https://source.android.com/security/bulletin/2021-02-01
CVE-2017-18509
CVE-2020-10767
* tag 'ASB-2021-02-05_4.19-stable': (809 commits)
ANDROID: GKI: fix up abi issues with 4.19.172
Linux 4.19.172
fs: fix lazytime expiration handling in __writeback_single_inode()
writeback: Drop I_DIRTY_TIME_EXPIRE
dm integrity: conditionally disable "recalculate" feature
tools: Factor HOSTCC, HOSTLD, HOSTAR definitions
tracing: Fix race in trace_open and buffer resize call
HID: wacom: Correct NULL dereference on AES pen proximity
futex: Handle faults correctly for PI futexes
futex: Simplify fixup_pi_state_owner()
futex: Use pi_state_update_owner() in put_pi_state()
rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
futex: Provide and use pi_state_update_owner()
futex: Replace pointless printk in fixup_owner()
futex: Ensure the correct return value from futex_lock_pi()
futex: Prevent exit livelock
futex: Provide distinct return value when owner is exiting
futex: Add mutex around futex exit
futex: Provide state handling for exec() as well
futex: Sanitize exit state handling
...
Change-Id: Ieba6ee3a91a05d504e1f829a84e7d364e7d983f2
Conflicts:
arch/arm64/boot/dts/rockchip/rk3328.dtsi
drivers/md/Kconfig
drivers/usb/gadget/function/f_uac2.c
This reverts commit 0eae0d2704.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: Ic8e2c2b8b0bcbc2df620cb7a3ded3d0df93f3f29
This reverts commit 20ec909ffb.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: Ia8678769daa8d993cd11a45fad84a5fd7d249c3e
This reverts commit b7fb6bb4c0.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I97d9e1766294002685eb5ab3dec843496bc47a51
This reverts commit 1652f2647e.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: Ifdbdbffee413a16e8c222da60a371ac95797501a
This reverts commit 837bf5a401.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I66251f68e82e90cf4ca5823f41a733696434f0b5
This reverts commit c9704ce7c9.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: Ic89b180cf34b468885490a5586484a655465b887
This reverts commit 41a12dfcf5.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: Ic975a83f60a0e5e3b16079358a65c0ef333a4c81
This reverts commit ea66b38152.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: Idda973c1d6b5be43eee6130aa1de2e601b35ae75
This reverts commit 82e433b1dd.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I8628dd97b13e88efddd65addbf9a479bf853a6cb
This reverts commit c18f2a956e.
Set incfs back to rvc shipping incfs
Bug: 178509184
Test: incfs_test passes
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I9e62d66e47d76c619c1d3f4a4c2449d35300f3db
dm-user is a device mapper target that allows a userspace process to
handle each incoming BIO. Communication with userspace consists of a
stream of messages proxied over a misc device, the structure of each
message is defined in this header.
Test: none
Bug: 161496058
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Change-Id: I97ca538fbd7e73e467416590190d85894db42e7d
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl/1vv4ACgkQONu9yGCS
aT7Kgg/+NKNOk83ra2noGv4pT8rf50ttuxOM3cuSf0YgzM8ZthxYoLLuFGtHaJU2
0Q+xBl1ryaaRj4o2vk01pd45FUK/M55IuOlqdaB0Q09prE9GnIWqe/yvTBd4pn3l
5R5xUoNW4C/ZPQlqOqPshlD9s8Y8dzZ+SDvPv6iJq7zPwclujKHhJYo7zjGoE35X
RX3Cf87l5j5c5AnXDLTonHD5ryqM1d3g33igfGO2F+Vqwx/n6Eh3iFEcVmuWYRUO
4+V9/HxUT6SZod3YnDorEZ2oCNy6R9dADOztbKmkPWTpHGbjUKVBYzTdeDwExjeL
Wl98AhFEPQJ1rfSO5iuP73r4pDiGjltvPs112gLJ4TmQClPrm/tyf+NKQqXAh9r0
wWpSVPNUz4DrR31AGv6vwETSp/I4B7udYkSma/R7mlGOSiqDp+/DBwvNJ81pAcp5
wPXeR+vaH3LwNMhw6gvc5RfY5JBZVVlsXj3N3IKusHVdTVsi2eM/fI1GAHpbefQ+
ct3QUJXA4LlrZO9VOrCj/hksmsts0j0OY2iNvq2s3WpO4wuhBOMahqe2ity4q/Qk
R8QPfQs7/7n6LbgommEg0uP6Zw2Iir+Hidp7r+QbOLx9NxA/InuNNFrgXBvTdMki
TZb/WTNUvrEJMbFel1K+FyB0Ab//KVJ2qCauyOIGVkQuMoipGgo=
=yLwz
-----END PGP SIGNATURE-----
Merge 4.19.165 into android-4.19-stable
Changes in 4.19.165
md/raid10: initialize r10_bio->read_slot before use.
fscrypt: add fscrypt_is_nokey_name()
ext4: prevent creating duplicate encrypted filenames
f2fs: prevent creating duplicate encrypted filenames
ubifs: prevent creating duplicate encrypted filenames
vfio/pci: Move dummy_resources_list init in vfio_pci_probe()
ext4: don't remount read-only with errors=continue on reboot
uapi: move constants from <linux/kernel.h> to <linux/const.h>
KVM: SVM: relax conditions for allowing MSR_IA32_SPEC_CTRL accesses
KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits
powerpc/bitops: Fix possible undefined behaviour with fls() and fls64()
xen/gntdev.c: Mark pages as dirty
null_blk: Fix zone size initialization
of: fix linker-section match-table corruption
Bluetooth: hci_h5: close serdev device and free hu in h5_close
reiserfs: add check for an invalid ih_entry_count
misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells()
media: gp8psk: initialize stats at power control logic
ALSA: seq: Use bool for snd_seq_queue internal flags
ALSA: rawmidi: Access runtime->avail always in spinlock
fcntl: Fix potential deadlock in send_sig{io, urg}()
rtc: sun6i: Fix memleak in sun6i_rtc_clk_init
module: set MODULE_STATE_GOING state when a module fails to load
quota: Don't overflow quota file offsets
powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe()
NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode
module: delay kobject uevent until after module init call
ALSA: pcm: Clear the full allocated memory at hw_params
dm verity: skip verity work if I/O error when system is shutting down
Linux 4.19.165
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I211fed33aec407a84504c9031ad723890263d943
commit a85cbe6159 upstream.
and include <linux/const.h> in UAPI headers instead of <linux/kernel.h>.
The reason is to avoid indirect <linux/sysinfo.h> include when using
some network headers: <linux/netlink.h> or others -> <linux/kernel.h>
-> <linux/sysinfo.h>.
This indirect include causes on MUSL redefinition of struct sysinfo when
included both <sys/sysinfo.h> and some of UAPI headers:
In file included from x86_64-buildroot-linux-musl/sysroot/usr/include/linux/kernel.h:5,
from x86_64-buildroot-linux-musl/sysroot/usr/include/linux/netlink.h:5,
from ../include/tst_netlink.h:14,
from tst_crypto.c:13:
x86_64-buildroot-linux-musl/sysroot/usr/include/linux/sysinfo.h:8:8: error: redefinition of `struct sysinfo'
struct sysinfo {
^~~~~~~
In file included from ../include/tst_safe_macros.h:15,
from ../include/tst_test.h:93,
from tst_crypto.c:11:
x86_64-buildroot-linux-musl/sysroot/usr/include/sys/sysinfo.h:10:8: note: originally defined here
Link: https://lkml.kernel.org/r/20201015190013.8901-1-petr.vorel@gmail.com
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Suggested-by: Rich Felker <dalias@aerifal.cx>
Acked-by: Rich Felker <dalias@libc.org>
Cc: Peter Korsgaard <peter@korsgaard.com>
Cc: Baruch Siach <baruch@tkos.co.il>
Cc: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The uapi is the same on 32 and 64 bit, but the number isn't. Everyone
who botched this please re-read:
https://www.kernel.org/doc/html/v5.4-preprc-cpu/ioctl/botching-up-ioctls.html
Also, the type argument for the ioctl macros is for the type the void
__user *arg pointer points at, which in this case would be the
variable-sized char[] of a 0 terminated string. So this was botched in
more than just the usual ways.
Change-Id: Iaffffa806de8f6f10cd167881bb63fdabd6724a2
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Cc: Chenbo Feng <fengc@google.com>
Cc: Greg Hackmann <ghackmann@google.com>
Cc: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: linux-media@vger.kernel.org
Cc: linaro-mm-sig@lists.linaro.org
Cc: minchan@kernel.org
Cc: surenb@google.com
Cc: jenhaochen@google.com
Cc: Martin Liu <liumartin@google.com>
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Tested-by: Martin Liu <liumartin@google.com>
Reviewed-by: Martin Liu <liumartin@google.com>
Signed-off-by: Sumit Semwal <sumit.semwal@linaro.org>
[sumits: updated some checkpatch fixes, corrected author email]
Link: https://patchwork.freedesktop.org/patch/msgid/20200407133002.3486387-1-daniel.vetter@ffwll.ch
Signed-off-by: Tao Huang <huangtao@rock-chips.com>
(cherry picked from commit a5bff92eaa)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl/sVdwACgkQONu9yGCS
aT581g/+KZ4lFcY/lAEY6/n6RjFenerl5O2a4tqO+j7eivOA8aNOzXQpvwcPXFKZ
uCCwab3shrp0MdOJ4Ub1qLF5rZoJ/QvLNkI+8GVRztnchkWHwNlYbheZqHRows9E
LM5w/+SUh+I7wymfjsjxr8ohSOxkvygNL9PLLTkuQMwbs/jjdizmcgqeYo54Plih
IdtHrp/ZjxKMOu+fkp1dpTy2RUfbxxWS4RnVjSI+g3s8vaxWh90jMCwLP3fyUwpX
a8eNCFkIV0lBCj+dYF+ry5x7wGd9mvCVAG70DmRkHd4nyc1WGnp+yz3lQlQnIzeq
Hc7k3ts3FXmXBSRTzkqM9pmaOuyrKwqu3DoiplXxHgjeJYegP9k0jh33eohXmc/u
qSz9XB3FhBxy7uRf8tqGLKiUsARnQUYfqzR8qgGFndvWRpIBr9egSzDKVNSF5uWu
bPt3UQpM8O714NcnB2PGs4OUPqxSikT3BrnfurZOzEddkSveXfkItYnt3mc300bx
MSHYY/iuLpsBeDd0U6POgf5J5RigmOWvayZrMkPSxlnm7v9diefpKo7xB7+l3AqD
DZ5BSZMNtgKHwzck6d3RXX+GCILreL16Lj299NM1SJPm+j5SEkna7luikgi2pqrk
r2cD31L9JHiq36L3uP5u30JoxEG6+W2Px+dqc+uyB3RXHJzRwy4=
=TKv4
-----END PGP SIGNATURE-----
Merge 4.19.164 into android-4.19-stable
Changes in 4.19.164
Kbuild: do not emit debug info for assembly with LLVM_IAS=1
x86/lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S
spi: bcm2835aux: Fix use-after-free on unbind
spi: bcm2835aux: Restore err assignment in bcm2835aux_spi_probe
iwlwifi: pcie: limit memory read spin time
arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards.
iwlwifi: mvm: fix kernel panic in case of assert during CSA
powerpc: Drop -me200 addition to build flags
ARC: stack unwinding: don't assume non-current task is sleeping
scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE
irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend
soc: fsl: dpio: Get the cpumask through cpumask_of(cpu)
platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e
platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen
platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE
platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC
Input: cm109 - do not stomp on control URB
Input: i8042 - add Acer laptops to the i8042 reset list
pinctrl: amd: remove debounce filter setting in IRQ type setting
mmc: block: Fixup condition for CMD13 polling for RPMB requests
kbuild: avoid static_assert for genksyms
scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP
x86/membarrier: Get rid of a dubious optimization
x86/apic/vector: Fix ordering in vector assignment
compiler.h: fix barrier_data() on clang
PCI: qcom: Add missing reset for ipq806x
mac80211: mesh: fix mesh_pathtbl_init() error path
net: stmmac: free tx skb buffer in stmmac_resume()
tcp: select sane initial rcvq_space.space for big MSS
tcp: fix cwnd-limited bug for TSO deferral where we send nothing
net/mlx4_en: Avoid scheduling restart task if it is already running
lan743x: fix for potential NULL pointer dereference with bare card
net/mlx4_en: Handle TX error CQE
net: stmmac: delete the eee_ctrl_timer after napi disabled
net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux
net: bridge: vlan: fix error return code in __vlan_add()
ktest.pl: If size of log is too big to email, email error message
USB: dummy-hcd: Fix uninitialized array use in init()
USB: add RESET_RESUME quirk for Snapscan 1212
ALSA: usb-audio: Fix potential out-of-bounds shift
ALSA: usb-audio: Fix control 'access overflow' errors from chmap
xhci: Give USB2 ports time to enter U3 in bus suspend
USB: UAS: introduce a quirk to set no_write_same
USB: sisusbvga: Make console support depend on BROKEN
ALSA: pcm: oss: Fix potential out-of-bounds shift
serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access
drm/xen-front: Fix misused IS_ERR_OR_NULL checks
drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi
arm64: lse: fix LSE atomics with LLVM's integrated assembler
arm64: lse: Fix LSE atomics with LLVM
arm64: Change .weak to SYM_FUNC_START_WEAK_PI for arch/arm64/lib/mem*.S
x86/resctrl: Remove unused struct mbm_state::chunks_bw
x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled
pinctrl: merrifield: Set default bias in case no particular value given
pinctrl: baytrail: Avoid clearing debounce value when turning it off
ARM: dts: sun8i: v3s: fix GIC node memory range
gpio: mvebu: fix potential user-after-free on probe
scsi: bnx2i: Requires MMU
xsk: Fix xsk_poll()'s return type
can: softing: softing_netdev_open(): fix error handling
clk: renesas: r9a06g032: Drop __packed for portability
block: factor out requeue handling from dispatch code
netfilter: x_tables: Switch synchronization to RCU
gpio: eic-sprd: break loop when getting NULL device resource
selftests/bpf/test_offload.py: Reset ethtool features after failed setting
RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait
ixgbe: avoid premature Rx buffer reuse
drm/tegra: replace idr_init() by idr_init_base()
kernel/cpu: add arch override for clear_tasks_mm_cpumask() mm handling
drm/tegra: sor: Disable clocks on error in tegra_sor_init()
arm64: syscall: exit userspace before unmasking exceptions
vxlan: Add needed_headroom for lower device
vxlan: Copy needed_tailroom from lowerdev
scsi: mpt3sas: Increase IOCInit request timeout to 30s
dm table: Remove BUG_ON(in_interrupt())
soc/tegra: fuse: Fix index bug in get_process_id
USB: serial: option: add interface-number sanity check to flag handling
USB: gadget: f_acm: add support for SuperSpeed Plus
USB: gadget: f_midi: setup SuperSpeed Plus descriptors
usb: gadget: f_fs: Re-use SS descriptors for SuperSpeedPlus
USB: gadget: f_rndis: fix bitrate for SuperSpeed and above
usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul
ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU
ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on Exynos5410
ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid XU
coresight: tmc-etr: Check if page is valid before dma_map_page()
scsi: megaraid_sas: Check user-provided offsets
HID: i2c-hid: add Vero K147 to descriptor override
serial_core: Check for port state when tty is in error state
Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()
quota: Sanity-check quota file headers on load
media: msi2500: assign SPI bus number dynamically
crypto: af_alg - avoid undefined behavior accessing salg_name
md: fix a warning caused by a race between concurrent md_ioctl()s
perf cs-etm: Change tuple from traceID-CPU# to traceID-metadata
perf cs-etm: Move definition of 'traceid_list' global variable from header file
drm/gma500: fix double free of gma_connector
drm/tve200: Fix handling of platform_get_irq() error
soc: renesas: rmobile-sysc: Fix some leaks in rmobile_init_pm_domains()
soc: mediatek: Check if power domains can be powered on at boot time
soc: qcom: geni: More properly switch to DMA mode
RDMA/bnxt_re: Set queue pair state when being queried
selinux: fix error initialization in inode_doinit_with_dentry()
ARM: dts: aspeed: s2600wf: Fix VGA memory region location
RDMA/rxe: Compute PSN windows correctly
x86/mm/ident_map: Check for errors from ident_pud_init()
ARM: p2v: fix handling of LPAE translation in BE mode
x86/apic: Fix x2apic enablement without interrupt remapping
sched/deadline: Fix sched_dl_global_validate()
sched: Reenable interrupts in do_sched_yield()
crypto: talitos - Endianess in current_desc_hdr()
crypto: talitos - Fix return type of current_desc_hdr()
crypto: inside-secure - Fix sizeof() mismatch
powerpc/64: Set up a kernel stack for secondaries before cpu_restore()
spi: img-spfi: fix reference leak in img_spfi_resume
drm/msm/dsi_pll_10nm: restore VCO rate during restore_state
ASoC: pcm: DRAIN support reactivation
selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
arm64: dts: exynos: Include common syscon restart/poweroff for Exynos7
arm64: dts: exynos: Correct psci compatible used on Exynos7
Bluetooth: Fix null pointer dereference in hci_event_packet()
Bluetooth: hci_h5: fix memory leak in h5_close
spi: spi-ti-qspi: fix reference leak in ti_qspi_setup
spi: tegra20-slink: fix reference leak in slink ops of tegra20
spi: tegra20-sflash: fix reference leak in tegra_sflash_resume
spi: tegra114: fix reference leak in tegra spi ops
spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume
mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure
ASoC: wm8998: Fix PM disable depth imbalance on error
ASoC: arizona: Fix a wrong free in wm8997_probe
RDMa/mthca: Work around -Wenum-conversion warning
MIPS: BCM47XX: fix kconfig dependency bug for BCM47XX_BCMA
crypto: qat - fix status check in qat_hal_put_rel_rd_xfer()
staging: greybus: codecs: Fix reference counter leak in error handling
staging: gasket: interrupt: fix the missed eventfd_ctx_put() in gasket_interrupt.c
media: tm6000: Fix sizeof() mismatches
media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm()
ASoC: meson: fix COMPILE_TEST error
scsi: core: Fix VPD LUN ID designator priorities
media: solo6x10: fix missing snd_card_free in error handling case
video: fbdev: atmel_lcdfb: fix return error code in atmel_lcdfb_of_init()
drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
Input: ads7846 - fix race that causes missing releases
Input: ads7846 - fix integer overflow on Rt calculation
Input: ads7846 - fix unaligned access on 7845
usb/max3421: fix return error code in max3421_probe()
spi: mxs: fix reference leak in mxs_spi_probe
powerpc/feature: Fix CPU_FTRS_ALWAYS by removing CPU_FTRS_GENERIC_32
crypto: crypto4xx - Replace bitwise OR with logical OR in crypto4xx_build_pd
crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe
spi: fix resource leak for drivers without .remove callback
soc: ti: knav_qmss: fix reference leak in knav_queue_probe
soc: ti: Fix reference imbalance in knav_dma_probe
drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe
Input: omap4-keypad - fix runtime PM error handling
RDMA/cxgb4: Validate the number of CQEs
memstick: fix a double-free bug in memstick_check
ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host
ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host
orinoco: Move context allocation after processing the skb
cw1200: fix missing destroy_workqueue() on error in cw1200_init_common
dmaengine: mv_xor_v2: Fix error return code in mv_xor_v2_probe()
media: siano: fix memory leak of debugfs members in smsdvb_hotplug
platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration
platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration
samples: bpf: Fix lwt_len_hist reusing previous BPF map
mips: cdmm: fix use-after-free in mips_cdmm_bus_discover
media: max2175: fix max2175_set_csm_mode() error code
slimbus: qcom-ngd-ctrl: Avoid sending power requests without QMI
HSI: omap_ssi: Don't jump to free ID in ssi_add_controller()
ARM: dts: Remove non-existent i2c1 from 98dx3236
arm64: dts: rockchip: Set dr_mode to "host" for OTG on rk3328-roc-cc
power: supply: axp288_charger: Fix HP Pavilion x2 10 DMI matching
power: supply: bq24190_charger: fix reference leak
genirq/irqdomain: Don't try to free an interrupt that has no mapping
PCI: Bounds-check command-line resource alignment requests
PCI: Fix overflow in command-line resource alignment requests
PCI: iproc: Fix out-of-bound array accesses
arm64: dts: meson: fix spi-max-frequency on Khadas VIM2
ARM: dts: at91: at91sam9rl: fix ADC triggers
platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init
ath10k: Fix the parsing error in service available event
ath10k: Fix an error handling path
ath10k: Release some resources in an error handling path
NFSv4.2: condition READDIR's mask for security label based on LSM state
SUNRPC: xprt_load_transport() needs to support the netid "rdma6"
lockd: don't use interval-based rebinding over TCP
NFS: switch nfsiod to be an UNBOUND workqueue.
vfio-pci: Use io_remap_pfn_range() for PCI IO memory
media: saa7146: fix array overflow in vidioc_s_audio()
clocksource/drivers/cadence_ttc: Fix memory leak in ttc_setup_clockevent()
ARM: dts: at91: sama5d2: map securam as device
pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()
arm64: dts: rockchip: Fix UART pull-ups on rk3328
memstick: r592: Fix error return in r592_probe()
net/mlx5: Properly convey driver version to firmware
ASoC: jz4740-i2s: add missed checks for clk_get()
dm ioctl: fix error return code in target_message
clocksource/drivers/arm_arch_timer: Correct fault programming of CNTKCTL_EL1.EVNTI
cpufreq: highbank: Add missing MODULE_DEVICE_TABLE
cpufreq: mediatek: Add missing MODULE_DEVICE_TABLE
cpufreq: st: Add missing MODULE_DEVICE_TABLE
cpufreq: loongson1: Add missing MODULE_ALIAS
cpufreq: scpi: Add missing MODULE_ALIAS
scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
scsi: pm80xx: Fix error return in pm8001_pci_probe()
seq_buf: Avoid type mismatch for seq_buf_init
scsi: fnic: Fix error return code in fnic_probe()
platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems
powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops
powerpc/pseries/hibernation: remove redundant cacheinfo update
usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe
usb: oxu210hp-hcd: Fix memory leak in oxu_create
speakup: fix uninitialized flush_lock
nfsd: Fix message level for normal termination
nfs_common: need lock during iterate through the list
x86/kprobes: Restore BTF if the single-stepping is cancelled
bus: fsl-mc: fix error return code in fsl_mc_object_allocate()
clk: tegra: Fix duplicated SE clock entry
extcon: max77693: Fix modalias string
mac80211: don't set set TDLS STA bandwidth wider than possible
ASoC: wm_adsp: remove "ctl" from list on error in wm_adsp_create_control()
irqchip/alpine-msi: Fix freeing of interrupts on allocation error path
watchdog: sirfsoc: Add missing dependency on HAS_IOMEM
watchdog: sprd: remove watchdog disable from resume fail path
watchdog: sprd: check busy bit before new loading rather than after that
watchdog: Fix potential dereferencing of null pointer
um: Monitor error events in IRQ controller
um: tty: Fix handling of close in tty lines
um: chan_xterm: Fix fd leak
nfc: s3fwrn5: Release the nfc firmware
powerpc/ps3: use dma_mapping_error()
checkpatch: fix unescaped left brace
net: bcmgenet: Fix a resource leak in an error handling path in the probe functin
net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function
net: korina: fix return value
libnvdimm/label: Return -ENXIO for no slot in __blk_label_update
watchdog: qcom: Avoid context switch in restart handler
watchdog: coh901327: add COMMON_CLK dependency
clk: ti: Fix memleak in ti_fapll_synth_setup
pwm: zx: Add missing cleanup in error path
pwm: lp3943: Dynamically allocate PWM chip base
perf record: Fix memory leak when using '--user-regs=?' to list registers
qlcnic: Fix error code in probe
clk: s2mps11: Fix a resource leak in error handling paths in the probe function
clk: sunxi-ng: Make sure divider tables have sentinel
kconfig: fix return value of do_error_if()
ARM: sunxi: Add machine match for the Allwinner V3 SoC
cfg80211: initialize rekey_data
fix namespaced fscaps when !CONFIG_SECURITY
lwt: Disable BH too in run_lwt_bpf()
Input: cros_ec_keyb - send 'scancodes' in addition to key events
Input: goodix - add upside-down quirk for Teclast X98 Pro tablet
media: gspca: Fix memory leak in probe
media: sunxi-cir: ensure IR is handled when it is continuous
media: netup_unidvb: Don't leak SPI master in probe error path
media: ipu3-cio2: Remove traces of returned buffers
media: ipu3-cio2: Return actual subdev format
media: ipu3-cio2: Serialise access to pad format
media: ipu3-cio2: Validate mbus format in setting subdev format
media: ipu3-cio2: Make the field on subdev format V4L2_FIELD_NONE
Input: cyapa_gen6 - fix out-of-bounds stack access
ALSA: hda/ca0132 - Change Input Source enum strings.
PM: ACPI: PCI: Drop acpi_pm_set_bridge_wakeup()
Revert "ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks"
ACPI: PNP: compare the string length in the matching_id()
ALSA: hda: Fix regressions on clear and reconfig sysfs
ALSA: hda/realtek - Enable headset mic of ASUS X430UN with ALC256
ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255
ALSA: pcm: oss: Fix a few more UBSAN fixes
ALSA: hda/realtek: Add quirk for MSI-GP73
ALSA: hda/realtek: Apply jack fixup for Quanta NL3
ALSA: usb-audio: Add VID to support native DSD reproduction on FiiO devices
ALSA: usb-audio: Disable sample read check if firmware doesn't give back
s390/smp: perform initial CPU reset also for SMT siblings
s390/kexec_file: fix diag308 subcode when loading crash kernel
s390/dasd: fix hanging device offline processing
s390/dasd: prevent inconsistent LCU device data
s390/dasd: fix list corruption of pavgroup group list
s390/dasd: fix list corruption of lcu list
staging: comedi: mf6x4: Fix AI end-of-conversion detection
powerpc/perf: Exclude kernel samples while counting events in user space.
crypto: ecdh - avoid unaligned accesses in ecdh_set_secret()
EDAC/amd64: Fix PCI component registration
USB: serial: mos7720: fix parallel-port state restore
USB: serial: digi_acceleport: fix write-wakeup deadlocks
USB: serial: keyspan_pda: fix dropped unthrottle interrupts
USB: serial: keyspan_pda: fix write deadlock
USB: serial: keyspan_pda: fix stalled writes
USB: serial: keyspan_pda: fix write-wakeup use-after-free
USB: serial: keyspan_pda: fix tx-unthrottle use-after-free
USB: serial: keyspan_pda: fix write unthrottling
ext4: fix a memory leak of ext4_free_data
ext4: fix deadlock with fs freezing and EA inodes
KVM: arm64: Introduce handling of AArch32 TTBCR2 traps
ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard ES
ARM: dts: at91: sama5d2: fix CAN message ram offset and size
powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at
powerpc/rtas: Fix typo of ibm,open-errinjct in RTAS filter
powerpc/xmon: Change printk() to pr_cont()
powerpc/powernv/memtrace: Don't leak kernel memory to user space
powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently
ima: Don't modify file descriptor mode on the fly
ceph: fix race in concurrent __ceph_remove_cap invocations
SMB3: avoid confusing warning message on mount to Azure
SMB3.1.1: do not log warning message if server doesn't populate salt
ubifs: wbuf: Don't leak kernel memory to flash
jffs2: Fix GC exit abnormally
jfs: Fix array index bounds check in dbAdjTree
drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor()
spi: spi-sh: Fix use-after-free on unbind
spi: davinci: Fix use-after-free on unbind
spi: pic32: Don't leak DMA channels in probe error path
spi: rb4xx: Don't leak SPI master in probe error path
spi: sc18is602: Don't leak SPI master in probe error path
spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path
spi: mt7621: fix missing clk_disable_unprepare() on error in mt7621_spi_probe
soc: qcom: smp2p: Safely acquire spinlock without IRQs
mtd: spinand: Fix OOB read
mtd: parser: cmdline: Fix parsing of part-names with colons
mtd: rawnand: qcom: Fix DMA sync on FLASH_STATUS register read
scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()
scsi: lpfc: Re-fix use after free in lpfc_rq_buf_free()
iio: buffer: Fix demux update
iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume
iio:light:rpr0521: Fix timestamp alignment and prevent data leak.
iio:light:st_uvis25: Fix timestamp alignment and prevent data leak.
iio:pressure:mpl3115: Force alignment of buffer
iio:imu:bmi160: Fix too large a buffer.
md/cluster: block reshape with remote resync job
md/cluster: fix deadlock when node is doing resync job
pinctrl: sunxi: Always call chained_irq_{enter, exit} in sunxi_pinctrl_irq_handler
clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9
xen-blkback: set ring->xenblkd to NULL after kthread_stop()
xen/xenbus: Allow watches discard events before queueing
xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
xen/xenbus/xen_bus_type: Support will_handle watch callback
xen/xenbus: Count pending messages for each watch
xenbus/xenbus_backend: Disallow pending watch messages
libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels
platform/x86: intel-vbtn: Allow switch events on Acer Switch Alpha 12
PCI: Fix pci_slot_release() NULL pointer dereference
platform/x86: mlx-platform: remove an unused variable
Linux 4.19.164
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I8e2d24b45393ee2360186893d4e578e20156c7f1
commit 92eb6c3060 upstream.
Commit 3f69cc6076 ("crypto: af_alg - Allow arbitrarily long algorithm
names") made the kernel start accepting arbitrarily long algorithm names
in sockaddr_alg. However, the actual length of the salg_name field
stayed at the original 64 bytes.
This is broken because the kernel can access indices >= 64 in salg_name,
which is undefined behavior -- even though the memory that is accessed
is still located within the sockaddr structure. It would only be
defined behavior if the array were properly marked as arbitrary-length
(either by making it a flexible array, which is the recommended way
these days, or by making it an array of length 0 or 1).
We can't simply change salg_name into a flexible array, since that would
break source compatibility with userspace programs that embed
sockaddr_alg into another struct, or (more commonly) declare a
sockaddr_alg like 'struct sockaddr_alg sa = { .salg_name = "foo" };'.
One solution would be to change salg_name into a flexible array only
when '#ifdef __KERNEL__'. However, that would keep userspace without an
easy way to actually use the longer algorithm names.
Instead, add a new structure 'sockaddr_alg_new' that has the flexible
array field, and expose it to both userspace and the kernel.
Make the kernel use it correctly in alg_bind().
This addresses the syzbot report
"UBSAN: array-index-out-of-bounds in alg_bind"
(https://syzkaller.appspot.com/bug?extid=92ead4eb8e26a26d465e).
Reported-by: syzbot+92ead4eb8e26a26d465e@syzkaller.appspotmail.com
Fixes: 3f69cc6076 ("crypto: af_alg - Allow arbitrarily long algorithm names")
Cc: <stable@vger.kernel.org> # v4.12+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Roll report_uid feature flag into v2 feature flag
Bug: 174478527
Test: Feature flag present on boot
Signed-off-by: Paul Lawrence <paullawrence@google.com>
Change-Id: I41ee9715904560004e25cc83a5ccc1eb1bdd2b1f
Changes in 4.19.161
perf event: Check ref_reloc_sym before using it
netfilter: clear skb->next in NF_HOOK_LIST()
btrfs: don't access possibly stale fs_info data for printing duplicate device
btrfs: fix lockdep splat when reading qgroup config on mount
wireless: Use linux/stddef.h instead of stddef.h
KVM: arm64: vgic-v3: Drop the reporting of GICR_TYPER.Last for userspace
KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint
KVM: x86: Fix split-irqchip vs interrupt injection window request
arm64: pgtable: Fix pte_accessible()
arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect()
drm/atomic_helper: Stop modesets on unregistered connectors harder
ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close
HID: cypress: Support Varmilo Keyboards' media hotkeys
HID: add support for Sega Saturn
Input: i8042 - allow insmod to succeed on devices without an i8042 controller
HID: hid-sensor-hub: Fix issue with devices with no report ID
HID: add HID_QUIRK_INCREMENT_USAGE_ON_DUPLICATE for Gamevice devices
dmaengine: xilinx_dma: use readl_poll_timeout_atomic variant
x86/xen: don't unbind uninitialized lock_kicker_irq
HID: Add Logitech Dinovo Edge battery quirk
proc: don't allow async path resolution of /proc/self components
nvme: free sq/cq dbbuf pointers when dbbuf set fails
dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size
scsi: libiscsi: Fix NOP race condition
scsi: target: iscsi: Fix cmd abort fabric stop race
perf/x86: fix sysfs type mismatches
xtensa: uaccess: Add missing __user to strncpy_from_user() prototype
phy: tegra: xusb: Fix dangling pointer on probe failure
batman-adv: set .owner to THIS_MODULE
ARM: dts: dra76x: m_can: fix order of clocks
scsi: ufs: Fix race between shutdown and runtime resume flow
bnxt_en: fix error return code in bnxt_init_one()
bnxt_en: fix error return code in bnxt_init_board()
video: hyperv_fb: Fix the cache type when mapping the VRAM
bnxt_en: Release PCI regions when DMA mask setup fails during probe.
cxgb4: fix the panic caused by non smac rewrite
s390/qeth: fix tear down of async TX buffers
IB/mthca: fix return value of error branch in mthca_init_cq()
nfc: s3fwrn5: use signed integer for parsing GPIO numbers
net: ena: set initial DMA width to avoid intel iommu issue
ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues
ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq
optee: add writeback to valid memory type
efivarfs: revert "fix memory leak in efivarfs_create()"
can: gs_usb: fix endianess problem with candleLight firmware
platform/x86: thinkpad_acpi: Send tablet mode switch at wakeup time
platform/x86: toshiba_acpi: Fix the wrong variable assignment
can: m_can: fix nominal bitiming tseg2 min for version >= 3.1
perf probe: Fix to die_entrypc() returns error correctly
USB: core: Change %pK for __user pointers to %px
usb: gadget: f_midi: Fix memleak in f_midi_alloc
USB: quirks: Add USB_QUIRK_DISCONNECT_SUSPEND quirk for Lenovo A630Z TIO built-in usb-audio card
usb: gadget: Fix memleak in gadgetfs_fill_super
x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb
x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak
x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak
USB: core: Fix regression in Hercules audio card
Linux 4.19.161
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib704b9ff60755978b272aa358d25ddb217cc37bc
commit 1b9ae0c929 upstream.
When compiling inside the kernel include linux/stddef.h instead of
stddef.h. When I compile this header file in backports for power PC I
run into a conflict with ptrdiff_t. I was unable to reproduce this in
mainline kernel. I still would like to fix this problem in the kernel.
Fixes: 6989310f5d ("wireless: Use offsetof instead of custom macro.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://lore.kernel.org/r/20200521201422.16493-1-hauke@hauke-m.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
CONFIG_VIDEO_ROCKCHIP_ISPP_FEC to enable this function
Change-Id: I4baae13964f2f99df9ae19d5160f06610bcfa308
Signed-off-by: Cai YiWei <cyw@rock-chips.com>
