7382 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
Andy Lutomirski
|
450325f09f |
UPSTREAM: random: remove the blocking pool
There is no longer any interface to read data from the blocking pool, so remove it. This enables quite a bit of code deletion, much of which will be done in subsequent patches. Signed-off-by: Andy Lutomirski <luto@kernel.org> Link: https://lore.kernel.org/r/511225a224bf0a291149d3c0b8b45393cd03ab96.1577088521.git.luto@kernel.org Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 90ea1c6436d26e62496616fb5891e00819ff4849) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I0ccca476cfbed9e17ab8c3bec4808adb117b57a7 |
||
Andy Lutomirski
|
b6fbe34c23 |
UPSTREAM: random: make /dev/random be almost like /dev/urandom
This patch changes the read semantics of /dev/random to be the same as /dev/urandom except that reads will block until the CRNG is ready. None of the cleanups that this enables have been done yet. As a result, this gives a warning about an unused function. Signed-off-by: Andy Lutomirski <luto@kernel.org> Link: https://lore.kernel.org/r/5e6ac8831c6cf2e56a7a4b39616d1732b2bdd06c.1577088521.git.luto@kernel.org Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 30c08efec8884fb106b8e57094baa51bb4c44e32) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I40d6f5b535aca178419cb4f7821b4a9105367c51 |
||
Andy Lutomirski
|
56449c8657 |
UPSTREAM: random: Add a urandom_read_nowait() for random APIs that don't warn
/dev/random and getrandom() never warn. Split the meat of urandom_read() into urandom_read_nowarn() and leave the warning code in urandom_read(). This has no effect on kernel behavior, but it makes subsequent patches more straightforward. It also makes the fact that getrandom() never warns more obvious. Signed-off-by: Andy Lutomirski <luto@kernel.org> Link: https://lore.kernel.org/r/c87ab200588de746431d9f916501ef11e5242b13.1577088521.git.luto@kernel.org Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit c6f1deb158789abba02a7eba600747843eeb3a57) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: Iaf34ab88dac9c6a0e217d48543d1d26be32591e5 |
||
Andy Lutomirski
|
433601243f |
UPSTREAM: random: Don't wake crng_init_wait when crng_init == 1
crng_init_wait is only used to wayt for crng_init to be set to 2, so there's no point to waking it when crng_init is set to 1. Remove the unnecessary wake_up_interruptible() call. Signed-off-by: Andy Lutomirski <luto@kernel.org> Link: https://lore.kernel.org/r/6fbc0bfcbfc1fa2c76fd574f5b6f552b11be7fde.1577088521.git.luto@kernel.org Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 4c8d062186d9923c09488716b2fb1b829b5b8006) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I472e05f72ffce40683aa187aaf0870af39007ac8 |
||
Sergey Senozhatsky
|
4111ca6a8f |
UPSTREAM: char/random: silence a lockdep splat with printk()
Sergey didn't like the locking order, uart_port->lock -> tty_port->lock uart_write (uart_port->lock) __uart_start pl011_start_tx pl011_tx_chars uart_write_wakeup tty_port_tty_wakeup tty_port_default tty_port_tty_get (tty_port->lock) but those code is so old, and I have no clue how to de-couple it after checking other locks in the splat. There is an onging effort to make all printk() as deferred, so until that happens, workaround it for now as a short-term fix. LTP: starting iogen01 (export LTPROOT; rwtest -N iogen01 -i 120s -s read,write -Da -Dv -n 2 500b:$TMPDIR/doio.f1.$$ 1000b:$TMPDIR/doio.f2.$$) WARNING: possible circular locking dependency detected ------------------------------------------------------ doio/49441 is trying to acquire lock: ffff008b7cff7290 (&(&zone->lock)->rlock){..-.}, at: rmqueue+0x138/0x2050 but task is already holding lock: 60ff000822352818 (&pool->lock/1){-.-.}, at: start_flush_work+0xd8/0x3f0 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #4 (&pool->lock/1){-.-.}: lock_acquire+0x320/0x360 _raw_spin_lock+0x64/0x80 __queue_work+0x4b4/0xa10 queue_work_on+0xac/0x11c tty_schedule_flip+0x84/0xbc tty_flip_buffer_push+0x1c/0x28 pty_write+0x98/0xd0 n_tty_write+0x450/0x60c tty_write+0x338/0x474 __vfs_write+0x88/0x214 vfs_write+0x12c/0x1a4 redirected_tty_write+0x90/0xdc do_loop_readv_writev+0x140/0x180 do_iter_write+0xe0/0x10c vfs_writev+0x134/0x1cc do_writev+0xbc/0x130 __arm64_sys_writev+0x58/0x8c el0_svc_handler+0x170/0x240 el0_sync_handler+0x150/0x250 el0_sync+0x164/0x180 -> #3 (&(&port->lock)->rlock){-.-.}: lock_acquire+0x320/0x360 _raw_spin_lock_irqsave+0x7c/0x9c tty_port_tty_get+0x24/0x60 tty_port_default_wakeup+0x1c/0x3c tty_port_tty_wakeup+0x34/0x40 uart_write_wakeup+0x28/0x44 pl011_tx_chars+0x1b8/0x270 pl011_start_tx+0x24/0x70 __uart_start+0x5c/0x68 uart_write+0x164/0x1c8 do_output_char+0x33c/0x348 n_tty_write+0x4bc/0x60c tty_write+0x338/0x474 redirected_tty_write+0xc0/0xdc do_loop_readv_writev+0x140/0x180 do_iter_write+0xe0/0x10c vfs_writev+0x134/0x1cc do_writev+0xbc/0x130 __arm64_sys_writev+0x58/0x8c el0_svc_handler+0x170/0x240 el0_sync_handler+0x150/0x250 el0_sync+0x164/0x180 -> #2 (&port_lock_key){-.-.}: lock_acquire+0x320/0x360 _raw_spin_lock+0x64/0x80 pl011_console_write+0xec/0x2cc console_unlock+0x794/0x96c vprintk_emit+0x260/0x31c vprintk_default+0x54/0x7c vprintk_func+0x218/0x254 printk+0x7c/0xa4 register_console+0x734/0x7b0 uart_add_one_port+0x734/0x834 pl011_register_port+0x6c/0xac sbsa_uart_probe+0x234/0x2ec platform_drv_probe+0xd4/0x124 really_probe+0x250/0x71c driver_probe_device+0xb4/0x200 __device_attach_driver+0xd8/0x188 bus_for_each_drv+0xbc/0x110 __device_attach+0x120/0x220 device_initial_probe+0x20/0x2c bus_probe_device+0x54/0x100 device_add+0xae8/0xc2c platform_device_add+0x278/0x3b8 platform_device_register_full+0x238/0x2ac acpi_create_platform_device+0x2dc/0x3a8 acpi_bus_attach+0x390/0x3cc acpi_bus_attach+0x108/0x3cc acpi_bus_attach+0x108/0x3cc acpi_bus_attach+0x108/0x3cc acpi_bus_scan+0x7c/0xb0 acpi_scan_init+0xe4/0x304 acpi_init+0x100/0x114 do_one_initcall+0x348/0x6a0 do_initcall_level+0x190/0x1fc do_basic_setup+0x34/0x4c kernel_init_freeable+0x19c/0x260 kernel_init+0x18/0x338 ret_from_fork+0x10/0x18 -> #1 (console_owner){-...}: lock_acquire+0x320/0x360 console_lock_spinning_enable+0x6c/0x7c console_unlock+0x4f8/0x96c vprintk_emit+0x260/0x31c vprintk_default+0x54/0x7c vprintk_func+0x218/0x254 printk+0x7c/0xa4 get_random_u64+0x1c4/0x1dc shuffle_pick_tail+0x40/0xac __free_one_page+0x424/0x710 free_one_page+0x70/0x120 __free_pages_ok+0x61c/0xa94 __free_pages_core+0x1bc/0x294 memblock_free_pages+0x38/0x48 __free_pages_memory+0xcc/0xfc __free_memory_core+0x70/0x78 free_low_memory_core_early+0x148/0x18c memblock_free_all+0x18/0x54 mem_init+0xb4/0x17c mm_init+0x14/0x38 start_kernel+0x19c/0x530 -> #0 (&(&zone->lock)->rlock){..-.}: validate_chain+0xf6c/0x2e2c __lock_acquire+0x868/0xc2c lock_acquire+0x320/0x360 _raw_spin_lock+0x64/0x80 rmqueue+0x138/0x2050 get_page_from_freelist+0x474/0x688 __alloc_pages_nodemask+0x3b4/0x18dc alloc_pages_current+0xd0/0xe0 alloc_slab_page+0x2b4/0x5e0 new_slab+0xc8/0x6bc ___slab_alloc+0x3b8/0x640 kmem_cache_alloc+0x4b4/0x588 __debug_object_init+0x778/0x8b4 debug_object_init_on_stack+0x40/0x50 start_flush_work+0x16c/0x3f0 __flush_work+0xb8/0x124 flush_work+0x20/0x30 xlog_cil_force_lsn+0x88/0x204 [xfs] xfs_log_force_lsn+0x128/0x1b8 [xfs] xfs_file_fsync+0x3c4/0x488 [xfs] vfs_fsync_range+0xb0/0xd0 generic_write_sync+0x80/0xa0 [xfs] xfs_file_buffered_aio_write+0x66c/0x6e4 [xfs] xfs_file_write_iter+0x1a0/0x218 [xfs] __vfs_write+0x1cc/0x214 vfs_write+0x12c/0x1a4 ksys_write+0xb0/0x120 __arm64_sys_write+0x54/0x88 el0_svc_handler+0x170/0x240 el0_sync_handler+0x150/0x250 el0_sync+0x164/0x180 other info that might help us debug this: Chain exists of: &(&zone->lock)->rlock --> &(&port->lock)->rlock --> &pool->lock/1 Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock(&pool->lock/1); lock(&(&port->lock)->rlock); lock(&pool->lock/1); lock(&(&zone->lock)->rlock); *** DEADLOCK *** 4 locks held by doio/49441: #0: a0ff00886fc27408 (sb_writers#8){.+.+}, at: vfs_write+0x118/0x1a4 #1: 8fff00080810dfe0 (&xfs_nondir_ilock_class){++++}, at: xfs_ilock+0x2a8/0x300 [xfs] #2: ffff9000129f2390 (rcu_read_lock){....}, at: rcu_lock_acquire+0x8/0x38 #3: 60ff000822352818 (&pool->lock/1){-.-.}, at: start_flush_work+0xd8/0x3f0 stack backtrace: CPU: 48 PID: 49441 Comm: doio Tainted: G W Hardware name: HPE Apollo 70 /C01_APACHE_MB , BIOS L50_5.13_1.11 06/18/2019 Call trace: dump_backtrace+0x0/0x248 show_stack+0x20/0x2c dump_stack+0xe8/0x150 print_circular_bug+0x368/0x380 check_noncircular+0x28c/0x294 validate_chain+0xf6c/0x2e2c __lock_acquire+0x868/0xc2c lock_acquire+0x320/0x360 _raw_spin_lock+0x64/0x80 rmqueue+0x138/0x2050 get_page_from_freelist+0x474/0x688 __alloc_pages_nodemask+0x3b4/0x18dc alloc_pages_current+0xd0/0xe0 alloc_slab_page+0x2b4/0x5e0 new_slab+0xc8/0x6bc ___slab_alloc+0x3b8/0x640 kmem_cache_alloc+0x4b4/0x588 __debug_object_init+0x778/0x8b4 debug_object_init_on_stack+0x40/0x50 start_flush_work+0x16c/0x3f0 __flush_work+0xb8/0x124 flush_work+0x20/0x30 xlog_cil_force_lsn+0x88/0x204 [xfs] xfs_log_force_lsn+0x128/0x1b8 [xfs] xfs_file_fsync+0x3c4/0x488 [xfs] vfs_fsync_range+0xb0/0xd0 generic_write_sync+0x80/0xa0 [xfs] xfs_file_buffered_aio_write+0x66c/0x6e4 [xfs] xfs_file_write_iter+0x1a0/0x218 [xfs] __vfs_write+0x1cc/0x214 vfs_write+0x12c/0x1a4 ksys_write+0xb0/0x120 __arm64_sys_write+0x54/0x88 el0_svc_handler+0x170/0x240 el0_sync_handler+0x150/0x250 el0_sync+0x164/0x180 Reviewed-by: Sergey Senozhatsky <sergey.senozhatsky.work@gmail.com> Signed-off-by: Qian Cai <cai@lca.pw> Link: https://lore.kernel.org/r/1573679785-21068-1-git-send-email-cai@lca.pw Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 1b710b1b10eff9d46666064ea25f079f70bc67a8) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I26b3dad2eb76ed1d4e0efa1c40299070c0e649ad |
||
Hsin-Yi Wang
|
cfbb70381f |
BACKPORT: fdt: add support for rng-seed
Introducing a chosen node, rng-seed, which is an entropy that can be passed to kernel called very early to increase initial device randomness. Bootloader should provide this entropy and the value is read from /chosen/rng-seed in DT. Obtain of_fdt_crc32 for CRC check after early_init_dt_scan_nodes(), since early_init_dt_scan_chosen() would modify fdt to erase rng-seed. Add a new interface add_bootloader_randomness() for rng-seed use case. Depends on whether the seed is trustworthy, rng seed would be passed to add_hwgenerator_randomness(). Otherwise it would be passed to add_device_randomness(). Decision is controlled by kernel config RANDOM_TRUST_BOOTLOADER. Signed-off-by: Hsin-Yi Wang <hsinyi@chromium.org> Reviewed-by: Stephen Boyd <swboyd@chromium.org> Reviewed-by: Rob Herring <robh@kernel.org> Reviewed-by: Theodore Ts'o <tytso@mit.edu> # drivers/char/random.c Signed-off-by: Will Deacon <will@kernel.org> (cherry picked from commit 428826f5358c922dc378830a1717b682c0823160) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I54fb81eb88b955ead400fd39180c0fa41de37c8e |
||
Theodore Ts'o
|
2296cc95a3 |
UPSTREAM: random: fix soft lockup when trying to read from an uninitialized blocking pool
Fixes: eb9d1bf079bb: "random: only read from /dev/random after its pool has received 128 bits" Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 58be0106c5306b939b07b4b8bf00669a20593f4b) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I87df025423848df2e8ff2ccb6856da073a385750 |
||
George Spelvin
|
4a22275376 |
UPSTREAM: random: document get_random_int() family
Explain what these functions are for and when they offer an advantage over get_random_bytes(). (We still need documentation on rng_is_initialized(), the random_ready_callback system, and early boot in general.) Signed-off-by: George Spelvin <lkml@sdf.org> Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 92e507d216139b356a375afbda2824e85235e748) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I8a218b2569a10ec1106ad04eebccbf26fd7e1ca3 |
||
Kees Cook
|
4ca103e6fa |
UPSTREAM: random: move rand_initialize() earlier
Right now rand_initialize() is run as an early_initcall(), but it only depends on timekeeping_init() (for mixing ktime_get_real() into the pools). However, the call to boot_init_stack_canary() for stack canary initialization runs earlier, which triggers a warning at boot: random: get_random_bytes called from start_kernel+0x357/0x548 with crng_init=0 Instead, this moves rand_initialize() to after timekeeping_init(), and moves canary initialization here as well. Note that this warning may still remain for machines that do not have UEFI RNG support (which initializes the RNG pools during setup_arch()), or for x86 machines without RDRAND (or booting without "random.trust=on" or CONFIG_RANDOM_TRUST_CPU=y). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit d55535232c3dbde9a523a9d10d68670f5fe5dec3) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: If2aec7b464244ae89bdcd0ce2c363c36645aaa6c |
||
Theodore Ts'o
|
94bf375691 |
UPSTREAM: random: only read from /dev/random after its pool has received 128 bits
Immediately after boot, we allow reads from /dev/random before its entropy pool has been fully initialized. Fix this so that we don't allow this until the blocking pool has received 128 bits. We do this by repurposing the initialized flag in the entropy pool struct, and use the initialized flag in the blocking pool to indicate whether it is safe to pull from the blocking pool. To do this, we needed to rework when we decide to push entropy from the input pool to the blocking pool, since the initialized flag for the input pool was used for this purpose. To simplify things, we no longer use the initialized flag for that purpose, nor do we use the entropy_total field any more. Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit eb9d1bf079bb438d1a066d72337092935fc770f6) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: Ic0f66f7f04b514446cdec4cab4a47a0d3a184886 |
||
Rasmus Villemoes
|
e7e09e4f9e |
UPSTREAM: drivers/char/random.c: make primary_crng static
Since the definition of struct crng_state is private to random.c, and primary_crng is neither declared or used elsewhere, there's no reason for that symbol to have external linkage. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 764ed189c82090c1d85f0e30636156736d8f09a8) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I717cda431b78bb99f3339461b6868308dd31cf12 |
||
Rasmus Villemoes
|
53a9c08400 |
UPSTREAM: drivers/char/random.c: remove unused stuct poolinfo::poolbits
This field is never used, might as well remove it. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 3bd0b5bf7dc3ea02070fcbcd682ecf628269e8ef) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I29de002717f8b600adb741e469fada15a9c0d25c |
||
Rasmus Villemoes
|
2bfadb401b |
UPSTREAM: drivers/char/random.c: constify poolinfo_table
Never modified, might as well be put in .rodata. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Signed-off-by: Theodore Ts'o <tytso@mit.edu> (cherry picked from commit 26e0854ab3310bbeef1ed404a2c87132fc91f8e1) Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 148665638 Change-Id: I764d96db977cdf1a6a890897033999793dc53848 |
||
Greg Kroah-Hartman
|
83b584a64c |
This is the 4.19.102 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl461NIACgkQONu9yGCS aT6Mqw//W5xIIcs0Ut+P+QYNN6lCTRJ0AvFUolz79M3pyK/rHUluwTvYJbDAeGE3 sckv96rE1pxj5ZSf6LegXIoALrA4RlYHS8xXkYnRrt6xfrb7UwpqsJtt4Mx+IrJ3 9uFfaWRSvuDfRCraZxLiE2Bl9xVYvaPfFJYBmH383VB+deYNfpwORFsqNDQT+gR6 PZLuV0x//Kerwmd4OvaaHR/fIl8YVKmIz5lu3+3WIuVKxTK6Bbd3YzVu13dhVaX2 mETflLEAO/sYsUQiS4SO22ejLAiWyD8LyMV8s9KeTFQXzML3JpibKnt3ySDfzsFE m8VRlaLcQwB0Ca2AVGHA5QV0+V+2+6qh/IcZl630feBueGQX59qLQkOurD4e/9lm Na6ZkLPTh9UipIfTu9fvA5HY5lPt2VcSWwG2nLluckfJIpKNFVQEB7vuk9zd7468 qkXmj/J1YDdJzt2YgD0WZuKu3f1/No7rXbNmT2Oj0+HNWWvIU9xFNFlIPAxo7pJy kwekd9+gHI0n1OhLRjzYUyf0pD+j0o75ZHsYYsUW0y6cGoWX/LmQ8JPFi+waHiov FOe8FJz/uDtfQnJ4+izAM5Jjbu1LE+L8uGoIExYAv4DuXgPZtI2wtHvP4HHM3Aov mDWLesMgizsroViv57aXC0C1ZPksPpGeHT+HcH7RnDQ0kQmpe3E= =2XGW -----END PGP SIGNATURE----- Merge 4.19.102 into android-4.19 Changes in 4.19.102 vfs: fix do_last() regression x86/resctrl: Fix use-after-free when deleting resource groups x86/resctrl: Fix use-after-free due to inaccurate refcount of rdtgroup x86/resctrl: Fix a deadlock due to inaccurate reference crypto: pcrypt - Fix user-after-free on module unload rsi: add hci detach for hibernation and poweroff rsi: fix use-after-free on failed probe and unbind perf c2c: Fix return type for histogram sorting comparision functions PM / devfreq: Add new name attribute for sysfs tools lib: Fix builds when glibc contains strlcpy() arm64: kbuild: remove compressed images on 'make ARCH=arm64 (dist)clean' ext4: validate the debug_want_extra_isize mount option at parse time mm/mempolicy.c: fix out of bounds write in mpol_parse_str() reiserfs: Fix memory leak of journal device string media: digitv: don't continue if remote control state can't be read media: af9005: uninitialized variable printked media: vp7045: do not read uninitialized values if usb transfer fails media: gspca: zero usb_buf media: dvb-usb/dvb-usb-urb.c: initialize actlen to 0 tomoyo: Use atomic_t for statistics counter ttyprintk: fix a potential deadlock in interrupt context issue Bluetooth: Fix race condition in hci_release_sock() cgroup: Prevent double killing of css when enabling threaded cgroup media: si470x-i2c: Move free() past last use of 'radio' ARM: dts: sun8i: a83t: Correct USB3503 GPIOs polarity ARM: dts: am57xx-beagle-x15/am57xx-idk: Remove "gpios" for endpoint dt nodes ARM: dts: beagle-x15-common: Model 5V0 regulator soc: ti: wkup_m3_ipc: Fix race condition with rproc_boot tools lib traceevent: Fix memory leakage in filter_event rseq: Unregister rseq for clone CLONE_VM clk: sunxi-ng: h6-r: Fix AR100/R_APB2 parent order mac80211: mesh: restrict airtime metric to peered established plinks clk: mmp2: Fix the order of timer mux parents ASoC: rt5640: Fix NULL dereference on module unload ixgbevf: Remove limit of 10 entries for unicast filter list ixgbe: Fix calculation of queue with VFs and flow director on interface flap igb: Fix SGMII SFP module discovery for 100FX/LX. platform/x86: GPD pocket fan: Allow somewhat lower/higher temperature limits ASoC: sti: fix possible sleep-in-atomic qmi_wwan: Add support for Quectel RM500Q parisc: Use proper printk format for resource_size_t wireless: fix enabling channel 12 for custom regulatory domain cfg80211: Fix radar event during another phy CAC mac80211: Fix TKIP replay protection immediately after key setup wireless: wext: avoid gcc -O3 warning netfilter: nft_tunnel: ERSPAN_VERSION must not be null net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec bnxt_en: Fix ipv6 RFS filter matching logic. riscv: delete temporary files iwlwifi: Don't ignore the cap field upon mcc update ARM: dts: am335x-boneblack-common: fix memory size vti[6]: fix packet tx through bpf_redirect() xfrm interface: fix packet tx through bpf_redirect() xfrm: interface: do not confirm neighbor when do pmtu update scsi: fnic: do not queue commands during fwreset ARM: 8955/1: virt: Relax arch timer version check during early boot tee: optee: Fix compilation issue with nommu airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE r8152: get default setting of WOL before initializing ARM: dts: am43x-epos-evm: set data pin directions for spi0 and spi1 qlcnic: Fix CPU soft lockup while collecting firmware dump powerpc/fsl/dts: add fsl,erratum-a011043 net/fsl: treat fsl,erratum-a011043 net: fsl/fman: rename IF_MODE_XGMII to IF_MODE_10G seq_tab_next() should increase position index l2t_seq_next should increase position index net: Fix skb->csum update in inet_proto_csum_replace16(). btrfs: do not zero f_bavail if we have available space perf report: Fix no libunwind compiled warning break s390 issue mm/migrate.c: also overwrite error when it is bigger than zero Linux 4.19.102 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ia9b63c7932b66f469ab0e88467e1e07741408f0b |
||
Zhenzhong Duan
|
fb56687038 |
ttyprintk: fix a potential deadlock in interrupt context issue
commit 9a655c77ff8fc65699a3f98e237db563b37c439b upstream. tpk_write()/tpk_close() could be interrupted when holding a mutex, then in timer handler tpk_write() may be called again trying to acquire same mutex, lead to deadlock. Google syzbot reported this issue with CONFIG_DEBUG_ATOMIC_SLEEP enabled: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:938 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 0, name: swapper/1 1 lock held by swapper/1/0: ... Call Trace: <IRQ> dump_stack+0x197/0x210 ___might_sleep.cold+0x1fb/0x23e __might_sleep+0x95/0x190 __mutex_lock+0xc5/0x13c0 mutex_lock_nested+0x16/0x20 tpk_write+0x5d/0x340 resync_tnc+0x1b6/0x320 call_timer_fn+0x1ac/0x780 run_timer_softirq+0x6c3/0x1790 __do_softirq+0x262/0x98c irq_exit+0x19b/0x1e0 smp_apic_timer_interrupt+0x1a3/0x610 apic_timer_interrupt+0xf/0x20 </IRQ> See link https://syzkaller.appspot.com/bug?extid=2eeef62ee31f9460ad65 for more details. Fix it by using spinlock in process context instead of mutex and having interrupt disabled in critical section. Reported-by: syzbot+2eeef62ee31f9460ad65@syzkaller.appspotmail.com Signed-off-by: Zhenzhong Duan <zhenzhong.duan@gmail.com> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Link: https://lore.kernel.org/r/20200113034842.435-1-zhenzhong.duan@gmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
1b44c9bd91 |
This is the 4.19.101 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl41RsgACgkQONu9yGCS aT4P7A/+PZVt4c6phHZ9tj0OV4TjAWfu3IX9nLypzyBxjmBeJu8yt1pkNrfKj6fT +N3MjDlmAYss5CV6SOACPWXdhAQF3SsM6PR+CSrzwpS3+iAVTqNTaHpZqJFBgr3R cDe+MksbMLDpw3x+hXWV1E6WKcJZZJVeANuaD09HQDRVqKw1hRGxGEdyPChEjT71 Ml3o9a2TYzOvRClBtBHPRQNy/MP4cVv06kS7jefDNh1z9PMsD2w01W54ur44WFJb aujt6bLyJlcs0cPdSkU7D8pmgzs/0cxW8N+4gCpfW66P6FJL8SU4RDTujUARlyvC oP5d62XrARXAO0hh1NYdWyUqpQjOFJRTWfEqW+lFGo5s9yL9oPW8vcCBKBuZfg+u HlVCCTCyU/IJN0DMeqdneThDg8sxirlzHu/NllgGIf7rhyMRqRmruQZXc1W3/7e8 UgqqAEFkgVmJgq3mVWlHsV5Fmgb+PQlqj4rSB05wlAbXsQwF0nbSS/lsvwDR8qqE 8nO/PQoxpQyAOYJ+iyaCsq51IsJUCwWOto8L/RpdYSbFpLTn+BRmNdDr7jHOVnPl FshugoXijE6IrVGIJhJBGGy/E+eG8Dru7IZEsi2UZLsw+bBvucqv7raIHAJ2YRaL 8ZuwwmvpZpCOdYSWa7lIgqZb0qOTyR+b6UQ57X8hS5U3MZ2jMOE= =+bpt -----END PGP SIGNATURE----- Merge 4.19.101 into android-4.19 Changes in 4.19.101 orinoco_usb: fix interface sanity check rsi_91x_usb: fix interface sanity check usb: dwc3: pci: add ID for the Intel Comet Lake -V variant USB: serial: ir-usb: add missing endpoint sanity check USB: serial: ir-usb: fix link-speed handling USB: serial: ir-usb: fix IrLAP framing usb: dwc3: turn off VBUS when leaving host mode staging: most: net: fix buffer overflow staging: wlan-ng: ensure error return is actually returned staging: vt6656: correct packet types for CTS protect, mode. staging: vt6656: use NULLFUCTION stack on mac80211 staging: vt6656: Fix false Tx excessive retries reporting. serial: 8250_bcm2835aux: Fix line mismatch on driver unbind component: do not dereference opaque pointer in debugfs mei: me: add comet point (lake) H device ids iio: st_gyro: Correct data for LSM9DS0 gyro crypto: chelsio - fix writing tfm flags to wrong place cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() ath9k: fix storage endpoint lookup brcmfmac: fix interface sanity check rtl8xxxu: fix interface sanity check zd1211rw: fix storage endpoint lookup net_sched: ematch: reject invalid TCF_EM_SIMPLE net_sched: fix ops->bind_class() implementations HID: multitouch: Add LG MELF0410 I2C touchscreen support arc: eznps: fix allmodconfig kconfig warning HID: Add quirk for Xin-Mo Dual Controller HID: ite: Add USB id match for Acer SW5-012 keyboard dock HID: Add quirk for incorrect input length on Lenovo Y720 drivers/hid/hid-multitouch.c: fix a possible null pointer access. phy: qcom-qmp: Increase PHY ready timeout phy: cpcap-usb: Prevent USB line glitches from waking up modem watchdog: max77620_wdt: fix potential build errors watchdog: rn5t618_wdt: fix module aliases spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls drivers/net/b44: Change to non-atomic bit operations on pwol_mask net: wan: sdla: Fix cast from pointer to integer of different size gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP atm: eni: fix uninitialized variable warning HID: steam: Fix input device disappearing platform/x86: dell-laptop: disable kbd backlight on Inspiron 10xx PCI: Add DMA alias quirk for Intel VCA NTB iommu/amd: Support multiple PCI DMA aliases in IRQ Remapping ARM: OMAP2+: SmartReflex: add omap_sr_pdata definition usb-storage: Disable UAS on JMicron SATA enclosure sched/fair: Add tmp_alone_branch assertion sched/fair: Fix insertion in rq->leaf_cfs_rq_list rsi: fix use-after-free on probe errors rsi: fix memory leak on failed URB submission rsi: fix non-atomic allocation in completion handler crypto: af_alg - Use bh_lock_sock in sk_destruct random: try to actively add entropy rather than passively wait for it block: cleanup __blkdev_issue_discard() block: fix 32 bit overflow in __blkdev_issue_discard() KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE Linux 4.19.101 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I801cd8d04eea35b4b53957cc69c0987d88094992 |
||
Linus Torvalds
|
b84d75064f |
random: try to actively add entropy rather than passively wait for it
commit 50ee7529ec4500c88f8664560770a7a1b65db72b upstream. For 5.3 we had to revert a nice ext4 IO pattern improvement, because it caused a bootup regression due to lack of entropy at bootup together with arguably broken user space that was asking for secure random numbers when it really didn't need to. See commit 72dbcf721566 (Revert "ext4: make __ext4_get_inode_loc plug"). This aims to solve the issue by actively generating entropy noise using the CPU cycle counter when waiting for the random number generator to initialize. This only works when you have a high-frequency time stamp counter available, but that's the case on all modern x86 CPU's, and on most other modern CPU's too. What we do is to generate jitter entropy from the CPU cycle counter under a somewhat complex load: calling the scheduler while also guaranteeing a certain amount of timing noise by also triggering a timer. I'm sure we can tweak this, and that people will want to look at other alternatives, but there's been a number of papers written on jitter entropy, and this should really be fairly conservative by crediting one bit of entropy for every timer-induced jump in the cycle counter. Not because the timer itself would be all that unpredictable, but because the interaction between the timer and the loop is going to be. Even if (and perhaps particularly if) the timer actually happens on another CPU, the cacheline interaction between the loop that reads the cycle counter and the timer itself firing is going to add perturbations to the cycle counter values that get mixed into the entropy pool. As Thomas pointed out, with a modern out-of-order CPU, even quite simple loops show a fair amount of hard-to-predict timing variability even in the absense of external interrupts. But this tries to take that further by actually having a fairly complex interaction. This is not going to solve the entropy issue for architectures that have no CPU cycle counter, but it's not clear how (and if) that is solvable, and the hardware in question is largely starting to be irrelevant. And by doing this we can at least avoid some of the even more contentious approaches (like making the entropy waiting time out in order to avoid the possibly unbounded waiting). Cc: Ahmed Darwish <darwish.07@gmail.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Theodore Ts'o <tytso@mit.edu> Cc: Nicholas Mc Guire <hofrat@opentech.at> Cc: Andy Lutomirski <luto@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Willy Tarreau <w@1wt.eu> Cc: Alexander E. Patrakov <patrakov@gmail.com> Cc: Lennart Poettering <mzxreary@0pointer.de> Cc: Noah Meyerhans <noahm@debian.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
1fca2c99f4 |
This is the 4.19.99 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4u6tsACgkQONu9yGCS aT693A//TExeDRnNnf+2v4TJorylyRr17BMxk/Ie2L5E6d2n/RWodsrOThAPU9tx 5alNUkXCT8Jd31BUVnUoPoAQ4zSymSVi++XEf05wDeO0tQ982IESGaLmu9EC1uMF nnM5y4IdRYmFI1Zji4h5vRJckoYUlB6Mdg4BgMr4Q1KX7RkZYfe6bjs7DwM/uyMx jVXdFaQBD1H6F5W6A+GmgUZ36g9uNqzcBxxWwv5URj+q816NdI4bsxIJMF0v0WC+ S54fmpS07QWIYKKsQBUepeSgEF4ECESOE2VoF1ICcnfakdPnDBmNgyPJPSrLmVf+ itRUxoH1MewaOvoJrv+xsGBPmM29LcKH2oBmj5DR2Xstp7ACPs+OtXJEU9dUTDN4 NhaSts5fIp0f4Y5mMn508pDUwYDAWDt99ZJWdx6aK/TRyUsHBgpxBQDt37BE3U5W PCBnObNe2b2KDAsVXLjX5iDYoA0+usFreveMo8uEP+ohfh0ANvJlRkzedYw7NquI ZCcT+I1P9q8aa0528tR332VLrQeYg+kG6LVi2kAabmRA/VtEsT0w90MY/eo2vuTU WlPmbs2yerv2HTm050e6MOgBZfPh7wP/FpbjsSXufj7EDywlfxF+1hXdwfrpPJeN fN3g0kepeUp7+kLzO40FLam/z5ndjAUhyN2SBaPzGsXjMkZdETk= =zvlh -----END PGP SIGNATURE----- Merge 4.19.99 into android-4.19 Changes in 4.19.99 Revert "efi: Fix debugobjects warning on 'efi_rts_work'" xfs: Sanity check flags of Q_XQUOTARM call i2c: stm32f7: rework slave_id allocation i2c: i2c-stm32f7: fix 10-bits check in slave free id search loop mfd: intel-lpss: Add default I2C device properties for Gemini Lake SUNRPC: Fix svcauth_gss_proxy_init() powerpc/pseries: Enable support for ibm,drc-info property powerpc/archrandom: fix arch_get_random_seed_int() tipc: update mon's self addr when node addr generated tipc: fix wrong timeout input for tipc_wait_for_cond() mt7601u: fix bbp version check in mt7601u_wait_bbp_ready crypto: sun4i-ss - fix big endian issues perf map: No need to adjust the long name of modules soc: aspeed: Fix snoop_file_poll()'s return type watchdog: sprd: Fix the incorrect pointer getting from driver data ipmi: Fix memory leak in __ipmi_bmc_register drm/sti: do not remove the drm_bridge that was never added ARM: dts: at91: nattis: set the PRLUD and HIPOW signals low ARM: dts: at91: nattis: make the SD-card slot work ixgbe: don't clear IPsec sa counters on HW clearing drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() iio: fix position relative kernel version apparmor: Fix network performance issue in aa_label_sk_perm ALSA: hda: fix unused variable warning apparmor: don't try to replace stale label in ptrace access check ARM: qcom_defconfig: Enable MAILBOX firmware: coreboot: Let OF core populate platform device PCI: iproc: Remove PAXC slot check to allow VF support bridge: br_arp_nd_proxy: set icmp6_router if neigh has NTF_ROUTER drm/hisilicon: hibmc: Don't overwrite fb helper surface depth signal/ia64: Use the generic force_sigsegv in setup_frame signal/ia64: Use the force_sig(SIGSEGV,...) in ia64_rt_sigreturn ASoC: wm9712: fix unused variable warning mailbox: mediatek: Add check for possible failure of kzalloc IB/rxe: replace kvfree with vfree IB/hfi1: Add mtu check for operational data VLs genirq/debugfs: Reinstate full OF path for domain name usb: dwc3: add EXTCON dependency for qcom usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure cfg80211: regulatory: make initialization more robust mei: replace POLL* with EPOLL* for write queues. drm/msm: fix unsigned comparison with less than zero of: Fix property name in of_node_get_device_type ALSA: usb-audio: update quirk for B&W PX to remove microphone iwlwifi: nvm: get num of hw addresses from firmware staging: comedi: ni_mio_common: protect register write overflow netfilter: nft_osf: usage from output path is not valid pwm: lpss: Release runtime-pm reference from the driver's remove callback powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index rtlwifi: rtl8821ae: replace _rtl8821ae_mrate_idx_to_arfr_id with generic version RDMA/bnxt_re: Add missing spin lock initialization netfilter: nf_flow_table: do not remove offload when other netns's interface is down powerpc/kgdb: add kgdb_arch_set/remove_breakpoint() tipc: eliminate message disordering during binding table update net: socionext: Add dummy PHY register read in phy_write() drm/sun4i: hdmi: Fix double flag assignation net: hns3: add error handler for hns3_nic_init_vector_data() mlxsw: reg: QEEC: Add minimum shaper fields mlxsw: spectrum: Set minimum shaper on MC TCs NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks ASoC: wm97xx: fix uninitialized regmap pointer problem ARM: dts: bcm283x: Correct mailbox register sizes pcrypt: use format specifier in kobject_add ASoC: sun8i-codec: add missing route for ADC pinctrl: meson-gxl: remove invalid GPIOX tsin_a pins bus: ti-sysc: Add mcasp optional clocks flag exportfs: fix 'passing zero to ERR_PTR()' warning drm: rcar-du: Fix the return value in case of error in 'rcar_du_crtc_set_crc_source()' drm: rcar-du: Fix vblank initialization net: always initialize pagedlen drm/dp_mst: Skip validating ports during destruction, just ref arm64: dts: meson-gx: Add hdmi_5v regulator as hdmi tx supply arm64: dts: renesas: r8a7795-es1: Add missing power domains to IPMMU nodes net: phy: Fix not to call phy_resume() if PHY is not attached IB/hfi1: Correctly process FECN and BECN in packets OPP: Fix missing debugfs supply directory for OPPs IB/rxe: Fix incorrect cache cleanup in error flow mailbox: ti-msgmgr: Off by one in ti_msgmgr_of_xlate() staging: bcm2835-camera: Abort probe if there is no camera staging: bcm2835-camera: fix module autoloading switchtec: Remove immediate status check after submitting MRPC command ipv6: add missing tx timestamping on IPPROTO_RAW pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field pinctrl: sh-pfc: r8a77970: Add missing MOD_SEL0 field pinctrl: sh-pfc: r8a77980: Add missing MOD_SEL0 field pinctrl: sh-pfc: sh7734: Add missing IPSR11 field pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value net: hns3: fix error handling int the hns3_get_vector_ring_chain vxlan: changelink: Fix handling of default remotes Input: nomadik-ske-keypad - fix a loop timeout test fork,memcg: fix crash in free_thread_stack on memcg charge fail clk: highbank: fix refcount leak in hb_clk_init() clk: qoriq: fix refcount leak in clockgen_init() clk: ti: fix refcount leak in ti_dt_clocks_register() clk: socfpga: fix refcount leak clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() clk: imx6q: fix refcount leak in imx6q_clocks_init() clk: imx6sx: fix refcount leak in imx6sx_clocks_init() clk: imx7d: fix refcount leak in imx7d_clocks_init() clk: vf610: fix refcount leak in vf610_clocks_init() clk: armada-370: fix refcount leak in a370_clk_init() clk: kirkwood: fix refcount leak in kirkwood_clk_init() clk: armada-xp: fix refcount leak in axp_clk_init() clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() clk: dove: fix refcount leak in dove_clk_init() MIPS: BCM63XX: drop unused and broken DSP platform device arm64: defconfig: Re-enable bcm2835-thermal driver remoteproc: qcom: q6v5-mss: Add missing clocks for MSM8996 remoteproc: qcom: q6v5-mss: Add missing regulator for MSM8996 drm: Fix error handling in drm_legacy_addctx ARM: dts: r8a7743: Remove generic compatible string from iic3 drm/etnaviv: fix some off by one bugs drm/fb-helper: generic: Fix setup error path fork, memcg: fix cached_stacks case IB/usnic: Fix out of bounds index check in query pkey RDMA/ocrdma: Fix out of bounds index check in query pkey RDMA/qedr: Fix out of bounds index check in query pkey drm/shmob: Fix return value check in shmob_drm_probe arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD spi: cadence: Correct initialisation of runtime PM RDMA/iw_cxgb4: Fix the unchecked ep dereference net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ9031 memory: tegra: Don't invoke Tegra30+ specific memory timing setup on Tegra20 drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL kbuild: mark prepare0 as PHONY to fix external module build crypto: brcm - Fix some set-but-not-used warning crypto: tgr192 - fix unaligned memory access ASoC: imx-sgtl5000: put of nodes if finding codec fails IB/iser: Pass the correct number of entries for dma mapped SGL net: hns3: fix wrong combined count returned by ethtool -l media: tw9910: Unregister subdevice with v4l2-async IB/mlx5: Don't override existing ip_protocol rtc: cmos: ignore bogus century byte spi/topcliff_pch: Fix potential NULL dereference on allocation error net: hns3: fix bug of ethtool_ops.get_channels for VF ARM: dts: sun8i-a23-a33: Move NAND controller device node to sort by address clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it iwlwifi: mvm: avoid possible access out of array. net/mlx5: Take lock with IRQs disabled to avoid deadlock ip_tunnel: Fix route fl4 init in ip_md_tunnel_xmit arm64: dts: allwinner: h6: Move GIC device node fix base address ordering iwlwifi: mvm: fix A-MPDU reference assignment bus: ti-sysc: Fix timer handling with drop pm_runtime_irq_safe() tty: ipwireless: Fix potential NULL pointer dereference driver: uio: fix possible memory leak in __uio_register_device driver: uio: fix possible use-after-free in __uio_register_device crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments driver core: Fix DL_FLAG_AUTOREMOVE_SUPPLIER device link flag handling driver core: Avoid careless re-use of existing device links driver core: Do not resume suppliers under device_links_write_lock() driver core: Fix handling of runtime PM flags in device_link_add() driver core: Do not call rpm_put_suppliers() in pm_runtime_drop_link() ARM: dts: lpc32xx: add required clocks property to keypad device node ARM: dts: lpc32xx: reparent keypad controller to SIC1 ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage drm/xen-front: Fix mmap attributes for display buffers iwlwifi: mvm: fix RSS config command staging: most: cdev: add missing check for cdev_add failure clk: ingenic: jz4740: Fix gating of UDC clock rtc: ds1672: fix unintended sign extension thermal: mediatek: fix register index error arm64: dts: msm8916: remove bogus argument to the cpu clock ath10k: fix dma unmap direction for management frames net: phy: fixed_phy: Fix fixed_phy not checking GPIO rtc: ds1307: rx8130: Fix alarm handling net/smc: original socket family in inet_sock_diag rtc: 88pm860x: fix unintended sign extension rtc: 88pm80x: fix unintended sign extension rtc: pm8xxx: fix unintended sign extension fbdev: chipsfb: remove set but not used variable 'size' iw_cxgb4: use tos when importing the endpoint iw_cxgb4: use tos when finding ipv6 routes ipmi: kcs_bmc: handle devm_kasprintf() failure case xsk: add missing smp_rmb() in xsk_mmap drm/etnaviv: potential NULL dereference ntb_hw_switchtec: debug print 64bit aligned crosslink BAR Numbers ntb_hw_switchtec: NT req id mapping table register entry number should be 512 pinctrl: sh-pfc: emev2: Add missing pinmux functions pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups RDMA/mlx5: Fix memory leak in case we fail to add an IB device driver core: Fix possible supplier PM-usage counter imbalance PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio() usb: phy: twl6030-usb: fix possible use-after-free on remove block: don't use bio->bi_vcnt to figure out segment number keys: Timestamp new keys net: dsa: b53: Fix default VLAN ID net: dsa: b53: Properly account for VLAN filtering net: dsa: b53: Do not program CPU port's PVID mt76: usb: fix possible memory leak in mt76u_buf_free media: sh: migor: Include missing dma-mapping header vfio_pci: Enable memory accesses before calling pci_map_rom hwmon: (pmbus/tps53679) Fix driver info initialization in probe routine mdio_bus: Fix PTR_ERR() usage after initialization to constant KVM: PPC: Release all hardware TCE tables attached to a group staging: r8822be: check kzalloc return or bail dmaengine: mv_xor: Use correct device for DMA API cdc-wdm: pass return value of recover_from_urb_loss brcmfmac: create debugfs files for bus-specific layer regulator: pv88060: Fix array out-of-bounds access regulator: pv88080: Fix array out-of-bounds access regulator: pv88090: Fix array out-of-bounds access net: dsa: qca8k: Enable delay for RGMII_ID mode net/mlx5: Delete unused FPGA QPN variable drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON drm/nouveau/pmu: don't print reply values if exec is false drm/nouveau: fix missing break in switch statement driver core: Fix PM-runtime for links added during consumer probe ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() net: dsa: fix unintended change of bridge interface STP state fs/nfs: Fix nfs_parse_devname to not modify it's argument staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx powerpc/64s: Fix logic when handling unknown CPU features NFS: Fix a soft lockup in the delegation recovery code perf: Copy parent's address filter offsets on clone perf, pt, coresight: Fix address filters for vmas with non-zero offset clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable clocksource/drivers/exynos_mct: Fix error path in timer resources initialization platform/x86: wmi: fix potential null pointer dereference NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe iommu: Fix IOMMU debugfs fallout ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used ARM: 8848/1: virt: Align GIC version check with arm64 counterpart ARM: 8849/1: NOMMU: Fix encodings for PMSAv8's PRBAR4/PRLAR4 regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA ath10k: Fix length of wmi tlv command for protected mgmt frames netfilter: nft_set_hash: fix lookups with fixed size hash on big endian netfilter: nft_set_hash: bogus element self comparison from deactivation path net: sched: act_csum: Fix csum calc for tagged packets hwrng: bcm2835 - fix probe as platform device iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() NFS: Add missing encode / decode sequence_maxsz to v4.2 operations NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() net: aquantia: fixed instack structure overflow powerpc/mm: Check secondary hash page table media: dvb/earth-pt1: fix wrong initialization for demod blocks rbd: clear ->xferred on error from rbd_obj_issue_copyup() PCI: Fix "try" semantics of bus and slot reset nios2: ksyms: Add missing symbol exports x86/mm: Remove unused variable 'cpu' scsi: megaraid_sas: reduce module load time nfp: fix simple vNIC mailbox length drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() xen, cpu_hotplug: Prevent an out of bounds access net/mlx5: Fix multiple updates of steering rules in parallel net/mlx5e: IPoIB, Fix RX checksum statistics update net: sh_eth: fix a missing check of of_get_phy_mode regulator: lp87565: Fix missing register for LP87565_BUCK_0 soc: amlogic: gx-socinfo: Add mask for each SoC packages media: ivtv: update *pos correctly in ivtv_read_pos() media: cx18: update *pos correctly in cx18_read_pos() media: wl128x: Fix an error code in fm_download_firmware() media: cx23885: check allocation return regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB crypto: ccree - reduce kernel stack usage with clang jfs: fix bogus variable self-initialization tipc: tipc clang warning m68k: mac: Fix VIA timer counter accesses ARM: dts: sun8i: a33: Reintroduce default pinctrl muxing arm64: dts: allwinner: a64: Add missing PIO clocks ARM: dts: sun9i: optimus: Fix fixed-regulators net: phy: don't clear BMCR in genphy_soft_reset ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset() net: dsa: Avoid null pointer when failing to connect to PHY soc: qcom: cmd-db: Fix an error code in cmd_db_dev_probe() media: davinci-isif: avoid uninitialized variable use media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame spi: tegra114: clear packed bit for unpacked mode spi: tegra114: fix for unpacked mode transfers spi: tegra114: terminate dma and reset on transfer timeout spi: tegra114: flush fifos spi: tegra114: configure dma burst size to fifo trig level bus: ti-sysc: Fix sysc_unprepare() when no clocks have been allocated soc/fsl/qe: Fix an error code in qe_pin_request() spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios drm/fb-helper: generic: Call drm_client_add() after setup is done arm64/vdso: don't leak kernel addresses rtc: Fix timestamp value for RTC_TIMESTAMP_BEGIN_1900 rtc: mt6397: Don't call irq_dispose_mapping. ehea: Fix a copy-paste err in ehea_init_port_res bpf: Add missed newline in verifier verbose log drm/vmwgfx: Remove set but not used variable 'restart' scsi: qla2xxx: Unregister chrdev if module initialization fails of: use correct function prototype for of_overlay_fdt_apply() net/sched: cbs: fix port_rate miscalculation clk: qcom: Skip halt checks on gcc_pcie_0_pipe_clk for 8998 ACPI: button: reinitialize button state upon resume firmware: arm_scmi: fix of_node leak in scmi_mailbox_check rxrpc: Fix detection of out of order acks scsi: target/core: Fix a race condition in the LUN lookup code brcmfmac: fix leak of mypkt on error return path ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data" PCI: rockchip: Fix rockchip_pcie_ep_assert_intx() bitwise operations net: hns3: fix for vport->bw_limit overflow problem hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses perf/core: Fix the address filtering fix staging: android: vsoc: fix copy_from_user overrun PCI: dwc: Fix dw_pcie_ep_find_capability() to return correct capability offset soc: amlogic: meson-gx-pwrc-vpu: Fix power on/off register bitmask platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer tipc: set sysctl_tipc_rmem and named_timeout right range usb: typec: tcpm: Notify the tcpc to start connection-detection for SRPs selftests/ipc: Fix msgque compiler warnings net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info() powerpc: vdso: Make vdso32 installation conditional in vdso_install ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect media: ov2659: fix unbalanced mutex_lock/unlock 6lowpan: Off by one handling ->nexthdr dmaengine: axi-dmac: Don't check the number of frames for alignment ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() afs: Fix AFS file locking to allow fine grained locks afs: Further fix file locking NFS: Don't interrupt file writeout due to fatal errors coresight: catu: fix clang build warning s390/kexec_file: Fix potential segment overlap in ELF loader irqchip/gic-v3-its: fix some definitions of inner cacheability attributes scsi: qla2xxx: Fix a format specifier scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest netfilter: nft_flow_offload: add entry to flowtable after confirmation PCI: iproc: Enable iProc config read for PAXBv2 ARM: dts: logicpd-som-lv: Fix MMC1 card detect packet: in recvmsg msg_name return at least sizeof sockaddr_ll ASoC: fix valid stream condition usb: gadget: fsl: fix link error against usb-gadget module dwc2: gadget: Fix completed transfer size calculation in DDMA IB/mlx5: Add missing XRC options to QP optional params mask RDMA/rxe: Consider skb reserve space based on netdev of GID iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry net: ena: fix: Free napi resources when ena_up() fails net: ena: fix incorrect test of supported hash function net: ena: fix ena_com_fill_hash_function() implementation dmaengine: tegra210-adma: restore channel status watchdog: rtd119x_wdt: Fix remove function mmc: core: fix possible use after free of host lightnvm: pblk: fix lock order in pblk_rb_tear_down_check ath10k: Fix encoding for protected management frames afs: Fix the afs.cell and afs.volume xattr handlers vfio/mdev: Avoid release parent reference during error path vfio/mdev: Follow correct remove sequence vfio/mdev: Fix aborting mdev child device removal if one fails l2tp: Fix possible NULL pointer dereference ALSA: aica: Fix a long-time build breakage media: omap_vout: potential buffer overflow in vidioc_dqbuf() media: davinci/vpbe: array underflow in vpbe_enum_outputs() platform/x86: alienware-wmi: printing the wrong error code crypto: caam - fix caam_dump_sg that iterates through scatterlist netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule pwm: meson: Consider 128 a valid pre-divider pwm: meson: Don't disable PWM when setting duty repeatedly ARM: riscpc: fix lack of keyboard interrupts after irq conversion nfp: bpf: fix static check error through tightening shift amount adjustment kdb: do a sanity check on the cpu in kdb_per_cpu() netfilter: nf_tables: correct NFT_LOGLEVEL_MAX value backlight: lm3630a: Return 0 on success in update_status functions thermal: rcar_gen3_thermal: fix interrupt type thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power EDAC/mc: Fix edac_mc_find() in case no device is found afs: Fix key leak in afs_release() and afs_evict_inode() afs: Don't invalidate callback if AFS_VNODE_DIR_VALID not set afs: Fix lock-wait/callback-break double locking afs: Fix double inc of vnode->cb_break ARM: dts: sun8i-h3: Fix wifi in Beelink X2 DT clk: meson: gxbb: no spread spectrum on mpll0 clk: meson: axg: spread spectrum is on mpll2 dmaengine: tegra210-adma: Fix crash during probe arm64: dts: meson: libretech-cc: set eMMC as removable RDMA/qedr: Fix incorrect device rate. spi: spi-fsl-spi: call spi_finalize_current_message() at the end crypto: ccp - fix AES CFB error exposed by new test vectors crypto: ccp - Fix 3DES complaint from ccp-crypto module serial: stm32: fix word length configuration serial: stm32: fix rx error handling serial: stm32: fix rx data length when parity enabled serial: stm32: fix transmit_chars when tx is stopped serial: stm32: Add support of TC bit status check serial: stm32: fix wakeup source initialization misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa iommu: Add missing new line for dma type iommu: Use right function to get group for device signal/bpfilter: Fix bpfilter_kernl to use send_sig not force_sig signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig inet: frags: call inet_frags_fini() after unregister_pernet_subsys() net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector crypto: talitos - fix AEAD processing. netvsc: unshare skb in VF rx handler net: core: support XDP generic on stacked devices. RDMA/uverbs: check for allocation failure in uapi_add_elm() net: don't clear sock->sk early to avoid trouble in strparser phy: qcom-qusb2: fix missing assignment of ret when calling clk_prepare_enable cpufreq: brcmstb-avs-cpufreq: Fix initial command check cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency clk: sunxi-ng: sun50i-h6-r: Fix incorrect W1 clock gate register media: vivid: fix incorrect assignment operation when setting video mode crypto: inside-secure - fix zeroing of the request in ahash_exit_inv crypto: inside-secure - fix queued len computation arm64: dts: renesas: ebisu: Remove renesas, no-ether-link property mpls: fix warning with multi-label encap serial: stm32: fix a recursive locking in stm32_config_rs485 arm64: dts: meson-gxm-khadas-vim2: fix gpio-keys-polled node arm64: dts: meson-gxm-khadas-vim2: fix Bluetooth support iommu/vt-d: Duplicate iommu_resv_region objects per device list phy: usb: phy-brcm-usb: Remove sysfs attributes upon driver removal firmware: arm_scmi: fix bitfield definitions for SENSOR_DESC attributes firmware: arm_scmi: update rate_discrete in clock_describe_rates_get ntb_hw_switchtec: potential shift wrapping bug in switchtec_ntb_init_sndev() ASoC: meson: axg-tdmin: right_j is not supported ASoC: meson: axg-tdmout: right_j is not supported qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state qed: iWARP - fix uninitialized callback powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration bpf: fix the check that forwarding is enabled in bpf_ipv6_fib_lookup IB/hfi1: Handle port down properly in pio drm/msm/mdp5: Fix mdp5_cfg_init error return net: netem: fix backlog accounting for corrupted GSO frames net/udp_gso: Allow TX timestamp with UDP GSO net/af_iucv: build proper skbs for HiperTransport net/af_iucv: always register net_device notifier ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs rtc: pcf8563: Fix interrupt trigger method rtc: pcf8563: Clear event flags and disable interrupts before requesting irq ARM: dts: iwg20d-q7-common: Fix SDHI1 VccQ regularor net/sched: cbs: Fix error path of cbs_module_init arm64: dts: allwinner: h6: Pine H64: Add interrupt line for RTC drm/msm/a3xx: remove TPL1 regs from snapshot ip6_fib: Don't discard nodes with valid routing information in fib6_locate_1() perf/ioctl: Add check for the sample_period value dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" clk: qcom: Fix -Wunused-const-variable nvmem: imx-ocotp: Ensure WAIT bits are preserved when setting timing nvmem: imx-ocotp: Change TIMING calculation to u-boot algorithm tools: bpftool: use correct argument in cgroup errors backlight: pwm_bl: Fix heuristic to determine number of brightness levels fork,memcg: alloc_thread_stack_node needs to set tsk->stack bnxt_en: Fix ethtool selftest crash under error conditions. bnxt_en: Suppress error messages when querying DSCP DCB capabilities. iommu/amd: Make iommu_disable safer mfd: intel-lpss: Release IDA resources rxrpc: Fix uninitialized error code in rxrpc_send_data_packet() xprtrdma: Fix use-after-free in rpcrdma_post_recvs um: Fix IRQ controller regression on console read PM: ACPI/PCI: Resume all devices during hibernation ACPI: PM: Simplify and fix PM domain hibernation callbacks ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS fsi/core: Fix error paths on CFAM init devres: allow const resource arguments fsi: sbefifo: Don't fail operations when in SBE IPL state RDMA/hns: Fixs hw access invalid dma memory error PCI: mobiveil: Remove the flag MSI_FLAG_MULTI_PCI_MSI PCI: mobiveil: Fix devfn check in mobiveil_pcie_valid_device() PCI: mobiveil: Fix the valid check for inbound and outbound windows ceph: fix "ceph.dir.rctime" vxattr value net: pasemi: fix an use-after-free in pasemi_mac_phy_init() net/tls: fix socket wmem accounting on fallback with netem x86/pgtable/32: Fix LOWMEM_PAGES constant xdp: fix possible cq entry leak ARM: stm32: use "depends on" instead of "if" after prompt scsi: libfc: fix null pointer dereference on a null lport xfrm interface: ifname may be wrong in logs drm/panel: make drm_panel.h self-contained clk: sunxi-ng: v3s: add the missing PLL_DDR1 PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() libertas_tf: Use correct channel range in lbtf_geo_init qed: reduce maximum stack frame size usb: host: xhci-hub: fix extra endianness conversion media: rcar-vin: Clean up correct notifier in error path mic: avoid statically declaring a 'struct device'. x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI crypto: ccp - Reduce maximum stack usage ALSA: aoa: onyx: always initialize register read value arm64: dts: renesas: r8a77995: Fix register range of display node tipc: reduce risk of wakeup queue starvation ARM: dts: stm32: add missing vdda-supply to adc on stm32h743i-eval net/mlx5: Fix mlx5_ifc_query_lag_out_bits cifs: fix rmmod regression in cifs.ko caused by force_sig changes iio: tsl2772: Use devm_add_action_or_reset for tsl2772_chip_off net: fix bpf_xdp_adjust_head regression for generic-XDP spi: bcm-qspi: Fix BSPI QUAD and DUAL mode support when using flex mode cxgb4: smt: Add lock for atomic_dec_and_test crypto: caam - free resources in case caam_rng registration failed ext4: set error return correctly when ext4_htree_store_dirent fails RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver ASoC: es8328: Fix copy-paste error in es8328_right_line_controls ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls net/rds: Add a few missing rds_stat_names entries tools: bpftool: fix arguments for p_err() in do_event_pipe() tools: bpftool: fix format strings and arguments for jsonw_printf() drm: rcar-du: lvds: Fix bridge_to_rcar_lvds bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails signal: Allow cifs and drbd to receive their terminating signals powerpc/64s/radix: Fix memory hot-unplug page table split ASoC: sun4i-i2s: RX and TX counter registers are swapped dmaengine: dw: platform: Switch to acpi_dma_controller_register() rtc: rv3029: revert error handling patch to rv3029_eeprom_write() mac80211: minstrel_ht: fix per-group max throughput rate initialization i40e: reduce stack usage in i40e_set_fc media: atmel: atmel-isi: fix timeout value for stop streaming ARM: 8896/1: VDSO: Don't leak kernel addresses rtc: pcf2127: bugfix: read rtc disables watchdog mips: avoid explicit UB in assignment of mips_io_port_base media: em28xx: Fix exception handling in em28xx_alloc_urbs() iommu/mediatek: Fix iova_to_phys PA start for 4GB mode ahci: Do not export local variable ahci_em_messages rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" hwmon: (lm75) Fix write operations for negative temperatures net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate power: supply: Init device wakeup after device_add() x86, perf: Fix the dependency of the x86 insn decoder selftest staging: greybus: light: fix a couple double frees irqdomain: Add the missing assignment of domain->fwnode for named fwnode bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA usb: typec: tps6598x: Fix build error without CONFIG_REGMAP_I2C bcache: Fix an error code in bch_dump_read() iio: dac: ad5380: fix incorrect assignment to val netfilter: ctnetlink: honor IPS_OFFLOAD flag ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init wcn36xx: use dynamic allocation for large variables tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs ARM: dts: aspeed-g5: Fixe gpio-ranges upper limit xsk: avoid store-tearing when assigning queues xsk: avoid store-tearing when assigning umem led: triggers: Fix dereferencing of null pointer net: sonic: return NETDEV_TX_OK if failed to map buffer net: hns3: fix error VF index when setting VLAN offload rtlwifi: Fix file release memory leak ARM: dts: logicpd-som-lv: Fix i2c2 and i2c3 Pin mux f2fs: fix wrong error injection path in inc_valid_block_count() f2fs: fix error path of f2fs_convert_inline_page() scsi: fnic: fix msix interrupt allocation Btrfs: fix hang when loading existing inode cache off disk Btrfs: fix inode cache waiters hanging on failure to start caching thread Btrfs: fix inode cache waiters hanging on path allocation failure btrfs: use correct count in btrfs_file_write_iter() ixgbe: sync the first fragment unconditionally hwmon: (shtc1) fix shtc1 and shtw1 id mask net: sonic: replace dev_kfree_skb in sonic_send_packet pinctrl: iproc-gpio: Fix incorrect pinconf configurations gpio/aspeed: Fix incorrect number of banks ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet RDMA/cma: Fix false error message net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names' um: Fix off by one error in IRQ enumeration bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX commands f2fs: fix to avoid accessing uninitialized field of inode page in is_alive() mailbox: qcom-apcs: fix max_register value clk: actions: Fix factor clk struct member access powerpc/mm/mce: Keep irqs disabled during lockless page table walk bpf: fix BTF limits crypto: hisilicon - Matching the dma address for dma_pool_free() iommu/amd: Wait for completion of IOTLB flush in attach_device net: aquantia: Fix aq_vec_isr_legacy() return value cxgb4: Signedness bug in init_one() net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() net: netsec: Fix signedness bug in netsec_probe() net: socionext: Fix a signedness bug in ave_probe() net: stmmac: dwmac-meson8b: Fix signedness bug in probe net: axienet: fix a signedness bug in probe of: mdio: Fix a signedness bug in of_phy_get_and_connect() net: nixge: Fix a signedness bug in nixge_probe() net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() net: sched: cbs: Avoid division by zero when calculating the port rate nvme: retain split access workaround for capability reads net: stmmac: gmac4+: Not all Unicast addresses may be available rxrpc: Fix trace-after-put looking at the put connection record mac80211: accept deauth frames in IBSS mode llc: fix another potential sk_buff leak in llc_ui_sendmsg() llc: fix sk_buff refcounting in llc_conn_state_process() ip6erspan: remove the incorrect mtu limit for ip6erspan net: stmmac: fix length of PTP clock's name string net: stmmac: fix disabling flexible PPS output sctp: add chunks to sk_backlog when the newsk sk_socket is not set s390/qeth: Fix error handling during VNICC initialization s390/qeth: Fix initialization of vnicc cmd masks during set online act_mirred: Fix mirred_init_module error handling net: avoid possible false sharing in sk_leave_memory_pressure() net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head tcp: annotate lockless access to tcp_memory_pressure net/smc: receive returns without data net/smc: receive pending data after RCV_SHUTDOWN drm/msm/dsi: Implement reset correctly vhost/test: stop device before reset dmaengine: imx-sdma: fix size check for sdma script_number firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices arm64: hibernate: check pgd table allocation net: netem: fix error path for corrupted GSO frames net: netem: correct the parent's backlog when corrupted packet was dropped xsk: Fix registration of Rx-only sockets bpf, offload: Unlock on error in bpf_offload_dev_create() afs: Fix missing timeout reset net: qca_spi: Move reset_count to struct qcaspi hv_netvsc: Fix offset usage in netvsc_send_table() hv_netvsc: Fix send_table offset in case of a host bug afs: Fix large file support drm: panel-lvds: Potential Oops in probe error handling hwrng: omap3-rom - Fix missing clock by probing with device tree dpaa_eth: perform DMA unmapping before read dpaa_eth: avoid timestamp read on error paths MIPS: Loongson: Fix return value of loongson_hwmon_init hv_netvsc: flag software created hash value net: neigh: use long type to store jiffies delta packet: fix data-race in fanout_flow_is_huge() i2c: stm32f7: report dma error during probe mmc: sdio: fix wl1251 vendor id mmc: core: fix wl1251 sdio quirks affs: fix a memory leak in affs_remount afs: Remove set but not used variables 'before', 'after' dmaengine: ti: edma: fix missed failure handling drm/radeon: fix bad DMA from INTERRUPT_CNTL2 arm64: dts: juno: Fix UART frequency samples/bpf: Fix broken xdp_rxq_info due to map order assumptions usb: dwc3: Allow building USB_DWC3_QCOM without EXTCON IB/iser: Fix dma_nents type definition serial: stm32: fix clearing interrupt error flags arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node m68k: Call timer_interrupt() with interrupts disabled Linux 4.19.99 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ieabeab79ea5c8cb4b6b1552702fa5d6100cea5db |
||
Tony Lindgren
|
8b314bb069 |
hwrng: omap3-rom - Fix missing clock by probing with device tree
[ Upstream commit 0c0ef9ea6f3f0d5979dc7b094b0a184c1a94716b ] Commit |
||
Jonas Gorski
|
25086ac92a |
hwrng: bcm2835 - fix probe as platform device
[ Upstream commit 984798de671a927ac73da31096a150df42e6aaf3 ]
BCM63XX (MIPS) does not use device tree, so there cannot be any
of_device_id, causing the driver to fail on probe:
[ 0.904564] bcm2835-rng: probe of bcm63xx-rng failed with error -22
Fix this by checking for match data only if we are probing from device
tree.
Fixes:
|
||
Nicholas Mc Guire
|
7bfcb0230e |
ipmi: kcs_bmc: handle devm_kasprintf() failure case
[ Upstream commit 42c7c6ef1e6fa5fc0425120f06f045190b1dda2d ]
devm_kasprintf() may return NULL if internal allocation failed so this
assignment is not safe. Moved the error exit path and added the !NULL
which then allows the devres manager to take care of cleanup.
Signed-off-by: Nicholas Mc Guire <hofrat@osadl.org>
Fixes:
|
||
Navid Emamdoost
|
211eabc55d |
ipmi: Fix memory leak in __ipmi_bmc_register
commit 4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab upstream.
In the impelementation of __ipmi_bmc_register() the allocated memory for
bmc should be released in case ida_simple_get() fails.
Fixes:
|
||
Greg Kroah-Hartman
|
c8a465e614 |
This is the 4.19.92 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl4La9gACgkQONu9yGCS aT6hlA//TDpj9rdEwkaKyg/Ge4TCOJSOiwlp2/5lg2Sroiuizz527hVybGOOYAHl gMA2Syt73PWStyfgl5B3AimcBvPADX8h/b1KiSoIdHFkq5rPFyneB6aEj+5jSK1V 63UnnTV0T49wt0Jvs6nN0FxI4ZCXbfjzaSVz4BGIflz6h9UUkPAu91CJTKtPmrAp pliH20cMOykxyS/KfKa6zDcpIfU0k+DxL5U0Y5F1YRDKc1iPg8e6I3cNLgwKSja6 21BgdoTyZdvbC85HxSY7V6Dswp4YQPBY3y8crp8npZ9apbYV7eNU3L1+WVQvxpFg kahhyjalqwqkKq+cTEsIFj7cjPksSlH/qytTS+lnN3BScXbFPp8GdzIazhQNSCv3 S/7T51CcvNoVcs9Qeu+nwyvx+H1LH4MYO4C7RYWZhPnMcA+/MxvT5WXNKfjf2ekM N5h8xNATllzDuDkX+zVwW8i80SCyhVqQIKbXLn8ugGYW3G5TNdy8Ysh0kdrq26Y+ LAELsbQhK/Kt8WF+XNBpb9LLbeUGn1GTwhnbEuD7IKI+bVxnmsGk8QUu3h+a9xFh lI7bsj8Ku9T+59/9xqAnoStEto+0tdTPB9Cx1jNdWlLiVdkewiDKiUbloFpDFS1n L3SvqB68DC/IznQcK970g3aIx9zbkb2KZRdj2Fu7apaY5D9q85I= =W+5k -----END PGP SIGNATURE----- Merge 4.19.92 into android-4.19 Changes in 4.19.92 af_packet: set defaule value for tmo fjes: fix missed check in fjes_acpi_add mod_devicetable: fix PHY module format net: dst: Force 4-byte alignment of dst_metrics net: gemini: Fix memory leak in gmac_setup_txqs net: hisilicon: Fix a BUG trigered by wrong bytes_compl net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() net: qlogic: Fix error paths in ql_alloc_large_buffers() net: usb: lan78xx: Fix suspend/resume PHY register access error qede: Disable hardware gro when xdp prog is installed qede: Fix multicast mac configuration sctp: fully initialize v4 addr in some functions selftests: forwarding: Delete IPv6 address at the end btrfs: don't double lock the subvol_sem for rename exchange btrfs: do not call synchronize_srcu() in inode_tree_del Btrfs: fix missing data checksums after replaying a log tree btrfs: send: remove WARN_ON for readonly mount btrfs: abort transaction after failed inode updates in create_subvol btrfs: skip log replay on orphaned roots btrfs: do not leak reloc root if we fail to read the fs root btrfs: handle ENOENT in btrfs_uuid_tree_iterate Btrfs: fix removal logic of the tree mod log that leads to use-after-free issues ALSA: pcm: Avoid possible info leaks from PCM stream buffers ALSA: hda/ca0132 - Keep power on during processing DSP response ALSA: hda/ca0132 - Avoid endless loop ALSA: hda/ca0132 - Fix work handling in delayed HP detection drm: mst: Fix query_payload ack reply struct drm/panel: Add missing drm_panel_init() in panel drivers drm/bridge: analogix-anx78xx: silence -EPROBE_DEFER warnings iio: light: bh1750: Resolve compiler warning and make code more readable drm/amdgpu: grab the id mgr lock while accessing passid_mapping spi: Add call to spi_slave_abort() function when spidev driver is released staging: rtl8192u: fix multiple memory leaks on error path staging: rtl8188eu: fix possible null dereference rtlwifi: prevent memory leak in rtl_usb_probe libertas: fix a potential NULL pointer dereference ath10k: fix backtrace on coredump IB/iser: bound protection_sg size by data_sg size media: am437x-vpfe: Setting STD to current value is not an error media: i2c: ov2659: fix s_stream return value media: ov6650: Fix crop rectangle alignment not passed back media: i2c: ov2659: Fix missing 720p register config media: ov6650: Fix stored frame format not in sync with hardware media: ov6650: Fix stored crop rectangle not in sync with hardware tools/power/cpupower: Fix initializer override in hsw_ext_cstates media: venus: core: Fix msm8996 frequency table ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq pinctrl: devicetree: Avoid taking direct reference to device name string drm/amdkfd: fix a potential NULL pointer dereference (v2) selftests/bpf: Correct path to include msg + path media: venus: Fix occasionally failures to suspend usb: renesas_usbhs: add suspend event support in gadget mode hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() media: flexcop-usb: fix NULL-ptr deref in flexcop_usb_transfer_init() media: cec-funcs.h: add status_req checks drm/bridge: dw-hdmi: Refuse DDC/CI transfers on the internal I2C controller samples: pktgen: fix proc_cmd command result check logic block: Fix writeback throttling W=1 compiler warnings mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring drm/drm_vblank: Change EINVAL by the correct errno media: cx88: Fix some error handling path in 'cx8800_initdev()' media: ti-vpe: vpe: Fix Motion Vector vpdma stride media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number media: ti-vpe: vpe: Make sure YUYV is set as default format media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage syscalls/x86: Use the correct function type in SYSCALL_DEFINE0 drm/amd/display: Fix dongle_caps containing stale information. extcon: sm5502: Reset registers during initialization x86/mm: Use the correct function type for native_set_fixmap() ath10k: Correct error handling of dma_map_single() drm/bridge: dw-hdmi: Restore audio when setting a mode perf test: Report failure for mmap events perf report: Add warning when libunwind not compiled in usb: usbfs: Suppress problematic bind and unbind uevents. iio: adc: max1027: Reset the device at probe time Bluetooth: missed cpu_to_le16 conversion in hci_init4_req Bluetooth: Workaround directed advertising bug in Broadcom controllers Bluetooth: hci_core: fix init for HCI_USER_CHANNEL bpf/stackmap: Fix deadlock with rq_lock in bpf_get_stack() x86/mce: Lower throttling MCE messages' priority to warning perf tests: Disable bp_signal testing for arm64 drm/gma500: fix memory disclosures due to uninitialized bytes rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot ipmi: Don't allow device module unload when in use x86/ioapic: Prevent inconsistent state when moving an interrupt media: smiapp: Register sensor after enabling runtime PM on the device md/bitmap: avoid race window between md_bitmap_resize and bitmap_file_clear_bit arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() i40e: initialize ITRN registers with correct values net: phy: dp83867: enable robust auto-mdix drm/tegra: sor: Use correct SOR index on Tegra210 spi: sprd: adi: Add missing lock protection when rebooting ACPI: button: Add DMI quirk for Medion Akoya E2215T RDMA/qedr: Fix memory leak in user qp and mr gpu: host1x: Allocate gather copy for host1x net: dsa: LAN9303: select REGMAP when LAN9303 enable phy: qcom-usb-hs: Fix extcon double register after power cycle s390/time: ensure get_clock_monotonic() returns monotonic values s390/mm: add mm_pxd_folded() checks to pxd_free() net: hns3: add struct netdev_queue debug info for TX timeout libata: Ensure ata_port probe has completed before detach loop: fix no-unmap write-zeroes request behavior pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B iio: dln2-adc: fix iio_triggered_buffer_postenable() position libbpf: Fix error handling in bpf_map__reuse_fd() Bluetooth: Fix advertising duplicated flags pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() ixgbe: protect TX timestamping from API misuse media: rcar_drif: fix a memory disclosure media: v4l2-core: fix touch support in v4l_g_fmt nvmem: imx-ocotp: reset error status on probe rfkill: allocate static minor bnx2x: Fix PF-VF communication over multi-cos queues. spi: img-spfi: fix potential double release ALSA: timer: Limit max amount of slave instances rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() perf probe: Fix to find range-only function instance perf probe: Fix to list probe event with correct line number perf jevents: Fix resource leak in process_mapfile() and main() perf probe: Walk function lines in lexical blocks perf probe: Fix to probe an inline function which has no entry pc perf probe: Fix to show ranges of variables in functions without entry_pc perf probe: Fix to show inlined function callsite without entry_pc libsubcmd: Use -O0 with DEBUG=1 perf probe: Fix to probe a function which has no entry pc perf tools: Splice events onto evlist even on error drm/amdgpu: disallow direct upload save restore list from gfx driver drm/amdgpu: fix potential double drop fence reference xen/gntdev: Use select for DMA_SHARED_BUFFER perf parse: If pmu configuration fails free terms perf probe: Skip overlapped location on searching variables perf probe: Return a better scope DIE if there is no best scope perf probe: Fix to show calling lines of inlined functions perf probe: Skip end-of-sequence and non statement lines perf probe: Filter out instances except for inlined subroutine and subprogram ath10k: fix get invalid tx rate for Mesh metric fsi: core: Fix small accesses and unaligned offsets via sysfs media: pvrusb2: Fix oops on tear-down when radio support is not present soundwire: intel: fix PDI/stream mapping for Bulk crypto: atmel - Fix authenc support when it is set to m ice: delay less media: si470x-i2c: add missed operations in remove EDAC/ghes: Fix grain calculation spi: pxa2xx: Add missed security checks ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile iio: dac: ad5446: Add support for new AD5600 DAC ASoC: Intel: kbl_rt5663_rt5514_max98927: Add dmic format constraint s390/disassembler: don't hide instruction addresses nvme: Discard workaround for non-conformant devices parport: load lowlevel driver if ports not found bcache: fix static checker warning in bcache_device_free() cpufreq: Register drivers only after CPU devices have been registered x86/crash: Add a forward declaration of struct kimage tracing: use kvcalloc for tgid_map array allocation tracing/kprobe: Check whether the non-suffixed symbol is notrace bcache: fix deadlock in bcache_allocator iwlwifi: mvm: fix unaligned read of rx_pkt_status ASoC: wm8904: fix regcache handling spi: tegra20-slink: add missed clk_unprepare tun: fix data-race in gro_normal_list() crypto: virtio - deal with unsupported input sizes mmc: tmio: Add MMC_CAP_ERASE to allow erase/discard/trim requests btrfs: don't prematurely free work in end_workqueue_fn() btrfs: don't prematurely free work in run_ordered_work() ASoC: wm2200: add missed operations in remove and probe failure spi: st-ssc4: add missed pm_runtime_disable ASoC: wm5100: add missed pm_runtime_disable ASoC: Intel: bytcr_rt5640: Update quirk for Acer Switch 10 SW5-012 2-in-1 x86/insn: Add some Intel instructions to the opcode map brcmfmac: remove monitor interface when detaching iwlwifi: check kasprintf() return value fbtft: Make sure string is NULL terminated net: ethernet: ti: ale: clean ale tbl on init and intf restart crypto: sun4i-ss - Fix 64-bit size_t warnings crypto: sun4i-ss - Fix 64-bit size_t warnings on sun4i-ss-hash.c mac80211: consider QoS Null frames for STA_NULLFUNC_ACKED crypto: vmx - Avoid weird build failures libtraceevent: Fix memory leakage in copy_filter_type mips: fix build when "48 bits virtual memory" is enabled drm/amdgpu: fix bad DMA from INTERRUPT_CNTL2 net: phy: initialise phydev speed and duplex sanely btrfs: don't prematurely free work in reada_start_machine_worker() btrfs: don't prematurely free work in scrub_missing_raid56_worker() Revert "mmc: sdhci: Fix incorrect switch to HS mode" mmc: mediatek: fix CMD_TA to 2 for MT8173 HS200/HS400 mode can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices usb: xhci: Fix build warning seen with CONFIG_PM=n drm/amdgpu: fix uninitialized variable pasid_mapping_needed s390/ftrace: fix endless recursion in function_graph tracer btrfs: return error pointer from alloc_test_extent_buffer usbip: Fix receive error in vhci-hcd when using scatter-gather usbip: Fix error path of vhci_recv_ret_submit() cpufreq: Avoid leaving stale IRQ work items during CPU offline USB: EHCI: Do not return -EPIPE when hub is disconnected intel_th: pci: Add Comet Lake PCH-V support intel_th: pci: Add Elkhart Lake SOC support platform/x86: hp-wmi: Make buffer for HPWMI_FEATURE2_QUERY 128 bytes staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value ext4: fix ext4_empty_dir() for directories with holes ext4: check for directory entries too close to block end ext4: unlock on error in ext4_expand_extra_isize() KVM: arm64: Ensure 'params' is initialised when looking up sys register x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks[] powerpc/vcpu: Assume dedicated processors as non-preempt powerpc/irq: fix stack overflow verification mmc: sdhci-msm: Correct the offset and value for DDR_CONFIG register mmc: sdhci-of-esdhc: Revert "mmc: sdhci-of-esdhc: add erratum A-009204 support" mmc: sdhci: Update the tuning failed messages to pr_debug level mmc: sdhci-of-esdhc: fix P2020 errata handling mmc: sdhci: Workaround broken command queuing on Intel GLK mmc: sdhci: Add a quirk for broken command queuing nbd: fix shutdown and recv work deadlock v2 perf probe: Fix to show function entry line as probe-able Linux 4.19.92 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic4c7f9c713549ebb3319cd0275e88678bfa0e53d |
||
Corey Minyard
|
f9d405a4bd |
ipmi: Don't allow device module unload when in use
[ Upstream commit cbb79863fc3175ed5ac506465948b02a893a8235 ] If something has the IPMI driver open, don't allow the device module to be unloaded. Before it would unload and the user would get errors on use. This change is made on user request, and it makes it consistent with the I2C driver, which has the same behavior. It does change things a little bit with respect to kernel users. If the ACPI or IPMI watchdog (or any other kernel user) has created a user, then the device module cannot be unloaded. Before it could be unloaded, This does not affect hot-plug. If the device goes away (it's on something removable that is removed or is hot-removed via sysfs) then it still behaves as it did before. Reported-by: tony camuso <tcamuso@redhat.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Tested-by: tony camuso <tcamuso@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Tony Lindgren
|
03e5b2405e |
hwrng: omap3-rom - Call clk_disable_unprepare() on exit only if not idled
[ Upstream commit eaecce12f5f0d2c35d278e41e1bc4522393861ab ]
When unloading omap3-rom-rng, we'll get the following:
WARNING: CPU: 0 PID: 100 at drivers/clk/clk.c:948 clk_core_disable
This is because the clock may be already disabled by omap3_rom_rng_idle().
Let's fix the issue by checking for rng_idle on exit.
Cc: Aaro Koskinen <aaro.koskinen@iki.fi>
Cc: Adam Ford <aford173@gmail.com>
Cc: Pali Rohár <pali.rohar@gmail.com>
Cc: Sebastian Reichel <sre@kernel.org>
Cc: Tero Kristo <t-kristo@ti.com>
Fixes:
|
||
Greg Kroah-Hartman
|
d902dae13d |
This is the 4.19.90 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl35M30ACgkQONu9yGCS aT7MxQ/+P2k2knFpbzGfqn7Ug4fyrWJ8T0cvmcQYLxcddJdM+tQWuFfXR6rhg2U6 cCEkIAKVxihEA51PT6LYiynIMQ1UDAEYENfwYK4inVX2HbMsqDC4D0qnAkABzH27 sLXwhKOOGB/z1F7oKjjsX/cCwP3V2E0PL1P7owHZis6tB24pZrMEss24x/4+dDm9 zBDDxpR++mJypRvG3fA8oP5dhZZJNacIvLW+48wrxZWkIcVNnRV+QnyHZe68af1R SH4+I12AAeEDyEsQI8yX8PmGAnj1RZrzRQhibxooyBH4642RbX2qCYJkutPjI5rG pUl4970MdSHYMyEUwxh77b0jSO/9w7k02yatyp0DVA0PQ7p0lLBFZ96GEG9ytXJm Csuc6HEXSSTvuX8pf/KAf18L6kgnUhlxywkDcrcAVLQofMDhODul3fJALmGSVJXW jbp6AFoqT84I8Gm+je+vyuQciLnuH5C9wwxrOrWZzr+hLzZk60iG+OpRohn/g+Bx PjDjvnump0JGjF89hfNc+v9F+ihz7GBwOxspGrgb27ViRIhcxf0GuYFxyJtEuDiW 6+gYNzWUaVC4RR1l1jXGWtGUPBsNV50sxFHK/Hx09UMIu/uJPMtF+TW9QDhJT1jr kL1kKeCsRV54nWjiWKwTTI2I37xJCPuidW5hvLqf2+ZHYTfQzsE= =Op5F -----END PGP SIGNATURE----- Merge 4.19.90 into android-4.19 Changes in 4.19.90 usb: gadget: configfs: Fix missing spin_lock_init() usb: gadget: pch_udc: fix use after free scsi: qla2xxx: Fix driver unload hang media: venus: remove invalid compat_ioctl32 handler USB: uas: honor flag to avoid CAPACITY16 USB: uas: heed CAPACITY_HEURISTICS USB: documentation: flags on usb-storage versus UAS usb: Allow USB device to be warm reset in suspended state staging: rtl8188eu: fix interface sanity check staging: rtl8712: fix interface sanity check staging: gigaset: fix general protection fault on probe staging: gigaset: fix illegal free on probe errors staging: gigaset: add endpoint-type sanity check usb: xhci: only set D3hot for pci device xhci: Fix memory leak in xhci_add_in_port() xhci: Increase STS_HALT timeout in xhci_suspend() xhci: handle some XHCI_TRUST_TX_LENGTH quirks cases as default behaviour. ARM: dts: pandora-common: define wl1251 as child node of mmc3 iio: adis16480: Add debugfs_reg_access entry iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting iio: imu: inv_mpu6050: fix temperature reporting using bad unit USB: atm: ueagle-atm: add missing endpoint check USB: idmouse: fix interface sanity checks USB: serial: io_edgeport: fix epic endpoint lookup usb: roles: fix a potential use after free USB: adutux: fix interface sanity check usb: core: urb: fix URB structure initialization function usb: mon: Fix a deadlock in usbmon between mmap and read tpm: add check after commands attribs tab allocation mtd: spear_smi: Fix Write Burst mode virtio-balloon: fix managed page counts when migrating pages between zones usb: dwc3: pci: add ID for the Intel Comet Lake -H variant usb: dwc3: gadget: Fix logical condition usb: dwc3: ep0: Clear started flag on completion phy: renesas: rcar-gen3-usb2: Fix sysfs interface of "role" btrfs: check page->mapping when loading free space cache btrfs: use refcount_inc_not_zero in kill_all_nodes Btrfs: fix metadata space leak on fixup worker failure to set range as delalloc Btrfs: fix negative subv_writers counter and data space leak after buffered write btrfs: Avoid getting stuck during cyclic writebacks btrfs: Remove btrfs_bio::flags member Btrfs: send, skip backreference walking for extents with many references btrfs: record all roots for rename exchange on a subvol rtlwifi: rtl8192de: Fix missing code to retrieve RX buffer address rtlwifi: rtl8192de: Fix missing callback that tests for hw release of buffer rtlwifi: rtl8192de: Fix missing enable interrupt flag lib: raid6: fix awk build warnings ovl: fix corner case of non-unique st_dev;st_ino ovl: relax WARN_ON() on rename to self hwrng: omap - Fix RNG wait loop timeout dm writecache: handle REQ_FUA dm zoned: reduce overhead of backing device checks workqueue: Fix spurious sanity check failures in destroy_workqueue() workqueue: Fix pwq ref leak in rescuer_thread() ASoC: rt5645: Fixed buddy jack support. ASoC: rt5645: Fixed typo for buddy jack support. ASoC: Jack: Fix NULL pointer dereference in snd_soc_jack_report md: improve handling of bio with REQ_PREFLUSH in md_flush_request() blk-mq: avoid sysfs buffer overflow with too many CPU cores cgroup: pids: use atomic64_t for pids->limit ar5523: check NULL before memcpy() in ar5523_cmd() s390/mm: properly clear _PAGE_NOEXEC bit when it is not supported media: bdisp: fix memleak on release media: radio: wl1273: fix interrupt masking on release media: cec.h: CEC_OP_REC_FLAG_ values were swapped cpuidle: Do not unset the driver if it is there already erofs: zero out when listxattr is called with no xattr intel_th: Fix a double put_device() in error path intel_th: pci: Add Ice Lake CPU support intel_th: pci: Add Tiger Lake CPU support PM / devfreq: Lock devfreq in trans_stat_show cpufreq: powernv: fix stack bloat and hard limit on number of CPUs ACPI / hotplug / PCI: Allocate resources directly under the non-hotplug bridge ACPI: OSL: only free map once in osl.c ACPI: bus: Fix NULL pointer check in acpi_bus_get_private_data() ACPI: PM: Avoid attaching ACPI PM domain to certain devices pinctrl: armada-37xx: Fix irq mask access in armada_37xx_irq_set_type() pinctrl: samsung: Add of_node_put() before return in error path pinctrl: samsung: Fix device node refcount leaks in Exynos wakeup controller init pinctrl: samsung: Fix device node refcount leaks in S3C24xx wakeup controller init pinctrl: samsung: Fix device node refcount leaks in init code pinctrl: samsung: Fix device node refcount leaks in S3C64xx wakeup controller init mmc: host: omap_hsmmc: add code for special init of wl1251 to get rid of pandora_wl1251_init_card ARM: dts: omap3-tao3530: Fix incorrect MMC card detection GPIO polarity ppdev: fix PPGETTIME/PPSETTIME ioctls powerpc: Allow 64bit VDSO __kernel_sync_dicache to work across ranges >4GB powerpc/xive: Prevent page fault issues in the machine crash handler powerpc: Allow flush_icache_range to work across ranges >4GB powerpc/xive: Skip ioremap() of ESB pages for LSI interrupts video/hdmi: Fix AVI bar unpack quota: Check that quota is not dirty before release ext2: check err when partial != NULL quota: fix livelock in dquot_writeback_dquots ext4: Fix credit estimate for final inode freeing reiserfs: fix extended attributes on the root directory block: fix single range discard merge scsi: zfcp: trace channel log even for FCP command responses scsi: qla2xxx: Fix DMA unmap leak scsi: qla2xxx: Fix hang in fcport delete path scsi: qla2xxx: Fix session lookup in qlt_abort_work() scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value scsi: qla2xxx: Fix message indicating vectors used by driver scsi: qla2xxx: Fix SRB leak on switch command timeout xhci: make sure interrupts are restored to correct state usb: typec: fix use after free in typec_register_port() omap: pdata-quirks: remove openpandora quirks for mmc3 and wl1251 scsi: lpfc: Cap NPIV vports to 256 scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE scsi: lpfc: Correct topology type reporting on G7 adapters drbd: Change drbd_request_detach_interruptible's return type to int e100: Fix passing zero to 'PTR_ERR' warning in e100_load_ucode_wait pvcalls-front: don't return error when the ring is full sch_cake: Correctly update parent qlen when splitting GSO packets net/smc: do not wait under send_lock net: hns3: clear pci private data when unload hns3 driver net: hns3: change hnae3_register_ae_dev() to int net: hns3: Check variable is valid before assigning it to another scsi: hisi_sas: send primitive NOTIFY to SSP situation only scsi: hisi_sas: Reject setting programmed minimum linkrate > 1.5G x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk power: supply: cpcap-battery: Fix signed counter sample register mlxsw: spectrum_router: Refresh nexthop neighbour when it becomes dead media: vimc: fix component match compare ath10k: fix fw crash by moving chip reset after napi disabled regulator: 88pm800: fix warning same module names powerpc: Avoid clang warnings around setjmp and longjmp powerpc: Fix vDSO clock_getres() ext4: work around deleting a file with i_nlink == 0 safely firmware: qcom: scm: Ensure 'a0' status code is treated as signed mm/shmem.c: cast the type of unmap_start to u64 rtc: disable uie before setting time and enable after splice: only read in as much information as there is pipe buffer space ext4: fix a bug in ext4_wait_for_tail_page_commit mfd: rk808: Fix RK818 ID template mm, thp, proc: report THP eligibility for each vma s390/smp,vdso: fix ASCE handling blk-mq: make sure that line break can be printed workqueue: Fix missing kfree(rescuer) in destroy_workqueue() perf callchain: Fix segfault in thread__resolve_callchain_sample() gre: refetch erspan header from skb->data after pskb_may_pull() firmware: arm_scmi: Avoid double free in error flow sunrpc: fix crash when cache_head become valid before update net/mlx5e: Fix SFF 8472 eeprom length leds: trigger: netdev: fix handling on interface rename PCI: rcar: Fix missing MACCTLR register setting in initialization sequence gfs2: fix glock reference problem in gfs2_trans_remove_revoke of: overlay: add_changeset_property() memory leak kernel/module.c: wakeup processes in module_wq on module unload cifs: Fix potential softlockups while refreshing DFS cache gpiolib: acpi: Add Terra Pad 1061 to the run_edge_events_on_boot_blacklist raid5: need to set STRIPE_HANDLE for batch head scsi: qla2xxx: Change discovery state before PLOGI iio: imu: mpu6050: add missing available scan masks idr: Fix idr_get_next_ul race with idr_remove scsi: zorro_esp: Limit DMA transfers to 65536 bytes (except on Fastlane) of: unittest: fix memory leak in attach_node_and_children Linux 4.19.90 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I790291e9f3d3c8dd3f53e4387de25ff272ad4f39 |
||
Arnd Bergmann
|
919fc442cf |
ppdev: fix PPGETTIME/PPSETTIME ioctls
commit 998174042da229e2cf5841f574aba4a743e69650 upstream.
Going through the uses of timeval in the user space API,
I noticed two bugs in ppdev that were introduced in the y2038
conversion:
* The range check was accidentally moved from ppsettime to
ppgettime
* On sparc64, the microseconds are in the other half of the
64-bit word.
Fix both, and mark the fix for stable backports.
Cc: stable@vger.kernel.org
Fixes:
|
||
Sumit Garg
|
7c07d02673 |
hwrng: omap - Fix RNG wait loop timeout
commit be867f987a4e1222114dd07a01838a17c26f3fff upstream.
Existing RNG data read timeout is 200us but it doesn't cover EIP76 RNG
data rate which takes approx. 700us to produce 16 bytes of output data
as per testing results. So configure the timeout as 1000us to also take
account of lack of udelay()'s reliability.
Fixes:
|
||
Tadeusz Struk
|
2e0e2b4860 |
tpm: add check after commands attribs tab allocation
commit f1689114acc5e89a196fec6d732dae3e48edb6ad upstream.
devm_kcalloc() can fail and return NULL so we need to check for that.
Cc: stable@vger.kernel.org
Fixes:
|
||
Greg Kroah-Hartman
|
e5312e5d68 |
This is the 4.19.89 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3zQ1wACgkQONu9yGCS aT6ZDA/+JQyM+mgrU2t5mkq9lXCwL87Jiooy0kKT9b/2EWmW5Gdxp/On9PXfqtfs uZ+v0A1g1H+582uwuqG1wB2jr3I2AhNnRNbvSypGtk1Kitx9HqVJD/wWRRVCULww cr3uA/ZOX+deRjOVYP3dhFp7ycn6u5+GxgmFQTLmKAYN8uUqq4/dpWy01iB0nr2A GcoLm9P96o8P/wIWaykqOvshDrocbFcBL4VuxLeZCbFsAMTiX+jJnyIL8W7gfBJl M2626S/hESk5DvGcMN3zwOw/nTJlvySUtfqXSvPk0sT90UMx/YZ9QdpS9GkvRb9t OA1G+iHguEU+Fq/DawUyxwk/kt3nA6cg0q7RSxHo7QP6SGo7OaHHS1myzGDhL8oc LDKXO2iSSzvXJDlqrU45N+1YhpeiIHCxmDctbUIM9dP4u6wWmQIyYXLrcpupTsm9 StiDBguXFHWSBFhG0+MlTUU5cypVNoN+56wBAUTR6+qoDASTzGvjNbrBsQihODV0 RMFJF17Zvn+UoEohe860EMswUBsJ+F+VSZO5yGuZgsaC/2Ih6M1dxsiNU7RF02gX fRis6huj1+642ZsEbd2tueYGUaDN1HpMsVkN3AAkD3pJF5lX7AJRwhvRyC8N1jhc G90KMSk2pR/ItjmUpkKaAhAKhN+oKSzuCPpHj2iGotfWdd4slXQ= =Ekyt -----END PGP SIGNATURE----- Merge 4.19.89 into android-4.19 Changes in 4.19.89 rsi: release skb if rsi_prepare_beacon fails arm64: tegra: Fix 'active-low' warning for Jetson TX1 regulator sparc64: implement ioremap_uc lp: fix sparc64 LPSETTIMEOUT ioctl usb: gadget: u_serial: add missing port entry locking tty: serial: fsl_lpuart: use the sg count from dma_map_sg tty: serial: msm_serial: Fix flow control serial: pl011: Fix DMA ->flush_buffer() serial: serial_core: Perform NULL checks for break_ctl ops serial: ifx6x60: add missed pm_runtime_disable autofs: fix a leak in autofs_expire_indirect() RDMA/hns: Correct the value of HNS_ROCE_HEM_CHUNK_LEN iwlwifi: pcie: don't consider IV len in A-MSDU exportfs_decode_fh(): negative pinned may become positive without the parent locked audit_get_nd(): don't unlock parent too early NFC: nxp-nci: Fix NULL pointer dereference after I2C communication error xfrm: release device reference for invalid state Input: cyttsp4_core - fix use after free bug sched/core: Avoid spurious lock dependencies perf/core: Consistently fail fork on allocation failures ALSA: pcm: Fix stream lock usage in snd_pcm_period_elapsed() drm/sun4i: tcon: Set min division of TCON0_DCLK to 1. selftests: kvm: fix build with glibc >= 2.30 rsxx: add missed destroy_workqueue calls in remove net: ep93xx_eth: fix mismatch of request_mem_region in remove i2c: core: fix use after free in of_i2c_notify serial: core: Allow processing sysrq at port unlock time cxgb4vf: fix memleak in mac_hlist initialization iwlwifi: mvm: synchronize TID queue removal iwlwifi: trans: Clear persistence bit when starting the FW iwlwifi: mvm: Send non offchannel traffic via AP sta ARM: 8813/1: Make aligned 2-byte getuser()/putuser() atomic on ARMv6+ audit: Embed key into chunk netfilter: nf_tables: don't use position attribute on rule replacement ARC: IOC: panic if kernel was started with previously enabled IOC net/mlx5: Release resource on error flow clk: sunxi-ng: a64: Fix gate bit of DSI DPHY ice: Fix NVM mask defines dlm: fix possible call to kfree() for non-initialized pointer ARM: dts: exynos: Fix LDO13 min values on Odroid XU3/XU4/HC1 extcon: max8997: Fix lack of path setting in USB device mode net: ethernet: ti: cpts: correct debug for expired txq skb rtc: s3c-rtc: Avoid using broken ALMYEAR register rtc: max77686: Fix the returned value in case of error in 'max77686_rtc_read_time()' i40e: don't restart nway if autoneg not supported virtchnl: Fix off by one error clk: rockchip: fix rk3188 sclk_smc gate data clk: rockchip: fix rk3188 sclk_mac_lbtest parameter ordering ARM: dts: rockchip: Fix rk3288-rock2 vcc_flash name dlm: fix missing idr_destroy for recover_idr MIPS: SiByte: Enable ZONE_DMA32 for LittleSur net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing MII_PHYSID2 scsi: zfcp: update kernel message for invalid FCP_CMND length, it's not the CDB scsi: zfcp: drop default switch case which might paper over missing case drivers: soc: Allow building the amlogic drivers without ARCH_MESON bus: ti-sysc: Fix getting optional clocks in clock_roles ARM: dts: imx6: RDU2: fix eGalax touchscreen node crypto: ecc - check for invalid values in the key verification test crypto: bcm - fix normal/non key hash algorithm failure arm64: dts: zynqmp: Fix node names which contain "_" pinctrl: qcom: ssbi-gpio: fix gpio-hog related boot issues Staging: iio: adt7316: Fix i2c data reading, set the data field firmware: raspberrypi: Fix firmware calls with large buffers mm/vmstat.c: fix NUMA statistics updates clk: rockchip: fix I2S1 clock gate register for rk3328 clk: rockchip: fix ID of 8ch clock of I2S1 for rk3328 sctp: count sk_wmem_alloc by skb truesize in sctp_packet_transmit regulator: Fix return value of _set_load() stub USB: serial: f81534: fix reading old/new IC config xfs: extent shifting doesn't fully invalidate page cache net-next/hinic:fix a bug in set mac address net-next/hinic: fix a bug in rx data flow ice: Fix return value from NAPI poll ice: Fix possible NULL pointer de-reference iomap: FUA is wrong for DIO O_DSYNC writes into unwritten extents iomap: sub-block dio needs to zeroout beyond EOF iomap: dio data corruption and spurious errors when pipes fill iomap: readpages doesn't zero page tail beyond EOF iw_cxgb4: only reconnect with MPAv1 if the peer aborts MIPS: OCTEON: octeon-platform: fix typing net/smc: use after free fix in smc_wr_tx_put_slot() math-emu/soft-fp.h: (_FP_ROUND_ZERO) cast 0 to void to fix warning nds32: Fix the items of hwcap_str ordering issue. rtc: max8997: Fix the returned value in case of error in 'max8997_rtc_read_alarm()' rtc: dt-binding: abx80x: fix resistance scale ARM: dts: exynos: Use Samsung SoC specific compatible for DWC2 module media: coda: fix memory corruption in case more than 32 instances are opened media: pulse8-cec: return 0 when invalidating the logical address media: cec: report Vendor ID after initialization iwlwifi: fix cfg structs for 22000 with different RF modules ravb: Clean up duplex handling net/ipv6: re-do dad when interface has IFF_NOARP flag change dmaengine: coh901318: Fix a double-lock bug dmaengine: coh901318: Remove unused variable dmaengine: dw-dmac: implement dma protection control setting net: qualcomm: rmnet: move null check on dev before dereferecing it selftests/powerpc: Allocate base registers selftests/powerpc: Skip test instead of failing usb: dwc3: debugfs: Properly print/set link state for HS usb: dwc3: don't log probe deferrals; but do log other error codes ACPI: fix acpi_find_child_device() invocation in acpi_preset_companion() f2fs: fix to account preflush command for noflush_merge mode f2fs: fix count of seg_freed to make sec_freed correct f2fs: change segment to section in f2fs_ioc_gc_range ARM: dts: rockchip: Fix the PMU interrupt number for rv1108 ARM: dts: rockchip: Assign the proper GPIO clocks for rv1108 f2fs: fix to allow node segment for GC by ioctl path sparc: Fix JIT fused branch convergance. sparc: Correct ctx->saw_frame_pointer logic. nvme: Free ctrl device name on init failure dma-mapping: fix return type of dma_set_max_seg_size() slimbus: ngd: Fix build error on x86 altera-stapl: check for a null key before strcasecmp'ing it serial: imx: fix error handling in console_setup i2c: imx: don't print error message on probe defer clk: meson: Fix GXL HDMI PLL fractional bits width gpu: host1x: Fix syncpoint ID field size on Tegra186 lockd: fix decoding of TEST results sctp: increase sk_wmem_alloc when head->truesize is increased iommu/amd: Fix line-break in error log reporting ASoC: rsnd: tidyup registering method for rsnd_kctrl_new() ARM: dts: sun4i: Fix gpio-keys warning ARM: dts: sun4i: Fix HDMI output DTC warning ARM: dts: sun5i: a10s: Fix HDMI output DTC warning ARM: dts: r8a779[01]: Disable unconnected LVDS encoders ARM: dts: sun7i: Fix HDMI output DTC warning ARM: dts: sun8i: a23/a33: Fix OPP DTC warnings ARM: dts: sun8i: v3s: Change pinctrl nodes to avoid warning dlm: NULL check before kmem_cache_destroy is not needed ARM: debug: enable UART1 for socfpga Cyclone5 can: xilinx: fix return type of ndo_start_xmit function nfsd: fix a warning in __cld_pipe_upcall() bpf: btf: implement btf_name_valid_identifier() bpf: btf: check name validity for various types tools: bpftool: fix a bitfield pretty print issue ASoC: au8540: use 64-bit arithmetic instead of 32-bit ARM: OMAP1/2: fix SoC name printing arm64: dts: meson-gxl-libretech-cc: fix GPIO lines names arm64: dts: meson-gxbb-nanopi-k2: fix GPIO lines names arm64: dts: meson-gxbb-odroidc2: fix GPIO lines names arm64: dts: meson-gxl-khadas-vim: fix GPIO lines names net/x25: fix called/calling length calculation in x25_parse_address_block net/x25: fix null_x25_address handling tools/bpf: make libbpf _GNU_SOURCE friendly clk: mediatek: Drop __init from mtk_clk_register_cpumuxes() clk: mediatek: Drop more __init markings for driver probe soc: renesas: r8a77970-sysc: Correct names of A2DP/A2CN power domains soc: renesas: r8a77980-sysc: Correct names of A2DP[01] power domains soc: renesas: r8a77980-sysc: Correct A3VIP[012] power domain hierarchy kbuild: disable dtc simple_bus_reg warnings by default tcp: make tcp_space() aware of socket backlog ARM: dts: mmp2: fix the gpio interrupt cell number ARM: dts: realview-pbx: Fix duplicate regulator nodes tcp: fix off-by-one bug on aborting window-probing socket tcp: fix SNMP under-estimation on failed retransmission tcp: fix SNMP TCP timeout under-estimation modpost: skip ELF local symbols during section mismatch check kbuild: fix single target build for external module mtd: fix mtd_oobavail() incoherent returned value ARM: dts: pxa: clean up USB controller nodes clk: meson: meson8b: fix the offset of vid_pll_dco's N value clk: sunxi-ng: h3/h5: Fix CSI_MCLK parent clk: qcom: Fix MSM8998 resets media: cxd2880-spi: fix probe when dvb_attach fails ARM: dts: realview: Fix some more duplicate regulator nodes dlm: fix invalid cluster name warning net/mlx4_core: Fix return codes of unsupported operations pstore/ram: Avoid NULL deref in ftrace merging failure path powerpc/math-emu: Update macros from GCC clk: renesas: r8a77990: Correct parent clock of DU clk: renesas: r8a77995: Correct parent clock of DU MIPS: OCTEON: cvmx_pko_mem_debug8: use oldest forward compatible definition nfsd: Return EPERM, not EACCES, in some SETATTR cases media: uvcvideo: Abstract streaming object lifetime tty: serial: qcom_geni_serial: Fix softlock ARM: dts: sun8i: h3: Fix the system-control register range tty: Don't block on IO when ldisc change is pending media: stkwebcam: Bugfix for wrong return values firmware: qcom: scm: fix compilation error when disabled clk: qcom: gcc-msm8998: Disable halt check of UFS clocks sctp: frag_point sanity check soc: renesas: r8a77990-sysc: Fix initialization order of 3DG-{A,B} mlxsw: spectrum_router: Relax GRE decap matching check IB/hfi1: Ignore LNI errors before DC8051 transitions to Polling state IB/hfi1: Close VNIC sdma_progress sleep window mlx4: Use snprintf instead of complicated strcpy usb: mtu3: fix dbginfo in qmu_tx_zlp_error_handler clk: renesas: rcar-gen3: Set state when registering SD clocks ASoC: max9867: Fix power management ARM: dts: sunxi: Fix PMU compatible strings ARM: dts: am335x-pdu001: Fix polarity of card detection input media: vimc: fix start stream when link is disabled net: aquantia: fix RSS table and key sizes sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision fuse: verify nlink fuse: verify attributes ALSA: hda/realtek - Enable internal speaker of ASUS UX431FLC ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop ALSA: hda/realtek - Dell headphone has noise on unmute for ALC236 ALSA: pcm: oss: Avoid potential buffer overflows ALSA: hda - Add mute led support for HP ProBook 645 G4 Input: synaptics - switch another X1 Carbon 6 to RMI/SMbus Input: synaptics-rmi4 - re-enable IRQs in f34v7_do_reflash Input: synaptics-rmi4 - don't increment rmiaddr for SMBus transfers Input: goodix - add upside-down quirk for Teclast X89 tablet coresight: etm4x: Fix input validation for sysfs. Input: Fix memory leak in psxpad_spi_probe x86/mm/32: Sync only to VMALLOC_END in vmalloc_sync_all() x86/PCI: Avoid AMD FCH XHCI USB PME# from D0 defect xfrm interface: fix memory leak on creation xfrm interface: avoid corruption on changelink xfrm interface: fix list corruption for x-netns xfrm interface: fix management of phydev CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks CIFS: Fix SMB2 oplock break processing tty: vt: keyboard: reject invalid keycodes can: slcan: Fix use-after-free Read in slcan_open kernfs: fix ino wrap-around detection jbd2: Fix possible overflow in jbd2_log_space_left() drm/msm: fix memleak on release drm/i810: Prevent underflow in ioctl arm64: dts: exynos: Revert "Remove unneeded address space mapping for soc node" KVM: arm/arm64: vgic: Don't rely on the wrong pending table KVM: x86: do not modify masked bits of shared MSRs KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES KVM: x86: Grab KVM's srcu lock when setting nested state crypto: crypto4xx - fix double-free in crypto4xx_destroy_sdr crypto: atmel-aes - Fix IV handling when req->nbytes < ivsize crypto: af_alg - cast ki_complete ternary op to int crypto: ccp - fix uninitialized list head crypto: ecdh - fix big endian bug in ECC library crypto: user - fix memory leak in crypto_report spi: atmel: Fix CS high support mwifiex: update set_mac_address logic can: ucan: fix non-atomic allocation in completion handler RDMA/qib: Validate ->show()/store() callbacks before calling them iomap: Fix pipe page leakage during splicing thermal: Fix deadlock in thermal thermal_zone_device_check vcs: prevent write access to vcsu devices binder: Fix race between mmap() and binder_alloc_print_pages() binder: Handle start==NULL in binder_update_page_range() ALSA: hda - Fix pending unsol events at shutdown md/raid0: Fix an error message in raid0_make_request() watchdog: aspeed: Fix clock behaviour for ast2600 perf script: Fix invalid LBR/binary mismatch error splice: don't read more than available pipe space iomap: partially revert 4721a601099 (simulated directio short read on EFAULT) xfs: add missing error check in xfs_prepare_shift() ASoC: rsnd: fixup MIX kctrl registration KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) net: qrtr: fix memort leak in qrtr_tun_write_iter appletalk: Fix potential NULL pointer dereference in unregister_snap_client appletalk: Set error code if register_snap_client failed Linux 4.19.89 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ie3fa59adde9a7e9a6d4684de0e95de14a8b83d0b |
||
Arnd Bergmann
|
c35cac9280 |
lp: fix sparc64 LPSETTIMEOUT ioctl
commit 45a2d64696b11913bcf1087b041740edbade3e21 upstream.
The layout of struct timeval is different on sparc64 from
anything else, and the patch I did long ago failed to take
this into account.
Change it now to handle sparc64 user space correctly again.
Quite likely nobody cares about parallel ports on sparc64,
but there is no reason not to fix it.
Cc: stable@vger.kernel.org
Fixes:
|
||
Greg Kroah-Hartman
|
291d853dff |
This is the 4.19.88 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3owgEACgkQONu9yGCS aT43zw//SS1As83XXuHr4mdWIVDjXo6RMJ6Ib7YbRi/uhBmQuUuGVFcqGxUIA9Kl eSXu5Kt8TNmInzHq9AMYgegrELAEwPD2XfptALGDwiUHonQuiFaqOQn/bltJOm1L PsG15A7+/gFhuhPJDp2ZfNBmZGdpXdIwD27oUDqF1XD64dMa/HPbFUVgxWn3HHkd sm0J6Ez0eNA+BmLnHXYDiSaEYIiwvy1nN6XpyIfOyb2Tz6kPoe0vVWU00Cmy8KAU EIWB+TBRunspgMsShL5Cl1MSFOxf9QOmgnZxcrODAQfb1TbLMACB1FGMjK4nLm+3 wPlSnC7L49ARl/pvmN5NOUrjHi8S8qq/Od9QW+UIckRI6KzOU832h99v4gFuHjSC KFiLi5K9+uTIMgNOETmINBiKKUcUzYXYVajvm4tuAUq3HO8wy6jeALtt34OiJZQZ DV8wyBdL9NDUFqBymFaMFA4Us/fGIREzvPgI0E0jth2ANuLFLtScrnStuWv8buwJ JT3V9xCxHZtZ3Ctevx/Jp6OaQtnbSnWjMjrO0UDzZ6N7+g5UKmh9/R3xL6sBpFVU Vu49J+qWU3VmbY3EIulel+yARNe7xS4ExK185JmNzpYFyOpXum14FHhhtQ6xNSeu dRqyITI0KYP7jWtBDKCgVAWF5jC9gHP1ksrHSZMhyGrv1dC1XZM= =KnJW -----END PGP SIGNATURE----- Merge 4.19.88 into android-4.19 Changes in 4.19.88 clk: meson: gxbb: let sar_adc_clk_div set the parent clock rate clocksource/drivers/mediatek: Fix error handling ASoC: msm8916-wcd-analog: Fix RX1 selection in RDAC2 MUX ASoC: compress: fix unsigned integer overflow check reset: Fix memory leak in reset_control_array_put() clk: samsung: exynos5433: Fix error paths ASoC: kirkwood: fix external clock probe defer ASoC: kirkwood: fix device remove ordering clk: samsung: exynos5420: Preserve PLL configuration during suspend/resume pinctrl: cherryview: Allocate IRQ chip dynamic ARM: dts: imx6qdl-sabreauto: Fix storm of accelerometer interrupts reset: fix reset_control_ops kerneldoc comment clk: at91: avoid sleeping early clk: sunxi: Fix operator precedence in sunxi_divs_clk_setup clk: sunxi-ng: a80: fix the zero'ing of bits 16 and 18 ARM: dts: sun8i-a83t-tbs-a711: Fix WiFi resume from suspend samples/bpf: fix build by setting HAVE_ATTR_TEST to zero powerpc/bpf: Fix tail call implementation idr: Fix integer overflow in idr_for_each_entry idr: Fix idr_alloc_u32 on 32-bit systems x86/resctrl: Prevent NULL pointer dereference when reading mondata clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call clk: ti: clkctrl: Fix failed to enable error with double udelay timeout net: fec: add missed clk_disable_unprepare in remove bridge: ebtables: don't crash when using dnat target in output chains can: peak_usb: report bus recovery as well can: c_can: D_CAN: c_can_chip_config(): perform a sofware reset on open can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak can: rx-offload: can_rx_offload_offload_one(): do not increase the skb_queue beyond skb_queue_len_max can: rx-offload: can_rx_offload_offload_one(): increment rx_fifo_errors on queue overflow or OOM can: rx-offload: can_rx_offload_offload_one(): use ERR_PTR() to propagate error value in case of errors can: rx-offload: can_rx_offload_irq_offload_timestamp(): continue on error can: rx-offload: can_rx_offload_irq_offload_fifo(): continue on error can: flexcan: increase error counters if skb enqueueing via can_rx_offload_queue_sorted() fails can: mcp251x: mcp251x_restart_work_handler(): Fix potential force_quit race condition watchdog: meson: Fix the wrong value of left time ASoC: stm32: sai: add restriction on mmap support scripts/gdb: fix debugging modules compiled with hot/cold partitioning net: bcmgenet: use RGMII loopback for MAC reset net: bcmgenet: reapply manual settings to the PHY net: mscc: ocelot: fix __ocelot_rmw_ix prototype ceph: return -EINVAL if given fsc mount option on kernel w/o support net/fq_impl: Switch to kvmalloc() for memory allocation mac80211: fix station inactive_time shortly after boot block: drbd: remove a stray unlock in __drbd_send_protocol() pwm: bcm-iproc: Prevent unloading the driver module while in use scsi: target/tcmu: Fix queue_cmd_ring() declaration scsi: lpfc: Fix kernel Oops due to null pring pointers scsi: lpfc: Fix dif and first burst use in write commands ARM: dts: Fix up SQ201 flash access tracing: Lock event_mutex before synth_event_mutex ARM: debug-imx: only define DEBUG_IMX_UART_PORT if needed ARM: dts: imx51: Fix memory node duplication ARM: dts: imx53: Fix memory node duplication ARM: dts: imx31: Fix memory node duplication ARM: dts: imx35: Fix memory node duplication ARM: dts: imx7: Fix memory node duplication ARM: dts: imx6ul: Fix memory node duplication ARM: dts: imx6sx: Fix memory node duplication ARM: dts: imx6sl: Fix memory node duplication ARM: dts: imx50: Fix memory node duplication ARM: dts: imx23: Fix memory node duplication ARM: dts: imx1: Fix memory node duplication ARM: dts: imx27: Fix memory node duplication ARM: dts: imx25: Fix memory node duplication ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication parisc: Fix serio address output parisc: Fix HP SDC hpa address output ARM: dts: Fix hsi gdd range for omap4 arm64: mm: Prevent mismatched 52-bit VA support arm64: smp: Handle errors reported by the firmware bus: ti-sysc: Check for no-reset and no-idle flags at the child level platform/x86: mlx-platform: Fix LED configuration ARM: OMAP1: fix USB configuration for device-only setups RDMA/hns: Fix the bug while use multi-hop of pbl arm64: preempt: Fix big-endian when checking preempt count in assembly RDMA/vmw_pvrdma: Use atomic memory allocation in create AH PM / AVS: SmartReflex: NULL check before some freeing functions is not needed xfs: zero length symlinks are not valid ARM: ks8695: fix section mismatch warning ACPI / LPSS: Ignore acpi_device_fix_up_power() return value scsi: lpfc: Enable Management features for IF_TYPE=6 scsi: qla2xxx: Fix NPIV handling for FC-NVMe scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port nvme: provide fallback for discard alloc failure s390/zcrypt: make sysfs reset attribute trigger queue reset crypto: user - support incremental algorithm dumps arm64: dts: renesas: draak: Fix CVBS input mwifiex: fix potential NULL dereference and use after free mwifiex: debugfs: correct histogram spacing, formatting brcmfmac: set F2 watermark to 256 for 4373 brcmfmac: set SDIO F1 MesBusyCtrl for CYW4373 rtl818x: fix potential use after free bcache: do not check if debug dentry is ERR or NULL explicitly on remove bcache: do not mark writeback_running too early xfs: require both realtime inodes to mount nvme: fix kernel paging oops ubifs: Fix default compression selection in ubifs ubi: Put MTD device after it is not used ubi: Do not drop UBI device reference before using microblaze: adjust the help to the real behavior microblaze: move "... is ready" messages to arch/microblaze/Makefile microblaze: fix multiple bugs in arch/microblaze/boot/Makefile iwlwifi: move iwl_nvm_check_version() into dvm iwlwifi: mvm: force TCM re-evaluation on TCM resume iwlwifi: pcie: fix erroneous print iwlwifi: pcie: set cmd_len in the correct place gpio: pca953x: Fix AI overflow on PCAL6524 gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB kvm: vmx: Set IA32_TSC_AUX for legacy mode guests Revert "KVM: nVMX: reset cache/shadows when switching loaded VMCS" Revert "KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode()" crypto/chelsio/chtls: listen fails with multiadapt VSOCK: bind to random port for VMADDR_PORT_ANY mmc: meson-gx: make sure the descriptor is stopped on errors mtd: rawnand: sunxi: Write pageprog related opcodes to WCMD_SET usb: ehci-omap: Fix deferred probe for phy handling btrfs: Check for missing device before bio submission in btrfs_map_bio btrfs: fix ncopies raid_attr for RAID56 btrfs: dev-replace: set result code of cancel by status of scrub Btrfs: allow clear_extent_dirty() to receive a cached extent state record btrfs: only track ref_heads in delayed_ref_updates serial: sh-sci: Fix crash in rx_timer_fn() on PIO fallback HID: intel-ish-hid: fixes incorrect error handling gpio: raspberrypi-exp: decrease refcount on firmware dt node serial: 8250: Rate limit serial port rx interrupts during input overruns kprobes/x86/xen: blacklist non-attachable xen interrupt functions xen/pciback: Check dev_data before using it kprobes: Blacklist symbols in arch-defined prohibited area kprobes/x86: Show x86-64 specific blacklisted symbols correctly vfio-mdev/samples: Use u8 instead of char for handle functions memory: omap-gpmc: Get the header of the enum pinctrl: xway: fix gpio-hog related boot issues net/mlx5: Continue driver initialization despite debugfs failure netfilter: nf_nat_sip: fix RTP/RTCP source port translations exofs_mount(): fix leaks on failure exits bnxt_en: Return linux standard errors in bnxt_ethtool.c bnxt_en: Save ring statistics before reset. bnxt_en: query force speeds before disabling autoneg mode. KVM: s390: unregister debug feature on failing arch init pinctrl: sh-pfc: r8a77990: Fix MOD_SEL0 SEL_I2C1 field width pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 HID: doc: fix wrong data structure reference for UHID_OUTPUT dm flakey: Properly corrupt multi-page bios. gfs2: take jdata unstuff into account in do_grow dm raid: fix false -EBUSY when handling check/repair message xfs: Align compat attrlist_by_handle with native implementation. xfs: Fix bulkstat compat ioctls on x32 userspace. IB/qib: Fix an error code in qib_sdma_verbs_send() clocksource/drivers/fttmr010: Fix invalid interrupt register access vxlan: Fix error path in __vxlan_dev_create() powerpc/book3s/32: fix number of bats in p/v_block_mapped() powerpc/xmon: fix dump_segments() drivers/regulator: fix a missing check of return value Bluetooth: hci_bcm: Handle specific unknown packets after firmware loading serial: max310x: Fix tx_empty() callback openrisc: Fix broken paths to arch/or32 RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer scsi: qla2xxx: deadlock by configfs_depend_item scsi: csiostor: fix incorrect dma device in case of vport brcmfmac: Fix access point mode ath6kl: Only use match sets when firmware supports it ath6kl: Fix off by one error in scan completion powerpc/perf: Fix unit_sel/cache_sel checks powerpc/32: Avoid unsupported flags with clang powerpc/prom: fix early DEBUG messages powerpc/mm: Make NULL pointer deferences explicit on bad page faults. powerpc/44x/bamboo: Fix PCI range vfio/spapr_tce: Get rid of possible infinite loop powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status drbd: ignore "all zero" peer volume sizes in handshake drbd: reject attach of unsuitable uuids even if connected drbd: do not block when adjusting "disk-options" while IO is frozen drbd: fix print_st_err()'s prototype to match the definition IB/rxe: Make counters thread safe bpf/cpumap: make sure frame_size for build_skb is aligned if headroom isn't regulator: tps65910: fix a missing check of return value powerpc/83xx: handle machine check caused by watchdog timer powerpc/pseries: Fix node leak in update_lmb_associativity_index() powerpc: Fix HMIs on big-endian with CONFIG_RELOCATABLE=y crypto: mxc-scc - fix build warnings on ARM64 pwm: clps711x: Fix period calculation net/netlink_compat: Fix a missing check of nla_parse_nested net/net_namespace: Check the return value of register_pernet_subsys() f2fs: fix block address for __check_sit_bitmap f2fs: fix to dirty inode synchronously um: Include sys/uio.h to have writev() um: Make GCOV depend on !KCOV net: (cpts) fix a missing check of clk_prepare net: stmicro: fix a missing check of clk_prepare net: dsa: bcm_sf2: Propagate error value from mdio_write atl1e: checking the status of atl1e_write_phy_reg tipc: fix a missing check of genlmsg_put net: marvell: fix a missing check of acpi_match_device net/wan/fsl_ucc_hdlc: Avoid double free in ucc_hdlc_probe() ocfs2: clear journal dirty flag after shutdown journal vmscan: return NODE_RECLAIM_NOSCAN in node_reclaim() when CONFIG_NUMA is n mm/page_alloc.c: free order-0 pages through PCP in page_frag_free() mm/page_alloc.c: use a single function to free page mm/page_alloc.c: deduplicate __memblock_free_early() and memblock_free() tools/vm/page-types.c: fix "kpagecount returned fewer pages than expected" failures netfilter: nf_tables: fix a missing check of nla_put_failure xprtrdma: Prevent leak of rpcrdma_rep objects infiniband: bnxt_re: qplib: Check the return value of send_message infiniband/qedr: Potential null ptr dereference of qp firmware: arm_sdei: fix wrong of_node_put() in init function firmware: arm_sdei: Fix DT platform device creation lib/genalloc.c: fix allocation of aligned buffer from non-aligned chunk lib/genalloc.c: use vzalloc_node() to allocate the bitmap fork: fix some -Wmissing-prototypes warnings drivers/base/platform.c: kmemleak ignore a known leak lib/genalloc.c: include vmalloc.h mtd: Check add_mtd_device() ret code tipc: fix memory leak in tipc_nl_compat_publ_dump net/core/neighbour: tell kmemleak about hash tables ata: ahci: mvebu: do Armada 38x configuration only on relevant SoCs PCI/MSI: Return -ENOSPC from pci_alloc_irq_vectors_affinity() net/core/neighbour: fix kmemleak minimal reference count for hash tables serial: 8250: Fix serial8250 initialization crash gpu: ipu-v3: pre: don't trigger update if buffer address doesn't change sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe ip_tunnel: Make none-tunnel-dst tunnel port work with lwtunnel decnet: fix DN_IFREQ_SIZE net/smc: prevent races between smc_lgr_terminate() and smc_conn_free() net/smc: don't wait for send buffer space when data was already sent mm/hotplug: invalid PFNs from pfn_to_online_page() xfs: end sync buffer I/O properly on shutdown error net/smc: fix sender_free computation blktrace: Show requests without sector net/smc: fix byte_order for rx_curs_confirmed tipc: fix skb may be leaky in tipc_link_input ASoC: samsung: i2s: Fix prescaler setting for the secondary DAI sfc: initialise found bitmap in efx_ef10_mtd_probe geneve: change NET_UDP_TUNNEL dependency to select net: fix possible overflow in __sk_mem_raise_allocated() net: ip_gre: do not report erspan_ver for gre or gretap net: ip6_gre: do not report erspan_ver for ip6gre or ip6gretap sctp: don't compare hb_timer expire date before starting it bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() mmc: core: align max segment size with logical block size net: dev: Use unsigned integer as an argument to left-shift kvm: properly check debugfs dentry before using it bpf: drop refcount if bpf_map_new_fd() fails in map_create() net: hns3: Change fw error code NOT_EXEC to NOT_SUPPORTED net: hns3: fix PFC not setting problem for DCB module net: hns3: fix an issue for hclgevf_ae_get_hdev net: hns3: fix an issue for hns3_update_new_int_gl iommu/amd: Fix NULL dereference bug in match_hid_uid apparmor: delete the dentry in aafs_remove() to avoid a leak scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery ACPI / APEI: Don't wait to serialise with oops messages when panic()ing ACPI / APEI: Switch estatus pool to use vmalloc memory scsi: hisi_sas: shutdown axi bus to avoid exception CQ returned scsi: libsas: Check SMP PHY control function result RDMA/hns: Fix the bug with updating rq head pointer when flush cqe RDMA/hns: Bugfix for the scene without receiver queue RDMA/hns: Fix the state of rereg mr RDMA/hns: Use GFP_ATOMIC in hns_roce_v2_modify_qp ASoC: rt5645: Headphone Jack sense inverts on the LattePanda board powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() xdp: fix cpumap redirect SKB creation bug mtd: Remove a debug trace in mtdpart.c mm, gup: add missing refcount overflow checks on s390 clk: at91: fix update bit maps on CFG_MOR write clk: at91: generated: set audio_pll_allowed in at91_clk_register_generated() usb: dwc2: use a longer core rest timeout in dwc2_core_reset() staging: rtl8192e: fix potential use after free staging: rtl8723bs: Drop ACPI device ids staging: rtl8723bs: Add 024c:0525 to the list of SDIO device-ids USB: serial: ftdi_sio: add device IDs for U-Blox C099-F9P mei: bus: prefix device names on bus with the bus name mei: me: add comet point V device id thunderbolt: Power cycle the router if NVM authentication fails xfrm: Fix memleak on xfrm state destroy media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE net: macb: fix error format in dev_err() pwm: Clear chip_data in pwm_put() media: atmel: atmel-isc: fix asd memory allocation media: atmel: atmel-isc: fix INIT_WORK misplacement macvlan: schedule bc_work even if error net: psample: fix skb_over_panic openvswitch: fix flow command message size sctp: Fix memory leak in sctp_sf_do_5_2_4_dupcook slip: Fix use-after-free Read in slip_open openvswitch: drop unneeded BUG_ON() in ovs_flow_cmd_build_info() openvswitch: remove another BUG_ON() selftests: bpf: test_sockmap: handle file creation failures gracefully tipc: fix link name length check sctp: cache netns in sctp_ep_common net: sched: fix `tc -s class show` no bstats on class with nolock subqueues net: macb: add missed tasklet_kill ext4: add more paranoia checking in ext4_expand_extra_isize handling watchdog: sama5d4: fix WDD value to be always set to max net: macb: Fix SUBNS increment and increase resolution net: macb driver, check for SKBTX_HW_TSTAMP mtd: rawnand: atmel: Fix spelling mistake in error message mtd: rawnand: atmel: fix possible object reference leak mtd: spi-nor: cast to u64 to avoid uint overflows drm/atmel-hlcdc: revert shift by 8 mailbox: stm32_ipcc: add spinlock to fix channels concurrent access tcp: exit if nothing to retransmit on RTO timeout HID: core: check whether Usage Page item is after Usage ID items crypto: stm32/hash - Fix hmac issue more than 256 bytes media: stm32-dcmi: fix DMA corruption when stopping streaming media: stm32-dcmi: fix check of pm_runtime_get_sync return value hwrng: stm32 - fix unbalanced pm_runtime_enable clk: stm32mp1: fix HSI divider flag clk: stm32mp1: fix mcu divider table clk: stm32mp1: add CLK_SET_RATE_NO_REPARENT to Kernel clocks clk: stm32mp1: parent clocks update mailbox: mailbox-test: fix null pointer if no mmio pinctrl: stm32: fix memory leak issue ASoC: stm32: i2s: fix dma configuration ASoC: stm32: i2s: fix 16 bit format support ASoC: stm32: i2s: fix IRQ clearing ASoC: stm32: sai: add missing put_device() dmaengine: stm32-dma: check whether length is aligned on FIFO threshold platform/x86: hp-wmi: Fix ACPI errors caused by too small buffer platform/x86: hp-wmi: Fix ACPI errors caused by passing 0 as input size net: fec: fix clock count mis-match Linux 4.19.88 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ifd3801a77cb551be72788031e7fcfc8a1d4fd197 |
||
Lionel Debieve
|
5c28bbeb58 |
hwrng: stm32 - fix unbalanced pm_runtime_enable
commit af0d4442dd6813de6e77309063beb064fa8e89ae upstream. No remove function implemented yet in the driver. Without remove function, the pm_runtime implementation complains when removing and probing again the driver. Signed-off-by: Lionel Debieve <lionel.debieve@st.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
2700cf837e |
This is the 4.19.87 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3jdysACgkQONu9yGCS aT49mhAAxl50oRh0bSk/SikbVCn7kRaoRNlCBsPtvtvbDDIpyREIzMRmIbH2OZjS ji1umUu8iMj+HXW72dWNqPo2K337UzcNRsUXWAdJH8Et+ao+xOUV1jps/Zr3D9ca 2Cw6iTn2QFhKQythMlCxb30sf+kN4cAU1XY3M8xEWXB+4nAqc/aFW7mRAP1jusRb 1DAW+xqPiwCbaag1v5OzumAOGBhpmTcX8sfEYM+3DKcPgGL1jPyYeWlXA26nih8/ LQR6r2tAb454pipV0uApJ2u7V5nNxprcrfUNDmAfap2q/eF1w5pBbZoS5sqpf1eZ 2ycZ36w0ThE7lJKvNrfjq13Su+bGtpENxHlwesNPbsvz0F4xoEkelYSCE1gJBaHX CZvq1Dhrk5DBvkCCElV8+CJxxuhMUZwzOwrz2iBLdPnpCpSgj8uNPLXMJno6D9fH PZMCcBFf4WnCUBc06fB7qG+Z7y0TeAuLsNQmK3zYQoEc1gz4Yk5aFo7NgTyajqbD YKINVP2Wj11TDBssolIA58EYcc2J38As54wuOvYtwy+k/mVkvZVhCPOtI+h3UYm4 lX2ROCHTzt+Av5qFlM8aSBcIlm1qihzSHEdnyqX2EZvUGC4C5Mc5/Eml3QJxAnVh SzUfLZGzzfntpnWn2cJZ/EA/p6hXujG5k95LEwtAnxxYBFpLTKc= =d8kA -----END PGP SIGNATURE----- Merge 4.19.87 into android-4.19 Changes in 4.19.87 mlxsw: spectrum_router: Fix determining underlay for a GRE tunnel net/mlx4_en: fix mlx4 ethtool -N insertion net/mlx4_en: Fix wrong limitation for number of TX rings net: rtnetlink: prevent underflows in do_setvfinfo() net/sched: act_pedit: fix WARN() in the traffic path net: sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key sfc: Only cancel the PPS workqueue if it exists net/mlx5e: Fix set vf link state error flow net/mlxfw: Verify FSM error code translation doesn't exceed array size net/mlx5: Fix auto group size calculation vhost/vsock: split packets to send using multiple buffers gpio: max77620: Fixup debounce delays tools: gpio: Correctly add make dependencies for gpio_utils nbd:fix memory leak in nbd_get_socket() virtio_console: allocate inbufs in add_port() only if it is needed Revert "fs: ocfs2: fix possible null-pointer dereferences in ocfs2_xa_prepare_entry()" mm/ksm.c: don't WARN if page is still mapped in remove_stable_node() drm/amd/powerplay: issue no PPSMC_MSG_GetCurrPkgPwr on unsupported ASICs drm/i915/pmu: "Frequency" is reported as accumulated cycles drm/i915/userptr: Try to acquire the page lock around set_page_dirty() mwifiex: Fix NL80211_TX_POWER_LIMITED ALSA: isight: fix leak of reference to firewire unit in error path of .probe callback crypto: testmgr - fix sizeof() on COMP_BUF_SIZE printk: lock/unlock console only for new logbuf entries printk: fix integer overflow in setup_log_buf() pinctrl: madera: Fix uninitialized variable bug in madera_mux_set_mux PCI: cadence: Write MSI data with 32bits gfs2: Fix marking bitmaps non-full pty: fix compat ioctls synclink_gt(): fix compat_ioctl() powerpc: Fix signedness bug in update_flash_db() powerpc/boot: Fix opal console in boot wrapper powerpc/boot: Disable vector instructions powerpc/eeh: Fix null deref for devices removed during EEH powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() mt76: do not store aggregation sequence number for null-data frames mt76x0: phy: fix restore phase in mt76x0_phy_recalibrate_after_assoc brcmsmac: AP mode: update beacon when TIM changes ath10k: set probe request oui during driver start ath10k: allocate small size dma memory in ath10k_pci_diag_write_mem skd: fixup usage of legacy IO API cdrom: don't attempt to fiddle with cdo->capability spi: sh-msiof: fix deferred probing mmc: mediatek: fill the actual clock for mmc debugfs mmc: mediatek: fix cannot receive new request when msdc_cmd_is_ready fail PCI: mediatek: Fix class type for MT7622 to PCI_CLASS_BRIDGE_PCI btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag btrfs: handle error of get_old_root gsmi: Fix bug in append_to_eventlog sysfs handler misc: mic: fix a DMA pool free failure w1: IAD Register is yet readable trough iad sys file. Fix snprintf (%u for unsigned, count for max size). m68k: fix command-line parsing when passed from u-boot scsi: hisi_sas: Feed back linkrate(max/min) when re-attached scsi: hisi_sas: Fix the race between IO completion and timeout for SMP/internal IO scsi: hisi_sas: Free slot later in slot_complete_vx_hw() RDMA/bnxt_re: Avoid NULL check after accessing the pointer RDMA/bnxt_re: Fix qp async event reporting RDMA/bnxt_re: Avoid resource leak in case the NQ registration fails pinctrl: sunxi: Fix a memory leak in 'sunxi_pinctrl_build_state()' pwm: lpss: Only set update bit if we are actually changing the settings amiflop: clean up on errors during setup qed: Align local and global PTT to propagate through the APIs. scsi: ips: fix missing break in switch nfp: bpf: protect against mis-initializing atomic counters KVM: nVMX: reset cache/shadows when switching loaded VMCS KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() KVM/x86: Fix invvpid and invept register operand size in 64-bit mode clk: tegra: Fixes for MBIST work around scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler scsi: isci: Change sci_controller_start_task's return type to sci_status scsi: bfa: Avoid implicit enum conversion in bfad_im_post_vendor_event scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param crypto: ccree - avoid implicit enum conversion nvmet: avoid integer overflow in the discard code nvmet-fcloop: suppress a compiler warning nvme-pci: fix hot removal during error handling PCI: mediatek: Fixup MSI enablement logic by enabling MSI before clocks clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk clk: at91: audio-pll: fix audio pmc type ASoC: tegra_sgtl5000: fix device_node refcounting scsi: dc395x: fix dma API usage in srb_done scsi: dc395x: fix DMA API usage in sg_update_list scsi: zorro_esp: Limit DMA transfers to 65535 bytes net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed net: fix warning in af_unix net: ena: Fix Kconfig dependency on X86 xfs: fix use-after-free race in xfs_buf_rele xfs: clear ail delwri queued bufs on unmount of shutdown fs kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not fault on bad stack ACPI / scan: Create platform device for INT33FE ACPI nodes PM / Domains: Deal with multiple states but no governor in genpd ALSA: i2c/cs8427: Fix int to char conversion macintosh/windfarm_smu_sat: Fix debug output PCI: vmd: Detach resources after stopping root bus USB: misc: appledisplay: fix backlight update_status return code usbip: tools: fix atoi() on non-null terminated string sctp: use sk_wmem_queued to check for writable space dm raid: avoid bitmap with raid4/5/6 journal device selftests/bpf: fix file resource leak in load_kallsyms SUNRPC: Fix a compile warning for cmpxchg64() sunrpc: safely reallow resvport min/max inversion atm: zatm: Fix empty body Clang warnings s390/perf: Return error when debug_register fails swiotlb: do not panic on mapping failures spi: omap2-mcspi: Set FIFO DMA trigger level to word length x86/intel_rdt: Prevent pseudo-locking from using stale pointers sparc: Fix parport build warnings. scsi: hisi_sas: Fix NULL pointer dereference powerpc/pseries: Export raw per-CPU VPA data via debugfs powerpc/mm/radix: Fix off-by-one in split mapping logic powerpc/mm/radix: Fix overuse of small pages in splitting logic powerpc/mm/radix: Fix small page at boundary when splitting powerpc/64s/radix: Fix radix__flush_tlb_collapsed_pmd double flushing pmd selftests/bpf: fix return value comparison for tests in test_libbpf.sh tools: bpftool: fix completion for "bpftool map update" ceph: fix dentry leak in ceph_readdir_prepopulate ceph: only allow punch hole mode in fallocate rtc: s35390a: Change buf's type to u8 in s35390a_init RISC-V: Avoid corrupting the upper 32-bit of phys_addr_t in ioremap thermal: armada: fix a test in probe() f2fs: fix to spread clear_cold_data() f2fs: spread f2fs_set_inode_flags() mISDN: Fix type of switch control variable in ctrl_teimanager qlcnic: fix a return in qlcnic_dcb_get_capability() net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode mfd: arizona: Correct calling of runtime_put_sync mfd: mc13xxx-core: Fix PMIC shutdown when reading ADC values mfd: intel_soc_pmic_bxtwc: Chain power button IRQs as well mfd: max8997: Enale irq-wakeup unconditionally net: socionext: Stop PHY before resetting netsec fs/cifs: fix uninitialised variable warnings spi: uniphier: fix incorrect property items selftests/ftrace: Fix to test kprobe $comm arg only if available selftests: watchdog: fix message when /dev/watchdog open fails selftests: watchdog: Fix error message. selftests: kvm: Fix -Wformat warnings selftests: fix warning: "_GNU_SOURCE" redefined thermal: rcar_thermal: fix duplicate IRQ request thermal: rcar_thermal: Prevent hardware access during system suspend net: ethernet: cadence: fix socket buffer corruption problem bpf: devmap: fix wrong interface selection in notifier_call bpf, btf: fix a missing check bug in btf_parse powerpc/process: Fix flush_all_to_thread for SPE sparc64: Rework xchg() definition to avoid warnings. arm64: lib: use C string functions with KASAN enabled fs/ocfs2/dlm/dlmdebug.c: fix a sleep-in-atomic-context bug in dlm_print_one_mle() mm/page-writeback.c: fix range_cyclic writeback vs writepages deadlock tools/testing/selftests/vm/gup_benchmark.c: fix 'write' flag usage mm: thp: fix MADV_DONTNEED vs migrate_misplaced_transhuge_page race condition macsec: update operstate when lower device changes macsec: let the administrator set UP state even if lowerdev is down block: fix the DISCARD request merge i2c: uniphier-f: make driver robust against concurrency i2c: uniphier-f: fix occasional timeout error i2c: uniphier-f: fix race condition when IRQ is cleared um: Make line/tty semantics use true write IRQ vfs: avoid problematic remapping requests into partial EOF block ipv4/igmp: fix v1/v2 switchback timeout based on rfc3376, 8.12 powerpc/xmon: Relax frame size for clang selftests/powerpc/ptrace: Fix out-of-tree build selftests/powerpc/signal: Fix out-of-tree build selftests/powerpc/switch_endian: Fix out-of-tree build selftests/powerpc/cache_shape: Fix out-of-tree build block: call rq_qos_exit() after queue is frozen mm/gup_benchmark.c: prevent integer overflow in ioctl linux/bitmap.h: handle constant zero-size bitmaps correctly linux/bitmap.h: fix type of nbits in bitmap_shift_right() lib/bitmap.c: fix remaining space computation in bitmap_print_to_pagebuf hfsplus: fix BUG on bnode parent update hfs: fix BUG on bnode parent update hfsplus: prevent btree data loss on ENOSPC hfs: prevent btree data loss on ENOSPC hfsplus: fix return value of hfsplus_get_block() hfs: fix return value of hfs_get_block() hfsplus: update timestamps on truncate() hfs: update timestamp on truncate() fs/hfs/extent.c: fix array out of bounds read of array extent kernel/panic.c: do not append newline to the stack protector panic string mm/memory_hotplug: make add_memory() take the device_hotplug_lock mm/memory_hotplug: fix online/offline_pages called w.o. mem_hotplug_lock powerpc/powernv: hold device_hotplug_lock when calling device_online() igb: shorten maximum PHC timecounter update interval fm10k: ensure completer aborts are marked as non-fatal after a resume net: hns3: bugfix for buffer not free problem during resetting net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem net: hns3: bugfix for is_valid_csq_clean_head() net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read ntb_netdev: fix sleep time mismatch ntb: intel: fix return value for ndev_vec_mask() irq/matrix: Fix memory overallocation nvme-pci: fix conflicting p2p resource adds arm64: makefile fix build of .i file in external module case tools/power turbosat: fix AMD APIC-id output mm: handle no memcg case in memcg_kmem_charge() properly ocfs2: without quota support, avoid calling quota recovery ocfs2: don't use iocb when EIOCBQUEUED returns ocfs2: don't put and assigning null to bh allocated outside ocfs2: fix clusters leak in ocfs2_defrag_extent() net: do not abort bulk send on BQL status sched/topology: Fix off by one bug sched/fair: Don't increase sd->balance_interval on newidle balance openvswitch: fix linking without CONFIG_NF_CONNTRACK_LABELS ARM: dts: imx6sx-sdb: Fix enet phy regulator clk: sunxi-ng: enable so-said LDOs for A64 SoC's pll-mipi clock soc: bcm: brcmstb: Fix re-entry point with a THUMB2_KERNEL audit: print empty EXECVE args sock_diag: fix autoloading of the raw_diag module net: bpfilter: fix iptables failure if bpfilter_umh is disabled nds32: Fix bug in bitfield.h media: ov13858: Check for possible null pointer btrfs: avoid link error with CONFIG_NO_AUTO_INLINE wil6210: fix debugfs memory access alignment wil6210: fix L2 RX status handling wil6210: fix RGF_CAF_ICR address for Talyn-MB wil6210: fix locking in wmi_call ath10k: snoc: fix unbalanced clock error handling wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' rtl8xxxu: Fix missing break in switch brcmsmac: never log "tid x is not agg'able" by default wireless: airo: potential buffer overflow in sprintf() rtlwifi: rtl8192de: Fix misleading REG_MCUFWDL information net: dsa: bcm_sf2: Turn on PHY to allow successful registration scsi: mpt3sas: Fix Sync cache command failure during driver unload scsi: mpt3sas: Don't modify EEDPTagMode field setting on SAS3.5 HBA devices scsi: mpt3sas: Fix driver modifying persistent data in Manufacturing page11 scsi: megaraid_sas: Fix msleep granularity scsi: megaraid_sas: Fix goto labels in error handling scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point scsi: lpfc: Correct loss of fc4 type on remote port address change usb: typec: tcpm: charge current handling for sink during hard reset dlm: fix invalid free dlm: don't leak kernel pointer to userspace vrf: mark skb for multicast or link-local as enslaved to VRF clk: tegra20: Turn EMC clock gate into divider ACPICA: Use %d for signed int print formatting instead of %u net: bcmgenet: return correct value 'ret' from bcmgenet_power_down of: unittest: allow base devicetree to have symbol metadata of: unittest: initialize args before calling of_*parse_*() tools: bpftool: pass an argument to silence open_obj_pinned() cfg80211: Prevent regulatory restore during STA disconnect in concurrent interfaces pinctrl: qcom: spmi-gpio: fix gpio-hog related boot issues pinctrl: bcm2835: Use define directive for BCM2835_PINCONF_PARAM_PULL pinctrl: lpc18xx: Use define directive for PIN_CONFIG_GPIO_PIN_INT pinctrl: zynq: Use define directive for PIN_CONFIG_IO_STANDARD PCI: keystone: Use quirk to limit MRRS for K2G nvme-pci: fix surprise removal spi: omap2-mcspi: Fix DMA and FIFO event trigger size mismatch i2c: uniphier-f: fix timeout error after reading 8 bytes mm/memory_hotplug: Do not unlock when fails to take the device_hotplug_lock ipv6: Fix handling of LLA with VRF and sockets bound to VRF cfg80211: call disconnect_wk when AP stops mm/page_io.c: do not free shared swap slots Bluetooth: Fix invalid-free in bcsp_close() KVM: MMU: Do not treat ZONE_DEVICE pages as being reserved ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe ath9k_hw: fix uninitialized variable data md/raid10: prevent access of uninitialized resync_pages offset mm/memory_hotplug: don't access uninitialized memmaps in shrink_zone_span() net: phy: dp83867: fix speed 10 in sgmii mode net: phy: dp83867: increase SGMII autoneg timer duration ocfs2: remove ocfs2_is_o2cb_active() ARM: 8904/1: skip nomap memblocks while finding the lowmem/highmem boundary ARC: perf: Accommodate big-endian CPU x86/insn: Fix awk regexp warnings x86/speculation: Fix incorrect MDS/TAA mitigation status x86/speculation: Fix redundant MDS mitigation message nbd: prevent memory leak y2038: futex: Move compat implementation into futex.c futex: Prevent robust futex exit race ALSA: usb-audio: Fix NULL dereference at parsing BADD nfc: port100: handle command failure cleanly media: vivid: Set vid_cap_streaming and vid_out_streaming to true media: vivid: Fix wrong locking that causes race conditions on streaming stop media: usbvision: Fix races among open, close, and disconnect cpufreq: Add NULL checks to show() and store() methods of cpufreq media: uvcvideo: Fix error path in control parsing failure media: b2c2-flexcop-usb: add sanity checking media: cxusb: detect cxusb_ctrl_msg error in query media: imon: invalid dereference in imon_touch_event virtio_ring: fix return code on DMA mapping fails USBIP: add config dependency for SGL_ALLOC usbip: tools: fix fd leakage in the function of read_attr_usbip_status usbip: Fix uninitialized symbol 'nents' in stub_recv_cmd_submit() usb-serial: cp201x: support Mark-10 digital force gauge USB: chaoskey: fix error case of a timeout appledisplay: fix error handling in the scheduled work USB: serial: mos7840: add USB ID to support Moxa UPort 2210 USB: serial: mos7720: fix remote wakeup USB: serial: mos7840: fix remote wakeup USB: serial: option: add support for DW5821e with eSIM support USB: serial: option: add support for Foxconn T77W968 LTE modules staging: comedi: usbduxfast: usbduxfast_ai_cmdtest rounding error powerpc/64s: support nospectre_v2 cmdline option powerpc/book3s64: Fix link stack flush on context switch KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel PM / devfreq: Fix kernel oops on governor module load Linux 4.19.87 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Id8c8d4cd92227f8f46c48c05440e09da957fa687 |
||
Laurent Vivier
|
67380639df |
virtio_console: allocate inbufs in add_port() only if it is needed
commit d791cfcbf98191122af70b053a21075cb450d119 upstream. When we hot unplug a virtserialport and then try to hot plug again, it fails: (qemu) chardev-add socket,id=serial0,path=/tmp/serial0,server,nowait (qemu) device_add virtserialport,bus=virtio-serial0.0,nr=2,\ chardev=serial0,id=serial0,name=serial0 (qemu) device_del serial0 (qemu) device_add virtserialport,bus=virtio-serial0.0,nr=2,\ chardev=serial0,id=serial0,name=serial0 kernel error: virtio-ports vport2p2: Error allocating inbufs qemu error: virtio-serial-bus: Guest failure in adding port 2 for device \ virtio-serial0.0 This happens because buffers for the in_vq are allocated when the port is added but are not released when the port is unplugged. They are only released when virtconsole is removed (see |
||
Greg Kroah-Hartman
|
44b82a3d1b |
This is the 4.19.85 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl3VfEoACgkQONu9yGCS aT7vHRAAv3fZQ5+Rn0zn0cgYsgG5OGbtHL01aJB99g2Dgf/VmB3OrB2rx+ZF7WVw Uakab5XZp6rLSxG4LNQy7jjIuxADdDab5xWTlhqpEHVydsFC9IOktT91DW2luf8Y Xyr8q7sQIS7eV67NkUnUSqri1IdsRNB5qeWmhC0l6+PSuQrk+WF0y5B4TtrjF5Er GjYTq9RTJh7/luFKUSmxN8+TIwo4uY15b3oqX75LMPObzbH+c5iqp5QiHJh/BQ7/ awf7kxlMay0V/hPRmGomHxX70TgHTF2er0b+HyJwf1OX0zgKycsztWZT+p7qN+DT yjPWwYJ3kGs/7GwZL7HNhk8p/3aDf9HFHFvbVSty63wgZ8dfo4EuXZ9YfWa+lfI8 Kn4wKeynUvrvNLH9iYug/XuEPjXysQeSlBaL4pZTPTWtipu1MP0OpR05l8UzO2cO lqWgf0Y7wsunZBeyCLkWd9TCO7gd1s7csdkJAy37rG7mCjN3p83NeMznLlj+H4I8 MHlcAWdlxlWWitKohi0kr/VYiHmhBVsOZu4rQmuCBWuo++HrWwn7XaGBzYsP8Eku 7ZNaS5oJFAjBzKnQxp8i3mgE8ifODuokgPISImyyRWidedfoHcv6Kr+pdEoQ+gjk nL5xwqKAMsh/vMyxVmetzytULHtvBqJelquzQcfnanyEvBoS46Q= =EUxi -----END PGP SIGNATURE----- Merge 4.19.85 into android-4.19 Changes in 4.19.85 KVM: x86: introduce is_pae_paging MIPS: BCM63XX: fix switch core reset on BCM6368 scsi: core: Handle drivers which set sg_tablesize to zero ax88172a: fix information leak on short answers ipmr: Fix skb headroom in ipmr_get_route(). net: gemini: add missed free_netdev net: usb: qmi_wwan: add support for Foxconn T77W968 LTE modules slip: Fix memory leak in slip_open error path ALSA: usb-audio: Fix missing error check at mixer resolution test ALSA: usb-audio: not submit urb for stopped endpoint ALSA: usb-audio: Fix incorrect NULL check in create_yamaha_midi_quirk() ALSA: usb-audio: Fix incorrect size check for processing/extension units Btrfs: fix log context list corruption after rename exchange operation Input: ff-memless - kill timer in destroy() Input: synaptics-rmi4 - fix video buffer size Input: synaptics-rmi4 - disable the relative position IRQ in the F12 driver Input: synaptics-rmi4 - do not consume more data than we have (F11, F12) Input: synaptics-rmi4 - clear IRQ enables for F54 Input: synaptics-rmi4 - destroy F54 poller workqueue when removing IB/hfi1: Ensure full Gen3 speed in a Gen4 system IB/hfi1: Use a common pad buffer for 9B and 16B packets i2c: acpi: Force bus speed to 400KHz if a Silead touchscreen is present ecryptfs_lookup_interpose(): lower_dentry->d_inode is not stable ecryptfs_lookup_interpose(): lower_dentry->d_parent is not stable either net: ethernet: dwmac-sun8i: Use the correct function in exit path iommu/vt-d: Fix QI_DEV_IOTLB_PFSID and QI_DEV_EIOTLB_PFSID macros mm: mempolicy: fix the wrong return value and potential pages leak of mbind mm: memcg: switch to css_tryget() in get_mem_cgroup_from_mm() mm: hugetlb: switch to css_tryget() in hugetlb_cgroup_charge_cgroup() mmc: sdhci-of-at91: fix quirk2 overwrite iio: adc: max9611: explicitly cast gain_selectors tee: optee: take DT status property into account ath10k: fix kernel panic by moving pci flush after napi_disable iio: dac: mcp4922: fix error handling in mcp4922_write_raw clk: sunxi-ng: h6: fix PWM gate/reset offset soundwire: Initialize completion for defer messages soundwire: intel: Fix uninitialized adev deref arm64: dts: allwinner: a64: Orange Pi Win: Fix SD card node arm64: dts: allwinner: a64: Olinuxino: fix DRAM voltage arm64: dts: allwinner: a64: NanoPi-A64: Fix DCDC1 voltage ALSA: pcm: signedness bug in snd_pcm_plug_alloc() soc/tegra: pmc: Fix pad voltage configuration for Tegra186 arm64: dts: tegra210-p2180: Correct sdmmc4 vqmmc-supply y2038: make do_gettimeofday() and get_seconds() inline ARM: dts: rcar: Correct SATA device sizes to 2 MiB ARM: dts: at91/trivial: Fix USART1 definition for at91sam9g45 rtc: sysfs: fix NULL check in rtc_add_groups() rtc: rv8803: fix the rv8803 id in the OF table remoteproc/davinci: Use %zx for formating size_t extcon: cht-wc: Return from default case to avoid warnings cfg80211: Avoid regulatory restore when COUNTRY_IE_IGNORE is set ALSA: seq: Do error checks at creating system ports ath10k: skip resetting rx filter for WCN3990 ath9k: fix tx99 with monitor mode interface wil6210: drop Rx multicast packets that are looped-back to STA wil6210: set edma variables only for Talyn-MB devices wil6210: prevent usage of tx ring 0 for eDMA wil6210: fix invalid memory access for rx_buff_mgmt debugfs ath10k: limit available channels via DT ieee80211-freq-limit ice: Update request resource command to latest specification ice: Prevent control queue operations during reset gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated ice: Fix and update driver version string ASoC: dapm: Don't fail creating new DAPM control on NULL pinctrl ASoC: dpcm: Properly initialise hw->rate_max ASoC: meson: axg-fifo: report interrupt request failure ASoC: AMD: Change MCLK to 48Mhz pinctrl: ingenic: Probe driver at subsys_initcall MIPS: BCM47XX: Enable USB power on Netgear WNDR3400v3 ARM: dts: exynos: Use i2c-gpio for HDMI-DDC on Arndale ARM: dts: exynos: Fix HDMI-HPD line handling on Arndale ARM: dts: exynos: Fix sound in Snow-rev5 Chromebook liquidio: fix race condition in instruction completion processing arm64: dts: stratix10: i2c clock running out of spec ARM: dts: exynos: Fix regulators configuration on Peach Pi/Pit Chromebooks i40evf: Validate the number of queues a PF sends i40e: use correct length for strncpy i40evf: set IFF_UNICAST_FLT flag for the VF i40e: Check and correct speed values for link on open i40evf: Don't enable vlan stripping when rx offload is turned on i40e: hold the rtnl lock on clearing interrupt scheme i40evf: cancel workqueue sync for adminq when a VF is removed i40e: Prevent deleting MAC address from VF when set by PF IB/rxe: avoid back-to-back retries IB/rxe: fixes for rdma read retry iwlwifi: drop packets with bad status in CD iwlwifi: don't WARN on trying to dump dead firmware iwlwifi: mvm: avoid sending too many BARs media: vicodec: fix out-of-range values when decoding media: i2c: Fix pm_runtime_get_if_in_use() usage in sensor drivers media: ov772x: Disable clk on error path ARM: dts: pxa: fix the rtc controller ARM: dts: pxa: fix power i2c base address rtl8187: Fix warning generated when strncpy() destination length matches the sixe argument mwifiex: do no submit URB in suspended state mwifex: free rx_cmd skb in suspended state brcmfmac: fix wrong strnchr usage mt76: Fix comparisons with invalid hardware key index soc: imx: gpc: fix PDN delay ASoC: rsnd: ssi: Fix issue in dma data address assignment net: hns3: Fix for multicast failure net: hns3: Fix error of checking used vlan id net: hns3: Fix for loopback selftest failed problem net: hns3: Change the dst mac addr of loopback packet net/mlx5: Fix atomic_mode enum values net: phy: mscc: read 'vsc8531,vddmac' as an u32 net: phy: mscc: read 'vsc8531, edge-slowdown' as an u32 ARM: dts: meson8: fix the clock controller register size ARM: dts: meson8b: fix the clock controller register size mtd: rawnand: marvell: use regmap_update_bits() for syscon access mtd: rawnand: fsl_ifc: check result of SRAM initialization mtd: rawnand: fsl_ifc: fixup SRAM init for newer ctrl versions mtd: rawnand: qcom: don't include dma-direct.h IB/mlx5: Change TX affinity assignment in RoCE LAG mode qxl: fix null-pointer crash during suspend mac80211: fix saving a few HE values cfg80211: validate wmm rule when setting f2fs: avoid wrong decrypted data from disk net: lan78xx: Bail out if lan78xx_get_endpoints fails rtnetlink: move type calculation out of loop ASoC: sgtl5000: avoid division by zero if lo_vag is zero ath10k: avoid possible memory access violation ARM: dts: exynos: Disable pull control for S5M8767 PMIC ath10k: wmi: disable softirq's while calling ieee80211_rx i2c: mediatek: Use DMA safe buffers for i2c transactions IB/mlx5: Don't hold spin lock while checking device state IB/ipoib: Ensure that MTU isn't less than minimum permitted RDMA/core: Rate limit MAD error messages RDMA/core: Follow correct unregister order between sysfs and cgroup mips: txx9: fix iounmap related issue udf: Fix crash during mount ASoC: dapm: Avoid uninitialised variable warning ASoC: Intel: hdac_hdmi: Limit sampling rates at dai creation ata: Disable AHCI ALPM feature for Ampere Computing eMAG SATA of: make PowerMac cache node search conditional on CONFIG_PPC_PMAC ARM: dts: omap3-gta04: give spi_lcd node a label so that we can overwrite in other DTS files ARM: dts: omap3-gta04: fixes for tvout / venc ARM: dts: omap3-gta04: tvout: enable as display1 alias ARM: dts: omap3-gta04: fix touchscreen tsc2007 ARM: dts: omap3-gta04: make NAND partitions compatible with recent U-Boot ARM: dts: omap3-gta04: keep vpll2 always on f2fs: submit bio after shutdown failover: Fix error return code in net_failover_create sched/debug: Explicitly cast sched_feat() to bool sched/debug: Use symbolic names for task state constants firmware: arm_scmi: use strlcpy to ensure NULL-terminated strings arm64: dts: rockchip: Fix VCC5V0_HOST_EN on rk3399-sapphire ARM: dts: exynos: Disable pull control for PMIC IRQ line on Artik5 board usb: mtu3: disable vbus rise/fall interrupts of ltssm dmaengine: dma-jz4780: Don't depend on MACH_JZ4780 dmaengine: dma-jz4780: Further residue status fix EDAC, sb_edac: Return early on ADDRV bit and address type test rtc: mt6397: fix possible race condition rtc: pl030: fix possible race condition ath9k: add back support for using active monitor interfaces for tx99 dmaengine: at_xdmac: remove a stray bottom half unlock RDMA/hns: Fix an error code in hns_roce_v2_init_eq_table() IB/hfi1: Missing return value in error path for user sdma signal: Always ignore SIGKILL and SIGSTOP sent to the global init signal: Properly deliver SIGILL from uprobes signal: Properly deliver SIGSEGV from x86 uprobes f2fs: fix memory leak of write_io in fill_super() f2fs: fix memory leak of percpu counter in fill_super() f2fs: fix setattr project check upon fssetxattr ioctl scsi: qla2xxx: Use correct qpair for ABTS/CMD scsi: qla2xxx: Fix iIDMA error scsi: qla2xxx: Defer chip reset until target mode is enabled scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 scsi: qla2xxx: Fix deadlock between ATIO and HW lock scsi: qla2xxx: Increase abort timeout value scsi: qla2xxx: Check for Register disconnect scsi: qla2xxx: Fix port speed display on chip reset scsi: qla2xxx: Fix dropped srb resource. scsi: qla2xxx: Fix duplicate switch's Nport ID entries scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 scsi: lpfc: Fix errors in log messages. scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() ARM: imx6: register pm_power_off handler if "fsl,pmic-stby-poweroff" is set scsi: pm80xx: Corrected dma_unmap_sg() parameter scsi: pm80xx: Fixed system hang issue during kexec boot kprobes: Don't call BUG_ON() if there is a kprobe in use on free list net: aquantia: fix hw_atl_utils_fw_upload_dwords Drivers: hv: vmbus: Fix synic per-cpu context initialization nvmem: core: return error code instead of NULL from nvmem_device_get media: dt-bindings: adv748x: Fix decimal unit addresses ALSA: hda: Fix implicit definition of pci_iomap() on SH media: fix: media: pci: meye: validate offset to avoid arbitrary access media: dvb: fix compat ioctl translation net: bcmgenet: Fix speed selection for reverse MII arm64: dts: meson: libretech: update board model arm64: dts: meson-axg: use the proper compatible for ethmac ALSA: intel8x0m: Register irq handler after register initializations arm64: dts: renesas: salvator-common: adv748x: Override secondary addresses arm64: dts: renesas: r8a77965: Attach the SYS-DMAC to the IPMMU arm64: dts: renesas: r8a77965: Fix HS-USB compatible arm64: dts: renesas: r8a77965: Fix clock/reset for usb2_phy1 pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() llc: avoid blocking in llc_sap_close() ARM: dts: qcom: ipq4019: fix cpu0's qcom,saw2 reg value soc: qcom: geni: Don't ignore clk_round_rate() errors in geni_se_clk_tbl_get() soc: qcom: geni: geni_se_clk_freq_match() should always accept multiples soc: qcom: wcnss_ctrl: Avoid string overflow soc: qcom: apr: Avoid string overflow drivers: qcom: rpmh-rsc: clear wait_for_compl after use arm64: dts: broadcom: Fix I2C and SPI bus warnings ARM: dts: bcm: Fix SPI bus warnings ARM: dts: aspeed: Fix I2C bus warnings powerpc/vdso: Correct call frame information ARM: dts: socfpga: Fix I2C bus unit-address error ARM: dts: sunxi: Fix I2C bus warnings pinctrl: at91: don't use the same irqchip with multiple gpiochips ARM: dts: sun9i: Fix I2C bus warnings android: binder: no outgoing transaction when thread todo has transaction cxgb4: Fix endianness issue in t4_fwcache() arm64: fix for bad_mode() handler to always result in panic block, bfq: inject other-queue I/O into seeky idle queues on NCQ flash blok, bfq: do not plug I/O if all queues are weight-raised arm64: dts: meson: Fix erroneous SPI bus warnings power: supply: ab8500_fg: silence uninitialized variable warnings power: reset: at91-poweroff: do not procede if at91_shdwc is allocated power: supply: max8998-charger: Fix platform data retrieval component: fix loop condition to call unbind() if bind() fails kernfs: Fix range checks in kernfs_get_target_path ip_gre: fix parsing gre header in ipgre_err scsi: ufshcd: Fix NULL pointer dereference for in ufshcd_init ARM: dts: rockchip: Fix erroneous SPI bus dtc warnings on rk3036 arm64: dts: rockchip: Fix I2C bus unit-address error on rk3399-puma-haikou ACPI / LPSS: Exclude I2C busses shared with PUNIT from pmc_atom_d3_mask netfilter: nf_tables: avoid BUG_ON usage ath9k: Fix a locking bug in ath9k_add_interface() s390/qeth: uninstall IRQ handler on device removal s390/qeth: invoke softirqs after napi_schedule() media: vsp1: Fix vsp1_regs.h license header media: vsp1: Fix YCbCr planar formats pitch calculation media: ov2680: don't register the v4l2 subdevice before checking chip ID PCI/ACPI: Correct error message for ASPM disabling net: socionext: Fix two sleep-in-atomic-context bugs in ave_rxfifo_reset() PCI: mediatek: Fix unchecked return value ARM: dts: xilinx: Fix I2C and SPI bus warnings serial: uartps: Fix suspend functionality serial: samsung: Enable baud clock for UART reset procedure in resume serial: mxs-auart: Fix potential infinite loop tty: serial: qcom_geni_serial: Fix serial when not used as console arm64: dts: ti: k3-am65: Change #address-cells and #size-cells of interconnect to 2 samples/bpf: fix a compilation failure spi/bcm63xx-hsspi: keep pll clk enabled spi: mediatek: Don't modify spi_transfer when transfer. ASoC: rt5682: Fix the boost volume at the begining of playback ipmi_si_pci: fix NULL device in ipmi_si error message ipmi_si: fix potential integer overflow on large shift ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address ipmi: fix return value of ipmi_set_my_LUN net: hns3: fix return type of ndo_start_xmit function net: cavium: fix return type of ndo_start_xmit function net: ibm: fix return type of ndo_start_xmit function powerpc/iommu: Avoid derefence before pointer check selftests/powerpc: Do not fail with reschedule powerpc/64s/hash: Fix stab_rr off by one initialization powerpc/pseries/memory-hotplug: Only update DT once per memory DLPAR request powerpc/pseries: Disable CPU hotplug across migrations powerpc: Fix duplicate const clang warning in user access code RDMA/i40iw: Fix incorrect iterator type ARM: dts: atmel: Fix I2C and SPI bus warnings OPP: Protect dev_list with opp_table lock of/unittest: Fix I2C bus unit-address error libfdt: Ensure INT_MAX is defined in libfdt_env.h power: supply: twl4030_charger: fix charging current out-of-bounds power: supply: twl4030_charger: disable eoc interrupt on linear charge net: mvpp2: fix the number of queues per cpu for PPv2.2 net: marvell: fix return type of ndo_start_xmit function net: toshiba: fix return type of ndo_start_xmit function net: xilinx: fix return type of ndo_start_xmit function net: broadcom: fix return type of ndo_start_xmit function net: amd: fix return type of ndo_start_xmit function net: sun: fix return type of ndo_start_xmit function net: hns3: Fix for setting speed for phy failed problem net: hns3: Fix cmdq registers initialization issue for vf net: hns3: Clear client pointer when initialize client failed or unintialize finished net: hns3: Fix client initialize state issue when roce client initialize failed net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() nfp: provide a better warning when ring allocation fails usb: chipidea: imx: enable OTG overcurrent in case USB subsystem is already started usb: chipidea: Fix otg event handler usb: usbtmc: Fix ioctl USBTMC_IOCTL_ABORT_BULK_OUT s390/zcrypt: enable AP bus scan without a valid default domain s390/vdso: avoid 64-bit vdso mapping for compat tasks s390/vdso: correct CFI annotations of vDSO functions brcmfmac: increase buffer for obtaining firmware capabilities brcmsmac: Use kvmalloc() for ucode allocations mlxsw: spectrum: Init shaper for TCs 8..15 PCI: portdrv: Initialize service drivers directly ARM: dts: am335x-evm: fix number of cpsw ARM: dts: ti: Fix SPI and I2C bus warnings f2fs: avoid infinite loop in f2fs_alloc_nid f2fs: fix to recover inode's uid/gid during POR ARM: dts: ux500: Correct SCU unit address ARM: dts: ux500: Fix LCDA clock line muxing ARM: dts: ste: Fix SPI controller node names spi: pic32: Use proper enum in dmaengine_prep_slave_rg crypto: chacha20 - Fix chacha20_block() keystream alignment (again) cpufeature: avoid warning when compiling with clang crypto: arm/crc32 - avoid warning when compiling with Clang ARM: dts: marvell: Fix SPI and I2C bus warnings x86/mce-inject: Reset injection struct after injection ARM: dts: stm32: enable display on stm32mp157c-ev1 board ARM: dts: clearfog: fix sdhci supply property name ARM: dts: stm32: Fix SPI controller node names bnx2x: Ignore bandwidth attention in single function mode PCI/AER: Take reference on error devices PCI/AER: Don't read upstream ports below fatal errors PCI/ERR: Use slot reset if available samples/bpf: fix compilation failure net: phy: mdio-bcm-unimac: Allow configuring MDIO clock divider net: micrel: fix return type of ndo_start_xmit function net: freescale: fix return type of ndo_start_xmit function x86/CPU: Use correct macros for Cyrix calls x86/CPU: Change query logic so CPUID is enabled before testing EDAC: Correct DIMM capacity unit symbol MIPS: kexec: Relax memory restriction arm64: dts: rockchip: Fix microSD in rk3399 sapphire board mlxsw: Make MLXSW_SP1_FWREV_MINOR a hard requirement media: imx: work around false-positive warning, again media: pci: ivtv: Fix a sleep-in-atomic-context bug in ivtv_yuv_init() media: au0828: Fix incorrect error messages media: davinci: Fix implicit enum conversion warning ARM: dts: rockchip: explicitly set vcc_sd0 pin to gpio on rk3188-radxarock usb: gadget: uvc: configfs: Drop leaked references to config items usb: gadget: uvc: configfs: Prevent format changes after linking header usb: gadget: uvc: configfs: Sort frame intervals upon writing ARM: dts: exynos: Correct audio subsystem parent clock on Peach Chromebooks i2c: aspeed: fix invalid clock parameters for very large divisors gpiolib: Fix gpio_direction_* for single direction GPIOs ARM: at91: pm: call put_device instead of of_node_put in at91_pm_config_ws phy: brcm-sata: allow PHY_BRCM_SATA driver to be built for DSL SoCs phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs phy: phy-twl4030-usb: fix denied runtime access ARM: dts: imx6ull: update vdd_soc voltage for 900MHz operating point usb: gadget: uvc: Factor out video USB request queueing usb: gadget: uvc: Only halt video streaming endpoint in bulk mode coresight: Use ERR_CAST instead of ERR_PTR coresight: Fix handling of sinks coresight: perf: Fix per cpu path management coresight: perf: Disable trace path upon source error coresight: tmc-etr: Handle driver mode specific ETR buffers coresight: etm4x: Configure EL2 exception level when kernel is running in HYP coresight: tmc: Fix byte-address alignment for RRP coresight: dynamic-replicator: Handle multiple connections slimbus: ngd: register ngd driver only once. slimbus: ngd: return proper error code instead of zero silmbus: ngd: register controller after power up. misc: kgdbts: Fix restrict error misc: genwqe: should return proper error value. vmbus: keep pointer to ring buffer page vfio/pci: Fix potential memory leak in vfio_msi_cap_len vfio/pci: Mask buggy SR-IOV VF INTx support iw_cxgb4: Use proper enumerated type in c4iw_bar2_addrs scsi: libsas: always unregister the old device if going to discover new f2fs: fix remount problem of option io_bits phy: lantiq: Fix compile warning arm64: dts: fsl: Fix I2C and SPI bus warnings ARM: dts: imx51-zii-rdu1: Fix the rtc compatible string arm64: tegra: I2C on Tegra194 is not compatible with Tegra114 ARM: dts: tegra30: fix xcvr-setup-use-fuses ARM: dts: tegra20: restore address order ARM: tegra: apalis_t30: fix mmc1 cmd pull-up ARM: tegra: apalis_t30: fix mcp2515 can controller interrupt polarity ARM: tegra: colibri_t30: fix mcp2515 can controller interrupt polarity ARM: dts: paz00: fix wakeup gpio keycode net: smsc: fix return type of ndo_start_xmit function net: faraday: fix return type of ndo_start_xmit function PCI/ERR: Run error recovery callbacks for all affected devices f2fs: update i_size after DIO completion f2fs: fix to recover inode's project id during POR f2fs: mark inode dirty explicitly in recover_inode() RDMA: Fix dependencies for rdma_user_mmap_io EDAC: Raise the maximum number of memory controllers ARM: dts: realview: Fix SPI controller node names firmware: dell_rbu: Make payload memory uncachable Bluetooth: hci_serdev: clear HCI_UART_PROTO_READY to avoid closing proto races Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS Bluetooth: btrsi: fix bt tx timeout issue x86/hyperv: Suppress "PCI: Fatal: No config space access function found" crypto: s5p-sss: Fix race in error handling crypto: s5p-sss: Fix Fix argument list alignment crypto: fix a memory leak in rsa-kcs1pad's encryption mode iwlwifi: dbg: don't crash if the firmware crashes in the middle of a debug dump iwlwifi: fix non_shared_ant for 22000 devices iwlwifi: pcie: read correct prph address for newer devices iwlwifi: api: annotate compressed BA notif array sizes iwlwifi: pcie: gen2: build A-MSDU only for GSO iwlwifi: pcie: fit reclaim msg to MAX_MSG_LEN iwlwifi: mvm: use correct FIFO length iwlwifi: mvm: Allow TKIP for AP mode scsi: NCR5380: Clear all unissued commands on host reset scsi: NCR5380: Have NCR5380_select() return a bool scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data scsi: NCR5380: Check for invalid reselection target scsi: NCR5380: Don't clear busy flag when abort fails scsi: NCR5380: Don't call dsprintk() following reselection interrupt scsi: NCR5380: Handle BUS FREE during reselection scsi: NCR5380: Check for bus reset arm64: dts: amd: Fix SPI bus warnings arm64: dts: lg: Fix SPI controller node names ARM: dts: lpc32xx: Fix SPI controller node names rtc: isl1208: avoid possible sysfs race rtc: tx4939: fixup nvmem name and register size rtc: armada38x: fix possible race condition netfilter: masquerade: don't flush all conntracks if only one address deleted on device usb: xhci-mtk: fix ISOC error when interval is zero usb: usbtmc: uninitialized symbol 'actual' in usbtmc_ioctl_clear fuse: use READ_ONCE on congestion_threshold and max_background IB/iser: Fix possible NULL deref at iser_inv_desc() media: ov2680: fix null dereference at power on s390/vdso: correct vdso mapping for compat tasks net: phy: mdio-bcm-unimac: mark PM functions as __maybe_unused memfd: Use radix_tree_deref_slot_protected to avoid the warning. slcan: Fix memory leak in error path Linux 4.19.85 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I0857e66ee2cdd412cd736548a1395bf764a8ab0a |
||
Eric Biggers
|
ad28c2ba43 |
crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
[ Upstream commit a5e9f557098e54af44ade5d501379be18435bfbf ]
In commit
|
||
YueHaibing
|
dd4b87a945 |
ipmi: fix return value of ipmi_set_my_LUN
[ Upstream commit 060e8fb53fe3455568982d10ab8c3dd605565049 ]
Fixes gcc '-Wunused-but-set-variable' warning:
drivers/char/ipmi/ipmi_msghandler.c: In function 'ipmi_set_my_LUN':
drivers/char/ipmi/ipmi_msghandler.c:1335:13: warning:
variable 'rv' set but not used [-Wunused-but-set-variable]
int index, rv = 0;
'rv' should be the correct return value.
Fixes:
|
||
Corey Minyard
|
ea944c7136 |
ipmi:dmi: Ignore IPMI SMBIOS entries with a zero base address
[ Upstream commit 1574608f5f4204440d6d9f52b971aba967664764 ] Looking at logs from systems all over the place, it looks like tons of broken systems exist that set the base address to zero. I can only guess that is some sort of non-standard idea to mark the interface as not being present. It can't be zero, anyway, so just complain and ignore it. Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Colin Ian King
|
438bf726de |
ipmi_si: fix potential integer overflow on large shift
[ Upstream commit 97a103e6b584442cd848887ed8d47be2410b7e09 ] Shifting unsigned char b by an int type can lead to sign-extension overflow. For example, if b is 0xff and the shift is 24, then top bit is sign-extended so the final value passed to writeq has all the upper 32 bits set. Fix this by casting b to a 64 bit unsigned before the shift. Detected by CoverityScan, CID#1465246 ("Unintended sign extension") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Meelis Roos
|
78538bae1d |
ipmi_si_pci: fix NULL device in ipmi_si error message
[ Upstream commit 01508d9ebf4fc863f2fc4561c390bf4b7c3301a6 ] I noticed that 4.17.0 logs the follwing during ipmi_si setup: ipmi_si 0000:01:04.6: probing via PCI (NULL device *): Could not setup I/O space ipmi_si 0000:01:04.6: [mem 0xf5ef0000-0xf5ef00ff] regsize 1 spacing 1 irq 21 Fix the "NULL device *) by moving io.dev assignment before its potential use by ipmi_pci_probe_regspacing(). Result: ipmi_si 0000:01:04.6: probing via PCI ipmi_si 0000:01:04.6: Could not setup I/O space ipmi_si 0000:01:04.6: [mem 0xf5ef0000-0xf5ef00ff] regsize 1 spacing 1 irq 21 Signed-off-by: Meelis Roos <mroos@linux.ee> Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Greg Kroah-Hartman
|
75337a6f96 |
This is the 4.19.78 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2bbnkACgkQONu9yGCS aT6bng/+Jvj4gXLq2w+KmeN1SRbNu2ee+GjQsgQR6JZ3/dY5+rzPhuL37Op0fQd6 UwnLhY4TL3PUiRCE8pNaVYI8nDfpxRkohYP+SMtGyoQKmoiy3W/SWe3CgEwniLwg k9TsuqxUsIUeEdSr6Bjbry0IU4VoZ3MP0cmMc1SrFUqJzFoGoUMHsHmQJvDPiy1f l7oZUgYrXArcnPhCda6peD9AJUfuIRKAM4BW47WN6Z9moqAAAa60eXN/u/hHp+Qc w55AZTSxel7CMbLDMnZ6/xWDgY/FHTLjkmhdIl9H6Qi8SbrJwq23zXnBO5xVameQ 4MaLIgrp7M5sohAVFdqAVZYyZrkX91ssVujYwc+I6O1TYdja1Usj2TzdyL/MPqzY FLM9s3P0C3xKLdlg5gq9BxxnohIIhNmBy069NGsmfFd9jP2o6vFUEjiVxSY7Hp3r GpZP1ETAfMNHCG3jN3o5EkwyLoQHegFWfLpCIEF++k9gjo2CP00+Lf16RVrSsG47 ILobFW5Wy4RXFyd7M8PrjSyuAtuzkUTzxg6P+6zuEtPwwvZPtadd97dGbA90pKvv eB1UPHu8/emMhW/8fwDBbpeQbIh0pHtX2yQq/LTItEHGr+YjRTIyH3Z/fST5itre ZDofsls4A+70TQ5/XOgjlDjco93iUs8KULDzQqvTFIuUIlvk3hQ= =7fm2 -----END PGP SIGNATURE----- Merge 4.19.78 into android-4.19 Changes in 4.19.78 tpm: use tpm_try_get_ops() in tpm-sysfs.c. tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations drm/bridge: tc358767: Increase AUX transfer length limit drm/panel: simple: fix AUO g185han01 horizontal blanking video: ssd1307fb: Start page range at page_offset drm/stm: attach gem fence to atomic state drm/panel: check failure cases in the probe func drm/rockchip: Check for fast link training before enabling psr drm/radeon: Fix EEH during kexec gpu: drm: radeon: Fix a possible null-pointer dereference in radeon_connector_set_property() PCI: rpaphp: Avoid a sometimes-uninitialized warning ipmi_si: Only schedule continuously in the thread in maintenance mode clk: qoriq: Fix -Wunused-const-variable clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks drm/amd/display: fix issue where 252-255 values are clipped drm/amd/display: reprogram VM config when system resume powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window clk: actions: Don't reference clk_init_data after registration clk: sirf: Don't reference clk_init_data after registration clk: sprd: Don't reference clk_init_data after registration clk: zx296718: Don't reference clk_init_data after registration powerpc/xmon: Check for HV mode when dumping XIVE info from OPAL powerpc/rtas: use device model APIs and serialization during LPM powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function powerpc/pseries/mobility: use cond_resched when updating device tree pinctrl: tegra: Fix write barrier placement in pmx_writel powerpc/eeh: Clear stale EEH_DEV_NO_HANDLER flag vfio_pci: Restore original state on release drm/nouveau/volt: Fix for some cards having 0 maximum voltage pinctrl: amd: disable spurious-firing GPIO IRQs clk: renesas: mstp: Set GENPD_FLAG_ALWAYS_ON for clock domain clk: renesas: cpg-mssr: Set GENPD_FLAG_ALWAYS_ON for clock domain drm/amd/display: support spdif drm/amdgpu/si: fix ASIC tests powerpc/64s/exception: machine check use correct cfar for late handler pstore: fs superblock limits clk: qcom: gcc-sdm845: Use floor ops for sdcc clks powerpc/pseries: correctly track irq state in default idle pinctrl: meson-gxbb: Fix wrong pinning definition for uart_c arm64: fix unreachable code issue with cmpxchg clk: at91: select parent if main oscillator or bypass is enabled powerpc: dump kernel log before carrying out fadump or kdump mbox: qcom: add APCS child device for QCS404 clk: sprd: add missing kfree scsi: core: Reduce memory required for SCSI logging dma-buf/sw_sync: Synchronize signal vs syncpt free ext4: fix potential use after free after remounting with noblock_validity MIPS: Ingenic: Disable broken BTB lookup optimization. MIPS: tlbex: Explicitly cast _PAGE_NO_EXEC to a boolean i2c-cht-wc: Fix lockdep warning mfd: intel-lpss: Remove D3cold delay PCI: tegra: Fix OF node reference leak HID: wacom: Fix several minor compiler warnings livepatch: Nullify obj->mod in klp_module_coming()'s error path ARM: 8898/1: mm: Don't treat faults reported from cache maintenance as writes soundwire: intel: fix channel number reported by hardware ARM: 8875/1: Kconfig: default to AEABI w/ Clang rtc: snvs: fix possible race condition rtc: pcf85363/pcf85263: fix regmap error in set_time HID: apple: Fix stuck function keys when using FN PCI: rockchip: Propagate errors for optional regulators PCI: histb: Propagate errors for optional regulators PCI: imx6: Propagate errors for optional regulators PCI: exynos: Propagate errors for optional PHYs security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb() ARM: 8903/1: ensure that usable memory in bank 0 starts from a PMD-aligned address fat: work around race with userspace's read via blockdev while mounting pktcdvd: remove warning on attempting to register non-passthrough dev hypfs: Fix error number left in struct pointer member crypto: hisilicon - Fix double free in sec_free_hw_sgl() kbuild: clean compressed initramfs image ocfs2: wait for recovering done after direct unlock request kmemleak: increase DEBUG_KMEMLEAK_EARLY_LOG_SIZE default to 16K arm64: consider stack randomization for mmap base only when necessary mips: properly account for stack randomization and stack guard gap arm: properly account for stack randomization and stack guard gap arm: use STACK_TOP when computing mmap base address block: mq-deadline: Fix queue restart handling bpf: fix use after free in prog symbol exposure cxgb4:Fix out-of-bounds MSI-X info array access erspan: remove the incorrect mtu limit for erspan hso: fix NULL-deref on tty open ipv6: drop incoming packets having a v4mapped source address ipv6: Handle missing host route in __ipv6_ifa_notify net: ipv4: avoid mixed n_redirects and rate_tokens usage net: qlogic: Fix memory leak in ql_alloc_large_buffers net: Unpublish sk from sk_reuseport_cb before call_rcu nfc: fix memory leak in llcp_sock_bind() qmi_wwan: add support for Cinterion CLS8 devices rxrpc: Fix rxrpc_recvmsg tracepoint sch_dsmark: fix potential NULL deref in dsmark_init() udp: fix gso_segs calculations vsock: Fix a lockdep warning in __vsock_release() net: dsa: rtl8366: Check VLAN ID and not ports udp: only do GSO if # of segs > 1 net/rds: Fix error handling in rds_ib_add_one() xen-netfront: do not use ~0U as error return value for xennet_fill_frags() tipc: fix unlimited bundling of small messages sch_cbq: validate TCA_CBQ_WRROPT to avoid crash soundwire: Kconfig: fix help format soundwire: fix regmap dependencies and align with other serial links Smack: Don't ignore other bprm->unsafe flags if LSM_UNSAFE_PTRACE is set smack: use GFP_NOFS while holding inode_smack::smk_lock NFC: fix attrs checks in netlink interface kexec: bail out upon SIGKILL when allocating memory. 9p/cache.c: Fix memory leak in v9fs_cache_session_get_cookie Linux 4.19.78 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I02db9c4a0cc1f784e6ac1523599fcbed747a6375 |
||
Corey Minyard
|
84038a98b9 |
ipmi_si: Only schedule continuously in the thread in maintenance mode
[ Upstream commit 340ff31ab00bca5c15915e70ad9ada3030c98cf8 ] ipmi_thread() uses back-to-back schedule() to poll for command completion which, on some machines, can push up CPU consumption and heavily tax the scheduler locks leading to noticeable overall performance degradation. This was originally added so firmware updates through IPMI would complete in a timely manner. But we can't kill the scheduler locks for that one use case. Instead, only run schedule() continuously in maintenance mode, where firmware updates should run. Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Vadim Sukhomlinov
|
053d0ec61e |
tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations
commit db4d8cb9c9f2af71c4d087817160d866ed572cc9 upstream
TPM 2.0 Shutdown involve sending TPM2_Shutdown to TPM chip and disabling
future TPM operations. TPM 1.2 behavior was different, future TPM
operations weren't disabled, causing rare issues. This patch ensures
that future TPM operations are disabled.
Fixes:
|
||
Jarkko Sakkinen
|
d598712712 |
tpm: use tpm_try_get_ops() in tpm-sysfs.c.
commit 2677ca98ae377517930c183248221f69f771c921 upstream Use tpm_try_get_ops() in tpm-sysfs.c so that we can consider moving other decorations (locking, localities, power management for example) inside it. This direction can be of course taken only after other call sites for tpm_transmit() have been treated in the same way. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Reviewed-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Greg Kroah-Hartman
|
7f1f24fed2 |
This is the 4.19.77 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl2YehoACgkQONu9yGCS aT536hAA0w6XF1ogPi23xS5BQ386c3BjWaOJddu0PFkR9utguuZaDG5AKjnkHtm2 foxKeCGyChCc1h6qFD2wLavsQMephzLWXkMw1/uXfwAPXGWY1hquD46zrFO0IYOc dsmKh5V8ZT70lmPTBHCDVowp1xUczNFhuNRHz1KzVQ3lsKMAhsRiy6vpsXWzIeOM VCrayI4jxTVZvoA9Odm9fTXpau0Qb9k4pqGGU84dz/xWfGzrz/AOmp+kWuZRGepS fQi+46HK3idmGGNBVGkJYkDdpkefdrYdjlVHkkoAZHlaB+QaOrre0trNArK+knRu jJIl8R/M50yYbkn97vVIpwoh19rV0BI7KUFKO4C4NCByOOV+9vjJ5g1FuZ7c3pmj XKZiBmFBJVqbI1uwgqEn+/Tv6DyEz4gUzo5GHOe2i/Bh2nSguHZzO+Yhat1U+J+Y 3QVfrIS10jICWBAqm147FepGtNxbCPP3plyqbJdrMwgM6GOMd83v+rY/5okB2YK4 SHhzuevQoxujjeoOgHKjIqTiCIaJMt5ZvlCFqODg8NgpjTNDAbCA/UUQWs7MlrqX 6uwH2QLwk3h+bEXUfGzsbsk5isTDpHr1ch6SI9T675JHRZCE461RoR82XpjLOyHD 90tBJk9pfKlLqSEyiaWPPpXErhoS5WCVKM5yuT/rSS/i2Ve4VH4= =Q+c9 -----END PGP SIGNATURE----- Merge 4.19.77 into android-4.19 Changes in 4.19.77 arcnet: provide a buffer big enough to actually receive packets cdc_ncm: fix divide-by-zero caused by invalid wMaxPacketSize macsec: drop skb sk before calling gro_cells_receive net/phy: fix DP83865 10 Mbps HDX loopback disable function net: qrtr: Stop rx_worker before freeing node net/sched: act_sample: don't push mac header on ip6gre ingress net_sched: add max len check for TCA_KIND nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC ppp: Fix memory leak in ppp_write sch_netem: fix a divide by zero in tabledist() skge: fix checksum byte order usbnet: ignore endpoints with invalid wMaxPacketSize usbnet: sanity checking of packet sizes and device mtu net: sched: fix possible crash in tcf_action_destroy() tcp: better handle TCP_USER_TIMEOUT in SYN_SENT state net/mlx5: Add device ID of upcoming BlueField-2 mISDN: enforce CAP_NET_RAW for raw sockets appletalk: enforce CAP_NET_RAW for raw sockets ax25: enforce CAP_NET_RAW for raw sockets ieee802154: enforce CAP_NET_RAW for raw sockets nfc: enforce CAP_NET_RAW for raw sockets nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs ALSA: hda: Flush interrupts on disabling regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg ASoC: tlv320aic31xx: suppress error message for EPROBE_DEFER ASoC: sgtl5000: Fix of unmute outputs on probe ASoC: sgtl5000: Fix charge pump source assignment firmware: qcom_scm: Use proper types for dma mappings dmaengine: bcm2835: Print error in case setting DMA mask fails leds: leds-lp5562 allow firmware files up to the maximum length media: dib0700: fix link error for dibx000_i2c_set_speed media: mtk-cir: lower de-glitch counter for rc-mm protocol media: exynos4-is: fix leaked of_node references media: hdpvr: Add device num check and handling media: i2c: ov5640: Check for devm_gpiod_get_optional() error time/tick-broadcast: Fix tick_broadcast_offline() lockdep complaint sched/fair: Fix imbalance due to CPU affinity sched/core: Fix CPU controller for !RT_GROUP_SCHED x86/apic: Make apic_pending_intr_clear() more robust sched/deadline: Fix bandwidth accounting at all levels after offline migration x86/reboot: Always use NMI fallback when shutdown via reboot vector IPI fails x86/apic: Soft disable APIC before initializing it ALSA: hda - Show the fatal CORB/RIRB error more clearly ALSA: i2c: ak4xxx-adda: Fix a possible null pointer dereference in build_adc_controls() EDAC/mc: Fix grain_bits calculation media: iguanair: add sanity checks base: soc: Export soc_device_register/unregister APIs ALSA: usb-audio: Skip bSynchAddress endpoint check if it is invalid ia64:unwind: fix double free for mod->arch.init_unw_table EDAC/altera: Use the proper type for the IRQ status bits ASoC: rsnd: don't call clk_get_rate() under atomic context arm64/prefetch: fix a -Wtype-limits warning md/raid1: end bio when the device faulty md: don't call spare_active in md_reap_sync_thread if all member devices can't work md: don't set In_sync if array is frozen media: media/platform: fsl-viu.c: fix build for MICROBLAZE ACPI / processor: don't print errors for processorIDs == 0xff loop: Add LOOP_SET_DIRECT_IO to compat ioctl EDAC, pnd2: Fix ioremap() size in dnv_rd_reg() efi: cper: print AER info of PCIe fatal error firmware: arm_scmi: Check if platform has released shmem before using sched/fair: Use rq_lock/unlock in online_fair_sched_group idle: Prevent late-arriving interrupts from disrupting offline media: gspca: zero usb_buf on error perf config: Honour $PERF_CONFIG env var to specify alternate .perfconfig perf test vfs_getname: Disable ~/.perfconfig to get default output media: mtk-mdp: fix reference count on old device tree media: fdp1: Reduce FCP not found message level to debug media: em28xx: modules workqueue not inited for 2nd device media: rc: imon: Allow iMON RC protocol for ffdc 7e device dmaengine: iop-adma: use correct printk format strings perf record: Support aarch64 random socket_id assignment media: vsp1: fix memory leak of dl on error return path media: i2c: ov5645: Fix power sequence media: omap3isp: Don't set streaming state on random subdevs media: imx: mipi csi-2: Don't fail if initial state times-out net: lpc-enet: fix printk format strings m68k: Prevent some compiler warnings in Coldfire builds ARM: dts: imx7d: cl-som-imx7: make ethernet work again ARM: dts: imx7-colibri: disable HS400 media: radio/si470x: kill urb on error media: hdpvr: add terminating 0 at end of string ASoC: uniphier: Fix double reset assersion when transitioning to suspend state tools headers: Fixup bitsperlong per arch includes ASoC: sun4i-i2s: Don't use the oversample to calculate BCLK led: triggers: Fix a memory leak bug nbd: add missing config put media: mceusb: fix (eliminate) TX IR signal length limit media: dvb-frontends: use ida for pll number posix-cpu-timers: Sanitize bogus WARNONS media: dvb-core: fix a memory leak bug libperf: Fix alignment trap with xyarray contents in 'perf stat' EDAC/amd64: Recognize DRAM device type ECC capability EDAC/amd64: Decode syndrome before translating address PM / devfreq: passive: Use non-devm notifiers PM / devfreq: exynos-bus: Correct clock enable sequence media: cec-notifier: clear cec_adap in cec_notifier_unregister media: saa7146: add cleanup in hexium_attach() media: cpia2_usb: fix memory leaks media: saa7134: fix terminology around saa7134_i2c_eeprom_md7134_gate() perf trace beauty ioctl: Fix off-by-one error in cmd->string table media: ov9650: add a sanity check ASoC: es8316: fix headphone mixer volume table ACPI / CPPC: do not require the _PSD method sched/cpufreq: Align trace event behavior of fast switching x86/apic/vector: Warn when vector space exhaustion breaks affinity arm64: kpti: ensure patched kernel text is fetched from PoU x86/mm/pti: Do not invoke PTI functions when PTI is disabled ASoC: fsl_ssi: Fix clock control issue in master mode x86/mm/pti: Handle unaligned address gracefully in pti_clone_pagetable() nvmet: fix data units read and written counters in SMART log nvme-multipath: fix ana log nsid lookup when nsid is not found ALSA: firewire-motu: add support for MOTU 4pre iommu/amd: Silence warnings under memory pressure libata/ahci: Drop PCS quirk for Denverton and beyond iommu/iova: Avoid false sharing on fq_timer_on libtraceevent: Change users plugin directory ARM: dts: exynos: Mark LDO10 as always-on on Peach Pit/Pi Chromebooks ACPI: custom_method: fix memory leaks ACPI / PCI: fix acpi_pci_irq_enable() memory leak closures: fix a race on wakeup from closure_sync hwmon: (acpi_power_meter) Change log level for 'unsafe software power cap' md/raid1: fail run raid1 array when active disk less than one dmaengine: ti: edma: Do not reset reserved paRAM slots kprobes: Prohibit probing on BUG() and WARN() address s390/crypto: xts-aes-s390 fix extra run-time crypto self tests finding x86/cpu: Add Tiger Lake to Intel family platform/x86: intel_pmc_core: Do not ioremap RAM ASoC: dmaengine: Make the pcm->name equal to pcm->id if the name is not set raid5: don't set STRIPE_HANDLE to stripe which is in batch list mmc: core: Clarify sdio_irq_pending flag for MMC_CAP2_SDIO_IRQ_NOTHREAD mmc: sdhci: Fix incorrect switch to HS mode mmc: core: Add helper function to indicate if SDIO IRQs is enabled mmc: dw_mmc: Re-store SDIO IRQs mask at system resume raid5: don't increment read_errors on EILSEQ return libertas: Add missing sentinel at end of if_usb.c fw_table e1000e: add workaround for possible stalled packet ALSA: hda - Drop unsol event handler for Intel HDMI codecs drm/amd/powerplay/smu7: enforce minimal VBITimeout (v2) media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() ALSA: hda/realtek - Blacklist PC beep for Lenovo ThinkCentre M73/93 iommu/amd: Override wrong IVRS IOAPIC on Raven Ridge systems btrfs: extent-tree: Make sure we only allocate extents from block groups with the same type media: omap3isp: Set device on omap3isp subdevs PM / devfreq: passive: fix compiler warning iwlwifi: fw: don't send GEO_TX_POWER_LIMIT command to FW version 36 ALSA: firewire-tascam: handle error code when getting current source of clock ALSA: firewire-tascam: check intermediate state of clock status and retry scsi: scsi_dh_rdac: zero cdb in send_mode_select() scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag printk: Do not lose last line in kmsg buffer dump IB/mlx5: Free mpi in mp_slave mode IB/hfi1: Define variables as unsigned long to fix KASAN warning randstruct: Check member structs in is_pure_ops_struct() Revert "ceph: use ceph_evict_inode to cleanup inode's resource" ceph: use ceph_evict_inode to cleanup inode's resource ALSA: hda/realtek - PCI quirk for Medion E4254 blk-mq: add callback of .cleanup_rq scsi: implement .cleanup_rq callback powerpc/imc: Dont create debugfs files for cpu-less nodes fuse: fix missing unlock_page in fuse_writepage() parisc: Disable HP HSC-PCI Cards to prevent kernel crash KVM: x86: always stop emulation on page fault KVM: x86: set ctxt->have_exception in x86_decode_insn() KVM: x86: Manually calculate reserved bits when loading PDPTRS media: sn9c20x: Add MSI MS-1039 laptop to flip_dmi_table media: don't drop front-end reference count for ->detach binfmt_elf: Do not move brk for INTERP-less ET_EXEC ASoC: Intel: NHLT: Fix debug print format ASoC: Intel: Skylake: Use correct function to access iomem space ASoC: Intel: Fix use of potentially uninitialized variable ARM: samsung: Fix system restart on S3C6410 ARM: zynq: Use memcpy_toio instead of memcpy on smp bring-up Revert "arm64: Remove unnecessary ISBs from set_{pte,pmd,pud}" arm64: tlb: Ensure we execute an ISB following walk cache invalidation arm64: dts: rockchip: limit clock rate of MMC controllers for RK3328 alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP regulator: Defer init completion for a while after late_initcall efifb: BGRT: Improve efifb_bgrt_sanity_check gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps memcg, oom: don't require __GFP_FS when invoking memcg OOM killer memcg, kmem: do not fail __GFP_NOFAIL charges i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask block: fix null pointer dereference in blk_mq_rq_timed_out() smb3: allow disabling requesting leases ovl: Fix dereferencing possible ERR_PTR() ovl: filter of trusted xattr results in audit btrfs: fix allocation of free space cache v1 bitmap pages Btrfs: fix use-after-free when using the tree modification log btrfs: Relinquish CPUs in btrfs_compare_trees btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls Btrfs: fix race setting up and completing qgroup rescan workers md/raid6: Set R5_ReadError when there is read failure on parity disk md: don't report active array_state until after revalidate_disk() completes. md: only call set_in_sync() when it is expected to succeed. cfg80211: Purge frame registrations on iftype change /dev/mem: Bail out upon SIGKILL. ext4: fix warning inside ext4_convert_unwritten_extents_endio ext4: fix punch hole for inline_data file systems quota: fix wrong condition in is_quota_modification() hwrng: core - don't wait on add_early_randomness() i2c: riic: Clear NACK in tend isr CIFS: fix max ea value size CIFS: Fix oplock handling for SMB 2.1+ protocols md/raid0: avoid RAID0 data corruption due to layout confusion. fuse: fix deadlock with aio poll and fuse_iqueue::waitq.lock mm/compaction.c: clear total_{migrate,free}_scanned before scanning a new zone drm/amd/display: Restore backlight brightness after system resume Linux 4.19.77 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I2c74f09f497a4b45b244a7dd263c5116533dfccb |
||
Laurent Vivier
|
fec38267a2 |
hwrng: core - don't wait on add_early_randomness()
commit 78887832e76541f77169a24ac238fccb51059b63 upstream.
add_early_randomness() is called by hwrng_register() when the
hardware is added. If this hardware and its module are present
at boot, and if there is no data available the boot hangs until
data are available and can't be interrupted.
For instance, in the case of virtio-rng, in some cases the host can be
not able to provide enough entropy for all the guests.
We can have two easy ways to reproduce the problem but they rely on
misconfiguration of the hypervisor or the egd daemon:
- if virtio-rng device is configured to connect to the egd daemon of the
host but when the virtio-rng driver asks for data the daemon is not
connected,
- if virtio-rng device is configured to connect to the egd daemon of the
host but the egd daemon doesn't provide data.
The guest kernel will hang at boot until the virtio-rng driver provides
enough data.
To avoid that, call rng_get_data() in non-blocking mode (wait=0)
from add_early_randomness().
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Fixes:
|
||
Tetsuo Handa
|
caa6926d94 |
/dev/mem: Bail out upon SIGKILL.
commit 8619e5bdeee8b2c685d686281f2d2a6017c4bc15 upstream. syzbot found that a thread can stall for minutes inside read_mem() or write_mem() after that thread was killed by SIGKILL [1]. Reading from iomem areas of /dev/mem can be slow, depending on the hardware. While reading 2GB at one read() is legal, delaying termination of killed thread for minutes is bad. Thus, allow reading/writing /dev/mem and /dev/kmem to be preemptible and killable. [ 1335.912419][T20577] read_mem: sz=4096 count=2134565632 [ 1335.943194][T20577] read_mem: sz=4096 count=2134561536 [ 1335.978280][T20577] read_mem: sz=4096 count=2134557440 [ 1336.011147][T20577] read_mem: sz=4096 count=2134553344 [ 1336.041897][T20577] read_mem: sz=4096 count=2134549248 Theoretically, reading/writing /dev/mem and /dev/kmem can become "interruptible". But this patch chose "killable". Future patch will make them "interruptible" so that we can revert to "killable" if some program regressed. [1] https://syzkaller.appspot.com/bug?id=a0e3436829698d5824231251fad9d8e998f94f5e Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: stable <stable@vger.kernel.org> Reported-by: syzbot <syzbot+8ab2d0f39fb79fe6ca40@syzkaller.appspotmail.com> Link: https://lore.kernel.org/r/1566825205-10703-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
8ca5759502 |
This is the 4.19.73 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1/KiEACgkQONu9yGCS aT49JBAAy7b3wv1WXAtg9wsyS1JL4HbMXt3YjtokIX+UpkznoqII4B85QftPBbiD 9zDuTWPjhrqKv1GsMkFRCqBVp5wGVik1MIbjVuKdstFN5W8KQybpbYnSW4T52+wS cs6oOPkLydAfWzKeq+ekEeU8yr5dua+Ui3huundZ49wseJWQP3fh9T+ToUx8V/cr tsLiRRgI0djj7KQWVuM1j8YGKT/6qk/UL0HMVZyoIdLmsxpLap+LWe0+CRXn8rvs eJJlVQTVtYf/ySoHkpnwR12VsjRYjx6pNkm/GrebMCkM7wF/4RMqxk7j9EU0PENH VUdRrUd+j/YPp6QzjSFMK0+0eb7Gm3X0FEN0IGZshu1r/CDnoj/7hqnBmOlYIbhv pdteYaLqWq7JjAHu7vF+S4aNQRGpAZb05LsbTJ39Eu3FbdVTLXsAuUveZ7Y4/y0X ri2M3d/sF/cjc3C+V7Y7h422SM36jSAK6496VAoRyqqjX/3JyROhgfU9NAMzVr83 4uI904z9lH4TZGOd5YQgX2VuOtBcGwa7+g6fy97u1tp8UxSWFZRGDDLRysF/dIJO Wi51UK0Q7EWnqBTe0TFF6TjE5tC7R3ZgzqEQ1MU4eLI5mqokg82DAK4Ub2Wk5Qch CGs5/d16OOrLtG2RoaOGz9UdQR7IHUXLSqkKbaEdstc16MXNXns= =cmGh -----END PGP SIGNATURE----- Merge 4.19.73 into android-4.19 Changes in 4.19.73 ALSA: hda - Fix potential endless loop at applying quirks ALSA: hda/realtek - Fix overridden device-specific initialization ALSA: hda/realtek - Add quirk for HP Pavilion 15 ALSA: hda/realtek - Enable internal speaker & headset mic of ASUS UX431FL ALSA: hda/realtek - Fix the problem of two front mics on a ThinkCentre sched/fair: Don't assign runtime for throttled cfs_rq drm/vmwgfx: Fix double free in vmw_recv_msg() vhost/test: fix build for vhost test vhost/test: fix build for vhost test - again powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction batman-adv: fix uninit-value in batadv_netlink_get_ifindex() batman-adv: Only read OGM tvlv_len after buffer len check hv_sock: Fix hang when a connection is closed Blk-iolatency: warn on negative inflight IO counter blk-iolatency: fix STS_AGAIN handling {nl,mac}80211: fix interface combinations on crypto controlled devices timekeeping: Use proper ktime_add when adding nsecs in coarse offset selftests: fib_rule_tests: use pre-defined DEV_ADDR x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() powerpc/64: mark start_here_multiplatform as __ref media: stm32-dcmi: fix irq = 0 case arm64: dts: rockchip: enable usb-host regulators at boot on rk3328-rock64 scripts/decode_stacktrace: match basepath using shell prefix operator, not regex riscv: remove unused variable in ftrace nvme-fc: use separate work queue to avoid warning clk: s2mps11: Add used attribute to s2mps11_dt_match remoteproc: qcom: q6v5: shore up resource probe handling modules: always page-align module section allocations kernel/module: Fix mem leak in module_add_modinfo_attrs drm/i915: Re-apply "Perform link quality check, unconditionally during long pulse" media: cec/v4l2: move V4L2 specific CEC functions to V4L2 media: cec: remove cec-edid.c scsi: qla2xxx: Move log messages before issuing command to firmware keys: Fix the use of the C++ keyword "private" in uapi/linux/keyctl.h Drivers: hv: kvp: Fix two "this statement may fall through" warnings x86, hibernate: Fix nosave_regions setup for hibernation remoteproc: qcom: q6v5-mss: add SCM probe dependency drm/amdgpu/gfx9: Update gfx9 golden settings. drm/amdgpu: Update gc_9_0 golden settings. KVM: x86: hyperv: enforce vp_index < KVM_MAX_VCPUS KVM: x86: hyperv: consistently use 'hv_vcpu' for 'struct kvm_vcpu_hv' variables KVM: x86: hyperv: keep track of mismatched VP indexes KVM: hyperv: define VP assist page helpers x86/kvm/lapic: preserve gfn_to_hva_cache len on cache reinit drm/i915: Fix intel_dp_mst_best_encoder() drm/i915: Rename PLANE_CTL_DECOMPRESSION_ENABLE drm/i915/gen9+: Fix initial readout for Y tiled framebuffers drm/atomic_helper: Disallow new modesets on unregistered connectors Drivers: hv: kvp: Fix the indentation of some "break" statements Drivers: hv: kvp: Fix the recent regression caused by incorrect clean-up powerplay: Respect units on max dcfclk watermark drm/amd/pp: Fix truncated clock value when set watermark drm/amd/dm: Understand why attaching path/tile properties are needed ARM: davinci: da8xx: define gpio interrupts as separate resources ARM: davinci: dm365: define gpio interrupts as separate resources ARM: davinci: dm646x: define gpio interrupts as separate resources ARM: davinci: dm355: define gpio interrupts as separate resources ARM: davinci: dm644x: define gpio interrupts as separate resources s390/zcrypt: reinit ap queue state machine during device probe media: vim2m: use workqueue media: vim2m: use cancel_delayed_work_sync instead of flush_schedule_work drm/i915: Restore sane defaults for KMS on GEM error load drm/i915: Cleanup gt powerstate from gem KVM: PPC: Book3S HV: Fix race between kvm_unmap_hva_range and MMU mode switch Btrfs: clean up scrub is_dev_replace parameter Btrfs: fix deadlock with memory reclaim during scrub btrfs: Remove extent_io_ops::fill_delalloc btrfs: Fix error handling in btrfs_cleanup_ordered_extents scsi: megaraid_sas: Fix combined reply queue mode detection scsi: megaraid_sas: Add check for reset adapter bit scsi: megaraid_sas: Use 63-bit DMA addressing powerpc/pkeys: Fix handling of pkey state across fork() btrfs: volumes: Make sure no dev extent is beyond device boundary btrfs: Use real device structure to verify dev extent media: vim2m: only cancel work if it is for right context ARC: show_regs: lockdep: re-enable preemption ARC: mm: do_page_fault fixes #1: relinquish mmap_sem if signal arrives while handle_mm_fault IB/uverbs: Fix OOPs upon device disassociation crypto: ccree - fix resume race condition on init crypto: ccree - add missing inline qualifier drm/vblank: Allow dynamic per-crtc max_vblank_count drm/i915/ilk: Fix warning when reading emon_status with no output mfd: Kconfig: Fix I2C_DESIGNWARE_PLATFORM dependencies tpm: Fix some name collisions with drivers/char/tpm.h bcache: replace hard coded number with BUCKET_GC_GEN_MAX bcache: treat stale && dirty keys as bad keys KVM: VMX: Compare only a single byte for VMCS' "launched" in vCPU-run iio: adc: exynos-adc: Add S5PV210 variant dt-bindings: iio: adc: exynos-adc: Add S5PV210 variant iio: adc: exynos-adc: Use proper number of channels for Exynos4x12 mt76: fix corrupted software generated tx CCMP PN drm/nouveau: Don't WARN_ON VCPI allocation failures iwlwifi: fix devices with PCI Device ID 0x34F0 and 11ac RF modules iwlwifi: add new card for 9260 series x86/kvmclock: set offset for kvm unstable clock spi: spi-gpio: fix SPI_CS_HIGH capability powerpc/kvm: Save and restore host AMR/IAMR/UAMOR mmc: renesas_sdhi: Fix card initialization failure in high speed mode btrfs: scrub: pass fs_info to scrub_setup_ctx btrfs: scrub: move scrub_setup_ctx allocation out of device_list_mutex btrfs: scrub: fix circular locking dependency warning btrfs: init csum_list before possible free PCI: qcom: Fix error handling in runtime PM support PCI: qcom: Don't deassert reset GPIO during probe drm: add __user attribute to ptr_to_compat() CIFS: Fix error paths in writeback code CIFS: Fix leaking locked VFS cache pages in writeback retry drm/i915: Handle vm_mmap error during I915_GEM_MMAP ioctl with WC set drm/i915: Sanity check mmap length against object size usb: typec: tcpm: Try PD-2.0 if sink does not respond to 3.0 source-caps arm64: dts: stratix10: add the sysmgr-syscon property from the gmac's IB/mlx5: Reset access mask when looping inside page fault handler kvm: mmu: Fix overflow on kvm mmu page limit calculation x86/kvm: move kvm_load/put_guest_xcr0 into atomic context KVM: x86: Always use 32-bit SMRAM save state for 32-bit kernels cifs: Fix lease buffer length error media: i2c: tda1997x: select V4L2_FWNODE ext4: protect journal inode's blocks using block_validity ARM: dts: qcom: ipq4019: fix PCI range ARM: dts: qcom: ipq4019: Fix MSI IRQ type ARM: dts: qcom: ipq4019: enlarge PCIe BAR range dt-bindings: mmc: Add supports-cqe property dt-bindings: mmc: Add disable-cqe-dcmd property. PCI: Add macro for Switchtec quirk declarations PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary dm mpath: fix missing call of path selector type->end_io blk-mq: free hw queue's resource in hctx's release handler mmc: sdhci-pci: Add support for Intel CML PCI: dwc: Use devm_pci_alloc_host_bridge() to simplify code cifs: smbd: take an array of reqeusts when sending upper layer data dm crypt: move detailed message into debug level signal/arc: Use force_sig_fault where appropriate ARC: mm: fix uninitialised signal code in do_page_fault ARC: mm: SIGSEGV userspace trying to access kernel virtual memory drm/amdkfd: Add missing Polaris10 ID kvm: Check irqchip mode before assign irqfd drm/amdgpu: fix ring test failure issue during s3 in vce 3.0 (V2) drm/amdgpu/{uvd,vcn}: fetch ring's read_ptr after alloc Btrfs: fix race between block group removal and block group allocation cifs: add spinlock for the openFileList to cifsInodeInfo clk: tegra: Fix maximum audio sync clock for Tegra124/210 clk: tegra210: Fix default rates for HDA clocks IB/hfi1: Avoid hardlockup with flushlist_lock apparmor: reset pos on failure to unpack for various functions scsi: target/core: Use the SECTOR_SHIFT constant scsi: target/iblock: Fix overrun in WRITE SAME emulation staging: wilc1000: fix error path cleanup in wilc_wlan_initialize() scsi: zfcp: fix request object use-after-free in send path causing wrong traces cifs: Properly handle auto disabling of serverino option ALSA: hda - Don't resume forcibly i915 HDMI/DP codec ceph: use ceph_evict_inode to cleanup inode's resource KVM: x86: optimize check for valid PAT value KVM: VMX: Always signal #GP on WRMSR to MSR_IA32_CR_PAT with bad value KVM: VMX: Fix handling of #MC that occurs during VM-Entry KVM: VMX: check CPUID before allowing read/write of IA32_XSS KVM: PPC: Use ccr field in pt_regs struct embedded in vcpu struct KVM: PPC: Book3S HV: Fix CR0 setting in TM emulation ARM: dts: gemini: Set DIR-685 SPI CS as active low RDMA/srp: Document srp_parse_in() arguments RDMA/srp: Accept again source addresses that do not have a port number btrfs: correctly validate compression type resource: Include resource end in walk_*() interfaces resource: Fix find_next_iomem_res() iteration issue resource: fix locking in find_next_iomem_res() pstore: Fix double-free in pstore_mkfile() failure path dm thin metadata: check if in fail_io mode when setting needs_check drm/panel: Add support for Armadeus ST0700 Adapt ALSA: hda - Fix intermittent CORB/RIRB stall on Intel chips powerpc/mm: Limit rma_size to 1TB when running without HV mode iommu/iova: Remove stale cached32_node gpio: don't WARN() on NULL descs if gpiolib is disabled i2c: at91: disable TXRDY interrupt after sending data i2c: at91: fix clk_offset for sama5d2 mm/migrate.c: initialize pud_entry in migrate_vma() iio: adc: gyroadc: fix uninitialized return code NFSv4: Fix delegation state recovery bcache: only clear BTREE_NODE_dirty bit when it is set bcache: add comments for mutex_lock(&b->write_lock) bcache: fix race in btree_flush_write() drm/i915: Make sure cdclk is high enough for DP audio on VLV/CHV virtio/s390: fix race on airq_areas[] drm/atomic_helper: Allow DPMS On<->Off changes for unregistered connectors ext4: don't perform block validity checks on the journal inode ext4: fix block validity checks for journal inodes using indirect blocks ext4: unsigned int compared against zero PCI: Reset both NVIDIA GPU and HDA in ThinkPad P50 workaround powerpc/tm: Remove msr_tm_active() powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts vhost: make sure log_num < in_num Linux 4.19.73 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I7bc57825aeb36759bb8e8726888da9af06392c09 |
||
Jarkko Sakkinen
|
ee30121fbd |
tpm: Fix some name collisions with drivers/char/tpm.h
[ Upstream commit 8ab547a2dcfac6ec184a5e036e1093eb3f7a215c ] * Rename TPM_BUFSIZE defined in drivers/char/tpm/st33zp24/st33zp24.h to ST33ZP24_BUFSIZE. * Rename TPM_BUFSIZE defined in drivers/char/tpm/tpm_i2c_infineon.c to TPM_I2C_INFINEON_BUFSIZE. * Rename TPM_RETRY in tpm_i2c_nuvoton to TPM_I2C_RETRIES. * Remove TPM_HEADER_SIZE from tpm_i2c_nuvoton. Cc: stable@vger.kernel.org Fixes: |
||
David Howells
|
c19c4573a5 |
UPSTREAM: Make anon_inodes unconditional
Make the anon_inodes facility unconditional so that it can be used by core VFS code. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> (cherry picked from commit dadd2299ab61fc2b55b95b7b3a8f674cdd3b69c9) Bug: 135608568 Test: test program using syscall(__NR_sys_pidfd_open,..) and poll() Change-Id: I46cba2efd3559bcf1a95a5dad6d8a4de211bafc9 Signed-off-by: Suren Baghdasaryan <surenb@google.com> |
||
Greg Kroah-Hartman
|
75ff56e1a2 |
This is the 4.19.63 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAl1BJrAACgkQONu9yGCS aT6MpRAAt2nuozm5Z/MshFAuGFzddAwPoYtkIPSy8BiPHYjf7x0+D5Ew4dz5OihS ElfbA94hMOpvhhXlzBU3ZFJsWZIK78gzV6+LiHyb5R97Jdzj/zT4h40y0kxKw+pS gghnZ6zx+pGSIXm/EsODW2gg98yTrmhBFpUhXpAGoC/71c1vxVlj3jHcuhd778YK NRlj2tFWJGIBpmXrApo1Eg7qQRj4tzbOjthfgANWPq+EP68PgiOaxMDMMp7IUwju KrXEFcXlk5aHvfaJ06FSBRBnn45XMyGXPYV/76HsaqkBNmg1r7o02dZKy/0S84Fn YXoEFxHt6NFOJ52LiO95z7cQ0xeTSYygNCtYXJ70uyDMnrCPXCrKp7DRyka+vDPs RCrcpB1QjcCb3xTL//SPkNWM3oZEW9CawpRFh9bmqbw/h7ZjaUEuwNIJnunISulu 2fvOjUmFWfUVIARiwKFVuIkXzgf3cSLYZTtiDFC5/yBpkGVNnXqyO7YtWZwnrMHq L3DC3pOKuYXMa03KWGEzZoCZEXjtoRhRwCSgV7wbK5o90sZeRj/HC1zXEyDPPD/R 7A1rePTuwlAH3gHCJGhYkmYqULx62ZdvV6IC2N7xNxeTL1Y7OVNBT7ZUqexxY6WC OG1vVxUKNJIvBLYmc6cmQATgR6XH5/B9H2p1YRBLuAQuqHk+jqo= =ZQf3 -----END PGP SIGNATURE----- Merge 4.19.63 into android-4.19 Changes in 4.19.63 hvsock: fix epollout hang from race condition drm/panel: simple: Fix panel_simple_dsi_probe iio: adc: stm32-dfsdm: manage the get_irq error case iio: adc: stm32-dfsdm: missing error case during probe staging: vt6656: use meaningful error code during buffer allocation usb: core: hub: Disable hub-initiated U1/U2 tty: max310x: Fix invalid baudrate divisors calculator pinctrl: rockchip: fix leaked of_node references tty: serial: cpm_uart - fix init when SMC is relocated drm/amd/display: Fill prescale_params->scale for RGB565 drm/amdgpu/sriov: Need to initialize the HDP_NONSURFACE_BAStE drm/amd/display: Disable ABM before destroy ABM struct drm/amdkfd: Fix a potential memory leak drm/amdkfd: Fix sdma queue map issue drm/edid: Fix a missing-check bug in drm_load_edid_firmware() PCI: Return error if cannot probe VF drm/bridge: tc358767: read display_props in get_modes() drm/bridge: sii902x: pixel clock unit is 10kHz instead of 1kHz gpu: host1x: Increase maximum DMA segment size drm/crc-debugfs: User irqsafe spinlock in drm_crtc_add_crc_entry drm/crc-debugfs: Also sprinkle irqrestore over early exits memstick: Fix error cleanup path of memstick_init tty/serial: digicolor: Fix digicolor-usart already registered warning tty: serial: msm_serial: avoid system lockup condition serial: 8250: Fix TX interrupt handling condition drm/amd/display: Always allocate initial connector state state drm/virtio: Add memory barriers for capset cache. phy: renesas: rcar-gen2: Fix memory leak at error paths drm/amd/display: fix compilation error powerpc/pseries/mobility: prevent cpu hotplug during DT update drm/rockchip: Properly adjust to a true clock in adjusted_mode serial: imx: fix locking in set_termios() tty: serial_core: Set port active bit in uart_port_activate usb: gadget: Zero ffs_io_data mmc: sdhci: sdhci-pci-o2micro: Check if controller supports 8-bit width powerpc/pci/of: Fix OF flags parsing for 64bit BARs drm/msm: Depopulate platform on probe failure serial: mctrl_gpio: Check if GPIO property exisits before requesting it PCI: sysfs: Ignore lockdep for remove attribute i2c: stm32f7: fix the get_irq error cases kbuild: Add -Werror=unknown-warning-option to CLANG_FLAGS genksyms: Teach parser about 128-bit built-in types PCI: xilinx-nwl: Fix Multi MSI data programming iio: iio-utils: Fix possible incorrect mask calculation powerpc/cacheflush: fix variable set but not used powerpc/xmon: Fix disabling tracing while in xmon recordmcount: Fix spurious mcount entries on powerpc mfd: madera: Add missing of table registration mfd: core: Set fwnode for created devices mfd: arizona: Fix undefined behavior mfd: hi655x-pmic: Fix missing return value check for devm_regmap_init_mmio_clk mm/swap: fix release_pages() when releasing devmap pages um: Silence lockdep complaint about mmap_sem powerpc/4xx/uic: clear pending interrupt after irq type/pol change RDMA/i40iw: Set queue pair state when being queried serial: sh-sci: Terminate TX DMA during buffer flushing serial: sh-sci: Fix TX DMA buffer flushing and workqueue races IB/mlx5: Fixed reporting counters on 2nd port for Dual port RoCE powerpc/mm: Handle page table allocation failures IB/ipoib: Add child to parent list only if device initialized arm64: assembler: Switch ESB-instruction with a vanilla nop if !ARM64_HAS_RAS PCI: mobiveil: Fix PCI base address in MEM/IO outbound windows PCI: mobiveil: Fix the Class Code field kallsyms: exclude kasan local symbols on s390 PCI: mobiveil: Initialize Primary/Secondary/Subordinate bus numbers PCI: mobiveil: Use the 1st inbound window for MEM inbound transactions perf test mmap-thread-lookup: Initialize variable to suppress memory sanitizer warning perf stat: Fix use-after-freed pointer detected by the smatch tool perf top: Fix potential NULL pointer dereference detected by the smatch tool perf session: Fix potential NULL pointer dereference found by the smatch tool perf annotate: Fix dereferencing freed memory found by the smatch tool perf hists browser: Fix potential NULL pointer dereference found by the smatch tool RDMA/rxe: Fill in wc byte_len with IB_WC_RECV_RDMA_WITH_IMM PCI: dwc: pci-dra7xx: Fix compilation when !CONFIG_GPIOLIB powerpc/boot: add {get, put}_unaligned_be32 to xz_config.h block: init flush rq ref count to 1 f2fs: avoid out-of-range memory access mailbox: handle failed named mailbox channel request dlm: check if workqueues are NULL before flushing/destroying powerpc/eeh: Handle hugepages in ioremap space block/bio-integrity: fix a memory leak bug sh: prevent warnings when using iounmap mm/kmemleak.c: fix check for softirq context 9p: pass the correct prototype to read_cache_page mm/gup.c: mark undo_dev_pagemap as __maybe_unused mm/gup.c: remove some BUG_ONs from get_gate_page() memcg, fsnotify: no oom-kill for remote memcg charging mm/mmu_notifier: use hlist_add_head_rcu() proc: use down_read_killable mmap_sem for /proc/pid/smaps_rollup proc: use down_read_killable mmap_sem for /proc/pid/pagemap proc: use down_read_killable mmap_sem for /proc/pid/clear_refs proc: use down_read_killable mmap_sem for /proc/pid/map_files cxgb4: reduce kernel stack usage in cudbg_collect_mem_region() proc: use down_read_killable mmap_sem for /proc/pid/maps locking/lockdep: Fix lock used or unused stats error mm: use down_read_killable for locking mmap_sem in access_remote_vm locking/lockdep: Hide unused 'class' variable usb: wusbcore: fix unbalanced get/put cluster_id usb: pci-quirks: Correct AMD PLL quirk detection btrfs: inode: Don't compress if NODATASUM or NODATACOW set x86/sysfb_efi: Add quirks for some devices with swapped width and height x86/speculation/mds: Apply more accurate check on hypervisor platform binder: prevent transactions to context manager from its own process. fpga-manager: altera-ps-spi: Fix build error mei: me: add mule creek canyon (EHL) device ids hpet: Fix division by zero in hpet_time_div() ALSA: ac97: Fix double free of ac97_codec_device ALSA: line6: Fix wrong altsetting for LINE6_PODHD500_1 ALSA: hda - Add a conexant codec entry to let mute led work powerpc/xive: Fix loop exit-condition in xive_find_target_in_mask() powerpc/tm: Fix oops on sigreturn on systems without TM libnvdimm/bus: Stop holding nvdimm_bus_list_mutex over __nd_ioctl() access: avoid the RCU grace period for the temporary subjective credentials Linux 4.19.63 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic31529aa6fd283d16d6bfb182187a9402a4db44f |
||
Kefeng Wang
|
9845fb5a3f |
hpet: Fix division by zero in hpet_time_div()
commit 0c7d37f4d9b8446956e97b7c5e61173cdb7c8522 upstream. The base value in do_div() called by hpet_time_div() is truncated from unsigned long to uint32_t, resulting in a divide-by-zero exception. UBSAN: Undefined behaviour in ../drivers/char/hpet.c:572:2 division by zero CPU: 1 PID: 23682 Comm: syz-executor.3 Not tainted 4.4.184.x86_64+ #4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 0000000000000000 b573382df1853d00 ffff8800a3287b98 ffffffff81ad7561 ffff8800a3287c00 ffffffff838b35b0 ffffffff838b3860 ffff8800a3287c20 0000000000000000 ffff8800a3287bb0 ffffffff81b8f25e ffffffff838b35a0 Call Trace: [<ffffffff81ad7561>] __dump_stack lib/dump_stack.c:15 [inline] [<ffffffff81ad7561>] dump_stack+0xc1/0x120 lib/dump_stack.c:51 [<ffffffff81b8f25e>] ubsan_epilogue+0x12/0x8d lib/ubsan.c:166 [<ffffffff81b900cb>] __ubsan_handle_divrem_overflow+0x282/0x2c8 lib/ubsan.c:262 [<ffffffff823560dd>] hpet_time_div drivers/char/hpet.c:572 [inline] [<ffffffff823560dd>] hpet_ioctl_common drivers/char/hpet.c:663 [inline] [<ffffffff823560dd>] hpet_ioctl_common.cold+0xa8/0xad drivers/char/hpet.c:577 [<ffffffff81e63d56>] hpet_ioctl+0xc6/0x180 drivers/char/hpet.c:676 [<ffffffff81711590>] vfs_ioctl fs/ioctl.c:43 [inline] [<ffffffff81711590>] file_ioctl fs/ioctl.c:470 [inline] [<ffffffff81711590>] do_vfs_ioctl+0x6e0/0xf70 fs/ioctl.c:605 [<ffffffff81711eb4>] SYSC_ioctl fs/ioctl.c:622 [inline] [<ffffffff81711eb4>] SyS_ioctl+0x94/0xc0 fs/ioctl.c:613 [<ffffffff82846003>] tracesys_phase2+0x90/0x95 The main C reproducer autogenerated by syzkaller, syscall(__NR_mmap, 0x20000000, 0x1000000, 3, 0x32, -1, 0); memcpy((void*)0x20000100, "/dev/hpet\000", 10); syscall(__NR_openat, 0xffffffffffffff9c, 0x20000100, 0, 0); syscall(__NR_ioctl, r[0], 0x40086806, 0x40000000000000); Fix it by using div64_ul(). Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com> Signed-off-by: Zhang HongJun <zhanghongjun2@huawei.com> Cc: stable <stable@vger.kernel.org> Reviewed-by: Arnd Bergmann <arnd@arndb.de> Link: https://lore.kernel.org/r/20190711132757.130092-1-wangkefeng.wang@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
cab4399ebf |
This is the 4.19.47 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzxMDsACgkQONu9yGCS aT6kjxAAvyKCDNGaQgBXGXe6xvBK7ad+mk+MU6WVycN+PIQzA8zVfR7RcGJgEP8t 65QrePyacMe5bmSgTnUKGz6DpwpWbCMamyftjoaPWIhxDFmQy7FB9ANOVoPDBw49 +jKT30ioBSI6LYQDU4xhxDO01HVEXmmLZquqYDfLoHOMLeXCivfTlM7PQPfxMZzn fdeLtvfCnfMiftkXZjGqaWoUAnrlTmncQk9nXMcDgxrGy9pHJ6B1WWE5ygqr4Z5s MaKfHotCSYD/eP8JsyIdJg+iMESv5Z0ZDCjbVslm81fCLeUD6atdnmpYxCphmT7Q ifN23i4FJrXBX4xLpD9RYzavH3+hQzqb2pt02aBZRW0OLFK0qjYrkdayjwWGOIUI zK9bgfHiiNKtoyvakQJ09uMhpO2thWeTMh8a6iBLTQ5Koi60adW1l5GrPuTTZYG7 V8xNB2cLsUktDsAr1I/kwrCMlE/oNFgy2La5zMzmELnFTUJRlMAoAGaa1DPcOFLt QVdT8luJMu+1KTeMZPoK/7QQGszMDTAot4+Ys56KyPQ6zN/rGr2vm7kHYn41FyEp KXpyeIm0/RKxUysz2Fyx+dL75e4ZhBof+amQ7Kotz6bF45o+ZwJ7THT6XKIOoln5 E7iI5RhQMZ2WuVIHLKa0QFBRn4RPpzie1lwOXWAAF6oqNgewXHw= =fjPE -----END PGP SIGNATURE----- Merge 4.19.47 into android-4.19 Changes in 4.19.47 x86: Hide the int3_emulate_call/jmp functions from UML ext4: do not delete unlinked inode from orphan list on failed truncate ext4: wait for outstanding dio during truncate in nojournal mode f2fs: Fix use of number of devices KVM: x86: fix return value for reserved EFER bio: fix improper use of smp_mb__before_atomic() sbitmap: fix improper use of smp_mb__before_atomic() Revert "scsi: sd: Keep disk read-only when re-reading partition" crypto: vmx - CTR: always increment IV as quadword mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data hold time problem mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time problem kvm: svm/avic: fix off-by-one in checking host APIC ID libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead arm64/kernel: kaslr: reduce module randomization range to 2 GB arm64/iommu: handle non-remapped addresses in ->mmap and ->get_sgtable gfs2: Fix sign extension bug in gfs2_update_stats btrfs: don't double unlock on error in btrfs_punch_hole Btrfs: do not abort transaction at btrfs_update_root() after failure to COW path Btrfs: avoid fallback to transaction commit during fsync of files with holes Btrfs: fix race between ranged fsync and writeback of adjacent ranges btrfs: sysfs: Fix error path kobject memory leak btrfs: sysfs: don't leak memory when failing add fsid udlfb: fix some inconsistent NULL checking fbdev: fix divide error in fb_var_to_videomode NFSv4.2 fix unnecessary retry in nfs4_copy_file_range NFSv4.1 fix incorrect return value in copy_file_range bpf: add bpf_jit_limit knob to restrict unpriv allocations brcmfmac: assure SSID length from firmware is limited brcmfmac: add subtype check for event handling in data path arm64: errata: Add workaround for Cortex-A76 erratum #1463225 btrfs: honor path->skip_locking in backref code ovl: relax WARN_ON() for overlapping layers use case fbdev: fix WARNING in __alloc_pages_nodemask bug media: cpia2: Fix use-after-free in cpia2_exit media: serial_ir: Fix use-after-free in serial_ir_init_module media: vb2: add waiting_in_dqbuf flag media: vivid: use vfree() instead of kfree() for dev->bitmap_cap ssb: Fix possible NULL pointer dereference in ssb_host_pcmcia_exit bpf: devmap: fix use-after-free Read in __dev_map_entry_free batman-adv: mcast: fix multicast tt/tvlv worker locking at76c50x-usb: Don't register led_trigger if usb_register_driver failed acct_on(): don't mess with freeze protection Revert "btrfs: Honour FITRIM range constraints during free space trim" gfs2: Fix lru_count going negative cxgb4: Fix error path in cxgb4_init_module NFS: make nfs_match_client killable IB/hfi1: Fix WQ_MEM_RECLAIM warning gfs2: Fix occasional glock use-after-free mmc: core: Verify SD bus width tools/bpf: fix perf build error with uClibc (seen on ARC) selftests/bpf: set RLIMIT_MEMLOCK properly for test_libbpf_open.c bpftool: exclude bash-completion/bpftool from .gitignore pattern dmaengine: tegra210-dma: free dma controller in remove() net: ena: gcc 8: fix compilation warning hv_netvsc: fix race that may miss tx queue wakeup Bluetooth: Ignore CC events not matching the last HCI command pinctrl: zte: fix leaked of_node references ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE usb: dwc2: gadget: Increase descriptors count for ISOC's usb: dwc3: move synchronize_irq() out of the spinlock protected block ASoC: hdmi-codec: unlock the device on startup errors powerpc/perf: Return accordingly on invalid chip-id in powerpc/boot: Fix missing check of lseek() return value powerpc/perf: Fix loop exit condition in nest_imc_event_init ASoC: imx: fix fiq dependencies spi: pxa2xx: fix SCR (divisor) calculation brcm80211: potential NULL dereference in brcmf_cfg80211_vndr_cmds_dcmd_handler() ACPI / property: fix handling of data_nodes in acpi_get_next_subnode() drm/nouveau/bar/nv50: ensure BAR is mapped media: stm32-dcmi: return appropriate error codes during probe ARM: vdso: Remove dependency with the arch_timer driver internals arm64: Fix compiler warning from pte_unmap() with -Wunused-but-set-variable powerpc/watchdog: Use hrtimers for per-CPU heartbeat sched/cpufreq: Fix kobject memleak scsi: qla2xxx: Fix a qla24xx_enable_msix() error path scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending() scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() scsi: qla2xxx: Fix hardirq-unsafe locking x86/modules: Avoid breaking W^X while loading modules Btrfs: fix data bytes_may_use underflow with fallocate due to failed quota reserve btrfs: fix panic during relocation after ENOSPC before writeback happens btrfs: Don't panic when we can't find a root key iwlwifi: pcie: don't crash on invalid RX interrupt rtc: 88pm860x: prevent use-after-free on device remove rtc: stm32: manage the get_irq probe defer case scsi: qedi: Abort ep termination if offload not scheduled s390/kexec_file: Fix detection of text segment in ELF loader sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs w1: fix the resume command API s390: qeth: address type mismatch warning dmaengine: pl330: _stop: clear interrupt status mac80211/cfg80211: update bss channel on channel switch libbpf: fix samples/bpf build failure due to undefined UINT32_MAX slimbus: fix a potential NULL pointer dereference in of_qcom_slim_ngd_register ASoC: fsl_sai: Update is_slave_mode with correct value mwifiex: prevent an array overflow rsi: Fix NULL pointer dereference in kmalloc net: cw1200: fix a NULL pointer dereference nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE nvme-rdma: fix a NULL deref when an admin connect times out crypto: sun4i-ss - Fix invalid calculation of hash end bcache: avoid potential memleak of list of journal_replay(s) in the CACHE_SYNC branch of run_cache_set bcache: return error immediately in bch_journal_replay() bcache: fix failure in journal relplay bcache: add failure check to run_cache_set() for journal replay bcache: avoid clang -Wunintialized warning RDMA/cma: Consider scope_id while binding to ipv6 ll address vfio-ccw: Do not call flush_workqueue while holding the spinlock vfio-ccw: Release any channel program when releasing/removing vfio-ccw mdev x86/build: Move _etext to actual end of .text smpboot: Place the __percpu annotation correctly x86/mm: Remove in_nmi() warning from 64-bit implementation of vmalloc_fault() mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on older GCC versions Bluetooth: hci_qca: Give enough time to ROME controller to bootup. HID: logitech-hidpp: use RAP instead of FAP to get the protocol version pinctrl: pistachio: fix leaked of_node references pinctrl: samsung: fix leaked of_node references clk: rockchip: undo several noc and special clocks as critical on rk3288 perf/arm-cci: Remove broken race mitigation dmaengine: at_xdmac: remove BUG_ON macro in tasklet media: coda: clear error return value before picture run media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper media: au0828: stop video streaming only when last user stops media: ov2659: make S_FMT succeed even if requested format doesn't match audit: fix a memory leak bug media: stm32-dcmi: fix crash when subdev do not expose any formats media: au0828: Fix NULL pointer dereference in au0828_analog_stream_enable() media: pvrusb2: Prevent a buffer overflow iio: adc: stm32-dfsdm: fix unmet direct dependencies detected block: fix use-after-free on gendisk powerpc/numa: improve control of topology updates powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX random: fix CRNG initialization when random.trust_cpu=1 random: add a spinlock_t to struct batched_entropy cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock sched/core: Check quota and period overflow at usec to nsec conversion sched/rt: Check integer overflow at usec to nsec conversion sched/core: Handle overflow in cpu_shares_write_u64 staging: vc04_services: handle kzalloc failure drm/msm: a5xx: fix possible object reference leak irq_work: Do not raise an IPI when queueing work on the local CPU thunderbolt: Take domain lock in switch sysfs attribute callbacks s390/qeth: handle error from qeth_update_from_chp_desc() USB: core: Don't unbind interfaces following device reset failure x86/irq/64: Limit IST stack overflow check to #DB stack drm: etnaviv: avoid DMA API warning when importing buffers phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral mode phy: mapphone-mdm6600: add gpiolib dependency i40e: Able to add up to 16 MAC filters on an untrusted VF i40e: don't allow changes to HW VLAN stripping on active port VLANs ACPI/IORT: Reject platform device creation on NUMA node mapping failure arm64: vdso: Fix clock_getres() for CLOCK_REALTIME RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure perf/x86/msr: Add Icelake support perf/x86/intel/rapl: Add Icelake support perf/x86/intel/cstate: Add Icelake support hwmon: (vt1211) Use request_muxed_region for Super-IO accesses hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses hwmon: (smsc47b397) Use request_muxed_region for Super-IO accesses hwmon: (pc87427) Use request_muxed_region for Super-IO accesses hwmon: (f71805f) Use request_muxed_region for Super-IO accesses scsi: libsas: Do discovery on empty PHY to update PHY info mmc: core: make pwrseq_emmc (partially) support sleepy GPIO controllers mmc_spi: add a status check for spi_sync_locked mmc: sdhci-of-esdhc: add erratum eSDHC5 support mmc: sdhci-of-esdhc: add erratum A-009204 support mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support drm/amdgpu: fix old fence check in amdgpu_fence_emit PM / core: Propagate dev->power.wakeup_path when no callbacks clk: rockchip: Fix video codec clocks on rk3288 extcon: arizona: Disable mic detect if running when driver is removed clk: rockchip: Make rkpwm a critical clock on rk3288 s390: zcrypt: initialize variables before_use x86/microcode: Fix the ancient deprecated microcode loading method s390/mm: silence compiler warning when compiling without CONFIG_PGSTE s390: cio: fix cio_irb declaration selftests: cgroup: fix cleanup path in test_memcg_subtree_control() qmi_wwan: Add quirk for Quectel dynamic config cpufreq: ppc_cbe: fix possible object reference leak cpufreq/pasemi: fix possible object reference leak cpufreq: pmac32: fix possible object reference leak cpufreq: kirkwood: fix possible object reference leak block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR x86/build: Keep local relocations with ld.lld drm/pl111: fix possible object reference leak iio: ad_sigma_delta: Properly handle SPI bus locking vs CS assertion iio: hmc5843: fix potential NULL pointer dereferences iio: common: ssp_sensors: Initialize calculated_time in ssp_common_process_data iio: adc: ti-ads7950: Fix improper use of mlock selftests/bpf: ksym_search won't check symbols exists rtlwifi: fix a potential NULL pointer dereference mwifiex: Fix mem leak in mwifiex_tm_cmd brcmfmac: fix missing checks for kmemdup b43: shut up clang -Wuninitialized variable warning brcmfmac: convert dev_init_lock mutex to completion brcmfmac: fix WARNING during USB disconnect in case of unempty psq brcmfmac: fix race during disconnect when USB completion is in progress brcmfmac: fix Oops when bringing up interface during USB disconnect rtc: xgene: fix possible race condition rtlwifi: fix potential NULL pointer dereference scsi: ufs: Fix regulator load and icc-level configuration scsi: ufs: Avoid configuring regulator with undefined voltage range drm/panel: otm8009a: Add delay at the end of initialization arm64: cpu_ops: fix a leaked reference by adding missing of_node_put wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP x86/uaccess, signal: Fix AC=1 bloat x86/ia32: Fix ia32_restore_sigcontext() AC leak x86/uaccess: Fix up the fixup chardev: add additional check for minor range overlap RDMA/hns: Fix bad endianess of port_pd variable sh: sh7786: Add explicit I/O cast to sh7786_mm_sel() HID: core: move Usage Page concatenation to Main item ASoC: eukrea-tlv320: fix a leaked reference by adding missing of_node_put ASoC: fsl_utils: fix a leaked reference by adding missing of_node_put cxgb3/l2t: Fix undefined behaviour HID: logitech-hidpp: change low battery level threshold from 31 to 30 percent spi: tegra114: reset controller on probe kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice. media: video-mux: fix null pointer dereferences media: wl128x: prevent two potential buffer overflows media: gspca: Kill URBs on USB device disconnect efifb: Omit memory map check on legacy boot thunderbolt: property: Fix a missing check of kzalloc thunderbolt: Fix to check the return value of kmemdup timekeeping: Force upper bound for setting CLOCK_REALTIME scsi: qedf: Add missing return in qedf_post_io_req() in the fcport offload check virtio_console: initialize vtermno value for ports tty: ipwireless: fix missing checks for ioremap overflow: Fix -Wtype-limits compilation warnings x86/mce: Fix machine_check_poll() tests for error types rcutorture: Fix cleanup path for invalid torture_type strings x86/mce: Handle varying MCA bank counts rcuperf: Fix cleanup path for invalid perf_type strings usb: core: Add PM runtime calls to usb_hcd_platform_shutdown scsi: qla4xxx: avoid freeing unallocated dma memory scsi: lpfc: avoid uninitialized variable warning selinux: avoid uninitialized variable warning batman-adv: allow updating DAT entry timeouts on incoming ARP Replies dmaengine: tegra210-adma: use devm_clk_*() helpers hwrng: omap - Set default quality thunderbolt: Fix to check return value of ida_simple_get thunderbolt: Fix to check for kmemdup failure drm/amd/display: fix releasing planes when exiting odm thunderbolt: property: Fix a NULL pointer dereference e1000e: Disable runtime PM on CNP+ tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers igb: Exclude device from suspend direct complete optimization media: si2165: fix a missing check of return value media: dvbsky: Avoid leaking dvb frontend media: m88ds3103: serialize reset messages in m88ds3103_set_frontend media: staging: davinci_vpfe: disallow building with COMPILE_TEST drm/amd/display: Fix Divide by 0 in memory calculations drm/amd/display: Set stream->mode_changed when connectors change scsi: ufs: fix a missing check of devm_reset_control_get media: vimc: stream: fix thread state before sleep media: gspca: do not resubmit URBs when streaming has stopped media: go7007: avoid clang frame overflow warning with KASAN media: vimc: zero the media_device on probe scsi: lpfc: Fix FDMI manufacturer attribute value scsi: lpfc: Fix fc4type information for FDMI media: saa7146: avoid high stack usage with clang scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices spi : spi-topcliff-pch: Fix to handle empty DMA buffers drm/omap: dsi: Fix PM for display blank with paired dss_pll calls spi: rspi: Fix sequencer reset during initialization spi: imx: stop buffer overflow in RX FIFO flush spi: Fix zero length xfer bug ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM drm/v3d: Handle errors from IRQ setup. drm/drv: Hold ref on parent device during drm_device lifetime drm: Wake up next in drm_read() chain if we are forced to putback the event drm/sun4i: dsi: Change the start delay calculation vfio-ccw: Prevent quiesce function going into an infinite loop drm/sun4i: dsi: Enforce boundaries on the start delay NFS: Fix a double unlock from nfs_match,get_client Linux 4.19.47 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Rouven Czerwinski
|
b9291078ed |
hwrng: omap - Set default quality
[ Upstream commit 62f95ae805fa9e1e84d47d3219adddd97b2654b7 ] Newer combinations of the glibc, kernel and openssh can result in long initial startup times on OMAP devices: [ 6.671425] systemd-rc-once[102]: Creating ED25519 key; this may take some time ... [ 142.652491] systemd-rc-once[102]: Creating ED25519 key; done. due to the blocking getrandom(2) system call: [ 142.610335] random: crng init done Set the quality level for the omap hwrng driver allowing the kernel to use the hwrng as an entropy source at boot. Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Pankaj Gupta
|
3392cc5f3c |
virtio_console: initialize vtermno value for ports
[ Upstream commit 4b0a2c5ff7215206ea6135a405f17c5f6fca7d00 ] For regular serial ports we do not initialize value of vtermno variable. A garbage value is assigned for non console ports. The value can be observed as a random integer with [1]. [1] vim /sys/kernel/debug/virtio-ports/vport*p* This patch initialize the value of vtermno for console serial ports to '1' and regular serial ports are initiaized to '0'. Reported-by: siliu@redhat.com Signed-off-by: Pankaj Gupta <pagupta@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Sebastian Andrzej Siewior
|
944c585237 |
random: add a spinlock_t to struct batched_entropy
[ Upstream commit b7d5dc21072cda7124d13eae2aefb7343ef94197 ] The per-CPU variable batched_entropy_uXX is protected by get_cpu_var(). This is just a preempt_disable() which ensures that the variable is only from the local CPU. It does not protect against users on the same CPU from another context. It is possible that a preemptible context reads slot 0 and then an interrupt occurs and the same value is read again. The above scenario is confirmed by lockdep if we add a spinlock: | ================================ | WARNING: inconsistent lock state | 5.1.0-rc3+ #42 Not tainted | -------------------------------- | inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. | ksoftirqd/9/56 [HC0[0]:SC1[1]:HE0:SE0] takes: | (____ptrval____) (batched_entropy_u32.lock){+.?.}, at: get_random_u32+0x3e/0xe0 | {SOFTIRQ-ON-W} state was registered at: | _raw_spin_lock+0x2a/0x40 | get_random_u32+0x3e/0xe0 | new_slab+0x15c/0x7b0 | ___slab_alloc+0x492/0x620 | __slab_alloc.isra.73+0x53/0xa0 | kmem_cache_alloc_node+0xaf/0x2a0 | copy_process.part.41+0x1e1/0x2370 | _do_fork+0xdb/0x6d0 | kernel_thread+0x20/0x30 | kthreadd+0x1ba/0x220 | ret_from_fork+0x3a/0x50 … | other info that might help us debug this: | Possible unsafe locking scenario: | | CPU0 | ---- | lock(batched_entropy_u32.lock); | <Interrupt> | lock(batched_entropy_u32.lock); | | *** DEADLOCK *** | | stack backtrace: | Call Trace: … | kmem_cache_alloc_trace+0x20e/0x270 | ipmi_alloc_recv_msg+0x16/0x40 … | __do_softirq+0xec/0x48d | run_ksoftirqd+0x37/0x60 | smpboot_thread_fn+0x191/0x290 | kthread+0xfe/0x130 | ret_from_fork+0x3a/0x50 Add a spinlock_t to the batched_entropy data structure and acquire the lock while accessing it. Acquire the lock with disabled interrupts because this function may be used from interrupt context. Remove the batched_entropy_reset_lock lock. Now that we have a lock for the data scructure, we can access it from a remote CPU. Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Jon DeVree
|
6fa6381a2d |
random: fix CRNG initialization when random.trust_cpu=1
[ Upstream commit fe6f1a6a8eedc1aa538fee0baa612b6a59639cf8 ] When the system boots with random.trust_cpu=1 it doesn't initialize the per-NUMA CRNGs because it skips the rest of the CRNG startup code. This means that the code from |
||
Greg Kroah-Hartman
|
50f91435a2 |
This is the 4.19.45 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzk4CsACgkQONu9yGCS aT5Xaw//UWopx4Yqbiv+4HBgW+2ijP4utxI4lBNYITD44jvkyVJnztUtVkWepu5r Tkl/7zytXOpxbpuhS0xqpWwG7lL5eT4NCG08KSX4lYQVjIWX4YzVkw9gLe9V2AaK IqTzaWtbuagARbnR3UC65TI4kjRGsr9ldY0AbbGGVTM6IwPquHN9Qd9TAzRwRohn CxY94Bwp1RcN2sSPkD3nUCUGOSNh97BXyypeM7FyceOzOpyAdQCXoUPc84cPqdNC 4GBkd5Z1IL/7zX3HDjQeGS0KK6e1enslSmsbSSUVuHI90LCr3CZPJkFF8RFnPnff 2RA7bdhp8C1JPeLDimr+SNSLEl9yywoH6d4UQAnBwoLDjiFCEITVgjDtYzzd81+1 ES6lbUAs8v/LXkaCaExq6pNNd1prg6Mj9Fe6cz+G9V/YV1tLUsoAJHdFucu8Sp7w rwz/PZ6waCf8VRO4aYFF9b+u7PQ/RFZWQYsz22P7PhAYg0CTajV1FWGk1AYi0+wQ 5YCmthbWhDo9U5lAFyQ0pVTXv/UNgEu6MfV1/jKtCk5AzsbE77orj1xusKckHq2e QojgmELmHMlFFajI0h/ddDo7iwz/5OrPVs9D03RysiOciMzdTKPucPyC0Ah4yEBA sJ0cQkaVtqO2Nu3E42lfQTpVIqBgi8NGav+kRwryB1YyKeaXLsM= =HJ7O -----END PGP SIGNATURE----- Merge 4.19.45 into android-4.19 Changes in 4.19.45 locking/rwsem: Prevent decrement of reader count before increment x86/speculation/mds: Revert CPU buffer clear on double fault exit x86/speculation/mds: Improve CPU buffer clear documentation objtool: Fix function fallthrough detection arm64: dts: rockchip: Disable DCMDs on RK3399's eMMC controller. ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260 ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3 mmc: sdhci-of-arasan: Add DTS property to disable DCMDs. ARM: exynos: Fix a leaked reference by adding missing of_node_put power: supply: axp288_charger: Fix unchecked return value power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini PCs to the blacklist arm64: mmap: Ensure file offset is treated as unsigned arm64: arch_timer: Ensure counter register reads occur with seqlock held arm64: compat: Reduce address limit arm64: Clear OSDLR_EL1 on CPU boot arm64: Save and restore OSDLR_EL1 across suspend/resume sched/x86: Save [ER]FLAGS on context switch crypto: crypto4xx - fix ctr-aes missing output IV crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues crypto: salsa20 - don't access already-freed walk.iv crypto: chacha20poly1305 - set cra_name correctly crypto: ccp - Do not free psp_master when PLATFORM_INIT fails crypto: vmx - fix copy-paste error in CTR mode crypto: skcipher - don't WARN on unprocessed data after slow walk step crypto: crct10dif-generic - fix use via crypto_shash_digest() crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest() crypto: arm64/gcm-aes-ce - fix no-NEON fallback code crypto: gcm - fix incompatibility between "gcm" and "gcm_base" crypto: rockchip - update IV buffer to contain the next IV crypto: arm/aes-neonbs - don't access already-freed walk.iv crypto: arm64/aes-neonbs - don't access already-freed walk.iv mmc: core: Fix tag set memory leak ALSA: line6: toneport: Fix broken usage of timer for delayed execution ALSA: usb-audio: Fix a memory leak bug ALSA: hda/hdmi - Read the pin sense from register when repolling ALSA: hda/hdmi - Consider eld_valid when reporting jack event ALSA: hda/realtek - EAPD turn on later ALSA: hdea/realtek - Headset fixup for System76 Gazelle (gaze14) ASoC: max98090: Fix restore of DAPM Muxes ASoC: RT5677-SPI: Disable 16Bit SPI Transfers ASoC: fsl_esai: Fix missing break in switch statement ASoC: codec: hdac_hdmi add device_link to card device bpf, arm64: remove prefetch insn in xadd mapping crypto: ccree - remove special handling of chained sg crypto: ccree - fix mem leak on error path crypto: ccree - don't map MAC key on stack crypto: ccree - use correct internal state sizes for export crypto: ccree - don't map AEAD key and IV on stack crypto: ccree - pm resume first enable the source clk crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access during suspend crypto: ccree - add function to handle cryptocell tee fips error crypto: ccree - handle tee fips error during power management resume mm/mincore.c: make mincore() more conservative mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle unaligned addresses mm/hugetlb.c: don't put_page in lock of hugetlb_lock hugetlb: use same fault hash key for shared and private mappings ocfs2: fix ocfs2 read inode data panic in ocfs2_iget userfaultfd: use RCU to free the task struct when fork fails ACPI: PM: Set enable_for_wake for wakeup GPEs during suspend-to-idle mfd: da9063: Fix OTP control register names to match datasheets for DA9063/63L mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary on read/write tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if blankinterval == 0 tty/vt: fix write/write race in ioctl(KDSKBSENT) handler jbd2: check superblock mapped prior to committing ext4: make sanity check in mballoc more strict ext4: ignore e_value_offs for xattrs with value-in-ea-inode ext4: avoid drop reference to iloc.bh twice ext4: fix use-after-free race with debug_want_extra_isize ext4: actually request zeroing of inode table after grow ext4: fix ext4_show_options for file systems w/o journal btrfs: Check the first key and level for cached extent buffer btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages fails btrfs: Honour FITRIM range constraints during free space trim Btrfs: send, flush dellaloc in order to avoid data loss Btrfs: do not start a transaction during fiemap Btrfs: do not start a transaction at iterate_extent_inodes() bcache: fix a race between cache register and cacheset unregister bcache: never set KEY_PTRS of journal key to 0 in journal_reclaim() ipmi:ssif: compare block number correctly for multi-part return messages crypto: ccm - fix incompatibility between "ccm" and "ccm_base" fs/writeback.c: use rcu_barrier() to wait for inflight wb switches going into workqueue when umount tty: Don't force RISCV SBI console as preferred console ext4: zero out the unused memory region in the extent tree block ext4: fix data corruption caused by overlapping unaligned and aligned IO ext4: fix use-after-free in dx_release() ext4: avoid panic during forced reboot due to aborted journal ALSA: hda/realtek - Corrected fixup for System76 Gazelle (gaze14) ALSA: hda/realtek - Fixup headphone noise via runtime suspend ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal microphone bug jbd2: fix potential double free KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated writes KVM: lapic: Busy wait for timer to expire when using hv_timer kbuild: turn auto.conf.cmd into a mandatory include file xen/pvh: set xen_domain_type to HVM in xen_pvh_init libnvdimm/namespace: Fix label tracking error iov_iter: optimize page_copy_sane() pstore: Centralize init/exit routines pstore: Allocate compression during late_initcall() pstore: Refactor compression initialization ext4: fix compile error when using BUFFER_TRACE ext4: don't update s_rev_level if not required Linux 4.19.45 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Kamlakant Patel
|
f6de0a3b1e |
ipmi:ssif: compare block number correctly for multi-part return messages
commit 55be8658c7e2feb11a5b5b33ee031791dbd23a69 upstream. According to ipmi spec, block number is a number that is incremented, starting with 0, for each new block of message data returned using the middle transaction. Here, the 'blocknum' is data[0] which always starts from zero(0) and 'ssif_info->multi_pos' starts from 1. So, we need to add +1 to blocknum while comparing with multi_pos. Fixes: 7d6380cd40f79 ("ipmi:ssif: Fix handling of multi-part return messages"). Reported-by: Kiran Kolukuluru <kirank@ami.com> Signed-off-by: Kamlakant Patel <kamlakantp@marvell.com> Message-Id: <1556106615-18722-1-git-send-email-kamlakantp@marvell.com> [Also added a debug log if the block numbers don't match.] Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: stable@vger.kernel.org # 4.4 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
0b63cd6d63 |
This is the 4.19.44 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzdoMwACgkQONu9yGCS aT5H9RAAkvsM0ryV/0BLcS7bAc2qXHz3shwcqMRHeqLSHCI728Ew3vbrenquQ9ou I1I2gXVjVr3fT5IrNeEKC/RJg5EvUBD25dm3Iei9cTf8kqnnFaEqQFe+jIvVOMfR zr//hEG3lOO5tLtyK1pnZxrW1uKl7B+1O64bVMpHSola+5teV51r/PxqYM5lNKYm A0YhhcrTZ4f1ZY1nctgb3g5XousPHJAMhe8ACv6zO7I+eWwn410nUeAJL7WK8SvL UqW0xgLAkKsYrriaDCPC9VeOVMUetCHeT9KbYQ8W9p+kb5bMQua4d/YJtCxulnqH TAQosuCVSVoq+jQIZS+El4+teCQW/aAkHFGo+08e9ti+trEliz2u2PxiloZoGlxl M4iIPwjkp7YJ9WHoVdNjObPiv5vt+2pWDEPhB7p++nsk5/2ArbShqWVDREj09SRp RpOJ7UGl+Nckk8IppfQgRUOlVyMW6a+Fw7GX7dxnyh9U1g48w5ebNTVeUvKxQVCJ a99U9qqGRgmEsgicnOXs4tRMYuU0gn3j0Qjhd9G2xYijh8ElMLgTJyv+2JiUIavC nXmSVW3G54dR7N94aDfWm/z85w/uFmTmT4BiqNuc4/gHVyyk12Q9RbsV4T617xls wiCkGoLKlpi9cp6abxB9H+oav9PdZd9ztwZMSB35k1AIgh6oeo0= =v14F -----END PGP SIGNATURE----- Merge 4.19.44 into android-4.19 Changes in 4.19.44 bfq: update internal depth state when queue depth changes platform/x86: sony-laptop: Fix unintentional fall-through platform/x86: thinkpad_acpi: Disable Bluetooth for some machines platform/x86: dell-laptop: fix rfkill functionality hwmon: (pwm-fan) Disable PWM if fetching cooling data fails kernfs: fix barrier usage in __kernfs_new_node() virt: vbox: Sanity-check parameter types for hgcm-calls coming from userspace USB: serial: fix unthrottle races iio: adc: xilinx: fix potential use-after-free on remove iio: adc: xilinx: fix potential use-after-free on probe iio: adc: xilinx: prevent touching unclocked h/w on remove acpi/nfit: Always dump _DSM output payload libnvdimm/namespace: Fix a potential NULL pointer dereference HID: input: add mapping for Expose/Overview key HID: input: add mapping for keyboard Brightness Up/Down/Toggle keys HID: input: add mapping for "Toggle Display" key libnvdimm/btt: Fix a kmemdup failure check s390/dasd: Fix capacity calculation for large volumes mac80211: fix unaligned access in mesh table hash function mac80211: Increase MAX_MSG_LEN cfg80211: Handle WMM rules in regulatory domain intersection mac80211: fix memory accounting with A-MSDU aggregation nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands libnvdimm/pmem: fix a possible OOB access when read and write pmem s390/3270: fix lockdep false positive on view->lock drm/amd/display: extending AUX SW Timeout clocksource/drivers/npcm: select TIMER_OF clocksource/drivers/oxnas: Fix OX820 compatible selftests: fib_tests: Fix 'Command line is not complete' errors mISDN: Check address length before reading address family vxge: fix return of a free'd memblock on a failed dma mapping qede: fix write to free'd pointer error and double free of ptp afs: Unlock pages for __pagevec_release() drm/amd/display: If one stream full updates, full update all planes s390/pkey: add one more argument space for debug feature entry x86/build/lto: Fix truncated .bss with -fdata-sections x86/reboot, efi: Use EFI reboot for Acer TravelMate X514-51T KVM: fix spectrev1 gadgets KVM: x86: avoid misreporting level-triggered irqs as edge-triggered in tracing tools lib traceevent: Fix missing equality check for strcmp ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash ocelot: Don't sleep in atomic context (irqs_disabled()) scsi: aic7xxx: fix EISA support mm: fix inactive list balancing between NUMA nodes and cgroups init: initialize jump labels before command line option parsing selftests: netfilter: check icmp pkttoobig errors are set as related ipvs: do not schedule icmp errors from tunnels netfilter: ctnetlink: don't use conntrack/expect object addresses as id netfilter: nf_tables: prevent shift wrap in nft_chain_parse_hook() MIPS: perf: ath79: Fix perfcount IRQ assignment s390: ctcm: fix ctcm_new_device error return code drm/sun4i: Set device driver data at bind time for use in unbind drm/sun4i: Fix component unbinding and component master deletion selftests/net: correct the return value for run_netsocktests netfilter: fix nf_l4proto_log_invalid to log invalid packets gpu: ipu-v3: dp: fix CSC handling drm/imx: don't skip DP channel disable for background plane ARM: 8856/1: NOMMU: Fix CCR register faulty initialization when MPU is disabled spi: Micrel eth switch: declare missing of table spi: ST ST95HF NFC: declare missing of table drm/sun4i: Unbind components before releasing DRM and memory Input: synaptics-rmi4 - fix possible double free RDMA/hns: Bugfix for mapping user db mm/memory_hotplug.c: drop memory device reference after find_memory_block() powerpc/smp: Fix NMI IPI timeout powerpc/smp: Fix NMI IPI xmon timeout net: dsa: mv88e6xxx: fix few issues in mv88e6390x_port_set_cmode mm/memory.c: fix modifying of page protection by insert_pfn() usb: typec: Fix unchecked return value netfilter: nf_tables: use-after-free in dynamic operations netfilter: nf_tables: add missing ->release_ops() in error path of newrule() net: fec: manage ahb clock in runtime pm mlxsw: spectrum_switchdev: Add MDB entries in prepare phase mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered workqueue mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue net/tls: fix the IV leaks net: strparser: partially revert "strparser: Call skb_unclone conditionally" NFC: nci: Add some bounds checking in nci_hci_cmd_received() nfc: nci: Potential off by one in ->pipes[] array x86/kprobes: Avoid kretprobe recursion bug cw1200: fix missing unlock on error in cw1200_hw_scan() mwl8k: Fix rate_idx underflow rtlwifi: rtl8723ae: Fix missing break in switch statement Don't jump to compute_result state from check_result state um: Don't hardcode path as it is architecture dependent powerpc/64s: Include cpu header bonding: fix arp_validate toggling in active-backup mode bridge: Fix error path for kobject_init_and_add() dpaa_eth: fix SG frame cleanup fib_rules: return 0 directly if an exactly same rule exists when NLM_F_EXCL not supplied ipv4: Fix raw socket lookup for local traffic net: dsa: Fix error cleanup path in dsa_init_module net: ethernet: stmmac: dwmac-sun8i: enable support of unicast filtering net: macb: Change interrupt and napi enable order in open net: seeq: fix crash caused by not set dev.parent net: ucc_geth - fix Oops when changing number of buffers in the ring packet: Fix error path in packet_init selinux: do not report error on connect(AF_UNSPEC) vlan: disable SIOCSHWTSTAMP in container vrf: sit mtu should not be updated when vrf netdev is the link tuntap: fix dividing by zero in ebpf queue selection tuntap: synchronize through tfiles array instead of tun->numqueues isdn: bas_gigaset: use usb_fill_int_urb() properly tipc: fix hanging clients using poll with EPOLLOUT flag drivers/virt/fsl_hypervisor.c: dereferencing error pointers in ioctl drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl powerpc/book3s/64: check for NULL pointer in pgd_alloc() powerpc/powernv/idle: Restore IAMR after idle powerpc/booke64: set RI in default MSR PCI: hv: Fix a memory leak in hv_eject_device_work() PCI: hv: Add hv_pci_remove_slots() when we unload the driver PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(), if necessary Linux 4.19.44 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Tony Camuso
|
9e4fd5e0b8 |
ipmi: ipmi_si_hardcode.c: init si_type array to fix a crash
[ Upstream commit a885bcfd152f97b25005298ab2d6b741aed9b49c ] The intended behavior of function ipmi_hardcode_init_one() is to default to kcs interface when no type argument is presented when initializing ipmi with hard coded addresses. However, the array of char pointers allocated on the stack by function ipmi_hardcode_init() was not inited to zeroes, so it contained stack debris. Consequently, passing the cruft stored in this array to function ipmi_hardcode_init_one() caused a crash when it was unable to detect that the char * being passed was nonsense and tried to access the address specified by the bogus pointer. The fix is simply to initialize the si_type array to zeroes, so if there were no type argument given to at the command line, function ipmi_hardcode_init_one() could properly default to the kcs interface. Signed-off-by: Tony Camuso <tcamuso@redhat.com> Message-Id: <1554837603-40299-1-git-send-email-tcamuso@redhat.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
Greg Kroah-Hartman
|
9bf5904866 |
This is the 4.19.37 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlzEBokACgkQONu9yGCS aT7G7w/8C93URGM67H7ynkCHTo8y3hkRE2rUJPckJNdS+IJKuecmOphak4tF0h07 qPWDPya70Q1S0cNu661TuVAGrhmE5jBx8/xfZaAOeaaU0xtZive+TfSHdAQQaHct tDk32O85N1aZ49rDEz9ibr7CGLVFDZtyhxV5gFMYQpjbqA7MzJC61zQg1jHyPSCz sKjQzW+uXMuSLru8jXHMvp41K5sFFp5gYdQbAVKlWtt79qPxWdxZPJbLbM0LBbtz XHt9E45Ink3ALF9P6tZ4e6gi4zzlNbh9yR92+X5NK5/8AP57yWba4W9JHWIfMBpC yyDYTOEAzdxqa2Jrgwr4WTdKH6U7FbQZFmWfTBB4VotbHLBWkVXj0OnF10qxP9eQ p5wGDTJAlWezhX1BTCfYroglDsvqhj+gHfwHzDRF1Del1dRgydRMQc0qLD1d9tul ovzwOkx1xyJrM2wq05I5gc0FoVyOL6/KCwqMrpVfKa3WKY7Uttjgf56bMqdIIkns i/6opzF+wtvwlLlCoXgYPXdm6kbWdgvS+skVHfWcHmZFMuGrFGGzJNwzXb7qnVjK T0hD1OestsfTyD/amnDNYkNeCkoOZqtHAi+xYOQR4kGY5cxP1lQJf85MgAy6RZSY h+rjys76Qf6+hTCtrowLr8SgksX4ACWxm+UarfAiiNnnDXwGfu8= =SrFV -----END PGP SIGNATURE----- Merge 4.19.37 into android-4.19 Changes in 4.19.37 bonding: fix event handling for stacked bonds failover: allow name change on IFF_UP slave interfaces net: atm: Fix potential Spectre v1 vulnerabilities net: bridge: fix per-port af_packet sockets net: bridge: multicast: use rcu to access port list from br_multicast_start_querier net: Fix missing meta data in skb with vlan packet net: fou: do not use guehdr after iptunnel_pull_offloads in gue_udp_recv tcp: tcp_grow_window() needs to respect tcp_space() team: set slave to promisc if team is already in promisc mode tipc: missing entries in name table of publications vhost: reject zero size iova range ipv4: recompile ip options in ipv4_link_failure ipv4: ensure rcu_read_lock() in ipv4_link_failure() net: thunderx: raise XDP MTU to 1508 net: thunderx: don't allow jumbo frames with XDP net/mlx5: FPGA, tls, hold rcu read lock a bit longer net/tls: prevent bad memory access in tls_is_sk_tx_device_offloaded() net/mlx5: FPGA, tls, idr remove on flow delete route: Avoid crash from dereferencing NULL rt->from sch_cake: Use tc_skb_protocol() helper for getting packet protocol sch_cake: Make sure we can write the IP header before changing DSCP bits nfp: flower: replace CFI with vlan present nfp: flower: remove vlan CFI bit from push vlan action sch_cake: Simplify logic in cake_select_tin() net: IP defrag: encapsulate rbtree defrag code into callable functions net: IP6 defrag: use rbtrees for IPv6 defrag net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c CIFS: keep FileInfo handle live during oplock break cifs: Fix use-after-free in SMB2_write cifs: Fix use-after-free in SMB2_read cifs: fix handle leak in smb2_query_symlink() KVM: x86: Don't clear EFER during SMM transitions for 32-bit vCPU KVM: x86: svm: make sure NMI is injected after nmi_singlestep Staging: iio: meter: fixed typo staging: iio: ad7192: Fix ad7193 channel address iio: gyro: mpu3050: fix chip ID reading iio/gyro/bmg160: Use millidegrees for temperature scale iio:chemical:bme680: Fix, report temperature in millidegrees iio:chemical:bme680: Fix SPI read interface iio: cros_ec: Fix the maths for gyro scale calculation iio: ad_sigma_delta: select channel when reading register iio: dac: mcp4725: add missing powerdown bits in store eeprom iio: Fix scan mask selection iio: adc: at91: disable adc channel interrupt in timeout case iio: core: fix a possible circular locking dependency io: accel: kxcjk1013: restore the range after resume. staging: most: core: use device description as name staging: comedi: vmk80xx: Fix use of uninitialized semaphore staging: comedi: vmk80xx: Fix possible double-free of ->usb_rx_buf staging: comedi: ni_usb6501: Fix use of uninitialized mutex staging: comedi: ni_usb6501: Fix possible double-free of ->usb_rx_buf ALSA: hda/realtek - add two more pin configuration sets to quirk table ALSA: core: Fix card races between register and disconnect Input: elan_i2c - add hardware ID for multiple Lenovo laptops serial: sh-sci: Fix HSCIF RX sampling point adjustment serial: sh-sci: Fix HSCIF RX sampling point calculation vt: fix cursor when clearing the screen scsi: core: set result when the command cannot be dispatched Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving a LOGO" Revert "svm: Fix AVIC incomplete IPI emulation" coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier crypto: x86/poly1305 - fix overflow during partial reduction drm/ttm: fix out-of-bounds read in ttm_put_pages() v2 arm64: futex: Restore oldval initialization to work around buggy compilers x86/kprobes: Verify stack frame on kretprobe kprobes: Mark ftrace mcount handler functions nokprobe kprobes: Fix error check when reusing optimized probes rt2x00: do not increment sequence number while re-transmitting mac80211: do not call driver wake_tx_queue op during reconfig drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming perf/x86/amd: Add event map for AMD Family 17h x86/cpu/bugs: Use __initconst for 'const' init data perf/x86: Fix incorrect PEBS_REGS x86/speculation: Prevent deadlock on ssb_state::lock timers/sched_clock: Prevent generic sched_clock wrap caused by tick_freeze() nfit/ars: Remove ars_start_flags nfit/ars: Introduce scrub_flags nfit/ars: Allow root to busy-poll the ARS state machine nfit/ars: Avoid stale ARS results mmc: sdhci: Fix data command CRC error handling mmc: sdhci: Rename SDHCI_ACMD12_ERR and SDHCI_INT_ACMD12ERR mmc: sdhci: Handle auto-command errors modpost: file2alias: go back to simple devtable lookup modpost: file2alias: check prototype of handler tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete tpm: Fix the type of the return value in calc_tpm2_event_size() Revert "kbuild: use -Oz instead of -Os when using clang" sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup device_cgroup: fix RCU imbalance in error case mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y CONFIG_SMP=n ALSA: info: Fix racy addition/deletion of nodes percpu: stop printing kernel addresses tools include: Adopt linux/bits.h ASoC: rockchip: add missing INTERLEAVED PCM attribute i2c-hid: properly terminate i2c_hid_dmi_desc_override_table[] array Revert "locking/lockdep: Add debug_locks check in __lock_downgrade()" kernel/sysctl.c: fix out-of-bounds access when setting file-max Linux 4.19.37 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Yue Haibing
|
1c36862e8b |
tpm: Fix the type of the return value in calc_tpm2_event_size()
commit b9d0a85d6b2e76630cfd4c475ee3af4109bfd87a upstream
calc_tpm2_event_size() has an invalid signature because
it returns a 'size_t' where as its signature says that
it returns 'int'.
Cc: <stable@vger.kernel.org>
Fixes:
|
||
Jarkko Sakkinen
|
18af9b7b91 |
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
[ Upstream commit 442601e87a4769a8daba4976ec3afa5222ca211d ]
Return -E2BIG when the transfer is incomplete. The upper layer does
not retry, so not doing that is incorrect behaviour.
Cc: stable@vger.kernel.org
Fixes:
|
||
Corey Minyard
|
dacdbc115d |
ipmi: fix sleep-in-atomic in free_user at cleanup SRCU user->release_barrier
commit 3b9a907223d7f6b9d1dadea29436842ae9bcd76d upstream. free_user() could be called in atomic context. This patch pushed the free operation off into a workqueue. Example: BUG: sleeping function called from invalid context at kernel/workqueue.c:2856 in_atomic(): 1, irqs_disabled(): 0, pid: 177, name: ksoftirqd/27 CPU: 27 PID: 177 Comm: ksoftirqd/27 Not tainted 4.19.25-3 #1 Hardware name: AIC 1S-HV26-08/MB-DPSB04-06, BIOS IVYBV060 10/21/2015 Call Trace: dump_stack+0x5c/0x7b ___might_sleep+0xec/0x110 __flush_work+0x48/0x1f0 ? try_to_del_timer_sync+0x4d/0x80 _cleanup_srcu_struct+0x104/0x140 free_user+0x18/0x30 [ipmi_msghandler] ipmi_free_recv_msg+0x3a/0x50 [ipmi_msghandler] deliver_response+0xbd/0xd0 [ipmi_msghandler] deliver_local_response+0xe/0x30 [ipmi_msghandler] handle_one_recv_msg+0x163/0xc80 [ipmi_msghandler] ? dequeue_entity+0xa0/0x960 handle_new_recv_msgs+0x15c/0x1f0 [ipmi_msghandler] tasklet_action_common.isra.22+0x103/0x120 __do_softirq+0xf8/0x2d7 run_ksoftirqd+0x26/0x50 smpboot_thread_fn+0x11d/0x1e0 kthread+0x103/0x140 ? sort_range+0x20/0x20 ? kthread_destroy_worker+0x40/0x40 ret_from_fork+0x1f/0x40 Fixes: 77f8269606bf ("ipmi: fix use-after-free of user->release_barrier.rda") Reported-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: stable@vger.kernel.org # 5.0 Cc: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
3e166630b0 |
This is the 4.19.35 stable release
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAly2yf8ACgkQONu9yGCS
aT5OkA/+Jf3UWnM8MdPoxVUROYg6WRSMThvuKkcspkvXxXqu7Z9a/+meqdIZ0NDr
j+RdhCfZf7RRNpTpYB9jMqXXuRFhVWniAVM3/me2LxFvwyKkNqURyIz9azh7T0VW
nDa2NDQ9C0IyLFLW4cyzZncrmWntgW5XKZfVot1TMNpryHB4FPsKP5rInDQpSNIu
bbJBWuZziUqdEnk3TWuqdQr4ZTXgnjYSBaTbOQBU3F6E88TRmFIatyYovLcJCQh5
jBmXV3U6mGPZe64I+JXj8dTp32WD74afMX1YSZmjdLL6KgbD9a4k47UzpXzEbKT8
uMG057zPiYcwOyMCFZOWsCYIH7Yr4oMIAzOEyYcDI1uCuKd4aESdpgiWfUWambR8
BJO5oGELzLArMVWusWK7xBfm+Et2ePOFWC7V9MRVVQJLdAWkEafYuLoPqrhhqxQX
Iu3ThoY3UmEoNqi1345gmxQBJfbOqdK7CwQGzKOtiPNs0nyMfg62B9Rcr9O+FE5A
+womRQF2Tik1cZhXxkJVSD4f+orL+xuOu59ufvMTBe4co9tPVFm9Qp6SeWoOVuwZ
l8SS7DD5wb7vzDUZOO4KmA7D6p3YQWdBvGeN6jKqjASIFS9t5Sb+fNiKznTo/WCT
1I68sLm7/rs95+WazKu66ewW8bh91VAo+Gmpfo5zEJjcfajnDxY=
=F1Te
-----END PGP SIGNATURE-----
Merge 4.19.35 into android-4.19
Changes in 4.19.35
kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT
drm/i915/gvt: do not let pin count of shadow mm go negative
powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM
hv_netvsc: Fix unwanted wakeup after tx_disable
ibmvnic: Fix completion structure initialization
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
ipv6: Fix dangling pointer when ipv6 fragment
ipv6: sit: reset ip header pointer in ipip6_rcv
kcm: switch order of device registration to fix a crash
net: ethtool: not call vzalloc for zero sized memory request
net-gro: Fix GRO flush when receiving a GSO packet.
net/mlx5: Decrease default mr cache size
netns: provide pure entropy for net_hash_mix()
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
net/sched: act_sample: fix divide by zero in the traffic path
net/sched: fix ->get helper of the matchall cls
openvswitch: fix flow actions reallocation
qmi_wwan: add Olicard 600
r8169: disable ASPM again
sctp: initialize _pad of sockaddr_in before copying to user memory
tcp: Ensure DCTCP reacts to losses
tcp: fix a potential NULL pointer dereference in tcp_sk_exit
vrf: check accept_source_route on the original netdevice
net/mlx5e: Fix error handling when refreshing TIRs
net/mlx5e: Add a lock on tir list
nfp: validate the return code from dev_queue_xmit()
nfp: disable netpoll on representors
bnxt_en: Improve RX consumer index validity check.
bnxt_en: Reset device on RX buffer errors.
net: ip_gre: fix possible use-after-free in erspan_rcv
net: ip6_gre: fix possible use-after-free in ip6erspan_rcv
net: core: netif_receive_skb_list: unlist skb before passing to pt->func
r8169: disable default rx interrupt coalescing on RTL8168
net: mlx5: Add a missing check on idr_find, free buf
net/mlx5e: Update xoff formula
net/mlx5e: Update xon formula
kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used
kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD
x86/vdso: Drop implicit common-page-size linker flag
lib/string.c: implement a basic bcmp
Revert "clk: meson: clean-up clock registration"
netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr
netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too
arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region
tty: mark Siemens R3964 line discipline as BROKEN
tty: ldisc: add sysctl to prevent autoloading of ldiscs
hwmon: (w83773g) Select REGMAP_I2C to fix build error
ACPICA: Clear status of GPEs before enabling them
ACPICA: Namespace: remove address node from global list after method termination
ALSA: seq: Fix OOB-reads from strlcpy
ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233
ALSA: hda/realtek - Add quirk for Tuxedo XC 1509
ALSA: hda - Add two more machines to the power_save_blacklist
mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd()
arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
parisc: Detect QEMU earlier in boot process
parisc: regs_return_value() should return gpr28
parisc: also set iaoq_b in instruction_pointer_set()
alarmtimer: Return correct remaining time
drm/i915/gvt: do not deliver a workload if its creation fails
drm/udl: add a release method and delay modeset teardown
kvm: svm: fix potential get_num_contig_pages overflow
include/linux/bitrev.h: fix constant bitrev
mm: writeback: use exact memcg dirty counts
ASoC: intel: Fix crash at suspend/resume after failed codec registration
ASoC: fsl_esai: fix channel swap issue when stream starts
Btrfs: do not allow trimming when a fs is mounted with the nologreplay option
btrfs: prop: fix zstd compression parameter validation
btrfs: prop: fix vanished compression property after failed set
riscv: Fix syscall_get_arguments() and syscall_set_arguments()
block: do not leak memory in bio_copy_user_iov()
block: fix the return errno for direct IO
genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent()
genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
virtio: Honour 'may_reduce_num' in vring_create_virtqueue
ARM: dts: rockchip: fix rk3288 cpu opp node reference
ARM: dts: am335x-evmsk: Correct the regulators for the audio codec
ARM: dts: am335x-evm: Correct the regulators for the audio codec
ARM: dts: at91: Fix typo in ISC_D0 on PC9
arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value
arm64: dts: rockchip: fix rk3328 rgmii high tx error rate
arm64: backtrace: Don't bother trying to unwind the userspace stack
xen: Prevent buffer overflow in privcmd ioctl
sched/fair: Do not re-read ->h_load_next during hierarchical load calculation
xtensa: fix return_address
x86/asm: Remove dead __GNUC__ conditionals
x86/asm: Use stricter assembly constraints in bitops
x86/perf/amd: Resolve race condition when disabling PMC
x86/perf/amd: Resolve NMI latency issues for active PMCs
x86/perf/amd: Remove need to check "running" bit in NMI handler
PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller
PCI: pciehp: Ignore Link State Changes after powering off a slot
dm integrity: change memcmp to strncmp in dm_integrity_ctr
dm: revert
|
||
Greg Kroah-Hartman
|
894dc84958 |
tty: mark Siemens R3964 line discipline as BROKEN
commit c7084edc3f6d67750f50d4183134c4fb5712a5c8 upstream. The n_r3964 line discipline driver was written in a different time, when SMP machines were rare, and users were trusted to do the right thing. Since then, the world has moved on but not this code, it has stayed rooted in the past with its lovely hand-crafted list structures and loads of "interesting" race conditions all over the place. After attempting to clean up most of the issues, I just gave up and am now marking the driver as BROKEN so that hopefully someone who has this hardware will show up out of the woodwork (I know you are out there!) and will help with debugging a raft of changes that I had laying around for the code, but was too afraid to commit as odds are they would break things. Many thanks to Jann and Linus for pointing out the initial problems in this codebase, as well as many reviews of my attempts to fix the issues. It was a case of whack-a-mole, and as you can see, the mole won. Reported-by: Jann Horn <jannh@google.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
||
Greg Kroah-Hartman
|
d885da678e |
This is the 4.19.34 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlynu40ACgkQONu9yGCS aT5X6g//Wkfm/+qSZ0GhLDQkPniiH1QkvzhOmVrrxu+KB0qsiwsEl8Srw33ZVkJK LT8+IPGiG9jEGu9dj+BYXTIfy9ZvfSsEL2N6GhYwDSXP0fok2rUaHbZvv1IB2g4W afhGdNwNAUCJ/j1UrUsi+SAFJ+xWbVxFpGstd0cqM9IbKdEV7RIukvuKckHiKOKR qI8FxC+G2PAr+BtnETfk5/suPDJ7B3ZicDoMhiWJGxJ6dfFTVmkSmasSoPDaMiHm 4S3hN2lu+WTeRpRPPB17Dlk4MmIp0k+bGYBKAlaxAMCc/RZxvbT2pRYaMQbId2/L mNUfSnOQFGEAhlAPfb7wdbObphnyT34GhlkWfZBTrnhPO0/FomLOvU6xVdcNuakX Tv2JKfDzb+2ttcMZ+0T84Ru9RztoswFATSw8uFMVxW8oTS6MVWnHu96Kxfl7QO3J PdlIGcyqxSuWNE8OX1QVtdSruGZfwUDNs94S4nQJtkB8BViRwhGJlqaXuy4d9Wp6 fGlI2W6qhjyosi2wBSMTjh/ytk/jq0vfs+z2XjR2gAYssvB/SOLR/AlSVguWsDnf WaoFBkXvCbuPvPlo0TrLpl5RW5WlOtLXHE3Vr3dKp458wLwpf/OZBGoZiknp7DrF PzBZs2ie5tmyqTxbAygl7WkbQPJ682pd5R4nf5CY+zvUaOMZv1g= =Iuup -----END PGP SIGNATURE----- Merge 4.19.34 into android-4.19 Changes in 4.19.34 arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug signals ext4: cleanup bh release code in ext4_ind_remove_space() tty/serial: atmel: Add is_half_duplex helper tty/serial: atmel: RS485 HD w/DMA: enable RX after TX is stopped CIFS: fix POSIX lock leak and invalid ptr deref h8300: use cc-cross-prefix instead of hardcoding h8300-unknown-linux- f2fs: fix to adapt small inline xattr space in __find_inline_xattr() f2fs: fix to avoid deadlock in f2fs_read_inline_dir() tracing: kdb: Fix ftdump to not sleep net/mlx5: Avoid panic when setting vport rate net/mlx5: Avoid panic when setting vport mac, getting vport config gpio: gpio-omap: fix level interrupt idling include/linux/relay.h: fix percpu annotation in struct rchan sysctl: handle overflow for file-max net: stmmac: Avoid sometimes uninitialized Clang warnings enic: fix build warning without CONFIG_CPUMASK_OFFSTACK libbpf: force fixdep compilation at the start of the build scsi: hisi_sas: Set PHY linkrate when disconnected scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver x86/hyperv: Fix kernel panic when kexec on HyperV perf c2c: Fix c2c report for empty numa node mm/sparse: fix a bad comparison mm/cma.c: cma_declare_contiguous: correct err handling mm/page_ext.c: fix an imbalance with kmemleak mm, swap: bounds check swap_info array accesses to avoid NULL derefs mm,oom: don't kill global init via memory.oom.group memcg: killed threads should not invoke memcg OOM killer mm, mempolicy: fix uninit memory access mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! mm/slab.c: kmemleak no scan alien caches ocfs2: fix a panic problem caused by o2cb_ctl f2fs: do not use mutex lock in atomic context fs/file.c: initialize init_files.resize_wait page_poison: play nicely with KASAN cifs: use correct format characters dm thin: add sanity checks to thin-pool and external snapshot creation f2fs: fix to check inline_xattr_size boundary correctly cifs: Accept validate negotiate if server return NT_STATUS_NOT_SUPPORTED cifs: Fix NULL pointer dereference of devname netfilter: nf_tables: check the result of dereferencing base_chain->stats netfilter: conntrack: tcp: only close if RST matches exact sequence jbd2: fix invalid descriptor block checksum fs: fix guard_bio_eod to check for real EOD errors tools lib traceevent: Fix buffer overflow in arg_eval PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() wil6210: check null pointer in _wil_cfg80211_merge_extra_ies mt76: fix a leaked reference by adding a missing of_node_put crypto: crypto4xx - add missing of_node_put after of_device_is_available crypto: cavium/zip - fix collision with generic cra_driver_name usb: chipidea: Grab the (legacy) USB PHY by phandle first powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c kbuild: invoke syncconfig if include/config/auto.conf.cmd is missing powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc coresight: etm4x: Add support to enable ETMv4.2 serial: 8250_pxa: honor the port number from devicetree ARM: 8840/1: use a raw_spinlock_t in unwind iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables powerpc/hugetlb: Handle mmap_min_addr correctly in get_unmapped_area callback btrfs: qgroup: Make qgroup async transaction commit more aggressive mmc: omap: fix the maximum timeout setting net: dsa: mv88e6xxx: Add lockdep classes to fix false positive splat e1000e: Fix -Wformat-truncation warnings mlxsw: spectrum: Avoid -Wformat-truncation warnings platform/x86: ideapad-laptop: Fix no_hw_rfkill_list for Lenovo RESCUER R720-15IKBN platform/mellanox: mlxreg-hotplug: Fix KASAN warning loop: set GENHD_FL_NO_PART_SCAN after blkdev_reread_part() IB/mlx4: Increase the timeout for CM cache clk: fractional-divider: check parent rate only if flag is set perf annotate: Fix getting source line failure ASoC: qcom: Fix of-node refcount unbalance in qcom_snd_parse_of() cpufreq: acpi-cpufreq: Report if CPU doesn't support boost technologies efi: cper: Fix possible out-of-bounds access s390/ism: ignore some errors during deregistration scsi: megaraid_sas: return error when create DMA pool failed scsi: fcoe: make use of fip_mode enum complete drm/amd/display: Clear stream->mode_changed after commit perf test: Fix failure of 'evsel-tp-sched' test on s390 mwifiex: don't advertise IBSS features without FW support perf report: Don't shadow inlined symbol with different addr range SoC: imx-sgtl5000: add missing put_device() media: ov7740: fix runtime pm initialization media: sh_veu: Correct return type for mem2mem buffer helpers media: s5p-jpeg: Correct return type for mem2mem buffer helpers media: rockchip/rga: Correct return type for mem2mem buffer helpers media: s5p-g2d: Correct return type for mem2mem buffer helpers media: mx2_emmaprp: Correct return type for mem2mem buffer helpers media: mtk-jpeg: Correct return type for mem2mem buffer helpers mt76: usb: do not run mt76u_queues_deinit twice xen/gntdev: Do not destroy context while dma-bufs are in use vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset == -1 HID: intel-ish-hid: avoid binding wrong ishtp_cl_device cgroup, rstat: Don't flush subtree root unless necessary jbd2: fix race when writing superblock leds: lp55xx: fix null deref on firmware load failure perf report: Add s390 diagnosic sampling descriptor size iwlwifi: pcie: fix emergency path ACPI / video: Refactor and fix dmi_is_desktop() selftests: skip seccomp get_metadata test if not real root kprobes: Prohibit probing on bsearch() kprobes: Prohibit probing on RCU debug routine netfilter: conntrack: fix cloned unconfirmed skb->_nfct race in __nf_conntrack_confirm ARM: 8833/1: Ensure that NEON code always compiles with Clang ARM: dts: meson8b: fix the Ethernet data line signals in eth_rgmii_pins ALSA: PCM: check if ops are defined before suspending PCM ath10k: fix shadow register implementation for WCN3990 usb: f_fs: Avoid crash due to out-of-scope stack ptr access sched/topology: Fix percpu data types in struct sd_data & struct s_data bcache: fix input overflow to cache set sysfs file io_error_halflife bcache: fix input overflow to sequential_cutoff bcache: fix potential div-zero error of writeback_rate_i_term_inverse bcache: improve sysfs_strtoul_clamp() genirq: Avoid summation loops for /proc/stat net: marvell: mvpp2: fix stuck in-band SGMII negotiation iw_cxgb4: fix srqidx leak during connection abort net: phy: consider latched link-down status in polling mode fbdev: fbmem: fix memory access if logo is bigger than the screen cdrom: Fix race condition in cdrom_sysctl_register drm: rcar-du: add missing of_node_put drm/amd/display: Don't re-program planes for DPMS changes drm/amd/display: Disconnect mpcc when changing tg perf/aux: Make perf_event accessible to setup_aux() e1000e: fix cyclic resets at link up with active tx e1000e: Exclude device from suspend direct complete optimization platform/x86: intel_pmc_core: Fix PCH IP sts reading i2c: of: Try to find an I2C adapter matching the parent staging: spi: mt7621: Add return code check on device_reset() iwlwifi: mvm: fix RFH config command with >=10 CPUs ASoC: fsl-asoc-card: fix object reference leaks in fsl_asoc_card_probe sched/debug: Initialize sd_sysctl_cpus if !CONFIG_CPUMASK_OFFSTACK efi/memattr: Don't bail on zero VA if it equals the region's PA sched/core: Use READ_ONCE()/WRITE_ONCE() in move_queued_task()/task_rq_lock() drm/vkms: Bugfix extra vblank frame ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings notation efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted soc: qcom: gsbi: Fix error handling in gsbi_probe() mt7601u: bump supported EEPROM version ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are really care of ARM: avoid Cortex-A9 livelock on tight dmb loops block, bfq: fix in-service-queue check for queue merging bpf: fix missing prototype warnings selftests/bpf: skip verifier tests for unsupported program types powerpc/64s: Clear on-stack exception marker upon exception return cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix the accounting backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial state tty: increase the default flip buffer limit to 2*640K powerpc/pseries: Perform full re-add of CPU for topology update post-migration drm/amd/display: Enable vblank interrupt during CRC capture ALSA: dice: add support for Solid State Logic Duende Classic/Mini usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded platform/x86: intel-hid: Missing power button release on some Dell models perf script python: Use PyBytes for attr in trace-event-python perf script python: Add trace_context extension module to sys.modules media: mt9m111: set initial frame size other than 0x0 hwrng: virtio - Avoid repeated init of completion soc/tegra: fuse: Fix illegal free of IO base address HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear PISR busy_clear bit f2fs: UBSAN: set boolean value iostat_enable correctly hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable cpu/hotplug: Mute hotplug lockdep during init dmaengine: imx-dma: fix warning comparison of distinct pointer types dmaengine: qcom_hidma: assign channel cookie correctly dmaengine: qcom_hidma: initialize tx flags in hidma_prep_dma_* netfilter: physdev: relax br_netfilter dependency media: rcar-vin: Allow independent VIN link enablement media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting pinctrl: meson: meson8b: add the eth_rxd2 and eth_rxd3 pins drm: Auto-set allow_fb_modifiers when given modifiers at plane init drm/nouveau: Stop using drm_crtc_force_disable x86/build: Specify elf_i386 linker emulation explicitly for i386 objects selinux: do not override context on context mounts brcmfmac: Use firmware_request_nowarn for the clm_blob wlcore: Fix memory leak in case wl12xx_fetch_firmware failure x86/build: Mark per-CPU symbols as absolute explicitly for LLD drm/fb-helper: fix leaks in error path of drm_fb_helper_fbdev_setup clk: meson: clean-up clock registration clk: rockchip: fix frac settings of GPLL clock for rk3328 dmaengine: tegra: avoid overflow of byte tracking Input: soc_button_array - fix mapping of the 5th GPIO in a PNP0C40 device drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers net: stmmac: Avoid one more sometimes uninitialized Clang warning ACPI / video: Extend chassis-type detection with a "Lunch Box" check bcache: fix potential div-zero error of writeback_rate_p_term_inverse kprobes/x86: Blacklist non-attachable interrupt functions Linux 4.19.34 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Buland Singh
|
a6c671e231 |
hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable
[ Upstream commit 24d48a61f2666630da130cc2ec2e526eacf229e3 ]
Commit '3d035f580699 ("drivers/char/hpet.c: allow user controlled mmap for
user processes")' introduced a new kernel command line parameter hpet_mmap,
that is required to expose the memory map of the HPET registers to
user-space. Unfortunately the kernel command line parameter 'hpet_mmap' is
broken and never takes effect due to missing '=' character in the __setup()
code of hpet_mmap_enable.
Before this patch:
dmesg output with the kernel command line parameter hpet_mmap=1
[ 0.204152] HPET mmap disabled
dmesg output with the kernel command line parameter hpet_mmap=0
[ 0.204192] HPET mmap disabled
After this patch:
dmesg output with the kernel command line parameter hpet_mmap=1
[ 0.203945] HPET mmap enabled
dmesg output with the kernel command line parameter hpet_mmap=0
[ 0.204652] HPET mmap disabled
Fixes:
|
||
David Tolnay
|
a3aa9d93b9 |
hwrng: virtio - Avoid repeated init of completion
[ Upstream commit aef027db48da56b6f25d0e54c07c8401ada6ce21 ] The virtio-rng driver uses a completion called have_data to wait for a virtio read to be fulfilled by the hypervisor. The completion is reset before placing a buffer on the virtio queue and completed by the virtio callback once data has been written into the buffer. Prior to this commit, the driver called init_completion on this completion both during probe as well as when registering virtio buffers as part of a hwrng read operation. The second of these init_completion calls should instead be reinit_completion because the have_data completion has already been inited by probe. As described in Documentation/scheduler/completion.txt, "Calling init_completion() twice on the same completion object is most likely a bug". This bug was present in the initial implementation of virtio-rng in |
||
Greg Kroah-Hartman
|
0b065cd568 |
This is the 4.19.33 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlykNfcACgkQONu9yGCS aT40dRAAiCeYjEC1zH8dkAnbFlKo6IZuhKgISfVTgrWlRe9nUTYaenBXqAfGjufH EzXHrD1IANRAnFfWg8xt01TNBfTaiEYnYzFmJkWAHFWGKxa5fRU5Kan0MB97r8s9 NjoSRsnFl8l2oJI88zwFa7k89Itop9ST/zvZIgnrysAr+j8yEZb7BZWaU2UrKK/q qfnJxjfCb/jeqAxwVh3OkasXj0gG2JkGR/uEGTw2EARuI6pvKo5OCzYz0tXTN6ZJ CSzM4X7dhkGSgLIUw3JOCB28riK9TYbOdPr4MFYMrnoU5VL8+n62tXoKXewobJ1C 2+Pmg5E54r13Rr35eoGCiHsW2LGQrOyvm8S9TFB/0SmTPtzUjFlHBC62Vs/AW5ut HSmwVy+ILM/xTIdts5QT58Gw+5NCmHxw2oEdrgcct+6FtnR9XPOqZYyzH1tw1ZB+ DL2PqYyT9czuo2bKanWA37M8339q2INDFskXqKRokQ9GNiqUx1E6fNBqtK5SqyDI CdohtAs7xSQoPPbKDiITOmt82MM8xvefKmqTIvHN5B7Ns4lT1QC74DCXEFEKtw6M l+p64h6Qw4DiKmqna7fsbKPjmg8pg1lVrCOwD5iUF3JXy+Wxi/OKnr2gqAVMChAq GSfFFf+MMZhYzJPRQKxOn4GwDBDz5niaWvQmlPcPWLJ5jdbzl+Y= =Yyc/ -----END PGP SIGNATURE----- Merge 4.19.33 into android-4.19 Changes in 4.19.33 Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer ipmi_si: Fix crash when using hard-coded device dccp: do not use ipv6 header for ipv4 flow genetlink: Fix a memory leak on error path gtp: change NET_UDP_TUNNEL dependency to select ipv6: make ip6_create_rt_rcu return ip6_null_entry instead of NULL mac8390: Fix mmio access size probe mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S net: aquantia: fix rx checksum offload for UDP/TCP over IPv6 net: datagram: fix unbounded loop in __skb_try_recv_datagram() net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec net: phy: meson-gxl: fix interrupt support net: rose: fix a possible stack overflow net: stmmac: fix memory corruption with large MTUs net-sysfs: call dev_hold if kobject_init_and_add success packets: Always register packet sk in the same order rhashtable: Still do rehash when we get EEXIST sctp: get sctphdr by offset in sctp_compute_cksum sctp: use memdup_user instead of vmemdup_user tcp: do not use ipv6 header for ipv4 flow tipc: allow service ranges to be connect()'ed on RDM/DGRAM tipc: change to check tipc_own_id to return in tipc_net_stop tipc: fix cancellation of topology subscriptions tun: properly test for IFF_UP vrf: prevent adding upper devices vxlan: Don't call gro_cells_destroy() before device is unregistered ila: Fix rhashtable walker list corruption net: sched: fix cleanup NULL pointer exception in act_mirr thunderx: enable page recycling for non-XDP case thunderx: eliminate extra calls to put_page() for pages held for recycling tun: add a missing rcu_read_unlock() in error path powerpc/fsl: Add infrastructure to fixup branch predictor flush powerpc/fsl: Add macro to flush the branch predictor powerpc/fsl: Emulate SPRN_BUCSR register powerpc/fsl: Add nospectre_v2 command line argument powerpc/fsl: Flush the branch predictor at each kernel entry (64bit) powerpc/fsl: Flush the branch predictor at each kernel entry (32 bit) powerpc/fsl: Flush branch predictor when entering KVM powerpc/fsl: Enable runtime patching if nospectre_v2 boot arg is used powerpc/fsl: Update Spectre v2 reporting powerpc/fsl: Fixed warning: orphan section `__btb_flush_fixup' powerpc/fsl: Fix the flush of branch predictor. powerpc/security: Fix spectre_v2 reporting Btrfs: fix incorrect file size after shrinking truncate and fsync btrfs: remove WARN_ON in log_dir_items btrfs: don't report readahead errors and don't update statistics btrfs: raid56: properly unmap parity page in finish_parity_scrub() btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size Btrfs: fix assertion failure on fsync with NO_HOLES enabled ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time powerpc: bpf: Fix generation of load/store DW instructions vfio: ccw: only free cp on final interrupt NFS: fix mount/umount race in nlmclnt. NFSv4.1 don't free interrupted slot on open net: dsa: qca8k: remove leftover phy accessors ALSA: rawmidi: Fix potential Spectre v1 vulnerability ALSA: seq: oss: Fix Spectre v1 vulnerability ALSA: pcm: Fix possible OOB access in PCM oss plugins ALSA: pcm: Don't suspend stream in unrecoverable PCM state ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB ALSA: hda/realtek: Enable headset MIC of Acer AIO with ALC286 ALSA: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 ALSA: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic ALSA: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 ALSA: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 ALSA: hda/realtek: Enable headset MIC of ASUS X430UN and X512DK with ALC256 ALSA: hda/realtek - Fix speakers on Acer Predator Helios 500 Ryzen laptops kbuild: modversions: Fix relative CRC byte order interpretation fs/open.c: allow opening only regular files during execve() ocfs2: fix inode bh swapping mixup in ocfs2_reflink_inodes_lock scsi: sd: Fix a race between closing an sd device and sd I/O scsi: sd: Quiesce warning if device does not report optimal I/O size scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices drm/rockchip: vop: reset scale mode when win is disabled tty: mxs-auart: fix a potential NULL pointer dereference tty: atmel_serial: fix a potential NULL pointer dereference tty: serial: qcom_geni_serial: Initialize baud in qcom_geni_console_setup staging: comedi: ni_mio_common: Fix divide-by-zero for DIO cmdtest staging: speakup_soft: Fix alternate speech with other synths staging: vt6655: Remove vif check from vnt_interrupt staging: vt6655: Fix interrupt race condition on device start up. staging: erofs: fix to handle error path of erofs_vmap() serial: max310x: Fix to avoid potential NULL pointer dereference serial: mvebu-uart: Fix to avoid a potential NULL pointer dereference serial: sh-sci: Fix setting SCSCR_TIE while transferring data USB: serial: cp210x: add new device id USB: serial: ftdi_sio: add additional NovaTech products USB: serial: mos7720: fix mos_parport refcount imbalance on error path USB: serial: option: set driver_info for SIM5218 and compatibles USB: serial: option: add support for Quectel EM12 USB: serial: option: add Olicard 600 Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links drm/vgem: fix use-after-free when drm_gem_handle_create() fails drm/vkms: fix use-after-free when drm_gem_handle_create() fails drm/i915/gvt: Fix MI_FLUSH_DW parsing with correct index check gpio: exar: add a check for the return value of ida_simple_get fails gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input phy: sun4i-usb: Support set_mode to USB_HOST for non-OTG PHYs usb: mtu3: fix EXTCON dependency USB: gadget: f_hid: fix deadlock in f_hidg_write() usb: common: Consider only available nodes for dr_mode usb: host: xhci-rcar: Add XHCI_TRUST_TX_LENGTH quirk xhci: Fix port resume done detection for SS ports with LPM enabled usb: xhci: dbc: Don't free all memory with spinlock held xhci: Don't let USB3 ports stuck in polling state prevent suspend usb: cdc-acm: fix race during wakeup blocking TX traffic mm: add support for kmem caches in DMA32 zone iommu/io-pgtable-arm-v7s: request DMA32 memory, and improve debugging mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT is specified mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate perf pmu: Fix parser error for uncore event alias perf intel-pt: Fix TSC slip objtool: Query pkg-config for libelf location powerpc/pseries/energy: Use OF accessor functions to read ibm,drc-indexes powerpc/64: Fix memcmp reading past the end of src/dest watchdog: Respect watchdog cpumask on CPU hotplug cpu/hotplug: Prevent crash when CPU bringup fails on CONFIG_HOTPLUG_CPU=n x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y KVM: Reject device ioctls from processes other than the VM's creator KVM: x86: update %rip after emulating IO KVM: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts staging: erofs: fix error handling when failed to read compresssed data staging: erofs: keep corrupted fs from crashing kernel in erofs_readdir() bpf: do not restore dst_reg when cur_state is freed drivers: base: Helpers for adding device connection descriptions platform: x86: intel_cht_int33fe: Register all connections at once platform: x86: intel_cht_int33fe: Add connection for the DP alt mode platform: x86: intel_cht_int33fe: Add connections for the USB Type-C port usb: typec: class: Don't use port parent for getting mux handles platform: x86: intel_cht_int33fe: Remove the old connections for the muxes Linux 4.19.33 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Corey Minyard
|
6bba17f6bc |
ipmi_si: Fix crash when using hard-coded device
Backport from 41b766d661bf94a364960862cfc248a78313dbd3 When excuting a command like: modprobe ipmi_si ports=0xffc0e3 type=bt The system would get an oops. The trouble here is that ipmi_si_hardcode_find_bmc() is called before ipmi_si_platform_init(), but initialization of the hard-coded device creates an IPMI platform device, which won't be initialized yet. The real trouble is that hard-coded devices aren't created with any device, and the fixup is done later. So do it right, create the hard-coded devices as normal platform devices. This required adding some new resource types to the IPMI platform code for passing information required by the hard-coded device and adding some code to remove the hard-coded platform devices on module removal. To enforce the "hard-coded devices passed by the user take priority over firmware devices" rule, some special code was added to check and see if a hard-coded device already exists. The backport required some minor fixups and adding the device id table that had been added in another change and was used in this one. Reported-by: Yang Yingliang <yangyingliang@huawei.com> Cc: stable@vger.kernel.org # v4.15+ Signed-off-by: Corey Minyard <cminyard@mvista.com> Tested-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
bb418a146a |
This is the 4.19.31 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyWhJcACgkQONu9yGCS aT6XzxAAzP2QGzC4SVPgcFH1woF/d8Cz0zQ81mLXzjXtEPm39fZCM2hbBnxkXLu1 peFyrKNk6/c9541D9gsQCQT6Fu+H6u1bJKcIezlKJ2xyB/MsU1hXkjZrTJYW3RRs gimy1EGdood2el1ubEBZiaspazoeRzBqtg1Nsmr4V0l+RT8HwtKKw+0+Nxixfp59 NoVkqTpPI5mL0FiH2R9ogcfg3SvgMZOsOhOBjdPvSjiJJsbvIWcW48MCs95XSUpF R+l/fWn+oiFCcIqBaFheujuqZMvVrUHZHaWAPMuoR/c3Cdf0lTBokdv6UM9c0nv3 61jX5r5ImRI/dfQANN5mbB1YKcs5xOI+I7QZHQ2q4clsWrWyLapXW4clrAZJ6z5t UVeVbuLV2y5PL9GJyBcXpyY0BOf4e2gZURaPY3C5McNwgybNoiR0ZePqKb8ZhZyh jYOYRoBjJJpZoVTSt6MNX95NTvGaSAtqKMu1s3IeMfpwCfQKBPMOuBHr/dUqSC6I U0xxjk/71C15dSPVcTVJT/lmcKc6TXgoagnfbn8GBtDOAjBNsYyUJLQI+db1ERCe 9MEB9k1Z87ROQ5jQCQmWsewOVAtFZBEvSszFmpKv3zTe8M2oFpXG56zckdiumwHU nSfeZTTeWzsFJd30MioEnGYm3ZwKwZx7wi0x4B4WWvBfSpp20Us= =xtLx -----END PGP SIGNATURE----- Merge 4.19.31 into android-4.19 Changes in 4.19.31 media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused() 9p: use inode->i_lock to protect i_size_write() under 32-bit 9p/net: fix memory leak in p9_client_create ASoC: fsl_esai: fix register setting issue in RIGHT_J mode ASoC: codecs: pcm186x: fix wrong usage of DECLARE_TLV_DB_SCALE() ASoC: codecs: pcm186x: Fix energysense SLEEP bit iio: adc: exynos-adc: Fix NULL pointer exception on unbind mei: hbm: clean the feature flags on link reset mei: bus: move hw module get/put to probe/release stm class: Fix an endless loop in channel allocation crypto: caam - fix hash context DMA unmap size crypto: ccree - fix missing break in switch statement crypto: caam - fixed handling of sg list crypto: caam - fix DMA mapping of stack memory crypto: ccree - fix free of unallocated mlli buffer crypto: ccree - unmap buffer before copying IV crypto: ccree - don't copy zero size ciphertext crypto: cfb - add missing 'chunksize' property crypto: cfb - remove bogus memcpy() with src == dest crypto: ahash - fix another early termination in hash walk crypto: rockchip - fix scatterlist nents error crypto: rockchip - update new iv to device in multiple operations drm/imx: ignore plane updates on disabled crtcs gpu: ipu-v3: Fix i.MX51 CSI control registers offset drm/imx: imx-ldb: add missing of_node_puts gpu: ipu-v3: Fix CSI offsets for imx53 ASoC: rt5682: Correct the setting while select ASRC clk for AD/DA filter clocksource: timer-ti-dm: Fix pwm dmtimer usage of fck reparenting KVM: arm/arm64: vgic: Make vgic_dist->lpi_list_lock a raw_spinlock arm64: dts: rockchip: fix graph_port warning on rk3399 bob kevin and excavator s390/dasd: fix using offset into zero size array error Input: pwm-vibra - prevent unbalanced regulator Input: pwm-vibra - stop regulator after disabling pwm, not before ARM: dts: Configure clock parent for pwm vibra ARM: OMAP2+: Variable "reg" in function omap4_dsi_mux_pads() could be uninitialized ASoC: dapm: fix out-of-bounds accesses to DAPM lookup tables ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check KVM: arm/arm64: Reset the VCPU without preemption and vcpu state loaded arm/arm64: KVM: Allow a VCPU to fully reset itself arm/arm64: KVM: Don't panic on failure to properly reset system registers KVM: arm/arm64: vgic: Always initialize the group of private IRQs KVM: arm64: Forbid kprobing of the VHE world-switch code ASoC: samsung: Prevent clk_get_rate() calls in atomic context ARM: OMAP2+: fix lack of timer interrupts on CPU1 after hotplug Input: cap11xx - switch to using set_brightness_blocking() Input: ps2-gpio - flush TX work when closing port Input: matrix_keypad - use flush_delayed_work() mac80211: call drv_ibss_join() on restart mac80211: Fix Tx aggregation session tear down with ITXQs netfilter: compat: initialize all fields in xt_init blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue ipvs: fix dependency on nf_defrag_ipv6 floppy: check_events callback should not return a negative number xprtrdma: Make sure Send CQ is allocated on an existing compvec NFS: Don't use page_file_mapping after removing the page mm/gup: fix gup_pmd_range() for dax Revert "mm: use early_pfn_to_nid in page_ext_init" scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() x86/CPU: Add Icelake model number mm: page_alloc: fix ref bias in page_frag_alloc() for 1-byte allocs net: hns: Fix object reference leaks in hns_dsaf_roce_reset() i2c: cadence: Fix the hold bit setting i2c: bcm2835: Clear current buffer pointers and counts after a transfer auxdisplay: ht16k33: fix potential user-after-free on module unload Input: st-keyscan - fix potential zalloc NULL dereference clk: sunxi-ng: v3s: Fix TCON reset de-assert bit kallsyms: Handle too long symbols in kallsyms.c clk: sunxi: A31: Fix wrong AHB gate number esp: Skip TX bytes accounting when sending from a request socket ARM: 8824/1: fix a migrating irq bug when hotplug cpu bpf: only adjust gso_size on bytestream protocols bpf: fix lockdep false positive in stackmap af_key: unconditionally clone on broadcast ARM: 8835/1: dma-mapping: Clear DMA ops on teardown assoc_array: Fix shortcut creation keys: Fix dependency loop between construction record and auth key scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task net: systemport: Fix reception of BPDUs net: dsa: bcm_sf2: Do not assume DSA master supports WoL pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins qmi_wwan: apply SET_DTR quirk to Sierra WP7607 net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() xfrm: Fix inbound traffic via XFRM interfaces across network namespaces mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue ASoC: topology: free created components in tplg load error qed: Fix iWARP buffer size provided for syn packet processing. qed: Fix iWARP syn packet mac address validation. ARM: dts: armada-xp: fix Armada XP boards NAND description arm64: Relax GIC version check during early boot ARM: tegra: Restore DT ABI on Tegra124 Chromebooks net: marvell: mvneta: fix DMA debug warning mm: handle lru_add_drain_all for UP properly tmpfs: fix link accounting when a tmpfile is linked in ixgbe: fix older devices that do not support IXGBE_MRQC_L3L4TXSWEN ARCv2: lib: memcpy: fix doing prefetchw outside of buffer ARC: uacces: remove lp_start, lp_end from clobber list ARCv2: support manual regfile save on interrupts ARCv2: don't assume core 0x54 has dual issue phonet: fix building with clang mac80211_hwsim: propagate genlmsg_reply return code bpf, lpm: fix lookup bug in map_delete_elem net: thunderx: make CFG_DONE message to run through generic send-ack sequence net: thunderx: add nicvf_send_msg_to_pf result check for set_rx_mode_task nfp: bpf: fix code-gen bug on BPF_ALU | BPF_XOR | BPF_K nfp: bpf: fix ALU32 high bits clearance bug bnxt_en: Fix typo in firmware message timeout logic. bnxt_en: Wait longer for the firmware message response to complete. net: set static variable an initial value in atl2_probe() selftests: fib_tests: sleep after changing carrier. again. tmpfs: fix uninitialized return value in shmem_link stm class: Prevent division by zero nfit: acpi_nfit_ctl(): Check out_obj->type in the right place acpi/nfit: Fix bus command validation nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot nfit/ars: Attempt short-ARS even in the no_init_ars case libnvdimm/label: Clear 'updating' flag after label-set update libnvdimm, pfn: Fix over-trim in trim_pfn_device() libnvdimm/pmem: Honor force_raw for legacy pmem regions libnvdimm: Fix altmap reservation size calculation fix cgroup_do_mount() handling of failure exits crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails crypto: aegis - fix handling chunked inputs crypto: arm/crct10dif - revert to C code for short inputs crypto: arm64/aes-neonbs - fix returning final keystream block crypto: arm64/crct10dif - revert to C code for short inputs crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails crypto: morus - fix handling chunked inputs crypto: pcbc - remove bogus memcpy()s with src == dest crypto: skcipher - set CRYPTO_TFM_NEED_KEY if ->setkey() fails crypto: testmgr - skip crc32c context test for ahash algorithms crypto: x86/aegis - fix handling chunked inputs and MAY_SLEEP crypto: x86/aesni-gcm - fix crash on empty plaintext crypto: x86/morus - fix handling chunked inputs and MAY_SLEEP crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling crypto: arm64/aes-ccm - fix bugs in non-NEON fallback routine CIFS: Do not reset lease state to NONE on lease break CIFS: Do not skip SMB2 message IDs on send failures CIFS: Fix read after write for files with read caching tracing: Use strncpy instead of memcpy for string keys in hist triggers tracing: Do not free iter->trace in fail path of tracing_open_pipe() tracing/perf: Use strndup_user() instead of buggy open-coded version xen: fix dom0 boot on huge systems ACPI / device_sysfs: Avoid OF modalias creation for removed device mmc: sdhci-esdhc-imx: fix HS400 timing issue mmc:fix a bug when max_discard is 0 netfilter: ipt_CLUSTERIP: fix warning unused variable cn spi: ti-qspi: Fix mmap read when more than one CS in use spi: pxa2xx: Setup maximum supported DMA transfer length regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 regulator: max77620: Initialize values for DT properties regulator: s2mpa01: Fix step values for some LDOs clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown clocksource/drivers/arch_timer: Workaround for Allwinner A64 timer instability s390/setup: fix early warning messages s390/virtio: handle find on invalid queue gracefully scsi: virtio_scsi: don't send sc payload with tmfs scsi: aacraid: Fix performance issue on logical drives scsi: sd: Optimal I/O size should be a multiple of physical block size scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware fs/devpts: always delete dcache dentry-s in dput() splice: don't merge into linked buffers ovl: During copy up, first copy up data and then xattrs ovl: Do not lose security.capability xattr over metadata file copy-up m68k: Add -ffreestanding to CFLAGS Btrfs: setup a nofs context for memory allocation at btrfs_create_tree() Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl btrfs: ensure that a DUP or RAID1 block group has exactly two stripes Btrfs: fix corruption reading shared and compressed extents after hole punching soc: qcom: rpmh: Avoid accessing freed memory from batch API libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table irqchip/brcmstb-l2: Use _irqsave locking variants in non-interrupt code x86/kprobes: Prohibit probing on optprobe template code cpufreq: kryo: Release OPP tables on module removal cpufreq: tegra124: add missing of_node_put() cpufreq: pxa2xx: remove incorrect __init annotation ext4: fix check of inode in swap_inode_boot_loader ext4: cleanup pagecache before swap i_data ext4: update quota information while swapping boot loader inode ext4: add mask of ext4 flags to swap ext4: fix crash during online resizing PCI/ASPM: Use LTR if already enabled by platform PCI/DPC: Fix print AER status in DPC event handling PCI: dwc: skip MSI init if MSIs have been explicitly disabled IB/hfi1: Close race condition on user context disable and close cxl: Wrap iterations over afu slices inside 'afu_list_lock' ext2: Fix underflow in ext2_max_size() clk: uniphier: Fix update register for CPU-gear clk: clk-twl6040: Fix imprecise external abort for pdmclk clk: samsung: exynos5: Fix possible NULL pointer exception on platform_device_alloc() failure clk: samsung: exynos5: Fix kfree() of const memory on setting driver_override clk: ingenic: Fix round_rate misbehaving with non-integer dividers clk: ingenic: Fix doc of ingenic_cgu_div_info usb: chipidea: tegra: Fix missed ci_hdrc_remove_device() usb: typec: tps6598x: handle block writes separately with plain-I2C adapters dmaengine: usb-dmac: Make DMAC system sleep callbacks explicit mm: hwpoison: fix thp split handing in soft_offline_in_use_page() mm/vmalloc: fix size check for remap_vmalloc_range_partial() mm/memory.c: do_fault: avoid usage of stale vm_area_struct kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv device property: Fix the length used in PROPERTY_ENTRY_STRING() intel_th: Don't reference unassigned outputs parport_pc: fix find_superio io compare code, should use equal test. i2c: tegra: fix maximum transfer size media: i2c: ov5640: Fix post-reset delay gpio: pca953x: Fix dereference of irq data in shutdown can: flexcan: FLEXCAN_IFLAG_MB: add () around macro argument drm/i915: Relax mmap VMA check bpf: only test gso type on gso packets serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart serial: 8250_pci: Fix number of ports for ACCES serial cards serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() jbd2: clear dirty flag when revoking a buffer from an older transaction jbd2: fix compile warning when using JBUFFER_TRACE selinux: add the missing walk_size + len check in selinux_sctp_bind_connect security/selinux: fix SECURITY_LSM_NATIVE_LABELS on reused superblock powerpc/32: Clear on-stack exception marker upon exception return powerpc/wii: properly disable use of BATs when requested. powerpc/powernv: Make opal log only readable by root powerpc/83xx: Also save/restore SPRG4-7 during suspend powerpc/powernv: Don't reprogram SLW image on every KVM guest entry/exit powerpc: Fix 32-bit KVM-PR lockup and host crash with MacOS guest powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning powerpc/hugetlb: Don't do runtime allocation of 16G pages in LPAR configuration powerpc/traps: fix recoverability of machine check handling on book3s/32 powerpc/traps: Fix the message printed when stack overflows ARM: s3c24xx: Fix boolean expressions in osiris_dvs_notify arm64: Fix HCR.TGE status for NMI contexts arm64: debug: Ensure debug handlers check triggering exception level arm64: KVM: Fix architecturally invalid reset value for FPEXC32_EL2 ipmi_si: fix use-after-free of resource->name dm: fix to_sector() for 32bit dm integrity: limit the rate of error messages mfd: sm501: Fix potential NULL pointer dereference cpcap-charger: generate events for userspace NFS: Fix I/O request leakages NFS: Fix an I/O request leakage in nfs_do_recoalesce NFS: Don't recoalesce on error in nfs_pageio_complete_mirror() nfsd: fix performance-limiting session calculation nfsd: fix memory corruption caused by readdir nfsd: fix wrong check in write_v4_end_grace() NFSv4.1: Reinitialise sequence results before retransmitting a request svcrpc: fix UDP on servers with lots of threads PM / wakeup: Rework wakeup source timer cancellation bcache: never writeback a discard operation stable-kernel-rules.rst: add link to networking patch queue vt: perform safe console erase in the right order x86/unwind/orc: Fix ORC unwind table alignment perf intel-pt: Fix CYC timestamp calculation after OVF perf tools: Fix split_kallsyms_for_kcore() for trampoline symbols perf auxtrace: Define auxtrace record alignment perf intel-pt: Fix overlap calculation for padding perf/x86/intel/uncore: Fix client IMC events return huge result perf intel-pt: Fix divide by zero when TSC is not available md: Fix failed allocation of md_register_thread tpm/tpm_crb: Avoid unaligned reads in crb_recv() tpm: Unify the send callback behaviour rcu: Do RCU GP kthread self-wakeup from softirq and interrupt media: imx: prpencvf: Stop upstream before disabling IDMA channel media: lgdt330x: fix lock status reporting media: uvcvideo: Avoid NULL pointer dereference at the end of streaming media: vimc: Add vimc-streamer for stream control media: imx: csi: Disable CSI immediately after last EOF media: imx: csi: Stop upstream before disabling IDMA channel drm/fb-helper: generic: Fix drm_fbdev_client_restore() drm/radeon/evergreen_cs: fix missing break in switch statement drm/amd/powerplay: correct power reading on fiji drm/amd/display: don't call dm_pp_ function from an fpu block KVM: Call kvm_arch_memslots_updated() before updating memslots KVM: x86/mmu: Detect MMIO generation wrap in any address space KVM: x86/mmu: Do not cache MMIO accesses while memslots are in flux KVM: nVMX: Sign extend displacements of VMX instr's mem operands KVM: nVMX: Apply addr size mask to effective address for VMX instructions KVM: nVMX: Ignore limit checks on VMX instructions using flat segments bcache: use (REQ_META|REQ_PRIO) to indicate bio for metadata s390/setup: fix boot crash for machine without EDAT-1 Linux 4.19.31 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Jarkko Sakkinen
|
bce45a5475 |
tpm: Unify the send callback behaviour
commit f5595f5baa30e009bf54d0d7653a9a0cc465be60 upstream. The send() callback should never return length as it does not in every driver except tpm_crb in the success case. The reason is that the main transmit functionality only cares about whether the transmit was successful or not and ignores the count completely. Suggested-by: Stefan Berger <stefanb@linux.ibm.com> Cc: stable@vger.kernel.org Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Reviewed-by: Jerry Snitselaar <jsnitsel@redhat.com> Tested-by: Alexander Steffen <Alexander.Steffen@infineon.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jarkko Sakkinen
|
af0c1bd0c5 |
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
commit 3d7a850fdc1a2e4d2adbc95cc0fc962974725e88 upstream.
The current approach to read first 6 bytes from the response and then tail
of the response, can cause the 2nd memcpy_fromio() to do an unaligned read
(e.g. read 32-bit word from address aligned to a 16-bits), depending on how
memcpy_fromio() is implemented. If this happens, the read will fail and the
memory controller will fill the read with 1's.
This was triggered by 170d13ca3a2f, which should be probably refined to
check and react to the address alignment. Before that commit, on x86
memcpy_fromio() turned out to be memcpy(). By a luck GCC has done the right
thing (from tpm_crb's perspective) for us so far, but we should not rely on
that. Thus, it makes sense to fix this also in tpm_crb, not least because
the fix can be then backported to stable kernels and make them more robust
when compiled in differing environments.
Cc: stable@vger.kernel.org
Cc: James Morris <jmorris@namei.org>
Cc: Tomas Winkler <tomas.winkler@intel.com>
Cc: Jerry Snitselaar <jsnitsel@redhat.com>
Fixes:
|
||
Yang Yingliang
|
a441fdaf8c |
ipmi_si: fix use-after-free of resource->name
commit 401e7e88d4ef80188ffa07095ac00456f901b8c4 upstream.
When we excute the following commands, we got oops
rmmod ipmi_si
cat /proc/ioports
[ 1623.482380] Unable to handle kernel paging request at virtual address ffff00000901d478
[ 1623.482382] Mem abort info:
[ 1623.482383] ESR = 0x96000007
[ 1623.482385] Exception class = DABT (current EL), IL = 32 bits
[ 1623.482386] SET = 0, FnV = 0
[ 1623.482387] EA = 0, S1PTW = 0
[ 1623.482388] Data abort info:
[ 1623.482389] ISV = 0, ISS = 0x00000007
[ 1623.482390] CM = 0, WnR = 0
[ 1623.482393] swapper pgtable: 4k pages, 48-bit VAs, pgdp = 00000000d7d94a66
[ 1623.482395] [ffff00000901d478] pgd=000000dffbfff003, pud=000000dffbffe003, pmd=0000003f5d06e003, pte=0000000000000000
[ 1623.482399] Internal error: Oops: 96000007 [#1] SMP
[ 1623.487407] Modules linked in: ipmi_si(E) nls_utf8 isofs rpcrdma ib_iser ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_umad rdma_cm ib_cm dm_mirror dm_region_hash dm_log iw_cm dm_mod aes_ce_blk crypto_simd cryptd aes_ce_cipher ses ghash_ce sha2_ce enclosure sha256_arm64 sg sha1_ce hisi_sas_v2_hw hibmc_drm sbsa_gwdt hisi_sas_main ip_tables mlx5_ib ib_uverbs marvell ib_core mlx5_core ixgbe mdio hns_dsaf ipmi_devintf hns_enet_drv ipmi_msghandler hns_mdio [last unloaded: ipmi_si]
[ 1623.532410] CPU: 30 PID: 11438 Comm: cat Kdump: loaded Tainted: G E 5.0.0-rc3+ #168
[ 1623.541498] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.37 11/21/2017
[ 1623.548822] pstate: a0000005 (NzCv daif -PAN -UAO)
[ 1623.553684] pc : string+0x28/0x98
[ 1623.557040] lr : vsnprintf+0x368/0x5e8
[ 1623.560837] sp : ffff000013213a80
[ 1623.564191] x29: ffff000013213a80 x28: ffff00001138abb5
[ 1623.569577] x27: ffff000013213c18 x26: ffff805f67d06049
[ 1623.574963] x25: 0000000000000000 x24: ffff00001138abb5
[ 1623.580349] x23: 0000000000000fb7 x22: ffff0000117ed000
[ 1623.585734] x21: ffff000011188fd8 x20: ffff805f67d07000
[ 1623.591119] x19: ffff805f67d06061 x18: ffffffffffffffff
[ 1623.596505] x17: 0000000000000200 x16: 0000000000000000
[ 1623.601890] x15: ffff0000117ed748 x14: ffff805f67d07000
[ 1623.607276] x13: ffff805f67d0605e x12: 0000000000000000
[ 1623.612661] x11: 0000000000000000 x10: 0000000000000000
[ 1623.618046] x9 : 0000000000000000 x8 : 000000000000000f
[ 1623.623432] x7 : ffff805f67d06061 x6 : fffffffffffffffe
[ 1623.628817] x5 : 0000000000000012 x4 : ffff00000901d478
[ 1623.634203] x3 : ffff0a00ffffff04 x2 : ffff805f67d07000
[ 1623.639588] x1 : ffff805f67d07000 x0 : ffffffffffffffff
[ 1623.644974] Process cat (pid: 11438, stack limit = 0x000000008d4cbc10)
[ 1623.651592] Call trace:
[ 1623.654068] string+0x28/0x98
[ 1623.657071] vsnprintf+0x368/0x5e8
[ 1623.660517] seq_vprintf+0x70/0x98
[ 1623.668009] seq_printf+0x7c/0xa0
[ 1623.675530] r_show+0xc8/0xf8
[ 1623.682558] seq_read+0x330/0x440
[ 1623.689877] proc_reg_read+0x78/0xd0
[ 1623.697346] __vfs_read+0x60/0x1a0
[ 1623.704564] vfs_read+0x94/0x150
[ 1623.711339] ksys_read+0x6c/0xd8
[ 1623.717939] __arm64_sys_read+0x24/0x30
[ 1623.725077] el0_svc_common+0x120/0x148
[ 1623.732035] el0_svc_handler+0x30/0x40
[ 1623.738757] el0_svc+0x8/0xc
[ 1623.744520] Code: d1000406 aa0103e2 54000149 b4000080 (39400085)
[ 1623.753441] ---[ end trace f91b6a4937de9835 ]---
[ 1623.760871] Kernel panic - not syncing: Fatal exception
[ 1623.768935] SMP: stopping secondary CPUs
[ 1623.775718] Kernel Offset: disabled
[ 1623.781998] CPU features: 0x002,21006008
[ 1623.788777] Memory Limit: none
[ 1623.798329] Starting crashdump kernel...
[ 1623.805202] Bye!
If io_setup is called successful in try_smi_init() but try_smi_init()
goes out_err before calling ipmi_register_smi(), so ipmi_unregister_smi()
will not be called while removing module. It leads to the resource that
allocated in io_setup() can not be freed, but the name(DEVICE_NAME) of
resource is freed while removing the module. It causes use-after-free
when cat /proc/ioports.
Fix this by calling io_cleanup() while try_smi_init() goes to out_err.
and don't call io_cleanup() until io_setup() returns successful to avoid
warning prints.
Fixes:
|
||
Greg Kroah-Hartman
|
34e9e65731 |
This is the 4.19.28 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlyEq/IACgkQONu9yGCS aT77AhAAgqbxHsKsgqh7JV477xEgLqrLKYw+/6Bx+l79fUZoaR3PRwM62UEzikPQ KbvutNuOHOWuJA0Xyj5gqV4SJaqBOkoGNnHFOBi/qjtFUsOlBFrlGpow+0fsP/ay Bmo0LhoTvBub4ap7bJt4pwel/elWYVtOkA1Qgv3OCiDkTorYuPTbIUyuAVOJJbRn sZ1eKi00CQPrN65Rxgci0g0p/m7JWpvW2zqmDNZJuZZeEmSLdrrZGwt5ExiI6oKz CqX/VBGChEesMTEOLsSfRyg6NZW3j4rOUaCzkxDq/Tsh9XqNabhk1jod2p3t7Nmu n5Js3ujfuyCKf5tD49Z8xy5A++nYyJLa5jbFnURr2H/ZJPla0CHuc4RoFf/wFYr4 xQAeA3XXiZZB02n6oZlweUSp7hVnCgLJ4Ev2ctAyPUpyf4ncl+vffzj40bozFvAC adJE1UyEJp0xUuRVdx0I+HyueHcWmRIAgs0iz9B5S2KNc4rYDqE+/t+ddrNqjvSF +C33nMn+7A+ngmQlwWjOBaZhhQn3qWrWU0ACERbIG/DUD2voBYu3oIfQzKsXTt0V erSSDq0KSy73PRKN4Tzf2GnDUAlNITUuyFgWITOg8p29HuXJO00p4MQ7fOMYacyB WdwXFB7islUtUoA8nEedZgF7IF1WRh6Iz2HJ5uMTl6pCMSV+8Dk= =OvW8 -----END PGP SIGNATURE----- Merge 4.19.28 into android-4.19 Changes in 4.19.28 cpufreq: Use struct kobj_attribute instead of struct global_attr staging: erofs: fix mis-acted TAIL merging behavior USB: serial: option: add Telit ME910 ECM composition USB: serial: cp210x: add ID for Ingenico 3070 USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 staging: erofs: fix illegal address access under memory pressure staging: erofs: compressed_pages should not be accessed again after freed staging: comedi: ni_660x: fix missing break in switch statement staging: wilc1000: fix to set correct value for 'vif_num' staging: android: ion: fix sys heap pool's gfp_flags staging: android: ashmem: Don't call fallocate() with ashmem_mutex held. staging: android: ashmem: Avoid range_alloc() allocation with ashmem_mutex held. ip6mr: Do not call __IP6_INC_STATS() from preemptible context net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex net: dsa: mv8e6xxx: fix number of internal PHYs for 88E6x90 family net: sched: put back q.qlen into a single location net-sysfs: Fix mem leak in netdev_register_kobject qmi_wwan: Add support for Quectel EG12/EM12 sctp: call iov_iter_revert() after sending ABORT sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 team: Free BPF filter when unregistering netdev tipc: fix RDM/DGRAM connect() regression bnxt_en: Drop oversize TX packets to prevent errors. geneve: correctly handle ipv6.disable module parameter hv_netvsc: Fix IP header checksum for coalesced packets ipv4: Add ICMPv6 support when parse route ipproto lan743x: Fix TX Stall Issue net: dsa: mv88e6xxx: Fix statistics on mv88e6161 net: dsa: mv88e6xxx: Fix u64 statistics netlabel: fix out-of-bounds memory accesses net: netem: fix skb length BUG_ON in __skb_to_sgvec net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails net: phy: Micrel KSZ8061: link failure after cable connect net: phy: phylink: fix uninitialized variable in phylink_get_mac_state net: sit: fix memory leak in sit_init_net() net: socket: set sock->sk to NULL after calling proto_ops::release() tipc: fix race condition causing hung sendto tun: fix blocking read xen-netback: don't populate the hash cache on XenBus disconnect xen-netback: fix occasional leak of grant ref mappings under memory pressure tun: remove unnecessary memory barrier net: Add __icmp_send helper. net: avoid use IPCB in cipso_v4_error ipv4: Return error for RTA_VIA attribute ipv6: Return error for RTA_VIA attribute mpls: Return error for RTA_GATEWAY attribute ipv4: Pass original device to ip_rcv_finish_core net: dsa: mv88e6xxx: power serdes on/off for 10G interfaces on 6390X net: dsa: mv88e6xxx: prevent interrupt storm caused by mv88e6390x_port_set_cmode net/sched: act_ipt: fix refcount leak when replace fails net/sched: act_skbedit: fix refcount leak when replace fails net: sched: act_tunnel_key: fix NULL pointer dereference during init x86/CPU/AMD: Set the CPB bit unconditionally on F17h x86/boot/compressed/64: Do not read legacy ROM on EFI system tracing: Fix event filters and triggers to handle negative numbers usb: xhci: Fix for Enabling USB ROLE SWITCH QUIRK on INTEL_SUNRISEPOINT_LP_XHCI applicom: Fix potential Spectre v1 vulnerabilities MIPS: irq: Allocate accurate order pages for irq stack aio: Fix locking in aio_poll() xtensa: fix get_wchan gnss: sirf: fix premature wakeup interrupt enable USB: serial: cp210x: fix GPIO in autosuspend selftests: firmware: fix verify_reqs() return value Bluetooth: btrtl: Restore old logic to assume firmware is already loaded Bluetooth: Fix locking in bt_accept_enqueue() for BH context exec: Fix mem leak in kernel_read_file scsi: core: reset host byte in DID_NEXUS_FAILURE case bpf: fix sanitation rewrite in case of non-pointers Linux 4.19.28 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Gustavo A. R. Silva
|
5691b93f68 |
applicom: Fix potential Spectre v1 vulnerabilities
commit d7ac3c6ef5d8ce14b6381d52eb7adafdd6c8bb3c upstream. IndexCard is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/char/applicom.c:418 ac_write() warn: potential spectre issue 'apbs' [r] drivers/char/applicom.c:728 ac_ioctl() warn: potential spectre issue 'apbs' [r] (local cap) Fix this by sanitizing IndexCard before using it to index apbs. Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/ Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
18ba00a34e |
This is the 4.19.19 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxSoGgACgkQONu9yGCS aT5IShAAmr4efAHaepYtsEM5q7hpYwdIXauhfmVzYS1KITQ0L+FSO6b6r18/X/Xu ZnGr87x9s7rzTwbgW9EK+cPBE7tVI3Tlem1prTSAQLneiv2zN/iTvJigWGUmifB/ +xldQxiM1S8j6dlVTu0lFl9P8voJ/zFA1II1DV4KJYiPX2lfVis77Tolcd/3TUJ4 V67abXHeAsLc+bU8kcMxamVievyQndwVlMT4XjStJyl6xy1zDozgiNwphyLqT7yc GY0H4jCbFNLfhZlMQgpHanvXzHshbJ4VtMNnjmUApplftzrVf864rgi+sRcoHWK/ Q6ER8LtgFYoqwG1ZjLUIEMChjhs/Xv+FLHWsCvCIkINyzo0PSgubnbYQVccXkBmB XSZ62YTh9sdQtdihWUly0Gr53yMvSn9+ndwJjvBDEErjC9b/D9jOLMcY1L/cCDaQ J34dp6ES+6YdQjAu0TEwuuJHMdGR+BvtKgGIL7V6ujxZhuU39eaJ0QLZktsmIO12 qWQyUKaLA450Qqiqza7foTWAVM6nFu9fd9xsZUKZV6lNnFjKYy/vWjhHsMCR8eKi aojGiRVRNnrlIwgk9h7H4EiuRkK3CJFc9jyZhA6u05NLMdIjD9YuLaMLHuSN0R+m lSgdmM3dVC4gyosKZHGdwzX/ytHTQiA8QRb4SWEnck7piKyWplg= =/rR0 -----END PGP SIGNATURE----- Merge 4.19.19 into android-4.19 Changes in 4.19.19 amd-xgbe: Fix mdio access for non-zero ports and clause 45 PHYs net: bridge: Fix ethernet header pointer before check skb forwardable net: Fix usage of pskb_trim_rcsum net: phy: marvell: Errata for mv88e6390 internal PHYs net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling net/sched: act_tunnel_key: fix memory leak in case of action replace net_sched: refetch skb protocol for each filter openvswitch: Avoid OOB read when parsing flow nlattrs vhost: log dirty page correctly mlxsw: pci: Increase PCI SW reset timeout net: ipv4: Fix memory leak in network namespace dismantle mlxsw: spectrum_fid: Update dummy FID index mlxsw: pci: Ring CQ's doorbell before RDQ's net/sched: cls_flower: allocate mask dynamically in fl_change() udp: with udp_segment release on error path ip6_gre: fix tunnel list corruption for x-netns erspan: build the header with the right proto according to erspan_ver net: phy: marvell: Fix deadlock from wrong locking ip6_gre: update version related info when changing link tcp: allow MSG_ZEROCOPY transmission also in CLOSE_WAIT state mei: me: mark LBG devices as having dma support mei: me: add denverton innovation engine device IDs USB: leds: fix regression in usbport led trigger USB: serial: simple: add Motorola Tetra TPG2200 device id USB: serial: pl2303: add new PID to support PL2303TB ceph: clear inode pointer when snap realm gets dropped by its inode ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages ASoC: rt5514-spi: Fix potential NULL pointer dereference ASoC: tlv320aic32x4: Kernel OOPS while entering DAPM standby mode clk: socfpga: stratix10: fix rate calculation for pll clocks clk: socfpga: stratix10: fix naming convention for the fixed-clocks inotify: Fix fd refcount leak in inotify_add_watch(). ALSA: hda/realtek - Fix typo for ALC225 model ALSA: hda - Add mute LED support for HP ProBook 470 G5 ARCv2: lib: memeset: fix doing prefetchw outside of buffer ARC: adjust memblock_reserve of kernel memory ARC: perf: map generic branches to correct hardware condition s390/mm: always force a load of the primary ASCE on context switch s390/early: improve machine detection s390/smp: fix CPU hotplug deadlock with CPU rescan misc: ibmvsm: Fix potential NULL pointer dereference char/mwave: fix potential Spectre v1 vulnerability mmc: dw_mmc-bluefield: : Fix the license information mmc: meson-gx: Free irq in release() callback staging: rtl8188eu: Add device code for D-Link DWA-121 rev B1 tty: Handle problem if line discipline does not have receive_buf uart: Fix crash in uart_write and uart_put_char tty/n_hdlc: fix __might_sleep warning hv_balloon: avoid touching uninitialized struct page during tail onlining Drivers: hv: vmbus: Check for ring when getting debug info vgacon: unconfuse vc_origin when using soft scrollback CIFS: Fix possible hang during async MTU reads and writes CIFS: Fix credits calculations for reads with errors CIFS: Fix credit calculation for encrypted reads with errors CIFS: Do not reconnect TCP session in add_credits() smb3: add credits we receive from oplock/break PDUs Input: xpad - add support for SteelSeries Stratus Duo Input: input_event - provide override for sparc64 Input: uinput - fix undefined behavior in uinput_validate_absinfo() acpi/nfit: Block function zero DSMs acpi/nfit: Fix command-supported detection scsi: ufs: Use explicit access size in ufshcd_dump_regs dm thin: fix passdown_double_checking_shared_status() dm crypt: fix parsing of extended IV arguments drm/amdgpu: Add APTX quirk for Lenovo laptop KVM: x86: Fix single-step debugging KVM: x86: Fix PV IPIs for 32-bit KVM host KVM: x86: WARN_ONCE if sending a PV IPI returns a fatal error kvm: x86/vmx: Use kzalloc for cached_vmcs12 KVM/nVMX: Do not validate that posted_intr_desc_addr is page aligned x86/pkeys: Properly copy pkey state at fork() x86/selftests/pkeys: Fork() to check for state being preserved x86/kaslr: Fix incorrect i8254 outb() parameters x86/entry/64/compat: Fix stack switching for XEN PV posix-cpu-timers: Unbreak timer rearming net: sun: cassini: Cleanup license conflict irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size can: dev: __can_get_echo_skb(): fix bogous check for non-existing skb by removing it can: bcm: check timer values before ktime conversion can: flexcan: fix NULL pointer exception during bringup vt: make vt_console_print() compatible with the unicode screen buffer vt: always call notifier with the console lock held vt: invoke notifier on screen size change drm/meson: Fix atomic mode switching regression bpf: improve verifier branch analysis bpf: add per-insn complexity limit bpf: move {prev_,}insn_idx into verifier env bpf: move tmp variable into ax register in interpreter bpf: enable access to ax register also from verifier rewrite bpf: restrict map value pointer arithmetic for unprivileged bpf: restrict stack pointer arithmetic for unprivileged bpf: restrict unknown scalars of mixed signed bounds for unprivileged bpf: fix check_map_access smin_value test when pointer contains offset bpf: prevent out of bounds speculation on pointer arithmetic bpf: fix sanitation of alu op with pointer / scalar type from different paths bpf: fix inner map masking to prevent oob under speculation s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU nvmet-rdma: Add unlikely for response allocated check nvmet-rdma: fix null dereference under heavy load Revert "mm, memory_hotplug: initialize struct pages for the full memory section" usb: dwc3: gadget: Clear req->needs_extra_trb flag on cleanup ide: fix a typo in the settings proc file name Input: input_event - fix the CONFIG_SPARC64 mixup Linux 4.19.19 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Gustavo A. R. Silva
|
d3faea2d15 |
char/mwave: fix potential Spectre v1 vulnerability
commit 701956d4018e5d5438570e39e8bda47edd32c489 upstream. ipcnum is indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. This issue was detected with the help of Smatch: drivers/char/mwave/mwavedd.c:299 mwave_ioctl() warn: potential spectre issue 'pDrvData->IPCs' [w] (local cap) Fix this by sanitizing ipcnum before using it to index pDrvData->IPCs. Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2 Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Greg Kroah-Hartman
|
26bf816608 |
This is the 4.19.18 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlxMGy0ACgkQONu9yGCS aT5ppQ/8COjyZg1aTrCrd0ttMHYotw3Lb4B6E/SCf2ub4X38SxGz9irhQ7r2FKdK w0ZXlLOF2ddqWe6BUnIfWago4Pk1GBpg3bgnp5XyYTjlJbfI2yZ9ggiO0iNYBPaL fN2JwM9eze/7cDlpYbhwGpF4+Wz8wTrzh+NIputcvC6n3SQH/cTGmOUa9rlamQju uukkvLanAYY3sqDCl4B415Ds44ROU4filqHYIkvZC81jc3Q0YZ8M7cTmpLcDQKGz 8Z+Veil07jEM9bF2W8iX79nwxMT+edFC62HMuRCoxJKq+1kccw1TVMWpQ8TWbv13 zeLOqXxNP6VcNaC251q3QzlInRDp1dtr8KtzA/OG0WFnZBTEDng/iChhiL8qZt0R 9+Sz7n9uZ5pMRK3tr03Ccjg3AneKWRqad2iaTB/kOwAdu7Uqxz8U9qUuRDFPV7OY KTMCCfdS8XpMHl/S+Cvg2dqSNiBEkNmowYO6NvQClG0aoN4/6wH+m2TZ0hCl6PVq pNFOTJmp7FOaztEZC4rqW8DoOGeGaNo5DP9A2XKKDR20F7EiAE437ApEQ4p5QGVk ek4uslZkwJWU/UOzXRl/Hoz0OlI0ixsdZy1vw88HCl7SD1E7xHJpnRUkOjigTT1Q nbCt0Nm/A2+c1tKbzU+PVW8FtIbutZhW1BtrqaIbbHr9NBTICR0= =Yg+/ -----END PGP SIGNATURE----- Merge 4.19.18 into android-4.19 Changes in 4.19.18 ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address mlxsw: spectrum: Disable lag port TX before removing it mlxsw: spectrum_switchdev: Set PVID correctly during VLAN deletion net: dsa: mv88x6xxx: mv88e6390 errata net, skbuff: do not prefer skb allocation fails early qmi_wwan: add MTU default to qmap network interface r8169: Add support for new Realtek Ethernet ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses net: clear skb->tstamp in bridge forwarding path netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets gpio: pl061: Move irq_chip definition inside struct pl061 drm/amd/display: Guard against null stream_state in set_crc_source drm/amdkfd: fix interrupt spin lock ixgbe: allow IPsec Tx offload in VEPA mode platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey e1000e: allow non-monotonic SYSTIM readings usb: typec: tcpm: Do not disconnect link for self powered devices selftests/bpf: enable (uncomment) all tests in test_libbpf.sh of: overlay: add missing of_node_put() after add new node to changeset writeback: don't decrement wb->refcnt if !wb->bdi serial: set suppress_bind_attrs flag only if builtin bpf: Allow narrow loads with offset > 0 ALSA: oxfw: add support for APOGEE duet FireWire x86/mce: Fix -Wmissing-prototypes warnings MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur crypto: ecc - regularize scalar for scalar multiplication arm64: perf: set suppress_bind_attrs flag to true drm/atomic-helper: Complete fake_commit->flip_done potentially earlier clk: meson: meson8b: fix incorrect divider mapping in cpu_scale_table samples: bpf: fix: error handling regarding kprobe_events usb: gadget: udc: renesas_usb3: add a safety connection way for forced_b_device fpga: altera-cvp: fix probing for multiple FPGAs on the bus selinux: always allow mounting submounts ASoC: pcm3168a: Don't disable pcm3168a when CONFIG_PM defined scsi: qedi: Check for session online before getting iSCSI TLV data. drm/amdgpu: Reorder uvd ring init before uvd resume rxe: IB_WR_REG_MR does not capture MR's iova field efi/libstub: Disable some warnings for x86{,_64} jffs2: Fix use of uninitialized delayed_work, lockdep breakage clk: imx: make mux parent strings const pstore/ram: Do not treat empty buffers as valid media: uvcvideo: Refactor teardown of uvc on USB disconnect powerpc/xmon: Fix invocation inside lock region powerpc/pseries/cpuidle: Fix preempt warning media: firewire: Fix app_info parameter type in avc_ca{,_app}_info ASoC: use dma_ops of parent device for acp_audio_dma media: venus: core: Set dma maximum segment size staging: erofs: fix use-after-free of on-stack `z_erofs_vle_unzip_io' net: call sk_dst_reset when set SO_DONTROUTE scsi: target: use consistent left-aligned ASCII INQUIRY data scsi: target/core: Make sure that target_wait_for_sess_cmds() waits long enough selftests: do not macro-expand failed assertion expressions arm64: kasan: Increase stack size for KASAN_EXTRA clk: imx6q: reset exclusive gates on init arm64: Fix minor issues with the dcache_by_line_op macro bpf: relax verifier restriction on BPF_MOV | BPF_ALU kconfig: fix file name and line number of warn_ignored_character() kconfig: fix memory leak when EOF is encountered in quotation mmc: atmel-mci: do not assume idle after atmci_request_end btrfs: volumes: Make sure there is no overlap of dev extents at mount time btrfs: alloc_chunk: fix more DUP stripe size handling btrfs: fix use-after-free due to race between replace start and cancel btrfs: improve error handling of btrfs_add_link tty/serial: do not free trasnmit buffer page under port lock perf intel-pt: Fix error with config term "pt=0" perf tests ARM: Disable breakpoint tests 32-bit perf svghelper: Fix unchecked usage of strncpy() perf parse-events: Fix unchecked usage of strncpy() perf vendor events intel: Fix Load_Miss_Real_Latency on SKL/SKX netfilter: ipt_CLUSTERIP: check MAC address when duplicate config is set netfilter: ipt_CLUSTERIP: remove wrong WARN_ON_ONCE in netns exit routine netfilter: ipt_CLUSTERIP: fix deadlock in netns exit routine x86/topology: Use total_cpus for max logical packages calculation dm crypt: use u64 instead of sector_t to store iv_offset dm kcopyd: Fix bug causing workqueue stalls perf stat: Avoid segfaults caused by negated options tools lib subcmd: Don't add the kernel sources to the include path dm snapshot: Fix excessive memory usage and workqueue stalls perf cs-etm: Correct packets swapping in cs_etm__flush() perf tools: Add missing sigqueue() prototype for systems lacking it perf tools: Add missing open_memstream() prototype for systems lacking it quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF} quotactls. clocksource/drivers/integrator-ap: Add missing of_node_put() dm: Check for device sector overflow if CONFIG_LBDAF is not set Bluetooth: btusb: Add support for Intel bluetooth device 8087:0029 ALSA: bebob: fix model-id of unit for Apogee Ensemble sysfs: Disable lockdep for driver bind/unbind files IB/usnic: Fix potential deadlock scsi: mpt3sas: fix memory ordering on 64bit writes scsi: smartpqi: correct lun reset issues ath10k: fix peer stats null pointer dereference scsi: smartpqi: call pqi_free_interrupts() in pqi_shutdown() scsi: megaraid: fix out-of-bound array accesses iomap: don't search past page end in iomap_is_partially_uptodate ocfs2: fix panic due to unrecovered local alloc mm/page-writeback.c: don't break integrity writeback on ->writepage() error mm/swap: use nr_node_ids for avail_lists in swap_info_struct userfaultfd: clear flag if remap event not enabled mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps iwlwifi: mvm: Send LQ command as async when necessary Bluetooth: Fix unnecessary error message for HCI request completion ipmi: fix use-after-free of user->release_barrier.rda ipmi: msghandler: Fix potential Spectre v1 vulnerabilities ipmi: Prevent use-after-free in deliver_response ipmi:ssif: Fix handling of multi-part return messages ipmi: Don't initialize anything in the core until something uses it Linux 4.19.18 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Corey Minyard
|
b40aec33ee |
ipmi: Don't initialize anything in the core until something uses it
commit 913a89f009d98c85a902d718cd54bb32ab11d167 upstream. The IPMI driver was recently modified to use SRCU, but it turns out this uses a chunk of percpu memory, even if IPMI is never used. So modify thing to on initialize on the first use. There was already code to sort of handle this for handling init races, so piggy back on top of that, and simplify it in the process. Signed-off-by: Corey Minyard <cminyard@mvista.com> Reported-by: Tejun Heo <tj@kernel.org> Cc: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Reviewed-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com> Cc: stable@vger.kernel.org # 4.18 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Corey Minyard
|
031a94ff8a |
ipmi:ssif: Fix handling of multi-part return messages
commit 7d6380cd40f7993f75c4bde5b36f6019237e8719 upstream. The block number was not being compared right, it was off by one when checking the response. Some statistics wouldn't be incremented properly in some cases. Check to see if that middle-part messages always have 31 bytes of data. Signed-off-by: Corey Minyard <cminyard@mvista.com> Cc: stable@vger.kernel.org # 4.4 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Fred Klassen
|
821a003d8e |
ipmi: Prevent use-after-free in deliver_response
commit 479d6b39b9e0d2de648ebf146f23a1e40962068f upstream.
Some IPMI modules (e.g. ibmpex_msg_handler()) will have ipmi_usr_hdlr
handlers that call ipmi_free_recv_msg() directly. This will essentially
kfree(msg), leading to use-after-free.
This does not happen in the ipmi_devintf module, which will queue the
message and run ipmi_free_recv_msg() later.
BUG: KASAN: use-after-free in deliver_response+0x12f/0x1b0
Read of size 8 at addr ffff888a7bf20018 by task ksoftirqd/3/27
CPU: 3 PID: 27 Comm: ksoftirqd/3 Tainted: G O 4.19.11-amd64-ani99-debug #12.0.1.601133+pv
Hardware name: AppNeta r1000/X11SPW-TF, BIOS 2.1a-AP 09/17/2018
Call Trace:
dump_stack+0x92/0xeb
print_address_description+0x73/0x290
kasan_report+0x258/0x380
deliver_response+0x12f/0x1b0
? ipmi_free_recv_msg+0x50/0x50
deliver_local_response+0xe/0x50
handle_one_recv_msg+0x37a/0x21d0
handle_new_recv_msgs+0x1ce/0x440
...
Allocated by task 9885:
kasan_kmalloc+0xa0/0xd0
kmem_cache_alloc_trace+0x116/0x290
ipmi_alloc_recv_msg+0x28/0x70
i_ipmi_request+0xb4a/0x1640
ipmi_request_settime+0x1b8/0x1e0
...
Freed by task 27:
__kasan_slab_free+0x12e/0x180
kfree+0xe9/0x280
deliver_response+0x122/0x1b0
deliver_local_response+0xe/0x50
handle_one_recv_msg+0x37a/0x21d0
handle_new_recv_msgs+0x1ce/0x440
tasklet_action_common.isra.19+0xc4/0x250
__do_softirq+0x11f/0x51f
Fixes:
|
||
Gustavo A. R. Silva
|
753abe2a63 |
ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
commit a7102c7461794a5bb31af24b08e9e0f50038897a upstream. channel and addr->channel are indirectly controlled by user-space, hence leading to a potential exploitation of the Spectre variant 1 vulnerability. These issues were detected with the help of Smatch: drivers/char/ipmi/ipmi_msghandler.c:1381 ipmi_set_my_address() warn: potential spectre issue 'user->intf->addrinfo' [w] (local cap) drivers/char/ipmi/ipmi_msghandler.c:1401 ipmi_get_my_address() warn: potential spectre issue 'user->intf->addrinfo' [r] (local cap) drivers/char/ipmi/ipmi_msghandler.c:1421 ipmi_set_my_LUN() warn: potential spectre issue 'user->intf->addrinfo' [w] (local cap) drivers/char/ipmi/ipmi_msghandler.c:1441 ipmi_get_my_LUN() warn: potential spectre issue 'user->intf->addrinfo' [r] (local cap) drivers/char/ipmi/ipmi_msghandler.c:2260 check_addr() warn: potential spectre issue 'intf->addrinfo' [r] (local cap) Fix this by sanitizing channel and addr->channel before using them to index user->intf->addrinfo and intf->addrinfo, correspondingly. Notice that given that speculation windows are large, the policy is to kill the speculation on the first load and not worry if it can be completed with a dependent load/store [1]. [1] https://lore.kernel.org/lkml/20180423164740.GY17484@dhcp22.suse.cz/ Cc: stable@vger.kernel.org Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Yang Yingliang
|
1c393ca118 |
ipmi: fix use-after-free of user->release_barrier.rda
commit 77f8269606bf95fcb232ee86f6da80886f1dfae8 upstream.
When we do the following test, we got oops in ipmi_msghandler driver
while((1))
do
service ipmievd restart & service ipmievd restart
done
---------------------------------------------------------------
[ 294.230186] Unable to handle kernel paging request at virtual address 0000803fea6ea008
[ 294.230188] Mem abort info:
[ 294.230190] ESR = 0x96000004
[ 294.230191] Exception class = DABT (current EL), IL = 32 bits
[ 294.230193] SET = 0, FnV = 0
[ 294.230194] EA = 0, S1PTW = 0
[ 294.230195] Data abort info:
[ 294.230196] ISV = 0, ISS = 0x00000004
[ 294.230197] CM = 0, WnR = 0
[ 294.230199] user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000a1c1b75a
[ 294.230201] [0000803fea6ea008] pgd=0000000000000000
[ 294.230204] Internal error: Oops: 96000004 [#1] SMP
[ 294.235211] Modules linked in: nls_utf8 isofs rpcrdma ib_iser ib_srpt target_core_mod ib_srp scsi_transport_srp ib_ipoib rdma_ucm ib_umad rdma_cm ib_cm iw_cm dm_mirror dm_region_hash dm_log dm_mod aes_ce_blk crypto_simd cryptd aes_ce_cipher ghash_ce sha2_ce ses sha256_arm64 sha1_ce hibmc_drm hisi_sas_v2_hw enclosure sg hisi_sas_main sbsa_gwdt ip_tables mlx5_ib ib_uverbs marvell ib_core mlx5_core ixgbe ipmi_si mdio hns_dsaf ipmi_devintf ipmi_msghandler hns_enet_drv hns_mdio
[ 294.277745] CPU: 3 PID: 0 Comm: swapper/3 Kdump: loaded Not tainted 5.0.0-rc2+ #113
[ 294.285511] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.37 11/21/2017
[ 294.292835] pstate: 80000005 (Nzcv daif -PAN -UAO)
[ 294.297695] pc : __srcu_read_lock+0x38/0x58
[ 294.301940] lr : acquire_ipmi_user+0x2c/0x70 [ipmi_msghandler]
[ 294.307853] sp : ffff00001001bc80
[ 294.311208] x29: ffff00001001bc80 x28: ffff0000117e5000
[ 294.316594] x27: 0000000000000000 x26: dead000000000100
[ 294.321980] x25: dead000000000200 x24: ffff803f6bd06800
[ 294.327366] x23: 0000000000000000 x22: 0000000000000000
[ 294.332752] x21: ffff00001001bd04 x20: ffff80df33d19018
[ 294.338137] x19: ffff80df33d19018 x18: 0000000000000000
[ 294.343523] x17: 0000000000000000 x16: 0000000000000000
[ 294.348908] x15: 0000000000000000 x14: 0000000000000002
[ 294.354293] x13: 0000000000000000 x12: 0000000000000000
[ 294.359679] x11: 0000000000000000 x10: 0000000000100000
[ 294.365065] x9 : 0000000000000000 x8 : 0000000000000004
[ 294.370451] x7 : 0000000000000000 x6 : ffff80df34558678
[ 294.375836] x5 : 000000000000000c x4 : 0000000000000000
[ 294.381221] x3 : 0000000000000001 x2 : 0000803fea6ea000
[ 294.386607] x1 : 0000803fea6ea008 x0 : 0000000000000001
[ 294.391994] Process swapper/3 (pid: 0, stack limit = 0x0000000083087293)
[ 294.398791] Call trace:
[ 294.401266] __srcu_read_lock+0x38/0x58
[ 294.405154] acquire_ipmi_user+0x2c/0x70 [ipmi_msghandler]
[ 294.410716] deliver_response+0x80/0xf8 [ipmi_msghandler]
[ 294.416189] deliver_local_response+0x28/0x68 [ipmi_msghandler]
[ 294.422193] handle_one_recv_msg+0x158/0xcf8 [ipmi_msghandler]
[ 294.432050] handle_new_recv_msgs+0xc0/0x210 [ipmi_msghandler]
[ 294.441984] smi_recv_tasklet+0x8c/0x158 [ipmi_msghandler]
[ 294.451618] tasklet_action_common.isra.5+0x88/0x138
[ 294.460661] tasklet_action+0x2c/0x38
[ 294.468191] __do_softirq+0x120/0x2f8
[ 294.475561] irq_exit+0x134/0x140
[ 294.482445] __handle_domain_irq+0x6c/0xc0
[ 294.489954] gic_handle_irq+0xb8/0x178
[ 294.497037] el1_irq+0xb0/0x140
[ 294.503381] arch_cpu_idle+0x34/0x1a8
[ 294.510096] do_idle+0x1d4/0x290
[ 294.516322] cpu_startup_entry+0x28/0x30
[ 294.523230] secondary_start_kernel+0x184/0x1d0
[ 294.530657] Code: d538d082 d2800023 8b010c81 8b020021 (c85f7c25)
[ 294.539746] ---[ end trace 8a7a880dee570b29 ]---
[ 294.547341] Kernel panic - not syncing: Fatal exception in interrupt
[ 294.556837] SMP: stopping secondary CPUs
[ 294.563996] Kernel Offset: disabled
[ 294.570515] CPU features: 0x002,21006008
[ 294.577638] Memory Limit: none
[ 294.587178] Starting crashdump kernel...
[ 294.594314] Bye!
Because the user->release_barrier.rda is freed in ipmi_destroy_user(), but
the refcount is not zero, when acquire_ipmi_user() uses user->release_barrier.rda
in __srcu_read_lock(), it causes oops.
Fix this by calling cleanup_srcu_struct() when the refcount is zero.
Fixes:
|
||
Greg Kroah-Hartman
|
8735c21738 |
This is the 4.19.14 stable release
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEZH8oZUiU471FcZm+ONu9yGCSaT4FAlw2Jd8ACgkQONu9yGCS aT5DIw//RlX7Djwh9VnEEgggVpPxzIDfO8BcIR5EvSpHoci2skeD6/M5a+xiKKLk HOuH/cqBobkifnCzHwHLQYP9rIbkRceW0wDU2tdaecTf6G82TPoa5rQzG0rMMTM4 HFrMlMXvQoWSlaALBi5xkGGa7AGOVcmiJBaIkbqNST4Ah8KMBRxEqDvnbh/ALXCe qLRc7lDf/WRoN9GBzoCJwuaF9EcDW/C3EyHowVroDkN3UobzfdFSmrjkteFbkIkp 9rMzoyIXmKAe762ggkQTk8hEaVHqs7YxWlq53cym6NBtiBgfjqIKtT6tEtGs5U3i sA+YK6PzCfwp4I0ffXVqUoFi3WfJ4Ist+co8e8Uu0+taRDzahBkxtxxmNb6URU64 1sosY0YyG7k72OYp9J4mYhCAbxUKC8S80TWjwPlyaVaUDWDHAbOQk5HDJ9wIERmN PltF9wQ7ZQrha4v4nafPYJn/FmQuDCfDA78vOJ09PEbNZoNBhqXbHJGx/GEShdDE /ZzoVigpN2tqIvXFM99rVPRDaTsWlCSiorOvn8vTyqv64EaGO2qZUDmvaReEbUxy i1jJ5YcQoPk4GbNI8hfShGOhT+eAtw/KW5pHwqHbEle6jyeK+7KIdBmzw5ZXQIM6 4tzDOgn7yIpkMc+qyj3n3WE1LqRLt/cbOoxMu85jHDf5LgrtF50= =Gqyx -----END PGP SIGNATURE----- Merge 4.19.14 into android-4.19 Changes in 4.19.14 ax25: fix a use-after-free in ax25_fillin_cb() gro_cell: add napi_disable in gro_cells_destroy ibmveth: fix DMA unmap error in ibmveth_xmit_start error path ieee802154: lowpan_header_create check must check daddr ip6mr: Fix potential Spectre v1 vulnerability ipv4: Fix potential Spectre v1 vulnerability ipv6: explicitly initialize udp6_addr in udp_sock_create6() ipv6: tunnels: fix two use-after-free ip: validate header length on virtual device xmit isdn: fix kernel-infoleak in capi_unlocked_ioctl net: clear skb->tstamp in forwarding paths net/hamradio/6pack: use mod_timer() to rearm timers net: ipv4: do not handle duplicate fragments as overlapping net: macb: restart tx after tx used bit read net: mvpp2: 10G modes aren't supported on all ports net: phy: Fix the issue that netif always links up after resuming netrom: fix locking in nr_find_socket() net/smc: fix TCP fallback socket release net: stmmac: Fix an error code in probe() net/tls: allocate tls context using GFP_ATOMIC net/wan: fix a double free in x25_asy_open_tty() packet: validate address length packet: validate address length if non-zero ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() qmi_wwan: Added support for Fibocom NL668 series qmi_wwan: Added support for Telit LN940 series qmi_wwan: Add support for Fibocom NL678 series sctp: initialize sin6_flowinfo for ipv6 addrs in sctp_inet6addr_event sock: Make sock->sk_stamp thread-safe tcp: fix a race in inet_diag_dump_icsk() tipc: check tsk->group in tipc_wait_for_cond() tipc: compare remote and local protocols in tipc_udp_enable() tipc: fix a double free in tipc_enable_bearer() tipc: fix a double kfree_skb() tipc: use lock_sock() in tipc_sk_reinit() vhost: make sure used idx is seen before log in vhost_add_used_n() VSOCK: Send reset control packet when socket is partially bound xen/netfront: tolerate frags with no data net/mlx5: Typo fix in del_sw_hw_rule tipc: check group dests after tipc_wait_for_cond() net/mlx5e: Remove the false indication of software timestamping support ipv6: frags: Fix bogus skb->sk in reassembled packets net/ipv6: Fix a test against 'ipv6_find_idev()' return value nfp: flower: ensure TCP flags can be placed in IPv6 frame ipv6: route: Fix return value of ip6_neigh_lookup() on neigh_create() error mscc: Configured MAC entries should be locked. net/mlx5e: Cancel DIM work on close SQ net/mlx5e: RX, Verify MPWQE stride size is in range net: mvpp2: fix the phylink mode validation qed: Fix command number mismatch between driver and the mfw mlxsw: core: Increase timeout during firmware flash process net/mlx5e: Remove unused UDP GSO remaining counter net/mlx5e: RX, Fix wrong early return in receive queue poll net: mvneta: fix operation for 64K PAGE_SIZE net: Use __kernel_clockid_t in uapi net_stamp.h r8169: fix WoL device wakeup enable IB/hfi1: Incorrect sizing of sge for PIO will OOPs ALSA: rme9652: Fix potential Spectre v1 vulnerability ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities ALSA: pcm: Fix potential Spectre v1 vulnerability ALSA: emux: Fix potential Spectre v1 vulnerabilities powerpc/fsl: Fix spectre_v2 mitigations reporting mtd: atmel-quadspi: disallow building on ebsa110 mtd: rawnand: marvell: prevent timeouts on a loaded machine mtd: rawnand: omap2: Pass the parent of pdev to dma_request_chan() ALSA: hda: add mute LED support for HP EliteBook 840 G4 ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 ALSA: fireface: fix for state to fetch PCM frames ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint ALSA: firewire-lib: use the same print format for 'without_header' tracepoints ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops ALSA: hda/tegra: clear pending irq handlers usb: dwc2: host: use hrtimer for NAK retries USB: serial: pl2303: add ids for Hewlett-Packard HP POS pole displays USB: serial: option: add Fibocom NL678 series usb: r8a66597: Fix a possible concurrency use-after-free bug in r8a66597_endpoint_disable() usb: dwc2: disable power_down on Amlogic devices Revert "usb: dwc3: pci: Use devm functions to get the phy GPIOs" usb: roles: Add a description for the class to Kconfig media: dvb-usb-v2: Fix incorrect use of transfer_flags URB_FREE_BUFFER staging: wilc1000: fix missing read_write setting when reading data ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty s390/pci: fix sleeping in atomic during hotplug Input: atmel_mxt_ts - don't try to free unallocated kernel memory Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off x86/mm: Drop usage of __flush_tlb_all() in kernel_physical_mapping_init() KVM: x86: Use jmp to invoke kvm_spurious_fault() from .fixup arm64: KVM: Make VHE Stage-2 TLB invalidation operations non-interruptible KVM: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails platform-msi: Free descriptors in platform_msi_domain_free() drm/v3d: Skip debugfs dumping GCA on platforms without GCA. DRM: UDL: get rid of useless vblank initialization clocksource/drivers/arc_timer: Utilize generic sched_clock perf machine: Record if a arch has a single user/kernel address space perf thread: Add fallback functions for cases where cpumode is insufficient perf tools: Use fallback for sample_addr_correlates_sym() cases perf script: Use fallbacks for branch stacks perf pmu: Suppress potential format-truncation warning perf env: Also consider env->arch == NULL as local operation ocxl: Fix endiannes bug in ocxl_link_update_pe() ocxl: Fix endiannes bug in read_afu_name() ext4: add ext4_sb_bread() to disambiguate ENOMEM cases ext4: fix possible use after free in ext4_quota_enable ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() ext4: fix EXT4_IOC_GROUP_ADD ioctl ext4: include terminating u32 in size of xattr entries when expanding inodes ext4: avoid declaring fs inconsistent due to invalid file handles ext4: force inode writes when nfsd calls commit_metadata() ext4: check for shutdown and r/o file system in ext4_write_inode() spi: bcm2835: Fix race on DMA termination spi: bcm2835: Fix book-keeping of DMA termination spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode clk: rockchip: fix typo in rk3188 spdif_frac parent clk: sunxi-ng: Use u64 for calculation of NM rate crypto: cavium/nitrox - fix a DMA pool free failure crypto: chcr - small packet Tx stalls the queue crypto: testmgr - add AES-CFB tests crypto: cfb - fix decryption cgroup: fix CSS_TASK_ITER_PROCS cdc-acm: fix abnormal DATA RX issue for Mediatek Preloader. btrfs: dev-replace: go back to suspended state if target device is missing btrfs: dev-replace: go back to suspend state if another EXCL_OP is running btrfs: skip file_extent generation check for free_space_inode in run_delalloc_nocow Btrfs: fix fsync of files with multiple hard links in new directories btrfs: run delayed items before dropping the snapshot Btrfs: send, fix race with transaction commits that create snapshots brcmfmac: fix roamoff=1 modparam brcmfmac: Fix out of bounds memory access during fw load powerpc/tm: Unset MSR[TS] if not recheckpointing dax: Don't access a freed inode dax: Use non-exclusive wait in wait_entry_unlocked() f2fs: read page index before freeing f2fs: fix validation of the block count in sanity_check_raw_super f2fs: sanity check of xattr entry size serial: uartps: Fix interrupt mask issue to handle the RX interrupts properly media: cec: keep track of outstanding transmits media: cec-pin: fix broken tx_ignore_nack_until_eom error injection media: rc: cec devices do not have a lirc chardev media: imx274: fix stack corruption in imx274_read_reg media: vivid: free bitmap_cap when updating std/timings/etc. media: vb2: check memory model for VIDIOC_CREATE_BUFS media: v4l2-tpg: array index could become negative tools lib traceevent: Fix processing of dereferenced args in bprintk events MIPS: math-emu: Write-protect delay slot emulation pages MIPS: c-r4k: Add r4k_blast_scache_node for Loongson-3 MIPS: Ensure pmd_present() returns false after pmd_mknotpresent() MIPS: Align kernel load address to 64KB MIPS: Expand MIPS32 ASIDs to 64 bits MIPS: OCTEON: mark RGMII interface disabled on OCTEON III MIPS: Fix a R10000_LLSC_WAR logic in atomic.h CIFS: Fix error mapping for SMB2_LOCK command which caused OFD lock problem smb3: fix large reads on encrypted connections arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 arm/arm64: KVM: vgic: Force VM halt when changing the active state of GICv3 PPIs/SGIs ARM: dts: exynos: Specify I2S assigned clocks in proper node rtc: m41t80: Correct alarm month range with RTC reads KVM: arm/arm64: vgic: Do not cond_resched_lock() with IRQs disabled KVM: arm/arm64: vgic: Cap SPIs to the VM-defined maximum KVM: arm/arm64: vgic-v2: Set active_source to 0 when restoring state KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq() iommu/arm-smmu-v3: Fix big-endian CMD_SYNC writes arm64: compat: Avoid sending SIGILL for unallocated syscall numbers tpm: tpm_try_transmit() refactor error flow. tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x spi: bcm2835: Unbreak the build of esoteric configs MIPS: Only include mmzone.h when CONFIG_NEED_MULTIPLE_NODES=y Linux 4.19.14 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> |
||
Tomas Winkler
|
62977aad0a |
tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x
commit 2ba5780ce30549cf57929b01d8cba6fe656e31c5 upstream. tpm_i2c_nuvoton calculated commands duration using TPM 1.x values via tpm_calc_ordinal_duration() also for TPM 2.x chips. Call tpm2_calc_ordinal_duration() for retrieving ordinal duration for TPM 2.X chips. Cc: stable@vger.kernel.org Cc: Nayna Jain <nayna@linux.vnet.ibm.com> Signed-off-by: Tomas Winkler <tomas.winkler@intel.com> Reviewed-by: Nayna Jain <nayna@linux.ibm.com> Tested-by: Nayna Jain <nayna@linux.ibm.com> (For TPM 2.0) Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Tomas Winkler
|
7f4a7b1bad |
tpm: tpm_try_transmit() refactor error flow.
commit 01f54664a4db0d612de0ece8e0022f21f9374e9b upstream.
First, rename out_no_locality to out_locality for bailing out on
both tpm_cmd_ready() and tpm_request_locality() failure.
Second, ignore the return value of go_to_idle() as it may override
the return value of the actual tpm operation, the go_to_idle() error
will be caught on any consequent command.
Last, fix the wrong 'goto out', that jumped back instead of forward.
Cc: stable@vger.kernel.org
Fixes:
|
||
Eric Biggers
|
f816abd103 |
BACKPORT, FROMGIT: crypto: chacha20-generic - refactor to allow varying number of rounds
In preparation for adding XChaCha12 support, rename/refactor chacha20-generic to support different numbers of rounds. The justification for needing XChaCha12 support is explained in more detail in the patch "crypto: chacha - add XChaCha12 support". The only difference between ChaCha{8,12,20} are the number of rounds itself; all other parts of the algorithm are the same. Therefore, remove the "20" from all definitions, structures, functions, files, etc. that will be shared by all ChaCha versions. Also make ->setkey() store the round count in the chacha_ctx (previously chacha20_ctx). The generic code then passes the round count through to chacha_block(). There will be a ->setkey() function for each explicitly allowed round count; the encrypt/decrypt functions will be the same. I decided not to do it the opposite way (same ->setkey() function for all round counts, with different encrypt/decrypt functions) because that would have required more boilerplate code in architecture-specific implementations of ChaCha and XChaCha. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 1ca1b917940c24ca3d1f490118c5474168622953 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Conflicts: arch/x86/crypto/chacha20_glue.c drivers/crypto/caam/caamalg.c drivers/crypto/caam/caamalg_qi2.c drivers/crypto/caam/compat.h include/crypto/chacha20.h Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I7fa203ddc7095ce8675a32f49b8a5230cd0cf5f6 Signed-off-by: Eric Biggers <ebiggers@google.com> |
||
Eric Biggers
|
8e2d31a6e3 |
UPSTREAM: crypto: chacha20 - Fix chacha20_block() keystream alignment (again)
In commit
|
||
Jarkko Sakkinen
|
c6d2e2023c |
tpm: fix response size validation in tpm_get_random()
commit 84b59f6487d82d3ab4247a099aba66d4d17e8b08 upstream.
When checking whether the response is large enough to be able to contain
the received random bytes in tpm_get_random() and tpm2_get_random(),
they fail to take account the header size, which should be added to the
minimum size. This commit fixes this issue.
Cc: stable@vger.kernel.org
Fixes:
|
||
Dr. Greg Wettstein
|
4eab852bf2 |
tpm: Restore functionality to xen vtpm driver.
commit e487a0f52301293152a6f8c4e217f2a11dd808e3 upstream. Functionality of the xen-tpmfront driver was lost secondary to the introduction of xenbus multi-page support in commit |
||
Javier Martinez Canillas
|
f4b5f4393b |
tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated
[ Upstream commit 0d6d0d62d9505a9816716aa484ebd0b04c795063 ] For TPM 1.2 chips the system setup utility allows to set the TPM device in one of the following states: * Active: Security chip is functional * Inactive: Security chip is visible, but is not functional * Disabled: Security chip is hidden and is not functional When choosing the "Inactive" state, the TPM 1.2 device is enumerated and registered, but sending TPM commands fail with either TPM_DEACTIVATED or TPM_DISABLED depending if the firmware deactivated or disabled the TPM. Since these TPM 1.2 error codes don't have special treatment, inactivating the TPM leads to a very noisy kernel log buffer that shows messages like the following: tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78) tpm tpm0: A TPM error (6) occurred attempting to read a pcr value tpm tpm0: TPM is disabled/deactivated (0x6) tpm tpm0: A TPM error (6) occurred attempting get random tpm tpm0: A TPM error (6) occurred attempting to read a pcr value ima: No TPM chip found, activating TPM-bypass! (rc=6) tpm tpm0: A TPM error (6) occurred attempting get random tpm tpm0: A TPM error (6) occurred attempting get random tpm tpm0: A TPM error (6) occurred attempting get random tpm tpm0: A TPM error (6) occurred attempting get random Let's just suppress error log messages for the TPM_{DEACTIVATED,DISABLED} return codes, since this is expected when the TPM 1.2 is set to Inactive. In that case the kernel log is cleaner and less confusing for users, i.e: tpm_tis 00:05: 1.2 TPM (device-id 0x0, rev-id 78) tpm tpm0: TPM is disabled/deactivated (0x6) ima: No TPM chip found, activating TPM-bypass! (rc=6) Reported-by: Hans de Goede <hdegoede@redhat.com> Signed-off-by: Javier Martinez Canillas <javierm@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Jan Glauber
|
8e071518d1 |
ipmi: Fix timer race with module unload
commit 0711e8c1b4572d076264e71b0002d223f2666ed7 upstream. Please note that below oops is from an older kernel, but the same race seems to be present in the upstream kernel too. ---8<--- The following panic was encountered during removing the ipmi_ssif module: [ 526.352555] Unable to handle kernel paging request at virtual address ffff000006923090 [ 526.360464] Mem abort info: [ 526.363257] ESR = 0x86000007 [ 526.366304] Exception class = IABT (current EL), IL = 32 bits [ 526.372221] SET = 0, FnV = 0 [ 526.375269] EA = 0, S1PTW = 0 [ 526.378405] swapper pgtable: 4k pages, 48-bit VAs, pgd = 000000008ae60416 [ 526.385185] [ffff000006923090] *pgd=000000bffcffe803, *pud=000000bffcffd803, *pmd=0000009f4731a003, *pte=0000000000000000 [ 526.396141] Internal error: Oops: 86000007 [#1] SMP [ 526.401008] Modules linked in: nls_iso8859_1 ipmi_devintf joydev input_leds ipmi_msghandler shpchp sch_fq_codel ib_iser rdma_cm iw_cm ib_cm ib_core iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ip_tables x_tables autofs4 btrfs zstd_compress raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear i2c_smbus hid_generic usbhid uas hid usb_storage ast aes_ce_blk i2c_algo_bit aes_ce_cipher qede ttm crc32_ce ptp crct10dif_ce drm_kms_helper ghash_ce syscopyarea sha2_ce sysfillrect sysimgblt pps_core fb_sys_fops sha256_arm64 sha1_ce mpt3sas qed drm raid_class ahci scsi_transport_sas libahci gpio_xlp i2c_xlp9xx aes_neon_bs aes_neon_blk crypto_simd cryptd aes_arm64 [last unloaded: ipmi_ssif] [ 526.468085] CPU: 125 PID: 0 Comm: swapper/125 Not tainted 4.15.0-35-generic #38~lp1775396+build.1 [ 526.476942] Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL022 08/14/2018 [ 526.484932] pstate: 00400009 (nzcv daif +PAN -UAO) [ 526.489713] pc : 0xffff000006923090 [ 526.493198] lr : call_timer_fn+0x34/0x178 [ 526.497194] sp : ffff000009b0bdd0 [ 526.500496] x29: ffff000009b0bdd0 x28: 0000000000000082 [ 526.505796] x27: 0000000000000002 x26: ffff000009515188 [ 526.511096] x25: ffff000009515180 x24: ffff0000090f1018 [ 526.516396] x23: ffff000009519660 x22: dead000000000200 [ 526.521696] x21: ffff000006923090 x20: 0000000000000100 [ 526.526995] x19: ffff809eeb466a40 x18: 0000000000000000 [ 526.532295] x17: 000000000000000e x16: 0000000000000007 [ 526.537594] x15: 0000000000000000 x14: 071c71c71c71c71c [ 526.542894] x13: 0000000000000000 x12: 0000000000000000 [ 526.548193] x11: 0000000000000001 x10: ffff000009b0be88 [ 526.553493] x9 : 0000000000000000 x8 : 0000000000000005 [ 526.558793] x7 : ffff80befc1f8528 x6 : 0000000000000020 [ 526.564092] x5 : 0000000000000040 x4 : 0000000020001b20 [ 526.569392] x3 : 0000000000000000 x2 : ffff809eeb466a40 [ 526.574692] x1 : ffff000006923090 x0 : ffff809eeb466a40 [ 526.579992] Process swapper/125 (pid: 0, stack limit = 0x000000002eb50acc) [ 526.586854] Call trace: [ 526.589289] 0xffff000006923090 [ 526.592419] expire_timers+0xc8/0x130 [ 526.596070] run_timer_softirq+0xec/0x1b0 [ 526.600070] __do_softirq+0x134/0x328 [ 526.603726] irq_exit+0xc8/0xe0 [ 526.606857] __handle_domain_irq+0x6c/0xc0 [ 526.610941] gic_handle_irq+0x84/0x188 [ 526.614679] el1_irq+0xe8/0x180 [ 526.617822] cpuidle_enter_state+0xa0/0x328 [ 526.621993] cpuidle_enter+0x34/0x48 [ 526.625564] call_cpuidle+0x44/0x70 [ 526.629040] do_idle+0x1b8/0x1f0 [ 526.632256] cpu_startup_entry+0x2c/0x30 [ 526.636174] secondary_start_kernel+0x11c/0x130 [ 526.640694] Code: bad PC value [ 526.643800] ---[ end trace d020b0b8417c2498 ]--- [ 526.648404] Kernel panic - not syncing: Fatal exception in interrupt [ 526.654778] SMP: stopping secondary CPUs [ 526.658734] Kernel Offset: disabled [ 526.662211] CPU features: 0x5800c38 [ 526.665688] Memory Limit: none [ 526.668768] ---[ end Kernel panic - not syncing: Fatal exception in interrupt Prevent mod_timer from arming a timer that was already removed by del_timer during module unload. Signed-off-by: Jan Glauber <jglauber@cavium.com> Cc: <stable@vger.kernel.org> # 3.19 Signed-off-by: Corey Minyard <cminyard@mvista.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
Linus Torvalds
|
d3bd5973c7 |
A few fixes that came around or after the merge window, except
for |
||
Linus Torvalds
|
3243a89dcb |
Fix things so the choice of whether or not to trust RDRAND to
initialize the CRNG is configurable via the boot option random.trust_cpu={on,off} -----BEGIN PGP SIGNATURE----- iQEzBAABCAAdFiEEK2m5VNv+CHkogTfJ8vlZVpUNgaMFAluVEQAACgkQ8vlZVpUN gaN4vAgAqQQHYBTlHSYTyh9eEyOOo6gSTnu9mgk6iwejUceoPDcwYiFptZvdpQxj moNTz31hy2tFHqt8aiNA2CgSMLI6cilLhz9AzeA6UuQe/EGhZeQHtnvKNIct8Zbg 97+b2WipCgspO0hzm8NLCjcvSgu892fBLc1TVl8Z+GxLhTCTAgkrMqLpo2iSR/Xe +wv2NhT5gAnXFUuHzayiG/wCwSpWNt1cc1DJHVLMFv2yznHL/nagUywO4IeYqaJk ZeXie9GsMZDsqFMOjCPS98U3/7c6y2FoYtm/O4NRUpQh9T8QP4NPylP3NDlhIxss ZTu6x9xXKnLBfhHu5qk6LuYMJNW/lQ== =XP8t -----END PGP SIGNATURE----- Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random Pull random driver fix from Ted Ts'o: "Fix things so the choice of whether or not to trust RDRAND to initialize the CRNG is configurable via the boot option random.trust_cpu={on,off}" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/random: random: make CPU trust a boot parameter |
||
Kees Cook
|
9b25436662 |
random: make CPU trust a boot parameter
Instead of forcing a distro or other system builder to choose at build time whether the CPU is trusted for CRNG seeding via CONFIG_RANDOM_TRUST_CPU, provide a boot-time parameter for end users to control the choice. The CONFIG will set the default state instead. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
||
Gustavo A. R. Silva
|
a8627cda7c |
ipmi: Fix NULL pointer dereference in ssif_probe
There is a potential execution path in which function ssif_info_find() returns NULL, hence there is a NULL pointer dereference when accessing pointer *addr_info* Fix this by null checking *addr_info* before dereferencing it. Addresses-Coverity-ID: 1473145 ("Explicit null dereferenced") Fixes: e333054a91d1 ("ipmi: Fix I2C client removal in the SSIF driver") Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com> Signed-off-by: Corey Minyard <cminyard@mvista.com> |