asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/ipc
History
Michael Bestas 45bf774877
Merge tag 'ASB-2022-12-05_4.19-stable' of https://android.googlesource.com/kernel/common into android13-4.19-kona 
https://source.android.com/docs/security/bulletin/2022-12-01
CVE-2022-23960

# By Yang Yingliang (18) and others
# Via Greg Kroah-Hartman
* tag 'ASB-2022-12-05_4.19-stable' of https://android.googlesource.com/kernel/common:
  Linux 4.19.268
  ipc/sem: Fix dangling sem_array access in semtimedop race
  mmc: sdhci: Fix voltage switch delay
  mmc: sdhci: use FIELD_GET for preset value bit masks
  x86/ioremap: Fix page aligned size calculation in __ioremap_caller()
  Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
  x86/pm: Add enumeration check before spec MSRs save/restore setup
  x86/tsx: Add a feature bit for TSX control MSR support
  nvme: restrict management ioctls to admin
  tcp/udp: Fix memory leak in ipv6_renew_options().
  Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
  parisc: Increase FRAME_WARN to 2048 bytes on parisc
  xtensa: increase size of gcc stack frame check
  parisc: Increase size of gcc stack frame check
  iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init()
  pinctrl: single: Fix potential division by zero
  ASoC: ops: Fix bounds check for _sx controls
  mm: Fix '.data.once' orphan section warning
  arm64: errata: Fix KVM Spectre-v2 mitigation selection for Cortex-A57/A72
  arm64: Fix panic() when Spectre-v2 causes Spectre-BHB to re-allocate KVM vectors
  pinctrl: intel: Save and restore pins in "direct IRQ" mode
  x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3
  nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
  tools/vm/slabinfo-gnuplot: use "grep -E" instead of "egrep"
  error-injection: Add prompt for function error injection
  btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
  hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
  hwmon: (coretemp) Check for null before removing sysfs attrs
  net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed
  packet: do not set TP_STATUS_CSUM_VALID on CHECKSUM_COMPLETE
  net: tun: Fix use-after-free in tun_detach()
  net: hsr: Fix potential use-after-free
  dsa: lan9303: Correct stat name
  net/9p: Fix a potential socket leak in p9_socket_open
  net: net_netdev: Fix error handling in ntb_netdev_init_module()
  net: phy: fix null-ptr-deref while probe() failed
  qlcnic: fix sleep-in-atomic-context bugs caused by msleep
  can: cc770: cc770_isa_probe(): add missing free_cc770dev()
  can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev()
  net/mlx5: Fix uninitialized variable bug in outlen_write()
  of: property: decrement node refcount in of_fwnode_get_reference_args()
  hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails
  hwmon: (i5500_temp) fix missing pci_disable_device()
  scripts/faddr2line: Fix regression in name resolution on ppc64le
  iio: light: rpr0521: add missing Kconfig dependencies
  iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
  iio: health: afe4403: Fix oob read in afe4403_read_raw
  Revert "x86/speculation: Change FILL_RETURN_BUFFER to work with objtool"
  v4l2: don't fall back to follow_pfn() if pin_user_pages_fast() fails
  proc: proc_skip_spaces() shouldn't think it is working on C strings
  proc: avoid integer type confusion in get_proc_long
  spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock
  btrfs: free btrfs_path before copying inodes to userspace
  drm/amdgpu: always register an MMU notifier for userptr
  drm/amd/dc/dce120: Fix audio register mapping, stop triggering KASAN
  btrfs: free btrfs_path before copying subvol info to userspace
  btrfs: free btrfs_path before copying fspath to userspace
  btrfs: free btrfs_path before copying root refs to userspace
  dm integrity: flush the journal on suspend
  net: usb: qmi_wwan: add Telit 0x103a composition
  tcp: configurable source port perturb table size
  platform/x86: hp-wmi: Ignore Smart Experience App event
  platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017)
  platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr()
  xen/platform-pci: add missing free_irq() in error path
  serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios()
  Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode
  nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty
  ceph: avoid putting the realm twice when decoding snaps fails
  ceph: do not update snapshot context when there is no new snapshot
  iio: pressure: ms5611: fixed value compensation bug
  iio: ms5611: Simplify IO callback parameters
  nios2: add FORCE for vmlinuz.gz
  iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails
  iio: light: apds9960: fix wrong register for gesture gain
  arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency
  s390/crashdump: fix TOD programmable field size
  net: thunderx: Fix the ACPI memory leak
  nfc: st-nci: fix memory leaks in EVT_TRANSACTION
  nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
  s390/dasd: fix no record found for raw_track_access
  dccp/tcp: Reset saddr on failure after inet6?_hash_connect().
  bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending()
  NFC: nci: fix memory leak in nci_rx_data_packet()
  xfrm: Fix ignored return value in xfrm6_init()
  tipc: check skb_linearize() return value in tipc_disc_rcv()
  tipc: add an extra conn_get in tipc_conn_alloc
  tipc: set con sock in tipc_conn_alloc
  net/mlx5: Fix FW tracer timestamp calculation
  Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register()
  Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work()
  net: pch_gbe: fix pci device refcount leak while module exiting
  net/qla3xxx: fix potential memleak in ql3xxx_send()
  net/mlx4: Check retval of mlx4_bitmap_init
  ARM: mxs: fix memory leak in mxs_machine_init()
  9p/fd: fix issue of list_del corruption in p9_fd_cancel()
  net: pch_gbe: fix potential memleak in pch_gbe_tx_queue()
  nfc/nci: fix race with opening and closing
  ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
  bus: sunxi-rsb: Support atomic transfers
  ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
  ARM: dts: am335x-pcm-953: Define fixed regulators in root node
  af_key: Fix send_acquire race with pfkey_register
  MIPS: pic32: treat port as signed integer
  RISC-V: vdso: Do not add missing symbols to version section in linker script
  drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017)
  spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run
  wifi: mac80211: Fix ack frame idr leak when mesh has no route
  audit: fix undefined behavior in bit shift for AUDIT_BIT
  wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support
  Linux 4.19.267
  ntfs: check overflow when iterating ATTR_RECORDs
  ntfs: fix out-of-bounds read in ntfs_attr_find()
  ntfs: fix use-after-free in ntfs_attr_find()
  mm: fs: initialize fsdata passed to write_begin/write_end interface
  9p/trans_fd: always use O_NONBLOCK read/write
  gfs2: Switch from strlcpy to strscpy
  gfs2: Check sb_bsize_shift after reading superblock
  9p: trans_fd/p9_conn_cancel: drop client lock earlier
  kcm: close race conditions on sk_receive_queue
  bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
  kcm: avoid potential race in kcm_tx_work
  tcp: cdg: allow tcp_cdg_release() to be called multiple times
  macvlan: enforce a consistent minimal mtu
  serial: 8250: Flush DMA Rx on RLSI
  Input: i8042 - fix leaking of platform device on module removal
  scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
  misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
  docs: update mediator contact information in CoC doc
  mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
  mmc: core: properly select voltage range without power cycle
  serial: 8250_lpss: Configure DMA also w/o DMA filter
  serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
  dm ioctl: fix misbehavior if list_versions races with module loading
  iio: pressure: ms5611: changed hardcoded SPI speed to value limited
  iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
  iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger()
  usb: chipidea: fix deadlock in ci_otg_del_timer
  usb: add NO_LPM quirk for Realforce 87U Keyboard
  USB: serial: option: add Fibocom FM160 0x0111 composition
  USB: serial: option: add u-blox LARA-L6 modem
  USB: serial: option: add u-blox LARA-R6 00B modem
  USB: serial: option: remove old LARA-R6 PID
  USB: serial: option: add Sierra Wireless EM9191
  speakup: fix a segfault caused by switching consoles
  slimbus: stream: correct presence rate frequencies
  ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()
  ring_buffer: Do not deactivate non-existant pages
  ftrace: Fix null pointer dereference in ftrace_add_mod()
  ftrace: Optimize the allocation for mcount entries
  ftrace: Fix the possible incorrect kernel message
  net: thunderbolt: Fix error handling in tbnet_init()
  cifs: Fix wrong return value checking when GETFLAGS
  net/x25: Fix skb leak in x25_lapb_receive_frame()
  drbd: use after free in drbd_create_device()
  xen/pcpu: fix possible memory leak in register_pcpu()
  bnxt_en: Remove debugfs when pci_register_driver failed
  net: caif: fix double disconnect client in chnl_net_open()
  mISDN: fix misuse of put_device() in mISDN_register_device()
  mISDN: fix possible memory leak in mISDN_dsp_element_register()
  net: bgmac: Drop free_netdev() from bgmac_enet_remove()
  ata: libata-transport: fix double ata_host_put() in ata_tport_add()
  pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
  parport_pc: Avoid FIFO port location truncation
  siox: fix possible memory leak in siox_device_add()
  block: sed-opal: kmalloc the cmd/resp buffers
  ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
  tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
  serial: imx: Add missing .thaw_noirq hook
  serial: 8250: omap: Flush PM QOS work on remove
  serial: 8250_omap: remove wait loop from Errata i202 workaround
  ASoC: core: Fix use-after-free in snd_soc_exit()
  Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm
  btrfs: remove pointless and double ulist frees in error paths of qgroup tests
  drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid
  NFSv4: Retry LOCK on OLD_STATEID during delegation return
  selftests/intel_pstate: fix build for ARCH=x86_64
  selftests/futex: fix build for clang
  spi: intel: Fix the offset to get the 64K erase opcode
  ASoC: wm8997: Revert "ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe"
  ASoC: wm5110: Revert "ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe"
  ASoC: wm5102: Revert "ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe"
  x86/cpu: Restore AMD's DE_CFG MSR after resume
  net: tun: call napi_schedule_prep() to ensure we own a napi
  dmaengine: at_hdmac: Check return code of dma_async_device_register
  dmaengine: at_hdmac: Fix impossible condition
  dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
  dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors
  dmaengine: at_hdmac: Don't start transactions at tx_submit level
  dmaengine: at_hdmac: Fix at_lli struct definition
  cert host tools: Stop complaining about deprecated OpenSSL functions
  udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
  btrfs: selftests: fix wrong error check in btrfs_free_dummy_root()
  platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
  drm/i915/dmabuf: fix sg_table handling in map_dma_buf
  nilfs2: fix use-after-free bug of ns_writer on remount
  nilfs2: fix deadlock in nilfs_count_free_blocks()
  vmlinux.lds.h: Fix placement of '.data..decrypted' section
  ALSA: usb-audio: Add DSD support for Accuphase DAC-60
  ALSA: usb-audio: Add quirk entry for M-Audio Micro
  ALSA: hda: fix potential memleak in 'add_widget_node'
  ALSA: hda/ca0132: add quirk for EVGA Z390 DARK
  arm64: efi: Fix handling of misaligned runtime regions and drop warning
  riscv: process: fix kernel info leakage
  net: macvlan: fix memory leaks of macvlan_common_newlink
  net: mv643xx_eth: disable napi when init rxq or txq failed in mv643xx_eth_open()
  ethernet: s2io: disable napi when start nic failed in s2io_card_up()
  net: cxgb3_main: disable napi when bind qsets failed in cxgb_up()
  net: nixge: disable napi when enable interrupts failed in nixge_open()
  drivers: net: xgene: disable napi when register irq failed in xgene_enet_open()
  dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
  tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header
  ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
  drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register()
  hamradio: fix issue of dev reference count leakage in bpq_device_event()
  net: lapbether: fix issue of dev reference count leakage in lapbeth_device_event()
  capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
  net: fman: Unregister ethernet device on removal
  bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer
  net: tun: Fix memory leaks of napi_get_frags
  net: gso: fix panic on frag_list with mixed head alloc types
  HID: hyperv: fix possible memory leak in mousevsc_probe()
  wifi: cfg80211: fix memory leak in query_regdb_file()
  phy: stm32: fix an error code in probe
  Linux 4.19.266
  x86/speculation: Add RSB VM Exit protections
  x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts
  x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current
  x86/speculation: Disable RRSBA behavior
  x86/bugs: Add Cannon lake to RETBleed affected CPU list
  x86/cpu/amd: Enumerate BTC_NO
  x86/common: Stamp out the stepping madness
  x86/speculation: Fill RSB on vmexit for IBRS
  KVM: VMX: Fix IBRS handling after vmexit
  KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
  x86/speculation: Remove x86_spec_ctrl_mask
  x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit
  x86/speculation: Fix SPEC_CTRL write on SMT state change
  x86/speculation: Fix firmware entry SPEC_CTRL handling
  x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
  x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
  intel_idle: Disable IBRS during long idle
  x86/bugs: Report Intel retbleed vulnerability
  x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation()
  x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS
  x86/bugs: Optimize SPEC_CTRL MSR writes
  x86/entry: Add kernel IBRS implementation
  x86/entry: Remove skip_r11rcx
  x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value
  x86/bugs: Add AMD retbleed= boot parameter
  x86/bugs: Report AMD retbleed vulnerability
  x86/cpufeatures: Move RETPOLINE flags to word 11
  x86/cpu: Add a steppings field to struct x86_cpu_id
  x86/cpu: Add consistent CPU match macros
  x86/devicetable: Move x86 specific macro out of generic code
  x86/cpufeature: Fix various quality problems in the <asm/cpu_device_hd.h> header
  x86/cpufeature: Add facility to check for min microcode revisions
  Revert "x86/cpu: Add a steppings field to struct x86_cpu_id"
  Revert "x86/speculation: Add RSB VM Exit protections"
  ANDROID: preserve CRC for some DRM functions
  Revert "tcp/udp: Make early_demux back namespacified."
  Linux 4.19.265
  wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
  linux/bits.h: make BIT(), GENMASK(), and friends available in assembly
  KVM: x86: emulator: update the emulation mode after CR0 write
  KVM: x86: emulator: introduce emulator_recalc_and_set_mode
  KVM: x86: emulator: em_sysexit should update ctxt->mode
  KVM: x86: Mask off reserved bits in CPUID.80000008H
  ext4: fix warning in 'ext4_da_release_space'
  parisc: Avoid printing the hardware path twice
  parisc: Export iosapic_serial_irq() symbol for serial port driver
  parisc: Make 8250_gsc driver dependend on CONFIG_PARISC
  efi: random: reduce seed size to 32 bytes
  ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106 devices
  capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
  tracing/histogram: Update document for KEYS_MAX size
  kprobe: reverse kp->flags when arm_kprobe failed
  tcp/udp: Make early_demux back namespacified.
  btrfs: fix type of parameter generation in btrfs_get_dentry
  block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
  Bluetooth: L2CAP: Fix attempting to access uninitialized memory
  i2c: xiic: Add platform module alias
  HID: saitek: add madcatz variant of MMO7 mouse device ID
  media: dvb-frontends/drxk: initialize err to 0
  media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
  media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
  ipv6: fix WARNING in ip6_route_net_exit_late()
  net, neigh: Fix null-ptr-deref in neigh_table_clear()
  net: mdio: fix undefined behavior in bit shift for __mdiobus_register
  Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()
  Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
  btrfs: fix ulist leaks in error paths of qgroup self tests
  btrfs: fix inode list leak during backref walking at resolve_indirect_refs()
  isdn: mISDN: netjet: fix wrong check of device registration
  mISDN: fix possible memory leak in mISDN_register_device()
  rose: Fix NULL pointer dereference in rose_send_frame()
  ipvs: fix WARNING in ip_vs_app_net_cleanup()
  ipvs: fix WARNING in __ip_vs_cleanup_batch()
  ipvs: use explicitly signed chars
  net: tun: fix bugs for oversize packet when napi frags enabled
  net: sched: Fix use after free in red_enqueue()
  ata: pata_legacy: fix pdc20230_set_piomode()
  net: fec: fix improper use of NETDEV_TX_BUSY
  nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send()
  nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
  RDMA/qedr: clean up work queue on failure in qedr_alloc_resources()
  net: dsa: Fix possible memory leaks in dsa_loop_init()
  nfs4: Fix kmemleak when allocate slot failed
  NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
  NFSv4.1: Handle RECLAIM_COMPLETE trunking errors
  BACKPORT: ARM: 9039/1: assembler: generalize byte swapping macro into rev_l
  BACKPORT: ARM: 9035/1: uncompress: Add be32tocpu macro

 Conflicts:
	drivers/mmc/host/sdhci.c
	drivers/slimbus/stream.c

Change-Id: Ic112be181f3558a83f85d01fb4e25444f14c7548
2022-12-15 21:06:13 +02:00
..
compat.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ipc_sysctl.c
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mq_sysctl.c
mqueue.c This is the 4.19.123 stable release 2020-05-14 08:54:02 +02:00
msg.c ipc/msg.c: consolidate all xxxctl_down() functions 2020-02-11 04:33:55 -08:00
msgutil.c ipc: prevent lockup on alloc_msg and free_msg 2019-06-15 11:54:00 +02:00
namespace.c ipc: simplify ipc initialization 2018-08-22 10:52:52 -07:00
sem.c ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:18:35 +01:00
shm.c shm: extend forced shm destroy to support objects from several IPC nses 2021-12-08 08:50:11 +01:00
syscall.c y2038: ipc: Redirect ipc(SEMTIMEDOP, ...) to compat_ksys_semtimedop 2018-04-20 16:20:30 +02:00
util.c ipc: WARN if trying to remove ipc object which is absent 2021-11-26 11:36:23 +01:00
util.h ipc/util.c: update return value of ipc_getref from int to bool 2018-08-22 10:52:52 -07:00