mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
9083 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Eric Dumazet
|
f2aa4f1a05 |
tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()
commit 967c05aee439e6e5d7d805e195b3a20ef5c433d6 upstream. If mtu probing is enabled tcp_mtu_probing() could very well end up with a too small MSS. Use the new sysctl tcp_min_snd_mss to make sure MSS search is performed in an acceptable range. CVE-2019-11479 -- tcp mss hardcoded to 48 Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Jonathan Lemon <jonathan.lemon@gmail.com> Cc: Jonathan Looney <jtl@netflix.com> Acked-by: Neal Cardwell <ncardwell@google.com> Cc: Yuchung Cheng <ycheng@google.com> Cc: Tyler Hicks <tyhicks@canonical.com> Cc: Bruce Curtis <brucec@netflix.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
cd6f35b842 |
tcp: add tcp_min_snd_mss sysctl
commit 5f3e2bf008c2221478101ee72f5cb4654b9fc363 upstream.
Some TCP peers announce a very small MSS option in their SYN and/or
SYN/ACK messages.
This forces the stack to send packets with a very high network/cpu
overhead.
Linux has enforced a minimal value of 48. Since this value includes
the size of TCP options, and that the options can consume up to 40
bytes, this means that each segment can include only 8 bytes of payload.
In some cases, it can be useful to increase the minimal value
to a saner value.
We still let the default to 48 (TCP_MIN_SND_MSS), for compatibility
reasons.
Note that TCP_MAXSEG socket option enforces a minimal value
of (TCP_MIN_MSS). David Miller increased this minimal value
in commit c39508d6f118 ("tcp: Make TCP_MAXSEG minimum more correct.")
from 64 to 88.
We might in the future merge TCP_MIN_SND_MSS and TCP_MIN_MSS.
CVE-2019-11479 -- tcp mss hardcoded to 48
Signed-off-by: Eric Dumazet <edumazet@google.com>
Suggested-by: Jonathan Looney <jtl@netflix.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Tyler Hicks <tyhicks@canonical.com>
Cc: Bruce Curtis <brucec@netflix.com>
Cc: Jonathan Lemon <jonathan.lemon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
9daf226ff9 |
tcp: tcp_fragment() should apply sane memory limits
commit f070ef2ac66716357066b683fb0baf55f8191a2e upstream. Jonathan Looney reported that a malicious peer can force a sender to fragment its retransmit queue into tiny skbs, inflating memory usage and/or overflow 32bit counters. TCP allows an application to queue up to sk_sndbuf bytes, so we need to give some allowance for non malicious splitting of retransmit queue. A new SNMP counter is added to monitor how many times TCP did not allow to split an skb if the allowance was exceeded. Note that this counter might increase in the case applications use SO_SNDBUF socket option to lower sk_sndbuf. CVE-2019-11478 : tcp_fragment, prevent fragmenting a packet when the socket is already using more than half the allowed space Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Jonathan Looney <jtl@netflix.com> Acked-by: Neal Cardwell <ncardwell@google.com> Acked-by: Yuchung Cheng <ycheng@google.com> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Cc: Bruce Curtis <brucec@netflix.com> Cc: Jonathan Lemon <jonathan.lemon@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
d632920554 |
tcp: limit payload size of sacked skbs
commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff upstream.
Jonathan Looney reported that TCP can trigger the following crash
in tcp_shifted_skb() :
BUG_ON(tcp_skb_pcount(skb) < pcount);
This can happen if the remote peer has advertized the smallest
MSS that linux TCP accepts : 48
An skb can hold 17 fragments, and each fragment can hold 32KB
on x86, or 64KB on PowerPC.
This means that the 16bit witdh of TCP_SKB_CB(skb)->tcp_gso_segs
can overflow.
Note that tcp_sendmsg() builds skbs with less than 64KB
of payload, so this problem needs SACK to be enabled.
SACK blocks allow TCP to coalesce multiple skbs in the retransmit
queue, thus filling the 17 fragments to maximal capacity.
CVE-2019-11477 -- u16 overflow of TCP_SKB_CB(skb)->tcp_gso_segs
Backport notes, provided by Joao Martins <joao.m.martins@oracle.com>
v4.15 or since commit 737ff314563 ("tcp: use sequence distance to
detect reordering") had switched from the packet-based FACK tracking and
switched to sequence-based.
v4.14 and older still have the old logic and hence on
tcp_skb_shift_data() needs to retain its original logic and have
@fack_count in sync. In other words, we keep the increment of pcount with
tcp_skb_pcount(skb) to later used that to update fack_count. To make it
more explicit we track the new skb that gets incremented to pcount in
@next_pcount, and we get to avoid the constant invocation of
tcp_skb_pcount(skb) all together.
Fixes: 832d11c5cd07 ("tcp: Try to restore large SKBs while SACK processing")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Jonathan Looney <jtl@netflix.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Bruce Curtis <brucec@netflix.com>
Cc: Jonathan Lemon <jonathan.lemon@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
b2ea53195d |
tcp: reduce tcp_fastretrans_alert() verbosity
commit 8ba6ddaaf86c4c6814774e4e4ef158b732bd9f9f upstream. With upcoming rb-tree implementation, the checks will trigger more often, and this is expected. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Amit Shah <amit@infradead.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
8e1d939d22 |
This is the 4.14.124 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlz8sr0ACgkQONu9yGCS aT54tw/+MuNheIksFu/G9xPkjPykIL6bkqTQBlMzLvdNTqfqBQz6w41NR0QVcs9i BTo1m6FUlxpIXilsvWfBsdaRV6/LdqDzIkr0LskD45Wj6nTHZN/kCAQL0PAH0KaR ZHQzwefZVEvfdDaC4Z8MKDOmot3uZQunljtF6lGGbabIJ1hRxNfo5dNuLKt7Bh4G BrUou5fB4NO4FIS429p5xzmEjmiEvNZO5oQapb9YmX0vhkYwNn+kYwLJcYBZ6cX1 FWdSdyfv1x8uSKcT/v+Zhb4WMSkf1538PrSCdPJQ58U42zXLAgf5O/cOpsJfnK8Z MX8bTWEewHRN7z3q0ojygcqk1HhTiVMufFdqSrE9FN8O8WwowLNysM0L77bDnRNs /IdTL/XX9aD7lcToVEuH1RbCWFjUT99pWsubgbvQGOMiehWQOPbp5xfIkJywSbmf Pqu3LRzHx0JEeKADrcU4UAH+TpQg8Vy3m0EibslqQNjLssxtGyOLUhSyuaxtcQLP vX69FI/RFLrd4qs1nyr6QWD2wsjGMf+9HbUA5faW3REpK+ndJo6M6tgyCLOLHKay EB9j6cwolbvtQH/DMJh1SA4ut0SGCGUd/4fhAo8ZWES/3bWmtmVcaaz90ohQ61c8 x0Z6nxOviYNxG4F0OTwHequETF8bXhhvDdRRkjjE5leLveuJ86c= =ZOJI -----END PGP SIGNATURE----- Merge 4.14.124 into android-4.14-q Changes in 4.14.124 inet: switch IP ID generator to siphash ipv6: Consider sk_bound_dev_if when binding a raw socket to an address llc: fix skb leak in llc_build_and_send_ui_pkt() net: fec: fix the clk mismatch in failed_reset path net-gro: fix use-after-free read in napi_gro_frags() net: stmmac: fix reset gpio free missing usbnet: fix kernel crash after disconnect tipc: Avoid copying bytes beyond the supplied data net/mlx5: Allocate root ns memory using kzalloc to match kfree bnxt_en: Fix aggregation buffer leak under OOM condition. ipv4/igmp: fix another memory leak in igmpv3_del_delrec() ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT net: mvneta: Fix err code path of probe net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value net: phy: marvell10g: report if the PHY fails to boot firmware crypto: vmx - ghash: do nosimd fallback manually xen/pciback: Don't disable PCI_COMMAND on PCI device reset. Revert "tipc: fix modprobe tipc failed after switch order of device registration" tipc: fix modprobe tipc failed after switch order of device registration sparc64: Fix regression in non-hypervisor TLB flush xcall include/linux/bitops.h: sanitize rotate primitives xhci: update bounce buffer with correct sg num xhci: Use %zu for printing size_t type xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() usb: xhci: avoid null pointer deref when bos field is NULL usbip: usbip_host: fix BUG: sleeping function called from invalid context usbip: usbip_host: fix stub_dev lock context imbalance regression USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor USB: sisusbvga: fix oops in error path of sisusb_probe USB: Add LPM quirk for Surface Dock GigE adapter USB: rio500: refuse more than one device at a time USB: rio500: fix memory leak in close after disconnect media: usb: siano: Fix general protection fault in smsusb media: usb: siano: Fix false-positive "uninitialized variable" warning media: smsusb: better handle optional alignment scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) Btrfs: fix wrong ctime and mtime of a directory after log replay Btrfs: fix race updating log root item during fsync Btrfs: fix fsync not persisting changed attributes of a directory Btrfs: incremental send, fix file corruption when no-holes feature is enabled KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts powerpc/perf: Fix MMCRA corruption by bhrb_filter ALSA: hda/realtek - Set default power save node to 0 KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID drm/nouveau/i2c: Disable i2c bus access after ->fini() tty: serial: msm_serial: Fix XON/XOFF tty: max310x: Fix external crystal register setup memcg: make it work on sparse non-0-node systems kernel/signal.c: trace_signal_deliver when signal_group_exit docs: Fix conf.py for Sphinx 2.0 doc: Cope with the deprecation of AutoReporter doc: Cope with Sphinx logging deprecations ima: show rules with IMA_INMASK correctly serial: sh-sci: disable DMA for uart_console staging: vc04_services: prevent integer overflow in create_pagelist() staging: wlan-ng: fix adapter initialization failure CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM Revert "lockd: Show pid of lockd for remote locks" gcc-plugins: Fix build failures under Darwin host drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set drm/rockchip: shutdown drm subsystem on shutdown Compiler Attributes: add support for __copy (gcc >= 9) include/linux/module.h: copy __init/__exit attrs to init/cleanup_module Revert "x86/build: Move _etext to actual end of .text" Revert "binder: fix handling of misaligned binder object" binder: fix race between munmap() and direct reclaim media: uvcvideo: Fix uvc_alloc_entity() allocation alignment Linux 4.14.124 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
225970c2e8 |
This is the 4.14.124 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlz8sr0ACgkQONu9yGCS aT54tw/+MuNheIksFu/G9xPkjPykIL6bkqTQBlMzLvdNTqfqBQz6w41NR0QVcs9i BTo1m6FUlxpIXilsvWfBsdaRV6/LdqDzIkr0LskD45Wj6nTHZN/kCAQL0PAH0KaR ZHQzwefZVEvfdDaC4Z8MKDOmot3uZQunljtF6lGGbabIJ1hRxNfo5dNuLKt7Bh4G BrUou5fB4NO4FIS429p5xzmEjmiEvNZO5oQapb9YmX0vhkYwNn+kYwLJcYBZ6cX1 FWdSdyfv1x8uSKcT/v+Zhb4WMSkf1538PrSCdPJQ58U42zXLAgf5O/cOpsJfnK8Z MX8bTWEewHRN7z3q0ojygcqk1HhTiVMufFdqSrE9FN8O8WwowLNysM0L77bDnRNs /IdTL/XX9aD7lcToVEuH1RbCWFjUT99pWsubgbvQGOMiehWQOPbp5xfIkJywSbmf Pqu3LRzHx0JEeKADrcU4UAH+TpQg8Vy3m0EibslqQNjLssxtGyOLUhSyuaxtcQLP vX69FI/RFLrd4qs1nyr6QWD2wsjGMf+9HbUA5faW3REpK+ndJo6M6tgyCLOLHKay EB9j6cwolbvtQH/DMJh1SA4ut0SGCGUd/4fhAo8ZWES/3bWmtmVcaaz90ohQ61c8 x0Z6nxOviYNxG4F0OTwHequETF8bXhhvDdRRkjjE5leLveuJ86c= =ZOJI -----END PGP SIGNATURE----- Merge 4.14.124 into android-4.14 Changes in 4.14.124 inet: switch IP ID generator to siphash ipv6: Consider sk_bound_dev_if when binding a raw socket to an address llc: fix skb leak in llc_build_and_send_ui_pkt() net: fec: fix the clk mismatch in failed_reset path net-gro: fix use-after-free read in napi_gro_frags() net: stmmac: fix reset gpio free missing usbnet: fix kernel crash after disconnect tipc: Avoid copying bytes beyond the supplied data net/mlx5: Allocate root ns memory using kzalloc to match kfree bnxt_en: Fix aggregation buffer leak under OOM condition. ipv4/igmp: fix another memory leak in igmpv3_del_delrec() ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT net: mvneta: Fix err code path of probe net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value net: phy: marvell10g: report if the PHY fails to boot firmware crypto: vmx - ghash: do nosimd fallback manually xen/pciback: Don't disable PCI_COMMAND on PCI device reset. Revert "tipc: fix modprobe tipc failed after switch order of device registration" tipc: fix modprobe tipc failed after switch order of device registration sparc64: Fix regression in non-hypervisor TLB flush xcall include/linux/bitops.h: sanitize rotate primitives xhci: update bounce buffer with correct sg num xhci: Use %zu for printing size_t type xhci: Convert xhci_handshake() to use readl_poll_timeout_atomic() usb: xhci: avoid null pointer deref when bos field is NULL usbip: usbip_host: fix BUG: sleeping function called from invalid context usbip: usbip_host: fix stub_dev lock context imbalance regression USB: Fix slab-out-of-bounds write in usb_get_bos_descriptor USB: sisusbvga: fix oops in error path of sisusb_probe USB: Add LPM quirk for Surface Dock GigE adapter USB: rio500: refuse more than one device at a time USB: rio500: fix memory leak in close after disconnect media: usb: siano: Fix general protection fault in smsusb media: usb: siano: Fix false-positive "uninitialized variable" warning media: smsusb: better handle optional alignment scsi: zfcp: fix missing zfcp_port reference put on -EBUSY from port_remove scsi: zfcp: fix to prevent port_remove with pure auto scan LUNs (only sdevs) Btrfs: fix wrong ctime and mtime of a directory after log replay Btrfs: fix race updating log root item during fsync Btrfs: fix fsync not persisting changed attributes of a directory Btrfs: incremental send, fix file corruption when no-holes feature is enabled KVM: PPC: Book3S HV: XIVE: Do not clear IRQ data of passthrough interrupts powerpc/perf: Fix MMCRA corruption by bhrb_filter ALSA: hda/realtek - Set default power save node to 0 KVM: s390: Do not report unusabled IDs via KVM_CAP_MAX_VCPU_ID drm/nouveau/i2c: Disable i2c bus access after ->fini() tty: serial: msm_serial: Fix XON/XOFF tty: max310x: Fix external crystal register setup memcg: make it work on sparse non-0-node systems kernel/signal.c: trace_signal_deliver when signal_group_exit docs: Fix conf.py for Sphinx 2.0 doc: Cope with the deprecation of AutoReporter doc: Cope with Sphinx logging deprecations ima: show rules with IMA_INMASK correctly serial: sh-sci: disable DMA for uart_console staging: vc04_services: prevent integer overflow in create_pagelist() staging: wlan-ng: fix adapter initialization failure CIFS: cifs_read_allocate_pages: don't iterate through whole page array on ENOMEM Revert "lockd: Show pid of lockd for remote locks" gcc-plugins: Fix build failures under Darwin host drm/vmwgfx: Don't send drm sysfs hotplug events on initial master set drm/rockchip: shutdown drm subsystem on shutdown Compiler Attributes: add support for __copy (gcc >= 9) include/linux/module.h: copy __init/__exit attrs to init/cleanup_module Revert "x86/build: Move _etext to actual end of .text" Revert "binder: fix handling of misaligned binder object" binder: fix race between munmap() and direct reclaim media: uvcvideo: Fix uvc_alloc_entity() allocation alignment Linux 4.14.124 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Eric Dumazet
|
47842fc63e |
ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
[ Upstream commit 903869bd10e6719b9df6718e785be7ec725df59f ]
ip_sf_list_clear_all() needs to be defined even if !CONFIG_IP_MULTICAST
Fixes: 3580d04aa674 ("ipv4/igmp: fix another memory leak in igmpv3_del_delrec()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
5e5fda4b14 |
ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
[ Upstream commit 3580d04aa674383c42de7b635d28e52a1e5bc72c ]
syzbot reported memory leaks [1] that I have back tracked to
a missing cleanup from igmpv3_del_delrec() when
(im->sfmode != MCAST_INCLUDE)
Add ip_sf_list_clear_all() and kfree_pmc() helpers to explicitely
handle the cleanups before freeing.
[1]
BUG: memory leak
unreferenced object 0xffff888123e32b00 (size 64):
comm "softirq", pid 0, jiffies 4294942968 (age 8.010s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 e0 00 00 01 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[<000000006105011b>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline]
[<000000006105011b>] slab_post_alloc_hook mm/slab.h:439 [inline]
[<000000006105011b>] slab_alloc mm/slab.c:3326 [inline]
[<000000006105011b>] kmem_cache_alloc_trace+0x13d/0x280 mm/slab.c:3553
[<000000004bba8073>] kmalloc include/linux/slab.h:547 [inline]
[<000000004bba8073>] kzalloc include/linux/slab.h:742 [inline]
[<000000004bba8073>] ip_mc_add1_src net/ipv4/igmp.c:1961 [inline]
[<000000004bba8073>] ip_mc_add_src+0x36b/0x400 net/ipv4/igmp.c:2085
[<00000000a46a65a0>] ip_mc_msfilter+0x22d/0x310 net/ipv4/igmp.c:2475
[<000000005956ca89>] do_ip_setsockopt.isra.0+0x1795/0x1930 net/ipv4/ip_sockglue.c:957
[<00000000848e2d2f>] ip_setsockopt+0x3b/0xb0 net/ipv4/ip_sockglue.c:1246
[<00000000b9db185c>] udp_setsockopt+0x4e/0x90 net/ipv4/udp.c:2616
[<000000003028e438>] sock_common_setsockopt+0x38/0x50 net/core/sock.c:3130
[<0000000015b65589>] __sys_setsockopt+0x98/0x120 net/socket.c:2078
[<00000000ac198ef0>] __do_sys_setsockopt net/socket.c:2089 [inline]
[<00000000ac198ef0>] __se_sys_setsockopt net/socket.c:2086 [inline]
[<00000000ac198ef0>] __x64_sys_setsockopt+0x26/0x30 net/socket.c:2086
[<000000000a770437>] do_syscall_64+0x76/0x1a0 arch/x86/entry/common.c:301
[<00000000d3adb93b>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: 9c8bb163ae78 ("igmp, mld: Fix memory leak in igmpv3/mld_del_delrec()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Hangbin Liu <liuhangbin@gmail.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
e10789acbe |
inet: switch IP ID generator to siphash
[ Upstream commit df453700e8d81b1bdafdf684365ee2b9431fb702 ] According to Amit Klein and Benny Pinkas, IP ID generation is too weak and might be used by attackers. Even with recent net_hash_mix() fix (netns: provide pure entropy for net_hash_mix()) having 64bit key and Jenkins hash is risky. It is time to switch to siphash and its 128bit keys. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Amit Klein <aksecurity@gmail.com> Reported-by: Benny Pinkas <benny@pinkas.net> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
9e4f3e0a04 |
This is the 4.14.123 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzxMHgACgkQONu9yGCS aT5I0w/+OblFNqCut1rrLwYKOTuF0Xwt6/V6+be+I9r35OyF/ZVm5mLzNfS6GFFO 1l6ZAhHrRzmRZr6nwkmQcrE3miP66PEePRMYTMs38Baz9TW38hA+bEcKvNmNM7Em Y90KPTd4iktHkrw83MPUIucc/F3o3+SaIC/L/uPmQzJc4odRRZZP7qRCIVTwGC5Z 8oxFKBxEUJ6uUmyF1UrCg5TdSmttW2679C6kBFMO2leLmY9nNYjYIwZ8SxRI2OJp CgDDhAF3JgwYRJq9lPtR6+HakB+RhR/YMhcaC3+sjGmryII90D7kBzeL3ozRbI/f MwGI1IsVgl7Qkk/hxaXZACjiUuHPUOu++biAQl2HMlUQ6VkHt8z+yZzxRQg4tOUU W/1LPvSx2MzRNhqn1IxaEcI20qwtVl07U40swN0VU7s7nlwt9Gz0XZRVxzQpY8Fl c1/zzET/4sus8sEMUE6Dbmx7Nyb5Q/KJjt46f8ZeML3/VTeCfdxhlJv0jDjqLPaO QaYf/dTYAWH47MOuIArW6wRmhVDxpQ/b67vfkCe1aOKrXHsjrfwqN8xZkE4yeWTS xj91v7ZlmLhg5lRT0NbCaCK8Ku9stbadcqllWNjAsuWctmsA3+8/GWkjV5hrG/pw DeO5uhtYdOT5B4UeYlP8/rwZYVH1vKwNSelBwKmMjzyYf42VFGg= =6Rms -----END PGP SIGNATURE----- Merge 4.14.123 into android-4.14-q Changes in 4.14.123 x86: Hide the int3_emulate_call/jmp functions from UML ext4: do not delete unlinked inode from orphan list on failed truncate f2fs: Fix use of number of devices KVM: x86: fix return value for reserved EFER bio: fix improper use of smp_mb__before_atomic() sbitmap: fix improper use of smp_mb__before_atomic() Revert "scsi: sd: Keep disk read-only when re-reading partition" crypto: vmx - CTR: always increment IV as quadword mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem kvm: svm/avic: fix off-by-one in checking host APIC ID libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead libnvdimm/namespace: Fix label tracking error arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable gfs2: Fix sign extension bug in gfs2_update_stats Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path Btrfs: avoid fallback to transaction commit during fsync of files with holes Btrfs: fix race between ranged fsync and writeback of adjacent ranges btrfs: sysfs: Fix error path kobject memory leak btrfs: sysfs: don't leak memory when failing add fsid fbdev: fix divide error in fb_var_to_videomode hugetlb: use same fault hash key for shared and private mappings brcmfmac: assure SSID length from firmware is limited brcmfmac: add subtype check for event handling in data path btrfs: honor path->skip_locking in backref code fbdev: fix WARNING in __alloc_pages_nodemask bug media: cpia2: Fix use-after-free in cpia2_exit media: serial_ir: Fix use-after-free in serial_ir_init_module media: vivid: use vfree() instead of kfree() for dev->bitmap_cap ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit bpf: devmap: fix use-after-free Read in __dev_map_entry_free batman-adv: mcast: fix multicast tt/tvlv worker locking at76c50x-usb: Don't register led_trigger if usb_register_driver failed net: erspan: fix use-after-free Revert "btrfs: Honour FITRIM range constraints during free space trim" gfs2: Fix lru_count going negative cxgb4: Fix error path in cxgb4_init_module NFS: make nfs_match_client killable IB/hfi1: Fix WQ_MEM_RECLAIM warning gfs2: Fix occasional glock use-after-free mmc: core: Verify SD bus width tools/bpf: fix perf build error with uClibc (seen on ARC) dmaengine: tegra210-dma: free dma controller in remove() net: ena: gcc 8: fix compilation warning pinctrl: zte: fix leaked of_node references ASoC: hdmi-codec: unlock the device on startup errors powerpc/perf: Return accordingly on invalid chip-id in powerpc/boot: Fix missing check of lseek() return value ASoC: imx: fix fiq dependencies spi: pxa2xx: fix SCR (divisor) calculation brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() ARM: vdso: Remove dependency with the arch_timer driver internals arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable sched/cpufreq: Fix kobject memleak scsi: qla2xxx: Fix a qla24xx_enable_msix() error path scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve btrfs: fix panic during relocation after ENOSPC before writeback happens btrfs: Don't panic when we can't find a root key iwlwifi: pcie: don't crash on invalid RX interrupt rtc: 88pm860x: prevent use-after-free on device remove scsi: qedi: Abort ep termination if offload not scheduled w1: fix the resume command API dmaengine: pl330: _stop: clear interrupt status mac80211/cfg80211: update bss channel on channel switch libbpf: fix samples/bpf build failure due to undefined UINT32_MAX ASoC: fsl_sai: Update is_slave_mode with correct value mwifiex: prevent an array overflow net: cw1200: fix a NULL pointer dereference crypto: sun4i-ss - Fix invalid calculation of hash end bcache: return error immediately in bch_journal_replay() bcache: fix failure in journal relplay bcache: add failure check to run_cache_set() for journal replay bcache: avoid clang -Wunintialized warning vfio-ccw: Do not call flush_workqueue while holding the spinlock vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev x86/build: Move _etext to actual end of .text smpboot: Place the __percpu annotation correctly x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions HID: logitech-hidpp: use RAP instead of FAP to get the protocol version pinctrl: pistachio: fix leaked of_node references pinctrl: samsung: fix leaked of_node references clk: rockchip: undo several noc and special clocks as critical on rk3288 dmaengine: at_xdmac: remove BUG_ON macro in tasklet media: coda: clear error return value before picture run media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper media: au0828: stop video streaming only when last user stops media: ov2659: make S_FMT succeed even if requested format doesn't match audit: fix a memory leak bug media: stm32-dcmi: fix crash when subdev do not expose any formats media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() media: pvrusb2: Prevent a buffer overflow powerpc/numa: improve control of topology updates powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX random: add a spinlock_t to struct batched_entropy cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock sched/core: Check quota and period overflow at usec to nsec conversion sched/rt: Check integer overflow at usec to nsec conversion sched/core: Handle overflow in cpu_shares_write_u64 drm/msm: a5xx: fix possible object reference leak USB: core: Don't unbind interfaces following device reset failure x86/irq/64: Limit IST stack overflow check to #DB stack phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode i40e: Able to add up to 16 MAC filters on an untrusted VF i40e: don't allow changes to HW VLAN stripping on active port VLANs arm64: vdso: Fix clock_getres() for CLOCK_REALTIME RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure hwmon: (vt1211) Use request_muxed_region for Super-IO accesses hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses hwmon: (pc87427) Use request_muxed_region for Super-IO accesses hwmon: (f71805f) Use request_muxed_region for Super-IO accesses scsi: libsas: Do discovery on empty PHY to update PHY info mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers mmc_spi: add a status check for spi_sync_locked mmc: sdhci-of-esdhc: add erratum eSDHC5 support mmc: sdhci-of-esdhc: add erratum A-009204 support mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support drm/amdgpu: fix old fence check in amdgpu_fence_emit PM / core: Propagate dev->power.wakeup_path when no callbacks clk: rockchip: Fix video codec clocks on rk3288 extcon: arizona: Disable mic detect if running when driver is removed clk: rockchip: Make rkpwm a critical clock on rk3288 s390: zcrypt: initialize variables before_use x86/microcode: Fix the ancient deprecated microcode loading method s390: cio: fix cio_irb declaration cpufreq: ppc_cbe: fix possible object reference leak cpufreq/pasemi: fix possible object reference leak cpufreq: pmac32: fix possible object reference leak cpufreq: kirkwood: fix possible object reference leak block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR x86/build: Keep local relocations with ld.lld iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion iio: hmc5843: fix potential NULL pointer dereferences iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data rtlwifi: fix a potential NULL pointer dereference mwifiex: Fix mem leak in mwifiex_tm_cmd brcmfmac: fix missing checks for kmemdup b43: shut up clang -Wuninitialized variable warning brcmfmac: convert dev_init_lock mutex to completion brcmfmac: fix WARNING during USB disconnect in case of unempty psq brcmfmac: fix race during disconnect when USB completion is in progress brcmfmac: fix Oops when bringing up interface during USB disconnect rtc: xgene: fix possible race condition rtlwifi: fix potential NULL pointer dereference scsi: ufs: Fix regulator load and icc-level configuration scsi: ufs: Avoid configuring regulator with undefined voltage range arm64: cpu_ops: fix a leaked reference by adding missing of_node_put x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP x86/uaccess, signal: Fix AC=1 bloat x86/ia32: Fix ia32_restore_sigcontext() AC leak chardev: add additional check for minor range overlap RDMA/hns: Fix bad endianess of port_pd variable HID: core: move Usage Page concatenation to Main item ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put cxgb3/l2t: Fix undefined behaviour HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent spi: tegra114: reset controller on probe kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice. media: video-mux: fix null pointer dereferences media: wl128x: prevent two potential buffer overflows scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check virtio_console: initialize vtermno value for ports tty: ipwireless: fix missing checks for ioremap x86/mce: Fix machine_check_poll() tests for error types rcutorture: Fix cleanup path for invalid torture_type strings rcuperf: Fix cleanup path for invalid perf_type strings usb: core: Add PM runtime calls to usb_hcd_platform_shutdown scsi: qla4xxx: avoid freeing unallocated dma memory batman-adv: allow updating DAT entry timeouts on incoming ARP Replies dmaengine: tegra210-adma: use devm_clk_*() helpers hwrng: omap - Set default quality thunderbolt: Fix to check for kmemdup failure media: m88ds3103: serialize reset messages in m88ds3103_set_frontend media: vimc: stream: fix thread state before sleep media: go7007: avoid clang frame overflow warning with KASAN media: vimc: zero the media_device on probe scsi: lpfc: Fix FDMI manufacturer attribute value scsi: lpfc: Fix fc4type information for FDMI media: saa7146: avoid high stack usage with clang scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices spi : spi-topcliff-pch: Fix to handle empty DMA buffers spi: rspi: Fix sequencer reset during initialization spi: Fix zero length xfer bug ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM drm/drv: Hold ref on parent device during drm_device lifetime drm: Wake up next in drm_read() chain if we are forced to putback the event vfio-ccw: Prevent quiesce function going into an infinite loop NFS: Fix a double unlock from nfs_match,get_client Linux 4.14.123 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
acd501fffb |
This is the 4.14.123 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzxMHgACgkQONu9yGCS aT5I0w/+OblFNqCut1rrLwYKOTuF0Xwt6/V6+be+I9r35OyF/ZVm5mLzNfS6GFFO 1l6ZAhHrRzmRZr6nwkmQcrE3miP66PEePRMYTMs38Baz9TW38hA+bEcKvNmNM7Em Y90KPTd4iktHkrw83MPUIucc/F3o3+SaIC/L/uPmQzJc4odRRZZP7qRCIVTwGC5Z 8oxFKBxEUJ6uUmyF1UrCg5TdSmttW2679C6kBFMO2leLmY9nNYjYIwZ8SxRI2OJp CgDDhAF3JgwYRJq9lPtR6+HakB+RhR/YMhcaC3+sjGmryII90D7kBzeL3ozRbI/f MwGI1IsVgl7Qkk/hxaXZACjiUuHPUOu++biAQl2HMlUQ6VkHt8z+yZzxRQg4tOUU W/1LPvSx2MzRNhqn1IxaEcI20qwtVl07U40swN0VU7s7nlwt9Gz0XZRVxzQpY8Fl c1/zzET/4sus8sEMUE6Dbmx7Nyb5Q/KJjt46f8ZeML3/VTeCfdxhlJv0jDjqLPaO QaYf/dTYAWH47MOuIArW6wRmhVDxpQ/b67vfkCe1aOKrXHsjrfwqN8xZkE4yeWTS xj91v7ZlmLhg5lRT0NbCaCK8Ku9stbadcqllWNjAsuWctmsA3+8/GWkjV5hrG/pw DeO5uhtYdOT5B4UeYlP8/rwZYVH1vKwNSelBwKmMjzyYf42VFGg= =6Rms -----END PGP SIGNATURE----- Merge 4.14.123 into android-4.14 Changes in 4.14.123 x86: Hide the int3_emulate_call/jmp functions from UML ext4: do not delete unlinked inode from orphan list on failed truncate f2fs: Fix use of number of devices KVM: x86: fix return value for reserved EFER bio: fix improper use of smp_mb__before_atomic() sbitmap: fix improper use of smp_mb__before_atomic() Revert "scsi: sd: Keep disk read-only when re-reading partition" crypto: vmx - CTR: always increment IV as quadword mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem kvm: svm/avic: fix off-by-one in checking host APIC ID libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead libnvdimm/namespace: Fix label tracking error arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable gfs2: Fix sign extension bug in gfs2_update_stats Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path Btrfs: avoid fallback to transaction commit during fsync of files with holes Btrfs: fix race between ranged fsync and writeback of adjacent ranges btrfs: sysfs: Fix error path kobject memory leak btrfs: sysfs: don't leak memory when failing add fsid fbdev: fix divide error in fb_var_to_videomode hugetlb: use same fault hash key for shared and private mappings brcmfmac: assure SSID length from firmware is limited brcmfmac: add subtype check for event handling in data path btrfs: honor path->skip_locking in backref code fbdev: fix WARNING in __alloc_pages_nodemask bug media: cpia2: Fix use-after-free in cpia2_exit media: serial_ir: Fix use-after-free in serial_ir_init_module media: vivid: use vfree() instead of kfree() for dev->bitmap_cap ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit bpf: devmap: fix use-after-free Read in __dev_map_entry_free batman-adv: mcast: fix multicast tt/tvlv worker locking at76c50x-usb: Don't register led_trigger if usb_register_driver failed net: erspan: fix use-after-free Revert "btrfs: Honour FITRIM range constraints during free space trim" gfs2: Fix lru_count going negative cxgb4: Fix error path in cxgb4_init_module NFS: make nfs_match_client killable IB/hfi1: Fix WQ_MEM_RECLAIM warning gfs2: Fix occasional glock use-after-free mmc: core: Verify SD bus width tools/bpf: fix perf build error with uClibc (seen on ARC) dmaengine: tegra210-dma: free dma controller in remove() net: ena: gcc 8: fix compilation warning pinctrl: zte: fix leaked of_node references ASoC: hdmi-codec: unlock the device on startup errors powerpc/perf: Return accordingly on invalid chip-id in powerpc/boot: Fix missing check of lseek() return value ASoC: imx: fix fiq dependencies spi: pxa2xx: fix SCR (divisor) calculation brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() ARM: vdso: Remove dependency with the arch_timer driver internals arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable sched/cpufreq: Fix kobject memleak scsi: qla2xxx: Fix a qla24xx_enable_msix() error path scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve btrfs: fix panic during relocation after ENOSPC before writeback happens btrfs: Don't panic when we can't find a root key iwlwifi: pcie: don't crash on invalid RX interrupt rtc: 88pm860x: prevent use-after-free on device remove scsi: qedi: Abort ep termination if offload not scheduled w1: fix the resume command API dmaengine: pl330: _stop: clear interrupt status mac80211/cfg80211: update bss channel on channel switch libbpf: fix samples/bpf build failure due to undefined UINT32_MAX ASoC: fsl_sai: Update is_slave_mode with correct value mwifiex: prevent an array overflow net: cw1200: fix a NULL pointer dereference crypto: sun4i-ss - Fix invalid calculation of hash end bcache: return error immediately in bch_journal_replay() bcache: fix failure in journal relplay bcache: add failure check to run_cache_set() for journal replay bcache: avoid clang -Wunintialized warning vfio-ccw: Do not call flush_workqueue while holding the spinlock vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev x86/build: Move _etext to actual end of .text smpboot: Place the __percpu annotation correctly x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions HID: logitech-hidpp: use RAP instead of FAP to get the protocol version pinctrl: pistachio: fix leaked of_node references pinctrl: samsung: fix leaked of_node references clk: rockchip: undo several noc and special clocks as critical on rk3288 dmaengine: at_xdmac: remove BUG_ON macro in tasklet media: coda: clear error return value before picture run media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper media: au0828: stop video streaming only when last user stops media: ov2659: make S_FMT succeed even if requested format doesn't match audit: fix a memory leak bug media: stm32-dcmi: fix crash when subdev do not expose any formats media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() media: pvrusb2: Prevent a buffer overflow powerpc/numa: improve control of topology updates powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX random: add a spinlock_t to struct batched_entropy cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock sched/core: Check quota and period overflow at usec to nsec conversion sched/rt: Check integer overflow at usec to nsec conversion sched/core: Handle overflow in cpu_shares_write_u64 drm/msm: a5xx: fix possible object reference leak USB: core: Don't unbind interfaces following device reset failure x86/irq/64: Limit IST stack overflow check to #DB stack phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode i40e: Able to add up to 16 MAC filters on an untrusted VF i40e: don't allow changes to HW VLAN stripping on active port VLANs arm64: vdso: Fix clock_getres() for CLOCK_REALTIME RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure hwmon: (vt1211) Use request_muxed_region for Super-IO accesses hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses hwmon: (pc87427) Use request_muxed_region for Super-IO accesses hwmon: (f71805f) Use request_muxed_region for Super-IO accesses scsi: libsas: Do discovery on empty PHY to update PHY info mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers mmc_spi: add a status check for spi_sync_locked mmc: sdhci-of-esdhc: add erratum eSDHC5 support mmc: sdhci-of-esdhc: add erratum A-009204 support mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support drm/amdgpu: fix old fence check in amdgpu_fence_emit PM / core: Propagate dev->power.wakeup_path when no callbacks clk: rockchip: Fix video codec clocks on rk3288 extcon: arizona: Disable mic detect if running when driver is removed clk: rockchip: Make rkpwm a critical clock on rk3288 s390: zcrypt: initialize variables before_use x86/microcode: Fix the ancient deprecated microcode loading method s390: cio: fix cio_irb declaration cpufreq: ppc_cbe: fix possible object reference leak cpufreq/pasemi: fix possible object reference leak cpufreq: pmac32: fix possible object reference leak cpufreq: kirkwood: fix possible object reference leak block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR x86/build: Keep local relocations with ld.lld iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion iio: hmc5843: fix potential NULL pointer dereferences iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data rtlwifi: fix a potential NULL pointer dereference mwifiex: Fix mem leak in mwifiex_tm_cmd brcmfmac: fix missing checks for kmemdup b43: shut up clang -Wuninitialized variable warning brcmfmac: convert dev_init_lock mutex to completion brcmfmac: fix WARNING during USB disconnect in case of unempty psq brcmfmac: fix race during disconnect when USB completion is in progress brcmfmac: fix Oops when bringing up interface during USB disconnect rtc: xgene: fix possible race condition rtlwifi: fix potential NULL pointer dereference scsi: ufs: Fix regulator load and icc-level configuration scsi: ufs: Avoid configuring regulator with undefined voltage range arm64: cpu_ops: fix a leaked reference by adding missing of_node_put x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP x86/uaccess, signal: Fix AC=1 bloat x86/ia32: Fix ia32_restore_sigcontext() AC leak chardev: add additional check for minor range overlap RDMA/hns: Fix bad endianess of port_pd variable HID: core: move Usage Page concatenation to Main item ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put cxgb3/l2t: Fix undefined behaviour HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent spi: tegra114: reset controller on probe kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice. media: video-mux: fix null pointer dereferences media: wl128x: prevent two potential buffer overflows scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check virtio_console: initialize vtermno value for ports tty: ipwireless: fix missing checks for ioremap x86/mce: Fix machine_check_poll() tests for error types rcutorture: Fix cleanup path for invalid torture_type strings rcuperf: Fix cleanup path for invalid perf_type strings usb: core: Add PM runtime calls to usb_hcd_platform_shutdown scsi: qla4xxx: avoid freeing unallocated dma memory batman-adv: allow updating DAT entry timeouts on incoming ARP Replies dmaengine: tegra210-adma: use devm_clk_*() helpers hwrng: omap - Set default quality thunderbolt: Fix to check for kmemdup failure media: m88ds3103: serialize reset messages in m88ds3103_set_frontend media: vimc: stream: fix thread state before sleep media: go7007: avoid clang frame overflow warning with KASAN media: vimc: zero the media_device on probe scsi: lpfc: Fix FDMI manufacturer attribute value scsi: lpfc: Fix fc4type information for FDMI media: saa7146: avoid high stack usage with clang scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices spi : spi-topcliff-pch: Fix to handle empty DMA buffers spi: rspi: Fix sequencer reset during initialization spi: Fix zero length xfer bug ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM drm/drv: Hold ref on parent device during drm_device lifetime drm: Wake up next in drm_read() chain if we are forced to putback the event vfio-ccw: Prevent quiesce function going into an infinite loop NFS: Fix a double unlock from nfs_match,get_client Linux 4.14.123 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
William Tu
|
1d629bf9b5 |
net: erspan: fix use-after-free
commit b423d13c08a656c719fa56324a8f4279c835d90c upstream. When building the erspan header for either v1 or v2, the eth_hdr() does not point to the right inner packet's eth_hdr, causing kasan report use-after-free and slab-out-of-bouds read. The patch fixes the following syzkaller issues: [1] BUG: KASAN: slab-out-of-bounds in erspan_xmit+0x22d4/0x2430 net/ipv4/ip_gre.c:735 [2] BUG: KASAN: slab-out-of-bounds in erspan_build_header+0x3bf/0x3d0 net/ipv4/ip_gre.c:698 [3] BUG: KASAN: use-after-free in erspan_xmit+0x22d4/0x2430 net/ipv4/ip_gre.c:735 [4] BUG: KASAN: use-after-free in erspan_build_header+0x3bf/0x3d0 net/ipv4/ip_gre.c:698 [2] CPU: 0 PID: 3654 Comm: syzkaller377964 Not tainted 4.15.0-rc9+ #185 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x194/0x257 lib/dump_stack.c:53 print_address_description+0x73/0x250 mm/kasan/report.c:252 kasan_report_error mm/kasan/report.c:351 [inline] kasan_report+0x25b/0x340 mm/kasan/report.c:409 __asan_report_load_n_noabort+0xf/0x20 mm/kasan/report.c:440 erspan_build_header+0x3bf/0x3d0 net/ipv4/ip_gre.c:698 erspan_xmit+0x3b8/0x13b0 net/ipv4/ip_gre.c:740 __netdev_start_xmit include/linux/netdevice.h:4042 [inline] netdev_start_xmit include/linux/netdevice.h:4051 [inline] packet_direct_xmit+0x315/0x6b0 net/packet/af_packet.c:266 packet_snd net/packet/af_packet.c:2943 [inline] packet_sendmsg+0x3aed/0x60b0 net/packet/af_packet.c:2968 sock_sendmsg_nosec net/socket.c:638 [inline] sock_sendmsg+0xca/0x110 net/socket.c:648 SYSC_sendto+0x361/0x5c0 net/socket.c:1729 SyS_sendto+0x40/0x50 net/socket.c:1697 do_syscall_32_irqs_on arch/x86/entry/common.c:327 [inline] do_fast_syscall_32+0x3ee/0xf9d arch/x86/entry/common.c:389 entry_SYSENTER_compat+0x54/0x63 arch/x86/entry/entry_64_compat.S:129 RIP: 0023:0xf7fcfc79 RSP: 002b:00000000ffc6976c EFLAGS: 00000286 ORIG_RAX: 0000000000000171 RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000020011000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020008000 RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 Fixes: f551c91de262 ("net: erspan: introduce erspan v2 for ip_gre") Fixes: 84e54fe0a5ea ("gre: introduce native tunnel support for ERSPAN") Reported-by: syzbot+9723f2d288e49b492cf0@syzkaller.appspotmail.com Reported-by: syzbot+f0ddeb2b032a8e1d9098@syzkaller.appspotmail.com Reported-by: syzbot+f14b3703cd8d7670203f@syzkaller.appspotmail.com Reported-by: syzbot+eefa384efad8d7997f20@syzkaller.appspotmail.com Signed-off-by: William Tu <u9012063@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Christoph Paasch <cpaasch@apple.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
e1f55b4c09 |
This is the 4.14.122 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzpbIIACgkQONu9yGCS aT7bGhAAs0CR9GnL3sgl9AlMJ3SHGMnWA+KVt3KCPnIJMMz7QNJrhAUxpg/vBN3l UqOGey7+T4l8KYXzVZyO1Fd9qyQ+qZSr25V/U9FmqboKLxtaG44/R9S8UfhwaWXg RHlWdWc8gwrIcIsXlN+DmDfC3xGvCSC8M2Fh3xXtBR8agK4B06cuCKIFkwBKuOxI zR9WLvGb1Ytletr4ev8yISzEPS8EKPra0Reh6k3cKB8SvVPB5mKfwu7t/7Vqf8/3 HcXvwEXeiz8JTEciWB6ThSNRZ9oWd41jfVAvQb1zLGXaQmAFVve5Q0IOqLkMXIzw RA6p2nsRIGKsZw6LdBz3lmNqOIBgBLS5rmwIUju7BdoVHqVYzBTIz7oEBI0V4xXe XdNexC7IIWGwKcYcWxCIqzSE5JU4dwbYLktZFvqibE7IyslhN2d54Zz/dFycG5YM 6RM1HdEUmJ6lwxXWUCcpCJnObOvhQwCaP5QpCjak/XZvaIJubGhunePOnNbnzUz/ JfWXWEJ+64dv3ZxzqvpZYEb8iBPUMqcavmrIF8lWoKlwcOtnGpWnYzh+kgANw5jF XDij9Riq+9b79fQa0CXKaDik75pNkYucPLTkATBX/mROEHb1mIoxR1Z7Bil6PPiR yUNOfhPBZJ5FcM4eCfTRO3yFuJedfBEyFLnlNtNedM/W8dqu4/0= =3Yy7 -----END PGP SIGNATURE----- Merge 4.14.122 into android-4.14-q Changes in 4.14.122 net: avoid weird emergency message net/mlx4_core: Change the error print to info print net: test nouarg before dereferencing zerocopy pointers net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions ppp: deflate: Fix possible crash in deflate_init tipc: switch order of device registration to fix a crash vsock/virtio: free packets during the socket release tipc: fix modprobe tipc failed after switch order of device registration vsock/virtio: Initialize core virtio vsock before registering the driver net: Always descend into dsa/ parisc: Export running_on_qemu symbol for modules parisc: Skip registering LED when running in QEMU parisc: Use PA_ASM_LEVEL in boot code parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code stm class: Fix channel free in stm output free path md: add mddev->pers to avoid potential NULL pointer dereference intel_th: msu: Fix single mode with IOMMU p54: drop device reference count if fails to enable device of: fix clang -Wunsequenced for be32_to_cpu() cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() media: ov6650: Fix sensor possibly not detected on probe Revert "cifs: fix memory leak in SMB2_read" NFS4: Fix v4.0 client state corruption when mount PNFS fallback to MDS if no deviceid found clk: hi3660: Mark clk_gate_ufs_subsys as critical clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider clk: rockchip: fix wrong clock definitions for rk3328 fuse: fix writepages on 32bit fuse: honor RLIMIT_FSIZE in fuse_file_fallocate iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 ceph: flush dirty inodes before proceeding with remount x86_64: Add gap to int3 to allow for call emulation x86_64: Allow breakpoints to emulate call instructions ftrace/x86_64: Emulate call function while updating in breakpoint handler tracing: Fix partial reading of trace event's id file memory: tegra: Fix integer overflow on tick value calculation perf intel-pt: Fix instructions sampling rate perf intel-pt: Fix improved sample timestamp perf intel-pt: Fix sample timestamp wrt non-taken branches objtool: Allow AR to be overridden with HOSTAR fbdev: sm712fb: fix brightness control on reboot, don't set SR30 fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM fbdev: sm712fb: fix support for 1024x768-16 mode fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken PCI: Mark Atheros AR9462 to avoid bus reset PCI: Factor out pcie_retrain_link() function PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum dm cache metadata: Fix loading discard bitset dm zoned: Fix zone report handling dm delay: fix a crash when invalid device is specified xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module vti4: ipip tunnel deregistration fixes. esp4: add length check for UDP encapsulation xfrm4: Fix uninitialized memory read in _decode_session4 power: supply: cpcap-battery: Fix division by zero securityfs: fix use-after-free on symlink traversal apparmorfs: fix use-after-free on symlink traversal mac80211: Fix kernel panic due to use of txq after free KVM: arm/arm64: Ensure vcpu target is unset on reset failure power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() sched/cpufreq: Fix kobject memleak x86/mm/mem_encrypt: Disable all instrumentation for early SME setup ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour perf bench numa: Add define for RUSAGE_THREAD if not present Revert "Don't jump to compute_result state from check_result state" md/raid: raid5 preserve the writeback action after the parity check driver core: Postpone DMA tear-down until after devres release for probe failure bpf: add map_lookup_elem_sys_only for lookups from syscall side bpf, lru: avoid messing with eviction heuristics upon syscall lookup btrfs: Honour FITRIM range constraints during free space trim fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough Linux 4.14.122 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
fd9e32a025 |
This is the 4.14.122 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzpbIIACgkQONu9yGCS aT7bGhAAs0CR9GnL3sgl9AlMJ3SHGMnWA+KVt3KCPnIJMMz7QNJrhAUxpg/vBN3l UqOGey7+T4l8KYXzVZyO1Fd9qyQ+qZSr25V/U9FmqboKLxtaG44/R9S8UfhwaWXg RHlWdWc8gwrIcIsXlN+DmDfC3xGvCSC8M2Fh3xXtBR8agK4B06cuCKIFkwBKuOxI zR9WLvGb1Ytletr4ev8yISzEPS8EKPra0Reh6k3cKB8SvVPB5mKfwu7t/7Vqf8/3 HcXvwEXeiz8JTEciWB6ThSNRZ9oWd41jfVAvQb1zLGXaQmAFVve5Q0IOqLkMXIzw RA6p2nsRIGKsZw6LdBz3lmNqOIBgBLS5rmwIUju7BdoVHqVYzBTIz7oEBI0V4xXe XdNexC7IIWGwKcYcWxCIqzSE5JU4dwbYLktZFvqibE7IyslhN2d54Zz/dFycG5YM 6RM1HdEUmJ6lwxXWUCcpCJnObOvhQwCaP5QpCjak/XZvaIJubGhunePOnNbnzUz/ JfWXWEJ+64dv3ZxzqvpZYEb8iBPUMqcavmrIF8lWoKlwcOtnGpWnYzh+kgANw5jF XDij9Riq+9b79fQa0CXKaDik75pNkYucPLTkATBX/mROEHb1mIoxR1Z7Bil6PPiR yUNOfhPBZJ5FcM4eCfTRO3yFuJedfBEyFLnlNtNedM/W8dqu4/0= =3Yy7 -----END PGP SIGNATURE----- Merge 4.14.122 into android-4.14 Changes in 4.14.122 net: avoid weird emergency message net/mlx4_core: Change the error print to info print net: test nouarg before dereferencing zerocopy pointers net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions ppp: deflate: Fix possible crash in deflate_init tipc: switch order of device registration to fix a crash vsock/virtio: free packets during the socket release tipc: fix modprobe tipc failed after switch order of device registration vsock/virtio: Initialize core virtio vsock before registering the driver net: Always descend into dsa/ parisc: Export running_on_qemu symbol for modules parisc: Skip registering LED when running in QEMU parisc: Use PA_ASM_LEVEL in boot code parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code stm class: Fix channel free in stm output free path md: add mddev->pers to avoid potential NULL pointer dereference intel_th: msu: Fix single mode with IOMMU p54: drop device reference count if fails to enable device of: fix clang -Wunsequenced for be32_to_cpu() cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level() media: ov6650: Fix sensor possibly not detected on probe Revert "cifs: fix memory leak in SMB2_read" NFS4: Fix v4.0 client state corruption when mount PNFS fallback to MDS if no deviceid found clk: hi3660: Mark clk_gate_ufs_subsys as critical clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider clk: rockchip: fix wrong clock definitions for rk3328 fuse: fix writepages on 32bit fuse: honor RLIMIT_FSIZE in fuse_file_fallocate iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114 ceph: flush dirty inodes before proceeding with remount x86_64: Add gap to int3 to allow for call emulation x86_64: Allow breakpoints to emulate call instructions ftrace/x86_64: Emulate call function while updating in breakpoint handler tracing: Fix partial reading of trace event's id file memory: tegra: Fix integer overflow on tick value calculation perf intel-pt: Fix instructions sampling rate perf intel-pt: Fix improved sample timestamp perf intel-pt: Fix sample timestamp wrt non-taken branches objtool: Allow AR to be overridden with HOSTAR fbdev: sm712fb: fix brightness control on reboot, don't set SR30 fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75 fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM fbdev: sm712fb: fix support for 1024x768-16 mode fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken PCI: Mark Atheros AR9462 to avoid bus reset PCI: Factor out pcie_retrain_link() function PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum dm cache metadata: Fix loading discard bitset dm zoned: Fix zone report handling dm delay: fix a crash when invalid device is specified xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module vti4: ipip tunnel deregistration fixes. esp4: add length check for UDP encapsulation xfrm4: Fix uninitialized memory read in _decode_session4 power: supply: cpcap-battery: Fix division by zero securityfs: fix use-after-free on symlink traversal apparmorfs: fix use-after-free on symlink traversal mac80211: Fix kernel panic due to use of txq after free KVM: arm/arm64: Ensure vcpu target is unset on reset failure power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb() sched/cpufreq: Fix kobject memleak x86/mm/mem_encrypt: Disable all instrumentation for early SME setup ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour perf bench numa: Add define for RUSAGE_THREAD if not present Revert "Don't jump to compute_result state from check_result state" md/raid: raid5 preserve the writeback action after the parity check driver core: Postpone DMA tear-down until after devres release for probe failure bpf: add map_lookup_elem_sys_only for lookups from syscall side bpf, lru: avoid messing with eviction heuristics upon syscall lookup btrfs: Honour FITRIM range constraints during free space trim fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough Linux 4.14.122 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Steffen Klassert
|
d569023171 |
xfrm4: Fix uninitialized memory read in _decode_session4
[ Upstream commit 8742dc86d0c7a9628117a989c11f04a9b6b898f3 ]
We currently don't reload pointers pointing into skb header
after doing pskb_may_pull() in _decode_session4(). So in case
pskb_may_pull() changed the pointers, we read from random
memory. Fix this by putting all the needed infos on the
stack, so that we don't need to access the header pointers
after doing pskb_may_pull().
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
Sabrina Dubroca
|
cb7adeca5d |
esp4: add length check for UDP encapsulation
[ Upstream commit 8dfb4eba4100e7cdd161a8baef2d8d61b7a7e62e ] esp_output_udp_encap can produce a length that doesn't fit in the 16 bits of a UDP header's length field. In that case, we'll send a fragmented packet whose length is larger than IP_MAX_MTU (resulting in "Oversized IP packet" warnings on receive) and with a bogus UDP length. To prevent this, add a length check to esp_output_udp_encap and return -EMSGSIZE on failure. This seems to be older than git history. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Jeremy Sowden
|
e2f610b39d |
vti4: ipip tunnel deregistration fixes.
[ Upstream commit 5483844c3fc18474de29f5d6733003526e0a9f78 ]
If tunnel registration failed during module initialization, the module
would fail to deregister the IPPROTO_COMP protocol and would attempt to
deregister the tunnel.
The tunnel was not deregistered during module-exit.
Fixes: dd9ee3444014e ("vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
03a01b78a7 |
This is the 4.14.120 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzdoQwACgkQONu9yGCS
aT5uuQ/9EzGk9z2eFEE8pdp9KIUqC3uTDTymR6qIHBQ26PBY+1wXa60yhd0qCLVi
lycHCEE2PUn6b/5cMLmBoFr8JhM5fHHOSNY9Vi5WDm2vKGNKJ6TRE1HHjxAkXqFk
IZUk839X5b2JUYBUJfmH3gcvUGrtaIJv0Nnd/dgCAn9r2Nb0yRljKPy1PY7Gd1hS
ASE1WOvEIAZD+FESKpbnrT0W4st/AEe0hpBYCxUmPGF2q/v0ErzOKASVMtvA5zM2
xRPGAWOI9eRIbWEU1KLaI9ALEkqUnzKRsCTEmVwZSoCIaf3TmeCUd117vl3dn0IA
l/OqdNYpn2Ogx/nEYZ+duTq39QKDNkn3/y4ZHK22z2BwSrh6EFiRyOUEzgzvq8Jx
SVthwsLAjVE0Dlc/CEqnTxEvTq0yvVDxlbC9coSgcMDyEKy2FCXGvi61QpIQnla4
F89cqXZ/Rmt99OZh/rmXzqr/WuxUYdGF10gHe7gIKWoYu2TwBGW9z6pqGNfyT/h3
wKAbUYXKjDtTt0WHMAzuT6PZzg982CLIvtnE8OcpHs2DOI4LNGsyGEPmNmv/W4iR
0cf1N0Fx07JHUATNQoMcKVEUKJpMqm95jozsmDDYEpavIHPpe2J5QyMW3OuLXd+U
AeQhG4xwPH4/mNXbMWDqeCyFFidWSK/Ezct7iSUFE7vxFYcFrco=
=n2qf
-----END PGP SIGNATURE-----
Merge 4.14.120 into android-4.14-q
Changes in 4.14.120
netfilter: compat: initialize all fields in xt_init
platform/x86: sony-laptop: Fix unintentional fall-through
platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
kernfs: fix barrier usage in __kernfs_new_node()
USB: serial: fix unthrottle races
iio: adc: xilinx: fix potential use-after-free on remove
libnvdimm/namespace: Fix a potential NULL pointer dereference
HID: input: add mapping for Expose/Overview key
HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
HID: input: add mapping for "Toggle Display" key
libnvdimm/btt: Fix a kmemdup failure check
s390/dasd: Fix capacity calculation for large volumes
mac80211: fix unaligned access in mesh table hash function
mac80211: Increase MAX_MSG_LEN
mac80211: fix memory accounting with A-MSDU aggregation
nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
s390/3270: fix lockdep false positive on view->lock
clocksource/drivers/oxnas: Fix OX820 compatible
mISDN: Check address length before reading address family
s390/pkey: add one more argument space for debug feature entry
x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
KVM: fix spectrev1 gadgets
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
tools lib traceevent: Fix missing equality check for strcmp
mm: fix inactive list balancing between NUMA nodes and cgroups
init: initialize jump labels before command line option parsing
selftests: netfilter: check icmp pkttoobig errors are set as related
ipvs: do not schedule icmp errors from tunnels
netfilter: ctnetlink: don't use conntrack/expect object addresses as id
MIPS: perf: ath79: Fix perfcount IRQ assignment
s390: ctcm: fix ctcm_new_device error return code
drm/sun4i: Set device driver data at bind time for use in unbind
selftests/net: correct the return value for run_netsocktests
gpu: ipu-v3: dp: fix CSC handling
drm/imx: don't skip DP channel disable for background plane
spi: Micrel eth switch: declare missing of table
spi: ST ST95HF NFC: declare missing of table
Input: synaptics-rmi4 - fix possible double free
sparc64: Export __node_distance.
sparc64: Make corrupted user stacks more debuggable.
MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit
bcache: correct dirty data statistics
ACPICA: AML interpreter: add region addresses in global list during initialization
IB/rxe: Revise the ib_wr_opcode enum
ima: open a new file instance if no read permissions
KVM: arm/arm64: Ensure only THP is candidate for adjustment
media: cec: make cec_get_edid_spa_location() an inline function
media: cec: integrate cec_validate_phys_addr() in cec-api.c
media: adv7604: when the EDID is cleared, unconfigure CEC as well
media: adv7842: when the EDID is cleared, unconfigure CEC as well
fuse: fix possibly missed wake-up after abort
drm/i915: Disable LP3 watermarks on all SNB machines
media: ov5640: fix wrong binning value in exposure calculation
media: ov5640: fix auto controls values when switching to manual mode
net: don't keep lonely packets forever in the gro hash
tracing/fgraph: Fix set_graph_function from showing interrupts
drm/i915: Downgrade Gen9 Plane WM latency error
scsi: raid_attrs: fix unused variable warning
staging: olpc_dcon: add a missing dependency
net: stmmac: Move debugfs init/exit to ->probe()/->remove()
Btrfs: fix missing delayed iputs on unmount
x86/vdso: Pass --eh-frame-hdr to the linker
mm: introduce mm_[p4d|pud|pmd]_folded
arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible
powerpc: remove old GCC version checks
leds: pwm: silently error out on EPROBE_DEFER
drm/rockchip: psr: do not dereference encoder before it is null checked.
RDMA/vmw_pvrdma: Return the correct opcode when creating WR
arm64: dts: marvell: armada-ap806: reserve PSCI area
vt: always call notifier with the console lock held
devres: Align data[] to ARCH_KMALLOC_MINALIGN
xtensa: xtfpga.dtsi: fix dtc warnings about SPI
net_sched: fix two more memory leaks in cls_tcindex
gtp: change NET_UDP_TUNNEL dependency to select
ACPICA: Namespace: remove address node from global list after method termination
Input: elan_i2c - add hardware ID for multiple Lenovo laptops
netfilter: nf_tables: warn when expr implements only one of activate/deactivate
drm/rockchip: fix for mailbox read validation.
cifs: fix memory leak in SMB2_read
x86/fpu: Don't export __kernel_fpu_{begin,end}()
net: hns: Fix WARNING when hns modules installed
mm/memory.c: fix modifying of page protection by insert_pfn()
net: fec: manage ahb clock in runtime pm
mlxsw: spectrum_switchdev: Add MDB entries in prepare phase
mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue
NFC: nci: Add some bounds checking in nci_hci_cmd_received()
nfc: nci: Potential off by one in ->pipes[] array
x86/kprobes: Avoid kretprobe recursion bug
cw1200: fix missing unlock on error in cw1200_hw_scan()
mwl8k: Fix rate_idx underflow
rtlwifi: rtl8723ae: Fix missing break in switch statement
Don't jump to compute_result state from check_result state
powerpc/64s: Include cpu header
bonding: fix arp_validate toggling in active-backup mode
bridge: Fix error path for kobject_init_and_add()
dpaa_eth: fix SG frame cleanup
fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied
ipv4: Fix raw socket lookup for local traffic
net: dsa: Fix error cleanup path in dsa_init_module
net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
net: seeq: fix crash caused by not set dev.parent
net: ucc_geth - fix Oops when changing number of buffers in the ring
packet: Fix error path in packet_init
vlan: disable SIOCSHWTSTAMP in container
vrf: sit mtu should not be updated when vrf netdev is the link
tipc: fix hanging clients using poll with EPOLLOUT flag
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
powerpc/powernv/idle: Restore IAMR after idle
powerpc/booke64: set RI in default MSR
s390/speculation: Fix build error caused by bad backport
Linux 4.14.120
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
eeb46d84ec |
This is the 4.14.120 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzdoQwACgkQONu9yGCS
aT5uuQ/9EzGk9z2eFEE8pdp9KIUqC3uTDTymR6qIHBQ26PBY+1wXa60yhd0qCLVi
lycHCEE2PUn6b/5cMLmBoFr8JhM5fHHOSNY9Vi5WDm2vKGNKJ6TRE1HHjxAkXqFk
IZUk839X5b2JUYBUJfmH3gcvUGrtaIJv0Nnd/dgCAn9r2Nb0yRljKPy1PY7Gd1hS
ASE1WOvEIAZD+FESKpbnrT0W4st/AEe0hpBYCxUmPGF2q/v0ErzOKASVMtvA5zM2
xRPGAWOI9eRIbWEU1KLaI9ALEkqUnzKRsCTEmVwZSoCIaf3TmeCUd117vl3dn0IA
l/OqdNYpn2Ogx/nEYZ+duTq39QKDNkn3/y4ZHK22z2BwSrh6EFiRyOUEzgzvq8Jx
SVthwsLAjVE0Dlc/CEqnTxEvTq0yvVDxlbC9coSgcMDyEKy2FCXGvi61QpIQnla4
F89cqXZ/Rmt99OZh/rmXzqr/WuxUYdGF10gHe7gIKWoYu2TwBGW9z6pqGNfyT/h3
wKAbUYXKjDtTt0WHMAzuT6PZzg982CLIvtnE8OcpHs2DOI4LNGsyGEPmNmv/W4iR
0cf1N0Fx07JHUATNQoMcKVEUKJpMqm95jozsmDDYEpavIHPpe2J5QyMW3OuLXd+U
AeQhG4xwPH4/mNXbMWDqeCyFFidWSK/Ezct7iSUFE7vxFYcFrco=
=n2qf
-----END PGP SIGNATURE-----
Merge 4.14.120 into android-4.14
Changes in 4.14.120
netfilter: compat: initialize all fields in xt_init
platform/x86: sony-laptop: Fix unintentional fall-through
platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
kernfs: fix barrier usage in __kernfs_new_node()
USB: serial: fix unthrottle races
iio: adc: xilinx: fix potential use-after-free on remove
libnvdimm/namespace: Fix a potential NULL pointer dereference
HID: input: add mapping for Expose/Overview key
HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys
HID: input: add mapping for "Toggle Display" key
libnvdimm/btt: Fix a kmemdup failure check
s390/dasd: Fix capacity calculation for large volumes
mac80211: fix unaligned access in mesh table hash function
mac80211: Increase MAX_MSG_LEN
mac80211: fix memory accounting with A-MSDU aggregation
nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
s390/3270: fix lockdep false positive on view->lock
clocksource/drivers/oxnas: Fix OX820 compatible
mISDN: Check address length before reading address family
s390/pkey: add one more argument space for debug feature entry
x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T
KVM: fix spectrev1 gadgets
KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing
tools lib traceevent: Fix missing equality check for strcmp
mm: fix inactive list balancing between NUMA nodes and cgroups
init: initialize jump labels before command line option parsing
selftests: netfilter: check icmp pkttoobig errors are set as related
ipvs: do not schedule icmp errors from tunnels
netfilter: ctnetlink: don't use conntrack/expect object addresses as id
MIPS: perf: ath79: Fix perfcount IRQ assignment
s390: ctcm: fix ctcm_new_device error return code
drm/sun4i: Set device driver data at bind time for use in unbind
selftests/net: correct the return value for run_netsocktests
gpu: ipu-v3: dp: fix CSC handling
drm/imx: don't skip DP channel disable for background plane
spi: Micrel eth switch: declare missing of table
spi: ST ST95HF NFC: declare missing of table
Input: synaptics-rmi4 - fix possible double free
sparc64: Export __node_distance.
sparc64: Make corrupted user stacks more debuggable.
MIPS: VDSO: Reduce VDSO_RANDOMIZE_SIZE to 64MB for 64bit
bcache: correct dirty data statistics
ACPICA: AML interpreter: add region addresses in global list during initialization
IB/rxe: Revise the ib_wr_opcode enum
ima: open a new file instance if no read permissions
KVM: arm/arm64: Ensure only THP is candidate for adjustment
media: cec: make cec_get_edid_spa_location() an inline function
media: cec: integrate cec_validate_phys_addr() in cec-api.c
media: adv7604: when the EDID is cleared, unconfigure CEC as well
media: adv7842: when the EDID is cleared, unconfigure CEC as well
fuse: fix possibly missed wake-up after abort
drm/i915: Disable LP3 watermarks on all SNB machines
media: ov5640: fix wrong binning value in exposure calculation
media: ov5640: fix auto controls values when switching to manual mode
net: don't keep lonely packets forever in the gro hash
tracing/fgraph: Fix set_graph_function from showing interrupts
drm/i915: Downgrade Gen9 Plane WM latency error
scsi: raid_attrs: fix unused variable warning
staging: olpc_dcon: add a missing dependency
net: stmmac: Move debugfs init/exit to ->probe()/->remove()
Btrfs: fix missing delayed iputs on unmount
x86/vdso: Pass --eh-frame-hdr to the linker
mm: introduce mm_[p4d|pud|pmd]_folded
arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible
powerpc: remove old GCC version checks
leds: pwm: silently error out on EPROBE_DEFER
drm/rockchip: psr: do not dereference encoder before it is null checked.
RDMA/vmw_pvrdma: Return the correct opcode when creating WR
arm64: dts: marvell: armada-ap806: reserve PSCI area
vt: always call notifier with the console lock held
devres: Align data[] to ARCH_KMALLOC_MINALIGN
xtensa: xtfpga.dtsi: fix dtc warnings about SPI
net_sched: fix two more memory leaks in cls_tcindex
gtp: change NET_UDP_TUNNEL dependency to select
ACPICA: Namespace: remove address node from global list after method termination
Input: elan_i2c - add hardware ID for multiple Lenovo laptops
netfilter: nf_tables: warn when expr implements only one of activate/deactivate
drm/rockchip: fix for mailbox read validation.
cifs: fix memory leak in SMB2_read
x86/fpu: Don't export __kernel_fpu_{begin,end}()
net: hns: Fix WARNING when hns modules installed
mm/memory.c: fix modifying of page protection by insert_pfn()
net: fec: manage ahb clock in runtime pm
mlxsw: spectrum_switchdev: Add MDB entries in prepare phase
mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue
mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue
NFC: nci: Add some bounds checking in nci_hci_cmd_received()
nfc: nci: Potential off by one in ->pipes[] array
x86/kprobes: Avoid kretprobe recursion bug
cw1200: fix missing unlock on error in cw1200_hw_scan()
mwl8k: Fix rate_idx underflow
rtlwifi: rtl8723ae: Fix missing break in switch statement
Don't jump to compute_result state from check_result state
powerpc/64s: Include cpu header
bonding: fix arp_validate toggling in active-backup mode
bridge: Fix error path for kobject_init_and_add()
dpaa_eth: fix SG frame cleanup
fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied
ipv4: Fix raw socket lookup for local traffic
net: dsa: Fix error cleanup path in dsa_init_module
net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering
net: seeq: fix crash caused by not set dev.parent
net: ucc_geth - fix Oops when changing number of buffers in the ring
packet: Fix error path in packet_init
vlan: disable SIOCSHWTSTAMP in container
vrf: sit mtu should not be updated when vrf netdev is the link
tipc: fix hanging clients using poll with EPOLLOUT flag
drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl
drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
powerpc/powernv/idle: Restore IAMR after idle
powerpc/booke64: set RI in default MSR
s390/speculation: Fix build error caused by bad backport
Linux 4.14.120
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
David Ahern
|
4462659eb7 |
ipv4: Fix raw socket lookup for local traffic
[ Upstream commit 19e4e768064a87b073a4b4c138b55db70e0cfb9f ]
inet_iif should be used for the raw socket lookup. inet_iif considers
rt_iif which handles the case of local traffic.
As it stands, ping to a local address with the '-I <dev>' option fails
ever since ping was changed to use SO_BINDTODEVICE instead of
cmsg + IP_PKTINFO.
IPv6 works fine.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Blagovest Kolenichev
|
313f4c9c8f |
Merge android-4.14.109 (80571db) into msm-4.14
* refs/heads/tmp-80571db: Revert "ANDROID: input: keychord: Add keychord driver" Revert "ANDROID: input: keychord: log when keychord triggered" Revert "ANDROID: input: keychord: Fix a slab out-of-bounds read." Revert "ANDROID: input: keychord: Fix races in keychord_write." Revert "ANDROID: input: keychord: Fix for a memory leak in keychord." ANDROID: drop CONFIG_INPUT_KEYCHORD from cuttlefish UPSTREAM: filemap: add a comment about FAULT_FLAG_RETRY_NOWAIT behavior BACKPORT: filemap: drop the mmap_sem for all blocking operations BACKPORT: filemap: kill page_cache_read usage in filemap_fault UPSTREAM: filemap: pass vm_fault to the mmap ra helpers ANDROID: Remove Android paranoid check for socket creation BACKPORT: mm/debug.c: provide useful debugging information for VM_BUG UPSTREAM: x86/alternative: Print unadorned pointers UPSTREAM: trace_uprobe: Display correct offset in uprobe_events UPSTREAM: usercopy: Remove pointer from overflow report UPSTREAM: Do not hash userspace addresses in fault handlers UPSTREAM: mm/slab.c: do not hash pointers when debugging slab UPSTREAM: kasan: use %px to print addresses instead of %p UPSTREAM: vsprintf: add printk specifier %px UPSTREAM: printk: hash addresses printed with %p UPSTREAM: vsprintf: refactor %pK code out of pointer() UPSTREAM: docs: correct documentation for %pK ANDROID: binder: remove extra declaration left after backport FROMGIT: binder: fix BUG_ON found by selinux-testsuite Linux 4.14.109 ath10k: avoid possible string overflow power: supply: charger-manager: Fix incorrect return value pwm-backlight: Enable/disable the PWM before/after LCD enable toggle. sched/cpufreq/schedutil: Fix error path mutex unlock rtc: Fix overflow when converting time64_t to rtc_time PCI: endpoint: Use EPC's device in dma_alloc_coherent()/dma_free_coherent() PCI: designware-ep: Read-only registers need DBI_RO_WR_EN to be writable PCI: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits scsi: ufs: fix wrong command type of UTRD for UFSHCI v2.1 USB: core: only clean up what we allocated lib/int_sqrt: optimize small argument ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec ALSA: hda - Record the current power state before suspend/resume calls locking/lockdep: Add debug_locks check in __lock_downgrade() x86/unwind: Add hardcoded ORC entry for NULL x86/unwind: Handle NULL pointer calls better in frame unwinder netfilter: ebtables: remove BUGPRINT messages drm: Reorder set_property_atomic to avoid returning with an active ww_ctx Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() Bluetooth: hci_ldisc: Initialize hci_dev before open() Bluetooth: Fix decrementing reference count twice in releasing socket Bluetooth: hci_uart: Check if socket buffer is ERR_PTR in h4_recv_buf() media: v4l2-ctrls.c/uvc: zero v4l2_event ext4: brelse all indirect buffer in ext4_ind_remove_space() ext4: fix data corruption caused by unaligned direct AIO ext4: fix NULL pointer dereference while journal is aborted ALSA: x86: Fix runtime PM for hdmi-lpe-audio objtool: Move objtool_file struct off the stack perf probe: Fix getting the kernel map futex: Ensure that futex address is aligned in handle_futex_death() scsi: ibmvscsi: Fix empty event pool access during host removal scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton MIPS: Fix kernel crash for R6 in jump label branch function MIPS: Ensure ELF appended dtb is relocated mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction. udf: Fix crash on IO error during truncate libceph: wait for latest osdmap in ceph_monc_blacklist_add() iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE drm/vmwgfx: Don't double-free the mode stored in par->set_mode mmc: pxamci: fix enum type confusion ANDROID: dm-bow: Fix 32 bit compile errors ANDROID: Add dm-bow to cuttlefish configuration UPSTREAM: binder: fix handling of misaligned binder object UPSTREAM: binder: fix sparse issue in binder_alloc_selftest.c BACKPORT: binder: use userspace pointer as base of buffer space UPSTREAM: binder: fix kerneldoc header for struct binder_buffer BACKPORT: binder: remove user_buffer_offset UPSTREAM: binder: remove kernel vm_area for buffer space UPSTREAM: binder: avoid kernel vm_area for buffer fixups BACKPORT: binder: add function to copy binder object from buffer BACKPORT: binder: add functions to copy to/from binder buffers UPSTREAM: binder: create userspace-to-binder-buffer copy function ANDROID: dm-bow: backport to 4.14 ANDROID: dm-bow: Add dm-bow feature f2fs: set pin_file under CAP_SYS_ADMIN f2fs: fix to avoid deadlock in f2fs_read_inline_dir() f2fs: fix to adapt small inline xattr space in __find_inline_xattr() f2fs: fix to do sanity check with inode.i_inline_xattr_size f2fs: give some messages for inline_xattr_size f2fs: don't trigger read IO for beyond EOF page f2fs: fix to add refcount once page is tagged PG_private f2fs: remove wrong comment in f2fs_invalidate_page() f2fs: fix to use kvfree instead of kzfree f2fs: print more parameters in trace_f2fs_map_blocks f2fs: trace f2fs_ioc_shutdown f2fs: fix to avoid deadlock of atomic file operations f2fs: fix to dirty inode for i_mode recovery f2fs: give random value to i_generation f2fs: no need to take page lock in readdir f2fs: fix to update iostat correctly in IPU path f2fs: fix encrypted page memory leak f2fs: make fault injection covering __submit_flush_wait() f2fs: fix to retry fill_super only if recovery failed f2fs: silence VM_WARN_ON_ONCE in mempool_alloc f2fs: correct spelling mistake f2fs: fix wrong #endif f2fs: don't clear CP_QUOTA_NEED_FSCK_FLAG f2fs: don't allow negative ->write_io_size_bits f2fs: fix to check inline_xattr_size boundary correctly Revert "f2fs: fix to avoid deadlock of atomic file operations" Revert "f2fs: fix to check inline_xattr_size boundary correctly" f2fs: do not use mutex lock in atomic context f2fs: fix potential data inconsistence of checkpoint f2fs: fix to avoid deadlock of atomic file operations f2fs: fix to check inline_xattr_size boundary correctly f2fs: jump to label 'free_node_inode' when failing from d_make_root() f2fs: fix to document inline_xattr_size option f2fs: fix to data block override node segment by mistake f2fs: fix typos in code comments f2fs: use xattr_prefix to wrap up f2fs: sync filesystem after roll-forward recovery f2fs: flush quota blocks after turnning it off f2fs: avoid null pointer exception in dcc_info f2fs: don't wake up too frequently, if there is lots of IOs f2fs: try to keep CP_TRIMMED_FLAG after successful umount f2fs: add quick mode of checkpoint=disable for QA f2fs: run discard jobs when put_super f2fs: fix to set sbi dirty correctly f2fs: fix to initialize variable to avoid UBSAN/smatch warning f2fs: UBSAN: set boolean value iostat_enable correctly f2fs: add brackets for macros f2fs: check if file namelen exceeds max value f2fs: fix to trigger fsck if dirent.name_len is zero f2fs: no need to check return value of debugfs_create functions f2fs: export FS_NOCOW_FL flag to user f2fs: check inject_rate validity during configuring f2fs: remove set but not used variable 'err' f2fs: fix compile warnings: 'struct *' declared inside parameter list f2fs: change error code to -ENOMEM from -EINVAL Conflicts: drivers/md/Makefile mm/filemap.c net/ipv4/af_inet.c Change-Id: Id050d9a819404a8af08f83bf7fcc5c5536980fe9 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
070370f0ae |
Merge android-4.14.108 (4344de2) into msm-4.14
* refs/heads/tmp-4344de2: Linux 4.14.108 s390/setup: fix boot crash for machine without EDAT-1 KVM: nVMX: Ignore limit checks on VMX instructions using flat segments KVM: nVMX: Apply addr size mask to effective address for VMX instructions KVM: nVMX: Sign extend displacements of VMX instr's mem operands KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux KVM: x86/mmu: Detect MMIO generation wrap in any address space KVM: Call kvm_arch_memslots_updated() before updating memslots drm/radeon/evergreen_cs: fix missing break in switch statement media: imx: csi: Stop upstream before disabling IDMA channel media: imx: csi: Disable CSI immediately after last EOF media: vimc: Add vimc-streamer for stream control media: uvcvideo: Avoid NULL pointer dereference at the end of streaming media: imx: prpencvf: Stop upstream before disabling IDMA channel rcu: Do RCU GP kthread self-wakeup from softirq and interrupt tpm: Unify the send callback behaviour tpm/tpm_crb: Avoid unaligned reads in crb_recv() md: Fix failed allocation of md_register_thread perf intel-pt: Fix divide by zero when TSC is not available perf intel-pt: Fix overlap calculation for padding perf auxtrace: Define auxtrace record alignment perf intel-pt: Fix CYC timestamp calculation after OVF x86/unwind/orc: Fix ORC unwind table alignment bcache: never writeback a discard operation PM / wakeup: Rework wakeup source timer cancellation NFSv4.1: Reinitialise sequence results before retransmitting a request nfsd: fix wrong check in write_v4_end_grace() nfsd: fix memory corruption caused by readdir NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() NFS: Fix an I/O request leakage in nfs_do_recoalesce NFS: Fix I/O request leakages cpcap-charger: generate events for userspace dm integrity: limit the rate of error messages dm: fix to_sector() for 32bit arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 arm64: debug: Ensure debug handlers check triggering exception level arm64: Fix HCR.TGE status for NMI contexts ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify powerpc/traps: Fix the message printed when stack overflows powerpc/traps: fix recoverability of machine check handling on book3s/32 powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest powerpc/83xx: Also save/restore SPRG4-7 during suspend powerpc/powernv: Make opal log only readable by root powerpc/wii: properly disable use of BATs when requested. powerpc/32: Clear on-stack exception marker upon exception return security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock jbd2: fix compile warning when using JBUFFER_TRACE jbd2: clear dirty flag when revoking a buffer from an older transaction serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() serial: 8250_pci: Fix number of ports for ACCES serial cards serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO drm/i915: Relax mmap VMA check crypto: arm64/aes-neonbs - fix returning final keystream block i2c: tegra: fix maximum transfer size parport_pc: fix find_superio io compare code, should use equal test. intel_th: Don't reference unassigned outputs device property: Fix the length used in PROPERTY_ENTRY_STRING() kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv mm/vmalloc: fix size check for remap_vmalloc_range_partial() mm: hwpoison: fix thp split handing in soft_offline_in_use_page() nfit: acpi_nfit_ctl(): Check out_obj->type in the right place usb: chipidea: tegra: Fix missed ci_hdrc_remove_device() clk: ingenic: Fix doc of ingenic_cgu_div_info clk: ingenic: Fix round_rate misbehaving with non-integer dividers clk: clk-twl6040: Fix imprecise external abort for pdmclk clk: uniphier: Fix update register for CPU-gear ext2: Fix underflow in ext2_max_size() cxl: Wrap iterations over afu slices inside 'afu_list_lock' IB/hfi1: Close race condition on user context disable and close ext4: fix crash during online resizing ext4: add mask of ext4 flags to swap cpufreq: pxa2xx: remove incorrect __init annotation cpufreq: tegra124: add missing of_node_put() x86/kprobes: Prohibit probing on optprobe template code irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer crypto: pcbc - remove bogus memcpy()s with src == dest Btrfs: fix corruption reading shared and compressed extents after hole punching btrfs: ensure that a DUP or RAID1 block group has exactly two stripes Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl m68k: Add -ffreestanding to CFLAGS splice: don't merge into linked buffers fs/devpts: always delete dcache dentry-s in dput() scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock scsi: sd: Optimal I/O size should be a multiple of physical block size scsi: aacraid: Fix performance issue on logical drives scsi: virtio_scsi: don't send sc payload with tmfs s390/virtio: handle find on invalid queue gracefully s390/setup: fix early warning messages clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR regulator: s2mpa01: Fix step values for some LDOs regulator: max77620: Initialize values for DT properties regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 spi: pxa2xx: Setup maximum supported DMA transfer length spi: ti-qspi: Fix mmap read when more than one CS in use mmc: sdhci-esdhc-imx: fix HS400 timing issue ACPI / device_sysfs: Avoid OF modalias creation for removed device xen: fix dom0 boot on huge systems tracing: Do not free iter->trace in fail path of tracing_open_pipe() tracing: Use strncpy instead of memcpy for string keys in hist triggers CIFS: Fix read after write for files with read caching CIFS: Do not reset lease state to NONE on lease break crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling crypto: testmgr - skip crc32c context test for ahash algorithms crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails crypto: arm64/crct10dif - revert to C code for short inputs crypto: arm/crct10dif - revert to C code for short inputs fix cgroup_do_mount() handling of failure exits libnvdimm: Fix altmap reservation size calculation libnvdimm/pmem: Honor force_raw for legacy pmem regions libnvdimm, pfn: Fix over-trim in trim_pfn_device() libnvdimm/label: Clear 'updating' flag after label-set update stm class: Prevent division by zero media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() tmpfs: fix uninitialized return value in shmem_link net: set static variable an initial value in atl2_probe() nfp: bpf: fix ALU32 high bits clearance bug nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K net: thunderx: make CFG_DONE message to run through generic send-ack sequence mac80211_hwsim: propagate genlmsg_reply return code phonet: fix building with clang ARCv2: support manual regfile save on interrupts ARC: uacces: remove lp_start, lp_end from clobber list ARCv2: lib: memcpy: fix doing prefetchw outside of buffer ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN tmpfs: fix link accounting when a tmpfile is linked in net: marvell: mvneta: fix DMA debug warning arm64: Relax GIC version check during early boot qed: Fix iWARP syn packet mac address validation. ASoC: topology: free created components in tplg load error mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() qmi_wwan: apply SET_DTR quirk to Sierra WP7607 pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins net: systemport: Fix reception of BPDUs scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task keys: Fix dependency loop between construction record and auth key assoc_array: Fix shortcut creation af_key: unconditionally clone on broadcast ARM: 8824/1: fix a migrating irq bug when hotplug cpu esp: Skip TX bytes accounting when sending from a request socket clk: sunxi: A31: Fix wrong AHB gate number clk: sunxi-ng: v3s: Fix TCON reset de-assert bit Input: st-keyscan - fix potential zalloc NULL dereference auxdisplay: ht16k33: fix potential user-after-free on module unload i2c: bcm2835: Clear current buffer pointers and counts after a transfer i2c: cadence: Fix the hold bit setting net: hns: Fix object reference leaks in hns_dsaf_roce_reset() mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs Revert "mm: use early_pfn_to_nid in page_ext_init" mm/gup: fix gup_pmd_range() for dax NFS: Don't use page_file_mapping after removing the page floppy: check_events callback should not return a negative number ipvs: fix dependency on nf_defrag_ipv6 mac80211: Fix Tx aggregation session tear down with ITXQs Input: matrix_keypad - use flush_delayed_work() Input: ps2-gpio - flush TX work when closing port Input: cap11xx - switch to using set_brightness_blocking() ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized Input: pwm-vibra - stop regulator after disabling pwm, not before Input: pwm-vibra - prevent unbalanced regulator s390/dasd: fix using offset into zero size array error gpu: ipu-v3: Fix CSI offsets for imx53 drm/imx: imx-ldb: add missing of_node_puts gpu: ipu-v3: Fix i.MX51 CSI control registers offset drm/imx: ignore plane updates on disabled crtcs crypto: rockchip - update new iv to device in multiple operations crypto: rockchip - fix scatterlist nents error crypto: ahash - fix another early termination in hash walk crypto: caam - fixed handling of sg list stm class: Fix an endless loop in channel allocation iio: adc: exynos-adc: Fix NULL pointer exception on unbind ASoC: fsl_esai: fix register setting issue in RIGHT_J mode 9p/net: fix memory leak in p9_client_create 9p: use inode->i_lock to protect i_size_write() under 32-bit FROMLIST: psi: introduce psi monitor FROMLIST: refactor header includes to allow kthread.h inclusion in psi_types.h FROMLIST: psi: track changed states FROMLIST: psi: split update_stats into parts FROMLIST: psi: rename psi fields in preparation for psi trigger addition FROMLIST: psi: make psi_enable static FROMLIST: psi: introduce state_mask to represent stalled psi states ANDROID: cuttlefish_defconfig: Enable CONFIG_INPUT_MOUSEDEV ANDROID: cuttlefish_defconfig: Enable CONFIG_PSI BACKPORT: kernel: cgroup: add poll file operation BACKPORT: fs: kernfs: add poll file operation UPSTREAM: psi: avoid divide-by-zero crash inside virtual machines UPSTREAM: psi: clarify the Kconfig text for the default-disable option UPSTREAM: psi: fix aggregation idle shut-off UPSTREAM: psi: fix reference to kernel commandline enable UPSTREAM: psi: make disabling/enabling easier for vendor kernels UPSTREAM: kernel/sched/psi.c: simplify cgroup_move_task() BACKPORT: psi: cgroup support UPSTREAM: psi: pressure stall information for CPU, memory, and IO UPSTREAM: sched: introduce this_rq_lock_irq() UPSTREAM: sched: sched.h: make rq locking and clock functions available in stats.h UPSTREAM: sched: loadavg: make calc_load_n() public BACKPORT: sched: loadavg: consolidate LOAD_INT, LOAD_FRAC, CALC_LOAD UPSTREAM: delayacct: track delays from thrashing cache pages UPSTREAM: mm: workingset: tell cache transitions from workingset thrashing sched/fair: fix energy compute when a cluster is only a cpu core in multi-cluster system Conflicts: arch/arm/kernel/irq.c drivers/scsi/sd.c include/linux/sched.h include/uapi/linux/taskstats.h kernel/sched/Makefile sound/soc/soc-dapm.c Change-Id: I12ebb57a34da9101ee19458d7e1f96ecc769c39a Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
a9c0467f10 |
This is the 4.14.117 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzSZzYACgkQONu9yGCS aT5DQRAAkerBQJtIfamUTQvLOjpfHtDgGkfm4rI93sfBdU5vxO45yP04XiFwKXXU RTTc7wc9YKqVWuUnhcVHhvzkud5pBDICs+aNAiLjuopir7CbbOg3k/nTfFncEqfQ weClaKxfiPBP5a9vlh9LZzW8TixIT9+3Z7/gwuYLMhv4sq5CwCqe1ttFn/DKs9+t EsS5fKNsKgwc8YXK6t8L71kyeDA54TZp9T+yYUy53+4ijSvqGOIVGcK53awUzlhW 64G+nALSjWXnA7z5DFcyFL6hOv7SgShVBYvGd4HsyCSF23xX7MLg6gekP/BBfOeF XT2HiPxEiMaUkUFG21QTxNL27VJqUkiBgf58pO2GdxFc3y5zpwCZ80buG8tMtkKB EYzPKIHGH3VUyqlcNjyw3yVvJJS+Gg+Q8yd0WmZzu8NyDGDVHIOqw9yh2hJqQ+5g DRXEflnnzVQbzymsn4kRyi3uwBbHzdrnVX9uFLxBIKl+0VoE6pUOriwBsnl4OqaI CsS4XngoH94vUspKozxWfRq6Zzo45c/4WB/R2DxaQHYTyoksc4x5COOxkOrcPZEa EqOY63+GM7yiXp+GQHEA94ZwRTq0E544xRvgVtiktoWzZ2N28aNnA9x9/LCOXRFE qQy6/kU6ydDE9x1ioU1zwV+INFh2xTvY/tT0iEousd8tDLCQ5l0= =BZNt -----END PGP SIGNATURE----- Merge 4.14.117 into android-4.14-q Changes in 4.14.117 ALSA: line6: use dynamic buffers ipv4: ip_do_fragment: Preserve skb_iif during fragmentation ipv6/flowlabel: wait rcu grace period before put_pid() ipv6: invert flowlabel sharing check in process and user mode sctp: avoid running the sctp state machine recursively packet: validate msg_namelen in send directly bnxt_en: Improve multicast address setup logic. bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() rxrpc: Fix net namespace cleanup net: phy: marvell: Fix buffer overrun with stats counters net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc kasan: remove redundant initialization of variable 'real_size' kasan: prevent compiler from optimizing away memset in tests arm64: Fix single stepping in kernel traps arm64: only advance singlestep for user instruction traps caif: reduce stack size with KASAN ALSA: hda/realtek - Add new Dell platform for headset mode ALSA: hda/realtek - Fixed Dell AIO speaker noise USB: yurex: Fix protection fault after device removal USB: w1 ds2490: Fix bug caused by improper use of altsetting array usb: usbip: fix isoc packet num validation in get_pipe USB: core: Fix unterminated string returned by usb_string() USB: core: Fix bug caused by duplicate interface PM usage counter mm: do not stall register_shrinker() nvme-loop: init nvmet_ctrl fatal_err_work when allocate HID: logitech: check the return value of create_singlethread_workqueue HID: debug: fix race condition with between rdesc_show() and device removal rtc: sh: Fix invalid alarm warning for non-enabled alarm batman-adv: Reduce claim hash refcnt only for removed entry batman-adv: Reduce tt_local hash refcnt only for removed entry batman-adv: Reduce tt_global hash refcnt only for removed entry ARM: dts: rockchip: Fix gpu opp node names for rk3288 igb: Fix WARN_ONCE on runtime suspend net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands bonding: show full hw address in sysfs for slave entries net: stmmac: ratelimit RX error logs net: stmmac: don't overwrite discard_frame status net: stmmac: fix dropping of multi-descriptor RX frames net: stmmac: don't log oversized frames jffs2: fix use-after-free on symlink traversal debugfs: fix use-after-free on symlink traversal rtc: da9063: set uie_unsupported when relevant HID: input: add mapping for Assistant key vfio/pci: use correct format characters scsi: core: add new RDAC LENOVO/DE_Series device scsi: storvsc: Fix calculation of sub-channel count net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() net: hns: Use NAPI_POLL_WEIGHT for hns driver net: hns: Fix probabilistic memory overwrite when HNS driver initialized net: hns: fix ICMP6 neighbor solicitation messages discard problem net: hns: Fix WARNING when remove HNS driver with SMMU enabled kmemleak: powerpc: skip scanning holes in the .bss section hugetlbfs: fix memory leak for resv_map sh: fix multiple function definition build errors xsysace: Fix error handling in ace_setup ARM: orion: don't use using 64-bit DMA masks ARM: iop: don't use using 64-bit DMA masks perf/x86/amd: Update generic hardware cache events for Family 17h Bluetooth: btusb: request wake pin with NOAUTOEN staging: iio: adt7316: allow adt751x to use internal vref for all dacs staging: iio: adt7316: fix the dac read calculation staging: iio: adt7316: fix the dac write calculation scsi: RDMA/srpt: Fix a credit leak for aborted commands ASoC: stm32: fix sai driver name initialisation IB/core: Unregister notifier before freeing MAD security IB/core: Fix potential memory leak while creating MAD agents IB/core: Destroy QP if XRC QP fails Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Input: stmfts - acknowledge that setting brightness is a blocking call selinux: never allow relabeling on context mounts powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search x86/mce: Improve error message when kernel cannot recover, p2 clk: x86: Add system specific quirk to mark clocks as critical i2c: i2c-stm32f7: Fix SDADEL minimum formula media: v4l2: i2c: ov7670: Fix PLL bypass register values mm/kmemleak.c: fix unused-function warning Linux 4.14.117 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
74196c0ea4 |
This is the 4.14.117 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzSZzYACgkQONu9yGCS aT5DQRAAkerBQJtIfamUTQvLOjpfHtDgGkfm4rI93sfBdU5vxO45yP04XiFwKXXU RTTc7wc9YKqVWuUnhcVHhvzkud5pBDICs+aNAiLjuopir7CbbOg3k/nTfFncEqfQ weClaKxfiPBP5a9vlh9LZzW8TixIT9+3Z7/gwuYLMhv4sq5CwCqe1ttFn/DKs9+t EsS5fKNsKgwc8YXK6t8L71kyeDA54TZp9T+yYUy53+4ijSvqGOIVGcK53awUzlhW 64G+nALSjWXnA7z5DFcyFL6hOv7SgShVBYvGd4HsyCSF23xX7MLg6gekP/BBfOeF XT2HiPxEiMaUkUFG21QTxNL27VJqUkiBgf58pO2GdxFc3y5zpwCZ80buG8tMtkKB EYzPKIHGH3VUyqlcNjyw3yVvJJS+Gg+Q8yd0WmZzu8NyDGDVHIOqw9yh2hJqQ+5g DRXEflnnzVQbzymsn4kRyi3uwBbHzdrnVX9uFLxBIKl+0VoE6pUOriwBsnl4OqaI CsS4XngoH94vUspKozxWfRq6Zzo45c/4WB/R2DxaQHYTyoksc4x5COOxkOrcPZEa EqOY63+GM7yiXp+GQHEA94ZwRTq0E544xRvgVtiktoWzZ2N28aNnA9x9/LCOXRFE qQy6/kU6ydDE9x1ioU1zwV+INFh2xTvY/tT0iEousd8tDLCQ5l0= =BZNt -----END PGP SIGNATURE----- Merge 4.14.117 into android-4.14 Changes in 4.14.117 ALSA: line6: use dynamic buffers ipv4: ip_do_fragment: Preserve skb_iif during fragmentation ipv6/flowlabel: wait rcu grace period before put_pid() ipv6: invert flowlabel sharing check in process and user mode sctp: avoid running the sctp state machine recursively packet: validate msg_namelen in send directly bnxt_en: Improve multicast address setup logic. bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() rxrpc: Fix net namespace cleanup net: phy: marvell: Fix buffer overrun with stats counters net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc kasan: remove redundant initialization of variable 'real_size' kasan: prevent compiler from optimizing away memset in tests arm64: Fix single stepping in kernel traps arm64: only advance singlestep for user instruction traps caif: reduce stack size with KASAN ALSA: hda/realtek - Add new Dell platform for headset mode ALSA: hda/realtek - Fixed Dell AIO speaker noise USB: yurex: Fix protection fault after device removal USB: w1 ds2490: Fix bug caused by improper use of altsetting array usb: usbip: fix isoc packet num validation in get_pipe USB: core: Fix unterminated string returned by usb_string() USB: core: Fix bug caused by duplicate interface PM usage counter mm: do not stall register_shrinker() nvme-loop: init nvmet_ctrl fatal_err_work when allocate HID: logitech: check the return value of create_singlethread_workqueue HID: debug: fix race condition with between rdesc_show() and device removal rtc: sh: Fix invalid alarm warning for non-enabled alarm batman-adv: Reduce claim hash refcnt only for removed entry batman-adv: Reduce tt_local hash refcnt only for removed entry batman-adv: Reduce tt_global hash refcnt only for removed entry ARM: dts: rockchip: Fix gpu opp node names for rk3288 igb: Fix WARN_ONCE on runtime suspend net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands bonding: show full hw address in sysfs for slave entries net: stmmac: ratelimit RX error logs net: stmmac: don't overwrite discard_frame status net: stmmac: fix dropping of multi-descriptor RX frames net: stmmac: don't log oversized frames jffs2: fix use-after-free on symlink traversal debugfs: fix use-after-free on symlink traversal rtc: da9063: set uie_unsupported when relevant HID: input: add mapping for Assistant key vfio/pci: use correct format characters scsi: core: add new RDAC LENOVO/DE_Series device scsi: storvsc: Fix calculation of sub-channel count net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() net: hns: Use NAPI_POLL_WEIGHT for hns driver net: hns: Fix probabilistic memory overwrite when HNS driver initialized net: hns: fix ICMP6 neighbor solicitation messages discard problem net: hns: Fix WARNING when remove HNS driver with SMMU enabled kmemleak: powerpc: skip scanning holes in the .bss section hugetlbfs: fix memory leak for resv_map sh: fix multiple function definition build errors xsysace: Fix error handling in ace_setup ARM: orion: don't use using 64-bit DMA masks ARM: iop: don't use using 64-bit DMA masks perf/x86/amd: Update generic hardware cache events for Family 17h Bluetooth: btusb: request wake pin with NOAUTOEN staging: iio: adt7316: allow adt751x to use internal vref for all dacs staging: iio: adt7316: fix the dac read calculation staging: iio: adt7316: fix the dac write calculation scsi: RDMA/srpt: Fix a credit leak for aborted commands ASoC: stm32: fix sai driver name initialisation IB/core: Unregister notifier before freeing MAD security IB/core: Fix potential memory leak while creating MAD agents IB/core: Destroy QP if XRC QP fails Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Input: stmfts - acknowledge that setting brightness is a blocking call selinux: never allow relabeling on context mounts powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search x86/mce: Improve error message when kernel cannot recover, p2 clk: x86: Add system specific quirk to mark clocks as critical i2c: i2c-stm32f7: Fix SDADEL minimum formula media: v4l2: i2c: ov7670: Fix PLL bypass register values mm/kmemleak.c: fix unused-function warning Linux 4.14.117 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Shmulik Ladkani
|
b8ed071432 |
ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
[ Upstream commit d2f0c961148f65bc73eda72b9fa3a4e80973cb49 ] Previously, during fragmentation after forwarding, skb->skb_iif isn't preserved, i.e. 'ip_copy_metadata' does not copy skb_iif from given 'from' skb. As a result, ip_do_fragment's creates fragments with zero skb_iif, leading to inconsistent behavior. Assume for example an eBPF program attached at tc egress (post forwarding) that examines __sk_buff->ingress_ifindex: - the correct iif is observed if forwarding path does not involve fragmentation/refragmentation - a bogus iif is observed if forwarding path involves fragmentation/refragmentatiom Fix, by preserving skb_iif during 'ip_copy_metadata'. Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
626ab65fb5 |
This is the 4.14.115 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzKnvMACgkQONu9yGCS aT6vPRAAgy8sPwaOoETexGtsEaVVaZX2Yt20ekTuNbKHZKBJKXlq+pcfXawwotUE dr+/jRrpUrOD7Ta4y+qU+mKV3eS4FZ8bJaYvEOKkf/wSFG5sWF6pE7jmgnJ2lJVj SafR601YTCh2eZm+rLogqEF+lXZ9rNUCJlnO6q4APnpvuOGqX6kPaqTxDRK+Qfzz mkij3bnw43YAX5lkx9l2OzreNU5jlh2RSamrF0YrqoL01E/7IXYeAnxQl+Atmjmu pLWsWl/rdxVAnDPwpiZZZAEs3/DYpVtP1bcCH7tESLWICawajUsffn5/yVtwl1UW BKl0mFom7K9tZOhSxmf7kvK+Yq8p5AdyooIFVEfoObYMCZAyXarpnBiey4SeqqQU GRi6fLfMeXrk3ikkI3qGbClbjLhiGmUIyYWz0VI2mxf7+SRnOzHsxgILiaJHPQOn 4+6Y8n1XINMMOu6p0apVSZAAlKjnLsUX0gocTaRQsFTzY9Zqm+/hePe6x7Xm+h66 X4e9NAy/RxZog78aVxTihphAX6V5gbRgcYku+UvWTDoIB13XZ7qxcjyod3DiLvZT n3APkif2sC2ATFmJ3eRSLSitFQ2igIAfW3ob9GtdYb/13I7Zsh0K0FqH1icuKVVm VBsTtvNahCMMKXT/Z5hJOO2agXPprx0kGnn1J6vazh/Bs94QBLw= =tLin -----END PGP SIGNATURE----- Merge 4.14.115 into android-4.14-q Changes in 4.14.115 kbuild: simplify ld-option implementation cifs: do not attempt cifs operation on smb2+ rename error tracing: Fix a memory leak by early error exit in trace_pid_write() tracing: Fix buffer_ref pipe ops zram: pass down the bvec we need to read into in the work struct lib/Kconfig.debug: fix build error without CONFIG_BLOCK MIPS: scall64-o32: Fix indirect syscall number load trace: Fix preempt_enable_no_resched() abuse IB/rdmavt: Fix frwr memory registration sched/numa: Fix a possible divide-by-zero ceph: only use d_name directly when parent is locked ceph: ensure d_name stability in ceph_dentry_hash() ceph: fix ci->i_head_snapc leak nfsd: Don't release the callback slot unless it was actually held sunrpc: don't mark uninitialised items as VALID. Input: synaptics-rmi4 - write config register values to the right offset vfio/type1: Limit DMA mappings per container dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache drm/vc4: Fix memory leak during gpu reset. Revert "drm/i915/fbdev: Actually configure untiled displays" drm/vc4: Fix compilation error reported by kbuild test bot USB: Add new USB LPM helpers USB: Consolidate LPM checks to avoid enabling LPM twice ext4: fix some error pointer dereferences vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock tipc: handle the err returned from cmd header function slip: make slhc_free() silently accept an error pointer intel_th: gth: Fix an off-by-one in output unassigning fs/proc/proc_sysctl.c: Fix a NULL pointer dereference ipvs: fix warning on unused variable binder: fix handling of misaligned binder object sched/deadline: Correctly handle active 0-lag timers NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON fm10k: Fix a potential NULL pointer dereference tipc: check bearer name with right length in tipc_nl_compat_bearer_enable tipc: check link name with right length in tipc_nl_compat_link_set dm integrity: change memcmp to strncmp in dm_integrity_ctr x86, retpolines: Raise limit for generating indirect calls from switch-case x86/retpolines: Disable switch jump tables when retpolines are enabled mm: Fix warning in insert_pfn() Revert "block/loop: Use global lock for ioctl() operation." ipv4: add sanity checks in ipv4_link_failure() mlxsw: spectrum: Fix autoneg status in ethtool net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query net: rds: exchange of 8K and 1M pool net: stmmac: move stmmac_check_ether_addr() to driver probe stmmac: pci: Adjust IOT2000 matching team: fix possible recursive locking when add slaves net/rose: Convert timers to use timer_setup() net/rose: fix unbound loop in rose_loopback_timer() ipv4: set the tcp_min_rtt_wlen range from 0 to one day powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg Documentation: Add nospectre_v1 parameter Linux 4.14.115 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
b5123fd473 |
This is the 4.14.115 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzKnvMACgkQONu9yGCS aT6vPRAAgy8sPwaOoETexGtsEaVVaZX2Yt20ekTuNbKHZKBJKXlq+pcfXawwotUE dr+/jRrpUrOD7Ta4y+qU+mKV3eS4FZ8bJaYvEOKkf/wSFG5sWF6pE7jmgnJ2lJVj SafR601YTCh2eZm+rLogqEF+lXZ9rNUCJlnO6q4APnpvuOGqX6kPaqTxDRK+Qfzz mkij3bnw43YAX5lkx9l2OzreNU5jlh2RSamrF0YrqoL01E/7IXYeAnxQl+Atmjmu pLWsWl/rdxVAnDPwpiZZZAEs3/DYpVtP1bcCH7tESLWICawajUsffn5/yVtwl1UW BKl0mFom7K9tZOhSxmf7kvK+Yq8p5AdyooIFVEfoObYMCZAyXarpnBiey4SeqqQU GRi6fLfMeXrk3ikkI3qGbClbjLhiGmUIyYWz0VI2mxf7+SRnOzHsxgILiaJHPQOn 4+6Y8n1XINMMOu6p0apVSZAAlKjnLsUX0gocTaRQsFTzY9Zqm+/hePe6x7Xm+h66 X4e9NAy/RxZog78aVxTihphAX6V5gbRgcYku+UvWTDoIB13XZ7qxcjyod3DiLvZT n3APkif2sC2ATFmJ3eRSLSitFQ2igIAfW3ob9GtdYb/13I7Zsh0K0FqH1icuKVVm VBsTtvNahCMMKXT/Z5hJOO2agXPprx0kGnn1J6vazh/Bs94QBLw= =tLin -----END PGP SIGNATURE----- Merge 4.14.115 into android-4.14 Changes in 4.14.115 kbuild: simplify ld-option implementation cifs: do not attempt cifs operation on smb2+ rename error tracing: Fix a memory leak by early error exit in trace_pid_write() tracing: Fix buffer_ref pipe ops zram: pass down the bvec we need to read into in the work struct lib/Kconfig.debug: fix build error without CONFIG_BLOCK MIPS: scall64-o32: Fix indirect syscall number load trace: Fix preempt_enable_no_resched() abuse IB/rdmavt: Fix frwr memory registration sched/numa: Fix a possible divide-by-zero ceph: only use d_name directly when parent is locked ceph: ensure d_name stability in ceph_dentry_hash() ceph: fix ci->i_head_snapc leak nfsd: Don't release the callback slot unless it was actually held sunrpc: don't mark uninitialised items as VALID. Input: synaptics-rmi4 - write config register values to the right offset vfio/type1: Limit DMA mappings per container dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache drm/vc4: Fix memory leak during gpu reset. Revert "drm/i915/fbdev: Actually configure untiled displays" drm/vc4: Fix compilation error reported by kbuild test bot USB: Add new USB LPM helpers USB: Consolidate LPM checks to avoid enabling LPM twice ext4: fix some error pointer dereferences vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock tipc: handle the err returned from cmd header function slip: make slhc_free() silently accept an error pointer intel_th: gth: Fix an off-by-one in output unassigning fs/proc/proc_sysctl.c: Fix a NULL pointer dereference ipvs: fix warning on unused variable binder: fix handling of misaligned binder object sched/deadline: Correctly handle active 0-lag timers NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON fm10k: Fix a potential NULL pointer dereference tipc: check bearer name with right length in tipc_nl_compat_bearer_enable tipc: check link name with right length in tipc_nl_compat_link_set dm integrity: change memcmp to strncmp in dm_integrity_ctr x86, retpolines: Raise limit for generating indirect calls from switch-case x86/retpolines: Disable switch jump tables when retpolines are enabled mm: Fix warning in insert_pfn() Revert "block/loop: Use global lock for ioctl() operation." ipv4: add sanity checks in ipv4_link_failure() mlxsw: spectrum: Fix autoneg status in ethtool net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query net: rds: exchange of 8K and 1M pool net: stmmac: move stmmac_check_ether_addr() to driver probe stmmac: pci: Adjust IOT2000 matching team: fix possible recursive locking when add slaves net/rose: Convert timers to use timer_setup() net/rose: fix unbound loop in rose_loopback_timer() ipv4: set the tcp_min_rtt_wlen range from 0 to one day powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg Documentation: Add nospectre_v1 parameter Linux 4.14.115 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
ZhangXiaoxu
|
fd8e4afb28 |
ipv4: set the tcp_min_rtt_wlen range from 0 to one day
[ Upstream commit 19fad20d15a6494f47f85d869f00b11343ee5c78 ] There is a UBSAN report as below: UBSAN: Undefined behaviour in net/ipv4/tcp_input.c:2877:56 signed integer overflow: 2147483647 * 1000 cannot be represented in type 'int' CPU: 3 PID: 0 Comm: swapper/3 Not tainted 5.1.0-rc4-00058-g582549e #1 Call Trace: <IRQ> dump_stack+0x8c/0xba ubsan_epilogue+0x11/0x60 handle_overflow+0x12d/0x170 ? ttwu_do_wakeup+0x21/0x320 __ubsan_handle_mul_overflow+0x12/0x20 tcp_ack_update_rtt+0x76c/0x780 tcp_clean_rtx_queue+0x499/0x14d0 tcp_ack+0x69e/0x1240 ? __wake_up_sync_key+0x2c/0x50 ? update_group_capacity+0x50/0x680 tcp_rcv_established+0x4e2/0xe10 tcp_v4_do_rcv+0x22b/0x420 tcp_v4_rcv+0xfe8/0x1190 ip_protocol_deliver_rcu+0x36/0x180 ip_local_deliver+0x15b/0x1a0 ip_rcv+0xac/0xd0 __netif_receive_skb_one_core+0x7f/0xb0 __netif_receive_skb+0x33/0xc0 netif_receive_skb_internal+0x84/0x1c0 napi_gro_receive+0x2a0/0x300 receive_buf+0x3d4/0x2350 ? detach_buf_split+0x159/0x390 virtnet_poll+0x198/0x840 ? reweight_entity+0x243/0x4b0 net_rx_action+0x25c/0x770 __do_softirq+0x19b/0x66d irq_exit+0x1eb/0x230 do_IRQ+0x7a/0x150 common_interrupt+0xf/0xf </IRQ> It can be reproduced by: echo 2147483647 > /proc/sys/net/ipv4/tcp_min_rtt_wlen Fixes: f672258391b42 ("tcp: track min RTT using windowed min-filter") Signed-off-by: ZhangXiaoxu <zhangxiaoxu5@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
748ed75029 |
ipv4: add sanity checks in ipv4_link_failure()
[ Upstream commit 20ff83f10f113c88d0bb74589389b05250994c16 ] Before calling __ip_options_compile(), we need to ensure the network header is a an IPv4 one, and that it is already pulled in skb->head. RAW sockets going through a tunnel can end up calling ipv4_link_failure() with total garbage in the skb, or arbitrary lengthes. syzbot report : BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:355 [inline] BUG: KASAN: stack-out-of-bounds in __ip_options_echo+0x294/0x1120 net/ipv4/ip_options.c:123 Write of size 69 at addr ffff888096abf068 by task syz-executor.4/9204 CPU: 0 PID: 9204 Comm: syz-executor.4 Not tainted 5.1.0-rc5+ #77 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187 kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317 check_memory_region_inline mm/kasan/generic.c:185 [inline] check_memory_region+0x123/0x190 mm/kasan/generic.c:191 memcpy+0x38/0x50 mm/kasan/common.c:133 memcpy include/linux/string.h:355 [inline] __ip_options_echo+0x294/0x1120 net/ipv4/ip_options.c:123 __icmp_send+0x725/0x1400 net/ipv4/icmp.c:695 ipv4_link_failure+0x29f/0x550 net/ipv4/route.c:1204 dst_link_failure include/net/dst.h:427 [inline] vti6_xmit net/ipv6/ip6_vti.c:514 [inline] vti6_tnl_xmit+0x10d4/0x1c0c net/ipv6/ip6_vti.c:553 __netdev_start_xmit include/linux/netdevice.h:4414 [inline] netdev_start_xmit include/linux/netdevice.h:4423 [inline] xmit_one net/core/dev.c:3292 [inline] dev_hard_start_xmit+0x1b2/0x980 net/core/dev.c:3308 __dev_queue_xmit+0x271d/0x3060 net/core/dev.c:3878 dev_queue_xmit+0x18/0x20 net/core/dev.c:3911 neigh_direct_output+0x16/0x20 net/core/neighbour.c:1527 neigh_output include/net/neighbour.h:508 [inline] ip_finish_output2+0x949/0x1740 net/ipv4/ip_output.c:229 ip_finish_output+0x73c/0xd50 net/ipv4/ip_output.c:317 NF_HOOK_COND include/linux/netfilter.h:278 [inline] ip_output+0x21f/0x670 net/ipv4/ip_output.c:405 dst_output include/net/dst.h:444 [inline] NF_HOOK include/linux/netfilter.h:289 [inline] raw_send_hdrinc net/ipv4/raw.c:432 [inline] raw_sendmsg+0x1d2b/0x2f20 net/ipv4/raw.c:663 inet_sendmsg+0x147/0x5d0 net/ipv4/af_inet.c:798 sock_sendmsg_nosec net/socket.c:651 [inline] sock_sendmsg+0xdd/0x130 net/socket.c:661 sock_write_iter+0x27c/0x3e0 net/socket.c:988 call_write_iter include/linux/fs.h:1866 [inline] new_sync_write+0x4c7/0x760 fs/read_write.c:474 __vfs_write+0xe4/0x110 fs/read_write.c:487 vfs_write+0x20c/0x580 fs/read_write.c:549 ksys_write+0x14f/0x2d0 fs/read_write.c:599 __do_sys_write fs/read_write.c:611 [inline] __se_sys_write fs/read_write.c:608 [inline] __x64_sys_write+0x73/0xb0 fs/read_write.c:608 do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x458c29 Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f293b44bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 RDX: 0000000000000014 RSI: 00000000200002c0 RDI: 0000000000000003 RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f293b44c6d4 R13: 00000000004c8623 R14: 00000000004ded68 R15: 00000000ffffffff The buggy address belongs to the page: page:ffffea00025aafc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0 flags: 0x1fffc0000000000() raw: 01fffc0000000000 0000000000000000 ffffffff025a0101 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888096abef80: 00 00 00 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 f2 ffff888096abf000: f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 >ffff888096abf080: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 ^ ffff888096abf100: 00 00 00 00 f1 f1 f1 f1 00 00 f3 f3 00 00 00 00 ffff888096abf180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Fixes: ed0de45a1008 ("ipv4: recompile ip options in ipv4_link_failure") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Stephen Suryaputra <ssuryaextr@gmail.com> Acked-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
8448bfb4c9 |
This is the 4.14.114 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzEBk4ACgkQONu9yGCS aT7oPg/+LqGEp+af4Q2623Y5tzG+pV580Xzzeyu+ZulmfTiG8yylSCxtVKvzjlmf omeCYxZXCNDtOn1aWFWvM+cZlNC90gOem2Xm2P7KEx25QZflFFI+Uzt+7sKrLr1l v/6YOf2cjvfOAlYF6euI98Ja6+m+OWXhWDUQUEUbl0X8Of2pXW9opWsf13LKT/BT p9WpVjDN+pow1kGl1Sk4zu11LBZsN0PI5ZW64PTSG2AuSIMQ9pHZzxrGD7/vhQMC 50s2WsJxlIvuE3tmWDnpqfR0WjzaUk59hHrrBM9YLDlqjzFZNgD2ziRn0A0sfW1n us81cw6Wz+LcykK3D2qvIvhZkRkDVI7J6LQSzeNaBWl3AkEEjwYw3cSwD5jl5+xn cbTgaBjKursuBZU5rdXPcabAhFIlL6NIt43n6DYRl/MYSpFvzifLKnCso2fPNNgT lXZuwH1qDBepVVQ0YrTnOBf+7u822lPuGyIq1Nz4YUBhKAAlBTV/Hxv3gJCXTihO 6NW42qk44VLjmu/Gpo5Q4Nc6EWeujwZRXNEZo8m5YfV92VteJTs3520iPRB0qFga aPOyiMNIKyhzZ3CPxxkDXgeRDh7AFznwcljlDE6DiCVmbPaUucJkvad/TwyFf4ul Wp1zZ2aCrt/oO5GK/MQfGNh4rmN/0qB9cxYoBDWbOJSG4R1+PTI= =dQgB -----END PGP SIGNATURE----- Merge 4.14.114 into android-4.14-q Changes in 4.14.114 bonding: fix event handling for stacked bonds net: atm: Fix potential Spectre v1 vulnerabilities net: bridge: fix per-port af_packet sockets net: bridge: multicast: use rcu to access port list from br_multicast_start_querier net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv tcp: tcp_grow_window() needs to respect tcp_space() team: set slave to promisc if team is already in promisc mode vhost: reject zero size iova range ipv4: recompile ip options in ipv4_link_failure ipv4: ensure rcu_read_lock() in ipv4_link_failure() net: thunderx: raise XDP MTU to 1508 net: thunderx: don't allow jumbo frames with XDP CIFS: keep FileInfo handle live during oplock break KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU KVM: x86: svm: make sure NMI is injected after nmi_singlestep Staging: iio: meter: fixed typo staging: iio: ad7192: Fix ad7193 channel address iio: gyro: mpu3050: fix chip ID reading iio/gyro/bmg160: Use millidegrees for temperature scale iio: cros_ec: Fix the maths for gyro scale calculation iio: ad_sigma_delta: select channel when reading register iio: dac: mcp4725: add missing powerdown bits in store eeprom iio: Fix scan mask selection iio: adc: at91: disable adc channel interrupt in timeout case iio: core: fix a possible circular locking dependency io: accel: kxcjk1013: restore the range after resume. staging: comedi: vmk80xx: Fix use of uninitialized semaphore staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf staging: comedi: ni_usb6501: Fix use of uninitialized mutex staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf ALSA: hda/realtek - add two more pin configuration sets to quirk table ALSA: core: Fix card races between register and disconnect scsi: core: set result when the command cannot be dispatched Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO" Revert "svm: Fix AVIC incomplete IPI emulation" coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping crypto: x86/poly1305 - fix overflow during partial reduction arm64: futex: Restore oldval initialization to work around buggy compilers x86/kprobes: Verify stack frame on kretprobe kprobes: Mark ftrace mcount handler functions nokprobe kprobes: Fix error check when reusing optimized probes rt2x00: do not increment sequence number while re-transmitting mac80211: do not call driver wake_tx_queue op during reconfig perf/x86/amd: Add event map for AMD Family 17h x86/cpu/bugs: Use __initconst for 'const' init data perf/x86: Fix incorrect PEBS_REGS x86/speculation: Prevent deadlock on ssb_state::lock crypto: crypto4xx - properly set IV after de- and encrypt mmc: sdhci: Fix data command CRC error handling mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR mmc: sdhci: Handle auto-command errors modpost: file2alias: go back to simple devtable lookup modpost: file2alias: check prototype of handler tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete ipv6: frags: fix a lockdep false positive net: IP defrag: encapsulate rbtree defrag code into callable functions ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module net: IP6 defrag: use rbtrees for IPv6 defrag net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c Revert "kbuild: use -Oz instead of -Os when using clang" sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup device_cgroup: fix RCU imbalance in error case mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n ALSA: info: Fix racy addition/deletion of nodes percpu: stop printing kernel addresses tools include: Adopt linux/bits.h iomap: report collisions between directio and buffered writes to userspace xfs: add the ability to join a held buffer to a defer_ops xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" kernel/sysctl.c: fix out-of-bounds access when setting file-max Linux 4.14.114 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
c680586c4f |
This is the 4.14.114 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzEBk4ACgkQONu9yGCS aT7oPg/+LqGEp+af4Q2623Y5tzG+pV580Xzzeyu+ZulmfTiG8yylSCxtVKvzjlmf omeCYxZXCNDtOn1aWFWvM+cZlNC90gOem2Xm2P7KEx25QZflFFI+Uzt+7sKrLr1l v/6YOf2cjvfOAlYF6euI98Ja6+m+OWXhWDUQUEUbl0X8Of2pXW9opWsf13LKT/BT p9WpVjDN+pow1kGl1Sk4zu11LBZsN0PI5ZW64PTSG2AuSIMQ9pHZzxrGD7/vhQMC 50s2WsJxlIvuE3tmWDnpqfR0WjzaUk59hHrrBM9YLDlqjzFZNgD2ziRn0A0sfW1n us81cw6Wz+LcykK3D2qvIvhZkRkDVI7J6LQSzeNaBWl3AkEEjwYw3cSwD5jl5+xn cbTgaBjKursuBZU5rdXPcabAhFIlL6NIt43n6DYRl/MYSpFvzifLKnCso2fPNNgT lXZuwH1qDBepVVQ0YrTnOBf+7u822lPuGyIq1Nz4YUBhKAAlBTV/Hxv3gJCXTihO 6NW42qk44VLjmu/Gpo5Q4Nc6EWeujwZRXNEZo8m5YfV92VteJTs3520iPRB0qFga aPOyiMNIKyhzZ3CPxxkDXgeRDh7AFznwcljlDE6DiCVmbPaUucJkvad/TwyFf4ul Wp1zZ2aCrt/oO5GK/MQfGNh4rmN/0qB9cxYoBDWbOJSG4R1+PTI= =dQgB -----END PGP SIGNATURE----- Merge 4.14.114 into android-4.14 Changes in 4.14.114 bonding: fix event handling for stacked bonds net: atm: Fix potential Spectre v1 vulnerabilities net: bridge: fix per-port af_packet sockets net: bridge: multicast: use rcu to access port list from br_multicast_start_querier net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv tcp: tcp_grow_window() needs to respect tcp_space() team: set slave to promisc if team is already in promisc mode vhost: reject zero size iova range ipv4: recompile ip options in ipv4_link_failure ipv4: ensure rcu_read_lock() in ipv4_link_failure() net: thunderx: raise XDP MTU to 1508 net: thunderx: don't allow jumbo frames with XDP CIFS: keep FileInfo handle live during oplock break KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU KVM: x86: svm: make sure NMI is injected after nmi_singlestep Staging: iio: meter: fixed typo staging: iio: ad7192: Fix ad7193 channel address iio: gyro: mpu3050: fix chip ID reading iio/gyro/bmg160: Use millidegrees for temperature scale iio: cros_ec: Fix the maths for gyro scale calculation iio: ad_sigma_delta: select channel when reading register iio: dac: mcp4725: add missing powerdown bits in store eeprom iio: Fix scan mask selection iio: adc: at91: disable adc channel interrupt in timeout case iio: core: fix a possible circular locking dependency io: accel: kxcjk1013: restore the range after resume. staging: comedi: vmk80xx: Fix use of uninitialized semaphore staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf staging: comedi: ni_usb6501: Fix use of uninitialized mutex staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf ALSA: hda/realtek - add two more pin configuration sets to quirk table ALSA: core: Fix card races between register and disconnect scsi: core: set result when the command cannot be dispatched Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO" Revert "svm: Fix AVIC incomplete IPI emulation" coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping crypto: x86/poly1305 - fix overflow during partial reduction arm64: futex: Restore oldval initialization to work around buggy compilers x86/kprobes: Verify stack frame on kretprobe kprobes: Mark ftrace mcount handler functions nokprobe kprobes: Fix error check when reusing optimized probes rt2x00: do not increment sequence number while re-transmitting mac80211: do not call driver wake_tx_queue op during reconfig perf/x86/amd: Add event map for AMD Family 17h x86/cpu/bugs: Use __initconst for 'const' init data perf/x86: Fix incorrect PEBS_REGS x86/speculation: Prevent deadlock on ssb_state::lock crypto: crypto4xx - properly set IV after de- and encrypt mmc: sdhci: Fix data command CRC error handling mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR mmc: sdhci: Handle auto-command errors modpost: file2alias: go back to simple devtable lookup modpost: file2alias: check prototype of handler tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete ipv6: frags: fix a lockdep false positive net: IP defrag: encapsulate rbtree defrag code into callable functions ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module net: IP6 defrag: use rbtrees for IPv6 defrag net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c Revert "kbuild: use -Oz instead of -Os when using clang" sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup device_cgroup: fix RCU imbalance in error case mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n ALSA: info: Fix racy addition/deletion of nodes percpu: stop printing kernel addresses tools include: Adopt linux/bits.h iomap: report collisions between directio and buffered writes to userspace xfs: add the ability to join a held buffer to a defer_ops xfs: hold xfs_buf locked between shortform->leaf conversion and the addition of an attribute i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" kernel/sysctl.c: fix out-of-bounds access when setting file-max Linux 4.14.114 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Peter Oskolkov
|
ccfa73daf7 |
net: IP defrag: encapsulate rbtree defrag code into callable functions
[ Upstream commit c23f35d19db3b36ffb9e04b08f1d91565d15f84f ] This is a refactoring patch: without changing runtime behavior, it moves rbtree-related code from IPv4-specific files/functions into .h/.c defrag files shared with IPv6 defragmentation code. v2: make handling of overlapping packets match upstream. Signed-off-by: Peter Oskolkov <posk@google.com> Cc: Eric Dumazet <edumazet@google.com> Cc: Florian Westphal <fw@strlen.de> Cc: Tom Herbert <tom@herbertland.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Eric Dumazet
|
0a7e8300b7 |
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
[ Upstream commit c543cb4a5f07e09237ec0fc2c60c9f131b2c79ad ] fib_compute_spec_dst() needs to be called under rcu protection. syzbot reported : WARNING: suspicious RCU usage 5.1.0-rc4+ #165 Not tainted include/linux/inetdevice.h:220 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by swapper/0/0: #0: 0000000051b67925 ((&n->timer)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:170 [inline] #0: 0000000051b67925 ((&n->timer)){+.-.}, at: call_timer_fn+0xda/0x720 kernel/time/timer.c:1315 stack backtrace: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.1.0-rc4+ #165 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5162 __in_dev_get_rcu include/linux/inetdevice.h:220 [inline] fib_compute_spec_dst+0xbbd/0x1030 net/ipv4/fib_frontend.c:294 spec_dst_fill net/ipv4/ip_options.c:245 [inline] __ip_options_compile+0x15a7/0x1a10 net/ipv4/ip_options.c:343 ipv4_link_failure+0x172/0x400 net/ipv4/route.c:1195 dst_link_failure include/net/dst.h:427 [inline] arp_error_report+0xd1/0x1c0 net/ipv4/arp.c:297 neigh_invalidate+0x24b/0x570 net/core/neighbour.c:995 neigh_timer_handler+0xc35/0xf30 net/core/neighbour.c:1081 call_timer_fn+0x190/0x720 kernel/time/timer.c:1325 expire_timers kernel/time/timer.c:1362 [inline] __run_timers kernel/time/timer.c:1681 [inline] __run_timers kernel/time/timer.c:1649 [inline] run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1694 __do_softirq+0x266/0x95a kernel/softirq.c:293 invoke_softirq kernel/softirq.c:374 [inline] irq_exit+0x180/0x1d0 kernel/softirq.c:414 exiting_irq arch/x86/include/asm/apic.h:536 [inline] smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807 Fixes: ed0de45a1008 ("ipv4: recompile ip options in ipv4_link_failure") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: syzbot <syzkaller@googlegroups.com> Cc: Stephen Suryaputra <ssuryaextr@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Stephen Suryaputra
|
3d988fcddb |
ipv4: recompile ip options in ipv4_link_failure
[ Upstream commit ed0de45a1008991fdaa27a0152befcb74d126a8b ]
Recompile IP options since IPCB may not be valid anymore when
ipv4_link_failure is called from arp_error_report.
Refer to the commit 3da1ed7ac398 ("net: avoid use IPCB in cipso_v4_error")
and the commit before that (9ef6b42ad6fd) for a similar issue.
Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
07b1747f11 |
tcp: tcp_grow_window() needs to respect tcp_space()
[ Upstream commit 50ce163a72d817a99e8974222dcf2886d5deb1ae ] For some reason, tcp_grow_window() correctly tests if enough room is present before attempting to increase tp->rcv_ssthresh, but does not prevent it to grow past tcp_space() This is causing hard to debug issues, like failing the (__tcp_select_window(sk) >= tp->rcv_wnd) test in __tcp_ack_snd_check(), causing ACK delays and possibly slow flows. Depending on tcp_rmem[2], MTU, skb->len/skb->truesize ratio, we can see the problem happening on "netperf -t TCP_RR -- -r 2000,2000" after about 60 round trips, when the active side no longer sends immediate acks. This bug predates git history. Signed-off-by: Eric Dumazet <edumazet@google.com> Acked-by: Soheil Hassas Yeganeh <soheil@google.com> Acked-by: Neal Cardwell <ncardwell@google.com> Acked-by: Wei Wang <weiwan@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Lorenzo Bianconi
|
8835f1c7d0 |
net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv
[ Upstream commit 988dc4a9a3b66be75b30405a5494faf0dc7cffb6 ]
gue tunnels run iptunnel_pull_offloads on received skbs. This can
determine a possible use-after-free accessing guehdr pointer since
the packet will be 'uncloned' running pskb_expand_head if it is a
cloned gso skb (e.g if the packet has been sent though a veth device)
Fixes: a09a4c8dd1ec ("tunnels: Remove encapsulation offloads on decap")
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Blagovest Kolenichev
|
470b822c14 |
Merge android-4.14.107 (0892a3e) into msm-4.14
* refs/heads/tmp-0892a3e: Linux 4.14.107 vhost/vsock: fix vhost vsock cid hashing inconsistent It's wrong to add len to sector_nr in raid10 reshape twice perf/x86/intel: Make dev_attr_allow_tsx_force_abort static perf/x86/intel: Fix memory corruption ALSA: firewire-motu: fix construction of PCM frame for capture direction ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 perf/x86: Fixup typo in stub functions ipvlan: disallow userns cap_net_admin to change global mode/flags missing barriers in some of unix_sock ->addr and ->path accesses bonding: fix PACKET_ORIGDEV regression net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 mdio_bus: Fix use-after-free on device_register fails net/x25: fix a race in x25_bind() net/mlx4_core: Fix qp mtt size calculation net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling net/mlx4_core: Fix reset flow when in command polling mode vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() vxlan: Fix GRO cells race condition between receive and link delete tcp: handle inet_csk_reqsk_queue_add() failures tcp: Don't access TCP_SKB_CB before initializing it rxrpc: Fix client call queueing, waiting for channel route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race ravb: Decrease TxFIFO depth of Q3 and Q2 to one pptp: dst_release sk_dst_cache in pptp_sock_destruct net/x25: reset state in x25_connect() net/x25: fix use-after-free in x25_device_event() net: sit: fix UBSAN Undefined behaviour in check_6rd net/hsr: fix possible crash in add_timer() net: hsr: fix memory leak in hsr_dev_finalize() l2tp: fix infoleak in l2tp_ip6_recvmsg() ipv4/route: fail early when inet dev is missing gro_cells: make sure device is up in gro_cells_receive() perf tools: Fix compile error with libunwind x86 ACPICA: Reference Counts: increase max to 0x4000 for large servers ANDROID: cpufreq: times: don't copy invalid freqs from freq table Change-Id: Iadc82a5c6c2fc13ccda3be3d48f5f0237f87ab42 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
b36940959e |
Merge android-4.14.106 (8ed9bc6) into msm-4.14
* refs/heads/tmp-8ed9bc6:
Revert "staging: android: ion: fix sys heap pool's gfp_flags"
Linux 4.14.106
perf/x86/intel: Implement support for TSX Force Abort
x86: Add TSX Force Abort CPUID/MSR
perf/x86/intel: Generalize dynamic constraint creation
perf/x86/intel: Make cpuc allocations consistent
driver core: Postpone DMA tear-down until after devres release
ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
gfs2: Fix missed wakeups in find_insert_glock
ARM: 8781/1: Fix Thumb-2 syscall return for binutils 2.29+
drm: disable uncached DMA optimization for ARM and arm64
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
arm64: dts: hikey: Give wifi some time after power-on
scsi: aacraid: Fix missing break in switch statement
iscsi_ibft: Fix missing break in switch statement
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
qed: Consider TX tcs while deriving the max num_queues for PF.
qed: Fix EQ full firmware assert.
fs: ratelimit __find_get_block_slow() failure message.
i2c: omap: Use noirq system sleep pm ops to idle device for suspend
MIPS: Remove function size check in get_frame_info()
perf trace: Support multiple "vfs_getname" probes
perf symbols: Filter out hidden symbols from labels
s390/qeth: fix use-after-free in error path
netfilter: nf_nat: skip nat clash resolution for same-origin entries
selftests: netfilter: add simple masq/redirect test cases
selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
dmaengine: dmatest: Abort test in case of mapping error
vsock/virtio: reset connected sockets on device removal
vsock/virtio: fix kernel panic after device hot-unplug
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
bpf: fix lockdep false positive in percpu_freelist
bpf, selftests: fix handling of sparse CPU allocations
relay: check return of create_buf_file() properly
irqchip/gic-v3-its: Fix ITT_entry_size accessor
net: stmmac: Disable EEE mode earlier in XMIT callback
net: stmmac: Send TSO packets always from Queue 0
net: stmmac: Fallback to Platform Data clock in Watchdog conversion
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
usb: phy: fix link errors
DTS: CI20: Fix bugs in ci20's device tree.
arm64: dts: add msm8996 compatible to gicv3
ARM: pxa: ssp: unneeded to free devm_ allocated data
bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt()
soc: fsl: qbman: avoid race in clearing QMan interrupt
arm64: dts: renesas: r8a7796: Enable DMA for SCIF2
ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags
autofs: fix error return in autofs_fill_super()
autofs: drop dentry reference only when it is never used
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
lib/test_kmod.c: potential double free in error handling
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
x86_64: increase stack size for KASAN_EXTRA
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
apparmor: Fix aa_label_build() error handling for failed merges
arm64: kprobe: Always blacklist the KVM world-switch code
x86/microcode/amd: Don't falsely trick the late loading mechanism
cifs: fix computation for MAX_SMB2_HDR_SIZE
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
scsi: libfc: free skb when receiving invalid flogi resp
qed: Fix stack out of bounds bug
qed: Fix system crash in ll2 xmit
qed: Fix VF probe failure while FLR
qed: Fix LACP pdu drops for VFs
qed: Fix bug in tx promiscuous mode settings
nfs: Fix NULL pointer dereference of dev_name
selftests: timers: use LDLIBS instead of LDFLAGS
gpio: vf610: Mask all GPIO interrupts
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: hns: Restart autoneg need return failed when autoneg off
net: hns: Fix for missing of_node_put() after of_parse_phandle()
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
xtensa: SMP: limit number of possible CPUs by NR_CPUS
xtensa: SMP: mark each possible CPU as present
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: fix secondary CPU initialization
selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
xtensa: SMP: fix ccount_timer_shutdown
iommu/amd: Fix IOMMU page flush when detach device from a domain
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Unmap all mapped pages in error path of map_sg
iommu/amd: Call free_iova_fast with pfn in map_sg
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
perf tools: Handle TOPOLOGY headers with no CPU
perf core: Fix perf_proc_update_handler() bug
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
media: uvcvideo: Fix 'type' check leading to overflow
scsi: core: reset host byte in DID_NEXUS_FAILURE case
exec: Fix mem leak in kernel_read_file
Bluetooth: Fix locking in bt_accept_enqueue() for BH context
xtensa: fix get_wchan
hugetlbfs: fix races and page leaks during migration
MIPS: irq: Allocate accurate order pages for irq stack
applicom: Fix potential Spectre v1 vulnerabilities
x86/CPU/AMD: Set the CPB bit unconditionally on F17h
net: dsa: mv88e6xxx: Fix statistics on mv88e6161
net: phy: Micrel KSZ8061: link failure after cable connect
tun: remove unnecessary memory barrier
tun: fix blocking read
mpls: Return error for RTA_GATEWAY attribute
ipv6: Return error for RTA_VIA attribute
ipv4: Return error for RTA_VIA attribute
net: avoid use IPCB in cipso_v4_error
net: Add __icmp_send helper.
xen-netback: fix occasional leak of grant ref mappings under memory pressure
xen-netback: don't populate the hash cache on XenBus disconnect
net: socket: set sock->sk to NULL after calling proto_ops::release()
net: sit: fix memory leak in sit_init_net()
net: phy: phylink: fix uninitialized variable in phylink_get_mac_state
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
net: netem: fix skb length BUG_ON in __skb_to_sgvec
netlabel: fix out-of-bounds memory accesses
net: dsa: mv88e6xxx: Fix u64 statistics
hv_netvsc: Fix IP header checksum for coalesced packets
geneve: correctly handle ipv6.disable module parameter
bnxt_en: Drop oversize TX packets to prevent errors.
tipc: fix RDM/DGRAM connect() regression
team: Free BPF filter when unregistering netdev
sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79
net-sysfs: Fix mem leak in netdev_register_kobject
net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex
ip6mr: Do not call __IP6_INC_STATS() from preemptible context
staging: android: ion: fix sys heap pool's gfp_flags
staging: wilc1000: fix to set correct value for 'vif_num'
staging: comedi: ni_660x: fix missing break in switch statement
USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485
USB: serial: cp210x: add ID for Ingenico 3070
USB: serial: option: add Telit ME910 ECM composition
cpufreq: Use struct kobj_attribute instead of struct global_attr
ANDROID: cuttlefish: enable CONFIG_INET_UDP_DIAG=y
ANDROID: cuttlefish: enable CONFIG_USB_RTL8152=y
Change-Id: Id5bc9a3c0ca235fcf07904455ea829c7f49618ad
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
6d613313e0 |
Merge android-4.14 (a895cea) into msm-4.14
* refs/heads/tmp-a895cea: Revert "ANDROID: sched: Fix share_cap_level detect" ANDROID: cuttlefish_defconfig: Add support for AC97 audio ANDROID: overlayfs: override_creds=off option bypass creator_cred ANDROID: cuttlefish: enable CONFIG_NETFILTER_XT_TARGET_CT=y Revert "ANDROID: arm: process: Add display of memory around registers when displaying regs." Revert "ANDROID: overlayfs: override_creds=off option bypass creator_cred" ANDROID: overlayfs: override_creds=off option bypass creator_cred FROMGIT: binder: create node flag to request sender's security context ANDROID: revert "net: ipv4: sysfs_net_ipv4: Add sysfs-based knobs for controlling TCP window size" ANDROID: cpufreq: times: optimize proc files ANDROID: sched/walt: Fix the potential bad unlock issue ANDROID: sched/fair: Don't double account RT util in boosted_cpu_util() ANDROID: cpufreq: times: record fast switch frequency transitions ANDROID: DEBUG: fix build error when Macro DEBUG_EENV_DECISIONS is defined ANDROID: cuttlefish: enable CONFIG_NET_SCH_NETEM=y ANDROID: sched/walt: Fix lockdep assert issue Add XFRM-I to cuttlefish defconfigs ANDROID: Move from clang r346389b to r349610. ANDROID: Turn xt_owner module on ANDROID: Remove xt_qtaguid module from new kernels. UPSTREAM: virt_wifi: fix error return code in virt_wifi_newlink() ANDROID: arm64: lse: fix LSE atomics with LTO UPSTREAM: net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP UPSTREAM: binder: filter out nodes when showing binder procs UPSTREAM: xfrm: Make set-mark default behavior backward compatible ANDROID: cuttlefish_defconfig: Enable CONFIG_RTC_HCTOSYS ANDROID: sched/rt: fix the problem that rt_rq's util is always zero. ANDROID: sched: Fix share_cap_level detect ANDROID: cfi: fix shadow rebasing UPSTREAM: dm: do not allow readahead to limit IO size UPSTREAM: ppp: Move PFC decompression to PPP generic layer UPSTREAM: l2tp: Add protocol field decompression BACKPORT: l2tp: remove ->recv_payload_hook UPSTREAM: zram: idle writeback fixes and cleanup UPSTREAM: zram: writeback throttle UPSTREAM: zram: add bd_stat statistics UPSTREAM: zram: support idle/huge page writeback UPSTREAM: zram: introduce ZRAM_IDLE flag UPSTREAM: zram: refactor flags and writeback stuff UPSTREAM: zram: fix lockdep warning of free block handling ANDROID: cuttlefish_defconfig: Enable vsock options ANDROID: mnt: Propagate remount correctly UPSTREAM: loop: drop caches if offset or block_size are changed UPSTREAM: crypto: adiantum - initialize crypto_spawn::inst UPSTREAM: crypto: adiantum - fix leaking reference to hash algorithm UPSTREAM: crypto: adiantum - adjust some comments to match latest paper UPSTREAM: crypto: adiantum - propagate CRYPTO_ALG_ASYNC flag to instance ANDROID: cuttlefish: enable CONFIG_NET_CLS_BPF=y Makefile: Fix 4.14.93 resolution ANDROID: cuttlefish_defconfig: remove DM_VERITY_HASH_PREFETCH_MIN_SIZE Revert "ANDROID: dm: verity: add minimum prefetch size" ANDROID: f2fs: Complement "android_fs" tracepoint of read path Conflicts: Documentation/ABI/testing/sysfs-block-zram Documentation/blockdev/zram.txt Makefile drivers/block/zram/zram_drv.c drivers/block/zram/zram_drv.h drivers/md/Kconfig include/uapi/linux/android/binder.h kernel/sched/core.c kernel/sched/cpufreq_schedutil.c kernel/sched/fair.c net/l2tp/l2tp_ppp.c net/netfilter/xt_qtaguid.c Change-Id: Ie4e343210602d26c0319138deb71ff0788e90a87 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
1a55db76bf |
This is the 4.14.112 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly2ycMACgkQONu9yGCS aT7C5hAA0R6ogtbWP8zWyYUPC5hMQUW5QZvbtxAYmdqYHaXZMmu6Zpwi4fwjIXTO SZmLYLNdZCo56hVTsyiBNKIK+5MzQLzce4bftnrO7XyMT+qqxFHoIRrb/LZ9g1Zj 51bPQ1ctCRQi1YcCVqcA18MDy2Vm6BvKgFlQt9A6p9anxlnyldsphl5Af9VaSg3W LgMhoDLYUzG2oqKm2GIy9FrTU/rO5i7nVc2sBQKjol/IPlmiHO+dRCLkjTHTTaI/ 35tu0VZD7BUEmOMtZ3CMi3IgYaBF60Ii7JrXi5/UqOP6cVH1ILNm4PLI0lK4lIM2 BsReZtJSDJazQznygvc9o88SCqCR45HF+zAK80z6O9qQAQ4JXEcyA04sD4enJjVC NB5sgzaJtoNvQpEmfkeQXxH96IamiQJW1SiojTjVG+8CFjpsmLyAs1iQSga17hQI ib+aFvZOCodh/a0sA69vho+9bK0Hq7oGXfaew0Tqw/SX40TPrHt2Oyg7SXv9A6ME M+w3a3DtWcKnUTGyEaM5PSWnNLd7QOlZh+JqD7FTKJHoXmW4ImssicPPVAxrVhp+ gsA29FW+RZbgykAFLnSMIsZWaQwRq54wRER/yFOYeAydmOJkQorja6i7iEClohFD Bgd91KAzCHiBuAe12mdWhhcsR/wcJ6+SPlwst6DrJ7ZIQJJYORo= =HUau -----END PGP SIGNATURE----- Merge 4.14.112 into android-4.14-q Changes in 4.14.112 net: sfp: move sfp_register_socket call from sfp_remove to sfp_probe x86/power: Fix some ordering bugs in __restore_processor_context() x86/power/64: Use struct desc_ptr for the IDT in struct saved_context x86/power/32: Move SYSENTER MSR restoration to fix_processor_context() x86/power: Make restore_processor_context() sane drm/i915/gvt: do not let pin count of shadow mm go negative powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD x86: vdso: Use $LD instead of $CC to link x86/vdso: Drop implicit common-page-size linker flag lib/string.c: implement a basic bcmp stating: ccree: revert "staging: ccree: fix leak of import() after init()" arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region tty: mark Siemens R3964 line discipline as BROKEN tty: ldisc: add sysctl to prevent autoloading of ldiscs ipv6: Fix dangling pointer when ipv6 fragment ipv6: sit: reset ip header pointer in ipip6_rcv kcm: switch order of device registration to fix a crash net-gro: Fix GRO flush when receiving a GSO packet. net/mlx5: Decrease default mr cache size net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). net/sched: fix ->get helper of the matchall cls openvswitch: fix flow actions reallocation qmi_wwan: add Olicard 600 sctp: initialize _pad of sockaddr_in before copying to user memory tcp: Ensure DCTCP reacts to losses vrf: check accept_source_route on the original netdevice net/mlx5e: Fix error handling when refreshing TIRs net/mlx5e: Add a lock on tir list nfp: validate the return code from dev_queue_xmit() bnxt_en: Improve RX consumer index validity check. bnxt_en: Reset device on RX buffer errors. net/sched: act_sample: fix divide by zero in the traffic path netns: provide pure entropy for net_hash_mix() net: ethtool: not call vzalloc for zero sized memory request ALSA: seq: Fix OOB-reads from strlcpy ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type hv_netvsc: Fix unwanted wakeup after tx_disable arm64: dts: rockchip: fix rk3328 sdmmc0 write errors parisc: Detect QEMU earlier in boot process parisc: regs_return_value() should return gpr28 alarmtimer: Return correct remaining time drm/udl: add a release method and delay modeset teardown include/linux/bitrev.h: fix constant bitrev ASoC: fsl_esai: fix channel swap issue when stream starts Btrfs: do not allow trimming when a fs is mounted with the nologreplay option btrfs: prop: fix zstd compression parameter validation btrfs: prop: fix vanished compression property after failed set block: do not leak memory in bio_copy_user_iov() block: fix the return errno for direct IO genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n virtio: Honour 'may_reduce_num' in vring_create_virtqueue ARM: dts: am335x-evmsk: Correct the regulators for the audio codec ARM: dts: am335x-evm: Correct the regulators for the audio codec ARM: dts: at91: Fix typo in ISC_D0 on PC9 arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value arm64: dts: rockchip: fix rk3328 rgmii high tx error rate arm64: backtrace: Don't bother trying to unwind the userspace stack xen: Prevent buffer overflow in privcmd ioctl sched/fair: Do not re-read ->h_load_next during hierarchical load calculation xtensa: fix return_address x86/perf/amd: Resolve race condition when disabling PMC x86/perf/amd: Resolve NMI latency issues for active PMCs x86/perf/amd: Remove need to check "running" bit in NMI handler PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64 arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64 Linux 4.14.112 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Greg Kroah-Hartman
|
ff17dbeb19 |
This is the 4.14.112 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly2ycMACgkQONu9yGCS aT7C5hAA0R6ogtbWP8zWyYUPC5hMQUW5QZvbtxAYmdqYHaXZMmu6Zpwi4fwjIXTO SZmLYLNdZCo56hVTsyiBNKIK+5MzQLzce4bftnrO7XyMT+qqxFHoIRrb/LZ9g1Zj 51bPQ1ctCRQi1YcCVqcA18MDy2Vm6BvKgFlQt9A6p9anxlnyldsphl5Af9VaSg3W LgMhoDLYUzG2oqKm2GIy9FrTU/rO5i7nVc2sBQKjol/IPlmiHO+dRCLkjTHTTaI/ 35tu0VZD7BUEmOMtZ3CMi3IgYaBF60Ii7JrXi5/UqOP6cVH1ILNm4PLI0lK4lIM2 BsReZtJSDJazQznygvc9o88SCqCR45HF+zAK80z6O9qQAQ4JXEcyA04sD4enJjVC NB5sgzaJtoNvQpEmfkeQXxH96IamiQJW1SiojTjVG+8CFjpsmLyAs1iQSga17hQI ib+aFvZOCodh/a0sA69vho+9bK0Hq7oGXfaew0Tqw/SX40TPrHt2Oyg7SXv9A6ME M+w3a3DtWcKnUTGyEaM5PSWnNLd7QOlZh+JqD7FTKJHoXmW4ImssicPPVAxrVhp+ gsA29FW+RZbgykAFLnSMIsZWaQwRq54wRER/yFOYeAydmOJkQorja6i7iEClohFD Bgd91KAzCHiBuAe12mdWhhcsR/wcJ6+SPlwst6DrJ7ZIQJJYORo= =HUau -----END PGP SIGNATURE----- Merge 4.14.112 into android-4.14 Changes in 4.14.112 net: sfp: move sfp_register_socket call from sfp_remove to sfp_probe x86/power: Fix some ordering bugs in __restore_processor_context() x86/power/64: Use struct desc_ptr for the IDT in struct saved_context x86/power/32: Move SYSENTER MSR restoration to fix_processor_context() x86/power: Make restore_processor_context() sane drm/i915/gvt: do not let pin count of shadow mm go negative powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD x86: vdso: Use $LD instead of $CC to link x86/vdso: Drop implicit common-page-size linker flag lib/string.c: implement a basic bcmp stating: ccree: revert "staging: ccree: fix leak of import() after init()" arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region tty: mark Siemens R3964 line discipline as BROKEN tty: ldisc: add sysctl to prevent autoloading of ldiscs ipv6: Fix dangling pointer when ipv6 fragment ipv6: sit: reset ip header pointer in ipip6_rcv kcm: switch order of device registration to fix a crash net-gro: Fix GRO flush when receiving a GSO packet. net/mlx5: Decrease default mr cache size net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). net/sched: fix ->get helper of the matchall cls openvswitch: fix flow actions reallocation qmi_wwan: add Olicard 600 sctp: initialize _pad of sockaddr_in before copying to user memory tcp: Ensure DCTCP reacts to losses vrf: check accept_source_route on the original netdevice net/mlx5e: Fix error handling when refreshing TIRs net/mlx5e: Add a lock on tir list nfp: validate the return code from dev_queue_xmit() bnxt_en: Improve RX consumer index validity check. bnxt_en: Reset device on RX buffer errors. net/sched: act_sample: fix divide by zero in the traffic path netns: provide pure entropy for net_hash_mix() net: ethtool: not call vzalloc for zero sized memory request ALSA: seq: Fix OOB-reads from strlcpy ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type hv_netvsc: Fix unwanted wakeup after tx_disable arm64: dts: rockchip: fix rk3328 sdmmc0 write errors parisc: Detect QEMU earlier in boot process parisc: regs_return_value() should return gpr28 alarmtimer: Return correct remaining time drm/udl: add a release method and delay modeset teardown include/linux/bitrev.h: fix constant bitrev ASoC: fsl_esai: fix channel swap issue when stream starts Btrfs: do not allow trimming when a fs is mounted with the nologreplay option btrfs: prop: fix zstd compression parameter validation btrfs: prop: fix vanished compression property after failed set block: do not leak memory in bio_copy_user_iov() block: fix the return errno for direct IO genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n virtio: Honour 'may_reduce_num' in vring_create_virtqueue ARM: dts: am335x-evmsk: Correct the regulators for the audio codec ARM: dts: am335x-evm: Correct the regulators for the audio codec ARM: dts: at91: Fix typo in ISC_D0 on PC9 arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value arm64: dts: rockchip: fix rk3328 rgmii high tx error rate arm64: backtrace: Don't bother trying to unwind the userspace stack xen: Prevent buffer overflow in privcmd ioctl sched/fair: Do not re-read ->h_load_next during hierarchical load calculation xtensa: fix return_address x86/perf/amd: Resolve race condition when disabling PMC x86/perf/amd: Resolve NMI latency issues for active PMCs x86/perf/amd: Remove need to check "running" bit in NMI handler PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64 arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64 Linux 4.14.112 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Stephen Suryaputra
|
16b7142372 |
vrf: check accept_source_route on the original netdevice
[ Upstream commit 8c83f2df9c6578ea4c5b940d8238ad8a41b87e9e ] Configuration check to accept source route IP options should be made on the incoming netdevice when the skb->dev is an l3mdev master. The route lookup for the source route next hop also needs the incoming netdev. v2->v3: - Simplify by passing the original netdevice down the stack (per David Ahern). Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> Reviewed-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Koen De Schepper
|
2ff8616e56 |
tcp: Ensure DCTCP reacts to losses
[ Upstream commit aecfde23108b8e637d9f5c5e523b24fb97035dc3 ]
RFC8257 §3.5 explicitly states that "A DCTCP sender MUST react to
loss episodes in the same way as conventional TCP".
Currently, Linux DCTCP performs no cwnd reduction when losses
are encountered. Optionally, the dctcp_clamp_alpha_on_loss resets
alpha to its maximal value if a RTO happens. This behavior
is sub-optimal for at least two reasons: i) it ignores losses
triggering fast retransmissions; and ii) it causes unnecessary large
cwnd reduction in the future if the loss was isolated as it resets
the historical term of DCTCP's alpha EWMA to its maximal value (i.e.,
denoting a total congestion). The second reason has an especially
noticeable effect when using DCTCP in high BDP environments, where
alpha normally stays at low values.
This patch replace the clamping of alpha by setting ssthresh to
half of cwnd for both fast retransmissions and RTOs, at most once
per RTT. Consequently, the dctcp_clamp_alpha_on_loss module parameter
has been removed.
The table below shows experimental results where we measured the
drop probability of a PIE AQM (not applying ECN marks) at a
bottleneck in the presence of a single TCP flow with either the
alpha-clamping option enabled or the cwnd halving proposed by this
patch. Results using reno or cubic are given for comparison.
| Link | RTT | Drop
TCP CC | speed | base+AQM | probability
==================|=========|==========|============
CUBIC | 40Mbps | 7+20ms | 0.21%
RENO | | | 0.19%
DCTCP-CLAMP-ALPHA | | | 25.80%
DCTCP-HALVE-CWND | | | 0.22%
------------------|---------|----------|------------
CUBIC | 100Mbps | 7+20ms | 0.03%
RENO | | | 0.02%
DCTCP-CLAMP-ALPHA | | | 23.30%
DCTCP-HALVE-CWND | | | 0.04%
------------------|---------|----------|------------
CUBIC | 800Mbps | 1+1ms | 0.04%
RENO | | | 0.05%
DCTCP-CLAMP-ALPHA | | | 18.70%
DCTCP-HALVE-CWND | | | 0.06%
We see that, without halving its cwnd for all source of losses,
DCTCP drives the AQM to large drop probabilities in order to keep
the queue length under control (i.e., it repeatedly faces RTOs).
Instead, if DCTCP reacts to all source of losses, it can then be
controlled by the AQM using similar drop levels than cubic or reno.
Signed-off-by: Koen De Schepper <koen.de_schepper@nokia-bell-labs.com>
Signed-off-by: Olivier Tilmans <olivier.tilmans@nokia-bell-labs.com>
Cc: Bob Briscoe <research@bobbriscoe.net>
Cc: Lawrence Brakmo <brakmo@fb.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Daniel Borkmann <borkmann@iogearbox.net>
Cc: Yuchung Cheng <ycheng@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Andrew Shewmaker <agshew@gmail.com>
Cc: Glenn Judd <glenn.judd@morganstanley.com>
Acked-by: Florian Westphal <fw@strlen.de>
Acked-by: Neal Cardwell <ncardwell@google.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Chenbo Feng
|
317336de57 |
ANDROID: Remove Android paranoid check for socket creation
For 4.14+ kernels, eBPF cgroup socket filter is used to control socket creation on devices. Remove this check since it is no longer useful. Signed-off-by: Chenbo Feng <fengc@google.com> Bug: 128944261 Test: CtsNetTestCasesInternetPermission Change-Id: I2f353663389fc0f992e5a1b424c12215a2b074b0 |
||
|
Greg Kroah-Hartman
|
4344de2f79 |
This is the 4.14.108 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyWNiQACgkQONu9yGCS aT4jlw/+J6vIuvv0XYExoBG60RfXdYPJiO6NWoo1gj+61W+uM3JQNdO4n5aUIGdw DMrrtdyBfGUWsP6Y+9YYvazQmUaj4dpC5soG+h9tCtKEbmwUO3zsj6Tg9W+P5fdY SrILqbThA1l3Wn1JX2RP8OI0olYmLmhbzYYIk0cN4hUXO3yIPhmKPnVC+zmijvNI Y5nPMRdUUvlD0ZYV7K5BNkja3I/UHY0Z9WlV0AsWQNV36oYJQL7UMINm1ysY0pLf PXlGnKlFLveif4ElsZf+02dv79Tj3njDHUfTHh9ZhgEcwqpDJFQeMX9udyeZxE4F b+RQzJKxBo6ffQHec7j+mlMr6tPYAfn2/nnlxMFjddXpyVVPk0jG4CpqyyzllkC2 ZGMwrUba1YTSOn7a5OUnNxuMseAn6ly2cLm0Z/BIr712NL7PT7DICtoiF+NkI0kb kvExae+bg4OIMHJDiCH3xRx7pBtus+ABZnbcovAdJmW/ITpLJkbmrMsozpWXjNlz FkuyInDd3jinpGX1AP5lN+QQMUPYsUs1zr7BmWpdOGL2X7/HDA/apw342o8UmffL Rsnck/spMIm8olS1nBZiZGu8nJs8yp4lS8hT/3qevP0aaCeTfVqkyJxEMijkLm4p g1q/yqsE9fIZTenjlSfkIETopSLbiKAwC2Lbs8pYOGiB7mhXcPg= =sq7B -----END PGP SIGNATURE----- Merge 4.14.108 into android-4.14 Changes in 4.14.108 9p: use inode->i_lock to protect i_size_write() under 32-bit 9p/net: fix memory leak in p9_client_create ASoC: fsl_esai: fix register setting issue in RIGHT_J mode iio: adc: exynos-adc: Fix NULL pointer exception on unbind stm class: Fix an endless loop in channel allocation crypto: caam - fixed handling of sg list crypto: ahash - fix another early termination in hash walk crypto: rockchip - fix scatterlist nents error crypto: rockchip - update new iv to device in multiple operations drm/imx: ignore plane updates on disabled crtcs gpu: ipu-v3: Fix i.MX51 CSI control registers offset drm/imx: imx-ldb: add missing of_node_puts gpu: ipu-v3: Fix CSI offsets for imx53 s390/dasd: fix using offset into zero size array error Input: pwm-vibra - prevent unbalanced regulator Input: pwm-vibra - stop regulator after disabling pwm, not before ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug Input: cap11xx - switch to using set_brightness_blocking() Input: ps2-gpio - flush TX work when closing port Input: matrix_keypad - use flush_delayed_work() mac80211: Fix Tx aggregation session tear down with ITXQs ipvs: fix dependency on nf_defrag_ipv6 floppy: check_events callback should not return a negative number NFS: Don't use page_file_mapping after removing the page mm/gup: fix gup_pmd_range() for dax Revert "mm: use early_pfn_to_nid in page_ext_init" mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs net: hns: Fix object reference leaks in hns_dsaf_roce_reset() i2c: cadence: Fix the hold bit setting i2c: bcm2835: Clear current buffer pointers and counts after a transfer auxdisplay: ht16k33: fix potential user-after-free on module unload Input: st-keyscan - fix potential zalloc NULL dereference clk: sunxi-ng: v3s: Fix TCON reset de-assert bit clk: sunxi: A31: Fix wrong AHB gate number esp: Skip TX bytes accounting when sending from a request socket ARM: 8824/1: fix a migrating irq bug when hotplug cpu af_key: unconditionally clone on broadcast assoc_array: Fix shortcut creation keys: Fix dependency loop between construction record and auth key scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task net: systemport: Fix reception of BPDUs pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins qmi_wwan: apply SET_DTR quirk to Sierra WP7607 net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue ASoC: topology: free created components in tplg load error qed: Fix iWARP syn packet mac address validation. arm64: Relax GIC version check during early boot net: marvell: mvneta: fix DMA debug warning tmpfs: fix link accounting when a tmpfile is linked in ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN ARCv2: lib: memcpy: fix doing prefetchw outside of buffer ARC: uacces: remove lp_start, lp_end from clobber list ARCv2: support manual regfile save on interrupts phonet: fix building with clang mac80211_hwsim: propagate genlmsg_reply return code net: thunderx: make CFG_DONE message to run through generic send-ack sequence nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K nfp: bpf: fix ALU32 high bits clearance bug net: set static variable an initial value in atl2_probe() tmpfs: fix uninitialized return value in shmem_link media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() stm class: Prevent division by zero libnvdimm/label: Clear 'updating' flag after label-set update libnvdimm, pfn: Fix over-trim in trim_pfn_device() libnvdimm/pmem: Honor force_raw for legacy pmem regions libnvdimm: Fix altmap reservation size calculation fix cgroup_do_mount() handling of failure exits crypto: arm/crct10dif - revert to C code for short inputs crypto: arm64/crct10dif - revert to C code for short inputs crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails crypto: testmgr - skip crc32c context test for ahash algorithms crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine CIFS: Do not reset lease state to NONE on lease break CIFS: Fix read after write for files with read caching tracing: Use strncpy instead of memcpy for string keys in hist triggers tracing: Do not free iter->trace in fail path of tracing_open_pipe() xen: fix dom0 boot on huge systems ACPI / device_sysfs: Avoid OF modalias creation for removed device mmc: sdhci-esdhc-imx: fix HS400 timing issue spi: ti-qspi: Fix mmap read when more than one CS in use spi: pxa2xx: Setup maximum supported DMA transfer length regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 regulator: max77620: Initialize values for DT properties regulator: s2mpa01: Fix step values for some LDOs clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown s390/setup: fix early warning messages s390/virtio: handle find on invalid queue gracefully scsi: virtio_scsi: don't send sc payload with tmfs scsi: aacraid: Fix performance issue on logical drives scsi: sd: Optimal I/O size should be a multiple of physical block size scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock fs/devpts: always delete dcache dentry-s in dput() splice: don't merge into linked buffers m68k: Add -ffreestanding to CFLAGS Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl btrfs: ensure that a DUP or RAID1 block group has exactly two stripes Btrfs: fix corruption reading shared and compressed extents after hole punching crypto: pcbc - remove bogus memcpy()s with src == dest libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table x86/kprobes: Prohibit probing on optprobe template code cpufreq: tegra124: add missing of_node_put() cpufreq: pxa2xx: remove incorrect __init annotation ext4: add mask of ext4 flags to swap ext4: fix crash during online resizing IB/hfi1: Close race condition on user context disable and close cxl: Wrap iterations over afu slices inside 'afu_list_lock' ext2: Fix underflow in ext2_max_size() clk: uniphier: Fix update register for CPU-gear clk: clk-twl6040: Fix imprecise external abort for pdmclk clk: ingenic: Fix round_rate misbehaving with non-integer dividers clk: ingenic: Fix doc of ingenic_cgu_div_info usb: chipidea: tegra: Fix missed ci_hdrc_remove_device() nfit: acpi_nfit_ctl(): Check out_obj->type in the right place mm: hwpoison: fix thp split handing in soft_offline_in_use_page() mm/vmalloc: fix size check for remap_vmalloc_range_partial() kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv device property: Fix the length used in PROPERTY_ENTRY_STRING() intel_th: Don't reference unassigned outputs parport_pc: fix find_superio io compare code, should use equal test. i2c: tegra: fix maximum transfer size crypto: arm64/aes-neonbs - fix returning final keystream block drm/i915: Relax mmap VMA check serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart serial: 8250_pci: Fix number of ports for ACCES serial cards serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() jbd2: clear dirty flag when revoking a buffer from an older transaction jbd2: fix compile warning when using JBUFFER_TRACE security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock powerpc/32: Clear on-stack exception marker upon exception return powerpc/wii: properly disable use of BATs when requested. powerpc/powernv: Make opal log only readable by root powerpc/83xx: Also save/restore SPRG4-7 during suspend powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration powerpc/traps: fix recoverability of machine check handling on book3s/32 powerpc/traps: Fix the message printed when stack overflows ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify arm64: Fix HCR.TGE status for NMI contexts arm64: debug: Ensure debug handlers check triggering exception level arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 dm: fix to_sector() for 32bit dm integrity: limit the rate of error messages cpcap-charger: generate events for userspace NFS: Fix I/O request leakages NFS: Fix an I/O request leakage in nfs_do_recoalesce NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() nfsd: fix memory corruption caused by readdir nfsd: fix wrong check in write_v4_end_grace() NFSv4.1: Reinitialise sequence results before retransmitting a request PM / wakeup: Rework wakeup source timer cancellation bcache: never writeback a discard operation x86/unwind/orc: Fix ORC unwind table alignment perf intel-pt: Fix CYC timestamp calculation after OVF perf auxtrace: Define auxtrace record alignment perf intel-pt: Fix overlap calculation for padding perf intel-pt: Fix divide by zero when TSC is not available md: Fix failed allocation of md_register_thread tpm/tpm_crb: Avoid unaligned reads in crb_recv() tpm: Unify the send callback behaviour rcu: Do RCU GP kthread self-wakeup from softirq and interrupt media: imx: prpencvf: Stop upstream before disabling IDMA channel media: uvcvideo: Avoid NULL pointer dereference at the end of streaming media: vimc: Add vimc-streamer for stream control media: imx: csi: Disable CSI immediately after last EOF media: imx: csi: Stop upstream before disabling IDMA channel drm/radeon/evergreen_cs: fix missing break in switch statement KVM: Call kvm_arch_memslots_updated() before updating memslots KVM: x86/mmu: Detect MMIO generation wrap in any address space KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux KVM: nVMX: Sign extend displacements of VMX instr's mem operands KVM: nVMX: Apply addr size mask to effective address for VMX instructions KVM: nVMX: Ignore limit checks on VMX instructions using flat segments s390/setup: fix boot crash for machine without EDAT-1 Linux 4.14.108 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Martin Willi
|
a12795d795 |
esp: Skip TX bytes accounting when sending from a request socket
[ Upstream commit 09db51241118aeb06e1c8cd393b45879ce099b36 ] On ESP output, sk_wmem_alloc is incremented for the added padding if a socket is associated to the skb. When replying with TCP SYNACKs over IPsec, the associated sk is a casted request socket, only. Increasing sk_wmem_alloc on a request socket results in a write at an arbitrary struct offset. In the best case, this produces the following WARNING: WARNING: CPU: 1 PID: 0 at lib/refcount.c:102 esp_output_head+0x2e4/0x308 [esp4] refcount_t: addition on 0; use-after-free. CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.0.0-rc3 #2 Hardware name: Marvell Armada 380/385 (Device Tree) [...] [<bf0ff354>] (esp_output_head [esp4]) from [<bf1006a4>] (esp_output+0xb8/0x180 [esp4]) [<bf1006a4>] (esp_output [esp4]) from [<c05dee64>] (xfrm_output_resume+0x558/0x664) [<c05dee64>] (xfrm_output_resume) from [<c05d07b0>] (xfrm4_output+0x44/0xc4) [<c05d07b0>] (xfrm4_output) from [<c05956bc>] (tcp_v4_send_synack+0xa8/0xe8) [<c05956bc>] (tcp_v4_send_synack) from [<c0586ad8>] (tcp_conn_request+0x7f4/0x948) [<c0586ad8>] (tcp_conn_request) from [<c058c404>] (tcp_rcv_state_process+0x2a0/0xe64) [<c058c404>] (tcp_rcv_state_process) from [<c05958ac>] (tcp_v4_do_rcv+0xf0/0x1f4) [<c05958ac>] (tcp_v4_do_rcv) from [<c0598a4c>] (tcp_v4_rcv+0xdb8/0xe20) [<c0598a4c>] (tcp_v4_rcv) from [<c056eb74>] (ip_protocol_deliver_rcu+0x2c/0x2dc) [<c056eb74>] (ip_protocol_deliver_rcu) from [<c056ee6c>] (ip_local_deliver_finish+0x48/0x54) [<c056ee6c>] (ip_local_deliver_finish) from [<c056eecc>] (ip_local_deliver+0x54/0xec) [<c056eecc>] (ip_local_deliver) from [<c056efac>] (ip_rcv+0x48/0xb8) [<c056efac>] (ip_rcv) from [<c0519c2c>] (__netif_receive_skb_one_core+0x50/0x6c) [...] The issue triggers only when not using TCP syncookies, as for syncookies no socket is associated. Fixes: cac2661c53f3 ("esp4: Avoid skb_cow_data whenever possible") Fixes: 03e2a30f6a27 ("esp6: Avoid skb_cow_data whenever possible") Signed-off-by: Martin Willi <martin@strongswan.org> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
0892a3e235 |
This is the 4.14.107 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyQ3OUACgkQONu9yGCS aT66eRAAhhcpaNw+GLOW8CHov3tdWNomxLEkX7muVbjI1ei/9FGCyL8KDWbYCUCD tylYn+7xvrjcZcmB0IsV9BMLNQjxBxkIBQfhLFY4Y3S20CUwyJ73Qjxli+1FWg0+ 6IAjE4782UH9Y7sVnsABFrkLMyGltgjxfMbrCkuRb4/rciLwWxQGFfrA0ryeSIlX FO+UH03RMMW7Z32rV70JMfdiXRrSGd/uZ6cjkYKdrSUWVc8JEjKuxXngd7ugZZuQ 5Fdf56wAu7DeDwsdeo/TGAXOhb4gZGdQgh83R2o1zw0/e2m3WP9cNMdlkL60TWLw 00x+MwrCrmGRHuDPGhVWYAGGluJ4tFPRrr2YTKg7mD1GS+gTlkmmHkosIqbx3RKw B60YLtX/qhBv6/OhNOIF+RkI1+re0wHUPaJrqZVr+ohPOazlan7YOSLk3FFR36sS Hd3ohEBiyhwXfVTZ5VI2KD7VtEozyj0Pfvw+WmHXw5b++e0K/yLAMi9odrN3BSYA Zt0HWPHIr9UK0wrerC6ykWn9ef8ToxKx7R4EoaEF/uzLY6Sq0AmGWNY0eb+RQYQI HbK9xZ0K3fJj2Ha6tLO7S9PI2EhqFu8tG2olMpwHhUHo3/2WwoACnMHO0uDs59Fk lgGBz3q3N48xDyrOBc+FBhzE3AsyZRmn+8NmFZ6g6uLIdulI5FU= =9ln6 -----END PGP SIGNATURE----- Merge 4.14.107 into android-4.14 Changes in 4.14.107 ACPICA: Reference Counts: increase max to 0x4000 for large servers perf tools: Fix compile error with libunwind x86 gro_cells: make sure device is up in gro_cells_receive() ipv4/route: fail early when inet dev is missing l2tp: fix infoleak in l2tp_ip6_recvmsg() net: hsr: fix memory leak in hsr_dev_finalize() net/hsr: fix possible crash in add_timer() net: sit: fix UBSAN Undefined behaviour in check_6rd net/x25: fix use-after-free in x25_device_event() net/x25: reset state in x25_connect() pptp: dst_release sk_dst_cache in pptp_sock_destruct ravb: Decrease TxFIFO depth of Q3 and Q2 to one route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race rxrpc: Fix client call queueing, waiting for channel tcp: Don't access TCP_SKB_CB before initializing it tcp: handle inet_csk_reqsk_queue_add() failures vxlan: Fix GRO cells race condition between receive and link delete vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() net/mlx4_core: Fix reset flow when in command polling mode net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling net/mlx4_core: Fix qp mtt size calculation net/x25: fix a race in x25_bind() mdio_bus: Fix use-after-free on device_register fails net: Set rtm_table to RT_TABLE_COMPAT for ipv6 for tables > 255 bonding: fix PACKET_ORIGDEV regression missing barriers in some of unix_sock ->addr and ->path accesses ipvlan: disallow userns cap_net_admin to change global mode/flags perf/x86: Fixup typo in stub functions ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 ALSA: firewire-motu: fix construction of PCM frame for capture direction perf/x86/intel: Fix memory corruption perf/x86/intel: Make dev_attr_allow_tsx_force_abort static It's wrong to add len to sector_nr in raid10 reshape twice vhost/vsock: fix vhost vsock cid hashing inconsistent Linux 4.14.107 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Guillaume Nault
|
bb73b63799 |
tcp: handle inet_csk_reqsk_queue_add() failures
[ Upstream commit 9d3e1368bb45893a75a5dfb7cd21fdebfa6b47af ]
Commit 7716682cc58e ("tcp/dccp: fix another race at listener
dismantle") let inet_csk_reqsk_queue_add() fail, and adjusted
{tcp,dccp}_check_req() accordingly. However, TFO and syncookies
weren't modified, thus leaking allocated resources on error.
Contrary to tcp_check_req(), in both syncookies and TFO cases,
we need to drop the request socket. Also, since the child socket is
created with inet_csk_clone_lock(), we have to unlock it and drop an
extra reference (->sk_refcount is initially set to 2 and
inet_csk_reqsk_queue_add() drops only one ref).
For TFO, we also need to revert the work done by tcp_try_fastopen()
(with reqsk_fastopen_remove()).
Fixes: 7716682cc58e ("tcp/dccp: fix another race at listener dismantle")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Christoph Paasch
|
d51c4c0c1f |
tcp: Don't access TCP_SKB_CB before initializing it
[ Upstream commit f2feaefdabb0a6253aa020f65e7388f07a9ed47c ]
Since commit eeea10b83a13 ("tcp: add
tcp_v4_fill_cb()/tcp_v4_restore_cb()"), tcp_vX_fill_cb is only called
after tcp_filter(). That means, TCP_SKB_CB(skb)->end_seq still points to
the IP-part of the cb.
We thus should not mock with it, as this can trigger bugs (thanks
syzkaller):
[ 12.349396] ==================================================================
[ 12.350188] BUG: KASAN: slab-out-of-bounds in ip6_datagram_recv_specific_ctl+0x19b3/0x1a20
[ 12.351035] Read of size 1 at addr ffff88006adbc208 by task test_ip6_datagr/1799
Setting end_seq is actually no more necessary in tcp_filter as it gets
initialized later on in tcp_vX_fill_cb.
Cc: Eric Dumazet <edumazet@google.com>
Fixes: eeea10b83a13 ("tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb()")
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|