malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
812,264 Commits 5 Branches 0 Tags
Commit Graph

3893 Commits

Author SHA1 Message Date
Stephen Smalley
c1a453d2ec UPSTREAM: selinux: wrap selinuxfs state 
Move global selinuxfs state to a per-instance structure (selinux_fs_info),
and include a pointer to the selinux_state in this structure.
Pass this selinux_state to all security server operations, thereby
ensuring that each selinuxfs instance presents a view of and acts
as an interface to a particular selinux_state instance.

This change should have no effect on SELinux behavior or APIs
(userspace or LSM).  It merely wraps the selinuxfs global state,
links it to a particular selinux_state (currently always the single
global selinux_state) and uses that state for all operations.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

(cherry picked from commit 0619f0f5e36f12e100ef294f5980cfe7c93ff23e)
Change-Id: I62ef7f867b0c04391a1f918d516514344483b40c
Bug: 140252993
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
 2020-01-08 20:02:28 +00:00
Paul Moore
016d8cd330 UPSTREAM: selinux: rename the {is,set}_enforcing() functions 
Rename is_enforcing() to enforcing_enabled() and
enforcing_set() to set_enforcing().

Signed-off-by: Paul Moore <paul@paul-moore.com>

(cherry picked from commit e5a5ca96a42ca7eee19cf8694377308771350950)
Change-Id: I6063be6809663000835461787d9e43df2f6fd853
Bug: 140252993
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
 2020-01-08 20:02:10 +00:00
Stephen Smalley
b86e8759d9 BACKPORT: selinux: wrap global selinux state 
Define a selinux state structure (struct selinux_state) for
global SELinux state and pass it explicitly to all security server
functions.  The public portion of the structure contains state
that is used throughout the SELinux code, such as the enforcing mode.
The structure also contains a pointer to a selinux_ss structure whose
definition is private to the security server and contains security
server specific state such as the policy database and SID table.

This change should have no effect on SELinux behavior or APIs
(userspace or LSM).  It merely wraps SELinux state and passes it
explicitly as needed.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: minor fixups needed due to collisions with the SCTP patches]
Signed-off-by: Paul Moore <paul@paul-moore.com>

(cherry picked from commit aa8e712cee93d520e96a2ca8e3a20f807c937e3f)
Resolved conflicts around non-backported support for sctp.
Change-Id: Iedc64518daf86ce07648a4f3784c041198752857
Bug: 140252993
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
 2020-01-08 20:01:55 +00:00
Kyeongdon Kim
434a3aa7cf UPSTREAM: selinux: Use kmem_cache for hashtab_node 
During random test as own device to check slub account,
we found some slack memory from hashtab_node(kmalloc-64).
By using kzalloc(), middle of test result like below:
allocated size 240768
request size 45144
slack size 195624
allocation count 3762

So, we want to use kmem_cache_zalloc() and that
can reduce memory size 52byte(slack size/alloc count) per each struct.

Signed-off-by: Kyeongdon Kim <kyeongdon.kim@lge.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

(cherry picked from commit 7c620ece125cbab7b5dfcb574ee1e64ab8b562cd)
Change-Id: I552ed33d1d51f6c0fc37d078ed8f5cf07e9d76aa
Bug: 140252993
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
 2020-01-08 20:01:39 +00:00
Joel Fernandes (Google)
f81151cd3a BACKPORT: perf_event: Add support for LSM and SELinux checks 
In current mainline, the degree of access to perf_event_open(2) system
call depends on the perf_event_paranoid sysctl.  This has a number of
limitations:

1. The sysctl is only a single value. Many types of accesses are controlled
   based on the single value thus making the control very limited and
   coarse grained.
2. The sysctl is global, so if the sysctl is changed, then that means
   all processes get access to perf_event_open(2) opening the door to
   security issues.

This patch adds LSM and SELinux access checking which will be used in
Android to access perf_event_open(2) for the purposes of attaching BPF
programs to tracepoints, perf profiling and other operations from
userspace. These operations are intended for production systems.

5 new LSM hooks are added:
1. perf_event_open: This controls access during the perf_event_open(2)
   syscall itself. The hook is called from all the places that the
   perf_event_paranoid sysctl is checked to keep it consistent with the
   systctl. The hook gets passed a 'type' argument which controls CPU,
   kernel and tracepoint accesses (in this context, CPU, kernel and
   tracepoint have the same semantics as the perf_event_paranoid sysctl).
   Additionally, I added an 'open' type which is similar to
   perf_event_paranoid sysctl == 3 patch carried in Android and several other
   distros but was rejected in mainline [1] in 2016.

2. perf_event_alloc: This allocates a new security object for the event
   which stores the current SID within the event. It will be useful when
   the perf event's FD is passed through IPC to another process which may
   try to read the FD. Appropriate security checks will limit access.

3. perf_event_free: Called when the event is closed.

4. perf_event_read: Called from the read(2) and mmap(2) syscalls for the event.

5. perf_event_write: Called from the ioctl(2) syscalls for the event.

[1] https://lwn.net/Articles/696240/

Since Peter had suggest LSM hooks in 2016 [1], I am adding his
Suggested-by tag below.

To use this patch, we set the perf_event_paranoid sysctl to -1 and then
apply selinux checking as appropriate (default deny everything, and then
add policy rules to give access to domains that need it). In the future
we can remove the perf_event_paranoid sysctl altogether.

Suggested-by: Peter Zijlstra <peterz@infradead.org>
Co-developed-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Joel Fernandes (Google) <joel@joelfernandes.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: James Morris <jmorris@namei.org>
Cc: Arnaldo Carvalho de Melo <acme@kernel.org>
Cc: rostedt@goodmis.org
Cc: Yonghong Song <yhs@fb.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: jeffv@google.com
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: primiano@google.com
Cc: Song Liu <songliubraving@fb.com>
Cc: rsavitski@google.com
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Matthew Garrett <matthewgarrett@google.com>
Link: https://lkml.kernel.org/r/20191014170308.70668-1-joel@joelfernandes.org

Bug: 137092007
Change-Id: Ibb356813b0b2f0cedab7806ee21ce4c00469be32
(cherry picked from commit da97e18458fb42d7c00fac5fd1c56a3896ec666e)
[ Ryan Savitski:
  Adapted for older APIs, e.g. hlist -> list, removed refs to
  selinux_state. No new functionality. ]
Signed-off-by: Ryan Savitski <rsavitski@google.com>
 2020-01-08 14:29:48 +00:00
Greg Kroah-Hartman
c2bd4f8f0c This is the 4.14.162 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4QjoEACgkQONu9yGCS
 aT61Ig/9GTbv5+njbemhs01loMsA6H4u+BwFHjxJiTzfj+7TwKDZVDcllmiKkPSQ
 cS3+n6oV1G5VzzmTRU5WKBNQkgu2t6TmcxI4xiDTIZ+GlzdC7b7bp0uEv7bRGIMg
 lm6oHBoy753oMiB/Z4itA58tuLVsEw9sjZJ3O7wvlaFl4NzD8clGCc9iLQaLofDP
 7uXWPgtZ3yRDquOtjPV7c52qwbr/QUZs13iH6xwSHIK6kmTbuhKbQB2TqdrHlKrc
 FxlitA8NAjn8s7PrJd0NWQxxEW0by3W+pYZ6yvzF1zlY1UWkZB7WfKK8kW5A/5Jt
 alPtbHAZGbxuobVewObRosM/DZ6vYHNE78M6FUkyo7113lsvVNhz71h8YbO/beCc
 PPGzvQbbeaWGdVtTFVih75HwtGVktwRpgdA1H0NPZb4eWX9eZl8BrgMvo4EsAvl4
 BMYiWbYvR7ijWvbahwTHlpnpmce2acWD5H+oGE338lXvXfXjgrH5d2DlZ9bWTdKv
 h1YmINQ/cZuUoAe9vlUr/uXIflwza65TJWDRRjzXMZ7FOLwXTTCjqFO+36PZ5zRf
 4jdfZa4Uz0HmfH95bVJRbRuAt1Fny/mK3sx7vjTcu0qT9FpG8P3tSJR9rz8yEbVb
 X0dmyUHl2qNFj0Y/cV3AJJjTEuDbhmXfwPmXPgF4owR6R0rhfM4=
 =57Qt
 -----END PGP SIGNATURE-----

Merge 4.14.162 into android-4.14

Changes in 4.14.162
	scsi: lpfc: Fix discovery failures when target device connectivity bounces
	scsi: mpt3sas: Fix clear pending bit in ioctl status
	scsi: lpfc: Fix locking on mailbox command completion
	Input: atmel_mxt_ts - disable IRQ across suspend
	iommu/tegra-smmu: Fix page tables in > 4 GiB memory
	scsi: target: compare full CHAP_A Algorithm strings
	scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
	scsi: csiostor: Don't enable IRQs too early
	powerpc/pseries: Mark accumulate_stolen_time() as notrace
	powerpc/pseries: Don't fail hash page table insert for bolted mapping
	powerpc/tools: Don't quote $objdump in scripts
	dma-debug: add a schedule point in debug_dma_dump_mappings()
	clocksource/drivers/asm9260: Add a check for of_clk_get
	powerpc/security/book3s64: Report L1TF status in sysfs
	powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning
	ext4: update direct I/O read lock pattern for IOCB_NOWAIT
	jbd2: Fix statistics for the number of logged blocks
	scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6)
	scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
	f2fs: fix to update dir's i_pino during cross_rename
	clk: qcom: Allow constant ratio freq tables for rcg
	irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary
	irqchip: ingenic: Error out if IRQ domain creation failed
	fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long
	scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
	scsi: ufs: fix potential bug which ends in system hang
	powerpc/pseries/cmm: Implement release() function for sysfs device
	powerpc/security: Fix wrong message when RFI Flush is disable
	scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
	clk: pxa: fix one of the pxa RTC clocks
	bcache: at least try to shrink 1 node in bch_mca_scan()
	HID: logitech-hidpp: Silence intermittent get_battery_capacity errors
	libnvdimm/btt: fix variable 'rc' set but not used
	HID: Improve Windows Precision Touchpad detection.
	scsi: pm80xx: Fix for SATA device discovery
	scsi: ufs: Fix error handing during hibern8 enter
	scsi: scsi_debug: num_tgts must be >= 0
	scsi: NCR5380: Add disconnect_mask module parameter
	scsi: iscsi: Don't send data to unbound connection
	scsi: target: iscsi: Wait for all commands to finish before freeing a session
	gpio: mpc8xxx: Don't overwrite default irq_set_type callback
	apparmor: fix unsigned len comparison with less than zero
	scripts/kallsyms: fix definitely-lost memory leak
	cdrom: respect device capabilities during opening action
	perf script: Fix brstackinsn for AUXTRACE
	perf regs: Make perf_reg_name() return "unknown" instead of NULL
	s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR
	libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h
	s390/cpum_sf: Check for SDBT and SDB consistency
	ocfs2: fix passing zero to 'PTR_ERR' warning
	kernel: sysctl: make drop_caches write-only
	userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK
	x86/mce: Fix possibly incorrect severity calculation on AMD
	net, sysctl: Fix compiler warning when only cBPF is present
	netfilter: nf_queue: enqueue skbs with NULL dst
	ALSA: hda - Downgrade error message for single-cmd fallback
	bonding: fix active-backup transition after link failure
	perf strbuf: Remove redundant va_end() in strbuf_addv()
	Make filldir[64]() verify the directory entry filename is valid
	filldir[64]: remove WARN_ON_ONCE() for bad directory entries
	netfilter: ebtables: compat: reject all padding in matches/watchers
	6pack,mkiss: fix possible deadlock
	netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
	inetpeer: fix data-race in inet_putpeer / inet_putpeer
	net: add a READ_ONCE() in skb_peek_tail()
	net: icmp: fix data-race in cmp_global_allow()
	hrtimer: Annotate lockless access to timer->state
	spi: fsl: don't map irq during probe
	tty/serial: atmel: fix out of range clock divider handling
	pinctrl: baytrail: Really serialize all register accesses
	net: ena: fix napi handler misbehavior when the napi budget is zero
	net/mlxfw: Fix out-of-memory error in mfa2 flash burning
	ptp: fix the race between the release of ptp_clock and cdev
	udp: fix integer overflow while computing available space in sk_rcvbuf
	vhost/vsock: accept only packets with the right dst_cid
	net: add bool confirm_neigh parameter for dst_ops.update_pmtu
	ip6_gre: do not confirm neighbor when do pmtu update
	gtp: do not confirm neighbor when do pmtu update
	net/dst: add new function skb_dst_update_pmtu_no_confirm
	tunnel: do not confirm neighbor when do pmtu update
	vti: do not confirm neighbor when do pmtu update
	sit: do not confirm neighbor when do pmtu update
	gtp: do not allow adding duplicate tid and ms_addr pdp context
	tcp/dccp: fix possible race __inet_lookup_established()
	tcp: do not send empty skb from tcp_write_xmit()
	gtp: fix wrong condition in gtp_genl_dump_pdp()
	gtp: fix an use-after-free in ipv4_pdp_find()
	gtp: avoid zero size hashtable
	spi: fsl: use platform_get_irq() instead of of_irq_to_resource()
	Linux 4.14.162

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2020-01-04 19:09:37 +01:00
Colin Ian King
04db2eb668 apparmor: fix unsigned len comparison with less than zero 
[ Upstream commit 00e0590dbaec6f1bcaa36a85467d7e3497ced522 ]

The sanity check in macro update_for_len checks to see if len
is less than zero, however, len is a size_t so it can never be
less than zero, so this sanity check is a no-op.  Fix this by
making len a ssize_t so the comparison will work and add ulen
that is a size_t copy of len so that the min() macro won't
throw warnings about comparing different types.

Addresses-Coverity: ("Macro compares unsigned to 0")
Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-01-04 13:59:51 +01:00
vijay.rayabarapu
40425d2700 selinux: cleanup the internal AVC counters on error in avc_update() 
In avc_update_node() after calling avc_alloc_node() which,
increments avc->avc_cache.active_nodes counter,
but kmem_cache_free() were called when avc_xperms_populate()
fails , which does not decrements the active_nodes count,
resulting in the avc->avc_cache.active_nodes counter having
false value.so calling avc_node_node() to fix it.

Change-Id: Ic0298162cc766c0f21be7ab232e259766654dad3
Signed-off-by: Jaihind Yadav <jaihindyadav@codeaurora.org>
Signed-off-by: vijay.rayabarapu <vijay.rayabarapu@codeaurora.org>
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
 2019-12-26 00:51:22 -08:00
Paul Moore
f6448d0ac7 selinux: ensure we cleanup the internal AVC counters on error in avc_insert() 
Fix avc_insert() to call avc_node_kill() if we've already allocated
an AVC node and the code fails to insert the node in the cache.

Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
Reported-by: rsiddoji@codeaurora.org
Suggested-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>.

Git-repo: https://www.spinics.net/lists/selinux/msg29616.html
Git-commit: d8db60cb23e49a92cf8cada3297395c7fa50fdf8
Change-Id: I655e9f3dc8e260371090e908588223cdbc064914
[rsiddoji@codeaurora.org: backport to 4.14 kernel version where]
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
 2019-12-18 15:59:22 +05:30
Greg Kroah-Hartman
84afceb668 This is the 4.14.158 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3pFmwACgkQONu9yGCS
 aT68qg//RlehfhDnOYveXC8iOlpnzUfE0gI0Ix5CbOuPk0pjYHD+pjC22QUK8fza
 LWoUH4XSmQ7k5v9xw9MXA45yEpsBajrF2uiOYEUbzEIeh2QetTa9+WlZ25wFnza9
 tICP2ct9lSs+E7bs3R8RW37cRLuYfhGtc9sskMfhAdTn9MQKOf9h7jIk0lFjhMB/
 GbK449Eo6+8Rh2Pai9EYhWCh70d8ZFHLN3UWZUqG8RfWj1041GwVIoNOhwh5fCOq
 susq/EZI58BKsUv614sUxQ+dMaY+AOLKZAeYcP49tn/aARl2MjQaYSO8wnyUSVwn
 F7VYN2uvDVKXZa1/vGNtF6Q6O3nuvVwOgaFFx0srH9rSA7s8se+ZQTHg9WqGo36l
 fl2u7VN40Lq3Hv53gDV9qLHaPaxtAh39lDG9UoGnefzdbNGPVQRTqypMeRLHidwQ
 CK5lmbCr9BHoOGTRE0jl147WHTXtzYxjPnUmhZlIT2vxxDXP1AQqOHLLjHviXFrp
 VclLhGbJUAcB3fGSZJtLHYgPlZms+AFLxDQN4l9e3Xqu+F/W9z+NlAX7bEfYLBm0
 v/x/b+BL+qtQ9DBIfc57uGxajgHzoI3ZtctiqZJ93IxFMRZEQVQsHYAh/pcK2AIh
 ONu4VvFjhdxWFQuzAZe8IEDyHbhcQSL+IMmKq+wu9KtGOfLNxWg=
 =D1w0
 -----END PGP SIGNATURE-----

Merge 4.14.158 into android-4.14

Changes in 4.14.158
	Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS"
	clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate
	ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX
	ASoC: compress: fix unsigned integer overflow check
	reset: Fix memory leak in reset_control_array_put()
	ASoC: kirkwood: fix external clock probe defer
	clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume
	reset: fix reset_control_ops kerneldoc comment
	clk: at91: avoid sleeping early
	clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18
	idr: Fix idr_alloc_u32 on 32-bit systems
	x86/resctrl: Prevent NULL pointer dereference when reading mondata
	clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call
	net: fec: add missed clk_disable_unprepare in remove
	bridge: ebtables: don't crash when using dnat target in output chains
	can: peak_usb: report bus recovery as well
	can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open
	can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak
	can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max
	can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM
	can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors
	can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error
	can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error
	watchdog: meson: Fix the wrong value of left time
	scripts/gdb: fix debugging modules compiled with hot/cold partitioning
	net: bcmgenet: reapply manual settings to the PHY
	ceph: return -EINVAL if given fsc mount option on kernel w/o support
	mac80211: fix station inactive_time shortly after boot
	block: drbd: remove a stray unlock in __drbd_send_protocol()
	pwm: bcm-iproc: Prevent unloading the driver module while in use
	scsi: lpfc: Fix kernel Oops due to null pring pointers
	scsi: lpfc: Fix dif and first burst use in write commands
	ARM: dts: Fix up SQ201 flash access
	ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed
	ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication
	parisc: Fix serio address output
	parisc: Fix HP SDC hpa address output
	arm64: mm: Prevent mismatched 52-bit VA support
	arm64: smp: Handle errors reported by the firmware
	ARM: OMAP1: fix USB configuration for device-only setups
	RDMA/vmw_pvrdma: Use atomic memory allocation in create AH
	PM / AVS: SmartReflex: NULL check before some freeing functions is not needed
	ARM: ks8695: fix section mismatch warning
	ACPI / LPSS: Ignore acpi_device_fix_up_power() return value
	scsi: lpfc: Enable Management features for IF_TYPE=6
	crypto: user - support incremental algorithm dumps
	mwifiex: fix potential NULL dereference and use after free
	mwifiex: debugfs: correct histogram spacing, formatting
	rtl818x: fix potential use after free
	xfs: require both realtime inodes to mount
	ubi: Put MTD device after it is not used
	ubi: Do not drop UBI device reference before using
	microblaze: adjust the help to the real behavior
	microblaze: move "... is ready" messages to arch/microblaze/Makefile
	iwlwifi: move iwl_nvm_check_version() into dvm
	gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB
	kvm: vmx: Set IA32_TSC_AUX for legacy mode guests
	VSOCK: bind to random port for VMADDR_PORT_ANY
	mmc: meson-gx: make sure the descriptor is stopped on errors
	mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET
	btrfs: only track ref_heads in delayed_ref_updates
	HID: intel-ish-hid: fixes incorrect error handling
	serial: 8250: Rate limit serial port rx interrupts during input overruns
	kprobes/x86/xen: blacklist non-attachable xen interrupt functions
	xen/pciback: Check dev_data before using it
	vfio-mdev/samples: Use u8 instead of char for handle functions
	pinctrl: xway: fix gpio-hog related boot issues
	net/mlx5: Continue driver initialization despite debugfs failure
	exofs_mount(): fix leaks on failure exits
	bnxt_en: Return linux standard errors in bnxt_ethtool.c
	bnxt_en: query force speeds before disabling autoneg mode.
	KVM: s390: unregister debug feature on failing arch init
	pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration
	pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10
	HID: doc: fix wrong data structure reference for UHID_OUTPUT
	dm flakey: Properly corrupt multi-page bios.
	gfs2: take jdata unstuff into account in do_grow
	xfs: Align compat attrlist_by_handle with native implementation.
	xfs: Fix bulkstat compat ioctls on x32 userspace.
	IB/qib: Fix an error code in qib_sdma_verbs_send()
	clocksource/drivers/fttmr010: Fix invalid interrupt register access
	vxlan: Fix error path in __vxlan_dev_create()
	powerpc/book3s/32: fix number of bats in p/v_block_mapped()
	powerpc/xmon: fix dump_segments()
	drivers/regulator: fix a missing check of return value
	Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading
	serial: max310x: Fix tx_empty() callback
	openrisc: Fix broken paths to arch/or32
	RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer
	scsi: qla2xxx: deadlock by configfs_depend_item
	scsi: csiostor: fix incorrect dma device in case of vport
	ath6kl: Only use match sets when firmware supports it
	ath6kl: Fix off by one error in scan completion
	powerpc/perf: Fix unit_sel/cache_sel checks
	powerpc/prom: fix early DEBUG messages
	powerpc/mm: Make NULL pointer deferences explicit on bad page faults.
	powerpc/44x/bamboo: Fix PCI range
	vfio/spapr_tce: Get rid of possible infinite loop
	powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status
	drbd: ignore "all zero" peer volume sizes in handshake
	drbd: reject attach of unsuitable uuids even if connected
	drbd: do not block when adjusting "disk-options" while IO is frozen
	drbd: fix print_st_err()'s prototype to match the definition
	IB/rxe: Make counters thread safe
	regulator: tps65910: fix a missing check of return value
	powerpc/83xx: handle machine check caused by watchdog timer
	powerpc/pseries: Fix node leak in update_lmb_associativity_index()
	crypto: mxc-scc - fix build warnings on ARM64
	pwm: clps711x: Fix period calculation
	net/netlink_compat: Fix a missing check of nla_parse_nested
	net/net_namespace: Check the return value of register_pernet_subsys()
	f2fs: fix to dirty inode synchronously
	um: Make GCOV depend on !KCOV
	net: (cpts) fix a missing check of clk_prepare
	net: stmicro: fix a missing check of clk_prepare
	net: dsa: bcm_sf2: Propagate error value from mdio_write
	atl1e: checking the status of atl1e_write_phy_reg
	tipc: fix a missing check of genlmsg_put
	net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe()
	ocfs2: clear journal dirty flag after shutdown journal
	vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n
	lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk
	lib/genalloc.c: use vzalloc_node() to allocate the bitmap
	fork: fix some -Wmissing-prototypes warnings
	drivers/base/platform.c: kmemleak ignore a known leak
	lib/genalloc.c: include vmalloc.h
	mtd: Check add_mtd_device() ret code
	tipc: fix memory leak in tipc_nl_compat_publ_dump
	net/core/neighbour: tell kmemleak about hash tables
	PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity()
	net/core/neighbour: fix kmemleak minimal reference count for hash tables
	serial: 8250: Fix serial8250 initialization crash
	gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change
	sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe
	ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel
	decnet: fix DN_IFREQ_SIZE
	net/smc: prevent races between smc_lgr_terminate() and smc_conn_free()
	blktrace: Show requests without sector
	tipc: fix skb may be leaky in tipc_link_input
	sfc: initialise found bitmap in efx_ef10_mtd_probe
	net: fix possible overflow in __sk_mem_raise_allocated()
	sctp: don't compare hb_timer expire date before starting it
	bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id()
	net: dev: Use unsigned integer as an argument to left-shift
	kvm: properly check debugfs dentry before using it
	bpf: drop refcount if bpf_map_new_fd() fails in map_create()
	net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED
	iommu/amd: Fix NULL dereference bug in match_hid_uid
	apparmor: delete the dentry in aafs_remove() to avoid a leak
	scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery
	ACPI / APEI: Don't wait to serialise with oops messages when panic()ing
	ACPI / APEI: Switch estatus pool to use vmalloc memory
	scsi: libsas: Check SMP PHY control function result
	powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
	mtd: Remove a debug trace in mtdpart.c
	mm, gup: add missing refcount overflow checks on s390
	clk: at91: fix update bit maps on CFG_MOR write
	clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated()
	staging: rtl8192e: fix potential use after free
	staging: rtl8723bs: Drop ACPI device ids
	staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids
	USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P
	mei: bus: prefix device names on bus with the bus name
	xfrm: Fix memleak on xfrm state destroy
	media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE
	net: macb: fix error format in dev_err()
	pwm: Clear chip_data in pwm_put()
	media: atmel: atmel-isc: fix asd memory allocation
	media: atmel: atmel-isc: fix INIT_WORK misplacement
	macvlan: schedule bc_work even if error
	net: psample: fix skb_over_panic
	openvswitch: fix flow command message size
	slip: Fix use-after-free Read in slip_open
	openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info()
	openvswitch: remove another BUG_ON()
	tipc: fix link name length check
	sctp: cache netns in sctp_ep_common
	net: sched: fix `tc -s class show` no bstats on class with nolock subqueues
	ext4: add more paranoia checking in ext4_expand_extra_isize handling
	watchdog: sama5d4: fix WDD value to be always set to max
	net: macb: Fix SUBNS increment and increase resolution
	net: macb driver, check for SKBTX_HW_TSTAMP
	mtd: rawnand: atmel: Fix spelling mistake in error message
	mtd: rawnand: atmel: fix possible object reference leak
	mtd: spi-nor: cast to u64 to avoid uint overflows
	y2038: futex: Move compat implementation into futex.c
	futex: Prevent robust futex exit race
	futex: Move futex exit handling into futex code
	futex: Replace PF_EXITPIDONE with a state
	exit/exec: Seperate mm_release()
	futex: Split futex_mm_release() for exit/exec
	futex: Set task::futex_state to DEAD right after handling futex exit
	futex: Mark the begin of futex exit explicitly
	futex: Sanitize exit state handling
	futex: Provide state handling for exec() as well
	futex: Add mutex around futex exit
	futex: Provide distinct return value when owner is exiting
	futex: Prevent exit livelock
	HID: core: check whether Usage Page item is after Usage ID items
	crypto: stm32/hash - Fix hmac issue more than 256 bytes
	media: stm32-dcmi: fix DMA corruption when stopping streaming
	hwrng: stm32 - fix unbalanced pm_runtime_enable
	mailbox: mailbox-test: fix null pointer if no mmio
	pinctrl: stm32: fix memory leak issue
	ASoC: stm32: i2s: fix dma configuration
	ASoC: stm32: i2s: fix 16 bit format support
	ASoC: stm32: i2s: fix IRQ clearing
	platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer
	platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size
	net: fec: fix clock count mis-match
	Linux 4.14.158

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-12-05 15:48:19 +01:00
Chris Coulson
01dbfb2c74 apparmor: delete the dentry in aafs_remove() to avoid a leak 
[ Upstream commit 201218e4d3dfa1346e30997f48725acce3f26d01 ]

Although the apparmorfs dentries are always dropped from the dentry cache
when the usage count drops to zero, there is no guarantee that this will
happen in aafs_remove(), as another thread might still be using it. In
this scenario, this means that the dentry will temporarily continue to
appear in the results of lookups, even after the call to aafs_remove().

In the case of removal of a profile - it also causes simple_rmdir()
on the profile directory to fail, as the directory won't be empty until
the usage counts of all child dentries have decreased to zero. This
results in the dentry for the profile directory leaking and appearing
empty in the file system tree forever.

Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2019-12-05 15:38:01 +01:00
Shay
8416f71c41 pfk: Added support for virtualized ICE 
Added pfk_ice_virt.c which sends hab requests to BE in host,
instead of sending scm calls directly to TZ.
Also, removed the hardcoded size of key cache table,
and made it configurable.

Change-Id: I942c3886c2fb93846bcdf15b19eabb3bc83e05ba
Signed-off-by: Shay <shayn@codeaurora.org>
 2019-12-02 13:50:58 -08:00
qctecmdr
7dc1d0e2a8 Merge "Merge android-4.14-q.150 (80f767f) into msm-4.14" 2019-11-18 19:53:53 -08:00
Blagovest Kolenichev
e084176fb3 Merge android-4.14-q.150 (80f767f) into msm-4.14 
* refs/heads/tmp-80f767f:
  Revert "sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()"
  Linux 4.14.150
  xfs: clear sb->s_fs_info on mount failure
  x86/asm: Fix MWAITX C-state hint value
  tracing: Get trace_array reference for available_tracers files
  ftrace: Get a reference counter for the trace_array on filter files
  tracing/hwlat: Don't ignore outer-loop duration when calculating max_latency
  tracing/hwlat: Report total time spent in all NMIs during the sample
  media: stkwebcam: fix runtime PM after driver unbind
  Fix the locking in dcache_readdir() and friends
  MIPS: Disable Loongson MMI instructions for kernel build
  NFS: Fix O_DIRECT accounting of number of bytes read/written
  btrfs: fix incorrect updating of log root tree
  iio: adc: hx711: fix bug in sampling of data
  iio: hx711: add delay until DOUT is ready
  Staging: fbtft: fix memory leak in fbtft_framebuffer_alloc
  gpiolib: don't clear FLAG_IS_OUT when emulating open-drain/open-source
  firmware: google: increment VPD key_len properly
  kernel/sysctl.c: do not override max_threads provided by userspace
  CIFS: Force reval dentry if LOOKUP_REVAL flag is set
  CIFS: Force revalidate inode when dentry is stale
  CIFS: Gracefully handle QueryInfo errors during open
  perf inject jit: Fix JIT_CODE_MOVE filename
  perf llvm: Don't access out-of-scope array
  efivar/ssdt: Don't iterate over EFI vars if no SSDT override was specified
  iio: light: opt3001: fix mutex unlock race
  iio: adc: axp288: Override TS pin bias current for some models
  iio: adc: ad799x: fix probe error handling
  staging: vt6655: Fix memory leak in vt6655_probe
  USB: legousbtower: fix use-after-free on release
  USB: legousbtower: fix open after failed reset request
  USB: legousbtower: fix potential NULL-deref on disconnect
  USB: legousbtower: fix deadlock on disconnect
  USB: legousbtower: fix slab info leak at probe
  usb: renesas_usbhs: gadget: Fix usb_ep_set_{halt,wedge}() behavior
  usb: renesas_usbhs: gadget: Do not discard queues in usb_ep_set_{halt,wedge}()
  USB: dummy-hcd: fix power budget for SuperSpeed mode
  USB: microtek: fix info-leak at probe
  USB: usblcd: fix I/O after disconnect
  USB: serial: fix runtime PM after driver unbind
  USB: serial: option: add support for Cinterion CLS8 devices
  USB: serial: option: add Telit FN980 compositions
  USB: serial: ftdi_sio: add device IDs for Sienna and Echelon PL-20
  USB: serial: keyspan: fix NULL-derefs on open() and write()
  serial: uartlite: fix exit path null pointer
  USB: ldusb: fix NULL-derefs on driver unbind
  USB: chaoskey: fix use-after-free on release
  USB: usblp: fix runtime PM after driver unbind
  USB: iowarrior: fix use-after-free after driver unbind
  USB: iowarrior: fix use-after-free on release
  USB: iowarrior: fix use-after-free on disconnect
  USB: adutux: fix use-after-free on release
  USB: adutux: fix NULL-derefs on disconnect
  USB: adutux: fix use-after-free on disconnect
  USB: adutux: remove redundant variable minor
  xhci: Increase STS_SAVE timeout in xhci_suspend()
  usb: xhci: wait for CNR controller not ready bit in xhci resume
  xhci: Check all endpoints for LPM timeout
  xhci: Prevent device initiated U1/U2 link pm if exit latency is too long
  xhci: Fix false warning message about wrong bounce buffer write length
  USB: usb-skeleton: fix NULL-deref on disconnect
  USB: usb-skeleton: fix runtime PM after driver unbind
  USB: yurex: fix NULL-derefs on disconnect
  USB: yurex: Don't retry on unexpected errors
  USB: rio500: Remove Rio 500 kernel driver
  f2fs: use EINVAL for superblock with invalid magic
  panic: ensure preemption is disabled during panic()
  Linux 4.14.149
  ASoC: sgtl5000: Improve VAG power and mute control
  nl80211: validate beacon head
  cfg80211: Use const more consistently in for_each_element macros
  cfg80211: add and use strongly typed element iteration macros
  coresight: etm4x: Use explicit barriers on enable/disable
  vfs: Fix EOVERFLOW testing in put_compat_statfs64
  perf stat: Reset previous counts on repeat with interval
  perf stat: Fix a segmentation fault when using repeat forever
  perf tools: Fix segfault in cpu_cache_level__read()
  tick: broadcast-hrtimer: Fix a race in bc_set_next
  tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
  powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt()
  nbd: fix max number of supported devs
  block/ndb: add WQ_UNBOUND to the knbd-recv workqueue
  nbd: fix crash when the blksize is zero
  KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP
  perf unwind: Fix libunwind build failure on i386 systems
  kernel/elfcore.c: include proper prototypes
  perf build: Add detection of java-11-openjdk-devel package
  sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
  fuse: fix memleak in cuse_channel_open
  thermal: Fix use-after-free when unregistering thermal zone device
  pwm: stm32-lp: Add check in case requested period cannot be achieved
  pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors
  drm/amdgpu: Check for valid number of registers to read
  netfilter: nf_tables: allow lookups in dynamic sets
  watchdog: aspeed: Add support for AST2600
  ceph: reconnect connection if session hang in opening state
  ceph: fix directories inode i_blkbits initialization
  xen/pci: reserve MCFG areas earlier
  9p: avoid attaching writeback_fid on mmap with type PRIVATE
  fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
  ima: always return negative code for error
  cfg80211: initialize on-stack chandefs
  ieee802154: atusb: fix use-after-free at disconnect
  xen/xenbus: fix self-deadlock after killing user process
  Revert "locking/pvqspinlock: Don't wait if vCPU is preempted"
  mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence
  mmc: sdhci: improve ADMA error reporting
  drm/omap: fix max fclk divider for omap36xx
  watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
  timer: Read jiffies once when forwarding base clk
  usercopy: Avoid HIGHMEM pfn warning
  crypto: caam - fix concurrency issue in givencrypt descriptor
  crypto: cavium/zip - Add missing single_release()
  crypto: skcipher - Unmap pages after an external error
  crypto: qat - Silence smp_processor_id() warning
  tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file
  can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
  powerpc/powernv: Restrict OPAL symbol map to only be readable by root
  ASoC: Define a set of DAPM pre/post-up events
  PM / devfreq: tegra: Fix kHz to Hz conversion
  KVM: nVMX: handle page fault in vmread fix
  KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9
  s390/cio: exclude subchannels with no parent from pseudo check
  s390/cio: avoid calling strlen on null pointer
  s390/topology: avoid firing events before kobjs are created
  KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
  s390/process: avoid potential reading of freed stack
  ANDROID: cuttlefish_defconfig: Enable BPF_JIT and BPF_JIT_ALWAYS_ON

Conflicts:
	drivers/mmc/host/sdhci.c

Change-Id: I53805f1005b1a59a1201a75d9f188a5c35a98df6
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-10-25 05:30:35 -07:00
qctecmdr
c186f1a56a Merge "pfk: use cached mapping at all places in pfk_bio_get_inode()" 2019-10-24 18:55:20 -07:00
Sahitya Tummala
ce25ea95b8 pfk: use cached mapping at all places in pfk_bio_get_inode() 
The page->mapping will be set to NULL when it is truncated.
The same metadata page if it is currently under processing by
ext4/jbd2, then it is possible for pfk_bio_get_inode() to see
inconsistent page->mapping, for the requests submitted by jbd2
on this page. To avoid this inconsistency, use cached mapping at
all places in pfk_bio_get_inode(). It doesn't matter whether the
pfk driver sees the mapping or sees null mapping for metadata
requests because, pfk_allow_merge_bio() will always return true
for 2 journal metadata requests and  for one journal and one
non-journal request, it always returns false (independent of
the metadata page mapping state).

Change-Id: Ia452f972346e1ba3b25560ffa140d023dbb3409d
Signed-off-by: Sahitya Tummala <stummala@codeaurora.org>
 2019-10-22 08:41:02 +05:30
Greg Kroah-Hartman
3534fdef30 This is the 4.14.149 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2gq2oACgkQONu9yGCS
 aT73vhAAqtCzbCmmWPIUTjyUQ+ntD1EeBrCvlNf0uMqqAAtY4r5QetfcqEDUAKlW
 S+nGYC7ZRz7YWZKN7EplwBXldnQe0AQdavFeycoCT0Xfem+M/UbVOi0rZvrTXv7w
 fVM7XDbXIxIi0uluYx67Sa/qdAVEJqg2d+VCh/4Hz8KBADf95KYpTvA1XgWs2xni
 ztFpRS/1MW+zmILAS32TlTczdq+J+WEf+dEwboKBkgAgdYbNHD38GWEthXDQE0V/
 rmmURpPV5Mj4mJ3fBY3D0/zg0mvJLvhd0EMa3AgfaEXAgxbKP8K7mVJrMD49p45Q
 iMSvKFKEIdE+wKdtJvG7yorrnHTzwdIZdLAHoi+OS4HCMnv34xtH39MDCLTV43mF
 vdjaB3a8WMij1QyQD0kDh0fFmFEzgaN3kr4HYE7RBVvmN/TtFOZySlcapp/lLp+r
 mqNOA/GtBHzE1BggZ6rO/FKg/t/MMLV2vpcnZzWvWFt5ecdchXPqJSowDI+HbVma
 0dpMD60tcUTU3yyW6fL8AbX5/gObs6GZ1P6TsDO49hnj0VhUBwaDOTFIOguFv5nT
 fkV0gq3DgjmMkfOgAnetnRUI6WHcDs+oPoaz7/cmNGCP9wxEpVElhxw7QFmWE92K
 BN1mhi8hhNpuJqY3XCAZ9fL/FgBOwAe8o89CUYIVZy/mOCqtu4w=
 =M5Rv
 -----END PGP SIGNATURE-----

Merge 4.14.149 into android-4.14-q

Changes in 4.14.149
	s390/process: avoid potential reading of freed stack
	KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
	s390/topology: avoid firing events before kobjs are created
	s390/cio: avoid calling strlen on null pointer
	s390/cio: exclude subchannels with no parent from pseudo check
	KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9
	KVM: nVMX: handle page fault in vmread fix
	PM / devfreq: tegra: Fix kHz to Hz conversion
	ASoC: Define a set of DAPM pre/post-up events
	powerpc/powernv: Restrict OPAL symbol map to only be readable by root
	can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
	tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file
	crypto: qat - Silence smp_processor_id() warning
	crypto: skcipher - Unmap pages after an external error
	crypto: cavium/zip - Add missing single_release()
	crypto: caam - fix concurrency issue in givencrypt descriptor
	usercopy: Avoid HIGHMEM pfn warning
	timer: Read jiffies once when forwarding base clk
	watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
	drm/omap: fix max fclk divider for omap36xx
	mmc: sdhci: improve ADMA error reporting
	mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence
	Revert "locking/pvqspinlock: Don't wait if vCPU is preempted"
	xen/xenbus: fix self-deadlock after killing user process
	ieee802154: atusb: fix use-after-free at disconnect
	cfg80211: initialize on-stack chandefs
	ima: always return negative code for error
	fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
	9p: avoid attaching writeback_fid on mmap with type PRIVATE
	xen/pci: reserve MCFG areas earlier
	ceph: fix directories inode i_blkbits initialization
	ceph: reconnect connection if session hang in opening state
	watchdog: aspeed: Add support for AST2600
	netfilter: nf_tables: allow lookups in dynamic sets
	drm/amdgpu: Check for valid number of registers to read
	pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors
	pwm: stm32-lp: Add check in case requested period cannot be achieved
	thermal: Fix use-after-free when unregistering thermal zone device
	fuse: fix memleak in cuse_channel_open
	sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
	perf build: Add detection of java-11-openjdk-devel package
	kernel/elfcore.c: include proper prototypes
	perf unwind: Fix libunwind build failure on i386 systems
	KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP
	nbd: fix crash when the blksize is zero
	block/ndb: add WQ_UNBOUND to the knbd-recv workqueue
	nbd: fix max number of supported devs
	powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt()
	tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
	tick: broadcast-hrtimer: Fix a race in bc_set_next
	perf tools: Fix segfault in cpu_cache_level__read()
	perf stat: Fix a segmentation fault when using repeat forever
	perf stat: Reset previous counts on repeat with interval
	vfs: Fix EOVERFLOW testing in put_compat_statfs64
	coresight: etm4x: Use explicit barriers on enable/disable
	cfg80211: add and use strongly typed element iteration macros
	cfg80211: Use const more consistently in for_each_element macros
	nl80211: validate beacon head
	ASoC: sgtl5000: Improve VAG power and mute control
	Linux 4.14.149

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-10-11 19:10:13 +02:00
Greg Kroah-Hartman
1d75f58e4e This is the 4.14.149 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2gq2oACgkQONu9yGCS
 aT73vhAAqtCzbCmmWPIUTjyUQ+ntD1EeBrCvlNf0uMqqAAtY4r5QetfcqEDUAKlW
 S+nGYC7ZRz7YWZKN7EplwBXldnQe0AQdavFeycoCT0Xfem+M/UbVOi0rZvrTXv7w
 fVM7XDbXIxIi0uluYx67Sa/qdAVEJqg2d+VCh/4Hz8KBADf95KYpTvA1XgWs2xni
 ztFpRS/1MW+zmILAS32TlTczdq+J+WEf+dEwboKBkgAgdYbNHD38GWEthXDQE0V/
 rmmURpPV5Mj4mJ3fBY3D0/zg0mvJLvhd0EMa3AgfaEXAgxbKP8K7mVJrMD49p45Q
 iMSvKFKEIdE+wKdtJvG7yorrnHTzwdIZdLAHoi+OS4HCMnv34xtH39MDCLTV43mF
 vdjaB3a8WMij1QyQD0kDh0fFmFEzgaN3kr4HYE7RBVvmN/TtFOZySlcapp/lLp+r
 mqNOA/GtBHzE1BggZ6rO/FKg/t/MMLV2vpcnZzWvWFt5ecdchXPqJSowDI+HbVma
 0dpMD60tcUTU3yyW6fL8AbX5/gObs6GZ1P6TsDO49hnj0VhUBwaDOTFIOguFv5nT
 fkV0gq3DgjmMkfOgAnetnRUI6WHcDs+oPoaz7/cmNGCP9wxEpVElhxw7QFmWE92K
 BN1mhi8hhNpuJqY3XCAZ9fL/FgBOwAe8o89CUYIVZy/mOCqtu4w=
 =M5Rv
 -----END PGP SIGNATURE-----

Merge 4.14.149 into android-4.14

Changes in 4.14.149
	s390/process: avoid potential reading of freed stack
	KVM: s390: Test for bad access register and size at the start of S390_MEM_OP
	s390/topology: avoid firing events before kobjs are created
	s390/cio: avoid calling strlen on null pointer
	s390/cio: exclude subchannels with no parent from pseudo check
	KVM: PPC: Book3S HV: Don't lose pending doorbell request on migration on P9
	KVM: nVMX: handle page fault in vmread fix
	PM / devfreq: tegra: Fix kHz to Hz conversion
	ASoC: Define a set of DAPM pre/post-up events
	powerpc/powernv: Restrict OPAL symbol map to only be readable by root
	can: mcp251x: mcp251x_hw_reset(): allow more time after a reset
	tools lib traceevent: Fix "robust" test of do_generate_dynamic_list_file
	crypto: qat - Silence smp_processor_id() warning
	crypto: skcipher - Unmap pages after an external error
	crypto: cavium/zip - Add missing single_release()
	crypto: caam - fix concurrency issue in givencrypt descriptor
	usercopy: Avoid HIGHMEM pfn warning
	timer: Read jiffies once when forwarding base clk
	watchdog: imx2_wdt: fix min() calculation in imx2_wdt_set_timeout
	drm/omap: fix max fclk divider for omap36xx
	mmc: sdhci: improve ADMA error reporting
	mmc: sdhci-of-esdhc: set DMA snooping based on DMA coherence
	Revert "locking/pvqspinlock: Don't wait if vCPU is preempted"
	xen/xenbus: fix self-deadlock after killing user process
	ieee802154: atusb: fix use-after-free at disconnect
	cfg80211: initialize on-stack chandefs
	ima: always return negative code for error
	fs: nfs: Fix possible null-pointer dereferences in encode_attrs()
	9p: avoid attaching writeback_fid on mmap with type PRIVATE
	xen/pci: reserve MCFG areas earlier
	ceph: fix directories inode i_blkbits initialization
	ceph: reconnect connection if session hang in opening state
	watchdog: aspeed: Add support for AST2600
	netfilter: nf_tables: allow lookups in dynamic sets
	drm/amdgpu: Check for valid number of registers to read
	pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors
	pwm: stm32-lp: Add check in case requested period cannot be achieved
	thermal: Fix use-after-free when unregistering thermal zone device
	fuse: fix memleak in cuse_channel_open
	sched/core: Fix migration to invalid CPU in __set_cpus_allowed_ptr()
	perf build: Add detection of java-11-openjdk-devel package
	kernel/elfcore.c: include proper prototypes
	perf unwind: Fix libunwind build failure on i386 systems
	KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP
	nbd: fix crash when the blksize is zero
	block/ndb: add WQ_UNBOUND to the knbd-recv workqueue
	nbd: fix max number of supported devs
	powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt()
	tools lib traceevent: Do not free tep->cmdlines in add_new_comm() on failure
	tick: broadcast-hrtimer: Fix a race in bc_set_next
	perf tools: Fix segfault in cpu_cache_level__read()
	perf stat: Fix a segmentation fault when using repeat forever
	perf stat: Reset previous counts on repeat with interval
	vfs: Fix EOVERFLOW testing in put_compat_statfs64
	coresight: etm4x: Use explicit barriers on enable/disable
	cfg80211: add and use strongly typed element iteration macros
	cfg80211: Use const more consistently in for_each_element macros
	nl80211: validate beacon head
	ASoC: sgtl5000: Improve VAG power and mute control
	Linux 4.14.149

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-10-11 19:06:20 +02:00
Sascha Hauer
27551dbe09 ima: always return negative code for error 
[ Upstream commit f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88 ]

integrity_kernel_read() returns the number of bytes read. If this is
a short read then this positive value is returned from
ima_calc_file_hash_atfm(). Currently this is only indirectly called from
ima_calc_file_hash() and this function only tests for the return value
being zero or nonzero and also doesn't forward the return value.
Nevertheless there's no point in returning a positive value as an error,
so translate a short read into -EINVAL.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2019-10-11 18:18:37 +02:00
Blagovest Kolenichev
d64e0d142b Merge android-4.14-q.148 (6d671bf) into msm-4.14 
* refs/heads/tmp-6d671bf:
  Linux 4.14.148
  kexec: bail out upon SIGKILL when allocating memory.
  NFC: fix attrs checks in netlink interface
  smack: use GFP_NOFS while holding inode_smack::smk_lock
  Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
  ipv6: Handle missing host route in __ipv6_ifa_notify
  sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
  tipc: fix unlimited bundling of small messages
  xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
  net/rds: Fix error handling in rds_ib_add_one()
  vsock: Fix a lockdep warning in __vsock_release()
  sch_dsmark: fix potential NULL deref in dsmark_init()
  qmi_wwan: add support for Cinterion CLS8 devices
  nfc: fix memory leak in llcp_sock_bind()
  net: Unpublish sk from sk_reuseport_cb before call_rcu
  net: qlogic: Fix memory leak in ql_alloc_large_buffers
  net: ipv4: avoid mixed n_redirects and rate_tokens usage
  ipv6: drop incoming packets having a v4mapped source address
  hso: fix NULL-deref on tty open
  erspan: remove the incorrect mtu limit for erspan
  cxgb4:Fix out-of-bounds MSI-X info array access
  bpf: fix use after free in prog symbol exposure
  kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
  ocfs2: wait for recovering done after direct unlock request
  kbuild: clean compressed initramfs image
  hypfs: Fix error number left in struct pointer member
  pktcdvd: remove warning on attempting to register non-passthrough dev
  fat: work around race with userspace's read via blockdev while mounting
  ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address
  security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
  PCI: exynos: Propagate errors for optional PHYs
  PCI: imx6: Propagate errors for optional regulators
  PCI: rockchip: Propagate errors for optional regulators
  HID: apple: Fix stuck function keys when using FN
  rtc: snvs: fix possible race condition
  ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
  livepatch: Nullify obj->mod in klp_module_coming()'s error path
  PCI: tegra: Fix OF node reference leak
  mfd: intel-lpss: Remove D3cold delay
  i2c-cht-wc: Fix lockdep warning
  MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
  dma-buf/sw_sync: Synchronize signal vs syncpt free
  scsi: core: Reduce memory required for SCSI logging
  clk: at91: select parent if main oscillator or bypass is enabled
  arm64: fix unreachable code issue with cmpxchg
  powerpc/pseries: correctly track irq state in default idle
  powerpc/64s/exception: machine check use correct cfar for late handler
  drm/amdgpu/si: fix ASIC tests
  drm/nouveau/volt: Fix for some cards having 0 maximum voltage
  vfio_pci: Restore original state on release
  pinctrl: tegra: Fix write barrier placement in pmx_writel
  powerpc/pseries/mobility: use cond_resched when updating device tree
  powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
  powerpc/rtas: use device model APIs and serialization during LPM
  powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
  clk: zx296718: Don't reference clk_init_data after registration
  clk: sirf: Don't reference clk_init_data after registration
  clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
  clk: qoriq: Fix -Wunused-const-variable
  ipmi_si: Only schedule continuously in the thread in maintenance mode
  gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
  drm/radeon: Fix EEH during kexec
  drm/stm: attach gem fence to atomic state
  video: ssd1307fb: Start page range at page_offset
  drm/panel: simple: fix AUO g185han01 horizontal blanking
  drm/bridge: tc358767: Increase AUX transfer length limit
  tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
  tpm: use tpm_try_get_ops() in tpm-sysfs.c.
  tpm: migrate pubek_show to struct tpm_buf

Change-Id: Ibd1faaa8b3535135d8d72fb76a157b459cb9957c
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-10-11 05:41:38 -07:00
Greg Kroah-Hartman
6d671bffe3 This is the 4.14.148 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2bbfsACgkQONu9yGCS
 aT6Muw//fL0vFOn5znSGAIoABpjUlVgMH/b40KKXCL0UV27j1F1lW7nGs3fgyxow
 ZB7qfui7urJCoWfWUt+qFFTHD5dZV1bbYwQwDsPl4a9z2djGR/C90G9PYyAMqXhk
 dHh8pnV3lR5xPm3TXRcT2P8nGLYQ2LkFOQrSV/XcLfPisfebtKbJQSKFrt/qDaN4
 C9sA9DlBK+0x+s2nZr66lWNLWZf4tkEflM4UZiRIJQ//nGZquR8OT1C/8ssf/XMF
 9ahtEpzydqxsn8kb4kmoSYn+A5lotzabBkQNiQH/cNTm/5kQTfZP9DYx3PFO1GDo
 wQOyRWffOuR12zOzY32U/hj8VK2vj/Q/rpyx5zrVJn3DzpWgObPdVdlDDrOn/NeC
 5ddLE7nXuADH7GhKsLbh1yWoEnaP2mHdnUiqln3naPi85Yezt9sTzDDKVvzHimJl
 bjuQg7wWDcr/l3dTqH0OxaiRl2C1/98nz6T2KpSM2rxOPy5rzj8dHkd0RirvME3X
 dcDayjBCbEXjWHxJoVA1hzem1Vjfguc4lj9OYviJsBK3dQ3S1st8rQIBVeKKnOyb
 YdFmmpBAHLWBRQPQk/GRnkpC2jhwqMuRHd3S8C/OQNIeRFqida48JVQCubpAFGV3
 Zy9mxQKTz2HgRrUIOAwBlmoaJI49JJjvxtF6Y7Xv78qkEelDQD4=
 =Lvk3
 -----END PGP SIGNATURE-----

Merge 4.14.148 into android-4.14-q

Changes in 4.14.148
	tpm: migrate pubek_show to struct tpm_buf
	tpm: use tpm_try_get_ops() in tpm-sysfs.c.
	tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
	drm/bridge: tc358767: Increase AUX transfer length limit
	drm/panel: simple: fix AUO g185han01 horizontal blanking
	video: ssd1307fb: Start page range at page_offset
	drm/stm: attach gem fence to atomic state
	drm/radeon: Fix EEH during kexec
	gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
	ipmi_si: Only schedule continuously in the thread in maintenance mode
	clk: qoriq: Fix -Wunused-const-variable
	clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
	clk: sirf: Don't reference clk_init_data after registration
	clk: zx296718: Don't reference clk_init_data after registration
	powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
	powerpc/rtas: use device model APIs and serialization during LPM
	powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
	powerpc/pseries/mobility: use cond_resched when updating device tree
	pinctrl: tegra: Fix write barrier placement in pmx_writel
	vfio_pci: Restore original state on release
	drm/nouveau/volt: Fix for some cards having 0 maximum voltage
	drm/amdgpu/si: fix ASIC tests
	powerpc/64s/exception: machine check use correct cfar for late handler
	powerpc/pseries: correctly track irq state in default idle
	arm64: fix unreachable code issue with cmpxchg
	clk: at91: select parent if main oscillator or bypass is enabled
	scsi: core: Reduce memory required for SCSI logging
	dma-buf/sw_sync: Synchronize signal vs syncpt free
	MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
	i2c-cht-wc: Fix lockdep warning
	mfd: intel-lpss: Remove D3cold delay
	PCI: tegra: Fix OF node reference leak
	livepatch: Nullify obj->mod in klp_module_coming()'s error path
	ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
	rtc: snvs: fix possible race condition
	HID: apple: Fix stuck function keys when using FN
	PCI: rockchip: Propagate errors for optional regulators
	PCI: imx6: Propagate errors for optional regulators
	PCI: exynos: Propagate errors for optional PHYs
	security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
	ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address
	fat: work around race with userspace's read via blockdev while mounting
	pktcdvd: remove warning on attempting to register non-passthrough dev
	hypfs: Fix error number left in struct pointer member
	kbuild: clean compressed initramfs image
	ocfs2: wait for recovering done after direct unlock request
	kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
	bpf: fix use after free in prog symbol exposure
	cxgb4:Fix out-of-bounds MSI-X info array access
	erspan: remove the incorrect mtu limit for erspan
	hso: fix NULL-deref on tty open
	ipv6: drop incoming packets having a v4mapped source address
	net: ipv4: avoid mixed n_redirects and rate_tokens usage
	net: qlogic: Fix memory leak in ql_alloc_large_buffers
	net: Unpublish sk from sk_reuseport_cb before call_rcu
	nfc: fix memory leak in llcp_sock_bind()
	qmi_wwan: add support for Cinterion CLS8 devices
	sch_dsmark: fix potential NULL deref in dsmark_init()
	vsock: Fix a lockdep warning in __vsock_release()
	net/rds: Fix error handling in rds_ib_add_one()
	xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
	tipc: fix unlimited bundling of small messages
	sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
	ipv6: Handle missing host route in __ipv6_ifa_notify
	Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
	smack: use GFP_NOFS while holding inode_smack::smk_lock
	NFC: fix attrs checks in netlink interface
	kexec: bail out upon SIGKILL when allocating memory.
	Linux 4.14.148

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-10-07 19:13:17 +02:00
Greg Kroah-Hartman
8390d98a1a This is the 4.14.148 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2bbfsACgkQONu9yGCS
 aT6Muw//fL0vFOn5znSGAIoABpjUlVgMH/b40KKXCL0UV27j1F1lW7nGs3fgyxow
 ZB7qfui7urJCoWfWUt+qFFTHD5dZV1bbYwQwDsPl4a9z2djGR/C90G9PYyAMqXhk
 dHh8pnV3lR5xPm3TXRcT2P8nGLYQ2LkFOQrSV/XcLfPisfebtKbJQSKFrt/qDaN4
 C9sA9DlBK+0x+s2nZr66lWNLWZf4tkEflM4UZiRIJQ//nGZquR8OT1C/8ssf/XMF
 9ahtEpzydqxsn8kb4kmoSYn+A5lotzabBkQNiQH/cNTm/5kQTfZP9DYx3PFO1GDo
 wQOyRWffOuR12zOzY32U/hj8VK2vj/Q/rpyx5zrVJn3DzpWgObPdVdlDDrOn/NeC
 5ddLE7nXuADH7GhKsLbh1yWoEnaP2mHdnUiqln3naPi85Yezt9sTzDDKVvzHimJl
 bjuQg7wWDcr/l3dTqH0OxaiRl2C1/98nz6T2KpSM2rxOPy5rzj8dHkd0RirvME3X
 dcDayjBCbEXjWHxJoVA1hzem1Vjfguc4lj9OYviJsBK3dQ3S1st8rQIBVeKKnOyb
 YdFmmpBAHLWBRQPQk/GRnkpC2jhwqMuRHd3S8C/OQNIeRFqida48JVQCubpAFGV3
 Zy9mxQKTz2HgRrUIOAwBlmoaJI49JJjvxtF6Y7Xv78qkEelDQD4=
 =Lvk3
 -----END PGP SIGNATURE-----

Merge 4.14.148 into android-4.14

Changes in 4.14.148
	tpm: migrate pubek_show to struct tpm_buf
	tpm: use tpm_try_get_ops() in tpm-sysfs.c.
	tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
	drm/bridge: tc358767: Increase AUX transfer length limit
	drm/panel: simple: fix AUO g185han01 horizontal blanking
	video: ssd1307fb: Start page range at page_offset
	drm/stm: attach gem fence to atomic state
	drm/radeon: Fix EEH during kexec
	gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property()
	ipmi_si: Only schedule continuously in the thread in maintenance mode
	clk: qoriq: Fix -Wunused-const-variable
	clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks
	clk: sirf: Don't reference clk_init_data after registration
	clk: zx296718: Don't reference clk_init_data after registration
	powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL
	powerpc/rtas: use device model APIs and serialization during LPM
	powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function
	powerpc/pseries/mobility: use cond_resched when updating device tree
	pinctrl: tegra: Fix write barrier placement in pmx_writel
	vfio_pci: Restore original state on release
	drm/nouveau/volt: Fix for some cards having 0 maximum voltage
	drm/amdgpu/si: fix ASIC tests
	powerpc/64s/exception: machine check use correct cfar for late handler
	powerpc/pseries: correctly track irq state in default idle
	arm64: fix unreachable code issue with cmpxchg
	clk: at91: select parent if main oscillator or bypass is enabled
	scsi: core: Reduce memory required for SCSI logging
	dma-buf/sw_sync: Synchronize signal vs syncpt free
	MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean
	i2c-cht-wc: Fix lockdep warning
	mfd: intel-lpss: Remove D3cold delay
	PCI: tegra: Fix OF node reference leak
	livepatch: Nullify obj->mod in klp_module_coming()'s error path
	ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes
	rtc: snvs: fix possible race condition
	HID: apple: Fix stuck function keys when using FN
	PCI: rockchip: Propagate errors for optional regulators
	PCI: imx6: Propagate errors for optional regulators
	PCI: exynos: Propagate errors for optional PHYs
	security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()
	ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address
	fat: work around race with userspace's read via blockdev while mounting
	pktcdvd: remove warning on attempting to register non-passthrough dev
	hypfs: Fix error number left in struct pointer member
	kbuild: clean compressed initramfs image
	ocfs2: wait for recovering done after direct unlock request
	kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K
	bpf: fix use after free in prog symbol exposure
	cxgb4:Fix out-of-bounds MSI-X info array access
	erspan: remove the incorrect mtu limit for erspan
	hso: fix NULL-deref on tty open
	ipv6: drop incoming packets having a v4mapped source address
	net: ipv4: avoid mixed n_redirects and rate_tokens usage
	net: qlogic: Fix memory leak in ql_alloc_large_buffers
	net: Unpublish sk from sk_reuseport_cb before call_rcu
	nfc: fix memory leak in llcp_sock_bind()
	qmi_wwan: add support for Cinterion CLS8 devices
	sch_dsmark: fix potential NULL deref in dsmark_init()
	vsock: Fix a lockdep warning in __vsock_release()
	net/rds: Fix error handling in rds_ib_add_one()
	xen-netfront: do not use ~0U as error return value for xennet_fill_frags()
	tipc: fix unlimited bundling of small messages
	sch_cbq: validate TCA_CBQ_WRROPT to avoid crash
	ipv6: Handle missing host route in __ipv6_ifa_notify
	Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set
	smack: use GFP_NOFS while holding inode_smack::smk_lock
	NFC: fix attrs checks in netlink interface
	kexec: bail out upon SIGKILL when allocating memory.
	Linux 4.14.148

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-10-07 19:12:31 +02:00
Eric Biggers
416a5d0346 smack: use GFP_NOFS while holding inode_smack::smk_lock 
commit e5bfad3d7acc5702f32aafeb388362994f4d7bd0 upstream.

inode_smack::smk_lock is taken during smack_d_instantiate(), which is
called during a filesystem transaction when creating a file on ext4.
Therefore to avoid a deadlock, all code that takes this lock must use
GFP_NOFS, to prevent memory reclaim from waiting for the filesystem
transaction to complete.

Reported-by: syzbot+0eefc1e06a77d327a056@syzkaller.appspotmail.com
Cc: stable@vger.kernel.org
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2019-10-07 18:55:22 +02:00
Jann Horn
ca2cf05447 Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set 
commit 3675f052b43ba51b99b85b073c7070e083f3e6fb upstream.

There is a logic bug in the current smack_bprm_set_creds():
If LSM_UNSAFE_PTRACE is set, but the ptrace state is deemed to be
acceptable (e.g. because the ptracer detached in the meantime), the other
->unsafe flags aren't checked. As far as I can tell, this means that
something like the following could work (but I haven't tested it):

 - task A: create task B with fork()
 - task B: set NO_NEW_PRIVS
 - task B: install a seccomp filter that makes open() return 0 under some
   conditions
 - task B: replace fd 0 with a malicious library
 - task A: attach to task B with PTRACE_ATTACH
 - task B: execve() a file with an SMACK64EXEC extended attribute
 - task A: while task B is still in the middle of execve(), exit (which
   destroys the ptrace relationship)

Make sure that if any flags other than LSM_UNSAFE_PTRACE are set in
bprm->unsafe, we reject the execve().

Cc: stable@vger.kernel.org
Fixes: 5663884caab1 ("Smack: unify all ptrace accesses in the smack")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2019-10-07 18:55:22 +02:00
Jia-Ju Bai
4b1e27b3b4 security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() 
[ Upstream commit 3f4287e7d98a2954f20bf96c567fdffcd2b63eb9 ]

In smack_socket_sock_rcv_skb(), there is an if statement
on line 3920 to check whether skb is NULL:
    if (skb && skb->secmark != 0)

This check indicates skb can be NULL in some cases.

But on lines 3931 and 3932, skb is used:
    ad.a.u.net->netif = skb->skb_iif;
    ipv6_skb_to_auditdata(skb, &ad.a, NULL);

Thus, possible null-pointer dereferences may occur when skb is NULL.

To fix these possible bugs, an if statement is added to check skb.

These bugs are found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2019-10-07 18:55:12 +02:00
Blagovest Kolenichev
3b572c9bfa Merge android-4.14-q.146 (a3d6259) into msm-4.14 
* refs/heads/tmp-a3d6259:
  Linux 4.14.146
  media: technisat-usb2: break out of loop at end of buffer
  tcp: Don't dequeue SYN/FIN-segments from write-queue
  tcp: Reset send_head when removing skb from write-queue
  binfmt_elf: move brk out of mmap when doing direct loader exec
  floppy: fix usercopy direction
  PCI: kirin: Fix section mismatch warning
  iommu/amd: Fix race in increase_address_space()
  iommu/amd: Flush old domains in kdump kernel
  keys: Fix missing null pointer check in request_key_auth_describe()
  x86/hyper-v: Fix overflow bug in fill_gva_list()
  x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
  dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
  dmaengine: ti: dma-crossbar: Fix a memory leak bug
  net: seeq: Fix the function used to release some memory in an error handling path
  tools/power turbostat: fix buffer overrun
  tools/power x86_energy_perf_policy: Fix argument parsing
  tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2
  amd-xgbe: Fix error path in xgbe_mod_init()
  perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
  perf/x86/intel: Restrict period on Nehalem
  i2c: designware: Synchronize IRQs when unregistering slave client
  sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
  ARM: 8901/1: add a criteria for pfn_valid of arm
  cifs: Use kzfree() to zero out the password
  cifs: set domainName when a domain-key is used in multiuser
  kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol
  NFSv2: Fix write regression
  NFSv2: Fix eof handling
  netfilter: nf_conntrack_ftp: Fix debug output
  x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
  r8152: Set memory to all 0xFFs on failed reg reads
  batman-adv: Only read OGM2 tvlv_len after buffer len check
  ARM: 8874/1: mm: only adjust sections of valid mm structures
  qed: Add cleanup in qed_slowpath_start()
  Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
  NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
  NFSv4: Fix return value in nfs_finish_open()
  NFSv4: Fix return values for nfs4_file_open()
  netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
  fpga: altera-ps-spi: Fix getting of optional confd gpio
  s390/bpf: use 32-bit index for tail calls
  ARM: dts: dra74x: Fix iodelay configuration for mmc3
  ARM: OMAP2+: Fix omap4 errata warning on other SoCs
  s390/bpf: fix lcgr instruction encoding
  ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
  nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
  mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
  tty/serial: atmel: reschedule TX after RX was started
  serial: sprd: correct the wrong sequence of arguments
  firmware: google: check if size is valid when decoding VPD data
  KVM: coalesced_mmio: add bounds checking
  net_sched: let qdisc_put() accept NULL pointer
  xen-netfront: do not assume sk_buff_head list is empty in error handling
  media: tm6000: double free if usb disconnect while streaming
  phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
  USB: usbcore: Fix slab-out-of-bounds bug during device reset
  powerpc/mm/radix: Use the right page size for vmemmap mapping
  Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
  HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
  ANDROID: regression introduced override_creds=off
  Linux 4.14.145
  x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
  nvmem: Use the same permissions for eeprom as for nvmem
  platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table
  Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
  drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
  firmware: ti_sci: Always request response from firmware
  crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
  crypto: talitos - Do not modify req->cryptlen on decryption.
  crypto: talitos - fix ECB algs ivsize
  crypto: talitos - check data blocksize in ablkcipher.
  crypto: talitos - fix CTR alg blocksize
  crypto: talitos - check AES key size
  driver core: Fix use-after-free and double free on glue directory
  ubifs: Correctly use tnc_next() in search_dh_cookie()
  PCI: Always allow probing with driver_override
  mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
  clk: rockchip: Don't yell about bad mmc phases when getting
  drm/meson: Add support for XBGR8888 & ABGR8888 formats
  powerpc: Add barrier_nospec to raw_copy_in_user()
  MIPS: VDSO: Use same -m%-float cflag as the kernel proper
  MIPS: VDSO: Prevent use of smp_processor_id()
  KVM: nVMX: handle page fault in vmread
  KVM: x86: work around leak of uninitialized stack contents
  KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
  genirq: Prevent NULL pointer dereference in resend_irqs()
  Btrfs: fix assertion failure during fsync and use of stale transaction
  gpio: fix line flag validation in lineevent_create
  gpio: fix line flag validation in linehandle_create
  gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
  Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
  btrfs: correctly validate compression type
  btrfs: compression: add helper for type to string conversion
  tun: fix use-after-free when register netdev failed
  tipc: add NULL pointer check before calling kfree_rcu
  tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
  sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
  sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
  sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
  net: phylink: Fix flow control resolution
  net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list
  net: Fix null de-reference of device refcount
  isdn/capi: check message length in capi_write()
  ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
  cdc_ether: fix rndis support for Mediatek based smartphones
  bridge/mdb: remove wrong use of NLM_F_MULTI
  Linux 4.14.144
  vhost: make sure log_num < in_num
  kernel/module: Fix mem leak in module_add_modinfo_attrs
  clk: s2mps11: Add used attribute to s2mps11_dt_match
  scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
  arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64
  powerpc/64: mark start_here_multiplatform as __ref
  hv_sock: Fix hang when a connection is closed
  batman-adv: Only read OGM tvlv_len after buffer len check
  batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
  vhost/test: fix build for vhost test
  PCI: dra7xx: Fix legacy INTD IRQ handling
  PCI: designware-ep: Fix find_first_zero_bit() usage
  ip6: fix skb leak in ip6frag_expire_frag_queue()
  xfrm: clean up xfrm protocol checks
  powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
  drm/vmwgfx: Fix double free in vmw_recv_msg()
  sched/fair: Don't assign runtime for throttled cfs_rq
  ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
  ALSA: hda/realtek - Fix overridden device-specific initialization
  ALSA: hda - Fix potential endless loop at applying quirks
  Linux 4.14.143
  x86/boot: Preserve boot_params.secure_boot from sanitizing
  mld: fix memory leak in mld_del_delrec()
  net: sched: act_sample: fix psample group handling on overwrite
  tcp: remove empty skb from write queue in error cases
  tcp: inherit timestamp on mtu probe
  net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
  net_sched: fix a NULL pointer deref in ipt action
  net: fix skb use after free in netpoll
  Revert "x86/apic: Include the LDR when clearing out APIC registers"
  spi: bcm2835aux: fix corruptions for longer spi transfers
  spi: bcm2835aux: remove dangerous uncontrolled read of fifo
  spi: bcm2835aux: unifying code between polling and interrupt driven code
  libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
  KVM: arm/arm64: Only skip MMIO insn once
  ceph: fix buffer free while holding i_ceph_lock in fill_inode()
  ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob()
  ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
  IB/mlx4: Fix memory leaks
  Tools: hv: kvp: eliminate 'may be used uninitialized' warning
  Input: hyperv-keyboard: Use in-place iterator API in the channel callback
  HID: cp2112: prevent sleeping function called from invalid context
  kprobes: Fix potential deadlock in kprobe_optimizer()
  ravb: Fix use-after-free ravb_tstamp_skb
  wimax/i2400m: fix a memory leak bug
  net: kalmia: fix memory leaks
  cx82310_eth: fix a memory leak bug
  vfs: fix page locking deadlocks when deduping files
  lan78xx: Fix memory leaks
  net: myri10ge: fix memory leaks
  liquidio: add cleanup in octeon_setup_iq()
  cxgb4: fix a memory leak bug
  drm/mediatek: set DMA max segment size
  drm/mediatek: use correct device to import PRIME buffers
  gpio: Fix build error of function redefinition
  ibmveth: Convert multicast list size for little-endian system
  Bluetooth: btqca: Add a short delay before downloading the NVM
  net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
  hv_netvsc: Fix a warning of suspicious RCU usage
  net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
  Linux 4.14.142
  Revert "ASoC: Fail card instantiation if DAI format setup fails"
  x86/ptrace: fix up botched merge of spectrev1 fix
  i2c: piix4: Fix port selection for AMD Family 16h Model 30h
  NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0
  NFS: Pass error information to the pgio error cleanup routine
  NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
  NFS: Clean up list moves of struct nfs_page
  KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
  KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
  KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling
  mac80211: fix possible sta leak
  Revert "cfg80211: fix processing world regdomain when non modular"
  crypto: ccp - Ignore unconfigured CCP device on suspend/resume
  VMCI: Release resource if the work is already queued
  drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
  intel_th: pci: Add Tiger Lake support
  intel_th: pci: Add support for another Lewisburg PCH
  stm class: Fix a double free of stm_source_device
  mmc: core: Fix init of SD cards reporting an invalid VDD range
  mmc: sdhci-of-at91: add quirk for broken HS200
  uprobes/x86: Fix detection of 32-bit user mode
  USB: storage: ums-realtek: Whitelist auto-delink support
  USB: storage: ums-realtek: Update module parameter description for auto_delink_en
  usb: host: xhci: rcar: Fix typo in compatible string matching
  usb: host: ohci: fix a race condition between shutdown and irq
  usb: chipidea: udc: don't do hardware access if gadget has stopped
  USB: cdc-wdm: fix race between write and disconnect due to flag abuse
  usb-storage: Add new JMS567 revision to unusual_devs
  ftrace: Check for empty hash and comment the race with registering probes
  ftrace: Check for successful allocation of hash
  ftrace: Fix NULL pointer dereference in t_probe_next()
  x86/apic: Include the LDR when clearing out APIC registers
  x86/apic: Do not initialize LDR and DFR for bigsmp
  KVM: x86: Don't update RIP or do single-step on faulting emulation
  kvm: x86: skip populating logical dest map if apic is not sw enabled
  ALSA: seq: Fix potential concurrent access to the deleted pool
  ALSA: line6: Fix memory leak at line6_init_pcm() error path
  mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
  tcp: make sure EPOLLOUT wont be missed
  net/smc: make sure EPOLLOUT is raised
  ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
  ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
  tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
  drm/tilcdc: Register cpufreq notifier after we have initialized crtc
  scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
  drm/bridge: tfp410: fix memleak in get_modes()
  watchdog: bcm2835_wdt: Fix module autoload
  tools: hv: fix KVP and VSS daemons exit code
  usb: host: fotg2: restart hcd after port reset
  drm/ast: Fixed reboot test may cause system hanged
  i2c: emev2: avoid race when unregistering slave client
  i2c: rcar: avoid race when unregistering slave client
  xen/blkback: fix memory leaks
  usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt
  usb: gadget: composite: Clear "suspended" on reset/disconnect
  iommu/dma: Handle SG length overflow better
  auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach
  dmaengine: ste_dma40: fix unneeded variable warning
  ANDROID: sched: Disallow WALT with CFS bandwidth control
  ANDROID: fiq_debugger: remove

Conflicts:
	drivers/base/core.c
	drivers/staging/android/fiq_debugger/fiq_debugger.c
	drivers/usb/gadget/function/f_mass_storage.c
	sound/usb/mixer.c

Change-Id: Ifae45fc2fc7e7a777d77faacc1b3b88e371097df
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-09-30 03:33:08 -07:00
Greg Kroah-Hartman
8ae37de3fa This is the 4.14.146 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2FsgQACgkQONu9yGCS
 aT5cqBAAt79gKhHGSTQc3bIo64G1y2lzab0hY63M+8sReTqUmNX78I2UqoDBkPvS
 TM5S9445v7GbpnUYJcxO9TXFkoAILI33GG+Qwod3rG9wEOhd6gp1t4dom1Q8acKW
 x1kGze7gt63VGGWLXnXNf8ua8QqBqmMHxkALuDBh3AWgERm4CRSmUR5oTMmA582o
 WD5E/mPqMl5GFtI3Tl7f9K8B1760brtlqcYDYpItxjXjRIaKYMgrOIeB0rer0FwE
 QX7P2Q8QWEuFAhkvZhRSKazjYpBMsdEwp8aUMD4FGvwauoE9qjY01WbZoSqtqT6f
 1NmV7pDdt1+43T9udwbUZVNgAOTXdDFdeWdMsn7W7J2A9yhqGFr2NCeChcuHu9c7
 Qlg8tvbhSCODv8a/+9RAg8hd4iDSbkGCP8DUIYTIsUc7/D2BGjKkWdMEfq7cXUZN
 kp8RmhQSwuvwDxGshVQ9oEXO+7UE2qdyw6rV4UlNJ2SQU5eprBdW5QGAYcfv9XcC
 m9QVyGP3lWgy5HFev90cl+vQcCyxZqZln0F7/35IQvPlwy6uxmYIjSacH8VZQHAo
 qP0Fr3P/5GtEpHnDdUMgELQEa0xE8tlsa/8XptZu9AK/7cPbCprQMOLDzagnloNW
 urtlav2YwFwJiSd5h2lqANBLPKdLh98WhGpukJQR+Onb7Ji0aPc=
 =5DVD
 -----END PGP SIGNATURE-----

Merge 4.14.146 into android-4.14

Changes in 4.14.146
	HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
	Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
	powerpc/mm/radix: Use the right page size for vmemmap mapping
	USB: usbcore: Fix slab-out-of-bounds bug during device reset
	phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
	media: tm6000: double free if usb disconnect while streaming
	xen-netfront: do not assume sk_buff_head list is empty in error handling
	net_sched: let qdisc_put() accept NULL pointer
	KVM: coalesced_mmio: add bounds checking
	firmware: google: check if size is valid when decoding VPD data
	serial: sprd: correct the wrong sequence of arguments
	tty/serial: atmel: reschedule TX after RX was started
	mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
	nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
	ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
	s390/bpf: fix lcgr instruction encoding
	ARM: OMAP2+: Fix omap4 errata warning on other SoCs
	ARM: dts: dra74x: Fix iodelay configuration for mmc3
	s390/bpf: use 32-bit index for tail calls
	fpga: altera-ps-spi: Fix getting of optional confd gpio
	netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
	NFSv4: Fix return values for nfs4_file_open()
	NFSv4: Fix return value in nfs_finish_open()
	NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
	Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
	qed: Add cleanup in qed_slowpath_start()
	ARM: 8874/1: mm: only adjust sections of valid mm structures
	batman-adv: Only read OGM2 tvlv_len after buffer len check
	r8152: Set memory to all 0xFFs on failed reg reads
	x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
	netfilter: nf_conntrack_ftp: Fix debug output
	NFSv2: Fix eof handling
	NFSv2: Fix write regression
	kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol
	cifs: set domainName when a domain-key is used in multiuser
	cifs: Use kzfree() to zero out the password
	ARM: 8901/1: add a criteria for pfn_valid of arm
	sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
	i2c: designware: Synchronize IRQs when unregistering slave client
	perf/x86/intel: Restrict period on Nehalem
	perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
	amd-xgbe: Fix error path in xgbe_mod_init()
	tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2
	tools/power x86_energy_perf_policy: Fix argument parsing
	tools/power turbostat: fix buffer overrun
	net: seeq: Fix the function used to release some memory in an error handling path
	dmaengine: ti: dma-crossbar: Fix a memory leak bug
	dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
	x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
	x86/hyper-v: Fix overflow bug in fill_gva_list()
	keys: Fix missing null pointer check in request_key_auth_describe()
	iommu/amd: Flush old domains in kdump kernel
	iommu/amd: Fix race in increase_address_space()
	PCI: kirin: Fix section mismatch warning
	floppy: fix usercopy direction
	binfmt_elf: move brk out of mmap when doing direct loader exec
	tcp: Reset send_head when removing skb from write-queue
	tcp: Don't dequeue SYN/FIN-segments from write-queue
	media: technisat-usb2: break out of loop at end of buffer
	Linux 4.14.146

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-09-21 07:56:57 +02:00
Greg Kroah-Hartman
a3d62590ae This is the 4.14.146 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2FsgQACgkQONu9yGCS
 aT5cqBAAt79gKhHGSTQc3bIo64G1y2lzab0hY63M+8sReTqUmNX78I2UqoDBkPvS
 TM5S9445v7GbpnUYJcxO9TXFkoAILI33GG+Qwod3rG9wEOhd6gp1t4dom1Q8acKW
 x1kGze7gt63VGGWLXnXNf8ua8QqBqmMHxkALuDBh3AWgERm4CRSmUR5oTMmA582o
 WD5E/mPqMl5GFtI3Tl7f9K8B1760brtlqcYDYpItxjXjRIaKYMgrOIeB0rer0FwE
 QX7P2Q8QWEuFAhkvZhRSKazjYpBMsdEwp8aUMD4FGvwauoE9qjY01WbZoSqtqT6f
 1NmV7pDdt1+43T9udwbUZVNgAOTXdDFdeWdMsn7W7J2A9yhqGFr2NCeChcuHu9c7
 Qlg8tvbhSCODv8a/+9RAg8hd4iDSbkGCP8DUIYTIsUc7/D2BGjKkWdMEfq7cXUZN
 kp8RmhQSwuvwDxGshVQ9oEXO+7UE2qdyw6rV4UlNJ2SQU5eprBdW5QGAYcfv9XcC
 m9QVyGP3lWgy5HFev90cl+vQcCyxZqZln0F7/35IQvPlwy6uxmYIjSacH8VZQHAo
 qP0Fr3P/5GtEpHnDdUMgELQEa0xE8tlsa/8XptZu9AK/7cPbCprQMOLDzagnloNW
 urtlav2YwFwJiSd5h2lqANBLPKdLh98WhGpukJQR+Onb7Ji0aPc=
 =5DVD
 -----END PGP SIGNATURE-----

Merge 4.14.146 into android-4.14-q

Changes in 4.14.146
	HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
	Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
	powerpc/mm/radix: Use the right page size for vmemmap mapping
	USB: usbcore: Fix slab-out-of-bounds bug during device reset
	phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
	media: tm6000: double free if usb disconnect while streaming
	xen-netfront: do not assume sk_buff_head list is empty in error handling
	net_sched: let qdisc_put() accept NULL pointer
	KVM: coalesced_mmio: add bounds checking
	firmware: google: check if size is valid when decoding VPD data
	serial: sprd: correct the wrong sequence of arguments
	tty/serial: atmel: reschedule TX after RX was started
	mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
	nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
	ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
	s390/bpf: fix lcgr instruction encoding
	ARM: OMAP2+: Fix omap4 errata warning on other SoCs
	ARM: dts: dra74x: Fix iodelay configuration for mmc3
	s390/bpf: use 32-bit index for tail calls
	fpga: altera-ps-spi: Fix getting of optional confd gpio
	netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
	NFSv4: Fix return values for nfs4_file_open()
	NFSv4: Fix return value in nfs_finish_open()
	NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
	Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
	qed: Add cleanup in qed_slowpath_start()
	ARM: 8874/1: mm: only adjust sections of valid mm structures
	batman-adv: Only read OGM2 tvlv_len after buffer len check
	r8152: Set memory to all 0xFFs on failed reg reads
	x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
	netfilter: nf_conntrack_ftp: Fix debug output
	NFSv2: Fix eof handling
	NFSv2: Fix write regression
	kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol
	cifs: set domainName when a domain-key is used in multiuser
	cifs: Use kzfree() to zero out the password
	ARM: 8901/1: add a criteria for pfn_valid of arm
	sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
	i2c: designware: Synchronize IRQs when unregistering slave client
	perf/x86/intel: Restrict period on Nehalem
	perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
	amd-xgbe: Fix error path in xgbe_mod_init()
	tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2
	tools/power x86_energy_perf_policy: Fix argument parsing
	tools/power turbostat: fix buffer overrun
	net: seeq: Fix the function used to release some memory in an error handling path
	dmaengine: ti: dma-crossbar: Fix a memory leak bug
	dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
	x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
	x86/hyper-v: Fix overflow bug in fill_gva_list()
	keys: Fix missing null pointer check in request_key_auth_describe()
	iommu/amd: Flush old domains in kdump kernel
	iommu/amd: Fix race in increase_address_space()
	PCI: kirin: Fix section mismatch warning
	floppy: fix usercopy direction
	binfmt_elf: move brk out of mmap when doing direct loader exec
	tcp: Reset send_head when removing skb from write-queue
	tcp: Don't dequeue SYN/FIN-segments from write-queue
	media: technisat-usb2: break out of loop at end of buffer
	Linux 4.14.146

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-09-21 07:56:17 +02:00
Hillf Danton
f441778096 keys: Fix missing null pointer check in request_key_auth_describe() 
[ Upstream commit d41a3effbb53b1bcea41e328d16a4d046a508381 ]

If a request_key authentication token key gets revoked, there's a window in
which request_key_auth_describe() can see it with a NULL payload - but it
makes no check for this and something like the following oops may occur:

	BUG: Kernel NULL pointer dereference at 0x00000038
	Faulting instruction address: 0xc0000000004ddf30
	Oops: Kernel access of bad area, sig: 11 [#1]
	...
	NIP [...] request_key_auth_describe+0x90/0xd0
	LR [...] request_key_auth_describe+0x54/0xd0
	Call Trace:
	[...] request_key_auth_describe+0x54/0xd0 (unreliable)
	[...] proc_keys_show+0x308/0x4c0
	[...] seq_read+0x3d0/0x540
	[...] proc_reg_read+0x90/0x110
	[...] __vfs_read+0x3c/0x70
	[...] vfs_read+0xb4/0x1b0
	[...] ksys_read+0x7c/0x130
	[...] system_call+0x5c/0x70

Fix this by checking for a NULL pointer when describing such a key.

Also make the read routine check for a NULL pointer to be on the safe side.

[DH: Modified to not take already-held rcu lock and modified to also check
 in the read routine]

Fixes: 04c567d9313e ("[PATCH] Keys: Fix race between two instantiators of a key")
Reported-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Signed-off-by: Hillf Danton <hdanton@sina.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Sachin Sant <sachinp@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2019-09-21 07:15:45 +02:00
Alexander Potapenko
8a4e1fcd4b BACKPORT: mm: security: introduce init_on_alloc=1 and init_on_free=1 boot options 
Upstream commit 6471384af2a6530696fc0203bafe4de41a23c9ef.

Patch series "add init_on_alloc/init_on_free boot options", v10.

Provide init_on_alloc and init_on_free boot options.

These are aimed at preventing possible information leaks and making the
control-flow bugs that depend on uninitialized values more deterministic.

Enabling either of the options guarantees that the memory returned by the
page allocator and SL[AU]B is initialized with zeroes.  SLOB allocator
isn't supported at the moment, as its emulation of kmem caches complicates
handling of SLAB_TYPESAFE_BY_RCU caches correctly.

Enabling init_on_free also guarantees that pages and heap objects are
initialized right after they're freed, so it won't be possible to access
stale data by using a dangling pointer.

As suggested by Michal Hocko, right now we don't let the heap users to
disable initialization for certain allocations.  There's not enough
evidence that doing so can speed up real-life cases, and introducing ways
to opt-out may result in things going out of control.

This patch (of 2):

The new options are needed to prevent possible information leaks and make
control-flow bugs that depend on uninitialized values more deterministic.

This is expected to be on-by-default on Android and Chrome OS.  And it
gives the opportunity for anyone else to use it under distros too via the
boot args.  (The init_on_free feature is regularly requested by folks
where memory forensics is included in their threat models.)

init_on_alloc=1 makes the kernel initialize newly allocated pages and heap
objects with zeroes.  Initialization is done at allocation time at the
places where checks for __GFP_ZERO are performed.

init_on_free=1 makes the kernel initialize freed pages and heap objects
with zeroes upon their deletion.  This helps to ensure sensitive data
doesn't leak via use-after-free accesses.

Both init_on_alloc=1 and init_on_free=1 guarantee that the allocator
returns zeroed memory.  The two exceptions are slab caches with
constructors and SLAB_TYPESAFE_BY_RCU flag.  Those are never
zero-initialized to preserve their semantics.

Both init_on_alloc and init_on_free default to zero, but those defaults
can be overridden with CONFIG_INIT_ON_ALLOC_DEFAULT_ON and
CONFIG_INIT_ON_FREE_DEFAULT_ON.

If either SLUB poisoning or page poisoning is enabled, those options take
precedence over init_on_alloc and init_on_free: initialization is only
applied to unpoisoned allocations.

Slowdown for the new features compared to init_on_free=0, init_on_alloc=0:

hackbench, init_on_free=1:  +7.62% sys time (st.err 0.74%)
hackbench, init_on_alloc=1: +7.75% sys time (st.err 2.14%)

Linux build with -j12, init_on_free=1:  +8.38% wall time (st.err 0.39%)
Linux build with -j12, init_on_free=1:  +24.42% sys time (st.err 0.52%)
Linux build with -j12, init_on_alloc=1: -0.13% wall time (st.err 0.42%)
Linux build with -j12, init_on_alloc=1: +0.57% sys time (st.err 0.40%)

The slowdown for init_on_free=0, init_on_alloc=0 compared to the baseline
is within the standard error.

The new features are also going to pave the way for hardware memory
tagging (e.g.  arm64's MTE), which will require both on_alloc and on_free
hooks to set the tags for heap objects.  With MTE, tagging will have the
same cost as memory initialization.

Although init_on_free is rather costly, there are paranoid use-cases where
in-memory data lifetime is desired to be minimized.  There are various
arguments for/against the realism of the associated threat models, but
given that we'll need the infrastructure for MTE anyway, and there are
people who want wipe-on-free behavior no matter what the performance cost,
it seems reasonable to include it in this series.

[glider@google.com: v8]
  Link: http://lkml.kernel.org/r/20190626121943.131390-2-glider@google.com
[glider@google.com: v9]
  Link: http://lkml.kernel.org/r/20190627130316.254309-2-glider@google.com
[glider@google.com: v10]
  Link: http://lkml.kernel.org/r/20190628093131.199499-2-glider@google.com
Link: http://lkml.kernel.org/r/20190617151050.92663-2-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Acked-by: Michal Hocko <mhocko@suse.cz>		[page and dmapool parts
Acked-by: James Morris <jamorris@linux.microsoft.com>]
Cc: Christoph Lameter <cl@linux.com>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Sandeep Patil <sspatil@android.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Jann Horn <jannh@google.com>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Removed the drivers/infiniband/core/uverbs_ioctl.c part, which is not in
android-common 4.14 kernel.

Change-Id: I6b5482fcafae89615e1d79879191fb6ce50d56cf
Bug: 138435492
Test: Boot cuttlefish with and without
Test:   CONFIG_INIT_ON_ALLOC_DEFAULT_ON/CONFIG_INIT_ON_FREE_DEFAULT_ON
Test: Boot an ARM64 mobile device with and without
Test:   CONFIG_INIT_ON_ALLOC_DEFAULT_ON/CONFIG_INIT_ON_FREE_DEFAULT_ON
Signed-off-by: Alexander Potapenko <glider@google.com>
 2019-08-28 15:20:59 +02:00
Blagovest Kolenichev
e254102db8 Merge android-4.14-q.137 (8807f63) into msm-4.14 
* refs/heads/tmp-8807f63:
  Linux 4.14.137
  Documentation: Add swapgs description to the Spectre v1 documentation
  x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
  x86/speculation: Enable Spectre v1 swapgs mitigations
  x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
  x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
  x86/cpufeatures: Carve out CQM features retrieval
  x86/vdso: Prevent segfaults due to hoisted vclock reads
  gcc-9: properly declare the {pv,hv}clock_page storage
  objtool: Support GCC 9 cold subfunction naming scheme
  eeprom: at24: make spd world-readable again
  IB/hfi1: Check for error on call to alloc_rsm_map_table
  IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
  IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
  IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
  IB/mlx5: Fix unreg_umr to ignore the mkey state
  xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
  nbd: replace kill_bdev() with __invalidate_device() again
  drivers/perf: arm_pmu: Fix failure path in PM notifier
  parisc: Fix build of compressed kernel even with debug enabled
  s390/dasd: fix endless loop after read unit address configuration
  selinux: fix memory leak in policydb_init()
  IB/hfi1: Fix Spectre v1 vulnerability
  gpiolib: fix incorrect IRQ requesting of an active-low lineevent
  mmc: dw_mmc: Fix occasional hang after tuning on eMMC
  Btrfs: fix race leading to fs corruption after transaction abort
  Btrfs: fix incremental send failure after deduplication
  kbuild: initialize CLANG_FLAGS correctly in the top Makefile
  drm/nouveau: fix memory leak in nouveau_conn_reset()
  x86, boot: Remove multiple copy of static function sanitize_boot_params()
  x86/paravirt: Fix callee-saved function ELF sizes
  x86/kvm: Don't call kvm_spurious_fault() from .fixup
  xen/pv: Fix a boot up hang revealed by int3 self test
  ipc/mqueue.c: only perform resource calculation if user valid
  drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
  uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
  coda: fix build using bare-metal toolchain
  coda: add error handling for fget
  mm/cma.c: fail if fixed declaration can't be honored
  x86: math-emu: Hide clang warnings for 16-bit overflow
  x86/apic: Silence -Wtype-limits compiler warnings
  be2net: Signal that the device cannot transmit during reconfiguration
  ACPI: fix false-positive -Wuninitialized warning
  x86: kvm: avoid constant-conversion warning
  scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
  ACPI: blacklist: fix clang warning for unused DMI table
  ceph: return -ERANGE if virtual xattr value didn't fit in buffer
  ceph: fix improper use of smp_mb__before_atomic()
  cifs: Fix a race condition with cifs_echo_request
  btrfs: fix minimum number of chunk errors for DUP
  fs/adfs: super: fix use-after-free bug
  clk: tegra210: fix PLLU and PLLU_OUT1
  dmaengine: rcar-dmac: Reject zero-length slave DMA requests
  MIPS: lantiq: Fix bitfield masking
  kernel/module.c: Only return -EEXIST for modules that have finished loading
  ftrace: Enable trampoline when rec count returns back to one
  ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
  ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
  ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
  ARM: riscpc: fix DMA
  UPSTREAM: net-ipv6-ndisc: add support for RFC7710 RA Captive Portal Identifier

Change-Id: I6c948e89750f636c606de9b818b19b02f4c96ceb
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-08-07 05:21:29 -07:00
Greg Kroah-Hartman
8807f6363b This is the 4.14.137 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1Js1wACgkQONu9yGCS
 aT7BCg/+OpPQxylhBL9oIJ+bUrt5DWFMJzVOg7cjTOx1+e68nFLUxsr8/naqysXl
 GGHBrVC68fxE9pkVd2fb1sxlhA73yfBKePmxEkCWfDNnTV4ZMYc2YzXJp+x4Git5
 H11N/Yn9y1Yi4efu5WxwOXaGNv8V5YP+ie5EFd/undG8+s03caTzZW+aZliBI5mf
 jl89Gv02FHFReZYmbyx4x14YZhyS6VJnIKzVM4d4nvkug/iDfRv2KiIMdLOIAI33
 qQ2bLeMlPChs4UqcK4SCz/c9wgmcdqm6bsus67DHlTIX2NzQjrvulV/McHHGHmMc
 JJj+EGe0hpuCgAoZNGDR/9fu5yBLunG/oGPZd+jLOAUhy6Usxj0keJHY/3hfwLIm
 +vp0L+SKK2DyPQSxDjajbpUM8+Dt28sTpCZ5Gw3vM1bClnqpxawLdb08Jx9vw1Tu
 5trsaW6YYQxfNUNBYv3AoHGOncq1tf0Wss/K/xp9oI/bUZnmce9XGQQW4umY1Zz3
 KKVWDTUKY4/fZuqQFLcWRL7SR6fb+i9fpCBHO4qjNQqjPf9L+p1DbZP+0+WMDuQv
 9oPJRMbX/8BevAr7RTA6Shd0lO4bsOgKrCQg3sdr7UyD74hhkfuFQp/cLxVekLtQ
 /5ZlJbAvTAxGiSL8jvSCO+IH3gWFNMvzTJAoWEobU5ln3oSs1wg=
 =vvRS
 -----END PGP SIGNATURE-----

Merge 4.14.137 into android-4.14-q

Changes in 4.14.137
	ARM: riscpc: fix DMA
	ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
	ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
	ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
	ftrace: Enable trampoline when rec count returns back to one
	kernel/module.c: Only return -EEXIST for modules that have finished loading
	MIPS: lantiq: Fix bitfield masking
	dmaengine: rcar-dmac: Reject zero-length slave DMA requests
	clk: tegra210: fix PLLU and PLLU_OUT1
	fs/adfs: super: fix use-after-free bug
	btrfs: fix minimum number of chunk errors for DUP
	cifs: Fix a race condition with cifs_echo_request
	ceph: fix improper use of smp_mb__before_atomic()
	ceph: return -ERANGE if virtual xattr value didn't fit in buffer
	ACPI: blacklist: fix clang warning for unused DMI table
	scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
	x86: kvm: avoid constant-conversion warning
	ACPI: fix false-positive -Wuninitialized warning
	be2net: Signal that the device cannot transmit during reconfiguration
	x86/apic: Silence -Wtype-limits compiler warnings
	x86: math-emu: Hide clang warnings for 16-bit overflow
	mm/cma.c: fail if fixed declaration can't be honored
	coda: add error handling for fget
	coda: fix build using bare-metal toolchain
	uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
	drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
	ipc/mqueue.c: only perform resource calculation if user valid
	xen/pv: Fix a boot up hang revealed by int3 self test
	x86/kvm: Don't call kvm_spurious_fault() from .fixup
	x86/paravirt: Fix callee-saved function ELF sizes
	x86, boot: Remove multiple copy of static function sanitize_boot_params()
	drm/nouveau: fix memory leak in nouveau_conn_reset()
	kbuild: initialize CLANG_FLAGS correctly in the top Makefile
	Btrfs: fix incremental send failure after deduplication
	Btrfs: fix race leading to fs corruption after transaction abort
	mmc: dw_mmc: Fix occasional hang after tuning on eMMC
	gpiolib: fix incorrect IRQ requesting of an active-low lineevent
	IB/hfi1: Fix Spectre v1 vulnerability
	selinux: fix memory leak in policydb_init()
	s390/dasd: fix endless loop after read unit address configuration
	parisc: Fix build of compressed kernel even with debug enabled
	drivers/perf: arm_pmu: Fix failure path in PM notifier
	nbd: replace kill_bdev() with __invalidate_device() again
	xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
	IB/mlx5: Fix unreg_umr to ignore the mkey state
	IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
	IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
	IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
	IB/hfi1: Check for error on call to alloc_rsm_map_table
	eeprom: at24: make spd world-readable again
	objtool: Support GCC 9 cold subfunction naming scheme
	gcc-9: properly declare the {pv,hv}clock_page storage
	x86/vdso: Prevent segfaults due to hoisted vclock reads
	x86/cpufeatures: Carve out CQM features retrieval
	x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
	x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
	x86/speculation: Enable Spectre v1 swapgs mitigations
	x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
	Documentation: Add swapgs description to the Spectre v1 documentation
	Linux 4.14.137

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-08-06 19:18:05 +02:00
Greg Kroah-Hartman
b9cd593b1b This is the 4.14.137 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1Js1wACgkQONu9yGCS
 aT7BCg/+OpPQxylhBL9oIJ+bUrt5DWFMJzVOg7cjTOx1+e68nFLUxsr8/naqysXl
 GGHBrVC68fxE9pkVd2fb1sxlhA73yfBKePmxEkCWfDNnTV4ZMYc2YzXJp+x4Git5
 H11N/Yn9y1Yi4efu5WxwOXaGNv8V5YP+ie5EFd/undG8+s03caTzZW+aZliBI5mf
 jl89Gv02FHFReZYmbyx4x14YZhyS6VJnIKzVM4d4nvkug/iDfRv2KiIMdLOIAI33
 qQ2bLeMlPChs4UqcK4SCz/c9wgmcdqm6bsus67DHlTIX2NzQjrvulV/McHHGHmMc
 JJj+EGe0hpuCgAoZNGDR/9fu5yBLunG/oGPZd+jLOAUhy6Usxj0keJHY/3hfwLIm
 +vp0L+SKK2DyPQSxDjajbpUM8+Dt28sTpCZ5Gw3vM1bClnqpxawLdb08Jx9vw1Tu
 5trsaW6YYQxfNUNBYv3AoHGOncq1tf0Wss/K/xp9oI/bUZnmce9XGQQW4umY1Zz3
 KKVWDTUKY4/fZuqQFLcWRL7SR6fb+i9fpCBHO4qjNQqjPf9L+p1DbZP+0+WMDuQv
 9oPJRMbX/8BevAr7RTA6Shd0lO4bsOgKrCQg3sdr7UyD74hhkfuFQp/cLxVekLtQ
 /5ZlJbAvTAxGiSL8jvSCO+IH3gWFNMvzTJAoWEobU5ln3oSs1wg=
 =vvRS
 -----END PGP SIGNATURE-----

Merge 4.14.137 into android-4.14

Changes in 4.14.137
	ARM: riscpc: fix DMA
	ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
	ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
	ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
	ftrace: Enable trampoline when rec count returns back to one
	kernel/module.c: Only return -EEXIST for modules that have finished loading
	MIPS: lantiq: Fix bitfield masking
	dmaengine: rcar-dmac: Reject zero-length slave DMA requests
	clk: tegra210: fix PLLU and PLLU_OUT1
	fs/adfs: super: fix use-after-free bug
	btrfs: fix minimum number of chunk errors for DUP
	cifs: Fix a race condition with cifs_echo_request
	ceph: fix improper use of smp_mb__before_atomic()
	ceph: return -ERANGE if virtual xattr value didn't fit in buffer
	ACPI: blacklist: fix clang warning for unused DMI table
	scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
	x86: kvm: avoid constant-conversion warning
	ACPI: fix false-positive -Wuninitialized warning
	be2net: Signal that the device cannot transmit during reconfiguration
	x86/apic: Silence -Wtype-limits compiler warnings
	x86: math-emu: Hide clang warnings for 16-bit overflow
	mm/cma.c: fail if fixed declaration can't be honored
	coda: add error handling for fget
	coda: fix build using bare-metal toolchain
	uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
	drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
	ipc/mqueue.c: only perform resource calculation if user valid
	xen/pv: Fix a boot up hang revealed by int3 self test
	x86/kvm: Don't call kvm_spurious_fault() from .fixup
	x86/paravirt: Fix callee-saved function ELF sizes
	x86, boot: Remove multiple copy of static function sanitize_boot_params()
	drm/nouveau: fix memory leak in nouveau_conn_reset()
	kbuild: initialize CLANG_FLAGS correctly in the top Makefile
	Btrfs: fix incremental send failure after deduplication
	Btrfs: fix race leading to fs corruption after transaction abort
	mmc: dw_mmc: Fix occasional hang after tuning on eMMC
	gpiolib: fix incorrect IRQ requesting of an active-low lineevent
	IB/hfi1: Fix Spectre v1 vulnerability
	selinux: fix memory leak in policydb_init()
	s390/dasd: fix endless loop after read unit address configuration
	parisc: Fix build of compressed kernel even with debug enabled
	drivers/perf: arm_pmu: Fix failure path in PM notifier
	nbd: replace kill_bdev() with __invalidate_device() again
	xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
	IB/mlx5: Fix unreg_umr to ignore the mkey state
	IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
	IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
	IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
	IB/hfi1: Check for error on call to alloc_rsm_map_table
	eeprom: at24: make spd world-readable again
	objtool: Support GCC 9 cold subfunction naming scheme
	gcc-9: properly declare the {pv,hv}clock_page storage
	x86/vdso: Prevent segfaults due to hoisted vclock reads
	x86/cpufeatures: Carve out CQM features retrieval
	x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
	x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
	x86/speculation: Enable Spectre v1 swapgs mitigations
	x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
	Documentation: Add swapgs description to the Spectre v1 documentation
	Linux 4.14.137

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-08-06 19:15:25 +02:00
Ondrej Mosnacek
9e5928f844 selinux: fix memory leak in policydb_init() 
commit 45385237f65aeee73641f1ef737d7273905a233f upstream.

Since roles_init() adds some entries to the role hash table, we need to
destroy also its keys/values on error, otherwise we get a memory leak in
the error path.

Cc: <stable@vger.kernel.org>
Reported-by: syzbot+fee3a14d4cdf92646287@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2019-08-06 19:05:26 +02:00
Blagovest Kolenichev
6712204dee Merge android-4.14.130 (fe57a37) into msm-4.14 
* refs/heads/tmp-fe57a37:
  Revert "scsi: ufs: Avoid runtime suspend possibly being blocked forever"
  Linux 4.14.130
  mac80211: Do not use stack memory with scatterlist for GMAC
  mac80211: handle deauthentication/disassociation from TDLS peer
  mac80211: drop robust management frames from unknown TA
  cfg80211: fix memory leak of wiphy device name
  SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
  Bluetooth: Fix regression with minimum encryption key size alignment
  Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
  ARM: dts: am57xx-idk: Remove support for voltage switching for SD card
  ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
  powerpc/bpf: use unsigned division instruction for 64-bit operations
  can: purge socket error queue on sock destruct
  can: flexcan: fix timeout when set small bitrate
  btrfs: start readahead also in seed devices
  nvme: Fix u32 overflow in the number of namespace list calculation
  hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
  hwmon: (core) add thermal sensors only if dev->of_node is present
  s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
  net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set
  scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous()
  scsi: ufs: Check that space was properly alloced in copy_query_response
  scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
  drm/arm/hdlcd: Allow a bit of clock tolerance
  drm/arm/hdlcd: Actually validate CRTC modes
  net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled
  net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
  sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
  mdesc: fix a missing-check bug in get_vdev_port_node_info()
  net: hns: Fix loopback test failed at copper ports
  net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
  xtensa: Fix section mismatch between memblock_reserve and mem_reserve
  MIPS: uprobes: remove set but not used variable 'epc'
  IB/hfi1: Validate page aligned for a given virtual address
  IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
  IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
  IB/rdmavt: Fix alloc_qpn() WARN_ON()
  parisc: Fix compiler warnings in float emulation code
  parport: Fix mem leak in parport_register_dev_model
  ARC: [plat-hsdk]: Add missing FIFO size entry in GMAC node
  ARC: [plat-hsdk]: Add missing multicast filter bins number to GMAC node
  ARC: fix build warnings
  apparmor: enforce nullbyte at end of tag string
  Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
  Input: synaptics - enable SMBus on ThinkPad E480 and E580
  IB/hfi1: Silence txreq allocation warnings
  usb: chipidea: udc: workaround for endpoint conflict issue
  scsi: ufs: Avoid runtime suspend possibly being blocked forever
  mmc: core: Prevent processing SDIO IRQs when the card is suspended
  net: phy: broadcom: Use strlcpy() for ethtool::get_strings
  gcc-9: silence 'address-of-packed-member' warning
  objtool: Support per-function rodata sections
  tracing: Silence GCC 9 array bounds warning

Conflicts:
	drivers/mmc/core/sdio.c

Change-Id: I492acf245c858e5fa16d727813fa9935c7b45c9f
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-07-23 11:00:55 -07:00
Blagovest Kolenichev
d6c7df0d69 Merge android-4.14.128 (334aa9b) into msm-4.14 
* refs/heads/tmp-334aa9b:
  Linux 4.14.128
  rtc: pcf8523: don't return invalid date when battery is low
  x86/kasan: Fix boot with 5-level paging and KASAN
  x86/microcode, cpuhotplug: Add a microcode loader CPU hotplug callback
  RAS/CEC: Fix binary search function
  USB: serial: option: add Telit 0x1260 and 0x1261 compositions
  USB: serial: option: add support for Simcom SIM7500/SIM7600 RNDIS mode
  USB: serial: pl2303: add Allied Telesis VT-Kit3
  USB: usb-storage: Add new ID to ums-realtek
  USB: Fix chipmunk-like voice when using Logitech C270 for recording audio.
  usb: dwc2: host: Fix wMaxPacketSize handling (fix webcam regression)
  usb: dwc2: Fix DMA cache alignment issues
  drm/vmwgfx: NULL pointer dereference from vmw_cmd_dx_view_define()
  drm/vmwgfx: integer underflow in vmw_cmd_dx_set_shader() leading to an invalid read
  KVM: s390: fix memory slot handling for KVM_SET_USER_MEMORY_REGION
  KVM: x86/pmu: do not mask the value that is written to fixed PMUs
  usbnet: ipheth: fix racing condition
  selftests/timers: Add missing fflush(stdout) calls
  libnvdimm: Fix compilation warnings with W=1
  scsi: bnx2fc: fix incorrect cast to u64 on shift operation
  platform/x86: pmc_atom: Add several Beckhoff Automation boards to critclk_systems DMI table
  platform/x86: pmc_atom: Add Lex 3I380D industrial PC to critclk_systems DMI table
  nvme: remove the ifdef around nvme_nvm_ioctl
  arm64/mm: Inhibit huge-vmap with ptdump
  scsi: lpfc: add check for loss of ndlp when sending RRQ
  scsi: qedi: remove set but not used variables 'cdev' and 'udev'
  scsi: qedi: remove memset/memcpy to nfunc and use func instead
  Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var
  s390/kasan: fix strncpy_from_user kasan checks
  Revert "ALSA: seq: Protect in-kernel ioctl calls with mutex"
  ALSA: seq: Fix race of get-subscription call vs port-delete ioctls
  ALSA: seq: Protect in-kernel ioctl calls with mutex
  x86/uaccess, kcov: Disable stack protector
  drm/i915/sdvo: Implement proper HDMI audio support for SDVO
  ASoC: fsl_asrc: Fix the issue about unsupported rate
  ASoC: cs42xx8: Add regcache mask dirty
  cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css()
  bcache: fix stack corruption by PRECEDING_KEY()
  i2c: acorn: fix i2c warning
  iommu/arm-smmu: Avoid constant zero in TLBI writes
  media: v4l2-ioctl: clear fields in s_parm
  ptrace: restore smp_rmb() in __ptrace_may_access()
  signal/ptrace: Don't leak unitialized kernel memory with PTRACE_PEEK_SIGINFO
  mm/vmscan.c: fix trying to reclaim unevictable LRU page
  fs/ocfs2: fix race in ocfs2_dentry_attach_lock()
  mm/list_lru.c: fix memory leak in __memcg_init_list_lru_node
  libata: Extend quirks for the ST1000LM024 drives with NOLPM quirk
  ALSA: firewire-motu: fix destruction of data for isochronous resources
  ALSA: hda/realtek - Update headset mode for ALC256
  ALSA: oxfw: allow PCM capture for Stanton SCS.1m
  HID: wacom: Sync INTUOSP2_BT touch state after each frame if necessary
  HID: wacom: Correct button numbering 2nd-gen Intuos Pro over Bluetooth
  nouveau: Fix build with CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT disabled
  drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)
  ANDROID: kernel: cgroup: cpuset: Clear cpus_requested for empty buf
  ANDROID: kernel: cgroup: cpuset: Add missing allocation of cpus_requested in alloc_trial_cpuset
  BACKPORT: security: Implement Clang's stack initialization
  BACKPORT: security: Create "kernel hardening" config area

Change-Id: I486d2f64b7c34a2d23bde24b7c8c01caae6a1611
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-07-23 11:00:42 -07:00
Blagovest Kolenichev
d545a613b5 Merge android-4.14.124 (225970c) into msm-4.14 
* refs/heads/tmp-225970c:
  Linux 4.14.124
  media: uvcvideo: Fix uvc_alloc_entity() allocation alignment
  binder: fix race between munmap() and direct reclaim
  Revert "binder: fix handling of misaligned binder object"
  Revert "x86/build: Move _etext to actual end of .text"
  include/linux/module.h: copy __init/__exit attrs to init/cleanup_module
  Compiler Attributes: add support for __copy (gcc >= 9)
  drm/rockchip: shutdown drm subsystem on shutdown
  drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set
  gcc-plugins: Fix build failures under Darwin host
  Revert "lockd: Show pid of lockd for remote locks"
  CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM
  staging: wlan-ng: fix adapter initialization failure
  staging: vc04_services: prevent integer overflow in create_pagelist()
  serial: sh-sci: disable DMA for uart_console
  ima: show rules with IMA_INMASK correctly
  doc: Cope with Sphinx logging deprecations
  doc: Cope with the deprecation of AutoReporter
  docs: Fix conf.py for Sphinx 2.0
  kernel/signal.c: trace_signal_deliver when signal_group_exit
  memcg: make it work on sparse non-0-node systems
  tty: max310x: Fix external crystal register setup
  tty: serial: msm_serial: Fix XON/XOFF
  drm/nouveau/i2c: Disable i2c bus access after ->fini()
  KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID
  ALSA: hda/realtek - Set default power save node to 0
  powerpc/perf: Fix MMCRA corruption by bhrb_filter
  KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts
  Btrfs: incremental send, fix file corruption when no-holes feature is enabled
  Btrfs: fix fsync not persisting changed attributes of a directory
  Btrfs: fix race updating log root item during fsync
  Btrfs: fix wrong ctime and mtime of a directory after log replay
  scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs)
  scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove
  media: smsusb: better handle optional alignment
  media: usb: siano: Fix false-positive "uninitialized variable" warning
  media: usb: siano: Fix general protection fault in smsusb
  USB: rio500: fix memory leak in close after disconnect
  USB: rio500: refuse more than one device at a time
  USB: Add LPM quirk for Surface Dock GigE adapter
  USB: sisusbvga: fix oops in error path of sisusb_probe
  USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor
  usbip: usbip_host: fix stub_dev lock context imbalance regression
  usbip: usbip_host: fix BUG: sleeping function called from invalid context
  usb: xhci: avoid null pointer deref when bos field is NULL
  xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic()
  xhci: Use %zu for printing size_t type
  xhci: update bounce buffer with correct sg num
  include/linux/bitops.h: sanitize rotate primitives
  sparc64: Fix regression in non-hypervisor TLB flush xcall
  tipc: fix modprobe tipc failed after switch order of device registration
  Revert "tipc: fix modprobe tipc failed after switch order of device registration"
  xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
  crypto: vmx - ghash: do nosimd fallback manually
  net: phy: marvell10g: report if the PHY fails to boot firmware
  net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
  net: mvneta: Fix err code path of probe
  net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
  ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
  ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
  bnxt_en: Fix aggregation buffer leak under OOM condition.
  net/mlx5: Allocate root ns memory using kzalloc to match kfree
  tipc: Avoid copying bytes beyond the supplied data
  usbnet: fix kernel crash after disconnect
  net: stmmac: fix reset gpio free missing
  net-gro: fix use-after-free read in napi_gro_frags()
  net: fec: fix the clk mismatch in failed_reset path
  llc: fix skb leak in llc_build_and_send_ui_pkt()
  ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
  inet: switch IP ID generator to siphash
  ANDROID: uid_sys_stats: report uid_cputime stats in microseconds
  Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
  Revert "UPSTREAM: fib_rules: fix error in backport of e9919a24d302 ("fib_rules: return 0...")"
  Revert "x86/build: Move _etext to actual end of .text"

Change-Id: I98ae54fff61393636d3f0828e32d87424b377c1f
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-07-23 11:00:15 -07:00
Blagovest Kolenichev
7e722ce705 Merge android-4.14.123 (acd501f) into msm-4.14 
* refs/heads/tmp-acd501f:
  Revert "arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable"
  Linux 4.14.123
  NFS: Fix a double unlock from nfs_match,get_client
  vfio-ccw: Prevent quiesce function going into an infinite loop
  drm: Wake up next in drm_read() chain if we are forced to putback the event
  drm/drv: Hold ref on parent device during drm_device lifetime
  ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
  spi: Fix zero length xfer bug
  spi: rspi: Fix sequencer reset during initialization
  spi : spi-topcliff-pch: Fix to handle empty DMA buffers
  scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
  media: saa7146: avoid high stack usage with clang
  scsi: lpfc: Fix fc4type information for FDMI
  scsi: lpfc: Fix FDMI manufacturer attribute value
  media: vimc: zero the media_device on probe
  media: go7007: avoid clang frame overflow warning with KASAN
  media: vimc: stream: fix thread state before sleep
  media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
  thunderbolt: Fix to check for kmemdup failure
  hwrng: omap - Set default quality
  dmaengine: tegra210-adma: use devm_clk_*() helpers
  batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
  scsi: qla4xxx: avoid freeing unallocated dma memory
  usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
  rcuperf: Fix cleanup path for invalid perf_type strings
  rcutorture: Fix cleanup path for invalid torture_type strings
  x86/mce: Fix machine_check_poll() tests for error types
  tty: ipwireless: fix missing checks for ioremap
  virtio_console: initialize vtermno value for ports
  scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check
  media: wl128x: prevent two potential buffer overflows
  media: video-mux: fix null pointer dereferences
  kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
  spi: tegra114: reset controller on probe
  HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent
  cxgb3/l2t: Fix undefined behaviour
  ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
  ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
  HID: core: move Usage Page concatenation to Main item
  RDMA/hns: Fix bad endianess of port_pd variable
  chardev: add additional check for minor range overlap
  x86/ia32: Fix ia32_restore_sigcontext() AC leak
  x86/uaccess, signal: Fix AC=1 bloat
  x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP
  arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
  scsi: ufs: Avoid configuring regulator with undefined voltage range
  scsi: ufs: Fix regulator load and icc-level configuration
  rtlwifi: fix potential NULL pointer dereference
  rtc: xgene: fix possible race condition
  brcmfmac: fix Oops when bringing up interface during USB disconnect
  brcmfmac: fix race during disconnect when USB completion is in progress
  brcmfmac: fix WARNING during USB disconnect in case of unempty psq
  brcmfmac: convert dev_init_lock mutex to completion
  b43: shut up clang -Wuninitialized variable warning
  brcmfmac: fix missing checks for kmemdup
  mwifiex: Fix mem leak in mwifiex_tm_cmd
  rtlwifi: fix a potential NULL pointer dereference
  iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
  iio: hmc5843: fix potential NULL pointer dereferences
  iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
  x86/build: Keep local relocations with ld.lld
  block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR
  cpufreq: kirkwood: fix possible object reference leak
  cpufreq: pmac32: fix possible object reference leak
  cpufreq/pasemi: fix possible object reference leak
  cpufreq: ppc_cbe: fix possible object reference leak
  s390: cio: fix cio_irb declaration
  x86/microcode: Fix the ancient deprecated microcode loading method
  s390: zcrypt: initialize variables before_use
  clk: rockchip: Make rkpwm a critical clock on rk3288
  extcon: arizona: Disable mic detect if running when driver is removed
  clk: rockchip: Fix video codec clocks on rk3288
  PM / core: Propagate dev->power.wakeup_path when no callbacks
  drm/amdgpu: fix old fence check in amdgpu_fence_emit
  mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
  mmc: sdhci-of-esdhc: add erratum A-009204 support
  mmc: sdhci-of-esdhc: add erratum eSDHC5 support
  mmc_spi: add a status check for spi_sync_locked
  mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
  scsi: libsas: Do discovery on empty PHY to update PHY info
  hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
  hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
  hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
  hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
  hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
  RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
  arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
  i40e: don't allow changes to HW VLAN stripping on active port VLANs
  i40e: Able to add up to 16 MAC filters on an untrusted VF
  phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
  x86/irq/64: Limit IST stack overflow check to #DB stack
  USB: core: Don't unbind interfaces following device reset failure
  drm/msm: a5xx: fix possible object reference leak
  sched/core: Handle overflow in cpu_shares_write_u64
  sched/rt: Check integer overflow at usec to nsec conversion
  sched/core: Check quota and period overflow at usec to nsec conversion
  cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
  random: add a spinlock_t to struct batched_entropy
  powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
  powerpc/numa: improve control of topology updates
  media: pvrusb2: Prevent a buffer overflow
  media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
  media: stm32-dcmi: fix crash when subdev do not expose any formats
  audit: fix a memory leak bug
  media: ov2659: make S_FMT succeed even if requested format doesn't match
  media: au0828: stop video streaming only when last user stops
  media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
  media: coda: clear error return value before picture run
  dmaengine: at_xdmac: remove BUG_ON macro in tasklet
  clk: rockchip: undo several noc and special clocks as critical on rk3288
  pinctrl: samsung: fix leaked of_node references
  pinctrl: pistachio: fix leaked of_node references
  HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
  mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
  x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
  smpboot: Place the __percpu annotation correctly
  x86/build: Move _etext to actual end of .text
  vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
  vfio-ccw: Do not call flush_workqueue while holding the spinlock
  bcache: avoid clang -Wunintialized warning
  bcache: add failure check to run_cache_set() for journal replay
  bcache: fix failure in journal relplay
  bcache: return error immediately in bch_journal_replay()
  crypto: sun4i-ss - Fix invalid calculation of hash end
  net: cw1200: fix a NULL pointer dereference
  mwifiex: prevent an array overflow
  ASoC: fsl_sai: Update is_slave_mode with correct value
  libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
  mac80211/cfg80211: update bss channel on channel switch
  dmaengine: pl330: _stop: clear interrupt status
  w1: fix the resume command API
  scsi: qedi: Abort ep termination if offload not scheduled
  rtc: 88pm860x: prevent use-after-free on device remove
  iwlwifi: pcie: don't crash on invalid RX interrupt
  btrfs: Don't panic when we can't find a root key
  btrfs: fix panic during relocation after ENOSPC before writeback happens
  Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
  scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session()
  scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
  scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
  sched/cpufreq: Fix kobject memleak
  arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
  ARM: vdso: Remove dependency with the arch_timer driver internals
  ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
  brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
  spi: pxa2xx: fix SCR (divisor) calculation
  ASoC: imx: fix fiq dependencies
  powerpc/boot: Fix missing check of lseek() return value
  powerpc/perf: Return accordingly on invalid chip-id in
  ASoC: hdmi-codec: unlock the device on startup errors
  pinctrl: zte: fix leaked of_node references
  net: ena: gcc 8: fix compilation warning
  dmaengine: tegra210-dma: free dma controller in remove()
  tools/bpf: fix perf build error with uClibc (seen on ARC)
  mmc: core: Verify SD bus width
  gfs2: Fix occasional glock use-after-free
  IB/hfi1: Fix WQ_MEM_RECLAIM warning
  NFS: make nfs_match_client killable
  cxgb4: Fix error path in cxgb4_init_module
  gfs2: Fix lru_count going negative
  Revert "btrfs: Honour FITRIM range constraints during free space trim"
  net: erspan: fix use-after-free
  at76c50x-usb: Don't register led_trigger if usb_register_driver failed
  batman-adv: mcast: fix multicast tt/tvlv worker locking
  bpf: devmap: fix use-after-free Read in __dev_map_entry_free
  ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
  media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
  media: serial_ir: Fix use-after-free in serial_ir_init_module
  media: cpia2: Fix use-after-free in cpia2_exit
  fbdev: fix WARNING in __alloc_pages_nodemask bug
  btrfs: honor path->skip_locking in backref code
  brcmfmac: add subtype check for event handling in data path
  brcmfmac: assure SSID length from firmware is limited
  hugetlb: use same fault hash key for shared and private mappings
  fbdev: fix divide error in fb_var_to_videomode
  btrfs: sysfs: don't leak memory when failing add fsid
  btrfs: sysfs: Fix error path kobject memory leak
  Btrfs: fix race between ranged fsync and writeback of adjacent ranges
  Btrfs: avoid fallback to transaction commit during fsync of files with holes
  Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
  gfs2: Fix sign extension bug in gfs2_update_stats
  arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
  libnvdimm/namespace: Fix label tracking error
  libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
  kvm: svm/avic: fix off-by-one in checking host APIC ID
  mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
  mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem
  crypto: vmx - CTR: always increment IV as quadword
  Revert "scsi: sd: Keep disk read-only when re-reading partition"
  sbitmap: fix improper use of smp_mb__before_atomic()
  bio: fix improper use of smp_mb__before_atomic()
  KVM: x86: fix return value for reserved EFER
  f2fs: Fix use of number of devices
  ext4: do not delete unlinked inode from orphan list on failed truncate
  x86: Hide the int3_emulate_call/jmp functions from UML
  x86: Hide the int3_emulate_call/jmp functions from UML
  Linux 4.14.122
  fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
  btrfs: Honour FITRIM range constraints during free space trim
  bpf, lru: avoid messing with eviction heuristics upon syscall lookup
  bpf: add map_lookup_elem_sys_only for lookups from syscall side
  driver core: Postpone DMA tear-down until after devres release for probe failure
  md/raid: raid5 preserve the writeback action after the parity check
  Revert "Don't jump to compute_result state from check_result state"
  perf bench numa: Add define for RUSAGE_THREAD if not present
  ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
  x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
  sched/cpufreq: Fix kobject memleak
  iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
  power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG
  KVM: arm/arm64: Ensure vcpu target is unset on reset failure
  mac80211: Fix kernel panic due to use of txq after free
  apparmorfs: fix use-after-free on symlink traversal
  securityfs: fix use-after-free on symlink traversal
  power: supply: cpcap-battery: Fix division by zero
  xfrm4: Fix uninitialized memory read in _decode_session4
  esp4: add length check for UDP encapsulation
  vti4: ipip tunnel deregistration fixes.
  xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
  xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
  dm delay: fix a crash when invalid device is specified
  dm zoned: Fix zone report handling
  dm cache metadata: Fix loading discard bitset
  PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
  PCI: Factor out pcie_retrain_link() function
  PCI: Mark Atheros AR9462 to avoid bus reset
  PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken
  fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
  fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
  fbdev: sm712fb: fix support for 1024x768-16 mode
  fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
  fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
  fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
  fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
  fbdev: sm712fb: fix brightness control on reboot, don't set SR30
  objtool: Allow AR to be overridden with HOSTAR
  perf intel-pt: Fix sample timestamp wrt non-taken branches
  perf intel-pt: Fix improved sample timestamp
  perf intel-pt: Fix instructions sampling rate
  memory: tegra: Fix integer overflow on tick value calculation
  tracing: Fix partial reading of trace event's id file
  ftrace/x86_64: Emulate call function while updating in breakpoint handler
  x86_64: Allow breakpoints to emulate call instructions
  x86_64: Add gap to int3 to allow for call emulation
  ceph: flush dirty inodes before proceeding with remount
  iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
  fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
  fuse: fix writepages on 32bit
  clk: rockchip: fix wrong clock definitions for rk3328
  clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
  clk: hi3660: Mark clk_gate_ufs_subsys as critical
  PNFS fallback to MDS if no deviceid found
  NFS4: Fix v4.0 client state corruption when mount
  Revert "cifs: fix memory leak in SMB2_read"
  media: ov6650: Fix sensor possibly not detected on probe
  cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()
  of: fix clang -Wunsequenced for be32_to_cpu()
  p54: drop device reference count if fails to enable device
  intel_th: msu: Fix single mode with IOMMU
  md: add mddev->pers to avoid potential NULL pointer dereference
  stm class: Fix channel free in stm output free path
  parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code
  parisc: Use PA_ASM_LEVEL in boot code
  parisc: Skip registering LED when running in QEMU
  parisc: Export running_on_qemu symbol for modules
  net: Always descend into dsa/
  vsock/virtio: Initialize core virtio vsock before registering the driver
  tipc: fix modprobe tipc failed after switch order of device registration
  vsock/virtio: free packets during the socket release
  tipc: switch order of device registration to fix a crash
  ppp: deflate: Fix possible crash in deflate_init
  net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
  net: test nouarg before dereferencing zerocopy pointers
  net/mlx4_core: Change the error print to info print
  net: avoid weird emergency message
  f2fs: link f2fs quota ops for sysfile
  Enable CONFIG_ION_SYSTEM_HEAP
  BACKPORT: gcov: clang support
  UPSTREAM: gcov: docs: add a note on GCC vs Clang differences
  UPSTREAM: gcov: clang: move common GCC code into gcc_base.c
  UPSTREAM: module: add stubs for within_module functions
  UPSTREAM: gcov: remove CONFIG_GCOV_FORMAT_AUTODETECT
  BACKPORT: kbuild: gcov: enable -fno-tree-loop-im if supported
  fs: sdcardfs: Add missing option to show_options

Conflicts:
	Makefile
	arch/arm64/include/asm/pgtable.h
	drivers/scsi/ufs/ufshcd.c

Change-Id: I0c79879b0989383949ff5a292a9923b668e4514f
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-07-23 11:00:08 -07:00
Blagovest Kolenichev
05efa6b764 Merge android-4.14.120 (eeb46d8) into msm-4.14 
* refs/heads/tmp-eeb46d8:
  Linux 4.14.120
  s390/speculation: Fix build error caused by bad backport
  powerpc/booke64: set RI in default MSR
  powerpc/powernv/idle: Restore IAMR after idle
  drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
  drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
  tipc: fix hanging clients using poll with EPOLLOUT flag
  vrf: sit mtu should not be updated when vrf netdev is the link
  vlan: disable SIOCSHWTSTAMP in container
  packet: Fix error path in packet_init
  net: ucc_geth - fix Oops when changing number of buffers in the ring
  net: seeq: fix crash caused by not set dev.parent
  net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
  net: dsa: Fix error cleanup path in dsa_init_module
  ipv4: Fix raw socket lookup for local traffic
  fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied
  dpaa_eth: fix SG frame cleanup
  bridge: Fix error path for kobject_init_and_add()
  bonding: fix arp_validate toggling in active-backup mode
  powerpc/64s: Include cpu header
  Don't jump to compute_result state from check_result state
  rtlwifi: rtl8723ae: Fix missing break in switch statement
  mwl8k: Fix rate_idx underflow
  cw1200: fix missing unlock on error in cw1200_hw_scan()
  x86/kprobes: Avoid kretprobe recursion bug
  nfc: nci: Potential off by one in ->pipes[] array
  NFC: nci: Add some bounds checking in nci_hci_cmd_received()
  mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue
  mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue
  mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue
  mlxsw: spectrum_switchdev: Add MDB entries in prepare phase
  net: fec: manage ahb clock in runtime pm
  mm/memory.c: fix modifying of page protection by insert_pfn()
  net: hns: Fix WARNING when hns modules installed
  x86/fpu: Don't export __kernel_fpu_{begin,end}()
  cifs: fix memory leak in SMB2_read
  drm/rockchip: fix for mailbox read validation.
  netfilter: nf_tables: warn when expr implements only one of activate/deactivate
  Input: elan_i2c - add hardware ID for multiple Lenovo laptops
  ACPICA: Namespace: remove address node from global list after method termination
  gtp: change NET_UDP_TUNNEL dependency to select
  net_sched: fix two more memory leaks in cls_tcindex
  xtensa: xtfpga.dtsi: fix dtc warnings about SPI
  devres: Align data[] to ARCH_KMALLOC_MINALIGN
  vt: always call notifier with the console lock held
  arm64: dts: marvell: armada-ap806: reserve PSCI area
  RDMA/vmw_pvrdma: Return the correct opcode when creating WR
  drm/rockchip: psr: do not dereference encoder before it is null checked.
  leds: pwm: silently error out on EPROBE_DEFER
  powerpc: remove old GCC version checks
  arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible
  mm: introduce mm_[p4d|pud|pmd]_folded
  x86/vdso: Pass --eh-frame-hdr to the linker
  Btrfs: fix missing delayed iputs on unmount
  net: stmmac: Move debugfs init/exit to ->probe()/->remove()
  staging: olpc_dcon: add a missing dependency
  scsi: raid_attrs: fix unused variable warning
  drm/i915: Downgrade Gen9 Plane WM latency error
  tracing/fgraph: Fix set_graph_function from showing interrupts
  net: don't keep lonely packets forever in the gro hash
  media: ov5640: fix auto controls values when switching to manual mode
  media: ov5640: fix wrong binning value in exposure calculation
  drm/i915: Disable LP3 watermarks on all SNB machines
  fuse: fix possibly missed wake-up after abort
  media: adv7842: when the EDID is cleared, unconfigure CEC as well
  media: adv7604: when the EDID is cleared, unconfigure CEC as well
  media: cec: integrate cec_validate_phys_addr() in cec-api.c
  media: cec: make cec_get_edid_spa_location() an inline function
  KVM: arm/arm64: Ensure only THP is candidate for adjustment
  ima: open a new file instance if no read permissions
  IB/rxe: Revise the ib_wr_opcode enum
  ACPICA: AML interpreter: add region addresses in global list during initialization
  bcache: correct dirty data statistics
  MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit
  sparc64: Make corrupted user stacks more debuggable.
  sparc64: Export __node_distance.
  Input: synaptics-rmi4 - fix possible double free
  spi: ST ST95HF NFC: declare missing of table
  spi: Micrel eth switch: declare missing of table
  drm/imx: don't skip DP channel disable for background plane
  gpu: ipu-v3: dp: fix CSC handling
  selftests/net: correct the return value for run_netsocktests
  drm/sun4i: Set device driver data at bind time for use in unbind
  s390: ctcm: fix ctcm_new_device error return code
  MIPS: perf: ath79: Fix perfcount IRQ assignment
  netfilter: ctnetlink: don't use conntrack/expect object addresses as id
  ipvs: do not schedule icmp errors from tunnels
  selftests: netfilter: check icmp pkttoobig errors are set as related
  init: initialize jump labels before command line option parsing
  mm: fix inactive list balancing between NUMA nodes and cgroups
  tools lib traceevent: Fix missing equality check for strcmp
  KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
  KVM: fix spectrev1 gadgets
  x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
  s390/pkey: add one more argument space for debug feature entry
  mISDN: Check address length before reading address family
  clocksource/drivers/oxnas: Fix OX820 compatible
  s390/3270: fix lockdep false positive on view->lock
  nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
  mac80211: fix memory accounting with A-MSDU aggregation
  mac80211: Increase MAX_MSG_LEN
  mac80211: fix unaligned access in mesh table hash function
  s390/dasd: Fix capacity calculation for large volumes
  libnvdimm/btt: Fix a kmemdup failure check
  HID: input: add mapping for "Toggle Display" key
  HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
  HID: input: add mapping for Expose/Overview key
  libnvdimm/namespace: Fix a potential NULL pointer dereference
  iio: adc: xilinx: fix potential use-after-free on remove
  USB: serial: fix unthrottle races
  kernfs: fix barrier usage in __kernfs_new_node()
  hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
  platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
  platform/x86: sony-laptop: Fix unintentional fall-through
  netfilter: compat: initialize all fields in xt_init
  ANDROID: cuttlefish_defconfig: Disable DEVTMPFS
  ANDROID: Move from clang r349610 to r353983c.
  f2fs: fix to avoid accessing xattr across the boundary
  f2fs: fix to avoid potential race on sbi->unusable_block_count access/update
  f2fs: add tracepoint for f2fs_filemap_fault()
  f2fs: introduce DATA_GENERIC_ENHANCE
  f2fs: fix to handle error in f2fs_disable_checkpoint()
  f2fs: remove redundant check in f2fs_file_write_iter()
  f2fs: fix to be aware of readonly device in write_checkpoint()
  f2fs: fix to skip recovery on readonly device
  f2fs: fix to consider multiple device for readonly check
  f2fs: relocate chksum_offset for large_nat_bitmap feature
  f2fs: allow unfixed f2fs_checkpoint.checksum_offset
  f2fs: Replace spaces with tab
  f2fs: insert space before the open parenthesis '('
  f2fs: allow address pointer number of dnode aligning to specified size
  f2fs: introduce f2fs_read_single_page() for cleanup
  f2fs: mark is_extension_exist() inline
  f2fs: fix to set FI_UPDATE_WRITE correctly
  f2fs: fix to avoid panic in f2fs_inplace_write_data()
  f2fs: fix to do sanity check on valid block count of segment
  f2fs: fix to do sanity check on valid node/block count
  f2fs: fix to avoid panic in do_recover_data()
  f2fs: fix to do sanity check on free nid
  f2fs: fix to do checksum even if inode page is uptodate
  f2fs: fix to avoid panic in f2fs_remove_inode_page()
  f2fs: fix to clear dirty inode in error path of f2fs_iget()
  f2fs: remove new blank line of f2fs kernel message
  f2fs: fix wrong __is_meta_io() macro
  f2fs: fix to avoid panic in dec_valid_node_count()
  f2fs: fix to avoid panic in dec_valid_block_count()
  f2fs: fix to use inline space only if inline_xattr is enable
  f2fs: fix to retrieve inline xattr space
  f2fs: fix error path of recovery
  f2fs: fix to avoid deadloop in foreground GC
  f2fs: data: fix warning Using plain integer as NULL pointer
  f2fs: add tracepoint for f2fs_file_write_iter()
  f2fs: add comment for conditional compilation statement
  f2fs: fix potential recursive call when enabling data_flush
  f2fs: improve discard handling with multi-device volumes
  f2fs: Reduce zoned block device memory usage
  f2fs: Fix use of number of devices

Conflicts:
	fs/f2fs/data.c
	mm/vmscan.c

Change-Id: If6ce28cd56119ea6094c556ff4bc1aedfb24378c
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-07-23 10:59:55 -07:00
qctecmdr
23a9348bc0 Merge "Merge android-4.14.117 (74196c0) into msm-4.14" 2019-07-01 19:37:32 -07:00
Greg Kroah-Hartman
1648bfc0cd This is the 4.14.130 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0RltcACgkQONu9yGCS
 aT413Q//SMNo706VZdtx9QyN9HSSWb+c2PF6jD//zCqrgctYq80qneU8r45FEh/c
 Ppafe2dsZHNXdZBo3LJIuOG6ZF/9i4TQQd5V4xEZlAcMv/VQDXiDagxI7ItlL3tW
 9n0Ok4Sw/rHR2OZj0jD2dJdfaGgntU8BhqT5xMSKxOIdGgfst/nRhNcQ3OxVwlSp
 t5N8gDpPGXclQty+dKJFpiCBg/4nTvlf4B3K4kDH/fPn6dlPy84uJDq6PPz5Pe4c
 gWyfSixvFUPZZsEfKgkK/kLVv1+vVXeLzI/JjwG2/Z6Ah7Vaw/c2kRQp6HZOMe4G
 6PuD4TK+0VZkgv2Eptn2h/3Y0iRr+n/SRZ/K5sG97lyPm5MvtEN11FTaVxb5hh+u
 SobRIpkdwXLLqkHBtEGwbXEOPfBgONDqNuYAc8vYRWh99pGHnF4xbadfT/rSPkpp
 X9xzbFQsFbwf56WLXOaydnXtSOhUYd0gJkxeK7tU37aQ2pmFxe1Q0yP7a1DIYQqE
 Wu2i6w6EreatmpEpjBiEoxhmGavt3E6WpkeetethHVE9hhv0VFzEojBCwC7JClql
 jXTQa7GQ7Ih43qPuGJ4Fh9wLghauJ/sWdCQeNbdjU0284UG4IsD/It+T3O0btPZz
 dnzTsr3jlSaMlW5eoZRXFY9lmntjW4olYUc8XCYsa/U6v9Bd/Gs=
 =MdHH
 -----END PGP SIGNATURE-----

Merge 4.14.130 into android-4.14-q

Changes in 4.14.130
	tracing: Silence GCC 9 array bounds warning
	objtool: Support per-function rodata sections
	gcc-9: silence 'address-of-packed-member' warning
	net: phy: broadcom: Use strlcpy() for ethtool::get_strings
	mmc: core: Prevent processing SDIO IRQs when the card is suspended
	scsi: ufs: Avoid runtime suspend possibly being blocked forever
	usb: chipidea: udc: workaround for endpoint conflict issue
	IB/hfi1: Silence txreq allocation warnings
	Input: synaptics - enable SMBus on ThinkPad E480 and E580
	Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
	apparmor: enforce nullbyte at end of tag string
	ARC: fix build warnings
	ARC: [plat-hsdk]: Add missing multicast filter bins number to GMAC node
	ARC: [plat-hsdk]: Add missing FIFO size entry in GMAC node
	parport: Fix mem leak in parport_register_dev_model
	parisc: Fix compiler warnings in float emulation code
	IB/rdmavt: Fix alloc_qpn() WARN_ON()
	IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
	IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
	IB/hfi1: Validate page aligned for a given virtual address
	MIPS: uprobes: remove set but not used variable 'epc'
	xtensa: Fix section mismatch between memblock_reserve and mem_reserve
	net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
	net: hns: Fix loopback test failed at copper ports
	mdesc: fix a missing-check bug in get_vdev_port_node_info()
	sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
	net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
	net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled
	drm/arm/hdlcd: Actually validate CRTC modes
	drm/arm/hdlcd: Allow a bit of clock tolerance
	scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
	scsi: ufs: Check that space was properly alloced in copy_query_response
	scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous()
	net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set
	s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
	hwmon: (core) add thermal sensors only if dev->of_node is present
	hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
	nvme: Fix u32 overflow in the number of namespace list calculation
	btrfs: start readahead also in seed devices
	can: flexcan: fix timeout when set small bitrate
	can: purge socket error queue on sock destruct
	powerpc/bpf: use unsigned division instruction for 64-bit operations
	ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
	ARM: dts: am57xx-idk: Remove support for voltage switching for SD card
	Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
	Bluetooth: Fix regression with minimum encryption key size alignment
	SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
	cfg80211: fix memory leak of wiphy device name
	mac80211: drop robust management frames from unknown TA
	mac80211: handle deauthentication/disassociation from TDLS peer
	mac80211: Do not use stack memory with scatterlist for GMAC
	Linux 4.14.130

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-06-28 10:32:14 +02:00
Greg Kroah-Hartman
fe57a37b3f This is the 4.14.130 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0RltcACgkQONu9yGCS
 aT413Q//SMNo706VZdtx9QyN9HSSWb+c2PF6jD//zCqrgctYq80qneU8r45FEh/c
 Ppafe2dsZHNXdZBo3LJIuOG6ZF/9i4TQQd5V4xEZlAcMv/VQDXiDagxI7ItlL3tW
 9n0Ok4Sw/rHR2OZj0jD2dJdfaGgntU8BhqT5xMSKxOIdGgfst/nRhNcQ3OxVwlSp
 t5N8gDpPGXclQty+dKJFpiCBg/4nTvlf4B3K4kDH/fPn6dlPy84uJDq6PPz5Pe4c
 gWyfSixvFUPZZsEfKgkK/kLVv1+vVXeLzI/JjwG2/Z6Ah7Vaw/c2kRQp6HZOMe4G
 6PuD4TK+0VZkgv2Eptn2h/3Y0iRr+n/SRZ/K5sG97lyPm5MvtEN11FTaVxb5hh+u
 SobRIpkdwXLLqkHBtEGwbXEOPfBgONDqNuYAc8vYRWh99pGHnF4xbadfT/rSPkpp
 X9xzbFQsFbwf56WLXOaydnXtSOhUYd0gJkxeK7tU37aQ2pmFxe1Q0yP7a1DIYQqE
 Wu2i6w6EreatmpEpjBiEoxhmGavt3E6WpkeetethHVE9hhv0VFzEojBCwC7JClql
 jXTQa7GQ7Ih43qPuGJ4Fh9wLghauJ/sWdCQeNbdjU0284UG4IsD/It+T3O0btPZz
 dnzTsr3jlSaMlW5eoZRXFY9lmntjW4olYUc8XCYsa/U6v9Bd/Gs=
 =MdHH
 -----END PGP SIGNATURE-----

Merge 4.14.130 into android-4.14

Changes in 4.14.130
	tracing: Silence GCC 9 array bounds warning
	objtool: Support per-function rodata sections
	gcc-9: silence 'address-of-packed-member' warning
	net: phy: broadcom: Use strlcpy() for ethtool::get_strings
	mmc: core: Prevent processing SDIO IRQs when the card is suspended
	scsi: ufs: Avoid runtime suspend possibly being blocked forever
	usb: chipidea: udc: workaround for endpoint conflict issue
	IB/hfi1: Silence txreq allocation warnings
	Input: synaptics - enable SMBus on ThinkPad E480 and E580
	Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD
	apparmor: enforce nullbyte at end of tag string
	ARC: fix build warnings
	ARC: [plat-hsdk]: Add missing multicast filter bins number to GMAC node
	ARC: [plat-hsdk]: Add missing FIFO size entry in GMAC node
	parport: Fix mem leak in parport_register_dev_model
	parisc: Fix compiler warnings in float emulation code
	IB/rdmavt: Fix alloc_qpn() WARN_ON()
	IB/hfi1: Insure freeze_work work_struct is canceled on shutdown
	IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value
	IB/hfi1: Validate page aligned for a given virtual address
	MIPS: uprobes: remove set but not used variable 'epc'
	xtensa: Fix section mismatch between memblock_reserve and mem_reserve
	net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
	net: hns: Fix loopback test failed at copper ports
	mdesc: fix a missing-check bug in get_vdev_port_node_info()
	sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD
	net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported
	net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled
	drm/arm/hdlcd: Actually validate CRTC modes
	drm/arm/hdlcd: Allow a bit of clock tolerance
	scripts/checkstack.pl: Fix arm64 wrong or unknown architecture
	scsi: ufs: Check that space was properly alloced in copy_query_response
	scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous()
	net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set
	s390/qeth: fix VLAN attribute in bridge_hostnotify udev event
	hwmon: (core) add thermal sensors only if dev->of_node is present
	hwmon: (pmbus/core) Treat parameters as paged if on multiple pages
	nvme: Fix u32 overflow in the number of namespace list calculation
	btrfs: start readahead also in seed devices
	can: flexcan: fix timeout when set small bitrate
	can: purge socket error queue on sock destruct
	powerpc/bpf: use unsigned division instruction for 64-bit operations
	ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX
	ARM: dts: am57xx-idk: Remove support for voltage switching for SD card
	Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
	Bluetooth: Fix regression with minimum encryption key size alignment
	SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write
	cfg80211: fix memory leak of wiphy device name
	mac80211: drop robust management frames from unknown TA
	mac80211: handle deauthentication/disassociation from TDLS peer
	mac80211: Do not use stack memory with scatterlist for GMAC
	Linux 4.14.130

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
 2019-06-28 10:16:17 +02:00
qctecmdr
f362f0c4f8 Merge "Merge android-4.14.114 (c680586) into msm-4.14" 2019-06-27 04:01:19 -07:00
Blagovest Kolenichev
c80c23744e Merge android-4.14.117 (74196c0) into msm-4.14 
* refs/heads/tmp-74196c0:
  Linux 4.14.117
  mm/kmemleak.c: fix unused-function warning
  media: v4l2: i2c: ov7670: Fix PLL bypass register values
  i2c: i2c-stm32f7: Fix SDADEL minimum formula
  clk: x86: Add system specific quirk to mark clocks as critical
  x86/mce: Improve error message when kernel cannot recover, p2
  powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search
  selinux: never allow relabeling on context mounts
  Input: stmfts - acknowledge that setting brightness is a blocking call
  Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ
  IB/core: Destroy QP if XRC QP fails
  IB/core: Fix potential memory leak while creating MAD agents
  IB/core: Unregister notifier before freeing MAD security
  ASoC: stm32: fix sai driver name initialisation
  scsi: RDMA/srpt: Fix a credit leak for aborted commands
  staging: iio: adt7316: fix the dac write calculation
  staging: iio: adt7316: fix the dac read calculation
  staging: iio: adt7316: allow adt751x to use internal vref for all dacs
  Bluetooth: btusb: request wake pin with NOAUTOEN
  perf/x86/amd: Update generic hardware cache events for Family 17h
  ARM: iop: don't use using 64-bit DMA masks
  ARM: orion: don't use using 64-bit DMA masks
  xsysace: Fix error handling in ace_setup
  sh: fix multiple function definition build errors
  hugetlbfs: fix memory leak for resv_map
  kmemleak: powerpc: skip scanning holes in the .bss section
  net: hns: Fix WARNING when remove HNS driver with SMMU enabled
  net: hns: fix ICMP6 neighbor solicitation messages discard problem
  net: hns: Fix probabilistic memory overwrite when HNS driver initialized
  net: hns: Use NAPI_POLL_WEIGHT for hns driver
  net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw()
  scsi: storvsc: Fix calculation of sub-channel count
  scsi: core: add new RDAC LENOVO/DE_Series device
  vfio/pci: use correct format characters
  HID: input: add mapping for Assistant key
  rtc: da9063: set uie_unsupported when relevant
  debugfs: fix use-after-free on symlink traversal
  jffs2: fix use-after-free on symlink traversal
  net: stmmac: don't log oversized frames
  net: stmmac: fix dropping of multi-descriptor RX frames
  net: stmmac: don't overwrite discard_frame status
  net: stmmac: ratelimit RX error logs
  bonding: show full hw address in sysfs for slave entries
  net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands
  igb: Fix WARN_ONCE on runtime suspend
  ARM: dts: rockchip: Fix gpu opp node names for rk3288
  batman-adv: Reduce tt_global hash refcnt only for removed entry
  batman-adv: Reduce tt_local hash refcnt only for removed entry
  batman-adv: Reduce claim hash refcnt only for removed entry
  rtc: sh: Fix invalid alarm warning for non-enabled alarm
  HID: debug: fix race condition with between rdesc_show() and device removal
  HID: logitech: check the return value of create_singlethread_workqueue
  nvme-loop: init nvmet_ctrl fatal_err_work when allocate
  mm: do not stall register_shrinker()
  USB: core: Fix bug caused by duplicate interface PM usage counter
  USB: core: Fix unterminated string returned by usb_string()
  usb: usbip: fix isoc packet num validation in get_pipe
  USB: w1 ds2490: Fix bug caused by improper use of altsetting array
  USB: yurex: Fix protection fault after device removal
  ALSA: hda/realtek - Fixed Dell AIO speaker noise
  ALSA: hda/realtek - Add new Dell platform for headset mode
  caif: reduce stack size with KASAN
  arm64: only advance singlestep for user instruction traps
  arm64: Fix single stepping in kernel traps
  kasan: prevent compiler from optimizing away memset in tests
  kasan: remove redundant initialization of variable 'real_size'
  net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
  net: phy: marvell: Fix buffer overrun with stats counters
  rxrpc: Fix net namespace cleanup
  bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one()
  bnxt_en: Improve multicast address setup logic.
  packet: validate msg_namelen in send directly
  sctp: avoid running the sctp state machine recursively
  ipv6: invert flowlabel sharing check in process and user mode
  ipv6/flowlabel: wait rcu grace period before put_pid()
  ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
  ALSA: line6: use dynamic buffers
  ANDROID: cuttlefish 4.14: enable CONFIG_CRYPTO_AES_NI_INTEL=y

Conflicts:
	mm/vmscan.c

Change-Id: I4b418c58280c5fd14cc329aef602b09f235ad99a
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-06-25 03:08:14 -07:00
Blagovest Kolenichev
d4dcd34c67 Merge android-4.14.116 (85dc1a5) into msm-4.14 
* refs/heads/tmp-85dc1a5:
  Linux 4.14.116
  leds: pca9532: fix a potential NULL pointer dereference
  ptrace: take into account saved_sigmask in PTRACE{GET,SET}SIGMASK
  iommu/amd: Reserve exclusion range in iova-domain
  kconfig/[mn]conf: handle backspace (^H) key
  gpio: of: Fix of_gpiochip_add() error path
  libata: fix using DMA buffers on stack
  scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN
  ceph: fix use-after-free on symlink traversal
  usb: u132-hcd: fix resource leak
  usb: usb251xb: fix to avoid potential NULL pointer dereference
  scsi: qla4xxx: fix a potential NULL pointer dereference
  drm/meson: Uninstall IRQ handler
  drm/meson: Fix invalid pointer in meson_drv_unbind()
  gpio: aspeed: fix a potential NULL pointer dereference
  net: ethernet: ti: fix possible object reference leak
  net: ibm: fix possible object reference leak
  net: xilinx: fix possible object reference leak
  NFS: Fix a typo in nfs_init_timeout_values()
  ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
  net/sched: don't dereference a->goto_chain to read the chain index
  net: macb: Add null check for PCLK and HCLK
  staging: rtlwifi: Fix potential NULL pointer dereference of kzalloc
  staging: rtl8712: uninitialized memory in read_bbreg_hdl()
  staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer dereference
  staging: rtl8188eu: Fix potential NULL pointer dereference of kcalloc
  net: ks8851: Set initial carrier state to down
  net: ks8851: Delay requesting IRQ until opened
  net: ks8851: Reassert reset pin if chip ID check fails
  net: ks8851: Dequeue RX packets explicitly
  ARM: dts: pfla02: increase phy reset duration
  usb: gadget: net2272: Fix net2272_dequeue()
  usb: gadget: net2280: Fix net2280_dequeue()
  usb: gadget: net2280: Fix overrun of OUT messages
  KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the memslots
  serial: ar933x_uart: Fix build failure with disabled console
  sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init()
  s390/qeth: fix race when initializing the IP address table
  netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING
  netfilter: nft_set_rbtree: check for inactive element after flag mismatch
  qlcnic: Avoid potential NULL pointer dereference
  s390: limit brk randomization to 32MB
  ARM: dts: bcm283x: Fix hdmi hpd gpio pull
  fs: prevent page refcount overflow in pipe_buf_get
  mm: prevent get_user_pages() from overflowing page refcount
  mm: add 'try_get_page()' helper function
  mm: make page ref count overflow check tighter and more explicit
  usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set
  usbnet: ipheth: prevent TX queue timeouts when device not ready
  selinux: use kernel linux/socket.h for genheaders and mdp

Change-Id: I4c096d869f0c685cf3a107748bba0ffe3b20c029
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-06-25 03:08:08 -07:00
Blagovest Kolenichev
dc1d03db8d Merge android-4.14.114 (c680586) into msm-4.14 
* refs/heads/tmp-c680586:
  dm: Restore reverted changes
  Linux 4.14.114
  kernel/sysctl.c: fix out-of-bounds access when setting file-max
  Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()"
  i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array
  xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute
  xfs: add the ability to join a held buffer to a defer_ops
  iomap: report collisions between directio and buffered writes to userspace
  tools include: Adopt linux/bits.h
  percpu: stop printing kernel addresses
  ALSA: info: Fix racy addition/deletion of nodes
  mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n
  device_cgroup: fix RCU imbalance in error case
  sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup
  Revert "kbuild: use -Oz instead of -Os when using clang"
  net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c
  net: IP6 defrag: use rbtrees for IPv6 defrag
  ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module
  net: IP defrag: encapsulate rbtree defrag code into callable functions
  ipv6: frags: fix a lockdep false positive
  tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
  modpost: file2alias: check prototype of handler
  modpost: file2alias: go back to simple devtable lookup
  mmc: sdhci: Handle auto-command errors
  mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR
  mmc: sdhci: Fix data command CRC error handling
  crypto: crypto4xx - properly set IV after de- and encrypt
  x86/speculation: Prevent deadlock on ssb_state::lock
  perf/x86: Fix incorrect PEBS_REGS
  x86/cpu/bugs: Use __initconst for 'const' init data
  perf/x86/amd: Add event map for AMD Family 17h
  mac80211: do not call driver wake_tx_queue op during reconfig
  rt2x00: do not increment sequence number while re-transmitting
  kprobes: Fix error check when reusing optimized probes
  kprobes: Mark ftrace mcount handler functions nokprobe
  x86/kprobes: Verify stack frame on kretprobe
  arm64: futex: Restore oldval initialization to work around buggy compilers
  crypto: x86/poly1305 - fix overflow during partial reduction
  coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
  Revert "svm: Fix AVIC incomplete IPI emulation"
  Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO"
  scsi: core: set result when the command cannot be dispatched
  ALSA: core: Fix card races between register and disconnect
  ALSA: hda/realtek - add two more pin configuration sets to quirk table
  staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf
  staging: comedi: ni_usb6501: Fix use of uninitialized mutex
  staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf
  staging: comedi: vmk80xx: Fix use of uninitialized semaphore
  io: accel: kxcjk1013: restore the range after resume.
  iio: core: fix a possible circular locking dependency
  iio: adc: at91: disable adc channel interrupt in timeout case
  iio: Fix scan mask selection
  iio: dac: mcp4725: add missing powerdown bits in store eeprom
  iio: ad_sigma_delta: select channel when reading register
  iio: cros_ec: Fix the maths for gyro scale calculation
  iio/gyro/bmg160: Use millidegrees for temperature scale
  iio: gyro: mpu3050: fix chip ID reading
  staging: iio: ad7192: Fix ad7193 channel address
  Staging: iio: meter: fixed typo
  KVM: x86: svm: make sure NMI is injected after nmi_singlestep
  KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU
  CIFS: keep FileInfo handle live during oplock break
  net: thunderx: don't allow jumbo frames with XDP
  net: thunderx: raise XDP MTU to 1508
  ipv4: ensure rcu_read_lock() in ipv4_link_failure()
  ipv4: recompile ip options in ipv4_link_failure
  vhost: reject zero size iova range
  team: set slave to promisc if team is already in promisc mode
  tcp: tcp_grow_window() needs to respect tcp_space()
  net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
  net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
  net: bridge: fix per-port af_packet sockets
  net: atm: Fix potential Spectre v1 vulnerabilities
  bonding: fix event handling for stacked bonds
  ANDROID: cuttlefish_defconfig: Enable CONFIG_XFRM_STATISTICS
  Linux 4.14.113
  appletalk: Fix compile regression
  mm: hide incomplete nr_indirectly_reclaimable in sysfs
  net: stmmac: Set dma ring length before enabling the DMA
  bpf: Fix selftests are changes for CVE 2019-7308
  bpf: fix sanitation rewrite in case of non-pointers
  bpf: do not restore dst_reg when cur_state is freed
  bpf: fix inner map masking to prevent oob under speculation
  bpf: fix sanitation of alu op with pointer / scalar type from different paths
  bpf: prevent out of bounds speculation on pointer arithmetic
  bpf: fix check_map_access smin_value test when pointer contains offset
  bpf: restrict unknown scalars of mixed signed bounds for unprivileged
  bpf: restrict stack pointer arithmetic for unprivileged
  bpf: restrict map value pointer arithmetic for unprivileged
  bpf: enable access to ax register also from verifier rewrite
  bpf: move tmp variable into ax register in interpreter
  bpf: move {prev_,}insn_idx into verifier env
  bpf: fix stack state printing in verifier log
  bpf: fix verifier NULL pointer dereference
  bpf: fix verifier memory leaks
  bpf: reduce verifier memory consumption
  dm: disable CRYPTO_TFM_REQ_MAY_SLEEP to fix a GFP_KERNEL recursion deadlock
  bpf: fix use after free in bpf_evict_inode
  include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
  lib/div64.c: off by one in shift
  appletalk: Fix use-after-free in atalk_proc_exit
  drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)
  ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
  drm/nouveau/volt/gf117: fix speedo readout register
  coresight: cpu-debug: Support for CA73 CPUs
  Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
  crypto: axis - fix for recursive locking from bottom half
  drm/panel: panel-innolux: set display off in innolux_panel_unprepare
  lkdtm: Add tests for NULL pointer dereference
  lkdtm: Print real addresses
  soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
  iommu/dmar: Fix buffer overflow during PCI bus notification
  crypto: sha512/arm - fix crash bug in Thumb2 build
  crypto: sha256/arm - fix crash bug in Thumb2 build
  kernel: hung_task.c: disable on suspend
  cifs: fallback to older infolevels on findfirst queryinfo retry
  compiler.h: update definition of unreachable()
  KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
  ACPI / SBS: Fix GPE storm on recent MacBookPro's
  usbip: fix vhci_hcd controller counting
  ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
  HID: i2c-hid: override HID descriptors for certain devices
  media: au0828: cannot kfree dev before usb disconnect
  powerpc/pseries: Remove prrn_work workqueue
  serial: uartps: console_setup() can't be placed to init section
  netfilter: xt_cgroup: shrink size of v2 path
  f2fs: fix to do sanity check with current segment number
  9p locks: add mount option for lock retry interval
  9p: do not trust pdu content for stat item size
  rsi: improve kernel thread handling to fix kernel panic
  gpio: pxa: handle corner case of unprobed device
  ext4: prohibit fstrim in norecovery mode
  fix incorrect error code mapping for OBJECTID_NOT_FOUND
  x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
  iommu/vt-d: Check capability before disabling protected memory
  drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
  x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
  x86/hpet: Prevent potential NULL pointer dereference
  irqchip/mbigen: Don't clear eventid when freeing an MSI
  perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
  perf tests: Fix memory leak by expr__find_other() in test__expr()
  perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
  perf evsel: Free evsel->counts in perf_evsel__exit()
  perf hist: Add missing map__put() in error case
  perf top: Fix error handling in cmd_top()
  perf build-id: Fix memory leak in print_sdt_events()
  perf config: Fix a memory leak in collect_config()
  perf config: Fix an error in the config template documentation
  perf list: Don't forget to drop the reference to the allocated thread_map
  tools/power turbostat: return the exit status of a command
  x86/mm: Don't leak kernel addresses
  scsi: iscsi: flush running unbind operations when removing a session
  thermal/intel_powerclamp: fix truncated kthread name
  thermal/int340x_thermal: fix mode setting
  thermal/int340x_thermal: Add additional UUIDs
  thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
  thermal/intel_powerclamp: fix __percpu declaration of worker_data
  ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
  mmc: davinci: remove extraneous __init annotation
  IB/mlx4: Fix race condition between catas error reset and aliasguid flows
  auxdisplay: hd44780: Fix memory leak on ->remove()
  ALSA: sb8: add a check for request_region
  ALSA: echoaudio: add a check for ioremap_nocache
  ext4: report real fs size after failed resize
  ext4: add missing brelse() in add_new_gdb_meta_bg()
  perf/core: Restore mmap record type correctly
  arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
  ARC: u-boot args: check that magic number is correct
  ANDROID: cuttlefish_defconfig: Enable L2TP/PPTP
  ANDROID: Makefile: Properly resolve 4.14.112 merge
  Make arm64 serial port config compatible with crosvm
  Linux 4.14.112
  arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64
  arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64
  dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
  PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
  x86/perf/amd: Remove need to check "running" bit in NMI handler
  x86/perf/amd: Resolve NMI latency issues for active PMCs
  x86/perf/amd: Resolve race condition when disabling PMC
  xtensa: fix return_address
  sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
  xen: Prevent buffer overflow in privcmd ioctl
  arm64: backtrace: Don't bother trying to unwind the userspace stack
  arm64: dts: rockchip: fix rk3328 rgmii high tx error rate
  arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
  ARM: dts: at91: Fix typo in ISC_D0 on PC9
  ARM: dts: am335x-evm: Correct the regulators for the audio codec
  ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
  virtio: Honour 'may_reduce_num' in vring_create_virtqueue
  genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
  genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
  block: fix the return errno for direct IO
  block: do not leak memory in bio_copy_user_iov()
  btrfs: prop: fix vanished compression property after failed set
  btrfs: prop: fix zstd compression parameter validation
  Btrfs: do not allow trimming when a fs is mounted with the nologreplay option
  ASoC: fsl_esai: fix channel swap issue when stream starts
  include/linux/bitrev.h: fix constant bitrev
  drm/udl: add a release method and delay modeset teardown
  alarmtimer: Return correct remaining time
  parisc: regs_return_value() should return gpr28
  parisc: Detect QEMU earlier in boot process
  arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
  hv_netvsc: Fix unwanted wakeup after tx_disable
  ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
  ALSA: seq: Fix OOB-reads from strlcpy
  net: ethtool: not call vzalloc for zero sized memory request
  netns: provide pure entropy for net_hash_mix()
  net/sched: act_sample: fix divide by zero in the traffic path
  bnxt_en: Reset device on RX buffer errors.
  bnxt_en: Improve RX consumer index validity check.
  nfp: validate the return code from dev_queue_xmit()
  net/mlx5e: Add a lock on tir list
  net/mlx5e: Fix error handling when refreshing TIRs
  vrf: check accept_source_route on the original netdevice
  tcp: Ensure DCTCP reacts to losses
  sctp: initialize _pad of sockaddr_in before copying to user memory
  qmi_wwan: add Olicard 600
  openvswitch: fix flow actions reallocation
  net/sched: fix ->get helper of the matchall cls
  net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
  net/mlx5: Decrease default mr cache size
  net-gro: Fix GRO flush when receiving a GSO packet.
  kcm: switch order of device registration to fix a crash
  ipv6: sit: reset ip header pointer in ipip6_rcv
  ipv6: Fix dangling pointer when ipv6 fragment
  tty: ldisc: add sysctl to prevent autoloading of ldiscs
  tty: mark Siemens R3964 line discipline as BROKEN
  arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
  stating: ccree: revert "staging: ccree: fix leak of import() after init()"
  lib/string.c: implement a basic bcmp
  x86/vdso: Drop implicit common-page-size linker flag
  x86: vdso: Use $LD instead of $CC to link
  kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
  powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
  drm/i915/gvt: do not let pin count of shadow mm go negative
  x86/power: Make restore_processor_context() sane
  x86/power/32: Move SYSENTER MSR restoration to fix_processor_context()
  x86/power/64: Use struct desc_ptr for the IDT in struct saved_context
  x86/power: Fix some ordering bugs in __restore_processor_context()
  net: sfp: move sfp_register_socket call from sfp_remove to sfp_probe
  Revert "CHROMIUM: dm: boot time specification of dm="
  Revert "ANDROID: dm: do_mounts_dm: Rebase on top of 4.9"
  Revert "ANDROID: dm: do_mounts_dm: fix dm_substitute_devices()"
  Revert "ANDROID: dm: do_mounts_dm: Update init/do_mounts_dm.c to the latest ChromiumOS version."
  sched/fair: remove printk while schedule is in progress
  ANDROID: Makefile: Add '-fsplit-lto-unit' to cfi-clang-flags
  ANDROID: cfi: Remove unused variable in ptr_to_check_fn
  ANDROID: cuttlefish_defconfig: Enable CONFIG_FUSE_FS

Conflicts:
	arch/arm64/kernel/traps.c
	drivers/mmc/host/sdhci.c
	drivers/mmc/host/sdhci.h
	drivers/tty/Kconfig
	kernel/sched/fair.c

Change-Id: Ic4c01204f58cdb536e2cab04e4f1a2451977f6a3
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
 2019-06-25 03:05:18 -07:00
Jann Horn
4758984fa3 apparmor: enforce nullbyte at end of tag string 
commit 8404d7a674c49278607d19726e0acc0cae299357 upstream.

A packed AppArmor policy contains null-terminated tag strings that are read
by unpack_nameX(). However, unpack_nameX() uses string functions on them
without ensuring that they are actually null-terminated, potentially
leading to out-of-bounds accesses.

Make sure that the tag string is null-terminated before passing it to
strcmp().

Cc: stable@vger.kernel.org
Fixes: 736ec752d95e ("AppArmor: policy routines for loading and unpacking policy")
Signed-off-by: Jann Horn <jannh@google.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2019-06-25 11:36:51 +08:00
Kees Cook
5bb098df6f BACKPORT: security: Implement Clang's stack initialization 
CONFIG_INIT_STACK_ALL turns on stack initialization based on
-ftrivial-auto-var-init in Clang builds, which has greater coverage
than CONFIG_GCC_PLUGINS_STRUCTLEAK_BYREF_ALL.

-ftrivial-auto-var-init Clang option provides trivial initializers for
uninitialized local variables, variable fields and padding.

It has three possible values:
  pattern - uninitialized locals are filled with a fixed pattern
    (mostly 0xAA on 64-bit platforms, see https://reviews.llvm.org/D54604
    for more details, but 0x000000AA for 32-bit pointers) likely to cause
    crashes when uninitialized value is used;
  zero (it's still debated whether this flag makes it to the official
    Clang release) - uninitialized locals are filled with zeroes;
  uninitialized (default) - uninitialized locals are left intact.

This patch uses only the "pattern" mode when CONFIG_INIT_STACK_ALL is
enabled.

Developers have the possibility to opt-out of this feature on a
per-variable basis by using __attribute__((uninitialized)), but such
use should be well justified in comments.

The Android 4.14 backport drops CC_HAS_AUTO_VAR_INIT, because Kconfig
is too old to support compiler feature checks.

Change-Id: I8e990ac3f299be9f6658a881a0518290cdda1157
Co-developed-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Alexander Potapenko <glider@google.com>
Acked-by: Masahiro Yamada <yamada.masahiro@socionext.com>
(cherry picked from commit 709a972efb01efaeb97cad1adc87fe400119c8ab)
Bug: 133428616
Signed-off-by: Alexander Potapenko <glider@google.com>
 2019-06-19 16:21:15 +02:00
Kees Cook
359b9ad4e3 BACKPORT: security: Create "kernel hardening" config area 
Right now kernel hardening options are scattered around various Kconfig
files. This can be a central place to collect these kinds of options
going forward. This is initially populated with the memory initialization
options from the gcc-plugins.

The Android backport only adds INIT_STACK_NONE, as GCC plugins are
unavailable in the Android 4.14 tree.

Change-Id: I55d317a1b90a980cb9eb79645e0661881b81b335
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Masahiro Yamada <yamada.masahiro@socionext.com>
(cherry picked from commit 9f671e58159adea641f76c56d1f0bbdcb3c524ff)
Bug: 133428616
Signed-off-by: Alexander Potapenko <glider@google.com>
 2019-06-19 16:21:12 +02:00
Kees Cook
dfb686cea7 BACKPORT: security: Implement Clang's stack initialization 
CONFIG_INIT_STACK_ALL turns on stack initialization based on
-ftrivial-auto-var-init in Clang builds, which has greater coverage
than CONFIG_GCC_PLUGINS_STRUCTLEAK_BYREF_ALL.

-ftrivial-auto-var-init Clang option provides trivial initializers for
uninitialized local variables, variable fields and padding.

It has three possible values:
  pattern - uninitialized locals are filled with a fixed pattern
    (mostly 0xAA on 64-bit platforms, see https://reviews.llvm.org/D54604
    for more details, but 0x000000AA for 32-bit pointers) likely to cause
    crashes when uninitialized value is used;
  zero (it's still debated whether this flag makes it to the official
    Clang release) - uninitialized locals are filled with zeroes;
  uninitialized (default) - uninitialized locals are left intact.

This patch uses only the "pattern" mode when CONFIG_INIT_STACK_ALL is
enabled.

Developers have the possibility to opt-out of this feature on a
per-variable basis by using __attribute__((uninitialized)), but such
use should be well justified in comments.

The Android 4.14 backport drops CC_HAS_AUTO_VAR_INIT, because Kconfig
is too old to support compiler feature checks.

Change-Id: I9dca079dd015d3cea0446bbdb916e04f4199c626
Co-developed-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Tested-by: Alexander Potapenko <glider@google.com>
Acked-by: Masahiro Yamada <yamada.masahiro@socionext.com>
(cherry picked from commit 709a972efb01efaeb97cad1adc87fe400119c8ab)
Bug: 133428616
Signed-off-by: Alexander Potapenko <glider@google.com>
 2019-06-17 19:25:39 +00:00