github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
799,704 Commits 1 Branch 934 Tags 20 GiB
eb54e73236
Commit Graph

12174 Commits

Author SHA1 Message Date
Greg Kroah-Hartman
071fbc0683 ANDROID: GKI: sock.h: add Android ABI padding to some structures 
Try to mitigate potential future driver core api changes by adding a
padding to struct sock.

Based on a patch from Michal Marek <mmarek@suse.cz> from the SLES kernel

Bug: 151154716
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I61c3d6cf12c087345db71fc6d93ee6bd58969003
 2020-05-01 15:18:11 +02:00
Vidyullatha Kanchanapally
f18ae83998 ANDROID: GKI: cfg80211: Include length of kek in rekey data 
With support for new AKM suites (example FILS-SHA256), the KEK length
can now be more than NL80211_KEK_LEN and the KCK length can be zero.
Add changes in cfg80211 to specify the length of KEK, and make KCK
optional. Make NL80211_REKEY_DATA_KEK as NLA_BINARY to enforce a maximum
length check.
Also add macro CFG80211_REKEY_DATA_KEK_LEN to indicate support for
including KEK length in rekey data.

CRs-Fixed: 2087759
Change-Id: Ica8dbb8614e0a9c3905e125b4a5254e43821984e
Signed-off-by: Vidyullatha Kanchanapally <vidyullatha@codeaurora.org>
Signed-off-by: Ankita Bajaj <bankita@codeaurora.org>
Signed-off-by: Hardik Kantilal Patel <hkpatel@codeaurora.org>
(cherry picked from commit 1daf1a378a61ab77a9497e81b1c0de2bbeca70c1)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
 2020-04-30 21:32:15 +00:00
Greg Kroah-Hartman
be3bb0daac This is the 4.19.119 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6pj8gACgkQONu9yGCS
 aT5mKxAAvzC4s4XHwDDckvvu57/sED2oEtp7MgmLuyK4Ih55GyyLGx9zg1A2z+rs
 wQSsVW+/WeurCj4CuVciakkCvgBeY494cbnghr2lohhJZ918/XnYmPODLJhlvtcV
 gZ4vxk5euNqpWGsmu+X+DRBG6QuU5GYf4ox39NZdtKm5I+kt5Lw44AHSNlFP0q3y
 drRFc49cqSxa4WkVRixJJOTQbSHARNWiayOG4uLb4zoZFvJOTDAp7+yX5LYD7lxY
 3FsQLVMSp7c/whppeGySVX0oJF/12weR9OQJZVxxhlMNggmGREwDxayBaPYqA4pa
 0OO83rO1aP9j2VK3HFiK4OwatKHcu0GvGV9I4rP3u8hWvJyUzTAfdcVUXHl6of12
 6hXG7F3f0TVY/OP6J2WepcQG5IbkiiAY1J0wlqbqo5MvOqESJZ/J0pGuFD1qzQ8n
 zaMnj2zhJHkJEfyP7Dvjo4y72eM9tWnFxKfm/PtuHWGovpP15rrsuHcs343U92Z7
 zQ/Ak10tA8FpSM7dXaTd98/3FkVdQbkImkEUOpWzPjiJFGyuk8j6/ZE9rCWtlNR1
 HP9cLgKB/PF/a3+kwtgGAhAHBVIA8trhSm1jRqEU7ki9sBQnV/2iR5b7UJ8xn4uA
 dl9HlxpiDYvIjRhHfMh6GXIhdO2T8coFzxKRztjxrM0dbaQeVKQ=
 =31Y5
 -----END PGP SIGNATURE-----

Merge 4.19.119 into android-4.19

Changes in 4.19.119
	ext4: fix extent_status fragmentation for plain files
	drm/msm: Use the correct dma_sync calls harder
	bpftool: Fix printing incorrect pointer in btf_dump_ptr
	crypto: mxs-dcp - make symbols 'sha1_null_hash' and 'sha256_null_hash' static
	vti4: removed duplicate log message.
	arm64: Add part number for Neoverse N1
	arm64: errata: Hide CTR_EL0.DIC on systems affected by Neoverse-N1 #1542419
	arm64: Fake the IminLine size on systems affected by Neoverse-N1 #1542419
	arm64: compat: Workaround Neoverse-N1 #1542419 for compat user-space
	arm64: Silence clang warning on mismatched value/register sizes
	watchdog: reset last_hw_keepalive time at start
	scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
	scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG
	ceph: return ceph_mdsc_do_request() errors from __get_parent()
	ceph: don't skip updating wanted caps when cap is stale
	pwm: rcar: Fix late Runtime PM enablement
	scsi: iscsi: Report unbind session event when the target has been removed
	ASoC: Intel: atom: Take the drv->lock mutex before calling sst_send_slot_map()
	nvme: fix deadlock caused by ANA update wrong locking
	kernel/gcov/fs.c: gcov_seq_next() should increase position index
	selftests: kmod: fix handling test numbers above 9
	ipc/util.c: sysvipc_find_ipc() should increase position index
	kconfig: qconf: Fix a few alignment issues
	s390/cio: avoid duplicated 'ADD' uevents
	loop: Better discard support for block devices
	Revert "powerpc/64: irq_work avoid interrupt when called with hardware irqs enabled"
	pwm: renesas-tpu: Fix late Runtime PM enablement
	pwm: bcm2835: Dynamically allocate base
	perf/core: Disable page faults when getting phys address
	ASoC: Intel: bytcr_rt5640: Add quirk for MPMAN MPWIN895CL tablet
	xhci: Ensure link state is U3 after setting USB_SS_PORT_LS_U3
	drm/amd/display: Not doing optimize bandwidth if flip pending.
	tracing/selftests: Turn off timeout setting
	virtio-blk: improve virtqueue error to BLK_STS
	scsi: smartpqi: fix call trace in device discovery
	PCI/ASPM: Allow re-enabling Clock PM
	net: ipv6: add net argument to ip6_dst_lookup_flow
	net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
	blktrace: Protect q->blk_trace with RCU
	blktrace: fix dereference after null check
	f2fs: fix to avoid memory leakage in f2fs_listxattr
	KVM: VMX: Zero out *all* general purpose registers after VM-Exit
	KVM: nVMX: Always sync GUEST_BNDCFGS when it comes from vmcs01
	KVM: Introduce a new guest mapping API
	kvm: fix compilation on aarch64
	kvm: fix compilation on s390
	kvm: fix compile on s390 part 2
	KVM: Properly check if "page" is valid in kvm_vcpu_unmap
	x86/kvm: Introduce kvm_(un)map_gfn()
	x86/kvm: Cache gfn to pfn translation
	x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed
	x86/KVM: Clean up host's steal time structure
	cxgb4: fix adapter crash due to wrong MC size
	cxgb4: fix large delays in PTP synchronization
	ipv6: fix restrict IPV6_ADDRFORM operation
	macsec: avoid to set wrong mtu
	macvlan: fix null dereference in macvlan_device_event()
	net: bcmgenet: correct per TX/RX ring statistics
	net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
	net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array
	net/x25: Fix x25_neigh refcnt leak when receiving frame
	sched: etf: do not assume all sockets are full blown
	tcp: cache line align MAX_TCP_HEADER
	team: fix hang in team_mode_get()
	vrf: Fix IPv6 with qdisc and xfrm
	net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled
	net: dsa: b53: Fix ARL register definitions
	net: dsa: b53: Rework ARL bin logic
	net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL
	xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
	vrf: Check skb for XFRM_TRANSFORMED flag
	mlxsw: Fix some IS_ERR() vs NULL bugs
	KEYS: Avoid false positive ENOMEM error on key read
	ALSA: hda: Remove ASUS ROG Zenith from the blacklist
	ALSA: usb-audio: Add static mapping table for ALC1220-VB-based mobos
	ALSA: usb-audio: Add connector notifier delegation
	iio: core: remove extra semi-colon from devm_iio_device_register() macro
	iio: st_sensors: rely on odr mask to know if odr can be set
	iio: adc: stm32-adc: fix sleep in atomic context
	iio: xilinx-xadc: Fix ADC-B powerdown
	iio: xilinx-xadc: Fix clearing interrupt when enabling trigger
	iio: xilinx-xadc: Fix sequencer configuration for aux channels in simultaneous mode
	iio: xilinx-xadc: Make sure not exceed maximum samplerate
	fs/namespace.c: fix mountpoint reference counter race
	USB: sisusbvga: Change port variable from signed to unsigned
	USB: Add USB_QUIRK_DELAY_CTRL_MSG and USB_QUIRK_DELAY_INIT for Corsair K70 RGB RAPIDFIRE
	USB: early: Handle AMD's spec-compliant identifiers, too
	USB: core: Fix free-while-in-use bug in the USB S-Glibrary
	USB: hub: Fix handling of connect changes during sleep
	vmalloc: fix remap_vmalloc_range() bounds checks
	mm/hugetlb: fix a addressing exception caused by huge_pte_offset
	mm/ksm: fix NULL pointer dereference when KSM zero page is enabled
	tools/vm: fix cross-compile build
	ALSA: usx2y: Fix potential NULL dereference
	ALSA: hda/realtek - Fix unexpected init_amp override
	ALSA: hda/realtek - Add new codec supported for ALC245
	ALSA: usb-audio: Fix usb audio refcnt leak when getting spdif
	ALSA: usb-audio: Filter out unsupported sample rates on Focusrite devices
	tpm/tpm_tis: Free IRQ if probing fails
	tpm: ibmvtpm: retry on H_CLOSED in tpm_ibmvtpm_send()
	KVM: s390: Return last valid slot if approx index is out-of-bounds
	KVM: Check validity of resolved slot when searching memslots
	KVM: VMX: Enable machine check support for 32bit targets
	tty: hvc: fix buffer overflow during hvc_alloc().
	tty: rocket, avoid OOB access
	usb-storage: Add unusual_devs entry for JMicron JMS566
	audit: check the length of userspace generated audit records
	ASoC: dapm: fixup dapm kcontrol widget
	iwlwifi: pcie: actually release queue memory in TVQM
	iwlwifi: mvm: beacon statistics shouldn't go backwards
	ARM: imx: provide v7_cpu_resume() only on ARM_CPU_SUSPEND=y
	powerpc/setup_64: Set cache-line-size based on cache-block-size
	staging: comedi: dt2815: fix writing hi byte of analog output
	staging: comedi: Fix comedi_device refcnt leak in comedi_open
	vt: don't hardcode the mem allocation upper bound
	vt: don't use kmalloc() for the unicode screen buffer
	staging: vt6656: Don't set RCR_MULTICAST or RCR_BROADCAST by default.
	staging: vt6656: Fix calling conditions of vnt_set_bss_mode
	staging: vt6656: Fix drivers TBTT timing counter.
	staging: vt6656: Fix pairwise key entry save.
	staging: vt6656: Power save stop wake_up_count wrap around.
	cdc-acm: close race betrween suspend() and acm_softint
	cdc-acm: introduce a cool down
	UAS: no use logging any details in case of ENODEV
	UAS: fix deadlock in error handling and PM flushing work
	usb: dwc3: gadget: Fix request completion check
	usb: f_fs: Clear OS Extended descriptor counts to zero in ffs_data_reset()
	xhci: prevent bus suspend if a roothub port detected a over-current condition
	serial: sh-sci: Make sure status register SCxSR is read in correct sequence
	xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT
	s390/mm: fix page table upgrade vs 2ndary address mode accesses
	Linux 4.19.119

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I4b16db8472367d135a4ff68d2863c634bf093ef5
 2020-04-29 17:26:17 +02:00
Eric Dumazet
3405bf51f6 tcp: cache line align MAX_TCP_HEADER 
[ Upstream commit 9bacd256f1 ]

TCP stack is dumb in how it cooks its output packets.

Depending on MAX_HEADER value, we might chose a bad ending point
for the headers.

If we align the end of TCP headers to cache line boundary, we
make sure to always use the smallest number of cache lines,
which always help.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Soheil Hassas Yeganeh <soheil@google.com>
Acked-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-04-29 16:31:21 +02:00
Sabrina Dubroca
5dd6835278 net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 
commit 6c8991f415 upstream.

ipv6_stub uses the ip6_dst_lookup function to allow other modules to
perform IPv6 lookups. However, this function skips the XFRM layer
entirely.

All users of ipv6_stub->ip6_dst_lookup use ip_route_output_flow (via the
ip_route_output_key and ip_route_output helpers) for their IPv4 lookups,
which calls xfrm_lookup_route(). This patch fixes this inconsistent
behavior by switching the stub to ip6_dst_lookup_flow, which also calls
xfrm_lookup_route().

This requires some changes in all the callers, as these two functions
take different arguments and have different return types.

Fixes: 5f81bd2e5d ("ipv6: export a stub for IPv6 symbols used by vxlan")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 4.19:
 - Drop change in lwt_bpf.c
 - Delete now-unused "ret" in mlx5e_route_lookup_ipv6()
 - Initialise "out_dev" in mlx5e_create_encap_header_ipv6() to avoid
   introducing a spurious "may be used uninitialised" warning
 - Adjust filenames, context, indentation]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-04-29 16:31:17 +02:00
Sabrina Dubroca
abee5ded9b net: ipv6: add net argument to ip6_dst_lookup_flow 
commit c4e85f73af upstream.

This will be used in the conversion of ipv6_stub to ip6_dst_lookup_flow,
as some modules currently pass a net argument without a socket to
ip6_dst_lookup. This is equivalent to commit 343d60aada ("ipv6: change
ipv6_stub_impl.ipv6_dst_lookup to take net argument").

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
[bwh: Backported to 4.19: adjust context]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-04-29 16:31:16 +02:00
Jouni Malinen
a78a253c53 BACKPORT: cfg80211: Support key configuration for Beacon protection (BIGTK) 
IEEE P802.11-REVmd/D3.0 adds support for protecting Beacon frames using
a new set of keys (BIGTK; key index 6..7) similarly to the way
group-addressed Robust Management frames are protected (IGTK; key index
4..5). Extend cfg80211 and nl80211 to allow the new BIGTK to be
configured. Add an extended feature flag to indicate driver support for
the new key index values to avoid array overflows in driver
implementations and also to indicate to user space when this
functionality is available.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20200222132548.20835-2-jouni@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 56be393fa8)
[connoro: resolve conflicts; add preceding enum values to preserve
uapi; drop changes to lines not present in 4.19]
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Iab2dff167159556167600a88091a8e6b28db4ad8
 2020-04-28 16:29:52 -07:00
Veerendranath Jakkam
a7321039a2 BACKPORT: cfg80211: Enhance the AKM advertizement to support per interface. 
Commit ab4dfa2053 ("cfg80211: Allow drivers to advertise supported AKM
suites") introduces the support to advertize supported AKMs to userspace.

This needs an enhancement to advertize the AKM support per interface type,
specifically for the cfg80211-based drivers that implement SME and use
different mechanisms to support the AKM's for each interface type (e.g.,
the support for SAE, OWE AKM's take different paths for such drivers on
STA/AP mode).

This commit aims the same and enhances the earlier mechanism of advertizing
the AKMs per wiphy. Add new nl80211 attributes and data structure to
provide supported AKMs per interface type to userspace.

the AKMs advertized in akm_suites are default capabilities if not
advertized for a specific interface type in iftype_akm_suites.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Link: https://lore.kernel.org/r/20200126203032.21934-1-vjakkam@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit d6039a3416)
[connoro: drop changes to lines not present in android-4.19; add enum
values to nl80211_commands to match uapi]
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I2aef7de9d477b71432c2547a1cba1728a2d22d14
 2020-04-28 23:25:49 +00:00
Johannes Berg
4b433570d0 UPSTREAM: cfg80211: fix and clean up cfg80211_gen_new_bssid() 
Fix cfg80211_gen_new_bssid() to not rely on u64 modulo arithmetic,
which isn't needed since we really just want to mask there. Also,
clean it up to calculate the mask only once and use GENMASK_ULL()
instead of open-coding the mask calculation.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 5d4071abd9)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Ia7f3782f7831b7994fde3cfae85308c6b73602d4
 2020-04-23 14:37:15 -07:00
Sara Sharon
1cb2737c9b UPSTREAM: cfg80211: save multi-bssid properties 
When the new IEs are generated, the multiple BSSID elements
are not saved. Save aside properties that are needed later
for PS.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 0cd01efb03)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I5011217119bfc01dcd2d3aa10f37df4dc385b5c0
 2020-04-23 14:37:15 -07:00
Sara Sharon
92cd5a3f12 UPSTREAM: cfg80211: make BSSID generation function inline 
This will enable reuse by mac80211.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 7ece9c372b)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I1db90bf0e255ae57955e2bdf663b1877c6c2df29
 2020-04-23 14:37:15 -07:00
Sara Sharon
8f2a99bad0 UPSTREAM: cfg80211: parse multi-bssid only if HW supports it 
Parsing and exposing nontransmitted APs is problematic
when underlying HW doesn't support it. Do it only if
driver indicated support. Allow HE restriction as well,
since the HE spec defined the exact manner that Multiple
BSSID set should behave. APs that not support the HE
spec will have less predictable Multiple BSSID set
support/behavior

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 213ed579d3)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Ib691778353cce81d6251dca65177ef19010b4ae3
 2020-04-23 14:37:14 -07:00
Sara Sharon
4b215175c4 UPSTREAM: cfg80211: Move Multiple BSS info to struct cfg80211_bss to be visible 
Previously the transmitted BSS and the non-trasmitted BSS list were
defined in struct cfg80211_internal_bss. Move them to struct cfg80211_bss
since mac80211 needs this info.

Signed-off-by: Sara Sharon <sara.sharon@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 7011ba583f)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I8d0780eb2dde7d858b2f57cf001c3d58aa68212e
 2020-04-23 14:37:14 -07:00
Sunil Dutt
14cdc153d6 UPSTREAM: cfg80211/nl80211: Offload OWE processing to user space in AP mode 
This interface allows the host driver to offload OWE processing
to user space. This intends to support OWE (Opportunistic Wireless
Encryption) AKM by the drivers that implement SME but rely on the
user space for the cryptographic/OWE processing in AP mode. Such
drivers are not capable of processing/deriving the DH IE.

A new NL80211 command - NL80211_CMD_UPDATE_OWE_INFO is introduced
to send the request/event between the host driver and user space.

Driver shall provide the OWE info (MAC address and DH IE) of
the peer to user space for cryptographic processing of the DH IE
through the event. Accordingly, the user space shall update the
OWE info/DH IE to the driver.

Following is the sequence in AP mode for OWE authentication.

Driver passes the OWE info obtained from the peer in the
Association Request to the user space through the event
cfg80211_update_owe_info_event. User space shall process the
OWE info received and generate new OWE info. This OWE info is
passed to the driver through NL80211_CMD_UPDATE_OWE_INFO
request. Driver eventually uses this OWE info to send the
Association Response to the peer.

This OWE info in the command interface carries the IEs that include
PMKID of the peer if the PMKSA is still valid or an updated DH IE
for generating a new PMKSA with the peer.

Signed-off-by: Liangwei Dong <liangwei@codeaurora.org>
Signed-off-by: Sunil Dutt <usdutt@codeaurora.org>
Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
[remove policy initialization - no longer exists]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit cb74e97758)
Bug: 154523213
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: I3c5cd950f1777cf62e622fcf774ce1aac456f22c
 2020-04-23 14:37:14 -07:00
Greg Kroah-Hartman
fd8a9d61cf This is the 4.19.117 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl6emrgACgkQONu9yGCS
 aT7KHhAAnWFfpGr89QEPUIDcdYNqmjnBlf7WRmVqQxbM+umD5AWo8fdLkKA43Fsx
 nNdMP6POYUwMqXahNOYwxCfRuw5sqsz/5bZO8O5p6fIXk1WhtW6Nzw78DHmDpQSj
 Cdfo92dJVhRcsCOElhrdsIypuBr7LoAOFjTGIzx4OZVXM3VJhWPpIgDEtU5yy/+S
 ym9TSU1RyQ9C/mIev3z6AXTAzAzWKdHXKtkWf3YW/7Mgr2QCcwmZxDlp9L1+L6e3
 lLn2IMcFH91Wj0hJX98OhkmjA0EJ/LNU4LaaIe/DxGBEtzyLjn+aoxGIEREnU/Y6
 36+3neWC3tJmUIzgyoRgVby+Jti3APEq3ncD0xzD8MAKitxihru7vKdTyfSWwmY0
 xSz2UbCbbF1BeG3MZQNzgdSQCn4o21Iyxu+aQVGSvVd4k43x4jbtNedLqA6mHmkz
 7I/V7UXyyzztDwlgT+DZa3LT6j4iv8VI6rPl7Evm3b5Iu9un3KLjnOEsXnvxjx9D
 o8dsPkK/pqbIW75bfThkoo8llmm/SsQ0n5GTKbITx9x0jU9E3VlQNHv+DUkT2CEn
 1cY4hsVNql475RsOabhXbfOXI7+uwUCxKEOVN7DysT8UGARGIXZOkrGLr4UqjQHI
 B4J8oKBPPS5ZQKEIC7j/h4V/exqtSZYTQ1GWUNj4uo9X7KnJ+K4=
 =kytQ
 -----END PGP SIGNATURE-----

Merge 4.19.117 into android-4.19

Changes in 4.19.117
	amd-xgbe: Use __napi_schedule() in BH context
	hsr: check protocol version in hsr_newlink()
	net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
	net: ipv6: do not consider routes via gateways for anycast address check
	net: qrtr: send msgs from local of same id as broadcast
	net: revert default NAPI poll timeout to 2 jiffies
	net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
	net: dsa: mt7530: fix tagged frames pass-through in VLAN-unaware mode
	ovl: fix value of i_ino for lower hardlink corner case
	scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic
	jbd2: improve comments about freeing data buffers whose page mapping is NULL
	pwm: pca9685: Fix PWM/GPIO inter-operation
	ext4: fix incorrect group count in ext4_fill_super error message
	ext4: fix incorrect inodes per group in error message
	ASoC: Intel: mrfld: fix incorrect check on p->sink
	ASoC: Intel: mrfld: return error codes when an error occurs
	ALSA: usb-audio: Filter error from connector kctl ops, too
	ALSA: usb-audio: Don't override ignore_ctl_error value from the map
	ALSA: usb-audio: Don't create jack controls for PCM terminals
	ALSA: usb-audio: Check mapping at creating connector controls, too
	keys: Fix proc_keys_next to increase position index
	tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation
	btrfs: check commit root generation in should_ignore_root
	mac80211_hwsim: Use kstrndup() in place of kasprintf()
	usb: dwc3: gadget: don't enable interrupt when disabling endpoint
	usb: dwc3: gadget: Don't clear flags before transfer ended
	drm/amd/powerplay: force the trim of the mclk dpm_levels if OD is enabled
	ext4: do not zeroout extents beyond i_disksize
	kvm: x86: Host feature SSBD doesn't imply guest feature SPEC_CTRL_SSBD
	scsi: target: remove boilerplate code
	scsi: target: fix hang when multiple threads try to destroy the same iscsi session
	x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE
	x86/resctrl: Preserve CDP enable over CPU hotplug
	x86/resctrl: Fix invalid attempt at removing the default resource group
	wil6210: check rx_buff_mgmt before accessing it
	wil6210: ignore HALP ICR if already handled
	wil6210: add general initialization/size checks
	wil6210: make sure Rx ring sizes are correlated
	wil6210: remove reset file from debugfs
	mm/vmalloc.c: move 'area->pages' after if statement
	Linux 4.19.117

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib4ab9aa34c22c034887be15902a625ecc5622b35
 2020-04-21 10:20:12 +02:00
Tim Stallard
8fdf8a84ea net: ipv6: do not consider routes via gateways for anycast address check 
[ Upstream commit 03e2a984b6 ]

The behaviour for what is considered an anycast address changed in
commit 45e4fd2668 ("ipv6: Only create RTF_CACHE routes after
encountering pmtu exception"). This now considers the first
address in a subnet where there is a route via a gateway
to be an anycast address.

This breaks path MTU discovery and traceroutes when a host in a
remote network uses the address at the start of a prefix
(eg 2600:: advertised as 2600::/48 in the DFZ) as ICMP errors
will not be sent to anycast addresses.

This patch excludes any routes with a gateway, or via point to
point links, like the behaviour previously from
rt6_is_gw_or_nonexthop in net/ipv6/route.c.

This can be tested with:
ip link add v1 type veth peer name v2
ip netns add test
ip netns exec test ip link set lo up
ip link set v2 netns test
ip link set v1 up
ip netns exec test ip link set v2 up
ip addr add 2001:db8::1/64 dev v1 nodad
ip addr add 2001:db8:100:: dev lo nodad
ip netns exec test ip addr add 2001:db8::2/64 dev v2 nodad
ip netns exec test ip route add unreachable 2001:db8:1::1
ip netns exec test ip route add 2001:db8:100::/64 via 2001:db8::1
ip netns exec test sysctl net.ipv6.conf.all.forwarding=1
ip route add 2001:db8:1::1 via 2001:db8::2
ping -I 2001:db8::1 2001:db8:1::1 -c1
ping -I 2001:db8:100:: 2001:db8:1::1 -c1
ip addr delete 2001:db8:100:: dev lo
ip netns delete test

Currently the first ping will get back a destination unreachable ICMP
error, but the second will never get a response, with "icmp6_send:
acast source" logged. After this patch, both get destination
unreachable ICMP replies.

Fixes: 45e4fd2668 ("ipv6: Only create RTF_CACHE routes after encountering pmtu exception")
Signed-off-by: Tim Stallard <code@timstallard.me.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-04-21 09:03:04 +02:00
Ankita Bajaj
8766a7247a BACKPORT: nl80211: Add per peer statistics to compute FCS error rate 
Add support for drivers to report the total number of MPDUs received
and the number of MPDUs received with an FCS error from a specific
peer. These counters will be incremented only when the TA of the
frame matches the MAC address of the peer irrespective of FCS
error.

It should be noted that the TA field in the frame might be corrupted
when there is an FCS error and TA matching logic would fail in such
cases. Hence, FCS error counter might not be fully accurate, but it can
provide help in detecting bad RX links in significant number of cases.
This FCS error counter without full accuracy can be used, e.g., to
trigger a kick-out of a connected client with a bad link in AP mode to
force such a client to roam to another AP.

Test: build
Bug: 153912588
Signed-off-by: Ankita Bajaj <bankita@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit 0d4e14a32d)
[hridya: resolved minor conflicts]
Signed-off-by: Hridya Valsaraju <hridya@google.com>
Change-Id: I5306d36e6df255efcb130b0de5151bebda67c549
 2020-04-14 12:57:22 -07:00
Srinivas Dasari
052c2f7381 UPSTREAM: cfg80211: Authentication offload to user space in AP mode 
commit 40cbfa9021 ("cfg80211/nl80211: Optional authentication
offload to userspace")' introduced authentication offload to user
space by the host drivers in station mode. This commit extends
the same for the AP mode too.

Extend NL80211_ATTR_EXTERNAL_AUTH_SUPPORT to also claim the
support of external authentication from the user space in AP mode.
A new flag parameter is introduced in cfg80211_ap_settings to
intend the same while "start ap".

Host driver to use NL80211_CMD_FRAME interface to transmit and
receive the authentication frames to / from the user space.

Host driver to indicate the flag NL80211_RXMGMT_FLAG_EXTERNAL_AUTH
while sending the authentication frame to the user space. This
intends to the user space that the driver wishes it to process
the authentication frame for certain protocols, though it had
initially advertised the support for SME functionality.

User space shall accordingly do the authentication and indicate
its final status through the command NL80211_CMD_EXTERNAL_AUTH.
Allow the command even if userspace doesn't include the attribute
NL80211_ATTR_SSID for AP interface.

Host driver shall continue with the association sequence and
indicate the STA connection status through cfg80211_new_sta.

To facilitate the host drivers in AP mode for matching the pmkid
by the stations during the association, NL80211_CMD_EXTERNAL_AUTH
is also enhanced to include the pmkid to drivers after
the authentication.
This pmkid can also be used in the STA mode to include in the
association request.

Also modify nl80211_external_auth to not mandate SSID in AP mode.

Signed-off-by: Srinivas Dasari <dasaris@codeaurora.org>
[remove useless nla_get_flag() usage]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(cherry picked from commit fe4943702c)
Bug: 153011874
Signed-off-by: Connor O'Brien <connoro@google.com>
Change-Id: Iecdd38a0b6fa7726938c905c4810b9879bc48530
 2020-04-02 12:51:05 -07:00
Maciej Żenczykowski
196eb52d17 UPSTREAM: ipv6: ndisc: add support for 'PREF64' dns64 prefix identifier 
This is trivial since we already have support for the entirely
identical (from the kernel's point of view) RDNSS, DNSSL, etc. that
also contain opaque data that needs to be passed down to userspace
for further processing.

As specified in draft-ietf-6man-ra-pref64-09 (while it is still a draft,
it is purely waiting on the RFC Editor for cleanups and publishing):
  PREF64 option contains lifetime and a (up to) 96-bit IPv6 prefix.

The 8-bit identifier of the option type as assigned by the IANA is 38.

Since we lack DNS64/NAT64/CLAT support in kernel at the moment,
thus this option should also be passed on to userland.

See:
  https://tools.ietf.org/html/draft-ietf-6man-ra-pref64-09
  https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-5

Cc: Erik Kline <ek@google.com>
Cc: Jen Linkova <furry@google.com>
Cc: Lorenzo Colitti <lorenzo@google.com>
Cc: Michael Haro <mharo@google.com>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Acked-By: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit c24a77edc9)
Bug: 150648313
Change-Id: I02bff2103194a8171f907e82f811d7ab66962138
 2020-03-31 08:40:11 +00:00
Alexei Avshalom Lazar
0b546fb9b5 BACKPORT: nl80211: Add support for EDMG channels 
802.11ay specification defines Enhanced Directional Multi-Gigabit
(EDMG) STA and AP which allow channel bonding of 2 channels and more.

Introduce new NL attributes that are needed for enabling and
configuring EDMG support.

Two new attributes are used by kernel to publish driver's EDMG
capabilities to the userspace:
NL80211_BAND_ATTR_EDMG_CHANNELS - bitmap field that indicates the 2.16
GHz channel(s) that are supported by the driver.
When this attribute is not set it means driver does not support EDMG.
NL80211_BAND_ATTR_EDMG_BW_CONFIG - represent the channel bandwidth
configurations supported by the driver.

Additional two new attributes are used by the userspace for connect
command and for AP configuration:
NL80211_ATTR_WIPHY_EDMG_CHANNELS
NL80211_ATTR_WIPHY_EDMG_BW_CONFIG

New rate info flag - RATE_INFO_FLAGS_EDMG, can be reported from driver
and used for bitrate calculation that will take into account EDMG
according to the 802.11ay specification.

Change-Id: I06d3f04d16b68d35c1dd9cd3624916302e8725a1
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
Link: https://lore.kernel.org/r/1566138918-3823-2-git-send-email-ailizaro@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Git-commit: 2a38075cd0
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git
[ailizaro@codeaurora.org: fix conflict due to missing NLA policy]
Signed-off-by: Alexei Avshalom Lazar <ailizaro@codeaurora.org>
(cherry picked from commit afd697d00768139b458e5e770c6c76efa3bcbadd)
Bug: 150628559
Signed-off-by: Connor O'Brien <connoro@google.com>
 2020-03-26 19:35:27 +00:00
Suren Baghdasaryan
f32f289c4f ANDROID: GKI: net: remove conditional members causing ABI diffs 
Remove conditions for including struct net members based on kernel configs
CONFIG_IP_SCTP, CONFIG_NETFILTER_FAMILY_BRIDGE and
CONFIG_BRIDGE_NF_EBTABLES.

Bug: 151115806
Test: build
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I6b0e75f0976ab79ea933fe64bc73ba08c9e7c71a
 2020-03-23 17:13:05 -07:00
Greg Kroah-Hartman
bfe2901c20 This is the 4.19.111 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5xvNEACgkQONu9yGCS
 aT6VUg//SJSSC5IX7gulaIm8IzvVijE7EKkdkjukJ4TD672J1QqzXVlhKp8tSvAV
 ZBknOar0AP5sDNtvF3cgz0t6w6IJHrLWGyWqcMfUTC75M9HVZH6YUgHDkPmi0g8f
 dyTrVe20/lC5yBNAFmS0pnYB+UfL8biJEF6N++pULZQhOY0eRr6BMKdl2npxH7D3
 YL/jipdGHmwkr/OgOtRaOBgEP6HIu1xKnZUkGzvhF0BOxAM/ib/5lQognOD6x4Hm
 9vHzc8+nBXlWj6N7XkE+I3RiZumUx+vEr2kLljdrTE7cH7ALzJQl4GQ6Db6lbd0E
 q78Y44FhrfKiwxDeGPHKOX39sgzVwCsKhwTg3a4Rq4Aq0I7QQoPikAyCUj9kaeFq
 q8bI0Wub+4nQhzuyv6UgRWaQnIBZxXe56M8z3u4CTy6ljwvn4hXeZ9bkVRyXdQtS
 D4h3WtxFwBed0tQGb5ypv83Wg/lwK8bQHab4LDV9AZNZ3Jrbg70ldlea0GiA8Csc
 Y3MncS6zF9mnAU8ZdsYT3GNkRQS3OTFNeb7+V5MRgdCnG3xk5GltHTy0JYhZKmXH
 8zMXlUgUeyihFx6f7LwFhYk8NTSg3+W700SKND/zd+VK8m7mqT7PB1bkny5zJ6aC
 teehBWmHlxZlL1ENXya8lUEEsOieAWxi3IMlhOEo2roidPW1N0o=
 =ryZW
 -----END PGP SIGNATURE-----

Merge 4.19.111 into android-4.19

Changes in 4.19.111
	phy: Revert toggling reset changes.
	net: phy: Avoid multiple suspends
	cgroup, netclassid: periodically release file_lock on classid updating
	gre: fix uninit-value in __iptunnel_pull_header
	inet_diag: return classid for all socket types
	ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface
	ipvlan: add cond_resched_rcu() while processing muticast backlog
	ipvlan: do not add hardware address of master to its unicast filter list
	ipvlan: do not use cond_resched_rcu() in ipvlan_process_multicast()
	ipvlan: don't deref eth hdr before checking it's set
	net/ipv6: use configured metric when add peer route
	netlink: Use netlink header as base to calculate bad attribute offset
	net: macsec: update SCI upon MAC address change.
	net: nfc: fix bounds checking bugs on "pipe"
	net/packet: tpacket_rcv: do not increment ring index on drop
	net: stmmac: dwmac1000: Disable ACS if enhanced descs are not used
	net: systemport: fix index check to avoid an array out of bounds access
	r8152: check disconnect status after long sleep
	sfc: detach from cb_page in efx_copy_channel()
	bnxt_en: reinitialize IRQs when MTU is modified
	cgroup: memcg: net: do not associate sock with unrelated cgroup
	net: memcg: late association of sock to memcg
	net: memcg: fix lockdep splat in inet_csk_accept()
	devlink: validate length of param values
	fib: add missing attribute validation for tun_id
	nl802154: add missing attribute validation
	nl802154: add missing attribute validation for dev_type
	can: add missing attribute validation for termination
	macsec: add missing attribute validation for port
	net: fq: add missing attribute validation for orphan mask
	team: add missing attribute validation for port ifindex
	team: add missing attribute validation for array index
	nfc: add missing attribute validation for SE API
	nfc: add missing attribute validation for deactivate target
	nfc: add missing attribute validation for vendor subcommand
	net: phy: fix MDIO bus PM PHY resuming
	selftests/net/fib_tests: update addr_metric_test for peer route testing
	net/ipv6: need update peer route when modify metric
	net/ipv6: remove the old peer route if change it to a new one
	tipc: add missing attribute validation for MTU property
	devlink: validate length of region addr/len
	bonding/alb: make sure arp header is pulled before accessing it
	slip: make slhc_compress() more robust against malicious packets
	net: fec: validate the new settings in fec_enet_set_coalesce()
	macvlan: add cond_resched() during multicast processing
	cgroup: cgroup_procs_next should increase position index
	cgroup: Iterate tasks that did not finish do_exit()
	iwlwifi: mvm: Do not require PHY_SKU NVM section for 3168 devices
	virtio-blk: fix hw_queue stopped on arbitrary error
	iommu/vt-d: quirk_ioat_snb_local_iommu: replace WARN_TAINT with pr_warn + add_taint
	netfilter: nf_conntrack: ct_cpu_seq_next should increase position index
	netfilter: synproxy: synproxy_cpu_seq_next should increase position index
	netfilter: xt_recent: recent_seq_next should increase position index
	netfilter: x_tables: xt_mttg_seq_next should increase position index
	workqueue: don't use wq_select_unbound_cpu() for bound works
	drm/amd/display: remove duplicated assignment to grph_obj_type
	ktest: Add timeout for ssh sync testing
	cifs_atomic_open(): fix double-put on late allocation failure
	gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
	KVM: x86: clear stale x86_emulate_ctxt->intercept value
	ARC: define __ALIGN_STR and __ALIGN symbols for ARC
	macintosh: windfarm: fix MODINFO regression
	efi: Fix a race and a buffer overflow while reading efivars via sysfs
	efi: Make efi_rts_work accessible to efi page fault handler
	mt76: fix array overflow on receiving too many fragments for a packet
	x86/mce: Fix logic and comments around MSR_PPIN_CTL
	iommu/dma: Fix MSI reservation allocation
	iommu/vt-d: dmar: replace WARN_TAINT with pr_warn + add_taint
	iommu/vt-d: Fix a bug in intel_iommu_iova_to_phys() for huge page
	batman-adv: Don't schedule OGM for disabled interface
	pinctrl: meson-gxl: fix GPIOX sdio pins
	pinctrl: core: Remove extra kref_get which blocks hogs being freed
	drm/i915/gvt: Fix unnecessary schedule timer when no vGPU exits
	i2c: gpio: suppress error on probe defer
	nl80211: add missing attribute validation for critical protocol indication
	nl80211: add missing attribute validation for beacon report scanning
	nl80211: add missing attribute validation for channel switch
	perf bench futex-wake: Restore thread count default to online CPU count
	netfilter: cthelper: add missing attribute validation for cthelper
	netfilter: nft_payload: add missing attribute validation for payload csum flags
	netfilter: nft_tunnel: add missing attribute validation for tunnels
	iommu/vt-d: Fix the wrong printing in RHSA parsing
	iommu/vt-d: Ignore devices with out-of-spec domain number
	i2c: acpi: put device when verifying client fails
	ipv6: restrict IPV6_ADDRFORM operation
	net/smc: check for valid ib_client_data
	net/smc: cancel event worker during device removal
	efi: Add a sanity check to efivar_store_raw()
	batman-adv: Avoid free/alloc race when handling OGM2 buffer
	Linux 4.19.111

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ide220f0b6a12d291bda4a83f17cde25bbe64e2ff
 2020-03-18 08:19:47 +01:00
Jakub Kicinski
4e4a3292c6 fib: add missing attribute validation for tun_id 
[ Upstream commit 4c16d64ea0 ]

Add missing netlink policy entry for FRA_TUN_ID.

Fixes: e7030878fc ("fib: Add fib rule match on tunnel id")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-03-18 07:14:14 +01:00
Sameer Thalappil
cf8be8db9b ANDROID: GKI: cfg80211: Add AP stopped interface 
AP stopped interface can be used to indicate that the AP mode has
stopped functioning, WLAN driver may have encountered errors that has
forced the driver to stop the AP mode.

When the driver is in P2P-Go mode, and when it goes thru automatic
recovery from firmware crashes, it uses this interface to notify the
userspace that the group has been deleted.

CRs-Fixed: 1078172
Bug: 150894598
Test: make
Signed-off-by: Sameer Thalappil <sameert@codeaurora.org>
Change-Id: Id566b35cd0afdb7277fbd2aef74601bfabc65e42
(cherry picked from commit 44643035d7f5d74edebac551928a7b03fe76f19c)
Signed-off-by: Hridya Valsaraju <hridya@google.com>
 2020-03-12 10:46:18 -07:00
Greg Kroah-Hartman
8290fa4ad8 This is the 4.19.108 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5hHeEACgkQONu9yGCS
 aT7uFQ/+KcS1brUUid3C+zewoJ7vvB7wspMRogdJk5/9Y/ty4uxolFRNxM7Fq2Sj
 2Uq0jyt8TiiOQBguqpRfJN/GqPX7HBLPR6e9B4Pq67BR34VT6azqb5F7tKjhCa4I
 CGmA5XvCCQSGwqmwyP4biV0yOdN6Fy0B/9q7+7RSOsY/Mr86RyEHQgarRxaMy2QW
 v/dh/yIsdPXG27ZicETudKqIWaMiXL5k0zXr81HY4TcOzBrKW66nuqcI0uXZ6r54
 RwqxfGVTGQeGIN4bBAFGTlEvvMDO0NAENGA0vOpt8Mqf7yRIye78GCmn8A/nOgd/
 +ZsrS9y+baJun0O/7zmuYSFd37GDecRu6kNYI+fc1Hbf784wLj05A52kNZ5ndYPB
 CdHgcow63QV3DGTXsfQOi/yZEDm/YMUzhMoL2/KP/LlJzq8raXMf95pB3fgs6zmX
 HI3sA4AuyWQaQb/ogzW+8m8v1oHzT4+aNaBi9rBS1uqCg5q6AhTBRApUNpbybgsG
 vkiTwhIc2y74Y7M5wV0Fp29pQBPPn033smIq3V/qxgyMvoBbMXxNGZ7jTK882h5g
 UBjprtX/wyHgVLEXITiz1BPJTinweJarRCL6iGn5w7IOfd3enSamfph5wh5vuXR6
 ea0SCw3Dni5G930BMldxubZRtiYTiqvDCeC/IpG7trP9mpczGeE=
 =/2bv
 -----END PGP SIGNATURE-----

Merge 4.19.108 into android-4.19

Changes in 4.19.108
	irqchip/gic-v3-its: Fix misuse of GENMASK macro
	iwlwifi: pcie: fix rb_allocator workqueue allocation
	ipmi:ssif: Handle a possible NULL pointer reference
	drm/msm: Set dma maximum segment size for mdss
	dax: pass NOWAIT flag to iomap_apply
	mac80211: consider more elements in parsing CRC
	cfg80211: check wiphy driver existence for drvinfo report
	s390/zcrypt: fix card and queue total counter wrap
	qmi_wwan: re-add DW5821e pre-production variant
	qmi_wwan: unconditionally reject 2 ep interfaces
	ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi
	soc/tegra: fuse: Fix build with Tegra194 configuration
	net: ena: fix potential crash when rxfh key is NULL
	net: ena: fix uses of round_jiffies()
	net: ena: add missing ethtool TX timestamping indication
	net: ena: fix incorrect default RSS key
	net: ena: rss: fix failure to get indirection table
	net: ena: rss: store hash function as values and not bits
	net: ena: fix incorrectly saving queue numbers when setting RSS indirection table
	net: ena: ethtool: use correct value for crc32 hash
	net: ena: ena-com.c: prevent NULL pointer dereference
	cifs: Fix mode output in debugging statements
	cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
	sysrq: Restore original console_loglevel when sysrq disabled
	sysrq: Remove duplicated sysrq message
	net: fib_rules: Correctly set table field when table number exceeds 8 bits
	net: mscc: fix in frame extraction
	net: phy: restore mdio regs in the iproc mdio driver
	net: sched: correct flower port blocking
	nfc: pn544: Fix occasional HW initialization failure
	sctp: move the format error check out of __sctp_sf_do_9_1_abort
	ipv6: Fix route replacement with dev-only route
	ipv6: Fix nlmsg_flags when splitting a multipath route
	qede: Fix race between rdma destroy workqueue and link change event
	net/tls: Fix to avoid gettig invalid tls record
	ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
	audit: fix error handling in audit_data_to_entry()
	ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro
	ACPI: watchdog: Fix gas->access_width usage
	KVM: VMX: check descriptor table exits on instruction emulation
	HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock
	HID: core: fix off-by-one memset in hid_report_raw_event()
	HID: core: increase HID report buffer size to 8KiB
	macintosh: therm_windtunnel: fix regression when instantiating devices
	tracing: Disable trace_printk() on post poned tests
	Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs"
	amdgpu/gmc_v9: save/restore sdpif regs during S3
	vhost: Check docket sk_family instead of call getname
	HID: alps: Fix an error handling path in 'alps_input_configured()'
	HID: hiddev: Fix race in in hiddev_disconnect()
	MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()'
	i2c: altera: Fix potential integer overflow
	i2c: jz4780: silence log flood on txabrt
	drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime
	drm/i915/gvt: Separate display reset from ALL_ENGINES reset
	hv_netvsc: Fix unwanted wakeup in netvsc_attach()
	usb: charger: assign specific number for enum value
	s390/qeth: vnicc Fix EOPNOTSUPP precedence
	net: netlink: cap max groups which will be considered in netlink_bind()
	net: atlantic: fix use after free kasan warn
	net: atlantic: fix potential error handling
	net/smc: no peer ID in CLC decline for SMCD
	net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE
	namei: only return -ECHILD from follow_dotdot_rcu()
	mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame()
	mwifiex: delete unused mwifiex_get_intf_num()
	KVM: SVM: Override default MMIO mask if memory encryption is enabled
	KVM: Check for a bad hva before dropping into the ghc slow path
	sched/fair: Optimize update_blocked_averages()
	sched/fair: Fix O(nr_cgroups) in the load balancing path
	perf stat: Use perf_evsel__is_clocki() for clock events
	perf stat: Fix shadow stats for clock events
	drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()'
	kprobes: Set unoptimized flag after unoptimizing code
	pwm: omap-dmtimer: put_device() after of_find_device_by_node()
	perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc
	KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path
	KVM: x86: Remove spurious clearing of async #PF MSR
	thermal: brcmstb_thermal: Do not use DT coefficients
	netfilter: nft_tunnel: no need to call htons() when dumping ports
	netfilter: nf_flowtable: fix documentation
	mm/huge_memory.c: use head to check huge zero page
	mm, thp: fix defrag setting if newline is not used
	audit: always check the netlink payload length in audit_receive_msg()
	Linux 4.19.108

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ib98db500eded0a83d89c38900bbdf9ff5d6a37e0
 2020-03-05 17:40:55 +01:00
Jason Baron
24b0fc7c29 net: sched: correct flower port blocking 
[ Upstream commit 8a9093c798 ]

tc flower rules that are based on src or dst port blocking are sometimes
ineffective due to uninitialized stack data. __skb_flow_dissect() extracts
ports from the skb for tc flower to match against. However, the port
dissection is not done when when the FLOW_DIS_IS_FRAGMENT bit is set in
key_control->flags. All callers of __skb_flow_dissect(), zero-out the
key_control field except for fl_classify() as used by the flower
classifier. Thus, the FLOW_DIS_IS_FRAGMENT may be set on entry to
__skb_flow_dissect(), since key_control is allocated on the stack
and may not be initialized.

Since key_basic and key_control are present for all flow keys, let's
make sure they are initialized.

Fixes: 62230715fd ("flow_dissector: do not dissect l4 ports for fragments")
Co-developed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Jason Baron <jbaron@akamai.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-03-05 16:42:16 +01:00
Greg Kroah-Hartman
3389e56d31 This is the 4.19.103 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl5Cn0wACgkQONu9yGCS
 aT584xAAtePSlzTxst/jukREoyrpAfTM1BeovMdsZEBpKh+/F3n1udqHeo+iNAAN
 qSOig012aW2qP7b5/4CrEU9ZRTvd0AM4fog7ABLJVahMYMqoJgod8TRaE4v0nVut
 eRans6w3NbZJCZwdw2aiu5gwFfjwJLSUckBNmj4XVYdyfh7q0BgnZV5OY0V+zhuG
 1MWXaylbRqjguR/ZFk0UPAmRaqNKHbwfCJ1V0ygL9xQkJM0cUn7hX9/CqM4aYnm6
 m1oux4ektLAmF1XK4NiQEuRBMeFO74XlKcsZqQHf/b4FZfcPergcPwIj8ugtCHzJ
 kx2QgURDjgH4Tnu+Q0ScPrjj2kjU8rWmjqlcv1PcUyOWm+MR0OK9bW7TLEntMSF8
 HOEe9j6SsjQNIOoYh1YcMnuGjKNIZjl2L3VbDzpVN2GxZxwAutY6G68tV7sbA2pu
 wtsrAVOqdcjoo0ruRmwognBqQAdNdsbiBx7bgcNjVEXWL0N3Ddiv6CNYwnehA5Hq
 cvQwVQpFGP9ZGYUcCMbdwR+7kJzVy6V2S615M8GkE9FouOwTfV60zM/sZ1rFVt1J
 70zxfRX5ys19aTAVkbi6pHHCUJ0ZAiTgWujp5Hp4kPt7gEz01Ur0s1kI3b7b6iWh
 cuycRFULvqeXCApQacs//lOVDoUV20uFcL/zqOFM33v/+YzkyjA=
 =3D8z
 -----END PGP SIGNATURE-----

Merge 4.19.103 into android-4.19

Changes in 4.19.103
	Revert "drm/sun4i: dsi: Change the start delay calculation"
	ovl: fix lseek overflow on 32bit
	kernel/module: Fix memleak in module_add_modinfo_attrs()
	media: iguanair: fix endpoint sanity check
	ocfs2: fix oops when writing cloned file
	x86/cpu: Update cached HLE state on write to TSX_CTRL_CPUID_CLEAR
	udf: Allow writing to 'Rewritable' partitions
	printk: fix exclusive_console replaying
	iwlwifi: mvm: fix NVM check for 3168 devices
	sparc32: fix struct ipc64_perm type definition
	cls_rsvp: fix rsvp_policy
	gtp: use __GFP_NOWARN to avoid memalloc warning
	l2tp: Allow duplicate session creation with UDP
	net: hsr: fix possible NULL deref in hsr_handle_frame()
	net_sched: fix an OOB access in cls_tcindex
	net: stmmac: Delete txtimer in suspend()
	bnxt_en: Fix TC queue mapping.
	tcp: clear tp->total_retrans in tcp_disconnect()
	tcp: clear tp->delivered in tcp_disconnect()
	tcp: clear tp->data_segs{in|out} in tcp_disconnect()
	tcp: clear tp->segs_{in|out} in tcp_disconnect()
	rxrpc: Fix use-after-free in rxrpc_put_local()
	rxrpc: Fix insufficient receive notification generation
	rxrpc: Fix missing active use pinning of rxrpc_local object
	rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect
	media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
	mfd: dln2: More sanity checking for endpoints
	ipc/msg.c: consolidate all xxxctl_down() functions
	tracing: Fix sched switch start/stop refcount racy updates
	rcu: Avoid data-race in rcu_gp_fqs_check_wake()
	brcmfmac: Fix memory leak in brcmf_usbdev_qinit
	usb: typec: tcpci: mask event interrupts when remove driver
	usb: gadget: legacy: set max_speed to super-speed
	usb: gadget: f_ncm: Use atomic_t to track in-flight request
	usb: gadget: f_ecm: Use atomic_t to track in-flight request
	ALSA: usb-audio: Fix endianess in descriptor validation
	ALSA: dummy: Fix PCM format loop in proc output
	mm/memory_hotplug: fix remove_memory() lockdep splat
	mm: move_pages: report the number of non-attempted pages
	media/v4l2-core: set pages dirty upon releasing DMA buffers
	media: v4l2-core: compat: ignore native command codes
	media: v4l2-rect.h: fix v4l2_rect_map_inside() top/left adjustments
	lib/test_kasan.c: fix memory leak in kmalloc_oob_krealloc_more()
	irqdomain: Fix a memory leak in irq_domain_push_irq()
	platform/x86: intel_scu_ipc: Fix interrupt support
	ALSA: hda: Add Clevo W65_67SB the power_save blacklist
	KVM: arm64: Correct PSTATE on exception entry
	KVM: arm/arm64: Correct CPSR on exception entry
	KVM: arm/arm64: Correct AArch32 SPSR on exception entry
	KVM: arm64: Only sign-extend MMIO up to register width
	MIPS: fix indentation of the 'RELOCS' message
	MIPS: boot: fix typo in 'vmlinux.lzma.its' target
	s390/mm: fix dynamic pagetable upgrade for hugetlbfs
	powerpc/xmon: don't access ASDR in VMs
	powerpc/pseries: Advance pfn if section is not present in lmb_is_removable()
	smb3: fix signing verification of large reads
	PCI: tegra: Fix return value check of pm_runtime_get_sync()
	mmc: spi: Toggle SPI polarity, do not hardcode it
	ACPI: video: Do not export a non working backlight interface on MSI MS-7721 boards
	ACPI / battery: Deal with design or full capacity being reported as -1
	ACPI / battery: Use design-cap for capacity calculations if full-cap is not available
	ACPI / battery: Deal better with neither design nor full capacity not being reported
	alarmtimer: Unregister wakeup source when module get fails
	ubifs: Reject unsupported ioctl flags explicitly
	ubifs: don't trigger assertion on invalid no-key filename
	ubifs: Fix FS_IOC_SETFLAGS unexpectedly clearing encrypt flag
	ubifs: Fix deadlock in concurrent bulk-read and writepage
	crypto: geode-aes - convert to skcipher API and make thread-safe
	PCI: keystone: Fix link training retries initiation
	mmc: sdhci-of-at91: fix memleak on clk_get failure
	hv_balloon: Balloon up according to request page number
	mfd: axp20x: Mark AXP20X_VBUS_IPSOUT_MGMT as volatile
	crypto: api - Check spawn->alg under lock in crypto_drop_spawn
	crypto: ccree - fix backlog memory leak
	crypto: ccree - fix pm wrongful error reporting
	crypto: ccree - fix PM race condition
	scripts/find-unused-docs: Fix massive false positives
	scsi: qla2xxx: Fix mtcp dump collection failure
	power: supply: ltc2941-battery-gauge: fix use-after-free
	ovl: fix wrong WARN_ON() in ovl_cache_update_ino()
	f2fs: choose hardlimit when softlimit is larger than hardlimit in f2fs_statfs_project()
	f2fs: fix miscounted block limit in f2fs_statfs_project()
	f2fs: code cleanup for f2fs_statfs_project()
	PM: core: Fix handling of devices deleted during system-wide resume
	of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc
	dm zoned: support zone sizes smaller than 128MiB
	dm space map common: fix to ensure new block isn't already in use
	dm crypt: fix benbi IV constructor crash if used in authenticated mode
	dm: fix potential for q->make_request_fn NULL pointer
	dm writecache: fix incorrect flush sequence when doing SSD mode commit
	padata: Remove broken queue flushing
	tracing: Annotate ftrace_graph_hash pointer with __rcu
	tracing: Annotate ftrace_graph_notrace_hash pointer with __rcu
	ftrace: Add comment to why rcu_dereference_sched() is open coded
	ftrace: Protect ftrace_graph_hash with ftrace_sync
	samples/bpf: Don't try to remove user's homedir on clean
	crypto: ccp - set max RSA modulus size for v3 platform devices as well
	crypto: pcrypt - Do not clear MAY_SLEEP flag in original request
	crypto: atmel-aes - Fix counter overflow in CTR mode
	crypto: api - Fix race condition in crypto_spawn_alg
	crypto: picoxcell - adjust the position of tasklet_init and fix missed tasklet_kill
	scsi: qla2xxx: Fix unbound NVME response length
	NFS: Fix memory leaks and corruption in readdir
	NFS: Directory page cache pages need to be locked when read
	jbd2_seq_info_next should increase position index
	Btrfs: fix missing hole after hole punching and fsync when using NO_HOLES
	btrfs: set trans->drity in btrfs_commit_transaction
	Btrfs: fix race between adding and putting tree mod seq elements and nodes
	ARM: tegra: Enable PLLP bypass during Tegra124 LP1
	iwlwifi: don't throw error when trying to remove IGTK
	mwifiex: fix unbalanced locking in mwifiex_process_country_ie()
	sunrpc: expiry_time should be seconds not timeval
	gfs2: move setting current->backing_dev_info
	gfs2: fix O_SYNC write handling
	drm/rect: Avoid division by zero
	media: rc: ensure lirc is initialized before registering input device
	tools/kvm_stat: Fix kvm_exit filter name
	xen/balloon: Support xend-based toolstack take two
	watchdog: fix UAF in reboot notifier handling in watchdog core code
	bcache: add readahead cache policy options via sysfs interface
	eventfd: track eventfd_signal() recursion depth
	aio: prevent potential eventfd recursion on poll
	KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks
	KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
	KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks
	KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks
	KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks
	KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks
	KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks
	KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks
	KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks
	KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c
	KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks
	KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks
	KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform
	KVM: PPC: Book3S HV: Uninit vCPU if vcore creation fails
	KVM: PPC: Book3S PR: Free shared page if mmu initialization fails
	x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
	KVM: x86: Don't let userspace set host-reserved cr4 bits
	KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
	KVM: s390: do not clobber registers during guest reset/store status
	clk: tegra: Mark fuse clock as critical
	drm/amd/dm/mst: Ignore payload update failures
	percpu: Separate decrypted varaibles anytime encryption can be enabled
	scsi: qla2xxx: Fix the endianness of the qla82xx_get_fw_size() return type
	scsi: csiostor: Adjust indentation in csio_device_reset
	scsi: qla4xxx: Adjust indentation in qla4xxx_mem_free
	scsi: ufs: Recheck bkops level if bkops is disabled
	phy: qualcomm: Adjust indentation in read_poll_timeout
	ext2: Adjust indentation in ext2_fill_super
	powerpc/44x: Adjust indentation in ibm4xx_denali_fixup_memsize
	drm: msm: mdp4: Adjust indentation in mdp4_dsi_encoder_enable
	NFC: pn544: Adjust indentation in pn544_hci_check_presence
	ppp: Adjust indentation into ppp_async_input
	net: smc911x: Adjust indentation in smc911x_phy_configure
	net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
	IB/mlx5: Fix outstanding_pi index for GSI qps
	IB/core: Fix ODP get user pages flow
	nfsd: fix delay timer on 32-bit architectures
	nfsd: fix jiffies/time_t mixup in LRU list
	nfsd: Return the correct number of bytes written to the file
	ubi: fastmap: Fix inverted logic in seen selfcheck
	ubi: Fix an error pointer dereference in error handling code
	mfd: da9062: Fix watchdog compatible string
	mfd: rn5t618: Mark ADC control register volatile
	bonding/alb: properly access headers in bond_alb_xmit()
	net: dsa: bcm_sf2: Only 7278 supports 2Gb/sec IMP port
	net: mvneta: move rx_dropped and rx_errors in per-cpu stats
	net_sched: fix a resource leak in tcindex_set_parms()
	net: systemport: Avoid RBUF stuck in Wake-on-LAN mode
	net/mlx5: IPsec, Fix esp modify function attribute
	net/mlx5: IPsec, fix memory leak at mlx5_fpga_ipsec_delete_sa_ctx
	net: macb: Remove unnecessary alignment check for TSO
	net: macb: Limit maximum GEM TX length in TSO
	net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan()
	ext4: fix deadlock allocating crypto bounce page from mempool
	btrfs: use bool argument in free_root_pointers()
	btrfs: free block groups after free'ing fs trees
	drm: atmel-hlcdc: enable clock before configuring timing engine
	drm/dp_mst: Remove VCPI while disabling topology mgr
	btrfs: flush write bio if we loop in extent_write_cache_pages
	KVM: x86/mmu: Apply max PA check for MMIO sptes to 32-bit KVM
	KVM: x86: Use gpa_t for cr2/gpa to fix TDP support on 32-bit KVM
	KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
	KVM: nVMX: vmread should not set rflags to specify success in case of #PF
	KVM: Use vcpu-specific gva->hva translation when querying host page size
	KVM: Play nice with read-only memslots when querying host page size
	mm: zero remaining unavailable struct pages
	mm: return zero_resv_unavail optimization
	mm/page_alloc.c: fix uninitialized memmaps on a partially populated last section
	cifs: fail i/o on soft mounts if sessionsetup errors out
	x86/apic/msi: Plug non-maskable MSI affinity race
	clocksource: Prevent double add_timer_on() for watchdog_timer
	perf/core: Fix mlock accounting in perf_mmap()
	rxrpc: Fix service call disconnection
	Linux 4.19.103

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I0d7f09085c3541373e0fd6b2e3ffacc5e34f7d55
 2020-02-11 15:05:03 -08:00
Eric Dumazet
6513fd0adb bonding/alb: properly access headers in bond_alb_xmit() 
[ Upstream commit 38f88c4540 ]

syzbot managed to send an IPX packet through bond_alb_xmit()
and af_packet and triggered a use-after-free.

First, bond_alb_xmit() was using ipx_hdr() helper to reach
the IPX header, but ipx_hdr() was using the transport offset
instead of the network offset. In the particular syzbot
report transport offset was 0xFFFF

This patch removes ipx_hdr() since it was only (mis)used from bonding.

Then we need to make sure IPv4/IPv6/IPX headers are pulled
in skb->head before dereferencing anything.

BUG: KASAN: use-after-free in bond_alb_xmit+0x153a/0x1590 drivers/net/bonding/bond_alb.c:1452
Read of size 2 at addr ffff8801ce56dfff by task syz-executor.2/18108
 (if (ipx_hdr(skb)->ipx_checksum != IPX_NO_CHECKSUM) ...)

Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 [<ffffffff8441fc42>] __dump_stack lib/dump_stack.c:17 [inline]
 [<ffffffff8441fc42>] dump_stack+0x14d/0x20b lib/dump_stack.c:53
 [<ffffffff81a7dec4>] print_address_description+0x6f/0x20b mm/kasan/report.c:282
 [<ffffffff81a7e0ec>] kasan_report_error mm/kasan/report.c:380 [inline]
 [<ffffffff81a7e0ec>] kasan_report mm/kasan/report.c:438 [inline]
 [<ffffffff81a7e0ec>] kasan_report.cold+0x8c/0x2a0 mm/kasan/report.c:422
 [<ffffffff81a7dc4f>] __asan_report_load_n_noabort+0xf/0x20 mm/kasan/report.c:469
 [<ffffffff82c8c00a>] bond_alb_xmit+0x153a/0x1590 drivers/net/bonding/bond_alb.c:1452
 [<ffffffff82c60c74>] __bond_start_xmit drivers/net/bonding/bond_main.c:4199 [inline]
 [<ffffffff82c60c74>] bond_start_xmit+0x4f4/0x1570 drivers/net/bonding/bond_main.c:4224
 [<ffffffff83baa558>] __netdev_start_xmit include/linux/netdevice.h:4525 [inline]
 [<ffffffff83baa558>] netdev_start_xmit include/linux/netdevice.h:4539 [inline]
 [<ffffffff83baa558>] xmit_one net/core/dev.c:3611 [inline]
 [<ffffffff83baa558>] dev_hard_start_xmit+0x168/0x910 net/core/dev.c:3627
 [<ffffffff83bacf35>] __dev_queue_xmit+0x1f55/0x33b0 net/core/dev.c:4238
 [<ffffffff83bae3a8>] dev_queue_xmit+0x18/0x20 net/core/dev.c:4278
 [<ffffffff84339189>] packet_snd net/packet/af_packet.c:3226 [inline]
 [<ffffffff84339189>] packet_sendmsg+0x4919/0x70b0 net/packet/af_packet.c:3252
 [<ffffffff83b1ac0c>] sock_sendmsg_nosec net/socket.c:673 [inline]
 [<ffffffff83b1ac0c>] sock_sendmsg+0x12c/0x160 net/socket.c:684
 [<ffffffff83b1f5a2>] __sys_sendto+0x262/0x380 net/socket.c:1996
 [<ffffffff83b1f700>] SYSC_sendto net/socket.c:2008 [inline]
 [<ffffffff83b1f700>] SyS_sendto+0x40/0x60 net/socket.c:2004

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Jay Vosburgh <j.vosburgh@gmail.com>
Cc: Veaceslav Falico <vfalico@gmail.com>
Cc: Andy Gospodarek <andy@greyhouse.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-02-11 04:34:14 -08:00
Greg Kroah-Hartman
83b584a64c This is the 4.19.102 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl461NIACgkQONu9yGCS
 aT6Mqw//W5xIIcs0Ut+P+QYNN6lCTRJ0AvFUolz79M3pyK/rHUluwTvYJbDAeGE3
 sckv96rE1pxj5ZSf6LegXIoALrA4RlYHS8xXkYnRrt6xfrb7UwpqsJtt4Mx+IrJ3
 9uFfaWRSvuDfRCraZxLiE2Bl9xVYvaPfFJYBmH383VB+deYNfpwORFsqNDQT+gR6
 PZLuV0x//Kerwmd4OvaaHR/fIl8YVKmIz5lu3+3WIuVKxTK6Bbd3YzVu13dhVaX2
 mETflLEAO/sYsUQiS4SO22ejLAiWyD8LyMV8s9KeTFQXzML3JpibKnt3ySDfzsFE
 m8VRlaLcQwB0Ca2AVGHA5QV0+V+2+6qh/IcZl630feBueGQX59qLQkOurD4e/9lm
 Na6ZkLPTh9UipIfTu9fvA5HY5lPt2VcSWwG2nLluckfJIpKNFVQEB7vuk9zd7468
 qkXmj/J1YDdJzt2YgD0WZuKu3f1/No7rXbNmT2Oj0+HNWWvIU9xFNFlIPAxo7pJy
 kwekd9+gHI0n1OhLRjzYUyf0pD+j0o75ZHsYYsUW0y6cGoWX/LmQ8JPFi+waHiov
 FOe8FJz/uDtfQnJ4+izAM5Jjbu1LE+L8uGoIExYAv4DuXgPZtI2wtHvP4HHM3Aov
 mDWLesMgizsroViv57aXC0C1ZPksPpGeHT+HcH7RnDQ0kQmpe3E=
 =2XGW
 -----END PGP SIGNATURE-----

Merge 4.19.102 into android-4.19

Changes in 4.19.102
	vfs: fix do_last() regression
	x86/resctrl: Fix use-after-free when deleting resource groups
	x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup
	x86/resctrl: Fix a deadlock due to inaccurate reference
	crypto: pcrypt - Fix user-after-free on module unload
	rsi: add hci detach for hibernation and poweroff
	rsi: fix use-after-free on failed probe and unbind
	perf c2c: Fix return type for histogram sorting comparision functions
	PM / devfreq: Add new name attribute for sysfs
	tools lib: Fix builds when glibc contains strlcpy()
	arm64: kbuild: remove compressed images on 'make ARCH=arm64 (dist)clean'
	ext4: validate the debug_want_extra_isize mount option at parse time
	mm/mempolicy.c: fix out of bounds write in mpol_parse_str()
	reiserfs: Fix memory leak of journal device string
	media: digitv: don't continue if remote control state can't be read
	media: af9005: uninitialized variable printked
	media: vp7045: do not read uninitialized values if usb transfer fails
	media: gspca: zero usb_buf
	media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0
	tomoyo: Use atomic_t for statistics counter
	ttyprintk: fix a potential deadlock in interrupt context issue
	Bluetooth: Fix race condition in hci_release_sock()
	cgroup: Prevent double killing of css when enabling threaded cgroup
	media: si470x-i2c: Move free() past last use of 'radio'
	ARM: dts: sun8i: a83t: Correct USB3503 GPIOs polarity
	ARM: dts: am57xx-beagle-x15/am57xx-idk: Remove "gpios" for endpoint dt nodes
	ARM: dts: beagle-x15-common: Model 5V0 regulator
	soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot
	tools lib traceevent: Fix memory leakage in filter_event
	rseq: Unregister rseq for clone CLONE_VM
	clk: sunxi-ng: h6-r: Fix AR100/R_APB2 parent order
	mac80211: mesh: restrict airtime metric to peered established plinks
	clk: mmp2: Fix the order of timer mux parents
	ASoC: rt5640: Fix NULL dereference on module unload
	ixgbevf: Remove limit of 10 entries for unicast filter list
	ixgbe: Fix calculation of queue with VFs and flow director on interface flap
	igb: Fix SGMII SFP module discovery for 100FX/LX.
	platform/x86: GPD pocket fan: Allow somewhat lower/higher temperature limits
	ASoC: sti: fix possible sleep-in-atomic
	qmi_wwan: Add support for Quectel RM500Q
	parisc: Use proper printk format for resource_size_t
	wireless: fix enabling channel 12 for custom regulatory domain
	cfg80211: Fix radar event during another phy CAC
	mac80211: Fix TKIP replay protection immediately after key setup
	wireless: wext: avoid gcc -O3 warning
	netfilter: nft_tunnel: ERSPAN_VERSION must not be null
	net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec
	bnxt_en: Fix ipv6 RFS filter matching logic.
	riscv: delete temporary files
	iwlwifi: Don't ignore the cap field upon mcc update
	ARM: dts: am335x-boneblack-common: fix memory size
	vti[6]: fix packet tx through bpf_redirect()
	xfrm interface: fix packet tx through bpf_redirect()
	xfrm: interface: do not confirm neighbor when do pmtu update
	scsi: fnic: do not queue commands during fwreset
	ARM: 8955/1: virt: Relax arch timer version check during early boot
	tee: optee: Fix compilation issue with nommu
	airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE
	airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE
	r8152: get default setting of WOL before initializing
	ARM: dts: am43x-epos-evm: set data pin directions for spi0 and spi1
	qlcnic: Fix CPU soft lockup while collecting firmware dump
	powerpc/fsl/dts: add fsl,erratum-a011043
	net/fsl: treat fsl,erratum-a011043
	net: fsl/fman: rename IF_MODE_XGMII to IF_MODE_10G
	seq_tab_next() should increase position index
	l2t_seq_next should increase position index
	net: Fix skb->csum update in inet_proto_csum_replace16().
	btrfs: do not zero f_bavail if we have available space
	perf report: Fix no libunwind compiled warning break s390 issue
	mm/migrate.c: also overwrite error when it is bigger than zero
	Linux 4.19.102

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ia9b63c7932b66f469ab0e88467e1e07741408f0b
 2020-02-05 19:20:26 +00:00
Orr Mazor
a4f85674e4 cfg80211: Fix radar event during another phy CAC 
[ Upstream commit 26ec17a1dc ]

In case a radar event of CAC_FINISHED or RADAR_DETECTED
happens during another phy is during CAC we might need
to cancel that CAC.

If we got a radar in a channel that another phy is now
doing CAC on then the CAC should be canceled there.

If, for example, 2 phys doing CAC on the same channels,
or on comptable channels, once on of them will finish his
CAC the other might need to cancel his CAC, since it is no
longer relevant.

To fix that the commit adds an callback and implement it in
mac80211 to end CAC.
This commit also adds a call to said callback if after a radar
event we see the CAC is no longer relevant

Signed-off-by: Orr Mazor <Orr.Mazor@tandemg.com>
Reviewed-by: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
Link: https://lore.kernel.org/r/20191222145449.15792-1-Orr.Mazor@tandemg.com
[slightly reformat/reword commit message]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-02-05 14:43:46 +00:00
Greg Kroah-Hartman
1b44c9bd91 This is the 4.19.101 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl41RsgACgkQONu9yGCS
 aT4P7A/+PZVt4c6phHZ9tj0OV4TjAWfu3IX9nLypzyBxjmBeJu8yt1pkNrfKj6fT
 +N3MjDlmAYss5CV6SOACPWXdhAQF3SsM6PR+CSrzwpS3+iAVTqNTaHpZqJFBgr3R
 cDe+MksbMLDpw3x+hXWV1E6WKcJZZJVeANuaD09HQDRVqKw1hRGxGEdyPChEjT71
 Ml3o9a2TYzOvRClBtBHPRQNy/MP4cVv06kS7jefDNh1z9PMsD2w01W54ur44WFJb
 aujt6bLyJlcs0cPdSkU7D8pmgzs/0cxW8N+4gCpfW66P6FJL8SU4RDTujUARlyvC
 oP5d62XrARXAO0hh1NYdWyUqpQjOFJRTWfEqW+lFGo5s9yL9oPW8vcCBKBuZfg+u
 HlVCCTCyU/IJN0DMeqdneThDg8sxirlzHu/NllgGIf7rhyMRqRmruQZXc1W3/7e8
 UgqqAEFkgVmJgq3mVWlHsV5Fmgb+PQlqj4rSB05wlAbXsQwF0nbSS/lsvwDR8qqE
 8nO/PQoxpQyAOYJ+iyaCsq51IsJUCwWOto8L/RpdYSbFpLTn+BRmNdDr7jHOVnPl
 FshugoXijE6IrVGIJhJBGGy/E+eG8Dru7IZEsi2UZLsw+bBvucqv7raIHAJ2YRaL
 8ZuwwmvpZpCOdYSWa7lIgqZb0qOTyR+b6UQ57X8hS5U3MZ2jMOE=
 =+bpt
 -----END PGP SIGNATURE-----

Merge 4.19.101 into android-4.19

Changes in 4.19.101
	orinoco_usb: fix interface sanity check
	rsi_91x_usb: fix interface sanity check
	usb: dwc3: pci: add ID for the Intel Comet Lake -V variant
	USB: serial: ir-usb: add missing endpoint sanity check
	USB: serial: ir-usb: fix link-speed handling
	USB: serial: ir-usb: fix IrLAP framing
	usb: dwc3: turn off VBUS when leaving host mode
	staging: most: net: fix buffer overflow
	staging: wlan-ng: ensure error return is actually returned
	staging: vt6656: correct packet types for CTS protect, mode.
	staging: vt6656: use NULLFUCTION stack on mac80211
	staging: vt6656: Fix false Tx excessive retries reporting.
	serial: 8250_bcm2835aux: Fix line mismatch on driver unbind
	component: do not dereference opaque pointer in debugfs
	mei: me: add comet point (lake) H device ids
	iio: st_gyro: Correct data for LSM9DS0 gyro
	crypto: chelsio - fix writing tfm flags to wrong place
	cifs: Fix memory allocation in __smb2_handle_cancelled_cmd()
	ath9k: fix storage endpoint lookup
	brcmfmac: fix interface sanity check
	rtl8xxxu: fix interface sanity check
	zd1211rw: fix storage endpoint lookup
	net_sched: ematch: reject invalid TCF_EM_SIMPLE
	net_sched: fix ops->bind_class() implementations
	HID: multitouch: Add LG MELF0410 I2C touchscreen support
	arc: eznps: fix allmodconfig kconfig warning
	HID: Add quirk for Xin-Mo Dual Controller
	HID: ite: Add USB id match for Acer SW5-012 keyboard dock
	HID: Add quirk for incorrect input length on Lenovo Y720
	drivers/hid/hid-multitouch.c: fix a possible null pointer access.
	phy: qcom-qmp: Increase PHY ready timeout
	phy: cpcap-usb: Prevent USB line glitches from waking up modem
	watchdog: max77620_wdt: fix potential build errors
	watchdog: rn5t618_wdt: fix module aliases
	spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
	drivers/net/b44: Change to non-atomic bit operations on pwol_mask
	net: wan: sdla: Fix cast from pointer to integer of different size
	gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP
	atm: eni: fix uninitialized variable warning
	HID: steam: Fix input device disappearing
	platform/x86: dell-laptop: disable kbd backlight on Inspiron 10xx
	PCI: Add DMA alias quirk for Intel VCA NTB
	iommu/amd: Support multiple PCI DMA aliases in IRQ Remapping
	ARM: OMAP2+: SmartReflex: add omap_sr_pdata definition
	usb-storage: Disable UAS on JMicron SATA enclosure
	sched/fair: Add tmp_alone_branch assertion
	sched/fair: Fix insertion in rq->leaf_cfs_rq_list
	rsi: fix use-after-free on probe errors
	rsi: fix memory leak on failed URB submission
	rsi: fix non-atomic allocation in completion handler
	crypto: af_alg - Use bh_lock_sock in sk_destruct
	random: try to actively add entropy rather than passively wait for it
	block: cleanup __blkdev_issue_discard()
	block: fix 32 bit overflow in __blkdev_issue_discard()
	KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE
	Linux 4.19.101

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I801cd8d04eea35b4b53957cc69c0987d88094992
 2020-02-02 20:22:38 +00:00
Cong Wang
9f7a32834b net_sched: fix ops->bind_class() implementations 
[ Upstream commit 2e24cd7555 ]

The current implementations of ops->bind_class() are merely
searching for classid and updating class in the struct tcf_result,
without invoking either of cl_ops->bind_tcf() or
cl_ops->unbind_tcf(). This breaks the design of them as qdisc's
like cbq use them to count filters too. This is why syzbot triggered
the warning in cbq_destroy_class().

In order to fix this, we have to call cl_ops->bind_tcf() and
cl_ops->unbind_tcf() like the filter binding path. This patch does
so by refactoring out two helper functions __tcf_bind_filter()
and __tcf_unbind_filter(), which are lockless and accept a Qdisc
pointer, then teaching each implementation to call them correctly.

Note, we merely pass the Qdisc pointer as an opaque pointer to
each filter, they only need to pass it down to the helper
functions without understanding it at all.

Fixes: 07d79fc7d9 ("net_sched: add reverse binding for tc class")
Reported-and-tested-by: syzbot+0a0596220218fcb603a8@syzkaller.appspotmail.com
Reported-and-tested-by: syzbot+63bdb6006961d8c917c6@syzkaller.appspotmail.com
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-02-01 09:37:06 +00:00
Greg Kroah-Hartman
1fca2c99f4 This is the 4.19.99 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4u6tsACgkQONu9yGCS
 aT693A//TExeDRnNnf+2v4TJorylyRr17BMxk/Ie2L5E6d2n/RWodsrOThAPU9tx
 5alNUkXCT8Jd31BUVnUoPoAQ4zSymSVi++XEf05wDeO0tQ982IESGaLmu9EC1uMF
 nnM5y4IdRYmFI1Zji4h5vRJckoYUlB6Mdg4BgMr4Q1KX7RkZYfe6bjs7DwM/uyMx
 jVXdFaQBD1H6F5W6A+GmgUZ36g9uNqzcBxxWwv5URj+q816NdI4bsxIJMF0v0WC+
 S54fmpS07QWIYKKsQBUepeSgEF4ECESOE2VoF1ICcnfakdPnDBmNgyPJPSrLmVf+
 itRUxoH1MewaOvoJrv+xsGBPmM29LcKH2oBmj5DR2Xstp7ACPs+OtXJEU9dUTDN4
 NhaSts5fIp0f4Y5mMn508pDUwYDAWDt99ZJWdx6aK/TRyUsHBgpxBQDt37BE3U5W
 PCBnObNe2b2KDAsVXLjX5iDYoA0+usFreveMo8uEP+ohfh0ANvJlRkzedYw7NquI
 ZCcT+I1P9q8aa0528tR332VLrQeYg+kG6LVi2kAabmRA/VtEsT0w90MY/eo2vuTU
 WlPmbs2yerv2HTm050e6MOgBZfPh7wP/FpbjsSXufj7EDywlfxF+1hXdwfrpPJeN
 fN3g0kepeUp7+kLzO40FLam/z5ndjAUhyN2SBaPzGsXjMkZdETk=
 =zvlh
 -----END PGP SIGNATURE-----

Merge 4.19.99 into android-4.19

Changes in 4.19.99
	Revert "efi: Fix debugobjects warning on 'efi_rts_work'"
	xfs: Sanity check flags of Q_XQUOTARM call
	i2c: stm32f7: rework slave_id allocation
	i2c: i2c-stm32f7: fix 10-bits check in slave free id search loop
	mfd: intel-lpss: Add default I2C device properties for Gemini Lake
	SUNRPC: Fix svcauth_gss_proxy_init()
	powerpc/pseries: Enable support for ibm,drc-info property
	powerpc/archrandom: fix arch_get_random_seed_int()
	tipc: update mon's self addr when node addr generated
	tipc: fix wrong timeout input for tipc_wait_for_cond()
	mt7601u: fix bbp version check in mt7601u_wait_bbp_ready
	crypto: sun4i-ss - fix big endian issues
	perf map: No need to adjust the long name of modules
	soc: aspeed: Fix snoop_file_poll()'s return type
	watchdog: sprd: Fix the incorrect pointer getting from driver data
	ipmi: Fix memory leak in __ipmi_bmc_register
	drm/sti: do not remove the drm_bridge that was never added
	ARM: dts: at91: nattis: set the PRLUD and HIPOW signals low
	ARM: dts: at91: nattis: make the SD-card slot work
	ixgbe: don't clear IPsec sa counters on HW clearing
	drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset()
	iio: fix position relative kernel version
	apparmor: Fix network performance issue in aa_label_sk_perm
	ALSA: hda: fix unused variable warning
	apparmor: don't try to replace stale label in ptrace access check
	ARM: qcom_defconfig: Enable MAILBOX
	firmware: coreboot: Let OF core populate platform device
	PCI: iproc: Remove PAXC slot check to allow VF support
	bridge: br_arp_nd_proxy: set icmp6_router if neigh has NTF_ROUTER
	drm/hisilicon: hibmc: Don't overwrite fb helper surface depth
	signal/ia64: Use the generic force_sigsegv in setup_frame
	signal/ia64: Use the force_sig(SIGSEGV,...) in ia64_rt_sigreturn
	ASoC: wm9712: fix unused variable warning
	mailbox: mediatek: Add check for possible failure of kzalloc
	IB/rxe: replace kvfree with vfree
	IB/hfi1: Add mtu check for operational data VLs
	genirq/debugfs: Reinstate full OF path for domain name
	usb: dwc3: add EXTCON dependency for qcom
	usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure
	cfg80211: regulatory: make initialization more robust
	mei: replace POLL* with EPOLL* for write queues.
	drm/msm: fix unsigned comparison with less than zero
	of: Fix property name in of_node_get_device_type
	ALSA: usb-audio: update quirk for B&W PX to remove microphone
	iwlwifi: nvm: get num of hw addresses from firmware
	staging: comedi: ni_mio_common: protect register write overflow
	netfilter: nft_osf: usage from output path is not valid
	pwm: lpss: Release runtime-pm reference from the driver's remove callback
	powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index
	rtlwifi: rtl8821ae: replace _rtl8821ae_mrate_idx_to_arfr_id with generic version
	RDMA/bnxt_re: Add missing spin lock initialization
	netfilter: nf_flow_table: do not remove offload when other netns's interface is down
	powerpc/kgdb: add kgdb_arch_set/remove_breakpoint()
	tipc: eliminate message disordering during binding table update
	net: socionext: Add dummy PHY register read in phy_write()
	drm/sun4i: hdmi: Fix double flag assignation
	net: hns3: add error handler for hns3_nic_init_vector_data()
	mlxsw: reg: QEEC: Add minimum shaper fields
	mlxsw: spectrum: Set minimum shaper on MC TCs
	NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks
	ASoC: wm97xx: fix uninitialized regmap pointer problem
	ARM: dts: bcm283x: Correct mailbox register sizes
	pcrypt: use format specifier in kobject_add
	ASoC: sun8i-codec: add missing route for ADC
	pinctrl: meson-gxl: remove invalid GPIOX tsin_a pins
	bus: ti-sysc: Add mcasp optional clocks flag
	exportfs: fix 'passing zero to ERR_PTR()' warning
	drm: rcar-du: Fix the return value in case of error in 'rcar_du_crtc_set_crc_source()'
	drm: rcar-du: Fix vblank initialization
	net: always initialize pagedlen
	drm/dp_mst: Skip validating ports during destruction, just ref
	arm64: dts: meson-gx: Add hdmi_5v regulator as hdmi tx supply
	arm64: dts: renesas: r8a7795-es1: Add missing power domains to IPMMU nodes
	net: phy: Fix not to call phy_resume() if PHY is not attached
	IB/hfi1: Correctly process FECN and BECN in packets
	OPP: Fix missing debugfs supply directory for OPPs
	IB/rxe: Fix incorrect cache cleanup in error flow
	mailbox: ti-msgmgr: Off by one in ti_msgmgr_of_xlate()
	staging: bcm2835-camera: Abort probe if there is no camera
	staging: bcm2835-camera: fix module autoloading
	switchtec: Remove immediate status check after submitting MRPC command
	ipv6: add missing tx timestamping on IPPROTO_RAW
	pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group
	pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group
	pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group
	pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group
	pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group
	pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field
	pinctrl: sh-pfc: r8a77970: Add missing MOD_SEL0 field
	pinctrl: sh-pfc: r8a77980: Add missing MOD_SEL0 field
	pinctrl: sh-pfc: sh7734: Add missing IPSR11 field
	pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations
	pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field
	pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value
	net: hns3: fix error handling int the hns3_get_vector_ring_chain
	vxlan: changelink: Fix handling of default remotes
	Input: nomadik-ske-keypad - fix a loop timeout test
	fork,memcg: fix crash in free_thread_stack on memcg charge fail
	clk: highbank: fix refcount leak in hb_clk_init()
	clk: qoriq: fix refcount leak in clockgen_init()
	clk: ti: fix refcount leak in ti_dt_clocks_register()
	clk: socfpga: fix refcount leak
	clk: samsung: exynos4: fix refcount leak in exynos4_get_xom()
	clk: imx6q: fix refcount leak in imx6q_clocks_init()
	clk: imx6sx: fix refcount leak in imx6sx_clocks_init()
	clk: imx7d: fix refcount leak in imx7d_clocks_init()
	clk: vf610: fix refcount leak in vf610_clocks_init()
	clk: armada-370: fix refcount leak in a370_clk_init()
	clk: kirkwood: fix refcount leak in kirkwood_clk_init()
	clk: armada-xp: fix refcount leak in axp_clk_init()
	clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init()
	clk: dove: fix refcount leak in dove_clk_init()
	MIPS: BCM63XX: drop unused and broken DSP platform device
	arm64: defconfig: Re-enable bcm2835-thermal driver
	remoteproc: qcom: q6v5-mss: Add missing clocks for MSM8996
	remoteproc: qcom: q6v5-mss: Add missing regulator for MSM8996
	drm: Fix error handling in drm_legacy_addctx
	ARM: dts: r8a7743: Remove generic compatible string from iic3
	drm/etnaviv: fix some off by one bugs
	drm/fb-helper: generic: Fix setup error path
	fork, memcg: fix cached_stacks case
	IB/usnic: Fix out of bounds index check in query pkey
	RDMA/ocrdma: Fix out of bounds index check in query pkey
	RDMA/qedr: Fix out of bounds index check in query pkey
	drm/shmob: Fix return value check in shmob_drm_probe
	arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD
	spi: cadence: Correct initialisation of runtime PM
	RDMA/iw_cxgb4: Fix the unchecked ep dereference
	net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ9031
	memory: tegra: Don't invoke Tegra30+ specific memory timing setup on Tegra20
	drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()
	media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL
	kbuild: mark prepare0 as PHONY to fix external module build
	crypto: brcm - Fix some set-but-not-used warning
	crypto: tgr192 - fix unaligned memory access
	ASoC: imx-sgtl5000: put of nodes if finding codec fails
	IB/iser: Pass the correct number of entries for dma mapped SGL
	net: hns3: fix wrong combined count returned by ethtool -l
	media: tw9910: Unregister subdevice with v4l2-async
	IB/mlx5: Don't override existing ip_protocol
	rtc: cmos: ignore bogus century byte
	spi/topcliff_pch: Fix potential NULL dereference on allocation error
	net: hns3: fix bug of ethtool_ops.get_channels for VF
	ARM: dts: sun8i-a23-a33: Move NAND controller device node to sort by address
	clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it
	iwlwifi: mvm: avoid possible access out of array.
	net/mlx5: Take lock with IRQs disabled to avoid deadlock
	ip_tunnel: Fix route fl4 init in ip_md_tunnel_xmit
	arm64: dts: allwinner: h6: Move GIC device node fix base address ordering
	iwlwifi: mvm: fix A-MPDU reference assignment
	bus: ti-sysc: Fix timer handling with drop pm_runtime_irq_safe()
	tty: ipwireless: Fix potential NULL pointer dereference
	driver: uio: fix possible memory leak in __uio_register_device
	driver: uio: fix possible use-after-free in __uio_register_device
	crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments
	driver core: Fix DL_FLAG_AUTOREMOVE_SUPPLIER device link flag handling
	driver core: Avoid careless re-use of existing device links
	driver core: Do not resume suppliers under device_links_write_lock()
	driver core: Fix handling of runtime PM flags in device_link_add()
	driver core: Do not call rpm_put_suppliers() in pm_runtime_drop_link()
	ARM: dts: lpc32xx: add required clocks property to keypad device node
	ARM: dts: lpc32xx: reparent keypad controller to SIC1
	ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant
	ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property
	ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage
	drm/xen-front: Fix mmap attributes for display buffers
	iwlwifi: mvm: fix RSS config command
	staging: most: cdev: add missing check for cdev_add failure
	clk: ingenic: jz4740: Fix gating of UDC clock
	rtc: ds1672: fix unintended sign extension
	thermal: mediatek: fix register index error
	arm64: dts: msm8916: remove bogus argument to the cpu clock
	ath10k: fix dma unmap direction for management frames
	net: phy: fixed_phy: Fix fixed_phy not checking GPIO
	rtc: ds1307: rx8130: Fix alarm handling
	net/smc: original socket family in inet_sock_diag
	rtc: 88pm860x: fix unintended sign extension
	rtc: 88pm80x: fix unintended sign extension
	rtc: pm8xxx: fix unintended sign extension
	fbdev: chipsfb: remove set but not used variable 'size'
	iw_cxgb4: use tos when importing the endpoint
	iw_cxgb4: use tos when finding ipv6 routes
	ipmi: kcs_bmc: handle devm_kasprintf() failure case
	xsk: add missing smp_rmb() in xsk_mmap
	drm/etnaviv: potential NULL dereference
	ntb_hw_switchtec: debug print 64bit aligned crosslink BAR Numbers
	ntb_hw_switchtec: NT req id mapping table register entry number should be 512
	pinctrl: sh-pfc: emev2: Add missing pinmux functions
	pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group
	pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group
	pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups
	RDMA/mlx5: Fix memory leak in case we fail to add an IB device
	driver core: Fix possible supplier PM-usage counter imbalance
	PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio()
	usb: phy: twl6030-usb: fix possible use-after-free on remove
	block: don't use bio->bi_vcnt to figure out segment number
	keys: Timestamp new keys
	net: dsa: b53: Fix default VLAN ID
	net: dsa: b53: Properly account for VLAN filtering
	net: dsa: b53: Do not program CPU port's PVID
	mt76: usb: fix possible memory leak in mt76u_buf_free
	media: sh: migor: Include missing dma-mapping header
	vfio_pci: Enable memory accesses before calling pci_map_rom
	hwmon: (pmbus/tps53679) Fix driver info initialization in probe routine
	mdio_bus: Fix PTR_ERR() usage after initialization to constant
	KVM: PPC: Release all hardware TCE tables attached to a group
	staging: r8822be: check kzalloc return or bail
	dmaengine: mv_xor: Use correct device for DMA API
	cdc-wdm: pass return value of recover_from_urb_loss
	brcmfmac: create debugfs files for bus-specific layer
	regulator: pv88060: Fix array out-of-bounds access
	regulator: pv88080: Fix array out-of-bounds access
	regulator: pv88090: Fix array out-of-bounds access
	net: dsa: qca8k: Enable delay for RGMII_ID mode
	net/mlx5: Delete unused FPGA QPN variable
	drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON
	drm/nouveau/pmu: don't print reply values if exec is false
	drm/nouveau: fix missing break in switch statement
	driver core: Fix PM-runtime for links added during consumer probe
	ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of()
	net: dsa: fix unintended change of bridge interface STP state
	fs/nfs: Fix nfs_parse_devname to not modify it's argument
	staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx
	powerpc/64s: Fix logic when handling unknown CPU features
	NFS: Fix a soft lockup in the delegation recovery code
	perf: Copy parent's address filter offsets on clone
	perf, pt, coresight: Fix address filters for vmas with non-zero offset
	clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable
	clocksource/drivers/exynos_mct: Fix error path in timer resources initialization
	platform/x86: wmi: fix potential null pointer dereference
	NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount
	mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe
	iommu: Fix IOMMU debugfs fallout
	ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used
	ARM: 8848/1: virt: Align GIC version check with arm64 counterpart
	ARM: 8849/1: NOMMU: Fix encodings for PMSAv8's PRBAR4/PRLAR4
	regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA
	ath10k: Fix length of wmi tlv command for protected mgmt frames
	netfilter: nft_set_hash: fix lookups with fixed size hash on big endian
	netfilter: nft_set_hash: bogus element self comparison from deactivation path
	net: sched: act_csum: Fix csum calc for tagged packets
	hwrng: bcm2835 - fix probe as platform device
	iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm()
	NFS: Add missing encode / decode sequence_maxsz to v4.2 operations
	NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE()
	net: aquantia: fixed instack structure overflow
	powerpc/mm: Check secondary hash page table
	media: dvb/earth-pt1: fix wrong initialization for demod blocks
	rbd: clear ->xferred on error from rbd_obj_issue_copyup()
	PCI: Fix "try" semantics of bus and slot reset
	nios2: ksyms: Add missing symbol exports
	x86/mm: Remove unused variable 'cpu'
	scsi: megaraid_sas: reduce module load time
	nfp: fix simple vNIC mailbox length
	drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen()
	xen, cpu_hotplug: Prevent an out of bounds access
	net/mlx5: Fix multiple updates of steering rules in parallel
	net/mlx5e: IPoIB, Fix RX checksum statistics update
	net: sh_eth: fix a missing check of of_get_phy_mode
	regulator: lp87565: Fix missing register for LP87565_BUCK_0
	soc: amlogic: gx-socinfo: Add mask for each SoC packages
	media: ivtv: update *pos correctly in ivtv_read_pos()
	media: cx18: update *pos correctly in cx18_read_pos()
	media: wl128x: Fix an error code in fm_download_firmware()
	media: cx23885: check allocation return
	regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB
	crypto: ccree - reduce kernel stack usage with clang
	jfs: fix bogus variable self-initialization
	tipc: tipc clang warning
	m68k: mac: Fix VIA timer counter accesses
	ARM: dts: sun8i: a33: Reintroduce default pinctrl muxing
	arm64: dts: allwinner: a64: Add missing PIO clocks
	ARM: dts: sun9i: optimus: Fix fixed-regulators
	net: phy: don't clear BMCR in genphy_soft_reset
	ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset()
	net: dsa: Avoid null pointer when failing to connect to PHY
	soc: qcom: cmd-db: Fix an error code in cmd_db_dev_probe()
	media: davinci-isif: avoid uninitialized variable use
	media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
	spi: tegra114: clear packed bit for unpacked mode
	spi: tegra114: fix for unpacked mode transfers
	spi: tegra114: terminate dma and reset on transfer timeout
	spi: tegra114: flush fifos
	spi: tegra114: configure dma burst size to fifo trig level
	bus: ti-sysc: Fix sysc_unprepare() when no clocks have been allocated
	soc/fsl/qe: Fix an error code in qe_pin_request()
	spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios
	drm/fb-helper: generic: Call drm_client_add() after setup is done
	arm64/vdso: don't leak kernel addresses
	rtc: Fix timestamp value for RTC_TIMESTAMP_BEGIN_1900
	rtc: mt6397: Don't call irq_dispose_mapping.
	ehea: Fix a copy-paste err in ehea_init_port_res
	bpf: Add missed newline in verifier verbose log
	drm/vmwgfx: Remove set but not used variable 'restart'
	scsi: qla2xxx: Unregister chrdev if module initialization fails
	of: use correct function prototype for of_overlay_fdt_apply()
	net/sched: cbs: fix port_rate miscalculation
	clk: qcom: Skip halt checks on gcc_pcie_0_pipe_clk for 8998
	ACPI: button: reinitialize button state upon resume
	firmware: arm_scmi: fix of_node leak in scmi_mailbox_check
	rxrpc: Fix detection of out of order acks
	scsi: target/core: Fix a race condition in the LUN lookup code
	brcmfmac: fix leak of mypkt on error return path
	ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data"
	PCI: rockchip: Fix rockchip_pcie_ep_assert_intx() bitwise operations
	net: hns3: fix for vport->bw_limit overflow problem
	hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses
	perf/core: Fix the address filtering fix
	staging: android: vsoc: fix copy_from_user overrun
	PCI: dwc: Fix dw_pcie_ep_find_capability() to return correct capability offset
	soc: amlogic: meson-gx-pwrc-vpu: Fix power on/off register bitmask
	platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer
	tipc: set sysctl_tipc_rmem and named_timeout right range
	usb: typec: tcpm: Notify the tcpc to start connection-detection for SRPs
	selftests/ipc: Fix msgque compiler warnings
	net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info()
	powerpc: vdso: Make vdso32 installation conditional in vdso_install
	ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect
	media: ov2659: fix unbalanced mutex_lock/unlock
	6lowpan: Off by one handling ->nexthdr
	dmaengine: axi-dmac: Don't check the number of frames for alignment
	ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk()
	afs: Fix AFS file locking to allow fine grained locks
	afs: Further fix file locking
	NFS: Don't interrupt file writeout due to fatal errors
	coresight: catu: fix clang build warning
	s390/kexec_file: Fix potential segment overlap in ELF loader
	irqchip/gic-v3-its: fix some definitions of inner cacheability attributes
	scsi: qla2xxx: Fix a format specifier
	scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd()
	scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory
	KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest
	netfilter: nft_flow_offload: add entry to flowtable after confirmation
	PCI: iproc: Enable iProc config read for PAXBv2
	ARM: dts: logicpd-som-lv: Fix MMC1 card detect
	packet: in recvmsg msg_name return at least sizeof sockaddr_ll
	ASoC: fix valid stream condition
	usb: gadget: fsl: fix link error against usb-gadget module
	dwc2: gadget: Fix completed transfer size calculation in DDMA
	IB/mlx5: Add missing XRC options to QP optional params mask
	RDMA/rxe: Consider skb reserve space based on netdev of GID
	iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU
	net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry
	net: ena: fix: Free napi resources when ena_up() fails
	net: ena: fix incorrect test of supported hash function
	net: ena: fix ena_com_fill_hash_function() implementation
	dmaengine: tegra210-adma: restore channel status
	watchdog: rtd119x_wdt: Fix remove function
	mmc: core: fix possible use after free of host
	lightnvm: pblk: fix lock order in pblk_rb_tear_down_check
	ath10k: Fix encoding for protected management frames
	afs: Fix the afs.cell and afs.volume xattr handlers
	vfio/mdev: Avoid release parent reference during error path
	vfio/mdev: Follow correct remove sequence
	vfio/mdev: Fix aborting mdev child device removal if one fails
	l2tp: Fix possible NULL pointer dereference
	ALSA: aica: Fix a long-time build breakage
	media: omap_vout: potential buffer overflow in vidioc_dqbuf()
	media: davinci/vpbe: array underflow in vpbe_enum_outputs()
	platform/x86: alienware-wmi: printing the wrong error code
	crypto: caam - fix caam_dump_sg that iterates through scatterlist
	netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule
	pwm: meson: Consider 128 a valid pre-divider
	pwm: meson: Don't disable PWM when setting duty repeatedly
	ARM: riscpc: fix lack of keyboard interrupts after irq conversion
	nfp: bpf: fix static check error through tightening shift amount adjustment
	kdb: do a sanity check on the cpu in kdb_per_cpu()
	netfilter: nf_tables: correct NFT_LOGLEVEL_MAX value
	backlight: lm3630a: Return 0 on success in update_status functions
	thermal: rcar_gen3_thermal: fix interrupt type
	thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power
	EDAC/mc: Fix edac_mc_find() in case no device is found
	afs: Fix key leak in afs_release() and afs_evict_inode()
	afs: Don't invalidate callback if AFS_VNODE_DIR_VALID not set
	afs: Fix lock-wait/callback-break double locking
	afs: Fix double inc of vnode->cb_break
	ARM: dts: sun8i-h3: Fix wifi in Beelink X2 DT
	clk: meson: gxbb: no spread spectrum on mpll0
	clk: meson: axg: spread spectrum is on mpll2
	dmaengine: tegra210-adma: Fix crash during probe
	arm64: dts: meson: libretech-cc: set eMMC as removable
	RDMA/qedr: Fix incorrect device rate.
	spi: spi-fsl-spi: call spi_finalize_current_message() at the end
	crypto: ccp - fix AES CFB error exposed by new test vectors
	crypto: ccp - Fix 3DES complaint from ccp-crypto module
	serial: stm32: fix word length configuration
	serial: stm32: fix rx error handling
	serial: stm32: fix rx data length when parity enabled
	serial: stm32: fix transmit_chars when tx is stopped
	serial: stm32: Add support of TC bit status check
	serial: stm32: fix wakeup source initialization
	misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa
	iommu: Add missing new line for dma type
	iommu: Use right function to get group for device
	signal/bpfilter: Fix bpfilter_kernl to use send_sig not force_sig
	signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig
	inet: frags: call inet_frags_fini() after unregister_pernet_subsys()
	net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector
	crypto: talitos - fix AEAD processing.
	netvsc: unshare skb in VF rx handler
	net: core: support XDP generic on stacked devices.
	RDMA/uverbs: check for allocation failure in uapi_add_elm()
	net: don't clear sock->sk early to avoid trouble in strparser
	phy: qcom-qusb2: fix missing assignment of ret when calling clk_prepare_enable
	cpufreq: brcmstb-avs-cpufreq: Fix initial command check
	cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency
	clk: sunxi-ng: sun50i-h6-r: Fix incorrect W1 clock gate register
	media: vivid: fix incorrect assignment operation when setting video mode
	crypto: inside-secure - fix zeroing of the request in ahash_exit_inv
	crypto: inside-secure - fix queued len computation
	arm64: dts: renesas: ebisu: Remove renesas, no-ether-link property
	mpls: fix warning with multi-label encap
	serial: stm32: fix a recursive locking in stm32_config_rs485
	arm64: dts: meson-gxm-khadas-vim2: fix gpio-keys-polled node
	arm64: dts: meson-gxm-khadas-vim2: fix Bluetooth support
	iommu/vt-d: Duplicate iommu_resv_region objects per device list
	phy: usb: phy-brcm-usb: Remove sysfs attributes upon driver removal
	firmware: arm_scmi: fix bitfield definitions for SENSOR_DESC attributes
	firmware: arm_scmi: update rate_discrete in clock_describe_rates_get
	ntb_hw_switchtec: potential shift wrapping bug in switchtec_ntb_init_sndev()
	ASoC: meson: axg-tdmin: right_j is not supported
	ASoC: meson: axg-tdmout: right_j is not supported
	qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state
	qed: iWARP - fix uninitialized callback
	powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild
	powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration
	bpf: fix the check that forwarding is enabled in bpf_ipv6_fib_lookup
	IB/hfi1: Handle port down properly in pio
	drm/msm/mdp5: Fix mdp5_cfg_init error return
	net: netem: fix backlog accounting for corrupted GSO frames
	net/udp_gso: Allow TX timestamp with UDP GSO
	net/af_iucv: build proper skbs for HiperTransport
	net/af_iucv: always register net_device notifier
	ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs
	rtc: pcf8563: Fix interrupt trigger method
	rtc: pcf8563: Clear event flags and disable interrupts before requesting irq
	ARM: dts: iwg20d-q7-common: Fix SDHI1 VccQ regularor
	net/sched: cbs: Fix error path of cbs_module_init
	arm64: dts: allwinner: h6: Pine H64: Add interrupt line for RTC
	drm/msm/a3xx: remove TPL1 regs from snapshot
	ip6_fib: Don't discard nodes with valid routing information in fib6_locate_1()
	perf/ioctl: Add check for the sample_period value
	dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width"
	clk: qcom: Fix -Wunused-const-variable
	nvmem: imx-ocotp: Ensure WAIT bits are preserved when setting timing
	nvmem: imx-ocotp: Change TIMING calculation to u-boot algorithm
	tools: bpftool: use correct argument in cgroup errors
	backlight: pwm_bl: Fix heuristic to determine number of brightness levels
	fork,memcg: alloc_thread_stack_node needs to set tsk->stack
	bnxt_en: Fix ethtool selftest crash under error conditions.
	bnxt_en: Suppress error messages when querying DSCP DCB capabilities.
	iommu/amd: Make iommu_disable safer
	mfd: intel-lpss: Release IDA resources
	rxrpc: Fix uninitialized error code in rxrpc_send_data_packet()
	xprtrdma: Fix use-after-free in rpcrdma_post_recvs
	um: Fix IRQ controller regression on console read
	PM: ACPI/PCI: Resume all devices during hibernation
	ACPI: PM: Simplify and fix PM domain hibernation callbacks
	ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS
	fsi/core: Fix error paths on CFAM init
	devres: allow const resource arguments
	fsi: sbefifo: Don't fail operations when in SBE IPL state
	RDMA/hns: Fixs hw access invalid dma memory error
	PCI: mobiveil: Remove the flag MSI_FLAG_MULTI_PCI_MSI
	PCI: mobiveil: Fix devfn check in mobiveil_pcie_valid_device()
	PCI: mobiveil: Fix the valid check for inbound and outbound windows
	ceph: fix "ceph.dir.rctime" vxattr value
	net: pasemi: fix an use-after-free in pasemi_mac_phy_init()
	net/tls: fix socket wmem accounting on fallback with netem
	x86/pgtable/32: Fix LOWMEM_PAGES constant
	xdp: fix possible cq entry leak
	ARM: stm32: use "depends on" instead of "if" after prompt
	scsi: libfc: fix null pointer dereference on a null lport
	xfrm interface: ifname may be wrong in logs
	drm/panel: make drm_panel.h self-contained
	clk: sunxi-ng: v3s: add the missing PLL_DDR1
	PM: sleep: Fix possible overflow in pm_system_cancel_wakeup()
	libertas_tf: Use correct channel range in lbtf_geo_init
	qed: reduce maximum stack frame size
	usb: host: xhci-hub: fix extra endianness conversion
	media: rcar-vin: Clean up correct notifier in error path
	mic: avoid statically declaring a 'struct device'.
	x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI
	crypto: ccp - Reduce maximum stack usage
	ALSA: aoa: onyx: always initialize register read value
	arm64: dts: renesas: r8a77995: Fix register range of display node
	tipc: reduce risk of wakeup queue starvation
	ARM: dts: stm32: add missing vdda-supply to adc on stm32h743i-eval
	net/mlx5: Fix mlx5_ifc_query_lag_out_bits
	cifs: fix rmmod regression in cifs.ko caused by force_sig changes
	iio: tsl2772: Use devm_add_action_or_reset for tsl2772_chip_off
	net: fix bpf_xdp_adjust_head regression for generic-XDP
	spi: bcm-qspi: Fix BSPI QUAD and DUAL mode support when using flex mode
	cxgb4: smt: Add lock for atomic_dec_and_test
	crypto: caam - free resources in case caam_rng registration failed
	ext4: set error return correctly when ext4_htree_store_dirent fails
	RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver
	RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver
	ASoC: es8328: Fix copy-paste error in es8328_right_line_controls
	ASoC: cs4349: Use PM ops 'cs4349_runtime_pm'
	ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls
	net/rds: Add a few missing rds_stat_names entries
	tools: bpftool: fix arguments for p_err() in do_event_pipe()
	tools: bpftool: fix format strings and arguments for jsonw_printf()
	drm: rcar-du: lvds: Fix bridge_to_rcar_lvds
	bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails
	signal: Allow cifs and drbd to receive their terminating signals
	powerpc/64s/radix: Fix memory hot-unplug page table split
	ASoC: sun4i-i2s: RX and TX counter registers are swapped
	dmaengine: dw: platform: Switch to acpi_dma_controller_register()
	rtc: rv3029: revert error handling patch to rv3029_eeprom_write()
	mac80211: minstrel_ht: fix per-group max throughput rate initialization
	i40e: reduce stack usage in i40e_set_fc
	media: atmel: atmel-isi: fix timeout value for stop streaming
	ARM: 8896/1: VDSO: Don't leak kernel addresses
	rtc: pcf2127: bugfix: read rtc disables watchdog
	mips: avoid explicit UB in assignment of mips_io_port_base
	media: em28xx: Fix exception handling in em28xx_alloc_urbs()
	iommu/mediatek: Fix iova_to_phys PA start for 4GB mode
	ahci: Do not export local variable ahci_em_messages
	rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]
	Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()"
	hwmon: (lm75) Fix write operations for negative temperatures
	net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate
	power: supply: Init device wakeup after device_add()
	x86, perf: Fix the dependency of the x86 insn decoder selftest
	staging: greybus: light: fix a couple double frees
	irqdomain: Add the missing assignment of domain->fwnode for named fwnode
	bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA
	usb: typec: tps6598x: Fix build error without CONFIG_REGMAP_I2C
	bcache: Fix an error code in bch_dump_read()
	iio: dac: ad5380: fix incorrect assignment to val
	netfilter: ctnetlink: honor IPS_OFFLOAD flag
	ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init
	wcn36xx: use dynamic allocation for large variables
	tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs
	ARM: dts: aspeed-g5: Fixe gpio-ranges upper limit
	xsk: avoid store-tearing when assigning queues
	xsk: avoid store-tearing when assigning umem
	led: triggers: Fix dereferencing of null pointer
	net: sonic: return NETDEV_TX_OK if failed to map buffer
	net: hns3: fix error VF index when setting VLAN offload
	rtlwifi: Fix file release memory leak
	ARM: dts: logicpd-som-lv: Fix i2c2 and i2c3 Pin mux
	f2fs: fix wrong error injection path in inc_valid_block_count()
	f2fs: fix error path of f2fs_convert_inline_page()
	scsi: fnic: fix msix interrupt allocation
	Btrfs: fix hang when loading existing inode cache off disk
	Btrfs: fix inode cache waiters hanging on failure to start caching thread
	Btrfs: fix inode cache waiters hanging on path allocation failure
	btrfs: use correct count in btrfs_file_write_iter()
	ixgbe: sync the first fragment unconditionally
	hwmon: (shtc1) fix shtc1 and shtw1 id mask
	net: sonic: replace dev_kfree_skb in sonic_send_packet
	pinctrl: iproc-gpio: Fix incorrect pinconf configurations
	gpio/aspeed: Fix incorrect number of banks
	ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet
	RDMA/cma: Fix false error message
	net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names'
	um: Fix off by one error in IRQ enumeration
	bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX commands
	f2fs: fix to avoid accessing uninitialized field of inode page in is_alive()
	mailbox: qcom-apcs: fix max_register value
	clk: actions: Fix factor clk struct member access
	powerpc/mm/mce: Keep irqs disabled during lockless page table walk
	bpf: fix BTF limits
	crypto: hisilicon - Matching the dma address for dma_pool_free()
	iommu/amd: Wait for completion of IOTLB flush in attach_device
	net: aquantia: Fix aq_vec_isr_legacy() return value
	cxgb4: Signedness bug in init_one()
	net: hisilicon: Fix signedness bug in hix5hd2_dev_probe()
	net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
	net: netsec: Fix signedness bug in netsec_probe()
	net: socionext: Fix a signedness bug in ave_probe()
	net: stmmac: dwmac-meson8b: Fix signedness bug in probe
	net: axienet: fix a signedness bug in probe
	of: mdio: Fix a signedness bug in of_phy_get_and_connect()
	net: nixge: Fix a signedness bug in nixge_probe()
	net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()
	net: sched: cbs: Avoid division by zero when calculating the port rate
	nvme: retain split access workaround for capability reads
	net: stmmac: gmac4+: Not all Unicast addresses may be available
	rxrpc: Fix trace-after-put looking at the put connection record
	mac80211: accept deauth frames in IBSS mode
	llc: fix another potential sk_buff leak in llc_ui_sendmsg()
	llc: fix sk_buff refcounting in llc_conn_state_process()
	ip6erspan: remove the incorrect mtu limit for ip6erspan
	net: stmmac: fix length of PTP clock's name string
	net: stmmac: fix disabling flexible PPS output
	sctp: add chunks to sk_backlog when the newsk sk_socket is not set
	s390/qeth: Fix error handling during VNICC initialization
	s390/qeth: Fix initialization of vnicc cmd masks during set online
	act_mirred: Fix mirred_init_module error handling
	net: avoid possible false sharing in sk_leave_memory_pressure()
	net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head
	tcp: annotate lockless access to tcp_memory_pressure
	net/smc: receive returns without data
	net/smc: receive pending data after RCV_SHUTDOWN
	drm/msm/dsi: Implement reset correctly
	vhost/test: stop device before reset
	dmaengine: imx-sdma: fix size check for sdma script_number
	firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices
	arm64: hibernate: check pgd table allocation
	net: netem: fix error path for corrupted GSO frames
	net: netem: correct the parent's backlog when corrupted packet was dropped
	xsk: Fix registration of Rx-only sockets
	bpf, offload: Unlock on error in bpf_offload_dev_create()
	afs: Fix missing timeout reset
	net: qca_spi: Move reset_count to struct qcaspi
	hv_netvsc: Fix offset usage in netvsc_send_table()
	hv_netvsc: Fix send_table offset in case of a host bug
	afs: Fix large file support
	drm: panel-lvds: Potential Oops in probe error handling
	hwrng: omap3-rom - Fix missing clock by probing with device tree
	dpaa_eth: perform DMA unmapping before read
	dpaa_eth: avoid timestamp read on error paths
	MIPS: Loongson: Fix return value of loongson_hwmon_init
	hv_netvsc: flag software created hash value
	net: neigh: use long type to store jiffies delta
	packet: fix data-race in fanout_flow_is_huge()
	i2c: stm32f7: report dma error during probe
	mmc: sdio: fix wl1251 vendor id
	mmc: core: fix wl1251 sdio quirks
	affs: fix a memory leak in affs_remount
	afs: Remove set but not used variables 'before', 'after'
	dmaengine: ti: edma: fix missed failure handling
	drm/radeon: fix bad DMA from INTERRUPT_CNTL2
	arm64: dts: juno: Fix UART frequency
	samples/bpf: Fix broken xdp_rxq_info due to map order assumptions
	usb: dwc3: Allow building USB_DWC3_QCOM without EXTCON
	IB/iser: Fix dma_nents type definition
	serial: stm32: fix clearing interrupt error flags
	arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node
	m68k: Call timer_interrupt() with interrupts disabled
	Linux 4.19.99

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ieabeab79ea5c8cb4b6b1552702fa5d6100cea5db
 2020-01-27 15:55:44 +01:00
Eric Dumazet
a92c895e22 tcp: annotate lockless access to tcp_memory_pressure 
[ Upstream commit 1f142c17d1 ]

tcp_memory_pressure is read without holding any lock,
and its value could be changed on other cpus.

Use READ_ONCE() to annotate these lockless reads.

The write side is already using atomic ops.

Fixes: b8da51ebb1 ("tcp: introduce tcp_under_memory_pressure()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-01-27 14:51:18 +01:00
Eric Dumazet
b0fb910bfd net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head 
[ Upstream commit 60b173ca3d ]

reqsk_queue_empty() is called from inet_csk_listen_poll() while
other cpus might write ->rskq_accept_head value.

Use {READ|WRITE}_ONCE() to avoid compiler tricks
and potential KCSAN splats.

Fixes: fff1f3001c ("tcp: add a spinlock to protect struct request_sock_queue")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-01-27 14:51:18 +01:00
Xin Long
b15a38ce95 sctp: add chunks to sk_backlog when the newsk sk_socket is not set 
[ Upstream commit 819be8108f ]

This patch is to fix a NULL-ptr deref in selinux_socket_connect_helper:

  [...] kasan: GPF could be caused by NULL-ptr deref or user memory access
  [...] RIP: 0010:selinux_socket_connect_helper+0x94/0x460
  [...] Call Trace:
  [...]  selinux_sctp_bind_connect+0x16a/0x1d0
  [...]  security_sctp_bind_connect+0x58/0x90
  [...]  sctp_process_asconf+0xa52/0xfd0 [sctp]
  [...]  sctp_sf_do_asconf+0x785/0x980 [sctp]
  [...]  sctp_do_sm+0x175/0x5a0 [sctp]
  [...]  sctp_assoc_bh_rcv+0x285/0x5b0 [sctp]
  [...]  sctp_backlog_rcv+0x482/0x910 [sctp]
  [...]  __release_sock+0x11e/0x310
  [...]  release_sock+0x4f/0x180
  [...]  sctp_accept+0x3f9/0x5a0 [sctp]
  [...]  inet_accept+0xe7/0x720

It was caused by that the 'newsk' sk_socket was not set before going to
security sctp hook when processing asconf chunk with SCTP_PARAM_ADD_IP
or SCTP_PARAM_SET_PRIMARY:

  inet_accept()->
    sctp_accept():
      lock_sock():
          lock listening 'sk'
                                          do_softirq():
                                            sctp_rcv():  <-- [1]
                                                asconf chunk arrives and
                                                enqueued in 'sk' backlog
      sctp_sock_migrate():
          set asoc's sk to 'newsk'
      release_sock():
          sctp_backlog_rcv():
            lock 'newsk'
            sctp_process_asconf()  <-- [2]
            unlock 'newsk'
    sock_graft():
        set sk_socket  <-- [3]

As it shows, at [1] the asconf chunk would be put into the listening 'sk'
backlog, as accept() was holding its sock lock. Then at [2] asconf would
get processed with 'newsk' as asoc's sk had been set to 'newsk'. However,
'newsk' sk_socket is not set until [3], while selinux_sctp_bind_connect()
would deref it, then kernel crashed.

Here to fix it by adding the chunk to sk_backlog until newsk sk_socket is
set when .accept() is done.

Note that sk->sk_socket can be NULL when the sock is closed, so SOCK_DEAD
flag is also needed to check in sctp_newsk_ready().

Thanks to Ondrej for reviewing the code.

Fixes: d452930fd3 ("selinux: Add SCTP support")
Reported-by: Ying Xu <yinxu@redhat.com>
Suggested-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-01-27 14:51:17 +01:00
Nicolas Dichtel
6f8fa5c32d xfrm interface: ifname may be wrong in logs 
[ Upstream commit e0aaa332e6 ]

The ifname is copied when the interface is created, but is never updated
later. In fact, this property is used only in one error message, where the
netdevice pointer is available, thus let's use it.

Fixes: f203b76d78 ("xfrm: Add virtual xfrm interfaces")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-01-27 14:51:01 +01:00
Greg Kroah-Hartman
058f817c56 This is the 4.19.97 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4iATUACgkQONu9yGCS
 aT7cCRAAjuJwCWAbhK75jSn1SLooiDb72LA2UAcLTOjqZJDq9qrOCiXJJySmAp6M
 uGOIhTbWm2bPVcymXmUdNDlloicwyVNYuXH2TfslFe0Y/TlVtO1bUHa28e19cOmd
 HZeCupVogZcISronLUFtZSrKux5mnh33zI7RohYVtQD9wyCCRdxxCyts7fUwJ6Cg
 PNRJiFXIObKABHdg2x08wlDRDPLM4aZFWIqpa7NhJXeQvxj1xTCvwx6bsFQOopg5
 IL/Ntcj8S5t3wBIMO4wNsPlvQ/axG80+uZJtt2g0ROOsBQ0OS6b7Z3v/st1p3Brk
 b2ZxOq4Xna4fsjRloEwcMgvnIohqUylTei7ZxcjCxcCzGLUa237Sk/eBfUxXImcP
 /KbXgkbXVWUbG6dgqb4i32+U1FjKS2YpJvMxv8dlMcR5JLg5rI+Wwi1taaJkkJYO
 CZPMG0V53rQZYCN2Vk2mmY1CRXHfrDF8lymXhI6KhUZDhzAQqr1Rwv3By/+pM7gu
 dDSXwL3IhuBuHqKr2LkztzQTUnQZp676CS/505RpnjBDyBwIVn+/3G83pFXMpuzW
 kcPDr54nHiqceEB5B3qd80+PhfaH7qFjfzNSKuad8X7dZrn1oqs9g8y7tgJbM8o6
 iwIgHi21WPurzxqrC2Ud93WO7Tlohn+aXt6Peh5+yzKUy5V1sm0=
 =ISjS
 -----END PGP SIGNATURE-----

Merge 4.19.97 into android-4.19

Changes in 4.19.97
	hidraw: Return EPOLLOUT from hidraw_poll
	HID: hidraw: Fix returning EPOLLOUT from hidraw_poll
	HID: hidraw, uhid: Always report EPOLLOUT
	ethtool: reduce stack usage with clang
	fs/select: avoid clang stack usage warning
	cfg80211/mac80211: make ieee80211_send_layer2_update a public function
	mac80211: Do not send Layer 2 Update frame before authorization
	f2fs: Move err variable to function scope in f2fs_fill_dentries()
	f2fs: check memory boundary by insane namelen
	f2fs: check if file namelen exceeds max value
	media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
	iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
	iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init
	RDMA: Fix goto target to release the allocated memory
	dccp: Fix memleak in __feat_register_sp
	drm/i915: Fix use-after-free when destroying GEM context
	rtc: mt6397: fix alarm register overwrite
	RDMA/bnxt_re: Avoid freeing MR resources if dereg fails
	RDMA/bnxt_re: Fix Send Work Entry state check while polling completions
	ASoC: soc-core: Set dpcm_playback / dpcm_capture
	ASoC: stm32: spdifrx: fix inconsistent lock state
	ASoC: stm32: spdifrx: fix race condition in irq handler
	mtd: onenand: omap2: Pass correct flags for prep_dma_memcpy
	gpio: zynq: Fix for bug in zynq_gpio_restore_context API
	iommu: Remove device link to group on failure
	gpio: Fix error message on out-of-range GPIO in lookup table
	hsr: reset network header when supervision frame is created
	s390/qeth: fix false reporting of VNIC CHAR config failure
	s390/qeth: Fix vnicc_is_in_use if rx_bcast not set
	cifs: Adjust indentation in smb2_open_file
	afs: Fix missing cell comparison in afs_test_super()
	drm/ttm: fix start page for huge page check in ttm_put_pages()
	drm/ttm: fix incrementing the page pointer for huge pages
	btrfs: simplify inode locking for RWF_NOWAIT
	RDMA/mlx5: Return proper error value
	RDMA/srpt: Report the SCSI residual to the initiator
	scsi: enclosure: Fix stale device oops with hot replug
	scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI
	platform/x86: asus-wmi: Fix keyboard brightness cannot be set to 0
	platform/x86: GPD pocket fan: Use default values when wrong modparams are given
	xprtrdma: Fix completion wait during device removal
	crypto: virtio - implement missing support for output IVs
	NFSv2: Fix a typo in encode_sattr()
	NFSv4.x: Drop the slot if nfs4_delegreturn_prepare waits for layoutreturn
	iio: imu: adis16480: assign bias value only if operation succeeded
	mei: fix modalias documentation
	clk: samsung: exynos5420: Preserve CPU clocks configuration during suspend/resume
	pinctl: ti: iodelay: fix error checking on pinctrl_count_index_with_args call
	pinctrl: lewisburg: Update pin list according to v1.1v6
	scsi: sd: enable compat ioctls for sed-opal
	arm64: dts: apq8096-db820c: Increase load on l21 for SDCARD
	af_unix: add compat_ioctl support
	compat_ioctl: handle SIOCOUTQNSD
	PCI: dwc: Fix find_next_bit() usage
	PCI/PTM: Remove spurious "d" from granularity message
	powerpc/powernv: Disable native PCIe port management
	tty: serial: imx: use the sg count from dma_map_sg
	tty: serial: pch_uart: correct usage of dma_unmap_sg
	media: ov6650: Fix incorrect use of JPEG colorspace
	media: ov6650: Fix some format attributes not under control
	media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
	media: rcar-vin: Fix incorrect return statement in rvin_try_format()
	media: v4l: cadence: Fix how unsued lanes are handled in 'csi2rx_start()'
	media: exynos4-is: Fix recursive locking in isp_video_release()
	iommu/mediatek: Correct the flush_iotlb_all callback
	mtd: spi-nor: fix silent truncation in spi_nor_read()
	mtd: spi-nor: fix silent truncation in spi_nor_read_raw()
	spi: atmel: fix handling of cs_change set on non-last xfer
	rtlwifi: Remove unnecessary NULL check in rtl_regd_init
	f2fs: fix potential overflow
	rtc: msm6242: Fix reading of 10-hour digit
	rtc: brcmstb-waketimer: add missed clk_disable_unprepare
	gpio: mpc8xxx: Add platform device to gpiochip->parent
	scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy()
	selftests: firmware: Fix it to do root uid check and skip
	rseq/selftests: Turn off timeout setting
	mips: cacheinfo: report shared CPU map
	MIPS: Prevent link failure with kcov instrumentation
	drm/arm/mali: make malidp_mw_connector_helper_funcs static
	dmaengine: k3dma: Avoid null pointer traversal
	ioat: ioat_alloc_ring() failure handling.
	hexagon: parenthesize registers in asm predicates
	hexagon: work around compiler crash
	ocfs2: call journal flush to mark journal as empty after journal recovery when mount
	Linux 4.19.97

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iebb3d1e2ea4f0eda2b753793c05b0f5344142610
 2020-01-17 23:40:29 +01:00
Dedy Lansky
85fa006ff2 cfg80211/mac80211: make ieee80211_send_layer2_update a public function 
commit 30ca1aa536 upstream.

Make ieee80211_send_layer2_update() a common function so other drivers
can re-use it.

Signed-off-by: Dedy Lansky <dlansky@codeaurora.org>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
[bwh: Backported to 4.19 as dependency of commit 3e493173b7
 "mac80211: Do not send Layer 2 Update frame before authorization"]
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-01-17 19:46:55 +01:00
Greg Kroah-Hartman
ff0e96e80f This is the 4.19.94 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4W8A4ACgkQONu9yGCS
 aT5ZcBAAha0GMcpxm1ettNVMXUVD/Df2pntc3x2G1T+dtI89YwIilJcdQBpbDGB6
 6oNRpnopc+/ynm820SMlhjBNE8KlDzHS3Tmsn1lplru0yOqZMFcFlHSESCAA0b4E
 T21KwQ4rLZTzW4LvTf//4WpJZD1RnVrwKkbgkci9kvCjZsdh2GMK3XkBeVBUdXuX
 3gvW+9zsgmkU3Bhk5Mi8JUmOw2yY5sJt2tDmIyxOtBknAo1TK6n4kqd+NgjfsdcI
 cnNTstDU0Ikmi4UBOZGDmey0THtHdvi/oM3DUkzHtZ68W0rg/gPu4nDR+Fx3sKvo
 y5bI10j4W16PKXyxVehel+lD8XmIV/+zSerS0enGjijBPZKI9FTlGEuczk0x7sj+
 wqMh3WkkPig2bQPrCOIjkA5VW4n/ZL07cjd1nNeZ48MkvA/3k47o4vDV/lPE88ZT
 49qqaJvZ3kAdqtV1pfzpQtrG1Pp8YPcEHAMYIM/6jb6poCro5vFtuRX4tzj2fRSf
 u7jSVPDt7ED9SgHPe+RrGWVIx2/iVnr5mVdi53rjWTWfeTdNIY5bUs/wsTde1k99
 9bnAhwD4ZbFrO240MMYPWpOCr8kl0LXAeyQ104m7ONbMRnLoRp4sQCae252jyHFD
 Qxgez5cDwDQnj2W4/SdXSWytioTnyVHsI89FkWw+f/IU8AsbBuw=
 =mmeT
 -----END PGP SIGNATURE-----

Merge 4.19.94 into android-4.19

Changes in 4.19.94
	nvme_fc: add module to ops template to allow module references
	nvme-fc: fix double-free scenarios on hw queues
	drm/amdgpu: add check before enabling/disabling broadcast mode
	drm/amdgpu: add cache flush workaround to gfx8 emit_fence
	drm/amd/display: Fixed kernel panic when booting with DP-to-HDMI dongle
	iio: adc: max9611: Fix too short conversion time delay
	PM / devfreq: Fix devfreq_notifier_call returning errno
	PM / devfreq: Set scaling_max_freq to max on OPP notifier error
	PM / devfreq: Don't fail devfreq_dev_release if not in list
	afs: Fix afs_find_server lookups for ipv4 peers
	afs: Fix SELinux setting security label on /afs
	RDMA/cma: add missed unregister_pernet_subsys in init failure
	rxe: correctly calculate iCRC for unaligned payloads
	scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
	scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
	scsi: qla2xxx: Don't call qlt_async_event twice
	scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length
	scsi: qla2xxx: Configure local loop for N2N target
	scsi: qla2xxx: Send Notify ACK after N2N PLOGI
	scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI
	scsi: iscsi: qla4xxx: fix double free in probe
	scsi: libsas: stop discovering if oob mode is disconnected
	drm/nouveau: Move the declaration of struct nouveau_conn_atom up a bit
	usb: gadget: fix wrong endpoint desc
	net: make socket read/write_iter() honor IOCB_NOWAIT
	afs: Fix creation calls in the dynamic root to fail with EOPNOTSUPP
	md: raid1: check rdev before reference in raid1_sync_request func
	s390/cpum_sf: Adjust sampling interval to avoid hitting sample limits
	s390/cpum_sf: Avoid SBD overflow condition in irq handler
	IB/mlx4: Follow mirror sequence of device add during device removal
	IB/mlx5: Fix steering rule of drop and count
	xen-blkback: prevent premature module unload
	xen/balloon: fix ballooned page accounting without hotplug enabled
	PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
	ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass speaker
	ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC
	ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen
	xfs: fix mount failure crash on invalid iclog memory access
	taskstats: fix data-race
	drm: limit to INT_MAX in create_blob ioctl
	netfilter: nft_tproxy: Fix port selector on Big Endian
	ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet support code
	ALSA: usb-audio: fix set_format altsetting sanity check
	ALSA: usb-audio: set the interface format after resume on Dell WD19
	ALSA: hda/realtek - Add headset Mic no shutup for ALC283
	drm/sun4i: hdmi: Remove duplicate cleanup calls
	MIPS: Avoid VDSO ABI breakage due to global register variable
	media: pulse8-cec: fix lost cec_transmit_attempt_done() call
	media: cec: CEC 2.0-only bcast messages were ignored
	media: cec: avoid decrementing transmit_queue_sz if it is 0
	media: cec: check 'transmit_in_progress', not 'transmitting'
	mm/zsmalloc.c: fix the migrated zspage statistics.
	memcg: account security cred as well to kmemcg
	mm: move_pages: return valid node id in status if the page is already on the target node
	pstore/ram: Write new dumps to start of recycled zones
	locks: print unsigned ino in /proc/locks
	dmaengine: Fix access to uninitialized dma_slave_caps
	compat_ioctl: block: handle Persistent Reservations
	compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE
	ata: libahci_platform: Export again ahci_platform_<en/dis>able_phys()
	ata: ahci_brcm: Fix AHCI resources management
	ata: ahci_brcm: Allow optional reset controller to be used
	ata: ahci_brcm: Add missing clock management during recovery
	ata: ahci_brcm: BCM7425 AHCI requires AHCI_HFLAG_DELAY_ENGINE
	libata: Fix retrieving of active qcs
	gpiolib: fix up emulated open drain outputs
	riscv: ftrace: correct the condition logic in function graph tracer
	rseq/selftests: Fix: Namespace gettid() for compatibility with glibc 2.30
	tracing: Fix lock inversion in trace_event_enable_tgid_record()
	tracing: Avoid memory leak in process_system_preds()
	tracing: Have the histogram compare functions convert to u64 first
	tracing: Fix endianness bug in histogram trigger
	apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock
	ALSA: cs4236: fix error return comparison of an unsigned integer
	ALSA: firewire-motu: Correct a typo in the clock proc string
	exit: panic before exit_mm() on global init exit
	arm64: Revert support for execute-only user mappings
	ftrace: Avoid potential division by zero in function profiler
	drm/msm: include linux/sched/task.h
	PM / devfreq: Check NULL governor in available_governors_show
	nfsd4: fix up replay_matches_cache()
	HID: i2c-hid: Reset ALPS touchpads on resume
	ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100
	xfs: don't check for AG deadlock for realtime files in bunmapi
	platform/x86: pmc_atom: Add Siemens CONNECT X300 to critclk_systems DMI table
	Bluetooth: btusb: fix PM leak in error case of setup
	Bluetooth: delete a stray unlock
	Bluetooth: Fix memory leak in hci_connect_le_scan
	media: flexcop-usb: ensure -EIO is returned on error condition
	regulator: ab8500: Remove AB8505 USB regulator
	media: usb: fix memory leak in af9005_identify_state
	dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in example
	arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid power failed warning
	tty: serial: msm_serial: Fix lockup for sysrq and oops
	fix compat handling of FICLONERANGE, FIDEDUPERANGE and FS_IOC_FIEMAP
	bdev: Factor out bdev revalidation into a common helper
	bdev: Refresh bdev size for disks without partitioning
	scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails
	drm/mst: Fix MST sideband up-reply failure handling
	powerpc/pseries/hvconsole: Fix stack overread via udbg
	selftests: rtnetlink: add addresses with fixed life time
	KVM: PPC: Book3S HV: use smp_mb() when setting/clearing host_ipi flag
	rxrpc: Fix possible NULL pointer access in ICMP handling
	tcp: annotate tp->rcv_nxt lockless reads
	net: core: limit nested device depth
	ath9k_htc: Modify byte order for an error message
	ath9k_htc: Discard undersized packets
	xfs: periodically yield scrub threads to the scheduler
	net: add annotations on hh->hh_len lockless accesses
	ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps
	s390/smp: fix physical to logical CPU map for SMT
	xen/blkback: Avoid unmapping unmapped grant pages
	perf/x86/intel/bts: Fix the use of page_private()
	Linux 4.19.94

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic3d1a4e10565c38d0e82448f0fb7b6fd1822aab2
 2020-01-09 16:14:43 +01:00
Eric Dumazet
bc5fc4a609 net: add annotations on hh->hh_len lockless accesses 
[ Upstream commit c305c6ae79 ]

KCSAN reported a data-race [1]

While we can use READ_ONCE() on the read sides,
we need to make sure hh->hh_len is written last.

[1]

BUG: KCSAN: data-race in eth_header_cache / neigh_resolve_output

write to 0xffff8880b9dedcb8 of 4 bytes by task 29760 on cpu 0:
 eth_header_cache+0xa9/0xd0 net/ethernet/eth.c:247
 neigh_hh_init net/core/neighbour.c:1463 [inline]
 neigh_resolve_output net/core/neighbour.c:1480 [inline]
 neigh_resolve_output+0x415/0x470 net/core/neighbour.c:1470
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a2/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 ndisc_send_skb+0x459/0x5f0 net/ipv6/ndisc.c:505
 ndisc_send_ns+0x207/0x430 net/ipv6/ndisc.c:647
 rt6_probe_deferred+0x98/0xf0 net/ipv6/route.c:615
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

read to 0xffff8880b9dedcb8 of 4 bytes by task 29572 on cpu 1:
 neigh_resolve_output net/core/neighbour.c:1479 [inline]
 neigh_resolve_output+0x113/0x470 net/core/neighbour.c:1470
 neigh_output include/net/neighbour.h:511 [inline]
 ip6_finish_output2+0x7a2/0xec0 net/ipv6/ip6_output.c:116
 __ip6_finish_output net/ipv6/ip6_output.c:142 [inline]
 __ip6_finish_output+0x2d7/0x330 net/ipv6/ip6_output.c:127
 ip6_finish_output+0x41/0x160 net/ipv6/ip6_output.c:152
 NF_HOOK_COND include/linux/netfilter.h:294 [inline]
 ip6_output+0xf2/0x280 net/ipv6/ip6_output.c:175
 dst_output include/net/dst.h:436 [inline]
 NF_HOOK include/linux/netfilter.h:305 [inline]
 ndisc_send_skb+0x459/0x5f0 net/ipv6/ndisc.c:505
 ndisc_send_ns+0x207/0x430 net/ipv6/ndisc.c:647
 rt6_probe_deferred+0x98/0xf0 net/ipv6/route.c:615
 process_one_work+0x3d4/0x890 kernel/workqueue.c:2269
 worker_thread+0xa0/0x800 kernel/workqueue.c:2415
 kthread+0x1d4/0x200 drivers/block/aoe/aoecmd.c:1253
 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:352

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 29572 Comm: kworker/1:4 Not tainted 5.4.0-rc6+ #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Workqueue: events rt6_probe_deferred

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 2020-01-09 10:19:09 +01:00
Greg Kroah-Hartman
287ec341d6 This is the 4.19.93 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4Q1jAACgkQONu9yGCS
 aT7vqg/9FEBVO/NARJYQ/R7Z6L4fQUNgHmFI0y9iaTP2nlHuVuBvMHJdF7BmidHF
 9iwe/lctPobgoknUoA3nmt8WmPmCaKbFhABsS03sz1Q5Z+IC1g218s4SUppER3fB
 YlgqRDjKY0wwk2MPAOgIPaRQCNSiaVZFo+bH1Mxrj77m8D7NHKXiZPlrbDunVlEB
 NA0DWOyb04JehRoRNbKTHzLBs/VfZ0LhxEO5sS17M2hhOauYAKAFmSzdMPJwv4ka
 qiCR+4zWYR5LF64mG5jxmerhUjIOrhRUc+334//WH4jCuo9xjKrCmxLIjqR7wwHC
 dK4Apu128Ujl4boHxLrFKIG3f2K19gZz6h+sWrcxjTzZ/YWPYjPI4atuWrZEJIG5
 nhhcz4fZfLAxMNm51kM9i4WAcP2k+CX1ynD0AuzXIZXs+t+xOoaUtYeFHc/tpmig
 P/AA4eAYjojQHPUwNeR+8GmjOGPfwSuTNkd6PqAaaI1cvGtHK0y5M38FNrut+I1k
 pvYvWOvtvWOsR6YaJviU2HF7uNFX0saNqJ4Ahmm/nxdlxOKRcKDIzDI7ibwcwEOQ
 E20SZdPQG/oiaXq0itSstpDuYJ9hKr5YehPS7uAXvy0RT/H7J5cpSZuCUK74J4Zr
 rC2D5M99rW9aztpfEQxU6CTluIGLZ+eBp2pKTU420jkySxmOo6o=
 =qgtu
 -----END PGP SIGNATURE-----

Merge 4.19.93 into android-4.19

Changes in 4.19.93
	scsi: lpfc: Fix discovery failures when target device connectivity bounces
	scsi: mpt3sas: Fix clear pending bit in ioctl status
	scsi: lpfc: Fix locking on mailbox command completion
	Input: atmel_mxt_ts - disable IRQ across suspend
	f2fs: fix to update time in lazytime mode
	iommu: rockchip: Free domain on .domain_free
	iommu/tegra-smmu: Fix page tables in > 4 GiB memory
	dmaengine: xilinx_dma: Clear desc_pendingcount in xilinx_dma_reset
	scsi: target: compare full CHAP_A Algorithm strings
	scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
	scsi: csiostor: Don't enable IRQs too early
	scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec()
	powerpc/pseries: Mark accumulate_stolen_time() as notrace
	powerpc/pseries: Don't fail hash page table insert for bolted mapping
	powerpc/tools: Don't quote $objdump in scripts
	dma-debug: add a schedule point in debug_dma_dump_mappings()
	leds: lm3692x: Handle failure to probe the regulator
	clocksource/drivers/asm9260: Add a check for of_clk_get
	clocksource/drivers/timer-of: Use unique device name instead of timer
	powerpc/security/book3s64: Report L1TF status in sysfs
	powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning
	ext4: update direct I/O read lock pattern for IOCB_NOWAIT
	ext4: iomap that extends beyond EOF should be marked dirty
	jbd2: Fix statistics for the number of logged blocks
	scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6)
	scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
	f2fs: fix to update dir's i_pino during cross_rename
	clk: qcom: Allow constant ratio freq tables for rcg
	clk: clk-gpio: propagate rate change to parent
	irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary
	irqchip: ingenic: Error out if IRQ domain creation failed
	fs/quota: handle overflows of sysctl fs.quota.* and report as unsigned long
	scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer dereferences
	PCI: rpaphp: Fix up pointer to first drc-info entry
	scsi: ufs: fix potential bug which ends in system hang
	powerpc/pseries/cmm: Implement release() function for sysfs device
	PCI: rpaphp: Don't rely on firmware feature to imply drc-info support
	PCI: rpaphp: Annotate and correctly byte swap DRC properties
	PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name when using drc-info
	powerpc/security: Fix wrong message when RFI Flush is disable
	scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE
	clk: pxa: fix one of the pxa RTC clocks
	bcache: at least try to shrink 1 node in bch_mca_scan()
	HID: quirks: Add quirk for HP MSU1465 PIXART OEM mouse
	HID: logitech-hidpp: Silence intermittent get_battery_capacity errors
	ARM: 8937/1: spectre-v2: remove Brahma-B53 from hardening
	libnvdimm/btt: fix variable 'rc' set but not used
	HID: Improve Windows Precision Touchpad detection.
	HID: rmi: Check that the RMI_STARTED bit is set before unregistering the RMI transport device
	watchdog: Fix the race between the release of watchdog_core_data and cdev
	scsi: pm80xx: Fix for SATA device discovery
	scsi: ufs: Fix error handing during hibern8 enter
	scsi: scsi_debug: num_tgts must be >= 0
	scsi: NCR5380: Add disconnect_mask module parameter
	scsi: iscsi: Don't send data to unbound connection
	scsi: target: iscsi: Wait for all commands to finish before freeing a session
	gpio: mpc8xxx: Don't overwrite default irq_set_type callback
	apparmor: fix unsigned len comparison with less than zero
	scripts/kallsyms: fix definitely-lost memory leak
	powerpc: Don't add -mabi= flags when building with Clang
	cdrom: respect device capabilities during opening action
	perf script: Fix brstackinsn for AUXTRACE
	perf regs: Make perf_reg_name() return "unknown" instead of NULL
	s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR
	libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h
	s390/cpum_sf: Check for SDBT and SDB consistency
	ocfs2: fix passing zero to 'PTR_ERR' warning
	mailbox: imx: Fix Tx doorbell shutdown path
	kernel: sysctl: make drop_caches write-only
	userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK
	Revert "powerpc/vcpu: Assume dedicated processors as non-preempt"
	x86/mce: Fix possibly incorrect severity calculation on AMD
	net, sysctl: Fix compiler warning when only cBPF is present
	netfilter: nf_queue: enqueue skbs with NULL dst
	ALSA: hda - Downgrade error message for single-cmd fallback
	bonding: fix active-backup transition after link failure
	perf strbuf: Remove redundant va_end() in strbuf_addv()
	Make filldir[64]() verify the directory entry filename is valid
	filldir[64]: remove WARN_ON_ONCE() for bad directory entries
	netfilter: ebtables: compat: reject all padding in matches/watchers
	6pack,mkiss: fix possible deadlock
	netfilter: bridge: make sure to pull arp header in br_nf_forward_arp()
	inetpeer: fix data-race in inet_putpeer / inet_putpeer
	net: add a READ_ONCE() in skb_peek_tail()
	net: icmp: fix data-race in cmp_global_allow()
	hrtimer: Annotate lockless access to timer->state
	net: ena: fix napi handler misbehavior when the napi budget is zero
	net/mlxfw: Fix out-of-memory error in mfa2 flash burning
	net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs
	ptp: fix the race between the release of ptp_clock and cdev
	tcp: Fix highest_sack and highest_sack_seq
	udp: fix integer overflow while computing available space in sk_rcvbuf
	vhost/vsock: accept only packets with the right dst_cid
	net: add bool confirm_neigh parameter for dst_ops.update_pmtu
	ip6_gre: do not confirm neighbor when do pmtu update
	gtp: do not confirm neighbor when do pmtu update
	net/dst: add new function skb_dst_update_pmtu_no_confirm
	tunnel: do not confirm neighbor when do pmtu update
	vti: do not confirm neighbor when do pmtu update
	sit: do not confirm neighbor when do pmtu update
	net/dst: do not confirm neighbor for vxlan and geneve pmtu update
	gtp: do not allow adding duplicate tid and ms_addr pdp context
	net: marvell: mvpp2: phylink requires the link interrupt
	tcp/dccp: fix possible race __inet_lookup_established()
	tcp: do not send empty skb from tcp_write_xmit()
	gtp: fix wrong condition in gtp_genl_dump_pdp()
	gtp: fix an use-after-free in ipv4_pdp_find()
	gtp: avoid zero size hashtable
	spi: fsl: don't map irq during probe
	tty/serial: atmel: fix out of range clock divider handling
	pinctrl: baytrail: Really serialize all register accesses
	spi: fsl: use platform_get_irq() instead of of_irq_to_resource()
	Linux 4.19.93

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ie31b3fba19c5a45be0b85f272bc50cb8b67ea3c0
 2020-01-04 19:29:03 +01:00
Eric Dumazet
28f0d54dbe tcp/dccp: fix possible race __inet_lookup_established() 
commit 8dbd76e79a upstream.

Michal Kubecek and Firo Yang did a very nice analysis of crashes
happening in __inet_lookup_established().

Since a TCP socket can go from TCP_ESTABLISH to TCP_LISTEN
(via a close()/socket()/listen() cycle) without a RCU grace period,
I should not have changed listeners linkage in their hash table.

They must use the nulls protocol (Documentation/RCU/rculist_nulls.txt),
so that a lookup can detect a socket in a hash list was moved in
another one.

Since we added code in commit d296ba60d8 ("soreuseport: Resolve
merge conflict for v4/v6 ordering fix"), we have to add
hlist_nulls_add_tail_rcu() helper.

Fixes: 3b24d854cb ("tcp/dccp: do not touch listener sk_refcnt under synflood")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Michal Kubecek <mkubecek@suse.cz>
Reported-by: Firo Yang <firo.yang@suse.com>
Reviewed-by: Michal Kubecek <mkubecek@suse.cz>
Link: https://lore.kernel.org/netdev/20191120083919.GH27852@unicorn.suse.cz/
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
[stable-4.19: we also need to update code in __inet_lookup_listener() and
 inet6_lookup_listener() which has been removed in 5.0-rc1.]
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-01-04 19:13:41 +01:00
Hangbin Liu
a36b275f31 net/dst: do not confirm neighbor for vxlan and geneve pmtu update 
[ Upstream commit f081042d12 ]

When do IPv6 tunnel PMTU update and calls __ip6_rt_update_pmtu() in the end,
we should not call dst_confirm_neigh() as there is no two-way communication.

So disable the neigh confirm for vxlan and geneve pmtu update.

v5: No change.
v4: No change.
v3: Do not remove dst_confirm_neigh, but add a new bool parameter in
    dst_ops.update_pmtu to control whether we should do neighbor confirm.
    Also split the big patch to small ones for each area.
v2: Remove dst_confirm_neigh in __ip6_rt_update_pmtu.

Fixes: a93bf0ff44 ("vxlan: update skb dst pmtu on tx path")
Fixes: 52a589d51f ("geneve: update skb dst pmtu on tx path")
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Tested-by: Guillaume Nault <gnault@redhat.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-01-04 19:13:39 +01:00
Hangbin Liu
dba3ed5646 net/dst: add new function skb_dst_update_pmtu_no_confirm 
[ Upstream commit 07dc35c6e3 ]

Add a new function skb_dst_update_pmtu_no_confirm() for callers who need
update pmtu but should not do neighbor confirm.

v5: No change.
v4: No change.
v3: Do not remove dst_confirm_neigh, but add a new bool parameter in
    dst_ops.update_pmtu to control whether we should do neighbor confirm.
    Also split the big patch to small ones for each area.
v2: Remove dst_confirm_neigh in __ip6_rt_update_pmtu.

Reviewed-by: Guillaume Nault <gnault@redhat.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-01-04 19:13:38 +01:00
Hangbin Liu
8bf95f28be net: add bool confirm_neigh parameter for dst_ops.update_pmtu 
[ Upstream commit bd085ef678 ]

The MTU update code is supposed to be invoked in response to real
networking events that update the PMTU. In IPv6 PMTU update function
__ip6_rt_update_pmtu() we called dst_confirm_neigh() to update neighbor
confirmed time.

But for tunnel code, it will call pmtu before xmit, like:
  - tnl_update_pmtu()
    - skb_dst_update_pmtu()
      - ip6_rt_update_pmtu()
        - __ip6_rt_update_pmtu()
          - dst_confirm_neigh()

If the tunnel remote dst mac address changed and we still do the neigh
confirm, we will not be able to update neigh cache and ping6 remote
will failed.

So for this ip_tunnel_xmit() case, _EVEN_ if the MTU is changed, we
should not be invoking dst_confirm_neigh() as we have no evidence
of successful two-way communication at this point.

On the other hand it is also important to keep the neigh reachability fresh
for TCP flows, so we cannot remove this dst_confirm_neigh() call.

To fix the issue, we have to add a new bool parameter for dst_ops.update_pmtu
to choose whether we should do neigh update or not. I will add the parameter
in this patch and set all the callers to true to comply with the previous
way, and fix the tunnel code one by one on later patches.

v5: No change.
v4: No change.
v3: Do not remove dst_confirm_neigh, but add a new bool parameter in
    dst_ops.update_pmtu to control whether we should do neighbor confirm.
    Also split the big patch to small ones for each area.
v2: Remove dst_confirm_neigh in __ip6_rt_update_pmtu.

Suggested-by: David Miller <davem@davemloft.net>
Reviewed-by: Guillaume Nault <gnault@redhat.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2020-01-04 19:13:37 +01:00
Greg Kroah-Hartman
c8a465e614 This is the 4.19.92 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4La9gACgkQONu9yGCS
 aT6hlA//TDpj9rdEwkaKyg/Ge4TCOJSOiwlp2/5lg2Sroiuizz527hVybGOOYAHl
 gMA2Syt73PWStyfgl5B3AimcBvPADX8h/b1KiSoIdHFkq5rPFyneB6aEj+5jSK1V
 63UnnTV0T49wt0Jvs6nN0FxI4ZCXbfjzaSVz4BGIflz6h9UUkPAu91CJTKtPmrAp
 pliH20cMOykxyS/KfKa6zDcpIfU0k+DxL5U0Y5F1YRDKc1iPg8e6I3cNLgwKSja6
 21BgdoTyZdvbC85HxSY7V6Dswp4YQPBY3y8crp8npZ9apbYV7eNU3L1+WVQvxpFg
 kahhyjalqwqkKq+cTEsIFj7cjPksSlH/qytTS+lnN3BScXbFPp8GdzIazhQNSCv3
 S/7T51CcvNoVcs9Qeu+nwyvx+H1LH4MYO4C7RYWZhPnMcA+/MxvT5WXNKfjf2ekM
 N5h8xNATllzDuDkX+zVwW8i80SCyhVqQIKbXLn8ugGYW3G5TNdy8Ysh0kdrq26Y+
 LAELsbQhK/Kt8WF+XNBpb9LLbeUGn1GTwhnbEuD7IKI+bVxnmsGk8QUu3h+a9xFh
 lI7bsj8Ku9T+59/9xqAnoStEto+0tdTPB9Cx1jNdWlLiVdkewiDKiUbloFpDFS1n
 L3SvqB68DC/IznQcK970g3aIx9zbkb2KZRdj2Fu7apaY5D9q85I=
 =W+5k
 -----END PGP SIGNATURE-----

Merge 4.19.92 into android-4.19

Changes in 4.19.92
	af_packet: set defaule value for tmo
	fjes: fix missed check in fjes_acpi_add
	mod_devicetable: fix PHY module format
	net: dst: Force 4-byte alignment of dst_metrics
	net: gemini: Fix memory leak in gmac_setup_txqs
	net: hisilicon: Fix a BUG trigered by wrong bytes_compl
	net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive()
	net: qlogic: Fix error paths in ql_alloc_large_buffers()
	net: usb: lan78xx: Fix suspend/resume PHY register access error
	qede: Disable hardware gro when xdp prog is installed
	qede: Fix multicast mac configuration
	sctp: fully initialize v4 addr in some functions
	selftests: forwarding: Delete IPv6 address at the end
	btrfs: don't double lock the subvol_sem for rename exchange
	btrfs: do not call synchronize_srcu() in inode_tree_del
	Btrfs: fix missing data checksums after replaying a log tree
	btrfs: send: remove WARN_ON for readonly mount
	btrfs: abort transaction after failed inode updates in create_subvol
	btrfs: skip log replay on orphaned roots
	btrfs: do not leak reloc root if we fail to read the fs root
	btrfs: handle ENOENT in btrfs_uuid_tree_iterate
	Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues
	ALSA: pcm: Avoid possible info leaks from PCM stream buffers
	ALSA: hda/ca0132 - Keep power on during processing DSP response
	ALSA: hda/ca0132 - Avoid endless loop
	ALSA: hda/ca0132 - Fix work handling in delayed HP detection
	drm: mst: Fix query_payload ack reply struct
	drm/panel: Add missing drm_panel_init() in panel drivers
	drm/bridge: analogix-anx78xx: silence -EPROBE_DEFER warnings
	iio: light: bh1750: Resolve compiler warning and make code more readable
	drm/amdgpu: grab the id mgr lock while accessing passid_mapping
	spi: Add call to spi_slave_abort() function when spidev driver is released
	staging: rtl8192u: fix multiple memory leaks on error path
	staging: rtl8188eu: fix possible null dereference
	rtlwifi: prevent memory leak in rtl_usb_probe
	libertas: fix a potential NULL pointer dereference
	ath10k: fix backtrace on coredump
	IB/iser: bound protection_sg size by data_sg size
	media: am437x-vpfe: Setting STD to current value is not an error
	media: i2c: ov2659: fix s_stream return value
	media: ov6650: Fix crop rectangle alignment not passed back
	media: i2c: ov2659: Fix missing 720p register config
	media: ov6650: Fix stored frame format not in sync with hardware
	media: ov6650: Fix stored crop rectangle not in sync with hardware
	tools/power/cpupower: Fix initializer override in hsw_ext_cstates
	media: venus: core: Fix msm8996 frequency table
	ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq
	pinctrl: devicetree: Avoid taking direct reference to device name string
	drm/amdkfd: fix a potential NULL pointer dereference (v2)
	selftests/bpf: Correct path to include msg + path
	media: venus: Fix occasionally failures to suspend
	usb: renesas_usbhs: add suspend event support in gadget mode
	hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
	regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe()
	media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init()
	media: cec-funcs.h: add status_req checks
	drm/bridge: dw-hdmi: Refuse DDC/CI transfers on the internal I2C controller
	samples: pktgen: fix proc_cmd command result check logic
	block: Fix writeback throttling W=1 compiler warnings
	mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
	drm/drm_vblank: Change EINVAL by the correct errno
	media: cx88: Fix some error handling path in 'cx8800_initdev()'
	media: ti-vpe: vpe: Fix Motion Vector vpdma stride
	media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format
	media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number
	media: ti-vpe: vpe: Make sure YUYV is set as default format
	media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic
	media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases
	media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage
	syscalls/x86: Use the correct function type in SYSCALL_DEFINE0
	drm/amd/display: Fix dongle_caps containing stale information.
	extcon: sm5502: Reset registers during initialization
	x86/mm: Use the correct function type for native_set_fixmap()
	ath10k: Correct error handling of dma_map_single()
	drm/bridge: dw-hdmi: Restore audio when setting a mode
	perf test: Report failure for mmap events
	perf report: Add warning when libunwind not compiled in
	usb: usbfs: Suppress problematic bind and unbind uevents.
	iio: adc: max1027: Reset the device at probe time
	Bluetooth: missed cpu_to_le16 conversion in hci_init4_req
	Bluetooth: Workaround directed advertising bug in Broadcom controllers
	Bluetooth: hci_core: fix init for HCI_USER_CHANNEL
	bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack()
	x86/mce: Lower throttling MCE messages' priority to warning
	perf tests: Disable bp_signal testing for arm64
	drm/gma500: fix memory disclosures due to uninitialized bytes
	rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot
	ipmi: Don't allow device module unload when in use
	x86/ioapic: Prevent inconsistent state when moving an interrupt
	media: smiapp: Register sensor after enabling runtime PM on the device
	md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit
	arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill()
	i40e: initialize ITRN registers with correct values
	net: phy: dp83867: enable robust auto-mdix
	drm/tegra: sor: Use correct SOR index on Tegra210
	spi: sprd: adi: Add missing lock protection when rebooting
	ACPI: button: Add DMI quirk for Medion Akoya E2215T
	RDMA/qedr: Fix memory leak in user qp and mr
	gpu: host1x: Allocate gather copy for host1x
	net: dsa: LAN9303: select REGMAP when LAN9303 enable
	phy: qcom-usb-hs: Fix extcon double register after power cycle
	s390/time: ensure get_clock_monotonic() returns monotonic values
	s390/mm: add mm_pxd_folded() checks to pxd_free()
	net: hns3: add struct netdev_queue debug info for TX timeout
	libata: Ensure ata_port probe has completed before detach
	loop: fix no-unmap write-zeroes request behavior
	pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B
	iio: dln2-adc: fix iio_triggered_buffer_postenable() position
	libbpf: Fix error handling in bpf_map__reuse_fd()
	Bluetooth: Fix advertising duplicated flags
	pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler()
	ixgbe: protect TX timestamping from API misuse
	media: rcar_drif: fix a memory disclosure
	media: v4l2-core: fix touch support in v4l_g_fmt
	nvmem: imx-ocotp: reset error status on probe
	rfkill: allocate static minor
	bnx2x: Fix PF-VF communication over multi-cos queues.
	spi: img-spfi: fix potential double release
	ALSA: timer: Limit max amount of slave instances
	rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()
	perf probe: Fix to find range-only function instance
	perf probe: Fix to list probe event with correct line number
	perf jevents: Fix resource leak in process_mapfile() and main()
	perf probe: Walk function lines in lexical blocks
	perf probe: Fix to probe an inline function which has no entry pc
	perf probe: Fix to show ranges of variables in functions without entry_pc
	perf probe: Fix to show inlined function callsite without entry_pc
	libsubcmd: Use -O0 with DEBUG=1
	perf probe: Fix to probe a function which has no entry pc
	perf tools: Splice events onto evlist even on error
	drm/amdgpu: disallow direct upload save restore list from gfx driver
	drm/amdgpu: fix potential double drop fence reference
	xen/gntdev: Use select for DMA_SHARED_BUFFER
	perf parse: If pmu configuration fails free terms
	perf probe: Skip overlapped location on searching variables
	perf probe: Return a better scope DIE if there is no best scope
	perf probe: Fix to show calling lines of inlined functions
	perf probe: Skip end-of-sequence and non statement lines
	perf probe: Filter out instances except for inlined subroutine and subprogram
	ath10k: fix get invalid tx rate for Mesh metric
	fsi: core: Fix small accesses and unaligned offsets via sysfs
	media: pvrusb2: Fix oops on tear-down when radio support is not present
	soundwire: intel: fix PDI/stream mapping for Bulk
	crypto: atmel - Fix authenc support when it is set to m
	ice: delay less
	media: si470x-i2c: add missed operations in remove
	EDAC/ghes: Fix grain calculation
	spi: pxa2xx: Add missed security checks
	ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile
	iio: dac: ad5446: Add support for new AD5600 DAC
	ASoC: Intel: kbl_rt5663_rt5514_max98927: Add dmic format constraint
	s390/disassembler: don't hide instruction addresses
	nvme: Discard workaround for non-conformant devices
	parport: load lowlevel driver if ports not found
	bcache: fix static checker warning in bcache_device_free()
	cpufreq: Register drivers only after CPU devices have been registered
	x86/crash: Add a forward declaration of struct kimage
	tracing: use kvcalloc for tgid_map array allocation
	tracing/kprobe: Check whether the non-suffixed symbol is notrace
	bcache: fix deadlock in bcache_allocator
	iwlwifi: mvm: fix unaligned read of rx_pkt_status
	ASoC: wm8904: fix regcache handling
	spi: tegra20-slink: add missed clk_unprepare
	tun: fix data-race in gro_normal_list()
	crypto: virtio - deal with unsupported input sizes
	mmc: tmio: Add MMC_CAP_ERASE to allow erase/discard/trim requests
	btrfs: don't prematurely free work in end_workqueue_fn()
	btrfs: don't prematurely free work in run_ordered_work()
	ASoC: wm2200: add missed operations in remove and probe failure
	spi: st-ssc4: add missed pm_runtime_disable
	ASoC: wm5100: add missed pm_runtime_disable
	ASoC: Intel: bytcr_rt5640: Update quirk for Acer Switch 10 SW5-012 2-in-1
	x86/insn: Add some Intel instructions to the opcode map
	brcmfmac: remove monitor interface when detaching
	iwlwifi: check kasprintf() return value
	fbtft: Make sure string is NULL terminated
	net: ethernet: ti: ale: clean ale tbl on init and intf restart
	crypto: sun4i-ss - Fix 64-bit size_t warnings
	crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c
	mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED
	crypto: vmx - Avoid weird build failures
	libtraceevent: Fix memory leakage in copy_filter_type
	mips: fix build when "48 bits virtual memory" is enabled
	drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2
	net: phy: initialise phydev speed and duplex sanely
	btrfs: don't prematurely free work in reada_start_machine_worker()
	btrfs: don't prematurely free work in scrub_missing_raid56_worker()
	Revert "mmc: sdhci: Fix incorrect switch to HS mode"
	mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode
	can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
	usb: xhci: Fix build warning seen with CONFIG_PM=n
	drm/amdgpu: fix uninitialized variable pasid_mapping_needed
	s390/ftrace: fix endless recursion in function_graph tracer
	btrfs: return error pointer from alloc_test_extent_buffer
	usbip: Fix receive error in vhci-hcd when using scatter-gather
	usbip: Fix error path of vhci_recv_ret_submit()
	cpufreq: Avoid leaving stale IRQ work items during CPU offline
	USB: EHCI: Do not return -EPIPE when hub is disconnected
	intel_th: pci: Add Comet Lake PCH-V support
	intel_th: pci: Add Elkhart Lake SOC support
	platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes
	staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value
	ext4: fix ext4_empty_dir() for directories with holes
	ext4: check for directory entries too close to block end
	ext4: unlock on error in ext4_expand_extra_isize()
	KVM: arm64: Ensure 'params' is initialised when looking up sys register
	x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure()
	x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks[]
	powerpc/vcpu: Assume dedicated processors as non-preempt
	powerpc/irq: fix stack overflow verification
	mmc: sdhci-msm: Correct the offset and value for DDR_CONFIG register
	mmc: sdhci-of-esdhc: Revert "mmc: sdhci-of-esdhc: add erratum A-009204 support"
	mmc: sdhci: Update the tuning failed messages to pr_debug level
	mmc: sdhci-of-esdhc: fix P2020 errata handling
	mmc: sdhci: Workaround broken command queuing on Intel GLK
	mmc: sdhci: Add a quirk for broken command queuing
	nbd: fix shutdown and recv work deadlock v2
	perf probe: Fix to show function entry line as probe-able
	Linux 4.19.92

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ic4c7f9c713549ebb3319cd0275e88678bfa0e53d
 2019-12-31 17:11:54 +01:00
Geert Uytterhoeven
32a0e1ed0f net: dst: Force 4-byte alignment of dst_metrics 
[ Upstream commit 258a980d1e ]

When storing a pointer to a dst_metrics structure in dst_entry._metrics,
two flags are added in the least significant bits of the pointer value.
Hence this assumes all pointers to dst_metrics structures have at least
4-byte alignment.

However, on m68k, the minimum alignment of 32-bit values is 2 bytes, not
4 bytes.  Hence in some kernel builds, dst_default_metrics may be only
2-byte aligned, leading to obscure boot warnings like:

    WARNING: CPU: 0 PID: 7 at lib/refcount.c:28 refcount_warn_saturate+0x44/0x9a
    refcount_t: underflow; use-after-free.
    Modules linked in:
    CPU: 0 PID: 7 Comm: ksoftirqd/0 Tainted: G        W         5.5.0-rc2-atari-01448-g114a1a1038af891d-dirty #261
    Stack from 10835e6c:
	    10835e6c 0038134f 00023fa6 00394b0f 0000001c 00000009 00321560 00023fea
	    00394b0f 0000001c 001a70f8 00000009 00000000 10835eb4 00000001 00000000
	    04208040 0000000a 00394b4a 10835ed4 00043aa8 001a70f8 00394b0f 0000001c
	    00000009 00394b4a 0026aba8 003215a4 00000003 00000000 0026d5a8 00000001
	    003215a4 003a4361 003238d6 000001f0 00000000 003215a4 10aa3b00 00025e84
	    003ddb00 10834000 002416a8 10aa3b00 00000000 00000080 000aa038 0004854a
    Call Trace: [<00023fa6>] __warn+0xb2/0xb4
     [<00023fea>] warn_slowpath_fmt+0x42/0x64
     [<001a70f8>] refcount_warn_saturate+0x44/0x9a
     [<00043aa8>] printk+0x0/0x18
     [<001a70f8>] refcount_warn_saturate+0x44/0x9a
     [<0026aba8>] refcount_sub_and_test.constprop.73+0x38/0x3e
     [<0026d5a8>] ipv4_dst_destroy+0x5e/0x7e
     [<00025e84>] __local_bh_enable_ip+0x0/0x8e
     [<002416a8>] dst_destroy+0x40/0xae

Fix this by forcing 4-byte alignment of all dst_metrics structures.

Fixes: e5fd387ad5 ("ipv6: do not overwrite inetpeer metrics prematurely")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2019-12-31 16:34:37 +01:00
Greg Kroah-Hartman
00932fc1fb This is the 4.19.91 stable release 
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl397JkACgkQONu9yGCS
 aT7ZYhAAt1ooWxtWXrfevz7BJORUOerH0mPGnp9fZHaaxLad5vBcyG1nL1aJHbUF
 zfaWNOIo8btbX3+MLgl7ZPIb20zsG0YaUbburV0RNVS9Y65PETG7F9l9haAxT/f9
 BNw21+WHtClbt1OoFP8VD+4TFAsevXod4fvkFSBsWqU7EDQIXlYfYhThAe3v5gsX
 Ae5i27pAQdTCuEJg5a6Ir2g7mWtD7s2PRdjYL3Y2r2mmMDyUCJO+6BHnfrslD/oC
 b321fRlBH51zyg4L7T75K/DKNs7FosBr2Jo2V/X7Y/Oe+sYIggl67S+CSdIePJ+Y
 X3KVtWnvye4xlQoXBkDrEif+ULlyX8Bn+oIFHpD90WDB9buJA9VcfrOhOfDobeuM
 4QfQKUABKbJ9siNOKm6mWTH/UclBO0Ki13Pi1LQlG+xSTnY3WvbDzxb/FMSOhNwl
 bgN27g+wbjd5EV6IG2F1397FvcPvAZSSw2Gov7irHq9JdSIdvCuoygmQGTW8FOkG
 IS2F/iFNzM63YjeJwLr8cVpvE9lBfqnRcKGsCLeAX6tRULX/DcuDZQmOKY260u6j
 A4QT+JBLBTGXOXbq0Sd8NgoX5Axa1uXOdXsOsBVIYqrDcpz9Uwtg4FvWY+vCurGk
 zItKubQWjkB+iEf1NSfLsRMQenRcDz/g4Q4q/I0TJXabj8k5oaA=
 =eYwk
 -----END PGP SIGNATURE-----

Merge 4.19.91 into android-4.19

Changes in 4.19.91
	inet: protect against too small mtu values.
	mqprio: Fix out-of-bounds access in mqprio_dump
	net: bridge: deny dev_set_mac_address() when unregistering
	net: dsa: fix flow dissection on Tx path
	net: ethernet: ti: cpsw: fix extra rx interrupt
	net: sched: fix dump qlen for sch_mq/sch_mqprio with NOLOCK subqueues
	net: thunderx: start phy before starting autonegotiation
	openvswitch: support asymmetric conntrack
	tcp: md5: fix potential overestimation of TCP option space
	tipc: fix ordering of tipc module init and exit routine
	net/mlx5e: Query global pause state before setting prio2buffer
	tcp: fix rejected syncookies due to stale timestamps
	tcp: tighten acceptance of ACKs not matching a child socket
	tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE()
	Revert "arm64: preempt: Fix big-endian when checking preempt count in assembly"
	mmc: block: Make card_busy_detect() a bit more generic
	mmc: block: Add CMD13 polling for MMC IOCTLS with R1B response
	PCI/PM: Always return devices to D0 when thawing
	PCI: pciehp: Avoid returning prematurely from sysfs requests
	PCI: Fix Intel ACS quirk UPDCR register address
	PCI/MSI: Fix incorrect MSI-X masking on resume
	PCI: Apply Cavium ACS quirk to ThunderX2 and ThunderX3
	xtensa: fix TLB sanity checker
	rpmsg: glink: Set tail pointer to 0 at end of FIFO
	rpmsg: glink: Fix reuse intents memory leak issue
	rpmsg: glink: Fix use after free in open_ack TIMEOUT case
	rpmsg: glink: Put an extra reference during cleanup
	rpmsg: glink: Fix rpmsg_register_device err handling
	rpmsg: glink: Don't send pending rx_done during remove
	rpmsg: glink: Free pending deferred work on remove
	cifs: smbd: Return -EAGAIN when transport is reconnecting
	cifs: smbd: Add messages on RDMA session destroy and reconnection
	cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE
	cifs: Don't display RDMA transport on reconnect
	CIFS: Respect O_SYNC and O_DIRECT flags during reconnect
	CIFS: Close open handle after interrupted close
	ARM: dts: s3c64xx: Fix init order of clock providers
	ARM: tegra: Fix FLOW_CTLR_HALT register clobbering by tegra_resume()
	vfio/pci: call irq_bypass_unregister_producer() before freeing irq
	dma-buf: Fix memory leak in sync_file_merge()
	drm: meson: venc: cvbs: fix CVBS mode matching
	dm mpath: remove harmful bio-based optimization
	dm btree: increase rebalance threshold in __rebalance2()
	scsi: iscsi: Fix a potential deadlock in the timeout handler
	scsi: qla2xxx: Change discovery state before PLOGI
	drm/radeon: fix r1xx/r2xx register checker for POT textures
	xhci: fix USB3 device initiated resume race with roothub autosuspend
	Linux 4.19.91

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I974d1578d54f93e1c442e09685ddc2fdf373c441
 2019-12-21 11:20:11 +01:00
Guillaume Nault
fbcf85b047 tcp: Protect accesses to .ts_recent_stamp with {READ,WRITE}_ONCE() 
[ Upstream commit 721c8dafad ]

Syncookies borrow the ->rx_opt.ts_recent_stamp field to store the
timestamp of the last synflood. Protect them with READ_ONCE() and
WRITE_ONCE() since reads and writes aren't serialised.

Use of .rx_opt.ts_recent_stamp for storing the synflood timestamp was
introduced by a0f82f64e2 ("syncookies: remove last_synq_overflow from
struct tcp_sock"). But unprotected accesses were already there when
timestamp was stored in .last_synq_overflow.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Guillaume Nault <gnault@redhat.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 2019-12-21 10:57:19 +01:00