: Add shutdown handler to cleanly turn off clocks misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi() mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone ASoC: tlv320dac31xx: mark expected switch fall-through ASoC: davinci-mcasp: Handle return value of devm_kasprintf ASoC: davinci: Kill BUG_ON() usage ASoC: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' i2c: omap: Trigger bus recovery in lockup case cpufreq: ti-cpufreq: add missing of_node_put() ARM: dts: dra7: Disable USB metastability workaround for USB2 sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices sched/fair: Fix -Wunused-but-set-variable warnings lib/scatterlist: Introduce sgl_alloc() and sgl_free() usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Implement SG support to vhci-hcd and stub driver PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() RDMA/qedr: Fix reported firmware version net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq scsi: qla2xxx: fixup incorrect usage of host_byte RDMA/uverbs: Prevent potential underflow net: openvswitch: free vport unless register_netdevice() succeeds scsi: lpfc: Honor module parameter lpfc_use_adisc scsi: qla2xxx: Initialized mailbox to prevent driver load failure ipvs: don't ignore errors in case refcounting ip_vs module fails ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset macsec: fix refcnt leak in module exit routine usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) USB: Skip endpoints with 0 maxpacket length USB: ldusb: use unsigned size format specifiers RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case scsi: qla2xxx: stop timer in shutdown path fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" hv_netvsc: Fix error handling in netvsc_attach() NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks x86/apic: Move pending interrupt check code into it's own function x86/apic: Drop logical_smp_processor_id() inline x86/apic/32: Avoid bogus LDR warnings can: flexcan: disable completely the ECC mechanism mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead usbip: Fix free of unallocated memory in vhci tx net: prevent load/store tearing on sk->sk_stamp drm/i915/gtt: Add read only pages to gen8_pte_encode drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Disable read-only support under GVT drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check past the cmd length. drm/i915: Silence smatch for cmdparser drm/i915: Don't use GPU relocations prior to cmdparser stalls drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing KVM: x86: use Intel speculation bugs and features as derived in generic x86 code x86/msr: Add the IA32_TSX_CTRL MSR x86/cpu: Add a helper function x86_read_arch_cap_msr() x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default x86/speculation/taa: Add mitigation for TSX Async Abort x86/speculation/taa: Add sysfs reporting for TSX Async Abort kvm/x86: Export MDS_NO=0 to guests when TSX is enabled x86/tsx: Add "auto" option to the tsx= cmdline parameter x86/speculation/taa: Add documentation for TSX Async Abort x86/tsx: Add config options to set tsx=on|off|auto x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs x86/bugs: Add ITLB_MULTIHIT bug infrastructure x86/cpu: Add Tremont to the cpu vulnerability whitelist cpu/speculation: Uninline and export CPU mitigations helpers Documentation: Add ITLB_MULTIHIT documentation kvm: x86, powerpc: do not allow clearing largepages debugfs entry kvm: Convert kvm_lock to a mutex kvm: mmu: Do not release the page inside mmu_set_spte() KVM: x86: make FNAME(fetch) and __direct_map more similar KVM: x86: remove now unneeded hugepage gfn adjustment KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON KVM: x86: add tracepoints around __direct_map and FNAME(fetch) KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active kvm: mmu: ITLB_MULTIHIT mitigation kvm: Add helper function for creating VM worker threads kvm: x86: mmu: Recovery of shattered NX large pages Linux 4.14.154 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Johan Hovold
|
53746bf4e6 |
USB: ldusb: use unsigned size format specifiers
[ Upstream commit 88f6bf3846ee90bf33aa1ce848cd3bfb3229f4a4 ] A recent info-leak bug manifested itself along with warning about a negative buffer overflow: ldusb 1-1:0.28: Read buffer overflow, -131383859965943 bytes dropped when it was really a rather large positive one. A sanity check that prevents this has now been put in place, but let's fix up the size format specifiers, which should all be unsigned. Signed-off-by: Johan Hovold <johan@kernel.org> Link: https://lore.kernel.org/r/20191022143203.5260-3-johan@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
e98640004f |
This is the 4.14.152 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3CsfAACgkQONu9yGCS aT5P/Q/8CgNFLwG5vA9Nwmd5d0ToDd2cjvyDjq4erdQOagYZVmOFS44DACB6PeNz gKhCJQMdyCoeaYOnur0JPh8VL/MRWL6M6DKWpVan8FPOjDdNdFFzXkVQplPmfior Y9cV8bbpoVgW+vtF0s2dmbTZ4yAfuLRDG+KsRgMMcq/H1p5TB8Kl8U2xKgtS0Pwi mOmZPiC27H027MgUmC4xRlIhRpGJSRg4MQhMAFkbJ9yNmoX129A7sr9Mo1dW4loC 2c2d6xMCG501ysGiUxtcZmts/I4eIeIbLjuTtiBRinkraOuYAAEV7knZ3R8ODe6f reql8Tqd0KxjWvmidx+dfswmxC3sQZ+VHipsCfYA+kvWaYdI7TR+GiIYQMJksYkl mSb+jp/ql/P9gVFh3M2I9Pjqrucg3HDRQIohBIpIEhdL8Q/as4sZUlUCzL8Gyewo K2+DvlhBlpE1DkhbKAyjSrwhtmp+HAUVoPULXzRoi/D6c1B02dj9OxgHaQDL+K4x FJv/2FZdP8nL1F1K5GU6qp3PUYIgEfVwiFyeT3Mflta+px2HnK0iTOS38VzO0cEA 9E2NHBvsohjOPvGQqCfFeeP9wgAqanVyvoucRHM9gt3IESGlgJw4E9lofblIcvfg Skpo5GWkgda9IiGElXvri70QQH0R9aQGjj8PdGAp/wwugeSGwtw= =f2B7 -----END PGP SIGNATURE----- Merge 4.14.152 into android-4.14-q Changes in 4.14.152 zram: fix race between backing_dev_show and backing_dev_store dm snapshot: use mutex instead of rw_semaphore dm snapshot: introduce account_start_copy() and account_end_copy() dm snapshot: rework COW throttling to fix deadlock dm: Use kzalloc for all structs with embedded biosets/mempools f2fs: flush quota blocks after turnning it off scsi: lpfc: Fix a duplicate 0711 log message number. sc16is7xx: Fix for "Unexpected interrupt: 8" powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages() HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override x86/cpu: Add Atom Tremont (Jacobsville) HID: i2c-hid: Add Odys Winbook 13 to descriptor override clk: boston: unregister clks on failure in clk_boston_setup() scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks HID: Add ASUS T100CHI keyboard dock battery quirks usb: handle warm-reset port requests on hub resume rtc: pcf8523: set xtal load capacitance from DT mlxsw: spectrum: Set LAG port collector only when active ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume media: vimc: Remove unused but set variables exec: load_script: Do not exec truncated interpreter path PCI/PME: Fix possible use-after-free on remove power: supply: max14656: fix potential use-after-free iio: adc: meson_saradc: Fix memory allocation order iio: fix center temperature of bmc150-accel-core libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature perf tests: Avoid raising SEGV using an obvious NULL dereference perf map: Fix overlapped map handling perf jevents: Fix period for Intel fixed counters staging: rtl8188eu: fix null dereference when kzalloc fails RDMA/hfi1: Prevent memory leak in sdma_init RDMA/iwcm: Fix a lock inversion issue HID: hyperv: Use in-place iterator API in the channel callback nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419 tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()' tty: n_hdlc: fix build on SPARC gpio: max77620: Use correct unit for debounce times fs: cifs: mute -Wunused-const-variable message serial: mctrl_gpio: Check for NULL pointer efi/cper: Fix endianness of PCIe class code efi/x86: Do not clean dummy variable in kexec path MIPS: include: Mark __cmpxchg as __always_inline x86/xen: Return from panic notifier ocfs2: clear zero in unaligned direct IO fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() sched/vtime: Fix guest/system mis-accounting on task switch perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp MIPS: include: Mark __xchg as __always_inline MIPS: fw: sni: Fix out of bounds init of o32 stack nbd: fix possible sysfs duplicate warning NFSv4: Fix leak of clp->cl_acceptor string s390/uaccess: avoid (false positive) compiler warnings tracing: Initialize iter->seq after zeroing in tracing_read_pipe() nbd: verify socket is supported during setup USB: legousbtower: fix a signedness bug in tower_probe() net_sched: check cops->tcf_block in tc_bind_tclass() thunderbolt: Use 32-bit writes when writing ring producer/consumer ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() fuse: flush dirty data/metadata before non-truncate setattr fuse: truncate pending writes on O_TRUNC ALSA: bebob: Fix prototype of helper function to return negative value ALSA: hda/realtek - Fix 2 front mics of codec 0x623 ALSA: hda/realtek - Add support for ALC623 UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") USB: gadget: Reject endpoints with 0 maxpacket value usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") USB: ldusb: fix ring-buffer locking USB: ldusb: fix control-message timeout USB: serial: whiteheat: fix potential slab corruption USB: serial: whiteheat: fix line-speed endianness scsi: target: cxgbit: Fix cxgbit_fw4_ack() HID: i2c-hid: add Trekstor Primebook C11B to descriptor override HID: Fix assumption that devices have inputs HID: fix error message in hid_open_report() nl80211: fix validation of mesh path nexthop s390/cmm: fix information leak in cmm_timeout_handler() s390/idle: fix cpu idle time calculation arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default rtlwifi: Fix potential overflow on P2P code dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle llc: fix sk_buff leak in llc_sap_state_process() llc: fix sk_buff leak in llc_conn_service() rxrpc: Fix call ref leak NFC: pn533: fix use-after-free and memleaks bonding: fix potential NULL deref in bond_update_slave_arr net: usb: sr9800: fix uninitialized local variable sch_netem: fix rcu splat in netem_enqueue() sctp: fix the issue that flags are ignored when using kernel_connect sctp: not bind the socket in sctp_connect xfs: Correctly invert xfs_buftarg LRU isolation logic ALSA: timer: Simplify error path in snd_timer_open() ALSA: timer: Fix mutex deadlock at releasing card Revert "ALSA: hda: Flush interrupts on disabling" Linux 4.14.152 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
c890d5ab00 |
This is the 4.14.152 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3CsfAACgkQONu9yGCS aT5P/Q/8CgNFLwG5vA9Nwmd5d0ToDd2cjvyDjq4erdQOagYZVmOFS44DACB6PeNz gKhCJQMdyCoeaYOnur0JPh8VL/MRWL6M6DKWpVan8FPOjDdNdFFzXkVQplPmfior Y9cV8bbpoVgW+vtF0s2dmbTZ4yAfuLRDG+KsRgMMcq/H1p5TB8Kl8U2xKgtS0Pwi mOmZPiC27H027MgUmC4xRlIhRpGJSRg4MQhMAFkbJ9yNmoX129A7sr9Mo1dW4loC 2c2d6xMCG501ysGiUxtcZmts/I4eIeIbLjuTtiBRinkraOuYAAEV7knZ3R8ODe6f reql8Tqd0KxjWvmidx+dfswmxC3sQZ+VHipsCfYA+kvWaYdI7TR+GiIYQMJksYkl mSb+jp/ql/P9gVFh3M2I9Pjqrucg3HDRQIohBIpIEhdL8Q/as4sZUlUCzL8Gyewo K2+DvlhBlpE1DkhbKAyjSrwhtmp+HAUVoPULXzRoi/D6c1B02dj9OxgHaQDL+K4x FJv/2FZdP8nL1F1K5GU6qp3PUYIgEfVwiFyeT3Mflta+px2HnK0iTOS38VzO0cEA 9E2NHBvsohjOPvGQqCfFeeP9wgAqanVyvoucRHM9gt3IESGlgJw4E9lofblIcvfg Skpo5GWkgda9IiGElXvri70QQH0R9aQGjj8PdGAp/wwugeSGwtw= =f2B7 -----END PGP SIGNATURE----- Merge 4.14.152 into android-4.14 Changes in 4.14.152 zram: fix race between backing_dev_show and backing_dev_store dm snapshot: use mutex instead of rw_semaphore dm snapshot: introduce account_start_copy() and account_end_copy() dm snapshot: rework COW throttling to fix deadlock dm: Use kzalloc for all structs with embedded biosets/mempools f2fs: flush quota blocks after turnning it off scsi: lpfc: Fix a duplicate 0711 log message number. sc16is7xx: Fix for "Unexpected interrupt: 8" powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages() HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override x86/cpu: Add Atom Tremont (Jacobsville) HID: i2c-hid: Add Odys Winbook 13 to descriptor override clk: boston: unregister clks on failure in clk_boston_setup() scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks HID: Add ASUS T100CHI keyboard dock battery quirks usb: handle warm-reset port requests on hub resume rtc: pcf8523: set xtal load capacitance from DT mlxsw: spectrum: Set LAG port collector only when active ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume media: vimc: Remove unused but set variables exec: load_script: Do not exec truncated interpreter path PCI/PME: Fix possible use-after-free on remove power: supply: max14656: fix potential use-after-free iio: adc: meson_saradc: Fix memory allocation order iio: fix center temperature of bmc150-accel-core libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature perf tests: Avoid raising SEGV using an obvious NULL dereference perf map: Fix overlapped map handling perf jevents: Fix period for Intel fixed counters staging: rtl8188eu: fix null dereference when kzalloc fails RDMA/hfi1: Prevent memory leak in sdma_init RDMA/iwcm: Fix a lock inversion issue HID: hyperv: Use in-place iterator API in the channel callback nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419 tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()' tty: n_hdlc: fix build on SPARC gpio: max77620: Use correct unit for debounce times fs: cifs: mute -Wunused-const-variable message serial: mctrl_gpio: Check for NULL pointer efi/cper: Fix endianness of PCIe class code efi/x86: Do not clean dummy variable in kexec path MIPS: include: Mark __cmpxchg as __always_inline x86/xen: Return from panic notifier ocfs2: clear zero in unaligned direct IO fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry() fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock() fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc() sched/vtime: Fix guest/system mis-accounting on task switch perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp MIPS: include: Mark __xchg as __always_inline MIPS: fw: sni: Fix out of bounds init of o32 stack nbd: fix possible sysfs duplicate warning NFSv4: Fix leak of clp->cl_acceptor string s390/uaccess: avoid (false positive) compiler warnings tracing: Initialize iter->seq after zeroing in tracing_read_pipe() nbd: verify socket is supported during setup USB: legousbtower: fix a signedness bug in tower_probe() net_sched: check cops->tcf_block in tc_bind_tclass() thunderbolt: Use 32-bit writes when writing ring producer/consumer ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() fuse: flush dirty data/metadata before non-truncate setattr fuse: truncate pending writes on O_TRUNC ALSA: bebob: Fix prototype of helper function to return negative value ALSA: hda/realtek - Fix 2 front mics of codec 0x623 ALSA: hda/realtek - Add support for ALC623 UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments") USB: gadget: Reject endpoints with 0 maxpacket value usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows") USB: ldusb: fix ring-buffer locking USB: ldusb: fix control-message timeout USB: serial: whiteheat: fix potential slab corruption USB: serial: whiteheat: fix line-speed endianness scsi: target: cxgbit: Fix cxgbit_fw4_ack() HID: i2c-hid: add Trekstor Primebook C11B to descriptor override HID: Fix assumption that devices have inputs HID: fix error message in hid_open_report() nl80211: fix validation of mesh path nexthop s390/cmm: fix information leak in cmm_timeout_handler() s390/idle: fix cpu idle time calculation arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default rtlwifi: Fix potential overflow on P2P code dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle llc: fix sk_buff leak in llc_sap_state_process() llc: fix sk_buff leak in llc_conn_service() rxrpc: Fix call ref leak NFC: pn533: fix use-after-free and memleaks bonding: fix potential NULL deref in bond_update_slave_arr net: usb: sr9800: fix uninitialized local variable sch_netem: fix rcu splat in netem_enqueue() sctp: fix the issue that flags are ignored when using kernel_connect sctp: not bind the socket in sctp_connect xfs: Correctly invert xfs_buftarg LRU isolation logic ALSA: timer: Simplify error path in snd_timer_open() ALSA: timer: Fix mutex deadlock at releasing card Revert "ALSA: hda: Flush interrupts on disabling" Linux 4.14.152 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Johan Hovold
|
0675c81abe |
USB: ldusb: fix control-message timeout
commit 52403cfbc635d28195167618690595013776ebde upstream.
USB control-message timeouts are specified in milliseconds, not jiffies.
Waiting 83 minutes for a transfer to complete is a bit excessive.
Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Cc: stable <stable@vger.kernel.org> # 2.6.13
Reported-by: syzbot+a4fbb3bb76cda0ea4e58@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191022153127.22295-1-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
739ad3b6e5 |
USB: ldusb: fix ring-buffer locking
commit d98ee2a19c3334e9343df3ce254b496f1fc428eb upstream.
The custom ring-buffer implementation was merged without any locking or
explicit memory barriers, but a spinlock was later added by commit
9d33efd9a791 ("USB: ldusb bugfix").
The lock did not cover the update of the tail index once the entry had
been processed, something which could lead to memory corruption on
weakly ordered architectures or due to compiler optimisations.
Specifically, a completion handler running on another CPU might observe
the incremented tail index and update the entry before ld_usb_read() is
done with it.
Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Fixes: 9d33efd9a791 ("USB: ldusb bugfix")
Cc: stable <stable@vger.kernel.org> # 2.6.13
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191022143203.5260-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Dan Carpenter
|
d7030f05a8 |
USB: legousbtower: fix a signedness bug in tower_probe()
[ Upstream commit fd47a417e75e2506eb3672ae569b1c87e3774155 ]
The problem is that sizeof() is unsigned long so negative error codes
are type promoted to high positive values and the condition becomes
false.
Fixes: 1d427be4a39d ("USB: legousbtower: fix slab info leak at probe")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191011141115.GA4521@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Ajay Agarwal
|
812b0b213c |
usb: misc: ks_bridge: Add support for telematics PIDs
Add support for telematics PIDs so as to enable ramdump collection and flash functionality. Change-Id: If098fe87c1038d16cc2f87ac247feb8e3e10330a Signed-off-by: Ajay Agarwal <ajaya@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
2bb70f40b0 |
This is the 4.14.151 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl239a0ACgkQONu9yGCS
aT6hEw//Rlg3vjxO79bglvQA+2BUCXk8EDadSzV26UlQ/7qrB3K00yj0iyCmhNOP
ef6HIFvT8XfH2O/K5s155bhnboTv1S6ElXDBTM1gN6OAZq9++/cNprdlHZXZaWh/
yM8eZ+/tThnjHXfJ36LrK3Zam1k54otiX8BFxKrLZ8o67/Pk86SgXAHTJiGVS/Bm
WtBIjTdkVOf1OEq8Pg8lV6+iP6d9AYakrRshFOCxMh6tEPDqHBc3GIkVxa9D6+u2
GBoKiVfky83xeCh73mkehYFs+Tt2Zz1rVthLrgLmPo0Y6Ia9PpZE4CcKQZMbs/tO
vmMyoQQ4rw9cRtZKrQMmVekwTdC/w1loG/VaFA6F/1h4qBmnJKSr56Xi37JtJkcy
kfnnNw7jlbGBgWnbFlZAp8MDdxXf6bDpKWRusVgB/qr36uQ8RL1cWyCFPOTsodXQ
FlyU8mmMDfDogI32n6jYB1vTZlxpwc0drT6PxvCyt2pT+T05lz6EUTSyxQ/cUZtt
1YWNTEU5QwWcqGNOPxSGmS5Qu7vPO4wAe8OvgDAAE15ticQxxpp5p7IuuOlT/YkI
BNranSqyjiAOYGjSImcDqvaeYVcRh5fxIPibYEMkl4lB6w3kObtwUWAp1HZ+ZKOW
qcs8tjvzIiWknI7DPcJn+VcpdutKFa7BEWD0LAc88NU5EXPiDP0=
=4WBX
-----END PGP SIGNATURE-----
Merge 4.14.151 into android-4.14
Changes in 4.14.151
scsi: ufs: skip shutdown if hba is not powered
scsi: megaraid: disable device when probe failed after enabled device
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
ieee802154: ca8210: prevent memory leak
ARM: dts: am4372: Set memory bandwidth limit for DISPC
net: dsa: qca8k: Use up to 7 ports for all operations
MIPS: dts: ar9331: fix interrupt-controller size
xen/efi: Set nonblocking callbacks
nl80211: fix null pointer dereference
mac80211: fix txq null pointer dereference
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
r8152: Set macpassthru in reset_resume callback
namespace: fix namespace.pl script to support relative paths
md/raid0: fix warning message for parameter default_layout
Revert "drm/radeon: Fix EEH during kexec"
ocfs2: fix panic due to ocfs2_wq is null
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: i82596: fix dma_alloc_attr for sni_82596
net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
sctp: change sctp_prot .no_autobind with true
net: avoid potential infinite loop in tc_ctl_action()
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
memfd: Fix locking when tagging pins
USB: legousbtower: fix memleak on disconnect
ALSA: hda/realtek - Add support for ALC711
usb: udc: lpc32xx: fix bad bit shift operation
USB: serial: ti_usb_3410_5052: fix port-close races
USB: ldusb: fix memleak on disconnect
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix read info leaks
arm64: sysreg: Move to use definitions for all the SCTLR bits
arm64: Expose support for optional ARMv8-A features
arm64: Fix the feature type for ID register fields
arm64: v8.4: Support for new floating point multiplication instructions
arm64: Documentation: cpu-feature-registers: Remove RES0 fields
arm64: Expose Arm v8.4 features
arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h>
arm64: add PSR_AA32_* definitions
arm64: Introduce sysreg_clear_set()
arm64: capabilities: Update prototype for enable call back
arm64: capabilities: Move errata work around check on boot CPU
arm64: capabilities: Move errata processing code
arm64: capabilities: Prepare for fine grained capabilities
arm64: capabilities: Add flags to handle the conflicts on late CPU
arm64: capabilities: Unify the verification
arm64: capabilities: Filter the entries based on a given mask
arm64: capabilities: Prepare for grouping features and errata work arounds
arm64: capabilities: Split the processing of errata work arounds
arm64: capabilities: Allow features based on local CPU scope
arm64: capabilities: Group handling of features and errata workarounds
arm64: capabilities: Introduce weak features based on local CPU
arm64: capabilities: Restrict KPTI detection to boot-time CPUs
arm64: capabilities: Add support for features enabled early
arm64: capabilities: Change scope of VHE to Boot CPU feature
arm64: capabilities: Clean up midr range helpers
arm64: Add helpers for checking CPU MIDR against a range
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
arm64: capabilities: Add support for checks based on a list of MIDRs
arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening
arm64: don't zero DIT on signal return
arm64: Get rid of __smccc_workaround_1_hvc_*
arm64: cpufeature: Detect SSBS and advertise to userspace
arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3
KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe
arm64: fix SSBS sanitization
arm64: Add sysfs vulnerability show for spectre-v1
arm64: add sysfs vulnerability show for meltdown
arm64: enable generic CPU vulnerabilites support
arm64: Always enable ssb vulnerability detection
arm64: Provide a command line to disable spectre_v2 mitigation
arm64: Advertise mitigation of Spectre-v2, or lack thereof
arm64: Always enable spectre-v2 vulnerability detection
arm64: add sysfs vulnerability show for spectre-v2
arm64: add sysfs vulnerability show for speculative store bypass
arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB
arm64: Force SSBS on context switch
arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
arm64/speculation: Support 'mitigations=' cmdline option
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
scsi: sd: Ignore a failure to sync cache due to lack of authorization
scsi: core: save/restore command resid for error handling
scsi: core: try to get module before removing device
scsi: ch: Make it possible to open a ch device multiple times again
Input: da9063 - fix capability and drop KEY_SLEEP
Input: synaptics-rmi4 - avoid processing unknown IRQs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
cfg80211: wext: avoid copying malformed SSIDs
mac80211: Reject malformed SSID elements
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store()
fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
scsi: zfcp: fix reaction on bit error threshold notification
mm/slub: fix a deadlock in show_slab_objects()
mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
parisc: Fix vmap memory leak in ioremap()/iounmap()
CIFS: avoid using MID 0xFFFF
x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
pinctrl: armada-37xx: fix control of pins 32 and up
pinctrl: armada-37xx: swap polarity on LED group
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
xen/netback: fix error path of xenvif_connect_data()
PCI: PM: Fix pci_power_up()
KVM: X86: introduce invalidate_gpa argument to tlb flush
kvm: vmx: Introduce lapic_mode enumeration
kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
kvm: vmx: Basic APIC virtualization controls have three settings
RDMA/cxgb4: Do not dma memory off of the stack
Linux 4.14.151
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
93b2755998 |
This is the 4.14.151 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl239a0ACgkQONu9yGCS
aT6hEw//Rlg3vjxO79bglvQA+2BUCXk8EDadSzV26UlQ/7qrB3K00yj0iyCmhNOP
ef6HIFvT8XfH2O/K5s155bhnboTv1S6ElXDBTM1gN6OAZq9++/cNprdlHZXZaWh/
yM8eZ+/tThnjHXfJ36LrK3Zam1k54otiX8BFxKrLZ8o67/Pk86SgXAHTJiGVS/Bm
WtBIjTdkVOf1OEq8Pg8lV6+iP6d9AYakrRshFOCxMh6tEPDqHBc3GIkVxa9D6+u2
GBoKiVfky83xeCh73mkehYFs+Tt2Zz1rVthLrgLmPo0Y6Ia9PpZE4CcKQZMbs/tO
vmMyoQQ4rw9cRtZKrQMmVekwTdC/w1loG/VaFA6F/1h4qBmnJKSr56Xi37JtJkcy
kfnnNw7jlbGBgWnbFlZAp8MDdxXf6bDpKWRusVgB/qr36uQ8RL1cWyCFPOTsodXQ
FlyU8mmMDfDogI32n6jYB1vTZlxpwc0drT6PxvCyt2pT+T05lz6EUTSyxQ/cUZtt
1YWNTEU5QwWcqGNOPxSGmS5Qu7vPO4wAe8OvgDAAE15ticQxxpp5p7IuuOlT/YkI
BNranSqyjiAOYGjSImcDqvaeYVcRh5fxIPibYEMkl4lB6w3kObtwUWAp1HZ+ZKOW
qcs8tjvzIiWknI7DPcJn+VcpdutKFa7BEWD0LAc88NU5EXPiDP0=
=4WBX
-----END PGP SIGNATURE-----
Merge 4.14.151 into android-4.14-q
Changes in 4.14.151
scsi: ufs: skip shutdown if hba is not powered
scsi: megaraid: disable device when probe failed after enabled device
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
ieee802154: ca8210: prevent memory leak
ARM: dts: am4372: Set memory bandwidth limit for DISPC
net: dsa: qca8k: Use up to 7 ports for all operations
MIPS: dts: ar9331: fix interrupt-controller size
xen/efi: Set nonblocking callbacks
nl80211: fix null pointer dereference
mac80211: fix txq null pointer dereference
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
r8152: Set macpassthru in reset_resume callback
namespace: fix namespace.pl script to support relative paths
md/raid0: fix warning message for parameter default_layout
Revert "drm/radeon: Fix EEH during kexec"
ocfs2: fix panic due to ocfs2_wq is null
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: i82596: fix dma_alloc_attr for sni_82596
net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
sctp: change sctp_prot .no_autobind with true
net: avoid potential infinite loop in tc_ctl_action()
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
memfd: Fix locking when tagging pins
USB: legousbtower: fix memleak on disconnect
ALSA: hda/realtek - Add support for ALC711
usb: udc: lpc32xx: fix bad bit shift operation
USB: serial: ti_usb_3410_5052: fix port-close races
USB: ldusb: fix memleak on disconnect
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix read info leaks
arm64: sysreg: Move to use definitions for all the SCTLR bits
arm64: Expose support for optional ARMv8-A features
arm64: Fix the feature type for ID register fields
arm64: v8.4: Support for new floating point multiplication instructions
arm64: Documentation: cpu-feature-registers: Remove RES0 fields
arm64: Expose Arm v8.4 features
arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h>
arm64: add PSR_AA32_* definitions
arm64: Introduce sysreg_clear_set()
arm64: capabilities: Update prototype for enable call back
arm64: capabilities: Move errata work around check on boot CPU
arm64: capabilities: Move errata processing code
arm64: capabilities: Prepare for fine grained capabilities
arm64: capabilities: Add flags to handle the conflicts on late CPU
arm64: capabilities: Unify the verification
arm64: capabilities: Filter the entries based on a given mask
arm64: capabilities: Prepare for grouping features and errata work arounds
arm64: capabilities: Split the processing of errata work arounds
arm64: capabilities: Allow features based on local CPU scope
arm64: capabilities: Group handling of features and errata workarounds
arm64: capabilities: Introduce weak features based on local CPU
arm64: capabilities: Restrict KPTI detection to boot-time CPUs
arm64: capabilities: Add support for features enabled early
arm64: capabilities: Change scope of VHE to Boot CPU feature
arm64: capabilities: Clean up midr range helpers
arm64: Add helpers for checking CPU MIDR against a range
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
arm64: capabilities: Add support for checks based on a list of MIDRs
arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening
arm64: don't zero DIT on signal return
arm64: Get rid of __smccc_workaround_1_hvc_*
arm64: cpufeature: Detect SSBS and advertise to userspace
arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3
KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe
arm64: fix SSBS sanitization
arm64: Add sysfs vulnerability show for spectre-v1
arm64: add sysfs vulnerability show for meltdown
arm64: enable generic CPU vulnerabilites support
arm64: Always enable ssb vulnerability detection
arm64: Provide a command line to disable spectre_v2 mitigation
arm64: Advertise mitigation of Spectre-v2, or lack thereof
arm64: Always enable spectre-v2 vulnerability detection
arm64: add sysfs vulnerability show for spectre-v2
arm64: add sysfs vulnerability show for speculative store bypass
arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB
arm64: Force SSBS on context switch
arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
arm64/speculation: Support 'mitigations=' cmdline option
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
scsi: sd: Ignore a failure to sync cache due to lack of authorization
scsi: core: save/restore command resid for error handling
scsi: core: try to get module before removing device
scsi: ch: Make it possible to open a ch device multiple times again
Input: da9063 - fix capability and drop KEY_SLEEP
Input: synaptics-rmi4 - avoid processing unknown IRQs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
cfg80211: wext: avoid copying malformed SSIDs
mac80211: Reject malformed SSID elements
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store()
fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
scsi: zfcp: fix reaction on bit error threshold notification
mm/slub: fix a deadlock in show_slab_objects()
mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
parisc: Fix vmap memory leak in ioremap()/iounmap()
CIFS: avoid using MID 0xFFFF
x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
pinctrl: armada-37xx: fix control of pins 32 and up
pinctrl: armada-37xx: swap polarity on LED group
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
xen/netback: fix error path of xenvif_connect_data()
PCI: PM: Fix pci_power_up()
KVM: X86: introduce invalidate_gpa argument to tlb flush
kvm: vmx: Introduce lapic_mode enumeration
kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
kvm: vmx: Basic APIC virtualization controls have three settings
RDMA/cxgb4: Do not dma memory off of the stack
Linux 4.14.151
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Johan Hovold
|
312ab599be |
USB: ldusb: fix read info leaks
commit 7a6f22d7479b7a0b68eadd308a997dd64dda7dae upstream.
Fix broken read implementation, which could be used to trigger slab info
leaks.
The driver failed to check if the custom ring buffer was still empty
when waking up after having waited for more data. This would happen on
every interrupt-in completion, even if no data had been added to the
ring buffer (e.g. on disconnect events).
Due to missing sanity checks and uninitialised (kmalloced) ring-buffer
entries, this meant that huge slab info leaks could easily be triggered.
Note that the empty-buffer check after wakeup is enough to fix the info
leak on disconnect, but let's clear the buffer on allocation and add a
sanity check to read() to prevent further leaks.
Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Cc: stable <stable@vger.kernel.org> # 2.6.13
Reported-by: syzbot+6fe95b826644f7f12b0b@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191018151955.25135-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
8a927cbaf3 |
USB: ldusb: fix memleak on disconnect
commit b14a39048c1156cfee76228bf449852da2f14df8 upstream.
If disconnect() races with release() after a process has been
interrupted, release() could end up returning early and the driver would
fail to free its driver data.
Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Cc: stable <stable@vger.kernel.org> # 2.6.13
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191010125835.27031-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
ddc87ec691 |
USB: legousbtower: fix memleak on disconnect
commit b6c03e5f7b463efcafd1ce141bd5a8fc4e583ae2 upstream.
If disconnect() races with release() after a process has been
interrupted, release() could end up returning early and the driver would
fail to free its driver data.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191010125835.27031-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
qctecmdr
|
7a038b2c37 | Merge "usb: misc: diag_bridge: Clean the driver to fix races" | ||
|
Blagovest Kolenichev
|
e084176fb3 |
Merge android-4.14-q.150 (80f767f) into msm-4.14
* refs/heads/tmp-80f767f:
Revert "sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()"
Linux 4.14.150
xfs: clear sb->s_fs_info on mount failure
x86/asm: Fix MWAITX C-state hint value
tracing: Get trace_array reference for available_tracers files
ftrace: Get a reference counter for the trace_array on filter files
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
tracing/hwlat: Report total time spent in all NMIs during the sample
media: stkwebcam: fix runtime PM after driver unbind
Fix the locking in dcache_readdir() and friends
MIPS: Disable Loongson MMI instructions for kernel build
NFS: Fix O_DIRECT accounting of number of bytes read/written
btrfs: fix incorrect updating of log root tree
iio: adc: hx711: fix bug in sampling of data
iio: hx711: add delay until DOUT is ready
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
firmware: google: increment VPD key_len properly
kernel/sysctl.c: do not override max_threads provided by userspace
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
CIFS: Force revalidate inode when dentry is stale
CIFS: Gracefully handle QueryInfo errors during open
perf inject jit: Fix JIT_CODE_MOVE filename
perf llvm: Don't access out-of-scope array
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
iio: light: opt3001: fix mutex unlock race
iio: adc: axp288: Override TS pin bias current for some models
iio: adc: ad799x: fix probe error handling
staging: vt6655: Fix memory leak in vt6655_probe
USB: legousbtower: fix use-after-free on release
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix slab info leak at probe
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
USB: dummy-hcd: fix power budget for SuperSpeed mode
USB: microtek: fix info-leak at probe
USB: usblcd: fix I/O after disconnect
USB: serial: fix runtime PM after driver unbind
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: option: add Telit FN980 compositions
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: keyspan: fix NULL-derefs on open() and write()
serial: uartlite: fix exit path null pointer
USB: ldusb: fix NULL-derefs on driver unbind
USB: chaoskey: fix use-after-free on release
USB: usblp: fix runtime PM after driver unbind
USB: iowarrior: fix use-after-free after driver unbind
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: adutux: fix use-after-free on release
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on disconnect
USB: adutux: remove redundant variable minor
xhci: Increase STS_SAVE timeout in xhci_suspend()
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Check all endpoints for LPM timeout
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Fix false warning message about wrong bounce buffer write length
USB: usb-skeleton: fix NULL-deref on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: yurex: fix NULL-derefs on disconnect
USB: yurex: Don't retry on unexpected errors
USB: rio500: Remove Rio 500 kernel driver
f2fs: use EINVAL for superblock with invalid magic
panic: ensure preemption is disabled during panic()
Linux 4.14.149
ASoC: sgtl5000: Improve VAG power and mute control
nl80211: validate beacon head
cfg80211: Use const more consistently in for_each_element macros
cfg80211: add and use strongly typed element iteration macros
coresight: etm4x: Use explicit barriers on enable/disable
vfs: Fix EOVERFLOW testing in put_compat_statfs64
perf stat: Reset previous counts on repeat with interval
perf stat: Fix a segmentation fault when using repeat forever
perf tools: Fix segfault in cpu_cache_level__read()
tick: broadcast-hrtimer: Fix a race in bc_set_next
tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt()
nbd: fix max number of supported devs
block/ndb: add WQ_UNBOUND to the knbd-recv workqueue
nbd: fix crash when the blksize is zero
KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP
perf unwind: Fix libunwind build failure on i386 systems
kernel/elfcore.c: include proper prototypes
perf build: Add detection of java-11-openjdk-devel package
sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
fuse: fix memleak in cuse_channel_open
thermal: Fix use-after-free when unregistering thermal zone device
pwm: stm32-lp: Add check in case requested period cannot be achieved
pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors
drm/amdgpu: Check for valid number of registers to read
netfilter: nf_tables: allow lookups in dynamic sets
watchdog: aspeed: Add support for AST2600
ceph: reconnect connection if session hang in opening state
ceph: fix directories inode i_blkbits initialization
xen/pci: reserve MCFG areas earlier
9p: avoid attaching writeback_fid on mmap with type PRIVATE
fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
ima: always return negative code for error
cfg80211: initialize on-stack chandefs
ieee802154: atusb: fix use-after-free at disconnect
xen/xenbus: fix self-deadlock after killing user process
Revert "locking/pvqspinlock: Don't wait if vCPU is preempted"
mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence
mmc: sdhci: improve ADMA error reporting
drm/omap: fix max fclk divider for omap36xx
watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
timer: Read jiffies once when forwarding base clk
usercopy: Avoid HIGHMEM pfn warning
crypto: caam - fix concurrency issue in givencrypt descriptor
crypto: cavium/zip - Add missing single_release()
crypto: skcipher - Unmap pages after an external error
crypto: qat - Silence smp_processor_id() warning
tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file
can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
powerpc/powernv: Restrict OPAL symbol map to only be readable by root
ASoC: Define a set of DAPM pre/post-up events
PM / devfreq: tegra: Fix kHz to Hz conversion
KVM: nVMX: handle page fault in vmread fix
KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9
s390/cio: exclude subchannels with no parent from pseudo check
s390/cio: avoid calling strlen on null pointer
s390/topology: avoid firing events before kobjs are created
KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
s390/process: avoid potential reading of freed stack
ANDROID: cuttlefish_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON
Conflicts:
drivers/mmc/host/sdhci.c
Change-Id: I53805f1005b1a59a1201a75d9f188a5c35a98df6
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
80f767f346 |
This is the 4.14.150 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2o0pUACgkQONu9yGCS
aT5cdQ//Vv+b8SkhsO69owJgaOfYMc6mvGeyeKf3LNa+kw2sLeHQZSsCCpg4BwBW
Zvu57SljQOZ2T/mdxO/RkYJSJul/ul4x54N4HORPo9IG90MRRqh9DO3s7kHhoUvE
xe3ps7npkQ39sLDr+4BgVMEyuodIt61Dym/igasjsKtA2VOJbFRN3gInURoNnyBo
z2aGfjj5fJgUl+jCW9dXb/usDBuJmOkwLuNG9PdqUbm4MLZIeX+mXxEg6yBW1lYJ
MtBO5q1giDPwwvNU12W3yAX4eP/sPfxNrh4cnPLcZ+s3uzTh1ZoHUgfkzLdpAlNS
xW/gvWcvqvCcoZ3bn0M7GJ7HYs0OqZVsfSlWmFI1zPPPMnNGE+ZfmJeywfnZEivA
rA36kA2Lh1GtlZUy6niJ804lc+JKPEZlNuXyCh2Lw7NO0DemEnruayM8CMm7/hYE
fNrJr2aicHA22Rm3I+BI2TCwn+oxItxHyyyooeBCv69SCHINMGTP095h6nesOJJv
Y0iZJQCrVOSY2MOxbLuZTGYZNb4DicrKmoqsbyL293/LIF+LzR8VGqIFN6kAsClx
Tavmq4S3m7eIygY27GgrVJZ1SfriZZTlrN3YpvRyu2m4a7QZr0M23be2pzzx4t3G
fXi8E/QsjLs16akHVu5obP9/t/K4lwEMbDaSvkawWqbGZsM4um0=
=8F3z
-----END PGP SIGNATURE-----
Merge 4.14.150 into android-4.14-q
Changes in 4.14.150
panic: ensure preemption is disabled during panic()
f2fs: use EINVAL for superblock with invalid magic
USB: rio500: Remove Rio 500 kernel driver
USB: yurex: Don't retry on unexpected errors
USB: yurex: fix NULL-derefs on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: usb-skeleton: fix NULL-deref on disconnect
xhci: Fix false warning message about wrong bounce buffer write length
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Check all endpoints for LPM timeout
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Increase STS_SAVE timeout in xhci_suspend()
USB: adutux: remove redundant variable minor
USB: adutux: fix use-after-free on disconnect
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free after driver unbind
USB: usblp: fix runtime PM after driver unbind
USB: chaoskey: fix use-after-free on release
USB: ldusb: fix NULL-derefs on driver unbind
serial: uartlite: fix exit path null pointer
USB: serial: keyspan: fix NULL-derefs on open() and write()
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: option: add Telit FN980 compositions
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: fix runtime PM after driver unbind
USB: usblcd: fix I/O after disconnect
USB: microtek: fix info-leak at probe
USB: dummy-hcd: fix power budget for SuperSpeed mode
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
USB: legousbtower: fix slab info leak at probe
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix use-after-free on release
staging: vt6655: Fix memory leak in vt6655_probe
iio: adc: ad799x: fix probe error handling
iio: adc: axp288: Override TS pin bias current for some models
iio: light: opt3001: fix mutex unlock race
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
perf llvm: Don't access out-of-scope array
perf inject jit: Fix JIT_CODE_MOVE filename
CIFS: Gracefully handle QueryInfo errors during open
CIFS: Force revalidate inode when dentry is stale
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
kernel/sysctl.c: do not override max_threads provided by userspace
firmware: google: increment VPD key_len properly
gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
iio: hx711: add delay until DOUT is ready
iio: adc: hx711: fix bug in sampling of data
btrfs: fix incorrect updating of log root tree
NFS: Fix O_DIRECT accounting of number of bytes read/written
MIPS: Disable Loongson MMI instructions for kernel build
Fix the locking in dcache_readdir() and friends
media: stkwebcam: fix runtime PM after driver unbind
tracing/hwlat: Report total time spent in all NMIs during the sample
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
ftrace: Get a reference counter for the trace_array on filter files
tracing: Get trace_array reference for available_tracers files
x86/asm: Fix MWAITX C-state hint value
xfs: clear sb->s_fs_info on mount failure
Linux 4.14.150
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
234de92896 |
This is the 4.14.150 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2o0pUACgkQONu9yGCS
aT5cdQ//Vv+b8SkhsO69owJgaOfYMc6mvGeyeKf3LNa+kw2sLeHQZSsCCpg4BwBW
Zvu57SljQOZ2T/mdxO/RkYJSJul/ul4x54N4HORPo9IG90MRRqh9DO3s7kHhoUvE
xe3ps7npkQ39sLDr+4BgVMEyuodIt61Dym/igasjsKtA2VOJbFRN3gInURoNnyBo
z2aGfjj5fJgUl+jCW9dXb/usDBuJmOkwLuNG9PdqUbm4MLZIeX+mXxEg6yBW1lYJ
MtBO5q1giDPwwvNU12W3yAX4eP/sPfxNrh4cnPLcZ+s3uzTh1ZoHUgfkzLdpAlNS
xW/gvWcvqvCcoZ3bn0M7GJ7HYs0OqZVsfSlWmFI1zPPPMnNGE+ZfmJeywfnZEivA
rA36kA2Lh1GtlZUy6niJ804lc+JKPEZlNuXyCh2Lw7NO0DemEnruayM8CMm7/hYE
fNrJr2aicHA22Rm3I+BI2TCwn+oxItxHyyyooeBCv69SCHINMGTP095h6nesOJJv
Y0iZJQCrVOSY2MOxbLuZTGYZNb4DicrKmoqsbyL293/LIF+LzR8VGqIFN6kAsClx
Tavmq4S3m7eIygY27GgrVJZ1SfriZZTlrN3YpvRyu2m4a7QZr0M23be2pzzx4t3G
fXi8E/QsjLs16akHVu5obP9/t/K4lwEMbDaSvkawWqbGZsM4um0=
=8F3z
-----END PGP SIGNATURE-----
Merge 4.14.150 into android-4.14
Changes in 4.14.150
panic: ensure preemption is disabled during panic()
f2fs: use EINVAL for superblock with invalid magic
USB: rio500: Remove Rio 500 kernel driver
USB: yurex: Don't retry on unexpected errors
USB: yurex: fix NULL-derefs on disconnect
USB: usb-skeleton: fix runtime PM after driver unbind
USB: usb-skeleton: fix NULL-deref on disconnect
xhci: Fix false warning message about wrong bounce buffer write length
xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
xhci: Check all endpoints for LPM timeout
usb: xhci: wait for CNR controller not ready bit in xhci resume
xhci: Increase STS_SAVE timeout in xhci_suspend()
USB: adutux: remove redundant variable minor
USB: adutux: fix use-after-free on disconnect
USB: adutux: fix NULL-derefs on disconnect
USB: adutux: fix use-after-free on release
USB: iowarrior: fix use-after-free on disconnect
USB: iowarrior: fix use-after-free on release
USB: iowarrior: fix use-after-free after driver unbind
USB: usblp: fix runtime PM after driver unbind
USB: chaoskey: fix use-after-free on release
USB: ldusb: fix NULL-derefs on driver unbind
serial: uartlite: fix exit path null pointer
USB: serial: keyspan: fix NULL-derefs on open() and write()
USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
USB: serial: option: add Telit FN980 compositions
USB: serial: option: add support for Cinterion CLS8 devices
USB: serial: fix runtime PM after driver unbind
USB: usblcd: fix I/O after disconnect
USB: microtek: fix info-leak at probe
USB: dummy-hcd: fix power budget for SuperSpeed mode
usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
USB: legousbtower: fix slab info leak at probe
USB: legousbtower: fix deadlock on disconnect
USB: legousbtower: fix potential NULL-deref on disconnect
USB: legousbtower: fix open after failed reset request
USB: legousbtower: fix use-after-free on release
staging: vt6655: Fix memory leak in vt6655_probe
iio: adc: ad799x: fix probe error handling
iio: adc: axp288: Override TS pin bias current for some models
iio: light: opt3001: fix mutex unlock race
efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
perf llvm: Don't access out-of-scope array
perf inject jit: Fix JIT_CODE_MOVE filename
CIFS: Gracefully handle QueryInfo errors during open
CIFS: Force revalidate inode when dentry is stale
CIFS: Force reval dentry if LOOKUP_REVAL flag is set
kernel/sysctl.c: do not override max_threads provided by userspace
firmware: google: increment VPD key_len properly
gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
iio: hx711: add delay until DOUT is ready
iio: adc: hx711: fix bug in sampling of data
btrfs: fix incorrect updating of log root tree
NFS: Fix O_DIRECT accounting of number of bytes read/written
MIPS: Disable Loongson MMI instructions for kernel build
Fix the locking in dcache_readdir() and friends
media: stkwebcam: fix runtime PM after driver unbind
tracing/hwlat: Report total time spent in all NMIs during the sample
tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
ftrace: Get a reference counter for the trace_array on filter files
tracing: Get trace_array reference for available_tracers files
x86/asm: Fix MWAITX C-state hint value
xfs: clear sb->s_fs_info on mount failure
Linux 4.14.150
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Johan Hovold
|
5f5264e0d7 |
USB: legousbtower: fix use-after-free on release
commit 726b55d0e22ca72c69c947af87785c830289ddbc upstream.
The driver was accessing its struct usb_device in its release()
callback without holding a reference. This would lead to a
use-after-free whenever the device was disconnected while the character
device was still open.
Fixes: fef526cae700 ("USB: legousbtower: remove custom debug macro")
Cc: stable <stable@vger.kernel.org> # 3.12
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191009153848.8664-5-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
2f24387c1d |
USB: legousbtower: fix open after failed reset request
commit 0b074f6986751361ff442bc1127c1648567aa8d6 upstream.
The driver would return with a nonzero open count in case the reset
control request failed. This would prevent any further attempts to open
the char dev until the device was disconnected.
Fix this by incrementing the open count only on successful open.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Johan Hovold <johan@kernel.org>
Cc: stable <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20190919083039.30898-5-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
32031fc6c6 |
USB: legousbtower: fix potential NULL-deref on disconnect
commit cd81e6fa8e033e7bcd59415b4a65672b4780030b upstream.
The driver is using its struct usb_device pointer as an inverted
disconnected flag, but was setting it to NULL before making sure all
completion handlers had run. This could lead to a NULL-pointer
dereference in a number of dev_dbg and dev_err statements in the
completion handlers which relies on said pointer.
Fix this by unconditionally stopping all I/O and preventing
resubmissions by poisoning the interrupt URBs at disconnect and using a
dedicated disconnected flag.
This also makes sure that all I/O has completed by the time the
disconnect callback returns.
Fixes: 9d974b2a06e3 ("USB: legousbtower.c: remove err() usage")
Fixes: fef526cae700 ("USB: legousbtower: remove custom debug macro")
Fixes: 4dae99638097 ("USB: legotower: remove custom debug macro and module parameter")
Cc: stable <stable@vger.kernel.org> # 3.5
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20190919083039.30898-4-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
9907054768 |
USB: legousbtower: fix deadlock on disconnect
commit 33a7813219f208f4952ece60ee255fd983272dec upstream.
Fix a potential deadlock if disconnect races with open.
Since commit d4ead16f50f9 ("USB: prevent char device open/deregister
race") core holds an rw-semaphore while open is called and when
releasing the minor number during deregistration. This can lead to an
ABBA deadlock if a driver takes a lock in open which it also holds
during deregistration.
This effectively reverts commit 78663ecc344b ("USB: disconnect open race
in legousbtower") which needlessly introduced this issue after a generic
fix for this race had been added to core by commit d4ead16f50f9 ("USB:
prevent char device open/deregister race").
Fixes: 78663ecc344b ("USB: disconnect open race in legousbtower")
Cc: stable <stable@vger.kernel.org> # 2.6.24
Reported-by: syzbot+f9549f5ee8a5416f0b95@syzkaller.appspotmail.com
Tested-by: syzbot+f9549f5ee8a5416f0b95@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20190919083039.30898-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
b076bfe2c9 |
USB: legousbtower: fix slab info leak at probe
commit 1d427be4a39defadda6dd8f4659bc17f7591740f upstream.
Make sure to check for short transfers when retrieving the version
information at probe to avoid leaking uninitialised slab data when
logging it.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20190919083039.30898-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
b8b557e265 |
USB: usblcd: fix I/O after disconnect
commit eb7f5a490c5edfe8126f64bc58b9ba2edef0a425 upstream.
Make sure to stop all I/O on disconnect by adding a disconnected flag
which is used to prevent new I/O from being started and by stopping all
ongoing I/O before returning.
This also fixes a potential use-after-free on driver unbind in case the
driver data is freed before the completion handler has run.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable <stable@vger.kernel.org> # 7bbe990c989e
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20190926091228.24634-7-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
91f0c64462 |
USB: ldusb: fix NULL-derefs on driver unbind
commit 58ecf131e74620305175a7aa103f81350bb37570 upstream.
The driver was using its struct usb_interface pointer as an inverted
disconnected flag, but was setting it to NULL before making sure all
completion handlers had run. This could lead to a NULL-pointer
dereference in a number of dev_dbg, dev_warn and dev_err statements in
the completion handlers which relies on said pointer.
Fix this by unconditionally stopping all I/O and preventing
resubmissions by poisoning the interrupt URBs at disconnect and using a
dedicated disconnected flag.
This also makes sure that all I/O has completed by the time the
disconnect callback returns.
Fixes: 2824bd250f0b ("[PATCH] USB: add ldusb driver")
Cc: stable <stable@vger.kernel.org> # 2.6.13
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191009153848.8664-4-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
5538ce03cf |
USB: chaoskey: fix use-after-free on release
commit 93ddb1f56ae102f14f9e46a9a9c8017faa970003 upstream.
The driver was accessing its struct usb_interface in its release()
callback without holding a reference. This would lead to a
use-after-free whenever the device was disconnected while the character
device was still open.
Fixes: 66e3e591891d ("usb: Add driver for Altus Metrum ChaosKey device (v2)")
Cc: stable <stable@vger.kernel.org> # 4.1
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191009153848.8664-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
3bb806225e |
USB: iowarrior: fix use-after-free after driver unbind
commit b5f8d46867ca233d773408ffbe691a8062ed718f upstream.
Make sure to stop also the asynchronous write URBs on disconnect() to
avoid use-after-free in the completion handler after driver unbind.
Fixes: 946b960d13c1 ("USB: add driver for iowarrior devices.")
Cc: stable <stable@vger.kernel.org> # 2.6.21: 51a2f077c44e ("USB: introduce usb_anchor")
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191009104846.5925-4-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
546578f69d |
USB: iowarrior: fix use-after-free on release
commit 80cd5479b525093a56ef768553045741af61b250 upstream.
The driver was accessing its struct usb_interface from its release()
callback without holding a reference. This would lead to a
use-after-free whenever debugging was enabled and the device was
disconnected while its character device was open.
Fixes: 549e83500b80 ("USB: iowarrior: Convert local dbg macro to dev_dbg")
Cc: stable <stable@vger.kernel.org> # 3.16
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191009104846.5925-3-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
10b0e388a1 |
USB: iowarrior: fix use-after-free on disconnect
commit edc4746f253d907d048de680a621e121517f484b upstream.
A recent fix addressing a deadlock on disconnect introduced a new bug
by moving the present flag out of the critical section protected by the
driver-data mutex. This could lead to a racing release() freeing the
driver data before disconnect() is done with it.
Due to insufficient locking a related use-after-free could be triggered
also before the above mentioned commit. Specifically, the driver needs
to hold the driver-data mutex also while checking the opened flag at
disconnect().
Fixes: c468a8aa790e ("usb: iowarrior: fix deadlock on disconnect")
Fixes: 946b960d13c1 ("USB: add driver for iowarrior devices.")
Cc: stable <stable@vger.kernel.org> # 2.6.21
Reported-by: syzbot+0761012cebf7bdb38137@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191009104846.5925-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
b04c5f3fb8 |
USB: adutux: fix use-after-free on release
commit 123a0f125fa3d2104043697baa62899d9e549272 upstream.
The driver was accessing its struct usb_device in its release()
callback without holding a reference. This would lead to a
use-after-free whenever the device was disconnected while the character
device was still open.
Fixes: 66d4bc30d128 ("USB: adutux: remove custom debug macro")
Cc: stable <stable@vger.kernel.org> # 3.12
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191009153848.8664-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
05a491a8b6 |
USB: adutux: fix NULL-derefs on disconnect
commit b2fa7baee744fde746c17bc1860b9c6f5c2eebb7 upstream.
The driver was using its struct usb_device pointer as an inverted
disconnected flag, but was setting it to NULL before making sure all
completion handlers had run. This could lead to a NULL-pointer
dereference in a number of dev_dbg statements in the completion handlers
which relies on said pointer.
The pointer was also dereferenced unconditionally in a dev_dbg statement
release() something which would lead to a NULL-deref whenever a device
was disconnected before the final character-device close if debugging
was enabled.
Fix this by unconditionally stopping all I/O and preventing
resubmissions by poisoning the interrupt URBs at disconnect and using a
dedicated disconnected flag.
This also makes sure that all I/O has completed by the time the
disconnect callback returns.
Fixes: 1ef37c6047fe ("USB: adutux: remove custom debug macro and module parameter")
Fixes: 66d4bc30d128 ("USB: adutux: remove custom debug macro")
Cc: stable <stable@vger.kernel.org> # 3.12
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20190925092913.8608-2-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Johan Hovold
|
b074263b69 |
USB: adutux: fix use-after-free on disconnect
commit 44efc269db7929f6275a1fa927ef082e533ecde0 upstream.
The driver was clearing its struct usb_device pointer, which it used as
an inverted disconnected flag, before deregistering the character device
and without serialising against racing release().
This could lead to a use-after-free if a racing release() callback
observes the cleared pointer and frees the driver data before
disconnect() is finished with it.
This could also lead to NULL-pointer dereferences in a racing open().
Fixes: f08812d5eb8f ("USB: FIx locks and urb->status in adutux (updated)")
Cc: stable <stable@vger.kernel.org> # 2.6.24
Reported-by: syzbot+0243cb250a51eeefb8cc@syzkaller.appspotmail.com
Tested-by: syzbot+0243cb250a51eeefb8cc@syzkaller.appspotmail.com
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20190925092913.8608-1-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Colin Ian King
|
38ce8792c0 |
USB: adutux: remove redundant variable minor
commit 8444efc4a052332d643ed5c8aebcca148c7de032 upstream. Variable minor is being assigned but never read, hence it is redundant and can be removed. Cleans up clang warning: drivers/usb/misc/adutux.c:770:2: warning: Value stored to 'minor' is never read Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Johan Hovold
|
b81a410f13 |
USB: yurex: fix NULL-derefs on disconnect
commit aafb00a977cf7d81821f7c9d12e04c558c22dc3c upstream.
The driver was using its struct usb_interface pointer as an inverted
disconnected flag, but was setting it to NULL without making sure all
code paths that used it were done with it.
Before commit ef61eb43ada6 ("USB: yurex: Fix protection fault after
device removal") this included the interrupt-in completion handler, but
there are further accesses in dev_err and dev_dbg statements in
yurex_write() and the driver-data destructor (sic!).
Fix this by unconditionally stopping also the control URB at disconnect
and by using a dedicated disconnected flag.
Note that we need to take a reference to the struct usb_interface to
avoid a use-after-free in the destructor whenever the device was
disconnected while the character device was still open.
Fixes: aadd6472d904 ("USB: yurex.c: remove dbg() usage")
Fixes: 45714104b9e8 ("USB: yurex.c: remove err() usage")
Cc: stable <stable@vger.kernel.org> # 3.5: ef61eb43ada6
Signed-off-by: Johan Hovold <johan@kernel.org>
Link: https://lore.kernel.org/r/20191009153848.8664-6-johan@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Alan Stern
|
e3dcbbe538 |
USB: yurex: Don't retry on unexpected errors
commit 32a0721c6620b77504916dac0cea8ad497c4878a upstream. According to Greg KH, it has been generally agreed that when a USB driver encounters an unknown error (or one it can't handle directly), it should just give up instead of going into a potentially infinite retry loop. The three codes -EPROTO, -EILSEQ, and -ETIME fall into this category. They can be caused by bus errors such as packet loss or corruption, attempting to communicate with a disconnected device, or by malicious firmware. Nowadays the extent of packet loss or corruption is negligible, so it should be safe for a driver to give up whenever one of these errors occurs. Although the yurex driver handles -EILSEQ errors in this way, it doesn't do the same for -EPROTO (as discovered by the syzbot fuzzer) or other unrecognized errors. This patch adjusts the driver so that it doesn't log an error message for -EPROTO or -ETIME, and it doesn't retry after any errors. Reported-and-tested-by: syzbot+b24d736f18a1541ad550@syzkaller.appspotmail.com Signed-off-by: Alan Stern <stern@rowland.harvard.edu> CC: Tomoki Sekiyama <tomoki.sekiyama@gmail.com> CC: <stable@vger.kernel.org> Link: https://lore.kernel.org/r/Pine.LNX.4.44L0.1909171245410.1590-100000@iolanthe.rowland.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Bastien Nocera
|
63469e0ab7 |
USB: rio500: Remove Rio 500 kernel driver
commit 015664d15270a112c2371d812f03f7c579b35a73 upstream.
The Rio500 kernel driver has not been used by Rio500 owners since 2001
not long after the rio500 project added support for a user-space USB stack
through the very first versions of usbdevfs and then libusb.
Support for the kernel driver was removed from the upstream utilities
in 2008:
|