mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
2152 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
818299f6bd |
This is the 4.14.56 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAltNuVYACgkQONu9yGCS aT7kTA/+MRHC5oFvdnhSsF6jAHsY9rgJNQXPtZCFhZnHhhYHtubQ2OJOmSZ7IfM0 9yhz/7vijC9+tLufXQxQnu2UUL3ojNu1+l+q9s0U1GUzNiONlJ9q/CyB4xjXFRCS 1RdiDZaQbIqUCYs38UCTsEJF65uKjzQ6dpF21XdIXp5FPxgiZawo4HpjQRJswbAl Du97ybMEPN3XnAn207GjZwy58ubRLF5HDG1sqNGfjVWJ7oMTi+QJOCvY3PJtU3j2 unS0qjxLU432rOyDfaJK7Yj9s61zu0PurbJrHo+dw3O3hd/Og7soqoqohUEjZWXd z7jjrntXZOZ/0st2yHmygfAPUJm/8jsh7Pd39Jgyfeu/3Clo51gO494rwATQsyE5 mwIdllyzyMNBEJI2F2fxE60WlFsbTjeBOX3BaOwnF8pGRJWsCAfbFknRbuKh1fO5 czFbUSOi00POw4WHT1rxV9u0yDBXmP47fy9zHquOim+PfK8pFvWuf6GSFjvqRTv8 20w1w7eixMi09ZXOkgTJ3S00MKHSpxoaenI3n2NcEVVRgDEVfh3C/zelvvfCDMHD i36DN39Sj41PNA/R4n0TIA4W+ab9qBVzQl16yaj9JURR2rA92GyMVC1+Xjqo1Py3 GRFOf2Gprlm0/vfkiRsMu9coAJuKV6+8fHXQU4mzHulKUaDWuJ0= =/wBU -----END PGP SIGNATURE----- Merge 4.14.56 into android-4.14 Changes in 4.14.56 media: rc: mce_kbd decoder: fix stuck keys ASoC: mediatek: preallocate pages use platform device MIPS: Call dump_stack() from show_regs() MIPS: Use async IPIs for arch_trigger_cpumask_backtrace() MIPS: Fix ioremap() RAM check mmc: sdhci-esdhc-imx: allow 1.8V modes without 100/200MHz pinctrl states mmc: dw_mmc: fix card threshold control configuration ibmasm: don't write out of bounds in read handler staging: rtl8723bs: Prevent an underflow in rtw_check_beacon_data(). staging: r8822be: Fix RTL8822be can't find any wireless AP ata: Fix ZBC_OUT command block check ata: Fix ZBC_OUT all bit handling vmw_balloon: fix inflation with batching ahci: Disable LPM on Lenovo 50 series laptops with a too old BIOS USB: serial: ch341: fix type promotion bug in ch341_control_in() USB: serial: cp210x: add another USB ID for Qivicon ZigBee stick USB: serial: keyspan_pda: fix modem-status error handling USB: yurex: fix out-of-bounds uaccess in read handler USB: serial: mos7840: fix status-register error handling usb: quirks: add delay quirks for Corsair Strafe xhci: xhci-mem: off by one in xhci_stream_id_to_ring() devpts: hoist out check for DEVPTS_SUPER_MAGIC devpts: resolve devpts bind-mounts Fix up non-directory creation in SGID directories genirq/affinity: assign vectors to all possible CPUs scsi: megaraid_sas: use adapter_type for all gen controllers scsi: megaraid_sas: replace instance->ctrl_context checks with instance->adapter_type scsi: megaraid_sas: replace is_ventura with adapter_type checks scsi: megaraid_sas: Create separate functions to allocate ctrl memory scsi: megaraid_sas: fix selection of reply queue ALSA: hda/realtek - two more lenovo models need fixup of MIC_LOCATION ALSA: hda - Handle pm failure during hotplug mm: do not drop unused pages when userfaultd is running fs/proc/task_mmu.c: fix Locked field in /proc/pid/smaps* fs, elf: make sure to page align bss in load_elf_library mm: do not bug_on on incorrect length in __mm_populate() tracing: Reorder display of TGID to be after PID kbuild: delete INSTALL_FW_PATH from kbuild documentation arm64: neon: Fix function may_use_simd() return error status tools build: fix # escaping in .cmd files for future Make IB/hfi1: Fix incorrect mixing of ERR_PTR and NULL return values i2c: tegra: Fix NACK error handling iw_cxgb4: correctly enforce the max reg_mr depth xen: setup pv irq ops vector earlier nvme-pci: Remap CMB SQ entries on every controller reset crypto: x86/salsa20 - remove x86 salsa20 implementations uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn() netfilter: nf_queue: augment nfqa_cfg_policy netfilter: x_tables: initialise match/target check parameter struct loop: add recursion validation to LOOP_CHANGE_FD PM / hibernate: Fix oops at snapshot_write() RDMA/ucm: Mark UCM interface as BROKEN loop: remember whether sysfs_create_group() was done f2fs: give message and set need_fsck given broken node id Linux 4.14.56 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Eric Biggers
|
19f39eff68 |
crypto: x86/salsa20 - remove x86 salsa20 implementations
commit b7b73cd5d74694ed59abcdb4974dacb4ff8b2a2a upstream. The x86 assembly implementations of Salsa20 use the frame base pointer register (%ebp or %rbp), which breaks frame pointer convention and breaks stack traces when unwinding from an interrupt in the crypto code. Recent (v4.10+) kernels will warn about this, e.g. WARNING: kernel stack regs at 00000000a8291e69 in syzkaller047086:4677 has bad 'bp' value 000000001077994c [...] But after looking into it, I believe there's very little reason to still retain the x86 Salsa20 code. First, these are *not* vectorized (SSE2/SSSE3/AVX2) implementations, which would be needed to get anywhere close to the best Salsa20 performance on any remotely modern x86 processor; they're just regular x86 assembly. Second, it's still unclear that anyone is actually using the kernel's Salsa20 at all, especially given that now ChaCha20 is supported too, and with much more efficient SSSE3 and AVX2 implementations. Finally, in benchmarks I did on both Intel and AMD processors with both gcc 8.1.0 and gcc 4.9.4, the x86_64 salsa20-asm is actually slightly *slower* than salsa20-generic (~3% slower on Skylake, ~10% slower on Zen), while the i686 salsa20-asm is only slightly faster than salsa20-generic (~15% faster on Skylake, ~20% faster on Zen). The gcc version made little difference. So, the x86_64 salsa20-asm is pretty clearly useless. That leaves just the i686 salsa20-asm, which based on my tests provides a 15-20% speed boost. But that's without updating the code to not use %ebp. And given the maintenance cost, the small speed difference vs. salsa20-generic, the fact that few people still use i686 kernels, the doubt that anyone is even using the kernel's Salsa20 at all, and the fact that a SSE2 implementation would almost certainly be much faster on any remotely modern x86 processor yet no one has cared enough to add one yet, I don't think it's worthwhile to keep. Thus, just remove both the x86_64 and i686 salsa20-asm implementations. Reported-by: syzbot+ffa3a158337bbc01ff09@syzkaller.appspotmail.com Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
57c28741d0 |
This is the 4.14.53 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAls7QPEACgkQONu9yGCS
aT5Zuw//UYR0Hahnjiv61N2NCo5cH+uSOc0XjR/a8iTBHVa5lN459dmrKVUDJKyS
JrIJjwsaUL5H/VHN/XrdRUQMqo38osQ395t+sVCzVaouaJ0nYlEaxVexI0E87mpk
zsd7qF0HfgGxOEEVfCcxlwKDzgstSNMP3KWprTZZ/5V04NjPlOXPsNOnKj6PWKTI
4XCp7OrVQhL5zFQKm0kPok9CHrunjjYpF0pgftKblhdB/RPi0E/XbpLrW5hDxOvY
MxnzKWKHsbEzV6PJKFNmEvFc4D3/Dm3mDG9aI7fL4FbnSBxkxKrzkAX8HP163Lc1
cNiwhqo4v2IsfVvuJcV9+toVsg+UHcmPETd02hfhIBnN7lCo56+IBoo2FTsV9BRy
AIWtwzpBj52j0gXTHhORYRhQqa6Jd/N7+9Aay40avWs8NI1tokOGfgifLoJlbXqE
spfMZdK1ihiUNav2PmY7WklPlN4OeGGcMKvt0bJ4IY2nprI/oeKEUvAkwC5CVRo+
w/Qvgp94vJDALWRA7e0dUR2cQMN0Y9ELLCy08KgdzRDTUY5f0xVw9Qz0Swx1Zxgk
DwD+nxscEzr4n0wKtcLkkt2wu9sS/eUeAAHKFqNKRtHQvgqx0oymgow35pw4XHjt
04sXUemWUXzR73T55HC960vWBrpu67HbNAyGqlCbiATX63euEDY=
=YCfp
-----END PGP SIGNATURE-----
Merge 4.14.53 into android-4.14
Changes in 4.14.53
x86/spectre_v1: Disable compiler optimizations over array_index_mask_nospec()
x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths
x86/mce: Improve error message when kernel cannot recover
x86/mce: Check for alternate indication of machine check recovery on Skylake
x86/mce: Fix incorrect "Machine check from unknown source" message
x86/mce: Do not overwrite MCi_STATUS in mce_no_way_out()
x86: Call fixup_exception() before notify_die() in math_error()
m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap()
m68k/mac: Fix SWIM memory resource end address
serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version
signal/xtensa: Consistenly use SIGBUS in do_unaligned_user
PM / Domains: Fix error path during attach in genpd
PM / core: Fix supplier device runtime PM usage counter imbalance
PM / OPP: Update voltage in case freq == old_freq
usb: do not reset if a low-speed or full-speed device timed out
1wire: family module autoload fails because of upper/lower case mismatch.
ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it
ASoC: cs35l35: Add use_single_rw to regmap config
ASoC: cirrus: i2s: Fix LRCLK configuration
ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup
thermal: bcm2835: Stop using printk format %pCr
clk: renesas: cpg-mssr: Stop using printk format %pCr
lib/vsprintf: Remove atomic-unsafe support for %pCr
ftrace/selftest: Have the reset_trigger code be a bit more careful
mips: ftrace: fix static function graph tracing
branch-check: fix long->int truncation when profiling branches
ipmi:bt: Set the timeout before doing a capabilities check
Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader
printk: fix possible reuse of va_list variable
fuse: fix congested state leak on aborted connections
fuse: atomic_o_trunc should truncate pagecache
fuse: don't keep dead fuse_conn at fuse_fill_super().
fuse: fix control dir setup and teardown
powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch
powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG
powerpc/perf: Fix memory allocation for core-imc based on num_possible_cpus()
powerpc/ptrace: Fix enforcement of DAWR constraints
powerpc/powernv/ioda2: Remove redundant free of TCE pages
powerpc/powernv: copy/paste - Mask SO bit in CR
powerpc/powernv/cpuidle: Init all present cpus for deep states
cpuidle: powernv: Fix promotion from snooze if next state disabled
powerpc/fadump: Unregister fadump on kexec down path.
soc: rockchip: power-domain: Fix wrong value when power up pd with writemask
cxl: Disable prefault_mode in Radix mode
ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size
ARM: dts: Fix SPI node for Arria10
ARM: dts: socfpga: Fix NAND controller node compatible
ARM: dts: socfpga: Fix NAND controller clock supply
ARM: dts: socfpga: Fix NAND controller node compatible for Arria10
arm64: Fix syscall restarting around signal suppressed by tracer
arm64: kpti: Use early_param for kpti= command-line option
arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache maintenance
ARM64: dts: meson: disable sd-uhs modes on the libretech-cc
of: overlay: validate offset from property fixups
of: unittest: for strings, account for trailing \0 in property length field
of: platform: stop accessing invalid dev in of_platform_device_destroy
tpm: fix use after free in tpm2_load_context()
tpm: fix race condition in tpm_common_write()
IB/qib: Fix DMA api warning with debug kernel
IB/{hfi1, qib}: Add handling of kernel restart
IB/mlx4: Mark user MR as writable if actual virtual memory is writable
IB/core: Make testing MR flags for writability a static inline function
IB/mlx5: Fetch soft WQE's on fatal error state
IB/isert: Fix for lib/dma_debug check_sync warning
IB/isert: fix T10-pi check mask setting
IB/hfi1: Fix fault injection init/exit issues
IB/hfi1: Reorder incorrect send context disable
IB/hfi1: Optimize kthread pointer locking when queuing CQ entries
IB/hfi1: Fix user context tail allocation for DMA_RTAIL
RDMA/mlx4: Discard unknown SQP work requests
xprtrdma: Return -ENOBUFS when no pages are available
mtd: cfi_cmdset_0002: Change write buffer to check correct value
mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()
mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips
mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary
mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking.
MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum
PCI: hv: Make sure the bus domain is really unique
PCI: Add ACS quirk for Intel 7th & 8th Gen mobile
PCI: Add ACS quirk for Intel 300 series
PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume
auxdisplay: fix broken menu
pinctrl: samsung: Correct EINTG banks order
pinctrl: devicetree: Fix pctldev pointer overwrite
cpufreq: intel_pstate: Fix scaling max/min limits with Turbo 3.0
MIPS: io: Add barrier after register read in inX()
time: Make sure jiffies_to_msecs() preserves non-zero time periods
irqchip/gic-v3-its: Don't bind LPI to unavailable NUMA node
X.509: unpack RSA signatureValue field from BIT STRING
Btrfs: fix return value on rename exchange failure
iio: adc: ad7791: remove sample freq sysfs attributes
iio: sca3000: Fix an error handling path in 'sca3000_probe()'
mm: fix __gup_device_huge vs unmap
scsi: hpsa: disable device during shutdown
scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails
scsi: qla2xxx: Mask off Scope bits in retry delay
scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler
scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF
scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return
scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED
scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED
scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread
linvdimm, pmem: Preserve read-only setting for pmem devices
clk: at91: PLL recalc_rate() now using cached MUL and DIV values
rtc: sun6i: Fix bit_idx value for clk_register_gate
md: fix two problems with setting the "re-add" device state.
rpmsg: smd: do not use mananged resources for endpoints and channels
ubi: fastmap: Cancel work upon detach
ubi: fastmap: Correctly handle interrupted erasures in EBA
UBIFS: Fix potential integer overflow in allocation
backlight: as3711_bl: Fix Device Tree node lookup
backlight: max8925_bl: Fix Device Tree node lookup
backlight: tps65217_bl: Fix Device Tree node lookup
mfd: intel-lpss: Program REMAP register in PIO mode
mfd: intel-lpss: Fix Intel Cannon Lake LPSS I2C input clock
arm: dts: mt7623: fix invalid memory node being generated
perf tools: Fix symbol and object code resolution for vdso32 and vdsox32
perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING
perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP
perf intel-pt: Fix MTC timing after overflow
perf intel-pt: Fix "Unexpected indirect branch" error
perf intel-pt: Fix packet decoding of CYC packets
perf vendor events: Add Goldmont Plus V1 event file
perf/x86/intel/uncore: Add event constraint for BDX PCU
media: vsp1: Release buffers for each video node
media: v4l2-compat-ioctl32: prevent go past max size
media: cx231xx: Add support for AverMedia DVD EZMaker 7
media: dvb_frontend: fix locking issues at dvb_frontend_get_event()
nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir
NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message
NFSv4: Revert commit 5f83d86cf531d ("NFSv4.x: Fix wraparound issues..")
NFSv4: Fix a typo in nfs41_sequence_process
video: uvesafb: Fix integer overflow in allocation
ACPI / LPSS: Add missing prv_offset setting for byt/cht PWM devices
Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID
pwm: lpss: platform: Save/restore the ctrl register over a suspend/resume
rbd: flush rbd_dev->watch_dwork after watch is unregistered
mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm()
mm: fix devmem_is_allowed() for sub-page System RAM intersections
xen: Remove unnecessary BUG_ON from __unbind_from_irq()
udf: Detect incorrect directory size
Input: xpad - fix GPD Win 2 controller name
Input: elan_i2c_smbus - fix more potential stack buffer overflows
Input: elantech - enable middle button of touchpads on ThinkPad P52
Input: elantech - fix V4 report decoding for module with middle key
ALSA: timer: Fix UBSAN warning at SNDRV_TIMER_IOCTL_NEXT_DEVICE ioctl
ALSA: hda/realtek - Fix pop noise on Lenovo P50 & co
ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210
ALSA: hda/realtek - Fix the problem of two front mics on more machines
slub: fix failure when we delete and create a slab cache
block: Fix transfer when chunk sectors exceeds max
block: Fix cloning of requests with a special payload
x86/efi: Fix efi_call_phys_epilog() with CONFIG_X86_5LEVEL=y
dm zoned: avoid triggering reclaim from inside dmz_map()
dm thin: handle running out of data space vs concurrent discard
xhci: Fix use-after-free in xhci_free_virt_device
Linux 4.14.53
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Maciej S. Szmigiero
|
af20e4eccc |
X.509: unpack RSA signatureValue field from BIT STRING
commit b65c32ec5a942ab3ada93a048089a938918aba7f upstream.
The signatureValue field of a X.509 certificate is encoded as a BIT STRING.
For RSA signatures this BIT STRING is of so-called primitive subtype, which
contains a u8 prefix indicating a count of unused bits in the encoding.
We have to strip this prefix from signature data, just as we already do for
key data in x509_extract_key_data() function.
This wasn't noticed earlier because this prefix byte is zero for RSA key
sizes divisible by 8. Since BIT STRING is a big-endian encoding adding zero
prefixes has no bearing on its value.
The signature length, however was incorrect, which is a problem for RSA
implementations that need it to be exactly correct (like AMD CCP).
Signed-off-by: Maciej S. Szmigiero <mail@maciej.szmigiero.name>
Fixes: c26fd69fa009 ("X.509: Add a crypto key parser for binary (DER) X.509 certificates")
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
503f6fecb8 |
This is the 4.14.45 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlsOPCoACgkQONu9yGCS aT4vYBAAoESFP3oUtpyrPQU2yWQx7sRq/Dd8WyNlHlq2nRU8Y42ynB8TdRpAIces 3aP7vPwFLaK4H0SZt4oA+NialRMhC/bN6BmKaoTUXq2nmE2XzDkcPDu0zHnqQt9C vc5wa2hd+H95wj9cdkkPwdlmgVhHztowJ3uqqNaPql2MVjDLKxziNVMv7lAIGPk3 TycD9SihGAEKFjI2WIXaX6hm+3gGRnuK2ovlqnlF24dLRFiGIBL+fUp5ZGoxVlRP W260tQnTv/TvWUJ7V3x6rZ04kgV7LcaZrwSyN7GLJmhoi9Bw0BmL1N3cEAfEZdy2 YoGqDemLW9bEiHBhFuPOcFr7tyAz8EsVH4/KUwkIMgWNbV8DmTKT2nbfzG9ju6Hb q9q3OJyLPBamGxTuiXUspRhQJrVrMX6sahHQDj5786AVgBDoGVFw1d+v9kJCoSAv lnA7qTbCFeq288dJ3sU7OZhmApC1oMPjMjmfVWwuQKBz81xqsquAjQRkBY3Odw+j yreZ9PS2Krk3bpf9QoDf/NGM+zpFyyy3xbrHpMkIEv48VGYrpe0nP6TZRfEgF65L 036uZCPzpH+vFdyjMPWUPPXGZCD7q6DGk+wKit2eMFKOXB477yKA2+qAWs0GAeKo g7N0Rql7YZQK+Zu+1YvtfqF4WUBBP0uAb7FSuyVKVIzI3LfPCQk= =m2qv -----END PGP SIGNATURE----- Merge 4.14.45 into android-4.14 Changes in 4.14.45 MIPS: c-r4k: Fix data corruption related to cache coherence MIPS: ptrace: Expose FIR register through FP regset MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" affs_lookup(): close a race with affs_remove_link() fs: don't scan the inode cache before SB_BORN is set aio: fix io_destroy(2) vs. lookup_ioctx() race ALSA: timer: Fix pause event notification do d_instantiate/unlock_new_inode combinations safely mmc: sdhci-iproc: remove hard coded mmc cap 1.8v mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register mmc: sdhci-iproc: add SDHCI_QUIRK2_HOST_OFF_CARD_ON for cygnus libata: Blacklist some Sandisk SSDs for NCQ libata: blacklist Micron 500IT SSD with MU01 firmware xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent drm/vmwgfx: Fix 32-bit VMW_PORT_HB_[IN|OUT] macros arm64: lse: Add early clobbers to some input/output asm operands powerpc/64s: Clear PCR on boot IB/hfi1: Use after free race condition in send context error path IB/umem: Use the correct mm during ib_umem_release sr: pass down correctly sized SCSI sense buffer idr: fix invalid ptr dereference on item delete Revert "ipc/shm: Fix shmat mmap nil-page protection" ipc/shm: fix shmat() nil address after round-down when remapping mm/kasan: don't vfree() nonexistent vm_area kasan: free allocated shadow memory on MEM_CANCEL_ONLINE kasan: fix memory hotplug during boot kernel/sys.c: fix potential Spectre v1 issue KVM/VMX: Expose SSBD properly to guests KVM: s390: vsie: fix < 8k check for the itdba KVM: x86: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed kvm: x86: IA32_ARCH_CAPABILITIES is always supported x86/kvm: fix LAPIC timer drift when guest uses periodic mode powerpc/64s: Improve RFI L1-D cache flush fallback powerpc/pseries: Support firmware disable of RFI flush powerpc/powernv: Support firmware disable of RFI flush powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code powerpc/rfi-flush: Make it possible to call setup_rfi_flush() again powerpc/rfi-flush: Always enable fallback flush on pseries powerpc/rfi-flush: Differentiate enabled and patched flush types powerpc/rfi-flush: Call setup_rfi_flush() after LPM migration powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags powerpc: Add security feature flags for Spectre/Meltdown powerpc/pseries: Set or clear security feature flags powerpc/powernv: Set or clear security feature flags powerpc/64s: Move cpu_show_meltdown() powerpc/64s: Enhance the information in cpu_show_meltdown() powerpc/powernv: Use the security flags in pnv_setup_rfi_flush() powerpc/pseries: Use the security flags in pseries_setup_rfi_flush() powerpc/64s: Wire up cpu_show_spectre_v1() powerpc/64s: Wire up cpu_show_spectre_v2() powerpc/pseries: Fix clearing of security feature flags powerpc: Move default security feature flags powerpc/pseries: Restore default security feature flags on setup powerpc/64s: Fix section mismatch warnings from setup_rfi_flush() powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit MIPS: generic: Fix machine compatible matching mac80211: mesh: fix wrong mesh TTL offset calculation ARC: Fix malformed ARC_EMUL_UNALIGNED default ptr_ring: prevent integer overflow when calculating size arm64: dts: rockchip: fix rock64 gmac2io stability issues arm64: dts: rockchip: correct ep-gpios for rk3399-sapphire libata: Fix compile warning with ATA_DEBUG enabled selftests: sync: missing CFLAGS while compiling selftest/vDSO: fix O= selftests: pstore: Adding config fragment CONFIG_PSTORE_RAM=m selftests: memfd: add config fragment for fuse ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt ARM: OMAP3: Fix prm wake interrupt for resume ARM: OMAP2+: Fix sar_base inititalization for HS omaps ARM: OMAP1: clock: Fix debugfs_create_*() usage ibmvnic: Wait until reset is complete to set carrier on ibmvnic: Free RX socket buffer in case of adapter error ibmvnic: Clean RX pool buffers during device close tls: retrun the correct IV in getsockopt xhci: workaround for AMD Promontory disabled ports wakeup IB/uverbs: Fix method merging in uverbs_ioctl_merge IB/uverbs: Fix possible oops with duplicate ioctl attributes IB/uverbs: Fix unbalanced unlock on error path for rdma_explicit_destroy arm64: dts: rockchip: Fix DWMMC clocks ARM: dts: rockchip: Fix DWMMC clocks iwlwifi: mvm: fix security bug in PN checking iwlwifi: mvm: fix IBSS for devices that support station type API iwlwifi: mvm: always init rs with 20mhz bandwidth rates NFC: llcp: Limit size of SDP URI rxrpc: Work around usercopy check MD: Free bioset when md_run fails md: fix md_write_start() deadlock w/o metadata devices s390/dasd: fix handling of internal requests xfrm: do not call rcu_read_unlock when afinfo is NULL in xfrm_get_tos mac80211: round IEEE80211_TX_STATUS_HEADROOM up to multiple of 4 mac80211: fix a possible leak of station stats mac80211: fix calling sleeping function in atomic context cfg80211: clear wep keys after disconnection mac80211: Do not disconnect on invalid operating class mac80211: Fix sending ADDBA response for an ongoing session gpu: ipu-v3: pre: fix device node leak in ipu_pre_lookup_by_phandle gpu: ipu-v3: prg: fix device node leak in ipu_prg_lookup_by_phandle md raid10: fix NULL deference in handle_write_completed() drm/exynos: g2d: use monotonic timestamps drm/exynos: fix comparison to bitshift when dealing with a mask drm/meson: fix vsync buffer update arm64: perf: correct PMUVer probing RDMA/bnxt_re: Unpin SQ and RQ memory if QP create fails RDMA/bnxt_re: Fix system crash during load/unload ibmvnic: Check for NULL skb's in NAPI poll routine net/mlx5e: Return error if prio is specified when offloading eswitch vlan push locking/xchg/alpha: Add unconditional memory barrier to cmpxchg() md: raid5: avoid string overflow warning virtio_net: fix XDP code path in receive_small() kernel/relay.c: limit kmalloc size to KMALLOC_MAX_SIZE bug.h: work around GCC PR82365 in BUG() selftests/memfd: add run_fuse_test.sh to TEST_FILES seccomp: add a selftest for get_metadata soc: imx: gpc: de-register power domains only if initialized powerpc/bpf/jit: Fix 32-bit JIT for seccomp_data access s390/cio: fix ccw_device_start_timeout API s390/cio: fix return code after missing interrupt s390/cio: clear timer when terminating driver I/O selftests/bpf/test_maps: exit child process without error in ENOMEM case PKCS#7: fix direct verification of SignerInfo signature arm64: dts: cavium: fix PCI bus dtc warnings nfs: system crashes after NFS4ERR_MOVED recovery ARM: OMAP: Fix dmtimer init for omap1 smsc75xx: fix smsc75xx_set_features() regulatory: add NUL to request alpha2 integrity/security: fix digsig.c build error with header file x86/intel_rdt: Fix incorrect returned value when creating rdgroup sub-directory in resctrl file system locking/xchg/alpha: Fix xchg() and cmpxchg() memory ordering bugs x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations mac80211: drop frames with unexpected DS bits from fast-rx to slow path arm64: fix unwind_frame() for filtered out fn for function graph tracing macvlan: fix use-after-free in macvlan_common_newlink() KVM: nVMX: Don't halt vcpu when L1 is injecting events to L2 kvm: fix warning for CONFIG_HAVE_KVM_EVENTFD builds ARM: dts: imx6dl: Include correct dtsi file for Engicam i.CoreM6 DualLite/Solo RQS fs: dcache: Avoid livelock between d_alloc_parallel and __d_add fs: dcache: Use READ_ONCE when accessing i_dir_seq md: fix a potential deadlock of raid5/raid10 reshape md/raid1: fix NULL pointer dereference batman-adv: fix packet checksum in receive path batman-adv: invalidate checksum on fragment reassembly netfilter: ipt_CLUSTERIP: put config struct if we can't increment ct refcount netfilter: ipt_CLUSTERIP: put config instead of freeing it netfilter: ebtables: convert BUG_ONs to WARN_ONs batman-adv: Ignore invalid batadv_iv_gw during netlink send batman-adv: Ignore invalid batadv_v_gw during netlink send batman-adv: Fix netlink dumping of BLA claims batman-adv: Fix netlink dumping of BLA backbones nvme-pci: Fix nvme queue cleanup if IRQ setup fails clocksource/drivers/fsl_ftm_timer: Fix error return checking libceph, ceph: avoid memory leak when specifying same option several times ceph: fix dentry leak when failing to init debugfs xen/pvcalls: fix null pointer dereference on map->sock ARM: orion5x: Revert commit 4904dbda41c8. qrtr: add MODULE_ALIAS macro to smd selftests/futex: Fix line continuation in Makefile r8152: fix tx packets accounting virtio-gpu: fix ioctl and expose the fixed status to userspace. dmaengine: rcar-dmac: fix max_chunk_size for R-Car Gen3 bcache: fix kcrashes with fio in RAID5 backend dev ip_gre: fix IFLA_MTU ignored on NEWLINK ip6_tunnel: fix IFLA_MTU ignored on NEWLINK sit: fix IFLA_MTU ignored on NEWLINK nbd: fix return value in error handling path ARM: dts: NSP: Fix amount of RAM on BCM958625HR ARM: dts: bcm283x: Fix unit address of local_intc powerpc/boot: Fix random libfdt related build errors clocksource/drivers/mips-gic-timer: Use correct shift count to extract data gianfar: Fix Rx byte accounting for ndev stats net/tcp/illinois: replace broken algorithm reference link nvmet: fix PSDT field check in command format net/smc: use link_id of server in confirm link reply mlxsw: core: Fix flex keys scratchpad offset conflict mlxsw: spectrum: Treat IPv6 unregistered multicast as broadcast spectrum: Reference count VLAN entries ARC: mcip: halt GFRC counter when ARC cores halt ARC: mcip: update MCIP debug mask when the new cpu came online ARC: setup cpu possible mask according to possible-cpus dts property ipvs: remove IPS_NAT_MASK check to fix passive FTP IB/mlx: Set slid to zero in Ethernet completion struct RDMA/bnxt_re: Unconditionly fence non wire memory operations RDMA/bnxt_re: Fix incorrect DB offset calculation RDMA/bnxt_re: Fix the ib_reg failure cleanup xen/pirq: fix error path cleanup when binding MSIs drm/amd/amdgpu: Correct VRAM width for APUs with GMC9 xfrm: Fix ESN sequence number handling for IPsec GSO packets. arm64: dts: rockchip: Fix rk3399-gru-* s2r (pinctrl hogs, wifi reset) drm/sun4i: Fix dclk_set_phase btrfs: use kvzalloc to allocate btrfs_fs_info Btrfs: send, fix issuing write op when processing hole in no data mode Btrfs: fix log replay failure after linking special file and fsync ceph: fix potential memory leak in init_caches() block: display the correct diskname for bio nvme-pci: Fix EEH failure on ppc nvme: pci: pass max vectors as num_possible_cpus() to pci_alloc_irq_vectors selftests/powerpc: Skip the subpage_prot tests if the syscall is unavailable net: ethtool: don't ignore return from driver get_fecparam method iwlwifi: mvm: fix TX of CCMP 256 iwlwifi: mvm: Fix channel switch for count 0 and 1 iwlwifi: mvm: fix assert 0x2B00 on older FWs iwlwifi: avoid collecting firmware dump if not loaded iwlwifi: mvm: fix "failed to remove key" message iwlwifi: mvm: Direct multicast frames to the correct station iwlwifi: mvm: Correctly set the tid for mcast queue rds: Incorrect reference counting in TCP socket creation watchdog: f71808e_wdt: Fix magic close handling watchdog: sbsa: use 32-bit read for WCV batman-adv: Fix multicast packet loss with a single WANT_ALL_IPV4/6 flag hv_netvsc: use napi_schedule_irqoff hv_netvsc: filter multicast/broadcast hv_netvsc: propagate rx filters to VF ARM: dts: rockchip: Add missing #sound-dai-cells on rk3288 perf record: Fix crash in pipe mode e1000e: Fix check_for_link return value with autoneg off e1000e: allocate ring descriptors with dma_zalloc_coherent ia64/err-inject: Use get_user_pages_fast() RDMA/qedr: Fix kernel panic when running fio over NFSoRDMA RDMA/qedr: Fix iWARP write and send with immediate IB/mlx4: Fix corruption of RoCEv2 IPv4 GIDs IB/mlx4: Include GID type when deleting GIDs from HW table under RoCE IB/mlx5: Fix an error code in __mlx5_ib_modify_qp() fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper(). fsl/fman: avoid sleeping in atomic context while adding an address qed: Free RoCE ILT Memory on rmmod qedr net: qcom/emac: Use proper free methods during TX net: smsc911x: Fix unload crash when link is up IB/core: Fix possible crash to access NULL netdev cxgb4: do not set needs_free_netdev for mgmt dev's xen-blkfront: move negotiate_mq to cover all cases of new VBDs xen: xenbus: use put_device() instead of kfree() hv_netvsc: fix filter flags hv_netvsc: fix locking for rx_mode hv_netvsc: fix locking during VF setup ARM: davinci: fix the GPIO lookup for omapl138-hawk arm64: Relax ARM_SMCCC_ARCH_WORKAROUND_1 discovery selftests/vm/run_vmtests: adjust hugetlb size according to nr_cpus lib/test_kmod.c: fix limit check on number of test devices created dmaengine: mv_xor_v2: Fix clock resource by adding a register clock netfilter: ebtables: fix erroneous reject of last rule can: m_can: change comparison to bitshift when dealing with a mask can: m_can: select pinctrl state in each suspend/resume function bnxt_en: Check valid VNIC ID in bnxt_hwrm_vnic_set_tpa(). workqueue: use put_device() instead of kfree() ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu sunvnet: does not support GSO for sctp KVM: arm/arm64: vgic: Add missing irq_lock to vgic_mmio_read_pending gpu: ipu-v3: prg: avoid possible array underflow drm/imx: move arming of the vblank event to atomic_flush drm/nouveau/bl: fix backlight regression xfrm: fix rcu_read_unlock usage in xfrm_local_error iwlwifi: mvm: set the correct tid when we flush the MCAST sta iwlwifi: mvm: Correctly set IGTK for AP iwlwifi: mvm: fix error checking for multi/broadcast sta net: Fix vlan untag for bridge and vlan_dev with reorder_hdr off vlan: Fix out of order vlan headers with reorder header off batman-adv: fix header size check in batadv_dbg_arp() net/sched: fix NULL dereference in the error path of tcf_sample_init() batman-adv: Fix skbuff rcsum on packet reroute vti4: Don't count header length twice on tunnel setup ip_tunnel: Clamp MTU to bounds on new link vti4: Don't override MTU passed on link creation via IFLA_MTU vti6: Fix dev->max_mtu setting iwlwifi: mvm: Increase session protection time after CS iwlwifi: mvm: clear tx queue id when unreserving aggregation queue iwlwifi: mvm: make sure internal station has a valid id iwlwifi: mvm: fix array out of bounds reference drm/tegra: Shutdown on driver unbind perf/cgroup: Fix child event counting bug brcmfmac: Fix check for ISO3166 code kbuild: make scripts/adjust_autoksyms.sh robust against timestamp races RDMA/ucma: Correct option size check using optlen RDMA/qedr: fix QP's ack timeout configuration RDMA/qedr: Fix rc initialization on CNQ allocation failure RDMA/qedr: Fix QP state initialization race net/sched: fix idr leak on the error path of tcf_bpf_init() net/sched: fix idr leak in the error path of tcf_simp_init() net/sched: fix idr leak in the error path of tcf_act_police_init() net/sched: fix idr leak in the error path of tcp_pedit_init() net/sched: fix idr leak in the error path of __tcf_ipt_init() net/sched: fix idr leak in the error path of tcf_skbmod_init() net: dsa: Fix functional dsa-loop dependency on FIXED_PHY drm/ast: Fixed 1280x800 Display Issue mm/mempolicy.c: avoid use uninitialized preferred_node mm, thp: do not cause memcg oom for thp xfrm: Fix transport mode skb control buffer usage. selftests: ftrace: Add probe event argument syntax testcase selftests: ftrace: Add a testcase for string type with kprobe_event selftests: ftrace: Add a testcase for probepoint drm/amdkfd: Fix scratch memory with HWS enabled batman-adv: fix multicast-via-unicast transmission with AP isolation batman-adv: fix packet loss for broadcasted DHCP packets to a server ARM: 8748/1: mm: Define vdso_start, vdso_end as array lan78xx: Set ASD in MAC_CR when EEE is enabled. net: qmi_wwan: add BroadMobi BM806U 2020:2033 bonding: fix the err path for dev hwaddr sync in bond_enslave net: dsa: mt7530: fix module autoloading for OF platform drivers net/mlx5: Make eswitch support to depend on switchdev perf/x86/intel: Fix linear IP of PEBS real_ip on Haswell and later CPUs x86/alternatives: Fixup alternative_call_2 llc: properly handle dev_queue_xmit() return value builddeb: Fix header package regarding dtc source links qede: Fix barrier usage after tx doorbell write. mm, slab: memcg_link the SLAB's kmem_cache mm/page_owner: fix recursion bug after changing skip entries mm/vmstat.c: fix vmstat_update() preemption BUG mm/kmemleak.c: wait for scan completion before disabling free hv_netvsc: enable multicast if necessary qede: Do not drop rx-checksum invalidated packets. net: Fix untag for vlan packets without ethernet header vlan: Fix vlan insertion for packets without ethernet header net: mvneta: fix enable of all initialized RXQs sh: fix debug trap failure to process signals before return to user firmware: dmi_scan: Fix UUID length safety check nvme: don't send keep-alives to the discovery controller Btrfs: clean up resources during umount after trans is aborted Btrfs: fix loss of prealloc extents past i_size after fsync log replay x86/pgtable: Don't set huge PUD/PMD on non-leaf entries x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init fs/proc/proc_sysctl.c: fix potential page fault while unregistering sysctl table swap: divide-by-zero when zero length swap file on ssd z3fold: fix memory leak sr: get/drop reference to device in revalidate and check_events Force log to disk before reading the AGF during a fstrim cpufreq: CPPC: Initialize shared perf capabilities of CPUs powerpc/fscr: Enable interrupts earlier before calling get_user() perf tools: Fix perf builds with clang support perf clang: Add support for recent clang versions dp83640: Ensure against premature access to PHY registers after reset ibmvnic: Zero used TX descriptor counter on reset mm/ksm: fix interaction with THP mm: fix races between address_space dereference and free in page_evicatable mm: thp: fix potential clearing to referenced flag in page_idle_clear_pte_refs_one() Btrfs: bail out on error during replay_dir_deletes Btrfs: fix NULL pointer dereference in log_dir_items btrfs: Fix possible softlock on single core machines IB/rxe: Fix for oops in rxe_register_device on ppc64le arch ocfs2/dlm: don't handle migrate lockres if already in shutdown powerpc/64s/idle: Fix restore of AMOR on POWER9 after deep sleep sched/rt: Fix rq->clock_update_flags < RQCF_ACT_SKIP warning x86/mm: Fix bogus warning during EFI bootup, use boot_cpu_has() instead of this_cpu_has() in build_cr3_noflush() KVM: VMX: raise internal error for exception during invalid protected mode state lan78xx: Connect phy early fscache: Fix hanging wait on page discarded by writeback sparc64: Make atomic_xchg() an inline function rather than a macro. net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() net: bgmac: Correctly annotate register space powerpc/64s: sreset panic if there is no debugger or crash dump handlers btrfs: tests/qgroup: Fix wrong tree backref level Btrfs: fix copy_items() return value when logging an inode btrfs: fix lockdep splat in btrfs_alloc_subvolume_writers btrfs: qgroup: Fix root item corruption when multiple same source snapshots are created with quota enabled rxrpc: Fix Tx ring annotation after initial Tx failure rxrpc: Don't treat call aborts as conn aborts xen/acpi: off by one in read_acpi_id() drivers: macintosh: rack-meter: really fix bogus memsets ACPI: acpi_pad: Fix memory leak in power saving threads powerpc/mpic: Check if cpu_possible() in mpic_physmask() ieee802154: ca8210: fix uninitialised data read ath10k: advertize beacon_int_min_gcd iommu/amd: Take into account that alloc_dev_data() may return NULL intel_th: Use correct method of finding hub m68k: set dma and coherent masks for platform FEC ethernets iwlwifi: mvm: check if mac80211_queue is valid in iwl_mvm_disable_txq parisc/pci: Switch LBA PCI bus from Hard Fail to Soft Fail mode hwmon: (nct6775) Fix writing pwmX_mode powerpc/perf: Prevent kernel address leak to userspace via BHRB buffer powerpc/perf: Fix kernel address leak via sampling registers rsi: fix kernel panic observed on 64bit machine tools/thermal: tmon: fix for segfault selftests: Print the test we're running to /dev/kmsg net/mlx5: Protect from command bit overflow watchdog: davinci_wdt: fix error handling in davinci_wdt_probe() ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk) nvme-pci: disable APST for Samsung NVMe SSD 960 EVO + ASUS PRIME Z370-A ath9k: fix crash in spectral scan cxgb4: Setup FW queues before registering netdev ima: Fix Kconfig to select TPM 2.0 CRB interface ima: Fallback to the builtin hash algorithm watchdog: aspeed: Allow configuring for alternate boot virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS arm: dts: socfpga: fix GIC PPI warning ext4: don't complain about incorrect features when probing drm/vmwgfx: Unpin the screen object backup buffer when not used iommu/mediatek: Fix protect memory setting cpufreq: cppc_cpufreq: Fix cppc_cpufreq_init() failure path IB/mlx5: Set the default active rate and width to QDR and 4X zorro: Set up z->dev.dma_mask for the DMA API bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set remoteproc: imx_rproc: Fix an error handling path in 'imx_rproc_probe()' dt-bindings: add device tree binding for Allwinner H6 main CCU ACPICA: Events: add a return on failure from acpi_hw_register_read ACPICA: Fix memory leak on unusual memory leak ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c cxgb4: Fix queue free path of ULD drivers i2c: mv64xxx: Apply errata delay only in standard mode KVM: lapic: stop advertising DIRECTED_EOI when in-kernel IOAPIC is in use perf top: Fix top.call-graph config option reading perf stat: Fix core dump when flag T is used IB/core: Honor port_num while resolving GID for IB link layer drm/amdkfd: add missing include of mm.h coresight: Use %px to print pcsr instead of %p regulator: gpio: Fix some error handling paths in 'gpio_regulator_probe()' spi: bcm-qspi: fIX some error handling paths net/smc: pay attention to MAX_ORDER for CQ entries MIPS: ath79: Fix AR724X_PLL_REG_PCIE_CONFIG offset PCI: Restore config space on runtime resume despite being unbound watchdog: dw: RMW the control register watchdog: aspeed: Fix translation of reset mode to ctrl register ipmi_ssif: Fix kernel panic at msg_done_handler drm/meson: Fix some error handling paths in 'meson_drv_bind_master()' drm/meson: Fix an un-handled error path in 'meson_drv_bind_master()' powerpc: Add missing prototype for arch_irq_work_raise() powerpc/powernv/npu: Fix deadlock in mmio_invalidate() cxl: Check if PSL data-cache is available before issue flush request f2fs: fix to set KEEP_SIZE bit in f2fs_zero_range f2fs: fix to clear CP_TRIMMED_FLAG f2fs: fix to check extent cache in f2fs_drop_extent_tree perf/core: Fix installing cgroup events on CPU max17042: propagate of_node to power supply device perf/core: Fix perf_output_read_group() drm/panel: simple: Fix the bus format for the Ontat panel hwmon: (pmbus/max8688) Accept negative page register values hwmon: (pmbus/adm1275) Accept negative page register values perf/x86/intel: Properly save/restore the PMU state in the NMI handler cdrom: do not call check_disk_change() inside cdrom_open() efi/arm*: Only register page tables when they exist perf/x86/intel: Fix large period handling on Broadwell CPUs perf/x86/intel: Fix event update for auto-reload arm64: dts: qcom: Fix SPI5 config on MSM8996 soc: qcom: wcnss_ctrl: Fix increment in NV upload gfs2: Fix fallocate chunk size x86/devicetree: Initialize device tree before using it x86/devicetree: Fix device IRQ settings in DT phy: rockchip-emmc: retry calpad busy trimming ALSA: vmaster: Propagate slave error phy: qcom-qmp: Fix phy pipe clock gating drm/bridge: sii902x: Retry status read after DDI I2C tools: hv: fix compiler warnings about major/target_fname block: null_blk: fix 'Invalid parameters' when loading module dmaengine: pl330: fix a race condition in case of threaded irqs dmaengine: rcar-dmac: Check the done lists in rcar_dmac_chan_get_residue() enic: enable rq before updating rq descriptors watchdog: asm9260_wdt: fix error handling in asm9260_wdt_probe() hwrng: stm32 - add reset during probe pinctrl: devicetree: Fix dt_to_map_one_config handling of hogs pinctrl: artpec6: dt: add missing pin group uart5nocts vfio-ccw: fence off transport mode dmaengine: qcom: bam_dma: get num-channels and num-ees from dt drm: omapdrm: dss: Move initialization code from component bind to probe ARM: dts: dra71-evm: Correct evm_sd regulator max voltage drm/amdgpu: disable GFX ring and disable PQ wptr in hw_fini drm/amdgpu: adjust timeout for ib_ring_tests(v2) net: stmmac: ensure that the device has released ownership before reading data net: stmmac: ensure that the MSS desc is the last desc to set the own bit cpufreq: Reorder cpufreq_online() error code path dpaa_eth: fix SG mapping PCI: Add function 1 DMA alias quirk for Marvell 88SE9220 udf: Provide saner default for invalid uid / gid ixgbe: prevent ptp_rx_hang from running when in FILTER_ALL mode sh_eth: fix TSU init on SH7734/R8A7740 power: supply: ltc2941-battery-gauge: Fix temperature units ARM: dts: bcm283x: Fix probing of bcm2835-i2s ARM: dts: bcm283x: Fix pin function of JTAG pins PCMCIA / PM: Avoid noirq suspend aborts during suspend-to-idle audit: return on memory error to avoid null pointer dereference net: stmmac: call correct function in stmmac_mac_config_rx_queues_routing() rcu: Call touch_nmi_watchdog() while printing stall warnings pinctrl: sh-pfc: r8a7796: Fix MOD_SEL register pin assignment for SSI pins group dpaa_eth: fix pause capability advertisement logic MIPS: Octeon: Fix logging messages with spurious periods after newlines drm/rockchip: Respect page offset for PRIME mmap calls x86/apic: Set up through-local-APIC mode on the boot CPU if 'noapic' specified perf test: Fix test case inet_pton to accept inlines. perf report: Fix wrong jump arrow perf tests: Use arch__compare_symbol_names to compare symbols perf report: Fix memory corruption in --branch-history mode --branch-history perf tests: Fix dwarf unwind for stripped binaries selftests/net: fixes psock_fanout eBPF test case netlabel: If PF_INET6, check sk_buff ip header version drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen3 drm: rcar-du: lvds: Fix LVDS startup on R-Car Gen2 ARM: dts: at91: tse850: use the correct compatible for the eeprom regmap: Correct comparison in regmap_cached i40e: Add delay after EMP reset for firmware to recover ARM: dts: imx7d: cl-som-imx7: fix pinctrl_enet ARM: dts: porter: Fix HDMI output routing regulator: of: Add a missing 'of_node_put()' in an error handling path of 'of_regulator_match()' pinctrl: msm: Use dynamic GPIO numbering pinctrl: mcp23s08: spi: Fix regmap debugfs entries kdb: make "mdr" command repeat drm/vmwgfx: Set dmabuf_size when vmw_dmabuf_init is successful Linux 4.14.45 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
e47c1bf99a |
PKCS#7: fix direct verification of SignerInfo signature
[ Upstream commit 6459ae386699a5fe0dc52cf30255f75274fa43a4 ]
If none of the certificates in a SignerInfo's certificate chain match a
trusted key, nor is the last certificate signed by a trusted key, then
pkcs7_validate_trust_one() tries to check whether the SignerInfo's
signature was made directly by a trusted key. But, it actually fails to
set the 'sig' variable correctly, so it actually verifies the last
signature seen. That will only be the SignerInfo's signature if the
certificate chain is empty; otherwise it will actually be the last
certificate's signature.
This is not by itself a security problem, since verifying any of the
certificates in the chain should be sufficient to verify the SignerInfo.
Still, it's not working as intended so it should be fixed.
Fix it by setting 'sig' correctly for the direct verification case.
Fixes: 757932e6da6d ("PKCS#7: Handle PKCS#7 messages that contain no X.509 certs")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
04f740d4da |
This is the 4.14.41 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlr753gACgkQONu9yGCS aT7p/Q//TIC9EKe21E2Lb1Kh4lL5SDjmwe/rkA3PxiqxbkXfUDBehMCfDk4YVNVG TlH1TXOubzpS/8cZJPRFHEkrYXPKIA3+hKlAvJukUJCBQqmW1ILEAX5m7jrSmf+B tLe/r0ijOtlfB1xQdUs5RxXGIndw0gMGhpo/QTXPAC0hGh0Ykd8v2s4YAjxOvdKw z4DaUKtZGEPBWFVK/Bx1Fv3iAmJMt2yerERUqz8MVegYXJt+2RUGoJtsxHuvOk1p 9q0lzHBWYihQVt1tJ0es/8cB7WsYt8txnVmeN907sryUhDjvTWIxQJb5jEV0gxxK AL89PHy4Hfki6l6r+tqYi92frFda8aLfsaSseOhlmqsv0MlwngW2dx3UbjaYd4If IQA6n0hWHuxUvjrjsPpsMAa4lvTW+/kFilb0mD6Vixy3ru+/RelKnuawJm6kbMNu Cb8QSVSJrhvC/UZLvwO7a3viJdKoI5B9pTh5FTKcY5wUPI1k01pg3WlWNxmnv4ZJ LPImR06aoJYhvbutf94AvxbCOt/au8sY4s/yk9oHgvGUEIccrGYf3BwX6ciWRt4b r4ZN92C9ZuD+u/ATFgi/akngtjjixw5YrZ20aX86dYcBZ25hYOiIMoc482tYQ12Z 1vqyvKg9o1oMypG9orF09PWstbNRu3ihGATKdXL9lfAhDklOTKc= =zWTK -----END PGP SIGNATURE----- Merge 4.14.41 into android-4.14 Changes in 4.14.41 ipvs: fix rtnl_lock lockups caused by start_sync_thread netfilter: ebtables: don't attempt to allocate 0-sized compat array kcm: Call strp_stop before strp_done in kcm_attach crypto: af_alg - fix possible uninit-value in alg_bind() netlink: fix uninit-value in netlink_sendmsg net: fix rtnh_ok() net: initialize skb->peeked when cloning net: fix uninit-value in __hw_addr_add_ex() dccp: initialize ireq->ir_mark ipv4: fix uninit-value in ip_route_output_key_hash_rcu() soreuseport: initialise timewait reuseport field inetpeer: fix uninit-value in inet_getpeer memcg: fix per_node_info cleanup perf: Remove superfluous allocation error check tcp: fix TCP_REPAIR_QUEUE bound checking bdi: wake up concurrent wb_shutdown() callers. bdi: Fix oops in wb_workfn() KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing arm64: Add work around for Arm Cortex-A55 Erratum 1024718 compat: fix 4-byte infoleak via uninitialized struct field gpioib: do not free unrequested descriptors gpio: fix aspeed_gpio unmask irq gpio: fix error path in lineevent_create rfkill: gpio: fix memory leak in probe error path libata: Apply NOLPM quirk for SanDisk SD7UB3Q*G1001 SSDs dm integrity: use kvfree for kvmalloc'd memory tracing: Fix regex_match_front() to not over compare the test string z3fold: fix reclaim lock-ups mm: sections are not offlined during memory hotremove mm, oom: fix concurrent munlock and oom reaper unmap, v3 ceph: fix rsize/wsize capping in ceph_direct_read_write() can: kvaser_usb: Increase correct stats counter in kvaser_usb_rx_can_msg() can: hi311x: Acquire SPI lock on ->do_get_berr_counter can: hi311x: Work around TX complete interrupt erratum drm/vc4: Fix scaling of uni-planar formats drm/i915: Fix drm:intel_enable_lvds ERROR message in kernel log drm/nouveau: Fix deadlock in nv50_mstm_register_connector() drm/atomic: Clean old_state/new_state in drm_atomic_state_default_clear() drm/atomic: Clean private obj old_state/new_state in drm_atomic_state_default_clear() net: atm: Fix potential Spectre v1 atm: zatm: Fix potential Spectre v1 PCI / PM: Always check PME wakeup capability for runtime wakeup support PCI / PM: Check device_may_wakeup() in pci_enable_wake() cpufreq: schedutil: Avoid using invalid next_freq Revert "Bluetooth: btusb: Fix quirk for Atheros 1525/QCA6174" Bluetooth: btusb: Add Dell XPS 13 9360 to btusb_needs_reset_resume_table Bluetooth: btusb: Only check needs_reset_resume DMI table for QCA rome chipsets thermal: exynos: Reading temperature makes sense only when TMU is turned on thermal: exynos: Propagate error value from tmu_read() nvme: add quirk to force medium priority for SQ creation smb3: directory sync should not return an error sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] tracing/uprobe_event: Fix strncpy corner case perf/x86: Fix possible Spectre-v1 indexing for hw_perf_event cache_* perf/x86/cstate: Fix possible Spectre-v1 indexing for pkg_msr perf/x86/msr: Fix possible Spectre-v1 indexing in the MSR driver perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] perf/x86: Fix possible Spectre-v1 indexing for x86_pmu::event_map() KVM: PPC: Book3S HV: Fix handling of large pages in radix page fault handler KVM: x86: remove APIC Timer periodic/oneshot spikes Linux 4.14.41 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Eric Dumazet
|
1b6d0db7ed |
crypto: af_alg - fix possible uninit-value in alg_bind()
commit a466856e0b7ab269cdf9461886d007e88ff575b0 upstream.
syzbot reported :
BUG: KMSAN: uninit-value in alg_bind+0xe3/0xd90 crypto/af_alg.c:162
We need to check addr_len before dereferencing sa (or uaddr)
Fixes: bb30b8848c85 ("crypto: af_alg - whitelist mask and type")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Stephan Mueller <smueller@chronox.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
c50e5cb3fa |
This is the 4.14.39 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlroxuQACgkQONu9yGCS
aT5H3BAAq+AfTWGEbNgjlDMh0nNSzNG4QyitI79Y6fsJrXCy669X/+b0V7s7+RoL
R+UBw1REIG7cnDBOgNNYoyoC7UGGstBxD7X4TnnWZsGpYeilCdqETUfRT1UBIXMM
ZVnLgUcje/smCUIkJbmPzGQb6j+fRbanyynkeQ4PyXd5rHd7ncKyyYjXVE38dUm3
HiczG+F3KD6tkHcaA5PFt1Afw0EQACUYapIZIQgd7XISbskHSH9TMohrA+cTREpH
HSPw64KbTR0SuhfJiUJILTbsUNe9EHD7iEvT/wjwmD+pEgMrWxVfdFquaHX/HIBZ
Ex1brCNCvw8PCzMxhpLfkBxhc/I1swktO6/B87tWaeQtRLEaybuchaCsUuppfcPP
tCokNu2IDmLuhIEVl/kyD+GwQ3Xs95I5+o9wytpCYdS4NplX2AWsvQb00v2ZXuo6
VDa0x4aPUyLIGPITSYi2lmS10mrvCkzuvd0seuaPbM87Q2+5Mq1RxmQCvFzTgfGZ
Y+jKS3nomgP5b/QzhKM5O9y3DBMMyDx6zjwzPmhnR4mM2b1aBguk2Q1YbqXgwPJk
7GIUFeb+xD6pdWtK4lZc7Apxc2CUE7lTC0gn90EWwS5+vu+cljt4uvMmsuYLRVaw
/0+zLv+jMxkvEoI2Y0i+FuuJ2k46q8YFy1Lga0+xeVWdd1D84GI=
=0Lwm
-----END PGP SIGNATURE-----
Merge 4.14.39 into android-4.14
Changes in 4.14.39
ext4: prevent right-shifting extents beyond EXT_MAX_BLOCKS
ext4: set h_journal if there is a failure starting a reserved handle
ext4: add MODULE_SOFTDEP to ensure crc32c is included in the initramfs
ext4: add validity checks for bitmap block numbers
ext4: fix bitmap position validation
random: set up the NUMA crng instances after the CRNG is fully initialized
random: fix possible sleeping allocation from irq context
random: rate limit unseeded randomness warnings
usbip: usbip_event: fix to not print kernel pointer address
usbip: usbip_host: fix to hold parent lock for device_attach() calls
usbip: vhci_hcd: Fix usb device and sockfd leaks
usbip: vhci_hcd: check rhport before using in vhci_hub_control()
Revert "xhci: plat: Register shutdown for xhci_plat"
xhci: Fix USB ports for Dell Inspiron 5775
USB: serial: simple: add libtransistor console
USB: serial: ftdi_sio: use jtag quirk for Arrow USB Blaster
USB: serial: cp210x: add ID for NI USB serial console
usb: typec: ucsi: Increase command completion timeout value
usb: core: Add quirk for HP v222w 16GB Mini
USB: Increment wakeup count on remote wakeup.
ALSA: usb-audio: Skip broken EU on Dell dock USB-audio
virtio: add ability to iterate over vqs
virtio_console: don't tie bufs to a vq
virtio_console: free buffers after reset
virtio_console: drop custom control queue cleanup
virtio_console: move removal code
virtio_console: reset on out of memory
drm/virtio: fix vq wait_event condition
tty: Don't call panic() at tty_ldisc_init()
tty: n_gsm: Fix long delays with control frame timeouts in ADM mode
tty: n_gsm: Fix DLCI handling for ADM mode if debug & 2 is not set
tty: Avoid possible error pointer dereference at tty_ldisc_restore().
tty: Use __GFP_NOFAIL for tty_ldisc_get()
ALSA: dice: fix OUI for TC group
ALSA: dice: fix error path to destroy initialized stream data
ALSA: hda - Skip jack and others for non-existing PCM streams
ALSA: opl3: Hardening for potential Spectre v1
ALSA: asihpi: Hardening for potential Spectre v1
ALSA: hdspm: Hardening for potential Spectre v1
ALSA: rme9652: Hardening for potential Spectre v1
ALSA: control: Hardening for potential Spectre v1
ALSA: pcm: Return negative delays from SNDRV_PCM_IOCTL_DELAY.
ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr
ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device
ALSA: seq: oss: Hardening for potential Spectre v1
ALSA: hda: Hardening for potential Spectre v1
ALSA: hda/realtek - Add some fixes for ALC233
ALSA: hda/realtek - Update ALC255 depop optimize
ALSA: hda/realtek - change the location for one of two front mics
mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic
mtd: cfi: cmdset_0001: Do not allow read/write to suspend erase block.
mtd: cfi: cmdset_0001: Workaround Micron Erase suspend bug.
mtd: cfi: cmdset_0002: Do not allow read/write to suspend erase block.
mtd: rawnand: tango: Fix struct clk memory leak
kobject: don't use WARN for registration failures
scsi: sd: Defer spinning up drive while SANITIZE is in progress
bfq-iosched: ensure to clear bic/bfqq pointers when preparing request
vfio: ccw: process ssch with interrupts disabled
ANDROID: binder: prevent transactions into own process.
PCI: aardvark: Fix logic in advk_pcie_{rd,wr}_conf()
PCI: aardvark: Set PIO_ADDR_LS correctly in advk_pcie_rd_conf()
PCI: aardvark: Use ISR1 instead of ISR0 interrupt in legacy irq mode
PCI: aardvark: Fix PCIe Max Read Request Size setting
ARM: amba: Make driver_override output consistent with other buses
ARM: amba: Fix race condition with driver_override
ARM: amba: Don't read past the end of sysfs "driver_override" buffer
ARM: socfpga_defconfig: Remove QSPI Sector 4K size force
KVM: arm/arm64: Close VMID generation race
powerpc/mm: Flush cache on memory hot(un)plug
powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large address range
crypto: drbg - set freed buffers to NULL
ASoC: fsl_esai: Fix divisor calculation failure at lower ratio
libceph: un-backoff on tick when we have a authenticated session
libceph: reschedule a tick in finish_hunting()
libceph: validate con->state at the top of try_write()
fpga-manager: altera-ps-spi: preserve nCONFIG state
earlycon: Use a pointer table to fix __earlycon_table stride
cpufreq: powernv: Fix hardlockup due to synchronous smp_call in timer interrupt
rtc: opal: Fix OPAL RTC driver OPAL_BUSY loops
drm/amdgpu: set COMPUTE_PGM_RSRC1 for SGPR/VGPR clearing shaders
drm/i915: Enable display WA#1183 from its correct spot
objtool, perf: Fix GCC 8 -Wrestrict error
tools/lib/subcmd/pager.c: do not alias select() params
x86/ipc: Fix x32 version of shmid64_ds and msqid64_ds
x86/smpboot: Don't use mwait_play_dead() on AMD systems
x86/microcode/intel: Save microcode patch unconditionally
x86/microcode: Do not exit early from __reload_late()
tick/sched: Do not mess with an enqueued hrtimer
arm/arm64: KVM: Add PSCI version selection API
powerpc/eeh: Fix race with driver un/bind
Linux 4.14.39
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Stephan Mueller
|
674d38ea18 |
crypto: drbg - set freed buffers to NULL
commit eea0d3ea7546961f69f55b26714ac8fd71c7c020 upstream. During freeing of the internal buffers used by the DRBG, set the pointer to NULL. It is possible that the context with the freed buffers is reused. In case of an error during initialization where the pointers do not yet point to allocated memory, the NULL value prevents a double free. Cc: stable@vger.kernel.org Fixes: 3cfc3b9721123 ("crypto: drbg - use aligned buffers") Signed-off-by: Stephan Mueller <smueller@chronox.de> Reported-by: syzbot+75397ee3df5c70164154@syzkaller.appspotmail.com Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
7e76ead2d2 |
This is the 4.14.34 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlrPNhoACgkQONu9yGCS aT6BgRAAlQVoTa9PEk/vyJACP/IDnzW/UUhUatTTBcsj8hAOzeF5tpFPvvqG+Aoj TfjujeFN8YgqepBKEWdAvUknJtO9Ka+1Q7elBg1A9ygwPXn4XCVV1Cu+Q7w9gmci OJd/3ubevqGV0enA9wzxsczhG8ua/8EZiBM5pz8NDXy4nZ7rtxCUs+8npCj23/dJ klN70Gv58ClSaI4CUTXejBxm9/EGIrY0+SoS3+M1rj8vV8kgr8uzqDuk/Kv12YL8 /XVbB6QHPauvJAw9QFaP9xi2M7hZ03YJlo0hHMoPUXyLK2CJ5w/NJmJcKOu+eKx0 GGn/qQ0C8uAXGFfJjwHNj3MHDgPVayIvE7SMVKRIY8EcSYv9AsL+YDo6KK9WRmuE 3VLxOFO8Z2vVaVATU3U/m/+lK+kyDqStwwp7IFTbYSb3GpSD8JeruBWcbM2ywPCX J+n3DWrvwcvIsS1+URJogiaamo7J6u4upyz9ilym7XovMub5RfjmhIAKBsd3DqEL PZ+MLM+TMUq6smSlSFdrSuU+aquhbaKaD/LdXmVlsIjMQOOkQCU8d6mHYfW7jBEP 6oE/VjXSewMdsrux3C4rKW/TnnXRWNHPY47SqObkqEx1uf2uFPSi5jIKRCBZtNfT 2nMEfDnW/FBuQVoWvBx01eiSeupNRl0ULbdtdrMS7YMFY8gaVOY= =+4X0 -----END PGP SIGNATURE----- Merge 4.14.34 into android-4.14 Changes in 4.14.34 i40iw: Fix sequence number for the first partial FPDU i40iw: Correct Q1/XF object count equation i40iw: Validate correct IRD/ORD connection parameters clk: meson: mpll: use 64-bit maths in params_from_rate ARM: dts: ls1021a: add "fsl,ls1021a-esdhc" compatible string to esdhc node Bluetooth: Add a new 04ca:3015 QCA_ROME device ipv6: Reinject IPv6 packets if IPsec policy matches after SNAT thermal: power_allocator: fix one race condition issue for thermal_instances list perf probe: Find versioned symbols from map perf probe: Add warning message if there is unexpected event name perf evsel: Enable ignore_missing_thread for pid option net: hns3: free the ring_data structrue when change tqps net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg l2tp: fix missing print session offset info rds; Reset rs->rs_bound_addr in rds_add_bound() failure path ACPI / video: Default lcd_only to true on Win8-ready and newer machines net/mlx4_en: Change default QoS settings VFS: close race between getcwd() and d_move() watchdog: dw_wdt: add stop watchdog operation clk: divider: fix incorrect usage of container_of PM / devfreq: Fix potential NULL pointer dereference in governor_store selftests/net: fix bugs in address and port initialization RDMA/cma: Mark end of CMA ID messages hwmon: (ina2xx) Make calibration register value fixed clk: sunxi-ng: a83t: Add M divider to TCON1 clock media: videobuf2-core: don't go out of the buffer range ASoC: Intel: Skylake: Disable clock gating during firmware and library download ASoC: Intel: cht_bsw_rt5645: Analog Mic support spi: sh-msiof: Fix timeout failures for TX-only DMA transfers scsi: libiscsi: Allow sd_shutdown on bad transport scsi: mpt3sas: Proper handling of set/clear of "ATA command pending" flag. irqchip/gic-v3: Fix the driver probe() fail due to disabled GICC entry ACPI: EC: Fix debugfs_create_*() usage mac80211: Fix setting TX power on monitor interfaces vfb: fix video mode and line_length being set when loaded gpio: label descriptors using the device name powernv-cpufreq: Add helper to extract pstate from PMSR IB/rdmavt: Allocate CQ memory on the correct node blk-mq: avoid to map CPU into stale hw queue blk-mq: fix race between updating nr_hw_queues and switching io sched backlight: tdo24m: Fix the SPI CS between transfers pinctrl: baytrail: Enable glitch filter for GPIOs used as interrupts nvme_fcloop: disassocate local port structs nvme_fcloop: fix abort race condition tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented perf report: Fix a no annotate browser displayed issue staging: lustre: disable preempt while sampling processor id. ASoC: Intel: sst: Fix the return value of 'sst_send_byte_stream_mrfld()' power: supply: axp288_charger: Properly stop work on probe-error / remove rt2x00: do not pause queue unconditionally on error path wl1251: check return from call to wl1251_acx_arp_ip_filter net/mlx5: Fix race for multiple RoCE enable net: hns3: Fix an error of total drop packet statistics net: hns3: Fix a loop index error of tqp statistics query net: hns3: Fix an error macro definition of HNS3_TQP_STAT net: hns3: fix for changing MTU bcache: ret IOERR when read meets metadata error bcache: stop writeback thread after detaching bcache: segregate flash only volume write streams scsi: libsas: fix memory leak in sas_smp_get_phy_events() scsi: libsas: fix error when getting phy events scsi: libsas: initialize sas_phy status according to response of DISCOVER blk-mq: fix kernel oops in blk_mq_tag_idle() tty: n_gsm: Allow ADM response in addition to UA for control dlci block, bfq: put async queues for root bfq groups too EDAC, mv64x60: Fix an error handling path uio_hv_generic: check that host supports monitor page i40evf: don't rely on netif_running() outside rtnl_lock() cxgb4vf: Fix SGE FL buffer initialization logic for 64K pages scsi: megaraid_sas: Error handling for invalid ldcount provided by firmware in RAID map scsi: megaraid_sas: unload flag should be set after scsi_remove_host is called RDMA/cma: Fix rdma_cm path querying for RoCE gpio: thunderx: fix error return code in thunderx_gpio_probe() x86/gart: Exclude GART aperture from vmcore sdhci: Advertise 2.0v supply on SDIO host controller ibmvnic: Don't handle RX interrupts when not up. Input: goodix - disable IRQs while suspended mtd: mtd_oobtest: Handle bitflips during reads crypto: aes-generic - build with -Os on gcc-7+ perf tools: Fix copyfile_offset update of output offset tcmu: release blocks for partially setup cmds thermal: int3400_thermal: fix error handling in int3400_thermal_probe() objtool: Add Clang support crypto: arm64/aes-ce-cipher - move assembler code to .S file x86/microcode: Propagate return value from updating functions x86/CPU: Add a microcode loader callback x86/CPU: Check CPU feature bits after microcode upgrade x86/microcode: Get rid of struct apply_microcode_ctx x86/microcode/intel: Check microcode revision before updating sibling threads x86/microcode/intel: Writeback and invalidate caches before updating microcode x86/microcode: Do not upload microcode if CPUs are offline x86/microcode/intel: Look into the patch cache first x86/microcode: Request microcode on the BSP x86/microcode: Synchronize late microcode loading x86/microcode: Attempt late loading only when new microcode is present x86/microcode: Fix CPU synchronization routine arp: fix arp_filter on l3slave devices ipv6: the entire IPv6 header chain must fit the first fragment lan78xx: Crash in lan78xx_writ_reg (Workqueue: events lan78xx_deferred_multicast_write) net: fix possible out-of-bound read in skb_network_protocol() net/ipv6: Fix route leaking between VRFs net/ipv6: Increment OUTxxx counters after netfilter hook netlink: make sure nladdr has correct size in netlink_connect() net sched actions: fix dumping which requires several messages to user space net/sched: fix NULL dereference in the error path of tcf_bpf_init() pptp: remove a buggy dst release in pptp_connect() r8169: fix setting driver_data after register_netdev sctp: do not leak kernel memory to user space sctp: sctp_sockaddr_af must check minimal addr length for AF_INET6 sky2: Increase D3 delay to sky2 stops working after suspend vhost: correctly remove wait queue during poll failure vlan: also check phy_driver ts_info for vlan's real device vrf: Fix use after free and double free in vrf_finish_output bonding: fix the err path for dev hwaddr sync in bond_enslave bonding: move dev_mc_sync after master_upper_dev_link in bond_enslave bonding: process the err returned by dev_set_allmulti properly in bond_enslave net: fool proof dev_valid_name() ip_tunnel: better validate user provided tunnel names ipv6: sit: better validate user provided tunnel names ip6_gre: better validate user provided tunnel names ip6_tunnel: better validate user provided tunnel names vti6: better validate user provided tunnel names net/mlx5e: Avoid using the ipv6 stub in the TC offload neigh update path net/mlx5e: Fix memory usage issues in offloading TC flows nfp: use full 40 bits of the NSP buffer address ipv6: sr: fix seg6 encap performances with TSO enabled net/mlx5e: Don't override vport admin link state in switchdev mode net/mlx5e: Sync netdev vxlan ports at open net/sched: fix NULL dereference in the error path of tunnel_key_init() net/sched: fix NULL dereference on the error path of tcf_skbmod_init() strparser: Fix sign of err codes net/mlx4_en: Fix mixed PFC and Global pause user control requests net/mlx5e: Fix traffic being dropped on VF representor vhost: validate log when IOTLB is enabled route: check sysctl_fib_multipath_use_neigh earlier than hash team: move dev_mc_sync after master_upper_dev_link in team_port_add vhost_net: add missing lock nesting notation net/mlx4_core: Fix memory leak while delete slave's resources Linux 4.14.34 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Arnd Bergmann
|
7cae67e312 |
crypto: aes-generic - build with -Os on gcc-7+
[ Upstream commit 148b974deea927f5dbb6c468af2707b488bfa2de ] While testing other changes, I discovered that gcc-7.2.1 produces badly optimized code for aes_encrypt/aes_decrypt. This is especially true when CONFIG_UBSAN_SANITIZE_ALL is enabled, where it leads to extremely large stack usage that in turn might cause kernel stack overflows: crypto/aes_generic.c: In function 'aes_encrypt': crypto/aes_generic.c:1371:1: warning: the frame size of 4880 bytes is larger than 2048 bytes [-Wframe-larger-than=] crypto/aes_generic.c: In function 'aes_decrypt': crypto/aes_generic.c:1441:1: warning: the frame size of 4864 bytes is larger than 2048 bytes [-Wframe-larger-than=] I verified that this problem exists on all architectures that are supported by gcc-7.2, though arm64 in particular is less affected than the others. I also found that gcc-7.1 and gcc-8 do not show the extreme stack usage but still produce worse code than earlier versions for this file, apparently because of optimization passes that generally provide a substantial improvement in object code quality but understandably fail to find any shortcuts in the AES algorithm. Possible workarounds include a) disabling -ftree-pre and -ftree-sra optimizations, this was an earlier patch I tried, which reliably fixed the stack usage, but caused a serious performance regression in some versions, as later testing found. b) disabling UBSAN on this file or all ciphers, as suggested by Ard Biesheuvel. This would lead to massively better crypto performance in UBSAN-enabled kernels and avoid the stack usage, but there is a concern over whether we should exclude arbitrary files from UBSAN at all. c) Forcing the optimization level in a different way. Similar to a), but rather than deselecting specific optimization stages, this now uses "gcc -Os" for this file, regardless of the CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE/SIZE option. This is a reliable workaround for the stack consumption on all architecture, and I've retested the performance results now on x86, cycles/byte (lower is better) for cbc(aes-generic) with 256 bit keys: -O2 -Os gcc-6.3.1 14.9 15.1 gcc-7.0.1 14.7 15.3 gcc-7.1.1 15.3 14.7 gcc-7.2.1 16.8 15.9 gcc-8.0.0 15.5 15.6 This implements the option c) by enabling forcing -Os on all compiler versions starting with gcc-7.1. As a workaround for PR83356, it would only be needed for gcc-7.2+ with UBSAN enabled, but since it also shows better performance on gcc-7.1 without UBSAN, it seems appropriate to use the faster version here as well. Side note: during testing, I also played with the AES code in libressl, which had a similar performance regression from gcc-6 to gcc-7.2, but was three times slower overall. It might be interesting to investigate that further and possibly port the Linux implementation into that. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83356 Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=83651 Cc: Richard Biener <rguenther@suse.de> Cc: Jakub Jelinek <jakub@gcc.gnu.org> Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
27e69ad2ae |
This is the 4.14.33 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlrKCn4ACgkQONu9yGCS aT5N9Q//fD3Bsaf4GuQxBLR0Jd6tNpunTMyc98TxQ1SUqN72YHiVhhZ88F5syRXd OsdOUIbmlnGPGfiV4sFf9HPmji4OCmTwBdWOjeja75TjApJ98H1gMUlULbiFYgdc TMitrwfNmxjUsdbCUGO2E3+9xKXjWcqmDfqeE4zano9iejPLiDwulIiG52QTVIlY FGm0nxYPq2A4AlF4u2B7sHaf1PEeopcmx/wNaAAZQf3pzXo8SukThQaeQihYMUv2 4iU6EDmorTFy2V+r6N58AU4BEVj1fsiWLVObNRjfRkQ6NiljhzHgoSxrqXF+lOFu ZGOOLJ7oiVJMXBBFKkDCA9qKvLcVRmwEz8gwdvylhWuOoUIvRxfPBdbPenz7YXYS 0ySXA0zU6KT31O+70ryE2UQonQ27fF71hohBRm1a5Z88uy24eCbFR1b5+8ldVKeF 2SFruhtoaI9iG6aaIFW8bNLVU3d5wyhp+NrL57y4STeR/fDC5ed3jnaOaXKpM4Dl DnteX/UtTvlVTwhBNgSEaCxB53gHWM9/ueEJaijfSiQVaIyrXL0atz8ZhZPlXwVG n13Dl4nWbXO6/TckK+VqhCTJ/54vEZzKfvR6u9+QiusA5AcS5rFz/4nQx6fVpt1z XgmUPtaC63TPc7E3iY/SvX2FtOWpdjqR/Tv32xbIjwSfDdnOl2M= =kd9N -----END PGP SIGNATURE----- Merge 4.14.33 into android-4.14 Changes in 4.14.33 ARM: OMAP: Fix SRAM W+X mapping ARM: 8746/1: vfp: Go back to clearing vfp_current_hw_state[] ARM: dts: sun6i: a31s: bpi-m2: improve pmic properties ARM: dts: sun6i: a31s: bpi-m2: add missing regulators mtd: jedec_probe: Fix crash in jedec_read_mfr() mtd: nand: atmel: Fix get_sectorsize() function ALSA: usb-audio: Add native DSD support for TEAC UD-301 ALSA: pcm: Use dma_bytes as size parameter in dma_mmap_coherent() ALSA: pcm: potential uninitialized return values x86/platform/uv/BAU: Add APIC idt entry perf/hwbp: Simplify the perf-hwbp code, fix documentation ceph: only dirty ITER_IOVEC pages for direct read ipc/shm.c: add split function to shm_vm_ops i2c: i2c-stm32f7: fix no check on returned setup powerpc/64s: Fix lost pending interrupt due to race causing lost update to irq_happened powerpc/64s: Fix i-side SLB miss bad address handler saving nonvolatile GPRs partitions/msdos: Unable to mount UFS 44bsd partitions xfrm_user: uncoditionally validate esn replay attribute struct RDMA/ucma: Check AF family prior resolving address RDMA/ucma: Fix use-after-free access in ucma_close RDMA/ucma: Ensure that CM_ID exists prior to access it RDMA/rdma_cm: Fix use after free race with process_one_req RDMA/ucma: Check that device is connected prior to access it RDMA/ucma: Check that device exists prior to accessing it RDMA/ucma: Introduce safer rdma_addr_size() variants net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems percpu: add __GFP_NORETRY semantics to the percpu balancing path netfilter: x_tables: make allocation less aggressive netfilter: bridge: ebt_among: add more missing match size checks l2tp: fix races with ipv4-mapped ipv6 addresses netfilter: drop template ct when conntrack is skipped. netfilter: x_tables: add and use xt_check_proc_name phy: qcom-ufs: add MODULE_LICENSE tag Bluetooth: Fix missing encryption refresh on Security Request usb: dwc2: Improve gadget state disconnection handling bitmap: fix memset optimization on big-endian systems USB: serial: ftdi_sio: add RT Systems VX-8 cable USB: serial: ftdi_sio: add support for Harman FirmwareHubEmulator USB: serial: cp210x: add ELDAT Easywave RX09 id serial: 8250: Add Nuvoton NPCM UART mei: remove dev_err message on an unsupported ioctl /dev/mem: Avoid overwriting "err" in read_mem() media: usbtv: prevent double free in error case parport_pc: Add support for WCH CH382L PCI-E single parallel port card. crypto: lrw - Free rctx->ext with kzfree crypto: inside-secure - fix clock management crypto: testmgr - Fix incorrect values in PKCS#1 test vector crypto: ahash - Fix early termination in hash walk crypto: caam - Fix null dereference at error path crypto: ccp - return an actual key size from RSA max_size callback crypto: arm,arm64 - Fix random regeneration of S_shipped crypto: x86/cast5-avx - fix ECB encryption when long sg follows short one Btrfs: fix unexpected cow in run_delalloc_nocow staging: comedi: ni_mio_common: ack ai fifo error interrupts. Revert "base: arch_topology: fix section mismatch build warnings" Input: ALPS - fix TrackStick detection on Thinkpad L570 and Latitude 7370 Input: i8042 - add Lenovo ThinkPad L460 to i8042 reset list Input: i8042 - enable MUX on Sony VAIO VGN-CS series to fix touchpad vt: change SGR 21 to follow the standards ARM: dts: DRA76-EVM: Set powerhold property for tps65917 net: hns: Fix ethtool private flags Fix slab name "biovec-(1<<(21-12))" Revert "ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin" Revert "ARM: dts: omap3-n900: Fix the audio CODEC's reset pin" Revert "cpufreq: Fix governor module removal race" Revert "ip6_vti: adjust vti mtu according to mtu of lower device" Linux 4.14.33 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Herbert Xu
|
c3657fd0c1 |
crypto: ahash - Fix early termination in hash walk
commit 900a081f6912a8985dc15380ec912752cb66025a upstream. When we have an unaligned SG list entry where there is no leftover aligned data, the hash walk code will incorrectly return zero as if the entire SG list has been processed. This patch fixes it by moving onto the next page instead. Reported-by: Eli Cooper <elicooper@gmx.com> Cc: <stable@vger.kernel.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Conor McLoughlin
|
ad35fdc00a |
crypto: testmgr - Fix incorrect values in PKCS#1 test vector
commit 333e18c5cc74438f8940c7f3a8b3573748a371f9 upstream. The RSA private key for the first form should have version, prime1, prime2, exponent1, exponent2, coefficient values 0. With non-zero values for prime1,2, exponent 1,2 and coefficient the Intel QAT driver will assume that values are provided for the private key second form. This will result in signature verification failures for modules where QAT device is present and the modules are signed with rsa,sha256. Cc: <stable@vger.kernel.org> Signed-off-by: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Signed-off-by: Conor McLoughlin <conor.mcloughlin@intel.com> Reviewed-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Herbert Xu
|
77827f3d63 |
crypto: lrw - Free rctx->ext with kzfree
commit 8c9bdab21289c211ca1ca6a5f9b7537b4a600a02 upstream.
The buffer rctx->ext contains potentially sensitive data and should
be freed with kzfree.
Cc: <stable@vger.kernel.org>
Fixes: 700cb3f5fe75 ("crypto: lrw - Convert to skcipher")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
267c6efd76 |
This is the 4.14.28 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqvagEACgkQONu9yGCS aT6OIxAAmZR4SyE7pWG9IwDzRcWhkPqknnKyM9SsfZ4m9TjiTRDZudUuJHy9LYko L1uCqQqd2cb88DkkY7aoThlZUNQmRKxbqlm1KGFnxYTIWpqmwC0Cod47P1gPdfu8 eCHFTskA3LzhWKtKISIYAstfgiiSMPDcaK+AoMFSgNHJPIRzK1ixMbPqd+NskBBn jkSAWgc3z7GazyPgX9mnR8jh6hrPBARgDgCUUlc5kG4xBQMJD5u00Z2u6hgPgGeH AjmB/LGWepZC/e+XbJGZlu2J/gOREkqpGmIgBlhLMZKFaa1uGb6do6vDpUwQsfHY NutaJ5sKuDRRk72jWNvYLxXetV+X8yMR/NcbUwN7NLe9tKQRQKQicscYSnSma5p+ /9kusRfbDuDgx6dSDf8qtfL4N01suUpZadfHRYJWTnmsR718ybc05LYegcve6m3n c1VL8oAVB9SHLWEEirqDfBIsDPwwUt2D+3Qa2BK7aLFdWJD8DAwBB+vuYOscvPMQ 4R4YG3Tt2jxlbdYSNnnF2/Y8RvJvYSH9TCz2ZxjTYjO1di+ildnF2KP2ncXnfU6s 2i5c/5efb5FRQUN3x2EiGK9adRhHc6D2vheOMOMGIFJX/hI4fDNuQyX9676hliMc +BRom5CU7712BVeR70+XuO9K9M1UDeqUGK0tgWFc8xI9LdrnfVc= =85d3 -----END PGP SIGNATURE----- Merge 4.14.28 into android-4.14 Changes in 4.14.28 net: phy: fix resume handling net: phy: Restore phy_resume() locking assumption x86: Treat R_X86_64_PLT32 as R_X86_64_PC32 ASoC: sun4i-i2s: Fix RX slot number of SUN8I ASoC: sgtl5000: Fix suspend/resume ASoC: wm_adsp: For TLV controls only register TLV get/set ASoC: rt5651: Fix regcache sync errors on resume usb: host: xhci-rcar: add support for r8a77965 xhci: Fix front USB ports on ASUS PRIME B350M-A xhci: fix endpoint context tracer output serial: sh-sci: prevent lockup on full TTY buffers tty/serial: atmel: add new version check for usart uas: fix comparison for error code staging: comedi: fix comedi_nsamples_left. staging: android: ashmem: Fix lockdep issue during llseek USB: storage: Add JMicron bridge 152d:2567 to unusual_devs.h usbip: vudc: fix null pointer dereference on udc->lock usb: quirks: add control message delay for 1b1c:1b20 usb: usbmon: Read text within supplied buffer size usb: gadget: f_fs: Fix use-after-free in ffs_fs_kill_sb() usb: dwc3: Fix lock-up on ID change during system suspend/resume serial: 8250_pci: Add Brainboxes UC-260 4 port serial device serial: core: mark port as initialized in autoconfig earlycon: add reg-offset to physical address before mapping dm mpath: fix passing integrity data Revert "btrfs: use proper endianness accessors for super_copy" drm/edid: set ELD connector type in drm_edid_to_eld() dma-buf/fence: Fix lock inversion within dma-fence-array video/hdmi: Allow "empty" HDMI infoframes HID: multitouch: Only look at non touch fields in first packet of a frame HID: elo: clear BTN_LEFT mapping iwlwifi: mvm: rs: don't override the rate history in the search cycle ARM: dts: koelsch: Move cec_clock to root node clk: meson: gxbb: fix wrong clock for SARADC/SANA ARM: dts: exynos: Correct Trats2 panel reset line drm/amdgpu: fix get_max_engine_clock_in_mhz staging: rtl8822be: fix missing null check on dev_alloc_skb return typec: tcpm: fusb302: Resolve out of order messaging events USB: ledtrig-usbport: fix of-node leak sched: Stop switched_to_rt() from sending IPIs to offline CPUs sched: Stop resched_cpu() from sending IPIs to offline CPUs crypto: ecc - Fix NULL pointer deref. on no default_rng crypto: cavium - fix memory leak on info test_firmware: fix setting old custom fw path back on exit net: ieee802154: adf7242: Fix bug if defined DEBUG rtc: brcmstb-waketimer: fix error handling in brcmstb_waketmr_probe() net: xfrm: allow clearing socket xfrm policies. mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() net: thunderx: Set max queue count taking XDP_TX into account ARM: dts: am335x-pepper: Fix the audio CODEC's reset pin ARM: dts: omap3-n900: Fix the audio CODEC's reset pin mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 userns: Don't fail follow_automount based on s_user_ns xfrm: Fix xfrm_replay_overflow_offload_esn leds: pm8058: Silence pointer to integer size warning power: supply: ab8500_charger: Fix an error handling path power: supply: ab8500_charger: Bail out in case of error in 'ab8500_charger_init_hw_registers()' drm/etnaviv: make THERMAL selectable iio: adc: ina2xx: Shift bus voltage register to mask flag bits iio: health: max30102: Add power enable parameter to get_temp function ath10k: update tdls teardown state to target cpufreq: Fix governor module removal race drm/amdgpu:fix random missing of FLR NOTIFY scsi: ses: don't ask for diagnostic pages repeatedly during probe pwm: stmpe: Fix wrong register offset for hwpwm=2 case drm/sun4i: Fix format mask in DE2 driver pinctrl: sh-pfc: r8a7791: Add can_clk function pinctrl: sh-pfc: r8a7795-es1: Fix MOD_SEL1 bit[25:24] to 0x3 when using STP_ISEN_1_D perf annotate: Fix unnecessary memory allocation for s390x perf annotate: Fix objdump comment parsing for Intel mov dissassembly iwlwifi: mvm: avoid dumping assert log when device is stopped drm/amdgpu:fix virtual dce bug clk: qcom: msm8916: fix mnd_width for codec_digcodec mwifiex: cfg80211: do not change virtual interface during scan processing ath10k: fix invalid STS_CAP_OFFSET_MASK tools/usbip: fixes build with musl libc toolchain spi: sun6i: disable/unprepare clocks on remove bnxt_en: Don't print "Link speed -1 no longer supported" messages. scsi: core: scsi_get_device_flags_keyed(): Always return device flags scsi: devinfo: apply to HP XP the same flags as Hitachi VSP scsi: dh: add new rdac devices media: vsp1: Prevent suspending and resuming DRM pipelines dm raid: fix raid set size revalidation media: cpia2: Fix a couple off by one bugs media: davinci: vpif_capture: add NULL check on devm_kzalloc return value virtio_net: Disable interrupts if napi_complete_done rescheduled napi net: sched: drop qdisc_reset from dev_graft_qdisc veth: set peer GSO values drm/amdkfd: Fix memory leaks in kfd topology powerpc/modules: Don't try to restore r2 after a sibling call powerpc/64: Don't trace irqs-off at interrupt return to soft-disabled context arm64: dts: renesas: salvator-common: Add EthernetAVB PHY reset agp/intel: Flush all chipset writes after updating the GGTT mac80211_hwsim: enforce PS_MANUAL_POLL to be set after PS_ENABLED mac80211: remove BUG() when interface type is invalid crypto: caam/qi - use correct print specifier for size_t ASoC: nuc900: Fix a loop timeout test mmc: mmc_test: Ensure command queue is disabled for testing Fix misannotated out-of-line _copy_to_user() ipvlan: add L2 check for packets arriving via virtual devices rcutorture/configinit: Fix build directory error message locking/locktorture: Fix num reader/writer corner cases ima: relax requiring a file signature for new files with zero length IB/mlx5: revisit -Wmaybe-uninitialized warning dmaengine: qcom_hidma: check pending interrupts drm/i915/glk: Disable Guc and HuC on GLK Linux 4.14.28 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Pierre
|
90cf769aeb |
crypto: ecc - Fix NULL pointer deref. on no default_rng
[ Upstream commit 4c0e22c90510308433272d7ba281b1eb4eda8209 ] If crypto_get_default_rng returns an error, the function ecc_gen_privkey should return an error. Instead, it currently tries to use the default_rng nevertheless, thus creating a kernel panic with a NULL pointer dereference. Returning the error directly, as was supposedly intended when looking at the code, fixes this. Signed-off-by: Pierre Ducroquet <pinaraf@pinaraf.info> Reviewed-by: PrasannaKumar Muralidharan <prasannatsmkumar@gmail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
85ab9a0468 |
This is the 4.14.24 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqaaf0ACgkQONu9yGCS aT7cDxAAxjZ8e9TGlix7q2wIWSFRfAaWpb4SyZYxP6pYnrdhrHr6IQ+U5ydtiRcz T+zYkpXGMTMdkmKogXITp8FUL9ztkABJ/RyHcYuTdxTSpSUN67KNrVwGbM5NobX/ dPwPkkvUQDh1jyCUsqbYMoGfBSJVH5e7KgsfCtpcnckNzX3R2TOuwRb7aVjpyD63 Nb2tY70o07bjQZ+M3iWM1cHQ5AaMkJcZeML7mc/40AAcDB0pPNr53LKfVjSFrwgK Od5tOHR//XF17Kdi1dtT+XSmHsXcocq4FEp6x4htJPD19uOou5KC31ceXi2k8UEG g6iCRrsijdTrsl0ajyrwvXRWtQFN5fUw6BjA1G1/82FE8Eovxv28VjEHFElS+jX3 gQNDsyeJjQIP7Kpq2tRLmUTtFBGnBW7pcLRR/9jmZJdKsvTGa1BwOUbp9OO2FHip hiijnuqz8gpS9mEilALpAF7QLQk3dX8qLS1HZO3KKnFLxwSJqZhENvdfPZ2Fl7kr 4zavBe7suEyj1+jEt6xqksNOEZh+KAqRIhOZVBry9bvxAG4VCiN6pxEx63uIimMC bN9OFZZACFlao/4MCOggS0M48/tWU15Hep+jstUZ3FarUfrNy4VcRjcrTKdDEPMX Z5kwJEi9p/J0cReQMagJ/Y63aG4lPHTW8wUxOlHcp+e1wi0q+Kc= =h0lU -----END PGP SIGNATURE----- Merge 4.14.24 into android-4.14 Changes in 4.14.24 hrtimer: Ensure POSIX compliance (relative CLOCK_REALTIME hrtimers) exec: avoid gcc-8 warning for get_task_comm mm/frame_vector.c: release a semaphore in 'get_vaddr_frames()' scsi: aacraid: Fix I/O drop during reset dmaengine: fsl-edma: disable clks on all error paths phy: cpcap-usb: Fix platform_get_irq_byname's error checking. nvme-fc: remove double put reference if admin connect fails nvme: check hw sectors before setting chunk sectors net: aquantia: Fix actual speed capabilities reporting net: aquantia: Fix hardware DMA stream overload on large MRRS net: usb: qmi_wwan: add Telit ME910 PID 0x1101 support mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM mtd: nand: brcmnand: Zero bitflip is not an error ipv6: icmp6: Allow icmp messages to be looped back parisc: Reduce thread stack to 16 kb ARM: 8731/1: Fix csum_partial_copy_from_user() stack mismatch x86/asm: Allow again using asm.h when building for the 'bpf' clang target sctp: fix the issue that a __u16 variable may overflow in sctp_ulpq_renege sget(): handle failures of register_shrinker() net: phy: xgene: disable clk on error paths drm/nouveau/pci: do a msi rearm on init xfrm: Reinject transport-mode packets through tasklet x86/stacktrace: Make zombie stack traces reliable mac80211_hwsim: Fix a possible sleep-in-atomic bug in hwsim_get_radio_nl spi: atmel: fixed spin_lock usage inside atmel_spi_remove ASoC: nau8825: fix issue that pop noise when start capture cgroup: Fix deadlock in cpu hotplug path staging: ion: Fix ion_cma_heap allocations x86-64/Xen: eliminate W+X mappings net: mediatek: setup proper state for disabled GMAC on the default net: arc_emac: fix arc_emac_rx() error paths vxlan: update skb dst pmtu on tx path ip_gre: remove the incorrect mtu limit for ipgre tap ip6_gre: remove the incorrect mtu limit for ipgre tap ip6_tunnel: get the min mtu properly in ip6_tnl_xmit net: stmmac: Fix TX timestamp calculation net: stmmac: Fix bad RX timestamp extraction net/mlx5e: Fix ETS BW check net/mlx5: Cleanup IRQs in case of unload failure net/mlx5: Stay in polling mode when command EQ destroy fails ASoC: rsnd: fixup ADG register mask xen/balloon: Mark unallocated host memory as UNUSABLE netfilter: nf_tables: fix chain filter in nf_tables_dump_rules() scsi: storvsc: Fix scsi_cmd error assignments in storvsc_handle_error netfilter: uapi: correct UNTRACKED conntrack state bit number i915: Reject CCS modifiers for pipe C on Geminilake RDMA/vmw_pvrdma: Call ib_umem_release on destroy QP path ARM: dts: ls1021a: fix incorrect clock references crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t lib/mpi: Fix umul_ppmm() for MIPS64r6 arm64: dts: renesas: ulcb: Remove renesas, no-ether-link property crypto: inside-secure - per request invalidation crypto: inside-secure - free requests even if their handling failed crypto: inside-secure - fix request allocations in invalidation path netfilter: nf_tables: fix potential NULL-ptr deref in nf_tables_dump_obj_done() tipc: error path leak fixes in tipc_enable_bearer() tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path tg3: Add workaround to restrict 5762 MRRS to 2048 tg3: Enable PHY reset in MTU change path for 5720 bnx2x: Improve reliability in case of nested PCI errors perf/x86/intel: Plug memory leak in intel_pmu_init() led: core: Fix brightness setting when setting delay_off=0 IB/mlx5: Fix mlx5_ib_alloc_mr error flow genirq: Guard handle_bad_irq log messages afs: Fix missing error handling in afs_write_end() s390/dasd: fix wrongly assigned configuration data btrfs: Fix flush bio leak ip6_tunnel: allow ip6gre dev mtu to be set below 1280 Input: xen-kbdfront - do not advertise multi-touch pressure support IB/mlx4: Fix mlx4_ib_alloc_mr error flow IB/ipoib: Fix race condition in neigh creation xfs: quota: fix missed destroy of qi_tree_lock xfs: quota: check result of register_shrinker() macvlan: Fix one possible double free e1000: fix disabling already-disabled warning NET: usb: qmi_wwan: add support for YUGA CLM920-NC5 PID 0x9625 drm/ttm: check the return value of kzalloc RDMA/netlink: Fix locking around __ib_get_device_by_index x86/efi: Fix kernel param add_efi_memmap regression uapi libc compat: add fallback for unsupported libcs i40e/i40evf: Account for frags split over multiple descriptors in check linearize i40e: don't remove netdev->dev_addr when syncing uc list net: ena: unmask MSI-X only after device initialization is completed nl80211: Check for the required netlink attribute presence mac80211: mesh: drop frames appearing to be from us can: flex_can: Correct the checking for frame length in flexcan_start_xmit() wcn36xx: Fix dynamic power saving block: drain queue before waiting for q_usage_counter becoming zero ia64, sched/cputime: Fix build error if CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y bpf: sockmap missing NULL psock check leds: core: Fix regression caused by commit 2b83ff96f51d powerpc/pseries: Make RAS IRQ explicitly dependent on DLPAR WQ nvme-fabrics: initialize default host->id in nvmf_host_default() x86/platform/intel-mid: Revert "Make 'bt_sfi_data' const" bnxt_en: Fix population of flow_type in bnxt_hwrm_cfa_flow_alloc() bnxt_en: Fix the 'Invalid VF' id check in bnxt_vf_ndo_prep routine. xen-netfront: enable device after manual module load mdio-sun4i: Fix a memory leak SolutionEngine771x: fix Ether platform data xen/gntdev: Fix off-by-one error when unmapping with holes xen/gntdev: Fix partial gntdev_mmap() cleanup sctp: add a ceiling to optlen in some sockopts sctp: make use of pre-calculated len net: gianfar_ptp: move set_fipers() to spinlock protecting area of_mdio: avoid MDIO bus removal when a PHY is missing nfp: always unmask aux interrupts at init mlxsw: pci: Wait after reset before accessing HW MIPS: Implement __multi3 for GCC7 MIPS64r6 builds powerpc/pseries: Enable RAS hotplug events later arm64: dts: marvell: add comphy nodes on cp110 master and slave arm64: dts: marvell: mcbin: add comphy references to Ethernet ports net: sched: fix crash when deleting secondary chains net: sched: crash on blocks with goto chain action net_sched: get rid of rcu_barrier() in tcf_block_put_ext() net: sched: fix use-after-free in tcf_block_put_ext Linux 4.14.24 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jonathan Cameron
|
36d0a678fb |
crypto: af_alg - Fix race around ctx->rcvused by making it atomic_t
[ Upstream commit af955bf15d2c27496b0269b1f05c26f758c68314 ]
This variable was increased and decreased without any protection.
Result was an occasional misscount and negative wrap around resulting
in false resource allocation failures.
Fixes: 7d2c3f54e6f6 ("crypto: af_alg - remove locking in async callback")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Dmitry Shmidt
|
2c71b7cbbb |
Merge 4.14.23 into android-4.14
Changes in 4.14.23 netfilter: drop outermost socket lock in getsockopt() arm64: mm: don't write garbage into TTBR1_EL1 register kconfig.h: Include compiler types to avoid missed struct attributes MIPS: boot: Define __ASSEMBLY__ for its.S build xtensa: fix high memory/reserved memory collision scsi: ibmvfc: fix misdefined reserved field in ibmvfc_fcp_rsp_info MIPS: Drop spurious __unused in struct compat_flock cfg80211: fix cfg80211_beacon_dup i2c: designware: must wait for enable i2c: bcm2835: Set up the rising/falling edge delays X.509: fix BUG_ON() when hash algorithm is unsupported X.509: fix NULL dereference when restricting key with unsupported_sig PKCS#7: fix certificate chain verification PKCS#7: fix certificate blacklisting extcon: int3496: process id-pin first so that we start with the right status RDMA/uverbs: Protect from races between lookup and destroy of uobjects RDMA/uverbs: Protect from command mask overflow RDMA/uverbs: Fix bad unlock balance in ib_uverbs_close_xrcd RDMA/uverbs: Fix circular locking dependency RDMA/uverbs: Sanitize user entered port numbers prior to access it iio: adc: stm32: fix stm32h7_adc_enable error handling iio: srf08: fix link error "devm_iio_triggered_buffer_setup" undefined iio: buffer: check if a buffer has been set up when poll is called iio: adis_lib: Initialize trigger before requesting interrupt Kbuild: always define endianess in kconfig.h x86/oprofile: Fix bogus GCC-8 warning in nmi_setup() mm, swap, frontswap: fix THP swap if frontswap enabled irqchip/gic-v3: Use wmb() instead of smb_wmb() in gic_raise_softirq() irqchip/mips-gic: Avoid spuriously handling masked interrupts PCI/cxgb4: Extend T3 PCI quirk to T4+ devices ohci-hcd: Fix race condition caused by ohci_urb_enqueue() and io_watchdog_func() usb: ohci: Proper handling of ed_rm_list to handle race condition between usb_kill_urb() and finish_unlinks() arm64: Remove unimplemented syscall log message arm64: Disable unhandled signal log messages by default arm64: cpufeature: Fix CTR_EL0 field definitions Add delay-init quirk for Corsair K70 RGB keyboards drm/edid: Add 6 bpc quirk for CPT panel in Asus UX303LA usb: host: ehci: use correct device pointer for dma ops usb: dwc3: gadget: Set maxpacket size for ep0 IN usb: dwc3: ep0: Reset TRB counter for ep0 IN usb: ldusb: add PIDs for new CASSY devices supported by this driver Revert "usb: musb: host: don't start next rx urb if current one failed" usb: gadget: f_fs: Process all descriptors during bind usb: gadget: f_fs: Use config_ep_by_speed() usb: renesas_usbhs: missed the "running" flag in usb_dmac with rx path drm/cirrus: Load lut in crtc_commit drm: Handle unexpected holes in color-eviction drm/amdgpu: disable MMHUB power gating on raven drm/amdgpu: Add dpm quirk for Jet PRO (v2) drm/amdgpu: only check mmBIF_IOV_FUNC_IDENTIFIER on tonga/fiji drm/amdgpu: add atpx quirk handling (v2) drm/amdgpu: Avoid leaking PM domain on driver unbind (v2) drm/amdgpu: add new device to use atpx quirk drm/i915/breadcrumbs: Ignore unsubmitted signalers m32r: fix endianness constraints microblaze: fix endian handling Linux 4.14.23 Change-Id: I065d928eedf89f981316268f19362d9f8c418431 Signed-off-by: Dmitry Shmidt <dimitrysh@google.com> |
||
|
Eric Biggers
|
29e76b211e |
PKCS#7: fix certificate blacklisting
commit 29f4a67c17e19314b7d74b8569be935e6c7edf50 upstream.
If there is a blacklisted certificate in a SignerInfo's certificate
chain, then pkcs7_verify_sig_chain() sets sinfo->blacklisted and returns
0. But, pkcs7_verify() fails to handle this case appropriately, as it
actually continues on to the line 'actual_ret = 0;', indicating that the
SignerInfo has passed verification. Consequently, PKCS#7 signature
verification ignores the certificate blacklist.
Fix this by not considering blacklisted SignerInfos to have passed
verification.
Also fix the function comment with regards to when 0 is returned.
Fixes: 03bb79315ddc ("PKCS#7: Handle blacklisted certificates")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
1a1f7f726b |
PKCS#7: fix certificate chain verification
commit 971b42c038dc83e3327872d294fe7131bab152fc upstream.
When pkcs7_verify_sig_chain() is building the certificate chain for a
SignerInfo using the certificates in the PKCS#7 message, it is passing
the wrong arguments to public_key_verify_signature(). Consequently,
when the next certificate is supposed to be used to verify the previous
certificate, the next certificate is actually used to verify itself.
An attacker can use this bug to create a bogus certificate chain that
has no cryptographic relationship between the beginning and end.
Fortunately I couldn't quite find a way to use this to bypass the
overall signature verification, though it comes very close. Here's the
reasoning: due to the bug, every certificate in the chain beyond the
first actually has to be self-signed (where "self-signed" here refers to
the actual key and signature; an attacker might still manipulate the
certificate fields such that the self_signed flag doesn't actually get
set, and thus the chain doesn't end immediately). But to pass trust
validation (pkcs7_validate_trust()), either the SignerInfo or one of the
certificates has to actually be signed by a trusted key. Since only
self-signed certificates can be added to the chain, the only way for an
attacker to introduce a trusted signature is to include a self-signed
trusted certificate.
But, when pkcs7_validate_trust_one() reaches that certificate, instead
of trying to verify the signature on that certificate, it will actually
look up the corresponding trusted key, which will succeed, and then try
to verify the *previous* certificate, which will fail. Thus, disaster
is narrowly averted (as far as I could tell).
Fixes: 6c2dc5ae4ab7 ("X.509: Extract signature digest and make self-signed cert checks earlier")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
99b2095ac7 |
X.509: fix NULL dereference when restricting key with unsupported_sig
commit 4b34968e77ad09628cfb3c4a7daf2adc2cefc6e8 upstream.
The asymmetric key type allows an X.509 certificate to be added even if
its signature's hash algorithm is not available in the crypto API. In
that case 'payload.data[asym_auth]' will be NULL. But the key
restriction code failed to check for this case before trying to use the
signature, resulting in a NULL pointer dereference in
key_or_keyring_common() or in restrict_link_by_signature().
Fix this by returning -ENOPKG when the signature is unsupported.
Reproducer when all the CONFIG_CRYPTO_SHA512* options are disabled and
keyctl has support for the 'restrict_keyring' command:
keyctl new_session
keyctl restrict_keyring @s asymmetric builtin_trusted
openssl req -new -sha512 -x509 -batch -nodes -outform der \
| keyctl padd asymmetric desc @s
Fixes: a511e1af8b12 ("KEYS: Move the point of trust determination to __key_link()")
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
dcb04cc794 |
X.509: fix BUG_ON() when hash algorithm is unsupported
commit 437499eea4291ae9621e8763a41df027c110a1ef upstream.
The X.509 parser mishandles the case where the certificate's signature's
hash algorithm is not available in the crypto API. In this case,
x509_get_sig_params() doesn't allocate the cert->sig->digest buffer;
this part seems to be intentional. However,
public_key_verify_signature() is still called via
x509_check_for_self_signed(), which triggers the 'BUG_ON(!sig->digest)'.
Fix this by making public_key_verify_signature() return -ENOPKG if the
hash buffer has not been allocated.
Reproducer when all the CONFIG_CRYPTO_SHA512* options are disabled:
openssl req -new -sha512 -x509 -batch -nodes -outform der \
| keyctl padd asymmetric desc @s
Fixes: 6c2dc5ae4ab7 ("X.509: Extract signature digest and make self-signed cert checks earlier")
Reported-by: Paolo Valente <paolo.valente@linaro.org>
Cc: Paolo Valente <paolo.valente@linaro.org>
Cc: <stable@vger.kernel.org> # v4.7+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
921c88669c |
FROMGIT: crypto: speck - add test vectors for Speck64-XTS
Add test vectors for Speck64-XTS, generated in userspace using C code. The inputs were borrowed from the AES-XTS test vectors, with key lengths adjusted. xts-speck64-neon passes these tests. However, they aren't currently applicable for the generic XTS template, as that only supports a 128-bit block size. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 41b3316e75ee5e8aec7234c9d631582b13a38c7d git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Change-Id: I61a2c77dbfcf487d77b3d9ef0a823dadea8ddf07 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
dfd5e0277a |
FROMGIT: crypto: speck - add test vectors for Speck128-XTS
Add test vectors for Speck128-XTS, generated in userspace using C code. The inputs were borrowed from the AES-XTS test vectors. Both xts(speck128-generic) and xts-speck128-neon pass these tests. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit c3bb521bb6ac3023ae236a3a361f951f8d78ecc4 git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Change-Id: Ifd701d5df4a6602c207cfb28decc620ef7e5f896 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
b456daecc7 |
FROMGIT: crypto: speck - export common helpers
Export the Speck constants and transform context and the ->setkey(), ->encrypt(), and ->decrypt() functions so that they can be reused by the ARM NEON implementation of Speck-XTS. The generic key expansion code will be reused because it is not performance-critical and is not vectorizable, while the generic encryption and decryption functions are needed as fallbacks and for the XTS tweak encryption. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit c8c36413ca8ccbf7a0afe71247fc4617ee2dfcfe git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Change-Id: I93e96e1ef40de7071af212146b8ad3bf45297c1d Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Eric Biggers
|
1b5dd7104e |
FROMGIT: crypto: speck - add support for the Speck block cipher
Add a generic implementation of Speck, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions. Currently, such devices are unencrypted because AES is not fast enough, even when the NEON bit-sliced implementation of AES is used. Other AES alternatives such as Twofish, Threefish, Camellia, CAST6, and Serpent aren't fast enough either; it seems that only a modern ARX cipher can provide sufficient performance on these devices. This is a replacement for our original proposal (https://patchwork.kernel.org/patch/10101451/) which was to offer ChaCha20 for these devices. However, the use of a stream cipher for disk/file encryption with no space to store nonces would have been much more insecure than we thought initially, given that it would be used on top of flash storage as well as potentially on top of F2FS, neither of which is guaranteed to overwrite data in-place. Speck has been somewhat controversial due to its origin. Nevertheless, it has a straightforward design (it's an ARX cipher), and it appears to be the leading software-optimized lightweight block cipher currently, with the most cryptanalysis. It's also easy to implement without side channels, unlike AES. Moreover, we only intend Speck to be used when the status quo is no encryption, due to AES not being fast enough. We've also considered a novel length-preserving encryption mode based on ChaCha20 and Poly1305. While theoretically attractive, such a mode would be a brand new crypto construction and would be more complicated and difficult to implement efficiently in comparison to Speck-XTS. There is confusion about the byte and word orders of Speck, since the original paper doesn't specify them. But we have implemented it using the orders the authors recommended in a correspondence with them. The test vectors are taken from the original paper but were mapped to byte arrays using the recommended byte and word orders. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit da7a0ab5b4babbe5d7a46f852582be06a00a28f0 git://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Change-Id: Id13c44dee8e3817590950c178d54b24c3aee0b4e Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
|
Greg Kroah-Hartman
|
474d3c467b |
This is the 4.14.21 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqO1toACgkQONu9yGCS
aT49JhAAjKxDe1PA6lq51uyWHlR73vJ93SvtDCHuM8s6aj/rb880vjeZumWcEAdR
nl2Yj/T0z9yZkBrw8Om/3BX4PfsF6hqq1TAufxYeKs08nVQ60v3/a4Mz9CYu8e0A
mXdK6DvSEQRS6S0vc83W2+fj5e05Vfvv23FlsngtH6IxaOL7mnRTxNmP5/PMP3QX
xtOKRBB7ghqqfV8U+yAJ0fbTKu0a+ztPLxCe2Lk+7U7yFpqLudzBfTV06QpcqwSF
fXdRWv8319c24585qubm2N1zDJ8PsxlcFWmvgbcZgO+lk1Zf4XuzxjsElg6PpYvT
m+8L1/Qo4k+L3eXJJiwLPqd6LP9VtspvRItZKMFMPZJNWLdk9tnjcLuA/HpTUvo9
EO/fXBP3YrX48TrjGIu9K4ToZvLFWGcDno5Vges0fb2MkixWF5b2naEdeS+B7SF2
ckYAWuoZPErmmNo6bhIkdizube6k8t+Ch7JxkxWgZh+Jw80drqSBzfdWKTLMl3k0
Nvo8RdbuSrDSg40NHT/d46tBguMp9n/J8eu6f/poN1VZRdqZkgqZ7xHjl7vgRRkg
nfcVndDTw099hhC0OuWVHJMpk62wVz+tRPNOR/yCucDPH1//HuEZ62sQzcjpPQ9l
ML2MD4zrTORK9VuztJFET8feWQ4KrqoSdE8HMD+TtMhhShcZcJA=
=vnDS
-----END PGP SIGNATURE-----
Merge 4.14.21 into android-4.14
Changes in 4.14.21
tracing: Prevent PROFILE_ALL_BRANCHES when FORTIFY_SOURCE=y
scsi: smartpqi: allow static build ("built-in")
IB/umad: Fix use of unprotected device pointer
IB/qib: Fix comparison error with qperf compare/swap test
IB/mlx4: Fix incorrectly releasing steerable UD QPs when have only ETH ports
IB/core: Fix two kernel warnings triggered by rxe registration
IB/core: Fix ib_wc structure size to remain in 64 bytes boundary
IB/core: Avoid a potential OOPs for an unused optional parameter
selftests: seccomp: fix compile error seccomp_bpf
kselftest: fix OOM in memory compaction test
RDMA/rxe: Fix a race condition related to the QP error state
RDMA/rxe: Fix a race condition in rxe_requester()
RDMA/rxe: Fix rxe_qp_cleanup()
cpufreq: powernv: Dont assume distinct pstate values for nominal and pmin
swiotlb: suppress warning when __GFP_NOWARN is set
PM / devfreq: Propagate error from devfreq_add_device()
mwifiex: resolve reset vs. remove()/shutdown() deadlocks
ocfs2: try a blocking lock before return AOP_TRUNCATED_PAGE
powerpc/radix: Remove trace_tlbie call from radix__flush_tlb_all
powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove
powerpc/mm: Flush radix process translations when setting MMU type
powerpc/xive: Use hw CPU ids when configuring the CPU queues
powerpc: Fix DABR match on hash based systems
dma-buf: fix reservation_object_wait_timeout_rcu once more v2
s390: fix handling of -1 in set{,fs}[gu]id16 syscalls
arm64: dts: msm8916: Correct ipc references for smsm
ARM: lpc3250: fix uda1380 gpio numbers
ARM: dts: STi: Add gpio polarity for "hdmi,hpd-gpio" property
ARM: dts: nomadik: add interrupt-parent for clcd
arm: dts: mt7623: fix card detection issue on bananapi-r2
arm: spear600: Add missing interrupt-parent of rtc
arm: spear13xx: Fix dmas cells
arm: spear13xx: Fix spics gpio controller's warning
drm/i915: add GT number to intel_device_info
drm/i915/kbl: Change a KBL pci id to GT2 from GT1.5
x86/gpu: add CFL to early quirks
x86/kexec: Make kexec (mostly) work in 5-level paging mode
x86/xen: init %gs very early to avoid page faults with stack protector
x86: PM: Make APM idle driver initialize polling state
x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface
compiler-gcc.h: Introduce __optimize function attribute
compiler-gcc.h: __nostackprotector needs gcc-4.4 and up
crypto: sun4i_ss_prng - fix return value of sun4i_ss_prng_generate
crypto: sun4i_ss_prng - convert lock to _bh in sun4i_ss_prng_generate
powerpc/mm/radix: Split linear mapping on hot-unplug
x86/mm/pti: Fix PTI comment in entry_SYSCALL_64()
x86/speculation: Update Speculation Control microcode blacklist
x86/speculation: Correct Speculation Control microcode blacklist again
Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()"
KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods
X86/nVMX: Properly set spec_ctrl and pred_cmd before merging MSRs
KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap
x86/speculation: Clean up various Spectre related details
PM / runtime: Update links_count also if !CONFIG_SRCU
PM: cpuidle: Fix cpuidle_poll_state_init() prototype
x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface
x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions
x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro
x86/entry/64: Interleave XOR register clearing with PUSH instructions
x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro
x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases
x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros
x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly
x86/entry/64: Fix paranoid_entry() frame pointer warning
x86/entry/64: Remove the unused 'icebp' macro
selftests/x86: Fix vDSO selftest segfault for vsyscall=none
selftests/x86: Clean up and document sscanf() usage
selftests/x86/pkeys: Remove unused functions
selftests/x86: Do not rely on "int $0x80" in test_mremap_vdso.c
selftests/x86: Do not rely on "int $0x80" in single_step_syscall.c
selftests/x86: Disable tests requiring 32-bit support on pure 64-bit systems
objtool: Fix segfault in ignore_unreachable_insn()
x86/debug, objtool: Annotate WARN()-related UD2 as reachable
x86/debug: Use UD2 for WARN()
x86/speculation: Fix up array_index_nospec_mask() asm constraint
nospec: Move array_index_nospec() parameter checking into separate macro
x86/speculation: Add <asm/msr-index.h> dependency
kmemcheck: remove annotations
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
kmemcheck: remove whats left of NOTRACK flags
kmemcheck: rip it out
kmemcheck: rip it out for real
x86/mm: Rename flush_tlb_single() and flush_tlb_one() to __flush_tlb_one_[user|kernel]()
selftests/x86/mpx: Fix incorrect bounds with old _sigfault
x86/cpu: Rename cpu_data.x86_mask to cpu_data.x86_stepping
x86/spectre: Fix an error message
x86/cpu: Change type of x86_cache_size variable to unsigned int
x86/entry/64: Fix CR3 restore in paranoid_exit()
drm/ttm: Don't add swapped BOs to swap-LRU list
drm/ttm: Fix 'buf' pointer update in ttm_bo_vm_access_kmap() (v2)
drm/qxl: unref cursor bo when finished with it
drm/amd/powerplay: Fix smu_table_entry.handle type
drm/ast: Load lut in crtc_commit
arm64: Add missing Falkor part number for branch predictor hardening
drm/radeon: Add dpm quirk for Jet PRO (v2)
drm/radeon: adjust tested variable
rtc-opal: Fix handling of firmware error codes, prevent busy loops
mbcache: initialize entry->e_referenced in mb_cache_entry_create()
mmc: sdhci: Implement an SDHCI-specific bounce buffer
mmc: bcm2835: Don't overwrite max frequency unconditionally
Revert "mmc: meson-gx: include tx phase in the tuning process"
mlx5: fix mlx5_get_vector_affinity to start from completion vector 0
Revert "apple-gmux: lock iGP IO to protect from vgaarb changes"
jbd2: fix sphinx kernel-doc build warnings
ext4: fix a race in the ext4 shutdown path
ext4: save error to disk in __ext4_grp_locked_error()
ext4: correct documentation for grpid mount option
mm: hide a #warning for COMPILE_TEST
mm: Fix memory size alignment in devm_memremap_pages_release()
MIPS: Fix typo BIG_ENDIAN to CPU_BIG_ENDIAN
MIPS: Fix incorrect mem=X@Y handling
PCI: Disable MSI for HiSilicon Hip06/Hip07 only in Root Port mode
PCI: iproc: Fix NULL pointer dereference for BCMA
PCI: keystone: Fix interrupt-controller-node lookup
video: fbdev: atmel_lcdfb: fix display-timings lookup
console/dummy: leave .con_font_get set to NULL
rbd: whitelist RBD_FEATURE_OPERATIONS feature bit
xen: Fix {set,clear}_foreign_p2m_mapping on autotranslating guests
xenbus: track caller request id
seq_file: fix incomplete reset on read from zero offset
tracing: Fix parsing of globs with a wildcard at the beginning
mpls, nospec: Sanitize array index in mpls_label_ok()
rtlwifi: rtl8821ae: Fix connection lost problem correctly
arm64: proc: Set PTE_NG for table entries to avoid traversing them twice
qxl: alloc & use shadow for dumb buffers
drm/qxl: reapply cursor after resetting primary
xprtrdma: Fix calculation of ri_max_send_sges
xprtrdma: Fix BUG after a device removal
blk-wbt: account flush requests correctly
target/iscsi: avoid NULL dereference in CHAP auth error path
iscsi-target: make sure to wake up sleeping login worker
dm: correctly handle chained bios in dec_pending()
Btrfs: fix deadlock in run_delalloc_nocow
Btrfs: fix crash due to not cleaning up tree log block's dirty bits
Btrfs: fix extent state leak from tree log
Btrfs: fix btrfs_evict_inode to handle abnormal inodes correctly
Btrfs: fix use-after-free on root->orphan_block_rsv
Btrfs: fix unexpected -EEXIST when creating new inode
9p/trans_virtio: discard zero-length reply
mtd: nand: vf610: set correct ooblayout
ALSA: hda - Fix headset mic detection problem for two Dell machines
ALSA: usb-audio: Fix UAC2 get_ctl request with a RANGE attribute
ALSA: hda/realtek - Add headset mode support for Dell laptop
ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform
ALSA: hda/realtek: PCI quirk for Fujitsu U7x7
ALSA: usb-audio: add implicit fb quirk for Behringer UFX1204
ALSA: usb: add more device quirks for USB DSD devices
ALSA: seq: Fix racy pool initializations
mvpp2: fix multicast address filter
usb: Move USB_UHCI_BIG_ENDIAN_* out of USB_SUPPORT
x86/mm, mm/hwpoison: Don't unconditionally unmap kernel 1:1 pages
scsi: core: check for device state in __scsi_remove_target()
Bluetooth: BT_HCIUART now depends on SERIAL_DEV_BUS
ARM: dts: exynos: fix RTC interrupt for exynos5410
ARM: pxa/tosa-bt: add MODULE_LICENSE tag
arm64: dts: msm8916: Add missing #phy-cells
ARM: dts: s5pv210: add interrupt-parent for ohci
arm: dts: mt7623: Update ethsys binding
arm: dts: mt2701: Add reset-cells
ARM: dts: Delete bogus reference to the charlcd
media: r820t: fix r820t_write_reg for KASAN
mmc: sdhci-of-esdhc: disable SD clock for clock value 0
mmc: sdhci-of-esdhc: fix eMMC couldn't work after kexec
mmc: sdhci-of-esdhc: fix the mmc error after sleep on ls1046ardb
ASoC: acpi: fix machine driver selection based on quirk
ovl: hash directory inodes for fsnotify
Linux 4.14.21
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Levin, Alexander (Sasha Levin)
|
ae63fd26b2 |
kmemcheck: stop using GFP_NOTRACK and SLAB_NOTRACK
commit 75f296d93bcebcfe375884ddac79e30263a31766 upstream. Convert all allocations that used a NOTRACK flag to stop using it. Link: http://lkml.kernel.org/r/20171007030159.22241-3-alexander.levin@verizon.com Signed-off-by: Sasha Levin <alexander.levin@verizon.com> Cc: Alexander Potapenko <glider@google.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Michal Hocko <mhocko@kernel.org> Cc: Pekka Enberg <penberg@kernel.org> Cc: Steven Rostedt <rostedt@goodmis.org> Cc: Tim Hansen <devtimhansen@gmail.com> Cc: Vegard Nossum <vegardno@ifi.uio.no> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
0a91e84c5c |
This is the 4.14.20 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqHL6UACgkQONu9yGCS
aT47Lg/+Mbq1s2Vu+ZZ0Qt0fTsZeNE9GcM5tPgb0rcsoaBZUWncSCaFwI3M3RUPb
tQDrq+Fqmi/mloSuNFw1nGajWoilUB5KJOeRRXpPkS3Zzc92z8GW+12erHAiYXGt
XVK54PzIQNSeoBVJrtP+AYH7TSisj9cVJqe6Dz/GYIXY4aBA2xn1EvN/dkp/4YOX
S7w+RDS7BnNwqxpGy4l+/3m84j/IwG44kKG8RLiF1IPItK5BvlQJQDiUUDX0nLx+
1Tr2kMDN10YdrLV4dNGRZg54Va7wvmJ17ecN7F3JaIKOlJ+hvpoLndOR/mMVuj84
cixnr5ATug1RJmjrqloA95//jqecMzfn4ogATi8KiY6O7adnH0+/DcpQ14LXuRJx
WGP1S2xsvrSqqs2io0yWv+WFIhKBAE6RAa7gjMdz9I+/dy3eNMbzCS3y4q7VcYOB
xAT478ZtuZYEmseYM2lPNK51AkobO2pGC+TCBst6VQvbMN5BETdI4irj6yBOLez5
rgTVXJfogEUUhLFGNR26sytFbT1+RfEqQwe9EZlm2b/Aa5RB7MBOKSk82Jw/IQ9g
4TG0DNvakhWnJwfIHjraJ8uiB+uAGYfSRarIlle/Xb9WtNhfvhudUISlbPVHBh10
Z7rQpt52/xx0io5lg7d3VSbg/4mQQ2VYY6O5Y/6Ilqda51UVt9M=
=+7+H
-----END PGP SIGNATURE-----
Merge 4.14.20 into android-4.14
Changes in 4.14.20
watchdog: indydog: Add dependency on SGI_HAS_INDYDOG
powerpc/pseries: include linux/types.h in asm/hvcall.h
cifs: Fix missing put_xid in cifs_file_strict_mmap
cifs: Fix autonegotiate security settings mismatch
CIFS: zero sensitive data when freeing
cpufreq: mediatek: add mediatek related projects into blacklist
dmaengine: dmatest: fix container_of member in dmatest_callback
sched/wait: Fix add_wait_queue() behavioral change
watchdog: gpio_wdt: set WDOG_HW_RUNNING in gpio_wdt_stop
arm64: Define cputype macros for Falkor CPU
arm64: Add software workaround for Falkor erratum 1041
KVM MMU: check pending exception before injecting APF
sched/rt: Use container_of() to get root domain in rto_push_irq_work_func()
sched/rt: Up the root domain ref count when passing it around via IPIs
drm/i915: Add .get_hw_state() method for planes
drm/i915: Redo plane sanitation during readout
drm/i915: Fix deadlock in i830_disable_pipe()
dccp: CVE-2017-8824: use-after-free in DCCP code
media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
media: hdpvr: Fix an error handling path in hdpvr_probe()
arm64: move TASK_* definitions to <asm/processor.h>
arm64: mm: Use non-global mappings for kernel space
arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
arm64: mm: Move ASID from TTBR0 to TTBR1
arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
arm64: mm: Rename post_ttbr0_update_workaround
arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
arm64: mm: Allocate ASIDs in pairs
arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
arm64: entry: Add exception trampoline page for exceptions from EL0
arm64: mm: Map entry trampoline into trampoline and kernel page tables
arm64: entry: Explicitly pass exception level to kernel_ventry macro
arm64: entry: Hook up entry trampoline to exception vectors
arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
arm64: cpu_errata: Add Kryo to Falkor 1003 errata
arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
arm64: kaslr: Put kernel vectors address in separate data page
arm64: use RET instruction for exiting the trampoline
arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
arm64: Take into account ID_AA64PFR0_EL1.CSV3
arm64: capabilities: Handle duplicate entries for a capability
arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
arm64: kpti: Fix the interaction between ASID switching and software PAN
arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
arm64: Turn on KPTI only on CPUs that need it
arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
arm64: mm: Permit transitioning from Global to Non-Global without BBM
arm64: kpti: Add ->enable callback to remap swapper using nG mappings
arm64: Force KPTI to be disabled on Cavium ThunderX
arm64: entry: Reword comment about post_ttbr_update_workaround
arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
arm64: barrier: Add CSDB macros to control data-value prediction
arm64: Implement array_index_mask_nospec()
arm64: Make USER_DS an inclusive limit
arm64: Use pointer masking to limit uaccess speculation
arm64: entry: Ensure branch through syscall table is bounded under speculation
arm64: uaccess: Prevent speculative use of the current addr_limit
arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
arm64: futex: Mask __user pointers prior to dereference
arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
arm64: Run enable method for errata work arounds on late CPUs
arm64: cpufeature: Pass capability structure to ->enable callback
drivers/firmware: Expose psci_get_version through psci_ops structure
arm64: Move post_ttbr_update_workaround to C code
arm64: Add skeleton to harden the branch predictor against aliasing attacks
arm64: Move BP hardening to check_and_switch_context
arm64: KVM: Use per-CPU vector when BP hardening is enabled
arm64: entry: Apply BP hardening for high-priority synchronous exceptions
arm64: entry: Apply BP hardening for suspicious interrupts from EL0
arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
arm64: Implement branch predictor hardening for affected Cortex-A CPUs
arm64: Implement branch predictor hardening for Falkor
arm64: Branch predictor hardening for Cavium ThunderX2
arm64: KVM: Increment PC after handling an SMC trap
arm/arm64: KVM: Consolidate the PSCI include files
arm/arm64: KVM: Add PSCI_VERSION helper
arm/arm64: KVM: Add smccc accessors to PSCI code
arm/arm64: KVM: Implement PSCI 1.0 support
arm/arm64: KVM: Advertise SMCCC v1.1
arm64: KVM: Make PSCI_VERSION a fast path
arm/arm64: KVM: Turn kvm_psci_version into a static inline
arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
firmware/psci: Expose PSCI conduit
firmware/psci: Expose SMCCC version through psci_ops
arm/arm64: smccc: Make function identifiers an unsigned quantity
arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
mtd: cfi: convert inline functions to macros
mtd: nand: brcmnand: Disable prefetch by default
mtd: nand: Fix nand_do_read_oob() return value
mtd: nand: sunxi: Fix ECC strength choice
ubi: Fix race condition between ubi volume creation and udev
ubi: fastmap: Erase outdated anchor PEBs during attach
ubi: block: Fix locking for idr_alloc/idr_remove
ubifs: free the encrypted symlink target
nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds
nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE
NFS: Add a cond_resched() to nfs_commit_release_pages()
NFS: Fix nfsstat breakage due to LOOKUPP
NFS: commit direct writes even if they fail partially
NFS: reject request for id_legacy key without auxdata
NFS: Fix a race between mmap() and O_DIRECT
kernfs: fix regression in kernfs_fop_write caused by wrong type
ahci: Annotate PCI ids for mobile Intel chipsets as such
ahci: Add PCI ids for Intel Bay Trail, Cherry Trail and Apollo Lake AHCI
ahci: Add Intel Cannon Lake PCH-H PCI ID
crypto: hash - introduce crypto_hash_alg_has_setkey()
crypto: cryptd - pass through absence of ->setkey()
crypto: mcryptd - pass through absence of ->setkey()
crypto: poly1305 - remove ->setkey() method
crypto: hash - annotate algorithms taking optional key
crypto: hash - prevent using keyed hashes without setting key
media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
crypto: caam - fix endless loop when DECO acquire fails
crypto: sha512-mb - initialize pending lengths correctly
arm: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
KVM: nVMX: Fix races when sending nested PI while dest enters/leaves L2
KVM: nVMX: Fix bug of injecting L2 exception into L1
KVM: PPC: Book3S HV: Make sure we don't re-enter guest without XIVE loaded
KVM: PPC: Book3S HV: Drop locks before reading guest memory
KVM: arm/arm64: Handle CPU_PM_ENTER_FAILED
KVM: PPC: Book3S PR: Fix broken select due to misspelling
ASoC: rockchip: i2s: fix playback after runtime resume
ASoC: skl: Fix kernel warning due to zero NHTL entry
watchdog: imx2_wdt: restore previous timeout after suspend+resume
Btrfs: raid56: iterate raid56 internal bio with bio_for_each_segment_all
kasan: don't emit builtin calls when sanitization is off
kasan: rework Kconfig settings
media: dvb-frontends: fix i2c access helpers for KASAN
media: ts2020: avoid integer overflows on 32 bit machines
media: cxusb, dib0700: ignore XC2028_I2C_FLUSH
fs/proc/kcore.c: use probe_kernel_read() instead of memcpy()
kernel/async.c: revert "async: simplify lowest_in_progress()"
kernel/relay.c: revert "kernel/relay.c: fix potential memory leak"
pipe: actually allow root to exceed the pipe buffer limits
pipe: fix off-by-one error when checking buffer limits
HID: quirks: Fix keyboard + touchpad on Toshiba Click Mini not working
Bluetooth: btsdio: Do not bind to non-removable BCM43341
Revert "Bluetooth: btusb: fix QCA Rome suspend/resume"
Bluetooth: btusb: Restore QCA Rome suspend/resume fix with a "rewritten" version
ipmi: use dynamic memory for DMI driver override
signal/openrisc: Fix do_unaligned_access to send the proper signal
signal/sh: Ensure si_signo is initialized in do_divide_error
alpha: fix crash if pthread_create races with signal delivery
alpha: osf_sys.c: fix put_tv32 regression
alpha: Fix mixed up args in EXC macro in futex operations
alpha: fix reboot on Avanti platform
alpha: fix formating of stack content
xtensa: fix futex_atomic_cmpxchg_inatomic
EDAC, octeon: Fix an uninitialized variable warning
pinctrl: intel: Initialize GPIO properly when used through irqchip
pinctrl: mcp23s08: fix irq setup order
pinctrl: sx150x: Unregister the pinctrl on release
pinctrl: sx150x: Register pinctrl before adding the gpiochip
pinctrl: sx150x: Add a static gpio/pinctrl pin range mapping
pktcdvd: Fix pkt_setup_dev() error path
pktcdvd: Fix a recently introduced NULL pointer dereference
blk-mq: quiesce queue before freeing queue
clocksource/drivers/stm32: Fix kernel panic with multiple timers
lib/ubsan.c: s/missaligned/misaligned/
lib/ubsan: add type mismatch handler for new GCC/Clang
btrfs: Handle btrfs_set_extent_delalloc failure in fixup worker
objtool: Fix switch-table detection
arm64: dts: marvell: add Ethernet aliases
drm/i915: Avoid PPS HW/SW state mismatch due to rounding
ACPI: sbshc: remove raw pointer from printk() message
acpi, nfit: fix register dimm error handling
ovl: fix failure to fsync lower dir
ovl: take mnt_want_write() for removing impure xattr
mn10300/misalignment: Use SIGSEGV SEGV_MAPERR to report a failed user copy
devpts: fix error handling in devpts_mntget()
ftrace: Remove incorrect setting of glob search field
scsi: core: Ensure that the SCSI error handler gets woken up
rcu: Export init_rcu_head() and destroy_rcu_head() to GPL modules
scsi: lpfc: Fix crash after bad bar setup on driver attachment
scsi: cxlflash: Reset command ioasc
Linux 4.14.20
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Eric Biggers
|
2f00eb2790 |
crypto: hash - prevent using keyed hashes without setting key
commit 9fa68f620041be04720d0cbfb1bd3ddfc6310b24 upstream.
Currently, almost none of the keyed hash algorithms check whether a key
has been set before proceeding. Some algorithms are okay with this and
will effectively just use a key of all 0's or some other bogus default.
However, others will severely break, as demonstrated using
"hmac(sha3-512-generic)", the unkeyed use of which causes a kernel crash
via a (potentially exploitable) stack buffer overflow.
A while ago, this problem was solved for AF_ALG by pairing each hash
transform with a 'has_key' bool. However, there are still other places
in the kernel where userspace can specify an arbitrary hash algorithm by
name, and the kernel uses it as unkeyed hash without checking whether it
is really unkeyed. Examples of this include:
- KEYCTL_DH_COMPUTE, via the KDF extension
- dm-verity
- dm-crypt, via the ESSIV support
- dm-integrity, via the "internal hash" mode with no key given
- drbd (Distributed Replicated Block Device)
This bug is especially bad for KEYCTL_DH_COMPUTE as that requires no
privileges to call.
Fix the bug for all users by adding a flag CRYPTO_TFM_NEED_KEY to the
->crt_flags of each hash transform that indicates whether the transform
still needs to be keyed or not. Then, make the hash init, import, and
digest functions return -ENOKEY if the key is still needed.
The new flag also replaces the 'has_key' bool which algif_hash was
previously using, thereby simplifying the algif_hash implementation.
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
8d906d183b |
crypto: hash - annotate algorithms taking optional key
commit a208fa8f33031b9e0aba44c7d1b7e68eb0cbd29e upstream. We need to consistently enforce that keyed hashes cannot be used without setting the key. To do this we need a reliable way to determine whether a given hash algorithm is keyed or not. AF_ALG currently does this by checking for the presence of a ->setkey() method. However, this is actually slightly broken because the CRC-32 algorithms implement ->setkey() but can also be used without a key. (The CRC-32 "key" is not actually a cryptographic key but rather represents the initial state. If not overridden, then a default initial state is used.) Prepare to fix this by introducing a flag CRYPTO_ALG_OPTIONAL_KEY which indicates that the algorithm has a ->setkey() method, but it is not required to be called. Then set it on all the CRC-32 algorithms. The same also applies to the Adler-32 implementation in Lustre. Also, the cryptd and mcryptd templates have to pass through the flag from their underlying algorithm. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
b806c0cc4c |
crypto: poly1305 - remove ->setkey() method
commit a16e772e664b9a261424107784804cffc8894977 upstream. Since Poly1305 requires a nonce per invocation, the Linux kernel implementations of Poly1305 don't use the crypto API's keying mechanism and instead expect the key and nonce as the first 32 bytes of the data. But ->setkey() is still defined as a stub returning an error code. This prevents Poly1305 from being used through AF_ALG and will also break it completely once we start enforcing that all crypto API users (not just AF_ALG) call ->setkey() if present. Fix it by removing crypto_poly1305_setkey(), leaving ->setkey as NULL. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
16210524c4 |
crypto: mcryptd - pass through absence of ->setkey()
commit fa59b92d299f2787e6bae1ff078ee0982e80211f upstream. When the mcryptd template is used to wrap an unkeyed hash algorithm, don't install a ->setkey() method to the mcryptd instance. This change is necessary for mcryptd to keep working with unkeyed hash algorithms once we start enforcing that ->setkey() is called when present. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
ed7b0af0ca |
crypto: cryptd - pass through absence of ->setkey()
commit 841a3ff329713f796a63356fef6e2f72e4a3f6a3 upstream. When the cryptd template is used to wrap an unkeyed hash algorithm, don't install a ->setkey() method to the cryptd instance. This change is necessary for cryptd to keep working with unkeyed hash algorithms once we start enforcing that ->setkey() is called when present. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Biggers
|
b8b32e2e68 |
crypto: hash - introduce crypto_hash_alg_has_setkey()
commit cd6ed77ad5d223dc6299fb58f62e0f5267f7e2ba upstream. Templates that use an shash spawn can use crypto_shash_alg_has_setkey() to determine whether the underlying algorithm requires a key or not. But there was no corresponding function for ahash spawns. Add it. Note that the new function actually has to support both shash and ahash algorithms, since the ahash API can be used with either. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
fb6faf0423 |
This is the 4.14.19 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlqCrbkACgkQONu9yGCS aT5xyRAAgfkFRW7sAiH5wiXmwSPE7sz/HHvhYRevUHTgODMDi19YDcy6Zjq2NMaU zsg6Bi+b11QZ77g0ctnxHDfo6snqwBkrapbO9ddnsZtWB6eTcD9o2Mhd82I5Trj6 4EQcq+fQGoPPPVvRCnuVk+HInfovgBV5DhTGxC2qX6KOrbDh0QF/43mlWf7H8eXb HJ7ot9Xpsg7AjzpCJfqQGoDFB2a/ThXMftXwcxHNWdiVqjzWXuZfwUh1gqV4afl1 x418+HUGUHvHGB6nLUCKrsewVpczLB3IQYe6+AQ1n9W/mK6IEZyDvRD7tuJ0BkMC YR5hjesKT7U6fUL1lbfPBXcHpbQLUEYeqz6S0St5MvkzmJq9TimVcNwgXwB75sQs PECdOzrojNtJuZx+n3ReocrpWQzvBQ3Xt5odE5qqvIepXj7CnRiJfg2vsTNW0A6K KNT+mdzno36Te6nDMXKiMUnH8IRjwwXk7zveI6daYN0FZE++gvoyEhOeF3bUAcpR UQYj8pgLuwFUNm22JcGHQhTudMv2z9Ulv5zsylwkU3CuS8wMTS6O4JrwX0IfOIkj c4Ta/6w+bNC63WKboAyGlwwbZy+Xll8+3NMoFx6TsEytcnowyqli1bP0kDONMXQR O5kMzZJ6elSOwZjk7Q0IZ7sdV3lKTIj4Fxh0UN4yu1JxHyDvops= =gY6O -----END PGP SIGNATURE----- Merge 4.14.19 into android-4.14 Changes in 4.14.19 .gitignore: sort normal pattern rules alphabetically .gitignore: move *.dtb and *.dtb.S patterns to the top-level .gitignore kbuild: rpm-pkg: keep spec file until make mrproper ip6mr: fix stale iterator net: igmp: add a missing rcu locking section qlcnic: fix deadlock bug qmi_wwan: Add support for Quectel EP06 r8169: fix RTL8168EP take too long to complete driver initialization. tcp: release sk_frag.page in tcp_disconnect vhost_net: stop device during reset owner Revert "defer call to mem_cgroup_sk_alloc()" net: ipv6: send unsolicited NA after DAD rocker: fix possible null pointer dereference in rocker_router_fib_event_work tcp_bbr: fix pacing_gain to always be unity when using lt_bw ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only soreuseport: fix mem leak in reuseport_add_sock() media: mtk-vcodec: add missing MODULE_LICENSE/DESCRIPTION media: soc_camera: soc_scale_crop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE crypto: tcrypt - fix S/G table for test_aead_speed() arch: define weak abort() kernel/exit.c: export abort() to modules scsi: storvsc: missing error code in storvsc_probe() Revert "x86/alternative: Print unadorned pointers" Linux 4.14.19 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Robert Baronescu
|
3a570cfe78 |
crypto: tcrypt - fix S/G table for test_aead_speed()
commit 5c6ac1d4f8fbdbed65dbeb8cf149d736409d16a1 upstream. In case buffer length is a multiple of PAGE_SIZE, the S/G table is incorrectly generated. Fix this by handling buflen = k * PAGE_SIZE separately. Signed-off-by: Robert Baronescu <robert.baronescu@nxp.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Horia Geantă <horia.geanta@nxp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
faeb94c01f |
This is the 4.14.17 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlp15cgACgkQONu9yGCS aT7HLRAAvNpaT9FzyWLq2w88ZY/I0jBAQeREPbdPVma/FWUPwgTwazkvPto7x3ys 11jmujbg5XDhZjlwAyJ1sGUVQrMoP2/2o069MCUz237z0ruDLpEWrbGWDoK3TjNz 84w0nuDydBpgUg5YZl9qAdaoBCsngQHa6RtN0ISHIYlSOW5F2X+LClH037bGihzx gPSL3vqjKbjMLJ+FRr4M4IFrSbhIcZAbWgU+K2g/yZ1ox+jN21dGlf2zuqCnKxNM ifqpzFu1xTJtm24Jd0S6+hQXJs4CEBsTR+4KFxIREUQFLIMEK/8DGJGNHLEKlNRv Ug6FTliLU/GPJm5ZY3a13zjvvW4+Nz5CDH8u1V0WUjgwdblUR6QOttw/fBwjJkEQ rmK+e4vOyyG0rvii3SbiMW2Keo8c2A+Q4wMJT4JbO/NdH73q+VfxgQWKfwdrlovw 1Eq15zo1MPapKAc3ELxloKyDSJQ+pFM6jtBZBAkTkGnXvBvyVZ7quqMBByxnOhS/ cQULbgVlUcOF2zZDKClyo9R/kwS6iMfHPp6IuLaBmkgL81PG8hnuxZehBj3ElC2l uQblPTrOkqiowyvZJZ4VaiSkTczuijqtgXNAqKGXkvqdhb4fQIwQSV77JoC/7BAd SbBSMJ2T86+U7rhP8y1EDCU9GPQia3yW4FQGXEDA8Jq9Tak0PMg= =83+R -----END PGP SIGNATURE----- Merge 4.14.17 into android-4.14 Changes in 4.14.17 futex: Fix OWNER_DEAD fixup loop: fix concurrent lo_open/lo_release KVM: x86: Fix CPUID function for word 6 (80000001_ECX) tools/gpio: Fix build error with musl libc gpio: stmpe: i2c transfer are forbiden in atomic context gpio: Fix kernel stack leak to userspace ALSA: hda - Reduce the suspend time consumption for ALC256 crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH crypto: aesni - handle zero length dst buffer crypto: aesni - fix typo in generic_gcmaes_decrypt crypto: gcm - add GCM IV size constant crypto: aesni - Use GCM IV size constant crypto: aesni - add wrapper for generic gcm(aes) crypto: aesni - Fix out-of-bounds access of the data buffer in generic-gcm-aesni crypto: aesni - Fix out-of-bounds access of the AAD buffer in generic-gcm-aesni crypto: inside-secure - fix hash when length is a multiple of a block crypto: inside-secure - avoid unmapping DMA memory that was not mapped crypto: sha3-generic - fixes for alignment and big endian operation crypto: af_alg - whitelist mask and type HID: wacom: EKR: ensure devres groups at higher indexes are released HID: wacom: Fix reporting of touch toggle (WACOM_HID_WD_MUTE_DEVICE) events power: reset: zx-reboot: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE gpio: iop: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE gpio: ath79: add missing MODULE_DESCRIPTION/LICENSE mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE igb: Free IRQs when device is hotplugged ima/policy: fix parsing of fsuuid scsi: aacraid: Fix udev inquiry race condition scsi: aacraid: Fix hang in kdump VFS: Handle lazytime in do_mount() drm/vc4: Account for interrupts in flight btrfs: Fix transaction abort during failure in btrfs_rm_dev_item Btrfs: bail out gracefully rather than BUG_ON cpupowerutils: bench - Fix cpu online check cpupower : Fix cpupower working when cpu0 is offline KVM: nVMX/nSVM: Don't intercept #UD when running L2 KVM: x86: emulator: Return to user-mode on L1 CPL=0 emulation failure KVM: x86: Don't re-execute instruction when not passing CR2 value KVM: X86: Fix operand/address-size during instruction decoding KVM: nVMX: Fix mmu context after VMLAUNCH/VMRESUME failure KVM: x86: fix em_fxstor() sleeping while in atomic KVM: x86: ioapic: Fix level-triggered EOI and IOAPIC reconfigure race KVM: x86: ioapic: Clear Remote IRR when entry is switched to edge-triggered KVM: x86: ioapic: Preserve read-only values in the redirection table KVM: nVMX: Fix vmx_check_nested_events() return value in case an event was reinjected to L2 nvme-fabrics: introduce init command check for a queue that is not alive nvme-fc: check if queue is ready in queue_rq nvme-loop: check if queue is ready in queue_rq nvme-pci: disable APST on Samsung SSD 960 EVO + ASUS PRIME B350M-A nvme-pci: avoid hmb desc array idx out-of-bound when hmmaxd set. nvmet-fc: correct ref counting error when deferred rcv used s390/topology: fix compile error in file arch/s390/kernel/smp.c s390/zcrypt: Fix wrong comparison leading to strange load balancing ACPI / bus: Leave modalias empty for devices which are not present cpufreq: Add Loongson machine dependencies null_blk: fix dev->badblocks leak s390: fix alloc_pgste check in init_new_context again rxrpc: The mutex lock returned by rxrpc_accept_call() needs releasing rxrpc: Provide a different lockdep key for call->user_mutex for kernel calls rxrpc: Fix service endpoint expiry bcache: check return value of register_shrinker drm/amdgpu: Fix SDMA load/unload sequence on HWS disabled mode drm/amdkfd: Fix SDMA ring buffer size calculation drm/amdkfd: Fix SDMA oversubsription handling uapi: fix linux/kfd_ioctl.h userspace compilation errors nvme-rdma: don't complete requests before a send work request has completed openvswitch: fix the incorrect flow action alloc size drm/rockchip: dw-mipi-dsi: fix possible un-balanced runtime PM enable mac80211: use QoS NDP for AP probing mac80211: fix the update of path metric for RANN frame btrfs: fix deadlock when writing out space cache sctp: only allow the asoc reset when the asoc outq is empty sctp: avoid flushing unsent queue when doing asoc reset sctp: set sender next_tsn for the old result with ctsn_ack_point plus 1 reiserfs: remove unneeded i_version bump KVM: X86: Fix softlockup when get the current kvmclock KVM: VMX: Fix rflags cache during vCPU reset Btrfs: fix list_add corruption and soft lockups in fsync KVM: Let KVM_SET_SIGNAL_MASK work as advertised xfs: always free inline data before resetting inode fork during ifree xfs: log recovery should replay deferred ops in order i2c: i2c-boardinfo: fix memory leaks on devinfo xen-netfront: remove warning when unloading module auxdisplay: img-ascii-lcd: Only build on archs that have IOMEM nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) nfsd: Ensure we check stateid validity in the seqid operation checks grace: replace BUG_ON by WARN_ONCE in exit_net hook nfsd: check for use of the closed special stateid race of lockd inetaddr notifiers vs nlmsvc_rqst change lockd: fix "list_add double add" caused by legacy signal interface hwmon: (pmbus) Use 64bit math for DIRECT format values quota: propagate error from __dquot_initialize net: mvpp2: fix the txq_init error path net: phy: marvell10g: fix the PHY id mask bnxt_en: Fix an error handling path in 'bnxt_get_module_eeprom()' Btrfs: incremental send, fix wrong unlink path after renaming file nvme-pci: fix NULL pointer dereference in nvme_free_host_mem() xfs: fortify xfs_alloc_buftarg error handling drm/amdgpu: don't try to move pinned BOs net: ethernet: xilinx: Mark XILINX_LL_TEMAC broken on 64-bit quota: Check for register_shrinker() failure. SUNRPC: Allow connect to return EHOSTUNREACH scripts/faddr2line: extend usage on generic arch kmemleak: add scheduling point to kmemleak_scan() drm/bridge: Fix lvds-encoder since the panel_bridge rework. drm/bridge: tc358767: do no fail on hi-res displays drm/bridge: tc358767: filter out too high modes drm/bridge: tc358767: fix DP0_MISC register set drm/bridge: tc358767: fix timing calculations drm/bridge: tc358767: fix AUXDATAn registers access drm/bridge: tc358767: fix 1-lane behavior drm/omap: Fix error handling path in 'omap_dmm_probe()' drm/omap: displays: panel-dpi: add backlight dependency xfs: ubsan fixes xfs: Properly retry failed dquot items in case of error during buffer writeback perf/core: Fix memory leak triggered by perf --namespace scsi: aacraid: Prevent crash in case of free interrupt during scsi EH path scsi: ufs: ufshcd: fix potential NULL pointer dereference in ufshcd_config_vreg iwlwifi: mvm: fix the TX queue hang timeout for MONITOR vif type iwlwifi: fix access to prph when transport is stopped ARM: dts: NSP: Disable AHCI controller for HR NSP boards ARM: dts: NSP: Fix PPI interrupt types media: usbtv: add a new usbid x86/xen: Support early interrupts in xen pv guests usb: gadget: don't dereference g until after it has been null checked staging: rtl8188eu: Fix incorrect response to SIOCGIWESSID drm/vc4: Move IRQ enable to PM path KVM: x86: emulate #UD while in guest mode staging: lustre: separate a connection destroy from free struct kib_conn staging: ccree: NULLify backup_info when unused staging: ccree: fix fips event irq handling build tty: fix data race between tty_init_dev and flush of buf usb: option: Add support for FS040U modem USB: serial: pl2303: new device id for Chilitag USB: cdc-acm: Do not log urb submission errors on disconnect CDC-ACM: apply quirk for card reader USB: serial: io_edgeport: fix possible sleep-in-atomic usbip: prevent bind loops on devices attached to vhci_hcd usbip: list: don't list devices attached to vhci_hcd USB: serial: simple: add Motorola Tetra driver usb: f_fs: Prevent gadget unbind if it is already unbound usb: uas: unconditionally bring back host after reset usb/gadget: Fix "high bandwidth" check in usb_gadget_ep_match_desc() ANDROID: binder: remove waitqueue when thread exits. android: binder: use VM_ALLOC to get vm area mei: me: allow runtime pm for platform with D0i3 serial: 8250_of: fix return code when probe function fails to get reset serial: 8250_uniphier: fix error return code in uniphier_uart_probe() serial: imx: Only wakeup via RTSDEN bit if the system has RTS/CTS spi: imx: do not access registers while clocks disabled iio: adc: stm32: fix scan of multiple channels with DMA iio: chemical: ccs811: Fix output of IIO_CONCENTRATION channels test_firmware: fix missing unlock on error in config_num_requests_store() Input: synaptics-rmi4 - unmask F03 interrupts when port is opened Input: synaptics-rmi4 - do not delete interrupt memory too early x86/efi: Clarify that reset attack mitigation needs appropriate userspace Linux 4.14.17 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Stephan Mueller
|
f41c8a0031 |
crypto: af_alg - whitelist mask and type
commit bb30b8848c85e18ca7e371d0a869e94b3e383bdf upstream. The user space interface allows specifying the type and mask field used to allocate the cipher. Only a subset of the possible flags are intended for user space. Therefore, white-list the allowed flags. In case the user space caller uses at least one non-allowed flag, EINVAL is returned. Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Ard Biesheuvel
|
b9788e278c |
crypto: sha3-generic - fixes for alignment and big endian operation
commit c013cee99d5a18aec8c71fee8f5f41369cd12595 upstream.
Ensure that the input is byte swabbed before injecting it into the
SHA3 transform. Use the get_unaligned() accessor for this so that
we don't perform unaligned access inadvertently on architectures
that do not support that.
Fixes: 53964b9ee63b7075 ("crypto: sha3 - Add SHA-3 hash algorithm")
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Hauke Mehrtens
|
2992182765 |
crypto: ecdh - fix typo in KPP dependency of CRYPTO_ECDH
commit b5b9007730ce1d90deaf25d7f678511550744bdc upstream.
This fixes a typo in the CRYPTO_KPP dependency of CRYPTO_ECDH.
Fixes: 3c4b23901a0c ("crypto: ecdh - Add ECDH software support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
9b68347c35 |
This is the 4.14.14 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlpfDSoACgkQONu9yGCS aT563hAAhqP/PoKahVzW1NiRRuLHLtLJTQZt5urQUTppfUOOHDXPt5CqyrtnJQEX LZjGnMTNonsMM4XLI7WhqF+UfPImjwghYBn9pG+0dAoa/C5unPD8qp8NHkH7BFhU w+5VJtteKYJ6OKpPD5p5pd4oYzMki3j+t20/yf8QXFzrYtG/gtEOCTrpJmBE0E6g 0m+fSvoq0wR6HTgqPE9We2fHU4yCYCzAZLhfqZlTeIf4wlFXZOheD/9GnwgeAlqx M8ak06gA0Z33xg55ZYk/eYg+rW2gzc1zdS7mSxSwKXJLSftfz5AGruy6m3xurRdJ KBzQ7oSNbzvBlR+hFmaM9RD0YIAl5+N+g1/5P5ugdWl5JHYoFBXinq8irkZfD72b 6iqtJ1BJ53iQbw5xi1wLSaK1WcRulFx/EY4euC2GjezxsMLvuAwMOCqwownl5xaz k2NkGu9qQh/ELZWW6kIw1EvVCk9cjt+8fd+ELUQyahXOD3fpzeeNVRPj70aM0AHS kqkvi6MiHxV+Y+CV/horE3NZbgu7r6FrIG1OOi/w7LnQb0Yk0fLMHoD8cUBbjUY2 xu7JtYPoCreh1Hgo427CkvC8W6oCKREtoMbFCwPtSVQcXtfrN5Risge/OqE0X9GD jFIvW6p6HWhzEpA7afpXk45q58tBnNujvmACGTl93QrTz7in71I= =k2ZH -----END PGP SIGNATURE----- Merge 4.14.14 into android-4.14 Changes in 4.14.14 dm bufio: fix shrinker scans when (nr_to_scan < retain_target) KVM: Fix stack-out-of-bounds read in write_mmio can: vxcan: improve handling of missing peer name attribute can: gs_usb: fix return value of the "set_bittiming" callback IB/srpt: Disable RDMA access by the initiator IB/srpt: Fix ACL lookup during login MIPS: Validate PR_SET_FP_MODE prctl(2) requests against the ABI of the task MIPS: Factor out NT_PRFPREG regset access helpers MIPS: Guard against any partial write attempt with PTRACE_SETREGSET MIPS: Consistently handle buffer counter with PTRACE_SETREGSET MIPS: Fix an FCSR access API regression with NT_PRFPREG and MSA MIPS: Also verify sizeof `elf_fpreg_t' with PTRACE_SETREGSET MIPS: Disallow outsized PTRACE_SETREGSET NT_PRFPREG regset accesses cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC kvm: vmx: Scrub hardware GPRs at VM-exit platform/x86: wmi: Call acpi_wmi_init() later iw_cxgb4: only call the cq comp_handler when the cq is armed iw_cxgb4: atomically flush the qp iw_cxgb4: only clear the ARMED bit if a notification is needed iw_cxgb4: reflect the original WR opcode in drain cqes iw_cxgb4: when flushing, complete all wrs in a chain x86/acpi: Handle SCI interrupts above legacy space gracefully ALSA: pcm: Remove incorrect snd_BUG_ON() usages ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error ALSA: pcm: Add missing error checks in OSS emulation plugin builder ALSA: pcm: Abort properly at pending signal in OSS read/write loops ALSA: pcm: Allow aborting mutex lock at OSS read/write loops ALSA: aloop: Release cable upon open error path ALSA: aloop: Fix inconsistent format due to incomplete rule ALSA: aloop: Fix racy hw constraints adjustment x86/acpi: Reduce code duplication in mp_override_legacy_irq() 8021q: fix a memory leak for VLAN 0 device ip6_tunnel: disable dst caching if tunnel is dual-stack net: core: fix module type in sock_diag_bind phylink: ensure we report link down when LOS asserted RDS: Heap OOB write in rds_message_alloc_sgs() RDS: null pointer dereference in rds_atomic_free_op net: fec: restore dev_id in the cases of probe error net: fec: defer probe if regulator is not ready net: fec: free/restore resource in related probe error pathes sctp: do not retransmit upon FragNeeded if PMTU discovery is disabled sctp: fix the handling of ICMP Frag Needed for too small MTUs sh_eth: fix TSU resource handling net: stmmac: enable EEE in MII, GMII or RGMII only sh_eth: fix SH7757 GEther initialization ipv6: fix possible mem leaks in ipv6_make_skb() ethtool: do not print warning for applications using legacy API mlxsw: spectrum_router: Fix NULL pointer deref net/sched: Fix update of lastuse in act modules implementing stats_update ipv6: sr: fix TLVs not being copied using setsockopt mlxsw: spectrum: Relax sanity checks during enslavement sfp: fix sfp-bus oops when removing socket/upstream membarrier: Disable preemption when calling smp_call_function_many() crypto: algapi - fix NULL dereference in crypto_remove_spawns() mmc: renesas_sdhi: Add MODULE_LICENSE rbd: reacquire lock should update lock owner client id rbd: set max_segments to USHRT_MAX iwlwifi: pcie: fix DMA memory mapping / unmapping x86/microcode/intel: Extend BDW late-loading with a revision check KVM: x86: Add memory barrier on vmcs field lookup KVM: PPC: Book3S PR: Fix WIMG handling under pHyp KVM: PPC: Book3S HV: Drop prepare_done from struct kvm_resize_hpt KVM: PPC: Book3S HV: Fix use after free in case of multiple resize requests KVM: PPC: Book3S HV: Always flush TLB in kvmppc_alloc_reset_hpt() drm/vmwgfx: Don't cache framebuffer maps drm/vmwgfx: Potential off by one in vmw_view_add() drm/i915/gvt: Clear the shadow page table entry after post-sync drm/i915: Whitelist SLICE_COMMON_ECO_CHICKEN1 on Geminilake. drm/i915: Move init_clock_gating() back to where it was drm/i915: Fix init_clock_gating for resume bpf: prevent out-of-bounds speculation bpf, array: fix overflow in max_entries and undefined behavior in index_mask bpf: arsh is not supported in 32 bit alu thus reject it USB: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ USB: serial: cp210x: add new device ID ELV ALC 8xxx usb: misc: usb3503: make sure reset is low for at least 100us USB: fix usbmon BUG trigger USB: UDC core: fix double-free in usb_add_gadget_udc_release usbip: remove kernel addresses from usb device and urb debug msgs usbip: fix vudc_rx: harden CMD_SUBMIT path to handle malicious input usbip: vudc_tx: fix v_send_ret_submit() vulnerability to null xfer buffer staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl Bluetooth: Prevent stack info leak from the EFS element. uas: ignore UAS for Norelsys NS1068(X) chips mux: core: fix double get_device() kdump: write correct address of mem_section into vmcoreinfo apparmor: fix ptrace label match when matching stacked labels e1000e: Fix e1000_check_for_copper_link_ich8lan return value. x86/pti: Unbreak EFI old_memmap x86/Documentation: Add PTI description x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] sysfs/cpu: Add vulnerability folder x86/cpu: Implement CPU vulnerabilites sysfs functions x86/tboot: Unbreak tboot with PTI enabled x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*() x86/cpu/AMD: Make LFENCE a serializing instruction x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC sysfs/cpu: Fix typos in vulnerability documentation x86/alternatives: Fix optimize_nops() checking x86/pti: Make unpoison of pgd for trusted boot work for real objtool: Detect jumps to retpoline thunks objtool: Allow alternatives to be ignored x86/retpoline: Add initial retpoline support x86/spectre: Add boot time option to select Spectre v2 mitigation x86/retpoline/crypto: Convert crypto assembler indirect jumps x86/retpoline/entry: Convert entry assembler indirect jumps x86/retpoline/ftrace: Convert ftrace assembler indirect jumps x86/retpoline/hyperv: Convert assembler indirect jumps x86/retpoline/xen: Convert Xen hypercall indirect jumps x86/retpoline/checksum32: Convert assembler indirect jumps x86/retpoline/irq32: Convert assembler indirect jumps x86/retpoline: Fill return stack buffer on vmexit selftests/x86: Add test_vsyscall x86/pti: Fix !PCID and sanitize defines security/Kconfig: Correct the Documentation reference for PTI x86,perf: Disable intel_bts when PTI x86/retpoline: Remove compile time warning Linux 4.14.14 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Biggers
|
3662493dbd |
crypto: algapi - fix NULL dereference in crypto_remove_spawns()
commit 9a00674213a3f00394f4e3221b88f2d21fc05789 upstream. syzkaller triggered a NULL pointer dereference in crypto_remove_spawns() via a program that repeatedly and concurrently requests AEADs "authenc(cmac(des3_ede-asm),pcbc-aes-aesni)" and hashes "cmac(des3_ede)" through AF_ALG, where the hashes are requested as "untested" (CRYPTO_ALG_TESTED is set in ->salg_mask but clear in ->salg_feat; this causes the template to be instantiated for every request). Although AF_ALG users really shouldn't be able to request an "untested" algorithm, the NULL pointer dereference is actually caused by a longstanding race condition where crypto_remove_spawns() can encounter an instance which has had spawn(s) "grabbed" but hasn't yet been registered, resulting in ->cra_users still being NULL. We probably should properly initialize ->cra_users earlier, but that would require updating many templates individually. For now just fix the bug in a simple way that can easily be backported: make crypto_remove_spawns() treat a NULL ->cra_users list as empty. Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jaegeuk Kim
|
a53dc75af2 |
fscrypt: updates on 4.15-rc4
Cherry-picked from origin/upstream-f2fs-stable-linux-4.14.y: 9d468a2b52d1 Revert "locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE()" 13b237d115a5 fscrypt: move to generic async completion a2985b1c98e5 crypto: introduce crypto wait for async op 4bb665c7e388 locking/atomics: COCCINELLE/treewide: Convert trivial ACCESS_ONCE() patterns to READ_ONCE()/WRITE_ONCE() 249c90416bcf fscrypt: new helper function - fscrypt_prepare_setattr() 91d09c052132 fscrypt: new helper function - fscrypt_prepare_lookup() 9a24d618cb8a fscrypt: new helper function - fscrypt_prepare_rename() 4bd6179f5211 fscrypt: new helper function - fscrypt_prepare_link() b811faac6371 fscrypt: new helper function - fscrypt_file_open() e9f57e3771ba fscrypt: new helper function - fscrypt_require_key() b31ee2e1280e fscrypt: remove unneeded empty fscrypt_operations structs 82cbed4cdc5e fscrypt: remove ->is_encrypted() 2edb5df148b3 fscrypt: switch from ->is_encrypted() to IS_ENCRYPTED() cde1fbb02dbf fs, fscrypt: add an S_ENCRYPTED inode flag 8ec05db2542c fscrypt: clean up include file mess Change-Id: I8980613b8d5ffedf72ef2c91e1ae2eebb521ae19 Signed-off-by: Jaegeuk Kim <jaegeuk@google.com> |
||
|
Eric Biggers
|
7156c794b8 |
crypto: pcrypt - fix freeing pcrypt instances
commit d76c68109f37cb85b243a1cf0f40313afd2bae68 upstream.
pcrypt is using the old way of freeing instances, where the ->free()
method specified in the 'struct crypto_template' is passed a pointer to
the 'struct crypto_instance'. But the crypto_instance is being
kfree()'d directly, which is incorrect because the memory was actually
allocated as an aead_instance, which contains the crypto_instance at a
nonzero offset. Thus, the wrong pointer was being kfree()'d.
Fix it by switching to the new way to free aead_instance's where the
->free() method is specified in the aead_instance itself.
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 0496f56065e0 ("crypto: pcrypt - Add support for new AEAD interface")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Biggers
|
9c36498f74 |
crypto: chacha20poly1305 - validate the digest size
commit e57121d08c38dabec15cf3e1e2ad46721af30cae upstream.
If the rfc7539 template was instantiated with a hash algorithm with
digest size larger than 16 bytes (POLY1305_DIGEST_SIZE), then the digest
overran the 'tag' buffer in 'struct chachapoly_req_ctx', corrupting the
subsequent memory, including 'cryptlen'. This caused a crash during
crypto_skcipher_decrypt().
Fix it by, when instantiating the template, requiring that the
underlying hash algorithm has the digest size expected for Poly1305.
Reproducer:
#include <linux/if_alg.h>
#include <sys/socket.h>
#include <unistd.h>
int main()
{
int algfd, reqfd;
struct sockaddr_alg addr = {
.salg_type = "aead",
.salg_name = "rfc7539(chacha20,sha256)",
};
unsigned char buf[32] = { 0 };
algfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
bind(algfd, (void *)&addr, sizeof(addr));
setsockopt(algfd, SOL_ALG, ALG_SET_KEY, buf, sizeof(buf));
reqfd = accept(algfd, 0, 0);
write(reqfd, buf, 16);
read(reqfd, buf, 16);
}
Reported-by: syzbot <syzkaller@googlegroups.com>
Fixes: 71ebc4d1b27d ("crypto: chacha20poly1305 - Add a ChaCha20-Poly1305 AEAD construction, RFC7539")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Stephan Mueller
|
f09fca41e2 |
crypto: af_alg - fix race accessing cipher request
commit d53c5135792319e095bb126bc43b2ee98586f7fe upstream.
When invoking an asynchronous cipher operation, the invocation of the
callback may be performed before the subsequent operations in the
initial code path are invoked. The callback deletes the cipher request
data structure which implies that after the invocation of the
asynchronous cipher operation, this data structure must not be accessed
any more.
The setting of the return code size with the request data structure must
therefore be moved before the invocation of the asynchronous cipher
operation.
Fixes: e870456d8e7c ("crypto: algif_skcipher - overhaul memory management")
Fixes: d887c52d6ae4 ("crypto: algif_aead - overhaul memory management")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Acked-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|