c22009ad76c9aaa2b601db8353f949d6f3c8835e
580 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Greg Kroah-Hartman
|
5c67c90113 |
Merge 4.19.313 into android-4.19-stable
Changes in 4.19.313
batman-adv: Avoid infinite loop trying to resize local TT
Bluetooth: Fix memory leak in hci_req_sync_complete()
nouveau: fix function cast warning
geneve: fix header validation in geneve[6]_xmit_skb
ipv6: fib: hide unused 'pn' variable
ipv4/route: avoid unused-but-set-variable warning
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
net/mlx5: Properly link new fs rules into the tree
tracing: hide unused ftrace_event_id_fops
vhost: Add smp_rmb() in vhost_vq_avail_empty()
selftests: timers: Fix abs() warning in posix_timers test
x86/apic: Force native_apic_mem_read() to use the MOV instruction
btrfs: record delayed inode root in transaction
selftests/ftrace: Limit length in subsystem-enable tests
kprobes: Fix possible use-after-free issue on kprobe registration
Revert "tracing/trigger: Fix to return error if failed to alloc snapshot"
netfilter: nf_tables: __nft_expr_type_get() selects specific family type
netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
tun: limit printing rate when illegal packet received by tun dev
RDMA/mlx5: Fix port number for counter query in multi-port configuration
drm: nv04: Fix out of bounds access
comedi: vmk80xx: fix incomplete endpoint checking
serial/pmac_zilog: Remove flawed mitigation for rx irq flood
USB: serial: option: add Fibocom FM135-GL variants
USB: serial: option: add support for Fibocom FM650/FG650
USB: serial: option: add Lonsung U8300/U9300 product
USB: serial: option: support Quectel EM060K sub-models
USB: serial: option: add Rolling RW101-GL and RW135-GL support
USB: serial: option: add Telit FN920C04 rmnet compositions
Revert "usb: cdc-wdm: close race between read and workqueue"
usb: dwc2: host: Fix dereference issue in DDMA completion flow.
speakup: Avoid crash on very long word
fs: sysfs: Fix reference leak in sysfs_break_active_protection()
nouveau: fix instmem race condition around ptr stores
nilfs2: fix OOB in nilfs_set_de_type
tracing: Remove hist trigger synth_var_refs
tracing: Use var_refs[] for hist trigger reference checking
arm64: dts: rockchip: fix alphabetical ordering RK3399 puma
arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for RK3399 Puma
arm64: dts: mediatek: mt7622: fix IR nodename
arm64: dts: mediatek: mt7622: fix ethernet controller "compatible"
arm64: dts: mediatek: mt7622: drop "reset-names" from thermal block
ARC: [plat-hsdk]: Remove misplaced interrupt-cells property
vxlan: drop packets from invalid src-address
mlxsw: core: Unregister EMAD trap using FORWARD action
NFC: trf7970a: disable all regulators on removal
net: usb: ax88179_178a: stop lying about skb->truesize
net: gtp: Fix Use-After-Free in gtp_dellink
ipvs: Fix checksumming on GSO of SCTP packets
net: openvswitch: ovs_ct_exit to be done under ovs_lock
net: openvswitch: Fix Use-After-Free in ovs_ct_exit
i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
serial: core: Provide port lock wrappers
serial: mxs-auart: add spinlock around changing cts state
drm/amdgpu: restrict bo mapping within gpu address limits
amdgpu: validate offset_in_bo of drm_amdgpu_gem_va
drm/amdgpu: validate the parameters of bo mapping operations more clearly
Revert "crypto: api - Disallow identical driver names"
tracing: Show size of requested perf buffer
tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together
Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 Puma
irqchip/gic-v3-its: Prevent double free on error
net: b44: set pause params only when interface is up
stackdepot: respect __GFP_NOLOCKDEP allocation flag
mtd: diskonchip: work around ubsan link failure
tcp: Clean up kernel listener's reqsk in inet_twsk_purge()
tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge()
dmaengine: owl: fix register access functions
idma64: Don't try to serve interrupts when device is powered off
i2c: smbus: fix NULL function pointer dereference
HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up
Revert "loop: Remove sector_t truncation checks"
Revert "y2038: rusage: use __kernel_old_timeval"
udp: preserve the connected status if only UDP cmsg
serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
Linux 4.19.313
Change-Id: I6558068fa522b4cd853251716389c0d30a47522f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Gavin Shan
|
60bb8b451c |
vhost: Add smp_rmb() in vhost_vq_avail_empty()
commit 22e1992cf7b034db5325660e98c41ca5afa5f519 upstream. A smp_rmb() has been missed in vhost_vq_avail_empty(), spotted by Will. Otherwise, it's not ensured the available ring entries pushed by guest can be observed by vhost in time, leading to stale available ring entries fetched by vhost in vhost_get_vq_desc(), as reported by Yihuang Yu on NVidia's grace-hopper (ARM64) platform. /home/gavin/sandbox/qemu.main/build/qemu-system-aarch64 \ -accel kvm -machine virt,gic-version=host -cpu host \ -smp maxcpus=1,cpus=1,sockets=1,clusters=1,cores=1,threads=1 \ -m 4096M,slots=16,maxmem=64G \ -object memory-backend-ram,id=mem0,size=4096M \ : \ -netdev tap,id=vnet0,vhost=true \ -device virtio-net-pci,bus=pcie.8,netdev=vnet0,mac=52:54:00:f1:26:b0 : guest# netperf -H 10.26.1.81 -l 60 -C -c -t UDP_STREAM virtio_net virtio0: output.0:id 100 is not a head! Add the missed smp_rmb() in vhost_vq_avail_empty(). When tx_can_batch() returns true, it means there's still pending tx buffers. Since it might read indices, so it still can bypass the smp_rmb() in vhost_get_vq_desc(). Note that it should be safe until vq->avail_idx is changed by commit |
||
|
Greg Kroah-Hartman
|
45df1db3d3 |
Merge 4.19.307 into android-4.19-stable
Changes in 4.19.307
PCI: mediatek: Clear interrupt status before dispatching handler
include/linux/units.h: add helpers for kelvin to/from Celsius conversion
units: Add Watt units
units: change from 'L' to 'UL'
units: add the HZ macros
serial: sc16is7xx: set safe default SPI clock frequency
driver core: add device probe log helper
spi: introduce SPI_MODE_X_MASK macro
serial: sc16is7xx: add check for unsupported SPI modes during probe
ext4: allow for the last group to be marked as trimmed
crypto: api - Disallow identical driver names
PM: hibernate: Enforce ordering during image compression/decompression
hwrng: core - Fix page fault dead lock on mmap-ed hwrng
rpmsg: virtio: Free driver_override when rpmsg_remove()
parisc/firmware: Fix F-extend for PDC addresses
nouveau/vmm: don't set addr on the fail path to avoid warning
block: Remove special-casing of compound pages
powerpc: Use always instead of always-y in for crtsavres.o
x86/CPU/AMD: Fix disabling XSAVES on AMD family 0x17 due to erratum
driver core: Annotate dev_err_probe() with __must_check
Revert "driver core: Annotate dev_err_probe() with __must_check"
driver code: print symbolic error code
drivers: core: fix kernel-doc markup for dev_err_probe()
net/smc: fix illegal rmb_desc access in SMC-D connection dump
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
llc: make llc_ui_sendmsg() more robust against bonding changes
llc: Drop support for ETH_P_TR_802_2.
net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
tracing: Ensure visibility when inserting an element into tracing_map
tcp: Add memory barrier to tcp_push()
netlink: fix potential sleeping issue in mqueue_flush_file
net/mlx5: Use kfree(ft->g) in arfs_create_groups()
net/mlx5e: fix a double-free in arfs_create_groups
netfilter: nf_tables: restrict anonymous set and map names to 16 bytes
fjes: fix memleaks in fjes_hw_setup
net: fec: fix the unhandled context fault from smmu
btrfs: don't warn if discard range is not aligned to sector
btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args
netfilter: nf_tables: reject QUEUE/DROP verdict parameters
gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
drm: Don't unref the same fb many times by mistake due to deadlock handling
drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking
drm/bridge: nxp-ptn3460: simplify some error checking
drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume
gpio: eic-sprd: Clear interrupt after set the interrupt type
mips: Call lose_fpu(0) before initializing fcr31 in mips_set_personality_nan
tick/sched: Preserve number of idle sleeps across CPU hotplug events
x86/entry/ia32: Ensure s32 is sign extended to s64
net/sched: cbs: Fix not adding cbs instance to list
powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
powerpc: Fix build error due to is_valid_bugaddr()
powerpc/mm: Fix build failures due to arch_reserved_kernel_pages()
powerpc/lib: Validate size for vector operations
audit: Send netlink ACK before setting connection in auditd_set
ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
PNP: ACPI: fix fortify warning
ACPI: extlog: fix NULL pointer dereference check
FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
UBSAN: array-index-out-of-bounds in dtSplitRoot
jfs: fix slab-out-of-bounds Read in dtSearch
jfs: fix array-index-out-of-bounds in dbAdjTree
jfs: fix uaf in jfs_evict_inode
pstore/ram: Fix crash when setting number of cpus to an odd number
crypto: stm32/crc32 - fix parsing list of devices
afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*()
rxrpc_find_service_conn_rcu: fix the usage of read_seqbegin_or_lock()
jfs: fix array-index-out-of-bounds in diNewExt
s390/ptrace: handle setting of fpc register correctly
KVM: s390: fix setting of fpc register
SUNRPC: Fix a suspicious RCU usage warning
ext4: fix inconsistent between segment fstrim and full fstrim
ext4: unify the type of flexbg_size to unsigned int
ext4: remove unnecessary check from alloc_flex_gd()
ext4: avoid online resizing failures due to oversized flex bg
scsi: lpfc: Fix possible file string name overflow when updating firmware
PCI: Add no PM reset quirk for NVIDIA Spectrum devices
bonding: return -ENOMEM instead of BUG in alb_upper_dev_walk
ARM: dts: imx7s: Fix lcdif compatible
ARM: dts: imx7s: Fix nand-controller #size-cells
wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
bpf: Add map and need_defer parameters to .map_fd_put_ptr()
scsi: libfc: Don't schedule abort twice
scsi: libfc: Fix up timeout error in fc_fcp_rec_error()
ARM: dts: rockchip: fix rk3036 hdmi ports node
ARM: dts: imx25/27-eukrea: Fix RTC node name
ARM: dts: imx: Use flash@0,0 pattern
ARM: dts: imx27: Fix sram node
ARM: dts: imx1: Fix sram node
ARM: dts: imx27-apf27dev: Fix LED name
ARM: dts: imx23-sansa: Use preferred i2c-gpios properties
ARM: dts: imx23/28: Fix the DMA controller node name
md: Whenassemble the array, consult the superblock of the freshest device
wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
wifi: cfg80211: free beacon_ies when overridden from hidden BSS
f2fs: fix to check return value of f2fs_reserve_new_block()
ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument
fast_dput(): handle underflows gracefully
RDMA/IPoIB: Fix error code return in ipoib_mcast_join
drm/drm_file: fix use of uninitialized variable
drm/framebuffer: Fix use of uninitialized variable
drm/mipi-dsi: Fix detach call without attach
media: stk1160: Fixed high volume of stk1160_dbg messages
media: rockchip: rga: fix swizzling for RGB formats
PCI: add INTEL_HDA_ARL to pci_ids.h
ALSA: hda: Intel: add HDA_ARL PCI ID support
drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time
IB/ipoib: Fix mcast list locking
media: ddbridge: fix an error code problem in ddb_probe
drm/msm/dpu: Ratelimit framedone timeout msgs
clk: hi3620: Fix memory leak in hi3620_mmc_clk_init()
clk: mmp: pxa168: Fix memory leak in pxa168_clk_init()
drm/amdgpu: Let KFD sync with VM fences
drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
leds: trigger: panic: Don't register panic notifier if creating the trigger failed
um: Fix naming clash between UML and scheduler
um: Don't use vfprintf() for os_info()
um: net: Fix return type of uml_net_start_xmit()
mfd: ti_am335x_tscadc: Fix TI SoC dependencies
PCI: Only override AMD USB controller if required
usb: hub: Replace hardcoded quirk value with BIT() macro
libsubcmd: Fix memory leak in uniq()
virtio_net: Fix "‘%d’ directive writing between 1 and 11 bytes into a region of size 10" warnings
blk-mq: fix IO hang from sbitmap wakeup race
ceph: fix deadlock or deadcode of misusing dget()
drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()'
wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
scsi: isci: Fix an error code problem in isci_io_request_build()
net: remove unneeded break
ixgbe: Remove non-inclusive language
ixgbe: Refactor returning internal error codes
ixgbe: Refactor overtemp event handling
ixgbe: Fix an error handling path in ixgbe_read_iosf_sb_reg_x550()
ipv6: Ensure natural alignment of const ipv6 loopback and router addresses
llc: call sock_orphan() at release time
netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger
net: ipv4: fix a memleak in ip_setup_cork
af_unix: fix lockdep positive in sk_diag_dump_icons()
net: sysfs: Fix /sys/class/net/<iface> path
HID: apple: Add support for the 2021 Magic Keyboard
HID: apple: Swap the Fn and Left Control keys on Apple keyboards
HID: apple: Add 2021 magic keyboard FN key mapping
bonding: remove print in bond_verify_device_path
dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
atm: idt77252: fix a memleak in open_card_ubr0
hwmon: (aspeed-pwm-tacho) mutex for tach reading
hwmon: (coretemp) Fix out-of-bounds memory access
hwmon: (coretemp) Fix bogus core_id to attr name mapping
inet: read sk->sk_family once in inet_recv_error()
rxrpc: Fix response to PING RESPONSE ACKs to a dead call
tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
ppp_async: limit MRU to 64K
netfilter: nft_compat: reject unused compat flag
netfilter: nft_compat: restrict match/target protocol to u16
net/af_iucv: clean up a try_then_request_module()
USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
USB: serial: option: add Fibocom FM101-GL variant
USB: serial: cp210x: add ID for IMST iM871A-USB
Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID
vhost: use kzalloc() instead of kmalloc() followed by memset()
hrtimer: Report offline hrtimer enqueue
btrfs: forbid creating subvol qgroups
btrfs: send: return EOPNOTSUPP on unknown flags
spi: ppc4xx: Drop write-only variable
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
Documentation: net-sysfs: describe missing statistics
net: sysfs: Fix /sys/class/net/<iface> path for statistics
MIPS: Add 'memory' clobber to csum_ipv6_magic() inline assembler
i40e: Fix waiting for queues of all VSIs to be disabled
tracing/trigger: Fix to return error if failed to alloc snapshot
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
HID: wacom: generic: Avoid reporting a serial of '0' to userspace
HID: wacom: Do not register input devices until after hid_hw_start
USB: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT
usb: f_mass_storage: forbid async queue when shutdown happen
scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
firewire: core: correct documentation of fw_csr_string() kernel API
nfc: nci: free rx_data_reassembly skb on NCI device cleanup
xen-netback: properly sync TX responses
binder: signal epoll threads of self-work
ext4: fix double-free of blocks due to wrong extents moved_len
staging: iio: ad5933: fix type mismatch regression
ring-buffer: Clean ring_buffer_poll_wait() error return
serial: max310x: set default value when reading clock ready bit
serial: max310x: improve crystal stable clock detection
x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6
x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
ALSA: hda/conexant: Add quirk for SWS JS201D
nilfs2: fix data corruption in dsync block recovery for small block sizes
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
nfp: use correct macro for LengthSelect in BAR config
irqchip/irq-brcmstb-l2: Add write memory barrier before exit
pmdomain: core: Move the unused cleanup to a _sync initcall
Revert "md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d"
sched/membarrier: reduce the ability to hammer on sys_membarrier
nilfs2: fix potential bug in end_buffer_async_write
lsm: new security_file_ioctl_compat() hook
netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()
Linux 4.19.307
Change-Id: Ib05aec445afe9920e2502bcfce1c52db76e27139
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Prathu Baronia
|
95eab10396 |
vhost: use kzalloc() instead of kmalloc() followed by memset()
commit 4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9 upstream. Use kzalloc() to allocate new zeroed out msg node instead of memsetting a node allocated with kmalloc(). Signed-off-by: Prathu Baronia <prathubaronia2011@gmail.com> Message-Id: <20230522085019.42914-1-prathubaronia2011@gmail.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Ajay Kaher <ajay.kaher@broadcom.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
813e482b1b |
Merge 4.19.291 into android-4.19-stable
Changes in 4.19.291
gfs2: Don't deref jdesc in evict
x86/smp: Use dedicated cache-line for mwait_play_dead()
video: imsttfb: check for ioremap() failures
fbdev: imsttfb: Fix use after free bug in imsttfb_probe
drm/edid: Fix uninitialized variable in drm_cvt_modes()
scripts/tags.sh: Resolve gtags empty index generation
drm/amdgpu: Validate VM ioctl flags.
treewide: Remove uninitialized_var() usage
md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
md/raid10: fix overflow of md/safe_mode_delay
md/raid10: fix wrong setting of max_corr_read_errors
md/raid10: fix io loss while replacement replace rdev
irqchip/jcore-aic: Kill use of irq_create_strict_mappings()
irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
clocksource/drivers: Unify the names to timer-* format
clocksource/drivers/cadence-ttc: Use ttc driver as platform driver
clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe
PM: domains: fix integer overflow issues in genpd_parse_state()
ARM: 9303/1: kprobes: avoid missing-declaration warnings
evm: Complete description of evm_inode_setattr()
wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation
wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx
samples/bpf: Fix buffer overflow in tcp_basertt
wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan()
nfc: constify several pointers to u8, char and sk_buff
nfc: llcp: fix possible use of uninitialized variable in nfc_llcp_send_connect()
wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
wifi: atmel: Fix an error handling path in atmel_probe()
wl3501_cs: Fix a bunch of formatting issues related to function docs
wl3501_cs: Remove unnecessary NULL check
wl3501_cs: Fix misspelling and provide missing documentation
net: create netdev->dev_addr assignment helpers
wl3501_cs: use eth_hw_addr_set()
wifi: wl3501_cs: Fix an error handling path in wl3501_probe()
wifi: ray_cs: Utilize strnlen() in parse_addr()
wifi: ray_cs: Drop useless status variable in parse_addr()
wifi: ray_cs: Fix an error handling path in ray_probe()
wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown
watchdog/perf: define dummy watchdog_update_hrtimer_threshold() on correct config
watchdog/perf: more properly prevent false positives with turbo modes
kexec: fix a memory leak in crash_shrink_memory()
memstick r592: make memstick_debug_get_tpc_name() static
wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
wifi: ath9k: convert msecs to jiffies where needed
netlink: fix potential deadlock in netlink_set_err()
netlink: do not hard code device address lenth in fdb dumps
gtp: Fix use-after-free in __gtp_encap_destroy().
lib/ts_bm: reset initial match offset for every block of text
netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value.
ipvlan: Fix return value of ipvlan_queue_xmit()
netlink: Add __sock_i_ino() for __netlink_diag_dump().
radeon: avoid double free in ci_dpm_init()
Input: drv260x - sleep between polling GO bit
ARM: dts: BCM5301X: Drop "clock-names" from the SPI node
Input: adxl34x - do not hardcode interrupt trigger type
drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H
ARM: ep93xx: fix missing-prototype warnings
ASoC: es8316: Increment max value for ALC Capture Target Volume control
soc/fsl/qe: fix usb.c build errors
IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors
arm64: dts: renesas: ulcb-kf: Remove flow control for SCIF1
fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe()
drm/radeon: fix possible division-by-zero errors
ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe()
PCI: Add pci_clear_master() stub for non-CONFIG_PCI
pinctrl: cherryview: Return correct value if pin in push-pull mode
perf dwarf-aux: Fix off-by-one in die_get_varname()
pinctrl: at91-pio4: check return value of devm_kasprintf()
hwrng: virtio - add an internal buffer
hwrng: virtio - don't wait on cleanup
hwrng: virtio - don't waste entropy
hwrng: virtio - always add a pending request
hwrng: virtio - Fix race on data_avail and actual data
crypto: nx - fix build warnings when DEBUG_FS is not enabled
modpost: fix section mismatch message for R_ARM_ABS32
modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24}
ARCv2: entry: comments about hardware auto-save on taken interrupts
ARCv2: entry: push out the Z flag unclobber from common EXCEPTION_PROLOGUE
ARCv2: entry: avoid a branch
ARCv2: entry: rewrite to enable use of double load/stores LDD/STD
ARC: define ASM_NL and __ALIGN(_STR) outside #ifdef __ASSEMBLY__ guard
USB: serial: option: add LARA-R6 01B PIDs
block: change all __u32 annotations to __be32 in affs_hardblocks.h
w1: fix loop in w1_fini()
sh: j2: Use ioremap() to translate device tree address into kernel memory
media: usb: Check az6007_read() return value
media: videodev2.h: Fix struct v4l2_input tuner index comment
media: usb: siano: Fix warning due to null work_func_t function pointer
extcon: Fix kernel doc of property fields to avoid warnings
extcon: Fix kernel doc of property capability fields to avoid warnings
usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
mfd: rt5033: Drop rt5033-battery sub-device
KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
mfd: intel-lpss: Add missing check for platform_get_resource
mfd: stmpe: Only disable the regulators if they are enabled
rtc: st-lpc: Release some resources in st_rtc_probe() in case of error
sctp: fix potential deadlock on &net->sctp.addr_wq_lock
Add MODULE_FIRMWARE() for FIRMWARE_TG357766.
spi: bcm-qspi: return error if neither hif_mspi nor mspi is available
mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
f2fs: fix error path handling in truncate_dnode()
powerpc: allow PPC_EARLY_DEBUG_CPM only when SERIAL_CPM=y
net: bridge: keep ports without IFF_UNICAST_FLT in BR_PROMISC mode
tcp: annotate data races in __tcp_oow_rate_limited()
net/sched: act_pedit: Add size check for TCA_PEDIT_PARMS_EX
sh: dma: Fix DMA channel offset calculation
i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process()
i2c: xiic: Don't try to handle more interrupt events after error
ALSA: jack: Fix mutex call in snd_jack_report()
NFSD: add encoding of op_recall flag for write delegation
mmc: core: disable TRIM on Kingston EMMC04G-M627
mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M
bcache: Remove unnecessary NULL point check in node allocations
integrity: Fix possible multiple allocation in integrity_inode_get()
jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
btrfs: fix race when deleting quota root from the dirty cow roots list
ARM: orion5x: fix d2net gpio initialization
spi: spi-fsl-spi: remove always-true conditional in fsl_spi_do_one_msg
spi: spi-fsl-spi: relax message sanity checking a little
spi: spi-fsl-spi: allow changing bits_per_word while CS is still active
netfilter: nf_tables: fix nat hook table deletion
netfilter: nf_tables: add rescheduling points during loop detection walks
netfilter: nftables: add helper function to set the base sequence number
netfilter: add helper function to set up the nfnetlink header and use it
netfilter: nf_tables: use net_generic infra for transaction data
netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain
netfilter: nf_tables: reject unbound anonymous set before commit phase
netfilter: nf_tables: unbind non-anonymous set if rule construction fails
netfilter: nf_tables: fix scheduling-while-atomic splat
netfilter: conntrack: Avoid nf_ct_helper_hash uses after free
netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
net: lan743x: Don't sleep in atomic context
workqueue: clean up WORK_* constant types, clarify masking
net: mvneta: fix txq_map in case of txq_number==1
vrf: Increment Icmp6InMsgs on the original netdev
icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev().
udp6: fix udp6_ehashfn() typo
ntb: idt: Fix error handling in idt_pci_driver_init()
NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
NTB: ntb_transport: fix possible memory leak while device_register() fails
NTB: ntb_tool: Add check for devm_kcalloc
ipv6/addrconf: fix a potential refcount underflow for idev
wifi: airo: avoid uninitialized warning in airo_get_rate()
net/sched: make psched_mtu() RTNL-less safe
pinctrl: amd: Fix mistake in handling clearing pins at startup
pinctrl: amd: Detect internal GPIO0 debounce handling
pinctrl: amd: Only use special debounce behavior for GPIO 0
tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
net: bcmgenet: Ensure MDIO unregistration has clocks enabled
SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
perf intel-pt: Fix CYC timestamps after standalone CBR
ext4: fix wrong unit use in ext4_mb_clear_bb
ext4: only update i_reserved_data_blocks on successful block allocation
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
PCI: qcom: Disable write access to read only registers for IP v2.3.3
PCI: rockchip: Assert PCI Configuration Enable bit after probe
PCI: rockchip: Write PCI Device ID to correct register
PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked
PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core
PCI: rockchip: Use u32 variable to access 32-bit registers
misc: pci_endpoint_test: Free IRQs before removing the device
misc: pci_endpoint_test: Re-init completion for every test
md/raid0: add discard support for the 'original' layout
fs: dlm: return positive pid value for F_GETLK
serial: atmel: don't enable IRQs prematurely
hwrng: imx-rngc - fix the timeout for init and self check
ceph: don't let check_caps skip sending responses for revoke msgs
meson saradc: fix clock divider mask length
Revert "8250: add support for ASIX devices with a FIFO bug"
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error
tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk
ring-buffer: Fix deadloop issue on reading trace_pipe
xtensa: ISS: fix call to split_if_spec
scsi: qla2xxx: Wait for io return on terminate rport
scsi: qla2xxx: Fix potential NULL pointer dereference
scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
scsi: qla2xxx: Pointer may be dereferenced
drm/atomic: Fix potential use-after-free in nonblocking commits
tracing/histograms: Add histograms to hist_vars if they have referenced variables
perf probe: Add test for regression introduced by switch to die_get_decl_file()
fuse: revalidate: don't invalidate if interrupted
can: bcm: Fix UAF in bcm_proc_show()
ext4: correct inline offset when handling xattrs in inode body
debugobjects: Recheck debug_objects_enabled before reporting
nbd: Add the maximum limit of allocated index in nbd_dev_add
md: fix data corruption for raid456 when reshape restart while grow up
md/raid10: prevent soft lockup while flush writes
posix-timers: Ensure timer ID search-loop limit is valid
sched/fair: Don't balance task to its current running CPU
bpf: Address KCSAN report on bpf_lru_list
wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point()
wifi: iwlwifi: mvm: avoid baid size integer overflow
igb: Fix igb_down hung on surprise removal
spi: bcm63xx: fix max prepend length
fbdev: imxfb: warn about invalid left/right margin
pinctrl: amd: Use amd_pinconf_set() for all config options
net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field()/cpsw_ale_set_field()
net:ipv6: check return value of pskb_trim()
Revert "tcp: avoid the lookup process failing to get sk in ehash table"
fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
llc: Don't drop packet from non-root netns.
netfilter: nf_tables: fix spurious set element insertion failure
netfilter: nf_tables: can't schedule in nft_chain_validate
net: Replace the limit of TCP_LINGER2 with TCP_FIN_TIMEOUT_MAX
tcp: annotate data-races around tp->linger2
tcp: annotate data-races around rskq_defer_accept
tcp: annotate data-races around tp->notsent_lowat
tcp: annotate data-races around fastopenq.max_qlen
tracing/histograms: Return an error if we fail to add histogram to hist_vars list
gpio: tps68470: Make tps68470_gpio_output() always set the initial value
bcache: use MAX_CACHES_PER_SET instead of magic number 8 in __bch_bucket_alloc_set
bcache: remove 'int n' from parameter list of bch_bucket_alloc_set()
bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent
btrfs: fix extent buffer leak after tree mod log failure at split_node()
ext4: rename journal_dev to s_journal_dev inside ext4_sb_info
ext4: Fix reusing stale buffer heads from last failed mounting
PCI: Rework pcie_retrain_link() wait loop
PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link()
PCI/ASPM: Factor out pcie_wait_for_retrain()
PCI/ASPM: Avoid link retraining race
dlm: cleanup plock_op vs plock_xop
dlm: rearrange async condition return
fs: dlm: interrupt posix locks only when process is killed
ftrace: Add information on number of page groups allocated
ftrace: Check if pages were allocated before calling free_pages()
ftrace: Store the order of pages allocated in ftrace_page
ftrace: Fix possible warning on checking all pages used in ftrace_process_locs()
scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c
scsi: qla2xxx: Array index may go out of bound
ext4: fix to check return value of freeze_bdev() in ext4_shutdown()
i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe()
ethernet: atheros: fix return value check in atl1e_tso_csum()
ipv6 addrconf: fix bug where deleting a mngtmpaddr can create a new temporary address
tcp: Reduce chance of collisions in inet6_hashfn().
bonding: reset bond's flags when down link is P2P device
team: reset team's flags when down link is P2P device
platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100
net/sched: mqprio: refactor nlattr parsing to a separate function
net/sched: mqprio: add extack to mqprio_parse_nlattr()
net/sched: mqprio: Add length check for TCA_MQPRIO_{MAX/MIN}_RATE64
benet: fix return value check in be_lancer_xmit_workarounds()
RDMA/mlx4: Make check for invalid flags stricter
drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb()
ASoC: fsl_spdif: Silence output on stop
block: Fix a source code comment in include/uapi/linux/blkzoned.h
dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths
ata: pata_ns87415: mark ns87560_tf_read static
ring-buffer: Fix wrong stat of cpu_buffer->read
tracing: Fix warning in trace_buffered_event_disable()
USB: serial: option: support Quectel EM060K_128
USB: serial: option: add Quectel EC200A module support
USB: serial: simple: add Kaufmann RKS+CAN VCP
USB: serial: simple: sort driver entries
can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED
Revert "usb: dwc3: core: Enable AutoRetry feature in the controller"
usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
usb: dwc3: don't reset device side if dwc3 was configured as host-only
usb: ohci-at91: Fix the unhandle interrupt when resume
USB: quirks: add quirk for Focusrite Scarlett
usb: xhci-mtk: set the dma max_seg_size
Documentation: security-bugs.rst: update preferences when dealing with the linux-distros group
Documentation: security-bugs.rst: clarify CVE handling
staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext()
hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled
btrfs: check for commit error at btrfs_attach_transaction_barrier()
tpm_tis: Explicitly check for error code
irq-bcm6345-l1: Do not assume a fixed block to cpu mapping
serial: 8250_dw: split Synopsys DesignWare 8250 common functions
serial: 8250_dw: Preserve original value of DLF register
virtio-net: fix race between set queues and probe
s390/dasd: fix hanging device after quiesce/resume
ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
dm cache policy smq: ensure IO doesn't prevent cleaner policy progress
drm/client: Fix memory leak in drm_client_target_cloned
net/sched: cls_fw: Fix improper refcount update leads to use-after-free
net/sched: sch_qfq: account for stab overhead in qfq_enqueue
ASoC: cs42l51: fix driver to properly autoload with automatic module loading
net/sched: cls_u32: Fix reference counter leak leading to overflow
perf: Fix function pointer case
loop: Select I/O scheduler 'none' from inside add_disk()
word-at-a-time: use the same return type for has_zero regardless of endianness
KVM: s390: fix sthyi error handling
net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer()
perf test uprobe_from_different_cu: Skip if there is no gcc
net: sched: cls_u32: Fix match key mis-addressing
net: add missing data-race annotations around sk->sk_peek_off
net: add missing data-race annotation for sk_ll_usec
net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
ip6mr: Fix skb_under_panic in ip6mr_cache_report()
tcp_metrics: fix addr_same() helper
tcp_metrics: annotate data-races around tm->tcpm_stamp
tcp_metrics: annotate data-races around tm->tcpm_lock
tcp_metrics: annotate data-races around tm->tcpm_vals[]
tcp_metrics: annotate data-races around tm->tcpm_net
tcp_metrics: fix data-race in tcpm_suck_dst() vs fastopen
scsi: zfcp: Defer fc_rport blocking until after ADISC response
libceph: fix potential hang in ceph_osdc_notify()
USB: zaurus: Add ID for A-300/B-500/C-700
fs/sysv: Null check to prevent null-ptr-deref bug
Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
ext2: Drop fragment support
test_firmware: fix a memory leak with reqs buffer
test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation
mtd: rawnand: omap_elm: Fix incorrect type in assignment
powerpc/mm/altmap: Fix altmap boundary check
PM / wakeirq: support enabling wake-up irq after runtime_suspend called
PM: sleep: wakeirq: fix wake irq arming
ARM: dts: imx6sll: Make ssi node name same as other platforms
ARM: dts: imx: add usb alias
ARM: dts: imx6sll: fixup of operating points
ARM: dts: nxp/imx6sll: fix wrong property name in usbphy node
drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
arm64: dts: stratix10: fix incorrect I2C property for SCL signal
drm/edid: fix objtool warning in drm_cvt_modes()
Linux 4.19.291
Change-Id: I4f78e25efd18415989ecf5e227a17e05b0d6386c
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
|
||
|
Kees Cook
|
b7e389235c |
treewide: Remove uninitialized_var() usage
commit 3f649ab728cda8038259d8f14492fe400fbab911 upstream. Using uninitialized_var() is dangerous as it papers over real bugs[1] (or can in the future), and suppresses unrelated compiler warnings (e.g. "unused variable"). If the compiler thinks it is uninitialized, either simply initialize the variable or make compiler changes. In preparation for removing[2] the[3] macro[4], remove all remaining needless uses with the following script: git grep '\buninitialized_var\b' | cut -d: -f1 | sort -u | \ xargs perl -pi -e \ 's/\buninitialized_var\(([^\)]+)\)/\1/g; s:\s*/\* (GCC be quiet|to make compiler happy) \*/$::g;' drivers/video/fbdev/riva/riva_hw.c was manually tweaked to avoid pathological white-space. No outstanding warnings were found building allmodconfig with GCC 9.3.0 for x86_64, i386, arm64, arm, powerpc, powerpc64le, s390x, mips, sparc64, alpha, and m68k. [1] https://lore.kernel.org/lkml/20200603174714.192027-1-glider@google.com/ [2] https://lore.kernel.org/lkml/CA+55aFw+Vbj0i=1TGqCR5vQkCzWJ0QxK6CernOU6eedsudAixw@mail.gmail.com/ [3] https://lore.kernel.org/lkml/CA+55aFwgbgqhbp1fkxvRKEpzyR5J8n1vKT1VZdz9knmPuXhOeg@mail.gmail.com/ [4] https://lore.kernel.org/lkml/CA+55aFz2500WfbKXAx8s67wrm9=yVJu65TpLgN_ybYNv0VEOKA@mail.gmail.com/ Reviewed-by: Leon Romanovsky <leonro@mellanox.com> # drivers/infiniband and mlx4/mlx5 Acked-by: Jason Gunthorpe <jgg@mellanox.com> # IB Acked-by: Kalle Valo <kvalo@codeaurora.org> # wireless drivers Reviewed-by: Chao Yu <yuchao0@huawei.com> # erofs Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
27e286f3db |
Merge 4.19.262 into android-4.19-stable
Changes in 4.19.262 Makefile.extrawarn: Move -Wcast-function-type-strict to W=1 docs: update mediator information in CoC docs ARM: fix function graph tracer and unwinder dependencies fs: fix UAF/GPF bug in nilfs_mdt_destroy firmware: arm_scmi: Add SCMI PM driver remove routine dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure ARM: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer scsi: qedf: Fix a UAF bug in __qedf_probe() net/ieee802154: fix uninit value bug in dgram_sendmsg um: Cleanup syscall_handler_t cast in syscalls_32.h um: Cleanup compiler warning in arch/x86/um/tls_32.c usb: mon: make mmapped memory read only USB: serial: ftdi_sio: fix 300 bps rate for SIO mmc: core: Replace with already defined values for readability mmc: core: Terminate infinite loop in SD-UHS voltage switch rpmsg: qcom: glink: replace strncpy() with strscpy_pad() nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() nilfs2: fix leak of nilfs_root in case of writer thread creation failure nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure ceph: don't truncate file in atomic_open random: clamp credited irq bits to maximum mixed ALSA: hda: Fix position reporting on Poulsbo scsi: stex: Properly zero out the passthrough command structure USB: serial: qcserial: add new usb-id for Dell branded EM7455 random: restore O_NONBLOCK support random: avoid reading two cache lines on irq randomness random: use expired timer rather than wq for mixing fast pool wifi: mac80211_hwsim: avoid mac80211 warning on bad rate Input: xpad - add supported devices as contributed on github Input: xpad - fix wireless 360 controller breaking after suspend ALSA: oss: Fix potential deadlock at unregistration ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() ALSA: usb-audio: Fix potential memory leaks ALSA: usb-audio: Fix NULL dererence at error path ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 mtd: rawnand: atmel: Unmap streaming DMA mappings iio: dac: ad5593r: Fix i2c read protocol requirements usb: add quirks for Lenovo OneLink+ Dock can: kvaser_usb: Fix use of uninitialized completion can: kvaser_usb_leaf: Fix overread with an invalid command can: kvaser_usb_leaf: Fix TX queue out of sync after restart can: kvaser_usb_leaf: Fix CAN state after restart fs: dlm: fix race between test_bit() and queue_work() fs: dlm: handle -EBUSY first in lock arg validation HID: multitouch: Add memory barriers quota: Check next/prev free block number after reading from quota file regulator: qcom_rpm: Fix circular deferral regression Revert "fs: check FMODE_LSEEK to control internal pipe splicing" parisc: fbdev/stifb: Align graphics memory size to 4MB riscv: Allow PROT_WRITE-only mmap() UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge fbdev: smscufx: Fix use-after-free in ufx_ops_open() btrfs: fix race between quota enable and quota rescan ioctl riscv: fix build with binutils 2.38 nilfs2: fix use-after-free bug of struct nilfs_root ext4: avoid crash when inline data creation follows DIO write ext4: fix null-ptr-deref in ext4_write_info ext4: make ext4_lazyinit_thread freezable ext4: place buffer head allocation before handle start livepatch: fix race between fork and KLP transition ftrace: Properly unset FTRACE_HASH_FL_MOD ring-buffer: Allow splice to read previous partially read pages ring-buffer: Check pending waiters when doing wake ups as well ring-buffer: Fix race between reset page and reading page KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility KVM: nVMX: Unconditionally purge queued/injected events on nested "exit" selinux: use "grep -E" instead of "egrep" sh: machvec: Use char[] for section boundaries wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() wifi: mac80211: allow bw change during channel switch in mesh bpftool: Fix a wrong type cast in btf_dumper_int spi: mt7621: Fix an error message in mt7621_spi_probe() wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() wifi: rtl8xxxu: Fix skb misuse in TX queue selection bpf: btf: fix truncated last_member_type_id in btf_struct_resolve wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration net: fs_enet: Fix wrong check in do_pd_setup bpf: Ensure correct locking around vulnerable function find_vpid() spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe netfilter: nft_fib: Fix for rpath check with VRF devices spi: s3c64xx: Fix large transfers with DMA vhost/vsock: Use kvmalloc/kvfree for larger packets. mISDN: fix use-after-free bugs in l1oip timer handlers sctp: handle the error returned from sctp_auth_asoc_init_active_key tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited net: rds: don't hold sock lock when cancelling work from rds_tcp_reset_callbacks() bnx2x: fix potential memory leak in bnx2x_tpa_stop() once: add DO_ONCE_SLOW() for sleepable contexts net: mvpp2: fix mvpp2 debugfs leak drm: bridge: adv7511: fix CEC power down control register offset drm/mipi-dsi: Detach devices when removing the host platform/chrome: fix double-free in chromeos_laptop_prepare() platform/x86: msi-laptop: Fix old-ec check for backlight registering platform/x86: msi-laptop: Fix resource cleanup drm/bridge: megachips: Fix a null pointer dereference bug mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx ALSA: dmaengine: increment buffer pointer atomically mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe memory: of: Fix refcount leak bug in of_get_ddr_timings() soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() soc: qcom: smem_state: Add refcounting for the 'state->of_node' ARM: dts: turris-omnia: Fix mpp26 pin name and comment ARM: dts: kirkwood: lsxl: fix serial line ARM: dts: kirkwood: lsxl: remove first ethernet port ARM: dts: exynos: correct s5k6a3 reset polarity on Midas family ARM: Drop CMDLINE_* dependency on ATAGS ARM: dts: exynos: fix polarity of VBUS GPIO of Origen iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX iio: adc: at91-sama5d2_adc: check return status for pressure and touch iio: inkern: only release the device node when done with it iio: ABI: Fix wrong format of differential capacitance channel ABI. clk: oxnas: Hold reference returned by of_get_parent() clk: berlin: Add of_node_put() for of_get_parent() clk: tegra: Fix refcount leak in tegra210_clock_init clk: tegra: Fix refcount leak in tegra114_clock_init clk: tegra20: Fix refcount leak in tegra20_clock_init HSI: omap_ssi: Fix refcount leak in ssi_probe HSI: omap_ssi_port: Fix dma_map_sg error check media: exynos4-is: fimc-is: Add of_node_put() when breaking out of loop tty: xilinx_uartps: Fix the ignore_status media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init RDMA/rxe: Fix "kernel NULL pointer dereference" error RDMA/rxe: Fix the error caused by qp->sk dyndbg: fix module.dyndbg handling dyndbg: let query-modname override actual module name mtd: devices: docg3: check the return value of devm_ioremap() in the probe ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() ata: fix ata_id_has_devslp() ata: fix ata_id_has_ncq_autosense() ata: fix ata_id_has_dipm() md/raid5: Ensure stripe_fill happens on non-read IO with journal xhci: Don't show warning for reinit on known broken suspend usb: gadget: function: fix dangling pnp_string in f_printer.c drivers: serial: jsm: fix some leaks in probe phy: qualcomm: call clk_disable_unprepare in the error handling staging: vt6655: fix some erroneous memory clean-up loops firmware: google: Test spinlock on panic path to avoid lockups serial: 8250: Fix restoring termios speed after suspend fsi: core: Check error number after calling ida_simple_get mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() mfd: lp8788: Fix an error handling path in lp8788_probe() mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() mfd: sm501: Add check for platform_driver_register() dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() spmi: pmic-arb: correct duplicate APID to PPID mapping logic clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg powerpc/math_emu/efp: Include module.h powerpc/sysdev/fsl_msi: Add missing of_node_put() powerpc/pci_dn: Add missing of_node_put() powerpc/powernv: add missing of_node_put() in opal_export_attrs() x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition powerpc/64s: Fix GENERIC_CPU build flags for PPC970 / G5 powerpc: Fix SPE Power ISA properties for e500v1 platforms iommu/omap: Fix buffer overflow in debugfs iommu/iova: Fix module config properly crypto: cavium - prevent integer overflow loading firmware f2fs: fix race condition on setting FI_NO_EXTENT flag ACPI: video: Add Toshiba Satellite/Portege Z830 quirk MIPS: BCM47XX: Cast memcmp() of function to (void *) powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data wifi: brcmfmac: fix invalid address access when enabling SCAN log level openvswitch: Fix double reporting of drops in dropwatch openvswitch: Fix overreporting of drops in dropwatch tcp: annotate data-race around tcp_md5sig_pool_populated wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() xfrm: Update ipcomp_scratches with NULL when freed wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times can: bcm: check the result of can_send() in bcm_can_tx() wifi: rt2x00: don't run Rt5592 IQ calibration on MT7620 wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 wifi: rt2x00: set SoC wmac clock register wifi: rt2x00: correctly set BBP register 86 for MT7620 net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Bluetooth: L2CAP: Fix user-after-free r8152: Rate limit overflow messages drm: Use size_t type for len variable in drm_copy_field() drm: Prevent drm_copy_field() to attempt copying a NULL pointer drm/amd/display: fix overflow on MIN_I64 definition drm/vc4: vec: Fix timings for VEC modes drm: panel-orientation-quirks: Add quirk for Anbernic Win600 platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading drm/amdgpu: fix initial connector audio value ARM: dts: imx7d-sdb: config the max pressure for tsc2046 ARM: dts: imx6q: add missing properties for sram ARM: dts: imx6dl: add missing properties for sram ARM: dts: imx6qp: add missing properties for sram ARM: dts: imx6sl: add missing properties for sram ARM: dts: imx6sll: add missing properties for sram ARM: dts: imx6sx: add missing properties for sram media: cx88: Fix a null-ptr-deref bug in buffer_prepare() scsi: 3w-9xxx: Avoid disabling device if failing to enable it nbd: Fix hung when signal interrupts nbd_start_device_ioctl() power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() staging: vt6655: fix potential memory leak ata: libahci_platform: Sanity check the DT child nodes number HID: roccat: Fix use-after-free in roccat_read() md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() usb: musb: Fix musb_gadget.c rxstate overflow bug Revert "usb: storage: Add quirk for Samsung Fit flash" nvme: copy firmware_rev on each init usb: idmouse: fix an uninit-value in idmouse_open clk: bcm2835: Make peripheral PLLC critical perf intel-pt: Fix segfault in intel_pt_print_info() with uClibc net: ieee802154: return -EINVAL for unknown addr type net/ieee802154: don't warn zero-sized raw_sendmsg() ext4: continue to expand file system when the target size doesn't reach md: Replace snprintf with scnprintf efi: libstub: drop pointless get_memory_map() call inet: fully convert sk->sk_rx_dst to RCU rules thermal: intel_powerclamp: Use first online CPU as control_cpu gcov: support GCC 12.1 and newer compilers Linux 4.19.262 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: If70223b939e3710c4fbc4f7cc522f07d4b4ffd45 |
||
|
Junichi Uekawa
|
7aac8c63f6 |
vhost/vsock: Use kvmalloc/kvfree for larger packets.
[ Upstream commit 0e3f72931fc47bb81686020cc643cde5d9cd0bb8 ]
When copying a large file over sftp over vsock, data size is usually 32kB,
and kmalloc seems to fail to try to allocate 32 32kB regions.
vhost-5837: page allocation failure: order:4, mode:0x24040c0
Call Trace:
[<ffffffffb6a0df64>] dump_stack+0x97/0xdb
[<ffffffffb68d6aed>] warn_alloc_failed+0x10f/0x138
[<ffffffffb68d868a>] ? __alloc_pages_direct_compact+0x38/0xc8
[<ffffffffb664619f>] __alloc_pages_nodemask+0x84c/0x90d
[<ffffffffb6646e56>] alloc_kmem_pages+0x17/0x19
[<ffffffffb6653a26>] kmalloc_order_trace+0x2b/0xdb
[<ffffffffb66682f3>] __kmalloc+0x177/0x1f7
[<ffffffffb66e0d94>] ? copy_from_iter+0x8d/0x31d
[<ffffffffc0689ab7>] vhost_vsock_handle_tx_kick+0x1fa/0x301 [vhost_vsock]
[<ffffffffc06828d9>] vhost_worker+0xf7/0x157 [vhost]
[<ffffffffb683ddce>] kthread+0xfd/0x105
[<ffffffffc06827e2>] ? vhost_dev_set_owner+0x22e/0x22e [vhost]
[<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3
[<ffffffffb6eb332e>] ret_from_fork+0x4e/0x80
[<ffffffffb683dcd1>] ? flush_kthread_worker+0xf3/0xf3
Work around by doing kvmalloc instead.
Fixes:
|
||
|
Greg Kroah-Hartman
|
a1757f43e8 |
Merge 4.19.247 into android-4.19-stable
Changes in 4.19.247
binfmt_flat: do not stop relocating GOT entries prematurely on riscv
ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
USB: serial: option: add Quectel BG95 modem
USB: new quirk for Dell Gen 2 devices
ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP
ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
btrfs: add "0x" prefix for unsupported optional features
btrfs: repair super block num_devices automatically
drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes
mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue
b43legacy: Fix assigning negative value to unsigned variable
b43: Fix assigning negative value to unsigned variable
ipw2x00: Fix potential NULL dereference in libipw_xmit()
ipv6: fix locking issues with loops over idev->addr_list
fbcon: Consistently protect deferred_takeover with console_lock()
ACPICA: Avoid cache flush inside virtual machines
ALSA: jack: Access input_dev under mutex
drm/amd/pm: fix double free in si_parse_power_table()
ath9k: fix QCA9561 PA bias level
media: venus: hfi: avoid null dereference in deinit
media: pci: cx23885: Fix the error handling in cx23885_initdev()
media: cx25821: Fix the warning when removing the module
md/bitmap: don't set sb values if can't pass sanity check
scsi: megaraid: Fix error check return value of register_chrdev()
drm/plane: Move range check for format_count earlier
drm/amd/pm: fix the compile warning
ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL
ASoC: dapm: Don't fold register value changes into notifications
mlxsw: spectrum_dcb: Do not warn about priority changes
ASoC: tscs454: Add endianness flag in snd_soc_component_driver
s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES
dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
ipmi:ssif: Check for NULL msg when handling events and messages
rtlwifi: Use pr_warn instead of WARN_ONCE
media: cec-adap.c: fix is_configuring state
openrisc: start CPU timer early in boot
nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags
ASoC: rt5645: Fix errorenous cleanup order
net: phy: micrel: Allow probing without .driver_data
media: exynos4-is: Fix compile warning
hwmon: Make chip parameter for with_info API mandatory
rxrpc: Return an error to sendmsg if call failed
eth: tg3: silence the GCC 12 array-bounds warning
ARM: dts: ox820: align interrupt controller node name with dtschema
PM / devfreq: rk3399_dmc: Disable edev on remove()
fs: jfs: fix possible NULL pointer dereference in dbFree()
ARM: OMAP1: clock: Fix UART rate reporting algorithm
fat: add ratelimit to fat*_ent_bread()
ARM: versatile: Add missing of_node_put in dcscb_init
ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM
ARM: hisi: Add missing of_node_put after of_find_compatible_node
PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store()
tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
powerpc/xics: fix refcount leak in icp_opal_init()
macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled
RDMA/hfi1: Prevent panic when SDMA is disabled
drm: fix EDID struct for old ARM OABI format
ath9k: fix ar9003_get_eepmisc
drm/edid: fix invalid EDID extension block filtering
drm/bridge: adv7511: clean up CEC adapter when probe fails
ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe
x86/delay: Fix the wrong asm constraint in delay_loop()
drm/mediatek: Fix mtk_cec_mask()
drm/vc4: txp: Don't set TXP_VSTART_AT_EOF
drm/vc4: txp: Force alpha to be 0xff if it's disabled
nl80211: show SSID for P2P_GO interfaces
spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout
NFC: NULL out the dev->rfkill to prevent UAF
efi: Add missing prototype for efi_capsule_setup_info
HID: hid-led: fix maximum brightness for Dream Cheeky
HID: elan: Fix potential double free in elan_input_configured
spi: img-spfi: Fix pm_runtime_get_sync() error checking
ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix
inotify: show inotify mask flags in proc fdinfo
fsnotify: fix wrong lockdep annotations
of: overlay: do not break notify on NOTIFY_{OK|STOP}
scsi: ufs: core: Exclude UECxx from SFR dump list
x86/pm: Fix false positive kmemleak report in msr_build_context()
x86/speculation: Add missing prototype for unpriv_ebpf_notify()
drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume
drm/msm/dsi: fix error checks and return values for DSI xmit functions
drm/msm/hdmi: check return value after calling platform_get_resource_byname()
drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
x86: Fix return value of __setup handlers
irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
x86/mm: Cleanup the control_va_addr_alignment() __setup handler
drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected
drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected
drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
media: uvcvideo: Fix missing check to determine if element is found in list
perf/amd/ibs: Use interrupt regs ip for stack unwinding
ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe
regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt
scripts/faddr2line: Fix overlapping text section failures
media: st-delta: Fix PM disable depth imbalance in delta_probe
media: exynos4-is: Change clk_disable to clk_disable_unprepare
media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
media: vsp1: Fix offset calculation for plane cropping
Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout
m68k: math-emu: Fix dependencies of math emulation support
sctp: read sk->sk_bound_dev_if once in sctp_rcv()
ext4: reject the 'commit' option on ext2 filesystems
drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition()
NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx
rxrpc: Fix listen() setting the bar too high for the prealloc rings
rxrpc: Don't try to resend the request if we're receiving the reply
soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
PCI: cadence: Fix find_first_zero_bit() limit
PCI: rockchip: Fix find_first_zero_bit() limit
ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT
ARM: dts: bcm2835-rpi-b: Fix GPIO line names
crypto: marvell/cesa - ECB does not IV
mfd: ipaq-micro: Fix error check return value of platform_get_irq()
scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac()
firmware: arm_scmi: Fix list protocols enumeration in the base protocol
pinctrl: mvebu: Fix irq_of_parse_and_map() return value
drivers/base/node.c: fix compaction sysfs file leak
dax: fix cache flush on PMD-mapped pages
powerpc/8xx: export 'cpm_setbrg' for modules
powerpc/idle: Fix return value of __setup() handler
powerpc/4xx/cpm: Fix return value of __setup() handler
proc: fix dentry/inode overinstantiating under /proc/${pid}/net
tty: fix deadlock caused by calling printk() under tty_port->lock
Input: sparcspkr - fix refcount leak in bbc_beep_probe
powerpc/perf: Fix the threshold compare group constraint for power9
powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup
mailbox: forward the hrtimer if not queued and under a lock
RDMA/hfi1: Prevent use of lock before it is initialized
f2fs: fix dereference of stale list iterator after loop body
iommu/mediatek: Add list_del in mtk_iommu_remove
i2c: at91: use dma safe buffers
i2c: at91: Initialize dma_buf in at91_twi_xfer()
NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
dmaengine: stm32-mdma: remove GISR1 register
iommu/amd: Increase timeout waiting for GA log enablement
perf c2c: Use stdio interface if slang is not supported
perf jevents: Fix event syntax error caused by ExtSel
f2fs: fix deadloop in foreground GC
wifi: mac80211: fix use-after-free in chanctx code
iwlwifi: mvm: fix assert 1F04 upon reconfig
fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages
netfilter: nf_tables: disallow non-stateful expression in sets earlier
ext4: fix use-after-free in ext4_rename_dir_prepare
ext4: fix bug_on in ext4_writepages
ext4: verify dir block before splitting it
ext4: avoid cycles in directory h-tree
tracing: Fix potential double free in create_var_ref()
PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299
PCI: qcom: Fix runtime PM imbalance on probe errors
PCI: qcom: Fix unbalanced PHY init on probe errors
dlm: fix plock invalid read
dlm: fix missing lkb refcount handling
ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
scsi: dc395x: Fix a missing check on list iterator
scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
drm/nouveau/clk: Fix an incorrect NULL check on list iterator
drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
md: fix an incorrect NULL check in does_sb_need_changing
md: fix an incorrect NULL check in md_reload_sb
media: coda: Fix reported H264 profile
media: coda: Add more H264 levels for CODA960
RDMA/hfi1: Fix potential integer multiplication overflow errors
irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x
irqchip: irq-xtensa-mx: fix initial IRQ affinity
mac80211: upgrade passive scan to active scan on DFS channels after beacon rx
um: chan_user: Fix winch_tramp() return value
um: Fix out-of-bounds read in LDT setup
iommu/msm: Fix an incorrect NULL check on list iterator
nodemask.h: fix compilation error with GCC12
hugetlb: fix huge_pmd_unshare address update
rtl818x: Prevent using not initialized queues
ASoC: rt5514: Fix event generation for "DSP Voice Wake Up" control
carl9170: tx: fix an incorrect use of list iterator
gma500: fix an incorrect NULL check on list iterator
arm64: dts: qcom: ipq8074: fix the sleep clock frequency
phy: qcom-qmp: fix struct clk leak on probe errors
docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0
dt-bindings: gpio: altera: correct interrupt-cells
blk-iolatency: Fix inflight count imbalances and IO hangs on offline
phy: qcom-qmp: fix reset-controller leak on probe errors
RDMA/rxe: Generate a completion for unsupported/invalid opcode
MIPS: IP27: Remove incorrect `cpu_has_fpu' override
md: bcache: check the return value of kzalloc() in detached_dev_do_request()
pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards
staging: greybus: codecs: fix type confusion of list iterator variable
tty: goldfish: Use tty_port_destroy() to destroy port
usb: usbip: fix a refcount leak in stub_probe()
usb: usbip: add missing device lock on tweak configuration cmd
USB: storage: karma: fix rio_karma_init return
usb: musb: Fix missing of_node_put() in omap2430_probe
pwm: lp3943: Fix duty calculation in case period was clamped
rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value
usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
iio: adc: sc27xx: fix read big scale voltage not right
rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails
coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier
soc: rockchip: Fix refcount leak in rockchip_grf_init
clocksource/drivers/riscv: Events are stopped during CPU suspend
rtc: mt6397: check return value after calling platform_get_resource()
serial: meson: acquire port->lock in startup()
serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
serial: digicolor-usart: Don't allow CS5-6
serial: txx9: Don't allow CS5-6
serial: sh-sci: Don't allow CS5-6
serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
serial: stm32-usart: Correct CSIZE, bits, and parity
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
bus: ti-sysc: Fix warnings for unbind for serial
clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value
s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry()
net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register
modpost: fix removing numeric suffixes
jffs2: fix memory leak in jffs2_do_fill_super
ubi: ubi_create_volume: Fix use-after-free when volume creation failed
nfp: only report pause frame configuration for physical device
net/mlx5e: Update netdev features after changing XDP state
tcp: tcp_rtx_synack() can be called from process context
afs: Fix infinite loop found by xfstest generic/676
tipc: check attribute length for bearer name
perf c2c: Fix sorting in percent_rmt_hitm_cmp()
mips: cpc: Fix refcount leak in mips_cpc_default_phys_base
tracing: Fix sleeping function called from invalid context on RT kernel
tracing: Avoid adding tracer option before update_tracer_options
i2c: cadence: Increase timeout per message if necessary
m68knommu: set ZERO_PAGE() to the allocated zeroed page
m68knommu: fix undefined reference to `_init_sp'
NFSv4: Don't hold the layoutget locks across multiple RPC calls
video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove()
xprtrdma: treat all calls not a bcall when bc_serv is NULL
ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe
af_unix: Fix a data-race in unix_dgram_peer_wake_me().
bpf, arm64: Clear prog->jited_len along prog->jited
net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure
SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
net: mdio: unexport __init-annotated mdio_bus_init()
net: xfrm: unexport __init-annotated xfrm4_protocol_init()
net: ipv6: unexport __init-annotated seg6_hmac_init()
net/mlx5: Rearm the FW tracer after each tracer event
ip_gre: test csum_start instead of transport header
net: altera: Fix refcount leak in altera_tse_mdio_create
drm: imx: fix compiler warning with gcc-12
iio: dummy: iio_simple_dummy: check the return value of kstrdup()
lkdtm/usercopy: Expand size of "out of frame" object
tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
tty: Fix a possible resource leak in icom_probe
drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop()
drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop()
USB: host: isp116x: check return value after calling platform_get_resource()
drivers: tty: serial: Fix deadlock in sa1100_set_termios()
drivers: usb: host: Fix deadlock in oxu_bus_suspend()
USB: hcd-pci: Fully suspend across freeze/thaw cycle
usb: dwc2: gadget: don't reset gadget's driver->bus
misc: rtsx: set NULL intfdata when probe fails
extcon: Modify extcon device to be created after driver data is set
clocksource/drivers/sp804: Avoid error on multiple instances
staging: rtl8712: fix uninit-value in r871xu_drv_init()
serial: msm_serial: disable interrupts in __msm_console_write()
kernfs: Separate kernfs_pr_cont_buf and rename_lock.
md: protect md_unregister_thread from reentrancy
Revert "net: af_key: add check for pfkey_broadcast in function pfkey_process"
ceph: allow ceph.dir.rctime xattr to be updatable
drm/radeon: fix a possible null pointer dereference
modpost: fix undefined behavior of is_arm_mapping_symbol()
nbd: call genl_unregister_family() first in nbd_cleanup()
nbd: fix race between nbd_alloc_config() and module removal
nbd: fix io hung while disconnecting device
nodemask: Fix return values to be unsigned
vringh: Fix loop descriptors check in the indirect cases
ALSA: hda/conexant - Fix loopback issue with CX20632
cifs: return errors during session setup during reconnects
ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
mmc: block: Fix CQE recovery reset success
nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
ixgbe: fix bcast packets Rx on VF after promisc removal
ixgbe: fix unexpected VLAN Rx in promisc mode on VF
Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
powerpc/32: Fix overread/overwrite of thread_struct via ptrace
md/raid0: Ignore RAID0 layout if the second zone has only one device
mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write
mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N
tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
Linux 4.19.247
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I58c002ddc38e389a13e2bdb9f291f05805718c9d
|
||
|
Xie Yongji
|
4511b50505 |
vringh: Fix loop descriptors check in the indirect cases
[ Upstream commit dbd29e0752286af74243cf891accf472b2f3edd8 ]
We should use size of descriptor chain to test loop condition
in the indirect case. And another statistical count is also introduced
for indirect descriptors to avoid conflict with the statistical count
of direct descriptors.
Fixes:
|
||
|
Greg Kroah-Hartman
|
f785d3e92e |
Merge 4.19.245 into android-4.19-stable
Changes in 4.19.245 floppy: use a statically allocated error counter um: Cleanup syscall_handler_t definition/cast, fix warning Input: add bounds checking to input_set_capability() Input: stmfts - fix reference leak in stmfts_input_open crypto: stm32 - fix reference leak in stm32_crc_remove MIPS: lantiq: check the return value of kzalloc() drbd: remove usage of list iterator variable after loop ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() nilfs2: fix lockdep warnings in page operations for btree nodes nilfs2: fix lockdep warnings during disk space reclamation ALSA: wavefront: Proper check of get_user() error perf: Fix sys_perf_event_open() race against self Fix double fget() in vhost_net_set_backend() PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ drm/dp/mst: fix a possible memory leak in fetch_monitor_name() mmc: core: Cleanup BKOPS support mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() net: macb: Increment rx bd head after allocating skb and buffer net/sched: act_pedit: sanitize shift argument before usage net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() clk: at91: generated: consider range when calculating best rate net/qla3xxx: Fix a test in ql_reset_work() NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc net/mlx5e: Properly block LRO when XDP is enabled net: af_key: add check for pfkey_broadcast in function pfkey_process ARM: 9196/1: spectre-bhb: enable for Cortex-A15 ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 igb: skip phy status check where unavailable net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. gpio: gpio-vf610: do not touch other bits when set the target bit gpio: mvebu/pwm: Refuse requests with inverted polarity perf bench numa: Address compiler error on s390 scsi: qla2xxx: Fix missed DMA unmap for aborted commands mac80211: fix rx reordering with non explicit / psmp ack policy ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() net: atlantic: verify hw_head_ lies within TX buffer ring swiotlb: fix info leak with DMA_FROM_DEVICE Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE"" afs: Fix afs_getattr() to refetch file status if callback break occurred Linux 4.19.245 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ic56d0fb5980a3b034db32053a7e267716a5aec5e |
||
|
Al Viro
|
6ca70982c6 |
Fix double fget() in vhost_net_set_backend()
commit fb4554c2232e44d595920f4d5c66cf8f7d13f9bc upstream. Descriptor table is a shared resource; two fget() on the same descriptor may return different struct file references. get_tap_ptr_ring() is called after we'd found (and pinned) the socket we'll be using and it tries to find the private tun/tap data structures associated with it. Redoing the lookup by the same file descriptor we'd used to get the socket is racy - we need to same struct file. Thanks to Jason for spotting a braino in the original variant of patch - I'd missed the use of fd == -1 for disabling backend, and in that case we can end up with sock == NULL and sock != oldsock. Cc: stable@kernel.org Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Greg Kroah-Hartman
|
b33f661bba |
Merge 4.19.232 into android-4.19-stable
Changes in 4.19.232
cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
parisc/unaligned: Fix fldd and fstd unaligned handlers on 32-bit kernel
parisc/unaligned: Fix ldw() and stw() unalignment handlers
sr9700: sanity check for packet length
USB: zaurus: support another broken Zaurus
ping: remove pr_err from ping_lookup
net: __pskb_pull_tail() & pskb_carve_frag_list() drop_monitor friends
tipc: Fix end of loop tests for list_for_each_entry()
gso: do not skip outer ip header in case of ipip and net_failover
openvswitch: Fix setting ipv6 fields causing hw csum failure
drm/edid: Always set RGB444
net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
configfs: fix a race in configfs_{,un}register_subsystem()
RDMA/ib_srp: Fix a deadlock
tty: n_gsm: fix proper link termination after failed open
gpio: tegra186: Fix chip_data type confusion
Revert "drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR"
memblock: use kfree() to release kmalloced memblock regions
fget: clarify and improve __fget_files() implementation
tracing: Have traceon and traceoff trigger honor the instance
iio: adc: men_z188_adc: Fix a resource leak in an error handling path
ata: pata_hpt37x: disable primary channel on HPT371
Revert "USB: serial: ch341: add new Product ID for CH341A"
usb: gadget: rndis: add spinlock for rndis response list
USB: gadget: validate endpoint index for xilinx udc
tracefs: Set the group ownership in apply_options() not parse_options()
USB: serial: option: add support for DW5829e
USB: serial: option: add Telit LE910R1 compositions
usb: dwc3: pci: Fix Bay Trail phy GPIO mappings
usb: dwc3: gadget: Let the interrupt handler disable bottom halves.
xhci: re-initialize the HC during resume if HCE was set
xhci: Prevent futile URB re-submissions due to incorrect return value.
tty: n_gsm: fix encoding of control signal octet bit DV
Linux 4.19.232
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I7604e43e0d2cc019835f0508e0a0e5116d72bc85
|
||
|
Stefano Garzarella
|
914f93fee6 |
vhost/vsock: don't check owner in vhost_vsock_stop() while releasing
commit a58da53ffd70294ebea8ecd0eb45fd0d74add9f9 upstream.
vhost_vsock_stop() calls vhost_dev_check_owner() to check the device
ownership. It expects current->mm to be valid.
vhost_vsock_stop() is also called by vhost_vsock_dev_release() when
the user has not done close(), so when we are in do_exit(). In this
case current->mm is invalid and we're releasing the device, so we
should clean it anyway.
Let's check the owner only when vhost_vsock_stop() is called
by an ioctl.
When invoked from release we can not fail so we don't check return
code of vhost_vsock_stop(). We need to stop vsock even if it's not
the owner.
Fixes:
|
||
|
Greg Kroah-Hartman
|
c8fea9b939 |
Merge 4.19.219 into android-4.19-stable
Changes in 4.19.219 USB: serial: option: add Telit LE910S1 0x9200 composition USB: serial: option: add Fibocom FM101-GL variants usb: dwc2: hcd_queue: Fix use of floating point literal usb: hub: Fix usb enumeration issue due to address0 race usb: hub: Fix locking issues with address0_mutex binder: fix test regression due to sender_euid change ALSA: ctxfi: Fix out-of-range access media: cec: copy sequence field for the reply HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() fuse: fix page stealing xen: don't continue xenstore initialization in case of errors xen: detect uninitialized xenbus in xenbus_init tracing: Fix pid filtering when triggers are attached xtensa: use CONFIG_USE_OF instead of CONFIG_OF proc/vmcore: fix clearing user buffer by properly using clear_user() PCI: aardvark: Fix a leaked reference by adding missing of_node_put() PCI: aardvark: Wait for endpoint to be ready before training link PCI: aardvark: Train link immediately after enabling training PCI: aardvark: Improve link training PCI: aardvark: Issue PERST via GPIO PCI: aardvark: Replace custom macros by standard linux/pci_regs.h macros PCI: aardvark: Indicate error in 'val' when config read fails PCI: aardvark: Don't touch PCIe registers if no card connected PCI: aardvark: Fix compilation on s390 PCI: aardvark: Move PCIe reset card code to advk_pcie_train_link() PCI: aardvark: Update comment about disabling link training PCI: aardvark: Configure PCIe resources from 'ranges' DT property PCI: aardvark: Fix PCIe Max Payload Size setting PCI: aardvark: Fix link training PCI: aardvark: Fix checking for link up via LTSSM state pinctrl: armada-37xx: Correct mpp definitions pinctrl: armada-37xx: add missing pin: PCIe1 Wakeup pinctrl: armada-37xx: Correct PWM pins definitions arm64: dts: marvell: armada-37xx: declare PCIe reset pin arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function netfilter: ipvs: Fix reuse connection if RS weight is 0 ARM: dts: BCM5301X: Fix I2C controller interrupt ARM: dts: BCM5301X: Add interrupt properties to GPIO node ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer ASoC: topology: Add missing rwsem around snd_ctl_remove() calls net: ieee802154: handle iftypes as u32 firmware: arm_scmi: pm: Propagate return value to caller NFSv42: Don't fail clone() unless the OP_CLONE operation failed ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE scsi: mpt3sas: Fix kernel panic during drive powercycle test drm/vc4: fix error code in vc4_create_object() ipv6: fix typos in __ip6_finish_output() net/smc: Ensure the active closing peer first closes clcsock PM: hibernate: use correct mode for swsusp_close() tcp_cubic: fix spurious Hystart ACK train detections for not-cwnd-limited flows MIPS: use 3-level pgtable for 64KB page size on MIPS_VA_BITS_48 net/smc: Don't call clcsock shutdown twice when smc shutdown net: hns3: fix VF RSS failed problem after PF enable multi-TCs vhost/vsock: fix incorrect used length reported to the guest tracing: Check pid filtering when creating events s390/mm: validate VMA in PGSTE manipulation functions hugetlbfs: flush TLBs correctly after huge_pmd_unshare NFC: add NCI_UNREG flag to eliminate the race fuse: release pipe buf after last use xen: sync include/xen/interface/io/ring.h with Xen's newest version xen/blkfront: read response from backend only once xen/blkfront: don't take local copy of a request from the ring page xen/blkfront: don't trust the backend response data blindly xen/netfront: read response from backend only once xen/netfront: don't read data from request on the ring page xen/netfront: disentangle tx_skb_freelist xen/netfront: don't trust the backend response data blindly tty: hvc: replace BUG_ON() with negative return value Linux 4.19.219 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I08d2ac89cddf44071c644a999ca39fc5230b1b21 |
||
|
Stefano Garzarella
|
3f8ad84723 |
vhost/vsock: fix incorrect used length reported to the guest
commit 49d8c5ffad07ca014cfae72a1b9b8c52b6ad9cb8 upstream.
The "used length" reported by calling vhost_add_used() must be the
number of bytes written by the device (using "in" buffers).
In vhost_vsock_handle_tx_kick() the device only reads the guest
buffers (they are all "out" buffers), without writing anything,
so we must pass 0 as "used length" to comply virtio spec.
Fixes:
|
||
|
Greg Kroah-Hartman
|
a6850bb536 |
Merge 4.19.206 into android-4.19-stable
Changes in 4.19.206 net: qrtr: fix another OOB Read in qrtr_endpoint_post bpf: Do not use ax register in interpreter on div/mod bpf: Fix 32 bit src register truncation on div/mod bpf: Fix truncation handling for mod32 dst reg wrt zero ARC: Fix CONFIG_STACKDEPOT netfilter: conntrack: collect all entries in one cycle once: Fix panic when module unload can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters Revert "USB: serial: ch341: fix character loss at high transfer rates" USB: serial: option: add new VID/PID to support Fibocom FG150 usb: dwc3: gadget: Fix dwc3_calc_trbs_left() usb: dwc3: gadget: Stop EP0 transfers during pullup disable IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() e1000e: Fix the max snoop/no-snoop latency for 10M ip_gre: add validation for csum_start xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' net: marvell: fix MVNETA_TX_IN_PRGRS bit number net: hns3: fix get wrong pfc_en when query PFC configuration usb: gadget: u_audio: fix race condition on endpoint stop opp: remove WARN when no valid OPPs remain virtio: Improve vq->broken access to avoid any compiler optimization virtio_pci: Support surprise removal of virtio pci device vringh: Use wiov->used to check for read/write desc order qed: qed ll2 race condition fixes qed: Fix null-pointer dereference in qed_rdma_create_qp() drm: Copy drm_wait_vblank to user before returning drm/nouveau/disp: power down unused DP links during init net/rds: dma_map_sg is entitled to merge entries vt_kdsetmode: extend console locking fbmem: add margin check to fb_check_caps() KVM: x86/mmu: Treat NX as used (not reserved) for all !TDP shadow MMUs Revert "floppy: reintroduce O_NDELAY fix" net: don't unconditionally copy_from_user a struct ifreq for socket ioctls Linux 4.19.206 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I04e05680c5e311bc4cd79daae49d654b66f774a0 |
||
|
Neeraj Upadhyay
|
691add905f |
vringh: Use wiov->used to check for read/write desc order
[ Upstream commit e74cfa91f42c50f7f649b0eca46aa049754ccdbd ] As __vringh_iov() traverses a descriptor chain, it populates each descriptor entry into either read or write vring iov and increments that iov's ->used member. So, as we iterate over a descriptor chain, at any point, (riov/wriov)->used value gives the number of descriptor enteries available, which are to be read or written by the device. As all read iovs must precede the write iovs, wiov->used should be zero when we are traversing a read descriptor. Current code checks for wiov->i, to figure out whether any previous entry in the current descriptor chain was a write descriptor. However, iov->i is only incremented, when these vring iovs are consumed, at a later point, and remain 0 in __vringh_iov(). So, correct the check for read and write descriptor order, to use wiov->used. Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Neeraj Upadhyay <neeraju@codeaurora.org> Link: https://lore.kernel.org/r/1624591502-4827-1-git-send-email-neeraju@codeaurora.org Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
bc6ea49ddc |
Merge 4.19.205 into android-4.19-stable
Changes in 4.19.205
iio: humidity: hdc100x: Add margin to the conversion time
iio: adc: Fix incorrect exit of for-loop
ASoC: intel: atom: Fix reference to PCM buffer address
i2c: dev: zero out array used for i2c reads from userspace
ACPI: NFIT: Fix support for virtual SPA ranges
ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi
ieee802154: hwsim: fix GPF in hwsim_new_edge_nl
ASoC: cs42l42: Correct definition of ADC Volume control
ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J
ASoC: cs42l42: Fix inversion of ADC Notch Switch control
ASoC: cs42l42: Remove duplicate control for WNF filter frequency
ASoC: cs42l42: Fix LRCLK frame start edge
net: dsa: mt7530: add the missing RxUnicast MIB counter
ppp: Fix generating ifname when empty IFLA_IFNAME is specified
psample: Add a fwd declaration for skbuff
net: Fix memory leak in ieee802154_raw_deliver
net: igmp: fix data-race in igmp_ifc_timer_expire()
net: dsa: lan9303: fix broken backpressure in .port_fdb_dump
net: bridge: fix memleak in br_add_if()
tcp_bbr: fix u32 wrap bug in round logic if bbr_init() called after 2B packets
net: igmp: increase size of mr_ifc_count
xen/events: Fix race in set_evtchn_to_irq
vsock/virtio: avoid potential deadlock when vsock device remove
powerpc/kprobes: Fix kprobe Oops happens in booke
x86/tools: Fix objdump version check again
genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP
x86/msi: Force affinity setup before startup
x86/ioapic: Force affinity setup before startup
x86/resctrl: Fix default monitoring groups reporting
genirq/msi: Ensure deactivation on teardown
PCI/MSI: Enable and mask MSI-X early
PCI/MSI: Do not set invalid bits in MSI mask
PCI/MSI: Correct misleading comments
PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown()
PCI/MSI: Protect msi_desc::masked for multi-MSI
PCI/MSI: Mask all unused MSI-X entries
PCI/MSI: Enforce that MSI-X table entry is masked for update
PCI/MSI: Enforce MSI[X] entry updates to be visible
vmlinux.lds.h: Handle clang's module.{c,d}tor sections
iommu/vt-d: Fix agaw for a supported 48 bit guest address width
mac80211: drop data frames without key on encrypted links
KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
x86/fpu: Make init_fpstate correct with optimized XSAVE
ath: Use safer key clearing with key cache entries
ath9k: Clear key cache explicitly on disabling hardware
ath: Export ath_hw_keysetmac()
ath: Modify ath_key_delete() to not need full key entry
ath9k: Postpone key cache entry deletion for TXQ frames reference it
dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers
dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
ARM: dts: am43x-epos-evm: Reduce i2c0 bus speed for tps65218
dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available
scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry()
scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
scsi: core: Avoid printing an error if target_alloc() returns -ENXIO
ARM: dts: nomadik: Fix up interrupt controller node names
net: usb: lan78xx: don't modify phy_device state concurrently
Bluetooth: hidp: use correct wait queue when removing ctrl_wait
cpufreq: armada-37xx: forbid cpufreq for 1.2 GHz variant
dccp: add do-while-0 stubs for dccp_pr_debug macros
vhost: Fix the calculation in vhost_overflow()
bnxt: don't lock the tx queue from napi poll
bnxt: disable napi before canceling DIM
net: 6pack: fix slab-out-of-bounds in decode_data
ptp_pch: Restore dependency on PCI
net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
net: mdio-mux: Don't ignore memory allocation errors
net: mdio-mux: Handle -EPROBE_DEFER correctly
mmc: dw_mmc: Fix hang on data CRC error
ALSA: hda - fix the 'Capture Switch' value change notifications
tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name
slimbus: messaging: start transaction ids from 1 instead of zero
slimbus: messaging: check for valid transaction id
slimbus: ngd: reset dma setup during runtime pm
ipack: tpci200: fix many double free issues in tpci200_pci_probe
ipack: tpci200: fix memory leak in the tpci200_register
btrfs: prevent rename2 from exchanging a subvol with a directory from different parents
PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI
ASoC: intel: atom: Fix breakage for PCM buffer address setup
locks: print a warning when mount fails due to lack of "mand" support
fs: warn about impending deprecation of mandatory locks
netfilter: nft_exthdr: fix endianness of tcp option cast
Linux 4.19.205
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I710e9719923984fdc85b2979aa916f78f57dc387
|
||
|
Xie Yongji
|
7cfaec657d |
vhost: Fix the calculation in vhost_overflow()
[ Upstream commit f7ad318ea0ad58ebe0e595e59aed270bb643b29b ]
This fixes the incorrect calculation for integer overflow
when the last address of iova range is 0xffffffff.
Fixes:
|
||
|
Greg Kroah-Hartman
|
8c62f42548 |
Merge 4.19.185 into android-4.19-stable
Changes in 4.19.185 selinux: vsock: Set SID for socket returned by accept() tcp: relookup sock for RST+ACK packets handled by obsolete req sock ipv6: weaken the v4mapped source check ext4: fix bh ref count on error paths rpc: fix NULL dereference on kmalloc failure ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe ASoC: es8316: Simplify adc_pga_gain_tlv table ASoC: cs42l42: Fix Bitclock polarity inversion ASoC: cs42l42: Fix channel width support ASoC: cs42l42: Fix mixer volume control ASoC: cs42l42: Always wait at least 3ms after reset vhost: Fix vhost_vq_reset() scsi: st: Fix a use after free in st_open() scsi: qla2xxx: Fix broken #endif placement staging: comedi: cb_pcidas: fix request_irq() warn staging: comedi: cb_pcidas64: fix request_irq() warn ASoC: rt5659: Update MCLK rate in set_sysclk() thermal/core: Add NULL pointer check before using cooling device stats locking/ww_mutex: Simplify use_ww_ctx & ww_ctx handling ext4: do not iput inode under running transaction in ext4_rename() brcmfmac: clear EAP/association status bits on linkdown events ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() net: ethernet: aquantia: Handle error cleanup of start on open appletalk: Fix skb allocation size in loopback case net: wan/lmc: unregister device when no matching device is found bpf: Remove MTU check in __bpf_skb_max_len ALSA: usb-audio: Apply sample rate quirk to Logitech Connect ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO ALSA: hda/realtek: call alc_update_headset_mode() in hp_automute_hook PM: runtime: Fix race getting/putting suppliers at probe PM: runtime: Fix ordering in pm_runtime_get_suppliers() tracing: Fix stack trace event size mm: fix race by making init_zero_pfn() early_initcall drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() drm/amdgpu: check alignment on CPU page for bo map reiserfs: update reiserfs_xattrs_initialized() condition pinctrl: rockchip: fix restore error in resume extcon: Add stubs for extcon_register_notifier_all() functions extcon: Fix error handling in extcon_dev_register firewire: nosy: Fix a use-after-free bug in nosy_ioctl() usbip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem usb: musb: Fix suspend with devices connected for a64 usb: xhci-mtk: fix broken streams issue on 0.96 xHCI cdc-acm: fix BREAK rx code path adding necessary calls USB: cdc-acm: untangle a circular dependency between callback and softint USB: cdc-acm: downgrade message to debug USB: cdc-acm: fix double free on probe failure USB: cdc-acm: fix use-after-free after probe failure usb: gadget: udc: amd5536udc_pci fix null-ptr-dereference usb: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board. staging: rtl8192e: Fix incorrect source in memcpy() staging: rtl8192e: Change state information from u16 to u8 drivers: video: fbcon: fix NULL dereference in fbcon_cursor() Linux 4.19.185 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I65f4fd7d1b60193895371093882ab33943d22e7c |
||
|
Laurent Vivier
|
b04795103a |
vhost: Fix vhost_vq_reset()
[ Upstream commit beb691e69f4dec7bfe8b81b509848acfd1f0dbf9 ]
vhost_reset_is_le() is vhost_init_is_le(), and in the case of
cross-endian legacy, vhost_init_is_le() depends on vq->user_be.
vq->user_be is set by vhost_disable_cross_endian().
But in vhost_vq_reset(), we have:
vhost_reset_is_le(vq);
vhost_disable_cross_endian(vq);
And so user_be is used before being set.
To fix that, reverse the lines order as there is no other dependency
between them.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Link: https://lore.kernel.org/r/20210312140913.788592-1-lvivier@redhat.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
||
|
Greg Kroah-Hartman
|
8ca2f0230e |
Merge 4.19.167 into android-4.19-stable
Changes in 4.19.167 kbuild: don't hardcode depmod path workqueue: Kick a worker based on the actual activation of delayed works scsi: ufs: Fix wrong print message in dev_err() scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() scsi: ide: Do not set the RQF_PREEMPT flag for sense requests scsi: scsi_transport_spi: Set RQF_PM for domain validation commands lib/genalloc: fix the overflow when size is too big depmod: handle the case of /sbin/depmod without /sbin in PATH proc: change ->nlink under proc_subdir_lock proc: fix lookup in /proc/net subdirectories after setns(2) i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs net: mvpp2: Add TCAM entry to drop flow control pause frames net: mvpp2: prs: fix PPPoE with ipv6 packet parse ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() ethernet: ucc_geth: set dev->max_mtu to 1518 atm: idt77252: call pci_disable_device() on error path net: mvpp2: Fix GoP port 3 Networking Complex Control configurations qede: fix offload for IPIP tunnel packets virtio_net: Fix recursive call to cpus_read_lock() net/ncsi: Use real net-device for response handler net: ethernet: Fix memleak in ethoc_probe net-sysfs: take the rtnl lock when storing xps_cpus net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS ipv4: Ignore ECN bits for fib lookups in fib_compute_spec_dst() net: hns: fix return value check in __lb_other_process() erspan: fix version 1 check in gre_parse_header() net: hdlc_ppp: Fix issues when mod_timer is called while timer is running CDC-NCM: remove "connected" log message net: usb: qmi_wwan: add Quectel EM160R-GL r8169: work around power-saving bug on some chip versions vhost_net: fix ubuf refcount incorrectly when sendmsg fails net: sched: prevent invalid Scell_log shift count net-sysfs: take the rtnl lock when storing xps_rxqs net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc net: systemport: set dev->max_mtu to UMAC_MAX_MTU_SIZE Bluetooth: revert: hci_h5: close serdev device and free hu in h5_close video: hyperv_fb: Fix the mmap() regression for v5.4.y and older crypto: ecdh - avoid buffer overflow in ecdh_set_secret() staging: mt7621-dma: Fix a resource leak in an error handling path usb: gadget: enable super speed plus USB: cdc-acm: blacklist another IR Droid device USB: cdc-wdm: Fix use after free in service_outstanding_interrupt(). usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set usb: usbip: vhci_hcd: protect shift size usb: uas: Add PNY USB Portable SSD to unusual_uas USB: serial: iuu_phoenix: fix DMA from stack USB: serial: option: add LongSung M5710 module support USB: serial: option: add Quectel EM160R-GL USB: yurex: fix control-URB timeout handling USB: usblp: fix DMA to stack ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks usb: gadget: select CONFIG_CRC32 usb: gadget: f_uac2: reset wMaxPacketSize usb: gadget: function: printer: Fix a memory leak for interface descriptor usb: gadget: u_ether: Fix MTU size mismatch with RX packet size USB: gadget: legacy: fix return error code in acm_ms_bind() usb: gadget: Fix spinlock lockup on usb_function_deactivate usb: gadget: configfs: Preserve function ordering after bind failure usb: gadget: configfs: Fix use-after-free issue with udc_name USB: serial: keyspan_pda: remove unused variable x86/mm: Fix leak of pmd ptlock ALSA: hda/via: Fix runtime PM for Clevo W35xSS ALSA: hda/conexant: add a new hda codec CX11970 ALSA: hda/realtek - Fix speaker volume control on Lenovo C940 btrfs: send: fix wrong file path when there is an inode with a pending rmdir Revert "device property: Keep secondary firmware node secondary by type" xen/pvh: correctly setup the PV EFI interface for dom0 netfilter: x_tables: Update remaining dereference to RCU netfilter: ipset: fix shift-out-of-bounds in htable_bits() netfilter: xt_RATEEST: reject non-null terminated string from userspace x86/mtrr: Correct the range check before performing MTRR type lookups KVM: x86: fix shift out of bounds reported by UBSAN scsi: target: Fix XCOPY NAA identifier lookup Linux 4.19.167 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Id204bcc705c98d3344f33de84431cc7ca0868246 |
||
|
Yunjian Wang
|
cf7dd7f3be |
vhost_net: fix ubuf refcount incorrectly when sendmsg fails
[ Upstream commit 01e31bea7e622f1890c274f4aaaaf8bccd296aa5 ]
Currently the vhost_zerocopy_callback() maybe be called to decrease
the refcount when sendmsg fails in tun. The error handling in vhost
handle_tx_zerocopy() will try to decrease the same refcount again.
This is wrong. To fix this issue, we only call vhost_net_ubuf_put()
when vq->heads[nvq->desc].len == VHOST_DMA_IN_PROGRESS.
Fixes:
|
||
|
Greg Kroah-Hartman
|
d1253c75a8 |
Merge 4.19.155 into android-4.19-stable
Changes in 4.19.155
objtool: Support Clang non-section symbols in ORC generation
scripts/setlocalversion: make git describe output more reliable
arm64: Run ARCH_WORKAROUND_1 enabling code on all CPUs
arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
efivarfs: Replace invalid slashes with exclamation marks in dentries.
chelsio/chtls: fix deadlock issue
chelsio/chtls: fix memory leaks in CPL handlers
chelsio/chtls: fix tls record info to user
gtp: fix an use-before-init in gtp_newlink()
mlxsw: core: Fix memory leak on module removal
netem: fix zero division in tabledist
ravb: Fix bit fields checking in ravb_hwtstamp_get()
tcp: Prevent low rmem stalls with SO_RCVLOWAT.
tipc: fix memory leak caused by tipc_buf_append()
r8169: fix issue with forced threading in combination with shared interrupts
cxgb4: set up filter action after rewrites
arch/x86/amd/ibs: Fix re-arming IBS Fetch
x86/xen: disable Firmware First mode for correctable memory errors
fuse: fix page dereference after free
bpf: Fix comment for helper bpf_current_task_under_cgroup()
evm: Check size of security.evm before using it
p54: avoid accessing the data mapped to streaming DMA
cxl: Rework error message for incompatible slots
RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
mtd: lpddr: Fix bad logic in print_drs_error
serial: pl011: Fix lockdep splat when handling magic-sysrq interrupt
ata: sata_rcar: Fix DMA boundary mask
fscrypt: return -EXDEV for incompatible rename or link into encrypted dir
fscrypt: clean up and improve dentry revalidation
fscrypt: fix race allowing rename() and link() of ciphertext dentries
fs, fscrypt: clear DCACHE_ENCRYPTED_NAME when unaliasing directory
fscrypt: only set dentry_operations on ciphertext dentries
fscrypt: fix race where ->lookup() marks plaintext dentry as ciphertext
Revert "block: ratelimit handle_bad_sector() message"
xen/events: don't use chip_data for legacy IRQs
xen/events: avoid removing an event channel while handling it
xen/events: add a proper barrier to 2-level uevent unmasking
xen/events: fix race in evtchn_fifo_unmask()
xen/events: add a new "late EOI" evtchn framework
xen/blkback: use lateeoi irq binding
xen/netback: use lateeoi irq binding
xen/scsiback: use lateeoi irq binding
xen/pvcallsback: use lateeoi irq binding
xen/pciback: use lateeoi irq binding
xen/events: switch user event channels to lateeoi model
xen/events: use a common cpu hotplug hook for event channels
xen/events: defer eoi in case of excessive number of events
xen/events: block rogue events for some time
x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels
mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
RDMA/qedr: Fix memory leak in iWARP CM
ata: sata_nv: Fix retrieving of active qcs
futex: Fix incorrect should_fail_futex() handling
powerpc/powernv/smp: Fix spurious DBG() warning
mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race
powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM
sparc64: remove mm_cpumask clearing to fix kthread_use_mm race
f2fs: add trace exit in exception path
f2fs: fix uninit-value in f2fs_lookup
f2fs: fix to check segment boundary during SIT page readahead
um: change sigio_spinlock to a mutex
ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses
power: supply: bq27xxx: report "not charging" on all types
xfs: fix realtime bitmap/summary file truncation when growing rt volume
video: fbdev: pvr2fb: initialize variables
ath10k: start recovery process when payload length exceeds max htc length for sdio
ath10k: fix VHT NSS calculation when STBC is enabled
drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly
media: videodev2.h: RGB BT2020 and HSV are always full range
media: platform: Improve queue set up flow for bug fixing
usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart
media: tw5864: check status of tw5864_frameinterval_get
media: imx274: fix frame interval handling
mmc: via-sdmmc: Fix data race bug
drm/bridge/synopsys: dsi: add support for non-continuous HS clock
arm64: topology: Stop using MPIDR for topology information
printk: reduce LOG_BUF_SHIFT range for H8300
ia64: kprobes: Use generic kretprobe trampoline handler
kgdb: Make "kgdbcon" work properly with "kgdb_earlycon"
media: uvcvideo: Fix dereference of out-of-bound list iterator
riscv: Define AT_VECTOR_SIZE_ARCH for ARCH_DLINFO
cpufreq: sti-cpufreq: add stih418 support
USB: adutux: fix debugging
uio: free uio id after uio file node is freed
usb: xhci: omit duplicate actions when suspending a runtime suspended host.
arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE
xfs: don't free rt blocks when we're doing a REMAP bunmapi call
ACPI: Add out of bounds and numa_off protections to pxm_to_node()
drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values
bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
power: supply: test_power: add missing newlines when printing parameters by sysfs
drm/amd/display: HDMI remote sink need mode validation for Linux
btrfs: fix replace of seed device
md/bitmap: md_bitmap_get_counter returns wrong blocks
bnxt_en: Log unknown link speed appropriately.
rpmsg: glink: Use complete_all for open states
clk: ti: clockdomain: fix static checker warning
net: 9p: initialize sun_server.sun_path to have addr's value only when addr is valid
drivers: watchdog: rdc321x_wdt: Fix race condition bugs
ext4: Detect already used quota file early
gfs2: add validation checks for size of superblock
cifs: handle -EINTR in cifs_setattr
arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes
ARM: dts: omap4: Fix sgx clock rate for 4430
memory: emif: Remove bogus debugfs error handling
ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings
ARM: dts: s5pv210: move PMU node out of clock controller
ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node
nbd: make the config put is called before the notifying the waiter
sgl_alloc_order: fix memory leak
nvme-rdma: fix crash when connect rejected
md/raid5: fix oops during stripe resizing
mmc: sdhci-acpi: AMDI0040: Set SDHCI_QUIRK2_PRESET_VALUE_BROKEN
perf/x86/amd/ibs: Don't include randomized bits in get_ibs_op_count()
perf/x86/amd/ibs: Fix raw sample data accumulation
leds: bcm6328, bcm6358: use devres LED registering function
media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect
fs: Don't invalidate page buffers in block_write_full_page()
NFS: fix nfs_path in case of a rename retry
ACPI: button: fix handling lid state changes when input device closed
ACPI / extlog: Check for RDMSR failure
ACPI: video: use ACPI backlight for HP 635 Notebook
ACPI: debug: don't allow debugging when ACPI is disabled
acpi-cpufreq: Honor _PSD table setting on new AMD CPUs
w1: mxc_w1: Fix timeout resolution problem leading to bus error
scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove()
scsi: qla2xxx: Fix crash on session cleanup with unload
btrfs: qgroup: fix wrong qgroup metadata reserve for delayed inode
btrfs: improve device scanning messages
btrfs: reschedule if necessary when logging directory items
btrfs: send, recompute reference path after orphanization of a directory
btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send()
btrfs: cleanup cow block on error
btrfs: fix use-after-free on readahead extent after failure to create it
usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC
usb: dwc3: ep0: Fix ZLP for OUT ep0 requests
usb: dwc3: gadget: Check MPS of the request length
usb: dwc3: core: add phy cleanup for probe error handling
usb: dwc3: core: don't trigger runtime pm when remove driver
usb: cdc-acm: fix cooldown mechanism
usb: typec: tcpm: reset hard_reset_count for any disconnect
usb: host: fsl-mph-dr-of: check return of dma_set_mask()
drm/i915: Force VT'd workarounds when running as a guest OS
vt: keyboard, simplify vt_kdgkbsent
vt: keyboard, extend func_buf_lock to readers
HID: wacom: Avoid entering wacom_wac_pen_report for pad / battery
udf: Fix memory leak when mounting
dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status
iio:light:si1145: Fix timestamp alignment and prevent data leak.
iio:adc:ti-adc0832 Fix alignment issue with timestamp
iio:adc:ti-adc12138 Fix alignment issue with timestamp
iio:gyro:itg3200: Fix timestamp alignment and prevent data leak.
powerpc/drmem: Make lmb_size 64 bit
s390/stp: add locking to sysfs functions
powerpc/rtas: Restrict RTAS requests from userspace
powerpc: Warn about use of smt_snooze_delay
powerpc/powernv/elog: Fix race while processing OPAL error log event.
powerpc: Fix undetected data corruption with P9N DD2.1 VSX CI load emulation
NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
NFSD: Add missing NFSv2 .pc_func methods
ubifs: dent: Fix some potential memory leaks while iterating entries
perf python scripting: Fix printable strings in python3 scripts
ubi: check kthread_should_stop() after the setting of task state
ia64: fix build error with !COREDUMP
i2c: imx: Fix external abort on interrupt in exit paths
drm/amdgpu: don't map BO in reserved region
drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally
ceph: promote to unsigned long long before shifting
libceph: clear con->out_msg on Policy::stateful_server faults
9P: Cast to loff_t before multiplying
ring-buffer: Return 0 on success from ring_buffer_resize()
vringh: fix __vringh_iov() when riov and wiov are different
ext4: fix leaking sysfs kobject after failed mount
ext4: fix error handling code in add_new_gdb
ext4: fix invalid inode checksum
drm/ttm: fix eviction valuable range check.
rtc: rx8010: don't modify the global rtc ops
tty: make FONTX ioctl use the tty pointer they were actually passed
arm64: berlin: Select DW_APB_TIMER_OF
cachefiles: Handle readpage error correctly
hil/parisc: Disable HIL driver when it gets stuck
arm: dts: mt7623: add missing pause for switchport
ARM: samsung: fix PM debug build with DEBUG_LL but !MMU
ARM: s3c24xx: fix missing system reset
device property: Keep secondary firmware node secondary by type
device property: Don't clear secondary pointer for shared primary firmware node
KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR
staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice
staging: octeon: repair "fixed-link" support
staging: octeon: Drop on uncorrectable alignment or FCS error
Linux 4.19.155
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: I18fefb5bfaa4d05772c61c2975340d0f089b8e3e
|
||
|
Stefano Garzarella
|
5b14ac3b94 |
vringh: fix __vringh_iov() when riov and wiov are different
commit 5745bcfbbf89b158416075374254d3c013488f21 upstream.
If riov and wiov are both defined and they point to different
objects, only riov is initialized. If the wiov is not initialized
by the caller, the function fails returning -EINVAL and printing
"Readable desc 0x... after writable" error message.
This issue happens when descriptors have both readable and writable
buffers (eg. virtio-blk devices has virtio_blk_outhdr in the readable
buffer and status as last byte of writable buffer) and we call
__vringh_iov() to get both type of buffers in two different iovecs.
Let's replace the 'else if' clause with 'if' to initialize both
riov and wiov if they are not NULL.
As checkpatch pointed out, we also avoid crashing the kernel
when riov and wiov are both NULL, replacing BUG() with WARN_ON()
and returning -EINVAL.
Fixes:
|
||
|
Greg Kroah-Hartman
|
2dce03a5c2 |
Merge 4.19.150 into android-4.19-stable
Changes in 4.19.150 mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS models USB: gadget: f_ncm: Fix NDP16 datagram validation gpio: mockup: fix resource leak in error path gpio: tc35894: fix up tc35894 interrupt configuration clk: socfpga: stratix10: fix the divider for the emac_ptp_free_clk vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock vsock/virtio: stop workers during the .remove() vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock() net: virtio_vsock: Enhance connection semantics Input: i8042 - add nopnp quirk for Acer Aspire 5 A515 ftrace: Move RCU is watching check after recursion check drm/amdgpu: restore proper ref count in amdgpu_display_crtc_set_config drivers/net/wan/hdlc_fr: Add needed_headroom for PVC devices drm/sun4i: mixer: Extend regmap max_register net: dec: de2104x: Increase receive ring size for Tulip rndis_host: increase sleep time in the query-response loop nvme-core: get/put ctrl and transport module in nvme_dev_open/release() drivers/net/wan/lapbether: Make skb->protocol consistent with the header drivers/net/wan/hdlc: Set skb->protocol before transmitting mac80211: do not allow bigger VHT MPDUs than the hardware supports spi: fsl-espi: Only process interrupts for expected events nvme-fc: fail new connections to a deleted host or remote port gpio: sprd: Clear interrupt when setting the type as edge pinctrl: mvebu: Fix i2c sda definition for 98DX3236 nfs: Fix security label length not being reset clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate() i2c: cpm: Fix i2c_ram structure Input: trackpoint - enable Synaptics trackpoints random32: Restore __latent_entropy attribute on net_rand_state mm: replace memmap_context by meminit_context mm: don't rely on system state to detect hot-plug operations net/packet: fix overflow in tpacket_rcv epoll: do not insert into poll queues until all sanity checks are done epoll: replace ->visited/visited_list with generation count epoll: EPOLL_CTL_ADD: close the race in decision to take fast path ep_create_wakeup_source(): dentry name can change under you... netfilter: ctnetlink: add a range check for l3/l4 protonum Linux 4.19.150 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib6f1b6fce01bec80efd4a905d03903ff20ca89be |
||
|
Stefano Garzarella
|
7c20b974aa |
vsock/virtio: add transport parameter to the virtio_transport_reset_no_sock()
[ Upstream commit 4c7246dc45e2706770d5233f7ce1597a07e069ba ] We are going to add 'struct vsock_sock *' parameter to virtio_transport_get_ops(). In some cases, like in the virtio_transport_reset_no_sock(), we don't have any socket assigned to the packet received, so we can't use the virtio_transport_get_ops(). In order to allow virtio_transport_reset_no_sock() to use the '.send_pkt' callback from the 'vhost_transport' or 'virtio_transport', we add the 'struct virtio_transport *' to it and to its caller: virtio_transport_recv_pkt(). We moved the 'vhost_transport' and 'virtio_transport' definition, to pass their address to the virtio_transport_recv_pkt(). Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
a483478041 |
Merge 4.19.125 into android-4.19-stable
Changes in 4.19.125 x86/uaccess, ubsan: Fix UBSAN vs. SMAP ubsan: build ubsan.c more conservatively i2c: dev: Fix the race between the release of i2c_dev and cdev KVM: SVM: Fix potential memory leak in svm_cpu_init() riscv: set max_pfn to the PFN of the last page ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash() evm: Check also if *tfm is an error pointer in init_desc() ima: Fix return value of ima_write_policy() mtd: spinand: Propagate ECC information to the MTD structure fix multiplication overflow in copy_fdtable() ubifs: remove broken lazytime support iommu/amd: Fix over-read of ACPI UID from IVRS table i2c: mux: demux-pinctrl: Fix an error handling path in 'i2c_demux_pinctrl_probe()' ubi: Fix seq_file usage in detailed_erase_block_info debugfs file gcc-common.h: Update for GCC 10 HID: multitouch: add eGalaxTouch P80H84 support HID: alps: Add AUI1657 device ID HID: alps: ALPS_1657 is too specific; use U1_UNICORN_LEGACY instead scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV scsi: qla2xxx: Delete all sessions before unregister local nvme port configfs: fix config_item refcnt leak in configfs_rmdir() vhost/vsock: fix packet delivery order to monitoring devices aquantia: Fix the media type of AQC100 ethernet controller in the driver component: Silence bind error on -EPROBE_DEFER scsi: ibmvscsi: Fix WARN_ON during event pool release HID: i2c-hid: reset Synaptics SYNA2393 on resume x86/apic: Move TSC deadline timer debug printk gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() HID: quirks: Add HID_QUIRK_NO_INIT_REPORTS quirk for Dell K12A keyboard-dock ceph: fix double unlock in handle_cap_export() stmmac: fix pointer check after utilization in stmmac_interrupt USB: core: Fix misleading driver bug report platform/x86: asus-nb-wmi: Do not load on Asus T100TA and T200TA ARM: futex: Address build warning padata: Replace delayed timer with immediate workqueue in padata_reorder padata: initialize pd->cpu with effective cpumask padata: purge get_cpu and reorder_via_wq from padata_do_serial ALSA: iec1712: Initialize STDSP24 properly when using the model=staudio option ALSA: pcm: fix incorrect hw_base increase ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Xtreme ALSA: hda/realtek - Add more fixup entries for Clevo machines drm/etnaviv: fix perfmon domain interation apparmor: Fix use-after-free in aa_audit_rule_init apparmor: fix potential label refcnt leak in aa_change_profile apparmor: Fix aa_label refcnt leak in policy_update dmaengine: tegra210-adma: Fix an error handling path in 'tegra_adma_probe()' dmaengine: owl: Use correct lock in owl_dma_get_pchan() drm/i915/gvt: Init DPLL/DDI vreg for virtual display instead of inheritance. powerpc: Remove STRICT_KERNEL_RWX incompatibility with RELOCATABLE powerpc/64s: Disable STRICT_KERNEL_RWX nfit: Add Hyper-V NVDIMM DSM command set to white list libnvdimm/btt: Remove unnecessary code in btt_freelist_init libnvdimm/btt: Fix LBA masking during 'free list' population staging: most: core: replace strcpy() by strscpy() thunderbolt: Drop duplicated get_switch_at_route() media: fdp1: Fix R-Car M3-N naming in debug message Revert "net/ibmvnic: Fix EOI when running in XIVE mode" net: bcmgenet: code movement net: bcmgenet: abort suspend on error cxgb4: free mac_hlist properly cxgb4/cxgb4vf: Fix mac_hlist initialization and free tty: serial: qcom_geni_serial: Fix wrap around of TX buffer brcmfmac: abort and release host after error Revert "gfs2: Don't demote a glock until its revokes are written" staging: iio: ad2s1210: Fix SPI reading staging: greybus: Fix uninitialized scalar variable iio: sca3000: Remove an erroneous 'get_device()' iio: dac: vf610: Fix an error handling path in 'vf610_dac_probe()' misc: rtsx: Add short delay after exit from ASPM mei: release me_cl object reference ipack: tpci200: fix error return code in tpci200_register() rapidio: fix an error in get_user_pages_fast() error handling rxrpc: Fix a memory leak in rxkad_verify_response() x86/unwind/orc: Fix unwind_get_return_address_ptr() for inactive tasks iio: adc: stm32-adc: Use dma_request_chan() instead dma_request_slave_channel() iio: adc: stm32-adc: fix device used to request dma iio: adc: stm32-dfsdm: Use dma_request_chan() instead dma_request_slave_channel() iio: adc: stm32-dfsdm: fix device used to request dma rxrpc: Trace discarded ACKs rxrpc: Fix ack discard Linux 4.19.125 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I7ef4b874ed2ce4f234e2333c751b5dd401746358 |
||
|
Stefano Garzarella
|
b6067828fd |
vhost/vsock: fix packet delivery order to monitoring devices
[ Upstream commit 107bc0766b9feb5113074c753735a3f115c2141f ] We want to deliver packets to monitoring devices before it is put in the virtqueue, to avoid that replies can appear in the packet capture before the transmitted packet. Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Greg Kroah-Hartman
|
9179fe9802 |
Merge 4.19.122 into android-4.19
Changes in 4.19.122 vhost: vsock: kick send_pkt worker once device is started powerpc/pci/of: Parse unassigned resources ASoC: topology: Check return value of pcm_new_ver selftests/ipc: Fix test failure seen after initial test run ASoC: sgtl5000: Fix VAG power-on handling usb: dwc3: gadget: Properly set maxpacket limit ASoC: rsnd: Fix parent SSI start/stop in multi-SSI mode ASoC: rsnd: Fix HDMI channel mapping for multi-SSI mode ASoC: codecs: hdac_hdmi: Fix incorrect use of list_for_each_entry drm/amdgpu: Correctly initialize thermal controller for GPUs with Powerplay table v0 (e.g Hawaii) wimax/i2400m: Fix potential urb refcnt leak net: stmmac: fix enabling socfpga's ptp_ref_clock net: stmmac: Fix sub-second increment ASoC: rsnd: Don't treat master SSI in multi SSI setup as parent ASoC: rsnd: Fix "status check failed" spam for multi-SSI cifs: protect updating server->dstaddr with a spinlock s390/ftrace: fix potential crashes when switching tracers scripts/config: allow colons in option strings for sed lib/mpi: Fix building for powerpc with clang net: bcmgenet: suppress warnings on failed Rx SKB allocations net: systemport: suppress warnings on failed Rx SKB allocations sctp: Fix SHUTDOWN CTSN Ack in the peer restart case drm/amdgpu: Fix oops when pp_funcs is unset in ACPI event lib: devres: add a helper function for ioremap_uc mfd: intel-lpss: Use devm_ioremap_uc for MMIO hexagon: clean up ioremap hexagon: define ioremap_uc ALSA: hda: Match both PCI ID and SSID for driver blacklist platform/x86: GPD pocket fan: Fix error message when temp-limits are out of range mac80211: add ieee80211_is_any_nullfunc() cgroup, netclassid: remove double cond_resched drm/atomic: Take the atomic toys away from X Linux 4.19.122 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: I7257fc5afa0c25d3ba2f6884822ec315d556426a |
||
|
Jia He
|
a9ca8a3bda |
vhost: vsock: kick send_pkt worker once device is started
commit 0b841030625cde5f784dd62aec72d6a766faae70 upstream.
Ning Bo reported an abnormal 2-second gap when booting Kata container [1].
The unconditional timeout was caused by VSOCK_DEFAULT_CONNECT_TIMEOUT of
connecting from the client side. The vhost vsock client tries to connect
an initializing virtio vsock server.
The abnormal flow looks like:
host-userspace vhost vsock guest vsock
============== =========== ============
connect() --------> vhost_transport_send_pkt_work() initializing
| vq->private_data==NULL
| will not be queued
V
schedule_timeout(2s)
vhost_vsock_start() <--------- device ready
set vq->private_data
wait for 2s and failed
connect() again vq->private_data!=NULL recv connecting pkt
Details:
1. Host userspace sends a connect pkt, at that time, guest vsock is under
initializing, hence the vhost_vsock_start has not been called. So
vq->private_data==NULL, and the pkt is not been queued to send to guest
2. Then it sleeps for 2s
3. After guest vsock finishes initializing, vq->private_data is set
4. When host userspace wakes up after 2s, send connecting pkt again,
everything is fine.
As suggested by Stefano Garzarella, this fixes it by additional kicking the
send_pkt worker in vhost_vsock_start once the virtio device is started. This
makes the pending pkt sent again.
After this patch, kata-runtime (with vsock enabled) boot time is reduced
from 3s to 1s on a ThunderX2 arm64 server.
[1] https://github.com/kata-containers/runtime/issues/1917
Reported-by: Ning Bo <n.b@live.com>
Suggested-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Jia He <justin.he@arm.com>
Link: https://lore.kernel.org/r/20200501043840.186557-1-justin.he@arm.com
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Greg Kroah-Hartman
|
8290fa4ad8 |
Merge 4.19.108 into android-4.19
Changes in 4.19.108 irqchip/gic-v3-its: Fix misuse of GENMASK macro iwlwifi: pcie: fix rb_allocator workqueue allocation ipmi:ssif: Handle a possible NULL pointer reference drm/msm: Set dma maximum segment size for mdss dax: pass NOWAIT flag to iomap_apply mac80211: consider more elements in parsing CRC cfg80211: check wiphy driver existence for drvinfo report s390/zcrypt: fix card and queue total counter wrap qmi_wwan: re-add DW5821e pre-production variant qmi_wwan: unconditionally reject 2 ep interfaces ARM: dts: sti: fixup sound frame-inversion for stihxxx-b2120.dtsi soc/tegra: fuse: Fix build with Tegra194 configuration net: ena: fix potential crash when rxfh key is NULL net: ena: fix uses of round_jiffies() net: ena: add missing ethtool TX timestamping indication net: ena: fix incorrect default RSS key net: ena: rss: fix failure to get indirection table net: ena: rss: store hash function as values and not bits net: ena: fix incorrectly saving queue numbers when setting RSS indirection table net: ena: ethtool: use correct value for crc32 hash net: ena: ena-com.c: prevent NULL pointer dereference cifs: Fix mode output in debugging statements cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE sysrq: Restore original console_loglevel when sysrq disabled sysrq: Remove duplicated sysrq message net: fib_rules: Correctly set table field when table number exceeds 8 bits net: mscc: fix in frame extraction net: phy: restore mdio regs in the iproc mdio driver net: sched: correct flower port blocking nfc: pn544: Fix occasional HW initialization failure sctp: move the format error check out of __sctp_sf_do_9_1_abort ipv6: Fix route replacement with dev-only route ipv6: Fix nlmsg_flags when splitting a multipath route qede: Fix race between rdma destroy workqueue and link change event net/tls: Fix to avoid gettig invalid tls record ext4: potential crash on allocation error in ext4_alloc_flex_bg_array() audit: fix error handling in audit_data_to_entry() ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro ACPI: watchdog: Fix gas->access_width usage KVM: VMX: check descriptor table exits on instruction emulation HID: ite: Only bind to keyboard USB interface on Acer SW5-012 keyboard dock HID: core: fix off-by-one memset in hid_report_raw_event() HID: core: increase HID report buffer size to 8KiB macintosh: therm_windtunnel: fix regression when instantiating devices tracing: Disable trace_printk() on post poned tests Revert "PM / devfreq: Modify the device name as devfreq(X) for sysfs" amdgpu/gmc_v9: save/restore sdpif regs during S3 vhost: Check docket sk_family instead of call getname HID: alps: Fix an error handling path in 'alps_input_configured()' HID: hiddev: Fix race in in hiddev_disconnect() MIPS: VPE: Fix a double free and a memory leak in 'release_vpe()' i2c: altera: Fix potential integer overflow i2c: jz4780: silence log flood on txabrt drm/i915/gvt: Fix orphan vgpu dmabuf_objs' lifetime drm/i915/gvt: Separate display reset from ALL_ENGINES reset hv_netvsc: Fix unwanted wakeup in netvsc_attach() usb: charger: assign specific number for enum value s390/qeth: vnicc Fix EOPNOTSUPP precedence net: netlink: cap max groups which will be considered in netlink_bind() net: atlantic: fix use after free kasan warn net: atlantic: fix potential error handling net/smc: no peer ID in CLC decline for SMCD net: ena: make ena rxfh support ETH_RSS_HASH_NO_CHANGE namei: only return -ECHILD from follow_dotdot_rcu() mwifiex: drop most magic numbers from mwifiex_process_tdls_action_frame() mwifiex: delete unused mwifiex_get_intf_num() KVM: SVM: Override default MMIO mask if memory encryption is enabled KVM: Check for a bad hva before dropping into the ghc slow path sched/fair: Optimize update_blocked_averages() sched/fair: Fix O(nr_cgroups) in the load balancing path perf stat: Use perf_evsel__is_clocki() for clock events perf stat: Fix shadow stats for clock events drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' kprobes: Set unoptimized flag after unoptimizing code pwm: omap-dmtimer: put_device() after of_find_device_by_node() perf hists browser: Restore ESC as "Zoom out" of DSO/thread/etc KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction path KVM: x86: Remove spurious clearing of async #PF MSR thermal: brcmstb_thermal: Do not use DT coefficients netfilter: nft_tunnel: no need to call htons() when dumping ports netfilter: nf_flowtable: fix documentation mm/huge_memory.c: use head to check huge zero page mm, thp: fix defrag setting if newline is not used audit: always check the netlink payload length in audit_receive_msg() Linux 4.19.108 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ib98db500eded0a83d89c38900bbdf9ff5d6a37e0 |
||
|
Eugenio Pérez
|
ad598a48fe |
vhost: Check docket sk_family instead of call getname
commit 42d84c8490f9f0931786f1623191fcab397c3d64 upstream.
Doing so, we save one call to get data we already have in the struct.
Also, since there is no guarantee that getname use sockaddr_ll
parameter beyond its size, we add a little bit of security here.
It should do not do beyond MAX_ADDR_LEN, but syzbot found that
ax25_getname writes more (72 bytes, the size of full_sockaddr_ax25,
versus 20 + 32 bytes of sockaddr_ll + MAX_ADDR_LEN in syzbot repro).
Fixes:
|
||
|
Greg Kroah-Hartman
|
1fca2c99f4 |
Merge 4.19.99 into android-4.19
Changes in 4.19.99 Revert "efi: Fix debugobjects warning on 'efi_rts_work'" xfs: Sanity check flags of Q_XQUOTARM call i2c: stm32f7: rework slave_id allocation i2c: i2c-stm32f7: fix 10-bits check in slave free id search loop mfd: intel-lpss: Add default I2C device properties for Gemini Lake SUNRPC: Fix svcauth_gss_proxy_init() powerpc/pseries: Enable support for ibm,drc-info property powerpc/archrandom: fix arch_get_random_seed_int() tipc: update mon's self addr when node addr generated tipc: fix wrong timeout input for tipc_wait_for_cond() mt7601u: fix bbp version check in mt7601u_wait_bbp_ready crypto: sun4i-ss - fix big endian issues perf map: No need to adjust the long name of modules soc: aspeed: Fix snoop_file_poll()'s return type watchdog: sprd: Fix the incorrect pointer getting from driver data ipmi: Fix memory leak in __ipmi_bmc_register drm/sti: do not remove the drm_bridge that was never added ARM: dts: at91: nattis: set the PRLUD and HIPOW signals low ARM: dts: at91: nattis: make the SD-card slot work ixgbe: don't clear IPsec sa counters on HW clearing drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() iio: fix position relative kernel version apparmor: Fix network performance issue in aa_label_sk_perm ALSA: hda: fix unused variable warning apparmor: don't try to replace stale label in ptrace access check ARM: qcom_defconfig: Enable MAILBOX firmware: coreboot: Let OF core populate platform device PCI: iproc: Remove PAXC slot check to allow VF support bridge: br_arp_nd_proxy: set icmp6_router if neigh has NTF_ROUTER drm/hisilicon: hibmc: Don't overwrite fb helper surface depth signal/ia64: Use the generic force_sigsegv in setup_frame signal/ia64: Use the force_sig(SIGSEGV,...) in ia64_rt_sigreturn ASoC: wm9712: fix unused variable warning mailbox: mediatek: Add check for possible failure of kzalloc IB/rxe: replace kvfree with vfree IB/hfi1: Add mtu check for operational data VLs genirq/debugfs: Reinstate full OF path for domain name usb: dwc3: add EXTCON dependency for qcom usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure cfg80211: regulatory: make initialization more robust mei: replace POLL* with EPOLL* for write queues. drm/msm: fix unsigned comparison with less than zero of: Fix property name in of_node_get_device_type ALSA: usb-audio: update quirk for B&W PX to remove microphone iwlwifi: nvm: get num of hw addresses from firmware staging: comedi: ni_mio_common: protect register write overflow netfilter: nft_osf: usage from output path is not valid pwm: lpss: Release runtime-pm reference from the driver's remove callback powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index rtlwifi: rtl8821ae: replace _rtl8821ae_mrate_idx_to_arfr_id with generic version RDMA/bnxt_re: Add missing spin lock initialization netfilter: nf_flow_table: do not remove offload when other netns's interface is down powerpc/kgdb: add kgdb_arch_set/remove_breakpoint() tipc: eliminate message disordering during binding table update net: socionext: Add dummy PHY register read in phy_write() drm/sun4i: hdmi: Fix double flag assignation net: hns3: add error handler for hns3_nic_init_vector_data() mlxsw: reg: QEEC: Add minimum shaper fields mlxsw: spectrum: Set minimum shaper on MC TCs NTB: ntb_hw_idt: replace IS_ERR_OR_NULL with regular NULL checks ASoC: wm97xx: fix uninitialized regmap pointer problem ARM: dts: bcm283x: Correct mailbox register sizes pcrypt: use format specifier in kobject_add ASoC: sun8i-codec: add missing route for ADC pinctrl: meson-gxl: remove invalid GPIOX tsin_a pins bus: ti-sysc: Add mcasp optional clocks flag exportfs: fix 'passing zero to ERR_PTR()' warning drm: rcar-du: Fix the return value in case of error in 'rcar_du_crtc_set_crc_source()' drm: rcar-du: Fix vblank initialization net: always initialize pagedlen drm/dp_mst: Skip validating ports during destruction, just ref arm64: dts: meson-gx: Add hdmi_5v regulator as hdmi tx supply arm64: dts: renesas: r8a7795-es1: Add missing power domains to IPMMU nodes net: phy: Fix not to call phy_resume() if PHY is not attached IB/hfi1: Correctly process FECN and BECN in packets OPP: Fix missing debugfs supply directory for OPPs IB/rxe: Fix incorrect cache cleanup in error flow mailbox: ti-msgmgr: Off by one in ti_msgmgr_of_xlate() staging: bcm2835-camera: Abort probe if there is no camera staging: bcm2835-camera: fix module autoloading switchtec: Remove immediate status check after submitting MRPC command ipv6: add missing tx timestamping on IPPROTO_RAW pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field pinctrl: sh-pfc: r8a77970: Add missing MOD_SEL0 field pinctrl: sh-pfc: r8a77980: Add missing MOD_SEL0 field pinctrl: sh-pfc: sh7734: Add missing IPSR11 field pinctrl: sh-pfc: r8a77995: Remove bogus SEL_PWM[0-3]_3 configurations pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value net: hns3: fix error handling int the hns3_get_vector_ring_chain vxlan: changelink: Fix handling of default remotes Input: nomadik-ske-keypad - fix a loop timeout test fork,memcg: fix crash in free_thread_stack on memcg charge fail clk: highbank: fix refcount leak in hb_clk_init() clk: qoriq: fix refcount leak in clockgen_init() clk: ti: fix refcount leak in ti_dt_clocks_register() clk: socfpga: fix refcount leak clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() clk: imx6q: fix refcount leak in imx6q_clocks_init() clk: imx6sx: fix refcount leak in imx6sx_clocks_init() clk: imx7d: fix refcount leak in imx7d_clocks_init() clk: vf610: fix refcount leak in vf610_clocks_init() clk: armada-370: fix refcount leak in a370_clk_init() clk: kirkwood: fix refcount leak in kirkwood_clk_init() clk: armada-xp: fix refcount leak in axp_clk_init() clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() clk: dove: fix refcount leak in dove_clk_init() MIPS: BCM63XX: drop unused and broken DSP platform device arm64: defconfig: Re-enable bcm2835-thermal driver remoteproc: qcom: q6v5-mss: Add missing clocks for MSM8996 remoteproc: qcom: q6v5-mss: Add missing regulator for MSM8996 drm: Fix error handling in drm_legacy_addctx ARM: dts: r8a7743: Remove generic compatible string from iic3 drm/etnaviv: fix some off by one bugs drm/fb-helper: generic: Fix setup error path fork, memcg: fix cached_stacks case IB/usnic: Fix out of bounds index check in query pkey RDMA/ocrdma: Fix out of bounds index check in query pkey RDMA/qedr: Fix out of bounds index check in query pkey drm/shmob: Fix return value check in shmob_drm_probe arm64: dts: apq8016-sbc: Increase load on l11 for SDCARD spi: cadence: Correct initialisation of runtime PM RDMA/iw_cxgb4: Fix the unchecked ep dereference net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ9031 memory: tegra: Don't invoke Tegra30+ specific memory timing setup on Tegra20 drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL kbuild: mark prepare0 as PHONY to fix external module build crypto: brcm - Fix some set-but-not-used warning crypto: tgr192 - fix unaligned memory access ASoC: imx-sgtl5000: put of nodes if finding codec fails IB/iser: Pass the correct number of entries for dma mapped SGL net: hns3: fix wrong combined count returned by ethtool -l media: tw9910: Unregister subdevice with v4l2-async IB/mlx5: Don't override existing ip_protocol rtc: cmos: ignore bogus century byte spi/topcliff_pch: Fix potential NULL dereference on allocation error net: hns3: fix bug of ethtool_ops.get_channels for VF ARM: dts: sun8i-a23-a33: Move NAND controller device node to sort by address clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it iwlwifi: mvm: avoid possible access out of array. net/mlx5: Take lock with IRQs disabled to avoid deadlock ip_tunnel: Fix route fl4 init in ip_md_tunnel_xmit arm64: dts: allwinner: h6: Move GIC device node fix base address ordering iwlwifi: mvm: fix A-MPDU reference assignment bus: ti-sysc: Fix timer handling with drop pm_runtime_irq_safe() tty: ipwireless: Fix potential NULL pointer dereference driver: uio: fix possible memory leak in __uio_register_device driver: uio: fix possible use-after-free in __uio_register_device crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments driver core: Fix DL_FLAG_AUTOREMOVE_SUPPLIER device link flag handling driver core: Avoid careless re-use of existing device links driver core: Do not resume suppliers under device_links_write_lock() driver core: Fix handling of runtime PM flags in device_link_add() driver core: Do not call rpm_put_suppliers() in pm_runtime_drop_link() ARM: dts: lpc32xx: add required clocks property to keypad device node ARM: dts: lpc32xx: reparent keypad controller to SIC1 ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller variant ARM: dts: lpc32xx: fix ARM PrimeCell LCD controller clocks property ARM: dts: lpc32xx: phy3250: fix SD card regulator voltage drm/xen-front: Fix mmap attributes for display buffers iwlwifi: mvm: fix RSS config command staging: most: cdev: add missing check for cdev_add failure clk: ingenic: jz4740: Fix gating of UDC clock rtc: ds1672: fix unintended sign extension thermal: mediatek: fix register index error arm64: dts: msm8916: remove bogus argument to the cpu clock ath10k: fix dma unmap direction for management frames net: phy: fixed_phy: Fix fixed_phy not checking GPIO rtc: ds1307: rx8130: Fix alarm handling net/smc: original socket family in inet_sock_diag rtc: 88pm860x: fix unintended sign extension rtc: 88pm80x: fix unintended sign extension rtc: pm8xxx: fix unintended sign extension fbdev: chipsfb: remove set but not used variable 'size' iw_cxgb4: use tos when importing the endpoint iw_cxgb4: use tos when finding ipv6 routes ipmi: kcs_bmc: handle devm_kasprintf() failure case xsk: add missing smp_rmb() in xsk_mmap drm/etnaviv: potential NULL dereference ntb_hw_switchtec: debug print 64bit aligned crosslink BAR Numbers ntb_hw_switchtec: NT req id mapping table register entry number should be 512 pinctrl: sh-pfc: emev2: Add missing pinmux functions pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups RDMA/mlx5: Fix memory leak in case we fail to add an IB device driver core: Fix possible supplier PM-usage counter imbalance PCI: endpoint: functions: Use memcpy_fromio()/memcpy_toio() usb: phy: twl6030-usb: fix possible use-after-free on remove block: don't use bio->bi_vcnt to figure out segment number keys: Timestamp new keys net: dsa: b53: Fix default VLAN ID net: dsa: b53: Properly account for VLAN filtering net: dsa: b53: Do not program CPU port's PVID mt76: usb: fix possible memory leak in mt76u_buf_free media: sh: migor: Include missing dma-mapping header vfio_pci: Enable memory accesses before calling pci_map_rom hwmon: (pmbus/tps53679) Fix driver info initialization in probe routine mdio_bus: Fix PTR_ERR() usage after initialization to constant KVM: PPC: Release all hardware TCE tables attached to a group staging: r8822be: check kzalloc return or bail dmaengine: mv_xor: Use correct device for DMA API cdc-wdm: pass return value of recover_from_urb_loss brcmfmac: create debugfs files for bus-specific layer regulator: pv88060: Fix array out-of-bounds access regulator: pv88080: Fix array out-of-bounds access regulator: pv88090: Fix array out-of-bounds access net: dsa: qca8k: Enable delay for RGMII_ID mode net/mlx5: Delete unused FPGA QPN variable drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON drm/nouveau/pmu: don't print reply values if exec is false drm/nouveau: fix missing break in switch statement driver core: Fix PM-runtime for links added during consumer probe ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() net: dsa: fix unintended change of bridge interface STP state fs/nfs: Fix nfs_parse_devname to not modify it's argument staging: rtlwifi: Use proper enum for return in halmac_parse_psd_data_88xx powerpc/64s: Fix logic when handling unknown CPU features NFS: Fix a soft lockup in the delegation recovery code perf: Copy parent's address filter offsets on clone perf, pt, coresight: Fix address filters for vmas with non-zero offset clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable clocksource/drivers/exynos_mct: Fix error path in timer resources initialization platform/x86: wmi: fix potential null pointer dereference NFS/pnfs: Bulk destroy of layouts needs to be safe w.r.t. umount mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe iommu: Fix IOMMU debugfs fallout ARM: 8847/1: pm: fix HYP/SVC mode mismatch when MCPM is used ARM: 8848/1: virt: Align GIC version check with arm64 counterpart ARM: 8849/1: NOMMU: Fix encodings for PMSAv8's PRBAR4/PRLAR4 regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA ath10k: Fix length of wmi tlv command for protected mgmt frames netfilter: nft_set_hash: fix lookups with fixed size hash on big endian netfilter: nft_set_hash: bogus element self comparison from deactivation path net: sched: act_csum: Fix csum calc for tagged packets hwrng: bcm2835 - fix probe as platform device iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() NFS: Add missing encode / decode sequence_maxsz to v4.2 operations NFSv4/flexfiles: Fix invalid deref in FF_LAYOUT_DEVID_NODE() net: aquantia: fixed instack structure overflow powerpc/mm: Check secondary hash page table media: dvb/earth-pt1: fix wrong initialization for demod blocks rbd: clear ->xferred on error from rbd_obj_issue_copyup() PCI: Fix "try" semantics of bus and slot reset nios2: ksyms: Add missing symbol exports x86/mm: Remove unused variable 'cpu' scsi: megaraid_sas: reduce module load time nfp: fix simple vNIC mailbox length drivers/rapidio/rio_cm.c: fix potential oops in riocm_ch_listen() xen, cpu_hotplug: Prevent an out of bounds access net/mlx5: Fix multiple updates of steering rules in parallel net/mlx5e: IPoIB, Fix RX checksum statistics update net: sh_eth: fix a missing check of of_get_phy_mode regulator: lp87565: Fix missing register for LP87565_BUCK_0 soc: amlogic: gx-socinfo: Add mask for each SoC packages media: ivtv: update *pos correctly in ivtv_read_pos() media: cx18: update *pos correctly in cx18_read_pos() media: wl128x: Fix an error code in fm_download_firmware() media: cx23885: check allocation return regulator: tps65086: Fix tps65086_ldoa1_ranges for selector 0xB crypto: ccree - reduce kernel stack usage with clang jfs: fix bogus variable self-initialization tipc: tipc clang warning m68k: mac: Fix VIA timer counter accesses ARM: dts: sun8i: a33: Reintroduce default pinctrl muxing arm64: dts: allwinner: a64: Add missing PIO clocks ARM: dts: sun9i: optimus: Fix fixed-regulators net: phy: don't clear BMCR in genphy_soft_reset ARM: OMAP2+: Fix potentially uninitialized return value for _setup_reset() net: dsa: Avoid null pointer when failing to connect to PHY soc: qcom: cmd-db: Fix an error code in cmd_db_dev_probe() media: davinci-isif: avoid uninitialized variable use media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame spi: tegra114: clear packed bit for unpacked mode spi: tegra114: fix for unpacked mode transfers spi: tegra114: terminate dma and reset on transfer timeout spi: tegra114: flush fifos spi: tegra114: configure dma burst size to fifo trig level bus: ti-sysc: Fix sysc_unprepare() when no clocks have been allocated soc/fsl/qe: Fix an error code in qe_pin_request() spi: bcm2835aux: fix driver to not allow 65535 (=-1) cs-gpios drm/fb-helper: generic: Call drm_client_add() after setup is done arm64/vdso: don't leak kernel addresses rtc: Fix timestamp value for RTC_TIMESTAMP_BEGIN_1900 rtc: mt6397: Don't call irq_dispose_mapping. ehea: Fix a copy-paste err in ehea_init_port_res bpf: Add missed newline in verifier verbose log drm/vmwgfx: Remove set but not used variable 'restart' scsi: qla2xxx: Unregister chrdev if module initialization fails of: use correct function prototype for of_overlay_fdt_apply() net/sched: cbs: fix port_rate miscalculation clk: qcom: Skip halt checks on gcc_pcie_0_pipe_clk for 8998 ACPI: button: reinitialize button state upon resume firmware: arm_scmi: fix of_node leak in scmi_mailbox_check rxrpc: Fix detection of out of order acks scsi: target/core: Fix a race condition in the LUN lookup code brcmfmac: fix leak of mypkt on error return path ARM: pxa: ssp: Fix "WARNING: invalid free of devm_ allocated data" PCI: rockchip: Fix rockchip_pcie_ep_assert_intx() bitwise operations net: hns3: fix for vport->bw_limit overflow problem hwmon: (w83627hf) Use request_muxed_region for Super-IO accesses perf/core: Fix the address filtering fix staging: android: vsoc: fix copy_from_user overrun PCI: dwc: Fix dw_pcie_ep_find_capability() to return correct capability offset soc: amlogic: meson-gx-pwrc-vpu: Fix power on/off register bitmask platform/x86: alienware-wmi: fix kfree on potentially uninitialized pointer tipc: set sysctl_tipc_rmem and named_timeout right range usb: typec: tcpm: Notify the tcpc to start connection-detection for SRPs selftests/ipc: Fix msgque compiler warnings net: hns3: fix loop condition of hns3_get_tx_timeo_queue_info() powerpc: vdso: Make vdso32 installation conditional in vdso_install ARM: dts: ls1021: Fix SGMII PCS link remaining down after PHY disconnect media: ov2659: fix unbalanced mutex_lock/unlock 6lowpan: Off by one handling ->nexthdr dmaengine: axi-dmac: Don't check the number of frames for alignment ALSA: usb-audio: Handle the error from snd_usb_mixer_apply_create_quirk() afs: Fix AFS file locking to allow fine grained locks afs: Further fix file locking NFS: Don't interrupt file writeout due to fatal errors coresight: catu: fix clang build warning s390/kexec_file: Fix potential segment overlap in ELF loader irqchip/gic-v3-its: fix some definitions of inner cacheability attributes scsi: qla2xxx: Fix a format specifier scsi: qla2xxx: Fix error handling in qlt_alloc_qfull_cmd() scsi: qla2xxx: Avoid that qlt_send_resp_ctio() corrupts memory KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest netfilter: nft_flow_offload: add entry to flowtable after confirmation PCI: iproc: Enable iProc config read for PAXBv2 ARM: dts: logicpd-som-lv: Fix MMC1 card detect packet: in recvmsg msg_name return at least sizeof sockaddr_ll ASoC: fix valid stream condition usb: gadget: fsl: fix link error against usb-gadget module dwc2: gadget: Fix completed transfer size calculation in DDMA IB/mlx5: Add missing XRC options to QP optional params mask RDMA/rxe: Consider skb reserve space based on netdev of GID iommu/vt-d: Make kernel parameter igfx_off work with vIOMMU net: ena: fix swapped parameters when calling ena_com_indirect_table_fill_entry net: ena: fix: Free napi resources when ena_up() fails net: ena: fix incorrect test of supported hash function net: ena: fix ena_com_fill_hash_function() implementation dmaengine: tegra210-adma: restore channel status watchdog: rtd119x_wdt: Fix remove function mmc: core: fix possible use after free of host lightnvm: pblk: fix lock order in pblk_rb_tear_down_check ath10k: Fix encoding for protected management frames afs: Fix the afs.cell and afs.volume xattr handlers vfio/mdev: Avoid release parent reference during error path vfio/mdev: Follow correct remove sequence vfio/mdev: Fix aborting mdev child device removal if one fails l2tp: Fix possible NULL pointer dereference ALSA: aica: Fix a long-time build breakage media: omap_vout: potential buffer overflow in vidioc_dqbuf() media: davinci/vpbe: array underflow in vpbe_enum_outputs() platform/x86: alienware-wmi: printing the wrong error code crypto: caam - fix caam_dump_sg that iterates through scatterlist netfilter: ebtables: CONFIG_COMPAT: reject trailing data after last rule pwm: meson: Consider 128 a valid pre-divider pwm: meson: Don't disable PWM when setting duty repeatedly ARM: riscpc: fix lack of keyboard interrupts after irq conversion nfp: bpf: fix static check error through tightening shift amount adjustment kdb: do a sanity check on the cpu in kdb_per_cpu() netfilter: nf_tables: correct NFT_LOGLEVEL_MAX value backlight: lm3630a: Return 0 on success in update_status functions thermal: rcar_gen3_thermal: fix interrupt type thermal: cpu_cooling: Actually trace CPU load in thermal_power_cpu_get_power EDAC/mc: Fix edac_mc_find() in case no device is found afs: Fix key leak in afs_release() and afs_evict_inode() afs: Don't invalidate callback if AFS_VNODE_DIR_VALID not set afs: Fix lock-wait/callback-break double locking afs: Fix double inc of vnode->cb_break ARM: dts: sun8i-h3: Fix wifi in Beelink X2 DT clk: meson: gxbb: no spread spectrum on mpll0 clk: meson: axg: spread spectrum is on mpll2 dmaengine: tegra210-adma: Fix crash during probe arm64: dts: meson: libretech-cc: set eMMC as removable RDMA/qedr: Fix incorrect device rate. spi: spi-fsl-spi: call spi_finalize_current_message() at the end crypto: ccp - fix AES CFB error exposed by new test vectors crypto: ccp - Fix 3DES complaint from ccp-crypto module serial: stm32: fix word length configuration serial: stm32: fix rx error handling serial: stm32: fix rx data length when parity enabled serial: stm32: fix transmit_chars when tx is stopped serial: stm32: Add support of TC bit status check serial: stm32: fix wakeup source initialization misc: sgi-xp: Properly initialize buf in xpc_get_rsvd_page_pa iommu: Add missing new line for dma type iommu: Use right function to get group for device signal/bpfilter: Fix bpfilter_kernl to use send_sig not force_sig signal/cifs: Fix cifs_put_tcp_session to call send_sig instead of force_sig inet: frags: call inet_frags_fini() after unregister_pernet_subsys() net: hns3: fix a memory leak issue for hclge_map_unmap_ring_to_vf_vector crypto: talitos - fix AEAD processing. netvsc: unshare skb in VF rx handler net: core: support XDP generic on stacked devices. RDMA/uverbs: check for allocation failure in uapi_add_elm() net: don't clear sock->sk early to avoid trouble in strparser phy: qcom-qusb2: fix missing assignment of ret when calling clk_prepare_enable cpufreq: brcmstb-avs-cpufreq: Fix initial command check cpufreq: brcmstb-avs-cpufreq: Fix types for voltage/frequency clk: sunxi-ng: sun50i-h6-r: Fix incorrect W1 clock gate register media: vivid: fix incorrect assignment operation when setting video mode crypto: inside-secure - fix zeroing of the request in ahash_exit_inv crypto: inside-secure - fix queued len computation arm64: dts: renesas: ebisu: Remove renesas, no-ether-link property mpls: fix warning with multi-label encap serial: stm32: fix a recursive locking in stm32_config_rs485 arm64: dts: meson-gxm-khadas-vim2: fix gpio-keys-polled node arm64: dts: meson-gxm-khadas-vim2: fix Bluetooth support iommu/vt-d: Duplicate iommu_resv_region objects per device list phy: usb: phy-brcm-usb: Remove sysfs attributes upon driver removal firmware: arm_scmi: fix bitfield definitions for SENSOR_DESC attributes firmware: arm_scmi: update rate_discrete in clock_describe_rates_get ntb_hw_switchtec: potential shift wrapping bug in switchtec_ntb_init_sndev() ASoC: meson: axg-tdmin: right_j is not supported ASoC: meson: axg-tdmout: right_j is not supported qed: iWARP - Use READ_ONCE and smp_store_release to access ep->state qed: iWARP - fix uninitialized callback powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration bpf: fix the check that forwarding is enabled in bpf_ipv6_fib_lookup IB/hfi1: Handle port down properly in pio drm/msm/mdp5: Fix mdp5_cfg_init error return net: netem: fix backlog accounting for corrupted GSO frames net/udp_gso: Allow TX timestamp with UDP GSO net/af_iucv: build proper skbs for HiperTransport net/af_iucv: always register net_device notifier ASoC: ti: davinci-mcasp: Fix slot mask settings when using multiple AXRs rtc: pcf8563: Fix interrupt trigger method rtc: pcf8563: Clear event flags and disable interrupts before requesting irq ARM: dts: iwg20d-q7-common: Fix SDHI1 VccQ regularor net/sched: cbs: Fix error path of cbs_module_init arm64: dts: allwinner: h6: Pine H64: Add interrupt line for RTC drm/msm/a3xx: remove TPL1 regs from snapshot ip6_fib: Don't discard nodes with valid routing information in fib6_locate_1() perf/ioctl: Add check for the sample_period value dmaengine: hsu: Revert "set HSU_CH_MTSR to memory width" clk: qcom: Fix -Wunused-const-variable nvmem: imx-ocotp: Ensure WAIT bits are preserved when setting timing nvmem: imx-ocotp: Change TIMING calculation to u-boot algorithm tools: bpftool: use correct argument in cgroup errors backlight: pwm_bl: Fix heuristic to determine number of brightness levels fork,memcg: alloc_thread_stack_node needs to set tsk->stack bnxt_en: Fix ethtool selftest crash under error conditions. bnxt_en: Suppress error messages when querying DSCP DCB capabilities. iommu/amd: Make iommu_disable safer mfd: intel-lpss: Release IDA resources rxrpc: Fix uninitialized error code in rxrpc_send_data_packet() xprtrdma: Fix use-after-free in rpcrdma_post_recvs um: Fix IRQ controller regression on console read PM: ACPI/PCI: Resume all devices during hibernation ACPI: PM: Simplify and fix PM domain hibernation callbacks ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS fsi/core: Fix error paths on CFAM init devres: allow const resource arguments fsi: sbefifo: Don't fail operations when in SBE IPL state RDMA/hns: Fixs hw access invalid dma memory error PCI: mobiveil: Remove the flag MSI_FLAG_MULTI_PCI_MSI PCI: mobiveil: Fix devfn check in mobiveil_pcie_valid_device() PCI: mobiveil: Fix the valid check for inbound and outbound windows ceph: fix "ceph.dir.rctime" vxattr value net: pasemi: fix an use-after-free in pasemi_mac_phy_init() net/tls: fix socket wmem accounting on fallback with netem x86/pgtable/32: Fix LOWMEM_PAGES constant xdp: fix possible cq entry leak ARM: stm32: use "depends on" instead of "if" after prompt scsi: libfc: fix null pointer dereference on a null lport xfrm interface: ifname may be wrong in logs drm/panel: make drm_panel.h self-contained clk: sunxi-ng: v3s: add the missing PLL_DDR1 PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() libertas_tf: Use correct channel range in lbtf_geo_init qed: reduce maximum stack frame size usb: host: xhci-hub: fix extra endianness conversion media: rcar-vin: Clean up correct notifier in error path mic: avoid statically declaring a 'struct device'. x86/kgbd: Use NMI_VECTOR not APIC_DM_NMI crypto: ccp - Reduce maximum stack usage ALSA: aoa: onyx: always initialize register read value arm64: dts: renesas: r8a77995: Fix register range of display node tipc: reduce risk of wakeup queue starvation ARM: dts: stm32: add missing vdda-supply to adc on stm32h743i-eval net/mlx5: Fix mlx5_ifc_query_lag_out_bits cifs: fix rmmod regression in cifs.ko caused by force_sig changes iio: tsl2772: Use devm_add_action_or_reset for tsl2772_chip_off net: fix bpf_xdp_adjust_head regression for generic-XDP spi: bcm-qspi: Fix BSPI QUAD and DUAL mode support when using flex mode cxgb4: smt: Add lock for atomic_dec_and_test crypto: caam - free resources in case caam_rng registration failed ext4: set error return correctly when ext4_htree_store_dirent fails RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver ASoC: es8328: Fix copy-paste error in es8328_right_line_controls ASoC: cs4349: Use PM ops 'cs4349_runtime_pm' ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls net/rds: Add a few missing rds_stat_names entries tools: bpftool: fix arguments for p_err() in do_event_pipe() tools: bpftool: fix format strings and arguments for jsonw_printf() drm: rcar-du: lvds: Fix bridge_to_rcar_lvds bnxt_en: Fix handling FRAG_ERR when NVM_INSTALL_UPDATE cmd fails signal: Allow cifs and drbd to receive their terminating signals powerpc/64s/radix: Fix memory hot-unplug page table split ASoC: sun4i-i2s: RX and TX counter registers are swapped dmaengine: dw: platform: Switch to acpi_dma_controller_register() rtc: rv3029: revert error handling patch to rv3029_eeprom_write() mac80211: minstrel_ht: fix per-group max throughput rate initialization i40e: reduce stack usage in i40e_set_fc media: atmel: atmel-isi: fix timeout value for stop streaming ARM: 8896/1: VDSO: Don't leak kernel addresses rtc: pcf2127: bugfix: read rtc disables watchdog mips: avoid explicit UB in assignment of mips_io_port_base media: em28xx: Fix exception handling in em28xx_alloc_urbs() iommu/mediatek: Fix iova_to_phys PA start for 4GB mode ahci: Do not export local variable ahci_em_messages rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] Partially revert "kfifo: fix kfifo_alloc() and kfifo_init()" hwmon: (lm75) Fix write operations for negative temperatures net/sched: cbs: Set default link speed to 10 Mbps in cbs_set_port_rate power: supply: Init device wakeup after device_add() x86, perf: Fix the dependency of the x86 insn decoder selftest staging: greybus: light: fix a couple double frees irqdomain: Add the missing assignment of domain->fwnode for named fwnode bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA usb: typec: tps6598x: Fix build error without CONFIG_REGMAP_I2C bcache: Fix an error code in bch_dump_read() iio: dac: ad5380: fix incorrect assignment to val netfilter: ctnetlink: honor IPS_OFFLOAD flag ath9k: dynack: fix possible deadlock in ath_dynack_node_{de}init wcn36xx: use dynamic allocation for large variables tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs ARM: dts: aspeed-g5: Fixe gpio-ranges upper limit xsk: avoid store-tearing when assigning queues xsk: avoid store-tearing when assigning umem led: triggers: Fix dereferencing of null pointer net: sonic: return NETDEV_TX_OK if failed to map buffer net: hns3: fix error VF index when setting VLAN offload rtlwifi: Fix file release memory leak ARM: dts: logicpd-som-lv: Fix i2c2 and i2c3 Pin mux f2fs: fix wrong error injection path in inc_valid_block_count() f2fs: fix error path of f2fs_convert_inline_page() scsi: fnic: fix msix interrupt allocation Btrfs: fix hang when loading existing inode cache off disk Btrfs: fix inode cache waiters hanging on failure to start caching thread Btrfs: fix inode cache waiters hanging on path allocation failure btrfs: use correct count in btrfs_file_write_iter() ixgbe: sync the first fragment unconditionally hwmon: (shtc1) fix shtc1 and shtw1 id mask net: sonic: replace dev_kfree_skb in sonic_send_packet pinctrl: iproc-gpio: Fix incorrect pinconf configurations gpio/aspeed: Fix incorrect number of banks ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet RDMA/cma: Fix false error message net/rds: Fix 'ib_evt_handler_call' element in 'rds_ib_stat_names' um: Fix off by one error in IRQ enumeration bnxt_en: Increase timeout for HWRM_DBG_COREDUMP_XX commands f2fs: fix to avoid accessing uninitialized field of inode page in is_alive() mailbox: qcom-apcs: fix max_register value clk: actions: Fix factor clk struct member access powerpc/mm/mce: Keep irqs disabled during lockless page table walk bpf: fix BTF limits crypto: hisilicon - Matching the dma address for dma_pool_free() iommu/amd: Wait for completion of IOTLB flush in attach_device net: aquantia: Fix aq_vec_isr_legacy() return value cxgb4: Signedness bug in init_one() net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() net: netsec: Fix signedness bug in netsec_probe() net: socionext: Fix a signedness bug in ave_probe() net: stmmac: dwmac-meson8b: Fix signedness bug in probe net: axienet: fix a signedness bug in probe of: mdio: Fix a signedness bug in of_phy_get_and_connect() net: nixge: Fix a signedness bug in nixge_probe() net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() net: sched: cbs: Avoid division by zero when calculating the port rate nvme: retain split access workaround for capability reads net: stmmac: gmac4+: Not all Unicast addresses may be available rxrpc: Fix trace-after-put looking at the put connection record mac80211: accept deauth frames in IBSS mode llc: fix another potential sk_buff leak in llc_ui_sendmsg() llc: fix sk_buff refcounting in llc_conn_state_process() ip6erspan: remove the incorrect mtu limit for ip6erspan net: stmmac: fix length of PTP clock's name string net: stmmac: fix disabling flexible PPS output sctp: add chunks to sk_backlog when the newsk sk_socket is not set s390/qeth: Fix error handling during VNICC initialization s390/qeth: Fix initialization of vnicc cmd masks during set online act_mirred: Fix mirred_init_module error handling net: avoid possible false sharing in sk_leave_memory_pressure() net: add {READ|WRITE}_ONCE() annotations on ->rskq_accept_head tcp: annotate lockless access to tcp_memory_pressure net/smc: receive returns without data net/smc: receive pending data after RCV_SHUTDOWN drm/msm/dsi: Implement reset correctly vhost/test: stop device before reset dmaengine: imx-sdma: fix size check for sdma script_number firmware: dmi: Fix unlikely out-of-bounds read in save_mem_devices arm64: hibernate: check pgd table allocation net: netem: fix error path for corrupted GSO frames net: netem: correct the parent's backlog when corrupted packet was dropped xsk: Fix registration of Rx-only sockets bpf, offload: Unlock on error in bpf_offload_dev_create() afs: Fix missing timeout reset net: qca_spi: Move reset_count to struct qcaspi hv_netvsc: Fix offset usage in netvsc_send_table() hv_netvsc: Fix send_table offset in case of a host bug afs: Fix large file support drm: panel-lvds: Potential Oops in probe error handling hwrng: omap3-rom - Fix missing clock by probing with device tree dpaa_eth: perform DMA unmapping before read dpaa_eth: avoid timestamp read on error paths MIPS: Loongson: Fix return value of loongson_hwmon_init hv_netvsc: flag software created hash value net: neigh: use long type to store jiffies delta packet: fix data-race in fanout_flow_is_huge() i2c: stm32f7: report dma error during probe mmc: sdio: fix wl1251 vendor id mmc: core: fix wl1251 sdio quirks affs: fix a memory leak in affs_remount afs: Remove set but not used variables 'before', 'after' dmaengine: ti: edma: fix missed failure handling drm/radeon: fix bad DMA from INTERRUPT_CNTL2 arm64: dts: juno: Fix UART frequency samples/bpf: Fix broken xdp_rxq_info due to map order assumptions usb: dwc3: Allow building USB_DWC3_QCOM without EXTCON IB/iser: Fix dma_nents type definition serial: stm32: fix clearing interrupt error flags arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node m68k: Call timer_interrupt() with interrupts disabled Linux 4.19.99 Signed-off-by: Greg Kroah-Hartman <gregkh@google.com> Change-Id: Ieabeab79ea5c8cb4b6b1552702fa5d6100cea5db |
||
|
Michael S. Tsirkin
|
ae599446db |
vhost/test: stop device before reset
[ Upstream commit 245cdd9fbd396483d501db83047116e2530f245f ]
When device stop was moved out of reset, test device wasn't updated to
stop before reset, this resulted in a use after free. Fix by invoking
stop appropriately.
Fixes:
|
||
|
Andrey Konovalov
|
b0ba4bf2a8 |
UPSTREAM: vhost, kcov: collect coverage from vhost_worker
(Upstream commit 8f6a7f96dc29cefe16ab60f06f9c3a43510b96fd.) Add kcov_remote_start()/kcov_remote_stop() annotations to the vhost_worker() function, which is responsible for processing vhost works. Since vhost_worker() threads are spawned per vhost device instance the common kcov handle is used for kcov_remote_start()/stop() annotations (see Documentation/dev-tools/kcov.rst for details). As the result kcov can now be used to collect coverage from vhost worker threads. Link: http://lkml.kernel.org/r/e49d5d154e5da6c9ada521d2b7ce10a49ce9f98b.1572366574.git.andreyknvl@google.com Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Cc: Alan Stern <stern@rowland.harvard.edu> Cc: Alexander Potapenko <glider@google.com> Cc: Anders Roxell <anders.roxell@linaro.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: David Windsor <dwindsor@gmail.com> Cc: Dmitry Vyukov <dvyukov@google.com> Cc: Elena Reshetova <elena.reshetova@intel.com> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: Jason Wang <jasowang@redhat.com> Cc: Marco Elver <elver@google.com> Cc: "Michael S. Tsirkin" <mst@redhat.com> Cc: Steven Rostedt <rostedt@goodmis.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> Bug: 147413187 Change-Id: Ie99a67ede00a839a28472877e5c3263db69d1c58 |
||
|
Stefano Garzarella
|
c483ef739b |
vhost/vsock: accept only packets with the right dst_cid
[ Upstream commit 8a3cc29c316c17de590e3ff8b59f3d6cbfd37b0a ] When we receive a new packet from the guest, we check if the src_cid is correct, but we forgot to check the dst_cid. The host should accept only packets where dst_cid is equal to the host CID. Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Stefano Garzarella
|
70d594d17e |
vhost/vsock: split packets to send using multiple buffers
commit 6dbd3e66e7785a2f055bf84d98de9b8fd31ff3f5 upstream. If the packets to sent to the guest are bigger than the buffer available, we can split them, using multiple buffers and fixing the length in the packet header. This is safe since virtio-vsock supports only stream sockets. Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
yongduan
|
ba03ee62ae |
vhost: make sure log_num < in_num
commit 060423bfdee3f8bc6e2c1bac97de24d5415e2bc4 upstream.
The code assumes log_num < in_num everywhere, and that is true as long as
in_num is incremented by descriptor iov count, and log_num by 1. However
this breaks if there's a zero sized descriptor.
As a result, if a malicious guest creates a vring desc with desc.len = 0,
it may cause the host kernel to crash by overflowing the log array. This
bug can be triggered during the VM migration.
There's no need to log when desc.len = 0, so just don't increment log_num
in this case.
Fixes:
|
||
|
Tiwei Bie
|
6e7040d65a |
vhost/test: fix build for vhost test - again
commit 264b563b8675771834419057cbe076c1a41fb666 upstream.
Since vhost_exceeds_weight() was introduced, callers need to specify
the packet weight and byte weight in vhost_dev_init(). Note that, the
packet weight isn't counted in this patch to keep the original behavior
unchanged.
Fixes: e82b9b0727ff ("vhost: introduce vhost_exceeds_weight()")
Cc: stable@vger.kernel.org
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Tiwei Bie
|
4f45483faa |
vhost/test: fix build for vhost test
commit 93d2c4de8d8129b97ee1e1a222aedb0719d2fcd9 upstream.
Since below commit, callers need to specify the iov_limit in
vhost_dev_init() explicitly.
Fixes: b46a0bf78ad7 ("vhost: fix OOB in get_rx_bufs()")
Cc: stable@vger.kernel.org
Signed-off-by: Tiwei Bie <tiwei.bie@intel.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Jason Wang
|
02cdc16612 |
vhost: scsi: add weight support
commit c1ea02f15ab5efb3e93fc3144d895410bf79fcf2 upstream.
This patch will check the weight and exit the loop if we exceeds the
weight. This is useful for preventing scsi kthread from hogging cpu
which is guest triggerable.
This addresses CVE-2019-3900.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Fixes:
|
||
|
Jason Wang
|
239910101c |
vhost: vsock: add weight support
commit e79b431fb901ba1106670bcc80b9b617b25def7d upstream.
This patch will check the weight and exit the loop if we exceeds the
weight. This is useful for preventing vsock kthread from hogging cpu
which is guest triggerable. The weight can help to avoid starving the
request from on direction while another direction is being processed.
The value of weight is picked from vhost-net.
This addresses CVE-2019-3900.
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Fixes:
|
||
|
Jason Wang
|
3af3b843ae |
vhost_net: fix possible infinite loop
commit e2412c07f8f3040593dfb88207865a3cd58680c0 upstream.
When the rx buffer is too small for a packet, we will discard the vq
descriptor and retry it for the next packet:
while ((sock_len = vhost_net_rx_peek_head_len(net, sock->sk,
&busyloop_intr))) {
...
/* On overrun, truncate and discard */
if (unlikely(headcount > UIO_MAXIOV)) {
iov_iter_init(&msg.msg_iter, READ, vq->iov, 1, 1);
err = sock->ops->recvmsg(sock, &msg,
1, MSG_DONTWAIT | MSG_TRUNC);
pr_debug("Discarded rx packet: len %zd\n", sock_len);
continue;
}
...
}
This makes it possible to trigger a infinite while..continue loop
through the co-opreation of two VMs like:
1) Malicious VM1 allocate 1 byte rx buffer and try to slow down the
vhost process as much as possible e.g using indirect descriptors or
other.
2) Malicious VM2 generate packets to VM1 as fast as possible
Fixing this by checking against weight at the end of RX and TX
loop. This also eliminate other similar cases when:
- userspace is consuming the packets in the meanwhile
- theoretical TOCTOU attack if guest moving avail index back and forth
to hit the continue after vhost find guest just add new buffers
This addresses CVE-2019-3900.
Fixes:
|
||
|
Jason Wang
|
ad5fc8953d |
vhost: introduce vhost_exceeds_weight()
commit e82b9b0727ff6d665fff2d326162b460dded554d upstream. We used to have vhost_exceeds_weight() for vhost-net to: - prevent vhost kthread from hogging the cpu - balance the time spent between TX and RX This function could be useful for vsock and scsi as well. So move it to vhost.c. Device must specify a weight which counts the number of requests, or it can also specific a byte_weight which counts the number of bytes that has been processed. Signed-off-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> [jwang: backport to 4.19, fix conflict in net.c] Signed-off-by: Jack Wang <jinpu.wang@cloud.ionos.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|
Jason Wang
|
0e2af9b06c |
vhost_net: disable zerocopy by default
[ Upstream commit 098eadce3c622c07b328d0a43dda379b38cf7c5e ] Vhost_net was known to suffer from HOL[1] issues which is not easy to fix. Several downstream disable the feature by default. What's more, the datapath was split and datacopy path got the support of batching and XDP support recently which makes it faster than zerocopy part for small packets transmission. It looks to me that disable zerocopy by default is more appropriate. It cold be enabled by default again in the future if we fix the above issues. [1] https://patchwork.kernel.org/patch/3787671/ Signed-off-by: Jason Wang <jasowang@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> |
||
|
Jason Wang
|
b82df42059 |
vhost: reject zero size iova range
[ Upstream commit 813dbeb656d6c90266f251d8bd2b02d445afa63f ]
We used to accept zero size iova range which will lead a infinite loop
in translate_desc(). Fixing this by failing the request in this case.
Reported-by: syzbot+d21e6e297322a900c128@syzkaller.appspotmail.com
Fixes:
|
||
|
Zha Bin
|
842bdbe83c |
vhost/vsock: fix vhost vsock cid hashing inconsistent
commit 7fbe078c37aba3088359c9256c1a1d0c3e39ee81 upstream.
The vsock core only supports 32bit CID, but the Virtio-vsock spec define
CID (dst_cid and src_cid) as u64 and the upper 32bits is reserved as
zero. This inconsistency causes one bug in vhost vsock driver. The
scenarios is:
0. A hash table (vhost_vsock_hash) is used to map an CID to a vsock
object. And hash_min() is used to compute the hash key. hash_min() is
defined as:
(sizeof(val) <= 4 ? hash_32(val, bits) : hash_long(val, bits)).
That means the hash algorithm has dependency on the size of macro
argument 'val'.
0. In function vhost_vsock_set_cid(), a 64bit CID is passed to
hash_min() to compute the hash key when inserting a vsock object into
the hash table.
0. In function vhost_vsock_get(), a 32bit CID is passed to hash_min()
to compute the hash key when looking up a vsock for an CID.
Because the different size of the CID, hash_min() returns different hash
key, thus fails to look up the vsock object for an CID.
To fix this bug, we keep CID as u64 in the IOCTLs and virtio message
headers, but explicitly convert u64 to u32 when deal with the hash table
and vsock core.
Fixes: 834e772c8db0 ("vhost/vsock: fix use-after-free in network stack callers")
Link: https://github.com/stefanha/virtio/blob/vsock/trunk/content.tex
Signed-off-by: Zha Bin <zhabin@linux.alibaba.com>
Reviewed-by: Liu Jiang <gerry@linux.alibaba.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Shengjing Zhu <i@zhsj.me>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
||
|
Pavel Tikhomirov
|
5604fdcfcf |
vhost: return EINVAL if iovecs size does not match the message size
[ Upstream commit 74ad7419489ddade8044e3c9ab064ad656520306 ]
We've failed to copy and process vhost_iotlb_msg so let userspace at
least know about it. For instance before these patch the code below runs
without any error:
int main()
{
struct vhost_msg msg;
struct iovec iov;
int fd;
fd = open("/dev/vhost-net", O_RDWR);
if (fd == -1) {
perror("open");
return 1;
}
iov.iov_base = &msg;
iov.iov_len = sizeof(msg)-4;
if (writev(fd, &iov,1) == -1) {
perror("writev");
return 1;
}
return 0;
}
Signed-off-by: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
|