upstream commit 594cc251fd ("make 'user_access_begin()' do 'access_ok()'")
Originally, the rule used to be that you'd have to do access_ok()
separately, and then user_access_begin() before actually doing the
direct (optimized) user access.
But experience has shown that people then decide not to do access_ok()
at all, and instead rely on it being implied by other operations or
similar. Which makes it very hard to verify that the access has
actually been range-checked.
If you use the unsafe direct user accesses, hardware features (either
SMAP - Supervisor Mode Access Protection - on x86, or PAN - Privileged
Access Never - on ARM) do force you to use user_access_begin(). But
nothing really forces the range check.
By putting the range check into user_access_begin(), we actually force
people to do the right thing (tm), and the range check vill be visible
near the actual accesses. We have way too long a history of people
trying to avoid them.
Bug: 135368228
Change-Id: I4ca0e4566ea080fa148c5e768bb1a0b6f7201c01
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1yF0AACgkQONu9yGCS
aT64ew/6AzJDRMcmnx1COeRP8tfQ5A8ghjnp6REEca1MYJWjDlqd0X+EMd/7zorZ
YkBzb1ND1c/9KeGQzdx8lJ5lcNRVJcD7tT6irT5zMnBcyR9uPamAaVgmVHXxuorK
el4nvX9g/MxBLsuqLHxGr5pNXi7mHu6zfXyQ86TJzlez7yHlPuiJb8bDpHnCRJ1P
n/MemPq/nQgC5jPBQRhT+IpqC1MTIHNhRaHHg/5Gdrrz+eVumnk+1zbWqtBRuJKS
qS7RL1pI0Su00i5bY1r76iSkoRkGw9SoeIgz3sycbtAvGo9TI16/hZPvWAsYOAjL
2DQS0rMPSnM4QV0odbUImFt86f0YJiAL7xYS8EYCc4GX/eLbNRtP8yLq+8rlo4Oa
36HbiNhGSEjRxenfVRUD/STgBYzfVeQOMEyFJNRtfNDP/l66sLk/pEOEd83j06H4
G87BJgKFC35dv5QrbCmJO8P1IXLs5QaChD3dL6R9/hbvCU2A/MOqhPL16JCXWA20
+hOWn8ryrtBa5Dt0avAkrrnUNC8cVWyD44uAm+Hu/49CZpkTasZMB7Z81VSIsuvO
xoT1Jx0J1W/LtHwCghSkui/fjQjVpkP3xnB7zVGem73Mpcm68g6mLajKaUrLnJHp
/sz2mppF7gZob43anTtUhSV9OvrzqftkR+iFg3rCKSJyQE1o48o=
=hMvg
-----END PGP SIGNATURE-----
Merge 4.19.70 into android-4.19
Changes in 4.19.70
dmaengine: ste_dma40: fix unneeded variable warning
nvme-multipath: revalidate nvme_ns_head gendisk in nvme_validate_ns
afs: Fix the CB.ProbeUuid service handler to reply correctly
afs: Fix loop index mixup in afs_deliver_vl_get_entry_by_name_u()
fs: afs: Fix a possible null-pointer dereference in afs_put_read()
afs: Only update d_fsdata if different in afs_d_revalidate()
nvmet-loop: Flush nvme_delete_wq when removing the port
nvme: fix a possible deadlock when passthru commands sent to a multipath device
nvme-pci: Fix async probe remove race
soundwire: cadence_master: fix register definition for SLAVE_STATE
soundwire: cadence_master: fix definitions for INTSTAT0/1
auxdisplay: panel: need to delete scan_timer when misc_register fails in panel_attach
dmaengine: stm32-mdma: Fix a possible null-pointer dereference in stm32_mdma_irq_handler()
omap-dma/omap_vout_vrfb: fix off-by-one fi value
iommu/dma: Handle SG length overflow better
usb: gadget: composite: Clear "suspended" on reset/disconnect
usb: gadget: mass_storage: Fix races between fsg_disable and fsg_set_alt
xen/blkback: fix memory leaks
arm64: cpufeature: Don't treat granule sizes as strict
i2c: rcar: avoid race when unregistering slave client
i2c: emev2: avoid race when unregistering slave client
drm/ast: Fixed reboot test may cause system hanged
usb: host: fotg2: restart hcd after port reset
tools: hv: fixed Python pep8/flake8 warnings for lsvmbus
tools: hv: fix KVP and VSS daemons exit code
drm/i915: fix broadwell EU computation
watchdog: bcm2835_wdt: Fix module autoload
drm/bridge: tfp410: fix memleak in get_modes()
scsi: ufs: Fix RX_TERMINATION_FORCE_ENABLE define value
drm/tilcdc: Register cpufreq notifier after we have initialized crtc
net/tls: Fixed return value when tls_complete_pending_work() fails
net/tls: swap sk_write_space on close
net: tls, fix sk_write_space NULL write when tx disabled
ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set
ipv6: Default fib6_type to RTN_UNICAST when not set
net/smc: make sure EPOLLOUT is raised
tcp: make sure EPOLLOUT wont be missed
ipv4/icmp: fix rt dst dev null pointer dereference
mm/zsmalloc.c: fix build when CONFIG_COMPACTION=n
ALSA: usb-audio: Check mixer unit bitmap yet more strictly
ALSA: line6: Fix memory leak at line6_init_pcm() error path
ALSA: hda - Fixes inverted Conexant GPIO mic mute led
ALSA: seq: Fix potential concurrent access to the deleted pool
ALSA: usb-audio: Fix invalid NULL check in snd_emuusb_set_samplerate()
ALSA: usb-audio: Add implicit fb quirk for Behringer UFX1604
kvm: x86: skip populating logical dest map if apic is not sw enabled
KVM: x86: Don't update RIP or do single-step on faulting emulation
uprobes/x86: Fix detection of 32-bit user mode
x86/apic: Do not initialize LDR and DFR for bigsmp
x86/apic: Include the LDR when clearing out APIC registers
ftrace: Fix NULL pointer dereference in t_probe_next()
ftrace: Check for successful allocation of hash
ftrace: Check for empty hash and comment the race with registering probes
usb-storage: Add new JMS567 revision to unusual_devs
USB: cdc-wdm: fix race between write and disconnect due to flag abuse
usb: hcd: use managed device resources
usb: chipidea: udc: don't do hardware access if gadget has stopped
usb: host: ohci: fix a race condition between shutdown and irq
usb: host: xhci: rcar: Fix typo in compatible string matching
USB: storage: ums-realtek: Update module parameter description for auto_delink_en
USB: storage: ums-realtek: Whitelist auto-delink support
mei: me: add Tiger Lake point LP device ID
mmc: sdhci-of-at91: add quirk for broken HS200
mmc: core: Fix init of SD cards reporting an invalid VDD range
stm class: Fix a double free of stm_source_device
intel_th: pci: Add support for another Lewisburg PCH
intel_th: pci: Add Tiger Lake support
typec: tcpm: fix a typo in the comparison of pdo_max_voltage
fsi: scom: Don't abort operations for minor errors
lib: logic_pio: Fix RCU usage
lib: logic_pio: Avoid possible overlap for unregistering regions
lib: logic_pio: Add logic_pio_unregister_range()
drm/amdgpu: Add APTX quirk for Dell Latitude 5495
drm/i915: Don't deballoon unused ggtt drm_mm_node in linux guest
drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe()
bus: hisi_lpc: Unregister logical PIO range to avoid potential use-after-free
bus: hisi_lpc: Add .remove method to avoid driver unbind crash
VMCI: Release resource if the work is already queued
crypto: ccp - Ignore unconfigured CCP device on suspend/resume
Revert "cfg80211: fix processing world regdomain when non modular"
mac80211: fix possible sta leak
mac80211: Don't memset RXCB prior to PAE intercept
mac80211: Correctly set noencrypt for PAE frames
KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling
KVM: arm/arm64: vgic: Fix potential deadlock when ap_list is long
KVM: arm/arm64: vgic-v2: Handle SGI bits in GICD_I{S,C}PENDR0 as WI
NFS: Clean up list moves of struct nfs_page
NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()
NFS: Pass error information to the pgio error cleanup routine
NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0
i2c: piix4: Fix port selection for AMD Family 16h Model 30h
x86/ptrace: fix up botched merge of spectrev1 fix
mt76: mt76x0u: do not reset radio on resume
Revert "ASoC: Fail card instantiation if DAI format setup fails"
Linux 4.19.70
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I35ff8a403a05a8c66d87cb4b542997e63c422288
commit b884e2de2a upstream.
Add a function to unregister a logical PIO range.
Logical PIO space can still be leaked when unregistering certain
LOGIC_PIO_CPU_MMIO regions, but this acceptable for now since there are no
callers to unregister LOGIC_PIO_CPU_MMIO regions, and the logical PIO
region allocation scheme would need significant work to improve this.
Cc: stable@vger.kernel.org
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Wei Xu <xuwei5@hisilicon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 0a27142bd1 upstream.
The code was originally written to not support unregistering logical PIO
regions.
To accommodate supporting unregistering logical PIO regions, subtly modify
LOGIC_PIO_CPU_MMIO region registration code, such that the "end" of the
registered regions is the "end" of the last region, and not the sum of
the sizes of all the registered regions.
Cc: stable@vger.kernel.org
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Wei Xu <xuwei5@hisilicon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
commit 06709e81c6 upstream.
The traversing of io_range_list with list_for_each_entry_rcu()
is not properly protected by rcu_read_lock() and rcu_read_unlock(),
so add them.
These functions mark the critical section scope where the list is
protected for the reader, it cannot be "reclaimed". Any updater - in
this case, the logical PIO registration functions - cannot update the
list until the reader exits this critical section.
In addition, the list traversing used in logic_pio_register_range()
does not need to use the rcu variant.
This is because we are already using io_range_mutex to guarantee mutual
exclusion from mutating the list.
Cc: stable@vger.kernel.org
Fixes: 031e360186 ("lib: Add generic PIO mapping method")
Signed-off-by: John Garry <john.garry@huawei.com>
Signed-off-by: Wei Xu <xuwei5@hisilicon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Upstream commit 733d1d1a77 ("lib/test_meminit.c: use GFP_ATOMIC in RCU
critical section").
kmalloc() shouldn't sleep while in RCU critical section, therefore use
GFP_ATOMIC instead of GFP_KERNEL.
The bug was spotted by the 0day kernel testing robot.
Link: http://lkml.kernel.org/r/20190725121703.210874-1-glider@google.com
Fixes: 7e659650cbda ("lib: introduce test_meminit module")
Signed-off-by: Alexander Potapenko <glider@google.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Reported-by: kernel test robot <lkp@intel.com>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I0cc435a0a5478e590180f720e3548d6e27789a1e
Bug: 138435492
Test: Boot cuttlefish with and without
Test: CONFIG_INIT_ON_ALLOC_DEFAULT_ON/CONFIG_INIT_ON_FREE_DEFAULT_ON
Signed-off-by: Alexander Potapenko <glider@google.com>
Upstream commit 4ab7ace465 ("lib/test_meminit.c: minor test fixes").
Fix the following issues in test_meminit.c:
- |size| in fill_with_garbage_skip() should be signed so that it
doesn't overflow if it's not aligned on sizeof(*p);
- fill_with_garbage_skip() should actually skip |skip| bytes;
- do_kmem_cache_size() should deallocate memory in the RCU case.
Link: http://lkml.kernel.org/r/20190626133135.217355-1-glider@google.com
Fixes: 7e659650cbda ("lib: introduce test_meminit module")
Fixes: 94e8988d91c7 ("lib/test_meminit.c: fix -Wmaybe-uninitialized false positive")
Signed-off-by: Alexander Potapenko <glider@google.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: Icb31f93f509a25e1fc8d05286a5ba56e720d6b03
Bug: 138435492
Test: Boot cuttlefish with and without
Test: CONFIG_INIT_ON_ALLOC_DEFAULT_ON/CONFIG_INIT_ON_FREE_DEFAULT_ON
Signed-off-by: Alexander Potapenko <glider@google.com>
Upstream commit d3a811617a ("lib/test_meminit.c: fix
-Wmaybe-uninitialized false positive").
The conditional logic is too complicated for the compiler to fully
comprehend:
lib/test_meminit.c: In function 'test_meminit_init':
lib/test_meminit.c:236:5: error: 'buf_copy' may be used uninitialized in this function [-Werror=maybe-uninitialized]
kfree(buf_copy);
^~~~~~~~~~~~~~~
lib/test_meminit.c:201:14: note: 'buf_copy' was declared here
Simplify it by splitting out the non-rcu section.
Link: http://lkml.kernel.org/r/20190617131210.2190280-1-arnd@arndb.de
Fixes: af734ee6ec85 ("lib: introduce test_meminit module")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Alexander Potapenko <glider@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I810a4b8f115f387c8ffe30937ac1225849520132
Bug: 138435492
Test: Boot cuttlefish with and without
Test: CONFIG_INIT_ON_ALLOC_DEFAULT_ON/CONFIG_INIT_ON_FREE_DEFAULT_ON
Signed-off-by: Alexander Potapenko <glider@google.com>
Upstream commit 5015a300a5 ("lib: introduce test_meminit module").
Add tests for heap and pagealloc initialization. These can be used to
check init_on_alloc and init_on_free implementations as well as other
approaches to initialization.
Expected test output in the case the kernel provides heap initialization
(e.g. when running with either init_on_alloc=1 or init_on_free=1):
test_meminit: all 10 tests in test_pages passed
test_meminit: all 40 tests in test_kvmalloc passed
test_meminit: all 60 tests in test_kmemcache passed
test_meminit: all 10 tests in test_rcu_persistent passed
test_meminit: all 120 tests passed!
Link: http://lkml.kernel.org/r/20190529123812.43089-4-glider@google.com
Signed-off-by: Alexander Potapenko <glider@google.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Christoph Lameter <cl@linux.com>
Cc: Nick Desaulniers <ndesaulniers@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Sandeep Patil <sspatil@android.com>
Cc: Laura Abbott <labbott@redhat.com>
Cc: Jann Horn <jannh@google.com>
Cc: Marco Elver <elver@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Change-Id: I815efdc79304ae1ad6ef60277ac5b88a4c41d479
Bug: 138435492
Test: Boot cuttlefish with and without
Test: CONFIG_INIT_ON_ALLOC_DEFAULT_ON/CONFIG_INIT_ON_FREE_DEFAULT_ON
Signed-off-by: Alexander Potapenko <glider@google.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1WZYYACgkQONu9yGCS
aT5VjRAApdD6wuKcKhZ8j010Ni18w6W+3qs6IuIXv94eav0zFSRaO9Zp93lZq2p0
h+k+ssZ+P8a4EuDquzDydlagno9hojHFAYr+9loPZlZUw578Jzg9JbJK9Z1MyQCo
BCRElzZG67E+WjLP0wGHnS0oVhIoHlJaVWP3pEYkTJILY65ErLT/fYGs64YUAEKr
Ct1pKoIHPEC0606IKx12kmV645ME4z6pI7g4kLDhk2BozglbxGlwdHgVuIe/NzDP
PraR1gqMoOD2skjK673ozsZ65yuiVeqSTsbs49Xao1lAS6etUMbC/ACU/yrhL48H
mMM/EFTSKb5TjJSxQAXU1ANQrm4X6n1yPkNW/MdthnPAotDY3Nda4NNVE9X2toM7
XW0HfFdcVD7aJtpC/h6ckndGTaOGkHSPjhJtSlBEjF76BA+KhZ9hhcjNWng92bWL
d5Nws4b82wvgM6T99mkZfbMc2MOopPMf+I94W0JcMa49+rXhyhJdrC72GpxKLdSq
+XtZJupFWg0RrPlZfmc4Az8f/uY0UfR9gNSaHJokaZAkMzH2x4MzMnPxwRiXAw4W
qz1s+sgZlqUQcWvODzaNvG1l7QtjD5rbdJ+FAjN2+16F8rep52Yl/IQffYr04DDD
wikYmcUoMh8hCoj6Atj2LAAU9ulhl6ja8s0YpmHz/HQETufHAZc=
=gOG+
-----END PGP SIGNATURE-----
Merge 4.19.67 into android-4.19
Changes in 4.19.67
iio: cros_ec_accel_legacy: Fix incorrect channel setting
iio: adc: max9611: Fix misuse of GENMASK macro
staging: gasket: apex: fix copy-paste typo
staging: android: ion: Bail out upon SIGKILL when allocating memory.
crypto: ccp - Fix oops by properly managing allocated structures
crypto: ccp - Add support for valid authsize values less than 16
crypto: ccp - Ignore tag length when decrypting GCM ciphertext
usb: usbfs: fix double-free of usb memory upon submiturb error
usb: iowarrior: fix deadlock on disconnect
sound: fix a memory leak bug
mmc: cavium: Set the correct dma max segment size for mmc_host
mmc: cavium: Add the missing dma unmap when the dma has finished.
loop: set PF_MEMALLOC_NOIO for the worker thread
Input: usbtouchscreen - initialize PM mutex before using it
Input: elantech - enable SMBus on new (2018+) systems
Input: synaptics - enable RMI mode for HP Spectre X360
x86/mm: Check for pfn instead of page in vmalloc_sync_one()
x86/mm: Sync also unmappings in vmalloc_sync_all()
mm/vmalloc: Sync unmappings in __purge_vmap_area_lazy()
perf annotate: Fix s390 gap between kernel end and module start
perf db-export: Fix thread__exec_comm()
perf record: Fix module size on s390
x86/purgatory: Use CFLAGS_REMOVE rather than reset KBUILD_CFLAGS
gfs2: gfs2_walk_metadata fix
usb: host: xhci-rcar: Fix timeout in xhci_suspend()
usb: yurex: Fix use-after-free in yurex_delete
usb: typec: tcpm: free log buf memory when remove debug file
usb: typec: tcpm: remove tcpm dir if no children
usb: typec: tcpm: Add NULL check before dereferencing config
usb: typec: tcpm: Ignore unsupported/unknown alternate mode requests
can: rcar_canfd: fix possible IRQ storm on high load
can: peak_usb: fix potential double kfree_skb()
netfilter: nfnetlink: avoid deadlock due to synchronous request_module
vfio-ccw: Set pa_nr to 0 if memory allocation fails for pa_iova_pfn
netfilter: Fix rpfilter dropping vrf packets by mistake
netfilter: conntrack: always store window size un-scaled
netfilter: nft_hash: fix symhash with modulus one
scripts/sphinx-pre-install: fix script for RHEL/CentOS
drm/amd/display: Wait for backlight programming completion in set backlight level
drm/amd/display: use encoder's engine id to find matched free audio device
drm/amd/display: Fix dc_create failure handling and 666 color depths
drm/amd/display: Only enable audio if speaker allocation exists
drm/amd/display: Increase size of audios array
iscsi_ibft: make ISCSI_IBFT dependson ACPI instead of ISCSI_IBFT_FIND
nl80211: fix NL80211_HE_MAX_CAPABILITY_LEN
mac80211: don't warn about CW params when not using them
allocate_flower_entry: should check for null deref
hwmon: (nct6775) Fix register address and added missed tolerance for nct6106
drm: silence variable 'conn' set but not used
cpufreq/pasemi: fix use-after-free in pas_cpufreq_cpu_init()
s390/qdio: add sanity checks to the fast-requeue path
ALSA: compress: Fix regression on compressed capture streams
ALSA: compress: Prevent bypasses of set_params
ALSA: compress: Don't allow paritial drain operations on capture streams
ALSA: compress: Be more restrictive about when a drain is allowed
perf tools: Fix proper buffer size for feature processing
perf probe: Avoid calling freeing routine multiple times for same pointer
drbd: dynamically allocate shash descriptor
ACPI/IORT: Fix off-by-one check in iort_dev_find_its_id()
nvme: fix multipath crash when ANA is deactivated
ARM: davinci: fix sleep.S build error on ARMv4
ARM: dts: bcm: bcm47094: add missing #cells for mdio-bus-mux
scsi: megaraid_sas: fix panic on loading firmware crashdump
scsi: ibmvfc: fix WARN_ON during event pool release
scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG
test_firmware: fix a memory leak bug
tty/ldsem, locking/rwsem: Add missing ACQUIRE to read_failed sleep loop
perf/core: Fix creating kernel counters for PMUs that override event->cpu
s390/dma: provide proper ARCH_ZONE_DMA_BITS value
HID: sony: Fix race condition between rumble and device remove.
x86/purgatory: Do not use __builtin_memcpy and __builtin_memset
ALSA: usb-audio: fix a memory leak bug
can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
hwmon: (nct7802) Fix wrong detection of in4 presence
drm/i915: Fix wrong escape clock divisor init for GLK
ALSA: firewire: fix a memory leak bug
ALSA: hiface: fix multiple memory leak bugs
ALSA: hda - Don't override global PCM hw info flag
ALSA: hda - Workaround for crackled sound on AMD controller (1022:1457)
mac80211: don't WARN on short WMM parameters from AP
dax: dax_layout_busy_page() should not unmap cow pages
SMB3: Fix deadlock in validate negotiate hits reconnect
smb3: send CAP_DFS capability during session setup
NFSv4: Fix an Oops in nfs4_do_setattr
KVM: Fix leak vCPU's VMCS value into other pCPU
mwifiex: fix 802.11n/WPA detection
iwlwifi: don't unmap as page memory that was mapped as single
iwlwifi: mvm: fix an out-of-bound access
iwlwifi: mvm: don't send GEO_TX_POWER_LIMIT on version < 41
iwlwifi: mvm: fix version check for GEO_TX_POWER_LIMIT support
Linux 4.19.67
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I5ea813ed5ba6d1eeda51eb4031395ee3e8ba54c3
[ Upstream commit d4fddac5a5 ]
In test_firmware_init(), the buffer pointed to by the global pointer
'test_fw_config' is allocated through kzalloc(). Then, the buffer is
initialized in __test_firmware_config_init(). In the case that the
initialization fails, the following execution in test_firmware_init() needs
to be terminated with an error code returned to indicate this failure.
However, the allocated buffer is not freed on this execution path, leading
to a memory leak bug.
To fix the above issue, free the allocated buffer before returning from
test_firmware_init().
Signed-off-by: Wenwen Wang <wenwen@cs.uga.edu>
Link: https://lore.kernel.org/r/1563084696-6865-1-git-send-email-wang6495@umn.edu
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1Js7MACgkQONu9yGCS
aT4PQxAAo7xa4kYvDxc1RjUY/yIlp6lQ3rpYAAfZB0t8vN+dqivnJZ7m6JHeWX1Y
CMcxg85zxLVFeuiXdP821Zj68AB5zqlWMhX0bXm2lhw/Eo9+XHzXtnrLZHhz0/Xd
M5cmfIPmoyPCUQQfzSfUMvch+ZpwzEt5op5pUfSjckSpjHQZ0HFj1WJ4D8Hn9jAJ
y4+DAKDZgtqhb3GvpS6MoVnBJgcPk9+mBiDkSb12L392+FvHqfeBi3tDRhvyiZAO
iJrk747SPds7NlNmuRnj7YyUSDhBzaceRCz0Jsv9FT5EKXoPErXdsL3Bkfa9TREM
pH0OaMgNr6WSXLO9qIMcfxMeaKVIvIbotqBTkBTzhEAGPkHA75dhi0lpixXXFExg
MaqhLfmHO0dOEr9FrvYGe7f2wUA1Rdw/qRTM3KPEKmHxMqBS7eufIWMHwie1n9Oe
cYoP6UkxUIvhUyFV2BlMRFdMfaDbtR0iqy8Dqh36NISD6PAYaUGSoVeSO1fEg4Jy
5GgrKPg6rcz2XNY2cVbsm2zLpqY4dY58SFK9ORfuULdKUQvScvFGrdSSW0CgX+uc
F/5NmPutUoboHVxFraDPx7yo46pHf1RW0Me4xZ0aJ3e9ituLAN4fmJ9u46nofb5M
thPelQlMVt30O41uViJ0ADkOjCsiBr3AxOFvc76Ct9Q/BJVxhLk=
=JVBv
-----END PGP SIGNATURE-----
Merge 4.19.65 into android-4.19
Changes in 4.19.65
ARM: riscpc: fix DMA
ARM: dts: rockchip: Make rk3288-veyron-minnie run at hs200
ARM: dts: rockchip: Make rk3288-veyron-mickey's emmc work again
ARM: dts: rockchip: Mark that the rk3288 timer might stop in suspend
ftrace: Enable trampoline when rec count returns back to one
dmaengine: tegra-apb: Error out if DMA_PREP_INTERRUPT flag is unset
arm64: dts: rockchip: fix isp iommu clocks and power domain
kernel/module.c: Only return -EEXIST for modules that have finished loading
firmware/psci: psci_checker: Park kthreads before stopping them
MIPS: lantiq: Fix bitfield masking
dmaengine: rcar-dmac: Reject zero-length slave DMA requests
clk: tegra210: fix PLLU and PLLU_OUT1
fs/adfs: super: fix use-after-free bug
clk: sprd: Add check for return value of sprd_clk_regmap_init()
btrfs: fix minimum number of chunk errors for DUP
btrfs: qgroup: Don't hold qgroup_ioctl_lock in btrfs_qgroup_inherit()
cifs: Fix a race condition with cifs_echo_request
ceph: fix improper use of smp_mb__before_atomic()
ceph: return -ERANGE if virtual xattr value didn't fit in buffer
ACPI: blacklist: fix clang warning for unused DMI table
scsi: zfcp: fix GCC compiler warning emitted with -Wmaybe-uninitialized
perf version: Fix segfault due to missing OPT_END()
x86: kvm: avoid constant-conversion warning
ACPI: fix false-positive -Wuninitialized warning
be2net: Signal that the device cannot transmit during reconfiguration
x86/apic: Silence -Wtype-limits compiler warnings
x86: math-emu: Hide clang warnings for 16-bit overflow
mm/cma.c: fail if fixed declaration can't be honored
lib/test_overflow.c: avoid tainting the kernel and fix wrap size
lib/test_string.c: avoid masking memset16/32/64 failures
coda: add error handling for fget
coda: fix build using bare-metal toolchain
uapi linux/coda_psdev.h: move upc_req definition from uapi to kernel side headers
drivers/rapidio/devices/rio_mport_cdev.c: NUL terminate some strings
ipc/mqueue.c: only perform resource calculation if user valid
mlxsw: spectrum_dcb: Configure DSCP map as the last rule is removed
xen/pv: Fix a boot up hang revealed by int3 self test
x86/kvm: Don't call kvm_spurious_fault() from .fixup
x86/paravirt: Fix callee-saved function ELF sizes
x86, boot: Remove multiple copy of static function sanitize_boot_params()
drm/nouveau: fix memory leak in nouveau_conn_reset()
kconfig: Clear "written" flag to avoid data loss
kbuild: initialize CLANG_FLAGS correctly in the top Makefile
Btrfs: fix incremental send failure after deduplication
Btrfs: fix race leading to fs corruption after transaction abort
mmc: dw_mmc: Fix occasional hang after tuning on eMMC
mmc: meson-mx-sdio: Fix misuse of GENMASK macro
gpiolib: fix incorrect IRQ requesting of an active-low lineevent
IB/hfi1: Fix Spectre v1 vulnerability
mtd: rawnand: micron: handle on-die "ECC-off" devices correctly
selinux: fix memory leak in policydb_init()
ALSA: hda: Fix 1-minute detection delay when i915 module is not available
mm: vmscan: check if mem cgroup is disabled or not before calling memcg slab shrinker
s390/dasd: fix endless loop after read unit address configuration
cgroup: kselftest: relax fs_spec checks
parisc: Fix build of compressed kernel even with debug enabled
drivers/perf: arm_pmu: Fix failure path in PM notifier
arm64: compat: Allow single-byte watchpoints on all addresses
arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG}
nbd: replace kill_bdev() with __invalidate_device() again
xen/swiotlb: fix condition for calling xen_destroy_contiguous_region()
IB/mlx5: Fix unreg_umr to ignore the mkey state
IB/mlx5: Use direct mkey destroy command upon UMR unreg failure
IB/mlx5: Move MRs to a kernel PD when freeing them to the MR cache
IB/mlx5: Fix clean_mr() to work in the expected order
IB/mlx5: Fix RSS Toeplitz setup to be aligned with the HW specification
IB/hfi1: Check for error on call to alloc_rsm_map_table
drm/i915/gvt: fix incorrect cache entry for guest page mapping
eeprom: at24: make spd world-readable again
ARC: enable uboot support unconditionally
objtool: Support GCC 9 cold subfunction naming scheme
gcc-9: properly declare the {pv,hv}clock_page storage
x86/vdso: Prevent segfaults due to hoisted vclock reads
scsi: mpt3sas: Use 63-bit DMA addressing on SAS35 HBA
x86/cpufeatures: Carve out CQM features retrieval
x86/cpufeatures: Combine word 11 and 12 into a new scattered features word
x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
x86/speculation: Enable Spectre v1 swapgs mitigations
x86/entry/64: Use JMP instead of JMPQ
x86/speculation/swapgs: Exclude ATOMs from speculation through SWAPGS
Documentation: Add swapgs description to the Spectre v1 documentation
Linux 4.19.65
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Iceeabdb164657e0a616db618e6aa8445d56b0dc1
[ Upstream commit 33d6e0ff68 ]
If a memsetXX implementation is completely broken and fails in the first
iteration, when i, j, and k are all zero, the failure is masked as zero
is returned. Failing in the first iteration is perhaps the most likely
failure, so this makes the tests pretty much useless. Avoid the
situation by always setting a random unused bit in the result on
failure.
Link: http://lkml.kernel.org/r/20190506124634.6807-3-peda@axentia.se
Fixes: 03270c13c5 ("lib/string.c: add testcases for memset16/32/64")
Signed-off-by: Peter Rosin <peda@axentia.se>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 8e060c21ae ]
This adds __GFP_NOWARN to the kmalloc()-portions of the overflow test to
avoid tainting the kernel. Additionally fixes up the math on wrap size
to be architecture and page size agnostic.
Link: http://lkml.kernel.org/r/201905282012.0A8767E24@keescook
Fixes: ca90800a91 ("test_overflow: Add memory allocation overflow tests")
Signed-off-by: Kees Cook <keescook@chromium.org>
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Suggested-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Joe Perches <joe@perches.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl06qFcACgkQONu9yGCS
aT6O9A/+JZqoVYnItpOnT8Hu//0mYEKvREWqsoTJNpZJhLWtGjPTT9ospHNpVgfC
GUkFqngWzXHpzCgTYHUV3Mm+SIiVXCM3nkCU1+2YOsPzrKo/lJSfFt3wOYGpKO5V
qratAQLra5TqR0teR00aQblqKqfmrux05uL9dNcVIwve813m00jFALcpjrXnanpP
tx5cqCo3uHOou5XLraHx/CMPnfJI/mLegBUTM4DxAmN2vG4gQck2gnrU7s1eg4cy
1Fqh0Oo2Ycj5p9yoGss02JqR3wGZHOEmF55j2JcTZAPvW6/c55iPd52Trn8kPOHB
Awq/VwJmP4p10a4TWoZpv7VqpL3PzO8/AW7QWOER8QnDzfOTHGae7YT8LVp5Xqj5
1NqowuP/Tm0yaZSaDLqkdvhVqTi0oGL8OCYLErpeR9PQ3P+p3paaswopsPqnXURj
Q4Pahe1vm9WG2NpKh2bHVmmVkQmvwuxxxnaa31HI/IyLd5bYFV1/LbEa/XrSK36W
VJtO+0AjERO9uTVP/YDloDkQ4R3+3W+m520jYsgf1OwY7v/Kc6iLb7cDwci/ZWMy
YSMm8hrO0nzuT0SI25TKLDvxjGbANKvxytzOQMOTb8NsIWwaoEKWh+4r9XkdUXNa
+dx72I5J2Be+3hk+eaDNzCdEae5pgVTxBpwJbzI4RfnK1Doa4uE=
=hJdd
-----END PGP SIGNATURE-----
Merge 4.19.61 into android-4.19
Changes in 4.19.61
MIPS: ath79: fix ar933x uart parity mode
MIPS: fix build on non-linux hosts
arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported
dmaengine: imx-sdma: fix use-after-free on probe error path
wil6210: fix potential out-of-bounds read
ath10k: Do not send probe response template for mesh
ath9k: Check for errors when reading SREV register
ath6kl: add some bounds checking
ath10k: add peer id check in ath10k_peer_find_by_id
wil6210: fix spurious interrupts in 3-msi
ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
regmap: debugfs: Fix memory leak in regmap_debugfs_init
batman-adv: fix for leaked TVLV handler.
media: dvb: usb: fix use after free in dvb_usb_device_exit
media: spi: IR LED: add missing of table registration
crypto: talitos - fix skcipher failure due to wrong output IV
media: ov7740: avoid invalid framesize setting
media: marvell-ccic: fix DMA s/g desc number calculation
media: vpss: fix a potential NULL pointer dereference
media: media_device_enum_links32: clean a reserved field
net: stmmac: dwmac1000: Clear unused address entries
net: stmmac: dwmac4/5: Clear unused address entries
qed: Set the doorbell address correctly
signal/pid_namespace: Fix reboot_pid_ns to use send_sig not force_sig
af_key: fix leaks in key_pol_get_resp and dump_sp.
xfrm: Fix xfrm sel prefix length validation
fscrypt: clean up some BUG_ON()s in block encryption/decryption
perf annotate TUI browser: Do not use member from variable within its own initialization
media: mc-device.c: don't memset __user pointer contents
media: saa7164: fix remove_proc_entry warning
media: staging: media: davinci_vpfe: - Fix for memory leak if decoder initialization fails.
net: phy: Check against net_device being NULL
crypto: talitos - properly handle split ICV.
crypto: talitos - Align SEC1 accesses to 32 bits boundaries.
tua6100: Avoid build warnings.
batman-adv: Fix duplicated OGMs on NETDEV_UP
locking/lockdep: Fix merging of hlocks with non-zero references
media: wl128x: Fix some error handling in fm_v4l2_init_video_device()
net: hns3: set ops to null when unregister ad_dev
cpupower : frequency-set -r option misses the last cpu in related cpu list
arm64: mm: make CONFIG_ZONE_DMA32 configurable
perf jvmti: Address gcc string overflow warning for strncpy()
net: stmmac: dwmac4: fix flow control issue
net: stmmac: modify default value of tx-frames
crypto: inside-secure - do not rely on the hardware last bit for result descriptors
net: fec: Do not use netdev messages too early
net: axienet: Fix race condition causing TX hang
s390/qdio: handle PENDING state for QEBSM devices
RAS/CEC: Fix pfn insertion
net: sfp: add mutex to prevent concurrent state checks
ipset: Fix memory accounting for hash types on resize
perf cs-etm: Properly set the value of 'old' and 'head' in snapshot mode
perf test 6: Fix missing kvm module load for s390
perf report: Fix OOM error in TUI mode on s390
irqchip/meson-gpio: Add support for Meson-G12A SoC
media: uvcvideo: Fix access to uninitialized fields on probe error
media: fdp1: Support M3N and E3 platforms
iommu: Fix a leak in iommu_insert_resv_region
gpio: omap: fix lack of irqstatus_raw0 for OMAP4
gpio: omap: ensure irq is enabled before wakeup
regmap: fix bulk writes on paged registers
bpf: silence warning messages in core
media: s5p-mfc: fix reading min scratch buffer size on MFC v6/v7
selinux: fix empty write to keycreate file
x86/cpu: Add Ice Lake NNPI to Intel family
ASoC: meson: axg-tdm: fix sample clock inversion
rcu: Force inlining of rcu_read_lock()
x86/cpufeatures: Add FDP_EXCPTN_ONLY and ZERO_FCS_FDS
qed: iWARP - Fix tc for MPA ll2 connection
net: hns3: fix for skb leak when doing selftest
block: null_blk: fix race condition for null_del_dev
blkcg, writeback: dead memcgs shouldn't contribute to writeback ownership arbitration
xfrm: fix sa selector validation
sched/core: Add __sched tag for io_schedule()
sched/fair: Fix "runnable_avg_yN_inv" not used warnings
perf/x86/intel/uncore: Handle invalid event coding for free-running counter
x86/atomic: Fix smp_mb__{before,after}_atomic()
perf evsel: Make perf_evsel__name() accept a NULL argument
vhost_net: disable zerocopy by default
ipoib: correcly show a VF hardware address
x86/cacheinfo: Fix a -Wtype-limits warning
blk-iolatency: only account submitted bios
ACPICA: Clear status of GPEs on first direct enable
EDAC/sysfs: Fix memory leak when creating a csrow object
nvme: fix possible io failures when removing multipathed ns
nvme-pci: properly report state change failure in nvme_reset_work
nvme-pci: set the errno on ctrl state change error
lightnvm: pblk: fix freeing of merged pages
arm64: Do not enable IRQs for ct_user_exit
ipsec: select crypto ciphers for xfrm_algo
ipvs: defer hook registration to avoid leaks
media: s5p-mfc: Make additional clocks optional
media: i2c: fix warning same module names
ntp: Limit TAI-UTC offset
timer_list: Guard procfs specific code
acpi/arm64: ignore 5.1 FADTs that are reported as 5.0
media: coda: fix mpeg2 sequence number handling
media: coda: fix last buffer handling in V4L2_ENC_CMD_STOP
media: coda: increment sequence offset for the last returned frame
media: vimc: cap: check v4l2_fill_pixfmt return value
media: hdpvr: fix locking and a missing msleep
net: stmmac: sun8i: force select external PHY when no internal one
rtlwifi: rtl8192cu: fix error handle when usb probe failed
mt7601u: do not schedule rx_tasklet when the device has been disconnected
x86/build: Add 'set -e' to mkcapflags.sh to delete broken capflags.c
mt7601u: fix possible memory leak when the device is disconnected
ipvs: fix tinfo memory leak in start_sync_thread
ath10k: add missing error handling
ath10k: fix PCIE device wake up failed
perf tools: Increase MAX_NR_CPUS and MAX_CACHES
ASoC: Intel: hdac_hdmi: Set ops to NULL on remove
libata: don't request sense data on !ZAC ATA devices
clocksource/drivers/exynos_mct: Increase priority over ARM arch timer
xsk: Properly terminate assignment in xskq_produce_flush_desc
rslib: Fix decoding of shortened codes
rslib: Fix handling of of caller provided syndrome
ixgbe: Check DDM existence in transceiver before access
crypto: serpent - mark __serpent_setkey_sbox noinline
crypto: asymmetric_keys - select CRYPTO_HASH where needed
wil6210: drop old event after wmi_call timeout
EDAC: Fix global-out-of-bounds write when setting edac_mc_poll_msec
bcache: check CACHE_SET_IO_DISABLE in allocator code
bcache: check CACHE_SET_IO_DISABLE bit in bch_journal()
bcache: acquire bch_register_lock later in cached_dev_free()
bcache: check c->gc_thread by IS_ERR_OR_NULL in cache_set_flush()
bcache: fix potential deadlock in cached_def_free()
net: hns3: fix a -Wformat-nonliteral compile warning
net: hns3: add some error checking in hclge_tm module
ath10k: destroy sdio workqueue while remove sdio module
net: mvpp2: prs: Don't override the sign bit in SRAM parser shift
igb: clear out skb->tstamp after reading the txtime
iwlwifi: mvm: Drop large non sta frames
bpf: fix uapi bpf_prog_info fields alignment
perf stat: Make metric event lookup more robust
perf stat: Fix group lookup for metric group
bnx2x: Prevent ptp_task to be rescheduled indefinitely
net: usb: asix: init MAC address buffers
rxrpc: Fix oops in tracepoint
bpf, libbpf, smatch: Fix potential NULL pointer dereference
selftests: bpf: fix inlines in test_lwt_seg6local
bonding: validate ip header before check IPPROTO_IGMP
gpiolib: Fix references to gpiod_[gs]et_*value_cansleep() variants
tools: bpftool: Fix json dump crash on powerpc
Bluetooth: hci_bcsp: Fix memory leak in rx_skb
Bluetooth: Add new 13d3:3491 QCA_ROME device
Bluetooth: Add new 13d3:3501 QCA_ROME device
Bluetooth: 6lowpan: search for destination address in all peers
perf tests: Fix record+probe_libc_inet_pton.sh for powerpc64
Bluetooth: Check state in l2cap_disconnect_rsp
gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
Bluetooth: validate BLE connection interval updates
gtp: fix suspicious RCU usage
gtp: fix Illegal context switch in RCU read-side critical section.
gtp: fix use-after-free in gtp_encap_destroy()
gtp: fix use-after-free in gtp_newlink()
net: mvmdio: defer probe of orion-mdio if a clock is not ready
iavf: fix dereference of null rx_buffer pointer
floppy: fix div-by-zero in setup_format_params
floppy: fix out-of-bounds read in next_valid_format
floppy: fix invalid pointer dereference in drive_name
floppy: fix out-of-bounds read in copy_buffer
xen: let alloc_xenballooned_pages() fail if not enough memory free
scsi: NCR5380: Reduce goto statements in NCR5380_select()
scsi: NCR5380: Always re-enable reselection interrupt
Revert "scsi: ncr5380: Increase register polling limit"
scsi: core: Fix race on creating sense cache
scsi: megaraid_sas: Fix calculation of target ID
scsi: mac_scsi: Increase PIO/PDMA transfer length threshold
scsi: mac_scsi: Fix pseudo DMA implementation, take 2
crypto: ghash - fix unaligned memory access in ghash_setkey()
crypto: ccp - Validate the the error value used to index error messages
crypto: arm64/sha1-ce - correct digest for empty data in finup
crypto: arm64/sha2-ce - correct digest for empty data in finup
crypto: chacha20poly1305 - fix atomic sleep when using async algorithm
crypto: crypto4xx - fix AES CTR blocksize value
crypto: crypto4xx - fix blocksize for cfb and ofb
crypto: crypto4xx - block ciphers should only accept complete blocks
crypto: ccp - memset structure fields to zero before reuse
crypto: ccp/gcm - use const time tag comparison.
crypto: crypto4xx - fix a potential double free in ppc4xx_trng_probe
Revert "bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error()"
bcache: Revert "bcache: fix high CPU occupancy during journal"
bcache: Revert "bcache: free heap cache_set->flush_btree in bch_journal_free"
bcache: ignore read-ahead request failure on backing device
bcache: fix mistaken sysfs entry for io_error counter
bcache: destroy dc->writeback_write_wq if failed to create dc->writeback_thread
Input: gtco - bounds check collection indent level
Input: alps - don't handle ALPS cs19 trackpoint-only device
Input: synaptics - whitelist Lenovo T580 SMBus intertouch
Input: alps - fix a mismatch between a condition check and its comment
regulator: s2mps11: Fix buck7 and buck8 wrong voltages
arm64: tegra: Update Jetson TX1 GPU regulator timings
iwlwifi: pcie: don't service an interrupt that was masked
iwlwifi: pcie: fix ALIVE interrupt handling for gen2 devices w/o MSI-X
iwlwifi: don't WARN when calling iwl_get_shared_mem_conf with RF-Kill
iwlwifi: fix RF-Kill interrupt while FW load for gen2 devices
NFSv4: Handle the special Linux file open access mode
pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error
pNFS: Fix a typo in pnfs_update_layout
pnfs: Fix a problem where we gratuitously start doing I/O through the MDS
lib/scatterlist: Fix mapping iterator when sg->offset is greater than PAGE_SIZE
ASoC: dapm: Adapt for debugfs API change
raid5-cache: Need to do start() part job after adding journal device
ALSA: seq: Break too long mutex context in the write loop
ALSA: hda/realtek - Fixed Headphone Mic can't record on Dell platform
ALSA: hda/realtek: apply ALC891 headset fixup to one Dell machine
media: v4l2: Test type instead of cfg->type in v4l2_ctrl_new_custom()
media: coda: Remove unbalanced and unneeded mutex unlock
media: videobuf2-core: Prevent size alignment wrapping buffer size to 0
media: videobuf2-dma-sg: Prevent size from overflowing
KVM: x86/vPMU: refine kvm_pmu err msg when event creation failed
arm64: tegra: Fix AGIC register range
fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.
kconfig: fix missing choice values in auto.conf
drm/nouveau/i2c: Enable i2c pads & busses during preinit
padata: use smp_mb in padata_reorder to avoid orphaned padata jobs
dm zoned: fix zone state management race
xen/events: fix binding user event channels to cpus
9p/xen: Add cleanup path in p9_trans_xen_init
9p/virtio: Add cleanup path in p9_virtio_init
x86/boot: Fix memory leak in default_get_smp_config()
perf/x86/intel: Fix spurious NMI on fixed counter
perf/x86/amd/uncore: Do not set 'ThreadMask' and 'SliceMask' for non-L3 PMCs
perf/x86/amd/uncore: Set the thread mask for F17h L3 PMCs
drm/edid: parse CEA blocks embedded in DisplayID
intel_th: pci: Add Ice Lake NNPI support
PCI: hv: Fix a use-after-free bug in hv_eject_device_work()
PCI: Do not poll for PME if the device is in D3cold
PCI: qcom: Ensure that PERST is asserted for at least 100 ms
Btrfs: fix data loss after inode eviction, renaming it, and fsync it
Btrfs: fix fsync not persisting dentry deletions due to inode evictions
Btrfs: add missing inode version, ctime and mtime updates when punching hole
IB/mlx5: Report correctly tag matching rendezvous capability
HID: wacom: generic: only switch the mode on devices with LEDs
HID: wacom: generic: Correct pad syncing
HID: wacom: correct touch resolution x/y typo
libnvdimm/pfn: fix fsdax-mode namespace info-block zero-fields
coda: pass the host file in vma->vm_file on mmap
include/asm-generic/bug.h: fix "cut here" for WARN_ON for __WARN_TAINT architectures
xfs: fix pagecache truncation prior to reflink
xfs: flush removing page cache in xfs_reflink_remap_prep
xfs: don't overflow xattr listent buffer
xfs: rename m_inotbt_nores to m_finobt_nores
xfs: don't ever put nlink > 0 inodes on the unlinked list
xfs: reserve blocks for ifree transaction during log recovery
xfs: fix reporting supported extra file attributes for statx()
xfs: serialize unaligned dio writes against all other dio writes
xfs: abort unaligned nowait directio early
gpu: ipu-v3: ipu-ic: Fix saturation bit offset in TPMEM
crypto: caam - limit output IV to CBC to work around CTR mode DMA issue
parisc: Ensure userspace privilege for ptraced processes in regset functions
parisc: Fix kernel panic due invalid values in IAOQ0 or IAOQ1
powerpc/32s: fix suspend/resume when IBATs 4-7 are used
powerpc/watchpoint: Restore NV GPRs while returning from exception
powerpc/powernv/npu: Fix reference leak
powerpc/pseries: Fix oops in hotplug memory notifier
mmc: sdhci-msm: fix mutex while in spinlock
eCryptfs: fix a couple type promotion bugs
mtd: rawnand: mtk: Correct low level time calculation of r/w cycle
mtd: spinand: read returns badly if the last page has bitflips
intel_th: msu: Fix single mode with disabled IOMMU
Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug
usb: Handle USB3 remote wakeup for LPM enabled devices correctly
blk-throttle: fix zero wait time for iops throttled group
blk-iolatency: clear use_delay when io.latency is set to zero
blkcg: update blkcg_print_stat() to handle larger outputs
net: mvmdio: allow up to four clocks to be specified for orion-mdio
dt-bindings: allow up to four clocks for orion-mdio
dm bufio: fix deadlock with loop device
Linux 4.19.61
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I2f565111b1c16f369fa86e0481527fcc6357fe1b
commit aeb8724653 upstream.
All mapping iterator logic is based on the assumption that sg->offset
is always lower than PAGE_SIZE.
But there are situations where sg->offset is such that the SG item
is on the second page. In that case sg_copy_to_buffer() fails
properly copying the data into the buffer. One of the reason is
that the data will be outside the kmapped area used to access that
data.
This patch fixes the issue by adjusting the mapping iterator
offset and pgoffset fields such that offset is always lower than
PAGE_SIZE.
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Fixes: 4225fc8555 ("lib/scatterlist: use page iterator in the mapping iterator")
Cc: stable@vger.kernel.org
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit ef4d6a8556 ]
Check if the syndrome provided by the caller is zero, and act
accordingly.
Signed-off-by: Ferdinand Blomqvist <ferdinand.blomqvist@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190620141039.9874-6-ferdinand.blomqvist@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 2034a42d17 ]
The decoding of shortenend codes is broken. It only works as expected if
there are no erasures.
When decoding with erasures, Lambda (the error and erasure locator
polynomial) is initialized from the given erasure positions. The pad
parameter is not accounted for by the initialisation code, and hence
Lambda is initialized from incorrect erasure positions.
The fix is to adjust the erasure positions by the supplied pad.
Signed-off-by: Ferdinand Blomqvist <ferdinand.blomqvist@gmail.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Link: https://lkml.kernel.org/r/20190620141039.9874-3-ferdinand.blomqvist@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl0lmYwACgkQONu9yGCS
aT4h5w//ZG0BYEwxoa4Qc8rwvncnk78miK/VRH5JVTiToDqTuttHZQoMp+NLD2fQ
V679f/2+VqEPn8o6yJsrbM8uea0iIratI8U6L2OEt6TKPbar3CPcRUPJeqlPWkej
tf3qjAtvNNjLcl7xCYt9JNvpF4RwA8rLWWP5hZyYMi7xcMiB0FOriTlVJYHJ0PLK
Iqg+edkBxKwx7mvFlZnJkT0ln5hCqT4QBq2XrOYGUfy2Ans5Ytg5dhhp41QDD6iu
oE4mS+fybCzNOR3BWl7pfpeJRg8TKq4XNzYsQr9ftt2e3OZxOi3Jg+RLsgzjJB9P
1aTsuSzSeMXVGrAwRpBAot7TC+8F88sci0gibh4pg5N0ujGdvRW4gyzYHtdKhsTc
wmjYMKbAxJWwz0vkRp1aSnUMSRur4Wo3qCWaOWpjkP4xhSBTTER5e5cqeuVSWde5
FaD8s0yjnQsUaH3oxZ7zDL//MR0N+C4Izs9c2A8HkdksWTdTvI7YX8c766iIZgrm
JFV0FIZYIHAyuXT04W9n3VSvV4tLS+ouwYZpgG09oK0lBA8NT6RyZWzijY3VE0ed
Kl+t6iu02qZgZrvnq4pHUVnLQtw7KfyL3mzeljVxEeaTbGODPOJfypY1OMfhWYw+
dIlmsmfa2aANf5wttl8CjLkAIIG3JmuWO2exMQidvXlGCE+rKVM=
=u7q2
-----END PGP SIGNATURE-----
Merge 4.19.58 into android-4.19
Changes in 4.19.58
Bluetooth: Fix faulty expression for minimum encryption key size check
block: Fix a NULL pointer dereference in generic_make_request()
md/raid0: Do not bypass blocking queue entered for raid0 bios
netfilter: nf_flow_table: ignore DF bit setting
netfilter: nft_flow_offload: set liberal tracking mode for tcp
netfilter: nft_flow_offload: don't offload when sequence numbers need adjustment
netfilter: nft_flow_offload: IPCB is only valid for ipv4 family
ASoC : cs4265 : readable register too low
ASoC: ak4458: add return value for ak4458_probe
ASoC: soc-pcm: BE dai needs prepare when pause release after resume
ASoC: ak4458: rstn_control - return a non-zero on error only
spi: bitbang: Fix NULL pointer dereference in spi_unregister_master
drm/mediatek: fix unbind functions
drm/mediatek: unbind components in mtk_drm_unbind()
drm/mediatek: call drm_atomic_helper_shutdown() when unbinding driver
drm/mediatek: clear num_pipes when unbind driver
drm/mediatek: call mtk_dsi_stop() after mtk_drm_crtc_atomic_disable()
ASoC: max98090: remove 24-bit format support if RJ is 0
ASoC: sun4i-i2s: Fix sun8i tx channel offset mask
ASoC: sun4i-i2s: Add offset to RX channel select
x86/CPU: Add more Icelake model numbers
usb: gadget: fusb300_udc: Fix memory leak of fusb300->ep[i]
usb: gadget: udc: lpc32xx: allocate descriptor with GFP_ATOMIC
ALSA: hdac: fix memory release for SST and SOF drivers
SoC: rt274: Fix internal jack assignment in set_jack callback
scsi: hpsa: correct ioaccel2 chaining
drm: panel-orientation-quirks: Add quirk for GPD pocket2
drm: panel-orientation-quirks: Add quirk for GPD MicroPC
platform/x86: asus-wmi: Only Tell EC the OS will handle display hotkeys from asus_nb_wmi
platform/x86: intel-vbtn: Report switch events when event wakes device
platform/x86: mlx-platform: Fix parent device in i2c-mux-reg device registration
platform/mellanox: mlxreg-hotplug: Add devm_free_irq call to remove flow
i2c: pca-platform: Fix GPIO lookup code
cpuset: restore sanity to cpuset_cpus_allowed_fallback()
scripts/decode_stacktrace.sh: prefix addr2line with $CROSS_COMPILE
mm/mlock.c: change count_mm_mlocked_page_nr return type
tracing: avoid build warning with HAVE_NOP_MCOUNT
module: Fix livepatch/ftrace module text permissions race
ftrace: Fix NULL pointer dereference in free_ftrace_func_mapper()
drm/i915/dmc: protect against reading random memory
ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
crypto: user - prevent operating on larval algorithms
crypto: cryptd - Fix skcipher instance memory leak
ALSA: seq: fix incorrect order of dest_client/dest_ports arguments
ALSA: firewire-lib/fireworks: fix miss detection of received MIDI messages
ALSA: line6: Fix write on zero-sized buffer
ALSA: usb-audio: fix sign unintended sign extension on left shifts
ALSA: hda/realtek: Add quirks for several Clevo notebook barebones
ALSA: hda/realtek - Change front mic location for Lenovo M710q
lib/mpi: Fix karactx leak in mpi_powm
fs/userfaultfd.c: disable irqs for fault_pending and event locks
tracing/snapshot: Resize spare buffer if size changed
ARM: dts: armada-xp-98dx3236: Switch to armada-38x-uart serial node
arm64: kaslr: keep modules inside module region when KASAN is enabled
drm/amd/powerplay: use hardware fan control if no powerplay fan table
drm/amdgpu/gfx9: use reset default for PA_SC_FIFO_SIZE
drm/etnaviv: add missing failure path to destroy suballoc
drm/imx: notify drm core before sending event during crtc disable
drm/imx: only send event on crtc disable if kept disabled
ftrace/x86: Remove possible deadlock between register_kprobe() and ftrace_run_update_code()
mm/vmscan.c: prevent useless kswapd loops
btrfs: Ensure replaced device doesn't have pending chunk allocation
tty: rocket: fix incorrect forward declaration of 'rp_init()'
mlxsw: spectrum: Handle VLAN device unlinking
net/smc: move unhash before release of clcsock
media: s5p-mfc: fix incorrect bus assignment in virtual child device
drm/fb-helper: generic: Don't take module ref for fbcon
f2fs: don't access node/meta inode mapping after iput
mac80211: mesh: fix missing unlock on error in table_path_del()
scsi: tcmu: fix use after free
selftests: fib_rule_tests: Fix icmp proto with ipv6
x86/boot/compressed/64: Do not corrupt EDX on EFER.LME=1 setting
net: hns: Fixes the missing put_device in positive leg for roce reset
ALSA: hda: Initialize power_state field properly
rds: Fix warning.
ip6: fix skb leak in ip6frag_expire_frag_queue()
netfilter: ipv6: nf_defrag: fix leakage of unqueued fragments
sc16is7xx: move label 'err_spi' to correct section
net: hns: fix unsigned comparison to less than zero
bpf: fix bpf_jit_limit knob for PAGE_SIZE >= 64K
netfilter: ipv6: nf_defrag: accept duplicate fragments again
KVM: x86: degrade WARN to pr_warn_ratelimited
KVM: LAPIC: Fix pending interrupt in IRR blocked by software disable LAPIC
nfsd: Fix overflow causing non-working mounts on 1 TB machines
svcrdma: Ignore source port when computing DRC hash
MIPS: Fix bounds check virt_addr_valid
MIPS: Add missing EHB in mtc0 -> mfc0 sequence.
MIPS: have "plain" make calls build dtbs for selected platforms
dmaengine: qcom: bam_dma: Fix completed descriptors count
dmaengine: imx-sdma: remove BD_INTR for channel0
Linux 4.19.58
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit c8ea9fce2b upstream.
Sometimes mpi_powm will leak karactx because a memory allocation
failure causes a bail-out that skips the freeing of karactx. This
patch moves the freeing of karactx to the end of the function like
everything else so that it can't be skipped.
Reported-by: syzbot+f7baccc38dcc1e094e77@syzkaller.appspotmail.com
Fixes: cdec9cb516 ("crypto: GnuPG based MPI lib - source files...")
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Reviewed-by: Eric Biggers <ebiggers@kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlz/gIkACgkQONu9yGCS
aT5OhA/9Fkm+5JmZGIS+zA8QCOHGRwX4ttO67yKxZUmHWp5kOEmPAEWFcf4zLeSB
T7cpYfeW0YG7lOb53CLCVfXxOI+gVzOrhNC/Hk9Xerph6izew/oon3f6v125nrSE
INZiYsFL0S5uCbA+wh0P6KVyq05SP01l1Et2q9mlIOp58mGhQadWF58eqw6V6rwn
64NJyV1fwXXpnsiuCoy5E0Og9aSctlr+LCFCXaXnQU7WJXfXKBmUHNWRdfZnH+n7
29OnC4oAyZ7aFRvP7iUS8hFxXvnVsHw1HDdRr1Ton0uFuiVGUkQ3oRjoVjPyTBwO
M9Y+tViuCXEtH6KwiMMRKHHsIOZa2VguX8PO9cdr1Kl7kCMrkxGqk9YPOT/bDzrZ
N69Lr7aZk3vxJtXPAhsoryKN0a0t5glOZD0CYTIoDsQHBMg0RfjKg8k4I2It7UMY
blT8j4gNX17Ij240dbvJkD444mPBipk3wPXMrNkFvFAqT064cCQza7cbuXx5dpue
NkgamI5tCyzTUap0jiQ4FP00RN7Vbfh3rZSXLqaeOo0oA8x228+NjkDrrM2pGsGI
UFrXaphrwKSpvieuk2g2s/kzyJuOBWOk5mXf8jy8zR+NaLamdeI071PhqCmSVsm0
4AuDaJGLiBnqX90N09EJ819F6vSUe3MULfZLC9rjISzh7aOI9Pk=
=IPNo
-----END PGP SIGNATURE-----
Merge 4.19.50 into android-4.19
Changes in 4.19.50
ethtool: fix potential userspace buffer overflow
Fix memory leak in sctp_process_init
ipv4: not do cache for local delivery if bc_forwarding is enabled
ipv6: fix the check before getting the cookie in rt6_get_cookie
neighbor: Call __ipv4_neigh_lookup_noref in neigh_xmit
net: ethernet: ti: cpsw_ethtool: fix ethtool ring param set
net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high pages query
net: mvpp2: Use strscpy to handle stat strings
net: rds: fix memory leak in rds_ib_flush_mr_pool
net: sfp: read eeprom in maximum 16 byte increments
net/tls: replace the sleeping lock around RX resync with a bit lock
packet: unconditionally free po->rollover
pktgen: do not sleep with the thread lock held.
Revert "fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied"
ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
ipv6: fix EFAULT on sendto with icmpv6 and hdrincl
mtd: spinand: macronix: Fix ECC Status Read
rcu: locking and unlocking need to always be at least barriers
parisc: Use implicit space register selection for loading the coherence index of I/O pdirs
NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter
NFSv4.1: Fix bug only first CB_NOTIFY_LOCK is handled
fuse: fallocate: fix return with locked inode
pstore: Remove needless lock during console writes
pstore: Convert buf_lock to semaphore
pstore: Set tfm to NULL on free_buf_for_compression
pstore/ram: Run without kernel crash dump region
x86/power: Fix 'nosmt' vs hibernation triple fault during resume
x86/insn-eval: Fix use-after-free access to LDT entry
i2c: xiic: Add max_read_len quirk
s390/mm: fix address space detection in exception handling
xen-blkfront: switch kcalloc to kvcalloc for large array allocation
MIPS: Bounds check virt_addr_valid
MIPS: pistachio: Build uImage.gz by default
Revert "MIPS: perf: ath79: Fix perfcount IRQ assignment"
genwqe: Prevent an integer overflow in the ioctl
test_firmware: Use correct snprintf() limit
drm/gma500/cdv: Check vbt config bits when detecting lvds panels
drm/msm: fix fb references in async update
drm: add non-desktop quirk for Valve HMDs
drm/nouveau: add kconfig option to turn off nouveau legacy contexts. (v3)
drm: add non-desktop quirks to Sensics and OSVR headsets.
drm/amdgpu/psp: move psp version specific function pointers to early_init
drm/radeon: prefer lower reference dividers
drm/amdgpu: remove ATPX_DGPU_REQ_POWER_FOR_DISPLAYS check when hotplug-in
drm/i915: Fix I915_EXEC_RING_MASK
drm/i915/fbc: disable framebuffer compression on GeminiLake
drm/i915: Maintain consistent documentation subsection ordering
drm: don't block fb changes for async plane updates
drm/i915/gvt: Initialize intel_gvt_gtt_entry in stack
TTY: serial_core, add ->install
ipv4: Define __ipv4_neigh_lookup_noref when CONFIG_INET is disabled
ethtool: check the return value of get_regs_len
Linux 4.19.50
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit bd17cc5a20 upstream.
The limit here is supposed to be how much of the page is left, but it's
just using PAGE_SIZE as the limit.
The other thing to remember is that snprintf() returns the number of
bytes which would have been copied if we had had enough room. So that
means that if we run out of space then this code would end up passing a
negative value as the limit and the kernel would print an error message.
I have change the code to use scnprintf() which returns the number of
bytes that were successfully printed (not counting the NUL terminator).
Fixes: c92316bf8e ("test_firmware: add batched firmware tests")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlz2CXsACgkQONu9yGCS
aT7c0RAAvW/0LcCxnP5ksEs+0zGljm/+KHq1GF7Rg60SqlKFYayF/q2E94Bn1mt7
3Rxb8ppViOPlFxr24B6bMCr3NKsCfSgnh1Z2oEjhWGLfxTkmL4npfj/lJCrcTQdg
zaq4AydWuhrF1ykdTmC4ILgpi/Kn08TlNLP1QftXC9EUG59023q/hq7pb+OgfzkD
a3eVyQSqU47F6xLqJDny2yo08tAIWIBTH9V+9YL0RJKflc5VhQoLSa/TXsxVEm1h
ULRa2SjGldgwE4uOgnxTVjKPw8GWOv68w7uJedhNLBTdUOr3I9GMR7J38N2y1uIC
Opm8blpovs4m3dWh342+pxdbEc+Pm22wNNLjenc5eutGdxAdlP+VTdySoZsAfEfV
SjtIirgclLsXw/0q9PS8Ym0B6pEhgPahfHexkecCOS5s9FwduEIDfO+ePf0tsVEl
dE5iEwByImrtITuPAg7zDnUtP9cOImeXPlUOHbKfRd8xiotu8sFEbBpeSeReVAoj
0tLaE+olaB3e+ST/W+AoUSCtpKFjeeA5laSRvbXObOHl18QxnE9baMzE1rcCvr/x
+4Rl8SGtmaBM/sJ4BCiuCxKCPpV7cJBKr7KREthl7pHv+Lib+nQ+LK+gIJXYOufu
kQlTlfFimvPe7VJY3B+8QmHEcyX/nnhYAMdn08+/7Xuq8k+jxXc=
=V8H5
-----END PGP SIGNATURE-----
Merge 4.19.48 into android-4.19
Changes in 4.19.48
bonding/802.3ad: fix slave link initialization transition states
cxgb4: offload VLAN flows regardless of VLAN ethtype
inet: switch IP ID generator to siphash
ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
ipv6: Consider sk_bound_dev_if when binding a raw socket to an address
ipv6: Fix redirect with VRF
llc: fix skb leak in llc_build_and_send_ui_pkt()
net: dsa: mv88e6xxx: fix handling of upper half of STATS_TYPE_PORT
net: fec: fix the clk mismatch in failed_reset path
net-gro: fix use-after-free read in napi_gro_frags()
net: mvneta: Fix err code path of probe
net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
net: phy: marvell10g: report if the PHY fails to boot firmware
net: sched: don't use tc_action->order during action dump
net: stmmac: fix reset gpio free missing
usbnet: fix kernel crash after disconnect
net/mlx5: Avoid double free in fs init error unwinding path
tipc: Avoid copying bytes beyond the supplied data
net/mlx5: Allocate root ns memory using kzalloc to match kfree
net/mlx5e: Disable rxhash when CQE compress is enabled
net: stmmac: dma channel control register need to be init first
bnxt_en: Fix aggregation buffer leak under OOM condition.
net/tls: fix state removal with feature flags off
net/tls: don't ignore netdev notifications if no TLS features
crypto: vmx - ghash: do nosimd fallback manually
include/linux/compiler*.h: define asm_volatile_goto
compiler.h: give up __compiletime_assert_fallback()
jump_label: move 'asm goto' support test to Kconfig
xen/pciback: Don't disable PCI_COMMAND on PCI device reset.
Revert "tipc: fix modprobe tipc failed after switch order of device registration"
tipc: fix modprobe tipc failed after switch order of device registration
Linux 4.19.48
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit e9666d10a5 upstream.
Currently, CONFIG_JUMP_LABEL just means "I _want_ to use jump label".
The jump label is controlled by HAVE_JUMP_LABEL, which is defined
like this:
#if defined(CC_HAVE_ASM_GOTO) && defined(CONFIG_JUMP_LABEL)
# define HAVE_JUMP_LABEL
#endif
We can improve this by testing 'asm goto' support in Kconfig, then
make JUMP_LABEL depend on CC_HAS_ASM_GOTO.
Ugly #ifdef HAVE_JUMP_LABEL will go away, and CONFIG_JUMP_LABEL will
match to the real kernel capability.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Michael Ellerman <mpe@ellerman.id.au> (powerpc)
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
[nc: Fix trivial conflicts in 4.19
arch/xtensa/kernel/jump_label.c doesn't exist yet
Ensured CC_HAVE_ASM_GOTO and HAVE_JUMP_LABEL were sufficiently
eliminated]
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzxMDsACgkQONu9yGCS
aT6kjxAAvyKCDNGaQgBXGXe6xvBK7ad+mk+MU6WVycN+PIQzA8zVfR7RcGJgEP8t
65QrePyacMe5bmSgTnUKGz6DpwpWbCMamyftjoaPWIhxDFmQy7FB9ANOVoPDBw49
+jKT30ioBSI6LYQDU4xhxDO01HVEXmmLZquqYDfLoHOMLeXCivfTlM7PQPfxMZzn
fdeLtvfCnfMiftkXZjGqaWoUAnrlTmncQk9nXMcDgxrGy9pHJ6B1WWE5ygqr4Z5s
MaKfHotCSYD/eP8JsyIdJg+iMESv5Z0ZDCjbVslm81fCLeUD6atdnmpYxCphmT7Q
ifN23i4FJrXBX4xLpD9RYzavH3+hQzqb2pt02aBZRW0OLFK0qjYrkdayjwWGOIUI
zK9bgfHiiNKtoyvakQJ09uMhpO2thWeTMh8a6iBLTQ5Koi60adW1l5GrPuTTZYG7
V8xNB2cLsUktDsAr1I/kwrCMlE/oNFgy2La5zMzmELnFTUJRlMAoAGaa1DPcOFLt
QVdT8luJMu+1KTeMZPoK/7QQGszMDTAot4+Ys56KyPQ6zN/rGr2vm7kHYn41FyEp
KXpyeIm0/RKxUysz2Fyx+dL75e4ZhBof+amQ7Kotz6bF45o+ZwJ7THT6XKIOoln5
E7iI5RhQMZ2WuVIHLKa0QFBRn4RPpzie1lwOXWAAF6oqNgewXHw=
=fjPE
-----END PGP SIGNATURE-----
Merge 4.19.47 into android-4.19
Changes in 4.19.47
x86: Hide the int3_emulate_call/jmp functions from UML
ext4: do not delete unlinked inode from orphan list on failed truncate
ext4: wait for outstanding dio during truncate in nojournal mode
f2fs: Fix use of number of devices
KVM: x86: fix return value for reserved EFER
bio: fix improper use of smp_mb__before_atomic()
sbitmap: fix improper use of smp_mb__before_atomic()
Revert "scsi: sd: Keep disk read-only when re-reading partition"
crypto: vmx - CTR: always increment IV as quadword
mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem
mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem
kvm: svm/avic: fix off-by-one in checking host APIC ID
libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
arm64/kernel: kaslr: reduce module randomization range to 2 GB
arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable
gfs2: Fix sign extension bug in gfs2_update_stats
btrfs: don't double unlock on error in btrfs_punch_hole
Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path
Btrfs: avoid fallback to transaction commit during fsync of files with holes
Btrfs: fix race between ranged fsync and writeback of adjacent ranges
btrfs: sysfs: Fix error path kobject memory leak
btrfs: sysfs: don't leak memory when failing add fsid
udlfb: fix some inconsistent NULL checking
fbdev: fix divide error in fb_var_to_videomode
NFSv4.2 fix unnecessary retry in nfs4_copy_file_range
NFSv4.1 fix incorrect return value in copy_file_range
bpf: add bpf_jit_limit knob to restrict unpriv allocations
brcmfmac: assure SSID length from firmware is limited
brcmfmac: add subtype check for event handling in data path
arm64: errata: Add workaround for Cortex-A76 erratum #1463225
btrfs: honor path->skip_locking in backref code
ovl: relax WARN_ON() for overlapping layers use case
fbdev: fix WARNING in __alloc_pages_nodemask bug
media: cpia2: Fix use-after-free in cpia2_exit
media: serial_ir: Fix use-after-free in serial_ir_init_module
media: vb2: add waiting_in_dqbuf flag
media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit
bpf: devmap: fix use-after-free Read in __dev_map_entry_free
batman-adv: mcast: fix multicast tt/tvlv worker locking
at76c50x-usb: Don't register led_trigger if usb_register_driver failed
acct_on(): don't mess with freeze protection
Revert "btrfs: Honour FITRIM range constraints during free space trim"
gfs2: Fix lru_count going negative
cxgb4: Fix error path in cxgb4_init_module
NFS: make nfs_match_client killable
IB/hfi1: Fix WQ_MEM_RECLAIM warning
gfs2: Fix occasional glock use-after-free
mmc: core: Verify SD bus width
tools/bpf: fix perf build error with uClibc (seen on ARC)
selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c
bpftool: exclude bash-completion/bpftool from .gitignore pattern
dmaengine: tegra210-dma: free dma controller in remove()
net: ena: gcc 8: fix compilation warning
hv_netvsc: fix race that may miss tx queue wakeup
Bluetooth: Ignore CC events not matching the last HCI command
pinctrl: zte: fix leaked of_node references
ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE
usb: dwc2: gadget: Increase descriptors count for ISOC's
usb: dwc3: move synchronize_irq() out of the spinlock protected block
ASoC: hdmi-codec: unlock the device on startup errors
powerpc/perf: Return accordingly on invalid chip-id in
powerpc/boot: Fix missing check of lseek() return value
powerpc/perf: Fix loop exit condition in nest_imc_event_init
ASoC: imx: fix fiq dependencies
spi: pxa2xx: fix SCR (divisor) calculation
brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler()
ACPI / property: fix handling of data_nodes in acpi_get_next_subnode()
drm/nouveau/bar/nv50: ensure BAR is mapped
media: stm32-dcmi: return appropriate error codes during probe
ARM: vdso: Remove dependency with the arch_timer driver internals
arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable
powerpc/watchdog: Use hrtimers for per-CPU heartbeat
sched/cpufreq: Fix kobject memleak
scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session()
scsi: qla2xxx: Fix hardirq-unsafe locking
x86/modules: Avoid breaking W^X while loading modules
Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve
btrfs: fix panic during relocation after ENOSPC before writeback happens
btrfs: Don't panic when we can't find a root key
iwlwifi: pcie: don't crash on invalid RX interrupt
rtc: 88pm860x: prevent use-after-free on device remove
rtc: stm32: manage the get_irq probe defer case
scsi: qedi: Abort ep termination if offload not scheduled
s390/kexec_file: Fix detection of text segment in ELF loader
sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
w1: fix the resume command API
s390: qeth: address type mismatch warning
dmaengine: pl330: _stop: clear interrupt status
mac80211/cfg80211: update bss channel on channel switch
libbpf: fix samples/bpf build failure due to undefined UINT32_MAX
slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register
ASoC: fsl_sai: Update is_slave_mode with correct value
mwifiex: prevent an array overflow
rsi: Fix NULL pointer dereference in kmalloc
net: cw1200: fix a NULL pointer dereference
nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
nvme-rdma: fix a NULL deref when an admin connect times out
crypto: sun4i-ss - Fix invalid calculation of hash end
bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set
bcache: return error immediately in bch_journal_replay()
bcache: fix failure in journal relplay
bcache: add failure check to run_cache_set() for journal replay
bcache: avoid clang -Wunintialized warning
RDMA/cma: Consider scope_id while binding to ipv6 ll address
vfio-ccw: Do not call flush_workqueue while holding the spinlock
vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev
x86/build: Move _etext to actual end of .text
smpboot: Place the __percpu annotation correctly
x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault()
mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions
Bluetooth: hci_qca: Give enough time to ROME controller to bootup.
HID: logitech-hidpp: use RAP instead of FAP to get the protocol version
pinctrl: pistachio: fix leaked of_node references
pinctrl: samsung: fix leaked of_node references
clk: rockchip: undo several noc and special clocks as critical on rk3288
perf/arm-cci: Remove broken race mitigation
dmaengine: at_xdmac: remove BUG_ON macro in tasklet
media: coda: clear error return value before picture run
media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper
media: au0828: stop video streaming only when last user stops
media: ov2659: make S_FMT succeed even if requested format doesn't match
audit: fix a memory leak bug
media: stm32-dcmi: fix crash when subdev do not expose any formats
media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable()
media: pvrusb2: Prevent a buffer overflow
iio: adc: stm32-dfsdm: fix unmet direct dependencies detected
block: fix use-after-free on gendisk
powerpc/numa: improve control of topology updates
powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
random: fix CRNG initialization when random.trust_cpu=1
random: add a spinlock_t to struct batched_entropy
cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
sched/core: Check quota and period overflow at usec to nsec conversion
sched/rt: Check integer overflow at usec to nsec conversion
sched/core: Handle overflow in cpu_shares_write_u64
staging: vc04_services: handle kzalloc failure
drm/msm: a5xx: fix possible object reference leak
irq_work: Do not raise an IPI when queueing work on the local CPU
thunderbolt: Take domain lock in switch sysfs attribute callbacks
s390/qeth: handle error from qeth_update_from_chp_desc()
USB: core: Don't unbind interfaces following device reset failure
x86/irq/64: Limit IST stack overflow check to #DB stack
drm: etnaviv: avoid DMA API warning when importing buffers
phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode
phy: mapphone-mdm6600: add gpiolib dependency
i40e: Able to add up to 16 MAC filters on an untrusted VF
i40e: don't allow changes to HW VLAN stripping on active port VLANs
ACPI/IORT: Reject platform device creation on NUMA node mapping failure
arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
perf/x86/msr: Add Icelake support
perf/x86/intel/rapl: Add Icelake support
perf/x86/intel/cstate: Add Icelake support
hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses
hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
scsi: libsas: Do discovery on empty PHY to update PHY info
mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers
mmc_spi: add a status check for spi_sync_locked
mmc: sdhci-of-esdhc: add erratum eSDHC5 support
mmc: sdhci-of-esdhc: add erratum A-009204 support
mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
drm/amdgpu: fix old fence check in amdgpu_fence_emit
PM / core: Propagate dev->power.wakeup_path when no callbacks
clk: rockchip: Fix video codec clocks on rk3288
extcon: arizona: Disable mic detect if running when driver is removed
clk: rockchip: Make rkpwm a critical clock on rk3288
s390: zcrypt: initialize variables before_use
x86/microcode: Fix the ancient deprecated microcode loading method
s390/mm: silence compiler warning when compiling without CONFIG_PGSTE
s390: cio: fix cio_irb declaration
selftests: cgroup: fix cleanup path in test_memcg_subtree_control()
qmi_wwan: Add quirk for Quectel dynamic config
cpufreq: ppc_cbe: fix possible object reference leak
cpufreq/pasemi: fix possible object reference leak
cpufreq: pmac32: fix possible object reference leak
cpufreq: kirkwood: fix possible object reference leak
block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR
x86/build: Keep local relocations with ld.lld
drm/pl111: fix possible object reference leak
iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion
iio: hmc5843: fix potential NULL pointer dereferences
iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data
iio: adc: ti-ads7950: Fix improper use of mlock
selftests/bpf: ksym_search won't check symbols exists
rtlwifi: fix a potential NULL pointer dereference
mwifiex: Fix mem leak in mwifiex_tm_cmd
brcmfmac: fix missing checks for kmemdup
b43: shut up clang -Wuninitialized variable warning
brcmfmac: convert dev_init_lock mutex to completion
brcmfmac: fix WARNING during USB disconnect in case of unempty psq
brcmfmac: fix race during disconnect when USB completion is in progress
brcmfmac: fix Oops when bringing up interface during USB disconnect
rtc: xgene: fix possible race condition
rtlwifi: fix potential NULL pointer dereference
scsi: ufs: Fix regulator load and icc-level configuration
scsi: ufs: Avoid configuring regulator with undefined voltage range
drm/panel: otm8009a: Add delay at the end of initialization
arm64: cpu_ops: fix a leaked reference by adding missing of_node_put
wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP
x86/uaccess, signal: Fix AC=1 bloat
x86/ia32: Fix ia32_restore_sigcontext() AC leak
x86/uaccess: Fix up the fixup
chardev: add additional check for minor range overlap
RDMA/hns: Fix bad endianess of port_pd variable
sh: sh7786: Add explicit I/O cast to sh7786_mm_sel()
HID: core: move Usage Page concatenation to Main item
ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put
ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put
cxgb3/l2t: Fix undefined behaviour
HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent
spi: tegra114: reset controller on probe
kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice.
media: video-mux: fix null pointer dereferences
media: wl128x: prevent two potential buffer overflows
media: gspca: Kill URBs on USB device disconnect
efifb: Omit memory map check on legacy boot
thunderbolt: property: Fix a missing check of kzalloc
thunderbolt: Fix to check the return value of kmemdup
timekeeping: Force upper bound for setting CLOCK_REALTIME
scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check
virtio_console: initialize vtermno value for ports
tty: ipwireless: fix missing checks for ioremap
overflow: Fix -Wtype-limits compilation warnings
x86/mce: Fix machine_check_poll() tests for error types
rcutorture: Fix cleanup path for invalid torture_type strings
x86/mce: Handle varying MCA bank counts
rcuperf: Fix cleanup path for invalid perf_type strings
usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
scsi: qla4xxx: avoid freeing unallocated dma memory
scsi: lpfc: avoid uninitialized variable warning
selinux: avoid uninitialized variable warning
batman-adv: allow updating DAT entry timeouts on incoming ARP Replies
dmaengine: tegra210-adma: use devm_clk_*() helpers
hwrng: omap - Set default quality
thunderbolt: Fix to check return value of ida_simple_get
thunderbolt: Fix to check for kmemdup failure
drm/amd/display: fix releasing planes when exiting odm
thunderbolt: property: Fix a NULL pointer dereference
e1000e: Disable runtime PM on CNP+
tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers
igb: Exclude device from suspend direct complete optimization
media: si2165: fix a missing check of return value
media: dvbsky: Avoid leaking dvb frontend
media: m88ds3103: serialize reset messages in m88ds3103_set_frontend
media: staging: davinci_vpfe: disallow building with COMPILE_TEST
drm/amd/display: Fix Divide by 0 in memory calculations
drm/amd/display: Set stream->mode_changed when connectors change
scsi: ufs: fix a missing check of devm_reset_control_get
media: vimc: stream: fix thread state before sleep
media: gspca: do not resubmit URBs when streaming has stopped
media: go7007: avoid clang frame overflow warning with KASAN
media: vimc: zero the media_device on probe
scsi: lpfc: Fix FDMI manufacturer attribute value
scsi: lpfc: Fix fc4type information for FDMI
media: saa7146: avoid high stack usage with clang
scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
spi : spi-topcliff-pch: Fix to handle empty DMA buffers
drm/omap: dsi: Fix PM for display blank with paired dss_pll calls
spi: rspi: Fix sequencer reset during initialization
spi: imx: stop buffer overflow in RX FIFO flush
spi: Fix zero length xfer bug
ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
drm/v3d: Handle errors from IRQ setup.
drm/drv: Hold ref on parent device during drm_device lifetime
drm: Wake up next in drm_read() chain if we are forced to putback the event
drm/sun4i: dsi: Change the start delay calculation
vfio-ccw: Prevent quiesce function going into an infinite loop
drm/sun4i: dsi: Enforce boundaries on the start delay
NFS: Fix a double unlock from nfs_match,get_client
Linux 4.19.47
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit c03a0fd0b6 ]
syzbot is hitting use-after-free bug in uinput module [1]. This is because
kobject_uevent(KOBJ_REMOVE) is called again due to commit 0f4dafc056
("Kobject: auto-cleanup on final unref") after memory allocation fault
injection made kobject_uevent(KOBJ_REMOVE) from device_del() from
input_unregister_device() fail, while uinput_destroy_device() is expecting
that kobject_uevent(KOBJ_REMOVE) is not called after device_del() from
input_unregister_device() completed.
That commit intended to catch cases where nobody even attempted to send
"remove" uevents. But there is no guarantee that an event will ultimately
be sent. We are at the point of no return as far as the rest of the kernel
is concerned; there are no repeats or do-overs.
Also, it is not clear whether some subsystem depends on that commit.
If no subsystem depends on that commit, it will be better to remove
the state_{add,remove}_uevent_sent logic. But we don't want to risk
a regression (in a patch which will be backported) by trying to remove
that logic. Therefore, as a first step, let's avoid the use-after-free bug
by making sure that kobject_uevent(KOBJ_REMOVE) won't be triggered twice.
[1] https://syzkaller.appspot.com/bug?id=8b17c134fe938bbddd75a45afaa9e68af43a362d
Reported-by: syzbot <syzbot+f648cfb7e0b52bf7ae32@syzkaller.appspotmail.com>
Analyzed-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
Fixes: 0f4dafc056 ("Kobject: auto-cleanup on final unref")
Cc: Kay Sievers <kay@vrfy.org>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
[ Upstream commit 29da93fea3 ]
Randy reported objtool triggered on his (GCC-7.4) build:
lib/strncpy_from_user.o: warning: objtool: strncpy_from_user()+0x315: call to __ubsan_handle_add_overflow() with UACCESS enabled
lib/strnlen_user.o: warning: objtool: strnlen_user()+0x337: call to __ubsan_handle_sub_overflow() with UACCESS enabled
This is due to UBSAN generating signed-overflow-UB warnings where it
should not. Prior to GCC-8 UBSAN ignored -fwrapv (which the kernel
uses through -fno-strict-overflow).
Make the functions use 'unsigned long' throughout.
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Acked-by: Randy Dunlap <rdunlap@infradead.org> # build-tested
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: luto@kernel.org
Link: http://lkml.kernel.org/r/20190424072208.754094071@infradead.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
commit a0934fd2b1 upstream.
This barrier only applies to the read-modify-write operations; in
particular, it does not apply to the atomic_set() primitive.
Replace the barrier with an smp_mb().
Fixes: 6c0ca7ae29 ("sbitmap: fix wakeup hang after sbq resize")
Cc: stable@vger.kernel.org
Reported-by: "Paul E. McKenney" <paulmck@linux.ibm.com>
Reported-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Andrea Parri <andrea.parri@amarulasolutions.com>
Reviewed-by: Ming Lei <ming.lei@redhat.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Omar Sandoval <osandov@fb.com>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: linux-block@vger.kernel.org
Cc: "Paul E. McKenney" <paulmck@linux.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzpbCYACgkQONu9yGCS
aT6aJhAAjh1h5q6oRAWZ7k3CTbx7abpi3FwqlGsrinxRkwdDvy6TXTo8gBn0emS0
8TEiQXLm/6M3IGyR8m7w2TGxThyk5xtUqEbxldHwzU/wsZzJ8KegnQUbpmdmJtrh
BnvPygwOSldm8fqNZsFNWNCwt0m9LqPm5m57lHOj4PsxRFkr6jVYjtrynTbyDBus
fT4Dec/jD/0hZbP2aeS5YWNee1ElgiiRewU5q5+Dn8yIDlaX81hkiu+J/EUS/97n
8Irn7Zs7wgjEwVe9xz1SEqAO0TtDH7wgxV2JMcXMRCbj45vmiUPh9IrSqqhvjqbf
Gr36rGyuA2AIlMlzppEgP8ZiL6b5/2+e0mZFVfV4Ck3zThWq/pi8xrNk/AGVbXSA
yE7j7PMVC0Pr9zFOBEsdb6HEOkwy4drGlSWiGkN5jZ5/yexGT4LhEpoMwqSd6tZ8
p12OdVmrEYZyasKOEGyOLFvUWKDT+aClFXcnB0Vi3GNtw6K4aHJU1dtPcpeD+PvO
qMY2ePAj3GXKcg+r4dQPcbO+xEer8JZS/clTXNVwArGMQ/KII6hz2XCeSXe+aVnA
5SJZQnyimgaEev1Y1C7VVYBa4T+S54O+tjvKhv4fuX4vL622rLkUmMJyb2XWNSIC
HagZOcEN7PY9KWqaMiP5GtcumfAUQCtNfXY0QMYhR+9B2Sl2zGg=
=P21c
-----END PGP SIGNATURE-----
Merge 4.19.46 into android-4.19
Changes in 4.19.46
ipv6: fix src addr routing with the exception table
ipv6: prevent possible fib6 leaks
net: Always descend into dsa/
net: avoid weird emergency message
net/mlx4_core: Change the error print to info print
net: test nouarg before dereferencing zerocopy pointers
net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
nfp: flower: add rcu locks when accessing netdev for tunnels
ppp: deflate: Fix possible crash in deflate_init
rtnetlink: always put IFLA_LINK for links with a link-netnsid
tipc: switch order of device registration to fix a crash
vsock/virtio: free packets during the socket release
tipc: fix modprobe tipc failed after switch order of device registration
vsock/virtio: Initialize core virtio vsock before registering the driver
net/mlx5: Imply MLXFW in mlx5_core
net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC is disabled
parisc: Export running_on_qemu symbol for modules
parisc: Skip registering LED when running in QEMU
parisc: Use PA_ASM_LEVEL in boot code
parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with DRBD code
stm class: Fix channel free in stm output free path
stm class: Fix channel bitmap on 32-bit systems
brd: re-enable __GFP_HIGHMEM in brd_insert_page()
proc: prevent changes to overridden credentials
Revert "MD: fix lock contention for flush bios"
md: batch flush requests.
md: add mddev->pers to avoid potential NULL pointer dereference
dcache: sort the freeing-without-RCU-delay mess for good.
intel_th: msu: Fix single mode with IOMMU
p54: drop device reference count if fails to enable device
of: fix clang -Wunsequenced for be32_to_cpu()
cifs: fix strcat buffer overflow and reduce raciness in smb21_set_oplock_level()
phy: ti-pipe3: fix missing bit-wise or operator when assigning val
media: ov6650: Fix sensor possibly not detected on probe
media: imx: csi: Allow unknown nearest upstream entities
media: imx: Clear fwnode link struct for each endpoint iteration
NFS4: Fix v4.0 client state corruption when mount
PNFS fallback to MDS if no deviceid found
clk: hi3660: Mark clk_gate_ufs_subsys as critical
clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides divider
clk: mediatek: Disable tuner_en before change PLL rate
clk: rockchip: fix wrong clock definitions for rk3328
udlfb: delete the unused parameter for dlfb_handle_damage
udlfb: fix sleeping inside spinlock
udlfb: introduce a rendering mutex
fuse: fix writepages on 32bit
fuse: honor RLIMIT_FSIZE in fuse_file_fallocate
ovl: fix missing upper fs freeze protection on copy up for ioctl
iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
ceph: flush dirty inodes before proceeding with remount
x86_64: Add gap to int3 to allow for call emulation
x86_64: Allow breakpoints to emulate call instructions
ftrace/x86_64: Emulate call function while updating in breakpoint handler
tracing: Fix partial reading of trace event's id file
memory: tegra: Fix integer overflow on tick value calculation
perf intel-pt: Fix instructions sampling rate
perf intel-pt: Fix improved sample timestamp
perf intel-pt: Fix sample timestamp wrt non-taken branches
MIPS: perf: Fix build with CONFIG_CPU_BMIPS5000 enabled
objtool: Allow AR to be overridden with HOSTAR
fbdev/efifb: Ignore framebuffer memmap entries that lack any memory types
fbdev: sm712fb: fix brightness control on reboot, don't set SR30
fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
fbdev: sm712fb: fix white screen of death on reboot, don't set CR3B-CR3F
fbdev: sm712fb: fix boot screen glitch when sm712fb replaces VGA
fbdev: sm712fb: fix crashes during framebuffer writes by correctly mapping VRAM
fbdev: sm712fb: fix support for 1024x768-16 mode
fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix garbled display
fbdev: sm712fb: fix crashes and garbled display during DPMS modesetting
PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken
PCI: Mark Atheros AR9462 to avoid bus reset
PCI: Init PCIe feature bits for managed host bridge alloc
PCI/AER: Change pci_aer_init() stub to return void
PCI: rcar: Add the initialization of PCIe link in resume_noirq()
PCI: Factor out pcie_retrain_link() function
PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
dm cache metadata: Fix loading discard bitset
dm zoned: Fix zone report handling
dm delay: fix a crash when invalid device is specified
dm integrity: correctly calculate the size of metadata area
dm mpath: always free attached_handler_name in parse_path()
fuse: Add FOPEN_STREAM to use stream_open()
xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
xfrm6_tunnel: Fix potential panic when unloading xfrm6_tunnel module
vti4: ipip tunnel deregistration fixes.
xfrm: clean up xfrm protocol checks
esp4: add length check for UDP encapsulation
xfrm: Honor original L3 slave device in xfrmi policy lookup
xfrm4: Fix uninitialized memory read in _decode_session4
clk: sunxi-ng: nkmp: Avoid GENMASK(-1, 0)
power: supply: cpcap-battery: Fix division by zero
securityfs: fix use-after-free on symlink traversal
apparmorfs: fix use-after-free on symlink traversal
PCI: Fix issue with "pci=disable_acs_redir" parameter being ignored
x86: kvm: hyper-v: deal with buggy TLB flush requests from WS2012
mac80211: Fix kernel panic due to use of txq after free
net: ieee802154: fix missing checks for regmap_update_bits
KVM: arm/arm64: Ensure vcpu target is unset on reset failure
power: supply: sysfs: prevent endless uevent loop with CONFIG_POWER_SUPPLY_DEBUG
bpf: Fix preempt_enable_no_resched() abuse
qmi_wwan: new Wistron, ZTE and D-Link devices
iwlwifi: mvm: check for length correctness in iwl_mvm_create_skb()
sched/cpufreq: Fix kobject memleak
x86/mm/mem_encrypt: Disable all instrumentation for early SME setup
ufs: fix braino in ufs_get_inode_gid() for solaris UFS flavour
perf bench numa: Add define for RUSAGE_THREAD if not present
perf/x86/intel: Fix race in intel_pmu_disable_event()
Revert "Don't jump to compute_result state from check_result state"
md/raid: raid5 preserve the writeback action after the parity check
driver core: Postpone DMA tear-down until after devres release for probe failure
Revert "selftests/bpf: skip verifier tests for unsupported program types"
bpf: relax inode permission check for retrieving bpf program
bpf: add map_lookup_elem_sys_only for lookups from syscall side
bpf, lru: avoid messing with eviction heuristics upon syscall lookup
fbdev: sm712fb: fix memory frequency by avoiding a switch/case fallthrough
Linux 4.19.46
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit b51ce3744f ]
Enablement of AMD's Secure Memory Encryption feature is determined very
early after start_kernel() is entered. Part of this procedure involves
scanning the command line for the parameter 'mem_encrypt'.
To determine intended state, the function sme_enable() uses library
functions cmdline_find_option() and strncmp(). Their use occurs early
enough such that it cannot be assumed that any instrumentation subsystem
is initialized.
For example, making calls to a KASAN-instrumented function before KASAN
is set up will result in the use of uninitialized memory and a boot
failure.
When AMD's SME support is enabled, conditionally disable instrumentation
of these dependent functions in lib/string.c and arch/x86/lib/cmdline.c.
[ bp: Get rid of intermediary nostackp var and cleanup whitespace. ]
Fixes: aca20d5462 ("x86/mm: Add support to make use of Secure Memory Encryption")
Reported-by: Li RongQing <lirongqing@baidu.com>
Signed-off-by: Gary R Hook <gary.hook@amd.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Boris Brezillon <bbrezillon@kernel.org>
Cc: Coly Li <colyli@suse.de>
Cc: "dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Kent Overstreet <kent.overstreet@gmail.com>
Cc: "luto@kernel.org" <luto@kernel.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: "mingo@redhat.com" <mingo@redhat.com>
Cc: "peterz@infradead.org" <peterz@infradead.org>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: x86-ml <x86@kernel.org>
Link: https://lkml.kernel.org/r/155657657552.7116.18363762932464011367.stgit@sosrh3.amd.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzk4CsACgkQONu9yGCS
aT5Xaw//UWopx4Yqbiv+4HBgW+2ijP4utxI4lBNYITD44jvkyVJnztUtVkWepu5r
Tkl/7zytXOpxbpuhS0xqpWwG7lL5eT4NCG08KSX4lYQVjIWX4YzVkw9gLe9V2AaK
IqTzaWtbuagARbnR3UC65TI4kjRGsr9ldY0AbbGGVTM6IwPquHN9Qd9TAzRwRohn
CxY94Bwp1RcN2sSPkD3nUCUGOSNh97BXyypeM7FyceOzOpyAdQCXoUPc84cPqdNC
4GBkd5Z1IL/7zX3HDjQeGS0KK6e1enslSmsbSSUVuHI90LCr3CZPJkFF8RFnPnff
2RA7bdhp8C1JPeLDimr+SNSLEl9yywoH6d4UQAnBwoLDjiFCEITVgjDtYzzd81+1
ES6lbUAs8v/LXkaCaExq6pNNd1prg6Mj9Fe6cz+G9V/YV1tLUsoAJHdFucu8Sp7w
rwz/PZ6waCf8VRO4aYFF9b+u7PQ/RFZWQYsz22P7PhAYg0CTajV1FWGk1AYi0+wQ
5YCmthbWhDo9U5lAFyQ0pVTXv/UNgEu6MfV1/jKtCk5AzsbE77orj1xusKckHq2e
QojgmELmHMlFFajI0h/ddDo7iwz/5OrPVs9D03RysiOciMzdTKPucPyC0Ah4yEBA
sJ0cQkaVtqO2Nu3E42lfQTpVIqBgi8NGav+kRwryB1YyKeaXLsM=
=HJ7O
-----END PGP SIGNATURE-----
Merge 4.19.45 into android-4.19
Changes in 4.19.45
locking/rwsem: Prevent decrement of reader count before increment
x86/speculation/mds: Revert CPU buffer clear on double fault exit
x86/speculation/mds: Improve CPU buffer clear documentation
objtool: Fix function fallthrough detection
arm64: dts: rockchip: Disable DCMDs on RK3399's eMMC controller.
ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260
ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3
mmc: sdhci-of-arasan: Add DTS property to disable DCMDs.
ARM: exynos: Fix a leaked reference by adding missing of_node_put
power: supply: axp288_charger: Fix unchecked return value
power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the blacklist
arm64: mmap: Ensure file offset is treated as unsigned
arm64: arch_timer: Ensure counter register reads occur with seqlock held
arm64: compat: Reduce address limit
arm64: Clear OSDLR_EL1 on CPU boot
arm64: Save and restore OSDLR_EL1 across suspend/resume
sched/x86: Save [ER]FLAGS on context switch
crypto: crypto4xx - fix ctr-aes missing output IV
crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues
crypto: salsa20 - don't access already-freed walk.iv
crypto: chacha20poly1305 - set cra_name correctly
crypto: ccp - Do not free psp_master when PLATFORM_INIT fails
crypto: vmx - fix copy-paste error in CTR mode
crypto: skcipher - don't WARN on unprocessed data after slow walk step
crypto: crct10dif-generic - fix use via crypto_shash_digest()
crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
crypto: arm64/gcm-aes-ce - fix no-NEON fallback code
crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
crypto: rockchip - update IV buffer to contain the next IV
crypto: arm/aes-neonbs - don't access already-freed walk.iv
crypto: arm64/aes-neonbs - don't access already-freed walk.iv
mmc: core: Fix tag set memory leak
ALSA: line6: toneport: Fix broken usage of timer for delayed execution
ALSA: usb-audio: Fix a memory leak bug
ALSA: hda/hdmi - Read the pin sense from register when repolling
ALSA: hda/hdmi - Consider eld_valid when reporting jack event
ALSA: hda/realtek - EAPD turn on later
ALSA: hdea/realtek - Headset fixup for System76 Gazelle (gaze14)
ASoC: max98090: Fix restore of DAPM Muxes
ASoC: RT5677-SPI: Disable 16Bit SPI Transfers
ASoC: fsl_esai: Fix missing break in switch statement
ASoC: codec: hdac_hdmi add device_link to card device
bpf, arm64: remove prefetch insn in xadd mapping
crypto: ccree - remove special handling of chained sg
crypto: ccree - fix mem leak on error path
crypto: ccree - don't map MAC key on stack
crypto: ccree - use correct internal state sizes for export
crypto: ccree - don't map AEAD key and IV on stack
crypto: ccree - pm resume first enable the source clk
crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access during suspend
crypto: ccree - add function to handle cryptocell tee fips error
crypto: ccree - handle tee fips error during power management resume
mm/mincore.c: make mincore() more conservative
mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses
mm/hugetlb.c: don't put_page in lock of hugetlb_lock
hugetlb: use same fault hash key for shared and private mappings
ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
userfaultfd: use RCU to free the task struct when fork fails
ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle
mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L
mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write
tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0
tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
jbd2: check superblock mapped prior to committing
ext4: make sanity check in mballoc more strict
ext4: ignore e_value_offs for xattrs with value-in-ea-inode
ext4: avoid drop reference to iloc.bh twice
ext4: fix use-after-free race with debug_want_extra_isize
ext4: actually request zeroing of inode table after grow
ext4: fix ext4_show_options for file systems w/o journal
btrfs: Check the first key and level for cached extent buffer
btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages fails
btrfs: Honour FITRIM range constraints during free space trim
Btrfs: send, flush dellaloc in order to avoid data loss
Btrfs: do not start a transaction during fiemap
Btrfs: do not start a transaction at iterate_extent_inodes()
bcache: fix a race between cache register and cacheset unregister
bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim()
ipmi:ssif: compare block number correctly for multi-part return messages
crypto: ccm - fix incompatibility between "ccm" and "ccm_base"
fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount
tty: Don't force RISCV SBI console as preferred console
ext4: zero out the unused memory region in the extent tree block
ext4: fix data corruption caused by overlapping unaligned and aligned IO
ext4: fix use-after-free in dx_release()
ext4: avoid panic during forced reboot due to aborted journal
ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14)
ALSA: hda/realtek - Fixup headphone noise via runtime suspend
ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug
jbd2: fix potential double free
KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes
KVM: lapic: Busy wait for timer to expire when using hv_timer
kbuild: turn auto.conf.cmd into a mandatory include file
xen/pvh: set xen_domain_type to HVM in xen_pvh_init
libnvdimm/namespace: Fix label tracking error
iov_iter: optimize page_copy_sane()
pstore: Centralize init/exit routines
pstore: Allocate compression during late_initcall()
pstore: Refactor compression initialization
ext4: fix compile error when using BUFFER_TRACE
ext4: don't update s_rev_level if not required
Linux 4.19.45
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit 6daef95b8c upstream.
Avoid cache line miss dereferencing struct page if we can.
page_copy_sane() mostly deals with order-0 pages.
Extra cache line miss is visible on TCP recvmsg() calls dealing
with GRO packets (typically 45 page frags are attached to one skb).
Bringing the 45 struct pages into cpu cache while copying the data
is not free, since the freeing of the skb (and associated
page frags put_page()) can happen after cache lines have been evicted.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Cc: Matthew Wilcox <willy@infradead.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzVnqQACgkQONu9yGCS
aT4iJQ//SEDeqCHsZIblTqIywc87Xn/M4WGvQSr5l7NlFFWXRmIZ2VqGSa8IqY6m
mbq0WJHIb0N3fJ09rh6/OuoFz8j7L4aq3OngCsAfmj3Esb2mAt8QkpvHgKdO8wEp
iWstqAUUgCJLaaCO2KN5Z4uvpib+HhpaoOkHNto94w6M5Hc9Ax9iqMWqOk+ugcy9
q3nPWomhesrmzNjw4gOtG2gyGlkqUZOkbvQDYttXO5jAV2sgfy1puaG3maApRRvT
uZFOYBJEa13MFx+QgaLvZ7asyhtlBVzQyRx/CcBjecCMRv3oC/ZZtemDmwqEZ4ll
kj4IaRMzthRhmkpLEEW4SkN/TZDL3C0n114Wp+hRMmLviY7yOOovrbiHs8k/RYzU
eOKZ2v/zI2FKGYbH0Nsa1HPJdOO1ESAVIxs/XHyk8odOPCpx+KN8NOPdnWILrM1l
uhVKK62iQlZsLlny+EE7Oy3nqZAg1hHwNkV7WuyLfFrSVDQ/IOLK953QJdNlmgCd
NbVRCcZ8gtL47jLD4F3uf8bcNQhheg/1m/A95xl860WmTDXrQSvN3FmvVWZ9LUCf
ftsA76tMcDFlpw/Xu12z+P93VliaATt/I6aRbJyKvL3BBL5dB7Cx0asMDi5ecT6P
sgaxYPp56xX0m6V10vEtaFCRcyuP2JmR60uU5Zvq9t5CtG+7BL0=
=SzxN
-----END PGP SIGNATURE-----
Merge 4.19.42 into android-4.19
Changes in 4.19.42
net: stmmac: Use bfsize1 in ndesc_init_rx_desc
scsi: libsas: fix a race condition when smp task timeout
Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup()
ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
staging: greybus: power_supply: fix prop-descriptor request size
staging: most: cdev: fix chrdev_region leak in mod_exit
ASoC: tlv320aic3x: fix reset gpio reference counting
ASoC: hdmi-codec: fix S/PDIF DAI
ASoC: stm32: sai: fix iec958 controls indexation
ASoC: stm32: sai: fix exposed capabilities in spdif mode
ASoC:soc-pcm:fix a codec fixup issue in TDM case
ASoC:intel:skl:fix a simultaneous playback & capture issue on hda platform
ASoC: nau8824: fix the issue of the widget with prefix name
ASoC: nau8810: fix the issue of widget with prefixed name
ASoC: samsung: odroid: Fix clock configuration for 44100 sample rate
ASoC: rt5682: recording has no sound after booting
ASoC: wm_adsp: Add locking to wm_adsp2_bus_error
clk: meson-gxbb: round the vdec dividers to closest
ASoC: stm32: dfsdm: manage multiple prepare
ASoC: stm32: dfsdm: fix debugfs warnings on entry creation
ASoC: cs4270: Set auto-increment bit for register writes
ASoC: dapm: Fix NULL pointer dereference in snd_soc_dapm_free_kcontrol
drm/omap: hdmi4_cec: Fix CEC clock handling for PM
IB/hfi1: Eliminate opcode tests on mr deref
IB/hfi1: Fix the allocation of RSM table
MIPS: KGDB: fix kgdb support for SMP platforms.
ASoC: tlv320aic32x4: Fix Common Pins
drm/mediatek: Fix an error code in mtk_hdmi_dt_parse_pdata()
perf/x86/intel: Fix handling of wakeup_events for multi-entry PEBS
perf/x86/intel: Initialize TFA MSR
linux/kernel.h: Use parentheses around argument in u64_to_user_ptr()
ASoC: rockchip: pdm: fix regmap_ops hang issue
drm/amd/display: fix cursor black issue
ASoC: cs35l35: Disable regulators on driver removal
objtool: Add rewind_stack_do_exit() to the noreturn list
slab: fix a crash by reading /proc/slab_allocators
drm/sun4i: tcon top: Fix NULL/invalid pointer dereference in sun8i_tcon_top_un/bind
virtio_pci: fix a NULL pointer reference in vp_del_vqs
RDMA/vmw_pvrdma: Fix memory leak on pvrdma_pci_remove
RDMA/hns: Fix bug that caused srq creation to fail
scsi: csiostor: fix missing data copy in csio_scsi_err_handler()
drm/mediatek: fix possible object reference leak
ASoC: Intel: kbl: fix wrong number of channels
virtio-blk: limit number of hw queues by nr_cpu_ids
nvme-fc: correct csn initialization and increments on error
platform/x86: pmc_atom: Drop __initconst on dmi table
perf/core: Fix perf_event_disable_inatomic() race
iommu/amd: Set exclusion range correctly
genirq: Prevent use-after-free and work list corruption
usb: dwc3: Fix default lpm_nyet_threshold value
USB: serial: f81232: fix interrupt worker not stop
USB: cdc-acm: fix unthrottle races
usb-storage: Set virt_boundary_mask to avoid SG overflows
intel_th: pci: Add Comet Lake support
cpufreq: armada-37xx: fix frequency calculation for opp
soc: sunxi: Fix missing dependency on REGMAP_MMIO
scsi: lpfc: change snprintf to scnprintf for possible overflow
scsi: qla2xxx: Fix incorrect region-size setting in optrom SYSFS routines
scsi: qla2xxx: Fix device staying in blocked state
Bluetooth: hidp: fix buffer overflow
Bluetooth: Align minimum encryption key size for LE and BR/EDR connections
UAS: fix alignment of scatter/gather segments
ASoC: Intel: avoid Oops if DMA setup fails
locking/futex: Allow low-level atomic operations to return -EAGAIN
arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
Linux 4.19.42
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit f0996bc297 upstream.
Building lib/ubsan.c with gcc-9 results in a ton of nasty warnings like
this one:
lib/ubsan.c warning: conflicting types for built-in function
‘__ubsan_handle_negate_overflow’; expected ‘void(void *, void *)’ [-Wbuiltin-declaration-mismatch]
The kernel's declarations of __ubsan_handle_*() often uses 'unsigned
long' types in parameters while GCC these parameters as 'void *' types,
hence the mismatch.
Fix this by using 'void *' to match GCC's declarations.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Fixes: c6d308534a ("UBSAN: run-time undefined behavior sanity checker")
Cc: <stable@vger.kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzKo0YACgkQONu9yGCS
aT4dbQ//U1bo/8bdBJec+a0aNMy3cxzPF1Ozbrb/vEaHofj1BR87hgo4BODBO7pu
6ppwloPle9VFrsfT1FYOjsicUBhT4NmieHlsC3msAR4xlBEbHEOBTEbUdu3HinGV
Jn/uL/NDTrq+wA5rROGOh9sTlQ5w6dqItjHAWvnGkXlerbUJwIgnzbgH5qGBFZhQ
6SbPmqJv5V+C+qYy3yXNs2CnbtS7+cfulLy26MNnkFMEZGbHTWeNbeu9H41AK6T4
xtO8INse28RD6lbAPvW/xb//iAXsOHv+7KF1TgtZq89Z1RmlaqLSdPdgTYvCxm+Y
RhWa8KyIdhADJ8z8sRcPviFI5bR65cfCMUAEgBcFNYYByDv36KCBLsXajn4JbBsF
OOOtqnGaZyAJBZgMXySfVJIXLAx7cUlt07YD9cIdsOzjl1DCMP76XvypeGXLw5Mk
ZBXBJ+By+8jwnE7PAtecij/VH6qCDsfn4HqoRELsRLVahFsnFFid5lutVIjsO21j
QHrwi4hChuYGa89MhD48KyC2ZuaQmbs3rm6F3O0iQ0aipknvlsDoB4jYYp9qRI04
0FYMlZLlVyg+sNYOM2XvTtpOBFa1PFwFwscqXoyt0CGtig0D+pD3gDYExRONj6Fp
8h+OUBWbVHWscceMc6G1p/Qu+YcgmQTu8CFAUO8l/X8xq655c1A=
=isRm
-----END PGP SIGNATURE-----
Merge 4.19.38 into android-4.19
Changes in 4.19.38
netfilter: nft_compat: use refcnt_t type for nft_xt reference count
netfilter: nft_compat: make lists per netns
netfilter: nf_tables: split set destruction in deactivate and destroy phase
netfilter: nft_compat: destroy function must not have side effects
netfilter: nf_tables: warn when expr implements only one of activate/deactivate
netfilter: nf_tables: unbind set in rule from commit path
netfilter: nft_compat: don't use refcount_inc on newly allocated entry
netfilter: nft_compat: use .release_ops and remove list of extension
netfilter: nf_tables: fix set double-free in abort path
netfilter: nf_tables: bogus EBUSY when deleting set after flush
netfilter: nf_tables: bogus EBUSY in helper removal from transaction
net/ibmvnic: Fix RTNL deadlock during device reset
net: mvpp2: fix validate for PPv2.1
ext4: fix some error pointer dereferences
tipc: handle the err returned from cmd header function
loop: do not print warn message if partition scan is successful
drm/rockchip: fix for mailbox read validation.
vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
ipvs: fix warning on unused variable
powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64
ALSA: hda/ca0132 - Fix build error without CONFIG_PCI
net: dsa: mv88e6xxx: add call to mv88e6xxx_ports_cmode_init to probe for new DSA framework
cifs: fix memory leak in SMB2_read
cifs: do not attempt cifs operation on smb2+ rename error
tracing: Fix a memory leak by early error exit in trace_pid_write()
tracing: Fix buffer_ref pipe ops
gpio: eic: sprd: Fix incorrect irq type setting for the sync EIC
zram: pass down the bvec we need to read into in the work struct
lib/Kconfig.debug: fix build error without CONFIG_BLOCK
MIPS: scall64-o32: Fix indirect syscall number load
trace: Fix preempt_enable_no_resched() abuse
IB/rdmavt: Fix frwr memory registration
RDMA/mlx5: Do not allow the user to write to the clock page
sched/numa: Fix a possible divide-by-zero
ceph: only use d_name directly when parent is locked
ceph: ensure d_name stability in ceph_dentry_hash()
ceph: fix ci->i_head_snapc leak
nfsd: Don't release the callback slot unless it was actually held
sunrpc: don't mark uninitialised items as VALID.
perf/x86/intel: Update KBL Package C-state events to also include PC8/PC9/PC10 counters
Input: synaptics-rmi4 - write config register values to the right offset
vfio/type1: Limit DMA mappings per container
dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid
dmaengine: sh: rcar-dmac: Fix glitch in dmaengine_tx_status
ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache
powerpc/mm/radix: Make Radix require HUGETLB_PAGE
drm/vc4: Fix memory leak during gpu reset.
Revert "drm/i915/fbdev: Actually configure untiled displays"
drm/vc4: Fix compilation error reported by kbuild test bot
USB: Add new USB LPM helpers
USB: Consolidate LPM checks to avoid enabling LPM twice
slip: make slhc_free() silently accept an error pointer
intel_th: gth: Fix an off-by-one in output unassigning
fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
workqueue: Try to catch flush_work() without INIT_WORK().
binder: fix handling of misaligned binder object
sched/deadline: Correctly handle active 0-lag timers
NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family.
netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
fm10k: Fix a potential NULL pointer dereference
tipc: check bearer name with right length in tipc_nl_compat_bearer_enable
tipc: check link name with right length in tipc_nl_compat_link_set
net: netrom: Fix error cleanup path of nr_proto_init
net/rds: Check address length before reading address family
rxrpc: fix race condition in rxrpc_input_packet()
aio: clear IOCB_HIPRI
aio: use assigned completion handler
aio: separate out ring reservation from req allocation
aio: don't zero entire aio_kiocb aio_get_req()
aio: use iocb_put() instead of open coding it
aio: split out iocb copy from io_submit_one()
aio: abstract out io_event filler helper
aio: initialize kiocb private in case any filesystems expect it.
aio: simplify - and fix - fget/fput for io_submit()
pin iocb through aio.
aio: fold lookup_kiocb() into its sole caller
aio: keep io_event in aio_kiocb
aio: store event at final iocb_put()
Fix aio_poll() races
x86, retpolines: Raise limit for generating indirect calls from switch-case
x86/retpolines: Disable switch jump tables when retpolines are enabled
mm: Fix warning in insert_pfn()
x86/fpu: Don't export __kernel_fpu_{begin,end}()
ipv4: add sanity checks in ipv4_link_failure()
ipv4: set the tcp_min_rtt_wlen range from 0 to one day
mlxsw: spectrum: Fix autoneg status in ethtool
net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query
net: rds: exchange of 8K and 1M pool
net/rose: fix unbound loop in rose_loopback_timer()
net: stmmac: move stmmac_check_ether_addr() to driver probe
net/tls: fix refcount adjustment in fallback
stmmac: pci: Adjust IOT2000 matching
team: fix possible recursive locking when add slaves
net: hns: Fix WARNING when hns modules installed
mlxsw: pci: Reincrease PCI reset timeout
mlxsw: spectrum: Put MC TCs into DWRR mode
net/mlx5e: Fix the max MTU check in case of XDP
net/mlx5e: Fix use-after-free after xdp_return_frame
net/tls: avoid potential deadlock in tls_set_device_offload_rx()
net/tls: don't leak IV and record seq when offload fails
powerpc/fsl: Add FSL_PPC_BOOK3E as supported arch for nospectre_v2 boot arg
Linux 4.19.38
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
commit ae3d6a3233 upstream.
If CONFIG_TEST_KMOD is set to M, while CONFIG_BLOCK is not set, XFS and
BTRFS can not be compiled successly.
Link: http://lkml.kernel.org/r/20190410075434.35220-1-yuehaibing@huawei.com
Fixes: d9c6a72d6f ("kmod: add test driver to stress test the module loader")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reported-by: Hulk Robot <hulkci@huawei.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: Masahiro Yamada <yamada.masahiro@socionext.com>
Cc: Petr Mladek <pmladek@suse.com>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: Matthew Wilcox <willy@infradead.org>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly6xzUACgkQONu9yGCS
aT5sIA//b7nAk2zuhmbkonsBfzFq5uBJmqXcCrOgy3XHMs4fE+Q11kLd1wMAV7dx
U7FNHe4PIJ8Rczxgqr2VP3VmFbV6UuTK+UTclJKfbV3ouIAQiQBuutABBmbDUj2p
FInc/yAYyhVc9n7gX78czTiUxKnKi4+sisUYDCZPr3hr6jDPcLvm/WVWdyrcXJje
rYFNmE/2MBH1NofG+MOpq+ILhKHXlf2APN2/spl+I42a8bwodiSl9g+dhuWr7wgT
Ln2Ocf7BZ6BPCQKoveZdD1Gd56NNR/lJh4ulqpuhaZw4Yp+B/C7GmrBtdPzVSGka
IwPWoSc9/9VSUl+ooSZHms78VLbqq0rNNclskL2bN6m962u04Eu7sB2Tg/bwUs52
Wkcw0DY4J/oMJtj/CMHcQOUPsk6vwHxqnjsj+LYJ1ZjHO68tUshnENxXrbAoDc45
2fuY3TCA+XqFvqNt5HbkLPtFR78u8QmZ1lP/Pkri6xoG/GA6O0EAxhS0Z9hncGK7
8wJNuxLMd2UX94wlajQ+DF7yyCU4HOFEdeSEOwlHHBid/fckXsGzL2tKJUAbbUPP
ux3An8kJHni8nQrmUkyy1Nx29ROyAFxBLOQshWGpXgJrV3qRMYLyB2Icv0WYCGFk
zZCTupPgvb46u81VzqxrLH4RZdy4Ar4uB3BQGPKs596rlYmvnSo=
=CArs
-----END PGP SIGNATURE-----
Merge 4.19.36 into android-4.19
Changes in 4.19.36
ARC: u-boot args: check that magic number is correct
arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM
inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()
perf/core: Restore mmap record type correctly
ext4: avoid panic during forced reboot
ext4: add missing brelse() in add_new_gdb_meta_bg()
ext4: report real fs size after failed resize
ALSA: echoaudio: add a check for ioremap_nocache
ALSA: sb8: add a check for request_region
auxdisplay: hd44780: Fix memory leak on ->remove()
drm/udl: use drm_gem_object_put_unlocked.
IB/mlx4: Fix race condition between catas error reset and aliasguid flows
i40iw: Avoid panic when handling the inetdev event
mmc: davinci: remove extraneous __init annotation
ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration
thermal/intel_powerclamp: fix __percpu declaration of worker_data
thermal: samsung: Fix incorrect check after code merge
thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
thermal/int340x_thermal: Add additional UUIDs
thermal/int340x_thermal: fix mode setting
thermal/intel_powerclamp: fix truncated kthread name
scsi: iscsi: flush running unbind operations when removing a session
sched/cpufreq: Fix 32-bit math overflow
sched/core: Fix buffer overflow in cgroup2 property cpu.max
x86/mm: Don't leak kernel addresses
tools/power turbostat: return the exit status of a command
perf list: Don't forget to drop the reference to the allocated thread_map
perf config: Fix an error in the config template documentation
perf config: Fix a memory leak in collect_config()
perf build-id: Fix memory leak in print_sdt_events()
perf top: Fix error handling in cmd_top()
perf hist: Add missing map__put() in error case
perf evsel: Free evsel->counts in perf_evsel__exit()
perf tests: Fix a memory leak of cpu_map object in the openat_syscall_event_on_all_cpus test
perf tests: Fix memory leak by expr__find_other() in test__expr()
perf tests: Fix a memory leak in test__perf_evsel__tp_sched_test()
ACPI / utils: Drop reference in test for device presence
PM / Domains: Avoid a potential deadlock
blk-iolatency: #include "blk.h"
drm/exynos/mixer: fix MIXER shadow registry synchronisation code
irqchip/stm32: Don't clear rising/falling config registers at init
irqchip/mbigen: Don't clear eventid when freeing an MSI
x86/hpet: Prevent potential NULL pointer dereference
x86/hyperv: Prevent potential NULL pointer dereference
x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode processors
drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
iommu/vt-d: Check capability before disabling protected memory
x86/hw_breakpoints: Make default case in hw_breakpoint_arch_parse() return an error
fix incorrect error code mapping for OBJECTID_NOT_FOUND
x86/gart: Exclude GART aperture from kcore
ext4: prohibit fstrim in norecovery mode
drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up
gpio: pxa: handle corner case of unprobed device
rsi: improve kernel thread handling to fix kernel panic
f2fs: fix to avoid NULL pointer dereference on se->discard_map
9p: do not trust pdu content for stat item size
9p locks: add mount option for lock retry interval
ASoC: Fix UBSAN warning at snd_soc_get/put_volsw_sx()
f2fs: fix to do sanity check with current segment number
netfilter: xt_cgroup: shrink size of v2 path
serial: uartps: console_setup() can't be placed to init section
powerpc/pseries: Remove prrn_work workqueue
media: au0828: cannot kfree dev before usb disconnect
Bluetooth: Fix debugfs NULL pointer dereference
HID: i2c-hid: override HID descriptors for certain devices
pinctrl: core: make sure strcmp() doesn't get a null parameter
ARM: samsung: Limit SAMSUNG_PM_CHECK config option to non-Exynos platforms
usbip: fix vhci_hcd controller counting
ACPI / SBS: Fix GPE storm on recent MacBookPro's
HID: usbhid: Add quirk for Redragon/Dragonrise Seymur 2
KVM: nVMX: restore host state in nested_vmx_vmexit for VMFail
compiler.h: update definition of unreachable()
netfilter: nf_flow_table: remove flowtable hook flush routine in netns exit routine
f2fs: cleanup dirty pages if recover failed
net: stmmac: Set OWN bit for jumbo frames
cifs: fallback to older infolevels on findfirst queryinfo retry
kernel: hung_task.c: disable on suspend
platform/x86: Add Intel AtomISP2 dummy / power-management driver
drm/ttm: Fix bo_global and mem_global kfree error
ALSA: hda: fix front speakers on Huawei MBXP
ACPI: EC / PM: Disable non-wakeup GPEs for suspend-to-idle
net/rds: fix warn in rds_message_alloc_sgs
xfrm: destroy xfrm_state synchronously on net exit path
crypto: sha256/arm - fix crash bug in Thumb2 build
crypto: sha512/arm - fix crash bug in Thumb2 build
net: ip6_gre: fix possible NULL pointer dereference in ip6erspan_set_version
iommu/dmar: Fix buffer overflow during PCI bus notification
scsi: core: Avoid that system resume triggers a kernel warning
soc/tegra: pmc: Drop locking from tegra_powergate_is_powered()
lkdtm: Print real addresses
lkdtm: Add tests for NULL pointer dereference
drm/panel: panel-innolux: set display off in innolux_panel_unprepare
crypto: axis - fix for recursive locking from bottom half
Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
coresight: cpu-debug: Support for CA73 CPUs
PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX PCIe ports
drm/nouveau/volt/gf117: fix speedo readout register
ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
drm/amdkfd: use init_mqd function to allocate object for hid_mqd (CI)
appletalk: Fix use-after-free in atalk_proc_exit
lib/div64.c: off by one in shift
rxrpc: Fix client call connect/disconnect race
f2fs: fix to dirty inode for i_mode recovery
include/linux/swap.h: use offsetof() instead of custom __swapoffset macro
bpf: fix use after free in bpf_evict_inode
IB/hfi1: Failed to drain send queue when QP is put into error state
mm: hide incomplete nr_indirectly_reclaimable in /proc/zoneinfo
mm: hide incomplete nr_indirectly_reclaimable in sysfs
appletalk: Fix compile regression
Linux 4.19.36
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit cdc94a3749 ]
fls counts bits starting from 1 to 32 (returns 0 for zero argument). If
we add 1 we shift right one bit more and loose precision from divisor,
what cause function incorect results with some numbers.
Corrected code was tested in user-space, see bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=202391
Link: http://lkml.kernel.org/r/1548686944-11891-1-git-send-email-sgruszka@redhat.com
Fixes: 658716d19f ("div64_u64(): improve precision on 32bit platforms")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
Reported-by: Siarhei Volkau <lis8215@gmail.com>
Tested-by: Siarhei Volkau <lis8215@gmail.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly2yf8ACgkQONu9yGCS
aT5OkA/+Jf3UWnM8MdPoxVUROYg6WRSMThvuKkcspkvXxXqu7Z9a/+meqdIZ0NDr
j+RdhCfZf7RRNpTpYB9jMqXXuRFhVWniAVM3/me2LxFvwyKkNqURyIz9azh7T0VW
nDa2NDQ9C0IyLFLW4cyzZncrmWntgW5XKZfVot1TMNpryHB4FPsKP5rInDQpSNIu
bbJBWuZziUqdEnk3TWuqdQr4ZTXgnjYSBaTbOQBU3F6E88TRmFIatyYovLcJCQh5
jBmXV3U6mGPZe64I+JXj8dTp32WD74afMX1YSZmjdLL6KgbD9a4k47UzpXzEbKT8
uMG057zPiYcwOyMCFZOWsCYIH7Yr4oMIAzOEyYcDI1uCuKd4aESdpgiWfUWambR8
BJO5oGELzLArMVWusWK7xBfm+Et2ePOFWC7V9MRVVQJLdAWkEafYuLoPqrhhqxQX
Iu3ThoY3UmEoNqi1345gmxQBJfbOqdK7CwQGzKOtiPNs0nyMfg62B9Rcr9O+FE5A
+womRQF2Tik1cZhXxkJVSD4f+orL+xuOu59ufvMTBe4co9tPVFm9Qp6SeWoOVuwZ
l8SS7DD5wb7vzDUZOO4KmA7D6p3YQWdBvGeN6jKqjASIFS9t5Sb+fNiKznTo/WCT
1I68sLm7/rs95+WazKu66ewW8bh91VAo+Gmpfo5zEJjcfajnDxY=
=F1Te
-----END PGP SIGNATURE-----
Merge 4.19.35 into android-4.19
Changes in 4.19.35
kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT
drm/i915/gvt: do not let pin count of shadow mm go negative
powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
hv_netvsc: Fix unwanted wakeup after tx_disable
ibmvnic: Fix completion structure initialization
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ipv6: Fix dangling pointer when ipv6 fragment
ipv6: sit: reset ip header pointer in ipip6_rcv
kcm: switch order of device registration to fix a crash
net: ethtool: not call vzalloc for zero sized memory request
net-gro: Fix GRO flush when receiving a GSO packet.
net/mlx5: Decrease default mr cache size
netns: provide pure entropy for net_hash_mix()
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
net/sched: act_sample: fix divide by zero in the traffic path
net/sched: fix ->get helper of the matchall cls
openvswitch: fix flow actions reallocation
qmi_wwan: add Olicard 600
r8169: disable ASPM again
sctp: initialize _pad of sockaddr_in before copying to user memory
tcp: Ensure DCTCP reacts to losses
tcp: fix a potential NULL pointer dereference in tcp_sk_exit
vrf: check accept_source_route on the original netdevice
net/mlx5e: Fix error handling when refreshing TIRs
net/mlx5e: Add a lock on tir list
nfp: validate the return code from dev_queue_xmit()
nfp: disable netpoll on representors
bnxt_en: Improve RX consumer index validity check.
bnxt_en: Reset device on RX buffer errors.
net: ip_gre: fix possible use-after-free in erspan_rcv
net: ip6_gre: fix possible use-after-free in ip6erspan_rcv
net: core: netif_receive_skb_list: unlist skb before passing to pt->func
r8169: disable default rx interrupt coalescing on RTL8168
net: mlx5: Add a missing check on idr_find, free buf
net/mlx5e: Update xoff formula
net/mlx5e: Update xon formula
kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
x86/vdso: Drop implicit common-page-size linker flag
lib/string.c: implement a basic bcmp
Revert "clk: meson: clean-up clock registration"
netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr
netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too
arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
tty: mark Siemens R3964 line discipline as BROKEN
tty: ldisc: add sysctl to prevent autoloading of ldiscs
hwmon: (w83773g) Select REGMAP_I2C to fix build error
ACPICA: Clear status of GPEs before enabling them
ACPICA: Namespace: remove address node from global list after method termination
ALSA: seq: Fix OOB-reads from strlcpy
ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233
ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
ALSA: hda - Add two more machines to the power_save_blacklist
mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()
arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
parisc: Detect QEMU earlier in boot process
parisc: regs_return_value() should return gpr28
parisc: also set iaoq_b in instruction_pointer_set()
alarmtimer: Return correct remaining time
drm/i915/gvt: do not deliver a workload if its creation fails
drm/udl: add a release method and delay modeset teardown
kvm: svm: fix potential get_num_contig_pages overflow
include/linux/bitrev.h: fix constant bitrev
mm: writeback: use exact memcg dirty counts
ASoC: intel: Fix crash at suspend/resume after failed codec registration
ASoC: fsl_esai: fix channel swap issue when stream starts
Btrfs: do not allow trimming when a fs is mounted with the nologreplay option
btrfs: prop: fix zstd compression parameter validation
btrfs: prop: fix vanished compression property after failed set
riscv: Fix syscall_get_arguments() and syscall_set_arguments()
block: do not leak memory in bio_copy_user_iov()
block: fix the return errno for direct IO
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
virtio: Honour 'may_reduce_num' in vring_create_virtqueue
ARM: dts: rockchip: fix rk3288 cpu opp node reference
ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
ARM: dts: am335x-evm: Correct the regulators for the audio codec
ARM: dts: at91: Fix typo in ISC_D0 on PC9
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
arm64: dts: rockchip: fix rk3328 rgmii high tx error rate
arm64: backtrace: Don't bother trying to unwind the userspace stack
xen: Prevent buffer overflow in privcmd ioctl
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xtensa: fix return_address
x86/asm: Remove dead __GNUC__ conditionals
x86/asm: Use stricter assembly constraints in bitops
x86/perf/amd: Resolve race condition when disabling PMC
x86/perf/amd: Resolve NMI latency issues for active PMCs
x86/perf/amd: Remove need to check "running" bit in NMI handler
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
PCI: pciehp: Ignore Link State Changes after powering off a slot
dm integrity: change memcmp to strncmp in dm_integrity_ctr
dm: revert 8f50e35815 ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE")
dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors
dm integrity: fix deadlock with overlapping I/O
arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64
arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on rk3328-rock64
ACPICA: AML interpreter: add region addresses in global list during initialization
KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
KVM: x86: nVMX: fix x2APIC VTPR read intercept
Linux 4.19.35
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 5f074f3e19 ]
A recent optimization in Clang (r355672) lowers comparisons of the
return value of memcmp against zero to comparisons of the return value
of bcmp against zero. This helps some platforms that implement bcmp
more efficiently than memcmp. glibc simply aliases bcmp to memcmp, but
an optimized implementation is in the works.
This results in linkage failures for all targets with Clang due to the
undefined symbol. For now, just implement bcmp as a tailcail to memcmp
to unbreak the build. This routine can be further optimized in the
future.
Other ideas discussed:
* A weak alias was discussed, but breaks for architectures that define
their own implementations of memcmp since aliases to declarations are
not permitted (only definitions). Arch-specific memcmp
implementations typically declare memcmp in C headers, but implement
them in assembly.
* -ffreestanding also is used sporadically throughout the kernel.
* -fno-builtin-bcmp doesn't work when doing LTO.
Link: https://bugs.llvm.org/show_bug.cgi?id=41035
Link: https://code.woboq.org/userspace/glibc/string/memcmp.c.html#bcmp
Link: 8e16d73346
Link: https://github.com/ClangBuiltLinux/linux/issues/416
Link: http://lkml.kernel.org/r/20190313211335.165605-1-ndesaulniers@google.com
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Reported-by: Nathan Chancellor <natechancellor@gmail.com>
Reported-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Suggested-by: James Y Knight <jyknight@google.com>
Suggested-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Suggested-by: Nathan Chancellor <natechancellor@gmail.com>
Suggested-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Acked-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Reviewed-by: Nathan Chancellor <natechancellor@gmail.com>
Tested-by: Nathan Chancellor <natechancellor@gmail.com>
Reviewed-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Cc: David Laight <David.Laight@ACULAB.COM>
Cc: Rasmus Villemoes <linux@rasmusvillemoes.dk>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlynu40ACgkQONu9yGCS
aT5X6g//Wkfm/+qSZ0GhLDQkPniiH1QkvzhOmVrrxu+KB0qsiwsEl8Srw33ZVkJK
LT8+IPGiG9jEGu9dj+BYXTIfy9ZvfSsEL2N6GhYwDSXP0fok2rUaHbZvv1IB2g4W
afhGdNwNAUCJ/j1UrUsi+SAFJ+xWbVxFpGstd0cqM9IbKdEV7RIukvuKckHiKOKR
qI8FxC+G2PAr+BtnETfk5/suPDJ7B3ZicDoMhiWJGxJ6dfFTVmkSmasSoPDaMiHm
4S3hN2lu+WTeRpRPPB17Dlk4MmIp0k+bGYBKAlaxAMCc/RZxvbT2pRYaMQbId2/L
mNUfSnOQFGEAhlAPfb7wdbObphnyT34GhlkWfZBTrnhPO0/FomLOvU6xVdcNuakX
Tv2JKfDzb+2ttcMZ+0T84Ru9RztoswFATSw8uFMVxW8oTS6MVWnHu96Kxfl7QO3J
PdlIGcyqxSuWNE8OX1QVtdSruGZfwUDNs94S4nQJtkB8BViRwhGJlqaXuy4d9Wp6
fGlI2W6qhjyosi2wBSMTjh/ytk/jq0vfs+z2XjR2gAYssvB/SOLR/AlSVguWsDnf
WaoFBkXvCbuPvPlo0TrLpl5RW5WlOtLXHE3Vr3dKp458wLwpf/OZBGoZiknp7DrF
PzBZs2ie5tmyqTxbAygl7WkbQPJ682pd5R4nf5CY+zvUaOMZv1g=
=Iuup
-----END PGP SIGNATURE-----
Merge 4.19.34 into android-4.19
Changes in 4.19.34
arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals
ext4: cleanup bh release code in ext4_ind_remove_space()
tty/serial: atmel: Add is_half_duplex helper
tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped
CIFS: fix POSIX lock leak and invalid ptr deref
h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux-
f2fs: fix to adapt small inline xattr space in __find_inline_xattr()
f2fs: fix to avoid deadlock in f2fs_read_inline_dir()
tracing: kdb: Fix ftdump to not sleep
net/mlx5: Avoid panic when setting vport rate
net/mlx5: Avoid panic when setting vport mac, getting vport config
gpio: gpio-omap: fix level interrupt idling
include/linux/relay.h: fix percpu annotation in struct rchan
sysctl: handle overflow for file-max
net: stmmac: Avoid sometimes uninitialized Clang warnings
enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
libbpf: force fixdep compilation at the start of the build
scsi: hisi_sas: Set PHY linkrate when disconnected
scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO
iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver
x86/hyperv: Fix kernel panic when kexec on HyperV
perf c2c: Fix c2c report for empty numa node
mm/sparse: fix a bad comparison
mm/cma.c: cma_declare_contiguous: correct err handling
mm/page_ext.c: fix an imbalance with kmemleak
mm, swap: bounds check swap_info array accesses to avoid NULL derefs
mm,oom: don't kill global init via memory.oom.group
memcg: killed threads should not invoke memcg OOM killer
mm, mempolicy: fix uninit memory access
mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512!
mm/slab.c: kmemleak no scan alien caches
ocfs2: fix a panic problem caused by o2cb_ctl
f2fs: do not use mutex lock in atomic context
fs/file.c: initialize init_files.resize_wait
page_poison: play nicely with KASAN
cifs: use correct format characters
dm thin: add sanity checks to thin-pool and external snapshot creation
f2fs: fix to check inline_xattr_size boundary correctly
cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED
cifs: Fix NULL pointer dereference of devname
netfilter: nf_tables: check the result of dereferencing base_chain->stats
netfilter: conntrack: tcp: only close if RST matches exact sequence
jbd2: fix invalid descriptor block checksum
fs: fix guard_bio_eod to check for real EOD errors
tools lib traceevent: Fix buffer overflow in arg_eval
PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove()
wil6210: check null pointer in _wil_cfg80211_merge_extra_ies
mt76: fix a leaked reference by adding a missing of_node_put
crypto: crypto4xx - add missing of_node_put after of_device_is_available
crypto: cavium/zip - fix collision with generic cra_driver_name
usb: chipidea: Grab the (legacy) USB PHY by phandle first
powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables
scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
kbuild: invoke syncconfig if include/config/auto.conf.cmd is missing
powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc
coresight: etm4x: Add support to enable ETMv4.2
serial: 8250_pxa: honor the port number from devicetree
ARM: 8840/1: use a raw_spinlock_t in unwind
iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables
powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback
btrfs: qgroup: Make qgroup async transaction commit more aggressive
mmc: omap: fix the maximum timeout setting
net: dsa: mv88e6xxx: Add lockdep classes to fix false positive splat
e1000e: Fix -Wformat-truncation warnings
mlxsw: spectrum: Avoid -Wformat-truncation warnings
platform/x86: ideapad-laptop: Fix no_hw_rfkill_list for Lenovo RESCUER R720-15IKBN
platform/mellanox: mlxreg-hotplug: Fix KASAN warning
loop: set GENHD_FL_NO_PART_SCAN after blkdev_reread_part()
IB/mlx4: Increase the timeout for CM cache
clk: fractional-divider: check parent rate only if flag is set
perf annotate: Fix getting source line failure
ASoC: qcom: Fix of-node refcount unbalance in qcom_snd_parse_of()
cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies
efi: cper: Fix possible out-of-bounds access
s390/ism: ignore some errors during deregistration
scsi: megaraid_sas: return error when create DMA pool failed
scsi: fcoe: make use of fip_mode enum complete
drm/amd/display: Clear stream->mode_changed after commit
perf test: Fix failure of 'evsel-tp-sched' test on s390
mwifiex: don't advertise IBSS features without FW support
perf report: Don't shadow inlined symbol with different addr range
SoC: imx-sgtl5000: add missing put_device()
media: ov7740: fix runtime pm initialization
media: sh_veu: Correct return type for mem2mem buffer helpers
media: s5p-jpeg: Correct return type for mem2mem buffer helpers
media: rockchip/rga: Correct return type for mem2mem buffer helpers
media: s5p-g2d: Correct return type for mem2mem buffer helpers
media: mx2_emmaprp: Correct return type for mem2mem buffer helpers
media: mtk-jpeg: Correct return type for mem2mem buffer helpers
mt76: usb: do not run mt76u_queues_deinit twice
xen/gntdev: Do not destroy context while dma-bufs are in use
vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1
HID: intel-ish-hid: avoid binding wrong ishtp_cl_device
cgroup, rstat: Don't flush subtree root unless necessary
jbd2: fix race when writing superblock
leds: lp55xx: fix null deref on firmware load failure
perf report: Add s390 diagnosic sampling descriptor size
iwlwifi: pcie: fix emergency path
ACPI / video: Refactor and fix dmi_is_desktop()
selftests: skip seccomp get_metadata test if not real root
kprobes: Prohibit probing on bsearch()
kprobes: Prohibit probing on RCU debug routine
netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm
ARM: 8833/1: Ensure that NEON code always compiles with Clang
ARM: dts: meson8b: fix the Ethernet data line signals in eth_rgmii_pins
ALSA: PCM: check if ops are defined before suspending PCM
ath10k: fix shadow register implementation for WCN3990
usb: f_fs: Avoid crash due to out-of-scope stack ptr access
sched/topology: Fix percpu data types in struct sd_data & struct s_data
bcache: fix input overflow to cache set sysfs file io_error_halflife
bcache: fix input overflow to sequential_cutoff
bcache: fix potential div-zero error of writeback_rate_i_term_inverse
bcache: improve sysfs_strtoul_clamp()
genirq: Avoid summation loops for /proc/stat
net: marvell: mvpp2: fix stuck in-band SGMII negotiation
iw_cxgb4: fix srqidx leak during connection abort
net: phy: consider latched link-down status in polling mode
fbdev: fbmem: fix memory access if logo is bigger than the screen
cdrom: Fix race condition in cdrom_sysctl_register
drm: rcar-du: add missing of_node_put
drm/amd/display: Don't re-program planes for DPMS changes
drm/amd/display: Disconnect mpcc when changing tg
perf/aux: Make perf_event accessible to setup_aux()
e1000e: fix cyclic resets at link up with active tx
e1000e: Exclude device from suspend direct complete optimization
platform/x86: intel_pmc_core: Fix PCH IP sts reading
i2c: of: Try to find an I2C adapter matching the parent
staging: spi: mt7621: Add return code check on device_reset()
iwlwifi: mvm: fix RFH config command with >=10 CPUs
ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe
sched/debug: Initialize sd_sysctl_cpus if !CONFIG_CPUMASK_OFFSTACK
efi/memattr: Don't bail on zero VA if it equals the region's PA
sched/core: Use READ_ONCE()/WRITE_ONCE() in move_queued_task()/task_rq_lock()
drm/vkms: Bugfix extra vblank frame
ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation
efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted
soc: qcom: gsbi: Fix error handling in gsbi_probe()
mt7601u: bump supported EEPROM version
ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are really care of
ARM: avoid Cortex-A9 livelock on tight dmb loops
block, bfq: fix in-service-queue check for queue merging
bpf: fix missing prototype warnings
selftests/bpf: skip verifier tests for unsupported program types
powerpc/64s: Clear on-stack exception marker upon exception return
cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix the accounting
backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state
tty: increase the default flip buffer limit to 2*640K
powerpc/pseries: Perform full re-add of CPU for topology update post-migration
drm/amd/display: Enable vblank interrupt during CRC capture
ALSA: dice: add support for Solid State Logic Duende Classic/Mini
usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded
platform/x86: intel-hid: Missing power button release on some Dell models
perf script python: Use PyBytes for attr in trace-event-python
perf script python: Add trace_context extension module to sys.modules
media: mt9m111: set initial frame size other than 0x0
hwrng: virtio - Avoid repeated init of completion
soc/tegra: fuse: Fix illegal free of IO base address
HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit
f2fs: UBSAN: set boolean value iostat_enable correctly
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
cpu/hotplug: Mute hotplug lockdep during init
dmaengine: imx-dma: fix warning comparison of distinct pointer types
dmaengine: qcom_hidma: assign channel cookie correctly
dmaengine: qcom_hidma: initialize tx flags in hidma_prep_dma_*
netfilter: physdev: relax br_netfilter dependency
media: rcar-vin: Allow independent VIN link enablement
media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration
regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
pinctrl: meson: meson8b: add the eth_rxd2 and eth_rxd3 pins
drm: Auto-set allow_fb_modifiers when given modifiers at plane init
drm/nouveau: Stop using drm_crtc_force_disable
x86/build: Specify elf_i386 linker emulation explicitly for i386 objects
selinux: do not override context on context mounts
brcmfmac: Use firmware_request_nowarn for the clm_blob
wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
x86/build: Mark per-CPU symbols as absolute explicitly for LLD
drm/fb-helper: fix leaks in error path of drm_fb_helper_fbdev_setup
clk: meson: clean-up clock registration
clk: rockchip: fix frac settings of GPLL clock for rk3328
dmaengine: tegra: avoid overflow of byte tracking
Input: soc_button_array - fix mapping of the 5th GPIO in a PNP0C40 device
drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
net: stmmac: Avoid one more sometimes uninitialized Clang warning
ACPI / video: Extend chassis-type detection with a "Lunch Box" check
bcache: fix potential div-zero error of writeback_rate_p_term_inverse
kprobes/x86: Blacklist non-attachable interrupt functions
Linux 4.19.34
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit de9c0d49d8 ]
While building arm32 allyesconfig, I ran into the following errors:
arch/arm/lib/xor-neon.c:17:2: error: You should compile this file with
'-mfloat-abi=softfp -mfpu=neon'
In file included from lib/raid6/neon1.c:27:
/home/nathan/cbl/prebuilt/lib/clang/8.0.0/include/arm_neon.h:28:2:
error: "NEON support not enabled"
Building V=1 showed NEON_FLAGS getting passed along to Clang but
__ARM_NEON__ was not getting defined. Ultimately, it boils down to Clang
only defining __ARM_NEON__ when targeting armv7, rather than armv6k,
which is the '-march' value for allyesconfig.
>From lib/Basic/Targets/ARM.cpp in the Clang source:
// This only gets set when Neon instructions are actually available, unlike
// the VFP define, hence the soft float and arch check. This is subtly
// different from gcc, we follow the intent which was that it should be set
// when Neon instructions are actually available.
if ((FPU & NeonFPU) && !SoftFloat && ArchVersion >= 7) {
Builder.defineMacro("__ARM_NEON", "1");
Builder.defineMacro("__ARM_NEON__");
// current AArch32 NEON implementations do not support double-precision
// floating-point even when it is present in VFP.
Builder.defineMacro("__ARM_NEON_FP",
"0x" + Twine::utohexstr(HW_FP & ~HW_FP_DP));
}
Ard Biesheuvel recommended explicitly adding '-march=armv7-a' at the
beginning of the NEON_FLAGS definitions so that __ARM_NEON__ always gets
definined by Clang. This doesn't functionally change anything because
that code will only run where NEON is supported, which is implicitly
armv7.
Link: https://github.com/ClangBuiltLinux/linux/issues/287
Suggested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Nathan Chancellor <natechancellor@gmail.com>
Acked-by: Nicolas Pitre <nico@linaro.org>
Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
Reviewed-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlykNfcACgkQONu9yGCS
aT40dRAAiCeYjEC1zH8dkAnbFlKo6IZuhKgISfVTgrWlRe9nUTYaenBXqAfGjufH
EzXHrD1IANRAnFfWg8xt01TNBfTaiEYnYzFmJkWAHFWGKxa5fRU5Kan0MB97r8s9
NjoSRsnFl8l2oJI88zwFa7k89Itop9ST/zvZIgnrysAr+j8yEZb7BZWaU2UrKK/q
qfnJxjfCb/jeqAxwVh3OkasXj0gG2JkGR/uEGTw2EARuI6pvKo5OCzYz0tXTN6ZJ
CSzM4X7dhkGSgLIUw3JOCB28riK9TYbOdPr4MFYMrnoU5VL8+n62tXoKXewobJ1C
2+Pmg5E54r13Rr35eoGCiHsW2LGQrOyvm8S9TFB/0SmTPtzUjFlHBC62Vs/AW5ut
HSmwVy+ILM/xTIdts5QT58Gw+5NCmHxw2oEdrgcct+6FtnR9XPOqZYyzH1tw1ZB+
DL2PqYyT9czuo2bKanWA37M8339q2INDFskXqKRokQ9GNiqUx1E6fNBqtK5SqyDI
CdohtAs7xSQoPPbKDiITOmt82MM8xvefKmqTIvHN5B7Ns4lT1QC74DCXEFEKtw6M
l+p64h6Qw4DiKmqna7fsbKPjmg8pg1lVrCOwD5iUF3JXy+Wxi/OKnr2gqAVMChAq
GSfFFf+MMZhYzJPRQKxOn4GwDBDz5niaWvQmlPcPWLJ5jdbzl+Y=
=Yyc/
-----END PGP SIGNATURE-----
Merge 4.19.33 into android-4.19
Changes in 4.19.33
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
ipmi_si: Fix crash when using hard-coded device
dccp: do not use ipv6 header for ipv4 flow
genetlink: Fix a memory leak on error path
gtp: change NET_UDP_TUNNEL dependency to select
ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL
mac8390: Fix mmio access size probe
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
net: aquantia: fix rx checksum offload for UDP/TCP over IPv6
net: datagram: fix unbounded loop in __skb_try_recv_datagram()
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
net: phy: meson-gxl: fix interrupt support
net: rose: fix a possible stack overflow
net: stmmac: fix memory corruption with large MTUs
net-sysfs: call dev_hold if kobject_init_and_add success
packets: Always register packet sk in the same order
rhashtable: Still do rehash when we get EEXIST
sctp: get sctphdr by offset in sctp_compute_cksum
sctp: use memdup_user instead of vmemdup_user
tcp: do not use ipv6 header for ipv4 flow
tipc: allow service ranges to be connect()'ed on RDM/DGRAM
tipc: change to check tipc_own_id to return in tipc_net_stop
tipc: fix cancellation of topology subscriptions
tun: properly test for IFF_UP
vrf: prevent adding upper devices
vxlan: Don't call gro_cells_destroy() before device is unregistered
ila: Fix rhashtable walker list corruption
net: sched: fix cleanup NULL pointer exception in act_mirr
thunderx: enable page recycling for non-XDP case
thunderx: eliminate extra calls to put_page() for pages held for recycling
tun: add a missing rcu_read_unlock() in error path
powerpc/fsl: Add infrastructure to fixup branch predictor flush
powerpc/fsl: Add macro to flush the branch predictor
powerpc/fsl: Emulate SPRN_BUCSR register
powerpc/fsl: Add nospectre_v2 command line argument
powerpc/fsl: Flush the branch predictor at each kernel entry (64bit)
powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit)
powerpc/fsl: Flush branch predictor when entering KVM
powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used
powerpc/fsl: Update Spectre v2 reporting
powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup'
powerpc/fsl: Fix the flush of branch predictor.
powerpc/security: Fix spectre_v2 reporting
Btrfs: fix incorrect file size after shrinking truncate and fsync
btrfs: remove WARN_ON in log_dir_items
btrfs: don't report readahead errors and don't update statistics
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size
Btrfs: fix assertion failure on fsync with NO_HOLES enabled
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
powerpc: bpf: Fix generation of load/store DW instructions
vfio: ccw: only free cp on final interrupt
NFS: fix mount/umount race in nlmclnt.
NFSv4.1 don't free interrupted slot on open
net: dsa: qca8k: remove leftover phy accessors
ALSA: rawmidi: Fix potential Spectre v1 vulnerability
ALSA: seq: oss: Fix Spectre v1 vulnerability
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: pcm: Don't suspend stream in unrecoverable PCM state
ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB
ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286
ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286
ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic
ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256
ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256
ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK with ALC256
ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500 Ryzen laptops
kbuild: modversions: Fix relative CRC byte order interpretation
fs/open.c: allow opening only regular files during execve()
ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock
scsi: sd: Fix a race between closing an sd device and sd I/O
scsi: sd: Quiesce warning if device does not report optimal I/O size
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
drm/rockchip: vop: reset scale mode when win is disabled
tty: mxs-auart: fix a potential NULL pointer dereference
tty: atmel_serial: fix a potential NULL pointer dereference
tty: serial: qcom_geni_serial: Initialize baud in qcom_geni_console_setup
staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest
staging: speakup_soft: Fix alternate speech with other synths
staging: vt6655: Remove vif check from vnt_interrupt
staging: vt6655: Fix interrupt race condition on device start up.
staging: erofs: fix to handle error path of erofs_vmap()
serial: max310x: Fix to avoid potential NULL pointer dereference
serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
USB: serial: cp210x: add new device id
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: option: add support for Quectel EM12
USB: serial: option: add Olicard 600
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
drm/vgem: fix use-after-free when drm_gem_handle_create() fails
drm/vkms: fix use-after-free when drm_gem_handle_create() fails
drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check
gpio: exar: add a check for the return value of ida_simple_get fails
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs
usb: mtu3: fix EXTCON dependency
USB: gadget: f_hid: fix deadlock in f_hidg_write()
usb: common: Consider only available nodes for dr_mode
usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk
xhci: Fix port resume done detection for SS ports with LPM enabled
usb: xhci: dbc: Don't free all memory with spinlock held
xhci: Don't let USB3 ports stuck in polling state prevent suspend
usb: cdc-acm: fix race during wakeup blocking TX traffic
mm: add support for kmem caches in DMA32 zone
iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve debugging
mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified
mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate
perf pmu: Fix parser error for uncore event alias
perf intel-pt: Fix TSC slip
objtool: Query pkg-config for libelf location
powerpc/pseries/energy: Use OF accessor functions to read ibm,drc-indexes
powerpc/64: Fix memcmp reading past the end of src/dest
watchdog: Respect watchdog cpumask on CPU hotplug
cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
KVM: Reject device ioctls from processes other than the VM's creator
KVM: x86: update %rip after emulating IO
KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts
staging: erofs: fix error handling when failed to read compresssed data
staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir()
bpf: do not restore dst_reg when cur_state is freed
drivers: base: Helpers for adding device connection descriptions
platform: x86: intel_cht_int33fe: Register all connections at once
platform: x86: intel_cht_int33fe: Add connection for the DP alt mode
platform: x86: intel_cht_int33fe: Add connections for the USB Type-C port
usb: typec: class: Don't use port parent for getting mux handles
platform: x86: intel_cht_int33fe: Remove the old connections for the muxes
Linux 4.19.33
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit 408f13ef35 ]
As it stands if a shrink is delayed because of an outstanding
rehash, we will go into a rescheduling loop without ever doing
the rehash.
This patch fixes this by still carrying out the rehash and then
rescheduling so that we can shrink after the completion of the
rehash should it still be necessary.
The return value of EEXIST captures this case and other cases
(e.g., another thread expanded/rehashed the table at the same
time) where we should still proceed with the rehash.
Fixes: da20420f83 ("rhashtable: Add nested tables")
Reported-by: Josh Elsasser <jelsasser@appneta.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Tested-by: Josh Elsasser <jelsasser@appneta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyWhJcACgkQONu9yGCS
aT6XzxAAzP2QGzC4SVPgcFH1woF/d8Cz0zQ81mLXzjXtEPm39fZCM2hbBnxkXLu1
peFyrKNk6/c9541D9gsQCQT6Fu+H6u1bJKcIezlKJ2xyB/MsU1hXkjZrTJYW3RRs
gimy1EGdood2el1ubEBZiaspazoeRzBqtg1Nsmr4V0l+RT8HwtKKw+0+Nxixfp59
NoVkqTpPI5mL0FiH2R9ogcfg3SvgMZOsOhOBjdPvSjiJJsbvIWcW48MCs95XSUpF
R+l/fWn+oiFCcIqBaFheujuqZMvVrUHZHaWAPMuoR/c3Cdf0lTBokdv6UM9c0nv3
61jX5r5ImRI/dfQANN5mbB1YKcs5xOI+I7QZHQ2q4clsWrWyLapXW4clrAZJ6z5t
UVeVbuLV2y5PL9GJyBcXpyY0BOf4e2gZURaPY3C5McNwgybNoiR0ZePqKb8ZhZyh
jYOYRoBjJJpZoVTSt6MNX95NTvGaSAtqKMu1s3IeMfpwCfQKBPMOuBHr/dUqSC6I
U0xxjk/71C15dSPVcTVJT/lmcKc6TXgoagnfbn8GBtDOAjBNsYyUJLQI+db1ERCe
9MEB9k1Z87ROQ5jQCQmWsewOVAtFZBEvSszFmpKv3zTe8M2oFpXG56zckdiumwHU
nSfeZTTeWzsFJd30MioEnGYm3ZwKwZx7wi0x4B4WWvBfSpp20Us=
=xtLx
-----END PGP SIGNATURE-----
Merge 4.19.31 into android-4.19
Changes in 4.19.31
media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
9p: use inode->i_lock to protect i_size_write() under 32-bit
9p/net: fix memory leak in p9_client_create
ASoC: fsl_esai: fix register setting issue in RIGHT_J mode
ASoC: codecs: pcm186x: fix wrong usage of DECLARE_TLV_DB_SCALE()
ASoC: codecs: pcm186x: Fix energysense SLEEP bit
iio: adc: exynos-adc: Fix NULL pointer exception on unbind
mei: hbm: clean the feature flags on link reset
mei: bus: move hw module get/put to probe/release
stm class: Fix an endless loop in channel allocation
crypto: caam - fix hash context DMA unmap size
crypto: ccree - fix missing break in switch statement
crypto: caam - fixed handling of sg list
crypto: caam - fix DMA mapping of stack memory
crypto: ccree - fix free of unallocated mlli buffer
crypto: ccree - unmap buffer before copying IV
crypto: ccree - don't copy zero size ciphertext
crypto: cfb - add missing 'chunksize' property
crypto: cfb - remove bogus memcpy() with src == dest
crypto: ahash - fix another early termination in hash walk
crypto: rockchip - fix scatterlist nents error
crypto: rockchip - update new iv to device in multiple operations
drm/imx: ignore plane updates on disabled crtcs
gpu: ipu-v3: Fix i.MX51 CSI control registers offset
drm/imx: imx-ldb: add missing of_node_puts
gpu: ipu-v3: Fix CSI offsets for imx53
ASoC: rt5682: Correct the setting while select ASRC clk for AD/DA filter
clocksource: timer-ti-dm: Fix pwm dmtimer usage of fck reparenting
KVM: arm/arm64: vgic: Make vgic_dist->lpi_list_lock a raw_spinlock
arm64: dts: rockchip: fix graph_port warning on rk3399 bob kevin and excavator
s390/dasd: fix using offset into zero size array error
Input: pwm-vibra - prevent unbalanced regulator
Input: pwm-vibra - stop regulator after disabling pwm, not before
ARM: dts: Configure clock parent for pwm vibra
ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized
ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables
ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check
KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded
arm/arm64: KVM: Allow a VCPU to fully reset itself
arm/arm64: KVM: Don't panic on failure to properly reset system registers
KVM: arm/arm64: vgic: Always initialize the group of private IRQs
KVM: arm64: Forbid kprobing of the VHE world-switch code
ASoC: samsung: Prevent clk_get_rate() calls in atomic context
ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug
Input: cap11xx - switch to using set_brightness_blocking()
Input: ps2-gpio - flush TX work when closing port
Input: matrix_keypad - use flush_delayed_work()
mac80211: call drv_ibss_join() on restart
mac80211: Fix Tx aggregation session tear down with ITXQs
netfilter: compat: initialize all fields in xt_init
blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue
ipvs: fix dependency on nf_defrag_ipv6
floppy: check_events callback should not return a negative number
xprtrdma: Make sure Send CQ is allocated on an existing compvec
NFS: Don't use page_file_mapping after removing the page
mm/gup: fix gup_pmd_range() for dax
Revert "mm: use early_pfn_to_nid in page_ext_init"
scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd
net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()
x86/CPU: Add Icelake model number
mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs
net: hns: Fix object reference leaks in hns_dsaf_roce_reset()
i2c: cadence: Fix the hold bit setting
i2c: bcm2835: Clear current buffer pointers and counts after a transfer
auxdisplay: ht16k33: fix potential user-after-free on module unload
Input: st-keyscan - fix potential zalloc NULL dereference
clk: sunxi-ng: v3s: Fix TCON reset de-assert bit
kallsyms: Handle too long symbols in kallsyms.c
clk: sunxi: A31: Fix wrong AHB gate number
esp: Skip TX bytes accounting when sending from a request socket
ARM: 8824/1: fix a migrating irq bug when hotplug cpu
bpf: only adjust gso_size on bytestream protocols
bpf: fix lockdep false positive in stackmap
af_key: unconditionally clone on broadcast
ARM: 8835/1: dma-mapping: Clear DMA ops on teardown
assoc_array: Fix shortcut creation
keys: Fix dependency loop between construction record and auth key
scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task
net: systemport: Fix reception of BPDUs
net: dsa: bcm_sf2: Do not assume DSA master supports WoL
pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins
qmi_wwan: apply SET_DTR quirk to Sierra WP7607
net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe()
xfrm: Fix inbound traffic via XFRM interfaces across network namespaces
mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue
ASoC: topology: free created components in tplg load error
qed: Fix iWARP buffer size provided for syn packet processing.
qed: Fix iWARP syn packet mac address validation.
ARM: dts: armada-xp: fix Armada XP boards NAND description
arm64: Relax GIC version check during early boot
ARM: tegra: Restore DT ABI on Tegra124 Chromebooks
net: marvell: mvneta: fix DMA debug warning
mm: handle lru_add_drain_all for UP properly
tmpfs: fix link accounting when a tmpfile is linked in
ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN
ARCv2: lib: memcpy: fix doing prefetchw outside of buffer
ARC: uacces: remove lp_start, lp_end from clobber list
ARCv2: support manual regfile save on interrupts
ARCv2: don't assume core 0x54 has dual issue
phonet: fix building with clang
mac80211_hwsim: propagate genlmsg_reply return code
bpf, lpm: fix lookup bug in map_delete_elem
net: thunderx: make CFG_DONE message to run through generic send-ack sequence
net: thunderx: add nicvf_send_msg_to_pf result check for set_rx_mode_task
nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K
nfp: bpf: fix ALU32 high bits clearance bug
bnxt_en: Fix typo in firmware message timeout logic.
bnxt_en: Wait longer for the firmware message response to complete.
net: set static variable an initial value in atl2_probe()
selftests: fib_tests: sleep after changing carrier. again.
tmpfs: fix uninitialized return value in shmem_link
stm class: Prevent division by zero
nfit: acpi_nfit_ctl(): Check out_obj->type in the right place
acpi/nfit: Fix bus command validation
nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot
nfit/ars: Attempt short-ARS even in the no_init_ars case
libnvdimm/label: Clear 'updating' flag after label-set update
libnvdimm, pfn: Fix over-trim in trim_pfn_device()
libnvdimm/pmem: Honor force_raw for legacy pmem regions
libnvdimm: Fix altmap reservation size calculation
fix cgroup_do_mount() handling of failure exits
crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: aegis - fix handling chunked inputs
crypto: arm/crct10dif - revert to C code for short inputs
crypto: arm64/aes-neonbs - fix returning final keystream block
crypto: arm64/crct10dif - revert to C code for short inputs
crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: morus - fix handling chunked inputs
crypto: pcbc - remove bogus memcpy()s with src == dest
crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
crypto: testmgr - skip crc32c context test for ahash algorithms
crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP
crypto: x86/aesni-gcm - fix crash on empty plaintext
crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP
crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling
crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine
CIFS: Do not reset lease state to NONE on lease break
CIFS: Do not skip SMB2 message IDs on send failures
CIFS: Fix read after write for files with read caching
tracing: Use strncpy instead of memcpy for string keys in hist triggers
tracing: Do not free iter->trace in fail path of tracing_open_pipe()
tracing/perf: Use strndup_user() instead of buggy open-coded version
xen: fix dom0 boot on huge systems
ACPI / device_sysfs: Avoid OF modalias creation for removed device
mmc: sdhci-esdhc-imx: fix HS400 timing issue
mmc:fix a bug when max_discard is 0
netfilter: ipt_CLUSTERIP: fix warning unused variable cn
spi: ti-qspi: Fix mmap read when more than one CS in use
spi: pxa2xx: Setup maximum supported DMA transfer length
regulator: s2mps11: Fix steps for buck7, buck8 and LDO35
regulator: max77620: Initialize values for DT properties
regulator: s2mpa01: Fix step values for some LDOs
clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR
clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown
clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer instability
s390/setup: fix early warning messages
s390/virtio: handle find on invalid queue gracefully
scsi: virtio_scsi: don't send sc payload with tmfs
scsi: aacraid: Fix performance issue on logical drives
scsi: sd: Optimal I/O size should be a multiple of physical block size
scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock
scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware
fs/devpts: always delete dcache dentry-s in dput()
splice: don't merge into linked buffers
ovl: During copy up, first copy up data and then xattrs
ovl: Do not lose security.capability xattr over metadata file copy-up
m68k: Add -ffreestanding to CFLAGS
Btrfs: setup a nofs context for memory allocation at btrfs_create_tree()
Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl
btrfs: ensure that a DUP or RAID1 block group has exactly two stripes
Btrfs: fix corruption reading shared and compressed extents after hole punching
soc: qcom: rpmh: Avoid accessing freed memory from batch API
libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer
irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table
irqchip/brcmstb-l2: Use _irqsave locking variants in non-interrupt code
x86/kprobes: Prohibit probing on optprobe template code
cpufreq: kryo: Release OPP tables on module removal
cpufreq: tegra124: add missing of_node_put()
cpufreq: pxa2xx: remove incorrect __init annotation
ext4: fix check of inode in swap_inode_boot_loader
ext4: cleanup pagecache before swap i_data
ext4: update quota information while swapping boot loader inode
ext4: add mask of ext4 flags to swap
ext4: fix crash during online resizing
PCI/ASPM: Use LTR if already enabled by platform
PCI/DPC: Fix print AER status in DPC event handling
PCI: dwc: skip MSI init if MSIs have been explicitly disabled
IB/hfi1: Close race condition on user context disable and close
cxl: Wrap iterations over afu slices inside 'afu_list_lock'
ext2: Fix underflow in ext2_max_size()
clk: uniphier: Fix update register for CPU-gear
clk: clk-twl6040: Fix imprecise external abort for pdmclk
clk: samsung: exynos5: Fix possible NULL pointer exception on platform_device_alloc() failure
clk: samsung: exynos5: Fix kfree() of const memory on setting driver_override
clk: ingenic: Fix round_rate misbehaving with non-integer dividers
clk: ingenic: Fix doc of ingenic_cgu_div_info
usb: chipidea: tegra: Fix missed ci_hdrc_remove_device()
usb: typec: tps6598x: handle block writes separately with plain-I2C adapters
dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit
mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
mm/vmalloc: fix size check for remap_vmalloc_range_partial()
mm/memory.c: do_fault: avoid usage of stale vm_area_struct
kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv
device property: Fix the length used in PROPERTY_ENTRY_STRING()
intel_th: Don't reference unassigned outputs
parport_pc: fix find_superio io compare code, should use equal test.
i2c: tegra: fix maximum transfer size
media: i2c: ov5640: Fix post-reset delay
gpio: pca953x: Fix dereference of irq data in shutdown
can: flexcan: FLEXCAN_IFLAG_MB: add () around macro argument
drm/i915: Relax mmap VMA check
bpf: only test gso type on gso packets
serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO
serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart
serial: 8250_pci: Fix number of ports for ACCES serial cards
serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup()
jbd2: clear dirty flag when revoking a buffer from an older transaction
jbd2: fix compile warning when using JBUFFER_TRACE
selinux: add the missing walk_size + len check in selinux_sctp_bind_connect
security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock
powerpc/32: Clear on-stack exception marker upon exception return
powerpc/wii: properly disable use of BATs when requested.
powerpc/powernv: Make opal log only readable by root
powerpc/83xx: Also save/restore SPRG4-7 during suspend
powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit
powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest
powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning
powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration
powerpc/traps: fix recoverability of machine check handling on book3s/32
powerpc/traps: Fix the message printed when stack overflows
ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify
arm64: Fix HCR.TGE status for NMI contexts
arm64: debug: Ensure debug handlers check triggering exception level
arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2
ipmi_si: fix use-after-free of resource->name
dm: fix to_sector() for 32bit
dm integrity: limit the rate of error messages
mfd: sm501: Fix potential NULL pointer dereference
cpcap-charger: generate events for userspace
NFS: Fix I/O request leakages
NFS: Fix an I/O request leakage in nfs_do_recoalesce
NFS: Don't recoalesce on error in nfs_pageio_complete_mirror()
nfsd: fix performance-limiting session calculation
nfsd: fix memory corruption caused by readdir
nfsd: fix wrong check in write_v4_end_grace()
NFSv4.1: Reinitialise sequence results before retransmitting a request
svcrpc: fix UDP on servers with lots of threads
PM / wakeup: Rework wakeup source timer cancellation
bcache: never writeback a discard operation
stable-kernel-rules.rst: add link to networking patch queue
vt: perform safe console erase in the right order
x86/unwind/orc: Fix ORC unwind table alignment
perf intel-pt: Fix CYC timestamp calculation after OVF
perf tools: Fix split_kallsyms_for_kcore() for trampoline symbols
perf auxtrace: Define auxtrace record alignment
perf intel-pt: Fix overlap calculation for padding
perf/x86/intel/uncore: Fix client IMC events return huge result
perf intel-pt: Fix divide by zero when TSC is not available
md: Fix failed allocation of md_register_thread
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
tpm: Unify the send callback behaviour
rcu: Do RCU GP kthread self-wakeup from softirq and interrupt
media: imx: prpencvf: Stop upstream before disabling IDMA channel
media: lgdt330x: fix lock status reporting
media: uvcvideo: Avoid NULL pointer dereference at the end of streaming
media: vimc: Add vimc-streamer for stream control
media: imx: csi: Disable CSI immediately after last EOF
media: imx: csi: Stop upstream before disabling IDMA channel
drm/fb-helper: generic: Fix drm_fbdev_client_restore()
drm/radeon/evergreen_cs: fix missing break in switch statement
drm/amd/powerplay: correct power reading on fiji
drm/amd/display: don't call dm_pp_ function from an fpu block
KVM: Call kvm_arch_memslots_updated() before updating memslots
KVM: x86/mmu: Detect MMIO generation wrap in any address space
KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux
KVM: nVMX: Sign extend displacements of VMX instr's mem operands
KVM: nVMX: Apply addr size mask to effective address for VMX instructions
KVM: nVMX: Ignore limit checks on VMX instructions using flat segments
bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata
s390/setup: fix boot crash for machine without EDAT-1
Linux 4.19.31
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit bb2ba2d75a ]
Fix the creation of shortcuts for which the length of the index key value
is an exact multiple of the machine word size. The problem is that the
code that blanks off the unused bits of the shortcut value malfunctions if
the number of bits in the last word equals machine word size. This is due
to the "<<" operator being given a shift of zero in this case, and so the
mask that should be all zeros is all ones instead. This causes the
subsequent masking operation to clear everything rather than clearing
nothing.
Ordinarily, the presence of the hash at the beginning of the tree index key
makes the issue very hard to test for, but in this case, it was encountered
due to a development mistake that caused the hash output to be either 0
(keyring) or 1 (non-keyring) only. This made it susceptible to the
keyctl/unlink/valid test in the keyutils package.
The fix is simply to skip the blanking if the shift would be 0. For
example, an index key that is 64 bits long would produce a 0 shift and thus
a 'blank' of all 1s. This would then be inverted and AND'd onto the
index_key, incorrectly clearing the entire last word.
Fixes: 3cb989501c ("Add a generic associative array implementation.")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyJb/EACgkQONu9yGCS
aT4y0g//b9t9/onhTaXcY/ByPmBAwqNgugi7eYcZqGDBp7aCDOBLF6eOwbhdvvuS
ZTaZ5eWG3Twz3mZu9vveuskgMci2npDyLPgqBWGzW+Ef5r/xPd40diaI75ZUc68T
gimWbQ0VANuXKklK6LysBUaVQWE3ilIy6qnnpj0DI3ipNDoE62Ry1LNthuKy+73J
w6r7uwkb6X/CkXpNB/L4cDdpSy/CvhGQhd6p91lBuE4DfyPqEzslYCokD9aPXp9b
Fedt/Re+8eULBNcgqPYxkS5pBrbHtqrGf00AMlzC8DkC+GZyDqSP2xjv6AiTfGJd
uf0/Jvsv2OBnP4aYsbk+uB2z3plzPBgmXxa/1bm+yrGCMvbpi9mMx75HM2joAeVp
tVN4ZN65kNgJkXCchJTHdQ3s6teOD8Par1czy570HyKBU6l1j3AGArGm+b4WGPWx
dL+82coojMKxKNdTHfxUXES6QGKp716r3un6mCrKR0xET/SDayzDQMaSM8UOtArK
ELzNeKzKTc5oBx6i+JfGmY8ZsedpNGCIPpsiuoSYAaon5ZzNbruzOAlDOThs157d
YezDHZ9XMrx3kN/xYnqZD63x/5egq9REbZGWljeykbNkWcEY74jIkKwNLxqv3P64
JsLp60owvjzwtzKycjZogNU//GGNTBdb+6pESq4MxJpPTteFWnc=
=n9iV
-----END PGP SIGNATURE-----
Merge 4.19.29 into android-4.19
Changes in 4.19.29
media: uvcvideo: Fix 'type' check leading to overflow
vti4: Fix a ipip packet processing bug in 'IPCOMP' virtual tunnel
perf script: Fix crash with printing mixed trace point and other events
perf core: Fix perf_proc_update_handler() bug
perf tools: Handle TOPOLOGY headers with no CPU
perf script: Fix crash when processing recorded stat data
IB/{hfi1, qib}: Fix WC.byte_len calculation for UD_SEND_WITH_IMM
iommu/amd: Call free_iova_fast with pfn in map_sg
iommu/amd: Unmap all mapped pages in error path of map_sg
riscv: fixup max_low_pfn with PFN_DOWN.
ipvs: Fix signed integer overflow when setsockopt timeout
iommu/amd: Fix IOMMU page flush when detach device from a domain
clk: ti: Fix error handling in ti_clk_parse_divider_data()
clk: qcom: gcc: Use active only source for CPUSS clocks
xtensa: SMP: fix ccount_timer_shutdown
riscv: Adjust mmap base address at a third of task size
IB/ipoib: Fix for use-after-free in ipoib_cm_tx_start
selftests: cpu-hotplug: fix case where CPUs offline > CPUs present
xtensa: SMP: fix secondary CPU initialization
xtensa: smp_lx200_defconfig: fix vectors clash
xtensa: SMP: mark each possible CPU as present
iomap: get/put the page in iomap_page_create/release()
iomap: fix a use after free in iomap_dio_rw
xtensa: SMP: limit number of possible CPUs by NR_CPUS
net: altera_tse: fix msgdma_tx_completion on non-zero fill_level case
net: hns: Fix for missing of_node_put() after of_parse_phandle()
net: hns: Restart autoneg need return failed when autoneg off
net: hns: Fix wrong read accesses via Clause 45 MDIO protocol
net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
netfilter: ebtables: compat: un-break 32bit setsockopt when no rules are present
gpio: vf610: Mask all GPIO interrupts
selftests: net: use LDLIBS instead of LDFLAGS
selftests: timers: use LDLIBS instead of LDFLAGS
nfs: Fix NULL pointer dereference of dev_name
qed: Fix bug in tx promiscuous mode settings
qed: Fix LACP pdu drops for VFs
qed: Fix VF probe failure while FLR
qed: Fix system crash in ll2 xmit
qed: Fix stack out of bounds bug
scsi: libfc: free skb when receiving invalid flogi resp
scsi: scsi_debug: fix write_same with virtual_gb problem
scsi: bnx2fc: Fix error handling in probe()
scsi: 53c700: pass correct "dev" to dma_alloc_attrs()
platform/x86: Fix unmet dependency warning for ACPI_CMPC
platform/x86: Fix unmet dependency warning for SAMSUNG_Q10
net: macb: Apply RXUBR workaround only to versions with errata
x86/boot/compressed/64: Set EFER.LME=1 in 32-bit trampoline before returning to long mode
cifs: fix computation for MAX_SMB2_HDR_SIZE
x86/microcode/amd: Don't falsely trick the late loading mechanism
arm64: kprobe: Always blacklist the KVM world-switch code
apparmor: Fix aa_label_build() error handling for failed merges
x86/kexec: Don't setup EFI info if EFI runtime is not enabled
proc: fix /proc/net/* after setns(2)
x86_64: increase stack size for KASAN_EXTRA
mm, memory_hotplug: is_mem_section_removable do not pass the end of a zone
mm, memory_hotplug: test_pages_in_a_zone do not pass the end of zone
lib/test_kmod.c: potential double free in error handling
fs/drop_caches.c: avoid softlockups in drop_pagecache_sb()
autofs: drop dentry reference only when it is never used
autofs: fix error return in autofs_fill_super()
mm, memory_hotplug: fix off-by-one in is_pageblock_removable
ARM: OMAP: dts: N950/N9: fix onenand timings
ARM: dts: omap4-droid4: Fix typo in cpcap IRQ flags
ARM: dts: sun8i: h3: Add ethernet0 alias to Beelink X2
arm: dts: meson: Fix IRQ trigger type for macirq
ARM: dts: meson8b: odroidc1: mark the SD card detection GPIO active-low
ARM: dts: meson8m2: mxiii-plus: mark the SD card detection GPIO active-low
ARM: dts: imx6sx: correct backward compatible of gpt
arm64: dts: renesas: r8a7796: Enable DMA for SCIF2
arm64: dts: renesas: r8a77965: Enable DMA for SCIF2
soc: fsl: qbman: avoid race in clearing QMan interrupt
pinctrl: mcp23s08: spi: Fix regmap allocation for mcp23s18
wlcore: sdio: Fixup power on/off sequence
bpftool: Fix prog dump by tag
bpftool: fix percpu maps updating
bpf: sock recvbuff must be limited by rmem_max in bpf_setsockopt()
ARM: pxa: ssp: unneeded to free devm_ allocated data
arm64: dts: add msm8996 compatible to gicv3
batman-adv: release station info tidstats
DTS: CI20: Fix bugs in ci20's device tree.
usb: phy: fix link errors
irqchip/gic-v4: Fix occasional VLPI drop
irqchip/gic-v3-its: Gracefully fail on LPI exhaustion
irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable
drm/amdgpu: Add missing power attribute to APU check
drm/radeon: check if device is root before getting pci speed caps
drm/amdgpu: Transfer fences to dmabuf importer
net: stmmac: Fallback to Platform Data clock in Watchdog conversion
net: stmmac: Send TSO packets always from Queue 0
net: stmmac: Disable EEE mode earlier in XMIT callback
irqchip/gic-v3-its: Fix ITT_entry_size accessor
relay: check return of create_buf_file() properly
bpf, selftests: fix handling of sparse CPU allocations
bpf: fix lockdep false positive in percpu_freelist
bpf: fix potential deadlock in bpf_prog_register
bpf: Fix syscall's stackmap lookup potential deadlock
drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init
dmaengine: at_xdmac: Fix wrongfull report of a channel as in use
vsock/virtio: fix kernel panic after device hot-unplug
vsock/virtio: reset connected sockets on device removal
dmaengine: dmatest: Abort test in case of mapping error
selftests: netfilter: fix config fragment CONFIG_NF_TABLES_INET
selftests: netfilter: add simple masq/redirect test cases
netfilter: nf_nat: skip nat clash resolution for same-origin entries
s390/qeth: release cmd buffer in error paths
s390/qeth: fix use-after-free in error path
s390/qeth: cancel close_dev work before removing a card
perf symbols: Filter out hidden symbols from labels
perf trace: Support multiple "vfs_getname" probes
MIPS: Remove function size check in get_frame_info()
Revert "scsi: libfc: Add WARN_ON() when deleting rports"
i2c: omap: Use noirq system sleep pm ops to idle device for suspend
drm/amdgpu: use spin_lock_irqsave to protect vm_manager.pasid_idr
nvme: lock NS list changes while handling command effects
nvme-pci: fix rapid add remove sequence
fs: ratelimit __find_get_block_slow() failure message.
qed: Fix EQ full firmware assert.
qed: Consider TX tcs while deriving the max num_queues for PF.
qede: Fix system crash on configuring channels.
blk-iolatency: fix IO hang due to negative inflight counter
nvme-pci: add missing unlock for reset error
Input: wacom_serial4 - add support for Wacom ArtPad II tablet
Input: elan_i2c - add id for touchpad found in Lenovo s21e-20
iscsi_ibft: Fix missing break in switch statement
scsi: aacraid: Fix missing break in switch statement
x86/PCI: Fixup RTIT_BAR of Intel Denverton Trace Hub
arm64: dts: zcu100-revC: Give wifi some time after power-on
arm64: dts: hikey: Give wifi some time after power-on
arm64: dts: hikey: Revert "Enable HS200 mode on eMMC"
ARM: dts: exynos: Fix pinctrl definition for eMMC RTSN line on Odroid X2/U3
ARM: dts: exynos: Add minimal clkout parameters to Exynos3250 PMU
ARM: dts: exynos: Fix max voltage for buck8 regulator on Odroid XU3/XU4
drm: disable uncached DMA optimization for ARM and arm64
netfilter: xt_TEE: fix wrong interface selection
netfilter: xt_TEE: add missing code to get interface index in checkentry.
gfs2: Fix missed wakeups in find_insert_glock
staging: erofs: add error handling for xattr submodule
staging: erofs: fix fast symlink w/o xattr when fs xattr is on
staging: erofs: fix memleak of inode's shared xattr array
staging: erofs: fix race of initializing xattrs of a inode at the same time
staging: erofs: keep corrupted fs from crashing kernel in erofs_namei()
cifs: allow calling SMB2_xxx_free(NULL)
ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom
driver core: Postpone DMA tear-down until after devres release
perf/x86/intel: Make cpuc allocations consistent
perf/x86/intel: Generalize dynamic constraint creation
x86: Add TSX Force Abort CPUID/MSR
perf/x86/intel: Implement support for TSX Force Abort
Linux 4.19.29
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
[ Upstream commit db7ddeab3c ]
There is a copy and paste bug so we set "config->test_driver" to NULL
twice instead of setting "config->test_fs". Smatch complains that it
leads to a double free:
lib/test_kmod.c:840 __kmod_config_init() warn: 'config->test_fs' double freed
Link: http://lkml.kernel.org/r/20190121140011.GA14283@kadam
Fixes: d9c6a72d6f ("kmod: add test driver to stress test the module loader")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxjFL8ACgkQONu9yGCS
aT643xAAk+mnsrOfU6/LBFjcJUUUYohK01UAU+PRvTjy4uH8rrA4G01xvp11ftIu
jjEikA2582ScR5a2Ww+E4SfqOdKT4z9hOGLTnyI0P4xN9jeVidvu9+C90AYyBYhi
orHm1osVQIj6n9+OQ5db+DzZYbZLbyfCoqNXbq9EoLvNRS3FUUH0y2VXqcz9Ghcj
obpdHTVMKRaFkRWdCglo+3hSpoKrncSVpKrwUXR18GCt8jjZjj39kI9t6UoGNfc7
nN3GOd26U1tpGo6ShZJYu6aPjV+zoYNlsg1o2zn9qJANIdulYe30vqNhWCeJ+/T7
WcT3EHv4pPEO3Lvgfp+l10Nc6IbYdJEFUpAP3CvfP+MvRfKvz8Vo3Nm/BQlr20+q
+MUYJb+wxhlHPRLV192XbnYFkEzZg7vzymoMPL034XheAkOkPbOK0IIVo41p5Rai
LxmOdvhzfAktbtD/VWnLTUbexjs2EJ05bvZRjdPKKIMBNKnAWz4ux3KcHxpdsUF8
KMCKwpJE8KDM4uiaKVdyfMhFeIg37pmy+7Uv9cUFjWwtsL3K+CiAXg8uaSvnajKr
bOhwbFIgxoOI9VRBK8M0wvzouphA0miVbxOY81sdfbMeWNpbCLdb968AFz25llta
rVlWp7bSAUQTsvTkVBv6mrTKPwzO4jnfHYN8yj5gO7pr5fmC2ig=
=L+Mp
-----END PGP SIGNATURE-----
Merge 4.19.21 into android-4.19
Changes in 4.19.21
devres: Align data[] to ARCH_KMALLOC_MINALIGN
drm/bufs: Fix Spectre v1 vulnerability
staging: iio: adc: ad7280a: handle error from __ad7280_read32()
drm/vgem: Fix vgem_init to get drm device available.
pinctrl: bcm2835: Use raw spinlock for RT compatibility
ASoC: Intel: mrfld: fix uninitialized variable access
gpiolib: Fix possible use after free on label
drm/sun4i: Initialize registers in tcon-top driver
genirq/affinity: Spread IRQs to all available NUMA nodes
gpu: ipu-v3: image-convert: Prevent race between run and unprepare
nds32: Fix gcc 8.0 compiler option incompatible.
wil6210: fix reset flow for Talyn-mb
wil6210: fix memory leak in wil_find_tx_bcast_2
ath10k: assign 'n_cipher_suites' for WCN3990
ath9k: dynack: use authentication messages for 'late' ack
scsi: lpfc: Correct LCB RJT handling
scsi: mpt3sas: Call sas_remove_host before removing the target devices
scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event
ARM: 8808/1: kexec:offline panic_smp_self_stop CPU
clk: boston: fix possible memory leak in clk_boston_setup()
dlm: Don't swamp the CPU with callbacks queued during recovery
x86/PCI: Fix Broadcom CNB20LE unintended sign extension (redux)
powerpc/pseries: add of_node_put() in dlpar_detach_node()
crypto: aes_ti - disable interrupts while accessing S-box
drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE
serial: fsl_lpuart: clear parity enable bit when disable parity
ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl
MIPS: Boston: Disable EG20T prefetch
dpaa2-ptp: defer probe when portal allocation failed
iwlwifi: fw: do not set sgi bits for HE connection
staging:iio:ad2s90: Make probe handle spi_setup failure
fpga: altera-cvp: Fix registration for CvP incapable devices
Tools: hv: kvp: Fix a warning of buffer overflow with gcc 8.0.1
fpga: altera-cvp: fix 'bad IO access' on x86_64
vbox: fix link error with 'gcc -Og'
platform/chrome: don't report EC_MKBP_EVENT_SENSOR_FIFO as wakeup
i40e: prevent overlapping tx_timeout recover
scsi: hisi_sas: change the time of SAS SSP connection
staging: iio: ad7780: update voltage on read
usbnet: smsc95xx: fix rx packet alignment
drm/rockchip: fix for mailbox read size
ARM: OMAP2+: hwmod: Fix some section annotations
drm/amd/display: fix gamma not being applied correctly
drm/amd/display: calculate stream->phy_pix_clk before clock mapping
bpf: libbpf: retry map creation without the name
net/mlx5: EQ, Use the right place to store/read IRQ affinity hint
modpost: validate symbol names also in find_elf_symbol
perf tools: Add Hygon Dhyana support
soc/tegra: Don't leak device tree node reference
media: rc: ensure close() is called on rc_unregister_device
media: video-i2c: avoid accessing released memory area when removing driver
media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm()
staging: erofs: fix the definition of DBG_BUGON
clk: meson: meson8b: do not use cpu_div3 for cpu_scale_out_sel
clk: meson: meson8b: fix the width of the cpu_scale_div clock
clk: meson: meson8b: mark the CPU clock as CLK_IS_CRITICAL
ptp: Fix pass zero to ERR_PTR() in ptp_clock_register
dmaengine: xilinx_dma: Remove __aligned attribute on zynqmp_dma_desc_ll
powerpc/32: Add .data..Lubsan_data*/.data..Lubsan_type* sections explicitly
iio: adc: meson-saradc: check for devm_kasprintf failure
iio: adc: meson-saradc: fix internal clock names
iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID
media: adv*/tc358743/ths8200: fill in min width/height/pixelclock
ACPI: SPCR: Consider baud rate 0 as preconfigured state
staging: pi433: fix potential null dereference
f2fs: move dir data flush to write checkpoint process
f2fs: fix race between write_checkpoint and write_begin
f2fs: fix wrong return value of f2fs_acl_create
i2c: sh_mobile: add support for r8a77990 (R-Car E3)
arm64: io: Ensure calls to delay routines are ordered against prior readX()
net: aquantia: return 'err' if set MPI_DEINIT state fails
sunvdc: Do not spin in an infinite loop when vio_ldc_send() returns EAGAIN
soc: bcm: brcmstb: Don't leak device tree node reference
nfsd4: fix crash on writing v4_end_grace before nfsd startup
drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state()
perf: arm_spe: handle devm_kasprintf() failure
arm64: io: Ensure value passed to __iormb() is held in a 64-bit register
Thermal: do not clear passive state during system sleep
thermal: Fix locking in cooling device sysfs update cur_state
firmware/efi: Add NULL pointer checks in efivars API functions
s390/zcrypt: improve special ap message cmd handling
mt76x0: dfs: fix IBI_R11 configuration on non-radar channels
arm64: ftrace: don't adjust the LR value
drm/v3d: Fix prime imports of buffers from other drivers.
ARM: dts: mmp2: fix TWSI2
ARM: dts: aspeed: add missing memory unit-address
x86/fpu: Add might_fault() to user_insn()
media: i2c: TDA1997x: select CONFIG_HDMI
media: DaVinci-VPBE: fix error handling in vpbe_initialize()
smack: fix access permissions for keyring
xtensa: xtfpga.dtsi: fix dtc warnings about SPI
usb: dwc3: Correct the logic for checking TRB full in __dwc3_prepare_one_trb()
usb: dwc2: Disable power down feature on Samsung SoCs
usb: hub: delay hub autosuspend if USB3 port is still link training
timekeeping: Use proper seqcount initializer
usb: mtu3: fix the issue about SetFeature(U1/U2_Enable)
clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks
media: imx274: select REGMAP_I2C
drm/amdgpu/powerplay: fix clock stretcher limits on polaris (v2)
tipc: fix node keep alive interval calculation
driver core: Move async_synchronize_full call
kobject: return error code if writing /sys/.../uevent fails
IB/hfi1: Unreserve a reserved request when it is completed
usb: dwc3: trace: add missing break statement to make compiler happy
gpio: mt7621: report failure of devm_kasprintf()
gpio: mt7621: pass mediatek_gpio_bank_probe() failure up the stack
pinctrl: sx150x: handle failure case of devm_kstrdup
iommu/amd: Fix amd_iommu=force_isolation
ARM: dts: Fix OMAP4430 SDP Ethernet startup
mips: bpf: fix encoding bug for mm_srlv32_op
media: coda: fix H.264 deblocking filter controls
ARM: dts: Fix up the D-Link DIR-685 MTD partition info
watchdog: renesas_wdt: don't set divider while watchdog is running
ARM: dts: imx51-zii-rdu1: Do not specify "power-gpio" for hpa1
usb: dwc3: gadget: Disable CSP for stream OUT ep
iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads
iommu/arm-smmu: Add support for qcom,smmu-v2 variant
iommu/arm-smmu-v3: Use explicit mb() when moving cons pointer
sata_rcar: fix deferred probing
clk: imx6sl: ensure MMDC CH0 handshake is bypassed
platform/x86: mlx-platform: Fix tachometer registers
cpuidle: big.LITTLE: fix refcount leak
OPP: Use opp_table->regulators to verify no regulator case
tee: optee: avoid possible double list_del()
drm/msm/dsi: fix dsi clock names in DSI 10nm PLL driver
drm/msm: dpu: Only check flush register against pending flushes
lightnvm: pblk: fix resubmission of overwritten write err lbas
lightnvm: pblk: add lock protection to list operations
i2c-axxia: check for error conditions first
phy: sun4i-usb: add support for missing USB PHY index
mlxsw: spectrum_acl: Limit priority value
udf: Fix BUG on corrupted inode
switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite
selftests/bpf: use __bpf_constant_htons in test_prog.c
ARM: pxa: avoid section mismatch warning
ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M
KVM: PPC: Book3S: Only report KVM_CAP_SPAPR_TCE_VFIO on powernv machines
mmc: bcm2835: Recover from MMC_SEND_EXT_CSD
mmc: bcm2835: reset host on timeout
mmc: meson-mx-sdio: check devm_kasprintf for failure
memstick: Prevent memstick host from getting runtime suspended during card detection
mmc: sdhci-of-esdhc: Fix timeout checks
mmc: sdhci-omap: Fix timeout checks
mmc: sdhci-xenon: Fix timeout checks
mmc: jz4740: Get CD/WP GPIOs from descriptors
usb: renesas_usbhs: add support for RZ/G2E
btrfs: harden agaist duplicate fsid on scanned devices
serial: sh-sci: Fix locking in sci_submit_rx()
serial: sh-sci: Resume PIO in sci_rx_interrupt() on DMA failure
tty: serial: samsung: Properly set flags in autoCTS mode
perf test: Fix perf_event_attr test failure
perf dso: Fix unchecked usage of strncpy()
perf header: Fix unchecked usage of strncpy()
btrfs: use tagged writepage to mitigate livelock of snapshot
perf probe: Fix unchecked usage of strncpy()
i2c: sh_mobile: Add support for r8a774c0 (RZ/G2E)
bnxt_en: Disable MSIX before re-reserving NQs/CMPL rings.
tools/power/x86/intel_pstate_tracer: Fix non root execution for post processing a trace file
livepatch: check kzalloc return values
arm64: KVM: Skip MMIO insn after emulation
usb: musb: dsps: fix otg state machine
usb: musb: dsps: fix runtime pm for peripheral mode
perf header: Fix up argument to ctime()
perf tools: Cast off_t to s64 to avoid warning on bionic libc
percpu: convert spin_lock_irq to spin_lock_irqsave.
net: hns3: fix incomplete uninitialization of IRQ in the hns3_nic_uninit_vector_data()
drm/amd/display: Add retry to read ddc_clock pin
Bluetooth: hci_bcm: Handle deferred probing for the clock supply
drm/amd/display: fix YCbCr420 blank color
powerpc/uaccess: fix warning/error with access_ok()
mac80211: fix radiotap vendor presence bitmap handling
xfrm6_tunnel: Fix spi check in __xfrm6_tunnel_alloc_spi
mlxsw: spectrum: Properly cleanup LAG uppers when removing port from LAG
scsi: smartpqi: correct host serial num for ssa
scsi: smartpqi: correct volume status
scsi: smartpqi: increase fw status register read timeout
cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan()
net: hns3: add max vector number check for pf
powerpc/perf: Fix thresholding counter data for unknown type
iwlwifi: mvm: fix setting HE ppe FW config
powerpc/powernv/ioda: Allocate indirect TCE levels of cached userspace addresses on demand
mlx5: update timecounter at least twice per counter overflow
drbd: narrow rcu_read_lock in drbd_sync_handshake
drbd: disconnect, if the wrong UUIDs are attached on a connected peer
drbd: skip spurious timeout (ping-timeo) when failing promote
drbd: Avoid Clang warning about pointless switch statment
drm/amd/display: validate extended dongle caps
video: clps711x-fb: release disp device node in probe()
md: fix raid10 hang issue caused by barrier
fbdev: fbmem: behave better with small rotated displays and many CPUs
i40e: define proper net_device::neigh_priv_len
ice: Do not enable NAPI on q_vectors that have no rings
igb: Fix an issue that PME is not enabled during runtime suspend
ACPI/APEI: Clear GHES block_status before panic()
fbdev: fbcon: Fix unregister crash when more than one framebuffer
powerpc/mm: Fix reporting of kernel execute faults on the 8xx
pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins
pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins
KVM: x86: svm: report MSR_IA32_MCG_EXT_CTL as unsupported
powerpc/fadump: Do not allow hot-remove memory from fadump reserved area.
kvm: Change offset in kvm_write_guest_offset_cached to unsigned
NFS: nfs_compare_mount_options always compare auth flavors.
perf build: Don't unconditionally link the libbfd feature test to -liberty and -lz
hwmon: (lm80) fix a missing check of the status of SMBus read
hwmon: (lm80) fix a missing check of bus read in lm80 probe
seq_buf: Make seq_buf_puts() null-terminate the buffer
crypto: ux500 - Use proper enum in cryp_set_dma_transfer
crypto: ux500 - Use proper enum in hash_set_dma_transfer
MIPS: ralink: Select CONFIG_CPU_MIPSR2_IRQ_VI on MT7620/8
cifs: check ntwrk_buf_start for NULL before dereferencing it
f2fs: fix use-after-free issue when accessing sbi->stat_info
um: Avoid marking pages with "changed protection"
niu: fix missing checks of niu_pci_eeprom_read
f2fs: fix sbi->extent_list corruption issue
cgroup: fix parsing empty mount option string
perf python: Do not force closing original perf descriptor in evlist.get_pollfd()
scripts/decode_stacktrace: only strip base path when a prefix of the path
arch/sh/boards/mach-kfr2r09/setup.c: fix struct mtd_oob_ops build warning
ocfs2: don't clear bh uptodate for block read
ocfs2: improve ocfs2 Makefile
mm/page_alloc.c: don't call kasan_free_pages() at deferred mem init
zram: fix lockdep warning of free block handling
isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw()
gdrom: fix a memory leak bug
fsl/fman: Use GFP_ATOMIC in {memac,tgec}_add_hash_mac_address()
block/swim3: Fix -EBUSY error when re-opening device after unmount
thermal: bcm2835: enable hwmon explicitly
kdb: Don't back trace on a cpu that didn't round up
PCI: imx: Enable MSI from downstream components
thermal: generic-adc: Fix adc to temp interpolation
HID: lenovo: Add checks to fix of_led_classdev_register
arm64/sve: ptrace: Fix SVE_PT_REGS_OFFSET definition
kernel/hung_task.c: break RCU locks based on jiffies
proc/sysctl: fix return error for proc_doulongvec_minmax()
kernel/hung_task.c: force console verbose before panic
fs/epoll: drop ovflist branch prediction
exec: load_script: don't blindly truncate shebang string
kernel/kcov.c: mark write_comp_data() as notrace
scripts/gdb: fix lx-version string output
xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat
xfs: cancel COW blocks before swapext
xfs: Fix error code in 'xfs_ioc_getbmap()'
xfs: fix overflow in xfs_attr3_leaf_verify
xfs: fix shared extent data corruption due to missing cow reservation
xfs: fix transient reference count error in xfs_buf_resubmit_failed_buffers
xfs: delalloc -> unwritten COW fork allocation can go wrong
fs/xfs: fix f_ffree value for statfs when project quota is set
xfs: fix PAGE_MASK usage in xfs_free_file_space
xfs: fix inverted return from xfs_btree_sblock_verify_crc
thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set
dccp: fool proof ccid_hc_[rt]x_parse_options()
enic: fix checksum validation for IPv6
lib/test_rhashtable: Make test_insert_dup() allocate its hash table dynamically
net: dp83640: expire old TX-skb
net: dsa: Fix lockdep false positive splat
net: dsa: Fix NULL checking in dsa_slave_set_eee()
net: dsa: mv88e6xxx: Fix counting of ATU violations
net: dsa: slave: Don't propagate flag changes on down slave interfaces
net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames
net: systemport: Fix WoL with password after deep sleep
rds: fix refcount bug in rds_sock_addref
Revert "net: phy: marvell: avoid pause mode on SGMII-to-Copper for 88e151x"
rxrpc: bad unlock balance in rxrpc_recvmsg
sctp: check and update stream->out_curr when allocating stream_out
sctp: walk the list of asoc safely
skge: potential memory corruption in skge_get_regs()
virtio_net: Account for tx bytes and packets on sending xdp_frames
net/mlx5e: FPGA, fix Innova IPsec TX offload data path performance
xfs: eof trim writeback mapping as soon as it is cached
ALSA: compress: Fix stop handling on compressed capture streams
ALSA: usb-audio: Add support for new T+A USB DAC
ALSA: hda - Serialize codec registrations
ALSA: hda/realtek - Fix lose hp_pins for disable auto mute
ALSA: hda/realtek - Use a common helper for hp pin reference
ALSA: hda/realtek - Headset microphone support for System76 darp5
fuse: call pipe_buf_release() under pipe lock
fuse: decrement NR_WRITEBACK_TEMP on the right page
fuse: handle zero sized retrieve correctly
HID: debug: fix the ring buffer implementation
dmaengine: bcm2835: Fix interrupt race on RT
dmaengine: bcm2835: Fix abort of transactions
dmaengine: imx-dma: fix wrong callback invoke
futex: Handle early deadlock return correctly
irqchip/gic-v3-its: Plug allocation race for devices sharing a DevID
usb: phy: am335x: fix race condition in _probe
usb: dwc3: gadget: Handle 0 xfer length for OUT EP
usb: gadget: udc: net2272: Fix bitwise and boolean operations
usb: gadget: musb: fix short isoc packets with inventra dma
staging: speakup: fix tty-operation NULL derefs
scsi: cxlflash: Prevent deadlock when adapter probe fails
scsi: aic94xx: fix module loading
KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
cpu/hotplug: Fix "SMT disabled by BIOS" detection for KVM
perf/x86/intel/uncore: Add Node ID mask
x86/MCE: Initialize mce.bank in the case of a fatal error in mce_no_way_out()
perf/core: Don't WARN() for impossible ring-buffer sizes
perf tests evsel-tp-sched: Fix bitwise operator
serial: fix race between flush_to_ldisc and tty_open
serial: 8250_pci: Make PCI class test non fatal
serial: sh-sci: Do not free irqs that have already been freed
cacheinfo: Keep the old value if of_property_read_u32 fails
IB/hfi1: Add limit test for RC/UC send via loopback
perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu()
ath9k: dynack: make ewma estimation faster
ath9k: dynack: check da->enabled first in sampling routines
Linux 4.19.21
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Linus Torvalds