mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
9083 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Florian Westphal
|
c28aabbd64 |
netfilter: arp_tables: init netns pointer in xt_tgchk_param struct
commit 1b789577f655060d98d20ed0c6f9fbd469d6ba63 upstream. We get crash when the targets checkentry function tries to make use of the network namespace pointer for arptables. When the net pointer got added back in 2010, only ip/ip6/ebtables were changed to initialize it, so arptables has this set to NULL. This isn't a problem for normal arptables because no existing arptables target has a checkentry function that makes use of par->net. However, direct users of the setsockopt interface can provide any target they want as long as its registered for ARP or UNPSEC protocols. syzkaller managed to send a semi-valid arptables rule for RATEEST target which is enough to trigger NULL deref: kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN RIP: xt_rateest_tg_checkentry+0x11d/0xb40 net/netfilter/xt_RATEEST.c:109 [..] xt_check_target+0x283/0x690 net/netfilter/x_tables.c:1019 check_target net/ipv4/netfilter/arp_tables.c:399 [inline] find_check_entry net/ipv4/netfilter/arp_tables.c:422 [inline] translate_table+0x1005/0x1d70 net/ipv4/netfilter/arp_tables.c:572 do_replace net/ipv4/netfilter/arp_tables.c:977 [inline] do_arpt_set_ctl+0x310/0x640 net/ipv4/netfilter/arp_tables.c:1456 Fixes: add67461240c1d ("netfilter: add struct net * to target parameters") Reported-by: syzbot+d7358a458d8a81aee898@syzkaller.appspotmail.com Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
d2905c6a0e |
This is the 4.14.164 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4a/2MACgkQONu9yGCS aT4BwA//diCficMfLINrc/9bMq3VS2Y+/lnuURMXEM9MJibjQCUS1spc6YhhNFrE 8m3aavAYywjjD3zGHj8KEaKQFDrPQxYQDzPOPK9rxjpxlUFpnYWUGlI2krpwBV6c 8xAekM62sMEIq09EHqqhKVls+WmYi47/pdfGAAt3PUR8c2eTOlxiFsiwq4nuZDdv rcMkQm87V8Wn1Nq+Dfp6R3U+X9f4DcU5n5cKiGq6ujoalT7h5/jj36JIFxBwMapF WjpqXMUUeylXxXnNFMUbEMg+lEqJlWfvj1sxdxyMdgS+L9rc9bXk/NTub4TZPaXu odwMl9RKWjJvFsvn26Pc4s31K2raEhCDYdkVoFTXWsc7vbE4A/h/yAw4Wq+cuBI4 H4fBXYYZ3D0Il9kxYYbfSaki5z1YbI54tkWcrs8f8jli5C0M3Wkkux1TA4HPj2Ja 8zJFH0++cyfpuKRiYXro+H2Tq4KxBwsWEtync8230MEywlTxkz4IIue+SCgVV+WD jmg/enRjbnkpYBSH1pKOdAAga0kHSxtwWlfLFrjhcgGse8y6sCJhUOPPcQMnf/k0 Jrmc3InHg+mtLiSsJXAp4iGABJlW+W/ouaxaxYoA9wucwQlcgxXpkigl5rOgFTma 153RYc1TSZJAe+cjx42qZxRxcD8/Vg5d6D2tL1otbMSIsD3e7Gk= =sq63 -----END PGP SIGNATURE----- Merge 4.14.164 into android-4.14 Changes in 4.14.164 USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein USB: dummy-hcd: increase max number of devices to 32 locking/spinlock/debug: Fix various data races netfilter: ctnetlink: netns exit must wait for callbacks mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() libtraceevent: Fix lib installation with O= x86/efi: Update e820 with reserved EFI boot services data to fix kexec breakage efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs efi/gop: Return EFI_SUCCESS if a usable GOP was found efi/gop: Fix memory leak in __gop_query32/64() ARM: vexpress: Set-up shared OPP table instead of individual for each CPU netfilter: uapi: Avoid undefined left-shift in xt_sctp.h netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END ARM: dts: Cygnus: Fix MDIO node address/size cells spi: spi-cavium-thunderx: Add missing pci_release_regions() ASoC: topology: Check return value for soc_tplg_pcm_create() ARM: dts: bcm283x: Fix critical trip point bpf, mips: Limit to 33 tail calls ARM: dts: am437x-gp/epos-evm: fix panel compatible samples: bpf: Replace symbol compare of trace_event samples: bpf: fix syscall_tp due to unused syscall powerpc: Ensure that swiotlb buffer is allocated from low memory bnx2x: Do not handle requests from VFs after parity bnx2x: Fix logic to get total no. of PFs per engine net: usb: lan78xx: Fix error message format specifier rfkill: Fix incorrect check to avoid NULL pointer dereference ASoC: wm8962: fix lambda value regulator: rn5t618: fix module aliases kconfig: don't crash on NULL expressions in expr_eq() perf/x86/intel: Fix PT PMI handling fs: avoid softlockups in s_inodes iterators net: stmmac: Do not accept invalid MTU values net: stmmac: RX buffer size must be 16 byte aligned s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly s390/dasd: fix memleak in path handling error case block: fix memleak when __blk_rq_map_user_iov() is failed parisc: Fix compiler warnings in debug_core.c llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c) hv_netvsc: Fix unwanted rx_table reset bpf: reject passing modified ctx to helper functions bpf: Fix passing modified ctx to ld/abs/ind instruction PCI/switchtec: Read all 64 bits of part_event_bitmap mmc: block: Convert RPMB to a character device mmc: block: Delete mmc_access_rpmb() mmc: block: Fix bug when removing RPMB chardev mmc: core: Prevent bus reference leak in mmc_blk_init() mmc: block: propagate correct returned value in mmc_rpmb_ioctl gtp: fix bad unlock balance in gtp_encap_enable_socket macvlan: do not assume mac_header is set in macvlan_broadcast() net: dsa: mv88e6xxx: Preserve priority when setting CPU port. net: stmmac: dwmac-sun8i: Allow all RGMII modes net: stmmac: dwmac-sunxi: Allow all RGMII modes net: usb: lan78xx: fix possible skb leak pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM USB: core: fix check for duplicate endpoints USB: serial: option: add Telit ME910G1 0x110a composition sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK vxlan: fix tos value before xmit vlan: vlan_changelink() should propagate errors net: sch_prio: When ungrafting, replace with FIFO vlan: fix memory leak in vlan_dev_set_egress_priority Linux 4.14.164 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ifbce6635b5a3df896c29e23dd15098e80ecddeba |
||
Pengcheng Yang
|
ab31605bdb |
tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK
[ Upstream commit c9655008e7845bcfdaac10a1ed8554ec167aea88 ]
When we receive a D-SACK, where the sequence number satisfies:
undo_marker <= start_seq < end_seq <= prior_snd_una
we consider this is a valid D-SACK and tcp_is_sackblock_valid()
returns true, then this D-SACK is discarded as "old stuff",
but the variable first_sack_index is not marked as negative
in tcp_sacktag_write_queue().
If this D-SACK also carries a SACK that needs to be processed
(for example, the previous SACK segment was lost), this SACK
will be treated as a D-SACK in the following processing of
tcp_sacktag_write_queue(), which will eventually lead to
incorrect updates of undo_retrans and reordering.
Fixes: fd6dad616d4f ("[TCP]: Earlier SACK block verification & simplify access to them")
Signed-off-by: Pengcheng Yang <yangpc@wangsu.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Blagovest Kolenichev
|
0f3b8ff636 |
Merge android-4.14-q.151 (93b2755) into msm-4.14
* refs/heads/tmp-93b2755:
Linux 4.14.151
RDMA/cxgb4: Do not dma memory off of the stack
kvm: vmx: Basic APIC virtualization controls have three settings
kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
kvm: vmx: Introduce lapic_mode enumeration
KVM: X86: introduce invalidate_gpa argument to tlb flush
PCI: PM: Fix pci_power_up()
xen/netback: fix error path of xenvif_connect_data()
cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
pinctrl: armada-37xx: swap polarity on LED group
pinctrl: armada-37xx: fix control of pins 32 and up
x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
CIFS: avoid using MID 0xFFFF
parisc: Fix vmap memory leak in ioremap()/iounmap()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
mm/slub: fix a deadlock in show_slab_objects()
scsi: zfcp: fix reaction on bit error threshold notification
fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store()
drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
mac80211: Reject malformed SSID elements
cfg80211: wext: avoid copying malformed SSIDs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
Input: synaptics-rmi4 - avoid processing unknown IRQs
Input: da9063 - fix capability and drop KEY_SLEEP
scsi: ch: Make it possible to open a ch device multiple times again
scsi: core: try to get module before removing device
scsi: core: save/restore command resid for error handling
scsi: sd: Ignore a failure to sync cache due to lack of authorization
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
arm64/speculation: Support 'mitigations=' cmdline option
arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
arm64: Force SSBS on context switch
arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB
arm64: add sysfs vulnerability show for speculative store bypass
arm64: add sysfs vulnerability show for spectre-v2
arm64: Always enable spectre-v2 vulnerability detection
arm64: Advertise mitigation of Spectre-v2, or lack thereof
arm64: Provide a command line to disable spectre_v2 mitigation
arm64: Always enable ssb vulnerability detection
arm64: enable generic CPU vulnerabilites support
arm64: add sysfs vulnerability show for meltdown
arm64: Add sysfs vulnerability show for spectre-v1
arm64: fix SSBS sanitization
KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe
arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3
arm64: cpufeature: Detect SSBS and advertise to userspace
arm64: Get rid of __smccc_workaround_1_hvc_*
arm64: don't zero DIT on signal return
arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening
arm64: capabilities: Add support for checks based on a list of MIDRs
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
arm64: Add helpers for checking CPU MIDR against a range
arm64: capabilities: Clean up midr range helpers
arm64: capabilities: Change scope of VHE to Boot CPU feature
arm64: capabilities: Add support for features enabled early
arm64: capabilities: Restrict KPTI detection to boot-time CPUs
arm64: capabilities: Introduce weak features based on local CPU
arm64: capabilities: Group handling of features and errata workarounds
arm64: capabilities: Allow features based on local CPU scope
arm64: capabilities: Split the processing of errata work arounds
arm64: capabilities: Prepare for grouping features and errata work arounds
arm64: capabilities: Filter the entries based on a given mask
arm64: capabilities: Unify the verification
arm64: capabilities: Add flags to handle the conflicts on late CPU
arm64: capabilities: Prepare for fine grained capabilities
arm64: capabilities: Move errata processing code
arm64: capabilities: Move errata work around check on boot CPU
arm64: capabilities: Update prototype for enable call back
arm64: Introduce sysreg_clear_set()
arm64: add PSR_AA32_* definitions
arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h>
arm64: Expose Arm v8.4 features
arm64: Documentation: cpu-feature-registers: Remove RES0 fields
arm64: v8.4: Support for new floating point multiplication instructions
arm64: Fix the feature type for ID register fields
arm64: Expose support for optional ARMv8-A features
arm64: sysreg: Move to use definitions for all the SCTLR bits
USB: ldusb: fix read info leaks
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix memleak on disconnect
USB: serial: ti_usb_3410_5052: fix port-close races
usb: udc: lpc32xx: fix bad bit shift operation
ALSA: hda/realtek - Add support for ALC711
USB: legousbtower: fix memleak on disconnect
memfd: Fix locking when tagging pins
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
net: avoid potential infinite loop in tc_ctl_action()
sctp: change sctp_prot .no_autobind with true
net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
net: i82596: fix dma_alloc_attr for sni_82596
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
ocfs2: fix panic due to ocfs2_wq is null
Revert "drm/radeon: Fix EEH during kexec"
md/raid0: fix warning message for parameter default_layout
namespace: fix namespace.pl script to support relative paths
r8152: Set macpassthru in reset_resume callback
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
mac80211: fix txq null pointer dereference
nl80211: fix null pointer dereference
xen/efi: Set nonblocking callbacks
MIPS: dts: ar9331: fix interrupt-controller size
net: dsa: qca8k: Use up to 7 ports for all operations
ARM: dts: am4372: Set memory bandwidth limit for DISPC
ieee802154: ca8210: prevent memory leak
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
scsi: megaraid: disable device when probe failed after enabled device
scsi: ufs: skip shutdown if hba is not powered
rtlwifi: Fix potential overflow on P2P code
ANDROID: clang: update to 9.0.8 based on r365631c
ANDROID: move up spin_unlock_bh() ahead of remove_proc_entry()
ANDROID: refactor build.config files to remove duplication
Conflicts:
arch/arm64/include/asm/cpucaps.h
arch/arm64/include/asm/cputype.h
arch/arm64/include/asm/processor.h
arch/arm64/include/asm/ptrace.h
arch/arm64/include/asm/sysreg.h
arch/arm64/include/uapi/asm/hwcap.h
arch/arm64/kernel/cpu_errata.c
arch/arm64/kernel/cpufeature.c
arch/arm64/kernel/ssbd.c
Change-Id: Ia6d7b060214022efcb061ea4029bb583e4a68aa2
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
c2bd4f8f0c |
This is the 4.14.162 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4QjoEACgkQONu9yGCS aT61Ig/9GTbv5+njbemhs01loMsA6H4u+BwFHjxJiTzfj+7TwKDZVDcllmiKkPSQ cS3+n6oV1G5VzzmTRU5WKBNQkgu2t6TmcxI4xiDTIZ+GlzdC7b7bp0uEv7bRGIMg lm6oHBoy753oMiB/Z4itA58tuLVsEw9sjZJ3O7wvlaFl4NzD8clGCc9iLQaLofDP 7uXWPgtZ3yRDquOtjPV7c52qwbr/QUZs13iH6xwSHIK6kmTbuhKbQB2TqdrHlKrc FxlitA8NAjn8s7PrJd0NWQxxEW0by3W+pYZ6yvzF1zlY1UWkZB7WfKK8kW5A/5Jt alPtbHAZGbxuobVewObRosM/DZ6vYHNE78M6FUkyo7113lsvVNhz71h8YbO/beCc PPGzvQbbeaWGdVtTFVih75HwtGVktwRpgdA1H0NPZb4eWX9eZl8BrgMvo4EsAvl4 BMYiWbYvR7ijWvbahwTHlpnpmce2acWD5H+oGE338lXvXfXjgrH5d2DlZ9bWTdKv h1YmINQ/cZuUoAe9vlUr/uXIflwza65TJWDRRjzXMZ7FOLwXTTCjqFO+36PZ5zRf 4jdfZa4Uz0HmfH95bVJRbRuAt1Fny/mK3sx7vjTcu0qT9FpG8P3tSJR9rz8yEbVb X0dmyUHl2qNFj0Y/cV3AJJjTEuDbhmXfwPmXPgF4owR6R0rhfM4= =57Qt -----END PGP SIGNATURE----- Merge 4.14.162 into android-4.14 Changes in 4.14.162 scsi: lpfc: Fix discovery failures when target device connectivity bounces scsi: mpt3sas: Fix clear pending bit in ioctl status scsi: lpfc: Fix locking on mailbox command completion Input: atmel_mxt_ts - disable IRQ across suspend iommu/tegra-smmu: Fix page tables in > 4 GiB memory scsi: target: compare full CHAP_A Algorithm strings scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices scsi: csiostor: Don't enable IRQs too early powerpc/pseries: Mark accumulate_stolen_time() as notrace powerpc/pseries: Don't fail hash page table insert for bolted mapping powerpc/tools: Don't quote $objdump in scripts dma-debug: add a schedule point in debug_dma_dump_mappings() clocksource/drivers/asm9260: Add a check for of_clk_get powerpc/security/book3s64: Report L1TF status in sysfs powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning ext4: update direct I/O read lock pattern for IOCB_NOWAIT jbd2: Fix statistics for the number of logged blocks scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow f2fs: fix to update dir's i_pino during cross_rename clk: qcom: Allow constant ratio freq tables for rcg irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary irqchip: ingenic: Error out if IRQ domain creation failed fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences scsi: ufs: fix potential bug which ends in system hang powerpc/pseries/cmm: Implement release() function for sysfs device powerpc/security: Fix wrong message when RFI Flush is disable scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE clk: pxa: fix one of the pxa RTC clocks bcache: at least try to shrink 1 node in bch_mca_scan() HID: logitech-hidpp: Silence intermittent get_battery_capacity errors libnvdimm/btt: fix variable 'rc' set but not used HID: Improve Windows Precision Touchpad detection. scsi: pm80xx: Fix for SATA device discovery scsi: ufs: Fix error handing during hibern8 enter scsi: scsi_debug: num_tgts must be >= 0 scsi: NCR5380: Add disconnect_mask module parameter scsi: iscsi: Don't send data to unbound connection scsi: target: iscsi: Wait for all commands to finish before freeing a session gpio: mpc8xxx: Don't overwrite default irq_set_type callback apparmor: fix unsigned len comparison with less than zero scripts/kallsyms: fix definitely-lost memory leak cdrom: respect device capabilities during opening action perf script: Fix brstackinsn for AUXTRACE perf regs: Make perf_reg_name() return "unknown" instead of NULL s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h s390/cpum_sf: Check for SDBT and SDB consistency ocfs2: fix passing zero to 'PTR_ERR' warning kernel: sysctl: make drop_caches write-only userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK x86/mce: Fix possibly incorrect severity calculation on AMD net, sysctl: Fix compiler warning when only cBPF is present netfilter: nf_queue: enqueue skbs with NULL dst ALSA: hda - Downgrade error message for single-cmd fallback bonding: fix active-backup transition after link failure perf strbuf: Remove redundant va_end() in strbuf_addv() Make filldir[64]() verify the directory entry filename is valid filldir[64]: remove WARN_ON_ONCE() for bad directory entries netfilter: ebtables: compat: reject all padding in matches/watchers 6pack,mkiss: fix possible deadlock netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() inetpeer: fix data-race in inet_putpeer / inet_putpeer net: add a READ_ONCE() in skb_peek_tail() net: icmp: fix data-race in cmp_global_allow() hrtimer: Annotate lockless access to timer->state spi: fsl: don't map irq during probe tty/serial: atmel: fix out of range clock divider handling pinctrl: baytrail: Really serialize all register accesses net: ena: fix napi handler misbehavior when the napi budget is zero net/mlxfw: Fix out-of-memory error in mfa2 flash burning ptp: fix the race between the release of ptp_clock and cdev udp: fix integer overflow while computing available space in sk_rcvbuf vhost/vsock: accept only packets with the right dst_cid net: add bool confirm_neigh parameter for dst_ops.update_pmtu ip6_gre: do not confirm neighbor when do pmtu update gtp: do not confirm neighbor when do pmtu update net/dst: add new function skb_dst_update_pmtu_no_confirm tunnel: do not confirm neighbor when do pmtu update vti: do not confirm neighbor when do pmtu update sit: do not confirm neighbor when do pmtu update gtp: do not allow adding duplicate tid and ms_addr pdp context tcp/dccp: fix possible race __inet_lookup_established() tcp: do not send empty skb from tcp_write_xmit() gtp: fix wrong condition in gtp_genl_dump_pdp() gtp: fix an use-after-free in ipv4_pdp_find() gtp: avoid zero size hashtable spi: fsl: use platform_get_irq() instead of of_irq_to_resource() Linux 4.14.162 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Eric Dumazet
|
e4e33e48ac |
tcp: do not send empty skb from tcp_write_xmit()
[ Upstream commit 1f85e6267caca44b30c54711652b0726fadbb131 ]
Backport of commit fdfc5c8594c2 ("tcp: remove empty skb from
write queue in error cases") in linux-4.14 stable triggered
various bugs. One of them has been fixed in commit ba2ddb43f270
("tcp: Don't dequeue SYN/FIN-segments from write-queue"), but
we still have crashes in some occasions.
Root-cause is that when tcp_sendmsg() has allocated a fresh
skb and could not append a fragment before being blocked
in sk_stream_wait_memory(), tcp_write_xmit() might be called
and decide to send this fresh and empty skb.
Sending an empty packet is not only silly, it might have caused
many issues we had in the past with tp->packets_out being
out of sync.
Fixes: c65f7f00c587 ("[TCP]: Simplify SKB data portion allocation with NETIF_F_SG.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Christoph Paasch <cpaasch@apple.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Cc: Jason Baron <jbaron@akamai.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
94671cf125 |
tcp/dccp: fix possible race __inet_lookup_established()
commit 8dbd76e79a16b45b2ccb01d2f2e08dbf64e71e40 upstream.
Michal Kubecek and Firo Yang did a very nice analysis of crashes
happening in __inet_lookup_established().
Since a TCP socket can go from TCP_ESTABLISH to TCP_LISTEN
(via a close()/socket()/listen() cycle) without a RCU grace period,
I should not have changed listeners linkage in their hash table.
They must use the nulls protocol (Documentation/RCU/rculist_nulls.txt),
so that a lookup can detect a socket in a hash list was moved in
another one.
Since we added code in commit d296ba60d8e2 ("soreuseport: Resolve
merge conflict for v4/v6 ordering fix"), we have to add
hlist_nulls_add_tail_rcu() helper.
Fixes: 3b24d854cb35 ("tcp/dccp: do not touch listener sk_refcnt under synflood")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Michal Kubecek <mkubecek@suse.cz>
Reported-by: Firo Yang <firo.yang@suse.com>
Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
Link: https://lore.kernel.org/netdev/20191120083919.GH27852@unicorn.suse.cz/
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
[stable-4.14: we also need to update code in __inet_lookup_listener() and
inet6_lookup_listener() which has been removed in 5.0-rc1.]
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Hangbin Liu
|
7b296da1ac |
vti: do not confirm neighbor when do pmtu update
[ Upstream commit 8247a79efa2f28b44329f363272550c1738377de ]
When do IPv6 tunnel PMTU update and calls __ip6_rt_update_pmtu() in the end,
we should not call dst_confirm_neigh() as there is no two-way communication.
Although vti and vti6 are immune to this problem because they are IFF_NOARP
interfaces, as Guillaume pointed. There is still no sense to confirm neighbour
here.
v5: Update commit description.
v4: No change.
v3: Do not remove dst_confirm_neigh, but add a new bool parameter in
dst_ops.update_pmtu to control whether we should do neighbor confirm.
Also split the big patch to small ones for each area.
v2: Remove dst_confirm_neigh in __ip6_rt_update_pmtu.
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Hangbin Liu
|
b1467e87af |
tunnel: do not confirm neighbor when do pmtu update
[ Upstream commit 7a1592bcb15d71400a98632727791d1e68ea0ee8 ]
When do tunnel PMTU update and calls __ip6_rt_update_pmtu() in the end,
we should not call dst_confirm_neigh() as there is no two-way communication.
v5: No Change.
v4: Update commit description
v3: Do not remove dst_confirm_neigh, but add a new bool parameter in
dst_ops.update_pmtu to control whether we should do neighbor confirm.
Also split the big patch to small ones for each area.
v2: Remove dst_confirm_neigh in __ip6_rt_update_pmtu.
Fixes: 0dec879f636f ("net: use dst_confirm_neigh for UDP, RAW, ICMP, L2TP")
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Tested-by: Guillaume Nault <gnault@redhat.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Hangbin Liu
|
7ae78f9bbb |
net: add bool confirm_neigh parameter for dst_ops.update_pmtu
[ Upstream commit bd085ef678b2cc8c38c105673dfe8ff8f5ec0c57 ]
The MTU update code is supposed to be invoked in response to real
networking events that update the PMTU. In IPv6 PMTU update function
__ip6_rt_update_pmtu() we called dst_confirm_neigh() to update neighbor
confirmed time.
But for tunnel code, it will call pmtu before xmit, like:
- tnl_update_pmtu()
- skb_dst_update_pmtu()
- ip6_rt_update_pmtu()
- __ip6_rt_update_pmtu()
- dst_confirm_neigh()
If the tunnel remote dst mac address changed and we still do the neigh
confirm, we will not be able to update neigh cache and ping6 remote
will failed.
So for this ip_tunnel_xmit() case, _EVEN_ if the MTU is changed, we
should not be invoking dst_confirm_neigh() as we have no evidence
of successful two-way communication at this point.
On the other hand it is also important to keep the neigh reachability fresh
for TCP flows, so we cannot remove this dst_confirm_neigh() call.
To fix the issue, we have to add a new bool parameter for dst_ops.update_pmtu
to choose whether we should do neigh update or not. I will add the parameter
in this patch and set all the callers to true to comply with the previous
way, and fix the tunnel code one by one on later patches.
v5: No change.
v4: No change.
v3: Do not remove dst_confirm_neigh, but add a new bool parameter in
dst_ops.update_pmtu to control whether we should do neighbor confirm.
Also split the big patch to small ones for each area.
v2: Remove dst_confirm_neigh in __ip6_rt_update_pmtu.
Suggested-by: David Miller <davem@davemloft.net>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Antonio Messina
|
343f3056b5 |
udp: fix integer overflow while computing available space in sk_rcvbuf
[ Upstream commit feed8a4fc9d46c3126fb9fcae0e9248270c6321a ] When the size of the receive buffer for a socket is close to 2^31 when computing if we have enough space in the buffer to copy a packet from the queue to the buffer we might hit an integer overflow. When an user set net.core.rmem_default to a value close to 2^31 UDP packets are dropped because of this overflow. This can be visible, for instance, with failure to resolve hostnames. This can be fixed by casting sk_rcvbuf (which is an int) to unsigned int, similarly to how it is done in TCP. Signed-off-by: Antonio Messina <amessina@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
6b307f5c03 |
net: icmp: fix data-race in cmp_global_allow()
commit bbab7ef235031f6733b5429ae7877bfa22339712 upstream. This code reads two global variables without protection of a lock. We need READ_ONCE()/WRITE_ONCE() pairs to avoid load/store-tearing and better document the intent. KCSAN reported : BUG: KCSAN: data-race in icmp_global_allow / icmp_global_allow read to 0xffffffff861a8014 of 4 bytes by task 11201 on cpu 0: icmp_global_allow+0x36/0x1b0 net/ipv4/icmp.c:254 icmpv6_global_allow net/ipv6/icmp.c:184 [inline] icmpv6_global_allow net/ipv6/icmp.c:179 [inline] icmp6_send+0x493/0x1140 net/ipv6/icmp.c:514 icmpv6_send+0x71/0xb0 net/ipv6/ip6_icmp.c:43 ip6_link_failure+0x43/0x180 net/ipv6/route.c:2640 dst_link_failure include/net/dst.h:419 [inline] vti_xmit net/ipv4/ip_vti.c:243 [inline] vti_tunnel_xmit+0x27f/0xa50 net/ipv4/ip_vti.c:279 __netdev_start_xmit include/linux/netdevice.h:4420 [inline] netdev_start_xmit include/linux/netdevice.h:4434 [inline] xmit_one net/core/dev.c:3280 [inline] dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530 neigh_output include/net/neighbour.h:511 [inline] ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline] __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175 dst_output include/net/dst.h:436 [inline] ip6_local_out+0x74/0x90 net/ipv6/output_core.c:179 write to 0xffffffff861a8014 of 4 bytes by task 11183 on cpu 1: icmp_global_allow+0x174/0x1b0 net/ipv4/icmp.c:272 icmpv6_global_allow net/ipv6/icmp.c:184 [inline] icmpv6_global_allow net/ipv6/icmp.c:179 [inline] icmp6_send+0x493/0x1140 net/ipv6/icmp.c:514 icmpv6_send+0x71/0xb0 net/ipv6/ip6_icmp.c:43 ip6_link_failure+0x43/0x180 net/ipv6/route.c:2640 dst_link_failure include/net/dst.h:419 [inline] vti_xmit net/ipv4/ip_vti.c:243 [inline] vti_tunnel_xmit+0x27f/0xa50 net/ipv4/ip_vti.c:279 __netdev_start_xmit include/linux/netdevice.h:4420 [inline] netdev_start_xmit include/linux/netdevice.h:4434 [inline] xmit_one net/core/dev.c:3280 [inline] dev_hard_start_xmit+0xef/0x430 net/core/dev.c:3296 __dev_queue_xmit+0x14c9/0x1b60 net/core/dev.c:3873 dev_queue_xmit+0x21/0x30 net/core/dev.c:3906 neigh_direct_output+0x1f/0x30 net/core/neighbour.c:1530 neigh_output include/net/neighbour.h:511 [inline] ip6_finish_output2+0x7a6/0xec0 net/ipv6/ip6_output.c:116 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline] __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 11183 Comm: syz-executor.2 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Fixes: 4cdf507d5452 ("icmp: add a global rate limitation") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
43b6375db5 |
inetpeer: fix data-race in inet_putpeer / inet_putpeer
commit 71685eb4ce80ae9c49eff82ca4dd15acab215de9 upstream. We need to explicitely forbid read/store tearing in inet_peer_gc() and inet_putpeer(). The following syzbot report reminds us about inet_putpeer() running without a lock held. BUG: KCSAN: data-race in inet_putpeer / inet_putpeer write to 0xffff888121fb2ed0 of 4 bytes by interrupt on cpu 0: inet_putpeer+0x37/0xa0 net/ipv4/inetpeer.c:240 ip4_frag_free+0x3d/0x50 net/ipv4/ip_fragment.c:102 inet_frag_destroy_rcu+0x58/0x80 net/ipv4/inet_fragment.c:228 __rcu_reclaim kernel/rcu/rcu.h:222 [inline] rcu_do_batch+0x256/0x5b0 kernel/rcu/tree.c:2157 rcu_core+0x369/0x4d0 kernel/rcu/tree.c:2377 rcu_core_si+0x12/0x20 kernel/rcu/tree.c:2386 __do_softirq+0x115/0x33f kernel/softirq.c:292 invoke_softirq kernel/softirq.c:373 [inline] irq_exit+0xbb/0xe0 kernel/softirq.c:413 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0xe6/0x280 arch/x86/kernel/apic/apic.c:1137 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:830 native_safe_halt+0xe/0x10 arch/x86/kernel/paravirt.c:71 arch_cpu_idle+0x1f/0x30 arch/x86/kernel/process.c:571 default_idle_call+0x1e/0x40 kernel/sched/idle.c:94 cpuidle_idle_call kernel/sched/idle.c:154 [inline] do_idle+0x1af/0x280 kernel/sched/idle.c:263 write to 0xffff888121fb2ed0 of 4 bytes by interrupt on cpu 1: inet_putpeer+0x37/0xa0 net/ipv4/inetpeer.c:240 ip4_frag_free+0x3d/0x50 net/ipv4/ip_fragment.c:102 inet_frag_destroy_rcu+0x58/0x80 net/ipv4/inet_fragment.c:228 __rcu_reclaim kernel/rcu/rcu.h:222 [inline] rcu_do_batch+0x256/0x5b0 kernel/rcu/tree.c:2157 rcu_core+0x369/0x4d0 kernel/rcu/tree.c:2377 rcu_core_si+0x12/0x20 kernel/rcu/tree.c:2386 __do_softirq+0x115/0x33f kernel/softirq.c:292 run_ksoftirqd+0x46/0x60 kernel/softirq.c:603 smpboot_thread_fn+0x37d/0x4a0 kernel/smpboot.c:165 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Fixes: 4b9d9be839fd ("inetpeer: remove unused list") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
0f543a0283 |
This is the 4.14.160 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl396kwACgkQONu9yGCS
aT442w/+JHluhMs2qnQ/m8hVqlC6VB+CzPV6pGMcuCPqZ60b/fKPizk6c4OUKrsi
hjhkVwnvfu8Q/u6479KDjjkONMNW1SsmgT96AoGIL6iDmH/V3t/qF/IPJ4nlRdfg
fGzxN0QORJt92y6K49LOweR+Qy4WRM4g1MogjqgWHbEd46nsqUiykxUwMhlSjJ9O
qW/Lj2u+Uo63pqIyyFnIwND8DVNO7TAeoh7fOkSS5BiCANGX1vKMrRpUW7Y3wfV7
wErmzL0He4AKs4lyY5LMCXSdKDK4PatMxgAJMd4P+heznl9xzF2DlGiyj+UN+D74
y/amwqZ2saQ9uUQ4tOYy7mMmRU7rjLOrH/EdOkO36xld/Nqgpwtb2d2R97J5csbE
g4tKqorI3Two17lyjSrvAbFK/6W9S0imRockxk5ePb2DnMqNPgEEv2BEWrLW1xK6
p0us2HoxwTMwmigMHb8wPlyhFcwXAccAdnydBywu99bKBrYvByf76fE87mi3qq9n
qsycTZ15QJ2FIGfBuoir3GCxfV6j/eQrcjqf1hpedOtyxsljIVACRxCNSPfgip3c
DIvkycxzzLTjqihvQR0Z7QVVMcLUCjpn4PlsiTcC8TVWxCe0nP4Kf3xRuadNpM0f
VI14+haST8um3FEereFU78yyoONt4kUbJN+si2H98XfW2ID9HHM=
=dNYz
-----END PGP SIGNATURE-----
Merge 4.14.160 into android-4.14
Changes in 4.14.160
net: bridge: deny dev_set_mac_address() when unregistering
net: dsa: fix flow dissection on Tx path
net: ethernet: ti: cpsw: fix extra rx interrupt
net: thunderx: start phy before starting autonegotiation
openvswitch: support asymmetric conntrack
tcp: md5: fix potential overestimation of TCP option space
tipc: fix ordering of tipc module init and exit routine
tcp: fix rejected syncookies due to stale timestamps
tcp: tighten acceptance of ACKs not matching a child socket
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
inet: protect against too small mtu values.
nvme: host: core: fix precedence of ternary operator
Revert "regulator: Defer init completion for a while after late_initcall"
PCI/PM: Always return devices to D0 when thawing
PCI: Fix Intel ACS quirk UPDCR register address
PCI/MSI: Fix incorrect MSI-X masking on resume
PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3
xtensa: fix TLB sanity checker
rpmsg: glink: Set tail pointer to 0 at end of FIFO
rpmsg: glink: Fix reuse intents memory leak issue
rpmsg: glink: Fix use after free in open_ack TIMEOUT case
rpmsg: glink: Put an extra reference during cleanup
rpmsg: glink: Fix rpmsg_register_device err handling
rpmsg: glink: Don't send pending rx_done during remove
rpmsg: glink: Free pending deferred work on remove
CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
ARM: dts: s3c64xx: Fix init order of clock providers
ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
dma-buf: Fix memory leak in sync_file_merge()
dm btree: increase rebalance threshold in __rebalance2()
scsi: iscsi: Fix a potential deadlock in the timeout handler
drm/radeon: fix r1xx/r2xx register checker for POT textures
xhci: fix USB3 device initiated resume race with roothub autosuspend
net: stmmac: use correct DMA buffer size in the RX descriptor
net: stmmac: don't stop NAPI processing when dropping a packet
Linux 4.14.160
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Eric Dumazet
|
7272e8e3bf |
inet: protect against too small mtu values.
[ Upstream commit 501a90c945103e8627406763dac418f20f3837b2 ] syzbot was once again able to crash a host by setting a very small mtu on loopback device. Let's make inetdev_valid_mtu() available in include/net/ip.h, and use it in ip_setup_cork(), so that we protect both ip_append_page() and __ip_append_data() Also add a READ_ONCE() when the device mtu is read. Pairs this lockless read with one WRITE_ONCE() in __dev_set_mtu(), even if other code paths might write over this field. Add a big comment in include/linux/netdevice.h about dev->mtu needing READ_ONCE()/WRITE_ONCE() annotations. Hopefully we will add the missing ones in followup patches. [1] refcount_t: saturated; leaking memory. WARNING: CPU: 0 PID: 9464 at lib/refcount.c:22 refcount_warn_saturate+0x138/0x1f0 lib/refcount.c:22 Kernel panic - not syncing: panic_on_warn set ... CPU: 0 PID: 9464 Comm: syz-executor850 Not tainted 5.4.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x197/0x210 lib/dump_stack.c:118 panic+0x2e3/0x75c kernel/panic.c:221 __warn.cold+0x2f/0x3e kernel/panic.c:582 report_bug+0x289/0x300 lib/bug.c:195 fixup_bug arch/x86/kernel/traps.c:174 [inline] fixup_bug arch/x86/kernel/traps.c:169 [inline] do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267 do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286 invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027 RIP: 0010:refcount_warn_saturate+0x138/0x1f0 lib/refcount.c:22 Code: 06 31 ff 89 de e8 c8 f5 e6 fd 84 db 0f 85 6f ff ff ff e8 7b f4 e6 fd 48 c7 c7 e0 71 4f 88 c6 05 56 a6 a4 06 01 e8 c7 a8 b7 fd <0f> 0b e9 50 ff ff ff e8 5c f4 e6 fd 0f b6 1d 3d a6 a4 06 31 ff 89 RSP: 0018:ffff88809689f550 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffffff815e4336 RDI: ffffed1012d13e9c RBP: ffff88809689f560 R08: ffff88809c50a3c0 R09: fffffbfff15d31b1 R10: fffffbfff15d31b0 R11: ffffffff8ae98d87 R12: 0000000000000001 R13: 0000000000040100 R14: ffff888099041104 R15: ffff888218d96e40 refcount_add include/linux/refcount.h:193 [inline] skb_set_owner_w+0x2b6/0x410 net/core/sock.c:1999 sock_wmalloc+0xf1/0x120 net/core/sock.c:2096 ip_append_page+0x7ef/0x1190 net/ipv4/ip_output.c:1383 udp_sendpage+0x1c7/0x480 net/ipv4/udp.c:1276 inet_sendpage+0xdb/0x150 net/ipv4/af_inet.c:821 kernel_sendpage+0x92/0xf0 net/socket.c:3794 sock_sendpage+0x8b/0xc0 net/socket.c:936 pipe_to_sendpage+0x2da/0x3c0 fs/splice.c:458 splice_from_pipe_feed fs/splice.c:512 [inline] __splice_from_pipe+0x3ee/0x7c0 fs/splice.c:636 splice_from_pipe+0x108/0x170 fs/splice.c:671 generic_splice_sendpage+0x3c/0x50 fs/splice.c:842 do_splice_from fs/splice.c:861 [inline] direct_splice_actor+0x123/0x190 fs/splice.c:1035 splice_direct_to_actor+0x3b4/0xa30 fs/splice.c:990 do_splice_direct+0x1da/0x2a0 fs/splice.c:1078 do_sendfile+0x597/0xd00 fs/read_write.c:1464 __do_sys_sendfile64 fs/read_write.c:1525 [inline] __se_sys_sendfile64 fs/read_write.c:1511 [inline] __x64_sys_sendfile64+0x1dd/0x220 fs/read_write.c:1511 do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x441409 Code: e8 ac e8 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb 08 fc ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007fffb64c4f78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000441409 RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000005 RBP: 0000000000073b8a R08: 0000000000000010 R09: 0000000000000010 R10: 0000000000010001 R11: 0000000000000246 R12: 0000000000402180 R13: 0000000000402210 R14: 0000000000000000 R15: 0000000000000000 Kernel Offset: disabled Rebooting in 86400 seconds.. Fixes: 1470ddf7f8ce ("inet: Remove explicit write references to sk/inet in ip_append_data") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
3485dc1441 |
tcp: md5: fix potential overestimation of TCP option space
[ Upstream commit 9424e2e7ad93ffffa88f882c9bc5023570904b55 ]
Back in 2008, Adam Langley fixed the corner case of packets for flows
having all of the following options : MD5 TS SACK
Since MD5 needs 20 bytes, and TS needs 12 bytes, no sack block
can be cooked from the remaining 8 bytes.
tcp_established_options() correctly sets opts->num_sack_blocks
to zero, but returns 36 instead of 32.
This means TCP cooks packets with 4 extra bytes at the end
of options, containing unitialized bytes.
Fixes: 33ad798c924b ("tcp: options clean up")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
f960b38ecc |
This is the 4.14.159 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl35LxUACgkQONu9yGCS aT4dLRAAn62JwQdXIRD51BSeXOCxH/oTba3lec9YCf7ttnQojnBKg4Fzxps4R0eH a32uSWOfEb9P7CIIlSAKTx6XPJ3TAmsFjUO1KmO0kbMVmUw6G3yb0g/96/tNjSUt xJwyhYSasQDMmxV/5HvrkCbobeHP1Gf+eacKWfJHaVOUo1UXaW+25A++I5fYOdhn vrcHmJyJAQN38beSOVLDUJ+VXTyEO5ZUG+Pe7IwK1QiOF4JfWoIddCdxxyynT5PR R54x+xPLsaiFXQEjlVIATIsr9KgR3is4utpfSd7MYGxCD7yV4VNrZZighVKBIlV8 39K0zmcpbSIu3PHvxVGxpdjTzPWErPKH6tjHJ/weMI+zy4tHpzUOvpooH46BvYsn XMhlqsYlWS0Nj9eCpUxxkDr1hyuZlpv5RPyW4xKFWor6zQvVi+cl1wiDu0tKCD7T gg3vB04mMOBnGUsEzTc0I/hPcWp6xThQg4N9Zh/MbdwqSkN5KHDgakIMa2yEYRB7 ZLskhnvB2te1KVHvn5CsxR0ABPextALn/u/7qELgGIKoyJVzgmL/lF3wceGsUwz3 hpcWmYKKu5nPg+L1bCHj05O3IcaUhCmvTBkV39nh4TshTTPU0PkvBv20UoChcgER /4QhKydpeLwKi5hTuBuHN6z3PuGrId3opf28KdGsHQ1KGPqd5os= =p3OE -----END PGP SIGNATURE----- Merge 4.14.159 into android-4.14 Changes in 4.14.159 rsi: release skb if rsi_prepare_beacon fails arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator usb: gadget: u_serial: add missing port entry locking tty: serial: fsl_lpuart: use the sg count from dma_map_sg tty: serial: msm_serial: Fix flow control serial: pl011: Fix DMA ->flush_buffer() serial: serial_core: Perform NULL checks for break_ctl ops serial: ifx6x60: add missed pm_runtime_disable autofs: fix a leak in autofs_expire_indirect() RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN iwlwifi: pcie: don't consider IV len in A-MSDU exportfs_decode_fh(): negative pinned may become positive without the parent locked audit_get_nd(): don't unlock parent too early NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error xfrm: release device reference for invalid state Input: cyttsp4_core - fix use after free bug sched/core: Avoid spurious lock dependencies ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() rsxx: add missed destroy_workqueue calls in remove net: ep93xx_eth: fix mismatch of request_mem_region in remove i2c: core: fix use after free in of_i2c_notify serial: core: Allow processing sysrq at port unlock time cxgb4vf: fix memleak in mac_hlist initialization iwlwifi: mvm: synchronize TID queue removal iwlwifi: mvm: Send non offchannel traffic via AP sta ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ net/mlx5: Release resource on error flow clk: sunxi-ng: a64: Fix gate bit of DSI DPHY dlm: fix possible call to kfree() for non-initialized pointer extcon: max8997: Fix lack of path setting in USB device mode net: ethernet: ti: cpts: correct debug for expired txq skb rtc: s3c-rtc: Avoid using broken ALMYEAR register i40e: don't restart nway if autoneg not supported clk: rockchip: fix rk3188 sclk_smc gate data clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name dlm: fix missing idr_destroy for recover_idr MIPS: SiByte: Enable ZONE_DMA32 for LittleSur net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 scsi: zfcp: drop default switch case which might paper over missing case crypto: ecc - check for invalid values in the key verification test crypto: bcm - fix normal/non key hash algorithm failure pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues Staging: iio: adt7316: Fix i2c data reading, set the data field mm/vmstat.c: fix NUMA statistics updates clk: rockchip: fix I2S1 clock gate register for rk3328 clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 regulator: Fix return value of _set_load() stub net-next/hinic:fix a bug in set mac address iomap: sub-block dio needs to zeroout beyond EOF MIPS: OCTEON: octeon-platform: fix typing net/smc: use after free fix in smc_wr_tx_put_slot() math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' rtc: dt-binding: abx80x: fix resistance scale ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module media: pulse8-cec: return 0 when invalidating the logical address media: cec: report Vendor ID after initialization dmaengine: coh901318: Fix a double-lock bug dmaengine: coh901318: Remove unused variable dmaengine: dw-dmac: implement dma protection control setting usb: dwc3: debugfs: Properly print/set link state for HS usb: dwc3: don't log probe deferrals; but do log other error codes ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() f2fs: fix count of seg_freed to make sec_freed correct f2fs: change segment to section in f2fs_ioc_gc_range ARM: dts: rockchip: Fix the PMU interrupt number for rv1108 ARM: dts: rockchip: Assign the proper GPIO clocks for rv1108 f2fs: fix to allow node segment for GC by ioctl path sparc: Correct ctx->saw_frame_pointer logic. dma-mapping: fix return type of dma_set_max_seg_size() altera-stapl: check for a null key before strcasecmp'ing it serial: imx: fix error handling in console_setup i2c: imx: don't print error message on probe defer lockd: fix decoding of TEST results ASoC: rsnd: tidyup registering method for rsnd_kctrl_new() ARM: dts: sun5i: a10s: Fix HDMI output DTC warning ARM: dts: sun8i: v3s: Change pinctrl nodes to avoid warning dlm: NULL check before kmem_cache_destroy is not needed ARM: debug: enable UART1 for socfpga Cyclone5 nfsd: fix a warning in __cld_pipe_upcall() ASoC: au8540: use 64-bit arithmetic instead of 32-bit ARM: OMAP1/2: fix SoC name printing arm64: dts: meson-gxl-libretech-cc: fix GPIO lines names arm64: dts: meson-gxbb-nanopi-k2: fix GPIO lines names arm64: dts: meson-gxbb-odroidc2: fix GPIO lines names arm64: dts: meson-gxl-khadas-vim: fix GPIO lines names net/x25: fix called/calling length calculation in x25_parse_address_block net/x25: fix null_x25_address handling ARM: dts: mmp2: fix the gpio interrupt cell number ARM: dts: realview-pbx: Fix duplicate regulator nodes tcp: fix off-by-one bug on aborting window-probing socket tcp: fix SNMP under-estimation on failed retransmission tcp: fix SNMP TCP timeout under-estimation modpost: skip ELF local symbols during section mismatch check kbuild: fix single target build for external module mtd: fix mtd_oobavail() incoherent returned value ARM: dts: pxa: clean up USB controller nodes clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent ARM: dts: realview: Fix some more duplicate regulator nodes dlm: fix invalid cluster name warning net/mlx4_core: Fix return codes of unsupported operations pstore/ram: Avoid NULL deref in ftrace merging failure path powerpc/math-emu: Update macros from GCC clk: renesas: r8a77995: Correct parent clock of DU MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition nfsd: Return EPERM, not EACCES, in some SETATTR cases tty: Don't block on IO when ldisc change is pending media: stkwebcam: Bugfix for wrong return values firmware: qcom: scm: fix compilation error when disabled mlxsw: spectrum_router: Relax GRE decap matching check IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state IB/hfi1: Close VNIC sdma_progress sleep window mlx4: Use snprintf instead of complicated strcpy usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler ARM: dts: sunxi: Fix PMU compatible strings media: vimc: fix start stream when link is disabled net: aquantia: fix RSS table and key sizes tcp: exit if nothing to retransmit on RTO timeout sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision fuse: verify nlink fuse: verify attributes ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 ALSA: pcm: oss: Avoid potential buffer overflows ALSA: hda - Add mute led support for HP ProBook 645 G4 Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers Input: goodix - add upside-down quirk for Teclast X89 tablet coresight: etm4x: Fix input validation for sysfs. Input: Fix memory leak in psxpad_spi_probe x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks CIFS: Fix SMB2 oplock break processing tty: vt: keyboard: reject invalid keycodes can: slcan: Fix use-after-free Read in slcan_open kernfs: fix ino wrap-around detection jbd2: Fix possible overflow in jbd2_log_space_left() drm/i810: Prevent underflow in ioctl KVM: arm/arm64: vgic: Don't rely on the wrong pending table KVM: x86: do not modify masked bits of shared MSRs KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr crypto: af_alg - cast ki_complete ternary op to int crypto: ccp - fix uninitialized list head crypto: ecdh - fix big endian bug in ECC library crypto: user - fix memory leak in crypto_report spi: atmel: Fix CS high support RDMA/qib: Validate ->show()/store() callbacks before calling them iomap: Fix pipe page leakage during splicing thermal: Fix deadlock in thermal thermal_zone_device_check binder: Handle start==NULL in binder_update_page_range() ASoC: rsnd: fixup MIX kctrl registration KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) appletalk: Fix potential NULL pointer dereference in unregister_snap_client appletalk: Set error code if register_snap_client failed usb: gadget: configfs: Fix missing spin_lock_init() usb: gadget: pch_udc: fix use after free scsi: qla2xxx: Fix driver unload hang media: venus: remove invalid compat_ioctl32 handler USB: uas: honor flag to avoid CAPACITY16 USB: uas: heed CAPACITY_HEURISTICS USB: documentation: flags on usb-storage versus UAS usb: Allow USB device to be warm reset in suspended state staging: rtl8188eu: fix interface sanity check staging: rtl8712: fix interface sanity check staging: gigaset: fix general protection fault on probe staging: gigaset: fix illegal free on probe errors staging: gigaset: add endpoint-type sanity check usb: xhci: only set D3hot for pci device xhci: Increase STS_HALT timeout in xhci_suspend() xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour. ARM: dts: pandora-common: define wl1251 as child node of mmc3 iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting USB: atm: ueagle-atm: add missing endpoint check USB: idmouse: fix interface sanity checks USB: serial: io_edgeport: fix epic endpoint lookup USB: adutux: fix interface sanity check usb: core: urb: fix URB structure initialization function usb: mon: Fix a deadlock in usbmon between mmap and read tpm: add check after commands attribs tab allocation mtd: spear_smi: Fix Write Burst mode virtio-balloon: fix managed page counts when migrating pages between zones usb: dwc3: ep0: Clear started flag on completion btrfs: check page->mapping when loading free space cache btrfs: use refcount_inc_not_zero in kill_all_nodes Btrfs: fix negative subv_writers counter and data space leak after buffered write btrfs: Remove btrfs_bio::flags member Btrfs: send, skip backreference walking for extents with many references btrfs: record all roots for rename exchange on a subvol rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer rtlwifi: rtl8192de: Fix missing enable interrupt flag lib: raid6: fix awk build warnings ovl: relax WARN_ON() on rename to self ALSA: hda - Fix pending unsol events at shutdown md/raid0: Fix an error message in raid0_make_request() watchdog: aspeed: Fix clock behaviour for ast2600 hwrng: omap - Fix RNG wait loop timeout dm zoned: reduce overhead of backing device checks workqueue: Fix spurious sanity check failures in destroy_workqueue() workqueue: Fix pwq ref leak in rescuer_thread() ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report blk-mq: avoid sysfs buffer overflow with too many CPU cores cgroup: pids: use atomic64_t for pids->limit ar5523: check NULL before memcpy() in ar5523_cmd() s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported media: bdisp: fix memleak on release media: radio: wl1273: fix interrupt masking on release media: cec.h: CEC_OP_REC_FLAG_ values were swapped cpuidle: Do not unset the driver if it is there already intel_th: Fix a double put_device() in error path intel_th: pci: Add Ice Lake CPU support intel_th: pci: Add Tiger Lake CPU support PM / devfreq: Lock devfreq in trans_stat_show cpufreq: powernv: fix stack bloat and hard limit on number of CPUs ACPI: OSL: only free map once in osl.c ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() ACPI: PM: Avoid attaching ACPI PM domain to certain devices pinctrl: samsung: Add of_node_put() before return in error path pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init pinctrl: samsung: Fix device node refcount leaks in init code pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity ppdev: fix PPGETTIME/PPSETTIME ioctls powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB powerpc/xive: Prevent page fault issues in the machine crash handler powerpc: Allow flush_icache_range to work across ranges >4GB powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts video/hdmi: Fix AVI bar unpack quota: Check that quota is not dirty before release ext2: check err when partial != NULL quota: fix livelock in dquot_writeback_dquots ext4: Fix credit estimate for final inode freeing reiserfs: fix extended attributes on the root directory block: fix single range discard merge scsi: zfcp: trace channel log even for FCP command responses scsi: qla2xxx: Fix DMA unmap leak scsi: qla2xxx: Fix session lookup in qlt_abort_work() scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value scsi: qla2xxx: Fix message indicating vectors used by driver xhci: Fix memory leak in xhci_add_in_port() xhci: make sure interrupts are restored to correct state iio: adis16480: Add debugfs_reg_access entry phy: renesas: rcar-gen3-usb2: Fix sysfs interface of "role" omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251 scsi: lpfc: Cap NPIV vports to 256 scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE drbd: Change drbd_request_detach_interruptible's return type to int e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk power: supply: cpcap-battery: Fix signed counter sample register mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead media: vimc: fix component match compare ath10k: fix fw crash by moving chip reset after napi disabled powerpc: Avoid clang warnings around setjmp and longjmp powerpc: Fix vDSO clock_getres() ext4: work around deleting a file with i_nlink == 0 safely firmware: qcom: scm: Ensure 'a0' status code is treated as signed mm/shmem.c: cast the type of unmap_start to u64 ext4: fix a bug in ext4_wait_for_tail_page_commit mfd: rk808: Fix RK818 ID template blk-mq: make sure that line break can be printed workqueue: Fix missing kfree(rescuer) in destroy_workqueue() sunrpc: fix crash when cache_head become valid before update net/mlx5e: Fix SFF 8472 eeprom length gfs2: fix glock reference problem in gfs2_trans_remove_revoke kernel/module.c: wakeup processes in module_wq on module unload gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist raid5: need to set STRIPE_HANDLE for batch head of: unittest: fix memory leak in attach_node_and_children Linux 4.14.159 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Dumazet
|
6d9175b955 |
tcp: exit if nothing to retransmit on RTO timeout
Two upstream commits squashed together for v4.14 stable :
commit 88f8598d0a302a08380eadefd09b9f5cb1c4c428 upstream.
Previously TCP only warns if its RTO timer fires and the
retransmission queue is empty, but it'll cause null pointer
reference later on. It's better to avoid such catastrophic failure
and simply exit with a warning.
Squashed with "tcp: refactor tcp_retransmit_timer()" :
commit 0d580fbd2db084a5c96ee9c00492236a279d5e0f upstream.
It appears linux-4.14 stable needs a backport of commit
88f8598d0a30 ("tcp: exit if nothing to retransmit on RTO timeout")
Since tcp_rtx_queue_empty() is not in pre 4.15 kernels,
let's refactor tcp_retransmit_timer() to only use tcp_rtx_queue_head()
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Yuchung Cheng
|
2e117bb2ab |
tcp: fix SNMP TCP timeout under-estimation
[ Upstream commit e1561fe2dd69dc5dddd69bd73aa65355bdfb048b ] Previously the SNMP TCPTIMEOUTS counter has inconsistent accounting: 1. It counts all SYN and SYN-ACK timeouts 2. It counts timeouts in other states except recurring timeouts and timeouts after fast recovery or disorder state. Such selective accounting makes analysis difficult and complicated. For example the monitoring system needs to collect many other SNMP counters to infer the total amount of timeout events. This patch makes TCPTIMEOUTS counter simply counts all the retransmit timeout (SYN or data or FIN). Signed-off-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Yuchung Cheng
|
3dc07e0045 |
tcp: fix SNMP under-estimation on failed retransmission
[ Upstream commit ec641b39457e17774313b66697a8a1dc070257bd ] Previously the SNMP counter LINUX_MIB_TCPRETRANSFAIL is not counting the TSO/GSO properly on failed retransmission. This patch fixes that. Signed-off-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Yuchung Cheng
|
5b7ff64f50 |
tcp: fix off-by-one bug on aborting window-probing socket
[ Upstream commit 3976535af0cb9fe34a55f2ffb8d7e6b39a2f8188 ] Previously there is an off-by-one bug on determining when to abort a stalled window-probing socket. This patch fixes that so it is consistent with tcp_write_timeout(). Signed-off-by: Yuchung Cheng <ycheng@google.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Neal Cardwell <ncardwell@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
84afceb668 |
This is the 4.14.158 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3pFmwACgkQONu9yGCS aT68qg//RlehfhDnOYveXC8iOlpnzUfE0gI0Ix5CbOuPk0pjYHD+pjC22QUK8fza LWoUH4XSmQ7k5v9xw9MXA45yEpsBajrF2uiOYEUbzEIeh2QetTa9+WlZ25wFnza9 tICP2ct9lSs+E7bs3R8RW37cRLuYfhGtc9sskMfhAdTn9MQKOf9h7jIk0lFjhMB/ GbK449Eo6+8Rh2Pai9EYhWCh70d8ZFHLN3UWZUqG8RfWj1041GwVIoNOhwh5fCOq susq/EZI58BKsUv614sUxQ+dMaY+AOLKZAeYcP49tn/aARl2MjQaYSO8wnyUSVwn F7VYN2uvDVKXZa1/vGNtF6Q6O3nuvVwOgaFFx0srH9rSA7s8se+ZQTHg9WqGo36l fl2u7VN40Lq3Hv53gDV9qLHaPaxtAh39lDG9UoGnefzdbNGPVQRTqypMeRLHidwQ CK5lmbCr9BHoOGTRE0jl147WHTXtzYxjPnUmhZlIT2vxxDXP1AQqOHLLjHviXFrp VclLhGbJUAcB3fGSZJtLHYgPlZms+AFLxDQN4l9e3Xqu+F/W9z+NlAX7bEfYLBm0 v/x/b+BL+qtQ9DBIfc57uGxajgHzoI3ZtctiqZJ93IxFMRZEQVQsHYAh/pcK2AIh ONu4VvFjhdxWFQuzAZe8IEDyHbhcQSL+IMmKq+wu9KtGOfLNxWg= =D1w0 -----END PGP SIGNATURE----- Merge 4.14.158 into android-4.14 Changes in 4.14.158 Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS" clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX ASoC: compress: fix unsigned integer overflow check reset: Fix memory leak in reset_control_array_put() ASoC: kirkwood: fix external clock probe defer clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume reset: fix reset_control_ops kerneldoc comment clk: at91: avoid sleeping early clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 idr: Fix idr_alloc_u32 on 32-bit systems x86/resctrl: Prevent NULL pointer dereference when reading mondata clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call net: fec: add missed clk_disable_unprepare in remove bridge: ebtables: don't crash when using dnat target in output chains can: peak_usb: report bus recovery as well can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error watchdog: meson: Fix the wrong value of left time scripts/gdb: fix debugging modules compiled with hot/cold partitioning net: bcmgenet: reapply manual settings to the PHY ceph: return -EINVAL if given fsc mount option on kernel w/o support mac80211: fix station inactive_time shortly after boot block: drbd: remove a stray unlock in __drbd_send_protocol() pwm: bcm-iproc: Prevent unloading the driver module while in use scsi: lpfc: Fix kernel Oops due to null pring pointers scsi: lpfc: Fix dif and first burst use in write commands ARM: dts: Fix up SQ201 flash access ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication parisc: Fix serio address output parisc: Fix HP SDC hpa address output arm64: mm: Prevent mismatched 52-bit VA support arm64: smp: Handle errors reported by the firmware ARM: OMAP1: fix USB configuration for device-only setups RDMA/vmw_pvrdma: Use atomic memory allocation in create AH PM / AVS: SmartReflex: NULL check before some freeing functions is not needed ARM: ks8695: fix section mismatch warning ACPI / LPSS: Ignore acpi_device_fix_up_power() return value scsi: lpfc: Enable Management features for IF_TYPE=6 crypto: user - support incremental algorithm dumps mwifiex: fix potential NULL dereference and use after free mwifiex: debugfs: correct histogram spacing, formatting rtl818x: fix potential use after free xfs: require both realtime inodes to mount ubi: Put MTD device after it is not used ubi: Do not drop UBI device reference before using microblaze: adjust the help to the real behavior microblaze: move "... is ready" messages to arch/microblaze/Makefile iwlwifi: move iwl_nvm_check_version() into dvm gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB kvm: vmx: Set IA32_TSC_AUX for legacy mode guests VSOCK: bind to random port for VMADDR_PORT_ANY mmc: meson-gx: make sure the descriptor is stopped on errors mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET btrfs: only track ref_heads in delayed_ref_updates HID: intel-ish-hid: fixes incorrect error handling serial: 8250: Rate limit serial port rx interrupts during input overruns kprobes/x86/xen: blacklist non-attachable xen interrupt functions xen/pciback: Check dev_data before using it vfio-mdev/samples: Use u8 instead of char for handle functions pinctrl: xway: fix gpio-hog related boot issues net/mlx5: Continue driver initialization despite debugfs failure exofs_mount(): fix leaks on failure exits bnxt_en: Return linux standard errors in bnxt_ethtool.c bnxt_en: query force speeds before disabling autoneg mode. KVM: s390: unregister debug feature on failing arch init pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 HID: doc: fix wrong data structure reference for UHID_OUTPUT dm flakey: Properly corrupt multi-page bios. gfs2: take jdata unstuff into account in do_grow xfs: Align compat attrlist_by_handle with native implementation. xfs: Fix bulkstat compat ioctls on x32 userspace. IB/qib: Fix an error code in qib_sdma_verbs_send() clocksource/drivers/fttmr010: Fix invalid interrupt register access vxlan: Fix error path in __vxlan_dev_create() powerpc/book3s/32: fix number of bats in p/v_block_mapped() powerpc/xmon: fix dump_segments() drivers/regulator: fix a missing check of return value Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading serial: max310x: Fix tx_empty() callback openrisc: Fix broken paths to arch/or32 RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer scsi: qla2xxx: deadlock by configfs_depend_item scsi: csiostor: fix incorrect dma device in case of vport ath6kl: Only use match sets when firmware supports it ath6kl: Fix off by one error in scan completion powerpc/perf: Fix unit_sel/cache_sel checks powerpc/prom: fix early DEBUG messages powerpc/mm: Make NULL pointer deferences explicit on bad page faults. powerpc/44x/bamboo: Fix PCI range vfio/spapr_tce: Get rid of possible infinite loop powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status drbd: ignore "all zero" peer volume sizes in handshake drbd: reject attach of unsuitable uuids even if connected drbd: do not block when adjusting "disk-options" while IO is frozen drbd: fix print_st_err()'s prototype to match the definition IB/rxe: Make counters thread safe regulator: tps65910: fix a missing check of return value powerpc/83xx: handle machine check caused by watchdog timer powerpc/pseries: Fix node leak in update_lmb_associativity_index() crypto: mxc-scc - fix build warnings on ARM64 pwm: clps711x: Fix period calculation net/netlink_compat: Fix a missing check of nla_parse_nested net/net_namespace: Check the return value of register_pernet_subsys() f2fs: fix to dirty inode synchronously um: Make GCOV depend on !KCOV net: (cpts) fix a missing check of clk_prepare net: stmicro: fix a missing check of clk_prepare net: dsa: bcm_sf2: Propagate error value from mdio_write atl1e: checking the status of atl1e_write_phy_reg tipc: fix a missing check of genlmsg_put net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() ocfs2: clear journal dirty flag after shutdown journal vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk lib/genalloc.c: use vzalloc_node() to allocate the bitmap fork: fix some -Wmissing-prototypes warnings drivers/base/platform.c: kmemleak ignore a known leak lib/genalloc.c: include vmalloc.h mtd: Check add_mtd_device() ret code tipc: fix memory leak in tipc_nl_compat_publ_dump net/core/neighbour: tell kmemleak about hash tables PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() net/core/neighbour: fix kmemleak minimal reference count for hash tables serial: 8250: Fix serial8250 initialization crash gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel decnet: fix DN_IFREQ_SIZE net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() blktrace: Show requests without sector tipc: fix skb may be leaky in tipc_link_input sfc: initialise found bitmap in efx_ef10_mtd_probe net: fix possible overflow in __sk_mem_raise_allocated() sctp: don't compare hb_timer expire date before starting it bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() net: dev: Use unsigned integer as an argument to left-shift kvm: properly check debugfs dentry before using it bpf: drop refcount if bpf_map_new_fd() fails in map_create() net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED iommu/amd: Fix NULL dereference bug in match_hid_uid apparmor: delete the dentry in aafs_remove() to avoid a leak scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery ACPI / APEI: Don't wait to serialise with oops messages when panic()ing ACPI / APEI: Switch estatus pool to use vmalloc memory scsi: libsas: Check SMP PHY control function result powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() mtd: Remove a debug trace in mtdpart.c mm, gup: add missing refcount overflow checks on s390 clk: at91: fix update bit maps on CFG_MOR write clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated() staging: rtl8192e: fix potential use after free staging: rtl8723bs: Drop ACPI device ids staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P mei: bus: prefix device names on bus with the bus name xfrm: Fix memleak on xfrm state destroy media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE net: macb: fix error format in dev_err() pwm: Clear chip_data in pwm_put() media: atmel: atmel-isc: fix asd memory allocation media: atmel: atmel-isc: fix INIT_WORK misplacement macvlan: schedule bc_work even if error net: psample: fix skb_over_panic openvswitch: fix flow command message size slip: Fix use-after-free Read in slip_open openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() openvswitch: remove another BUG_ON() tipc: fix link name length check sctp: cache netns in sctp_ep_common net: sched: fix `tc -s class show` no bstats on class with nolock subqueues ext4: add more paranoia checking in ext4_expand_extra_isize handling watchdog: sama5d4: fix WDD value to be always set to max net: macb: Fix SUBNS increment and increase resolution net: macb driver, check for SKBTX_HW_TSTAMP mtd: rawnand: atmel: Fix spelling mistake in error message mtd: rawnand: atmel: fix possible object reference leak mtd: spi-nor: cast to u64 to avoid uint overflows y2038: futex: Move compat implementation into futex.c futex: Prevent robust futex exit race futex: Move futex exit handling into futex code futex: Replace PF_EXITPIDONE with a state exit/exec: Seperate mm_release() futex: Split futex_mm_release() for exit/exec futex: Set task::futex_state to DEAD right after handling futex exit futex: Mark the begin of futex exit explicitly futex: Sanitize exit state handling futex: Provide state handling for exec() as well futex: Add mutex around futex exit futex: Provide distinct return value when owner is exiting futex: Prevent exit livelock HID: core: check whether Usage Page item is after Usage ID items crypto: stm32/hash - Fix hmac issue more than 256 bytes media: stm32-dcmi: fix DMA corruption when stopping streaming hwrng: stm32 - fix unbalanced pm_runtime_enable mailbox: mailbox-test: fix null pointer if no mmio pinctrl: stm32: fix memory leak issue ASoC: stm32: i2s: fix dma configuration ASoC: stm32: i2s: fix 16 bit format support ASoC: stm32: i2s: fix IRQ clearing platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size net: fec: fix clock count mis-match Linux 4.14.158 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
wenxu
|
35e074ebda |
ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel
[ Upstream commit d71b57532d70c03f4671dd04e84157ac6bf021b0 ] ip l add dev tun type gretap key 1000 ip a a dev tun 10.0.0.1/24 Packets with tun-id 1000 can be recived by tun dev. But packet can't be sent through dev tun for non-tunnel-dst With this patch: tunnel-dst can be get through lwtunnel like beflow: ip r a 10.0.0.7 encap ip dst 172.168.0.11 dev tun Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
13f83e6b9f |
This is the 4.14.155 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3VcYsACgkQONu9yGCS aT6fhBAAkOAqOPmavJ5BewjoFiX1JFreyntmC93FL9n46jXp2reBRsZFv2Fz0r3j kZ62cctlbWMlNLLQAjJMNMo5cERJ8divu+Q4OZcANTrQ3taQxnJD66X8CeruA9Nq 1eoE9O8/egZ+hs3lfqX78icETndT8nMU1+yai3R9VnErMixShBSCxFSn1lcooq4B J4CrwIHmUpSmDwL9yjKwn+iPbKItALrCeDBfTX84ZmjbfGUitFEoYVLp2wYolCxp P97gxz/hGjSntk9uGNvAkJCNUhEDMZQ1l/wGdImEwhhvae82kxzin7dhlCTqsgj7 VEMUC+wIM40tIsaeXJHcoB7o6g1QFhC83BiYJT7W06kbNAObE7st/kvshoHP5eFy WtHWHYGek+7gzPEE93eJP9HaA5iK1s0NKmLc1Ux2EuVRscqGH/DJBGXqqBG1kh9K uAZzadEV+ORVN/NPGD2mZm7fSfKzxy2HBbXYd7v2+539BaUidFUl1lV14b4dA8Ik eDG/a8+P7qjfkVeFfIagLKqGU3JXZhRGPxahkRaPpgPu8h7wuRVbgWqPiapmfEPZ 1a19Tz4FH7dzNKbJhh8u9ETHJjvb9f5tfwiszIEpgpbdV8y/YHGnfKIhxxmRmwmh 8RcD2ytprfGO60cBRkesAHvwbW1UAfCy3HkAt2/C/uDoEDGWxWA= =O/ql -----END PGP SIGNATURE----- Merge 4.14.155 into android-4.14-q Changes in 4.14.155 kvm: mmu: Don't read PDPTEs when paging is not enabled KVM: x86: introduce is_pae_paging MIPS: BCM63XX: fix switch core reset on BCM6368 scsi: core: Handle drivers which set sg_tablesize to zero Revert "Input: synaptics-rmi4 - avoid processing unknown IRQs" powerpc/perf: Fix IMC_MAX_PMU macro powerpc/perf: Fix kfree memory allocated for nest pmus ax88172a: fix information leak on short answers net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules slip: Fix memory leak in slip_open error path ALSA: usb-audio: Fix missing error check at mixer resolution test ALSA: usb-audio: not submit urb for stopped endpoint Input: ff-memless - kill timer in destroy() Input: synaptics-rmi4 - fix video buffer size Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) Input: synaptics-rmi4 - clear IRQ enables for F54 Input: synaptics-rmi4 - destroy F54 poller workqueue when removing IB/hfi1: Ensure full Gen3 speed in a Gen4 system i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() mmc: sdhci-of-at91: fix quirk2 overwrite iio: adc: max9611: explicitly cast gain_selectors tee: optee: take DT status property into account ath10k: fix kernel panic by moving pci flush after napi_disable iio: dac: mcp4922: fix error handling in mcp4922_write_raw arm64: dts: allwinner: a64: Olinuxino: fix DRAM voltage arm64: dts: allwinner: a64: NanoPi-A64: Fix DCDC1 voltage ALSA: pcm: signedness bug in snd_pcm_plug_alloc() arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 rtc: rv8803: fix the rv8803 id in the OF table remoteproc/davinci: Use %zx for formating size_t extcon: cht-wc: Return from default case to avoid warnings cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set ALSA: seq: Do error checks at creating system ports ath9k: fix tx99 with monitor mode interface ath10k: limit available channels via DT ieee80211-freq-limit gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated ASoC: dpcm: Properly initialise hw->rate_max pinctrl: ingenic: Probe driver at subsys_initcall MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook liquidio: fix race condition in instruction completion processing ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks i40e: use correct length for strncpy i40e: hold the rtnl lock on clearing interrupt scheme i40e: Prevent deleting MAC address from VF when set by PF IB/rxe: fixes for rdma read retry iwlwifi: don't WARN on trying to dump dead firmware iwlwifi: mvm: avoid sending too many BARs ARM: dts: pxa: fix the rtc controller ARM: dts: pxa: fix power i2c base address rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument soc: imx: gpc: fix PDN delay ASoC: rsnd: ssi: Fix issue in dma data address assignment net: phy: mscc: read 'vsc8531,vddmac' as an u32 net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 ARM: dts: meson8: fix the clock controller register size ARM: dts: meson8b: fix the clock controller register size net: lan78xx: Bail out if lan78xx_get_endpoints fails ASoC: sgtl5000: avoid division by zero if lo_vag is zero ARM: dts: exynos: Disable pull control for S5M8767 PMIC ath10k: wmi: disable softirq's while calling ieee80211_rx IB/ipoib: Ensure that MTU isn't less than minimum permitted RDMA/core: Rate limit MAD error messages RDMA/core: Follow correct unregister order between sysfs and cgroup mips: txx9: fix iounmap related issue ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files ARM: dts: omap3-gta04: fixes for tvout / venc ARM: dts: omap3-gta04: tvout: enable as display1 alias ARM: dts: omap3-gta04: fix touchscreen tsc2007 ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot ARM: dts: omap3-gta04: keep vpll2 always on sched/debug: Use symbolic names for task state constants arm64: dts: rockchip: Fix VCC5V0_HOST_EN on rk3399-sapphire dmaengine: dma-jz4780: Don't depend on MACH_JZ4780 dmaengine: dma-jz4780: Further residue status fix EDAC, sb_edac: Return early on ADDRV bit and address type test rtc: mt6397: fix possible race condition rtc: pl030: fix possible race condition ath9k: add back support for using active monitor interfaces for tx99 IB/hfi1: Missing return value in error path for user sdma signal: Always ignore SIGKILL and SIGSTOP sent to the global init signal: Properly deliver SIGILL from uprobes signal: Properly deliver SIGSEGV from x86 uprobes f2fs: fix memory leak of percpu counter in fill_super() scsi: qla2xxx: Fix iIDMA error scsi: qla2xxx: Defer chip reset until target mode is enabled scsi: qla2xxx: Fix dropped srb resource. scsi: lpfc: Fix errors in log messages. scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set scsi: pm80xx: Corrected dma_unmap_sg() parameter scsi: pm80xx: Fixed system hang issue during kexec boot kprobes: Don't call BUG_ON() if there is a kprobe in use on free list Drivers: hv: vmbus: Fix synic per-cpu context initialization nvmem: core: return error code instead of NULL from nvmem_device_get media: dt-bindings: adv748x: Fix decimal unit addresses media: fix: media: pci: meye: validate offset to avoid arbitrary access media: dvb: fix compat ioctl translation arm64: dts: meson: libretech: update board model ALSA: intel8x0m: Register irq handler after register initializations pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() llc: avoid blocking in llc_sap_close() ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value soc: qcom: wcnss_ctrl: Avoid string overflow powerpc/vdso: Correct call frame information ARM: dts: socfpga: Fix I2C bus unit-address error pinctrl: at91: don't use the same irqchip with multiple gpiochips cxgb4: Fix endianness issue in t4_fwcache() blok, bfq: do not plug I/O if all queues are weight-raised arm64: dts: meson: Fix erroneous SPI bus warnings power: supply: ab8500_fg: silence uninitialized variable warnings power: reset: at91-poweroff: do not procede if at91_shdwc is allocated power: supply: max8998-charger: Fix platform data retrieval component: fix loop condition to call unbind() if bind() fails kernfs: Fix range checks in kernfs_get_target_path ip_gre: fix parsing gre header in ipgre_err ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036 ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask ath9k: Fix a locking bug in ath9k_add_interface() s390/qeth: invoke softirqs after napi_schedule() PCI/ACPI: Correct error message for ASPM disabling serial: uartps: Fix suspend functionality serial: samsung: Enable baud clock for UART reset procedure in resume serial: mxs-auart: Fix potential infinite loop samples/bpf: fix a compilation failure spi: mediatek: Don't modify spi_transfer when transfer. ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address net: hns3: fix return type of ndo_start_xmit function powerpc/iommu: Avoid derefence before pointer check powerpc/64s/hash: Fix stab_rr off by one initialization powerpc/pseries: Disable CPU hotplug across migrations powerpc: Fix duplicate const clang warning in user access code RDMA/i40iw: Fix incorrect iterator type OPP: Protect dev_list with opp_table lock libfdt: Ensure INT_MAX is defined in libfdt_env.h power: supply: twl4030_charger: fix charging current out-of-bounds power: supply: twl4030_charger: disable eoc interrupt on linear charge net: toshiba: fix return type of ndo_start_xmit function net: xilinx: fix return type of ndo_start_xmit function net: broadcom: fix return type of ndo_start_xmit function net: amd: fix return type of ndo_start_xmit function net: sun: fix return type of ndo_start_xmit function net: hns3: Fix for setting speed for phy failed problem net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() nfp: provide a better warning when ring allocation fails usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started usb: chipidea: Fix otg event handler mlxsw: spectrum: Init shaper for TCs 8..15 ARM: dts: am335x-evm: fix number of cpsw f2fs: fix to recover inode's uid/gid during POR ARM: dts: ux500: Correct SCU unit address ARM: dts: ux500: Fix LCDA clock line muxing ARM: dts: ste: Fix SPI controller node names spi: pic32: Use proper enum in dmaengine_prep_slave_rg cpufeature: avoid warning when compiling with clang crypto: arm/crc32 - avoid warning when compiling with Clang ARM: dts: marvell: Fix SPI and I2C bus warnings x86/mce-inject: Reset injection struct after injection ARM: dts: clearfog: fix sdhci supply property name bnx2x: Ignore bandwidth attention in single function mode samples/bpf: fix compilation failure net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider net: micrel: fix return type of ndo_start_xmit function net: freescale: fix return type of ndo_start_xmit function x86/CPU: Use correct macros for Cyrix calls x86/CPU: Change query logic so CPUID is enabled before testing MIPS: kexec: Relax memory restriction arm64: dts: rockchip: Fix microSD in rk3399 sapphire board media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() media: au0828: Fix incorrect error messages media: davinci: Fix implicit enum conversion warning ARM: dts: rockchip: explicitly set vcc_sd0 pin to gpio on rk3188-radxarock usb: gadget: uvc: configfs: Drop leaked references to config items usb: gadget: uvc: configfs: Prevent format changes after linking header i2c: aspeed: fix invalid clock parameters for very large divisors phy: brcm-sata: allow PHY_BRCM_SATA driver to be built for DSL SoCs phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs phy: phy-twl4030-usb: fix denied runtime access usb: gadget: uvc: Factor out video USB request queueing usb: gadget: uvc: Only halt video streaming endpoint in bulk mode coresight: Fix handling of sinks coresight: perf: Fix per cpu path management coresight: perf: Disable trace path upon source error coresight: etm4x: Configure EL2 exception level when kernel is running in HYP coresight: tmc: Fix byte-address alignment for RRP misc: kgdbts: Fix restrict error misc: genwqe: should return proper error value. vfio/pci: Fix potential memory leak in vfio_msi_cap_len vfio/pci: Mask buggy SR-IOV VF INTx support scsi: libsas: always unregister the old device if going to discover new phy: lantiq: Fix compile warning ARM: dts: tegra30: fix xcvr-setup-use-fuses ARM: tegra: apalis_t30: fix mmc1 cmd pull-up ARM: dts: paz00: fix wakeup gpio keycode net: smsc: fix return type of ndo_start_xmit function net: faraday: fix return type of ndo_start_xmit function f2fs: fix to recover inode's project id during POR f2fs: mark inode dirty explicitly in recover_inode() EDAC: Raise the maximum number of memory controllers ARM: dts: realview: Fix SPI controller node names firmware: dell_rbu: Make payload memory uncachable Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS x86/hyperv: Suppress "PCI: Fatal: No config space access function found" crypto: s5p-sss: Fix Fix argument list alignment crypto: fix a memory leak in rsa-kcs1pad's encryption mode iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump iwlwifi: api: annotate compressed BA notif array sizes iwlwifi: mvm: Allow TKIP for AP mode scsi: NCR5380: Clear all unissued commands on host reset scsi: NCR5380: Have NCR5380_select() return a bool scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data scsi: NCR5380: Check for invalid reselection target scsi: NCR5380: Don't clear busy flag when abort fails scsi: NCR5380: Don't call dsprintk() following reselection interrupt scsi: NCR5380: Handle BUS FREE during reselection scsi: NCR5380: Check for bus reset arm64: dts: amd: Fix SPI bus warnings arm64: dts: lg: Fix SPI controller node names ARM: dts: lpc32xx: Fix SPI controller node names rtc: armada38x: fix possible race condition netfilter: masquerade: don't flush all conntracks if only one address deleted on device usb: xhci-mtk: fix ISOC error when interval is zero fuse: use READ_ONCE on congestion_threshold and max_background IB/iser: Fix possible NULL deref at iser_inv_desc() net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused memfd: Use radix_tree_deref_slot_protected to avoid the warning. slcan: Fix memory leak in error path Linux 4.14.155 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
7bc77fd339 |
This is the 4.14.155 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3VcYsACgkQONu9yGCS aT6fhBAAkOAqOPmavJ5BewjoFiX1JFreyntmC93FL9n46jXp2reBRsZFv2Fz0r3j kZ62cctlbWMlNLLQAjJMNMo5cERJ8divu+Q4OZcANTrQ3taQxnJD66X8CeruA9Nq 1eoE9O8/egZ+hs3lfqX78icETndT8nMU1+yai3R9VnErMixShBSCxFSn1lcooq4B J4CrwIHmUpSmDwL9yjKwn+iPbKItALrCeDBfTX84ZmjbfGUitFEoYVLp2wYolCxp P97gxz/hGjSntk9uGNvAkJCNUhEDMZQ1l/wGdImEwhhvae82kxzin7dhlCTqsgj7 VEMUC+wIM40tIsaeXJHcoB7o6g1QFhC83BiYJT7W06kbNAObE7st/kvshoHP5eFy WtHWHYGek+7gzPEE93eJP9HaA5iK1s0NKmLc1Ux2EuVRscqGH/DJBGXqqBG1kh9K uAZzadEV+ORVN/NPGD2mZm7fSfKzxy2HBbXYd7v2+539BaUidFUl1lV14b4dA8Ik eDG/a8+P7qjfkVeFfIagLKqGU3JXZhRGPxahkRaPpgPu8h7wuRVbgWqPiapmfEPZ 1a19Tz4FH7dzNKbJhh8u9ETHJjvb9f5tfwiszIEpgpbdV8y/YHGnfKIhxxmRmwmh 8RcD2ytprfGO60cBRkesAHvwbW1UAfCy3HkAt2/C/uDoEDGWxWA= =O/ql -----END PGP SIGNATURE----- Merge 4.14.155 into android-4.14 Changes in 4.14.155 kvm: mmu: Don't read PDPTEs when paging is not enabled KVM: x86: introduce is_pae_paging MIPS: BCM63XX: fix switch core reset on BCM6368 scsi: core: Handle drivers which set sg_tablesize to zero Revert "Input: synaptics-rmi4 - avoid processing unknown IRQs" powerpc/perf: Fix IMC_MAX_PMU macro powerpc/perf: Fix kfree memory allocated for nest pmus ax88172a: fix information leak on short answers net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules slip: Fix memory leak in slip_open error path ALSA: usb-audio: Fix missing error check at mixer resolution test ALSA: usb-audio: not submit urb for stopped endpoint Input: ff-memless - kill timer in destroy() Input: synaptics-rmi4 - fix video buffer size Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) Input: synaptics-rmi4 - clear IRQ enables for F54 Input: synaptics-rmi4 - destroy F54 poller workqueue when removing IB/hfi1: Ensure full Gen3 speed in a Gen4 system i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() mmc: sdhci-of-at91: fix quirk2 overwrite iio: adc: max9611: explicitly cast gain_selectors tee: optee: take DT status property into account ath10k: fix kernel panic by moving pci flush after napi_disable iio: dac: mcp4922: fix error handling in mcp4922_write_raw arm64: dts: allwinner: a64: Olinuxino: fix DRAM voltage arm64: dts: allwinner: a64: NanoPi-A64: Fix DCDC1 voltage ALSA: pcm: signedness bug in snd_pcm_plug_alloc() arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 rtc: rv8803: fix the rv8803 id in the OF table remoteproc/davinci: Use %zx for formating size_t extcon: cht-wc: Return from default case to avoid warnings cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set ALSA: seq: Do error checks at creating system ports ath9k: fix tx99 with monitor mode interface ath10k: limit available channels via DT ieee80211-freq-limit gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated ASoC: dpcm: Properly initialise hw->rate_max pinctrl: ingenic: Probe driver at subsys_initcall MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook liquidio: fix race condition in instruction completion processing ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks i40e: use correct length for strncpy i40e: hold the rtnl lock on clearing interrupt scheme i40e: Prevent deleting MAC address from VF when set by PF IB/rxe: fixes for rdma read retry iwlwifi: don't WARN on trying to dump dead firmware iwlwifi: mvm: avoid sending too many BARs ARM: dts: pxa: fix the rtc controller ARM: dts: pxa: fix power i2c base address rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument soc: imx: gpc: fix PDN delay ASoC: rsnd: ssi: Fix issue in dma data address assignment net: phy: mscc: read 'vsc8531,vddmac' as an u32 net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 ARM: dts: meson8: fix the clock controller register size ARM: dts: meson8b: fix the clock controller register size net: lan78xx: Bail out if lan78xx_get_endpoints fails ASoC: sgtl5000: avoid division by zero if lo_vag is zero ARM: dts: exynos: Disable pull control for S5M8767 PMIC ath10k: wmi: disable softirq's while calling ieee80211_rx IB/ipoib: Ensure that MTU isn't less than minimum permitted RDMA/core: Rate limit MAD error messages RDMA/core: Follow correct unregister order between sysfs and cgroup mips: txx9: fix iounmap related issue ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files ARM: dts: omap3-gta04: fixes for tvout / venc ARM: dts: omap3-gta04: tvout: enable as display1 alias ARM: dts: omap3-gta04: fix touchscreen tsc2007 ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot ARM: dts: omap3-gta04: keep vpll2 always on sched/debug: Use symbolic names for task state constants arm64: dts: rockchip: Fix VCC5V0_HOST_EN on rk3399-sapphire dmaengine: dma-jz4780: Don't depend on MACH_JZ4780 dmaengine: dma-jz4780: Further residue status fix EDAC, sb_edac: Return early on ADDRV bit and address type test rtc: mt6397: fix possible race condition rtc: pl030: fix possible race condition ath9k: add back support for using active monitor interfaces for tx99 IB/hfi1: Missing return value in error path for user sdma signal: Always ignore SIGKILL and SIGSTOP sent to the global init signal: Properly deliver SIGILL from uprobes signal: Properly deliver SIGSEGV from x86 uprobes f2fs: fix memory leak of percpu counter in fill_super() scsi: qla2xxx: Fix iIDMA error scsi: qla2xxx: Defer chip reset until target mode is enabled scsi: qla2xxx: Fix dropped srb resource. scsi: lpfc: Fix errors in log messages. scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set scsi: pm80xx: Corrected dma_unmap_sg() parameter scsi: pm80xx: Fixed system hang issue during kexec boot kprobes: Don't call BUG_ON() if there is a kprobe in use on free list Drivers: hv: vmbus: Fix synic per-cpu context initialization nvmem: core: return error code instead of NULL from nvmem_device_get media: dt-bindings: adv748x: Fix decimal unit addresses media: fix: media: pci: meye: validate offset to avoid arbitrary access media: dvb: fix compat ioctl translation arm64: dts: meson: libretech: update board model ALSA: intel8x0m: Register irq handler after register initializations pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() llc: avoid blocking in llc_sap_close() ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value soc: qcom: wcnss_ctrl: Avoid string overflow powerpc/vdso: Correct call frame information ARM: dts: socfpga: Fix I2C bus unit-address error pinctrl: at91: don't use the same irqchip with multiple gpiochips cxgb4: Fix endianness issue in t4_fwcache() blok, bfq: do not plug I/O if all queues are weight-raised arm64: dts: meson: Fix erroneous SPI bus warnings power: supply: ab8500_fg: silence uninitialized variable warnings power: reset: at91-poweroff: do not procede if at91_shdwc is allocated power: supply: max8998-charger: Fix platform data retrieval component: fix loop condition to call unbind() if bind() fails kernfs: Fix range checks in kernfs_get_target_path ip_gre: fix parsing gre header in ipgre_err ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036 ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask ath9k: Fix a locking bug in ath9k_add_interface() s390/qeth: invoke softirqs after napi_schedule() PCI/ACPI: Correct error message for ASPM disabling serial: uartps: Fix suspend functionality serial: samsung: Enable baud clock for UART reset procedure in resume serial: mxs-auart: Fix potential infinite loop samples/bpf: fix a compilation failure spi: mediatek: Don't modify spi_transfer when transfer. ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address net: hns3: fix return type of ndo_start_xmit function powerpc/iommu: Avoid derefence before pointer check powerpc/64s/hash: Fix stab_rr off by one initialization powerpc/pseries: Disable CPU hotplug across migrations powerpc: Fix duplicate const clang warning in user access code RDMA/i40iw: Fix incorrect iterator type OPP: Protect dev_list with opp_table lock libfdt: Ensure INT_MAX is defined in libfdt_env.h power: supply: twl4030_charger: fix charging current out-of-bounds power: supply: twl4030_charger: disable eoc interrupt on linear charge net: toshiba: fix return type of ndo_start_xmit function net: xilinx: fix return type of ndo_start_xmit function net: broadcom: fix return type of ndo_start_xmit function net: amd: fix return type of ndo_start_xmit function net: sun: fix return type of ndo_start_xmit function net: hns3: Fix for setting speed for phy failed problem net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() nfp: provide a better warning when ring allocation fails usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started usb: chipidea: Fix otg event handler mlxsw: spectrum: Init shaper for TCs 8..15 ARM: dts: am335x-evm: fix number of cpsw f2fs: fix to recover inode's uid/gid during POR ARM: dts: ux500: Correct SCU unit address ARM: dts: ux500: Fix LCDA clock line muxing ARM: dts: ste: Fix SPI controller node names spi: pic32: Use proper enum in dmaengine_prep_slave_rg cpufeature: avoid warning when compiling with clang crypto: arm/crc32 - avoid warning when compiling with Clang ARM: dts: marvell: Fix SPI and I2C bus warnings x86/mce-inject: Reset injection struct after injection ARM: dts: clearfog: fix sdhci supply property name bnx2x: Ignore bandwidth attention in single function mode samples/bpf: fix compilation failure net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider net: micrel: fix return type of ndo_start_xmit function net: freescale: fix return type of ndo_start_xmit function x86/CPU: Use correct macros for Cyrix calls x86/CPU: Change query logic so CPUID is enabled before testing MIPS: kexec: Relax memory restriction arm64: dts: rockchip: Fix microSD in rk3399 sapphire board media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() media: au0828: Fix incorrect error messages media: davinci: Fix implicit enum conversion warning ARM: dts: rockchip: explicitly set vcc_sd0 pin to gpio on rk3188-radxarock usb: gadget: uvc: configfs: Drop leaked references to config items usb: gadget: uvc: configfs: Prevent format changes after linking header i2c: aspeed: fix invalid clock parameters for very large divisors phy: brcm-sata: allow PHY_BRCM_SATA driver to be built for DSL SoCs phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs phy: phy-twl4030-usb: fix denied runtime access usb: gadget: uvc: Factor out video USB request queueing usb: gadget: uvc: Only halt video streaming endpoint in bulk mode coresight: Fix handling of sinks coresight: perf: Fix per cpu path management coresight: perf: Disable trace path upon source error coresight: etm4x: Configure EL2 exception level when kernel is running in HYP coresight: tmc: Fix byte-address alignment for RRP misc: kgdbts: Fix restrict error misc: genwqe: should return proper error value. vfio/pci: Fix potential memory leak in vfio_msi_cap_len vfio/pci: Mask buggy SR-IOV VF INTx support scsi: libsas: always unregister the old device if going to discover new phy: lantiq: Fix compile warning ARM: dts: tegra30: fix xcvr-setup-use-fuses ARM: tegra: apalis_t30: fix mmc1 cmd pull-up ARM: dts: paz00: fix wakeup gpio keycode net: smsc: fix return type of ndo_start_xmit function net: faraday: fix return type of ndo_start_xmit function f2fs: fix to recover inode's project id during POR f2fs: mark inode dirty explicitly in recover_inode() EDAC: Raise the maximum number of memory controllers ARM: dts: realview: Fix SPI controller node names firmware: dell_rbu: Make payload memory uncachable Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS x86/hyperv: Suppress "PCI: Fatal: No config space access function found" crypto: s5p-sss: Fix Fix argument list alignment crypto: fix a memory leak in rsa-kcs1pad's encryption mode iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump iwlwifi: api: annotate compressed BA notif array sizes iwlwifi: mvm: Allow TKIP for AP mode scsi: NCR5380: Clear all unissued commands on host reset scsi: NCR5380: Have NCR5380_select() return a bool scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data scsi: NCR5380: Check for invalid reselection target scsi: NCR5380: Don't clear busy flag when abort fails scsi: NCR5380: Don't call dsprintk() following reselection interrupt scsi: NCR5380: Handle BUS FREE during reselection scsi: NCR5380: Check for bus reset arm64: dts: amd: Fix SPI bus warnings arm64: dts: lg: Fix SPI controller node names ARM: dts: lpc32xx: Fix SPI controller node names rtc: armada38x: fix possible race condition netfilter: masquerade: don't flush all conntracks if only one address deleted on device usb: xhci-mtk: fix ISOC error when interval is zero fuse: use READ_ONCE on congestion_threshold and max_background IB/iser: Fix possible NULL deref at iser_inv_desc() net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused memfd: Use radix_tree_deref_slot_protected to avoid the warning. slcan: Fix memory leak in error path Linux 4.14.155 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Tan Hu
|
85562d7a4f |
netfilter: masquerade: don't flush all conntracks if only one address deleted on device
[ Upstream commit 097f95d319f817e651bd51f8846aced92a55a6a1 ] We configured iptables as below, which only allowed incoming data on established connections: iptables -t mangle -A PREROUTING -m state --state ESTABLISHED -j ACCEPT iptables -t mangle -P PREROUTING DROP When deleting a secondary address, current masquerade implements would flush all conntracks on this device. All the established connections on primary address also be deleted, then subsequent incoming data on the connections would be dropped wrongly because it was identified as NEW connection. So when an address was delete, it should only flush connections related with the address. Signed-off-by: Tan Hu <tan.hu@zte.com.cn> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Haishuang Yan
|
592f63897b |
ip_gre: fix parsing gre header in ipgre_err
[ Upstream commit b0350d51f001e6edc13ee4f253b98b50b05dd401 ]
gre_parse_header stops parsing when csum_err is encountered, which means
tpi->key is undefined and ip_tunnel_lookup will return NULL improperly.
This patch introduce a NULL pointer as csum_err parameter. Even when
csum_err is encountered, it won't return error and continue parsing gre
header as expected.
Fixes: 9f57c67c379d ("gre: Remove support for sharing GRE protocol hook.")
Reported-by: Jiri Benc <jbenc@redhat.com>
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
babe48d2e9 |
This is the 4.14.154 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3K950ACgkQONu9yGCS aT7RzBAAujUlFkoT646z8Zi6najTF9/Bcpkt48h0QbGAlp44OvwzqTv0Vk9cp6hy WdCLIvH5SE2MzokMzIoanr4p2JKTBNk1FxCUYdXgGfETNbraplNRQ9yxyWo2G7Ic koWhEwQO2u7bbalD+kxbfG6w3yQN1mpTzUFzTS5lsK2IMD4WrNk0V2CNEZAPNBf/ QBig/z8ixbEHRvp7uFI/v8W/QyimQ1uVxs9nsVsAlgsQA+hUnywRXaYgeYRjEw+s x7g3FCxuvjzNEpboijSTXiUqbY33HCnSoRB+GC4IzdDQ6MBJ8blC96+jBpQM2Vhf 1nHqMB6G4BRVuC4dI/XQ3KxGxsVGEwgzuQags4mMHgXeudVoYQgntjpJlJyu5h5Y yQ4NZSRiKDY27AO1tnst2jjQwNDGF8dS4FPB/KpCNGjOlzFb351q34Lqj8fEoCt6 O3822FFjA5OhnrlqgRwIuf2qN8po+iJWR2Dg3jZXizs/eO2PBZ1h5tUNDB03MQEr Y43DeRogWCFoaYTET198qBw6pJGNYbmKR2H0LAlGpyJsGkfsSHQVks+KT5EaiCCL 96hRGZ5V1vs/hdqAB1rDMG7AVXQC51zOK5aMjvJ0jzEjRCO2fulOHH0nfaQAGhaD JhZc8eYouLj1p1+3K7yHzYZSWdzDH11182a7aHA5wd8ZTBonr0A= =qwqY -----END PGP SIGNATURE----- Merge 4.14.154 into android-4.14 Changes in 4.14.154 bonding: fix state transition issue in link monitoring CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: ethernet: octeon_mgmt: Account for second possible VLAN header net: fix data-race in neigh_event_send() net: qualcomm: rmnet: Fix potential UAF when unregistering net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock tools: gpio: Use !building_out_of_srctree to determine srctree perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue HID: wacom: generic: Treat serial number and related fields as unsigned arm64: Do not mask out PTE_RDONLY in pte_same() ceph: fix use-after-free in __ceph_remove_cap() ceph: add missing check in d_revalidate snapdir handling iio: adc: stm32-adc: fix stopping dma iio: imu: adis16480: make sure provided frequency is positive iio: srf04: fix wrong limitation in distance measuring netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() intel_th: pci: Add Comet Lake PCH support intel_th: pci: Add Jasper Lake PCH support can: usb_8dev: fix use-after-free on disconnect can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak can: gs_usb: gs_can_open(): prevent memory leak can: mcba_usb: fix use-after-free on disconnect can: peak_usb: fix slab info leak configfs: Fix bool initialization/comparison configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() usb: dwc3: Allow disabling of metastability workaround mfd: palmas: Assign the right powerhold mask for tps65917 ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes mtd: spi-nor: enable 4B opcodes for mx66l51235l mtd: spi-nor: cadence-quadspi: add a delay in write sequence misc: pci_endpoint_test: Prevent some integer overflows PCI: dra7xx: Add shutdown handler to cleanly turn off clocks misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi() mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone ASoC: tlv320dac31xx: mark expected switch fall-through ASoC: davinci-mcasp: Handle return value of devm_kasprintf ASoC: davinci: Kill BUG_ON() usage ASoC: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' i2c: omap: Trigger bus recovery in lockup case cpufreq: ti-cpufreq: add missing of_node_put() ARM: dts: dra7: Disable USB metastability workaround for USB2 sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices sched/fair: Fix -Wunused-but-set-variable warnings lib/scatterlist: Introduce sgl_alloc() and sgl_free() usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Implement SG support to vhci-hcd and stub driver PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() RDMA/qedr: Fix reported firmware version net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq scsi: qla2xxx: fixup incorrect usage of host_byte RDMA/uverbs: Prevent potential underflow net: openvswitch: free vport unless register_netdevice() succeeds scsi: lpfc: Honor module parameter lpfc_use_adisc scsi: qla2xxx: Initialized mailbox to prevent driver load failure ipvs: don't ignore errors in case refcounting ip_vs module fails ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset macsec: fix refcnt leak in module exit routine usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) USB: Skip endpoints with 0 maxpacket length USB: ldusb: use unsigned size format specifiers RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case scsi: qla2xxx: stop timer in shutdown path fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" hv_netvsc: Fix error handling in netvsc_attach() NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks x86/apic: Move pending interrupt check code into it's own function x86/apic: Drop logical_smp_processor_id() inline x86/apic/32: Avoid bogus LDR warnings can: flexcan: disable completely the ECC mechanism mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead usbip: Fix free of unallocated memory in vhci tx net: prevent load/store tearing on sk->sk_stamp drm/i915/gtt: Add read only pages to gen8_pte_encode drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Disable read-only support under GVT drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check past the cmd length. drm/i915: Silence smatch for cmdparser drm/i915: Don't use GPU relocations prior to cmdparser stalls drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing KVM: x86: use Intel speculation bugs and features as derived in generic x86 code x86/msr: Add the IA32_TSX_CTRL MSR x86/cpu: Add a helper function x86_read_arch_cap_msr() x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default x86/speculation/taa: Add mitigation for TSX Async Abort x86/speculation/taa: Add sysfs reporting for TSX Async Abort kvm/x86: Export MDS_NO=0 to guests when TSX is enabled x86/tsx: Add "auto" option to the tsx= cmdline parameter x86/speculation/taa: Add documentation for TSX Async Abort x86/tsx: Add config options to set tsx=on|off|auto x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs x86/bugs: Add ITLB_MULTIHIT bug infrastructure x86/cpu: Add Tremont to the cpu vulnerability whitelist cpu/speculation: Uninline and export CPU mitigations helpers Documentation: Add ITLB_MULTIHIT documentation kvm: x86, powerpc: do not allow clearing largepages debugfs entry kvm: Convert kvm_lock to a mutex kvm: mmu: Do not release the page inside mmu_set_spte() KVM: x86: make FNAME(fetch) and __direct_map more similar KVM: x86: remove now unneeded hugepage gfn adjustment KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON KVM: x86: add tracepoints around __direct_map and FNAME(fetch) KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active kvm: mmu: ITLB_MULTIHIT mitigation kvm: Add helper function for creating VM worker threads kvm: x86: mmu: Recovery of shattered NX large pages Linux 4.14.154 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
b7f526714d |
This is the 4.14.154 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3K950ACgkQONu9yGCS aT7RzBAAujUlFkoT646z8Zi6najTF9/Bcpkt48h0QbGAlp44OvwzqTv0Vk9cp6hy WdCLIvH5SE2MzokMzIoanr4p2JKTBNk1FxCUYdXgGfETNbraplNRQ9yxyWo2G7Ic koWhEwQO2u7bbalD+kxbfG6w3yQN1mpTzUFzTS5lsK2IMD4WrNk0V2CNEZAPNBf/ QBig/z8ixbEHRvp7uFI/v8W/QyimQ1uVxs9nsVsAlgsQA+hUnywRXaYgeYRjEw+s x7g3FCxuvjzNEpboijSTXiUqbY33HCnSoRB+GC4IzdDQ6MBJ8blC96+jBpQM2Vhf 1nHqMB6G4BRVuC4dI/XQ3KxGxsVGEwgzuQags4mMHgXeudVoYQgntjpJlJyu5h5Y yQ4NZSRiKDY27AO1tnst2jjQwNDGF8dS4FPB/KpCNGjOlzFb351q34Lqj8fEoCt6 O3822FFjA5OhnrlqgRwIuf2qN8po+iJWR2Dg3jZXizs/eO2PBZ1h5tUNDB03MQEr Y43DeRogWCFoaYTET198qBw6pJGNYbmKR2H0LAlGpyJsGkfsSHQVks+KT5EaiCCL 96hRGZ5V1vs/hdqAB1rDMG7AVXQC51zOK5aMjvJ0jzEjRCO2fulOHH0nfaQAGhaD JhZc8eYouLj1p1+3K7yHzYZSWdzDH11182a7aHA5wd8ZTBonr0A= =qwqY -----END PGP SIGNATURE----- Merge 4.14.154 into android-4.14-q Changes in 4.14.154 bonding: fix state transition issue in link monitoring CDC-NCM: handle incomplete transfer of MTU ipv4: Fix table id reference in fib_sync_down_addr net: ethernet: octeon_mgmt: Account for second possible VLAN header net: fix data-race in neigh_event_send() net: qualcomm: rmnet: Fix potential UAF when unregistering net: usb: qmi_wwan: add support for DW5821e with eSIM support NFC: fdp: fix incorrect free object nfc: netlink: fix double device reference drop NFC: st21nfca: fix double free qede: fix NULL pointer deref in __qede_remove() ALSA: timer: Fix incorrectly assigned timer instance ALSA: bebob: fix to detect configured source of sampling clock for Focusrite Saffire Pro i/o series ALSA: hda/ca0132 - Fix possible workqueue stall mm: thp: handle page cache THP correctly in PageTransCompoundMap mm, vmstat: hide /proc/pagetypeinfo from normal users dump_stack: avoid the livelock of the dump_lock tools: gpio: Use !building_out_of_srctree to determine srctree perf tools: Fix time sorting drm/radeon: fix si_enable_smc_cac() failed issue HID: wacom: generic: Treat serial number and related fields as unsigned arm64: Do not mask out PTE_RDONLY in pte_same() ceph: fix use-after-free in __ceph_remove_cap() ceph: add missing check in d_revalidate snapdir handling iio: adc: stm32-adc: fix stopping dma iio: imu: adis16480: make sure provided frequency is positive iio: srf04: fix wrong limitation in distance measuring netfilter: nf_tables: Align nft_expr private data to 64-bit netfilter: ipset: Fix an error code in ip_set_sockfn_get() intel_th: pci: Add Comet Lake PCH support intel_th: pci: Add Jasper Lake PCH support can: usb_8dev: fix use-after-free on disconnect can: c_can: c_can_poll(): only read status register after status IRQ can: peak_usb: fix a potential out-of-sync while decoding packets can: rx-offload: can_rx_offload_queue_sorted(): fix error handling, avoid skb mem leak can: gs_usb: gs_can_open(): prevent memory leak can: mcba_usb: fix use-after-free on disconnect can: peak_usb: fix slab info leak configfs: Fix bool initialization/comparison configfs: stash the data we need into configfs_buffer at open time configfs_register_group() shouldn't be (and isn't) called in rmdirable parts configfs: new object reprsenting tree fragments configfs: provide exclusion between IO and removals configfs: fix a deadlock in configfs_symlink() usb: dwc3: Allow disabling of metastability workaround mfd: palmas: Assign the right powerhold mask for tps65917 ASoC: tlv320aic31xx: Handle inverted BCLK in non-DSP modes mtd: spi-nor: enable 4B opcodes for mx66l51235l mtd: spi-nor: cadence-quadspi: add a delay in write sequence misc: pci_endpoint_test: Prevent some integer overflows PCI: dra7xx: Add shutdown handler to cleanly turn off clocks misc: pci_endpoint_test: Fix BUG_ON error during pci_disable_msi() mailbox: reset txdone_method TXDONE_BY_POLL if client knows_txdone ASoC: tlv320dac31xx: mark expected switch fall-through ASoC: davinci-mcasp: Handle return value of devm_kasprintf ASoC: davinci: Kill BUG_ON() usage ASoC: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' i2c: omap: Trigger bus recovery in lockup case cpufreq: ti-cpufreq: add missing of_node_put() ARM: dts: dra7: Disable USB metastability workaround for USB2 sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices sched/fair: Fix -Wunused-but-set-variable warnings lib/scatterlist: Introduce sgl_alloc() and sgl_free() usbip: Fix vhci_urb_enqueue() URB null transfer buffer error path usbip: stub_rx: fix static checker warning on unnecessary checks usbip: Implement SG support to vhci-hcd and stub driver PCI: tegra: Enable Relaxed Ordering only for Tegra20 & Tegra30 dmaengine: xilinx_dma: Fix control reg update in vdma_channel_set_config HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() RDMA/qedr: Fix reported firmware version net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq scsi: qla2xxx: fixup incorrect usage of host_byte RDMA/uverbs: Prevent potential underflow net: openvswitch: free vport unless register_netdevice() succeeds scsi: lpfc: Honor module parameter lpfc_use_adisc scsi: qla2xxx: Initialized mailbox to prevent driver load failure ipvs: don't ignore errors in case refcounting ip_vs module fails ipvs: move old_secure_tcp into struct netns_ipvs bonding: fix unexpected IFF_BONDING bit unset macsec: fix refcnt leak in module exit routine usb: fsl: Check memory resource before releasing it usb: gadget: udc: atmel: Fix interrupt storm in FIFO mode. usb: gadget: composite: Fix possible double free memory bug usb: gadget: configfs: fix concurrent issue between composite APIs usb: dwc3: remove the call trace of USBx_GFLADJ perf/x86/amd/ibs: Fix reading of the IBS OpData register and thus precise RIP validity perf/x86/amd/ibs: Handle erratum #420 only on the affected CPU family (10h) USB: Skip endpoints with 0 maxpacket length USB: ldusb: use unsigned size format specifiers RDMA/iw_cxgb4: Avoid freeing skb twice in arp failure case scsi: qla2xxx: stop timer in shutdown path fjes: Handle workqueue allocation failure net: hisilicon: Fix "Trying to free already-free IRQ" hv_netvsc: Fix error handling in netvsc_attach() NFSv4: Don't allow a cached open with a revoked delegation net: ethernet: arc: add the missed clk_disable_unprepare igb: Fix constant media auto sense switching when no cable is connected e1000: fix memory leaks x86/apic: Move pending interrupt check code into it's own function x86/apic: Drop logical_smp_processor_id() inline x86/apic/32: Avoid bogus LDR warnings can: flexcan: disable completely the ECC mechanism mm/filemap.c: don't initiate writeback if mapping has no dirty pages cgroup,writeback: don't switch wbs immediately on dead wbs if the memcg is dead usbip: Fix free of unallocated memory in vhci tx net: prevent load/store tearing on sk->sk_stamp drm/i915/gtt: Add read only pages to gen8_pte_encode drm/i915/gtt: Read-only pages for insert_entries on bdw+ drm/i915/gtt: Disable read-only support under GVT drm/i915: Prevent writing into a read-only object via a GGTT mmap drm/i915/cmdparser: Check reg_table_count before derefencing. drm/i915/cmdparser: Do not check past the cmd length. drm/i915: Silence smatch for cmdparser drm/i915: Don't use GPU relocations prior to cmdparser stalls drm/i915: Move engine->needs_cmd_parser to engine->flags drm/i915: Rename gen7 cmdparser tables drm/i915: Disable Secure Batches for gen6+ drm/i915: Remove Master tables from cmdparser drm/i915: Add support for mandatory cmdparsing drm/i915: Support ro ppgtt mapped cmdparser shadow buffers drm/i915: Allow parsing of unsized batches drm/i915: Add gen9 BCS cmdparsing drm/i915/cmdparser: Use explicit goto for error paths drm/i915/cmdparser: Add support for backward jumps drm/i915/cmdparser: Ignore Length operands during command matching drm/i915: Lower RM timeout to avoid DSI hard hangs drm/i915/gen8+: Add RC6 CTX corruption WA drm/i915/cmdparser: Fix jump whitelist clearing KVM: x86: use Intel speculation bugs and features as derived in generic x86 code x86/msr: Add the IA32_TSX_CTRL MSR x86/cpu: Add a helper function x86_read_arch_cap_msr() x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default x86/speculation/taa: Add mitigation for TSX Async Abort x86/speculation/taa: Add sysfs reporting for TSX Async Abort kvm/x86: Export MDS_NO=0 to guests when TSX is enabled x86/tsx: Add "auto" option to the tsx= cmdline parameter x86/speculation/taa: Add documentation for TSX Async Abort x86/tsx: Add config options to set tsx=on|off|auto x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs x86/bugs: Add ITLB_MULTIHIT bug infrastructure x86/cpu: Add Tremont to the cpu vulnerability whitelist cpu/speculation: Uninline and export CPU mitigations helpers Documentation: Add ITLB_MULTIHIT documentation kvm: x86, powerpc: do not allow clearing largepages debugfs entry kvm: Convert kvm_lock to a mutex kvm: mmu: Do not release the page inside mmu_set_spte() KVM: x86: make FNAME(fetch) and __direct_map more similar KVM: x86: remove now unneeded hugepage gfn adjustment KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON KVM: x86: add tracepoints around __direct_map and FNAME(fetch) KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active kvm: mmu: ITLB_MULTIHIT mitigation kvm: Add helper function for creating VM worker threads kvm: x86: mmu: Recovery of shattered NX large pages Linux 4.14.154 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
David Ahern
|
b0b4aca6d6 |
ipv4: Fix table id reference in fib_sync_down_addr
[ Upstream commit e0a312629fefa943534fc46f7bfbe6de3fdaf463 ]
Hendrik reported routes in the main table using source address are not
removed when the address is removed. The problem is that fib_sync_down_addr
does not account for devices in the default VRF which are associated
with the main table. Fix by updating the table id reference.
Fixes: 5a56a0b3a45d ("net: Don't delete routes in different VRFs")
Reported-by: Hendrik Donner <hd@os-cillation.de>
Signed-off-by: David Ahern <dsahern@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
56ab794ee0 |
This is the 4.14.153 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3H5acACgkQONu9yGCS aT6eABAAhvIpqLKvtgnoKnCRiF9oHVyAMHLO/cq4uNfySsotDQ7ikw3tpdkH25MQ bzj4iDHWILFaGulb5TwgvK8gsY3/IFyKbWmMAGKii40YnbZsqV/cZE1bvwZ0uQ7d +UeY6cdLu+jBWki54LtlXlOkCP/8hd2A0JxfiyxLT/qSHZIlFUUa7pRY8Hc6v5iU wHWL2bjkAbYtbjuZUYELDs7Hqtuz7Xqmt9NAZf0UPoA/v+9FU+d9iOlwYuEWh+dC TRLotCpJpbWb1Wn1k9epOJuEFSkU4MmFWTdc+oXsXPd9D3E2Bo7uqMPfgNUb4tJd PJkQP5wH6a3FZU9eQ0woKETAKuKttTJ+C4fI/xRpVuqze40HagntarKhJjraJd96 3/75m9djpEB2IJe+aA5Q2lq33F21RX3vBVD0i4qD2BEbiY2RLO0HL7jzlzAmmqID mR6agxkIXE7pwo/MyTOvKJ1BfDGExrxgbZnWM3AymmpOrVI2xZWEMWHDic4CjvFD /5J/YthDPdyy1TGIbvn0Id06W/ZUbN1jdBGG7CYaKegD8/Tv91+hm1F5sOFSy+0p v0TQhow16bQIVALmo9fH+mJ0TxKYHsHuP+TTSARyLonNNvUeYNofaJkrLfl5CIKg U1HKq4rmvGYt2eJQVZDN1Qzu/kuJmNXl29ZKMMlIAjdk6spWW7E= =gtvY -----END PGP SIGNATURE----- Merge 4.14.153 into android-4.14-q Changes in 4.14.153 arm64: dts: Fix gpio to pinmux mapping regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized ASoC: wm_adsp: Don't generate kcontrols without READ flags ASoc: rockchip: i2s: Fix RPM imbalance ARM: dts: logicpd-torpedo-som: Remove twl_keypad pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable() ARM: mm: fix alignment handler faults under memory pressure scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions scsi: sni_53c710: fix compilation error scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE ARM: dts: imx7s: Correct GPT's ipg clock source perf c2c: Fix memory leak in build_cl_output() perf kmem: Fix memory leak in compact_gfp_flags() ARM: davinci: dm365: Fix McBSP dma_slave_map entry scsi: target: core: Do not overwrite CDB byte 1 ARM: 8926/1: v7m: remove register save to stack before svc of: unittest: fix memory leak in unittest_data_add MIPS: bmips: mark exception vectors as char arrays i2c: stm32f7: remove warning when compiling with W=1 cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs nbd: handle racing with error'ed out commands cxgb4: fix panic when attaching to ULD fail dccp: do not leak jiffies on the wire net: annotate accesses to sk->sk_incoming_cpu net: annotate lockless accesses to sk->sk_napi_id net: dsa: bcm_sf2: Fix IMP setup for port different than 8 net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum net: fix sk_page_frag() recursion from memory reclaim net: hisilicon: Fix ping latency when deal with high throughput net/mlx4_core: Dynamically set guaranteed amount of counters per VF net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() selftests: net: reuseport_dualstack: fix uninitalized parameter udp: fix data-race in udp_set_dev_scratch() net: add READ_ONCE() annotation in __skb_wait_for_more_packets() net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget net: dsa: b53: Do not clear existing mirrored port mask net: usb: lan78xx: Connect PHY before registering MAC r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 net: dsa: fix switch tree list net: bcmgenet: reset 40nm EPHY on energy detect net: add skb_queue_empty_lockless() udp: use skb_queue_empty_lockless() net: use skb_queue_empty_lockless() in poll() handlers net: use skb_queue_empty_lockless() in busy poll contexts vxlan: check tun_info options_len properly erspan: fix the tun_info options_len check for erspan inet: stop leaking jiffies on the wire net/flow_dissector: switch to siphash dmaengine: qcom: bam_dma: Fix resource leak sched/wake_q: Fix wakeup ordering for wake_q kbuild: use -fmacro-prefix-map to make __FILE__ a relative path kbuild: add -fcf-protection=none when using retpoline flags platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table iio: adc: stm32-adc: move registers definitions iio: adc: stm32-adc: fix a race when using several adcs with dma and irq powerpc/mm: Fixup tlbie vs store ordering issue on POWER9 powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue selftests/powerpc: Fix compile error on tlbie_test due to newer gcc Linux 4.14.153 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
10e570bfc1 |
This is the 4.14.153 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3H5acACgkQONu9yGCS aT6eABAAhvIpqLKvtgnoKnCRiF9oHVyAMHLO/cq4uNfySsotDQ7ikw3tpdkH25MQ bzj4iDHWILFaGulb5TwgvK8gsY3/IFyKbWmMAGKii40YnbZsqV/cZE1bvwZ0uQ7d +UeY6cdLu+jBWki54LtlXlOkCP/8hd2A0JxfiyxLT/qSHZIlFUUa7pRY8Hc6v5iU wHWL2bjkAbYtbjuZUYELDs7Hqtuz7Xqmt9NAZf0UPoA/v+9FU+d9iOlwYuEWh+dC TRLotCpJpbWb1Wn1k9epOJuEFSkU4MmFWTdc+oXsXPd9D3E2Bo7uqMPfgNUb4tJd PJkQP5wH6a3FZU9eQ0woKETAKuKttTJ+C4fI/xRpVuqze40HagntarKhJjraJd96 3/75m9djpEB2IJe+aA5Q2lq33F21RX3vBVD0i4qD2BEbiY2RLO0HL7jzlzAmmqID mR6agxkIXE7pwo/MyTOvKJ1BfDGExrxgbZnWM3AymmpOrVI2xZWEMWHDic4CjvFD /5J/YthDPdyy1TGIbvn0Id06W/ZUbN1jdBGG7CYaKegD8/Tv91+hm1F5sOFSy+0p v0TQhow16bQIVALmo9fH+mJ0TxKYHsHuP+TTSARyLonNNvUeYNofaJkrLfl5CIKg U1HKq4rmvGYt2eJQVZDN1Qzu/kuJmNXl29ZKMMlIAjdk6spWW7E= =gtvY -----END PGP SIGNATURE----- Merge 4.14.153 into android-4.14 Changes in 4.14.153 arm64: dts: Fix gpio to pinmux mapping regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized ASoC: wm_adsp: Don't generate kcontrols without READ flags ASoc: rockchip: i2s: Fix RPM imbalance ARM: dts: logicpd-torpedo-som: Remove twl_keypad pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable() ARM: mm: fix alignment handler faults under memory pressure scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions scsi: sni_53c710: fix compilation error scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE ARM: dts: imx7s: Correct GPT's ipg clock source perf c2c: Fix memory leak in build_cl_output() perf kmem: Fix memory leak in compact_gfp_flags() ARM: davinci: dm365: Fix McBSP dma_slave_map entry scsi: target: core: Do not overwrite CDB byte 1 ARM: 8926/1: v7m: remove register save to stack before svc of: unittest: fix memory leak in unittest_data_add MIPS: bmips: mark exception vectors as char arrays i2c: stm32f7: remove warning when compiling with W=1 cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs nbd: handle racing with error'ed out commands cxgb4: fix panic when attaching to ULD fail dccp: do not leak jiffies on the wire net: annotate accesses to sk->sk_incoming_cpu net: annotate lockless accesses to sk->sk_napi_id net: dsa: bcm_sf2: Fix IMP setup for port different than 8 net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum net: fix sk_page_frag() recursion from memory reclaim net: hisilicon: Fix ping latency when deal with high throughput net/mlx4_core: Dynamically set guaranteed amount of counters per VF net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() selftests: net: reuseport_dualstack: fix uninitalized parameter udp: fix data-race in udp_set_dev_scratch() net: add READ_ONCE() annotation in __skb_wait_for_more_packets() net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget net: dsa: b53: Do not clear existing mirrored port mask net: usb: lan78xx: Connect PHY before registering MAC r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 net: dsa: fix switch tree list net: bcmgenet: reset 40nm EPHY on energy detect net: add skb_queue_empty_lockless() udp: use skb_queue_empty_lockless() net: use skb_queue_empty_lockless() in poll() handlers net: use skb_queue_empty_lockless() in busy poll contexts vxlan: check tun_info options_len properly erspan: fix the tun_info options_len check for erspan inet: stop leaking jiffies on the wire net/flow_dissector: switch to siphash dmaengine: qcom: bam_dma: Fix resource leak sched/wake_q: Fix wakeup ordering for wake_q kbuild: use -fmacro-prefix-map to make __FILE__ a relative path kbuild: add -fcf-protection=none when using retpoline flags platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table iio: adc: stm32-adc: move registers definitions iio: adc: stm32-adc: fix a race when using several adcs with dma and irq powerpc/mm: Fixup tlbie vs store ordering issue on POWER9 powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue selftests/powerpc: Fix compile error on tlbie_test due to newer gcc Linux 4.14.153 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Dumazet
|
4fa6002a34 |
inet: stop leaking jiffies on the wire
[ Upstream commit a904a0693c189691eeee64f6c6b188bd7dc244e9 ]
Historically linux tried to stick to RFC 791, 1122, 2003
for IPv4 ID field generation.
RFC 6864 made clear that no matter how hard we try,
we can not ensure unicity of IP ID within maximum
lifetime for all datagrams with a given source
address/destination address/protocol tuple.
Linux uses a per socket inet generator (inet_id), initialized
at connection startup with a XOR of 'jiffies' and other
fields that appear clear on the wire.
Thiemo Nagel pointed that this strategy is a privacy
concern as this provides 16 bits of entropy to fingerprint
devices.
Let's switch to a random starting point, this is just as
good as far as RFC 6864 is concerned and does not leak
anything critical.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Thiemo Nagel <tnagel@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Xin Long
|
b0c64eda99 |
erspan: fix the tun_info options_len check for erspan
[ Upstream commit 2eb8d6d2910cfe3dc67dc056f26f3dd9c63d47cd ]
The check for !md doens't really work for ip_tunnel_info_opts(info) which
only does info + 1. Also to avoid out-of-bounds access on info, it should
ensure options_len is not less than erspan_metadata in both erspan_xmit()
and ip6erspan_tunnel_xmit().
Fixes: 1a66a836da ("gre: add collect_md mode to ERSPAN tunnel")
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
0d50fc2bb4 |
net: use skb_queue_empty_lockless() in busy poll contexts
[ Upstream commit 3f926af3f4d688e2e11e7f8ed04e277a14d4d4a4 ] Busy polling usually runs without locks. Let's use skb_queue_empty_lockless() instead of skb_queue_empty() Also uses READ_ONCE() in __skb_try_recv_datagram() to address a similar potential problem. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
8e7bea4359 |
net: use skb_queue_empty_lockless() in poll() handlers
[ Upstream commit 3ef7cf57c72f32f61e97f8fa401bc39ea1f1a5d4 ] Many poll() handlers are lockless. Using skb_queue_empty_lockless() instead of skb_queue_empty() is more appropriate. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
399c602993 |
udp: use skb_queue_empty_lockless()
[ Upstream commit 137a0dbe3426fd7bcfe3f8117b36a87b3590e4eb ] syzbot reported a data-race [1]. We should use skb_queue_empty_lockless() to document that we are not ensuring a mutual exclusion and silence KCSAN. [1] BUG: KCSAN: data-race in __skb_recv_udp / __udp_enqueue_schedule_skb write to 0xffff888122474b50 of 8 bytes by interrupt on cpu 0: __skb_insert include/linux/skbuff.h:1852 [inline] __skb_queue_before include/linux/skbuff.h:1958 [inline] __skb_queue_tail include/linux/skbuff.h:1991 [inline] __udp_enqueue_schedule_skb+0x2c1/0x410 net/ipv4/udp.c:1470 __udp_queue_rcv_skb net/ipv4/udp.c:1940 [inline] udp_queue_rcv_one_skb+0x7bd/0xc70 net/ipv4/udp.c:2057 udp_queue_rcv_skb+0xb5/0x400 net/ipv4/udp.c:2074 udp_unicast_rcv_skb.isra.0+0x7e/0x1c0 net/ipv4/udp.c:2233 __udp4_lib_rcv+0xa44/0x17c0 net/ipv4/udp.c:2300 udp_rcv+0x2b/0x40 net/ipv4/udp.c:2470 ip_protocol_deliver_rcu+0x4d/0x420 net/ipv4/ip_input.c:204 ip_local_deliver_finish+0x110/0x140 net/ipv4/ip_input.c:231 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ip_local_deliver+0x133/0x210 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:442 [inline] ip_rcv_finish+0x121/0x160 net/ipv4/ip_input.c:413 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ip_rcv+0x18f/0x1a0 net/ipv4/ip_input.c:523 __netif_receive_skb_one_core+0xa7/0xe0 net/core/dev.c:5010 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5124 process_backlog+0x1d3/0x420 net/core/dev.c:5955 read to 0xffff888122474b50 of 8 bytes by task 8921 on cpu 1: skb_queue_empty include/linux/skbuff.h:1494 [inline] __skb_recv_udp+0x18d/0x500 net/ipv4/udp.c:1653 udp_recvmsg+0xe1/0xb10 net/ipv4/udp.c:1712 inet_recvmsg+0xbb/0x250 net/ipv4/af_inet.c:838 sock_recvmsg_nosec+0x5c/0x70 net/socket.c:871 ___sys_recvmsg+0x1a0/0x3e0 net/socket.c:2480 do_recvmmsg+0x19a/0x5c0 net/socket.c:2601 __sys_recvmmsg+0x1ef/0x200 net/socket.c:2680 __do_sys_recvmmsg net/socket.c:2703 [inline] __se_sys_recvmmsg net/socket.c:2696 [inline] __x64_sys_recvmmsg+0x89/0xb0 net/socket.c:2696 do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x44/0xa9 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 8921 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
3a04f47897 |
udp: fix data-race in udp_set_dev_scratch()
[ Upstream commit a793183caa9afae907a0d7ddd2ffd57329369bf5 ]
KCSAN reported a data-race in udp_set_dev_scratch() [1]
The issue here is that we must not write over skb fields
if skb is shared. A similar issue has been fixed in commit
89c22d8c3b27 ("net: Fix skb csum races when peeking")
While we are at it, use a helper only dealing with
udp_skb_scratch(skb)->csum_unnecessary, as this allows
udp_set_dev_scratch() to be called once and thus inlined.
[1]
BUG: KCSAN: data-race in udp_set_dev_scratch / udpv6_recvmsg
write to 0xffff888120278317 of 1 bytes by task 10411 on cpu 1:
udp_set_dev_scratch+0xea/0x200 net/ipv4/udp.c:1308
__first_packet_length+0x147/0x420 net/ipv4/udp.c:1556
first_packet_length+0x68/0x2a0 net/ipv4/udp.c:1579
udp_poll+0xea/0x110 net/ipv4/udp.c:2720
sock_poll+0xed/0x250 net/socket.c:1256
vfs_poll include/linux/poll.h:90 [inline]
do_select+0x7d0/0x1020 fs/select.c:534
core_sys_select+0x381/0x550 fs/select.c:677
do_pselect.constprop.0+0x11d/0x160 fs/select.c:759
__do_sys_pselect6 fs/select.c:784 [inline]
__se_sys_pselect6 fs/select.c:769 [inline]
__x64_sys_pselect6+0x12e/0x170 fs/select.c:769
do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
read to 0xffff888120278317 of 1 bytes by task 10413 on cpu 0:
udp_skb_csum_unnecessary include/net/udp.h:358 [inline]
udpv6_recvmsg+0x43e/0xe90 net/ipv6/udp.c:310
inet6_recvmsg+0xbb/0x240 net/ipv6/af_inet6.c:592
sock_recvmsg_nosec+0x5c/0x70 net/socket.c:871
___sys_recvmsg+0x1a0/0x3e0 net/socket.c:2480
do_recvmmsg+0x19a/0x5c0 net/socket.c:2601
__sys_recvmmsg+0x1ef/0x200 net/socket.c:2680
__do_sys_recvmmsg net/socket.c:2703 [inline]
__se_sys_recvmmsg net/socket.c:2696 [inline]
__x64_sys_recvmmsg+0x89/0xb0 net/socket.c:2696
do_syscall_64+0xcc/0x370 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x44/0xa9
Reported by Kernel Concurrency Sanitizer on:
CPU: 0 PID: 10413 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Fixes: 2276f58ac589 ("udp: use a separate rx queue for packet reception")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
2261df133d |
net: annotate accesses to sk->sk_incoming_cpu
[ Upstream commit 7170a977743b72cf3eb46ef6ef89885dc7ad3621 ] This socket field can be read and written by concurrent cpus. Use READ_ONCE() and WRITE_ONCE() annotations to document this, and avoid some compiler 'optimizations'. KCSAN reported : BUG: KCSAN: data-race in tcp_v4_rcv / tcp_v4_rcv write to 0xffff88812220763c of 4 bytes by interrupt on cpu 0: sk_incoming_cpu_update include/net/sock.h:953 [inline] tcp_v4_rcv+0x1b3c/0x1bb0 net/ipv4/tcp_ipv4.c:1934 ip_protocol_deliver_rcu+0x4d/0x420 net/ipv4/ip_input.c:204 ip_local_deliver_finish+0x110/0x140 net/ipv4/ip_input.c:231 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ip_local_deliver+0x133/0x210 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:442 [inline] ip_rcv_finish+0x121/0x160 net/ipv4/ip_input.c:413 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ip_rcv+0x18f/0x1a0 net/ipv4/ip_input.c:523 __netif_receive_skb_one_core+0xa7/0xe0 net/core/dev.c:5010 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5124 process_backlog+0x1d3/0x420 net/core/dev.c:5955 napi_poll net/core/dev.c:6392 [inline] net_rx_action+0x3ae/0xa90 net/core/dev.c:6460 __do_softirq+0x115/0x33f kernel/softirq.c:292 do_softirq_own_stack+0x2a/0x40 arch/x86/entry/entry_64.S:1082 do_softirq.part.0+0x6b/0x80 kernel/softirq.c:337 do_softirq kernel/softirq.c:329 [inline] __local_bh_enable_ip+0x76/0x80 kernel/softirq.c:189 read to 0xffff88812220763c of 4 bytes by interrupt on cpu 1: sk_incoming_cpu_update include/net/sock.h:952 [inline] tcp_v4_rcv+0x181a/0x1bb0 net/ipv4/tcp_ipv4.c:1934 ip_protocol_deliver_rcu+0x4d/0x420 net/ipv4/ip_input.c:204 ip_local_deliver_finish+0x110/0x140 net/ipv4/ip_input.c:231 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ip_local_deliver+0x133/0x210 net/ipv4/ip_input.c:252 dst_input include/net/dst.h:442 [inline] ip_rcv_finish+0x121/0x160 net/ipv4/ip_input.c:413 NF_HOOK include/linux/netfilter.h:305 [inline] NF_HOOK include/linux/netfilter.h:299 [inline] ip_rcv+0x18f/0x1a0 net/ipv4/ip_input.c:523 __netif_receive_skb_one_core+0xa7/0xe0 net/core/dev.c:5010 __netif_receive_skb+0x37/0xf0 net/core/dev.c:5124 process_backlog+0x1d3/0x420 net/core/dev.c:5955 napi_poll net/core/dev.c:6392 [inline] net_rx_action+0x3ae/0xa90 net/core/dev.c:6460 __do_softirq+0x115/0x33f kernel/softirq.c:292 run_ksoftirqd+0x46/0x60 kernel/softirq.c:603 smpboot_thread_fn+0x37d/0x4a0 kernel/smpboot.c:165 Reported by Kernel Concurrency Sanitizer on: CPU: 1 PID: 16 Comm: ksoftirqd/1 Not tainted 5.4.0-rc3+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
2bb70f40b0 |
This is the 4.14.151 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl239a0ACgkQONu9yGCS
aT6hEw//Rlg3vjxO79bglvQA+2BUCXk8EDadSzV26UlQ/7qrB3K00yj0iyCmhNOP
ef6HIFvT8XfH2O/K5s155bhnboTv1S6ElXDBTM1gN6OAZq9++/cNprdlHZXZaWh/
yM8eZ+/tThnjHXfJ36LrK3Zam1k54otiX8BFxKrLZ8o67/Pk86SgXAHTJiGVS/Bm
WtBIjTdkVOf1OEq8Pg8lV6+iP6d9AYakrRshFOCxMh6tEPDqHBc3GIkVxa9D6+u2
GBoKiVfky83xeCh73mkehYFs+Tt2Zz1rVthLrgLmPo0Y6Ia9PpZE4CcKQZMbs/tO
vmMyoQQ4rw9cRtZKrQMmVekwTdC/w1loG/VaFA6F/1h4qBmnJKSr56Xi37JtJkcy
kfnnNw7jlbGBgWnbFlZAp8MDdxXf6bDpKWRusVgB/qr36uQ8RL1cWyCFPOTsodXQ
FlyU8mmMDfDogI32n6jYB1vTZlxpwc0drT6PxvCyt2pT+T05lz6EUTSyxQ/cUZtt
1YWNTEU5QwWcqGNOPxSGmS5Qu7vPO4wAe8OvgDAAE15ticQxxpp5p7IuuOlT/YkI
BNranSqyjiAOYGjSImcDqvaeYVcRh5fxIPibYEMkl4lB6w3kObtwUWAp1HZ+ZKOW
qcs8tjvzIiWknI7DPcJn+VcpdutKFa7BEWD0LAc88NU5EXPiDP0=
=4WBX
-----END PGP SIGNATURE-----
Merge 4.14.151 into android-4.14
Changes in 4.14.151
scsi: ufs: skip shutdown if hba is not powered
scsi: megaraid: disable device when probe failed after enabled device
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
ieee802154: ca8210: prevent memory leak
ARM: dts: am4372: Set memory bandwidth limit for DISPC
net: dsa: qca8k: Use up to 7 ports for all operations
MIPS: dts: ar9331: fix interrupt-controller size
xen/efi: Set nonblocking callbacks
nl80211: fix null pointer dereference
mac80211: fix txq null pointer dereference
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
r8152: Set macpassthru in reset_resume callback
namespace: fix namespace.pl script to support relative paths
md/raid0: fix warning message for parameter default_layout
Revert "drm/radeon: Fix EEH during kexec"
ocfs2: fix panic due to ocfs2_wq is null
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: i82596: fix dma_alloc_attr for sni_82596
net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
sctp: change sctp_prot .no_autobind with true
net: avoid potential infinite loop in tc_ctl_action()
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
memfd: Fix locking when tagging pins
USB: legousbtower: fix memleak on disconnect
ALSA: hda/realtek - Add support for ALC711
usb: udc: lpc32xx: fix bad bit shift operation
USB: serial: ti_usb_3410_5052: fix port-close races
USB: ldusb: fix memleak on disconnect
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix read info leaks
arm64: sysreg: Move to use definitions for all the SCTLR bits
arm64: Expose support for optional ARMv8-A features
arm64: Fix the feature type for ID register fields
arm64: v8.4: Support for new floating point multiplication instructions
arm64: Documentation: cpu-feature-registers: Remove RES0 fields
arm64: Expose Arm v8.4 features
arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h>
arm64: add PSR_AA32_* definitions
arm64: Introduce sysreg_clear_set()
arm64: capabilities: Update prototype for enable call back
arm64: capabilities: Move errata work around check on boot CPU
arm64: capabilities: Move errata processing code
arm64: capabilities: Prepare for fine grained capabilities
arm64: capabilities: Add flags to handle the conflicts on late CPU
arm64: capabilities: Unify the verification
arm64: capabilities: Filter the entries based on a given mask
arm64: capabilities: Prepare for grouping features and errata work arounds
arm64: capabilities: Split the processing of errata work arounds
arm64: capabilities: Allow features based on local CPU scope
arm64: capabilities: Group handling of features and errata workarounds
arm64: capabilities: Introduce weak features based on local CPU
arm64: capabilities: Restrict KPTI detection to boot-time CPUs
arm64: capabilities: Add support for features enabled early
arm64: capabilities: Change scope of VHE to Boot CPU feature
arm64: capabilities: Clean up midr range helpers
arm64: Add helpers for checking CPU MIDR against a range
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
arm64: capabilities: Add support for checks based on a list of MIDRs
arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening
arm64: don't zero DIT on signal return
arm64: Get rid of __smccc_workaround_1_hvc_*
arm64: cpufeature: Detect SSBS and advertise to userspace
arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3
KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe
arm64: fix SSBS sanitization
arm64: Add sysfs vulnerability show for spectre-v1
arm64: add sysfs vulnerability show for meltdown
arm64: enable generic CPU vulnerabilites support
arm64: Always enable ssb vulnerability detection
arm64: Provide a command line to disable spectre_v2 mitigation
arm64: Advertise mitigation of Spectre-v2, or lack thereof
arm64: Always enable spectre-v2 vulnerability detection
arm64: add sysfs vulnerability show for spectre-v2
arm64: add sysfs vulnerability show for speculative store bypass
arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB
arm64: Force SSBS on context switch
arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
arm64/speculation: Support 'mitigations=' cmdline option
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
scsi: sd: Ignore a failure to sync cache due to lack of authorization
scsi: core: save/restore command resid for error handling
scsi: core: try to get module before removing device
scsi: ch: Make it possible to open a ch device multiple times again
Input: da9063 - fix capability and drop KEY_SLEEP
Input: synaptics-rmi4 - avoid processing unknown IRQs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
cfg80211: wext: avoid copying malformed SSIDs
mac80211: Reject malformed SSID elements
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store()
fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
scsi: zfcp: fix reaction on bit error threshold notification
mm/slub: fix a deadlock in show_slab_objects()
mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
parisc: Fix vmap memory leak in ioremap()/iounmap()
CIFS: avoid using MID 0xFFFF
x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
pinctrl: armada-37xx: fix control of pins 32 and up
pinctrl: armada-37xx: swap polarity on LED group
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
xen/netback: fix error path of xenvif_connect_data()
PCI: PM: Fix pci_power_up()
KVM: X86: introduce invalidate_gpa argument to tlb flush
kvm: vmx: Introduce lapic_mode enumeration
kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
kvm: vmx: Basic APIC virtualization controls have three settings
RDMA/cxgb4: Do not dma memory off of the stack
Linux 4.14.151
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
93b2755998 |
This is the 4.14.151 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl239a0ACgkQONu9yGCS
aT6hEw//Rlg3vjxO79bglvQA+2BUCXk8EDadSzV26UlQ/7qrB3K00yj0iyCmhNOP
ef6HIFvT8XfH2O/K5s155bhnboTv1S6ElXDBTM1gN6OAZq9++/cNprdlHZXZaWh/
yM8eZ+/tThnjHXfJ36LrK3Zam1k54otiX8BFxKrLZ8o67/Pk86SgXAHTJiGVS/Bm
WtBIjTdkVOf1OEq8Pg8lV6+iP6d9AYakrRshFOCxMh6tEPDqHBc3GIkVxa9D6+u2
GBoKiVfky83xeCh73mkehYFs+Tt2Zz1rVthLrgLmPo0Y6Ia9PpZE4CcKQZMbs/tO
vmMyoQQ4rw9cRtZKrQMmVekwTdC/w1loG/VaFA6F/1h4qBmnJKSr56Xi37JtJkcy
kfnnNw7jlbGBgWnbFlZAp8MDdxXf6bDpKWRusVgB/qr36uQ8RL1cWyCFPOTsodXQ
FlyU8mmMDfDogI32n6jYB1vTZlxpwc0drT6PxvCyt2pT+T05lz6EUTSyxQ/cUZtt
1YWNTEU5QwWcqGNOPxSGmS5Qu7vPO4wAe8OvgDAAE15ticQxxpp5p7IuuOlT/YkI
BNranSqyjiAOYGjSImcDqvaeYVcRh5fxIPibYEMkl4lB6w3kObtwUWAp1HZ+ZKOW
qcs8tjvzIiWknI7DPcJn+VcpdutKFa7BEWD0LAc88NU5EXPiDP0=
=4WBX
-----END PGP SIGNATURE-----
Merge 4.14.151 into android-4.14-q
Changes in 4.14.151
scsi: ufs: skip shutdown if hba is not powered
scsi: megaraid: disable device when probe failed after enabled device
scsi: qla2xxx: Fix unbound sleep in fcport delete path.
ARM: OMAP2+: Fix missing reset done flag for am3 and am43
ieee802154: ca8210: prevent memory leak
ARM: dts: am4372: Set memory bandwidth limit for DISPC
net: dsa: qca8k: Use up to 7 ports for all operations
MIPS: dts: ar9331: fix interrupt-controller size
xen/efi: Set nonblocking callbacks
nl80211: fix null pointer dereference
mac80211: fix txq null pointer dereference
mips: Loongson: Fix the link time qualifier of 'serial_exit()'
net: hisilicon: Fix usage of uninitialized variable in function mdio_sc_cfg_reg_write()
r8152: Set macpassthru in reset_resume callback
namespace: fix namespace.pl script to support relative paths
md/raid0: fix warning message for parameter default_layout
Revert "drm/radeon: Fix EEH during kexec"
ocfs2: fix panic due to ocfs2_wq is null
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
net: bcmgenet: Fix RGMII_MODE_EN value for GENET v1/2/3
net: bcmgenet: Set phydev->dev_flags only for internal PHYs
net: i82596: fix dma_alloc_attr for sni_82596
net: stmmac: disable/enable ptp_ref_clk in suspend/resume flow
sctp: change sctp_prot .no_autobind with true
net: avoid potential infinite loop in tc_ctl_action()
loop: Add LOOP_SET_DIRECT_IO to compat ioctl
memfd: Fix locking when tagging pins
USB: legousbtower: fix memleak on disconnect
ALSA: hda/realtek - Add support for ALC711
usb: udc: lpc32xx: fix bad bit shift operation
USB: serial: ti_usb_3410_5052: fix port-close races
USB: ldusb: fix memleak on disconnect
USB: usblp: fix use-after-free on disconnect
USB: ldusb: fix read info leaks
arm64: sysreg: Move to use definitions for all the SCTLR bits
arm64: Expose support for optional ARMv8-A features
arm64: Fix the feature type for ID register fields
arm64: v8.4: Support for new floating point multiplication instructions
arm64: Documentation: cpu-feature-registers: Remove RES0 fields
arm64: Expose Arm v8.4 features
arm64: move SCTLR_EL{1,2} assertions to <asm/sysreg.h>
arm64: add PSR_AA32_* definitions
arm64: Introduce sysreg_clear_set()
arm64: capabilities: Update prototype for enable call back
arm64: capabilities: Move errata work around check on boot CPU
arm64: capabilities: Move errata processing code
arm64: capabilities: Prepare for fine grained capabilities
arm64: capabilities: Add flags to handle the conflicts on late CPU
arm64: capabilities: Unify the verification
arm64: capabilities: Filter the entries based on a given mask
arm64: capabilities: Prepare for grouping features and errata work arounds
arm64: capabilities: Split the processing of errata work arounds
arm64: capabilities: Allow features based on local CPU scope
arm64: capabilities: Group handling of features and errata workarounds
arm64: capabilities: Introduce weak features based on local CPU
arm64: capabilities: Restrict KPTI detection to boot-time CPUs
arm64: capabilities: Add support for features enabled early
arm64: capabilities: Change scope of VHE to Boot CPU feature
arm64: capabilities: Clean up midr range helpers
arm64: Add helpers for checking CPU MIDR against a range
arm64: Add MIDR encoding for Arm Cortex-A55 and Cortex-A35
arm64: capabilities: Add support for checks based on a list of MIDRs
arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening
arm64: don't zero DIT on signal return
arm64: Get rid of __smccc_workaround_1_hvc_*
arm64: cpufeature: Detect SSBS and advertise to userspace
arm64: ssbd: Add support for PSTATE.SSBS rather than trapping to EL3
KVM: arm64: Set SCTLR_EL2.DSSBS if SSBD is forcefully disabled and !vhe
arm64: fix SSBS sanitization
arm64: Add sysfs vulnerability show for spectre-v1
arm64: add sysfs vulnerability show for meltdown
arm64: enable generic CPU vulnerabilites support
arm64: Always enable ssb vulnerability detection
arm64: Provide a command line to disable spectre_v2 mitigation
arm64: Advertise mitigation of Spectre-v2, or lack thereof
arm64: Always enable spectre-v2 vulnerability detection
arm64: add sysfs vulnerability show for spectre-v2
arm64: add sysfs vulnerability show for speculative store bypass
arm64: ssbs: Don't treat CPUs with SSBS as unaffected by SSB
arm64: Force SSBS on context switch
arm64: Use firmware to detect CPUs that are not affected by Spectre-v2
arm64/speculation: Support 'mitigations=' cmdline option
MIPS: tlbex: Fix build_restore_pagemask KScratch restore
staging: wlan-ng: fix exit return when sme->key_idx >= NUM_WEPKEYS
scsi: sd: Ignore a failure to sync cache due to lack of authorization
scsi: core: save/restore command resid for error handling
scsi: core: try to get module before removing device
scsi: ch: Make it possible to open a ch device multiple times again
Input: da9063 - fix capability and drop KEY_SLEEP
Input: synaptics-rmi4 - avoid processing unknown IRQs
ASoC: rsnd: Reinitialize bit clock inversion flag for every format setting
cfg80211: wext: avoid copying malformed SSIDs
mac80211: Reject malformed SSID elements
drm/edid: Add 6 bpc quirk for SDC panel in Lenovo G50
drm/amdgpu: Bail earlier when amdgpu.cik_/si_support is not set to 1
drivers/base/memory.c: don't access uninitialized memmaps in soft_offline_page_store()
fs/proc/page.c: don't access uninitialized memmaps in fs/proc/page.c
scsi: zfcp: fix reaction on bit error threshold notification
mm/slub: fix a deadlock in show_slab_objects()
mm/page_owner: don't access uninitialized memmaps when reading /proc/pagetypeinfo
hugetlbfs: don't access uninitialized memmaps in pfn_range_valid_gigantic()
xtensa: drop EXPORT_SYMBOL for outs*/ins*
parisc: Fix vmap memory leak in ioremap()/iounmap()
CIFS: avoid using MID 0xFFFF
x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area
pinctrl: armada-37xx: fix control of pins 32 and up
pinctrl: armada-37xx: swap polarity on LED group
btrfs: block-group: Fix a memory leak due to missing btrfs_put_block_group()
memstick: jmb38x_ms: Fix an error handling path in 'jmb38x_ms_probe()'
cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
xen/netback: fix error path of xenvif_connect_data()
PCI: PM: Fix pci_power_up()
KVM: X86: introduce invalidate_gpa argument to tlb flush
kvm: vmx: Introduce lapic_mode enumeration
kvm: apic: Flush TLB after APIC mode/address change if VPIDs are in use
kvm: vmx: Basic APIC virtualization controls have three settings
RDMA/cxgb4: Do not dma memory off of the stack
Linux 4.14.151
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Stefano Brivio
|
41e506d842 |
ipv4: Return -ENETUNREACH if we can't create route but saddr is valid
[ Upstream commit 595e0651d0296bad2491a4a29a7a43eae6328b02 ]
...instead of -EINVAL. An issue was found with older kernel versions
while unplugging a NFS client with pending RPCs, and the wrong error
code here prevented it from recovering once link is back up with a
configured address.
Incidentally, this is not an issue anymore since commit 4f8943f80883
("SUNRPC: Replace direct task wakeups from softirq context"), included
in 5.2-rc7, had the effect of decoupling the forwarding of this error
by using SO_ERROR in xs_wake_error(), as pointed out by Benjamin
Coddington.
To the best of my knowledge, this isn't currently causing any further
issue, but the error code doesn't look appropriate anyway, and we
might hit this in other paths as well.
In detail, as analysed by Gonzalo Siero, once the route is deleted
because the interface is down, and can't be resolved and we return
-EINVAL here, this ends up, courtesy of inet_sk_rebuild_header(),
as the socket error seen by tcp_write_err(), called by
tcp_retransmit_timer().
In turn, tcp_write_err() indirectly calls xs_error_report(), which
wakes up the RPC pending tasks with a status of -EINVAL. This is then
seen by call_status() in the SUN RPC implementation, which aborts the
RPC call calling rpc_exit(), instead of handling this as a
potentially temporary condition, i.e. as a timeout.
Return -EINVAL only if the input parameters passed to
ip_route_output_key_hash_rcu() are actually invalid (this is the case
if the specified source address is multicast, limited broadcast or
all zeroes), but return -ENETUNREACH in all cases where, at the given
moment, the given source address doesn't allow resolving the route.
While at it, drop the initialisation of err to -ENETUNREACH, which
was added to __ip_route_output_key() back then by commit
0315e3827048 ("net: Fix behaviour of unreachable, blackhole and
prohibit routes"), but actually had no effect, as it was, and is,
overwritten by the fib_lookup() return code assignment, and anyway
ignored in all other branches, including the if (fl4->saddr) one:
I find this rather confusing, as it would look like -ENETUNREACH is
the "default" error, while that statement has no effect.
Also note that after commit fc75fc8339e7 ("ipv4: dont create routes
on down devices"), we would get -ENETUNREACH if the device is down,
but -EINVAL if the source address is specified and we can't resolve
the route, and this appears to be rather inconsistent.
Reported-by: Stefan Walter <walteste@inf.ethz.ch>
Analysed-by: Benjamin Coddington <bcodding@redhat.com>
Analysed-by: Gonzalo Siero <gsierohu@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Blagovest Kolenichev
|
d64e0d142b |
Merge android-4.14-q.148 (6d671bf) into msm-4.14
* refs/heads/tmp-6d671bf: Linux 4.14.148 kexec: bail out upon SIGKILL when allocating memory. NFC: fix attrs checks in netlink interface smack: use GFP_NOFS while holding inode_smack::smk_lock Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set ipv6: Handle missing host route in __ipv6_ifa_notify sch_cbq: validate TCA_CBQ_WRROPT to avoid crash tipc: fix unlimited bundling of small messages xen-netfront: do not use ~0U as error return value for xennet_fill_frags() net/rds: Fix error handling in rds_ib_add_one() vsock: Fix a lockdep warning in __vsock_release() sch_dsmark: fix potential NULL deref in dsmark_init() qmi_wwan: add support for Cinterion CLS8 devices nfc: fix memory leak in llcp_sock_bind() net: Unpublish sk from sk_reuseport_cb before call_rcu net: qlogic: Fix memory leak in ql_alloc_large_buffers net: ipv4: avoid mixed n_redirects and rate_tokens usage ipv6: drop incoming packets having a v4mapped source address hso: fix NULL-deref on tty open erspan: remove the incorrect mtu limit for erspan cxgb4:Fix out-of-bounds MSI-X info array access bpf: fix use after free in prog symbol exposure kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K ocfs2: wait for recovering done after direct unlock request kbuild: clean compressed initramfs image hypfs: Fix error number left in struct pointer member pktcdvd: remove warning on attempting to register non-passthrough dev fat: work around race with userspace's read via blockdev while mounting ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() PCI: exynos: Propagate errors for optional PHYs PCI: imx6: Propagate errors for optional regulators PCI: rockchip: Propagate errors for optional regulators HID: apple: Fix stuck function keys when using FN rtc: snvs: fix possible race condition ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes livepatch: Nullify obj->mod in klp_module_coming()'s error path PCI: tegra: Fix OF node reference leak mfd: intel-lpss: Remove D3cold delay i2c-cht-wc: Fix lockdep warning MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean dma-buf/sw_sync: Synchronize signal vs syncpt free scsi: core: Reduce memory required for SCSI logging clk: at91: select parent if main oscillator or bypass is enabled arm64: fix unreachable code issue with cmpxchg powerpc/pseries: correctly track irq state in default idle powerpc/64s/exception: machine check use correct cfar for late handler drm/amdgpu/si: fix ASIC tests drm/nouveau/volt: Fix for some cards having 0 maximum voltage vfio_pci: Restore original state on release pinctrl: tegra: Fix write barrier placement in pmx_writel powerpc/pseries/mobility: use cond_resched when updating device tree powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function powerpc/rtas: use device model APIs and serialization during LPM powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL clk: zx296718: Don't reference clk_init_data after registration clk: sirf: Don't reference clk_init_data after registration clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks clk: qoriq: Fix -Wunused-const-variable ipmi_si: Only schedule continuously in the thread in maintenance mode gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() drm/radeon: Fix EEH during kexec drm/stm: attach gem fence to atomic state video: ssd1307fb: Start page range at page_offset drm/panel: simple: fix AUO g185han01 horizontal blanking drm/bridge: tc358767: Increase AUX transfer length limit tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations tpm: use tpm_try_get_ops() in tpm-sysfs.c. tpm: migrate pubek_show to struct tpm_buf Change-Id: Ibd1faaa8b3535135d8d72fb76a157b459cb9957c Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
fbbfccc5a5 |
Merge android-4.14-q.147 (5c8d069) into msm-4.14
* refs/heads/tmp-5c8d069:
Revert "net: qrtr: Stop rx_worker before freeing node"
Linux 4.14.147
Btrfs: fix race setting up and completing qgroup rescan workers
btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
md/raid0: avoid RAID0 data corruption due to layout confusion.
CIFS: Fix oplock handling for SMB 2.1+ protocols
CIFS: fix max ea value size
i2c: riic: Clear NACK in tend isr
hwrng: core - don't wait on add_early_randomness()
quota: fix wrong condition in is_quota_modification()
ext4: fix punch hole for inline_data file systems
ext4: fix warning inside ext4_convert_unwritten_extents_endio
/dev/mem: Bail out upon SIGKILL.
cfg80211: Purge frame registrations on iftype change
md: only call set_in_sync() when it is expected to succeed.
md: don't report active array_state until after revalidate_disk() completes.
md/raid6: Set R5_ReadError when there is read failure on parity disk
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix use-after-free when using the tree modification log
ovl: filter of trusted xattr results in audit
memcg, kmem: do not fail __GFP_NOFAIL charges
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
regulator: Defer init completion for a while after late_initcall
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
ARM: samsung: Fix system restart on S3C6410
ASoC: Intel: Fix use of potentially uninitialized variable
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: NHLT: Fix debug print format
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
KVM: x86: Manually calculate reserved bits when loading PDPTRS
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: always stop emulation on page fault
x86/retpolines: Fix up backport of a9d57ef15cbe
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
fuse: fix missing unlock_page in fuse_writepage()
ALSA: hda/realtek - Fixup mute led on HP Spectre x360
randstruct: Check member structs in is_pure_ops_struct()
IB/hfi1: Define variables as unsigned long to fix KASAN warning
printk: Do not lose last line in kmsg buffer dump
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
ALSA: firewire-tascam: check intermediate state of clock status and retry
ALSA: firewire-tascam: handle error code when getting current source of clock
PM / devfreq: passive: fix compiler warning
media: omap3isp: Set device on omap3isp subdevs
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
e1000e: add workaround for possible stalled packet
libertas: Add missing sentinel at end of if_usb.c fw_table
raid5: don't increment read_errors on EILSEQ return
mmc: sdhci: Fix incorrect switch to HS mode
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
kprobes: Prohibit probing on BUG() and WARN() address
dmaengine: ti: edma: Do not reset reserved paRAM slots
md/raid1: fail run raid1 array when active disk less than one
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
ACPI: custom_method: fix memory leaks
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
libtraceevent: Change users plugin directory
iommu/iova: Avoid false sharing on fq_timer_on
iommu/amd: Silence warnings under memory pressure
nvmet: fix data units read and written counters in SMART log
arm64: kpti: ensure patched kernel text is fetched from PoU
ACPI / CPPC: do not require the _PSD method
ASoC: es8316: fix headphone mixer volume table
media: ov9650: add a sanity check
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: cpia2_usb: fix memory leaks
media: saa7146: add cleanup in hexium_attach()
media: cec-notifier: clear cec_adap in cec_notifier_unregister
PM / devfreq: exynos-bus: Correct clock enable sequence
PM / devfreq: passive: Use non-devm notifiers
EDAC/amd64: Decode syndrome before translating address
EDAC/amd64: Recognize DRAM device type ECC capability
libperf: Fix alignment trap with xyarray contents in 'perf stat'
media: dvb-core: fix a memory leak bug
nbd: add missing config put
media: hdpvr: add terminating 0 at end of string
media: radio/si470x: kill urb on error
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
net: lpc-enet: fix printk format strings
media: imx: mipi csi-2: Don't fail if initial state times-out
media: omap3isp: Don't set streaming state on random subdevs
media: i2c: ov5645: Fix power sequence
perf record: Support aarch64 random socket_id assignment
dmaengine: iop-adma: use correct printk format strings
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
media: fdp1: Reduce FCP not found message level to debug
media: mtk-mdp: fix reference count on old device tree
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: gspca: zero usb_buf on error
sched/fair: Use rq_lock/unlock in online_fair_sched_group
efi: cper: print AER info of PCIe fatal error
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
ACPI / processor: don't print errors for processorIDs == 0xff
md: don't set In_sync if array is frozen
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md/raid1: end bio when the device faulty
ASoC: rsnd: don't call clk_get_rate() under atomic context
EDAC/altera: Use the proper type for the IRQ status bits
ia64:unwind: fix double free for mod->arch.init_unw_table
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
base: soc: Export soc_device_register/unregister APIs
media: iguanair: add sanity checks
EDAC/mc: Fix grain_bits calculation
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
ALSA: hda - Show the fatal CORB/RIRB error more clearly
x86/apic: Soft disable APIC before initializing it
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
sched/core: Fix CPU controller for !RT_GROUP_SCHED
sched/fair: Fix imbalance due to CPU affinity
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
media: hdpvr: Add device num check and handling
media: exynos4-is: fix leaked of_node references
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: dib0700: fix link error for dibx000_i2c_set_speed
leds: leds-lp5562 allow firmware files up to the maximum length
dmaengine: bcm2835: Print error in case setting DMA mask fails
ASoC: sgtl5000: Fix charge pump source assignment
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ALSA: hda: Flush interrupts on disabling
nfc: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
mISDN: enforce CAP_NET_RAW for raw sockets
net/mlx5: Add device ID of upcoming BlueField-2
usbnet: sanity checking of packet sizes and device mtu
usbnet: ignore endpoints with invalid wMaxPacketSize
skge: fix checksum byte order
sch_netem: fix a divide by zero in tabledist()
ppp: Fix memory leak in ppp_write
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
net_sched: add max len check for TCA_KIND
net/sched: act_sample: don't push mac header on ip6gre ingress
net: qrtr: Stop rx_worker before freeing node
net/phy: fix DP83865 10 Mbps HDX loopback disable function
macsec: drop skb sk before calling gro_cells_receive
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
arcnet: provide a buffer big enough to actually receive packets
f2fs: use generic EFSBADCRC/EFSCORRUPTED
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
xfs: don't crash on null attr fork xfs_bmapi_read
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
net: don't warn in inet diag when IPV6 is disabled
drm: Flush output polling on shutdown
f2fs: fix to do sanity check on segment bitmap of LFS curseg
dm zoned: fix invalid memory access
Revert "f2fs: avoid out-of-range memory access"
blk-mq: move cancel of requeue_work to the front of blk_exit_queue
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
f2fs: check all the data segments against all node ones
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
locking/lockdep: Add debug_locks check in __lock_downgrade()
power: supply: sysfs: ratelimit property read error message
pinctrl: sprd: Use define directive for sprd_pinconf_params values
objtool: Clobber user CFLAGS variable
ALSA: hda - Apply AMD controller workaround for Raven platform
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
media: tvp5150: fix switch exit in set control handler
iwlwifi: mvm: send BCAST management frames to the right station
crypto: talitos - fix missing break in switch statement
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
HID: hidraw: Fix invalid read in hidraw_ioctl
HID: logitech: Fix general protection fault caused by Logitech driver
HID: sony: Fix memory corruption issue on cleanup.
HID: prodikeys: Fix general protection fault during probe
IB/core: Add an unbound WQ type to the new CQ API
objtool: Query pkg-config for libelf location
powerpc/xive: Fix bogus error code returned by OPAL
Revert "Bluetooth: validate BLE connection interval updates"
Conflicts:
drivers/mmc/core/sdio_irq.c
fs/f2fs/data.c
fs/f2fs/f2fs.h
fs/f2fs/inode.c
Change-Id: I757f54737e4d58319f2866f687a39123f0889e1e
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
6d671bffe3 |
This is the 4.14.148 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2bbfsACgkQONu9yGCS aT6Muw//fL0vFOn5znSGAIoABpjUlVgMH/b40KKXCL0UV27j1F1lW7nGs3fgyxow ZB7qfui7urJCoWfWUt+qFFTHD5dZV1bbYwQwDsPl4a9z2djGR/C90G9PYyAMqXhk dHh8pnV3lR5xPm3TXRcT2P8nGLYQ2LkFOQrSV/XcLfPisfebtKbJQSKFrt/qDaN4 C9sA9DlBK+0x+s2nZr66lWNLWZf4tkEflM4UZiRIJQ//nGZquR8OT1C/8ssf/XMF 9ahtEpzydqxsn8kb4kmoSYn+A5lotzabBkQNiQH/cNTm/5kQTfZP9DYx3PFO1GDo wQOyRWffOuR12zOzY32U/hj8VK2vj/Q/rpyx5zrVJn3DzpWgObPdVdlDDrOn/NeC 5ddLE7nXuADH7GhKsLbh1yWoEnaP2mHdnUiqln3naPi85Yezt9sTzDDKVvzHimJl bjuQg7wWDcr/l3dTqH0OxaiRl2C1/98nz6T2KpSM2rxOPy5rzj8dHkd0RirvME3X dcDayjBCbEXjWHxJoVA1hzem1Vjfguc4lj9OYviJsBK3dQ3S1st8rQIBVeKKnOyb YdFmmpBAHLWBRQPQk/GRnkpC2jhwqMuRHd3S8C/OQNIeRFqida48JVQCubpAFGV3 Zy9mxQKTz2HgRrUIOAwBlmoaJI49JJjvxtF6Y7Xv78qkEelDQD4= =Lvk3 -----END PGP SIGNATURE----- Merge 4.14.148 into android-4.14-q Changes in 4.14.148 tpm: migrate pubek_show to struct tpm_buf tpm: use tpm_try_get_ops() in tpm-sysfs.c. tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations drm/bridge: tc358767: Increase AUX transfer length limit drm/panel: simple: fix AUO g185han01 horizontal blanking video: ssd1307fb: Start page range at page_offset drm/stm: attach gem fence to atomic state drm/radeon: Fix EEH during kexec gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() ipmi_si: Only schedule continuously in the thread in maintenance mode clk: qoriq: Fix -Wunused-const-variable clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks clk: sirf: Don't reference clk_init_data after registration clk: zx296718: Don't reference clk_init_data after registration powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL powerpc/rtas: use device model APIs and serialization during LPM powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function powerpc/pseries/mobility: use cond_resched when updating device tree pinctrl: tegra: Fix write barrier placement in pmx_writel vfio_pci: Restore original state on release drm/nouveau/volt: Fix for some cards having 0 maximum voltage drm/amdgpu/si: fix ASIC tests powerpc/64s/exception: machine check use correct cfar for late handler powerpc/pseries: correctly track irq state in default idle arm64: fix unreachable code issue with cmpxchg clk: at91: select parent if main oscillator or bypass is enabled scsi: core: Reduce memory required for SCSI logging dma-buf/sw_sync: Synchronize signal vs syncpt free MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean i2c-cht-wc: Fix lockdep warning mfd: intel-lpss: Remove D3cold delay PCI: tegra: Fix OF node reference leak livepatch: Nullify obj->mod in klp_module_coming()'s error path ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes rtc: snvs: fix possible race condition HID: apple: Fix stuck function keys when using FN PCI: rockchip: Propagate errors for optional regulators PCI: imx6: Propagate errors for optional regulators PCI: exynos: Propagate errors for optional PHYs security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address fat: work around race with userspace's read via blockdev while mounting pktcdvd: remove warning on attempting to register non-passthrough dev hypfs: Fix error number left in struct pointer member kbuild: clean compressed initramfs image ocfs2: wait for recovering done after direct unlock request kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K bpf: fix use after free in prog symbol exposure cxgb4:Fix out-of-bounds MSI-X info array access erspan: remove the incorrect mtu limit for erspan hso: fix NULL-deref on tty open ipv6: drop incoming packets having a v4mapped source address net: ipv4: avoid mixed n_redirects and rate_tokens usage net: qlogic: Fix memory leak in ql_alloc_large_buffers net: Unpublish sk from sk_reuseport_cb before call_rcu nfc: fix memory leak in llcp_sock_bind() qmi_wwan: add support for Cinterion CLS8 devices sch_dsmark: fix potential NULL deref in dsmark_init() vsock: Fix a lockdep warning in __vsock_release() net/rds: Fix error handling in rds_ib_add_one() xen-netfront: do not use ~0U as error return value for xennet_fill_frags() tipc: fix unlimited bundling of small messages sch_cbq: validate TCA_CBQ_WRROPT to avoid crash ipv6: Handle missing host route in __ipv6_ifa_notify Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set smack: use GFP_NOFS while holding inode_smack::smk_lock NFC: fix attrs checks in netlink interface kexec: bail out upon SIGKILL when allocating memory. Linux 4.14.148 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
8390d98a1a |
This is the 4.14.148 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2bbfsACgkQONu9yGCS aT6Muw//fL0vFOn5znSGAIoABpjUlVgMH/b40KKXCL0UV27j1F1lW7nGs3fgyxow ZB7qfui7urJCoWfWUt+qFFTHD5dZV1bbYwQwDsPl4a9z2djGR/C90G9PYyAMqXhk dHh8pnV3lR5xPm3TXRcT2P8nGLYQ2LkFOQrSV/XcLfPisfebtKbJQSKFrt/qDaN4 C9sA9DlBK+0x+s2nZr66lWNLWZf4tkEflM4UZiRIJQ//nGZquR8OT1C/8ssf/XMF 9ahtEpzydqxsn8kb4kmoSYn+A5lotzabBkQNiQH/cNTm/5kQTfZP9DYx3PFO1GDo wQOyRWffOuR12zOzY32U/hj8VK2vj/Q/rpyx5zrVJn3DzpWgObPdVdlDDrOn/NeC 5ddLE7nXuADH7GhKsLbh1yWoEnaP2mHdnUiqln3naPi85Yezt9sTzDDKVvzHimJl bjuQg7wWDcr/l3dTqH0OxaiRl2C1/98nz6T2KpSM2rxOPy5rzj8dHkd0RirvME3X dcDayjBCbEXjWHxJoVA1hzem1Vjfguc4lj9OYviJsBK3dQ3S1st8rQIBVeKKnOyb YdFmmpBAHLWBRQPQk/GRnkpC2jhwqMuRHd3S8C/OQNIeRFqida48JVQCubpAFGV3 Zy9mxQKTz2HgRrUIOAwBlmoaJI49JJjvxtF6Y7Xv78qkEelDQD4= =Lvk3 -----END PGP SIGNATURE----- Merge 4.14.148 into android-4.14 Changes in 4.14.148 tpm: migrate pubek_show to struct tpm_buf tpm: use tpm_try_get_ops() in tpm-sysfs.c. tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations drm/bridge: tc358767: Increase AUX transfer length limit drm/panel: simple: fix AUO g185han01 horizontal blanking video: ssd1307fb: Start page range at page_offset drm/stm: attach gem fence to atomic state drm/radeon: Fix EEH during kexec gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() ipmi_si: Only schedule continuously in the thread in maintenance mode clk: qoriq: Fix -Wunused-const-variable clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks clk: sirf: Don't reference clk_init_data after registration clk: zx296718: Don't reference clk_init_data after registration powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL powerpc/rtas: use device model APIs and serialization during LPM powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function powerpc/pseries/mobility: use cond_resched when updating device tree pinctrl: tegra: Fix write barrier placement in pmx_writel vfio_pci: Restore original state on release drm/nouveau/volt: Fix for some cards having 0 maximum voltage drm/amdgpu/si: fix ASIC tests powerpc/64s/exception: machine check use correct cfar for late handler powerpc/pseries: correctly track irq state in default idle arm64: fix unreachable code issue with cmpxchg clk: at91: select parent if main oscillator or bypass is enabled scsi: core: Reduce memory required for SCSI logging dma-buf/sw_sync: Synchronize signal vs syncpt free MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean i2c-cht-wc: Fix lockdep warning mfd: intel-lpss: Remove D3cold delay PCI: tegra: Fix OF node reference leak livepatch: Nullify obj->mod in klp_module_coming()'s error path ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes rtc: snvs: fix possible race condition HID: apple: Fix stuck function keys when using FN PCI: rockchip: Propagate errors for optional regulators PCI: imx6: Propagate errors for optional regulators PCI: exynos: Propagate errors for optional PHYs security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address fat: work around race with userspace's read via blockdev while mounting pktcdvd: remove warning on attempting to register non-passthrough dev hypfs: Fix error number left in struct pointer member kbuild: clean compressed initramfs image ocfs2: wait for recovering done after direct unlock request kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K bpf: fix use after free in prog symbol exposure cxgb4:Fix out-of-bounds MSI-X info array access erspan: remove the incorrect mtu limit for erspan hso: fix NULL-deref on tty open ipv6: drop incoming packets having a v4mapped source address net: ipv4: avoid mixed n_redirects and rate_tokens usage net: qlogic: Fix memory leak in ql_alloc_large_buffers net: Unpublish sk from sk_reuseport_cb before call_rcu nfc: fix memory leak in llcp_sock_bind() qmi_wwan: add support for Cinterion CLS8 devices sch_dsmark: fix potential NULL deref in dsmark_init() vsock: Fix a lockdep warning in __vsock_release() net/rds: Fix error handling in rds_ib_add_one() xen-netfront: do not use ~0U as error return value for xennet_fill_frags() tipc: fix unlimited bundling of small messages sch_cbq: validate TCA_CBQ_WRROPT to avoid crash ipv6: Handle missing host route in __ipv6_ifa_notify Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set smack: use GFP_NOFS while holding inode_smack::smk_lock NFC: fix attrs checks in netlink interface kexec: bail out upon SIGKILL when allocating memory. Linux 4.14.148 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Paolo Abeni
|
562c2ff7e3 |
net: ipv4: avoid mixed n_redirects and rate_tokens usage
[ Upstream commit b406472b5ad79ede8d10077f0c8f05505ace8b6d ]
Since commit c09551c6ff7f ("net: ipv4: use a dedicated counter
for icmp_v4 redirect packets") we use 'n_redirects' to account
for redirect packets, but we still use 'rate_tokens' to compute
the redirect packets exponential backoff.
If the device sent to the relevant peer any ICMP error packet
after sending a redirect, it will also update 'rate_token' according
to the leaking bucket schema; typically 'rate_token' will raise
above BITS_PER_LONG and the redirect packets backoff algorithm
will produce undefined behavior.
Fix the issue using 'n_redirects' to compute the exponential backoff
in ip_rt_send_redirect().
Note that we still clear rate_tokens after a redirect silence period,
to avoid changing an established behaviour.
The root cause predates git history; before the mentioned commit in
the critical scenario, the kernel stopped sending redirects, after
the mentioned commit the behavior more randomic.
Reported-by: Xiumei Mu <xmu@redhat.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Fixes: c09551c6ff7f ("net: ipv4: use a dedicated counter for icmp_v4 redirect packets")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Haishuang Yan
|
881d460900 |
erspan: remove the incorrect mtu limit for erspan
[ Upstream commit 0e141f757b2c78c983df893e9993313e2dc21e38 ]
erspan driver calls ether_setup(), after commit 61e84623ace3
("net: centralize net_device min/max MTU checking"), the range
of mtu is [min_mtu, max_mtu], which is [68, 1500] by default.
It causes the dev mtu of the erspan device to not be greater
than 1500, this limit value is not correct for ipgre tap device.
Tested:
Before patch:
# ip link set erspan0 mtu 1600
Error: mtu greater than device maximum.
After patch:
# ip link set erspan0 mtu 1600
# ip -d link show erspan0
21: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1600 qdisc noop state DOWN
mode DEFAULT group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 0
Fixes: 61e84623ace3 ("net: centralize net_device min/max MTU checking")
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
9674240fb2 |
This is the 4.14.147 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2YdO8ACgkQONu9yGCS
aT50DBAAuLQNqoTz2C6HkEHqU6l9v491n8Aw6ILuUoILcoWGIOZEtdmKtRXXBWjR
v0s1T4FbeOZkKHTJGXuCd8Di6BYBDBSSBRSvuvWFisCyo/nwM3i1bNVz+i0IBAbS
Ug3mQOkCHfZgvht17XCDjcHgE2pdHThof5T9/3IIewfSyx4I0WZKlr4Xq1HF535g
30w1Ox+rWLQ4735LlGfMTd+oqYIaP91xyuFuGcsp2Pgy7nLFTtaa69fHD93qVH9o
2rdIowlYFU/uIkGx9qW/sMDq4Gp34xczdp/ABNiRylEL1Rf1cOkcn8KZX14ePodk
5x4hXHDkCWqquu6HnuTB6bzR7gwVsqxBEucT4v7wnkHTIFucEOeBc7E6T2llGTRe
dfESrc28lXN3E9WGu7gAqi7Hvr2oDGVffthySwR6Yq4WoVSppHTc/SekZ4p2qhAl
8jp4V86U5Fwr6ERCwZ0LcQ8TUK1j9KptpJ1P4Lb/w4wT2csq8DasunDm8/7lYFfp
ISa9OE4fF8bhSI45bP+o4WYac6x7F4A8RpdTGJ1qRp0crKDL7oKP5YtFzJTGyt2a
FDnONywuYu2Iayt76fqYU8Lh7yDpxzLSY/66VXRAPcb4Xtc55BKjlRaoEqXOPXqB
8sid+r28LHYiOlHDfb+J/IKI8YyGAiB5ac7Pakw7Q8d07fsxiuI=
=OgXW
-----END PGP SIGNATURE-----
Merge 4.14.147 into android-4.14
Changes in 4.14.147
Revert "Bluetooth: validate BLE connection interval updates"
powerpc/xive: Fix bogus error code returned by OPAL
objtool: Query pkg-config for libelf location
IB/core: Add an unbound WQ type to the new CQ API
HID: prodikeys: Fix general protection fault during probe
HID: sony: Fix memory corruption issue on cleanup.
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
iwlwifi: mvm: send BCAST management frames to the right station
media: tvp5150: fix switch exit in set control handler
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ALSA: hda - Apply AMD controller workaround for Raven platform
objtool: Clobber user CFLAGS variable
pinctrl: sprd: Use define directive for sprd_pinconf_params values
power: supply: sysfs: ratelimit property read error message
locking/lockdep: Add debug_locks check in __lock_downgrade()
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
blk-mq: move cancel of requeue_work to the front of blk_exit_queue
Revert "f2fs: avoid out-of-range memory access"
dm zoned: fix invalid memory access
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
net: don't warn in inet diag when IPV6 is disabled
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
xfs: don't crash on null attr fork xfs_bmapi_read
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
f2fs: use generic EFSBADCRC/EFSCORRUPTED
arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
macsec: drop skb sk before calling gro_cells_receive
net/phy: fix DP83865 10 Mbps HDX loopback disable function
net: qrtr: Stop rx_worker before freeing node
net/sched: act_sample: don't push mac header on ip6gre ingress
net_sched: add max len check for TCA_KIND
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
ppp: Fix memory leak in ppp_write
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
net/mlx5: Add device ID of upcoming BlueField-2
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
ALSA: hda: Flush interrupts on disabling
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ASoC: sgtl5000: Fix charge pump source assignment
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: exynos4-is: fix leaked of_node references
media: hdpvr: Add device num check and handling
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
EDAC/mc: Fix grain_bits calculation
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
EDAC/altera: Use the proper type for the IRQ status bits
ASoC: rsnd: don't call clk_get_rate() under atomic context
md/raid1: end bio when the device faulty
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
ACPI / processor: don't print errors for processorIDs == 0xff
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
efi: cper: print AER info of PCIe fatal error
sched/fair: Use rq_lock/unlock in online_fair_sched_group
media: gspca: zero usb_buf on error
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: mtk-mdp: fix reference count on old device tree
media: fdp1: Reduce FCP not found message level to debug
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
dmaengine: iop-adma: use correct printk format strings
perf record: Support aarch64 random socket_id assignment
media: i2c: ov5645: Fix power sequence
media: omap3isp: Don't set streaming state on random subdevs
media: imx: mipi csi-2: Don't fail if initial state times-out
net: lpc-enet: fix printk format strings
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
nbd: add missing config put
media: dvb-core: fix a memory leak bug
libperf: Fix alignment trap with xyarray contents in 'perf stat'
EDAC/amd64: Recognize DRAM device type ECC capability
EDAC/amd64: Decode syndrome before translating address
PM / devfreq: passive: Use non-devm notifiers
PM / devfreq: exynos-bus: Correct clock enable sequence
media: cec-notifier: clear cec_adap in cec_notifier_unregister
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: ov9650: add a sanity check
ASoC: es8316: fix headphone mixer volume table
ACPI / CPPC: do not require the _PSD method
arm64: kpti: ensure patched kernel text is fetched from PoU
nvmet: fix data units read and written counters in SMART log
iommu/amd: Silence warnings under memory pressure
iommu/iova: Avoid false sharing on fq_timer_on
libtraceevent: Change users plugin directory
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
ACPI: custom_method: fix memory leaks
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
mmc: sdhci: Fix incorrect switch to HS mode
raid5: don't increment read_errors on EILSEQ return
libertas: Add missing sentinel at end of if_usb.c fw_table
e1000e: add workaround for possible stalled packet
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
PM / devfreq: passive: fix compiler warning
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
printk: Do not lose last line in kmsg buffer dump
IB/hfi1: Define variables as unsigned long to fix KASAN warning
randstruct: Check member structs in is_pure_ops_struct()
ALSA: hda/realtek - Fixup mute led on HP Spectre x360
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
x86/retpolines: Fix up backport of a9d57ef15cbe
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ASoC: Intel: NHLT: Fix debug print format
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: samsung: Fix system restart on S3C6410
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
regulator: Defer init completion for a while after late_initcall
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
memcg, kmem: do not fail __GFP_NOFAIL charges
ovl: filter of trusted xattr results in audit
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
md/raid6: Set R5_ReadError when there is read failure on parity disk
md: don't report active array_state until after revalidate_disk() completes.
md: only call set_in_sync() when it is expected to succeed.
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix warning inside ext4_convert_unwritten_extents_endio
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: fix max ea value size
CIFS: Fix oplock handling for SMB 2.1+ protocols
md/raid0: avoid RAID0 data corruption due to layout confusion.
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item
Btrfs: fix race setting up and completing qgroup rescan workers
Linux 4.14.147
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
5c8d069c5d |
This is the 4.14.147 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2YdO8ACgkQONu9yGCS
aT50DBAAuLQNqoTz2C6HkEHqU6l9v491n8Aw6ILuUoILcoWGIOZEtdmKtRXXBWjR
v0s1T4FbeOZkKHTJGXuCd8Di6BYBDBSSBRSvuvWFisCyo/nwM3i1bNVz+i0IBAbS
Ug3mQOkCHfZgvht17XCDjcHgE2pdHThof5T9/3IIewfSyx4I0WZKlr4Xq1HF535g
30w1Ox+rWLQ4735LlGfMTd+oqYIaP91xyuFuGcsp2Pgy7nLFTtaa69fHD93qVH9o
2rdIowlYFU/uIkGx9qW/sMDq4Gp34xczdp/ABNiRylEL1Rf1cOkcn8KZX14ePodk
5x4hXHDkCWqquu6HnuTB6bzR7gwVsqxBEucT4v7wnkHTIFucEOeBc7E6T2llGTRe
dfESrc28lXN3E9WGu7gAqi7Hvr2oDGVffthySwR6Yq4WoVSppHTc/SekZ4p2qhAl
8jp4V86U5Fwr6ERCwZ0LcQ8TUK1j9KptpJ1P4Lb/w4wT2csq8DasunDm8/7lYFfp
ISa9OE4fF8bhSI45bP+o4WYac6x7F4A8RpdTGJ1qRp0crKDL7oKP5YtFzJTGyt2a
FDnONywuYu2Iayt76fqYU8Lh7yDpxzLSY/66VXRAPcb4Xtc55BKjlRaoEqXOPXqB
8sid+r28LHYiOlHDfb+J/IKI8YyGAiB5ac7Pakw7Q8d07fsxiuI=
=OgXW
-----END PGP SIGNATURE-----
Merge 4.14.147 into android-4.14-q
Changes in 4.14.147
Revert "Bluetooth: validate BLE connection interval updates"
powerpc/xive: Fix bogus error code returned by OPAL
objtool: Query pkg-config for libelf location
IB/core: Add an unbound WQ type to the new CQ API
HID: prodikeys: Fix general protection fault during probe
HID: sony: Fix memory corruption issue on cleanup.
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
iwlwifi: mvm: send BCAST management frames to the right station
media: tvp5150: fix switch exit in set control handler
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ALSA: hda - Apply AMD controller workaround for Raven platform
objtool: Clobber user CFLAGS variable
pinctrl: sprd: Use define directive for sprd_pinconf_params values
power: supply: sysfs: ratelimit property read error message
locking/lockdep: Add debug_locks check in __lock_downgrade()
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
blk-mq: move cancel of requeue_work to the front of blk_exit_queue
Revert "f2fs: avoid out-of-range memory access"
dm zoned: fix invalid memory access
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
net: don't warn in inet diag when IPV6 is disabled
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
xfs: don't crash on null attr fork xfs_bmapi_read
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
f2fs: use generic EFSBADCRC/EFSCORRUPTED
arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
macsec: drop skb sk before calling gro_cells_receive
net/phy: fix DP83865 10 Mbps HDX loopback disable function
net: qrtr: Stop rx_worker before freeing node
net/sched: act_sample: don't push mac header on ip6gre ingress
net_sched: add max len check for TCA_KIND
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
ppp: Fix memory leak in ppp_write
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
net/mlx5: Add device ID of upcoming BlueField-2
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
ALSA: hda: Flush interrupts on disabling
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ASoC: sgtl5000: Fix charge pump source assignment
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: exynos4-is: fix leaked of_node references
media: hdpvr: Add device num check and handling
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
EDAC/mc: Fix grain_bits calculation
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
EDAC/altera: Use the proper type for the IRQ status bits
ASoC: rsnd: don't call clk_get_rate() under atomic context
md/raid1: end bio when the device faulty
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
ACPI / processor: don't print errors for processorIDs == 0xff
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
efi: cper: print AER info of PCIe fatal error
sched/fair: Use rq_lock/unlock in online_fair_sched_group
media: gspca: zero usb_buf on error
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: mtk-mdp: fix reference count on old device tree
media: fdp1: Reduce FCP not found message level to debug
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
dmaengine: iop-adma: use correct printk format strings
perf record: Support aarch64 random socket_id assignment
media: i2c: ov5645: Fix power sequence
media: omap3isp: Don't set streaming state on random subdevs
media: imx: mipi csi-2: Don't fail if initial state times-out
net: lpc-enet: fix printk format strings
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
nbd: add missing config put
media: dvb-core: fix a memory leak bug
libperf: Fix alignment trap with xyarray contents in 'perf stat'
EDAC/amd64: Recognize DRAM device type ECC capability
EDAC/amd64: Decode syndrome before translating address
PM / devfreq: passive: Use non-devm notifiers
PM / devfreq: exynos-bus: Correct clock enable sequence
media: cec-notifier: clear cec_adap in cec_notifier_unregister
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: ov9650: add a sanity check
ASoC: es8316: fix headphone mixer volume table
ACPI / CPPC: do not require the _PSD method
arm64: kpti: ensure patched kernel text is fetched from PoU
nvmet: fix data units read and written counters in SMART log
iommu/amd: Silence warnings under memory pressure
iommu/iova: Avoid false sharing on fq_timer_on
libtraceevent: Change users plugin directory
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
ACPI: custom_method: fix memory leaks
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
mmc: sdhci: Fix incorrect switch to HS mode
raid5: don't increment read_errors on EILSEQ return
libertas: Add missing sentinel at end of if_usb.c fw_table
e1000e: add workaround for possible stalled packet
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
PM / devfreq: passive: fix compiler warning
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
printk: Do not lose last line in kmsg buffer dump
IB/hfi1: Define variables as unsigned long to fix KASAN warning
randstruct: Check member structs in is_pure_ops_struct()
ALSA: hda/realtek - Fixup mute led on HP Spectre x360
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
x86/retpolines: Fix up backport of a9d57ef15cbe
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ASoC: Intel: NHLT: Fix debug print format
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: samsung: Fix system restart on S3C6410
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
regulator: Defer init completion for a while after late_initcall
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
memcg, kmem: do not fail __GFP_NOFAIL charges
ovl: filter of trusted xattr results in audit
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
md/raid6: Set R5_ReadError when there is read failure on parity disk
md: don't report active array_state until after revalidate_disk() completes.
md: only call set_in_sync() when it is expected to succeed.
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix warning inside ext4_convert_unwritten_extents_endio
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: fix max ea value size
CIFS: Fix oplock handling for SMB 2.1+ protocols
md/raid0: avoid RAID0 data corruption due to layout confusion.
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item
Btrfs: fix race setting up and completing qgroup rescan workers
Linux 4.14.147
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|