32344 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Michael Bestas
|
bfc560ed37
|
Merge tag 'ASB-2024-01-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona
https://source.android.com/docs/security/bulletin/2024-01-01 * tag 'ASB-2024-01-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.304 block: Don't invalidate pagecache for invalid falloc modes dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() smb: client: fix OOB in smbCalcSize() usb: fotg210-hcd: delete an incorrect bounds test usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling x86/alternatives: Sync core before enabling interrupts net: rfkill: gpio: set GPIO direction net: 9p: avoid freeing uninit memory in p9pdu_vreadf Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent USB: serial: option: add Quectel RM500Q R13 firmware support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel EG912Y module support USB: serial: ftdi_sio: update Actisense PIDs constant names wifi: cfg80211: fix certs build to not depend on file order wifi: cfg80211: Add my certificate iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() scsi: bnx2fc: Remove set but not used variable 'oxid' Input: ipaq-micro-keys - add error handling for devm_kmemdup iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw btrfs: do not allow non subvolume root targets for snapshot smb: client: fix NULL deref in asn1_ber_decoder() pinctrl: at91-pio4: use dedicated lock class for IRQ net: check dev->gso_max_size in gso_features_check() net: warn if gso_type isn't set for a GSO SKB afs: Fix the dynamic root's d_delete to always delete unused dentries net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() net/rose: fix races in rose_kill_by_device() ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net: sched: ife: fix potential use-after-free net/mlx5: Fix fw tracer first block check net/mlx5: improve some comments wifi: mac80211: mesh_plink: fix matches_local logic s390/vx: fix save/restore of fpu kernel context reset: Fix crash when freeing non-existent optional resets ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 ALSA: hda/realtek: Enable headset onLenovo M70/M90 ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names Revert "cred: switch to using atomic_long_t" Linux 4.19.303 powerpc/ftrace: Fix stack teardown in ftrace_no_trace powerpc/ftrace: Create a dummy stackframe to fix stack unwind mmc: block: Be sure to wait while busy in CQE error recovery ring-buffer: Fix memory leak of free page team: Fix use-after-free when an option instance allocation fails arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify ext4: prevent the normalized size from exceeding EXT_MAX_BLOCKS perf: Fix perf_event_validate_size() lockdep splat HID: hid-asus: add const to read-only outgoing usb buffer net: usb: qmi_wwan: claim interface 4 for ZTE MF290 asm-generic: qspinlock: fix queued_spin_value_unlocked() implementation HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad HID: hid-asus: reset the backlight brightness level on resume HID: add ALWAYS_POLL quirk for Apple kb platform/x86: intel_telemetry: Fix kernel doc descriptions bcache: avoid NULL checking to c->root in run_cache_set() bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() bcache: avoid oversize memory allocation by small stripe_size blk-throttle: fix lockdep warning of "cgroup_mutex or RCU read lock required!" cred: switch to using atomic_long_t Revert "PCI: acpiphp: Reassign resources on bridge if necessary" appletalk: Fix Use-After-Free in atalk_ioctl net: stmmac: Handle disabled MDIO busses from devicetree vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() sign-file: Fix incorrect return values check net: Remove acked SYN flag from packet in the transmit queue correctly qed: Fix a potential use-after-free in qed_cxt_tables_alloc net/rose: Fix Use-After-Free in rose_ioctl atm: Fix Use-After-Free in do_vcc_ioctl atm: solos-pci: Fix potential deadlock on &tx_queue_lock atm: solos-pci: Fix potential deadlock on &cli_queue_lock qca_spi: Fix reset behavior qca_debug: Fix ethtool -G iface tx behavior qca_debug: Prevent crash on TX ring changes Revert "psample: Require 'CAP_NET_ADMIN' when joining "packets" group" Revert "genetlink: add CAP_NET_ADMIN test for multicast bind" Revert "drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group" Revert "perf/core: Add a new read format to get a number of lost samples" Revert "perf: Fix perf_event_validate_size()" Revert "hrtimers: Push pending hrtimers away from outgoing CPU earlier" ANDROID: Snapshot Mainline's version of checkpatch.pl Linux 4.19.302 devcoredump: Send uevent once devcd is ready devcoredump : Serialize devcd_del work IB/isert: Fix unaligned immediate-data handling tools headers UAPI: Sync linux/perf_event.h with the kernel sources drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group psample: Require 'CAP_NET_ADMIN' when joining "packets" group genetlink: add CAP_NET_ADMIN test for multicast bind netlink: don't call ->netlink_bind with table lock held nilfs2: fix missing error check for sb_set_blocksize call KVM: s390/mm: Properly reset no-dat x86/CPU/AMD: Check vendor in the AMD microcode callback serial: 8250_omap: Add earlycon support for the AM654 UART controller serial: sc16is7xx: address RX timeout interrupt errata usb: typec: class: fix typec_altmode_put_partner to put plugs parport: Add support for Brainboxes IX/UC/PX parallel cards usb: gadget: f_hid: fix report descriptor allocation gpiolib: sysfs: Fix error handling on failed export perf: Fix perf_event_validate_size() perf/core: Add a new read format to get a number of lost samples tracing: Fix a possible race when disabling buffered events tracing: Fix incomplete locking when disabling buffered events tracing: Always update snapshot buffer size nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() packet: Move reference count in packet_sock to atomic_long_t ALSA: pcm: fix out-of-bounds in snd_pcm_state_names ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt ARM: dts: imx: make gpt node name generic ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() tracing: Fix a warning when allocating buffered events fails hwmon: (acpi_power_meter) Fix 4.29 MW bug RDMA/bnxt_re: Correct module description string tcp: do not accept ACK of bytes we never sent netfilter: xt_owner: Fix for unsafe access of sk->sk_socket netfilter: xt_owner: Add supplementary groups option net: hns: fix fake link up on xge port ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() arcnet: restoring support for multiple Sohard Arcnet cards net: arcnet: com20020 fix error handling net: arcnet: Fix RESET flag handling hv_netvsc: rndis_filter needs to select NLS ipv6: fix potential NULL deref in fib6_add() drm/amdgpu: correct chunk_ptr to a pointer to chunk. kconfig: fix memory leak from range properties tg3: Increment tx_dropped in tg3_tso_bug() tg3: Move the [rt]x_dropped counters to tg3_napi netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test hrtimers: Push pending hrtimers away from outgoing CPU earlier media: davinci: vpif_capture: fix potential double free spi: imx: mx51-ecspi: Move some initialisation to prepare_message hook. spi: imx: correct wml as the last sg length spi: imx: move wml setting to later than setup_transfer spi: imx: add a device specific prepare_message callback Linux 4.19.301 mmc: block: Retry commands in CQE error recovery mmc: core: convert comma to semicolon mmc: cqhci: Fix task clearing in CQE error recovery mmc: cqhci: Warn of halt or task clear failure mmc: cqhci: Increase recovery halt timeout cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily cpufreq: imx6q: don't warn for disabling a non-existing frequency ima: detect changes to the backing overlay file ovl: skip overlayfs superblocks at global sync ima: annotate iint mutex to avoid lockdep false positive warnings fbdev: stifb: Make the STI next font pointer a 32-bit signed offset mtd: cfi_cmdset_0001: Byte swap OTP info mtd: cfi_cmdset_0001: Support the absence of protection registers s390/cmma: fix detection of DAT pages s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions family smb3: fix touch -h of symlink net: ravb: Start TX queues after HW initialization succeeded ravb: Fix races between ravb_tx_timeout_work() and net related ops ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet Input: xpad - add HyperX Clutch Gladiate Support btrfs: send: ensure send_fd is writable btrfs: fix off-by-one when checking chunk map includes logical address powerpc: Don't clobber f0/vs0 during fp|altivec register save bcache: revert replacing IS_ERR_OR_NULL with IS_ERR dm verity: don't perform FEC for failed readahead IO dm-verity: align struct dm_verity_fec_io properly ALSA: hda/realtek: Headset Mic VREF to 100% ALSA: hda: Disable power-save on KONTRON SinglePC mmc: block: Do not lose cache flush during CQE error recovery firewire: core: fix possible memory leak in create_units() pinctrl: avoid reload of p state in list iteration USB: dwc3: qcom: fix wakeup after probe deferral usb: dwc3: set the dma max_seg_size USB: dwc2: write HCINT with INTMASK applied USB: serial: option: don't claim interface 4 for ZTE MF290 USB: serial: option: fix FM101R-GL defines USB: serial: option: add Fibocom L7xx modules bcache: prevent potential division by zero error bcache: check return value from btree_node_alloc_replacement() dm-delay: fix a race between delay_presuspend and delay_bio hv_netvsc: Mark VF as slave before exposing it to user-mode hv_netvsc: Fix race of register_netdevice_notifier and VF register USB: serial: option: add Luat Air72*U series products s390/dasd: protect device queue against concurrent access bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() mtd: rawnand: brcmnand: Fix ecc chunk calculation for erased page bitfips KVM: arm64: limit PMU version to PMUv3 for ARMv8.1 arm64: cpufeature: Extract capped perfmon fields MIPS: KVM: Fix a build warning about variable set but not used net: axienet: Fix check for partial TX checksum amd-xgbe: propagate the correct speed and duplex status amd-xgbe: handle the corner-case during tx completion amd-xgbe: handle corner-case during sfp hotplug arm/xen: fix xen_vcpu_info allocation alignment net: usb: ax88179_178a: fix failed operations during ax88179_reset ipv4: Correct/silence an endian warning in __ip_do_redirect HID: fix HID device resource race between HID core and debugging support HID: core: store the unique system identifier in hid_device drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full ata: pata_isapnp: Add missing error check for devm_ioport_map() drm/panel: simple: Fix Innolux G101ICE-L01 timings RDMA/irdma: Prevent zero-length STAG registration driver core: Release all resources during unbind before updating device links Conflicts: drivers/mmc/host/cqhci.c drivers/net/usb/ax88179_178a.c drivers/usb/dwc3/core.c scripts/checkpatch.pl Change-Id: I571c71df4f4c1c612d4101c9b9c2b901b4408103 |
||
Greg Kroah-Hartman
|
38d95b42c4 |
This is the 4.19.304 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmWbzh8ACgkQONu9yGCS aT6nzxAAkwiBVc/j4TFLnZw8XhsDiZdfTMdCHT5BmqH2uz1E9JNShKY3dO3PaTU1 vSBjpj/K1l0wuQwwyM0uNTDOxCsJ+4xnbQdrN3QsE7jNnSaJRT+tGFF8DED1saky 1vvMm+aZmNVuOSm6zrQqq8Mz/pgeyfbvGF0wE+aYQg1b2b7gBJlmtafIg05jChi7 J+fbZbQpw0/Peb0cNGmiOnypw5cXy/Th8S+Ua9IWTr7UbEf2uRS2ExakCpUbTjHU OUOd1gy9qgUMzS2aWacuR9jtfVxVZrC6MhrGNMAohhY9wJbF4ZlKSn75nCJwSDgd 150JY6QRwYwMcljJN7LWDW0d9aUV2Gs3y/OgfuHiwLdLG8yc1O88g4booV1dd/+K 3+D1layqNNvoT0dDRwBrea3gHD4AyNR9qHtPmiTWi3e1KYbzA/OTc3wucHtc30Bf /PwuOPEp6VyKD1wqE75d9cks2TgbsG9rxYrmWyxp3sfGsXO3FgiNul8JNXqz/P3Q U9SR9jXJ8GKW/e5DUfM+c6hK9kXFmccK0hf7+2TDoFOxdCss+RY8VTALqxcc89TC UISEP+1KeGmSFzNc+Re+FvLpjQKFfTKe8Ak2sVXySdK+w5uZbUGhE82RxaDDldjN u7iZRIHkc5Y8GDFWvHED8awsMcFsrqnrGunYmqahBek8eQu7JXU= =ck1B -----END PGP SIGNATURE----- Merge 4.19.304 into android-4.19-stable Changes in 4.19.304 arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB ALSA: hda/realtek: Enable headset onLenovo M70/M90 ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5 ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE ARM: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init reset: Fix crash when freeing non-existent optional resets s390/vx: fix save/restore of fpu kernel context wifi: mac80211: mesh_plink: fix matches_local logic net/mlx5: improve some comments net/mlx5: Fix fw tracer first block check net: sched: ife: fix potential use-after-free ethernet: atheros: fix a memleak in atl1e_setup_ring_resources net/rose: fix races in rose_kill_by_device() net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() afs: Fix the dynamic root's d_delete to always delete unused dentries net: warn if gso_type isn't set for a GSO SKB net: check dev->gso_max_size in gso_features_check() pinctrl: at91-pio4: use dedicated lock class for IRQ smb: client: fix NULL deref in asn1_ber_decoder() btrfs: do not allow non subvolume root targets for snapshot iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw Input: ipaq-micro-keys - add error handling for devm_kmemdup scsi: bnx2fc: Remove set but not used variable 'oxid' scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table wifi: cfg80211: Add my certificate wifi: cfg80211: fix certs build to not depend on file order USB: serial: ftdi_sio: update Actisense PIDs constant names USB: serial: option: add Quectel EG912Y module support USB: serial: option: add Foxconn T99W265 with new baseline USB: serial: option: add Quectel RM500Q R13 firmware support Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent net: 9p: avoid freeing uninit memory in p9pdu_vreadf net: rfkill: gpio: set GPIO direction x86/alternatives: Sync core before enabling interrupts usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling usb: fotg210-hcd: delete an incorrect bounds test smb: client: fix OOB in smbCalcSize() dm-integrity: don't modify bio's immutable bio_vec in integrity_metadata() block: Don't invalidate pagecache for invalid falloc modes Linux 4.19.304 Change-Id: I924e0479cdd444b14c25d83a165ca082fa2c9f80 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Thomas Gleixner
|
8f6f8443a2 |
x86/alternatives: Sync core before enabling interrupts
commit 3ea1704a92967834bf0e64ca1205db4680d04048 upstream.
text_poke_early() does:
local_irq_save(flags);
memcpy(addr, opcode, len);
local_irq_restore(flags);
sync_core();
That's not really correct because the synchronization should happen before
interrupts are re-enabled to ensure that a pending interrupt observes the
complete update of the opcodes.
It's not entirely clear whether the interrupt entry provides enough
serialization already, but moving the sync_core() invocation into interrupt
disabled region does no harm and is obviously correct.
Fixes:
|
||
Michael Bestas
|
33ef102789
|
Merge tag 'ASB-2023-12-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona
https://source.android.com/docs/security/bulletin/2023-12-01 * tag 'ASB-2023-12-05_4.19-stable' of https://android.googlesource.com/kernel/common: Revert "macsec: use DEV_STATS_INC()" Revert "net: add DEV_STATS_READ() helper" Linux 4.19.300 net: sched: fix race condition in qdisc_graft() iomap: Set all uptodate bits for an Uptodate page scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids drm/amdgpu: fix error handling in amdgpu_bo_list_get() ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks ext4: correct return value of ext4_convert_meta_bg ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: apply umask if ACL support is disabled Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" media: venus: hfi: add checks to handle capabilities from firmware media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi_parser: Add check to keep the number of codecs within range media: sharp: fix sharp encoding media: lirc: drop trailing space from scancode transmit i2c: i801: fix potential race in i801_block_transaction_byte_by_byte net: dsa: lan9303: consequently nested-lock physical MDIO tty: serial: meson: fix hard LOCKUP on crtscts mode serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: retrieve port FIFO size from DT serial: meson: remove redundant initialization of variable id tty: serial: meson: if no alias specified use an available id ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC ALSA: info: Fix potential deadlock at disconnection parisc/pgtable: Do not drop upper 5 address bits of physical address parisc: Prevent booting 64-bit kernels on PA1.x machines dmaengine: stm32-mdma: correct desc prep when channel running mcb: fix error handling for different scenarios when parsing quota: explicitly forbid quota files from being encrypted jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev PM: hibernate: Clean up sync_read handling in snapshot_write_next() PM: hibernate: Use __get_safe_page() rather than touching the list mmc: vub300: fix an error code clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks parisc/pdc: Add width field to struct pdc_model PCI: keystone: Don't discard .probe() callback PCI: keystone: Don't discard .remove() callback genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware mmc: meson-gx: Remove setting of CMD_CFG_ERROR PCI/sysfs: Protect driver's D3cold preference from user space hvc/xen: fix error path in xen_hvc_init() to always register frontend driver audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() audit: don't take task_lock() in audit_exe_compare() code path KVM: x86: Ignore MSR_AMD64_TW_CFG access randstruct: Fix gcc-plugin performance mode to stay in group media: venus: hfi: add checks to perform sanity on queue pointers cifs: spnego: add ';' in HOST_KEY_LEN macvlan: Don't propagate promisc change to lower dev in passthru net: ethernet: cortina: Fix MTU max setting net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix max RX frame define ptp: annotate data-race around q->head and q->tail xen/events: fix delayed eoi list handling ppp: limit MRU to 64K tipc: Fix kernel-infoleak due to uninitialized TLV value tty: Fix uninit-value access in ppp_sync_receive() ipvlan: add ipvlan_route_v6_outbound() helper NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO pwm: Fix double shift bug drm/amd/display: Avoid NULL dereference of timing generator gfs2: ignore negated quota changes media: vivid: avoid integer overflow media: gspca: cpia1: shift-out-of-bounds in set_flicker i2c: sun6i-p2wi: Prevent potential division by zero usb: gadget: f_ncm: Always set current gadget in ncm_bind() tty: vcc: Add check for kstrdup() in vcc_probe() HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() atm: iphase: Do PCI error checks on own line ALSA: hda: Fix possible null-ptr-deref when assigning a stream ARM: 9320/1: fix stack depot IRQ stack filter jfs: fix array-index-out-of-bounds in diAlloc jfs: fix array-index-out-of-bounds in dbFindLeaf fs/jfs: Add validity check for db_maxag and db_agpref fs/jfs: Add check for negative db_l2nbperpage RDMA/hfi1: Use FIELD_GET() to extract Link Width crypto: pcrypt - Fix hungtask for PADATA_RESET selftests/efivarfs: create-read: fix a resource leak drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e Bluetooth: Fix double free in hci_conn_cleanup net: annotate data-races around sk->sk_dst_pending_confirm net: annotate data-races around sk->sk_tx_queue_mapping wifi: ath10k: fix clang-specific fortify warning wifi: ath9k: fix clang-specific fortify warnings wifi: mac80211: don't return unset power in ieee80211_get_tx_power() x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware clocksource/drivers/timer-imx-gpt: Fix potential memory leak perf/core: Bail out early if the request AUX area is out of bound locking/ww_mutex/test: Fix potential workqueue corruption Revert "ipvlan: properly track tx_errors" ANDROID: fix up platform_device ABI break Linux 4.19.299 btrfs: use u64 for buffer sizes in the tree search ioctls Revert "mmc: core: Capture correct oemid-bits for eMMC cards" fbdev: fsl-diu-fb: mark wr_reg_wa() static fbdev: imsttfb: fix a resource leak in probe fbdev: imsttfb: Fix error path of imsttfb_probe() netfilter: xt_recent: fix (increase) ipv6 literal buffer length r8169: respect userspace disabling IFF_MULTICAST tg3: power down device only on SYSTEM_POWER_OFF net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT net/smc: wait for pending work before clcsock release_sock net/smc: postpone release of clcsock net: r8169: Disable multicast filter for RTL8168H and RTL8107E r8169: improve rtl_set_rx_mode dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. dccp: Call security_inet_conn_request() after setting IPv4 addresses. tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING llc: verify mac len before reading mac header Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume pwm: sti: Reduce number of allocations and drop usage of chip_data pwm: sti: Avoid conditional gotos media: dvb-usb-v2: af9035: fix missing unlock media: s3c-camif: Avoid inappropriate kfree() media: bttv: fix use after free error due to btv->timeout timer pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() pcmcia: ds: fix refcount leak in pcmcia_device_add() pcmcia: cs: fix possible hung task and memory leak pccardd() f2fs: fix to initialize map.m_pblk in f2fs_precache_extents() dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() USB: usbip: fix stub_dev hub disconnect tools: iio: iio_generic_buffer ensure alignment tools: iio: iio_generic_buffer: Fix some integer type and calculation tools: iio: privatize globals and functions in iio_generic_buffer.c file misc: st_core: Do not call kfree_skb() under spin_lock_irqsave() dmaengine: ti: edma: handle irq_of_parse_and_map() errors usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency tty: tty_jobctrl: fix pid memleak in disassociate_ctty() leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' ledtrig-cpu: Limit to 8 CPUs leds: pwm: Don't disable the PWM when the LED should be off leds: pwm: convert to atomic PWM API leds: pwm: simplify if condition mfd: dln2: Fix double put in dln2_probe ASoC: ams-delta.c: use component after check ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails sh: bios: Revive earlyprintk support RDMA/hfi1: Workaround truncation compilation error ext4: move 'ix' sanity check to corrent position ARM: 9321/1: memset: cast the constant byte to unsigned char hid: cp2112: Fix duplicate workqueue initialization HID: cp2112: Use irqchip template nd_btt: Make BTT lanes preemptible sched/rt: Provide migrate_disable/enable() inlines hwrng: geode - fix accessing registers clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped firmware: ti_sci: Mark driver as non removable ARM: dts: qcom: mdm9615: populate vsdcc fixed regulator drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() drm/radeon: possible buffer overflow drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs hwmon: (coretemp) Fix potentially truncated sysfs attribute name platform/x86: wmi: Fix opening of char device platform/x86: wmi: remove unnecessary initializations platform/x86: wmi: Fix probe failure when failing to register WMI devices clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data clk: npcm7xx: Fix incorrect kfree clk: keystone: pll: fix a couple NULL vs IS_ERR() checks clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies regmap: debugfs: Fix a erroneous check after snprintf() ipvlan: properly track tx_errors net: add DEV_STATS_READ() helper macsec: use DEV_STATS_INC() macsec: Fix traffic counters/statistics ipv6: avoid atomic fragment on GSO packets ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() chtls: fix tp->rcv_tstamp initialization thermal: core: prevent potential string overflow can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() can: dev: can_restart(): don't crash kernel if carrier is OK can: dev: move driver related infrastructure into separate subdir wifi: rtlwifi: fix EDCA limit set by BT coexistence tcp_metrics: do not create an entry from tcp_init_metrics() tcp_metrics: properly set tp->snd_ssthresh in tcp_init_metrics() tcp_metrics: add missing barriers on delete i40e: fix potential memory leaks in i40e_remove() genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() vfs: fix readahead(2) on block devices Linux 4.19.298 tty: 8250: Add support for Intashield IS-100 tty: 8250: Add support for Brainboxes UP cards tty: 8250: Add support for additional Brainboxes UC cards tty: 8250: Remove UC-257 and UC-431 usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device remove the sx8 block driver ata: ahci: fix enum constants for gcc-13 net: chelsio: cxgb4: add an error code check in t4_load_phy_fw platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e scsi: mpt3sas: Fix in error path fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() ASoC: rt5650: fix the wrong result of key button netfilter: nfnetlink_log: silence bogus compiler warning fbdev: atyfb: only use ioremap_uc() on i386 and ia64 Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe irqchip/stm32-exti: add missing DT IRQ flag translation Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table ASoC: simple-card: fixup asoc_simple_probe() error handling MAINTAINERS: r8169: Update path to the driver x86: Fix .brk attribute in linker script rpmsg: Fix possible refcount leak in rpmsg_register_device_override() rpmsg: glink: Release driver_override rpmsg: Fix calling device_lock() on non-initialized device rpmsg: Fix kfree() of static memory on setting driver_override rpmsg: Constify local variable in field store macro driver: platform: Add helper for safer setting of driver_override x86/mm: Fix RESERVE_BRK() for older binutils x86/mm: Simplify RESERVE_BRK() nfsd: lock_rename() needs both directories to live on the same fs f2fs: fix to do sanity check on inode type during garbage collection smbdirect: missing rc checks while waiting for rdma events kobject: Fix slab-out-of-bounds in fill_kobj_path() arm64: fix a concurrency issue in emulation_proc_handler() drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() ARM: 8933/1: replace Sun/Solaris style flag on section directive NFS: Don't call generic_error_remove_page() while holding locks x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility iio: exynos-adc: request second interupt only when touchscreen mode is used perf/core: Fix potential NULL deref nvmem: imx: correct nregs for i.MX6UL nvmem: imx: correct nregs for i.MX6SLL i2c: stm32f7: Fix PEC handling in case of SMBUS transfers i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR gtp: fix fragmentation needed check with gso igb: Fix potential memory leak in igb_add_ethtool_nfc_entry treewide: Spelling fix in comment r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 r8169: rename r8169.c to r8169_main.c virtio-mmio: fix memory leak of vm_dev virtio_balloon: Fix endless deflation and inflation on arm64 mcb-lpc: Reallocate memory region to avoid memory overlapping mcb: Return actual parsed size when reading chameleon table selftests/ftrace: Add new test case which checks non unique symbol mmc: core: sdio: hold retuning if sdio in 1-bit mode mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume Conflicts: drivers/clk/qcom/clk-rcg2.c drivers/leds/leds-pwm.c drivers/mmc/core/sdio.c drivers/rpmsg/qcom_glink_native.c drivers/thermal/thermal_core.c drivers/usb/gadget/function/f_ncm.c Change-Id: I230a2c820e39dd863a874bfc0c7a411896b0ba9c |
||
Greg Kroah-Hartman
|
cd086b6516 |
This is the 4.19.302 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmV53vEACgkQONu9yGCS aT4wng/9ECVr1tNbX+0oo5p4GFnY2wR3I39TslGkS048Yo1UiW/m7WX2nDJPhJXO YLLiSsm0xOKZEn1xDh99L5kIWZHeHywajMdrIDZwRhOtBj8RHX0NyWQQzxg2ftxs 7IrgXyt/38b6kcQ2or8rqPqINGeZWAErukMfGMQZIMkp48D68cyfPDk0xfFwryAL mfn1tQOe6OgPFSbNR7MiV1mWzC6f06J6ZOx3kUvS6tqu0ZF61yhE8QkB/U2dQb/z S7VTM4BQ5NuW9BiGfLF39OAppEZ7jB/JZjCzh5h2ZUWpKhxl09u5FFqT81fOqtBN b/rhPnNnG1gFarGChrRbdvU4YnomBce7f7knpe0/vUiZW+UBxIW5yagUoXz7Eo0X Lyowuj5bXhDAJ1T/G/AV8Fv0eIunBRUyXcdeF6qeHWV2NzDmcYbswY6gh5eWDZL3 ST83NvEq+p5uGzZHEbjbP3AX0P5wHDPAkhLXKLCwTsylHKrfL12e1+FWY2Jv40PA Ze+8SNCZrdHIYXZWSczrGZJM+GJh1KCkOQt/wSkGzPPAmoqcOTyMqD7Tj7o8qUER lQGDYzEO7+ZGMQ3QtSqQ//3Mlaeh4JYjzEYgpuXA7bFeepn/9FVDUurKZW39A/o5 0TTWsgwRlt2j92Jfi8ajbT5aAVJ0+o6KFqElUhc2onMMEWngUXs= =Ryx9 -----END PGP SIGNATURE----- Merge 4.19.302 into android-4.19-stable Changes in 4.19.302 spi: imx: add a device specific prepare_message callback spi: imx: move wml setting to later than setup_transfer spi: imx: correct wml as the last sg length spi: imx: mx51-ecspi: Move some initialisation to prepare_message hook. media: davinci: vpif_capture: fix potential double free hrtimers: Push pending hrtimers away from outgoing CPU earlier netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test tg3: Move the [rt]x_dropped counters to tg3_napi tg3: Increment tx_dropped in tg3_tso_bug() kconfig: fix memory leak from range properties drm/amdgpu: correct chunk_ptr to a pointer to chunk. ipv6: fix potential NULL deref in fib6_add() hv_netvsc: rndis_filter needs to select NLS net: arcnet: Fix RESET flag handling net: arcnet: com20020 fix error handling arcnet: restoring support for multiple Sohard Arcnet cards ipv4: ip_gre: Avoid skb_pull() failure in ipgre_xmit() net: hns: fix fake link up on xge port netfilter: xt_owner: Add supplementary groups option netfilter: xt_owner: Fix for unsafe access of sk->sk_socket tcp: do not accept ACK of bytes we never sent RDMA/bnxt_re: Correct module description string hwmon: (acpi_power_meter) Fix 4.29 MW bug tracing: Fix a warning when allocating buffered events fails scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init ARM: dts: imx: make gpt node name generic ARM: dts: imx7: Declare timers compatible with fsl,imx6dl-gpt ALSA: pcm: fix out-of-bounds in snd_pcm_state_names packet: Move reference count in packet_sock to atomic_long_t nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() tracing: Always update snapshot buffer size tracing: Fix incomplete locking when disabling buffered events tracing: Fix a possible race when disabling buffered events perf/core: Add a new read format to get a number of lost samples perf: Fix perf_event_validate_size() gpiolib: sysfs: Fix error handling on failed export usb: gadget: f_hid: fix report descriptor allocation parport: Add support for Brainboxes IX/UC/PX parallel cards usb: typec: class: fix typec_altmode_put_partner to put plugs serial: sc16is7xx: address RX timeout interrupt errata serial: 8250_omap: Add earlycon support for the AM654 UART controller x86/CPU/AMD: Check vendor in the AMD microcode callback KVM: s390/mm: Properly reset no-dat nilfs2: fix missing error check for sb_set_blocksize call netlink: don't call ->netlink_bind with table lock held genetlink: add CAP_NET_ADMIN test for multicast bind psample: Require 'CAP_NET_ADMIN' when joining "packets" group drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group tools headers UAPI: Sync linux/perf_event.h with the kernel sources IB/isert: Fix unaligned immediate-data handling devcoredump : Serialize devcd_del work devcoredump: Send uevent once devcd is ready Linux 4.19.302 Change-Id: If04a1c5d3950ac7c1cbe4b71df951dcf3e8e8ed1 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Borislav Petkov (AMD)
|
5ac3c7a830 |
x86/CPU/AMD: Check vendor in the AMD microcode callback
commit 9b8493dc43044376716d789d07699f17d538a7c4 upstream. Commit in Fixes added an AMD-specific microcode callback. However, it didn't check the CPU vendor the kernel runs on explicitly. The only reason the Zenbleed check in it didn't run on other x86 vendors hardware was pure coincidental luck: if (!cpu_has_amd_erratum(c, amd_zenbleed)) return; gives true on other vendors because they don't have those families and models. However, with the removal of the cpu_has_amd_erratum() in 05f5f73936fa ("x86/CPU/AMD: Drop now unused CPU erratum checking function") that coincidental condition is gone, leading to the zenbleed check getting executed on other vendors too. Add the explicit vendor check for the whole callback as it should've been done in the first place. Fixes: 522b1d69219d ("x86/cpu/amd: Add a Zenbleed fix") Cc: <stable@kernel.org> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/20231201184226.16749-1-bp@alien8.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
11806753ba |
This is the 4.19.300 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVmGaYACgkQONu9yGCS aT6nzRAApEttSs9XhWbu1hXqfcOUKBsq2BLss2+9zfp2jwhCVQFQOApU5xggjpww 5ATVq2FQGEk1kMRpESeDdkW7fnFevwEgyZafYrBbbBk6/9bbWMyqMBhlGP7RWNY9 KoEhpMOejOYfCc+Z/II+BDf3KK2roXnrO8L5rFnyOTeJxgmofAqWYe5WWtHlcDtK z5KceJiXy0ddjgm6+nvpHrfStu9uDs+O63nf0XG6gmgFeRa/tI7hQg1mSUlpR8X3 Ip5kk5pYjZ+T3gwepDJmhpOLW+xHeXKrbAb3nN38lPrRnnM/7lxp6FJkhkts6FqF r/8MgWcKe2XpnxwiLvIFGV4jIG1GNC8ZYdVWYVNZxi+SdD6Jz9qLraAoTQDR6zSR R60pond+MdjBzFeKsFvV6F5a4cDTY+REaVK92YV7y1U70IRR9UrsZipxmqcD0dxa eRgLxM663DF0b1hjiP2WL4IxQSlVTPMJMj8U6eXtfdHebDOb+J/Qoq7mlQHd9ExL S3snvJhAco0+SopK4v4GN1a5SHKx7a2Ua2OOG3CfHTRK3yoH5F/qE/cLpRR6vxxl NVyB5N2s9zkgX4p+2rFi8XR2/DsBReTu2C8hzXQ6AGYLZ15qIvRIkXCSUBNZO3tt r7h3+oUwmNQ478y7NWpAVGcczZQBel3NjHDZMIdWZJPLVffLP+A= =B47s -----END PGP SIGNATURE----- Merge 4.19.300 into android-4.19-stable Changes in 4.19.300 locking/ww_mutex/test: Fix potential workqueue corruption perf/core: Bail out early if the request AUX area is out of bound clocksource/drivers/timer-imx-gpt: Fix potential memory leak clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size wifi: mac80211: don't return unset power in ieee80211_get_tx_power() wifi: ath9k: fix clang-specific fortify warnings wifi: ath10k: fix clang-specific fortify warning net: annotate data-races around sk->sk_tx_queue_mapping net: annotate data-races around sk->sk_dst_pending_confirm Bluetooth: Fix double free in hci_conn_cleanup platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL selftests/efivarfs: create-read: fix a resource leak crypto: pcrypt - Fix hungtask for PADATA_RESET RDMA/hfi1: Use FIELD_GET() to extract Link Width fs/jfs: Add check for negative db_l2nbperpage fs/jfs: Add validity check for db_maxag and db_agpref jfs: fix array-index-out-of-bounds in dbFindLeaf jfs: fix array-index-out-of-bounds in diAlloc ARM: 9320/1: fix stack depot IRQ stack filter ALSA: hda: Fix possible null-ptr-deref when assigning a stream atm: iphase: Do PCI error checks on own line scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W tty: vcc: Add check for kstrdup() in vcc_probe() usb: gadget: f_ncm: Always set current gadget in ncm_bind() i2c: sun6i-p2wi: Prevent potential division by zero media: gspca: cpia1: shift-out-of-bounds in set_flicker media: vivid: avoid integer overflow gfs2: ignore negated quota changes drm/amd/display: Avoid NULL dereference of timing generator pwm: Fix double shift bug NFSv4.1: fix SP4_MACH_CRED protection for pnfs IO ipvlan: add ipvlan_route_v6_outbound() helper tty: Fix uninit-value access in ppp_sync_receive() tipc: Fix kernel-infoleak due to uninitialized TLV value ppp: limit MRU to 64K xen/events: fix delayed eoi list handling ptp: annotate data-race around q->head and q->tail net: ethernet: cortina: Fix max RX frame define net: ethernet: cortina: Handle large frames net: ethernet: cortina: Fix MTU max setting macvlan: Don't propagate promisc change to lower dev in passthru cifs: spnego: add ';' in HOST_KEY_LEN media: venus: hfi: add checks to perform sanity on queue pointers randstruct: Fix gcc-plugin performance mode to stay in group KVM: x86: Ignore MSR_AMD64_TW_CFG access audit: don't take task_lock() in audit_exe_compare() code path audit: don't WARN_ON_ONCE(!current->mm) in audit_exe_compare() hvc/xen: fix error path in xen_hvc_init() to always register frontend driver PCI/sysfs: Protect driver's D3cold preference from user space mmc: meson-gx: Remove setting of CMD_CFG_ERROR genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware PCI: keystone: Don't discard .remove() callback PCI: keystone: Don't discard .probe() callback parisc/pdc: Add width field to struct pdc_model clk: qcom: ipq8074: drop the CLK_SET_RATE_PARENT flag from PLL clocks mmc: vub300: fix an error code PM: hibernate: Use __get_safe_page() rather than touching the list PM: hibernate: Clean up sync_read handling in snapshot_write_next() jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev quota: explicitly forbid quota files from being encrypted mcb: fix error handling for different scenarios when parsing dmaengine: stm32-mdma: correct desc prep when channel running parisc: Prevent booting 64-bit kernels on PA1.x machines parisc/pgtable: Do not drop upper 5 address bits of physical address ALSA: info: Fix potential deadlock at disconnection ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC tty: serial: meson: if no alias specified use an available id serial: meson: remove redundant initialization of variable id tty: serial: meson: retrieve port FIFO size from DT serial: meson: Use platform_get_irq() to get the interrupt tty: serial: meson: fix hard LOCKUP on crtscts mode net: dsa: lan9303: consequently nested-lock physical MDIO i2c: i801: fix potential race in i801_block_transaction_byte_by_byte media: lirc: drop trailing space from scancode transmit media: sharp: fix sharp encoding media: venus: hfi_parser: Add check to keep the number of codecs within range media: venus: hfi: fix the check to handle session buffer requirement media: venus: hfi: add checks to handle capabilities from firmware Revert "net: r8169: Disable multicast filter for RTL8168H and RTL8107E" ext4: apply umask if ACL support is disabled ext4: correct offset of gdb backup in non meta_bg group to update_backups ext4: correct return value of ext4_convert_meta_bg ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks drm/amdgpu: fix error handling in amdgpu_bo_list_get() scsi: virtio_scsi: limit number of hw queues by nr_cpu_ids iomap: Set all uptodate bits for an Uptodate page net: sched: fix race condition in qdisc_graft() Linux 4.19.300 Change-Id: I21f68d5f5dc85afe62bbc6e9a7aac12faee56621 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Maciej S. Szmigiero
|
2d6cb4cb7f |
KVM: x86: Ignore MSR_AMD64_TW_CFG access
commit 2770d4722036d6bd24bcb78e9cd7f6e572077d03 upstream.
Hyper-V enabled Windows Server 2022 KVM VM cannot be started on Zen1 Ryzen
since it crashes at boot with SYSTEM_THREAD_EXCEPTION_NOT_HANDLED +
STATUS_PRIVILEGED_INSTRUCTION (in other words, because of an unexpected #GP
in the guest kernel).
This is because Windows tries to set bit 8 in MSR_AMD64_TW_CFG and can't
handle receiving a #GP when doing so.
Give this MSR the same treatment that commit
|
||
Mike Rapoport (IBM)
|
9d9b7fa50e |
x86/mm: Drop the 4 MB restriction on minimal NUMA node memory size
[ Upstream commit a1e2b8b36820d8c91275f207e77e91645b7c6836 ]
Qi Zheng reported crashes in a production environment and provided a
simplified example as a reproducer:
| For example, if we use Qemu to start a two NUMA node kernel,
| one of the nodes has 2M memory (less than NODE_MIN_SIZE),
| and the other node has 2G, then we will encounter the
| following panic:
|
| BUG: kernel NULL pointer dereference, address: 0000000000000000
| <...>
| RIP: 0010:_raw_spin_lock_irqsave+0x22/0x40
| <...>
| Call Trace:
| <TASK>
| deactivate_slab()
| bootstrap()
| kmem_cache_init()
| start_kernel()
| secondary_startup_64_no_verify()
The crashes happen because of inconsistency between the nodemask that
has nodes with less than 4MB as memoryless, and the actual memory fed
into the core mm.
The commit:
|
||
Michael Bestas
|
9cd6ae99b7
|
Merge tag 'ASB-2023-11-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona
https://source.android.com/docs/security/bulletin/2023-11-01 * tag 'ASB-2023-11-05_4.19-stable' of https://android.googlesource.com/kernel/common: Reapply "perf: Disallow mis-matched inherited group reads" Revert "perf: Disallow mis-matched inherited group reads" Revert "xfrm: fix a data-race in xfrm_gen_index()" Revert "Bluetooth: hci_core: Fix build warnings" Revert "xfrm: interface: use DEV_STATS_INC()" Linux 4.19.297 xfrm6: fix inet6_dev refcount underflow problem Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name Bluetooth: hci_sock: fix slab oob read in create_monitor_event phy: mapphone-mdm6600: Fix runtime PM for remove ASoC: pxa: fix a memory leak in probe() gpio: vf610: set value before the direction to avoid a glitch s390/pci: fix iommu bitmap allocation perf: Disallow mis-matched inherited group reads USB: serial: option: add Fibocom to DELL custom modem FM101R-GL USB: serial: option: add entry for Sierra EM9191 with new firmware USB: serial: option: add Telit LE910C4-WWX 0x1035 composition ACPI: irq: Fix incorrect return value in acpi_register_gsi() Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" mmc: core: Capture correct oemid-bits for eMMC cards mtd: spinand: micron: correct bitmask for ecc status mtd: rawnand: qcom: Unmap the right resource upon probe failure Bluetooth: hci_event: Fix using memcmp when comparing keys btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c drm: panel-orientation-quirks: Add quirk for One Mix 2S sky2: Make sure there is at least one frag_addr available wifi: cfg80211: avoid leaking stack data into trace wifi: mac80211: allow transmitting EAPOL frames with tainted key Bluetooth: hci_core: Fix build warnings Bluetooth: Avoid redundant authentication HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event tracing: relax trace_event_eval_update() execution with cond_resched() ata: libata-eh: Fix compilation warning in ata_eh_link_report() gpio: timberdale: Fix potential deadlock on &tgpio->lock overlayfs: set ctime when setting mtime and atime i2c: mux: Avoid potential false error message in i2c_mux_add_adapter btrfs: initialize start_slot in btrfs_log_prealloc_extents btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone libceph: use kernel_connect() libceph: fix unaligned accesses in ceph_entity_addr handling net: pktgen: Fix interface flags printing netfilter: nft_set_rbtree: .deactivate fails if element has expired net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve i40e: prevent crash on probe if hw registers have invalid values net: usb: smsc95xx: Fix an error code in smsc95xx_reset() tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb tcp: fix excessive TLP and RACK timeouts from HZ rounding net: rfkill: gpio: prevent value glitch during probe net: ipv6: fix return value check in esp_remove_trailer net: ipv4: fix return value check in esp_remove_trailer xfrm: interface: use DEV_STATS_INC() xfrm: fix a data-race in xfrm_gen_index() netfilter: nft_payload: fix wrong mac header matching KVM: x86: Mask LVTPC when handling a PMI regmap: fix NULL deref on lookup nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Bluetooth: avoid memcmp() out of bounds warning Bluetooth: hci_event: Fix coding style Bluetooth: vhci: Fix race when opening vhci device Bluetooth: Fix a refcnt underflow problem for hci_conn Bluetooth: Reject connection with the device which has same BD_ADDR Bluetooth: hci_event: Ignore NULL link key usb: hub: Guard against accesses to uninitialized BOS descriptors dev_forward_skb: do not scrub skb mark within the same name space x86/alternatives: Disable KASAN in apply_alternatives() powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call usb: gadget: udc-xilinx: replace memcpy with memcpy_toio x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs pinctrl: avoid unsafe code pattern in find_pinctrl() cgroup: Remove duplicates in cgroup v1 tasks file Input: xpad - add PXN V900 support Input: psmouse - fix fast_reconnect function for PS/2 mode Input: powermate - fix use-after-free in powermate_config_complete ceph: fix incorrect revoked caps assert in ceph_fill_file_size() mcb: remove is_added flag from mcb_device struct iio: pressure: ms5611: ms5611_prom_is_valid false negative bug iio: pressure: bmp280: Fix NULL pointer exception usb: musb: Modify the "HWVers" register address usb: musb: Get the musb_qh poniter after musb_giveback usb: dwc3: Soft reset phy on probe for host net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer dmaengine: stm32-mdma: abort resume if no ongoing transfer sched,idle,rcu: Push rcu_idle deeper into the idle path workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() nfc: nci: assert requested protocol is valid net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() ixgbe: fix crash with empty VF macvlan list drm/vmwgfx: fix typo of sizeof argument xen-netback: use default TX queue size for vifs ieee802154: ca8210: Fix a potential UAF in ca8210_probe drm/msm/dsi: skip the wait for video mode done if not applicable drm: etvnaviv: fix bad backport leading to warning net: prevent address rewrite in kernel_bind() quota: Fix slow quotaoff HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect RDMA/cxgb4: Check skb value for failure to allocate net: prevent rewrite of msg_name in sock_sendmsg() net: fix kernel-doc warnings for socket.c net: use indirect calls helpers at the socket layer indirect call wrappers: helpers to speed-up indirect calls of builtin Revert "net: add atomic_long_t to net_device_stats fields" Revert "net: Fix unwanted sign extension in netdev_stats_to_stats64()" Revert "net: bridge: use DEV_STATS_INC()" Linux 4.19.296 xen/events: replace evtchn_rwlock with RCU rtnetlink: Reject negative ifindexes in RTM_NEWLINK Revert "rtnetlink: Reject negative ifindexes in RTM_NEWLINK" dccp: fix dccp_v4_err()/dccp_v6_err() again parisc: Restore __ldcw_align for PA-RISC 2.0 processors RDMA/mlx5: Fix NULL string error RDMA/cma: Fix truncation compilation warning in make_cma_ports gpio: pxa: disable pinctrl calls for MMP_GPIO gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() IB/mlx4: Fix the size of a buffer in add_port_entries() cpupower: add Makefile dependencies for install targets sctp: update hb timer immediately after users change hb_interval sctp: update transport state when processing a dupcook packet tcp: fix delayed ACKs for MSS boundary condition tcp: fix quick-ack counting to count actual ACKs of new data net: stmmac: dwmac-stm32: fix resume on STM32 MCU net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() modpost: add missing else to the "of" check scsi: target: core: Fix deadlock due to recursive locking regmap: rbtree: Fix wrong register marked as in-cache when creating new node drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet ubi: Refuse attaching if mtd's erasesize is 0 net: replace calls to sock->ops->connect() with kernel_connect() wifi: mwifiex: Fix tlv_buf_left calculation qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info scsi: zfcp: Fix a double put in zfcp_port_enqueue() Revert "PCI: qcom: Disable write access to read only registers for IP v2.3.3" media: dvb: symbol fixup for dvb_attach() - again Revert "drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions" ata: libata: disallow dev-initiated LPM transitions to unsupported states ext4: fix rec_len verify error fs: binfmt_elf_efpic: fix personality for ELF-FDPIC ata: libata-sata: increase PMP SRST timeout to 10s ata: libata-core: Do not register PM operations for SAS ports ata: libata-core: Fix port and device removal ata: libata-core: Fix ata_port_request_pm() locking net: thunderbolt: Fix TCPv6 GSO checksum calculation btrfs: properly report 0 avail for very full file systems i2c: i801: unregister tco_pdev in i801_probe() error path ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() serial: 8250_port: Check IRQ data before use smack: Record transmuting in smk_transmuted smack: Retrieve transmuting information in smack_inode_getsecurity() Smack:- Use overlay inode label in smack_inode_copy_up() scsi: megaraid_sas: Enable msix_load_balance for Invader and later controllers net: Fix unwanted sign extension in netdev_stats_to_stats64() watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running watchdog: iTCO_wdt: No need to stop the timer in probe nvme-pci: do not set the NUMA node of device if it has none fbdev/sh7760fb: Depend on FB=y bpf: Clarify error expectations from bpf_clone_redirect ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() ring-buffer: Avoid softlockup in ring_buffer_resize() selftests/ftrace: Correctly enable event in instance-event.tc parisc: irq: Make irq_stack_union static to avoid sparse warning parisc: drivers: Fix sparse warning parisc: iosapic.c: Fix sparse warnings parisc: sba: Fix compile warning wrt list of SBA devices gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot clk: tegra: fix error return case for recalc_rate MIPS: Alchemy: only build mmc support helpers if au1xmmc is enabled ext4: do not let fstrim block system suspend ext4: move setting of trimmed bit into ext4_try_to_trim_range() ext4: replace the traditional ternary conditional operator with with max()/min() ext4: mark group as trimmed only if it was fully scanned ext4: change s_last_trim_minblks type to unsigned long ext4: scope ret locally in ext4_try_to_trim_range() ext4: add new helper interface ext4_try_to_trim_range() ext4: remove the 'group' parameter of ext4_trim_extent scsi: megaraid_sas: Fix deadlock on firmware crashdump scsi: megaraid_sas: Load balance completions across all MSI-X scsi: qla2xxx: Remove unsupported ql2xenabledif option scsi: qla2xxx: Add protection mask module parameters Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() team: fix null-ptr-deref when team device type is changed net: bridge: use DEV_STATS_INC() net: add atomic_long_t to net_device_stats fields net: hns3: add 5ms delay before clear firmware reset irq source powerpc/perf/hv-24x7: Update domain value check ipv4: fix null-deref in ipv4_link_failure selftests: tls: swap the TX and RX sockets in some tests selftests/tls: Add {} to avoid static checker warning netfilter: nf_tables: disallow element removal on anonymous sets ata: libahci: clear pending interrupt status ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones NFS/pNFS: Report EINVAL errors from connect() to the server ANDROID: ALSA: jack: Revert mismerge done in v4.19.291 Conflicts: include/net/tcp.h kernel/events/core.c kernel/sched/idle.c Change-Id: I141cc494dcfda5fbd11f8bd2f7166bf3bf157084 |
||
Greg Kroah-Hartman
|
4f5e88e555 |
This is the 4.19.298 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmVLYWMACgkQONu9yGCS aT7TWxAArWfLx5B55f2sGj/cDvs2xil315t1p/uhXCtgcstc/E+lxRipw3Bi3B0g IwoBHoxteAhHVzscTJUypzi/lzNdKuIoNvtD/IxpIt/vcP2T/JMBVzrMTsClGkDI xnaMq51lWT6Kpc3zt0k4EeAA9ifAeM45kIbZlPooJ15D6zuCLLMGdKiai8eYbOkM X65dzw2FxtCvIP3FfBxr4opRsWmkXSxD7diRVe4XPE/RyLFePPMitFg/NvpK/QLW +3aR6n0hhafvsYBE3T2+mb2A408uK7nT4aup25k9JF/RKhSzU2ZKTTZEtp92pZBr pHiUGa2bitYryBvSt69wRRamqctonrwXcW0FCAX+JxxujcfBmSR/z1GudQEbKBm8 ALY2vgoDHeilbVxUCVGqnBpvu8NgwBw7J3z5S5m913X2CtMpeotvGzgksEE+gzdV Dw+l6bhj0vxAveYEgA5WVritymrh9NFNPQh32zeMG6FCcQCzuUd3gZPDECjcgFji keK3e71vjVemvgsvwAyx1WPpD0KDwjqZCAUL39Zmc7gQUzLZx8E2ujTIabefwJIA L3RQHFsVE141FojccKFpHhF/5ne6qAv74ZlXz0DBxstgx/acUCxqN7XJSVZw7OHN bpF3F3KNv1xOpN28rh+4Qjzds4TKQ+de9OEVJA3ZG2QuUqoFWXE= =013M -----END PGP SIGNATURE----- Merge 4.19.298 into android-4.19-stable Changes in 4.19.298 mmc: sdio: Don't re-initialize powered-on removable SDIO cards at resume mmc: core: sdio: hold retuning if sdio in 1-bit mode selftests/ftrace: Add new test case which checks non unique symbol mcb: Return actual parsed size when reading chameleon table mcb-lpc: Reallocate memory region to avoid memory overlapping virtio_balloon: Fix endless deflation and inflation on arm64 virtio-mmio: fix memory leak of vm_dev r8169: rename r8169.c to r8169_main.c r8169: fix the KCSAN reported data-race in rtl_tx while reading TxDescArray[entry].opts1 r8169: fix the KCSAN reported data race in rtl_rx while reading desc->opts1 treewide: Spelling fix in comment igb: Fix potential memory leak in igb_add_ethtool_nfc_entry gtp: fix fragmentation needed check with gso i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() i2c: stm32f7: Fix PEC handling in case of SMBUS transfers nvmem: imx: correct nregs for i.MX6SLL nvmem: imx: correct nregs for i.MX6UL perf/core: Fix potential NULL deref iio: exynos-adc: request second interupt only when touchscreen mode is used x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility NFS: Don't call generic_error_remove_page() while holding locks ARM: 8933/1: replace Sun/Solaris style flag on section directive drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() arm64: fix a concurrency issue in emulation_proc_handler() kobject: Fix slab-out-of-bounds in fill_kobj_path() smbdirect: missing rc checks while waiting for rdma events f2fs: fix to do sanity check on inode type during garbage collection nfsd: lock_rename() needs both directories to live on the same fs x86/mm: Simplify RESERVE_BRK() x86/mm: Fix RESERVE_BRK() for older binutils driver: platform: Add helper for safer setting of driver_override rpmsg: Constify local variable in field store macro rpmsg: Fix kfree() of static memory on setting driver_override rpmsg: Fix calling device_lock() on non-initialized device rpmsg: glink: Release driver_override rpmsg: Fix possible refcount leak in rpmsg_register_device_override() x86: Fix .brk attribute in linker script MAINTAINERS: r8169: Update path to the driver ASoC: simple-card: fixup asoc_simple_probe() error handling Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table irqchip/stm32-exti: add missing DT IRQ flag translation dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport fbdev: atyfb: only use ioremap_uc() on i386 and ia64 netfilter: nfnetlink_log: silence bogus compiler warning ASoC: rt5650: fix the wrong result of key button fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() scsi: mpt3sas: Fix in error path platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e net: chelsio: cxgb4: add an error code check in t4_load_phy_fw ata: ahci: fix enum constants for gcc-13 remove the sx8 block driver PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device usb: storage: set 1.50 as the lower bcdDevice for older "Super Top" compatibility tty: 8250: Remove UC-257 and UC-431 tty: 8250: Add support for additional Brainboxes UC cards tty: 8250: Add support for Brainboxes UP cards tty: 8250: Add support for Intashield IS-100 Linux 4.19.298 Change-Id: Ifb32a27a5d614f8234d0fb282c57304fdd2ce5de Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Juergen Gross
|
06fd365d69 |
x86: Fix .brk attribute in linker script
commit 7e09ac27f43b382f5fe9bb7c7f4c465ece1f8a23 upstream. Commit in Fixes added the "NOLOAD" attribute to the .brk section as a "failsafe" measure. Unfortunately, this leads to the linker no longer covering the .brk section in a program header, resulting in the kernel loader not knowing that the memory for the .brk section must be reserved. This has led to crashes when loading the kernel as PV dom0 under Xen, but other scenarios could be hit by the same problem (e.g. in case an uncompressed kernel is used and the initrd is placed directly behind it). So drop the "NOLOAD" attribute. This has been verified to correctly cover the .brk section by a program header of the resulting ELF file. Fixes: e32683c6f7d2 ("x86/mm: Fix RESERVE_BRK() for older binutils") Signed-off-by: Juergen Gross <jgross@suse.com> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Josh Poimboeuf <jpoimboe@kernel.org> Link: https://lore.kernel.org/r/20220630071441.28576-4-jgross@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Josh Poimboeuf
|
7bcf835ef5 |
x86/mm: Fix RESERVE_BRK() for older binutils
commit e32683c6f7d22ba624e0bfc58b02cf3348bdca63 upstream. With binutils 2.26, RESERVE_BRK() causes a build failure: /tmp/ccnGOKZ5.s: Assembler messages: /tmp/ccnGOKZ5.s:98: Error: missing ')' /tmp/ccnGOKZ5.s:98: Error: missing ')' /tmp/ccnGOKZ5.s:98: Error: missing ')' /tmp/ccnGOKZ5.s:98: Error: junk at end of line, first unrecognized character is `U' The problem is this line: RESERVE_BRK(early_pgt_alloc, INIT_PGT_BUF_SIZE) Specifically, the INIT_PGT_BUF_SIZE macro which (via PAGE_SIZE's use _AC()) has a "1UL", which makes older versions of the assembler unhappy. Unfortunately the _AC() macro doesn't work for inline asm. Inline asm was only needed here to convince the toolchain to add the STT_NOBITS flag. However, if a C variable is placed in a section whose name is prefixed with ".bss", GCC and Clang automatically set STT_NOBITS. In fact, ".bss..page_aligned" already relies on this trick. So fix the build failure (and simplify the macro) by allocating the variable in C. Also, add NOLOAD to the ".brk" output section clause in the linker script. This is a failsafe in case the ".bss" prefix magic trick ever stops working somehow. If there's a section type mismatch, the GNU linker will force the ".brk" output section to be STT_NOBITS. The LLVM linker will fail with a "section type mismatch" error. Note this also changes the name of the variable from .brk.##name to __brk_##name. The variable names aren't actually used anywhere, so it's harmless. Fixes: a1e2c031ec39 ("x86/mm: Simplify RESERVE_BRK()") Reported-by: Joe Damato <jdamato@fastly.com> Reported-by: Byungchul Park <byungchul.park@lge.com> Signed-off-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Tested-by: Joe Damato <jdamato@fastly.com> Link: https://lore.kernel.org/r/22d07a44c80d8e8e1e82b9a806ddc8c6bbb2606e.1654759036.git.jpoimboe@kernel.org [nathan: Fix conflict due to lack of 360db4ace311 and resolve silent conflict with 360db4ace3117] Signed-off-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Josh Poimboeuf
|
478de154d7 |
x86/mm: Simplify RESERVE_BRK()
commit a1e2c031ec3949b8c039b739c0b5bf9c30007b00 upstream. RESERVE_BRK() reserves data in the .brk_reservation section. The data is initialized to zero, like BSS, so the macro specifies 'nobits' to prevent the data from taking up space in the vmlinux binary. The only way to get the compiler to do that (without putting the variable in .bss proper) is to use inline asm. The macro also has a hack which encloses the inline asm in a discarded function, which allows the size to be passed (global inline asm doesn't allow inputs). Remove the need for the discarded function hack by just stringifying the size rather than supplying it as an input to the inline asm. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Borislav Petkov <bp@suse.de> Reviewed-by: Borislav Petkov <bp@suse.de> Link: https://lore.kernel.org/r/20220506121631.133110232@infradead.org [nathan: Fix conflict due to lack of 2b6ff7dea670 and 33def8498fdd] Signed-off-by: Nathan Chancellor <nathan@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Thomas Gleixner
|
c1a4390ec8 |
x86/i8259: Skip probing when ACPI/MADT advertises PCAT compatibility
commit 128b0c9781c9f2651bea163cb85e52a6c7be0f9e upstream.
David and a few others reported that on certain newer systems some legacy
interrupts fail to work correctly.
Debugging revealed that the BIOS of these systems leaves the legacy PIC in
uninitialized state which makes the PIC detection fail and the kernel
switches to a dummy implementation.
Unfortunately this fallback causes quite some code to fail as it depends on
checks for the number of legacy PIC interrupts or the availability of the
real PIC.
In theory there is no reason to use the PIC on any modern system when
IO/APIC is available, but the dependencies on the related checks cannot be
resolved trivially and on short notice. This needs lots of analysis and
rework.
The PIC detection has been added to avoid quirky checks and force selection
of the dummy implementation all over the place, especially in VM guest
scenarios. So it's not an option to revert the relevant commit as that
would break a lot of other scenarios.
One solution would be to try to initialize the PIC on detection fail and
retry the detection, but that puts the burden on everything which does not
have a PIC.
Fortunately the ACPI/MADT table header has a flag field, which advertises
in bit 0 that the system is PCAT compatible, which means it has a legacy
8259 PIC.
Evaluate that bit and if set avoid the detection routine and keep the real
PIC installed, which then gets initialized (for nothing) and makes the rest
of the code with all the dependencies work again.
Fixes:
|
||
Greg Kroah-Hartman
|
24a799db09 |
This is the 4.19.297 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmU43RMACgkQONu9yGCS aT6DURAAlNjp1I2Hi2sO/hvlYcY6vkZHAIDof1SXqJkthU4Chd8fvinjxbHTcuRd vYGBB/u+fTjKiyRYFYiK2vLVQsD2YBIuP+bQtK3v1s+62qarGf+ahbFqRRlHIoRR dE3rglx7SMITaZPdq4KFuC1etM206+JR0yU7lTcdLocNQRmZv9DEnVTq6SGLebUB C0l+CaHy7F1yn1uuBVJi/gJH1+obTHyAViJzKY38E2Nevq8a0rUZd6V0xfGHUFue x41NX+pjUkaAyH8qKahFxdIuabE/oNBjt6ZqEmceu2bOrjFI36a3r2/XYfqNxkD8 HT9qEz+jY0ig2Zj4TdGcjrm58Ck3ZjTS9RBodeaYBYlqz/EnlR8Qk7kspfXGACF9 iy5WcL0iSMbC3o5dy17k2Dhh6G9ZmhLlpzXuHlLvfM3U1dlO0aa48LhAO7MTNu6N Abdyfqv1q4tSqsixUyVe2MQqAoZ7Px1FJRq5l24xvqKljNKFOgBnw9sjKfcRfG1K O2F1dvEzLjFNxn7P+iZMfdoyg2Hf+GQ0gtLmq9fK04uAGW8UQRu51efJmujLZ42b XVeAI4iw+uR1bFt9YI+WeAx3vg/lzP768+2YPf0zWUDf2k7RORvnP4XUZbddajet fhqakuVIORwc53IM5m2XtMs7N88sWFrprbqjyoUPJYcgpzQyyOo= =0+07 -----END PGP SIGNATURE----- Merge 4.19.297 into android-4.19-stable Changes in 4.19.297 indirect call wrappers: helpers to speed-up indirect calls of builtin net: use indirect calls helpers at the socket layer net: fix kernel-doc warnings for socket.c net: prevent rewrite of msg_name in sock_sendmsg() RDMA/cxgb4: Check skb value for failure to allocate HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect quota: Fix slow quotaoff net: prevent address rewrite in kernel_bind() drm: etvnaviv: fix bad backport leading to warning drm/msm/dsi: skip the wait for video mode done if not applicable ieee802154: ca8210: Fix a potential UAF in ca8210_probe xen-netback: use default TX queue size for vifs drm/vmwgfx: fix typo of sizeof argument ixgbe: fix crash with empty VF macvlan list net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() nfc: nci: assert requested protocol is valid workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() sched,idle,rcu: Push rcu_idle deeper into the idle path dmaengine: stm32-mdma: abort resume if no ongoing transfer usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read usb: dwc3: Soft reset phy on probe for host usb: musb: Get the musb_qh poniter after musb_giveback usb: musb: Modify the "HWVers" register address iio: pressure: bmp280: Fix NULL pointer exception iio: pressure: ms5611: ms5611_prom_is_valid false negative bug mcb: remove is_added flag from mcb_device struct ceph: fix incorrect revoked caps assert in ceph_fill_file_size() Input: powermate - fix use-after-free in powermate_config_complete Input: psmouse - fix fast_reconnect function for PS/2 mode Input: xpad - add PXN V900 support cgroup: Remove duplicates in cgroup v1 tasks file pinctrl: avoid unsafe code pattern in find_pinctrl() x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs usb: gadget: udc-xilinx: replace memcpy with memcpy_toio usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() x86/alternatives: Disable KASAN in apply_alternatives() dev_forward_skb: do not scrub skb mark within the same name space usb: hub: Guard against accesses to uninitialized BOS descriptors Bluetooth: hci_event: Ignore NULL link key Bluetooth: Reject connection with the device which has same BD_ADDR Bluetooth: Fix a refcnt underflow problem for hci_conn Bluetooth: vhci: Fix race when opening vhci device Bluetooth: hci_event: Fix coding style Bluetooth: avoid memcmp() out of bounds warning nfc: nci: fix possible NULL pointer dereference in send_acknowledge() regmap: fix NULL deref on lookup KVM: x86: Mask LVTPC when handling a PMI netfilter: nft_payload: fix wrong mac header matching xfrm: fix a data-race in xfrm_gen_index() xfrm: interface: use DEV_STATS_INC() net: ipv4: fix return value check in esp_remove_trailer net: ipv6: fix return value check in esp_remove_trailer net: rfkill: gpio: prevent value glitch during probe tcp: fix excessive TLP and RACK timeouts from HZ rounding tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb net: usb: smsc95xx: Fix an error code in smsc95xx_reset() i40e: prevent crash on probe if hw registers have invalid values net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve netfilter: nft_set_rbtree: .deactivate fails if element has expired net: pktgen: Fix interface flags printing libceph: fix unaligned accesses in ceph_entity_addr handling libceph: use kernel_connect() ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 btrfs: initialize start_slot in btrfs_log_prealloc_extents i2c: mux: Avoid potential false error message in i2c_mux_add_adapter overlayfs: set ctime when setting mtime and atime gpio: timberdale: Fix potential deadlock on &tgpio->lock ata: libata-eh: Fix compilation warning in ata_eh_link_report() tracing: relax trace_event_eval_update() execution with cond_resched() HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event Bluetooth: Avoid redundant authentication Bluetooth: hci_core: Fix build warnings wifi: mac80211: allow transmitting EAPOL frames with tainted key wifi: cfg80211: avoid leaking stack data into trace sky2: Make sure there is at least one frag_addr available drm: panel-orientation-quirks: Add quirk for One Mix 2S btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c Bluetooth: hci_event: Fix using memcmp when comparing keys mtd: rawnand: qcom: Unmap the right resource upon probe failure mtd: spinand: micron: correct bitmask for ecc status mmc: core: Capture correct oemid-bits for eMMC cards Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()" ACPI: irq: Fix incorrect return value in acpi_register_gsi() USB: serial: option: add Telit LE910C4-WWX 0x1035 composition USB: serial: option: add entry for Sierra EM9191 with new firmware USB: serial: option: add Fibocom to DELL custom modem FM101R-GL perf: Disallow mis-matched inherited group reads s390/pci: fix iommu bitmap allocation gpio: vf610: set value before the direction to avoid a glitch ASoC: pxa: fix a memory leak in probe() phy: mapphone-mdm6600: Fix runtime PM for remove Bluetooth: hci_sock: fix slab oob read in create_monitor_event Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name xfrm6: fix inet6_dev refcount underflow problem Linux 4.19.297 Change-Id: I495e8b8fbb6416ec3f94094fa905bdde364618b4 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jim Mattson
|
79f52485a0 |
KVM: x86: Mask LVTPC when handling a PMI
commit a16eb25b09c02a54c1c1b449d4b6cfa2cf3f013a upstream.
Per the SDM, "When the local APIC handles a performance-monitoring
counters interrupt, it automatically sets the mask flag in the LVT
performance counter register." Add this behavior to KVM's local APIC
emulation.
Failure to mask the LVTPC entry results in spurious PMIs, e.g. when
running Linux as a guest, PMI handlers that do a "late_ack" spew a large
number of "dazed and confused" spurious NMI warnings.
Fixes:
|
||
Kirill A. Shutemov
|
3719d3c36a |
x86/alternatives: Disable KASAN in apply_alternatives()
commit d35652a5fc9944784f6f50a5c979518ff8dacf61 upstream.
Fei has reported that KASAN triggers during apply_alternatives() on
a 5-level paging machine:
BUG: KASAN: out-of-bounds in rcu_is_watching()
Read of size 4 at addr ff110003ee6419a0 by task swapper/0/0
...
__asan_load4()
rcu_is_watching()
trace_hardirqs_on()
text_poke_early()
apply_alternatives()
...
On machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)
gets patched. It includes KASAN code, where KASAN_SHADOW_START depends on
__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().
KASAN gets confused when apply_alternatives() patches the
KASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START
static, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.
Fix it for real by disabling KASAN while the kernel is patching alternatives.
[ mingo: updated the changelog ]
Fixes:
|
||
Borislav Petkov (AMD)
|
05868a16aa |
x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs
commit f454b18e07f518bcd0c05af17a2239138bff52de upstream. Fix erratum #1485 on Zen4 parts where running with STIBP disabled can cause an #UD exception. The performance impact of the fix is negligible. Reported-by: René Rebe <rene@exactcode.de> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Tested-by: René Rebe <rene@exactcode.de> Cc: <stable@kernel.org> Link: https://lore.kernel.org/r/D99589F4-BC5D-430B-87B2-72C20370CF57@exactcode.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Michael Bestas
|
dd55724109
|
Merge tag 'ASB-2023-10-06_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona
https://source.android.com/docs/security/bulletin/2023-10-01 * tag 'ASB-2023-10-06_4.19-stable' of https://android.googlesource.com/kernel/common: UPSTREAM: net/sched: sch_hfsc: Ensure inner classes have fsc curve UPSTREAM: net: sched: sch_qfq: Fix UAF in qfq_dequeue() Linux 4.19.295 net/sched: Retire rsvp classifier net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller nfsd: fix change_info in NFSv4 RENAME replies btrfs: fix lockdep splat and potential deadlock after failure running delayed items attr: block mode changes of symlinks md/raid1: fix error: ISO C90 forbids mixed declarations kobject: Add sanity check for kset->kobj.ktype in kset_register() media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning serial: cpm_uart: Avoid suspicious locking scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc media: pci: cx23885: replace BUG with error return media: tuners: qt1010: replace BUG_ON with a regular error iio: core: Use min() instead of min_t() to make code more robust media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() media: anysee: fix null-ptr-deref in anysee_master_xfer media: af9005: Fix null-ptr-deref in af9005_i2c_xfer media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer powerpc/pseries: fix possible memory leak in ibmebus_bus_init() jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() ext2: fix datatype of block number in ext2_xattr_set2() md: raid1: fix potential OOB in raid1_remove_disk() drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() alx: fix OOB-read compiler warning tpm_tis: Resend command to recover from data transfer errors crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() wifi: mwifiex: fix fortify warning wifi: ath9k: fix printk specifier hw_breakpoint: fix single-stepping when using bpf_overflow_handler ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer btrfs: output extra debug info if we failed to find an inline backref autofs: fix memory leak of waitqueues in autofs_catatonic_mode parisc: Drop loops_per_jiffy from per_cpu struct drm/amd/display: Fix a bug when searching for insert_above_mpcc kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). ixgbe: fix timestamp configuration code kcm: Fix memory leak in error path of kcm_sendmsg() net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() perf hists browser: Fix hierarchy mode header mtd: rawnand: brcmnand: Fix potential false time out warning mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write mtd: rawnand: brcmnand: Fix crash during the panic_write btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART ata: pata_ftide010: Add missing MODULE_DESCRIPTION ata: sata_gemini: Add missing MODULE_DESCRIPTION netfilter: nfnetlink_osf: avoid OOB read idr: fix param name in idr_alloc_cyclic() doc igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 kcm: Destroy mutex in kcm_exit_net() net: sched: sch_qfq: Fix UAF in qfq_dequeue() af_unix: Fix data race around sk->sk_err. af_unix: Fix data-races around sk->sk_shutdown. af_unix: Fix data-race around unix_tot_inflight. af_unix: Fix data-races around user->unix_inflight. net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr veth: Fixing transmit return status for dropped packets igb: disable virtualization features on 82580 net: read sk->sk_family once in sk_mc_loop() pwm: lpc32xx: Remove handling of PWM channels watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() kconfig: fix possible buffer overflow NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info soc: qcom: qmi_encdec: Restrict string length in decode clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock parisc: led: Reduce CPU overhead for disk & lan LED computation parisc: led: Fix LAN receive and transmit LEDs drm/ast: Fix DRAM init on AST2200 fbdev/ep93xx-fb: Do not assign to struct fb_info.dev scsi: qla2xxx: Turn off noisy message log scsi: qla2xxx: fix inconsistent TMF timeout udf: initialize newblock to 0 usb: typec: tcpci: clear the fault status bit serial: sc16is7xx: fix broken port 0 uart init sc16is7xx: Set iobase to device index PCI/ATS: Add inline to pci_prg_resp_pasid_required() pstore/ram: Check start of empty przs during init net: handle ARPHRD_PPP in dev_is_mac_header_xmit() X.509: if signature is unsupported skip validation cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug crypto: stm32 - fix loop iterating through scatterlist for DMA dccp: Fix out of bounds access in DCCP error handler dlm: fix plock lookup when using multiple lockspaces parisc: Fix /proc/cpuinfo output for lscpu procfs: block chmod on /proc/thread-self/comm Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" ntb: Fix calculation ntb_transport_tx_free_entry() ntb: Clean up tx tail index on link down ntb: Drop packets when qp link is down media: dvb: symbol fixup for dvb_attach() backlight/lv5207lp: Compare against struct fb_info.device backlight/bd6107: Compare against struct fb_info.device backlight/gpio_backlight: Compare against struct fb_info.device ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() ipmi_si: fix a memleak in try_smi_init() ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl PM / devfreq: Fix leak in devfreq_dev_release() igb: set max size RX buffer when store bad packet is enabled skbuff: skb_segment, Call zero copy functions before using skbuff frags netfilter: xt_sctp: validate the flag_info count netfilter: xt_u32: validate user space input netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU dmaengine: ste_dma40: Add missing IRQ check in d40_probe um: Fix hostaudio build errors arch: um: drivers: Kconfig: pedantic formatting rpmsg: glink: Add check for kstrdup HID: multitouch: Correct devm device reference for hidinput input_dev name Revert "IB/isert: Fix incorrect release of isert connection" amba: bus: fix refcount leak serial: tegra: handle clk prepare error in tegra_uart_hw_init() scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock scsi: core: Use 32-bit hostnum in scsi_host_lookup() cgroup:namespace: Remove unused cgroup_namespaces_init() media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors media: ov2680: Fix vflip / hflip set functions media: ov2680: Fix ov2680_bayer_order() media: ov2680: Remove auto-gain and auto-exposure controls media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips USB: gadget: f_mass_storage: Fix unused variable warning media: go7007: Remove redundant if statement IB/uverbs: Fix an potential error pointer dereference dma-buf/sync_file: Fix docs syntax scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly x86/APM: drop the duplicate APM_MINOR_DEV macro scsi: qla4xxx: Add length check when parsing nlattrs scsi: be2iscsi: Add length check when parsing nlattrs scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() media: mediatek: vcodec: Return NULL if no vdec_fb is found media: cx24120: Add retval check for cx24120_message_send() media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() media: dib7000p: Fix potential division by zero drivers: usb: smsusb: fix error handling code in smsusb_init_device media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() media: v4l2-fwnode: simplify v4l2_fwnode_parse_link media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling media: Use of_node_name_eq for node name comparisons NFSD: da_addr_body field missing in some GETDEVICEINFO replies fs: lockd: avoid possible wrong NULL parameter jfs: validate max amount of blocks before allocation. powerpc/iommu: Fix notifiers being shared by PCI and VIO buses nfs/blocklayout: Use the passed in gfp flags wifi: ath10k: Use RMW accessors for changing LNKCTL drm/radeon: Use RMW accessors for changing LNKCTL drm/radeon: Prefer pcie_capability_read_word() drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions drm/radeon: Correct Transmit Margin masks drm/amdgpu: Use RMW accessors for changing LNKCTL drm/amdgpu: Prefer pcie_capability_read_word() drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions drm/amdgpu: Correct Transmit Margin masks PCI: Add #defines for Enter Compliance, Transmit Margin PCI: Decode PCIe 32 GT/s link speed PCI: Cleanup register definition width and whitespace PCI/ATS: Add pci_prg_resp_pasid_required() interface. PCI/ASPM: Use RMW accessors for changing LNKCTL PCI: pciehp: Use RMW accessors for changing LNKCTL PCI: Mark NVIDIA T4 GPUs to avoid bus reset clk: sunxi-ng: Modify mismatched function name drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() ALSA: ac97: Fix possible error value of *rac97 of: unittest: Fix overlay type in apply/revert check audit: fix possible soft lockup in __audit_inode_child() smackfs: Prevent underflow in smk_set_cipso() drm/msm/mdp5: Don't leak some plane state drm/msm: Replace drm_framebuffer_{un/reference} with put, get functions of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() drm/tegra: dpaux: Fix incorrect return value of platform_get_irq drm/tegra: Remove superfluous error messages around platform_get_irq() ARM: dts: BCM53573: Fix Ethernet info for Luxul devices drm: adv7511: Fix low refresh rate register for ADV7533/5 ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 ARM: dts: s5pv210: correct ethernet unit address in SMDKV210 ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210 ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210 ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) ARM: dts: s3c64xx: align pinctrl with dtschema ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410 ARM: dts: s3c6410: move fixed clocks under root node in Mini6410 ARM: dts: BCM53573: Use updated "spi-gpio" binding properties ARM: dts: BCM53573: Add cells sizes to PCIe node ARM: dts: BCM53573: Drop nonexistent #usb-cells ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller arm64: dts: msm8996: thermal: Add interrupt support quota: fix dqput() to follow the guarantees dquot_srcu should provide quota: add new helper dquot_active() quota: rename dquot_active() to inode_quota_active() quota: factor out dquot_write_dquot() quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list quota: add dqi_dirty_list description to comment of Dquot List Management netrom: Deny concurrent connect(). net/sched: sch_hfsc: Ensure inner classes have fsc curve net: arcnet: Do not call kfree_skb() under local_irq_disable() wifi: ath9k: use IS_ERR() with debugfs_create_dir() wifi: mwifiex: avoid possible NULL skb pointer dereference wifi: ath9k: protect WMI command response buffer replacement with a lock wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx wifi: mwifiex: Fix missed return in oob checks failed path wifi: mwifiex: fix memory leak in mwifiex_histogram_read() fs: ocfs2: namei: check return value of ocfs2_add_entry() lwt: Check LWTUNNEL_XMIT_CONTINUE strictly crypto: caam - fix unchecked return value error Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() wifi: mwifiex: fix error recovery in PCIE buffer descriptor management mwifiex: switch from 'pci_' to 'dma_' API mwifiex: drop 'set_consistent_dma_mask' log message wifi: mwifiex: Fix OOB and integer underflow when rx packets can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() regmap: rbtree: Use alloc_flags for memory allocations tcp: tcp_enter_quickack_mode() should be static bpf: Clear the probe_addr for uprobe cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() fs: Fix error checking for d_hash_and_lookup() netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation netfilter: nft_flow_offload: fix underflow in flowtable reference counter new helper: lookup_positive_unlocked() eventfd: prevent underflow for eventfd semaphores eventfd: Export eventfd_ctx_do_read() reiserfs: Check the return value from __getblk() Revert "net: macsec: preserve ingress frame ordering" udf: Handle error when adding extent to a file udf: Check consistency of Space Bitmap Descriptor powerpc/32s: Fix assembler warning about r0 powerpc/32: Include .branch_lt in data section net: Avoid address overwrite in kernel_connect ALSA: seq: oss: Fix racy open/close of MIDI devices cifs: add a warning when the in-flight count goes negative sctp: handle invalid error codes without calling BUG() bnx2x: fix page fault following EEH recovery netlabel: fix shift wrapping bug in netlbl_catmap_setlong() scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM net: usb: qmi_wwan: add Quectel EM05GV2 security: keys: perform capable check only on privileged operations platform/x86: intel: hid: Always call BTNL ACPI method ASoC: atmel: Fix the 8K sample parameter in I2SC master ASoc: codecs: ES8316: Fix DMIC config fs/nls: make load_nls() take a const parameter s390/dasd: fix hanging device after request requeue s390/dasd: use correct number of retries for ERP requests m68k: Fix invalid .section syntax vxlan: generalize vxlan_parse_gpe_hdr and remove unused args ethernet: atheros: fix return value check in atl1c_tso_csum() ASoC: da7219: Check for failure reading AAD IRQ events ASoC: da7219: Flush pending AAD IRQ when suspending 9p: virtio: make sure 'offs' is initialized in zc_request pinctrl: amd: Don't show `Invalid config param` errors nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() fsi: master-ast-cf: Add MODULE_FIRMWARE macro serial: sc16is7xx: fix bug when first setting GPIO direction Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition HID: wacom: remove the battery when the EKR is off USB: serial: option: add FOXCONN T99W368/T99W373 product USB: serial: option: add Quectel EM05G variant (0x030e) modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff mmc: au1xmmc: force non-modular build and remove symbol_get usage ARM: pxa: remove use of symbol_get() erofs: ensure that the post-EOF tails are all zeroed Conflicts: include/net/tcp.h Change-Id: Ia73d7be3d6cae8d4fd38da7c6d85a977840872d3 |
||
Greg Kroah-Hartman
|
501b721387 |
This is the 4.19.295 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmUOpmEACgkQONu9yGCS aT6vSQ/8D3yjJUYiUnHkiSzTMZHAtwR5qk0jCsqw1Xlr+XVouGCG/wpk8z7ckT6W 4gsG5+QvuB4SfWXmbIn/rPApqQdQSiTicOfHrev705v0U+ib+kw1vgBKv38qkOlI EZKuo7Ir1vZUnqghw9uIGperU3kEAt2EvWK37EBryukDoxbzDGIctOvAN7KMMbAJ jPQciVOOAJrNNdgPOSrxs1OCdAkEYlDaNuBZ+9j/HjNQLB9KtdtsJ50gerCPA4rS oKpZhnx9VJYXI9szor3T7q71iNfpJeL+mOrnpCSFVAFCPkesXQ+MG/GdgJJQDCMJ 9VF12W6rpqVcKfYFdPX9WevkqMfHRpE4brotDQx36rpUwVFcP7HClJ2zE3p36QWV Mfu4O31ZNkLUF8SmFXc3JXVyrwe/ARiha9nLH9VKZ7cSHoYUKlO4NeSGyHjz5J99 RErBGpea7SgHTSLk30+sHaB3zhdUZyv8ej++zjTG9QA8bRbMp97I9psQ7FWhWDng l6f87mdta1X76OJJPkL3yZfbiB/M58e514ptbDNhu4cnH/S6aB6I3K5IYVtfZI/9 zESuavKEUks+Ng1vBUGsPGN/eHDaPWUkl7HewP7WXRDOQUjaIX/0saeaSiUFYNI7 UYa72hD9fKMblkwxIl75ybI/WZRgw9fyrQeGG0DfX3t6kt6BhHM= =bQT4 -----END PGP SIGNATURE----- Merge 4.19.295 into android-4.19-stable Changes in 4.19.295 erofs: ensure that the post-EOF tails are all zeroed ARM: pxa: remove use of symbol_get() mmc: au1xmmc: force non-modular build and remove symbol_get usage rtc: ds1685: use EXPORT_SYMBOL_GPL for ds1685_rtc_poweroff modules: only allow symbol_get of EXPORT_SYMBOL_GPL modules USB: serial: option: add Quectel EM05G variant (0x030e) USB: serial: option: add FOXCONN T99W368/T99W373 product HID: wacom: remove the battery when the EKR is off Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition serial: sc16is7xx: fix bug when first setting GPIO direction fsi: master-ast-cf: Add MODULE_FIRMWARE macro nilfs2: fix general protection fault in nilfs_lookup_dirty_data_buffers() nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse pinctrl: amd: Don't show `Invalid config param` errors 9p: virtio: make sure 'offs' is initialized in zc_request ASoC: da7219: Flush pending AAD IRQ when suspending ASoC: da7219: Check for failure reading AAD IRQ events ethernet: atheros: fix return value check in atl1c_tso_csum() vxlan: generalize vxlan_parse_gpe_hdr and remove unused args m68k: Fix invalid .section syntax s390/dasd: use correct number of retries for ERP requests s390/dasd: fix hanging device after request requeue fs/nls: make load_nls() take a const parameter ASoc: codecs: ES8316: Fix DMIC config ASoC: atmel: Fix the 8K sample parameter in I2SC master platform/x86: intel: hid: Always call BTNL ACPI method security: keys: perform capable check only on privileged operations net: usb: qmi_wwan: add Quectel EM05GV2 idmaengine: make FSL_EDMA and INTEL_IDMA64 depends on HAS_IOMEM scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock netlabel: fix shift wrapping bug in netlbl_catmap_setlong() bnx2x: fix page fault following EEH recovery sctp: handle invalid error codes without calling BUG() cifs: add a warning when the in-flight count goes negative ALSA: seq: oss: Fix racy open/close of MIDI devices net: Avoid address overwrite in kernel_connect powerpc/32: Include .branch_lt in data section powerpc/32s: Fix assembler warning about r0 udf: Check consistency of Space Bitmap Descriptor udf: Handle error when adding extent to a file Revert "net: macsec: preserve ingress frame ordering" reiserfs: Check the return value from __getblk() eventfd: Export eventfd_ctx_do_read() eventfd: prevent underflow for eventfd semaphores new helper: lookup_positive_unlocked() netfilter: nft_flow_offload: fix underflow in flowtable reference counter netfilter: nf_tables: missing NFT_TRANS_PREPARE_ERROR in flowtable deactivatation fs: Fix error checking for d_hash_and_lookup() cpufreq: powernow-k8: Use related_cpus instead of cpus in driver.exit() bpf: Clear the probe_addr for uprobe tcp: tcp_enter_quickack_mode() should be static regmap: rbtree: Use alloc_flags for memory allocations spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM wifi: mwifiex: Fix OOB and integer underflow when rx packets mwifiex: drop 'set_consistent_dma_mask' log message mwifiex: switch from 'pci_' to 'dma_' API wifi: mwifiex: fix error recovery in PCIE buffer descriptor management Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() crypto: caam - fix unchecked return value error lwt: Check LWTUNNEL_XMIT_CONTINUE strictly fs: ocfs2: namei: check return value of ocfs2_add_entry() wifi: mwifiex: fix memory leak in mwifiex_histogram_read() wifi: mwifiex: Fix missed return in oob checks failed path wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx wifi: ath9k: protect WMI command response buffer replacement with a lock wifi: mwifiex: avoid possible NULL skb pointer dereference wifi: ath9k: use IS_ERR() with debugfs_create_dir() net: arcnet: Do not call kfree_skb() under local_irq_disable() net/sched: sch_hfsc: Ensure inner classes have fsc curve netrom: Deny concurrent connect(). quota: add dqi_dirty_list description to comment of Dquot List Management quota: avoid increasing DQST_LOOKUPS when iterating over dirty/inuse list quota: factor out dquot_write_dquot() quota: rename dquot_active() to inode_quota_active() quota: add new helper dquot_active() quota: fix dqput() to follow the guarantees dquot_srcu should provide arm64: dts: msm8996: thermal: Add interrupt support arm64: dts: qcom: msm8996: Add missing interrupt to the USB2 controller drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() ARM: dts: BCM5301X: Harmonize EHCI/OHCI DT nodes name ARM: dts: BCM53573: Describe on-SoC BCM53125 rev 4 switch ARM: dts: BCM53573: Drop nonexistent #usb-cells ARM: dts: BCM53573: Add cells sizes to PCIe node ARM: dts: BCM53573: Use updated "spi-gpio" binding properties ARM: dts: s3c6410: move fixed clocks under root node in Mini6410 ARM: dts: s3c6410: align node SROM bus node name with dtschema in Mini6410 ARM: dts: s3c64xx: align pinctrl with dtschema ARM: dts: samsung: s3c6410-mini6410: correct ethernet reg addresses (split) ARM: dts: s5pv210: add RTC 32 KHz clock in SMDKV210 ARM: dts: s5pv210: use defines for IRQ flags in SMDKV210 ARM: dts: s5pv210: correct ethernet unit address in SMDKV210 ARM: dts: s5pv210: add dummy 5V regulator for backlight on SMDKv210 ARM: dts: samsung: s5pv210-smdkv210: correct ethernet reg addresses (split) drm: adv7511: Fix low refresh rate register for ADV7533/5 ARM: dts: BCM53573: Fix Ethernet info for Luxul devices drm/tegra: Remove superfluous error messages around platform_get_irq() drm/tegra: dpaux: Fix incorrect return value of platform_get_irq of: unittest: fix null pointer dereferencing in of_unittest_find_node_by_name() drm/msm: Replace drm_framebuffer_{un/reference} with put, get functions drm/msm/mdp5: Don't leak some plane state smackfs: Prevent underflow in smk_set_cipso() audit: fix possible soft lockup in __audit_inode_child() of: unittest: Fix overlay type in apply/revert check ALSA: ac97: Fix possible error value of *rac97 drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() clk: sunxi-ng: Modify mismatched function name PCI: Mark NVIDIA T4 GPUs to avoid bus reset PCI: pciehp: Use RMW accessors for changing LNKCTL PCI/ASPM: Use RMW accessors for changing LNKCTL PCI/ATS: Add pci_prg_resp_pasid_required() interface. PCI: Cleanup register definition width and whitespace PCI: Decode PCIe 32 GT/s link speed PCI: Add #defines for Enter Compliance, Transmit Margin drm/amdgpu: Correct Transmit Margin masks drm/amdgpu: Replace numbers with PCI_EXP_LNKCTL2 definitions drm/amdgpu: Prefer pcie_capability_read_word() drm/amdgpu: Use RMW accessors for changing LNKCTL drm/radeon: Correct Transmit Margin masks drm/radeon: Replace numbers with PCI_EXP_LNKCTL2 definitions drm/radeon: Prefer pcie_capability_read_word() drm/radeon: Use RMW accessors for changing LNKCTL wifi: ath10k: Use RMW accessors for changing LNKCTL nfs/blocklayout: Use the passed in gfp flags powerpc/iommu: Fix notifiers being shared by PCI and VIO buses jfs: validate max amount of blocks before allocation. fs: lockd: avoid possible wrong NULL parameter NFSD: da_addr_body field missing in some GETDEVICEINFO replies media: Use of_node_name_eq for node name comparisons media: v4l2-fwnode: fix v4l2_fwnode_parse_link handling media: v4l2-fwnode: simplify v4l2_fwnode_parse_link media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() drivers: usb: smsusb: fix error handling code in smsusb_init_device media: dib7000p: Fix potential division by zero media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() media: cx24120: Add retval check for cx24120_message_send() media: mediatek: vcodec: Return NULL if no vdec_fb is found usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() scsi: be2iscsi: Add length check when parsing nlattrs scsi: qla4xxx: Add length check when parsing nlattrs x86/APM: drop the duplicate APM_MINOR_DEV macro scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly dma-buf/sync_file: Fix docs syntax IB/uverbs: Fix an potential error pointer dereference media: go7007: Remove redundant if statement USB: gadget: f_mass_storage: Fix unused variable warning media: i2c: ov2680: Set V4L2_CTRL_FLAG_MODIFY_LAYOUT on flips media: ov2680: Remove auto-gain and auto-exposure controls media: ov2680: Fix ov2680_bayer_order() media: ov2680: Fix vflip / hflip set functions media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors cgroup:namespace: Remove unused cgroup_namespaces_init() scsi: core: Use 32-bit hostnum in scsi_host_lookup() scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock serial: tegra: handle clk prepare error in tegra_uart_hw_init() amba: bus: fix refcount leak Revert "IB/isert: Fix incorrect release of isert connection" HID: multitouch: Correct devm device reference for hidinput input_dev name rpmsg: glink: Add check for kstrdup arch: um: drivers: Kconfig: pedantic formatting um: Fix hostaudio build errors dmaengine: ste_dma40: Add missing IRQ check in d40_probe igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c netfilter: xt_u32: validate user space input netfilter: xt_sctp: validate the flag_info count skbuff: skb_segment, Call zero copy functions before using skbuff frags igb: set max size RX buffer when store bad packet is enabled PM / devfreq: Fix leak in devfreq_dev_release() ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl ipmi_si: fix a memleak in try_smi_init() ARM: OMAP2+: Fix -Warray-bounds warning in _pwrdm_state_switch() backlight/gpio_backlight: Compare against struct fb_info.device backlight/bd6107: Compare against struct fb_info.device backlight/lv5207lp: Compare against struct fb_info.device media: dvb: symbol fixup for dvb_attach() ntb: Drop packets when qp link is down ntb: Clean up tx tail index on link down ntb: Fix calculation ntb_transport_tx_free_entry() Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset" procfs: block chmod on /proc/thread-self/comm parisc: Fix /proc/cpuinfo output for lscpu dlm: fix plock lookup when using multiple lockspaces dccp: Fix out of bounds access in DCCP error handler crypto: stm32 - fix loop iterating through scatterlist for DMA cpufreq: brcmstb-avs-cpufreq: Fix -Warray-bounds bug X.509: if signature is unsupported skip validation net: handle ARPHRD_PPP in dev_is_mac_header_xmit() pstore/ram: Check start of empty przs during init PCI/ATS: Add inline to pci_prg_resp_pasid_required() sc16is7xx: Set iobase to device index serial: sc16is7xx: fix broken port 0 uart init usb: typec: tcpci: clear the fault status bit udf: initialize newblock to 0 scsi: qla2xxx: fix inconsistent TMF timeout scsi: qla2xxx: Turn off noisy message log fbdev/ep93xx-fb: Do not assign to struct fb_info.dev drm/ast: Fix DRAM init on AST2200 parisc: led: Fix LAN receive and transmit LEDs parisc: led: Reduce CPU overhead for disk & lan LED computation clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock soc: qcom: qmi_encdec: Restrict string length in decode NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info kconfig: fix possible buffer overflow x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm() watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load pwm: lpc32xx: Remove handling of PWM channels net: read sk->sk_family once in sk_mc_loop() igb: disable virtualization features on 82580 veth: Fixing transmit return status for dropped packets net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr af_unix: Fix data-races around user->unix_inflight. af_unix: Fix data-race around unix_tot_inflight. af_unix: Fix data-races around sk->sk_shutdown. af_unix: Fix data race around sk->sk_err. net: sched: sch_qfq: Fix UAF in qfq_dequeue() kcm: Destroy mutex in kcm_exit_net() igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 idr: fix param name in idr_alloc_cyclic() doc netfilter: nfnetlink_osf: avoid OOB read ata: sata_gemini: Add missing MODULE_DESCRIPTION ata: pata_ftide010: Add missing MODULE_DESCRIPTION btrfs: don't start transaction when joining with TRANS_JOIN_NOSTART mtd: rawnand: brcmnand: Fix crash during the panic_write mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write mtd: rawnand: brcmnand: Fix potential false time out warning perf hists browser: Fix hierarchy mode header net: ethernet: mtk_eth_soc: fix possible NULL pointer dereference in mtk_hwlro_get_fdir_all() kcm: Fix memory leak in error path of kcm_sendmsg() ixgbe: fix timestamp configuration code kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). drm/amd/display: Fix a bug when searching for insert_above_mpcc parisc: Drop loops_per_jiffy from per_cpu struct autofs: fix memory leak of waitqueues in autofs_catatonic_mode btrfs: output extra debug info if we failed to find an inline backref ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 hw_breakpoint: fix single-stepping when using bpf_overflow_handler wifi: ath9k: fix printk specifier wifi: mwifiex: fix fortify warning crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() tpm_tis: Resend command to recover from data transfer errors alx: fix OOB-read compiler warning drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() md: raid1: fix potential OOB in raid1_remove_disk() ext2: fix datatype of block number in ext2_xattr_set2() fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount powerpc/pseries: fix possible memory leak in ibmebus_bus_init() media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() media: af9005: Fix null-ptr-deref in af9005_i2c_xfer media: anysee: fix null-ptr-deref in anysee_master_xfer media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() iio: core: Use min() instead of min_t() to make code more robust media: tuners: qt1010: replace BUG_ON with a regular error media: pci: cx23885: replace BUG with error return usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() serial: cpm_uart: Avoid suspicious locking media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning kobject: Add sanity check for kset->kobj.ktype in kset_register() md/raid1: fix error: ISO C90 forbids mixed declarations attr: block mode changes of symlinks btrfs: fix lockdep splat and potential deadlock after failure running delayed items nfsd: fix change_info in NFSv4 RENAME replies mtd: rawnand: brcmnand: Fix ECC level field setting for v7.2 controller net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free net/sched: Retire rsvp classifier Linux 4.19.295 Change-Id: I5de88dc1e8cebe5736df3023205233cb40c4aa35 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Sean Christopherson
|
10c9dce4bb |
x86/virt: Drop unnecessary check on extended CPUID level in cpu_has_svm()
[ Upstream commit 5df8ecfe3632d5879d1f154f7aa8de441b5d1c89 ]
Drop the explicit check on the extended CPUID level in cpu_has_svm(), the
kernel's cached CPUID info will leave the entire SVM leaf unset if said
leaf is not supported by hardware. Prior to using cached information,
the check was needed to avoid false positives due to Intel's rather crazy
CPUID behavior of returning the values of the maximum supported leaf if
the specified leaf is unsupported.
Fixes:
|
||
Randy Dunlap
|
c98f4773e1 |
x86/APM: drop the duplicate APM_MINOR_DEV macro
[ Upstream commit 4ba2909638a29630a346d6c4907a3105409bee7d ]
This source file already includes <linux/miscdevice.h>, which contains
the same macro. It doesn't need to be defined here again.
Fixes:
|
||
Michael Bestas
|
1b59618ce4
|
Merge tag 'ASB-2023-09-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona
https://source.android.com/docs/security/bulletin/2023-09-01 * tag 'ASB-2023-09-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.294 Revert "ARM: ep93xx: fix missing-prototype warnings" Revert "MIPS: Alchemy: fix dbdma2" Linux 4.19.293 dma-buf/sw_sync: Avoid recursive lock during fence signal clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' scsi: core: raid_class: Remove raid_component_add() scsi: snic: Fix double free in snic_tgt_create() irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable rtnetlink: Reject negative ifindexes in RTM_NEWLINK netfilter: nf_queue: fix socket leak sched/rt: pick_next_rt_entity(): check list_entry mmc: block: Fix in_flight[issue_type] value error x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus media: vcodec: Fix potential array out-of-bounds in encoder queue_setup lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels batman-adv: Fix batadv_v_ogm_aggr_send memory leak batman-adv: Fix TT global entry leak when client roamed back batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Don't increase MTU when set by user batman-adv: Trigger events for auto adjusted MTU nfsd: Fix race to FREE_STATEID and cl_revoked ibmveth: Use dcbf rather than dcbfl ipvs: fix racy memcpy in proc_do_sync_threshold ipvs: Improve robustness to the ipvs sysctl bonding: fix macvlan over alb bond support net: remove bond_slave_has_mac_rcu() net/sched: fix a qdisc modification with ambiguous command request igb: Avoid starting unnecessary workqueues dccp: annotate data-races in dccp_poll() sock: annotate data-races around prot->memory_pressure tracing: Fix memleak due to race between current_tracer and trace drm/amd/display: check TG is non-null before checking if enabled drm/amd/display: do not wait for mpc idle if tg is disabled regmap: Account for register length in SMBus I/O limits dm integrity: reduce vmalloc space footprint on 32-bit architectures dm integrity: increase RECALC_SECTORS to improve recalculate speed powerpc: Fail build if using recordmcount with binutils v2.37 powerpc: remove leftover code of old GCC version checks powerpc/32: add stack protector support fbdev: fix potential OOB read in fast_imageblit() fbdev: Fix sys_imageblit() for arbitrary image widths fbdev: Improve performance of sys_imageblit() tty: serial: fsl_lpuart: add earlycon for imx8ulp platform Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" MIPS: cpu-features: Use boot_cpu_type for CPU type based features MIPS: cpu-features: Enable octeon_cache by cpu_type fs: dlm: fix mismatch of plock results from userspace fs: dlm: use dlm_plock_info for do_unlock_close fs: dlm: change plock interrupted message to debug again fs: dlm: add pid to debug log dlm: replace usage of found with dedicated list iterator variable dlm: improve plock logging if interrupted PCI: acpiphp: Reassign resources on bridge if necessary net: phy: broadcom: stub c45 read/write for 54810 net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled virtio-net: set queues after driver_ok af_unix: Fix null-ptr-deref in unix_stream_sendpage(). netfilter: set default timeout to 3 secs for sctp shutdown send and recv state test_firmware: prevent race conditions by a correct implementation of locking mmc: wbsd: fix double mmc_free_host() in wbsd_init() cifs: Release folio lock on fscache read hit. ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. serial: 8250: Fix oops for port->pm on uart_change_pm() ASoC: meson: axg-tdm-formatter: fix channel slot allocation ASoC: rt5665: add missed regulator_bulk_disable net: do not allow gso_size to be set to GSO_BY_FRAGS sock: Fix misuse of sk_under_memory_pressure() i40e: fix misleading debug logs team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves netfilter: nft_dynset: disallow object maps selftests: mirror_gre_changes: Tighten up the TTL test match xfrm: add NULL check in xfrm_update_ae_params ip_vti: fix potential slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 xfrm: fix slab-use-after-free in decode_session6 xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c net: af_key: fix sadb_x_filter validation net: xfrm: Fix xfrm_address_filter OOB read btrfs: fix BUG_ON condition in btrfs_cancel_balance powerpc/rtas_flash: allow user copy to flash block cache objects fbdev: mmp: fix value check in mmphw_probe() virtio-mmio: don't break lifecycle of vm_dev virtio-mmio: Use to_virtio_mmio_device() to simply code virtio-mmio: convert to devm_platform_ioremap_resource nfsd: Remove incorrect check in nfsd4_validate_stateid nfsd4: kill warnings on testing stateids with mismatched clientids block: fix signed int overflow in Amiga partition support mmc: sunxi: fix deferred probing mmc: bcm2835: fix deferred probing mmc: Remove dev_err() usage after platform_get_irq() mmc: tmio: move tmio_mmc_set_clock() to platform hook mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock() mmc: meson-gx: remove redundant mmc_request_done() call from irq context mmc: meson-gx: remove useless lock USB: dwc3: qcom: fix NULL-deref on suspend usb: dwc3: qcom: Add helper functions to enable,disable wake irqs irqchip/mips-gic: Use raw spinlock for gic_lock irqchip/mips-gic: Get rid of the reliance on irq_cpu_online() x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms powerpc/64s/radix: Fix soft dirty tracking powerpc: Move page table dump files in a dedicated subdirectory powerpc/mm: dump block address translation on book3s/32 powerpc/mm: dump segment registers on book3s/32 powerpc/mm: Move pgtable_t into platform headers powerpc/mm: move platform specific mmu-xxx.h in platform directories iio: addac: stx104: Fix race condition when converting analog-to-digital iio: addac: stx104: Fix race condition for stx104_write_raw() iio: adc: stx104: Implement and utilize register structures iio: adc: stx104: Utilize iomap interface iio: add addac subdirectory IMA: allow/fix UML builds drm/amdgpu: Fix potential fence use-after-free v2 Bluetooth: L2CAP: Fix use-after-free pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() gfs2: Fix possible data races in gfs2_show_options() media: platform: mediatek: vpu: fix NULL ptr dereference media: v4l2-mem2mem: add lock to protect parameter num_rdy FS: JFS: Check for read-only mounted filesystem in txBegin FS: JFS: Fix null-ptr-deref Read in txBegin MIPS: dec: prom: Address -Warray-bounds warning fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev udf: Fix uninitialized array access for some pathnames HID: add quirk for 03f0:464a HP Elite Presenter Mouse quota: fix warning in dqgrab() quota: Properly disable quotas when add_dquot_ref() fails ALSA: emu10k1: roll up loops in DSP setup code for Audigy drm/radeon: Fix integer overflow in radeon_cs_parser_init selftests: forwarding: tc_flower: Relax success criterion lib/mpi: Eliminate unused umul_ppmm definitions for MIPS Revert "posix-timers: Ensure timer ID search-loop limit is valid" UPSTREAM: media: usb: siano: Fix warning due to null work_func_t function pointer UPSTREAM: Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb UPSTREAM: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free UPSTREAM: net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free Linux 4.19.292 sch_netem: fix issues in netem_change() vs get_dist_table() alpha: remove __init annotation from exported page_is_ram() scsi: core: Fix possible memory leak if device_add() fails scsi: snic: Fix possible memory leak if device_add() fails scsi: 53c700: Check that command slot is not NULL scsi: storvsc: Fix handling of virtual Fibre Channel timeouts scsi: core: Fix legacy /proc parsing buffer overflow netfilter: nf_tables: report use refcount overflow netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush btrfs: don't stop integrity writeback too early ibmvnic: Handle DMA unmapping of login buffs in release functions wifi: cfg80211: fix sband iftype data lookup for AP_VLAN IB/hfi1: Fix possible panic during hotplug remove drivers: net: prevent tun_build_skb() to exceed the packet size limit dccp: fix data-race around dp->dccps_mss_cache bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves net/packet: annotate data-races around tp->status mISDN: Update parameter type of dsp_cmx_send() drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes x86: Move gds_ucode_mitigated() declaration to header x86/mm: Fix VDSO and VVAR placement on 5-level paging machines x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 usb: dwc3: Properly handle processing of pending events usb-storage: alauda: Fix uninit-value in alauda_check_media() binder: fix memory leak in binder_init() iio: cros_ec: Fix the allocation size for cros_ec_command nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput radix tree test suite: fix incorrect allocation size for pthreads drm/nouveau/gr: enable memory loads on helper invocation on all channels dmaengine: pl330: Return DMA_PAUSED when transaction is paused ipv6: adjust ndisc_is_useropt() to also return true for PIO mmc: moxart: read scr register without changing byte order sparc: fix up arch_cpu_finalize_init() build breakage. UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free Linux 4.19.291 drm/edid: fix objtool warning in drm_cvt_modes() arm64: dts: stratix10: fix incorrect I2C property for SCL signal drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node ARM: dts: imx6sll: fixup of operating points ARM: dts: imx: add usb alias ARM: dts: imx6sll: Make ssi node name same as other platforms PM: sleep: wakeirq: fix wake irq arming PM / wakeirq: support enabling wake-up irq after runtime_suspend called powerpc/mm/altmap: Fix altmap boundary check mtd: rawnand: omap_elm: Fix incorrect type in assignment test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation test_firmware: fix a memory leak with reqs buffer ext2: Drop fragment support net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb fs/sysv: Null check to prevent null-ptr-deref bug USB: zaurus: Add ID for A-300/B-500/C-700 libceph: fix potential hang in ceph_osdc_notify() scsi: zfcp: Defer fc_rport blocking until after ADISC response tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen tcp_metrics: annotate data-races around tm->tcpm_net tcp_metrics: annotate data-races around tm->tcpm_vals[] tcp_metrics: annotate data-races around tm->tcpm_lock tcp_metrics: annotate data-races around tm->tcpm_stamp tcp_metrics: fix addr_same() helper ip6mr: Fix skb_under_panic in ip6mr_cache_report() net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free net: add missing data-race annotation for sk_ll_usec net: add missing data-race annotations around sk->sk_peek_off net: sched: cls_u32: Fix match key mis-addressing perf test uprobe_from_different_cu: Skip if there is no gcc net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() KVM: s390: fix sthyi error handling word-at-a-time: use the same return type for has_zero regardless of endianness loop: Select I/O scheduler 'none' from inside add_disk() perf: Fix function pointer case net/sched: cls_u32: Fix reference counter leak leading to overflow ASoC: cs42l51: fix driver to properly autoload with automatic module loading net/sched: sch_qfq: account for stab overhead in qfq_enqueue net/sched: cls_fw: Fix improper refcount update leads to use-after-free drm/client: Fix memory leak in drm_client_target_cloned dm cache policy smq: ensure IO doesn't prevent cleaner policy progress ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register s390/dasd: fix hanging device after quiesce/resume virtio-net: fix race between set queues and probe serial: 8250_dw: Preserve original value of DLF register serial: 8250_dw: split Synopsys DesignWare 8250 common functions irq-bcm6345-l1: Do not assume a fixed block to cpu mapping tpm_tis: Explicitly check for error code btrfs: check for commit error at btrfs_attach_transaction_barrier() hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() Documentation: security-bugs.rst: clarify CVE handling Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group usb: xhci-mtk: set the dma max_seg_size USB: quirks: add quirk for Focusrite Scarlett usb: ohci-at91: Fix the unhandle interrupt when resume usb: dwc3: don't reset device side if dwc3 was configured as host-only usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED USB: serial: simple: sort driver entries USB: serial: simple: add Kaufmann RKS+CAN VCP USB: serial: option: add Quectel EC200A module support USB: serial: option: support Quectel EM060K_128 tracing: Fix warning in trace_buffered_event_disable() ring-buffer: Fix wrong stat of cpu_buffer->read ata: pata_ns87415: mark ns87560_tf_read static dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths block: Fix a source code comment in include/uapi/linux/blkzoned.h ASoC: fsl_spdif: Silence output on stop drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() RDMA/mlx4: Make check for invalid flags stricter benet: fix return value check in be_lancer_xmit_workarounds() net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 net/sched: mqprio: add extack to mqprio_parse_nlattr() net/sched: mqprio: refactor nlattr parsing to a separate function platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 team: reset team's flags when down link is P2P device bonding: reset bond's flags when down link is P2P device tcp: Reduce chance of collisions in inet6_hashfn(). ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address ethernet: atheros: fix return value check in atl1e_tso_csum() phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() ext4: fix to check return value of freeze_bdev() in ext4_shutdown() scsi: qla2xxx: Array index may go out of bound scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() ftrace: Store the order of pages allocated in ftrace_page ftrace: Check if pages were allocated before calling free_pages() ftrace: Add information on number of page groups allocated fs: dlm: interrupt posix locks only when process is killed dlm: rearrange async condition return dlm: cleanup plock_op vs plock_xop PCI/ASPM: Avoid link retraining race PCI/ASPM: Factor out pcie_wait_for_retrain() PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() PCI: Rework pcie_retrain_link() wait loop ext4: Fix reusing stale buffer heads from last failed mounting ext4: rename journal_dev to s_journal_dev inside ext4_sb_info btrfs: fix extent buffer leak after tree mod log failure at split_node() bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent bcache: remove 'int n' from parameter list of bch_bucket_alloc_set() bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set gpio: tps68470: Make tps68470_gpio_output() always set the initial value tracing/histograms: Return an error if we fail to add histogram to hist_vars list tcp: annotate data-races around fastopenq.max_qlen tcp: annotate data-races around tp->notsent_lowat tcp: annotate data-races around rskq_defer_accept tcp: annotate data-races around tp->linger2 net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX netfilter: nf_tables: can't schedule in nft_chain_validate netfilter: nf_tables: fix spurious set element insertion failure llc: Don't drop packet from non-root netns. fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe Revert "tcp: avoid the lookup process failing to get sk in ehash table" net:ipv6: check return value of pskb_trim() net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() pinctrl: amd: Use amd_pinconf_set() for all config options fbdev: imxfb: warn about invalid left/right margin spi: bcm63xx: fix max prepend length igb: Fix igb_down hung on surprise removal wifi: iwlwifi: mvm: avoid baid size integer overflow wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() bpf: Address KCSAN report on bpf_lru_list sched/fair: Don't balance task to its current running CPU posix-timers: Ensure timer ID search-loop limit is valid md/raid10: prevent soft lockup while flush writes md: fix data corruption for raid456 when reshape restart while grow up nbd: Add the maximum limit of allocated index in nbd_dev_add debugobjects: Recheck debug_objects_enabled before reporting ext4: correct inline offset when handling xattrs in inode body can: bcm: Fix UAF in bcm_proc_show() fuse: revalidate: don't invalidate if interrupted perf probe: Add test for regression introduced by switch to die_get_decl_file() tracing/histograms: Add histograms to hist_vars if they have referenced variables drm/atomic: Fix potential use-after-free in nonblocking commits scsi: qla2xxx: Pointer may be dereferenced scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Wait for io return on terminate rport xtensa: ISS: fix call to split_if_spec ring-buffer: Fix deadloop issue on reading trace_pipe tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error Revert "8250: add support for ASIX devices with a FIFO bug" meson saradc: fix clock divider mask length ceph: don't let check_caps skip sending responses for revoke msgs hwrng: imx-rngc - fix the timeout for init and self check serial: atmel: don't enable IRQs prematurely fs: dlm: return positive pid value for F_GETLK md/raid0: add discard support for the 'original' layout misc: pci_endpoint_test: Re-init completion for every test misc: pci_endpoint_test: Free IRQs before removing the device PCI: rockchip: Use u32 variable to access 32-bit registers PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: qcom: Disable write access to read only registers for IP v2.3.3 PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold jfs: jfs_dmap: Validate db_l2nbperpage while mounting ext4: only update i_reserved_data_blocks on successful block allocation ext4: fix wrong unit use in ext4_mb_clear_bb perf intel-pt: Fix CYC timestamps after standalone CBR SUNRPC: Fix UAF in svc_tcp_listen_data_ready() net: bcmgenet: Ensure MDIO unregistration has clocks enabled tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation pinctrl: amd: Only use special debounce behavior for GPIO 0 pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Fix mistake in handling clearing pins at startup net/sched: make psched_mtu() RTNL-less safe wifi: airo: avoid uninitialized warning in airo_get_rate() ipv6/addrconf: fix a potential refcount underflow for idev NTB: ntb_tool: Add check for devm_kcalloc NTB: ntb_transport: fix possible memory leak while device_register() fails ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: idt: Fix error handling in idt_pci_driver_init() udp6: fix udp6_ehashfn() typo icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). vrf: Increment Icmp6InMsgs on the original netdev net: mvneta: fix txq_map in case of txq_number==1 workqueue: clean up WORK_* constant types, clarify masking net: lan743x: Don't sleep in atomic context netfilter: nf_tables: prevent OOB access in nft_byteorder_eval netfilter: conntrack: Avoid nf_ct_helper_hash uses after free netfilter: nf_tables: fix scheduling-while-atomic splat netfilter: nf_tables: unbind non-anonymous set if rule construction fails netfilter: nf_tables: reject unbound anonymous set before commit phase netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE netfilter: nf_tables: use net_generic infra for transaction data netfilter: add helper function to set up the nfnetlink header and use it netfilter: nftables: add helper function to set the base sequence number netfilter: nf_tables: add rescheduling points during loop detection walks netfilter: nf_tables: fix nat hook table deletion spi: spi-fsl-spi: allow changing bits_per_word while CS is still active spi: spi-fsl-spi: relax message sanity checking a little spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg ARM: orion5x: fix d2net gpio initialization btrfs: fix race when deleting quota root from the dirty cow roots list jffs2: reduce stack usage in jffs2_build_xattr_subsystem() integrity: Fix possible multiple allocation in integrity_inode_get() bcache: Remove unnecessary NULL point check in node allocations mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M mmc: core: disable TRIM on Kingston EMMC04G-M627 NFSD: add encoding of op_recall flag for write delegation ALSA: jack: Fix mutex call in snd_jack_report() i2c: xiic: Don't try to handle more interrupt events after error i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() sh: dma: Fix DMA channel offset calculation net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX tcp: annotate data races in __tcp_oow_rate_limited() net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y f2fs: fix error path handling in truncate_dnode() mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 spi: bcm-qspi: return error if neither hif_mspi nor mspi is available Add MODULE_FIRMWARE() for FIRMWARE_TG357766. sctp: fix potential deadlock on &net->sctp.addr_wq_lock rtc: st-lpc: Release some resources in st_rtc_probe() in case of error mfd: stmpe: Only disable the regulators if they are enabled mfd: intel-lpss: Add missing check for platform_get_resource KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes mfd: rt5033: Drop rt5033-battery sub-device usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() extcon: Fix kernel doc of property capability fields to avoid warnings extcon: Fix kernel doc of property fields to avoid warnings media: usb: siano: Fix warning due to null work_func_t function pointer media: videodev2.h: Fix struct v4l2_input tuner index comment media: usb: Check az6007_read() return value sh: j2: Use ioremap() to translate device tree address into kernel memory w1: fix loop in w1_fini() block: change all __u32 annotations to __be32 in affs_hardblocks.h USB: serial: option: add LARA-R6 01B PIDs ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard ARCv2: entry: rewrite to enable use of double load/stores LDD/STD ARCv2: entry: avoid a branch ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE ARCv2: entry: comments about hardware auto-save on taken interrupts modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} modpost: fix section mismatch message for R_ARM_ABS32 crypto: nx - fix build warnings when DEBUG_FS is not enabled hwrng: virtio - Fix race on data_avail and actual data hwrng: virtio - always add a pending request hwrng: virtio - don't waste entropy hwrng: virtio - don't wait on cleanup hwrng: virtio - add an internal buffer pinctrl: at91-pio4: check return value of devm_kasprintf() perf dwarf-aux: Fix off-by-one in die_get_varname() pinctrl: cherryview: Return correct value if pin in push-pull mode PCI: Add pci_clear_master() stub for non-CONFIG_PCI scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer drm/radeon: fix possible division-by-zero errors fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors soc/fsl/qe: fix usb.c build errors ASoC: es8316: Increment max value for ALC Capture Target Volume control ARM: ep93xx: fix missing-prototype warnings drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H Input: adxl34x - do not hardcode interrupt trigger type ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Input: drv260x - sleep between polling GO bit radeon: avoid double free in ci_dpm_init() netlink: Add __sock_i_ino() for __netlink_diag_dump(). ipvlan: Fix return value of ipvlan_queue_xmit() netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. lib/ts_bm: reset initial match offset for every block of text gtp: Fix use-after-free in __gtp_encap_destroy(). netlink: do not hard code device address lenth in fdb dumps netlink: fix potential deadlock in netlink_set_err() wifi: ath9k: convert msecs to jiffies where needed wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() memstick r592: make memstick_debug_get_tpc_name() static kexec: fix a memory leak in crash_shrink_memory() watchdog/perf: more properly prevent false positives with turbo modes watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes wifi: ray_cs: Fix an error handling path in ray_probe() wifi: ray_cs: Drop useless status variable in parse_addr() wifi: ray_cs: Utilize strnlen() in parse_addr() wifi: wl3501_cs: Fix an error handling path in wl3501_probe() wl3501_cs: use eth_hw_addr_set() net: create netdev->dev_addr assignment helpers wl3501_cs: Fix misspelling and provide missing documentation wl3501_cs: Remove unnecessary NULL check wl3501_cs: Fix a bunch of formatting issues related to function docs wifi: atmel: Fix an error handling path in atmel_probe() wifi: orinoco: Fix an error handling path in orinoco_cs_probe() wifi: orinoco: Fix an error handling path in spectrum_cs_probe() nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() nfc: constify several pointers to u8, char and sk_buff wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() samples/bpf: Fix buffer overflow in tcp_basertt wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation evm: Complete description of evm_inode_setattr() ARM: 9303/1: kprobes: avoid missing-declaration warnings PM: domains: fix integer overflow issues in genpd_parse_state() clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe clocksource/drivers/cadence-ttc: Use ttc driver as platform driver clocksource/drivers: Unify the names to timer-* format irqchip/jcore-aic: Fix missing allocation of IRQ descriptors irqchip/jcore-aic: Kill use of irq_create_strict_mappings() md/raid10: fix io loss while replacement replace rdev md/raid10: fix wrong setting of max_corr_read_errors md/raid10: fix overflow of md/safe_mode_delay md/raid10: check slab-out-of-bounds in md_bitmap_get_counter treewide: Remove uninitialized_var() usage drm/amdgpu: Validate VM ioctl flags. scripts/tags.sh: Resolve gtags empty index generation drm/edid: Fix uninitialized variable in drm_cvt_modes() fbdev: imsttfb: Fix use after free bug in imsttfb_probe video: imsttfb: check for ioremap() failures x86/smp: Use dedicated cache-line for mwait_play_dead() gfs2: Don't deref jdesc in evict Linux 4.19.290 x86: fix backwards merge of GDS/SRSO bit xen/netback: Fix buffer overrun triggered by unusual packet Documentation/x86: Fix backwards on/off logic about YMM support x86/xen: Fix secondary processors' FPU initialization KVM: Add GDS_NO support to KVM x86/speculation: Add Kconfig option for GDS x86/speculation: Add force option to GDS mitigation x86/speculation: Add Gather Data Sampling mitigation x86/fpu: Move FPU initialization into arch_cpu_finalize_init() x86/fpu: Mark init functions __init x86/fpu: Remove cpuinfo argument from init functions init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() init: Invoke arch_cpu_finalize_init() earlier init: Remove check_bugs() leftovers um/cpu: Switch to arch_cpu_finalize_init() sparc/cpu: Switch to arch_cpu_finalize_init() sh/cpu: Switch to arch_cpu_finalize_init() mips/cpu: Switch to arch_cpu_finalize_init() m68k/cpu: Switch to arch_cpu_finalize_init() ia64/cpu: Switch to arch_cpu_finalize_init() ARM: cpu: Switch to arch_cpu_finalize_init() x86/cpu: Switch to arch_cpu_finalize_init() init: Provide arch_cpu_finalize_init() Conflicts: drivers/mmc/core/block.c drivers/mmc/host/sdhci-msm.c drivers/usb/dwc3/core.c drivers/usb/dwc3/gadget.c Change-Id: Id2f4d5c8067f8e5eda39c0eaa5e59d54a394b4c7 |
||
Michael Bestas
|
0a38ea41d1
|
Merge tag 'ASB-2023-08-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona
https://source.android.com/docs/security/bulletin/2023-08-01 CVE-2023-21264 CVE-2020-29374 * tag 'ASB-2023-08-05_4.19-stable' of https://android.googlesource.com/kernel/common: Linux 4.19.289 x86/cpu/amd: Add a Zenbleed fix x86/cpu/amd: Move the errata checking functionality up x86/microcode/AMD: Load late on both threads too Change-Id: Id34af33c9bf1a3f075b7e54dcee89b8bb265eb69 |
||
Greg Kroah-Hartman
|
ab7141647e |
This is the 4.19.293 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTvUuwACgkQONu9yGCS aT7LpA/+N7Em43G700yL9LlPAwa6xWE22OMyidakDJfd2pZ/yfi7/rsdCKMpPi4o Y+jyax8jj1V473rAM1emBUpy8EMnJD+0Fh/279rO3C0F61wgt8QLU9M+8bb5g/lE IWziYXdugRoBsLvp22GYlNT1s/EAd1g5eWrUYkPaL0nZe6p1eF+rFF0+qUCbY77q q3jSh3SCeGPn9x3IGBwD7v21dA4ZlpIkbie3Pd8ARSKfeGKKaiRSVNH4xoEcimFt 6j13d0VEdJC4Ew5Ir5S0oFHaTsYAR8EcKiJoaPsJ+SAUNh+RH2v3D+t8+oBbXkj5 JxTRwohL2P9MQAW/xXrArwuKN4PghtJeE3xZGjkwS/wJzuQ0oqxfZwFNsU1p467O KkInV+soyD9GoAAzpbGO3GwgP1mybUOpLzS5ERwn43yKgOad6XjYiTw7PIzahgJ7 gvBrqqOQMFOMrPoLhVzhWnUP9kcVSjvn49HJ9blX0sg5ShDra/q0bs8l9fSIAJnv GBZkV7CyqoZNULXjG8/jqlzijf5FpGwTX4mHJ1n2M58CskmXxqRt2bP/KmFzn8j/ ny3aVIN06c6VTNZ4Cu2h9CC1T4ZW0CNteMzweHMY+0PU8Y3BA+XBQVnQ1F+r+TF5 hbSxiPB5uYJJFfTkUlf8QMAfC7h1pbxgCy4YsJ1QlEt3Ai8ypo4= =gx/M -----END PGP SIGNATURE----- Merge 4.19.293 into android-4.19-stable Changes in 4.19.293 lib/mpi: Eliminate unused umul_ppmm definitions for MIPS selftests: forwarding: tc_flower: Relax success criterion drm/radeon: Fix integer overflow in radeon_cs_parser_init ALSA: emu10k1: roll up loops in DSP setup code for Audigy quota: Properly disable quotas when add_dquot_ref() fails quota: fix warning in dqgrab() HID: add quirk for 03f0:464a HP Elite Presenter Mouse udf: Fix uninitialized array access for some pathnames fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev MIPS: dec: prom: Address -Warray-bounds warning FS: JFS: Fix null-ptr-deref Read in txBegin FS: JFS: Check for read-only mounted filesystem in txBegin media: v4l2-mem2mem: add lock to protect parameter num_rdy media: platform: mediatek: vpu: fix NULL ptr dereference gfs2: Fix possible data races in gfs2_show_options() pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() Bluetooth: L2CAP: Fix use-after-free drm/amdgpu: Fix potential fence use-after-free v2 IMA: allow/fix UML builds iio: add addac subdirectory iio: adc: stx104: Utilize iomap interface iio: adc: stx104: Implement and utilize register structures iio: addac: stx104: Fix race condition for stx104_write_raw() iio: addac: stx104: Fix race condition when converting analog-to-digital powerpc/mm: move platform specific mmu-xxx.h in platform directories powerpc/mm: Move pgtable_t into platform headers powerpc/mm: dump segment registers on book3s/32 powerpc/mm: dump block address translation on book3s/32 powerpc: Move page table dump files in a dedicated subdirectory powerpc/64s/radix: Fix soft dirty tracking x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms irqchip/mips-gic: Get rid of the reliance on irq_cpu_online() irqchip/mips-gic: Use raw spinlock for gic_lock usb: dwc3: qcom: Add helper functions to enable,disable wake irqs USB: dwc3: qcom: fix NULL-deref on suspend mmc: meson-gx: remove useless lock mmc: meson-gx: remove redundant mmc_request_done() call from irq context mmc: tmio: replace tmio_mmc_clk_stop() calls with tmio_mmc_set_clock() mmc: tmio: move tmio_mmc_set_clock() to platform hook mmc: Remove dev_err() usage after platform_get_irq() mmc: bcm2835: fix deferred probing mmc: sunxi: fix deferred probing block: fix signed int overflow in Amiga partition support nfsd4: kill warnings on testing stateids with mismatched clientids nfsd: Remove incorrect check in nfsd4_validate_stateid virtio-mmio: convert to devm_platform_ioremap_resource virtio-mmio: Use to_virtio_mmio_device() to simply code virtio-mmio: don't break lifecycle of vm_dev fbdev: mmp: fix value check in mmphw_probe() powerpc/rtas_flash: allow user copy to flash block cache objects btrfs: fix BUG_ON condition in btrfs_cancel_balance net: xfrm: Fix xfrm_address_filter OOB read net: af_key: fix sadb_x_filter validation xfrm: interface: rename xfrm_interface.c to xfrm_interface_core.c xfrm: fix slab-use-after-free in decode_session6 ip6_vti: fix slab-use-after-free in decode_session6 ip_vti: fix potential slab-use-after-free in decode_session6 xfrm: add NULL check in xfrm_update_ae_params selftests: mirror_gre_changes: Tighten up the TTL test match netfilter: nft_dynset: disallow object maps team: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves i40e: fix misleading debug logs sock: Fix misuse of sk_under_memory_pressure() net: do not allow gso_size to be set to GSO_BY_FRAGS ASoC: rt5665: add missed regulator_bulk_disable ASoC: meson: axg-tdm-formatter: fix channel slot allocation serial: 8250: Fix oops for port->pm on uart_change_pm() ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. cifs: Release folio lock on fscache read hit. mmc: wbsd: fix double mmc_free_host() in wbsd_init() test_firmware: prevent race conditions by a correct implementation of locking netfilter: set default timeout to 3 secs for sctp shutdown send and recv state af_unix: Fix null-ptr-deref in unix_stream_sendpage(). virtio-net: set queues after driver_ok net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled net: xfrm: Amend XFRMA_SEC_CTX nla_policy structure net: phy: broadcom: stub c45 read/write for 54810 PCI: acpiphp: Reassign resources on bridge if necessary dlm: improve plock logging if interrupted dlm: replace usage of found with dedicated list iterator variable fs: dlm: add pid to debug log fs: dlm: change plock interrupted message to debug again fs: dlm: use dlm_plock_info for do_unlock_close fs: dlm: fix mismatch of plock results from userspace MIPS: cpu-features: Enable octeon_cache by cpu_type MIPS: cpu-features: Use boot_cpu_type for CPU type based features Revert "tty: serial: fsl_lpuart: drop earlycon entry for i.MX8QXP" tty: serial: fsl_lpuart: add earlycon for imx8ulp platform fbdev: Improve performance of sys_imageblit() fbdev: Fix sys_imageblit() for arbitrary image widths fbdev: fix potential OOB read in fast_imageblit() powerpc/32: add stack protector support powerpc: remove leftover code of old GCC version checks powerpc: Fail build if using recordmcount with binutils v2.37 dm integrity: increase RECALC_SECTORS to improve recalculate speed dm integrity: reduce vmalloc space footprint on 32-bit architectures regmap: Account for register length in SMBus I/O limits drm/amd/display: do not wait for mpc idle if tg is disabled drm/amd/display: check TG is non-null before checking if enabled tracing: Fix memleak due to race between current_tracer and trace sock: annotate data-races around prot->memory_pressure dccp: annotate data-races in dccp_poll() igb: Avoid starting unnecessary workqueues net/sched: fix a qdisc modification with ambiguous command request net: remove bond_slave_has_mac_rcu() bonding: fix macvlan over alb bond support ipvs: Improve robustness to the ipvs sysctl ipvs: fix racy memcpy in proc_do_sync_threshold ibmveth: Use dcbf rather than dcbfl nfsd: Fix race to FREE_STATEID and cl_revoked batman-adv: Trigger events for auto adjusted MTU batman-adv: Don't increase MTU when set by user batman-adv: Do not get eth header before batadv_check_management_packet batman-adv: Fix TT global entry leak when client roamed back batman-adv: Fix batadv_v_ogm_aggr_send memory leak lib/clz_ctz.c: Fix __clzdi2() and __ctzdi2() for 32-bit kernels media: vcodec: Fix potential array out-of-bounds in encoder queue_setup PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 mmc: block: Fix in_flight[issue_type] value error sched/rt: pick_next_rt_entity(): check list_entry netfilter: nf_queue: fix socket leak rtnetlink: Reject negative ifindexes in RTM_NEWLINK irqchip/mips-gic: Don't touch vl_map if a local interrupt is not routable scsi: snic: Fix double free in snic_tgt_create() scsi: core: raid_class: Remove raid_component_add() clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' dma-buf/sw_sync: Avoid recursive lock during fence signal Linux 4.19.293 Change-Id: Idd55c28550596932baf6645b788c48b548cc6271 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Feng Tang
|
52079dc77f |
x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4
commit 2c66ca3949dc701da7f4c9407f2140ae425683a5 upstream. 0-Day found a 34.6% regression in stress-ng's 'af-alg' test case, and bisected it to commit b81fac906a8f ("x86/fpu: Move FPU initialization into arch_cpu_finalize_init()"), which optimizes the FPU init order, and moves the CR4_OSXSAVE enabling into a later place: arch_cpu_finalize_init identify_boot_cpu identify_cpu generic_identify get_cpu_cap --> setup cpu capability ... fpu__init_cpu fpu__init_cpu_xstate cr4_set_bits(X86_CR4_OSXSAVE); As the FPU is not yet initialized the CPU capability setup fails to set X86_FEATURE_OSXSAVE. Many security module like 'camellia_aesni_avx_x86_64' depend on this feature and therefore fail to load, causing the regression. Cure this by setting X86_FEATURE_OSXSAVE feature right after OSXSAVE enabling. [ tglx: Moved it into the actual BSP FPU initialization code and added a comment ] Fixes: b81fac906a8f ("x86/fpu: Move FPU initialization into arch_cpu_finalize_init()") Reported-by: kernel test robot <oliver.sang@intel.com> Signed-off-by: Feng Tang <feng.tang@intel.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/lkml/202307192135.203ac24e-oliver.sang@intel.com Link: https://lore.kernel.org/lkml/20230823065747.92257-1-feng.tang@intel.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Zhang Rui
|
f5867e5b6a |
x86/topology: Fix erroneous smp_num_siblings on Intel Hybrid platforms
[ Upstream commit edc0a2b5957652f4685ef3516f519f84807087db ] Traditionally, all CPUs in a system have identical numbers of SMT siblings. That changes with hybrid processors where some logical CPUs have a sibling and others have none. Today, the CPU boot code sets the global variable smp_num_siblings when every CPU thread is brought up. The last thread to boot will overwrite it with the number of siblings of *that* thread. That last thread to boot will "win". If the thread is a Pcore, smp_num_siblings == 2. If it is an Ecore, smp_num_siblings == 1. smp_num_siblings describes if the *system* supports SMT. It should specify the maximum number of SMT threads among all cores. Ensure that smp_num_siblings represents the system-wide maximum number of siblings by always increasing its value. Never allow it to decrease. On MeteorLake-P platform, this fixes a problem that the Ecore CPUs are not updated in any cpu sibling map because the system is treated as an UP system when probing Ecore CPUs. Below shows part of the CPU topology information before and after the fix, for both Pcore and Ecore CPU (cpu0 is Pcore, cpu 12 is Ecore). ... -/sys/devices/system/cpu/cpu0/topology/package_cpus:000fff -/sys/devices/system/cpu/cpu0/topology/package_cpus_list:0-11 +/sys/devices/system/cpu/cpu0/topology/package_cpus:3fffff +/sys/devices/system/cpu/cpu0/topology/package_cpus_list:0-21 ... -/sys/devices/system/cpu/cpu12/topology/package_cpus:001000 -/sys/devices/system/cpu/cpu12/topology/package_cpus_list:12 +/sys/devices/system/cpu/cpu12/topology/package_cpus:3fffff +/sys/devices/system/cpu/cpu12/topology/package_cpus_list:0-21 Notice that the "before" 'package_cpus_list' has only one CPU. This means that userspace tools like lscpu will see a little laptop like an 11-socket system: -Core(s) per socket: 1 -Socket(s): 11 +Core(s) per socket: 16 +Socket(s): 1 This is also expected to make the scheduler do rather wonky things too. [ dhansen: remove CPUID detail from changelog, add end user effects ] CC: stable@kernel.org Fixes: |
||
Greg Kroah-Hartman
|
b2cb45e59d |
Merge 4.19.292 into android-4.19-stable
Changes in 4.19.292 sparc: fix up arch_cpu_finalize_init() build breakage. mmc: moxart: read scr register without changing byte order ipv6: adjust ndisc_is_useropt() to also return true for PIO dmaengine: pl330: Return DMA_PAUSED when transaction is paused drm/nouveau/gr: enable memory loads on helper invocation on all channels radix tree test suite: fix incorrect allocation size for pthreads nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput iio: cros_ec: Fix the allocation size for cros_ec_command binder: fix memory leak in binder_init() usb-storage: alauda: Fix uninit-value in alauda_check_media() usb: dwc3: Properly handle processing of pending events x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 x86/mm: Fix VDSO and VVAR placement on 5-level paging machines x86: Move gds_ucode_mitigated() declaration to header drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes mISDN: Update parameter type of dsp_cmx_send() net/packet: annotate data-races around tp->status bonding: Fix incorrect deletion of ETH_P_8021AD protocol vid from slaves dccp: fix data-race around dp->dccps_mss_cache drivers: net: prevent tun_build_skb() to exceed the packet size limit IB/hfi1: Fix possible panic during hotplug remove wifi: cfg80211: fix sband iftype data lookup for AP_VLAN ibmvnic: Handle DMA unmapping of login buffs in release functions btrfs: don't stop integrity writeback too early netfilter: nf_tables: bogus EBUSY when deleting flowtable after flush netfilter: nf_tables: report use refcount overflow scsi: core: Fix legacy /proc parsing buffer overflow scsi: storvsc: Fix handling of virtual Fibre Channel timeouts scsi: 53c700: Check that command slot is not NULL scsi: snic: Fix possible memory leak if device_add() fails scsi: core: Fix possible memory leak if device_add() fails alpha: remove __init annotation from exported page_is_ram() sch_netem: fix issues in netem_change() vs get_dist_table() Linux 4.19.292 Change-Id: Ie4a1393c672e280631d9a0949e081f134dff3e3b Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Greg Kroah-Hartman
|
813e482b1b |
This is the 4.19.291 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmTWBMYACgkQONu9yGCS aT5fcw//f8IqgXhnM1RmdENWcj8Yttld1jY0L8+z2fRvkzmuqFJAnOuTEP/BV9Zk iMNH6Hg5iZh/ajGyW4OxsWHvaDNyZtpPOgNtQkhHPPDq5tqAgg+8ZgPlZkmbvnGd askxaSJE7OuJOfG193o/Uf0CR/boSIN1ioIu0vumqhrP2NUbe44/PLeSB239ZdGy nIaBo1JXffOH8P7kSS4E9NSrfoA9MQEuJgcYPkc1c08W2FWO8MftM/hdQtXGwbNC LCy4yGc3PN40MT7tOsXE0w3P+ZUXfP6g8NgHooRKuLimSiAYodLgCwnvELZ/Nsg+ w1TPDxbLD99te5J16GzlzhN4+9BUtf2qq9ZgiJQ8lmKaGc+hAMRKF2h2E5Qhla8R TJubYFjD5yilANlRumVHMzNJZntROw0hG0ZIX6An/1QM5JAy7B736jI6jt+RZFSx r08xhBXcO+m3s2Vc2OojJFKLot9i0ugiKkTuQBZsBFDfcOtSrUUarB6Vz6wZvCY8 sojQOS0eoYb+2GlKJ0UzTPLEHrCpusRkEnv3QMAPfTkw6vqvkrYACfOEbBujfT8e TtC7wuS3beULYPKpObe9HrpCooOXX8YQFXyld5e5iBINXwt/UT4daDL85BbMsPEu MPaSKrTMGXUsRoOWHiuPumT/MDE5LBSCqhyi41k90R9qRW6M+Wk= =KuAb -----END PGP SIGNATURE----- Merge 4.19.291 into android-4.19-stable Changes in 4.19.291 gfs2: Don't deref jdesc in evict x86/smp: Use dedicated cache-line for mwait_play_dead() video: imsttfb: check for ioremap() failures fbdev: imsttfb: Fix use after free bug in imsttfb_probe drm/edid: Fix uninitialized variable in drm_cvt_modes() scripts/tags.sh: Resolve gtags empty index generation drm/amdgpu: Validate VM ioctl flags. treewide: Remove uninitialized_var() usage md/raid10: check slab-out-of-bounds in md_bitmap_get_counter md/raid10: fix overflow of md/safe_mode_delay md/raid10: fix wrong setting of max_corr_read_errors md/raid10: fix io loss while replacement replace rdev irqchip/jcore-aic: Kill use of irq_create_strict_mappings() irqchip/jcore-aic: Fix missing allocation of IRQ descriptors clocksource/drivers: Unify the names to timer-* format clocksource/drivers/cadence-ttc: Use ttc driver as platform driver clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe PM: domains: fix integer overflow issues in genpd_parse_state() ARM: 9303/1: kprobes: avoid missing-declaration warnings evm: Complete description of evm_inode_setattr() wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx samples/bpf: Fix buffer overflow in tcp_basertt wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() nfc: constify several pointers to u8, char and sk_buff nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect() wifi: orinoco: Fix an error handling path in spectrum_cs_probe() wifi: orinoco: Fix an error handling path in orinoco_cs_probe() wifi: atmel: Fix an error handling path in atmel_probe() wl3501_cs: Fix a bunch of formatting issues related to function docs wl3501_cs: Remove unnecessary NULL check wl3501_cs: Fix misspelling and provide missing documentation net: create netdev->dev_addr assignment helpers wl3501_cs: use eth_hw_addr_set() wifi: wl3501_cs: Fix an error handling path in wl3501_probe() wifi: ray_cs: Utilize strnlen() in parse_addr() wifi: ray_cs: Drop useless status variable in parse_addr() wifi: ray_cs: Fix an error handling path in ray_probe() wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config watchdog/perf: more properly prevent false positives with turbo modes kexec: fix a memory leak in crash_shrink_memory() memstick r592: make memstick_debug_get_tpc_name() static wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() wifi: ath9k: convert msecs to jiffies where needed netlink: fix potential deadlock in netlink_set_err() netlink: do not hard code device address lenth in fdb dumps gtp: Fix use-after-free in __gtp_encap_destroy(). lib/ts_bm: reset initial match offset for every block of text netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. ipvlan: Fix return value of ipvlan_queue_xmit() netlink: Add __sock_i_ino() for __netlink_diag_dump(). radeon: avoid double free in ci_dpm_init() Input: drv260x - sleep between polling GO bit ARM: dts: BCM5301X: Drop "clock-names" from the SPI node Input: adxl34x - do not hardcode interrupt trigger type drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H ARM: ep93xx: fix missing-prototype warnings ASoC: es8316: Increment max value for ALC Capture Target Volume control soc/fsl/qe: fix usb.c build errors IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1 fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() drm/radeon: fix possible division-by-zero errors ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() PCI: Add pci_clear_master() stub for non-CONFIG_PCI pinctrl: cherryview: Return correct value if pin in push-pull mode perf dwarf-aux: Fix off-by-one in die_get_varname() pinctrl: at91-pio4: check return value of devm_kasprintf() hwrng: virtio - add an internal buffer hwrng: virtio - don't wait on cleanup hwrng: virtio - don't waste entropy hwrng: virtio - always add a pending request hwrng: virtio - Fix race on data_avail and actual data crypto: nx - fix build warnings when DEBUG_FS is not enabled modpost: fix section mismatch message for R_ARM_ABS32 modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} ARCv2: entry: comments about hardware auto-save on taken interrupts ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE ARCv2: entry: avoid a branch ARCv2: entry: rewrite to enable use of double load/stores LDD/STD ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard USB: serial: option: add LARA-R6 01B PIDs block: change all __u32 annotations to __be32 in affs_hardblocks.h w1: fix loop in w1_fini() sh: j2: Use ioremap() to translate device tree address into kernel memory media: usb: Check az6007_read() return value media: videodev2.h: Fix struct v4l2_input tuner index comment media: usb: siano: Fix warning due to null work_func_t function pointer extcon: Fix kernel doc of property fields to avoid warnings extcon: Fix kernel doc of property capability fields to avoid warnings usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() mfd: rt5033: Drop rt5033-battery sub-device KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes mfd: intel-lpss: Add missing check for platform_get_resource mfd: stmpe: Only disable the regulators if they are enabled rtc: st-lpc: Release some resources in st_rtc_probe() in case of error sctp: fix potential deadlock on &net->sctp.addr_wq_lock Add MODULE_FIRMWARE() for FIRMWARE_TG357766. spi: bcm-qspi: return error if neither hif_mspi nor mspi is available mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 f2fs: fix error path handling in truncate_dnode() powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode tcp: annotate data races in __tcp_oow_rate_limited() net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX sh: dma: Fix DMA channel offset calculation i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() i2c: xiic: Don't try to handle more interrupt events after error ALSA: jack: Fix mutex call in snd_jack_report() NFSD: add encoding of op_recall flag for write delegation mmc: core: disable TRIM on Kingston EMMC04G-M627 mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M bcache: Remove unnecessary NULL point check in node allocations integrity: Fix possible multiple allocation in integrity_inode_get() jffs2: reduce stack usage in jffs2_build_xattr_subsystem() btrfs: fix race when deleting quota root from the dirty cow roots list ARM: orion5x: fix d2net gpio initialization spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg spi: spi-fsl-spi: relax message sanity checking a little spi: spi-fsl-spi: allow changing bits_per_word while CS is still active netfilter: nf_tables: fix nat hook table deletion netfilter: nf_tables: add rescheduling points during loop detection walks netfilter: nftables: add helper function to set the base sequence number netfilter: add helper function to set up the nfnetlink header and use it netfilter: nf_tables: use net_generic infra for transaction data netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain netfilter: nf_tables: reject unbound anonymous set before commit phase netfilter: nf_tables: unbind non-anonymous set if rule construction fails netfilter: nf_tables: fix scheduling-while-atomic splat netfilter: conntrack: Avoid nf_ct_helper_hash uses after free netfilter: nf_tables: prevent OOB access in nft_byteorder_eval net: lan743x: Don't sleep in atomic context workqueue: clean up WORK_* constant types, clarify masking net: mvneta: fix txq_map in case of txq_number==1 vrf: Increment Icmp6InMsgs on the original netdev icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). udp6: fix udp6_ehashfn() typo ntb: idt: Fix error handling in idt_pci_driver_init() NTB: amd: Fix error handling in amd_ntb_pci_driver_init() ntb: intel: Fix error handling in intel_ntb_pci_driver_init() NTB: ntb_transport: fix possible memory leak while device_register() fails NTB: ntb_tool: Add check for devm_kcalloc ipv6/addrconf: fix a potential refcount underflow for idev wifi: airo: avoid uninitialized warning in airo_get_rate() net/sched: make psched_mtu() RTNL-less safe pinctrl: amd: Fix mistake in handling clearing pins at startup pinctrl: amd: Detect internal GPIO0 debounce handling pinctrl: amd: Only use special debounce behavior for GPIO 0 tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation net: bcmgenet: Ensure MDIO unregistration has clocks enabled SUNRPC: Fix UAF in svc_tcp_listen_data_ready() perf intel-pt: Fix CYC timestamps after standalone CBR ext4: fix wrong unit use in ext4_mb_clear_bb ext4: only update i_reserved_data_blocks on successful block allocation jfs: jfs_dmap: Validate db_l2nbperpage while mounting PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 PCI: qcom: Disable write access to read only registers for IP v2.3.3 PCI: rockchip: Assert PCI Configuration Enable bit after probe PCI: rockchip: Write PCI Device ID to correct register PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core PCI: rockchip: Use u32 variable to access 32-bit registers misc: pci_endpoint_test: Free IRQs before removing the device misc: pci_endpoint_test: Re-init completion for every test md/raid0: add discard support for the 'original' layout fs: dlm: return positive pid value for F_GETLK serial: atmel: don't enable IRQs prematurely hwrng: imx-rngc - fix the timeout for init and self check ceph: don't let check_caps skip sending responses for revoke msgs meson saradc: fix clock divider mask length Revert "8250: add support for ASIX devices with a FIFO bug" tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk ring-buffer: Fix deadloop issue on reading trace_pipe xtensa: ISS: fix call to split_if_spec scsi: qla2xxx: Wait for io return on terminate rport scsi: qla2xxx: Fix potential NULL pointer dereference scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() scsi: qla2xxx: Pointer may be dereferenced drm/atomic: Fix potential use-after-free in nonblocking commits tracing/histograms: Add histograms to hist_vars if they have referenced variables perf probe: Add test for regression introduced by switch to die_get_decl_file() fuse: revalidate: don't invalidate if interrupted can: bcm: Fix UAF in bcm_proc_show() ext4: correct inline offset when handling xattrs in inode body debugobjects: Recheck debug_objects_enabled before reporting nbd: Add the maximum limit of allocated index in nbd_dev_add md: fix data corruption for raid456 when reshape restart while grow up md/raid10: prevent soft lockup while flush writes posix-timers: Ensure timer ID search-loop limit is valid sched/fair: Don't balance task to its current running CPU bpf: Address KCSAN report on bpf_lru_list wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() wifi: iwlwifi: mvm: avoid baid size integer overflow igb: Fix igb_down hung on surprise removal spi: bcm63xx: fix max prepend length fbdev: imxfb: warn about invalid left/right margin pinctrl: amd: Use amd_pinconf_set() for all config options net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field() net:ipv6: check return value of pskb_trim() Revert "tcp: avoid the lookup process failing to get sk in ehash table" fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe llc: Don't drop packet from non-root netns. netfilter: nf_tables: fix spurious set element insertion failure netfilter: nf_tables: can't schedule in nft_chain_validate net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX tcp: annotate data-races around tp->linger2 tcp: annotate data-races around rskq_defer_accept tcp: annotate data-races around tp->notsent_lowat tcp: annotate data-races around fastopenq.max_qlen tracing/histograms: Return an error if we fail to add histogram to hist_vars list gpio: tps68470: Make tps68470_gpio_output() always set the initial value bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set bcache: remove 'int n' from parameter list of bch_bucket_alloc_set() bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent btrfs: fix extent buffer leak after tree mod log failure at split_node() ext4: rename journal_dev to s_journal_dev inside ext4_sb_info ext4: Fix reusing stale buffer heads from last failed mounting PCI: Rework pcie_retrain_link() wait loop PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() PCI/ASPM: Factor out pcie_wait_for_retrain() PCI/ASPM: Avoid link retraining race dlm: cleanup plock_op vs plock_xop dlm: rearrange async condition return fs: dlm: interrupt posix locks only when process is killed ftrace: Add information on number of page groups allocated ftrace: Check if pages were allocated before calling free_pages() ftrace: Store the order of pages allocated in ftrace_page ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c scsi: qla2xxx: Array index may go out of bound ext4: fix to check return value of freeze_bdev() in ext4_shutdown() i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() ethernet: atheros: fix return value check in atl1e_tso_csum() ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address tcp: Reduce chance of collisions in inet6_hashfn(). bonding: reset bond's flags when down link is P2P device team: reset team's flags when down link is P2P device platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 net/sched: mqprio: refactor nlattr parsing to a separate function net/sched: mqprio: add extack to mqprio_parse_nlattr() net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64 benet: fix return value check in be_lancer_xmit_workarounds() RDMA/mlx4: Make check for invalid flags stricter drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() ASoC: fsl_spdif: Silence output on stop block: Fix a source code comment in include/uapi/linux/blkzoned.h dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths ata: pata_ns87415: mark ns87560_tf_read static ring-buffer: Fix wrong stat of cpu_buffer->read tracing: Fix warning in trace_buffered_event_disable() USB: serial: option: support Quectel EM060K_128 USB: serial: option: add Quectel EC200A module support USB: serial: simple: add Kaufmann RKS+CAN VCP USB: serial: simple: sort driver entries can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED Revert "usb: dwc3: core: Enable AutoRetry feature in the controller" usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy usb: dwc3: don't reset device side if dwc3 was configured as host-only usb: ohci-at91: Fix the unhandle interrupt when resume USB: quirks: add quirk for Focusrite Scarlett usb: xhci-mtk: set the dma max_seg_size Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group Documentation: security-bugs.rst: clarify CVE handling staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled btrfs: check for commit error at btrfs_attach_transaction_barrier() tpm_tis: Explicitly check for error code irq-bcm6345-l1: Do not assume a fixed block to cpu mapping serial: 8250_dw: split Synopsys DesignWare 8250 common functions serial: 8250_dw: Preserve original value of DLF register virtio-net: fix race between set queues and probe s390/dasd: fix hanging device after quiesce/resume ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register dm cache policy smq: ensure IO doesn't prevent cleaner policy progress drm/client: Fix memory leak in drm_client_target_cloned net/sched: cls_fw: Fix improper refcount update leads to use-after-free net/sched: sch_qfq: account for stab overhead in qfq_enqueue ASoC: cs42l51: fix driver to properly autoload with automatic module loading net/sched: cls_u32: Fix reference counter leak leading to overflow perf: Fix function pointer case loop: Select I/O scheduler 'none' from inside add_disk() word-at-a-time: use the same return type for has_zero regardless of endianness KVM: s390: fix sthyi error handling net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() perf test uprobe_from_different_cu: Skip if there is no gcc net: sched: cls_u32: Fix match key mis-addressing net: add missing data-race annotations around sk->sk_peek_off net: add missing data-race annotation for sk_ll_usec net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free ip6mr: Fix skb_under_panic in ip6mr_cache_report() tcp_metrics: fix addr_same() helper tcp_metrics: annotate data-races around tm->tcpm_stamp tcp_metrics: annotate data-races around tm->tcpm_lock tcp_metrics: annotate data-races around tm->tcpm_vals[] tcp_metrics: annotate data-races around tm->tcpm_net tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen scsi: zfcp: Defer fc_rport blocking until after ADISC response libceph: fix potential hang in ceph_osdc_notify() USB: zaurus: Add ID for A-300/B-500/C-700 fs/sysv: Null check to prevent null-ptr-deref bug Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb ext2: Drop fragment support test_firmware: fix a memory leak with reqs buffer test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation mtd: rawnand: omap_elm: Fix incorrect type in assignment powerpc/mm/altmap: Fix altmap boundary check PM / wakeirq: support enabling wake-up irq after runtime_suspend called PM: sleep: wakeirq: fix wake irq arming ARM: dts: imx6sll: Make ssi node name same as other platforms ARM: dts: imx: add usb alias ARM: dts: imx6sll: fixup of operating points ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions arm64: dts: stratix10: fix incorrect I2C property for SCL signal drm/edid: fix objtool warning in drm_cvt_modes() Linux 4.19.291 Change-Id: I4f78e25efd18415989ecf5e227a17e05b0d6386c Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Greg Kroah-Hartman
|
2a9e108639 |
Merge 4.19.290 into android-4.19-stable
Changes in 4.19.290 init: Provide arch_cpu_finalize_init() x86/cpu: Switch to arch_cpu_finalize_init() ARM: cpu: Switch to arch_cpu_finalize_init() ia64/cpu: Switch to arch_cpu_finalize_init() m68k/cpu: Switch to arch_cpu_finalize_init() mips/cpu: Switch to arch_cpu_finalize_init() sh/cpu: Switch to arch_cpu_finalize_init() sparc/cpu: Switch to arch_cpu_finalize_init() um/cpu: Switch to arch_cpu_finalize_init() init: Remove check_bugs() leftovers init: Invoke arch_cpu_finalize_init() earlier init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() x86/fpu: Remove cpuinfo argument from init functions x86/fpu: Mark init functions __init x86/fpu: Move FPU initialization into arch_cpu_finalize_init() x86/speculation: Add Gather Data Sampling mitigation x86/speculation: Add force option to GDS mitigation x86/speculation: Add Kconfig option for GDS KVM: Add GDS_NO support to KVM x86/xen: Fix secondary processors' FPU initialization Documentation/x86: Fix backwards on/off logic about YMM support xen/netback: Fix buffer overrun triggered by unusual packet x86: fix backwards merge of GDS/SRSO bit Linux 4.19.290 Change-Id: I699dd469dfb5a6cbe3ed2ae723a945b9f769922d Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Arnd Bergmann
|
648114eea9 |
x86: Move gds_ucode_mitigated() declaration to header
commit eb3515dc99c7c85f4170b50838136b2a193f8012 upstream. The declaration got placed in the .c file of the caller, but that causes a warning for the definition: arch/x86/kernel/cpu/bugs.c:682:6: error: no previous prototype for 'gds_ucode_mitigated' [-Werror=missing-prototypes] Move it to a header where both sides can observe it instead. Fixes: 81ac7e5d74174 ("KVM: Add GDS_NO support to KVM") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Tested-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Cc: stable@kernel.org Link: https://lore.kernel.org/all/20230809130530.1913368-2-arnd%40kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Kirill A. Shutemov
|
97319157e2 |
x86/mm: Fix VDSO and VVAR placement on 5-level paging machines
commit 1b8b1aa90c9c0e825b181b98b8d9e249dc395470 upstream.
Yingcong has noticed that on the 5-level paging machine, VDSO and VVAR
VMAs are placed above the 47-bit border:
8000001a9000-8000001ad000 r--p 00000000 00:00 0 [vvar]
8000001ad000-8000001af000 r-xp 00000000 00:00 0 [vdso]
This might confuse users who are not aware of 5-level paging and expect
all userspace addresses to be under the 47-bit border.
So far problem has only been triggered with ASLR disabled, although it
may also occur with ASLR enabled if the layout is randomized in a just
right way.
The problem happens due to custom placement for the VMAs in the VDSO
code: vdso_addr() tries to place them above the stack and checks the
result against TASK_SIZE_MAX, which is wrong. TASK_SIZE_MAX is set to
the 56-bit border on 5-level paging machines. Use DEFAULT_MAP_WINDOW
instead.
Fixes:
|
||
Cristian Ciocaltea
|
c93cbf9f79 |
x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405
commit 6dbef74aeb090d6bee7d64ef3fa82ae6fa53f271 upstream. Commit 522b1d69219d ("x86/cpu/amd: Add a Zenbleed fix") provided a fix for the Zen2 VZEROUPPER data corruption bug affecting a range of CPU models, but the AMD Custom APU 0405 found on SteamDeck was not listed, although it is clearly affected by the vulnerability. Add this CPU variant to the Zenbleed erratum list, in order to unconditionally enable the fallback fix until a proper microcode update is available. Fixes: 522b1d69219d ("x86/cpu/amd: Add a Zenbleed fix") Signed-off-by: Cristian Ciocaltea <cristian.ciocaltea@collabora.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20230811203705.1699914-1-cristian.ciocaltea@collabora.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Kees Cook
|
b7e389235c |
treewide: Remove uninitialized_var() usage
commit 3f649ab728cda8038259d8f14492fe400fbab911 upstream. Using uninitialized_var() is dangerous as it papers over real bugs[1] (or can in the future), and suppresses unrelated compiler warnings (e.g. "unused variable"). If the compiler thinks it is uninitialized, either simply initialize the variable or make compiler changes. In preparation for removing[2] the[3] macro[4], remove all remaining needless uses with the following script: git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \ xargs perl -pi -e \ 's/\buninitialized_var\(([^\)]+)\)/\1/g; s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;' drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid pathological white-space. No outstanding warnings were found building allmodconfig with GCC 9.3.0 for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64, alpha, and m68k. [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/ [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/ [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/ [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/ Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5 Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Thomas Gleixner
|
e3bdff437d |
x86/smp: Use dedicated cache-line for mwait_play_dead()
commit f9c9987bf52f4e42e940ae217333ebb5a4c3b506 upstream. Monitoring idletask::thread_info::flags in mwait_play_dead() has been an obvious choice as all what is needed is a cache line which is not written by other CPUs. But there is a use case where a "dead" CPU needs to be brought out of MWAIT: kexec(). This is required as kexec() can overwrite text, pagetables, stacks and the monitored cacheline of the original kernel. The latter causes MWAIT to resume execution which obviously causes havoc on the kexec kernel which results usually in triple faults. Use a dedicated per CPU storage to prepare for that. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Ashok Raj <ashok.raj@intel.com> Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de> Cc: stable@vger.kernel.org Link: https://lore.kernel.org/r/20230615193330.434553750@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
cb0bd59919 |
x86: fix backwards merge of GDS/SRSO bit
Stable-tree-only change. Due to the way the GDS and SRSO patches flowed into the stable tree, it was a 50% chance that the merge of the which value GDS and SRSO should be. Of course, I lost that bet, and chose the opposite of what Linus chose in commit 64094e7e3118 ("Merge tag 'gds-for-linus-2023-08-01' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip") Fix this up by switching the values to match what is now in Linus's tree as that is the correct value to mirror. Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Juergen Gross
|
64f142253b |
x86/xen: Fix secondary processors' FPU initialization
commit fe3e0a13e597c1c8617814bf9b42ab732db5c26e upstream. Moving the call of fpu__init_cpu() from cpu_init() to start_secondary() broke Xen PV guests, as those don't call start_secondary() for APs. Call fpu__init_cpu() in Xen's cpu_bringup(), which is the Xen PV replacement of start_secondary(). Fixes: b81fac906a8f ("x86/fpu: Move FPU initialization into arch_cpu_finalize_init()") Signed-off-by: Juergen Gross <jgross@suse.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com> Acked-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20230703130032.22916-1-jgross@suse.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniel Sneddon
|
1af834f2f4 |
KVM: Add GDS_NO support to KVM
commit 81ac7e5d741742d650b4ed6186c4826c1a0631a7 upstream Gather Data Sampling (GDS) is a transient execution attack using gather instructions from the AVX2 and AVX512 extensions. This attack allows malicious code to infer data that was previously stored in vector registers. Systems that are not vulnerable to GDS will set the GDS_NO bit of the IA32_ARCH_CAPABILITIES MSR. This is useful for VM guests that may think they are on vulnerable systems that are, in fact, not affected. Guests that are running on affected hosts where the mitigation is enabled are protected as if they were running on an unaffected system. On all hosts that are not affected or that are mitigated, set the GDS_NO bit. Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniel Sneddon
|
0461f60275 |
x86/speculation: Add Kconfig option for GDS
commit 53cf5797f114ba2bd86d23a862302119848eff19 upstream Gather Data Sampling (GDS) is mitigated in microcode. However, on systems that haven't received the updated microcode, disabling AVX can act as a mitigation. Add a Kconfig option that uses the microcode mitigation if available and disables AVX otherwise. Setting this option has no effect on systems not affected by GDS. This is the equivalent of setting gather_data_sampling=force. Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniel Sneddon
|
91e24758cd |
x86/speculation: Add force option to GDS mitigation
commit 553a5c03e90a6087e88f8ff878335ef0621536fb upstream The Gather Data Sampling (GDS) vulnerability allows malicious software to infer stale data previously stored in vector registers. This may include sensitive data such as cryptographic keys. GDS is mitigated in microcode, and systems with up-to-date microcode are protected by default. However, any affected system that is running with older microcode will still be vulnerable to GDS attacks. Since the gather instructions used by the attacker are part of the AVX2 and AVX512 extensions, disabling these extensions prevents gather instructions from being executed, thereby mitigating the system from GDS. Disabling AVX2 is sufficient, but we don't have the granularity to do this. The XCR0[2] disables AVX, with no option to just disable AVX2. Add a kernel parameter gather_data_sampling=force that will enable the microcode mitigation if available, otherwise it will disable AVX on affected systems. This option will be ignored if cmdline mitigations=off. This is a *big* hammer. It is known to break buggy userspace that uses incomplete, buggy AVX enumeration. Unfortunately, such userspace does exist in the wild: https://www.mail-archive.com/bug-coreutils@gnu.org/msg33046.html [ dhansen: add some more ominous warnings about disabling AVX ] Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Daniel Sneddon
|
e81494b725 |
x86/speculation: Add Gather Data Sampling mitigation
commit 8974eb588283b7d44a7c91fa09fcbaf380339f3a upstream Gather Data Sampling (GDS) is a hardware vulnerability which allows unprivileged speculative access to data which was previously stored in vector registers. Intel processors that support AVX2 and AVX512 have gather instructions that fetch non-contiguous data elements from memory. On vulnerable hardware, when a gather instruction is transiently executed and encounters a fault, stale data from architectural or internal vector registers may get transiently stored to the destination vector register allowing an attacker to infer the stale data using typical side channel techniques like cache timing attacks. This mitigation is different from many earlier ones for two reasons. First, it is enabled by default and a bit must be set to *DISABLE* it. This is the opposite of normal mitigation polarity. This means GDS can be mitigated simply by updating microcode and leaving the new control bit alone. Second, GDS has a "lock" bit. This lock bit is there because the mitigation affects the hardware security features KeyLocker and SGX. It needs to be enabled and *STAY* enabled for these features to be mitigated against GDS. The mitigation is enabled in the microcode by default. Disable it by setting gather_data_sampling=off or by disabling all mitigations with mitigations=off. The mitigation status can be checked by reading: /sys/devices/system/cpu/vulnerabilities/gather_data_sampling Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Thomas Gleixner
|
2323f10586 |
x86/fpu: Move FPU initialization into arch_cpu_finalize_init()
commit b81fac906a8f9e682e513ddd95697ec7a20878d4 upstream Initializing the FPU during the early boot process is a pointless exercise. Early boot is convoluted and fragile enough. Nothing requires that the FPU is set up early. It has to be initialized before fork_init() because the task_struct size depends on the FPU register buffer size. Move the initialization to arch_cpu_finalize_init() which is the perfect place to do so. No functional change. This allows to remove quite some of the custom early command line parsing, but that's subject to the next installment. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20230613224545.902376621@linutronix.de Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Thomas Gleixner
|
542dac0633 |
x86/fpu: Mark init functions __init
commit 1703db2b90c91b2eb2d699519fc505fe431dde0e upstream No point in keeping them around. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20230613224545.841685728@linutronix.de Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Thomas Gleixner
|
7c7bb95ece |
x86/fpu: Remove cpuinfo argument from init functions
commit 1f34bb2a24643e0087652d81078e4f616562738d upstream Nothing in the call chain requires it Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20230613224545.783704297@linutronix.de Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Thomas Gleixner
|
211ec614c9 |
init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init()
commit 439e17576eb47f26b78c5bbc72e344d4206d2327 upstream Invoke the X86ism mem_encrypt_init() from X86 arch_cpu_finalize_init() and remove the weak fallback from the core code. No functional change. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Link: https://lore.kernel.org/r/20230613224545.670360645@linutronix.de Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Thomas Gleixner
|
047ac82a3a |
x86/cpu: Switch to arch_cpu_finalize_init()
commit 7c7077a72674402654f3291354720cd73cdf649e upstream check_bugs() is a dumping ground for finalizing the CPU bringup. Only parts of it has to do with actual CPU bugs. Split it apart into arch_cpu_finalize_init() and cpu_select_mitigations(). Fixup the bogus 32bit comments while at it. No functional change. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/20230613224545.019583869@linutronix.de Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
5958b69937 |
This is the 4.19.289 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAmS+sQgACgkQONu9yGCS aT57rw/9EP/+Qt70LPLV8jzDPJRaWDjD9Tbr+b4vCL8TkU7gJK/9sIWafM3RlMM9 74wwP5J7Mmw+91tW2Gl89gapfAl9Ax5SSwWYXdAM/SFwLHaWMb1ylr+uFwxWLeQ4 3hqxXO/HhgrIDFQPi9fp1VUorlOcOaSUTPA4nB3PDVsvXOHODSdq08o7Er2Tps2L lqy7JtAmo3cVbTP5C5foMBLJvRjk2pK8OpNVswXfe3Mc/KHlTLFe8gCJYJR7TCuH mdGdkxGpsDdlQl5JQdekAFUATBFR5yl5iqBl1lo4yaULoRZP54yPDWDpDm+LG00d nW6wfCpO3+GW+UszMHg0pGqkrYkZHQ6Tdj8fUvEf+Ykmv9aW/itVoT5BTruHItvi 53JyurHTZhuVlToHZYRuJpfOnUzoTptOqQSYvgEDw+1mRu+VjhV3SmzVndf1DP1P AgSc/87Y+aeC9Z0NtTNlMUQPlzyE6nIX13wduHnbOawdwhBCoXAA6aFPRPe+A7gr 2s8qoajmdM7vE1h7O0JsiCLRk6CFQZpApnGSfjz1uYygDOIArKoEulA+bkBJSOUe h2UTtjsWVY4VhjN682DG7J2wsfEMogy/ssFcKDGKHiORV0t73uOM87CW35wU4Vx7 WSYONO5kuClhnoF+BctWgKOc7xAfnxkoxvV3hEdlBjR+/kOFjhQ= =/2cy -----END PGP SIGNATURE----- Merge 4.19.289 into android-4.19-stable Changes in 4.19.289 x86/microcode/AMD: Load late on both threads too x86/cpu/amd: Move the errata checking functionality up x86/cpu/amd: Add a Zenbleed fix Linux 4.19.289 Change-Id: Ib71b14444b7b3da46ebdcfc747f9dd9d9e1c5ccf Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Borislav Petkov (AMD)
|
cfef7bbf0d |
x86/cpu/amd: Add a Zenbleed fix
Upstream commit: 522b1d69219d8f083173819fde04f994aa051a98 Add a fix for the Zen2 VZEROUPPER data corruption bug where under certain circumstances executing VZEROUPPER can cause register corruption or leak data. The optimal fix is through microcode but in the case the proper microcode revision has not been applied, enable a fallback fix using a chicken bit. Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Borislav Petkov (AMD)
|
5bb1e29bf5 |
x86/cpu/amd: Move the errata checking functionality up
Upstream commit: 8b6f687743dacce83dbb0c7cfacf88bab00f808a Avoid new and remove old forward declarations. No functional changes. Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |