msm-4.14

mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00

Author	SHA1	Message	Date
Kees Cook	fc2d51a64e	gss_krb5: Remove VLA usage of skcipher In the quest to remove all stack VLA usage from the kernel[1], this replaces struct crypto_skcipher and SKCIPHER_REQUEST_ON_STACK() usage with struct crypto_sync_skcipher and SYNC_SKCIPHER_REQUEST_ON_STACK(), which uses a fixed stack size. [1] https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qPXydAacU1RqZWA@mail.gmail.com Cc: Trond Myklebust <trond.myklebust@hammerspace.com> Cc: Anna Schumaker <anna.schumaker@netapp.com> Cc: "J. Bruce Fields" <bfields@fieldses.org> Cc: Jeff Layton <jlayton@kernel.org> Cc: YueHaibing <yuehaibing@huawei.com> Cc: linux-nfs@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Panchajanya1999 <panchajanya@azure-dev.live>	2021-07-31 10:54:47 +05:30
Greg Kroah-Hartman	b726057b9e	Linux 4.14.187 -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE4n5dijQDou9mhzu83qZv95d3LNwFAl77n3MACgkQ3qZv95d3 LNzAARAAusuJS+bN1O8HuoKkjr+2Tv1UFKrYkBQTlSgChNFwgWiSCVrU4LeSSp0E H0K+ranCQZvMoFDAODkYP2C+WrxAFscRHahrkBA3sGo0+LHNxhfxyycM36I/w5Jk iRR4WkH7wpLgeTj4h2IIbSUyaCnp5pRzkKb70fzKxDgDQmBWvGFcQ0Pv9JzeKWiw 3Wz9KqKLUfEaUhIrdTFbONvbDXe82a3SE54lEy1apqL1NRumBa/rL8W8oBk7LfHE 8bGM4gd/+bRSER+tZZrWfdzazJ2uIVCCYtEm5R03NxkHZVuslKY+UGQbQcL3OxQN btEimZOGjuP1H+P83rjz4oJmhLWzkKGCBH3zVUwlj6PeSiI0suH2UJEhm8CSwONU 88cGkD75hCXxJWYwtW1dqmt7e2CtRwL4t7UgFvZ15cAG8cYgr2C6JOvxkZ0CfkWS GHnchfDKYnN6e3AWbfoNMrQuA/X6uhgU8lhtI+Txr2CD18tnmiwloQ6VRlX0zcwa 5kOsipd4qRRAmGLwGSfkg+cJXSA4Yw42RmK2R+IUeoq8mgHYPF1R8UYYB+fXIsTC g9k9yeRnd92WZuddWtHIVaHNxuOqDYUGuPUoaiEzKeaTlfxjLdxweIGbn1iThO1Y q1w4QxumGvIpSnvJ8yC1P37uT/j61QVIOytAZzNCQBKTorTo0eo= =Dhaj -----END PGP SIGNATURE----- Merge 4.14.187 into android-4.14-stable Changes in 4.14.187 scsi: scsi_devinfo: handle non-terminated strings net: be more gentle about silly gso requests coming from user block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed net: sched: export __netdev_watchdog_up() fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()" apparmor: don't try to replace stale label in ptraceme check ibmveth: Fix max MTU limit mld: fix memory leak in ipv6_mc_destroy_dev() net: bridge: enfore alignment for ethernet address net: fix memleak in register_netdevice() net: usb: ax88179_178a: fix packet alignment padding rocker: fix incorrect error handling in dma_rings_init rxrpc: Fix notification call on completion of discarded calls sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket tcp: grow window for OOO packets only for SACK flows tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes ip_tunnel: fix use-after-free in ip_tunnel_lookup() tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() net: Fix the arp error in some cases net: Do not clear the sock TX queue in sk_set_socket() net: core: reduce recursion limit value USB: ohci-sm501: Add missed iounmap() in remove usb: dwc2: Postponed gadget registration to the udc class driver usb: add USB_QUIRK_DELAY_INIT for Logitech C922 USB: ehci: reopen solution for Synopsys HC bug usb: host: xhci-mtk: avoid runtime suspend when removing hcd usb: host: ehci-exynos: Fix error check in exynos_ehci_probe() ALSA: usb-audio: add quirk for Denon DCD-1500RE xhci: Fix incorrect EP_STATE_MASK xhci: Fix enumeration issue when setting max packet size for FS devices. cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip loop: replace kill_bdev with invalidate_bdev ALSA: usb-audio: uac1: Invalidate ctl on interrupt ALSA: usb-audio: Clean up mixer element list traverse ALSA: usb-audio: Fix OOB access of mixer element list xhci: Poll for U0 after disabling USB2 LPM cifs/smb3: Fix data inconsistent when punch hole cifs/smb3: Fix data inconsistent when zero file range efi/esrt: Fix reference count leak in esre_create_sysfs_entry. ARM: dts: NSP: Correct FA2 mailbox node rxrpc: Fix handling of rwind from an ACK packet RDMA/cma: Protect bind_list and listen_list while finding matching cm id ASoC: rockchip: Fix a reference count leak. RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads() net: qed: fix left elements count calculation net: qed: fix NVMe login fails over VFs net: qed: fix excessive QM ILT lines consumption ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() usb: gadget: udc: Potential Oops in error handling code netfilter: ipset: fix unaligned atomic access net: bcmgenet: use hardware padding of runt frames sched/core: Fix PI boosting between RT and DEADLINE tasks ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function net: alx: fix race condition in alx_remove s390/ptrace: fix setting syscall number kbuild: improve cc-option to clean up all temporary files blktrace: break out of blktrace setup on concurrent calls ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table ACPI: sysfs: Fix pm_profile_attr type KVM: X86: Fix MSR range of APIC registers in X2APIC mode KVM: nVMX: Plumb L2 GPA through to PML emulation btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof mm/slab: use memzero_explicit() in kzfree() ocfs2: load global_inode_alloc ocfs2: fix value of OCFS2_INVALID_SLOT ocfs2: fix panic on nfs server over ocfs2 arm64: perf: Report the PC value in REGS_ABI_32 mode tracing: Fix event trigger to accept redundant spaces drm/radeon: fix fb_div check in ni_init_smc_spll_table() Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() sunrpc: fixed rollback in rpc_gssd_dummy_populate() SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() pNFS/flexfiles: Fix list corruption if the mirror count changes NFSv4 fix CLOSE not waiting for direct IO compeletion xfs: add agf freeblocks verify in xfs_agf_verify Revert "tty: hvc: Fix data abort due to race in hvc_open" Linux 4.14.187 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5f3301cdfbf593334e7b3d83f6c83f56a6476a33	2020-07-01 12:51:55 +02:00
Chuck Lever	653db17384	SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() commit 89a3c9f5b9f0bcaa9aea3e8b2a616fcaea9aad78 upstream. @subbuf is an output parameter of xdr_buf_subsegment(). A survey of call sites shows that @subbuf is always uninitialized before xdr_buf_segment() is invoked by callers. There are some execution paths through xdr_buf_subsegment() that do not set all of the fields in @subbuf, leaving some pointer fields containing garbage addresses. Subsequent processing of that buffer then results in a page fault. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: <stable@vger.kernel.org> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-06-30 15:38:09 -04:00
Vasily Averin	bbffca92d1	sunrpc: fixed rollback in rpc_gssd_dummy_populate() commit b7ade38165ca0001c5a3bd5314a314abbbfbb1b7 upstream. __rpc_depopulate(gssd_dentry) was lost on error path cc: stable@vger.kernel.org Fixes: commit 4b9a445e3eeb ("sunrpc: create a new dummy pipe for gssd to hold open") Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Reviewed-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-06-30 15:38:09 -04:00
Greg Kroah-Hartman	e570b0fb2f	This is the 4.14.186 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl70qaoACgkQONu9yGCS aT47KBAAuBj7O/teYsWuuqSn02hBOlNBOSN1QMKgt72FZmZqusM3GHIII2N0dk0y RATaEXpI/WxgJ7DZ8G9FdTbIyTtbtSV6M190xfjU5gYSdRJv/eDNEYMGiXrCPzJz 4LX/fQUJJQymw1PY89VHMsMcFCVyOlQiZHKQNCfNKFb0xxv6CzbaDM91OlNfJOA4 6w4f3+kB91b+UW/50T9S+ZbJmnX40Lg6GW5yPZP8U2W2gXhHqgWvX5wKbVmr/VLz fcFz8wLxX18Qjp475r185SNp0pN5QyctiwqXm+ngMTbs1DXXHVHUrV5PFwEnc8/Y 1OUWQUfqhvzQetgkhm+WkGtt+TtC12+yjnWy0nTPNt9Uj0/WkM7PpEAjV0Q5qEuS TCJuzzNtrK0vXbTpNCorh3DUzTyH3EhAM8AO4HyVQxie4nfpqaOY/MqdKGuk3LlH jKKn5xjYt0jjRjPBUjphbJs2PU8mOmc4X2cK9tKPHfgPk6KrPJTnPUyCYMBie8g+ 5h15lBqv/SvdUMhtjD+p7LnP6iMIV7DZUW06NFQQ91Q/ZVyb4kJyynmr40ScJJ6O +f+GOdkhy3JSVFtKOgwDOx/V6HSPzVgvI6fhxfdCc9jMxmksE5LcEy7FN0m5jLYL diUbkrinK2dGq1XjJ7N/zx4HzeR6Nvg56aCMaGJvXqHgWv9znNc= =W8kd -----END PGP SIGNATURE----- Merge 4.14.186 into android-4.14-stable Changes in 4.14.186 s390: fix syscall_get_error for compat processes drm/i915: Whitelist context-local timestamp in the gen9 cmdparser power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select clk: sunxi: Fix incorrect usage of round_down() i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets iio: pressure: bmp280: Tolerate IRQ before registering remoteproc: Fix IDR initialisation in rproc_alloc() clk: qcom: msm8916: Fix the address location of pll->config_reg backlight: lp855x: Ensure regulators are disabled on probe failure ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type ARM: integrator: Add some Kconfig selections scsi: qedi: Check for buffer overflow in qedi_set_path() ALSA: isa/wavefront: prevent out of bounds write in ioctl scsi: qla2xxx: Fix issue with adapter's stopping state iio: bmp280: fix compensation of humidity f2fs: report delalloc reserve as non-free in statfs for project quota i2c: pxa: clear all master action bits in i2c_pxa_stop_message() usblp: poison URBs upon disconnect dm mpath: switch paths in dm_blk_ioctl() code path PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register ps3disk: use the default segment boundary vfio/pci: fix memory leaks in alloc_perm_bits() m68k/PCI: Fix a memory leak in an error handling path mfd: wm8994: Fix driver operation if loaded as modules scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event clk: clk-flexgen: fix clock-critical handling powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run nfsd: Fix svc_xprt refcnt leak when setup callback client failed powerpc/crashkernel: Take "mem=" option into account yam: fix possible memory leak in yam_init_driver NTB: Fix the default port and peer numbers for legacy drivers mksysmap: Fix the mismatch of '.L' symbols in System.map apparmor: fix introspection of of task mode for unconfined tasks scsi: sr: Fix sr_probe() missing deallocate of device minor scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM staging: greybus: fix a missing-check bug in gb_lights_light_config() scsi: qedi: Do not flush offload work if ARP not resolved ALSA: usb-audio: Improve frames size computation s390/qdio: put thinint indicator after early error tty: hvc: Fix data abort due to race in hvc_open thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR staging: sm750fb: add missing case while setting FB_VISUAL i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output serial: amba-pl011: Make sure we initialize the port.lock spinlock drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish PCI: rcar: Fix incorrect programming of OB windows PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges scsi: qla2xxx: Fix warning after FC target reset power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()' power: supply: smb347-charger: IRQSTAT_D is volatile scsi: mpt3sas: Fix double free warnings dlm: remove BUG() before panic() clk: ti: composite: fix memory leak PCI: Fix pci_register_host_bridge() device_register() error handling tty: n_gsm: Fix SOF skipping tty: n_gsm: Fix waking up upper tty layer when room available powerpc/pseries/ras: Fix FWNMI_VALID off by one powerpc/ps3: Fix kexec shutdown hang vfio-pci: Mask cap zero usb/ohci-platform: Fix a warning when hibernating drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe() tty: n_gsm: Fix bogus i++ in gsm_data_kick clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 powerpc/64s/pgtable: fix an undefined behaviour dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port IB/cma: Fix ports memory leak in cma_configfs watchdog: da9062: No need to ping manually before setting timeout usb: dwc2: gadget: move gadget resume after the core is in L0 state USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check usb: gadget: fix potential double-free in m66592_probe. usb: gadget: Fix issue with config_ep_by_speed function x86/apic: Make TSC deadline timer detection message visible clk: bcm2835: Fix return type of bcm2835_register_gate scsi: ufs-qcom: Fix scheduling while atomic issue net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION powerpc/4xx: Don't unmap NULL mbase extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed vfio/mdev: Fix reference count leak in add_mdev_supported_type openrisc: Fix issue with argument clobbering for clone/fork gfs2: Allow lock_nolock mount to specify jid=X scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj scsi: ufs: Don't update urgent bkops level when toggling auto bkops pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()' pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()' crypto: omap-sham - add proper load balancing support for multicore geneve: change from tx_error to tx_dropped on missing metadata lib/zlib: remove outdated and incorrect pre-increment optimization include/linux/bitops.h: avoid clang shift-count-overflow warnings elfnote: mark all .note sections SHF_ALLOC selftests/vm/pkeys: fix alloc_random_pkey() to make it really random blktrace: use errno instead of bi_status blktrace: fix endianness in get_pdu_int() blktrace: fix endianness for blk_log_remap() gfs2: fix use-after-free on transaction ail lists selftests/net: in timestamping, strncpy needs to preserve null byte drm/sun4i: hdmi ddc clk: Fix size of m divider scsi: acornscsi: Fix an error handling path in acornscsi_probe() usb/xhci-plat: Set PM runtime as active on resume usb/ehci-platform: Set PM runtime as active on resume perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events() bcache: fix potential deadlock problem in btree_gc_coalesce block: Fix use-after-free in blkdev_get() arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints libata: Use per port sync for detach drm: encoder_slave: fix refcouting error for modules drm/dp_mst: Reformat drm_dp_check_act_status() a bit drm/qxl: Use correct notify port address when creating cursor ring selinux: fix double free ext4: fix partial cluster initialization when splitting extent drm/dp_mst: Increase ACT retry timeout to 3s x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld block: nr_sects_write(): Disable preemption on seqcount write mtd: rawnand: Pass a nand_chip object to nand_release() mtd: rawnand: diskonchip: Fix the probe error path mtd: rawnand: sharpsl: Fix the probe error path mtd: rawnand: xway: Fix the probe error path mtd: rawnand: orion: Fix the probe error path mtd: rawnand: oxnas: Add of_node_put() mtd: rawnand: oxnas: Fix the probe error path mtd: rawnand: socrates: Fix the probe error path mtd: rawnand: plat_nand: Fix the probe error path mtd: rawnand: mtk: Fix the probe error path mtd: rawnand: tmio: Fix the probe error path crypto: algif_skcipher - Cap recv SG list at ctx->used crypto: algboss - don't wait during notifier callback kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex e1000e: Do not wake up the system via WOL if device wakeup is disabled kretprobe: Prevent triggering kretprobe from within kprobe_flush_task sched/rt, net: Use CONFIG_PREEMPTION.patch net: core: device_rename: Use rwsem instead of a seqcount md: add feature flag MD_FEATURE_RAID0_LAYOUT kvm: x86: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c kvm: x86: Fix reserved bits related calculation errors caused by MKTME KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated Linux 4.14.186 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I5a9f5c8483f37ac08cf01991ffa43b333fdfa0a3	2020-06-25 16:12:13 +02:00
Fedor Tokarev	e669399894	net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' [ Upstream commit 118917d696dc59fd3e1741012c2f9db2294bed6f ] Fix off-by-one issues in 'rpc_ntop6': - 'snprintf' returns the number of characters which would have been written if enough space had been available, excluding the terminating null byte. Thus, a return value of 'sizeof(scopebuf)' means that the last character was dropped. - 'strcat' adds a terminating null byte to the string, thus if len == buflen, the null byte is written past the end of the buffer. Signed-off-by: Fedor Tokarev <ftokarev@gmail.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2020-06-25 15:41:55 +02:00
Greg Kroah-Hartman	d6d7b18f40	This is the 4.14.185 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7tx/EACgkQONu9yGCS aT4/ABAApnoLXN+Drzomi5DYYQoVyf+4sTgIHSks4Q7S0TggPYLH/UcYAkqxgmjd Lj3VKcCSZqoR6gCeTLK34DSxlKezvxKI/u5LVjdRVdyWc4W2y3InqYBGikPeuGfW Ud4E2pGe/NgoZ0jf6dxkIxQx3DqtrsY0742MTCG3BNEYo4B4HMcN0LEUEFtwSjqj e1LpE8sCX2MhfvAzCvajBhNlIv4Sdgr47+52yhxjS8h04D6rq92jGsdjUjw5Oqtt wPIf2v1zxFq3QkPf3pYW5e/FsfzzDk3pIs1bQ4TnoJkAGfI52eBTjekdRSU0TOiG U7RBXsVFCEcB/ec5WkiNzUhK4+SpEuO3SDa6u7OVlQ2wGTT/c1k1prJL0AdXwUJn NYqOe1WZpXORajLYbVNAQwvbTN3Chho5FI9w+WoU/WvmzxelqXAUCSTsqEhNV8oS ZBWu6anawL8C9d0aYsq1DeV2CMEPmQPWp9HeiNtZgl0ZKkZlqBcxW2dccq9h8PH4 xqRImk+owbKsT0NV3dV150Q41nc2rTQd2jyGeoA+iek17/XDxWT9ICArA+YfBhx1 uf+dNPyl8g8ATvTZaS7su/Q7T2rsgBc64DO5R+jtTp4QRgl/N2b4QyewfjusrRXA x3Ckq0oA9ZOcfLs9IAoTD5L1mmwSaYUa6fhiZHhop2daUPUbAgE= =BJUs -----END PGP SIGNATURE----- Merge 4.14.185 into android-4.14-stable Changes in 4.14.185 ipv6: fix IPV6_ADDRFORM operation logic vxlan: Avoid infinite loop when suppressing NS messages with invalid options make 'user_access_begin()' do 'access_ok()' Fix 'acccess_ok()' on alpha and SH arch/openrisc: Fix issues with access_ok() x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() serial: imx: Fix handling of TC irq in combination with DMA crypto: talitos - fix ECB and CBC algs ivsize ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook sched/fair: Don't NUMA balance for kthreads Input: synaptics - add a second working PNP_ID for Lenovo T470s drivers/net/ibmvnic: Update VNIC protocol version reporting powerpc/xive: Clear the page tables for the ESB IO mapping ath9k_htc: Silence undersized packet warnings perf probe: Accept the instance number of kretprobe event mm: add kvfree_sensitive() for freeing sensitive data objects x86_64: Fix jiffies ODR violation x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs x86/speculation: Prevent rogue cross-process SSBD shutdown x86/reboot/quirks: Add MacBook6,1 reboot quirk efi/efivars: Add missing kobject_put() in sysfs entry creation error path ALSA: es1688: Add the missed snd_card_free() ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines ALSA: usb-audio: Fix inconsistent card PM state after resume ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() ACPI: GED: add support for _Exx / _Lxx handler methods ACPI: PM: Avoid using power resources if there are none for D0 cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() spi: bcm2835aux: Fix controller unregister order spi: bcm-qspi: when tx/rx buffer is NULL set to 0 crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated ALSA: pcm: disallow linking stream to itself kvm: x86: Fix L1TF mitigation for shadow MMU KVM: x86/mmu: Consolidate "is MMIO SPTE" code KVM: x86: only do L1TF workaround on affected processors x86/speculation: Change misspelled STIPB to STIBP x86/speculation: Add support for STIBP always-on preferred mode x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. spi: dw: fix possible race condition spi: dw: Fix controller unregister order spi: No need to assign dummy value in spi_unregister_controller() spi: Fix controller unregister order spi: pxa2xx: Fix controller unregister order spi: bcm2835: Fix controller unregister order crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() selftests/net: in rxtimestamp getopt_long needs terminating null entry ovl: initialize error in ovl_copy_xattr proc: Use new_inode not new_inode_pseudo video: fbdev: w100fb: Fix a potential double free. KVM: nSVM: fix condition for filtering async PF KVM: nSVM: leave ASID aside in copy_vmcb_control_area KVM: nVMX: Consult only the "basic" exit reason when routing nested exit KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx ath9k: Fix use-after-free Write in ath9k_htc_rx_msg ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Smack: slab-out-of-bounds in vsscanf mm/slub: fix a memory leak in sysfs_slab_add() fat: don't allow to mount if the FAT length == 0 perf: Add cond_resched() to task_function_call() agp/intel: Reinforce the barrier after GTT updates mmc: sdhci-msm: Clear tuning done flag while hs400 tuning mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices xen/pvcalls-back: test for errors when calling backend_connect() ACPI: GED: use correct trigger type field in _Exx / _Lxx handling drm: bridge: adv7511: Extend list of audio sample rates crypto: ccp -- don't "select" CONFIG_DMADEVICES media: si2157: Better check for running tuner in init objtool: Ignore empty alternatives spi: pxa2xx: Apply CS clk quirk to BXT net: ena: fix error returning in ena_com_get_hash_function() spi: dw: Zero DMA Tx and Rx configurations on stack ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K MIPS: Loongson: Build ATI Radeon GPU driver as module Bluetooth: Add SCO fallback for invalid LMP parameters error kgdb: Prevent infinite recursive entries to the debugger spi: dw: Enable interrupts in accordance with DMA xfer mode clocksource: dw_apb_timer: Make CPU-affiliation being optional clocksource: dw_apb_timer_of: Fix missing clockevent timers btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE spi: dw: Fix Rx-only DMA transfers x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() staging: android: ion: use vmap instead of vm_map_ram brcmfmac: fix wrong location to get firmware feature tools api fs: Make xxx__mountpoint() more scalable e1000: Distribute switch variables for initialization dt-bindings: display: mediatek: control dpi pins mode to avoid leakage audit: fix a net reference leak in audit_send_reply() media: dvb: return -EREMOTEIO on i2c transfer failure. media: platform: fcp: Set appropriate DMA parameters MIPS: Make sparse_init() using top-down allocation audit: fix a net reference leak in audit_list_rules_send() netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported net: bcmgenet: set Rx mode before starting netif lib/mpi: Fix 64-bit MIPS build with Clang exit: Move preemption fixup up, move blocking operations down net: lpc-enet: fix error return code in lpc_mii_init() media: cec: silence shift wrapping warning in __cec_s_log_addrs() net: allwinner: Fix use correct return type for ndo_start_xmit() powerpc/spufs: fix copy_to_user while atomic Crypto/chcr: fix for ccm(aes) failed test MIPS: Truncate link address into 32bit for 32bit kernel mips: cm: Fix an invalid error code of INTVN__ERR kgdb: Fix spurious true from in_dbg_master() nvme: refine the Qemu Identify CNS quirk wcn36xx: Fix error handling path in 'wcn36xx_probe()' net: qed: Reduce RX and TX default ring count when running inside kdump kernel md: don't flush workqueue unconditionally in md_open rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() mwifiex: Fix memory corruption in dump_station x86/boot: Correct relocation destination on old linkers mips: MAAR: Use more precise address mask mips: Add udelay lpj numbers adjustment x86/mm: Stop printing BRK addresses m68k: mac: Don't call via_flush_cache() on Mac IIfx macvlan: Skip loopback packets in RX handler PCI: Don't disable decoding when mmio_always_on is set MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core ixgbe: fix signed-integer-overflow warning mmc: sdhci-esdhc-imx: fix the mask for tuning start point spi: dw: Return any value retrieved from the dma_transfer callback cpuidle: Fix three reference count leaks platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() string.h: fix incompatibility between FORTIFY_SOURCE and KASAN btrfs: send: emit file capabilities after chown mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() ima: Fix ima digest hash table key calculation ima: Directly assign the ima_default_policy pointer to ima_rules evm: Fix possible memory leak in evm_calc_hmac_or_hash() ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max ext4: fix error pointer dereference ext4: fix race between ext4_sync_parent() and rename() PCI: Disable MSI for Freescale Layerscape PCIe RC mode PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 PCI: Avoid FLR for AMD Starship USB 3.0 PCI: Add ACS quirk for iProc PAXB PCI: Add ACS quirk for Ampere root ports PCI: Make ACS quirk implementations more uniform vga_switcheroo: Deduplicate power state tracking vga_switcheroo: Use device link for HDA controller PCI: Generalize multi-function power dependency device links PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints PCI: Unify ACS quirk desired vs provided checking btrfs: fix error handling when submitting direct I/O bio btrfs: fix wrong file range cleanup after an error filling dealloc range blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call PCI: Program MPS for RCiEP devices e1000e: Disable TSO for buffer overrun workaround e1000e: Relax condition to trigger reset for ME workaround carl9170: remove P2P_GO support media: go7007: fix a miss of snd_card_free b43legacy: Fix case where channel status is corrupted b43: Fix connection problem with WPA3 b43_legacy: Fix connection problem with WPA3 media: ov5640: fix use of destroyed mutex igb: Report speed and duplex as unknown when device is runtime suspended power: vexpress: add suppress_bind_attrs to true pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs sparc32: fix register window handling in genregs32_[gs]et() sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() dm crypt: avoid truncating the logical block size kernel/cpu_pm: Fix uninitted local in cpu_pm ARM: tegra: Correct PL310 Auxiliary Control Register initialization drivers/macintosh: Fix memleak in windfarm_pm112 driver powerpc/64s: Don't let DT CPU features set FSCR_DSCR powerpc/64s: Save FSCR to init_task.thread.fscr after feature init kbuild: force to build vmlinux if CONFIG_MODVERSION=y sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. sunrpc: clean up properly in gss_mech_unregister() mtd: rawnand: brcmnand: fix hamming oob layout mtd: rawnand: pasemi: Fix the probe error path w1: omap-hdq: cleanup to add missing newline for some dev_dbg perf probe: Do not show the skipped events perf probe: Fix to check blacklist address correctly perf symbols: Fix debuginfo search for Ubuntu Linux 4.14.185 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ifd3a6f3d9643a42802ed8f061a548a5c5ffcb109	2020-06-22 11:22:58 +02:00
NeilBrown	881d3385a9	sunrpc: clean up properly in gss_mech_unregister() commit 24c5efe41c29ee3e55bcf5a1c9f61ca8709622e8 upstream. gss_mech_register() calls svcauth_gss_register_pseudoflavor() for each flavour, but gss_mech_unregister() does not call auth_domain_put(). This is unbalanced and makes it impossible to reload the module. Change svcauth_gss_register_pseudoflavor() to return the registered auth_domain, and save it for later release. Cc: stable@vger.kernel.org (v2.6.12+) Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651 Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-06-20 10:25:20 +02:00
NeilBrown	f8ff4d81ab	sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. commit d47a5dc2888fd1b94adf1553068b8dad76cec96c upstream. There is no valid case for supporting duplicate pseudoflavor registrations. Currently the silent acceptance of such registrations is hiding a bug. The rpcsec_gss_krb5 module registers 2 flavours but does not unregister them, so if you load, unload, reload the module, it will happily continue to use the old registration which now has pointers to the memory were the module was originally loaded. This could lead to unexpected results. So disallow duplicate registrations. Link: https://bugzilla.kernel.org/show_bug.cgi?id=206651 Cc: stable@vger.kernel.org (v2.6.12+) Signed-off-by: NeilBrown <neilb@suse.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-06-20 10:25:20 +02:00
Greg Kroah-Hartman	998aa7d8f2	This is the 4.14.171 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5HEegACgkQONu9yGCS aT6cNw//eNxBC6h0ibDOVeVbItkku2c0lwPRSrxtvhyUbE/RG63FlisA2TFEOUp8 y+Ionderw4+d8ySuExEcsE644d/ykES1Lj1dVR4Lzlbxo33X6p9opN9GCMHH1VH2 sRVWR8xLTUxzamGm4i5rUXMDplqTB+pTscVWJbisH1o3XW6SGnxAX3UjvqCHhjrW 9iLPBMZF/KkZDvhYbfl59QsB+FuLsjET3D1n+csypCzlZTf7zbi96tPMidprvhyt xWYl4NZCyLxqUFmKFILsWK3KN7tQNXMFILfwUMOVcn15689GGXRS1X4W7OA+nOKs rnSYM1KHBrsLHWdnLLcHh+qq7sKvgsIpIhvEyixl52c+qoMB1qJC+soZhhGJ4/kQ 93nl5ibHNUmPwc7a+R2G2U6C83aAS1zvV4LFIBtPXMc9oKOISDBkQgRJhsJ0HmQA 4euecjN7o1V+sE1LzvtMja6XcXqDEe7BrgT4e5TyL0Gd7IUGSbwyt61oIKPODcHM YWn4hnflpDXOxYtSiqFWTi9psrdja54G0b1eBuhJ4ve9Katdqb1xhj2p9+HRt5rr 38f3nNOHLI/ozWL4DrWVSUgxWM86zqr6cyI2iJmINIOVH5+oWjq4RzinT5TNbQby mgFNw/0rOyJXjdRiTB2qiOQZSaiAp/NbfO9OBlnBgR2BGcF5F6U= =BC1c -----END PGP SIGNATURE----- Merge 4.14.171 into android-4.14 Changes in 4.14.171 kernel/module: Fix memleak in module_add_modinfo_attrs() media: iguanair: fix endpoint sanity check x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR iwlwifi: mvm: fix NVM check for 3168 devices sparc32: fix struct ipc64_perm type definition cls_rsvp: fix rsvp_policy gtp: use __GFP_NOWARN to avoid memalloc warning l2tp: Allow duplicate session creation with UDP net: hsr: fix possible NULL deref in hsr_handle_frame() net_sched: fix an OOB access in cls_tcindex bnxt_en: Fix TC queue mapping. tcp: clear tp->total_retrans in tcp_disconnect() tcp: clear tp->delivered in tcp_disconnect() tcp: clear tp->data_segs{in\|out} in tcp_disconnect() tcp: clear tp->segs_{in\|out} in tcp_disconnect() rxrpc: Fix insufficient receive notification generation rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors mfd: dln2: More sanity checking for endpoints tracing: Fix sched switch start/stop refcount racy updates brcmfmac: Fix memory leak in brcmf_usbdev_qinit usb: gadget: legacy: set max_speed to super-speed usb: gadget: f_ncm: Use atomic_t to track in-flight request usb: gadget: f_ecm: Use atomic_t to track in-flight request ALSA: dummy: Fix PCM format loop in proc output media/v4l2-core: set pages dirty upon releasing DMA buffers media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more() irqdomain: Fix a memory leak in irq_domain_push_irq() platform/x86: intel_scu_ipc: Fix interrupt support KVM: arm64: Only sign-extend MMIO up to register width MIPS: fix indentation of the 'RELOCS' message s390/mm: fix dynamic pagetable upgrade for hugetlbfs powerpc/xmon: don't access ASDR in VMs powerpc/pseries: Advance pfn if section is not present in lmb_is_removable() mmc: spi: Toggle SPI polarity, do not hardcode it ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards alarmtimer: Unregister wakeup source when module get fails ubifs: Reject unsupported ioctl flags explicitly ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag ubifs: Fix deadlock in concurrent bulk-read and writepage PCI: keystone: Fix link training retries initiation mmc: sdhci-of-at91: fix memleak on clk_get failure ubifs: don't trigger assertion on invalid no-key filename hv_balloon: Balloon up according to request page number crypto: api - Check spawn->alg under lock in crypto_drop_spawn scsi: qla2xxx: Fix mtcp dump collection failure power: supply: ltc2941-battery-gauge: fix use-after-free f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project() f2fs: fix miscounted block limit in f2fs_statfs_project() f2fs: code cleanup for f2fs_statfs_project() PM: core: Fix handling of devices deleted during system-wide resume of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc dm zoned: support zone sizes smaller than 128MiB dm space map common: fix to ensure new block isn't already in use dm crypt: fix benbi IV constructor crash if used in authenticated mode tracing: Annotate ftrace_graph_hash pointer with __rcu tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu ftrace: Add comment to why rcu_dereference_sched() is open coded ftrace: Protect ftrace_graph_hash with ftrace_sync samples/bpf: Don't try to remove user's homedir on clean crypto: ccp - set max RSA modulus size for v3 platform devices as well crypto: pcrypt - Do not clear MAY_SLEEP flag in original request crypto: atmel-aes - Fix counter overflow in CTR mode crypto: api - Fix race condition in crypto_spawn_alg crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill scsi: qla2xxx: Fix unbound NVME response length NFS: Fix memory leaks and corruption in readdir NFS: Directory page cache pages need to be locked when read btrfs: set trans->drity in btrfs_commit_transaction ARM: tegra: Enable PLLP bypass during Tegra124 LP1 iwlwifi: don't throw error when trying to remove IGTK mwifiex: fix unbalanced locking in mwifiex_process_country_ie() sunrpc: expiry_time should be seconds not timeval tools/kvm_stat: Fix kvm_exit filter name xen/balloon: Support xend-based toolstack take two KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks KVM: x86: Protect kvm_hv_msr_[get\|set]_crash_data() from Spectre-v1/L1TF attacks KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails KVM: PPC: Book3S PR: Free shared page if mmu initialization fails KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails clk: tegra: Mark fuse clock as critical scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type scsi: csiostor: Adjust indentation in csio_device_reset scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free scsi: ufs: Recheck bkops level if bkops is disabled phy: qualcomm: Adjust indentation in read_poll_timeout ext2: Adjust indentation in ext2_fill_super powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize NFC: pn544: Adjust indentation in pn544_hci_check_presence ppp: Adjust indentation into ppp_async_input net: smc911x: Adjust indentation in smc911x_phy_configure net: tulip: Adjust indentation in {dmfe, uli526x}_init_module IB/mlx5: Fix outstanding_pi index for GSI qps IB/core: Fix ODP get user pages flow nfsd: fix delay timer on 32-bit architectures nfsd: fix jiffies/time_t mixup in LRU list ubi: fastmap: Fix inverted logic in seen selfcheck ubi: Fix an error pointer dereference in error handling code mfd: da9062: Fix watchdog compatible string mfd: rn5t618: Mark ADC control register volatile net: dsa: bcm_sf2: Only 7278 supports 2Gb/sec IMP port net_sched: fix a resource leak in tcindex_set_parms() net: systemport: Avoid RBUF stuck in Wake-on-LAN mode net: macb: Remove unnecessary alignment check for TSO net: macb: Limit maximum GEM TX length in TSO bonding/alb: properly access headers in bond_alb_xmit() ext4: fix deadlock allocating crypto bounce page from mempool btrfs: Get rid of the confusing btrfs_file_extent_inline_len Btrfs: fix assertion failure on fsync with NO_HOLES enabled Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES btrfs: use bool argument in free_root_pointers() btrfs: free block groups after free'ing fs trees btrfs: remove trivial locking wrappers of tree mod log Btrfs: fix race between adding and putting tree mod seq elements and nodes drm: atmel-hlcdc: enable clock before configuring timing engine KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks btrfs: flush write bio if we loop in extent_write_cache_pages KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM KVM: VMX: Add non-canonical check on writes to RTIT address MSRs KVM: nVMX: vmread should not set rflags to specify success in case of #PF KVM: Use vcpu-specific gva->hva translation when querying host page size KVM: Play nice with read-only memslots when querying host page size KVM: s390: do not clobber registers during guest reset/store status cifs: fail i/o on soft mounts if sessionsetup errors out clocksource: Prevent double add_timer_on() for watchdog_timer perf/core: Fix mlock accounting in perf_mmap() rxrpc: Fix service call disconnection ASoC: pcm: update FE/BE trigger order based on the command hv_sock: Remove the accept port restriction RDMA/netlink: Do not always generate an ACK for some netlink operations scsi: ufs: Fix ufshcd_probe_hba() reture value in case ufshcd_scsi_add_wlus() fails PCI/switchtec: Fix vep_vector_number ioread width PCI: Don't disable bridge BARs when assigning bus resources nfs: NFS_SWAP should depend on SWAP NFS/pnfs: Fix pnfs_generic_prepare_to_resend_writes() NFSv4: try lease recovery on NFS4ERR_EXPIRED serial: uartps: Add a timeout to the tx empty wait rtc: hym8563: Return -EINVAL if the time is known to be invalid rtc: cmos: Stop using shared IRQ ARC: [plat-axs10x]: Add missing multicast filter number to GMAC node platform/x86: intel_mid_powerbtn: Take a copy of ddata ARM: dts: at91: sama5d3: fix maximum peripheral clock rates ARM: dts: at91: sama5d3: define clock rate range for tcb1 tools/power/acpi: fix compilation error powerpc/pseries/vio: Fix iommu_table use-after-free refcount warning powerpc/pseries: Allow not having ibm, hypertas-functions::hcall-multi-tce for DDW KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections ARM: 8949/1: mm: mark free_memmap as __init arm64: cpufeature: Fix the type of no FP/SIMD capability KVM: arm/arm64: Fix young bit from mmu notifier crypto: artpec6 - return correct error code for failed setkey() crypto: atmel-sha - fix error handling when setting hmac key media: i2c: adv748x: Fix unsafe macros pinctrl: sh-pfc: r8a7778: Fix duplicate SDSELF_B and SD1_CLK_B scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state dm: fix potential for q->make_request_fn NULL pointer serial: uartps: Move the spinlock after the read of the tx empty mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() libertas: don't exit from lbs_ibss_join_existing() with RCU read lock held libertas: make lbs_ibss_join_existing() return error code on rates overflow Linux 4.14.171 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I2ffa7bd44800917ea3b327486b387470ab5d31b9	2020-02-19 10:09:50 +01:00
Roberto Bergantinos Corpas	4274984b78	sunrpc: expiry_time should be seconds not timeval commit 3d96208c30f84d6edf9ab4fac813306ac0d20c10 upstream. When upcalling gssproxy, cache_head.expiry_time is set as a timeval, not seconds since boot. As such, RPC cache expiry logic will not clean expired objects created under auth.rpcsec.context cache. This has proven to cause kernel memory leaks on field. Using 64 bit variants of getboottime/timespec Expiration times have worked this way since 2010's c5b29f885afe "sunrpc: use seconds since boot in expiry cache". The gssproxy code introduced in 2012 added gss_proxy_save_rsc and introduced the bug. That's a while for this to lurk, but it required a bit of an extreme case to make it obvious. Signed-off-by: Roberto Bergantinos Corpas <rbergant@redhat.com> Cc: stable@vger.kernel.org Fixes: 030d794bf498 "SUNRPC: Use gssproxy upcall for server..." Tested-By: Frank Sorenson <sorenson@redhat.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-02-14 16:32:15 -05:00
Greg Kroah-Hartman	d4dd59fa14	This is the 4.14.166 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4iAOQACgkQONu9yGCS aT7z5Q/+NCAWIpwCMxvKRIouYidK5WEivJ5+7231KzoC9zSZaiHlTLjg4oFAIyO0 iJXQWJU6FuzJpCr0LSQErWr3byOGox+Kq8TPaKpT8fSU+KBHQzKeQxwUcDMJpVup PQJQmkJeZcHQnsP67HdHsv1DzRWYN0h7z3L961NNKJIbnjrlSwz94SAmmNA0wsgw ZdoO2DOCrkU2WcG78VrJGRlC1XUofm+/12DxtKiquo160vUAKnszgw1J3iOdTFZ2 v/P0mYUjgIZXgTOjvkJWdfRlGcH6o1t0NNDngqs8+QFDV2iJgDgFwxJW2OQvBdg5 qw6TnU6/b+uzJ6jvvQWd5wt+cqN6FDtSkaZczeRp4Itpp8LKhkU+YbQ7FoVkHaIZ 0ADp/5PPt4coq9A77sJVH6U5LrFv8teGO+3HAgxd86YyXhzaBwWULhkzhOHJ3ZE5 hCCDduEaBoTk62aRT9GZfSWGcdK1DzuQ8KHqAaTH02iwJlg7NbKmTKdBqELeKHjd rLwl3fTwVITZ0PuH4Krma4A3trJTT9wHCPOZluTS6Zctje8ZKRn79TQXZDEfVE0j Ci8jQGpAcvDzloFM511zrgz1Ld+U/S95hbanlCwo4S6xZI4QDvpJlVBUN4YvCWZ8 p4bmPGDCPh1ZQyjKjWmMvOEVoB/XYtEvYzOEE/zjo61rZd0f1VU= =AzKE -----END PGP SIGNATURE----- Merge 4.14.166 into android-4.14 Changes in 4.14.166 hidraw: Return EPOLLOUT from hidraw_poll HID: hidraw: Fix returning EPOLLOUT from hidraw_poll HID: hidraw, uhid: Always report EPOLLOUT ethtool: reduce stack usage with clang fs/select: avoid clang stack usage warning rsi: add fix for crash during assertions arm64: don't open code page table entry creation arm64: mm: Change page table pointer name in p[md]_set_huge() arm64: Enforce BBM for huge IO/VMAP mappings arm64: Make sure permission updates happen for pmd/pud cfg80211/mac80211: make ieee80211_send_layer2_update a public function mac80211: Do not send Layer 2 Update frame before authorization media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap cifs: Fix lease buffer length error wimax: i2400: fix memory leak wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle iwlwifi: dbg_ini: fix memory leak in alloc_sgtable dccp: Fix memleak in __feat_register_sp drm/i915: Fix use-after-free when destroying GEM context rtc: mt6397: fix alarm register overwrite RDMA/bnxt_re: Fix Send Work Entry state check while polling completions ASoC: stm32: spdifrx: fix inconsistent lock state ASoC: stm32: spdifrx: fix race condition in irq handler gpio: zynq: Fix for bug in zynq_gpio_restore_context API iommu: Remove device link to group on failure gpio: Fix error message on out-of-range GPIO in lookup table hsr: reset network header when supervision frame is created cifs: Adjust indentation in smb2_open_file btrfs: simplify inode locking for RWF_NOWAIT RDMA/mlx5: Return proper error value RDMA/srpt: Report the SCSI residual to the initiator arm64: add sentinel to kpti_safe_list arm64: Check for errata before evaluating cpu features scsi: enclosure: Fix stale device oops with hot replug scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0 xprtrdma: Fix completion wait during device removal NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn iio: imu: adis16480: assign bias value only if operation succeeded mei: fix modalias documentation clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call pinctrl: lewisburg: Update pin list according to v1.1v6 scsi: sd: enable compat ioctls for sed-opal arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD af_unix: add compat_ioctl support compat_ioctl: handle SIOCOUTQNSD PCI/PTM: Remove spurious "d" from granularity message powerpc/powernv: Disable native PCIe port management tty: serial: imx: use the sg count from dma_map_sg tty: serial: pch_uart: correct usage of dma_unmap_sg media: ov6650: Fix incorrect use of JPEG colorspace media: ov6650: Fix some format attributes not under control media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support media: exynos4-is: Fix recursive locking in isp_video_release() mtd: spi-nor: fix silent truncation in spi_nor_read() mtd: spi-nor: fix silent truncation in spi_nor_read_raw() spi: atmel: fix handling of cs_change set on non-last xfer rtlwifi: Remove unnecessary NULL check in rtl_regd_init f2fs: fix potential overflow rtc: msm6242: Fix reading of 10-hour digit gpio: mpc8xxx: Add platform device to gpiochip->parent scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() rseq/selftests: Turn off timeout setting mips: cacheinfo: report shared CPU map MIPS: Prevent link failure with kcov instrumentation dmaengine: k3dma: Avoid null pointer traversal ioat: ioat_alloc_ring() failure handling. hexagon: parenthesize registers in asm predicates hexagon: work around compiler crash ocfs2: call journal flush to mark journal as empty after journal recovery when mount Linux 4.14.166 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic6ccea3484170413089727825691ffd049cb4659	2020-01-17 23:51:44 +01:00
Chuck Lever	760e1a2e4d	xprtrdma: Fix completion wait during device removal commit 13cb886c591f341a8759f175292ddf978ef903a1 upstream. I've found that on occasion, "rmmod <dev>" will hang while if an NFS is under load. Ensure that ri_remove_done is initialized only just before the transport is woken up to force a close. This avoids the completion possibly getting initialized again while the CM event handler is waiting for a wake-up. Fixes: bebd031866ca ("xprtrdma: Support unplugging an HCA from under an NFS mount") Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-01-17 19:45:47 +01:00
Greg Kroah-Hartman	f960b38ecc	This is the 4.14.159 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl35LxUACgkQONu9yGCS aT4dLRAAn62JwQdXIRD51BSeXOCxH/oTba3lec9YCf7ttnQojnBKg4Fzxps4R0eH a32uSWOfEb9P7CIIlSAKTx6XPJ3TAmsFjUO1KmO0kbMVmUw6G3yb0g/96/tNjSUt xJwyhYSasQDMmxV/5HvrkCbobeHP1Gf+eacKWfJHaVOUo1UXaW+25A++I5fYOdhn vrcHmJyJAQN38beSOVLDUJ+VXTyEO5ZUG+Pe7IwK1QiOF4JfWoIddCdxxyynT5PR R54x+xPLsaiFXQEjlVIATIsr9KgR3is4utpfSd7MYGxCD7yV4VNrZZighVKBIlV8 39K0zmcpbSIu3PHvxVGxpdjTzPWErPKH6tjHJ/weMI+zy4tHpzUOvpooH46BvYsn XMhlqsYlWS0Nj9eCpUxxkDr1hyuZlpv5RPyW4xKFWor6zQvVi+cl1wiDu0tKCD7T gg3vB04mMOBnGUsEzTc0I/hPcWp6xThQg4N9Zh/MbdwqSkN5KHDgakIMa2yEYRB7 ZLskhnvB2te1KVHvn5CsxR0ABPextALn/u/7qELgGIKoyJVzgmL/lF3wceGsUwz3 hpcWmYKKu5nPg+L1bCHj05O3IcaUhCmvTBkV39nh4TshTTPU0PkvBv20UoChcgER /4QhKydpeLwKi5hTuBuHN6z3PuGrId3opf28KdGsHQ1KGPqd5os= =p3OE -----END PGP SIGNATURE----- Merge 4.14.159 into android-4.14 Changes in 4.14.159 rsi: release skb if rsi_prepare_beacon fails arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator usb: gadget: u_serial: add missing port entry locking tty: serial: fsl_lpuart: use the sg count from dma_map_sg tty: serial: msm_serial: Fix flow control serial: pl011: Fix DMA ->flush_buffer() serial: serial_core: Perform NULL checks for break_ctl ops serial: ifx6x60: add missed pm_runtime_disable autofs: fix a leak in autofs_expire_indirect() RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN iwlwifi: pcie: don't consider IV len in A-MSDU exportfs_decode_fh(): negative pinned may become positive without the parent locked audit_get_nd(): don't unlock parent too early NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error xfrm: release device reference for invalid state Input: cyttsp4_core - fix use after free bug sched/core: Avoid spurious lock dependencies ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() rsxx: add missed destroy_workqueue calls in remove net: ep93xx_eth: fix mismatch of request_mem_region in remove i2c: core: fix use after free in of_i2c_notify serial: core: Allow processing sysrq at port unlock time cxgb4vf: fix memleak in mac_hlist initialization iwlwifi: mvm: synchronize TID queue removal iwlwifi: mvm: Send non offchannel traffic via AP sta ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ net/mlx5: Release resource on error flow clk: sunxi-ng: a64: Fix gate bit of DSI DPHY dlm: fix possible call to kfree() for non-initialized pointer extcon: max8997: Fix lack of path setting in USB device mode net: ethernet: ti: cpts: correct debug for expired txq skb rtc: s3c-rtc: Avoid using broken ALMYEAR register i40e: don't restart nway if autoneg not supported clk: rockchip: fix rk3188 sclk_smc gate data clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name dlm: fix missing idr_destroy for recover_idr MIPS: SiByte: Enable ZONE_DMA32 for LittleSur net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 scsi: zfcp: drop default switch case which might paper over missing case crypto: ecc - check for invalid values in the key verification test crypto: bcm - fix normal/non key hash algorithm failure pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues Staging: iio: adt7316: Fix i2c data reading, set the data field mm/vmstat.c: fix NUMA statistics updates clk: rockchip: fix I2S1 clock gate register for rk3328 clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 regulator: Fix return value of _set_load() stub net-next/hinic:fix a bug in set mac address iomap: sub-block dio needs to zeroout beyond EOF MIPS: OCTEON: octeon-platform: fix typing net/smc: use after free fix in smc_wr_tx_put_slot() math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' rtc: dt-binding: abx80x: fix resistance scale ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module media: pulse8-cec: return 0 when invalidating the logical address media: cec: report Vendor ID after initialization dmaengine: coh901318: Fix a double-lock bug dmaengine: coh901318: Remove unused variable dmaengine: dw-dmac: implement dma protection control setting usb: dwc3: debugfs: Properly print/set link state for HS usb: dwc3: don't log probe deferrals; but do log other error codes ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() f2fs: fix count of seg_freed to make sec_freed correct f2fs: change segment to section in f2fs_ioc_gc_range ARM: dts: rockchip: Fix the PMU interrupt number for rv1108 ARM: dts: rockchip: Assign the proper GPIO clocks for rv1108 f2fs: fix to allow node segment for GC by ioctl path sparc: Correct ctx->saw_frame_pointer logic. dma-mapping: fix return type of dma_set_max_seg_size() altera-stapl: check for a null key before strcasecmp'ing it serial: imx: fix error handling in console_setup i2c: imx: don't print error message on probe defer lockd: fix decoding of TEST results ASoC: rsnd: tidyup registering method for rsnd_kctrl_new() ARM: dts: sun5i: a10s: Fix HDMI output DTC warning ARM: dts: sun8i: v3s: Change pinctrl nodes to avoid warning dlm: NULL check before kmem_cache_destroy is not needed ARM: debug: enable UART1 for socfpga Cyclone5 nfsd: fix a warning in __cld_pipe_upcall() ASoC: au8540: use 64-bit arithmetic instead of 32-bit ARM: OMAP1/2: fix SoC name printing arm64: dts: meson-gxl-libretech-cc: fix GPIO lines names arm64: dts: meson-gxbb-nanopi-k2: fix GPIO lines names arm64: dts: meson-gxbb-odroidc2: fix GPIO lines names arm64: dts: meson-gxl-khadas-vim: fix GPIO lines names net/x25: fix called/calling length calculation in x25_parse_address_block net/x25: fix null_x25_address handling ARM: dts: mmp2: fix the gpio interrupt cell number ARM: dts: realview-pbx: Fix duplicate regulator nodes tcp: fix off-by-one bug on aborting window-probing socket tcp: fix SNMP under-estimation on failed retransmission tcp: fix SNMP TCP timeout under-estimation modpost: skip ELF local symbols during section mismatch check kbuild: fix single target build for external module mtd: fix mtd_oobavail() incoherent returned value ARM: dts: pxa: clean up USB controller nodes clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent ARM: dts: realview: Fix some more duplicate regulator nodes dlm: fix invalid cluster name warning net/mlx4_core: Fix return codes of unsupported operations pstore/ram: Avoid NULL deref in ftrace merging failure path powerpc/math-emu: Update macros from GCC clk: renesas: r8a77995: Correct parent clock of DU MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition nfsd: Return EPERM, not EACCES, in some SETATTR cases tty: Don't block on IO when ldisc change is pending media: stkwebcam: Bugfix for wrong return values firmware: qcom: scm: fix compilation error when disabled mlxsw: spectrum_router: Relax GRE decap matching check IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state IB/hfi1: Close VNIC sdma_progress sleep window mlx4: Use snprintf instead of complicated strcpy usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler ARM: dts: sunxi: Fix PMU compatible strings media: vimc: fix start stream when link is disabled net: aquantia: fix RSS table and key sizes tcp: exit if nothing to retransmit on RTO timeout sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision fuse: verify nlink fuse: verify attributes ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 ALSA: pcm: oss: Avoid potential buffer overflows ALSA: hda - Add mute led support for HP ProBook 645 G4 Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers Input: goodix - add upside-down quirk for Teclast X89 tablet coresight: etm4x: Fix input validation for sysfs. Input: Fix memory leak in psxpad_spi_probe x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks CIFS: Fix SMB2 oplock break processing tty: vt: keyboard: reject invalid keycodes can: slcan: Fix use-after-free Read in slcan_open kernfs: fix ino wrap-around detection jbd2: Fix possible overflow in jbd2_log_space_left() drm/i810: Prevent underflow in ioctl KVM: arm/arm64: vgic: Don't rely on the wrong pending table KVM: x86: do not modify masked bits of shared MSRs KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr crypto: af_alg - cast ki_complete ternary op to int crypto: ccp - fix uninitialized list head crypto: ecdh - fix big endian bug in ECC library crypto: user - fix memory leak in crypto_report spi: atmel: Fix CS high support RDMA/qib: Validate ->show()/store() callbacks before calling them iomap: Fix pipe page leakage during splicing thermal: Fix deadlock in thermal thermal_zone_device_check binder: Handle start==NULL in binder_update_page_range() ASoC: rsnd: fixup MIX kctrl registration KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) appletalk: Fix potential NULL pointer dereference in unregister_snap_client appletalk: Set error code if register_snap_client failed usb: gadget: configfs: Fix missing spin_lock_init() usb: gadget: pch_udc: fix use after free scsi: qla2xxx: Fix driver unload hang media: venus: remove invalid compat_ioctl32 handler USB: uas: honor flag to avoid CAPACITY16 USB: uas: heed CAPACITY_HEURISTICS USB: documentation: flags on usb-storage versus UAS usb: Allow USB device to be warm reset in suspended state staging: rtl8188eu: fix interface sanity check staging: rtl8712: fix interface sanity check staging: gigaset: fix general protection fault on probe staging: gigaset: fix illegal free on probe errors staging: gigaset: add endpoint-type sanity check usb: xhci: only set D3hot for pci device xhci: Increase STS_HALT timeout in xhci_suspend() xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour. ARM: dts: pandora-common: define wl1251 as child node of mmc3 iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting USB: atm: ueagle-atm: add missing endpoint check USB: idmouse: fix interface sanity checks USB: serial: io_edgeport: fix epic endpoint lookup USB: adutux: fix interface sanity check usb: core: urb: fix URB structure initialization function usb: mon: Fix a deadlock in usbmon between mmap and read tpm: add check after commands attribs tab allocation mtd: spear_smi: Fix Write Burst mode virtio-balloon: fix managed page counts when migrating pages between zones usb: dwc3: ep0: Clear started flag on completion btrfs: check page->mapping when loading free space cache btrfs: use refcount_inc_not_zero in kill_all_nodes Btrfs: fix negative subv_writers counter and data space leak after buffered write btrfs: Remove btrfs_bio::flags member Btrfs: send, skip backreference walking for extents with many references btrfs: record all roots for rename exchange on a subvol rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer rtlwifi: rtl8192de: Fix missing enable interrupt flag lib: raid6: fix awk build warnings ovl: relax WARN_ON() on rename to self ALSA: hda - Fix pending unsol events at shutdown md/raid0: Fix an error message in raid0_make_request() watchdog: aspeed: Fix clock behaviour for ast2600 hwrng: omap - Fix RNG wait loop timeout dm zoned: reduce overhead of backing device checks workqueue: Fix spurious sanity check failures in destroy_workqueue() workqueue: Fix pwq ref leak in rescuer_thread() ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report blk-mq: avoid sysfs buffer overflow with too many CPU cores cgroup: pids: use atomic64_t for pids->limit ar5523: check NULL before memcpy() in ar5523_cmd() s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported media: bdisp: fix memleak on release media: radio: wl1273: fix interrupt masking on release media: cec.h: CEC_OP_REC_FLAG_ values were swapped cpuidle: Do not unset the driver if it is there already intel_th: Fix a double put_device() in error path intel_th: pci: Add Ice Lake CPU support intel_th: pci: Add Tiger Lake CPU support PM / devfreq: Lock devfreq in trans_stat_show cpufreq: powernv: fix stack bloat and hard limit on number of CPUs ACPI: OSL: only free map once in osl.c ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() ACPI: PM: Avoid attaching ACPI PM domain to certain devices pinctrl: samsung: Add of_node_put() before return in error path pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init pinctrl: samsung: Fix device node refcount leaks in init code pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity ppdev: fix PPGETTIME/PPSETTIME ioctls powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB powerpc/xive: Prevent page fault issues in the machine crash handler powerpc: Allow flush_icache_range to work across ranges >4GB powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts video/hdmi: Fix AVI bar unpack quota: Check that quota is not dirty before release ext2: check err when partial != NULL quota: fix livelock in dquot_writeback_dquots ext4: Fix credit estimate for final inode freeing reiserfs: fix extended attributes on the root directory block: fix single range discard merge scsi: zfcp: trace channel log even for FCP command responses scsi: qla2xxx: Fix DMA unmap leak scsi: qla2xxx: Fix session lookup in qlt_abort_work() scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value scsi: qla2xxx: Fix message indicating vectors used by driver xhci: Fix memory leak in xhci_add_in_port() xhci: make sure interrupts are restored to correct state iio: adis16480: Add debugfs_reg_access entry phy: renesas: rcar-gen3-usb2: Fix sysfs interface of "role" omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251 scsi: lpfc: Cap NPIV vports to 256 scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE drbd: Change drbd_request_detach_interruptible's return type to int e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk power: supply: cpcap-battery: Fix signed counter sample register mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead media: vimc: fix component match compare ath10k: fix fw crash by moving chip reset after napi disabled powerpc: Avoid clang warnings around setjmp and longjmp powerpc: Fix vDSO clock_getres() ext4: work around deleting a file with i_nlink == 0 safely firmware: qcom: scm: Ensure 'a0' status code is treated as signed mm/shmem.c: cast the type of unmap_start to u64 ext4: fix a bug in ext4_wait_for_tail_page_commit mfd: rk808: Fix RK818 ID template blk-mq: make sure that line break can be printed workqueue: Fix missing kfree(rescuer) in destroy_workqueue() sunrpc: fix crash when cache_head become valid before update net/mlx5e: Fix SFF 8472 eeprom length gfs2: fix glock reference problem in gfs2_trans_remove_revoke kernel/module.c: wakeup processes in module_wq on module unload gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist raid5: need to set STRIPE_HANDLE for batch head of: unittest: fix memory leak in attach_node_and_children Linux 4.14.159 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-12-17 21:13:36 +01:00
Pavel Tikhomirov	cfd2194d54	sunrpc: fix crash when cache_head become valid before update [ Upstream commit 5fcaf6982d1167f1cd9b264704f6d1ef4c505d54 ] I was investigating a crash in our Virtuozzo7 kernel which happened in in svcauth_unix_set_client. I found out that we access m_client field in ip_map structure, which was received from sunrpc_cache_lookup (we have a bit older kernel, now the code is in sunrpc_cache_add_entry), and these field looks uninitialized (m_client == 0x74 don't look like a pointer) but in the cache_head in flags we see 0x1 which is CACHE_VALID. It looks like the problem appeared from our previous fix to sunrpc (1): commit 4ecd55ea0742 ("sunrpc: fix cache_head leak due to queued request") And we've also found a patch already fixing our patch (2): commit d58431eacb22 ("sunrpc: don't mark uninitialised items as VALID.") Though the crash is eliminated, I think the core of the problem is not completely fixed: Neil in the patch (2) makes cache_head CACHE_NEGATIVE, before cache_fresh_locked which was added in (1) to fix crash. These way cache_is_valid won't say the cache is valid anymore and in svcauth_unix_set_client the function cache_check will return error instead of 0, and we don't count entry as initialized. But it looks like we need to remove cache_fresh_locked completely in sunrpc_cache_lookup: In (1) we've only wanted to make cache_fresh_unlocked->cache_dequeue so that cache_requests with no readers also release corresponding cache_head, to fix their leak. We with Vasily were not sure if cache_fresh_locked and cache_fresh_unlocked should be used in pair or not, so we've guessed to use them in pair. Now we see that we don't want the CACHE_VALID bit set here by cache_fresh_locked, as "valid" means "initialized" and there is no initialization in sunrpc_cache_add_entry. Both expiry_time and last_refresh are not used in cache_fresh_unlocked code-path and also not required for the initial fix. So to conclude cache_fresh_locked was called by mistake, and we can just safely remove it instead of crutching it with CACHE_NEGATIVE. It looks ideologically better for me. Hope I don't miss something here. Here is our crash backtrace: [13108726.326291] BUG: unable to handle kernel NULL pointer dereference at 0000000000000074 [13108726.326365] IP: [<ffffffffc01f79eb>] svcauth_unix_set_client+0x2ab/0x520 [sunrpc] [13108726.326448] PGD 0 [13108726.326468] Oops: 0002 [#1] SMP [13108726.326497] Modules linked in: nbd isofs xfs loop kpatch_cumulative_81_0_r1(O) xt_physdev nfnetlink_queue bluetooth rfkill ip6table_nat nf_nat_ipv6 ip_vs_wrr ip_vs_wlc ip_vs_sh nf_conntrack_netlink ip_vs_sed ip_vs_pe_sip nf_conntrack_sip ip_vs_nq ip_vs_lc ip_vs_lblcr ip_vs_lblc ip_vs_ftp ip_vs_dh nf_nat_ftp nf_conntrack_ftp iptable_raw xt_recent nf_log_ipv6 xt_hl ip6t_rt nf_log_ipv4 nf_log_common xt_LOG xt_limit xt_TCPMSS xt_tcpmss vxlan ip6_udp_tunnel udp_tunnel xt_statistic xt_NFLOG nfnetlink_log dummy xt_mark xt_REDIRECT nf_nat_redirect raw_diag udp_diag tcp_diag inet_diag netlink_diag af_packet_diag unix_diag rpcsec_gss_krb5 xt_addrtype ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 ebtable_nat ebtable_broute nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_mangle ip6table_raw nfsv4 [13108726.327173] dns_resolver cls_u32 binfmt_misc arptable_filter arp_tables ip6table_filter ip6_tables devlink fuse_kio_pcs ipt_MASQUERADE nf_nat_masquerade_ipv4 xt_nat iptable_nat nf_nat_ipv4 xt_comment nf_conntrack_ipv4 nf_defrag_ipv4 xt_wdog_tmo xt_multiport bonding xt_set xt_conntrack iptable_filter iptable_mangle kpatch(O) ebtable_filter ebt_among ebtables ip_set_hash_ip ip_set nfnetlink vfat fat skx_edac intel_powerclamp coretemp intel_rapl iosf_mbi kvm_intel kvm irqbypass fuse pcspkr ses enclosure joydev sg mei_me hpwdt hpilo lpc_ich mei ipmi_si shpchp ipmi_devintf ipmi_msghandler xt_ipvs acpi_power_meter ip_vs_rr nfsv3 nfsd auth_rpcgss nfs_acl nfs lockd grace fscache nf_nat cls_fw sch_htb sch_cbq sch_sfq ip_vs em_u32 nf_conntrack tun br_netfilter veth overlay ip6_vzprivnet ip6_vznetstat ip_vznetstat [13108726.327817] ip_vzprivnet vziolimit vzevent vzlist vzstat vznetstat vznetdev vzmon vzdev bridge pio_kaio pio_nfs pio_direct pfmt_raw pfmt_ploop1 ploop ip_tables ext4 mbcache jbd2 sd_mod crc_t10dif crct10dif_generic mgag200 i2c_algo_bit drm_kms_helper scsi_transport_iscsi 8021q syscopyarea sysfillrect garp sysimgblt fb_sys_fops mrp stp ttm llc bnx2x crct10dif_pclmul crct10dif_common crc32_pclmul crc32c_intel drm dm_multipath ghash_clmulni_intel uas aesni_intel lrw gf128mul glue_helper ablk_helper cryptd tg3 smartpqi scsi_transport_sas mdio libcrc32c i2c_core usb_storage ptp pps_core wmi sunrpc dm_mirror dm_region_hash dm_log dm_mod [last unloaded: kpatch_cumulative_82_0_r1] [13108726.328403] CPU: 35 PID: 63742 Comm: nfsd ve: 51332 Kdump: loaded Tainted: G W O ------------ 3.10.0-862.20.2.vz7.73.29 #1 73.29 [13108726.328491] Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 10/02/2018 [13108726.328554] task: ffffa0a6a41b1160 ti: ffffa0c2a74bc000 task.ti: ffffa0c2a74bc000 [13108726.328610] RIP: 0010:[<ffffffffc01f79eb>] [<ffffffffc01f79eb>] svcauth_unix_set_client+0x2ab/0x520 [sunrpc] [13108726.328706] RSP: 0018:ffffa0c2a74bfd80 EFLAGS: 00010246 [13108726.328750] RAX: 0000000000000001 RBX: ffffa0a6183ae000 RCX: 0000000000000000 [13108726.328811] RDX: 0000000000000074 RSI: 0000000000000286 RDI: ffffa0c2a74bfcf0 [13108726.328864] RBP: ffffa0c2a74bfe00 R08: ffffa0bab8c22960 R09: 0000000000000001 [13108726.328916] R10: 0000000000000001 R11: 0000000000000001 R12: ffffa0a32aa7f000 [13108726.328969] R13: ffffa0a6183afac0 R14: ffffa0c233d88d00 R15: ffffa0c2a74bfdb4 [13108726.329022] FS: 0000000000000000(0000) GS:ffffa0e17f9c0000(0000) knlGS:0000000000000000 [13108726.329081] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [13108726.332311] CR2: 0000000000000074 CR3: 00000026a1b28000 CR4: 00000000007607e0 [13108726.334606] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [13108726.336754] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [13108726.338908] PKRU: 00000000 [13108726.341047] Call Trace: [13108726.343074] [<ffffffff8a2c78b4>] ? groups_alloc+0x34/0x110 [13108726.344837] [<ffffffffc01f5eb4>] svc_set_client+0x24/0x30 [sunrpc] [13108726.346631] [<ffffffffc01f2ac1>] svc_process_common+0x241/0x710 [sunrpc] [13108726.348332] [<ffffffffc01f3093>] svc_process+0x103/0x190 [sunrpc] [13108726.350016] [<ffffffffc07d605f>] nfsd+0xdf/0x150 [nfsd] [13108726.351735] [<ffffffffc07d5f80>] ? nfsd_destroy+0x80/0x80 [nfsd] [13108726.353459] [<ffffffff8a2bf741>] kthread+0xd1/0xe0 [13108726.355195] [<ffffffff8a2bf670>] ? create_kthread+0x60/0x60 [13108726.356896] [<ffffffff8a9556dd>] ret_from_fork_nospec_begin+0x7/0x21 [13108726.358577] [<ffffffff8a2bf670>] ? create_kthread+0x60/0x60 [13108726.360240] Code: 4c 8b 45 98 0f 8e 2e 01 00 00 83 f8 fe 0f 84 76 fe ff ff 85 c0 0f 85 2b 01 00 00 49 8b 50 40 b8 01 00 00 00 48 89 93 d0 1a 00 00 <f0> 0f c1 02 83 c0 01 83 f8 01 0f 8e 53 02 00 00 49 8b 44 24 38 [13108726.363769] RIP [<ffffffffc01f79eb>] svcauth_unix_set_client+0x2ab/0x520 [sunrpc] [13108726.365530] RSP <ffffa0c2a74bfd80> [13108726.367179] CR2: 0000000000000074 Fixes: d58431eacb22 ("sunrpc: don't mark uninitialised items as VALID.") Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Acked-by: NeilBrown <neilb@suse.de> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2019-12-17 20:40:00 +01:00
Greg Kroah-Hartman	13855a652b	This is the 4.14.157 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3jdnkACgkQONu9yGCS aT63nhAAnjTfLWAkeluVyLdyTRSoAedY21PJUtMYJVsULQcU886kRluCuz9Md/Um GVuZDTqlsXroH88xeiwKLsjt8bYOnjFwWQKoexi4MjtePkTkhmEAca3zl5CG7GH6 /e4VdkYvGMc9/+Lkv/+lBgZx7w+hoSEpEyAQ9NFFDDySEnzKpdg66e4fuSU54xhH 9sHAc/dpQX3a9+tgCs5V+tMczGqJH04MiX3zjS/SYvbI45QTOse4KVsZdxuHE0ip Ls4vEporl0C08bnZwyjFaJ7qT/j5vcXAGQ2ikqpegn/jSThG3rgPE1NB4+rUvLS6 3CRcu6CLuoYIpo/7BAzjZTPbYbgDwXqk3P9SSxSGHtt/Iy3nQ0Qt7J129IloHqm8 6mpqtM+D1xbxM/bi7C/16HAYmENos3HW5mv835yc8Xa7hi47FuQCNLY1cRYssDnE RxsCOni/im5Zp+rxbWmXGr0m/BZ7B2P5KdwXuUIeMVit2ROcDKy6DxZNH05RpjDp tTCqjSB27ubl6IfmvSsOD6JjHHNRqgvzsW8PVaSI/dx0jfiAOvn/tRoeHf/gNLQ4 SXVsYCpXyRgGCysABnYOT84ZioGpJABCQDDC6Tpoc8ikbGU7YA3Ju7vpGBl0qBAU 8S/Z0LHoGZFJtIVbJei3176QE/uASDqLctIR6FZMJuw+6pfXEZE= =cWv6 -----END PGP SIGNATURE----- Merge 4.14.157 into android-4.14 Changes in 4.14.157 net/mlx4_en: fix mlx4 ethtool -N insertion net: rtnetlink: prevent underflows in do_setvfinfo() sfc: Only cancel the PPS workqueue if it exists net/mlx5e: Fix set vf link state error flow net/mlxfw: Verify FSM error code translation doesn't exceed array size net/sched: act_pedit: fix WARN() in the traffic path vhost/vsock: split packets to send using multiple buffers gpio: max77620: Fixup debounce delays tools: gpio: Correctly add make dependencies for gpio_utils nbd:fix memory leak in nbd_get_socket() virtio_console: allocate inbufs in add_port() only if it is needed Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()" mm/ksm.c: don't WARN if page is still mapped in remove_stable_node() drm/i915/userptr: Try to acquire the page lock around set_page_dirty() platform/x86: asus-nb-wmi: Support ALS on the Zenbook UX430UQ platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi mwifiex: Fix NL80211_TX_POWER_LIMITED ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback printk: fix integer overflow in setup_log_buf() gfs2: Fix marking bitmaps non-full pty: fix compat ioctls synclink_gt(): fix compat_ioctl() powerpc: Fix signedness bug in update_flash_db() powerpc/boot: Disable vector instructions powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() brcmsmac: AP mode: update beacon when TIM changes ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem skd: fixup usage of legacy IO API cdrom: don't attempt to fiddle with cdo->capability spi: sh-msiof: fix deferred probing mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail btrfs: handle error of get_old_root gsmi: Fix bug in append_to_eventlog sysfs handler misc: mic: fix a DMA pool free failure w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size). m68k: fix command-line parsing when passed from u-boot RDMA/bnxt_re: Fix qp async event reporting pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' pwm: lpss: Only set update bit if we are actually changing the settings amiflop: clean up on errors during setup qed: Align local and global PTT to propagate through the APIs. scsi: ips: fix missing break in switch KVM: nVMX: reset cache/shadows when switching loaded VMCS KVM/x86: Fix invvpid and invept register operand size in 64-bit mode scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler scsi: isci: Change sci_controller_start_task's return type to sci_status scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param crypto: ccree - avoid implicit enum conversion nvmet-fcloop: suppress a compiler warning clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk clk: at91: audio-pll: fix audio pmc type ASoC: tegra_sgtl5000: fix device_node refcounting scsi: dc395x: fix dma API usage in srb_done scsi: dc395x: fix DMA API usage in sg_update_list net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed net: fix warning in af_unix net: ena: Fix Kconfig dependency on X86 xfs: fix use-after-free race in xfs_buf_rele kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack PM / Domains: Deal with multiple states but no governor in genpd ALSA: i2c/cs8427: Fix int to char conversion macintosh/windfarm_smu_sat: Fix debug output PCI: vmd: Detach resources after stopping root bus USB: misc: appledisplay: fix backlight update_status return code usbip: tools: fix atoi() on non-null terminated string dm raid: avoid bitmap with raid4/5/6 journal device SUNRPC: Fix a compile warning for cmpxchg64() sunrpc: safely reallow resvport min/max inversion atm: zatm: Fix empty body Clang warnings s390/perf: Return error when debug_register fails spi: omap2-mcspi: Set FIFO DMA trigger level to word length sparc: Fix parport build warnings. powerpc/pseries: Export raw per-CPU VPA data via debugfs ceph: fix dentry leak in ceph_readdir_prepopulate rtc: s35390a: Change buf's type to u8 in s35390a_init f2fs: fix to spread clear_cold_data() mISDN: Fix type of switch control variable in ctrl_teimanager qlcnic: fix a return in qlcnic_dcb_get_capability() net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode mfd: arizona: Correct calling of runtime_put_sync mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values mfd: intel_soc_pmic_bxtwc: Chain power button IRQs as well mfd: max8997: Enale irq-wakeup unconditionally selftests/ftrace: Fix to test kprobe $comm arg only if available selftests: watchdog: fix message when /dev/watchdog open fails selftests: watchdog: Fix error message. thermal: rcar_thermal: Prevent hardware access during system suspend bpf: devmap: fix wrong interface selection in notifier_call powerpc/process: Fix flush_all_to_thread for SPE sparc64: Rework xchg() definition to avoid warnings. arm64: lib: use C string functions with KASAN enabled fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock macsec: update operstate when lower device changes macsec: let the administrator set UP state even if lowerdev is down block: fix the DISCARD request merge i2c: uniphier-f: make driver robust against concurrency i2c: uniphier-f: fix occasional timeout error i2c: uniphier-f: fix race condition when IRQ is cleared um: Make line/tty semantics use true write IRQ vfs: avoid problematic remapping requests into partial EOF block powerpc/xmon: Relax frame size for clang selftests/powerpc/signal: Fix out-of-tree build selftests/powerpc/switch_endian: Fix out-of-tree build selftests/powerpc/cache_shape: Fix out-of-tree build linux/bitmap.h: handle constant zero-size bitmaps correctly linux/bitmap.h: fix type of nbits in bitmap_shift_right() hfsplus: fix BUG on bnode parent update hfs: fix BUG on bnode parent update hfsplus: prevent btree data loss on ENOSPC hfs: prevent btree data loss on ENOSPC hfsplus: fix return value of hfsplus_get_block() hfs: fix return value of hfs_get_block() hfsplus: update timestamps on truncate() hfs: update timestamp on truncate() fs/hfs/extent.c: fix array out of bounds read of array extent mm/memory_hotplug: make add_memory() take the device_hotplug_lock igb: shorten maximum PHC timecounter update interval net: hns3: bugfix for buffer not free problem during resetting ntb_netdev: fix sleep time mismatch ntb: intel: fix return value for ndev_vec_mask() arm64: makefile fix build of .i file in external module case ocfs2: don't put and assigning null to bh allocated outside ocfs2: fix clusters leak in ocfs2_defrag_extent() net: do not abort bulk send on BQL status sched/topology: Fix off by one bug sched/fair: Don't increase sd->balance_interval on newidle balance openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock audit: print empty EXECVE args btrfs: avoid link error with CONFIG_NO_AUTO_INLINE wil6210: fix locking in wmi_call wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' rtl8xxxu: Fix missing break in switch brcmsmac: never log "tid x is not agg'able" by default wireless: airo: potential buffer overflow in sprintf() rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information net: dsa: bcm_sf2: Turn on PHY to allow successful registration scsi: mpt3sas: Fix Sync cache command failure during driver unload scsi: mpt3sas: Don't modify EEDPTagMode field setting on SAS3.5 HBA devices scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11 scsi: megaraid_sas: Fix msleep granularity scsi: megaraid_sas: Fix goto labels in error handling scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces scsi: lpfc: Correct loss of fc4 type on remote port address change dlm: fix invalid free dlm: don't leak kernel pointer to userspace vrf: mark skb for multicast or link-local as enslaved to VRF ACPICA: Use %d for signed int print formatting instead of %u net: bcmgenet: return correct value 'ret' from bcmgenet_power_down of: unittest: allow base devicetree to have symbol metadata cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD PCI: keystone: Use quirk to limit MRRS for K2G spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch i2c: uniphier-f: fix timeout error after reading 8 bytes mm/memory_hotplug: Do not unlock when fails to take the device_hotplug_lock ipv6: Fix handling of LLA with VRF and sockets bound to VRF cfg80211: call disconnect_wk when AP stops Bluetooth: Fix invalid-free in bcsp_close() KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe ath9k_hw: fix uninitialized variable data md/raid10: prevent access of uninitialized resync_pages offset mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() net: phy: dp83867: fix speed 10 in sgmii mode net: phy: dp83867: increase SGMII autoneg timer duration arm64: fix for bad_mode() handler to always result in panic cpufreq: Skip cpufreq resume if it's not suspended ocfs2: remove ocfs2_is_o2cb_active() ARM: 8904/1: skip nomap memblocks while finding the lowmem/highmem boundary ARC: perf: Accommodate big-endian CPU x86/insn: Fix awk regexp warnings x86/speculation: Fix incorrect MDS/TAA mitigation status x86/speculation: Fix redundant MDS mitigation message nbd: prevent memory leak nfc: port100: handle command failure cleanly media: vivid: Set vid_cap_streaming and vid_out_streaming to true media: vivid: Fix wrong locking that causes race conditions on streaming stop media: usbvision: Fix races among open, close, and disconnect cpufreq: Add NULL checks to show() and store() methods of cpufreq media: uvcvideo: Fix error path in control parsing failure media: b2c2-flexcop-usb: add sanity checking media: cxusb: detect cxusb_ctrl_msg error in query media: imon: invalid dereference in imon_touch_event virtio_ring: fix return code on DMA mapping fails usbip: tools: fix fd leakage in the function of read_attr_usbip_status usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() usb-serial: cp201x: support Mark-10 digital force gauge USB: chaoskey: fix error case of a timeout appledisplay: fix error handling in the scheduled work USB: serial: mos7840: add USB ID to support Moxa UPort 2210 USB: serial: mos7720: fix remote wakeup USB: serial: mos7840: fix remote wakeup USB: serial: option: add support for DW5821e with eSIM support USB: serial: option: add support for Foxconn T77W968 LTE modules staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error powerpc/64s: support nospectre_v2 cmdline option powerpc/book3s64: Fix link stack flush on context switch KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel x86/hyperv: mark hyperv_init as __init function Linux 4.14.157 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-12-01 09:36:51 +01:00
J. Bruce Fields	1003056257	sunrpc: safely reallow resvport min/max inversion [ Upstream commit 826799e66e8683e5698e140bb9ef69afc8c0014e ] Commits ffb6ca33b04b and e08ea3a96fc7 prevent setting xprt_min_resvport greater than xprt_max_resvport, but may also break simple code that sets one parameter then the other, if the new range does not overlap the old. Also it looks racy to me, unless there's some serialization I'm not seeing. Granted it would probably require malicious privileged processes (unless there's a chance these might eventually be settable in unprivileged containers), but still it seems better not to let userspace panic the kernel. Simpler seems to be to allow setting the parameters to whatever you want but interpret xprt_min_resvport > xprt_max_resvport as the empty range. Fixes: ffb6ca33b04b "sunrpc: Prevent resvport min/max inversion..." Fixes: e08ea3a96fc7 "sunrpc: Prevent rexvport min/max inversion..." Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2019-12-01 09:13:42 +01:00
Trond Myklebust	a06db41118	SUNRPC: Fix a compile warning for cmpxchg64() [ Upstream commit e732f4485a150492b286f3efc06f9b34dd6b9995 ] Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2019-12-01 09:13:42 +01:00
Greg Kroah-Hartman	f9b4ab5c8e	This is the 4.14.156 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3aL/cACgkQONu9yGCS aT7ItBAAuh9Td+0gRweh5Wtxsj8MZYNeXb7TrM6rLU/z3QcP0GXSHB62ZUne+j9v bUS40aXAzd5O6quKt2XUW3EymyZH6InELtAV19b4wkzKjMbMOFJEEPxVs8KUUUyQ rCD0Mvazjwc8Z9c0EVVZRieLYhRo6vzgnMqaHp2BaIEd55VAF03vKWKIxJ7sEiNb uHEWYcTPFsowuvs3/+Nc/9cLYO/Cbxi9cr4FJGR/M0qNkQYK6HngWJwbWXERhfSI /CZB2FHNfzUuqZSdjbDDqznZqN/2mqePg2HpHrK+sPq3q5UJLNXW1qITls0r5P8K f4csvkt1BMjbJYS006x14s5nHpgpsmXDzzaoPVij5LZO1k2/W8ospCW7zAZK6w9c dn59S73SzCBCBPunxdK7l4FpMZZkbbW9GsrqF+EYaoR2ftUCDfXuzay79eMoCGW2 uG9Oy5lW4ci/QhNB072QMOSosnda9kWniw30Q02iFZpp9hZqpbYvSt3IH8Qgbz2S hEM2aqNEfjumBT1SdHgPsjn1Tmqeyo3wVCah6K5vy+qTjOxmVBslB5zT7upAA4be h77EN3aD7iqrwuZkeUvPpLxermqFZa7CmSXorOoOSMkzHtOiVyxS6koQechgIgpl DePv2tWYhRPmAeNo0+gGOiRAQ518PfVBSdJ9NTvcwvv+Ad+E0hM= =jEkm -----END PGP SIGNATURE----- Merge 4.14.156 into android-4.14 Changes in 4.14.156 spi: mediatek: use correct mata->xfer_len when in fifo transfer tee: optee: add missing of_node_put after of_device_is_available Revert "OPP: Protect dev_list with opp_table lock" net: cdc_ncm: Signedness bug in cdc_ncm_set_dgram_size() idr: Fix idr_get_next race with idr_remove mm/memory_hotplug: don't access uninitialized memmaps in shrink_pgdat_span() mm/memory_hotplug: fix updating the node span arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault fbdev: Ditch fb_edid_add_monspecs net: ovs: fix return type of ndo_start_xmit function net: xen-netback: fix return type of ndo_start_xmit function ARM: dts: dra7: Enable workaround for errata i870 in PCIe host mode ARM: dts: omap5: enable OTG role for DWC3 controller net: hns3: Fix for netdev not up problem when setting mtu f2fs: return correct errno in f2fs_gc ARM: dts: sun8i: h3-h5: ir register size should be the whole memory block SUNRPC: Fix priority queue fairness IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds iommu/io-pgtable-arm: Fix race handling in split_blk_unmap() kvm: arm/arm64: Fix stage2_flush_memslot for 4 level page table arm64/numa: Report correct memblock range for the dummy node ath10k: fix vdev-start timeout on error ata: ahci_brcm: Allow using driver or DSL SoCs ath9k: fix reporting calculated new FFT upper max usb: gadget: udc: fotg210-udc: Fix a sleep-in-atomic-context bug in fotg210_get_status() usb: dwc3: gadget: Check ENBLSLPM before sending ep command nl80211: Fix a GET_KEY reply attribute irqchip/irq-mvebu-icu: Fix wrong private data retrieval watchdog: w83627hf_wdt: Support NCT6796D, NCT6797D, NCT6798D KVM: PPC: Inform the userspace about TCE update failures dmaengine: ep93xx: Return proper enum in ep93xx_dma_chan_direction dmaengine: timb_dma: Use proper enum in td_prep_slave_sg ext4: fix build error when DX_DEBUG is defined clk: keystone: Enable TISCI clocks if K3_ARCH sunrpc: Fix connect metrics mei: samples: fix a signedness bug in amt_host_if_call() cxgb4: Use proper enum in cxgb4_dcb_handle_fw_update cxgb4: Use proper enum in IEEE_FAUX_SYNC powerpc/pseries: Fix DTL buffer registration powerpc/pseries: Fix how we iterate over the DTL entries powerpc/xive: Move a dereference below a NULL test ARM: dts: at91: sama5d4_xplained: fix addressable nand flash size ARM: dts: at91: at91sam9x5cm: fix addressable nand flash size mtd: rawnand: sh_flctl: Use proper enum for flctl_dma_fifo0_transfer PM / hibernate: Check the success of generating md5 digest before hibernation tools: PCI: Fix compilation warnings clocksource/drivers/sh_cmt: Fixup for 64-bit machines clocksource/drivers/sh_cmt: Fix clocksource width for 32-bit machines md: allow metadata updates while suspending an array - fix ixgbe: Fix ixgbe TX hangs with XDP_TX beyond queue limit i40e: Use proper enum in i40e_ndo_set_vf_link_state ixgbe: Fix crash with VFs and flow director on interface flap IB/mthca: Fix error return code in __mthca_init_one() IB/mlx4: Avoid implicit enumerated type conversion ACPICA: Never run _REG on system_memory and system_IO powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer ata: ep93xx: Use proper enums for directions media: rc: ir-rc6-decoder: enable toggle bit for Kathrein RCU-676 remote media: pxa_camera: Fix check for pdev->dev.of_node media: i2c: adv748x: Support probing a single output ALSA: hda/sigmatel - Disable automute for Elo VuPoint KVM: PPC: Book3S PR: Exiting split hack mode needs to fixup both PC and LR USB: serial: cypress_m8: fix interrupt-out transfer length mtd: physmap_of: Release resources on error cpu/SMT: State SMT is disabled even with nosmt and without "=force" brcmfmac: reduce timeout for action frame scan brcmfmac: fix full timeout waiting for action frame on-channel tx qtnfmac: pass sgi rate info flag to wireless core qtnfmac: drop error reports for out-of-bounds key indexes clk: samsung: exynos5420: Define CLK_SECKEY gate clock only or Exynos5420 clk: samsung: Use clk_hw API for calling clk framework from clk notifiers i2c: brcmstb: Allow enabling the driver on DSL SoCs NFSv4.x: fix lock recovery during delegation recall dmaengine: ioat: fix prototype of ioat_enumerate_channels media: cec-gpio: select correct Signal Free Time Input: st1232 - set INPUT_PROP_DIRECT property Input: silead - try firmware reload after unsuccessful resume remoteproc: Check for NULL firmwares in sysfs interface kexec: Allocate decrypted control pages for kdump if SME is enabled x86/olpc: Fix build error with CONFIG_MFD_CS5535=m dmaengine: rcar-dmac: set scatter/gather max segment size crypto: mxs-dcp - Fix SHA null hashes and output length crypto: mxs-dcp - Fix AES issues xfrm: use correct size to initialise sp->ovec ACPI / SBS: Fix rare oops when removing modules iwlwifi: mvm: don't send keys when entering D3 x86/fsgsbase/64: Fix ptrace() to read the FS/GS base accurately mmc: tmio: Fix SCC error detection fbdev: sbuslib: use checked version of put_user() fbdev: sbuslib: integer overflow in sbusfb_ioctl_helper() reset: Fix potential use-after-free in __of_reset_control_get() bcache: recal cached_dev_sectors on detach media: dw9714: Fix error handling in probe function s390/kasan: avoid vdso instrumentation proc/vmcore: Fix i386 build error of missing copy_oldmem_page_encrypted() backlight: lm3639: Unconditionally call led_classdev_unregister mfd: ti_am335x_tscadc: Keep ADC interface on if child is wakeup capable printk: Give error on attempt to set log buffer length to over 2G media: isif: fix a NULL pointer dereference bug GFS2: Flush the GFS2 delete workqueue before stopping the kernel threads media: cx231xx: fix potential sign-extension overflow on large shift x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error gpio: syscon: Fix possible NULL ptr usage spi: fsl-lpspi: Prevent FIFO under/overrun by default pinctrl: gemini: Mask and set properly spi: spidev: Fix OF tree warning logic ARM: 8802/1: Call syscall_trace_exit even when system call skipped orangefs: rate limit the client not running info message pinctrl: gemini: Fix up TVC clock group hwmon: (pwm-fan) Silence error on probe deferral hwmon: (ina3221) Fix INA3221_CONFIG_MODE macros netfilter: nft_compat: do not dump private area misc: cxl: Fix possible null pointer dereference mac80211: minstrel: fix using short preamble CCK rates on HT clients mac80211: minstrel: fix CCK rate group streams value mac80211: minstrel: fix sampling/reporting of CCK rates in HT mode spi: rockchip: initialize dma_slave_config properly mlxsw: spectrum_switchdev: Check notification relevance based on upper device ARM: dts: omap5: Fix dual-role mode on Super-Speed port tools: PCI: Fix broken pcitest compilation powerpc/time: Fix clockevent_decrementer initalisation for PR KVM mmc: tmio: fix SCC error handling to avoid false positive CRC error Linux 4.14.156 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-11-25 10:05:57 +01:00
Chuck Lever	711b32942c	sunrpc: Fix connect metrics [ Upstream commit 3968a8a5310404c2f0b9e4d9f28cab13a12bc4fd ] For TCP, the logic in xprt_connect_status is currently never invoked to record a successful connection. Commit 2a4919919a97 ("SUNRPC: Return EAGAIN instead of ENOTCONN when waking up xprt->pending") changed the way TCP xprt's are awoken after a connect succeeds. Instead, change connection-oriented transports to bump connect_count and compute connect_time the moment that XPRT_CONNECTED is set. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2019-11-24 08:22:59 +01:00
Trond Myklebust	5320b434be	SUNRPC: Fix priority queue fairness [ Upstream commit f42f7c283078ce3c1e8368b140e270755b1ae313 ] Fix up the priority queue to not batch by owner, but by queue, so that we allow '1 << priority' elements to be dequeued before switching to the next priority queue. The owner field is still used to wake up requests in round robin order by owner to avoid single processes hogging the RPC layer by loading the queues. Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2019-11-24 08:22:52 +01:00
Greg Kroah-Hartman	fae940268d	This is the 4.14.134 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl00DosACgkQONu9yGCS aT6dZRAAlJ0/x51SAhGrhXsrj2wy6mritpb0bqJeGILrv9z3/37NyN6VfLBKaWV8 c7hBpVewEuzwgC4J++iB6Dk9CXWf7l6Z67EUHTlSLgOyhVAEz5Mn1JGmZckyGTRw 6Hb8fWCO83GdURv++FDgG81BDnhaDLH7cQA2AjvHXxIQtAOP9ya42shher8DKKK+ Zcwnr+nMquYrk8djlkHS/dMtcGvVyZTBebQmto8onjhSFMOOdvGvHJ+L0rb5IPBz Ii+q9b45a0zjfWEC55yNTay1pSLeMk2Mc1hglXJbUBq+loVKSrfcDh2+BUyL7kRD de6ItsDyx/I7F0QDxwJXvC3xmwbQxeaPPqPBK0yM5eFAnLv159ZSU8Wu0PDLRRRB ujHslUP9l5JTNKBeRCb0/zHkePI+sHztunR8PcQMDiYbKnzX7iX9hrQqO/EYAAy9 YLkXuP2/rOpwnFOvjuBTGaCgrSCxPA953utQ0mbnlb/Tk/IIgoA1Lmzm+Cx2Wubd HQS6lAQ4W+kr4DNKt2djW7QxqjFL7P2g1hzHFIWUe5O2M5g0Dntfc5Eg6cgJG2LL Frb+L3TYvZYoPNSuxwoHoK1FHDcaBm2sf+FW24XKfSmATeVGo7fekjTGqYAeSwLh 8Tn77FP8flKwVOAn6yTQLesCsUjCurZkOjhonYx0w7dO4uFxTUQ= =9Ebu -----END PGP SIGNATURE----- Merge 4.14.134 into android-4.14 Changes in 4.14.134 Revert "e1000e: fix cyclic resets at link up with active tx" e1000e: start network tx queue only when link is up Input: synaptics - enable SMBUS on T480 thinkpad trackpad nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT crypto: talitos - rename alternative AEAD algos. Input: elantech - enable middle button support on 2 ThinkPads samples, bpf: fix to change the buffer size for read() bpf: sockmap, fix use after free from sleep in psock backlog workqueue staging:iio:ad7150: fix threshold mode config bit mac80211: mesh: fix RCU warning mac80211: free peer keys before vif down in mesh mwifiex: Fix possible buffer overflows at parsing bss descriptor iwlwifi: Fix double-free problems in iwl_req_fw_callback() netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments netfilter: ipv6: nf_defrag: accept duplicate fragments again dt-bindings: can: mcp251x: add mcp25625 support can: mcp251x: add support for mcp25625 can: m_can: implement errata "Needless activation of MRAF irq" can: af_can: Fix error path of can_init() ibmvnic: Refresh device multicast list after reset ARM: dts: am335x phytec boards: Fix cd-gpios active level Input: imx_keypad - make sure keyboard can always wake up system KVM: arm/arm64: vgic: Fix kvm_device leak in vgic_its_destroy mlxsw: spectrum: Disallow prio-tagged packets when PVID is removed ARM: davinci: da850-evm: call regulator_has_full_constraints() ARM: davinci: da8xx: specify dma_coherent_mask for lcdc mac80211: only warn once on chanctx_conf being NULL qmi_wwan: add support for QMAP padding in the RX path qmi_wwan: avoid RCU stalls on device disconnect when in QMAP mode qmi_wwan: extend permitted QMAP mux_id value range md: fix for divide error in status_resync bnx2x: Check if transceiver implements DDM before access drm: return -EFAULT if copy_to_user() fails ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL net: lio_core: fix potential sign-extension overflow on large shift quota: fix a problem about transfer quota net: dsa: mv88e6xxx: fix shift of FID bits in mv88e6185_g1_vtu_loadpurge() net :sunrpc :clnt :Fix xps refcount imbalance on the error path fscrypt: don't set policy for a dead directory udf: Fix incorrect final NOT_ALLOCATED (hole) extent length ALSA: hda/realtek - Headphone Mic can't record after S3 block, bfq: NULL out the bic when it's no longer valid x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg() x86/tls: Fix possible spectre-v1 in do_get_thread_area() Documentation: Add section about CPU vulnerabilities for Spectre mwifiex: Abort at too short BSS descriptor element mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies() mwifiex: Don't abort on small, spec-compliant vendor IEs USB: serial: ftdi_sio: add ID for isodebug v1 USB: serial: option: add support for GosunCn ME3630 RNDIS mode Revert "serial: 8250: Don't service RX FIFO if interrupts are disabled" p54usb: Fix race between disconnect and firmware loading usb: gadget: ether: Fix race between gether_disconnect and rx_submit usb: renesas_usbhs: add a workaround for a race condition of workqueue staging: comedi: dt282x: fix a null pointer deref on interrupt staging: comedi: amplc_pci230: fix null pointer deref on interrupt binder: fix memory leak in error path carl9170: fix misuse of device driver API VMCI: Fix integer overflow in VMCI handle arrays MIPS: Remove superfluous check for __linux__ clk: ti: clkctrl: Fix returning uninitialized data efi/bgrt: Drop BGRT status field reserved bits check perf/core: Fix perf_sample_regs_user() mm check ARM: omap2: remove incorrect __init annotation be2net: fix link failure after ethtool offline test ppp: mppe: Add softdep to arc4 sis900: fix TX completion ARM: dts: imx6ul: fix PWM[1-4] interrupts dm verity: use message limit for data block corruption message x86/boot/64: Fix crash if kernel image crosses page table boundary cpu/hotplug: Fix out-of-bounds read when setting fail state linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL ARC: hide unused function unw_hdr_alloc s390: fix stfle zero padding s390/qdio: (re-)initialize tiqdio list entries s390/qdio: don't touch the dsci in tiqdio_add_input_queues() crypto/NX: Set receive window credits to max number of CRBs in RxFIFO drm/udl: introduce a macro to convert dev to udl. drm/udl: move to embedding drm device inside udl device. Linux 4.14.134 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-07-22 14:50:30 +02:00
Lin Yi	5636cbbe30	net :sunrpc :clnt :Fix xps refcount imbalance on the error path [ Upstream commit b96226148491505318228ac52624956bd98f9e0c ] rpc_clnt_add_xprt take a reference to struct rpc_xprt_switch, but forget to release it before return, may lead to a memory leak. Signed-off-by: Lin Yi <teroincn@163.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2019-07-21 09:04:29 +02:00
Greg Kroah-Hartman	86281ad1a4	This is the 4.14.133 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0lmcMACgkQONu9yGCS aT5mWw/8D+Dm4ZnoimKHY+I1lEMPrRrPIODEIAL8ttN7NoMccXgWNtNyS++uNaU1 Ht6TAIDQHWi1Q2ofDYnfhj6cOL3jSSL3I38gjwB/RUx9vbX+w0O12U0kRA8yTPcQ ZXJnMA1He8nX4d1ZY0R3deyB/FFn6AR1hIGE5slgi5dDW5yfgTWVeMkMOaGEk5h3 5+Qmj7duhBSaUZEjOykJaHGvLniLBSsxIIVvSbNNxOVQVEsGCRb7EBX9SL3mINXl U0WFux2+lGAhXoEPOlPC/lUkd+wud8PhriHOBgA1soqHpbgM6JNsdGwj+CHzlw+J lMKJoJObi7A2xMvADITv1Dy426ukNy2MDNq+DLkv37mssoltZ+SNk5kw0g+PB8pq xJs3hrkc9KAqIbYUUpTEwU1rMWmFkaT8APwSyEhPJtcbLG6gwrJLidE+QF8qJc1X ICDc8MiNqPGWCoIgTn++PteQN+FP5jBMTOItkNWYvm6zQdx8MRoyVK9g+9JvF9ga Px414So9pS1dszl7iz6eMYXLdFJ8VWYJOgjylausOT28ThZ5L2V6++NmTSgCUUwc IMVBnKJNlG7rSsmjiSwBvYflqiXRBc3k99xA2IgzyMuQGDnY4Esd59w6rI7I6C5Q l9ja1HDi+Uq4lE+dZp07gLs4QVwDuFSf1vQn+uDCjFObFf/uSL0= =hX0C -----END PGP SIGNATURE----- Merge 4.14.133 into android-4.14 Changes in 4.14.133 Bluetooth: Fix faulty expression for minimum encryption key size check ASoC : cs4265 : readable register too low ASoC: soc-pcm: BE dai needs prepare when pause release after resume spi: bitbang: Fix NULL pointer dereference in spi_unregister_master drm/mediatek: fix unbind functions drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable() ASoC: max98090: remove 24-bit format support if RJ is 0 ASoC: sun4i-i2s: Fix sun8i tx channel offset mask ASoC: sun4i-i2s: Add offset to RX channel select usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i] usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC SoC: rt274: Fix internal jack assignment in set_jack callback scsi: hpsa: correct ioaccel2 chaining platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration cpuset: restore sanity to cpuset_cpus_allowed_fallback() scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE mm/mlock.c: change count_mm_mlocked_page_nr return type module: Fix livepatch/ftrace module text permissions race ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper() MIPS: netlogic: xlr: Remove erroneous check in nlm_fmn_send() drm/i915/dmc: protect against reading random memory ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME crypto: user - prevent operating on larval algorithms crypto: cryptd - Fix skcipher instance memory leak ALSA: seq: fix incorrect order of dest_client/dest_ports arguments ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages ALSA: line6: Fix write on zero-sized buffer ALSA: usb-audio: fix sign unintended sign extension on left shifts ALSA: hda/realtek - Change front mic location for Lenovo M710q lib/mpi: Fix karactx leak in mpi_powm tracing/snapshot: Resize spare buffer if size changed arm64: kaslr: keep modules inside module region when KASAN is enabled drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE drm/imx: notify drm core before sending event during crtc disable drm/imx: only send event on crtc disable if kept disabled ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code() mm/vmscan.c: prevent useless kswapd loops btrfs: Ensure replaced device doesn't have pending chunk allocation vhost-net: set packet weight of tx polling to 2 * vq size vhost_net: use packet weight for rx handler, too vhost_net: introduce vhost_exceeds_weight() vhost: introduce vhost_exceeds_weight() vhost_net: fix possible infinite loop vhost: vsock: add weight support vhost: scsi: add weight support tty: rocket: fix incorrect forward declaration of 'rp_init()' ARC: handle gcc generated __builtin_trap for older compiler KVM: x86: degrade WARN to pr_warn_ratelimited KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC svcrdma: Ignore source port when computing DRC hash MIPS: Fix bounds check virt_addr_valid MIPS: Add missing EHB in mtc0 -> mfc0 sequence. dmaengine: imx-sdma: remove BD_INTR for channel0 stable/btrfs: fix backport bug in d819d97ea025 ("btrfs: honor path->skip_locking in backref code") Linux 4.14.133 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-07-10 11:41:35 +02:00
Chuck Lever	44b1404683	svcrdma: Ignore source port when computing DRC hash commit 1e091c3bbf51d34d5d96337a59ce5ab2ac3ba2cc upstream. The DRC appears to be effectively empty after an RPC/RDMA transport reconnect. The problem is that each connection uses a different source port, which defeats the DRC hash. Clients always have to disconnect before they send retransmissions to reset the connection's credit accounting, thus every retransmit on NFS/RDMA will miss the DRC. An NFS/RDMA client's IP source port is meaningless for RDMA transports. The transport layer typically sets the source port value on the connection to a random ephemeral port. The server already ignores it for the "secure port" check. See commit 16e4d93f6de7 ("NFSD: Ignore client's source port on RDMA transports"). The Linux NFS server's DRC resolves XID collisions from the same source IP address by using the checksum of the first 200 bytes of the RPC call header. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: stable@vger.kernel.org # v4.14+ Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-07-10 09:54:43 +02:00
Greg Kroah-Hartman	b5123fd473	This is the 4.14.115 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzKnvMACgkQONu9yGCS aT6vPRAAgy8sPwaOoETexGtsEaVVaZX2Yt20ekTuNbKHZKBJKXlq+pcfXawwotUE dr+/jRrpUrOD7Ta4y+qU+mKV3eS4FZ8bJaYvEOKkf/wSFG5sWF6pE7jmgnJ2lJVj SafR601YTCh2eZm+rLogqEF+lXZ9rNUCJlnO6q4APnpvuOGqX6kPaqTxDRK+Qfzz mkij3bnw43YAX5lkx9l2OzreNU5jlh2RSamrF0YrqoL01E/7IXYeAnxQl+Atmjmu pLWsWl/rdxVAnDPwpiZZZAEs3/DYpVtP1bcCH7tESLWICawajUsffn5/yVtwl1UW BKl0mFom7K9tZOhSxmf7kvK+Yq8p5AdyooIFVEfoObYMCZAyXarpnBiey4SeqqQU GRi6fLfMeXrk3ikkI3qGbClbjLhiGmUIyYWz0VI2mxf7+SRnOzHsxgILiaJHPQOn 4+6Y8n1XINMMOu6p0apVSZAAlKjnLsUX0gocTaRQsFTzY9Zqm+/hePe6x7Xm+h66 X4e9NAy/RxZog78aVxTihphAX6V5gbRgcYku+UvWTDoIB13XZ7qxcjyod3DiLvZT n3APkif2sC2ATFmJ3eRSLSitFQ2igIAfW3ob9GtdYb/13I7Zsh0K0FqH1icuKVVm VBsTtvNahCMMKXT/Z5hJOO2agXPprx0kGnn1J6vazh/Bs94QBLw= =tLin -----END PGP SIGNATURE----- Merge 4.14.115 into android-4.14 Changes in 4.14.115 kbuild: simplify ld-option implementation cifs: do not attempt cifs operation on smb2+ rename error tracing: Fix a memory leak by early error exit in trace_pid_write() tracing: Fix buffer_ref pipe ops zram: pass down the bvec we need to read into in the work struct lib/Kconfig.debug: fix build error without CONFIG_BLOCK MIPS: scall64-o32: Fix indirect syscall number load trace: Fix preempt_enable_no_resched() abuse IB/rdmavt: Fix frwr memory registration sched/numa: Fix a possible divide-by-zero ceph: only use d_name directly when parent is locked ceph: ensure d_name stability in ceph_dentry_hash() ceph: fix ci->i_head_snapc leak nfsd: Don't release the callback slot unless it was actually held sunrpc: don't mark uninitialised items as VALID. Input: synaptics-rmi4 - write config register values to the right offset vfio/type1: Limit DMA mappings per container dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache drm/vc4: Fix memory leak during gpu reset. Revert "drm/i915/fbdev: Actually configure untiled displays" drm/vc4: Fix compilation error reported by kbuild test bot USB: Add new USB LPM helpers USB: Consolidate LPM checks to avoid enabling LPM twice ext4: fix some error pointer dereferences vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock tipc: handle the err returned from cmd header function slip: make slhc_free() silently accept an error pointer intel_th: gth: Fix an off-by-one in output unassigning fs/proc/proc_sysctl.c: Fix a NULL pointer dereference ipvs: fix warning on unused variable binder: fix handling of misaligned binder object sched/deadline: Correctly handle active 0-lag timers NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family. netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON fm10k: Fix a potential NULL pointer dereference tipc: check bearer name with right length in tipc_nl_compat_bearer_enable tipc: check link name with right length in tipc_nl_compat_link_set dm integrity: change memcmp to strncmp in dm_integrity_ctr x86, retpolines: Raise limit for generating indirect calls from switch-case x86/retpolines: Disable switch jump tables when retpolines are enabled mm: Fix warning in insert_pfn() Revert "block/loop: Use global lock for ioctl() operation." ipv4: add sanity checks in ipv4_link_failure() mlxsw: spectrum: Fix autoneg status in ethtool net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query net: rds: exchange of 8K and 1M pool net: stmmac: move stmmac_check_ether_addr() to driver probe stmmac: pci: Adjust IOT2000 matching team: fix possible recursive locking when add slaves net/rose: Convert timers to use timer_setup() net/rose: fix unbound loop in rose_loopback_timer() ipv4: set the tcp_min_rtt_wlen range from 0 to one day powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg Documentation: Add nospectre_v1 parameter Linux 4.14.115 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-05-02 09:56:08 +02:00
NeilBrown	790899da35	sunrpc: don't mark uninitialised items as VALID. commit d58431eacb226222430940134d97bfd72f292fcd upstream. A recent commit added a call to cache_fresh_locked() when an expired item was found. The call sets the CACHE_VALID flag, so it is important that the item actually is valid. There are two ways it could be valid: 1/ If ->update has been called to fill in relevant content 2/ if CACHE_NEGATIVE is set, to say that content doesn't exist. An expired item that is waiting for an update will be neither. Setting CACHE_VALID will mean that a subsequent call to cache_put() will be likely to dereference uninitialised pointers. So we must make sure the item is valid, and we already have code to do that in try_to_negate_entry(). This takes the hash lock and so cannot be used directly, so take out the two lines that we need and use them. Now cache_fresh_locked() is certain to be called only on a valid item. Cc: stable@kernel.org # 2.6.35 Fixes: 4ecd55ea0742 ("sunrpc: fix cache_head leak due to queued request") Signed-off-by: NeilBrown <neilb@suse.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-05-02 09:40:29 +02:00
Greg Kroah-Hartman	6bdf39bb26	This is the 4.14.103 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxw/xQACgkQONu9yGCS aT58NQ/+KT0dnyHF01IeUOnzmeTemauEZoBnwmf+/lZw/aTwvbw6I/HlhFILmkNw Chxa1AGijvF93J71ABPZHU1IdpL8CUQNE0Q6ikcX89MZneIHycZTuZwYrH6ZVAkn mMfUVnipdJdX+Qaxz89vn09wKHf+Eo0iSBC9JVfiQO1ZVlizQxGoC6zo54wPVVjA CGB3d7cNubrh7P7PmXI2dnymRRw/zEJ9acsarIyxhlVhbtfo2Wx5xz3tnWMOnShM TG0gYl+d9kDytIOdtObSJ0f9z58r3kLh0EmSqtn6Mo7mXXcrrHQ23LGm2EoH8Ih6 mopwUXnPXDiXku2/3PVMun+fc6uOmAclrVJ50HYKhCixgCs1BeonQst/vMcwAxUW 5v286Ye5TbxKPp9EJw7FDO5HsAOoZNYcM+JyZ4NCQG0WDS6Qih4ChUbxMJGMMLux Qq89B+OKKnTJ55pW9RSkkA0OkHSIZYLF511+SrAb7jopQ4e4/4A3edEtV9Zaplah 3s6bygOS6GfxooIIw/n6Y5g1j7VqdGUdvhqTACBm9aDCdFqqDESMhBE3xhZUTmx2 ++1jQ2NmlVElOeMxPrGPyGoAbgl/b4WU7tRAxu0TAeNYopaDqzxG3ka6NVRs0Yn0 KEQYixvZ6DMPL8jniHCgSHh8BaVj3xgovhmGRlvBhp0STARtd/I= =uwm8 -----END PGP SIGNATURE----- Merge 4.14.103 into android-4.14 Changes in 4.14.103 dsa: mv88e6xxx: Ensure all pending interrupts are handled prior to exit net: fix IPv6 prefix route residue net: ipv4: use a dedicated counter for icmp_v4 redirect packets vsock: cope with memory allocation failure at socket creation time vxlan: test dev->flags & IFF_UP before calling netif_rx() hwmon: (lm80) Fix missing unlock on error in set_fan_div() mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable net: crypto set sk to NULL when af_alg_release. net: Fix for_each_netdev_feature on Big endian net: phy: xgmiitorgmii: Support generic PHY status read net: stmmac: Fix a race in EEE enable callback net: stmmac: handle endianness in dwmac4_get_timestamp sky2: Increase D3 delay again vhost: correctly check the return value of translate_desc() in log_used() net: Add header for usage of fls64() tcp: tcp_v4_err() should be more careful net: Do not allocate page fragments that are not skb aligned tcp: clear icsk_backoff in tcp_write_queue_purge() sunrpc: fix 4 more call sites that were using stack memory with a scatterlist net/x25: do not hold the cpu too long in x25_new_lci() mISDN: fix a race in dev_expire_timer() ax25: fix possible use-after-free Linux 4.14.103 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-02-23 10:05:08 +01:00
Scott Mayhew	aa1e52cbb1	sunrpc: fix 4 more call sites that were using stack memory with a scatterlist commit e7afe6c1d486b516ed586dcc10b3e7e3e85a9c2b upstream. While trying to reproduce a reported kernel panic on arm64, I discovered that AUTH_GSS basically doesn't work at all with older enctypes on arm64 systems with CONFIG_VMAP_STACK enabled. It turns out there still a few places using stack memory with scatterlists, causing krb5_encrypt() and krb5_decrypt() to produce incorrect results (or a BUG if CONFIG_DEBUG_SG is enabled). Tested with cthon on v4.0/v4.1/v4.2 with krb5/krb5i/krb5p using des3-cbc-sha1 and arcfour-hmac-md5. Signed-off-by: Scott Mayhew <smayhew@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-02-23 09:06:43 +01:00
Greg Kroah-Hartman	7af2b8dc5a	This is the 4.14.95 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxIE0EACgkQONu9yGCS aT61TA/8DW4kMdCfzRvMqCSdK5SZsdrpnCk0UlZ52rW7kR3DAEa3moLlrGJ/+vTe 7fTFB1kvFmhTot3+QApnr/X6tQUHOLP1rQR8jxI62717XZJcJQ8yrg1OVWJsDEYc 48j0/WFPY5bMpFb+Y/H3zwxSKLghxlQ5G+e87TTvZvaa2E7So6qSU6G38xUtyaZX RY+OKJoLr13RhNahcAEX25XTN/L1V2OlKPQyRSn4YByYaFDmVyMi5nr5RHSDIR6Y 9aQyiUsYnHJW55zc4G7h/6uMr3kggZJ2EDpIfNvMbm5GqoY2eUujLEj32sxjud7A GYiOm3avaZ+X8SoZ4l/2V8cAfutBcgMj0X0ctMwmGkg9anCDu9qOSmMxpd5wyArK A8S1M4M29JJ5/jX8guRMWk1drDnPbaZYc+qpPVWkCs3XU490edYKHXzKSYdU24q5 jygFjtyAqlLUFriXhjUQQ+/90W7UN+JZeQM9nyw/fc25o+xK5xKJDTwgkYNdIYPb xcIFLeyYKDs5Z580tA8m6aUvSGznLGIPQPElL8TnDh8CYjzItiqyqHmb78jlU+J1 VpHuSpEwKz8dJXjgPK+7jemxkxQo6DX1JSDse+4plyvU7H8D+KSozGBbJnVj3tT+ F6BypdY6dFe+MaFJaqumuxPDHgrp83GlQ2GCetHocai5DDq5kjY= =erwN -----END PGP SIGNATURE----- Merge 4.14.95 into android-4.14 Changes in 4.14.95 tty/ldsem: Wake up readers after timed out down_write() tty: Hold tty_ldisc_lock() during tty_reopen() tty: Simplify tty->count math in tty_reopen() tty: Don't hold ldisc lock in tty_reopen() if ldisc present can: gw: ensure DLC boundaries after CAN frame modification mmc: sdhci-msm: Disable CDR function on TX media: em28xx: Fix misplaced reset of dev->v4l::field_count sched/fair: Fix bandwidth timer clock drift condition Revert "scsi: target: iscsi: cxgbit: fix csk leak" scsi: target: iscsi: cxgbit: fix csk leak arm64/kvm: consistently handle host HCR_EL2 flags arm64: Don't trap host pointer auth use to EL2 ipv6: fix kernel-infoleak in ipv6_local_error() net: bridge: fix a bug on using a neighbour cache entry without checking its state packet: Do not leak dev refcounts on error exit bonding: update nest level on unlink ip: on queued skb use skb_header_pointer instead of pskb_may_pull crypto: caam - fix zero-length buffer DMA mapping crypto: authencesn - Avoid twice completion call in decrypt path crypto: bcm - convert to use crypto_authenc_extractkeys() crypto: authenc - fix parsing key with misaligned rta_len Revert "btrfs: balance dirty metadata pages in btrfs_finish_ordered_io" btrfs: wait on ordered extents on abort cleanup Yama: Check for pid death before checking ancestry scsi: core: Synchronize request queue PM status only on successful resume scsi: sd: Fix cache_type_store() crypto: talitos - reorder code in talitos_edesc_alloc() crypto: talitos - fix ablkcipher for CONFIG_VMAP_STACK mips: fix n32 compat_ipc_parse_version MIPS: lantiq: Fix IPI interrupt handling OF: properties: add missing of_node_put mfd: tps6586x: Handle interrupts on suspend media: v4l: ioctl: Validate num_planes for debug messages pstore/ram: Avoid allocation and leak of platform data arm64: kaslr: ensure randomized quantities are clean to the PoC Disable MSI also when pcie-octeon.pcie_disable on omap2fb: Fix stack memory disclosure media: vivid: fix error handling of kthread_run media: vivid: set min width/height to a value > 0 bpf: in __bpf_redirect_no_mac pull mac only if present LSM: Check for NULL cred-security on free media: vb2: vb2_mmap: move lock up sunrpc: handle ENOMEM in rpcb_getport_async netfilter: ebtables: account ebt_table_info to kmemcg selinux: fix GPF on invalid policy blockdev: Fix livelocks on loop device sctp: allocate sctp_sockaddr_entry with kzalloc tipc: fix uninit-value in tipc_nl_compat_link_reset_stats tipc: fix uninit-value in tipc_nl_compat_bearer_enable tipc: fix uninit-value in tipc_nl_compat_link_set tipc: fix uninit-value in tipc_nl_compat_name_table_dump tipc: fix uninit-value in tipc_nl_compat_doit block/loop: Don't grab "struct file" for vfs_getattr() operation. block/loop: Use global lock for ioctl() operation. loop: Fold __loop_release into loop_release loop: Get rid of loop_index_mutex loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() loop: drop caches if offset or block_size are changed drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock media: vb2: be sure to unlock mutex on errors nbd: Use set_blocksize() to set device blocksize Linux 4.14.95 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-01-23 08:49:47 +01:00
J. Bruce Fields	f85592f4c0	sunrpc: handle ENOMEM in rpcb_getport_async commit 81c88b18de1f11f70c97f28ced8d642c00bb3955 upstream. If we ignore the error we'll hit a null dereference a little later. Reported-by: syzbot+4b98281f2401ab849f4b@syzkaller.appspotmail.com Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-01-23 08:09:50 +01:00
Greg Kroah-Hartman	42506d99b8	This is the 4.14.94 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw/nQEACgkQONu9yGCS aT4sIA/8Dge/h49F/J/4e1znGFtfuiZs59FPFC/zvWNZlJIByHJ2Yb4Q6GqqYgWD +i/HI1SDbS5CzMZxxDhWZNtJJ3mVctCbZkHsNuuEepqFkCLGwkFWH2rVFrzX+zrU HbRXQzIvFo20lfPyAtB/oEVRFdUkMG9evaSYxgsRkNrpxzDsbfnEdbsHJGjZna8e E45rpIDe10vcl/hu6M9zOgef6m6a0fb2dVimJ75/AAFgIezf1fAP/o8ZcOXWAv36 c3tPCeQA4Ifkqs819EAiLblZ5m/jY9s/AoPa1J3tOgsSrRi5l++qemQTGvd//7b1 aD8y1qbOaTk+9FeKL3qcyUCl4qVoX/Zk6hT8myt+iynvgX7mDgc6iCAOcLFJviVI DmBfkmn+8try168f9d+Hb2ocns2bpYND1sBS6R7qOeuxJfDIw+KsDnkjGkPiW97+ h6S4lN08v252Kg+bgr7vUasiJSZ+FtAHATC3lYntdxsuB2Lklng79xohxEIkJpy/ DmV+gV7orQLitfOYoID+hnZ6Q+xIsdyiadjamp/o9JiwURL6vvNY/yG254rwgvEL XnVXzb8ARfSLIt+xd3IoDuxbMlgEPUVQWnEftjSGJccpN54qqDMfuwRXzF1TZ+08 +s52EQVQTKQS9xTvdqzgzlCTyQPUOBYfzsM/EdA73WUNlKuB58w= =SOvg -----END PGP SIGNATURE----- Merge 4.14.94 into android-4.14 Changes in 4.14.94 x86,kvm: move qemu/guest FPU switching out to vcpu_run x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE ALSA: hda/realtek - Support Dell headset mode for New AIO platform ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 CIFS: Fix adjustment of credits for MTU requests CIFS: Do not hide EINTR after sending network packets cifs: Fix potential OOB access of lock element array usb: cdc-acm: send ZLP for Telit 3G Intel based modems USB: storage: don't insert sane sense for SPC3+ when bad sense specified USB: storage: add quirk for SMI SM3350 USB: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB slab: alien caches must not be initialized if the allocation of the alien cache failed mm: page_mapped: don't assume compound page is huge or THP mm, memcg: fix reclaim deadlock with writeback ACPI: power: Skip duplicate power resource references in _PRx ACPI / PMIC: xpower: Fix TS-pin current-source handling i2c: dev: prevent adapter retries and timeout being set as minus value drm/fb-helper: Partially bring back workaround for bugs of SDL 1.2 rbd: don't return 0 on unmap if RBD_DEV_FLAG_REMOVING is set ext4: make sure enough credits are reserved for dioread_nolock writes ext4: fix a potential fiemap/page fault deadlock w/ inline_data ext4: avoid kernel warning when writing the superblock to a dead device ext4: use ext4_write_inode() when fsyncing w/o a journal ext4: track writeback errors using the generic tracking infrastructure sunrpc: use-after-free in svc_process_common() KVM: arm/arm64: Fix VMID alloc race by reverting to lock-less Linux 4.14.94 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-01-16 22:18:11 +01:00
Vasily Averin	65dba32522	sunrpc: use-after-free in svc_process_common() commit d4b09acf924b84bae77cad090a9d108e70b43643 upstream. if node have NFSv41+ mounts inside several net namespaces it can lead to use-after-free in svc_process_common() svc_process_common() /* Setup reply header */ rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr(rqstp); <<< HERE svc_process_common() can use incorrect rqstp->rq_xprt, its caller function bc_svc_process() takes it from serv->sv_bc_xprt. The problem is that serv is global structure but sv_bc_xprt is assigned per-netnamespace. According to Trond, the whole "let's set up rqstp->rq_xprt for the back channel" is nothing but a giant hack in order to work around the fact that svc_process_common() uses it to find the xpt_ops, and perform a couple of (meaningless for the back channel) tests of xpt_flags. All we really need in svc_process_common() is to be able to run rqstp->rq_xprt->xpt_ops->xpo_prep_reply_hdr() Bruce J Fields points that this xpo_prep_reply_hdr() call is an awfully roundabout way just to do "svc_putnl(resv, 0);" in the tcp case. This patch does not initialiuze rqstp->rq_xprt in bc_svc_process(), now it calls svc_process_common() with rqstp->rq_xprt = NULL. To adjust reply header svc_process_common() just check rqstp->rq_prot and calls svc_tcp_prep_reply_hdr() for tcp case. To handle rqstp->rq_xprt = NULL case in functions called from svc_process_common() patch intruduces net namespace pointer svc_rqst->rq_bc_net and adjust SVC_NET() definition. Some other function was also adopted to properly handle described case. Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Cc: stable@vger.kernel.org Fixes: 23c20ecd4475 ("NFS: callback up - users counting cleanup") Signed-off-by: J. Bruce Fields <bfields@redhat.com> v2: - added lost extern svc_tcp_prep_reply_hdr() - dropped trace_svc_process() changes Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-01-16 22:07:13 +01:00
Greg Kroah-Hartman	da2880fa47	This is the 4.14.93 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw6/lMACgkQONu9yGCS aT7sQBAA1xkdFxT4QkGCz+pwU/tz9gj7BrCnKfhI4kAcgHsI+qRGZkMn3QDA0GY2 rUHx5Hfd7GgpqAl440OtWMwgy5KnEGFV8d0m98qagLGrhMfnZAidjatR77Xcr52r 3bW2xGebFHF8ndqjg6AhfWn2TxOjS/o4af99NWOhQcUU5OYeoPqDpk4t/jxJ4kck D0t+PubXuHHwItFd1iK4BEFJo8vwpLnfP/sRJaCEE39wP8m3EghkhhPoAQkdB+OZ wa8dvfU3Adc3YyDb8XY53DqkhS9EM10TZNnPmLQ5vJO6t8UIUJdaHmXiMnmqZ3Ww 4shwDdwheLqrp9EJl81ZqQOc8BIE6gkHksI3vIh6nuPUDR9WG1WHdQnbmCOOJeMO I16hh3PBYlN+7Ipo4E2Q4Rr6iYOawvKEU47m0EZtcJUIWMxN8WkcMgZgjT0pxRuN IhhL2FWSHBp0JUHTSGNs+j8jl5px8Rvyt8PlB3IVhX6pYy7WeakZtF1jvpW6EzVB cR7BTq0X+VykP0agHX4I+ZzXVK45cKZCdUCnfgy38kJItAt1Y9Ov6ekAk8KjGkSP CoStFeP8LpSXjBxH7lG42boKQnLIzd8Jg8t2E+hkGh362y4q4OWdyMC1/MuTKsOW wHyRQLzNfVEXCf7PCp5ZkAlaIZtsJQNIhqSoa8OGkCDT+P9C+cY= =BQgO -----END PGP SIGNATURE----- Merge 4.14.93 into android-4.14 Changes in 4.14.93 pinctrl: meson: fix pull enable register calculation powerpc: Fix COFF zImage booting on old powermacs powerpc/mm: Fix linux page tables build with some configs HID: ite: Add USB id match for another ITE based keyboard rfkill key quirk ARM: imx: update the cpu power up timing setting on i.mx6sx ARM: dts: imx7d-nitrogen7: Fix the description of the Wifi clock Input: restore EV_ABS ABS_RESERVED checkstack.pl: fix for aarch64 xfrm: Fix error return code in xfrm_output_one() xfrm: Fix bucket count reported to userspace xfrm: Fix NULL pointer dereference in xfrm_input when skb_dst_force clears the dst_entry. netfilter: seqadj: re-load tcp header pointer after possible head reallocation scsi: bnx2fc: Fix NULL dereference in error handling Input: omap-keypad - fix idle configuration to not block SoC idle states Input: synaptics - enable RMI on ThinkPad T560 ibmvnic: Fix non-atomic memory allocation in IRQ context ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done x86/mm: Fix guard hole handling x86/dump_pagetables: Fix LDT remap address marker i40e: fix mac filter delete when setting mac address netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel netfilter: nat: can't use dst_hold on noref dst bnx2x: Clear fip MAC when fcoe offload support is disabled bnx2x: Remove configured vlans as part of unload sequence. bnx2x: Send update-svid ramrod with retry/poll flags enabled scsi: target: iscsi: cxgbit: fix csk leak scsi: target: iscsi: cxgbit: add missing spin_lock_init() x86, hyperv: remove PCI dependency drivers: net: xgene: Remove unnecessary forward declarations w90p910_ether: remove incorrect __init annotation net: hns: Incorrect offset address used for some registers. net: hns: All ports can not work when insmod hns ko after rmmod. net: hns: Some registers use wrong address according to the datasheet. net: hns: Fixed bug that netdev was opened twice net: hns: Clean rx fbd when ae stopped. net: hns: Free irq when exit from abnormal branch net: hns: Avoid net reset caused by pause frames storm net: hns: Fix ntuple-filters status error. net: hns: Add mac pcs config when enable\|disable mac net: hns: Fix ping failed when use net bridge and send multicast SUNRPC: Fix a race with XPRT_CONNECTING qed: Fix an error code qed_ll2_start_xmit() net: macb: fix random memory corruption on RX with 64-bit DMA net: macb: fix dropped RX frames due to a race lan78xx: Resolve issue with changing MAC address vxge: ensure data0 is initialized in when fetching firmware version information mac80211: free skb fraglist before freeing the skb kbuild: fix false positive warning/error about missing libelf virtio: fix test build after uio.h change gpio: mvebu: only fail on missing clk if pwm is actually to be used Input: synaptics - enable SMBus for HP EliteBook 840 G4 net: netxen: fix a missing check and an uninitialized use qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup serial/sunsu: fix refcount leak scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid genirq/affinity: Don't return with empty affinity masks on error tools: fix cross-compile var clobbering fork: record start_time late zram: fix double free backing device hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined mm, devm_memremap_pages: mark devm_memremap_pages() EXPORT_SYMBOL_GPL mm, devm_memremap_pages: kill mapping "System RAM" support mm, hmm: use devm semantics for hmm_devmem_{add, remove} mm, hmm: mark hmm_devmem_{add, add_resource} EXPORT_SYMBOL_GPL mm, swap: fix swapoff with KSM pages sunrpc: fix cache_head leak due to queued request sunrpc: use SVC_NET() in svcauth_gss_* functions powerpc: avoid -mno-sched-epilog on GCC 4.9 and newer powerpc: Disable -Wbuiltin-requires-header when setjmp is used ftrace: Build with CPPFLAGS to get -Qunused-arguments md: raid10: remove VLAIS kbuild: add -no-integrated-as Clang option unconditionally kbuild: consolidate Clang compiler flags Makefile: Export clang toolchain variables powerpc/boot: Set target when cross-compiling for clang raid6/ppc: Fix build for clang vhost/vsock: fix uninitialized vhost_vsock->guest_cid dm verity: fix crash on bufio buffer that was allocated with vmalloc dm zoned: Fix target BIO completion handling ALSA: cs46xx: Potential NULL dereference in probe ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks dlm: fixed memory leaks after failed ls_remove_names allocation dlm: possible memory leak on error path in create_lkb() dlm: lost put_lkb on error path in receive_convert() and receive_unlock() dlm: memory leaks on error path in dlm_user_request() gfs2: Get rid of potential double-freeing in gfs2_create_inode gfs2: Fix loop in gfs2_rbm_find b43: Fix error in cordic routine selinux: policydb - fix byte order and alignment issues lockd: Show pid of lockd for remote locks scripts/kallsyms: filter arm64's __efistub_ symbols arm64: drop linker script hack to hide __efistub_ symbols arm64: relocatable: fix inconsistencies in linker script and options powerpc/tm: Set MSR[TS] just prior to recheckpoint 9p/net: put a lower bound on msize rxe: fix error completion wr_id and qp_num iommu/vt-d: Handle domain agaw being less than iommu agaw sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c ceph: don't update importing cap's mseq when handing cap export genwqe: Fix size check intel_th: msu: Fix an off-by-one in attribute store power: supply: olpc_battery: correct the temperature units lib: fix build failure in CONFIG_DEBUG_VIRTUAL test drm/vc4: Set ->is_yuv to false when num_planes == 1 bnx2x: Fix NULL pointer dereference in bnx2x_del_all_vlans() on some hw tools: power/acpi, revert to LD = gcc Linux 4.14.93 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-01-13 10:30:02 +01:00
Vasily Averin	aa71dcfe9c	sunrpc: use SVC_NET() in svcauth_gss_* functions commit b8be5674fa9a6f3677865ea93f7803c4212f3e10 upstream. Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-01-13 10:01:03 +01:00
Vasily Averin	76da01793f	sunrpc: fix cache_head leak due to queued request commit 4ecd55ea074217473f94cfee21bb72864d39f8d7 upstream. After commit d202cce8963d, an expired cache_head can be removed from the cache_detail's hash. However, the expired cache_head may be waiting for a reply from a previously submitted request. Such a cache_head has an increased refcounter and therefore it won't be freed after cache_put(freeme). Because the cache_head was removed from the hash it cannot be found during cache_clean() and can be leaked forever, together with stalled cache_request and other taken resources. In our case we noticed it because an entry in the export cache was holding a reference on a filesystem. Fixes d202cce8963d ("sunrpc: never return expired entries in sunrpc_cache_lookup") Cc: Pavel Tikhomirov <ptikhomirov@virtuozzo.com> Cc: stable@kernel.org # 2.6.35 Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Reviewed-by: NeilBrown <neilb@suse.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-01-13 10:01:02 +01:00
Trond Myklebust	8265e34e57	SUNRPC: Fix a race with XPRT_CONNECTING [ Upstream commit cf76785d30712d90185455e752337acdb53d2a5d ] Ensure that we clear XPRT_CONNECTING before releasing the XPRT_LOCK so that we don't have races between the (asynchronous) socket setup code and tasks in xprt_connect(). Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Tested-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2019-01-13 10:01:00 +01:00
Greg Kroah-Hartman	2aee898fff	This is the 4.14.92 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw2Hf0ACgkQONu9yGCS aT7E2RAAvilPz1lQ1U1WUIlzlX47IyIo3X1qO9v7aGaevCMJi2u/RY97BmNI6Z0O S1kLC7U10JtENC6bV4tRPv0QV0KhUfbJKu14tr8H0p5oqDCizJ5acjU0rxTtjfYg TUdBdt3fozNYj/D3rFYitGyUkp+XtKsXazhzmXU3iK0/SKqLZRv+d8z7/N72TVYL cVRY1v35qK47N7bcMtH2ysKc8jEFrHZZfdEBU5xerMNvad5Ven5QVzMYz5fs9t1s uU2NxFGmlEezTpf8HvqQFWzmTUT/CQlWWpIrW1J0wbx6/NSOv+DOyI0ThgauT2zQ +iMOunL3XcbAVBRZsh10UpuEXkuRc0uHVElGlFjHGbYcxASQ0UmFkUuxXQ6kEX28 YAf/WPws62Pl0K4Kdc3BOM60Z8JNlgaGuwacoerLRNXfC0hE9jkl9DeenMb2Glui yCYU0IA8pOp5Kjj9m1fchisrpDj3+ubd+uojHwZPBMek2yVHsMcp0432Ag4XwI4C D+m4UEjKDy2xcczze0HtO96koC10NqJOuOK7QY7ayOTGNQB5gokToTyAwExcFohh 2zOChVbFPUD/4lNo2cuiICZY5OAwihkxYUTRO9fXDEdjbLfi9D3swmBEauCJ27JS nl5/dEc1x3/vgfcWUzXoA4ZTne7zgc3IZ2bK4i/JD8wC0KHCPBs= =5xTr -----END PGP SIGNATURE----- Merge 4.14.92 into android-4.14 Changes in 4.14.92 ipv4: Fix potential Spectre v1 vulnerability ip6mr: Fix potential Spectre v1 vulnerability ax25: fix a use-after-free in ax25_fillin_cb() gro_cell: add napi_disable in gro_cells_destroy ibmveth: fix DMA unmap error in ibmveth_xmit_start error path ieee802154: lowpan_header_create check must check daddr ipv6: explicitly initialize udp6_addr in udp_sock_create6() ipv6: tunnels: fix two use-after-free isdn: fix kernel-infoleak in capi_unlocked_ioctl net: ipv4: do not handle duplicate fragments as overlapping net: macb: restart tx after tx used bit read net: phy: Fix the issue that netif always links up after resuming netrom: fix locking in nr_find_socket() net/wan: fix a double free in x25_asy_open_tty() packet: validate address length packet: validate address length if non-zero ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() qmi_wwan: Added support for Telit LN940 series sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event tcp: fix a race in inet_diag_dump_icsk() tipc: fix a double kfree_skb() vhost: make sure used idx is seen before log in vhost_add_used_n() VSOCK: Send reset control packet when socket is partially bound xen/netfront: tolerate frags with no data net/mlx5: Typo fix in del_sw_hw_rule net/mlx5e: RX, Fix wrong early return in receive queue poll mlxsw: core: Increase timeout during firmware flash process net/mlx5e: Remove the false indication of software timestamping support tipc: use lock_sock() in tipc_sk_reinit() tipc: compare remote and local protocols in tipc_udp_enable() qmi_wwan: Added support for Fibocom NL668 series qmi_wwan: Add support for Fibocom NL678 series net/smc: fix TCP fallback socket release sock: Make sock->sk_stamp thread-safe IB/hfi1: Incorrect sizing of sge for PIO will OOPs ALSA: rme9652: Fix potential Spectre v1 vulnerability ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities ALSA: pcm: Fix potential Spectre v1 vulnerability ALSA: emux: Fix potential Spectre v1 vulnerabilities mtd: atmel-quadspi: disallow building on ebsa110 ALSA: hda: add mute LED support for HP EliteBook 840 G4 ALSA: fireface: fix for state to fetch PCM frames ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint ALSA: firewire-lib: use the same print format for 'without_header' tracepoints ALSA: hda/tegra: clear pending irq handlers USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays USB: serial: option: add Fibocom NL678 series usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() staging: wilc1000: fix missing read_write setting when reading data qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID s390/pci: fix sleeping in atomic during hotplug Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails platform-msi: Free descriptors in platform_msi_domain_free() perf pmu: Suppress potential format-truncation warning ext4: add ext4_sb_bread() to disambiguate ENOMEM cases ext4: fix possible use after free in ext4_quota_enable ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() ext4: fix EXT4_IOC_GROUP_ADD ioctl ext4: include terminating u32 in size of xattr entries when expanding inodes ext4: force inode writes when nfsd calls commit_metadata() ext4: check for shutdown and r/o file system in ext4_write_inode() spi: bcm2835: Fix race on DMA termination spi: bcm2835: Fix book-keeping of DMA termination spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode clk: rockchip: fix typo in rk3188 spdif_frac parent crypto: cavium/nitrox - fix a DMA pool free failure cgroup: fix CSS_TASK_ITER_PROCS cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. Btrfs: fix fsync of files with multiple hard links in new directories netfilter: xt_connlimit: don't store address in the conn nodes netfilter: nf_conncount: expose connection list interface netfilter: nf_conncount: Fix garbage collection with zones netfilter: nf_conncount: fix garbage collection confirm race netfilter: nf_conncount: don't skip eviction when age is negative f2fs: fix validation of the block count in sanity_check_raw_super serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly media: vivid: free bitmap_cap when updating std/timings/etc. media: v4l2-tpg: array index could become negative MIPS: math-emu: Write-protect delay slot emulation pages MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3 MIPS: Ensure pmd_present() returns false after pmd_mknotpresent() MIPS: Align kernel load address to 64KB MIPS: Expand MIPS32 ASIDs to 64 bits MIPS: OCTEON: mark RGMII interface disabled on OCTEON III CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs rtc: m41t80: Correct alarm month range with RTC reads tpm: tpm_try_transmit() refactor error flow. tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x spi: bcm2835: Unbreak the build of esoteric configs MIPS: Only include mmzone.h when CONFIG_NEED_MULTIPLE_NODES=y Linux 4.14.92 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2019-01-09 17:41:58 +01:00
Deepa Dinamani	e5af70e98a	sock: Make sock->sk_stamp thread-safe [ Upstream commit 3a0ed3e9619738067214871e9cb826fa23b2ddb9 ] Al Viro mentioned (Message-ID <20170626041334.GZ10672@ZenIV.linux.org.uk>) that there is probably a race condition lurking in accesses of sk_stamp on 32-bit machines. sock->sk_stamp is of type ktime_t which is always an s64. On a 32 bit architecture, we might run into situations of unsafe access as the access to the field becomes non atomic. Use seqlocks for synchronization. This allows us to avoid using spinlocks for readers as readers do not need mutual exclusion. Another approach to solve this is to require sk_lock for all modifications of the timestamps. The current approach allows for timestamps to have their own lock: sk_stamp_lock. This allows for the patch to not compete with already existing critical sections, and side effects are limited to the paths in the patch. The addition of the new field maintains the data locality optimizations from commit 9115e8cd2a0c ("net: reorganize struct sock for better data locality") Note that all the instances of the sk_stamp accesses are either through the ioctl or the syscall recvmsg. Signed-off-by: Deepa Dinamani <deepa.kernel@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-01-09 17:14:46 +01:00
Greg Kroah-Hartman	815e34f802	This is the 4.14.90 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlwc5u8ACgkQONu9yGCS aT4eWRAAviU9U5QrTiAy6vfDtaZ+HGAJqYb82pCaRKLsWMi2dVnYFFt3KzuUxZY+ k1v4G6TuYRr9JnlyAGV3HYZwEaqsIp5zUHfRKijuaowJzi1v5eiZpxTLjjkqYFev gkhoKzcqJUcaRpJwhOWbMLNnPmDoCC8M1yEDPI68ucAYGZPquvxfy6sIktfgbNTP 2U2dCbP5ezOSAnkByFAG+B4sL2PjWQPx3Hx/5TM9hgFV2Y/MK2P9Y/SLGXAzp2Lg frlNtWsfZs2g3zMSDeMQGtYu1e1gsa/vVmJXztbtRfkygpF/Bkj6pVaxGUQtmYeU B+SnA5QdT+F43A1Ud01gYdvwRgFnh0VUH7sJbXSXSgQ55sAOIgPm1W3m9DjqGW1N fEK0QULmvEDbgMnTQpY1BO4muithsCi1eDoOssKbOxc0kZHaGLU/sGbYXEscj6Ir 8R0ErCMrmrw5B9o6d5TtyevzwQQHbUkHwjijWUU3CosLe8ls7derbmUGXG9tck+m gdOE80aaba0SaZJvh0bQZwTQupE/nw2EyV838PtVw8kCW0fo0PmGQFRuVz83cVVG /Nt23dZ3sE+XSSsRHjEDI51hqek+U0W/WAugMcJTzHGYDBG5DefCiS6bDH06bAlc NahP/5OvAL3PzMYNHQ9PxNtWwfVzJcGLetP1g31m4xsbKtGBxS8= =3yjc -----END PGP SIGNATURE----- Merge 4.14.90 into android-4.14 Changes in 4.14.90 timer/debug: Change /proc/timer_list from 0444 to 0400 pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 aio: fix spectre gadget in lookup_ioctx userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 mmc: sdhci: fix the timeout check window for clock and reset fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS ARM: mmp/mmp2: fix cpu_is_mmp2() on mmp2-dt dm thin: send event about thin-pool state change _after_ making it dm cache metadata: verify cache has blocks in blocks_are_clean_separate_dirty() tracing: Fix memory leak in set_trigger_filter() tracing: Fix memory leak of instance function hash filters powerpc/msi: Fix NULL pointer access in teardown code drm/nouveau/kms: Fix memory leak in nv50_mstm_del() Revert "drm/rockchip: Allow driver to be shutdown on reboot/kexec" drm/i915/execlists: Apply a full mb before execution for Braswell drm/amdgpu: update SMC firmware image for polaris10 variants x86/build: Fix compiler support check for CONFIG_RETPOLINE locking: Remove smp_read_barrier_depends() from queued_spin_lock_slowpath() locking/qspinlock: Ensure node is initialised before updating prev->next locking/qspinlock: Bound spinning on pending->locked transition in slowpath locking/qspinlock: Merge 'struct __qspinlock' into 'struct qspinlock' locking/qspinlock: Remove unbounded cmpxchg() loop from locking slowpath locking/qspinlock: Remove duplicate clear_pending() function from PV code locking/qspinlock: Kill cmpxchg() loop when claiming lock from head of queue locking/qspinlock: Re-order code locking/qspinlock/x86: Increase _Q_PENDING_LOOPS upper bound locking/qspinlock, x86: Provide liveness guarantee elevator: lookup mq vs non-mq elevators netfilter: ipset: Fix wraparound in hash:net types mac80211: don't WARN on bad WMM parameters from buggy APs mac80211: Fix condition validating WMM IE IB/hfi1: Remove race conditions in user_sdma send path locking/qspinlock: Fix build for anonymous union in older GCC compilers mac80211_hwsim: fix module init error paths for netlink Input: hyper-v - fix wakeup from suspend-to-idle scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload x86/earlyprintk/efi: Fix infinite loop on some screen widths drm/msm: Grab a vblank reference when waiting for commit_done ARC: io.h: Implement reads{x}()/writes{x}() bonding: fix 802.3ad state sent to partner when unbinding slave bpf: Fix verifier log string check for bad alignment. nfs: don't dirty kernel pages read by direct-io SUNRPC: Fix a potential race in xprt_connect() sbus: char: add of_node_put() drivers/sbus/char: add of_node_put() drivers/tty: add missing of_node_put() ide: pmac: add of_node_put() drm/msm: Fix error return checking clk: mvebu: Off by one bugs in cp110_of_clk_get() clk: mmp: Off by one in mmp_clk_add() Input: synaptics - enable SMBus for HP 15-ay000 Input: omap-keypad - fix keyboard debounce configuration libata: whitelist all SAMSUNG MZ7KM* solid-state disks mv88e6060: disable hardware level MAC learning net/mlx4_en: Fix build break when CONFIG_INET is off ARM: 8814/1: mm: improve/fix ARM v7_dma_inv_range() unaligned address handling ARM: 8815/1: V7M: align v7m_dma_inv_range() with v7 counterpart ethernet: fman: fix wrong of_node_put() in probe function drm/ast: Fix connector leak during driver unload cifs: In Kconfig CONFIG_CIFS_POSIX needs depends on legacy (insecure cifs) vhost/vsock: fix reset orphans race with close timeout mlxsw: spectrum_switchdev: Fix VLAN device deletion via ioctl i2c: axxia: properly handle master timeout i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node i2c: uniphier: fix violation of tLOW requirement for Fast-mode i2c: uniphier-f: fix violation of tLOW requirement for Fast-mode nvmet-rdma: fix response use after free rtc: snvs: Add timeouts to avoid kernel lockups bpf, arm: fix emit_ldx_r and emit_mov_i using TMP_REG_1 Linux 4.14.90 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2018-12-21 14:31:44 +01:00
Trond Myklebust	c3f68415c9	SUNRPC: Fix a potential race in xprt_connect() [ Upstream commit 0a9a4304f3614e25d9de9b63502ca633c01c0d70 ] If an asynchronous connection attempt completes while another task is in xprt_connect(), then the call to rpc_sleep_on() could end up racing with the call to xprt_wake_pending_tasks(). So add a second test of the connection state after we've put the task to sleep and set the XPRT_CONNECTING flag, when we know that there can be no asynchronous connection attempts still in progress. Fixes: 0b9e79431377d ("SUNRPC: Move the test for XPRT_CONNECTING into...") Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2018-12-21 14:13:13 +01:00
Greg Kroah-Hartman	4ee7197c44	This is the 4.14.88 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlwSFfAACgkQONu9yGCS aT7npg//Uf+HPgCMpzq4GSP7wO0D8x8WYuOtKzRQG0rijP54RyHpTTkXtqKtz2b6 G+fIB4RmK9QvEaueJu1FGty8H0yXjQvU1LjmuyhpmtyKWIlUxo32/KTgk4I+sWp/ xJpOLZBSc9n2lgASqqzRqTiVGNHvt8QAVpQ7oi1fFmJ2aYoxVN+hRj7ZtEkkfc4o t1/SUZ47a0eOs0EjyQu94U01oeeMGqxXWHSJCZmAC2IQBwapmPVDPaH3n0dZhovK 8iHVR0i2Bj3ckNYxf6aLA8XVVGzIcgiVwW1B6suiOkjkz6CB44Zg7p5s+DGksB36 6/y01vw+IgJzCh08He8ChkPLEudXQt1GPum+0Cx0tgk/qm1OZPz+yHkAuL1fJEyK Z3UEjAWw22DGUHaXKPkhJiFaIWseoKtYAHMhTcc+6VYTJ6bOOcIEEpYRSebpy5H2 I7eJGOS9qS5ANUz7Xu3FS4NvOqHknYH3DfaJ2lnJynhl7VPnNRwXael0mNeqd5M+ AVw8brmea62Kur6ie3Jl4HBbtkBoguY6SdaLyz9pyycoxXb+5X6aM03X4ZlFjeMC bcF0/pBENPyUZbM5zpT73Zlt1u8a3qbdSg9Aa8RvYvnrHSBgF1Sr/vZvOe2aRGpd vI5e67Ta5ypcEz3VCXFrWBYT3FrkfGxqzwAOb1HqoLLFvet7ZeU= =gPGx -----END PGP SIGNATURE----- Merge 4.14.88 into android-4.14 Changes in 4.14.88 media: omap3isp: Unregister media device as first iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() brcmutil: really fix decoding channel info for 160 MHz bandwidth iommu/ipmmu-vmsa: Fix crash on early domain free can: rcar_can: Fix erroneous registration test_firmware: fix error return getting clobbered HID: input: Ignore battery reported by Symbol DS4308 batman-adv: Use explicit tvlv padding for ELP packets batman-adv: Expand merged fragment buffer for full packet amd/iommu: Fix Guest Virtual APIC Log Tail Address Register bnx2x: Assign unique DMAE channel number for FW DMAE transactions. qed: Fix PTT leak in qed_drain() qed: Fix reading wrong value in loop condition Revert "usb: gadget: ffs: Fix BUG when userland exits with submitted AIO transfers" net/mlx4_core: Zero out lkey field in SW2HW_MPT fw command net/mlx4_core: Fix uninitialized variable compilation warning net/mlx4: Fix UBSAN warning of signed integer overflow gpio: mockup: fix indicated direction mtd: rawnand: qcom: Namespace prefix some commands HID: multitouch: Add pointstick support for Cirque Touchpad mtd: spi-nor: Fix Cadence QSPI page fault kernel panic qed: Fix bitmap_weight() check qed: Fix QM getters to always return a valid pq net: faraday: ftmac100: remove netif_running(netdev) check before disabling interrupts iommu/vt-d: Use memunmap to free memremap flexfiles: use per-mirror specified stateid for IO ibmvnic: Fix RX queue buffer cleanup team: no need to do team_notify_peers or team_mcast_rejoin when disabling port net: amd: add missing of_node_put() mm: don't warn about allocations which stall for too long usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device usb: appledisplay: Add 27" Apple Cinema Display USB: check usb_get_extra_descriptor for proper size ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c ALSA: hda: Add support for AMD Stoney Ridge ALSA: pcm: Fix starvation on down_write_nonblock() ALSA: pcm: Call snd_pcm_unlink() conditionally at closing ALSA: pcm: Fix interval evaluation with openmin/max ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 virtio/s390: avoid race on vcdev->config virtio/s390: fix race in ccw_io_helper() vhost/vsock: fix use-after-free in network stack callers SUNRPC: Fix leak of krb5p encode pages dmaengine: dw: Fix FIFO size for Intel Merrifield dmaengine: cppi41: delete channel from pending list when stop channel ARM: 8806/1: kprobes: Fix false positive with FORTIFY_SOURCE xhci: workaround CSS timeout on AMD SNPS 3.0 xHC xhci: Prevent U1/U2 link pm states if exit latency is too long f2fs: fix to do sanity check with block address in main area v2 swiotlb: clean up reporting Staging: lustre: remove two build warnings staging: atomisp: remove "fun" strncpy warning cifs: Fix separator when building path from dentry staging: rtl8712: Fix possible buffer overrun Revert commit ef9209b642f "staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c" drm/amdgpu: update mc firmware image for polaris12 variants drm/amdgpu/gmc8: update MC firmware for polaris Drivers: hv: vmbus: Offload the handling of channels to two workqueues tty: serial: 8250_mtk: always resume the device in probe. tty: do not set TTY_IO_ERROR flag if console port kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() libnvdimm, pfn: Pad pfn namespaces relative to other regions mac80211_hwsim: Timer should be initialized before device registered mac80211: Clear beacon_int in ieee80211_do_stop mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext mac80211: fix reordering of buffered broadcast packets mac80211: ignore NullFunc frames in the duplicate detection Linux 4.14.88 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2018-12-13 09:32:39 +01:00
Chuck Lever	e3dccb527c	SUNRPC: Fix leak of krb5p encode pages commit 8dae5398ab1ac107b1517e8195ed043d5f422bd0 upstream. call_encode can be invoked more than once per RPC call. Ensure that each call to gss_wrap_req_priv does not overwrite pointers to previously allocated memory. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Cc: stable@kernel.org Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-12-13 09:18:52 +01:00
Greg Kroah-Hartman	d11d7f1ccf	This is the 4.14.85 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlwCSZQACgkQONu9yGCS aT5wzQ/6A31L74oPCjss3YCJE+bDd1eUKWi6qK+Q4BYAP45Zlub8Vcu1wHro0x5g mdxydq2du12ZD/PJ/EhPQXQHZbAkibj6nJC8Y+uTi1AsEh/Nd+G9yn0d2cPrRnVp zJqBbNllOiKEdTVwBE/Y0LAPMWGm4ldIkseRjOoablWxGBHBfbfKFePr5IJznOY5 3Zf0FzusNXdrSr3195UIRMPFLqVcr9PbTF+0gUIhojtrSfowgVlwhX8A4aEWA3iz Cr51lo8WAqf8Z3n++YaB5sw+eDnjWfWoi+3kq7P8qkRd7Q/EJCOGjArYR4kDOzAi TuIjAm5nNuvjxitj5seAs843kjBxmHVkGWisAMIonIqFyzmHW7zxv1TRqTOOe+9w oI0edZb7yeMI1Yv/V7DECzpoyhEte4JomPPfWmUMe5gLkIRMfiPjGHwFfrq918fO C+H+PVNMBtyxwzvvibLRR32ZpSpbHiHud5k1+iLFo1IYLMw0q8eeLra2YUhyFmXp IMKLAZrlk+CTEjg7ZEeh+m7v5ITC7TUyNa83ptPQEfWUsP7CniQ/N14B2wRdicMH Cq6WNB2Lirf8YFJtoXI18lsDuZGSIsBjxi1QTNRrwag0MQc8xQ5dn6uUVJfOu5Mv s0OiT2TaICEioX9OxwaPlttsFQQaGQ69Bgv9May+kjkTNphunIs= =7Ahn -----END PGP SIGNATURE----- Merge 4.14.85 into android-4.14 Changes in 4.14.85 efi/libstub: arm: support building with clang ARM: 8766/1: drop no-thumb-interwork in EABI mode ARM: 8767/1: add support for building ARM kernel with clang bus: arm-cci: remove unnecessary unreachable() ARM: trusted_foundations: do not use naked function usb: core: Fix hub port connection events lost usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers usb: dwc3: gadget: Properly check last unaligned/zero chain TRB usb: dwc3: core: Clean up ULPI device xhci: Add check for invalid byte size error when UAS devices are connected. usb: xhci: fix timeout for transition from RExit to U0 ALSA: oss: Use kvzalloc() for local buffer allocations MAINTAINERS: Add Sasha as a stable branch maintainer mmc: sdhci-pci: Try "cd" for card-detect lookup before using NULL gpio: don't free unallocated ida on gpiochip_add_data_with_key() error path iwlwifi: mvm: support sta_statistics() even on older firmware iwlwifi: mvm: fix regulatory domain update when the firmware starts iwlwifi: mvm: don't use SAR Geo if basic SAR is not used brcmfmac: fix reporting support for 160 MHz channels tools/power/cpupower: fix compilation with STATIC=true v9fs_dir_readdir: fix double-free on p9stat_read error selinux: Add __GFP_NOWARN to allocation at str_read() Input: synaptics - avoid using uninitialized variable when probing bfs: add sanity check at bfs_fill_super() sctp: clear the transport of some out_chunk_list chunks in sctp_assoc_rm_peer gfs2: Don't leave s_fs_info pointing to freed memory in init_sbd llc: do not use sk_eat_skb() mm: don't warn about large allocations for slab mm/memory.c: recheck page table entry with page table lock held tcp: do not release socket ownership in tcp_close() IB/core: Perform modify QP on real one usb: xhci: Prevent bus suspend if a port connect change or polling state is detected drm/ast: change resolution may cause screen blurred drm/ast: fixed cursor may disappear sometimes drm/ast: Remove existing framebuffers before loading driver can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length can: dev: __can_get_echo_skb(): Don't crash the kernel if can_priv::echo_skb is accessed out of bounds can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions can: rx-offload: rename can_rx_offload_irq_queue_err_skb() to can_rx_offload_queue_tail() can: raw: check for CAN FD capable netdev in raw_sendmsg() can: hi311x: Use level-triggered interrupt IB/hfi1: Eliminate races in the SDMA send error path pinctrl: meson: fix pinconf bias disable KVM: PPC: Move and undef TRACE_INCLUDE_PATH/FILE cpufreq: imx6q: add return value check for voltage scale rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write crypto: simd - correctly take reqsize of wrapped skcipher into account floppy: fix race condition in __floppy_read_block_0() powerpc/io: Fix the IO workarounds code to work with Radix perf/x86/intel/uncore: Add more IMC PCI IDs for KabyLake and CoffeeLake CPUs SUNRPC: Fix a bogus get/put in generic_key_to_expire() kdb: Use strscpy with destination buffer size powerpc/numa: Suppress "VPHN is not supported" messages efi/arm: Revert deferred unmap of early memmap mapping z3fold: fix possible reclaim races tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset mm, page_alloc: check for max order in hot path of: add helper to lookup compatible child node NFC: nfcmrvl_uart: fix OF child-node lookup net: bcmgenet: fix OF child-node lookup drm/mediatek: fix OF sibling-node lookup power: supply: twl4030-charger: fix OF sibling-node lookup arm64: remove no-op -p linker flag xhci: Allow more than 32 quirks xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc mtd: rawnand: atmel: fix OF child-node lookup ubi: fastmap: Check each mapping only once Input: xpad - add PDP device id 0x02a4 Input: xpad - fix some coding style issues Input: xpad - avoid using __set_bit() for capabilities Input: xpad - add support for Xbox1 PDP Camo series gamepad iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE kbuild: allow to use GCC toolchain not in Clang search path PCI: endpoint: Populate func_no before calling pci_epc_add_epf() net/mlx4_core: Fix wrong calculation of free counters i40iw: Fix memory leak in error path of create QP rtc: omap: fix error path when pinctrl_register fails clk: samsung: exynos5250: Add missing clocks for FIMC LITE SYSMMU devices ARM: dts: exynos: Fix invalid node referenced by i2c20 alias in Peach Pit and Pi driver core: Move device_links_purge() after bus_remove_device() include/linux/pfn_t.h: force '~' to be parsed as an unary operator tty: wipe buffer. tty: wipe buffer if not echoing data usb: xhci: fix uninitialized completion when USB3 port got wrong status namei: allow restricted O_CREAT of FIFOs and regular files lan78xx: Read MAC address from DT if present s390/mm: Check for valid vma before zapping in gmap_discard rcu: Make need_resched() respond to urgent RCU-QS needs net: ieee802154: 6lowpan: fix frag reassembly ima: always measure and audit files in policy EVM: Add support for portable signature format ima: re-introduce own integrity cache lock ima: re-initialize iint->atomic_flags Linux 4.14.85 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2018-12-01 09:50:46 +01:00
Trond Myklebust	677805a959	SUNRPC: Fix a bogus get/put in generic_key_to_expire() [ Upstream commit e3d5e573a54dabdc0f9f3cb039d799323372b251 ] Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2018-12-01 09:42:54 +01:00
Greg Kroah-Hartman	0e1d81608a	This is the 4.14.84 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlv9XnwACgkQONu9yGCS aT7SQw/8DNAVTNInqqvXPj0JnhSl+jtLS9jhzU08mabBWtNB9bRSJ2wf3BNHwzxp mBuUKyynhJILnuYRRngSWEpsxlYF8PxVfi6hhHJVb7ufiXCEnyQPwOUBovYQengc l+NolggkvaqkQuimom5RYBJZ8tzCszBqwMY7dHMivoKdnzKdW1N69YiGFecmVqzS 9p/I0rwSKuhZDEuBE0kJDRfpDdzpDG+XWV1StV1x8/A/+AOclTjsi6vVkPYqXBVT dXXCaSXHvsxpnAiHlfEGV8M1u8F1Ujjpk1l4YfeLr6+XGFQhu00QMcEXlEiDdC90 7djWg74J+ggguhWkMysUzo3+gZILw4mMS6/6t/Gg+GZWw0/Fx4UP+IxYqLeAHaZ6 O5n6Lm8M3sVEGzBbhbXN9uMGSRN55Cdbcs/eB/RsysiqQmCk9auuf4DFiCaqKqEp dJKE3PLKsHjrS4tU3OEQHkC2ekYYtsg0QKC2bvzdMyO2IbrnhAEvx3ChhQHNDPHQ foo5DWzO3lLa78K+g4EbMROc8DaKWJL3bP59J1yYObpfiqGKV7kMpqYlLS6F3AsS gm/lCXn1ZhMRoyx9VAqDmTTs+g6m8tQpwy69Buo+uDwny9i3OPIfuNjXz0N0dCx8 SyK7XpLh2nS5PtSVZUP+pEGsM06SUa67+lpo9QgFMziHYdnGaiA= =k58w -----END PGP SIGNATURE----- Merge 4.14.84 into android-4.14 Changes in 4.14.84 cifs: don't dereference smb_file_target before null check cifs: fix return value for cifs_listxattr arm64: kprobe: make page to RO mode when allocate it ixgbe: fix MAC anti-spoofing filter after VFLR reiserfs: propagate errors from fill_with_dentries() properly hfs: prevent btree data loss on root split hfsplus: prevent btree data loss on root split um: Give start_idle_thread() a return code drm/edid: Add 6 bpc quirk for BOE panel. platform/x86: intel_telemetry: report debugfs failure clk: fixed-rate: fix of_node_get-put imbalance perf symbols: Set PLT entry/header sizes properly on Sparc fs/exofs: fix potential memory leak in mount option parsing clk: samsung: exynos5420: Enable PERIS clocks for suspend apparmor: Fix uninitialized value in aa_split_fqname x86/earlyprintk: Add a force option for pciserial device platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 arm64: percpu: Initialize ret in the default case s390/vdso: add missing FORCE to build targets netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace netfilter: ipset: actually allow allowable CIDR 0 in hash:net,port,net s390/mm: Fix ERROR: "__node_distance" undefined! netfilter: ipset: Correct rcu_dereference() call in ip_set_put_comment() netfilter: xt_IDLETIMER: add sysfs filename checking routine s390/qeth: fix HiperSockets sniffer hwmon: (ibmpowernv) Remove bogus __init annotations Revert "drm/exynos/decon5433: implement frame counter" clk: fixed-factor: fix of_node_get-put imbalance lib/raid6: Fix arm64 test build s390/perf: Change CPUM_CF return code in event init function sched/core: Take the hotplug lock in sched_init_smp() perf tools: Fix undefined symbol scnprintf in libperf-jvmti.so i40e: restore NETIF_F_GSO_IPXIP[46] to netdev features qed: Fix memory/entry leak in qed_init_sp_request() qed: Fix blocking/unlimited SPQ entries leak qed: Fix potential memory corruption net: stmmac: Fix RX packet size > 8191 zram: close udev startup race condition as default groups SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM perf machine: Add machine__is() to identify machine arch perf tools: Fix kernel_start for PTI on x86 perf machine: Add nr_cpus_avail() perf machine: Workaround missing maps for x86 PTI entry trampolines perf test code-reading: Fix perf_env setup for PTI entry trampolines x86/mm: Move LDT remap out of KASLR region on 5-level paging x86/ldt: Unmap PTEs for the slot before freeing LDT pages media: v4l: event: Add subscription to list before calling "add" operation MIPS: OCTEON: cavium_octeon_defconfig: re-enable OCTEON USB driver uio: Fix an Oops on load usb: cdc-acm: add entry for Hiro (Conexant) modem USB: quirks: Add no-lpm quirk for Raydium touchscreens usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data USB: misc: appledisplay: add 20" Apple Cinema Display drivers/misc/sgi-gru: fix Spectre v1 vulnerability ACPI / platform: Add SMB0001 HID to forbidden_id_list HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges libceph: fall back to sendmsg for slab pages Linux 4.14.84 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2018-11-27 18:54:02 +01:00
YueHaibing	26eff85054	SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() [ Upstream commit 025911a5f4e36955498ed50806ad1b02f0f76288 ] There is no need to have the '__be32 *p' variable static since new value always be assigned before use it. Signed-off-by: YueHaibing <yuehaibing@huawei.com> Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>	2018-11-27 16:10:49 +01:00
Greg Kroah-Hartman	fb396435d9	This is the 4.14.82 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlv1FjgACgkQONu9yGCS aT4zGg//YFjwxz+/BvNEqweuuaXpqstUc1fJKR8QodqjrQjTu3TVVgRfzSdStype tVMVvRQKL9F8ErncxPzjJ/qZ8oM+m77xd46gvDa3U0cZBXRPE8Ppep3yXxWBYlbg zUcgo4jrHMbdB3aDPdHjI+gzf4b32WshlsfY/1dIPLZ1EzOsXbd6U+6UQebPC34T tGOYPOYZJ8RSsd+rlaVDqQWPOsE0biVGbYjqSHvPbKJ3mzvuspdaIjYwPknn/HFC EU9oW6L1Qo42Bx04gjhCj6me0u8JLUvM1/KVGnTzEsqUvs3M33bvbTzmoxT1KSv2 uyNmRuvVAQymwTxnkvEz85+cQKkNuiKQJBn8d4acG8ILNBwr72rcYC/udzXxAmt8 d+8OqKlrFq/IBtEe9X/BK7RNOMrv4ho+44ExKZkMmB7uFIF9W82vz1CU+yTDXbU4 yZrhnvvNjR7GDrtsa/AF2/4O4aAZp0TmMn+fgnJPa8ZG2ImqFXNwBSzH6es7iD2G N3jGavy5aJwgMirLo5fpdeDVGKC/GWHHK+rxMGONBEJz7n45IIeOzEdJMKnhyk+O G7W59O9lf0kWUqoiS5nh5U499le9T0H8yY13D4kkQcJJtbckq7tN2ilL4V7fCkRZ F8SxSpAP4d8VZWJdj2VVED7xJKlauBAosspLL/v4/Lly19Yoojw= =aFWK -----END PGP SIGNATURE----- Merge 4.14.82 into android-4.14 Changes in 4.14.82 powerpc/traps: restore recoverability of machine_check interrupts powerpc/64/module: REL32 relocation range check powerpc/mm: Fix page table dump to work on Radix powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() tty: check name length in tty_find_polling_driver() ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL powerpc/nohash: fix undefined behaviour when testing page size support powerpc/mm: Don't report hugepage tables as memory leaks when using kmemleak drm/omap: fix memory barrier bug in DMM driver drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer pointer media: pci: cx23885: handle adding to list failure media: coda: don't overwrite h.264 profile_idc on decoder instance MIPS: kexec: Mark CPU offline before disabling local IRQ powerpc/boot: Ensure _zimage_start is a weak symbol powerpc/memtrace: Remove memory in chunks MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS sc16is7xx: Fix for multi-channel stall media: tvp5150: fix width alignment during set_selection() powerpc/selftests: Wait all threads to join staging:iio:ad7606: fix voltage scales 9p locks: fix glock.client_id leak in do_lock 9p: clear dangling pointers in p9stat_free cdrom: fix improper type cast, which can leat to information leak. ovl: fix error handling in ovl_verify_set_fh() scsi: qla2xxx: Fix incorrect port speed being set for FC adapters scsi: qla2xxx: Fix process response queue for ISP26XX and above scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx scsi: qla2xxx: shutdown chip if reset fail scsi: qla2xxx: Fix re-using LoopID when handle is in use fuse: Fix use-after-free in fuse_dev_do_read() fuse: Fix use-after-free in fuse_dev_do_write() fuse: fix blocked_waitq wakeup fuse: set FR_SENT while locked ovl: fix recursive oi->lock in ovl_link() MIPS: Loongson-3: Fix CPU UART irq delivery problem MIPS: Loongson-3: Fix BRIDGE irq delivery problem xtensa: add NOTES section to the linker script xtensa: make sure bFLT stack is 16 byte aligned xtensa: fix boot parameters address translation um: Drop own definition of PTRACE_SYSEMU/_SINGLESTEP clk: s2mps11: Fix matching when built as module and DT node contains compatible clk: at91: Fix division by zero in PLL recalc_rate() clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call clk: mvebu: use correct bit for 98DX3236 NAND media: ov7670: make "xclk" clock optional libceph: bump CEPH_MSG_MAX_DATA_LEN Revert "ceph: fix dentry leak in splice_dentry()" thermal: enable broadcom menu for arm64 bcm2835 mach64: fix display corruption on big endian machines mach64: fix image corruption due to reading accelerator registers reset: hisilicon: fix potential NULL pointer dereference vhost/scsi: truncate T10 PI iov_iter to prot_bytes scsi: qla2xxx: Initialize port speed to avoid setting lower speed SCSI: fix queue cleanup race before queue initialization is done soc: ti: QMSS: Fix usage of irq_set_affinity_hint ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry ocfs2: free up write context when direct IO failed mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings netfilter: conntrack: fix calculation of next bucket number in early_drop ARM: 8809/1: proc-v7: fix Thumb annotation of cpu_v7_hvc_switch_mm mtd: docg3: don't set conflicting BCH_CONST_PARAMS option of, numa: Validate some distance map rules x86/cpu/vmware: Do not trace vmware_sched_clock() x86/hyper-v: Enable PIT shutdown quirk termios, tty/tty_baudrate.c: fix buffer overrun arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 watchdog/core: Add missing prototypes for weak functions btrfs: fix pinned underflow after transaction aborted Btrfs: fix cur_offset in the error case for nocow Btrfs: fix infinite loop on inode eviction after deduplication of eof block Btrfs: fix data corruption due to cloning of eof block clockevents/drivers/i8253: Add support for PIT shutdown quirk ext4: add missing brelse() update_backups()'s error path ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path ext4: add missing brelse() add_new_gdb_meta_bg()'s error path ext4: avoid potential extra brelse in setup_new_flex_group_blocks() ext4: missing !bh check in ext4_xattr_inode_write() ext4: fix possible inode leak in the retry loop of ext4_resize_fs() ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() ext4: avoid buffer leak in ext4_orphan_add() after prior errors ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing ext4: avoid possible double brelse() in add_new_gdb() on error path ext4: fix possible leak of sbi->s_group_desc_leak in error path ext4: fix possible leak of s_journal_flag_rwsem in error path ext4: fix buffer leak in ext4_xattr_get_block() on error path ext4: release bs.bh before re-using in ext4_xattr_block_find() ext4: fix buffer leak in ext4_xattr_move_to_block() on error path ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path ext4: fix buffer leak in __ext4_read_dirblock() on error path mount: Retest MNT_LOCKED in do_umount mount: Don't allow copying MNT_UNBINDABLE\|MNT_LOCKED mounts mount: Prevent MNT_DETACH from disconnecting locked mounts kdb: use correct pointer when 'btc' calls 'btt' kdb: print real address of pointers instead of hashed addresses sunrpc: correct the computation for page_ptr when truncating nfsd: COPY and CLONE operations require the saved filehandle to be set rtc: hctosys: Add missing range error reporting fuse: fix use-after-free in fuse_direct_IO() fuse: fix leaked notify reply configfs: replace strncpy with memcpy gfs2: Put bitmap buffers in put_super crypto: user - fix leaking uninitialized memory to userspace lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! mm/swapfile.c: use kvzalloc for swap_info_struct allocation efi/arm/libstub: Pack FDT after populating it drm/rockchip: Allow driver to be shutdown on reboot/kexec drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type drm/nouveau: Check backlight IDs are >= 0, not > 0 drm/dp_mst: Check if primary mstb is null drm/i915: Restore vblank interrupts earlier drm/i915: Don't unset intel_connector->mst_port drm/i915: Skip vcpi allocation for MSTB ports that are gone drm/i915: Large page offsets for pread/pwrite drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values drm/i915: Don't oops during modeset shutdown after lpe audio deinit drm/i915: Mark pin flags as u64 drm/i915/execlists: Force write serialisation into context image vs execution CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM ovl: check whiteout in ovl_create_over_whiteout() printk: Never set console_may_schedule in console_trylock() nvme-loop: fix kernel oops in case of unhandled command gpio: brcmstb: release the bgpio lock during irq handlers Linux 4.14.82 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2018-11-21 11:25:04 +01:00
Frank Sorenson	a56609f725	sunrpc: correct the computation for page_ptr when truncating commit 5d7a5bcb67c70cbc904057ef52d3fcfeb24420bb upstream. When truncating the encode buffer, the page_ptr is getting advanced, causing the next page to be skipped while encoding. The page is still included in the response, so the response contains a page of bogus data. We need to adjust the page_ptr backwards to ensure we encode the next page into the correct place. We saw this triggered when concurrent directory modifications caused nfsd4_encode_direct_fattr() to return nfserr_noent, and the resulting call to xdr_truncate_encode() corrupted the READDIR reply. Signed-off-by: Frank Sorenson <sorenson@redhat.com> Cc: stable@vger.kernel.org Signed-off-by: J. Bruce Fields <bfields@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2018-11-21 09:24:14 +01:00
Greg Kroah-Hartman	4e76528bd4	This is the 4.14.81 stable release -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlvrIsYACgkQONu9yGCS aT7AahAAn0IfSox3VzHgWzpZJts8jGyziMbP15hjSJjYlZSrrxUVKW3H5Kf0CUmR 33GaUM3CbfWAlQdqcgHbIoydQwY38Rggmuc/zonC+Bo0tPjfYGGGF6iFfNnwe+1L nwYa2G/iPH776/+JkkSYbSsYnu5jHqGdkpai5zA5BFXd0HgD1vjRlsh7oKi2hwzk ktWPVNQjucBOmXcG2hDzP685hj/e49trHzkCxwZG0CDJBbWHN8c5gxaTGf8QstuS JvRts1Uh7w2kUkMh0oGcsFsEXJtupiAwUR36CqWA/kIfGBT+3D0XLCmWsDEqMxKQ XWJXMAL/gPXi2b8bJaL4jyvuKwF4auWOWWP0rwRzyZKwHk2Mxa1aAc7QM6KgKoLx DG4m+OLcCVFtHZDb70EXtl8qPtF6CBsY/EqbC1vaaFtwj0s3ytS/P6S37oPyJhC6 JF5O+k9cz9/C+2rkKrrzGnVrXoVlySczHxORkkdcTksRj/fxZ9j0C/+r5ZJbDy7k 8dzDJaThzLxS9nnD0ctGNIHzBr1iubyWGWN6dWHT2JlpcF9l1o6zlV3uIAnGiO+R Qa3kNhIGKP265wqn/wGZpQX1aK4cO8e9FEaOQNpKzP4AB9whUpf/unDe9M/LVqRM PEESzW8XLMaFL6WJlz3ZvO+C0LiUkbwAadLtsMaOGLcSh90C3jc= =vsAz -----END PGP SIGNATURE----- Merge 4.14.81 into android-4.14 Changes in 4.14.81 mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB spi: bcm-qspi: switch back to reading flash using smaller chunks bcache: trace missed reading by cache_missed bcache: fix miss key refill->end in writeback hwmon: (pmbus) Fix page count auto-detection. jffs2: free jffs2_sb_info through jffs2_kill_sb() cpufreq: conservative: Take limits changes into account properly pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges ipmi: Fix timer race with module unload parisc: Fix address in HPMC IVA parisc: Fix map_pages() to not overwrite existing pte entries parisc: Fix exported address of os_hpmc handler ALSA: hda - Add quirk for ASUS G751 laptop ALSA: hda - Fix headphone pin config for ASUS G751 ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 ALSA: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation x86/xen: Fix boot loader version reported for PVH guests x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided x86/mm/pat: Disable preemption around __flush_tlb_all() x86/speculation: Support Enhanced IBRS on future CPUs ARM: dts: exynos: Disable pull control for MAX8997 interrupts on Origen bpf: do not blindly change rlimit in reuseport net selftest Revert "perf tools: Fix PMU term format max value calculation" xfrm: policy: use hlist rcu variants on insert perf vendor events intel: Fix wrong filter_band* values for uncore events sparc: Fix single-pcr perf event counter management. sparc: Throttle perf events properly. sparc64: Make proc_id signed. sched/fair: Fix the min_vruntime update logic in dequeue_entity() perf tools: Fix use of alternatives to find JDIR perf cpu_map: Align cpu map synthesized events properly. x86/fpu: Remove second definition of fpu in __fpu__restore_sig() net: qla3xxx: Remove overflowing shift statement selftests: ftrace: Add synthetic event syntax testcase i2c: rcar: cleanup DMA for all kinds of failure locking/lockdep: Fix debug_locks off performance problem ataflop: fix error handling during setup swim: fix cleanup on setup error nfp: devlink port split support for 1x100G CXP NIC tun: Consistently configure generic netdev params via rtnetlink s390/sthyi: Fix machine name validity indication hwmon: (pwm-fan) Set fan speed to 0 on suspend lightnvm: pblk: fix two sleep-in-atomic-context bugs spi: spi-ep93xx: Use dma_data_direction for ep93xx_spi_dma_{finish,prepare} perf tools: Free temporary 'sys' string in read_event_files() perf tools: Cleanup trace-event-info 'tdata' leak perf strbuf: Match va_{add,copy} with va_end cpupower: Fix coredump on VMWare mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 iwlwifi: pcie: avoid empty free RB queue iwlwifi: mvm: clear HW_RESTART_REQUESTED when stopping the interface x86/olpc: Indicate that legacy PC XO-1 platform should not register RTC ACPI / processor: Fix the return value of acpi_processor_ids_walk() cpufreq: dt: Try freeing static OPPs only if we have added them mtd: rawnand: atmel: Fix potential NULL pointer dereference signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth x86: boot: Fix EFI stub alignment pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux brcmfmac: fix for proper support of 160MHz bandwidth net: phy: phylink: ensure the carrier is off when starting phylink block, bfq: correctly charge and reset entity service in all cases kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers pinctrl: qcom: spmi-mpp: Fix drive strength setting pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant net: dsa: mv88e6xxx: Fix writing to a PHY page. iwlwifi: mvm: fix BAR seq ctrl reporting ixgbevf: VF2VF TCP RSS ath10k: schedule hardware restart if WMI command times out thermal: da9062/61: Prevent hardware access during system suspend cgroup, netclassid: add a preemption point to write_classid scsi: esp_scsi: Track residual for PIO transfers UAPI: ndctl: Fix g++-unsupported initialisation in headers KVM: nVMX: Clear reserved bits of #DB exit qualification scsi: megaraid_sas: fix a missing-check bug RDMA/core: Do not expose unsupported counters IB/ipoib: Clear IPCB before icmp_send RDMA/bnxt_re: Fix recursive lock warning in debug kernel usb: host: ohci-at91: fix request of irq for optional gpio PCI: mediatek: Fix mtk_pcie_find_port() endpoint/port matching logic tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated Drivers: hv: vmbus: Use cpumask_var_t for on-stack cpu mask VMCI: Resource wildcard match fixed PCI / ACPI: Enable wake automatically for power managed bridges usb: gadget: udc: atmel: handle at91sam9rl PMC ext4: fix argument checking in EXT4_IOC_MOVE_EXT MD: fix invalid stored role for a disk f2fs: fix to recover inode's i_flags during POR PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice coresight: etb10: Fix handling of perf mode PCI: dwc: pci-dra7xx: Enable errata i870 for both EP and RC mode crypto: caam - fix implicit casts in endianness helpers usb: chipidea: Prevent unbalanced IRQ disable driver/dma/ioat: Call del_timer_sync() without holding prep_lock uio: ensure class is registered before devices scsi: lpfc: Correct soft lockup when running mds diagnostics scsi: lpfc: Correct race with abort on completion path f2fs: report error if quota off error during umount signal: Always deliver the kernel's SIGKILL and SIGSTOP to a pid namespace init mfd: menelaus: Fix possible race condition and leak dmaengine: dma-jz4780: Return error if not probed from DT IB/rxe: fix for duplicate request processing and ack psns ALSA: hda: Check the non-cached stream buffers more explicitly cpupower: Fix AMD Family 0x17 msr_pstate size Revert "f2fs: fix to clear PG_checked flag in set_page_dirty()" f2fs: fix to account IO correctly ARM: dts: exynos: Remove "cooling-{min\|max}-level" for CPU nodes arm: dts: exynos: Add missing cooling device properties for CPUs ARM: dts: exynos: Convert exynos5250.dtsi to opp-v2 bindings ARM: dts: exynos: Mark 1 GHz CPU OPP as suspend OPP on Exynos5250 xen-swiotlb: use actually allocated size on check physical continuous tpm: Restore functionality to xen vtpm driver. xen/blkfront: avoid NULL blkfront_info dereference on device removal xen/balloon: Support xend-based toolstack xen: fix race in xen_qlock_wait() xen: make xen_qlock_wait() nestable xen/pvh: increase early stack size xen/pvh: don't try to unplug emulated devices libertas: don't set URB_ZERO_PACKET on IN USB transfer usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten usb: gadget: udc: renesas_usb3: Fix b-device mode for "workaround" iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() net/ipv4: defensive cipso option parsing dmaengine: ppc4xx: fix off-by-one build failure dmaengine: stm32-dma: fix incomplete configuration in cyclic mode libnvdimm: Hold reference on parent while scheduling async init libnvdimm, region: Fail badblocks listing for inactive regions ASoC: intel: skylake: Add missing break in skl_tplg_get_token() IB/mlx5: Fix MR cache initialization jbd2: fix use after free in jbd2_log_do_checkpoint() gfs2_meta: ->mount() can get NULL dev_name ext4: initialize retries variable in ext4_da_write_inline_data_begin() ext4: fix setattr project check in fssetxattr ioctl ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR ext4: fix use-after-free race in ext4_remount()'s error path HID: hiddev: fix potential Spectre v1 EDAC, amd64: Add Family 17h, models 10h-2fh support EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting EDAC, skx_edac: Fix logical channel intermediate decoding ARM: dts: dra7: Fix up unaligned access setting for PCIe EP PCI/ASPM: Fix link_state teardown on device removal PCI: Add Device IDs for Intel GPU "spurious interrupt" quirk PCI: vmd: White list for fast interrupt handlers signal/GenWQE: Fix sending of SIGKILL signal: Guard against negative signal numbers in copy_siginfo_from_user32 crypto: lrw - Fix out-of bounds access on counter overflow crypto: tcrypt - fix ghash-generic speed test mm: /proc/pid/smaps_rollup: fix NULL pointer deref in smaps_pte_range() ima: fix showing large 'violations' or 'runtime_measurements_count' hugetlbfs: dirty pages as they are added to pagecache mm/rmap: map_pte() was not handling private ZONE_DEVICE page properly KVM: arm64: Fix caching of host MDCR_EL2 value kbuild: fix kernel/bounds.c 'W=1' warning iio: ad5064: Fix regulator handling iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() iio: adc: at91: fix acking DRDY irq on simple conversions iio: adc: at91: fix wrong channel number in triggered buffer mode w1: omap-hdq: fix missing bus unregister at removal smb3: allow stats which track session and share reconnects to be reset smb3: do not attempt cifs operation in smb3 query info error path smb3: on kerberos mount if server doesn't specify auth type use krb5 printk: Fix panic caused by passing log_buf_len to command line genirq: Fix race on spurious interrupt detection NFSv4.1: Fix the r/wsize checking nfs: Fix a missed page unlock after pg_doio() nfsd: Fix an Oops in free_session() lockd: fix access beyond unterminated strings in prints dm ioctl: harden copy_params()'s copy_from_user() from malicious users dm zoned: fix metadata block ref counting dm zoned: fix various dmz_get_mblock() issues powerpc/msi: Fix compile error on mpc83xx MIPS: OCTEON: fix out of bounds array access on CN68XX iommu/arm-smmu: Ensure that page-table updates are visible before TLBI TC: Set DMA masks for devices media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD kgdboc: Passing ekgdboc to command line causes panic xen: fix xen_qlock_wait() xen-blkfront: fix kernel panic with negotiate_mq error path media: em28xx: use a default format if TRY_FMT fails media: tvp5150: avoid going past array on v4l2_querymenu() media: em28xx: fix input name for Terratec AV 350 media: em28xx: make v4l2-compliance happier by starting sequence on zero media: media colorspaces*.rst: rename AdobeRGB to opRGB arm64: lse: remove -fcall-used-x0 flag rpmsg: smd: fix memory leak on channel create Cramfs: fix abad comparison when wrap-arounds occur ARM: dts: socfpga: Fix SDRAM node address for Arria10 arm64: dts: stratix10: Correct System Manager register size soc/tegra: pmc: Fix child-node lookup selftests/powerpc: Fix ptrace tm failure btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled btrfs: Handle owner mismatch gracefully when walking up tree btrfs: locking: Add extra check in btrfs_init_new_buffer() to avoid deadlock btrfs: fix error handling in free_log_tree btrfs: Enhance btrfs_trim_fs function to handle error better btrfs: Ensure btrfs_trim_fs can trim the whole filesystem btrfs: iterate all devices during trim, instead of fs_devices::alloc_list btrfs: don't attempt to trim devices that don't support it btrfs: wait on caching when putting the bg cache btrfs: protect space cache inode alloc with GFP_NOFS btrfs: reset max_extent_size on clear in a bitmap btrfs: make sure we create all new block groups Btrfs: fix warning when replaying log after fsync of a tmpfile Btrfs: fix wrong dentries after fsync of file that got its parent replaced btrfs: qgroup: Dirty all qgroups before rescan Btrfs: fix null pointer dereference on compressed write path error Btrfs: fix assertion on fsync of regular file when using no-holes feature btrfs: set max_extent_size properly btrfs: don't use ctl->free_space for max_extent_size btrfs: only free reserved extent if we didn't insert it btrfs: don't run delayed_iputs in commit btrfs: move the dio_sem higher up the callchain Btrfs: fix use-after-free during inode eviction Btrfs: fix use-after-free when dumping free space Btrfs: fix fsync after hole punching when using no-holes feature net: sched: Remove TCA_OPTIONS from policy bpf: wait for running BPF programs when updating map-in-map MD: fix invalid stored role for a disk - try2 Linux 4.14.81 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>	2018-11-14 09:48:19 -08:00

1 2 3 4 5 ...

3118 Commits