mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
9156 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Eric Dumazet
|
c38a32e30a |
tcp: md5: do not send silly options in SYNCOOKIES
[ Upstream commit e114e1e8ac9d31f25b9dd873bab5d80c1fc482ca ]
Whenever cookie_init_timestamp() has been used to encode
ECN,SACK,WSCALE options, we can not remove the TS option in the SYNACK.
Otherwise, tcp_synack_options() will still advertize options like WSCALE
that we can not deduce later when receiving the packet from the client
to complete 3WHS.
Note that modern linux TCP stacks wont use MD5+TS+SACK in a SYN packet,
but we can not know for sure that all TCP stacks have the same logic.
Before the fix a tcpdump would exhibit this wrong exchange :
10:12:15.464591 IP C > S: Flags [S], seq 4202415601, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 456965269 ecr 0,nop,wscale 8], length 0
10:12:15.464602 IP S > C: Flags [S.], seq 253516766, ack 4202415602, win 65535, options [nop,nop,md5 valid,mss 1400,nop,nop,sackOK,nop,wscale 8], length 0
10:12:15.464611 IP C > S: Flags [.], ack 1, win 256, options [nop,nop,md5 valid], length 0
10:12:15.464678 IP C > S: Flags [P.], seq 1:13, ack 1, win 256, options [nop,nop,md5 valid], length 12
10:12:15.464685 IP S > C: Flags [.], ack 13, win 65535, options [nop,nop,md5 valid], length 0
After this patch the exchange looks saner :
11:59:59.882990 IP C > S: Flags [S], seq 517075944, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 1751508483 ecr 0,nop,wscale 8], length 0
11:59:59.883002 IP S > C: Flags [S.], seq 1902939253, ack 517075945, win 65535, options [nop,nop,md5 valid,mss 1400,sackOK,TS val 1751508479 ecr 1751508483,nop,wscale 8], length 0
11:59:59.883012 IP C > S: Flags [.], ack 1, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508479], length 0
11:59:59.883114 IP C > S: Flags [P.], seq 1:13, ack 1, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508479], length 12
11:59:59.883122 IP S > C: Flags [.], ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508483 ecr 1751508483], length 0
11:59:59.883152 IP S > C: Flags [P.], seq 1:13, ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508484 ecr 1751508483], length 12
11:59:59.883170 IP C > S: Flags [.], ack 13, win 256, options [nop,nop,md5 valid,nop,nop,TS val 1751508484 ecr 1751508484], length 0
Of course, no SACK block will ever be added later, but nothing should break.
Technically, we could remove the 4 nops included in MD5+TS options,
but again some stacks could break seeing not conventional alignment.
Fixes: 4957faade11b ("TCPCT part 1g: Responder Cookie => Initiator")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Christoph Paasch
|
27c4201992 |
tcp: make sure listeners don't initialize congestion-control state
[ Upstream commit ce69e563b325f620863830c246a8698ccea52048 ] syzkaller found its way into setsockopt with TCP_CONGESTION "cdg". tcp_cdg_init() does a kcalloc to store the gradients. As sk_clone_lock just copies all the memory, the allocated pointer will be copied as well, if the app called setsockopt(..., TCP_CONGESTION) on the listener. If now the socket will be destroyed before the congestion-control has properly been initialized (through a call to tcp_init_transfer), we will end up freeing memory that does not belong to that particular socket, opening the door to a double-free: [ 11.413102] ================================================================== [ 11.414181] BUG: KASAN: double-free or invalid-free in tcp_cleanup_congestion_control+0x58/0xd0 [ 11.415329] [ 11.415560] CPU: 3 PID: 4884 Comm: syz-executor.5 Not tainted 5.8.0-rc2 #80 [ 11.416544] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 [ 11.418148] Call Trace: [ 11.418534] <IRQ> [ 11.418834] dump_stack+0x7d/0xb0 [ 11.419297] print_address_description.constprop.0+0x1a/0x210 [ 11.422079] kasan_report_invalid_free+0x51/0x80 [ 11.423433] __kasan_slab_free+0x15e/0x170 [ 11.424761] kfree+0x8c/0x230 [ 11.425157] tcp_cleanup_congestion_control+0x58/0xd0 [ 11.425872] tcp_v4_destroy_sock+0x57/0x5a0 [ 11.426493] inet_csk_destroy_sock+0x153/0x2c0 [ 11.427093] tcp_v4_syn_recv_sock+0xb29/0x1100 [ 11.427731] tcp_get_cookie_sock+0xc3/0x4a0 [ 11.429457] cookie_v4_check+0x13d0/0x2500 [ 11.433189] tcp_v4_do_rcv+0x60e/0x780 [ 11.433727] tcp_v4_rcv+0x2869/0x2e10 [ 11.437143] ip_protocol_deliver_rcu+0x23/0x190 [ 11.437810] ip_local_deliver+0x294/0x350 [ 11.439566] __netif_receive_skb_one_core+0x15d/0x1a0 [ 11.441995] process_backlog+0x1b1/0x6b0 [ 11.443148] net_rx_action+0x37e/0xc40 [ 11.445361] __do_softirq+0x18c/0x61a [ 11.445881] asm_call_on_stack+0x12/0x20 [ 11.446409] </IRQ> [ 11.446716] do_softirq_own_stack+0x34/0x40 [ 11.447259] do_softirq.part.0+0x26/0x30 [ 11.447827] __local_bh_enable_ip+0x46/0x50 [ 11.448406] ip_finish_output2+0x60f/0x1bc0 [ 11.450109] __ip_queue_xmit+0x71c/0x1b60 [ 11.451861] __tcp_transmit_skb+0x1727/0x3bb0 [ 11.453789] tcp_rcv_state_process+0x3070/0x4d3a [ 11.456810] tcp_v4_do_rcv+0x2ad/0x780 [ 11.457995] __release_sock+0x14b/0x2c0 [ 11.458529] release_sock+0x4a/0x170 [ 11.459005] __inet_stream_connect+0x467/0xc80 [ 11.461435] inet_stream_connect+0x4e/0xa0 [ 11.462043] __sys_connect+0x204/0x270 [ 11.465515] __x64_sys_connect+0x6a/0xb0 [ 11.466088] do_syscall_64+0x3e/0x70 [ 11.466617] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 11.467341] RIP: 0033:0x7f56046dc469 [ 11.467844] Code: Bad RIP value. [ 11.468282] RSP: 002b:00007f5604dccdd8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 11.469326] RAX: ffffffffffffffda RBX: 000000000068bf00 RCX: 00007f56046dc469 [ 11.470379] RDX: 0000000000000010 RSI: 0000000020000000 RDI: 0000000000000004 [ 11.471311] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 11.472286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 11.473341] R13: 000000000041427c R14: 00007f5604dcd5c0 R15: 0000000000000003 [ 11.474321] [ 11.474527] Allocated by task 4884: [ 11.475031] save_stack+0x1b/0x40 [ 11.475548] __kasan_kmalloc.constprop.0+0xc2/0xd0 [ 11.476182] tcp_cdg_init+0xf0/0x150 [ 11.476744] tcp_init_congestion_control+0x9b/0x3a0 [ 11.477435] tcp_set_congestion_control+0x270/0x32f [ 11.478088] do_tcp_setsockopt.isra.0+0x521/0x1a00 [ 11.478744] __sys_setsockopt+0xff/0x1e0 [ 11.479259] __x64_sys_setsockopt+0xb5/0x150 [ 11.479895] do_syscall_64+0x3e/0x70 [ 11.480395] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 11.481097] [ 11.481321] Freed by task 4872: [ 11.481783] save_stack+0x1b/0x40 [ 11.482230] __kasan_slab_free+0x12c/0x170 [ 11.482839] kfree+0x8c/0x230 [ 11.483240] tcp_cleanup_congestion_control+0x58/0xd0 [ 11.483948] tcp_v4_destroy_sock+0x57/0x5a0 [ 11.484502] inet_csk_destroy_sock+0x153/0x2c0 [ 11.485144] tcp_close+0x932/0xfe0 [ 11.485642] inet_release+0xc1/0x1c0 [ 11.486131] __sock_release+0xc0/0x270 [ 11.486697] sock_close+0xc/0x10 [ 11.487145] __fput+0x277/0x780 [ 11.487632] task_work_run+0xeb/0x180 [ 11.488118] __prepare_exit_to_usermode+0x15a/0x160 [ 11.488834] do_syscall_64+0x4a/0x70 [ 11.489326] entry_SYSCALL_64_after_hwframe+0x44/0xa9 Wei Wang fixed a part of these CDG-malloc issues with commit c12014440750 ("tcp: memset ca_priv data to 0 properly"). This patch here fixes the listener-scenario: We make sure that listeners setting the congestion-control through setsockopt won't initialize it (thus CDG never allocates on listeners). For those who use AF_UNSPEC to reuse a socket, tcp_disconnect() is changed to cleanup afterwards. (The issue can be reproduced at least down to v4.4.x.) Cc: Wei Wang <weiwan@google.com> Cc: Eric Dumazet <edumazet@google.com> Fixes: 2b0a8c9eee81 ("tcp: add CDG congestion control") Signed-off-by: Christoph Paasch <cpaasch@apple.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Eric Dumazet
|
31d1c0e9f0 |
tcp: md5: allow changing MD5 keys in all socket states
[ Upstream commit 1ca0fafd73c5268e8fc4b997094b8bb2bfe8deea ]
This essentially reverts commit 721230326891 ("tcp: md5: reject TCP_MD5SIG
or TCP_MD5SIG_EXT on established sockets")
Mathieu reported that many vendors BGP implementations can
actually switch TCP MD5 on established flows.
Quoting Mathieu :
Here is a list of a few network vendors along with their behavior
with respect to TCP MD5:
- Cisco: Allows for password to be changed, but within the hold-down
timer (~180 seconds).
- Juniper: When password is initially set on active connection it will
reset, but after that any subsequent password changes no network
resets.
- Nokia: No notes on if they flap the tcp connection or not.
- Ericsson/RedBack: Allows for 2 password (old/new) to co-exist until
both sides are ok with new passwords.
- Meta-Switch: Expects the password to be set before a connection is
attempted, but no further info on whether they reset the TCP
connection on a change.
- Avaya: Disable the neighbor, then set password, then re-enable.
- Zebos: Would normally allow the change when socket connected.
We can revert my prior change because commit 9424e2e7ad93 ("tcp: md5: fix potential
overestimation of TCP option space") removed the leak of 4 kernel bytes to
the wire that was the main reason for my patch.
While doing my investigations, I found a bug when a MD5 key is changed, leading
to these commits that stable teams want to consider before backporting this revert :
Commit 6a2febec338d ("tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()")
Commit e6ced831ef11 ("tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers")
Fixes: 721230326891 "tcp: md5: reject TCP_MD5SIG or TCP_MD5SIG_EXT on established sockets"
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
e940e4baf9 |
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
[ Upstream commit e6ced831ef11a2a06e8d00aad9d4fc05b610bf38 ]
My prior fix went a bit too far, according to Herbert and Mathieu.
Since we accept that concurrent TCP MD5 lookups might see inconsistent
keys, we can use READ_ONCE()/WRITE_ONCE() instead of smp_rmb()/smp_wmb()
Clearing all key->key[] is needed to avoid possible KMSAN reports,
if key->keylen is increased. Since tcp_md5_do_add() is not fast path,
using __GFP_ZERO to clear all struct tcp_md5sig_key is simpler.
data_race() was added in linux-5.8 and will prevent KCSAN reports,
this can safely be removed in stable backports, if data_race() is
not yet backported.
v2: use data_race() both in tcp_md5_hash_key() and tcp_md5_do_add()
Fixes: 6a2febec338d ("tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Marco Elver <elver@google.com>
Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
2e5bc03802 |
tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
[ Upstream commit 6a2febec338df7e7699a52d00b2e1207dcf65b28 ]
MD5 keys are read with RCU protection, and tcp_md5_do_add()
might update in-place a prior key.
Normally, typical RCU updates would allocate a new piece
of memory. In this case only key->key and key->keylen might
be updated, and we do not care if an incoming packet could
see the old key, the new one, or some intermediate value,
since changing the key on a live flow is known to be problematic
anyway.
We only want to make sure that in the case key->keylen
is changed, cpus in tcp_md5_hash_key() wont try to use
uninitialized data, or crash because key->keylen was
read twice to feed sg_init_one() and ahash_request_set_crypt()
Fixes: 9ea88a153001 ("tcp: md5: check md5 signature without socket lock")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Sabrina Dubroca
|
b99658d8d1 |
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
[ Upstream commit 5eff06902394425c722f0a44d9545909a8800f79 ]
IPv4 ping sockets don't set fl4.fl4_icmp_{type,code}, which leads to
incomplete IPsec ACQUIRE messages being sent to userspace. Currently,
both raw sockets and IPv6 ping sockets set those fields.
Expected output of "ip xfrm monitor":
acquire proto esp
sel src 10.0.2.15/32 dst 8.8.8.8/32 proto icmp type 8 code 0 dev ens4
policy src 10.0.2.15/32 dst 8.8.8.8/32
<snip>
Currently with ping sockets:
acquire proto esp
sel src 10.0.2.15/32 dst 8.8.8.8/32 proto icmp type 0 code 0 dev ens4
policy src 10.0.2.15/32 dst 8.8.8.8/32
<snip>
The Libreswan test suite found this problem after Fedora changed the
value for the sysctl net.ipv4.ping_group_range.
Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
Reported-by: Paul Wouters <pwouters@redhat.com>
Tested-by: Paul Wouters <pwouters@redhat.com>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Greg Kroah-Hartman
|
b726057b9e |
Linux 4.14.187
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAl77n3MACgkQ3qZv95d3 LNzAARAAusuJS+bN1O8HuoKkjr+2Tv1UFKrYkBQTlSgChNFwgWiSCVrU4LeSSp0E H0K+ranCQZvMoFDAODkYP2C+WrxAFscRHahrkBA3sGo0+LHNxhfxyycM36I/w5Jk iRR4WkH7wpLgeTj4h2IIbSUyaCnp5pRzkKb70fzKxDgDQmBWvGFcQ0Pv9JzeKWiw 3Wz9KqKLUfEaUhIrdTFbONvbDXe82a3SE54lEy1apqL1NRumBa/rL8W8oBk7LfHE 8bGM4gd/+bRSER+tZZrWfdzazJ2uIVCCYtEm5R03NxkHZVuslKY+UGQbQcL3OxQN btEimZOGjuP1H+P83rjz4oJmhLWzkKGCBH3zVUwlj6PeSiI0suH2UJEhm8CSwONU 88cGkD75hCXxJWYwtW1dqmt7e2CtRwL4t7UgFvZ15cAG8cYgr2C6JOvxkZ0CfkWS GHnchfDKYnN6e3AWbfoNMrQuA/X6uhgU8lhtI+Txr2CD18tnmiwloQ6VRlX0zcwa 5kOsipd4qRRAmGLwGSfkg+cJXSA4Yw42RmK2R+IUeoq8mgHYPF1R8UYYB+fXIsTC g9k9yeRnd92WZuddWtHIVaHNxuOqDYUGuPUoaiEzKeaTlfxjLdxweIGbn1iThO1Y q1w4QxumGvIpSnvJ8yC1P37uT/j61QVIOytAZzNCQBKTorTo0eo= =Dhaj -----END PGP SIGNATURE----- Merge 4.14.187 into android-4.14-stable Changes in 4.14.187 scsi: scsi_devinfo: handle non-terminated strings net: be more gentle about silly gso requests coming from user block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed net: sched: export __netdev_watchdog_up() fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()" apparmor: don't try to replace stale label in ptraceme check ibmveth: Fix max MTU limit mld: fix memory leak in ipv6_mc_destroy_dev() net: bridge: enfore alignment for ethernet address net: fix memleak in register_netdevice() net: usb: ax88179_178a: fix packet alignment padding rocker: fix incorrect error handling in dma_rings_init rxrpc: Fix notification call on completion of discarded calls sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket tcp: grow window for OOO packets only for SACK flows tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes ip_tunnel: fix use-after-free in ip_tunnel_lookup() tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() net: Fix the arp error in some cases net: Do not clear the sock TX queue in sk_set_socket() net: core: reduce recursion limit value USB: ohci-sm501: Add missed iounmap() in remove usb: dwc2: Postponed gadget registration to the udc class driver usb: add USB_QUIRK_DELAY_INIT for Logitech C922 USB: ehci: reopen solution for Synopsys HC bug usb: host: xhci-mtk: avoid runtime suspend when removing hcd usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() ALSA: usb-audio: add quirk for Denon DCD-1500RE xhci: Fix incorrect EP_STATE_MASK xhci: Fix enumeration issue when setting max packet size for FS devices. cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip loop: replace kill_bdev with invalidate_bdev ALSA: usb-audio: uac1: Invalidate ctl on interrupt ALSA: usb-audio: Clean up mixer element list traverse ALSA: usb-audio: Fix OOB access of mixer element list xhci: Poll for U0 after disabling USB2 LPM cifs/smb3: Fix data inconsistent when punch hole cifs/smb3: Fix data inconsistent when zero file range efi/esrt: Fix reference count leak in esre_create_sysfs_entry. ARM: dts: NSP: Correct FA2 mailbox node rxrpc: Fix handling of rwind from an ACK packet RDMA/cma: Protect bind_list and listen_list while finding matching cm id ASoC: rockchip: Fix a reference count leak. RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() net: qed: fix left elements count calculation net: qed: fix NVMe login fails over VFs net: qed: fix excessive QM ILT lines consumption ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() usb: gadget: udc: Potential Oops in error handling code netfilter: ipset: fix unaligned atomic access net: bcmgenet: use hardware padding of runt frames sched/core: Fix PI boosting between RT and DEADLINE tasks ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function net: alx: fix race condition in alx_remove s390/ptrace: fix setting syscall number kbuild: improve cc-option to clean up all temporary files blktrace: break out of blktrace setup on concurrent calls ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table ACPI: sysfs: Fix pm_profile_attr type KVM: X86: Fix MSR range of APIC registers in X2APIC mode KVM: nVMX: Plumb L2 GPA through to PML emulation btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof mm/slab: use memzero_explicit() in kzfree() ocfs2: load global_inode_alloc ocfs2: fix value of OCFS2_INVALID_SLOT ocfs2: fix panic on nfs server over ocfs2 arm64: perf: Report the PC value in REGS_ABI_32 mode tracing: Fix event trigger to accept redundant spaces drm/radeon: fix fb_div check in ni_init_smc_spll_table() Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() sunrpc: fixed rollback in rpc_gssd_dummy_populate() SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() pNFS/flexfiles: Fix list corruption if the mirror count changes NFSv4 fix CLOSE not waiting for direct IO compeletion xfs: add agf freeblocks verify in xfs_agf_verify Revert "tty: hvc: Fix data abort due to race in hvc_open" Linux 4.14.187 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5f3301cdfbf593334e7b3d83f6c83f56a6476a33 |
||
guodeqing
|
897646bcf4 |
net: Fix the arp error in some cases
[ Upstream commit 5eea3a63ff4aba6a26002e657a6d21934b7e2b96 ]
ie.,
$ ifconfig eth0 6.6.6.6 netmask 255.255.255.0
$ ip rule add from 6.6.6.6 table 6666
$ ip route add 9.9.9.9 via 6.6.6.6
$ ping -I 6.6.6.6 9.9.9.9
PING 9.9.9.9 (9.9.9.9) from 6.6.6.6 : 56(84) bytes of data.
3 packets transmitted, 0 received, 100% packet loss, time 2079ms
$ arp
Address HWtype HWaddress Flags Mask Iface
6.6.6.6 (incomplete) eth0
The arp request address is error, this is because fib_table_lookup in
fib_check_nh lookup the destnation 9.9.9.9 nexthop, the scope of
the fib result is RT_SCOPE_LINK,the correct scope is RT_SCOPE_HOST.
Here I add a check of whether this is RT_TABLE_MAIN to solve this problem.
Fixes: 3bfd847203c6 ("net: Use passed in table for nexthop lookups")
Signed-off-by: guodeqing <geffrey.guo@huawei.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Neal Cardwell
|
60491c5ab4 |
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
[ Upstream commit b344579ca8478598937215f7005d6c7b84d28aee ]
Mirja Kuehlewind reported a bug in Linux TCP CUBIC Hystart, where
Hystart HYSTART_DELAY mechanism can exit Slow Start spuriously on an
ACK when the minimum rtt of a connection goes down. From inspection it
is clear from the existing code that this could happen in an example
like the following:
o The first 8 RTT samples in a round trip are 150ms, resulting in a
curr_rtt of 150ms and a delay_min of 150ms.
o The 9th RTT sample is 100ms. The curr_rtt does not change after the
first 8 samples, so curr_rtt remains 150ms. But delay_min can be
lowered at any time, so delay_min falls to 100ms. The code executes
the HYSTART_DELAY comparison between curr_rtt of 150ms and delay_min
of 100ms, and the curr_rtt is declared far enough above delay_min to
force a (spurious) exit of Slow start.
The fix here is simple: allow every RTT sample in a round trip to
lower the curr_rtt.
Fixes: ae27e98a5152 ("[TCP] CUBIC v2.3")
Reported-by: Mirja Kuehlewind <mirja.kuehlewind@ericsson.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Taehee Yoo
|
35e91cf554 |
ip_tunnel: fix use-after-free in ip_tunnel_lookup()
[ Upstream commit ba61539c6ae57f4146284a5cb4f7b7ed8d42bf45 ]
In the datapath, the ip_tunnel_lookup() is used and it internally uses
fallback tunnel device pointer, which is fb_tunnel_dev.
This pointer variable should be set to NULL when a fb interface is deleted.
But there is no routine to set fb_tunnel_dev pointer to NULL.
So, this pointer will be still used after interface is deleted and
it eventually results in the use-after-free problem.
Test commands:
ip netns add A
ip netns add B
ip link add eth0 type veth peer name eth1
ip link set eth0 netns A
ip link set eth1 netns B
ip netns exec A ip link set lo up
ip netns exec A ip link set eth0 up
ip netns exec A ip link add gre1 type gre local 10.0.0.1 \
remote 10.0.0.2
ip netns exec A ip link set gre1 up
ip netns exec A ip a a 10.0.100.1/24 dev gre1
ip netns exec A ip a a 10.0.0.1/24 dev eth0
ip netns exec B ip link set lo up
ip netns exec B ip link set eth1 up
ip netns exec B ip link add gre1 type gre local 10.0.0.2 \
remote 10.0.0.1
ip netns exec B ip link set gre1 up
ip netns exec B ip a a 10.0.100.2/24 dev gre1
ip netns exec B ip a a 10.0.0.2/24 dev eth1
ip netns exec A hping3 10.0.100.2 -2 --flood -d 60000 &
ip netns del B
Splat looks like:
[ 77.793450][ C3] ==================================================================
[ 77.794702][ C3] BUG: KASAN: use-after-free in ip_tunnel_lookup+0xcc4/0xf30
[ 77.795573][ C3] Read of size 4 at addr ffff888060bd9c84 by task hping3/2905
[ 77.796398][ C3]
[ 77.796664][ C3] CPU: 3 PID: 2905 Comm: hping3 Not tainted 5.8.0-rc1+ #616
[ 77.797474][ C3] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 77.798453][ C3] Call Trace:
[ 77.798815][ C3] <IRQ>
[ 77.799142][ C3] dump_stack+0x9d/0xdb
[ 77.799605][ C3] print_address_description.constprop.7+0x2cc/0x450
[ 77.800365][ C3] ? ip_tunnel_lookup+0xcc4/0xf30
[ 77.800908][ C3] ? ip_tunnel_lookup+0xcc4/0xf30
[ 77.801517][ C3] ? ip_tunnel_lookup+0xcc4/0xf30
[ 77.802145][ C3] kasan_report+0x154/0x190
[ 77.802821][ C3] ? ip_tunnel_lookup+0xcc4/0xf30
[ 77.803503][ C3] ip_tunnel_lookup+0xcc4/0xf30
[ 77.804165][ C3] __ipgre_rcv+0x1ab/0xaa0 [ip_gre]
[ 77.804862][ C3] ? rcu_read_lock_sched_held+0xc0/0xc0
[ 77.805621][ C3] gre_rcv+0x304/0x1910 [ip_gre]
[ 77.806293][ C3] ? lock_acquire+0x1a9/0x870
[ 77.806925][ C3] ? gre_rcv+0xfe/0x354 [gre]
[ 77.807559][ C3] ? erspan_xmit+0x2e60/0x2e60 [ip_gre]
[ 77.808305][ C3] ? rcu_read_lock_sched_held+0xc0/0xc0
[ 77.809032][ C3] ? rcu_read_lock_held+0x90/0xa0
[ 77.809713][ C3] gre_rcv+0x1b8/0x354 [gre]
[ ... ]
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Eric Dumazet
|
abbf44f422 |
tcp: grow window for OOO packets only for SACK flows
[ Upstream commit 662051215c758ae8545451628816204ed6cd372d ]
Back in 2013, we made a change that broke fast retransmit
for non SACK flows.
Indeed, for these flows, a sender needs to receive three duplicate
ACK before starting fast retransmit. Sending ACK with different
receive window do not count.
Even if enabling SACK is strongly recommended these days,
there still are some cases where it has to be disabled.
Not increasing the window seems better than having to
rely on RTO.
After the fix, following packetdrill test gives :
// Initialize connection
0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3
+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0
+0 bind(3, ..., ...) = 0
+0 listen(3, 1) = 0
+0 < S 0:0(0) win 32792 <mss 1000,nop,wscale 7>
+0 > S. 0:0(0) ack 1 <mss 1460,nop,wscale 8>
+0 < . 1:1(0) ack 1 win 514
+0 accept(3, ..., ...) = 4
+0 < . 1:1001(1000) ack 1 win 514
// Quick ack
+0 > . 1:1(0) ack 1001 win 264
+0 < . 2001:3001(1000) ack 1 win 514
// DUPACK : Normally we should not change the window
+0 > . 1:1(0) ack 1001 win 264
+0 < . 3001:4001(1000) ack 1 win 514
// DUPACK : Normally we should not change the window
+0 > . 1:1(0) ack 1001 win 264
+0 < . 4001:5001(1000) ack 1 win 514
// DUPACK : Normally we should not change the window
+0 > . 1:1(0) ack 1001 win 264
+0 < . 1001:2001(1000) ack 1 win 514
// Hole is repaired.
+0 > . 1:1(0) ack 5001 win 272
Fixes: 4e4f1fc22681 ("tcp: properly increase rcv_ssthresh for ofo packets")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Venkat Venkatsubra <venkat.x.venkatsubra@oracle.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Srinivasarao P
|
aec6635ddf |
Merge android-4.14.170 (312ed39) into msm-4.14
* refs/heads/tmp-312ed39: Linux 4.14.170 perf report: Fix no libunwind compiled warning break s390 issue btrfs: do not zero f_bavail if we have available space net: Fix skb->csum update in inet_proto_csum_replace16(). l2t_seq_next should increase position index seq_tab_next() should increase position index net/sonic: Quiesce SONIC before re-initializing descriptor memory net/sonic: Fix receive buffer handling net/sonic: Use MMIO accessors net/sonic: Add mutual exclusion for accessing shared state net: fsl/fman: rename IF_MODE_XGMII to IF_MODE_10G net/fsl: treat fsl,erratum-a011043 powerpc/fsl/dts: add fsl,erratum-a011043 qlcnic: Fix CPU soft lockup while collecting firmware dump r8152: get default setting of WOL before initializing airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE tee: optee: Fix compilation issue with nommu ARM: 8955/1: virt: Relax arch timer version check during early boot scsi: fnic: do not queue commands during fwreset vti[6]: fix packet tx through bpf_redirect() ARM: dts: am335x-boneblack-common: fix memory size bnxt_en: Fix ipv6 RFS filter matching logic. net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec wireless: wext: avoid gcc -O3 warning mac80211: Fix TKIP replay protection immediately after key setup cfg80211: Fix radar event during another phy CAC wireless: fix enabling channel 12 for custom regulatory domain qmi_wwan: Add support for Quectel RM500Q ASoC: sti: fix possible sleep-in-atomic igb: Fix SGMII SFP module discovery for 100FX/LX. ixgbe: Fix calculation of queue with VFs and flow director on interface flap ixgbevf: Remove limit of 10 entries for unicast filter list clk: mmp2: Fix the order of timer mux parents mac80211: mesh: restrict airtime metric to peered established plinks soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot ARM: dts: beagle-x15-common: Model 5V0 regulator ARM: dts: sun8i: a83t: Correct USB3503 GPIOs polarity media: si470x-i2c: Move free() past last use of 'radio' cgroup: Prevent double killing of css when enabling threaded cgroup Bluetooth: Fix race condition in hci_release_sock() ttyprintk: fix a potential deadlock in interrupt context issue media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 media: gspca: zero usb_buf media: af9005: uninitialized variable printked media: digitv: don't continue if remote control state can't be read reiserfs: Fix memory leak of journal device string mm/mempolicy.c: fix out of bounds write in mpol_parse_str() ext4: validate the debug_want_extra_isize mount option at parse time arm64: kbuild: remove compressed images on 'make ARCH=arm64 (dist)clean' tools lib: Fix builds when glibc contains strlcpy() PM / devfreq: Add new name attribute for sysfs perf c2c: Fix return type for histogram sorting comparision functions crypto: pcrypt - Fix user-after-free on module unload x86/resctrl: Fix a deadlock due to inaccurate reference x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup x86/resctrl: Fix use-after-free when deleting resource groups vfs: fix do_last() regression crypto: af_alg - Use bh_lock_sock in sk_destruct rsi: fix use-after-free on probe errors net_sched: ematch: reject invalid TCF_EM_SIMPLE usb-storage: Disable UAS on JMicron SATA enclosure PCI: Add DMA alias quirk for Intel VCA NTB atm: eni: fix uninitialized variable warning gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP net: wan: sdla: Fix cast from pointer to integer of different size drivers/net/b44: Change to non-atomic bit operations on pwol_mask spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls watchdog: rn5t618_wdt: fix module aliases watchdog: max77620_wdt: fix potential build errors phy: cpcap-usb: Prevent USB line glitches from waking up modem HID: ite: Add USB id match for Acer SW5-012 keyboard dock arc: eznps: fix allmodconfig kconfig warning zd1211rw: fix storage endpoint lookup rtl8xxxu: fix interface sanity check brcmfmac: fix interface sanity check ath9k: fix storage endpoint lookup crypto: chelsio - fix writing tfm flags to wrong place serial: 8250_bcm2835aux: Fix line mismatch on driver unbind staging: vt6656: Fix false Tx excessive retries reporting. staging: vt6656: use NULLFUCTION stack on mac80211 staging: vt6656: correct packet types for CTS protect, mode. staging: wlan-ng: ensure error return is actually returned staging: most: net: fix buffer overflow usb: dwc3: turn off VBUS when leaving host mode USB: serial: ir-usb: fix IrLAP framing USB: serial: ir-usb: fix link-speed handling USB: serial: ir-usb: add missing endpoint sanity check rsi_91x_usb: fix interface sanity check orinoco_usb: fix interface sanity check ANDROID: cf_defconfig: Remove VIRTIO_CONSOLE ANDROID: cf_defconfig: removed CONFIG_CAN ANDROID: cf_defconfig: removed old VIRTIO configs ANDROID: kallsyms: strip hashes from function names with ThinLTO ANDROID: Incremental fs: Enable incremental-fs in cuttlefish_defconfig ANDROID: fix bpf jit + cfi interactions ANDROID: cuttlefish_defconfig: set CONFIG_IKHEADERS to y UPSTREAM: UAPI: ndctl: Remove use of PAGE_SIZE UPSTREAM: libnvdimm, namespace: make min namespace size 4K ANDROID: Incremental fs: Fix sparse errors Change-Id: I265f394825e9f470cfefc0dafbd0d514c526dfb6 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Srinivasarao P
|
f34d8ef8e8 |
Merge android-4.14.169 (239034f) into msm-4.14
* refs/heads/tmp-239034f: Linux 4.14.169 net/x25: fix nonblocking connect netfilter: ipset: use bitmap infrastructure completely bitmap: Add bitmap_alloc(), bitmap_zalloc() and bitmap_free() md: Avoid namespace collision with bitmap API scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func media: v4l2-ioctl.c: zero reserved fields for S/TRY_FMT libertas: Fix two buffer overflows at parsing bss descriptor coresight: tmc-etf: Do not call smp_processor_id from preemptible coresight: etb10: Do not call smp_processor_id from preemptible sd: Fix REQ_OP_ZONE_REPORT completion handling do_last(): fetch directory ->i_mode and ->i_uid before it's too late tracing: xen: Ordered comparison of function pointers scsi: RDMA/isert: Fix a recently introduced regression related to logout hwmon: (nct7802) Fix voltage limits to wrong registers Input: sun4i-ts - add a check for devm_thermal_zone_of_sensor_register Input: pegasus_notetaker - fix endpoint sanity check Input: aiptek - fix endpoint sanity check Input: gtco - fix endpoint sanity check Input: sur40 - fix interface sanity checks Input: pm8xxx-vib - fix handling of separate enable register Documentation: Document arm64 kpti control mmc: sdhci: fix minimum clock rate for v3 controller mmc: tegra: fix SDR50 tuning override ARM: 8950/1: ftrace/recordmcount: filter relocation types Revert "Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers" Input: keyspan-remote - fix control-message timeouts hwmon: (core) Do not use device managed functions for memory allocations hwmon: (core) Fix double-free in __hwmon_device_register() hwmon: Deal with errors from the thermal subsystem hwmon: (adt7475) Make volt2reg return same reg as reg2volt input net: rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() tcp_bbr: improve arithmetic division in bbr_update_bw() net: usb: lan78xx: Add .ndo_features_check net-sysfs: Fix reference count leak net-sysfs: Call dev_hold always in rx_queue_add_kobject net-sysfs: Call dev_hold always in netdev_queue_add_kobject net-sysfs: fix netdev_queue_add_kobject() breakage net-sysfs: Fix reference count leak in rx|netdev_queue_add_kobject net_sched: fix datalen for ematch net, ip_tunnel: fix namespaces move net, ip6_tunnel: fix namespaces move net: cxgb3_main: Add CAP_NET_ADMIN check to CHELSIO_GET_MEM ipv6: sr: remove SKB_GSO_IPXIP6 on End.D* actions gtp: make sure only SOCK_DGRAM UDP sockets are accepted firestream: fix memory leaks can, slip: Protect tty->disc_data in write_wakeup and close with RCU UPSTREAM: staging: most: net: fix buffer overflow ANDROID: Fixing incremental fs style issues ANDROID: Make incfs selftests pass ANDROID: Initial commit of Incremental FS ANDROID: cuttlefish_defconfig: Enable CONFIG_BTT New header file entries are added to .bp files. Change-Id: I521b976a19c8993b0047ab06e6d42b5107c234a3 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Srinivasarao P
|
8e1e29842d |
Merge android-4.14.168 (509b380) into msm-4.14
* refs/heads/tmp-509b380:
Revert "Revert "ANDROID: security,perf: Allow further restriction of perf_event_open""
Linux 4.14.168
m68k: Call timer_interrupt() with interrupts disabled
serial: stm32: fix clearing interrupt error flags
IB/iser: Fix dma_nents type definition
arm64: dts: juno: Fix UART frequency
drm/radeon: fix bad DMA from INTERRUPT_CNTL2
dmaengine: ti: edma: fix missed failure handling
affs: fix a memory leak in affs_remount
mmc: core: fix wl1251 sdio quirks
mmc: sdio: fix wl1251 vendor id
packet: fix data-race in fanout_flow_is_huge()
net: neigh: use long type to store jiffies delta
hv_netvsc: flag software created hash value
MIPS: Loongson: Fix return value of loongson_hwmon_init
afs: Fix large file support
net: qca_spi: Move reset_count to struct qcaspi
net: netem: correct the parent's backlog when corrupted packet was dropped
net: netem: fix error path for corrupted GSO frames
dmaengine: imx-sdma: fix size check for sdma script_number
drm/msm/dsi: Implement reset correctly
tcp: annotate lockless access to tcp_memory_pressure
net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head
net: avoid possible false sharing in sk_leave_memory_pressure()
act_mirred: Fix mirred_init_module error handling
net: stmmac: fix length of PTP clock's name string
llc: fix sk_buff refcounting in llc_conn_state_process()
llc: fix another potential sk_buff leak in llc_ui_sendmsg()
mac80211: accept deauth frames in IBSS mode
net: stmmac: gmac4+: Not all Unicast addresses may be available
nvme: retain split access workaround for capability reads
net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
of: mdio: Fix a signedness bug in of_phy_get_and_connect()
net: axienet: fix a signedness bug in probe
net: stmmac: dwmac-meson8b: Fix signedness bug in probe
net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
net: aquantia: Fix aq_vec_isr_legacy() return value
iommu/amd: Wait for completion of IOTLB flush in attach_device
net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
RDMA/cma: Fix false error message
ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet
pinctrl: iproc-gpio: Fix incorrect pinconf configurations
net: sonic: replace dev_kfree_skb in sonic_send_packet
hwmon: (shtc1) fix shtc1 and shtw1 id mask
ixgbe: sync the first fragment unconditionally
btrfs: use correct count in btrfs_file_write_iter()
Btrfs: fix inode cache waiters hanging on path allocation failure
Btrfs: fix inode cache waiters hanging on failure to start caching thread
Btrfs: fix hang when loading existing inode cache off disk
scsi: fnic: fix msix interrupt allocation
net: sonic: return NETDEV_TX_OK if failed to map buffer
tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs
ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
iio: dac: ad5380: fix incorrect assignment to val
bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
irqdomain: Add the missing assignment of domain->fwnode for named fwnode
staging: greybus: light: fix a couple double frees
x86, perf: Fix the dependency of the x86 insn decoder selftest
power: supply: Init device wakeup after device_add()
hwmon: (lm75) Fix write operations for negative temperatures
Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
ahci: Do not export local variable ahci_em_messages
iommu/mediatek: Fix iova_to_phys PA start for 4GB mode
mips: avoid explicit UB in assignment of mips_io_port_base
rtc: pcf2127: bugfix: read rtc disables watchdog
media: atmel: atmel-isi: fix timeout value for stop streaming
mac80211: minstrel_ht: fix per-group max throughput rate initialization
dmaengine: dw: platform: Switch to acpi_dma_controller_register()
ASoC: sun4i-i2s: RX and TX counter registers are swapped
signal: Allow cifs and drbd to receive their terminating signals
bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
net/rds: Add a few missing rds_stat_names entries
ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
ext4: set error return correctly when ext4_htree_store_dirent fails
crypto: caam - free resources in case caam_rng registration failed
cifs: fix rmmod regression in cifs.ko caused by force_sig changes
net/mlx5: Fix mlx5_ifc_query_lag_out_bits
ARM: dts: stm32: add missing vdda-supply to adc on stm32h743i-eval
tipc: reduce risk of wakeup queue starvation
ALSA: aoa: onyx: always initialize register read value
crypto: ccp - Reduce maximum stack usage
x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
mic: avoid statically declaring a 'struct device'.
usb: host: xhci-hub: fix extra endianness conversion
qed: reduce maximum stack frame size
libertas_tf: Use correct channel range in lbtf_geo_init
PM: sleep: Fix possible overflow in pm_system_cancel_wakeup()
clk: sunxi-ng: v3s: add the missing PLL_DDR1
scsi: libfc: fix null pointer dereference on a null lport
net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
RDMA/hns: Fixs hw access invalid dma memory error
devres: allow const resource arguments
rxrpc: Fix uninitialized error code in rxrpc_send_data_packet()
mfd: intel-lpss: Release IDA resources
iommu/amd: Make iommu_disable safer
bnxt_en: Fix ethtool selftest crash under error conditions.
nvmem: imx-ocotp: Ensure WAIT bits are preserved when setting timing
clk: qcom: Fix -Wunused-const-variable
dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width"
perf/ioctl: Add check for the sample_period value
drm/msm/a3xx: remove TPL1 regs from snapshot
rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
rtc: pcf8563: Fix interrupt trigger method
ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
net/af_iucv: always register net_device notifier
net: netem: fix backlog accounting for corrupted GSO frames
drm/msm/mdp5: Fix mdp5_cfg_init error return
powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state
iommu/vt-d: Duplicate iommu_resv_region objects per device list
mpls: fix warning with multi-label encap
media: vivid: fix incorrect assignment operation when setting video mode
cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency
cpufreq: brcmstb-avs-cpufreq: Fix initial command check
netvsc: unshare skb in VF rx handler
inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
iommu: Use right function to get group for device
misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
serial: stm32: fix wakeup source initialization
serial: stm32: Add support of TC bit status check
serial: stm32: fix transmit_chars when tx is stopped
serial: stm32: fix rx error handling
crypto: ccp - Fix 3DES complaint from ccp-crypto module
crypto: ccp - fix AES CFB error exposed by new test vectors
spi: spi-fsl-spi: call spi_finalize_current_message() at the end
RDMA/qedr: Fix incorrect device rate.
arm64: dts: meson: libretech-cc: set eMMC as removable
dmaengine: tegra210-adma: Fix crash during probe
ARM: dts: sun8i-h3: Fix wifi in Beelink X2 DT
EDAC/mc: Fix edac_mc_find() in case no device is found
thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
backlight: lm3630a: Return 0 on success in update_status functions
kdb: do a sanity check on the cpu in kdb_per_cpu()
ARM: riscpc: fix lack of keyboard interrupts after irq conversion
pwm: meson: Don't disable PWM when setting duty repeatedly
pwm: meson: Consider 128 a valid pre-divider
netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
crypto: caam - fix caam_dump_sg that iterates through scatterlist
platform/x86: alienware-wmi: printing the wrong error code
media: davinci/vpbe: array underflow in vpbe_enum_outputs()
media: omap_vout: potential buffer overflow in vidioc_dqbuf()
l2tp: Fix possible NULL pointer dereference
vfio/mdev: Fix aborting mdev child device removal if one fails
vfio/mdev: Avoid release parent reference during error path
afs: Fix the afs.cell and afs.volume xattr handlers
lightnvm: pblk: fix lock order in pblk_rb_tear_down_check
mmc: core: fix possible use after free of host
dmaengine: tegra210-adma: restore channel status
net: ena: fix ena_com_fill_hash_function() implementation
net: ena: fix incorrect test of supported hash function
net: ena: fix: Free napi resources when ena_up() fails
net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry
iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
IB/mlx5: Add missing XRC options to QP optional params mask
dwc2: gadget: Fix completed transfer size calculation in DDMA
usb: gadget: fsl: fix link error against usb-gadget module
ASoC: fix valid stream condition
packet: in recvmsg msg_name return at least sizeof sockaddr_ll
scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory
scsi: qla2xxx: Fix a format specifier
irqchip/gic-v3-its: fix some definitions of inner cacheability attributes
NFS: Don't interrupt file writeout due to fatal errors
ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
dmaengine: axi-dmac: Don't check the number of frames for alignment
6lowpan: Off by one handling ->nexthdr
media: ov2659: fix unbalanced mutex_lock/unlock
ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect
powerpc: vdso: Make vdso32 installation conditional in vdso_install
selftests/ipc: Fix msgque compiler warnings
tipc: set sysctl_tipc_rmem and named_timeout right range
platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
net: hns3: fix for vport->bw_limit overflow problem
ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
scsi: target/core: Fix a race condition in the LUN lookup code
scsi: qla2xxx: Unregister chrdev if module initialization fails
ehea: Fix a copy-paste err in ehea_init_port_res
spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
soc/fsl/qe: Fix an error code in qe_pin_request()
spi: tegra114: configure dma burst size to fifo trig level
spi: tegra114: flush fifos
spi: tegra114: terminate dma and reset on transfer timeout
spi: tegra114: fix for unpacked mode transfers
spi: tegra114: clear packed bit for unpacked mode
media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
media: davinci-isif: avoid uninitialized variable use
ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
arm64: dts: allwinner: a64: Add missing PIO clocks
m68k: mac: Fix VIA timer counter accesses
tipc: tipc clang warning
jfs: fix bogus variable self-initialization
regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB
media: cx23885: check allocation return
media: wl128x: Fix an error code in fm_download_firmware()
media: cx18: update *pos correctly in cx18_read_pos()
media: ivtv: update *pos correctly in ivtv_read_pos()
regulator: lp87565: Fix missing register for LP87565_BUCK_0
net: sh_eth: fix a missing check of of_get_phy_mode
xen, cpu_hotplug: Prevent an out of bounds access
drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
scsi: megaraid_sas: reduce module load time
x86/mm: Remove unused variable 'cpu'
nios2: ksyms: Add missing symbol exports
powerpc/mm: Check secondary hash page table
net: aquantia: fixed instack structure overflow
NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE()
netfilter: nft_set_hash: fix lookups with fixed size hash on big endian
regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
ARM: 8848/1: virt: Align GIC version check with arm64 counterpart
ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe
NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount
platform/x86: wmi: fix potential null pointer dereference
clocksource/drivers/exynos_mct: Fix error path in timer resources initialization
clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
NFS: Fix a soft lockup in the delegation recovery code
powerpc/64s: Fix logic when handling unknown CPU features
staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx
fs/nfs: Fix nfs_parse_devname to not modify it's argument
ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
drm/nouveau/pmu: don't print reply values if exec is false
drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
net: dsa: qca8k: Enable delay for RGMII_ID mode
regulator: pv88090: Fix array out-of-bounds access
regulator: pv88080: Fix array out-of-bounds access
regulator: pv88060: Fix array out-of-bounds access
cdc-wdm: pass return value of recover_from_urb_loss
dmaengine: mv_xor: Use correct device for DMA API
staging: r8822be: check kzalloc return or bail
KVM: PPC: Release all hardware TCE tables attached to a group
hwmon: (pmbus/tps53679) Fix driver info initialization in probe routine
vfio_pci: Enable memory accesses before calling pci_map_rom
keys: Timestamp new keys
block: don't use bio->bi_vcnt to figure out segment number
usb: phy: twl6030-usb: fix possible use-after-free on remove
PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio()
pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group
pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
pinctrl: sh-pfc: emev2: Add missing pinmux functions
drm/etnaviv: potential NULL dereference
iw_cxgb4: use tos when finding ipv6 routes
iw_cxgb4: use tos when importing the endpoint
fbdev: chipsfb: remove set but not used variable 'size'
rtc: pm8xxx: fix unintended sign extension
rtc: 88pm80x: fix unintended sign extension
rtc: 88pm860x: fix unintended sign extension
rtc: ds1307: rx8130: Fix alarm handling
net: phy: fixed_phy: Fix fixed_phy not checking GPIO
thermal: mediatek: fix register index error
rtc: ds1672: fix unintended sign extension
staging: most: cdev: add missing check for cdev_add failure
iwlwifi: mvm: fix RSS config command
ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property
ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant
ARM: dts: lpc32xx: reparent keypad controller to SIC1
ARM: dts: lpc32xx: add required clocks property to keypad device node
driver core: Do not resume suppliers under device_links_write_lock()
crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments
driver: uio: fix possible use-after-free in __uio_register_device
driver: uio: fix possible memory leak in __uio_register_device
tty: ipwireless: Fix potential NULL pointer dereference
iwlwifi: mvm: fix A-MPDU reference assignment
net/mlx5: Take lock with IRQs disabled to avoid deadlock
iwlwifi: mvm: avoid possible access out of array.
clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it
spi/topcliff_pch: Fix potential NULL dereference on allocation error
rtc: cmos: ignore bogus century byte
IB/iser: Pass the correct number of entries for dma mapped SGL
ASoC: imx-sgtl5000: put of nodes if finding codec fails
crypto: tgr192 - fix unaligned memory access
crypto: brcm - Fix some set-but-not-used warning
kbuild: mark prepare0 as PHONY to fix external module build
media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL
drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()
RDMA/iw_cxgb4: Fix the unchecked ep dereference
spi: cadence: Correct initialisation of runtime PM
arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD
drm/shmob: Fix return value check in shmob_drm_probe
RDMA/qedr: Fix out of bounds index check in query pkey
RDMA/ocrdma: Fix out of bounds index check in query pkey
IB/usnic: Fix out of bounds index check in query pkey
MIPS: BCM63XX: drop unused and broken DSP platform device
clk: dove: fix refcount leak in dove_clk_init()
clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init()
clk: armada-xp: fix refcount leak in axp_clk_init()
clk: kirkwood: fix refcount leak in kirkwood_clk_init()
clk: armada-370: fix refcount leak in a370_clk_init()
clk: vf610: fix refcount leak in vf610_clocks_init()
clk: imx7d: fix refcount leak in imx7d_clocks_init()
clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
clk: imx6q: fix refcount leak in imx6q_clocks_init()
clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
clk: socfpga: fix refcount leak
clk: qoriq: fix refcount leak in clockgen_init()
clk: highbank: fix refcount leak in hb_clk_init()
Input: nomadik-ske-keypad - fix a loop timeout test
vxlan: changelink: Fix handling of default remotes
pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations
pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
switchtec: Remove immediate status check after submitting MRPC command
staging: bcm2835-camera: Abort probe if there is no camera
IB/rxe: Fix incorrect cache cleanup in error flow
net: phy: Fix not to call phy_resume() if PHY is not attached
drm/dp_mst: Skip validating ports during destruction, just ref
exportfs: fix 'passing zero to ERR_PTR()' warning
pcrypt: use format specifier in kobject_add
NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks
mlxsw: reg: QEEC: Add minimum shaper fields
drm/sun4i: hdmi: Fix double flag assignation
pwm: lpss: Release runtime-pm reference from the driver's remove callback
staging: comedi: ni_mio_common: protect register write overflow
ALSA: usb-audio: update quirk for B&W PX to remove microphone
IB/hfi1: Add mtu check for operational data VLs
IB/rxe: replace kvfree with vfree
drm/hisilicon: hibmc: Don't overwrite fb helper surface depth
PCI: iproc: Remove PAXC slot check to allow VF support
apparmor: don't try to replace stale label in ptrace access check
ALSA: hda: fix unused variable warning
drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
drm/sti: do not remove the drm_bridge that was never added
crypto: sun4i-ss - fix big endian issues
mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
tipc: fix wrong timeout input for tipc_wait_for_cond()
powerpc/archrandom: fix arch_get_random_seed_int()
mfd: intel-lpss: Add default I2C device properties for Gemini Lake
xfs: Sanity check flags of Q_XQUOTARM call
FROMGIT: ext4: Add EXT4_IOC_FSGETXATTR/EXT4_IOC_FSSETXATTR to compat_ioctl.
ANDROID: cuttlefish_defconfig: enable CONFIG_IKHEADERS as m
ANDROID: cuttlefish_defconfig: enable NVDIMM/PMEM options
UPSTREAM: virtio-pmem: Add virtio pmem driver
BACKPORT: libnvdimm: nd_region flush callback support
UPSTREAM: libnvdimm/of_pmem: Provide a unique name for bus provider
UPSTREAM: libnvdimm/of_pmem: Fix platform_no_drv_owner.cocci warnings
UPSTREAM: libnvdimm, of_pmem: use dev_to_node() instead of of_node_to_nid()
UPSTREAM: libnvdimm: Add device-tree based driver
UPSTREAM: libnvdimm: Add of_node to region and bus descriptors
FROMLIST: security: selinux: allow per-file labelling for binderfs
UPSTREAM: mm/page_io.c: annotate refault stalls from swap_readpage
Revert "ANDROID: security,perf: Allow further restriction of perf_event_open"
ANDROID: selinux: modify RTM_GETLINK permission
UPSTREAM: lib/test_meminit.c: add bulk alloc/free tests
UPSTREAM: lib/test_meminit: add a kmem_cache_alloc_bulk() test
UPSTREAM: mm: slub: really fix slab walking for init_on_free
UPSTREAM: mm/slub.c: init_on_free=1 should wipe freelist ptr for bulk allocations
Conflicts:
drivers/mmc/core/quirks.h
include/uapi/linux/virtio_ids.h
New header file entries are added to .bp files.
Change-Id: I515cb78684f524e239850625b163ba023b517e10
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
8d6de4a1be |
This is the 4.14.184 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7h29YACgkQONu9yGCS aT4BDw/+Mnj09eH74wHYhRAtkGOSLVl6Hye1muIUzjy7EiFfT79/fiYtu3CCW0GZ PYzGcRO3CzbRculdLGi5tT6b43M6HnCeTCyYGG7oSysRqOzQ+XSwaEK8v5ZREJJF OBZE1E2I2C0udg/PbwYXFbsgM4thkmj6SI1yUnMB1XBO/tstI7vfKnbXOCmYb+WQ o8X86B6Z1mDNs5JOOwW/Fw2YMv5iuRzpeJD757supcoHlfHbX/K4vTmAreHUZrma pwtqppdwIcVc3CsBaZLWUxq87okSBnJ4adWbJBPtrnMPsso3e7fcjOS8/u8KaKgu cgQQU2x11TmGO/PtC7+YpyixOZAgaXq/IQ4vsPB30ONsq3aaZD5UyMgplgcRPtVZ n/0eVVq2qJTg3BDeB1oGXRUp+AuVeJYvIOtCNqQyXeKCB0FS0QJo0Zre5WjhctBf GLv6TVaM+heT5uoz9SI3EulsbhD6uA6ZbKLgAVa2U5Y3+mO5JGEORDMOI3nNErHa FKsvrKfuG9B0UJfblTds7FQ7SLWxdeLBE9IFVsQgdP1Aaj8vlDCyIHOmgcPaXm+9 7U3iCL/ZAzeEsZVJ0VzLAKi5+2/cnLcj/2IdkbtR5Yu75sFzzp3npqJbnl7zje8/ hu3zcBBtcFkJgemUqd/rYbK9Audt9FDElr6MobC9NVs9OHc+1e4= =wdH7 -----END PGP SIGNATURE----- Merge 4.14.184 into android-4.14-stable Changes in 4.14.184 scsi: scsi_devinfo: fixup string compare libnvdimm: Fix endian conversion issues scsi: hisi_sas: Check sas_port before using it spi: dw: use "smp_mb()" to avoid sending spi data error s390/ftrace: save traced function caller pppoe: only process PADT targeted at local interfaces ARC: Fix ICCM & DCCM runtime size checks ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT i2c: altera: Fix race between xfer_msg and isr thread x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables net: bmac: Fix read of MAC address from ROM net/ethernet/freescale: rework quiesce/activate for ucc_geth net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x net: smsc911x: Fix runtime PM imbalance on error mm: Fix mremap not considering huge pmd devmap HID: sony: Fix for broken buttons on DS3 USB dongles HID: i2c-hid: add Schneider SCL142ALM to descriptor override p54usb: add AirVasT USB stick device-id kernel/relay.c: handle alloc_percpu returning NULL in relay_open mmc: fix compilation of user API scsi: ufs: Release clock if DMA map fails airo: Fix read overflows sending packets devinet: fix memleak in inetdev_init() l2tp: do not use inet_hash()/inet_unhash() net: usb: qmi_wwan: add Telit LE910C1-EUX composition NFC: st21nfca: add missed kfree_skb() in an error path vsock: fix timeout in vsock_accept() net: check untrusted gso_size at kernel entry l2tp: add sk_family checks to l2tp_validate_socket USB: serial: qcserial: add DW5816e QDL support USB: serial: usb_wwan: do not resubmit rx urb on fatal errors USB: serial: option: add Telit LE910C1-EUX compositions usb: musb: start session in resume for host port usb: musb: Fix runtime PM imbalance on error vt: keyboard: avoid signed integer overflow in k_ascii tty: hvc_console, fix crashes on parallel open/close staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK CDC-ACM: heed quirk also in error handling nvmem: qfprom: remove incorrect write support x86/cpu: Add a steppings field to struct x86_cpu_id x86/cpu: Add 'table' argument to cpu_matches() x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation x86/speculation: Add SRBDS vulnerability and mitigation documentation x86/speculation: Add Ivy Bridge to affected list iio: vcnl4000: Fix i2c swapped word reading. uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned Linux 4.14.184 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I3d4d0f186e858b744255fcbd1d3eb9ee89603774 |
||
Yang Yingliang
|
3e246aad5b |
devinet: fix memleak in inetdev_init()
[ Upstream commit 1b49cd71b52403822731dc9f283185d1da355f97 ]
When devinet_sysctl_register() failed, the memory allocated
in neigh_parms_alloc() should be freed.
Fixes: 20e61da7ffcf ("ipv4: fail early when creating netdev named all or default")
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
40fc2b4825 |
This is the 4.14.183 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7XQKUACgkQONu9yGCS aT5OSxAAz28rgSZtf4zZtryA+dB1VHAXUpqmLgs9gZP8dPQ6qrwBHXIzawvmyfoj KY5DCsAbJSotCuy1XmCGTwzkqk9G3W1Rv4F1+7eDh37sOLUjNjeGn69dCiKKD1HH 6YaBIDsZOYrm207Y1fyTB23hHWGVNMHAVGwBV/lyvy7Lpz+o/JNc+DoqtWtsKCpB 0lhm5qlQttTMKzIgfDSXznJOo5LuO3TWmC94M2JkQwvvoz5C+9njWGO0JB99dIkt svBCX+0xz2stlInxGR8ZQZNRUgM6UMBUyjkljSxpYpEUPnIDRPtE8jY9+gx4aYCk er76ZTBBnWPWH+hlY4biPpg1fWRtj6SLvD3hNgDAuou9re1HVROSdCapcoGVEAvd dYX9RrXsVTRK9QdIQn9zBVuK9YOHNps9+JSL359QzCZ8Kc5t8LlUcxKbTi6P3OZA bnb7yu+/qxpdBeP/AoCkQUdcWUAXrPgR+odQEVm+w4AczYwp0AGbcVqZIM0wZ5zW euSE7W/O/Y6mK89C+D6qOzC/Pz9mTPg9IrLP2tFGAgWd2ZhWJim2YdydZRB/BTfg QEbKOXzjiAxckdqFdfH+JEQ1KIiriu7Y8kdhVzTd2gwqPAsl48/C4rMaOzfwBrk8 W29ZhbDK5cpmiftzay6AxOacMhxDdI9jA7Q5ndtG2qKwsHh5soU= =bPeb -----END PGP SIGNATURE----- Merge 4.14.183 into android-4.14-stable Changes in 4.14.183 ax25: fix setsockopt(SO_BINDTODEVICE) net: ipip: fix wrong address family in init error path net/mlx5: Add command entry handling completion net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()" net sched: fix reporting the first-time use timestamp r8152: support additional Microsoft Surface Ethernet Adapter variant sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed net/mlx5e: Update netdev txq on completions during closure net: qrtr: Fix passing invalid reference to qrtr_local_enqueue() net: sun: fix missing release regions in cas_init_one(). net/mlx4_core: fix a memory leak bug. ARM: dts: rockchip: fix phy nodename for rk3228-evb arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi gpio: tegra: mask GPIO IRQs during IRQ shutdown net: microchip: encx24j600: add missed kthread_stop gfs2: move privileged user check to gfs2_quota_lock_check cachefiles: Fix race between read_waiter and read_copier involving op->to_do usb: gadget: legacy: fix redundant initialization warnings net: freescale: select CONFIG_FIXED_PHY where needed cifs: Fix null pointer check in cifs_read samples: bpf: Fix build error Input: usbtouchscreen - add support for BonXeon TP Input: evdev - call input_flush_device() on release(), not flush() Input: xpad - add custom init packet for Xbox One S controllers Input: dlink-dir685-touchkeys - fix a typo in driver name Input: i8042 - add ThinkPad S230u to i8042 reset list Input: synaptics-rmi4 - really fix attn_data use-after-free Input: synaptics-rmi4 - fix error return code in rmi_driver_probe() ARM: 8843/1: use unified assembler in headers ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h ARM: uaccess: integrate uaccess_save and uaccess_restore ARM: uaccess: fix DACR mismatch with nested exceptions gpio: exar: Fix bad handling for ida_simple_get error path IB/qib: Call kobject_put() when kobject_init_and_add() fails ARM: dts: imx6q-bx50v3: Add internal switch ARM: dts/imx6q-bx50v3: Set display interface clock parents ARM: dts: bcm2835-rpi-zero-w: Fix led polarity mmc: block: Fix use-after-free issue for rpmb RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe() ALSA: hwdep: fix a left shifting 1 by 31 UB bug ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC exec: Always set cap_ambient in cap_bprm_set_creds ALSA: hda/realtek - Add new codec supported for ALC287 libceph: ignore pool overlay and cache logic on redirects mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() include/asm-generic/topology.h: guard cpumask_of_node() macro argument iommu: Fix reference count leak in iommu_group_alloc. parisc: Fix kernel panic in mem_init() mac80211: mesh: fix discovery timer re-arming issue / crash x86/dma: Fix max PFN arithmetic overflow on 32 bit systems copy_xstate_to_kernel(): don't leave parts of destination uninitialized xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output xfrm: fix a warning in xfrm_policy_insert_list xfrm: fix a NULL-ptr deref in xfrm_local_error xfrm: fix error in comment vti4: eliminated some duplicate code. ip_vti: receive ipip packet by calling ip_tunnel_rcv netfilter: nft_reject_bridge: enable reject with bridge vlan netfilter: ipset: Fix subcounter update skip netfilter: nfnetlink_cthelper: unbreak userspace helper support netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code esp6: get the right proto for transport mode in esp6_gso_encap qlcnic: fix missing release in qlcnic_83xx_interrupt_test. bonding: Fix reference count leak in bond_sysfs_slave_add. netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap() sc16is7xx: move label 'err_spi' to correct section rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket KVM: VMX: check for existence of secondary exec controls before accessing net: hns: fix unsigned comparison to less than zero net: hns: Fixes the missing put_device in positive leg for roce reset genirq/generic_pending: Do not lose pending affinity update scsi: zfcp: fix request object use-after-free in send path causing wrong traces Linux 4.14.183 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib69018849fcc55dacce4a6aaaad70921bdee4cd0 |
||
Pablo Neira Ayuso
|
b15b35c649 |
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
commit 4c559f15efcc43b996f4da528cd7f9483aaca36d upstream.
Dan Carpenter says: "Smatch complains that the value for "cmd" comes
from the network and can't be trusted."
Add pptp_msg_name() helper function that checks for the array boundary.
Fixes: f09943fefe6b ("[NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Xin Long
|
5098135b3a |
ip_vti: receive ipip packet by calling ip_tunnel_rcv
commit 976eba8ab596bab94b9714cd46d38d5c6a2c660d upstream.
In Commit dd9ee3444014 ("vti4: Fix a ipip packet processing bug in
'IPCOMP' virtual tunnel"), it tries to receive IPIP packets in vti
by calling xfrm_input(). This case happens when a small packet or
frag sent by peer is too small to get compressed.
However, xfrm_input() will still get to the IPCOMP path where skb
sec_path is set, but never dropped while it should have been done
in vti_ipcomp4_protocol.cb_handler(vti_rcv_cb), as it's not an
ipcomp4 packet. This will cause that the packet can never pass
xfrm4_policy_check() in the upper protocol rcv functions.
So this patch is to call ip_tunnel_rcv() to process IPIP packets
instead.
Fixes: dd9ee3444014 ("vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Jeremy Sowden
|
46b435628a |
vti4: eliminated some duplicate code.
commit f981c57ffd2d7cf2dd4b6d6f8fcb3965df42f54c upstream.
The ipip tunnel introduced in commit dd9ee3444014 ("vti4: Fix a ipip
packet processing bug in 'IPCOMP' virtual tunnel") largely duplicated
the existing vti_input and vti_recv functions. Refactored to
deduplicate the common code.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Yuqi Jin
|
54f7f67f02 |
net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
[ Upstream commit a6211caa634da39d861a47437ffcda8b38ef421b ]
Commit adb03115f459 ("net: get rid of an signed integer overflow in ip_idents_reserve()")
used atomic_cmpxchg to replace "atomic_add_return" inside the function
"ip_idents_reserve". The reason was to avoid UBSAN warning.
However, this change has caused performance degrade and in GCC-8,
fno-strict-overflow is now mapped to -fwrapv -fwrapv-pointer
and signed integer overflow is now undefined by default at all
optimization levels[1]. Moreover, it was a bug in UBSAN vs -fwrapv
/-fno-strict-overflow, so Let's revert it safely.
[1] https://gcc.gnu.org/gcc-8/changes.html
Suggested-by: Peter Zijlstra <peterz@infradead.org>
Suggested-by: Eric Dumazet <edumazet@google.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Jiri Pirko <jiri@resnulli.us>
Cc: Arvind Sankar <nivedita@alum.mit.edu>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jiong Wang <jiongwang@huawei.com>
Signed-off-by: Yuqi Jin <jinyuqi@huawei.com>
Signed-off-by: Shaokun Zhang <zhangshaokun@hisilicon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Vadim Fedorenko
|
5e2b8fc962 |
net: ipip: fix wrong address family in init error path
[ Upstream commit 57ebc8f08504f176eb0f25b3e0fde517dec61a4f ]
In case of error with MPLS support the code is misusing AF_INET
instead of AF_MPLS.
Fixes: 1b69e7e6c4da ("ipip: support MPLS over IPv4")
Signed-off-by: Vadim Fedorenko <vfedorenko@novek.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Maciej Żenczykowski
|
08870bd1a2 |
ANDROID: namespace'ify tcp_default_init_rwnd implementation
Not needed in 4.19+ since this Android specific sysctl was not included in later kernels. Test: via uml net tests with namespaces enabled Bug: 149894399 Signed-off-by: Maciej Żenczykowski <maze@google.com> Change-Id: I2ad1dbc977d40ee260bde23c6ed32f2706082660 |
||
|
Greg Kroah-Hartman
|
4f02b6c9ac |
This is the 4.14.181 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7Ey28ACgkQONu9yGCS aT5HHBAApSN5pEsCeogd9V1h20Gsx9TteDrn1qVqIxa4k7FczL7TuhGZw3SH9JjI oK7xvZK8JknVvr+GSnk+OO7oU64L3qtZ+icfrdqVecBIsxiyu3gopmazjLP+QxEo x+9xqR9clqTjOgQx3S8rH9s09fgsZMNAp1Ga8juyGZWxFkPoLiSyB+SDEIFwL43v IYeC2uJc5lnv8+vNGAcEHAJiphxKeWJLd/etmelIaFrp+kkmO0nIoszR9uLNkr8i yuCqt2tCSd3vVaQqjSOpg/3u1PnQpmMqvKqWXuDKBOkr9nz7cgOf+6uWeuo3Fvro Ji8q0Dtay1xNJLgwCGH3c98OsiRE5OMX0dIpadcDCteFwJOSryu7tkf5ODp7BA+Q EjZx5DIhvNa/7auqarqMJvblconocZnJ+8zcN2aGL8Yn57Q0bsfyiHyB6bMW98+/ J0dMSuXl0c9MPLKa28+31hrmeThs5kG15EpTUzBrkXcTbsLGxPoJVC4IFIACwqlg lyhokwuZ87slEZfnz91R3V2Ehdyl5d8ci2/DBzzZiPjgGsUoxWH1pwmb5WO2agNf K9l9VVsGCAl+gqY41kI9UCf3BNzv/sc2uScjlnOIjpGrNI4IVc/bGq1y1ktIY4UC WV3Qux5GvwHbS/Dbrapv7B5Tt9EtbLmAPbnCCJ93e1mXXEkUw3o= =6R5g -----END PGP SIGNATURE----- Merge 4.14.181 into android-4.14-stable Changes in 4.14.181 USB: serial: qcserial: Add DW5816e support dp83640: reverse arguments to list_add_tail fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks net: macsec: preserve ingress frame ordering net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc() net: usb: qmi_wwan: add support for DW5816e sch_choke: avoid potential panic in choke_reset() sch_sfq: validate silly quantum values bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). net/mlx5: Fix forced completion access non initialized command entry net/mlx5: Fix command entry leak in Internal Error State bnxt_en: Improve AER slot reset. bnxt_en: Fix VF anti-spoof filter setup. net: stricter validation of untrusted gso packets ipv6: fix cleanup ordering for ip6_mr failure HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6 HID: usbhid: Fix race between usbhid_close() and usbhid_stop() USB: uas: add quirk for LaCie 2Big Quadra USB: serial: garmin_gps: add sanity checking for data length tracing: Add a vmalloc_sync_mappings() for safe measure KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous() coredump: fix crash when umh is disabled batman-adv: fix batadv_nc_random_weight_tq batman-adv: Fix refcnt leak in batadv_show_throughput_override batman-adv: Fix refcnt leak in batadv_store_throughput_override batman-adv: Fix refcnt leak in batadv_v_ogm_process x86/entry/64: Fix unwind hints in kernel exit path x86/entry/64: Fix unwind hints in rewind_stack_do_exit() x86/unwind/orc: Don't skip the first frame for inactive tasks x86/unwind/orc: Prevent unwinding before ORC initialization x86/unwind/orc: Fix error path for bad ORC entry type netfilter: nat: never update the UDP checksum when it's 0 objtool: Fix stack offset tracking for indirect CFAs scripts/decodecode: fix trapping instruction formatting net: ipv6: add net argument to ip6_dst_lookup_flow net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup blktrace: fix unlocked access to init/start-stop/teardown blktrace: fix trace mutex deadlock blktrace: Protect q->blk_trace with RCU blktrace: fix dereference after null check f2fs: introduce read_inline_xattr f2fs: introduce read_xattr_block f2fs: sanity check of xattr entry size f2fs: fix to avoid accessing xattr across the boundary f2fs: fix to avoid memory leakage in f2fs_listxattr net: stmmac: Use mutex instead of spinlock shmem: fix possible deadlocks on shmlock_user_lock net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' net: moxa: Fix a potential double 'free_irq()' drop_monitor: work around gcc-10 stringop-overflow warning virtio-blk: handle block_device_operations callbacks after hot unplug scsi: sg: add sg_remove_request in sg_write dmaengine: pch_dma.c: Avoid data race between probe and irq handler dmaengine: mmp_tdma: Reset channel error on release cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once ALSA: hda/hdmi: fix race in monitor detection during probe drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper() ipc/util.c: sysvipc_find_ipc() incorrectly updates position index ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse x86/entry/64: Fix unwind hints in register clearing code ipmi: Fix NULL pointer dereference in ssif_probe pinctrl: baytrail: Enable pin configuration setting for GPIO chip pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler i40iw: Fix error handling in i40iw_manage_arp_cache() netfilter: conntrack: avoid gcc-10 zero-length-bounds warning IB/mlx4: Test return value of calls to ib_get_cached_pkey hwmon: (da9052) Synchronize access with mfd pnp: Use list_for_each_entry() instead of open coding gcc-10 warnings: fix low-hanging fruit kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig Stop the ad-hoc games with -Wno-maybe-initialized gcc-10: disable 'zero-length-bounds' warning for now gcc-10: disable 'array-bounds' warning for now gcc-10: disable 'stringop-overflow' warning for now gcc-10: disable 'restrict' warning for now gcc-10: avoid shadowing standard library 'free()' in crypto x86/asm: Add instruction suffixes to bitops net: phy: micrel: Use strlcpy() for ethtool::get_strings net: fix a potential recursive NETDEV_FEAT_CHANGE netlabel: cope with NULL catmap net: phy: fix aneg restart in phy_ethtool_set_eee Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu" hinic: fix a bug of ndo_stop net: dsa: loop: Add module soft dependency net: ipv4: really enforce backoff for redirects netprio_cgroup: Fix unlimited memory leak of v2 cgroups net: tcp: fix rx timestamp behavior for tcp_recvmsg ALSA: hda/realtek - Limit int mic boost for Thinkpad T530 ALSA: rawmidi: Initialize allocated buffers ALSA: rawmidi: Fix racy buffer resize under concurrent accesses ARM: dts: dra7: Fix bus_dma_limit for PCIe ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries x86: Fix early boot crash on gcc-10, third try ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B usb: host: xhci-plat: keep runtime active when removing host USB: gadget: fix illegal array access in binding with UDC usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list x86/unwind/orc: Fix error handling in __unwind_start() exec: Move would_dump into flush_old_exec clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()' usb: gadget: audio: Fix a missing error return value in audio_bind() usb: gadget: legacy: fix error return code in gncm_bind() usb: gadget: legacy: fix error return code in cdc_bind() Revert "ALSA: hda/realtek: Fix pop noise on ALC225" arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy ARM: dts: r8a73a4: Add missing CMT1 interrupts ARM: dts: r8a7740: Add missing extal2 to CPG node KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce Makefile: disallow data races on gcc-10 as well Linux 4.14.181 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie1fb614d727dc6aad472bea0234073076eae8c8b |
||
Kelly Littlepage
|
8df010e4c8 |
net: tcp: fix rx timestamp behavior for tcp_recvmsg
[ Upstream commit cc4de047b33be247f9c8150d3e496743a49642b8 ]
The stated intent of the original commit is to is to "return the timestamp
corresponding to the highest sequence number data returned." The current
implementation returns the timestamp for the last byte of the last fully
read skb, which is not necessarily the last byte in the recv buffer. This
patch converts behavior to the original definition, and to the behavior of
the previous draft versions of commit 98aaa913b4ed ("tcp: Extend
SOF_TIMESTAMPING_RX_SOFTWARE to TCP recvmsg") which also match this
behavior.
Fixes: 98aaa913b4ed ("tcp: Extend SOF_TIMESTAMPING_RX_SOFTWARE to TCP recvmsg")
Co-developed-by: Iris Liu <iris@onechronos.com>
Signed-off-by: Iris Liu <iris@onechronos.com>
Signed-off-by: Kelly Littlepage <kelly@onechronos.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Paolo Abeni
|
370c57bd4d |
net: ipv4: really enforce backoff for redirects
[ Upstream commit 57644431a6c2faac5d754ebd35780cf43a531b1a ]
In commit b406472b5ad7 ("net: ipv4: avoid mixed n_redirects and
rate_tokens usage") I missed the fact that a 0 'rate_tokens' will
bypass the backoff algorithm.
Since rate_tokens is cleared after a redirect silence, and never
incremented on redirects, if the host keeps receiving packets
requiring redirect it will reply ignoring the backoff.
Additionally, the 'rate_last' field will be updated with the
cadence of the ingress packet requiring redirect. If that rate is
high enough, that will prevent the host from generating any
other kind of ICMP messages
The check for a zero 'rate_tokens' value was likely a shortcut
to avoid the more complex backoff algorithm after a redirect
silence period. Address the issue checking for 'n_redirects'
instead, which is incremented on successful redirect, and
does not interfere with other ICMP replies.
Fixes: b406472b5ad7 ("net: ipv4: avoid mixed n_redirects and rate_tokens usage")
Reported-and-tested-by: Colin Walters <walters@redhat.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Paolo Abeni
|
0f5ae0f5b2 |
netlabel: cope with NULL catmap
[ Upstream commit eead1c2ea2509fd754c6da893a94f0e69e83ebe4 ]
The cipso and calipso code can set the MLS_CAT attribute on
successful parsing, even if the corresponding catmap has
not been allocated, as per current configuration and external
input.
Later, selinux code tries to access the catmap if the MLS_CAT flag
is present via netlbl_catmap_getlong(). That may cause null ptr
dereference while processing incoming network traffic.
Address the issue setting the MLS_CAT flag only if the catmap is
really allocated. Additionally let netlbl_catmap_getlong() cope
with NULL catmap.
Reported-by: Matthew Sheets <matthew.sheets@gd-ms.com>
Fixes: 4b8feff251da ("netlabel: fix the horribly broken catmap functions")
Fixes: ceba1832b1b2 ("calipso: Set the calipso socket label to match the secattr.")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Srinivasarao P
|
410eca3cca |
Merge android-4.14.167 (571f968) into msm-4.14
* refs/heads/tmp-571f968: Linux 4.14.167 regulator: ab8500: Remove SYSCLKREQ from enum ab8505_regulator_id perf probe: Fix wrong address verification scsi: core: scsi_trace: Use get_unaligned_be*() scsi: qla2xxx: fix rports not being mark as lost in sync fabric scan scsi: qla2xxx: Fix qla2x00_request_irqs() for MSI scsi: target: core: Fix a pr_debug() argument scsi: bnx2i: fix potential use after free scsi: qla4xxx: fix double free bug scsi: esas2r: unlock on error in esas2r_nvram_read_direct() reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr Revert "arm64: dts: juno: add dma-ranges property" tick/sched: Annotate lockless access to last_jiffies_update cfg80211: check for set_wiphy_params arm64: dts: meson-gxl-s905x-khadas-vim: fix gpio-keys-polled node cw1200: Fix a signedness bug in cw1200_load_firmware() xen/blkfront: Adjust indentation in xlvbd_alloc_gendisk tcp: fix marked lost packets not being retransmitted r8152: add missing endpoint sanity check ptp: free ptp device pin descriptors properly net/wan/fsl_ucc_hdlc: fix out of bounds write on array utdm_info net: usb: lan78xx: limit size of local TSO packets net: hns: fix soft lockup when there is not enough memory net: dsa: tag_qca: fix doubled Tx statistics hv_netvsc: Fix memory leak when removing rndis device macvlan: use skb_reset_mac_header() in macvlan_queue_xmit() batman-adv: Fix DAT candidate selection on little endian systems NFC: pn533: fix bulk-message timeout netfilter: arp_tables: init netns pointer in xt_tgdtor_param struct netfilter: fix a use-after-free in mtype_destroy() cfg80211: fix page refcount issue in A-MSDU decap arm64: dts: agilex/stratix10: fix pmu interrupt numbers mm/huge_memory.c: thp: fix conflict of above-47bit hint address and PMD alignment mm/huge_memory.c: make __thp_get_unmapped_area static USB: serial: io_edgeport: handle unbound ports on URB completion USB: serial: io_edgeport: use irqsave() in USB's complete callback net: stmmac: Enable 16KB buffer size net: stmmac: 16KB buffer must be 16 byte aligned mm/page-writeback.c: avoid potential division by zero in wb_min_max_ratio() btrfs: fix memory leak in qgroup accounting mm/shmem.c: thp, shmem: fix conflict of above-47bit hint address and PMD alignment perf report: Fix incorrectly added dimensions as switch perf data file perf hists: Fix variable name's inconsistency in hists__for_each() macro x86/efistub: Disable paging at mixed mode entry x86/resctrl: Fix an imbalance in domain_remove_cpu() usb: core: hub: Improved device recognition on remote wakeup ptrace: reintroduce usage of subjective credentials in ptrace_has_cap() scsi: mptfusion: Fix double fetch bug in ioctl scsi: fnic: fix invalid stack access USB: serial: quatech2: handle unbound ports USB: serial: keyspan: handle unbound ports USB: serial: io_edgeport: add missing active-port sanity check USB: serial: ch341: handle unbound port at reset_resume USB: serial: suppress driver bind attributes USB: serial: option: add support for Quectel RM500Q in QDL mode USB: serial: opticon: fix control-message timeouts USB: serial: option: Add support for Quectel RM500Q USB: serial: simple: Add Motorola Solutions TETRA MTP3xxx and MTP85xx iio: buffer: align the size of scan bytes to size of the largest element ARM: dts: am571x-idk: Fix gpios property to have the correct gpio number block: fix an integer overflow in logical block size Fix built-in early-load Intel microcode alignment ALSA: seq: Fix racy access for queue timer in proc read ASoC: msm8916-wcd-analog: Fix selected events for MIC BIAS External1 clk: Don't try to enable critical clocks if prepare failed dt-bindings: reset: meson8b: fix duplicate reset IDs Change-Id: I8dd465e2236497910afadfc5546a0b9ee84d0543 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Srinivasarao P
|
52dea22a16 |
Merge android-4.14.165 (748d727) into msm-4.14
* refs/heads/tmp-748d727: cuttlefish - enable CONFIG_NETFILTER_XT_MATCH_QUOTA2_LOG=y ANDROID: Enable HID_STEAM as y Linux 4.14.165 drm/i915/gen9: Clear residual context state on context switch netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO is present netfilter: arp_tables: init netns pointer in xt_tgchk_param struct phy: cpcap-usb: Fix flakey host idling and enumerating of devices phy: cpcap-usb: Fix error path when no host driver is loaded USB: Fix: Don't skip endpoint descriptors with maxpacket=0 HID: hiddev: fix mess in hiddev_open() arm64: cpufeature: Avoid warnings due to unused symbols ath10k: fix memory leak rtl8xxxu: prevent leaking urb scsi: bfa: release allocated memory in case of error mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf mwifiex: fix possible heap overflow in mwifiex_process_country_ie() tty: always relink the port tty: link tty and port before configuring it as console staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 drm/dp_mst: correct the shifting in DP_REMOTE_I2C_READ drm/fb-helper: Round up bits_per_pixel if possible Input: add safety guards to input_set_keycode() HID: hid-input: clear unmapped usages staging: comedi: adv_pci1710: fix AI channels 16-31 for PCI-1713 usb: musb: dma: Correct parameter passed to IRQ handler usb: musb: Disable pullup at init usb: musb: fix idling for suspend after disconnect interrupt USB: serial: option: add ZLP support for 0x1bc7/0x9010 staging: vt6656: set usb_set_intfdata on driver fail. gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism gpiolib: acpi: Turn dmi_system_id table into a generic quirk table can: can_dropped_invalid_skb(): ensure an initialized headroom in outgoing CAN sk_buffs can: mscan: mscan_rx_poll(): fix rx path lockup when returning from polling to irq mode can: gs_usb: gs_usb_probe(): use descriptors of current altsetting HID: uhid: Fix returning EPOLLOUT from uhid_char_poll HID: Fix slab-out-of-bounds read in hid_field_extract tracing: Have stack tracer compile when MCOUNT_INSN_SIZE is not defined kernel/trace: Fix do not unregister tracepoints when register sched_migrate_task fail ALSA: hda/realtek - Set EAPD control to default for ALC222 ALSA: hda/realtek - Add new codec supported for ALCS1200A ALSA: usb-audio: Apply the sample rate quirk for Bose Companion 5 usb: chipidea: host: Disable port power only if previously enabled chardev: Avoid potential use-after-free in 'chrdev_open()' UPSTREAM: kcov: fix struct layout for kcov_remote_arg UPSTREAM: vhost, kcov: collect coverage from vhost_worker UPSTREAM: usb, kcov: collect coverage from hub_event BACKPORT: kcov: remote coverage support UPSTREAM: kcov: improve CONFIG_ARCH_HAS_KCOV help text UPSTREAM: kcov: convert kcov.refcount to refcount_t UPSTREAM: kcov: no need to check return value of debugfs_create functions UPSTREAM: kernel/kcov.c: mark write_comp_data() as notrace UPSTREAM: kernel/kcov.c: mark funcs in __sanitizer_cov_trace_pc() as notrace BACKPORT: sched/core / kcov: avoid kcov_area during task switch UPSTREAM: kcov: prefault the kcov_area BACKPORT: kcov: test compiler capability in Kconfig and correct dependency UPSTREAM: gcc-plugins: fix build condition of SANCOV plugin UPSTREAM: kcov: fix comparison callback signature UPSTREAM: kcov: update documentation BACKPORT: Makefile: support flag -fsanitizer-coverage=trace-cmp BACKPORT: kcov: support comparison operands collection UPSTREAM: kcov: remove pointless current != NULL check docs: fs-verity: mention statx() support f2fs: support STATX_ATTR_VERITY ext4: support STATX_ATTR_VERITY statx: define STATX_ATTR_VERITY docs: fs-verity: document first supported kernel version f2fs: add support for IV_INO_LBLK_64 encryption policies ext4: add support for IV_INO_LBLK_64 encryption policies fscrypt: add support for IV_INO_LBLK_64 policies fscrypt: avoid data race on fscrypt_mode::logged_impl_name fscrypt: zeroize fscrypt_info before freeing fscrypt: remove struct fscrypt_ctx fscrypt: invoke crypto API for ESSIV handling Conflicts: arch/arm64/kernel/cpufeature.c fs/crypto/bio.c include/linux/fscrypt.h Change-Id: Ib93acf5f5b5d66770ee3af1312cff999a84910eb Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Srinivasarao P
|
14e46ae0c8 |
Merge android-4.14.164 (d2905c6) into msm-4.14
* refs/heads/tmp-d2905c6: Linux 4.14.164 vlan: fix memory leak in vlan_dev_set_egress_priority net: sch_prio: When ungrafting, replace with FIFO vlan: vlan_changelink() should propagate errors vxlan: fix tos value before xmit tcp: fix "old stuff" D-SACK causing SACK to be treated as D-SACK sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY USB: serial: option: add Telit ME910G1 0x110a composition USB: core: fix check for duplicate endpoints pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM net: usb: lan78xx: fix possible skb leak net: stmmac: dwmac-sunxi: Allow all RGMII modes net: stmmac: dwmac-sun8i: Allow all RGMII modes net: dsa: mv88e6xxx: Preserve priority when setting CPU port. macvlan: do not assume mac_header is set in macvlan_broadcast() gtp: fix bad unlock balance in gtp_encap_enable_socket mmc: block: propagate correct returned value in mmc_rpmb_ioctl mmc: core: Prevent bus reference leak in mmc_blk_init() mmc: block: Fix bug when removing RPMB chardev mmc: block: Delete mmc_access_rpmb() mmc: block: Convert RPMB to a character device PCI/switchtec: Read all 64 bits of part_event_bitmap bpf: Fix passing modified ctx to ld/abs/ind instruction bpf: reject passing modified ctx to helper functions hv_netvsc: Fix unwanted rx_table reset llc2: Fix return statement of llc_stat_ev_rx_null_dsap_xid_c (and _test_c) parisc: Fix compiler warnings in debug_core.c block: fix memleak when __blk_rq_map_user_iov() is failed s390/dasd: fix memleak in path handling error case s390/dasd/cio: Interpret ccw_device_get_mdc return value correctly net: stmmac: RX buffer size must be 16 byte aligned net: stmmac: Do not accept invalid MTU values fs: avoid softlockups in s_inodes iterators perf/x86/intel: Fix PT PMI handling kconfig: don't crash on NULL expressions in expr_eq() regulator: rn5t618: fix module aliases ASoC: wm8962: fix lambda value rfkill: Fix incorrect check to avoid NULL pointer dereference net: usb: lan78xx: Fix error message format specifier bnx2x: Fix logic to get total no. of PFs per engine bnx2x: Do not handle requests from VFs after parity powerpc: Ensure that swiotlb buffer is allocated from low memory samples: bpf: fix syscall_tp due to unused syscall samples: bpf: Replace symbol compare of trace_event ARM: dts: am437x-gp/epos-evm: fix panel compatible bpf, mips: Limit to 33 tail calls ARM: dts: bcm283x: Fix critical trip point ASoC: topology: Check return value for soc_tplg_pcm_create() spi: spi-cavium-thunderx: Add missing pci_release_regions() ARM: dts: Cygnus: Fix MDIO node address/size cells netfilter: nf_tables: validate NFT_SET_ELEM_INTERVAL_END netfilter: uapi: Avoid undefined left-shift in xt_sctp.h ARM: vexpress: Set-up shared OPP table instead of individual for each CPU efi/gop: Fix memory leak in __gop_query32/64() efi/gop: Return EFI_SUCCESS if a usable GOP was found efi/gop: Return EFI_NOT_FOUND if there are no usable GOPs x86/efi: Update e820 with reserved EFI boot services data to fix kexec breakage libtraceevent: Fix lib installation with O= mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() netfilter: ctnetlink: netns exit must wait for callbacks locking/spinlock/debug: Fix various data races USB: dummy-hcd: increase max number of devices to 32 USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein UPSTREAM: USB: dummy-hcd: use usb_urb_dir_in instead of usb_pipein UPSTREAM: USB: dummy-hcd: increase max number of devices to 32 UPSTREAM: USB: dummy-hcd: Fix failure to give back unlinked URBs UPSTREAM: USB: dummy-hcd: bandwidth limits for non-bulk transfers BACKPORT: perf_event: Add support for LSM and SELinux checks ANDROID: cuttlefish_defconfig: remove 80211_HWSIM Conflicts: drivers/mmc/core/block.c drivers/mmc/core/queue.h drivers/net/ethernet/stmicro/stmmac/stmmac_main.c kernel/events/core.c kernel/locking/spinlock_debug.c Excluded below commits as per mmc team's suggestion mmc: block: propagate correct returned value in mmc_rpmb_ioctl mmc: core: Prevent bus reference leak in mmc_blk_init() mmc: block: Fix bug when removing RPMB chardev mmc: block: Delete mmc_access_rpmb() mmc: block: Convert RPMB to a character device Change-Id: I1ec72ef72135c50e5bf46b6f66f1dd88b18add28 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
a810d3c5bf |
This is the 4.14.178 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6tkL8ACgkQONu9yGCS
aT4DqQ/+NU5DTIpe/G453W7kieNu1S4JqjxITOj0syGBOzpWqXXyqyMTghps8G0O
6NR1kHh19rEZIo+aP2ltJB0cErQiVwmSN4msgs5AuBWj7krVIKZMp6LVLGxrp/b5
BI0/uHnyv1pvRN42eKBynxVBS0JEqht/gZwMWDd4+FsBEP37wqjhb4NH4+3VwlFs
qkpEhys91sVWbXhh/6u9id0wFm0C4M77hcRki3bp6giNKliVRqE1Tv3rCWP4IBUQ
dBujckqpgiOx2fI2PPadmB8FAoMGNTRL5DhsvJXAkcpU+9PsKEIW58NMggMDqer6
YXs/PCeuhJql5QUnnChdHrojbsv1xYRPvArB+fgb5F53AivHQ9f50pRN8Df28DBN
h4J3OpAWTT1A/gce8SCoO0oPFDEWleGdKWQW/qaMRKBQf94CnKyRsIOVaUr9oABS
bxI5B2OPiFNvkG1ImE+un8Fcty/0ZEtxSKnxJLjVD01sghxtVIi1TBQCR8XKDqWv
cLyYsQV+VexOFkOS980TVHQGGqMu5QqmLeyaImOxzOvV6h7lb0tcx87ycNS1AABF
stfkTARfScn6aKPwBdnWC4PfKVqfcthGNYxqAmZdEPsiglaeySIiKTsg8K/kAjYO
8HS2OdJllBNpjovH9rSMA6GPuxz0aiHF3KgaCeobUy6U88PIFzQ=
=u1LD
-----END PGP SIGNATURE-----
Merge 4.14.178 into android-4.14-stable
Changes in 4.14.178
ext4: fix extent_status fragmentation for plain files
net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
net: ipv4: avoid unused variable warning for sysctl
keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h
drm/msm: Use the correct dma_sync calls harder
crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static
vti4: removed duplicate log message.
watchdog: reset last_hw_keepalive time at start
scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
ceph: return ceph_mdsc_do_request() errors from __get_parent()
ceph: don't skip updating wanted caps when cap is stale
pwm: rcar: Fix late Runtime PM enablement
scsi: iscsi: Report unbind session event when the target has been removed
ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map()
kernel/gcov/fs.c: gcov_seq_next() should increase position index
selftests: kmod: fix handling test numbers above 9
ipc/util.c: sysvipc_find_ipc() should increase position index
s390/cio: avoid duplicated 'ADD' uevents
pwm: renesas-tpu: Fix late Runtime PM enablement
pwm: bcm2835: Dynamically allocate base
perf/core: Disable page faults when getting phys address
PCI/ASPM: Allow re-enabling Clock PM
mm, slub: restore the original intention of prefetch_freepointer()
cxgb4: fix large delays in PTP synchronization
ipv6: fix restrict IPV6_ADDRFORM operation
macsec: avoid to set wrong mtu
macvlan: fix null dereference in macvlan_device_event()
net: bcmgenet: correct per TX/RX ring statistics
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
net/x25: Fix x25_neigh refcnt leak when receiving frame
tcp: cache line align MAX_TCP_HEADER
team: fix hang in team_mode_get()
net: dsa: b53: Fix ARL register definitions
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
vrf: Check skb for XFRM_TRANSFORMED flag
KEYS: Avoid false positive ENOMEM error on key read
ALSA: hda: Remove ASUS ROG Zenith from the blacklist
iio: adc: stm32-adc: fix sleep in atomic context
iio: xilinx-xadc: Fix ADC-B powerdown
iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode
fs/namespace.c: fix mountpoint reference counter race
USB: sisusbvga: Change port variable from signed to unsigned
USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE
USB: early: Handle AMD's spec-compliant identifiers, too
USB: core: Fix free-while-in-use bug in the USB S-Glibrary
USB: hub: Fix handling of connect changes during sleep
overflow.h: Add arithmetic shift helper
vmalloc: fix remap_vmalloc_range() bounds checks
mm/hugetlb: fix a addressing exception caused by huge_pte_offset
mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
tools/vm: fix cross-compile build
ALSA: usx2y: Fix potential NULL dereference
ALSA: hda/realtek - Add new codec supported for ALC245
ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
tpm/tpm_tis: Free IRQ if probing fails
tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send()
KVM: Check validity of resolved slot when searching memslots
KVM: VMX: Enable machine check support for 32bit targets
tty: hvc: fix buffer overflow during hvc_alloc().
tty: rocket, avoid OOB access
usb-storage: Add unusual_devs entry for JMicron JMS566
audit: check the length of userspace generated audit records
ASoC: dapm: fixup dapm kcontrol widget
iwlwifi: pcie: actually release queue memory in TVQM
ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
powerpc/setup_64: Set cache-line-size based on cache-block-size
staging: comedi: dt2815: fix writing hi byte of analog output
staging: comedi: Fix comedi_device refcnt leak in comedi_open
vt: don't hardcode the mem allocation upper bound
staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
staging: vt6656: Fix calling conditions of vnt_set_bss_mode
staging: vt6656: Fix drivers TBTT timing counter.
staging: vt6656: Fix pairwise key entry save.
staging: vt6656: Power save stop wake_up_count wrap around.
cdc-acm: close race betrween suspend() and acm_softint
cdc-acm: introduce a cool down
UAS: no use logging any details in case of ENODEV
UAS: fix deadlock in error handling and PM flushing work
usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
serial: sh-sci: Make sure status register SCxSR is read in correct sequence
xfs: validate sb_logsunit is a multiple of the fs blocksize
xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT
remoteproc: Fix wrong rvring index computation
mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer
include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap
binder: take read mode of mmap_sem in binder_alloc_free_page()
usb: dwc3: gadget: Do link recovery for SS and SSP
usb: gadget: udc: bdc: Remove unnecessary NULL checks in bdc_req_complete
iio:ad7797: Use correct attribute_group
nfsd: memory corruption in nfsd4_lock()
i2c: altera: use proper variable to hold errno
net/cxgb4: Check the return from t4_query_params properly
ARM: dts: bcm283x: Disable dsi0 node
perf/core: fix parent pid/tid in task exit events
mm: shmem: disable interrupt when acquiring info->lock in userfaultfd_copy path
bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B
x86: hyperv: report value of misc_features
xfs: fix partially uninitialized structure in xfs_reflink_remap_extent
scsi: target: fix PR IN / READ FULL STATUS for FC
objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings
objtool: Support Clang non-section symbols in ORC dump
xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status
arm64: Delete the space separator in __emit_inst
ext4: use matching invalidatepage in ext4_writepage
ext4: increase wait time needed before reuse of deleted inode numbers
ext4: convert BUG_ON's to WARN_ON's in mballoc.c
hwmon: (jc42) Fix name to have no illegal characters
ext4: avoid declaring fs inconsistent due to invalid file handles
ext4: protect journal inode's blocks using block_validity
ext4: don't perform block validity checks on the journal inode
ext4: fix block validity checks for journal inodes using indirect blocks
ext4: unsigned int compared against zero
qed: Fix use after free in qed_chain_free
ext4: check for non-zero journal inum in ext4_calculate_overhead
propagate_one(): mnt_set_mountpoint() needs mount_lock
Linux 4.14.178
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia3d4a2b883413346daf1779820545cb0b0e35948
|
||
David Ahern
|
0367dba6b8 |
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
[ Upstream commit 0c922a4850eba2e668f73a3f1153196e09abb251 ] IPSKB_XFRM_TRANSFORMED and IP6SKB_XFRM_TRANSFORMED are skb flags set by xfrm code to tell other skb handlers that the packet has been passed through the xfrm output functions. Simplify the code and just always set them rather than conditionally based on netfilter enabled thus making the flag available for other users. Signed-off-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jeremy Sowden
|
f400768a2a |
vti4: removed duplicate log message.
commit 01ce31c57b3f07c91c9d45bbaf126124cce83a5d upstream.
Removed info log-message if ipip tunnel registration fails during
module-initialization: it adds nothing to the error message that is
written on all failures.
Fixes: dd9ee3444014e ("vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Arnd Bergmann
|
48eaa2b5d5 |
net: ipv4: avoid unused variable warning for sysctl
commit 773daa3caf5d3f87fdb1ab43e9c1b367a38fa394 upstream.
The newly introudced ip_min_valid_pmtu variable is only used when
CONFIG_SYSCTL is set:
net/ipv4/route.c:135:12: error: 'ip_min_valid_pmtu' defined but not used [-Werror=unused-variable]
This moves it to the other variables like it, to avoid the harmless
warning.
Fixes: c7272c2f1229 ("net: ipv4: don't allow setting net.ipv4.route.min_pmtu below 68")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Nicolai Stange
|
bcf49bd648 |
net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()
commit 20b50d79974ea3192e8c3ab7faf4e536e5f14d8f upstream.
Commit 8f659a03a0ba ("net: ipv4: fix for a race condition in
raw_sendmsg") fixed the issue of possibly inconsistent ->hdrincl handling
due to concurrent updates by reading this bit-field member into a local
variable and using the thus stabilized value in subsequent tests.
However, aforementioned commit also adds the (correct) comment that
/* hdrincl should be READ_ONCE(inet->hdrincl)
* but READ_ONCE() doesn't work with bit fields
*/
because as it stands, the compiler is free to shortcut or even eliminate
the local variable at its will.
Note that I have not seen anything like this happening in reality and thus,
the concern is a theoretical one.
However, in order to be on the safe side, emulate a READ_ONCE() on the
bit-field by doing it on the local 'hdrincl' variable itself:
int hdrincl = inet->hdrincl;
hdrincl = READ_ONCE(hdrincl);
This breaks the chain in the sense that the compiler is not allowed
to replace subsequent reads from hdrincl with reloads from inet->hdrincl.
Fixes: 8f659a03a0ba ("net: ipv4: fix for a race condition in raw_sendmsg")
Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Cc: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
95495cdf37 |
This is the 4.14.177 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6igLUACgkQONu9yGCS
aT5+1g//QeF4tEaKuz/4MnqHcXk7TUit90Y9DE1HzInayMj8hWzQy8JoC0tkGDcF
2EtB5ySxvD74FTMKCdLMjDNJaCw4wDrz2YZalE0PIaB/0/d4b2Vyr0NDT5siJUHz
0AVMbeSkFBP/ygldEl1T1V9EPqhh7VTUSTMCJ198XsWkBsGEK87+ah0LOPiL1d8i
OUYLC02/4lyyMLySvPWA51hdEOzobJNrGmUWZksmwocmO5a0xyBcqiS9dlmD0T3o
gLOQQW99QV40ZMNlYzpf8Qgane23HK9kw4koDPGamZtLuzUm1bDpiFpO7tktn0g7
/Pw0rm/a14HjpzG59v0bwL+3+m7G2uMCYT3XpRTseR251KrRI+xBkqArHHd4mm7Z
kZZrABko6W/cerwjq5D96HY28Hk8L5fHn5q6gLoi2cEMP8Fe+TdWdrvkxlDO6MTT
6P3y+pOfIHk0/OtiegrEpt132atkJEzG6eHmOU9LG9V9yXvmUzHR2+5sBOXUsZt/
PGR5Ty2o4SDCicvXyL5ULKvwvBjV1jMf87extOOKuKCa8Y4DtsZvBaOYUr3/b45H
CmusNFPvHWALL8xBWvDoqdGuvP0dmv70cLK5Frac+sv9nHawRVUvES13octkGzZG
68/ReEwZHws5Ir5Nr+eUtJdUnltFwmO6P9aCkw548PsH4Ug8Eqs=
=Z08g
-----END PGP SIGNATURE-----
Merge 4.14.177 into android-4.14-stable
Changes in 4.14.177
bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads
net: vxge: fix wrong __VA_ARGS__ usage
hinic: fix a bug of waitting for IO stopped
hinic: fix wrong para of wait_for_completion_timeout
cxgb4/ptp: pass the sign of offset delta in FW CMD
qlcnic: Fix bad kzalloc null test
i2c: st: fix missing struct parameter description
null_blk: Fix the null_add_dev() error path
null_blk: Handle null_add_dev() failures properly
null_blk: fix spurious IO errors after failed past-wp access
x86: Don't let pgprot_modify() change the page encryption bit
block: keep bdi->io_pages in sync with max_sectors_kb for stacked devices
irqchip/versatile-fpga: Handle chained IRQs properly
sched: Avoid scale real weight down to zero
selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault
PCI/switchtec: Fix init_completion race condition with poll_wait()
libata: Remove extra scsi_host_put() in ata_scsi_add_hosts()
gfs2: Don't demote a glock until its revokes are written
x86/boot: Use unsigned comparison for addresses
efi/x86: Ignore the memory attributes table on i386
genirq/irqdomain: Check pointer in irq_domain_alloc_irqs_hierarchy()
block: Fix use-after-free issue accessing struct io_cq
usb: dwc3: core: add support for disabling SS instances in park mode
irqchip/gic-v4: Provide irq_retrigger to avoid circular locking dependency
locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps()
block, bfq: fix use-after-free in bfq_idle_slice_timer_body
btrfs: remove a BUG_ON() from merge_reloc_roots()
btrfs: track reloc roots based on their commit root bytenr
uapi: rename ext2_swab() to swab() and share globally in swab.h
misc: rtsx: set correct pcr_ops for rts522A
slub: improve bit diffusion for freelist ptr obfuscation
ASoC: fix regwmask
ASoC: dapm: connect virtual mux with default value
ASoC: dpcm: allow start or stop during pause for backend
ASoC: topology: use name_prefix for new kcontrol
usb: gadget: f_fs: Fix use after free issue as part of queue failure
usb: gadget: composite: Inform controller driver of self-powered
ALSA: usb-audio: Add mixer workaround for TRX40 and co
ALSA: hda: Add driver blacklist
ALSA: hda: Fix potential access overflow in beep helper
ALSA: ice1724: Fix invalid access for enumerated ctl items
ALSA: pcm: oss: Fix regression by buffer overflow fix
ALSA: doc: Document PC Beep Hidden Register on Realtek ALC256
ALSA: hda/realtek - Set principled PC Beep configuration for ALC256
media: ti-vpe: cal: fix disable_irqs to only the intended target
acpi/x86: ignore unspecified bit positions in the ACPI global lock field
thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
nvme-fc: Revert "add module to ops template to allow module references"
PCI/ASPM: Clear the correct bits when enabling L1 substates
PCI: endpoint: Fix for concurrent memory allocation in OB address region
KEYS: reaching the keys quotas correctly
irqchip/versatile-fpga: Apply clear-mask earlier
MIPS: OCTEON: irq: Fix potential NULL pointer dereference
ath9k: Handle txpower changes even when TPC is disabled
signal: Extend exec_id to 64bits
x86/entry/32: Add missing ASM_CLAC to general_protection entry
KVM: nVMX: Properly handle userspace interrupt window request
KVM: s390: vsie: Fix region 1 ASCE sanity shadow address checks
KVM: s390: vsie: Fix delivery of addressing exceptions
KVM: x86: Allocate new rmap and large page tracking when moving memslot
KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support
KVM: VMX: fix crash cleanup when KVM wasn't used
CIFS: Fix bug which the return value by asynchronous read is error
btrfs: drop block from cache on error in relocation
crypto: mxs-dcp - fix scatterlist linearization for hash
ALSA: hda: Initialize power_state field properly
net: rtnl_configure_link: fix dev flags changes arg to __dev_notify_flags
powerpc/pseries: Drop pointless static qualifier in vpa_debugfs_init()
x86/speculation: Remove redundant arch_smt_update() invocation
tools: gpio: Fix out-of-tree build regression
mm: Use fixed constant in page_frag_alloc instead of size + 1
dm verity fec: fix memory leak in verity_fec_dtr
scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point
arm64: armv8_deprecated: Fix undef_hook mask for thumb setend
rtc: omap: Use define directive for PIN_CONFIG_ACTIVE_HIGH
NFS: Fix a page leak in nfs_destroy_unlinked_subrequests()
ext4: fix a data race at inode->i_blocks
fs/filesystems.c: downgrade user-reachable WARN_ONCE() to pr_warn_once()
ocfs2: no need try to truncate file beyond i_size
perf tools: Support Python 3.8+ in Makefile
s390/diag: fix display of diagnose call statistics
Input: i8042 - add Acer Aspire 5738z to nomux list
kmod: make request_module() return an error when autoloading is disabled
cpufreq: powernv: Fix use-after-free
hfsplus: fix crash and filesystem corruption when deleting files
libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set
powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle
powerpc/64/tm: Don't let userspace set regs->trap via sigreturn
powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap PTE entries
powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured IPIs
powerpc/kprobes: Ignore traps that happened in real mode
scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
powerpc: Add attributes for setjmp/longjmp
powerpc: Make setjmp/longjmp signature standard
Btrfs: fix crash during unmount due to race with delayed inode workers
btrfs: use nofs allocations for running delayed items
dm zoned: remove duplicate nr_rnd_zones increase in dmz_init_zone()
crypto: caam - update xts sector size for large input length
drm/dp_mst: Fix clearing payload state on topology disable
drm: Remove PageReserved manipulation from drm_pci_alloc
ftrace/kprobe: Show the maxactive number on kprobe_events
ipmi: fix hung processes in __get_guid()
powerpc/fsl_booke: Avoid creating duplicate tlb1 entry
misc: echo: Remove unnecessary parentheses and simplify check for zero
mfd: dln2: Fix sanity checking for endpoints
amd-xgbe: Use __napi_schedule() in BH context
hsr: check protocol version in hsr_newlink()
net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
net: ipv6: do not consider routes via gateways for anycast address check
net: qrtr: send msgs from local of same id as broadcast
net: revert default NAPI poll timeout to 2 jiffies
net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
jbd2: improve comments about freeing data buffers whose page mapping is NULL
pwm: pca9685: Fix PWM/GPIO inter-operation
ext4: fix incorrect group count in ext4_fill_super error message
ext4: fix incorrect inodes per group in error message
ASoC: Intel: mrfld: fix incorrect check on p->sink
ASoC: Intel: mrfld: return error codes when an error occurs
ALSA: usb-audio: Don't override ignore_ctl_error value from the map
tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
btrfs: check commit root generation in should_ignore_root
mac80211_hwsim: Use kstrndup() in place of kasprintf()
ext4: do not zeroout extents beyond i_disksize
dm flakey: check for null arg_name in parse_features()
kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
scsi: target: remove boilerplate code
scsi: target: fix hang when multiple threads try to destroy the same iscsi session
x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE
x86/intel_rdt: Enumerate L2 Code and Data Prioritization (CDP) feature
x86/intel_rdt: Add two new resources for L2 Code and Data Prioritization (CDP)
x86/intel_rdt: Enable L2 CDP in MSR IA32_L2_QOS_CFG
x86/resctrl: Preserve CDP enable over CPU hotplug
x86/resctrl: Fix invalid attempt at removing the default resource group
mm/vmalloc.c: move 'area->pages' after if statement
objtool: Fix switch table detection in .text.unlikely
scsi: sg: add sg_remove_request in sg_common_write
ext4: use non-movable memory for superblock readahead
arm, bpf: Fix bugs with ALU64 {RSH, ARSH} BPF_K shift by 0
netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type
irqchip/mbigen: Free msi_desc on device teardown
ALSA: hda: Don't release card at firmware loading error
lib/raid6: use vdupq_n_u8 to avoid endianness warnings
video: fbdev: sis: Remove unnecessary parentheses and commented code
drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem
clk: Fix debugfs_create_*() usage
Revert "gpio: set up initial state from .get_direction()"
arm64: perf: remove unsupported events for Cortex-A73
arm64: traps: Don't print stack or raw PC/LR values in backtraces
arch_topology: Fix section miss match warning due to free_raw_capacity()
wil6210: increase firmware ready timeout
wil6210: fix temperature debugfs
scsi: ufs: make sure all interrupts are processed
scsi: ufs: ufs-qcom: remove broken hci version quirk
wil6210: rate limit wil_rx_refill error
rpmsg: glink: use put_device() if device_register fail
rtc: pm8xxx: Fix issue in RTC write path
rpmsg: glink: Fix missing mutex_init() in qcom_glink_alloc_channel()
rpmsg: glink: smem: Ensure ordering during tx
wil6210: fix PCIe bus mastering in case of interface down
wil6210: add block size checks during FW load
wil6210: fix length check in __wmi_send
wil6210: abort properly in cfg suspend
soc: qcom: smem: Use le32_to_cpu for comparison
of: fix missing kobject init for !SYSFS && OF_DYNAMIC config
rbd: avoid a deadlock on header_rwsem when flushing notifies
rbd: call rbd_dev_unprobe() after unwatching and flushing notifies
of: unittest: kmemleak in of_unittest_platform_populate()
clk: at91: usb: continue if clk_hw_round_rate() return zero
power: supply: bq27xxx_battery: Silence deferred-probe error
clk: tegra: Fix Tegra PMC clock out parents
soc: imx: gpc: fix power up sequencing
rtc: 88pm860x: fix possible race condition
NFSv4/pnfs: Return valid stateids in nfs_layout_find_inode_by_stateid()
NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails
s390/cpuinfo: fix wrong output when CPU0 is offline
powerpc/maple: Fix declaration made after definition
ext4: do not commit super on read-only bdev
include/linux/swapops.h: correct guards for non_swap_entry()
percpu_counter: fix a data race at vm_committed_as
compiler.h: fix error in BUILD_BUG_ON() reporting
KVM: s390: vsie: Fix possible race when shadowing region 3 tables
x86: ACPI: fix CPU hotplug deadlock
drm/amdkfd: kfree the wrong pointer
NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
iommu/vt-d: Fix mm reference leak
ext2: fix empty body warnings when -Wextra is used
ext2: fix debug reference to ext2_xattr_cache
libnvdimm: Out of bounds read in __nd_ioctl()
iommu/amd: Fix the configuration of GCR3 table root pointer
net: dsa: bcm_sf2: Fix overflow checks
fbdev: potential information leak in do_fb_ioctl()
tty: evh_bytechan: Fix out of bounds accesses
locktorture: Print ratio of acquisitions, not failures
mtd: lpddr: Fix a double free in probe()
mtd: phram: fix a double free issue in error path
KEYS: Use individual pages in big_key for crypto buffers
KEYS: Don't write out to userspace while holding key semaphore
Linux 4.14.177
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5eb89921eb63ee9e92a031fc6f3a10d9e2616358
|
||
Taras Chornyi
|
cce0d1bd3f |
net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
[ Upstream commit 690cc86321eb9bcee371710252742fb16fe96824 ]
When CONFIG_IP_MULTICAST is not set and multicast ip is added to the device
with autojoin flag or when multicast ip is deleted kernel will crash.
steps to reproduce:
ip addr add 224.0.0.0/32 dev eth0
ip addr del 224.0.0.0/32 dev eth0
or
ip addr add 224.0.0.0/32 dev eth0 autojoin
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088
pc : _raw_write_lock_irqsave+0x1e0/0x2ac
lr : lock_sock_nested+0x1c/0x60
Call trace:
_raw_write_lock_irqsave+0x1e0/0x2ac
lock_sock_nested+0x1c/0x60
ip_mc_config.isra.28+0x50/0xe0
inet_rtm_deladdr+0x1a8/0x1f0
rtnetlink_rcv_msg+0x120/0x350
netlink_rcv_skb+0x58/0x120
rtnetlink_rcv+0x14/0x20
netlink_unicast+0x1b8/0x270
netlink_sendmsg+0x1a0/0x3b0
____sys_sendmsg+0x248/0x290
___sys_sendmsg+0x80/0xc0
__sys_sendmsg+0x68/0xc0
__arm64_sys_sendmsg+0x20/0x30
el0_svc_common.constprop.2+0x88/0x150
do_el0_svc+0x20/0x80
el0_sync_handler+0x118/0x190
el0_sync+0x140/0x180
Fixes: 93a714d6b53d ("multicast: Extend ip address command to enable multicast group join/leave on")
Signed-off-by: Taras Chornyi <taras.chornyi@plvision.eu>
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Srinivasarao P
|
89c9d6d8aa |
Merge android-4.14.162 (c2bd4f8) into msm-4.14
* refs/heads/tmp-c2bd4f8: Linux 4.14.162 spi: fsl: use platform_get_irq() instead of of_irq_to_resource() gtp: avoid zero size hashtable gtp: fix an use-after-free in ipv4_pdp_find() gtp: fix wrong condition in gtp_genl_dump_pdp() tcp: do not send empty skb from tcp_write_xmit() tcp/dccp: fix possible race __inet_lookup_established() gtp: do not allow adding duplicate tid and ms_addr pdp context sit: do not confirm neighbor when do pmtu update vti: do not confirm neighbor when do pmtu update tunnel: do not confirm neighbor when do pmtu update net/dst: add new function skb_dst_update_pmtu_no_confirm gtp: do not confirm neighbor when do pmtu update ip6_gre: do not confirm neighbor when do pmtu update net: add bool confirm_neigh parameter for dst_ops.update_pmtu vhost/vsock: accept only packets with the right dst_cid udp: fix integer overflow while computing available space in sk_rcvbuf ptp: fix the race between the release of ptp_clock and cdev net/mlxfw: Fix out-of-memory error in mfa2 flash burning net: ena: fix napi handler misbehavior when the napi budget is zero pinctrl: baytrail: Really serialize all register accesses tty/serial: atmel: fix out of range clock divider handling spi: fsl: don't map irq during probe hrtimer: Annotate lockless access to timer->state net: icmp: fix data-race in cmp_global_allow() net: add a READ_ONCE() in skb_peek_tail() inetpeer: fix data-race in inet_putpeer / inet_putpeer netfilter: bridge: make sure to pull arp header in br_nf_forward_arp() 6pack,mkiss: fix possible deadlock netfilter: ebtables: compat: reject all padding in matches/watchers filldir[64]: remove WARN_ON_ONCE() for bad directory entries Make filldir[64]() verify the directory entry filename is valid perf strbuf: Remove redundant va_end() in strbuf_addv() bonding: fix active-backup transition after link failure ALSA: hda - Downgrade error message for single-cmd fallback netfilter: nf_queue: enqueue skbs with NULL dst net, sysctl: Fix compiler warning when only cBPF is present x86/mce: Fix possibly incorrect severity calculation on AMD userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK kernel: sysctl: make drop_caches write-only ocfs2: fix passing zero to 'PTR_ERR' warning s390/cpum_sf: Check for SDBT and SDB consistency libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR perf regs: Make perf_reg_name() return "unknown" instead of NULL perf script: Fix brstackinsn for AUXTRACE cdrom: respect device capabilities during opening action scripts/kallsyms: fix definitely-lost memory leak apparmor: fix unsigned len comparison with less than zero gpio: mpc8xxx: Don't overwrite default irq_set_type callback scsi: target: iscsi: Wait for all commands to finish before freeing a session scsi: iscsi: Don't send data to unbound connection scsi: NCR5380: Add disconnect_mask module parameter scsi: scsi_debug: num_tgts must be >= 0 scsi: ufs: Fix error handing during hibern8 enter scsi: pm80xx: Fix for SATA device discovery HID: Improve Windows Precision Touchpad detection. libnvdimm/btt: fix variable 'rc' set but not used HID: logitech-hidpp: Silence intermittent get_battery_capacity errors bcache: at least try to shrink 1 node in bch_mca_scan() clk: pxa: fix one of the pxa RTC clocks scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE powerpc/security: Fix wrong message when RFI Flush is disable powerpc/pseries/cmm: Implement release() function for sysfs device scsi: ufs: fix potential bug which ends in system hang scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long irqchip: ingenic: Error out if IRQ domain creation failed irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary clk: qcom: Allow constant ratio freq tables for rcg f2fs: fix to update dir's i_pino during cross_rename scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) jbd2: Fix statistics for the number of logged blocks ext4: update direct I/O read lock pattern for IOCB_NOWAIT powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning powerpc/security/book3s64: Report L1TF status in sysfs clocksource/drivers/asm9260: Add a check for of_clk_get dma-debug: add a schedule point in debug_dma_dump_mappings() powerpc/tools: Don't quote $objdump in scripts powerpc/pseries: Don't fail hash page table insert for bolted mapping powerpc/pseries: Mark accumulate_stolen_time() as notrace scsi: csiostor: Don't enable IRQs too early scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices scsi: target: compare full CHAP_A Algorithm strings iommu/tegra-smmu: Fix page tables in > 4 GiB memory Input: atmel_mxt_ts - disable IRQ across suspend scsi: lpfc: Fix locking on mailbox command completion scsi: mpt3sas: Fix clear pending bit in ioctl status scsi: lpfc: Fix discovery failures when target device connectivity bounces ANDROID: serdev: Fix platform device support Conflicts: drivers/scsi/ufs/ufshcd.c kernel/time/hrtimer.c Discarded commit 'kernel: sysctl: make drop_caches write-only' due to vts regression. Change-Id: Ieabdc1178e170d30672e233f43139bb97af9bf80 Signed-off-by: Srinivasarao P <spathi@codeaurora.org> Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Srinivasarao P
|
c84760496e |
Merge android-4.14.160 (0f543a0) into msm-4.14
* refs/heads/tmp-0f543a0:
Linux 4.14.160
net: stmmac: don't stop NAPI processing when dropping a packet
net: stmmac: use correct DMA buffer size in the RX descriptor
xhci: fix USB3 device initiated resume race with roothub autosuspend
drm/radeon: fix r1xx/r2xx register checker for POT textures
scsi: iscsi: Fix a potential deadlock in the timeout handler
dm btree: increase rebalance threshold in __rebalance2()
dma-buf: Fix memory leak in sync_file_merge()
vfio/pci: call irq_bypass_unregister_producer() before freeing irq
ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
ARM: dts: s3c64xx: Fix init order of clock providers
CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
rpmsg: glink: Free pending deferred work on remove
rpmsg: glink: Don't send pending rx_done during remove
rpmsg: glink: Fix rpmsg_register_device err handling
rpmsg: glink: Put an extra reference during cleanup
rpmsg: glink: Fix use after free in open_ack TIMEOUT case
rpmsg: glink: Fix reuse intents memory leak issue
rpmsg: glink: Set tail pointer to 0 at end of FIFO
xtensa: fix TLB sanity checker
PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3
PCI/MSI: Fix incorrect MSI-X masking on resume
PCI: Fix Intel ACS quirk UPDCR register address
PCI/PM: Always return devices to D0 when thawing
Revert "regulator: Defer init completion for a while after late_initcall"
nvme: host: core: fix precedence of ternary operator
inet: protect against too small mtu values.
tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
tcp: tighten acceptance of ACKs not matching a child socket
tcp: fix rejected syncookies due to stale timestamps
tipc: fix ordering of tipc module init and exit routine
tcp: md5: fix potential overestimation of TCP option space
openvswitch: support asymmetric conntrack
net: thunderx: start phy before starting autonegotiation
net: ethernet: ti: cpsw: fix extra rx interrupt
net: dsa: fix flow dissection on Tx path
net: bridge: deny dev_set_mac_address() when unregistering
ANDROID: cuttlefish_defconfig: Enable CONFIG_GNSS_CMDLINE_SERIAL
ANDROID: gnss: Add command line test driver
ANDROID: serdev: add platform device support
ANDROID: cuttlefish_defconfig: set BINFMT_MISC
UPSTREAM: binder: fix incorrect calculation for num_valid
ANDROID: kbuild: disable clang-specific configs with other compilers
Conflicts:
drivers/rpmsg/qcom_glink_native.c
drivers/rpmsg/qcom_glink_smem.c
net/ipv4/ip_output.c
Change-Id: I5a153d5632311789c3d2a24522a8fa3696b06850
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Srinivasarao P
|
8241b06f7c |
Merge android-4.14.159 (f960b38) into msm-4.14
* refs/heads/tmp-f960b38: Linux 4.14.159 of: unittest: fix memory leak in attach_node_and_children raid5: need to set STRIPE_HANDLE for batch head gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist kernel/module.c: wakeup processes in module_wq on module unload gfs2: fix glock reference problem in gfs2_trans_remove_revoke net/mlx5e: Fix SFF 8472 eeprom length sunrpc: fix crash when cache_head become valid before update workqueue: Fix missing kfree(rescuer) in destroy_workqueue() blk-mq: make sure that line break can be printed mfd: rk808: Fix RK818 ID template ext4: fix a bug in ext4_wait_for_tail_page_commit mm/shmem.c: cast the type of unmap_start to u64 firmware: qcom: scm: Ensure 'a0' status code is treated as signed ext4: work around deleting a file with i_nlink == 0 safely powerpc: Fix vDSO clock_getres() powerpc: Avoid clang warnings around setjmp and longjmp ath10k: fix fw crash by moving chip reset after napi disabled media: vimc: fix component match compare mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead power: supply: cpcap-battery: Fix signed counter sample register x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait drbd: Change drbd_request_detach_interruptible's return type to int scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE scsi: lpfc: Cap NPIV vports to 256 omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251 phy: renesas: rcar-gen3-usb2: Fix sysfs interface of "role" iio: adis16480: Add debugfs_reg_access entry xhci: make sure interrupts are restored to correct state xhci: Fix memory leak in xhci_add_in_port() scsi: qla2xxx: Fix message indicating vectors used by driver scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() scsi: qla2xxx: Fix session lookup in qlt_abort_work() scsi: qla2xxx: Fix DMA unmap leak scsi: zfcp: trace channel log even for FCP command responses block: fix single range discard merge reiserfs: fix extended attributes on the root directory ext4: Fix credit estimate for final inode freeing quota: fix livelock in dquot_writeback_dquots ext2: check err when partial != NULL quota: Check that quota is not dirty before release video/hdmi: Fix AVI bar unpack powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts powerpc: Allow flush_icache_range to work across ranges >4GB powerpc/xive: Prevent page fault issues in the machine crash handler powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB ppdev: fix PPGETTIME/PPSETTIME ioctls ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init pinctrl: samsung: Fix device node refcount leaks in init code pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init pinctrl: samsung: Add of_node_put() before return in error path ACPI: PM: Avoid attaching ACPI PM domain to certain devices ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() ACPI: OSL: only free map once in osl.c cpufreq: powernv: fix stack bloat and hard limit on number of CPUs PM / devfreq: Lock devfreq in trans_stat_show intel_th: pci: Add Tiger Lake CPU support intel_th: pci: Add Ice Lake CPU support intel_th: Fix a double put_device() in error path cpuidle: Do not unset the driver if it is there already media: cec.h: CEC_OP_REC_FLAG_ values were swapped media: radio: wl1273: fix interrupt masking on release media: bdisp: fix memleak on release s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported ar5523: check NULL before memcpy() in ar5523_cmd() cgroup: pids: use atomic64_t for pids->limit blk-mq: avoid sysfs buffer overflow with too many CPU cores ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report workqueue: Fix pwq ref leak in rescuer_thread() workqueue: Fix spurious sanity check failures in destroy_workqueue() dm zoned: reduce overhead of backing device checks hwrng: omap - Fix RNG wait loop timeout watchdog: aspeed: Fix clock behaviour for ast2600 md/raid0: Fix an error message in raid0_make_request() ALSA: hda - Fix pending unsol events at shutdown ovl: relax WARN_ON() on rename to self lib: raid6: fix awk build warnings rtlwifi: rtl8192de: Fix missing enable interrupt flag rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address btrfs: record all roots for rename exchange on a subvol Btrfs: send, skip backreference walking for extents with many references btrfs: Remove btrfs_bio::flags member Btrfs: fix negative subv_writers counter and data space leak after buffered write btrfs: use refcount_inc_not_zero in kill_all_nodes btrfs: check page->mapping when loading free space cache usb: dwc3: ep0: Clear started flag on completion virtio-balloon: fix managed page counts when migrating pages between zones mtd: spear_smi: Fix Write Burst mode tpm: add check after commands attribs tab allocation usb: mon: Fix a deadlock in usbmon between mmap and read usb: core: urb: fix URB structure initialization function USB: adutux: fix interface sanity check USB: serial: io_edgeport: fix epic endpoint lookup USB: idmouse: fix interface sanity checks USB: atm: ueagle-atm: add missing endpoint check iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting ARM: dts: pandora-common: define wl1251 as child node of mmc3 xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour. xhci: Increase STS_HALT timeout in xhci_suspend() usb: xhci: only set D3hot for pci device staging: gigaset: add endpoint-type sanity check staging: gigaset: fix illegal free on probe errors staging: gigaset: fix general protection fault on probe staging: rtl8712: fix interface sanity check staging: rtl8188eu: fix interface sanity check usb: Allow USB device to be warm reset in suspended state USB: documentation: flags on usb-storage versus UAS USB: uas: heed CAPACITY_HEURISTICS USB: uas: honor flag to avoid CAPACITY16 media: venus: remove invalid compat_ioctl32 handler scsi: qla2xxx: Fix driver unload hang usb: gadget: pch_udc: fix use after free usb: gadget: configfs: Fix missing spin_lock_init() appletalk: Set error code if register_snap_client failed appletalk: Fix potential NULL pointer dereference in unregister_snap_client KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) ASoC: rsnd: fixup MIX kctrl registration binder: Handle start==NULL in binder_update_page_range() thermal: Fix deadlock in thermal thermal_zone_device_check iomap: Fix pipe page leakage during splicing RDMA/qib: Validate ->show()/store() callbacks before calling them spi: atmel: Fix CS high support crypto: user - fix memory leak in crypto_report crypto: ecdh - fix big endian bug in ECC library crypto: ccp - fix uninitialized list head crypto: af_alg - cast ki_complete ternary op to int crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES KVM: x86: do not modify masked bits of shared MSRs KVM: arm/arm64: vgic: Don't rely on the wrong pending table drm/i810: Prevent underflow in ioctl jbd2: Fix possible overflow in jbd2_log_space_left() kernfs: fix ino wrap-around detection can: slcan: Fix use-after-free Read in slcan_open tty: vt: keyboard: reject invalid keycodes CIFS: Fix SMB2 oplock break processing CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect Input: Fix memory leak in psxpad_spi_probe coresight: etm4x: Fix input validation for sysfs. Input: goodix - add upside-down quirk for Teclast X89 tablet Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus ALSA: hda - Add mute led support for HP ProBook 645 G4 ALSA: pcm: oss: Avoid potential buffer overflows ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 fuse: verify attributes fuse: verify nlink sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision tcp: exit if nothing to retransmit on RTO timeout net: aquantia: fix RSS table and key sizes media: vimc: fix start stream when link is disabled ARM: dts: sunxi: Fix PMU compatible strings usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler mlx4: Use snprintf instead of complicated strcpy IB/hfi1: Close VNIC sdma_progress sleep window IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state mlxsw: spectrum_router: Relax GRE decap matching check firmware: qcom: scm: fix compilation error when disabled media: stkwebcam: Bugfix for wrong return values tty: Don't block on IO when ldisc change is pending nfsd: Return EPERM, not EACCES, in some SETATTR cases MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition clk: renesas: r8a77995: Correct parent clock of DU powerpc/math-emu: Update macros from GCC pstore/ram: Avoid NULL deref in ftrace merging failure path net/mlx4_core: Fix return codes of unsupported operations dlm: fix invalid cluster name warning ARM: dts: realview: Fix some more duplicate regulator nodes clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent ARM: dts: pxa: clean up USB controller nodes mtd: fix mtd_oobavail() incoherent returned value kbuild: fix single target build for external module modpost: skip ELF local symbols during section mismatch check tcp: fix SNMP TCP timeout under-estimation tcp: fix SNMP under-estimation on failed retransmission tcp: fix off-by-one bug on aborting window-probing socket ARM: dts: realview-pbx: Fix duplicate regulator nodes ARM: dts: mmp2: fix the gpio interrupt cell number net/x25: fix null_x25_address handling net/x25: fix called/calling length calculation in x25_parse_address_block arm64: dts: meson-gxl-khadas-vim: fix GPIO lines names arm64: dts: meson-gxbb-odroidc2: fix GPIO lines names arm64: dts: meson-gxbb-nanopi-k2: fix GPIO lines names arm64: dts: meson-gxl-libretech-cc: fix GPIO lines names ARM: OMAP1/2: fix SoC name printing ASoC: au8540: use 64-bit arithmetic instead of 32-bit nfsd: fix a warning in __cld_pipe_upcall() ARM: debug: enable UART1 for socfpga Cyclone5 dlm: NULL check before kmem_cache_destroy is not needed ARM: dts: sun8i: v3s: Change pinctrl nodes to avoid warning ARM: dts: sun5i: a10s: Fix HDMI output DTC warning ASoC: rsnd: tidyup registering method for rsnd_kctrl_new() lockd: fix decoding of TEST results i2c: imx: don't print error message on probe defer serial: imx: fix error handling in console_setup altera-stapl: check for a null key before strcasecmp'ing it dma-mapping: fix return type of dma_set_max_seg_size() sparc: Correct ctx->saw_frame_pointer logic. f2fs: fix to allow node segment for GC by ioctl path ARM: dts: rockchip: Assign the proper GPIO clocks for rv1108 ARM: dts: rockchip: Fix the PMU interrupt number for rv1108 f2fs: change segment to section in f2fs_ioc_gc_range f2fs: fix count of seg_freed to make sec_freed correct ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() usb: dwc3: don't log probe deferrals; but do log other error codes usb: dwc3: debugfs: Properly print/set link state for HS dmaengine: dw-dmac: implement dma protection control setting dmaengine: coh901318: Remove unused variable dmaengine: coh901318: Fix a double-lock bug media: cec: report Vendor ID after initialization media: pulse8-cec: return 0 when invalidating the logical address ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module rtc: dt-binding: abx80x: fix resistance scale rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning net/smc: use after free fix in smc_wr_tx_put_slot() MIPS: OCTEON: octeon-platform: fix typing iomap: sub-block dio needs to zeroout beyond EOF net-next/hinic:fix a bug in set mac address regulator: Fix return value of _set_load() stub clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 clk: rockchip: fix I2S1 clock gate register for rk3328 mm/vmstat.c: fix NUMA statistics updates Staging: iio: adt7316: Fix i2c data reading, set the data field pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues crypto: bcm - fix normal/non key hash algorithm failure crypto: ecc - check for invalid values in the key verification test scsi: zfcp: drop default switch case which might paper over missing case net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 MIPS: SiByte: Enable ZONE_DMA32 for LittleSur dlm: fix missing idr_destroy for recover_idr ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering clk: rockchip: fix rk3188 sclk_smc gate data i40e: don't restart nway if autoneg not supported rtc: s3c-rtc: Avoid using broken ALMYEAR register net: ethernet: ti: cpts: correct debug for expired txq skb extcon: max8997: Fix lack of path setting in USB device mode dlm: fix possible call to kfree() for non-initialized pointer clk: sunxi-ng: a64: Fix gate bit of DSI DPHY net/mlx5: Release resource on error flow ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ iwlwifi: mvm: Send non offchannel traffic via AP sta iwlwifi: mvm: synchronize TID queue removal cxgb4vf: fix memleak in mac_hlist initialization serial: core: Allow processing sysrq at port unlock time i2c: core: fix use after free in of_i2c_notify net: ep93xx_eth: fix mismatch of request_mem_region in remove rsxx: add missed destroy_workqueue calls in remove ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() sched/core: Avoid spurious lock dependencies Input: cyttsp4_core - fix use after free bug xfrm: release device reference for invalid state NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error audit_get_nd(): don't unlock parent too early exportfs_decode_fh(): negative pinned may become positive without the parent locked iwlwifi: pcie: don't consider IV len in A-MSDU RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN autofs: fix a leak in autofs_expire_indirect() serial: ifx6x60: add missed pm_runtime_disable serial: serial_core: Perform NULL checks for break_ctl ops serial: pl011: Fix DMA ->flush_buffer() tty: serial: msm_serial: Fix flow control tty: serial: fsl_lpuart: use the sg count from dma_map_sg usb: gadget: u_serial: add missing port entry locking arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator rsi: release skb if rsi_prepare_beacon fails ANDROID: staging: android: ion: Fix build when CONFIG_ION_SYSTEM_HEAP=n ANDROID: staging: android: ion: Expose total heap and pool sizes via sysfs UPSTREAM: include/linux/slab.h: fix sparse warning in kmalloc_type() UPSTREAM: mm, slab: shorten kmalloc cache names for large sizes UPSTREAM: mm, proc: add KReclaimable to /proc/meminfo BACKPORT: mm: rename and change semantics of nr_indirectly_reclaimable_bytes UPSTREAM: dcache: allocate external names from reclaimable kmalloc caches BACKPORT: mm, slab/slub: introduce kmalloc-reclaimable caches UPSTREAM: mm, slab: combine kmalloc_caches and kmalloc_dma_caches ANDROID: kbuild: disable SCS by default in allmodconfig ANDROID: arm64: cuttlefish_defconfig: enable LTO, CFI, and SCS BACKPORT: FROMLIST: arm64: implement Shadow Call Stack FROMLIST: arm64: disable SCS for hypervisor code BACKPORT: FROMLIST: arm64: vdso: disable Shadow Call Stack FROMLIST: arm64: preserve x18 when CPU is suspended FROMLIST: arm64: reserve x18 from general allocation with SCS FROMLIST: arm64: disable function graph tracing with SCS FROMLIST: scs: add support for stack usage debugging FROMLIST: scs: add accounting FROMLIST: add support for Clang's Shadow Call Stack (SCS) FROMLIST: arm64: kernel: avoid x18 in __cpu_soft_restart FROMLIST: arm64: kvm: stop treating register x18 as caller save FROMLIST: arm64/lib: copy_page: avoid x18 register in assembler code FROMLIST: arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings ANDROID: use non-canonical CFI jump tables ANDROID: arm64: add __nocfi to __apply_alternatives ANDROID: arm64: add __pa_function ANDROID: arm64: allow ThinLTO to be selected ANDROID: soc/tegra: disable ARCH_TEGRA_210_SOC with LTO FROMLIST: arm64: fix alternatives with LLVM's integrated assembler ANDROID: irqchip/gic-v3: rename gic_of_init to work around a ThinLTO+CFI bug ANDROID: kbuild: limit LTO inlining ANDROID: kbuild: merge module sections with LTO ANDROID: init: ensure initcall ordering with LTO Revert "ANDROID: HACK: init: ensure initcall ordering with LTO" ANDROID: add support for ThinLTO ANDROID: Switch to LLD ANDROID: clang: update to 10.0.1 ANDROID: arm64: add atomic_ll_sc.o to obj-y if using lld ANDROID: enable ARM64_ERRATUM_843419 by default with LTO_CLANG ANDROID: kbuild: allow lld to be used with CONFIG_LTO_CLANG ANDROID: Makefile: set -Qunused-arguments sooner BACKPORT: FROMLIST: Makefile: lld: tell clang to use lld BACKPORT: FROMLIST: Makefile: lld: set -O2 linker flag when linking with LLD ANDROID: scripts/Kbuild: add ld-name support for ld.lld UPSTREAM: bpf: permit multiple bpf attachments for a single perf event UPSTREAM: bpf: use the same condition in perf event set/free bpf handler UPSTREAM: bpf: multi program support for cgroup+bpf BACKPORT: serdev: make synchronous write return bytes written UPSTREAM: gnss: serial: fix synchronous write timeout UPSTREAM: gnss: fix potential error pointer dereference BACKPORT: gnss: add receiver type support UPSTREAM: dt-bindings: add generic gnss binding UPSTREAM: gnss: add generic serial driver ANDROID: cuttlefish_defconfig: Enable CONFIG_SERIAL_DEV_BUS ANDROID: cuttlefish_defconfig: Enable CONFIG_GNSS BACKPORT: gnss: add GNSS receiver subsystem UPSTREAM: arm64: Validate tagged addresses in access_ok() called from kernel threads BACKPORT: ARM: 8905/1: Emit __gnu_mcount_nc when using Clang 10.0.0 or newer fs/lock: skip lock owner pid translation in case we are in init_pid_ns f2fs: stop GC when the victim becomes fully valid f2fs: expose main_blkaddr in sysfs f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project() f2fs: Fix deadlock in f2fs_gc() context during atomic files handling f2fs: show f2fs instance in printk_ratelimited f2fs: fix potential overflow f2fs: fix to update dir's i_pino during cross_rename f2fs: support aligned pinned file f2fs: avoid kernel panic on corruption test f2fs: fix wrong description in document f2fs: cache global IPU bio f2fs: fix to avoid memory leakage in f2fs_listxattr f2fs: check total_segments from devices in raw_super f2fs: update multi-dev metadata in resize_fs f2fs: mark recovery flag correctly in read_raw_super_block() f2fs: fix to update time in lazytime mode vfs: don't allow writes to swap files mm: set S_SWAPFILE on blockdev swap devices Conflicts: drivers/Makefile drivers/staging/android/ion/ion.c drivers/staging/android/ion/ion.h drivers/staging/android/ion/ion_page_pool.c drivers/usb/dwc3/core.c drivers/usb/dwc3/debugfs.c drivers/usb/dwc3/ep0.c fs/f2fs/data.c include/linux/mmzone.h mm/vmstat.c Discarded below patches, as usb patches not applicable and block patch causing stability issues: usb: dwc3: ep0: Clear started flag on completion usb: dwc3: don't log probe deferrals; but do log other error codes block: fix single range discard merge Fixed build errors in below files: drivers/gpu/msm/kgsl_pool.c drivers/staging/android/ion/ion_page_pool.c kernel/taskstats.c Fixed bootup issue in: arch/arm64/mm/proc.s Change-Id: I0a16824c251c14c63af78f9cfd9ede5e82c427fc Signed-off-by: Srinivasarao P <spathi@codeaurora.org> Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Srinivasarao P
|
f3f0576c22 |
Merge android-4.14.158 (84afceb) into msm-4.14
* refs/heads/tmp-84afceb: Linux 4.14.158 net: fec: fix clock count mis-match platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer ASoC: stm32: i2s: fix IRQ clearing ASoC: stm32: i2s: fix 16 bit format support ASoC: stm32: i2s: fix dma configuration pinctrl: stm32: fix memory leak issue mailbox: mailbox-test: fix null pointer if no mmio hwrng: stm32 - fix unbalanced pm_runtime_enable media: stm32-dcmi: fix DMA corruption when stopping streaming crypto: stm32/hash - Fix hmac issue more than 256 bytes HID: core: check whether Usage Page item is after Usage ID items futex: Prevent exit livelock futex: Provide distinct return value when owner is exiting futex: Add mutex around futex exit futex: Provide state handling for exec() as well futex: Sanitize exit state handling futex: Mark the begin of futex exit explicitly futex: Set task::futex_state to DEAD right after handling futex exit futex: Split futex_mm_release() for exit/exec exit/exec: Seperate mm_release() futex: Replace PF_EXITPIDONE with a state futex: Move futex exit handling into futex code futex: Prevent robust futex exit race y2038: futex: Move compat implementation into futex.c mtd: spi-nor: cast to u64 to avoid uint overflows mtd: rawnand: atmel: fix possible object reference leak mtd: rawnand: atmel: Fix spelling mistake in error message net: macb driver, check for SKBTX_HW_TSTAMP net: macb: Fix SUBNS increment and increase resolution watchdog: sama5d4: fix WDD value to be always set to max ext4: add more paranoia checking in ext4_expand_extra_isize handling net: sched: fix `tc -s class show` no bstats on class with nolock subqueues sctp: cache netns in sctp_ep_common tipc: fix link name length check openvswitch: remove another BUG_ON() openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() slip: Fix use-after-free Read in slip_open openvswitch: fix flow command message size net: psample: fix skb_over_panic macvlan: schedule bc_work even if error media: atmel: atmel-isc: fix INIT_WORK misplacement media: atmel: atmel-isc: fix asd memory allocation pwm: Clear chip_data in pwm_put() net: macb: fix error format in dev_err() media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE xfrm: Fix memleak on xfrm state destroy mei: bus: prefix device names on bus with the bus name USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids staging: rtl8723bs: Drop ACPI device ids staging: rtl8192e: fix potential use after free clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated() clk: at91: fix update bit maps on CFG_MOR write mm, gup: add missing refcount overflow checks on s390 mtd: Remove a debug trace in mtdpart.c powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() scsi: libsas: Check SMP PHY control function result ACPI / APEI: Switch estatus pool to use vmalloc memory ACPI / APEI: Don't wait to serialise with oops messages when panic()ing scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery apparmor: delete the dentry in aafs_remove() to avoid a leak iommu/amd: Fix NULL dereference bug in match_hid_uid net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED bpf: drop refcount if bpf_map_new_fd() fails in map_create() kvm: properly check debugfs dentry before using it net: dev: Use unsigned integer as an argument to left-shift bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() sctp: don't compare hb_timer expire date before starting it net: fix possible overflow in __sk_mem_raise_allocated() sfc: initialise found bitmap in efx_ef10_mtd_probe tipc: fix skb may be leaky in tipc_link_input blktrace: Show requests without sector net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() decnet: fix DN_IFREQ_SIZE ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change serial: 8250: Fix serial8250 initialization crash net/core/neighbour: fix kmemleak minimal reference count for hash tables PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() net/core/neighbour: tell kmemleak about hash tables tipc: fix memory leak in tipc_nl_compat_publ_dump mtd: Check add_mtd_device() ret code lib/genalloc.c: include vmalloc.h drivers/base/platform.c: kmemleak ignore a known leak fork: fix some -Wmissing-prototypes warnings lib/genalloc.c: use vzalloc_node() to allocate the bitmap lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n ocfs2: clear journal dirty flag after shutdown journal net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() tipc: fix a missing check of genlmsg_put atl1e: checking the status of atl1e_write_phy_reg net: dsa: bcm_sf2: Propagate error value from mdio_write net: stmicro: fix a missing check of clk_prepare net: (cpts) fix a missing check of clk_prepare um: Make GCOV depend on !KCOV f2fs: fix to dirty inode synchronously net/net_namespace: Check the return value of register_pernet_subsys() net/netlink_compat: Fix a missing check of nla_parse_nested pwm: clps711x: Fix period calculation crypto: mxc-scc - fix build warnings on ARM64 powerpc/pseries: Fix node leak in update_lmb_associativity_index() powerpc/83xx: handle machine check caused by watchdog timer regulator: tps65910: fix a missing check of return value IB/rxe: Make counters thread safe drbd: fix print_st_err()'s prototype to match the definition drbd: do not block when adjusting "disk-options" while IO is frozen drbd: reject attach of unsuitable uuids even if connected drbd: ignore "all zero" peer volume sizes in handshake powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status vfio/spapr_tce: Get rid of possible infinite loop powerpc/44x/bamboo: Fix PCI range powerpc/mm: Make NULL pointer deferences explicit on bad page faults. powerpc/prom: fix early DEBUG messages powerpc/perf: Fix unit_sel/cache_sel checks ath6kl: Fix off by one error in scan completion ath6kl: Only use match sets when firmware supports it scsi: csiostor: fix incorrect dma device in case of vport scsi: qla2xxx: deadlock by configfs_depend_item RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer openrisc: Fix broken paths to arch/or32 serial: max310x: Fix tx_empty() callback Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading drivers/regulator: fix a missing check of return value powerpc/xmon: fix dump_segments() powerpc/book3s/32: fix number of bats in p/v_block_mapped() vxlan: Fix error path in __vxlan_dev_create() clocksource/drivers/fttmr010: Fix invalid interrupt register access IB/qib: Fix an error code in qib_sdma_verbs_send() xfs: Fix bulkstat compat ioctls on x32 userspace. xfs: Align compat attrlist_by_handle with native implementation. gfs2: take jdata unstuff into account in do_grow dm flakey: Properly corrupt multi-page bios. HID: doc: fix wrong data structure reference for UHID_OUTPUT pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration KVM: s390: unregister debug feature on failing arch init bnxt_en: query force speeds before disabling autoneg mode. bnxt_en: Return linux standard errors in bnxt_ethtool.c exofs_mount(): fix leaks on failure exits net/mlx5: Continue driver initialization despite debugfs failure pinctrl: xway: fix gpio-hog related boot issues vfio-mdev/samples: Use u8 instead of char for handle functions xen/pciback: Check dev_data before using it kprobes/x86/xen: blacklist non-attachable xen interrupt functions serial: 8250: Rate limit serial port rx interrupts during input overruns HID: intel-ish-hid: fixes incorrect error handling btrfs: only track ref_heads in delayed_ref_updates mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET mmc: meson-gx: make sure the descriptor is stopped on errors VSOCK: bind to random port for VMADDR_PORT_ANY kvm: vmx: Set IA32_TSC_AUX for legacy mode guests gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB iwlwifi: move iwl_nvm_check_version() into dvm microblaze: move "... is ready" messages to arch/microblaze/Makefile microblaze: adjust the help to the real behavior ubi: Do not drop UBI device reference before using ubi: Put MTD device after it is not used xfs: require both realtime inodes to mount rtl818x: fix potential use after free mwifiex: debugfs: correct histogram spacing, formatting mwifiex: fix potential NULL dereference and use after free crypto: user - support incremental algorithm dumps scsi: lpfc: Enable Management features for IF_TYPE=6 ACPI / LPSS: Ignore acpi_device_fix_up_power() return value ARM: ks8695: fix section mismatch warning PM / AVS: SmartReflex: NULL check before some freeing functions is not needed RDMA/vmw_pvrdma: Use atomic memory allocation in create AH ARM: OMAP1: fix USB configuration for device-only setups arm64: smp: Handle errors reported by the firmware arm64: mm: Prevent mismatched 52-bit VA support parisc: Fix HP SDC hpa address output parisc: Fix serio address output ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed ARM: dts: Fix up SQ201 flash access scsi: lpfc: Fix dif and first burst use in write commands scsi: lpfc: Fix kernel Oops due to null pring pointers pwm: bcm-iproc: Prevent unloading the driver module while in use block: drbd: remove a stray unlock in __drbd_send_protocol() mac80211: fix station inactive_time shortly after boot ceph: return -EINVAL if given fsc mount option on kernel w/o support net: bcmgenet: reapply manual settings to the PHY scripts/gdb: fix debugging modules compiled with hot/cold partitioning watchdog: meson: Fix the wrong value of left time can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open can: peak_usb: report bus recovery as well bridge: ebtables: don't crash when using dnat target in output chains net: fec: add missed clk_disable_unprepare in remove clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call x86/resctrl: Prevent NULL pointer dereference when reading mondata idr: Fix idr_alloc_u32 on 32-bit systems clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 clk: at91: avoid sleeping early reset: fix reset_control_ops kerneldoc comment clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume ASoC: kirkwood: fix external clock probe defer reset: Fix memory leak in reset_control_array_put() ASoC: compress: fix unsigned integer overflow check ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS" UPSTREAM: dt-bindings: arm: coresight: Add support for coresight-loses-context-with-cpu BACKPORT: coresight: etm4x: Save/restore state across CPU low power states BACKPORT: ARM: 8900/1: UNWINDER_FRAME_POINTER implementation for Clang Conflicts: Documentation/devicetree/bindings/arm/coresight.txt arch/arm/Makefile drivers/hid/hid-core.c kernel/exit.c Reverted the downstream patch "HID: core: add usage_page_preceding flag for hid_concatenate_usage_page()" as original issue got fixed with upstream changes. Change-Id: I3b833825b3d1104fa07378caef144639074d0a0d Signed-off-by: Srinivasarao P <spathi@codeaurora.org> |
||
|
Greg Kroah-Hartman
|
341ba4f053 |
This is the 4.14.176 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6UJB8ACgkQONu9yGCS
aT7Y3w//SzcPCruJztn3Mijf0PTsGQDhGwoZsb3yQe16/f1B4RSqJYU4OpM3ZCWV
HPDM6KGyK3O/XdegVf+b/kQqsSMscSuUDsm51THU3oyI1OvZRMFMQKlj78frBcpm
ZAHEInt/MkVO35DHd8MUW+L1ljHOKt0NIlNtxRVSwBtRmyYwsGi25SaeZLa6S3FQ
Uf50dH2jh7PFixdRv+9SDLy4kCu1c36K4rLEWG+TFNDDc4ORNCTt8aWkMowouC75
IVQ10d9Y/LPuo94M8tcxSEOwAQLNf0iOlhOCWHc5wLBFlGCc5tgkXYjACEKHd4Ma
pJtWFvaLJ8d+v3C5qIV41cPBh/uaKFRab3Lq8DTyTwpzyLe3ghvNXcesa+tWzYFE
W90i0P/irCXrhlOV41hVp0cbI9YW0xAwdsoPn0qm91g/KfZSCDtvw40qw9ILRTUg
Sv9Ex+6L4moSQ0p2XKcgIEn0qUiUXwTeaT75j+ZKk9GJrrr5BbgE8BTDLs6pyi6M
BnGYN1PatsNUkAf016nFeoth6xhpyH0asbkUeSLDyPNEV9bkONS3k7eWoiiNJKIK
2D8WetLQf/Jb0x/0pjjIPWW0k62tO6OwARpz7jTiDFY0nJKvh26nVqBfME8QAq5P
ktWidSldVOu1d/FokoVr66mGYentYQHUGyFX0FdIDabKKcIMDuc=
=iJMT
-----END PGP SIGNATURE-----
Merge 4.14.176 into android-4.14-stable
Changes in 4.14.176
ipv4: fix a RCU-list lock in fib_triestat_seq_show
net, ip_tunnel: fix interface lookup with no key
sctp: fix refcount bug in sctp_wfree
sctp: fix possibly using a bad saddr with a given dst
drm/bochs: downgrade pci_request_region failure from error to warning
initramfs: restore default compression behavior
tools/power turbostat: Fix gcc build warnings
drm/etnaviv: replace MMU flush marker with flush sequence
blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
blk-mq: Allow blocking queue tag iter callbacks
misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices
coresight: do not use the BIT() macro in the UAPI header
padata: always acquire cpu_hotplug_lock before pinst->lock
mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
ipv6: don't auto-add link-local address to lag ports
net: dsa: bcm_sf2: Ensure correct sub-node is parsed
net: phy: micrel: kszphy_resume(): add delay after genphy_resume() before accessing PHY registers
net: stmmac: dwmac1000: fix out-of-bounds mac address reg setting
slcan: Don't transmit uninitialized stack data in padding
mlxsw: spectrum_flower: Do not stop at FLOW_ACTION_VLAN_MANGLE
random: always use batched entropy for get_random_u{32,64}
tools/accounting/getdelays.c: fix netlink attribute length
hwrng: imx-rngc - fix an error path
ASoC: jz4740-i2s: Fix divider written at incorrect offset in register
IB/hfi1: Call kobject_put() when kobject_init_and_add() fails
IB/hfi1: Fix memory leaks in sysfs registration and unregistration
ceph: remove the extra slashes in the server path
ceph: canonicalize server path in place
Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl
RDMA/cm: Update num_paths in cma_resolve_iboe_route error flow
fbcon: fix null-ptr-deref in fbcon_switch
acpi/nfit: Fix bus command validation
clk: qcom: rcg: Return failure for RCG update
drm/msm: stop abusing dma_map/unmap for cache
arm64: Fix size of __early_cpu_boot_status
rpmsg: glink: Remove chunk size word align warning
usb: dwc3: don't set gadget->is_otg flag
drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
rpmsg: glink: smem: Support rx peak for size less than 4 bytes
drm/msm: Use the correct dma_sync calls in msm_gem
Linux 4.14.176
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I15dbb5a2b6b015683408249990a95894658f611a
|
||
William Dauchy
|
b57327db68 |
net, ip_tunnel: fix interface lookup with no key
[ Upstream commit 25629fdaff2ff509dd0b3f5ff93d70a75e79e0a1 ]
when creating a new ipip interface with no local/remote configuration,
the lookup is done with TUNNEL_NO_KEY flag, making it impossible to
match the new interface (only possible match being fallback or metada
case interface); e.g: `ip link add tunl1 type ipip dev eth0`
To fix this case, adding a flag check before the key comparison so we
permit to match an interface with no local/remote config; it also avoids
breaking possible userland tools relying on TUNNEL_NO_KEY flag and
uninitialised key.
context being on my side, I'm creating an extra ipip interface attached
to the physical one, and moving it to a dedicated namespace.
Fixes: c54419321455 ("GRE: Refactor GRE tunneling code.")
Signed-off-by: William Dauchy <w.dauchy@criteo.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Qian Cai
|
545d7421fb |
ipv4: fix a RCU-list lock in fib_triestat_seq_show
[ Upstream commit fbe4e0c1b298b4665ee6915266c9d6c5b934ef4a ] fib_triestat_seq_show() calls hlist_for_each_entry_rcu(tb, head, tb_hlist) without rcu_read_lock() will trigger a warning, net/ipv4/fib_trie.c:2579 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by proc01/115277: #0: c0000014507acf00 (&p->lock){+.+.}-{3:3}, at: seq_read+0x58/0x670 Call Trace: dump_stack+0xf4/0x164 (unreliable) lockdep_rcu_suspicious+0x140/0x164 fib_triestat_seq_show+0x750/0x880 seq_read+0x1a0/0x670 proc_reg_read+0x10c/0x1b0 __vfs_read+0x3c/0x70 vfs_read+0xac/0x170 ksys_read+0x7c/0x140 system_call+0x5c/0x68 Fix it by adding a pair of rcu_read_lock/unlock() and use cond_resched_rcu() to avoid the situation where walking of a large number of items may prevent scheduling for a long time. Signed-off-by: Qian Cai <cai@lca.pw> Reviewed-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
fae4e1d295 |
This is the 4.14.175 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6F9/8ACgkQONu9yGCS
aT5DJQ//aAbpT3q2hDbthg9szl/SsAlJr6UX90k7ZjxlI/wnXTepNIWTZqvSnvV4
sb8HeOz2KUuTUh/PvM2vS37kdtzKqefku77tGl3JOE+pIIlKQ1au82U7vuSmo/FH
Ua+/MEN55f8baiZvYTGGQtwc36Bnj64iO8RUT5iSK2GU7KVVyIgFwKKqRQIzJ+Ds
dPACfMErty/+gvC9t0nx5u4BkC9ilIj5DH0OXiQvxZr9PQfg3lg7FFF/a6M0gaRF
qhBZFX2xKzQRKVKnbob5kSpir6gsW/cu8S43YIcNzx72Ce4ROFi910J7P1Jzlb5j
KEQGL7IuP+k8fwCpMZ7B9Goh9ian9VSUXKjrlr+UGotOGLzQ+dk4c/NJvCjxQvqx
m8FtHNjo3WUl72Ul1p6zJc4JMC3LD3ZSkIQGhVny4Z52n4D4CnWI7+b5ppQe9RZD
Iu8XjS0pTGfUUiomtci9ZcpWcTiWvW/VY0sRQbKj94h1nETWblXzXef5vJygZbMm
hL950oGkWeh2MoBM3FYyBSP0YYkruTtUSQ1GRs7tsboUsiMM9cNSkwzsFU9xeEvh
ZPIN5IdAIRilauOiI3YLEfO7JPz4OG0AlzodgnjbFchLqSIVzme8Wr84tFOYBhp1
868Am3/E3p8qqmnMvtS8/TTETeehhbrPVUp1D+7zHnkv/mRC1CU=
=uswL
-----END PGP SIGNATURE-----
Merge 4.14.175 into android-4.14
Changes in 4.14.175
spi: qup: call spi_qup_pm_resume_runtime before suspending
powerpc: Include .BTF section
ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes
spi: pxa2xx: Add CS control clock quirk
spi/zynqmp: remove entry that causes a cs glitch
drm/exynos: dsi: propagate error value and silence meaningless warning
drm/exynos: dsi: fix workaround for the legacy clock name
drivers/perf: arm_pmu_acpi: Fix incorrect checking of gicc pointer
altera-stapl: altera_get_note: prevent write beyond end of 'key'
dm bio record: save/restore bi_end_io and bi_integrity
xenbus: req->body should be updated before req->state
xenbus: req->err should be updated before req->state
block, bfq: fix overwrite of bfq_group pointer in bfq_find_set_group()
parse-maintainers: Mark as executable
USB: Disable LPM on WD19's Realtek Hub
usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
USB: serial: option: add ME910G1 ECM composition 0x110b
usb: host: xhci-plat: add a shutdown
USB: serial: pl2303: add device-id for HP LD381
usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c
ALSA: line6: Fix endless MIDI read loop
ALSA: seq: virmidi: Fix running status after receiving sysex
ALSA: seq: oss: Fix running status after receiving sysex
ALSA: pcm: oss: Avoid plugin buffer overflow
ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
iio: trigger: stm32-timer: disable master mode when stopping
iio: magnetometer: ak8974: Fix negative raw values in sysfs
mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2
staging: rtl8188eu: Add device id for MERCUSYS MW150US v2
staging/speakup: fix get_word non-space look-ahead
intel_th: Fix user-visible error codes
intel_th: pci: Add Elkhart Lake CPU support
rtc: max8907: add missing select REGMAP_IRQ
xhci: Do not open code __print_symbolic() in xhci trace events
memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event
mm: slub: be more careful about the double cmpxchg of freelist
mm, slub: prevent kmalloc_node crashes and memory leaks
page-flags: fix a crash at SetPageError(THP_SWAP)
x86/mm: split vmalloc_sync_all()
USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL
USB: cdc-acm: fix rounding error in TIOCSSERIAL
iio: adc: at91-sama5d2_adc: fix channel configuration for differential channels
iio: adc: at91-sama5d2_adc: fix differential channels in triggered mode
kbuild: Disable -Wpointer-to-enum-cast
futex: Fix inode life-time issue
futex: Unbreak futex hashing
Revert "vrf: mark skb for multicast or link-local as enslaved to VRF"
Revert "ipv6: Fix handling of LLA with VRF and sockets bound to VRF"
ALSA: hda/realtek: Fix pop noise on ALC225
arm64: smp: fix smp_send_stop() behaviour
arm64: smp: fix crash_smp_send_stop() behaviour
drm/bridge: dw-hdmi: fix AVI frame colorimetry
staging: greybus: loopback_test: fix potential path truncation
staging: greybus: loopback_test: fix potential path truncations
Revert "drm/dp_mst: Skip validating ports during destruction, just ref"
hsr: fix general protection fault in hsr_addr_is_self()
macsec: restrict to ethernet devices
net: dsa: Fix duplicate frames flooded by learning
net: mvneta: Fix the case where the last poll did not process all rx
net/packet: tpacket_rcv: avoid a producer race condition
net: qmi_wwan: add support for ASKEY WWHC050
net_sched: cls_route: remove the right filter from hashtable
net_sched: keep alloc_hash updated after hash allocation
net: stmmac: dwmac-rk: fix error path in rk_gmac_probe
NFC: fdp: Fix a signedness bug in fdp_nci_send_patch()
slcan: not call free_netdev before rtnl_unlock in slcan_open
bnxt_en: fix memory leaks in bnxt_dcbnl_ieee_getets()
net: dsa: mt7530: Change the LINK bit to reflect the link status
vxlan: check return value of gro_cells_init()
hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
hsr: add restart routine into hsr_get_node_list()
hsr: set .netnsok flag
net: ipv4: don't let PMTU updates increase route MTU
cgroup-v1: cgroup_pidlist_next should update position index
cpupower: avoid multiple definition with gcc -fno-common
drivers/of/of_mdio.c:fix of_mdiobus_register()
cgroup1: don't call release_agent when it is ""
dt-bindings: net: FMan erratum A050385
arm64: dts: ls1043a: FMan erratum A050385
fsl/fman: detect FMan erratum A050385
scsi: ipr: Fix softlockup when rescanning devices in petitboot
mac80211: Do not send mesh HWMP PREQ if HWMP is disabled
dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom
sxgbe: Fix off by one in samsung driver strncpy size arg
arm64: ptrace: map SPSR_ELx<->PSR for compat tasks
arm64: compat: map SPSR_ELx<->PSR for signals
ftrace/x86: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare()
i2c: hix5hd2: add missed clk_disable_unprepare in remove
Input: synaptics - enable RMI on HP Envy 13-ad105ng
Input: avoid BIT() macro usage in the serio.h UAPI header
ARM: dts: dra7: Add bus_dma_limit for L3 bus
ARM: dts: omap5: Add bus_dma_limit for L3 bus
perf probe: Do not depend on dwfl_module_addrsym()
tools: Let O= makes handle a relative path with -C option
scripts/dtc: Remove redundant YYLOC global declaration
scsi: sd: Fix optimal I/O size for devices that change reported values
mac80211: mark station unauthorized before key removal
gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk
gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model
RDMA/core: Ensure security pkey modify is not lost
genirq: Fix reference leaks on irq affinity notifiers
xfrm: handle NETDEV_UNREGISTER for xfrm device
vti[6]: fix packet tx through bpf_redirect() in XinY cases
RDMA/mlx5: Block delay drop to unprivileged users
xfrm: fix uctx len check in verify_sec_ctx_len
xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire
xfrm: policy: Fix doulbe free in xfrm_policy_timer
netfilter: nft_fwd_netdev: validate family and chain type
vti6: Fix memory leak of skb if input policy check fails
Input: raydium_i2c_ts - use true and false for boolean values
Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger()
afs: Fix some tracing details
USB: serial: option: add support for ASKEY WWHC050
USB: serial: option: add BroadMobi BM806U
USB: serial: option: add Wistron Neweb D19Q1
USB: cdc-acm: restore capability check order
USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback
usb: musb: fix crash with highmen PIO and usbmon
media: flexcop-usb: fix endpoint sanity check
media: usbtv: fix control-message timeouts
staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
libfs: fix infoleak in simple_attr_read()
media: ov519: add missing endpoint sanity checks
media: dib0700: fix rc endpoint lookup
media: stv06xx: add missing descriptor sanity checks
media: xirlink_cit: add missing descriptor sanity checks
mac80211: Check port authorization in the ieee80211_tx_dequeue() case
mac80211: fix authentication with iwlwifi/mvm
vt: selection, introduce vc_is_sel
vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines
vt: switch vt_dont_switch to bool
vt: vt_ioctl: remove unnecessary console allocation checks
vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
vt: vt_ioctl: fix use-after-free in vt_in_use()
platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table
bpf: Explicitly memset the bpf_attr structure
bpf: Explicitly memset some bpf info structures declared on the stack
gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model
net: ks8851-ml: Fix IO operations, again
arm64: alternative: fix build with clang integrated assembler
perf map: Fix off by one in strncpy() size argument
ARM: dts: oxnas: Fix clear-mask property
ARM: bcm2835-rpi-zero-w: Add missing pinctrl name
arm64: dts: ls1043a-rdb: correct RGMII delay mode to rgmii-id
arm64: dts: ls1046ardb: set RGMII interfaces to RGMII_ID mode
Linux 4.14.175
Change-Id: If2c2cb5b3745ed6fbc5cb77737cfb1758fea4cb9
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Nicolas Dichtel
|
27993a6ac8 |
vti[6]: fix packet tx through bpf_redirect() in XinY cases
commit f1ed10264ed6b66b9cd5e8461cffce69be482356 upstream.
I forgot the 4in6/6in4 cases in my previous patch. Let's fix them.
Fixes: 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Sabrina Dubroca
|
956b657b57 |
net: ipv4: don't let PMTU updates increase route MTU
[ Upstream commit 28d35bcdd3925e7293408cdb8aa5f2aac5f0d6e3 ]
When an MTU update with PMTU smaller than net.ipv4.route.min_pmtu is
received, we must clamp its value. However, we can receive a PMTU
exception with PMTU < old_mtu < ip_rt_min_pmtu, which would lead to an
increase in PMTU.
To fix this, take the smallest of the old MTU and ip_rt_min_pmtu.
Before this patch, in case of an update, the exception's MTU would
always change. Now, an exception can have only its lock flag updated,
but not the MTU, so we need to add a check on locking to the following
"is this exception getting updated, or close to expiring?" test.
Fixes: d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
32bc956bc2 |
This is the 4.14.174 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl50lI4ACgkQONu9yGCS aT6V5w//bpLVXV9Tk0kOVromh24pJVFDWfvOgAkU1ZuapvjbTZvnv2eprflcwxVK R/ftiiashYOrYzyYUrzkmz1y7SI69p7d0Sp7CJJ4jSZl8FAJnZg35vNpeEE7eqic oH8+k8qU3bN0M76qcBJ9nd4/nzizoC09L+4hKBwIhnXmH8prqhY30coki1zBikyv PTlyMrzkrHArWhbeE1nvkztK3Yhyrz4/w9uLdcduNbtxoPBMkXh2huomFC/ucjUY NaJ4lC4jIK6SosuN+wjWqcrsecQeX0vMcmlOgrriBOY5mmfhytr6cMJz31bhAlSc NCI4OrsQCralVEhTtsirmuMwRSi9zi6HGLo37wTFga5iVTNiP2GxGU8wSUKJ3M0u b6PDmpfOdm0gKL7Vk53Eo6TDo9EvYcnRDbmuWWc/NUAyR64e4lhtQt3CnuCnwh3O 8u1Wpguc21BcwhRoAKKQutodUTql5hSuNMkaOKSz74Hjj4mu7wiZnl3CbfYEo1xW 1g3ptl4UbgV2lraLONMoCvgcifgCoJhHHrnhmyIp7fgCzDkykfvfd3O3Tx3gWZvx /x1kBfnL81UCElp83bV/sQOCTUlXMl5QjUo2lUuhr+YlHMhNGoS5/naje7IIqZkB 85pkTICwUgju/Ux5cffpwo/w9sCVG/dvUw10HhHISZzq85wtMbQ= =t+O8 -----END PGP SIGNATURE----- Merge 4.14.174 into android-4.14 Changes in 4.14.174 phy: Revert toggling reset changes. net: phy: Avoid multiple suspends cgroup, netclassid: periodically release file_lock on classid updating gre: fix uninit-value in __iptunnel_pull_header ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface ipvlan: add cond_resched_rcu() while processing muticast backlog ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast() netlink: Use netlink header as base to calculate bad attribute offset net: macsec: update SCI upon MAC address change. net: nfc: fix bounds checking bugs on "pipe" net/packet: tpacket_rcv: do not increment ring index on drop r8152: check disconnect status after long sleep sfc: detach from cb_page in efx_copy_channel() bnxt_en: reinitialize IRQs when MTU is modified cgroup: memcg: net: do not associate sock with unrelated cgroup net: memcg: late association of sock to memcg net: memcg: fix lockdep splat in inet_csk_accept() fib: add missing attribute validation for tun_id nl802154: add missing attribute validation nl802154: add missing attribute validation for dev_type can: add missing attribute validation for termination macsec: add missing attribute validation for port net: fq: add missing attribute validation for orphan mask team: add missing attribute validation for port ifindex team: add missing attribute validation for array index nfc: add missing attribute validation for SE API nfc: add missing attribute validation for vendor subcommand net: phy: fix MDIO bus PM PHY resuming bonding/alb: make sure arp header is pulled before accessing it slip: make slhc_compress() more robust against malicious packets net: fec: validate the new settings in fec_enet_set_coalesce() macvlan: add cond_resched() during multicast processing inet_diag: return classid for all socket types ipvlan: do not add hardware address of master to its unicast filter list ipvlan: egress mcast packets are not exceptional ipvlan: don't deref eth hdr before checking it's set cgroup: cgroup_procs_next should increase position index cgroup: Iterate tasks that did not finish do_exit() iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices virtio-blk: fix hw_queue stopped on arbitrary error iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint workqueue: don't use wq_select_unbound_cpu() for bound works drm/amd/display: remove duplicated assignment to grph_obj_type ktest: Add timeout for ssh sync testing cifs_atomic_open(): fix double-put on late allocation failure gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache KVM: x86: clear stale x86_emulate_ctxt->intercept value ARC: define __ALIGN_STR and __ALIGN symbols for ARC efi: Fix a race and a buffer overflow while reading efivars via sysfs x86/mce: Fix logic and comments around MSR_PPIN_CTL iommu/dma: Fix MSI reservation allocation iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page pinctrl: meson-gxl: fix GPIOX sdio pins pinctrl: core: Remove extra kref_get which blocks hogs being freed nl80211: add missing attribute validation for critical protocol indication nl80211: add missing attribute validation for beacon report scanning nl80211: add missing attribute validation for channel switch netfilter: cthelper: add missing attribute validation for cthelper netfilter: nft_payload: add missing attribute validation for payload csum flags iommu/vt-d: Fix the wrong printing in RHSA parsing iommu/vt-d: Ignore devices with out-of-spec domain number i2c: acpi: put device when verifying client fails ipv6: restrict IPV6_ADDRFORM operation net/smc: check for valid ib_client_data efi: Add a sanity check to efivar_store_raw() batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation batman-adv: Always initialize fragment header priority batman-adv: Fix check of retrieved orig_gw in batadv_v_gw_is_eligible batman-adv: Fix lock for ogm cnt access in batadv_iv_ogm_calc_tq batman-adv: Fix internal interface indices types batman-adv: update data pointers after skb_cow() batman-adv: Avoid race in TT TVLV allocator helper batman-adv: Fix TT sync flags for intermediate TT responses batman-adv: prevent TT request storms by not sending inconsistent TT TLVLs batman-adv: Fix debugfs path for renamed hardif batman-adv: Fix debugfs path for renamed softif batman-adv: Fix duplicated OGMs on NETDEV_UP batman-adv: Avoid free/alloc race when handling OGM2 buffer batman-adv: Avoid free/alloc race when handling OGM buffer batman-adv: Don't schedule OGM for disabled interface perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT flag ACPI: watchdog: Allow disabling WDAT at boot HID: apple: Add support for recent firmware on Magic Keyboards HID: i2c-hid: add Trekstor Surfbook E11B to descriptor override cfg80211: check reg_rule for NULL in handle_channel_custom() scsi: libfc: free response frame from GPN_ID net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch net: ks8851-ml: Fix IRQ handling and locking mac80211: rx: avoid RCU list traversal under mutex signal: avoid double atomic counter increments for user accounting slip: not call free_netdev before rtnl_unlock in slip_open hinic: fix a bug of setting hw_ioctxt net: rmnet: fix NULL pointer dereference in rmnet_newlink() jbd2: fix data races at struct journal_head ARM: 8957/1: VDSO: Match ARMv8 timer in cntvct_functional() ARM: 8958/1: rename missed uaccess .fixup section mm: slub: add missing TID bump in kmem_cache_alloc_bulk() ipv4: ensure rcu_read_lock() in cipso_v4_error() Linux 4.14.174 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I8594f155b5b3df71510fdb5dc034c80fb2332c91 |
||
Matteo Croce
|
62a47c2e06 |
ipv4: ensure rcu_read_lock() in cipso_v4_error()
commit 3e72dfdf8227b052393f71d820ec7599909dddc2 upstream.
Similarly to commit c543cb4a5f07 ("ipv4: ensure rcu_read_lock() in
ipv4_link_failure()"), __ip_options_compile() must be called under rcu
protection.
Fixes: 3da1ed7ac398 ("net: avoid use IPCB in cipso_v4_error")
Suggested-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Matteo Croce <mcroce@redhat.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Dmitry Yakunin
|
e6b382e861 |
inet_diag: return classid for all socket types
[ Upstream commit 83f73c5bb7b9a9135173f0ba2b1aa00c06664ff9 ]
In commit 1ec17dbd90f8 ("inet_diag: fix reporting cgroup classid and
fallback to priority") croup classid reporting was fixed. But this works
only for TCP sockets because for other socket types icsk parameter can
be NULL and classid code path is skipped. This change moves classid
handling to inet_diag_msg_attrs_fill() function.
Also inet_diag_msg_attrs_size() helper was added and addends in
nlmsg_new() were reordered to save order from inet_sk_diag_fill().
Fixes: 1ec17dbd90f8 ("inet_diag: fix reporting cgroup classid and fallback to priority")
Signed-off-by: Dmitry Yakunin <zeil@yandex-team.ru>
Reviewed-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|