mirror of
https://github.com/rd-stuffs/msm-4.14.git
synced 2025-02-20 11:45:48 +08:00
392 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Richard Raya
|
9cdc78c354 |
Merge branch 'android-4.14-stable' of https://android.googlesource.com/kernel/common
* 'android-4.14-stable' of https://android.googlesource.com/kernel/common: (2966 commits) Linux 4.14.331 net: sched: fix race condition in qdisc_graft() scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks ext4: correct return value of ext4_convert_meta_bg ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: apply umask if ACL support is disabled media: venus: hfi: fix the check to handle session buffer requirement media: sharp: fix sharp encoding i2c: i801: fix potential race in i801_block_transaction_byte_by_byte net: dsa: lan9303: consequently nested-lock physical MDIO ALSA: info: Fix potential deadlock at disconnection parisc/pgtable: Do not drop upper 5 address bits of physical address parisc: Prevent booting 64-bit kernels on PA1.x machines mcb: fix error handling for different scenarios when parsing jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware mmc: meson-gx: Remove setting of CMD_CFG_ERROR PM: hibernate: Clean up sync_read handling in snapshot_write_next() PM: hibernate: Use __get_safe_page() rather than touching the list ... Change-Id: I755d2aa7c525ace28adc4aee433572b3110ea39b |
||
Greg Kroah-Hartman
|
67419faf9f |
This is the 4.14.328 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmU43EMACgkQONu9yGCS aT7lzQ/+LlalhbWmaKVFXymwhXfy7Z2KvWC7SxMTi0DvMryyZqwM1o52XS7zuPyt pB1d1hlhgPV8TkpVkGL9BAovDiF7f6vx8m/13DdPS1VDwliD5jgan/0Cjrz7nMyF B5zHwspMnkKiEX0Ye4rEy2Z6UMd29CZ75HLpqzVukJ3rY0tswIPqTJ8gO3jrj4Vq rPNUWT4h8TqAlG41Gq452MKrtTRpNyRyS/wD7LDrfAuDBmhLje3QbWc5E0w0RAnh 4GngjeXB5FZFVwZTr5uC6N5r9tesJGpa7fF77dSkRGC+LDIm01mr8/RdWDIxKbmV Cr+TgkX1VeYtKvNb/5KS077axXiY8sDSRmgViUN1EXoBLm7E4gllTRrX0m7S7jHQ K9EDMqPdNyvYxPUnFptNdlZBAxtqndkv0SZ7TSrjYApD5A5l8xv/juZVDePUsfwg WLIB8QheKX+18vaUy3khsBBcsCEVxp8o/Xq6pZuvJLH53MOl1n2Ml24h2xhu2MMu ZuLznKpWo3O89h51tD+zVX+cgCWMJDAt1mH46at+5W5A4xRd00h7jBCdfkMSBwb9 hXpb2g8bb6KSJsKgPcD6hvyvg8/9c5yzhV3CmPseOSvy6wnOupHUBUJCiG/tLFBm ht11wb1pgdk5MlpXiBZGjE6QsaGIGw7Y98Hl7rpyLLdna6gSKls= =8Zs3 -----END PGP SIGNATURE----- Merge 4.14.328 into android-4.14-stable Changes in 4.14.328 RDMA/cxgb4: Check skb value for failure to allocate HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect drm: etvnaviv: fix bad backport leading to warning ieee802154: ca8210: Fix a potential UAF in ca8210_probe drm/vmwgfx: fix typo of sizeof argument ixgbe: fix crash with empty VF macvlan list nfc: nci: assert requested protocol is valid workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read usb: musb: Get the musb_qh poniter after musb_giveback usb: musb: Modify the "HWVers" register address iio: pressure: bmp280: Fix NULL pointer exception iio: pressure: ms5611: ms5611_prom_is_valid false negative bug mcb: remove is_added flag from mcb_device struct ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Input: powermate - fix use-after-free in powermate_config_complete Input: xpad - add PXN V900 support cgroup: Remove duplicates in cgroup v1 tasks file pinctrl: avoid unsafe code pattern in find_pinctrl() usb: gadget: udc-xilinx: replace memcpy with memcpy_toio usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs usb: hub: Guard against accesses to uninitialized BOS descriptors Bluetooth: hci_event: Ignore NULL link key Bluetooth: Reject connection with the device which has same BD_ADDR Bluetooth: Fix a refcnt underflow problem for hci_conn Bluetooth: vhci: Fix race when opening vhci device Bluetooth: hci_event: Fix coding style Bluetooth: avoid memcmp() out of bounds warning nfc: nci: fix possible NULL pointer dereference in send_acknowledge() regmap: fix NULL deref on lookup KVM: x86: Mask LVTPC when handling a PMI netfilter: nft_payload: fix wrong mac header matching xfrm: fix a data-race in xfrm_gen_index() net: ipv4: fix return value check in esp_remove_trailer net: ipv6: fix return value check in esp_remove_trailer net: rfkill: gpio: prevent value glitch during probe net: usb: smsc95xx: Fix an error code in smsc95xx_reset() i40e: prevent crash on probe if hw registers have invalid values ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone btrfs: initialize start_slot in btrfs_log_prealloc_extents i2c: mux: Avoid potential false error message in i2c_mux_add_adapter overlayfs: set ctime when setting mtime and atime gpio: timberdale: Fix potential deadlock on &tgpio->lock ata: libata-eh: Fix compilation warning in ata_eh_link_report() tracing: relax trace_event_eval_update() execution with cond_resched() HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event Bluetooth: Avoid redundant authentication Bluetooth: hci_core: Fix build warnings wifi: mac80211: allow transmitting EAPOL frames with tainted key wifi: cfg80211: avoid leaking stack data into trace sky2: Make sure there is at least one frag_addr available mmc: core: Capture correct oemid-bits for eMMC cards Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" ACPI: irq: Fix incorrect return value in acpi_register_gsi() USB: serial: option: add Telit LE910C4-WWX 0x1035 composition USB: serial: option: add entry for Sierra EM9191 with new firmware USB: serial: option: add Fibocom to DELL custom modem FM101R-GL perf: Disallow mis-matched inherited group reads s390/pci: fix iommu bitmap allocation gpio: vf610: set value before the direction to avoid a glitch Bluetooth: hci_sock: fix slab oob read in create_monitor_event Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name Bluetooth: hci_event: Fix using memcmp when comparing keys Linux 4.14.328 Change-Id: I0ad6691640e3f75a6016e2004f005414a50dc7b9 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jeff Layton
|
d03732a4b7 |
overlayfs: set ctime when setting mtime and atime
[ Upstream commit 03dbab3bba5f009d053635c729d1244f2c8bad38 ] Nathan reported that he was seeing the new warning in setattr_copy_mgtime pop when starting podman containers. Overlayfs is trying to set the atime and mtime via notify_change without also setting the ctime. POSIX states that when the atime and mtime are updated via utimes() that we must also update the ctime to the current time. The situation with overlayfs copy-up is analogies, so add ATTR_CTIME to the bitmask. notify_change will fill in the value. Reported-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Jeff Layton <jlayton@kernel.org> Tested-by: Nathan Chancellor <nathan@kernel.org> Acked-by: Christian Brauner <brauner@kernel.org> Acked-by: Amir Goldstein <amir73il@gmail.com> Message-Id: <20230913-ctime-v1-1-c6bc509cbc27@kernel.org> Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Arian
|
3a330c6445 |
Merge branch 'android-4.14-stable' of https://android.googlesource.com/kernel/common into HEAD
Change-Id: I714223aa1f97959bd97b6bf758511466c9394bd8 |
||
|
Greg Kroah-Hartman
|
156a9ad2e0 |
This is the 4.14.251 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmFr2ggACgkQONu9yGCS aT5t1xAAnH3MC0v48ikVkYlq8TY8Bb+f5xzuxUdgIzLQ/r2p+76HmASUG59aTG6r eZHxjlmUXzLQ7xGmS36uQhoBRDRFy7SgeRfIXT57YwXz4h0p0R9EqJbJw6oQX+T/ nbLG+NUQ6mGpX0eL+dyEZlTy1/u/e4xrWifUhaMYy+KI7Mbm3PPNFxwwU40w+8CJ IRaeJp13iIqIGzoAcyoLMIqWEzMHVG3h1jY3bsGmLELaP/h1DgekXkD5tcyzrXho NfxSfjAl4QNG9+W5/VYj11uDlcdkg9vXwjsfk4YXgkpqeC/ReMXpYlFU0FFfTP6l nzHY4zCFwjdbhLa22/SUDgv2rSYmHLYuBVkVWJlw/WT1ERccTPj7i4Ud0wgJgIM/ LcTSSPbJ70MwewpueizQbA9+gCc8lQx8ZTU++jMvtB2rwHtd6IqvdVbv5bMFtgkV XEtKmH967HQKOHL0k9Rb+wRoIiaD0GqEEjaMQhxT3oz60JVg2kL0CBbs44BuWY70 aKQba7LHxeCdln6DTjGLkS1obEV3LNbgQ5KCdTyntw8l9XMx7Woif15aWfh/M4op qUspHcvJve0/YoQV7D8yuJ1y0/fLOUmaAST0ZLz2ydpfCHdPsUHU60R4X7H18Pw2 tCJjaZ0rFr/YsNW9Q6nX/JFz2fGaaYYpF133KfpO9TBbkJ0gD0g= =NerT -----END PGP SIGNATURE----- Merge 4.14.251 into android-4.14-stable Changes in 4.14.251 Partially revert "usb: Kconfig: using select for USB_COMMON dependency" USB: cdc-acm: fix racy tty buffer accesses USB: cdc-acm: fix break reporting ovl: fix missing negative dentry check in ovl_rename() nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero xen/balloon: fix cancelled balloon action ARM: dts: omap3430-sdp: Fix NAND device node ARM: dts: qcom: apq8064: use compatible which contains chipid bpf: add also cbpf long jump test cases with heavy expansion bpf, mips: Validate conditional branch offsets xtensa: call irqchip_init only when CONFIG_USE_OF is selected bpf: Fix integer overflow in prealloc_elems_and_freelist() phy: mdio: fix memory leak net_sched: fix NULL deref in fifo_set_limit() powerpc/fsl/dts: Fix phy-connection-type for fm1mac3 ptp_pch: Load module automatically if ID matches ARM: imx6: disable the GIC CPU interface before calling stby-poweroff sequence net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() netlink: annotate data races around nlk->bound drm/nouveau/debugfs: fix file release memory leak rtnetlink: fix if_nlmsg_stats_size() under estimation i40e: fix endless loop under rtnl i2c: acpi: fix resource leak in reconfiguration device addition net: phy: bcm7xxx: Fixed indirect MMD operations HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS netfilter: ip6_tables: zero-initialize fragment offset mac80211: Drop frames from invalid MAC address in ad-hoc mode m68k: Handle arrivals of multiple signals correctly net: sun: SUNVNET_COMMON should depend on INET scsi: ses: Fix unsigned comparison with less than zero scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" perf/x86: Reset destroy callback on event init failure sched: Always inline is_percpu_thread() Linux 4.14.251 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I10045fe572035e26d8d1399c70ace241589ac2a2 |
||
Zheng Liang
|
1caaa82091 |
ovl: fix missing negative dentry check in ovl_rename()
commit a295aef603e109a47af355477326bd41151765b6 upstream.
The following reproducer
mkdir lower upper work merge
touch lower/old
touch lower/new
mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge
rm merge/new
mv merge/old merge/new & unlink upper/new
may result in this race:
PROCESS A:
rename("merge/old", "merge/new");
overwrite=true,ovl_lower_positive(old)=true,
ovl_dentry_is_whiteout(new)=true -> flags |= RENAME_EXCHANGE
PROCESS B:
unlink("upper/new");
PROCESS A:
lookup newdentry in new_upperdir
call vfs_rename() with negative newdentry and RENAME_EXCHANGE
Fix by adding the missing check for negative newdentry.
Signed-off-by: Zheng Liang <zhengliang6@huawei.com>
Fixes: e9be9d5e76e3 ("overlay filesystem")
Cc: <stable@vger.kernel.org> # v3.18
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
c0303b0388 |
This is the 4.14.222 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmA0/JEACgkQONu9yGCS aT5IQA//XG0oLCFo1l6DDRPINDK104bYork5yGmqjGfdSplnH/OYkwmebAJEUmNn ha+Qv9xw1JlR/oGBwC4Zp0jBV4+Gjuh6SuqdyCH/NI+tTSnKd1MzfqMmo6rb5iaz RspBVgc+I5sV7Fa3GVwR54a5Yo3JgUEMIxT+q1Ftu9QT3kr1Zo0m3odm8/j8EI5o mYaYbNPnXfcn7NCotyIq2g3q7rQTcbshlUoul9WxdjUcRMdAFY1Fnj6UxrWO1b0s oFj/u/KV0WB2IeXgZgStNS5qjKhmfZKj1rAVnYOpY0zwn0wKnGa2oh4G+Pfae2yk MXQaW2KL/Y8gsCzhj1N/L5yfRMatOfT3tAqD2gGqoJVWpmLU4p15piWD5uwWkxLw HtazDI4IBNAah7mog+xnD0V2Q8auZ7f4tbtkiHTfoyFs5BavK2VETOOTeAoUsX5O e/Dif0gv6SEhkFCkL4PBz4WylD1gOY8nD1FsgbfMZ0hDSpTIjrWUtMAYZejB8YUj lS28fKO7Nu0AoGElt2nt7xobJRmp/Y7GFoz1Thy750qtl8kXUJ5sqw99gAiPAZM/ cv4UgKPzU7qfw5/qry0717YHa7k/CTjSd7tw9erNxsjdQ7ptLOGJMhS3EFc5kzQT 77NC1rqnSTQHLJfsBaRiTn5IZB5PiJssrAwBhRTcBjdwTQe+fyI= =7i2A -----END PGP SIGNATURE----- Merge 4.14.222 into android-4.14-stable Changes in 4.14.222 fgraph: Initialize tracing_graph_pause at task creation remoteproc: qcom_q6v5_mss: Validate modem blob firmware size before load remoteproc: qcom_q6v5_mss: Validate MBA firmware size before load af_key: relax availability checks for skb size calculation pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap iwlwifi: mvm: guard against device removal in reprobe SUNRPC: Move simple_get_bytes and simple_get_netobj into private header SUNRPC: Handle 0 length opaque XDR object data properly lib/string: Add strscpy_pad() function include/trace/events/writeback.h: fix -Wstringop-truncation warnings memcg: fix a crash in wb_workfn when a device disappears squashfs: add more sanity checks in id lookup squashfs: add more sanity checks in inode lookup squashfs: add more sanity checks in xattr id lookup tracing: Do not count ftrace events in top level enable output tracing: Check length before giving out the filter buffer arm/xen: Don't probe xenbus as part of an early initcall MIPS: BMIPS: Fix section mismatch warning arm64: dts: rockchip: Fix PCIe DT properties on rk3399 platform/x86: hp-wmi: Disable tablet-mode reporting by default ovl: perform vfs_getxattr() with mounter creds cap: fix conversions on getxattr ovl: skip getxattr of security labels ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL ARM: ensure the signal page contains defined contents memblock: do not start bottom-up allocations with kernel_end bpf: Check for integer overflow when using roundup_pow_of_two() netfilter: xt_recent: Fix attempt to update deleted entry xen/netback: avoid race in xenvif_rx_ring_slots_available() netfilter: conntrack: skip identical origin tuple in same zone only usb: dwc3: ulpi: fix checkpatch warning usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one net/vmw_vsock: improve locking in vsock_connect_timeout() net: watchdog: hold device global xmit lock during tx disable vsock/virtio: update credit only if socket is not closed vsock: fix locking in vsock_shutdown() i2c: stm32f7: fix configuration of the digital filter h8300: fix PREEMPTION build, TI_PRE_COUNT undefined x86/build: Disable CET instrumentation in the kernel for 32-bit too trace: Use -mcount-record for dynamic ftrace tracing: Fix SKIP_STACK_VALIDATION=1 build due to bad merge with -mrecord-mcount tracing: Avoid calling cc-option -mrecord-mcount for every Makefile Xen/x86: don't bail early from clear_foreign_p2m_mapping() Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() Xen/gntdev: correct error checking in gntdev_map_grant_pages() xen/arm: don't ignore return errors from set_phys_to_machine xen-blkback: don't "handle" error by BUG() xen-netback: don't "handle" error by BUG() xen-scsiback: don't "handle" error by BUG() xen-blkback: fix error handling in xen_blkbk_map() scsi: qla2xxx: Fix crash during driver load on big endian machines USB: Gadget Ethernet: Re-enable Jumbo frames. usb: gadget: u_ether: Fix MTU size mismatch with RX packet size kvm: check tlbs_dirty directly Linux 4.14.222 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I22657377bcf9340798a60064ba3d5ebdf1165097 |
||
Amir Goldstein
|
4dfce60487 |
ovl: skip getxattr of security labels
[ Upstream commit 03fedf93593c82538b18476d8c4f0e8f8435ea70 ] When inode has no listxattr op of its own (e.g. squashfs) vfs_listxattr calls the LSM inode_listsecurity hooks to list the xattrs that LSMs will intercept in inode_getxattr hooks. When selinux LSM is installed but not initialized, it will list the security.selinux xattr in inode_listsecurity, but will not intercept it in inode_getxattr. This results in -ENODATA for a getxattr call for an xattr returned by listxattr. This situation was manifested as overlayfs failure to copy up lower files from squashfs when selinux is built-in but not initialized, because ovl_copy_xattr() iterates the lower inode xattrs by vfs_listxattr() and vfs_getxattr(). ovl_copy_xattr() skips copy up of security labels that are indentified by inode_copy_up_xattr LSM hooks, but it does that after vfs_getxattr(). Since we are not going to copy them, skip vfs_getxattr() of the security labels. Reported-by: Michael Labriola <michael.d.labriola@gmail.com> Tested-by: Michael Labriola <michael.d.labriola@gmail.com> Link: https://lore.kernel.org/linux-unionfs/2nv9d47zt7.fsf@aldarion.sourceruckus.org/ Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Miklos Szeredi
|
7b6887b4d0 |
ovl: perform vfs_getxattr() with mounter creds
[ Upstream commit 554677b97257b0b69378bd74e521edb7e94769ff ] The vfs_getxattr() in ovl_xattr_set() is used to check whether an xattr exist on a lower layer file that is to be removed. If the xattr does not exist, then no need to copy up the file. This call of vfs_getxattr() wasn't wrapped in credential override, and this is probably okay. But for consitency wrap this instance as well. Reported-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
aad61cec39 |
This is the 4.14.221 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmAjlg8ACgkQONu9yGCS aT5mCBAAzCiuoQqGE1Ht9npbPq4BHNgnVgKZQVjMUpo8Rhuqq+qEMQuNUMsgty9N 5Nyvsrxax6cNOFL7e3I+yfxj4+RZKF5Ami2Skovdn7ZfqC2RE30VeCVm+avR6z6j yKADjavbHCU3amPSZph5bKlFqN8DrZoqvKX3hAffYWAqEFxttKucnAuqFtYxZWVz kqmLQgoNJ7acXBqJWWPXxBRP6mr/HDGmiWEQsXOkgK7/R1AGwvHzvzcDagwE4lHJ oKH9l/xR/U7ePFK0y4Gvo3DkEl3t793Kaf7eyZeCxrztQmZn1UmdE4gZ/P2ofpRm gZu7bS9t1S5xhXv+OHLINscI2mFqKoYftS8KherFb6voHiT4YEpS9QY3EJBavED1 x9orBCFOkO/SBRARxiWbrGb1EBOshMsZvIxw84eFf5OVGUwP20PL+v6slx3tArA6 93HXwTF/dSCK0Xd63j2cFiCs/PqslbAUJRyGuyrA0Edh6imsOdBNdtGTrj70dLZ/ 3MeGA33MhEpAFQSx9up99zlaqDa901cZPgWRrsKa+YYmsmL+kmBnnu1pjMTSgcj8 wOvKfjZVnXl1IZGHaaudL4gxs4WF52qnbnOm7y3mElNmiBboB8Rqlw8ITeJyKpDY KHCAQUIBHGUg9x2Wb4IbkV9dIYnHMLtiY/OuqG8Alg8nvWgZqRI= =AvJ2 -----END PGP SIGNATURE----- Merge 4.14.221 into android-4.14-stable Changes in 4.14.221 USB: serial: cp210x: add pid/vid for WSDA-200-USB USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 USB: serial: option: Adding support for Cinterion MV31 Input: i8042 - unbreak Pegatron C15B arm64: dts: ls1046a: fix dcfg address range net: lapb: Copy the skb before sending a packet objtool: Support Clang non-section symbols in ORC generation elfcore: fix building with clang ipv4: fix race condition between route lookup and invalidation USB: gadget: legacy: fix an error code in eth_bind() USB: usblp: don't call usb_set_interface if there's a single alt usb: dwc2: Fix endpoint direction check in ep_from_windex ovl: fix dentry leak in ovl_get_redirect mac80211: fix station rate table updates on assoc kretprobe: Avoid re-registration of the same kretprobe earlier xhci: fix bounce buffer usage for non-sg list case cifs: report error instead of invalid when revalidating a dentry fails smb3: Fix out-of-bounds bug in SMB2_negotiate() mmc: core: Limit retries when analyse of SDIO tuples fails nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs ARM: footbridge: fix dc21285 PCI configuration accessors mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page mm: hugetlb: fix a race between isolating and freeing page mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active mm: thp: fix MADV_REMOVE deadlock on shmem THP x86/build: Disable CET instrumentation in the kernel x86/apic: Add extra serialization for non-serializing MSRs Input: xpad - sync supported devices with fork on GitHub iommu/vt-d: Do not use flush-queue when caching-mode is on net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add Linux 4.14.221 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I45c731e0b74b98bebd62fa7f932d1a44783ea5eb |
||
Liangyan
|
2ea09e6753 |
ovl: fix dentry leak in ovl_get_redirect
commit e04527fefba6e4e66492f122cf8cc6314f3cf3bf upstream.
We need to lock d_parent->d_lock before dget_dlock, or this may
have d_lockref updated parallelly like calltrace below which will
cause dentry->d_lockref leak and risk a crash.
CPU 0 CPU 1
ovl_set_redirect lookup_fast
ovl_get_redirect __d_lookup
dget_dlock
//no lock protection here spin_lock(&dentry->d_lock)
dentry->d_lockref.count++ dentry->d_lockref.count++
[ 49.799059] PGD 800000061fed7067 P4D 800000061fed7067 PUD 61fec5067 PMD 0
[ 49.799689] Oops: 0002 [#1] SMP PTI
[ 49.800019] CPU: 2 PID: 2332 Comm: node Not tainted 4.19.24-7.20.al7.x86_64 #1
[ 49.800678] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 8a46cfe 04/01/2014
[ 49.801380] RIP: 0010:_raw_spin_lock+0xc/0x20
[ 49.803470] RSP: 0018:ffffac6fc5417e98 EFLAGS: 00010246
[ 49.803949] RAX: 0000000000000000 RBX: ffff93b8da3446c0 RCX: 0000000a00000000
[ 49.804600] RDX: 0000000000000001 RSI: 000000000000000a RDI: 0000000000000088
[ 49.805252] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff993cf040
[ 49.805898] R10: ffff93b92292e580 R11: ffffd27f188a4b80 R12: 0000000000000000
[ 49.806548] R13: 00000000ffffff9c R14: 00000000fffffffe R15: ffff93b8da3446c0
[ 49.807200] FS: 00007ffbedffb700(0000) GS:ffff93b927880000(0000) knlGS:0000000000000000
[ 49.807935] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 49.808461] CR2: 0000000000000088 CR3: 00000005e3f74006 CR4: 00000000003606a0
[ 49.809113] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 49.809758] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 49.810410] Call Trace:
[ 49.810653] d_delete+0x2c/0xb0
[ 49.810951] vfs_rmdir+0xfd/0x120
[ 49.811264] do_rmdir+0x14f/0x1a0
[ 49.811573] do_syscall_64+0x5b/0x190
[ 49.811917] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 49.812385] RIP: 0033:0x7ffbf505ffd7
[ 49.814404] RSP: 002b:00007ffbedffada8 EFLAGS: 00000297 ORIG_RAX: 0000000000000054
[ 49.815098] RAX: ffffffffffffffda RBX: 00007ffbedffb640 RCX: 00007ffbf505ffd7
[ 49.815744] RDX: 0000000004449700 RSI: 0000000000000000 RDI: 0000000006c8cd50
[ 49.816394] RBP: 00007ffbedffaea0 R08: 0000000000000000 R09: 0000000000017d0b
[ 49.817038] R10: 0000000000000000 R11: 0000000000000297 R12: 0000000000000012
[ 49.817687] R13: 00000000072823d8 R14: 00007ffbedffb700 R15: 00000000072823d8
[ 49.818338] Modules linked in: pvpanic cirrusfb button qemu_fw_cfg atkbd libps2 i8042
[ 49.819052] CR2: 0000000000000088
[ 49.819368] ---[ end trace 4e652b8aa299aa2d ]---
[ 49.819796] RIP: 0010:_raw_spin_lock+0xc/0x20
[ 49.821880] RSP: 0018:ffffac6fc5417e98 EFLAGS: 00010246
[ 49.822363] RAX: 0000000000000000 RBX: ffff93b8da3446c0 RCX: 0000000a00000000
[ 49.823008] RDX: 0000000000000001 RSI: 000000000000000a RDI: 0000000000000088
[ 49.823658] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff993cf040
[ 49.825404] R10: ffff93b92292e580 R11: ffffd27f188a4b80 R12: 0000000000000000
[ 49.827147] R13: 00000000ffffff9c R14: 00000000fffffffe R15: ffff93b8da3446c0
[ 49.828890] FS: 00007ffbedffb700(0000) GS:ffff93b927880000(0000) knlGS:0000000000000000
[ 49.830725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 49.832359] CR2: 0000000000000088 CR3: 00000005e3f74006 CR4: 00000000003606a0
[ 49.834085] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 49.835792] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Cc: <stable@vger.kernel.org>
Fixes: a6c606551141 ("ovl: redirect on rename-dir")
Signed-off-by: Liangyan <liangyan.peng@linux.alibaba.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
Srinivasarao P
|
0190a01fb1 |
Merge android-4.14-stable.190 (d2d05bc) into msm-4.14
* refs/heads/tmp-d2d05bc:
Linux 4.14.190
ath9k: Fix regression with Atheros 9271
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
parisc: Add atomic64_set_release() define to avoid CPU soft lockups
io-mapping: indicate mapping failure
mm/memcg: fix refcount error while moving and swapping
Makefile: Fix GCC_TOOLCHAIN_DIR prefix for Clang cross compilation
vt: Reject zero-sized screen buffer size.
fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins.
serial: 8250_mtk: Fix high-speed baud rates clamping
serial: 8250: fix null-ptr-deref in serial8250_start_tx()
staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift
staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support
staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift
staging: wlan-ng: properly check endpoint types
Revert "cifs: Fix the target file was deleted when rename failed."
usb: xhci: Fix ASM2142/ASM3142 DMA addressing
usb: xhci-mtk: fix the failure of bandwidth allocation
binder: Don't use mmput() from shrinker function.
x86: math-emu: Fix up 'cmp' insn for clang ias
arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP
usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init()
Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen
dmaengine: ioat setting ioat timeout as module parameter
hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow
regmap: dev_get_regmap_match(): fix string comparison
spi: mediatek: use correct SPI_CFG2_REG MACRO
Input: add `SW_MACHINE_COVER`
dmaengine: tegra210-adma: Fix runtime PM imbalance on error
HID: apple: Disable Fn-key key-re-mapping on clone keyboards
HID: i2c-hid: add Mediacom FlexBook edge13 to descriptor override
scripts/decode_stacktrace: strip basepath from all paths
serial: exar: Fix GPIO configuration for Sealevel cards based on XR17V35X
bonding: check return value of register_netdevice() in bond_newlink()
i2c: rcar: always clear ICSAR to avoid side effects
ipvs: fix the connection sync failed in some cases
mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
bonding: check error value of register_netdevice() immediately
net: smc91x: Fix possible memory leak in smc_drv_probe()
drm: sun4i: hdmi: Fix inverted HPD result
net: dp83640: fix SIOCSHWTSTAMP to update the struct with actual configuration
ax88172a: fix ax88172a_unbind() failures
hippi: Fix a size used in a 'pci_free_consistent()' in an error handling path
bnxt_en: Fix race when modifying pause settings.
btrfs: fix page leaks after failure to lock page for delalloc
btrfs: fix mount failure caused by race with umount
btrfs: fix double free on ulist after backref resolution failure
ASoC: rt5670: Correct RT5670_LDO_SEL_MASK
ALSA: info: Drop WARN_ON() from buffer NULL sanity check
uprobes: Change handle_swbp() to send SIGTRAP with si_code=SI_KERNEL, to fix GDB regression
IB/umem: fix reference count leak in ib_umem_odp_get()
spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours
SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct IO compeletion")
irqdomain/treewide: Keep firmware node unconditionally allocated
drm/nouveau/i2c/g94-: increase NV_PMGR_DP_AUXCTL_TRANSACTREQ timeout
net: sky2: initialize return of gm_phy_read
drivers/net/wan/lapbether: Fixed the value of hard_header_len
xtensa: update *pos in cpuinfo_op.next
xtensa: fix __sync_fetch_and_{and,or}_4 declarations
scsi: scsi_transport_spi: Fix function pointer check
mac80211: allow rx of mesh eapol frames with default rx key
pinctrl: amd: fix npins for uart0 in kerncz_groups
gpio: arizona: put pm_runtime in case of failure
gpio: arizona: handle pm_runtime_get_sync failure case
ANDROID: Incremental fs: magic number compatible 32-bit
ANDROID: kbuild: don't merge .*..compoundliteral in modules
Revert "arm64/alternatives: use subsections for replacement sequences"
Linux 4.14.189
rxrpc: Fix trace string
libceph: don't omit recovery_deletes in target_copy()
x86/cpu: Move x86_cache_bits settings
sched/fair: handle case of task_h_load() returning 0
arm64: ptrace: Override SPSR.SS when single-stepping is enabled
thermal/drivers/cpufreq_cooling: Fix wrong frequency converted from power
misc: atmel-ssc: lock with mutex instead of spinlock
dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler
intel_th: pci: Add Emmitsburg PCH support
intel_th: pci: Add Tiger Lake PCH-H support
intel_th: pci: Add Jasper Lake CPU support
hwmon: (emc2103) fix unable to change fan pwm1_enable attribute
MIPS: Fix build for LTS kernel caused by backporting lpj adjustment
timer: Fix wheel index calculation on last level
uio_pdrv_genirq: fix use without device tree and no interrupt
Input: i8042 - add Lenovo XiaoXin Air 12 to i8042 nomux list
mei: bus: don't clean driver pointer
Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS
virtio: virtio_console: add missing MODULE_DEVICE_TABLE() for rproc serial
USB: serial: option: add Quectel EG95 LTE modem
USB: serial: option: add GosunCn GM500 series
USB: serial: ch341: add new Product ID for CH340
USB: serial: cypress_m8: enable Simply Automated UPB PIM
USB: serial: iuu_phoenix: fix memory corruption
usb: gadget: function: fix missing spinlock in f_uac1_legacy
usb: chipidea: core: add wakeup support for extcon
usb: dwc2: Fix shutdown callback in platform
USB: c67x00: fix use after free in c67x00_giveback_urb
ALSA: usb-audio: Fix race against the error recovery URB submission
ALSA: line6: Perform sanity check for each URB creation
HID: magicmouse: do not set up autorepeat
mtd: rawnand: oxnas: Release all devices in the _remove() path
mtd: rawnand: oxnas: Unregister all devices on error
mtd: rawnand: oxnas: Keep track of registered devices
mtd: rawnand: brcmnand: fix CS0 layout
perf stat: Zero all the 'ena' and 'run' array slot stats for interval mode
copy_xstate_to_kernel: Fix typo which caused GDB regression
ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema
Revert "thermal: mediatek: fix register index error"
staging: comedi: verify array index is correct before using it
usb: gadget: udc: atmel: fix uninitialized read in debug printk
spi: spi-sun6i: sun6i_spi_transfer_one(): fix setting of clock rate
arm64: dts: meson: add missing gxl rng clock
phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked
iio:health:afe4404 Fix timestamp alignment and prevent data leak.
ACPI: video: Use native backlight on Acer TravelMate 5735Z
ACPI: video: Use native backlight on Acer Aspire 5783z
mmc: sdhci: do not enable card detect interrupt for gpio cd type
doc: dt: bindings: usb: dwc3: Update entries for disabling SS instances in park mode
Revert "usb/xhci-plat: Set PM runtime as active on resume"
Revert "usb/ehci-platform: Set PM runtime as active on resume"
Revert "usb/ohci-platform: Fix a warning when hibernating"
of: of_mdio: Correct loop scanning logic
net: dsa: bcm_sf2: Fix node reference count
spi: fix initial SPI_SR value in spi-fsl-dspi
spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer
iio:health:afe4403 Fix timestamp alignment and prevent data leak.
iio:pressure:ms5611 Fix buffer element alignment
iio: pressure: zpa2326: handle pm_runtime_get_sync failure
iio: mma8452: Add missed iio_device_unregister() call in mma8452_probe()
iio: magnetometer: ak8974: Fix runtime PM imbalance on error
iio:humidity:hdc100x Fix alignment and data leak issues
iio:magnetometer:ak8974: Fix alignment and data leak issues
arm64/alternatives: don't patch up internal branches
arm64: alternative: Use true and false for boolean values
i2c: eg20t: Load module automatically if ID matches
gfs2: read-only mounts should grab the sd_freeze_gl glock
tpm_tis: extra chip->ops check on error path in tpm_tis_core_init
arm64/alternatives: use subsections for replacement sequences
drm/exynos: fix ref count leak in mic_pre_enable
cgroup: Fix sock_cgroup_data on big-endian.
cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
tcp: md5: do not send silly options in SYNCOOKIES
tcp: make sure listeners don't initialize congestion-control state
net_sched: fix a memory leak in atm_tc_init()
tcp: md5: allow changing MD5 keys in all socket states
tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers
tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key()
net: usb: qmi_wwan: add support for Quectel EG95 LTE modem
net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb
llc: make sure applications use ARPHRD_ETHER
l2tp: remove skb_dst_set() from l2tp_xmit_skb()
ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg
genetlink: remove genl_bind
s390/mm: fix huge pte soft dirty copying
ARC: elf: use right ELF_ARCH
ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE
dm: use noio when sending kobject event
drm/radeon: fix double free
btrfs: fix fatal extent_buffer readahead vs releasepage race
Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb"
KVM: x86: Mark CR4.TSD as being possibly owned by the guest
KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode
KVM: x86: bit 8 of non-leaf PDPEs is not reserved
KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART
KVM: arm64: Fix definition of PAGE_HYP_DEVICE
ALSA: usb-audio: add quirk for MacroSilicon MS2109
ALSA: hda - let hs_mic be picked ahead of hp_mic
ALSA: opl3: fix infoleak in opl3
mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON()
net: macb: mark device wake capable when "magic-packet" property present
bnxt_en: fix NULL dereference in case SR-IOV configuration fails
nbd: Fix memory leak in nbd_add_socket
arm64: kgdb: Fix single-step exception handling oops
ALSA: compress: fix partial_drain completion state
smsc95xx: avoid memory leak in smsc95xx_bind
smsc95xx: check return value of smsc95xx_reset
net: cxgb4: fix return error value in t4_prep_fw
x86/entry: Increase entry_stack size to a full page
nvme-rdma: assign completion vector correctly
scsi: mptscsih: Fix read sense data size
ARM: imx6: add missing put_device() call in imx6q_suspend_init()
cifs: update ctime and mtime during truncate
s390/kasan: fix early pgm check handler execution
ixgbe: protect ring accesses with READ- and WRITE_ONCE
spi: spidev: fix a potential use-after-free in spidev_release()
spi: spidev: fix a race between spidev_release and spidev_remove
gpu: host1x: Detach driver on unregister
ARM: dts: omap4-droid4: Fix spi configuration and increase rate
spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths
spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ
spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer
spi: spi-fsl-dspi: Adding shutdown hook
KVM: s390: reduce number of IO pins to 1
UPSTREAM: perf/core: Fix crash when using HW tracing kernel filters
ANDROID: fscrypt: fix DUN contiguity with inline encryption + IV_INO_LBLK_32 policies
ANDROID: f2fs: add back compress inode check
Linux 4.14.188
efi: Make it possible to disable efivar_ssdt entirely
dm zoned: assign max_io_len correctly
irqchip/gic: Atomically update affinity
MIPS: Add missing EHB in mtc0 -> mfc0 sequence for DSPen
cifs: Fix the target file was deleted when rename failed.
SMB3: Honor persistent/resilient handle flags for multiuser mounts
SMB3: Honor 'seal' flag for multiuser mounts
Revert "ALSA: usb-audio: Improve frames size computation"
nfsd: apply umask on fs without ACL support
i2c: algo-pca: Add 0x78 as SCL stuck low status for PCA9665
virtio-blk: free vblk-vqs in error path of virtblk_probe()
drm: sun4i: hdmi: Remove extra HPD polling
hwmon: (acpi_power_meter) Fix potential memory leak in acpi_power_meter_add()
hwmon: (max6697) Make sure the OVERT mask is set correctly
cxgb4: parse TC-U32 key values and masks natively
cxgb4: use unaligned conversion for fetching timestamp
crypto: af_alg - fix use-after-free in af_alg_accept() due to bh_lock_sock()
kgdb: Avoid suspicious RCU usage warning
usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
mm/slub: fix stack overruns with SLUB_STATS
mm/slub.c: fix corrupted freechain in deactivate_slab()
usbnet: smsc95xx: Fix use-after-free after removal
EDAC/amd64: Read back the scrub rate PCI register on F15h
mm: fix swap cache node allocation mask
btrfs: fix data block group relocation failure due to concurrent scrub
btrfs: cow_file_range() num_bytes and disk_num_bytes are same
btrfs: fix a block group ref counter leak after failure to remove block group
UPSTREAM: binder: fix null deref of proc->context
ANDROID: GKI: scripts: Makefile: update the lz4 command (#2)
Linux 4.14.187
Revert "tty: hvc: Fix data abort due to race in hvc_open"
xfs: add agf freeblocks verify in xfs_agf_verify
NFSv4 fix CLOSE not waiting for direct IO compeletion
pNFS/flexfiles: Fix list corruption if the mirror count changes
SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()
sunrpc: fixed rollback in rpc_gssd_dummy_populate()
Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate()
drm/radeon: fix fb_div check in ni_init_smc_spll_table()
tracing: Fix event trigger to accept redundant spaces
arm64: perf: Report the PC value in REGS_ABI_32 mode
ocfs2: fix panic on nfs server over ocfs2
ocfs2: fix value of OCFS2_INVALID_SLOT
ocfs2: load global_inode_alloc
mm/slab: use memzero_explicit() in kzfree()
btrfs: fix failure of RWF_NOWAIT write into prealloc extent beyond eof
KVM: nVMX: Plumb L2 GPA through to PML emulation
KVM: X86: Fix MSR range of APIC registers in X2APIC mode
ACPI: sysfs: Fix pm_profile_attr type
ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table
blktrace: break out of blktrace setup on concurrent calls
kbuild: improve cc-option to clean up all temporary files
s390/ptrace: fix setting syscall number
net: alx: fix race condition in alx_remove
ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function
sched/core: Fix PI boosting between RT and DEADLINE tasks
net: bcmgenet: use hardware padding of runt frames
netfilter: ipset: fix unaligned atomic access
usb: gadget: udc: Potential Oops in error handling code
ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram()
net: qed: fix excessive QM ILT lines consumption
net: qed: fix NVMe login fails over VFs
net: qed: fix left elements count calculation
RDMA/mad: Fix possible memory leak in ib_mad_post_receive_mads()
ASoC: rockchip: Fix a reference count leak.
RDMA/cma: Protect bind_list and listen_list while finding matching cm id
rxrpc: Fix handling of rwind from an ACK packet
ARM: dts: NSP: Correct FA2 mailbox node
efi/esrt: Fix reference count leak in esre_create_sysfs_entry.
cifs/smb3: Fix data inconsistent when zero file range
cifs/smb3: Fix data inconsistent when punch hole
xhci: Poll for U0 after disabling USB2 LPM
ALSA: usb-audio: Fix OOB access of mixer element list
ALSA: usb-audio: Clean up mixer element list traverse
ALSA: usb-audio: uac1: Invalidate ctl on interrupt
loop: replace kill_bdev with invalidate_bdev
cdc-acm: Add DISABLE_ECHO quirk for Microchip/SMSC chip
xhci: Fix enumeration issue when setting max packet size for FS devices.
xhci: Fix incorrect EP_STATE_MASK
ALSA: usb-audio: add quirk for Denon DCD-1500RE
usb: host: ehci-exynos: Fix error check in exynos_ehci_probe()
usb: host: xhci-mtk: avoid runtime suspend when removing hcd
USB: ehci: reopen solution for Synopsys HC bug
usb: add USB_QUIRK_DELAY_INIT for Logitech C922
usb: dwc2: Postponed gadget registration to the udc class driver
USB: ohci-sm501: Add missed iounmap() in remove
net: core: reduce recursion limit value
net: Do not clear the sock TX queue in sk_set_socket()
net: Fix the arp error in some cases
ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()
tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT
ip_tunnel: fix use-after-free in ip_tunnel_lookup()
tg3: driver sleeps indefinitely when EEH errors exceed eeh_max_freezes
tcp: grow window for OOO packets only for SACK flows
sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket
rxrpc: Fix notification call on completion of discarded calls
rocker: fix incorrect error handling in dma_rings_init
net: usb: ax88179_178a: fix packet alignment padding
net: fix memleak in register_netdevice()
net: bridge: enfore alignment for ethernet address
mld: fix memory leak in ipv6_mc_destroy_dev()
ibmveth: Fix max MTU limit
apparmor: don't try to replace stale label in ptraceme check
fix a braino in "sparc32: fix register window handling in genregs32_[gs]et()"
net: sched: export __netdev_watchdog_up()
block/bio-integrity: don't free 'buf' if bio_integrity_add_page() failed
net: be more gentle about silly gso requests coming from user
scsi: scsi_devinfo: handle non-terminated strings
ANDROID: Makefile: append BUILD_NUMBER to version string when defined
Linux 4.14.186
KVM: x86/mmu: Set mmio_value to '0' if reserved #PF can't be generated
kvm: x86: Fix reserved bits related calculation errors caused by MKTME
kvm: x86: Move kvm_set_mmio_spte_mask() from x86.c to mmu.c
md: add feature flag MD_FEATURE_RAID0_LAYOUT
net: core: device_rename: Use rwsem instead of a seqcount
sched/rt, net: Use CONFIG_PREEMPTION.patch
kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
e1000e: Do not wake up the system via WOL if device wakeup is disabled
kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
crypto: algboss - don't wait during notifier callback
crypto: algif_skcipher - Cap recv SG list at ctx->used
mtd: rawnand: tmio: Fix the probe error path
mtd: rawnand: mtk: Fix the probe error path
mtd: rawnand: plat_nand: Fix the probe error path
mtd: rawnand: socrates: Fix the probe error path
mtd: rawnand: oxnas: Fix the probe error path
mtd: rawnand: oxnas: Add of_node_put()
mtd: rawnand: orion: Fix the probe error path
mtd: rawnand: xway: Fix the probe error path
mtd: rawnand: sharpsl: Fix the probe error path
mtd: rawnand: diskonchip: Fix the probe error path
mtd: rawnand: Pass a nand_chip object to nand_release()
block: nr_sects_write(): Disable preemption on seqcount write
x86/boot/compressed: Relax sed symbol type regex for LLVM ld.lld
drm/dp_mst: Increase ACT retry timeout to 3s
ext4: fix partial cluster initialization when splitting extent
selinux: fix double free
drm/qxl: Use correct notify port address when creating cursor ring
drm/dp_mst: Reformat drm_dp_check_act_status() a bit
drm: encoder_slave: fix refcouting error for modules
libata: Use per port sync for detach
arm64: hw_breakpoint: Don't invoke overflow handler on uaccess watchpoints
block: Fix use-after-free in blkdev_get()
bcache: fix potential deadlock problem in btree_gc_coalesce
perf report: Fix NULL pointer dereference in hists__fprintf_nr_sample_events()
usb/ehci-platform: Set PM runtime as active on resume
usb/xhci-plat: Set PM runtime as active on resume
scsi: acornscsi: Fix an error handling path in acornscsi_probe()
drm/sun4i: hdmi ddc clk: Fix size of m divider
selftests/net: in timestamping, strncpy needs to preserve null byte
gfs2: fix use-after-free on transaction ail lists
blktrace: fix endianness for blk_log_remap()
blktrace: fix endianness in get_pdu_int()
blktrace: use errno instead of bi_status
selftests/vm/pkeys: fix alloc_random_pkey() to make it really random
elfnote: mark all .note sections SHF_ALLOC
include/linux/bitops.h: avoid clang shift-count-overflow warnings
lib/zlib: remove outdated and incorrect pre-increment optimization
geneve: change from tx_error to tx_dropped on missing metadata
crypto: omap-sham - add proper load balancing support for multicore
pinctrl: freescale: imx: Fix an error handling path in 'imx_pinctrl_probe()'
pinctrl: imxl: Fix an error handling path in 'imx1_pinctrl_core_probe()'
scsi: ufs: Don't update urgent bkops level when toggling auto bkops
scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
gfs2: Allow lock_nolock mount to specify jid=X
openrisc: Fix issue with argument clobbering for clone/fork
vfio/mdev: Fix reference count leak in add_mdev_supported_type
ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed
extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()'
powerpc/4xx: Don't unmap NULL mbase
NFSv4.1 fix rpc_call_done assignment for BIND_CONN_TO_SESSION
net: sunrpc: Fix off-by-one issues in 'rpc_ntop6'
scsi: ufs-qcom: Fix scheduling while atomic issue
clk: bcm2835: Fix return type of bcm2835_register_gate
x86/apic: Make TSC deadline timer detection message visible
usb: gadget: Fix issue with config_ep_by_speed function
usb: gadget: fix potential double-free in m66592_probe.
usb: gadget: lpc32xx_udc: don't dereference ep pointer before null check
USB: gadget: udc: s3c2410_udc: Remove pointless NULL check in s3c2410_udc_nuke
usb: dwc2: gadget: move gadget resume after the core is in L0 state
watchdog: da9062: No need to ping manually before setting timeout
IB/cma: Fix ports memory leak in cma_configfs
PCI/PTM: Inherit Switch Downstream Port PTM settings from Upstream Port
dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone
powerpc/64s/pgtable: fix an undefined behaviour
clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1
tty: n_gsm: Fix bogus i++ in gsm_data_kick
USB: host: ehci-mxc: Add error handling in ehci_mxc_drv_probe()
drm/msm/mdp5: Fix mdp5_init error path for failed mdp5_kms allocation
usb/ohci-platform: Fix a warning when hibernating
vfio-pci: Mask cap zero
powerpc/ps3: Fix kexec shutdown hang
powerpc/pseries/ras: Fix FWNMI_VALID off by one
tty: n_gsm: Fix waking up upper tty layer when room available
tty: n_gsm: Fix SOF skipping
PCI: Fix pci_register_host_bridge() device_register() error handling
clk: ti: composite: fix memory leak
dlm: remove BUG() before panic()
scsi: mpt3sas: Fix double free warnings
power: supply: smb347-charger: IRQSTAT_D is volatile
power: supply: lp8788: Fix an error handling path in 'lp8788_charger_probe()'
scsi: qla2xxx: Fix warning after FC target reset
PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges
PCI: rcar: Fix incorrect programming of OB windows
drivers: base: Fix NULL pointer exception in __platform_driver_probe() if a driver developer is foolish
serial: amba-pl011: Make sure we initialize the port.lock spinlock
i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output
staging: sm750fb: add missing case while setting FB_VISUAL
thermal/drivers/ti-soc-thermal: Avoid dereferencing ERR_PTR
tty: hvc: Fix data abort due to race in hvc_open
s390/qdio: put thinint indicator after early error
ALSA: usb-audio: Improve frames size computation
scsi: qedi: Do not flush offload work if ARP not resolved
staging: greybus: fix a missing-check bug in gb_lights_light_config()
scsi: ibmvscsi: Don't send host info in adapter info MAD after LPM
scsi: sr: Fix sr_probe() missing deallocate of device minor
apparmor: fix introspection of of task mode for unconfined tasks
mksysmap: Fix the mismatch of '.L' symbols in System.map
NTB: Fix the default port and peer numbers for legacy drivers
yam: fix possible memory leak in yam_init_driver
powerpc/crashkernel: Take "mem=" option into account
nfsd: Fix svc_xprt refcnt leak when setup callback client failed
powerpc/perf/hv-24x7: Fix inconsistent output values incase multiple hv-24x7 events run
clk: clk-flexgen: fix clock-critical handling
scsi: lpfc: Fix lpfc_nodelist leak when processing unsolicited event
mfd: wm8994: Fix driver operation if loaded as modules
m68k/PCI: Fix a memory leak in an error handling path
vfio/pci: fix memory leaks in alloc_perm_bits()
ps3disk: use the default segment boundary
PCI: aardvark: Don't blindly enable ASPM L0s and don't write to read-only register
dm mpath: switch paths in dm_blk_ioctl() code path
usblp: poison URBs upon disconnect
i2c: pxa: clear all master action bits in i2c_pxa_stop_message()
f2fs: report delalloc reserve as non-free in statfs for project quota
iio: bmp280: fix compensation of humidity
scsi: qla2xxx: Fix issue with adapter's stopping state
ALSA: isa/wavefront: prevent out of bounds write in ioctl
scsi: qedi: Check for buffer overflow in qedi_set_path()
ARM: integrator: Add some Kconfig selections
ASoC: davinci-mcasp: Fix dma_chan refcnt leak when getting dma type
backlight: lp855x: Ensure regulators are disabled on probe failure
clk: qcom: msm8916: Fix the address location of pll->config_reg
remoteproc: Fix IDR initialisation in rproc_alloc()
iio: pressure: bmp280: Tolerate IRQ before registering
i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets
clk: sunxi: Fix incorrect usage of round_down()
power: supply: bq24257_charger: Replace depends on REGMAP_I2C with select
drm/i915: Whitelist context-local timestamp in the gen9 cmdparser
s390: fix syscall_get_error for compat processes
ANDROID: ext4: Optimize match for casefolded encrypted dirs
ANDROID: ext4: Handle casefolding with encryption
ANDROID: cuttlefish_defconfig: x86: Enable KERNEL_LZ4
ANDROID: GKI: scripts: Makefile: update the lz4 command
FROMLIST: f2fs: fix use-after-free when accessing bio->bi_crypt_context
Linux 4.14.185
perf symbols: Fix debuginfo search for Ubuntu
perf probe: Fix to check blacklist address correctly
perf probe: Do not show the skipped events
w1: omap-hdq: cleanup to add missing newline for some dev_dbg
mtd: rawnand: pasemi: Fix the probe error path
mtd: rawnand: brcmnand: fix hamming oob layout
sunrpc: clean up properly in gss_mech_unregister()
sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations.
kbuild: force to build vmlinux if CONFIG_MODVERSION=y
powerpc/64s: Save FSCR to init_task.thread.fscr after feature init
powerpc/64s: Don't let DT CPU features set FSCR_DSCR
drivers/macintosh: Fix memleak in windfarm_pm112 driver
ARM: tegra: Correct PL310 Auxiliary Control Register initialization
kernel/cpu_pm: Fix uninitted local in cpu_pm
dm crypt: avoid truncating the logical block size
sparc64: fix misuses of access_process_vm() in genregs32_[sg]et()
sparc32: fix register window handling in genregs32_[gs]et()
pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs
power: vexpress: add suppress_bind_attrs to true
igb: Report speed and duplex as unknown when device is runtime suspended
media: ov5640: fix use of destroyed mutex
b43_legacy: Fix connection problem with WPA3
b43: Fix connection problem with WPA3
b43legacy: Fix case where channel status is corrupted
media: go7007: fix a miss of snd_card_free
carl9170: remove P2P_GO support
e1000e: Relax condition to trigger reset for ME workaround
e1000e: Disable TSO for buffer overrun workaround
PCI: Program MPS for RCiEP devices
blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call
btrfs: fix wrong file range cleanup after an error filling dealloc range
btrfs: fix error handling when submitting direct I/O bio
PCI: Unify ACS quirk desired vs provided checking
PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
PCI: Generalize multi-function power dependency device links
vga_switcheroo: Use device link for HDA controller
vga_switcheroo: Deduplicate power state tracking
PCI: Make ACS quirk implementations more uniform
PCI: Add ACS quirk for Ampere root ports
PCI: Add ACS quirk for iProc PAXB
PCI: Avoid FLR for AMD Starship USB 3.0
PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0
PCI: Disable MSI for Freescale Layerscape PCIe RC mode
ext4: fix race between ext4_sync_parent() and rename()
ext4: fix error pointer dereference
ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max
evm: Fix possible memory leak in evm_calc_hmac_or_hash()
ima: Directly assign the ima_default_policy pointer to ima_rules
ima: Fix ima digest hash table key calculation
mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
btrfs: send: emit file capabilities after chown
string.h: fix incompatibility between FORTIFY_SOURCE and KASAN
platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32()
cpuidle: Fix three reference count leaks
spi: dw: Return any value retrieved from the dma_transfer callback
mmc: sdhci-esdhc-imx: fix the mask for tuning start point
ixgbe: fix signed-integer-overflow warning
mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core
staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core
mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk
MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe()
PCI: Don't disable decoding when mmio_always_on is set
macvlan: Skip loopback packets in RX handler
m68k: mac: Don't call via_flush_cache() on Mac IIfx
x86/mm: Stop printing BRK addresses
mips: Add udelay lpj numbers adjustment
mips: MAAR: Use more precise address mask
x86/boot: Correct relocation destination on old linkers
mwifiex: Fix memory corruption in dump_station
rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup()
md: don't flush workqueue unconditionally in md_open
net: qed*: Reduce RX and TX default ring count when running inside kdump kernel
wcn36xx: Fix error handling path in 'wcn36xx_probe()'
nvme: refine the Qemu Identify CNS quirk
kgdb: Fix spurious true from in_dbg_master()
mips: cm: Fix an invalid error code of INTVN_*_ERR
MIPS: Truncate link address into 32bit for 32bit kernel
Crypto/chcr: fix for ccm(aes) failed test
powerpc/spufs: fix copy_to_user while atomic
net: allwinner: Fix use correct return type for ndo_start_xmit()
media: cec: silence shift wrapping warning in __cec_s_log_addrs()
net: lpc-enet: fix error return code in lpc_mii_init()
exit: Move preemption fixup up, move blocking operations down
lib/mpi: Fix 64-bit MIPS build with Clang
net: bcmgenet: set Rx mode before starting netif
netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported
audit: fix a net reference leak in audit_list_rules_send()
MIPS: Make sparse_init() using top-down allocation
media: platform: fcp: Set appropriate DMA parameters
media: dvb: return -EREMOTEIO on i2c transfer failure.
audit: fix a net reference leak in audit_send_reply()
dt-bindings: display: mediatek: control dpi pins mode to avoid leakage
e1000: Distribute switch variables for initialization
tools api fs: Make xxx__mountpoint() more scalable
brcmfmac: fix wrong location to get firmware feature
staging: android: ion: use vmap instead of vm_map_ram
net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss()
x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit
spi: dw: Fix Rx-only DMA transfers
ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE
btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums
clocksource: dw_apb_timer_of: Fix missing clockevent timers
clocksource: dw_apb_timer: Make CPU-affiliation being optional
spi: dw: Enable interrupts in accordance with DMA xfer mode
kgdb: Prevent infinite recursive entries to the debugger
Bluetooth: Add SCO fallback for invalid LMP parameters error
MIPS: Loongson: Build ATI Radeon GPU driver as module
ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
spi: dw: Zero DMA Tx and Rx configurations on stack
net: ena: fix error returning in ena_com_get_hash_function()
spi: pxa2xx: Apply CS clk quirk to BXT
objtool: Ignore empty alternatives
media: si2157: Better check for running tuner in init
crypto: ccp -- don't "select" CONFIG_DMADEVICES
drm: bridge: adv7511: Extend list of audio sample rates
ACPI: GED: use correct trigger type field in _Exx / _Lxx handling
xen/pvcalls-back: test for errors when calling backend_connect()
can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card()
mmc: sdhci-msm: Clear tuning done flag while hs400 tuning
agp/intel: Reinforce the barrier after GTT updates
perf: Add cond_resched() to task_function_call()
fat: don't allow to mount if the FAT length == 0
mm/slub: fix a memory leak in sysfs_slab_add()
Smack: slab-out-of-bounds in vsscanf
ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb
ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb
ath9k: Fix use-after-free Write in ath9k_htc_rx_msg
ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx
KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts
KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits
KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data)
KVM: nVMX: Consult only the "basic" exit reason when routing nested exit
KVM: nSVM: leave ASID aside in copy_vmcb_control_area
KVM: nSVM: fix condition for filtering async PF
video: fbdev: w100fb: Fix a potential double free.
proc: Use new_inode not new_inode_pseudo
ovl: initialize error in ovl_copy_xattr
selftests/net: in rxtimestamp getopt_long needs terminating null entry
crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req()
crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req()
crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req()
spi: bcm2835: Fix controller unregister order
spi: pxa2xx: Fix controller unregister order
spi: Fix controller unregister order
spi: No need to assign dummy value in spi_unregister_controller()
spi: dw: Fix controller unregister order
spi: dw: fix possible race condition
x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
x86/speculation: Add support for STIBP always-on preferred mode
x86/speculation: Change misspelled STIPB to STIBP
KVM: x86: only do L1TF workaround on affected processors
KVM: x86/mmu: Consolidate "is MMIO SPTE" code
kvm: x86: Fix L1TF mitigation for shadow MMU
ALSA: pcm: disallow linking stream to itself
crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated
spi: bcm-qspi: when tx/rx buffer is NULL set to 0
spi: bcm2835aux: Fix controller unregister order
nilfs2: fix null pointer dereference at nilfs_segctor_do_construct()
cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages
ACPI: PM: Avoid using power resources if there are none for D0
ACPI: GED: add support for _Exx / _Lxx handler methods
ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe()
ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile()
ALSA: usb-audio: Fix inconsistent card PM state after resume
ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines
ALSA: es1688: Add the missed snd_card_free()
efi/efivars: Add missing kobject_put() in sysfs entry creation error path
x86/reboot/quirks: Add MacBook6,1 reboot quirk
x86/speculation: Prevent rogue cross-process SSBD shutdown
x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs
x86_64: Fix jiffies ODR violation
mm: add kvfree_sensitive() for freeing sensitive data objects
perf probe: Accept the instance number of kretprobe event
ath9k_htc: Silence undersized packet warnings
powerpc/xive: Clear the page tables for the ESB IO mapping
drivers/net/ibmvnic: Update VNIC protocol version reporting
Input: synaptics - add a second working PNP_ID for Lenovo T470s
sched/fair: Don't NUMA balance for kthreads
ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook
crypto: talitos - fix ECB and CBC algs ivsize
serial: imx: Fix handling of TC irq in combination with DMA
lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user()
x86: uaccess: Inhibit speculation past access_ok() in user_access_begin()
arch/openrisc: Fix issues with access_ok()
Fix 'acccess_ok()' on alpha and SH
make 'user_access_begin()' do 'access_ok()'
vxlan: Avoid infinite loop when suppressing NS messages with invalid options
ipv6: fix IPV6_ADDRFORM operation logic
writeback: Drop I_DIRTY_TIME_EXPIRE
writeback: Fix sync livelock due to b_dirty_time processing
writeback: Avoid skipping inode writeback
writeback: Protect inode->i_io_list with inode->i_lock
Revert "writeback: Avoid skipping inode writeback"
ANDROID: Enable LZ4_RAMDISK
fscrypt: remove stale definition
fs-verity: remove unnecessary extern keywords
fs-verity: fix all kerneldoc warnings
fscrypt: add support for IV_INO_LBLK_32 policies
fscrypt: make test_dummy_encryption use v2 by default
fscrypt: support test_dummy_encryption=v2
fscrypt: add fscrypt_add_test_dummy_key()
linux/parser.h: add include guards
fscrypt: remove unnecessary extern keywords
fscrypt: name all function parameters
fscrypt: fix all kerneldoc warnings
ANDROID: kbuild: merge more sections with LTO
Linux 4.14.184
uprobes: ensure that uprobe->offset and ->ref_ctr_offset are properly aligned
iio: vcnl4000: Fix i2c swapped word reading.
x86/speculation: Add Ivy Bridge to affected list
x86/speculation: Add SRBDS vulnerability and mitigation documentation
x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation
x86/cpu: Add 'table' argument to cpu_matches()
x86/cpu: Add a steppings field to struct x86_cpu_id
nvmem: qfprom: remove incorrect write support
CDC-ACM: heed quirk also in error handling
staging: rtl8712: Fix IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK
tty: hvc_console, fix crashes on parallel open/close
vt: keyboard: avoid signed integer overflow in k_ascii
usb: musb: Fix runtime PM imbalance on error
usb: musb: start session in resume for host port
USB: serial: option: add Telit LE910C1-EUX compositions
USB: serial: usb_wwan: do not resubmit rx urb on fatal errors
USB: serial: qcserial: add DW5816e QDL support
l2tp: add sk_family checks to l2tp_validate_socket
net: check untrusted gso_size at kernel entry
vsock: fix timeout in vsock_accept()
NFC: st21nfca: add missed kfree_skb() in an error path
net: usb: qmi_wwan: add Telit LE910C1-EUX composition
l2tp: do not use inet_hash()/inet_unhash()
devinet: fix memleak in inetdev_init()
airo: Fix read overflows sending packets
scsi: ufs: Release clock if DMA map fails
mmc: fix compilation of user API
kernel/relay.c: handle alloc_percpu returning NULL in relay_open
p54usb: add AirVasT USB stick device-id
HID: i2c-hid: add Schneider SCL142ALM to descriptor override
HID: sony: Fix for broken buttons on DS3 USB dongles
mm: Fix mremap not considering huge pmd devmap
net: smsc911x: Fix runtime PM imbalance on error
net: ethernet: stmmac: Enable interface clocks on probe for IPQ806x
net/ethernet/freescale: rework quiesce/activate for ucc_geth
net: bmac: Fix read of MAC address from ROM
x86/mmiotrace: Use cpumask_available() for cpumask_var_t variables
i2c: altera: Fix race between xfer_msg and isr thread
ARC: [plat-eznps]: Restrict to CONFIG_ISA_ARCOMPACT
ARC: Fix ICCM & DCCM runtime size checks
pppoe: only process PADT targeted at local interfaces
s390/ftrace: save traced function caller
spi: dw: use "smp_mb()" to avoid sending spi data error
scsi: hisi_sas: Check sas_port before using it
libnvdimm: Fix endian conversion issues
scsi: scsi_devinfo: fixup string compare
ANDROID: Incremental fs: Remove dependency on PKCS7_MESSAGE_PARSER
f2fs: attach IO flags to the missing cases
f2fs: add node_io_flag for bio flags likewise data_io_flag
f2fs: remove unused parameter of f2fs_put_rpages_mapping()
f2fs: handle readonly filesystem in f2fs_ioc_shutdown()
f2fs: avoid utf8_strncasecmp() with unstable name
f2fs: don't return vmalloc() memory from f2fs_kmalloc()
ANDROID: dm-bow: Add block_size option
ANDROID: Incremental fs: Cache successful hash calculations
ANDROID: Incremental fs: Fix four error-path bugs
ANDROID: cuttlefish_defconfig: Disable CMOS RTC driver
f2fs: fix retry logic in f2fs_write_cache_pages()
ANDROID: modules: fix lockprove warning
BACKPORT: arm64: vdso: Explicitly add build-id option
BACKPORT: arm64: vdso: use $(LD) instead of $(CC) to link VDSO
Linux 4.14.183
scsi: zfcp: fix request object use-after-free in send path causing wrong traces
genirq/generic_pending: Do not lose pending affinity update
net: hns: Fixes the missing put_device in positive leg for roce reset
net: hns: fix unsigned comparison to less than zero
KVM: VMX: check for existence of secondary exec controls before accessing
rxrpc: Fix transport sockopts to get IPv4 errors on an IPv6 socket
sc16is7xx: move label 'err_spi' to correct section
mm/vmalloc.c: don't dereference possible NULL pointer in __vunmap()
netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build
bonding: Fix reference count leak in bond_sysfs_slave_add.
qlcnic: fix missing release in qlcnic_83xx_interrupt_test.
esp6: get the right proto for transport mode in esp6_gso_encap
netfilter: nf_conntrack_pptp: prevent buffer overflows in debug code
netfilter: nfnetlink_cthelper: unbreak userspace helper support
netfilter: ipset: Fix subcounter update skip
netfilter: nft_reject_bridge: enable reject with bridge vlan
ip_vti: receive ipip packet by calling ip_tunnel_rcv
vti4: eliminated some duplicate code.
xfrm: fix error in comment
xfrm: fix a NULL-ptr deref in xfrm_local_error
xfrm: fix a warning in xfrm_policy_insert_list
xfrm: call xfrm_output_gso when inner_protocol is set in xfrm_output
xfrm: allow to accept packets with ipv6 NEXTHDR_HOP in xfrm_input
copy_xstate_to_kernel(): don't leave parts of destination uninitialized
x86/dma: Fix max PFN arithmetic overflow on 32 bit systems
mac80211: mesh: fix discovery timer re-arming issue / crash
parisc: Fix kernel panic in mem_init()
iommu: Fix reference count leak in iommu_group_alloc.
include/asm-generic/topology.h: guard cpumask_of_node() macro argument
fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
mm: remove VM_BUG_ON(PageSlab()) from page_mapcount()
libceph: ignore pool overlay and cache logic on redirects
ALSA: hda/realtek - Add new codec supported for ALC287
exec: Always set cap_ambient in cap_bprm_set_creds
ALSA: usb-audio: mixer: volume quirk for ESS Technology Asus USB DAC
ALSA: hwdep: fix a left shifting 1 by 31 UB bug
RDMA/pvrdma: Fix missing pci disable in pvrdma_pci_probe()
mmc: block: Fix use-after-free issue for rpmb
ARM: dts: bcm2835-rpi-zero-w: Fix led polarity
ARM: dts/imx6q-bx50v3: Set display interface clock parents
ARM: dts: imx6q-bx50v3: Add internal switch
IB/qib: Call kobject_put() when kobject_init_and_add() fails
gpio: exar: Fix bad handling for ida_simple_get error path
ARM: uaccess: fix DACR mismatch with nested exceptions
ARM: uaccess: integrate uaccess_save and uaccess_restore
ARM: uaccess: consolidate uaccess asm to asm/uaccess-asm.h
ARM: 8843/1: use unified assembler in headers
Input: synaptics-rmi4 - fix error return code in rmi_driver_probe()
Input: synaptics-rmi4 - really fix attn_data use-after-free
Input: i8042 - add ThinkPad S230u to i8042 reset list
Input: dlink-dir685-touchkeys - fix a typo in driver name
Input: xpad - add custom init packet for Xbox One S controllers
Input: evdev - call input_flush_device() on release(), not flush()
Input: usbtouchscreen - add support for BonXeon TP
samples: bpf: Fix build error
cifs: Fix null pointer check in cifs_read
net: freescale: select CONFIG_FIXED_PHY where needed
usb: gadget: legacy: fix redundant initialization warnings
cachefiles: Fix race between read_waiter and read_copier involving op->to_do
gfs2: move privileged user check to gfs2_quota_lock_check
net: microchip: encx24j600: add missed kthread_stop
gpio: tegra: mask GPIO IRQs during IRQ shutdown
ARM: dts: rockchip: fix pinctrl sub nodename for spi in rk322x.dtsi
arm64: dts: rockchip: swap interrupts interrupt-names rk3399 gpu node
ARM: dts: rockchip: fix phy nodename for rk3228-evb
net/mlx4_core: fix a memory leak bug.
net: sun: fix missing release regions in cas_init_one().
net: qrtr: Fix passing invalid reference to qrtr_local_enqueue()
net/mlx5e: Update netdev txq on completions during closure
sctp: Start shutdown on association restart if in SHUTDOWN-SENT state and socket is closed
r8152: support additional Microsoft Surface Ethernet Adapter variant
net sched: fix reporting the first-time use timestamp
net: revert "net: get rid of an signed integer overflow in ip_idents_reserve()"
net/mlx5: Add command entry handling completion
net: ipip: fix wrong address family in init error path
ax25: fix setsockopt(SO_BINDTODEVICE)
ANDROID: scs: fix recursive spinlock in scs_check_usage
ANDROID: timer: fix timer_setup with CFI
FROMGIT: USB: dummy-hcd: use configurable endpoint naming scheme
UPSTREAM: USB: dummy-hcd: remove unsupported isochronous endpoints
UPSTREAM: usb: raw-gadget: fix null-ptr-deref when reenabling endpoints
UPSTREAM: usb: raw-gadget: documentation updates
UPSTREAM: usb: raw-gadget: support stalling/halting/wedging endpoints
UPSTREAM: usb: raw-gadget: fix gadget endpoint selection
UPSTREAM: usb: raw-gadget: improve uapi headers comments
UPSTREAM: usb: raw-gadget: fix return value of ep read ioctls
UPSTREAM: usb: raw-gadget: fix raw_event_queue_fetch locking
UPSTREAM: usb: raw-gadget: Fix copy_to/from_user() checks
f2fs: fix wrong discard space
f2fs: compress: don't compress any datas after cp stop
f2fs: remove unneeded return value of __insert_discard_tree()
f2fs: fix wrong value of tracepoint parameter
f2fs: protect new segment allocation in expand_inode_data
f2fs: code cleanup by removing ifdef macro surrounding
writeback: Avoid skipping inode writeback
ANDROID: net: bpf: permit redirect from ingress L3 to egress L2 devices at near max mtu
Revert "ANDROID: Incremental fs: Avoid continually recalculating hashes"
Linux 4.14.182
iio: adc: stm32-adc: fix device used to request dma
iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel()
x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks
rxrpc: Fix a memory leak in rxkad_verify_response()
rapidio: fix an error in get_user_pages_fast() error handling
mei: release me_cl object reference
iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()'
iio: sca3000: Remove an erroneous 'get_device()'
staging: greybus: Fix uninitialized scalar variable
staging: iio: ad2s1210: Fix SPI reading
Revert "gfs2: Don't demote a glock until its revokes are written"
cxgb4/cxgb4vf: Fix mac_hlist initialization and free
cxgb4: free mac_hlist properly
media: fdp1: Fix R-Car M3-N naming in debug message
libnvdimm/btt: Fix LBA masking during 'free list' population
libnvdimm/btt: Remove unnecessary code in btt_freelist_init
ubsan: build ubsan.c more conservatively
x86/uaccess, ubsan: Fix UBSAN vs. SMAP
powerpc/64s: Disable STRICT_KERNEL_RWX
powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE
powerpc: restore alphabetic order in Kconfig
dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()'
apparmor: Fix aa_label refcnt leak in policy_update
ALSA: pcm: fix incorrect hw_base increase
ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option
l2tp: initialise PPP sessions before registering them
l2tp: protect sock pointer of struct pppol2tp_session with RCU
l2tp: initialise l2tp_eth sessions before registering them
l2tp: don't register sessions in l2tp_session_create()
arm64: fix the flush_icache_range arguments in machine_kexec
padata: purge get_cpu and reorder_via_wq from padata_do_serial
padata: initialize pd->cpu with effective cpumask
padata: Replace delayed timer with immediate workqueue in padata_reorder
padata: set cpu_index of unused CPUs to -1
ARM: futex: Address build warning
platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA
USB: core: Fix misleading driver bug report
ceph: fix double unlock in handle_cap_export()
gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp()
x86/apic: Move TSC deadline timer debug printk
scsi: ibmvscsi: Fix WARN_ON during event pool release
component: Silence bind error on -EPROBE_DEFER
vhost/vsock: fix packet delivery order to monitoring devices
configfs: fix config_item refcnt leak in configfs_rmdir()
scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV
HID: multitouch: add eGalaxTouch P80H84 support
gcc-common.h: Update for GCC 10
ubi: Fix seq_file usage in detailed_erase_block_info debugfs file
i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()'
iommu/amd: Fix over-read of ACPI UID from IVRS table
fix multiplication overflow in copy_fdtable()
ima: Fix return value of ima_write_policy()
evm: Check also if *tfm is an error pointer in init_desc()
ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
padata: ensure padata_do_serial() runs on the correct CPU
padata: ensure the reorder timer callback runs on the correct CPU
i2c: dev: Fix the race between the release of i2c_dev and cdev
watchdog: Fix the race between the release of watchdog_core_data and cdev
ext4: add cond_resched() to ext4_protect_reserved_inode
ANDROID: scsi: ufs: Handle clocks when lrbp fails
ANDROID: fscrypt: handle direct I/O with IV_INO_LBLK_32
BACKPORT: FROMLIST: fscrypt: add support for IV_INO_LBLK_32 policies
f2fs: avoid inifinite loop to wait for flushing node pages at cp_error
ANDROID: namespace'ify tcp_default_init_rwnd implementation
Linux 4.14.181
Makefile: disallow data races on gcc-10 as well
KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
ARM: dts: r8a7740: Add missing extal2 to CPG node
ARM: dts: r8a73a4: Add missing CMT1 interrupts
arm64: dts: rockchip: Rename dwc3 device nodes on rk3399 to make dtc happy
arm64: dts: rockchip: Replace RK805 PMIC node name with "pmic" on rk3328 boards
Revert "ALSA: hda/realtek: Fix pop noise on ALC225"
usb: gadget: legacy: fix error return code in cdc_bind()
usb: gadget: legacy: fix error return code in gncm_bind()
usb: gadget: audio: Fix a missing error return value in audio_bind()
usb: gadget: net2272: Fix a memory leak in an error handling path in 'net2272_plat_probe()'
clk: rockchip: fix incorrect configuration of rk3228 aclk_gpu* clocks
exec: Move would_dump into flush_old_exec
x86/unwind/orc: Fix error handling in __unwind_start()
usb: xhci: Fix NULL pointer dereference when enqueuing trbs from urb sg list
USB: gadget: fix illegal array access in binding with UDC
usb: host: xhci-plat: keep runtime active when removing host
usb: core: hub: limit HUB_QUIRK_DISABLE_AUTOSUSPEND to USB5534B
ALSA: usb-audio: Add control message quirk delay for Kingston HyperX headset
x86: Fix early boot crash on gcc-10, third try
ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries
ARM: dts: dra7: Fix bus_dma_limit for PCIe
ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
ALSA: rawmidi: Initialize allocated buffers
ALSA: hda/realtek - Limit int mic boost for Thinkpad T530
net: tcp: fix rx timestamp behavior for tcp_recvmsg
netprio_cgroup: Fix unlimited memory leak of v2 cgroups
net: ipv4: really enforce backoff for redirects
net: dsa: loop: Add module soft dependency
hinic: fix a bug of ndo_stop
Revert "ipv6: add mtu lock check in __ip6_rt_update_pmtu"
net: phy: fix aneg restart in phy_ethtool_set_eee
netlabel: cope with NULL catmap
net: fix a potential recursive NETDEV_FEAT_CHANGE
net: phy: micrel: Use strlcpy() for ethtool::get_strings
x86/asm: Add instruction suffixes to bitops
gcc-10: avoid shadowing standard library 'free()' in crypto
gcc-10: disable 'restrict' warning for now
gcc-10: disable 'stringop-overflow' warning for now
gcc-10: disable 'array-bounds' warning for now
gcc-10: disable 'zero-length-bounds' warning for now
Stop the ad-hoc games with -Wno-maybe-initialized
kbuild: compute false-positive -Wmaybe-uninitialized cases in Kconfig
gcc-10 warnings: fix low-hanging fruit
pnp: Use list_for_each_entry() instead of open coding
hwmon: (da9052) Synchronize access with mfd
IB/mlx4: Test return value of calls to ib_get_cached_pkey
netfilter: conntrack: avoid gcc-10 zero-length-bounds warning
i40iw: Fix error handling in i40iw_manage_arp_cache()
pinctrl: cherryview: Add missing spinlock usage in chv_gpio_irq_handler
pinctrl: baytrail: Enable pin configuration setting for GPIO chip
ipmi: Fix NULL pointer dereference in ssif_probe
x86/entry/64: Fix unwind hints in register clearing code
ALSA: hda/realtek - Fix S3 pop noise on Dell Wyse
ipc/util.c: sysvipc_find_ipc() incorrectly updates position index
drm/qxl: lost qxl_bo_kunmap_atomic_page in qxl_image_init_helper()
ALSA: hda/hdmi: fix race in monitor detection during probe
cpufreq: intel_pstate: Only mention the BIOS disabling turbo mode once
dmaengine: mmp_tdma: Reset channel error on release
dmaengine: pch_dma.c: Avoid data race between probe and irq handler
scsi: sg: add sg_remove_request in sg_write
virtio-blk: handle block_device_operations callbacks after hot unplug
drop_monitor: work around gcc-10 stringop-overflow warning
net: moxa: Fix a potential double 'free_irq()'
net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'
shmem: fix possible deadlocks on shmlock_user_lock
net: stmmac: Use mutex instead of spinlock
f2fs: fix to avoid memory leakage in f2fs_listxattr
f2fs: fix to avoid accessing xattr across the boundary
f2fs: sanity check of xattr entry size
f2fs: introduce read_xattr_block
f2fs: introduce read_inline_xattr
blktrace: fix dereference after null check
blktrace: Protect q->blk_trace with RCU
blktrace: fix trace mutex deadlock
blktrace: fix unlocked access to init/start-stop/teardown
net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
net: ipv6: add net argument to ip6_dst_lookup_flow
scripts/decodecode: fix trapping instruction formatting
objtool: Fix stack offset tracking for indirect CFAs
netfilter: nat: never update the UDP checksum when it's 0
x86/unwind/orc: Fix error path for bad ORC entry type
x86/unwind/orc: Prevent unwinding before ORC initialization
x86/unwind/orc: Don't skip the first frame for inactive tasks
x86/entry/64: Fix unwind hints in rewind_stack_do_exit()
x86/entry/64: Fix unwind hints in kernel exit path
batman-adv: Fix refcnt leak in batadv_v_ogm_process
batman-adv: Fix refcnt leak in batadv_store_throughput_override
batman-adv: Fix refcnt leak in batadv_show_throughput_override
batman-adv: fix batadv_nc_random_weight_tq
coredump: fix crash when umh is disabled
mm/page_alloc: fix watchdog soft lockups during set_zone_contiguous()
KVM: arm: vgic: Fix limit condition when writing to GICD_I[CS]ACTIVER
tracing: Add a vmalloc_sync_mappings() for safe measure
USB: serial: garmin_gps: add sanity checking for data length
USB: uas: add quirk for LaCie 2Big Quadra
HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
geneve: only configure or fill UDP_ZERO_CSUM6_RX/TX info when CONFIG_IPV6
HID: wacom: Read HID_DG_CONTACTMAX directly for non-generic devices
ipv6: fix cleanup ordering for ip6_mr failure
net: stricter validation of untrusted gso packets
bnxt_en: Fix VF anti-spoof filter setup.
bnxt_en: Improve AER slot reset.
net/mlx5: Fix command entry leak in Internal Error State
net/mlx5: Fix forced completion access non initialized command entry
bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features().
sch_sfq: validate silly quantum values
sch_choke: avoid potential panic in choke_reset()
net: usb: qmi_wwan: add support for DW5816e
net/mlx4_core: Fix use of ENOSPC around mlx4_counter_alloc()
net: macsec: preserve ingress frame ordering
fq_codel: fix TCA_FQ_CODEL_DROP_BATCH_SIZE sanity checks
dp83640: reverse arguments to list_add_tail
USB: serial: qcserial: Add DW5816e support
f2fs: compress: fix zstd data corruption
f2fs: add compressed/gc data read IO stat
f2fs: fix potential use-after-free issue
f2fs: compress: don't handle non-compressed data in workqueue
f2fs: remove redundant assignment to variable err
f2fs: refactor resize_fs to avoid meta updates in progress
f2fs: use round_up to enhance calculation
f2fs: introduce F2FS_IOC_RESERVE_COMPRESS_BLOCKS
f2fs: Avoid double lock for cp_rwsem during checkpoint
f2fs: report delalloc reserve as non-free in statfs for project quota
f2fs: Fix wrong stub helper update_sit_info
f2fs: compress: let lz4 compressor handle output buffer budget properly
f2fs: remove blk_plugging in block_operations
f2fs: introduce F2FS_IOC_RELEASE_COMPRESS_BLOCKS
f2fs: shrink spinlock coverage
f2fs: correctly fix the parent inode number during fsync()
f2fs: introduce mempool for {,de}compress intermediate page allocation
f2fs: introduce f2fs_bmap_compress()
f2fs: support fiemap on compressed inode
f2fs: support partial truncation on compressed inode
f2fs: remove redundant compress inode check
f2fs: flush dirty meta pages when flushing them
f2fs: use strcmp() in parse_options()
f2fs: fix checkpoint=disable:%u%%
f2fs: Use the correct style for SPDX License Identifier
f2fs: rework filename handling
f2fs: split f2fs_d_compare() from f2fs_match_name()
f2fs: don't leak filename in f2fs_try_convert_inline_dir()
ANDROID: clang: update to 11.0.1
FROMLIST: x86_64: fix jiffies ODR violation
ANDROID: cuttlefish_defconfig: Enable net testing options
ANDROID: Incremental fs: wake up log pollers less often
ANDROID: Incremental fs: Fix scheduling while atomic error
ANDROID: Incremental fs: Avoid continually recalculating hashes
Revert "f2fs: refactor resize_fs to avoid meta updates in progress"
UPSTREAM: HID: steam: Fix input device disappearing
ANDROID: fscrypt: set dun_bytes more precisely
ANDROID: dm-default-key: set dun_bytes more precisely
ANDROID: block: backport the ability to specify max_dun_bytes
ANDROID: hid: steam: remove BT controller matching
ANDROID: dm-default-key: Update key size for wrapped keys
ANDROID: cuttlefish_defconfig: Enable CONFIG_STATIC_USERMODEHELPER
ANDROID: cuttlefish_defconfig: enable CONFIG_MMC_CRYPTO
ANDROID: Add padding for crypto related structs in UFS and MMC
ANDROID: mmc: MMC crypto API
f2fs: fix missing check for f2fs_unlock_op
f2fs: refactor resize_fs to avoid meta updates in progress
Conflicts:
Documentation/devicetree/bindings/usb/dwc3.txt
drivers/block/virtio_blk.c
drivers/mmc/core/Kconfig
drivers/mmc/core/block.c
drivers/mmc/host/sdhci-msm.c
drivers/net/ethernet/stmicro/stmmac/stmmac.h
drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c
drivers/net/ethernet/stmicro/stmmac/stmmac_main.c
drivers/scsi/ufs/ufs-qcom.c
drivers/usb/gadget/composite.c
drivers/usb/gadget/function/f_uac1_legacy.c
fs/crypto/crypto.c
fs/crypto/inline_crypt.c
fs/crypto/keyring.c
fs/f2fs/checkpoint.c
include/linux/fs.h
include/linux/mmc/host.h
include/linux/mod_devicetable.h
include/uapi/linux/input-event-codes.h
net/qrtr/qrtr.c
sound/core/compress_offload.c
sound/core/rawmidi.c
Fixed build errors:
drivers/scsi/ufs/ufshcd.c
Change-Id: I2add911b58d3c87b666ffa0fe46cbceb6cc56430
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
d6d7b18f40 |
This is the 4.14.185 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl7tx/EACgkQONu9yGCS aT4/ABAApnoLXN+Drzomi5DYYQoVyf+4sTgIHSks4Q7S0TggPYLH/UcYAkqxgmjd Lj3VKcCSZqoR6gCeTLK34DSxlKezvxKI/u5LVjdRVdyWc4W2y3InqYBGikPeuGfW Ud4E2pGe/NgoZ0jf6dxkIxQx3DqtrsY0742MTCG3BNEYo4B4HMcN0LEUEFtwSjqj e1LpE8sCX2MhfvAzCvajBhNlIv4Sdgr47+52yhxjS8h04D6rq92jGsdjUjw5Oqtt wPIf2v1zxFq3QkPf3pYW5e/FsfzzDk3pIs1bQ4TnoJkAGfI52eBTjekdRSU0TOiG U7RBXsVFCEcB/ec5WkiNzUhK4+SpEuO3SDa6u7OVlQ2wGTT/c1k1prJL0AdXwUJn NYqOe1WZpXORajLYbVNAQwvbTN3Chho5FI9w+WoU/WvmzxelqXAUCSTsqEhNV8oS ZBWu6anawL8C9d0aYsq1DeV2CMEPmQPWp9HeiNtZgl0ZKkZlqBcxW2dccq9h8PH4 xqRImk+owbKsT0NV3dV150Q41nc2rTQd2jyGeoA+iek17/XDxWT9ICArA+YfBhx1 uf+dNPyl8g8ATvTZaS7su/Q7T2rsgBc64DO5R+jtTp4QRgl/N2b4QyewfjusrRXA x3Ckq0oA9ZOcfLs9IAoTD5L1mmwSaYUa6fhiZHhop2daUPUbAgE= =BJUs -----END PGP SIGNATURE----- Merge 4.14.185 into android-4.14-stable Changes in 4.14.185 ipv6: fix IPV6_ADDRFORM operation logic vxlan: Avoid infinite loop when suppressing NS messages with invalid options make 'user_access_begin()' do 'access_ok()' Fix 'acccess_ok()' on alpha and SH arch/openrisc: Fix issues with access_ok() x86: uaccess: Inhibit speculation past access_ok() in user_access_begin() lib: Reduce user_access_begin() boundaries in strncpy_from_user() and strnlen_user() serial: imx: Fix handling of TC irq in combination with DMA crypto: talitos - fix ECB and CBC algs ivsize ARM: 8977/1: ptrace: Fix mask for thumb breakpoint hook sched/fair: Don't NUMA balance for kthreads Input: synaptics - add a second working PNP_ID for Lenovo T470s drivers/net/ibmvnic: Update VNIC protocol version reporting powerpc/xive: Clear the page tables for the ESB IO mapping ath9k_htc: Silence undersized packet warnings perf probe: Accept the instance number of kretprobe event mm: add kvfree_sensitive() for freeing sensitive data objects x86_64: Fix jiffies ODR violation x86/PCI: Mark Intel C620 MROMs as having non-compliant BARs x86/speculation: Prevent rogue cross-process SSBD shutdown x86/reboot/quirks: Add MacBook6,1 reboot quirk efi/efivars: Add missing kobject_put() in sysfs entry creation error path ALSA: es1688: Add the missed snd_card_free() ALSA: hda/realtek - add a pintbl quirk for several Lenovo machines ALSA: usb-audio: Fix inconsistent card PM state after resume ACPI: sysfs: Fix reference count leak in acpi_sysfs_add_hotplug_profile() ACPI: CPPC: Fix reference count leak in acpi_cppc_processor_probe() ACPI: GED: add support for _Exx / _Lxx handler methods ACPI: PM: Avoid using power resources if there are none for D0 cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() spi: bcm2835aux: Fix controller unregister order spi: bcm-qspi: when tx/rx buffer is NULL set to 0 crypto: cavium/nitrox - Fix 'nitrox_get_first_device()' when ndevlist is fully iterated ALSA: pcm: disallow linking stream to itself kvm: x86: Fix L1TF mitigation for shadow MMU KVM: x86/mmu: Consolidate "is MMIO SPTE" code KVM: x86: only do L1TF workaround on affected processors x86/speculation: Change misspelled STIPB to STIBP x86/speculation: Add support for STIBP always-on preferred mode x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. spi: dw: fix possible race condition spi: dw: Fix controller unregister order spi: No need to assign dummy value in spi_unregister_controller() spi: Fix controller unregister order spi: pxa2xx: Fix controller unregister order spi: bcm2835: Fix controller unregister order crypto: virtio: Fix use-after-free in virtio_crypto_skcipher_finalize_req() crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() selftests/net: in rxtimestamp getopt_long needs terminating null entry ovl: initialize error in ovl_copy_xattr proc: Use new_inode not new_inode_pseudo video: fbdev: w100fb: Fix a potential double free. KVM: nSVM: fix condition for filtering async PF KVM: nSVM: leave ASID aside in copy_vmcb_control_area KVM: nVMX: Consult only the "basic" exit reason when routing nested exit KVM: MIPS: Define KVM_ENTRYHI_ASID to cpu_asid_mask(&boot_cpu_data) KVM: MIPS: Fix VPN2_MASK definition for variable cpu_vmbits KVM: arm64: Make vcpu_cp1x() work on Big Endian hosts ath9k: Fix use-after-free Read in ath9k_wmi_ctrl_rx ath9k: Fix use-after-free Write in ath9k_htc_rx_msg ath9x: Fix stack-out-of-bounds Write in ath9k_hif_usb_rx_cb ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb Smack: slab-out-of-bounds in vsscanf mm/slub: fix a memory leak in sysfs_slab_add() fat: don't allow to mount if the FAT length == 0 perf: Add cond_resched() to task_function_call() agp/intel: Reinforce the barrier after GTT updates mmc: sdhci-msm: Clear tuning done flag while hs400 tuning mmc: sdio: Fix potential NULL pointer error in mmc_sdio_init_card() can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices xen/pvcalls-back: test for errors when calling backend_connect() ACPI: GED: use correct trigger type field in _Exx / _Lxx handling drm: bridge: adv7511: Extend list of audio sample rates crypto: ccp -- don't "select" CONFIG_DMADEVICES media: si2157: Better check for running tuner in init objtool: Ignore empty alternatives spi: pxa2xx: Apply CS clk quirk to BXT net: ena: fix error returning in ena_com_get_hash_function() spi: dw: Zero DMA Tx and Rx configurations on stack ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K MIPS: Loongson: Build ATI Radeon GPU driver as module Bluetooth: Add SCO fallback for invalid LMP parameters error kgdb: Prevent infinite recursive entries to the debugger spi: dw: Enable interrupts in accordance with DMA xfer mode clocksource: dw_apb_timer: Make CPU-affiliation being optional clocksource: dw_apb_timer_of: Fix missing clockevent timers btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums ARM: 8978/1: mm: make act_mm() respect THREAD_SIZE spi: dw: Fix Rx-only DMA transfers x86/kvm/hyper-v: Explicitly align hcall param for kvm_hyperv_exit net: vmxnet3: fix possible buffer overflow caused by bad DMA value in vmxnet3_get_rss() staging: android: ion: use vmap instead of vm_map_ram brcmfmac: fix wrong location to get firmware feature tools api fs: Make xxx__mountpoint() more scalable e1000: Distribute switch variables for initialization dt-bindings: display: mediatek: control dpi pins mode to avoid leakage audit: fix a net reference leak in audit_send_reply() media: dvb: return -EREMOTEIO on i2c transfer failure. media: platform: fcp: Set appropriate DMA parameters MIPS: Make sparse_init() using top-down allocation audit: fix a net reference leak in audit_list_rules_send() netfilter: nft_nat: return EOPNOTSUPP if type or flags are not supported net: bcmgenet: set Rx mode before starting netif lib/mpi: Fix 64-bit MIPS build with Clang exit: Move preemption fixup up, move blocking operations down net: lpc-enet: fix error return code in lpc_mii_init() media: cec: silence shift wrapping warning in __cec_s_log_addrs() net: allwinner: Fix use correct return type for ndo_start_xmit() powerpc/spufs: fix copy_to_user while atomic Crypto/chcr: fix for ccm(aes) failed test MIPS: Truncate link address into 32bit for 32bit kernel mips: cm: Fix an invalid error code of INTVN_*_ERR kgdb: Fix spurious true from in_dbg_master() nvme: refine the Qemu Identify CNS quirk wcn36xx: Fix error handling path in 'wcn36xx_probe()' net: qed*: Reduce RX and TX default ring count when running inside kdump kernel md: don't flush workqueue unconditionally in md_open rtlwifi: Fix a double free in _rtl_usb_tx_urb_setup() mwifiex: Fix memory corruption in dump_station x86/boot: Correct relocation destination on old linkers mips: MAAR: Use more precise address mask mips: Add udelay lpj numbers adjustment x86/mm: Stop printing BRK addresses m68k: mac: Don't call via_flush_cache() on Mac IIfx macvlan: Skip loopback packets in RX handler PCI: Don't disable decoding when mmio_always_on is set MIPS: Fix IRQ tracing when call handle_fpe() and handle_msa_fpe() mmc: sdhci-msm: Set SDHCI_QUIRK_MULTIBLOCK_READ_ACMD12 quirk staging: greybus: sdio: Respect the cmd->busy_timeout from the mmc core mmc: via-sdmmc: Respect the cmd->busy_timeout from the mmc core ixgbe: fix signed-integer-overflow warning mmc: sdhci-esdhc-imx: fix the mask for tuning start point spi: dw: Return any value retrieved from the dma_transfer callback cpuidle: Fix three reference count leaks platform/x86: hp-wmi: Convert simple_strtoul() to kstrtou32() string.h: fix incompatibility between FORTIFY_SOURCE and KASAN btrfs: send: emit file capabilities after chown mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() ima: Fix ima digest hash table key calculation ima: Directly assign the ima_default_policy pointer to ima_rules evm: Fix possible memory leak in evm_calc_hmac_or_hash() ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max ext4: fix error pointer dereference ext4: fix race between ext4_sync_parent() and rename() PCI: Disable MSI for Freescale Layerscape PCIe RC mode PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 PCI: Avoid FLR for AMD Starship USB 3.0 PCI: Add ACS quirk for iProc PAXB PCI: Add ACS quirk for Ampere root ports PCI: Make ACS quirk implementations more uniform vga_switcheroo: Deduplicate power state tracking vga_switcheroo: Use device link for HDA controller PCI: Generalize multi-function power dependency device links PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints PCI: Unify ACS quirk desired vs provided checking btrfs: fix error handling when submitting direct I/O bio btrfs: fix wrong file range cleanup after an error filling dealloc range blk-mq: move _blk_mq_update_nr_hw_queues synchronize_rcu call PCI: Program MPS for RCiEP devices e1000e: Disable TSO for buffer overrun workaround e1000e: Relax condition to trigger reset for ME workaround carl9170: remove P2P_GO support media: go7007: fix a miss of snd_card_free b43legacy: Fix case where channel status is corrupted b43: Fix connection problem with WPA3 b43_legacy: Fix connection problem with WPA3 media: ov5640: fix use of destroyed mutex igb: Report speed and duplex as unknown when device is runtime suspended power: vexpress: add suppress_bind_attrs to true pinctrl: samsung: Save/restore eint_mask over suspend for EINT_TYPE GPIOs sparc32: fix register window handling in genregs32_[gs]et() sparc64: fix misuses of access_process_vm() in genregs32_[sg]et() dm crypt: avoid truncating the logical block size kernel/cpu_pm: Fix uninitted local in cpu_pm ARM: tegra: Correct PL310 Auxiliary Control Register initialization drivers/macintosh: Fix memleak in windfarm_pm112 driver powerpc/64s: Don't let DT CPU features set FSCR_DSCR powerpc/64s: Save FSCR to init_task.thread.fscr after feature init kbuild: force to build vmlinux if CONFIG_MODVERSION=y sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations. sunrpc: clean up properly in gss_mech_unregister() mtd: rawnand: brcmnand: fix hamming oob layout mtd: rawnand: pasemi: Fix the probe error path w1: omap-hdq: cleanup to add missing newline for some dev_dbg perf probe: Do not show the skipped events perf probe: Fix to check blacklist address correctly perf symbols: Fix debuginfo search for Ubuntu Linux 4.14.185 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ifd3a6f3d9643a42802ed8f061a548a5c5ffcb109 |
||
Yuxuan Shui
|
abe82c85d7 |
ovl: initialize error in ovl_copy_xattr
commit 520da69d265a91c6536c63851cbb8a53946974f0 upstream. In ovl_copy_xattr, if all the xattrs to be copied are overlayfs private xattrs, the copy loop will terminate without assigning anything to the error variable, thus returning an uninitialized value. If ovl_copy_xattr is called from ovl_clear_empty, this uninitialized error value is put into a pointer by ERR_PTR(), causing potential invalid memory accesses down the line. This commit initialize error with 0. This is the correct value because when there's no xattr to copy, because all xattrs are private, ovl_copy_xattr should succeed. This bug is discovered with the help of INIT_STACK_ALL and clang. Signed-off-by: Yuxuan Shui <yshuiv7@gmail.com> Link: https://bugs.chromium.org/p/chromium/issues/detail?id=1050405 Fixes: 0956254a2d5b ("ovl: don't copy up opaqueness") Cc: stable@vger.kernel.org # v4.8 Signed-off-by: Alexander Potapenko <glider@google.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Srinivasarao P
|
8241b06f7c |
Merge android-4.14.159 (f960b38) into msm-4.14
* refs/heads/tmp-f960b38: Linux 4.14.159 of: unittest: fix memory leak in attach_node_and_children raid5: need to set STRIPE_HANDLE for batch head gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist kernel/module.c: wakeup processes in module_wq on module unload gfs2: fix glock reference problem in gfs2_trans_remove_revoke net/mlx5e: Fix SFF 8472 eeprom length sunrpc: fix crash when cache_head become valid before update workqueue: Fix missing kfree(rescuer) in destroy_workqueue() blk-mq: make sure that line break can be printed mfd: rk808: Fix RK818 ID template ext4: fix a bug in ext4_wait_for_tail_page_commit mm/shmem.c: cast the type of unmap_start to u64 firmware: qcom: scm: Ensure 'a0' status code is treated as signed ext4: work around deleting a file with i_nlink == 0 safely powerpc: Fix vDSO clock_getres() powerpc: Avoid clang warnings around setjmp and longjmp ath10k: fix fw crash by moving chip reset after napi disabled media: vimc: fix component match compare mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead power: supply: cpcap-battery: Fix signed counter sample register x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait drbd: Change drbd_request_detach_interruptible's return type to int scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE scsi: lpfc: Cap NPIV vports to 256 omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251 phy: renesas: rcar-gen3-usb2: Fix sysfs interface of "role" iio: adis16480: Add debugfs_reg_access entry xhci: make sure interrupts are restored to correct state xhci: Fix memory leak in xhci_add_in_port() scsi: qla2xxx: Fix message indicating vectors used by driver scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() scsi: qla2xxx: Fix session lookup in qlt_abort_work() scsi: qla2xxx: Fix DMA unmap leak scsi: zfcp: trace channel log even for FCP command responses block: fix single range discard merge reiserfs: fix extended attributes on the root directory ext4: Fix credit estimate for final inode freeing quota: fix livelock in dquot_writeback_dquots ext2: check err when partial != NULL quota: Check that quota is not dirty before release video/hdmi: Fix AVI bar unpack powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts powerpc: Allow flush_icache_range to work across ranges >4GB powerpc/xive: Prevent page fault issues in the machine crash handler powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB ppdev: fix PPGETTIME/PPSETTIME ioctls ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init pinctrl: samsung: Fix device node refcount leaks in init code pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init pinctrl: samsung: Add of_node_put() before return in error path ACPI: PM: Avoid attaching ACPI PM domain to certain devices ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() ACPI: OSL: only free map once in osl.c cpufreq: powernv: fix stack bloat and hard limit on number of CPUs PM / devfreq: Lock devfreq in trans_stat_show intel_th: pci: Add Tiger Lake CPU support intel_th: pci: Add Ice Lake CPU support intel_th: Fix a double put_device() in error path cpuidle: Do not unset the driver if it is there already media: cec.h: CEC_OP_REC_FLAG_ values were swapped media: radio: wl1273: fix interrupt masking on release media: bdisp: fix memleak on release s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported ar5523: check NULL before memcpy() in ar5523_cmd() cgroup: pids: use atomic64_t for pids->limit blk-mq: avoid sysfs buffer overflow with too many CPU cores ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report workqueue: Fix pwq ref leak in rescuer_thread() workqueue: Fix spurious sanity check failures in destroy_workqueue() dm zoned: reduce overhead of backing device checks hwrng: omap - Fix RNG wait loop timeout watchdog: aspeed: Fix clock behaviour for ast2600 md/raid0: Fix an error message in raid0_make_request() ALSA: hda - Fix pending unsol events at shutdown ovl: relax WARN_ON() on rename to self lib: raid6: fix awk build warnings rtlwifi: rtl8192de: Fix missing enable interrupt flag rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address btrfs: record all roots for rename exchange on a subvol Btrfs: send, skip backreference walking for extents with many references btrfs: Remove btrfs_bio::flags member Btrfs: fix negative subv_writers counter and data space leak after buffered write btrfs: use refcount_inc_not_zero in kill_all_nodes btrfs: check page->mapping when loading free space cache usb: dwc3: ep0: Clear started flag on completion virtio-balloon: fix managed page counts when migrating pages between zones mtd: spear_smi: Fix Write Burst mode tpm: add check after commands attribs tab allocation usb: mon: Fix a deadlock in usbmon between mmap and read usb: core: urb: fix URB structure initialization function USB: adutux: fix interface sanity check USB: serial: io_edgeport: fix epic endpoint lookup USB: idmouse: fix interface sanity checks USB: atm: ueagle-atm: add missing endpoint check iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting ARM: dts: pandora-common: define wl1251 as child node of mmc3 xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour. xhci: Increase STS_HALT timeout in xhci_suspend() usb: xhci: only set D3hot for pci device staging: gigaset: add endpoint-type sanity check staging: gigaset: fix illegal free on probe errors staging: gigaset: fix general protection fault on probe staging: rtl8712: fix interface sanity check staging: rtl8188eu: fix interface sanity check usb: Allow USB device to be warm reset in suspended state USB: documentation: flags on usb-storage versus UAS USB: uas: heed CAPACITY_HEURISTICS USB: uas: honor flag to avoid CAPACITY16 media: venus: remove invalid compat_ioctl32 handler scsi: qla2xxx: Fix driver unload hang usb: gadget: pch_udc: fix use after free usb: gadget: configfs: Fix missing spin_lock_init() appletalk: Set error code if register_snap_client failed appletalk: Fix potential NULL pointer dereference in unregister_snap_client KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) ASoC: rsnd: fixup MIX kctrl registration binder: Handle start==NULL in binder_update_page_range() thermal: Fix deadlock in thermal thermal_zone_device_check iomap: Fix pipe page leakage during splicing RDMA/qib: Validate ->show()/store() callbacks before calling them spi: atmel: Fix CS high support crypto: user - fix memory leak in crypto_report crypto: ecdh - fix big endian bug in ECC library crypto: ccp - fix uninitialized list head crypto: af_alg - cast ki_complete ternary op to int crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES KVM: x86: do not modify masked bits of shared MSRs KVM: arm/arm64: vgic: Don't rely on the wrong pending table drm/i810: Prevent underflow in ioctl jbd2: Fix possible overflow in jbd2_log_space_left() kernfs: fix ino wrap-around detection can: slcan: Fix use-after-free Read in slcan_open tty: vt: keyboard: reject invalid keycodes CIFS: Fix SMB2 oplock break processing CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect Input: Fix memory leak in psxpad_spi_probe coresight: etm4x: Fix input validation for sysfs. Input: goodix - add upside-down quirk for Teclast X89 tablet Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus ALSA: hda - Add mute led support for HP ProBook 645 G4 ALSA: pcm: oss: Avoid potential buffer overflows ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 fuse: verify attributes fuse: verify nlink sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision tcp: exit if nothing to retransmit on RTO timeout net: aquantia: fix RSS table and key sizes media: vimc: fix start stream when link is disabled ARM: dts: sunxi: Fix PMU compatible strings usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler mlx4: Use snprintf instead of complicated strcpy IB/hfi1: Close VNIC sdma_progress sleep window IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state mlxsw: spectrum_router: Relax GRE decap matching check firmware: qcom: scm: fix compilation error when disabled media: stkwebcam: Bugfix for wrong return values tty: Don't block on IO when ldisc change is pending nfsd: Return EPERM, not EACCES, in some SETATTR cases MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition clk: renesas: r8a77995: Correct parent clock of DU powerpc/math-emu: Update macros from GCC pstore/ram: Avoid NULL deref in ftrace merging failure path net/mlx4_core: Fix return codes of unsupported operations dlm: fix invalid cluster name warning ARM: dts: realview: Fix some more duplicate regulator nodes clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent ARM: dts: pxa: clean up USB controller nodes mtd: fix mtd_oobavail() incoherent returned value kbuild: fix single target build for external module modpost: skip ELF local symbols during section mismatch check tcp: fix SNMP TCP timeout under-estimation tcp: fix SNMP under-estimation on failed retransmission tcp: fix off-by-one bug on aborting window-probing socket ARM: dts: realview-pbx: Fix duplicate regulator nodes ARM: dts: mmp2: fix the gpio interrupt cell number net/x25: fix null_x25_address handling net/x25: fix called/calling length calculation in x25_parse_address_block arm64: dts: meson-gxl-khadas-vim: fix GPIO lines names arm64: dts: meson-gxbb-odroidc2: fix GPIO lines names arm64: dts: meson-gxbb-nanopi-k2: fix GPIO lines names arm64: dts: meson-gxl-libretech-cc: fix GPIO lines names ARM: OMAP1/2: fix SoC name printing ASoC: au8540: use 64-bit arithmetic instead of 32-bit nfsd: fix a warning in __cld_pipe_upcall() ARM: debug: enable UART1 for socfpga Cyclone5 dlm: NULL check before kmem_cache_destroy is not needed ARM: dts: sun8i: v3s: Change pinctrl nodes to avoid warning ARM: dts: sun5i: a10s: Fix HDMI output DTC warning ASoC: rsnd: tidyup registering method for rsnd_kctrl_new() lockd: fix decoding of TEST results i2c: imx: don't print error message on probe defer serial: imx: fix error handling in console_setup altera-stapl: check for a null key before strcasecmp'ing it dma-mapping: fix return type of dma_set_max_seg_size() sparc: Correct ctx->saw_frame_pointer logic. f2fs: fix to allow node segment for GC by ioctl path ARM: dts: rockchip: Assign the proper GPIO clocks for rv1108 ARM: dts: rockchip: Fix the PMU interrupt number for rv1108 f2fs: change segment to section in f2fs_ioc_gc_range f2fs: fix count of seg_freed to make sec_freed correct ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() usb: dwc3: don't log probe deferrals; but do log other error codes usb: dwc3: debugfs: Properly print/set link state for HS dmaengine: dw-dmac: implement dma protection control setting dmaengine: coh901318: Remove unused variable dmaengine: coh901318: Fix a double-lock bug media: cec: report Vendor ID after initialization media: pulse8-cec: return 0 when invalidating the logical address ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module rtc: dt-binding: abx80x: fix resistance scale rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning net/smc: use after free fix in smc_wr_tx_put_slot() MIPS: OCTEON: octeon-platform: fix typing iomap: sub-block dio needs to zeroout beyond EOF net-next/hinic:fix a bug in set mac address regulator: Fix return value of _set_load() stub clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 clk: rockchip: fix I2S1 clock gate register for rk3328 mm/vmstat.c: fix NUMA statistics updates Staging: iio: adt7316: Fix i2c data reading, set the data field pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues crypto: bcm - fix normal/non key hash algorithm failure crypto: ecc - check for invalid values in the key verification test scsi: zfcp: drop default switch case which might paper over missing case net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 MIPS: SiByte: Enable ZONE_DMA32 for LittleSur dlm: fix missing idr_destroy for recover_idr ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering clk: rockchip: fix rk3188 sclk_smc gate data i40e: don't restart nway if autoneg not supported rtc: s3c-rtc: Avoid using broken ALMYEAR register net: ethernet: ti: cpts: correct debug for expired txq skb extcon: max8997: Fix lack of path setting in USB device mode dlm: fix possible call to kfree() for non-initialized pointer clk: sunxi-ng: a64: Fix gate bit of DSI DPHY net/mlx5: Release resource on error flow ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ iwlwifi: mvm: Send non offchannel traffic via AP sta iwlwifi: mvm: synchronize TID queue removal cxgb4vf: fix memleak in mac_hlist initialization serial: core: Allow processing sysrq at port unlock time i2c: core: fix use after free in of_i2c_notify net: ep93xx_eth: fix mismatch of request_mem_region in remove rsxx: add missed destroy_workqueue calls in remove ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() sched/core: Avoid spurious lock dependencies Input: cyttsp4_core - fix use after free bug xfrm: release device reference for invalid state NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error audit_get_nd(): don't unlock parent too early exportfs_decode_fh(): negative pinned may become positive without the parent locked iwlwifi: pcie: don't consider IV len in A-MSDU RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN autofs: fix a leak in autofs_expire_indirect() serial: ifx6x60: add missed pm_runtime_disable serial: serial_core: Perform NULL checks for break_ctl ops serial: pl011: Fix DMA ->flush_buffer() tty: serial: msm_serial: Fix flow control tty: serial: fsl_lpuart: use the sg count from dma_map_sg usb: gadget: u_serial: add missing port entry locking arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator rsi: release skb if rsi_prepare_beacon fails ANDROID: staging: android: ion: Fix build when CONFIG_ION_SYSTEM_HEAP=n ANDROID: staging: android: ion: Expose total heap and pool sizes via sysfs UPSTREAM: include/linux/slab.h: fix sparse warning in kmalloc_type() UPSTREAM: mm, slab: shorten kmalloc cache names for large sizes UPSTREAM: mm, proc: add KReclaimable to /proc/meminfo BACKPORT: mm: rename and change semantics of nr_indirectly_reclaimable_bytes UPSTREAM: dcache: allocate external names from reclaimable kmalloc caches BACKPORT: mm, slab/slub: introduce kmalloc-reclaimable caches UPSTREAM: mm, slab: combine kmalloc_caches and kmalloc_dma_caches ANDROID: kbuild: disable SCS by default in allmodconfig ANDROID: arm64: cuttlefish_defconfig: enable LTO, CFI, and SCS BACKPORT: FROMLIST: arm64: implement Shadow Call Stack FROMLIST: arm64: disable SCS for hypervisor code BACKPORT: FROMLIST: arm64: vdso: disable Shadow Call Stack FROMLIST: arm64: preserve x18 when CPU is suspended FROMLIST: arm64: reserve x18 from general allocation with SCS FROMLIST: arm64: disable function graph tracing with SCS FROMLIST: scs: add support for stack usage debugging FROMLIST: scs: add accounting FROMLIST: add support for Clang's Shadow Call Stack (SCS) FROMLIST: arm64: kernel: avoid x18 in __cpu_soft_restart FROMLIST: arm64: kvm: stop treating register x18 as caller save FROMLIST: arm64/lib: copy_page: avoid x18 register in assembler code FROMLIST: arm64: mm: avoid x18 in idmap_kpti_install_ng_mappings ANDROID: use non-canonical CFI jump tables ANDROID: arm64: add __nocfi to __apply_alternatives ANDROID: arm64: add __pa_function ANDROID: arm64: allow ThinLTO to be selected ANDROID: soc/tegra: disable ARCH_TEGRA_210_SOC with LTO FROMLIST: arm64: fix alternatives with LLVM's integrated assembler ANDROID: irqchip/gic-v3: rename gic_of_init to work around a ThinLTO+CFI bug ANDROID: kbuild: limit LTO inlining ANDROID: kbuild: merge module sections with LTO ANDROID: init: ensure initcall ordering with LTO Revert "ANDROID: HACK: init: ensure initcall ordering with LTO" ANDROID: add support for ThinLTO ANDROID: Switch to LLD ANDROID: clang: update to 10.0.1 ANDROID: arm64: add atomic_ll_sc.o to obj-y if using lld ANDROID: enable ARM64_ERRATUM_843419 by default with LTO_CLANG ANDROID: kbuild: allow lld to be used with CONFIG_LTO_CLANG ANDROID: Makefile: set -Qunused-arguments sooner BACKPORT: FROMLIST: Makefile: lld: tell clang to use lld BACKPORT: FROMLIST: Makefile: lld: set -O2 linker flag when linking with LLD ANDROID: scripts/Kbuild: add ld-name support for ld.lld UPSTREAM: bpf: permit multiple bpf attachments for a single perf event UPSTREAM: bpf: use the same condition in perf event set/free bpf handler UPSTREAM: bpf: multi program support for cgroup+bpf BACKPORT: serdev: make synchronous write return bytes written UPSTREAM: gnss: serial: fix synchronous write timeout UPSTREAM: gnss: fix potential error pointer dereference BACKPORT: gnss: add receiver type support UPSTREAM: dt-bindings: add generic gnss binding UPSTREAM: gnss: add generic serial driver ANDROID: cuttlefish_defconfig: Enable CONFIG_SERIAL_DEV_BUS ANDROID: cuttlefish_defconfig: Enable CONFIG_GNSS BACKPORT: gnss: add GNSS receiver subsystem UPSTREAM: arm64: Validate tagged addresses in access_ok() called from kernel threads BACKPORT: ARM: 8905/1: Emit __gnu_mcount_nc when using Clang 10.0.0 or newer fs/lock: skip lock owner pid translation in case we are in init_pid_ns f2fs: stop GC when the victim becomes fully valid f2fs: expose main_blkaddr in sysfs f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project() f2fs: Fix deadlock in f2fs_gc() context during atomic files handling f2fs: show f2fs instance in printk_ratelimited f2fs: fix potential overflow f2fs: fix to update dir's i_pino during cross_rename f2fs: support aligned pinned file f2fs: avoid kernel panic on corruption test f2fs: fix wrong description in document f2fs: cache global IPU bio f2fs: fix to avoid memory leakage in f2fs_listxattr f2fs: check total_segments from devices in raw_super f2fs: update multi-dev metadata in resize_fs f2fs: mark recovery flag correctly in read_raw_super_block() f2fs: fix to update time in lazytime mode vfs: don't allow writes to swap files mm: set S_SWAPFILE on blockdev swap devices Conflicts: drivers/Makefile drivers/staging/android/ion/ion.c drivers/staging/android/ion/ion.h drivers/staging/android/ion/ion_page_pool.c drivers/usb/dwc3/core.c drivers/usb/dwc3/debugfs.c drivers/usb/dwc3/ep0.c fs/f2fs/data.c include/linux/mmzone.h mm/vmstat.c Discarded below patches, as usb patches not applicable and block patch causing stability issues: usb: dwc3: ep0: Clear started flag on completion usb: dwc3: don't log probe deferrals; but do log other error codes block: fix single range discard merge Fixed build errors in below files: drivers/gpu/msm/kgsl_pool.c drivers/staging/android/ion/ion_page_pool.c kernel/taskstats.c Fixed bootup issue in: arch/arm64/mm/proc.s Change-Id: I0a16824c251c14c63af78f9cfd9ede5e82c427fc Signed-off-by: Srinivasarao P <spathi@codeaurora.org> Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
Blagovest Kolenichev
|
524ff247af |
Merge android-4.14-q.153 (56ab794) into msm-4.14
* refs/heads/tmp-56ab794: Linux 4.14.153 selftests/powerpc: Fix compile error on tlbie_test due to newer gcc selftests/powerpc: Add test case for tlbie vs mtpidr ordering issue powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag powerpc/book3s64/mm: Don't do tlbie fixup for some hardware revisions powerpc/mm: Fixup tlbie vs store ordering issue on POWER9 iio: adc: stm32-adc: fix a race when using several adcs with dma and irq iio: adc: stm32-adc: move registers definitions platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table kbuild: add -fcf-protection=none when using retpoline flags kbuild: use -fmacro-prefix-map to make __FILE__ a relative path sched/wake_q: Fix wakeup ordering for wake_q dmaengine: qcom: bam_dma: Fix resource leak net/flow_dissector: switch to siphash inet: stop leaking jiffies on the wire erspan: fix the tun_info options_len check for erspan vxlan: check tun_info options_len properly net: use skb_queue_empty_lockless() in busy poll contexts net: use skb_queue_empty_lockless() in poll() handlers udp: use skb_queue_empty_lockless() net: add skb_queue_empty_lockless() net: bcmgenet: reset 40nm EPHY on energy detect net: dsa: fix switch tree list r8152: add device id for Lenovo ThinkPad USB-C Dock Gen 2 net: usb: lan78xx: Connect PHY before registering MAC net: dsa: b53: Do not clear existing mirrored port mask net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget net: add READ_ONCE() annotation in __skb_wait_for_more_packets() udp: fix data-race in udp_set_dev_scratch() selftests: net: reuseport_dualstack: fix uninitalized parameter net: Zeroing the structure ethtool_wolinfo in ethtool_get_wol() net/mlx4_core: Dynamically set guaranteed amount of counters per VF net: hisilicon: Fix ping latency when deal with high throughput net: fix sk_page_frag() recursion from memory reclaim net: ethernet: ftgmac100: Fix DMA coherency issue with SW checksum net: dsa: bcm_sf2: Fix IMP setup for port different than 8 net: annotate lockless accesses to sk->sk_napi_id net: annotate accesses to sk->sk_incoming_cpu dccp: do not leak jiffies on the wire cxgb4: fix panic when attaching to ULD fail nbd: handle racing with error'ed out commands cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs i2c: stm32f7: remove warning when compiling with W=1 MIPS: bmips: mark exception vectors as char arrays of: unittest: fix memory leak in unittest_data_add ARM: 8926/1: v7m: remove register save to stack before svc scsi: target: core: Do not overwrite CDB byte 1 ARM: davinci: dm365: Fix McBSP dma_slave_map entry perf kmem: Fix memory leak in compact_gfp_flags() perf c2c: Fix memory leak in build_cl_output() ARM: dts: imx7s: Correct GPT's ipg clock source scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE scsi: sni_53c710: fix compilation error scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions ARM: mm: fix alignment handler faults under memory pressure pinctrl: ns2: Fix off by one bugs in ns2_pinmux_enable() ARM: dts: logicpd-torpedo-som: Remove twl_keypad ASoc: rockchip: i2s: Fix RPM imbalance ASoC: wm_adsp: Don't generate kcontrols without READ flags regulator: pfuze100-regulator: Variable "val" in pfuze100_regulator_probe() could be uninitialized regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone arm64: dts: Fix gpio to pinmux mapping ANDROID: overlayfs: fix printk format Change-Id: Ic95f2a41e415e4db8078dcaa3180f956986fc1ed Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Blagovest Kolenichev
|
d00a7c7600 |
Merge android-4.14-q.152 (e986400) into msm-4.14
* refs/heads/tmp-e986400:
arm64: Do not mask out PTE_RDONLY in pte_same()
Linux 4.14.152
Revert "ALSA: hda: Flush interrupts on disabling"
ALSA: timer: Fix mutex deadlock at releasing card
ALSA: timer: Simplify error path in snd_timer_open()
xfs: Correctly invert xfs_buftarg LRU isolation logic
sctp: not bind the socket in sctp_connect
sctp: fix the issue that flags are ignored when using kernel_connect
sch_netem: fix rcu splat in netem_enqueue()
net: usb: sr9800: fix uninitialized local variable
bonding: fix potential NULL deref in bond_update_slave_arr
NFC: pn533: fix use-after-free and memleaks
rxrpc: Fix call ref leak
llc: fix sk_buff leak in llc_conn_service()
llc: fix sk_buff leak in llc_sap_state_process()
dmaengine: cppi41: Fix cppi41_dma_prep_slave_sg() when idle
rtlwifi: Fix potential overflow on P2P code
arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default
s390/idle: fix cpu idle time calculation
s390/cmm: fix information leak in cmm_timeout_handler()
nl80211: fix validation of mesh path nexthop
HID: fix error message in hid_open_report()
HID: Fix assumption that devices have inputs
HID: i2c-hid: add Trekstor Primebook C11B to descriptor override
scsi: target: cxgbit: Fix cxgbit_fw4_ack()
USB: serial: whiteheat: fix line-speed endianness
USB: serial: whiteheat: fix potential slab corruption
USB: ldusb: fix control-message timeout
USB: ldusb: fix ring-buffer locking
usb-storage: Revert commit 747668dbc061 ("usb-storage: Set virt_boundary_mask to avoid SG overflows")
USB: gadget: Reject endpoints with 0 maxpacket value
UAS: Revert commit 3ae62a42090f ("UAS: fix alignment of scatter/gather segments")
ALSA: hda/realtek - Add support for ALC623
ALSA: hda/realtek - Fix 2 front mics of codec 0x623
ALSA: bebob: Fix prototype of helper function to return negative value
fuse: truncate pending writes on O_TRUNC
fuse: flush dirty data/metadata before non-truncate setattr
ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
thunderbolt: Use 32-bit writes when writing ring producer/consumer
net_sched: check cops->tcf_block in tc_bind_tclass()
USB: legousbtower: fix a signedness bug in tower_probe()
nbd: verify socket is supported during setup
tracing: Initialize iter->seq after zeroing in tracing_read_pipe()
s390/uaccess: avoid (false positive) compiler warnings
NFSv4: Fix leak of clp->cl_acceptor string
nbd: fix possible sysfs duplicate warning
MIPS: fw: sni: Fix out of bounds init of o32 stack
MIPS: include: Mark __xchg as __always_inline
perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp
sched/vtime: Fix guest/system mis-accounting on task switch
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_info_scan_inode_alloc()
fs: ocfs2: fix a possible null-pointer dereference in ocfs2_write_end_nolock()
fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()
ocfs2: clear zero in unaligned direct IO
x86/xen: Return from panic notifier
MIPS: include: Mark __cmpxchg as __always_inline
efi/x86: Do not clean dummy variable in kexec path
efi/cper: Fix endianness of PCIe class code
serial: mctrl_gpio: Check for NULL pointer
fs: cifs: mute -Wunused-const-variable message
gpio: max77620: Use correct unit for debounce times
tty: n_hdlc: fix build on SPARC
tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()'
arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 #1542419
nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
HID: hyperv: Use in-place iterator API in the channel callback
RDMA/iwcm: Fix a lock inversion issue
RDMA/hfi1: Prevent memory leak in sdma_init
staging: rtl8188eu: fix null dereference when kzalloc fails
perf jevents: Fix period for Intel fixed counters
perf map: Fix overlapped map handling
perf tests: Avoid raising SEGV using an obvious NULL dereference
libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature
iio: fix center temperature of bmc150-accel-core
iio: adc: meson_saradc: Fix memory allocation order
power: supply: max14656: fix potential use-after-free
PCI/PME: Fix possible use-after-free on remove
exec: load_script: Do not exec truncated interpreter path
media: vimc: Remove unused but set variables
ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume
mlxsw: spectrum: Set LAG port collector only when active
rtc: pcf8523: set xtal load capacitance from DT
usb: handle warm-reset port requests on hub resume
HID: Add ASUS T100CHI keyboard dock battery quirks
scripts/setlocalversion: Improve -dirty check with git-status --no-optional-locks
clk: boston: unregister clks on failure in clk_boston_setup()
HID: i2c-hid: Add Odys Winbook 13 to descriptor override
x86/cpu: Add Atom Tremont (Jacobsville)
HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override
powerpc/powernv: hold device_hotplug_lock when calling memtrace_offline_pages()
sc16is7xx: Fix for "Unexpected interrupt: 8"
scsi: lpfc: Fix a duplicate 0711 log message number.
f2fs: flush quota blocks after turnning it off
dm: Use kzalloc for all structs with embedded biosets/mempools
dm snapshot: rework COW throttling to fix deadlock
dm snapshot: introduce account_start_copy() and account_end_copy()
dm snapshot: use mutex instead of rw_semaphore
zram: fix race between backing_dev_show and backing_dev_store
ANDROID: overlayfs: internal getxattr operations without sepolicy checking
ANDROID: overlayfs: add __get xattr method
ANDROID: Add optional __get xattr method paired to __vfs_getxattr
Conflicts:
fs/overlayfs/namei.c
Change-Id: I39c3365b62b5d55eab2896897532ab065c786c50
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
f960b38ecc |
This is the 4.14.159 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl35LxUACgkQONu9yGCS aT4dLRAAn62JwQdXIRD51BSeXOCxH/oTba3lec9YCf7ttnQojnBKg4Fzxps4R0eH a32uSWOfEb9P7CIIlSAKTx6XPJ3TAmsFjUO1KmO0kbMVmUw6G3yb0g/96/tNjSUt xJwyhYSasQDMmxV/5HvrkCbobeHP1Gf+eacKWfJHaVOUo1UXaW+25A++I5fYOdhn vrcHmJyJAQN38beSOVLDUJ+VXTyEO5ZUG+Pe7IwK1QiOF4JfWoIddCdxxyynT5PR R54x+xPLsaiFXQEjlVIATIsr9KgR3is4utpfSd7MYGxCD7yV4VNrZZighVKBIlV8 39K0zmcpbSIu3PHvxVGxpdjTzPWErPKH6tjHJ/weMI+zy4tHpzUOvpooH46BvYsn XMhlqsYlWS0Nj9eCpUxxkDr1hyuZlpv5RPyW4xKFWor6zQvVi+cl1wiDu0tKCD7T gg3vB04mMOBnGUsEzTc0I/hPcWp6xThQg4N9Zh/MbdwqSkN5KHDgakIMa2yEYRB7 ZLskhnvB2te1KVHvn5CsxR0ABPextALn/u/7qELgGIKoyJVzgmL/lF3wceGsUwz3 hpcWmYKKu5nPg+L1bCHj05O3IcaUhCmvTBkV39nh4TshTTPU0PkvBv20UoChcgER /4QhKydpeLwKi5hTuBuHN6z3PuGrId3opf28KdGsHQ1KGPqd5os= =p3OE -----END PGP SIGNATURE----- Merge 4.14.159 into android-4.14 Changes in 4.14.159 rsi: release skb if rsi_prepare_beacon fails arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator usb: gadget: u_serial: add missing port entry locking tty: serial: fsl_lpuart: use the sg count from dma_map_sg tty: serial: msm_serial: Fix flow control serial: pl011: Fix DMA ->flush_buffer() serial: serial_core: Perform NULL checks for break_ctl ops serial: ifx6x60: add missed pm_runtime_disable autofs: fix a leak in autofs_expire_indirect() RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN iwlwifi: pcie: don't consider IV len in A-MSDU exportfs_decode_fh(): negative pinned may become positive without the parent locked audit_get_nd(): don't unlock parent too early NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error xfrm: release device reference for invalid state Input: cyttsp4_core - fix use after free bug sched/core: Avoid spurious lock dependencies ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() rsxx: add missed destroy_workqueue calls in remove net: ep93xx_eth: fix mismatch of request_mem_region in remove i2c: core: fix use after free in of_i2c_notify serial: core: Allow processing sysrq at port unlock time cxgb4vf: fix memleak in mac_hlist initialization iwlwifi: mvm: synchronize TID queue removal iwlwifi: mvm: Send non offchannel traffic via AP sta ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ net/mlx5: Release resource on error flow clk: sunxi-ng: a64: Fix gate bit of DSI DPHY dlm: fix possible call to kfree() for non-initialized pointer extcon: max8997: Fix lack of path setting in USB device mode net: ethernet: ti: cpts: correct debug for expired txq skb rtc: s3c-rtc: Avoid using broken ALMYEAR register i40e: don't restart nway if autoneg not supported clk: rockchip: fix rk3188 sclk_smc gate data clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name dlm: fix missing idr_destroy for recover_idr MIPS: SiByte: Enable ZONE_DMA32 for LittleSur net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 scsi: zfcp: drop default switch case which might paper over missing case crypto: ecc - check for invalid values in the key verification test crypto: bcm - fix normal/non key hash algorithm failure pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues Staging: iio: adt7316: Fix i2c data reading, set the data field mm/vmstat.c: fix NUMA statistics updates clk: rockchip: fix I2S1 clock gate register for rk3328 clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 regulator: Fix return value of _set_load() stub net-next/hinic:fix a bug in set mac address iomap: sub-block dio needs to zeroout beyond EOF MIPS: OCTEON: octeon-platform: fix typing net/smc: use after free fix in smc_wr_tx_put_slot() math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' rtc: dt-binding: abx80x: fix resistance scale ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module media: pulse8-cec: return 0 when invalidating the logical address media: cec: report Vendor ID after initialization dmaengine: coh901318: Fix a double-lock bug dmaengine: coh901318: Remove unused variable dmaengine: dw-dmac: implement dma protection control setting usb: dwc3: debugfs: Properly print/set link state for HS usb: dwc3: don't log probe deferrals; but do log other error codes ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() f2fs: fix count of seg_freed to make sec_freed correct f2fs: change segment to section in f2fs_ioc_gc_range ARM: dts: rockchip: Fix the PMU interrupt number for rv1108 ARM: dts: rockchip: Assign the proper GPIO clocks for rv1108 f2fs: fix to allow node segment for GC by ioctl path sparc: Correct ctx->saw_frame_pointer logic. dma-mapping: fix return type of dma_set_max_seg_size() altera-stapl: check for a null key before strcasecmp'ing it serial: imx: fix error handling in console_setup i2c: imx: don't print error message on probe defer lockd: fix decoding of TEST results ASoC: rsnd: tidyup registering method for rsnd_kctrl_new() ARM: dts: sun5i: a10s: Fix HDMI output DTC warning ARM: dts: sun8i: v3s: Change pinctrl nodes to avoid warning dlm: NULL check before kmem_cache_destroy is not needed ARM: debug: enable UART1 for socfpga Cyclone5 nfsd: fix a warning in __cld_pipe_upcall() ASoC: au8540: use 64-bit arithmetic instead of 32-bit ARM: OMAP1/2: fix SoC name printing arm64: dts: meson-gxl-libretech-cc: fix GPIO lines names arm64: dts: meson-gxbb-nanopi-k2: fix GPIO lines names arm64: dts: meson-gxbb-odroidc2: fix GPIO lines names arm64: dts: meson-gxl-khadas-vim: fix GPIO lines names net/x25: fix called/calling length calculation in x25_parse_address_block net/x25: fix null_x25_address handling ARM: dts: mmp2: fix the gpio interrupt cell number ARM: dts: realview-pbx: Fix duplicate regulator nodes tcp: fix off-by-one bug on aborting window-probing socket tcp: fix SNMP under-estimation on failed retransmission tcp: fix SNMP TCP timeout under-estimation modpost: skip ELF local symbols during section mismatch check kbuild: fix single target build for external module mtd: fix mtd_oobavail() incoherent returned value ARM: dts: pxa: clean up USB controller nodes clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent ARM: dts: realview: Fix some more duplicate regulator nodes dlm: fix invalid cluster name warning net/mlx4_core: Fix return codes of unsupported operations pstore/ram: Avoid NULL deref in ftrace merging failure path powerpc/math-emu: Update macros from GCC clk: renesas: r8a77995: Correct parent clock of DU MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition nfsd: Return EPERM, not EACCES, in some SETATTR cases tty: Don't block on IO when ldisc change is pending media: stkwebcam: Bugfix for wrong return values firmware: qcom: scm: fix compilation error when disabled mlxsw: spectrum_router: Relax GRE decap matching check IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state IB/hfi1: Close VNIC sdma_progress sleep window mlx4: Use snprintf instead of complicated strcpy usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler ARM: dts: sunxi: Fix PMU compatible strings media: vimc: fix start stream when link is disabled net: aquantia: fix RSS table and key sizes tcp: exit if nothing to retransmit on RTO timeout sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision fuse: verify nlink fuse: verify attributes ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 ALSA: pcm: oss: Avoid potential buffer overflows ALSA: hda - Add mute led support for HP ProBook 645 G4 Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers Input: goodix - add upside-down quirk for Teclast X89 tablet coresight: etm4x: Fix input validation for sysfs. Input: Fix memory leak in psxpad_spi_probe x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks CIFS: Fix SMB2 oplock break processing tty: vt: keyboard: reject invalid keycodes can: slcan: Fix use-after-free Read in slcan_open kernfs: fix ino wrap-around detection jbd2: Fix possible overflow in jbd2_log_space_left() drm/i810: Prevent underflow in ioctl KVM: arm/arm64: vgic: Don't rely on the wrong pending table KVM: x86: do not modify masked bits of shared MSRs KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr crypto: af_alg - cast ki_complete ternary op to int crypto: ccp - fix uninitialized list head crypto: ecdh - fix big endian bug in ECC library crypto: user - fix memory leak in crypto_report spi: atmel: Fix CS high support RDMA/qib: Validate ->show()/store() callbacks before calling them iomap: Fix pipe page leakage during splicing thermal: Fix deadlock in thermal thermal_zone_device_check binder: Handle start==NULL in binder_update_page_range() ASoC: rsnd: fixup MIX kctrl registration KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) appletalk: Fix potential NULL pointer dereference in unregister_snap_client appletalk: Set error code if register_snap_client failed usb: gadget: configfs: Fix missing spin_lock_init() usb: gadget: pch_udc: fix use after free scsi: qla2xxx: Fix driver unload hang media: venus: remove invalid compat_ioctl32 handler USB: uas: honor flag to avoid CAPACITY16 USB: uas: heed CAPACITY_HEURISTICS USB: documentation: flags on usb-storage versus UAS usb: Allow USB device to be warm reset in suspended state staging: rtl8188eu: fix interface sanity check staging: rtl8712: fix interface sanity check staging: gigaset: fix general protection fault on probe staging: gigaset: fix illegal free on probe errors staging: gigaset: add endpoint-type sanity check usb: xhci: only set D3hot for pci device xhci: Increase STS_HALT timeout in xhci_suspend() xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour. ARM: dts: pandora-common: define wl1251 as child node of mmc3 iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting USB: atm: ueagle-atm: add missing endpoint check USB: idmouse: fix interface sanity checks USB: serial: io_edgeport: fix epic endpoint lookup USB: adutux: fix interface sanity check usb: core: urb: fix URB structure initialization function usb: mon: Fix a deadlock in usbmon between mmap and read tpm: add check after commands attribs tab allocation mtd: spear_smi: Fix Write Burst mode virtio-balloon: fix managed page counts when migrating pages between zones usb: dwc3: ep0: Clear started flag on completion btrfs: check page->mapping when loading free space cache btrfs: use refcount_inc_not_zero in kill_all_nodes Btrfs: fix negative subv_writers counter and data space leak after buffered write btrfs: Remove btrfs_bio::flags member Btrfs: send, skip backreference walking for extents with many references btrfs: record all roots for rename exchange on a subvol rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer rtlwifi: rtl8192de: Fix missing enable interrupt flag lib: raid6: fix awk build warnings ovl: relax WARN_ON() on rename to self ALSA: hda - Fix pending unsol events at shutdown md/raid0: Fix an error message in raid0_make_request() watchdog: aspeed: Fix clock behaviour for ast2600 hwrng: omap - Fix RNG wait loop timeout dm zoned: reduce overhead of backing device checks workqueue: Fix spurious sanity check failures in destroy_workqueue() workqueue: Fix pwq ref leak in rescuer_thread() ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report blk-mq: avoid sysfs buffer overflow with too many CPU cores cgroup: pids: use atomic64_t for pids->limit ar5523: check NULL before memcpy() in ar5523_cmd() s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported media: bdisp: fix memleak on release media: radio: wl1273: fix interrupt masking on release media: cec.h: CEC_OP_REC_FLAG_ values were swapped cpuidle: Do not unset the driver if it is there already intel_th: Fix a double put_device() in error path intel_th: pci: Add Ice Lake CPU support intel_th: pci: Add Tiger Lake CPU support PM / devfreq: Lock devfreq in trans_stat_show cpufreq: powernv: fix stack bloat and hard limit on number of CPUs ACPI: OSL: only free map once in osl.c ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() ACPI: PM: Avoid attaching ACPI PM domain to certain devices pinctrl: samsung: Add of_node_put() before return in error path pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init pinctrl: samsung: Fix device node refcount leaks in init code pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity ppdev: fix PPGETTIME/PPSETTIME ioctls powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB powerpc/xive: Prevent page fault issues in the machine crash handler powerpc: Allow flush_icache_range to work across ranges >4GB powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts video/hdmi: Fix AVI bar unpack quota: Check that quota is not dirty before release ext2: check err when partial != NULL quota: fix livelock in dquot_writeback_dquots ext4: Fix credit estimate for final inode freeing reiserfs: fix extended attributes on the root directory block: fix single range discard merge scsi: zfcp: trace channel log even for FCP command responses scsi: qla2xxx: Fix DMA unmap leak scsi: qla2xxx: Fix session lookup in qlt_abort_work() scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value scsi: qla2xxx: Fix message indicating vectors used by driver xhci: Fix memory leak in xhci_add_in_port() xhci: make sure interrupts are restored to correct state iio: adis16480: Add debugfs_reg_access entry phy: renesas: rcar-gen3-usb2: Fix sysfs interface of "role" omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251 scsi: lpfc: Cap NPIV vports to 256 scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE drbd: Change drbd_request_detach_interruptible's return type to int e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk power: supply: cpcap-battery: Fix signed counter sample register mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead media: vimc: fix component match compare ath10k: fix fw crash by moving chip reset after napi disabled powerpc: Avoid clang warnings around setjmp and longjmp powerpc: Fix vDSO clock_getres() ext4: work around deleting a file with i_nlink == 0 safely firmware: qcom: scm: Ensure 'a0' status code is treated as signed mm/shmem.c: cast the type of unmap_start to u64 ext4: fix a bug in ext4_wait_for_tail_page_commit mfd: rk808: Fix RK818 ID template blk-mq: make sure that line break can be printed workqueue: Fix missing kfree(rescuer) in destroy_workqueue() sunrpc: fix crash when cache_head become valid before update net/mlx5e: Fix SFF 8472 eeprom length gfs2: fix glock reference problem in gfs2_trans_remove_revoke kernel/module.c: wakeup processes in module_wq on module unload gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist raid5: need to set STRIPE_HANDLE for batch head of: unittest: fix memory leak in attach_node_and_children Linux 4.14.159 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
|
Amir Goldstein
|
6890751cfe |
ovl: relax WARN_ON() on rename to self
commit 6889ee5a53b8d969aa542047f5ac8acdc0e79a91 upstream. In ovl_rename(), if new upper is hardlinked to old upper underneath overlayfs before upper dirs are locked, user will get an ESTALE error and a WARN_ON will be printed. Changes to underlying layers while overlayfs is mounted may result in unexpected behavior, but it shouldn't crash the kernel and it shouldn't trigger WARN_ON() either, so relax this WARN_ON(). Reported-by: syzbot+bb1836a212e69f8e201a@syzkaller.appspotmail.com Fixes: 804032fabb3b ("ovl: don't check rename to self") Cc: <stable@vger.kernel.org> # v4.9+ Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Mayank Grover
|
ee101731d0 |
ANDROID: overlayfs: internal getxattr operations without sepolicy checking
Check impure, opaque, origin & meta xattr with no sepolicy audit (using __vfs_getxattr) since these operations are internal to overlayfs operations and do not disclose any data. This became an issue for credential override off since sys_admin would have been required by the caller; whereas would have been inherently present for the creator since it performed the mount. This is a change in operations since we do not check in the new ovl_vfs_getxattr function if the credential override is off or not. Reasoning is that the sepolicy check is unnecessary overhead, especially since the check can be expensive. Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 133515582 Bug: 136124883 Bug: 129319403 Change-Id: I34d99cc46e9e87a79efc8d05f85980bbc137f7eb Git-commit: 9f32911c57f72aa76acf375c66f57c88a8516ef7 Git-repo: https://android.googlesource.com/kernel/common [jshriram@codeaurora.org: No changes] Signed-off-by: Jeevan Shriram <jshriram@codeaurora.org> [groverm@codeaurora.org: resolving merge conflicts] Signed-off-by: Mayank Grover <groverm@codeaurora.org> |
||
|
Mayank Grover
|
b721e17250 |
ANDROID: overlayfs: add __get xattr method
Because of the overlayfs getxattr recursion, the incoming inode fails to update the selinux sid resulting in avc denials being reported against a target context of u:object_r:unlabeled:s0. Solution is to add a _get xattr method that calls the __vfs_getxattr handler so that the context can be read in, rather than being denied with an -EACCES when vfs_getxattr handler is called. Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 133515582 Bug: 136124883 Bug: 129319403 Change-Id: Ia39543c5ce617976f14d790fb88e471d575ffd65 Git-commit: 18cb05fae20ff6df825141414e607d06c30c99cc Git-repo: https://android.googlesource.com/kernel/common [jshriram@codeaurora.org: No changes] Signed-off-by: Jeevan Shriram <jshriram@codeaurora.org> [groverm@codeaurora.org: No changes] Signed-off-by: Mayank Grover <groverm@codeaurora.org> |
||
Mark Salyzyn
|
f40abacc8a |
ANDROID: overlayfs: fix printk format
ssize_t value replace %i with %zi. Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 133515582 Bug: 136124883 Bug: 129319403 Change-Id: I6e3d579b9e1fe66b2ba35913b6c73b41fdaf03ce |
||
|
Mark Salyzyn
|
b882c852c9 |
ANDROID: overlayfs: fix printk format
ssize_t value replace %i with %zi. Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 133515582 Bug: 136124883 Bug: 129319403 Change-Id: I6e3d579b9e1fe66b2ba35913b6c73b41fdaf03ce |
||
|
Mark Salyzyn
|
6e5cc2351d |
BACKPORT: ANDROID: overlayfs: internal getxattr operations without sepolicy checking
Check impure, opaque, origin & meta xattr with no sepolicy audit
(using __vfs_getxattr) since these operations are internal to
overlayfs operations and do not disclose any data. This became
an issue for credential override off since sys_admin would have
been required by the caller; whereas would have been inherently
present for the creator since it performed the mount.
This is a change in operations since we do not check in the new
ovl_vfs_getxattr function if the credential override is off or
not. Reasoning is that the sepolicy check is unnecessary overhead,
especially since the check can be expensive.
(cherry picked from commit 9f32911c57f72aa76acf375c66f57c88a8516ef7
("ANDROID: overlayfs: internal getxattr operations without sepolicy checking"))
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Bug: 133515582
Bug: 136124883
Bug: 129319403
Change-Id: I34d99cc46e9e87a79efc8d05f85980bbc137f7eb
|
||
|
Mark Salyzyn
|
f7fedd5c15 |
ANDROID: overlayfs: add __get xattr method
Because of the overlayfs getxattr recursion, the incoming inode fails to update the selinux sid resulting in avc denials being reported against a target context of u:object_r:unlabeled:s0. Solution is to add a _get xattr method that calls the __vfs_getxattr handler so that the context can be read in, rather than being denied with an -EACCES when vfs_getxattr handler is called. Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 133515582 Bug: 136124883 Bug: 129319403 Change-Id: Ia39543c5ce617976f14d790fb88e471d575ffd65 |
||
|
Mark Salyzyn
|
f1bf45bfb9 |
ANDROID: regression introduced override_creds=off
Solve a regression introduced by
commit 272fcd1ca7ceb252b1c3a2961110c7c1722707cf
("ANDROID: overlayfs: override_creds=off option bypass creator_cred")
where a crash is observed a crash in ovl_create_or_link() when a
simple re-direction command in vendor directory.
/vendor/bin/<Any test> > /vendor/bin/test_log.txt 2>&1&
After further debugging we see that if the output is redirected to a
file which doesn’t exist we see this stack:
[ 377.382745] ovl_create_or_link+0xac/0x710
[ 377.382745] ovl_create_object+0xb8/0x110
[ 377.382745] ovl_create+0x34/0x40
[ 377.382745] path_openat+0xd44/0x15a8
[ 377.382745] do_filp_open+0x80/0x128
[ 377.382745] do_sys_open+0x140/0x250
[ 377.382745] __arm64_sys_openat+0x2c/0x38
ovl_override_creds returns NULL because the override_cred flag is set
to false. This causes ovl_revert_creds also to fail.
There is another call to check override_cred in override_cred call
which overrides the creds permanently as there no revert_creds
associated. So whenever next commit_cred is called we see the crash
as the credentials are permanently overridden.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Tested-by: Rishabh/Jeevan <jshriram@qualcomm.corp-partner.google.com>
Bug: 140816499
Change-Id: Icd0d9be82fc57af5ead1eeab99f79adf3adf62ef
|
||
|
Mark Salyzyn
|
ca76d75913 |
ANDROID: overlayfs: internal getxattr operations without sepolicy checking
Check impure, opaque, origin & meta xattr with no sepolicy audit (using __vfs_getxattr) since these operations are internal to overlayfs operations and do not disclose any data. This became an issue for credential override off since sys_admin would have been required by the caller; whereas would have been inherently present for the creator since it performed the mount. This is a change in operations since we do not check in the new ovl_vfs_getxattr function if the credential override is off or not. Reasoning is that the sepolicy check is unnecessary overhead, especially since the check can be expensive. Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 133515582 Bug: 136124883 Bug: 129319403 Change-Id: I34d99cc46e9e87a79efc8d05f85980bbc137f7eb |
||
|
Mark Salyzyn
|
034973fea2 |
ANDROID: overlayfs: add __get xattr method
Because of the overlayfs getxattr recursion, the incoming inode fails to update the selinux sid resulting in avc denials being reported against a target context of u:object_r:unlabeled:s0. Solution is to add a _get xattr method that calls the __vfs_getxattr handler so that the context can be read in, rather than being denied with an -EACCES when vfs_getxattr handler is called. Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 133515582 Bug: 136124883 Bug: 129319403 Change-Id: Ia39543c5ce617976f14d790fb88e471d575ffd65 |
||
|
Blagovest Kolenichev
|
fbbfccc5a5 |
Merge android-4.14-q.147 (5c8d069) into msm-4.14
* refs/heads/tmp-5c8d069:
Revert "net: qrtr: Stop rx_worker before freeing node"
Linux 4.14.147
Btrfs: fix race setting up and completing qgroup rescan workers
btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
md/raid0: avoid RAID0 data corruption due to layout confusion.
CIFS: Fix oplock handling for SMB 2.1+ protocols
CIFS: fix max ea value size
i2c: riic: Clear NACK in tend isr
hwrng: core - don't wait on add_early_randomness()
quota: fix wrong condition in is_quota_modification()
ext4: fix punch hole for inline_data file systems
ext4: fix warning inside ext4_convert_unwritten_extents_endio
/dev/mem: Bail out upon SIGKILL.
cfg80211: Purge frame registrations on iftype change
md: only call set_in_sync() when it is expected to succeed.
md: don't report active array_state until after revalidate_disk() completes.
md/raid6: Set R5_ReadError when there is read failure on parity disk
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
btrfs: Relinquish CPUs in btrfs_compare_trees
Btrfs: fix use-after-free when using the tree modification log
ovl: filter of trusted xattr results in audit
memcg, kmem: do not fail __GFP_NOFAIL charges
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
regulator: Defer init completion for a while after late_initcall
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
ARM: samsung: Fix system restart on S3C6410
ASoC: Intel: Fix use of potentially uninitialized variable
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: NHLT: Fix debug print format
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
KVM: x86: Manually calculate reserved bits when loading PDPTRS
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: always stop emulation on page fault
x86/retpolines: Fix up backport of a9d57ef15cbe
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
fuse: fix missing unlock_page in fuse_writepage()
ALSA: hda/realtek - Fixup mute led on HP Spectre x360
randstruct: Check member structs in is_pure_ops_struct()
IB/hfi1: Define variables as unsigned long to fix KASAN warning
printk: Do not lose last line in kmsg buffer dump
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
ALSA: firewire-tascam: check intermediate state of clock status and retry
ALSA: firewire-tascam: handle error code when getting current source of clock
PM / devfreq: passive: fix compiler warning
media: omap3isp: Set device on omap3isp subdevs
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
e1000e: add workaround for possible stalled packet
libertas: Add missing sentinel at end of if_usb.c fw_table
raid5: don't increment read_errors on EILSEQ return
mmc: sdhci: Fix incorrect switch to HS mode
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
kprobes: Prohibit probing on BUG() and WARN() address
dmaengine: ti: edma: Do not reset reserved paRAM slots
md/raid1: fail run raid1 array when active disk less than one
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
ACPI: custom_method: fix memory leaks
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
libtraceevent: Change users plugin directory
iommu/iova: Avoid false sharing on fq_timer_on
iommu/amd: Silence warnings under memory pressure
nvmet: fix data units read and written counters in SMART log
arm64: kpti: ensure patched kernel text is fetched from PoU
ACPI / CPPC: do not require the _PSD method
ASoC: es8316: fix headphone mixer volume table
media: ov9650: add a sanity check
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
media: cpia2_usb: fix memory leaks
media: saa7146: add cleanup in hexium_attach()
media: cec-notifier: clear cec_adap in cec_notifier_unregister
PM / devfreq: exynos-bus: Correct clock enable sequence
PM / devfreq: passive: Use non-devm notifiers
EDAC/amd64: Decode syndrome before translating address
EDAC/amd64: Recognize DRAM device type ECC capability
libperf: Fix alignment trap with xyarray contents in 'perf stat'
media: dvb-core: fix a memory leak bug
nbd: add missing config put
media: hdpvr: add terminating 0 at end of string
media: radio/si470x: kill urb on error
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
net: lpc-enet: fix printk format strings
media: imx: mipi csi-2: Don't fail if initial state times-out
media: omap3isp: Don't set streaming state on random subdevs
media: i2c: ov5645: Fix power sequence
perf record: Support aarch64 random socket_id assignment
dmaengine: iop-adma: use correct printk format strings
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
media: fdp1: Reduce FCP not found message level to debug
media: mtk-mdp: fix reference count on old device tree
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: gspca: zero usb_buf on error
sched/fair: Use rq_lock/unlock in online_fair_sched_group
efi: cper: print AER info of PCIe fatal error
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
ACPI / processor: don't print errors for processorIDs == 0xff
md: don't set In_sync if array is frozen
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md/raid1: end bio when the device faulty
ASoC: rsnd: don't call clk_get_rate() under atomic context
EDAC/altera: Use the proper type for the IRQ status bits
ia64:unwind: fix double free for mod->arch.init_unw_table
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
base: soc: Export soc_device_register/unregister APIs
media: iguanair: add sanity checks
EDAC/mc: Fix grain_bits calculation
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
ALSA: hda - Show the fatal CORB/RIRB error more clearly
x86/apic: Soft disable APIC before initializing it
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
sched/core: Fix CPU controller for !RT_GROUP_SCHED
sched/fair: Fix imbalance due to CPU affinity
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
media: hdpvr: Add device num check and handling
media: exynos4-is: fix leaked of_node references
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: dib0700: fix link error for dibx000_i2c_set_speed
leds: leds-lp5562 allow firmware files up to the maximum length
dmaengine: bcm2835: Print error in case setting DMA mask fails
ASoC: sgtl5000: Fix charge pump source assignment
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ALSA: hda: Flush interrupts on disabling
nfc: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
mISDN: enforce CAP_NET_RAW for raw sockets
net/mlx5: Add device ID of upcoming BlueField-2
usbnet: sanity checking of packet sizes and device mtu
usbnet: ignore endpoints with invalid wMaxPacketSize
skge: fix checksum byte order
sch_netem: fix a divide by zero in tabledist()
ppp: Fix memory leak in ppp_write
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
net_sched: add max len check for TCA_KIND
net/sched: act_sample: don't push mac header on ip6gre ingress
net: qrtr: Stop rx_worker before freeing node
net/phy: fix DP83865 10 Mbps HDX loopback disable function
macsec: drop skb sk before calling gro_cells_receive
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
arcnet: provide a buffer big enough to actually receive packets
f2fs: use generic EFSBADCRC/EFSCORRUPTED
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
xfs: don't crash on null attr fork xfs_bmapi_read
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
net: don't warn in inet diag when IPV6 is disabled
drm: Flush output polling on shutdown
f2fs: fix to do sanity check on segment bitmap of LFS curseg
dm zoned: fix invalid memory access
Revert "f2fs: avoid out-of-range memory access"
blk-mq: move cancel of requeue_work to the front of blk_exit_queue
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
f2fs: check all the data segments against all node ones
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
locking/lockdep: Add debug_locks check in __lock_downgrade()
power: supply: sysfs: ratelimit property read error message
pinctrl: sprd: Use define directive for sprd_pinconf_params values
objtool: Clobber user CFLAGS variable
ALSA: hda - Apply AMD controller workaround for Raven platform
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
media: tvp5150: fix switch exit in set control handler
iwlwifi: mvm: send BCAST management frames to the right station
crypto: talitos - fix missing break in switch statement
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
HID: hidraw: Fix invalid read in hidraw_ioctl
HID: logitech: Fix general protection fault caused by Logitech driver
HID: sony: Fix memory corruption issue on cleanup.
HID: prodikeys: Fix general protection fault during probe
IB/core: Add an unbound WQ type to the new CQ API
objtool: Query pkg-config for libelf location
powerpc/xive: Fix bogus error code returned by OPAL
Revert "Bluetooth: validate BLE connection interval updates"
Conflicts:
drivers/mmc/core/sdio_irq.c
fs/f2fs/data.c
fs/f2fs/f2fs.h
fs/f2fs/inode.c
Change-Id: I757f54737e4d58319f2866f687a39123f0889e1e
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Greg Kroah-Hartman
|
9674240fb2 |
This is the 4.14.147 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2YdO8ACgkQONu9yGCS
aT50DBAAuLQNqoTz2C6HkEHqU6l9v491n8Aw6ILuUoILcoWGIOZEtdmKtRXXBWjR
v0s1T4FbeOZkKHTJGXuCd8Di6BYBDBSSBRSvuvWFisCyo/nwM3i1bNVz+i0IBAbS
Ug3mQOkCHfZgvht17XCDjcHgE2pdHThof5T9/3IIewfSyx4I0WZKlr4Xq1HF535g
30w1Ox+rWLQ4735LlGfMTd+oqYIaP91xyuFuGcsp2Pgy7nLFTtaa69fHD93qVH9o
2rdIowlYFU/uIkGx9qW/sMDq4Gp34xczdp/ABNiRylEL1Rf1cOkcn8KZX14ePodk
5x4hXHDkCWqquu6HnuTB6bzR7gwVsqxBEucT4v7wnkHTIFucEOeBc7E6T2llGTRe
dfESrc28lXN3E9WGu7gAqi7Hvr2oDGVffthySwR6Yq4WoVSppHTc/SekZ4p2qhAl
8jp4V86U5Fwr6ERCwZ0LcQ8TUK1j9KptpJ1P4Lb/w4wT2csq8DasunDm8/7lYFfp
ISa9OE4fF8bhSI45bP+o4WYac6x7F4A8RpdTGJ1qRp0crKDL7oKP5YtFzJTGyt2a
FDnONywuYu2Iayt76fqYU8Lh7yDpxzLSY/66VXRAPcb4Xtc55BKjlRaoEqXOPXqB
8sid+r28LHYiOlHDfb+J/IKI8YyGAiB5ac7Pakw7Q8d07fsxiuI=
=OgXW
-----END PGP SIGNATURE-----
Merge 4.14.147 into android-4.14
Changes in 4.14.147
Revert "Bluetooth: validate BLE connection interval updates"
powerpc/xive: Fix bogus error code returned by OPAL
objtool: Query pkg-config for libelf location
IB/core: Add an unbound WQ type to the new CQ API
HID: prodikeys: Fix general protection fault during probe
HID: sony: Fix memory corruption issue on cleanup.
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
iwlwifi: mvm: send BCAST management frames to the right station
media: tvp5150: fix switch exit in set control handler
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ALSA: hda - Apply AMD controller workaround for Raven platform
objtool: Clobber user CFLAGS variable
pinctrl: sprd: Use define directive for sprd_pinconf_params values
power: supply: sysfs: ratelimit property read error message
locking/lockdep: Add debug_locks check in __lock_downgrade()
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
blk-mq: move cancel of requeue_work to the front of blk_exit_queue
Revert "f2fs: avoid out-of-range memory access"
dm zoned: fix invalid memory access
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
net: don't warn in inet diag when IPV6 is disabled
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
xfs: don't crash on null attr fork xfs_bmapi_read
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
f2fs: use generic EFSBADCRC/EFSCORRUPTED
arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
macsec: drop skb sk before calling gro_cells_receive
net/phy: fix DP83865 10 Mbps HDX loopback disable function
net: qrtr: Stop rx_worker before freeing node
net/sched: act_sample: don't push mac header on ip6gre ingress
net_sched: add max len check for TCA_KIND
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
ppp: Fix memory leak in ppp_write
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
net/mlx5: Add device ID of upcoming BlueField-2
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
ALSA: hda: Flush interrupts on disabling
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ASoC: sgtl5000: Fix charge pump source assignment
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: exynos4-is: fix leaked of_node references
media: hdpvr: Add device num check and handling
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
EDAC/mc: Fix grain_bits calculation
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
EDAC/altera: Use the proper type for the IRQ status bits
ASoC: rsnd: don't call clk_get_rate() under atomic context
md/raid1: end bio when the device faulty
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
ACPI / processor: don't print errors for processorIDs == 0xff
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
efi: cper: print AER info of PCIe fatal error
sched/fair: Use rq_lock/unlock in online_fair_sched_group
media: gspca: zero usb_buf on error
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: mtk-mdp: fix reference count on old device tree
media: fdp1: Reduce FCP not found message level to debug
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
dmaengine: iop-adma: use correct printk format strings
perf record: Support aarch64 random socket_id assignment
media: i2c: ov5645: Fix power sequence
media: omap3isp: Don't set streaming state on random subdevs
media: imx: mipi csi-2: Don't fail if initial state times-out
net: lpc-enet: fix printk format strings
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
nbd: add missing config put
media: dvb-core: fix a memory leak bug
libperf: Fix alignment trap with xyarray contents in 'perf stat'
EDAC/amd64: Recognize DRAM device type ECC capability
EDAC/amd64: Decode syndrome before translating address
PM / devfreq: passive: Use non-devm notifiers
PM / devfreq: exynos-bus: Correct clock enable sequence
media: cec-notifier: clear cec_adap in cec_notifier_unregister
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: ov9650: add a sanity check
ASoC: es8316: fix headphone mixer volume table
ACPI / CPPC: do not require the _PSD method
arm64: kpti: ensure patched kernel text is fetched from PoU
nvmet: fix data units read and written counters in SMART log
iommu/amd: Silence warnings under memory pressure
iommu/iova: Avoid false sharing on fq_timer_on
libtraceevent: Change users plugin directory
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
ACPI: custom_method: fix memory leaks
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
mmc: sdhci: Fix incorrect switch to HS mode
raid5: don't increment read_errors on EILSEQ return
libertas: Add missing sentinel at end of if_usb.c fw_table
e1000e: add workaround for possible stalled packet
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
PM / devfreq: passive: fix compiler warning
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
printk: Do not lose last line in kmsg buffer dump
IB/hfi1: Define variables as unsigned long to fix KASAN warning
randstruct: Check member structs in is_pure_ops_struct()
ALSA: hda/realtek - Fixup mute led on HP Spectre x360
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
x86/retpolines: Fix up backport of a9d57ef15cbe
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ASoC: Intel: NHLT: Fix debug print format
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: samsung: Fix system restart on S3C6410
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
regulator: Defer init completion for a while after late_initcall
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
memcg, kmem: do not fail __GFP_NOFAIL charges
ovl: filter of trusted xattr results in audit
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
md/raid6: Set R5_ReadError when there is read failure on parity disk
md: don't report active array_state until after revalidate_disk() completes.
md: only call set_in_sync() when it is expected to succeed.
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix warning inside ext4_convert_unwritten_extents_endio
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: fix max ea value size
CIFS: Fix oplock handling for SMB 2.1+ protocols
md/raid0: avoid RAID0 data corruption due to layout confusion.
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item
Btrfs: fix race setting up and completing qgroup rescan workers
Linux 4.14.147
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Greg Kroah-Hartman
|
5c8d069c5d |
This is the 4.14.147 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2YdO8ACgkQONu9yGCS
aT50DBAAuLQNqoTz2C6HkEHqU6l9v491n8Aw6ILuUoILcoWGIOZEtdmKtRXXBWjR
v0s1T4FbeOZkKHTJGXuCd8Di6BYBDBSSBRSvuvWFisCyo/nwM3i1bNVz+i0IBAbS
Ug3mQOkCHfZgvht17XCDjcHgE2pdHThof5T9/3IIewfSyx4I0WZKlr4Xq1HF535g
30w1Ox+rWLQ4735LlGfMTd+oqYIaP91xyuFuGcsp2Pgy7nLFTtaa69fHD93qVH9o
2rdIowlYFU/uIkGx9qW/sMDq4Gp34xczdp/ABNiRylEL1Rf1cOkcn8KZX14ePodk
5x4hXHDkCWqquu6HnuTB6bzR7gwVsqxBEucT4v7wnkHTIFucEOeBc7E6T2llGTRe
dfESrc28lXN3E9WGu7gAqi7Hvr2oDGVffthySwR6Yq4WoVSppHTc/SekZ4p2qhAl
8jp4V86U5Fwr6ERCwZ0LcQ8TUK1j9KptpJ1P4Lb/w4wT2csq8DasunDm8/7lYFfp
ISa9OE4fF8bhSI45bP+o4WYac6x7F4A8RpdTGJ1qRp0crKDL7oKP5YtFzJTGyt2a
FDnONywuYu2Iayt76fqYU8Lh7yDpxzLSY/66VXRAPcb4Xtc55BKjlRaoEqXOPXqB
8sid+r28LHYiOlHDfb+J/IKI8YyGAiB5ac7Pakw7Q8d07fsxiuI=
=OgXW
-----END PGP SIGNATURE-----
Merge 4.14.147 into android-4.14-q
Changes in 4.14.147
Revert "Bluetooth: validate BLE connection interval updates"
powerpc/xive: Fix bogus error code returned by OPAL
objtool: Query pkg-config for libelf location
IB/core: Add an unbound WQ type to the new CQ API
HID: prodikeys: Fix general protection fault during probe
HID: sony: Fix memory corruption issue on cleanup.
HID: logitech: Fix general protection fault caused by Logitech driver
HID: hidraw: Fix invalid read in hidraw_ioctl
mtd: cfi_cmdset_0002: Use chip_good() to retry in do_write_oneword()
crypto: talitos - fix missing break in switch statement
iwlwifi: mvm: send BCAST management frames to the right station
media: tvp5150: fix switch exit in set control handler
ASoC: fsl: Fix of-node refcount unbalance in fsl_ssi_probe_from_dt()
arm64: kpti: Whitelist Cortex-A CPUs that don't implement the CSV3 field
ALSA: hda - Add laptop imic fixup for ASUS M9V laptop
ALSA: hda - Apply AMD controller workaround for Raven platform
objtool: Clobber user CFLAGS variable
pinctrl: sprd: Use define directive for sprd_pinconf_params values
power: supply: sysfs: ratelimit property read error message
locking/lockdep: Add debug_locks check in __lock_downgrade()
irqchip/gic-v3-its: Fix LPI release for Multi-MSI devices
f2fs: check all the data segments against all node ones
PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it
blk-mq: move cancel of requeue_work to the front of blk_exit_queue
Revert "f2fs: avoid out-of-range memory access"
dm zoned: fix invalid memory access
f2fs: fix to do sanity check on segment bitmap of LFS curseg
drm: Flush output polling on shutdown
net: don't warn in inet diag when IPV6 is disabled
ACPI: video: Add new hw_changes_brightness quirk, set it on PB Easynote MZ35
xfs: don't crash on null attr fork xfs_bmapi_read
Bluetooth: btrtl: Additional Realtek 8822CE Bluetooth devices
f2fs: use generic EFSBADCRC/EFSCORRUPTED
arcnet: provide a buffer big enough to actually receive packets
cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize
macsec: drop skb sk before calling gro_cells_receive
net/phy: fix DP83865 10 Mbps HDX loopback disable function
net: qrtr: Stop rx_worker before freeing node
net/sched: act_sample: don't push mac header on ip6gre ingress
net_sched: add max len check for TCA_KIND
openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC
ppp: Fix memory leak in ppp_write
sch_netem: fix a divide by zero in tabledist()
skge: fix checksum byte order
usbnet: ignore endpoints with invalid wMaxPacketSize
usbnet: sanity checking of packet sizes and device mtu
net/mlx5: Add device ID of upcoming BlueField-2
mISDN: enforce CAP_NET_RAW for raw sockets
appletalk: enforce CAP_NET_RAW for raw sockets
ax25: enforce CAP_NET_RAW for raw sockets
ieee802154: enforce CAP_NET_RAW for raw sockets
nfc: enforce CAP_NET_RAW for raw sockets
ALSA: hda: Flush interrupts on disabling
regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg
ASoC: sgtl5000: Fix charge pump source assignment
dmaengine: bcm2835: Print error in case setting DMA mask fails
leds: leds-lp5562 allow firmware files up to the maximum length
media: dib0700: fix link error for dibx000_i2c_set_speed
media: mtk-cir: lower de-glitch counter for rc-mm protocol
media: exynos4-is: fix leaked of_node references
media: hdpvr: Add device num check and handling
media: i2c: ov5640: Check for devm_gpiod_get_optional() error
sched/fair: Fix imbalance due to CPU affinity
sched/core: Fix CPU controller for !RT_GROUP_SCHED
x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails
x86/apic: Soft disable APIC before initializing it
ALSA: hda - Show the fatal CORB/RIRB error more clearly
ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls()
EDAC/mc: Fix grain_bits calculation
media: iguanair: add sanity checks
base: soc: Export soc_device_register/unregister APIs
ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid
ia64:unwind: fix double free for mod->arch.init_unw_table
EDAC/altera: Use the proper type for the IRQ status bits
ASoC: rsnd: don't call clk_get_rate() under atomic context
md/raid1: end bio when the device faulty
md: don't call spare_active in md_reap_sync_thread if all member devices can't work
md: don't set In_sync if array is frozen
ACPI / processor: don't print errors for processorIDs == 0xff
EDAC, pnd2: Fix ioremap() size in dnv_rd_reg()
efi: cper: print AER info of PCIe fatal error
sched/fair: Use rq_lock/unlock in online_fair_sched_group
media: gspca: zero usb_buf on error
perf test vfs_getname: Disable ~/.perfconfig to get default output
media: mtk-mdp: fix reference count on old device tree
media: fdp1: Reduce FCP not found message level to debug
media: rc: imon: Allow iMON RC protocol for ffdc 7e device
dmaengine: iop-adma: use correct printk format strings
perf record: Support aarch64 random socket_id assignment
media: i2c: ov5645: Fix power sequence
media: omap3isp: Don't set streaming state on random subdevs
media: imx: mipi csi-2: Don't fail if initial state times-out
net: lpc-enet: fix printk format strings
ARM: dts: imx7d: cl-som-imx7: make ethernet work again
media: radio/si470x: kill urb on error
media: hdpvr: add terminating 0 at end of string
nbd: add missing config put
media: dvb-core: fix a memory leak bug
libperf: Fix alignment trap with xyarray contents in 'perf stat'
EDAC/amd64: Recognize DRAM device type ECC capability
EDAC/amd64: Decode syndrome before translating address
PM / devfreq: passive: Use non-devm notifiers
PM / devfreq: exynos-bus: Correct clock enable sequence
media: cec-notifier: clear cec_adap in cec_notifier_unregister
media: saa7146: add cleanup in hexium_attach()
media: cpia2_usb: fix memory leaks
media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate()
perf trace beauty ioctl: Fix off-by-one error in cmd->string table
media: ov9650: add a sanity check
ASoC: es8316: fix headphone mixer volume table
ACPI / CPPC: do not require the _PSD method
arm64: kpti: ensure patched kernel text is fetched from PoU
nvmet: fix data units read and written counters in SMART log
iommu/amd: Silence warnings under memory pressure
iommu/iova: Avoid false sharing on fq_timer_on
libtraceevent: Change users plugin directory
ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks
ACPI: custom_method: fix memory leaks
ACPI / PCI: fix acpi_pci_irq_enable() memory leak
hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap'
md/raid1: fail run raid1 array when active disk less than one
dmaengine: ti: edma: Do not reset reserved paRAM slots
kprobes: Prohibit probing on BUG() and WARN() address
s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding
ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set
raid5: don't set STRIPE_HANDLE to stripe which is in batch list
mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD
mmc: sdhci: Fix incorrect switch to HS mode
raid5: don't increment read_errors on EILSEQ return
libertas: Add missing sentinel at end of if_usb.c fw_table
e1000e: add workaround for possible stalled packet
ALSA: hda - Drop unsol event handler for Intel HDMI codecs
drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2)
media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93
btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type
media: omap3isp: Set device on omap3isp subdevs
PM / devfreq: passive: fix compiler warning
ALSA: firewire-tascam: handle error code when getting current source of clock
ALSA: firewire-tascam: check intermediate state of clock status and retry
scsi: scsi_dh_rdac: zero cdb in send_mode_select()
printk: Do not lose last line in kmsg buffer dump
IB/hfi1: Define variables as unsigned long to fix KASAN warning
randstruct: Check member structs in is_pure_ops_struct()
ALSA: hda/realtek - Fixup mute led on HP Spectre x360
fuse: fix missing unlock_page in fuse_writepage()
parisc: Disable HP HSC-PCI Cards to prevent kernel crash
x86/retpolines: Fix up backport of a9d57ef15cbe
KVM: x86: always stop emulation on page fault
KVM: x86: set ctxt->have_exception in x86_decode_insn()
KVM: x86: Manually calculate reserved bits when loading PDPTRS
media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table
binfmt_elf: Do not move brk for INTERP-less ET_EXEC
ASoC: Intel: NHLT: Fix debug print format
ASoC: Intel: Skylake: Use correct function to access iomem space
ASoC: Intel: Fix use of potentially uninitialized variable
ARM: samsung: Fix system restart on S3C6410
ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up
arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328
alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP
regulator: Defer init completion for a while after late_initcall
gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps
memcg, oom: don't require __GFP_FS when invoking memcg OOM killer
memcg, kmem: do not fail __GFP_NOFAIL charges
ovl: filter of trusted xattr results in audit
Btrfs: fix use-after-free when using the tree modification log
btrfs: Relinquish CPUs in btrfs_compare_trees
btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space
md/raid6: Set R5_ReadError when there is read failure on parity disk
md: don't report active array_state until after revalidate_disk() completes.
md: only call set_in_sync() when it is expected to succeed.
cfg80211: Purge frame registrations on iftype change
/dev/mem: Bail out upon SIGKILL.
ext4: fix warning inside ext4_convert_unwritten_extents_endio
ext4: fix punch hole for inline_data file systems
quota: fix wrong condition in is_quota_modification()
hwrng: core - don't wait on add_early_randomness()
i2c: riic: Clear NACK in tend isr
CIFS: fix max ea value size
CIFS: Fix oplock handling for SMB 2.1+ protocols
md/raid0: avoid RAID0 data corruption due to layout confusion.
mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone
btrfs: qgroup: Drop quota_root and fs_info parameters from update_qgroup_status_item
Btrfs: fix race setting up and completing qgroup rescan workers
Linux 4.14.147
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
Mark Salyzyn
|
8a19d2b1e8 |
ovl: filter of trusted xattr results in audit
commit 5c2e9f346b815841f9bed6029ebcb06415caf640 upstream. When filtering xattr list for reading, presence of trusted xattr results in a security audit log. However, if there is other content no errno will be set, and if there isn't, the errno will be -ENODATA and not -EPERM as is usually associated with a lack of capability. The check does not block the request to list the xattrs present. Switch to ns_capable_noaudit to reflect a more appropriate check. Signed-off-by: Mark Salyzyn <salyzyn@android.com> Cc: linux-security-module@vger.kernel.org Cc: kernel-team@android.com Cc: stable@vger.kernel.org # v3.18+ Fixes: a082c6f680da ("ovl: filter trusted xattr for non-admin") Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
3b572c9bfa |
Merge android-4.14-q.146 (a3d6259) into msm-4.14
* refs/heads/tmp-a3d6259:
Linux 4.14.146
media: technisat-usb2: break out of loop at end of buffer
tcp: Don't dequeue SYN/FIN-segments from write-queue
tcp: Reset send_head when removing skb from write-queue
binfmt_elf: move brk out of mmap when doing direct loader exec
floppy: fix usercopy direction
PCI: kirin: Fix section mismatch warning
iommu/amd: Fix race in increase_address_space()
iommu/amd: Flush old domains in kdump kernel
keys: Fix missing null pointer check in request_key_auth_describe()
x86/hyper-v: Fix overflow bug in fill_gva_list()
x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
dmaengine: ti: dma-crossbar: Fix a memory leak bug
net: seeq: Fix the function used to release some memory in an error handling path
tools/power turbostat: fix buffer overrun
tools/power x86_energy_perf_policy: Fix argument parsing
tools/power x86_energy_perf_policy: Fix "uninitialized variable" warnings at -O2
amd-xgbe: Fix error path in xgbe_mod_init()
perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
perf/x86/intel: Restrict period on Nehalem
i2c: designware: Synchronize IRQs when unregistering slave client
sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
ARM: 8901/1: add a criteria for pfn_valid of arm
cifs: Use kzfree() to zero out the password
cifs: set domainName when a domain-key is used in multiuser
kallsyms: Don't let kallsyms_lookup_size_offset() fail on retrieving the first symbol
NFSv2: Fix write regression
NFSv2: Fix eof handling
netfilter: nf_conntrack_ftp: Fix debug output
x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
r8152: Set memory to all 0xFFs on failed reg reads
batman-adv: Only read OGM2 tvlv_len after buffer len check
ARM: 8874/1: mm: only adjust sections of valid mm structures
qed: Add cleanup in qed_slowpath_start()
Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
NFSv4: Fix return value in nfs_finish_open()
NFSv4: Fix return values for nfs4_file_open()
netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info
fpga: altera-ps-spi: Fix getting of optional confd gpio
s390/bpf: use 32-bit index for tail calls
ARM: dts: dra74x: Fix iodelay configuration for mmc3
ARM: OMAP2+: Fix omap4 errata warning on other SoCs
s390/bpf: fix lcgr instruction encoding
ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
tty/serial: atmel: reschedule TX after RX was started
serial: sprd: correct the wrong sequence of arguments
firmware: google: check if size is valid when decoding VPD data
KVM: coalesced_mmio: add bounds checking
net_sched: let qdisc_put() accept NULL pointer
xen-netfront: do not assume sk_buff_head list is empty in error handling
media: tm6000: double free if usb disconnect while streaming
phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current
USB: usbcore: Fix slab-out-of-bounds bug during device reset
powerpc/mm/radix: Use the right page size for vmemmap mapping
Input: elan_i2c - remove Lenovo Legion Y7000 PnpID
HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report
ANDROID: regression introduced override_creds=off
Linux 4.14.145
x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
nvmem: Use the same permissions for eeprom as for nvmem
platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table
Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature"
drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
firmware: ti_sci: Always request response from firmware
crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
crypto: talitos - Do not modify req->cryptlen on decryption.
crypto: talitos - fix ECB algs ivsize
crypto: talitos - check data blocksize in ablkcipher.
crypto: talitos - fix CTR alg blocksize
crypto: talitos - check AES key size
driver core: Fix use-after-free and double free on glue directory
ubifs: Correctly use tnc_next() in search_dh_cookie()
PCI: Always allow probing with driver_override
mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
clk: rockchip: Don't yell about bad mmc phases when getting
drm/meson: Add support for XBGR8888 & ABGR8888 formats
powerpc: Add barrier_nospec to raw_copy_in_user()
MIPS: VDSO: Use same -m%-float cflag as the kernel proper
MIPS: VDSO: Prevent use of smp_processor_id()
KVM: nVMX: handle page fault in vmread
KVM: x86: work around leak of uninitialized stack contents
KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
genirq: Prevent NULL pointer dereference in resend_irqs()
Btrfs: fix assertion failure during fsync and use of stale transaction
gpio: fix line flag validation in lineevent_create
gpio: fix line flag validation in linehandle_create
gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist
Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
btrfs: correctly validate compression type
btrfs: compression: add helper for type to string conversion
tun: fix use-after-free when register netdev failed
tipc: add NULL pointer check before calling kfree_rcu
tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
net: phylink: Fix flow control resolution
net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list
net: Fix null de-reference of device refcount
isdn/capi: check message length in capi_write()
ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
cdc_ether: fix rndis support for Mediatek based smartphones
bridge/mdb: remove wrong use of NLM_F_MULTI
Linux 4.14.144
vhost: make sure log_num < in_num
kernel/module: Fix mem leak in module_add_modinfo_attrs
clk: s2mps11: Add used attribute to s2mps11_dt_match
scripts/decode_stacktrace: match basepath using shell prefix operator, not regex
arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64
powerpc/64: mark start_here_multiplatform as __ref
hv_sock: Fix hang when a connection is closed
batman-adv: Only read OGM tvlv_len after buffer len check
batman-adv: fix uninit-value in batadv_netlink_get_ifindex()
vhost/test: fix build for vhost test
PCI: dra7xx: Fix legacy INTD IRQ handling
PCI: designware-ep: Fix find_first_zero_bit() usage
ip6: fix skb leak in ip6frag_expire_frag_queue()
xfrm: clean up xfrm protocol checks
powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
drm/vmwgfx: Fix double free in vmw_recv_msg()
sched/fair: Don't assign runtime for throttled cfs_rq
ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre
ALSA: hda/realtek - Fix overridden device-specific initialization
ALSA: hda - Fix potential endless loop at applying quirks
Linux 4.14.143
x86/boot: Preserve boot_params.secure_boot from sanitizing
mld: fix memory leak in mld_del_delrec()
net: sched: act_sample: fix psample group handling on overwrite
tcp: remove empty skb from write queue in error cases
tcp: inherit timestamp on mtu probe
net: stmmac: dwmac-rk: Don't fail if phy regulator is absent
net_sched: fix a NULL pointer deref in ipt action
net: fix skb use after free in netpoll
Revert "x86/apic: Include the LDR when clearing out APIC registers"
spi: bcm2835aux: fix corruptions for longer spi transfers
spi: bcm2835aux: remove dangerous uncontrolled read of fifo
spi: bcm2835aux: unifying code between polling and interrupt driven code
libceph: allow ceph_buffer_put() to receive a NULL ceph_buffer
KVM: arm/arm64: Only skip MMIO insn once
ceph: fix buffer free while holding i_ceph_lock in fill_inode()
ceph: fix buffer free while holding i_ceph_lock in __ceph_build_xattrs_blob()
ceph: fix buffer free while holding i_ceph_lock in __ceph_setxattr()
IB/mlx4: Fix memory leaks
Tools: hv: kvp: eliminate 'may be used uninitialized' warning
Input: hyperv-keyboard: Use in-place iterator API in the channel callback
HID: cp2112: prevent sleeping function called from invalid context
kprobes: Fix potential deadlock in kprobe_optimizer()
ravb: Fix use-after-free ravb_tstamp_skb
wimax/i2400m: fix a memory leak bug
net: kalmia: fix memory leaks
cx82310_eth: fix a memory leak bug
vfs: fix page locking deadlocks when deduping files
lan78xx: Fix memory leaks
net: myri10ge: fix memory leaks
liquidio: add cleanup in octeon_setup_iq()
cxgb4: fix a memory leak bug
drm/mediatek: set DMA max segment size
drm/mediatek: use correct device to import PRIME buffers
gpio: Fix build error of function redefinition
ibmveth: Convert multicast list size for little-endian system
Bluetooth: btqca: Add a short delay before downloading the NVM
net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
hv_netvsc: Fix a warning of suspicious RCU usage
net: tundra: tsi108: use spin_lock_irqsave instead of spin_lock_irq in IRQ context
Linux 4.14.142
Revert "ASoC: Fail card instantiation if DAI format setup fails"
x86/ptrace: fix up botched merge of spectrev1 fix
i2c: piix4: Fix port selection for AMD Family 16h Model 30h
NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0
NFS: Pass error information to the pgio error cleanup routine
NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
NFS: Clean up list moves of struct nfs_page
KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling
mac80211: fix possible sta leak
Revert "cfg80211: fix processing world regdomain when non modular"
crypto: ccp - Ignore unconfigured CCP device on suspend/resume
VMCI: Release resource if the work is already queued
drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
intel_th: pci: Add Tiger Lake support
intel_th: pci: Add support for another Lewisburg PCH
stm class: Fix a double free of stm_source_device
mmc: core: Fix init of SD cards reporting an invalid VDD range
mmc: sdhci-of-at91: add quirk for broken HS200
uprobes/x86: Fix detection of 32-bit user mode
USB: storage: ums-realtek: Whitelist auto-delink support
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
usb: host: xhci: rcar: Fix typo in compatible string matching
usb: host: ohci: fix a race condition between shutdown and irq
usb: chipidea: udc: don't do hardware access if gadget has stopped
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
usb-storage: Add new JMS567 revision to unusual_devs
ftrace: Check for empty hash and comment the race with registering probes
ftrace: Check for successful allocation of hash
ftrace: Fix NULL pointer dereference in t_probe_next()
x86/apic: Include the LDR when clearing out APIC registers
x86/apic: Do not initialize LDR and DFR for bigsmp
KVM: x86: Don't update RIP or do single-step on faulting emulation
kvm: x86: skip populating logical dest map if apic is not sw enabled
ALSA: seq: Fix potential concurrent access to the deleted pool
ALSA: line6: Fix memory leak at line6_init_pcm() error path
mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
tcp: make sure EPOLLOUT wont be missed
net/smc: make sure EPOLLOUT is raised
ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue
drm/tilcdc: Register cpufreq notifier after we have initialized crtc
scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
drm/bridge: tfp410: fix memleak in get_modes()
watchdog: bcm2835_wdt: Fix module autoload
tools: hv: fix KVP and VSS daemons exit code
usb: host: fotg2: restart hcd after port reset
drm/ast: Fixed reboot test may cause system hanged
i2c: emev2: avoid race when unregistering slave client
i2c: rcar: avoid race when unregistering slave client
xen/blkback: fix memory leaks
usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt
usb: gadget: composite: Clear "suspended" on reset/disconnect
iommu/dma: Handle SG length overflow better
auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach
dmaengine: ste_dma40: fix unneeded variable warning
ANDROID: sched: Disallow WALT with CFS bandwidth control
ANDROID: fiq_debugger: remove
Conflicts:
drivers/base/core.c
drivers/staging/android/fiq_debugger/fiq_debugger.c
drivers/usb/gadget/function/f_mass_storage.c
sound/usb/mixer.c
Change-Id: Ifae45fc2fc7e7a777d77faacc1b3b88e371097df
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Mark Salyzyn
|
a515683b2b |
ANDROID: regression introduced override_creds=off
Solve a regression introduced by
commit 168dcc6231fe4e7dd91a9058cdfe98ccbd4e91ce
("ANDROID: overlayfs: override_creds=off option bypass creator_cred")
where a crash is observed a crash in ovl_create_or_link() when a
simple re-direction command in vendor directory.
/vendor/bin/<Any test> > /vendor/bin/test_log.txt 2>&1&
After further debugging we see that if the output is redirected to a
file which doesn’t exist we see this stack:
[ 377.382745] ovl_create_or_link+0xac/0x710
[ 377.382745] ovl_create_object+0xb8/0x110
[ 377.382745] ovl_create+0x34/0x40
[ 377.382745] path_openat+0xd44/0x15a8
[ 377.382745] do_filp_open+0x80/0x128
[ 377.382745] do_sys_open+0x140/0x250
[ 377.382745] __arm64_sys_openat+0x2c/0x38
ovl_override_creds returns NULL because the override_cred flag is set
to false. This causes ovl_revert_creds also to fail.
There is another call to check override_cred in override_cred call
which overrides the creds permanently as there no revert_creds
associated. So whenever next commit_cred is called we see the crash
as the credentials are permanently overridden.
Signed-off-by: Mark Salyzyn <salyzyn@google.com>
Tested-by: Rishabh/Jeevan <jshriram@qualcomm.corp-partner.google.com>
Bug: 140816499
Change-Id: Icd0d9be82fc57af5ead1eeab99f79adf3adf62ef
|
||
|
Blagovest Kolenichev
|
6d613313e0 |
Merge android-4.14 (a895cea) into msm-4.14
* refs/heads/tmp-a895cea: Revert "ANDROID: sched: Fix share_cap_level detect" ANDROID: cuttlefish_defconfig: Add support for AC97 audio ANDROID: overlayfs: override_creds=off option bypass creator_cred ANDROID: cuttlefish: enable CONFIG_NETFILTER_XT_TARGET_CT=y Revert "ANDROID: arm: process: Add display of memory around registers when displaying regs." Revert "ANDROID: overlayfs: override_creds=off option bypass creator_cred" ANDROID: overlayfs: override_creds=off option bypass creator_cred FROMGIT: binder: create node flag to request sender's security context ANDROID: revert "net: ipv4: sysfs_net_ipv4: Add sysfs-based knobs for controlling TCP window size" ANDROID: cpufreq: times: optimize proc files ANDROID: sched/walt: Fix the potential bad unlock issue ANDROID: sched/fair: Don't double account RT util in boosted_cpu_util() ANDROID: cpufreq: times: record fast switch frequency transitions ANDROID: DEBUG: fix build error when Macro DEBUG_EENV_DECISIONS is defined ANDROID: cuttlefish: enable CONFIG_NET_SCH_NETEM=y ANDROID: sched/walt: Fix lockdep assert issue Add XFRM-I to cuttlefish defconfigs ANDROID: Move from clang r346389b to r349610. ANDROID: Turn xt_owner module on ANDROID: Remove xt_qtaguid module from new kernels. UPSTREAM: virt_wifi: fix error return code in virt_wifi_newlink() ANDROID: arm64: lse: fix LSE atomics with LTO UPSTREAM: net: dev_is_mac_header_xmit() true for ARPHRD_RAWIP UPSTREAM: binder: filter out nodes when showing binder procs UPSTREAM: xfrm: Make set-mark default behavior backward compatible ANDROID: cuttlefish_defconfig: Enable CONFIG_RTC_HCTOSYS ANDROID: sched/rt: fix the problem that rt_rq's util is always zero. ANDROID: sched: Fix share_cap_level detect ANDROID: cfi: fix shadow rebasing UPSTREAM: dm: do not allow readahead to limit IO size UPSTREAM: ppp: Move PFC decompression to PPP generic layer UPSTREAM: l2tp: Add protocol field decompression BACKPORT: l2tp: remove ->recv_payload_hook UPSTREAM: zram: idle writeback fixes and cleanup UPSTREAM: zram: writeback throttle UPSTREAM: zram: add bd_stat statistics UPSTREAM: zram: support idle/huge page writeback UPSTREAM: zram: introduce ZRAM_IDLE flag UPSTREAM: zram: refactor flags and writeback stuff UPSTREAM: zram: fix lockdep warning of free block handling ANDROID: cuttlefish_defconfig: Enable vsock options ANDROID: mnt: Propagate remount correctly UPSTREAM: loop: drop caches if offset or block_size are changed UPSTREAM: crypto: adiantum - initialize crypto_spawn::inst UPSTREAM: crypto: adiantum - fix leaking reference to hash algorithm UPSTREAM: crypto: adiantum - adjust some comments to match latest paper UPSTREAM: crypto: adiantum - propagate CRYPTO_ALG_ASYNC flag to instance ANDROID: cuttlefish: enable CONFIG_NET_CLS_BPF=y Makefile: Fix 4.14.93 resolution ANDROID: cuttlefish_defconfig: remove DM_VERITY_HASH_PREFETCH_MIN_SIZE Revert "ANDROID: dm: verity: add minimum prefetch size" ANDROID: f2fs: Complement "android_fs" tracepoint of read path Conflicts: Documentation/ABI/testing/sysfs-block-zram Documentation/blockdev/zram.txt Makefile drivers/block/zram/zram_drv.c drivers/block/zram/zram_drv.h drivers/md/Kconfig include/uapi/linux/android/binder.h kernel/sched/core.c kernel/sched/cpufreq_schedutil.c kernel/sched/fair.c net/l2tp/l2tp_ppp.c net/netfilter/xt_qtaguid.c Change-Id: Ie4e343210602d26c0319138deb71ff0788e90a87 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Mark Salyzyn
|
168dcc6231 |
ANDROID: overlayfs: override_creds=off option bypass creator_cred
By default, all access to the upper, lower and work directories is the recorded mounter's MAC and DAC credentials. The incoming accesses are checked against the caller's credentials. If the principles of least privilege are applied, the mounter's credentials might not overlap the credentials of the caller's when accessing the overlayfs filesystem. For example, a file that a lower DAC privileged caller can execute, is MAC denied to the generally higher DAC privileged mounter, to prevent an attack vector. We add the option to turn off override_creds in the mount options; all subsequent operations after mount on the filesystem will be only the caller's credentials. The module boolean parameter and mount option override_creds is also added as a presence check for this "feature", existence of /sys/module/overlay/parameters/override_creds. It was not always this way. Circa 4.6 there was no recorded mounter's credentials, instead privileged access to upper or work directories were temporarily increased to perform the operations. The MAC (selinux) policies were caller's in all cases. override_creds=off partially returns us to this older access model minus the insecure temporary credential increases. This is to permit use in a system with non-overlapping security models for each executable including the agent that mounts the overlayfs filesystem. In Android this is the case since init, which performs the mount operations, has a minimal MAC set of privileges to reduce any attack surface, and services that use the content have a different set of MAC privileges (eg: read, for vendor labelled configuration, execute for vendor libraries and modules). The caveats are not a problem in the Android usage model, however they should be fixed for completeness and for general use in time. Signed-off-by: Mark Salyzyn <salyzyn@android.com> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Amir Goldstein <amir73il@gmail.com> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: linux-unionfs@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: kernel-team@android.com --- v9: - Add to the caveats v8: - drop pr_warn message after straw poll to remove it. - added a use case in the commit message v7: - change name of internal parameter to ovl_override_creds_def - report override_creds only if different than default v6: - Drop CONFIG_OVERLAY_FS_OVERRIDE_CREDS. - Do better with the documentation. - pr_warn message adjusted to report consequences. v5: - beefed up the caveats in the Documentation - Is dependent on "overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh" "overlayfs: check CAP_MKNOD before issuing vfs_whiteout" - Added prwarn when override_creds=off v4: - spelling and grammar errors in text v3: - Change name from caller_credentials / creator_credentials to the boolean override_creds. - Changed from creator to mounter credentials. - Updated and fortified the documentation. - Added CONFIG_OVERLAY_FS_OVERRIDE_CREDS v2: - Forward port changed attr to stat, resulting in a build error. - altered commit message. Signed-off-by: Mark Salyzyn <salyzyn@google.com> (cherry picked from https://lore.kernel.org/patchwork/patch/1009299) Bug: 109821005 Bug: 112955896 Bug: 127298877 Change-Id: I1d99298ec5e71174734481be3497763c6b9d42e1 |
||
|
Mark Salyzyn
|
cef9f8d29c |
Revert "ANDROID: overlayfs: override_creds=off option bypass creator_cred"
This reverts commit 9a2d2a45b6c4653a402e5a151d566297704691c3. Reason for revert: <INSERT REASONING HERE> Change-Id: I1b96d1111b993ca23061844dd33573c16d449248 |
||
|
Mark Salyzyn
|
9a2d2a45b6 |
ANDROID: overlayfs: override_creds=off option bypass creator_cred
By default, all access to the upper, lower and work directories is the recorded mounter's MAC and DAC credentials. The incoming accesses are checked against the caller's credentials. If the principles of least privilege are applied, the mounter's credentials might not overlap the credentials of the caller's when accessing the overlayfs filesystem. For example, a file that a lower DAC privileged caller can execute, is MAC denied to the generally higher DAC privileged mounter, to prevent an attack vector. We add the option to turn off override_creds in the mount options; all subsequent operations after mount on the filesystem will be only the caller's credentials. The module boolean parameter and mount option override_creds is also added as a presence check for this "feature", existence of /sys/module/overlay/parameters/override_creds. It was not always this way. Circa 4.6 there was no recorded mounter's credentials, instead privileged access to upper or work directories were temporarily increased to perform the operations. The MAC (selinux) policies were caller's in all cases. override_creds=off partially returns us to this older access model minus the insecure temporary credential increases. This is to permit use in a system with non-overlapping security models for each executable including the agent that mounts the overlayfs filesystem. In Android this is the case since init, which performs the mount operations, has a minimal MAC set of privileges to reduce any attack surface, and services that use the content have a different set of MAC privileges (eg: read, for vendor labelled configuration, execute for vendor libraries and modules). The caveats are not a problem in the Android usage model, however they should be fixed for completeness and for general use in time. Signed-off-by: Mark Salyzyn <salyzyn@android.com> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: Jonathan Corbet <corbet@lwn.net> Cc: Vivek Goyal <vgoyal@redhat.com> Cc: Eric W. Biederman <ebiederm@xmission.com> Cc: Amir Goldstein <amir73il@gmail.com> Cc: Randy Dunlap <rdunlap@infradead.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: linux-unionfs@vger.kernel.org Cc: linux-doc@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: kernel-team@android.com --- v9: - Add to the caveats v8: - drop pr_warn message after straw poll to remove it. - added a use case in the commit message v7: - change name of internal parameter to ovl_override_creds_def - report override_creds only if different than default v6: - Drop CONFIG_OVERLAY_FS_OVERRIDE_CREDS. - Do better with the documentation. - pr_warn message adjusted to report consequences. v5: - beefed up the caveats in the Documentation - Is dependent on "overlayfs: check CAP_DAC_READ_SEARCH before issuing exportfs_decode_fh" "overlayfs: check CAP_MKNOD before issuing vfs_whiteout" - Added prwarn when override_creds=off v4: - spelling and grammar errors in text v3: - Change name from caller_credentials / creator_credentials to the boolean override_creds. - Changed from creator to mounter credentials. - Updated and fortified the documentation. - Added CONFIG_OVERLAY_FS_OVERRIDE_CREDS v2: - Forward port changed attr to stat, resulting in a build error. - altered commit message. Signed-off-by: Mark Salyzyn <salyzyn@google.com> (cherry picked from https://lore.kernel.org/patchwork/patch/1009299) Bug: 109821005 Bug: 112955896 Bug: 127298877 Change-Id: Ie43b0c7dfd64f4cfc27dfe5e1622ea01f3b000cf |
||
|
Blagovest Kolenichev
|
6e592c7b95 |
Merge android-4.14-p.82 (82609b3) into msm-4.14
* remotes/origin/tmp-82609b3: Linux 4.14.82 gpio: brcmstb: release the bgpio lock during irq handlers nvme-loop: fix kernel oops in case of unhandled command printk: Never set console_may_schedule in console_trylock() ovl: check whiteout in ovl_create_over_whiteout() CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM drm/i915/execlists: Force write serialisation into context image vs execution drm/i915: Mark pin flags as u64 drm/i915: Don't oops during modeset shutdown after lpe audio deinit drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values drm/i915: Large page offsets for pread/pwrite drm/i915: Skip vcpi allocation for MSTB ports that are gone drm/i915: Don't unset intel_connector->mst_port drm/i915: Restore vblank interrupts earlier drm/dp_mst: Check if primary mstb is null drm/nouveau: Check backlight IDs are >= 0, not > 0 drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type drm/rockchip: Allow driver to be shutdown on reboot/kexec efi/arm/libstub: Pack FDT after populating it mm/swapfile.c: use kvzalloc for swap_info_struct allocation hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! lib/ubsan.c: don't mark __ubsan_handle_builtin_unreachable as noreturn crypto: user - fix leaking uninitialized memory to userspace gfs2: Put bitmap buffers in put_super configfs: replace strncpy with memcpy fuse: fix leaked notify reply fuse: fix use-after-free in fuse_direct_IO() rtc: hctosys: Add missing range error reporting nfsd: COPY and CLONE operations require the saved filehandle to be set sunrpc: correct the computation for page_ptr when truncating kdb: print real address of pointers instead of hashed addresses kdb: use correct pointer when 'btc' calls 'btt' mount: Prevent MNT_DETACH from disconnecting locked mounts mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts mount: Retest MNT_LOCKED in do_umount ext4: fix buffer leak in __ext4_read_dirblock() on error path ext4: fix buffer leak in ext4_expand_extra_isize_ea() on error path ext4: fix buffer leak in ext4_xattr_move_to_block() on error path ext4: release bs.bh before re-using in ext4_xattr_block_find() ext4: fix buffer leak in ext4_xattr_get_block() on error path ext4: fix possible leak of s_journal_flag_rwsem in error path ext4: fix possible leak of sbi->s_group_desc_leak in error path ext4: avoid possible double brelse() in add_new_gdb() on error path ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing ext4: avoid buffer leak in ext4_orphan_add() after prior errors ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() ext4: fix possible inode leak in the retry loop of ext4_resize_fs() ext4: missing !bh check in ext4_xattr_inode_write() ext4: avoid potential extra brelse in setup_new_flex_group_blocks() ext4: add missing brelse() add_new_gdb_meta_bg()'s error path ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path ext4: add missing brelse() update_backups()'s error path clockevents/drivers/i8253: Add support for PIT shutdown quirk Btrfs: fix data corruption due to cloning of eof block Btrfs: fix infinite loop on inode eviction after deduplication of eof block Btrfs: fix cur_offset in the error case for nocow btrfs: fix pinned underflow after transaction aborted watchdog/core: Add missing prototypes for weak functions arch/alpha, termios: implement BOTHER, IBSHIFT and termios2 termios, tty/tty_baudrate.c: fix buffer overrun x86/hyper-v: Enable PIT shutdown quirk x86/cpu/vmware: Do not trace vmware_sched_clock() of, numa: Validate some distance map rules mtd: docg3: don't set conflicting BCH_CONST_PARAMS option ARM: 8809/1: proc-v7: fix Thumb annotation of cpu_v7_hvc_switch_mm netfilter: conntrack: fix calculation of next bucket number in early_drop mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings ocfs2: free up write context when direct IO failed ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry soc: ti: QMSS: Fix usage of irq_set_affinity_hint SCSI: fix queue cleanup race before queue initialization is done scsi: qla2xxx: Initialize port speed to avoid setting lower speed vhost/scsi: truncate T10 PI iov_iter to prot_bytes reset: hisilicon: fix potential NULL pointer dereference mach64: fix image corruption due to reading accelerator registers mach64: fix display corruption on big endian machines thermal: enable broadcom menu for arm64 bcm2835 Revert "ceph: fix dentry leak in splice_dentry()" libceph: bump CEPH_MSG_MAX_DATA_LEN media: ov7670: make "xclk" clock optional clk: mvebu: use correct bit for 98DX3236 NAND clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call clk: at91: Fix division by zero in PLL recalc_rate() clk: s2mps11: Fix matching when built as module and DT node contains compatible um: Drop own definition of PTRACE_SYSEMU/_SINGLESTEP xtensa: fix boot parameters address translation xtensa: make sure bFLT stack is 16 byte aligned xtensa: add NOTES section to the linker script MIPS: Loongson-3: Fix BRIDGE irq delivery problem MIPS: Loongson-3: Fix CPU UART irq delivery problem ovl: fix recursive oi->lock in ovl_link() fuse: set FR_SENT while locked fuse: fix blocked_waitq wakeup fuse: Fix use-after-free in fuse_dev_do_write() fuse: Fix use-after-free in fuse_dev_do_read() scsi: qla2xxx: Fix re-using LoopID when handle is in use scsi: qla2xxx: shutdown chip if reset fail scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx scsi: qla2xxx: Fix process response queue for ISP26XX and above scsi: qla2xxx: Fix incorrect port speed being set for FC adapters ovl: fix error handling in ovl_verify_set_fh() cdrom: fix improper type cast, which can leat to information leak. 9p: clear dangling pointers in p9stat_free 9p locks: fix glock.client_id leak in do_lock staging:iio:ad7606: fix voltage scales powerpc/selftests: Wait all threads to join media: tvp5150: fix width alignment during set_selection() sc16is7xx: Fix for multi-channel stall MIPS/PCI: Call pcie_bus_configure_settings() to set MPS/MRRS powerpc/memtrace: Remove memory in chunks powerpc/boot: Ensure _zimage_start is a weak symbol MIPS: kexec: Mark CPU offline before disabling local IRQ media: coda: don't overwrite h.264 profile_idc on decoder instance media: pci: cx23885: handle adding to list failure drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer pointer drm/omap: fix memory barrier bug in DMM driver powerpc/mm: Don't report hugepage tables as memory leaks when using kmemleak powerpc/nohash: fix undefined behaviour when testing page size support ARM: imx_v6_v7_defconfig: Select CONFIG_TMPFS_POSIX_ACL tty: check name length in tty_find_polling_driver() powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() powerpc/mm: Fix page table dump to work on Radix powerpc/64/module: REL32 relocation range check powerpc/traps: restore recoverability of machine_check interrupts Change-Id: Ic57d67a5d6d5d8873abb56a093fe5fd5255a9fb7 Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org> |
||
|
Miklos Szeredi
|
cd09665ab6 |
ovl: check whiteout in ovl_create_over_whiteout()
commit 5e1275808630ea3b2c97c776f40e475017535f72 upstream.
Kaixuxia repors that it's possible to crash overlayfs by removing the
whiteout on the upper layer before creating a directory over it. This is a
reproducer:
mkdir lower upper work merge
touch lower/file
mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge
rm merge/file
ls -al merge/file
rm upper/file
ls -al merge/
mkdir merge/file
Before commencing with a vfs_rename(..., RENAME_EXCHANGE) verify that the
lookup of "upper" is positive and is a whiteout, and return ESTALE
otherwise.
Reported by: kaixuxia <xiakaixu1987@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: e9be9d5e76e3 ("overlay filesystem")
Cc: <stable@vger.kernel.org> # v3.18
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Amir Goldstein
|
3c5cf7980b |
ovl: fix recursive oi->lock in ovl_link()
commit 6cd078702f2f33cb6b19a682de3e9184112f1a46 upstream.
linking a non-copied-up file into a non-copied-up parent results in a
nested call to mutex_lock_interruptible(&oi->lock). Fix this by copying up
target parent before ovl_nlink_start(), same as done in ovl_rename().
~/unionmount-testsuite$ ./run --ov -s
~/unionmount-testsuite$ ln /mnt/a/foo100 /mnt/a/dir100/
WARNING: possible recursive locking detected
--------------------------------------------
ln/1545 is trying to acquire lock:
00000000bcce7c4c (&ovl_i_lock_key[depth]){+.+.}, at:
ovl_copy_up_start+0x28/0x7d
but task is already holding lock:
0000000026d73d5b (&ovl_i_lock_key[depth]){+.+.}, at:
ovl_nlink_start+0x3c/0xc1
[SzM: this seems to be a false positive, but doing the copy-up first is
harmless and removes the lockdep splat]
Reported-by: syzbot+3ef5c0d1a5cb0b21e6be@syzkaller.appspotmail.com
Fixes: 5f8415d6b87e ("ovl: persistent overlay inode nlink for...")
Cc: <stable@vger.kernel.org> # v4.13
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
[amir: backport to v4.18]
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Amir Goldstein
|
0afa17be1a |
ovl: fix error handling in ovl_verify_set_fh()
commit babf4770be0adc69e6d2de150f4040f175e24beb upstream. We hit a BUG on kfree of an ERR_PTR()... Reported-by: syzbot+ff03fe05c717b82502d0@syzkaller.appspotmail.com Fixes: 8b88a2e64036 ("ovl: verify upper root dir matches lower root dir") Cc: <stable@vger.kernel.org> # v4.13 Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
2f4158f9e3 |
Merge android-4.14-p.80 (584eb94) into msm-4.14
* refs/heads/tmp-584eb94:
Linux 4.14.80
net: fs_enet: do not call phy_stop() in interrupts
x86/fpu: Fix i486 + no387 boot crash by only saving FPU registers on context switch if there is an FPU
x86/time: Correct the attribute on jiffies' definition
x86/percpu: Fix this_cpu_read()
x86, hibernate: Fix nosave_regions setup for hibernation
x86/tsc: Force inlining of cyc2ns bits
sched/fair: Fix throttle_list starvation with low CFS quota
Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM
USB: fix the usbfs flag sanitization for control transfers
usb: gadget: storage: Fix Spectre v1 vulnerability
usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control()
cdc-acm: fix race between reset and control messaging
cdc-acm: correct counting of UART states in serial state notification
cdc-acm: do not reset notification buffer index upon urb unlinking
IB/ucm: Fix Spectre v1 vulnerability
RDMA/ucma: Fix Spectre v1 vulnerability
drm: fb-helper: Reject all pixel format changing requests
drm/edid: VSDB yCBCr420 Deep Color mode bit definitions
drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl
ptp: fix Spectre v1 vulnerability
cachefiles: fix the race between cachefiles_bury_object() and rmdir(2)
xfs: truncate transaction does not modify the inobt
gpio: mxs: Get rid of external API call
fsnotify: fix ignore mask logic in fsnotify()
Revert "ARM: tegra: Fix ULPI regression on Tegra20"
bpf: fix partial copy of map_ptr when dst is scalar
USB: serial: option: add two-endpoints device-id flag
USB: serial: option: improve Quectel EP06 detection
vfs: swap names of {do,vfs}_clone_file_range()
eeprom: at24: Add support for address-width property
Change-Id: Icc899f8e774106a4166542e0f698165a4f5a08bd
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Amir Goldstein
|
8a6cee344c |
vfs: swap names of {do,vfs}_clone_file_range()
commit a725356b6659469d182d662f22d770d83d3bc7b5 upstream.
Commit 031a072a0b8a ("vfs: call vfs_clone_file_range() under freeze
protection") created a wrapper do_clone_file_range() around
vfs_clone_file_range() moving the freeze protection to former, so
overlayfs could call the latter.
The more common vfs practice is to call do_xxx helpers from vfs_xxx
helpers, where freeze protecction is taken in the vfs_xxx helper, so
this anomality could be a source of confusion.
It seems that commit 8ede205541ff ("ovl: add reflink/copyfile/dedup
support") may have fallen a victim to this confusion -
ovl_clone_file_range() calls the vfs_clone_file_range() helper in the
hope of getting freeze protection on upper fs, but in fact results in
overlayfs allowing to bypass upper fs freeze protection.
Swap the names of the two helpers to conform to common vfs practice
and call the correct helpers from overlayfs and nfsd.
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 031a072a0b8a ("vfs: call vfs_clone_file_range() under freeze...")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Blagovest Kolenichev
|
3cba569322 |
Merge android-4.14-p.75 (9468286) into msm-4.14
* refs/heads/tmp-9468286: Linux 4.14.75 dm thin metadata: fix __udivdi3 undefined on 32-bit ixgbe: check return value of napi_complete_done() ocfs2: fix locking for res->tracking and dlm->tracking_list proc: restrict kernel stack dumps to root tools: hv: fcopy: set 'error' in case an unknown operation was requested Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() gpiolib: Free the last requested descriptor crypto: caam/jr - fix ablkcipher_edesc pointer arithmetic crypto: mxs-dcp - Fix wait logic on chan threads crypto: qat - Fix KASAN stack-out-of-bounds bug in adf_probe() ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 iommu/amd: Clear memory encryption mask from physical address smb2: fix missing files in root share directory listing sysfs: Do not return POSIX ACL xattrs via listxattr ovl: fix format of setxattr debug ovl: fix memory leak on unlink of indexed file ovl: fix access beyond unterminated strings xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage xen: avoid crash in disable_hotplug_cpu xen/manage: don't complain about an empty value in control/sysrq node cifs: read overflow in is_valid_oplock_break() s390/qeth: don't dump past end of unknown HW header s390/qeth: use vzalloc for QUERY OAT buffer r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED drm/amdgpu: fix error handling in amdgpu_cs_user_fence_chunk arm64: jump_label.h: use asm_volatile_goto macro instead of "asm goto" hexagon: modify ffs() and fls() to return int arch/hexagon: fix kernel/dma.c build warning dm thin metadata: try to avoid ever aborting transactions perf/x86/intel: Add support/quirk for the MISPREDICT bit on Knights Landing CPUs net: ena: fix missing calls to READ_ONCE net: ena: fix driver when PAGE_SIZE == 64kB fs/cifs: suppress a string overflow warning dm raid: fix rebuild of specific devices by updating superblock drm/nouveau/disp: fix DP disable race drm/nouveau/TBDdevinit: don't fail when PMU/PRE_OS is missing from VBIOS net/mlx5: Consider PCI domain in search for next dev nvmet-rdma: fix possible bogus dereference under heavy load USB: yurex: Check for truncation in yurex_read() HID: sensor-hub: Restore fixup for Lenovo ThinkPad Helix 2 sensor hub report RDMA/ucma: check fd type in ucma_migrate_id() Revert "iio: temperature: maxim_thermocouple: add MAX31856 part" netfilter: nf_tables: release chain in flushing set perf probe powerpc: Ignore SyS symbols irrespective of endianness perf util: Fix bad memory access in trace info. perf evsel: Fix potential null pointer dereference in perf_evsel__new_idx() scsi: qedi: Add the CRC size within iSCSI NVM image scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values fails HID: hid-saitek: Add device ID for RAT 7 Contagion usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] HID: add support for Apple Magic Keyboards netfilter: xt_cluster: add dependency on conntrack module bpf: 32-bit RSH verification must truncate input before the ALU op mm: madvise(MADV_DODUMP): allow hugetlbfs pages tools/vm/page-types.c: fix "defined but not used" warning tools/vm/slabinfo.c: fix sign-compare warning mac80211: shorten the IBSS debug messages mac80211: don't Tx a deauth frame if the AP forbade Tx mac80211: Fix station bandwidth setting after channel switch mac80211: fix a race between restart and CSA flows cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() mac80211: fix an off-by-one issue in A-MSDU max_subframe computation fs/cifs: don't translate SFM_SLASH (U+F026) to backslash net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP i2c: uniphier: issue STOP only for last message or I2C_M_STOP RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 md/raid5-cache: disable reshape completely ARC: atomics: unbork atomic_fetch_##op() gpio: Fix crash due to registration race tools/kvm_stat: fix handling of invalid paths in debugfs provider tools/kvm_stat: fix python3 issues mac80211: always account for A-MSDU header changes mac80211: do not convert to A-MSDU if frag/subframe limited cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE net: hns: add netif_carrier_off before change speed and duplex net: hns: add the code for cleaning pkt in chip gpiolib-acpi: Register GpioInt ACPI event handlers from a late_initcall gpiolib: acpi: Switch to cansleep version of GPIO library call mac80211: avoid kernel panic when building AMSDU from non-linear SKB mac80211: mesh: fix HWMP sequence numbering to follow standard gpio: adp5588: Fix sleep-in-atomic-context bug mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X scsi: csiostor: add a check for NULL pointer after kmalloc() btrfs: btrfs_shrink_device should call commit transaction at the end KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function mac80211_hwsim: require at least one channel mac80211: Run TXQ teardown code before de-registering interfaces tools/power turbostat: fix possible sprintf buffer overflow serial: mvebu-uart: Fix reporting of effective CSIZE to userspace drm/amdgpu: add another ATPX quirk for TOPAZ drm/amd/pp: initialize result to before or'ing in data Change-Id: I0c8493ff585477b7607f7b8d9e9e6e2213a8d35a Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org> |
||
|
Miklos Szeredi
|
fa7d75f64b |
ovl: fix format of setxattr debug
commit 1a8f8d2a443ef9ad9a3065ba8c8119df714240fa upstream.
Format has a typo: it was meant to be "%.*s", not "%*s". But at some point
callers grew nonprintable values as well, so use "%*pE" instead with a
maximized length.
Reported-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 3a1e819b4e80 ("ovl: store file handle of lower inode on copy up")
Cc: <stable@vger.kernel.org> # v4.12
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Amir Goldstein
|
8d75ecc13f |
ovl: fix memory leak on unlink of indexed file
commit 63e132528032ce937126aba591a7b37ec593a6bb upstream.
The memory leak was detected by kmemleak when running xfstests
overlay/051,053
Fixes: caf70cb2ba5d ("ovl: cleanup orphan index entries")
Cc: <stable@vger.kernel.org> # v4.13
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Amir Goldstein
|
be40643473 |
ovl: fix access beyond unterminated strings
commit 601350ff58d5415a001769532f6b8333820e5786 upstream. KASAN detected slab-out-of-bounds access in printk from overlayfs, because string format used %*s instead of %.*s. > BUG: KASAN: slab-out-of-bounds in string+0x298/0x2d0 lib/vsprintf.c:604 > Read of size 1 at addr ffff8801c36c66ba by task syz-executor2/27811 > > CPU: 0 PID: 27811 Comm: syz-executor2 Not tainted 4.19.0-rc5+ #36 ... > printk+0xa7/0xcf kernel/printk/printk.c:1996 > ovl_lookup_index.cold.15+0xe8/0x1f8 fs/overlayfs/namei.c:689 Reported-by: syzbot+376cea2b0ef340db3dd4@syzkaller.appspotmail.com Signed-off-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Fixes: 359f392ca53e ("ovl: lookup index entry for copy up origin") Cc: <stable@vger.kernel.org> # v4.13 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Blagovest Kolenichev
|
6a2de27bd7 |
Merge android-4.14-p.74 (91ff1d1) into msm-4.14
* refs/heads/tmp-91ff1d1:
ANDROID: sdcardfs: Change current->fs under lock
ANDROID: sdcardfs: Don't use OVERRIDE_CRED macro
Linux 4.14.74
media: v4l: event: Prevent freeing event subscriptions while accessed
arm64: KVM: Sanitize PSTATE.M when being set from userspace
x86/pti: Fix section mismatch warning/error
i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus
arm/arm64: smccc-1.1: Handle function result as parameters
arm/arm64: smccc-1.1: Make return values unsigned long
ARM: dts: omap4-droid4: Fix emmc errors seen on some devices
nvme-fcloop: Fix dropped LS's to removed target port
ata: ftide010: Add a quirk for SQ201
drm/amdgpu: Update power state at the end of smu hw_init.
drm/amdgpu: Enable/disable gfx PG feature in rlc safe mode
Revert "ARM: dts: imx7d: Invert legacy PCI irq mapping"
hwmon: (adt7475) Make adt7475_read_word() return errors
hwmon: (ina2xx) fix sysfs shunt resistor read access
crypto: cavium/nitrox - fix for command corruption in queue full case with backlog submissions.
e1000: ensure to free old tx/rx rings in set_ringparam()
e1000: check on netif_running() before calling e1000_up()
net: hns: fix skb->truesize underestimation
net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES
bpf: sockmap: write_space events need to be passed to TCP handler
tls: possible hang when do_tcp_sendpages hits sndbuf is full case
isofs: reject hardware sector size > 2048 bytes
thermal: of-thermal: disable passive polling when thermal zone is disabled
qed: Avoid sending mailbox commands when MFW is not responsive
qed: Prevent a possible deadlock during driver load and unload
qed: Wait for MCP halt and resume commands to take place
qed: Wait for ready indication before rereading the shmem
arm64: KVM: Tighten guest core register access from userspace
serial: imx: restore handshaking irq for imx1
drm/i915: Remove vma from object on destroy, not close
ovl: hash non-dir by lower inode for fsnotify
RDMA/uverbs: Atomically flush and mark closed the comp event queue
IB/hfi1: Fix context recovery when PBC has an UnsupportedVL
IB/hfi1: Invalid user input can result in crash
IB/hfi1: Fix SL array bounds check
IB/srp: Avoid that sg_reset -d ${srp_device} triggers an infinite loop
Input: elantech - enable middle button of touchpad on ThinkPad P72
USB: remove LPM management from usb_driver_claim_interface()
Revert "usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()"
USB: usbdevfs: restore warning for nonsensical flags
USB: usbdevfs: sanitize flags more
media: uvcvideo: Support realtek's UVC 1.5 device
slub: make ->cpu_partial unsigned int
usb: musb: dsps: do not disable CPPI41 irq in driver teardown
USB: handle NULL config in usb_find_alt_setting()
USB: fix error handling in usb_driver_claim_interface()
regulator: fix crash caused by null driver data
spi: rspi: Fix interrupted DMA transfers
spi: rspi: Fix invalid SPI use during system suspend
spi: sh-msiof: Fix handling of write value for SISTR register
spi: sh-msiof: Fix invalid SPI use during system suspend
spi: tegra20-slink: explicitly enable/disable clock
intel_th: Fix device removal logic
serial: cpm_uart: return immediately from console poll
tty: serial: lpuart: avoid leaking struct tty_struct
x86/mm: Expand static page table for fixmap space
floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
ARM: dts: dra7: fix DCAN node addresses
iio: 104-quad-8: Fix off-by-one error in register selection
Input: xen-kbdfront - fix multi-touch XenStore node's locations
fs/lock: skip lock owner pid translation in case we are in init_pid_ns
EDAC: Fix memleak in module init error path
nfsd: fix corrupted reply to badly ordered compound
gpio: Fix wrong rounding in gpio-menz127
module: exclude SHN_UNDEF symbols from kallsyms api
ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs
EDAC, i7core: Fix memleaks and use-after-free on probe and remove
scsi: megaraid_sas: Update controller info during resume
iomap: complete partial direct I/O writes synchronously
scsi: bnx2i: add error handling for ioremap_nocache
perf/x86/intel/lbr: Fix incomplete LBR call stack
MIPS: boot: fix build rule of vmlinux.its.S
HID: hid-ntrig: add error handling for sysfs_create_group
arm: dts: mediatek: Add missing cooling device properties for CPUs
ARM: mvebu: declare asm symbols as character arrays in pmsu.c
wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()
brcmsmac: fix wrap around in conversion from constant to s16
rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()
ath10k: transmit queued frames after processing rx packets
drm/sun4i: Fix releasing node when enumerating enpoints
net: phy: xgmiitorgmii: Check phy_driver ready before accessing
ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock
net: phy: xgmiitorgmii: Check read_status results
ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge
media: tm6000: add error handling for dvb_register_adapter
drivers/tty: add error handling for pcmcia_loop_config
staging: android: ashmem: Fix mmap size validation
media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data
media: soc_camera: ov772x: correct setting of banding filter
media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power
ALSA: snd-aoa: add of_node_put() in error path
posix-timers: Sanitize overrun handling
posix-timers: Make forward callback return s64
iio: accel: adxl345: convert address field usage in iio_chan_spec
mtd: rawnand: atmel: add module param to avoid using dma
s390/extmem: fix gcc 8 stringop-overflow warning
s390/scm_blk: correct numa_node in scm_blk_dev_setup
s390/dasd: correct numa_node in dasd_alloc_queue
alarmtimer: Prevent overflow for relative nanosleep
s390/sysinfo: add missing #ifdef CONFIG_PROC_FS
powerpc/powernv/ioda2: Reduce upper limit for DMA window size
ath10k: sdio: set skb len for all rx packets
ath10k: sdio: use same endpoint id for all packets in a bundle
usb: wusbcore: security: cast sizeof to int for comparison
scsi: target: Avoid that EXTENDED COPY commands trigger lock inversion
scsi: ibmvscsi: Improve strings handling
scsi: klist: Make it safe to use klists in atomic context
scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size
ARM: dts: ls1021a: Add missing cooling device properties for CPUs
x86/entry/64: Add two more instruction suffixes
ARM: hwmod: RTC: Don't assume lock/unlock will be called with irq enabled
x86/tsc: Add missing header to tsc_msr.c
media: staging/imx: fill vb2_v4l2_buffer field entry
media: fsl-viu: fix error handling in viu_of_probe()
powerpc/kdump: Handle crashkernel memory reservation failure
IB/mlx4: Test port number before querying type.
media: exynos4-is: Prevent NULL pointer dereference in __isp_video_try_fmt()
IB/core: type promotion bug in rdma_rw_init_one_mr()
RDMA/i40w: Hold read semaphore while looking after VMA
RDMA/bnxt_re: Fix a couple off by one bugs
md-cluster: clear another node's suspend_area after the copy is finished
power: remove possible deadlock when unregistering power_supply
s390/mm: correct allocate_pgste proc_handler callback
iommu/msm: Don't call iommu_device_{,un}link from atomic context
6lowpan: iphc: reset mac_header after decompress to fix panic
USB: serial: kobil_sct: fix modem-status error handling
Bluetooth: Add a new Realtek 8723DE ID 0bda:b009
iommu/amd: make sure TLB to be flushed before IOVA freed
power: vexpress: fix corruption in notifier registration
uwb: hwa-rc: fix memory leak at probe
serial: sh-sci: Stop RX FIFO timer during port shutdown
misc: sram: enable clock before registering regions
power: supply: axp288_charger: Fix initial constant_charge_current value
staging: rts5208: fix missing error check on call to rtsx_write_register
x86/numa_emulation: Fix emulated-to-physical node mapping
vmci: type promotion bug in qp_host_get_user_memory()
tsl2550: fix lux1_input error in low light
iio: adc: ina2xx: avoid kthread_stop() with stale task_struct
crypto: skcipher - Fix -Wstringop-truncation warnings
Change-Id: I449d491af38003c7556865c2583b01f8560271dd
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|
||
|
Blagovest Kolenichev
|
3c38b3e52e |
Merge android-4.14-p.69 (c535ee7) into msm-4.14
* refs/heads/tmp-c535ee7:
Linux 4.14.69
arm64: mm: always enable CONFIG_HOLES_IN_ZONE
fs/quota: Fix spectre gadget in do_quotactl
crypto: caam/qi - fix error path in xts setkey
crypto: caam/jr - fix descriptor DMA unmapping
crypto: caam - fix DMA mapping direction for RSA forms 2 & 3
crypto: vmx - Fix sleep-in-atomic bugs
perf auxtrace: Fix queue resize
cap_inode_getsecurity: use d_find_any_alias() instead of d_find_alias()
bcache: release dc->writeback_lock properly in bch_writeback_thread()
libnvdimm: fix ars_status output length calculation
getxattr: use correct xattr length
udlfb: set optimal write delay
fb: fix lost console when the user unplugs a USB adapter
pwm: tiehrpwm: Fix disabling of output of PWMs
pwm: tiehrpwm: Don't use emulation mode bits to control PWM output
ubifs: Fix synced_i_size calculation for xattr inodes
ubifs: xattr: Don't operate on deleted inodes
ubifs: Check data node size before truncate
Revert "UBIFS: Fix potential integer overflow in allocation"
ubifs: Fix memory leak in lprobs self-check
userns: move user access out of the mutex
sys: don't hold uts_sem while accessing userspace memory
iommu/vt-d: Fix dev iotlb pfsid use
iommu/vt-d: Add definitions for PFSID
mm/tlb: Remove tlb_remove_table() non-concurrent condition
ARM: tegra: Fix Tegra30 Cardhu PCA954x reset
NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence()
NFSv4: Fix locking in pnfs_generic_recover_commit_reqs
NFSv4 client live hangs after live data migration recovery
pnfs/blocklayout: off by one in bl_map_stripe()
block, bfq: return nbytes and not zero from struct cftype .write() method
xtensa: increase ranges in ___invalidate_{i,d}cache_all
xtensa: limit offsets in __loop_cache_{all,page}
KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages
KVM: VMX: fixes for vmentry_l1d_flush module parameter
PM / sleep: wakeup: Fix build error caused by missing SRCU support
cpufreq: governor: Avoid accessing invalid governor_data
drivers/block/zram/zram_drv.c: fix bug storing backing_dev
ovl: fix wrong use of impure dir cache in ovl_iterate()
mfd: hi655x: Fix regmap area declared size for hi655x
uprobes: Use synchronize_rcu() not synchronize_sched()
livepatch: Validate module/old func name length
printk/tracing: Do not trace printk_nmi_enter()
tracing/blktrace: Fix to allow setting same value
tracing: Do not call start/stop() functions when tracing_on does not change
rtc: omap: fix potential crash on power off
vmw_balloon: fix VMCI use when balloon built into kernel
vmw_balloon: VMCI_DOORBELL_SET does not check status
vmw_balloon: do not use 2MB without batching
vmw_balloon: fix inflation of 64-bit GFNs
extcon: Release locking when sending the notification of connector state
iio: ad9523: Fix return value for ad952x_store()
iio: ad9523: Fix displayed phase
iio: sca3000: Fix missing return in switch
Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind()
uart: fix race between uart_put_char() and uart_shutdown()
dm crypt: don't decrease device limits
dm cache metadata: set dirty on all cache blocks after a crash
dm cache metadata: save in-core policy_hint_size to on-disk superblock
dm thin: stop no_space_timeout worker when switching to write-mode
dm integrity: change 'suspending' variable from bool to int
net/9p/trans_fd.c: fix race-condition by flushing workqueue before the kfree()
net/9p/client.c: version pointer uninitialized
9p/virtio: fix off-by-one error in sg list bounds check
fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr failed
9p: fix multiple NULL-pointer-dereferences
RDMA/rxe: Set wqe->status correctly if an unexpected response is received
ib_srpt: Fix a use-after-free in srpt_close_ch()
cxl: Fix wrong comparison in cxl_adapter_context_get()
powerpc/powernv/pci: Work around races in PCI bridge enabling
PCI: Add wrappers for dev_printk()
powerpc/pseries: Fix endianness while restoring of r3 in MCE handler.
powerpc/fadump: handle crash memory ranges array index overflow
Fix kexec forbidding kernels signed with keys in the secondary keyring to boot
Replace magic for trusting the secondary keyring with #define
mailbox: xgene-slimpro: Fix potential NULL pointer dereference
media: Revert "[media] tvp5150: fix pad format frame height"
libertas: fix suspend and resume for SDIO connected cards
drm/i915/userptr: reject zero user_size
block: really disable runtime-pm for blk-mq
block: blk_init_allocated_queue() set q->fq as NULL in the fail case
readahead: stricter check for bdi io_pages
mmc: renesas_sdhi_internal_dmac: fix #define RST_RESERVED_BITS
spi: cadence: Change usleep_range() to udelay(), for atomic context
spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe
spi: pxa2xx: Add support for Intel Ice Lake
spi: davinci: fix a NULL pointer dereference
9p/net: Fix zero-copy path in the 9p virtio transport
net: mac802154: tx: expand tailroom if necessary
net: 6lowpan: fix reserved space for single frames
ANDROID: squashfs: resolve merge conflict with 4.14.68
Change-Id: I547b8351069d9529aa81d673f0a20e666618a74c
Signed-off-by: Blagovest Kolenichev <bkolenichev@codeaurora.org>
|