mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
3893 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bram Bonné
|
32d7afd147 |
ANDROID: selinux: modify RTM_GETNEIGH{TBL}
Map the permission gating RTM_GETNEIGH/RTM_GETNEIGHTBL messages to a
new permission so that it can be distinguished from the other netlink
route permissions in selinux policy. The new permission is triggered by
a flag set in system images T and up.
This change is intended to be backported to all kernels that a T system
image can run on top of.
Bug: 171572148
Test: atest NetworkInterfaceTest
Test: atest CtsSelinuxTargetSdkCurrentTestCases
Test: atest bionic-unit-tests-static
Test: On Cuttlefish, run combinations of:
- Policy bit set or omitted (see https://r.android.com/1701847)
- This patch applied or omitted
- App having nlmsg_readneigh permission or not
Verify that only the combination of this patch + the policy bit being
set + the app not having the nlmsg_readneigh permission prevents the
app from sending RTM_GETNEIGH messages.
Change-Id: I4bcfce4decb34ea9388eeedfc4be67403de8a980
Signed-off-by: Bram Bonné <brambonne@google.com>
(cherry picked from commit fac07550bdac9adea0dbe3edbdbec7a9a690a178)
|
||
Jeff Vander Stoep
|
69fc6c9bcf |
Revert "ANDROID: security,perf: Allow further restriction of perf_event_open"
Unfork Android. This reverts commit 8e5e42d5ae20f0324170d01ccf374a1571e82d9b. Perf_event_paranoid=3 is no longer needed on Android. Access control of perf events is now done by selinux. See: https://patchwork.kernel.org/patch/11185793/. Bug: 120445712 Bug: 137092007 Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Change-Id: Iba493424174b30baff460caaa25a54a472c87bd4 Git-commit: 44a6aea9c219f55862776435b918c539855a9e69 Git-repo: https://android.googlesource.com/kernel/common/ Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
Greg Kroah-Hartman
|
22dc72c914 |
This is the 4.14.233 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmCozV0ACgkQONu9yGCS
aT7I5A//RQsNjicdh1s3L88qVPRbvaD7B4QzAW0Vd8qzAdkoBHeOT0Oqo23BII5d
cTHnujk4gMSoQ1/9xIh0/5znYWrPy/8CfJnzb2ZdfefW0of8v5pMXIW5l1v6BsBK
KkhBFWzSxzUTwmNK99nYvLSZ09kfQchdJgNd2+lYMGXXOHSqTgieyI550qRcimB6
a7rBfsT7jisOUh4OvVui7gn1pI1p+gpQIo66/9b+6bY0Vq6aXK9/kgHKyVpPv9ND
xVj9pJNx43OZ3hJp+Ek2JtX6mAn3b2SyqelQdYaWG+WX4T3S60+OyIYPfGKPgOjX
VjovWh3XDeJDzOgN8UQ+eeLCWJMZROn8zUevsFR2JYFuHJW14rsV9z188Ick//BQ
oPEUc48aGfiijPK2VJ31NuhwhVqi6eLuP1wBlz6v4xaUKTs0PHCnJbe9NJV1zqqZ
Khmp2Tvr2X1mmRGIgalTfV+Jy8sZfW4GD26LoUoSDNLDYH7de+E1+VDnmQisbbaN
7mEbRko36PTBfls+4vfEh6oyhT1tJYdjfH86hPwiWMd005Pvg0RI0o0Ipxg+3lNz
38+ixmP0dCtWvCY9JsBdrKoTIoGZmJTIIPTrSktqnozvKC+GP8KjZMFj1vX0Udk8
LsHFczYs3el13XllhuHNIR+bym2Dwygzk/WUQpbyJ02ArD9RUtI=
=Qv2g
-----END PGP SIGNATURE-----
Merge 4.14.233 into android-4.14-stable
Changes in 4.14.233
usbip: vudc synchronize sysfs code paths
ACPI: tables: x86: Reserve memory occupied by ACPI tables
ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade()
bpf: Fix backport of "bpf: restrict unknown scalars of mixed signed bounds for unprivileged"
bpf: fix up selftests after backports were fixed
net: usb: ax88179_178a: initialize local variables before use
iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd()
MIPS: Introduce isa-rev.h to define MIPS_ISA_REV
MIPS: cpu-features.h: Replace __mips_isa_rev with MIPS_ISA_REV
mips: Do not include hi and lo in clobber list for R6
bpf: Fix masking negation logic upon negative dst register
iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_gen2_enqueue_hcmd()
ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX
USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
USB: Add reset-resume quirk for WD19's Realtek Hub
platform/x86: thinkpad_acpi: Correct thermal sensor allocation
s390/disassembler: increase ebpf disasm buffer size
ACPI: custom_method: fix potential use-after-free issue
ACPI: custom_method: fix a possible memory leak
arm64: dts: mt8173: fix property typo of 'phys' in dsi node
ecryptfs: fix kernel panic with null dev_name
spi: spi-ti-qspi: Free DMA resources
mmc: block: Update ext_csd.cache_ctrl if it was written
mmc: core: Do a power cycle when the CMD11 fails
mmc: core: Set read only for SD cards with permanent write protect bit
cifs: Return correct error code from smb2_get_enc_key
btrfs: fix metadata extent leak after failure to create subvolume
intel_th: pci: Add Rocket Lake CPU support
fbdev: zero-fill colormap in fbcmap.c
staging: wimax/i2400m: fix byte-order issue
crypto: api - check for ERR pointers in crypto_destroy_tfm()
usb: gadget: uvc: add bInterval checking for HS mode
usb: gadget: f_uac1: validate input parameters
usb: dwc3: gadget: Ignore EP queue requests during bus reset
usb: xhci: Fix port minor revision
PCI: PM: Do not read power state in pci_enable_device_flags()
x86/build: Propagate $(CLANG_FLAGS) to $(REALMODE_FLAGS)
tee: optee: do not check memref size on return from Secure World
perf/arm_pmu_platform: Fix error handling
spi: dln2: Fix reference leak to master
spi: omap-100k: Fix reference leak to master
intel_th: Consistency and off-by-one fix
phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s
scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
scsi: lpfc: Fix pt2pt connection does not recover after LOGO
scsi: target: pscsi: Fix warning in pscsi_complete_cmd()
media: ite-cir: check for receive overflow
power: supply: bq27xxx: fix power_avg for newer ICs
extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged
media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
media: gspca/sq905.c: fix uninitialized variable
power: supply: Use IRQF_ONESHOT
drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats()
scsi: qla2xxx: Fix use after free in bsg
scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
media: em28xx: fix memory leak
media: vivid: update EDID
clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return
power: supply: generic-adc-battery: fix possible use-after-free in gab_remove()
power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove()
media: adv7604: fix possible use-after-free in adv76xx_remove()
media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove()
media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
media: dvb-usb: fix memory leak in dvb_usb_adapter_init
media: gscpa/stv06xx: fix memory leak
drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
drm/amdgpu: fix NULL pointer dereference
scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response
scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic
scsi: libfc: Fix a format specifier
ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
ALSA: hda/conexant: Re-order CX5066 quirk table entries
ALSA: sb: Fix two use after free in snd_sb_qsound_build
btrfs: fix race when picking most recent mod log operation for an old root
arm64/vdso: Discard .note.gnu.property sections in vDSO
openvswitch: fix stack OOB read while fragmenting IPv4 packets
ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure
NFSv4: Don't discard segments marked for return in _pnfs_return_layout()
jffs2: Fix kasan slab-out-of-bounds problem
powerpc/eeh: Fix EEH handling for hugepages in ioremap space.
powerpc: fix EDEADLOCK redefinition error in uapi/asm/errno.h
intel_th: pci: Add Alder Lake-M support
md/raid1: properly indicate failure when ending a failed write request
security: commoncap: fix -Wstringop-overread warning
Fix misc new gcc warnings
jffs2: check the validity of dstlen in jffs2_zlib_compress()
Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op")
posix-timers: Preserve return value in clock_adjtime32()
ftrace: Handle commands when closing set_ftrace_filter file
ext4: fix check to prevent false positive report of incorrect used inodes
ext4: fix error code in ext4_commit_super
media: dvbdev: Fix memory leak in dvb_media_device_free()
usb: gadget: dummy_hcd: fix gpf in gadget_setup
usb: gadget: Fix double free of device descriptor pointers
usb: gadget/function/f_fs string table fix for multiple languages
usb: dwc3: gadget: Fix START_TRANSFER link state check
tracing: Map all PIDs to command lines
dm persistent data: packed struct should have an aligned() attribute too
dm space map common: fix division bug in sm_ll_find_free_block()
dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails
modules: mark ref_module static
modules: mark find_symbol static
modules: mark each_symbol_section static
modules: unexport __module_text_address
modules: unexport __module_address
modules: rename the licence field in struct symsearch to license
modules: return licensing information from find_symbol
modules: inherit TAINT_PROPRIETARY_MODULE
Bluetooth: verify AMP hci_chan before amp_destroy
hsr: use netdev_err() instead of WARN_ONCE()
bluetooth: eliminate the potential race condition when removing the HCI controller
net/nfc: fix use-after-free llcp_sock_bind/connect
MIPS: pci-rt2880: fix slot 0 configuration
FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
misc: lis3lv02d: Fix false-positive WARN on various HP models
misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct
misc: vmw_vmci: explicitly initialize vmci_datagram payload
tracing: Restructure trace_clock_global() to never block
md-cluster: fix use-after-free issue when removing rdev
md: split mddev_find
md: factor out a mddev_find_locked helper from mddev_find
md: md_open returns -EBUSY when entering racing area
ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
cfg80211: scan: drop entry from hidden_list on overflow
drm/radeon: fix copy of uninitialized variable back to userspace
ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
KVM: s390: split kvm_s390_logical_to_effective
KVM: s390: fix guarded storage control register handling
KVM: s390: split kvm_s390_real_to_abs
usb: gadget: pch_udc: Revert d3cb25a12138 completely
memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 family
ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250
ARM: dts: exynos: correct PMIC interrupt trigger level on Snow
serial: stm32: fix incorrect characters on console
serial: stm32: fix tx_empty condition
usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS
x86/microcode: Check for offline CPUs before requesting new microcode
usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits()
usb: gadget: pch_udc: Check if driver is present before calling ->setup()
usb: gadget: pch_udc: Check for DMA mapping error
crypto: qat - don't release uninitialized resources
crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init
fotg210-udc: Fix DMA on EP0 for length > max packet size
fotg210-udc: Fix EP0 IN requests bigger than two packets
fotg210-udc: Remove a dubious condition leading to fotg210_done
fotg210-udc: Mask GRP2 interrupts we don't handle
fotg210-udc: Don't DMA more than the buffer can take
fotg210-udc: Complete OUT requests on short packets
mtd: require write permissions for locking and badblock ioctls
bus: qcom: Put child node before return
phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally
crypto: qat - fix error path in adf_isr_resource_alloc()
USB: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR()
mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init
staging: rtl8192u: Fix potential infinite loop
staging: greybus: uart: fix unprivileged TIOCCSERIAL
spi: Fix use-after-free with devm_spi_alloc_*
soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
soc: qcom: mdt_loader: Detect truncated read of segments
ACPI: CPPC: Replace cppc_attr with kobj_attribute
crypto: qat - Fix a double free in adf_create_ring
usb: gadget: r8a66597: Add missing null check on return from platform_get_resource
USB: cdc-acm: fix unprivileged TIOCCSERIAL
tty: actually undefine superseded ASYNC flags
tty: fix return value for unsupported ioctls
firmware: qcom-scm: Fix QCOM_SCM configuration
platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table
x86/platform/uv: Fix !KEXEC build failure
Drivers: hv: vmbus: Increase wait time for VMbus unload
ttyprintk: Add TTY hangup callback.
media: vivid: fix assignment of dev->fbuf_out_flags
media: omap4iss: return error code when omap4iss_get() failed
media: m88rs6000t: avoid potential out-of-bounds reads on arrays
x86/kprobes: Fix to check non boostable prefixes correctly
pata_arasan_cf: fix IRQ check
pata_ipx4xx_cf: fix IRQ check
sata_mv: add IRQ checks
ata: libahci_platform: fix IRQ check
vfio/mdev: Do not allow a mdev_type to have a NULL parent pointer
clk: uniphier: Fix potential infinite loop
scsi: jazz_esp: Add IRQ check
scsi: sun3x_esp: Add IRQ check
scsi: sni_53c710: Add IRQ check
mfd: stm32-timers: Avoid clearing auto reload register
HSI: core: fix resource leaks in hsi_add_client_from_dt()
x86/events/amd/iommu: Fix sysfs type mismatch
HID: plantronics: Workaround for double volume key presses
perf symbols: Fix dso__fprintf_symbols_by_name() to return the number of printed chars
net: lapbether: Prevent racing when checking whether the netif is running
powerpc/prom: Mark identical_pvr_fixup as __init
powerpc: Fix HAVE_HARDLOCKUP_DETECTOR_ARCH build configuration
ALSA: core: remove redundant spin_lock pair in snd_card_disconnect
bug: Remove redundant condition check in report_bug
nfc: pn533: prevent potential memory corruption
ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls
liquidio: Fix unintented sign extension of a left shift of a u16
powerpc/perf: Fix PMU constraint check for EBB events
powerpc: iommu: fix build when neither PCI or IBMVIO is set
mac80211: bail out if cipher schemes are invalid
mt7601u: fix always true expression
IB/hfi1: Fix error return code in parse_platform_config()
net: thunderx: Fix unintentional sign extension issue
i2c: cadence: add IRQ check
i2c: emev2: add IRQ check
i2c: jz4780: add IRQ check
i2c: sh7760: add IRQ check
MIPS: pci-legacy: stop using of_pci_range_to_resource
powerpc/pseries: extract host bridge from pci_bus prior to bus removal
rtlwifi: 8821ae: upgrade PHY and RF parameters
i2c: sh7760: fix IRQ error path
mwl8k: Fix a double Free in mwl8k_probe_hw
vsock/vmci: log once the failed queue pair allocation
RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails
net: davinci_emac: Fix incorrect masking of tx and rx error channel
ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices
powerpc/52xx: Fix an invalid ASM expression ('addi' used instead of 'add')
net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
net:nfc:digital: Fix a double free in digital_tg_recv_dep_req
kfifo: fix ternary sign extension bugs
smp: Fix smp_call_function_single_async prototype
Revert "net/sctp: fix race condition in sctp_destroy_sock"
sctp: delay auto_asconf init until binding the first addr
Revert "of/fdt: Make sure no-map does not remove already reserved regions"
Revert "fdt: Properly handle "no-map" field in the memory region"
tpm: fix error return code in tpm2_get_cc_attrs_tbl()
fs: dlm: fix debugfs dump
tipc: convert dest node's address to network order
net: stmmac: Set FIFO sizes for ipq806x
ALSA: hdsp: don't disable if not enabled
ALSA: hdspm: don't disable if not enabled
ALSA: rme9652: don't disable if not enabled
Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
Bluetooth: initialize skb_queue_head at l2cap_chan_create()
Bluetooth: check for zapped sk before connecting
ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
mac80211: clear the beacon's CRC after channel switch
pinctrl: samsung: use 'int' for register masks in Exynos
cuse: prevent clone
selftests: Set CC to clang in lib.mk if LLVM is set
kconfig: nconf: stop endless search loops
sctp: Fix out-of-bounds warning in sctp_process_asconf_param()
powerpc/smp: Set numa node before updating mask
ASoC: rt286: Generalize support for ALC3263 codec
samples/bpf: Fix broken tracex1 due to kprobe argument change
powerpc/pseries: Stop calling printk in rtas_stop_self()
wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
powerpc/iommu: Annotate nested lock for lockdep
net: ethernet: mtk_eth_soc: fix RX VLAN offload
ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
f2fs: fix a redundant call to f2fs_balance_fs if an error occurs
PCI: Release OF node in pci_scan_device()'s error path
ARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook
rpmsg: qcom_glink_native: fix error return code of qcom_glink_rx_data()
NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
NFS: Deal correctly with attribute generation counter overflow
pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
NFSv4.2 fix handling of sr_eof in SEEK's reply
rtc: ds1307: Fix wday settings for rx8130
sctp: fix a SCTP_MIB_CURRESTAB leak in sctp_sf_do_dupcook_b
drm/radeon: Fix off-by-one power_state index heap overwrite
khugepaged: fix wrong result value for trace_mm_collapse_huge_page_isolate()
mm/hugeltb: handle the error case in hugetlb_fix_reserve_counts()
ksm: fix potential missing rmap_item for stable_node
net: fix nla_strcmp to handle more then one trailing null character
kernel: kexec_file: fix error return code of kexec_calculate_store_digests()
netfilter: nftables: avoid overflows in nft_hash_buckets()
ARC: entry: fix off-by-one error in syscall number validation
powerpc/64s: Fix crashes when toggling stf barrier
powerpc/64s: Fix crashes when toggling entry flush barrier
squashfs: fix divide error in calculate_skip()
userfaultfd: release page in error path to avoid BUG_ON
drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected
iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
usb: fotg210-hcd: Fix an error message
ACPI: scan: Fix a memory leak in an error handling path
blk-mq: Swap two calls in blk_mq_exit_queue()
usb: dwc3: omap: improve extcon initialization
usb: xhci: Increase timeout for HC halt
usb: dwc2: Fix gadget DMA unmap direction
usb: core: hub: fix race condition about TRSMRCY of resume
iio: gyro: mpu3050: Fix reported temperature value
iio: tsl2583: Fix division by a zero lux_val
KVM: x86: Cancel pvclock_gtod_work on module removal
FDDI: defxx: Make MMIO the configuration default except for EISA
MIPS: Reinstate platform `__div64_32' handler
MIPS: Avoid DIVU in `__div64_32' is result would be zero
MIPS: Avoid handcoded DIVU in `__div64_32' altogether
thermal/core/fair share: Lock the thermal zone while looping over instances
RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint
kobject_uevent: remove warning in init_uevent_argv()
netfilter: conntrack: Make global sysctls readonly in non-init netns
clk: exynos7: Mark aclk_fsys1_200 as critical
x86/msr: Fix wr/rdmsr_safe_regs_on_cpu() prototypes
kgdb: fix gcc-11 warning on indentation
usb: sl811-hcd: improve misleading indentation
cxgb4: Fix the -Wmisleading-indentation warning
isdn: capi: fix mismatched prototypes
PCI: thunder: Fix compile testing
ARM: 9066/1: ftrace: pause/unpause function graph tracer in cpu_suspend()
ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices
Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state
um: Mark all kernel symbols as local
ceph: fix fscache invalidation
gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
block: reexpand iov_iter after read/write
lib: stackdepot: turn depot_lock spinlock to raw_spinlock
serial: 8250: fix potential deadlock in rs485-mode
sit: proper dev_{hold|put} in ndo_[un]init methods
ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
xhci: Do not use GFP_KERNEL in (potentially) atomic context
ipv6: remove extra dev_hold() for fallback tunnels
Linux 4.14.233
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I09e88e1e302d475f2a39bf88438dea30fa97c848
|
||
Arnd Bergmann
|
c7de5dfbb8 |
security: commoncap: fix -Wstringop-overread warning
commit 82e5d8cc768b0c7b03c551a9ab1f8f3f68d5f83f upstream.
gcc-11 introdces a harmless warning for cap_inode_getsecurity:
security/commoncap.c: In function ‘cap_inode_getsecurity’:
security/commoncap.c:440:33: error: ‘memcpy’ reading 16 bytes from a region of size 0 [-Werror=stringop-overread]
440 | memcpy(&nscap->data, &cap->data, sizeof(__le32) * 2 * VFS_CAP_U32);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The problem here is that tmpbuf is initialized to NULL, so gcc assumes
it is not accessible unless it gets set by vfs_getxattr_alloc(). This is
a legitimate warning as far as I can tell, but the code is correct since
it correctly handles the error when that function fails.
Add a separate NULL check to tell gcc about it as well.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: James Morris <jamorris@linux.microsoft.com>
Cc: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
9da02745a1 |
This is the 4.14.226 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmBSIcgACgkQONu9yGCS
aT6mhBAAwIyqor49jFlFTa/witigPg9dQAcZ7HrtJdOldwv8BJZ4913mG5erHcuB
1kYPK70whNXjF4lmWgMhhaM3Gyhzfman7u9Z/nafOx9DyuRPeu85m//ZF2VGwvK+
qVDCBo7HvB0ecj7hno12hnV+H97IBkC5bTIjAnmjXeXsceUoseAD+gjHEFga8P68
cahBbYr6HKep53i7eNvv/WzVJH3Dyn5lD5SCEC1sHNAhoOix5lw0NSS7a/VoQ1x2
FO0rsvOAfjCP6cJoFi9whm7zzffEWpGHfcJMRwxyJu5CTSJtQdgqNOhtF4/sVm//
mdBecMuAvrfMgDECmpCF3ibU+UpTdzoBT+mHgdp8XTYclRTdzW4Kj3aUC58azv9G
SLkih49V1rgG3AWYeYRWrbfM/P51wOPNtJszG+32a2dWkSkapLiD+0y8cZMYukrj
QFnjWFdNtzehTd3cUrts2a8+JNHySBHEHa9zv3TIjiHKjBzWxoK+dTxGA3aZfBTx
ZSxI9lM+2ZjrEk50Mba2TvTAA8a/6nGE3zLjTpP5WgHjZS8KEISPYrz8K/SlC5gt
lGgucKscFRl/8BU/JhJaJFBOJz0uYW6LYfenbxWzUI8nwoSX4mQHDoip4+QmL0wT
GZbwmWzyWgPPnOdV7lA19CQCJk0YgP2tjxVKLknt4BoZJp89Hjw=
=tPXj
-----END PGP SIGNATURE-----
Merge 4.14.226 into android-4.14-stable
Changes in 4.14.226
uapi: nfnetlink_cthelper.h: fix userspace compilation error
ethernet: alx: fix order of calls on resume
ath9k: fix transmitting to stations in dynamic SMPS mode
net: Fix gro aggregation for udp encaps with zero csum
net: Introduce parse_protocol header_ops callback
net: check if protocol extracted by virtio_net_hdr_set_proto is correct
net: avoid infinite loop in mpls_gso_segment when mpls_hlen == 0
can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership
can: flexcan: assert FRZ bit in flexcan_chip_freeze()
can: flexcan: enable RX FIFO after FRZ/HALT valid
netfilter: x_tables: gpf inside xt_find_revision()
cifs: return proper error code in statfs(2)
scripts/recordmcount.{c,pl}: support -ffunction-sections .text.* section names
Revert "mm, slub: consider rest of partial list if acquire_slab() fails"
sh_eth: fix TRSCER mask for SH771x
net/mlx4_en: update moderation when config reset
net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
net: sched: avoid duplicates in classes dump
net: usb: qmi_wwan: allow qmimux add/del with master up
cipso,calipso: resolve a number of problems with the DOI refcounts
net: lapbether: Remove netif_start_queue / netif_stop_queue
net: davicom: Fix regulator not turned off on failed probe
net: davicom: Fix regulator not turned off on driver removal
net: stmmac: stop each tx channel independently
perf traceevent: Ensure read cmdlines are null terminated.
s390/cio: return -EFAULT if copy_to_user() fails again
drm/compat: Clear bounce structures
drm: meson_drv add shutdown function
s390/cio: return -EFAULT if copy_to_user() fails
media: usbtv: Fix deadlock on suspend
net: phy: fix save wrong speed and duplex problem if autoneg is on
udf: fix silent AED tagLocation corruption
mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()'
mmc: mediatek: fix race condition between msdc_request_timeout and irq
powerpc: improve handling of unrecoverable system reset
powerpc/perf: Record counter overflow always if SAMPLE_IP is unset
PCI: xgene-msi: Fix race in installing chained irq handler
PCI: mediatek: Add missing of_node_put() to fix reference leak
s390/smp: __smp_rescan_cpus() - move cpumask away from stack
scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
ALSA: hda/hdmi: Cancel pending works before suspend
ALSA: hda: Drop the BATCH workaround for AMD controllers
ALSA: hda: Avoid spurious unsol event handling during S3/S4
ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")
s390/dasd: fix hanging DASD driver unbind
s390/dasd: fix hanging IO request during DASD driver unbind
mmc: core: Fix partition switch time for eMMC
Goodix Fingerprint device is not a modem
USB: gadget: u_ether: Fix a configfs return code
usb: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot
usb: gadget: f_uac1: stop playback on function disable
usb: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
xhci: Improve detection of device initiated wake signal.
usb: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing
USB: serial: io_edgeport: fix memory leak in edge_startup
USB: serial: ch341: add new Product ID
USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
USB: serial: cp210x: add some more GE USB IDs
usbip: fix stub_dev to check for stream socket
usbip: fix vhci_hcd to check for stream socket
usbip: fix vudc to check for stream socket
usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
usbip: fix vhci_hcd attach_store() races leading to gpf
staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan()
staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
staging: rtl8712: unterminated string leads to read overflow
staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data()
staging: ks7010: prevent buffer overflow in ks_wlan_set_scan()
staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd
staging: rtl8192e: Fix possible buffer overflow in _rtl92e_wx_set_scan
staging: comedi: addi_apci_1032: Fix endian problem for COS sample
staging: comedi: addi_apci_1500: Fix endian problem for command sample
staging: comedi: adv_pci1710: Fix endian problem for AI command data
staging: comedi: das6402: Fix endian problem for AI command data
staging: comedi: das800: Fix endian problem for AI command data
staging: comedi: dmm32at: Fix endian problem for AI command data
staging: comedi: me4000: Fix endian problem for AI command data
staging: comedi: pcl711: Fix endian problem for AI command data
staging: comedi: pcl818: Fix endian problem for AI command data
sh_eth: fix TRSCER mask for R7S72100
NFSv4.2: fix return value of _nfs4_get_security_label()
block: rsxx: fix error return code of rsxx_pci_probe()
configfs: fix a use-after-free in __configfs_open_file
stop_machine: mark helpers __always_inline
include/linux/sched/mm.h: use rcu_dereference in in_vfork()
powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
binfmt_misc: fix possible deadlock in bm_register_write
hwmon: (lm90) Fix max6658 sporadic wrong temperature reading
KVM: arm64: Fix exclusive limit for IPA size
iio: imu: adis16400: release allocated memory on failure
xen/events: reset affinity of 2-level event when tearing it down
xen/events: don't unmask an event channel when an eoi is pending
xen/events: avoid handling the same event on two cpus at the same time
Linux 4.14.226
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib4c6af910e10e6c04445ded8ccb1d877d9abb898
|
||
Eric W. Biederman
|
f95ea27037 |
Revert 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities")
commit 3b0c2d3eaa83da259d7726192cf55a137769012f upstream. It turns out that there are in fact userspace implementations that care and this recent change caused a regression. https://github.com/containers/buildah/issues/3071 As the motivation for the original change was future development, and the impact is existing real world code just revert this change and allow the ambiguity in v3 file caps. Cc: stable@vger.kernel.org Fixes: 95ebabde382c ("capabilities: Don't allow writing ambiguous v3 file capabilities") Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
496d5ba9c5 |
This is the 4.14.224 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmBEqrkACgkQONu9yGCS aT7mng//VA/WvCNtcAvP6hP5AIdVpfRERrbS5Ok09KXK12I8OEI4TCUywbDTcm2B oTmj84aZILoQstVb7GQSa04tf+2jHZ0z39NLxlyRHbrXzcV0z/6OslQv1y6wZzT4 +P25fw97BGpAzw0q0YOXgcjyDtAd5+2l2+/Q52lbAqCVKGbr1FItWx8J2CFol2E5 nul7R8vUbS3z0inFmqEqyixug/RGq6EJHn1HA3RMMO1JWaGTh8FewyVb0ndxcs1F zx1f2lVvTIqsJWkJ/9DcyJwdhFPClEpiVPO/5joLanWXEiTAQNJC08BmXJoIAglP WB9Sl2vSCCN+DmCjPCxWWF5GL/jnohRd8slKwGrELa5E1YdOkqxIUcI4MKby+fck Y9HhjE4OI5L28rGoO1yB3KopnJ6wYCtZSmiHYO6h/dxKMPmRoQ48X5zblPBqFMdu Rr/tXSMFCrpoD0QfdevW8K4t4dHWSh8pf9UxGs6Zv3VDv9i7c+zI4xdNCg/XP3LY Wm1QKC6pkyQFhzteVswMo3jEhw7kuHLgW+KZNS+gX4AbJ99moJOIpigQlzwsMl0m GiKMzrqQ1XwvQH7aQualBkmAYIPcofoshJBvw70MMPS/XGKNArLyTEHu0fzvVTsF cKnzxYEMrYJFQd7hoFHhZnSppEQovYKvRmJv8Mo2wvtNS7EuhD0= =OFAB -----END PGP SIGNATURE----- Merge 4.14.224 into android-4.14-stable Changes in 4.14.224 net: usb: qmi_wwan: support ZTE P685M modem scripts: use pkg-config to locate libcrypto scripts: set proper OpenSSL include dir also for sign-file hugetlb: fix update_and_free_page contig page struct assumption drm/virtio: use kvmalloc for large allocations virtio/s390: implement virtio-ccw revision 2 correctly arm64 module: set plt* section addresses to 0x0 arm64: Avoid redundant type conversions in xchg() and cmpxchg() arm64: cmpxchg: Use "K" instead of "L" for ll/sc immediate constraint arm64: Use correct ll/sc atomic constraints JFS: more checks for invalid superblock media: mceusb: sanity check for prescaler value xfs: Fix assert failure in xfs_setattr_size() smackfs: restrict bytes count in smackfs write functions net: fix up truesize of cloned skb in skb_prepare_for_shift() mm/hugetlb.c: fix unnecessary address expansion of pmd sharing net: bridge: use switchdev for port flags set through sysfs too dt-bindings: net: btusb: DT fix s/interrupt-name/interrupt-names/ staging: fwserial: Fix error handling in fwserial_create x86/reboot: Add Zotac ZBOX CI327 nano PCI reboot quirk vt/consolemap: do font sum unsigned wlcore: Fix command execute failure 19 for wl12xx pktgen: fix misuse of BUG_ON() in pktgen_thread_worker() ath10k: fix wmi mgmt tx queue full due to race condition x86/build: Treat R_386_PLT32 relocation as R_386_PC32 Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data staging: most: sound: add sanity check for function argument media: uvcvideo: Allow entities with no pads f2fs: handle unallocated section and zone on pinned/atgc parisc: Bump 64-bit IRQ stack size to 64 KB scsi: iscsi: Restrict sessions and handles to admin capabilities sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE scsi: iscsi: Verify lengths on passthrough PDUs Xen/gnttab: handle p2m update errors on a per-slot basis xen-netback: respect gnttab_map_refs()'s return value zsmalloc: account the number of compacted pages correctly swap: fix swapfile read/write offset media: v4l: ioctl: Fix memory leak in video_usercopy Linux 4.14.224 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I7731282f88441e9aca7a7d31bab9757831b29273 |
||
Sabyrzhan Tasbolatov
|
c6e1d0e54e |
smackfs: restrict bytes count in smackfs write functions
commit 7ef4c19d245f3dc233fd4be5acea436edd1d83d8 upstream.
syzbot found WARNINGs in several smackfs write operations where
bytes count is passed to memdup_user_nul which exceeds
GFP MAX_ORDER. Check count size if bigger than PAGE_SIZE.
Per smackfs doc, smk_write_net4addr accepts any label or -CIPSO,
smk_write_net6addr accepts any label or -DELETE. I couldn't find
any general rule for other label lengths except SMK_LABELLEN,
SMK_LONGLABEL, SMK_CIPSOMAX which are documented.
Let's constrain, in general, smackfs label lengths for PAGE_SIZE.
Although fuzzer crashes write to smackfs/netlabel on 0x400000 length.
Here is a quick way to reproduce the WARNING:
python -c "print('A' * 0x400000)" > /sys/fs/smackfs/netlabel
Reported-by: syzbot+a71a442385a0b2815497@syzkaller.appspotmail.com
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
a2e73af4e5 |
This is the 4.14.223 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmA/xiMACgkQONu9yGCS
aT6xPRAAubIMjvou8+ByMLEOK5HfhXN3VSi7iUQvBMsWPtW609hYMucIi6BdgUS5
vIXy/kwMRhQ0YW8H+rsf94Doliw6kgu4ebHLZqe7aP4EMeIoJ/HXtVfxpcrc4TzK
SdUxEEilHKlxSzhmi3Qi53KBLsJusoBg/jzNJ3PQQrX3V8Zc5XCzt1ZZIpxrnQK0
Bv/CVqAFauMX27pqJq/Y4cSJZtZ6EbUjRekIC5tjqBDMi4Pf7wHGYj/tUSdm76Es
9eTDmfO9Rvk0XeKKxm0dv5ffkhyi9xBmBK82GqBnHBSDpG03JOKcK5RAWRLT84Zv
joby0dsEPYTLG3nZ7cmRW0R5952BfvkabuRj07W2zu9DanMVnQtiquFZw2YdS/7a
Ed5lUWxdPysObd53keXtlv3hhjB+5lPIU5d3SLbsp6W08MIk9+YA1JBHeIJX9ulX
xy7kR0kUmiqCOspCKYZKmiU8DTqzko5yQfJWHYxuNosqnUYH+K9vTz1JBStdzrGM
ZAIDhhxPxNuC/gRlbavmbuyaHoPrBO2+l+dF/8be1YFyqMm3iIabROBWOqjnri4+
ZAGyGpr8ktJNv8rAlFvvDbg2fYO8j8FdA1Olf+UgCWZvzKPKESGrSwHg458c37XN
x0oWmytn5eXaY0LJgCo0D3Pf5uqrXKsazNSc/QZ9gwqf7hZJU8Y=
=nNVc
-----END PGP SIGNATURE-----
Merge 4.14.223 into android-4.14-stable
Changes in 4.14.223
HID: make arrays usage and value to be the same
usb: quirks: add quirk to start video capture on ELMO L-12F document camera reliable
ntfs: check for valid standard information attribute
arm64: tegra: Add power-domain for Tegra210 HDA
NET: usb: qmi_wwan: Adding support for Cinterion MV31
cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath.
scripts/recordmcount.pl: support big endian for ARCH sh
vmlinux.lds.h: add DWARF v5 sections
kdb: Make memory allocations more robust
MIPS: vmlinux.lds.S: add missing PAGE_ALIGNED_DATA() section
random: fix the RNDRESEEDCRNG ioctl
Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function
Bluetooth: Fix initializing response id after clearing struct
ARM: dts: exynos: correct PMIC interrupt trigger level on Monk
ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato
ARM: dts: exynos: correct PMIC interrupt trigger level on Spring
ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale Octa
arm64: dts: exynos: correct PMIC interrupt trigger level on TM2
arm64: dts: exynos: correct PMIC interrupt trigger level on Espresso
cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove()
usb: gadget: u_audio: Free requests only after callback
Bluetooth: drop HCI device reference before return
Bluetooth: Put HCI device if inquiry procedure interrupts
ARM: dts: Configure missing thermal interrupt for 4430
usb: dwc2: Do not update data length if it is 0 on inbound transfers
usb: dwc2: Abort transaction after errors with unknown reason
usb: dwc2: Make "trimming xfer length" a debug message
staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules
arm64: dts: msm8916: Fix reserved and rfsa nodes unit address
ARM: s3c: fix fiq for clang IAS
bpf_lru_list: Read double-checked variable once without lock
ath9k: fix data bus crash when setting nf_override via debugfs
bnxt_en: reverse order of TX disable and carrier off
xen/netback: fix spurious event detection for common event case
mac80211: fix potential overflow when multiplying to u32 integers
b43: N-PHY: Fix the update of coef for the PHY revision >= 3case
ibmvnic: skip send_request_unmap for timeout reset
net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout
net: amd-xgbe: Reset link when the link never comes back
net: mvneta: Remove per-cpu queue mapping for Armada 3700
fbdev: aty: SPARC64 requires FB_ATY_CT
drm/gma500: Fix error return code in psb_driver_load()
gma500: clean up error handling in init
crypto: sun4i-ss - fix kmap usage
MIPS: c-r4k: Fix section mismatch for loongson2_sc_init
MIPS: lantiq: Explicitly compare LTQ_EBU_PCC_ISTAT against 0
media: i2c: ov5670: Fix PIXEL_RATE minimum value
media: vsp1: Fix an error handling path in the probe function
media: media/pci: Fix memleak in empress_init
media: tm6000: Fix memleak in tm6000_start_stream
ASoC: cs42l56: fix up error handling in probe
crypto: bcm - Rename struct device_private to bcm_device_private
media: lmedm04: Fix misuse of comma
media: qm1d1c0042: fix error return code in qm1d1c0042_init()
media: cx25821: Fix a bug when reallocating some dma memory
media: pxa_camera: declare variable when DEBUG is defined
media: uvcvideo: Accept invalid bFormatIndex and bFrameIndex values
ata: ahci_brcm: Add back regulators management
Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind()
btrfs: clarify error returns values in __load_free_space_cache
hwrng: timeriomem - Fix cooldown period calculation
crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key()
ima: Free IMA measurement buffer on error
ima: Free IMA measurement buffer after kexec syscall
fs/jfs: fix potential integer overflow on shift of a int
jffs2: fix use after free in jffs2_sum_write_data()
capabilities: Don't allow writing ambiguous v3 file capabilities
clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL
quota: Fix memory leak when handling corrupted quota file
spi: cadence-quadspi: Abort read if dummy cycles required are too many
HID: core: detect and skip invalid inputs to snto32()
dmaengine: fsldma: Fix a resource leak in the remove function
dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function
dmaengine: hsu: disable spurious interrupt
mfd: bd9571mwv: Use devm_mfd_add_devices()
fdt: Properly handle "no-map" field in the memory region
of/fdt: Make sure no-map does not remove already reserved regions
power: reset: at91-sama5d2_shdwc: fix wkupdbc mask
rtc: s5m: select REGMAP_I2C
clocksource/drivers/mxs_timer: Add missing semicolon when DEBUG is defined
regulator: axp20x: Fix reference cout leak
certs: Fix blacklist flag type confusion
spi: atmel: Put allocated master before return
isofs: release buffer head before return
auxdisplay: ht16k33: Fix refresh rate handling
IB/umad: Return EIO in case of when device disassociated
powerpc/47x: Disable 256k page size
mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe
ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores
amba: Fix resource leak for drivers without .remove
tracepoint: Do not fail unregistering a probe due to memory failure
perf tools: Fix DSO filtering when not finding a map for a sampled address
RDMA/rxe: Fix coding error in rxe_recv.c
spi: stm32: properly handle 0 byte transfer
mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq()
powerpc/pseries/dlpar: handle ibm, configure-connector delay status
powerpc/8xx: Fix software emulation interrupt
spi: pxa2xx: Fix the controller numbering for Wildcat Point
perf intel-pt: Fix missing CYC processing in PSB
perf test: Fix unaligned access in sample parsing test
Input: elo - fix an error code in elo_connect()
sparc64: only select COMPAT_BINFMT_ELF if BINFMT_ELF is set
misc: eeprom_93xx46: Fix module alias to enable module autoprobe
misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users
pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
VMCI: Use set_page_dirty_lock() when unregistering guest memory
PCI: Align checking of syscall user config accessors
drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)
ext4: fix potential htree index checksum corruption
i40e: Fix flow for IPv6 next header (extension header)
i40e: Fix overwriting flow control settings during driver loading
net/mlx4_core: Add missed mlx4_free_cmd_mailbox()
ocfs2: fix a use after free on error
mm/memory.c: fix potential pte_unmap_unlock pte error
mm/hugetlb: fix potential double free in hugetlb_register_node() error path
arm64: Add missing ISB after invalidating TLB in __primary_switch
i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition
mm/rmap: fix potential pte_unmap on an not mapped pte
scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
blk-settings: align max_sectors on "logical_block_size" boundary
ACPI: property: Fix fwnode string properties matching
ACPI: configfs: add missing check after configfs_register_default_group()
HID: wacom: Ignore attempts to overwrite the touch_max value from HID
Input: raydium_ts_i2c - do not send zero length
Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S
Input: joydev - prevent potential read overflow in ioctl
Input: i8042 - add ASUS Zenbook Flip to noselftest list
USB: serial: option: update interface mapping for ZTE P685M
usb: musb: Fix runtime PM race in musb_queue_resume_work
USB: serial: mos7840: fix error code in mos7840_write()
USB: serial: mos7720: fix error code in mos7720_write()
usb: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1
usb: dwc3: gadget: Fix dep->interval for fullspeed interrupt
ALSA: hda/realtek: modify EAPD in the ALC886
tpm_tis: Fix check_locality for correct locality acquisition
KEYS: trusted: Fix migratable=1 failing
btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
btrfs: fix reloc root leak with 0 ref reloc roots on recovery
btrfs: fix extent buffer leak on failure to copy root
crypto: sun4i-ss - checking sg length is not sufficient
crypto: sun4i-ss - handle BigEndian for cipher
seccomp: Add missing return in non-void function
drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue
staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table
x86/reboot: Force all cpus to exit VMX root if VMX is supported
floppy: reintroduce O_NDELAY fix
arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
watchdog: mei_wdt: request stop on unregister
mtd: spi-nor: hisi-sfc: Put child node np on error path
fs/affs: release old buffer head on error path
hugetlb: fix copy_huge_page_from_user contig page struct assumption
mm: hugetlb: fix a race between freeing and dissolving the page
usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
libnvdimm/dimm: Avoid race between probe and available_slots_show()
module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
mmc: sdhci-esdhc-imx: fix kernel panic when remove module
gpio: pcf857x: Fix missing first interrupt
printk: fix deadlock when kernel panic
f2fs: fix out-of-repair __setattr_copy()
sparc32: fix a user-triggerable oops in clear_user()
gfs2: Don't skip dlm unlock if glock has an lvb
dm era: Recover committed writeset after crash
dm era: Verify the data block size hasn't changed
dm era: Fix bitset memory leaks
dm era: Use correct value size in equality function of writeset tree
dm era: Reinitialize bitset cache before digesting a new writeset
dm era: only resize metadata in preresume
icmp: introduce helper for nat'd source address in network device context
icmp: allow icmpv6_ndo_send to work with CONFIG_IPV6=n
gtp: use icmp_ndo_send helper
sunvnet: use icmp_ndo_send helper
ipv6: icmp6: avoid indirect call for icmpv6_send()
ipv6: silence compilation warning for non-IPV6 builds
net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
dm era: Update in-core bitset after committing the metadata
Linux 4.14.223
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib3da7b72393e257416645cd59c380fce3c801177
|
||
Jarkko Sakkinen
|
5bbec09f88 |
KEYS: trusted: Fix migratable=1 failing
commit 8da7520c80468c48f981f0b81fc1be6599e3b0ad upstream.
Consider the following transcript:
$ keyctl add trusted kmk "new 32 blobauth=helloworld keyhandle=80000000 migratable=1" @u
add_key: Invalid argument
The documentation has the following description:
migratable= 0|1 indicating permission to reseal to new PCR values,
default 1 (resealing allowed)
The consequence is that "migratable=1" should succeed. Fix this by
allowing this condition to pass instead of return -EINVAL.
[*] Documentation/security/keys/trusted-encrypted.rst
Cc: stable@vger.kernel.org
Cc: "James E.J. Bottomley" <jejb@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Cc: David Howells <dhowells@redhat.com>
Fixes: d00a1c72f7f4 ("keys: add new trusted key-type")
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
David Howells
|
ad26df1875 |
certs: Fix blacklist flag type confusion
[ Upstream commit 4993e1f9479a4161fd7d93e2b8b30b438f00cb0f ]
KEY_FLAG_KEEP is not meant to be passed to keyring_alloc() or key_alloc(),
as these only take KEY_ALLOC_* flags. KEY_FLAG_KEEP has the same value as
KEY_ALLOC_BYPASS_RESTRICTION, but fortunately only key_create_or_update()
uses it. LSMs using the key_alloc hook don't check that flag.
KEY_FLAG_KEEP is then ignored but fortunately (again) the root user cannot
write to the blacklist keyring, so it is not possible to remove a key/hash
from it.
Fix this by adding a KEY_ALLOC_SET_KEEP flag that tells key_alloc() to set
KEY_FLAG_KEEP on the new key. blacklist_init() can then, correctly, pass
this to keyring_alloc().
We can also use this in ima_mok_init() rather than setting the flag
manually.
Note that this doesn't fix an observable bug with the current
implementation but it is required to allow addition of new hashes to the
blacklist in the future without making it possible for them to be removed.
Fixes: 734114f8782f ("KEYS: Add a system blacklist keyring")
Reported-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Mickaël Salaün <mic@linux.microsoft.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Eric W. Biederman
|
e516a306ef |
capabilities: Don't allow writing ambiguous v3 file capabilities
[ Upstream commit 95ebabde382c371572297915b104e55403674e73 ]
The v3 file capabilities have a uid field that records the filesystem
uid of the root user of the user namespace the file capabilities are
valid in.
When someone is silly enough to have the same underlying uid as the
root uid of multiple nested containers a v3 filesystem capability can
be ambiguous.
In the spirit of don't do that then, forbid writing a v3 filesystem
capability if it is ambiguous.
Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities")
Reviewed-by: Andrew G. Morgan <morgan@kernel.org>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Lakshmi Ramasubramanian
|
005da2a16e |
ima: Free IMA measurement buffer after kexec syscall
[ Upstream commit f31e3386a4e92ba6eda7328cb508462956c94c64 ]
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. This buffer is not freed before
completing the kexec system call resulting in memory leak.
Add ima_buffer field in "struct kimage" to store the virtual address
of the buffer allocated for the IMA measurement list.
Free the memory allocated for the IMA measurement list in
kimage_file_post_load_cleanup() function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Reviewed-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
Reviewed-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Lakshmi Ramasubramanian
|
5db2c9e89a |
ima: Free IMA measurement buffer on error
[ Upstream commit 6d14c6517885fa68524238787420511b87d671df ]
IMA allocates kernel virtual memory to carry forward the measurement
list, from the current kernel to the next kernel on kexec system call,
in ima_add_kexec_buffer() function. In error code paths this memory
is not freed resulting in memory leak.
Free the memory allocated for the IMA measurement list in
the error code paths in ima_add_kexec_buffer() function.
Signed-off-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Suggested-by: Tyler Hicks <tyhicks@linux.microsoft.com>
Fixes: 7b8589cc29e7 ("ima: on soft reboot, save the measurement list")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
c0303b0388 |
This is the 4.14.222 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmA0/JEACgkQONu9yGCS aT5IQA//XG0oLCFo1l6DDRPINDK104bYork5yGmqjGfdSplnH/OYkwmebAJEUmNn ha+Qv9xw1JlR/oGBwC4Zp0jBV4+Gjuh6SuqdyCH/NI+tTSnKd1MzfqMmo6rb5iaz RspBVgc+I5sV7Fa3GVwR54a5Yo3JgUEMIxT+q1Ftu9QT3kr1Zo0m3odm8/j8EI5o mYaYbNPnXfcn7NCotyIq2g3q7rQTcbshlUoul9WxdjUcRMdAFY1Fnj6UxrWO1b0s oFj/u/KV0WB2IeXgZgStNS5qjKhmfZKj1rAVnYOpY0zwn0wKnGa2oh4G+Pfae2yk MXQaW2KL/Y8gsCzhj1N/L5yfRMatOfT3tAqD2gGqoJVWpmLU4p15piWD5uwWkxLw HtazDI4IBNAah7mog+xnD0V2Q8auZ7f4tbtkiHTfoyFs5BavK2VETOOTeAoUsX5O e/Dif0gv6SEhkFCkL4PBz4WylD1gOY8nD1FsgbfMZ0hDSpTIjrWUtMAYZejB8YUj lS28fKO7Nu0AoGElt2nt7xobJRmp/Y7GFoz1Thy750qtl8kXUJ5sqw99gAiPAZM/ cv4UgKPzU7qfw5/qry0717YHa7k/CTjSd7tw9erNxsjdQ7ptLOGJMhS3EFc5kzQT 77NC1rqnSTQHLJfsBaRiTn5IZB5PiJssrAwBhRTcBjdwTQe+fyI= =7i2A -----END PGP SIGNATURE----- Merge 4.14.222 into android-4.14-stable Changes in 4.14.222 fgraph: Initialize tracing_graph_pause at task creation remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load af_key: relax availability checks for skb size calculation pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap iwlwifi: mvm: guard against device removal in reprobe SUNRPC: Move simple_get_bytes and simple_get_netobj into private header SUNRPC: Handle 0 length opaque XDR object data properly lib/string: Add strscpy_pad() function include/trace/events/writeback.h: fix -Wstringop-truncation warnings memcg: fix a crash in wb_workfn when a device disappears squashfs: add more sanity checks in id lookup squashfs: add more sanity checks in inode lookup squashfs: add more sanity checks in xattr id lookup tracing: Do not count ftrace events in top level enable output tracing: Check length before giving out the filter buffer arm/xen: Don't probe xenbus as part of an early initcall MIPS: BMIPS: Fix section mismatch warning arm64: dts: rockchip: Fix PCIe DT properties on rk3399 platform/x86: hp-wmi: Disable tablet-mode reporting by default ovl: perform vfs_getxattr() with mounter creds cap: fix conversions on getxattr ovl: skip getxattr of security labels ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL ARM: ensure the signal page contains defined contents memblock: do not start bottom-up allocations with kernel_end bpf: Check for integer overflow when using roundup_pow_of_two() netfilter: xt_recent: Fix attempt to update deleted entry xen/netback: avoid race in xenvif_rx_ring_slots_available() netfilter: conntrack: skip identical origin tuple in same zone only usb: dwc3: ulpi: fix checkpatch warning usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one net/vmw_vsock: improve locking in vsock_connect_timeout() net: watchdog: hold device global xmit lock during tx disable vsock/virtio: update credit only if socket is not closed vsock: fix locking in vsock_shutdown() i2c: stm32f7: fix configuration of the digital filter h8300: fix PREEMPTION build, TI_PRE_COUNT undefined x86/build: Disable CET instrumentation in the kernel for 32-bit too trace: Use -mcount-record for dynamic ftrace tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-mcount tracing: Avoid calling cc-option -mrecord-mcount for every Makefile Xen/x86: don't bail early from clear_foreign_p2m_mapping() Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() Xen/gntdev: correct error checking in gntdev_map_grant_pages() xen/arm: don't ignore return errors from set_phys_to_machine xen-blkback: don't "handle" error by BUG() xen-netback: don't "handle" error by BUG() xen-scsiback: don't "handle" error by BUG() xen-blkback: fix error handling in xen_blkbk_map() scsi: qla2xxx: Fix crash during driver load on big endian machines USB: Gadget Ethernet: Re-enable Jumbo frames. usb: gadget: u_ether: Fix MTU size mismatch with RX packet size kvm: check tlbs_dirty directly Linux 4.14.222 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I22657377bcf9340798a60064ba3d5ebdf1165097 |
||
Miklos Szeredi
|
83515cf735 |
cap: fix conversions on getxattr
[ Upstream commit f2b00be488730522d0fb7a8a5de663febdcefe0a ] If a capability is stored on disk in v2 format cap_inode_getsecurity() will currently return in v2 format unconditionally. This is wrong: v2 cap should be equivalent to a v3 cap with zero rootid, and so the same conversions performed on it. If the rootid cannot be mapped, v3 is returned unconverted. Fix this so that both v2 and v3 return -EOVERFLOW if the rootid (or the owner of the fs user namespace in case of v2) cannot be mapped into the current user namespace. Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
564b130202 |
This is the 4.14.217 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmAMN2QACgkQONu9yGCS aT66CBAAnQV9ZKn5eCftFwOTm/B/W171665glkAwt92QtvrsJz+sFLMzBPkKXAAk A/hsMrpKwNVdLB1mPfgZYg4KBTF9193dUx12hSR8CqN1JzjERkGxbJflWKg7r4qS ttYx5i7ydNLCoOLZfuMujgMngDpT95iICtCesTimms3Oyq2rmpAP5TkySwsXAaHC bCjJyg4mNyblDiYbDzgmY4H821qOuO8jHGgriVY5/IcEKX8v3SAYleuMeDBf7pN7 iGk0fd0pTpL+dYE6dBo7TWzubV0q6/P4T+QyZ8ZPcw/DkhsG6eSHlDpDvMmxdESG uCHKZG0w0/TSXX4NDa0VXNYDxbDkfgB8+grSl97y4Tc+dA/1wZXH63JfMiQ1kCHM fnJz/gfbAwPJgVq9hsR8SxZkxzsdmX3uTT2B5AxI1jtXJRSLDYMT+yY/fpgePFY9 NyN+Qrc0UX9ZVaYFO474GfkUV5xIoC/9X2RFdgPBDt4dP8ywNW6EGHoI3fPKM528 0bBgqcNBBka6aelQTwgzPoZ3OuPelgla8UzxQf9jKnwjoUuN24wX4yf18HVfFtJa CRjgX+ljawS54J++xk++XymyLm3oRFPp7eRFpaAwiNA/ADoMBbtwWUu9lVQktssw 8l5BoN6W/VIy1bys4UWkuSKl09kvJw7TrLgSigTvh+YEXHPOqKk= =KSLy -----END PGP SIGNATURE----- Merge 4.14.217 into android-4.14-stable Changes in 4.14.217 ASoC: dapm: remove widget from dirty list on free MIPS: boot: Fix unaligned access with CONFIG_MIPS_RAW_APPENDED_DTB MIPS: relocatable: fix possible boot hangup with KASLR enabled ACPI: scan: Harden acpi_device_add() against device ID overflows mm/hugetlb: fix potential missing huge page size info dm snapshot: flush merged data before committing metadata r8152: Add Lenovo Powered USB-C Travel Hub ext4: fix bug for rename with RENAME_WHITEOUT ARC: build: remove non-existing bootpImage from KBUILD_IMAGE ARC: build: add uImage.lzma to the top-level target ARC: build: add boot_targets to PHONY btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan ethernet: ucc_geth: fix definition and size of ucc_geth_tx_global_pram arch/arc: add copy_user_page() to <asm/page.h> to fix build error on ARC misdn: dsp: select CONFIG_BITREVERSE net: ethernet: fs_enet: Add missing MODULE_LICENSE ACPI: scan: add stub acpi_create_platform_device() for !CONFIG_ACPI ARM: picoxcell: fix missing interrupt-parent properties dump_common_audit_data(): fix racy accesses to ->d_name ASoC: Intel: fix error code cnl_set_dsp_D0() NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock pNFS: Mark layout for return if return-on-close was not sent NFS: nfs_igrab_and_active must first reference the superblock ext4: fix superblock checksum failure when setting password salt RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp mm, slub: consider rest of partial list if acquire_slab() fails net: sunrpc: interpret the return value of kstrtou32 correctly dm: eliminate potential source of excessive kernel log noise ALSA: firewire-tascam: Fix integer overflow in midi_port_work() ALSA: fireface: Fix integer overflow in transmit_midi_msg() netfilter: conntrack: fix reading nf_conntrack_buckets usb: ohci: Make distrust_firmware param default to false nfsd4: readdirplus shouldn't return parent of export netxen_nic: fix MSI/MSI-x interrupts rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request esp: avoid unneeded kmap_atomic call net: dcb: Validate netlink message in DCB handler net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands net: stmmac: Fixed mtu channged by cache aligned net: sit: unregister_netdevice on newlink's error path net: avoid 32 x truesize under-estimation for tiny skbs rxrpc: Fix handling of an unsupported token type in rxrpc_read() tipc: fix NULL deref in tipc_link_xmit() net: use skb_list_del_init() to remove from RX sublists net: introduce skb_list_walk_safe for skb segment walking net: skbuff: disambiguate argument and member for skb_list_walk_safe helper net: ipv6: Validate GSO SKB before finish IPv6 processing spi: cadence: cache reference clock rate during probe Linux 4.14.217 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8dde475d93da7cdd6f8b5d7f0fed37ac80c24003 |
||
Al Viro
|
2f121a8d64 |
dump_common_audit_data(): fix racy accesses to ->d_name
commit d36a1dd9f77ae1e72da48f4123ed35627848507d upstream. We are not guaranteed the locking environment that would prevent dentry getting renamed right under us. And it's possible for old long name to be freed after rename, leading to UAF here. Cc: stable@kernel.org # v2.6.2+ Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
89616f108f |
This is the 4.14.213 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl/rJWgACgkQONu9yGCS aT5qhxAAh1a9hKOtdMEbXnRpgWCXdP/9Ia+IBMPK1l7t2UXIjHg3o3QPMUQ02acr FOaTsHUV7QiBpSf9JDMDUXwpVs4/Jf3TIaQ41qBbV0f4MYhFVm06FqxaKRzYW4ME DlEr8YLfKsxxgQtllaMh7YzWDlSWkoHkgK6o03TLQvZJLxG6Hv3qeS+PJFRNzSff D03FmWmJ+c0iDoI8tGdaEE1YpbgxSY0nyDSoNyx6UQXM5974rxTXg1lxzi31F7dR juem63TesKZQfI/frBpKJCiTivV3ZFqBb0foFATcWxsAAZMZoxLLLvNobxxmSPKQ REboQ1tTrbW0I3tw+VWFeQHtSV7TWjKGEYAiRJPHWCAv8KNEyq28W/tl9v/9wTiQ SVhvqKiyHn0862/QV9mEOzR5XekSJduHefeco4s7aCs/xgDmjnFrOSTNX46wCQb/ dxsML7FDypXMuPfldugNq8OlZQT1DEgs1yV8d/a1MTiit8RzCX4b2Ye2assGUI2p Udh62Noalfx8s8Xau4dsFm3qMGKImDOpjJx5vZLV1eVy8Asmyod9dVM31FzGMLwR 6rL1xc8YCs5vSbD1Cecas+1NyQ4iO4ivwirJlIWKuF2ZnRFXDmIG0WBCtvlVxPlz bhIOl01T07BHZKAGLy1rXH/hlHi8dTf55YvcbMu2QE9uLNKk/8M= =Ehpf -----END PGP SIGNATURE----- Merge 4.14.213 into android-4.14-stable Changes in 4.14.213 spi: bcm2835aux: Fix use-after-free on unbind spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe iwlwifi: pcie: limit memory read spin time arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards. iwlwifi: mvm: fix kernel panic in case of assert during CSA ARC: stack unwinding: don't assume non-current task is sleeping scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE Input: cm109 - do not stomp on control URB Input: i8042 - add Acer laptops to the i8042 reset list pinctrl: amd: remove debounce filter setting in IRQ type setting kbuild: avoid static_assert for genksyms scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP PCI: qcom: Add missing reset for ipq806x net: stmmac: free tx skb buffer in stmmac_resume() tcp: fix cwnd-limited bug for TSO deferral where we send nothing net/mlx4_en: Avoid scheduling restart task if it is already running net/mlx4_en: Handle TX error CQE net: stmmac: delete the eee_ctrl_timer after napi disabled net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux net: bridge: vlan: fix error return code in __vlan_add() mac80211: mesh: fix mesh_pathtbl_init() error path USB: dummy-hcd: Fix uninitialized array use in init() USB: add RESET_RESUME quirk for Snapscan 1212 ALSA: usb-audio: Fix potential out-of-bounds shift ALSA: usb-audio: Fix control 'access overflow' errors from chmap xhci: Give USB2 ports time to enter U3 in bus suspend USB: UAS: introduce a quirk to set no_write_same USB: sisusbvga: Make console support depend on BROKEN ALSA: pcm: oss: Fix potential out-of-bounds shift serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi pinctrl: merrifield: Set default bias in case no particular value given pinctrl: baytrail: Avoid clearing debounce value when turning it off ARM: dts: sun8i: v3s: fix GIC node memory range gpio: mvebu: fix potential user-after-free on probe scsi: bnx2i: Requires MMU can: softing: softing_netdev_open(): fix error handling RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling drm/tegra: sor: Disable clocks on error in tegra_sor_init() vxlan: Add needed_headroom for lower device vxlan: Copy needed_tailroom from lowerdev scsi: mpt3sas: Increase IOCInit request timeout to 30s dm table: Remove BUG_ON(in_interrupt()) soc/tegra: fuse: Fix index bug in get_process_id USB: serial: option: add interface-number sanity check to flag handling USB: gadget: f_acm: add support for SuperSpeed Plus USB: gadget: f_midi: setup SuperSpeed Plus descriptors usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus USB: gadget: f_rndis: fix bitrate for SuperSpeed and above usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410 ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU HID: i2c-hid: add Vero K147 to descriptor override serial_core: Check for port state when tty is in error state quota: Sanity-check quota file headers on load media: msi2500: assign SPI bus number dynamically crypto: af_alg - avoid undefined behavior accessing salg_name md: fix a warning caused by a race between concurrent md_ioctl()s Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() drm/gma500: fix double free of gma_connector soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains() soc: mediatek: Check if power domains can be powered on at boot time RDMA/bnxt_re: Set queue pair state when being queried selinux: fix error initialization in inode_doinit_with_dentry() RDMA/rxe: Compute PSN windows correctly x86/mm/ident_map: Check for errors from ident_pud_init() ARM: p2v: fix handling of LPAE translation in BE mode sched/deadline: Fix sched_dl_global_validate() sched: Reenable interrupts in do_sched_yield() crypto: talitos - Fix return type of current_desc_hdr() spi: img-spfi: fix reference leak in img_spfi_resume ASoC: pcm: DRAIN support reactivation selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling arm64: dts: exynos: Correct psci compatible used on Exynos7 Bluetooth: Fix null pointer dereference in hci_event_packet() spi: spi-ti-qspi: fix reference leak in ti_qspi_setup spi: tegra20-slink: fix reference leak in slink ops of tegra20 spi: tegra20-sflash: fix reference leak in tegra_sflash_resume spi: tegra114: fix reference leak in tegra spi ops mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure ASoC: wm8998: Fix PM disable depth imbalance on error ASoC: arizona: Fix a wrong free in wm8997_probe RDMa/mthca: Work around -Wenum-conversion warning MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA staging: greybus: codecs: Fix reference counter leak in error handling media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() scsi: core: Fix VPD LUN ID designator priorities media: solo6x10: fix missing snd_card_free in error handling case drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() Input: ads7846 - fix race that causes missing releases Input: ads7846 - fix integer overflow on Rt calculation Input: ads7846 - fix unaligned access on 7845 powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32 crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe soc: ti: knav_qmss: fix reference leak in knav_queue_probe soc: ti: Fix reference imbalance in knav_dma_probe drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe Input: omap4-keypad - fix runtime PM error handling RDMA/cxgb4: Validate the number of CQEs memstick: fix a double-free bug in memstick_check ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host orinoco: Move context allocation after processing the skb cw1200: fix missing destroy_workqueue() on error in cw1200_init_common media: siano: fix memory leak of debugfs members in smsdvb_hotplug samples: bpf: Fix lwt_len_hist reusing previous BPF map mips: cdmm: fix use-after-free in mips_cdmm_bus_discover media: max2175: fix max2175_set_csm_mode() error code HSI: omap_ssi: Don't jump to free ID in ssi_add_controller() ARM: dts: Remove non-existent i2c1 from 98dx3236 power: supply: bq24190_charger: fix reference leak genirq/irqdomain: Don't try to free an interrupt that has no mapping PCI: iproc: Fix out-of-bound array accesses ARM: dts: at91: at91sam9rl: fix ADC triggers ath10k: Fix an error handling path ath10k: Release some resources in an error handling path NFSv4.2: condition READDIR's mask for security label based on LSM state SUNRPC: xprt_load_transport() needs to support the netid "rdma6" lockd: don't use interval-based rebinding over TCP NFS: switch nfsiod to be an UNBOUND workqueue. vfio-pci: Use io_remap_pfn_range() for PCI IO memory media: saa7146: fix array overflow in vidioc_s_audio() clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent() ARM: dts: at91: sama5d2: map securam as device pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() arm64: dts: rockchip: Fix UART pull-ups on rk3328 memstick: r592: Fix error return in r592_probe() net/mlx5: Properly convey driver version to firmware ASoC: jz4740-i2s: add missed checks for clk_get() dm ioctl: fix error return code in target_message clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI cpufreq: highbank: Add missing MODULE_DEVICE_TABLE cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE cpufreq: st: Add missing MODULE_DEVICE_TABLE cpufreq: loongson1: Add missing MODULE_ALIAS cpufreq: scpi: Add missing MODULE_ALIAS scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe scsi: pm80xx: Fix error return in pm8001_pci_probe() seq_buf: Avoid type mismatch for seq_buf_init scsi: fnic: Fix error return code in fnic_probe() powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops powerpc/pseries/hibernation: remove redundant cacheinfo update usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe usb: oxu210hp-hcd: Fix memory leak in oxu_create speakup: fix uninitialized flush_lock nfsd: Fix message level for normal termination nfs_common: need lock during iterate through the list x86/kprobes: Restore BTF if the single-stepping is cancelled clk: tegra: Fix duplicated SE clock entry extcon: max77693: Fix modalias string ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control() irqchip/alpine-msi: Fix freeing of interrupts on allocation error path watchdog: sirfsoc: Add missing dependency on HAS_IOMEM um: chan_xterm: Fix fd leak nfc: s3fwrn5: Release the nfc firmware powerpc/ps3: use dma_mapping_error() checkpatch: fix unescaped left brace net: bcmgenet: Fix a resource leak in an error handling path in the probe functin net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function net: korina: fix return value watchdog: qcom: Avoid context switch in restart handler watchdog: coh901327: add COMMON_CLK dependency clk: ti: Fix memleak in ti_fapll_synth_setup pwm: zx: Add missing cleanup in error path pwm: lp3943: Dynamically allocate PWM chip base perf record: Fix memory leak when using '--user-regs=?' to list registers qlcnic: Fix error code in probe clk: s2mps11: Fix a resource leak in error handling paths in the probe function clk: sunxi-ng: Make sure divider tables have sentinel cfg80211: initialize rekey_data fix namespaced fscaps when !CONFIG_SECURITY Input: cros_ec_keyb - send 'scancodes' in addition to key events Input: goodix - add upside-down quirk for Teclast X98 Pro tablet media: gspca: Fix memory leak in probe media: sunxi-cir: ensure IR is handled when it is continuous media: netup_unidvb: Don't leak SPI master in probe error path Input: cyapa_gen6 - fix out-of-bounds stack access PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup() Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks" ACPI: PNP: compare the string length in the matching_id() ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 ALSA: pcm: oss: Fix a few more UBSAN fixes ALSA: usb-audio: Disable sample read check if firmware doesn't give back s390/smp: perform initial CPU reset also for SMT siblings s390/dasd: prevent inconsistent LCU device data s390/dasd: fix list corruption of pavgroup group list s390/dasd: fix list corruption of lcu list staging: comedi: mf6x4: Fix AI end-of-conversion detection powerpc/perf: Exclude kernel samples while counting events in user space. crypto: ecdh - avoid unaligned accesses in ecdh_set_secret() EDAC/amd64: Fix PCI component registration USB: serial: mos7720: fix parallel-port state restore USB: serial: keyspan_pda: fix dropped unthrottle interrupts USB: serial: keyspan_pda: fix write deadlock USB: serial: keyspan_pda: fix stalled writes USB: serial: keyspan_pda: fix write-wakeup use-after-free USB: serial: keyspan_pda: fix tx-unthrottle use-after-free USB: serial: keyspan_pda: fix write unthrottling Btrfs: fix selftests failure due to uninitialized i_mode in test inodes btrfs: fix return value mixup in btrfs_get_extent ext4: fix a memory leak of ext4_free_data ext4: fix deadlock with fs freezing and EA inodes KVM: arm64: Introduce handling of AArch32 TTBCR2 traps ARM: dts: at91: sama5d2: fix CAN message ram offset and size powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter powerpc/xmon: Change printk() to pr_cont() powerpc/powernv/memtrace: Don't leak kernel memory to user space ima: Don't modify file descriptor mode on the fly ceph: fix race in concurrent __ceph_remove_cap invocations jffs2: Fix GC exit abnormally jfs: Fix array index bounds check in dbAdjTree drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() spi: spi-sh: Fix use-after-free on unbind spi: davinci: Fix use-after-free on unbind spi: pic32: Don't leak DMA channels in probe error path spi: rb4xx: Don't leak SPI master in probe error path spi: sc18is602: Don't leak SPI master in probe error path spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path soc: qcom: smp2p: Safely acquire spinlock without IRQs mtd: parser: cmdline: Fix parsing of part-names with colons iio: buffer: Fix demux update iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume iio:light:rpr0521: Fix timestamp alignment and prevent data leak. iio:pressure:mpl3115: Force alignment of buffer iio:imu:bmi160: Fix too large a buffer. md/cluster: fix deadlock when node is doing resync job clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 xen-blkback: set ring->xenblkd to NULL after kthread_stop() xen/xenbus: Allow watches discard events before queueing xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() xen/xenbus/xen_bus_type: Support will_handle watch callback xen/xenbus: Count pending messages for each watch xenbus/xenbus_backend: Disallow pending watch messages libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels PCI: Fix pci_slot_release() NULL pointer dereference Linux 4.14.213 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic39f6cbb08d6b12ddb9f5372eb14ff80f2bff04e |
||
Roberto Sassu
|
07c67ec649 |
ima: Don't modify file descriptor mode on the fly
commit 207cdd565dfc95a0a5185263a567817b7ebf5467 upstream.
Commit a408e4a86b36b ("ima: open a new file instance if no read
permissions") already introduced a second open to measure a file when the
original file descriptor does not allow it. However, it didn't remove the
existing method of changing the mode of the original file descriptor, which
is still necessary if the current process does not have enough privileges
to open a new one.
Changing the mode isn't really an option, as the filesystem might need to
do preliminary steps to make the read possible. Thus, this patch removes
the code and keeps the second open as the only option to measure a file
when it is unreadable with the original file descriptor.
Cc: <stable@vger.kernel.org> # 4.20.x: 0014cc04e8ec0 ima: Set file->f_mode
Fixes: 2fe5d6def1672 ("ima: integrity appraisal extension")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Paul Moore
|
44f5d9fecd |
selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
[ Upstream commit 200ea5a2292dc444a818b096ae6a32ba3caa51b9 ]
A previous fix, commit 83370b31a915 ("selinux: fix error initialization
in inode_doinit_with_dentry()"), changed how failures were handled
before a SELinux policy was loaded. Unfortunately that patch was
potentially problematic for two reasons: it set the isec->initialized
state without holding a lock, and it didn't set the inode's SELinux
label to the "default" for the particular filesystem. The later can
be a problem if/when a later attempt to revalidate the inode fails
and SELinux reverts to the existing inode label.
This patch should restore the default inode labeling that existed
before the original fix, without affecting the LABEL_INVALID marking
such that revalidation will still be attempted in the future.
Fixes: 83370b31a915 ("selinux: fix error initialization in inode_doinit_with_dentry()")
Reported-by: Sven Schnelle <svens@linux.ibm.com>
Tested-by: Sven Schnelle <svens@linux.ibm.com>
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Tianyue Ren
|
ce7acf72db |
selinux: fix error initialization in inode_doinit_with_dentry()
[ Upstream commit 83370b31a915493231e5b9addc72e4bef69f8d31 ]
Mark the inode security label as invalid if we cannot find
a dentry so that we will retry later rather than marking it
initialized with the unlabeled SID.
Fixes: 9287aed2ad1f ("selinux: Convert isec->lock into a spinlock")
Signed-off-by: Tianyue Ren <rentianyue@kylinos.cn>
[PM: minor comment tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
76cc1c09f4 |
This is the 4.14.207 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+1WhoACgkQONu9yGCS
aT7xTA/+Nec9KMVmw+In7CAgj4p6uwshPaBGVjlfrcCriuT33QlWT5aaCCm52YJt
uQCCQKD1g+Lkd4P1bWCnRDi791dh1L7hwhPWWmKTLJitte1i/aaAUtPQRtUCeZQT
8fNzuqBZpg5QMEnEeY8duEVfh0q/f1Gm39uB7Dvt6Z8UXbJstTgvz6XQ0AL6I+ap
L9alHzQxOtD5c5SQoIf+qyr/zE/XPZVBxFDGsGszG/QKAtwh0vf0/R4dSKbL3Bel
aja5xD+QS7xgyEppW8Ta/2M0oPV/1bjJj/JgkDnB4xSq1kAuHb1WAemfkhUfchW/
LKPtjo2UzamPLjUZmd9D4WklNRiJTkoE9WdLbCUBDjFPpTSmYTlsAYs8iBczJAwX
NO/inyOYSShg//TPpv924DVkS4blwOiNV1uRYbhxeCOlrj0VZ2BIMvKymm3k6wUY
tVOlV7CLmdOO9tliJTs/HDZBy8qdLTxJQsKwb2MvidxX1a9VDRt2Zx5gFUJmLKMj
GN3a77fZkBsUUrPe/tENzW9n70trS5UDJiDAIcgNvQj3N2FeBCDSojhfiQOc3gG0
SXba1VTUX8pPzfa/4X0gJR1dN/2zM7RNDEIE29mS27j9PJFPYAsCcMTs4+iltror
mO3gMh4jhCTvcC69gITNW1o+5RBe0NN3jq7GlVmsWmZ4MsmwfwA=
=/Wvr
-----END PGP SIGNATURE-----
Merge 4.14.207 into android-4.14-stable
Changes in 4.14.207
regulator: defer probe when trying to get voltage from unresolved supply
ring-buffer: Fix recursion protection transitions between interrupt context
mm: mempolicy: fix potential pte_unmap_unlock pte error
time: Prevent undefined behaviour in timespec64_to_ns()
nbd: don't update block size after device is started
btrfs: sysfs: init devices outside of the chunk_mutex
btrfs: reschedule when cloning lots of extents
genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY
hv_balloon: disable warning when floor reached
net: xfrm: fix a race condition during allocing spi
perf tools: Add missing swap for ino_generation
ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link()
can: rx-offload: don't call kfree_skb() from IRQ context
can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context
can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames
can: can_create_echo_skb(): fix echo skb generation: always use skb_clone()
can: peak_usb: add range checking in decode operations
can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping
can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on
xfs: flush new eof page on truncate to avoid post-eof corruption
Btrfs: fix missing error return if writeback for extent buffer never started
ath9k_htc: Use appropriate rs_datalen type
usb: gadget: goku_udc: fix potential crashes in probe
gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free
gfs2: Add missing truncate_inode_pages_final for sd_aspace
gfs2: check for live vs. read-only file system in gfs2_fitrim
scsi: hpsa: Fix memory leak in hpsa_init_one()
drm/amdgpu: perform srbm soft reset always on SDMA resume
mac80211: fix use of skb payload instead of header
cfg80211: regulatory: Fix inconsistent format argument
scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
iommu/amd: Increase interrupt remapping table limit to 512 entries
pinctrl: intel: Set default bias in case no particular value given
ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template
pinctrl: aspeed: Fix GPI only function problem.
nbd: fix a block_device refcount leak in nbd_release
xfs: fix flags argument to rmap lookup when converting shared file rmaps
xfs: fix rmap key and record comparison functions
xfs: fix a missing unlock on error in xfs_fs_map_blocks
of/address: Fix of_node memory leak in of_dma_is_coherent
cosa: Add missing kfree in error path of cosa_write
perf: Fix get_recursion_context()
ext4: correctly report "not supported" for {usr,grp}jquota when !CONFIG_QUOTA
ext4: unlock xattr_sem properly in ext4_inline_data_truncate()
thunderbolt: Add the missed ida_simple_remove() in ring_request_msix()
uio: Fix use-after-free in uio_unregister_device()
usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode
mei: protect mei_cl_mtu from null dereference
futex: Don't enable IRQs unconditionally in put_pi_state()
ocfs2: initialize ip_next_orphan
selinux: Fix error return code in sel_ib_pkey_sid_slow()
don't dump the threads that had been already exiting when zapped.
drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]
pinctrl: amd: use higher precision for 512 RtcClk
pinctrl: amd: fix incorrect way to disable debounce filter
swiotlb: fix "x86: Don't panic if can not alloc buffer for swiotlb"
IPv6: Set SIT tunnel hard_header_len to zero
net/af_iucv: fix null pointer dereference on shutdown
net/x25: Fix null-ptr-deref in x25_connect
vrf: Fix fast path output packet handling with async Netfilter rules
r8169: fix potential skb double free in an error path
net: Update window_clamp if SOCK_RCVBUF is set
random32: make prandom_u32() output unpredictable
x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP
perf/core: Fix bad use of igrab()
perf/core: Fix crash when using HW tracing kernel filters
perf/core: Fix a memory leak in perf_event_parse_addr_filter()
xen/events: avoid removing an event channel while handling it
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a new "late EOI" evtchn framework
xen/blkback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/pciback: use lateeoi irq binding
xen/events: switch user event channels to lateeoi model
xen/events: use a common cpu hotplug hook for event channels
xen/events: defer eoi in case of excessive number of events
xen/events: block rogue events for some time
perf/core: Fix race in the perf_mmap_close() function
Revert "kernel/reboot.c: convert simple_strtoul to kstrtoint"
reboot: fix overflow parsing reboot cpu number
Convert trailing spaces and periods in path components
mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
Linux 4.14.207
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Id9671f12372dd8919395ce4f175ce1a5a06ef68f
|
||
Chen Zhou
|
531ef54548 |
selinux: Fix error return code in sel_ib_pkey_sid_slow()
commit c350f8bea271782e2733419bd2ab9bf4ec2051ef upstream. Fix to return a negative error code from the error handling case instead of 0 in function sel_ib_pkey_sid_slow(), as done elsewhere in this function. Cc: stable@vger.kernel.org Fixes: 409dcf31538a ("selinux: Add a cache for quicker retreival of PKey SIDs") Reported-by: Hulk Robot <hulkci@huawei.com> Signed-off-by: Chen Zhou <chenzhou10@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Preeti Nagar
|
df61ff22cb |
RTIC: Move selinux_state to a separate 4k
We need to relocate selinux_state to a separate 4k page to enable EL2 Hypervisor to monitor changes to this variable using ARM stage 2 MMU. We will avoid getting page faults from un-related data as the MMU granularity is configured to 4k. Change-Id: I67ed3d994d6df473ade968dca3f96a7aee3afa2d Signed-off-by: Preeti Nagar <pnagar@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
9ddf99d35b |
This is the 4.14.203 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl+aeFAACgkQONu9yGCS aT48Vg//agka9mY7HjeBPwfSnM9MIV1Dry4TtW36I458XcZqSWimBDOQkERZUcUN Raq9inKwLFDPRsczdSWTJUCPOlyc5Zlg/x9eQPsHW+g7/vlsZ6OTf0Yn+YhOyqmW jyCZiwSHYXck/v2Cm+79M8+HCp+vQZa7df90ZQvT+z7+2F3zjlskQy8nMve+usuT 0Ywso9KAgGcXHXYbRHSyQYgcrEuY/33zz6EQ1WJI9GL17eWbiojqiy9Fqa3CkC63 dQR/YnXGNCzYdFjv/3o3c1SkvLupdIdLT5fqwk7aCXzn4DJtZPd0z4wTf6tPWlXf hk3MGTshb0RIb6c2YITqYNT95rmtndIiLUJZJ3iFsnoxdKdOWgqnmfbzxssfeQ5m ayqN9CPzjVt0dME+NzOh25VoWTPI+lMepm3OCzSCLcP98Fa/c79TCTOykrm7O4ya dIotY1DUjFccjpWTzhM+8jWOERe9kPLVkErL4X4ljmwKnwkUBQpkZdp0SzNW8wW9 VJFmGkzpw4KjO/ZeRQLIhIm+ICjBmSiTjxwT/a176X8XR/N3BbwxwAFDI6LHOdQW Y3ZPlvXUHMP/Eulb3/MY3RkEZs7pb5x3K/1guFTJgADPRKffJN7F9qJjREMjlcPb FaE83qc+qlaQMjXcnPu74A15iCXQ5zoVt0IhSwTJkTz/299TKcU= =bfKF -----END PGP SIGNATURE----- Merge 4.14.203 into android-4.14-stable Changes in 4.14.203 ibmveth: Switch order of ibmveth_helper calls. ibmveth: Identify ingress large send packets. ipv4: Restore flowi4_oif update before call to xfrm_lookup_route mlx4: handle non-napi callers to napi_poll net: usb: qmi_wwan: add Cellient MPL200 card tipc: fix the skb_unshare() in tipc_buf_append() net/ipv4: always honour route mtu during forwarding r8169: fix data corruption issue on RTL8402 binder: fix UAF when releasing todo list ALSA: bebob: potential info leak in hwdep_read() net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup nfc: Ensure presence of NFC_ATTR_FIRMWARE_NAME attribute in nfc_genl_fw_download() tcp: fix to update snd_wl1 in bulk receiver fast path icmp: randomize the global rate limiter cifs: remove bogus debug code cifs: Return the error from crypt_message when enc/dec key not found. KVM: x86/mmu: Commit zap of remaining invalid pages when recovering lpages KVM: SVM: Initialize prev_ga_tag before use ima: Don't ignore errors from crypto_shash_update() crypto: algif_aead - Do not set MAY_BACKLOG on the async path EDAC/i5100: Fix error handling order in i5100_init_one() x86/fpu: Allow multiple bits in clearcpuid= parameter drivers/perf: xgene_pmu: Fix uninitialized resource struct crypto: algif_skcipher - EBUSY on aio should be an error crypto: mediatek - Fix wrong return value in mtk_desc_ring_alloc() crypto: ixp4xx - Fix the size used in a 'dma_free_coherent()' call media: tuner-simple: fix regression in simple_set_radio_freq media: Revert "media: exynos4-is: Add missed check for pinctrl_lookup_state()" media: m5mols: Check function pointer in m5mols_sensor_power media: uvcvideo: Set media controller entity functions media: omap3isp: Fix memleak in isp_probe crypto: omap-sham - fix digcnt register handling with export/import cypto: mediatek - fix leaks in mtk_desc_ring_alloc media: mx2_emmaprp: Fix memleak in emmaprp_probe media: tc358743: initialize variable media: platform: fcp: Fix a reference count leak. media: s5p-mfc: Fix a reference count leak media: ti-vpe: Fix a missing check and reference count leak regulator: resolve supply after creating regulator ath10k: provide survey info as accumulated data Bluetooth: hci_uart: Cancel init work before unregistering ath6kl: prevent potential array overflow in ath6kl_add_new_sta() ath9k: Fix potential out of bounds in ath9k_htc_txcompletion_cb() wcn36xx: Fix reported 802.11n rx_highest rate wcn3660/wcn3680 ASoC: qcom: lpass-platform: fix memory leak ASoC: qcom: lpass-cpu: fix concurrency issue brcmfmac: check ndev pointer mwifiex: Do not use GFP_KERNEL in atomic context drm/gma500: fix error check scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() backlight: sky81452-backlight: Fix refcount imbalance on error VMCI: check return value of get_user_pages_fast() for errors tty: serial: earlycon dependency tty: hvcs: Don't NULL tty->driver_data until hvcs_cleanup() pty: do tty_flip_buffer_push without port->lock in pty_write pwm: lpss: Fix off by one error in base_unit math in pwm_lpss_prepare() pwm: lpss: Add range limit check for the base_unit register value drivers/virt/fsl_hypervisor: Fix error handling path video: fbdev: vga16fb: fix setting of pixclock because a pass-by-value error video: fbdev: sis: fix null ptr dereference HID: roccat: add bounds checking in kone_sysfs_write_settings() pinctrl: mcp23s08: Fix mcp23x17_regmap initialiser pinctrl: mcp23s08: Fix mcp23x17 precious range ath6kl: wmi: prevent a shift wrapping bug in ath6kl_wmi_delete_pstream_cmd() misc: mic: scif: Fix error handling path ALSA: seq: oss: Avoid mutex lock for a long-time ioctl usb: dwc2: Fix parameter type in function pointer prototype quota: clear padding in v2r1_mem2diskdqb() HID: hid-input: fix stylus battery reporting qtnfmac: fix resource leaks on unsupported iftype error return path net: enic: Cure the enic api locking trainwreck mfd: sm501: Fix leaks in probe() iwlwifi: mvm: split a print to avoid a WARNING in ROC usb: gadget: f_ncm: fix ncm_bitrate for SuperSpeed and above. usb: gadget: u_ether: enable qmult on SuperSpeed Plus as well nl80211: fix non-split wiphy information usb: dwc2: Fix INTR OUT transfers in DDMA mode. scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() mwifiex: fix double free net: korina: fix kfree of rx/tx descriptor array mm/memcg: fix device private memcg accounting mm, oom_adj: don't loop through tasks in __set_oom_adj when not necessary IB/mlx4: Fix starvation in paravirt mux/demux IB/mlx4: Adjust delayed work when a dup is observed powerpc/pseries: Fix missing of_node_put() in rng_init() powerpc/icp-hv: Fix missing of_node_put() in success path mtd: lpddr: fix excessive stack usage with clang mtd: mtdoops: Don't write panic data twice ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT values arc: plat-hsdk: fix kconfig dependency warning when !RESET_CONTROLLER xfs: limit entries returned when counting fsmap records RDMA/qedr: Fix use of uninitialized field powerpc/tau: Use appropriate temperature sample interval powerpc/tau: Remove duplicated set_thresholds() call powerpc/tau: Disable TAU between measurements perf intel-pt: Fix "context_switch event has no tid" error RDMA/hns: Set the unsupported wr opcode kdb: Fix pager search for multi-line strings overflow: Include header file with SIZE_MAX declaration powerpc/perf: Exclude pmc5/6 from the irrelevant PMU group constraints powerpc/perf/hv-gpci: Fix starting index value cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_reboot_notifier IB/rdmavt: Fix sizeof mismatch f2fs: wait for sysfs kobject removal before freeing f2fs_sb_info lib/crc32.c: fix trivial typo in preprocessor condition ramfs: fix nommu mmap with gaps in the page cache rapidio: fix error handling path rapidio: fix the missed put_device() for rio_mport_add_riodev mailbox: avoid timer start from callback i2c: rcar: Auto select RESET_CONTROLLER PCI: iproc: Set affinity mask on MSI interrupts clk: at91: clk-main: update key before writing AT91_CKGR_MOR clk: bcm2835: add missing release if devm_clk_hw_register fails ext4: limit entries returned when counting fsmap records vfio/pci: Clear token on bypass registration failure vfio iommu type1: Fix memory leak in vfio_iommu_type1_pin_pages Input: imx6ul_tsc - clean up some errors in imx6ul_tsc_resume() Input: stmfts - fix a & vs && typo Input: ep93xx_keypad - fix handling of platform_get_irq() error Input: omap4-keypad - fix handling of platform_get_irq() error Input: twl4030_keypad - fix handling of platform_get_irq() error Input: sun4i-ps2 - fix handling of platform_get_irq() error KVM: x86: emulating RDPID failure shall return #UD rather than #GP memory: omap-gpmc: Fix a couple off by ones memory: fsl-corenet-cf: Fix handling of platform_get_irq() error arm64: dts: qcom: msm8916: Fix MDP/DSI interrupts ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers arm64: dts: zynqmp: Remove additional compatible string for i2c IPs powerpc/powernv/dump: Fix race while processing OPAL dump nvmet: fix uninitialized work for zero kato NTB: hw: amd: fix an issue about leak system resources perf: correct SNOOPX field offset i2c: core: Restore acpi_walk_dep_device_list() getting called after registering the ACPI i2c devs crypto: ccp - fix error handling media: firewire: fix memory leak media: ati_remote: sanity check for both endpoints media: st-delta: Fix reference count leak in delta_run_work media: sti: Fix reference count leaks media: exynos4-is: Fix several reference count leaks due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak due to pm_runtime_get_sync media: exynos4-is: Fix a reference count leak media: vsp1: Fix runtime PM imbalance on error media: platform: s3c-camif: Fix runtime PM imbalance on error media: platform: sti: hva: Fix runtime PM imbalance on error media: bdisp: Fix runtime PM imbalance on error media: media/pci: prevent memory leak in bttv_probe media: uvcvideo: Ensure all probed info is returned to v4l2 mmc: sdio: Check for CISTPL_VERS_1 buffer size media: saa7134: avoid a shift overflow fs: dlm: fix configfs memory leak media: venus: core: Fix runtime PM imbalance in venus_probe ntfs: add check for mft record size in superblock mac80211: handle lack of sband->bitrates in rates PM: hibernate: remove the bogus call to get_gendisk() in software_resume() scsi: mvumi: Fix error return in mvumi_io_attach() scsi: target: core: Add CONTROL field for trace events mic: vop: copy data to kernel space then write to io memory misc: vop: add round_up(x,4) for vring_size to avoid kernel panic usb: gadget: function: printer: fix use-after-free in __lock_acquire udf: Limit sparing table size udf: Avoid accessing uninitialized data on failed inode read USB: cdc-acm: handle broken union descriptors can: flexcan: flexcan_chip_stop(): add error handling and propagate error value ath9k: hif_usb: fix race condition between usb_get_urb() and usb_kill_anchored_urbs() misc: rtsx: Fix memory leak in rtsx_pci_probe reiserfs: only call unlock_new_inode() if I_NEW xfs: make sure the rt allocator doesn't run off the end usb: ohci: Default to per-port over-current protection Bluetooth: Only mark socket zapped after unlocking scsi: ibmvfc: Fix error return in ibmvfc_probe() brcmsmac: fix memory leak in wlc_phy_attach_lcnphy rtl8xxxu: prevent potential memory leak Fix use after free in get_capset_info callback. scsi: qedi: Protect active command list to avoid list corruption scsi: qedi: Fix list_del corruption while removing active I/O tty: ipwireless: fix error handling ipvs: Fix uninit-value in do_ip_vs_set_ctl() reiserfs: Fix memory leak in reiserfs_parse_options() mwifiex: don't call del_timer_sync() on uninitialized timer brcm80211: fix possible memleak in brcmf_proto_msgbuf_attach usb: core: Solve race condition in anchor cleanup functions scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() ath10k: check idx validity in __ath10k_htt_rx_ring_fill_n() net: korina: cast KSEG0 address to pointer in kfree tty: serial: fsl_lpuart: fix lpuart32_poll_get_char usb: cdc-acm: add quirk to blacklist ETAS ES58X devices USB: cdc-wdm: Make wdm_flush() interruptible and add wdm_fsync(). eeprom: at25: set minimum read/write access stride to 1 usb: gadget: f_ncm: allow using NCM in SuperSpeed Plus gadgets. powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler Linux 4.14.203 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia4c1c9fc1a8d03c662b37fbe1448b4fb1f88007a |
||
|
Roberto Sassu
|
d0f7036b12 |
ima: Don't ignore errors from crypto_shash_update()
commit 60386b854008adc951c470067f90a2d85b5d520f upstream. Errors returned by crypto_shash_update() are not checked in ima_calc_boot_aggregate_tfm() and thus can be overwritten at the next iteration of the loop. This patch adds a check after calling crypto_shash_update() and returns immediately if the result is not zero. Cc: stable@vger.kernel.org Fixes: 3323eec921efd ("integrity: IMA as an integrity service provider") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
c1013a481e |
This is the 4.14.200 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl91udkACgkQONu9yGCS aT5wdw//Wn7Nd1kcd1h2umXWcn2rjLbrflmFMtAY32YSDhT85EQaTQMckeLzVKSi KPIPdNbjKhOirlizM6+mBv3EKn3bNbdDFeq0qGy0WI7DAT2Amyn8JRi18GKgM1z/ BBzmOldG2oeFUlFes5ADdVm0b3p+iiQ5WqzIJvLkBeV1HrLAQ2/zAl6ixpUwP2wr sZymWkCXUUG2ZYn7ZxX6SXKvfvSv+GKUD0ImX82Q1DvAcQHSyiZ9/o9/pZbS4m1t innS1EXJEEZHd1x61EBu2WrQkNwXvlpTDZNa7at9Lc5Uys6NsgfUkx4+fTyqDT8h FfnxGaP9qHJRImVpxdBHsZGvUheDTVPPUk3eNNyeR1wmEz/OPCQmPIPIz0sw1TJt LL0d4XN1rLjRSUGv+q1+Y6nbc85eU7nyJG/qB35Fag4z27x3P7D/4queR1hAij37 xp6MesrmEHPA7I4xV9jTzCRvY+O5MAughhOJMzZrn2f95EpC3Mg48OHdYRtktc1b 4L9Vb/HeQ6s0hgVZhkdNfoBPsi797YNCd5WNccKpAdq17mG5s6+6qJxBgCqgHS/i 4gjeR2IgSOL0KW2eE7STn8fgyY86ZepNsONkX6I+7n1h0lC7gVH6VtW5fzyvg9Bw RLA5ulOqUc+f8Ll7MwzbRL3+wiNN4jkX5NHYpaQB2nWVEO9A+cs= =76oN -----END PGP SIGNATURE----- Merge 4.14.200 into android-4.14-stable Changes in 4.14.200 af_key: pfkey_dump needs parameter validation phy: qcom-qmp: Use correct values for ipq8074 PCIe Gen2 PHY init KVM: fix memory leak in kvm_io_bus_unregister_dev() kprobes: fix kill kprobe which has been marked as gone mm/thp: fix __split_huge_pmd_locked() for migration PMD RDMA/ucma: ucma_context reference leak in error path hdlc_ppp: add range checks in ppp_cp_parse_cr() ip: fix tos reflection in ack and reset packets net: ipv6: fix kconfig dependency warning for IPV6_SEG6_HMAC tipc: fix shutdown() of connection oriented socket tipc: use skb_unshare() instead in tipc_buf_append() bnxt_en: Protect bnxt_set_eee() and bnxt_set_pauseparam() with mutex. net: phy: Avoid NPD upon phy_detach() when driver is unbound net: add __must_check to skb_put_padto() ipv4: Update exception handling for multipath routes via same device geneve: add transport ports in route lookup for geneve serial: 8250: Avoid error message on reprobe mm: fix double page fault on arm64 if PTE_AF is cleared scsi: aacraid: fix illegal IO beyond last LBA m68k: q40: Fix info-leak in rtc_ioctl gma/gma500: fix a memory disclosure bug due to uninitialized bytes ASoC: kirkwood: fix IRQ error handling media: smiapp: Fix error handling at NVM reading arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache() cache writeback x86/ioapic: Unbreak check_timer() ALSA: usb-audio: Add delay quirk for H570e USB headsets ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out scsi: fnic: fix use after free clk/ti/adpll: allocate room for terminating null mtd: cfi_cmdset_0002: don't free cfi->cfiq in error path of cfi_amdstd_setup() mfd: mfd-core: Protect against NULL call-back function pointer tracing: Adding NULL checks for trace_array descriptor pointer bcache: fix a lost wake-up problem caused by mca_cannibalize_lock RDMA/i40iw: Fix potential use after free xfs: fix attr leaf header freemap.size underflow RDMA/iw_cgxb4: Fix an error handling path in 'c4iw_connect()' mmc: core: Fix size overflow for mmc partitions gfs2: clean up iopen glock mess in gfs2_create_inode debugfs: Fix !DEBUG_FS debugfs_create_automount CIFS: Properly process SMB3 lease breaks kernel/sys.c: avoid copying possible padding bytes in copy_to_user neigh_stat_seq_next() should increase position index rt_cpu_seq_next should increase position index seqlock: Require WRITE_ONCE surrounding raw_seqcount_barrier media: ti-vpe: cal: Restrict DMA to avoid memory corruption ACPI: EC: Reference count query handlers under lock dmaengine: zynqmp_dma: fix burst length configuration powerpc/eeh: Only dump stack once if an MMIO loop is detected tracing: Set kernel_stack's caller size properly ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter selftests/ftrace: fix glob selftest tools/power/x86/intel_pstate_tracer: changes for python 3 compatibility Bluetooth: Fix refcount use-after-free issue mm: pagewalk: fix termination condition in walk_pte_range() Bluetooth: prefetch channel before killing sock KVM: fix overflow of zero page refcount with ksm running ALSA: hda: Clear RIRB status before reading WP skbuff: fix a data race in skb_queue_len() audit: CONFIG_CHANGE don't log internal bookkeeping as an event selinux: sel_avc_get_stat_idx should increase position index scsi: lpfc: Fix RQ buffer leakage when no IOCBs available scsi: lpfc: Fix coverity errors in fmdi attribute handling drm/omap: fix possible object reference leak perf test: Fix test trace+probe_vfs_getname.sh on s390 RDMA/rxe: Fix configuration of atomic queue pair attributes KVM: x86: fix incorrect comparison in trace event media: staging/imx: Missing assignment in imx_media_capture_device_register() x86/pkeys: Add check for pkey "overflow" bpf: Remove recursion prevention from rcu free callback dmaengine: tegra-apb: Prevent race conditions on channel's freeing media: go7007: Fix URB type for interrupt handling Bluetooth: guard against controllers sending zero'd events timekeeping: Prevent 32bit truncation in scale64_check_overflow() ext4: fix a data race at inode->i_disksize mm: avoid data corruption on CoW fault into PFN-mapped VMA drm/amdgpu: increase atombios cmd timeout ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read scsi: aacraid: Disabling TM path and only processing IOP reset Bluetooth: L2CAP: handle l2cap config request during open state media: tda10071: fix unsigned sign extension overflow xfs: don't ever return a stale pointer from __xfs_dir3_free_read tpm: ibmvtpm: Wait for buffer to be set before proceeding rtc: ds1374: fix possible race condition tracing: Use address-of operator on section symbols serial: 8250_port: Don't service RX FIFO if throttled serial: 8250_omap: Fix sleeping function called from invalid context during probe serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout perf cpumap: Fix snprintf overflow check cpufreq: powernv: Fix frame-size-overflow in powernv_cpufreq_work_fn tools: gpio-hammer: Avoid potential overflow in main RDMA/rxe: Set sys_image_guid to be aligned with HW IB devices SUNRPC: Fix a potential buffer overflow in 'svc_print_xprts()' svcrdma: Fix leak of transport addresses ubifs: Fix out-of-bounds memory access caused by abnormal value of node_len ALSA: usb-audio: Fix case when USB MIDI interface has more than one extra endpoint descriptor NFS: Fix races nfs_page_group_destroy() vs nfs_destroy_unlinked_subrequests() mm/kmemleak.c: use address-of operator on section symbols mm/filemap.c: clear page error before actual read mm/vmscan.c: fix data races using kswapd_classzone_idx mm/mmap.c: initialize align_offset explicitly for vm_unmapped_area scsi: qedi: Fix termination timeouts in session logout serial: uartps: Wait for tx_empty in console setup KVM: Remove CREATE_IRQCHIP/SET_PIT2 race bdev: Reduce time holding bd_mutex in sync in blkdev_close() drivers: char: tlclk.c: Avoid data race between init and interrupt handler staging:r8188eu: avoid skb_clone for amsdu to msdu conversion sparc64: vcc: Fix error return code in vcc_probe() arm64: cpufeature: Relax checks for AArch32 support at EL[0-2] dt-bindings: sound: wm8994: Correct required supplies based on actual implementaion atm: fix a memory leak of vcc->user_back power: supply: max17040: Correct voltage reading phy: samsung: s5pv210-usb2: Add delay after reset Bluetooth: Handle Inquiry Cancel error after Inquiry Complete USB: EHCI: ehci-mv: fix error handling in mv_ehci_probe() tty: serial: samsung: Correct clock selection logic ALSA: hda: Fix potential race in unsol event handler powerpc/traps: Make unrecoverable NMIs die instead of panic fuse: don't check refcount after stealing page USB: EHCI: ehci-mv: fix less than zero comparison of an unsigned int arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register e1000: Do not perform reset in reset_task if we are already down drm/nouveau/debugfs: fix runtime pm imbalance on error printk: handle blank console arguments passed in. usb: dwc3: Increase timeout for CmdAct cleared by device controller btrfs: don't force read-only after error in drop snapshot vfio/pci: fix memory leaks of eventfd ctx perf util: Fix memory leak of prefix_if_not_in perf kcore_copy: Fix module map when there are no modules loaded mtd: rawnand: omap_elm: Fix runtime PM imbalance on error ceph: fix potential race in ceph_check_caps mm/swap_state: fix a data race in swapin_nr_pages rapidio: avoid data race between file operation callbacks and mport_cdev_add(). mtd: parser: cmdline: Support MTD names containing one or more colons x86/speculation/mds: Mark mds_user_clear_cpu_buffers() __always_inline vfio/pci: Clear error and request eventfd ctx after releasing cifs: Fix double add page to memcg when cifs_readpages scsi: libfc: Handling of extra kref scsi: libfc: Skip additional kref updating work event selftests/x86/syscall_nt: Clear weird flags after each test vfio/pci: fix racy on error and request eventfd ctx btrfs: qgroup: fix data leak caused by race between writeback and truncate s390/init: add missing __init annotations i2c: core: Call i2c_acpi_install_space_handler() before i2c_acpi_register_devices() objtool: Fix noreturn detection for ignored functions ieee802154: fix one possible memleak in ca8210_dev_com_init ieee802154/adf7242: check status of adf7242_read_reg clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() mwifiex: Increase AES key storage size to 256 bits batman-adv: bla: fix type misuse for backbone_gw hash indexing atm: eni: fix the missed pci_disable_device() for eni_init_one() batman-adv: mcast/TT: fix wrongly dropped or rerouted packets mac802154: tx: fix use-after-free drm/vc4/vc4_hdmi: fill ASoC card owner net: qed: RDMA personality shouldn't fail VF load batman-adv: Add missing include for in_interrupt() batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh ALSA: asihpi: fix iounmap in error handler MIPS: Add the missing 'CPU_1074K' into __get_cpu_type() s390/dasd: Fix zero write for FBA devices kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() mm, THP, swap: fix allocating cluster for swapfile by mistake lib/string.c: implement stpcpy ata: define AC_ERR_OK ata: make qc_prep return ata_completion_errors ata: sata_mv, avoid trigerrable BUG_ON Linux 4.14.200 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3d3049dca196c46cb6b2a66d60a5a6a3a099efbb |
||
Vasily Averin
|
dd79c17744 |
selinux: sel_avc_get_stat_idx should increase position index
[ Upstream commit 8d269a8e2a8f0bca89022f4ec98de460acb90365 ] If seq_file .next function does not change position index, read after some lseek can generate unexpected output. $ dd if=/sys/fs/selinux/avc/cache_stats # usual output lookups hits misses allocations reclaims frees 817223 810034 7189 7189 6992 7037 1934894 1926896 7998 7998 7632 7683 1322812 1317176 5636 5636 5456 5507 1560571 1551548 9023 9023 9056 9115 0+1 records in 0+1 records out 189 bytes copied, 5,1564e-05 s, 3,7 MB/s $# read after lseek to midle of last line $ dd if=/sys/fs/selinux/avc/cache_stats bs=180 skip=1 dd: /sys/fs/selinux/avc/cache_stats: cannot skip to specified offset 056 9115 <<<< end of last line 1560571 1551548 9023 9023 9056 9115 <<< whole last line once again 0+1 records in 0+1 records out 45 bytes copied, 8,7221e-05 s, 516 kB/s $# read after lseek beyond end of of file $ dd if=/sys/fs/selinux/avc/cache_stats bs=1000 skip=1 dd: /sys/fs/selinux/avc/cache_stats: cannot skip to specified offset 1560571 1551548 9023 9023 9056 9115 <<<< generates whole last line 0+1 records in 0+1 records out 36 bytes copied, 9,0934e-05 s, 396 kB/s https://bugzilla.kernel.org/show_bug.cgi?id=206283 Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Srinivasarao P
|
0190a01fb1 |
Merge android-4.14-stable.190 (d2d05bc) into msm-4.14
* refs/heads/tmp-d2d05bc:
Linux 4.14.190
ath9k: Fix regression with Atheros 9271
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
io-mapping: indicate mapping failure
mm/memcg: fix refcount error while moving and swapping
Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
vt: Reject zero-sized screen buffer size.
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
serial: 8250_mtk: Fix high-speed baud rates clamping
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: wlan-ng: properly check endpoint types
Revert "cifs: Fix the target file was deleted when rename failed."
usb: xhci: Fix ASM2142/ASM3142 DMA addressing
usb: xhci-mtk: fix the failure of bandwidth allocation
binder: Don't use mmput() from shrinker function.
x86: math-emu: Fix up 'cmp' insn for clang ias
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
dmaengine: ioat setting ioat timeout as module parameter
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
regmap: dev_get_regmap_match(): fix string comparison
spi: mediatek: use correct SPI_CFG2_REG MACRO
Input: add `SW_MACHINE_COVER`
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
HID: apple: Disable Fn-key key-re-mapping on clone keyboards
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
scripts/decode_stacktrace: strip basepath from all paths
serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
bonding: check return value of register_netdevice() in bond_newlink()
i2c: rcar: always clear ICSAR to avoid side effects
ipvs: fix the connection sync failed in some cases
mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
bonding: check error value of register_netdevice() immediately
net: smc91x: Fix possible memory leak in smc_drv_probe()
drm: sun4i: hdmi: Fix inverted HPD result
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
ax88172a: fix ax88172a_unbind() failures
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
bnxt_en: Fix race when modifying pause settings.
btrfs: fix page leaks after failure to lock page for delalloc
btrfs: fix mount failure caused by race with umount
btrfs: fix double free on ulist after backref resolution failure
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
IB/umem: fix reference count leak in ib_umem_odp_get()
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
irqdomain/treewide: Keep firmware node unconditionally allocated
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
net: sky2: initialize return of gm_phy_read
drivers/net/wan/lapbether: Fixed the value of hard_header_len
xtensa: update *pos in cpuinfo_op.next
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
scsi: scsi_transport_spi: Fix function pointer check
mac80211: allow rx of mesh eapol frames with default rx key
pinctrl: amd: fix npins for uart0 in kerncz_groups
gpio: arizona: put pm_runtime in case of failure
gpio: arizona: handle pm_runtime_get_sync failure case
ANDROID: Incremental fs: magic number compatible 32-bit
ANDROID: kbuild: don't merge .*..compoundliteral in modules
Revert "arm64/alternatives: use subsections for replacement sequences"
Linux 4.14.189
rxrpc: Fix trace string
libceph: don't omit recovery_deletes in target_copy()
x86/cpu: Move x86_cache_bits settings
sched/fair: handle case of task_h_load() returning 0
arm64: ptrace: Override SPSR.SS when single-stepping is enabled
thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
misc: atmel-ssc: lock with mutex instead of spinlock
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
intel_th: pci: Add Emmitsburg PCH support
intel_th: pci: Add Tiger Lake PCH-H support
intel_th: pci: Add Jasper Lake CPU support
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
timer: Fix wheel index calculation on last level
uio_pdrv_genirq: fix use without device tree and no interrupt
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
mei: bus: don't clean driver pointer
Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
USB: serial: option: add Quectel EG95 LTE modem
USB: serial: option: add GosunCn GM500 series
USB: serial: ch341: add new Product ID for CH340
USB: serial: cypress_m8: enable Simply Automated UPB PIM
USB: serial: iuu_phoenix: fix memory corruption
usb: gadget: function: fix missing spinlock in f_uac1_legacy
usb: chipidea: core: add wakeup support for extcon
usb: dwc2: Fix shutdown callback in platform
USB: c67x00: fix use after free in c67x00_giveback_urb
ALSA: usb-audio: Fix race against the error recovery URB submission
ALSA: line6: Perform sanity check for each URB creation
HID: magicmouse: do not set up autorepeat
mtd: rawnand: oxnas: Release all devices in the _remove() path
mtd: rawnand: oxnas: Unregister all devices on error
mtd: rawnand: oxnas: Keep track of registered devices
mtd: rawnand: brcmnand: fix CS0 layout
perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
copy_xstate_to_kernel: Fix typo which caused GDB regression
ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
Revert "thermal: mediatek: fix register index error"
staging: comedi: verify array index is correct before using it
usb: gadget: udc: atmel: fix uninitialized read in debug printk
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
arm64: dts: meson: add missing gxl rng clock
phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
iio:health:afe4404 Fix timestamp alignment and prevent data leak.
ACPI: video: Use native backlight on Acer TravelMate 5735Z
ACPI: video: Use native backlight on Acer Aspire 5783z
mmc: sdhci: do not enable card detect interrupt for gpio cd type
doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode
Revert "usb/xhci-plat: Set PM runtime as active on resume"
Revert "usb/ehci-platform: Set PM runtime as active on resume"
Revert "usb/ohci-platform: Fix a warning when hibernating"
of: of_mdio: Correct loop scanning logic
net: dsa: bcm_sf2: Fix node reference count
spi: fix initial SPI_SR value in spi-fsl-dspi
spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
iio:health:afe4403 Fix timestamp alignment and prevent data leak.
iio:pressure:ms5611 Fix buffer element alignment
iio: pressure: zpa2326: handle pm_runtime_get_sync failure
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
iio: magnetometer: ak8974: Fix runtime PM imbalance on error
iio:humidity:hdc100x Fix alignment and data leak issues
iio:magnetometer:ak8974: Fix alignment and data leak issues
arm64/alternatives: don't patch up internal branches
arm64: alternative: Use true and false for boolean values
i2c: eg20t: Load module automatically if ID matches
gfs2: read-only mounts should grab the sd_freeze_gl glock
tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
arm64/alternatives: use subsections for replacement sequences
drm/exynos: fix ref count leak in mic_pre_enable
cgroup: Fix sock_cgroup_data on big-endian.
cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
tcp: md5: do not send silly options in SYNCOOKIES
tcp: make sure listeners don't initialize congestion-control state
net_sched: fix a memory leak in atm_tc_init()
tcp: md5: allow changing MD5 keys in all socket states
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
llc: make sure applications use ARPHRD_ETHER
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
genetlink: remove genl_bind
s390/mm: fix huge pte soft dirty copying
ARC: elf: use right ELF_ARCH
ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
dm: use noio when sending kobject event
drm/radeon: fix double free
btrfs: fix fatal extent_buffer readahead vs releasepage race
Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
KVM: x86: Mark CR4.TSD as being possibly owned by the guest
KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
KVM: x86: bit 8 of non-leaf PDPEs is not reserved
KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART
KVM: arm64: Fix definition of PAGE_HYP_DEVICE
ALSA: usb-audio: add quirk for MacroSilicon MS2109
ALSA: hda - let hs_mic be picked ahead of hp_mic
ALSA: opl3: fix infoleak in opl3
mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
net: macb: mark device wake capable when "magic-packet" property present
bnxt_en: fix NULL dereference in case SR-IOV configuration fails
nbd: Fix memory leak in nbd_add_socket
arm64: kgdb: Fix single-step exception handling oops
ALSA: compress: fix partial_drain completion state
smsc95xx: avoid memory leak in smsc95xx_bind
smsc95xx: check return value of smsc95xx_reset
net: cxgb4: fix return error value in t4_prep_fw
x86/entry: Increase entry_stack size to a full page
nvme-rdma: assign completion vector correctly
scsi: mptscsih: Fix read sense data size
ARM: imx6: add missing put_device() call in imx6q_suspend_init()
cifs: update ctime and mtime during truncate
s390/kasan: fix early pgm check handler execution
ixgbe: protect ring accesses with READ- and WRITE_ONCE
spi: spidev: fix a potential use-after-free in spidev_release()
spi: spidev: fix a race between spidev_release and spidev_remove
gpu: host1x: Detach driver on unregister
ARM: dts: omap4-droid4: Fix spi configuration and increase rate
spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ
spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer
spi: spi-fsl-dspi: Adding shutdown hook
KVM: s390: reduce number of IO pins to 1
UPSTREAM: perf/core: Fix crash when using HW tracing kernel filters
ANDROID: fscrypt: fix DUN contiguity with inline encryption + IV_INO_LBLK_32 policies
ANDROID: f2fs: add back compress inode check
Linux 4.14.188
efi: Make it possible to disable efivar_ssdt entirely
dm zoned: assign max_io_len correctly
irqchip/gic: Atomically update affinity
MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
cifs: Fix the target file was deleted when rename failed.
SMB3: Honor persistent/resilient handle flags for multiuser mounts
SMB3: Honor 'seal' flag for multiuser mounts
Revert "ALSA: usb-audio: Improve frames size computation"
nfsd: apply umask on fs without ACL support
i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
virtio-blk: free vblk-vqs in error path of virtblk_probe()
drm: sun4i: hdmi: Remove extra HPD polling
hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add()
hwmon: (max6697) Make sure the OVERT mask is set correctly
cxgb4: parse TC-U32 key values and masks natively
cxgb4: use unaligned conversion for fetching timestamp
crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
kgdb: Avoid suspicious RCU usage warning
usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
mm/slub: fix stack overruns with SLUB_STATS
mm/slub.c: fix corrupted freechain in deactivate_slab()
usbnet: smsc95xx: Fix use-after-free after removal
EDAC/amd64: Read back the scrub rate PCI register on F15h
mm: fix swap cache node allocation mask
btrfs: fix data block group relocation failure due to concurrent scrub
btrfs: cow_file_range() num_bytes and disk_num_bytes are same
btrfs: fix a block group ref counter leak after failure to remove block group
UPSTREAM: binder: fix null deref of proc->context
ANDROID: GKI: scripts: Makefile: update the lz4 command (#2)
Linux 4.14.187
Revert "tty: hvc: Fix data abort due to race in hvc_open"
xfs: add agf freeblocks verify in xfs_agf_verify
NFSv4 fix CLOSE not waiting for direct IO compeletion
pNFS/flexfiles: Fix list corruption if the mirror count changes
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
sunrpc: fixed rollback in rpc_gssd_dummy_populate()
Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
drm/radeon: fix fb_div check in ni_init_smc_spll_table()
tracing: Fix event trigger to accept redundant spaces
arm64: perf: Report the PC value in REGS_ABI_32 mode
ocfs2: fix panic on nfs server over ocfs2
ocfs2: fix value of OCFS2_INVALID_SLOT
ocfs2: load global_inode_alloc
mm/slab: use memzero_explicit() in kzfree()
btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
KVM: nVMX: Plumb L2 GPA through to PML emulation
KVM: X86: Fix MSR range of APIC registers in X2APIC mode
ACPI: sysfs: Fix pm_profile_attr type
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
blktrace: break out of blktrace setup on concurrent calls
kbuild: improve cc-option to clean up all temporary files
s390/ptrace: fix setting syscall number
net: alx: fix race condition in alx_remove
ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function
sched/core: Fix PI boosting between RT and DEADLINE tasks
net: bcmgenet: use hardware padding of runt frames
netfilter: ipset: fix unaligned atomic access
usb: gadget: udc: Potential Oops in error handling code
ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
net: qed: fix excessive QM ILT lines consumption
net: qed: fix NVMe login fails over VFs
net: qed: fix left elements count calculation
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
ASoC: rockchip: Fix a reference count leak.
RDMA/cma: Protect bind_list and listen_list while finding matching cm id
rxrpc: Fix handling of rwind from an ACK packet
ARM: dts: NSP: Correct FA2 mailbox node
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
cifs/smb3: Fix data inconsistent when zero file range
cifs/smb3: Fix data inconsistent when punch hole
xhci: Poll for U0 after disabling USB2 LPM
ALSA: usb-audio: Fix OOB access of mixer element list
ALSA: usb-audio: Clean up mixer element list traverse
ALSA: usb-audio: uac1: Invalidate ctl on interrupt
loop: replace kill_bdev with invalidate_bdev
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
xhci: Fix enumeration issue when setting max packet size for FS devices.
xhci: Fix incorrect EP_STATE_MASK
ALSA: usb-audio: add quirk for Denon DCD-1500RE
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
usb: host: xhci-mtk: avoid runtime suspend when removing hcd
USB: ehci: reopen solution for Synopsys HC bug
usb: add USB_QUIRK_DELAY_INIT for Logitech C922
usb: dwc2: Postponed gadget registration to the udc class driver
USB: ohci-sm501: Add missed iounmap() in remove
net: core: reduce recursion limit value
net: Do not clear the sock TX queue in sk_set_socket()
net: Fix the arp error in some cases
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
ip_tunnel: fix use-after-free in ip_tunnel_lookup()
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
tcp: grow window for OOO packets only for SACK flows
sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
rxrpc: Fix notification call on completion of discarded calls
rocker: fix incorrect error handling in dma_rings_init
net: usb: ax88179_178a: fix packet alignment padding
net: fix memleak in register_netdevice()
net: bridge: enfore alignment for ethernet address
mld: fix memory leak in ipv6_mc_destroy_dev()
ibmveth: Fix max MTU limit
apparmor: don't try to replace stale label in ptraceme check
fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()"
net: sched: export __netdev_watchdog_up()
block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
net: be more gentle about silly gso requests coming from user
scsi: scsi_devinfo: handle non-terminated strings
ANDROID: Makefile: append BUILD_NUMBER to version string when defined
Linux 4.14.186
KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
kvm: x86: Fix reserved bits related calculation errors caused by MKTME
kvm: x86: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c
md: add feature flag MD_FEATURE_RAID0_LAYOUT
net: core: device_rename: Use rwsem instead of a seqcount
sched/rt, net: Use CONFIG_PREEMPTION.patch
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
e1000e: Do not wake up the system via WOL if device wakeup is disabled
kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
crypto: algboss - don't wait during notifier callback
crypto: algif_skcipher - Cap recv SG list at ctx->used
mtd: rawnand: tmio: Fix the probe error path
mtd: rawnand: mtk: Fix the probe error path
mtd: rawnand: plat_nand: Fix the probe error path
mtd: rawnand: socrates: Fix the probe error path
mtd: rawnand: oxnas: Fix the probe error path
mtd: rawnand: oxnas: Add of_node_put()
mtd: rawnand: orion: Fix the probe error path
mtd: rawnand: xway: Fix the probe error path
mtd: rawnand: sharpsl: Fix the probe error path
mtd: rawnand: diskonchip: Fix the probe error path
mtd: rawnand: Pass a nand_chip object to nand_release()
block: nr_sects_write(): Disable preemption on seqcount write
x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
drm/dp_mst: Increase ACT retry timeout to 3s
ext4: fix partial cluster initialization when splitting extent
selinux: fix double free
drm/qxl: Use correct notify port address when creating cursor ring
drm/dp_mst: Reformat drm_dp_check_act_status() a bit
drm: encoder_slave: fix refcouting error for modules
libata: Use per port sync for detach
arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
block: Fix use-after-free in blkdev_get()
bcache: fix potential deadlock problem in btree_gc_coalesce
perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events()
usb/ehci-platform: Set PM runtime as active on resume
usb/xhci-plat: Set PM runtime as active on resume
scsi: acornscsi: Fix an error handling path in acornscsi_probe()
drm/sun4i: hdmi ddc clk: Fix size of m divider
selftests/net: in timestamping, strncpy needs to preserve null byte
gfs2: fix use-after-free on transaction ail lists
blktrace: fix endianness for blk_log_remap()
blktrace: fix endianness in get_pdu_int()
blktrace: use errno instead of bi_status
selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
elfnote: mark all .note sections SHF_ALLOC
include/linux/bitops.h: avoid clang shift-count-overflow warnings
lib/zlib: remove outdated and incorrect pre-increment optimization
geneve: change from tx_error to tx_dropped on missing metadata
crypto: omap-sham - add proper load balancing support for multicore
pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'
pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
scsi: ufs: Don't update urgent bkops level when toggling auto bkops
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
gfs2: Allow lock_nolock mount to specify jid=X
openrisc: Fix issue with argument clobbering for clone/fork
vfio/mdev: Fix reference count leak in add_mdev_supported_type
ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
powerpc/4xx: Don't unmap NULL mbase
NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
scsi: ufs-qcom: Fix scheduling while atomic issue
clk: bcm2835: Fix return type of bcm2835_register_gate
x86/apic: Make TSC deadline timer detection message visible
usb: gadget: Fix issue with config_ep_by_speed function
usb: gadget: fix potential double-free in m66592_probe.
usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke
usb: dwc2: gadget: move gadget resume after the core is in L0 state
watchdog: da9062: No need to ping manually before setting timeout
IB/cma: Fix ports memory leak in cma_configfs
PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
powerpc/64s/pgtable: fix an undefined behaviour
clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
tty: n_gsm: Fix bogus i++ in gsm_data_kick
USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
usb/ohci-platform: Fix a warning when hibernating
vfio-pci: Mask cap zero
powerpc/ps3: Fix kexec shutdown hang
powerpc/pseries/ras: Fix FWNMI_VALID off by one
tty: n_gsm: Fix waking up upper tty layer when room available
tty: n_gsm: Fix SOF skipping
PCI: Fix pci_register_host_bridge() device_register() error handling
clk: ti: composite: fix memory leak
dlm: remove BUG() before panic()
scsi: mpt3sas: Fix double free warnings
power: supply: smb347-charger: IRQSTAT_D is volatile
power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()'
scsi: qla2xxx: Fix warning after FC target reset
PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
PCI: rcar: Fix incorrect programming of OB windows
drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish
serial: amba-pl011: Make sure we initialize the port.lock spinlock
i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
staging: sm750fb: add missing case while setting FB_VISUAL
thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR
tty: hvc: Fix data abort due to race in hvc_open
s390/qdio: put thinint indicator after early error
ALSA: usb-audio: Improve frames size computation
scsi: qedi: Do not flush offload work if ARP not resolved
staging: greybus: fix a missing-check bug in gb_lights_light_config()
scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
scsi: sr: Fix sr_probe() missing deallocate of device minor
apparmor: fix introspection of of task mode for unconfined tasks
mksysmap: Fix the mismatch of '.L' symbols in System.map
NTB: Fix the default port and peer numbers for legacy drivers
yam: fix possible memory leak in yam_init_driver
powerpc/crashkernel: Take "mem=" option into account
nfsd: Fix svc_xprt refcnt leak when setup callback client failed
powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run
clk: clk-flexgen: fix clock-critical handling
scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
mfd: wm8994: Fix driver operation if loaded as modules
m68k/PCI: Fix a memory leak in an error handling path
vfio/pci: fix memory leaks in alloc_perm_bits()
ps3disk: use the default segment boundary
PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register
dm mpath: switch paths in dm_blk_ioctl() code path
usblp: poison URBs upon disconnect
i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
f2fs: report delalloc reserve as non-free in statfs for project quota
iio: bmp280: fix compensation of humidity
scsi: qla2xxx: Fix issue with adapter's stopping state
ALSA: isa/wavefront: prevent out of bounds write in ioctl
scsi: qedi: Check for buffer overflow in qedi_set_path()
ARM: integrator: Add some Kconfig selections
ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
backlight: lp855x: Ensure regulators are disabled on probe failure
clk: qcom: msm8916: Fix the address location of pll->config_reg
remoteproc: Fix IDR initialisation in rproc_alloc()
iio: pressure: bmp280: Tolerate IRQ before registering
i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
clk: sunxi: Fix incorrect usage of round_down()
power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
s390: fix syscall_get_error for compat processes
ANDROID: ext4: Optimize match for casefolded encrypted dirs
ANDROID: ext4: Handle casefolding with encryption
ANDROID: cuttlefish_defconfig: x86: Enable KERNEL_LZ4
ANDROID: GKI: scripts: Makefile: update the lz4 command
FROMLIST: f2fs: fix use-after-free when accessing bio->bi_crypt_context
Linux 4.14.185
perf symbols: Fix debuginfo search for Ubuntu
perf probe: Fix to check blacklist address correctly
perf probe: Do not show the skipped events
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
mtd: rawnand: pasemi: Fix the probe error path
mtd: rawnand: brcmnand: fix hamming oob layout
sunrpc: clean up properly in gss_mech_unregister()
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
kbuild: force to build vmlinux if CONFIG_MODVERSION=y
powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
powerpc/64s: Don't let DT CPU features set FSCR_DSCR
drivers/macintosh: Fix memleak in windfarm_pm112 driver
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
kernel/cpu_pm: Fix uninitted local in cpu_pm
dm crypt: avoid truncating the logical block size
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
sparc32: fix register window handling in genregs32_[gs]et()
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
power: vexpress: add suppress_bind_attrs to true
igb: Report speed and duplex as unknown when device is runtime suspended
media: ov5640: fix use of destroyed mutex
b43_legacy: Fix connection problem with WPA3
b43: Fix connection problem with WPA3
b43legacy: Fix case where channel status is corrupted
media: go7007: fix a miss of snd_card_free
carl9170: remove P2P_GO support
e1000e: Relax condition to trigger reset for ME workaround
e1000e: Disable TSO for buffer overrun workaround
PCI: Program MPS for RCiEP devices
blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call
btrfs: fix wrong file range cleanup after an error filling dealloc range
btrfs: fix error handling when submitting direct I/O bio
PCI: Unify ACS quirk desired vs provided checking
PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
PCI: Generalize multi-function power dependency device links
vga_switcheroo: Use device link for HDA controller
vga_switcheroo: Deduplicate power state tracking
PCI: Make ACS quirk implementations more uniform
PCI: Add ACS quirk for Ampere root ports
PCI: Add ACS quirk for iProc PAXB
PCI: Avoid FLR for AMD Starship USB 3.0
PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
PCI: Disable MSI for Freescale Layerscape PCIe RC mode
ext4: fix race between ext4_sync_parent() and rename()
ext4: fix error pointer dereference
ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
ima: Directly assign the ima_default_policy pointer to ima_rules
ima: Fix ima digest hash table key calculation
mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
btrfs: send: emit file capabilities after chown
string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
cpuidle: Fix three reference count leaks
spi: dw: Return any value retrieved from the dma_transfer callback
mmc: sdhci-esdhc-imx: fix the mask for tuning start point
ixgbe: fix signed-integer-overflow warning
mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
PCI: Don't disable decoding when mmio_always_on is set
macvlan: Skip loopback packets in RX handler
m68k: mac: Don't call via_flush_cache() on Mac IIfx
x86/mm: Stop printing BRK addresses
mips: Add udelay lpj numbers adjustment
mips: MAAR: Use more precise address mask
x86/boot: Correct relocation destination on old linkers
mwifiex: Fix memory corruption in dump_station
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
md: don't flush workqueue unconditionally in md_open
net: qed*: Reduce RX and TX default ring count when running inside kdump kernel
wcn36xx: Fix error handling path in 'wcn36xx_probe()'
nvme: refine the Qemu Identify CNS quirk
kgdb: Fix spurious true from in_dbg_master()
mips: cm: Fix an invalid error code of INTVN_*_ERR
MIPS: Truncate link address into 32bit for 32bit kernel
Crypto/chcr: fix for ccm(aes) failed test
powerpc/spufs: fix copy_to_user while atomic
net: allwinner: Fix use correct return type for ndo_start_xmit()
media: cec: silence shift wrapping warning in __cec_s_log_addrs()
net: lpc-enet: fix error return code in lpc_mii_init()
exit: Move preemption fixup up, move blocking operations down
lib/mpi: Fix 64-bit MIPS build with Clang
net: bcmgenet: set Rx mode before starting netif
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
audit: fix a net reference leak in audit_list_rules_send()
MIPS: Make sparse_init() using top-down allocation
media: platform: fcp: Set appropriate DMA parameters
media: dvb: return -EREMOTEIO on i2c transfer failure.
audit: fix a net reference leak in audit_send_reply()
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
e1000: Distribute switch variables for initialization
tools api fs: Make xxx__mountpoint() more scalable
brcmfmac: fix wrong location to get firmware feature
staging: android: ion: use vmap instead of vm_map_ram
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
spi: dw: Fix Rx-only DMA transfers
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
clocksource: dw_apb_timer_of: Fix missing clockevent timers
clocksource: dw_apb_timer: Make CPU-affiliation being optional
spi: dw: Enable interrupts in accordance with DMA xfer mode
kgdb: Prevent infinite recursive entries to the debugger
Bluetooth: Add SCO fallback for invalid LMP parameters error
MIPS: Loongson: Build ATI Radeon GPU driver as module
ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
spi: dw: Zero DMA Tx and Rx configurations on stack
net: ena: fix error returning in ena_com_get_hash_function()
spi: pxa2xx: Apply CS clk quirk to BXT
objtool: Ignore empty alternatives
media: si2157: Better check for running tuner in init
crypto: ccp -- don't "select" CONFIG_DMADEVICES
drm: bridge: adv7511: Extend list of audio sample rates
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
xen/pvcalls-back: test for errors when calling backend_connect()
can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
agp/intel: Reinforce the barrier after GTT updates
perf: Add cond_resched() to task_function_call()
fat: don't allow to mount if the FAT length == 0
mm/slub: fix a memory leak in sysfs_slab_add()
Smack: slab-out-of-bounds in vsscanf
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
KVM: nSVM: leave ASID aside in copy_vmcb_control_area
KVM: nSVM: fix condition for filtering async PF
video: fbdev: w100fb: Fix a potential double free.
proc: Use new_inode not new_inode_pseudo
ovl: initialize error in ovl_copy_xattr
selftests/net: in rxtimestamp getopt_long needs terminating null entry
crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req()
crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
spi: bcm2835: Fix controller unregister order
spi: pxa2xx: Fix controller unregister order
spi: Fix controller unregister order
spi: No need to assign dummy value in spi_unregister_controller()
spi: dw: Fix controller unregister order
spi: dw: fix possible race condition
x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
x86/speculation: Add support for STIBP always-on preferred mode
x86/speculation: Change misspelled STIPB to STIBP
KVM: x86: only do L1TF workaround on affected processors
KVM: x86/mmu: Consolidate "is MMIO SPTE" code
kvm: x86: Fix L1TF mitigation for shadow MMU
ALSA: pcm: disallow linking stream to itself
crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated
spi: bcm-qspi: when tx/rx buffer is NULL set to 0
spi: bcm2835aux: Fix controller unregister order
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
ACPI: PM: Avoid using power resources if there are none for D0
ACPI: GED: add support for _Exx / _Lxx handler methods
ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
ALSA: usb-audio: Fix inconsistent card PM state after resume
ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
ALSA: es1688: Add the missed snd_card_free()
efi/efivars: Add missing kobject_put() in sysfs entry creation error path
x86/reboot/quirks: Add MacBook6,1 reboot quirk
x86/speculation: Prevent rogue cross-process SSBD shutdown
x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
x86_64: Fix jiffies ODR violation
mm: add kvfree_sensitive() for freeing sensitive data objects
perf probe: Accept the instance number of kretprobe event
ath9k_htc: Silence undersized packet warnings
powerpc/xive: Clear the page tables for the ESB IO mapping
drivers/net/ibmvnic: Update VNIC protocol version reporting
Input: synaptics - add a second working PNP_ID for Lenovo T470s
sched/fair: Don't NUMA balance for kthreads
ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
crypto: talitos - fix ECB and CBC algs ivsize
serial: imx: Fix handling of TC irq in combination with DMA
lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
arch/openrisc: Fix issues with access_ok()
Fix 'acccess_ok()' on alpha and SH
make 'user_access_begin()' do 'access_ok()'
vxlan: Avoid infinite loop when suppressing NS messages with invalid options
ipv6: fix IPV6_ADDRFORM operation logic
writeback: Drop I_DIRTY_TIME_EXPIRE
writeback: Fix sync livelock due to b_dirty_time processing
writeback: Avoid skipping inode writeback
writeback: Protect inode->i_io_list with inode->i_lock
Revert "writeback: Avoid skipping inode writeback"
ANDROID: Enable LZ4_RAMDISK
fscrypt: remove stale definition
fs-verity: remove unnecessary extern keywords
fs-verity: fix all kerneldoc warnings
fscrypt: add support for IV_INO_LBLK_32 policies
fscrypt: make test_dummy_encryption use v2 by default
fscrypt: support test_dummy_encryption=v2
fscrypt: add fscrypt_add_test_dummy_key()
linux/parser.h: add include guards
fscrypt: remove unnecessary extern keywords
fscrypt: name all function parameters
fscrypt: fix all kerneldoc warnings
ANDROID: kbuild: merge more sections with LTO
Linux 4.14.184
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
iio: vcnl4000: Fix i2c swapped word reading.
x86/speculation: Add Ivy Bridge to affected list
x86/speculation: Add SRBDS vulnerability and mitigation documentation
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
x86/cpu: Add 'table' argument to cpu_matches()
x86/cpu: Add a steppings field to struct x86_cpu_id
nvmem: qfprom: remove incorrect write support
CDC-ACM: heed quirk also in error handling
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
tty: hvc_console, fix crashes on parallel open/close
vt: keyboard: avoid signed integer overflow in k_ascii
usb: musb: Fix runtime PM imbalance on error
usb: musb: start session in resume for host port
USB: serial: option: add Telit LE910C1-EUX compositions
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
USB: serial: qcserial: add DW5816e QDL support
l2tp: add sk_family checks to l2tp_validate_socket
net: check untrusted gso_size at kernel entry
vsock: fix timeout in vsock_accept()
NFC: st21nfca: add missed kfree_skb() in an error path
net: usb: qmi_wwan: add Telit LE910C1-EUX composition
l2tp: do not use inet_hash()/inet_unhash()
devinet: fix memleak in inetdev_init()
airo: Fix read overflows sending packets
scsi: ufs: Release clock if DMA map fails
mmc: fix compilation of user API
kernel/relay.c: handle alloc_percpu returning NULL in relay_open
p54usb: add AirVasT USB stick device-id
HID: i2c-hid: add Schneider SCL142ALM to descriptor override
HID: sony: Fix for broken buttons on DS3 USB dongles
mm: Fix mremap not considering huge pmd devmap
net: smsc911x: Fix runtime PM imbalance on error
net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
net/ethernet/freescale: rework quiesce/activate for ucc_geth
net: bmac: Fix read of MAC address from ROM
x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
i2c: altera: Fix race between xfer_msg and isr thread
ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT
ARC: Fix ICCM & DCCM runtime size checks
pppoe: only process PADT targeted at local interfaces
s390/ftrace: save traced function caller
spi: dw: use "smp_mb()" to avoid sending spi data error
scsi: hisi_sas: Check sas_port before using it
libnvdimm: Fix endian conversion issues
scsi: scsi_devinfo: fixup string compare
ANDROID: Incremental fs: Remove dependency on PKCS7_MESSAGE_PARSER
f2fs: attach IO flags to the missing cases
f2fs: add node_io_flag for bio flags likewise data_io_flag
f2fs: remove unused parameter of f2fs_put_rpages_mapping()
f2fs: handle readonly filesystem in f2fs_ioc_shutdown()
f2fs: avoid utf8_strncasecmp() with unstable name
f2fs: don't return vmalloc() memory from f2fs_kmalloc()
ANDROID: dm-bow: Add block_size option
ANDROID: Incremental fs: Cache successful hash calculations
ANDROID: Incremental fs: Fix four error-path bugs
ANDROID: cuttlefish_defconfig: Disable CMOS RTC driver
f2fs: fix retry logic in f2fs_write_cache_pages()
ANDROID: modules: fix lockprove warning
BACKPORT: arm64: vdso: Explicitly add build-id option
BACKPORT: arm64: vdso: use $(LD) instead of $(CC) to link VDSO
Linux 4.14.183
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
genirq/generic_pending: Do not lose pending affinity update
net: hns: Fixes the missing put_device in positive leg for roce reset
net: hns: fix unsigned comparison to less than zero
KVM: VMX: check for existence of secondary exec controls before accessing
rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
sc16is7xx: move label 'err_spi' to correct section
mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
bonding: Fix reference count leak in bond_sysfs_slave_add.
qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
esp6: get the right proto for transport mode in esp6_gso_encap
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
netfilter: nfnetlink_cthelper: unbreak userspace helper support
netfilter: ipset: Fix subcounter update skip
netfilter: nft_reject_bridge: enable reject with bridge vlan
ip_vti: receive ipip packet by calling ip_tunnel_rcv
vti4: eliminated some duplicate code.
xfrm: fix error in comment
xfrm: fix a NULL-ptr deref in xfrm_local_error
xfrm: fix a warning in xfrm_policy_insert_list
xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
copy_xstate_to_kernel(): don't leave parts of destination uninitialized
x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
mac80211: mesh: fix discovery timer re-arming issue / crash
parisc: Fix kernel panic in mem_init()
iommu: Fix reference count leak in iommu_group_alloc.
include/asm-generic/topology.h: guard cpumask_of_node() macro argument
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
libceph: ignore pool overlay and cache logic on redirects
ALSA: hda/realtek - Add new codec supported for ALC287
exec: Always set cap_ambient in cap_bprm_set_creds
ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
ALSA: hwdep: fix a left shifting 1 by 31 UB bug
RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
mmc: block: Fix use-after-free issue for rpmb
ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
ARM: dts/imx6q-bx50v3: Set display interface clock parents
ARM: dts: imx6q-bx50v3: Add internal switch
IB/qib: Call kobject_put() when kobject_init_and_add() fails
gpio: exar: Fix bad handling for ida_simple_get error path
ARM: uaccess: fix DACR mismatch with nested exceptions
ARM: uaccess: integrate uaccess_save and uaccess_restore
ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
ARM: 8843/1: use unified assembler in headers
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
Input: synaptics-rmi4 - really fix attn_data use-after-free
Input: i8042 - add ThinkPad S230u to i8042 reset list
Input: dlink-dir685-touchkeys - fix a typo in driver name
Input: xpad - add custom init packet for Xbox One S controllers
Input: evdev - call input_flush_device() on release(), not flush()
Input: usbtouchscreen - add support for BonXeon TP
samples: bpf: Fix build error
cifs: Fix null pointer check in cifs_read
net: freescale: select CONFIG_FIXED_PHY where needed
usb: gadget: legacy: fix redundant initialization warnings
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
gfs2: move privileged user check to gfs2_quota_lock_check
net: microchip: encx24j600: add missed kthread_stop
gpio: tegra: mask GPIO IRQs during IRQ shutdown
ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
ARM: dts: rockchip: fix phy nodename for rk3228-evb
net/mlx4_core: fix a memory leak bug.
net: sun: fix missing release regions in cas_init_one().
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
net/mlx5e: Update netdev txq on completions during closure
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
r8152: support additional Microsoft Surface Ethernet Adapter variant
net sched: fix reporting the first-time use timestamp
net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
net/mlx5: Add command entry handling completion
net: ipip: fix wrong address family in init error path
ax25: fix setsockopt(SO_BINDTODEVICE)
ANDROID: scs: fix recursive spinlock in scs_check_usage
ANDROID: timer: fix timer_setup with CFI
FROMGIT: USB: dummy-hcd: use configurable endpoint naming scheme
UPSTREAM: USB: dummy-hcd: remove unsupported isochronous endpoints
UPSTREAM: usb: raw-gadget: fix null-ptr-deref when reenabling endpoints
UPSTREAM: usb: raw-gadget: documentation updates
UPSTREAM: usb: raw-gadget: support stalling/halting/wedging endpoints
UPSTREAM: usb: raw-gadget: fix gadget endpoint selection
UPSTREAM: usb: raw-gadget: improve uapi headers comments
UPSTREAM: usb: raw-gadget: fix return value of ep read ioctls
UPSTREAM: usb: raw-gadget: fix raw_event_queue_fetch locking
UPSTREAM: usb: raw-gadget: Fix copy_to/from_user() checks
f2fs: fix wrong discard space
f2fs: compress: don't compress any datas after cp stop
f2fs: remove unneeded return value of __insert_discard_tree()
f2fs: fix wrong value of tracepoint parameter
f2fs: protect new segment allocation in expand_inode_data
f2fs: code cleanup by removing ifdef macro surrounding
writeback: Avoid skipping inode writeback
ANDROID: net: bpf: permit redirect from ingress L3 to egress L2 devices at near max mtu
Revert "ANDROID: Incremental fs: Avoid continually recalculating hashes"
Linux 4.14.182
iio: adc: stm32-adc: fix device used to request dma
iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel()
x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
rxrpc: Fix a memory leak in rxkad_verify_response()
rapidio: fix an error in get_user_pages_fast() error handling
mei: release me_cl object reference
iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
iio: sca3000: Remove an erroneous 'get_device()'
staging: greybus: Fix uninitialized scalar variable
staging: iio: ad2s1210: Fix SPI reading
Revert "gfs2: Don't demote a glock until its revokes are written"
cxgb4/cxgb4vf: Fix mac_hlist initialization and free
cxgb4: free mac_hlist properly
media: fdp1: Fix R-Car M3-N naming in debug message
libnvdimm/btt: Fix LBA masking during 'free list' population
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
ubsan: build ubsan.c more conservatively
x86/uaccess, ubsan: Fix UBSAN vs. SMAP
powerpc/64s: Disable STRICT_KERNEL_RWX
powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
powerpc: restore alphabetic order in Kconfig
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
apparmor: Fix aa_label refcnt leak in policy_update
ALSA: pcm: fix incorrect hw_base increase
ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option
l2tp: initialise PPP sessions before registering them
l2tp: protect sock pointer of struct pppol2tp_session with RCU
l2tp: initialise l2tp_eth sessions before registering them
l2tp: don't register sessions in l2tp_session_create()
arm64: fix the flush_icache_range arguments in machine_kexec
padata: purge get_cpu and reorder_via_wq from padata_do_serial
padata: initialize pd->cpu with effective cpumask
padata: Replace delayed timer with immediate workqueue in padata_reorder
padata: set cpu_index of unused CPUs to -1
ARM: futex: Address build warning
platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
USB: core: Fix misleading driver bug report
ceph: fix double unlock in handle_cap_export()
gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
x86/apic: Move TSC deadline timer debug printk
scsi: ibmvscsi: Fix WARN_ON during event pool release
component: Silence bind error on -EPROBE_DEFER
vhost/vsock: fix packet delivery order to monitoring devices
configfs: fix config_item refcnt leak in configfs_rmdir()
scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
HID: multitouch: add eGalaxTouch P80H84 support
gcc-common.h: Update for GCC 10
ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'
iommu/amd: Fix over-read of ACPI UID from IVRS table
fix multiplication overflow in copy_fdtable()
ima: Fix return value of ima_write_policy()
evm: Check also if *tfm is an error pointer in init_desc()
ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
padata: ensure padata_do_serial() runs on the correct CPU
padata: ensure the reorder timer callback runs on the correct CPU
i2c: dev: Fix the race between the release of i2c_dev and cdev
watchdog: Fix the race between the release of watchdog_core_data and cdev
ext4: add cond_resched() to ext4_protect_reserved_inode
ANDROID: scsi: ufs: Handle clocks when lrbp fails
ANDROID: fscrypt: handle direct I/O with IV_INO_LBLK_32
BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_32 policies
f2fs: avoid inifinite loop to wait for flushing node pages at cp_error
ANDROID: namespace'ify tcp_default_init_rwnd implementation
Linux 4.14.181
Makefile: disallow data races on gcc-10 as well
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
ARM: dts: r8a7740: Add missing extal2 to CPG node
ARM: dts: r8a73a4: Add missing CMT1 interrupts
arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy
arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
usb: gadget: legacy: fix error return code in cdc_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
exec: Move would_dump into flush_old_exec
x86/unwind/orc: Fix error handling in __unwind_start()
usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
USB: gadget: fix illegal array access in binding with UDC
usb: host: xhci-plat: keep runtime active when removing host
usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
x86: Fix early boot crash on gcc-10, third try
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
ARM: dts: dra7: Fix bus_dma_limit for PCIe
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: rawmidi: Initialize allocated buffers
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
net: tcp: fix rx timestamp behavior for tcp_recvmsg
netprio_cgroup: Fix unlimited memory leak of v2 cgroups
net: ipv4: really enforce backoff for redirects
net: dsa: loop: Add module soft dependency
hinic: fix a bug of ndo_stop
Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
net: phy: fix aneg restart in phy_ethtool_set_eee
netlabel: cope with NULL catmap
net: fix a potential recursive NETDEV_FEAT_CHANGE
net: phy: micrel: Use strlcpy() for ethtool::get_strings
x86/asm: Add instruction suffixes to bitops
gcc-10: avoid shadowing standard library 'free()' in crypto
gcc-10: disable 'restrict' warning for now
gcc-10: disable 'stringop-overflow' warning for now
gcc-10: disable 'array-bounds' warning for now
gcc-10: disable 'zero-length-bounds' warning for now
Stop the ad-hoc games with -Wno-maybe-initialized
kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
gcc-10 warnings: fix low-hanging fruit
pnp: Use list_for_each_entry() instead of open coding
hwmon: (da9052) Synchronize access with mfd
IB/mlx4: Test return value of calls to ib_get_cached_pkey
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
i40iw: Fix error handling in i40iw_manage_arp_cache()
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
pinctrl: baytrail: Enable pin configuration setting for GPIO chip
ipmi: Fix NULL pointer dereference in ssif_probe
x86/entry/64: Fix unwind hints in register clearing code
ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ALSA: hda/hdmi: fix race in monitor detection during probe
cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
dmaengine: mmp_tdma: Reset channel error on release
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
scsi: sg: add sg_remove_request in sg_write
virtio-blk: handle block_device_operations callbacks after hot unplug
drop_monitor: work around gcc-10 stringop-overflow warning
net: moxa: Fix a potential double 'free_irq()'
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
shmem: fix possible deadlocks on shmlock_user_lock
net: stmmac: Use mutex instead of spinlock
f2fs: fix to avoid memory leakage in f2fs_listxattr
f2fs: fix to avoid accessing xattr across the boundary
f2fs: sanity check of xattr entry size
f2fs: introduce read_xattr_block
f2fs: introduce read_inline_xattr
blktrace: fix dereference after null check
blktrace: Protect q->blk_trace with RCU
blktrace: fix trace mutex deadlock
blktrace: fix unlocked access to init/start-stop/teardown
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
net: ipv6: add net argument to ip6_dst_lookup_flow
scripts/decodecode: fix trapping instruction formatting
objtool: Fix stack offset tracking for indirect CFAs
netfilter: nat: never update the UDP checksum when it's 0
x86/unwind/orc: Fix error path for bad ORC entry type
x86/unwind/orc: Prevent unwinding before ORC initialization
x86/unwind/orc: Don't skip the first frame for inactive tasks
x86/entry/64: Fix unwind hints in rewind_stack_do_exit()
x86/entry/64: Fix unwind hints in kernel exit path
batman-adv: Fix refcnt leak in batadv_v_ogm_process
batman-adv: Fix refcnt leak in batadv_store_throughput_override
batman-adv: Fix refcnt leak in batadv_show_throughput_override
batman-adv: fix batadv_nc_random_weight_tq
coredump: fix crash when umh is disabled
mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER
tracing: Add a vmalloc_sync_mappings() for safe measure
USB: serial: garmin_gps: add sanity checking for data length
USB: uas: add quirk for LaCie 2Big Quadra
HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6
HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices
ipv6: fix cleanup ordering for ip6_mr failure
net: stricter validation of untrusted gso packets
bnxt_en: Fix VF anti-spoof filter setup.
bnxt_en: Improve AER slot reset.
net/mlx5: Fix command entry leak in Internal Error State
net/mlx5: Fix forced completion access non initialized command entry
bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
sch_sfq: validate silly quantum values
sch_choke: avoid potential panic in choke_reset()
net: usb: qmi_wwan: add support for DW5816e
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
net: macsec: preserve ingress frame ordering
fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
dp83640: reverse arguments to list_add_tail
USB: serial: qcserial: Add DW5816e support
f2fs: compress: fix zstd data corruption
f2fs: add compressed/gc data read IO stat
f2fs: fix potential use-after-free issue
f2fs: compress: don't handle non-compressed data in workqueue
f2fs: remove redundant assignment to variable err
f2fs: refactor resize_fs to avoid meta updates in progress
f2fs: use round_up to enhance calculation
f2fs: introduce F2FS_IOC_RESERVE_COMPRESS_BLOCKS
f2fs: Avoid double lock for cp_rwsem during checkpoint
f2fs: report delalloc reserve as non-free in statfs for project quota
f2fs: Fix wrong stub helper update_sit_info
f2fs: compress: let lz4 compressor handle output buffer budget properly
f2fs: remove blk_plugging in block_operations
f2fs: introduce F2FS_IOC_RELEASE_COMPRESS_BLOCKS
f2fs: shrink spinlock coverage
f2fs: correctly fix the parent inode number during fsync()
f2fs: introduce mempool for {,de}compress intermediate page allocation
f2fs: introduce f2fs_bmap_compress()
f2fs: support fiemap on compressed inode
f2fs: support partial truncation on compressed inode
f2fs: remove redundant compress inode check
f2fs: flush dirty meta pages when flushing them
f2fs: use strcmp() in parse_options()
f2fs: fix checkpoint=disable:%u%%
f2fs: Use the correct style for SPDX License Identifier
f2fs: rework filename handling
f2fs: split f2fs_d_compare() from f2fs_match_name()
f2fs: don't leak filename in f2fs_try_convert_inline_dir()
ANDROID: clang: update to 11.0.1
FROMLIST: x86_64: fix jiffies ODR violation
ANDROID: cuttlefish_defconfig: Enable net testing options
ANDROID: Incremental fs: wake up log pollers less often
ANDROID: Incremental fs: Fix scheduling while atomic error
ANDROID: Incremental fs: Avoid continually recalculating hashes
Revert "f2fs: refactor resize_fs to avoid meta updates in progress"
UPSTREAM: HID: steam: Fix input device disappearing
ANDROID: fscrypt: set dun_bytes more precisely
ANDROID: dm-default-key: set dun_bytes more precisely
ANDROID: block: backport the ability to specify max_dun_bytes
ANDROID: hid: steam: remove BT controller matching
ANDROID: dm-default-key: Update key size for wrapped keys
ANDROID: cuttlefish_defconfig: Enable CONFIG_STATIC_USERMODEHELPER
ANDROID: cuttlefish_defconfig: enable CONFIG_MMC_CRYPTO
ANDROID: Add padding for crypto related structs in UFS and MMC
ANDROID: mmc: MMC crypto API
f2fs: fix missing check for f2fs_unlock_op
f2fs: refactor resize_fs to avoid meta updates in progress
Conflicts:
Documentation/devicetree/bindings/usb/dwc3.txt
drivers/block/virtio_blk.c
drivers/mmc/core/Kconfig
drivers/mmc/core/block.c
drivers/mmc/host/sdhci-msm.c
drivers/net/ethernet/stmicro/stmmac/stmmac.h
drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
drivers/scsi/ufs/ufs-qcom.c
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/f_uac1_legacy.c
fs/crypto/crypto.c
fs/crypto/inline_crypt.c
fs/crypto/keyring.c
fs/f2fs/checkpoint.c
include/linux/fs.h
include/linux/mmc/host.h
include/linux/mod_devicetable.h
include/uapi/linux/input-event-codes.h
net/qrtr/qrtr.c
sound/core/compress_offload.c
sound/core/rawmidi.c
Fixed build errors:
drivers/scsi/ufs/ufshcd.c
Change-Id: I2add911b58d3c87b666ffa0fe46cbceb6cc56430
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
glider@google.com
|
a7eda6eddc |
BACKPORT: security: allow using Clang's zero initialization for stack variables
Upstream commit f0fe00d4972a8cd4b98cc2c29758615e4d51cdfe. In addition to -ftrivial-auto-var-init=pattern (used by CONFIG_INIT_STACK_ALL now) Clang also supports zero initialization for locals enabled by -ftrivial-auto-var-init=zero. The future of this flag is still being debated (see https://bugs.llvm.org/show_bug.cgi?id=45497). Right now it is guarded by another flag, -enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang, which means it may not be supported by future Clang releases. Another possible resolution is that -ftrivial-auto-var-init=zero will persist (as certain users have already started depending on it), but the name of the guard flag will change. In the meantime, zero initialization has proven itself as a good production mitigation measure against uninitialized locals. Unlike pattern initialization, which has a higher chance of triggering existing bugs, zero initialization provides safe defaults for strings, pointers, indexes, and sizes. On the other hand, pattern initialization remains safer for return values. Chrome OS and Android are moving to using zero initialization for production builds. Performance-wise, the difference between pattern and zero initialization is usually negligible, although the generated code for zero initialization is more compact. This patch renames CONFIG_INIT_STACK_ALL to CONFIG_INIT_STACK_ALL_PATTERN and introduces another config option, CONFIG_INIT_STACK_ALL_ZERO, that enables zero initialization for locals if the corresponding flags are supported by Clang. Cc: Kees Cook <keescook@chromium.org> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Alexander Potapenko <glider@google.com> Link: https://lore.kernel.org/r/20200616083435.223038-1-glider@google.com Reviewed-by: Maciej Żenczykowski <maze@google.com> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Alexander Potapenko <glider@google.com> Change-Id: I2c76341a2b5f207b0b751293f2022b5ef99dbc45 |
||
|
Greg Kroah-Hartman
|
831ff8141a |
This is the 4.14.194 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl8/fGUACgkQONu9yGCS
aT6uOw/9FQWbkHtxIdpow4KEtTtoiQ0LfJzPcjLpl2rf/qb2H8EVVaoZXW4BN0ik
SHm+d1MWB5/TrcG7XdeBQ6hs79RiER+hPoW7P+uA8eE6/+dwLwFoMnl0nWoAJFLl
2JsIkavQct0qGNBvb20tPW09J3ta+yS8EvsQRrusHvxh0gyc9wyRPkCdxa7VDQg6
e+iDkqCHKhhhd7aqXnIWKyqoafhBe8RgUem1Bqgkw/fetPnqGlM3wbyvQtOD63W2
KQg/3TZK6Ah3hMHmogdbG0NKZDDsQowWDjjHMhtHv7GnPckNQEasZC8nQT1nvGfo
Xyx7l/VfoeDCy6tp/4oMGkHFROhDPO7iYU3mtMWrqNP4yVDa1ZQk3SzlraDxbBYI
LVaTdyljfp3ztmOPl7bhB3NRnbz+io1UJtxBUop07hYUaXISPAAPyTO3p4PpyE2r
ei54eANq0CBcZ6ECTsCeu1igtXtWsfCwZ4CE/MG3ztCUYJT7hxl+2TSQRD0JdDQX
OjvGlaM5XFePkrA2vopDS9kyDqWNjddoGqCnie5zMJfV0nrC5PDWqBodKrcEBcTQ
RCd/BY3RkhUKH4qxVX7qOZNe1n1caQVqoV3BdnmVJeAEecx2xlzh2z5b9pqt/gyV
qAE994ZBHFfnFo8TxG1Dj6gZSu1/ZMJAaAksifomcAneOiq2YS8=
=rG0K
-----END PGP SIGNATURE-----
Merge 4.14.194 into android-4.14-stable
Changes in 4.14.194
USB: serial: qcserial: add EM7305 QDL product ID
net/mlx5e: Don't support phys switch id if not in switchdev mode
USB: iowarrior: fix up report size handling for some devices
usb: xhci: define IDs for various ASMedia host controllers
usb: xhci: Fix ASMedia ASM1142 DMA addressing
ALSA: seq: oss: Serialize ioctls
staging: android: ashmem: Fix lockdep warning for write operation
Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt()
Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt()
omapfb: dss: Fix max fclk divider for omap36xx
binder: Prevent context manager from incrementing ref 0
vgacon: Fix for missing check in scrollback handling
mtd: properly check all write ioctls for permissions
leds: wm831x-status: fix use-after-free on unbind
leds: da903x: fix use-after-free on unbind
leds: lm3533: fix use-after-free on unbind
leds: 88pm860x: fix use-after-free on unbind
net/9p: validate fds in p9_fd_open
drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason
drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure
i2c: slave: improve sanity check when registering
i2c: slave: add sanity check when unregistering
cfg80211: check vendor command doit pointer before use
igb: reinit_locked() should be called with rtnl_lock
atm: fix atm_dev refcnt leaks in atmtcp_remove_persistent
tools lib traceevent: Fix memory leak in process_dynamic_array_len
Drivers: hv: vmbus: Ignore CHANNELMSG_TL_CONNECT_RESULT(23)
xattr: break delegations in {set,remove}xattr
ipv4: Silence suspicious RCU usage warning
ipv6: fix memory leaks on IPV6_ADDRFORM path
net: ethernet: mtk_eth_soc: fix MTU warnings
vxlan: Ensure FDB dump is performed under RCU
net: lan78xx: replace bogus endpoint lookup
hv_netvsc: do not use VF device if link is down
net: gre: recompute gre csum for sctp over gre tunnels
openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
Revert "vxlan: fix tos value before xmit"
selftests/net: relax cpu affinity requirement in msg_zerocopy test
usb: hso: check for return value in hso_serial_common_create()
rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
Smack: fix use-after-free in smk_write_relabel_self()
tracepoint: Mark __tracepoint_string's __used
HID: input: Fix devices that return multiple bytes in battery report
cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()
x86/mce/inject: Fix a wrong assignment of i_mce.status
sched: correct SD_flags returned by tl->sd_flags()
arm64: dts: rockchip: fix rk3399-puma vcc5v0-host gpio
arm64: dts: rockchip: fix rk3399-puma gmac reset gpio
EDAC: Fix reference count leaks
arm64: dts: qcom: msm8916: Replace invalid bias-pull-none property
arm64: dts: exynos: Fix silent hang after boot on Espresso
m68k: mac: Don't send IOP message until channel is idle
m68k: mac: Fix IOP status/control register writes
platform/x86: intel-hid: Fix return value check in check_acpi_dev()
platform/x86: intel-vbtn: Fix return value check in check_acpi_dev()
ARM: at91: pm: add missing put_device() call in at91_pm_sram_init()
spi: lantiq: fix: Rx overflow error in full duplex mode
ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh()
drm/tilcdc: fix leak & null ref in panel_connector_get_modes
Bluetooth: add a mutex lock to avoid UAF in do_enale_set
fs/btrfs: Add cond_resched() for try_release_extent_mapping() stalls
drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync
video: fbdev: neofb: fix memory leak in neo_scan_monitor()
md-cluster: fix wild pointer of unlock_all_bitmaps()
arm64: dts: hisilicon: hikey: fixes to comply with adi, adv7533 DT binding
drm/nouveau: fix multiple instances of reference count leaks
drm/debugfs: fix plain echo to connector "force" attribute
irqchip/irq-mtk-sysirq: Replace spinlock with raw_spinlock
mm/mmap.c: Add cond_resched() for exit_mmap() CPU stalls
brcmfmac: To fix Bss Info flag definition Bug
brcmfmac: set state of hanger slot to FREE when flushing PSQ
iwlegacy: Check the return value of pcie_capability_read_*()
gpu: host1x: debug: Fix multiple channels emitting messages simultaneously
usb: gadget: net2280: fix memory leak on probe error handling paths
bdc: Fix bug causing crash after multiple disconnects
usb: bdc: Halt controller on suspend
dyndbg: fix a BUG_ON in ddebug_describe_flags
bcache: fix super block seq numbers comparision in register_cache_set()
ACPICA: Do not increment operation_region reference counts for field units
agp/intel: Fix a memory leak on module initialisation failure
video: fbdev: sm712fb: fix an issue about iounmap for a wrong address
console: newport_con: fix an issue about leak related system resources
video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call
iio: improve IIO_CONCENTRATION channel type description
drm/arm: fix unintentional integer overflow on left shift
leds: lm355x: avoid enum conversion warning
media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities()
ASoC: Intel: bxt_rt298: add missing .owner field
scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline
cxl: Fix kobject memleak
drm/radeon: fix array out-of-bounds read and write issues
scsi: powertec: Fix different dev_id between request_irq() and free_irq()
scsi: eesox: Fix different dev_id between request_irq() and free_irq()
ipvs: allow connection reuse for unconfirmed conntrack
media: firewire: Using uninitialized values in node_probe()
media: exynos4-is: Add missed check for pinctrl_lookup_state()
xfs: fix reflink quota reservation accounting error
PCI: Fix pci_cfg_wait queue locking problem
leds: core: Flush scheduled work for system suspend
drm: panel: simple: Fix bpc for LG LB070WV8 panel
drm/bridge: sil_sii8620: initialize return of sii8620_readb
scsi: scsi_debug: Add check for sdebug_max_queue during module init
mwifiex: Prevent memory corruption handling keys
powerpc/vdso: Fix vdso cpu truncation
staging: rtl8192u: fix a dubious looking mask before a shift
PCI/ASPM: Add missing newline in sysfs 'policy'
drm/imx: tve: fix regulator_disable error path
USB: serial: iuu_phoenix: fix led-activity helpers
thermal: ti-soc-thermal: Fix reversed condition in ti_thermal_expose_sensor()
coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb()
MIPS: OCTEON: add missing put_device() call in dwc3_octeon_device_init()
usb: dwc2: Fix error path in gadget registration
scsi: mesh: Fix panic after host or bus reset
net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration
Smack: fix another vsscanf out of bounds
Smack: prevent underflow in smk_set_cipso()
power: supply: check if calc_soc succeeded in pm860x_init_battery
Bluetooth: hci_serdev: Only unregister device if it was registered
selftests/powerpc: Fix CPU affinity for child process
PCI: Release IVRS table in AMD ACS quirk
selftests/powerpc: Fix online CPU selection
s390/qeth: don't process empty bridge port events
wl1251: fix always return 0 error
tools, build: Propagate build failures from tools/build/Makefile.build
net: ethernet: aquantia: Fix wrong return value
liquidio: Fix wrong return value in cn23xx_get_pf_num()
net: spider_net: Fix the size used in a 'dma_free_coherent()' call
fsl/fman: use 32-bit unsigned integer
fsl/fman: fix dereference null return value
fsl/fman: fix unreachable code
fsl/fman: check dereferencing null pointer
fsl/fman: fix eth hash table allocation
dlm: Fix kobject memleak
pinctrl-single: fix pcs_parse_pinconf() return value
x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task
crypto: aesni - add compatibility with IAS
af_packet: TPACKET_V3: fix fill status rwlock imbalance
drivers/net/wan/lapbether: Added needed_headroom and a skb->len check
net/nfc/rawsock.c: add CAP_NET_RAW check.
net: refactor bind_bucket fastreuse into helper
net: Set fput_needed iff FDPUT_FPUT is set
USB: serial: cp210x: re-enable auto-RTS on open
USB: serial: cp210x: enable usb generic throttle/unthrottle
ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support
ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109
ALSA: usb-audio: add quirk for Pioneer DDJ-RB
crypto: qat - fix double free in qat_uclo_create_batch_init_list
crypto: ccp - Fix use of merged scatterlists
crypto: cpt - don't sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified
bitfield.h: don't compile-time validate _val in FIELD_FIT
fs/minix: check return value of sb_getblk()
fs/minix: don't allow getting deleted inodes
fs/minix: reject too-large maximum file size
ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109
9p: Fix memory leak in v9fs_mount
spi: spidev: Align buffers for DMA
mtd: rawnand: qcom: avoid write to unavailable register
parisc: Implement __smp_store_release and __smp_load_acquire barriers
parisc: mask out enable and reserved bits from sba imask
ARM: 8992/1: Fix unwind_frame for clang-built kernels
irqdomain/treewide: Free firmware node after domain removal
xen/balloon: fix accounting in alloc_xenballooned_pages error path
xen/balloon: make the balloon wait interruptible
net: initialize fastreuse on inet_inherit_port
smb3: warn on confusing error scenario with sec=krb5
PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context()
btrfs: don't allocate anonymous block device for user invisible roots
btrfs: only search for left_info if there is no right_info in try_merge_free_space
btrfs: fix memory leaks after failure to lookup checksums during inode logging
dt-bindings: iio: io-channel-mux: Fix compatible string in example code
iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
xtensa: fix xtensa_pmu_setup prototype
powerpc: Fix circular dependency between percpu.h and mmu.h
net: ethernet: stmmac: Disable hardware multicast filter
net: stmmac: dwmac1000: provide multicast filter fallback
net/compat: Add missing sock updates for SCM_RIGHTS
md/raid5: Fix Force reconstruct-write io stuck in degraded raid5
bcache: allocate meta data pages as compound pages
mac80211: fix misplaced while instead of if
MIPS: CPU#0 is not hotpluggable
ext2: fix missing percpu_counter_inc
ocfs2: change slot number type s16 to u16
ftrace: Setup correct FTRACE_FL_REGS flags for module
kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
tracing/hwlat: Honor the tracing_cpumask
tracing: Use trace_sched_process_free() instead of exit() for pid tracing
watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options
watchdog: f71808e_wdt: remove use of wrong watchdog_info option
watchdog: f71808e_wdt: clear watchdog timeout occurred flag
pseries: Fix 64 bit logical memory block panic
perf intel-pt: Fix FUP packet state
drm/imx: imx-ldb: Disable both channels for split mode in enc->disable()
mfd: arizona: Ensure 32k clock is put on driver unbind and error
RDMA/ipoib: Return void from ipoib_ib_dev_stop()
USB: serial: ftdi_sio: make process-packet buffer unsigned
USB: serial: ftdi_sio: clean up receive processing
gpu: ipu-v3: image-convert: Combine rotate/no-rotate irq handlers
dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue()
iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
iommu/vt-d: Enforce PASID devTLB field mask
i2c: rcar: slave: only send STOP event when we have been addressed
clk: clk-atlas6: fix return value check in atlas6_clk_init()
pwm: bcm-iproc: handle clk_get_rate() return
tools build feature: Use CC and CXX from parent
i2c: rcar: avoid race when unregistering slave
Input: sentelic - fix error return when fsp_reg_write fails
drm/vmwgfx: Use correct vmw_legacy_display_unit pointer
drm/vmwgfx: Fix two list_for_each loop exit tests
net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init
nfs: Fix getxattr kernel panic and memory overflow
fs/ufs: avoid potential u32 multiplication overflow
test_kmod: avoid potential double free in trigger_config_run_type()
mfd: dln2: Run event handler loop under spinlock
ALSA: echoaudio: Fix potential Oops in snd_echo_resume()
perf bench mem: Always memset source before memcpy
tools build feature: Quote CC and CXX for their arguments
sh: landisk: Add missing initialization of sh_io_port_base
khugepaged: retract_page_tables() remember to test exit
genirq/affinity: Handle affinity setting on inactive interrupts correctly
genirq/affinity: Make affinity setting if activated opt-in
dm cache: pass cache structure to mode functions
dm cache: submit writethrough writes in parallel to origin and cache
dm cache: remove all obsolete writethrough-specific code
Linux 4.14.194
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0a759b837bffc0f5af5fe1b6a38ccdd465e41e6e
|
||
Dan Carpenter
|
75f8b5a67b |
Smack: prevent underflow in smk_set_cipso()
[ Upstream commit 42a2df3e829f3c5562090391b33714b2e2e5ad4a ]
We have an upper bound on "maplevel" but forgot to check for negative
values.
Fixes: e114e473771c ("Smack: Simplified Mandatory Access Control Kernel")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Dan Carpenter
|
12917b448a |
Smack: fix another vsscanf out of bounds
[ Upstream commit a6bd4f6d9b07452b0b19842044a6c3ea384b0b88 ]
This is similar to commit 84e99e58e8d1 ("Smack: slab-out-of-bounds in
vsscanf") where we added a bounds check on "rule".
Reported-by: syzbot+a22c6092d003d6fe1122@syzkaller.appspotmail.com
Fixes: f7112e6c9abf ("Smack: allow for significantly longer Smack labels v4")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Eric Biggers
|
a963ddc8ff |
Smack: fix use-after-free in smk_write_relabel_self()
commit beb4ee6770a89646659e6a2178538d2b13e2654e upstream.
smk_write_relabel_self() frees memory from the task's credentials with
no locking, which can easily cause a use-after-free because multiple
tasks can share the same credentials structure.
Fix this by using prepare_creds() and commit_creds() to correctly modify
the task's credentials.
Reproducer for "BUG: KASAN: use-after-free in smk_write_relabel_self":
#include <fcntl.h>
#include <pthread.h>
#include <unistd.h>
static void *thrproc(void *arg)
{
int fd = open("/sys/fs/smackfs/relabel-self", O_WRONLY);
for (;;) write(fd, "foo", 3);
}
int main()
{
pthread_t t;
pthread_create(&t, NULL, thrproc, NULL);
thrproc(NULL);
}
Reported-by: syzbot+e6416dabb497a650da40@syzkaller.appspotmail.com
Fixes: 38416e53936e ("Smack: limited capability for changing process label")
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Neeraj Soni
|
7a42f09a94 |
Remove Per File Key based hardware crypto framework
Remove the Per File Key logic based inline crypto support for file encryption framework. Change-Id: I90071562ba5c41b9db470363edac35c9fe5e4efa Signed-off-by: Neeraj Soni <neersoni@codeaurora.org> |
||
|
Srinivasarao P
|
90bb7a2b24 |
Merge android-4.14-stable.180 (816f245) into msm-4.14
* refs/heads/tmp-816f245:
Revert "clk: qcom: rcg2: Don't crash if our parent can't be found; return an error"
Reverting crypto patches
Reverting incremental fs changes
Linux 4.14.180
cgroup, netclassid: remove double cond_resched
mac80211: add ieee80211_is_any_nullfunc()
ALSA: hda: Match both PCI ID and SSID for driver blacklist
tracing: Reverse the order of trace_types_lock and event_mutex
sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
net: systemport: suppress warnings on failed Rx SKB allocations
net: bcmgenet: suppress warnings on failed Rx SKB allocations
lib/mpi: Fix building for powerpc with clang
net: dsa: b53: Rework ARL bin logic
scripts/config: allow colons in option strings for sed
s390/ftrace: fix potential crashes when switching tracers
cifs: protect updating server->dstaddr with a spinlock
net: stmmac: Fix sub-second increment
net: stmmac: fix enabling socfpga's ptp_ref_clock
wimax/i2400m: Fix potential urb refcnt leak
ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry
ASoC: rsnd: Fix HDMI channel mapping for multi-SSI mode
ASoC: sgtl5000: Fix VAG power-on handling
selftests/ipc: Fix test failure seen after initial test run
ASoC: topology: Check return value of pcm_new_ver
powerpc/pci/of: Parse unassigned resources
vhost: vsock: kick send_pkt worker once device is started
ANDROID: arm64: fix a mismerge in proc.S
Linux 4.14.179
selinux: properly handle multiple messages in selinux_netlink_send()
dmaengine: dmatest: Fix iteration non-stop logic
nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
ALSA: opti9xx: shut up gcc-10 range warning
iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system
scsi: target/iblock: fix WRITE SAME zeroing
iommu/qcom: Fix local_base status check
vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
vfio: avoid possible overflow in vfio_iommu_type1_pin_pages
RDMA/mlx4: Initialize ib_spec on the stack
RDMA/mlx5: Set GRH fields in query QP on RoCE
dm verity fec: fix hash block number in verity_fec_decode
PM: hibernate: Freeze kernel threads in software_resume()
PM: ACPI: Output correct message on target power state
ALSA: pcm: oss: Place the plugin buffer overflow checks correctly
ALSA: hda/hdmi: fix without unlocked before return
ALSA: hda/realtek - Two front mics on a Lenovo ThinkCenter
mmc: sdhci-pci: Fix eMMC driver strength for BYT-based controllers
mmc: sdhci-xenon: fix annoying 1.8V regulator warning
btrfs: fix partial loss of prealloc extent past i_size after fsync
btrfs: fix block group leak when removing fails
drm/qxl: qxl_release use after free
drm/qxl: qxl_release leak in qxl_hw_surface_alloc()
drm/qxl: qxl_release leak in qxl_draw_dirty_fb()
drm/edid: Fix off-by-one in DispID DTD pixel clock
ext4: fix special inode number checks in __ext4_iget()
ANDROID: Incremental fs: Fix issues with very large files
Linux 4.14.178
propagate_one(): mnt_set_mountpoint() needs mount_lock
ext4: check for non-zero journal inum in ext4_calculate_overhead
qed: Fix use after free in qed_chain_free
ext4: unsigned int compared against zero
ext4: fix block validity checks for journal inodes using indirect blocks
ext4: don't perform block validity checks on the journal inode
ext4: protect journal inode's blocks using block_validity
ext4: avoid declaring fs inconsistent due to invalid file handles
hwmon: (jc42) Fix name to have no illegal characters
ext4: convert BUG_ON's to WARN_ON's in mballoc.c
ext4: increase wait time needed before reuse of deleted inode numbers
ext4: use matching invalidatepage in ext4_writepage
arm64: Delete the space separator in __emit_inst
xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
objtool: Support Clang non-section symbols in ORC dump
objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings
scsi: target: fix PR IN / READ FULL STATUS for FC
xfs: fix partially uninitialized structure in xfs_reflink_remap_extent
x86: hyperv: report value of misc_features
bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path
perf/core: fix parent pid/tid in task exit events
ARM: dts: bcm283x: Disable dsi0 node
net/cxgb4: Check the return from t4_query_params properly
i2c: altera: use proper variable to hold errno
nfsd: memory corruption in nfsd4_lock()
iio:ad7797: Use correct attribute_group
usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
usb: dwc3: gadget: Do link recovery for SS and SSP
binder: take read mode of mmap_sem in binder_alloc_free_page()
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
remoteproc: Fix wrong rvring index computation
xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT
xfs: validate sb_logsunit is a multiple of the fs blocksize
serial: sh-sci: Make sure status register SCxSR is read in correct sequence
usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
UAS: fix deadlock in error handling and PM flushing work
UAS: no use logging any details in case of ENODEV
cdc-acm: introduce a cool down
cdc-acm: close race betrween suspend() and acm_softint
staging: vt6656: Power save stop wake_up_count wrap around.
staging: vt6656: Fix pairwise key entry save.
staging: vt6656: Fix drivers TBTT timing counter.
staging: vt6656: Fix calling conditions of vnt_set_bss_mode
staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
vt: don't hardcode the mem allocation upper bound
staging: comedi: Fix comedi_device refcnt leak in comedi_open
staging: comedi: dt2815: fix writing hi byte of analog output
powerpc/setup_64: Set cache-line-size based on cache-block-size
ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
iwlwifi: pcie: actually release queue memory in TVQM
ASoC: dapm: fixup dapm kcontrol widget
audit: check the length of userspace generated audit records
usb-storage: Add unusual_devs entry for JMicron JMS566
tty: rocket, avoid OOB access
tty: hvc: fix buffer overflow during hvc_alloc().
KVM: VMX: Enable machine check support for 32bit targets
KVM: Check validity of resolved slot when searching memslots
tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send()
tpm/tpm_tis: Free IRQ if probing fails
ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
ALSA: hda/realtek - Add new codec supported for ALC245
ALSA: usx2y: Fix potential NULL dereference
tools/vm: fix cross-compile build
mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
mm/hugetlb: fix a addressing exception caused by huge_pte_offset
vmalloc: fix remap_vmalloc_range() bounds checks
overflow.h: Add arithmetic shift helper
USB: hub: Fix handling of connect changes during sleep
USB: core: Fix free-while-in-use bug in the USB S-Glibrary
USB: early: Handle AMD's spec-compliant identifiers, too
USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE
USB: sisusbvga: Change port variable from signed to unsigned
fs/namespace.c: fix mountpoint reference counter race
iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode
iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
iio: xilinx-xadc: Fix ADC-B powerdown
iio: adc: stm32-adc: fix sleep in atomic context
ALSA: hda: Remove ASUS ROG Zenith from the blacklist
KEYS: Avoid false positive ENOMEM error on key read
vrf: Check skb for XFRM_TRANSFORMED flag
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
net: dsa: b53: Fix ARL register definitions
team: fix hang in team_mode_get()
tcp: cache line align MAX_TCP_HEADER
net/x25: Fix x25_neigh refcnt leak when receiving frame
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
net: bcmgenet: correct per TX/RX ring statistics
macvlan: fix null dereference in macvlan_device_event()
macsec: avoid to set wrong mtu
ipv6: fix restrict IPV6_ADDRFORM operation
cxgb4: fix large delays in PTP synchronization
mm, slub: restore the original intention of prefetch_freepointer()
PCI/ASPM: Allow re-enabling Clock PM
perf/core: Disable page faults when getting phys address
pwm: bcm2835: Dynamically allocate base
pwm: renesas-tpu: Fix late Runtime PM enablement
s390/cio: avoid duplicated 'ADD' uevents
ipc/util.c: sysvipc_find_ipc() should increase position index
selftests: kmod: fix handling test numbers above 9
kernel/gcov/fs.c: gcov_seq_next() should increase position index
ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map()
scsi: iscsi: Report unbind session event when the target has been removed
pwm: rcar: Fix late Runtime PM enablement
ceph: don't skip updating wanted caps when cap is stale
ceph: return ceph_mdsc_do_request() errors from __get_parent()
scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
watchdog: reset last_hw_keepalive time at start
vti4: removed duplicate log message.
crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static
drm/msm: Use the correct dma_sync calls harder
keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
net: ipv4: avoid unused variable warning for sysctl
net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
ext4: fix extent_status fragmentation for plain files
FROMGIT: f2fs: fix missing check for f2fs_unlock_op
ANDROID: Fix kernel build regressions from virtio-gpu-next patches
ANDROID: Incremental fs: Add setattr call
ANDROID: cuttlefish_defconfig: enable LTO and CFI
ANDROID: x86: map CFI jump tables in pti_clone_entry_text
ANDROID: crypto: aesni: fix function types for aesni_(enc|dec)
ANDROID: x86: disable CFI for do_syscall_*
ANDROID: BACKPORT: x86, module: Ignore __typeid__ relocations
ANDROID: BACKPORT: x86, relocs: Ignore __typeid__ relocations
ANDROID: BACKPORT: x86/extable: Do not mark exception callback as CFI
FROMLIST: crypto, x86/sha: Eliminate casts on asm implementations
UPSTREAM: crypto: x86 - Rename functions to avoid conflict with crypto/sha256.h
BACKPORT: x86/vmlinux: Actually use _etext for the end of the text segment
ANDROID: x86: disable STACK_VALIDATION with LTO_CLANG
ANDROID: x86: add support for CONFIG_LTO_CLANG
ANDROID: x86/vdso: disable LTO only for VDSO
ANDROID: x86/cpu/vmware: use the full form of inl in VMWARE_PORT
UPSTREAM: x86/build/lto: Fix truncated .bss with -fdata-sections
ANDROID: kbuild: don't select LD_DEAD_CODE_DATA_ELIMINATION with LTO
ANDROID: kbuild: export LTO and CFI flags
ANDROID: cfi: remove unnecessary <asm/memory.h> include
ANDROID: drm/virtio: rebase to latest virgl/drm-misc-next (take 2)
UPSTREAM: sysrq: Use panic() to force a crash
ANDROID: Incremental fs: Use simple compression in log buffer
ANDROID: dm-bow: Fix not to skip trim at framented range
ANDROID: Remove VLA from uid_sys_stats.c
ANDROID: cuttlefish_defconfig: enable CONFIG_DEBUG_LIST
Linux 4.14.177
KEYS: Don't write out to userspace while holding key semaphore
KEYS: Use individual pages in big_key for crypto buffers
mtd: phram: fix a double free issue in error path
mtd: lpddr: Fix a double free in probe()
locktorture: Print ratio of acquisitions, not failures
tty: evh_bytechan: Fix out of bounds accesses
fbdev: potential information leak in do_fb_ioctl()
net: dsa: bcm_sf2: Fix overflow checks
iommu/amd: Fix the configuration of GCR3 table root pointer
libnvdimm: Out of bounds read in __nd_ioctl()
ext2: fix debug reference to ext2_xattr_cache
ext2: fix empty body warnings when -Wextra is used
iommu/vt-d: Fix mm reference leak
NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
drm/amdkfd: kfree the wrong pointer
x86: ACPI: fix CPU hotplug deadlock
KVM: s390: vsie: Fix possible race when shadowing region 3 tables
compiler.h: fix error in BUILD_BUG_ON() reporting
percpu_counter: fix a data race at vm_committed_as
include/linux/swapops.h: correct guards for non_swap_entry()
ext4: do not commit super on read-only bdev
powerpc/maple: Fix declaration made after definition
s390/cpuinfo: fix wrong output when CPU0 is offline
NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid()
rtc: 88pm860x: fix possible race condition
soc: imx: gpc: fix power up sequencing
clk: tegra: Fix Tegra PMC clock out parents
power: supply: bq27xxx_battery: Silence deferred-probe error
clk: at91: usb: continue if clk_hw_round_rate() return zero
of: unittest: kmemleak in of_unittest_platform_populate()
rbd: call rbd_dev_unprobe() after unwatching and flushing notifies
rbd: avoid a deadlock on header_rwsem when flushing notifies
of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
soc: qcom: smem: Use le32_to_cpu for comparison
wil6210: abort properly in cfg suspend
wil6210: fix length check in __wmi_send
wil6210: add block size checks during FW load
wil6210: fix PCIe bus mastering in case of interface down
rpmsg: glink: smem: Ensure ordering during tx
rpmsg: glink: Fix missing mutex_init() in qcom_glink_alloc_channel()
rtc: pm8xxx: Fix issue in RTC write path
rpmsg: glink: use put_device() if device_register fail
wil6210: rate limit wil_rx_refill error
scsi: ufs: ufs-qcom: remove broken hci version quirk
scsi: ufs: make sure all interrupts are processed
wil6210: fix temperature debugfs
wil6210: increase firmware ready timeout
arch_topology: Fix section miss match warning due to free_raw_capacity()
arm64: traps: Don't print stack or raw PC/LR values in backtraces
arm64: perf: remove unsupported events for Cortex-A73
Revert "gpio: set up initial state from .get_direction()"
clk: Fix debugfs_create_*() usage
drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
video: fbdev: sis: Remove unnecessary parentheses and commented code
lib/raid6: use vdupq_n_u8 to avoid endianness warnings
ALSA: hda: Don't release card at firmware loading error
irqchip/mbigen: Free msi_desc on device teardown
netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type
arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0
ext4: use non-movable memory for superblock readahead
scsi: sg: add sg_remove_request in sg_common_write
objtool: Fix switch table detection in .text.unlikely
mm/vmalloc.c: move 'area->pages' after if statement
x86/resctrl: Fix invalid attempt at removing the default resource group
x86/resctrl: Preserve CDP enable over CPU hotplug
x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG
x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization (CDP)
x86/intel_rdt: Enumerate L2 Code and Data Prioritization (CDP) feature
x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE
scsi: target: fix hang when multiple threads try to destroy the same iscsi session
scsi: target: remove boilerplate code
kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
dm flakey: check for null arg_name in parse_features()
ext4: do not zeroout extents beyond i_disksize
mac80211_hwsim: Use kstrndup() in place of kasprintf()
btrfs: check commit root generation in should_ignore_root
tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
ALSA: usb-audio: Don't override ignore_ctl_error value from the map
ASoC: Intel: mrfld: return error codes when an error occurs
ASoC: Intel: mrfld: fix incorrect check on p->sink
ext4: fix incorrect inodes per group in error message
ext4: fix incorrect group count in ext4_fill_super error message
pwm: pca9685: Fix PWM/GPIO inter-operation
jbd2: improve comments about freeing data buffers whose page mapping is NULL
scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
net: revert default NAPI poll timeout to 2 jiffies
net: qrtr: send msgs from local of same id as broadcast
net: ipv6: do not consider routes via gateways for anycast address check
net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
hsr: check protocol version in hsr_newlink()
amd-xgbe: Use __napi_schedule() in BH context
mfd: dln2: Fix sanity checking for endpoints
misc: echo: Remove unnecessary parentheses and simplify check for zero
powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
ipmi: fix hung processes in __get_guid()
ftrace/kprobe: Show the maxactive number on kprobe_events
drm: Remove PageReserved manipulation from drm_pci_alloc
drm/dp_mst: Fix clearing payload state on topology disable
crypto: caam - update xts sector size for large input length
dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone()
btrfs: use nofs allocations for running delayed items
Btrfs: fix crash during unmount due to race with delayed inode workers
powerpc: Make setjmp/longjmp signature standard
powerpc: Add attributes for setjmp/longjmp
scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
powerpc/kprobes: Ignore traps that happened in real mode
powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs
powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries
powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle
libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set
hfsplus: fix crash and filesystem corruption when deleting files
cpufreq: powernv: Fix use-after-free
kmod: make request_module() return an error when autoloading is disabled
Input: i8042 - add Acer Aspire 5738z to nomux list
s390/diag: fix display of diagnose call statistics
perf tools: Support Python 3.8+ in Makefile
ocfs2: no need try to truncate file beyond i_size
fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once()
ext4: fix a data race at inode->i_blocks
NFS: Fix a page leak in nfs_destroy_unlinked_subrequests()
rtc: omap: Use define directive for PIN_CONFIG_ACTIVE_HIGH
arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
dm verity fec: fix memory leak in verity_fec_dtr
mm: Use fixed constant in page_frag_alloc instead of size + 1
tools: gpio: Fix out-of-tree build regression
x86/speculation: Remove redundant arch_smt_update() invocation
powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init()
net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
ALSA: hda: Initialize power_state field properly
crypto: mxs-dcp - fix scatterlist linearization for hash
btrfs: drop block from cache on error in relocation
CIFS: Fix bug which the return value by asynchronous read is error
KVM: VMX: fix crash cleanup when KVM wasn't used
KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support
KVM: x86: Allocate new rmap and large page tracking when moving memslot
KVM: s390: vsie: Fix delivery of addressing exceptions
KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks
KVM: nVMX: Properly handle userspace interrupt window request
x86/entry/32: Add missing ASM_CLAC to general_protection entry
signal: Extend exec_id to 64bits
ath9k: Handle txpower changes even when TPC is disabled
MIPS: OCTEON: irq: Fix potential NULL pointer dereference
irqchip/versatile-fpga: Apply clear-mask earlier
KEYS: reaching the keys quotas correctly
PCI: endpoint: Fix for concurrent memory allocation in OB address region
PCI/ASPM: Clear the correct bits when enabling L1 substates
nvme-fc: Revert "add module to ops template to allow module references"
thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
acpi/x86: ignore unspecified bit positions in the ACPI global lock field
media: ti-vpe: cal: fix disable_irqs to only the intended target
ALSA: hda/realtek - Set principled PC Beep configuration for ALC256
ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256
ALSA: pcm: oss: Fix regression by buffer overflow fix
ALSA: ice1724: Fix invalid access for enumerated ctl items
ALSA: hda: Fix potential access overflow in beep helper
ALSA: hda: Add driver blacklist
ALSA: usb-audio: Add mixer workaround for TRX40 and co
usb: gadget: composite: Inform controller driver of self-powered
usb: gadget: f_fs: Fix use after free issue as part of queue failure
ASoC: topology: use name_prefix for new kcontrol
ASoC: dpcm: allow start or stop during pause for backend
ASoC: dapm: connect virtual mux with default value
ASoC: fix regwmask
slub: improve bit diffusion for freelist ptr obfuscation
misc: rtsx: set correct pcr_ops for rts522A
uapi: rename ext2_swab() to swab() and share globally in swab.h
btrfs: track reloc roots based on their commit root bytenr
btrfs: remove a BUG_ON() from merge_reloc_roots()
block, bfq: fix use-after-free in bfq_idle_slice_timer_body
locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
irqchip/gic-v4: Provide irq_retrigger to avoid circular locking dependency
usb: dwc3: core: add support for disabling SS instances in park mode
block: Fix use-after-free issue accessing struct io_cq
genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy()
efi/x86: Ignore the memory attributes table on i386
x86/boot: Use unsigned comparison for addresses
gfs2: Don't demote a glock until its revokes are written
libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
PCI/switchtec: Fix init_completion race condition with poll_wait()
selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
sched: Avoid scale real weight down to zero
irqchip/versatile-fpga: Handle chained IRQs properly
block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices
x86: Don't let pgprot_modify() change the page encryption bit
null_blk: fix spurious IO errors after failed past-wp access
null_blk: Handle null_add_dev() failures properly
null_blk: Fix the null_add_dev() error path
i2c: st: fix missing struct parameter description
qlcnic: Fix bad kzalloc null test
cxgb4/ptp: pass the sign of offset delta in FW CMD
hinic: fix wrong para of wait_for_completion_timeout
hinic: fix a bug of waitting for IO stopped
net: vxge: fix wrong __VA_ARGS__ usage
bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
ANDROID: fix wakeup reason findings
UPSTREAM: gpu/trace: add a gpu total memory usage tracepoint
CHROMIUM: drm/virtio: rebase zero-copy patches to virgl/drm-misc-next
CHROMIUM: virtio-gpu: add VIRTIO_GPU_F_RESOURCE_UUID feature
CHROMIUM: drm/virtgpu: add legacy VIRTIO_GPU_* values for non-upstream variants
CHROMIUM: drm/virtgpu: fix various warnings
CHROMIUM: drm/virtgpu: implement metadata allocation ioctl
CHROMIUM: drm/virtgpu: introduce request IDRs
CHROMIUM: drm/virtgpu: implement DRM_VIRTGPU_RESOURCE_CREATE_V2
CHROMIUM: drm/virtgpu: add stub ioctl implementation
CHROMIUM: drm/virtgpu: check for revelant capabilites
CHROMIUM: drm/virtgpu: add memory type to virtio_gpu_object_params
CHROMIUM: drm/virtgpu: make memory and resource creation opaque
CHROMIUM: virtio-gpu api: VIRTIO_GPU_F_MEMORY
CHROMIUM: virtwl: store plane info per virtio_gpu_object
CHROMIUM: drm/virtgpu: expose new ioctls to userspace
BACKPORT: drm/virtio: move virtio_gpu_object_{attach, detach} calls.
ANDROID: drm: ttm: Add ttm_tt_create2 driver hook
UPSTREAM: virtio-gpu api: comment feature flags
UPSTREAM: drm/virtio: module_param_named() requires linux/moduleparam.h
BACKPORT: drm/virtio: fix resource id creation race
BACKPORT: drm/virtio: make resource id workaround runtime switchable.
BACKPORT: drm/virtio: do NOT reuse resource ids
BACKPORT: drm/virtio: Drop deprecated load/unload initialization
f2fs: fix quota_sync failure due to f2fs_lock_op
f2fs: support read iostat
f2fs: Fix the accounting of dcc->undiscard_blks
f2fs: fix to handle error path of f2fs_ra_meta_pages()
f2fs: report the discard cmd errors properly
f2fs: fix long latency due to discard during umount
f2fs: add tracepoint for f2fs iostat
f2fs: introduce sysfs/data_io_flag to attach REQ_META/FUA
UPSTREAM: kheaders: include only headers into kheaders_data.tar.xz
UPSTREAM: kheaders: remove meaningless -R option of 'ls'
ANDROID: Incremental fs: Fix create_file performance
ANDROID: Incremental fs: Fix compound page usercopy crash
ANDROID: Incremental fs: Clean up incfs_test build process
ANDROID: Incremental fs: make remount log buffer change atomic
ANDROID: Incremental fs: Optimize get_filled_block
ANDROID: Incremental fs: Fix mislabeled __user ptrs
ANDROID: Incremental fs: Use 64-bit int for file_size when writing hash blocks
Revert "ANDROID: Incremental fs: Fix initialization, use of bitfields"
Linux 4.14.176
drm/msm: Use the correct dma_sync calls in msm_gem
rpmsg: glink: smem: Support rx peak for size less than 4 bytes
drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
usb: dwc3: don't set gadget->is_otg flag
rpmsg: glink: Remove chunk size word align warning
arm64: Fix size of __early_cpu_boot_status
drm/msm: stop abusing dma_map/unmap for cache
clk: qcom: rcg: Return failure for RCG update
acpi/nfit: Fix bus command validation
fbcon: fix null-ptr-deref in fbcon_switch
RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
ceph: canonicalize server path in place
ceph: remove the extra slashes in the server path
IB/hfi1: Fix memory leaks in sysfs registration and unregistration
IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
ASoC: jz4740-i2s: Fix divider written at incorrect offset in register
hwrng: imx-rngc - fix an error path
tools/accounting/getdelays.c: fix netlink attribute length
random: always use batched entropy for get_random_u{32,64}
mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE
slcan: Don't transmit uninitialized stack data in padding
net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting
net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers
net: dsa: bcm_sf2: Ensure correct sub-node is parsed
ipv6: don't auto-add link-local address to lag ports
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
padata: always acquire cpu_hotplug_lock before pinst->lock
coresight: do not use the BIT() macro in the UAPI header
misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices
blk-mq: Allow blocking queue tag iter callbacks
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
drm/etnaviv: replace MMU flush marker with flush sequence
tools/power turbostat: Fix gcc build warnings
initramfs: restore default compression behavior
drm/bochs: downgrade pci_request_region failure from error to warning
sctp: fix possibly using a bad saddr with a given dst
sctp: fix refcount bug in sctp_wfree
net, ip_tunnel: fix interface lookup with no key
ipv4: fix a RCU-list lock in fib_triestat_seq_show
ANDROID: power: wakeup_reason: wake reason enhancements
ubifs: wire up FS_IOC_GET_ENCRYPTION_NONCE
f2fs: wire up FS_IOC_GET_ENCRYPTION_NONCE
ext4: wire up FS_IOC_GET_ENCRYPTION_NONCE
fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl
FROMLIST: power_supply: Add additional health properties to the header
UPSTREAM: power: supply: core: Update sysfs-class-power ABI document
BACKPORT: FROMGIT: kbuild: mkcompile_h: Include $LD version in /proc/version
ANDROID: fscrypt: fall back to filesystem-layer crypto when needed
ANDROID: block: require drivers to declare supported crypto key type(s)
ANDROID: block: make blk_crypto_start_using_mode() properly check for support
f2fs: keep inline_data when compression conversion
f2fs: fix to disable compression on directory
f2fs: add missing CONFIG_F2FS_FS_COMPRESSION
f2fs: switch discard_policy.timeout to bool type
f2fs: fix to verify tpage before releasing in f2fs_free_dic()
f2fs: show compression in statx
f2fs: clean up dic->tpages assignment
f2fs: compress: support zstd compress algorithm
f2fs: compress: add .{init,destroy}_decompress_ctx callback
f2fs: compress: fix to call missing destroy_compress_ctx()
f2fs: change default compression algorithm
f2fs: clean up {cic,dic}.ref handling
f2fs: fix to use f2fs_readpage_limit() in f2fs_read_multi_pages()
f2fs: xattr.h: Make stub helpers inline
f2fs: fix to avoid double unlock
f2fs: fix potential .flags overflow on 32bit architecture
f2fs: fix NULL pointer dereference in f2fs_verity_work()
f2fs: fix to clear PG_error if fsverity failed
f2fs: don't call fscrypt_get_encryption_info() explicitly in f2fs_tmpfile()
f2fs: don't trigger data flush in foreground operation
f2fs: fix NULL pointer dereference in f2fs_write_begin()
f2fs: clean up f2fs_may_encrypt()
f2fs: fix to avoid potential deadlock
f2fs: don't change inode status under page lock
f2fs: fix potential deadlock on compressed quota file
f2fs: delete DIO read lock
f2fs: don't mark compressed inode dirty during f2fs_iget()
f2fs: fix to account compressed blocks in f2fs_compressed_blocks()
f2fs: xattr.h: Replace zero-length array with flexible-array member
f2fs: fix to update f2fs_super_block fields under sb_lock
f2fs: Add a new CP flag to help fsck fix resize SPO issues
f2fs: Fix mount failure due to SPO after a successful online resize FS
f2fs: use kmem_cache pool during inline xattr lookups
f2fs: skip migration only when BG_GC is called
f2fs: fix to show tracepoint correctly
f2fs: avoid __GFP_NOFAIL in f2fs_bio_alloc
f2fs: introduce F2FS_IOC_GET_COMPRESS_BLOCKS
f2fs: fix to avoid triggering IO in write path
f2fs: add prefix for f2fs slab cache name
f2fs: introduce DEFAULT_IO_TIMEOUT
f2fs: skip GC when section is full
f2fs: add migration count iff migration happens
f2fs: clean up bggc mount option
f2fs: clean up lfs/adaptive mount option
f2fs: fix to show norecovery mount option
f2fs: clean up parameter of macro XATTR_SIZE()
f2fs: clean up codes with {f2fs_,}data_blkaddr()
f2fs: show mounted time
f2fs: Use scnprintf() for avoiding potential buffer overflow
f2fs: allow to clear F2FS_COMPR_FL flag
f2fs: fix to check dirty pages during compressed inode conversion
f2fs: fix to account compressed inode correctly
f2fs: fix wrong check on F2FS_IOC_FSSETXATTR
f2fs: fix to avoid use-after-free in f2fs_write_multi_pages()
f2fs: fix to avoid using uninitialized variable
f2fs: fix inconsistent comments
f2fs: remove i_sem lock coverage in f2fs_setxattr()
f2fs: cover last_disk_size update with spinlock
f2fs: fix to check i_compr_blocks correctly
FROMLIST: kmod: make request_module() return an error when autoloading is disabled
UPSTREAM: loop: Only freeze block queue when needed.
UPSTREAM: loop: Only change blocksize when needed.
ANDROID: Incremental fs: Fix remount
ANDROID: Incremental fs: Protect get_fill_block, and add a field
ANDROID: Incremental fs: Fix crash polling 0 size read_log
ANDROID: Incremental fs: get_filled_blocks: better index_out
ANDROID: Fix wq fp check for CFI builds
ANDROID: Incremental fs: Fix four resource bugs
ANDROID: kbuild: ensure __cfi_check is correctly aligned
ANDROID: kbuild: fix module linker script flags for LTO
Linux 4.14.175
arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode
arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id
ARM: bcm2835-rpi-zero-w: Add missing pinctrl name
ARM: dts: oxnas: Fix clear-mask property
perf map: Fix off by one in strncpy() size argument
arm64: alternative: fix build with clang integrated assembler
net: ks8851-ml: Fix IO operations, again
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model
bpf: Explicitly memset some bpf info structures declared on the stack
bpf: Explicitly memset the bpf_attr structure
platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table
vt: vt_ioctl: fix use-after-free in vt_in_use()
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
vt: vt_ioctl: remove unnecessary console allocation checks
vt: switch vt_dont_switch to bool
vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines
vt: selection, introduce vc_is_sel
mac80211: fix authentication with iwlwifi/mvm
mac80211: Check port authorization in the ieee80211_tx_dequeue() case
media: xirlink_cit: add missing descriptor sanity checks
media: stv06xx: add missing descriptor sanity checks
media: dib0700: fix rc endpoint lookup
media: ov519: add missing endpoint sanity checks
libfs: fix infoleak in simple_attr_read()
staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
media: usbtv: fix control-message timeouts
media: flexcop-usb: fix endpoint sanity check
usb: musb: fix crash with highmen PIO and usbmon
USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback
USB: cdc-acm: restore capability check order
USB: serial: option: add Wistron Neweb D19Q1
USB: serial: option: add BroadMobi BM806U
USB: serial: option: add support for ASKEY WWHC050
afs: Fix some tracing details
Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger()
Input: raydium_i2c_ts - use true and false for boolean values
vti6: Fix memory leak of skb if input policy check fails
netfilter: nft_fwd_netdev: validate family and chain type
xfrm: policy: Fix doulbe free in xfrm_policy_timer
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
xfrm: fix uctx len check in verify_sec_ctx_len
RDMA/mlx5: Block delay drop to unprivileged users
vti[6]: fix packet tx through bpf_redirect() in XinY cases
xfrm: handle NETDEV_UNREGISTER for xfrm device
genirq: Fix reference leaks on irq affinity notifiers
RDMA/core: Ensure security pkey modify is not lost
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model
gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk
mac80211: mark station unauthorized before key removal
scsi: sd: Fix optimal I/O size for devices that change reported values
scripts/dtc: Remove redundant YYLOC global declaration
tools: Let O= makes handle a relative path with -C option
perf probe: Do not depend on dwfl_module_addrsym()
ARM: dts: omap5: Add bus_dma_limit for L3 bus
ARM: dts: dra7: Add bus_dma_limit for L3 bus
Input: avoid BIT() macro usage in the serio.h UAPI header
Input: synaptics - enable RMI on HP Envy 13-ad105ng
i2c: hix5hd2: add missed clk_disable_unprepare in remove
ftrace/x86: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare()
arm64: compat: map SPSR_ELx<->PSR for signals
arm64: ptrace: map SPSR_ELx<->PSR for compat tasks
sxgbe: Fix off by one in samsung driver strncpy size arg
dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom
mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
scsi: ipr: Fix softlockup when rescanning devices in petitboot
fsl/fman: detect FMan erratum A050385
arm64: dts: ls1043a: FMan erratum A050385
dt-bindings: net: FMan erratum A050385
cgroup1: don't call release_agent when it is ""
drivers/of/of_mdio.c:fix of_mdiobus_register()
cpupower: avoid multiple definition with gcc -fno-common
cgroup-v1: cgroup_pidlist_next should update position index
net: ipv4: don't let PMTU updates increase route MTU
hsr: set .netnsok flag
hsr: add restart routine into hsr_get_node_list()
hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
vxlan: check return value of gro_cells_init()
net: dsa: mt7530: Change the LINK bit to reflect the link status
bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets()
slcan: not call free_netdev before rtnl_unlock in slcan_open
NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
net: stmmac: dwmac-rk: fix error path in rk_gmac_probe
net_sched: keep alloc_hash updated after hash allocation
net_sched: cls_route: remove the right filter from hashtable
net: qmi_wwan: add support for ASKEY WWHC050
net/packet: tpacket_rcv: avoid a producer race condition
net: mvneta: Fix the case where the last poll did not process all rx
net: dsa: Fix duplicate frames flooded by learning
macsec: restrict to ethernet devices
hsr: fix general protection fault in hsr_addr_is_self()
Revert "drm/dp_mst: Skip validating ports during destruction, just ref"
staging: greybus: loopback_test: fix potential path truncations
staging: greybus: loopback_test: fix potential path truncation
drm/bridge: dw-hdmi: fix AVI frame colorimetry
arm64: smp: fix crash_smp_send_stop() behaviour
arm64: smp: fix smp_send_stop() behaviour
ALSA: hda/realtek: Fix pop noise on ALC225
Revert "ipv6: Fix handling of LLA with VRF and sockets bound to VRF"
Revert "vrf: mark skb for multicast or link-local as enslaved to VRF"
futex: Unbreak futex hashing
futex: Fix inode life-time issue
kbuild: Disable -Wpointer-to-enum-cast
iio: adc: at91-sama5d2_adc: fix differential channels in triggered mode
iio: adc: at91-sama5d2_adc: fix channel configuration for differential channels
USB: cdc-acm: fix rounding error in TIOCSSERIAL
USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
x86/mm: split vmalloc_sync_all()
page-flags: fix a crash at SetPageError(THP_SWAP)
mm, slub: prevent kmalloc_node crashes and memory leaks
mm: slub: be more careful about the double cmpxchg of freelist
memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
xhci: Do not open code __print_symbolic() in xhci trace events
rtc: max8907: add missing select REGMAP_IRQ
intel_th: pci: Add Elkhart Lake CPU support
intel_th: Fix user-visible error codes
staging/speakup: fix get_word non-space look-ahead
staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
iio: magnetometer: ak8974: Fix negative raw values in sysfs
iio: trigger: stm32-timer: disable master mode when stopping
ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
ALSA: pcm: oss: Avoid plugin buffer overflow
ALSA: seq: oss: Fix running status after receiving sysex
ALSA: seq: virmidi: Fix running status after receiving sysex
ALSA: line6: Fix endless MIDI read loop
usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c
USB: serial: pl2303: add device-id for HP LD381
usb: host: xhci-plat: add a shutdown
USB: serial: option: add ME910G1 ECM composition 0x110b
usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
USB: Disable LPM on WD19's Realtek Hub
parse-maintainers: Mark as executable
block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()
xenbus: req->err should be updated before req->state
xenbus: req->body should be updated before req->state
dm bio record: save/restore bi_end_io and bi_integrity
altera-stapl: altera_get_note: prevent write beyond end of 'key'
drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer
drm/exynos: dsi: fix workaround for the legacy clock name
drm/exynos: dsi: propagate error value and silence meaningless warning
spi/zynqmp: remove entry that causes a cs glitch
spi: pxa2xx: Add CS control clock quirk
ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
powerpc: Include .BTF section
spi: qup: call spi_qup_pm_resume_runtime before suspending
UPSTREAM: ubifs: wire up FS_IOC_GET_ENCRYPTION_NONCE
UPSTREAM: f2fs: wire up FS_IOC_GET_ENCRYPTION_NONCE
UPSTREAM: ext4: wire up FS_IOC_GET_ENCRYPTION_NONCE
UPSTREAM: fscrypt: add FS_IOC_GET_ENCRYPTION_NONCE ioctl
UPSTREAM: usb: raw_gadget: fix compilation warnings in uapi headers
BACKPORT: usb: gadget: add raw-gadget interface
UPSTREAM: usb: gadget: move choice ... endchoice to legacy/Kconfig
ANDROID: clang: update to 10.0.5
FROMLIST: arm64: define __alloc_zeroed_user_highpage
ANDROID: Incremental fs: Add INCFS_IOC_GET_FILLED_BLOCKS
ANDROID: Incremental fs: Fix two typos
f2fs: fix to avoid potential deadlock
f2fs: add missing function name in kernel message
f2fs: recycle unused compress_data.chksum feild
f2fs: fix to avoid NULL pointer dereference
f2fs: fix leaking uninitialized memory in compressed clusters
f2fs: fix the panic in do_checkpoint()
f2fs: fix to wait all node page writeback
mm/swapfile.c: move inode_lock out of claim_swapfile
UPSTREAM: ipv6: ndisc: add support for 'PREF64' dns64 prefix identifier
UPSTREAM: ipv6: ndisc: add support for 'PREF64' dns64 prefix identifier
ANDROID: dm-bow: Fix free_show value is incorrect
UPSTREAM: coresight: Potential uninitialized variable in probe()
ANDROID: kbuild: do not merge .section..* into .section in modules
ANDROID: scsi: ufs: add ->map_sg_crypto() variant op
UPSTREAM: bpf: Explicitly memset some bpf info structures declared on the stack
UPSTREAM: bpf: Explicitly memset the bpf_attr structure
Linux 4.14.174
ipv4: ensure rcu_read_lock() in cipso_v4_error()
mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
ARM: 8958/1: rename missed uaccess .fixup section
ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional()
jbd2: fix data races at struct journal_head
net: rmnet: fix NULL pointer dereference in rmnet_newlink()
hinic: fix a bug of setting hw_ioctxt
slip: not call free_netdev before rtnl_unlock in slip_open
signal: avoid double atomic counter increments for user accounting
mac80211: rx: avoid RCU list traversal under mutex
net: ks8851-ml: Fix IRQ handling and locking
net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch
scsi: libfc: free response frame from GPN_ID
cfg80211: check reg_rule for NULL in handle_channel_custom()
HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override
HID: apple: Add support for recent firmware on Magic Keyboards
ACPI: watchdog: Allow disabling WDAT at boot
perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag
batman-adv: Don't schedule OGM for disabled interface
batman-adv: Avoid free/alloc race when handling OGM buffer
batman-adv: Avoid free/alloc race when handling OGM2 buffer
batman-adv: Fix duplicated OGMs on NETDEV_UP
batman-adv: Fix debugfs path for renamed softif
batman-adv: Fix debugfs path for renamed hardif
batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs
batman-adv: Fix TT sync flags for intermediate TT responses
batman-adv: Avoid race in TT TVLV allocator helper
batman-adv: update data pointers after skb_cow()
batman-adv: Fix internal interface indices types
batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq
batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible
batman-adv: Always initialize fragment header priority
batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation
efi: Add a sanity check to efivar_store_raw()
net/smc: check for valid ib_client_data
ipv6: restrict IPV6_ADDRFORM operation
i2c: acpi: put device when verifying client fails
iommu/vt-d: Ignore devices with out-of-spec domain number
iommu/vt-d: Fix the wrong printing in RHSA parsing
netfilter: nft_payload: add missing attribute validation for payload csum flags
netfilter: cthelper: add missing attribute validation for cthelper
nl80211: add missing attribute validation for channel switch
nl80211: add missing attribute validation for beacon report scanning
nl80211: add missing attribute validation for critical protocol indication
pinctrl: core: Remove extra kref_get which blocks hogs being freed
pinctrl: meson-gxl: fix GPIOX sdio pins
iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
iommu/dma: Fix MSI reservation allocation
x86/mce: Fix logic and comments around MSR_PPIN_CTL
efi: Fix a race and a buffer overflow while reading efivars via sysfs
ARC: define __ALIGN_STR and __ALIGN symbols for ARC
KVM: x86: clear stale x86_emulate_ctxt->intercept value
gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
cifs_atomic_open(): fix double-put on late allocation failure
ktest: Add timeout for ssh sync testing
drm/amd/display: remove duplicated assignment to grph_obj_type
workqueue: don't use wq_select_unbound_cpu() for bound works
iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint
virtio-blk: fix hw_queue stopped on arbitrary error
iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices
cgroup: Iterate tasks that did not finish do_exit()
cgroup: cgroup_procs_next should increase position index
ipvlan: don't deref eth hdr before checking it's set
ipvlan: egress mcast packets are not exceptional
ipvlan: do not add hardware address of master to its unicast filter list
inet_diag: return classid for all socket types
macvlan: add cond_resched() during multicast processing
net: fec: validate the new settings in fec_enet_set_coalesce()
slip: make slhc_compress() more robust against malicious packets
bonding/alb: make sure arp header is pulled before accessing it
net: phy: fix MDIO bus PM PHY resuming
nfc: add missing attribute validation for vendor subcommand
nfc: add missing attribute validation for SE API
team: add missing attribute validation for array index
team: add missing attribute validation for port ifindex
net: fq: add missing attribute validation for orphan mask
macsec: add missing attribute validation for port
can: add missing attribute validation for termination
nl802154: add missing attribute validation for dev_type
nl802154: add missing attribute validation
fib: add missing attribute validation for tun_id
net: memcg: fix lockdep splat in inet_csk_accept()
net: memcg: late association of sock to memcg
cgroup: memcg: net: do not associate sock with unrelated cgroup
bnxt_en: reinitialize IRQs when MTU is modified
sfc: detach from cb_page in efx_copy_channel()
r8152: check disconnect status after long sleep
net/packet: tpacket_rcv: do not increment ring index on drop
net: nfc: fix bounds checking bugs on "pipe"
net: macsec: update SCI upon MAC address change.
netlink: Use netlink header as base to calculate bad attribute offset
ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
ipvlan: add cond_resched_rcu() while processing muticast backlog
ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
gre: fix uninit-value in __iptunnel_pull_header
cgroup, netclassid: periodically release file_lock on classid updating
net: phy: Avoid multiple suspends
phy: Revert toggling reset changes.
ANDROID: Incremental fs: Add INCFS_IOC_PERMIT_FILL
ANDROID: Incremental fs: Remove signature checks from kernel
ANDROID: Incremental fs: Pad hash blocks
ANDROID: Incremental fs: Make fill block an ioctl
ANDROID: Incremental fs: Remove all access_ok checks
UPSTREAM: cgroup: Iterate tasks that did not finish do_exit()
UPSTREAM: arm64: memory: Add missing brackets to untagged_addr() macro
UPSTREAM: mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()
ANDROID: Add TPM support and the vTPM proxy to Cuttlefish.
ANDROID: serdev: restrict claim of platform devices
UPSTREAM: fscrypt: don't evict dirty inodes after removing key
fscrypt: don't evict dirty inodes after removing key
Linux 4.14.173
ASoC: topology: Fix memleak in soc_tplg_manifest_load()
xhci: handle port status events for removed USB3 hcd
dm integrity: fix a deadlock due to offloading to an incorrect workqueue
powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems
dmaengine: coh901318: Fix a double lock bug in dma_tc_handle()
hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT()
ARM: imx: build v7_cpu_resume() unconditionally
IB/hfi1, qib: Ensure RCU is locked when accessing list
RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen()
RDMA/iwcm: Fix iwcm work deallocation
ASoC: dapm: Correct DAPM handling of active widgets during shutdown
ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path
ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output
ASoC: intel: skl: Fix possible buffer overflow in debug outputs
ASoC: intel: skl: Fix pin debug prints
ASoC: topology: Fix memleak in soc_tplg_link_elems_load()
ARM: dts: ls1021a: Restore MDIO compatible to gianfar
dm cache: fix a crash due to incorrect work item cancelling
dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list
dmaengine: tegra-apb: Fix use-after-free
x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
vt: selection, push sel_lock up
vt: selection, push console lock down
vt: selection, close sel_buffer race
serial: 8250_exar: add support for ACCES cards
tty:serial:mvebu-uart:fix a wrong return
arm: dts: dra76x: Fix mmc3 max-frequency
fat: fix uninit-memory access for partial initialized inode
mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa
vgacon: Fix a UAF in vgacon_invert_region
usb: core: port: do error out if usb_autopm_get_interface() fails
usb: core: hub: do error out if usb_autopm_get_interface() fails
usb: core: hub: fix unhandled return by employing a void function
usb: quirks: add NO_LPM quirk for Logitech Screen Share
usb: storage: Add quirk for Samsung Fit flash
cifs: don't leak -EAGAIN for stat() during reconnect
net: thunderx: workaround BGX TX Underflow issue
x86/xen: Distribute switch variables for initialization
nvme: Fix uninitialized-variable warning
x86/boot/compressed: Don't declare __force_order in kaslr_64.c
s390/cio: cio_ignore_proc_seq_next should increase position index
watchdog: da9062: do not ping the hw during stop()
net: ks8851-ml: Fix 16-bit IO operation
net: ks8851-ml: Fix 16-bit data access
net: ks8851-ml: Remove 8-bit bus accessors
drm/msm/dsi: save pll state before dsi host is powered off
drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI
drm/msm/mdp5: rate limit pp done timeout warnings
usb: gadget: serial: fix Tx stall after buffer overflow
usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags
usb: gadget: composite: Support more than 500mA MaxPower
selftests: fix too long argument
serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE
kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic
RDMA/core: Fix use of logical OR in get_new_pps
RDMA/core: Fix pkey and port assignment in get_new_pps
net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec
EDAC/amd64: Set grain per DIMM
x86/mce: Handle varying MCA bank counts
vhost: Check docket sk_family instead of call getname
audit: always check the netlink payload length in audit_receive_msg()
Revert "char/random: silence a lockdep splat with printk()"
mm, thp: fix defrag setting if newline is not used
mm/huge_memory.c: use head to check huge zero page
perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
kprobes: Set unoptimized flag after unoptimizing code
drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()'
tuntap: correctly set SOCKWQ_ASYNC_NOSPACE
KVM: Check for a bad hva before dropping into the ghc slow path
KVM: SVM: Override default MMIO mask if memory encryption is enabled
mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame()
namei: only return -ECHILD from follow_dotdot_rcu()
net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
net: atlantic: fix potential error handling
net: netlink: cap max groups which will be considered in netlink_bind()
include/linux/bitops.h: introduce BITS_PER_TYPE
ecryptfs: Fix up bad backport of fe2e082f5da5b4a0a92ae32978f81507ef37ec66
usb: charger: assign specific number for enum value
drm/i915/gvt: Separate display reset from ALL_ENGINES reset
i2c: jz4780: silence log flood on txabrt
i2c: altera: Fix potential integer overflow
MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
HID: hiddev: Fix race in in hiddev_disconnect()
Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"
tracing: Disable trace_printk() on post poned tests
HID: core: increase HID report buffer size to 8KiB
HID: core: fix off-by-one memset in hid_report_raw_event()
HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock
KVM: VMX: check descriptor table exits on instruction emulation
ACPI: watchdog: Fix gas->access_width usage
ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro
audit: fix error handling in audit_data_to_entry()
ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
net: sched: correct flower port blocking
qede: Fix race between rdma destroy workqueue and link change event
ipv6: Fix route replacement with dev-only route
ipv6: Fix nlmsg_flags when splitting a multipath route
sctp: move the format error check out of __sctp_sf_do_9_1_abort
nfc: pn544: Fix occasional HW initialization failure
net: phy: restore mdio regs in the iproc mdio driver
net: fib_rules: Correctly set table field when table number exceeds 8 bits
sysrq: Remove duplicated sysrq message
sysrq: Restore original console_loglevel when sysrq disabled
cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
cifs: Fix mode output in debugging statements
net: ena: ena-com.c: prevent NULL pointer dereference
net: ena: ethtool: use correct value for crc32 hash
net: ena: fix incorrectly saving queue numbers when setting RSS indirection table
net: ena: rss: store hash function as values and not bits
net: ena: rss: fix failure to get indirection table
net: ena: fix incorrect default RSS key
net: ena: add missing ethtool TX timestamping indication
net: ena: fix uses of round_jiffies()
net: ena: fix potential crash when rxfh key is NULL
qmi_wwan: unconditionally reject 2 ep interfaces
qmi_wwan: re-add DW5821e pre-production variant
cfg80211: check wiphy driver existence for drvinfo report
mac80211: consider more elements in parsing CRC
dax: pass NOWAIT flag to iomap_apply
drm/msm: Set dma maximum segment size for mdss
ipmi:ssif: Handle a possible NULL pointer reference
ext4: fix potential race between s_group_info online resizing and access
ext4: fix potential race between s_flex_groups online resizing and access
ext4: fix potential race between online resizing and write operations
netfilter: nf_conntrack: resolve clash for matching conntracks
iwlwifi: pcie: fix rb_allocator workqueue allocation
FROMLIST: f2fs: fix wrong check on F2FS_IOC_FSSETXATTR
UPSTREAM: binder: prevent UAF for binderfs devices II
UPSTREAM: binder: prevent UAF for binderfs devices
FROMLIST: lib: test_stackinit.c: XFAIL switch variable init tests
ANDROID: cuttlefish: disable KPROBES
ANDROID: scsi: ufs: allow ufs variants to override sg entry size
FROMLIST: ufs: fix a bug on printing PRDT
BACKPORT: loop: Add LOOP_SET_BLOCK_SIZE in compat ioctl
ANDROID: fix build issue in security/selinux/avc.c
ANDROID: cuttlefish_defconfig: Disable CONFIG_RT_GROUP_SCHED
ANDROID: Enable HID_NINTENDO as y
FROMLIST: HID: nintendo: add nintendo switch controller driver
Linux 4.14.172
s390/mm: Explicitly compare PAGE_DEFAULT_KEY against zero in storage_key_init_range
xen: Enable interrupts when calling _cond_resched()
ata: ahci: Add shutdown to freeze hardware resources of ahci
netfilter: xt_hashlimit: limit the max size of hashtable
ALSA: seq: Fix concurrent access to queue current tick/time
ALSA: seq: Avoid concurrent access to queue flags
ALSA: rawmidi: Avoid bit fields for state flags
genirq/proc: Reject invalid affinity masks (again)
iommu/vt-d: Fix compile warning from intel-svm.h
ecryptfs: replace BUG_ON with error handling code
staging: greybus: use after free in gb_audio_manager_remove_all()
staging: rtl8723bs: fix copy of overlapping memory
usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus
scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session"
scsi: Revert "RDMA/isert: Fix a recently introduced regression related to logout"
Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents
btrfs: do not check delayed items are empty for single transaction cleanup
btrfs: fix bytes_may_use underflow in prealloc error condtition
KVM: apic: avoid calculating pending eoi from an uninitialized val
KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
KVM: nVMX: Check IO instruction VM-exit conditions
KVM: nVMX: Refactor IO bitmap checks into helper function
ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
ext4: rename s_journal_flag_rwsem to s_writepages_rwsem
ext4: fix mount failure with quota configured as module
ext4: add cond_resched() to __ext4_find_entry()
ext4: fix a data race in EXT4_I(inode)->i_disksize
KVM: nVMX: Don't emulate instructions in guest mode
lib/stackdepot.c: fix global out-of-bounds in stack_slabs
serial: 8250: Check UPF_IRQ_SHARED in advance
vt: vt_ioctl: fix race in VT_RESIZEX
VT_RESIZEX: get rid of field-by-field copyin
xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
KVM: x86: don't notify userspace IOAPIC on edge-triggered interrupt EOI
drm/amdgpu/soc15: fix xclk for raven
mm/vmscan.c: don't round up scan size for online memory cgroup
Revert "ipc,sem: remove uneeded sem_undo_list lock usage in exit_sem()"
MAINTAINERS: Update drm/i915 bug filing URL
serdev: ttyport: restore client ops on deregistration
tty: serial: imx: setup the correct sg entry for tx dma
tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode
x86/mce/amd: Fix kobject lifetime
x86/mce/amd: Publish the bank pointer only after setup has succeeded
staging: rtl8723bs: Fix potential overuse of kernel memory
staging: rtl8723bs: Fix potential security hole
staging: rtl8188eu: Fix potential overuse of kernel memory
staging: rtl8188eu: Fix potential security hole
USB: hub: Fix the broken detection of USB3 device in SMSC hub
USB: hub: Don't record a connect-change event during reset-resume
USB: Fix novation SourceControl XL after suspend
usb: uas: fix a plug & unplug racing
usb: host: xhci: update event ring dequeue pointer on purpose
xhci: fix runtime pm enabling for quirky Intel hosts
xhci: Force Maximum Packet size for Full-speed bulk devices to valid range.
staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi.
staging: android: ashmem: Disallow ashmem memory from being remapped
vt: selection, handle pending signals in paste_selection
floppy: check FDC index for errors before assigning it
USB: misc: iowarrior: add support for the 100 device
USB: misc: iowarrior: add support for the 28 and 28L devices
USB: misc: iowarrior: add support for 2 OEMed devices
thunderbolt: Prevent crash if non-active NVMem file is read
net/smc: fix leak of kernel memory to user space
net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
net: dsa: tag_qca: Make sure there is headroom for tag
enic: prevent waking up stopped tx queues over watchdog reset
selinux: ensure we cleanup the internal AVC counters on error in avc_update()
mlxsw: spectrum_dpipe: Add missing error path
virtio_balloon: prevent pfn array overflow
help_next should increase position index
brd: check and limit max_part par
microblaze: Prevent the overflow of the start
iwlwifi: mvm: Fix thermal zone registration
irqchip/gic-v3-its: Reference to its_invall_cmd descriptor when building INVALL
bcache: explicity type cast in bset_bkey_last()
reiserfs: prevent NULL pointer dereference in reiserfs_insert_item()
lib/scatterlist.c: adjust indentation in __sg_alloc_table
ocfs2: fix a NULL pointer dereference when call ocfs2_update_inode_fsync_trans()
radeon: insert 10ms sleep in dce5_crtc_load_lut
trigger_next should increase position index
ftrace: fpid_next() should increase position index
drm/nouveau/disp/nv50-: prevent oops when no channel method map provided
irqchip/gic-v3: Only provision redistributors that are enabled in ACPI
ceph: check availability of mds cluster on mount after wait timeout
cifs: fix NULL dereference in match_prepath
iwlegacy: ensure loop counter addr does not wrap and cause an infinite loop
hostap: Adjust indentation in prism2_hostapd_add_sta
ARM: 8951/1: Fix Kexec compilation issue.
jbd2: make sure ESHUTDOWN to be recorded in the journal superblock
jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record
powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
ALSA: hda - Add docking station support for Lenovo Thinkpad T420s
driver core: platform: fix u32 greater or equal to zero comparison
s390/ftrace: generate traced function stack frame
x86/decoder: Add TEST opcode to Group3-2
ALSA: hda/hdmi - add retry logic to parse_intel_hdmi()
irqchip/mbigen: Set driver .suppress_bind_attrs to avoid remove problems
remoteproc: Initialize rproc_class before use
btrfs: device stats, log when stats are zeroed
btrfs: safely advance counter when looking up bio csums
btrfs: fix possible NULL-pointer dereference in integrity checks
pwm: Remove set but not set variable 'pwm'
ide: serverworks: potential overflow in svwks_set_pio_mode()
cmd64x: potential buffer overflow in cmd64x_program_timings()
pwm: omap-dmtimer: Remove PWM chip in .remove before making it unfunctional
x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd
f2fs: fix memleak of kobject
watchdog/softlockup: Enforce that timestamp is valid on boot
arm64: fix alternatives with LLVM's integrated assembler
scsi: iscsi: Don't destroy session if there are outstanding connections
f2fs: free sysfs kobject
iommu/arm-smmu-v3: Use WRITE_ONCE() when changing validity of an STE
usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue
drm/vmwgfx: prevent memory leak in vmw_cmdbuf_res_add
drm/nouveau: Fix copy-paste error in nouveau_fence_wait_uevent_handler
drm/nouveau/gr/gk20a,gm200-: add terminators to method lists read from fw
drm/nouveau/secboot/gm20b: initialize pointer in gm20b_secboot_new()
vme: bridges: reduce stack usage
driver core: Print device when resources present in really_probe()
driver core: platform: Prevent resouce overflow from causing infinite loops
tty: synclink_gt: Adjust indentation in several functions
tty: synclinkmp: Adjust indentation in several functions
ASoC: atmel: fix build error with CONFIG_SND_ATMEL_SOC_DMA=m
wan: ixp4xx_hss: fix compile-testing on 64-bit
Input: edt-ft5x06 - work around first register access error
rcu: Use WRITE_ONCE() for assignments to ->pprev for hlist_nulls
efi/x86: Don't panic or BUG() on non-critical error conditions
soc/tegra: fuse: Correct straps' address for older Tegra124 device trees
IB/hfi1: Add software counter for ctxt0 seq drop
udf: Fix free space reporting for metadata and virtual partitions
usbip: Fix unsafe unaligned pointer usage
drm: remove the newline for CRC source name.
tools lib api fs: Fix gcc9 stringop-truncation compilation error
ALSA: sh: Fix compile warning wrt const
ALSA: sh: Fix unused variable warnings
clk: sunxi-ng: add mux and pll notifiers for A64 CPU clock
RDMA/rxe: Fix error type of mmap_offset
pinctrl: sh-pfc: sh7269: Fix CAN function GPIOs
PM / devfreq: rk3399_dmc: Add COMPILE_TEST and HAVE_ARM_SMCCC dependency
x86/vdso: Provide missing include file
dmaengine: Store module owner in dma_device struct
ARM: dts: r8a7779: Add device node for ARM global timer
drm/mediatek: handle events when enabling/disabling crtc
scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
scsi: ufs: Complete pending requests in host reset and restore path
ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1
orinoco: avoid assertion in case of NULL pointer
rtlwifi: rtl_pci: Fix -Wcast-function-type
iwlegacy: Fix -Wcast-function-type
ipw2x00: Fix -Wcast-function-type
b43legacy: Fix -Wcast-function-type
ALSA: usx2y: Adjust indentation in snd_usX2Y_hwdep_dsp_status
fore200e: Fix incorrect checks of NULL pointer dereference
reiserfs: Fix spurious unlock in reiserfs_fill_super() error handling
media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in v4l2_device macros
ARM: dts: imx6: rdu2: Disable WP for USDHC2 and USDHC3
arm64: dts: qcom: msm8996: Disable USB2 PHY suspend by core
NFC: port100: Convert cpu_to_le16(le16_to_cpu(E1) + E2) to use le16_add_cpu().
PCI/IOV: Fix memory leak in pci_iov_add_virtfn()
net/wan/fsl_ucc_hdlc: reject muram offsets above 64K
regulator: rk808: Lower log level on optional GPIOs being not available
drm/amdgpu: remove 4 set but not used variable in amdgpu_atombios_get_connector_info_from_object_table
clk: qcom: rcg2: Don't crash if our parent can't be found; return an error
kconfig: fix broken dependency in randconfig-generated .config
KVM: s390: ENOTSUPP -> EOPNOTSUPP fixups
nbd: add a flush_workqueue in nbd_start_device
ext4, jbd2: ensure panic when aborting with zero errno
tracing: Fix very unlikely race of registering two stat tracers
tracing: Fix tracing_stat return values in error handling paths
x86/sysfb: Fix check for bad VRAM size
jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal
kselftest: Minimise dependency of get_size on C library interfaces
clocksource/drivers/bcm2835_timer: Fix memory leak of timer
usb: dwc2: Fix IN FIFO allocation
usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe()
uio: fix a sleep-in-atomic-context bug in uio_dmem_genirq_irqcontrol()
sparc: Add .exit.data section.
MIPS: Loongson: Fix potential NULL dereference in loongson3_platform_init()
efi/x86: Map the entire EFI vendor string before copying it
pinctrl: baytrail: Do not clear IRQ flags on direct-irq enabled pins
media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run()
char/random: silence a lockdep splat with printk()
gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap()
powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number
media: i2c: mt9v032: fix enum mbus codes and frame sizes
pxa168fb: Fix the function used to release some memory in an error handling path
pinctrl: sh-pfc: sh7264: Fix CAN function GPIOs
gianfar: Fix TX timestamping with a stacked DSA driver
ALSA: ctl: allow TLV read operation for callback type of element in locked case
ext4: fix ext4_dax_read/write inode locking sequence for IOCB_NOWAIT
leds: pca963x: Fix open-drain initialization
brcmfmac: Fix use after free in brcmf_sdio_readframes()
cpu/hotplug, stop_machine: Fix stop_machine vs hotplug order
drm/gma500: Fixup fbdev stolen size usage evaluation
KVM: nVMX: Use correct root level for nested EPT shadow page tables
Revert "KVM: VMX: Add non-canonical check on writes to RTIT address MSRs"
Revert "KVM: nVMX: Use correct root level for nested EPT shadow page tables"
scsi: qla2xxx: fix a potential NULL pointer dereference
jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer
jbd2: move the clearing of b_modified flag to the journal_unmap_buffer()
hwmon: (pmbus/ltc2978) Fix PMBus polling of MFR_COMMON definitions.
perf/x86/intel: Fix inaccurate period in context switch for auto-reload
s390/time: Fix clk type in get_tod_clock
RDMA/core: Fix protection fault in get_pkey_idx_qp_list
IB/hfi1: Close window for pq and request coliding
serial: imx: Only handle irqs that are actually enabled
serial: imx: ensure that RX irqs are off if RX is off
padata: Remove broken queue flushing
perf/x86/amd: Add missing L2 misses event spec to AMD Family 17h's event map
KVM: nVMX: Use correct root level for nested EPT shadow page tables
arm64: ssbs: Fix context-switch when SSBS is present on all CPUs
btrfs: log message when rw remount is attempted with unclean tree-log
btrfs: print message when tree-log replay starts
Btrfs: fix race between using extent maps and merging them
ext4: improve explanation of a mount failure caused by a misconfigured kernel
ext4: fix checksum errors with indexed dirs
ext4: fix support for inode sizes > 1024 bytes
ext4: don't assume that mmp_nodename/bdevname have NUL
ARM: 8723/2: always assume the "unified" syntax for assembly code
arm64: nofpsimd: Handle TIF_FOREIGN_FPSTATE flag cleanly
arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations
arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly
ALSA: usb-audio: Apply sample rate quirk for Audioengine D1
Input: synaptics - remove the LEN0049 dmi id from topbuttonpad list
Input: synaptics - enable SMBus on ThinkPad L470
Input: synaptics - switch T470s to RMI4 by default
ecryptfs: fix a memory leak bug in ecryptfs_init_messaging()
ecryptfs: fix a memory leak bug in parse_tag_1_packet()
ASoC: sun8i-codec: Fix setting DAI data format
ALSA: hda: Use scnprintf() for printing texts for sysfs/procfs
iommu/qcom: Fix bogus detach logic
KVM: x86: emulate RDPID
UPSTREAM: sched/psi: Fix OOB write when writing 0 bytes to PSI files
UPSTREAM: psi: Fix a division error in psi poll()
UPSTREAM: sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime
UPSTREAM: sched/psi: Correct overly pessimistic size calculation
FROMLIST: f2fs: Handle casefolding with Encryption
FROMLIST: fscrypt: Have filesystems handle their d_ops
FROMLIST: ext4: Use generic casefolding support
FROMLIST: f2fs: Use generic casefolding support
FROMLIST: Add standard casefolding support
FROMLIST: unicode: Add utf8_casefold_hash
ANDROID: cuttlefish_defconfig: Add CONFIG_UNICODE
ANDROID: sdcardfs: fix -ENOENT lookup race issue
ANDROID: gki_defconfig: Enable CONFIG_RD_LZ4
ANDROID: dm: Add wrapped key support in dm-default-key
ANDROID: dm: add support for passing through derive_raw_secret
ANDROID: block: Prevent crypto fallback for wrapped keys
ANDROID: Disable wq fp check in CFI builds
ANDROID: increase limit on sched-tune boost groups
ANDROID: ufs, block: fix crypto power management and move into block layer
ANDROID: Incremental fs: Support xattrs
ANDROID: test_stackinit: work around LLVM PR44916
ANDROID: clang: update to 10.0.4
fs-verity: use u64_to_user_ptr()
fs-verity: use mempool for hash requests
fs-verity: implement readahead of Merkle tree pages
ext4: readpages() should submit IO as read-ahead
fs-verity: implement readahead for FS_IOC_ENABLE_VERITY
fscrypt: improve format of no-key names
ubifs: allow both hash and disk name to be provided in no-key names
ubifs: don't trigger assertion on invalid no-key filename
fscrypt: clarify what is meant by a per-file key
fscrypt: derive dirhash key for casefolded directories
fscrypt: don't allow v1 policies with casefolding
fscrypt: add "fscrypt_" prefix to fname_encrypt()
fscrypt: don't print name of busy file when removing key
fscrypt: document gfp_flags for bounce page allocation
fscrypt: optimize fscrypt_zeroout_range()
fscrypt: remove redundant bi_status check
fscrypt: Allow modular crypto algorithms
fscrypt: include <linux/ioctl.h> in UAPI header
fscrypt: don't check for ENOKEY from fscrypt_get_encryption_info()
fscrypt: remove fscrypt_is_direct_key_policy()
fscrypt: move fscrypt_valid_enc_modes() to policy.c
fscrypt: check for appropriate use of DIRECT_KEY flag earlier
fscrypt: split up fscrypt_supported_policy() by policy version
fscrypt: introduce fscrypt_needs_contents_encryption()
fscrypt: move fscrypt_d_revalidate() to fname.c
fscrypt: constify inode parameter to filename encryption functions
fscrypt: constify struct fscrypt_hkdf parameter to fscrypt_hkdf_expand()
fscrypt: verify that the crypto_skcipher has the correct ivsize
fscrypt: use crypto_skcipher_driver_name()
fscrypt: support passing a keyring key to FS_IOC_ADD_ENCRYPTION_KEY
keys: Export lookup_user_key to external users
f2fs: fix build error on PAGE_KERNEL_RO
Conflicts:
arch/arm64/kernel/smp.c
arch/arm64/kernel/traps.c
block/blk-crypto-fallback.c
block/keyslot-manager.c
drivers/base/power/wakeup.c
drivers/clk/clk.c
drivers/clk/qcom/clk-rcg2.c
drivers/gpu/Makefile
drivers/gpu/drm/msm/msm_drv.c
drivers/gpu/drm/msm/msm_gem.c
drivers/hwtracing/coresight/coresight-funnel.c
drivers/irqchip/irq-gic-v3.c
drivers/md/dm.c
drivers/net/ethernet/qualcomm/rmnet/rmnet_config.c
drivers/net/ethernet/stmicro/stmmac/stmmac_hwtstamp.c
drivers/net/macsec.c
drivers/net/phy/micrel.c
drivers/net/wireless/ath/wil6210/cfg80211.c
drivers/net/wireless/ath/wil6210/fw_inc.c
drivers/net/wireless/ath/wil6210/pcie_bus.c
drivers/net/wireless/ath/wil6210/pm.c
drivers/net/wireless/ath/wil6210/wil6210.h
drivers/of/base.c
drivers/power/supply/power_supply_sysfs.c
drivers/rpmsg/qcom_glink_smem.c
drivers/scsi/sd.c
drivers/scsi/ufs/ufshcd-crypto.c
drivers/scsi/ufs/ufshcd.c
drivers/scsi/ufs/ufshcd.h
drivers/scsi/ufs/ufshci.h
drivers/usb/dwc3/core.c
drivers/usb/dwc3/gadget.c
drivers/usb/gadget/Kconfig
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/f_fs.c
drivers/usb/gadget/legacy/Makefile
drivers/usb/host/xhci-mem.c
fs/ext4/readpage.c
fs/sdcardfs/lookup.c
include/linux/key.h
include/linux/keyslot-manager.h
include/linux/power_supply.h
include/uapi/linux/coresight-stm.h
net/qrtr/qrtr.c
Change-Id: Iaa9fcbe987e721f02596e167249a519781ed3888
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
b726057b9e |
Linux 4.14.187
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAl77n3MACgkQ3qZv95d3 LNzAARAAusuJS+bN1O8HuoKkjr+2Tv1UFKrYkBQTlSgChNFwgWiSCVrU4LeSSp0E H0K+ranCQZvMoFDAODkYP2C+WrxAFscRHahrkBA3sGo0+LHNxhfxyycM36I/w5Jk iRR4WkH7wpLgeTj4h2IIbSUyaCnp5pRzkKb70fzKxDgDQmBWvGFcQ0Pv9JzeKWiw 3Wz9KqKLUfEaUhIrdTFbONvbDXe82a3SE54lEy1apqL1NRumBa/rL8W8oBk7LfHE 8bGM4gd/+bRSER+tZZrWfdzazJ2uIVCCYtEm5R03NxkHZVuslKY+UGQbQcL3OxQN btEimZOGjuP1H+P83rjz4oJmhLWzkKGCBH3zVUwlj6PeSiI0suH2UJEhm8CSwONU 88cGkD75hCXxJWYwtW1dqmt7e2CtRwL4t7UgFvZ15cAG8cYgr2C6JOvxkZ0CfkWS GHnchfDKYnN6e3AWbfoNMrQuA/X6uhgU8lhtI+Txr2CD18tnmiwloQ6VRlX0zcwa 5kOsipd4qRRAmGLwGSfkg+cJXSA4Yw42RmK2R+IUeoq8mgHYPF1R8UYYB+fXIsTC g9k9yeRnd92WZuddWtHIVaHNxuOqDYUGuPUoaiEzKeaTlfxjLdxweIGbn1iThO1Y q1w4QxumGvIpSnvJ8yC1P37uT/j61QVIOytAZzNCQBKTorTo0eo= =Dhaj -----END PGP SIGNATURE----- Merge 4.14.187 into android-4.14-stable Changes in 4.14.187 scsi: scsi_devinfo: handle non-terminated strings net: be more gentle about silly gso requests coming from user block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed net: sched: export __netdev_watchdog_up() fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()" apparmor: don't try to replace stale label in ptraceme check ibmveth: Fix max MTU limit mld: fix memory leak in ipv6_mc_destroy_dev() net: bridge: enfore alignment for ethernet address net: fix memleak in register_netdevice() net: usb: ax88179_178a: fix packet alignment padding rocker: fix incorrect error handling in dma_rings_init rxrpc: Fix notification call on completion of discarded calls sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket tcp: grow window for OOO packets only for SACK flows tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes ip_tunnel: fix use-after-free in ip_tunnel_lookup() tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() net: Fix the arp error in some cases net: Do not clear the sock TX queue in sk_set_socket() net: core: reduce recursion limit value USB: ohci-sm501: Add missed iounmap() in remove usb: dwc2: Postponed gadget registration to the udc class driver usb: add USB_QUIRK_DELAY_INIT for Logitech C922 USB: ehci: reopen solution for Synopsys HC bug usb: host: xhci-mtk: avoid runtime suspend when removing hcd usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() ALSA: usb-audio: add quirk for Denon DCD-1500RE xhci: Fix incorrect EP_STATE_MASK xhci: Fix enumeration issue when setting max packet size for FS devices. cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip loop: replace kill_bdev with invalidate_bdev ALSA: usb-audio: uac1: Invalidate ctl on interrupt ALSA: usb-audio: Clean up mixer element list traverse ALSA: usb-audio: Fix OOB access of mixer element list xhci: Poll for U0 after disabling USB2 LPM cifs/smb3: Fix data inconsistent when punch hole cifs/smb3: Fix data inconsistent when zero file range efi/esrt: Fix reference count leak in esre_create_sysfs_entry. ARM: dts: NSP: Correct FA2 mailbox node rxrpc: Fix handling of rwind from an ACK packet RDMA/cma: Protect bind_list and listen_list while finding matching cm id ASoC: rockchip: Fix a reference count leak. RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() net: qed: fix left elements count calculation net: qed: fix NVMe login fails over VFs net: qed: fix excessive QM ILT lines consumption ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() usb: gadget: udc: Potential Oops in error handling code netfilter: ipset: fix unaligned atomic access net: bcmgenet: use hardware padding of runt frames sched/core: Fix PI boosting between RT and DEADLINE tasks ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function net: alx: fix race condition in alx_remove s390/ptrace: fix setting syscall number kbuild: improve cc-option to clean up all temporary files blktrace: break out of blktrace setup on concurrent calls ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table ACPI: sysfs: Fix pm_profile_attr type KVM: X86: Fix MSR range of APIC registers in X2APIC mode KVM: nVMX: Plumb L2 GPA through to PML emulation btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof mm/slab: use memzero_explicit() in kzfree() ocfs2: load global_inode_alloc ocfs2: fix value of OCFS2_INVALID_SLOT ocfs2: fix panic on nfs server over ocfs2 arm64: perf: Report the PC value in REGS_ABI_32 mode tracing: Fix event trigger to accept redundant spaces drm/radeon: fix fb_div check in ni_init_smc_spll_table() Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() sunrpc: fixed rollback in rpc_gssd_dummy_populate() SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() pNFS/flexfiles: Fix list corruption if the mirror count changes NFSv4 fix CLOSE not waiting for direct IO compeletion xfs: add agf freeblocks verify in xfs_agf_verify Revert "tty: hvc: Fix data abort due to race in hvc_open" Linux 4.14.187 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5f3301cdfbf593334e7b3d83f6c83f56a6476a33 |
||
Jann Horn
|
ecf8e185a2 |
apparmor: don't try to replace stale label in ptraceme check
[ Upstream commit ca3fde5214e1d24f78269b337d3f22afd6bf445e ]
begin_current_label_crit_section() must run in sleepable context because
when label_is_stale() is true, aa_replace_current_label() runs, which uses
prepare_creds(), which can sleep.
Until now, the ptraceme access check (which runs with tasklist_lock held)
violated this rule.
Fixes: b2d09ae449ced ("apparmor: move ptrace checks to using labels")
Reported-by: Cyrill Gorcunov <gorcunov@gmail.com>
Reported-by: kernel test robot <rong.a.chen@intel.com>
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Srinivasarao P
|
8e1e29842d |
Merge android-4.14.168 (509b380) into msm-4.14
* refs/heads/tmp-509b380:
Revert "Revert "ANDROID: security,perf: Allow further restriction of perf_event_open""
Linux 4.14.168
m68k: Call timer_interrupt() with interrupts disabled
serial: stm32: fix clearing interrupt error flags
IB/iser: Fix dma_nents type definition
arm64: dts: juno: Fix UART frequency
drm/radeon: fix bad DMA from INTERRUPT_CNTL2
dmaengine: ti: edma: fix missed failure handling
affs: fix a memory leak in affs_remount
mmc: core: fix wl1251 sdio quirks
mmc: sdio: fix wl1251 vendor id
packet: fix data-race in fanout_flow_is_huge()
net: neigh: use long type to store jiffies delta
hv_netvsc: flag software created hash value
MIPS: Loongson: Fix return value of loongson_hwmon_init
afs: Fix large file support
net: qca_spi: Move reset_count to struct qcaspi
net: netem: correct the parent's backlog when corrupted packet was dropped
net: netem: fix error path for corrupted GSO frames
dmaengine: imx-sdma: fix size check for sdma script_number
drm/msm/dsi: Implement reset correctly
tcp: annotate lockless access to tcp_memory_pressure
net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head
net: avoid possible false sharing in sk_leave_memory_pressure()
act_mirred: Fix mirred_init_module error handling
net: stmmac: fix length of PTP clock's name string
llc: fix sk_buff refcounting in llc_conn_state_process()
llc: fix another potential sk_buff leak in llc_ui_sendmsg()
mac80211: accept deauth frames in IBSS mode
net: stmmac: gmac4+: Not all Unicast addresses may be available
nvme: retain split access workaround for capability reads
net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
of: mdio: Fix a signedness bug in of_phy_get_and_connect()
net: axienet: fix a signedness bug in probe
net: stmmac: dwmac-meson8b: Fix signedness bug in probe
net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
net: aquantia: Fix aq_vec_isr_legacy() return value
iommu/amd: Wait for completion of IOTLB flush in attach_device
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
RDMA/cma: Fix false error message
ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet
pinctrl: iproc-gpio: Fix incorrect pinconf configurations
net: sonic: replace dev_kfree_skb in sonic_send_packet
hwmon: (shtc1) fix shtc1 and shtw1 id mask
ixgbe: sync the first fragment unconditionally
btrfs: use correct count in btrfs_file_write_iter()
Btrfs: fix inode cache waiters hanging on path allocation failure
Btrfs: fix inode cache waiters hanging on failure to start caching thread
Btrfs: fix hang when loading existing inode cache off disk
scsi: fnic: fix msix interrupt allocation
net: sonic: return NETDEV_TX_OK if failed to map buffer
tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs
ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
iio: dac: ad5380: fix incorrect assignment to val
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
irqdomain: Add the missing assignment of domain->fwnode for named fwnode
staging: greybus: light: fix a couple double frees
x86, perf: Fix the dependency of the x86 insn decoder selftest
power: supply: Init device wakeup after device_add()
hwmon: (lm75) Fix write operations for negative temperatures
Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
ahci: Do not export local variable ahci_em_messages
iommu/mediatek: Fix iova_to_phys PA start for 4GB mode
mips: avoid explicit UB in assignment of mips_io_port_base
rtc: pcf2127: bugfix: read rtc disables watchdog
media: atmel: atmel-isi: fix timeout value for stop streaming
mac80211: minstrel_ht: fix per-group max throughput rate initialization
dmaengine: dw: platform: Switch to acpi_dma_controller_register()
ASoC: sun4i-i2s: RX and TX counter registers are swapped
signal: Allow cifs and drbd to receive their terminating signals
bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
net/rds: Add a few missing rds_stat_names entries
ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
ext4: set error return correctly when ext4_htree_store_dirent fails
crypto: caam - free resources in case caam_rng registration failed
cifs: fix rmmod regression in cifs.ko caused by force_sig changes
net/mlx5: Fix mlx5_ifc_query_lag_out_bits
ARM: dts: stm32: add missing vdda-supply to adc on stm32h743i-eval
tipc: reduce risk of wakeup queue starvation
ALSA: aoa: onyx: always initialize register read value
crypto: ccp - Reduce maximum stack usage
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
mic: avoid statically declaring a 'struct device'.
usb: host: xhci-hub: fix extra endianness conversion
qed: reduce maximum stack frame size
libertas_tf: Use correct channel range in lbtf_geo_init
PM: sleep: Fix possible overflow in pm_system_cancel_wakeup()
clk: sunxi-ng: v3s: add the missing PLL_DDR1
scsi: libfc: fix null pointer dereference on a null lport
net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
RDMA/hns: Fixs hw access invalid dma memory error
devres: allow const resource arguments
rxrpc: Fix uninitialized error code in rxrpc_send_data_packet()
mfd: intel-lpss: Release IDA resources
iommu/amd: Make iommu_disable safer
bnxt_en: Fix ethtool selftest crash under error conditions.
nvmem: imx-ocotp: Ensure WAIT bits are preserved when setting timing
clk: qcom: Fix -Wunused-const-variable
dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width"
perf/ioctl: Add check for the sample_period value
drm/msm/a3xx: remove TPL1 regs from snapshot
rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
rtc: pcf8563: Fix interrupt trigger method
ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
net/af_iucv: always register net_device notifier
net: netem: fix backlog accounting for corrupted GSO frames
drm/msm/mdp5: Fix mdp5_cfg_init error return
powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state
iommu/vt-d: Duplicate iommu_resv_region objects per device list
mpls: fix warning with multi-label encap
media: vivid: fix incorrect assignment operation when setting video mode
cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency
cpufreq: brcmstb-avs-cpufreq: Fix initial command check
netvsc: unshare skb in VF rx handler
inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
iommu: Use right function to get group for device
misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
serial: stm32: fix wakeup source initialization
serial: stm32: Add support of TC bit status check
serial: stm32: fix transmit_chars when tx is stopped
serial: stm32: fix rx error handling
crypto: ccp - Fix 3DES complaint from ccp-crypto module
crypto: ccp - fix AES CFB error exposed by new test vectors
spi: spi-fsl-spi: call spi_finalize_current_message() at the end
RDMA/qedr: Fix incorrect device rate.
arm64: dts: meson: libretech-cc: set eMMC as removable
dmaengine: tegra210-adma: Fix crash during probe
ARM: dts: sun8i-h3: Fix wifi in Beelink X2 DT
EDAC/mc: Fix edac_mc_find() in case no device is found
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
backlight: lm3630a: Return 0 on success in update_status functions
kdb: do a sanity check on the cpu in kdb_per_cpu()
ARM: riscpc: fix lack of keyboard interrupts after irq conversion
pwm: meson: Don't disable PWM when setting duty repeatedly
pwm: meson: Consider 128 a valid pre-divider
netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
crypto: caam - fix caam_dump_sg that iterates through scatterlist
platform/x86: alienware-wmi: printing the wrong error code
media: davinci/vpbe: array underflow in vpbe_enum_outputs()
media: omap_vout: potential buffer overflow in vidioc_dqbuf()
l2tp: Fix possible NULL pointer dereference
vfio/mdev: Fix aborting mdev child device removal if one fails
vfio/mdev: Avoid release parent reference during error path
afs: Fix the afs.cell and afs.volume xattr handlers
lightnvm: pblk: fix lock order in pblk_rb_tear_down_check
mmc: core: fix possible use after free of host
dmaengine: tegra210-adma: restore channel status
net: ena: fix ena_com_fill_hash_function() implementation
net: ena: fix incorrect test of supported hash function
net: ena: fix: Free napi resources when ena_up() fails
net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
IB/mlx5: Add missing XRC options to QP optional params mask
dwc2: gadget: Fix completed transfer size calculation in DDMA
usb: gadget: fsl: fix link error against usb-gadget module
ASoC: fix valid stream condition
packet: in recvmsg msg_name return at least sizeof sockaddr_ll
scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory
scsi: qla2xxx: Fix a format specifier
irqchip/gic-v3-its: fix some definitions of inner cacheability attributes
NFS: Don't interrupt file writeout due to fatal errors
ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
dmaengine: axi-dmac: Don't check the number of frames for alignment
6lowpan: Off by one handling ->nexthdr
media: ov2659: fix unbalanced mutex_lock/unlock
ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect
powerpc: vdso: Make vdso32 installation conditional in vdso_install
selftests/ipc: Fix msgque compiler warnings
tipc: set sysctl_tipc_rmem and named_timeout right range
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
net: hns3: fix for vport->bw_limit overflow problem
ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
scsi: target/core: Fix a race condition in the LUN lookup code
scsi: qla2xxx: Unregister chrdev if module initialization fails
ehea: Fix a copy-paste err in ehea_init_port_res
spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
soc/fsl/qe: Fix an error code in qe_pin_request()
spi: tegra114: configure dma burst size to fifo trig level
spi: tegra114: flush fifos
spi: tegra114: terminate dma and reset on transfer timeout
spi: tegra114: fix for unpacked mode transfers
spi: tegra114: clear packed bit for unpacked mode
media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
media: davinci-isif: avoid uninitialized variable use
ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
arm64: dts: allwinner: a64: Add missing PIO clocks
m68k: mac: Fix VIA timer counter accesses
tipc: tipc clang warning
jfs: fix bogus variable self-initialization
regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB
media: cx23885: check allocation return
media: wl128x: Fix an error code in fm_download_firmware()
media: cx18: update *pos correctly in cx18_read_pos()
media: ivtv: update *pos correctly in ivtv_read_pos()
regulator: lp87565: Fix missing register for LP87565_BUCK_0
net: sh_eth: fix a missing check of of_get_phy_mode
xen, cpu_hotplug: Prevent an out of bounds access
drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
scsi: megaraid_sas: reduce module load time
x86/mm: Remove unused variable 'cpu'
nios2: ksyms: Add missing symbol exports
powerpc/mm: Check secondary hash page table
net: aquantia: fixed instack structure overflow
NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE()
netfilter: nft_set_hash: fix lookups with fixed size hash on big endian
regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
ARM: 8848/1: virt: Align GIC version check with arm64 counterpart
ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe
NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount
platform/x86: wmi: fix potential null pointer dereference
clocksource/drivers/exynos_mct: Fix error path in timer resources initialization
clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
NFS: Fix a soft lockup in the delegation recovery code
powerpc/64s: Fix logic when handling unknown CPU features
staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx
fs/nfs: Fix nfs_parse_devname to not modify it's argument
ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
drm/nouveau/pmu: don't print reply values if exec is false
drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
net: dsa: qca8k: Enable delay for RGMII_ID mode
regulator: pv88090: Fix array out-of-bounds access
regulator: pv88080: Fix array out-of-bounds access
regulator: pv88060: Fix array out-of-bounds access
cdc-wdm: pass return value of recover_from_urb_loss
dmaengine: mv_xor: Use correct device for DMA API
staging: r8822be: check kzalloc return or bail
KVM: PPC: Release all hardware TCE tables attached to a group
hwmon: (pmbus/tps53679) Fix driver info initialization in probe routine
vfio_pci: Enable memory accesses before calling pci_map_rom
keys: Timestamp new keys
block: don't use bio->bi_vcnt to figure out segment number
usb: phy: twl6030-usb: fix possible use-after-free on remove
PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio()
pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group
pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
pinctrl: sh-pfc: emev2: Add missing pinmux functions
drm/etnaviv: potential NULL dereference
iw_cxgb4: use tos when finding ipv6 routes
iw_cxgb4: use tos when importing the endpoint
fbdev: chipsfb: remove set but not used variable 'size'
rtc: pm8xxx: fix unintended sign extension
rtc: 88pm80x: fix unintended sign extension
rtc: 88pm860x: fix unintended sign extension
rtc: ds1307: rx8130: Fix alarm handling
net: phy: fixed_phy: Fix fixed_phy not checking GPIO
thermal: mediatek: fix register index error
rtc: ds1672: fix unintended sign extension
staging: most: cdev: add missing check for cdev_add failure
iwlwifi: mvm: fix RSS config command
ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant
ARM: dts: lpc32xx: reparent keypad controller to SIC1
ARM: dts: lpc32xx: add required clocks property to keypad device node
driver core: Do not resume suppliers under device_links_write_lock()
crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments
driver: uio: fix possible use-after-free in __uio_register_device
driver: uio: fix possible memory leak in __uio_register_device
tty: ipwireless: Fix potential NULL pointer dereference
iwlwifi: mvm: fix A-MPDU reference assignment
net/mlx5: Take lock with IRQs disabled to avoid deadlock
iwlwifi: mvm: avoid possible access out of array.
clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it
spi/topcliff_pch: Fix potential NULL dereference on allocation error
rtc: cmos: ignore bogus century byte
IB/iser: Pass the correct number of entries for dma mapped SGL
ASoC: imx-sgtl5000: put of nodes if finding codec fails
crypto: tgr192 - fix unaligned memory access
crypto: brcm - Fix some set-but-not-used warning
kbuild: mark prepare0 as PHONY to fix external module build
media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL
drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()
RDMA/iw_cxgb4: Fix the unchecked ep dereference
spi: cadence: Correct initialisation of runtime PM
arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD
drm/shmob: Fix return value check in shmob_drm_probe
RDMA/qedr: Fix out of bounds index check in query pkey
RDMA/ocrdma: Fix out of bounds index check in query pkey
IB/usnic: Fix out of bounds index check in query pkey
MIPS: BCM63XX: drop unused and broken DSP platform device
clk: dove: fix refcount leak in dove_clk_init()
clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init()
clk: armada-xp: fix refcount leak in axp_clk_init()
clk: kirkwood: fix refcount leak in kirkwood_clk_init()
clk: armada-370: fix refcount leak in a370_clk_init()
clk: vf610: fix refcount leak in vf610_clocks_init()
clk: imx7d: fix refcount leak in imx7d_clocks_init()
clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
clk: imx6q: fix refcount leak in imx6q_clocks_init()
clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
clk: socfpga: fix refcount leak
clk: qoriq: fix refcount leak in clockgen_init()
clk: highbank: fix refcount leak in hb_clk_init()
Input: nomadik-ske-keypad - fix a loop timeout test
vxlan: changelink: Fix handling of default remotes
pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations
pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
switchtec: Remove immediate status check after submitting MRPC command
staging: bcm2835-camera: Abort probe if there is no camera
IB/rxe: Fix incorrect cache cleanup in error flow
net: phy: Fix not to call phy_resume() if PHY is not attached
drm/dp_mst: Skip validating ports during destruction, just ref
exportfs: fix 'passing zero to ERR_PTR()' warning
pcrypt: use format specifier in kobject_add
NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks
mlxsw: reg: QEEC: Add minimum shaper fields
drm/sun4i: hdmi: Fix double flag assignation
pwm: lpss: Release runtime-pm reference from the driver's remove callback
staging: comedi: ni_mio_common: protect register write overflow
ALSA: usb-audio: update quirk for B&W PX to remove microphone
IB/hfi1: Add mtu check for operational data VLs
IB/rxe: replace kvfree with vfree
drm/hisilicon: hibmc: Don't overwrite fb helper surface depth
PCI: iproc: Remove PAXC slot check to allow VF support
apparmor: don't try to replace stale label in ptrace access check
ALSA: hda: fix unused variable warning
drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
drm/sti: do not remove the drm_bridge that was never added
crypto: sun4i-ss - fix big endian issues
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
tipc: fix wrong timeout input for tipc_wait_for_cond()
powerpc/archrandom: fix arch_get_random_seed_int()
mfd: intel-lpss: Add default I2C device properties for Gemini Lake
xfs: Sanity check flags of Q_XQUOTARM call
FROMGIT: ext4: Add EXT4_IOC_FSGETXATTR/EXT4_IOC_FSSETXATTR to compat_ioctl.
ANDROID: cuttlefish_defconfig: enable CONFIG_IKHEADERS as m
ANDROID: cuttlefish_defconfig: enable NVDIMM/PMEM options
UPSTREAM: virtio-pmem: Add virtio pmem driver
BACKPORT: libnvdimm: nd_region flush callback support
UPSTREAM: libnvdimm/of_pmem: Provide a unique name for bus provider
UPSTREAM: libnvdimm/of_pmem: Fix platform_no_drv_owner.cocci warnings
UPSTREAM: libnvdimm, of_pmem: use dev_to_node() instead of of_node_to_nid()
UPSTREAM: libnvdimm: Add device-tree based driver
UPSTREAM: libnvdimm: Add of_node to region and bus descriptors
FROMLIST: security: selinux: allow per-file labelling for binderfs
UPSTREAM: mm/page_io.c: annotate refault stalls from swap_readpage
Revert "ANDROID: security,perf: Allow further restriction of perf_event_open"
ANDROID: selinux: modify RTM_GETLINK permission
UPSTREAM: lib/test_meminit.c: add bulk alloc/free tests
UPSTREAM: lib/test_meminit: add a kmem_cache_alloc_bulk() test
UPSTREAM: mm: slub: really fix slab walking for init_on_free
UPSTREAM: mm/slub.c: init_on_free=1 should wipe freelist ptr for bulk allocations
Conflicts:
drivers/mmc/core/quirks.h
include/uapi/linux/virtio_ids.h
New header file entries are added to .bp files.
Change-Id: I515cb78684f524e239850625b163ba023b517e10
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
|
Srinivasarao P
|
3d8897974e |
Revert "Revert "ANDROID: security,perf: Allow further restriction of perf_event_open""
This reverts commit 44a6aea9c219f55862776435b918c539855a9e69. Change-Id: I6ee8a29e5e784c06c65b65302ad726651ded45b8 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
e570b0fb2f |
This is the 4.14.186 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl70qaoACgkQONu9yGCS aT47KBAAuBj7O/teYsWuuqSn02hBOlNBOSN1QMKgt72FZmZqusM3GHIII2N0dk0y RATaEXpI/WxgJ7DZ8G9FdTbIyTtbtSV6M190xfjU5gYSdRJv/eDNEYMGiXrCPzJz 4LX/fQUJJQymw1PY89VHMsMcFCVyOlQiZHKQNCfNKFb0xxv6CzbaDM91OlNfJOA4 6w4f3+kB91b+UW/50T9S+ZbJmnX40Lg6GW5yPZP8U2W2gXhHqgWvX5wKbVmr/VLz fcFz8wLxX18Qjp475r185SNp0pN5QyctiwqXm+ngMTbs1DXXHVHUrV5PFwEnc8/Y 1OUWQUfqhvzQetgkhm+WkGtt+TtC12+yjnWy0nTPNt9Uj0/WkM7PpEAjV0Q5qEuS TCJuzzNtrK0vXbTpNCorh3DUzTyH3EhAM8AO4HyVQxie4nfpqaOY/MqdKGuk3LlH jKKn5xjYt0jjRjPBUjphbJs2PU8mOmc4X2cK9tKPHfgPk6KrPJTnPUyCYMBie8g+ 5h15lBqv/SvdUMhtjD+p7LnP6iMIV7DZUW06NFQQ91Q/ZVyb4kJyynmr40ScJJ6O +f+GOdkhy3JSVFtKOgwDOx/V6HSPzVgvI6fhxfdCc9jMxmksE5LcEy7FN0m5jLYL diUbkrinK2dGq1XjJ7N/zx4HzeR6Nvg56aCMaGJvXqHgWv9znNc= =W8kd -----END PGP SIGNATURE----- Merge 4.14.186 into android-4.14-stable Changes in 4.14.186 s390: fix syscall_get_error for compat processes drm/i915: Whitelist context-local timestamp in the gen9 cmdparser power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select clk: sunxi: Fix incorrect usage of round_down() i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets iio: pressure: bmp280: Tolerate IRQ before registering remoteproc: Fix IDR initialisation in rproc_alloc() clk: qcom: msm8916: Fix the address location of pll->config_reg backlight: lp855x: Ensure regulators are disabled on probe failure ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type ARM: integrator: Add some Kconfig selections scsi: qedi: Check for buffer overflow in qedi_set_path() ALSA: isa/wavefront: prevent out of bounds write in ioctl scsi: qla2xxx: Fix issue with adapter's stopping state iio: bmp280: fix compensation of humidity f2fs: report delalloc reserve as non-free in statfs for project quota i2c: pxa: clear all master action bits in i2c_pxa_stop_message() usblp: poison URBs upon disconnect dm mpath: switch paths in dm_blk_ioctl() code path PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register ps3disk: use the default segment boundary vfio/pci: fix memory leaks in alloc_perm_bits() m68k/PCI: Fix a memory leak in an error handling path mfd: wm8994: Fix driver operation if loaded as modules scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event clk: clk-flexgen: fix clock-critical handling powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run nfsd: Fix svc_xprt refcnt leak when setup callback client failed powerpc/crashkernel: Take "mem=" option into account yam: fix possible memory leak in yam_init_driver NTB: Fix the default port and peer numbers for legacy drivers mksysmap: Fix the mismatch of '.L' symbols in System.map apparmor: fix introspection of of task mode for unconfined tasks scsi: sr: Fix sr_probe() missing deallocate of device minor scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM staging: greybus: fix a missing-check bug in gb_lights_light_config() scsi: qedi: Do not flush offload work if ARP not resolved ALSA: usb-audio: Improve frames size computation s390/qdio: put thinint indicator after early error tty: hvc: Fix data abort due to race in hvc_open thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR staging: sm750fb: add missing case while setting FB_VISUAL i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output serial: amba-pl011: Make sure we initialize the port.lock spinlock drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish PCI: rcar: Fix incorrect programming of OB windows PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges scsi: qla2xxx: Fix warning after FC target reset power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' power: supply: smb347-charger: IRQSTAT_D is volatile scsi: mpt3sas: Fix double free warnings dlm: remove BUG() before panic() clk: ti: composite: fix memory leak PCI: Fix pci_register_host_bridge() device_register() error handling tty: n_gsm: Fix SOF skipping tty: n_gsm: Fix waking up upper tty layer when room available powerpc/pseries/ras: Fix FWNMI_VALID off by one powerpc/ps3: Fix kexec shutdown hang vfio-pci: Mask cap zero usb/ohci-platform: Fix a warning when hibernating drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() tty: n_gsm: Fix bogus i++ in gsm_data_kick clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 powerpc/64s/pgtable: fix an undefined behaviour dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port IB/cma: Fix ports memory leak in cma_configfs watchdog: da9062: No need to ping manually before setting timeout usb: dwc2: gadget: move gadget resume after the core is in L0 state USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check usb: gadget: fix potential double-free in m66592_probe. usb: gadget: Fix issue with config_ep_by_speed function x86/apic: Make TSC deadline timer detection message visible clk: bcm2835: Fix return type of bcm2835_register_gate scsi: ufs-qcom: Fix scheduling while atomic issue net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION powerpc/4xx: Don't unmap NULL mbase extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed vfio/mdev: Fix reference count leak in add_mdev_supported_type openrisc: Fix issue with argument clobbering for clone/fork gfs2: Allow lock_nolock mount to specify jid=X scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj scsi: ufs: Don't update urgent bkops level when toggling auto bkops pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' crypto: omap-sham - add proper load balancing support for multicore geneve: change from tx_error to tx_dropped on missing metadata lib/zlib: remove outdated and incorrect pre-increment optimization include/linux/bitops.h: avoid clang shift-count-overflow warnings elfnote: mark all .note sections SHF_ALLOC selftests/vm/pkeys: fix alloc_random_pkey() to make it really random blktrace: use errno instead of bi_status blktrace: fix endianness in get_pdu_int() blktrace: fix endianness for blk_log_remap() gfs2: fix use-after-free on transaction ail lists selftests/net: in timestamping, strncpy needs to preserve null byte drm/sun4i: hdmi ddc clk: Fix size of m divider scsi: acornscsi: Fix an error handling path in acornscsi_probe() usb/xhci-plat: Set PM runtime as active on resume usb/ehci-platform: Set PM runtime as active on resume perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events() bcache: fix potential deadlock problem in btree_gc_coalesce block: Fix use-after-free in blkdev_get() arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints libata: Use per port sync for detach drm: encoder_slave: fix refcouting error for modules drm/dp_mst: Reformat drm_dp_check_act_status() a bit drm/qxl: Use correct notify port address when creating cursor ring selinux: fix double free ext4: fix partial cluster initialization when splitting extent drm/dp_mst: Increase ACT retry timeout to 3s x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld block: nr_sects_write(): Disable preemption on seqcount write mtd: rawnand: Pass a nand_chip object to nand_release() mtd: rawnand: diskonchip: Fix the probe error path mtd: rawnand: sharpsl: Fix the probe error path mtd: rawnand: xway: Fix the probe error path mtd: rawnand: orion: Fix the probe error path mtd: rawnand: oxnas: Add of_node_put() mtd: rawnand: oxnas: Fix the probe error path mtd: rawnand: socrates: Fix the probe error path mtd: rawnand: plat_nand: Fix the probe error path mtd: rawnand: mtk: Fix the probe error path mtd: rawnand: tmio: Fix the probe error path crypto: algif_skcipher - Cap recv SG list at ctx->used crypto: algboss - don't wait during notifier callback kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex e1000e: Do not wake up the system via WOL if device wakeup is disabled kretprobe: Prevent triggering kretprobe from within kprobe_flush_task sched/rt, net: Use CONFIG_PREEMPTION.patch net: core: device_rename: Use rwsem instead of a seqcount md: add feature flag MD_FEATURE_RAID0_LAYOUT kvm: x86: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c kvm: x86: Fix reserved bits related calculation errors caused by MKTME KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated Linux 4.14.186 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5a9f5c8483f37ac08cf01991ffa43b333fdfa0a3 |
||
Tom Rix
|
808db35a0a |
selinux: fix double free
commit 65de50969a77509452ae590e9449b70a22b923bb upstream.
Clang's static analysis tool reports these double free memory errors.
security/selinux/ss/services.c:2987:4: warning: Attempt to free released memory [unix.Malloc]
kfree(bnames[i]);
^~~~~~~~~~~~~~~~
security/selinux/ss/services.c:2990:2: warning: Attempt to free released memory [unix.Malloc]
kfree(bvalues);
^~~~~~~~~~~~~~
So improve the security_get_bools error handling by freeing these variables
and setting their return pointers to NULL and the return len to 0
Cc: stable@vger.kernel.org
Signed-off-by: Tom Rix <trix@redhat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
John Johansen
|
8906aa8e57 |
apparmor: fix introspection of of task mode for unconfined tasks
[ Upstream commit dd2569fbb053719f7df7ef8fdbb45cf47156a701 ]
Fix two issues with introspecting the task mode.
1. If a task is attached to a unconfined profile that is not the
ns->unconfined profile then. Mode the mode is always reported
as -
$ ps -Z
LABEL PID TTY TIME CMD
unconfined 1287 pts/0 00:00:01 bash
test (-) 1892 pts/0 00:00:00 ps
instead of the correct value of (unconfined) as shown below
$ ps -Z
LABEL PID TTY TIME CMD
unconfined 2483 pts/0 00:00:01 bash
test (unconfined) 3591 pts/0 00:00:00 ps
2. if a task is confined by a stack of profiles that are unconfined
the output of label mode is again the incorrect value of (-) like
above, instead of (unconfined). This is because the visibile
profile count increment is skipped by the special casing of
unconfined.
Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels")
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
d6d7b18f40 |
This is the 4.14.185 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7tx/EACgkQONu9yGCS aT4/ABAApnoLXN+Drzomi5DYYQoVyf+4sTgIHSks4Q7S0TggPYLH/UcYAkqxgmjd Lj3VKcCSZqoR6gCeTLK34DSxlKezvxKI/u5LVjdRVdyWc4W2y3InqYBGikPeuGfW Ud4E2pGe/NgoZ0jf6dxkIxQx3DqtrsY0742MTCG3BNEYo4B4HMcN0LEUEFtwSjqj e1LpE8sCX2MhfvAzCvajBhNlIv4Sdgr47+52yhxjS8h04D6rq92jGsdjUjw5Oqtt wPIf2v1zxFq3QkPf3pYW5e/FsfzzDk3pIs1bQ4TnoJkAGfI52eBTjekdRSU0TOiG U7RBXsVFCEcB/ec5WkiNzUhK4+SpEuO3SDa6u7OVlQ2wGTT/c1k1prJL0AdXwUJn NYqOe1WZpXORajLYbVNAQwvbTN3Chho5FI9w+WoU/WvmzxelqXAUCSTsqEhNV8oS ZBWu6anawL8C9d0aYsq1DeV2CMEPmQPWp9HeiNtZgl0ZKkZlqBcxW2dccq9h8PH4 xqRImk+owbKsT0NV3dV150Q41nc2rTQd2jyGeoA+iek17/XDxWT9ICArA+YfBhx1 uf+dNPyl8g8ATvTZaS7su/Q7T2rsgBc64DO5R+jtTp4QRgl/N2b4QyewfjusrRXA x3Ckq0oA9ZOcfLs9IAoTD5L1mmwSaYUa6fhiZHhop2daUPUbAgE= =BJUs -----END PGP SIGNATURE----- Merge 4.14.185 into android-4.14-stable Changes in 4.14.185 ipv6: fix IPV6_ADDRFORM operation logic vxlan: Avoid infinite loop when suppressing NS messages with invalid options make 'user_access_begin()' do 'access_ok()' Fix 'acccess_ok()' on alpha and SH arch/openrisc: Fix issues with access_ok() x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() serial: imx: Fix handling of TC irq in combination with DMA crypto: talitos - fix ECB and CBC algs ivsize ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook sched/fair: Don't NUMA balance for kthreads Input: synaptics - add a second working PNP_ID for Lenovo T470s drivers/net/ibmvnic: Update VNIC protocol version reporting powerpc/xive: Clear the page tables for the ESB IO mapping ath9k_htc: Silence undersized packet warnings perf probe: Accept the instance number of kretprobe event mm: add kvfree_sensitive() for freeing sensitive data objects x86_64: Fix jiffies ODR violation x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs x86/speculation: Prevent rogue cross-process SSBD shutdown x86/reboot/quirks: Add MacBook6,1 reboot quirk efi/efivars: Add missing kobject_put() in sysfs entry creation error path ALSA: es1688: Add the missed snd_card_free() ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines ALSA: usb-audio: Fix inconsistent card PM state after resume ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() ACPI: GED: add support for _Exx / _Lxx handler methods ACPI: PM: Avoid using power resources if there are none for D0 cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() spi: bcm2835aux: Fix controller unregister order spi: bcm-qspi: when tx/rx buffer is NULL set to 0 crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated ALSA: pcm: disallow linking stream to itself kvm: x86: Fix L1TF mitigation for shadow MMU KVM: x86/mmu: Consolidate "is MMIO SPTE" code KVM: x86: only do L1TF workaround on affected processors x86/speculation: Change misspelled STIPB to STIBP x86/speculation: Add support for STIBP always-on preferred mode x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. spi: dw: fix possible race condition spi: dw: Fix controller unregister order spi: No need to assign dummy value in spi_unregister_controller() spi: Fix controller unregister order spi: pxa2xx: Fix controller unregister order spi: bcm2835: Fix controller unregister order crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() selftests/net: in rxtimestamp getopt_long needs terminating null entry ovl: initialize error in ovl_copy_xattr proc: Use new_inode not new_inode_pseudo video: fbdev: w100fb: Fix a potential double free. KVM: nSVM: fix condition for filtering async PF KVM: nSVM: leave ASID aside in copy_vmcb_control_area KVM: nVMX: Consult only the "basic" exit reason when routing nested exit KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx ath9k: Fix use-after-free Write in ath9k_htc_rx_msg ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Smack: slab-out-of-bounds in vsscanf mm/slub: fix a memory leak in sysfs_slab_add() fat: don't allow to mount if the FAT length == 0 perf: Add cond_resched() to task_function_call() agp/intel: Reinforce the barrier after GTT updates mmc: sdhci-msm: Clear tuning done flag while hs400 tuning mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices xen/pvcalls-back: test for errors when calling backend_connect() ACPI: GED: use correct trigger type field in _Exx / _Lxx handling drm: bridge: adv7511: Extend list of audio sample rates crypto: ccp -- don't "select" CONFIG_DMADEVICES media: si2157: Better check for running tuner in init objtool: Ignore empty alternatives spi: pxa2xx: Apply CS clk quirk to BXT net: ena: fix error returning in ena_com_get_hash_function() spi: dw: Zero DMA Tx and Rx configurations on stack ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K MIPS: Loongson: Build ATI Radeon GPU driver as module Bluetooth: Add SCO fallback for invalid LMP parameters error kgdb: Prevent infinite recursive entries to the debugger spi: dw: Enable interrupts in accordance with DMA xfer mode clocksource: dw_apb_timer: Make CPU-affiliation being optional clocksource: dw_apb_timer_of: Fix missing clockevent timers btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE spi: dw: Fix Rx-only DMA transfers x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() staging: android: ion: use vmap instead of vm_map_ram brcmfmac: fix wrong location to get firmware feature tools api fs: Make xxx__mountpoint() more scalable e1000: Distribute switch variables for initialization dt-bindings: display: mediatek: control dpi pins mode to avoid leakage audit: fix a net reference leak in audit_send_reply() media: dvb: return -EREMOTEIO on i2c transfer failure. media: platform: fcp: Set appropriate DMA parameters MIPS: Make sparse_init() using top-down allocation audit: fix a net reference leak in audit_list_rules_send() netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported net: bcmgenet: set Rx mode before starting netif lib/mpi: Fix 64-bit MIPS build with Clang exit: Move preemption fixup up, move blocking operations down net: lpc-enet: fix error return code in lpc_mii_init() media: cec: silence shift wrapping warning in __cec_s_log_addrs() net: allwinner: Fix use correct return type for ndo_start_xmit() powerpc/spufs: fix copy_to_user while atomic Crypto/chcr: fix for ccm(aes) failed test MIPS: Truncate link address into 32bit for 32bit kernel mips: cm: Fix an invalid error code of INTVN_*_ERR kgdb: Fix spurious true from in_dbg_master() nvme: refine the Qemu Identify CNS quirk wcn36xx: Fix error handling path in 'wcn36xx_probe()' net: qed*: Reduce RX and TX default ring count when running inside kdump kernel md: don't flush workqueue unconditionally in md_open rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() mwifiex: Fix memory corruption in dump_station x86/boot: Correct relocation destination on old linkers mips: MAAR: Use more precise address mask mips: Add udelay lpj numbers adjustment x86/mm: Stop printing BRK addresses m68k: mac: Don't call via_flush_cache() on Mac IIfx macvlan: Skip loopback packets in RX handler PCI: Don't disable decoding when mmio_always_on is set MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core ixgbe: fix signed-integer-overflow warning mmc: sdhci-esdhc-imx: fix the mask for tuning start point spi: dw: Return any value retrieved from the dma_transfer callback cpuidle: Fix three reference count leaks platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() string.h: fix incompatibility between FORTIFY_SOURCE and KASAN btrfs: send: emit file capabilities after chown mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() ima: Fix ima digest hash table key calculation ima: Directly assign the ima_default_policy pointer to ima_rules evm: Fix possible memory leak in evm_calc_hmac_or_hash() ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max ext4: fix error pointer dereference ext4: fix race between ext4_sync_parent() and rename() PCI: Disable MSI for Freescale Layerscape PCIe RC mode PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 PCI: Avoid FLR for AMD Starship USB 3.0 PCI: Add ACS quirk for iProc PAXB PCI: Add ACS quirk for Ampere root ports PCI: Make ACS quirk implementations more uniform vga_switcheroo: Deduplicate power state tracking vga_switcheroo: Use device link for HDA controller PCI: Generalize multi-function power dependency device links PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints PCI: Unify ACS quirk desired vs provided checking btrfs: fix error handling when submitting direct I/O bio btrfs: fix wrong file range cleanup after an error filling dealloc range blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call PCI: Program MPS for RCiEP devices e1000e: Disable TSO for buffer overrun workaround e1000e: Relax condition to trigger reset for ME workaround carl9170: remove P2P_GO support media: go7007: fix a miss of snd_card_free b43legacy: Fix case where channel status is corrupted b43: Fix connection problem with WPA3 b43_legacy: Fix connection problem with WPA3 media: ov5640: fix use of destroyed mutex igb: Report speed and duplex as unknown when device is runtime suspended power: vexpress: add suppress_bind_attrs to true pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs sparc32: fix register window handling in genregs32_[gs]et() sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() dm crypt: avoid truncating the logical block size kernel/cpu_pm: Fix uninitted local in cpu_pm ARM: tegra: Correct PL310 Auxiliary Control Register initialization drivers/macintosh: Fix memleak in windfarm_pm112 driver powerpc/64s: Don't let DT CPU features set FSCR_DSCR powerpc/64s: Save FSCR to init_task.thread.fscr after feature init kbuild: force to build vmlinux if CONFIG_MODVERSION=y sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. sunrpc: clean up properly in gss_mech_unregister() mtd: rawnand: brcmnand: fix hamming oob layout mtd: rawnand: pasemi: Fix the probe error path w1: omap-hdq: cleanup to add missing newline for some dev_dbg perf probe: Do not show the skipped events perf probe: Fix to check blacklist address correctly perf symbols: Fix debuginfo search for Ubuntu Linux 4.14.185 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ifd3a6f3d9643a42802ed8f061a548a5c5ffcb109 |
||
|
Roberto Sassu
|
8464622583 |
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
commit 0c4395fb2aa77341269ea619c5419ea48171883f upstream.
Don't immediately return if the signature is portable and security.ima is
not present. Just set error so that memory allocated is freed before
returning from evm_calc_hmac_or_hash().
Fixes: 50b977481fce9 ("EVM: Add support for portable signature format")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Roberto Sassu
|
1ff06c639f |
ima: Directly assign the ima_default_policy pointer to ima_rules
commit 067a436b1b0aafa593344fddd711a755a58afb3b upstream. This patch prevents the following oops: [ 10.771813] BUG: kernel NULL pointer dereference, address: 0000000000000 [...] [ 10.779790] RIP: 0010:ima_match_policy+0xf7/0xb80 [...] [ 10.798576] Call Trace: [ 10.798993] ? ima_lsm_policy_change+0x2b0/0x2b0 [ 10.799753] ? inode_init_owner+0x1a0/0x1a0 [ 10.800484] ? _raw_spin_lock+0x7a/0xd0 [ 10.801592] ima_must_appraise.part.0+0xb6/0xf0 [ 10.802313] ? ima_fix_xattr.isra.0+0xd0/0xd0 [ 10.803167] ima_must_appraise+0x4f/0x70 [ 10.804004] ima_post_path_mknod+0x2e/0x80 [ 10.804800] do_mknodat+0x396/0x3c0 It occurs when there is a failure during IMA initialization, and ima_init_policy() is not called. IMA hooks still call ima_match_policy() but ima_rules is NULL. This patch prevents the crash by directly assigning the ima_default_policy pointer to ima_rules when ima_rules is defined. This wouldn't alter the existing behavior, as ima_rules is always set at the end of ima_init_policy(). Cc: stable@vger.kernel.org # 3.7.x Fixes: 07f6a79415d7d ("ima: add appraise action keywords and default rules") Reported-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Krzysztof Struczynski
|
340b97cc94 |
ima: Fix ima digest hash table key calculation
commit 1129d31b55d509f15e72dc68e4b5c3a4d7b4da8d upstream. Function hash_long() accepts unsigned long, while currently only one byte is passed from ima_hash_key(), which calculates a key for ima_htable. Given that hashing the digest does not give clear benefits compared to using the digest itself, remove hash_long() and return the modulus calculated on the first two bytes of the digest with the number of slots. Also reduce the depth of the hash table by doubling the number of slots. Cc: stable@vger.kernel.org Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider") Co-developed-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com> Acked-by: David.Laight@aculab.com (big endian system concerns) Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Casey Schaufler
|
61f8b8965c |
Smack: slab-out-of-bounds in vsscanf
commit 84e99e58e8d1e26f04c097f4266e431a33987f36 upstream. Add barrier to soob. Return -EOVERFLOW if the buffer is exceeded. Suggested-by: Hillf Danton <hdanton@sina.com> Reported-by: syzbot+bfdd4a2f07be52351350@syzkaller.appspotmail.com Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Waiman Long
|
e27d0385df |
mm: add kvfree_sensitive() for freeing sensitive data objects
[ Upstream commit d4eaa2837851db2bfed572898bfc17f9a9f9151e ]
For kvmalloc'ed data object that contains sensitive information like
cryptographic keys, we need to make sure that the buffer is always cleared
before freeing it. Using memset() alone for buffer clearing may not
provide certainty as the compiler may compile it away. To be sure, the
special memzero_explicit() has to be used.
This patch introduces a new kvfree_sensitive() for freeing those sensitive
data objects allocated by kvmalloc(). The relevant places where
kvfree_sensitive() can be used are modified to use it.
Fixes: 4f0882491a14 ("KEYS: Avoid false positive ENOMEM error on key read")
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Reviewed-by: Eric Biggers <ebiggers@google.com>
Acked-by: David Howells <dhowells@redhat.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: James Morris <jmorris@namei.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Joe Perches <joe@perches.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: David Rientjes <rientjes@google.com>
Cc: Uladzislau Rezki <urezki@gmail.com>
Link: http://lkml.kernel.org/r/20200407200318.11711-1-longman@redhat.com
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|